KEYS: Add a lookup_restriction function for the asymmetric key type
authorMat Martineau <mathew.j.martineau@linux.intel.com>
Fri, 6 May 2016 21:25:39 +0000 (14:25 -0700)
committerMat Martineau <mathew.j.martineau@linux.intel.com>
Tue, 4 Apr 2017 21:10:12 +0000 (14:10 -0700)
Look up asymmetric keyring restriction information using the key-type
lookup_restrict hook.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Documentation/crypto/asymmetric-keys.txt
crypto/asymmetric_keys/asymmetric_type.c

index 2b7816dea370a2f4a30404f5bbc8542f1f231561..4373e7d86c6aa2d8e2968ca3194a97b05a5014e2 100644 (file)
@@ -311,3 +311,38 @@ Functions are provided to register and unregister parsers:
 
 Parsers may not have the same name.  The names are otherwise only used for
 displaying in debugging messages.
+
+
+=========================
+KEYRING LINK RESTRICTIONS
+=========================
+
+Keyrings created from userspace using add_key can be configured to check the
+signature of the key being linked.
+
+Several restriction methods are available:
+
+ (1) Restrict using the kernel builtin trusted keyring
+
+     - Option string used with KEYCTL_RESTRICT_KEYRING:
+       - "builtin_trusted"
+
+     The kernel builtin trusted keyring will be searched for the signing
+     key. The ca_keys kernel parameter also affects which keys are used for
+     signature verification.
+
+ (2) Restrict using the kernel builtin and secondary trusted keyrings
+
+     - Option string used with KEYCTL_RESTRICT_KEYRING:
+       - "builtin_and_secondary_trusted"
+
+     The kernel builtin and secondary trusted keyrings will be searched for the
+     signing key. The ca_keys kernel parameter also affects which keys are used
+     for signature verification.
+
+In all of these cases, if the signing key is found the signature of the key to
+be linked will be verified using the signing key.  The requested key is added
+to the keyring only if the signature is successfully verified.  -ENOKEY is
+returned if the parent certificate could not be found, or -EKEYREJECTED is
+returned if the signature check fails or the key is blacklisted.  Other errors
+may be returned if the signature check could not be performed.
index 6600181d5d01b72e7cfe04fc3fb4054a9a2a108a..2e3380d09631b17999ab33b7742ad0a692aa4a37 100644 (file)
@@ -17,6 +17,7 @@
 #include <linux/module.h>
 #include <linux/slab.h>
 #include <linux/ctype.h>
+#include <keys/system_keyring.h>
 #include "asymmetric_keys.h"
 
 MODULE_LICENSE("GPL");
@@ -451,15 +452,50 @@ static void asymmetric_key_destroy(struct key *key)
        asymmetric_key_free_kids(kids);
 }
 
+static struct key_restriction *asymmetric_restriction_alloc(
+       key_restrict_link_func_t check,
+       struct key *key)
+{
+       struct key_restriction *keyres =
+               kzalloc(sizeof(struct key_restriction), GFP_KERNEL);
+
+       if (!keyres)
+               return ERR_PTR(-ENOMEM);
+
+       keyres->check = check;
+       keyres->key = key;
+       keyres->keytype = &key_type_asymmetric;
+
+       return keyres;
+}
+
+/*
+ * look up keyring restrict functions for asymmetric keys
+ */
+static struct key_restriction *asymmetric_lookup_restriction(
+       const char *restriction)
+{
+       if (strcmp("builtin_trusted", restriction) == 0)
+               return asymmetric_restriction_alloc(
+                       restrict_link_by_builtin_trusted, NULL);
+
+       if (strcmp("builtin_and_secondary_trusted", restriction) == 0)
+               return asymmetric_restriction_alloc(
+                       restrict_link_by_builtin_and_secondary_trusted, NULL);
+
+       return ERR_PTR(-EINVAL);
+}
+
 struct key_type key_type_asymmetric = {
-       .name           = "asymmetric",
-       .preparse       = asymmetric_key_preparse,
-       .free_preparse  = asymmetric_key_free_preparse,
-       .instantiate    = generic_key_instantiate,
-       .match_preparse = asymmetric_key_match_preparse,
-       .match_free     = asymmetric_key_match_free,
-       .destroy        = asymmetric_key_destroy,
-       .describe       = asymmetric_key_describe,
+       .name                   = "asymmetric",
+       .preparse               = asymmetric_key_preparse,
+       .free_preparse          = asymmetric_key_free_preparse,
+       .instantiate            = generic_key_instantiate,
+       .match_preparse         = asymmetric_key_match_preparse,
+       .match_free             = asymmetric_key_match_free,
+       .destroy                = asymmetric_key_destroy,
+       .describe               = asymmetric_key_describe,
+       .lookup_restriction     = asymmetric_lookup_restriction,
 };
 EXPORT_SYMBOL_GPL(key_type_asymmetric);