add move

keyutils/__init__.py

@@ -173,6 +173,10 @@ def pkey_verify(key, data: bytes, sig: bytes, info: bytes = b'') -> bytes:
     return _keyutils.pkey_verify(key, info, data, sig)
 
 
+def move(key, from_ringid, to_ringid, flags=0):
+    return _keyutils.move(key, from_ringid, to_ringid, flags)
+
+
 def describe_key(keyId):
     return _keyutils.describe_key(keyId)
 

keyutils/_keyutils.pyx

@@ -74,6 +74,7 @@ class constants:
     EKEYREVOKED = ckeyutils.EKEYREVOKED
     EKEYREJECTED = ckeyutils.EKEYREJECTED
 
+    KEYCTL_MOVE_EXCL = ckeyutils.KEYCTL_MOVE_EXCL
 
 def _throw_err(int rc):
     if rc < 0:
@@ -364,7 +365,6 @@ def pkey_sign(int key, bytes info, bytes data):
     cdef int sig_len = 256  # TODO: actually query this
     cdef bytes obj
 
-    print(data)
     with nogil:
         rc = ckeyutils.pkey_sign(
             key, info_p, data_p, data_len, sig_p, sig_len
@@ -388,6 +388,14 @@ def pkey_verify(int key, bytes info, bytes data, bytes sig):
         )
     return _throw_err(rc)
 
+def move(int key, int from_ringid, int to_ringid, unsigned int flags):
+    cdef int rc
+    with nogil:
+        rc = ckeyutils.move(key, from_ringid, to_ringid, flags)
+    _throw_err(rc)
+    return None
+
+
 def describe_key(int key):
     cdef int size
     cdef char *ptr

keyutils/ckeyutils.pxd

@@ -64,6 +64,9 @@ cdef extern from "keyutils.h" nogil:
     int EKEYREVOKED "EKEYREVOKED"
     int EKEYREJECTED "EKEYREJECTED"
 
+    # keyctl_move flags
+    int KEYCTL_MOVE_EXCL "KEYCTL_MOVE_EXCL"
+
     int add_key "add_key"(char *key_type, char *description, void *payload, int plen, int keyring)
     int request_key "request_key"(char *key_type, char *description, char *callout_info, int keyring)
     key_serial_t get_keyring_id "keyctl_get_keyring_ID"(key_serial_t key, int create)
@@ -92,6 +95,7 @@ cdef extern from "keyutils.h" nogil:
     int pkey_decrypt "keyctl_pkey_decrypt"(key_serial_t key, const char* info, void *enc, size_t enc_len, const void *data, size_t data_len)
     int pkey_sign "keyctl_pkey_sign"(key_serial_t key, const char* info, const void *data, size_t data_len, void *sig, size_t sig_len)
     int pkey_verify "keyctl_pkey_verify"(key_serial_t key, const char* info, const void *data, size_t data_len, void *sig, size_t sig_len)
+    int move "keyctl_move"(key_serial_t key, key_serial_t from_ringid, key_serial_t to_ringid, unsigned int flags)
     int describe_alloc "keyctl_describe_alloc"(int key, char **bufptr)
     int read_alloc "keyctl_read_alloc"(int key, void ** bufptr)
     int get_security_alloc "keyctl_get_security_alloc"(key_serial_t key, char **bufptr)

test/keyutils_test.py

@@ -34,6 +34,14 @@ def ring(request):
     return keyutils.add_ring(request.function.__name__.encode("utf-8"), keyutils.KEY_SPEC_THREAD_KEYRING)
 
 
+def rings(parent: int, n: int = 2):
+    rings = []
+    for i in range(0, n):
+        rings.append(keyutils.add_ring(str(i).encode("utf-8"), parent))
+    return rings
+
+
+
 class BasicTest(unittest.TestCase):
     def testSet(self):
         keyDesc = b"test:key:01"
@@ -212,6 +220,20 @@ def testGetSecurity(self, ring):
         security = keyutils.get_security(ring)
         assert security == b''  # TODO: find out how to apply security labels
 
+    def test_move(self, ring):
+        children = rings(ring, 2)
+        key = keyutils.add_key(b"test_move_k", b"test_move_v", children[0])
+
+        keyutils.move(key, children[0], children[1])
+
+    def test_move_exclusive(self, ring):
+        r_from, r_to = rings(ring, 2)
+        key = keyutils.add_key(b"test_move_k", b"test_move_v", r_from)
+        keyutils.link(key, r_to)
+
+        with pytest.raises(keyutils.KeyutilsError) as e:
+            keyutils.move(key, r_from, r_to, keyutils.KEYCTL_MOVE_EXCL)
+        assert e.value.args[1] == 'File exists'
 
 def test_get_keyring_id():
     keyring = keyutils.get_keyring_id(keyutils.KEY_SPEC_THREAD_KEYRING, False)