Nice! This patch applies cleanly to the trusted/encrypted patch set
posted today.
thanks,
Acked-by: Mimi Zohar <zohar@xxxxxxxxxx>
On Thu, 2010-10-07 at 14:29 +0200, Roberto Sassu wrote:
> This patch adds the UPDATE keyword for encrypted key types:
> prevents updating existent keys if UPDATE is missing and creating
> new keys when UPDATE is specified.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx>
> ---
> security/keys/encrypted_defined.c | 31 +++++++++++++++++++++++--------
> 1 files changed, 23 insertions(+), 8 deletions(-)
>
> diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c
> index 6b26db6..54c0f0f 100644
> --- a/security/keys/encrypted_defined.c
> +++ b/security/keys/encrypted_defined.c
> @@ -64,7 +64,8 @@ static int aes_get_sizes(int *ivsize, int *blksize)
> }
>
> enum {
> - Opt_err = -1, Opt_new = 1, Opt_load, Opt_NEW, Opt_LOAD
> + Opt_err = -1, Opt_new = 1, Opt_load,
> + Opt_update, Opt_NEW, Opt_LOAD, Opt_UPDATE
> };
>
> static match_table_t key_tokens = {
> @@ -72,6 +73,8 @@ static match_table_t key_tokens = {
> {Opt_NEW, "NEW"},
> {Opt_load, "load"},
> {Opt_LOAD, "LOAD"},
> + {Opt_update, "update"},
> + {Opt_UPDATE, "UPDATE"},
> {Opt_err, NULL}
> };
>
> @@ -81,6 +84,7 @@ static match_table_t key_tokens = {
> * datablob format:
> * NEW <master-key name> <decrypted data length>
> * LOAD <master-key name> <decrypted data length> <encrypted iv + data>
> + * UPDATE <new-master-key name>
> *
> * Tokenizes a copy of the keyctl data, returning a pointer to each token,
> * which is null terminated.
> @@ -104,23 +108,36 @@ static int datablob_parse(char *datablob, char **master_desc,
> *master_desc = strsep(&datablob, " \t");
> if (!*master_desc)
> goto out;
> - *decrypted_datalen = strsep(&datablob, " \t");
> - if (!*decrypted_datalen)
> - goto out;
> +
> + if (decrypted_datalen) {
> + *decrypted_datalen = strsep(&datablob, " \t");
> + if (!*decrypted_datalen)
> + goto out;
> + }
>
> switch (key_cmd) {
> case Opt_new:
> case Opt_NEW:
> + if (!decrypted_datalen)
> + break;
> ret = 0;
> break;
> case Opt_load:
> case Opt_LOAD:
> + if (!decrypted_datalen)
> + break;
> *hex_encoded_iv = strsep(&datablob, " \t");
> if (!*hex_encoded_iv)
> break;
> *hex_encoded_data = *hex_encoded_iv + (2 * ivsize) + 2;
> ret = 0;
> break;
> + case Opt_update:
> + case Opt_UPDATE:
> + if (decrypted_datalen)
> + break;
> + ret = 0;
> + break;
> case Opt_err:
> break;
> }
> @@ -647,11 +664,9 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen)
> return -ENOMEM;
>
> memcpy(buf, data, datalen);
> - new_master_desc = strsep(&buf, " \t");
> - if (!*new_master_desc) {
> - ret = -EINVAL;
> + ret = datablob_parse(buf, &new_master_desc, NULL, NULL, NULL);
> + if (ret < 0)
> goto out;
> - }
>
> new_epayload = encrypted_key_alloc(key, new_master_desc,
> epayload->datalen);
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
