summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorEric Snowberg <eric.snowberg@oracle.com>2023-03-02 11:46:51 -0500
committerJarkko Sakkinen <jarkko@kernel.org>2023-04-24 16:15:53 +0300
commit76adb2fbc69a13c80b39042aab4d34e99309c8d4 (patch)
tree3b3400c19916ea1a2db285fdb7d324c5642cad15 /include
parent567671281a751b80918a4531c4ba84b90a2a42c0 (diff)
KEYS: CA link restriction
Add a new link restriction. Restrict the addition of keys in a keyring based on the key to be added being a CA. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'include')
-rw-r--r--include/crypto/public_key.h15
1 files changed, 15 insertions, 0 deletions
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 03c3fb990d59..653992a6e941 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -75,6 +75,21 @@ extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
const union key_payload *payload,
struct key *trusted);
+#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
+extern int restrict_link_by_ca(struct key *dest_keyring,
+ const struct key_type *type,
+ const union key_payload *payload,
+ struct key *trust_keyring);
+#else
+static inline int restrict_link_by_ca(struct key *dest_keyring,
+ const struct key_type *type,
+ const union key_payload *payload,
+ struct key *trust_keyring)
+{
+ return 0;
+}
+#endif
+
extern int query_asymmetric_key(const struct kernel_pkey_params *,
struct kernel_pkey_query *);