From 9f77d04b89cef417a9e4e0ce731aa62e1eee3c81 Mon Sep 17 00:00:00 2001 From: Daniel Goldman Date: Sun, 15 Oct 2023 00:48:02 -0400 Subject: [PATCH] add move --- keyutils/__init__.py | 4 ++++ keyutils/_keyutils.pyx | 10 +++++++++- keyutils/ckeyutils.pxd | 4 ++++ test/keyutils_test.py | 22 ++++++++++++++++++++++ 4 files changed, 39 insertions(+), 1 deletion(-) diff --git a/keyutils/__init__.py b/keyutils/__init__.py index 80d72bb..8b5e896 100644 --- a/keyutils/__init__.py +++ b/keyutils/__init__.py @@ -173,6 +173,10 @@ def pkey_verify(key, data: bytes, sig: bytes, info: bytes = b'') -> bytes: return _keyutils.pkey_verify(key, info, data, sig) +def move(key, from_ringid, to_ringid, flags=0): + return _keyutils.move(key, from_ringid, to_ringid, flags) + + def describe_key(keyId): return _keyutils.describe_key(keyId) diff --git a/keyutils/_keyutils.pyx b/keyutils/_keyutils.pyx index 9ad64f6..0ce7818 100644 --- a/keyutils/_keyutils.pyx +++ b/keyutils/_keyutils.pyx @@ -74,6 +74,7 @@ class constants: EKEYREVOKED = ckeyutils.EKEYREVOKED EKEYREJECTED = ckeyutils.EKEYREJECTED + KEYCTL_MOVE_EXCL = ckeyutils.KEYCTL_MOVE_EXCL def _throw_err(int rc): if rc < 0: @@ -364,7 +365,6 @@ def pkey_sign(int key, bytes info, bytes data): cdef int sig_len = 256 # TODO: actually query this cdef bytes obj - print(data) with nogil: rc = ckeyutils.pkey_sign( key, info_p, data_p, data_len, sig_p, sig_len @@ -388,6 +388,14 @@ def pkey_verify(int key, bytes info, bytes data, bytes sig): ) return _throw_err(rc) +def move(int key, int from_ringid, int to_ringid, unsigned int flags): + cdef int rc + with nogil: + rc = ckeyutils.move(key, from_ringid, to_ringid, flags) + _throw_err(rc) + return None + + def describe_key(int key): cdef int size cdef char *ptr diff --git a/keyutils/ckeyutils.pxd b/keyutils/ckeyutils.pxd index 9b0261d..d8af24b 100644 --- a/keyutils/ckeyutils.pxd +++ b/keyutils/ckeyutils.pxd @@ -64,6 +64,9 @@ cdef extern from "keyutils.h" nogil: int EKEYREVOKED "EKEYREVOKED" int EKEYREJECTED "EKEYREJECTED" + # keyctl_move flags + int KEYCTL_MOVE_EXCL "KEYCTL_MOVE_EXCL" + int add_key "add_key"(char *key_type, char *description, void *payload, int plen, int keyring) int request_key "request_key"(char *key_type, char *description, char *callout_info, int keyring) key_serial_t get_keyring_id "keyctl_get_keyring_ID"(key_serial_t key, int create) @@ -92,6 +95,7 @@ cdef extern from "keyutils.h" nogil: int pkey_decrypt "keyctl_pkey_decrypt"(key_serial_t key, const char* info, void *enc, size_t enc_len, const void *data, size_t data_len) int pkey_sign "keyctl_pkey_sign"(key_serial_t key, const char* info, const void *data, size_t data_len, void *sig, size_t sig_len) int pkey_verify "keyctl_pkey_verify"(key_serial_t key, const char* info, const void *data, size_t data_len, void *sig, size_t sig_len) + int move "keyctl_move"(key_serial_t key, key_serial_t from_ringid, key_serial_t to_ringid, unsigned int flags) int describe_alloc "keyctl_describe_alloc"(int key, char **bufptr) int read_alloc "keyctl_read_alloc"(int key, void ** bufptr) int get_security_alloc "keyctl_get_security_alloc"(key_serial_t key, char **bufptr) diff --git a/test/keyutils_test.py b/test/keyutils_test.py index 1b94fe1..2c15ede 100644 --- a/test/keyutils_test.py +++ b/test/keyutils_test.py @@ -34,6 +34,14 @@ def ring(request): return keyutils.add_ring(request.function.__name__.encode("utf-8"), keyutils.KEY_SPEC_THREAD_KEYRING) +def rings(parent: int, n: int = 2): + rings = [] + for i in range(0, n): + rings.append(keyutils.add_ring(str(i).encode("utf-8"), parent)) + return rings + + + class BasicTest(unittest.TestCase): def testSet(self): keyDesc = b"test:key:01" @@ -212,6 +220,20 @@ def testGetSecurity(self, ring): security = keyutils.get_security(ring) assert security == b'' # TODO: find out how to apply security labels + def test_move(self, ring): + children = rings(ring, 2) + key = keyutils.add_key(b"test_move_k", b"test_move_v", children[0]) + + keyutils.move(key, children[0], children[1]) + + def test_move_exclusive(self, ring): + r_from, r_to = rings(ring, 2) + key = keyutils.add_key(b"test_move_k", b"test_move_v", r_from) + keyutils.link(key, r_to) + + with pytest.raises(keyutils.KeyutilsError) as e: + keyutils.move(key, r_from, r_to, keyutils.KEYCTL_MOVE_EXCL) + assert e.value.args[1] == 'File exists' def test_get_keyring_id(): keyring = keyutils.get_keyring_id(keyutils.KEY_SPEC_THREAD_KEYRING, False)