KEYS: Add placeholder for KDF usage with DH
The values computed during Diffie-Hellman key exchange are often used in combination with key derivation functions to create cryptographic keys. Add a placeholder for a later implementation to configure a key derivation function that will transform the Diffie-Hellman result returned by the KEYCTL_DH_COMPUTE command. [This patch was stripped down from a patch produced by Mat Martineau that had a bug in the compat code - so for the moment Stephan's patch simply requires that the placeholder argument must be NULL] Original-signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
parent
4340fa5529
commit
4693fc734d
|
@ -826,7 +826,8 @@ The keyctl syscall functions are:
|
|||
(*) Compute a Diffie-Hellman shared secret or public key
|
||||
|
||||
long keyctl(KEYCTL_DH_COMPUTE, struct keyctl_dh_params *params,
|
||||
char *buffer, size_t buflen);
|
||||
char *buffer, size_t buflen,
|
||||
void *reserved);
|
||||
|
||||
The params struct contains serial numbers for three keys:
|
||||
|
||||
|
@ -843,6 +844,8 @@ The keyctl syscall functions are:
|
|||
public key. If the base is the remote public key, the result is
|
||||
the shared secret.
|
||||
|
||||
The reserved argument must be set to NULL.
|
||||
|
||||
The buffer length must be at least the length of the prime, or zero.
|
||||
|
||||
If the buffer length is nonzero, the length of the result is
|
||||
|
|
|
@ -134,7 +134,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
|
|||
|
||||
case KEYCTL_DH_COMPUTE:
|
||||
return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3),
|
||||
arg4);
|
||||
arg4, compat_ptr(arg5));
|
||||
|
||||
default:
|
||||
return -EOPNOTSUPP;
|
||||
|
|
|
@ -78,7 +78,8 @@ static ssize_t mpi_from_key(key_serial_t keyid, size_t maxlen, MPI *mpi)
|
|||
}
|
||||
|
||||
long keyctl_dh_compute(struct keyctl_dh_params __user *params,
|
||||
char __user *buffer, size_t buflen)
|
||||
char __user *buffer, size_t buflen,
|
||||
void __user *reserved)
|
||||
{
|
||||
long ret;
|
||||
MPI base, private, prime, result;
|
||||
|
@ -97,6 +98,11 @@ long keyctl_dh_compute(struct keyctl_dh_params __user *params,
|
|||
goto out;
|
||||
}
|
||||
|
||||
if (reserved) {
|
||||
ret = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
keylen = mpi_from_key(pcopy.prime, buflen, &prime);
|
||||
if (keylen < 0 || !prime) {
|
||||
/* buflen == 0 may be used to query the required buffer size,
|
||||
|
|
|
@ -260,10 +260,11 @@ static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
|
|||
|
||||
#ifdef CONFIG_KEY_DH_OPERATIONS
|
||||
extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
|
||||
size_t);
|
||||
size_t, void __user *);
|
||||
#else
|
||||
static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params,
|
||||
char __user *buffer, size_t buflen)
|
||||
char __user *buffer, size_t buflen,
|
||||
void __user *reserved)
|
||||
{
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
|
|
|
@ -1688,8 +1688,8 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
|
|||
|
||||
case KEYCTL_DH_COMPUTE:
|
||||
return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2,
|
||||
(char __user *) arg3,
|
||||
(size_t) arg4);
|
||||
(char __user *) arg3, (size_t) arg4,
|
||||
(void __user *) arg5);
|
||||
|
||||
default:
|
||||
return -EOPNOTSUPP;
|
||||
|
|
Loading…
Reference in New Issue