Re: [PATCH 1/2] keys: fixed handling of update method of the encrypted key type

linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Roberto Sassu <roberto.sassu@polito.it>
Cc: keyrings@linux-nfs.org, linux-crypto@vger.kernel.org,
	David Howells <dhowells@redhat.com>,
	David Safford <safford@watson.ibm.com>,
	Rajiv Andrade <srajiv@linux.vnet.ibm.com>,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH 1/2] keys: fixed handling of update method of the encrypted key type
Date: Thu, 07 Oct 2010 17:03:11 -0400	[thread overview]
Message-ID: <1286485391.2809.7.camel@localhost.localdomain> (raw)
In-Reply-To: <201010071429.24664.roberto.sassu@polito.it>

Nice! This patch applies cleanly to the trusted/encrypted patch set
posted today.

thanks,

Acked-by: Mimi Zohar <zohar@us.ibm.com>

On Thu, 2010-10-07 at 14:29 +0200, Roberto Sassu wrote:
> This patch adds the UPDATE keyword for encrypted key types:
> prevents updating existent keys if UPDATE is missing and creating
> new keys when UPDATE is specified.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
> ---
>  security/keys/encrypted_defined.c |   31 +++++++++++++++++++++++--------
>  1 files changed, 23 insertions(+), 8 deletions(-)
> 
> diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c
> index 6b26db6..54c0f0f 100644
> --- a/security/keys/encrypted_defined.c
> +++ b/security/keys/encrypted_defined.c
> @@ -64,7 +64,8 @@ static int aes_get_sizes(int *ivsize, int *blksize)
>  }
>  
>  enum {
> -	Opt_err = -1, Opt_new = 1, Opt_load, Opt_NEW, Opt_LOAD
> +	Opt_err = -1, Opt_new = 1, Opt_load, 
> +	Opt_update, Opt_NEW, Opt_LOAD, Opt_UPDATE
>  };
>  
>  static match_table_t key_tokens = {
> @@ -72,6 +73,8 @@ static match_table_t key_tokens = {
>  	{Opt_NEW, "NEW"},
>  	{Opt_load, "load"},
>  	{Opt_LOAD, "LOAD"},
> +	{Opt_update, "update"},
> +	{Opt_UPDATE, "UPDATE"},
>  	{Opt_err, NULL}
>  };
>  
> @@ -81,6 +84,7 @@ static match_table_t key_tokens = {
>   * datablob format:
>   * NEW <master-key name> <decrypted data length>
>   * LOAD <master-key name> <decrypted data length> <encrypted iv + data>
> + * UPDATE <new-master-key name>
>   *
>   * Tokenizes a copy of the keyctl data, returning a pointer to each token,
>   * which is null terminated.
> @@ -104,23 +108,36 @@ static int datablob_parse(char *datablob, char **master_desc,
>  	*master_desc = strsep(&datablob, " \t");
>  	if (!*master_desc)
>  		goto out;
> -	*decrypted_datalen = strsep(&datablob, " \t");
> -	if (!*decrypted_datalen)
> -		goto out;
> +
> +	if (decrypted_datalen) {
> +		*decrypted_datalen = strsep(&datablob, " \t");
> +		if (!*decrypted_datalen)
> +			goto out;
> +	}
>  
>  	switch (key_cmd) {
>  	case Opt_new:
>  	case Opt_NEW:
> +		if (!decrypted_datalen)
> +			break;
>  		ret = 0;
>  		break;
>  	case Opt_load:
>  	case Opt_LOAD:
> +		if (!decrypted_datalen)
> +			break;
>  		*hex_encoded_iv = strsep(&datablob, " \t");
>  		if (!*hex_encoded_iv)
>  			break;
>  		*hex_encoded_data = *hex_encoded_iv + (2 * ivsize) + 2;
>  		ret = 0;
>  		break;
> +	case Opt_update:
> +	case Opt_UPDATE:
> +		if (decrypted_datalen)
> +			break;
> +		ret = 0;
> +		break;
>  	case Opt_err:
>  		break;
>  	}
> @@ -647,11 +664,9 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen)
>  		return -ENOMEM;
>  
>  	memcpy(buf, data, datalen);
> -	new_master_desc = strsep(&buf, " \t");
> -	if (!*new_master_desc) {
> -		ret = -EINVAL;
> +	ret = datablob_parse(buf, &new_master_desc, NULL, NULL, NULL);
> +	if (ret < 0)
>  		goto out;
> -	}
>  
>  	new_epayload = encrypted_key_alloc(key, new_master_desc,
>  					   epayload->datalen);

     prev parent reply	other threads:[~2010-10-07 21:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-10-07 12:29 [PATCH 1/2] keys: fixed handling of update method of the encrypted key type Roberto Sassu
2010-10-07 21:03 ` Mimi Zohar [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1286485391.2809.7.camel@localhost.localdomain \
    --to=zohar@linux.vnet.ibm.com \
    --cc=dhowells@redhat.com \
    --cc=keyrings@linux-nfs.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=roberto.sassu@polito.it \
    --cc=safford@watson.ibm.com \
    --cc=srajiv@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).