Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp645980ybi; Thu, 30 May 2019 04:35:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqy3DozbC67aJ0YcigXCEuAsmK7bxmzunMF/VygYgXVvYYJFTRZT/swz+ZK1sQmOtRkAnYQh X-Received: by 2002:a62:5487:: with SMTP id i129mr3169622pfb.68.1559216142664; Thu, 30 May 2019 04:35:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559216142; cv=none; d=google.com; s=arc-20160816; b=UEMllp8zOWyN24xkG7biMzQxj0ZsaypaFH2aj8ZduXCLMLjBOV6DAKucJlf4MlEqcD QkadGATJHcxQ62d2c8ezWbThbPnO5ZFhykXX3El6Kwl0JwzvJURrbhcETGTYk2H+cDGz 9OjqVkQHxDHQh7ooyJiYKgkbHr1qRxuwI55iqAlrCOLcgffsxPyjAd79l0xcGM0eSHQj EcSg2CXp1vk0tdGGTT4Vpvr0RHjJ8BAYXqw0LRZYSpGl4dvLoC4H5wMVjGXq15cC5eFB Jk6Ns2p5bJaj7BDJ2UmQYvu1BS08ArcNVDifjsvWAkdu80wRgP378OQm0g3oyLN0RIXI 9khA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=LVnce3jB8qedAfJGJ7Bmf8R/L8NNVzJuyZ0yFdQiU5Q=; b=DnJj4NpUlxBHd25vkT61VZqbSIlkAEN0nu0GlwFleEM/rBcfXu6F2LI1bWFhqiMlHX qggOrBx11s73OHkJMKD8LYemmdMxWGEfO6mL8Cy2BKLpiNNgqzRAHaf+61ZL7CKgYm/K d/T5lb1x+oe7AzvWMkR/VKbjbO3WUNm3EgPsZkgWKHITW/wb240/Rsp5AFfB9xWju0PK 24LqR2W8a8Rgz32KLn7e9Ekv3KfdYo+Nvqi+nooknXJz8yK0p1GUnJUjB/yibDFjD2Oj sW32jGguODD6ON2fWkXYuS6YQ+OtY8lNrV6yqqAU4INLdwEbciHTRAmeF+Zcyze9iK8l iTHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n14si3251918pfa.67.2019.05.30.04.35.19; Thu, 30 May 2019 04:35:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726531AbfE3LfR (ORCPT + 99 others); Thu, 30 May 2019 07:35:17 -0400 Received: from mail-ot1-f67.google.com ([209.85.210.67]:40557 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726065AbfE3LfR (ORCPT ); Thu, 30 May 2019 07:35:17 -0400 Received: by mail-ot1-f67.google.com with SMTP id u11so5260871otq.7 for ; Thu, 30 May 2019 04:35:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LVnce3jB8qedAfJGJ7Bmf8R/L8NNVzJuyZ0yFdQiU5Q=; b=FqcKwiNGK7tNLYyqN5RtDcAU6xEqneoMHGWn21d2LxVK+RugzakgFSH5K0UxEXz55d WJ/Z3z1+UufFMYyHmmq+m3aJZSZQl9rp+TX/Y6B6VukhhUYk/KQFyZu9sO48v4u8ErK/ StGXoLT+VBcXUMvTaIVSu3dReaKtSDN8GDx+JYc0+ORt4HodpQSVvnrRgUcRTRYe9EAk rYoAhxZD4CwE1G8GjWO9XGFghSEQniK0gcs12oNGgoX5bKn0vnuOOvv+nmTGngy8vDQl LQRqc5ojHpjKwt4FeHcaVPqzIXtJB39BWsg6vUeoHV/xBsgdJzEIN28M1erEXi8LbOvz KneQ== X-Gm-Message-State: APjAAAWqCrgQcTJuZhRhvdLUJqLZAQL4MX9/zC13Sta18zUkPPxjgg5W e0hpRR5X5Ndw017WeT30VTOorKB3E2ZldhjBgiVEaQ== X-Received: by 2002:a05:6830:154c:: with SMTP id l12mr2185607otp.66.1559216117035; Thu, 30 May 2019 04:35:17 -0700 (PDT) MIME-Version: 1.0 References: <20190521100034.9651-1-omosnace@redhat.com> <20190530071400.jpadh2fjjaqzyw6m@gondor.apana.org.au> In-Reply-To: <20190530071400.jpadh2fjjaqzyw6m@gondor.apana.org.au> From: Ondrej Mosnacek Date: Thu, 30 May 2019 13:35:06 +0200 Message-ID: Subject: Re: [PATCH] crypto: af_alg - implement keyring support To: Herbert Xu Cc: linux-crypto@vger.kernel.org, keyrings@vger.kernel.org, David Howells , Stephan Mueller , Milan Broz , Ondrej Kozina , Daniel Zatovic Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, May 30, 2019 at 10:12 AM Herbert Xu wrote: > On Tue, May 21, 2019 at 12:00:34PM +0200, Ondrej Mosnacek wrote: > > > > @@ -256,6 +362,48 @@ static int alg_setsockopt(struct socket *sock, int level, int optname, > > goto unlock; > > > > err = alg_setkey(sk, optval, optlen); > > +#ifdef CONFIG_KEYS > > + break; > > + case ALG_SET_KEY_KEYRING_LOGON: > > + if (sock->state == SS_CONNECTED) > > + goto unlock; > > + if (!type->setkey) > > + goto unlock; > > + > > + err = alg_setkey_keyring(sk, &alg_keyring_type_logon, > > + optval, optlen); > > + break; > > + case ALG_SET_KEY_KEYRING_USER: > > + if (sock->state == SS_CONNECTED) > > + goto unlock; > > + if (!type->setkey) > > + goto unlock; > > + > > + err = alg_setkey_keyring(sk, &alg_keyring_type_user, > > + optval, optlen); > > +#if IS_REACHABLE(CONFIG_TRUSTED_KEYS) > > + break; > > + case ALG_SET_KEY_KEYRING_TRUSTED: > > + if (sock->state == SS_CONNECTED) > > + goto unlock; > > + if (!type->setkey) > > + goto unlock; > > + > > + err = alg_setkey_keyring(sk, &alg_keyring_type_trusted, > > + optval, optlen); > > +#endif > > +#if IS_REACHABLE(CONFIG_ENCRYPTED_KEYS) > > + break; > > + case ALG_SET_KEY_KEYRING_ENCRYPTED: > > + if (sock->state == SS_CONNECTED) > > + goto unlock; > > + if (!type->setkey) > > + goto unlock; > > + > > + err = alg_setkey_keyring(sk, &alg_keyring_type_encrypted, > > + optval, optlen); > > +#endif > > +#endif /* CONFIG_KEYS */ > > break; > > What's with the funky placement of "break" outside of the ifdefs? I swear that checkpatch.pl was complaining when I did it the normal way, but now I tried it again and it isn't complaining anymore... Perhaps in the meantime I rebased onto a more recent tree where this checkpatch.pl quirk has been fixed... I'll remove the funk in future revisions. > > > diff --git a/include/uapi/linux/if_alg.h b/include/uapi/linux/if_alg.h > > index bc2bcdec377b..f2d777901f00 100644 > > --- a/include/uapi/linux/if_alg.h > > +++ b/include/uapi/linux/if_alg.h > > @@ -35,6 +35,13 @@ struct af_alg_iv { > > #define ALG_SET_OP 3 > > #define ALG_SET_AEAD_ASSOCLEN 4 > > #define ALG_SET_AEAD_AUTHSIZE 5 > > +#define ALG_SET_PUBKEY 6 /* reserved for future use */ > > +#define ALG_SET_DH_PARAMETERS 7 /* reserved for future use */ > > +#define ALG_SET_ECDH_CURVE 8 /* reserved for future use */ > > Why do you need to reserve these values? Because libkcapi already assumes these values [1] and has code that uses them. Reserving will allow existing builds of libkcapi to work correctly once the functionality actually lands in the kernel (if that ever happens). Of course, it is libkcapi's fault to assume values for these symbols (in released code) before they are commited in the kernel, but it seemed easier to just add them along with this patch rather than creating a confusing situation. [1] https://github.com/smuellerDD/libkcapi/blob/master/lib/internal.h#L54 -- Ondrej Mosnacek Software Engineer, Security Technologies Red Hat, Inc.