From: "Timothy R. Chavez" <tinytim@us.ibm.com>
To: Mike Halcrow <mhalcrow@us.ibm.com>
Cc: Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Mike Halcrow <mike@halcrow.us>
Subject: Re: [PATCH 2/12] Support for larger maximum key size
Date: Wed, 21 Jun 2006 09:49:57 -0500 [thread overview]
Message-ID: <1150901397.24002.11.camel@localhost.localdomain> (raw)
In-Reply-To: <E1FsngZ-00078k-Jc@localhost.localdomain>
<snip>
> @@ -806,24 +815,18 @@ write_tag_3_packet(char *dest, int max,
> ECRYPTFS_SIG_SIZE);
> (*key_rec).enc_key_size_bits = crypt_stat->key_size_bits;
> encrypted_session_key_valid = 0;
> - if (auth_tok->session_key.encrypted_key_size == 0)
> - auth_tok->session_key.encrypted_key_size =
> - ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES;
> - for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
> + for (i = 0; i < (crypt_stat->key_size_bits / 8); i++)
Hey Mike,
Why don't you just do this particular calculation once? Just looking
down, you do this same calculation at least 4 other potential times.
int key_size_bytes = crypt_stat->key_size_bits / 8;
for (i = 0; i < key_size_bytes; i++)
-tim
> encrypted_session_key_valid |=
> auth_tok->session_key.encrypted_key[i];
> - if (auth_tok->session_key.encrypted_key_size == 0) {
> - ecryptfs_printk(KERN_WARNING, "auth_tok->session_key."
> - "encrypted_key_size == 0");
> - auth_tok->session_key.encrypted_key_size =
> - ECRYPTFS_DEFAULT_KEY_BYTES;
> - }
> if (encrypted_session_key_valid) {
> memcpy((*key_rec).enc_key,
> auth_tok->session_key.encrypted_key,
> auth_tok->session_key.encrypted_key_size);
> goto encrypted_session_key_set;
> }
> + if (auth_tok->session_key.encrypted_key_size == 0)
> + auth_tok->session_key.encrypted_key_size =
> + (crypt_stat->key_size_bits / 8);
> if (ECRYPTFS_CHECK_FLAG(auth_tok->token.password.flags,
> ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET)) {
> ecryptfs_printk(KERN_DEBUG, "Using previously generated "
> @@ -832,8 +835,7 @@ write_tag_3_packet(char *dest, int max,
> session_key_encryption_key_bytes);
> memcpy(session_key_encryption_key,
> auth_tok->token.password.session_key_encryption_key,
> - auth_tok->token.password.
> - session_key_encryption_key_bytes);
> + (crypt_stat->key_size_bits / 8));
> ecryptfs_printk(KERN_DEBUG,
> "Cached session key " "encryption key: \n");
> if (ecryptfs_verbosity > 0)
> @@ -870,7 +872,7 @@ write_tag_3_packet(char *dest, int max,
> goto out;
> }
> rc = crypto_cipher_setkey(tfm, session_key_encryption_key,
> - ECRYPTFS_DEFAULT_KEY_BYTES);
> + (crypt_stat->key_size_bits / 8));
> if (rc < 0) {
> ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
> "context\n");
> @@ -880,7 +882,7 @@ write_tag_3_packet(char *dest, int max,
> ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
> crypt_stat->key_size_bits / 8);
> crypto_cipher_encrypt(tfm, dest_sg, src_sg,
> - crypt_stat->key_size_bits / 8);
> + (crypt_stat->key_size_bits / 8));
> ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
> if (ecryptfs_verbosity > 0)
> ecryptfs_dump_hex((*key_rec).enc_key,
> @@ -889,7 +891,7 @@ encrypted_session_key_set:
> /* Now we have a valid key_rec. Append it to the
> * key_rec set. */
> key_rec_size = (sizeof(struct ecryptfs_key_record)
> - - ECRYPTFS_MAX_KEY_BYTES
> + - ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES
> + ((*key_rec).enc_key_size_bits / 8) );
> /* TODO: Include a packet size limit as a parameter to this
> * function once we have multi-packet headers (for versions
next prev parent reply other threads:[~2006-06-21 14:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-20 21:21 [PATCH 0/12] eCryptfs minor fixes; support for cipher/key size selection Michael Halcrow
2006-06-20 21:22 ` [PATCH 1/12] asm/scatterlist.h -> linux/scatterlist.h Mike Halcrow
2006-06-20 21:22 ` [PATCH 2/12] Support for larger maximum key size Mike Halcrow
2006-06-21 14:49 ` Timothy R. Chavez [this message]
2006-06-21 15:50 ` Michael Halcrow
2006-06-20 21:23 ` [PATCH 3/12] Add codes for additional ciphers Mike Halcrow
2006-06-21 15:08 ` Timothy R. Chavez
2006-06-20 21:23 ` [PATCH 4/12] Unencrypted key size based on encrypted key size Mike Halcrow
2006-06-20 21:23 ` [PATCH 5/12] Packet and key management update for variable " Mike Halcrow
2006-06-20 21:23 ` [PATCH 6/12] Add ecryptfs_ prefix to mount options; key size parameter Mike Halcrow
2006-06-20 21:23 ` [PATCH 7/12] Set the key size from the default for the mount Mike Halcrow
2006-06-20 21:23 ` [PATCH 8/12] Check for weak keys Mike Halcrow
2006-06-20 21:24 ` [PATCH 9/12] Add #define values for cipher codes from RFC2440 (OpenPGP) Mike Halcrow
2006-06-20 21:24 ` [PATCH 10/12] Convert bits to bytes Mike Halcrow
2006-06-20 21:24 ` [PATCH 11/12] More elegant AES key size manipulation Mike Halcrow
2006-06-20 21:24 ` [PATCH 12/12] More intelligent use of TFM objects Mike Halcrow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1150901397.24002.11.camel@localhost.localdomain \
--to=tinytim@us.ibm.com \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhalcrow@us.ibm.com \
--cc=mike@halcrow.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.