Linux/include/keys/system

Version: ~ [ linux-6.11-rc3 ] ~ [ linux-6.10.4 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.45 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.104 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.164 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.223 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.281 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.319 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* System keyring containing trusted public keys. 3 * 4 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #ifndef _KEYS_SYSTEM_KEYRING_H 9 #define _KEYS_SYSTEM_KEYRING_H 10 11 #include <linux/key.h> 12 13 enum blacklist_hash_type { 14 /* TBSCertificate hash */ 15 BLACKLIST_HASH_X509_TBS = 1, 16 /* Raw data hash */ 17 BLACKLIST_HASH_BINARY = 2, 18 }; 19 20 #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING 21 22 extern int restrict_link_by_builtin_trusted(struct key *keyring, 23 const struct key_type *type, 24 const union key_payload *payload, 25 struct key *restriction_key); 26 int restrict_link_by_digsig_builtin(struct key *dest_keyring, 27 const struct key_type *type, 28 const union key_payload *payload, 29 struct key *restriction_key); 30 extern __init int load_module_cert(struct key *keyring); 31 32 #else 33 #define restrict_link_by_builtin_trusted restrict_link_reject 34 #define restrict_link_by_digsig_builtin restrict_link_reject 35 36 static inline __init int load_module_cert(struct key *keyring) 37 { 38 return 0; 39 } 40 41 #endif 42 43 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING 44 extern int restrict_link_by_builtin_and_secondary_trusted( 45 struct key *keyring, 46 const struct key_type *type, 47 const union key_payload *payload, 48 struct key *restriction_key); 49 int restrict_link_by_digsig_builtin_and_secondary(struct key *keyring, 50 const struct key_type *type, 51 const union key_payload *payload, 52 struct key *restriction_key); 53 void __init add_to_secondary_keyring(const char *source, const void *data, size_t len); 54 #else 55 #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted 56 #define restrict_link_by_digsig_builtin_and_secondary restrict_link_by_digsig_builtin 57 static inline void __init add_to_secondary_keyring(const char *source, const void *data, size_t len) 58 { 59 } 60 #endif 61 62 #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING 63 extern int restrict_link_by_builtin_secondary_and_machine( 64 struct key *dest_keyring, 65 const struct key_type *type, 66 const union key_payload *payload, 67 struct key *restrict_key); 68 extern void __init set_machine_trusted_keys(struct key *keyring); 69 #else 70 #define restrict_link_by_builtin_secondary_and_machine restrict_link_by_builtin_trusted 71 static inline void __init set_machine_trusted_keys(struct key *keyring) 72 { 73 } 74 #endif 75 76 extern struct pkcs7_message *pkcs7; 77 #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING 78 extern int mark_hash_blacklisted(const u8 *hash, size_t hash_len, 79 enum blacklist_hash_type hash_type); 80 extern int is_hash_blacklisted(const u8 *hash, size_t hash_len, 81 enum blacklist_hash_type hash_type); 82 extern int is_binary_blacklisted(const u8 *hash, size_t hash_len); 83 #else 84 static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len, 85 enum blacklist_hash_type hash_type) 86 { 87 return 0; 88 } 89 90 static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len) 91 { 92 return 0; 93 } 94 #endif 95 96 #ifdef CONFIG_SYSTEM_REVOCATION_LIST 97 extern int add_key_to_revocation_list(const char *data, size_t size); 98 extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7); 99 #else 100 static inline int add_key_to_revocation_list(const char *data, size_t size) 101 { 102 return 0; 103 } 104 static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7) 105 { 106 return -ENOKEY; 107 } 108 #endif 109 110 #ifdef CONFIG_IMA_BLACKLIST_KEYRING 111 extern struct key *ima_blacklist_keyring; 112 113 static inline struct key *get_ima_blacklist_keyring(void) 114 { 115 return ima_blacklist_keyring; 116 } 117 #else 118 static inline struct key *get_ima_blacklist_keyring(void) 119 { 120 return NULL; 121 } 122 #endif /* CONFIG_IMA_BLACKLIST_KEYRING */ 123 124 #if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ 125 defined(CONFIG_SYSTEM_TRUSTED_KEYRING) 126 extern void __init set_platform_trusted_keys(struct key *keyring); 127 #else 128 static inline void set_platform_trusted_keys(struct key *keyring) 129 { 130 } 131 #endif 132 133 #endif /* _KEYS_SYSTEM_KEYRING_H */ 134

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/include/keys/system_keyring.h

TOMOYO Linux Cross Reference
Linux/include/keys/system_keyring.h