Home
last modified time | relevance | path

Searched refs:keyring (Results 1 – 25 of 64) sorted by relevance

123

/linux/security/keys/
H A Dkeyring.c76 static int keyring_instantiate(struct key *keyring,
78 static void keyring_revoke(struct key *keyring);
79 static void keyring_destroy(struct key *keyring);
80 static void keyring_describe(const struct key *keyring, struct seq_file *m);
81 static long keyring_read(const struct key *keyring,
107 static void keyring_publish_name(struct key *keyring) in keyring_publish_name() argument
111 if (keyring->description && in keyring_publish_name()
112 keyring->description[0] && in keyring_publish_name()
113 keyring->description[0] != '.') { in keyring_publish_name()
115 list_add_tail(&keyring->name_link, &ns->keyring_name_list); in keyring_publish_name()
[all …]
H A Dprocess_keys.c223 struct key *keyring; in install_thread_keyring_to_cred() local
228 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred()
232 if (IS_ERR(keyring)) in install_thread_keyring_to_cred()
233 return PTR_ERR(keyring); in install_thread_keyring_to_cred()
235 new->thread_keyring = keyring; in install_thread_keyring_to_cred()
270 struct key *keyring; in install_process_keyring_to_cred() local
275 keyring = keyring_alloc("_pid", new->uid, new->gid, new, in install_process_keyring_to_cred()
279 if (IS_ERR(keyring)) in install_process_keyring_to_cred()
280 return PTR_ERR(keyring); in install_process_keyring_to_cred()
282 new->process_keyring = keyring; in install_process_keyring_to_cred()
[all …]
H A Dkey.c429 struct key *keyring, in __key_instantiate_and_link() argument
436 key_check(keyring); in __key_instantiate_and_link()
458 if (keyring) { in __key_instantiate_and_link()
459 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in __key_instantiate_and_link()
462 __key_link(keyring, key, _edit); in __key_instantiate_and_link()
502 struct key *keyring, in key_instantiate_and_link() argument
521 if (keyring) { in key_instantiate_and_link()
522 ret = __key_link_lock(keyring, &key->index_key); in key_instantiate_and_link()
526 ret = __key_link_begin(keyring, &key->index_key, &edit); in key_instantiate_and_link()
530 if (keyring->restrict_link && keyring->restrict_link->check) { in key_instantiate_and_link()
[all …]
H A Dinternal.h95 extern int __key_link_lock(struct key *keyring,
99 extern int __key_link_begin(struct key *keyring,
102 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
103 extern void __key_link(struct key *keyring, struct key *key,
105 extern void __key_link_end(struct key *keyring,
167 extern void keyring_gc(struct key *keyring, time64_t limit);
168 extern void keyring_restriction_gc(struct key *keyring,
H A Drequest_key.c82 struct key *keyring = info->data; in umh_keys_init() local
84 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
92 struct key *keyring = info->data; in umh_keys_cleanup() local
93 key_put(keyring); in umh_keys_cleanup()
124 struct key *key = rka->target_key, *keyring, *session, *user_session; in call_sbin_request_key() local
140 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
144 if (IS_ERR(keyring)) { in call_sbin_request_key()
145 ret = PTR_ERR(keyring); in call_sbin_request_key()
150 ret = key_link(keyring, authkey); in call_sbin_request_key()
196 ret = call_usermodehelper_keys(request_key, argv, envp, keyring, in call_sbin_request_key()
[all …]
/linux/security/integrity/
H A Ddigsig.c22 static struct key *keyring[INTEGRITY_KEYRING_MAX]; variable
47 if (!keyring[id]) { in integrity_keyring_from_id()
48 keyring[id] = in integrity_keyring_from_id()
50 if (IS_ERR(keyring[id])) { in integrity_keyring_from_id()
51 int err = PTR_ERR(keyring[id]); in integrity_keyring_from_id()
52 pr_err("no %s keyring: %d\n", keyring_name[id], err); in integrity_keyring_from_id()
53 keyring[id] = NULL; in integrity_keyring_from_id()
58 return keyring[id]; in integrity_keyring_from_id()
64 struct key *keyring; in integrity_digsig_verify() local
69 keyring in integrity_digsig_verify()
89 struct key *keyring; integrity_modsig_verify() local
[all...]
H A DKconfig29 to "lock" certain keyring to prevent adding new keys.
54 keyring.
57 bool "Provide keyring for platform/firmware trusted keys"
61 Provide a separate, distinct keyring for platform trusted keys, which
67 bool "Provide a keyring to which Machine Owner Keys may be added"
73 If set, provide a keyring to which Machine Owner Keys (MOK) may
74 be added. This keyring shall contain just MOK keys. Unlike keys
75 in the platform keyring, keys contained in the .machine keyring will
83 The .machine keyring can be configured to enforce CA restriction
85 and all Machine Owner Keys (MOK) are added to the machine keyring.
[all …]
H A Ddigsig_asymmetric.c22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument
43 if (keyring) { in request_asymmetric_key()
44 /* search in specific keyring */ in request_asymmetric_key()
47 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key()
58 if (keyring) in request_asymmetric_key()
59 pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n", in request_asymmetric_key()
60 name, keyring->description, in request_asymmetric_key()
82 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
102 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); in asymmetric_verify()
179 int asymmetric_verify_v3(struct key *keyring, cons
[all...]
H A Dintegrity.h172 int asymmetric_verify(struct key *keyring, const char *sig,
174 int asymmetric_verify_v3(struct key *keyring, const char *sig, in asymmetric_verify()
177 static inline int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify()
183 static inline int asymmetric_verify_v3(struct key *keyring, in ima_modsig_verify() argument
192 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig);
194 static inline int ima_modsig_verify(struct key *keyring, in ima_load_x509()
173 asymmetric_verify(struct key * keyring,const char * sig,int siglen,const char * data,int datalen) asymmetric_verify() argument
/linux/include/keys/
H A Dsystem_keyring.h22 extern int restrict_link_by_builtin_trusted(struct key *keyring,
30 extern __init int load_module_cert(struct key *keyring);
36 static inline __init int load_module_cert(struct key *keyring) in load_module_cert() argument
45 struct key *keyring,
49 int restrict_link_by_digsig_builtin_and_secondary(struct key *keyring,
68 extern void __init set_machine_trusted_keys(struct key *keyring);
71 static inline void __init set_machine_trusted_keys(struct key *keyring) in set_machine_trusted_keys() argument
126 extern void __init set_platform_trusted_keys(struct key *keyring);
128 static inline void set_platform_trusted_keys(struct key *keyring) in set_platform_trusted_keys() argument
/linux/crypto/asymmetric_keys/
H A Dselftest.c21 struct key *keyring; in fips_signature_selftest() local
26 keyring = keyring_alloc(".certs_selftest", in fips_signature_selftest()
33 if (IS_ERR(keyring)) in fips_signature_selftest()
34 panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring)); in fips_signature_selftest()
36 ret = x509_load_certificate_list(keys, keys_len, keyring); in fips_signature_selftest()
52 ret = pkcs7_validate_trust(pkcs7, keyring); in fips_signature_selftest()
58 key_put(keyring); in fips_signature_selftest()
/linux/drivers/nvme/common/
H A Dkeyring.c91 static struct key *nvme_tls_psk_lookup(struct key *keyring, in nvme_tls_psk_lookup() argument
107 if (!keyring) in nvme_tls_psk_lookup()
108 keyring = nvme_keyring; in nvme_tls_psk_lookup()
109 keyring_id = key_serial(keyring); in nvme_tls_psk_lookup()
112 keyref = keyring_search(make_key_ref(keyring, true), in nvme_tls_psk_lookup()
142 struct key *nvme_tls_psk_refresh(struct key *keyring, in nvme_tls_psk_refresh() argument
163 if (!keyring) in nvme_tls_psk_refresh()
164 keyring = nvme_keyring; in nvme_tls_psk_refresh()
165 keyring_id = key_serial(keyring); in nvme_tls_psk_refresh()
168 keyref = key_create_or_update(make_key_ref(keyring, true), in nvme_tls_psk_refresh()
[all …]
/linux/Documentation/security/
H A Ddigsig.rst63 * @keyring: keyring to search key in
75 int digsig_verify(struct key *keyring, const char *sig, int siglen,
82 to generate signatures, to load keys into the kernel keyring.
84 When the key is added to the kernel keyring, the keyid defines the name
91 -3 --alswrv 0 0 keyring: _ses
92 603976250 --alswrv 0 -1 \_ keyring: _uid.0
95 170323636 --alswrv 0 0 \_ keyring: _module
96 548221616 --alswrv 0 0 \_ keyring: _ima
97 128198054 --alswrv 0 0 \_ keyring: _evm
100 1 key in keyring:
/linux/Documentation/security/keys/
H A Dcore.rst10 other keys. Processes each have three standard keyring subscriptions that a
68 actual "key". In the case of a keyring, this is a list of keys to which
69 the keyring links; in the case of a user-defined key, it's an arbitrary
116 (+) "keyring"
140 * Each process subscribes to three keyrings: a thread-specific keyring, a
141 process-specific keyring, and a session-specific keyring.
143 The thread-specific keyring is discarded from the child when any sort of
144 clone, fork, vfork or execve occurs. A new keyring is created only when
147 The process-specific keyring is replaced with an empty one in the child on
149 shared. execve also discards the process's process keyring and creates a
[all …]
H A Drequest-key.rst46 does not need to link the key to a keyring to prevent it from being immediately
63 The userspace interface links the key to a keyring associated with the process
96 keyring that contains a link to auth key V.
104 Kerberos TGT key). It just requests the appropriate key, and the keyring
105 search notes that the session keyring has auth key V in its bottom level.
152 A search of any particular keyring proceeds in the following fashion:
155 firstly calls key_permission(SEARCH) on the keyring it's starting with,
158 2) It considers all the non-keyring keys within that keyring and, if any key
164 3) It then considers all the keyring-type keys in the keyring it's currently
165 searching. It calls key_permission(SEARCH) on each keyring, and if this
[all …]
/linux/net/rxrpc/
H A Drxperf.c556 static int rxperf_add_rxkad_key(struct key *keyring) in rxperf_add_rxkad_key() argument
561 kref = key_create_or_update(make_key_ref(keyring, true), in rxperf_add_rxkad_key()
575 ret = key_link(keyring, key_ref_to_ptr(kref)); in rxperf_add_rxkad_key()
586 static int rxperf_add_yfs_rxgk_key(struct key *keyring, u32 enctype) in rxperf_add_yfs_rxgk_key() argument
603 kref = key_create_or_update(make_key_ref(keyring, true), in rxperf_add_yfs_rxgk_key()
615 ret = key_link(keyring, key_ref_to_ptr(kref)); in rxperf_add_yfs_rxgk_key()
628 struct key *keyring; in rxperf_init() local
637 keyring = keyring_alloc("rxperf_server", in rxperf_init()
646 if (IS_ERR(keyring)) { in rxperf_init()
648 PTR_ERR(keyring)); in rxperf_init()
[all …]
/linux/security/integrity/ima/
H A Dima_asymmetric_keys.c29 void ima_post_key_create_or_update(struct key *keyring, struct key *key, in ima_post_key_create_or_update() argument
43 queued = ima_queue_key(keyring, payload, payload_len); in ima_post_key_create_or_update()
64 keyring->description, KEY_CHECK, 0, in ima_post_key_create_or_update()
65 keyring->description, false, NULL, 0); in ima_post_key_create_or_update()
H A Dima_queue_keys.c67 static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring, in ima_alloc_key_entry() argument
78 entry->keyring_name = kstrdup(keyring->description, in ima_alloc_key_entry()
94 keyring->description, in ima_alloc_key_entry()
104 bool ima_queue_key(struct key *keyring, const void *payload, in ima_queue_key() argument
110 entry = ima_alloc_key_entry(keyring, payload, payload_len); in ima_queue_key()
/linux/scripts/
H A Dextract-sys-certs.pl21 my $keyring = $ARGV[1];
154 open FD, ">$keyring" || die $keyring;
157 die "$keyring" if (!defined($len));
158 die "Short write on $keyring\n" if ($len != $size);
159 close(FD) || die $keyring;
/linux/include/linux/
H A Dnvme-keyring.h13 struct key *nvme_tls_psk_refresh(struct key *keyring,
16 key_serial_t nvme_tls_psk_default(struct key *keyring,
22 static inline struct key *nvme_tls_psk_refresh(struct key *keyring, in nvme_tls_psk_refresh() argument
28 static inline key_serial_t nvme_tls_psk_default(struct key *keyring, in nvme_tls_psk_default() argument
H A Dkey.h390 extern key_ref_t key_create(key_ref_t keyring,
398 extern key_ref_t key_create_or_update(key_ref_t keyring,
410 extern int key_link(struct key *keyring,
418 extern int key_unlink(struct key *keyring,
428 extern int restrict_link_reject(struct key *keyring,
433 extern int keyring_clear(struct key *keyring);
435 extern key_ref_t keyring_search(key_ref_t keyring,
440 extern int keyring_restrict(key_ref_t keyring, const char *type,
H A Dkey-type.h177 struct key *keyring,
182 struct key *keyring,
188 struct key *keyring, in key_negate_and_link() argument
191 return key_reject_and_link(key, timeout, ENOKEY, keyring, authkey); in key_negate_and_link()
/linux/Documentation/crypto/
H A Dasymmetric-keys.rst338 1) Restrict using the kernel builtin trusted keyring
343 The kernel builtin trusted keyring will be searched for the signing key.
344 If the builtin trusted keyring is not configured, all links will be
354 signing key. If the secondary trusted keyring is not configured, this
359 3) Restrict using a separate key or keyring
362 - "key_or_keyring:<key or keyring serial number>[:chain]"
368 serial number for a keyring.
371 within the destination keyring will also be searched for signing keys.
373 certificate in order (starting closest to the root) to a keyring. For
374 instance, one keyring can be populated with links to a set of root
[all …]
/linux/certs/
H A Dsystem_keyring.c187 void __init set_machine_trusted_keys(struct key *keyring) in set_machine_trusted_keys() argument
189 machine_trusted_keys = keyring; in set_machine_trusted_keys()
265 __init int load_module_cert(struct key *keyring) in load_module_cert() argument
273 module_cert_size, keyring); in load_module_cert()
424 void __init set_platform_trusted_keys(struct key *keyring) in set_platform_trusted_keys() argument
426 platform_trusted_keys = keyring; in set_platform_trusted_keys()
/linux/arch/s390/kernel/
H A Dcert_store.c315 static int invalidate_keyring_keys(struct key *keyring) in invalidate_keyring_keys() argument
323 keyring_payload_len = key_type_keyring.read(keyring, NULL, 0); in invalidate_keyring_keys()
329 rc = key_type_keyring.read(keyring, (char *)key_array, keyring_payload_len); in invalidate_keyring_keys()
341 rc = key_unlink(keyring, current_key); in invalidate_keyring_keys()
455 struct key *keyring) in create_key_from_vce() argument
466 make_key_ref(keyring, true), CERT_STORE_KEY_TYPE_NAME, in create_key_from_vce()
573 struct key *keyring) in create_key_from_sevcb() argument
594 rc = create_key_from_vce(vcssb, vce, keyring); in create_key_from_sevcb()
610 static int add_certificates_to_keyring(struct vcssb *vcssb, struct key *keyring) in add_certificates_to_keyring() argument
619 rc = create_key_from_sevcb(vcssb, index, keyring); in add_certificates_to_keyring()
[all …]

123