Trusted key converted to

[loicpoulain]

Contrary to other keys, trusted-key implementation converts the payload into a hexadecimal ascii string:

Payload::Load {
                blob,
                options,
            } => format!("load {:x}{}", ByteBuf(blob), options),

But the payload is likely already in the right form as this is the natural form of keyctl. And this is also the format when reading the key.

E.g my blob is: "dbe13cbd0fe83a313805674d84af9de7a1c09a7bdb63418ddc5807a5bbef307c75be43b7674c608793936192ce03d32ba9300b14476c94bed0d8500343cef175a99200bb3a580aeb3bbc8df86ae0df12"

But it is incorrectly converted to: "64626531336362643066653833613331333830353637346438346166396465376131633039613762646236333431386464633538303761356262656633303763373562653433623736373463363038373933393336313932636530336433326261393330306231343437366339346265643064383530303334336365663137356139393230306262336135383061656233626263386466383661653064663132"

The following does not work:

        // Create new  trusted key
        let key = ring
            .add_key::<Trusted, _, _>(KERNEL_KEY_LABEL, Payload::New { keylen: 32, options: opts.clone() })
            .map_err(|e| format!("Could not create new key: {}", e))?;

        // Read the (wrapped/encrypted) trusted key
        let payload = key.read().unwrap();

        // Try to load back the key
        let _ = ring2
            .add_key::<Trusted, _, _>(KERNEL_KEY_LABEL, Payload::Load { blob: payload, options: opts.clone() })
            .map_err(|e| format!("Could not add key to keyring: {}", e))?;

Gives the following output:

Error: "Could not add key to keyring: Bad message"

[mathstuf]

I've not played with trusted keys much, so ergonomics can certainly be missing. Maybe a Payload::LoadHex could be added for pre-formatted payloads? The current Load variant expects the raw bytes at the moment, not pre-encoded ascii hex.