Home
last modified time | relevance | path

Searched refs:keyring (Results 1 – 25 of 46) sorted by relevance

12

/Linux-v4.19/security/keys/
Dkeyring.c78 static int keyring_instantiate(struct key *keyring,
80 static void keyring_revoke(struct key *keyring);
81 static void keyring_destroy(struct key *keyring);
82 static void keyring_describe(const struct key *keyring, struct seq_file *m);
83 static long keyring_read(const struct key *keyring,
109 static void keyring_publish_name(struct key *keyring) in keyring_publish_name() argument
113 if (keyring->description) { in keyring_publish_name()
114 bucket = keyring_hash(keyring->description); in keyring_publish_name()
121 list_add_tail(&keyring->name_link, in keyring_publish_name()
148 static int keyring_instantiate(struct key *keyring, in keyring_instantiate() argument
[all …]
Dprocess_keys.c140 struct key *keyring; in install_thread_keyring_to_cred() local
145 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred()
149 if (IS_ERR(keyring)) in install_thread_keyring_to_cred()
150 return PTR_ERR(keyring); in install_thread_keyring_to_cred()
152 new->thread_keyring = keyring; in install_thread_keyring_to_cred()
187 struct key *keyring; in install_process_keyring_to_cred() local
192 keyring = keyring_alloc("_pid", new->uid, new->gid, new, in install_process_keyring_to_cred()
196 if (IS_ERR(keyring)) in install_process_keyring_to_cred()
197 return PTR_ERR(keyring); in install_process_keyring_to_cred()
199 new->process_keyring = keyring; in install_process_keyring_to_cred()
[all …]
Dkey.c424 struct key *keyring, in __key_instantiate_and_link() argument
431 key_check(keyring); in __key_instantiate_and_link()
452 if (keyring) { in __key_instantiate_and_link()
453 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in __key_instantiate_and_link()
498 struct key *keyring, in key_instantiate_and_link() argument
516 if (keyring) { in key_instantiate_and_link()
517 ret = __key_link_begin(keyring, &key->index_key, &edit); in key_instantiate_and_link()
521 if (keyring->restrict_link && keyring->restrict_link->check) { in key_instantiate_and_link()
522 struct key_restriction *keyres = keyring->restrict_link; in key_instantiate_and_link()
524 ret = keyres->check(keyring, key->type, &prep.payload, in key_instantiate_and_link()
[all …]
Dinternal.h96 extern int __key_link_begin(struct key *keyring,
99 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
101 extern void __key_link_end(struct key *keyring,
108 extern struct key *keyring_search_instkey(struct key *keyring,
111 extern int iterate_over_keyring(const struct key *keyring,
172 extern void keyring_gc(struct key *keyring, time64_t limit);
173 extern void keyring_restriction_gc(struct key *keyring,
Drequest_key.c58 struct key *keyring = info->data; in umh_keys_init() local
60 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
68 struct key *keyring = info->data; in umh_keys_cleanup() local
69 key_put(keyring); in umh_keys_cleanup()
101 struct key *key = cons->key, *authkey = cons->authkey, *keyring, in call_sbin_request_key() local
118 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
122 if (IS_ERR(keyring)) { in call_sbin_request_key()
123 ret = PTR_ERR(keyring); in call_sbin_request_key()
128 ret = key_link(keyring, authkey); in call_sbin_request_key()
176 ret = call_usermodehelper_keys(request_key, argv, envp, keyring, in call_sbin_request_key()
[all …]
DKconfig16 Furthermore, a special type of key is available that acts as keyring:
36 A particular keyring may be accessed by either the user whose keyring
/Linux-v4.19/security/integrity/
Ddigsig.c27 static struct key *keyring[INTEGRITY_KEYRING_MAX]; variable
58 if (!keyring[id]) { in integrity_digsig_verify()
59 keyring[id] = in integrity_digsig_verify()
61 if (IS_ERR(keyring[id])) { in integrity_digsig_verify()
62 int err = PTR_ERR(keyring[id]); in integrity_digsig_verify()
64 keyring[id] = NULL; in integrity_digsig_verify()
72 return digsig_verify(keyring[id], sig + 1, siglen - 1, in integrity_digsig_verify()
75 return asymmetric_verify(keyring[id], sig, siglen, in integrity_digsig_verify()
97 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), in integrity_init_keyring()
104 if (IS_ERR(keyring[id])) { in integrity_init_keyring()
[all …]
Ddigsig_asymmetric.c28 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument
49 if (keyring) { in request_asymmetric_key()
53 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key()
82 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
101 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); in asymmetric_verify()
Dintegrity.h172 int asymmetric_verify(struct key *keyring, const char *sig,
175 static inline int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
/Linux-v4.19/certs/
DKconfig23 Provide a system keyring to which trusted keys can be added. Keys in
24 the keyring are considered to be trusted. Keys may be added at will
27 keys already in the keyring.
29 Keys in this keyring are used by module signature checking.
32 string "Additional X.509 keys for default system keyring"
37 system keyring. Any certificate used for module signing is implicitly
40 NOTE: If you previously provided keys for the system keyring in the
50 system keyring without recompiling the kernel.
61 bool "Provide a keyring to which extra trustable keys may be added"
64 If set, provide a keyring to which extra keys may be added, provided
[all …]
/Linux-v4.19/Documentation/
Ddigsig.txt63 * @keyring: keyring to search key in
75 int digsig_verify(struct key *keyring, const char *sig, int siglen,
82 to generate signatures, to load keys into the kernel keyring.
84 When the key is added to the kernel keyring, the keyid defines the name
91 -3 --alswrv 0 0 keyring: _ses
92 603976250 --alswrv 0 -1 \_ keyring: _uid.0
95 170323636 --alswrv 0 0 \_ keyring: _module
96 548221616 --alswrv 0 0 \_ keyring: _ima
97 128198054 --alswrv 0 0 \_ keyring: _evm
100 1 key in keyring:
/Linux-v4.19/Documentation/security/keys/
Drequest-key.rst47 does not need to link the key to a keyring to prevent it from being immediately
60 The userspace interface links the key to a keyring associated with the process
93 keyring that contains a link to auth key V.
101 Kerberos TGT key). It just requests the appropriate key, and the keyring
102 search notes that the session keyring has auth key V in its bottom level.
149 A search of any particular keyring proceeds in the following fashion:
152 firstly calls key_permission(SEARCH) on the keyring it's starting with,
155 2) It considers all the non-keyring keys within that keyring and, if any key
161 3) It then considers all the keyring-type keys in the keyring it's currently
162 searching. It calls key_permission(SEARCH) on each keyring, and if this
[all …]
Dcore.rst10 other keys. Processes each have three standard keyring subscriptions that a
68 actual "key". In the case of a keyring, this is a list of keys to which
69 the keyring links; in the case of a user-defined key, it's an arbitrary
116 (+) "keyring"
140 * Each process subscribes to three keyrings: a thread-specific keyring, a
141 process-specific keyring, and a session-specific keyring.
143 The thread-specific keyring is discarded from the child when any sort of
144 clone, fork, vfork or execve occurs. A new keyring is created only when
147 The process-specific keyring is replaced with an empty one in the child on
149 shared. execve also discards the process's process keyring and creates a
[all …]
/Linux-v4.19/fs/cifs/
Dcifs_spnego.c191 struct key *keyring; in init_cifs_spnego() local
206 keyring = keyring_alloc(".cifs_spnego", in init_cifs_spnego()
211 if (IS_ERR(keyring)) { in init_cifs_spnego()
212 ret = PTR_ERR(keyring); in init_cifs_spnego()
224 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_cifs_spnego()
225 cred->thread_keyring = keyring; in init_cifs_spnego()
229 cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring)); in init_cifs_spnego()
233 key_put(keyring); in init_cifs_spnego()
/Linux-v4.19/scripts/
Dextract-sys-certs.pl21 my $keyring = $ARGV[1];
154 open FD, ">$keyring" || die $keyring;
157 die "$keyring" if (!defined($len));
158 die "Short write on $keyring\n" if ($len != $size);
159 close(FD) || die $keyring;
/Linux-v4.19/net/dns_resolver/
Ddns_key.c269 struct key *keyring; in init_dns_resolver() local
282 keyring = keyring_alloc(".dns_resolver", in init_dns_resolver()
287 if (IS_ERR(keyring)) { in init_dns_resolver()
288 ret = PTR_ERR(keyring); in init_dns_resolver()
298 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_dns_resolver()
299 cred->thread_keyring = keyring; in init_dns_resolver()
303 kdebug("DNS resolver keyring: %d\n", key_serial(keyring)); in init_dns_resolver()
307 key_put(keyring); in init_dns_resolver()
/Linux-v4.19/include/linux/
Dkey.h298 extern key_ref_t key_create_or_update(key_ref_t keyring,
310 extern int key_link(struct key *keyring,
313 extern int key_unlink(struct key *keyring,
323 extern int restrict_link_reject(struct key *keyring,
328 extern int keyring_clear(struct key *keyring);
330 extern key_ref_t keyring_search(key_ref_t keyring,
334 extern int keyring_add_key(struct key *keyring,
337 extern int keyring_restrict(key_ref_t keyring, const char *type,
Dkey-type.h172 struct key *keyring,
177 struct key *keyring,
183 struct key *keyring, in key_negate_and_link() argument
186 return key_reject_and_link(key, timeout, ENOKEY, keyring, instkey); in key_negate_and_link()
Ddigsig.h51 int digsig_verify(struct key *keyring, const char *sig, int siglen,
56 static inline int digsig_verify(struct key *keyring, const char *sig, in digsig_verify() argument
/Linux-v4.19/Documentation/crypto/
Dasymmetric-keys.txt327 (1) Restrict using the kernel builtin trusted keyring
332 The kernel builtin trusted keyring will be searched for the signing key.
333 If the builtin trusted keyring is not configured, all links will be
343 signing key. If the secondary trusted keyring is not configured, this
348 (3) Restrict using a separate key or keyring
351 - "key_or_keyring:<key or keyring serial number>[:chain]"
357 serial number for a keyring.
360 within the destination keyring will also be searched for signing keys.
362 certificate in order (starting closest to the root) to a keyring. For
363 instance, one keyring can be populated with links to a set of root
[all …]
/Linux-v4.19/security/integrity/ima/
DKconfig192 keyring.
204 and verified by a public key on the trusted IMA keyring.
216 and verified by a key on the trusted IMA keyring.
227 bool "Require all keys on the .ima keyring be signed (deprecated)"
234 keyring be signed by a key on the system trusted keyring.
251 IMA keys to be added may be added to the system secondary keyring,
261 This option creates an IMA blacklist keyring, which contains all
262 revoked IMA keys. It is consulted before any other keyring. If
267 bool "Load X509 certificate onto the '.ima' trusted keyring"
272 loaded on the .ima trusted keyring. These public keys are
[all …]
/Linux-v4.19/include/keys/
Dsystem_keyring.h19 extern int restrict_link_by_builtin_trusted(struct key *keyring,
30 struct key *keyring,
/Linux-v4.19/security/integrity/evm/
DKconfig58 bool "Load an X509 certificate onto the '.evm' trusted keyring"
62 Load an X509 certificate onto the '.evm' trusted keyring.
65 onto the '.evm' trusted keyring. A public key can be used to
/Linux-v4.19/lib/
Ddigsig.c202 int digsig_verify(struct key *keyring, const char *sig, int siglen, in digsig_verify() argument
220 if (keyring) { in digsig_verify()
223 kref = keyring_search(make_key_ref(keyring, 1UL), in digsig_verify()
/Linux-v4.19/fs/nfs/
Dnfs4idmap.c190 struct key *keyring; in nfs_idmap_init() local
200 keyring = keyring_alloc(".id_resolver", in nfs_idmap_init()
205 if (IS_ERR(keyring)) { in nfs_idmap_init()
206 ret = PTR_ERR(keyring); in nfs_idmap_init()
218 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in nfs_idmap_init()
219 cred->thread_keyring = keyring; in nfs_idmap_init()
227 key_put(keyring); in nfs_idmap_init()

12