| /security/keys/ |
| A D | keyring.c | 531 key_put(keyring); in keyring_alloc()
536 return keyring; in keyring_alloc()
801 stack[sp].keyring = keyring; in search_nested_keyrings()
807 keyring = key; in search_nested_keyrings()
848 keyring = stack[sp].keyring; in search_nested_keyrings()
913 key_check(keyring); in keyring_search_rcu()
1189 return keyring; in find_keyring_by_name()
1412 if (!keyring->restrict_link || !keyring->restrict_link->check) in __key_link_check_restriction()
1443 kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage)); in key_link()
1723 kenter("%x{%s}", keyring->serial, keyring->description ?: ""); in keyring_gc()
[all …]
|
| A D | process_keys.c | 223 struct key *keyring; in install_thread_keyring_to_cred() local
232 if (IS_ERR(keyring)) in install_thread_keyring_to_cred()
270 struct key *keyring; in install_process_keyring_to_cred() local
279 if (IS_ERR(keyring)) in install_process_keyring_to_cred()
325 if (!keyring) { in install_session_keyring_to_cred()
333 if (IS_ERR(keyring)) in install_session_keyring_to_cred()
336 __key_get(keyring); in install_session_keyring_to_cred()
841 struct key *keyring; in join_session_keyring() local
893 ret = keyring->serial; in join_session_keyring()
894 key_put(keyring); in join_session_keyring()
[all …]
|
| A D | key.c | 436 key_check(keyring); in __key_instantiate_and_link()
458 if (keyring) { in __key_instantiate_and_link()
502 struct key *keyring, in key_instantiate_and_link() argument
521 if (keyring) { in key_instantiate_and_link()
530 if (keyring->restrict_link && keyring->restrict_link->check) { in key_instantiate_and_link()
543 if (keyring) in key_instantiate_and_link()
578 struct key *keyring, in key_reject_and_link() argument
585 key_check(keyring); in key_reject_and_link()
590 if (keyring) { in key_reject_and_link()
591 if (keyring->restrict_link) in key_reject_and_link()
[all …]
|
| A D | internal.h | 95 extern int __key_link_lock(struct key *keyring,
99 extern int __key_link_begin(struct key *keyring,
102 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
103 extern void __key_link(struct key *keyring, struct key *key,
105 extern void __key_link_end(struct key *keyring,
167 extern void keyring_gc(struct key *keyring, time64_t limit);
168 extern void keyring_restriction_gc(struct key *keyring,
|
| A D | request_key.c | 82 struct key *keyring = info->data; in umh_keys_init() local
84 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
92 struct key *keyring = info->data; in umh_keys_cleanup() local
93 key_put(keyring); in umh_keys_cleanup()
124 struct key *key = rka->target_key, *keyring, *session, *user_session; in call_sbin_request_key() local
140 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
144 if (IS_ERR(keyring)) { in call_sbin_request_key()
145 ret = PTR_ERR(keyring); in call_sbin_request_key()
150 ret = key_link(keyring, authkey); in call_sbin_request_key()
196 ret = call_usermodehelper_keys(request_key, argv, envp, keyring, in call_sbin_request_key()
[all …]
|
| A D | Kconfig | 17 Furthermore, a special type of key is available that acts as keyring:
51 A particular keyring may be accessed by either the user whose keyring
129 bool "Provide key/keyring change notifications"
|
| A D | Makefile | 12 keyring.o \
|
| A D | keyctl.c | 470 struct key *keyring; in keyctl_keyring_clear() local
493 keyring = key_ref_to_ptr(keyring_ref); in keyctl_keyring_clear()
494 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in keyctl_keyring_clear()
497 ret = keyring_clear(keyring); in keyctl_keyring_clear()
555 struct key *keyring, *key; in keyctl_keyring_unlink() local
570 keyring = key_ref_to_ptr(keyring_ref); in keyctl_keyring_unlink()
572 if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && in keyctl_keyring_unlink()
576 ret = key_unlink(keyring, key); in keyctl_keyring_unlink()
|
| /security/integrity/ |
| A D | digsig.c | 47 if (!keyring[id]) { in integrity_keyring_from_id()
48 keyring[id] = in integrity_keyring_from_id()
53 keyring[id] = NULL; in integrity_keyring_from_id()
58 return keyring[id]; in integrity_keyring_from_id()
64 struct key *keyring; in integrity_digsig_verify() local
70 if (IS_ERR(keyring)) in integrity_digsig_verify()
71 return PTR_ERR(keyring); in integrity_digsig_verify()
89 struct key *keyring; in integrity_modsig_verify() local
92 if (IS_ERR(keyring)) in integrity_modsig_verify()
112 keyring[id] = NULL; in __integrity_init_keyring()
[all …]
|
| A D | Kconfig | 29 to "lock" certain keyring to prevent adding new keys.
53 keyring.
56 bool "Provide keyring for platform/firmware trusted keys"
66 bool "Provide a keyring to which Machine Owner Keys may be added"
72 If set, provide a keyring to which Machine Owner Keys (MOK) may
74 in the platform keyring, keys contained in the .machine keyring will
85 If enabled only CA keys are added to the machine keyring, all
86 other MOK keys load into the platform keyring.
94 keyring that contain the CA bit set along with the keyCertSign
97 .platform keyring.
[all …]
|
| A D | digsig_asymmetric.c | 22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument
43 if (keyring) { in request_asymmetric_key()
47 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key()
58 if (keyring) in request_asymmetric_key()
60 name, keyring->description, in request_asymmetric_key()
82 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
102 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); in asymmetric_verify()
|
| A D | integrity.h | 168 int asymmetric_verify(struct key *keyring, const char *sig,
171 static inline int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
179 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig);
181 static inline int ima_modsig_verify(struct key *keyring, in ima_modsig_verify() argument
|
| /security/integrity/ima/ |
| A D | ima_asymmetric_keys.c | 29 void ima_post_key_create_or_update(struct key *keyring, struct key *key, in ima_post_key_create_or_update() argument
43 queued = ima_queue_key(keyring, payload, payload_len); in ima_post_key_create_or_update()
64 keyring->description, KEY_CHECK, 0, in ima_post_key_create_or_update()
65 keyring->description, false, NULL, 0); in ima_post_key_create_or_update()
|
| A D | ima_queue_keys.c | 67 static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring, in ima_alloc_key_entry() argument
78 entry->keyring_name = kstrdup(keyring->description, in ima_alloc_key_entry()
94 keyring->description, in ima_alloc_key_entry()
104 bool ima_queue_key(struct key *keyring, const void *payload, in ima_queue_key() argument
110 entry = ima_alloc_key_entry(keyring, payload, payload_len); in ima_queue_key()
|
| A D | Kconfig | 199 keyring.
211 and verified by a public key on the trusted IMA keyring.
223 and verified by a key on the trusted IMA keyring.
260 IMA keys to be added may be added to the system secondary keyring,
270 This option creates an IMA blacklist keyring, which contains all
271 revoked IMA keys. It is consulted before any other keyring. If
276 bool "Load X509 certificate onto the '.ima' trusted keyring"
281 loaded on the .ima trusted keyring. These public keys are
283 .system keyring. This option enables X509 certificate
284 loading from the kernel onto the '.ima' trusted keyring.
|
| A D | ima_modsig.c | 119 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig) in ima_modsig_verify() argument
121 return verify_pkcs7_message_sig(NULL, 0, modsig->pkcs7_msg, keyring, in ima_modsig_verify()
|
| A D | ima.h | 242 void ima_post_key_create_or_update(struct key *keyring, struct key *key,
369 bool ima_queue_key(struct key *keyring, const void *payload,
375 static inline bool ima_queue_key(struct key *keyring, in ima_queue_key() argument
|
| /security/ipe/ |
| A D | Kconfig | 36 bool "IPE policy update verification with secondary keyring"
40 Also allow the secondary trusted keyring to verify IPE policy
46 bool "IPE policy update verification with platform keyring"
50 Also allow the platform keyring to verify IPE policy updates.
94 is in the .fs-verity keyring.
|
| /security/integrity/evm/ |
| A D | Kconfig | 60 bool "Load an X509 certificate onto the '.evm' trusted keyring"
64 Load an X509 certificate onto the '.evm' trusted keyring.
67 onto the '.evm' trusted keyring. A public key can be used to
|
| /security/ |
| A D | security.c | 5579 void security_key_post_create_or_update(struct key *keyring, struct key *key, in security_key_post_create_or_update() argument
5583 call_void_hook(key_post_create_or_update, keyring, key, payload, in security_key_post_create_or_update()
|