From 7ee5d16c1d4da0561976b372da15bd2d7a32d8b8 Mon Sep 17 00:00:00 2001
From: "Joe Richey joerichey@google.com" <joerichey@google.com>
Date: Fri, 14 Jul 2017 11:43:24 -0700
Subject: crypto: Use single description parameter

Instead of using the service+descriptor parameters (which are always
combined in the same way), use a single description parameter.
---
 crypto/key.go | 23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

(limited to 'crypto/key.go')

diff --git a/crypto/key.go b/crypto/key.go
index 6781c1d..cffe2b4 100644
--- a/crypto/key.go
+++ b/crypto/key.go
@@ -240,15 +240,14 @@ func getKeyring() (int, error) {
 }
 
 // FindPolicyKey tries to locate a policy key in the kernel keyring with the
-// provided descriptor and service. The keyring and key ids are returned if we
-// can find the key. An error is returned if the key does not exist.
-func FindPolicyKey(descriptor, service string) (keyringID, keyID int, err error) {
+// provided description. The keyring and key ids are returned if we can find the
+// key. An error is returned if the key does not exist.
+func FindPolicyKey(description string) (keyringID, keyID int, err error) {
 	keyringID, err = getKeyring()
 	if err != nil {
 		return
 	}
 
-	description := service + descriptor
 	keyID, err = unix.KeyctlSearch(keyringID, keyType, description, 0)
 	log.Printf("unix.KeyctlSearch(%d, %s, %s) = %d, %v", keyringID, keyType, description, keyID, err)
 	if err != nil {
@@ -258,10 +257,9 @@ func FindPolicyKey(descriptor, service string) (keyringID, keyID int, err error)
 }
 
 // RemovePolicyKey tries to remove a policy key from the kernel keyring with the
-// provided descriptor and service. An error is returned if the key does not
-// exist.
-func RemovePolicyKey(descriptor, service string) error {
-	keyringID, keyID, err := FindPolicyKey(descriptor, service)
+// provided description. An error is returned if the key does not exist.
+func RemovePolicyKey(description string) error {
+	keyringID, keyID, err := FindPolicyKey(description)
 	if err != nil {
 		return err
 	}
@@ -275,15 +273,11 @@ func RemovePolicyKey(descriptor, service string) error {
 }
 
 // InsertPolicyKey puts the provided policy key into the kernel keyring with the
-// provided descriptor, provided service prefix, and type logon. The key and
-// descriptor must have the appropriate lengths.
-func InsertPolicyKey(key *Key, descriptor, service string) error {
+// provided description, and type logon. The key must be a policy key.
+func InsertPolicyKey(key *Key, description string) error {
 	if err := util.CheckValidLength(metadata.PolicyKeyLen, key.Len()); err != nil {
 		return errors.Wrap(err, "policy key")
 	}
-	if err := util.CheckValidLength(metadata.DescriptorLen, len(descriptor)); err != nil {
-		return errors.Wrap(err, "descriptor")
-	}
 
 	// Create our payload (containing an FscryptKey)
 	payload, err := newBlankKey(int(unsafe.Sizeof(unix.FscryptKey{})))
@@ -304,7 +298,6 @@ func InsertPolicyKey(key *Key, descriptor, service string) error {
 		return err
 	}
 
-	description := service + descriptor
 	keyID, err := unix.AddKey(keyType, description, payload.data, keyringID)
 	log.Printf("unix.AddKey(%s, %s, <payload>, %d) = %d, %v",
 		keyType, description, keyringID, keyID, err)
-- 
cgit v1.2.3