For cases a trusted key source already sources the kernel RNG, we can
use get_random_bytes_wait to get the random data for key material.
Make the get_random callback optional to allow sources to make use of
this.
Signed-off-by: Ahmad Fatoum <a.fat...@pengutronix.de>
---
To: James Bottomley <j...@linux.ibm.com>
To: Jarkko Sakkinen <jar...@kernel.org>
To: Mimi Zohar <zo...@linux.ibm.com>
To: David Howells <dhowe...@redhat.com>
Cc: James Morris <jmor...@namei.org>
Cc: "Serge E. Hallyn" <se...@hallyn.com>
Cc: "Horia Geantă" <horia.gea...@nxp.com>
Cc: Aymen Sghaier <aymen.sgha...@nxp.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: Udit Agarwal <udit.agar...@nxp.com>
Cc: Jan Luebbe <j.lue...@penutronix.de>
Cc: David Gstir <da...@sigma-star.at>
Cc: Franck LENORMAND <franck.lenorm...@nxp.com>
Cc: Sumit Garg <sumit.g...@linaro.org>
Cc: keyri...@vger.kernel.org
Cc: linux-cry...@vger.kernel.org
Cc: linux-integr...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
---
include/keys/trusted-type.h | 2 +-
security/keys/trusted-keys/trusted_core.c | 11 ++++++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index d89fa2579ac0..4eb64548a74f 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
@@ -64,7 +64,7 @@ struct trusted_key_ops {
/* Unseal a key. */
int (*unseal)(struct trusted_key_payload *p, char *datablob);
- /* Get a randomized key. */
+ /* Optional: Get a randomized key. */
int (*get_random)(unsigned char *key, size_t key_len);
/* Exit key interface. */
diff --git a/security/keys/trusted-keys/trusted_core.c
b/security/keys/trusted-keys/trusted_core.c
index ec3a066a4b42..5f92323efedf 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -16,6 +16,7 @@
#include <linux/key-type.h>
#include <linux/module.h>
#include <linux/parser.h>
+#include <linux/random.h>
#include <linux/rcupdate.h>
#include <linux/slab.h>
#include <linux/static_call.h>
@@ -310,8 +311,14 @@ struct key_type key_type_trusted = {
};
EXPORT_SYMBOL_GPL(key_type_trusted);
+static int kernel_get_random(unsigned char *key, size_t key_len)
+{
+ return get_random_bytes_wait(key, key_len) ?: key_len;
+}
+
static int __init init_trusted(void)
{
+ int (*get_random)(unsigned char *key, size_t key_len);
int i, ret = 0;
for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
@@ -320,6 +327,8 @@ static int __init init_trusted(void)
strlen(trusted_key_sources[i].name)))
continue;
+ get_random = trusted_key_sources[i].ops->get_random ?:
kernel_get_random;
+
static_call_update(trusted_key_init,
trusted_key_sources[i].ops->init);
static_call_update(trusted_key_seal,
@@ -327,7 +336,7 @@ static int __init init_trusted(void)
static_call_update(trusted_key_unseal,
trusted_key_sources[i].ops->unseal);
static_call_update(trusted_key_get_random,
- trusted_key_sources[i].ops->get_random);
+ get_random);
static_call_update(trusted_key_exit,
trusted_key_sources[i].ops->exit);
migratable = trusted_key_sources[i].ops->migratable;
--
git-series 0.9.1
