[PATCH 4/5] Audit type-independent events

Signed-off-by: Miloslav Trmač --- crypto/af_alg.c | 30 ++ 1 files changed, 30 insertions(+), 0 deletions(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 490ae43..fc1b0f7 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -14,6 +14,7 @@ #include #in

[PATCH 5/5] Audit type-specific crypto operations

Signed-off-by: Miloslav Trmač --- crypto/af_alg.c | 14 ++ crypto/algif_hash.c | 27 +++ crypto/algif_skcipher.c | 20 ++-- include/crypto/if_alg.h |6 ++ 4 files changed, 61 insertions(+), 6 deletions(-) diff --git a

[PATCH 2/5] Add unique IDs to AF_ALG sockets

Ideally we should be able to use i_ino of the inode associated with the socket, but i_ino can have duplicate values if the static counter inside new_inode() wraps around. Signed-off-by: Miloslav Trmač --- crypto/af_alg.c | 66 +- crypto/algif

[PATCH 3/5] Add "alg_name" operation to af_alg_type.

Signed-off-by: Miloslav Trmač --- crypto/algif_hash.c |6 ++ crypto/algif_skcipher.c |6 ++ include/crypto/if_alg.h |1 + 3 files changed, 13 insertions(+), 0 deletions(-) diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c index f08a42c..3a61e9d 100644 --- a/crypto/a

[PATCH 0/5] RFC v2: AF_ALG auditing

Hello, these patches add support for auditing uses of the AF_ALG protocol family developed by Herbert Xu to provide user-space access to kernel crypto accelerators. One new record is defined: AUDIT_CRYPTO_USERSPACE_OP. An audited event is always caused by a syscall, and all other syscall-related

[PATCH 1/5] Add general crypto auditing infrastructure

Collect audited crypto operations in a list, because a single _exit() can cause several AF_ALG sockets to be closed, and each needs to be audited. Add the AUDIT_CRYPTO_OP field so that crypto operations are not audited by default, but auditing can be enabled using a rule (probably "-F crypto_op!=0

Re: [PATCH v1.5 3/5] key: add tpm_send command

On Wed, 2010-11-24 at 08:59 -0600, Serge Hallyn wrote: > Quoting David Safford (saff...@watson.ibm.com): > > On Tue, 2010-11-23 at 20:32 -0600, Serge Hallyn wrote: > > > Quoting Mimi Zohar (zo...@linux.vnet.ibm.com): > > > > Add internal kernel tpm_send() command used to seal/unseal keys. > > ...

[PATCH v1.5 5/5] keys: add new key-type encrypted

Sorry for the multiple postings, misconfigured mailer bounced patch 5. Resending ... Define a new kernel key-type called 'encrypted'. Encrypted keys are kernel generated random numbers, which are encrypted/decrypted with a 'trusted' symmetric key. Encrypted keys are created/encrypted/decrypted in

Re: [PATCH v1.5 3/5] key: add tpm_send command

Quoting David Safford (saff...@watson.ibm.com): > On Tue, 2010-11-23 at 20:32 -0600, Serge Hallyn wrote: > > Quoting Mimi Zohar (zo...@linux.vnet.ibm.com): > > > Add internal kernel tpm_send() command used to seal/unseal keys. > ... > > > +int tpm_send(u32 chip_num, void *cmd, size_t buflen) > >

Re: [PATCH v1.5 3/5] key: add tpm_send command

On Tue, 2010-11-23 at 20:32 -0600, Serge Hallyn wrote: > Quoting Mimi Zohar (zo...@linux.vnet.ibm.com): > > Add internal kernel tpm_send() command used to seal/unseal keys. ... > > +int tpm_send(u32 chip_num, void *cmd, size_t buflen) > > Hate to nit-pick, but any particular reason you're not fol