| Message ID | 155380003495.7924.1527087606331560941.stgit@djiang5-desk3.ch.intel.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [1/3] ndctl: fix load-keys for user master-key | expand |
On Thu, Mar 28, 2019 at 12:07 PM Dave Jiang <dave.jiang@intel.com> wrote: > > The syntax for loading user master key is different than loading a trusted > key. Fix so we can load user key properly. > > Signed-off-by: Dave Jiang <dave.jiang@intel.com> > --- > ndctl/load-keys.c | 13 +++++-------- > ndctl/util/keys.c | 20 +++++++++++++++----- > ndctl/util/keys.h | 10 ++++++++-- > 3 files changed, 28 insertions(+), 15 deletions(-) > > diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c > index 19380152..c0d0d743 100644 > --- a/ndctl/load-keys.c > +++ b/ndctl/load-keys.c > @@ -25,12 +25,7 @@ static struct parameters { > const char *tpm_handle; > } param; > > -enum key_type { > - KEY_USER = 0, > - KEY_TRUSTED, > -}; > - > -static const char *key_names[] = {"user", "trusted"}; > +static const char *key_names[] = {"user", "trusted", "encrypted"}; > > static struct loadkeys { > enum key_type key_type; > @@ -44,6 +39,7 @@ static int load_master_key(struct loadkeys *lk_ctx, const char *keypath) > char *blob; > int size, rc; > char path[PATH_MAX]; > + enum key_type; > > rc = sprintf(path, "%s/nvdimm-master.blob", keypath); > if (rc < 0) > @@ -65,7 +61,8 @@ static int load_master_key(struct loadkeys *lk_ctx, const char *keypath) > return -errno; > } > > - blob = ndctl_load_key_blob(path, &size, param.tpm_handle, -1); > + blob = ndctl_load_key_blob(path, &size, param.tpm_handle, -1, > + lk_ctx->key_type); Where is lk_ctx->key_type set? I don't think I see any assignments in this patch.
On 3/28/19 12:18 PM, Dan Williams wrote: > On Thu, Mar 28, 2019 at 12:07 PM Dave Jiang <dave.jiang@intel.com> wrote: >> >> The syntax for loading user master key is different than loading a trusted >> key. Fix so we can load user key properly. >> >> Signed-off-by: Dave Jiang <dave.jiang@intel.com> >> --- >> ndctl/load-keys.c | 13 +++++-------- >> ndctl/util/keys.c | 20 +++++++++++++++----- >> ndctl/util/keys.h | 10 ++++++++-- >> 3 files changed, 28 insertions(+), 15 deletions(-) >> >> diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c >> index 19380152..c0d0d743 100644 >> --- a/ndctl/load-keys.c >> +++ b/ndctl/load-keys.c >> @@ -25,12 +25,7 @@ static struct parameters { >> const char *tpm_handle; >> } param; >> >> -enum key_type { >> - KEY_USER = 0, >> - KEY_TRUSTED, >> -}; >> - >> -static const char *key_names[] = {"user", "trusted"}; >> +static const char *key_names[] = {"user", "trusted", "encrypted"}; >> >> static struct loadkeys { >> enum key_type key_type; >> @@ -44,6 +39,7 @@ static int load_master_key(struct loadkeys *lk_ctx, const char *keypath) >> char *blob; >> int size, rc; >> char path[PATH_MAX]; >> + enum key_type; >> >> rc = sprintf(path, "%s/nvdimm-master.blob", keypath); >> if (rc < 0) >> @@ -65,7 +61,8 @@ static int load_master_key(struct loadkeys *lk_ctx, const char *keypath) >> return -errno; >> } >> >> - blob = ndctl_load_key_blob(path, &size, param.tpm_handle, -1); >> + blob = ndctl_load_key_blob(path, &size, param.tpm_handle, -1, >> + lk_ctx->key_type); > > Where is lk_ctx->key_type set? I don't think I see any assignments in > this patch. > In ndctl/load-keys.c:load_master_key() previously. It's not new.
diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c index 19380152..c0d0d743 100644 --- a/ndctl/load-keys.c +++ b/ndctl/load-keys.c @@ -25,12 +25,7 @@ static struct parameters { const char *tpm_handle; } param; -enum key_type { - KEY_USER = 0, - KEY_TRUSTED, -}; - -static const char *key_names[] = {"user", "trusted"}; +static const char *key_names[] = {"user", "trusted", "encrypted"}; static struct loadkeys { enum key_type key_type; @@ -44,6 +39,7 @@ static int load_master_key(struct loadkeys *lk_ctx, const char *keypath) char *blob; int size, rc; char path[PATH_MAX]; + enum key_type; rc = sprintf(path, "%s/nvdimm-master.blob", keypath); if (rc < 0) @@ -65,7 +61,8 @@ static int load_master_key(struct loadkeys *lk_ctx, const char *keypath) return -errno; } - blob = ndctl_load_key_blob(path, &size, param.tpm_handle, -1); + blob = ndctl_load_key_blob(path, &size, param.tpm_handle, -1, + lk_ctx->key_type); if (!blob) return -ENOMEM; @@ -122,7 +119,7 @@ static int load_dimm_keys(struct loadkeys *lk_ctx) } blob = ndctl_load_key_blob(dent->d_name, &size, NULL, - lk_ctx->dirfd); + lk_ctx->dirfd, KEY_ENCRYPTED); if (!blob) { free(fname); continue; diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c index 622533d7..a621a5f5 100644 --- a/ndctl/util/keys.c +++ b/ndctl/util/keys.c @@ -103,13 +103,17 @@ static int get_key_desc(struct ndctl_dimm *dimm, char *desc, } char *ndctl_load_key_blob(const char *path, int *size, const char *postfix, - int dirfd) + int dirfd, enum key_type key_type) { struct stat st; ssize_t read_bytes = 0; int rc, fd; char *blob, *pl, *rdptr; char prefix[] = "load "; + bool need_prefix = false; + + if (key_type == KEY_ENCRYPTED || key_type == KEY_TRUSTED) + need_prefix = true; fd = openat(dirfd, path, O_RDONLY); if (fd < 0) { @@ -133,7 +137,10 @@ char *ndctl_load_key_blob(const char *path, int *size, const char *postfix, return NULL; } - *size = st.st_size + sizeof(prefix) - 1; + *size = st.st_size; + if (need_prefix) + *size += strlen(prefix); + /* * We need to increment postfix and space. * "keyhandle=" is 10 bytes, plus null termination. @@ -146,8 +153,11 @@ char *ndctl_load_key_blob(const char *path, int *size, const char *postfix, return NULL; } - memcpy(blob, prefix, sizeof(prefix) - 1); - pl = blob + sizeof(prefix) - 1; + if (need_prefix) { + memcpy(blob, prefix, strlen(prefix)); + pl = blob + strlen(prefix); + } else + pl = blob; rdptr = pl; do { @@ -300,7 +310,7 @@ static key_serial_t dimm_load_key(struct ndctl_dimm *dimm, if (rc < 0) return rc; - blob = ndctl_load_key_blob(path, &size, NULL, -1); + blob = ndctl_load_key_blob(path, &size, NULL, -1, KEY_ENCRYPTED); if (!blob) return -ENOMEM; diff --git a/ndctl/util/keys.h b/ndctl/util/keys.h index eab78d2f..9bc995ac 100644 --- a/ndctl/util/keys.h +++ b/ndctl/util/keys.h @@ -12,9 +12,15 @@ enum ndctl_key_type { ND_ZERO_KEY, }; +enum key_type { + KEY_USER = 0, + KEY_TRUSTED, + KEY_ENCRYPTED, +}; + #ifdef ENABLE_KEYUTILS char *ndctl_load_key_blob(const char *path, int *size, const char *postfix, - int dirfd); + int dirfd, enum key_type key_type); int ndctl_dimm_setup_key(struct ndctl_dimm *dimm, const char *kek, enum ndctl_key_type key_type); int ndctl_dimm_update_key(struct ndctl_dimm *dimm, const char *kek, @@ -25,7 +31,7 @@ int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm, int ndctl_dimm_overwrite_key(struct ndctl_dimm *dimm); #else char *ndctl_load_key_blob(const char *path, int *size, const char *postfix, - int dirfd) + int dirfd, enum key_type key_type) { return NULL; }
The syntax for loading user master key is different than loading a trusted key. Fix so we can load user key properly. Signed-off-by: Dave Jiang <dave.jiang@intel.com> --- ndctl/load-keys.c | 13 +++++-------- ndctl/util/keys.c | 20 +++++++++++++++----- ndctl/util/keys.h | 10 ++++++++-- 3 files changed, 28 insertions(+), 15 deletions(-)