From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@redhat.com>,
dm-devel@redhat.com, Song Liu <song@kernel.org>,
Richard Weinberger <richard@nod.at>
Cc: linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-mtd@lists.infradead.org, kernel@pengutronix.de,
linux-integrity@vger.kernel.org
Subject: Re: [RFC PATCH v1 0/4] keys: introduce key_extract_material helper
Date: Fri, 6 Aug 2021 12:53:45 +0200 [thread overview]
Message-ID: <7bc58825-c6d8-5e6d-4e1c-c4375e19c10e@pengutronix.de> (raw)
In-Reply-To: <cover.b2fdd70b830d12853b12a12e32ceb0c8162c1346.1626945419.git-series.a.fatoum@pengutronix.de>
Hello everyone,
On 22.07.21 11:17, Ahmad Fatoum wrote:
> While keys of differing type have a common struct key definition, there is
> no common scheme to the payload and key material extraction differs.
>
> For kernel functionality that supports different key types,
> this means duplicated code for key material extraction and because key type
> is discriminated by a pointer to a global, users need to replicate
> reachability checks as well, so builtin code doesn't depend on a key
> type symbol offered by a module.
>
> Make this easier by adding a common helper with initial support for
> user, logon, encrypted and trusted keys.
>
> This series contains two example of its use: dm-crypt uses it to reduce
> boilerplate and ubifs authentication uses it to gain support for trusted
> and encrypted keys alongside the already supported logon keys.
>
> Looking forward to your feedback,
@Mike, Aliasdair: Do you think of key_extract_material as an improvement?
Does someone share the opinion that the helper is useful or should I drop
it and just send out the ubifs auth patch seperately?
Cheers,
Ahmad
> Ahmad
>
> ---
> To: David Howells <dhowells@redhat.com>
> To: Jarkko Sakkinen <jarkko@kernel.org>
> To: James Morris <jmorris@namei.org>
> To: "Serge E. Hallyn" <serge@hallyn.com>
> To: Alasdair Kergon <agk@redhat.com>
> To: Mike Snitzer <snitzer@redhat.com>
> To: dm-devel@redhat.com
> To: Song Liu <song@kernel.org>
> To: Richard Weinberger <richard@nod.at>
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-raid@vger.kernel.org
> Cc: linux-integrity@vger.kernel.org
> Cc: keyrings@vger.kernel.org
> Cc: linux-mtd@lists.infradead.org
> Cc: linux-security-module@vger.kernel.org
>
> Ahmad Fatoum (4):
> keys: introduce key_extract_material helper
> dm: crypt: use new key_extract_material helper
> ubifs: auth: remove never hit key type error check
> ubifs: auth: consult encrypted and trusted keys if no logon key was found
>
> Documentation/filesystems/ubifs.rst | 2 +-
> drivers/md/dm-crypt.c | 65 ++++--------------------------
> fs/ubifs/auth.c | 25 +++++-------
> include/linux/key.h | 45 +++++++++++++++++++++-
> security/keys/key.c | 40 ++++++++++++++++++-
> 5 files changed, 107 insertions(+), 70 deletions(-)
>
> base-commit: 2734d6c1b1a089fb593ef6a23d4b70903526fe0c
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2021-08-06 10:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-22 9:17 [RFC PATCH v1 0/4] keys: introduce key_extract_material helper Ahmad Fatoum
2021-07-22 9:17 ` [RFC PATCH v1 1/4] " Ahmad Fatoum
2021-07-22 9:18 ` [RFC PATCH v1 2/4] dm: crypt: use new " Ahmad Fatoum
2021-07-22 9:18 ` [RFC PATCH v1 3/4] ubifs: auth: remove never hit key type error check Ahmad Fatoum
2021-07-22 9:18 ` [RFC PATCH v1 4/4] ubifs: auth: consult encrypted and trusted keys if no logon key was found Ahmad Fatoum
2021-08-06 10:53 ` Ahmad Fatoum [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7bc58825-c6d8-5e6d-4e1c-c4375e19c10e@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=agk@redhat.com \
--cc=dhowells@redhat.com \
--cc=dm-devel@redhat.com \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=snitzer@redhat.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).