Re: [PATCH v1.4 4/5] keys: add new trusted key-type

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: David Howells

Subject: Re: [PATCH v1.4 4/5] keys: add new trusted key-type

Date: Friday, November 19, 2010 - 9:23 am

Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:

quoted text> +keyctl print returns an ascii hex copy of the sealed key, which is in standard

I'd quote 'keyctl print' just so it's obvious where the command ends and the
descriptive text starts.

quoted text> +Usage:
> +  keyctl add encrypted name "new key-type:master-key-name keylen" ring
> +  keyctl add encrypted name "load key-type:master-key-name keylen hex_blob" ring
> +  keyctl update keyid "update key-type:master-key-name"
> +
> +where 'key-type' is either 'trusted' or 'user'.

I recommend adding some example commands with all the arguments substituted.
Nothing helps get to grip with an API like knowing what a command is supposed
to look like when it's actually used.

quoted text> +static int trusted_tpm_send(u32 chip_num, unsigned char *cmd, int buflen)

There are still a lot of places in here where you should probably be using
const and size_t.

quoted text> +static int my_get_random(unsigned char *buf, int len)
> +{
> +	struct tpm_buf *tb;
> +	int ret;
> +
> +	tb = kzalloc(sizeof *tb, GFP_KERNEL);
> +	if (!tb)
> +		return -ENOMEM;
> +	ret = tpm_get_random(tb, buf, len);

Using kzalloc() rather than kmalloc() is a waste of time, I'd've thought.
It's a temporary buffer.  Does it really need to be precleared?

quoted text> +	ret = tpm_pcr_extend(TPM_ANY_NUM, pcrnum, hash);
> +	return ret;

Merge.

quoted text> +static int trusted_update(struct key *key, const void *data, size_t datalen)
> +{
> ...
> +	*(datablob + datalen) = '__PLACEHOLDER__5_';

That's what [] is for.

quoted text> +	if (new_o)
> +		kfree(new_o);

kfree() can handle a NULL pointer.

quoted text> +	if (new_o->pcrlock)
> +		ret = pcrlock(new_o->pcrlock);
> +	rcu_assign_pointer(key->payload.data, new_p);
> +	call_rcu(&p->rcu, trusted_rcu_free);

Should there be a check for pcrlock() failure?

quoted text> +/* not already defined in tpm.h - specific to this use */
> +#define TPM_TAG_RQU_COMMAND		193
> +#define TPM_TAG_RQU_AUTH1_COMMAND	194
> ...

Values defined for TPM hardware access really ought to be in a separate file
in include/linux/.  They aren't strictly specific to the trusted key
implementation here; that may be the only user currently in the kernel, but
that doesn't mean there can't be another user.

David
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH v1.4 0/5] keys: trusted and encrypted keys, Mimi Zohar, (Thu Nov 18, 3:42 pm)

Re: [PATCH v1.4 1/5] lib: hex2bin converts ascii hexadecim ..., David Howells, (Fri Nov 19, 8:43 am)

Re: [PATCH v1.4 2/5] tpm: add module_put wrapper, David Howells, (Fri Nov 19, 8:43 am)

Re: [PATCH v1.4 3/5] key: add tpm_send command, David Howells, (Fri Nov 19, 8:45 am)

Re: [PATCH v1.4 3/5] key: add tpm_send command, David Safford, (Fri Nov 19, 9:04 am)

Re: [PATCH v1.4 4/5] keys: add new trusted key-type, David Howells, (Fri Nov 19, 9:23 am)

Re: [PATCH v1.4 5/5] keys: add new key-type encrypted, David Howells, (Fri Nov 19, 9:43 am)

Re: [PATCH v1.4 3/5] key: add tpm_send command, David Howells, (Fri Nov 19, 9:45 am)

Re: [PATCH v1.4 4/5] keys: add new trusted key-type, David Safford, (Fri Nov 19, 11:00 am)

Re: [PATCH v1.4 5/5] keys: add new key-type encrypted, Mimi Zohar, (Mon Nov 22, 5:16 am)

Navigation

Popular discussions


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead "CONFIG_" variables
Mark Brown	[PATCH 2/2] Subject: natsemi: Allow users to disable workaround for DspCfg reset
Tony Breeds	[LGUEST] Look in object dir for .config
git:
Brian Downing	Re: Git in a Nutshell guide
John Benes	Re: master has some toys
Matthias Lederhofer	[PATCH 4/7] introduce GIT_WORK_TREE to specify the work tree
Alexander Sulfrian	[RFC/PATCH] RE: git calls SSH_ASKPASS even if DISPLAY is not set
Junio C Hamano	Re: Rss produced by git is not valid xml?
git-commits-head:
Linux Kernel Mailing List	iSeries: fix section mismatch in iseries_veth
Linux Kernel Mailing List	ixbge: remove TX lock and redo TX accounting.
Linux Kernel Mailing List	ixgbe: fix several counter register errata
Linux Kernel Mailing List	b43: fix build with CONFIG_SSB_PCIHOST=n
Linux Kernel Mailing List	9p: block-based virtio client
linux-netdev:
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
David Daney	[PATCH 5/7] Staging: Octeon Ethernet: Convert to NAPI.
Wolfgang Grandegger	[PATCH net-next v4 1/3] can: mscan: fix improper return if dlc < 8 in start_xmi...
Amit Kumar Salecha	[PATCHv3 NEXT 2/2] NET: Add Qlogic ethernet driver for CNA devices
openbsd-misc:
Theo de Raadt	Re: Old IPSEC bug
Tomáš Bodžár	Problem with vpnc connection - check group password !
Insan Praja SW	Mandoc Compiling Error
Carl Roberso	Re: Cannot change MTU of carp interface?
Richard Daemon	Re: booting openbsd on eee without cd-rom

Colocation donated by:

Syndicate