| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Allow "keyctl supports" to be given a "--raw" flag to request a hexdump of
the data retrieved.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
| |
Add missing ns_keyring_name and ns_key_tag capability tags to "keyctl
supports".
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Test all possible type, description and payload lengths to add_key() to
make sure that the kernel doesn't crash when handling them.
The bulk of this test is implemented in C in the keyctl command so that it
completes in a reasonable amount of time (testing over a million different
sizes of payload from shell script is just too slow).
Signed-off-by: David Howells <dhowells@redhat.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
| |
Provide the ability to query the capabilities of the keyrings subsystem.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
| |
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
keyctl's help message suggests that including a key=value style list
of arguments is optional for the pkey_* operations, and for pkey_query
and pkey_verify it indeed seems to be optional, but the other three
operations require that at least one key=value pair be passed in.
This patch changes the logic to make key=value lists optional for
all pkey_* operations.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, running 'keyctl pkey_query' (or pkey_{encrypt,decrypt,sign},
due to those using pkey_query internally) will always return:
keyctl_pkey_query: Invalid argument
This is because we invoke KEYCTL_PKEY_QUERY as:
return keyctl(KEYCTL_PKEY_QUERY, key_id, info, result);
While the kernel code (security/keys/keyctl.c) does this:
[...]
case KEYCTL_PKEY_QUERY:
if (arg3 != 0)
return -EINVAL;
return keyctl_pkey_query((key_serial_t)arg2,
(const char __user *)arg4,
(struct keyctl_pkey_query __user *)arg5);
[...]
In other words, there is supposed to be an argument between 'key_id'
and 'info' (presumably for the (currently unsupported) key password
field?) which is supposed to be NULL. Adding a NULL argument seems to
make things happy.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
keyctl's pkey_* operations each have an argument that allows specifying
a key password, but since that feature isn't currently supported, it
is supposed to always be passed in as "0":
if (strcmp(argv[2], "0") != 0) {
fprintf(stderr, "Password passing is not yet supported\n");
exit(2);
}
However, act_keyctl_pkey_query() has an off-by-one that makes it
start parsing key=value style option pairs at the password argument,
which causes the following error if the password argument is not in
key=value format:
$ keyctl pkey_query 541826697 0
Option not in key=val form
$
And this error if the password argument is in key=value format:
$ keyctl pkey_query 541826697 a=b
Password passing is not yet supported
$
This patch fixes act_keyctl_pkey_query() to start parsing key=value
pairs from the right place in its argument list, which gets it a
little further.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
| |
This fixes man(1) and mandb(8) complaining that keyctl_pkey_verify.3.gz
is self referencing.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
| |
This fixes an endless manual recursion in the "see also" section
of keyctl_pkey_sign(3).
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
| |
The testsuite now requires lsb_release, so we need to make sure we require
the package that supplies it when inside the RH test farm.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
| |
RHEL-8 doesn't enable the DH/KDF code, so disable the tests on all RHEL
distributions for now.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
| |
Handle %{?distprefix} cropping up in the release string used to generate
the src.rpm name.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dump_key_tree_aux() (part of 'keyctl show') was racy: it allocated a
buffer for the keyring contents, then read the keyring. But it's
possible that keys are added to the keyring concurrently. This is
problematic for two reasons. First, when keyctl_read() is passed a
buffer that is too small, it is unspecified whether it is filled or not.
Second, even if the buffer is filled, some keys (not necessarily even
the newest ones) would be omitted from the listing.
Switch to keyctl_read_alloc() which handles the "buffer too small" case
correctly by retrying the read.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When keyctl_read() is passed a buffer that is too small, the behavior is
inconsistent. Some key types will fill as much of the buffer as
possible, while others won't copy anything. Moreover, the in-kernel
documentation contradicted the man page on this point.
Update the man page to say that this point is unspecified.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
| |
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is needed so that other projects can add a dependency on libkeyutils
via PKG_CHECK_MODULES([KEYUTILS], [libkeyutils]). This enabling makes
'make install' do the right thing, and of course individual distros will
need to add enabling to their associated packages (rpm, deb, etc.) so the
package manager installs do the right thing.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
| |
Add manual pages for the asymmetric key type and its specialised keyctl
operations.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add encryption, decryption, signature creation and signature verification
public key operations. Example usage:
j=`openssl pkcs8 -in ~/pkcs7/firmwarekey2.priv -topk8 -nocrypt -outform DER | \
keyctl padd asymmetric foo @s`
echo -n abcdefghijklmnopqrst >/tmp/data
keyctl pkey_encrypt $j 0 /tmp/data enc=pkcs1 >/tmp/enc
keyctl pkey_decrypt $j 0 /tmp/enc enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
keyctl pkey_sign $j 0 /tmp/data enc=pkcs1 hash=sha1 >/tmp/sig
keyctl pkey_verify $j 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-and-tested-by: Denis Kenzior <denkenz@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
| |
The kernel does not have a set of known hashnames available. Instead,
/proc/crypto contains the information for the running system.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the dependency on MIT Kerberos as not everyone has it available.
With the "use best match" change to /sbin/request-key, the kafs-client
package can install a more specific handler for dns_resolver afsdb:*
requests in front of the default one.
This means that the dns resolver program only needs to look up DNS records
and can ignore any static kafs configuration.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an upcall happens currently, either a file by the name
"/etc/request-key.d/<type>.conf" is scanned or the default file
"/etc/request-key.conf" is scanned and then the first match (including
wildcards) is selected.
Change this to read all the files in the conf directory and then read the
default file. The best rule is then chosen and executed.
"Best" is defined as the rule with the least number of characters that are
skipped by matching a wildcard (e.g. string "foo:bar" matches pattern
"foo:*" with the number of characters being skipped being 3).
Further, the operation, type, description and callout_info columns are
matched individually and in order, so that a skip of 1 in the operation
column, say, is less preferable than an exact match there and a skip of 2
in the type column.
For example, take:
create dns_resolver afsdb:* * /sbin/key.afsdb %k
create dns_resolver afsdb:* hello* /sbin/key.xxxx %k
if both lines match, the second one will be picked, but, on the other hand,
with:
create dns_resolver afsdb:* * /sbin/key.afsdb %k
creat* dns_resolver afsdb:* hello* /sbin/key.xxxx %k
the first will be picked.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dave Jiang <dave.jiang@intel.com>
|
| |
|
|
|
|
|
|
|
| |
Allow "-x" to be passed on the command line to the request-key program to
suppress side effects and target execution. This makes it easier to debug
the program and its configuration by allowing it to be driven from the
command line.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port cleanups from Fedora:
Igor Gnatenko <ignatenkobrain@fedoraproject.org>
- Switching to %ldconfig_scriptlets
- Fixing the licence directory specs
- Removing unneeded %defattr specs
- Escaping macros in changelogs
- Remove buildroot definition and deletion
Peter Robinson <pbrobinson@gmail.com>
- Add explicit gcc requirement
- Remove Group specs
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
cc: Peter Robinson <pbrobinson@gmail.com>
|
| |
|
|
|
|
| |
Add a missing backslash into a regular expression in the toolbox.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
With selinux disabled the test currently fails trying to setenforce, it
should be skipped instead. Found while trying to run in a container
where selinux always appears disabled.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Diffie-Hellman results used as input to a KDF algorithm can have leading
zero bytes, and the current kernel DH implementation truncates leading
zero bytes. This test confirms that the KDF code correctly handles DH
results with leading zeros.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dh_compute code now allows the following options:
- no KDF support / output of raw DH shared secret:
dh_compute <private> <prime> <base>
- KDF support without "other information" string:
dh_compute_kdf <private> <prime> <base> <output length> <hash_type>
- KDF support with "other information string:
dh_compute_kdf_oi <private> <prime> <base> <output length> <hash_type>
where the OI string is provided on STDIN.
The test to verify the code is based on a test vector used for the CAVS
testing of SP800-56A.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Created a new manual page for the new keyctl_restrict_keyring function and
added 'keyctl restrict_keyring' information for the keyctl command line
utility.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
| |
Test keyring restrict options using keyctl_restrict()
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
| |
New symbols go into the libkeyutils.so.1.7 API.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
| |
Fix the handling of licence files in the specfile.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
| |
Pass global ldflags into build so that hardening works.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
git://git.kernel.org/pub/scm/linux/kernel/git/mtk/keyutils into next
"Here are some more man page layout fixes.
The biggest change is reformatting or keyctl(1) so that it's
prettier and more readable."
Signed-off-by: David Howells <dhowells@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
I introduced this problem with an earlier commit. Sorry!
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Use real minus signs in places where they should be used
(e..g, shell command and shell output).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
This make s the source much easier to read.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
