]>
Commit | Line | Data |
---|---|---|
1 | /* Definitions for key type implementations | |
2 | * | |
3 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. | |
4 | * Written by David Howells (dhowells@redhat.com) | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public Licence | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the Licence, or (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #ifndef _LINUX_KEY_TYPE_H | |
13 | #define _LINUX_KEY_TYPE_H | |
14 | ||
15 | #include <linux/key.h> | |
16 | #include <linux/errno.h> | |
17 | ||
18 | #ifdef CONFIG_KEYS | |
19 | ||
20 | /* | |
21 | * Pre-parsed payload, used by key add, update and instantiate. | |
22 | * | |
23 | * This struct will be cleared and data and datalen will be set with the data | |
24 | * and length parameters from the caller and quotalen will be set from | |
25 | * def_datalen from the key type. Then if the preparse() op is provided by the | |
26 | * key type, that will be called. Then the struct will be passed to the | |
27 | * instantiate() or the update() op. | |
28 | * | |
29 | * If the preparse() op is given, the free_preparse() op will be called to | |
30 | * clear the contents. | |
31 | */ | |
32 | struct key_preparsed_payload { | |
33 | char *description; /* Proposed key description (or NULL) */ | |
34 | union key_payload payload; /* Proposed payload */ | |
35 | const void *data; /* Raw data */ | |
36 | size_t datalen; /* Raw datalen */ | |
37 | size_t quotalen; /* Quota length for proposed payload */ | |
38 | time64_t expiry; /* Expiry time of key */ | |
39 | } __randomize_layout; | |
40 | ||
41 | typedef int (*request_key_actor_t)(struct key *auth_key, void *aux); | |
42 | ||
43 | /* | |
44 | * Preparsed matching criterion. | |
45 | */ | |
46 | struct key_match_data { | |
47 | /* Comparison function, defaults to exact description match, but can be | |
48 | * overridden by type->match_preparse(). Should return true if a match | |
49 | * is found and false if not. | |
50 | */ | |
51 | bool (*cmp)(const struct key *key, | |
52 | const struct key_match_data *match_data); | |
53 | ||
54 | const void *raw_data; /* Raw match data */ | |
55 | void *preparsed; /* For ->match_preparse() to stash stuff */ | |
56 | unsigned lookup_type; /* Type of lookup for this search. */ | |
57 | #define KEYRING_SEARCH_LOOKUP_DIRECT 0x0000 /* Direct lookup by description. */ | |
58 | #define KEYRING_SEARCH_LOOKUP_ITERATE 0x0001 /* Iterative search. */ | |
59 | }; | |
60 | ||
61 | /* | |
62 | * kernel managed key type definition | |
63 | */ | |
64 | struct key_type { | |
65 | /* name of the type */ | |
66 | const char *name; | |
67 | ||
68 | /* default payload length for quota precalculation (optional) | |
69 | * - this can be used instead of calling key_payload_reserve(), that | |
70 | * function only needs to be called if the real datalen is different | |
71 | */ | |
72 | size_t def_datalen; | |
73 | ||
74 | /* vet a description */ | |
75 | int (*vet_description)(const char *description); | |
76 | ||
77 | /* Preparse the data blob from userspace that is to be the payload, | |
78 | * generating a proposed description and payload that will be handed to | |
79 | * the instantiate() and update() ops. | |
80 | */ | |
81 | int (*preparse)(struct key_preparsed_payload *prep); | |
82 | ||
83 | /* Free a preparse data structure. | |
84 | */ | |
85 | void (*free_preparse)(struct key_preparsed_payload *prep); | |
86 | ||
87 | /* instantiate a key of this type | |
88 | * - this method should call key_payload_reserve() to determine if the | |
89 | * user's quota will hold the payload | |
90 | */ | |
91 | int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); | |
92 | ||
93 | /* update a key of this type (optional) | |
94 | * - this method should call key_payload_reserve() to recalculate the | |
95 | * quota consumption | |
96 | * - the key must be locked against read when modifying | |
97 | */ | |
98 | int (*update)(struct key *key, struct key_preparsed_payload *prep); | |
99 | ||
100 | /* Preparse the data supplied to ->match() (optional). The | |
101 | * data to be preparsed can be found in match_data->raw_data. | |
102 | * The lookup type can also be set by this function. | |
103 | */ | |
104 | int (*match_preparse)(struct key_match_data *match_data); | |
105 | ||
106 | /* Free preparsed match data (optional). This should be supplied it | |
107 | * ->match_preparse() is supplied. */ | |
108 | void (*match_free)(struct key_match_data *match_data); | |
109 | ||
110 | /* clear some of the data from a key on revokation (optional) | |
111 | * - the key's semaphore will be write-locked by the caller | |
112 | */ | |
113 | void (*revoke)(struct key *key); | |
114 | ||
115 | /* clear the data from a key (optional) */ | |
116 | void (*destroy)(struct key *key); | |
117 | ||
118 | /* describe a key */ | |
119 | void (*describe)(const struct key *key, struct seq_file *p); | |
120 | ||
121 | /* read a key's data (optional) | |
122 | * - permission checks will be done by the caller | |
123 | * - the key's semaphore will be readlocked by the caller | |
124 | * - should return the amount of data that could be read, no matter how | |
125 | * much is copied into the buffer | |
126 | * - shouldn't do the copy if the buffer is NULL | |
127 | */ | |
128 | long (*read)(const struct key *key, char __user *buffer, size_t buflen); | |
129 | ||
130 | /* handle request_key() for this type instead of invoking | |
131 | * /sbin/request-key (optional) | |
132 | * - key is the key to instantiate | |
133 | * - authkey is the authority to assume when instantiating this key | |
134 | * - op is the operation to be done, usually "create" | |
135 | * - the call must not return until the instantiation process has run | |
136 | * its course | |
137 | */ | |
138 | request_key_actor_t request_key; | |
139 | ||
140 | /* Look up a keyring access restriction (optional) | |
141 | * | |
142 | * - NULL is a valid return value (meaning the requested restriction | |
143 | * is known but will never block addition of a key) | |
144 | * - should return -EINVAL if the restriction is unknown | |
145 | */ | |
146 | struct key_restriction *(*lookup_restriction)(const char *params); | |
147 | ||
148 | /* internal fields */ | |
149 | struct list_head link; /* link in types list */ | |
150 | struct lock_class_key lock_class; /* key->sem lock class */ | |
151 | } __randomize_layout; | |
152 | ||
153 | extern struct key_type key_type_keyring; | |
154 | ||
155 | extern int register_key_type(struct key_type *ktype); | |
156 | extern void unregister_key_type(struct key_type *ktype); | |
157 | ||
158 | extern int key_payload_reserve(struct key *key, size_t datalen); | |
159 | extern int key_instantiate_and_link(struct key *key, | |
160 | const void *data, | |
161 | size_t datalen, | |
162 | struct key *keyring, | |
163 | struct key *authkey); | |
164 | extern int key_reject_and_link(struct key *key, | |
165 | unsigned timeout, | |
166 | unsigned error, | |
167 | struct key *keyring, | |
168 | struct key *authkey); | |
169 | extern void complete_request_key(struct key *authkey, int error); | |
170 | ||
171 | static inline int key_negate_and_link(struct key *key, | |
172 | unsigned timeout, | |
173 | struct key *keyring, | |
174 | struct key *authkey) | |
175 | { | |
176 | return key_reject_and_link(key, timeout, ENOKEY, keyring, authkey); | |
177 | } | |
178 | ||
179 | extern int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep); | |
180 | ||
181 | #endif /* CONFIG_KEYS */ | |
182 | #endif /* _LINUX_KEY_TYPE_H */ |