From d685f6b232485a0dc0cc8b915561b9be37d32722 Mon Sep 17 00:00:00 2001 From: Joe Richey Date: Wed, 30 Aug 2017 17:57:38 -0700 Subject: [PATCH] crypto: Updated to include user parameter --- crypto/crypto_test.go | 21 ++++++++++++--------- crypto/key.go | 5 +++-- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index 719db00..444f847 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -34,6 +34,7 @@ import ( "github.com/google/fscrypt/metadata" "github.com/google/fscrypt/security" + "github.com/google/fscrypt/util" ) // Reader that always returns the same byte @@ -60,6 +61,8 @@ var ( fakeValidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen) fakeInvalidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen-1) fakeWrappingKey, _ = makeKey(17, metadata.InternalKeyLen) + + testUser, _ = util.EffectiveUser() ) // As the passpharase hashing function clears the passphrase, we need to make @@ -243,10 +246,10 @@ func TestKeyLargeResize(t *testing.T) { func TestAddRemoveKeys(t *testing.T) { for _, service := range []string{defaultService, "ext4:", "f2fs:"} { validDescription := service + fakeValidDescriptor - if err := InsertPolicyKey(fakeValidPolicyKey, validDescription); err != nil { + if err := InsertPolicyKey(fakeValidPolicyKey, validDescription, testUser); err != nil { t.Error(err) } - if err := security.RemoveKey(validDescription); err != nil { + if err := security.RemoveKey(validDescription, testUser); err != nil { t.Error(err) } } @@ -255,23 +258,23 @@ func TestAddRemoveKeys(t *testing.T) { // Adds a key twice (both should succeed) func TestAddTwice(t *testing.T) { validDescription := defaultService + fakeValidDescriptor - InsertPolicyKey(fakeValidPolicyKey, validDescription) - if InsertPolicyKey(fakeValidPolicyKey, validDescription) != nil { + InsertPolicyKey(fakeValidPolicyKey, validDescription, testUser) + if InsertPolicyKey(fakeValidPolicyKey, validDescription, testUser) != nil { t.Error("InsertPolicyKey should not fail if key already exists") } - security.RemoveKey(validDescription) + security.RemoveKey(validDescription, testUser) } // Makes sure a key fails with bad policy or service func TestBadAddKeys(t *testing.T) { validDescription := defaultService + fakeValidDescriptor - if InsertPolicyKey(fakeInvalidPolicyKey, validDescription) == nil { - security.RemoveKey(validDescription) + if InsertPolicyKey(fakeInvalidPolicyKey, validDescription, testUser) == nil { + security.RemoveKey(validDescription, testUser) t.Error("InsertPolicyKey should fail with bad policy key") } invalidDescription := "ext4" + fakeValidDescriptor - if InsertPolicyKey(fakeValidPolicyKey, invalidDescription) == nil { - security.RemoveKey(invalidDescription) + if InsertPolicyKey(fakeValidPolicyKey, invalidDescription, testUser) == nil { + security.RemoveKey(invalidDescription, testUser) t.Error("InsertPolicyKey should fail with bad service") } } diff --git a/crypto/key.go b/crypto/key.go index ec37330..9bf9098 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -33,6 +33,7 @@ import ( "io" "log" "os" + "os/user" "runtime" "unsafe" @@ -247,7 +248,7 @@ func NewFixedLengthKeyFromReader(reader io.Reader, length int) (*Key, error) { // InsertPolicyKey puts the provided policy key into the kernel keyring with the // provided description, and type logon. The key must be a policy key. -func InsertPolicyKey(key *Key, description string) error { +func InsertPolicyKey(key *Key, description string, target *user.User) error { if err := util.CheckValidLength(metadata.PolicyKeyLen, key.Len()); err != nil { return errors.Wrap(err, "policy key") } @@ -266,7 +267,7 @@ func InsertPolicyKey(key *Key, description string) error { fscryptKey.Size = metadata.PolicyKeyLen copy(fscryptKey.Raw[:], key.data) - return security.InsertKey(payload.data, description) + return security.InsertKey(payload.data, description, target) } var ( -- 2.39.5