summaryrefslogtreecommitdiff
path: root/include/crypto
diff options
context:
space:
mode:
authorMat Martineau <mathew.j.martineau@linux.intel.com>2016-10-04 16:42:45 -0700
committerMat Martineau <mathew.j.martineau@linux.intel.com>2017-04-04 14:10:13 -0700
commit8e323a02e866014091180443ccb186fee1e3d30d (patch)
treebb473a491f791be1c0f9c42b66c4b700ff151d74 /include/crypto
parent7e3c4d22083f6e7316c5229b6197ca2d5335aa35 (diff)
downloadlwn-8e323a02e866014091180443ccb186fee1e3d30d.tar.gz
lwn-8e323a02e866014091180443ccb186fee1e3d30d.zip
KEYS: Keyring asymmetric key restrict method with chaining
Add a restrict_link_by_key_or_keyring_chain link restriction that searches for signing keys in the destination keyring in addition to the signing key or keyring designated when the destination keyring was created. Userspace enables this behavior by including the "chain" option in the keyring restriction: keyctl(KEYCTL_RESTRICT_KEYRING, keyring, "asymmetric", "key_or_keyring:<signing key>:chain"); Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'include/crypto')
-rw-r--r--include/crypto/public_key.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index bb6a884352a5..e0b681a717ba 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -60,6 +60,11 @@ extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
const union key_payload *payload,
struct key *trusted);
+extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
+ const struct key_type *type,
+ const union key_payload *payload,
+ struct key *trusted);
+
extern int verify_signature(const struct key *key,
const struct public_key_signature *sig);