restrict.c - OpenGrok cross reference for /kernel/linux/linux-5.10/crypto/asymmetric

Lines Matching defs:key
2 /* Instantiate a public key crypto key from an X.509 Certificate
43 			ca_keyid = p;	/* owner key 'id:xxxxxx' */
56  * @type: The type of key being added.
57  * @payload: The payload of the new key.
61  * those is the signing key and validates the new certificate, then mark the
66  * signature check fails or the key is blacklisted, -ENOPKG if the signature
70 int restrict_link_by_signature(struct key *dest_keyring,
73 			       struct key *trust_keyring)
76 	struct key *key;
96 	/* See if we have a key that signed this one. */
97 	key = find_asymmetric_key(trust_keyring,
100 	if (IS_ERR(key))
103 	if (use_builtin_keys && !test_bit(KEY_FLAG_BUILTIN, &key->flags))
106 		ret = verify_signature(key, sig);
107 	key_put(key);
118 static int key_or_keyring_common(struct key *dest_keyring,
121 				 struct key *trusted, bool check_dest)
124 	struct key *key = NULL;
148 			/* See if we have a key that signed this one. */
149 			key = find_asymmetric_key(trusted, sig->auth_ids[0],
151 			if (IS_ERR(key))
152 				key = NULL;
159 			 * The auth_ids come from the candidate key (the
161 			 * dest_keyring) and identify the key that was
165 			 * signing key specified for dest_keyring.
180 					key = __key_get(trusted);
186 				key = __key_get(trusted);
193 	if (check_dest && !key) {
194 		/* See if the destination has a key that signed this one. */
195 		key = find_asymmetric_key(dest_keyring, sig->auth_ids[0],
197 		if (IS_ERR(key))
198 			key = NULL;
201 	if (!key)
204 	ret = key_validate(key);
206 		ret = verify_signature(key, sig);
208 	key_put(key);
216  * @type: The type of key being added.
217  * @payload: The payload of the new key.
218  * @trusted: A key or ring of keys that can be used to vouch for the new cert.
220  * Check the new certificate only against the key or keys passed in the data
221  * parameter. If one of those is the signing key and validates the new
230 int restrict_link_by_key_or_keyring(struct key *dest_keyring,
233 				    struct key *trusted)
243  * @type: The type of key being added.
244  * @payload: The payload of the new key.
245  * @trusted: A key or ring of keys that can be used to vouch for the new cert.
247  * Check the new certificate only against the key or keys passed in the data
248  * parameter. If one of those is the signing key and validates the new
257 int restrict_link_by_key_or_keyring_chain(struct key *dest_keyring,
260 					  struct key *trusted)