| /linux-4.1.27/security/keys/ |
| D | keyring.c | 78 static int keyring_instantiate(struct key *keyring,
80 static void keyring_revoke(struct key *keyring);
81 static void keyring_destroy(struct key *keyring);
82 static void keyring_describe(const struct key *keyring, struct seq_file *m);
83 static long keyring_read(const struct key *keyring,
109 static void keyring_publish_name(struct key *keyring) in keyring_publish_name() argument
113 if (keyring->description) { in keyring_publish_name()
114 bucket = keyring_hash(keyring->description); in keyring_publish_name()
121 list_add_tail(&keyring->type_data.link, in keyring_publish_name()
148 static int keyring_instantiate(struct key *keyring, in keyring_instantiate() argument
[all …]
|
| D | process_keys.c | 133 struct key *keyring; in install_thread_keyring_to_cred() local
135 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred()
138 if (IS_ERR(keyring)) in install_thread_keyring_to_cred()
139 return PTR_ERR(keyring); in install_thread_keyring_to_cred()
141 new->thread_keyring = keyring; in install_thread_keyring_to_cred()
176 struct key *keyring; in install_process_keyring_to_cred() local
181 keyring = keyring_alloc("_pid", new->uid, new->gid, new, in install_process_keyring_to_cred()
184 if (IS_ERR(keyring)) in install_process_keyring_to_cred()
185 return PTR_ERR(keyring); in install_process_keyring_to_cred()
187 new->process_keyring = keyring; in install_process_keyring_to_cred()
[all …]
|
| D | key.c | 404 struct key *keyring, in __key_instantiate_and_link() argument
411 key_check(keyring); in __key_instantiate_and_link()
432 if (keyring) in __key_instantiate_and_link()
474 struct key *keyring, in key_instantiate_and_link() argument
492 if (keyring) { in key_instantiate_and_link()
493 ret = __key_link_begin(keyring, &key->index_key, &edit); in key_instantiate_and_link()
498 ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit); in key_instantiate_and_link()
500 if (keyring) in key_instantiate_and_link()
501 __key_link_end(keyring, &key->index_key, edit); in key_instantiate_and_link()
535 struct key *keyring, in key_reject_and_link() argument
[all …]
|
| D | internal.h | 91 extern int __key_link_begin(struct key *keyring,
94 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
96 extern void __key_link_end(struct key *keyring,
103 extern struct key *keyring_search_instkey(struct key *keyring,
106 extern int iterate_over_keyring(const struct key *keyring,
167 extern void keyring_gc(struct key *keyring, time_t limit);
|
| D | request_key.c | 58 struct key *keyring = info->data; in umh_keys_init() local
60 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
68 struct key *keyring = info->data; in umh_keys_cleanup() local
69 key_put(keyring); in umh_keys_cleanup()
100 struct key *key = cons->key, *authkey = cons->authkey, *keyring, in call_sbin_request_key() local
117 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
121 if (IS_ERR(keyring)) { in call_sbin_request_key()
122 ret = PTR_ERR(keyring); in call_sbin_request_key()
127 ret = key_link(keyring, authkey); in call_sbin_request_key()
175 ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, in call_sbin_request_key()
[all …]
|
| D | Kconfig | 16 Furthermore, a special type of key is available that acts as keyring:
32 A particular keyring may be accessed by either the user whose keyring
|
| D | Makefile | 11 keyring.o \
|
| /linux-4.1.27/security/integrity/ |
| D | digsig.c | 24 static struct key *keyring[INTEGRITY_KEYRING_MAX]; variable
42 if (!keyring[id]) { in integrity_digsig_verify()
43 keyring[id] = in integrity_digsig_verify()
45 if (IS_ERR(keyring[id])) { in integrity_digsig_verify()
46 int err = PTR_ERR(keyring[id]); in integrity_digsig_verify()
48 keyring[id] = NULL; in integrity_digsig_verify()
56 return digsig_verify(keyring[id], sig + 1, siglen - 1, in integrity_digsig_verify()
59 return asymmetric_verify(keyring[id], sig, siglen, in integrity_digsig_verify()
71 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), in integrity_init_keyring()
77 if (!IS_ERR(keyring[id])) in integrity_init_keyring()
[all …]
|
| D | digsig_asymmetric.c | 26 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument
35 if (keyring) { in request_asymmetric_key()
38 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key()
67 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
86 key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid)); in asymmetric_verify()
|
| D | integrity.h | 156 int asymmetric_verify(struct key *keyring, const char *sig,
159 static inline int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
|
| D | Kconfig | 28 to "lock" certain keyring to prevent adding new keys.
|
| /linux-4.1.27/Documentation/ |
| D | digsig.txt | 55 * @keyring: keyring to search key in
67 int digsig_verify(struct key *keyring, const char *sig, int siglen,
73 to generate signatures, to load keys into the kernel keyring.
75 When the key is added to the kernel keyring, the keyid defines the name
82 -3 --alswrv 0 0 keyring: _ses
83 603976250 --alswrv 0 -1 \_ keyring: _uid.0
86 170323636 --alswrv 0 0 \_ keyring: _module
87 548221616 --alswrv 0 0 \_ keyring: _ima
88 128198054 --alswrv 0 0 \_ keyring: _evm
91 1 key in keyring:
|
| D | module-signing.txt | 147 in a keyring called ".system_keyring" that can be seen by:
151 223c7853 I------ 1 perm 1f030000 0 0 keyring .system_keyring: 1
158 and will be added to the keyring.
|
| D | kernel-parameters.txt | 571 the system trusted keyring to be used for certificate
|
| /linux-4.1.27/Documentation/security/ |
| D | keys-request-key.txt | 47 does not need to link the key to a keyring to prevent it from being immediately
60 The userspace interface links the key to a keyring associated with the process
94 keyring that contains a link to auth key V.
102 Kerberos TGT key). It just requests the appropriate key, and the keyring
103 search notes that the session keyring has auth key V in its bottom level.
152 A search of any particular keyring proceeds in the following fashion:
155 firstly calls key_permission(SEARCH) on the keyring it's starting with,
158 (2) It considers all the non-keyring keys within that keyring and, if any key
164 (3) It then considers all the keyring-type keys in the keyring it's currently
165 searching. It calls key_permission(SEARCH) on each keyring, and if this
[all …]
|
| D | keys.txt | 10 other keys. Processes each have three standard keyring subscriptions that a
79 actual "key". In the case of a keyring, this is a list of keys to which
80 the keyring links; in the case of a user-defined key, it's an arbitrary
128 (+) "keyring"
152 (*) Each process subscribes to three keyrings: a thread-specific keyring, a
153 process-specific keyring, and a session-specific keyring.
155 The thread-specific keyring is discarded from the child when any sort of
156 clone, fork, vfork or execve occurs. A new keyring is created only when
159 The process-specific keyring is replaced with an empty one in the child on
161 shared. execve also discards the process's process keyring and creates a
[all …]
|
| D | keys-trusted-encrypted.txt | 79 -3 --alswrv 500 500 keyring: _ses
80 97833714 --alswrv 500 -1 \_ keyring: _uid.500
|
| D | keys-ecryptfs.txt | 16 kernel key of the 'user' type, inserted in the user's session specific keyring
|
| D | credentials.txt | 213 Per-process keyring
214 Per-session keyring
321 (2) Whilst the keyring subscriptions of a set of credentials may not be
|
| /linux-4.1.27/fs/cifs/ |
| D | cifs_spnego.c | 191 struct key *keyring; in init_cifs_spnego() local
206 keyring = keyring_alloc(".cifs_spnego", in init_cifs_spnego()
211 if (IS_ERR(keyring)) { in init_cifs_spnego()
212 ret = PTR_ERR(keyring); in init_cifs_spnego()
224 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_cifs_spnego()
225 cred->thread_keyring = keyring; in init_cifs_spnego()
229 cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring)); in init_cifs_spnego()
233 key_put(keyring); in init_cifs_spnego()
|
| D | cifsacl.c | 344 struct key *keyring; in init_cifs_idmap() local
360 keyring = keyring_alloc(".cifs_idmap", in init_cifs_idmap()
365 if (IS_ERR(keyring)) { in init_cifs_idmap()
366 ret = PTR_ERR(keyring); in init_cifs_idmap()
376 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_cifs_idmap()
377 cred->thread_keyring = keyring; in init_cifs_idmap()
381 cifs_dbg(FYI, "cifs idmap keyring: %d\n", key_serial(keyring)); in init_cifs_idmap()
385 key_put(keyring); in init_cifs_idmap()
|
| /linux-4.1.27/net/dns_resolver/ |
| D | dns_key.c | 265 struct key *keyring; in init_dns_resolver() local
278 keyring = keyring_alloc(".dns_resolver", in init_dns_resolver()
283 if (IS_ERR(keyring)) { in init_dns_resolver()
284 ret = PTR_ERR(keyring); in init_dns_resolver()
294 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_dns_resolver()
295 cred->thread_keyring = keyring; in init_dns_resolver()
299 kdebug("DNS resolver keyring: %d\n", key_serial(keyring)); in init_dns_resolver()
303 key_put(keyring); in init_dns_resolver()
|
| /linux-4.1.27/include/linux/ |
| D | key-type.h | 166 struct key *keyring,
171 struct key *keyring,
177 struct key *keyring, in key_negate_and_link() argument
180 return key_reject_and_link(key, timeout, ENOKEY, keyring, instkey); in key_negate_and_link()
|
| D | key.h | 272 extern key_ref_t key_create_or_update(key_ref_t keyring,
284 extern int key_link(struct key *keyring,
287 extern int key_unlink(struct key *keyring,
296 extern int keyring_clear(struct key *keyring);
298 extern key_ref_t keyring_search(key_ref_t keyring,
302 extern int keyring_add_key(struct key *keyring,
|
| D | digsig.h | 51 int digsig_verify(struct key *keyring, const char *sig, int siglen,
56 static inline int digsig_verify(struct key *keyring, const char *sig, in digsig_verify() argument
|
| /linux-4.1.27/security/integrity/ima/ |
| D | Kconfig | 126 bool "Require all keys on the .ima keyring be signed"
132 keyring be signed by a key on the system trusted keyring.
135 bool "Load X509 certificate onto the '.ima' trusted keyring"
140 loaded on the .ima trusted keyring. These public keys are
142 .system keyring. This option enables X509 certificate
143 loading from the kernel onto the '.ima' trusted keyring.
|
| /linux-4.1.27/lib/ |
| D | digsig.c | 189 int digsig_verify(struct key *keyring, const char *sig, int siglen, in digsig_verify() argument
207 if (keyring) { in digsig_verify()
210 kref = keyring_search(make_key_ref(keyring, 1UL), in digsig_verify()
|
| /linux-4.1.27/Documentation/ABI/testing/ |
| D | evm | 12 The key is loaded onto the root's keyring using keyctl. Until
14 loaded onto the keyring (echo 1 > <securityfs>/evm), EVM
|
| /linux-4.1.27/fs/nfs/ |
| D | nfs4idmap.c | 190 struct key *keyring; in nfs_idmap_init_keyring() local
200 keyring = keyring_alloc(".id_resolver", in nfs_idmap_init_keyring()
205 if (IS_ERR(keyring)) { in nfs_idmap_init_keyring()
206 ret = PTR_ERR(keyring); in nfs_idmap_init_keyring()
218 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in nfs_idmap_init_keyring()
219 cred->thread_keyring = keyring; in nfs_idmap_init_keyring()
227 key_put(keyring); in nfs_idmap_init_keyring()
|
| /linux-4.1.27/Documentation/filesystems/ |
| D | ecryptfs.txt | 22 - David Howells' userspace keyring headers and libraries (version
55 the user session keyring:
|
| D | afs.txt | 199 -3 --alswrv 0 0 keyring: _ses.3268
200 2 --alswrv 0 0 \_ keyring: _uid.0
|
| /linux-4.1.27/include/crypto/ |
| D | public_key.h | 103 extern struct key *x509_request_asymmetric_key(struct key *keyring,
|
| /linux-4.1.27/crypto/asymmetric_keys/ |
| D | x509_public_key.c | 75 struct key *x509_request_asymmetric_key(struct key *keyring, in x509_request_asymmetric_key() argument
100 key = keyring_search(make_key_ref(keyring, 1), in x509_request_asymmetric_key()
|
| /linux-4.1.27/Documentation/networking/ |
| D | rxrpc.txt | 272 (*) The server application has to provide the server socket with a keyring of
275 in the keyring and then sends a challenge packet to the client and
408 Similar to above but specifies a keyring of server secret keys to use (key
409 type "keyring"). See the "Security" section.
472 add_key("rxrpc_s", "52:2", secret_key, 8, keyring);
474 A keyring is passed to the server socket by naming it in a sockopt. The server
475 socket then looks the server secret keys up in this keyring when secure
576 (2) Security is set up if desired by giving the socket a keyring with server
579 keyring = add_key("keyring", "AFSkeys", NULL, 0,
584 add_key("rxrpc_s", "52:2", secret_key, 8, keyring);
[all …]
|
| D | dns_resolver.txt | 105 The kernel maintains an internal keyring in which it caches looked up keys.
107 the use of KEYCTL_KEYRING_CLEAR on the keyring ID.
|
| /linux-4.1.27/init/ |
| D | Kconfig | 1753 Provide a system keyring to which trusted keys can be added. Keys in
1754 the keyring are considered to be trusted. Keys may be added at will
1757 keys already in the keyring.
1759 Keys in this keyring are used by module signature checking.
|
| /linux-4.1.27/Documentation/filesystems/caching/ |
| D | fscache.txt | 378 The data shown may be filtered by attaching the a key to an appropriate keyring
|