key-type.h source code [linux/include/linux/key-type.h]

1	/ SPDX-License-Identifier: GPL-2.0-or-later /
2	/ Definitions for key type implementations*
3	*
4	* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5	* Written by David Howells (dhowells@redhat.com)
6	*/
7
8	#ifndef _LINUX_KEY_TYPE_H
9	#define _LINUX_KEY_TYPE_H
10
11	#include <linux/key.h>
12	#include <linux/errno.h>
13
14	#ifdef CONFIG_KEYS
15
16	struct kernel_pkey_query;
17	struct kernel_pkey_params;
18
19	/*
20	* Pre-parsed payload, used by key add, update and instantiate.
21	*
22	* This struct will be cleared and data and datalen will be set with the data
23	* and length parameters from the caller and quotalen will be set from
24	* def_datalen from the key type. Then if the preparse() op is provided by the
25	* key type, that will be called. Then the struct will be passed to the
26	* instantiate() or the update() op.
27	*
28	* If the preparse() op is given, the free_preparse() op will be called to
29	* clear the contents.
30	*/
31	struct key_preparsed_payload {
32	const char orig_description; /* Actual or proposed description (maybe NULL) /
33	char description; /* Proposed key description (or NULL) /
34	union key_payload payload; / Proposed payload /
35	const void data; /* Raw data /
36	size_t datalen; / Raw datalen /
37	size_t quotalen; / Quota length for proposed payload /
38	time64_t expiry; / Expiry time of key /
39	} __randomize_layout;
40
41	typedef int (request_key_actor_t)(struct* key auth_key, void* *aux);
42
43	/*
44	* Preparsed matching criterion.
45	*/
46	struct key_match_data {
47	/ Comparison function, defaults to exact description match, but can be*
48	* overridden by type->match_preparse(). Should return true if a match
49	* is found and false if not.
50	*/
51	bool (cmp)(const* struct key *key,
52	const struct key_match_data *match_data);
53
54	const void raw_data; /* Raw match data /
55	void preparsed; /* For ->match_preparse() to stash stuff /
56	unsigned lookup_type; / Type of lookup for this search. /
57	#define KEYRING_SEARCH_LOOKUP_DIRECT 0x0000 /* Direct lookup by description. */
58	#define KEYRING_SEARCH_LOOKUP_ITERATE 0x0001 /* Iterative search. */
59	};
60
61	/*
62	* kernel managed key type definition
63	*/
64	struct key_type {
65	/ name of the type /
66	const char *name;
67
68	/ default payload length for quota precalculation (optional)*
69	* - this can be used instead of calling key_payload_reserve(), that
70	* function only needs to be called if the real datalen is different
71	*/
72	size_t def_datalen;
73
74	unsigned int flags;
75	#define KEY_TYPE_NET_DOMAIN 0x00000001 /* Keys of this type have a net namespace domain */
76	#define KEY_TYPE_INSTANT_REAP 0x00000002 /* Keys of this type don't have a delay after expiring */
77
78	/ vet a description /
79	int (vet_description)(const* char *description);
80
81	/ Preparse the data blob from userspace that is to be the payload,*
82	* generating a proposed description and payload that will be handed to
83	* the instantiate() and update() ops.
84	*/
85	int (preparse)(struct* key_preparsed_payload *prep);
86
87	/ Free a preparse data structure.*
88	*/
89	void (free_preparse)(struct* key_preparsed_payload *prep);
90
91	/ instantiate a key of this type*
92	* - this method should call key_payload_reserve() to determine if the
93	* user's quota will hold the payload
94	*/
95	int (instantiate)(struct* key key, struct* key_preparsed_payload *prep);
96
97	/ update a key of this type (optional)*
98	* - this method should call key_payload_reserve() to recalculate the
99	* quota consumption
100	* - the key must be locked against read when modifying
101	*/
102	int (update)(struct* key key, struct* key_preparsed_payload *prep);
103
104	/ Preparse the data supplied to ->match() (optional). The*
105	* data to be preparsed can be found in match_data->raw_data.
106	* The lookup type can also be set by this function.
107	*/
108	int (match_preparse)(struct* key_match_data *match_data);
109
110	/ Free preparsed match data (optional). This should be supplied it*
111	* ->match_preparse() is supplied. */
112	void (match_free)(struct* key_match_data *match_data);
113
114	/ clear some of the data from a key on revokation (optional)*
115	* - the key's semaphore will be write-locked by the caller
116	*/
117	void (revoke)(struct* key *key);
118
119	/ clear the data from a key (optional) /
120	void (destroy)(struct* key *key);
121
122	/ describe a key /
123	void (describe)(const* struct key key, struct* seq_file *p);
124
125	/ read a key's data (optional)*
126	* - permission checks will be done by the caller
127	* - the key's semaphore will be readlocked by the caller
128	* - should return the amount of data that could be read, no matter how
129	* much is copied into the buffer
130	* - shouldn't do the copy if the buffer is NULL
131	*/
132	long (read)(const* struct key key, char* *buffer, size_t buflen);
133
134	/ handle request_key() for this type instead of invoking*
135	* /sbin/request-key (optional)
136	* - key is the key to instantiate
137	* - authkey is the authority to assume when instantiating this key
138	* - op is the operation to be done, usually "create"
139	* - the call must not return until the instantiation process has run
140	* its course
141	*/
142	request_key_actor_t request_key;
143
144	/ Look up a keyring access restriction (optional)*
145	*
146	* - NULL is a valid return value (meaning the requested restriction
147	* is known but will never block addition of a key)
148	* - should return -EINVAL if the restriction is unknown
149	*/
150	struct key_restriction (lookup_restriction)(const char *params);
151
152	/ Asymmetric key accessor functions. /
153	int (asym_query)(const* struct kernel_pkey_params *params,
154	struct kernel_pkey_query *info);
155	int (asym_eds_op)(struct* kernel_pkey_params *params,
156	const void in, void* *out);
157	int (asym_verify_signature)(struct* kernel_pkey_params *params,
158	const void in, const* void *in2);
159
160	/ internal fields /
161	struct list_head link; / link in types list /
162	struct lock_class_key lock_class; / key->sem lock class /
163	} __randomize_layout;
164
165	extern struct key_type key_type_keyring;
166
167	extern int register_key_type(struct key_type *ktype);
168	extern void unregister_key_type(struct key_type *ktype);
169
170	extern int key_payload_reserve(struct key *key, size_t datalen);
171	extern int key_instantiate_and_link(struct key *key,
172	const void *data,
173	size_t datalen,
174	struct key *keyring,
175	struct key *authkey);
176	extern int key_reject_and_link(struct key *key,
177	unsigned timeout,
178	unsigned error,
179	struct key *keyring,
180	struct key *authkey);
181	extern void complete_request_key(struct key authkey, int* error);
182
183	static inline int key_negate_and_link(struct key *key,
184	unsigned timeout,
185	struct key *keyring,
186	struct key *authkey)
187	{
188	return key_reject_and_link(key, timeout, ENOKEY, keyring, authkey);
189	}
190
191	extern int generic_key_instantiate(struct key key, struct* key_preparsed_payload *prep);
192
193	#endif /* CONFIG_KEYS */
194	#endif /* _LINUX_KEY_TYPE_H */
195

source code of linux/include/linux/key-type.h