tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / keys / system_keyring.h
at v5.13 97 lines 2.5 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* System keyring containing trusted public keys. 3 * 4 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#ifndef _KEYS_SYSTEM_KEYRING_H 9#define _KEYS_SYSTEM_KEYRING_H 10 11#include <linux/key.h> 12 13#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING 14 15extern int restrict_link_by_builtin_trusted(struct key *keyring, 16 const struct key_type *type, 17 const union key_payload *payload, 18 struct key *restriction_key); 19extern __init int load_module_cert(struct key *keyring); 20 21#else 22#define restrict_link_by_builtin_trusted restrict_link_reject 23 24static inline __init int load_module_cert(struct key *keyring) 25{ 26 return 0; 27} 28 29#endif 30 31#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING 32extern int restrict_link_by_builtin_and_secondary_trusted( 33 struct key *keyring, 34 const struct key_type *type, 35 const union key_payload *payload, 36 struct key *restriction_key); 37#else 38#define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted 39#endif 40 41extern struct pkcs7_message *pkcs7; 42#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING 43extern int mark_hash_blacklisted(const char *hash); 44extern int is_hash_blacklisted(const u8 *hash, size_t hash_len, 45 const char *type); 46extern int is_binary_blacklisted(const u8 *hash, size_t hash_len); 47#else 48static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len, 49 const char *type) 50{ 51 return 0; 52} 53 54static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len) 55{ 56 return 0; 57} 58#endif 59 60#ifdef CONFIG_SYSTEM_REVOCATION_LIST 61extern int add_key_to_revocation_list(const char *data, size_t size); 62extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7); 63#else 64static inline int add_key_to_revocation_list(const char *data, size_t size) 65{ 66 return 0; 67} 68static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7) 69{ 70 return -ENOKEY; 71} 72#endif 73 74#ifdef CONFIG_IMA_BLACKLIST_KEYRING 75extern struct key *ima_blacklist_keyring; 76 77static inline struct key *get_ima_blacklist_keyring(void) 78{ 79 return ima_blacklist_keyring; 80} 81#else 82static inline struct key *get_ima_blacklist_keyring(void) 83{ 84 return NULL; 85} 86#endif /* CONFIG_IMA_BLACKLIST_KEYRING */ 87 88#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ 89 defined(CONFIG_SYSTEM_TRUSTED_KEYRING) 90extern void __init set_platform_trusted_keys(struct key *keyring); 91#else 92static inline void set_platform_trusted_keys(struct key *keyring) 93{ 94} 95#endif 96 97#endif /* _KEYS_SYSTEM_KEYRING_H */