Message ID | 20241017155516.2582369-5-eric.snowberg@oracle.com |
---|---|
State | New |
Headers | show |
Series | Clavis LSM | expand |
On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote: > Add a new verification type called VERIFYING_CLAVIS_SIGNATURE. This new > usage will be used for validating keys added to the new clavis LSM keyring. > This will be introduced in a follow-on patch. > > Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> > --- > crypto/asymmetric_keys/asymmetric_type.c | 1 + > crypto/asymmetric_keys/pkcs7_verify.c | 1 + > include/linux/verification.h | 2 ++ > 3 files changed, 4 insertions(+) > > diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c > index 43af5fa510c0..d7bf95c77f4a 100644 > --- a/crypto/asymmetric_keys/asymmetric_type.c > +++ b/crypto/asymmetric_keys/asymmetric_type.c > @@ -25,6 +25,7 @@ const char *const key_being_used_for[NR__KEY_BEING_USED_FOR] = { > [VERIFYING_KEY_SIGNATURE] = "key sig", > [VERIFYING_KEY_SELF_SIGNATURE] = "key self sig", > [VERIFYING_UNSPECIFIED_SIGNATURE] = "unspec sig", > + [VERIFYING_CLAVIS_SIGNATURE] = "clavis sig", > }; > EXPORT_SYMBOL_GPL(key_being_used_for); > > diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c > index f0d4ff3c20a8..1dc80e68ce96 100644 > --- a/crypto/asymmetric_keys/pkcs7_verify.c > +++ b/crypto/asymmetric_keys/pkcs7_verify.c > @@ -428,6 +428,7 @@ int pkcs7_verify(struct pkcs7_message *pkcs7, > } > /* Authattr presence checked in parser */ > break; > + case VERIFYING_CLAVIS_SIGNATURE: Add "fallthrough;" https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through > case VERIFYING_UNSPECIFIED_SIGNATURE: > if (pkcs7->data_type != OID_data) { > pr_warn("Invalid unspecified sig (not pkcs7-data)\n"); > diff --git a/include/linux/verification.h b/include/linux/verification.h > index cb2d47f28091..02d2d70e2324 100644 > --- a/include/linux/verification.h > +++ b/include/linux/verification.h > @@ -36,6 +36,8 @@ enum key_being_used_for { > VERIFYING_KEY_SIGNATURE, > VERIFYING_KEY_SELF_SIGNATURE, > VERIFYING_UNSPECIFIED_SIGNATURE, > + /* Add new entries above, keep VERIFYING_CLAVIS_SIGNATURE at the end. */ > + VERIFYING_CLAVIS_SIGNATURE, > NR__KEY_BEING_USED_FOR > }; > extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index 43af5fa510c0..d7bf95c77f4a 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -25,6 +25,7 @@ const char *const key_being_used_for[NR__KEY_BEING_USED_FOR] = { [VERIFYING_KEY_SIGNATURE] = "key sig", [VERIFYING_KEY_SELF_SIGNATURE] = "key self sig", [VERIFYING_UNSPECIFIED_SIGNATURE] = "unspec sig", + [VERIFYING_CLAVIS_SIGNATURE] = "clavis sig", }; EXPORT_SYMBOL_GPL(key_being_used_for); diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index f0d4ff3c20a8..1dc80e68ce96 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c @@ -428,6 +428,7 @@ int pkcs7_verify(struct pkcs7_message *pkcs7, } /* Authattr presence checked in parser */ break; + case VERIFYING_CLAVIS_SIGNATURE: case VERIFYING_UNSPECIFIED_SIGNATURE: if (pkcs7->data_type != OID_data) { pr_warn("Invalid unspecified sig (not pkcs7-data)\n"); diff --git a/include/linux/verification.h b/include/linux/verification.h index cb2d47f28091..02d2d70e2324 100644 --- a/include/linux/verification.h +++ b/include/linux/verification.h @@ -36,6 +36,8 @@ enum key_being_used_for { VERIFYING_KEY_SIGNATURE, VERIFYING_KEY_SELF_SIGNATURE, VERIFYING_UNSPECIFIED_SIGNATURE, + /* Add new entries above, keep VERIFYING_CLAVIS_SIGNATURE at the end. */ + VERIFYING_CLAVIS_SIGNATURE, NR__KEY_BEING_USED_FOR }; extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
Add a new verification type called VERIFYING_CLAVIS_SIGNATURE. This new usage will be used for validating keys added to the new clavis LSM keyring. This will be introduced in a follow-on patch. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> --- crypto/asymmetric_keys/asymmetric_type.c | 1 + crypto/asymmetric_keys/pkcs7_verify.c | 1 + include/linux/verification.h | 2 ++ 3 files changed, 4 insertions(+)