| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Add the ability to supply filters to watches set with "keyctl watch" and
"keyctl watch_session".
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add keyctl commands and library functions to handle the setting and removal
of watches on keys for notifications of change events. Five keyctl
commands are defined:
(1) keyctl watch <key>
Watch the specified key for changes, logging notifications to stdout.
(2) keyctl watch_session [-n <name>] <notifylog> <gclog> <fd> prog [<arg>...]
Create a new session keyring and attach a watch to it that an
auxiliary logging process monitors. The nominated program is run with
the session program with the arguments given.
The session keyring can be given a name. The logging process will log
synchronous events to file notifylog and asynchronous events to file
gclog.
The specified file descriptor will be attached to the watch_queue and
left open across the exec. This can be made use of by the next few
commands.
(3) keyctl watch_add <fd> <key>
(4) keyctl watch_rm <fd> <key>
Add/remove a watch on the specified key to/from the given watch_queue
derived from watch_session.
(5) keyctl watch_sync <fd>
Wait for the logging process that's watching the given watch_queue to
synchronise.
Commands (2) to (5) are primarily provided for the testsuite's purposes.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
This reverts commit 1aafbdcf1d60c5c9eb34fe404f9a9195c8ea415e which was from
the wrong branch and expects /dev/watch_queue to be available.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
This reverts commit 5ac409b01cc4fcb69d903408da90df2d34d4f32a which was from
the wrong branch and expects /dev/watch_queue to be available.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Add the ability to supply filters to watches set with "keyctl watch" and
"keyctl watch_session".
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add keyctl commands and library functions to handle the setting and removal
of watches on keys for notifications of change events. Five keyctl
commands are defined:
(1) keyctl watch <key>
Watch the specified key for changes, logging notifications to stdout.
(2) keyctl watch_session [-n <name>] <notifylog> <gclog> <fd> prog [<arg>...]
Create a new session keyring and attach a watch to it that an
auxiliary logging process monitors. The nominated program is run with
the session program with the arguments given.
The session keyring can be given a name. The logging process will log
synchronous events to file notifylog and asynchronous events to file
gclog.
The specified file descriptor will be attached to the watch_queue and
left open across the exec. This can be made use of by the next few
commands.
(3) keyctl watch_add <fd> <key>
(4) keyctl watch_rm <fd> <key>
Add/remove a watch on the specified key to/from the given watch_queue
derived from watch_session.
(5) keyctl watch_sync <fd>
Wait for the logging process that's watching the given watch_queue to
synchronise.
Commands (2) to (5) are primarily provided for the testsuite's purposes.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The key being added or updated likely contains secrets so it would be best
not to leave it in memory or in a core dump when no longer needed.
Glibc 2.25+ provides the explicit_bzero() function that can be used for
this purpose, let's utilize it if it is present.
Tested by redefining exit(n) to abort() and inspecting the resulting core
file for key data.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
Both spelling seems to be accepted, but the majority of uses agreed on
the "unparsable" variant.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow add, padd, update, pupdate, instantiate, pinstantiate and
dh_compute_kdf_oi to take hex-encoded data which is then converted into
binary before being passed to the kernel, e.g.:
$ keyctl add -x user foo 686578 @s
$ echo 686578 | keyctl padd -x user foo @s
This makes it easier to stash data in scripts.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Allow "keyctl new_session" to name the session keyring it creates and
attaches to the parent:
$ keyctl new_session fred
52095209
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a keyctl command to look up a symbolic key ID (such as "@s") or a named
reference (such as "%user:foo") and return the numeric ID for the key or
keyring, eg:
$ keyctl id @s
259509209
The command will also just convert numeric IDs to themselves.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Put the keyctl get_persistent command in the right place in the alphabetic
command order.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Allow "keyctl supports" to be given a "--raw" flag to request a hexdump of
the data retrieved.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Add missing ns_keyring_name and ns_key_tag capability tags to "keyctl
supports".
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Test all possible type, description and payload lengths to add_key() to
make sure that the kernel doesn't crash when handling them.
The bulk of this test is implemented in C in the keyctl command so that it
completes in a reasonable amount of time (testing over a million different
sizes of payload from shell script is just too slow).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Provide the ability to query the capabilities of the keyrings subsystem.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
| |
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
keyctl's help message suggests that including a key=value style list
of arguments is optional for the pkey_* operations, and for pkey_query
and pkey_verify it indeed seems to be optional, but the other three
operations require that at least one key=value pair be passed in.
This patch changes the logic to make key=value lists optional for
all pkey_* operations.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
keyctl's pkey_* operations each have an argument that allows specifying
a key password, but since that feature isn't currently supported, it
is supposed to always be passed in as "0":
if (strcmp(argv[2], "0") != 0) {
fprintf(stderr, "Password passing is not yet supported\n");
exit(2);
}
However, act_keyctl_pkey_query() has an off-by-one that makes it
start parsing key=value style option pairs at the password argument,
which causes the following error if the password argument is not in
key=value format:
$ keyctl pkey_query 541826697 0
Option not in key=val form
$
And this error if the password argument is in key=value format:
$ keyctl pkey_query 541826697 a=b
Password passing is not yet supported
$
This patch fixes act_keyctl_pkey_query() to start parsing key=value
pairs from the right place in its argument list, which gets it a
little further.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dump_key_tree_aux() (part of 'keyctl show') was racy: it allocated a
buffer for the keyring contents, then read the keyring. But it's
possible that keys are added to the keyring concurrently. This is
problematic for two reasons. First, when keyctl_read() is passed a
buffer that is too small, it is unspecified whether it is filled or not.
Second, even if the buffer is filled, some keys (not necessarily even
the newest ones) would be omitted from the listing.
Switch to keyctl_read_alloc() which handles the "buffer too small" case
correctly by retrying the read.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add encryption, decryption, signature creation and signature verification
public key operations. Example usage:
j=`openssl pkcs8 -in ~/pkcs7/firmwarekey2.priv -topk8 -nocrypt -outform DER | \
keyctl padd asymmetric foo @s`
echo -n abcdefghijklmnopqrst >/tmp/data
keyctl pkey_encrypt $j 0 /tmp/data enc=pkcs1 >/tmp/enc
keyctl pkey_decrypt $j 0 /tmp/enc enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
keyctl pkey_sign $j 0 /tmp/data enc=pkcs1 hash=sha1 >/tmp/sig
keyctl pkey_verify $j 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-and-tested-by: Denis Kenzior <denkenz@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dh_compute code now allows the following options:
- no KDF support / output of raw DH shared secret:
dh_compute <private> <prime> <base>
- KDF support without "other information" string:
dh_compute_kdf <private> <prime> <base> <output length> <hash_type>
- KDF support with "other information string:
dh_compute_kdf_oi <private> <prime> <base> <output length> <hash_type>
where the OI string is provided on STDIN.
The test to verify the code is based on a test vector used for the CAVS
testing of SP800-56A.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
| |
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In the keyctl program, when searching the command table, don't trust that an
overlong argument name won't cause memcpy() to segfault. This is unlikely to
be a problem as any efficient memcpy() is going to start scanning from the
lowest address, given that it has to report on the lowest-addressed difference
if there is one.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Only get the groups list if calc_perms() is called as there's no point
grabbing the list otherwise.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Fix a leak of the description string memory from each key visited in
dump_key_tree_aux() in the keyctl program.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
Exit rather than returning from act_xxx() functions so that the Coverity
checker doesn't think that memory is leaked from functions that allocate
memory.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Use the keyctl_describe_alloc() library function in dump_key_tree_aux() in the
keyctl program rather than open coding it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Permit callers of the keyctl program to specify a key by its type and name
rather than by its number. This is done by replacing a key ID like:
1234
or:
@s
with a type and name:
%<type>:<name>
e.g.:
%user:a
As a shorthand, leaving out the type name:
%:<name>
e.g.:
%:_ses
refers to a keyring of the given name.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
The add_key() and keyctl_instantiate() calls can take a buffer of up to 1MB,
so grab_stdin() should be using a buffer capable of holding that rather than
one limited to 64KB.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix the maximum depth of the key tree dump made my "keyctl show". The depth
increases in multiples of four because it is used to determine how many spaces
to prefix each printed line with - and not multiples of one.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the recursive dump of a specified keyring rather than the session keyring
by doing:
keyctl show <keyringID>
The following:
keyctl show
still dumps the session keyring.
Also make some fixes to the show subcommand:
(*) 31-bit decimal numbers can be up to 10 chars long, so allow for an extra
char in the serial number when displaying it.
(*) Permit numbers to be displayed in hex with a -x flag:
keyctl show [-x] [<keyringID>]
(*) Turn the special keyring ID of the root keyring into the real serial
number and display that instead of the special ID.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix the keyctl padd, pinstantiate and pupdate commands to not use strlen() on
the data read from stdin as the data may be binary, but rather to have
grab_stdin() return the amount of data read.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package version number and build date are stored in the library in:
const char keyutils_version_string[];
const char keyutils_build_string[];
And are displayable with the programs built as part of it:
# keyctl --version
keyctl from keyutils-1.5.3 (Built 2011-08-24)
# request-key --version
request-key from keyutils-1.5.3 (Built 2011-08-24)
The DNS query resolver gets extended version information as it already has its
own version number:
# key.dns_resolver --version
version: 1.0 from keyutils-1.5.3 (2011-08-24)
(the keyutils version is simply appended to the original).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Allow multiple lines in the commands[] table with same name by setting the
action function pointer to NULL for the second and subsequent entries. This
prevents the partial matcher from proclaiming ambiguity for short versions of
commands that have multiple lines ('session' and 'purge').
Also alphabetically order the commands table.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a purge command to keyctl to unlink all matching keys from the session
keyring tree that it can find. There are three cases:
(1) keyctl purge <type>
Perform a depth-first search to find all keys of this type and unlink
them.
(2) keyctl purge [-i] [-p] <type> <desc>
Perform a depth-first search to find all keys of this type and unlink them
if their description matches the specified description textually. The
caller can request a case-independent match on the description by
supplying the -i flag or a prefix match by supplying the -p flag.
(3) keyctl purge -s <type> <desc>
Repeat 'keyctl search' in all the searchable keyrings in the session
keyring tree and unlink matching keys from those keyrings. The comparison
is therefore done with the key type's comparator in the kernel and may
thus match different keys to (2).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Permit unlinking of all instances of a key in session keyring tree by not
electing not to provide a keyring ID to the unlink command. With this, the
unlink command becomes:
keyctl unlink <key> [<keyring>]
If <keyring> is given, just the link to <key> in the nominated keyring is
removed.
If <keyring> is not given, all links to <key> in the session keyring are
removed.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new command:
keyctl reap
will do a depth-first search of the session keyring tree looking for negative,
rejected, expired, revoked and dead keys and unlink them if possible (the
keyring containing the link has to grant Write permission to the caller).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Support the negate key with specific rejection error keyctl op, providing it
as keyctl_reject().
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
| |
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
| |
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add build dependency on glibc-kernheaders with key management syscall
- Add data pipe-in facility for keyctl request2
- Rename library and header file "keyutil" -> "keyutils" for consistency
- Fix shared library version naming to same way as glibc.
- Add versioning for shared library symbols
- Create new keyutils-libs package and install library and main symlink there
- Install base library symlink in /usr/lib and place in devel package
- Added a keyutils archive library
- Shorten displayed key permissions list to just those we actually have
- Add data pipe-in facilities for keyctl add, update and instantiate
|
|
|
|
|
|
| |
- Added timeout keyctl option
- request_key auth keys must now be assumed
- Fix keyctl argument ordering for debug negate line in request-key.conf
|
|
|
|
|
|
|
|
|
|
| |
- Must invoke initialisation from perror() override in libkeyutils
- Minor UI changes
- Bump version to permit building in main repositories.
- Don't attempt to define the error codes in the header file.
- Pass the release ID through to the makefile to affect the shared library name.
- Build in the perror() override to get the key error strings displayed.
- Need a defattr directive after each files directive.
|
|
|