Re: [RFC][PATCH v3 5/6] encrypted-keys: add ecryptfs format support

[David Howells]

Roberto Sassu <roberto.sassu@xxxxxxxxx> wrote:

>  security/keys/keys_ecryptfs.c            |   81 ++++++++++++++++++++++++++++++
>  security/keys/keys_ecryptfs.h            |   30 +++++++++++

Can you rename these files please?  The 'keys' prefix is redundant.  They're
obviously about keys, or they shouldn't be in this directory.  I'd suggest
something like 'ecryptfs_format.[ch]'.

You might want to make a subdir here specifically for the trusted and
encrypted keys and all their formats and move those files into it if you're
going to have lots of formats.

>  /*
> + * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key
> + *
> + * The description of a encrypted key with format 'ecryptfs' must contain
> + * exactly 16 hexadecimal characters.
> + *
> + */
> +static int valid_ecryptfs_desc(const char *ecryptfs_desc)
> +{

I think we need an additional key type operation - one that allows you to pass
judgement on the description to be given for a key in key_alloc().  On the
other hand, this doesn't help here as you can't do a full check on the key
description without the payload.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/