12:44 p.m.
Allow linking and unlinking keyrings to/from other keyrings with
l_keyring_link_nested (naming proposed by Mat) and
l_keyring_unlink_nested.
---
ell/ell.sym | 2 ++
ell/key.c | 26 ++++++++++++++++++++++++++
ell/key.h | 5 +++++
3 files changed, 33 insertions(+)
diff --git a/ell/ell.sym b/ell/ell.sym
index c2aafee..abd139f 100644
--- a/ell/ell.sym
+++ b/ell/ell.sym
@@ -310,6 +310,8 @@ global:
l_keyring_free_norevoke;
l_keyring_link;
l_keyring_unlink;
+ l_keyring_link_nested;
+ l_keyring_unlink_nested;
l_key_is_supported;
/* log */
l_log_set_ident;
diff --git a/ell/key.c b/ell/key.c
index 4bba559..7487d6f 100644
--- a/ell/key.c
+++ b/ell/key.c
@@ -640,6 +640,32 @@ LIB_EXPORT bool l_keyring_unlink(struct l_keyring *keyring,
return error == 0;
}
+bool l_keyring_link_nested(struct l_keyring *keyring,
+ const struct l_keyring *nested)
+{
+ long error;
+
+ if (unlikely(!keyring) || unlikely(!nested))
+ return false;
+
+ error = kernel_link_key(nested->serial, keyring->serial);
+
+ return error == 0;
+}
+
+bool l_keyring_unlink_nested(struct l_keyring *keyring,
+ const struct l_keyring *nested)
+{
+ long error;
+
+ if (unlikely(!keyring) || unlikely(!nested))
+ return false;
+
+ error = kernel_unlink_key(nested->serial, keyring->serial);
+
+ return error == 0;
+}
+
LIB_EXPORT bool l_key_is_supported(uint32_t features)
{
long result;
diff --git a/ell/key.h b/ell/key.h
index 263e12a..1529135 100644
--- a/ell/key.h
+++ b/ell/key.h
@@ -108,6 +108,11 @@ bool l_keyring_link(struct l_keyring *keyring, const struct l_key
*key);
bool l_keyring_unlink(struct l_keyring *keyring, const struct l_key *key);
+bool l_keyring_link_nested(struct l_keyring *keyring,
+ const struct l_keyring *nested);
+bool l_keyring_unlink_nested(struct l_keyring *keyring,
+ const struct l_keyring *nested);
+
bool l_key_is_supported(uint32_t features);
#ifdef __cplusplus
--
2.19.1
12:44 p.m.
New subject: [PATCH 2/5] cert: Rewrite l_certchain_verify non-recursively
Rewrite l_certchain_verify iterating over the certificates from root to
leaf using the double-linked list property and without using recursion to
simplify the logic. At the same time make sure that while we link new
certificates to the keyring we also unlink the old ones, those that have
been used to verify previous certificates. This should fix a long
standing issue where we didn't verify that each certificate in the chain
was trusted specifically by the immediately preceding one, only that it
was trusted by any CA whose certificate was already linked to keyring.
---
ell/cert.c | 207 ++++++++++++++++++++++++++++++-----------------------
1 file changed, 117 insertions(+), 90 deletions(-)
diff --git a/ell/cert.c b/ell/cert.c
index c1f4cc5..66433c2 100644
--- a/ell/cert.c
+++ b/ell/cert.c
@@ -306,84 +306,71 @@ LIB_EXPORT bool l_certchain_find(struct l_certchain *chain,
return false;
}
-static void cert_key_cleanup(struct l_key **p)
+static struct l_keyring *cert_set_to_keyring(struct l_queue *certs)
{
- l_key_free_norevoke(*p);
-}
+ struct l_keyring *ring;
+ const struct l_queue_entry *entry;
-static bool certchain_verify_with_keyring(struct l_cert *cert,
- struct l_keyring *ring,
- struct l_queue *roots,
- struct l_keyring *trusted)
-{
- if (!cert)
- return true;
+ ring = l_keyring_new();
+ if (!ring)
+ return NULL;
- if (cert->pubkey_type != L_CERT_KEY_RSA)
- return false;
+ for (entry = l_queue_get_entries(certs); entry; entry = entry->next) {
+ struct l_cert *cert = entry->data;
+ struct l_key *key = l_cert_get_pubkey(cert);
- /*
- * RFC5246 7.4.2:
- * "Because certificate validation requires that root keys be
- * distributed independently, the self-signed certificate that
- * specifies the root certificate authority MAY be omitted from
- * the chain, under the assumption that the remote end must
- * already possess it in order to validate it in any case."
- *
- * This is an optimization to skip adding the root cert if
- * it's already in the trusted keyring. It also happens to
- * work around a kernel issue preventing self-signed certificates
- * missing the AKID extension from being linked.
- *
- * If 'roots' were supplied we assume the keyring is already
- * restricted.
- */
- if (!cert->issuer && roots) {
- const struct l_queue_entry *entry;
-
- for (entry = l_queue_get_entries(roots); entry;
- entry = entry->next) {
- struct l_cert *root = entry->data;
+ if (!key)
+ goto cleanup;
- if (cert->asn1_len == root->asn1_len &&
- !memcmp(cert->asn1, root->asn1,
- root->asn1_len))
- return true;
+ if (!l_keyring_link(ring, key)) {
+ l_key_free(key);
+ goto cleanup;
}
+
+ l_key_free_norevoke(key);
}
- if (certchain_verify_with_keyring(cert->issuer, ring, roots, trusted)) {
- L_AUTO_CLEANUP_VAR(struct l_key *, key, cert_key_cleanup);
+ return ring;
- key = l_key_new(L_KEY_RSA, cert->asn1, cert->asn1_len);
- if (!key)
- return false;
+cleanup:
+ l_keyring_free(ring);
+ return NULL;
+}
- if (!l_keyring_link(ring, key))
- return false;
+static bool cert_is_in_set(struct l_cert *cert, struct l_queue *set)
+{
+ const struct l_queue_entry *entry;
+
+ for (entry = l_queue_get_entries(set); entry; entry = entry->next) {
+ struct l_cert *cert2 = entry->data;
- if (trusted || cert->issuer)
+ if (cert == cert2)
return true;
- /*
- * If execution reaches this point, it's known that:
- * * No trusted root key was supplied, so the chain is only
- * being checked against its own root
- * * The keyring 'ring' is not restricted yet
- * * The chain's root cert was just linked in to the
- * previously empty keyring 'ring'.
- *
- * By restricting 'ring' now, the rest of the certs in
- * the chain will have their signature validated using 'key'
- * as the root.
- */
- return l_keyring_restrict(ring, L_KEYRING_RESTRICT_ASYM_CHAIN,
- trusted);
+ if (cert->asn1_len == cert2->asn1_len &&
+ !memcmp(cert->asn1, cert2->asn1,
+ cert->asn1_len))
+ return true;
}
return false;
}
+static struct l_key *cert_try_link(struct l_cert *cert, struct l_keyring *ring)
+{
+ struct l_key *key;
+
+ key = l_key_new(L_KEY_RSA, cert->asn1, cert->asn1_len);
+ if (!key)
+ return NULL;
+
+ if (l_keyring_link(ring, key))
+ return key;
+
+ l_key_free(key);
+ return NULL;
+}
+
static void cert_keyring_cleanup(struct l_keyring **p)
{
l_keyring_free(*p);
@@ -392,10 +379,11 @@ static void cert_keyring_cleanup(struct l_keyring **p)
LIB_EXPORT bool l_certchain_verify(struct l_certchain *chain,
struct l_queue *ca_certs)
{
- L_AUTO_CLEANUP_VAR(struct l_keyring *, ca_ring,
- cert_keyring_cleanup) = NULL;
+ struct l_keyring *ca_ring = NULL;
L_AUTO_CLEANUP_VAR(struct l_keyring *, verify_ring,
cert_keyring_cleanup) = NULL;
+ struct l_cert *cert;
+ struct l_key *prev_key = NULL;
if (unlikely(!chain || !chain->leaf))
return false;
@@ -404,44 +392,83 @@ LIB_EXPORT bool l_certchain_verify(struct l_certchain *chain,
if (!verify_ring)
return false;
+ cert = chain->ca;
+
/*
- * If CA cert(s) were supplied, restrict verify_ring now so
- * everything else in certchain is validated against the CA(s).
- * Otherwise, verify_ring will be restricted after the root of
- * certchain is added to verify_ring by
- * certchain_verify_with_keyring().
+ * For TLS compatibility the trusted root CA certificate is
+ * optionally present in the chain.
+ *
+ * RFC5246 7.4.2:
+ * "Because certificate validation requires that root keys be
+ * distributed independently, the self-signed certificate that
+ * specifies the root certificate authority MAY be omitted from
+ * the chain, under the assumption that the remote end must
+ * already possess it in order to validate it in any case."
+ *
+ * The following is an optimization to skip verifying the root
+ * cert in the chain if it is identical to one of the trusted CA
+ * certificates. It also happens to work around a kernel issue
+ * preventing self-signed certificates missing the AKID
+ * extension from being linked to a keyring.
*/
- if (ca_certs) {
- const struct l_queue_entry *entry;
+ if (cert_is_in_set(cert, ca_certs)) {
+ cert = cert->issued;
+ if (!cert)
+ return true;
- ca_ring = l_keyring_new();
+ prev_key = cert_try_link(cert, verify_ring);
+ } else if (ca_certs) {
+ ca_ring = cert_set_to_keyring(ca_certs);
if (!ca_ring)
return false;
- for (entry = l_queue_get_entries(ca_certs); entry;
- entry = entry->next) {
- struct l_cert *ca = entry->data;
- struct l_key *ca_key;
+ if (!l_keyring_link_nested(verify_ring, ca_ring)) {
+ l_keyring_free(ca_ring);
+ return false;
+ }
+ } else
+ prev_key = cert_try_link(cert, verify_ring);
+
+ /*
+ * The top, unverified certificate(s) are linked to the keyring and
+ * we can now force verification of any new certificates linked.
+ */
+ if (!l_keyring_restrict(verify_ring, L_KEYRING_RESTRICT_ASYM_CHAIN,
+ NULL)) {
+ l_key_free(prev_key);
+ l_keyring_free(ca_ring);
+ return false;
+ }
- if (ca->pubkey_type != L_CERT_KEY_RSA)
- return false;
+ if (ca_ring) {
+ /*
+ * Verify the first certificate outside of the loop, then
+ * revoke the trusted CAs' keys so that only the newly
+ * verified cert's public key remains in the ring.
+ */
+ prev_key = cert_try_link(cert, verify_ring);
+ l_keyring_free(ca_ring);
+ }
- ca_key = l_cert_get_pubkey(ca);
- if (!ca_key)
- return false;
+ cert = cert->issued;
- if (!l_keyring_link(ca_ring, ca_key)) {
- l_key_free(ca_key);
- return false;
- }
- }
+ /* Verify the rest of the chain */
+ while (prev_key && cert) {
+ struct l_key *new_key = cert_try_link(cert, verify_ring);
- if (!l_keyring_restrict(verify_ring,
- L_KEYRING_RESTRICT_ASYM_CHAIN,
- ca_ring))
- return false;
+ /*
+ * Free and revoke the issuer's public key again leaving only
+ * new_key in verify_ring to ensure the next certificate linked
+ * is signed by the owner of this key.
+ */
+ l_key_free(prev_key);
+ prev_key = new_key;
+ cert = cert->issued;
}
- return certchain_verify_with_keyring(chain->leaf, verify_ring, ca_certs,
- ca_ring);
+ if (!prev_key)
+ return false;
+
+ l_key_free(prev_key);
+ return true;
}
--
2.19.1
11:02 p.m.
New subject: [PATCH 2/5] cert: Rewrite l_certchain_verify non-recursively
On 11/23/2018 03:44 AM, Andrew Zaborowski wrote:
Rewrite l_certchain_verify iterating over the certificates from root
to
leaf using the double-linked list property and without using recursion to
simplify the logic. At the same time make sure that while we link new
certificates to the keyring we also unlink the old ones, those that have
been used to verify previous certificates. This should fix a long
standing issue where we didn't verify that each certificate in the chain
was trusted specifically by the immediately preceding one, only that it
was trusted by any CA whose certificate was already linked to keyring.
---
ell/cert.c | 207 ++++++++++++++++++++++++++++++-----------------------
1 file changed, 117 insertions(+), 90 deletions(-)
Patches 2, 4, 5 applied, thanks.
Regards,
-Denis
12:44 p.m.
New subject: [PATCH 3/5] cert: Add comments about l_certchain_foreach_*
---
ell/cert.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ell/cert.c b/ell/cert.c
index 66433c2..7f0b694 100644
--- a/ell/cert.c
+++ b/ell/cert.c
@@ -253,6 +253,11 @@ LIB_EXPORT struct l_cert *l_certchain_get_leaf(struct l_certchain
*chain)
return chain->leaf;
}
+/*
+ * Call @cb for each certificate in the chain starting from the leaf
+ * certificate. If a call returns @true, stop and return @true to
+ * the user, otherwise return @false.
+ */
LIB_EXPORT bool l_certchain_foreach_from_leaf(struct l_certchain *chain,
l_cert_foreach_cb_t cb,
void *user_data)
@@ -269,6 +274,11 @@ LIB_EXPORT bool l_certchain_foreach_from_leaf(struct l_certchain
*chain,
return false;
}
+/*
+ * Call @cb for each certificate in the chain starting from the root
+ * certificate. If a call returns @true, stop and return @true to
+ * the user, otherwise return @false.
+ */
LIB_EXPORT bool l_certchain_foreach_from_ca(struct l_certchain *chain,
l_cert_foreach_cb_t cb,
void *user_data)
--
2.19.1
11:07 p.m.
New subject: [PATCH 3/5] cert: Add comments about l_certchain_foreach_*
Hi Andrew,
On 11/23/2018 03:44 AM, Andrew Zaborowski wrote:
---
ell/cert.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ell/cert.c b/ell/cert.c
index 66433c2..7f0b694 100644
--- a/ell/cert.c
+++ b/ell/cert.c
@@ -253,6 +253,11 @@ LIB_EXPORT struct l_cert *l_certchain_get_leaf(struct l_certchain
*chain)
return chain->leaf;
}
+/*
+ * Call @cb for each certificate in the chain starting from the leaf
+ * certificate. If a call returns @true, stop and return @true to
+ * the user, otherwise return @false.
+ */
LIB_EXPORT bool l_certchain_foreach_from_leaf(struct l_certchain *chain,
This is weird to me actually. Generally any time we use 'foreach', it
means that the operation is performed on each node. There are no
termination semantics.
And what does the overall return value mean to the user? How is it
useful in the first place?
If you want early termination semantics, I would rewrite this as:
void l_certchain_walk_from_leaf()
and then l_certchain_foreach_cb_t -> l_certchain_walk_cb_t
Alternatively, use void l_certchain_foreach_from_leaf & drop the
l_certchain_foreach_cb_t return value.
l_cert_foreach_cb_t cb,
void *user_data)
@@ -269,6 +274,11 @@ LIB_EXPORT bool l_certchain_foreach_from_leaf(struct l_certchain
*chain,
return false;
}
+/*
+ * Call @cb for each certificate in the chain starting from the root
+ * certificate. If a call returns @true, stop and return @true to
+ * the user, otherwise return @false.
+ */
LIB_EXPORT bool l_certchain_foreach_from_ca(struct l_certchain *chain,
l_cert_foreach_cb_t cb,
void *user_data)
Regards,
-Denis
12:57 a.m.
New subject: [PATCH 3/5] cert: Add comments about l_certchain_foreach_*
On Mon, 26 Nov 2018 at 21:07, Denis Kenzior <denkenz(a)gmail.com> wrote:
On 11/23/2018 03:44 AM, Andrew Zaborowski wrote:
> +/*
> + * Call @cb for each certificate in the chain starting from the leaf
> + * certificate. If a call returns @true, stop and return @true to
> + * the user, otherwise return @false.
> + */
> LIB_EXPORT bool l_certchain_foreach_from_leaf(struct l_certchain *chain,
This is weird to me actually. Generally any time we use 'foreach', it
means that the operation is performed on each node. There are no
termination semantics.
True, the name suggests the full chain is traversed.
And what does the overall return value mean to the user?
That would be the user's decision, I was thinking about using this for
the trust verification (even though I didn't use it in the end) where
the return value means "error" but it's also useful when searching for
an element where the return value will mean "success". Or the value
can be ignored.
How is it
useful in the first place?
If you want early termination semantics, I would rewrite this as:
void l_certchain_walk_from_leaf()
and then l_certchain_foreach_cb_t -> l_certchain_walk_cb_t
Ok, will send a patch. I think it might be useful.
Best regards
12:44 p.m.
New subject: [PATCH 4/5] unit: Test l_keyring_link_nested and more scenarios
---
unit/test-key.c | 42 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 40 insertions(+), 2 deletions(-)
diff --git a/unit/test-key.c b/unit/test-key.c
index f4235b9..53fb394 100644
--- a/unit/test-key.c
+++ b/unit/test-key.c
@@ -438,6 +438,7 @@ static void test_trust_chain(const void *data)
{
struct l_keyring *ring;
struct l_keyring *trust;
+ struct l_keyring *trust2;
struct l_cert *cacert;
struct l_cert *intcert;
struct l_cert *cert;
@@ -462,6 +463,8 @@ static void test_trust_chain(const void *data)
trust = l_keyring_new();
assert(trust);
+ trust2 = l_keyring_new();
+ assert(trust2);
ring = l_keyring_new();
assert(ring);
@@ -480,11 +483,46 @@ static void test_trust_chain(const void *data)
assert(success);
success = l_keyring_link(ring, key);
assert(success);
+ success = l_keyring_link_nested(ring, trust);
+ assert(!success);
+ success = l_keyring_link_nested(ring, trust2);
+ assert(!success);
+ success = l_keyring_link_nested(ring, ring);
+ assert(!success);
+ success = l_keyring_unlink(ring, key);
+ assert(success);
+ success = l_keyring_unlink(ring, intkey);
+ assert(success);
+ l_key_free(cakey);
+ success = l_keyring_unlink(ring, intkey);
+ assert(!success);
+ success = l_keyring_link_nested(trust, trust2);
+ assert(success);
+ success = l_keyring_link(ring, key);
+ assert(!success);
+ success = l_keyring_link(trust2, intkey);
+ assert(success);
+ success = l_keyring_link(ring, key);
+ assert(success);
+ success = l_keyring_unlink(ring, key);
+ assert(success);
+ success = l_keyring_unlink_nested(trust, trust2);
+ assert(success);
+ success = l_keyring_link(ring, key);
+ assert(!success);
+ success = l_keyring_link_nested(trust, trust2);
+ assert(success);
+ l_keyring_free_norevoke(trust2);
+ success = l_keyring_link(ring, key);
+ assert(success);
+ success = l_keyring_unlink(ring, key);
+ assert(success);
+ l_key_free_norevoke(intkey);
+ success = l_keyring_link(ring, key);
+ assert(success);
l_keyring_free(trust);
l_keyring_free(ring);
- l_key_free(cakey);
- l_key_free(intkey);
l_key_free(key);
l_cert_free(cacert);
l_cert_free(intcert);
--
2.19.1
12:44 p.m.
New subject: [PATCH 5/5] unit: More TLS certificate tests
Add a few more certificate chain checks including some using
the stricter l_certchain_verify properties.
---
unit/test-tls.c | 58 +++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 51 insertions(+), 7 deletions(-)
diff --git a/unit/test-tls.c b/unit/test-tls.c
index 8f00736..5103bef 100644
--- a/unit/test-tls.c
+++ b/unit/test-tls.c
@@ -212,14 +212,13 @@ static void test_tls12_prf(const void *data)
static void test_certificates(const void *data)
{
- struct l_cert *cert;
struct l_queue *cacert;
struct l_queue *wrongca;
+ struct l_queue *twocas;
struct l_certchain *chain;
-
- cert = tls_cert_load_file(CERTDIR "cert-server.pem");
- assert(cert);
- chain = certchain_new_from_leaf(cert);
+ struct l_certchain *chain2;
+ struct l_certchain *chain3;
+ struct l_certchain *chain4;
cacert = l_pem_load_certificate_list(CERTDIR "cert-ca.pem");
assert(cacert && !l_queue_isempty(cacert));
@@ -227,15 +226,60 @@ static void test_certificates(const void *data)
wrongca = l_pem_load_certificate_list(CERTDIR "cert-intca.pem");
assert(wrongca && !l_queue_isempty(wrongca));
- assert(!l_certchain_verify(chain, wrongca));
+ twocas = l_pem_load_certificate_list(CERTDIR "cert-chain.pem");
+ assert(twocas);
- assert(l_certchain_verify(chain, cacert));
+ chain = l_pem_load_certificate_chain(CERTDIR "cert-server.pem");
+ assert(chain);
+ assert(!l_certchain_verify(chain, wrongca));
+ assert(l_certchain_verify(chain, cacert));
assert(l_certchain_verify(chain, NULL));
+ assert(l_certchain_verify(chain, twocas));
+
+ chain2 = l_pem_load_certificate_chain(CERTDIR "cert-chain.pem");
+ assert(chain2);
+
+ assert(!l_certchain_verify(chain2, wrongca));
+ assert(l_certchain_verify(chain2, cacert));
+ assert(l_certchain_verify(chain2, NULL));
+ assert(l_certchain_verify(chain2, twocas));
+
+ chain3 = certchain_new_from_leaf(
+ tls_cert_load_file(CERTDIR "cert-server.pem"));
+ certchain_link_issuer(chain3,
+ tls_cert_load_file(CERTDIR "cert-entity-int.pem"));
+ certchain_link_issuer(chain3,
+ tls_cert_load_file(CERTDIR "cert-intca.pem"));
+ certchain_link_issuer(chain3,
+ tls_cert_load_file(CERTDIR "cert-ca.pem"));
+ assert(chain3);
+
+ assert(!l_certchain_verify(chain3, wrongca));
+ assert(!l_certchain_verify(chain3, cacert));
+ assert(!l_certchain_verify(chain3, NULL));
+ assert(!l_certchain_verify(chain3, twocas));
+
+ chain4 = certchain_new_from_leaf(
+ tls_cert_load_file(CERTDIR "cert-entity-int.pem"));
+ certchain_link_issuer(chain4,
+ tls_cert_load_file(CERTDIR "cert-intca.pem"));
+ certchain_link_issuer(chain4,
+ tls_cert_load_file(CERTDIR "cert-ca.pem"));
+ assert(chain4);
+
+ assert(!l_certchain_verify(chain4, wrongca));
+ assert(l_certchain_verify(chain4, cacert));
+ assert(l_certchain_verify(chain4, NULL));
+ assert(l_certchain_verify(chain4, twocas));
l_certchain_free(chain);
+ l_certchain_free(chain2);
+ l_certchain_free(chain3);
+ l_certchain_free(chain4);
l_queue_destroy(cacert, (l_queue_destroy_func_t) l_cert_free);
l_queue_destroy(wrongca, (l_queue_destroy_func_t) l_cert_free);
+ l_queue_destroy(twocas, (l_queue_destroy_func_t) l_cert_free);
}
struct tls_conn_test {
--
2.19.1
9:35 p.m.
Hi Andrew -
On Fri, 23 Nov 2018, Andrew Zaborowski wrote:
Allow linking and unlinking keyrings to/from other keyrings with
l_keyring_link_nested (naming proposed by Mat) and
l_keyring_unlink_nested.
---
ell/ell.sym | 2 ++
ell/key.c | 26 ++++++++++++++++++++++++++
ell/key.h | 5 +++++
3 files changed, 33 insertions(+)
diff --git a/ell/ell.sym b/ell/ell.sym
index c2aafee..abd139f 100644
--- a/ell/ell.sym
+++ b/ell/ell.sym
@@ -310,6 +310,8 @@ global:
l_keyring_free_norevoke;
l_keyring_link;
l_keyring_unlink;
+ l_keyring_link_nested;
+ l_keyring_unlink_nested;
l_key_is_supported;
/* log */
l_log_set_ident;
diff --git a/ell/key.c b/ell/key.c
index 4bba559..7487d6f 100644
--- a/ell/key.c
+++ b/ell/key.c
@@ -640,6 +640,32 @@ LIB_EXPORT bool l_keyring_unlink(struct l_keyring *keyring,
return error == 0;
}
+bool l_keyring_link_nested(struct l_keyring *keyring,
+ const struct l_keyring *nested)
Still need LIB_EXPORT with these new functions.
Regards,
Mat
+{
+ long error;
+
+ if (unlikely(!keyring) || unlikely(!nested))
+ return false;
+
+ error = kernel_link_key(nested->serial, keyring->serial);
+
+ return error == 0;
+}
+
+bool l_keyring_unlink_nested(struct l_keyring *keyring,
+ const struct l_keyring *nested)
+{
+ long error;
+
+ if (unlikely(!keyring) || unlikely(!nested))
+ return false;
+
+ error = kernel_unlink_key(nested->serial, keyring->serial);
+
+ return error == 0;
+}
+
LIB_EXPORT bool l_key_is_supported(uint32_t features)
{
long result;
diff --git a/ell/key.h b/ell/key.h
index 263e12a..1529135 100644
--- a/ell/key.h
+++ b/ell/key.h
@@ -108,6 +108,11 @@ bool l_keyring_link(struct l_keyring *keyring, const struct l_key
*key);
bool l_keyring_unlink(struct l_keyring *keyring, const struct l_key *key);
+bool l_keyring_link_nested(struct l_keyring *keyring,
+ const struct l_keyring *nested);
+bool l_keyring_unlink_nested(struct l_keyring *keyring,
+ const struct l_keyring *nested);
+
bool l_key_is_supported(uint32_t features);
#ifdef __cplusplus
--
2.19.1
_______________________________________________
ell mailing list
ell(a)lists.01.org
https://lists.01.org/mailman/listinfo/ell
--
Mat Martineau
Intel OTC
12:45 a.m.
Hi,
On Mon, 26 Nov 2018 at 19:35, Mat Martineau
<mathew.j.martineau(a)linux.intel.com> wrote:
>
> +bool l_keyring_link_nested(struct l_keyring *keyring,
> + const struct l_keyring *nested)
Still need LIB_EXPORT with these new functions.
Oops, yes, thanks for catching this and thanks Denis for fixing it.
Best regards
10:21 p.m.
On 11/23/2018 03:44 AM, Andrew Zaborowski wrote:
Allow linking and unlinking keyrings to/from other keyrings with
l_keyring_link_nested (naming proposed by Mat) and
l_keyring_unlink_nested.
---
ell/ell.sym | 2 ++
ell/key.c | 26 ++++++++++++++++++++++++++
ell/key.h | 5 +++++
3 files changed, 33 insertions(+)
Applied. I added/amended the missing LIB_EXPORT bits in.
Regards,
-Denis
892
days inactive
895
days old
10 comments
3 participants
participants (3)
-
Andrew Zaborowski -
Denis Kenzior -
Mat Martineau