Re: [RFC PATCH 2/2] dm-crypt: Use any key type which is registered

[RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt · Franck LENORMAND <hidden> · 2019-03-01
[RFC PATCH 1/2] drivers: crypto: caam: key: Add caam_tk key type · Franck LENORMAND <hidden> · 2019-03-01
[RFC PATCH 2/2] dm-crypt: Use any key type which is registered · Franck LENORMAND <hidden> · 2019-03-01
Re: [RFC PATCH 2/2] dm-crypt: Use any key type which is registered · Maik Otto <hidden> · 2020-01-17
Re: [RFC PATCH 2/2] dm-crypt: Use any key type which is registered · James Bottomley <James.Bottomley@HansenPartnership.com> · 2020-01-18
Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt · Jan Lübbe <jlu@pengutronix.de> · 2019-03-06
RE: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt · Franck Lenormand <hidden> · 2019-03-07
Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt · David Howells <dhowells@redhat.com> · 2019-03-06
RE: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt · Franck Lenormand <hidden> · 2019-03-07
Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt · James Bottomley <James.Bottomley@HansenPartnership.com> · 2020-01-18

From: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: 2020-01-18 17:55:31
Also in: dm-devel, keyrings, lkml

On Fri, 2019-03-01 at 17:09 +0100, Franck LENORMAND wrote:

quoted hunk ↗ jump to hunk

@@ -2025,16 +2027,15 @@ static int crypt_set_keyring_key(struct

crypt_config *cc, const char *key_string
 	if (!key_desc || key_desc == key_string || !strlen(key_desc
+ 1))
 		return -EINVAL;
 
-	if (strncmp(key_string, "logon:", key_desc - key_string + 1)
&&
-	    strncmp(key_string, "user:", key_desc - key_string + 1))
-		return -EINVAL;
+	type = get_key_type(key_string, key_desc - key_string);
+	if (!type)
+		return -ENOENT;

You can't do this.  This check ensures that the key responds correctly
to user_key_payload_locked() lower down.  To do that, the payload has
to be in a specific form.  You ensured that yours are, but dm-crypt
will now accept any key type, load the user payload blindly and create
all sorts of mayhem in the kernel because of the structural differences
in payload types.

James

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help