[v4,5/6] KEYS: Add a lookup_restrict function for the asymmetric key type
diff mbox

Message ID 20160707205337.2061-6-mathew.j.martineau@linux.intel.com
State New
Headers show

Commit Message

Mat Martineau July 7, 2016, 8:53 p.m. UTC
Look up asymmetric keyring restriction functions using the key-type
lookup_restrict hook.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
---
 crypto/asymmetric_keys/asymmetric_type.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

Patch
diff mbox

diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 77aa44a..261f058 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -18,6 +18,7 @@ 
 #include <linux/slab.h>
 #include <linux/ctype.h>
 #include <keys/user-type.h>
+#include <keys/system_keyring.h>
 #include "asymmetric_keys.h"
 
 MODULE_LICENSE("GPL");
@@ -491,6 +492,21 @@  static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
 	return verify_signature(params->key, &sig);
 }
 
+/*
+ * look up keyring restrict functions for asymmetric keys
+ */
+static restrict_link_func_t asymmetric_lookup_restrict(const char *restriction)
+{
+	if (strcmp("keyring", restriction) == 0)
+		return restrict_link_by_keyring;
+	else if (strcmp("builtin_trusted", restriction) == 0)
+		return restrict_link_by_builtin_trusted;
+	else if (strcmp("builtin_and_secondary_trusted", restriction) == 0)
+		return restrict_link_by_builtin_and_secondary_trusted;
+	else
+		return ERR_PTR(-EINVAL);
+}
+
 struct key_type key_type_asymmetric = {
 	.name			= "asymmetric",
 	.preparse		= asymmetric_key_preparse,
@@ -503,6 +519,7 @@  struct key_type key_type_asymmetric = {
 	.asym_query		= query_asymmetric_key,
 	.asym_eds_op		= asymmetric_key_eds_op,
 	.asym_verify_signature	= asymmetric_key_verify_signature,
+	.lookup_restrict	= asymmetric_lookup_restrict,
 };
 EXPORT_SYMBOL_GPL(key_type_asymmetric);