aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/digsig.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/digsig.c')
-rw-r--r--security/integrity/digsig.c30
1 files changed, 1 insertions, 29 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 77ca965ab684..b4af4ebc5be2 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -13,9 +13,7 @@
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 14
15#include <linux/err.h> 15#include <linux/err.h>
16#include <linux/sched.h>
17#include <linux/rbtree.h> 16#include <linux/rbtree.h>
18#include <linux/cred.h>
19#include <linux/key-type.h> 17#include <linux/key-type.h>
20#include <linux/digsig.h> 18#include <linux/digsig.h>
21 19
@@ -23,19 +21,11 @@
23 21
24static struct key *keyring[INTEGRITY_KEYRING_MAX]; 22static struct key *keyring[INTEGRITY_KEYRING_MAX];
25 23
26#ifdef CONFIG_IMA_TRUSTED_KEYRING
27static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
28 ".evm",
29 ".module",
30 ".ima",
31};
32#else
33static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { 24static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
34 "_evm", 25 "_evm",
35 "_module", 26 "_module",
36 "_ima", 27 "_ima",
37}; 28};
38#endif
39 29
40int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 30int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
41 const char *digest, int digestlen) 31 const char *digest, int digestlen)
@@ -45,7 +35,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
45 35
46 if (!keyring[id]) { 36 if (!keyring[id]) {
47 keyring[id] = 37 keyring[id] =
48 request_key(&key_type_keyring, keyring_name[id], NULL); 38 request_key(&key_type_keyring, keyring_name[id], NULL);
49 if (IS_ERR(keyring[id])) { 39 if (IS_ERR(keyring[id])) {
50 int err = PTR_ERR(keyring[id]); 40 int err = PTR_ERR(keyring[id]);
51 pr_err("no %s keyring: %d\n", keyring_name[id], err); 41 pr_err("no %s keyring: %d\n", keyring_name[id], err);
@@ -66,21 +56,3 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
66 56
67 return -EOPNOTSUPP; 57 return -EOPNOTSUPP;
68} 58}
69
70int integrity_init_keyring(const unsigned int id)
71{
72 const struct cred *cred = current_cred();
73 const struct user_struct *user = cred->user;
74
75 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
76 KGIDT_INIT(0), cred,
77 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
78 KEY_USR_VIEW | KEY_USR_READ),
79 KEY_ALLOC_NOT_IN_QUOTA, user->uid_keyring);
80 if (!IS_ERR(keyring[id]))
81 set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags);
82 else
83 pr_info("Can't allocate %s keyring (%ld)\n",
84 keyring_name[id], PTR_ERR(keyring[id]));
85 return 0;
86}
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-31 02:59:19 -0400