[RFC PATCH v1 2/4] dm: crypt: use new key_extract_material helper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There is a common function now to extract key material out of a few
different key types, which includes all types currently supported by
dm-crypt. Make use of it.

Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
---
To: David Howells <dhowells@xxxxxxxxxx>
To: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
To: James Morris <jmorris@xxxxxxxxx>
To: "Serge E. Hallyn" <serge@xxxxxxxxxx>
To: Alasdair Kergon <agk@xxxxxxxxxx>
To: Mike Snitzer <snitzer@xxxxxxxxxx>
To: dm-devel@xxxxxxxxxx
To: Song Liu <song@xxxxxxxxxx>
To: Richard Weinberger <richard@xxxxxx>
Cc: linux-kernel@xxxxxxxxxxxxxxx
Cc: linux-raid@xxxxxxxxxxxxxxx
Cc: keyrings@xxxxxxxxxxxxxxx
Cc: linux-mtd@xxxxxxxxxxxxxxxxxxx
Cc: linux-security-module@xxxxxxxxxxxxxxx
Cc: linux-integrity@xxxxxxxxxxxxxxx
---
 drivers/md/dm-crypt.c | 65 ++++++--------------------------------------
 1 file changed, 9 insertions(+), 56 deletions(-)

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 50f4cbd600d5..576d6b7ce231 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2421,61 +2421,14 @@ static bool contains_whitespace(const char *str)
 	return false;
 }
 
-static int set_key_user(struct crypt_config *cc, struct key *key)
-{
-	const struct user_key_payload *ukp;
-
-	ukp = user_key_payload_locked(key);
-	if (!ukp)
-		return -EKEYREVOKED;
-
-	if (cc->key_size != ukp->datalen)
-		return -EINVAL;
-
-	memcpy(cc->key, ukp->data, cc->key_size);
-
-	return 0;
-}
-
-static int set_key_encrypted(struct crypt_config *cc, struct key *key)
-{
-	const struct encrypted_key_payload *ekp;
-
-	ekp = key->payload.data[0];
-	if (!ekp)
-		return -EKEYREVOKED;
-
-	if (cc->key_size != ekp->decrypted_datalen)
-		return -EINVAL;
-
-	memcpy(cc->key, ekp->decrypted_data, cc->key_size);
-
-	return 0;
-}
-
-static int set_key_trusted(struct crypt_config *cc, struct key *key)
-{
-	const struct trusted_key_payload *tkp;
-
-	tkp = key->payload.data[0];
-	if (!tkp)
-		return -EKEYREVOKED;
-
-	if (cc->key_size != tkp->key_len)
-		return -EINVAL;
-
-	memcpy(cc->key, tkp->key, cc->key_size);
-
-	return 0;
-}
-
 static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)
 {
 	char *new_key_string, *key_desc;
 	int ret;
+	unsigned int len;
 	struct key_type *type;
 	struct key *key;
-	int (*set_key)(struct crypt_config *cc, struct key *key);
+	const void *key_material;
 
 	/*
 	 * Reject key_string with whitespace. dm core currently lacks code for
@@ -2493,18 +2446,14 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
 
 	if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) {
 		type = &key_type_logon;
-		set_key = set_key_user;
 	} else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) {
 		type = &key_type_user;
-		set_key = set_key_user;
 	} else if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS) &&
 		   !strncmp(key_string, "encrypted:", key_desc - key_string + 1)) {
 		type = &key_type_encrypted;
-		set_key = set_key_encrypted;
 	} else if (IS_ENABLED(CONFIG_TRUSTED_KEYS) &&
 	           !strncmp(key_string, "trusted:", key_desc - key_string + 1)) {
 		type = &key_type_trusted;
-		set_key = set_key_trusted;
 	} else {
 		return -EINVAL;
 	}
@@ -2521,14 +2470,18 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
 
 	down_read(&key->sem);
 
-	ret = set_key(cc, key);
-	if (ret < 0) {
+	key_material = key_extract_material(key, &len);
+	if (!IS_ERR(key_material) && len != cc->key_size)
+		key_material = ERR_PTR(-EINVAL);
+	if (IS_ERR(key_material)) {
 		up_read(&key->sem);
 		key_put(key);
 		kfree_sensitive(new_key_string);
-		return ret;
+		return PTR_ERR(key_material);
 	}
 
+	memcpy(cc->key, key_material, len);
+
 	up_read(&key->sem);
 	key_put(key);
 
-- 
git-series 0.9.1

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/dm-devel




[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux