1/* Definitions for key type implementations 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12#ifndef _LINUX_KEY_TYPE_H 13#define _LINUX_KEY_TYPE_H 14 15#include <linux/key.h> 16 17#ifdef CONFIG_KEYS 18 19/* 20 * key under-construction record 21 * - passed to the request_key actor if supplied 22 */ 23struct key_construction { 24 struct key *key; /* key being constructed */ 25 struct key *authkey;/* authorisation for key being constructed */ 26}; 27 28typedef int (*request_key_actor_t)(struct key_construction *key, 29 const char *op, void *aux); 30 31/* 32 * kernel managed key type definition 33 */ 34struct key_type { 35 /* name of the type */ 36 const char *name; 37 38 /* default payload length for quota precalculation (optional) 39 * - this can be used instead of calling key_payload_reserve(), that 40 * function only needs to be called if the real datalen is different 41 */ 42 size_t def_datalen; 43 44 /* vet a description */ 45 int (*vet_description)(const char *description); 46 47 /* instantiate a key of this type 48 * - this method should call key_payload_reserve() to determine if the 49 * user's quota will hold the payload 50 */ 51 int (*instantiate)(struct key *key, const void *data, size_t datalen); 52 53 /* update a key of this type (optional) 54 * - this method should call key_payload_reserve() to recalculate the 55 * quota consumption 56 * - the key must be locked against read when modifying 57 */ 58 int (*update)(struct key *key, const void *data, size_t datalen); 59 60 /* match a key against a description */ 61 int (*match)(const struct key *key, const void *desc); 62 63 /* clear some of the data from a key on revokation (optional) 64 * - the key's semaphore will be write-locked by the caller 65 */ 66 void (*revoke)(struct key *key); 67 68 /* clear the data from a key (optional) */ 69 void (*destroy)(struct key *key); 70 71 /* describe a key */ 72 void (*describe)(const struct key *key, struct seq_file *p); 73 74 /* read a key's data (optional) 75 * - permission checks will be done by the caller 76 * - the key's semaphore will be readlocked by the caller 77 * - should return the amount of data that could be read, no matter how 78 * much is copied into the buffer 79 * - shouldn't do the copy if the buffer is NULL 80 */ 81 long (*read)(const struct key *key, char __user *buffer, size_t buflen); 82 83 /* handle request_key() for this type instead of invoking 84 * /sbin/request-key (optional) 85 * - key is the key to instantiate 86 * - authkey is the authority to assume when instantiating this key 87 * - op is the operation to be done, usually "create" 88 * - the call must not return until the instantiation process has run 89 * its course 90 */ 91 request_key_actor_t request_key; 92 93 /* internal fields */ 94 struct list_head link; /* link in types list */ 95}; 96 97extern struct key_type key_type_keyring; 98 99extern int register_key_type(struct key_type *ktype); 100extern void unregister_key_type(struct key_type *ktype); 101 102extern int key_payload_reserve(struct key *key, size_t datalen); 103extern int key_instantiate_and_link(struct key *key, 104 const void *data, 105 size_t datalen, 106 struct key *keyring, 107 struct key *instkey); 108extern int key_reject_and_link(struct key *key, 109 unsigned timeout, 110 unsigned error, 111 struct key *keyring, 112 struct key *instkey); 113extern void complete_request_key(struct key_construction *cons, int error); 114 115static inline int key_negate_and_link(struct key *key, 116 unsigned timeout, 117 struct key *keyring, 118 struct key *instkey) 119{ 120 return key_reject_and_link(key, timeout, ENOKEY, keyring, instkey); 121} 122 123#endif /* CONFIG_KEYS */ 124#endif /* _LINUX_KEY_TYPE_H */ 125