b/Documentation/crypto/asymmetric-keys.txt
@@ -189,6 +189,7 @@ and looks like the following:
const void *in, void *out);
int (*verify_signature)(const struct key *key,
const struct public_key_signature *sig);
+ const struct public_key* (*query_public_key)(const struct key *key);
};
Asymmetric keys point to this with their payload[asym_subtype] member.
b/crypto/asymmetric_keys/public_key.c
@@ -332,6 +332,12 @@ static int public_key_verify_signature_2(const
struct key *key,
return public_key_verify_signature(pk, sig);
}
+static const struct public_key *public_key_query_public_key(
+ const struct key *key)
+{
+ return key->payload.data[asym_crypto];
+}
+
/*
* Public key algorithm asymmetric key subtype
*/
@@ -344,5 +350,6 @@ struct asymmetric_key_subtype public_key_subtype = {
.query = software_key_query,
.eds_op = software_key_eds_op,
.verify_signature = public_key_verify_signature_2,
+ .query_public_key = public_key_query_public_key,
};
EXPORT_SYMBOL_GPL(public_key_subtype);
b/crypto/asymmetric_keys/signature.c
@@ -161,3 +161,27 @@ int verify_signature(const struct key *key,
return ret;
}
EXPORT_SYMBOL_GPL(verify_signature);
+
+const struct public_key *query_public_key(const struct key *key)
+{
+ const struct public_key *pk;
+ const struct asymmetric_key_subtype *subtype;
+
+ pr_devel("==>%s()\n", __func__);
+
+ if (key->type != &key_type_asymmetric)
+ return NULL;
+ subtype = asymmetric_key_subtype(key);
+ if (!subtype ||
+ !key->payload.data[0])
+ return NULL;
+ if (!subtype->query_public_key)
+ return NULL;
+
+ pk = subtype->query_public_key(key);
+
+ pr_devel("<==%s()\n", __func__);
+
+ return pk;
+}
+EXPORT_SYMBOL_GPL(query_public_key);
@@ -81,6 +81,7 @@ extern int decrypt_blob(struct kernel_pkey_params *,
const void *, void *);
extern int create_signature(struct kernel_pkey_params *, const void *,
void *);
extern int verify_signature(const struct key *,
const struct public_key_signature *);
+extern const struct public_key *query_public_key(const struct key *key);
int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig);
b/include/keys/asymmetric-subtype.h
@@ -46,6 +46,9 @@ struct asymmetric_key_subtype {
/* Verify the signature on a key of this subtype (optional) */
int (*verify_signature)(const struct key *key,
const struct public_key_signature *sig);
+
+ /* Query public key of the given key */
+ const struct public_key *(*query_public_key)(const struct key *key);
};
/**
Added a new interface method namely query_public_key to asymmetric_key_subtype interface. Defined public_key_query_public_key method that returns the public key of the given key. This method is called when the query_public_key interface method in asymmetric_key_subtype interface is invoked. This change will be used by IMA (described in PATCH 2/2: [IMA] Measure public keys of BuiltIn Trusted Keys) that measures the public key of keys in BuiltIn Trusted Keys. Signed-off-by: Lakshmi <nramas@microsoft.com> --- Documentation/crypto/asymmetric-keys.txt | 1 + crypto/asymmetric_keys/public_key.c | 7 +++++++ crypto/asymmetric_keys/signature.c | 24 ++++++++++++++++++++++++ include/crypto/public_key.h | 1 + include/keys/asymmetric-subtype.h | 3 +++ 5 files changed, 36 insertions(+)