All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Roberto Sassu <roberto.sassu@polito.it>
Cc: keyrings@linux-nfs.org, linux-crypto@vger.kernel.org,
	David Howells <dhowells@redhat.com>,
	David Safford <safford@watson.ibm.com>,
	Rajiv Andrade <srajiv@linux.vnet.ibm.com>,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH 1/2] keys: fixed handling of update method of the encrypted key type
Date: Thu, 07 Oct 2010 17:03:11 -0400	[thread overview]
Message-ID: <1286485391.2809.7.camel@localhost.localdomain> (raw)
In-Reply-To: <201010071429.24664.roberto.sassu@polito.it>

Nice! This patch applies cleanly to the trusted/encrypted patch set
posted today.

thanks,

Acked-by: Mimi Zohar <zohar@us.ibm.com>

On Thu, 2010-10-07 at 14:29 +0200, Roberto Sassu wrote:
> This patch adds the UPDATE keyword for encrypted key types:
> prevents updating existent keys if UPDATE is missing and creating
> new keys when UPDATE is specified.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
> ---
>  security/keys/encrypted_defined.c |   31 +++++++++++++++++++++++--------
>  1 files changed, 23 insertions(+), 8 deletions(-)
> 
> diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c
> index 6b26db6..54c0f0f 100644
> --- a/security/keys/encrypted_defined.c
> +++ b/security/keys/encrypted_defined.c
> @@ -64,7 +64,8 @@ static int aes_get_sizes(int *ivsize, int *blksize)
>  }
>  
>  enum {
> -	Opt_err = -1, Opt_new = 1, Opt_load, Opt_NEW, Opt_LOAD
> +	Opt_err = -1, Opt_new = 1, Opt_load, 
> +	Opt_update, Opt_NEW, Opt_LOAD, Opt_UPDATE
>  };
>  
>  static match_table_t key_tokens = {
> @@ -72,6 +73,8 @@ static match_table_t key_tokens = {
>  	{Opt_NEW, "NEW"},
>  	{Opt_load, "load"},
>  	{Opt_LOAD, "LOAD"},
> +	{Opt_update, "update"},
> +	{Opt_UPDATE, "UPDATE"},
>  	{Opt_err, NULL}
>  };
>  
> @@ -81,6 +84,7 @@ static match_table_t key_tokens = {
>   * datablob format:
>   * NEW <master-key name> <decrypted data length>
>   * LOAD <master-key name> <decrypted data length> <encrypted iv + data>
> + * UPDATE <new-master-key name>
>   *
>   * Tokenizes a copy of the keyctl data, returning a pointer to each token,
>   * which is null terminated.
> @@ -104,23 +108,36 @@ static int datablob_parse(char *datablob, char **master_desc,
>  	*master_desc = strsep(&datablob, " \t");
>  	if (!*master_desc)
>  		goto out;
> -	*decrypted_datalen = strsep(&datablob, " \t");
> -	if (!*decrypted_datalen)
> -		goto out;
> +
> +	if (decrypted_datalen) {
> +		*decrypted_datalen = strsep(&datablob, " \t");
> +		if (!*decrypted_datalen)
> +			goto out;
> +	}
>  
>  	switch (key_cmd) {
>  	case Opt_new:
>  	case Opt_NEW:
> +		if (!decrypted_datalen)
> +			break;
>  		ret = 0;
>  		break;
>  	case Opt_load:
>  	case Opt_LOAD:
> +		if (!decrypted_datalen)
> +			break;
>  		*hex_encoded_iv = strsep(&datablob, " \t");
>  		if (!*hex_encoded_iv)
>  			break;
>  		*hex_encoded_data = *hex_encoded_iv + (2 * ivsize) + 2;
>  		ret = 0;
>  		break;
> +	case Opt_update:
> +	case Opt_UPDATE:
> +		if (decrypted_datalen)
> +			break;
> +		ret = 0;
> +		break;
>  	case Opt_err:
>  		break;
>  	}
> @@ -647,11 +664,9 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen)
>  		return -ENOMEM;
>  
>  	memcpy(buf, data, datalen);
> -	new_master_desc = strsep(&buf, " \t");
> -	if (!*new_master_desc) {
> -		ret = -EINVAL;
> +	ret = datablob_parse(buf, &new_master_desc, NULL, NULL, NULL);
> +	if (ret < 0)
>  		goto out;
> -	}
>  
>  	new_epayload = encrypted_key_alloc(key, new_master_desc,
>  					   epayload->datalen);

      reply	other threads:[~2010-10-07 21:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-10-07 12:29 [PATCH 1/2] keys: fixed handling of update method of the encrypted key type Roberto Sassu
2010-10-07 21:03 ` Mimi Zohar [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1286485391.2809.7.camel@localhost.localdomain \
    --to=zohar@linux.vnet.ibm.com \
    --cc=dhowells@redhat.com \
    --cc=keyrings@linux-nfs.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=roberto.sassu@polito.it \
    --cc=safford@watson.ibm.com \
    --cc=srajiv@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.