@@ -25,12 +25,7 @@ static struct parameters {
const char *tpm_handle;
} param;
-enum key_type {
- KEY_USER = 0,
- KEY_TRUSTED,
-};
-
-static const char *key_names[] = {"user", "trusted"};
+static const char *key_names[] = {"user", "trusted", "encrypted"};
static struct loadkeys {
enum key_type key_type;
@@ -44,6 +39,7 @@ static int load_master_key(struct loadkeys *lk_ctx, const char *keypath)
char *blob;
int size, rc;
char path[PATH_MAX];
+ enum key_type;
rc = sprintf(path, "%s/nvdimm-master.blob", keypath);
if (rc < 0)
@@ -65,7 +61,8 @@ static int load_master_key(struct loadkeys *lk_ctx, const char *keypath)
return -errno;
}
- blob = ndctl_load_key_blob(path, &size, param.tpm_handle, -1);
+ blob = ndctl_load_key_blob(path, &size, param.tpm_handle, -1,
+ lk_ctx->key_type);
if (!blob)
return -ENOMEM;
@@ -122,7 +119,7 @@ static int load_dimm_keys(struct loadkeys *lk_ctx)
}
blob = ndctl_load_key_blob(dent->d_name, &size, NULL,
- lk_ctx->dirfd);
+ lk_ctx->dirfd, KEY_ENCRYPTED);
if (!blob) {
free(fname);
continue;
@@ -103,13 +103,17 @@ static int get_key_desc(struct ndctl_dimm *dimm, char *desc,
}
char *ndctl_load_key_blob(const char *path, int *size, const char *postfix,
- int dirfd)
+ int dirfd, enum key_type key_type)
{
struct stat st;
ssize_t read_bytes = 0;
int rc, fd;
char *blob, *pl, *rdptr;
char prefix[] = "load ";
+ bool need_prefix = false;
+
+ if (key_type == KEY_ENCRYPTED || key_type == KEY_TRUSTED)
+ need_prefix = true;
fd = openat(dirfd, path, O_RDONLY);
if (fd < 0) {
@@ -133,7 +137,10 @@ char *ndctl_load_key_blob(const char *path, int *size, const char *postfix,
return NULL;
}
- *size = st.st_size + sizeof(prefix) - 1;
+ *size = st.st_size;
+ if (need_prefix)
+ *size += strlen(prefix);
+
/*
* We need to increment postfix and space.
* "keyhandle=" is 10 bytes, plus null termination.
@@ -146,8 +153,11 @@ char *ndctl_load_key_blob(const char *path, int *size, const char *postfix,
return NULL;
}
- memcpy(blob, prefix, sizeof(prefix) - 1);
- pl = blob + sizeof(prefix) - 1;
+ if (need_prefix) {
+ memcpy(blob, prefix, strlen(prefix));
+ pl = blob + strlen(prefix);
+ } else
+ pl = blob;
rdptr = pl;
do {
@@ -300,7 +310,7 @@ static key_serial_t dimm_load_key(struct ndctl_dimm *dimm,
if (rc < 0)
return rc;
- blob = ndctl_load_key_blob(path, &size, NULL, -1);
+ blob = ndctl_load_key_blob(path, &size, NULL, -1, KEY_ENCRYPTED);
if (!blob)
return -ENOMEM;
@@ -12,9 +12,15 @@ enum ndctl_key_type {
ND_ZERO_KEY,
};
+enum key_type {
+ KEY_USER = 0,
+ KEY_TRUSTED,
+ KEY_ENCRYPTED,
+};
+
#ifdef ENABLE_KEYUTILS
char *ndctl_load_key_blob(const char *path, int *size, const char *postfix,
- int dirfd);
+ int dirfd, enum key_type key_type);
int ndctl_dimm_setup_key(struct ndctl_dimm *dimm, const char *kek,
enum ndctl_key_type key_type);
int ndctl_dimm_update_key(struct ndctl_dimm *dimm, const char *kek,
@@ -25,7 +31,7 @@ int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
int ndctl_dimm_overwrite_key(struct ndctl_dimm *dimm);
#else
char *ndctl_load_key_blob(const char *path, int *size, const char *postfix,
- int dirfd)
+ int dirfd, enum key_type key_type)
{
return NULL;
}
The syntax for loading user master key is different than loading a trusted key. Fix so we can load user key properly. Signed-off-by: Dave Jiang <dave.jiang@intel.com> --- v2: No change ndctl/load-keys.c | 13 +++++-------- ndctl/util/keys.c | 20 +++++++++++++++----- ndctl/util/keys.h | 10 ++++++++-- 3 files changed, 28 insertions(+), 15 deletions(-)