diff options
author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2016-10-04 16:42:45 -0700 |
---|---|---|
committer | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-04-04 14:10:13 -0700 |
commit | 8e323a02e866014091180443ccb186fee1e3d30d (patch) | |
tree | bb473a491f791be1c0f9c42b66c4b700ff151d74 /include/crypto | |
parent | 7e3c4d22083f6e7316c5229b6197ca2d5335aa35 (diff) |
KEYS: Keyring asymmetric key restrict method with chaining
Add a restrict_link_by_key_or_keyring_chain link restriction that
searches for signing keys in the destination keyring in addition to the
signing key or keyring designated when the destination keyring was
created. Userspace enables this behavior by including the "chain" option
in the keyring restriction:
keyctl(KEYCTL_RESTRICT_KEYRING, keyring, "asymmetric",
"key_or_keyring:<signing key>:chain");
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'include/crypto')
-rw-r--r-- | include/crypto/public_key.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index bb6a884352a5..e0b681a717ba 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -60,6 +60,11 @@ extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, const union key_payload *payload, struct key *trusted); +extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, + const struct key_type *type, + const union key_payload *payload, + struct key *trusted); + extern int verify_signature(const struct key *key, const struct public_key_signature *sig); |