Home
last modified time | relevance | path

Searched refs:keyring (Results 1 – 18 of 18) sorted by relevance

/security/keys/
Dkeyring.c76 static int keyring_instantiate(struct key *keyring,
78 static void keyring_revoke(struct key *keyring);
79 static void keyring_destroy(struct key *keyring);
80 static void keyring_describe(const struct key *keyring, struct seq_file *m);
81 static long keyring_read(const struct key *keyring,
107 static void keyring_publish_name(struct key *keyring) in keyring_publish_name() argument
111 if (keyring->description && in keyring_publish_name()
112 keyring->description[0] && in keyring_publish_name()
113 keyring->description[0] != '.') { in keyring_publish_name()
115 list_add_tail(&keyring->name_link, &ns->keyring_name_list); in keyring_publish_name()
[all …]
Dprocess_keys.c223 struct key *keyring; in install_thread_keyring_to_cred() local
228 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred()
232 if (IS_ERR(keyring)) in install_thread_keyring_to_cred()
233 return PTR_ERR(keyring); in install_thread_keyring_to_cred()
235 new->thread_keyring = keyring; in install_thread_keyring_to_cred()
270 struct key *keyring; in install_process_keyring_to_cred() local
275 keyring = keyring_alloc("_pid", new->uid, new->gid, new, in install_process_keyring_to_cred()
279 if (IS_ERR(keyring)) in install_process_keyring_to_cred()
280 return PTR_ERR(keyring); in install_process_keyring_to_cred()
282 new->process_keyring = keyring; in install_process_keyring_to_cred()
[all …]
Dkey.c427 struct key *keyring, in __key_instantiate_and_link() argument
434 key_check(keyring); in __key_instantiate_and_link()
456 if (keyring) { in __key_instantiate_and_link()
457 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in __key_instantiate_and_link()
460 __key_link(keyring, key, _edit); in __key_instantiate_and_link()
499 struct key *keyring, in key_instantiate_and_link() argument
518 if (keyring) { in key_instantiate_and_link()
519 ret = __key_link_lock(keyring, &key->index_key); in key_instantiate_and_link()
523 ret = __key_link_begin(keyring, &key->index_key, &edit); in key_instantiate_and_link()
527 if (keyring->restrict_link && keyring->restrict_link->check) { in key_instantiate_and_link()
[all …]
Dinternal.h95 extern int __key_link_lock(struct key *keyring,
99 extern int __key_link_begin(struct key *keyring,
102 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
103 extern void __key_link(struct key *keyring, struct key *key,
105 extern void __key_link_end(struct key *keyring,
112 extern struct key *keyring_search_instkey(struct key *keyring,
115 extern int iterate_over_keyring(const struct key *keyring,
176 extern void keyring_gc(struct key *keyring, time64_t limit);
177 extern void keyring_restriction_gc(struct key *keyring,
Drequest_key.c82 struct key *keyring = info->data; in umh_keys_init() local
84 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
92 struct key *keyring = info->data; in umh_keys_cleanup() local
93 key_put(keyring); in umh_keys_cleanup()
124 struct key *key = rka->target_key, *keyring, *session, *user_session; in call_sbin_request_key() local
140 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
144 if (IS_ERR(keyring)) { in call_sbin_request_key()
145 ret = PTR_ERR(keyring); in call_sbin_request_key()
150 ret = key_link(keyring, authkey); in call_sbin_request_key()
196 ret = call_usermodehelper_keys(request_key, argv, envp, keyring, in call_sbin_request_key()
[all …]
DKconfig17 Furthermore, a special type of key is available that acts as keyring:
51 A particular keyring may be accessed by either the user whose keyring
122 bool "Provide key/keyring change notifications"
DMakefile12 keyring.o \
Dkeyctl.c470 struct key *keyring; in keyctl_keyring_clear() local
493 keyring = key_ref_to_ptr(keyring_ref); in keyctl_keyring_clear()
494 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in keyctl_keyring_clear()
497 ret = keyring_clear(keyring); in keyctl_keyring_clear()
555 struct key *keyring, *key; in keyctl_keyring_unlink() local
570 keyring = key_ref_to_ptr(keyring_ref); in keyctl_keyring_unlink()
572 if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && in keyctl_keyring_unlink()
576 ret = key_unlink(keyring, key); in keyctl_keyring_unlink()
/security/integrity/
Ddigsig.c22 static struct key *keyring[INTEGRITY_KEYRING_MAX]; variable
46 if (!keyring[id]) { in integrity_keyring_from_id()
47 keyring[id] = in integrity_keyring_from_id()
49 if (IS_ERR(keyring[id])) { in integrity_keyring_from_id()
50 int err = PTR_ERR(keyring[id]); in integrity_keyring_from_id()
52 keyring[id] = NULL; in integrity_keyring_from_id()
57 return keyring[id]; in integrity_keyring_from_id()
63 struct key *keyring; in integrity_digsig_verify() local
68 keyring = integrity_keyring_from_id(id); in integrity_digsig_verify()
69 if (IS_ERR(keyring)) in integrity_digsig_verify()
[all …]
Ddigsig_asymmetric.c22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument
43 if (keyring) { in request_asymmetric_key()
47 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key()
58 if (keyring) in request_asymmetric_key()
60 name, keyring->description, in request_asymmetric_key()
82 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
102 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); in asymmetric_verify()
DKconfig29 to "lock" certain keyring to prevent adding new keys.
53 keyring.
56 bool "Provide keyring for platform/firmware trusted keys"
60 Provide a separate, distinct keyring for platform trusted keys, which
81 Enable loading of keys to the .platform keyring and blacklisted
82 hashes to the .blacklist keyring for powerpc based platforms.
Dintegrity.h202 int asymmetric_verify(struct key *keyring, const char *sig,
205 static inline int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
213 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig);
215 static inline int ima_modsig_verify(struct key *keyring, in ima_modsig_verify() argument
/security/integrity/ima/
Dima_asymmetric_keys.c29 void ima_post_key_create_or_update(struct key *keyring, struct key *key, in ima_post_key_create_or_update() argument
43 queued = ima_queue_key(keyring, payload, payload_len); in ima_post_key_create_or_update()
64 keyring->description, KEY_CHECK, 0, in ima_post_key_create_or_update()
65 keyring->description, false, NULL, 0); in ima_post_key_create_or_update()
Dima_queue_keys.c67 static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring, in ima_alloc_key_entry() argument
78 entry->keyring_name = kstrdup(keyring->description, in ima_alloc_key_entry()
94 keyring->description, in ima_alloc_key_entry()
104 bool ima_queue_key(struct key *keyring, const void *payload, in ima_queue_key() argument
110 entry = ima_alloc_key_entry(keyring, payload, payload_len); in ima_queue_key()
DKconfig198 keyring.
210 and verified by a public key on the trusted IMA keyring.
222 and verified by a key on the trusted IMA keyring.
258 IMA keys to be added may be added to the system secondary keyring,
268 This option creates an IMA blacklist keyring, which contains all
269 revoked IMA keys. It is consulted before any other keyring. If
274 bool "Load X509 certificate onto the '.ima' trusted keyring"
279 loaded on the .ima trusted keyring. These public keys are
281 .system keyring. This option enables X509 certificate
282 loading from the kernel onto the '.ima' trusted keyring.
Dima_modsig.c119 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig) in ima_modsig_verify() argument
121 return verify_pkcs7_message_sig(NULL, 0, modsig->pkcs7_msg, keyring, in ima_modsig_verify()
Dima.h244 bool ima_queue_key(struct key *keyring, const void *payload,
250 static inline bool ima_queue_key(struct key *keyring, in ima_queue_key() argument
/security/integrity/evm/
DKconfig59 bool "Load an X509 certificate onto the '.evm' trusted keyring"
63 Load an X509 certificate onto the '.evm' trusted keyring.
66 onto the '.evm' trusted keyring. A public key can be used to