Skip to content

Trusted key converted to  #67

@loicpoulain

Description

@loicpoulain

Contrary to other keys, trusted-key implementation converts the payload into a hexadecimal ascii string:

Payload::Load {
                blob,
                options,
            } => format!("load {:x}{}", ByteBuf(blob), options),

But the payload is likely already in the right form as this is the natural form of keyctl. And this is also the format when reading the key.

E.g my blob is:
"dbe13cbd0fe83a313805674d84af9de7a1c09a7bdb63418ddc5807a5bbef307c75be43b7674c608793936192ce03d32ba9300b14476c94bed0d8500343cef175a99200bb3a580aeb3bbc8df86ae0df12"

But it is incorrectly converted to:
"64626531336362643066653833613331333830353637346438346166396465376131633039613762646236333431386464633538303761356262656633303763373562653433623736373463363038373933393336313932636530336433326261393330306231343437366339346265643064383530303334336365663137356139393230306262336135383061656233626263386466383661653064663132"

The following does not work:

        // Create new  trusted key
        let key = ring
            .add_key::<Trusted, _, _>(KERNEL_KEY_LABEL, Payload::New { keylen: 32, options: opts.clone() })
            .map_err(|e| format!("Could not create new key: {}", e))?;

        // Read the (wrapped/encrypted) trusted key
        let payload = key.read().unwrap();

        // Try to load back the key
        let _ = ring2
            .add_key::<Trusted, _, _>(KERNEL_KEY_LABEL, Payload::Load { blob: payload, options: opts.clone() })
            .map_err(|e| format!("Could not add key to keyring: {}", e))?;

Gives the following output:

Error: "Could not add key to keyring: Bad message"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions