Commit 3b764563 authored by David Howells's avatar David Howells

KEYS: Allow authentication data to be stored in an asymmetric key

Allow authentication data to be stored in an asymmetric key in the 4th
element of the key payload and provide a way for it to be destroyed.

For the public key subtype, this will be a public_key_signature struct.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent 864e7a81
...@@ -331,7 +331,8 @@ static void asymmetric_key_free_preparse(struct key_preparsed_payload *prep) ...@@ -331,7 +331,8 @@ static void asymmetric_key_free_preparse(struct key_preparsed_payload *prep)
pr_devel("==>%s()\n", __func__); pr_devel("==>%s()\n", __func__);
if (subtype) { if (subtype) {
subtype->destroy(prep->payload.data[asym_crypto]); subtype->destroy(prep->payload.data[asym_crypto],
prep->payload.data[asym_auth]);
module_put(subtype->owner); module_put(subtype->owner);
} }
asymmetric_key_free_kids(kids); asymmetric_key_free_kids(kids);
...@@ -346,13 +347,15 @@ static void asymmetric_key_destroy(struct key *key) ...@@ -346,13 +347,15 @@ static void asymmetric_key_destroy(struct key *key)
struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
struct asymmetric_key_ids *kids = key->payload.data[asym_key_ids]; struct asymmetric_key_ids *kids = key->payload.data[asym_key_ids];
void *data = key->payload.data[asym_crypto]; void *data = key->payload.data[asym_crypto];
void *auth = key->payload.data[asym_auth];
key->payload.data[asym_crypto] = NULL; key->payload.data[asym_crypto] = NULL;
key->payload.data[asym_subtype] = NULL; key->payload.data[asym_subtype] = NULL;
key->payload.data[asym_key_ids] = NULL; key->payload.data[asym_key_ids] = NULL;
key->payload.data[asym_auth] = NULL;
if (subtype) { if (subtype) {
subtype->destroy(data); subtype->destroy(data, auth);
module_put(subtype->owner); module_put(subtype->owner);
} }
......
...@@ -39,15 +39,23 @@ static void public_key_describe(const struct key *asymmetric_key, ...@@ -39,15 +39,23 @@ static void public_key_describe(const struct key *asymmetric_key,
/* /*
* Destroy a public key algorithm key. * Destroy a public key algorithm key.
*/ */
void public_key_destroy(void *payload) void public_key_free(struct public_key *key)
{ {
struct public_key *key = payload; if (key) {
if (key)
kfree(key->key); kfree(key->key);
kfree(key); kfree(key);
}
}
EXPORT_SYMBOL_GPL(public_key_free);
/*
* Destroy a public key algorithm key.
*/
static void public_key_destroy(void *payload0, void *payload3)
{
public_key_free(payload0);
public_key_signature_free(payload3);
} }
EXPORT_SYMBOL_GPL(public_key_destroy);
struct public_key_completion { struct public_key_completion {
struct completion completion; struct completion completion;
......
...@@ -15,9 +15,23 @@ ...@@ -15,9 +15,23 @@
#include <keys/asymmetric-subtype.h> #include <keys/asymmetric-subtype.h>
#include <linux/export.h> #include <linux/export.h>
#include <linux/err.h> #include <linux/err.h>
#include <linux/slab.h>
#include <crypto/public_key.h> #include <crypto/public_key.h>
#include "asymmetric_keys.h" #include "asymmetric_keys.h"
/*
* Destroy a public key signature.
*/
void public_key_signature_free(struct public_key_signature *sig)
{
if (sig) {
kfree(sig->s);
kfree(sig->digest);
kfree(sig);
}
}
EXPORT_SYMBOL_GPL(public_key_signature_free);
/** /**
* verify_signature - Initiate the use of an asymmetric key to verify a signature * verify_signature - Initiate the use of an asymmetric key to verify a signature
* @key: The asymmetric key to verify against * @key: The asymmetric key to verify against
......
...@@ -47,7 +47,7 @@ struct x509_parse_context { ...@@ -47,7 +47,7 @@ struct x509_parse_context {
void x509_free_certificate(struct x509_certificate *cert) void x509_free_certificate(struct x509_certificate *cert)
{ {
if (cert) { if (cert) {
public_key_destroy(cert->pub); public_key_free(cert->pub);
kfree(cert->issuer); kfree(cert->issuer);
kfree(cert->subject); kfree(cert->subject);
kfree(cert->id); kfree(cert->id);
......
...@@ -41,7 +41,7 @@ struct public_key { ...@@ -41,7 +41,7 @@ struct public_key {
const char *pkey_algo; const char *pkey_algo;
}; };
extern void public_key_destroy(void *payload); extern void public_key_free(struct public_key *key);
/* /*
* Public key cryptography signature data * Public key cryptography signature data
...@@ -55,7 +55,10 @@ struct public_key_signature { ...@@ -55,7 +55,10 @@ struct public_key_signature {
const char *hash_algo; const char *hash_algo;
}; };
extern void public_key_signature_free(struct public_key_signature *sig);
extern struct asymmetric_key_subtype public_key_subtype; extern struct asymmetric_key_subtype public_key_subtype;
struct key; struct key;
extern int verify_signature(const struct key *key, extern int verify_signature(const struct key *key,
const struct public_key_signature *sig); const struct public_key_signature *sig);
......
...@@ -32,7 +32,7 @@ struct asymmetric_key_subtype { ...@@ -32,7 +32,7 @@ struct asymmetric_key_subtype {
void (*describe)(const struct key *key, struct seq_file *m); void (*describe)(const struct key *key, struct seq_file *m);
/* Destroy a key of this subtype */ /* Destroy a key of this subtype */
void (*destroy)(void *payload); void (*destroy)(void *payload_crypto, void *payload_auth);
/* Verify the signature on a key of this subtype (optional) */ /* Verify the signature on a key of this subtype (optional) */
int (*verify_signature)(const struct key *key, int (*verify_signature)(const struct key *key,
......
...@@ -23,9 +23,10 @@ extern struct key_type key_type_asymmetric; ...@@ -23,9 +23,10 @@ extern struct key_type key_type_asymmetric;
* follows: * follows:
*/ */
enum asymmetric_payload_bits { enum asymmetric_payload_bits {
asym_crypto, asym_crypto, /* The data representing the key */
asym_subtype, asym_subtype, /* Pointer to an asymmetric_key_subtype struct */
asym_key_ids, asym_key_ids, /* Pointer to an asymmetric_key_ids struct */
asym_auth /* The key's authorisation (signature, parent key ID) */
}; };
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment