From: Artem Bityutskiy <dedekind1@gmail.com>
To: Joel Reardon <joel@clambassador.com>
Cc: linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [patch] Remove notion of key schemes
Date: Fri, 16 Mar 2012 14:43:04 +0200 [thread overview]
Message-ID: <1331901784.3730.72.camel@sauron.fi.intel.com> (raw)
In-Reply-To: <alpine.DEB.2.00.1203151545410.26775@eristoteles.iwoars.net>
[-- Attachment #1: Type: text/plain, Size: 2230 bytes --]
On Thu, 2012-03-15 at 15:48 +0100, Joel Reardon wrote:
> @@ -112,8 +109,7 @@ static inline void ino_key_init_flash(const struct ubifs_info *c, void *k,
> union ubifs_key *key = k;
>
> key->j32[0] = cpu_to_le32(inum);
> - key->j32[1] = cpu_to_le32(UBIFS_INO_KEY << UBIFS_S_KEY_BLOCK_BITS);
> - memset(k + 8, 0, UBIFS_MAX_KEY_LEN - 8);
> + key->j32[1] = cpu_to_le32(UBIFS_INO_KEY << UBIFS_KEY_BLOCK_BITS);
> }
So current UBIFS driver will always zero out unused parts of the key.
Looks like a flaw in UBIFS, but it is too late to do anything about
this. Could you please also think about the situation when a
security-enabled image is mounted in an older kernel which will start
zeroing unused bytes. What will happen when it is mounted by newer UBIFS
with the security stuff? Would be great to make sure this is handled
nicely.
> /**
> - * key_max_inode_size - get maximum file size allowed by current key format.
> + * key_max_inode_size - get maximum file size allowed.
> * @c: UBIFS file-system description object
> */
> static inline unsigned long long key_max_inode_size(const struct ubifs_info *c)
> {
> - switch (c->key_fmt) {
> - case UBIFS_SIMPLE_KEY_FMT:
> - return (1ULL << UBIFS_S_KEY_BLOCK_BITS) * UBIFS_BLOCK_SIZE;
> - default:
> - return 0;
> - }
> + return (1ULL << UBIFS_KEY_BLOCK_BITS) * UBIFS_BLOCK_SIZE;
> }
I think this function should also be removed and turned into a macro.
> struct ubifs_dent_node {
> struct ubifs_ch ch;
> - __u8 key[UBIFS_MAX_KEY_LEN];
> + __u8 key[UBIFS_KEY_LEN];
> + __u8 padding0[8]; /* Watch 'zero_dent_node_unused()' if changing! */
> __le64 inum;
> - __u8 padding1;
> + __u8 padding1; /* Watch 'zero_dent_node_unused()' if changing! */
> __u8 type;
> __le16 nlen;
> __u8 padding2[4]; /* Watch 'zero_dent_node_unused()' if changing! */
> @@ -552,7 +547,8 @@ struct ubifs_dent_node {
> */
> struct ubifs_data_node {
> struct ubifs_ch ch;
> - __u8 key[UBIFS_MAX_KEY_LEN];
> + __u8 key[UBIFS_KEY_LEN];
> + __le64 crypto_lookup;
Err, no, this patch should be _pure_ key schemes removal. All the crypto
stuff should be separate.
Otherwise looks good!
--
Best Regards,
Artem Bityutskiy
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2012-03-16 12:40 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 15:24 [patch] Adding Secure Deletion to UBIFS Joel Reardon
2012-02-13 16:54 ` Artem Bityutskiy
2012-02-23 14:59 ` Joel Reardon
2012-02-23 15:29 ` [patch] Add encryption key parameter to compress/decompress functions Joel Reardon
2012-03-09 7:17 ` Artem Bityutskiy
2012-03-19 16:54 ` [patch] Add design document for UBIFS secure deletion Joel Reardon
2012-03-20 20:10 ` Randy Dunlap
2012-03-21 13:26 ` Joel Reardon
2012-03-21 16:20 ` Artem Bityutskiy
2012-03-21 16:10 ` Artem Bityutskiy
2012-03-23 13:50 ` Joel Reardon
2012-03-23 15:38 ` Artem Bityutskiy
2012-03-23 16:38 ` Joel Reardon
2012-03-26 15:03 ` Artem Bityutskiy
2012-02-29 17:09 ` [patch] Adding Secure Deletion to UBIFS Artem Bityutskiy
2012-03-15 14:48 ` [patch] Remove notion of key schemes Joel Reardon
2012-03-16 12:43 ` Artem Bityutskiy [this message]
2012-03-16 12:51 ` Artem Bityutskiy
2012-03-16 13:34 ` Joel Reardon
2012-03-16 13:41 ` Artem Bityutskiy
2012-03-16 15:02 ` Joel Reardon
2012-03-19 14:56 ` Artem Bityutskiy
2012-02-20 20:15 ` [patch] Move CRC computation to separate function Joel Reardon
2012-02-29 16:10 ` Artem Bityutskiy
2012-03-19 22:46 ` Joel Reardon
2012-03-23 14:09 ` Artem Bityutskiy
2012-03-23 16:45 ` Joel Reardon
2012-03-23 16:51 ` Artem Bityutskiy
2012-03-25 20:38 ` Joel Reardon
2012-03-26 15:34 ` Artem Bityutskiy
2012-03-25 21:11 ` [patch] Add a encryption key parameter to the compress / decompress function Joel Reardon
2012-03-25 21:38 ` [patch] Add cryptographic functionality when a key is passed to the compress / decompress functions Joel Reardon
2012-03-27 8:33 ` Artem Bityutskiy
2012-03-29 14:39 ` [patch] UBIFS: " Joel Reardon
2012-04-02 14:36 ` Artem Bityutskiy
2012-04-02 14:48 ` Joel Reardon
2012-04-02 14:57 ` Artem Bityutskiy
2012-04-02 14:58 ` Joel Reardon
2012-04-03 10:29 ` Joel Reardon
2012-04-03 10:41 ` Guillaume LECERF
2012-04-03 11:35 ` Joel Reardon
2012-03-27 8:27 ` [patch] Add a encryption key parameter to the compress / decompress function Artem Bityutskiy
2012-03-29 14:11 ` [patch] UBIFS: " Joel Reardon
2012-04-02 14:02 ` Artem Bityutskiy
2012-02-29 17:25 ` [patch] Adding Secure Deletion to UBIFS Artem Bityutskiy
2012-03-01 13:41 ` Joel Reardon
2012-03-09 7:36 ` Artem Bityutskiy
2012-03-09 19:29 ` Joel Reardon
2012-03-12 13:30 ` Artem Bityutskiy
2012-03-12 13:34 ` Joel Reardon
2012-03-12 13:36 ` Artem Bityutskiy
2012-03-12 13:37 ` Joel Reardon
2012-03-14 10:20 ` Joel Reardon
2012-03-14 10:27 ` Artem Bityutskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1331901784.3730.72.camel@sauron.fi.intel.com \
--to=dedekind1@gmail.com \
--cc=joel@clambassador.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).