On Tue, Jul 27, 2021 at 04:43:49PM +0200, Ahmad Fatoum wrote: > For both v1 and v2 key setup mechanisms, userspace supplies the raw key > material to the kernel after which it is never again disclosed to > userspace. > > Use of encrypted and trusted keys offers stronger guarantees: > The key material is generated within the kernel and is never disclosed to > userspace in clear text and, in the case of trusted keys, can be > directly rooted to a trust source like a TPM chip. > > Add support for trusted and encrypted keys by repurposing > fscrypt_add_key_arg::raw to hold the key description when the new > FSCRYPT_KEY_ARG_TYPE_DESC flag is supplied. The location of the flag > was previously reserved and enforced by ioctl code to be zero, so this > change won't break backwards compatibility. > > Corresponding userspace patches are available for fscryptctl: > https://github.com/google/fscryptctl/pull/23 > > Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> > --- > key_extract_material used by this patch is added in > <cover.b2fdd70b830d12853b12a12e32ceb0c8162c1346.1626945419.git-series.a.fatoum@xxxxxxxxxxxxxx> > which still awaits feedback. > > Sending this RFC out anyway to get some feedback from the fscrypt > developers whether this is the correct way to go about it. > > To: "Theodore Y. Ts'o" <tytso@xxxxxxx> > To: Jaegeuk Kim <jaegeuk@xxxxxxxxxx> > To: Eric Biggers <ebiggers@xxxxxxxxxx> > Cc: Jarkko Sakkinen <jarkko@xxxxxxxxxx> > Cc: James Morris <jmorris@xxxxxxxxx> > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > Cc: James Bottomley <jejb@xxxxxxxxxxxxx> > Cc: Mimi Zohar <zohar@xxxxxxxxxxxxx> > Cc: Sumit Garg <sumit.garg@xxxxxxxxxx> > Cc: David Howells <dhowells@xxxxxxxxxx> > Cc: linux-fscrypt@xxxxxxxxxxxxxxx > Cc: linux-crypto@xxxxxxxxxxxxxxx > Cc: linux-integrity@xxxxxxxxxxxxxxx > Cc: linux-security-module@xxxxxxxxxxxxxxx > Cc: keyrings@xxxxxxxxxxxxxxx > Cc: linux-kernel@xxxxxxxxxxxxxxx > --- > Documentation/filesystems/fscrypt.rst | 24 ++++++++--- > fs/crypto/keyring.c | 59 ++++++++++++++++++++++++--- > include/uapi/linux/fscrypt.h | 16 +++++++- > 3 files changed, 87 insertions(+), 12 deletions(-) > > diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst > index 44b67ebd6e40..83738af2afa3 100644 > --- a/Documentation/filesystems/fscrypt.rst > +++ b/Documentation/filesystems/fscrypt.rst > @@ -681,11 +681,15 @@ It can be executed on any file or directory on the target filesystem, > but using the filesystem's root directory is recommended. It takes in > a pointer to struct fscrypt_add_key_arg, defined as follows:: > > + #define FSCRYPT_KEY_ADD_RAW_ASIS 0 > + #define FSCRYPT_KEY_ADD_RAW_DESC 1 Would be nice to have these documented. /Jarkko
