KEYS: Restore partial ID matching functionality for asymmetric keys

 * 2 of the Licence, or (at your option) any later version.

 */

extern bool asymmetric_match_key_ids(const struct asymmetric_key_ids *kids,

				     const struct asymmetric_key_id *match_id);

extern struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id);

static inline

}

EXPORT_SYMBOL_GPL(asymmetric_key_id_same);

/**

 * asymmetric_key_id_partial - Return true if two asymmetric keys IDs

 * partially match

 * @kid_1, @kid_2: The key IDs to compare

 */

bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,

			       const struct asymmetric_key_id *kid2)

{

	if (!kid1 || !kid2)

		return false;

	if (kid1->len < kid2->len)

		return false;

	return memcmp(kid1->data + (kid1->len - kid2->len),

		      kid2->data, kid2->len) == 0;

}

EXPORT_SYMBOL_GPL(asymmetric_key_id_partial);

/**

 * asymmetric_match_key_ids - Search asymmetric key IDs

 * @kids: The list of key IDs to check

 * @match_id: The key ID we're looking for

 * @match: The match function to use

 */

bool asymmetric_match_key_ids(const struct asymmetric_key_ids *kids,

			      const struct asymmetric_key_id *match_id)

static bool asymmetric_match_key_ids(

	const struct asymmetric_key_ids *kids,

	const struct asymmetric_key_id *match_id,

	bool (*match)(const struct asymmetric_key_id *kid1,

		      const struct asymmetric_key_id *kid2))

{

	int i;

	if (!kids || !match_id)

		return false;

	if (asymmetric_key_id_same(kids->id[0], match_id))

		return true;

	if (asymmetric_key_id_same(kids->id[1], match_id))

	for (i = 0; i < ARRAY_SIZE(kids->id); i++)

		if (match(kids->id[i], match_id))

			return true;

	return false;

}

EXPORT_SYMBOL_GPL(asymmetric_match_key_ids);

/**

 * asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.

}

/*

 * Match asymmetric keys by ID.

 * Match asymmetric keys by an exact match on an ID.

 */

static bool asymmetric_key_cmp(const struct key *key,

			       const struct key_match_data *match_data)

	const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);

	const struct asymmetric_key_id *match_id = match_data->preparsed;

	return asymmetric_match_key_ids(kids, match_id);

	return asymmetric_match_key_ids(kids, match_id,

					asymmetric_key_id_same);

}

/*

 * Match asymmetric keys by a partial match on an IDs.

 */

static bool asymmetric_key_cmp_partial(const struct key *key,

				       const struct key_match_data *match_data)

{

	const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);

	const struct asymmetric_key_id *match_id = match_data->preparsed;

	return asymmetric_match_key_ids(kids, match_id,

					asymmetric_key_id_partial);

}

/*

 * There are some specifiers for matching key IDs rather than by the key

 * description:

 *

 *	"id:<id>" - request a key by any available ID

 *	"id:<id>" - find a key by partial match on any available ID

 *	"ex:<id>" - find a key by exact match on any available ID

 *

 * These have to be searched by iteration rather than by direct lookup because

 * the key is hashed according to its description.

	struct asymmetric_key_id *match_id;

	const char *spec = match_data->raw_data;

	const char *id;

	bool (*cmp)(const struct key *, const struct key_match_data *) =

		asymmetric_key_cmp;

	if (!spec || !*spec)

		return -EINVAL;

	    spec[1] == 'd' &&

	    spec[2] == ':') {

		id = spec + 3;

		cmp = asymmetric_key_cmp_partial;

	} else if (spec[0] == 'e' &&

		   spec[1] == 'x' &&

		   spec[2] == ':') {

		id = spec + 3;

	} else {

		goto default_match;

	}

		return PTR_ERR(match_id);

	match_data->preparsed = match_id;

	match_data->cmp = asymmetric_key_cmp;

	match_data->cmp = cmp;

	match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;

	return 0;

{

	struct asymmetric_key_subtype *subtype = prep->type_data[0];

	struct asymmetric_key_ids *kids = prep->type_data[1];

	int i;

	pr_devel("==>%s()\n", __func__);

		module_put(subtype->owner);

	}

	if (kids) {

		kfree(kids->id[0]);

		kfree(kids->id[1]);

		for (i = 0; i < ARRAY_SIZE(kids->id); i++)

			kfree(kids->id[i]);

		kfree(kids);

	}

	kfree(prep->description);

		/* Look to see if this certificate is present in the trusted

		 * keys.

		 */

		key = x509_request_asymmetric_key(trust_keyring, x509->id);

		key = x509_request_asymmetric_key(trust_keyring, x509->id,

						  false);

		if (!IS_ERR(key)) {

			/* One of the X.509 certificates in the PKCS#7 message

			 * is apparently the same as one we already trust.

	 * trusted keys.

	 */

	if (last && last->authority) {

		key = x509_request_asymmetric_key(trust_keyring, last->authority);

		key = x509_request_asymmetric_key(trust_keyring, last->authority,

						  false);

		if (!IS_ERR(key)) {

			x509 = last;

			pr_devel("sinfo %u: Root cert %u signer is key %x\n",

	 * the signed info directly.

	 */

	key = x509_request_asymmetric_key(trust_keyring,

					  sinfo->signing_cert_id);

					  sinfo->signing_cert_id,

					  false);

	if (!IS_ERR(key)) {

		pr_devel("sinfo %u: Direct signer is key %x\n",

			 sinfo->index, key_serial(key));

 * x509_request_asymmetric_key - Request a key by X.509 certificate params.

 * @keyring: The keys to search.

 * @kid: The key ID.

 * @partial: Use partial match if true, exact if false.

 *

 * Find a key in the given keyring by subject name and key ID.  These might,

 * for instance, be the issuer name and the authority key ID of an X.509

 * certificate that needs to be verified.

 */

struct key *x509_request_asymmetric_key(struct key *keyring,

					const struct asymmetric_key_id *kid)

					const struct asymmetric_key_id *kid,

					bool partial)

{

	key_ref_t key;

	char *id, *p;

	if (!id)

		return ERR_PTR(-ENOMEM);

	if (partial) {

		*p++ = 'i';

		*p++ = 'd';

	} else {

		*p++ = 'e';

		*p++ = 'x';

	}

	*p++ = ':';

	p = bin2hex(p, kid->data, kid->len);

	*p = 0;

	if (!trust_keyring)

		return -EOPNOTSUPP;

	if (ca_keyid && !asymmetric_key_id_same(cert->authority, ca_keyid))

	if (ca_keyid && !asymmetric_key_id_partial(cert->authority, ca_keyid))

		return -EPERM;

	key = x509_request_asymmetric_key(trust_keyring, cert->authority);

	key = x509_request_asymmetric_key(trust_keyring, cert->authority,

					  false);

	if (!IS_ERR(key))  {

		if (!use_builtin_keys

		    || test_bit(KEY_FLAG_BUILTIN, &key->flags))

struct asymmetric_key_id;

extern struct key *x509_request_asymmetric_key(struct key *keyring,

					       const struct asymmetric_key_id *kid);

					       const struct asymmetric_key_id *kid,

					       bool partial);

#endif /* _LINUX_PUBLIC_KEY_H */