From 53d15f466a665e4e564af3afdcbcfe9ff1c91331 Mon Sep 17 00:00:00 2001
From: Joe Richey <joerichey@google.com>
Date: Thu, 2 Mar 2017 11:47:07 -0800
Subject: crypto: insert key into keyring from go

This commit adds in the ability to insert Keys into the kernel keyring
from go code. This is done via a patched version of x/sys/unix. We
also expose the specific requirements for keys that will be placed in
the keyring, namely PolicyKeyLen. The legacy services are also exposed.

Change-Id: I177928c9aa676cae13b749042b9a3996e7490f68
---
 metadata/policy.go      | 3 ++-
 metadata/policy_test.go | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'metadata')

diff --git a/metadata/policy.go b/metadata/policy.go
index ae8b869..8c67f52 100644
--- a/metadata/policy.go
+++ b/metadata/policy.go
@@ -120,12 +120,13 @@ func GetPolicy(path string) (*PolicyData, error) {
 // policy. Returns an error if we cannot set the policy for any reason (not a
 // directory, invalid options or KeyDescriptor, etc).
 func SetPolicy(path string, data *PolicyData) error {
-	// Convert the padding value to a flag and the policyID to a byte array
+	// Convert the padding value to a flag
 	paddingFlag, ok := util.Lookup(data.Options.Padding, paddingArray, flagsArray)
 	if !ok {
 		return util.InvalidInputF("padding of %d", data.Options.Padding)
 	}
 
+	// Convert the policyDescriptor to a byte array
 	if len(data.KeyDescriptor) != DescriptorLen {
 		return util.InvalidLengthError("policy descriptor", DescriptorLen, len(data.KeyDescriptor))
 	}
diff --git a/metadata/policy_test.go b/metadata/policy_test.go
index 7f8a48b..593f3da 100644
--- a/metadata/policy_test.go
+++ b/metadata/policy_test.go
@@ -110,7 +110,7 @@ func TestSetPolicyFile(t *testing.T) {
 }
 
 // Tests that we fail when using bad policies
-func TestSetPolicyBadIDs(t *testing.T) {
+func TestSetPolicyBadDescriptors(t *testing.T) {
 	// Policies that are too short, have invalid chars, or are too long
 	badDescriptors := []string{"123456789abcde", "xxxxxxxxxxxxxxxx", "0123456789abcdef00"}
 	for _, badDescriptor := range badDescriptors {
@@ -121,7 +121,7 @@ func TestSetPolicyBadIDs(t *testing.T) {
 		}
 
 		if err = SetPolicy(directory, badPolicy); err == nil {
-			t.Errorf("id %q should have made SetPolicy fail", badDescriptor)
+			t.Errorf("descriptor %q should have made SetPolicy fail", badDescriptor)
 		}
 		os.RemoveAll(directory)
 	}
-- 
cgit v1.2.3