Lines Matching +full:zero +full:- +full:initialised
5 This service allows cryptographic keys, authentication tokens, cross-domain
30 - A serial number.
31 - A type.
32 - A description (for matching a key in a search).
33 - Access control information.
34 - An expiry time.
35 - A payload.
36 - State.
40 the lifetime of that key. All serial numbers are positive non-zero 32-bit
69 the keyring links; in the case of a user-defined key, it's an arbitrary
91 * Negative. This is a relatively short-lived state. The key acts as a
134 The description can be arbitrary, but must be prefixed with a non-zero
140 * Each process subscribes to three keyrings: a thread-specific keyring, a
141 process-specific keyring, and a session-specific keyring.
143 The thread-specific keyring is discarded from the child when any sort of
147 The process-specific keyring is replaced with an empty one in the child on
152 The session-specific keyring is persistent across clone, fork, vfork and
153 execve, even when the latter executes a set-UID or set-GID binary. A
163 keyring is initialised with a link to the user-specific keyring.
179 Process-specific and thread-specific keyrings are not counted towards a
207 This permits a key or keyring's attributes to be viewed - including key
250 newly-created keys. If the contents of that file correspond to an SELinux
254 particular context to newly-created keys, using the "create" permission in the
292 00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4
293 00000002 I----- 2 perm 1f3f0000 0 0 keyring _uid.0: empty
294 00000007 I----- 1 perm 1f3f0000 0 0 keyring _pid.1: empty
295 0000018d I----- 1 perm 1f3f0000 0 0 keyring _pid.412: empty
296 000004d2 I--Q-- 1 perm 1f3f0000 32 -1 keyring _uid.32: 1/4
297 000004d3 I--Q-- 3 perm 1f3f0000 32 -1 keyring _uid_ses.32: empty
298 00000892 I--QU- 1 perm 1f000000 0 0 user metal:copper: 0
299 00000893 I--Q-N 1 35s 1f3f0000 0 0 user metal:silver: 0
300 00000894 I--Q-- 1 10h 003f0000 0 0 user metal:gold: 0
312 * /proc/key-users
317 [root@andromeda root]# cat /proc/key-users
345 These files hold the maximum number of keys that each non-root user may
361 serial number (a positive 32-bit integer). However, there are some special
367 KEY_SPEC_THREAD_KEYRING -1 thread-specific keyring
368 KEY_SPEC_PROCESS_KEYRING -2 process-specific keyring
369 KEY_SPEC_SESSION_KEYRING -3 session-specific keyring
370 KEY_SPEC_USER_KEYRING -4 UID-specific keyring
371 KEY_SPEC_USER_SESSION_KEYRING -5 UID-session keyring
372 KEY_SPEC_GROUP_KEYRING -6 GID-specific keyring
373 KEY_SPEC_REQKEY_AUTH_KEY -7 assumed request_key()
403 the type. The payload is plen in size, and plen can be zero for an empty
433 /sbin/request-key will be invoked in an attempt to obtain a key. The
440 See also Documentation/security/keys/request-key.rst.
455 non-zero; and the error ENOKEY will be returned if "create" is zero.
504 of uid or gid can be set to -1 to suppress that change.
634 into the destination keyring if one is supplied (non-zero ID). All the
680 If a keyring is specified (non-zero), the key will also be linked into
704 If a keyring is specified (non-zero), the key will also be linked into
713 * Set the default request-key destination keyring::
722 KEY_REQKEY_DEFL_NO_CHANGE -1 No change
827 reaches zero.
836 * Compute a Diffie-Hellman shared secret or public key::
843 - The prime, p, known to both parties
844 - The local private key
845 - The base integer, which is either a shared generator or the
858 - The buffer length must be at least the length of the prime, or zero.
860 - If the buffer length is nonzero, the length of the result is
862 buffer. When the buffer length is zero, the minimum required
866 (KDF) on the Diffie-Hellman computation where only the result
870 - ``char *hashname`` specifies the NUL terminated string identifying
872 operation. The KDF implemenation complies with SP800-56A as well
873 as with SP800-108 (the counter KDF).
875 - ``char *otherinfo`` specifies the OtherInfo data as documented in
876 SP800-56A section 5.8.1.2. The length of the buffer is given with
883 function will return EMSGSIZE when the parameter kdf is non-NULL
915 See Documentation/crypto/asymmetric-keys.txt for specific restrictions
937 supported. This is constructed from a bitwise-OR of::
980 Use an asymmetric key to perform a public-key cryptographic operation a
1002 KEYCTL_PKEY_ENCRYPT Raw data Encrypted data -
1003 KEYCTL_PKEY_DECRYPT Encrypted data Raw data -
1004 KEYCTL_PKEY_SIGN Raw data Signature -
1005 KEYCTL_PKEY_VERIFY Raw data - Signature
1011 can be "pkcs1" for RSASSA-PKCS1-v1.5 or
1012 RSAES-PKCS1-v1.5; "pss" for "RSASSA-PSS"; "oaep" for
1013 "RSAES-OAEP". If omitted or is "raw", the raw output
1050 <keys/user-type.h>
1058 least four-byte aligned.
1092 not NULL, then /sbin/request-key will be invoked in an attempt to obtain
1100 implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING.
1102 See also Documentation/security/keys/request-key.rst.
1128 passed to the key_type->request_key() op if it exists, and the
1221 - provided they can be verified by a key the kernel already has.
1230 -EPERM to in this case.
1270 The simplest payload is just data stored in key->payload directly. In this
1274 key->payload.data[] array. One of the following ways must be selected to
1286 the payload pointer. It must be write-locked for modifications and would
1287 have to be read-locked for general access. The disadvantage of doing this
1310 the payload. key->datalen cannot be relied upon to be consistent with the
1313 Note that key->payload.data[0] has a shadow that is marked for __rcu
1314 usage. This is called key->payload.rcu_data0. The following accessors
1343 <linux/key-type.h>
1355 This is optional - it supplies the default payload data length as
1422 The prep->data and prep->datalen fields will define the original payload
1426 keytype->def_datalen, then key_payload_reserve() should be called.
1429 The fact that KEY_FLAG_INSTANTIATED is not set in key->flags prevents
1435 prep->payload.data[] to key->payload.data[], with RCU-safe assignment on
1436 the first element. It will then clear prep->payload.data[] so that the
1445 The prep->data and prep->datalen fields will define the original payload
1453 The key will have its semaphore write-locked before this method is called,
1485 * KEYRING_SEARCH_LOOKUP_DIRECT - A direct lookup hashes the type and
1488 * KEYRING_SEARCH_LOOKUP_ITERATE - An iterative lookup walks all the
1513 match_data->preparsed after a successful call to match_preparse().
1520 write-locked.
1545 accessed. key->datalen cannot be trusted to stay consistent with the
1564 This method will be called with the key's semaphore read-locked. This will
1573 invoke this function rather than upcalling to /sbin/request-key to operate
1588 The error parameter should be 0 on success, -ve on error. The
1615 attempted key link operation. If there is no match, -EINVAL is returned.
1646 RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding or "raw" if no encoding);
1656 kernel_pkey_encrypt Raw data Encrypted data -
1657 kernel_pkey_decrypt Encrypted data Raw data -
1658 kernel_pkey_sign Raw data Signature -
1659 kernel_pkey_verify Raw data - Signature
1662 specified by params->op. Note that params->op is also set for
1669 digest algorithm - the name of which should be supplied in hash_algo.
1728 Request-Key Callback Service
1734 /sbin/request-key create <key> <uid> <gid> \
1742 required to obtain the key, eg: a Kerberos Ticket-Granting Ticket.
1764 information was made available, then "-" will be passed as this parameter
1771 /sbin/request-key update <key> <uid> <gid> \