From: Ondrej Mosnacek <omosnace@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, keyrings@vger.kernel.org,
David Howells <dhowells@redhat.com>,
Stephan Mueller <smueller@chronox.de>,
Milan Broz <gmazyland@gmail.com>,
Ondrej Kozina <okozina@redhat.com>,
Daniel Zatovic <dzatovic@redhat.com>
Subject: Re: [PATCH] crypto: af_alg - implement keyring support
Date: Thu, 30 May 2019 13:35:06 +0200 [thread overview]
Message-ID: <CAFqZXNt0NP090oKtF3Zsq4bvvZ7peH8YNBa-9hiqk_AAXgc0kQ@mail.gmail.com> (raw)
In-Reply-To: <20190530071400.jpadh2fjjaqzyw6m@gondor.apana.org.au>
On Thu, May 30, 2019 at 10:12 AM Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Tue, May 21, 2019 at 12:00:34PM +0200, Ondrej Mosnacek wrote:
> >
> > @@ -256,6 +362,48 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
> > goto unlock;
> >
> > err = alg_setkey(sk, optval, optlen);
> > +#ifdef CONFIG_KEYS
> > + break;
> > + case ALG_SET_KEY_KEYRING_LOGON:
> > + if (sock->state == SS_CONNECTED)
> > + goto unlock;
> > + if (!type->setkey)
> > + goto unlock;
> > +
> > + err = alg_setkey_keyring(sk, &alg_keyring_type_logon,
> > + optval, optlen);
> > + break;
> > + case ALG_SET_KEY_KEYRING_USER:
> > + if (sock->state == SS_CONNECTED)
> > + goto unlock;
> > + if (!type->setkey)
> > + goto unlock;
> > +
> > + err = alg_setkey_keyring(sk, &alg_keyring_type_user,
> > + optval, optlen);
> > +#if IS_REACHABLE(CONFIG_TRUSTED_KEYS)
> > + break;
> > + case ALG_SET_KEY_KEYRING_TRUSTED:
> > + if (sock->state == SS_CONNECTED)
> > + goto unlock;
> > + if (!type->setkey)
> > + goto unlock;
> > +
> > + err = alg_setkey_keyring(sk, &alg_keyring_type_trusted,
> > + optval, optlen);
> > +#endif
> > +#if IS_REACHABLE(CONFIG_ENCRYPTED_KEYS)
> > + break;
> > + case ALG_SET_KEY_KEYRING_ENCRYPTED:
> > + if (sock->state == SS_CONNECTED)
> > + goto unlock;
> > + if (!type->setkey)
> > + goto unlock;
> > +
> > + err = alg_setkey_keyring(sk, &alg_keyring_type_encrypted,
> > + optval, optlen);
> > +#endif
> > +#endif /* CONFIG_KEYS */
> > break;
>
> What's with the funky placement of "break" outside of the ifdefs?
I swear that checkpatch.pl was complaining when I did it the normal
way, but now I tried it again and it isn't complaining anymore...
Perhaps in the meantime I rebased onto a more recent tree where this
checkpatch.pl quirk has been fixed... I'll remove the funk in future
revisions.
>
> > diff --git a/include/uapi/linux/if_alg.h b/include/uapi/linux/if_alg.h
> > index bc2bcdec377b..f2d777901f00 100644
> > --- a/include/uapi/linux/if_alg.h
> > +++ b/include/uapi/linux/if_alg.h
> > @@ -35,6 +35,13 @@ struct af_alg_iv {
> > #define ALG_SET_OP 3
> > #define ALG_SET_AEAD_ASSOCLEN 4
> > #define ALG_SET_AEAD_AUTHSIZE 5
> > +#define ALG_SET_PUBKEY 6 /* reserved for future use */
> > +#define ALG_SET_DH_PARAMETERS 7 /* reserved for future use */
> > +#define ALG_SET_ECDH_CURVE 8 /* reserved for future use */
>
> Why do you need to reserve these values?
Because libkcapi already assumes these values [1] and has code that
uses them. Reserving will allow existing builds of libkcapi to work
correctly once the functionality actually lands in the kernel (if that
ever happens). Of course, it is libkcapi's fault to assume values for
these symbols (in released code) before they are commited in the
kernel, but it seemed easier to just add them along with this patch
rather than creating a confusing situation.
[1] https://github.com/smuellerDD/libkcapi/blob/master/lib/internal.h#L54
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
next prev parent reply other threads:[~2019-05-30 11:35 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-21 10:00 [PATCH] crypto: af_alg - implement keyring support Ondrej Mosnacek
2019-05-21 10:47 ` Marcel Holtmann
2019-05-21 11:02 ` Ondrej Mosnacek
2019-05-21 11:30 ` Ondrej Kozina
2019-05-21 19:15 ` Stephan Müller
2019-05-21 21:18 ` David Howells
2019-05-25 3:10 ` Eric Biggers
2019-05-25 7:04 ` Milan Broz
2019-05-29 13:54 ` Ondrej Mosnacek
2019-05-30 7:14 ` Herbert Xu
2019-05-30 11:35 ` Ondrej Mosnacek [this message]
2019-05-30 13:22 ` Herbert Xu
2019-05-30 7:39 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFqZXNt0NP090oKtF3Zsq4bvvZ7peH8YNBa-9hiqk_AAXgc0kQ@mail.gmail.com \
--to=omosnace@redhat.com \
--cc=dhowells@redhat.com \
--cc=dzatovic@redhat.com \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=okozina@redhat.com \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).