[PATCH 1/2] keys: fixed handling of update method of the encrypted key type

Roberto Sassu Thu, 07 Oct 2010 05:30:28 -0700

This patch adds the UPDATE keyword for encrypted key types:
prevents updating existent keys if UPDATE is missing and creating
new keys when UPDATE is specified.


Signed-off-by: Roberto Sassu <roberto.sa...@polito.it>
---
 security/keys/encrypted_defined.c |   31 +++++++++++++++++++++++--------
 1 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/security/keys/encrypted_defined.c 
b/security/keys/encrypted_defined.c
index 6b26db6..54c0f0f 100644
--- a/security/keys/encrypted_defined.c
+++ b/security/keys/encrypted_defined.c
@@ -64,7 +64,8 @@ static int aes_get_sizes(int *ivsize, int *blksize)
 }
 
 enum {
-       Opt_err = -1, Opt_new = 1, Opt_load, Opt_NEW, Opt_LOAD
+       Opt_err = -1, Opt_new = 1, Opt_load, 
+       Opt_update, Opt_NEW, Opt_LOAD, Opt_UPDATE
 };
 
 static match_table_t key_tokens = {
@@ -72,6 +73,8 @@ static match_table_t key_tokens = {
        {Opt_NEW, "NEW"},
        {Opt_load, "load"},
        {Opt_LOAD, "LOAD"},
+       {Opt_update, "update"},
+       {Opt_UPDATE, "UPDATE"},
        {Opt_err, NULL}
 };
 
@@ -81,6 +84,7 @@ static match_table_t key_tokens = {
  * datablob format:
  * NEW <master-key name> <decrypted data length>
  * LOAD <master-key name> <decrypted data length> <encrypted iv + data>
+ * UPDATE <new-master-key name>
  *
  * Tokenizes a copy of the keyctl data, returning a pointer to each token,
  * which is null terminated.
@@ -104,23 +108,36 @@ static int datablob_parse(char *datablob, char 
**master_desc,
        *master_desc = strsep(&datablob, " \t");
        if (!*master_desc)
                goto out;
-       *decrypted_datalen = strsep(&datablob, " \t");
-       if (!*decrypted_datalen)
-               goto out;
+
+       if (decrypted_datalen) {
+               *decrypted_datalen = strsep(&datablob, " \t");
+               if (!*decrypted_datalen)
+                       goto out;
+       }
 
        switch (key_cmd) {
        case Opt_new:
        case Opt_NEW:
+               if (!decrypted_datalen)
+                       break;
                ret = 0;
                break;
        case Opt_load:
        case Opt_LOAD:
+               if (!decrypted_datalen)
+                       break;
                *hex_encoded_iv = strsep(&datablob, " \t");
                if (!*hex_encoded_iv)
                        break;
                *hex_encoded_data = *hex_encoded_iv + (2 * ivsize) + 2;
                ret = 0;
                break;
+       case Opt_update:
+       case Opt_UPDATE:
+               if (decrypted_datalen)
+                       break;
+               ret = 0;
+               break;
        case Opt_err:
                break;
        }
@@ -647,11 +664,9 @@ static int encrypted_update(struct key *key, const void 
*data, size_t datalen)
                return -ENOMEM;
 
        memcpy(buf, data, datalen);
-       new_master_desc = strsep(&buf, " \t");
-       if (!*new_master_desc) {
-               ret = -EINVAL;
+       ret = datablob_parse(buf, &new_master_desc, NULL, NULL, NULL);
+       if (ret < 0)
                goto out;
-       }
 
        new_epayload = encrypted_key_alloc(key, new_master_desc,
                                           epayload->datalen);
-- 
1.7.2.3

smime.p7s
Description: S/MIME cryptographic signature

[PATCH 1/2] keys: fixed handling of update method of the encrypted key type

Reply via email to