@@ -18,6 +18,7 @@
#include <linux/slab.h>
#include <linux/ctype.h>
#include <keys/user-type.h>
+#include <keys/system_keyring.h>
#include "asymmetric_keys.h"
MODULE_LICENSE("GPL");
@@ -491,6 +492,21 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
return verify_signature(params->key, &sig);
}
+/*
+ * look up keyring restrict functions for asymmetric keys
+ */
+static restrict_link_func_t asymmetric_lookup_restrict(const char *restriction)
+{
+ if (strcmp("keyring", restriction) == 0)
+ return restrict_link_by_keyring;
+ else if (strcmp("builtin_trusted", restriction) == 0)
+ return restrict_link_by_builtin_trusted;
+ else if (strcmp("builtin_and_secondary_trusted", restriction) == 0)
+ return restrict_link_by_builtin_and_secondary_trusted;
+ else
+ return ERR_PTR(-EINVAL);
+}
+
struct key_type key_type_asymmetric = {
.name = "asymmetric",
.preparse = asymmetric_key_preparse,
@@ -503,6 +519,7 @@ struct key_type key_type_asymmetric = {
.asym_query = query_asymmetric_key,
.asym_eds_op = asymmetric_key_eds_op,
.asym_verify_signature = asymmetric_key_verify_signature,
+ .lookup_restrict = asymmetric_lookup_restrict,
};
EXPORT_SYMBOL_GPL(key_type_asymmetric);
Look up asymmetric keyring restriction functions using the key-type lookup_restrict hook. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> --- crypto/asymmetric_keys/asymmetric_type.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)