| /security/keys/ |
| D | key.c | 38 void __key_check(const struct key *key) in __key_check() argument
41 key, key->magic, KEY_DEBUG_MAGIC); in __key_check()
133 static inline void key_alloc_serial(struct key *key) in key_alloc_serial() argument
136 struct key *xkey; in key_alloc_serial()
141 get_random_bytes(&key->serial, sizeof(key->serial)); in key_alloc_serial()
143 key->serial >>= 1; /* negative numbers are not permitted */ in key_alloc_serial()
144 } while (key->serial < 3); in key_alloc_serial()
154 xkey = rb_entry(parent, struct key, serial_node); in key_alloc_serial()
156 if (key->serial < xkey->serial) in key_alloc_serial()
158 else if (key->serial > xkey->serial) in key_alloc_serial()
[all …]
|
| D | request_key.c | 22 static struct key *check_cached_key(struct keyring_search_context *ctx) in check_cached_key()
25 struct key *key = current->cached_requested_key; in check_cached_key() local
27 if (key && in check_cached_key()
28 ctx->match_data.cmp(key, &ctx->match_data) && in check_cached_key()
29 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) | in check_cached_key()
31 return key_get(key); in check_cached_key()
36 static void cache_requested_key(struct key *key) in cache_requested_key() argument
42 t->cached_requested_key = key_get(key); in cache_requested_key()
56 void complete_request_key(struct key *authkey, int error) in complete_request_key()
59 struct key *key = rka->target_key; in complete_request_key() local
[all …]
|
| D | gc.c | 125 struct key *key = in key_gc_unused_keys() local
126 list_entry(keys->next, struct key, graveyard_link); in key_gc_unused_keys()
127 short state = key->state; in key_gc_unused_keys()
129 list_del(&key->graveyard_link); in key_gc_unused_keys()
131 kdebug("- %u", key->serial); in key_gc_unused_keys()
132 key_check(key); in key_gc_unused_keys()
135 if (state == KEY_IS_POSITIVE && key->type->destroy) in key_gc_unused_keys()
136 key->type->destroy(key); in key_gc_unused_keys()
138 security_key_free(key); in key_gc_unused_keys()
141 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { in key_gc_unused_keys()
[all …]
|
| D | keyring.c | 40 static inline struct key *keyring_ptr_to_key(const struct assoc_array_ptr *x) in keyring_ptr_to_key()
43 return (struct key *)((unsigned long)object & ~KEYRING_PTR_SUBTYPE); in keyring_ptr_to_key()
45 static inline void *keyring_key_to_ptr(struct key *key) in keyring_key_to_ptr() argument
47 if (key->type == &key_type_keyring) in keyring_key_to_ptr()
48 return (void *)((unsigned long)key | KEYRING_PTR_SUBTYPE); in keyring_key_to_ptr()
49 return key; in keyring_key_to_ptr()
76 static int keyring_instantiate(struct key *keyring,
78 static void keyring_revoke(struct key *keyring);
79 static void keyring_destroy(struct key *keyring);
80 static void keyring_describe(const struct key *keyring, struct seq_file *m);
[all …]
|
| D | internal.h | 92 extern int __key_link_lock(struct key *keyring,
94 extern int __key_move_lock(struct key *l_keyring, struct key *u_keyring,
96 extern int __key_link_begin(struct key *keyring,
99 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
100 extern void __key_link(struct key *key, struct assoc_array_edit **_edit);
101 extern void __key_link_end(struct key *keyring,
108 extern struct key *keyring_search_instkey(struct key *keyring,
111 extern int iterate_over_keyring(const struct key *keyring,
112 int (*func)(const struct key *key, void *data),
137 extern bool key_default_cmp(const struct key *key,
[all …]
|
| D | proc.c | 70 struct key *key = rb_entry(n, struct key, serial_node); in key_serial_next() local
71 if (kuid_has_mapping(user_ns, key->user->uid)) in key_serial_next()
78 static struct key *find_ge_key(struct seq_file *p, key_serial_t id) in find_ge_key()
82 struct key *minkey = NULL; in find_ge_key()
85 struct key *key = rb_entry(n, struct key, serial_node); in find_ge_key() local
86 if (id < key->serial) { in find_ge_key()
87 if (!minkey || minkey->serial > key->serial) in find_ge_key()
88 minkey = key; in find_ge_key()
90 } else if (id > key->serial) { in find_ge_key()
93 minkey = key; in find_ge_key()
[all …]
|
| D | permission.c | 29 struct key *key; in key_task_permission() local
33 key = key_ref_to_ptr(key_ref); in key_task_permission()
36 if (uid_eq(key->uid, cred->fsuid)) { in key_task_permission()
37 kperm = key->perm >> 16; in key_task_permission()
43 if (gid_valid(key->gid) && key->perm & KEY_GRP_ALL) { in key_task_permission()
44 if (gid_eq(key->gid, cred->fsgid)) { in key_task_permission()
45 kperm = key->perm >> 8; in key_task_permission()
49 ret = groups_search(cred->group_info, key->gid); in key_task_permission()
51 kperm = key->perm >> 8; in key_task_permission()
57 kperm = key->perm; in key_task_permission()
[all …]
|
| D | request_key_auth.c | 20 static int request_key_auth_instantiate(struct key *,
22 static void request_key_auth_describe(const struct key *, struct seq_file *);
23 static void request_key_auth_revoke(struct key *);
24 static void request_key_auth_destroy(struct key *);
25 static long request_key_auth_read(const struct key *, char __user *, size_t);
54 static int request_key_auth_instantiate(struct key *key, in request_key_auth_instantiate() argument
57 rcu_assign_keypointer(key, (struct request_key_auth *)prep->data); in request_key_auth_instantiate()
64 static void request_key_auth_describe(const struct key *key, in request_key_auth_describe() argument
67 struct request_key_auth *rka = dereference_key_rcu(key); in request_key_auth_describe()
73 seq_puts(m, key->description); in request_key_auth_describe()
[all …]
|
| D | user_defined.c | 101 int user_update(struct key *key, struct key_preparsed_payload *prep) in user_update() argument
107 ret = key_payload_reserve(key, prep->datalen); in user_update()
112 key->expiry = prep->expiry; in user_update()
113 if (key_is_positive(key)) in user_update()
114 zap = dereference_key_locked(key); in user_update()
115 rcu_assign_keypointer(key, prep->payload.data[0]); in user_update()
128 void user_revoke(struct key *key) in user_revoke() argument
130 struct user_key_payload *upayload = user_key_payload_locked(key); in user_revoke()
133 key_payload_reserve(key, 0); in user_revoke()
136 rcu_assign_keypointer(key, NULL); in user_revoke()
[all …]
|
| D | keyctl.c | 174 struct key *key; in SYSCALL_DEFINE4() local
223 key = request_key_and_link(ktype, description, NULL, callout_info, in SYSCALL_DEFINE4()
226 if (IS_ERR(key)) { in SYSCALL_DEFINE4()
227 ret = PTR_ERR(key); in SYSCALL_DEFINE4()
232 ret = wait_for_key_construction(key, 1); in SYSCALL_DEFINE4()
236 ret = key->serial; in SYSCALL_DEFINE4()
239 key_put(key); in SYSCALL_DEFINE4()
383 struct key *key; in keyctl_revoke_key() local
398 key = key_ref_to_ptr(key_ref); in keyctl_revoke_key()
400 if (test_bit(KEY_FLAG_KEEP, &key->flags)) in keyctl_revoke_key()
[all …]
|
| D | process_keys.c | 38 static struct key *get_user_register(struct user_namespace *user_ns) in get_user_register()
40 struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register); in get_user_register()
74 int look_up_user_keyrings(struct key **_user_keyring, in look_up_user_keyrings()
75 struct key **_user_session_keyring) in look_up_user_keyrings()
79 struct key *reg_keyring, *uid_keyring, *session_keyring; in look_up_user_keyrings()
185 struct key *get_user_session_keyring_rcu(const struct cred *cred) in get_user_session_keyring_rcu()
187 struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register); in get_user_session_keyring_rcu()
223 struct key *keyring; in install_thread_keyring_to_cred()
270 struct key *keyring; in install_process_keyring_to_cred()
317 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) in install_session_keyring_to_cred()
[all …]
|
| D | big_key.c | 100 static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t datalen, u8 *key) in big_key_crypt() argument
122 if (crypto_aead_setkey(big_key_aead, key, ENC_KEY_SIZE)) { in big_key_crypt()
307 void big_key_revoke(struct key *key) in big_key_revoke() argument
309 struct path *path = (struct path *)&key->payload.data[big_key_path]; in big_key_revoke()
312 key_payload_reserve(key, 0); in big_key_revoke()
313 if (key_is_positive(key) && in big_key_revoke()
314 (size_t)key->payload.data[big_key_len] > BIG_KEY_FILE_THRESHOLD) in big_key_revoke()
321 void big_key_destroy(struct key *key) in big_key_destroy() argument
323 size_t datalen = (size_t)key->payload.data[big_key_len]; in big_key_destroy()
326 struct path *path = (struct path *)&key->payload.data[big_key_path]; in big_key_destroy()
[all …]
|
| D | trusted.c | 75 static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, in TSS_rawhmac() argument
90 ret = crypto_shash_setkey(hmacalg, key, keylen); in TSS_rawhmac()
122 int TSS_authhmac(unsigned char *digest, const unsigned char *key, in TSS_authhmac() argument
165 ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, in TSS_authhmac()
180 const unsigned char *key, in TSS_checkhmac1() argument
245 ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest, in TSS_checkhmac1()
399 const unsigned char *key, uint16_t type, uint32_t handle) in osap() argument
426 return TSS_rawhmac(s->secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE, in osap()
681 p->key[p->key_len] = p->migratable; in key_seal()
684 p->key, p->key_len + 1, p->blob, &p->blob_len, in key_seal()
[all …]
|
| D | keyctl_pkey.c | 20 key_put(params->key); in keyctl_pkey_params_free()
101 params->key = key_ref_to_ptr(key_ref); in keyctl_pkey_params_get()
103 if (!params->key->type->asym_query) in keyctl_pkey_params_get()
132 ret = params->key->type->asym_query(params, &info); in keyctl_pkey_params_get_2()
175 ret = params.key->type->asym_query(¶ms, &res); in keyctl_pkey_query()
221 if (!params.key->type->asym_eds_op) in keyctl_pkey_e_d_s()
249 ret = params.key->type->asym_eds_op(¶ms, in, out); in keyctl_pkey_e_d_s()
297 if (!params.key->type->asym_verify_signature) in keyctl_pkey_verify()
313 ret = params.key->type->asym_verify_signature(¶ms, in, in2); in keyctl_pkey_verify()
|
| D | dh.c | 19 struct key *key; in dh_data_from_key() local
30 key = key_ref_to_ptr(key_ref); in dh_data_from_key()
33 if (key->type == &key_type_user) { in dh_data_from_key()
34 down_read(&key->sem); in dh_data_from_key()
35 status = key_validate(key); in dh_data_from_key()
40 payload = user_key_payload_locked(key); in dh_data_from_key()
51 up_read(&key->sem); in dh_data_from_key()
54 key_put(key); in dh_data_from_key()
61 kzfree(dh->key); in dh_free_data()
298 dlen = dh_data_from_key(pcopy.private, &dh_inputs.key); in __keyctl_dh_compute()
|
| D | Kconfig | 7 bool "Enable access key retention support"
17 Furthermore, a special type of key is available that acts as keyring:
37 This allows the key used for multiple step processes where each step
38 wants to request a key that is likely the same as the one requested
43 key. Pathwalk will call multiple methods for each dentry traversed
51 primarily aimed at Kerberos key storage. The keyrings are persistent
105 which are encrypted/decrypted with a 'master' symmetric key. The
106 'master' key can be either a trusted-key or user-key type.
|
| /security/selinux/ss/ |
| D | avtab.c | 71 struct avtab_key *key, struct avtab_datum *datum) in avtab_insert_node() argument
78 newnode->key = *key; in avtab_insert_node()
80 if (key->specified & AVTAB_XPERMS) { in avtab_insert_node()
106 static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum) in avtab_insert() argument
110 u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); in avtab_insert()
115 hvalue = avtab_hash(key, h->mask); in avtab_insert()
119 if (key->source_type == cur->key.source_type && in avtab_insert()
120 key->target_type == cur->key.target_type && in avtab_insert()
121 key->target_class == cur->key.target_class && in avtab_insert()
122 (specified & cur->key.specified)) { in avtab_insert()
[all …]
|
| D | hashtab.c | 15 struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key), in hashtab_create() argument
42 int hashtab_insert(struct hashtab *h, void *key, void *datum) in hashtab_insert() argument
52 hvalue = h->hash_value(h, key); in hashtab_insert()
55 while (cur && h->keycmp(h, key, cur->key) > 0) { in hashtab_insert()
60 if (cur && (h->keycmp(h, key, cur->key) == 0)) in hashtab_insert()
66 newnode->key = key; in hashtab_insert()
80 void *hashtab_search(struct hashtab *h, const void *key) in hashtab_search() argument
88 hvalue = h->hash_value(h, key); in hashtab_search()
90 while (cur && h->keycmp(h, key, cur->key) > 0) in hashtab_search()
93 if (!cur || (h->keycmp(h, key, cur->key) != 0)) in hashtab_search()
[all …]
|
| D | conditional.c | 101 cur->node->key.specified &= ~AVTAB_ENABLED; in evaluate_cond_node()
103 cur->node->key.specified |= AVTAB_ENABLED; in evaluate_cond_node()
109 cur->node->key.specified &= ~AVTAB_ENABLED; in evaluate_cond_node()
111 cur->node->key.specified |= AVTAB_ENABLED; in evaluate_cond_node()
185 int cond_destroy_bool(void *key, void *datum, void *p) in cond_destroy_bool() argument
187 kfree(key); in cond_destroy_bool()
192 int cond_index_bool(void *key, void *datum, void *datap) in cond_index_bool() argument
203 p->sym_val_to_name[SYM_BOOLS][booldatum->value - 1] = key; in cond_index_bool()
218 char *key = NULL; in cond_read_bool() local
244 key = kmalloc(len + 1, GFP_KERNEL); in cond_read_bool()
[all …]
|
| D | policydb.c | 185 static int perm_destroy(void *key, void *datum, void *p) in perm_destroy() argument
187 kfree(key); in perm_destroy()
192 static int common_destroy(void *key, void *datum, void *p) in common_destroy() argument
196 kfree(key); in common_destroy()
219 static int cls_destroy(void *key, void *datum, void *p) in cls_destroy() argument
225 kfree(key); in cls_destroy()
261 static int role_destroy(void *key, void *datum, void *p) in role_destroy() argument
265 kfree(key); in role_destroy()
275 static int type_destroy(void *key, void *datum, void *p) in type_destroy() argument
277 kfree(key); in type_destroy()
[all …]
|
| D | conditional.h | 65 int cond_destroy_bool(void *key, void *datum, void *p);
67 int cond_index_bool(void *key, void *datum, void *datap);
71 int cond_write_bool(void *key, void *datum, void *ptr);
74 void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
76 void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
|
| /security/integrity/ |
| D | digsig_asymmetric.c | 24 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key()
26 struct key *key; in request_asymmetric_key() local
33 key = get_ima_blacklist_keyring(); in request_asymmetric_key()
34 if (key) { in request_asymmetric_key()
37 kref = keyring_search(make_key_ref(key, 1), in request_asymmetric_key()
52 key = ERR_CAST(kref); in request_asymmetric_key()
54 key = key_ref_to_ptr(kref); in request_asymmetric_key()
56 key = request_key(&key_type_asymmetric, name, NULL); in request_asymmetric_key()
59 if (IS_ERR(key)) { in request_asymmetric_key()
61 name, PTR_ERR(key)); in request_asymmetric_key()
[all …]
|
| D | digsig.c | 23 static struct key *keyring[INTEGRITY_KEYRING_MAX];
42 static struct key *integrity_keyring_from_id(const unsigned int id) in integrity_keyring_from_id()
64 struct key *keyring; in integrity_digsig_verify()
88 struct key *keyring; in integrity_modsig_verify()
150 key_ref_t key; in integrity_add_key() local
156 key = key_create_or_update(make_key_ref(keyring[id], 1), "asymmetric", in integrity_add_key()
159 if (IS_ERR(key)) { in integrity_add_key()
160 rc = PTR_ERR(key); in integrity_add_key()
164 key_ref_to_ptr(key)->description); in integrity_add_key()
165 key_ref_put(key); in integrity_add_key()
|
| /security/keys/encrypted-keys/ |
| D | encrypted.c | 301 static struct key *request_user_key(const char *master_desc, const u8 **master_key, in request_user_key()
305 struct key *ukey; in request_user_key()
339 static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen, in calc_hmac() argument
352 err = crypto_shash_setkey(tfm, key, keylen); in calc_hmac()
389 static struct skcipher_request *init_skcipher_req(const u8 *key, in init_skcipher_req() argument
403 ret = crypto_skcipher_setkey(tfm, key, key_len); in init_skcipher_req()
422 static struct key *request_master_key(struct encrypted_key_payload *epayload, in request_master_key()
425 struct key *mkey = ERR_PTR(-EINVAL); in request_master_key()
607 static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, in encrypted_key_alloc() argument
651 ret = key_payload_reserve(key, payload_datalen + datablob_len in encrypted_key_alloc()
[all …]
|
| /security/integrity/ima/ |
| D | ima_queue.c | 54 unsigned int key; in ima_lookup_digest_entry() local
57 key = ima_hash_key(digest_value); in ima_lookup_digest_entry()
59 hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) { in ima_lookup_digest_entry()
98 unsigned int key; in ima_add_digest_entry() local
112 key = ima_hash_key(entry->digest); in ima_add_digest_entry()
113 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); in ima_add_digest_entry()
|