| /linux-4.4.14/security/keys/ |
| D | keyring.c | 78 static int keyring_instantiate(struct key *keyring,
80 static void keyring_revoke(struct key *keyring);
81 static void keyring_destroy(struct key *keyring);
82 static void keyring_describe(const struct key *keyring, struct seq_file *m);
83 static long keyring_read(const struct key *keyring,
109 static void keyring_publish_name(struct key *keyring) in keyring_publish_name() argument
113 if (keyring->description) { in keyring_publish_name()
114 bucket = keyring_hash(keyring->description); in keyring_publish_name()
121 list_add_tail(&keyring->name_link, in keyring_publish_name()
148 static int keyring_instantiate(struct key *keyring, in keyring_instantiate() argument
[all …]
|
| D | process_keys.c | 133 struct key *keyring; in install_thread_keyring_to_cred() local
135 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred()
138 if (IS_ERR(keyring)) in install_thread_keyring_to_cred()
139 return PTR_ERR(keyring); in install_thread_keyring_to_cred()
141 new->thread_keyring = keyring; in install_thread_keyring_to_cred()
176 struct key *keyring; in install_process_keyring_to_cred() local
181 keyring = keyring_alloc("_pid", new->uid, new->gid, new, in install_process_keyring_to_cred()
184 if (IS_ERR(keyring)) in install_process_keyring_to_cred()
185 return PTR_ERR(keyring); in install_process_keyring_to_cred()
187 new->process_keyring = keyring; in install_process_keyring_to_cred()
[all …]
|
| D | key.c | 404 struct key *keyring, in __key_instantiate_and_link() argument
411 key_check(keyring); in __key_instantiate_and_link()
432 if (keyring) in __key_instantiate_and_link()
474 struct key *keyring, in key_instantiate_and_link() argument
492 if (keyring) { in key_instantiate_and_link()
493 ret = __key_link_begin(keyring, &key->index_key, &edit); in key_instantiate_and_link()
498 ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit); in key_instantiate_and_link()
500 if (keyring) in key_instantiate_and_link()
501 __key_link_end(keyring, &key->index_key, edit); in key_instantiate_and_link()
535 struct key *keyring, in key_reject_and_link() argument
[all …]
|
| D | internal.h | 91 extern int __key_link_begin(struct key *keyring,
94 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
96 extern void __key_link_end(struct key *keyring,
103 extern struct key *keyring_search_instkey(struct key *keyring,
106 extern int iterate_over_keyring(const struct key *keyring,
167 extern void keyring_gc(struct key *keyring, time_t limit);
|
| D | request_key.c | 58 struct key *keyring = info->data; in umh_keys_init() local
60 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
68 struct key *keyring = info->data; in umh_keys_cleanup() local
69 key_put(keyring); in umh_keys_cleanup()
100 struct key *key = cons->key, *authkey = cons->authkey, *keyring, in call_sbin_request_key() local
117 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
121 if (IS_ERR(keyring)) { in call_sbin_request_key()
122 ret = PTR_ERR(keyring); in call_sbin_request_key()
127 ret = key_link(keyring, authkey); in call_sbin_request_key()
175 ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, in call_sbin_request_key()
[all …]
|
| D | Kconfig | 16 Furthermore, a special type of key is available that acts as keyring:
32 A particular keyring may be accessed by either the user whose keyring
|
| D | Makefile | 11 keyring.o \
|
| /linux-4.4.14/security/integrity/ |
| D | digsig.c | 24 static struct key *keyring[INTEGRITY_KEYRING_MAX]; variable
42 if (!keyring[id]) { in integrity_digsig_verify()
43 keyring[id] = in integrity_digsig_verify()
45 if (IS_ERR(keyring[id])) { in integrity_digsig_verify()
46 int err = PTR_ERR(keyring[id]); in integrity_digsig_verify()
48 keyring[id] = NULL; in integrity_digsig_verify()
56 return digsig_verify(keyring[id], sig + 1, siglen - 1, in integrity_digsig_verify()
59 return asymmetric_verify(keyring[id], sig, siglen, in integrity_digsig_verify()
71 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), in integrity_init_keyring()
77 if (!IS_ERR(keyring[id])) in integrity_init_keyring()
[all …]
|
| D | digsig_asymmetric.c | 26 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) in request_asymmetric_key() argument
35 if (keyring) { in request_asymmetric_key()
38 kref = keyring_search(make_key_ref(keyring, 1), in request_asymmetric_key()
67 int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
86 key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid)); in asymmetric_verify()
|
| D | integrity.h | 156 int asymmetric_verify(struct key *keyring, const char *sig,
159 static inline int asymmetric_verify(struct key *keyring, const char *sig, in asymmetric_verify() argument
|
| D | Kconfig | 28 to "lock" certain keyring to prevent adding new keys.
|
| /linux-4.4.14/Documentation/ |
| D | digsig.txt | 55 * @keyring: keyring to search key in
67 int digsig_verify(struct key *keyring, const char *sig, int siglen,
73 to generate signatures, to load keys into the kernel keyring.
75 When the key is added to the kernel keyring, the keyid defines the name
82 -3 --alswrv 0 0 keyring: _ses
83 603976250 --alswrv 0 -1 \_ keyring: _uid.0
86 170323636 --alswrv 0 0 \_ keyring: _module
87 548221616 --alswrv 0 0 \_ keyring: _ima
88 128198054 --alswrv 0 0 \_ keyring: _evm
91 1 key in keyring:
|
| D | module-signing.txt | 108 (5) "Additional X.509 keys for default system keyring" (CONFIG_SYSTEM_TRUSTED_KEYS)
111 additional certificates which will be included in the system keyring by
177 in a keyring called ".system_keyring" that can be seen by:
181 223c7853 I------ 1 perm 1f030000 0 0 keyring .system_keyring: 1
|
| D | kernel-parameters.txt | 578 the system trusted keyring to be used for certificate
|
| /linux-4.4.14/Documentation/security/ |
| D | keys-request-key.txt | 47 does not need to link the key to a keyring to prevent it from being immediately
60 The userspace interface links the key to a keyring associated with the process
94 keyring that contains a link to auth key V.
102 Kerberos TGT key). It just requests the appropriate key, and the keyring
103 search notes that the session keyring has auth key V in its bottom level.
152 A search of any particular keyring proceeds in the following fashion:
155 firstly calls key_permission(SEARCH) on the keyring it's starting with,
158 (2) It considers all the non-keyring keys within that keyring and, if any key
164 (3) It then considers all the keyring-type keys in the keyring it's currently
165 searching. It calls key_permission(SEARCH) on each keyring, and if this
[all …]
|
| D | keys.txt | 10 other keys. Processes each have three standard keyring subscriptions that a
79 actual "key". In the case of a keyring, this is a list of keys to which
80 the keyring links; in the case of a user-defined key, it's an arbitrary
128 (+) "keyring"
152 (*) Each process subscribes to three keyrings: a thread-specific keyring, a
153 process-specific keyring, and a session-specific keyring.
155 The thread-specific keyring is discarded from the child when any sort of
156 clone, fork, vfork or execve occurs. A new keyring is created only when
159 The process-specific keyring is replaced with an empty one in the child on
161 shared. execve also discards the process's process keyring and creates a
[all …]
|
| D | keys-trusted-encrypted.txt | 79 -3 --alswrv 500 500 keyring: _ses
80 97833714 --alswrv 500 -1 \_ keyring: _uid.500
|
| D | keys-ecryptfs.txt | 16 kernel key of the 'user' type, inserted in the user's session specific keyring
|
| D | credentials.txt | 213 Per-process keyring
214 Per-session keyring
321 (2) Whilst the keyring subscriptions of a set of credentials may not be
|
| /linux-4.4.14/scripts/ |
| D | extract-sys-certs.pl | 19 my $keyring = $ARGV[1];
139 open FD, ">$keyring" || die $keyring;
142 die "$keyring" if (!defined($len));
143 die "Short write on $keyring\n" if ($len != $size);
144 close(FD) || die $keyring;
|
| /linux-4.4.14/certs/ |
| D | Kconfig | 21 Provide a system keyring to which trusted keys can be added. Keys in
22 the keyring are considered to be trusted. Keys may be added at will
25 keys already in the keyring.
27 Keys in this keyring are used by module signature checking.
30 string "Additional X.509 keys for default system keyring"
35 system keyring. Any certificate used for module signing is implicitly
38 NOTE: If you previously provided keys for the system keyring in the
|
| /linux-4.4.14/net/dns_resolver/ |
| D | dns_key.c | 267 struct key *keyring; in init_dns_resolver() local
280 keyring = keyring_alloc(".dns_resolver", in init_dns_resolver()
285 if (IS_ERR(keyring)) { in init_dns_resolver()
286 ret = PTR_ERR(keyring); in init_dns_resolver()
296 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_dns_resolver()
297 cred->thread_keyring = keyring; in init_dns_resolver()
301 kdebug("DNS resolver keyring: %d\n", key_serial(keyring)); in init_dns_resolver()
305 key_put(keyring); in init_dns_resolver()
|
| /linux-4.4.14/include/linux/ |
| D | key-type.h | 165 struct key *keyring,
170 struct key *keyring,
176 struct key *keyring, in key_negate_and_link() argument
179 return key_reject_and_link(key, timeout, ENOKEY, keyring, instkey); in key_negate_and_link()
|
| D | key.h | 267 extern key_ref_t key_create_or_update(key_ref_t keyring,
279 extern int key_link(struct key *keyring,
282 extern int key_unlink(struct key *keyring,
291 extern int keyring_clear(struct key *keyring);
293 extern key_ref_t keyring_search(key_ref_t keyring,
297 extern int keyring_add_key(struct key *keyring,
|
| D | digsig.h | 51 int digsig_verify(struct key *keyring, const char *sig, int siglen,
56 static inline int digsig_verify(struct key *keyring, const char *sig, in digsig_verify() argument
|
| /linux-4.4.14/security/integrity/ima/ |
| D | Kconfig | 126 bool "Require all keys on the .ima keyring be signed"
132 keyring be signed by a key on the system trusted keyring.
135 bool "Load X509 certificate onto the '.ima' trusted keyring"
140 loaded on the .ima trusted keyring. These public keys are
142 .system keyring. This option enables X509 certificate
143 loading from the kernel onto the '.ima' trusted keyring.
|
| /linux-4.4.14/lib/ |
| D | digsig.c | 190 int digsig_verify(struct key *keyring, const char *sig, int siglen, in digsig_verify() argument
208 if (keyring) { in digsig_verify()
211 kref = keyring_search(make_key_ref(keyring, 1UL), in digsig_verify()
|
| /linux-4.4.14/Documentation/ABI/testing/ |
| D | evm | 12 The key is loaded onto the root's keyring using keyctl. Until
14 loaded onto the keyring (echo 1 > <securityfs>/evm), EVM
|
| /linux-4.4.14/fs/nfs/ |
| D | nfs4idmap.c | 190 struct key *keyring; in nfs_idmap_init() local
200 keyring = keyring_alloc(".id_resolver", in nfs_idmap_init()
205 if (IS_ERR(keyring)) { in nfs_idmap_init()
206 ret = PTR_ERR(keyring); in nfs_idmap_init()
218 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in nfs_idmap_init()
219 cred->thread_keyring = keyring; in nfs_idmap_init()
227 key_put(keyring); in nfs_idmap_init()
|
| /linux-4.4.14/fs/cifs/ |
| D | cifsacl.c | 343 struct key *keyring; in init_cifs_idmap() local
359 keyring = keyring_alloc(".cifs_idmap", in init_cifs_idmap()
364 if (IS_ERR(keyring)) { in init_cifs_idmap()
365 ret = PTR_ERR(keyring); in init_cifs_idmap()
375 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_cifs_idmap()
376 cred->thread_keyring = keyring; in init_cifs_idmap()
380 cifs_dbg(FYI, "cifs idmap keyring: %d\n", key_serial(keyring)); in init_cifs_idmap()
384 key_put(keyring); in init_cifs_idmap()
|
| /linux-4.4.14/Documentation/filesystems/ |
| D | ecryptfs.txt | 22 - David Howells' userspace keyring headers and libraries (version
55 the user session keyring:
|
| D | afs.txt | 199 -3 --alswrv 0 0 keyring: _ses.3268
200 2 --alswrv 0 0 \_ keyring: _uid.0
|
| /linux-4.4.14/include/crypto/ |
| D | public_key.h | 117 extern struct key *x509_request_asymmetric_key(struct key *keyring,
|
| /linux-4.4.14/crypto/asymmetric_keys/ |
| D | x509_public_key.c | 77 struct key *x509_request_asymmetric_key(struct key *keyring, in x509_request_asymmetric_key() argument
114 ref = keyring_search(make_key_ref(keyring, 1), in x509_request_asymmetric_key()
|
| /linux-4.4.14/Documentation/networking/ |
| D | rxrpc.txt | 272 (*) The server application has to provide the server socket with a keyring of
275 in the keyring and then sends a challenge packet to the client and
408 Similar to above but specifies a keyring of server secret keys to use (key
409 type "keyring"). See the "Security" section.
472 add_key("rxrpc_s", "52:2", secret_key, 8, keyring);
474 A keyring is passed to the server socket by naming it in a sockopt. The server
475 socket then looks the server secret keys up in this keyring when secure
576 (2) Security is set up if desired by giving the socket a keyring with server
579 keyring = add_key("keyring", "AFSkeys", NULL, 0,
584 add_key("rxrpc_s", "52:2", secret_key, 8, keyring);
[all …]
|
| D | dns_resolver.txt | 105 The kernel maintains an internal keyring in which it caches looked up keys.
107 the use of KEYCTL_KEYRING_CLEAR on the keyring ID.
|
| /linux-4.4.14/Documentation/filesystems/caching/ |
| D | fscache.txt | 383 The data shown may be filtered by attaching the a key to an appropriate keyring
|
| /linux-4.4.14/init/ |
| D | Kconfig | 1794 trusted keyring to provide public keys. This then can be used for
|