Re: [PATCH 2/6] security/keys/encrypted: Clean up request_trusted_key()
On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote:
< snip >
+/*
+ * request_trusted_key - request the trusted key
+ *
+ * Trusted keys are sealed to PCRs and other metadata. Although userspace
+ * manages both trusted/encrypted key-types, like the encrypted key type
+ * data, trusted key type data is not visible decrypted from userspace.
+ */
+static struct key *request_trusted_key(const char *trusted_desc,
+ const u8 **master_key, size_t *master_keylen)
+{
+ struct trusted_key_payload *tpayload;
+ struct key_type *type;
+ struct key *tkey;
+
+ type = key_type_lookup("trusted");
The associated key_type_put() will need to be called.
+ if (IS_ERR(type)) {
+ tkey = (struct key *)type;
+ goto error;
+ }
+ tkey = request_key(type, trusted_desc, NULL);
+ if (IS_ERR(tkey))
+ goto error;
+
+ down_read(&tkey->sem);
+ tpayload = tkey->payload.data[0];
+ *master_key = tpayload->key;
+ *master_keylen = tpayload->key_len;
+error:
+ return tkey;
+}
+
diff --git a/security/keys/key.c b/security/keys/key.c
index 696f1c092c50..9045b62afb04 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -706,6 +706,7 @@ struct key_type *key_type_lookup(const char *type)
found_kernel_type:
return ktype;
}
+EXPORT_SYMBOL_GPL(key_type_lookup);
Only the kernel is calling key_type_lookup(). Why does
key_type_lookup() need to be exported?
Mimi
void key_set_timeout(struct key *key, unsigned timeout)
{