KEYS: Keyring asymmetric key restrict method with chaining
authorMat Martineau <mathew.j.martineau@linux.intel.com>
Tue, 4 Oct 2016 23:42:45 +0000 (16:42 -0700)
committerMat Martineau <mathew.j.martineau@linux.intel.com>
Tue, 4 Apr 2017 21:10:13 +0000 (14:10 -0700)
commit8e323a02e866014091180443ccb186fee1e3d30d
treebb473a491f791be1c0f9c42b66c4b700ff151d74
parent7e3c4d22083f6e7316c5229b6197ca2d5335aa35
KEYS: Keyring asymmetric key restrict method with chaining

Add a restrict_link_by_key_or_keyring_chain link restriction that
searches for signing keys in the destination keyring in addition to the
signing key or keyring designated when the destination keyring was
created. Userspace enables this behavior by including the "chain" option
in the keyring restriction:

  keyctl(KEYCTL_RESTRICT_KEYRING, keyring, "asymmetric",
         "key_or_keyring:<signing key>:chain");

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Documentation/crypto/asymmetric-keys.txt
crypto/asymmetric_keys/asymmetric_type.c
crypto/asymmetric_keys/restrict.c
include/crypto/public_key.h