summaryrefslogtreecommitdiffstats
path: root/include/crypto
diff options
context:
space:
mode:
authorEric Snowberg <eric.snowberg@oracle.com>2023-05-23 01:09:42 +0200
committerJarkko Sakkinen <jarkko@kernel.org>2023-08-17 22:12:20 +0200
commit4cfb908054456ad8b6b8cd5108bbdf80faade8cd (patch)
treebd4046f55cb525db633927638a605ce51e813606 /include/crypto
parenttpm_tis: Revert "tpm_tis: Disable interrupts on ThinkPad T490s" (diff)
downloadlinux-4cfb908054456ad8b6b8cd5108bbdf80faade8cd.tar.xz
linux-4cfb908054456ad8b6b8cd5108bbdf80faade8cd.zip
KEYS: DigitalSignature link restriction
Add a new link restriction. Restrict the addition of keys in a keyring based on the key having digitalSignature usage set. Additionally, verify the new certificate against the ones in the system keyrings. Add two additional functions to use the new restriction within either the builtin or secondary keyrings. [jarkko@kernel.org: Fix checkpatch.pl --strict issues] Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'include/crypto')
-rw-r--r--include/crypto/public_key.h12
1 files changed, 12 insertions, 0 deletions
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 8fadd561c50e..462f8a34cdf8 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -78,6 +78,10 @@ extern int restrict_link_by_ca(struct key *dest_keyring,
const struct key_type *type,
const union key_payload *payload,
struct key *trust_keyring);
+int restrict_link_by_digsig(struct key *dest_keyring,
+ const struct key_type *type,
+ const union key_payload *payload,
+ struct key *trust_keyring);
#else
static inline int restrict_link_by_ca(struct key *dest_keyring,
const struct key_type *type,
@@ -86,6 +90,14 @@ static inline int restrict_link_by_ca(struct key *dest_keyring,
{
return 0;
}
+
+static inline int restrict_link_by_digsig(struct key *dest_keyring,
+ const struct key_type *type,
+ const union key_payload *payload,
+ struct key *trust_keyring)
+{
+ return 0;
+}
#endif
extern int query_asymmetric_key(const struct kernel_pkey_params *,