[RFC PATCH v1 0/4] keys: introduce key_extract_material helper
Ahmad Fatoum
a.fatoum at pengutronix.de
Fri Aug 6 10:53:45 UTC 2021
Hello everyone,
On 22.07.21 11:17, Ahmad Fatoum wrote:
> While keys of differing type have a common struct key definition, there is
> no common scheme to the payload and key material extraction differs.
>
> For kernel functionality that supports different key types,
> this means duplicated code for key material extraction and because key type
> is discriminated by a pointer to a global, users need to replicate
> reachability checks as well, so builtin code doesn't depend on a key
> type symbol offered by a module.
>
> Make this easier by adding a common helper with initial support for
> user, logon, encrypted and trusted keys.
>
> This series contains two example of its use: dm-crypt uses it to reduce
> boilerplate and ubifs authentication uses it to gain support for trusted
> and encrypted keys alongside the already supported logon keys.
>
> Looking forward to your feedback,
@Mike, Aliasdair: Do you think of key_extract_material as an improvement?
Does someone share the opinion that the helper is useful or should I drop
it and just send out the ubifs auth patch seperately?
Cheers,
Ahmad
> Ahmad
>
> ---
> To: David Howells <dhowells at redhat.com>
> To: Jarkko Sakkinen <jarkko at kernel.org>
> To: James Morris <jmorris at namei.org>
> To: "Serge E. Hallyn" <serge at hallyn.com>
> To: Alasdair Kergon <agk at redhat.com>
> To: Mike Snitzer <snitzer at redhat.com>
> To: dm-devel at redhat.com
> To: Song Liu <song at kernel.org>
> To: Richard Weinberger <richard at nod.at>
> Cc: linux-kernel at vger.kernel.org
> Cc: linux-raid at vger.kernel.org
> Cc: linux-integrity at vger.kernel.org
> Cc: keyrings at vger.kernel.org
> Cc: linux-mtd at lists.infradead.org
> Cc: linux-security-module at vger.kernel.org
>
> Ahmad Fatoum (4):
> keys: introduce key_extract_material helper
> dm: crypt: use new key_extract_material helper
> ubifs: auth: remove never hit key type error check
> ubifs: auth: consult encrypted and trusted keys if no logon key was found
>
> Documentation/filesystems/ubifs.rst | 2 +-
> drivers/md/dm-crypt.c | 65 ++++--------------------------
> fs/ubifs/auth.c | 25 +++++-------
> include/linux/key.h | 45 +++++++++++++++++++++-
> security/keys/key.c | 40 ++++++++++++++++++-
> 5 files changed, 107 insertions(+), 70 deletions(-)
>
> base-commit: 2734d6c1b1a089fb593ef6a23d4b70903526fe0c
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the Linux-security-module-archive
mailing list