aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2014-11-05 10:01:13 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-11-17 23:11:59 -0500
commit65d543b2335ede80e5e66bc4f559f62db5f469bd (patch)
tree846bf4fd2bcb05ec85e27bcf70b817476ab4bba0 /security/integrity
parente3c4abbfa97ed0b7aed36f18b32911ccf76d52c2 (diff)
integrity: provide a function to load x509 certificate from the kernel
Provide the function to load x509 certificates from the kernel into the integrity kernel keyring. Changes in v2: * configuration option removed * function declared as '__init' Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/digsig.c36
-rw-r--r--security/integrity/integrity.h2
2 files changed, 37 insertions, 1 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 4f643d1b34dd..5e3bd72b299a 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -14,7 +14,7 @@
14 14
15#include <linux/err.h> 15#include <linux/err.h>
16#include <linux/sched.h> 16#include <linux/sched.h>
17#include <linux/rbtree.h> 17#include <linux/slab.h>
18#include <linux/cred.h> 18#include <linux/cred.h>
19#include <linux/key-type.h> 19#include <linux/key-type.h>
20#include <linux/digsig.h> 20#include <linux/digsig.h>
@@ -84,3 +84,37 @@ int __init integrity_init_keyring(const unsigned int id)
84 } 84 }
85 return err; 85 return err;
86} 86}
87
88int __init integrity_load_x509(const unsigned int id, char *path)
89{
90 key_ref_t key;
91 char *data;
92 int rc;
93
94 if (!keyring[id])
95 return -EINVAL;
96
97 rc = integrity_read_file(path, &data);
98 if (rc < 0)
99 return rc;
100
101 key = key_create_or_update(make_key_ref(keyring[id], 1),
102 "asymmetric",
103 NULL,
104 data,
105 rc,
106 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
107 KEY_USR_VIEW | KEY_USR_READ),
108 KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_TRUSTED);
109 if (IS_ERR(key)) {
110 rc = PTR_ERR(key);
111 pr_err("Problem loading X.509 certificate (%d): %s\n",
112 rc, path);
113 } else {
114 pr_notice("Loaded X.509 cert '%s': %s\n",
115 key_ref_to_ptr(key)->description, path);
116 key_ref_put(key);
117 }
118 kfree(data);
119 return 0;
120}
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 20d220481025..1057abbd31cd 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -134,6 +134,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
134 const char *digest, int digestlen); 134 const char *digest, int digestlen);
135 135
136int __init integrity_init_keyring(const unsigned int id); 136int __init integrity_init_keyring(const unsigned int id);
137int __init integrity_load_x509(const unsigned int id, char *path);
137#else 138#else
138 139
139static inline int integrity_digsig_verify(const unsigned int id, 140static inline int integrity_digsig_verify(const unsigned int id,
@@ -147,6 +148,7 @@ static inline int integrity_init_keyring(const unsigned int id)
147{ 148{
148 return 0; 149 return 0;
149} 150}
151
150#endif /* CONFIG_INTEGRITY_SIGNATURE */ 152#endif /* CONFIG_INTEGRITY_SIGNATURE */
151 153
152#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 154#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS