From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@redhat.com>,
dm-devel@redhat.com, Song Liu <song@kernel.org>,
Richard Weinberger <richard@nod.at>
Cc: kernel@pengutronix.de, Ahmad Fatoum <a.fatoum@pengutronix.de>,
linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org,
keyrings@vger.kernel.org, linux-mtd@lists.infradead.org,
linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org
Subject: [RFC PATCH v1 2/4] dm: crypt: use new key_extract_material helper
Date: Thu, 22 Jul 2021 11:18:00 +0200 [thread overview]
Message-ID: <7ac4a9ae0a3c2dfdf41611f3fe78fe63a6e57b94.1626945419.git-series.a.fatoum@pengutronix.de> (raw)
In-Reply-To: <cover.b2fdd70b830d12853b12a12e32ceb0c8162c1346.1626945419.git-series.a.fatoum@pengutronix.de>
There is a common function now to extract key material out of a few
different key types, which includes all types currently supported by
dm-crypt. Make use of it.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
To: David Howells <dhowells@redhat.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
To: James Morris <jmorris@namei.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
To: Alasdair Kergon <agk@redhat.com>
To: Mike Snitzer <snitzer@redhat.com>
To: dm-devel@redhat.com
To: Song Liu <song@kernel.org>
To: Richard Weinberger <richard@nod.at>
Cc: linux-kernel@vger.kernel.org
Cc: linux-raid@vger.kernel.org
Cc: keyrings@vger.kernel.org
Cc: linux-mtd@lists.infradead.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
---
drivers/md/dm-crypt.c | 65 ++++++--------------------------------------
1 file changed, 9 insertions(+), 56 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 50f4cbd600d5..576d6b7ce231 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2421,61 +2421,14 @@ static bool contains_whitespace(const char *str)
return false;
}
-static int set_key_user(struct crypt_config *cc, struct key *key)
-{
- const struct user_key_payload *ukp;
-
- ukp = user_key_payload_locked(key);
- if (!ukp)
- return -EKEYREVOKED;
-
- if (cc->key_size != ukp->datalen)
- return -EINVAL;
-
- memcpy(cc->key, ukp->data, cc->key_size);
-
- return 0;
-}
-
-static int set_key_encrypted(struct crypt_config *cc, struct key *key)
-{
- const struct encrypted_key_payload *ekp;
-
- ekp = key->payload.data[0];
- if (!ekp)
- return -EKEYREVOKED;
-
- if (cc->key_size != ekp->decrypted_datalen)
- return -EINVAL;
-
- memcpy(cc->key, ekp->decrypted_data, cc->key_size);
-
- return 0;
-}
-
-static int set_key_trusted(struct crypt_config *cc, struct key *key)
-{
- const struct trusted_key_payload *tkp;
-
- tkp = key->payload.data[0];
- if (!tkp)
- return -EKEYREVOKED;
-
- if (cc->key_size != tkp->key_len)
- return -EINVAL;
-
- memcpy(cc->key, tkp->key, cc->key_size);
-
- return 0;
-}
-
static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)
{
char *new_key_string, *key_desc;
int ret;
+ unsigned int len;
struct key_type *type;
struct key *key;
- int (*set_key)(struct crypt_config *cc, struct key *key);
+ const void *key_material;
/*
* Reject key_string with whitespace. dm core currently lacks code for
@@ -2493,18 +2446,14 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) {
type = &key_type_logon;
- set_key = set_key_user;
} else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) {
type = &key_type_user;
- set_key = set_key_user;
} else if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS) &&
!strncmp(key_string, "encrypted:", key_desc - key_string + 1)) {
type = &key_type_encrypted;
- set_key = set_key_encrypted;
} else if (IS_ENABLED(CONFIG_TRUSTED_KEYS) &&
!strncmp(key_string, "trusted:", key_desc - key_string + 1)) {
type = &key_type_trusted;
- set_key = set_key_trusted;
} else {
return -EINVAL;
}
@@ -2521,14 +2470,18 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
down_read(&key->sem);
- ret = set_key(cc, key);
- if (ret < 0) {
+ key_material = key_extract_material(key, &len);
+ if (!IS_ERR(key_material) && len != cc->key_size)
+ key_material = ERR_PTR(-EINVAL);
+ if (IS_ERR(key_material)) {
up_read(&key->sem);
key_put(key);
kfree_sensitive(new_key_string);
- return ret;
+ return PTR_ERR(key_material);
}
+ memcpy(cc->key, key_material, len);
+
up_read(&key->sem);
key_put(key);
--
git-series 0.9.1
WARNING: multiple messages have this Message-ID (diff)
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@redhat.com>,
dm-devel@redhat.com, Song Liu <song@kernel.org>,
Richard Weinberger <richard@nod.at>
Cc: kernel@pengutronix.de, Ahmad Fatoum <a.fatoum@pengutronix.de>,
linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org,
keyrings@vger.kernel.org, linux-mtd@lists.infradead.org,
linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org
Subject: [RFC PATCH v1 2/4] dm: crypt: use new key_extract_material helper
Date: Thu, 22 Jul 2021 11:18:00 +0200 [thread overview]
Message-ID: <7ac4a9ae0a3c2dfdf41611f3fe78fe63a6e57b94.1626945419.git-series.a.fatoum@pengutronix.de> (raw)
In-Reply-To: <cover.b2fdd70b830d12853b12a12e32ceb0c8162c1346.1626945419.git-series.a.fatoum@pengutronix.de>
There is a common function now to extract key material out of a few
different key types, which includes all types currently supported by
dm-crypt. Make use of it.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
To: David Howells <dhowells@redhat.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
To: James Morris <jmorris@namei.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
To: Alasdair Kergon <agk@redhat.com>
To: Mike Snitzer <snitzer@redhat.com>
To: dm-devel@redhat.com
To: Song Liu <song@kernel.org>
To: Richard Weinberger <richard@nod.at>
Cc: linux-kernel@vger.kernel.org
Cc: linux-raid@vger.kernel.org
Cc: keyrings@vger.kernel.org
Cc: linux-mtd@lists.infradead.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
---
drivers/md/dm-crypt.c | 65 ++++++--------------------------------------
1 file changed, 9 insertions(+), 56 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 50f4cbd600d5..576d6b7ce231 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2421,61 +2421,14 @@ static bool contains_whitespace(const char *str)
return false;
}
-static int set_key_user(struct crypt_config *cc, struct key *key)
-{
- const struct user_key_payload *ukp;
-
- ukp = user_key_payload_locked(key);
- if (!ukp)
- return -EKEYREVOKED;
-
- if (cc->key_size != ukp->datalen)
- return -EINVAL;
-
- memcpy(cc->key, ukp->data, cc->key_size);
-
- return 0;
-}
-
-static int set_key_encrypted(struct crypt_config *cc, struct key *key)
-{
- const struct encrypted_key_payload *ekp;
-
- ekp = key->payload.data[0];
- if (!ekp)
- return -EKEYREVOKED;
-
- if (cc->key_size != ekp->decrypted_datalen)
- return -EINVAL;
-
- memcpy(cc->key, ekp->decrypted_data, cc->key_size);
-
- return 0;
-}
-
-static int set_key_trusted(struct crypt_config *cc, struct key *key)
-{
- const struct trusted_key_payload *tkp;
-
- tkp = key->payload.data[0];
- if (!tkp)
- return -EKEYREVOKED;
-
- if (cc->key_size != tkp->key_len)
- return -EINVAL;
-
- memcpy(cc->key, tkp->key, cc->key_size);
-
- return 0;
-}
-
static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)
{
char *new_key_string, *key_desc;
int ret;
+ unsigned int len;
struct key_type *type;
struct key *key;
- int (*set_key)(struct crypt_config *cc, struct key *key);
+ const void *key_material;
/*
* Reject key_string with whitespace. dm core currently lacks code for
@@ -2493,18 +2446,14 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) {
type = &key_type_logon;
- set_key = set_key_user;
} else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) {
type = &key_type_user;
- set_key = set_key_user;
} else if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS) &&
!strncmp(key_string, "encrypted:", key_desc - key_string + 1)) {
type = &key_type_encrypted;
- set_key = set_key_encrypted;
} else if (IS_ENABLED(CONFIG_TRUSTED_KEYS) &&
!strncmp(key_string, "trusted:", key_desc - key_string + 1)) {
type = &key_type_trusted;
- set_key = set_key_trusted;
} else {
return -EINVAL;
}
@@ -2521,14 +2470,18 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
down_read(&key->sem);
- ret = set_key(cc, key);
- if (ret < 0) {
+ key_material = key_extract_material(key, &len);
+ if (!IS_ERR(key_material) && len != cc->key_size)
+ key_material = ERR_PTR(-EINVAL);
+ if (IS_ERR(key_material)) {
up_read(&key->sem);
key_put(key);
kfree_sensitive(new_key_string);
- return ret;
+ return PTR_ERR(key_material);
}
+ memcpy(cc->key, key_material, len);
+
up_read(&key->sem);
key_put(key);
--
git-series 0.9.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
WARNING: multiple messages have this Message-ID (diff)
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@redhat.com>,
dm-devel@redhat.com, Song Liu <song@kernel.org>,
Richard Weinberger <richard@nod.at>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-mtd@lists.infradead.org, kernel@pengutronix.de,
linux-integrity@vger.kernel.org
Subject: [dm-devel] [RFC PATCH v1 2/4] dm: crypt: use new key_extract_material helper
Date: Thu, 22 Jul 2021 11:18:00 +0200 [thread overview]
Message-ID: <7ac4a9ae0a3c2dfdf41611f3fe78fe63a6e57b94.1626945419.git-series.a.fatoum@pengutronix.de> (raw)
In-Reply-To: <cover.b2fdd70b830d12853b12a12e32ceb0c8162c1346.1626945419.git-series.a.fatoum@pengutronix.de>
There is a common function now to extract key material out of a few
different key types, which includes all types currently supported by
dm-crypt. Make use of it.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
To: David Howells <dhowells@redhat.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
To: James Morris <jmorris@namei.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
To: Alasdair Kergon <agk@redhat.com>
To: Mike Snitzer <snitzer@redhat.com>
To: dm-devel@redhat.com
To: Song Liu <song@kernel.org>
To: Richard Weinberger <richard@nod.at>
Cc: linux-kernel@vger.kernel.org
Cc: linux-raid@vger.kernel.org
Cc: keyrings@vger.kernel.org
Cc: linux-mtd@lists.infradead.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
---
drivers/md/dm-crypt.c | 65 ++++++--------------------------------------
1 file changed, 9 insertions(+), 56 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 50f4cbd600d5..576d6b7ce231 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2421,61 +2421,14 @@ static bool contains_whitespace(const char *str)
return false;
}
-static int set_key_user(struct crypt_config *cc, struct key *key)
-{
- const struct user_key_payload *ukp;
-
- ukp = user_key_payload_locked(key);
- if (!ukp)
- return -EKEYREVOKED;
-
- if (cc->key_size != ukp->datalen)
- return -EINVAL;
-
- memcpy(cc->key, ukp->data, cc->key_size);
-
- return 0;
-}
-
-static int set_key_encrypted(struct crypt_config *cc, struct key *key)
-{
- const struct encrypted_key_payload *ekp;
-
- ekp = key->payload.data[0];
- if (!ekp)
- return -EKEYREVOKED;
-
- if (cc->key_size != ekp->decrypted_datalen)
- return -EINVAL;
-
- memcpy(cc->key, ekp->decrypted_data, cc->key_size);
-
- return 0;
-}
-
-static int set_key_trusted(struct crypt_config *cc, struct key *key)
-{
- const struct trusted_key_payload *tkp;
-
- tkp = key->payload.data[0];
- if (!tkp)
- return -EKEYREVOKED;
-
- if (cc->key_size != tkp->key_len)
- return -EINVAL;
-
- memcpy(cc->key, tkp->key, cc->key_size);
-
- return 0;
-}
-
static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)
{
char *new_key_string, *key_desc;
int ret;
+ unsigned int len;
struct key_type *type;
struct key *key;
- int (*set_key)(struct crypt_config *cc, struct key *key);
+ const void *key_material;
/*
* Reject key_string with whitespace. dm core currently lacks code for
@@ -2493,18 +2446,14 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) {
type = &key_type_logon;
- set_key = set_key_user;
} else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) {
type = &key_type_user;
- set_key = set_key_user;
} else if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS) &&
!strncmp(key_string, "encrypted:", key_desc - key_string + 1)) {
type = &key_type_encrypted;
- set_key = set_key_encrypted;
} else if (IS_ENABLED(CONFIG_TRUSTED_KEYS) &&
!strncmp(key_string, "trusted:", key_desc - key_string + 1)) {
type = &key_type_trusted;
- set_key = set_key_trusted;
} else {
return -EINVAL;
}
@@ -2521,14 +2470,18 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
down_read(&key->sem);
- ret = set_key(cc, key);
- if (ret < 0) {
+ key_material = key_extract_material(key, &len);
+ if (!IS_ERR(key_material) && len != cc->key_size)
+ key_material = ERR_PTR(-EINVAL);
+ if (IS_ERR(key_material)) {
up_read(&key->sem);
key_put(key);
kfree_sensitive(new_key_string);
- return ret;
+ return PTR_ERR(key_material);
}
+ memcpy(cc->key, key_material, len);
+
up_read(&key->sem);
key_put(key);
--
git-series 0.9.1
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
next prev parent reply other threads:[~2021-07-22 9:18 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-22 9:17 [RFC PATCH v1 0/4] keys: introduce key_extract_material helper Ahmad Fatoum
2021-07-22 9:17 ` [dm-devel] " Ahmad Fatoum
2021-07-22 9:17 ` Ahmad Fatoum
2021-07-22 9:17 ` [RFC PATCH v1 1/4] " Ahmad Fatoum
2021-07-22 9:17 ` [dm-devel] " Ahmad Fatoum
2021-07-22 9:17 ` Ahmad Fatoum
2021-07-22 9:18 ` Ahmad Fatoum [this message]
2021-07-22 9:18 ` [dm-devel] [RFC PATCH v1 2/4] dm: crypt: use new " Ahmad Fatoum
2021-07-22 9:18 ` Ahmad Fatoum
2021-07-22 9:18 ` [RFC PATCH v1 3/4] ubifs: auth: remove never hit key type error check Ahmad Fatoum
2021-07-22 9:18 ` [dm-devel] " Ahmad Fatoum
2021-07-22 9:18 ` Ahmad Fatoum
2021-07-22 9:18 ` [RFC PATCH v1 4/4] ubifs: auth: consult encrypted and trusted keys if no logon key was found Ahmad Fatoum
2021-07-22 9:18 ` [dm-devel] " Ahmad Fatoum
2021-07-22 9:18 ` Ahmad Fatoum
2021-07-22 14:45 ` kernel test robot
2021-08-06 10:53 ` [RFC PATCH v1 0/4] keys: introduce key_extract_material helper Ahmad Fatoum
2021-08-06 10:53 ` [dm-devel] " Ahmad Fatoum
2021-08-06 10:53 ` Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7ac4a9ae0a3c2dfdf41611f3fe78fe63a6e57b94.1626945419.git-series.a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=agk@redhat.com \
--cc=dhowells@redhat.com \
--cc=dm-devel@redhat.com \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=snitzer@redhat.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.