[RFC PATCH v1 0/4] keys: introduce key_extract_material helper

Ahmad Fatoum a.fatoum at pengutronix.de
Fri Aug 6 10:53:45 UTC 2021


Hello everyone,

On 22.07.21 11:17, Ahmad Fatoum wrote:
> While keys of differing type have a common struct key definition, there is
> no common scheme to the payload and key material extraction differs.
> 
> For kernel functionality that supports different key types,
> this means duplicated code for key material extraction and because key type
> is discriminated by a pointer to a global, users need to replicate
> reachability checks as well, so builtin code doesn't depend on a key
> type symbol offered by a module.
> 
> Make this easier by adding a common helper with initial support for
> user, logon, encrypted and trusted keys.
> 
> This series contains two example of its use: dm-crypt uses it to reduce
> boilerplate and ubifs authentication uses it to gain support for trusted
> and encrypted keys alongside the already supported logon keys.
> 
> Looking forward to your feedback,

@Mike, Aliasdair: Do you think of key_extract_material as an improvement?

Does someone share the opinion that the helper is useful or should I drop
it and just send out the ubifs auth patch seperately?

Cheers,
Ahmad

> Ahmad
> 
> ---
> To: David Howells <dhowells at redhat.com>
> To: Jarkko Sakkinen <jarkko at kernel.org>
> To: James Morris <jmorris at namei.org>
> To: "Serge E. Hallyn" <serge at hallyn.com>
> To: Alasdair Kergon <agk at redhat.com>
> To: Mike Snitzer <snitzer at redhat.com>
> To: dm-devel at redhat.com
> To: Song Liu <song at kernel.org>
> To: Richard Weinberger <richard at nod.at>
> Cc: linux-kernel at vger.kernel.org
> Cc: linux-raid at vger.kernel.org
> Cc: linux-integrity at vger.kernel.org
> Cc: keyrings at vger.kernel.org
> Cc: linux-mtd at lists.infradead.org
> Cc: linux-security-module at vger.kernel.org
> 
> Ahmad Fatoum (4):
>   keys: introduce key_extract_material helper
>   dm: crypt: use new key_extract_material helper
>   ubifs: auth: remove never hit key type error check
>   ubifs: auth: consult encrypted and trusted keys if no logon key was found
> 
>  Documentation/filesystems/ubifs.rst |  2 +-
>  drivers/md/dm-crypt.c               | 65 ++++--------------------------
>  fs/ubifs/auth.c                     | 25 +++++-------
>  include/linux/key.h                 | 45 +++++++++++++++++++++-
>  security/keys/key.c                 | 40 ++++++++++++++++++-
>  5 files changed, 107 insertions(+), 70 deletions(-)
> 
> base-commit: 2734d6c1b1a089fb593ef6a23d4b70903526fe0c
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the Linux-security-module-archive mailing list