From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells Subject: Re: [RFC][PATCH v3 5/6] encrypted-keys: add ecryptfs format support Date: Wed, 26 Jan 2011 11:18:45 +0000 Message-ID: <6520.1296040725@redhat.com> References: <1295887497-20198-6-git-send-email-roberto.sassu@polito.it> <1295887497-20198-1-git-send-email-roberto.sassu@polito.it> Cc: dhowells@redhat.com, linux-security-module@vger.kernel.org, keyrings@linux-nfs.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, jmorris@namei.org, zohar@linux.vnet.ibm.com, safford@watson.ibm.com, ramunno@polito.it, tyhicks@linux.vnet.ibm.com, kirkland@canonical.com To: Roberto Sassu Return-path: In-Reply-To: <1295887497-20198-6-git-send-email-roberto.sassu@polito.it> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org Roberto Sassu wrote: > security/keys/keys_ecryptfs.c | 81 ++++++++++++++++++++++++++++++ > security/keys/keys_ecryptfs.h | 30 +++++++++++ Can you rename these files please? The 'keys' prefix is redundant. They're obviously about keys, or they shouldn't be in this directory. I'd suggest something like 'ecryptfs_format.[ch]'. You might want to make a subdir here specifically for the trusted and encrypted keys and all their formats and move those files into it if you're going to have lots of formats. > /* > + * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key > + * > + * The description of a encrypted key with format 'ecryptfs' must contain > + * exactly 16 hexadecimal characters. > + * > + */ > +static int valid_ecryptfs_desc(const char *ecryptfs_desc) > +{ I think we need an additional key type operation - one that allows you to pass judgement on the description to be given for a key in key_alloc(). On the other hand, this doesn't help here as you can't do a full check on the key description without the payload. David