| /linux/security/keys/ |
| H A D | keyring.c | 17 #include <keys/keyring-type.h> 70 * The keyring key type definition. Keyrings are simply keys of this type and 76 static int keyring_instantiate(struct key *keyring, 78 static void keyring_revoke(struct key *keyring); 79 static void keyring_destroy(struct key *keyring); 80 static void keyring_describe(const struct key *keyring, struct seq_file *m); 81 static long keyring_read(const struct key *keyring, 85 .name = "keyring", 104 * Publish the name of a keyring so that it can be found by name (if it has 107 static void keyring_publish_name(struct key *keyring) in keyring_publish_name() argument 140 keyring_instantiate(struct key * keyring,struct key_preparsed_payload * prep) keyring_instantiate() argument 412 keyring_destroy(struct key * keyring) keyring_destroy() argument 437 keyring_describe(const struct key * keyring,struct seq_file * m) keyring_describe() argument 481 keyring_read(const struct key * keyring,char * buffer,size_t buflen) keyring_read() argument 523 struct key *keyring; keyring_alloc() local 554 restrict_link_reject(struct key * keyring,const struct key_type * type,const union key_payload * payload,struct key * restriction_key) restrict_link_reject() argument 646 search_keyring(struct key * keyring,struct keyring_search_context * ctx) search_keyring() argument 663 search_nested_keyrings(struct key * keyring,struct keyring_search_context * ctx) search_nested_keyrings() argument 667 struct key *keyring; search_nested_keyrings() member 905 struct key *keyring; keyring_search_rcu() local 940 keyring_search(key_ref_t keyring,struct key_type * type,const char * description,bool recurse) keyring_search() argument 1027 struct key *keyring; keyring_restrict() local 1104 struct key *keyring, *key; find_key_to_update() local 1147 struct key *keyring; find_keyring_by_name() local 1239 __key_link_lock(struct key * keyring,const struct keyring_index_key * index_key) __key_link_lock() argument 1295 __key_link_begin(struct key * keyring,const struct keyring_index_key * index_key,struct assoc_array_edit ** _edit) __key_link_begin() argument 1353 __key_link_check_live_key(struct key * keyring,struct key * key) __key_link_check_live_key() argument 1370 __key_link(struct key * keyring,struct key * key,struct assoc_array_edit ** _edit) __key_link() argument 1385 __key_link_end(struct key * keyring,const struct keyring_index_key * index_key,struct assoc_array_edit * edit) __key_link_end() argument 1410 __key_link_check_restriction(struct key * keyring,struct key * key) __key_link_check_restriction() argument 1438 key_link(struct key * keyring,struct key * key) key_link() argument 1474 __key_unlink_lock(struct key * keyring) __key_unlink_lock() argument 1487 __key_unlink_begin(struct key * keyring,struct key * key,struct assoc_array_edit ** _edit) __key_unlink_begin() argument 1509 __key_unlink(struct key * keyring,struct key * key,struct assoc_array_edit ** _edit) __key_unlink() argument 1521 __key_unlink_end(struct key * keyring,struct key * key,struct assoc_array_edit * edit) __key_unlink_end() argument 1548 key_unlink(struct key * keyring,struct key * key) key_unlink() argument 1650 keyring_clear(struct key * keyring) keyring_clear() argument 1681 keyring_revoke(struct key * keyring) keyring_revoke() argument 1719 keyring_gc(struct key * keyring,time64_t limit) keyring_gc() argument 1764 keyring_restriction_gc(struct key * keyring,struct key_type * dead_type) keyring_restriction_gc() argument [all...] |
| H A D | process_keys.c | 223 struct key *keyring; in install_thread_keyring_to_cred() local 228 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred() 232 if (IS_ERR(keyring)) in install_thread_keyring_to_cred() 233 return PTR_ERR(keyring); in install_thread_keyring_to_cred() 235 new->thread_keyring = keyring; in install_thread_keyring_to_cred() 270 struct key *keyring; in install_process_keyring_to_cred() local 275 keyring = keyring_alloc("_pid", new->uid, new->gid, new, in install_process_keyring_to_cred() 279 if (IS_ERR(keyring)) in install_process_keyring_to_cred() 280 return PTR_ERR(keyring); in install_process_keyring_to_cred() 282 new->process_keyring = keyring; in install_process_keyring_to_cred() [all …]
|
| H A D | key.c | 207 * keyring is destroyed, so it must be dynamically allocated. 422 * Instantiate a key and link it into the target keyring atomically. Must be 423 * called with the target keyring's semaphore writelocked. The target key's 429 struct key *keyring, in __key_instantiate_and_link() argument 436 key_check(keyring); in __key_instantiate_and_link() 457 /* and link it into the destination keyring */ in __key_instantiate_and_link() 458 if (keyring) { in __key_instantiate_and_link() 459 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in __key_instantiate_and_link() 462 __key_link(keyring, key, _edit); in __key_instantiate_and_link() 484 * key_instantiate_and_link - Instantiate a key and link it into the keyring 502 key_instantiate_and_link(struct key * key,const void * data,size_t datalen,struct key * keyring,struct key * authkey) key_instantiate_and_link() argument 578 key_reject_and_link(struct key * key,unsigned timeout,unsigned error,struct key * keyring,struct key * authkey) key_reject_and_link() argument 821 struct key *keyring, *key = NULL; __key_create_or_update() local [all...] |
| /linux/security/integrity/ |
| H A D | digsig.c | 22 static struct key *keyring[INTEGRITY_KEYRING_MAX]; variable 47 if (!keyring[id]) { in integrity_keyring_from_id() 48 keyring[id] = in integrity_keyring_from_id() 50 if (IS_ERR(keyring[id])) { in integrity_keyring_from_id() 51 int err = PTR_ERR(keyring[id]); in integrity_keyring_from_id() 52 pr_err("no %s keyring: %d\n", keyring_name[id], err); in integrity_keyring_from_id() 53 keyring[id] = NULL; in integrity_keyring_from_id() 58 return keyring[id]; in integrity_keyring_from_id() 64 struct key *keyring; in integrity_digsig_verify() local 69 keyring in integrity_digsig_verify() 89 struct key *keyring; integrity_modsig_verify() local [all...] |
| H A D | Kconfig | 29 to "lock" certain keyring to prevent adding new keys. 54 keyring. 57 bool "Provide keyring for platform/firmware trusted keys" 61 Provide a separate, distinct keyring for platform trusted keys, which 67 bool "Provide a keyring to which Machine Owner Keys may be added" 73 If set, provide a keyring to which Machine Owner Keys (MOK) may 74 be added. This keyring shall contain just MOK keys. Unlike keys 75 in the platform keyring, keys contained in the .machine keyring will 83 The .machine keyring can be configured to enforce CA restriction 85 and all Machine Owner Keys (MOK) are added to the machine keyring. [all …]
|
| H A D | digsig_asymmetric.c | 22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument 43 if (keyring) { in request_asymmetric_key() 44 /* search in specific keyring */ in request_asymmetric_key() 47 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key() 58 if (keyring) in request_asymmetric_key() 59 pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n", in request_asymmetric_key() 60 name, keyring->description, in request_asymmetric_key() 82 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument 102 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); in asymmetric_verify()
|
| /linux/include/keys/ |
| H A D | system_keyring.h | 22 extern int restrict_link_by_builtin_trusted(struct key *keyring, 30 extern __init int load_module_cert(struct key *keyring); 36 static inline __init int load_module_cert(struct key *keyring) in load_module_cert() argument 45 struct key *keyring, 49 int restrict_link_by_digsig_builtin_and_secondary(struct key *keyring, 68 extern void __init set_machine_trusted_keys(struct key *keyring); 71 static inline void __init set_machine_trusted_keys(struct key *keyring) in set_machine_trusted_keys() argument 126 extern void __init set_platform_trusted_keys(struct key *keyring); 128 static inline void set_platform_trusted_keys(struct key *keyring) in set_platform_trusted_keys() argument
|
| /linux/crypto/asymmetric_keys/ |
| H A D | selftest.c | 21 struct key *keyring; in fips_signature_selftest() local 26 keyring = keyring_alloc(".certs_selftest", in fips_signature_selftest() 33 if (IS_ERR(keyring)) in fips_signature_selftest() 34 panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring)); in fips_signature_selftest() 36 ret = x509_load_certificate_list(keys, keys_len, keyring); in fips_signature_selftest() 52 ret = pkcs7_validate_trust(pkcs7, keyring); in fips_signature_selftest() 58 key_put(keyring); in fips_signature_selftest()
|
| /linux/drivers/nvme/common/ |
| H A D | keyring.c | 91 static struct key *nvme_tls_psk_lookup(struct key *keyring, in nvme_tls_psk_lookup() argument 107 if (!keyring) in nvme_tls_psk_lookup() 108 keyring = nvme_keyring; in nvme_tls_psk_lookup() 109 keyring_id = key_serial(keyring); in nvme_tls_psk_lookup() 112 keyref = keyring_search(make_key_ref(keyring, true), in nvme_tls_psk_lookup() 142 struct key *nvme_tls_psk_refresh(struct key *keyring, in nvme_tls_psk_refresh() argument 163 if (!keyring) in nvme_tls_psk_refresh() 164 keyring = nvme_keyring; in nvme_tls_psk_refresh() 165 keyring_id = key_serial(keyring); in nvme_tls_psk_refresh() 168 keyref = key_create_or_update(make_key_ref(keyring, true), in nvme_tls_psk_refresh() [all …]
|
| H A D | Makefile | 6 obj-$(CONFIG_NVME_KEYRING) += nvme-keyring.o 9 nvme-keyring-y += keyring.o
|
| /linux/Documentation/security/ |
| H A D | digsig.rst | 63 * @keyring: keyring to search key in 75 int digsig_verify(struct key *keyring, const char *sig, int siglen, 82 to generate signatures, to load keys into the kernel keyring. 84 When the key is added to the kernel keyring, the keyid defines the name 91 -3 --alswrv 0 0 keyring: _ses 92 603976250 --alswrv 0 -1 \_ keyring: _uid.0 95 170323636 --alswrv 0 0 \_ keyring: _module 96 548221616 --alswrv 0 0 \_ keyring: _ima 97 128198054 --alswrv 0 0 \_ keyring: _evm 100 1 key in keyring:
|
| /linux/fs/crypto/ |
| H A D | keyring.c | 3 * Filesystem-level keyring for fscrypt 10 * filesystem-level keyring, including the ioctls: 75 * that concurrent keyring lookups can no longer find it. in fscrypt_put_master_key() 79 /* Clear the keyring so the quota gets released right away. */ in fscrypt_put_master_key() 96 * fscrypt_master_key struct by removing it from the keyring and in fscrypt_put_master_key_activeref() 207 struct fscrypt_keyring *keyring; in allocate_filesystem_keyring() local 212 keyring = kzalloc_obj(*keyring); in allocate_filesystem_keyring() 213 if (!keyring) in allocate_filesystem_keyring() 215 spin_lock_init(&keyring in allocate_filesystem_keyring() 237 struct fscrypt_keyring *keyring = sb->s_master_keys; fscrypt_destroy_keyring() local 268 fscrypt_mk_hash_bucket(struct fscrypt_keyring * keyring,const struct fscrypt_key_specifier * mk_spec) fscrypt_mk_hash_bucket() argument 292 struct fscrypt_keyring *keyring; fscrypt_find_master_key() local 341 struct key *keyring; allocate_master_key_users_keyring() local 433 struct fscrypt_keyring *keyring = sb->s_master_keys; add_new_master_key() local [all...] |
| /linux/Documentation/security/keys/ |
| H A D | core.rst | 10 other keys. Processes each have three standard keyring subscriptions that a 68 actual "key". In the case of a keyring, this is a list of keys to which 69 the keyring links; in the case of a user-defined key, it's an arbitrary 116 (+) "keyring" 140 * Each process subscribes to three keyrings: a thread-specific keyring, a 141 process-specific keyring, and a session-specific keyring. 143 The thread-specific keyring is discarded from the child when any sort of 144 clone, fork, vfork or execve occurs. A new keyring is created only when 147 The process-specific keyring is replaced with an empty one in the child on 149 shared. execve also discards the process's process keyring and creates a [all …]
|
| H A D | request-key.rst | 46 does not need to link the key to a keyring to prevent it from being immediately 63 The userspace interface links the key to a keyring associated with the process 96 keyring that contains a link to auth key V. 104 Kerberos TGT key). It just requests the appropriate key, and the keyring 105 search notes that the session keyring has auth key V in its bottom level. 152 A search of any particular keyring proceeds in the following fashion: 155 firstly calls key_permission(SEARCH) on the keyring it's starting with, 158 2) It considers all the non-keyring keys within that keyring and, if any key 164 3) It then considers all the keyring-type keys in the keyring it's currently 165 searching. It calls key_permission(SEARCH) on each keyring, and if this [all …]
|
| /linux/fs/smb/client/ |
| H A D | cifs_spnego.c | 181 struct key *keyring; in init_cifs_spnego() local 196 keyring = keyring_alloc(".cifs_spnego", in init_cifs_spnego() 201 if (IS_ERR(keyring)) { in init_cifs_spnego() 202 ret = PTR_ERR(keyring); in init_cifs_spnego() 214 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_cifs_spnego() 215 cred->thread_keyring = keyring; in init_cifs_spnego() 219 cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring)); in init_cifs_spnego() 223 key_put(keyring); in init_cifs_spnego()
|
| /linux/net/rxrpc/ |
| H A D | rxperf.c | 554 * Add an rxkad key to the security keyring. 556 static int rxperf_add_rxkad_key(struct key *keyring) in rxperf_add_rxkad_key() argument 561 kref = key_create_or_update(make_key_ref(keyring, true), in rxperf_add_rxkad_key() 575 ret = key_link(keyring, key_ref_to_ptr(kref)); in rxperf_add_rxkad_key() 584 * Add a yfs-rxgk key to the security keyring. 586 static int rxperf_add_yfs_rxgk_key(struct key *keyring, u32 enctype) in rxperf_add_yfs_rxgk_key() argument 603 kref = key_create_or_update(make_key_ref(keyring, true), in rxperf_add_yfs_rxgk_key() 615 ret = key_link(keyring, key_ref_to_ptr(kref)); in rxperf_add_yfs_rxgk_key() 628 struct key *keyring; in rxperf_init() local 637 keyring in rxperf_init() [all...] |
| /linux/security/integrity/ima/ |
| H A D | ima_asymmetric_keys.c | 29 void ima_post_key_create_or_update(struct key *keyring, struct key *key, in ima_post_key_create_or_update() argument 43 queued = ima_queue_key(keyring, payload, payload_len); in ima_post_key_create_or_update() 64 keyring->description, KEY_CHECK, 0, in ima_post_key_create_or_update() 65 keyring->description, false, NULL, 0); in ima_post_key_create_or_update()
|
| H A D | ima_queue_keys.c | 67 static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring, in ima_alloc_key_entry() argument 78 entry->keyring_name = kstrdup(keyring->description, in ima_alloc_key_entry() 94 keyring->description, in ima_alloc_key_entry() 104 bool ima_queue_key(struct key *keyring, const void *payload, in ima_queue_key() argument 110 entry = ima_alloc_key_entry(keyring, payload, payload_len); in ima_queue_key()
|
| /linux/scripts/ |
| H A D | extract-sys-certs.pl | 21 my $keyring = $ARGV[1]; 154 open FD, ">$keyring" || die $keyring; 157 die "$keyring" if (!defined($len)); 158 die "Short write on $keyring\n" if ($len != $size); 159 close(FD) || die $keyring;
|
| /linux/include/linux/ |
| H A D | nvme-keyring.h | 13 struct key *nvme_tls_psk_refresh(struct key *keyring, 16 key_serial_t nvme_tls_psk_default(struct key *keyring, 22 static inline struct key *nvme_tls_psk_refresh(struct key *keyring, in nvme_tls_psk_refresh() argument 28 static inline key_serial_t nvme_tls_psk_default(struct key *keyring, in nvme_tls_psk_default() argument
|
| H A D | key.h | 390 extern key_ref_t key_create(key_ref_t keyring, 398 extern key_ref_t key_create_or_update(key_ref_t keyring, 410 extern int key_link(struct key *keyring, 418 extern int key_unlink(struct key *keyring, 428 extern int restrict_link_reject(struct key *keyring, 433 extern int keyring_clear(struct key *keyring); 435 extern key_ref_t keyring_search(key_ref_t keyring, 440 extern int keyring_restrict(key_ref_t keyring, const char *type,
|
| H A D | key-type.h | 177 struct key *keyring, 182 struct key *keyring, 188 struct key *keyring, in key_negate_and_link() argument 191 return key_reject_and_link(key, timeout, ENOKEY, keyring, authkey); in key_negate_and_link()
|
| /linux/net/dns_resolver/ |
| H A D | dns_key.c | 338 struct key *keyring; in init_dns_resolver() local 351 keyring = keyring_alloc(".dns_resolver", in init_dns_resolver() 356 if (IS_ERR(keyring)) { in init_dns_resolver() 357 ret = PTR_ERR(keyring); in init_dns_resolver() 367 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_dns_resolver() 368 cred->thread_keyring = keyring; in init_dns_resolver() 372 kdebug("DNS resolver keyring: %d\n", key_serial(keyring)); in init_dns_resolver() 376 key_put(keyring); in init_dns_resolver()
|
| /linux/Documentation/crypto/ |
| H A D | asymmetric-keys.rst | 338 1) Restrict using the kernel builtin trusted keyring 343 The kernel builtin trusted keyring will be searched for the signing key. 344 If the builtin trusted keyring is not configured, all links will be 354 signing key. If the secondary trusted keyring is not configured, this 359 3) Restrict using a separate key or keyring 362 - "key_or_keyring:<key or keyring serial number>[:chain]" 368 serial number for a keyring. 371 within the destination keyring will also be searched for signing keys. 373 certificate in order (starting closest to the root) to a keyring. For 374 instance, one keyring can be populated with links to a set of root [all …]
|
| /linux/certs/ |
| H A D | system_keyring.c | 2 /* System trusted keyring for trusted public keys 36 * restrict_link_by_builtin_trusted - Restrict keyring addition by built-in CA 42 * Restrict the addition of keys into a keyring based on the key-to-be-added 43 * being vouched for by a key in the built in system keyring. 55 * restrict_link_by_digsig_builtin - Restrict digitalSignature key additions by the built-in keyring 61 * Restrict the addition of keys into a keyring based on the key-to-be-added 62 * being vouched for by a key in the built in system keyring. The new key 76 * restrict_link_by_builtin_and_secondary_trusted - Restrict keyring 83 * Restrict the addition of keys into a keyring based on the key-to-be-added 93 /* If we have a secondary trusted keyring, the in restrict_link_by_builtin_and_secondary_trusted() 187 set_machine_trusted_keys(struct key * keyring) set_machine_trusted_keys() argument 265 load_module_cert(struct key * keyring) load_module_cert() argument 424 set_platform_trusted_keys(struct key * keyring) set_platform_trusted_keys() argument [all...] |