diff options
author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-11-05 10:01:13 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-11-17 23:11:59 -0500 |
commit | 65d543b2335ede80e5e66bc4f559f62db5f469bd (patch) | |
tree | 846bf4fd2bcb05ec85e27bcf70b817476ab4bba0 /security/integrity | |
parent | e3c4abbfa97ed0b7aed36f18b32911ccf76d52c2 (diff) |
integrity: provide a function to load x509 certificate from the kernel
Provide the function to load x509 certificates from the kernel into the
integrity kernel keyring.
Changes in v2:
* configuration option removed
* function declared as '__init'
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/digsig.c | 36 | ||||
-rw-r--r-- | security/integrity/integrity.h | 2 |
2 files changed, 37 insertions, 1 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 4f643d1b34dd..5e3bd72b299a 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c | |||
@@ -14,7 +14,7 @@ | |||
14 | 14 | ||
15 | #include <linux/err.h> | 15 | #include <linux/err.h> |
16 | #include <linux/sched.h> | 16 | #include <linux/sched.h> |
17 | #include <linux/rbtree.h> | 17 | #include <linux/slab.h> |
18 | #include <linux/cred.h> | 18 | #include <linux/cred.h> |
19 | #include <linux/key-type.h> | 19 | #include <linux/key-type.h> |
20 | #include <linux/digsig.h> | 20 | #include <linux/digsig.h> |
@@ -84,3 +84,37 @@ int __init integrity_init_keyring(const unsigned int id) | |||
84 | } | 84 | } |
85 | return err; | 85 | return err; |
86 | } | 86 | } |
87 | |||
88 | int __init integrity_load_x509(const unsigned int id, char *path) | ||
89 | { | ||
90 | key_ref_t key; | ||
91 | char *data; | ||
92 | int rc; | ||
93 | |||
94 | if (!keyring[id]) | ||
95 | return -EINVAL; | ||
96 | |||
97 | rc = integrity_read_file(path, &data); | ||
98 | if (rc < 0) | ||
99 | return rc; | ||
100 | |||
101 | key = key_create_or_update(make_key_ref(keyring[id], 1), | ||
102 | "asymmetric", | ||
103 | NULL, | ||
104 | data, | ||
105 | rc, | ||
106 | ((KEY_POS_ALL & ~KEY_POS_SETATTR) | | ||
107 | KEY_USR_VIEW | KEY_USR_READ), | ||
108 | KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_TRUSTED); | ||
109 | if (IS_ERR(key)) { | ||
110 | rc = PTR_ERR(key); | ||
111 | pr_err("Problem loading X.509 certificate (%d): %s\n", | ||
112 | rc, path); | ||
113 | } else { | ||
114 | pr_notice("Loaded X.509 cert '%s': %s\n", | ||
115 | key_ref_to_ptr(key)->description, path); | ||
116 | key_ref_put(key); | ||
117 | } | ||
118 | kfree(data); | ||
119 | return 0; | ||
120 | } | ||
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 20d220481025..1057abbd31cd 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h | |||
@@ -134,6 +134,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, | |||
134 | const char *digest, int digestlen); | 134 | const char *digest, int digestlen); |
135 | 135 | ||
136 | int __init integrity_init_keyring(const unsigned int id); | 136 | int __init integrity_init_keyring(const unsigned int id); |
137 | int __init integrity_load_x509(const unsigned int id, char *path); | ||
137 | #else | 138 | #else |
138 | 139 | ||
139 | static inline int integrity_digsig_verify(const unsigned int id, | 140 | static inline int integrity_digsig_verify(const unsigned int id, |
@@ -147,6 +148,7 @@ static inline int integrity_init_keyring(const unsigned int id) | |||
147 | { | 148 | { |
148 | return 0; | 149 | return 0; |
149 | } | 150 | } |
151 | |||
150 | #endif /* CONFIG_INTEGRITY_SIGNATURE */ | 152 | #endif /* CONFIG_INTEGRITY_SIGNATURE */ |
151 | 153 | ||
152 | #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS | 154 | #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS |