Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a19e3c22 authored by David Howells's avatar David Howells
Browse files

Merge tag 'keys-preparse-1-20140722' into keys-next 



Here are a set of changes that make all but encrypted and trusted keys use
preparsing.  Unfortunately, encrypted and trusted keys incorrectly use the
update op to alter a key, so other changes will need to be made for them.

These changes permit payload parsing when instantiating or updating a key to be
done before locks are taken and to determine the amount of quota that will be
required in advance.  The latter will make it possible to do LRU discard before
any locks are taken.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parents 32c2e675 f1dcde91

Documentation/security/keys.txt

+10 −4
Original line number Diff line number Diff line
@@ -1150,18 +1150,22 @@ The structure has a number of fields, some of which are mandatory: 
		const void	*data;

		size_t		datalen;

		size_t		quotalen;

		time_t		expiry;

	};



     Before calling the method, the caller will fill in data and datalen with

     the payload blob parameters; quotalen will be filled in with the default

     quota size from the key type and the rest will be cleared.

     quota size from the key type; expiry will be set to TIME_T_MAX and the

     rest will be cleared.



     If a description can be proposed from the payload contents, that should be

     attached as a string to the description field.  This will be used for the

     key description if the caller of add_key() passes NULL or "".



     The method can attach anything it likes to type_data[] and payload.  These

     are merely passed along to the instantiate() or update() operations.

     are merely passed along to the instantiate() or update() operations.  If

     set, the expiry time will be applied to the key if it is instantiated from

     this data.



     The method should return 0 if successful or a negative error code

     otherwise.
@@ -1172,7 +1176,9 @@ The structure has a number of fields, some of which are mandatory: 
     This method is only required if the preparse() method is provided,

     otherwise it is unused.  It cleans up anything attached to the

     description, type_data and payload fields of the key_preparsed_payload

     struct as filled in by the preparse() method.

     struct as filled in by the preparse() method.  It will always be called

     after preparse() returns successfully, even if instantiate() or update()

     succeed.





 (*) int (*instantiate)(struct key *key, struct key_preparsed_payload *prep);

crypto/asymmetric_keys/asymmetric_type.c

+2 −25
Original line number Diff line number Diff line
@@ -156,36 +156,13 @@ static void asymmetric_key_free_preparse(struct key_preparsed_payload *prep) 
	pr_devel("==>%s()\n", __func__);



	if (subtype) {

		subtype->destroy(prep->payload);

		subtype->destroy(prep->payload[0]);

		module_put(subtype->owner);

	}

	kfree(prep->type_data[1]);

	kfree(prep->description);

}



/*

 * Instantiate a asymmetric_key defined key.  The key was preparsed, so we just

 * have to transfer the data here.

 */

static int asymmetric_key_instantiate(struct key *key, struct key_preparsed_payload *prep)

{

	int ret;



	pr_devel("==>%s()\n", __func__);



	ret = key_payload_reserve(key, prep->quotalen);

	if (ret == 0) {

		key->type_data.p[0] = prep->type_data[0];

		key->type_data.p[1] = prep->type_data[1];

		key->payload.data = prep->payload;

		prep->type_data[0] = NULL;

		prep->type_data[1] = NULL;

		prep->payload = NULL;

	}

	pr_devel("<==%s() = %d\n", __func__, ret);

	return ret;

}



/*

 * dispose of the data dangling from the corpse of a asymmetric key

 */
@@ -205,7 +182,7 @@ struct key_type key_type_asymmetric = { 
	.name		= "asymmetric",

	.preparse	= asymmetric_key_preparse,

	.free_preparse	= asymmetric_key_free_preparse,

	.instantiate	= asymmetric_key_instantiate,

	.instantiate	= generic_key_instantiate,

	.match		= asymmetric_key_match,

	.destroy	= asymmetric_key_destroy,

	.describe	= asymmetric_key_describe,

crypto/asymmetric_keys/x509_public_key.c

+1 −1
Original line number Diff line number Diff line
@@ -177,7 +177,7 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) 
	__module_get(public_key_subtype.owner);

	prep->type_data[0] = &public_key_subtype;

	prep->type_data[1] = cert->fingerprint;

	prep->payload = cert->pub;

	prep->payload[0] = cert->pub;

	prep->description = desc;

	prep->quotalen = 100;

fs/nfs/idmap.c

+6 −2
Original line number Diff line number Diff line
@@ -174,7 +174,9 @@ static int nfs_map_numeric_to_string(__u32 id, char *buf, size_t buflen) 


static struct key_type key_type_id_resolver = {

	.name		= "id_resolver",

	.instantiate	= user_instantiate,

	.preparse	= user_preparse,

	.free_preparse	= user_free_preparse,

	.instantiate	= generic_key_instantiate,

	.match		= user_match,

	.revoke		= user_revoke,

	.destroy	= user_destroy,
@@ -394,7 +396,9 @@ static const struct rpc_pipe_ops idmap_upcall_ops = { 


static struct key_type key_type_id_resolver_legacy = {

	.name		= "id_legacy",

	.instantiate	= user_instantiate,

	.preparse	= user_preparse,

	.free_preparse	= user_free_preparse,

	.instantiate	= generic_key_instantiate,

	.match		= user_match,

	.revoke		= user_revoke,

	.destroy	= user_destroy,

include/keys/big_key-type.h

+2 −1
Original line number Diff line number Diff line
@@ -16,7 +16,8 @@ 


extern struct key_type key_type_big_key;



extern int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep);

extern int big_key_preparse(struct key_preparsed_payload *prep);

extern void big_key_free_preparse(struct key_preparsed_payload *prep);

extern void big_key_revoke(struct key *key);

extern void big_key_destroy(struct key *key);

extern void big_key_describe(const struct key *big_key, struct seq_file *m);