There is a common function now to extract key material out of a few different key types, which includes all types currently supported by dm-crypt. Make use of it. Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> --- To: David Howells <dhowells@xxxxxxxxxx> To: Jarkko Sakkinen <jarkko@xxxxxxxxxx> To: James Morris <jmorris@xxxxxxxxx> To: "Serge E. Hallyn" <serge@xxxxxxxxxx> To: Alasdair Kergon <agk@xxxxxxxxxx> To: Mike Snitzer <snitzer@xxxxxxxxxx> To: dm-devel@xxxxxxxxxx To: Song Liu <song@xxxxxxxxxx> To: Richard Weinberger <richard@xxxxxx> Cc: linux-kernel@xxxxxxxxxxxxxxx Cc: linux-raid@xxxxxxxxxxxxxxx Cc: keyrings@xxxxxxxxxxxxxxx Cc: linux-mtd@xxxxxxxxxxxxxxxxxxx Cc: linux-security-module@xxxxxxxxxxxxxxx Cc: linux-integrity@xxxxxxxxxxxxxxx --- drivers/md/dm-crypt.c | 65 ++++++-------------------------------------- 1 file changed, 9 insertions(+), 56 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 50f4cbd600d5..576d6b7ce231 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2421,61 +2421,14 @@ static bool contains_whitespace(const char *str) return false; } -static int set_key_user(struct crypt_config *cc, struct key *key) -{ - const struct user_key_payload *ukp; - - ukp = user_key_payload_locked(key); - if (!ukp) - return -EKEYREVOKED; - - if (cc->key_size != ukp->datalen) - return -EINVAL; - - memcpy(cc->key, ukp->data, cc->key_size); - - return 0; -} - -static int set_key_encrypted(struct crypt_config *cc, struct key *key) -{ - const struct encrypted_key_payload *ekp; - - ekp = key->payload.data[0]; - if (!ekp) - return -EKEYREVOKED; - - if (cc->key_size != ekp->decrypted_datalen) - return -EINVAL; - - memcpy(cc->key, ekp->decrypted_data, cc->key_size); - - return 0; -} - -static int set_key_trusted(struct crypt_config *cc, struct key *key) -{ - const struct trusted_key_payload *tkp; - - tkp = key->payload.data[0]; - if (!tkp) - return -EKEYREVOKED; - - if (cc->key_size != tkp->key_len) - return -EINVAL; - - memcpy(cc->key, tkp->key, cc->key_size); - - return 0; -} - static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string) { char *new_key_string, *key_desc; int ret; + unsigned int len; struct key_type *type; struct key *key; - int (*set_key)(struct crypt_config *cc, struct key *key); + const void *key_material; /* * Reject key_string with whitespace. dm core currently lacks code for @@ -2493,18 +2446,14 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) { type = &key_type_logon; - set_key = set_key_user; } else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) { type = &key_type_user; - set_key = set_key_user; } else if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS) && !strncmp(key_string, "encrypted:", key_desc - key_string + 1)) { type = &key_type_encrypted; - set_key = set_key_encrypted; } else if (IS_ENABLED(CONFIG_TRUSTED_KEYS) && !strncmp(key_string, "trusted:", key_desc - key_string + 1)) { type = &key_type_trusted; - set_key = set_key_trusted; } else { return -EINVAL; } @@ -2521,14 +2470,18 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string down_read(&key->sem); - ret = set_key(cc, key); - if (ret < 0) { + key_material = key_extract_material(key, &len); + if (!IS_ERR(key_material) && len != cc->key_size) + key_material = ERR_PTR(-EINVAL); + if (IS_ERR(key_material)) { up_read(&key->sem); key_put(key); kfree_sensitive(new_key_string); - return ret; + return PTR_ERR(key_material); } + memcpy(cc->key, key_material, len); + up_read(&key->sem); key_put(key); -- git-series 0.9.1 -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel