diff options
| author | David Howells <dhowells@redhat.com> | 2016-04-06 11:13:33 -0400 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2016-04-06 11:13:33 -0400 |
| commit | 3b764563177c1e435ef3e2608271c07955f73ea6 (patch) | |
| tree | 6c2c109d6fdde374e9a514976f49e236f79459f4 | |
| parent | 864e7a816a0646a6d9aecbd59a8e366c39b8ad2d (diff) | |
KEYS: Allow authentication data to be stored in an asymmetric key
Allow authentication data to be stored in an asymmetric key in the 4th
element of the key payload and provide a way for it to be destroyed.
For the public key subtype, this will be a public_key_signature struct.
Signed-off-by: David Howells <dhowells@redhat.com>
| -rw-r--r-- | crypto/asymmetric_keys/asymmetric_type.c | 7 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/public_key.c | 20 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/signature.c | 14 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/x509_cert_parser.c | 2 | ||||
| -rw-r--r-- | include/crypto/public_key.h | 5 | ||||
| -rw-r--r-- | include/keys/asymmetric-subtype.h | 2 | ||||
| -rw-r--r-- | include/keys/asymmetric-type.h | 7 |
7 files changed, 43 insertions, 14 deletions
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index 9f2165b27d52..a79d30128821 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c | |||
| @@ -331,7 +331,8 @@ static void asymmetric_key_free_preparse(struct key_preparsed_payload *prep) | |||
| 331 | pr_devel("==>%s()\n", __func__); | 331 | pr_devel("==>%s()\n", __func__); |
| 332 | 332 | ||
| 333 | if (subtype) { | 333 | if (subtype) { |
| 334 | subtype->destroy(prep->payload.data[asym_crypto]); | 334 | subtype->destroy(prep->payload.data[asym_crypto], |
| 335 | prep->payload.data[asym_auth]); | ||
| 335 | module_put(subtype->owner); | 336 | module_put(subtype->owner); |
| 336 | } | 337 | } |
| 337 | asymmetric_key_free_kids(kids); | 338 | asymmetric_key_free_kids(kids); |
| @@ -346,13 +347,15 @@ static void asymmetric_key_destroy(struct key *key) | |||
| 346 | struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); | 347 | struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); |
| 347 | struct asymmetric_key_ids *kids = key->payload.data[asym_key_ids]; | 348 | struct asymmetric_key_ids *kids = key->payload.data[asym_key_ids]; |
| 348 | void *data = key->payload.data[asym_crypto]; | 349 | void *data = key->payload.data[asym_crypto]; |
| 350 | void *auth = key->payload.data[asym_auth]; | ||
| 349 | 351 | ||
| 350 | key->payload.data[asym_crypto] = NULL; | 352 | key->payload.data[asym_crypto] = NULL; |
| 351 | key->payload.data[asym_subtype] = NULL; | 353 | key->payload.data[asym_subtype] = NULL; |
| 352 | key->payload.data[asym_key_ids] = NULL; | 354 | key->payload.data[asym_key_ids] = NULL; |
| 355 | key->payload.data[asym_auth] = NULL; | ||
| 353 | 356 | ||
| 354 | if (subtype) { | 357 | if (subtype) { |
| 355 | subtype->destroy(data); | 358 | subtype->destroy(data, auth); |
| 356 | module_put(subtype->owner); | 359 | module_put(subtype->owner); |
| 357 | } | 360 | } |
| 358 | 361 | ||
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 0f8b264b3961..fd76b5fc3b3a 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c | |||
| @@ -39,15 +39,23 @@ static void public_key_describe(const struct key *asymmetric_key, | |||
| 39 | /* | 39 | /* |
| 40 | * Destroy a public key algorithm key. | 40 | * Destroy a public key algorithm key. |
| 41 | */ | 41 | */ |
| 42 | void public_key_destroy(void *payload) | 42 | void public_key_free(struct public_key *key) |
| 43 | { | 43 | { |
| 44 | struct public_key *key = payload; | 44 | if (key) { |
| 45 | |||
| 46 | if (key) | ||
| 47 | kfree(key->key); | 45 | kfree(key->key); |
| 48 | kfree(key); | 46 | kfree(key); |
| 47 | } | ||
| 48 | } | ||
| 49 | EXPORT_SYMBOL_GPL(public_key_free); | ||
| 50 | |||
| 51 | /* | ||
| 52 | * Destroy a public key algorithm key. | ||
| 53 | */ | ||
| 54 | static void public_key_destroy(void *payload0, void *payload3) | ||
| 55 | { | ||
| 56 | public_key_free(payload0); | ||
| 57 | public_key_signature_free(payload3); | ||
| 49 | } | 58 | } |
| 50 | EXPORT_SYMBOL_GPL(public_key_destroy); | ||
| 51 | 59 | ||
| 52 | struct public_key_completion { | 60 | struct public_key_completion { |
| 53 | struct completion completion; | 61 | struct completion completion; |
diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c index 004d5fc8e56b..3beee3976ed5 100644 --- a/crypto/asymmetric_keys/signature.c +++ b/crypto/asymmetric_keys/signature.c | |||
| @@ -15,9 +15,23 @@ | |||
| 15 | #include <keys/asymmetric-subtype.h> | 15 | #include <keys/asymmetric-subtype.h> |
| 16 | #include <linux/export.h> | 16 | #include <linux/export.h> |
| 17 | #include <linux/err.h> | 17 | #include <linux/err.h> |
| 18 | #include <linux/slab.h> | ||
| 18 | #include <crypto/public_key.h> | 19 | #include <crypto/public_key.h> |
| 19 | #include "asymmetric_keys.h" | 20 | #include "asymmetric_keys.h" |
| 20 | 21 | ||
| 22 | /* | ||
| 23 | * Destroy a public key signature. | ||
| 24 | */ | ||
| 25 | void public_key_signature_free(struct public_key_signature *sig) | ||
| 26 | { | ||
| 27 | if (sig) { | ||
| 28 | kfree(sig->s); | ||
| 29 | kfree(sig->digest); | ||
| 30 | kfree(sig); | ||
| 31 | } | ||
| 32 | } | ||
| 33 | EXPORT_SYMBOL_GPL(public_key_signature_free); | ||
| 34 | |||
| 21 | /** | 35 | /** |
| 22 | * verify_signature - Initiate the use of an asymmetric key to verify a signature | 36 | * verify_signature - Initiate the use of an asymmetric key to verify a signature |
| 23 | * @key: The asymmetric key to verify against | 37 | * @key: The asymmetric key to verify against |
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 4a29bac70060..05251c7f9a03 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c | |||
| @@ -47,7 +47,7 @@ struct x509_parse_context { | |||
| 47 | void x509_free_certificate(struct x509_certificate *cert) | 47 | void x509_free_certificate(struct x509_certificate *cert) |
| 48 | { | 48 | { |
| 49 | if (cert) { | 49 | if (cert) { |
| 50 | public_key_destroy(cert->pub); | 50 | public_key_free(cert->pub); |
| 51 | kfree(cert->issuer); | 51 | kfree(cert->issuer); |
| 52 | kfree(cert->subject); | 52 | kfree(cert->subject); |
| 53 | kfree(cert->id); | 53 | kfree(cert->id); |
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index aa730ea7faf8..19f557ca50ba 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h | |||
| @@ -41,7 +41,7 @@ struct public_key { | |||
| 41 | const char *pkey_algo; | 41 | const char *pkey_algo; |
| 42 | }; | 42 | }; |
| 43 | 43 | ||
| 44 | extern void public_key_destroy(void *payload); | 44 | extern void public_key_free(struct public_key *key); |
| 45 | 45 | ||
| 46 | /* | 46 | /* |
| 47 | * Public key cryptography signature data | 47 | * Public key cryptography signature data |
| @@ -55,7 +55,10 @@ struct public_key_signature { | |||
| 55 | const char *hash_algo; | 55 | const char *hash_algo; |
| 56 | }; | 56 | }; |
| 57 | 57 | ||
| 58 | extern void public_key_signature_free(struct public_key_signature *sig); | ||
| 59 | |||
| 58 | extern struct asymmetric_key_subtype public_key_subtype; | 60 | extern struct asymmetric_key_subtype public_key_subtype; |
| 61 | |||
| 59 | struct key; | 62 | struct key; |
| 60 | extern int verify_signature(const struct key *key, | 63 | extern int verify_signature(const struct key *key, |
| 61 | const struct public_key_signature *sig); | 64 | const struct public_key_signature *sig); |
diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h index 4915d40d3c3c..2480469ce8fb 100644 --- a/include/keys/asymmetric-subtype.h +++ b/include/keys/asymmetric-subtype.h | |||
| @@ -32,7 +32,7 @@ struct asymmetric_key_subtype { | |||
| 32 | void (*describe)(const struct key *key, struct seq_file *m); | 32 | void (*describe)(const struct key *key, struct seq_file *m); |
| 33 | 33 | ||
| 34 | /* Destroy a key of this subtype */ | 34 | /* Destroy a key of this subtype */ |
| 35 | void (*destroy)(void *payload); | 35 | void (*destroy)(void *payload_crypto, void *payload_auth); |
| 36 | 36 | ||
| 37 | /* Verify the signature on a key of this subtype (optional) */ | 37 | /* Verify the signature on a key of this subtype (optional) */ |
| 38 | int (*verify_signature)(const struct key *key, | 38 | int (*verify_signature)(const struct key *key, |
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h index 59c1df9cf922..70a8775bb444 100644 --- a/include/keys/asymmetric-type.h +++ b/include/keys/asymmetric-type.h | |||
| @@ -23,9 +23,10 @@ extern struct key_type key_type_asymmetric; | |||
| 23 | * follows: | 23 | * follows: |
| 24 | */ | 24 | */ |
| 25 | enum asymmetric_payload_bits { | 25 | enum asymmetric_payload_bits { |
| 26 | asym_crypto, | 26 | asym_crypto, /* The data representing the key */ |
| 27 | asym_subtype, | 27 | asym_subtype, /* Pointer to an asymmetric_key_subtype struct */ |
| 28 | asym_key_ids, | 28 | asym_key_ids, /* Pointer to an asymmetric_key_ids struct */ |
| 29 | asym_auth /* The key's authorisation (signature, parent key ID) */ | ||
| 29 | }; | 30 | }; |
| 30 | 31 | ||
| 31 | /* | 32 | /* |