[PATCH 31/42] keystore: implement forgetting secrets

Sascha Hauer s.hauer at pengutronix.de
Fri Mar 31 00:03:35 PDT 2017


To be able to change secrets add a function to forget secrets.

Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
 crypto/keystore.c         | 53 +++++++++++++++++++++++++++++++++--------------
 include/crypto/keystore.h |  4 ++++
 2 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/crypto/keystore.c b/crypto/keystore.c
index 90b470fe67..f2b25ca6c9 100644
--- a/crypto/keystore.c
+++ b/crypto/keystore.c
@@ -16,8 +16,8 @@ static LIST_HEAD(keystore_list);
 
 struct keystore_key {
 	struct list_head list;
-	const char *name;
-	const u8 *secret;
+	char *name;
+	u8 *secret;
 	int secret_len;
 };
 
@@ -29,6 +29,17 @@ static int keystore_compare(struct list_head *a, struct list_head *b)
 	return strcmp(na, nb);
 }
 
+static struct keystore_key *get_key(const char *name)
+{
+	struct keystore_key *key;
+
+	for_each_key(key)
+		if (!strcmp(name, key->name))
+			return key;
+
+	return NULL;
+};
+
 /**
  * @param[in] name Name of the secret to get
  * @param[out] secret Double pointer to memory representing the secret, do _not_ free() after use
@@ -38,19 +49,17 @@ int keystore_get_secret(const char *name, const u8 **secret, int *secret_len)
 {
 	struct keystore_key *key;
 
-	for_each_key(key) {
-		if (!strcmp(name, key->name)) {
-			if (!secret || !secret_len)
-				return 0;
+	if (!secret || !secret_len)
+		return 0;
 
-			*secret = key->secret;
-			*secret_len = key->secret_len;
+	key = get_key(name);
+	if (!key)
+		return -ENOENT;
 
-			return 0;
-		}
-	}
+	*secret = key->secret;
+	*secret_len = key->secret_len;
 
-	return -ENOENT;
+	return 0;
 }
 
 /**
@@ -61,11 +70,10 @@ int keystore_get_secret(const char *name, const u8 **secret, int *secret_len)
 int keystore_set_secret(const char *name, const u8 *secret, int secret_len)
 {
 	struct keystore_key *key;
-	int ret;
 
 	/* check if key is already in store */
-	ret = keystore_get_secret(name, NULL, NULL);
-	if (!ret)
+	key = get_key(name);
+	if (key)
 		return -EBUSY;
 
 	key = xzalloc(sizeof(*key));
@@ -78,3 +86,18 @@ int keystore_set_secret(const char *name, const u8 *secret, int secret_len)
 
 	return 0;
 }
+
+void keystore_forget_secret(const char *name)
+{
+	struct keystore_key *key;
+
+	key = get_key(name);
+	if (!key)
+		return;
+
+	list_del(&key->list);
+
+	free(key->name);
+	free(key->secret);
+	free(key);
+}
diff --git a/include/crypto/keystore.h b/include/crypto/keystore.h
index 29915854b8..89d962628b 100644
--- a/include/crypto/keystore.h
+++ b/include/crypto/keystore.h
@@ -12,6 +12,7 @@
 #ifdef CONFIG_CRYPTO_KEYSTORE
 int keystore_get_secret(const char *name, const u8 **secret, int *secret_len);
 int keystore_set_secret(const char *name, const u8 *secret, int secret_len);
+void keystore_forget_secret(const char *name);
 #else
 static inline int keystore_get_secret(const char *name, const u8 **secret, int *secret_len)
 {
@@ -21,6 +22,9 @@ static inline int keystore_set_secret(const char *name, const u8 *secret, int se
 {
 	return 0;
 }
+static inline void keystore_forget_secret(const char *name)
+{
+}
 #endif
 
 #endif
-- 
2.11.0




More information about the barebox mailing list