linux/crypto/asymmetric_keys
Mat Martineau 8e323a02e8 KEYS: Keyring asymmetric key restrict method with chaining
Add a restrict_link_by_key_or_keyring_chain link restriction that
searches for signing keys in the destination keyring in addition to the
signing key or keyring designated when the destination keyring was
created. Userspace enables this behavior by including the "chain" option
in the keyring restriction:

  keyctl(KEYCTL_RESTRICT_KEYRING, keyring, "asymmetric",
         "key_or_keyring:<signing key>:chain");

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
2017-04-04 14:10:13 -07:00
..
.gitignore X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
Kconfig Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-05-30 15:20:18 -07:00
Makefile X.509: Move the trust validation code out to its own file 2016-04-11 22:42:55 +01:00
asymmetric_keys.h KEYS: Generalise x509_request_asymmetric_key() 2016-04-11 22:41:56 +01:00
asymmetric_type.c KEYS: Keyring asymmetric key restrict method with chaining 2017-04-04 14:10:13 -07:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
mscode_parser.c pefile: Fix the failure of calculation for digest 2016-07-18 12:19:46 +10:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs7_key_type.c KEYS: The PKCS#7 test key type should use the secondary keyring 2016-05-11 14:31:55 +01:00
pkcs7_parser.c KEYS: Generalise system_verify_data() to provide access to internal content 2016-04-06 16:14:24 +01:00
pkcs7_parser.h PKCS#7: Handle blacklisted certificates 2017-04-03 16:07:25 +01:00
pkcs7_trust.c KEYS: Generalise x509_request_asymmetric_key() 2016-04-11 22:41:56 +01:00
pkcs7_verify.c PKCS#7: Handle blacklisted certificates 2017-04-03 16:07:25 +01:00
public_key.c crypto: asymmetric_keys - set error code on failure 2016-12-14 18:33:13 +08:00
restrict.c KEYS: Keyring asymmetric key restrict method with chaining 2017-04-04 14:10:13 -07:00
signature.c KEYS: Add identifier pointers to public_key_signature struct 2016-04-06 16:13:33 +01:00
verify_pefile.c PKCS#7: Make trust determination dependent on contents of trust keyring 2016-04-06 16:14:24 +01:00
verify_pefile.h KEYS: Generalise system_verify_data() to provide access to internal content 2016-04-06 16:14:24 +01:00
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c X.509: Fix double free in x509_cert_parse() [ver #3] 2016-11-25 12:57:48 +11:00
x509_parser.h X.509: Allow X.509 certs to be blacklisted 2017-04-03 16:07:25 +01:00
x509_public_key.c X.509: Allow X.509 certs to be blacklisted 2017-04-03 16:07:25 +01:00