subject:"\[PATCH v4 2\/6\] integrity\: provide a function to load x509 certificate from the kernel"

[PATCH v4 2/6] integrity: provide a function to load x509 certificate from the kernel

2014-11-05 Thread Dmitry Kasatkin

Provide the function to load x509 certificates from the kernel into the
integrity kernel keyring.

Changes in v2:
* configuration option removed
* function declared as '__init'

Signed-off-by: Dmitry Kasatkin 
---
 security/integrity/digsig.c| 37 -
 security/integrity/integrity.h |  2 ++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 4f643d1..fa383fd 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -14,7 +14,7 @@
 
 #include 
 #include 
-#include 
+#include 
 #include 
 #include 
 #include 
@@ -84,3 +84,38 @@ int __init integrity_init_keyring(const unsigned int id)
}
return err;
 }
+
+int __init integrity_load_x509(const unsigned int id, char *path)
+{
+   key_ref_t key;
+   char *data;
+   int rc;
+
+   if (!keyring[id])
+   return -EINVAL;
+
+   rc = integrity_read_file(path, );
+   if (rc < 0)
+   return rc;
+
+   key = key_create_or_update(make_key_ref(keyring[id], 1),
+  "asymmetric",
+  NULL,
+  data,
+  rc,
+  ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+  KEY_USR_VIEW | KEY_USR_READ),
+  KEY_ALLOC_NOT_IN_QUOTA |
+  KEY_ALLOC_TRUSTED);
+   if (IS_ERR(key)) {
+   rc = PTR_ERR(key);
+   pr_err("Problem loading X.509 certificate (%d): %s\n",
+  rc, path);
+   } else {
+   pr_notice("Loaded X.509 cert '%s': %s\n",
+ key_ref_to_ptr(key)->description, path);
+   key_ref_put(key);
+   }
+   kfree(data);
+   return 0;
+}
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 20d2204..1057abb 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -134,6 +134,7 @@ int integrity_digsig_verify(const unsigned int id, const 
char *sig, int siglen,
const char *digest, int digestlen);
 
 int __init integrity_init_keyring(const unsigned int id);
+int __init integrity_load_x509(const unsigned int id, char *path);
 #else
 
 static inline int integrity_digsig_verify(const unsigned int id,
@@ -147,6 +148,7 @@ static inline int integrity_init_keyring(const unsigned int 
id)
 {
return 0;
 }
+
 #endif /* CONFIG_INTEGRITY_SIGNATURE */
 
 #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH v4 2/6] integrity: provide a function to load x509 certificate from the kernel

2014-11-05 Thread Dmitry Kasatkin

Provide the function to load x509 certificates from the kernel into the
integrity kernel keyring.

Changes in v2:
* configuration option removed
* function declared as '__init'

Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
 security/integrity/digsig.c| 37 -
 security/integrity/integrity.h |  2 ++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 4f643d1..fa383fd 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -14,7 +14,7 @@
 
 #include linux/err.h
 #include linux/sched.h
-#include linux/rbtree.h
+#include linux/slab.h
 #include linux/cred.h
 #include linux/key-type.h
 #include linux/digsig.h
@@ -84,3 +84,38 @@ int __init integrity_init_keyring(const unsigned int id)
}
return err;
 }
+
+int __init integrity_load_x509(const unsigned int id, char *path)
+{
+   key_ref_t key;
+   char *data;
+   int rc;
+
+   if (!keyring[id])
+   return -EINVAL;
+
+   rc = integrity_read_file(path, data);
+   if (rc  0)
+   return rc;
+
+   key = key_create_or_update(make_key_ref(keyring[id], 1),
+  asymmetric,
+  NULL,
+  data,
+  rc,
+  ((KEY_POS_ALL  ~KEY_POS_SETATTR) |
+  KEY_USR_VIEW | KEY_USR_READ),
+  KEY_ALLOC_NOT_IN_QUOTA |
+  KEY_ALLOC_TRUSTED);
+   if (IS_ERR(key)) {
+   rc = PTR_ERR(key);
+   pr_err(Problem loading X.509 certificate (%d): %s\n,
+  rc, path);
+   } else {
+   pr_notice(Loaded X.509 cert '%s': %s\n,
+ key_ref_to_ptr(key)-description, path);
+   key_ref_put(key);
+   }
+   kfree(data);
+   return 0;
+}
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 20d2204..1057abb 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -134,6 +134,7 @@ int integrity_digsig_verify(const unsigned int id, const 
char *sig, int siglen,
const char *digest, int digestlen);
 
 int __init integrity_init_keyring(const unsigned int id);
+int __init integrity_load_x509(const unsigned int id, char *path);
 #else
 
 static inline int integrity_digsig_verify(const unsigned int id,
@@ -147,6 +148,7 @@ static inline int integrity_init_keyring(const unsigned int 
id)
 {
return 0;
 }
+
 #endif /* CONFIG_INTEGRITY_SIGNATURE */
 
 #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
-- 
1.9.1

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH v4 2/6] integrity: provide a function to load x509 certificate from the kernel

[PATCH v4 2/6] integrity: provide a function to load x509 certificate from the kernel

2 matches

Site Navigation

Mail list logo

Footer information