From: Eric Snowberg <eric.snowberg@oracle.com>
To: linux-security-module@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org,
herbert@gondor.apana.org.au, davem@davemloft.net,
ardb@kernel.org, jarkko@kernel.org, paul@paul-moore.com,
jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com,
roberto.sassu@huawei.com, dmitry.kasatkin@gmail.com,
mic@digikod.net, casey@schaufler-ca.com, stefanb@linux.ibm.com,
eric.snowberg@oracle.com, ebiggers@kernel.org,
rdunlap@infradead.org, linux-kernel@vger.kernel.org,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: [RFC PATCH v2 5/8] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE)
Date: Thu, 30 May 2024 18:39:42 -0600 [thread overview]
Message-ID: <20240531003945.44594-6-eric.snowberg@oracle.com> (raw)
In-Reply-To: <20240531003945.44594-1-eric.snowberg@oracle.com>
Add a new verification type called VERIFYING_CLAVIS_SIGNATURE. This new
usage will be used for validating keys added to the new clavis lsm keyring.
This will be introduced in a follow-on patch.
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
---
crypto/asymmetric_keys/asymmetric_type.c | 1 +
crypto/asymmetric_keys/pkcs7_verify.c | 1 +
include/linux/verification.h | 1 +
3 files changed, 3 insertions(+)
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index a5da8ccd353e..7fdc006f18d6 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -25,6 +25,7 @@ const char *const key_being_used_for[NR__KEY_BEING_USED_FOR] = {
[VERIFYING_KEY_SIGNATURE] = "key sig",
[VERIFYING_KEY_SELF_SIGNATURE] = "key self sig",
[VERIFYING_UNSPECIFIED_SIGNATURE] = "unspec sig",
+ [VERIFYING_CLAVIS_SIGNATURE] = "clavis sig",
};
EXPORT_SYMBOL_GPL(key_being_used_for);
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index f0d4ff3c20a8..1dc80e68ce96 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -428,6 +428,7 @@ int pkcs7_verify(struct pkcs7_message *pkcs7,
}
/* Authattr presence checked in parser */
break;
+ case VERIFYING_CLAVIS_SIGNATURE:
case VERIFYING_UNSPECIFIED_SIGNATURE:
if (pkcs7->data_type != OID_data) {
pr_warn("Invalid unspecified sig (not pkcs7-data)\n");
diff --git a/include/linux/verification.h b/include/linux/verification.h
index cb2d47f28091..970f748b5cc9 100644
--- a/include/linux/verification.h
+++ b/include/linux/verification.h
@@ -36,6 +36,7 @@ enum key_being_used_for {
VERIFYING_KEY_SIGNATURE,
VERIFYING_KEY_SELF_SIGNATURE,
VERIFYING_UNSPECIFIED_SIGNATURE,
+ VERIFYING_CLAVIS_SIGNATURE,
NR__KEY_BEING_USED_FOR
};
extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
--
2.43.0
next prev parent reply other threads:[~2024-05-31 0:41 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-31 0:39 [RFC PATCH v2 0/8] Clavis LSM Eric Snowberg
2024-05-31 0:39 ` [RFC PATCH v2 1/8] certs: Introduce ability to link to a system key Eric Snowberg
2024-06-04 18:08 ` Jarkko Sakkinen
2024-06-05 20:36 ` Eric Snowberg
2024-05-31 0:39 ` [RFC PATCH v2 2/8] clavis: Introduce a new system keyring called clavis Eric Snowberg
2024-05-31 0:39 ` [RFC PATCH v2 3/8] efi: Make clavis boot param persist across kexec Eric Snowberg
2024-05-31 0:39 ` [RFC PATCH v2 4/8] clavis: Prevent clavis boot param from changing during kexec Eric Snowberg
2024-05-31 0:39 ` Eric Snowberg [this message]
2024-05-31 0:39 ` [RFC PATCH v2 6/8] keys: Add ability to track intended usage of the public key Eric Snowberg
2024-05-31 0:39 ` [RFC PATCH v2 7/8] clavis: Introduce a new key type called clavis_key_acl Eric Snowberg
2024-05-31 0:39 ` [RFC PATCH v2 8/8] clavis: Introduce new LSM called clavis Eric Snowberg
2024-06-11 2:33 ` Randy Dunlap
2024-06-11 14:36 ` Eric Snowberg
2024-06-04 17:59 ` [RFC PATCH v2 0/8] Clavis LSM Jarkko Sakkinen
2024-06-05 20:41 ` Eric Snowberg
2024-06-19 15:22 ` Mimi Zohar
2024-06-20 20:18 ` Eric Snowberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240531003945.44594-6-eric.snowberg@oracle.com \
--to=eric.snowberg@oracle.com \
--cc=ardb@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=rdunlap@infradead.org \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=stefanb@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).