aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/keys/encrypted.c45
1 files changed, 34 insertions, 11 deletions
diff --git a/security/keys/encrypted.c b/security/keys/encrypted.c
index 3ff2f72dad94..f36a105de791 100644
--- a/security/keys/encrypted.c
+++ b/security/keys/encrypted.c
@@ -133,46 +133,69 @@ static int datablob_parse(char *datablob, char **master_desc,
133 substring_t args[MAX_OPT_ARGS]; 133 substring_t args[MAX_OPT_ARGS];
134 int ret = -EINVAL; 134 int ret = -EINVAL;
135 int key_cmd; 135 int key_cmd;
136 char *p; 136 char *keyword;
137 137
138 p = strsep(&datablob, " \t"); 138 keyword = strsep(&datablob, " \t");
139 if (!p) 139 if (!keyword) {
140 pr_info("encrypted_key: insufficient parameters specified\n");
140 return ret; 141 return ret;
141 key_cmd = match_token(p, key_tokens, args); 142 }
143 key_cmd = match_token(keyword, key_tokens, args);
142 144
143 *master_desc = strsep(&datablob, " \t"); 145 *master_desc = strsep(&datablob, " \t");
144 if (!*master_desc) 146 if (!*master_desc) {
147 pr_info("encrypted_key: master key parameter is missing\n");
145 goto out; 148 goto out;
149 }
146 150
147 if (valid_master_desc(*master_desc, NULL) < 0) 151 if (valid_master_desc(*master_desc, NULL) < 0) {
152 pr_info("encrypted_key: master key parameter \'%s\' "
153 "is invalid\n", *master_desc);
148 goto out; 154 goto out;
155 }
149 156
150 if (decrypted_datalen) { 157 if (decrypted_datalen) {
151 *decrypted_datalen = strsep(&datablob, " \t"); 158 *decrypted_datalen = strsep(&datablob, " \t");
152 if (!*decrypted_datalen) 159 if (!*decrypted_datalen) {
160 pr_info("encrypted_key: keylen parameter is missing\n");
153 goto out; 161 goto out;
162 }
154 } 163 }
155 164
156 switch (key_cmd) { 165 switch (key_cmd) {
157 case Opt_new: 166 case Opt_new:
158 if (!decrypted_datalen) 167 if (!decrypted_datalen) {
168 pr_info("encrypted_key: keyword \'%s\' not allowed "
169 "when called from .update method\n", keyword);
159 break; 170 break;
171 }
160 ret = 0; 172 ret = 0;
161 break; 173 break;
162 case Opt_load: 174 case Opt_load:
163 if (!decrypted_datalen) 175 if (!decrypted_datalen) {
176 pr_info("encrypted_key: keyword \'%s\' not allowed "
177 "when called from .update method\n", keyword);
164 break; 178 break;
179 }
165 *hex_encoded_iv = strsep(&datablob, " \t"); 180 *hex_encoded_iv = strsep(&datablob, " \t");
166 if (!*hex_encoded_iv) 181 if (!*hex_encoded_iv) {
182 pr_info("encrypted_key: hex blob is missing\n");
167 break; 183 break;
184 }
168 ret = 0; 185 ret = 0;
169 break; 186 break;
170 case Opt_update: 187 case Opt_update:
171 if (decrypted_datalen) 188 if (decrypted_datalen) {
189 pr_info("encrypted_key: keyword \'%s\' not allowed "
190 "when called from .instantiate method\n",
191 keyword);
172 break; 192 break;
193 }
173 ret = 0; 194 ret = 0;
174 break; 195 break;
175 case Opt_err: 196 case Opt_err:
197 pr_info("encrypted_key: keyword \'%s\' not recognized\n",
198 keyword);
176 break; 199 break;
177 } 200 }
178out: 201out: