Lines Matching full:be
21 The "asymmetric" key type is designed to be a container for the keys used in
27 However, no requirement is made that the key data actually be stored in the
30 A completely in-kernel key retention and operation subtype can be defined, but
31 it would also be possible to provide access to cryptographic hardware (such as
32 a TPM) that might be used to both retain the relevant key and perform
34 merely be an interface to the TPM driver.
39 subtype of the key and define the operations that can be done on that key.
51 should be given from the content of the key.
53 This can then be used to refer to the key, either by complete match or by
72 only keys of the specified subtype (e.g. tpm) will be matched. For
143 The algorithm used must be noted in sig->pkey_hash_algo, and all the MPIs that
144 make up the actual signature must be stored in sig->mpi[] and the count of MPIs
148 hash must be pointed to by sig->digest and the size of the hash be placed in
157 data; or -ENOMEM if an allocation can't be performed. -EINVAL can be returned
164 Asymmetric keys have a subtype that defines the set of operations that can be
172 The subtype definition structure can be found in::
194 The owner and name fields should be set to the owning module and the name of
203 could be displayed. The key type will display the tail of the key
235 have various checks that can be performed on it (eg. self-signatures, validity
241 Examples of blob formats for which parsers could be implemented include:
253 The parser definition structure can be found in::
266 The owner and name fields should be set to the owning module and the name of
298 the key and attach it to ->description, ->payload[asym_subtype] should be
299 set to point to the subtype to be used, ->payload[asym_crypto] should be
302 quotalen should be updated to indicate how much quota this key should
306 ->description will be kfree()'d and the data attached to
307 ->payload[asm_crypto] will be passed to the subtype's ->destroy() method
308 to be disposed of. A module reference for the subtype pointed to by
309 ->payload[asym_subtype] will be put.
312 If the data format is not recognised, -EBADMSG should be returned. If it
313 is recognised, but the key cannot for some reason be set up, some other
314 negative error code should be returned. On success, 0 should be returned.
316 The key's fingerprint string may be partially matched upon. For a
317 public-key algorithm such as RSA and DSA this will likely be a printable
332 Keyrings created from userspace using add_key can be configured to check the
343 The kernel builtin trusted keyring will be searched for the signing key.
344 If the builtin trusted keyring is not configured, all links will be
353 The kernel builtin and secondary trusted keyrings will be searched for the
365 being linked is signed by one of the designated keys. This key may be
367 a group of keys may be searched for the signing key by providing the
371 within the destination keyring will also be searched for signing keys.
374 instance, one keyring can be populated with links to a set of root
376 certificate chain to be validated::
394 keyring, we can be certain that it has a valid signing chain going back to
397 A single keyring can be used to verify a chain of signatures by
415 keyring, we can be certain that there is a valid signing chain going back
420 be linked will be verified using the signing key. The requested key is added
422 returned if the parent certificate could not be found, or -EKEYREJECTED is
424 may be returned if the signature check could not be performed.