summaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2013-08-30 17:07:37 +0200
committerDavid Howells <dhowells@redhat.com>2013-09-25 18:17:01 +0200
commit008643b86c5f33c115c84ccdda1725cac3ad50ad (patch)
tree951ea0d3d7b84ce3570da17f03f45a53f3e4b35d /security/keys
parentKEYS: Separate the kernel signature checking keyring from module signing (diff)
downloadlinux-008643b86c5f33c115c84ccdda1725cac3ad50ad.tar.xz
linux-008643b86c5f33c115c84ccdda1725cac3ad50ad.zip
KEYS: Add a 'trusted' flag and a 'trusted only' flag
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source or had a cryptographic signature chain that led back to a trusted key the kernel already possessed. Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to keys marked with KEY_FLAGS_TRUSTED. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/key.c8
-rw-r--r--security/keys/keyring.c4
2 files changed, 12 insertions, 0 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index a819b5c7d4ec..d331ea9ef380 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -300,6 +300,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
key->flags |= 1 << KEY_FLAG_IN_QUOTA;
+ if (flags & KEY_ALLOC_TRUSTED)
+ key->flags |= 1 << KEY_FLAG_TRUSTED;
memset(&key->type_data, 0, sizeof(key->type_data));
@@ -813,6 +815,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
prep.data = payload;
prep.datalen = plen;
prep.quotalen = index_key.type->def_datalen;
+ prep.trusted = flags & KEY_ALLOC_TRUSTED;
if (index_key.type->preparse) {
ret = index_key.type->preparse(&prep);
if (ret < 0) {
@@ -827,6 +830,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
}
index_key.desc_len = strlen(index_key.description);
+ key_ref = ERR_PTR(-EPERM);
+ if (!prep.trusted && test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags))
+ goto error_free_prep;
+ flags |= prep.trusted ? KEY_ALLOC_TRUSTED : 0;
+
ret = __key_link_begin(keyring, &index_key, &edit);
if (ret < 0) {
key_ref = ERR_PTR(ret);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index f7cdea22214f..9b6f6e09b50c 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1183,6 +1183,10 @@ int key_link(struct key *keyring, struct key *key)
key_check(keyring);
key_check(key);
+ if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) &&
+ !test_bit(KEY_FLAG_TRUSTED, &key->flags))
+ return -EPERM;
+
ret = __key_link_begin(keyring, &key->index_key, &edit);
if (ret == 0) {
kdebug("begun {%d,%d}", keyring->serial, atomic_read(&keyring->usage));