| /linux-6.3-rc2/security/keys/ |
| A D | keyring.c | 531 key_put(keyring); in keyring_alloc()
536 return keyring; in keyring_alloc()
798 stack[sp].keyring = keyring; in search_nested_keyrings()
804 keyring = key; in search_nested_keyrings()
845 keyring = stack[sp].keyring; in search_nested_keyrings()
910 key_check(keyring); in keyring_search_rcu()
1186 return keyring; in find_keyring_by_name()
1409 if (!keyring->restrict_link || !keyring->restrict_link->check) in __key_link_check_restriction()
1440 kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage)); in key_link()
1720 kenter("%x{%s}", keyring->serial, keyring->description ?: ""); in keyring_gc()
[all …]
|
| A D | process_keys.c | 223 struct key *keyring; in install_thread_keyring_to_cred() local
232 if (IS_ERR(keyring)) in install_thread_keyring_to_cred()
270 struct key *keyring; in install_process_keyring_to_cred() local
279 if (IS_ERR(keyring)) in install_process_keyring_to_cred()
325 if (!keyring) { in install_session_keyring_to_cred()
333 if (IS_ERR(keyring)) in install_session_keyring_to_cred()
336 __key_get(keyring); in install_session_keyring_to_cred()
841 struct key *keyring; in join_session_keyring() local
893 ret = keyring->serial; in join_session_keyring()
894 key_put(keyring); in join_session_keyring()
[all …]
|
| A D | key.c | 433 key_check(keyring); in __key_instantiate_and_link()
455 if (keyring) { in __key_instantiate_and_link()
501 struct key *keyring, in key_instantiate_and_link() argument
520 if (keyring) { in key_instantiate_and_link()
529 if (keyring->restrict_link && keyring->restrict_link->check) { in key_instantiate_and_link()
542 if (keyring) in key_instantiate_and_link()
577 struct key *keyring, in key_reject_and_link() argument
584 key_check(keyring); in key_reject_and_link()
589 if (keyring) { in key_reject_and_link()
590 if (keyring->restrict_link) in key_reject_and_link()
[all …]
|
| A D | internal.h | 95 extern int __key_link_lock(struct key *keyring,
99 extern int __key_link_begin(struct key *keyring,
102 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
103 extern void __key_link(struct key *keyring, struct key *key,
105 extern void __key_link_end(struct key *keyring,
112 extern struct key *keyring_search_instkey(struct key *keyring,
115 extern int iterate_over_keyring(const struct key *keyring,
174 extern void keyring_gc(struct key *keyring, time64_t limit);
175 extern void keyring_restriction_gc(struct key *keyring,
|
| A D | request_key.c | 79 struct key *keyring = info->data; in umh_keys_init() local
81 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
89 struct key *keyring = info->data; in umh_keys_cleanup() local
90 key_put(keyring); in umh_keys_cleanup()
121 struct key *key = rka->target_key, *keyring, *session, *user_session; in call_sbin_request_key() local
137 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
141 if (IS_ERR(keyring)) { in call_sbin_request_key()
142 ret = PTR_ERR(keyring); in call_sbin_request_key()
147 ret = key_link(keyring, authkey); in call_sbin_request_key()
193 ret = call_usermodehelper_keys(request_key, argv, envp, keyring, in call_sbin_request_key()
[all …]
|
| /linux-6.3-rc2/security/integrity/ |
| A D | digsig.c | 47 if (!keyring[id]) { in integrity_keyring_from_id()
48 keyring[id] = in integrity_keyring_from_id()
53 keyring[id] = NULL; in integrity_keyring_from_id()
58 return keyring[id]; in integrity_keyring_from_id()
64 struct key *keyring; in integrity_digsig_verify() local
70 if (IS_ERR(keyring)) in integrity_digsig_verify()
71 return PTR_ERR(keyring); in integrity_digsig_verify()
89 struct key *keyring; in integrity_modsig_verify() local
92 if (IS_ERR(keyring)) in integrity_modsig_verify()
112 keyring[id] = NULL; in __integrity_init_keyring()
[all …]
|
| A D | digsig_asymmetric.c | 22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument
43 if (keyring) { in request_asymmetric_key()
47 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key()
58 if (keyring) in request_asymmetric_key()
60 name, keyring->description, in request_asymmetric_key()
82 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
102 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); in asymmetric_verify()
|
| A D | Kconfig | 29 to "lock" certain keyring to prevent adding new keys.
53 keyring.
56 bool "Provide keyring for platform/firmware trusted keys"
60 Provide a separate, distinct keyring for platform trusted keys, which
66 bool "Provide a keyring to which Machine Owner Keys may be added"
73 If set, provide a keyring to which Machine Owner Keys (MOK) may
74 be added. This keyring shall contain just MOK keys. Unlike keys
75 in the platform keyring, keys contained in the .machine keyring will
94 Enable loading of keys to the .platform keyring and blacklisted
95 hashes to the .blacklist keyring for powerpc based platforms.
|
| /linux-6.3-rc2/include/keys/ |
| A D | system_keyring.h | 22 extern int restrict_link_by_builtin_trusted(struct key *keyring,
26 extern __init int load_module_cert(struct key *keyring);
31 static inline __init int load_module_cert(struct key *keyring) in load_module_cert() argument
40 struct key *keyring,
54 extern void __init set_machine_trusted_keys(struct key *keyring);
57 static inline void __init set_machine_trusted_keys(struct key *keyring) in set_machine_trusted_keys() argument
112 extern void __init set_platform_trusted_keys(struct key *keyring);
114 static inline void set_platform_trusted_keys(struct key *keyring) in set_platform_trusted_keys() argument
|
| /linux-6.3-rc2/crypto/asymmetric_keys/ |
| A D | selftest.c | 180 struct key *keyring; in fips_signature_selftest() local
185 keyring = keyring_alloc(".certs_selftest", in fips_signature_selftest()
192 if (IS_ERR(keyring)) in fips_signature_selftest()
194 PTR_ERR(keyring)); in fips_signature_selftest()
197 sizeof(certs_selftest_keys) - 1, keyring); in fips_signature_selftest()
215 ret = pkcs7_validate_trust(pkcs7, keyring); in fips_signature_selftest()
222 key_put(keyring); in fips_signature_selftest()
|
| /linux-6.3-rc2/Documentation/security/ |
| A D | digsig.rst | 63 * @keyring: keyring to search key in
75 int digsig_verify(struct key *keyring, const char *sig, int siglen,
82 to generate signatures, to load keys into the kernel keyring.
84 When the key is added to the kernel keyring, the keyid defines the name
91 -3 --alswrv 0 0 keyring: _ses
92 603976250 --alswrv 0 -1 \_ keyring: _uid.0
95 170323636 --alswrv 0 0 \_ keyring: _module
96 548221616 --alswrv 0 0 \_ keyring: _ima
97 128198054 --alswrv 0 0 \_ keyring: _evm
100 1 key in keyring:
|
| /linux-6.3-rc2/certs/ |
| A D | Kconfig | 49 the keyring are considered to be trusted. Keys may be added at will
52 keys already in the keyring.
54 Keys in this keyring are used by module signature checking.
57 string "Additional X.509 keys for default system keyring"
65 NOTE: If you previously provided keys for the system keyring in the
75 system keyring without recompiling the kernel.
86 bool "Provide a keyring to which extra trustable keys may be added"
91 into the kernel or already in the secondary trusted keyring.
97 Provide a system keyring to which blacklisted keys can be added.
103 string "Hashes to be preloaded into the system blacklist keyring"
[all …]
|
| A D | system_keyring.c | 100 void __init set_machine_trusted_keys(struct key *keyring) in set_machine_trusted_keys() argument
102 machine_trusted_keys = keyring; in set_machine_trusted_keys()
178 __init int load_module_cert(struct key *keyring) in load_module_cert() argument
186 module_cert_size, keyring); in load_module_cert()
337 void __init set_platform_trusted_keys(struct key *keyring) in set_platform_trusted_keys() argument
339 platform_trusted_keys = keyring; in set_platform_trusted_keys()
|
| /linux-6.3-rc2/fs/crypto/ |
| A D | keyring.c | 193 keyring = kzalloc(sizeof(*keyring), GFP_KERNEL); in allocate_filesystem_keyring()
194 if (!keyring) in allocate_filesystem_keyring()
220 if (!keyring) in fscrypt_destroy_keyring()
244 kfree_sensitive(keyring); in fscrypt_destroy_keyring()
259 return &keyring->key_hashtable[i % ARRAY_SIZE(keyring->key_hashtable)]; in fscrypt_mk_hash_bucket()
284 if (keyring == NULL) in fscrypt_find_master_key()
322 struct key *keyring; in allocate_master_key_users_keyring() local
330 if (IS_ERR(keyring)) in allocate_master_key_users_keyring()
331 return PTR_ERR(keyring); in allocate_master_key_users_keyring()
333 mk->mk_users = keyring; in allocate_master_key_users_keyring()
[all …]
|
| /linux-6.3-rc2/fs/cifs/ |
| A D | cifs_spnego.c | 181 struct key *keyring; in init_cifs_spnego() local
196 keyring = keyring_alloc(".cifs_spnego", in init_cifs_spnego()
201 if (IS_ERR(keyring)) { in init_cifs_spnego()
202 ret = PTR_ERR(keyring); in init_cifs_spnego()
214 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_cifs_spnego()
215 cred->thread_keyring = keyring; in init_cifs_spnego()
219 cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring)); in init_cifs_spnego()
223 key_put(keyring); in init_cifs_spnego()
|
| /linux-6.3-rc2/Documentation/security/keys/ |
| A D | core.rst | 116 (+) "keyring"
141 process-specific keyring, and a session-specific keyring.
162 specific keyring and a default user session keyring. The default session
163 keyring is initialised with a link to the user-specific keyring.
406 A new keyring can be generated by setting type "keyring", the keyring name
430 a keyring.
463 as its session keyring, displacing the old session keyring.
605 * Unlink a key or keyring from another keyring::
806 keyring.
1039 keyring.
[all …]
|
| A D | request-key.rst | 96 keyring that contains a link to auth key V.
152 A search of any particular keyring proceeds in the following fashion:
158 2) It considers all the non-keyring keys within that keyring and, if any key
164 3) It then considers all the keyring-type keys in the keyring it's currently
167 keyring.
179 1) If extant, the process's thread keyring is searched.
181 2) If extant, the process's process keyring is searched.
183 3) The process's session keyring is searched.
188 a) If extant, the calling process's thread keyring is searched.
192 c) The calling process's session keyring is searched.
[all …]
|
| /linux-6.3-rc2/security/integrity/ima/ |
| A D | ima_asymmetric_keys.c | 29 void ima_post_key_create_or_update(struct key *keyring, struct key *key, in ima_post_key_create_or_update() argument
43 queued = ima_queue_key(keyring, payload, payload_len); in ima_post_key_create_or_update()
64 keyring->description, KEY_CHECK, 0, in ima_post_key_create_or_update()
65 keyring->description, false, NULL, 0); in ima_post_key_create_or_update()
|
| A D | ima_queue_keys.c | 67 static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring, in ima_alloc_key_entry() argument
78 entry->keyring_name = kstrdup(keyring->description, in ima_alloc_key_entry()
94 keyring->description, in ima_alloc_key_entry()
104 bool ima_queue_key(struct key *keyring, const void *payload, in ima_queue_key() argument
110 entry = ima_alloc_key_entry(keyring, payload, payload_len); in ima_queue_key()
|
| /linux-6.3-rc2/scripts/ |
| A D | extract-sys-certs.pl | 21 my $keyring = $ARGV[1];
154 open FD, ">$keyring" || die $keyring;
157 die "$keyring" if (!defined($len));
158 die "Short write on $keyring\n" if ($len != $size);
159 close(FD) || die $keyring;
|
| /linux-6.3-rc2/net/dns_resolver/ |
| A D | dns_key.c | 331 struct key *keyring; in init_dns_resolver() local
344 keyring = keyring_alloc(".dns_resolver", in init_dns_resolver()
349 if (IS_ERR(keyring)) { in init_dns_resolver()
350 ret = PTR_ERR(keyring); in init_dns_resolver()
360 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_dns_resolver()
361 cred->thread_keyring = keyring; in init_dns_resolver()
365 kdebug("DNS resolver keyring: %d\n", key_serial(keyring)); in init_dns_resolver()
369 key_put(keyring); in init_dns_resolver()
|
| /linux-6.3-rc2/include/linux/ |
| A D | key.h | 389 extern key_ref_t key_create(key_ref_t keyring,
397 extern key_ref_t key_create_or_update(key_ref_t keyring,
409 extern int key_link(struct key *keyring,
417 extern int key_unlink(struct key *keyring,
427 extern int restrict_link_reject(struct key *keyring,
432 extern int keyring_clear(struct key *keyring);
434 extern key_ref_t keyring_search(key_ref_t keyring,
439 extern int keyring_add_key(struct key *keyring,
442 extern int keyring_restrict(key_ref_t keyring, const char *type,
|
| A D | key-type.h | 173 struct key *keyring,
178 struct key *keyring,
184 struct key *keyring, in key_negate_and_link() argument
187 return key_reject_and_link(key, timeout, ENOKEY, keyring, authkey); in key_negate_and_link()
|
| /linux-6.3-rc2/Documentation/crypto/ |
| A D | asymmetric-keys.rst | 338 1) Restrict using the kernel builtin trusted keyring
359 3) Restrict using a separate key or keyring
362 - "key_or_keyring:<key or keyring serial number>[:chain]"
368 serial number for a keyring.
378 # Create and populate a keyring for root certificates
379 root_id=`keyctl add keyring root-certs "" @s`
383 # Create and restrict a keyring for the certificate chain
384 chain_id=`keyctl add keyring chain "" @s`
400 # Create a keyring for the certificate chain and add the root
401 chain2_id=`keyctl add keyring chain2 "" @s`
[all …]
|
| /linux-6.3-rc2/net/rxrpc/ |
| A D | rxperf.c | 538 static int rxperf_add_key(struct key *keyring) in rxperf_add_key() argument
543 kref = key_create_or_update(make_key_ref(keyring, true), in rxperf_add_key()
557 ret = key_link(keyring, key_ref_to_ptr(kref)); in rxperf_add_key()
569 struct key *keyring; in rxperf_init() local
578 keyring = keyring_alloc("rxperf_server", in rxperf_init()
587 if (IS_ERR(keyring)) { in rxperf_init()
589 PTR_ERR(keyring)); in rxperf_init()
592 rxperf_sec_keyring = keyring; in rxperf_init()
593 ret = rxperf_add_key(keyring); in rxperf_init()
|