KEYS: Add a lookup_restriction function for the asymmetric key type

Look up asymmetric keyring restriction information using the key-type lookup_restrict hook. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
author: Mat Martineau <mathew.j.martineau@linux.intel.com> 2016-05-06 17:25:39 -0400
committer: Mat Martineau <mathew.j.martineau@linux.intel.com> 2017-04-04 17:10:12 -0400
commit: 97d3aa0f313435a24440e7157c9c9115c58ca463 (patch)
tree: 56c00ecd720a6b1f9564ec01f5e6a3d8b805c455 /crypto/asymmetric_keys
parent: 6563c91fd645556c7801748f15bc727c77fcd311 (diff)
1 files changed, 44 insertions, 8 deletions
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 6600181d5d01..2e3380d09631 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -17,6 +17,7 @@
 #include <linux/module.h>
 #include <linux/slab.h>
 #include <linux/ctype.h>
+#include <keys/system_keyring.h>
 #include "asymmetric_keys.h"
 MODULE_LICENSE("GPL");
@@ -451,15 +452,50 @@ static void asymmetric_key_destroy(struct key *key)
        asymmetric_key_free_kids(kids);
 }
+static struct key_restriction *asymmetric_restriction_alloc(
+        key_restrict_link_func_t check,
+        struct key *key)
+{
+        struct key_restriction *keyres =
+                kzalloc(sizeof(struct key_restriction), GFP_KERNEL);
+        if (!keyres)
+                return ERR_PTR(-ENOMEM);
+        keyres->check = check;
+        keyres->key = key;
+        keyres->keytype = &key_type_asymmetric;
+        return keyres;
+}
+/*
+ * look up keyring restrict functions for asymmetric keys
+ */
+static struct key_restriction *asymmetric_lookup_restriction(
+        const char *restriction)
+{
+        if (strcmp("builtin_trusted", restriction) == 0)
+                return asymmetric_restriction_alloc(
+                        restrict_link_by_builtin_trusted, NULL);
+        if (strcmp("builtin_and_secondary_trusted", restriction) == 0)
+                return asymmetric_restriction_alloc(
+                        restrict_link_by_builtin_and_secondary_trusted, NULL);
+        return ERR_PTR(-EINVAL);
+}
 struct key_type key_type_asymmetric = {
-        .name           = "asymmetric",
+        .name                   = "asymmetric",
-        .preparse       = asymmetric_key_preparse,
+        .preparse               = asymmetric_key_preparse,
-        .free_preparse  = asymmetric_key_free_preparse,
+        .free_preparse          = asymmetric_key_free_preparse,
-        .instantiate    = generic_key_instantiate,
+        .instantiate            = generic_key_instantiate,
-        .match_preparse = asymmetric_key_match_preparse,
+        .match_preparse         = asymmetric_key_match_preparse,
-        .match_free     = asymmetric_key_match_free,
+        .match_free             = asymmetric_key_match_free,
-        .destroy        = asymmetric_key_destroy,
+        .destroy                = asymmetric_key_destroy,
-        .describe       = asymmetric_key_describe,
+        .describe               = asymmetric_key_describe,
+        .lookup_restriction     = asymmetric_lookup_restriction,
 };
 EXPORT_SYMBOL_GPL(key_type_asymmetric);
author	Mat Martineau <mathew.j.martineau@linux.intel.com>	2016-05-06 17:25:39 -0400
committer	Mat Martineau <mathew.j.martineau@linux.intel.com>	2017-04-04 17:10:12 -0400
commit	97d3aa0f313435a24440e7157c9c9115c58ca463 (patch)
tree	56c00ecd720a6b1f9564ec01f5e6a3d8b805c455 /crypto/asymmetric_keys
parent	6563c91fd645556c7801748f15bc727c77fcd311 (diff)

diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index 6600181d5d01..2e3380d09631 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -17,6 +17,7 @@
17	#include <linux/module.h>	17	#include <linux/module.h>
18	#include <linux/slab.h>	18	#include <linux/slab.h>
19	#include <linux/ctype.h>	19	#include <linux/ctype.h>
		20	#include <keys/system_keyring.h>
20	#include "asymmetric_keys.h"	21	#include "asymmetric_keys.h"
21		22
22	MODULE_LICENSE("GPL");	23	MODULE_LICENSE("GPL");
@@ -451,15 +452,50 @@ static void asymmetric_key_destroy(struct key *key)
451	asymmetric_key_free_kids(kids);	452	asymmetric_key_free_kids(kids);
452	}	453	}
453		454
		455	static struct key_restriction *asymmetric_restriction_alloc(
		456	key_restrict_link_func_t check,
		457	struct key *key)
		458	{
		459	struct key_restriction *keyres =
		460	kzalloc(sizeof(struct key_restriction), GFP_KERNEL);
		461
		462	if (!keyres)
		463	return ERR_PTR(-ENOMEM);
		464
		465	keyres->check = check;
		466	keyres->key = key;
		467	keyres->keytype = &key_type_asymmetric;
		468
		469	return keyres;
		470	}
		471
		472	/*
		473	* look up keyring restrict functions for asymmetric keys
		474	*/
		475	static struct key_restriction *asymmetric_lookup_restriction(
		476	const char *restriction)
		477	{
		478	if (strcmp("builtin_trusted", restriction) == 0)
		479	return asymmetric_restriction_alloc(
		480	restrict_link_by_builtin_trusted, NULL);
		481
		482	if (strcmp("builtin_and_secondary_trusted", restriction) == 0)
		483	return asymmetric_restriction_alloc(
		484	restrict_link_by_builtin_and_secondary_trusted, NULL);
		485
		486	return ERR_PTR(-EINVAL);
		487	}
		488
454	struct key_type key_type_asymmetric = {	489	struct key_type key_type_asymmetric = {
455	.name = "asymmetric",	490	.name = "asymmetric",
456	.preparse = asymmetric_key_preparse,	491	.preparse = asymmetric_key_preparse,
457	.free_preparse = asymmetric_key_free_preparse,	492	.free_preparse = asymmetric_key_free_preparse,
458	.instantiate = generic_key_instantiate,	493	.instantiate = generic_key_instantiate,
459	.match_preparse = asymmetric_key_match_preparse,	494	.match_preparse = asymmetric_key_match_preparse,
460	.match_free = asymmetric_key_match_free,	495	.match_free = asymmetric_key_match_free,
461	.destroy = asymmetric_key_destroy,	496	.destroy = asymmetric_key_destroy,
462	.describe = asymmetric_key_describe,	497	.describe = asymmetric_key_describe,
		498	.lookup_restriction = asymmetric_lookup_restriction,
463	};	499	};
464	EXPORT_SYMBOL_GPL(key_type_asymmetric);	500	EXPORT_SYMBOL_GPL(key_type_asymmetric);
465		501