Trang chủ Khám phá Trợ giúp
Đăng nhập
GfA
/
linux_kernel
5
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Browse Source

s390/pkey: Add sysfs attributes to emit protected key blobs

Add binary read-only sysfs attributes for the pkey module
that can be used to read random protected keys from.
Keys are read from these attributes using a cat-like interface.

A typical use case for those keys is to encrypt a swap device
using the paes cipher. During processing of /etc/crypttab, the
random protected key to encrypt the swap device is read from
one of the attributes.

The following attributes are added:
  protkey/aes_128
  protkey/aes_192
  protkey/aes_256
  protkey/aes_128_xts
  protkey/aes_256_xts
Each attribute emits a protected key blob for the corresponding
key size and cipher mode.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Ingo Franzki 7 năm trước cách đây
mục cha
0534bde7de
commit
d632c0478d
1 tập tin đã thay đổi với 127 bổ sung0 xóa
Split View Hiển thị tình trạng sai khác
  1. 127 0
      drivers/s390/crypto/pkey_api.c

+ 127 - 0
drivers/s390/crypto/pkey_api.c
Xem Tập Tin 

@@ -1254,6 +1254,132 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
 
 /*
 
  * Sysfs and file io operations
 
  */
 
+
 
+/*
 
+ * Sysfs attribute read function for all protected key binary attributes.
 
+ * The implementation can not deal with partial reads, because a new random
 
+ * protected key blob is generated with each read. In case of partial reads
 
+ * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
 
+ */
 
+static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
 
+					  loff_t off, size_t count)
 
+{
 
+	struct protaeskeytoken protkeytoken;
 
+	struct pkey_protkey protkey;
 
+	int rc;
 
+
 
+	if (off != 0 || count < sizeof(protkeytoken))
 
+		return -EINVAL;
 
+	if (is_xts)
 
+		if (count < 2 * sizeof(protkeytoken))
 
+			return -EINVAL;
 
+
 
+	memset(&protkeytoken, 0, sizeof(protkeytoken));
 
+	protkeytoken.type = TOKTYPE_NON_CCA;
 
+	protkeytoken.version = TOKVER_PROTECTED_KEY;
 
+	protkeytoken.keytype = keytype;
 
+
 
+	rc = pkey_genprotkey(protkeytoken.keytype, &protkey);
 
+	if (rc)
 
+		return rc;
 
+
 
+	protkeytoken.len = protkey.len;
 
+	memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
 
+
 
+	memcpy(buf, &protkeytoken, sizeof(protkeytoken));
 
+
 
+	if (is_xts) {
 
+		rc = pkey_genprotkey(protkeytoken.keytype, &protkey);
 
+		if (rc)
 
+			return rc;
 
+
 
+		protkeytoken.len = protkey.len;
 
+		memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
 
+
 
+		memcpy(buf + sizeof(protkeytoken), &protkeytoken,
 
+		       sizeof(protkeytoken));
 
+
 
+		return 2 * sizeof(protkeytoken);
 
+	}
 
+
 
+	return sizeof(protkeytoken);
 
+}
 
+
 
+static ssize_t protkey_aes_128_read(struct file *filp,
 
+				    struct kobject *kobj,
 
+				    struct bin_attribute *attr,
 
+				    char *buf, loff_t off,
 
+				    size_t count)
 
+{
 
+	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
 
+					  off, count);
 
+}
 
+
 
+static ssize_t protkey_aes_192_read(struct file *filp,
 
+				    struct kobject *kobj,
 
+				    struct bin_attribute *attr,
 
+				    char *buf, loff_t off,
 
+				    size_t count)
 
+{
 
+	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
 
+					  off, count);
 
+}
 
+
 
+static ssize_t protkey_aes_256_read(struct file *filp,
 
+				    struct kobject *kobj,
 
+				    struct bin_attribute *attr,
 
+				    char *buf, loff_t off,
 
+				    size_t count)
 
+{
 
+	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
 
+					  off, count);
 
+}
 
+
 
+static ssize_t protkey_aes_128_xts_read(struct file *filp,
 
+					struct kobject *kobj,
 
+					struct bin_attribute *attr,
 
+					char *buf, loff_t off,
 
+					size_t count)
 
+{
 
+	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
 
+					  off, count);
 
+}
 
+
 
+static ssize_t protkey_aes_256_xts_read(struct file *filp,
 
+					struct kobject *kobj,
 
+					struct bin_attribute *attr,
 
+					char *buf, loff_t off,
 
+					size_t count)
 
+{
 
+	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
 
+					  off, count);
 
+}
 
+
 
+static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
 
+static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
 
+static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
 
+static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
 
+static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
 
+
 
+static struct bin_attribute *protkey_attrs[] = {
 
+	&bin_attr_protkey_aes_128,
 
+	&bin_attr_protkey_aes_192,
 
+	&bin_attr_protkey_aes_256,
 
+	&bin_attr_protkey_aes_128_xts,
 
+	&bin_attr_protkey_aes_256_xts,
 
+	NULL
 
+};
 
+
 
+static struct attribute_group protkey_attr_group = {
 
+	.name	   = "protkey",
 
+	.bin_attrs = protkey_attrs,
 
+};
 
+
 
+static const struct attribute_group *pkey_attr_groups[] = {
 
+	&protkey_attr_group,
 
+	NULL,
 
+};
 
+
 
 static const struct file_operations pkey_fops = {
 
 	.owner		= THIS_MODULE,
 
 	.open		= nonseekable_open,
 
@@ -1266,6 +1392,7 @@ static struct miscdevice pkey_dev = {
 
 	.minor	= MISC_DYNAMIC_MINOR,
 
 	.mode	= 0666,
 
 	.fops	= &pkey_fops,
 
+	.groups = pkey_attr_groups,
 
 };
 
 
 /*