From: Bart Van Assche <bvanassche@acm.org>
To: Eric Biggers <ebiggers@kernel.org>,
linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org
Cc: linux-arm-msm@vger.kernel.org, linux-scsi@vger.kernel.org,
kernel-team@android.com,
Gaurav Kashyap <quic_gaurkash@quicinc.com>,
Israel Rukshin <israelr@nvidia.com>
Subject: Re: [PATCH v5 1/3] block: add basic hardware-wrapped key support
Date: Thu, 3 Mar 2022 16:53:56 -0800 [thread overview]
Message-ID: <ac499ff9-eeb4-4f25-bb59-3f37477190ed@acm.org> (raw)
In-Reply-To: <20220228070520.74082-2-ebiggers@kernel.org>
On 2/27/22 23:05, Eric Biggers wrote:
> -static u8 blank_key[BLK_CRYPTO_MAX_KEY_SIZE];
> +static u8 blank_key[BLK_CRYPTO_MAX_STANDARD_KEY_SIZE];
>
> static void blk_crypto_fallback_evict_keyslot(unsigned int slot)
> {
> @@ -539,7 +539,7 @@ static int blk_crypto_fallback_init(void)
> if (blk_crypto_fallback_inited)
> return 0;
>
> - prandom_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
> + prandom_bytes(blank_key, BLK_CRYPTO_MAX_STANDARD_KEY_SIZE);
Please use sizeof(blank_key) to make it easier for readers to verify that the
length argument is correct.
> +int blk_crypto_derive_sw_secret(struct blk_crypto_profile *profile,
> + const u8 *wrapped_key,
> + unsigned int wrapped_key_size,
> + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])
> +{
> + int err = -EOPNOTSUPP;
> +
> + if (profile &&
> + (profile->key_types_supported & BLK_CRYPTO_KEY_TYPE_HW_WRAPPED) &&
> + profile->ll_ops.derive_sw_secret) {
> + blk_crypto_hw_enter(profile);
> + err = profile->ll_ops.derive_sw_secret(profile, wrapped_key,
> + wrapped_key_size,
> + sw_secret);
> + blk_crypto_hw_exit(profile);
> + }
> + return err;
> +}
Please use the common kernel style: return early if the preconditions have not
been met. That helps to keep the indentation level low.
> @@ -68,7 +71,10 @@ static int __init bio_crypt_ctx_init(void)
>
> /* Sanity check that no algorithm exceeds the defined limits. */
> for (i = 0; i < BLK_ENCRYPTION_MODE_MAX; i++) {
> - BUG_ON(blk_crypto_modes[i].keysize > BLK_CRYPTO_MAX_KEY_SIZE);
> + BUG_ON(blk_crypto_modes[i].keysize >
> + BLK_CRYPTO_MAX_STANDARD_KEY_SIZE);
> + BUG_ON(blk_crypto_modes[i].security_strength >
> + blk_crypto_modes[i].keysize);
> BUG_ON(blk_crypto_modes[i].ivsize > BLK_CRYPTO_MAX_IV_SIZE);
> }
Does the following advice from Linus Torvalds apply to the above code: "because
there is NO EXCUSE to knowingly kill the kernel"? See also
https://lkml.org/lkml/2016/10/4/1.
Thanks,
Bart.
next prev parent reply other threads:[~2022-03-04 0:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-28 7:05 [PATCH v5 0/3] Support for hardware-wrapped inline encryption keys Eric Biggers
2022-02-28 7:05 ` [PATCH v5 1/3] block: add basic hardware-wrapped key support Eric Biggers
2022-03-04 0:53 ` Bart Van Assche [this message]
2022-03-04 1:07 ` Eric Biggers
2022-02-28 7:05 ` [PATCH v5 2/3] block: add ioctls to create and prepare hardware-wrapped keys Eric Biggers
2022-03-04 0:57 ` Bart Van Assche
2022-02-28 7:05 ` [PATCH v5 3/3] fscrypt: add support for " Eric Biggers
2022-03-04 1:03 ` Bart Van Assche
2022-03-11 5:18 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac499ff9-eeb4-4f25-bb59-3f37477190ed@acm.org \
--to=bvanassche@acm.org \
--cc=ebiggers@kernel.org \
--cc=israelr@nvidia.com \
--cc=kernel-team@android.com \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=quic_gaurkash@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox