| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7bc58825-c6d8-5e6d-4e1c-c4375e19c10e@pengutronix.de>
Date: Fri, 6 Aug 2021 12:53:45 +0200
From: Ahmad Fatoum <a.fatoum@...gutronix.de>
To: David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Alasdair Kergon <agk@...hat.com>,
Mike Snitzer <snitzer@...hat.com>, dm-devel@...hat.com,
Song Liu <song@...nel.org>, Richard Weinberger <richard@....at>
Cc: linux-kernel@...r.kernel.org, linux-raid@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
linux-mtd@...ts.infradead.org, kernel@...gutronix.de,
linux-integrity@...r.kernel.org
Subject: Re: [RFC PATCH v1 0/4] keys: introduce key_extract_material helper
Hello everyone,
On 22.07.21 11:17, Ahmad Fatoum wrote:
> While keys of differing type have a common struct key definition, there is
> no common scheme to the payload and key material extraction differs.
>
> For kernel functionality that supports different key types,
> this means duplicated code for key material extraction and because key type
> is discriminated by a pointer to a global, users need to replicate
> reachability checks as well, so builtin code doesn't depend on a key
> type symbol offered by a module.
>
> Make this easier by adding a common helper with initial support for
> user, logon, encrypted and trusted keys.
>
> This series contains two example of its use: dm-crypt uses it to reduce
> boilerplate and ubifs authentication uses it to gain support for trusted
> and encrypted keys alongside the already supported logon keys.
>
> Looking forward to your feedback,
@Mike, Aliasdair: Do you think of key_extract_material as an improvement?
Does someone share the opinion that the helper is useful or should I drop
it and just send out the ubifs auth patch seperately?
Cheers,
Ahmad
> Ahmad
>
> ---
> To: David Howells <dhowells@...hat.com>
> To: Jarkko Sakkinen <jarkko@...nel.org>
> To: James Morris <jmorris@...ei.org>
> To: "Serge E. Hallyn" <serge@...lyn.com>
> To: Alasdair Kergon <agk@...hat.com>
> To: Mike Snitzer <snitzer@...hat.com>
> To: dm-devel@...hat.com
> To: Song Liu <song@...nel.org>
> To: Richard Weinberger <richard@....at>
> Cc: linux-kernel@...r.kernel.org
> Cc: linux-raid@...r.kernel.org
> Cc: linux-integrity@...r.kernel.org
> Cc: keyrings@...r.kernel.org
> Cc: linux-mtd@...ts.infradead.org
> Cc: linux-security-module@...r.kernel.org
>
> Ahmad Fatoum (4):
> keys: introduce key_extract_material helper
> dm: crypt: use new key_extract_material helper
> ubifs: auth: remove never hit key type error check
> ubifs: auth: consult encrypted and trusted keys if no logon key was found
>
> Documentation/filesystems/ubifs.rst | 2 +-
> drivers/md/dm-crypt.c | 65 ++++--------------------------
> fs/ubifs/auth.c | 25 +++++-------
> include/linux/key.h | 45 +++++++++++++++++++++-
> security/keys/key.c | 40 ++++++++++++++++++-
> 5 files changed, 107 insertions(+), 70 deletions(-)
>
> base-commit: 2734d6c1b1a089fb593ef6a23d4b70903526fe0c
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists