Hello everyone, On 22.07.21 11:17, Ahmad Fatoum wrote: > While keys of differing type have a common struct key definition, there is > no common scheme to the payload and key material extraction differs. > > For kernel functionality that supports different key types, > this means duplicated code for key material extraction and because key type > is discriminated by a pointer to a global, users need to replicate > reachability checks as well, so builtin code doesn't depend on a key > type symbol offered by a module. > > Make this easier by adding a common helper with initial support for > user, logon, encrypted and trusted keys. > > This series contains two example of its use: dm-crypt uses it to reduce > boilerplate and ubifs authentication uses it to gain support for trusted > and encrypted keys alongside the already supported logon keys. > > Looking forward to your feedback, @Mike, Aliasdair: Do you think of key_extract_material as an improvement? Does someone share the opinion that the helper is useful or should I drop it and just send out the ubifs auth patch seperately? Cheers, Ahmad > Ahmad > > --- > To: David Howells <dhowells@xxxxxxxxxx> > To: Jarkko Sakkinen <jarkko@xxxxxxxxxx> > To: James Morris <jmorris@xxxxxxxxx> > To: "Serge E. Hallyn" <serge@xxxxxxxxxx> > To: Alasdair Kergon <agk@xxxxxxxxxx> > To: Mike Snitzer <snitzer@xxxxxxxxxx> > To: dm-devel@xxxxxxxxxx > To: Song Liu <song@xxxxxxxxxx> > To: Richard Weinberger <richard@xxxxxx> > Cc: linux-kernel@xxxxxxxxxxxxxxx > Cc: linux-raid@xxxxxxxxxxxxxxx > Cc: linux-integrity@xxxxxxxxxxxxxxx > Cc: keyrings@xxxxxxxxxxxxxxx > Cc: linux-mtd@xxxxxxxxxxxxxxxxxxx > Cc: linux-security-module@xxxxxxxxxxxxxxx > > Ahmad Fatoum (4): > keys: introduce key_extract_material helper > dm: crypt: use new key_extract_material helper > ubifs: auth: remove never hit key type error check > ubifs: auth: consult encrypted and trusted keys if no logon key was found > > Documentation/filesystems/ubifs.rst | 2 +- > drivers/md/dm-crypt.c | 65 ++++-------------------------- > fs/ubifs/auth.c | 25 +++++------- > include/linux/key.h | 45 +++++++++++++++++++++- > security/keys/key.c | 40 ++++++++++++++++++- > 5 files changed, 107 insertions(+), 70 deletions(-) > > base-commit: 2734d6c1b1a089fb593ef6a23d4b70903526fe0c > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
