| digsig.c (ed32f8d42cee118b075e4372a55c7739a11094b2) | digsig.c (39b07096364a42c516415d5f841069e885234e61) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2011 Intel Corporation 4 * 5 * Author: 6 * Dmitry Kasatkin <dmitry.kasatkin@intel.com> 7 */ 8 --- 25 unchanged lines hidden (view full) --- 34}; 35 36#ifdef CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY 37#define restrict_link_to_ima restrict_link_by_builtin_and_secondary_trusted 38#else 39#define restrict_link_to_ima restrict_link_by_builtin_trusted 40#endif 41 | 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2011 Intel Corporation 4 * 5 * Author: 6 * Dmitry Kasatkin <dmitry.kasatkin@intel.com> 7 */ 8 --- 25 unchanged lines hidden (view full) --- 34}; 35 36#ifdef CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY 37#define restrict_link_to_ima restrict_link_by_builtin_and_secondary_trusted 38#else 39#define restrict_link_to_ima restrict_link_by_builtin_trusted 40#endif 41 |
| 42int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 43 const char *digest, int digestlen) | 42static struct key *integrity_keyring_from_id(const unsigned int id) |
| 44{ | 43{ |
| 45 if (id >= INTEGRITY_KEYRING_MAX || siglen < 2) 46 return -EINVAL; | 44 if (id >= INTEGRITY_KEYRING_MAX) 45 return ERR_PTR(-EINVAL); |
| 47 48 if (!keyring[id]) { 49 keyring[id] = 50 request_key(&key_type_keyring, keyring_name[id], NULL); 51 if (IS_ERR(keyring[id])) { 52 int err = PTR_ERR(keyring[id]); 53 pr_err("no %s keyring: %d\n", keyring_name[id], err); 54 keyring[id] = NULL; | 46 47 if (!keyring[id]) { 48 keyring[id] = 49 request_key(&key_type_keyring, keyring_name[id], NULL); 50 if (IS_ERR(keyring[id])) { 51 int err = PTR_ERR(keyring[id]); 52 pr_err("no %s keyring: %d\n", keyring_name[id], err); 53 keyring[id] = NULL; |
| 55 return err; | 54 return ERR_PTR(err); |
| 56 } 57 } 58 | 55 } 56 } 57 |
| 58 return keyring[id]; 59} 60 61int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 62 const char *digest, int digestlen) 63{ 64 struct key *keyring; 65 66 if (siglen < 2) 67 return -EINVAL; 68 69 keyring = integrity_keyring_from_id(id); 70 if (IS_ERR(keyring)) 71 return PTR_ERR(keyring); 72 |
|
| 59 switch (sig[1]) { 60 case 1: 61 /* v1 API expect signature without xattr type */ | 73 switch (sig[1]) { 74 case 1: 75 /* v1 API expect signature without xattr type */ |
| 62 return digsig_verify(keyring[id], sig + 1, siglen - 1, 63 digest, digestlen); | 76 return digsig_verify(keyring, sig + 1, siglen - 1, digest, 77 digestlen); |
| 64 case 2: | 78 case 2: |
| 65 return asymmetric_verify(keyring[id], sig, siglen, 66 digest, digestlen); | 79 return asymmetric_verify(keyring, sig, siglen, digest, 80 digestlen); |
| 67 } 68 69 return -EOPNOTSUPP; 70} 71 | 81 } 82 83 return -EOPNOTSUPP; 84} 85 |
| 86int integrity_modsig_verify(const unsigned int id, const struct modsig *modsig) 87{ 88 struct key *keyring; 89 90 keyring = integrity_keyring_from_id(id); 91 if (IS_ERR(keyring)) 92 return PTR_ERR(keyring); 93 94 return ima_modsig_verify(keyring, modsig); 95} 96 |
|
| 72static int __init __integrity_init_keyring(const unsigned int id, 73 key_perm_t perm, 74 struct key_restriction *restriction) 75{ 76 const struct cred *cred = current_cred(); 77 int err = 0; 78 79 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), --- 99 unchanged lines hidden --- | 97static int __init __integrity_init_keyring(const unsigned int id, 98 key_perm_t perm, 99 struct key_restriction *restriction) 100{ 101 const struct cred *cred = current_cred(); 102 int err = 0; 103 104 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), --- 99 unchanged lines hidden --- |