diff options
author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-06-17 10:56:57 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-07-17 15:35:16 +0200 |
commit | b3426827c848d252ed4ca5f4d3085551be083e12 (patch) | |
tree | 4e8c66fb9c77bd4faaa2cb639455dd693532051a /crypto/asymmetric_keys | |
parent | KEYS: verify a certificate is signed by a 'trusted' key (diff) | |
download | linux-b3426827c848d252ed4ca5f4d3085551be083e12.tar.xz linux-b3426827c848d252ed4ca5f4d3085551be083e12.zip |
KEYS: make partial key id matching as a dedicated function
To avoid code duplication this patch refactors asymmetric_key_match(),
making partial ID string match a separate function.
This patch also implicitly fixes a bug in the code. asymmetric_key_match()
allows to match the key by its subtype. But subtype matching could be
undone if asymmetric_key_id(key) would return NULL. This patch first
checks for matching spec and then for its value.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'crypto/asymmetric_keys')
-rw-r--r-- | crypto/asymmetric_keys/asymmetric_keys.h | 2 | ||||
-rw-r--r-- | crypto/asymmetric_keys/asymmetric_type.c | 50 |
2 files changed, 33 insertions, 19 deletions
diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h index 515b63430812..a63c551c6557 100644 --- a/crypto/asymmetric_keys/asymmetric_keys.h +++ b/crypto/asymmetric_keys/asymmetric_keys.h @@ -9,6 +9,8 @@ * 2 of the Licence, or (at your option) any later version. */ +int asymmetric_keyid_match(const char *kid, const char *id); + static inline const char *asymmetric_key_id(const struct key *key) { return key->type_data.p[1]; diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index b77eb5304788..1fd1d304a15a 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -23,6 +23,34 @@ static LIST_HEAD(asymmetric_key_parsers); static DECLARE_RWSEM(asymmetric_key_parsers_sem); /* + * Match asymmetric key id with partial match + * @id: key id to match in a form "id:<id>" + */ +int asymmetric_keyid_match(const char *kid, const char *id) +{ + size_t idlen, kidlen; + + if (!kid || !id) + return 0; + + /* make it possible to use id as in the request: "id:<id>" */ + if (strncmp(id, "id:", 3) == 0) + id += 3; + + /* Anything after here requires a partial match on the ID string */ + idlen = strlen(id); + kidlen = strlen(kid); + if (idlen > kidlen) + return 0; + + kid += kidlen - idlen; + if (strcasecmp(id, kid) != 0) + return 0; + + return 1; +} + +/* * Match asymmetric keys on (part of) their name * We have some shorthand methods for matching keys. We allow: * @@ -34,9 +62,8 @@ static int asymmetric_key_match(const struct key *key, const void *description) { const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); const char *spec = description; - const char *id, *kid; + const char *id; ptrdiff_t speclen; - size_t idlen, kidlen; if (!subtype || !spec || !*spec) return 0; @@ -55,23 +82,8 @@ static int asymmetric_key_match(const struct key *key, const void *description) speclen = id - spec; id++; - /* Anything after here requires a partial match on the ID string */ - kid = asymmetric_key_id(key); - if (!kid) - return 0; - - idlen = strlen(id); - kidlen = strlen(kid); - if (idlen > kidlen) - return 0; - - kid += kidlen - idlen; - if (strcasecmp(id, kid) != 0) - return 0; - - if (speclen == 2 && - memcmp(spec, "id", 2) == 0) - return 1; + if (speclen == 2 && memcmp(spec, "id", 2) == 0) + return asymmetric_keyid_match(asymmetric_key_id(key), id); if (speclen == subtype->name_len && memcmp(spec, subtype->name, speclen) == 0) |