Commit b3426827 authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar

KEYS: make partial key id matching as a dedicated function

To avoid code duplication this patch refactors asymmetric_key_match(),
making partial ID string match a separate function.

This patch also implicitly fixes a bug in the code.  asymmetric_key_match()
allows to match the key by its subtype. But subtype matching could be
undone if asymmetric_key_id(key) would return NULL. This patch first
checks for matching spec and then for its value.
Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 3be4beaf
...@@ -9,6 +9,8 @@ ...@@ -9,6 +9,8 @@
* 2 of the Licence, or (at your option) any later version. * 2 of the Licence, or (at your option) any later version.
*/ */
int asymmetric_keyid_match(const char *kid, const char *id);
static inline const char *asymmetric_key_id(const struct key *key) static inline const char *asymmetric_key_id(const struct key *key)
{ {
return key->type_data.p[1]; return key->type_data.p[1];
......
...@@ -22,6 +22,34 @@ MODULE_LICENSE("GPL"); ...@@ -22,6 +22,34 @@ MODULE_LICENSE("GPL");
static LIST_HEAD(asymmetric_key_parsers); static LIST_HEAD(asymmetric_key_parsers);
static DECLARE_RWSEM(asymmetric_key_parsers_sem); static DECLARE_RWSEM(asymmetric_key_parsers_sem);
/*
* Match asymmetric key id with partial match
* @id: key id to match in a form "id:<id>"
*/
int asymmetric_keyid_match(const char *kid, const char *id)
{
size_t idlen, kidlen;
if (!kid || !id)
return 0;
/* make it possible to use id as in the request: "id:<id>" */
if (strncmp(id, "id:", 3) == 0)
id += 3;
/* Anything after here requires a partial match on the ID string */
idlen = strlen(id);
kidlen = strlen(kid);
if (idlen > kidlen)
return 0;
kid += kidlen - idlen;
if (strcasecmp(id, kid) != 0)
return 0;
return 1;
}
/* /*
* Match asymmetric keys on (part of) their name * Match asymmetric keys on (part of) their name
* We have some shorthand methods for matching keys. We allow: * We have some shorthand methods for matching keys. We allow:
...@@ -34,9 +62,8 @@ static int asymmetric_key_match(const struct key *key, const void *description) ...@@ -34,9 +62,8 @@ static int asymmetric_key_match(const struct key *key, const void *description)
{ {
const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
const char *spec = description; const char *spec = description;
const char *id, *kid; const char *id;
ptrdiff_t speclen; ptrdiff_t speclen;
size_t idlen, kidlen;
if (!subtype || !spec || !*spec) if (!subtype || !spec || !*spec)
return 0; return 0;
...@@ -55,23 +82,8 @@ static int asymmetric_key_match(const struct key *key, const void *description) ...@@ -55,23 +82,8 @@ static int asymmetric_key_match(const struct key *key, const void *description)
speclen = id - spec; speclen = id - spec;
id++; id++;
/* Anything after here requires a partial match on the ID string */ if (speclen == 2 && memcmp(spec, "id", 2) == 0)
kid = asymmetric_key_id(key); return asymmetric_keyid_match(asymmetric_key_id(key), id);
if (!kid)
return 0;
idlen = strlen(id);
kidlen = strlen(kid);
if (idlen > kidlen)
return 0;
kid += kidlen - idlen;
if (strcasecmp(id, kid) != 0)
return 0;
if (speclen == 2 &&
memcmp(spec, "id", 2) == 0)
return 1;
if (speclen == subtype->name_len && if (speclen == subtype->name_len &&
memcmp(spec, subtype->name, speclen) == 0) memcmp(spec, subtype->name, speclen) == 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment