);
+ hex_encoded_data, master_key,
master_keylen);
+
+ key_put(mkey);
return ret;
}
--
1.7.2.3
On Tuesday, September 28, 2010 08:36:33 pm Mimi Zohar wrote:
Defines a new kernel key-type called 'encrypted'. Encrypted keys are
kernel generated random numbers, which
Hi,
Looking at different examples of the same crypto call, it's unclear
whether it only returns negative error values. Some examples only test
for negative values, while others test for not 0. tcrypt.c does if
(ret). Would appreciate some clarification.
thanks,
Mimi
--
To unsubscribe from
Similar to the kgdb_hex2mem() code, hex2bin converts a string
to binary using the hex_to_bin() library call.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
include/linux/kernel.h |1 +
lib/hexdump.c | 16
2 files changed, 17 insertions(+), 0 deletions(-)
diff
Add internal kernel tpm_send() command used to seal/unseal keys.
Signed-off-by: David Safford saff...@watson.ibm.com
Reviewd-by: Mimi Zohar zo...@watson.ibm.com
Acked-by: Rajiv Andrade sra...@linux.vnet.ibm.com
---
drivers/char/tpm/tpm.c | 17 +
include/linux/tpm.h|3
.
Signed-off-by: David Safford saff...@watson.ibm.com
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
include/keys/trusted-type.h | 33 ++
security/Kconfig| 15 +
security/keys/Makefile |1 +
security/keys/trusted_defined.c | 997
until late_initcall for crypto libraries to be registered
- cleanup security/Kconfig
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: David Safford saff...@watson.ibm.com
---
include/keys/encrypted-type.h | 30 ++
security/Kconfig | 16 +
security/keys/Makefile
Nice! This patch applies cleanly to the trusted/encrypted patch set
posted today.
thanks,
Acked-by: Mimi Zohar zo...@us.ibm.com
On Thu, 2010-10-07 at 14:29 +0200, Roberto Sassu wrote:
This patch adds the UPDATE keyword for encrypted key types:
prevents updating existent keys if UPDATE
On Sat, 2010-10-09 at 09:29 +0800, Herbert Xu wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
Hi,
Looking at different examples of the same crypto call, it's unclear
whether it only returns negative error values. Some examples only test
for negative values, while others test
key provides strong guarantees
that the EVM key has not been compromised by a user level problem,
and when sealed to specific boot PCR values, protects against
boot and offline attacks. Other uses for trusted and encrypted
keys, such as for disk and file encryption are anticipated.
Mimi Zohar
Dave
On Mon, 2010-10-11 at 20:22 -0500, Serge E. Hallyn wrote:
Quoting Mimi Zohar (zo...@linux.vnet.ibm.com):
Looks fine to me, and very useful.
Acked-by: Serge E. Hallyn se...@hallyn.com
(for 1-3, haven't looked at 4 yet and won't tonight)
Thanks Serge!
+config TRUSTED_KEYS
On Tue, 2010-11-02 at 10:30 +0100, Roberto Sassu wrote:
The buffer 'derived_buf' in the function get_derived_key() must be
allocated dynamically in order to make room for an arbitrary length
master key.
Signed-off-by: Roberto Sassu roberto.sa...@polito.it
---
Similar to the kgdb_hex2mem() code, hex2bin converts a string
to binary using the hex_to_bin() library call.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge E. Hallyn se...@hallyn.com
---
include/linux/kernel.h |1 +
lib/hexdump.c | 16
2 files changed
provides strong guarantees
that the EVM key has not been compromised by a user level problem,
and when sealed to specific boot PCR values, protects against
boot and offline attacks. Other uses for trusted and encrypted
keys, such as for disk and file encryption are anticipated.
Mimi Zohar
Dave Safford
descriptions (based on Serge Hallyn's suggestion)
- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)
Signed-off-by: David Safford saff...@watson.ibm.com
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
include/keys/trusted-type.h | 32 ++
security/Kconfig| 15 +
security
Add internal kernel tpm_send() command used to seal/unseal keys.
Signed-off-by: David Safford saff...@watson.ibm.com
Reviewd-by: Mimi Zohar zo...@watson.ibm.com
Acked-by: Rajiv Andrade sra...@linux.vnet.ibm.com
Acked-by: Serge E. Hallyn se...@hallyn.com
---
drivers/char/tpm/tpm.c | 17
/fixed by Roberto Sassu)
- Increase the data size limit (requested by Roberto Sassu)
- Crypto return codes are always 0 on success and negative on failure,
remove unnecessary tests.
- Replaced kzalloc() with kmalloc()
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: David Safford saff
and file encryption are anticipated.
Mimi Zohar
David Safford
Mimi Zohar (4):
lib: hex2bin converts ascii hexadecimal string to binary
key: add tpm_send command
keys: add new trusted key-type
keys: add new key-type encrypted
drivers/char/tpm/tpm.c| 17 +
include/keys/encrypted
Similar to the kgdb_hex2mem() code, hex2bin converts a string
to binary using the hex_to_bin() library call.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge E. Hallyn se...@hallyn.com
---
include/linux/kernel.h |1 +
lib/hexdump.c | 16
2 files changed
key(reported/fixed by Roberto Sassu)
- Updated Kconfig and other descriptions (based on Serge Hallyn's suggestion)
- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)
Signed-off-by: David Safford saff...@watson.ibm.com
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
include/keys/trusted
Add internal kernel tpm_send() command used to seal/unseal keys.
Signed-off-by: David Safford saff...@watson.ibm.com
Reviewd-by: Mimi Zohar zo...@watson.ibm.com
Acked-by: Rajiv Andrade sra...@linux.vnet.ibm.com
Acked-by: Serge E. Hallyn se...@hallyn.com
---
drivers/char/tpm/tpm.c | 17
/fixed by Roberto Sassu)
- Increase the data size limit (requested by Roberto Sassu)
- Crypto return codes are always 0 on success and negative on failure,
remove unnecessary tests.
- Replaced kzalloc() with kmalloc()
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: David Safford saff
On Thu, 2010-11-11 at 19:48 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
+void hex2bin(unsigned char *mem, char *buf, int count)
I think this needs a little adjustment. I would recommend something like the
following declaration:
void hex2bin(u8 *buf
On Thu, 2010-11-11 at 19:48 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
Reviewd-by: Mimi Zohar zo...@watson.ibm.com
You've missed an 'e'.
thanks, will fix
+int tpm_send(u32 chip_num, char *cmd, int buflen)
+{
...
+ rc = transmit_cmd(chip, (struct
On Fri, 2010-11-12 at 19:45 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
Defines a new kernel key-type called 'encrypted'. Encrypted keys are
Many of the comments I made against patch #3 also apply here. Use 'Define'
rather than 'Defines' here for example
On Fri, 2010-11-12 at 21:23 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
Why do you allow the master key to be supplied by a user-defined key
rather
than requiring a trusted-key unconditionally?
This is for systems without a TPM. The logic needs to exist
On Mon, 2010-11-15 at 16:18 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
But if you're going to use a user-defined key, you really need to prefix
the description with something suitable.
Agreed. So instead of:
keyctl add encrypted name new master-key
On Tue, 2010-11-16 at 17:50 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
I actually like keyctl requiring 'trusted:' or 'user:'. Forcing the
user to indicate which type of key they want, is actually good - no
misunderstandings.
You still need to prefix
On Tue, 2010-11-16 at 17:50 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
I actually like keyctl requiring 'trusted:' or 'user:'. Forcing the
user to indicate which type of key they want, is actually good - no
misunderstandings.
You still need to prefix
, protects against boot and offline attacks. Other uses
for trusted and encrypted keys, such as for disk and file encryption are
anticipated.
Mimi Zohar
David Safford
Mimi Zohar (5):
lib: hex2bin converts ascii hexadecimal string to binary
tpm: add module_put wrapper
key: add tpm_send
Howell's comment)
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge E. Hallyn se...@hallyn.com
---
include/linux/kernel.h |1 +
lib/hexdump.c | 16
2 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/include/linux/kernel.h b/include/linux
For readability, define a tpm_chip_put() wrapper to call module_put().
Replace existing module_put() calls with the wrapper.
(Change based on trusted/encrypted patchset review by David Howells.)
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: David Safford saff...@watson.ibm.com
by Roberto Sassu)
- Updated Kconfig and other descriptions (based on Serge Hallyn's suggestion)
- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)
Signed-off-by: David Safford saff...@watson.ibm.com
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
Documentation/keys-trusted
tests.
- Replaced kzalloc() with kmalloc()
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: David Safford saff...@watson.ibm.com
Reviewed-by: Roberto Sassu roberto.sa...@polito.it
---
include/keys/encrypted-type.h | 29 ++
security/Kconfig | 16 +
security/keys
...@watson.ibm.com
Signed-off-by: Mimi Zohar zo...@watson.ibm.com
---
drivers/char/tpm/tpm.c | 16
include/linux/tpm.h|4
2 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
index 26c09f3..b737cf3 100644
--- a/drivers/char
On Tue, 2010-11-16 at 14:08 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
Am assuming you mean something like this:
keyctl add encrypted name new trusted:master-key-name keylen ring
keyctl add encrypted name new user:master-key-name keylen ring
On Fri, 2010-11-19 at 16:43 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
+static int datablob_format(char __user *buffer,
+ struct encrypted_key_payload *epayload,
+ int asciiblob_len)
size_t? There are other
Hi!
Am having problems finding any shash API documentation. Could someone
tell me if 'out' needs to be zeroed before calling crypto_shash_digest?
int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *out)
thanks,
Mimi
--
To unsubscribe
against boot and offline attacks. Other uses
for trusted and encrypted keys, such as for disk and file encryption are
anticipated.
Mimi Zohar
David Safford
Mimi Zohar (5):
lib: hex2bin converts ascii hexadecimal string to binary
tpm: add module_put wrapper
key: add tpm_send command
keys: add
For readability, define a tpm_chip_put() wrapper to call module_put().
Replace existing module_put() calls with the wrapper.
(Change based on trusted/encrypted patchset review by David Howells.)
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: David Safford saff...@watson.ibm.com
Acked
by Roberto Sassu)
- Updated Kconfig and other descriptions (based on Serge Hallyn's suggestion)
- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)
Signed-off-by: David Safford saff...@watson.ibm.com
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
Documentation/keys-trusted-encrypted.txt
Howell's comment)
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge E. Hallyn se...@hallyn.com
Acked-by: David Howells dhowe...@redhat.com
---
include/linux/kernel.h |1 +
lib/hexdump.c | 16
2 files changed, 17 insertions(+), 0 deletions(-)
diff --git
...@watson.ibm.com
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: David Howells dhowe...@redhat.com
---
drivers/char/tpm/tpm.c | 16
include/linux/tpm.h|4
2 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
index
and negative on failure,
remove unnecessary tests.
- Replaced kzalloc() with kmalloc()
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: David Safford saff...@watson.ibm.com
Reviewed-by: Roberto Sassu roberto.sa...@polito.it
---
include/keys/encrypted-type.h | 29 ++
security/Kconfig
On Fri, 2010-12-03 at 13:42 +, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
+#define KEY_TRUSTED_PREFIX trusted:
+#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)
+#define KEY_USER_PREFIX user:
+#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX
On Tue, 2011-09-13 at 17:20 +0300, Dmitry Kasatkin wrote:
Hello,
Changes to version 2.0:
- MPI patch has been split to smaller in order to go to mailing lists.
First 2 patches include only source and header files which are needed
to build ksign verification. Headers and sources are
that the keyrings are only used for the digital
signatures.
Acked-by: Mimi Zohar zo...@us.ibm.com
---
security/integrity/Kconfig | 14 +++
security/integrity/Makefile|1 +
security/integrity/digsig.c| 48
security/integrity
On Fri, 2011-12-02 at 18:42 +, David Howells wrote:
Here are a set of patches that create a framework for using cryptographic keys
within the kernel. The patches can also be found at:
type to its own directory.
Acked-by: Mimi Zohar zo...@us.ibm.com
thanks,
Mimi
---
Documentation/security/keys-crypto.txt | 181 +
include/keys/crypto-subtype.h | 56
include/keys/crypto-type.h | 25 +++
security/keys/Kconfig
On Wed, 2012-09-26 at 13:16 +0930, Rusty Russell wrote:
David Howells dhowe...@redhat.com writes:
The module signing patches provide:
- Some fixes to Rusty's patch. Also an additional patch to extend the
policy
handling for modules signed with an unknown key and to handle FIPS
On Thu, 2013-01-17 at 18:03 +, David Howells wrote:
Load all the files matching the pattern *.x509 that are to be found in
kernel
base source dir and base build dir into the module signing keyring.
Do we really want certificates cluttering up the base source tree? Any
reason not to define
On Thu, 2013-01-17 at 18:03 +, David Howells wrote:
I would also like to have a look at altering your trusted key type[*] to be a
subtype of asymmetric keys so that the asymmetric key type can cover keys from
more sources:
- Compiled-in keys.
- Keys from UEFI db.
-
On Tue, 2013-01-15 at 12:34 +0200, Dmitry Kasatkin wrote:
Asymmetric keys were introduced in linux-3.7 to verify the signature on
signed kernel modules. The asymmetric keys infrastructure abstracts the
signature verification from the crypto details. This patch adds IMA/EVM
signature
On Mon, 2013-01-28 at 13:52 -0500, Vivek Goyal wrote:
On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote:
[..]
Ok. I am hoping that it will be more than the kernel command line we
support. In the sense that for digital signatures one needs to parse
the signature, look at
On Mon, 2013-01-28 at 13:56 -0500, Vivek Goyal wrote:
On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote:
[..]
Ok. I am hoping that it will be more than the kernel command line we
support. In the sense that for digital signatures one needs to parse
the signature, look at
On Mon, 2013-01-28 at 15:13 -0500, Vivek Goyal wrote:
On Mon, Jan 28, 2013 at 02:51:34PM -0500, Mimi Zohar wrote:
On Mon, 2013-01-28 at 13:52 -0500, Vivek Goyal wrote:
On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote:
[..]
Ok. I am hoping that it will be more than
On Mon, 2013-01-28 at 15:22 -0500, Vivek Goyal wrote:
On Mon, Jan 28, 2013 at 03:15:49PM -0500, Mimi Zohar wrote:
On Mon, 2013-01-28 at 13:56 -0500, Vivek Goyal wrote:
On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote:
[..]
Ok. I am hoping that it will be more than
On Tue, 2013-01-29 at 15:10 -0500, Vivek Goyal wrote:
On Tue, Jan 29, 2013 at 03:01:13PM -0500, Mimi Zohar wrote:
[..]
Hi Mimi,
Can we add another field to ima_rule_entry, say .enforcement to control
the behavior of .action. Possible values of .enforcement could be, say
From: Dmitry Kasatkin dmitry.kasat...@gmail.com
This patch makes use of the newly defined common hash algorithm info,
replacing, for example, PKEY_HASH with HASH_ALGO.
Changelog:
- Lindent fixes - Mimi
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
Signed-off-by: Mimi Zohar zo
-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity/ima/Kconfig| 1 +
security/integrity/ima/ima.h | 7 ++---
security/integrity/ima/ima_api.c | 32 +--
security/integrity/ima/ima_appraise.c | 20 --
security/integrity/ima
for userspace signing functions.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
crypto/Kconfig | 3 +++
crypto/Makefile| 1 +
crypto/hash_info.c | 56 ++
include
algorithim, when
displaying the new larger digest sizes.
Change log:
- scripts/Lindent fixes - Mimi
- always true comparison - reported by Fengguang Wu, resolved Dmitry
Signed-off-by: Roberto Sassu roberto.sa...@polito.it
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity
CRYPTO_HASH_INFO' in 'config IMA' section (Kconfig)
(Roberto Sassu);
- removed trailing whitespaces (Roberto Sassu).
- Lindent fixes
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: Roberto Sassu roberto.sa...@polito.it
---
security/integrity/ima/Kconfig| 25
-by: Roberto Sassu roberto.sa...@polito.it
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity/ima/ima.h| 2 +-
security/integrity/ima/ima_crypto.c | 24 +---
security/integrity/ima/ima_init.c | 10 +-
3 files changed, 31 insertions(+), 5
From: Dmitry Kasatkin dmitry.kasat...@gmail.com
ima_calc_buffer_hash will be used with different hash algorithms.
This patch provides support for arbitrary hash algorithms in
ima_calc_buffer_hash.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@gmail.com
Signed-off-by: Mimi Zohar zo
From: Dmitry Kasatkin d.kasat...@samsung.com
This patch provides dedicated hash algo allocation and
deallocation function which can be used by different clients.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity/ima
, this patch dynamically
allocates the needed hash storage.
Changelog:
- fix krealloc bug
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity/iint.c | 2 ++
security/integrity/ima/ima_api.c | 57
. Also, if the template descriptor used
to generate a measurement entry is not 'ima', the whole length of field
data stored for an entry is provided before the data itself through the
binary_runtime_measurement interface.
Changelog:
- unnecessary to use strncmp() (Mimi Zohar)
- create new variable
case - Mimi
- conform to expectation for 'iint' to be defined as a pointer. - Mimi
- add missing 'file' dependency for recalculating file hash. - Mimi
Signed-off-by: Roberto Sassu roberto.sa...@polito.it
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity/ima/ima.h | 3
of a new measurement entry will be performed
by new specific functions (introduced in next patches) and the current IMA
code will not be aware anymore of how data is stored in the entry payload.
Signed-off-by: Roberto Sassu roberto.sa...@polito.it
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
.
Change log:
- hash digest definition in ima_store_template() should be TPM_DIGEST_SIZE
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
security/integrity/ima/ima.h| 2 +-
security/integrity/ima/ima_api.c| 2 +-
security/integrity/ima/ima_crypto.c | 4 ++--
security/integrity/ima/ima_fs.c
to resolve Lindent formatting changes. - Mimi
- abbreviated/removed inline comments - Mimi
Signed-off-by: Roberto Sassu roberto.sa...@polito.it
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity/ima/Makefile | 2 +-
security/integrity/ima/ima.h | 5
the 'security.ima' extended
attribute and calculates the appropriate file data hash based on it.
Changelog:
- fix scripts Lindent and checkpatch msgs - Mimi
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity
set in the kernel configuration.
Signed-off-by: Roberto Sassu roberto.sa...@polito.it
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
Documentation/kernel-parameters.txt | 5 +
security/integrity/ima/ima_template.c | 31 +++
2 files changed, 36 insertions
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
Documentation/security/00-INDEX | 2 +
Documentation/security/IMA-templates.txt | 87
security/integrity/ima/Makefile | 2 +-
security/integrity/ima/ima.h | 29
security
On Thu, 2014-06-19 at 18:20 +0300, Dmitry Kasatkin wrote:
Async hash API allows to use HW acceleration for hash calculation.
It may give significant performance gain or/and reduce power consumption,
which might be very beneficial for battery powered devices.
This patch introduces hash
On Thu, 2014-06-19 at 18:20 +0300, Dmitry Kasatkin wrote:
Asynchronous hash API allows initiate hash calculation and perform
other tasks while hash is calculated.
This patch introduces usage of double buffering for simultenous
On Mon, 2014-06-30 at 17:58 +0300, Dmitry Kasatkin wrote:
On 26/06/14 14:54, Mimi Zohar wrote:
On Thu, 2014-06-19 at 18:20 +0300, Dmitry Kasatkin wrote:
@@ -156,7 +316,7 @@ out:
return rc;
}
-int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
+static int
On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
Async hash API allows to use HW acceleration for hash calculation.
It may give significant performance gain or/and reduce power consumption,
which might be very beneficial for battery powered devices.
This patch introduces hash
On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
-/*
- * Calculate the MD5/SHA1 file digest
- */
+static struct crypto_ahash *ima_alloc_atfm(enum hash_algo algo)
+{
+ struct crypto_ahash *tfm = ima_ahash_tfm;
+ int rc;
+
+ if ((algo != ima_hash_algo algo
On Wed, 2014-07-02 at 21:20 +0300, Dmitry Kasatkin wrote:
On 2 July 2014 19:40, Mimi Zohar zo...@linux.vnet.ibm.com wrote:
On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
Async hash API allows to use HW acceleration for hash calculation.
It may give significant performance gain
On Wed, 2014-07-02 at 21:21 +0300, Dmitry Kasatkin wrote:
On 2 July 2014 20:44, Mimi Zohar zo...@linux.vnet.ibm.com wrote:
On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
-/*
- * Calculate the MD5/SHA1 file digest
- */
+static struct crypto_ahash *ima_alloc_atfm(enum
On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
Use of multiple-page collect buffers reduces:
1) the number of block IO requests
2) the number of asynchronous hash update requests
Second is important for HW accelerated hashing, because significant
amount of time is spent for
On Fri, 2014-07-04 at 15:05 +0300, Dmitry Kasatkin wrote:
Async hash API allows to use HW acceleration for hash calculation.
It may give significant performance gain or/and reduce power consumption,
which might be very beneficial for battery powered devices.
This patch introduces hash
On Mon, 2014-07-07 at 16:37 +0300, Dmitry Kasatkin wrote:
On 07/07/14 14:56, Mimi Zohar wrote:
On Fri, 2014-07-04 at 15:05 +0300, Dmitry Kasatkin wrote:
+/**
This is the kernel-doc delimiter.
+ * ima_calc_file_hash - calculae file hash
+ *
Missing kernel-doc argument
On Mon, 2014-07-07 at 19:11 +0300, Dmitry Kasatkin wrote:
On 07/07/14 18:44, Mimi Zohar wrote:
On Mon, 2014-07-07 at 16:37 +0300, Dmitry Kasatkin wrote:
On 07/07/14 14:56, Mimi Zohar wrote:
On Fri, 2014-07-04 at 15:05 +0300, Dmitry Kasatkin wrote:
+/**
This is the kernel-doc
On Wed, 2015-10-21 at 16:13 +0100, David Howells wrote:
> Here's a set of patches that changes how keys are determined to be trusted
> - currently, that's a case of whether a key has KEY_FLAG_TRUSTED set upon
> it. A keyring can then have a flag set (KEY_FLAG_TRUSTED ONLY) that
> indicates that
On Wed, 2015-10-21 at 13:21 -0400, Josh Boyer wrote:
> On Wed, Oct 21, 2015 at 1:02 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> > On Wed, 2015-10-21 at 16:13 +0100, David Howells wrote:
> >> Here's a set of patches that changes how keys are determined to be trusted
On Wed, 2015-10-21 at 14:21 -0400, Josh Boyer wrote:
> On Wed, Oct 21, 2015 at 2:11 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> > On Wed, 2015-10-21 at 13:21 -0400, Josh Boyer wrote:
> >> On Wed, Oct 21, 2015 at 1:02 PM, Mimi Zohar <zo...@linux.vnet.ibm.com>
&
On Mon, 2015-11-09 at 16:18 +0100, Steffen Trumtrar wrote:
> Hi!
>
> The RFC Patch attached after this cover letter is mostly for illustration
> purposes, so please don't waste too much time reviewing the code ;-)
>
> For context I'll try to describe the problem that this patch tries to solve.
>
On Sun, 2015-11-22 at 09:41 -0500, Mimi Zohar wrote:
> On Fri, 2015-11-20 at 11:07 +, David Howells wrote:
> >
> > (*) Add Mimi's patches to allow keys/keyrings to be marked undeletable.
> > This
> > is for the purpose of creating blacklists
On Thu, 2015-12-10 at 10:39 -0800, Tadeusz Struk wrote:
> Hi Mimi,
> On 12/10/2015 10:25 AM, Mimi Zohar wrote:
> >> This patch set converts the module verification and digital signature
> >> > code to the new akcipher API.
> >> > RSA implementation has b
On Thu, 2015-12-10 at 14:37 -0500, Mimi Zohar wrote:
> On Thu, 2015-12-10 at 10:39 -0800, Tadeusz Struk wrote:
> > Hi Mimi,
> > On 12/10/2015 10:25 AM, Mimi Zohar wrote:
> > >> This patch set converts the module verification and digital signature
> > >> >
On Sat, 2015-12-12 at 18:26 -0800, Tadeusz Struk wrote:
> Convert asymmetric_verify to akcipher api.
>
> Signed-off-by: Tadeusz Struk
> ---
> security/integrity/Kconfig |1 +
> security/integrity/digsig_asymmetric.c | 10 +++---
> 2 files changed,
On Wed, 2015-12-09 at 15:52 -0800, Tadeusz Struk wrote:
> This patch set converts the module verification and digital signature
> code to the new akcipher API.
> RSA implementation has been removed from crypto/asymmetric_keys and the
> new API is used for cryptographic primitives.
> There is no
On Fri, 2015-11-20 at 11:07 +, David Howells wrote:
> Hi Marcel, Mimi, Tadeus,
>
> I want to consider adding or doing the following bits to the keyrings
> facility, aiming for the next merge window:
>
> (*) Bring in the patches that I posted to change how the trust model on a
> keyring
Hi Herbert,
On Mon, 2016-02-08 at 13:58 +, David Howells wrote:
> Herbert Xu wrote:
>
> > > Hmmm... That means that the crypto branch and the security branch are
> > > going
> > > to conflict.
> >
> > I thought you were OK with it going in now as you said
On Wed, 2016-01-27 at 11:04 +0100, Steffen Trumtrar wrote:
> Hi!
>
> Mimi Zohar writes:
>
> > On Mon, 2015-11-09 at 16:18 +0100, Steffen Trumtrar wrote:
> >> Hi!
> >>
> >> The RFC Patch attached after this cover letter is mostly for illustration
Hi Herbert,
The initial random iv value, initialized in encrypted_init(), should
not be modified. Commit c3917fd "KEYS: Use skcipher", which replaced
the blkcipher with skcipher, modifies the iv in
crypto_skcipher_encrypt()/decrypt().
The following example creates an encrypted key, writes the
On Tue, 2016-09-20 at 20:35 +0800, Herbert Xu wrote:
> On Tue, Sep 20, 2016 at 08:11:51AM -0400, Mimi Zohar wrote:
> > Hi Herbert,
> >
> > The initial random iv value, initialized in encrypted_init(), should
> > not be modified. Commit c3917fd "KEY
On Thu, 2017-04-20 at 17:40 -0300, Thiago Jung Bauermann wrote:
> Am Donnerstag, 20. April 2017, 08:13:23 BRT schrieb Mimi Zohar:
> > On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:
> > > If the func_tokens array uses the same indices as enum ima_hooks,
> >
1 - 100 of 132 matches
Mail list logo