From 6a2d023b7be4e7be12d8147fa23776e65311a47f Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 4 Mar 2019 14:50:09 +0100
Subject: [PATCH] Make keyring utilities ready for additional kernel key types.

---
 lib/setup.c         | 11 ++++----
 lib/utils_keyring.c | 65 ++++++++++++++++++++++++++++-----------------
 lib/utils_keyring.h | 17 ++++++------
 3 files changed, 54 insertions(+), 39 deletions(-)

diff --git a/lib/setup.c b/lib/setup.c
index 5e3121c9..44c7a7ef 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -5375,8 +5375,9 @@ int crypt_volume_key_keyring(struct crypt_device *cd, int enable)
 int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk)
 {
 	int r;
+	const char *type_name = key_type_name(LOGON_KEY);
 
-	if (!vk || !cd)
+	if (!vk || !cd || !type_name)
 		return -EINVAL;
 
 	if (!vk->key_description) {
@@ -5384,11 +5385,11 @@ int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key
 		return -EINVAL;
 	}
 
-	log_dbg(cd, "Loading key (%zu bytes, type %s) in thread keyring.", vk->keylength, "logon");
+	log_dbg(cd, "Loading key (%zu bytes, type %s) in thread keyring.", vk->keylength, type_name);
 
-	r = keyring_add_logon_key_in_thread_keyring(vk->key_description, vk->key, vk->keylength);
+	r = keyring_add_key_in_thread_keyring(LOGON_KEY, vk->key_description, vk->key, vk->keylength);
 	if (r) {
-		log_dbg(cd, "keyring_add_logon_key_in_thread_keyring failed (error %d)", r);
+		log_dbg(cd, "keyring_add_key_in_thread_keyring failed (error %d)", r);
 		log_err(cd, _("Failed to load key in kernel keyring."));
 	} else
 		crypt_set_key_in_keyring(cd, 1);
@@ -5421,7 +5422,7 @@ void crypt_drop_keyring_key(struct crypt_device *cd, const char *key_description
 
 	log_dbg(cd, "Requesting keyring logon key for revoke and unlink.");
 
-	r = keyring_revoke_and_unlink_logon_key(key_description);
+	r = keyring_revoke_and_unlink_key(LOGON_KEY, key_description);
 	if (r)
 		log_dbg(cd, "keyring_revoke_and_unlink_logon_key failed (error %d)", r);
 	crypt_set_key_in_keyring(cd, 0);
diff --git a/lib/utils_keyring.c b/lib/utils_keyring.c
index ad487a7d..2ad6ba4b 100644
--- a/lib/utils_keyring.c
+++ b/lib/utils_keyring.c
@@ -34,8 +34,20 @@ typedef int32_t key_serial_t;
 #include "utils_crypt.h"
 #include "utils_keyring.h"
 
+#ifndef ARRAY_SIZE
+# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
+#endif
+
 #ifdef KERNEL_KEYRING
 
+static const struct {
+	key_type_t type;
+	const char *type_name;
+} key_types[] = {
+	{ LOGON_KEY,	"logon" },
+	{ USER_KEY,	"user"	},
+};
+
 #include <linux/keyctl.h>
 
 /* request_key */
@@ -86,27 +98,16 @@ int keyring_check(void)
 #endif
 }
 
-int keyring_add_logon_key_in_thread_keyring(const char *key_desc, const void *key, size_t key_size)
+int keyring_add_key_in_thread_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size)
 {
 #ifdef KERNEL_KEYRING
 	key_serial_t kid;
+	const char *type_name = key_type_name(ktype);
 
-	kid = add_key("logon", key_desc, key, key_size, KEY_SPEC_THREAD_KEYRING);
-	if (kid < 0)
-		return -errno;
+	if (!type_name || !key_desc)
+		return -EINVAL;
 
-	return 0;
-#else
-	return -ENOTSUP;
-#endif
-}
-
-int keyring_add_user_key_in_thread_keyring(const char *key_desc, const void *key, size_t key_size)
-{
-#ifdef KERNEL_KEYRING
-	key_serial_t kid;
-
-	kid = add_key("user", key_desc, key, key_size, KEY_SPEC_THREAD_KEYRING);
+	kid = add_key(type_name, key_desc, key, key_size, KEY_SPEC_THREAD_KEYRING);
 	if (kid < 0)
 		return -errno;
 
@@ -117,12 +118,16 @@ int keyring_add_user_key_in_thread_keyring(const char *key_desc, const void *key
 }
 
 /* currently used in client utilities only */
-int keyring_add_key_in_user_keyring(const char *type, const char *key_desc, const void *key, size_t key_size)
+int keyring_add_key_in_user_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size)
 {
 #ifdef KERNEL_KEYRING
+	const char *type_name = key_type_name(ktype);
 	key_serial_t kid;
 
-	kid = add_key(type, key_desc, key, key_size, KEY_SPEC_USER_KEYRING);
+	if (!type_name || !key_desc)
+		return -EINVAL;
+
+	kid = add_key(type_name, key_desc, key, key_size, KEY_SPEC_USER_KEYRING);
 	if (kid < 0)
 		return -errno;
 
@@ -152,7 +157,7 @@ int keyring_get_passphrase(const char *key_desc,
 	size_t len = 0;
 
 	do
-		kid = request_key("user", key_desc, NULL, 0);
+		kid = request_key(key_type_name(USER_KEY), key_desc, NULL, 0);
 	while (kid < 0 && errno == EINTR);
 
 	if (kid < 0)
@@ -187,13 +192,16 @@ int keyring_get_passphrase(const char *key_desc,
 #endif
 }
 
-static int keyring_revoke_and_unlink_key_type(const char *type, const char *key_desc)
+static int keyring_revoke_and_unlink_key_type(const char *type_name, const char *key_desc)
 {
 #ifdef KERNEL_KEYRING
 	key_serial_t kid;
 
+	if (!type_name || !key_desc)
+		return -EINVAL;
+
 	do
-		kid = request_key(type, key_desc, NULL, 0);
+		kid = request_key(type_name, key_desc, NULL, 0);
 	while (kid < 0 && errno == EINTR);
 
 	if (kid < 0)
@@ -217,12 +225,19 @@ static int keyring_revoke_and_unlink_key_type(const char *type, const char *key_
 #endif
 }
 
-int keyring_revoke_and_unlink_logon_key(const char *key_desc)
+const char *key_type_name(key_type_t type)
 {
-	return keyring_revoke_and_unlink_key_type("logon", key_desc);
+#ifdef KERNEL_KEYRING
+	unsigned int i;
+
+	for (i = 0; i < ARRAY_SIZE(key_types); i++)
+		if (type == key_types[i].type)
+			return key_types[i].type_name;
+#endif
+	return NULL;
 }
 
-int keyring_revoke_and_unlink_user_key(const char *key_desc)
+int keyring_revoke_and_unlink_key(key_type_t ktype, const char *key_desc)
 {
-	return keyring_revoke_and_unlink_key_type("user", key_desc);
+	return keyring_revoke_and_unlink_key_type(key_type_name(ktype), key_desc);
 }
diff --git a/lib/utils_keyring.h b/lib/utils_keyring.h
index 60c9c023..66987405 100644
--- a/lib/utils_keyring.h
+++ b/lib/utils_keyring.h
@@ -24,6 +24,10 @@
 
 #include <stddef.h>
 
+typedef enum { LOGON_KEY = 0, USER_KEY } key_type_t;
+
+const char *key_type_name(key_type_t ktype);
+
 int keyring_check(void);
 
 int keyring_get_key(const char *key_desc,
@@ -34,23 +38,18 @@ int keyring_get_passphrase(const char *key_desc,
 		      char **passphrase,
 		      size_t *passphrase_len);
 
-int keyring_add_logon_key_in_thread_keyring(
-	const char *key_desc,
-	const void *key,
-	size_t key_size);
-
-int keyring_add_user_key_in_thread_keyring(
+int keyring_add_key_in_thread_keyring(
+	key_type_t ktype,
 	const char *key_desc,
 	const void *key,
 	size_t key_size);
 
 int keyring_add_key_in_user_keyring(
-	const char *type,
+	key_type_t ktype,
 	const char *key_desc,
 	const void *key,
 	size_t key_size);
 
-int keyring_revoke_and_unlink_logon_key(const char *key_desc);
-int keyring_revoke_and_unlink_user_key(const char *key_desc);
+int keyring_revoke_and_unlink_key(key_type_t ktype, const char *key_desc);
 
 #endif