Apply Crypto API wrappers to the exported crypto symbol in CONFIG_ASYMMETRIC_KEY_TYPE-related crypto to convert them into pluggable interface.
Signed-off-by: Jay Wang <[email protected]> --- certs/system_keyring.c | 1 + crypto/asymmetric_keys/Makefile | 2 +- crypto/asymmetric_keys/asymmetric_type.c | 4 +-- crypto/asymmetric_keys/restrict.c | 3 +- crypto/fips140/fips140-api.c | 44 ++++++++++++++++++++++++ include/crypto/public_key.h | 29 +++++++++------- include/keys/asymmetric-parser.h | 8 +++-- include/keys/asymmetric-type.h | 32 +++++++++-------- 8 files changed, 90 insertions(+), 33 deletions(-) diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 9de610bf1f4b..a53261dc5629 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -50,6 +50,7 @@ int restrict_link_by_builtin_trusted(struct key *dest_keyring, return restrict_link_by_signature(dest_keyring, type, payload, builtin_trusted_keys); } +EXPORT_SYMBOL_GPL(restrict_link_by_builtin_trusted); /** * restrict_link_by_digsig_builtin - Restrict digitalSignature key additions by the built-in keyring diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index bc65d3b98dcb..252536153d73 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -3,7 +3,7 @@ # Makefile for asymmetric cryptographic keys # -obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o +crypto-objs-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o asymmetric_keys-y := \ asymmetric_type.o \ diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index 2326743310b1..9afc58536cf6 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -677,5 +677,5 @@ static void __exit asymmetric_key_cleanup(void) unregister_key_type(&key_type_asymmetric); } -module_init(asymmetric_key_init); -module_exit(asymmetric_key_cleanup); +crypto_module_init(asymmetric_key_init); +crypto_module_exit(asymmetric_key_cleanup); diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index 86292965f493..5d6ecf9eadbc 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -114,7 +114,7 @@ int restrict_link_by_signature(struct key *dest_keyring, key_put(key); return ret; } - +EXPORT_SYMBOL_GPL(restrict_link_by_signature); /** * restrict_link_by_ca - Restrict additions to a ring of CA keys * @dest_keyring: Keyring being linked to. @@ -198,6 +198,7 @@ int restrict_link_by_digsig(struct key *dest_keyring, return restrict_link_by_signature(dest_keyring, type, payload, trust_keyring); } +EXPORT_SYMBOL_GPL(restrict_link_by_digsig); static bool match_either_id(const struct asymmetric_key_id **pair, const struct asymmetric_key_id *single) diff --git a/crypto/fips140/fips140-api.c b/crypto/fips140/fips140-api.c index 20afa1c21cf0..100f50ad7b43 100644 --- a/crypto/fips140/fips140-api.c +++ b/crypto/fips140/fips140-api.c @@ -413,3 +413,47 @@ DEFINE_CRYPTO_API_STUB(crypto_unregister_rngs); DEFINE_CRYPTO_API_STUB(crypto_del_default_rng); #endif +/* + * crypto/asymmetric_keys/asymmetric_type.c + */ +#if IS_BUILTIN(CONFIG_ASYMMETRIC_KEY_TYPE) + +#include <keys/asymmetric-parser.h> + +DEFINE_CRYPTO_API_STUB(register_asymmetric_key_parser); +DEFINE_CRYPTO_API_STUB(unregister_asymmetric_key_parser); + +#include <keys/asymmetric-type.h> + +DEFINE_CRYPTO_API_STUB(asymmetric_key_id_same); +DEFINE_CRYPTO_API_STUB(asymmetric_key_id_partial); +DEFINE_CRYPTO_API_STUB(asymmetric_key_generate_id); +DEFINE_CRYPTO_API_STUB(find_asymmetric_key); + +#undef key_type_asymmetric +DEFINE_CRYPTO_VAR_STUB(key_type_asymmetric); + +#endif +/* + * crypto/asymmetric_keys/signature.c + */ +#if IS_BUILTIN(CONFIG_ASYMMETRIC_KEY_TYPE) + +#include <crypto/public_key.h> + +DEFINE_CRYPTO_API_STUB(public_key_signature_free); +DEFINE_CRYPTO_API_STUB(query_asymmetric_key); +DEFINE_CRYPTO_API_STUB(verify_signature); + +#endif +/* + * crypto/asymmetric_keys/restrict.c + */ +#if IS_BUILTIN(CONFIG_ASYMMETRIC_KEY_TYPE) + +#include <crypto/public_key.h> + +DEFINE_CRYPTO_API_STUB(restrict_link_by_signature); +DEFINE_CRYPTO_API_STUB(restrict_link_by_digsig); + +#endif diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 4c5199b20338..be789854fdcb 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -10,6 +10,7 @@ #ifndef _LINUX_PUBLIC_KEY_H #define _LINUX_PUBLIC_KEY_H +#include <crypto/api.h> #include <linux/errno.h> #include <linux/keyctl.h> #include <linux/oid_registry.h> @@ -53,7 +54,9 @@ struct public_key_signature { const char *encoding; }; -extern void public_key_signature_free(struct public_key_signature *sig); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, public_key_signature_free, void, + (struct public_key_signature *sig), + (sig)); extern struct asymmetric_key_subtype public_key_subtype; @@ -61,10 +64,9 @@ struct key; struct key_type; union key_payload; -extern int restrict_link_by_signature(struct key *dest_keyring, - const struct key_type *type, - const union key_payload *payload, - struct key *trust_keyring); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, restrict_link_by_signature, int, + (struct key *dest_keyring, const struct key_type *type, const union key_payload *payload, struct key *trust_keyring), + (dest_keyring, type, payload, trust_keyring)); extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, const struct key_type *type, @@ -81,10 +83,9 @@ extern int restrict_link_by_ca(struct key *dest_keyring, const struct key_type *type, const union key_payload *payload, struct key *trust_keyring); -int restrict_link_by_digsig(struct key *dest_keyring, - const struct key_type *type, - const union key_payload *payload, - struct key *trust_keyring); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, restrict_link_by_digsig, int, + (struct key *dest_keyring, const struct key_type *type, const union key_payload *payload, struct key *trust_keyring), + (dest_keyring, type, payload, trust_keyring)); #else static inline int restrict_link_by_ca(struct key *dest_keyring, const struct key_type *type, @@ -103,11 +104,13 @@ static inline int restrict_link_by_digsig(struct key *dest_keyring, } #endif -extern int query_asymmetric_key(const struct kernel_pkey_params *, - struct kernel_pkey_query *); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, query_asymmetric_key, int, + (const struct kernel_pkey_params *arg1, struct kernel_pkey_query *arg2), + (arg1, arg2)); -extern int verify_signature(const struct key *, - const struct public_key_signature *); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, verify_signature, int, + (const struct key *arg1, const struct public_key_signature *arg2), + (arg1, arg2)); #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) int public_key_verify_signature(const struct public_key *pkey, diff --git a/include/keys/asymmetric-parser.h b/include/keys/asymmetric-parser.h index 516a3f51179e..13474b17055b 100644 --- a/include/keys/asymmetric-parser.h +++ b/include/keys/asymmetric-parser.h @@ -29,7 +29,11 @@ struct asymmetric_key_parser { int (*parse)(struct key_preparsed_payload *prep); }; -extern int register_asymmetric_key_parser(struct asymmetric_key_parser *); -extern void unregister_asymmetric_key_parser(struct asymmetric_key_parser *); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, register_asymmetric_key_parser, int, + (struct asymmetric_key_parser *parser), + (parser)); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, unregister_asymmetric_key_parser, void, + (struct asymmetric_key_parser *parser), + (parser)); #endif /* _KEYS_ASYMMETRIC_PARSER_H */ diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h index 1b91c8f98688..96e718a550a3 100644 --- a/include/keys/asymmetric-type.h +++ b/include/keys/asymmetric-type.h @@ -10,10 +10,15 @@ #ifndef _KEYS_ASYMMETRIC_TYPE_H #define _KEYS_ASYMMETRIC_TYPE_H +#include <crypto/api.h> #include <linux/key-type.h> #include <linux/verification.h> -extern struct key_type key_type_asymmetric; +DECLARE_CRYPTO_VAR(CONFIG_ASYMMETRIC_KEY_TYPE, key_type_asymmetric, struct key_type, ); + +#if defined(CONFIG_CRYPTO_FIPS140_EXTMOD) && !defined(FIPS_MODULE) && IS_BUILTIN(CONFIG_ASYMMETRIC_KEY_TYPE) +#define key_type_asymmetric (*((struct key_type*)CRYPTO_VAR_NAME(key_type_asymmetric))) +#endif /* * The key payload is four words. The asymmetric-type key uses them as @@ -56,16 +61,17 @@ struct asymmetric_key_ids { void *id[3]; }; -extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, - const struct asymmetric_key_id *kid2); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, asymmetric_key_id_same, bool, + (const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2), + (kid1, kid2)); -extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, - const struct asymmetric_key_id *kid2); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, asymmetric_key_id_partial, bool, + (const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2), + (kid1, kid2)); -extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1, - size_t len_1, - const void *val_2, - size_t len_2); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, asymmetric_key_generate_id, struct asymmetric_key_id *, + (const void *val_1, size_t len_1, const void *val_2, size_t len_2), + (val_1, len_1, val_2, len_2)); static inline const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key) { @@ -78,11 +84,9 @@ const struct public_key *asymmetric_key_public_key(const struct key *key) return key->payload.data[asym_crypto]; } -extern struct key *find_asymmetric_key(struct key *keyring, - const struct asymmetric_key_id *id_0, - const struct asymmetric_key_id *id_1, - const struct asymmetric_key_id *id_2, - bool partial); +DECLARE_CRYPTO_API(CONFIG_ASYMMETRIC_KEY_TYPE, find_asymmetric_key, struct key *, + (struct key *keyring, const struct asymmetric_key_id *id_0, const struct asymmetric_key_id *id_1, const struct asymmetric_key_id *id_2, bool partial), + (keyring, id_0, id_1, id_2, partial)); int x509_load_certificate_list(const u8 cert_list[], const unsigned long list_size, const struct key *keyring); -- 2.47.3
