Re: [RFC][PATCH v3 5/6] encrypted-keys: add ecryptfs format support

From: David Howells
Date: Wed Jan 26 2011 - 06:19:07 EST

Roberto Sassu <roberto.sassu@xxxxxxxxx> wrote:

> security/keys/keys_ecryptfs.c | 81 ++++++++++++++++++++++++++++++
> security/keys/keys_ecryptfs.h | 30 +++++++++++

Can you rename these files please? The 'keys' prefix is redundant. They're
obviously about keys, or they shouldn't be in this directory. I'd suggest
something like 'ecryptfs_format.[ch]'.

You might want to make a subdir here specifically for the trusted and
encrypted keys and all their formats and move those files into it if you're
going to have lots of formats.

> /*
> + * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key
> + *
> + * The description of a encrypted key with format 'ecryptfs' must contain
> + * exactly 16 hexadecimal characters.
> + *
> + */
> +static int valid_ecryptfs_desc(const char *ecryptfs_desc)
> +{

I think we need an additional key type operation - one that allows you to pass
judgement on the description to be given for a key in key_alloc(). On the
other hand, this doesn't help here as you can't do a full check on the key
description without the payload.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at