Blame view
include/linux/key-type.h
6.45 KB
b4d0d230c treewide: Replace... |
1 |
/* SPDX-License-Identifier: GPL-2.0-or-later */ |
76181c134 KEYS: Make reques... |
2 3 4 5 |
/* Definitions for key type implementations * * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) |
76181c134 KEYS: Make reques... |
6 7 8 9 10 11 |
*/ #ifndef _LINUX_KEY_TYPE_H #define _LINUX_KEY_TYPE_H #include <linux/key.h> |
5935e6dca KEYS: linux/key-t... |
12 |
#include <linux/errno.h> |
76181c134 KEYS: Make reques... |
13 14 |
#ifdef CONFIG_KEYS |
70025f84e KEYS: Provide key... |
15 16 |
struct kernel_pkey_query; struct kernel_pkey_params; |
76181c134 KEYS: Make reques... |
17 |
/* |
cf7f601c0 KEYS: Add payload... |
18 19 20 21 22 23 24 25 26 27 28 29 30 |
* Pre-parsed payload, used by key add, update and instantiate. * * This struct will be cleared and data and datalen will be set with the data * and length parameters from the caller and quotalen will be set from * def_datalen from the key type. Then if the preparse() op is provided by the * key type, that will be called. Then the struct will be passed to the * instantiate() or the update() op. * * If the preparse() op is given, the free_preparse() op will be called to * clear the contents. */ struct key_preparsed_payload { char *description; /* Proposed key description (or NULL) */ |
146aa8b14 KEYS: Merge the t... |
31 |
union key_payload payload; /* Proposed payload */ |
cf7f601c0 KEYS: Add payload... |
32 33 34 |
const void *data; /* Raw data */ size_t datalen; /* Raw datalen */ size_t quotalen; /* Quota length for proposed payload */ |
0a9dd0e07 security: keys: R... |
35 |
time64_t expiry; /* Expiry time of key */ |
3859a271a randstruct: Mark ... |
36 |
} __randomize_layout; |
cf7f601c0 KEYS: Add payload... |
37 |
|
822ad64d7 keys: Fix depende... |
38 |
typedef int (*request_key_actor_t)(struct key *auth_key, void *aux); |
76181c134 KEYS: Make reques... |
39 40 |
/* |
462919591 KEYS: Preparse ma... |
41 42 43 |
* Preparsed matching criterion. */ struct key_match_data { |
0c903ab64 KEYS: Make the ke... |
44 45 46 47 48 49 |
/* Comparison function, defaults to exact description match, but can be * overridden by type->match_preparse(). Should return true if a match * is found and false if not. */ bool (*cmp)(const struct key *key, const struct key_match_data *match_data); |
462919591 KEYS: Preparse ma... |
50 51 52 53 54 55 56 57 58 |
const void *raw_data; /* Raw match data */ void *preparsed; /* For ->match_preparse() to stash stuff */ unsigned lookup_type; /* Type of lookup for this search. */ #define KEYRING_SEARCH_LOOKUP_DIRECT 0x0000 /* Direct lookup by description. */ #define KEYRING_SEARCH_LOOKUP_ITERATE 0x0001 /* Iterative search. */ }; /* |
76181c134 KEYS: Make reques... |
59 60 61 62 63 64 65 66 67 68 69 |
* kernel managed key type definition */ struct key_type { /* name of the type */ const char *name; /* default payload length for quota precalculation (optional) * - this can be used instead of calling key_payload_reserve(), that * function only needs to be called if the real datalen is different */ size_t def_datalen; |
9b2426105 keys: Network nam... |
70 71 |
unsigned int flags; #define KEY_TYPE_NET_DOMAIN 0x00000001 /* Keys of this type have a net namespace domain */ |
b9fffa387 KEYS: Add a key t... |
72 73 |
/* vet a description */ int (*vet_description)(const char *description); |
cf7f601c0 KEYS: Add payload... |
74 75 76 77 78 79 80 81 82 |
/* Preparse the data blob from userspace that is to be the payload, * generating a proposed description and payload that will be handed to * the instantiate() and update() ops. */ int (*preparse)(struct key_preparsed_payload *prep); /* Free a preparse data structure. */ void (*free_preparse)(struct key_preparsed_payload *prep); |
76181c134 KEYS: Make reques... |
83 84 85 86 |
/* instantiate a key of this type * - this method should call key_payload_reserve() to determine if the * user's quota will hold the payload */ |
cf7f601c0 KEYS: Add payload... |
87 |
int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); |
76181c134 KEYS: Make reques... |
88 89 90 91 92 93 |
/* update a key of this type (optional) * - this method should call key_payload_reserve() to recalculate the * quota consumption * - the key must be locked against read when modifying */ |
cf7f601c0 KEYS: Add payload... |
94 |
int (*update)(struct key *key, struct key_preparsed_payload *prep); |
76181c134 KEYS: Make reques... |
95 |
|
462919591 KEYS: Preparse ma... |
96 97 98 99 100 |
/* Preparse the data supplied to ->match() (optional). The * data to be preparsed can be found in match_data->raw_data. * The lookup type can also be set by this function. */ int (*match_preparse)(struct key_match_data *match_data); |
462919591 KEYS: Preparse ma... |
101 102 103 |
/* Free preparsed match data (optional). This should be supplied it * ->match_preparse() is supplied. */ void (*match_free)(struct key_match_data *match_data); |
76181c134 KEYS: Make reques... |
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
/* clear some of the data from a key on revokation (optional) * - the key's semaphore will be write-locked by the caller */ void (*revoke)(struct key *key); /* clear the data from a key (optional) */ void (*destroy)(struct key *key); /* describe a key */ void (*describe)(const struct key *key, struct seq_file *p); /* read a key's data (optional) * - permission checks will be done by the caller * - the key's semaphore will be readlocked by the caller * - should return the amount of data that could be read, no matter how * much is copied into the buffer * - shouldn't do the copy if the buffer is NULL */ |
d3ec10aa9 KEYS: Don't write... |
123 |
long (*read)(const struct key *key, char *buffer, size_t buflen); |
76181c134 KEYS: Make reques... |
124 125 126 127 128 129 130 131 132 133 |
/* handle request_key() for this type instead of invoking * /sbin/request-key (optional) * - key is the key to instantiate * - authkey is the authority to assume when instantiating this key * - op is the operation to be done, usually "create" * - the call must not return until the instantiation process has run * its course */ request_key_actor_t request_key; |
efba797b9 KEYS: Add an opti... |
134 135 136 137 138 139 140 |
/* Look up a keyring access restriction (optional) * * - NULL is a valid return value (meaning the requested restriction * is known but will never block addition of a key) * - should return -EINVAL if the restriction is unknown */ struct key_restriction *(*lookup_restriction)(const char *params); |
70025f84e KEYS: Provide key... |
141 142 143 144 145 146 147 |
/* Asymmetric key accessor functions. */ int (*asym_query)(const struct kernel_pkey_params *params, struct kernel_pkey_query *info); int (*asym_eds_op)(struct kernel_pkey_params *params, const void *in, void *out); int (*asym_verify_signature)(struct kernel_pkey_params *params, const void *in, const void *in2); |
76181c134 KEYS: Make reques... |
148 149 |
/* internal fields */ struct list_head link; /* link in types list */ |
7845bc396 KEYS: Give key ty... |
150 |
struct lock_class_key lock_class; /* key->sem lock class */ |
3859a271a randstruct: Mark ... |
151 |
} __randomize_layout; |
76181c134 KEYS: Make reques... |
152 153 154 155 156 157 158 159 160 161 162 |
extern struct key_type key_type_keyring; extern int register_key_type(struct key_type *ktype); extern void unregister_key_type(struct key_type *ktype); extern int key_payload_reserve(struct key *key, size_t datalen); extern int key_instantiate_and_link(struct key *key, const void *data, size_t datalen, struct key *keyring, |
822ad64d7 keys: Fix depende... |
163 |
struct key *authkey); |
fdd1b9458 KEYS: Add a new k... |
164 |
extern int key_reject_and_link(struct key *key, |
76181c134 KEYS: Make reques... |
165 |
unsigned timeout, |
fdd1b9458 KEYS: Add a new k... |
166 |
unsigned error, |
76181c134 KEYS: Make reques... |
167 |
struct key *keyring, |
822ad64d7 keys: Fix depende... |
168 169 |
struct key *authkey); extern void complete_request_key(struct key *authkey, int error); |
76181c134 KEYS: Make reques... |
170 |
|
fdd1b9458 KEYS: Add a new k... |
171 172 173 |
static inline int key_negate_and_link(struct key *key, unsigned timeout, struct key *keyring, |
822ad64d7 keys: Fix depende... |
174 |
struct key *authkey) |
fdd1b9458 KEYS: Add a new k... |
175 |
{ |
822ad64d7 keys: Fix depende... |
176 |
return key_reject_and_link(key, timeout, ENOKEY, keyring, authkey); |
fdd1b9458 KEYS: Add a new k... |
177 |
} |
6a09d17bb KEYS: Provide a g... |
178 |
extern int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep); |
76181c134 KEYS: Make reques... |
179 180 |
#endif /* CONFIG_KEYS */ #endif /* _LINUX_KEY_TYPE_H */ |