LXR linux/crypto/asymmetric_keys/pkcs7_key

   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/* Testing module to load key from trusted PKCS#7 message
   3 *
   4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
   5 * Written by David Howells (dhowells@redhat.com)
   6 */
   7
   8#define pr_fmt(fmt) "PKCS7key: "fmt
   9#include <linux/key.h>
  10#include <linux/err.h>
  11#include <linux/module.h>
  12#include <linux/verification.h>
  13#include <linux/key-type.h>
  14#include <keys/user-type.h>
  15
  16MODULE_LICENSE("GPL");
  17MODULE_DESCRIPTION("PKCS#7 testing key type");
  18MODULE_AUTHOR("Red Hat, Inc.");
  19
  20static unsigned pkcs7_usage;
  21module_param_named(usage, pkcs7_usage, uint, S_IWUSR | S_IRUGO);
  22MODULE_PARM_DESC(pkcs7_usage,
  23                 "Usage to specify when verifying the PKCS#7 message");
  24
  25/*
  26 * Retrieve the PKCS#7 message content.
  27 */
  28static int pkcs7_view_content(void *ctx, const void *data, size_t len,
  29                              size_t asn1hdrlen)
  30{
  31        struct key_preparsed_payload *prep = ctx;
  32        const void *saved_prep_data;
  33        size_t saved_prep_datalen;
  34        int ret;
  35
  36        saved_prep_data = prep->data;
  37        saved_prep_datalen = prep->datalen;
  38        prep->data = data;
  39        prep->datalen = len;
  40
  41        ret = user_preparse(prep);
  42
  43        prep->data = saved_prep_data;
  44        prep->datalen = saved_prep_datalen;
  45        return ret;
  46}
  47
  48/*
  49 * Preparse a PKCS#7 wrapped and validated data blob.
  50 */
  51static int pkcs7_preparse(struct key_preparsed_payload *prep)
  52{
  53        enum key_being_used_for usage = pkcs7_usage;
  54
  55        if (usage >= NR__KEY_BEING_USED_FOR) {
  56                pr_err("Invalid usage type %d\n", usage);
  57                return -EINVAL;
  58        }
  59
  60        return verify_pkcs7_signature(NULL, 0,
  61                                      prep->data, prep->datalen,
  62                                      VERIFY_USE_SECONDARY_KEYRING, usage,
  63                                      pkcs7_view_content, prep);
  64}
  65
  66/*
  67 * user defined keys take an arbitrary string as the description and an
  68 * arbitrary blob of data as the payload
  69 */
  70static struct key_type key_type_pkcs7 = {
  71        .name                   = "pkcs7_test",
  72        .preparse               = pkcs7_preparse,
  73        .free_preparse          = user_free_preparse,
  74        .instantiate            = generic_key_instantiate,
  75        .revoke                 = user_revoke,
  76        .destroy                = user_destroy,
  77        .describe               = user_describe,
  78        .read                   = user_read,
  79};
  80
  81/*
  82 * Module stuff
  83 */
  84static int __init pkcs7_key_init(void)
  85{
  86        return register_key_type(&key_type_pkcs7);
  87}
  88
  89static void __exit pkcs7_key_cleanup(void)
  90{
  91        unregister_key_type(&key_type_pkcs7);
  92}
  93
  94module_init(pkcs7_key_init);
  95module_exit(pkcs7_key_cleanup);
  96