Re: [PATCH 2/6] security/keys/encrypted: Clean up request_trusted_key()
From: Mimi Zohar
Date: Tue Mar 19 2019 - 20:06:59 EST
On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote:
< snip >
> +/*
> + * request_trusted_key - request the trusted key
> + *
> + * Trusted keys are sealed to PCRs and other metadata. Although userspace
> + * manages both trusted/encrypted key-types, like the encrypted key type
> + * data, trusted key type data is not visible decrypted from userspace.
> + */
> +static struct key *request_trusted_key(const char *trusted_desc,
> + const u8 **master_key, size_t *master_keylen)
> +{
> + struct trusted_key_payload *tpayload;
> + struct key_type *type;
> + struct key *tkey;
> +
> + type = key_type_lookup("trusted");
The associated key_type_put() will need to be called.
> + if (IS_ERR(type)) {
> + tkey = (struct key *)type;
> + goto error;
> + }
> + tkey = request_key(type, trusted_desc, NULL);
> + if (IS_ERR(tkey))
> + goto error;
> +
> + down_read(&tkey->sem);
> + tpayload = tkey->payload.data[0];
> + *master_key = tpayload->key;
> + *master_keylen = tpayload->key_len;
> +error:
> + return tkey;
> +}
> +
> diff --git a/security/keys/key.c b/security/keys/key.c
> index 696f1c092c50..9045b62afb04 100644
> --- a/security/keys/key.c
> +++ b/security/keys/key.c
> @@ -706,6 +706,7 @@ struct key_type *key_type_lookup(const char *type)
> found_kernel_type:
> return ktype;
> }
> +EXPORT_SYMBOL_GPL(key_type_lookup);
Only the kernel is calling key_type_lookup(). ÂWhy does
key_type_lookup() need to be exported?
Mimi
>
> void key_set_timeout(struct key *key, unsigned timeout)
> {
>