From: Mimi Zohar <zohar@linux.ibm.com>
To: Dave Jiang <dave.jiang@intel.com>,
Dan Williams <dan.j.williams@intel.com>
Cc: keyrings@vger.kernel.org, Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-nvdimm <linux-nvdimm@lists.01.org>
Subject: Re: [PATCH 01/11] keys-encrypted: add nvdimm key format type to encrypted keys
Date: Tue, 27 Nov 2018 13:24:14 -0500 [thread overview]
Message-ID: <1543343054.3902.192.camel@linux.ibm.com> (raw)
In-Reply-To: <5c0d66c2-d628-54eb-b16e-8a6a8eb990c1@intel.com>
On Tue, 2018-11-27 at 09:20 -0700, Dave Jiang wrote:
>
> On 11/27/18 12:20 AM, Dan Williams wrote:
> > On Fri, Nov 9, 2018 at 2:13 PM Dave Jiang <dave.jiang@intel.com> wrote:
> >>
> >> Adding nvdimm key format type to encrypted keys in order to limit the size
> >
> > s/Adding/Add an/
> >
> >> of the key to 32-bytes.
> >>
> >> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> >> ---
> >> security/keys/encrypted-keys/encrypted.c | 29 ++++++++++++++++++++---------
> >> 1 file changed, 20 insertions(+), 9 deletions(-)
> >>
> >> diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
> >> index d92cbf9687c3..182b4f136bdf 100644
> >> --- a/security/keys/encrypted-keys/encrypted.c
> >> +++ b/security/keys/encrypted-keys/encrypted.c
> >> @@ -45,6 +45,7 @@ static const char hmac_alg[] = "hmac(sha256)";
> >> static const char blkcipher_alg[] = "cbc(aes)";
> >> static const char key_format_default[] = "default";
> >> static const char key_format_ecryptfs[] = "ecryptfs";
> >> +static const char key_format_nvdimm[] = "nvdimm";
> >> static unsigned int ivsize;
> >> static int blksize;
> >>
> >> @@ -54,6 +55,7 @@ static int blksize;
> >> #define HASH_SIZE SHA256_DIGEST_SIZE
> >> #define MAX_DATA_SIZE 4096
> >> #define MIN_DATA_SIZE 20
> >> +#define KEY_NVDIMM_PAYLOAD_LEN 32
> >>
> >> static struct crypto_shash *hash_tfm;
> >>
> >> @@ -62,12 +64,13 @@ enum {
> >> };
> >>
> >> enum {
> >> - Opt_error = -1, Opt_default, Opt_ecryptfs
> >> + Opt_error = -1, Opt_default, Opt_ecryptfs, Opt_nvdimm
> >> };
> >>
> >> static const match_table_t key_format_tokens = {
> >> {Opt_default, "default"},
> >> {Opt_ecryptfs, "ecryptfs"},
> >> + {Opt_nvdimm, "nvdimm"},
> >> {Opt_error, NULL}
> >> };
> >>
> >> @@ -195,6 +198,7 @@ static int datablob_parse(char *datablob, const char **format,
> >> key_format = match_token(p, key_format_tokens, args);
> >> switch (key_format) {
> >> case Opt_ecryptfs:
> >> + case Opt_nvdimm:
> >> case Opt_default:
> >> *format = p;
> >> *master_desc = strsep(&datablob, " \t");
> >> @@ -625,15 +629,22 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
> >> format_len = (!format) ? strlen(key_format_default) : strlen(format);
> >> decrypted_datalen = dlen;
> >> payload_datalen = decrypted_datalen;
> >> - if (format && !strcmp(format, key_format_ecryptfs)) {
> >> - if (dlen != ECRYPTFS_MAX_KEY_BYTES) {
> >> - pr_err("encrypted_key: keylen for the ecryptfs format "
> >> - "must be equal to %d bytes\n",
> >> - ECRYPTFS_MAX_KEY_BYTES);
> >> - return ERR_PTR(-EINVAL);
> >> + if (format) {
> >> + if (!strcmp(format, key_format_ecryptfs)) {
> >> + if (dlen != ECRYPTFS_MAX_KEY_BYTES) {
> >> + pr_err("encrypted_key: keylen for the ecryptfs format must be equal to %d bytes\n",
> >> + ECRYPTFS_MAX_KEY_BYTES);
> >> + return ERR_PTR(-EINVAL);
> >> + }
> >> + decrypted_datalen = ECRYPTFS_MAX_KEY_BYTES;
> >> + payload_datalen = sizeof(struct ecryptfs_auth_tok);
> >> + } else if (!strcmp(format, key_format_nvdimm)) {
> >> + if (decrypted_datalen != KEY_NVDIMM_PAYLOAD_LEN) {
> >> + pr_err("encrypted_key: nvdimm key payload incorrect length: %d\n",
> >> + decrypted_datalen);
> >> + return ERR_PTR(-EINVAL);
> >> + }
> >
> > I suspect this may not be the last key type that gets added, but I
> > wonder if we should instead create key-types based on the dlen size.
> > I.e. create a generic 32-byte key-type "enc32"? That way if another
> > 32-byte requirement key comes along we don't need to come touch this
> > routine again.
> >
>
> I'm ok with that if Mimi is.
If the usage (eg. format: ecryptfs, nvdimm) limits the dlen size(s),
how will defining generic key-types help? If there are no usage size
limitations, then there would be no usage specific definition.
I must be missing something.
Mimi
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Dave Jiang <dave.jiang@intel.com>,
Dan Williams <dan.j.williams@intel.com>
Cc: keyrings@vger.kernel.org, Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-nvdimm <linux-nvdimm@lists.01.org>
Subject: Re: [PATCH 01/11] keys-encrypted: add nvdimm key format type to encrypted keys
Date: Tue, 27 Nov 2018 18:24:14 +0000 [thread overview]
Message-ID: <1543343054.3902.192.camel@linux.ibm.com> (raw)
In-Reply-To: <5c0d66c2-d628-54eb-b16e-8a6a8eb990c1@intel.com>
On Tue, 2018-11-27 at 09:20 -0700, Dave Jiang wrote:
>
> On 11/27/18 12:20 AM, Dan Williams wrote:
> > On Fri, Nov 9, 2018 at 2:13 PM Dave Jiang <dave.jiang@intel.com> wrote:
> >>
> >> Adding nvdimm key format type to encrypted keys in order to limit the size
> >
> > s/Adding/Add an/
> >
> >> of the key to 32-bytes.
> >>
> >> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> >> ---
> >> security/keys/encrypted-keys/encrypted.c | 29 ++++++++++++++++++++---------
> >> 1 file changed, 20 insertions(+), 9 deletions(-)
> >>
> >> diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
> >> index d92cbf9687c3..182b4f136bdf 100644
> >> --- a/security/keys/encrypted-keys/encrypted.c
> >> +++ b/security/keys/encrypted-keys/encrypted.c
> >> @@ -45,6 +45,7 @@ static const char hmac_alg[] = "hmac(sha256)";
> >> static const char blkcipher_alg[] = "cbc(aes)";
> >> static const char key_format_default[] = "default";
> >> static const char key_format_ecryptfs[] = "ecryptfs";
> >> +static const char key_format_nvdimm[] = "nvdimm";
> >> static unsigned int ivsize;
> >> static int blksize;
> >>
> >> @@ -54,6 +55,7 @@ static int blksize;
> >> #define HASH_SIZE SHA256_DIGEST_SIZE
> >> #define MAX_DATA_SIZE 4096
> >> #define MIN_DATA_SIZE 20
> >> +#define KEY_NVDIMM_PAYLOAD_LEN 32
> >>
> >> static struct crypto_shash *hash_tfm;
> >>
> >> @@ -62,12 +64,13 @@ enum {
> >> };
> >>
> >> enum {
> >> - Opt_error = -1, Opt_default, Opt_ecryptfs
> >> + Opt_error = -1, Opt_default, Opt_ecryptfs, Opt_nvdimm
> >> };
> >>
> >> static const match_table_t key_format_tokens = {
> >> {Opt_default, "default"},
> >> {Opt_ecryptfs, "ecryptfs"},
> >> + {Opt_nvdimm, "nvdimm"},
> >> {Opt_error, NULL}
> >> };
> >>
> >> @@ -195,6 +198,7 @@ static int datablob_parse(char *datablob, const char **format,
> >> key_format = match_token(p, key_format_tokens, args);
> >> switch (key_format) {
> >> case Opt_ecryptfs:
> >> + case Opt_nvdimm:
> >> case Opt_default:
> >> *format = p;
> >> *master_desc = strsep(&datablob, " \t");
> >> @@ -625,15 +629,22 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
> >> format_len = (!format) ? strlen(key_format_default) : strlen(format);
> >> decrypted_datalen = dlen;
> >> payload_datalen = decrypted_datalen;
> >> - if (format && !strcmp(format, key_format_ecryptfs)) {
> >> - if (dlen != ECRYPTFS_MAX_KEY_BYTES) {
> >> - pr_err("encrypted_key: keylen for the ecryptfs format "
> >> - "must be equal to %d bytes\n",
> >> - ECRYPTFS_MAX_KEY_BYTES);
> >> - return ERR_PTR(-EINVAL);
> >> + if (format) {
> >> + if (!strcmp(format, key_format_ecryptfs)) {
> >> + if (dlen != ECRYPTFS_MAX_KEY_BYTES) {
> >> + pr_err("encrypted_key: keylen for the ecryptfs format must be equal to %d bytes\n",
> >> + ECRYPTFS_MAX_KEY_BYTES);
> >> + return ERR_PTR(-EINVAL);
> >> + }
> >> + decrypted_datalen = ECRYPTFS_MAX_KEY_BYTES;
> >> + payload_datalen = sizeof(struct ecryptfs_auth_tok);
> >> + } else if (!strcmp(format, key_format_nvdimm)) {
> >> + if (decrypted_datalen != KEY_NVDIMM_PAYLOAD_LEN) {
> >> + pr_err("encrypted_key: nvdimm key payload incorrect length: %d\n",
> >> + decrypted_datalen);
> >> + return ERR_PTR(-EINVAL);
> >> + }
> >
> > I suspect this may not be the last key type that gets added, but I
> > wonder if we should instead create key-types based on the dlen size.
> > I.e. create a generic 32-byte key-type "enc32"? That way if another
> > 32-byte requirement key comes along we don't need to come touch this
> > routine again.
> >
>
> I'm ok with that if Mimi is.
If the usage (eg. format: ecryptfs, nvdimm) limits the dlen size(s),
how will defining generic key-types help?  If there are no usage size
limitations, then there would be no usage specific definition.
I must be missing something.
Mimi
next prev parent reply other threads:[~2018-11-27 18:24 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-09 22:13 [PATCH 00/11] Additional patches for nvdimm security support Dave Jiang
2018-11-09 22:13 ` [PATCH 01/11] keys-encrypted: add nvdimm key format type to encrypted keys Dave Jiang
2018-11-27 7:20 ` Dan Williams
2018-11-27 7:20 ` Dan Williams
2018-11-27 16:20 ` Dave Jiang
2018-11-27 16:20 ` Dave Jiang
2018-11-27 18:24 ` Mimi Zohar [this message]
2018-11-27 18:24 ` Mimi Zohar
2018-11-27 19:10 ` Dan Williams
2018-11-27 19:10 ` Dan Williams
2018-11-27 19:35 ` Mimi Zohar
2018-11-27 19:35 ` Mimi Zohar
2018-11-27 19:48 ` Dan Williams
2018-11-27 19:48 ` Dan Williams
2018-11-27 20:10 ` Mimi Zohar
2018-11-27 20:10 ` Mimi Zohar
2018-11-27 20:15 ` Dave Jiang
2018-11-09 22:13 ` [PATCH 02/11] libnvdimm/security: change clear text nvdimm keys " Dave Jiang
2018-11-10 1:45 ` Dan Williams
2018-11-11 17:27 ` Mimi Zohar
2018-11-11 19:20 ` Dan Williams
2018-11-11 19:20 ` Dan Williams
2018-11-11 19:20 ` Dan Williams
2018-11-11 20:09 ` Mimi Zohar
2018-11-11 20:09 ` Mimi Zohar
2018-11-11 20:09 ` Mimi Zohar
2018-11-12 15:42 ` Dave Jiang
2018-11-12 15:42 ` Dave Jiang
2018-11-12 15:42 ` Dave Jiang
2018-11-12 18:49 ` Mimi Zohar
2018-11-12 18:49 ` Mimi Zohar
2018-11-12 18:49 ` Mimi Zohar
2018-11-12 20:13 ` Dave Jiang
2018-11-12 20:13 ` Dave Jiang
2018-11-12 20:13 ` Dave Jiang
2018-11-12 15:45 ` Dave Jiang
2018-11-12 19:04 ` Mimi Zohar
2018-11-09 22:14 ` [PATCH 03/11] libnvdimm/security: add override module param for key self verification Dave Jiang
2018-11-09 22:14 ` [PATCH 04/11] libnvdimm/security: introduce NDD_SECURITY_BUSY flag Dave Jiang
2018-11-09 22:14 ` [PATCH 05/11] acpi/nfit, libnvdimm/security: Add security DSM overwrite support Dave Jiang
2018-11-09 22:14 ` [PATCH 06/11] tools/testing/nvdimm: Add overwrite support for nfit_test Dave Jiang
2018-11-09 22:14 ` [PATCH 07/11] libnvdimm/security: add overwrite status notification Dave Jiang
2018-11-10 2:59 ` Elliott, Robert (Persistent Memory)
2018-11-12 20:26 ` Dave Jiang
2018-11-09 22:14 ` [PATCH 08/11] libnvdimm/security: add documentation for ovewrite Dave Jiang
2018-11-09 22:14 ` [PATCH 09/11] acpi/nfit, libnvdimm/security: add Intel DSM 1.8 master passphrase support Dave Jiang
2018-11-25 21:24 ` Dan Williams
2018-11-09 22:14 ` [PATCH 10/11] tools/testing/nvdimm: add Intel DSM 1.8 support for nfit_test Dave Jiang
2018-11-10 3:15 ` Elliott, Robert (Persistent Memory)
2018-11-12 20:27 ` Dave Jiang
2018-11-09 22:14 ` [PATCH 11/11] acpi/nfit: prevent indiscriminate DSM payload dumping for security DSMs Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1543343054.3902.192.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.