lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Jul 2021 11:17:58 +0200
From:   Ahmad Fatoum <a.fatoum@...gutronix.de>
To:     David Howells <dhowells@...hat.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Alasdair Kergon <agk@...hat.com>,
        Mike Snitzer <snitzer@...hat.com>, dm-devel@...hat.com,
        Song Liu <song@...nel.org>, Richard Weinberger <richard@....at>
Cc:     kernel@...gutronix.de, linux-kernel@...r.kernel.org,
        linux-raid@...r.kernel.org, linux-integrity@...r.kernel.org,
        keyrings@...r.kernel.org, linux-mtd@...ts.infradead.org,
        linux-security-module@...r.kernel.org
Subject: [RFC PATCH v1 0/4] keys: introduce key_extract_material helper

While keys of differing type have a common struct key definition, there is
no common scheme to the payload and key material extraction differs.

For kernel functionality that supports different key types,
this means duplicated code for key material extraction and because key type
is discriminated by a pointer to a global, users need to replicate
reachability checks as well, so builtin code doesn't depend on a key
type symbol offered by a module.

Make this easier by adding a common helper with initial support for
user, logon, encrypted and trusted keys.

This series contains two example of its use: dm-crypt uses it to reduce
boilerplate and ubifs authentication uses it to gain support for trusted
and encrypted keys alongside the already supported logon keys.

Looking forward to your feedback,
Ahmad

---
To: David Howells <dhowells@...hat.com>
To: Jarkko Sakkinen <jarkko@...nel.org>
To: James Morris <jmorris@...ei.org>
To: "Serge E. Hallyn" <serge@...lyn.com>
To: Alasdair Kergon <agk@...hat.com>
To: Mike Snitzer <snitzer@...hat.com>
To: dm-devel@...hat.com
To: Song Liu <song@...nel.org>
To: Richard Weinberger <richard@....at>
Cc: linux-kernel@...r.kernel.org
Cc: linux-raid@...r.kernel.org
Cc: linux-integrity@...r.kernel.org
Cc: keyrings@...r.kernel.org
Cc: linux-mtd@...ts.infradead.org
Cc: linux-security-module@...r.kernel.org

Ahmad Fatoum (4):
  keys: introduce key_extract_material helper
  dm: crypt: use new key_extract_material helper
  ubifs: auth: remove never hit key type error check
  ubifs: auth: consult encrypted and trusted keys if no logon key was found

 Documentation/filesystems/ubifs.rst |  2 +-
 drivers/md/dm-crypt.c               | 65 ++++--------------------------
 fs/ubifs/auth.c                     | 25 +++++-------
 include/linux/key.h                 | 45 +++++++++++++++++++++-
 security/keys/key.c                 | 40 ++++++++++++++++++-
 5 files changed, 107 insertions(+), 70 deletions(-)

base-commit: 2734d6c1b1a089fb593ef6a23d4b70903526fe0c
-- 
git-series 0.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ