Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b3426827 authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar
Browse files

KEYS: make partial key id matching as a dedicated function 



To avoid code duplication this patch refactors asymmetric_key_match(),
making partial ID string match a separate function.

This patch also implicitly fixes a bug in the code.  asymmetric_key_match()
allows to match the key by its subtype. But subtype matching could be
undone if asymmetric_key_id(key) would return NULL. This patch first
checks for matching spec and then for its value.

Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 3be4beaf

crypto/asymmetric_keys/asymmetric_keys.h

+2 −0
Original line number Diff line number Diff line
@@ -9,6 +9,8 @@ 
 * 2 of the Licence, or (at your option) any later version.

 */



int asymmetric_keyid_match(const char *kid, const char *id);



static inline const char *asymmetric_key_id(const struct key *key)

{

	return key->type_data.p[1];

crypto/asymmetric_keys/asymmetric_type.c

+31 −19
Original line number Diff line number Diff line
@@ -22,6 +22,34 @@ MODULE_LICENSE("GPL"); 
static LIST_HEAD(asymmetric_key_parsers);

static DECLARE_RWSEM(asymmetric_key_parsers_sem);



/*

 * Match asymmetric key id with partial match

 * @id:		key id to match in a form "id:<id>"

 */

int asymmetric_keyid_match(const char *kid, const char *id)

{

	size_t idlen, kidlen;



	if (!kid || !id)

		return 0;



	/* make it possible to use id as in the request: "id:<id>" */

	if (strncmp(id, "id:", 3) == 0)

		id += 3;



	/* Anything after here requires a partial match on the ID string */

	idlen = strlen(id);

	kidlen = strlen(kid);

	if (idlen > kidlen)

		return 0;



	kid += kidlen - idlen;

	if (strcasecmp(id, kid) != 0)

		return 0;



	return 1;

}



/*

 * Match asymmetric keys on (part of) their name

 * We have some shorthand methods for matching keys.  We allow:
@@ -34,9 +62,8 @@ static int asymmetric_key_match(const struct key *key, const void *description) 
{

	const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);

	const char *spec = description;

	const char *id, *kid;

	const char *id;

	ptrdiff_t speclen;

	size_t idlen, kidlen;



	if (!subtype || !spec || !*spec)

		return 0;
@@ -55,23 +82,8 @@ static int asymmetric_key_match(const struct key *key, const void *description) 
	speclen = id - spec;

	id++;



	/* Anything after here requires a partial match on the ID string */

	kid = asymmetric_key_id(key);

	if (!kid)

		return 0;



	idlen = strlen(id);

	kidlen = strlen(kid);

	if (idlen > kidlen)

		return 0;



	kid += kidlen - idlen;

	if (strcasecmp(id, kid) != 0)

		return 0;



	if (speclen == 2 &&

	    memcmp(spec, "id", 2) == 0)

		return 1;

	if (speclen == 2 && memcmp(spec, "id", 2) == 0)

		return asymmetric_keyid_match(asymmetric_key_id(key), id);



	if (speclen == subtype->name_len &&

	    memcmp(spec, subtype->name, speclen) == 0)