integrity: provide a function to load x509 certificate from the kernel (65d543b2) · Commits · e / devices / android_kernel_fairphone_FP3

security/integrity/digsig.c

+35 −1

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@

		#include <linux/err.h>
		#include <linux/sched.h>
		#include <linux/rbtree.h>
		#include <linux/slab.h>
		#include <linux/cred.h>
		#include <linux/key-type.h>
		#include <linux/digsig.h>
		@@ -84,3 +84,37 @@ int __init integrity_init_keyring(const unsigned int id)
		}
		return err;
		}

		int __init integrity_load_x509(const unsigned int id, char *path)
		{
		key_ref_t key;
		char *data;
		int rc;

		if (!keyring[id])
		return -EINVAL;

		rc = integrity_read_file(path, &data);
		if (rc < 0)
		return rc;

		key = key_create_or_update(make_key_ref(keyring[id], 1),
		"asymmetric",
		NULL,
		data,
		rc,
		((KEY_POS_ALL & ~KEY_POS_SETATTR) \|
		KEY_USR_VIEW \| KEY_USR_READ),
		KEY_ALLOC_NOT_IN_QUOTA \| KEY_ALLOC_TRUSTED);
		if (IS_ERR(key)) {
		rc = PTR_ERR(key);
		pr_err("Problem loading X.509 certificate (%d): %s\n",
		rc, path);
		} else {
		pr_notice("Loaded X.509 cert '%s': %s\n",
		key_ref_to_ptr(key)->description, path);
		key_ref_put(key);
		}
		kfree(data);
		return 0;
		}

+2 −0

Original line number	Diff line number	Diff line
		@@ -134,6 +134,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
		const char *digest, int digestlen);

		int __init integrity_init_keyring(const unsigned int id);
		int __init integrity_load_x509(const unsigned int id, char *path);
		#else

		static inline int integrity_digsig_verify(const unsigned int id,
		@@ -147,6 +148,7 @@ static inline int integrity_init_keyring(const unsigned int id)
		{
		return 0;
		}

		#endif /* CONFIG_INTEGRITY_SIGNATURE */

		#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS