[PATCH 6/9] KEYS: Trusted: Use key preparsing

From: David Howells
Date: Mon Nov 04 2013 - 11:34:12 EST


Make use of key preparsing in trusted keys so that quota size determination
can take place prior to keyring locking when a key is being added.

Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
---

security/keys/trusted.c | 190 ++++++++++++++++++++++-------------------------
1 file changed, 90 insertions(+), 100 deletions(-)

diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index e13fcf7636f7..ac444e3cfaa7 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -859,52 +859,22 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p,
return ret;
}

-static struct trusted_key_options *trusted_options_alloc(void)
-{
- struct trusted_key_options *options;
-
- options = kzalloc(sizeof *options, GFP_KERNEL);
- if (options) {
- /* set any non-zero defaults */
- options->keytype = SRK_keytype;
- options->keyhandle = SRKHANDLE;
- }
- return options;
-}
-
-static struct trusted_key_payload *trusted_payload_alloc(struct key *key)
-{
- struct trusted_key_payload *p = NULL;
- int ret;
-
- ret = key_payload_reserve(key, sizeof *p);
- if (ret < 0)
- return p;
- p = kzalloc(sizeof *p, GFP_KERNEL);
- if (p)
- p->migratable = 1; /* migratable by default */
- return p;
-}
-
/*
- * trusted_instantiate - create a new trusted key
+ * trusted_preparse - Preparse data for an trusted key
*
- * Unseal an existing trusted blob or, for a new key, get a
- * random key, then seal and create a trusted key-type key,
- * adding it to the specified keyring.
+ * Decrypt an existing encrypted datablob or create a new encrypted key
+ * based on a kernel random number.
*
* On success, return 0. Otherwise return errno.
*/
-static int trusted_instantiate(struct key *key,
- struct key_preparsed_payload *prep)
+static int trusted_preparse(struct key_preparsed_payload *prep)
{
struct trusted_key_payload *payload = NULL;
struct trusted_key_options *options = NULL;
size_t datalen = prep->datalen;
char *datablob;
- int ret = 0;
- int key_cmd;
- size_t key_len;
+ long key_cmd;
+ int ret = -ENOMEM;

if (datalen <= 0 || datalen > 32767 || !prep->data)
return -EINVAL;
@@ -915,16 +885,20 @@ static int trusted_instantiate(struct key *key,
memcpy(datablob, prep->data, datalen);
datablob[datalen] = '\0';

- options = trusted_options_alloc();
- if (!options) {
- ret = -ENOMEM;
+ payload = kzalloc(sizeof(*payload), GFP_KERNEL);
+ if (!payload)
goto out;
- }
- payload = trusted_payload_alloc(key);
- if (!payload) {
- ret = -ENOMEM;
+ prep->payload[0] = payload;
+
+ options = kzalloc(sizeof(*options), GFP_KERNEL);
+ if (!options)
goto out;
- }
+ prep->type_data[0] = options;
+
+ /* set any non-zero defaults */
+ payload->migratable = 1; /* migratable by default */
+ options->keytype = SRK_keytype;
+ options->keyhandle = SRKHANDLE;

key_cmd = datablob_parse(datablob, payload, options);
if (key_cmd < 0) {
@@ -932,42 +906,81 @@ static int trusted_instantiate(struct key *key,
goto out;
}

+ prep->type_data[1] = (void *)key_cmd;
+
dump_payload(payload);
dump_options(options);
+out:
+ kfree(datablob);
+ return ret;
+}
+
+static void trusted_free_preparse(struct key_preparsed_payload *prep)
+{
+ struct trusted_key_payload *p = prep->payload[0];
+ struct trusted_key_options *o = prep->type_data[0];
+
+ if (p) {
+ memset(p->key, 0, p->key_len);
+ kfree(p);
+ }
+ kfree(o);
+}
+
+/*
+ * trusted_instantiate - create a new trusted key
+ *
+ * Unseal an existing trusted blob or, for a new key, get a
+ * random key, then seal and create a trusted key-type key,
+ * adding it to the specified keyring.
+ *
+ * On success, return 0. Otherwise return errno.
+ */
+static int trusted_instantiate(struct key *key,
+ struct key_preparsed_payload *prep)
+{
+ struct trusted_key_payload *payload = prep->payload[0];
+ struct trusted_key_options *options = prep->type_data[0];
+ long key_cmd = (unsigned long)prep->type_data[1];
+ int ret;
+ size_t key_len;

switch (key_cmd) {
case Opt_load:
ret = key_unseal(payload, options);
dump_payload(payload);
dump_options(options);
- if (ret < 0)
+ if (ret < 0) {
pr_info("trusted_key: key_unseal failed (%d)\n", ret);
+ return ret;
+ }
break;
case Opt_new:
key_len = payload->key_len;
ret = tpm_get_random(TPM_ANY_NUM, payload->key, key_len);
if (ret != key_len) {
pr_info("trusted_key: key_create failed (%d)\n", ret);
- goto out;
+ return ret;
}
ret = key_seal(payload, options);
- if (ret < 0)
+ if (ret < 0) {
pr_info("trusted_key: key_seal failed (%d)\n", ret);
+ return ret;
+ }
break;
default:
- ret = -EINVAL;
- goto out;
+ return -EINVAL;
}
- if (!ret && options->pcrlock)
+
+ if (options->pcrlock) {
ret = pcrlock(options->pcrlock);
-out:
- kfree(datablob);
- kfree(options);
- if (!ret)
- rcu_assign_keypointer(key, payload);
- else
- kfree(payload);
- return ret;
+ if (ret < 0)
+ return ret;
+ }
+
+ rcu_assign_keypointer(key, prep->payload[0]);
+ prep->payload[0] = NULL;
+ return 0;
}

static void trusted_rcu_free(struct rcu_head *rcu)
@@ -985,39 +998,17 @@ static void trusted_rcu_free(struct rcu_head *rcu)
static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
{
struct trusted_key_payload *p = key->payload.data;
- struct trusted_key_payload *new_p;
- struct trusted_key_options *new_o;
- size_t datalen = prep->datalen;
- char *datablob;
+ struct trusted_key_payload *new_p = prep->payload[0];
+ struct trusted_key_options *new_o = prep->type_data[0];
+ long key_cmd = (unsigned long)prep->type_data[1];
int ret = 0;

if (!p->migratable)
return -EPERM;
- if (datalen <= 0 || datalen > 32767 || !prep->data)
- return -EINVAL;

- datablob = kmalloc(datalen + 1, GFP_KERNEL);
- if (!datablob)
- return -ENOMEM;
- new_o = trusted_options_alloc();
- if (!new_o) {
- ret = -ENOMEM;
- goto out;
- }
- new_p = trusted_payload_alloc(key);
- if (!new_p) {
- ret = -ENOMEM;
- goto out;
- }
+ if (key_cmd != Opt_update)
+ return -EINVAL;

- memcpy(datablob, prep->data, datalen);
- datablob[datalen] = '\0';
- ret = datablob_parse(datablob, new_p, new_o);
- if (ret != Opt_update) {
- ret = -EINVAL;
- kfree(new_p);
- goto out;
- }
/* copy old key values, and reseal with new pcrs */
new_p->migratable = p->migratable;
new_p->key_len = p->key_len;
@@ -1028,23 +1019,19 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
ret = key_seal(new_p, new_o);
if (ret < 0) {
pr_info("trusted_key: key_seal failed (%d)\n", ret);
- kfree(new_p);
- goto out;
+ return ret;
}
if (new_o->pcrlock) {
ret = pcrlock(new_o->pcrlock);
if (ret < 0) {
pr_info("trusted_key: pcrlock failed (%d)\n", ret);
- kfree(new_p);
- goto out;
+ return ret;
}
}
rcu_assign_keypointer(key, new_p);
call_rcu(&p->rcu, trusted_rcu_free);
-out:
- kfree(datablob);
- kfree(new_o);
- return ret;
+ prep->payload[0] = NULL;
+ return 0;
}

/*
@@ -1093,13 +1080,16 @@ static void trusted_destroy(struct key *key)
}

struct key_type key_type_trusted = {
- .name = "trusted",
- .instantiate = trusted_instantiate,
- .update = trusted_update,
- .match = user_match,
- .destroy = trusted_destroy,
- .describe = user_describe,
- .read = trusted_read,
+ .name = "trusted",
+ .def_datalen = sizeof(struct trusted_key_payload),
+ .preparse = trusted_preparse,
+ .free_preparse = trusted_free_preparse,
+ .instantiate = trusted_instantiate,
+ .update = trusted_update,
+ .match = user_match,
+ .destroy = trusted_destroy,
+ .describe = user_describe,
+ .read = trusted_read,
};

EXPORT_SYMBOL_GPL(key_type_trusted);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/