include/linux/key-type.h

   1 /* Definitions for key type implementations
   2  *
   3  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
   4  * Written by David Howells (dhowells@redhat.com)
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public Licence
   8  * as published by the Free Software Foundation; either version
   9  * 2 of the Licence, or (at your option) any later version.
  10  */
  11
  12 #ifndef _LINUX_KEY_TYPE_H
  13 #define _LINUX_KEY_TYPE_H
  14
  15 #include <linux/key.h>
  16
  17 #ifdef CONFIG_KEYS
  18
  19 /*
  20  * key under-construction record
  21  * - passed to the request_key actor if supplied
  22  */
  23 struct key_construction {
  24         struct key      *key;   /* key being constructed */
  25         struct key      *authkey;/* authorisation for key being constructed */
  26 };
  27
  28 typedef int (*request_key_actor_t)(struct key_construction *key,
  29                                    const char *op, void *aux);
  30
  31 /*
  32  * kernel managed key type definition
  33  */
  34 struct key_type {
  35         /* name of the type */
  36         const char *name;
  37
  38         /* default payload length for quota precalculation (optional)
  39          * - this can be used instead of calling key_payload_reserve(), that
  40          *   function only needs to be called if the real datalen is different
  41          */
  42         size_t def_datalen;
  43
  44         /* vet a description */
  45         int (*vet_description)(const char *description);
  46
  47         /* instantiate a key of this type
  48          * - this method should call key_payload_reserve() to determine if the
  49          *   user's quota will hold the payload
  50          */
  51         int (*instantiate)(struct key *key, const void *data, size_t datalen);
  52
  53         /* update a key of this type (optional)
  54          * - this method should call key_payload_reserve() to recalculate the
  55          *   quota consumption
  56          * - the key must be locked against read when modifying
  57          */
  58         int (*update)(struct key *key, const void *data, size_t datalen);
  59
  60         /* match a key against a description */
  61         int (*match)(const struct key *key, const void *desc);
  62
  63         /* clear some of the data from a key on revokation (optional)
  64          * - the key's semaphore will be write-locked by the caller
  65          */
  66         void (*revoke)(struct key *key);
  67
  68         /* clear the data from a key (optional) */
  69         void (*destroy)(struct key *key);
  70
  71         /* describe a key */
  72         void (*describe)(const struct key *key, struct seq_file *p);
  73
  74         /* read a key's data (optional)
  75          * - permission checks will be done by the caller
  76          * - the key's semaphore will be readlocked by the caller
  77          * - should return the amount of data that could be read, no matter how
  78          *   much is copied into the buffer
  79          * - shouldn't do the copy if the buffer is NULL
  80          */
  81         long (*read)(const struct key *key, char __user *buffer, size_t buflen);
  82
  83         /* handle request_key() for this type instead of invoking
  84          * /sbin/request-key (optional)
  85          * - key is the key to instantiate
  86          * - authkey is the authority to assume when instantiating this key
  87          * - op is the operation to be done, usually "create"
  88          * - the call must not return until the instantiation process has run
  89          *   its course
  90          */
  91         request_key_actor_t request_key;
  92
  93         /* internal fields */
  94         struct list_head        link;           /* link in types list */
  95 };
  96
  97 extern struct key_type key_type_keyring;
  98
  99 extern int register_key_type(struct key_type *ktype);
 100 extern void unregister_key_type(struct key_type *ktype);
 101
 102 extern int key_payload_reserve(struct key *key, size_t datalen);
 103 extern int key_instantiate_and_link(struct key *key,
 104                                     const void *data,
 105                                     size_t datalen,
 106                                     struct key *keyring,
 107                                     struct key *instkey);
 108 extern int key_reject_and_link(struct key *key,
 109                                unsigned timeout,
 110                                unsigned error,
 111                                struct key *keyring,
 112                                struct key *instkey);
 113 extern void complete_request_key(struct key_construction *cons, int error);
 114
 115 static inline int key_negate_and_link(struct key *key,
 116                                       unsigned timeout,
 117                                       struct key *keyring,
 118                                       struct key *instkey)
 119 {
 120         return key_reject_and_link(key, timeout, ENOKEY, keyring, instkey);
 121 }
 122
 123 #endif /* CONFIG_KEYS */
 124 #endif /* _LINUX_KEY_TYPE_H */