diff options
| author | Yael Tzur <[email protected]> | 2022-02-15 09:19:53 -0500 |
|---|---|---|
| committer | Mimi Zohar <[email protected]> | 2022-02-21 19:47:45 -0500 |
| commit | cd3bc044af483422cc81a93f23c78c20c978b17c (patch) | |
| tree | 62b081ee07f758e6395d04416c874cd4c5fd9fab /tools/testing/selftests/bpf/progs/test_prog_array_init.c | |
| parent | 8c54135e2e6da677291012813a26a5f1b2c8a90a (diff) | |
KEYS: encrypted: Instantiate key with user-provided decrypted data
For availability and performance reasons master keys often need to be
released outside of a Key Management Service (KMS) to clients. It
would be beneficial to provide a mechanism where the
wrapping/unwrapping of data encryption keys (DEKs) is not dependent
on a remote call at runtime yet security is not (or only minimally)
compromised. Master keys could be securely stored in the Kernel and
be used to wrap/unwrap keys from Userspace.
The encrypted.c class supports instantiation of encrypted keys with
either an already-encrypted key material, or by generating new key
material based on random numbers. This patch defines a new datablob
format: [<format>] <master-key name> <decrypted data length>
<decrypted data> that allows to inject and encrypt user-provided
decrypted data. The decrypted data must be hex-ascii encoded.
Signed-off-by: Yael Tzur <[email protected]>
Reviewed-by: Mimi Zohar <[email protected]>
Reviewed-by: Sumit Garg <[email protected]>
Reviewed-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>
Diffstat (limited to 'tools/testing/selftests/bpf/progs/test_prog_array_init.c')
0 files changed, 0 insertions, 0 deletions