On Fri, 2010-11-19 at 16:23 +0000, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
thanks for the review! - getting closer...
> > +keyctl print returns an ascii hex copy of the sealed key, which is in standard
>
> I'd quote 'keyctl print' just so it's obvious where the command ends and the
> descriptive text starts.
ok
> > +Usage:
> > + keyctl add encrypted name "new key-type:master-key-name keylen" ring
> > + keyctl add encrypted name "load key-type:master-key-name keylen hex_blob" ring
> > + keyctl update keyid "update key-type:master-key-name"
> > +
> > +where 'key-type' is either 'trusted' or 'user'.
>
> I recommend adding some example commands with all the arguments substituted.
> Nothing helps get to grip with an API like knowing what a command is supposed
> to look like when it's actually used.
now that this is moved to documentation, you are right, more examples
would be nice... willdo.
> > +static int trusted_tpm_send(u32 chip_num, unsigned char *cmd, int buflen)
>
> There are still a lot of places in here where you should probably be using
> const and size_t.
will clean up.
> > +static int my_get_random(unsigned char *buf, int len)
> > +{
> > + struct tpm_buf *tb;
> > + int ret;
> > +
> > + tb = kzalloc(sizeof *tb, GFP_KERNEL);
> > + if (!tb)
> > + return -ENOMEM;
> > + ret = tpm_get_random(tb, buf, len);
>
> Using kzalloc() rather than kmalloc() is a waste of time, I'd've thought.
> It's a temporary buffer. Does it really need to be precleared?
In this case, none need to be precleared. Will fix.
> > + ret = tpm_pcr_extend(TPM_ANY_NUM, pcrnum, hash);
> > + return ret;
>
> Merge.
agreed
> > +static int trusted_update(struct key *key, const void *data, size_t datalen)
> > +{
> > ...
> > + *(datablob + datalen) = '\0';
>
> That's what [] is for.
agreed.
> > + if (new_o)
> > + kfree(new_o);
>
> kfree() can handle a NULL pointer.
agreed.
> > + if (new_o->pcrlock)
> > + ret = pcrlock(new_o->pcrlock);
> > + rcu_assign_pointer(key->payload.data, new_p);
> > + call_rcu(&p->rcu, trusted_rcu_free);
>
> Should there be a check for pcrlock() failure?
yes, because if the pcrlock failed, even though the key
was successfully created, it is not safe to use.
Will correct.
> > +/* not already defined in tpm.h - specific to this use */
> > +#define TPM_TAG_RQU_COMMAND 193
> > +#define TPM_TAG_RQU_AUTH1_COMMAND 194
> > ...
>
> Values defined for TPM hardware access really ought to be in a separate file
> in include/linux/. They aren't strictly specific to the trusted key
> implementation here; that may be the only user currently in the kernel, but
> that doesn't mean there can't be another user.
Currently tpm request packet defines are private to the tpm driver.
With the opening of a tpm_send() interface, perhaps it does make
sense for an include/linux/tpm_packet.h for everyone (including tpm.c)
to use, even though there is little overlap currently.
We could create that with these current defines to start,
and then do a cleanup patch for tpm.c to take advantage.
dave
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
