lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 19 Mar 2019 20:06:38 -0400
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Dan Williams <dan.j.williams@...el.com>, keyrings@...r.kernel.org
Cc:     James Bottomley <jejb@...ux.ibm.com>,
        David Howells <dhowells@...hat.com>, vishal.l.verma@...el.com,
        linux-nvdimm@...ts.01.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/6] security/keys/encrypted: Clean up
 request_trusted_key()

On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote:

< snip >

> +/*
> + * request_trusted_key - request the trusted key
> + *
> + * Trusted keys are sealed to PCRs and other metadata. Although userspace
> + * manages both trusted/encrypted key-types, like the encrypted key type
> + * data, trusted key type data is not visible decrypted from userspace.
> + */
> +static struct key *request_trusted_key(const char *trusted_desc,
> +				const u8 **master_key, size_t *master_keylen)
> +{
> +	struct trusted_key_payload *tpayload;
> +	struct key_type *type;
> +	struct key *tkey;
> +
> +	type = key_type_lookup("trusted");

The associated key_type_put() will need to be called.

> +	if (IS_ERR(type)) {
> +		tkey = (struct key *)type;
> +		goto error;
> +	}
> +	tkey = request_key(type, trusted_desc, NULL);
> +	if (IS_ERR(tkey))
> +		goto error;
> +
> +	down_read(&tkey->sem);
> +	tpayload = tkey->payload.data[0];
> +	*master_key = tpayload->key;
> +	*master_keylen = tpayload->key_len;
> +error:
> +	return tkey;
> +}
> +



> diff --git a/security/keys/key.c b/security/keys/key.c
> index 696f1c092c50..9045b62afb04 100644
> --- a/security/keys/key.c
> +++ b/security/keys/key.c
> @@ -706,6 +706,7 @@ struct key_type *key_type_lookup(const char *type)
>  found_kernel_type:
>  	return ktype;
>  }
> +EXPORT_SYMBOL_GPL(key_type_lookup);

Only the kernel is calling key_type_lookup().  Why does
key_type_lookup() need to be exported?

Mimi

>  
>  void key_set_timeout(struct key *key, unsigned timeout)
>  {
> 

Powered by blists - more mailing lists