On Tue, Nov 17, 2020 at 05:47:23PM +0100, Antony Antony wrote: > redact XFRM SA secret in the netlink response to xfrm_get_sa() > or dumpall sa. > Enable lockdown, confidentiality mode, at boot or at run time. > > e.g. when enabled: > cat /sys/kernel/security/lockdown > none integrity [confidentiality] > > ip xfrm state > src 172.16.1.200 dst 172.16.1.100 > proto esp spi 0x00000002 reqid 2 mode tunnel > replay-window 0 > aead rfc4106(gcm(aes)) 0x0000000000000000000000000000000000000000 96 > > note: the aead secret is redacted. > Redacting secret is also a FIPS 140-2 requirement. > > v1->v2 > - add size checks before memset calls > v2->v3 > - replace spaces with tabs for consistency > v3->v4 > - use kernel lockdown instead of a /proc setting > v4->v5 > - remove kconfig option > > Reviewed-by: Stephan Mueller <smuel...@chronox.de> > Signed-off-by: Antony Antony <antony.ant...@secunet.com> > --- > include/linux/security.h | 1 + > net/xfrm/xfrm_user.c | 74 ++++++++++++++++++++++++++++++++++++---- > security/security.c | 1 + > 3 files changed, 69 insertions(+), 7 deletions(-)
I'm ok with this and I plan to apply it to ipsec-next if I do not see objections from the LSM people.
