restrict.c - OpenGrok cross reference for /kernel/linux/linux-6.6/crypto/asymmetric

Lines Matching defs:key
2 /* Instantiate a public key crypto key from an X.509 Certificate
43 			ca_keyid = p;	/* owner key 'id:xxxxxx' */
56  * @type: The type of key being added.
57  * @payload: The payload of the new key.
61  * those is the signing key and validates the new certificate, then mark the
66  * signature check fails or the key is blacklisted, -ENOPKG if the signature
70 int restrict_link_by_signature(struct key *dest_keyring,
73 			       struct key *trust_keyring)
76 	struct key *key;
96 	/* See if we have a key that signed this one. */
97 	key = find_asymmetric_key(trust_keyring,
100 	if (IS_ERR(key))
103 	if (use_builtin_keys && !test_bit(KEY_FLAG_BUILTIN, &key->flags))
106 		ret = verify_signature(key, sig);
107 	key_put(key);
114  * @type: The type of key being added.
115  * @payload: The payload of the new key.
126 int restrict_link_by_ca(struct key *dest_keyring,
129 			struct key *trust_keyring)
154  * @type: The type of key being added.
155  * @payload: The payload of the new key.
167 int restrict_link_by_digsig(struct key *dest_keyring,
170 			    struct key *trust_keyring)
202 static int key_or_keyring_common(struct key *dest_keyring,
205 				 struct key *trusted, bool check_dest)
208 	struct key *key = NULL;
232 			/* See if we have a key that signed this one. */
233 			key = find_asymmetric_key(trusted, sig->auth_ids[0],
236 			if (IS_ERR(key))
237 				key = NULL;
245 			 * The auth_ids come from the candidate key (the
247 			 * dest_keyring) and identify the key that was
251 			 * signing key specified for dest_keyring.
266 					key = __key_get(trusted);
273 					key = __key_get(trusted);
279 				key = __key_get(trusted);
286 	if (check_dest && !key) {
287 		/* See if the destination has a key that signed this one. */
288 		key = find_asymmetric_key(dest_keyring, sig->auth_ids[0],
291 		if (IS_ERR(key))
292 			key = NULL;
295 	if (!key)
298 	ret = key_validate(key);
300 		ret = verify_signature(key, sig);
302 	key_put(key);
310  * @type: The type of key being added.
311  * @payload: The payload of the new key.
312  * @trusted: A key or ring of keys that can be used to vouch for the new cert.
314  * Check the new certificate only against the key or keys passed in the data
315  * parameter. If one of those is the signing key and validates the new
324 int restrict_link_by_key_or_keyring(struct key *dest_keyring,
327 				    struct key *trusted)
337  * @type: The type of key being added.
338  * @payload: The payload of the new key.
339  * @trusted: A key or ring of keys that can be used to vouch for the new cert.
341  * Check the new certificate against the key or keys passed in the data
343  * one of those is the signing key and validates the new certificate, then mark
352 int restrict_link_by_key_or_keyring_chain(struct key *dest_keyring,
355 					  struct key *trusted)