/* System keyring containing trusted public keys.
|
*
|
* Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
|
* Written by David Howells (dhowells@redhat.com)
|
*
|
* This program is free software; you can redistribute it and/or
|
* modify it under the terms of the GNU General Public Licence
|
* as published by the Free Software Foundation; either version
|
* 2 of the Licence, or (at your option) any later version.
|
*/
|
|
#ifndef _KEYS_SYSTEM_KEYRING_H
|
#define _KEYS_SYSTEM_KEYRING_H
|
|
#include <linux/key.h>
|
|
#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
|
|
extern int restrict_link_by_builtin_trusted(struct key *keyring,
|
const struct key_type *type,
|
const union key_payload *payload,
|
struct key *restriction_key);
|
|
#else
|
#define restrict_link_by_builtin_trusted restrict_link_reject
|
#endif
|
|
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
extern int restrict_link_by_builtin_and_secondary_trusted(
|
struct key *keyring,
|
const struct key_type *type,
|
const union key_payload *payload,
|
struct key *restriction_key);
|
#else
|
#define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
|
#endif
|
|
#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
extern int mark_hash_blacklisted(const char *hash);
|
extern int is_hash_blacklisted(const u8 *hash, size_t hash_len,
|
const char *type);
|
#else
|
static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len,
|
const char *type)
|
{
|
return 0;
|
}
|
#endif
|
|
#ifdef CONFIG_IMA_BLACKLIST_KEYRING
|
extern struct key *ima_blacklist_keyring;
|
|
static inline struct key *get_ima_blacklist_keyring(void)
|
{
|
return ima_blacklist_keyring;
|
}
|
#else
|
static inline struct key *get_ima_blacklist_keyring(void)
|
{
|
return NULL;
|
}
|
#endif /* CONFIG_IMA_BLACKLIST_KEYRING */
|
|
|
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
