leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
41c89b64d7
linux/crypto/asymmetric_keys
History
Petko Manolov 41c89b64d7 IMA: create machine owner and blacklist keyrings 
This option creates IMA MOK and blacklist keyrings.  IMA MOK is an
intermediate keyring that sits between .system and .ima keyrings,
effectively forming a simple CA hierarchy.  To successfully import a key
into .ima_mok it must be signed by a key which CA is in .system keyring.
On turn any key that needs to go in .ima keyring must be signed by CA in
either .system or .ima_mok keyrings. IMA MOK is empty at kernel boot.

IMA blacklist keyring contains all revoked IMA keys.  It is consulted
before any other keyring.  If the search is successful the requested
operation is rejected and error is returned to the caller.

Signed-off-by: Petko Manolov <petkan@mip-labs.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2015-12-15 10:01:43 -05:00
..
.gitignore X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
asymmetric_keys.h KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
asymmetric_type.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
Kconfig Merge branch 'keys-fixes' into keys-next 2014-07-22 21:55:45 +01:00
Makefile X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
mscode_parser.c PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them 2015-09-01 09:59:20 +10:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c PKCS#7: Add MODULE_LICENSE() to test module 2015-08-13 02:51:33 +01:00
pkcs7_parser.c PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them 2015-09-01 09:59:20 +10:00
pkcs7_parser.h PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs7_trust.c X.509: Support X.509 lookup by Issuer+Serial form AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
pkcs7_verify.c crypto: pkcs7 - Fix unaligned access in pkcs7_verify() 2015-10-14 22:23:38 +08:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
public_key.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
public_key.h KEYS: Split public_key_verify_signature() and make available 2013-09-25 17:17:00 +01:00
rsa.c crypto: asymmetric_keys/rsa - Use non-conflicting variable name 2015-06-25 23:18:33 +08:00
signature.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
verify_pefile.c PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
verify_pefile.h pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c X.509: Fix the time validation [ver #2] 2015-11-12 21:17:15 +11:00
x509_parser.h KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
x509_public_key.c IMA: create machine owner and blacklist keyrings 2015-12-15 10:01:43 -05:00
x509_rsakey.asn1 X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00