/security/keys/ |
D | keyring.c | 76 static int keyring_instantiate(struct key *keyring, 78 static void keyring_revoke(struct key *keyring); 79 static void keyring_destroy(struct key *keyring); 80 static void keyring_describe(const struct key *keyring, struct seq_file *m); 81 static long keyring_read(const struct key *keyring, 107 static void keyring_publish_name(struct key *keyring) in keyring_publish_name() argument 111 if (keyring->description && in keyring_publish_name() 112 keyring->description[0] && in keyring_publish_name() 113 keyring->description[0] != '.') { in keyring_publish_name() 115 list_add_tail(&keyring->name_link, &ns->keyring_name_list); in keyring_publish_name() [all …]
|
D | process_keys.c | 223 struct key *keyring; in install_thread_keyring_to_cred() local 228 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred() 232 if (IS_ERR(keyring)) in install_thread_keyring_to_cred() 233 return PTR_ERR(keyring); in install_thread_keyring_to_cred() 235 new->thread_keyring = keyring; in install_thread_keyring_to_cred() 270 struct key *keyring; in install_process_keyring_to_cred() local 275 keyring = keyring_alloc("_pid", new->uid, new->gid, new, in install_process_keyring_to_cred() 279 if (IS_ERR(keyring)) in install_process_keyring_to_cred() 280 return PTR_ERR(keyring); in install_process_keyring_to_cred() 282 new->process_keyring = keyring; in install_process_keyring_to_cred() [all …]
|
D | key.c | 427 struct key *keyring, in __key_instantiate_and_link() argument 434 key_check(keyring); in __key_instantiate_and_link() 456 if (keyring) { in __key_instantiate_and_link() 457 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in __key_instantiate_and_link() 460 __key_link(keyring, key, _edit); in __key_instantiate_and_link() 499 struct key *keyring, in key_instantiate_and_link() argument 518 if (keyring) { in key_instantiate_and_link() 519 ret = __key_link_lock(keyring, &key->index_key); in key_instantiate_and_link() 523 ret = __key_link_begin(keyring, &key->index_key, &edit); in key_instantiate_and_link() 527 if (keyring->restrict_link && keyring->restrict_link->check) { in key_instantiate_and_link() [all …]
|
D | internal.h | 95 extern int __key_link_lock(struct key *keyring, 99 extern int __key_link_begin(struct key *keyring, 102 extern int __key_link_check_live_key(struct key *keyring, struct key *key); 103 extern void __key_link(struct key *keyring, struct key *key, 105 extern void __key_link_end(struct key *keyring, 112 extern struct key *keyring_search_instkey(struct key *keyring, 115 extern int iterate_over_keyring(const struct key *keyring, 176 extern void keyring_gc(struct key *keyring, time64_t limit); 177 extern void keyring_restriction_gc(struct key *keyring,
|
D | request_key.c | 82 struct key *keyring = info->data; in umh_keys_init() local 84 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init() 92 struct key *keyring = info->data; in umh_keys_cleanup() local 93 key_put(keyring); in umh_keys_cleanup() 124 struct key *key = rka->target_key, *keyring, *session, *user_session; in call_sbin_request_key() local 140 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key() 144 if (IS_ERR(keyring)) { in call_sbin_request_key() 145 ret = PTR_ERR(keyring); in call_sbin_request_key() 150 ret = key_link(keyring, authkey); in call_sbin_request_key() 196 ret = call_usermodehelper_keys(request_key, argv, envp, keyring, in call_sbin_request_key() [all …]
|
D | Kconfig | 17 Furthermore, a special type of key is available that acts as keyring: 51 A particular keyring may be accessed by either the user whose keyring 122 bool "Provide key/keyring change notifications"
|
D | Makefile | 12 keyring.o \
|
D | keyctl.c | 470 struct key *keyring; in keyctl_keyring_clear() local 493 keyring = key_ref_to_ptr(keyring_ref); in keyctl_keyring_clear() 494 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in keyctl_keyring_clear() 497 ret = keyring_clear(keyring); in keyctl_keyring_clear() 555 struct key *keyring, *key; in keyctl_keyring_unlink() local 570 keyring = key_ref_to_ptr(keyring_ref); in keyctl_keyring_unlink() 572 if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && in keyctl_keyring_unlink() 576 ret = key_unlink(keyring, key); in keyctl_keyring_unlink()
|
/security/integrity/ |
D | digsig.c | 22 static struct key *keyring[INTEGRITY_KEYRING_MAX]; variable 46 if (!keyring[id]) { in integrity_keyring_from_id() 47 keyring[id] = in integrity_keyring_from_id() 49 if (IS_ERR(keyring[id])) { in integrity_keyring_from_id() 50 int err = PTR_ERR(keyring[id]); in integrity_keyring_from_id() 52 keyring[id] = NULL; in integrity_keyring_from_id() 57 return keyring[id]; in integrity_keyring_from_id() 63 struct key *keyring; in integrity_digsig_verify() local 68 keyring = integrity_keyring_from_id(id); in integrity_digsig_verify() 69 if (IS_ERR(keyring)) in integrity_digsig_verify() [all …]
|
D | digsig_asymmetric.c | 22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument 43 if (keyring) { in request_asymmetric_key() 47 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key() 58 if (keyring) in request_asymmetric_key() 60 name, keyring->description, in request_asymmetric_key() 82 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument 102 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); in asymmetric_verify()
|
D | Kconfig | 29 to "lock" certain keyring to prevent adding new keys. 53 keyring. 56 bool "Provide keyring for platform/firmware trusted keys" 60 Provide a separate, distinct keyring for platform trusted keys, which 81 Enable loading of keys to the .platform keyring and blacklisted 82 hashes to the .blacklist keyring for powerpc based platforms.
|
D | integrity.h | 202 int asymmetric_verify(struct key *keyring, const char *sig, 205 static inline int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument 213 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig); 215 static inline int ima_modsig_verify(struct key *keyring, in ima_modsig_verify() argument
|
/security/integrity/ima/ |
D | ima_asymmetric_keys.c | 29 void ima_post_key_create_or_update(struct key *keyring, struct key *key, in ima_post_key_create_or_update() argument 43 queued = ima_queue_key(keyring, payload, payload_len); in ima_post_key_create_or_update() 64 keyring->description, KEY_CHECK, 0, in ima_post_key_create_or_update() 65 keyring->description, false, NULL, 0); in ima_post_key_create_or_update()
|
D | ima_queue_keys.c | 67 static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring, in ima_alloc_key_entry() argument 78 entry->keyring_name = kstrdup(keyring->description, in ima_alloc_key_entry() 94 keyring->description, in ima_alloc_key_entry() 104 bool ima_queue_key(struct key *keyring, const void *payload, in ima_queue_key() argument 110 entry = ima_alloc_key_entry(keyring, payload, payload_len); in ima_queue_key()
|
D | Kconfig | 198 keyring. 210 and verified by a public key on the trusted IMA keyring. 222 and verified by a key on the trusted IMA keyring. 258 IMA keys to be added may be added to the system secondary keyring, 268 This option creates an IMA blacklist keyring, which contains all 269 revoked IMA keys. It is consulted before any other keyring. If 274 bool "Load X509 certificate onto the '.ima' trusted keyring" 279 loaded on the .ima trusted keyring. These public keys are 281 .system keyring. This option enables X509 certificate 282 loading from the kernel onto the '.ima' trusted keyring.
|
D | ima_modsig.c | 119 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig) in ima_modsig_verify() argument 121 return verify_pkcs7_message_sig(NULL, 0, modsig->pkcs7_msg, keyring, in ima_modsig_verify()
|
D | ima.h | 244 bool ima_queue_key(struct key *keyring, const void *payload, 250 static inline bool ima_queue_key(struct key *keyring, in ima_queue_key() argument
|
/security/integrity/evm/ |
D | Kconfig | 59 bool "Load an X509 certificate onto the '.evm' trusted keyring" 63 Load an X509 certificate onto the '.evm' trusted keyring. 66 onto the '.evm' trusted keyring. A public key can be used to
|