include/linux/key.h at v4.13 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / linux / key.h
at v4.13 13 kB view raw
  1/* Authentication token and access key management
  2 *
  3 * Copyright (C) 2004, 2007 Red Hat, Inc. All Rights Reserved.
  4 * Written by David Howells (dhowells@redhat.com)
  5 *
  6 * This program is free software; you can redistribute it and/or
  7 * modify it under the terms of the GNU General Public License
  8 * as published by the Free Software Foundation; either version
  9 * 2 of the License, or (at your option) any later version.
 10 *
 11 *
 12 * See Documentation/security/keys/core.rst for information on keys/keyrings.
 13 */
 14
 15#ifndef _LINUX_KEY_H
 16#define _LINUX_KEY_H
 17
 18#include <linux/types.h>
 19#include <linux/list.h>
 20#include <linux/rbtree.h>
 21#include <linux/rcupdate.h>
 22#include <linux/sysctl.h>
 23#include <linux/rwsem.h>
 24#include <linux/atomic.h>
 25#include <linux/assoc_array.h>
 26#include <linux/refcount.h>
 27
 28#ifdef __KERNEL__
 29#include <linux/uidgid.h>
 30
 31/* key handle serial number */
 32typedef int32_t key_serial_t;
 33
 34/* key handle permissions mask */
 35typedef uint32_t key_perm_t;
 36
 37struct key;
 38
 39#ifdef CONFIG_KEYS
 40
 41#undef KEY_DEBUGGING
 42
 43#define KEY_POS_VIEW	0x01000000	/* possessor can view a key's attributes */
 44#define KEY_POS_READ	0x02000000	/* possessor can read key payload / view keyring */
 45#define KEY_POS_WRITE	0x04000000	/* possessor can update key payload / add link to keyring */
 46#define KEY_POS_SEARCH	0x08000000	/* possessor can find a key in search / search a keyring */
 47#define KEY_POS_LINK	0x10000000	/* possessor can create a link to a key/keyring */
 48#define KEY_POS_SETATTR	0x20000000	/* possessor can set key attributes */
 49#define KEY_POS_ALL	0x3f000000
 50
 51#define KEY_USR_VIEW	0x00010000	/* user permissions... */
 52#define KEY_USR_READ	0x00020000
 53#define KEY_USR_WRITE	0x00040000
 54#define KEY_USR_SEARCH	0x00080000
 55#define KEY_USR_LINK	0x00100000
 56#define KEY_USR_SETATTR	0x00200000
 57#define KEY_USR_ALL	0x003f0000
 58
 59#define KEY_GRP_VIEW	0x00000100	/* group permissions... */
 60#define KEY_GRP_READ	0x00000200
 61#define KEY_GRP_WRITE	0x00000400
 62#define KEY_GRP_SEARCH	0x00000800
 63#define KEY_GRP_LINK	0x00001000
 64#define KEY_GRP_SETATTR	0x00002000
 65#define KEY_GRP_ALL	0x00003f00
 66
 67#define KEY_OTH_VIEW	0x00000001	/* third party permissions... */
 68#define KEY_OTH_READ	0x00000002
 69#define KEY_OTH_WRITE	0x00000004
 70#define KEY_OTH_SEARCH	0x00000008
 71#define KEY_OTH_LINK	0x00000010
 72#define KEY_OTH_SETATTR	0x00000020
 73#define KEY_OTH_ALL	0x0000003f
 74
 75#define KEY_PERM_UNDEF	0xffffffff
 76
 77struct seq_file;
 78struct user_struct;
 79struct signal_struct;
 80struct cred;
 81
 82struct key_type;
 83struct key_owner;
 84struct keyring_list;
 85struct keyring_name;
 86
 87struct keyring_index_key {
 88	struct key_type		*type;
 89	const char		*description;
 90	size_t			desc_len;
 91};
 92
 93union key_payload {
 94	void __rcu		*rcu_data0;
 95	void			*data[4];
 96};
 97
 98/*****************************************************************************/
 99/*
100 * key reference with possession attribute handling
101 *
102 * NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
103 * defined. This is because we abuse the bottom bit of the reference to carry a
104 * flag to indicate whether the calling process possesses that key in one of
105 * its keyrings.
106 *
107 * the key_ref_t has been made a separate type so that the compiler can reject
108 * attempts to dereference it without proper conversion.
109 *
110 * the three functions are used to assemble and disassemble references
111 */
112typedef struct __key_reference_with_attributes *key_ref_t;
113
114static inline key_ref_t make_key_ref(const struct key *key,
115				     bool possession)
116{
117	return (key_ref_t) ((unsigned long) key | possession);
118}
119
120static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
121{
122	return (struct key *) ((unsigned long) key_ref & ~1UL);
123}
124
125static inline bool is_key_possessed(const key_ref_t key_ref)
126{
127	return (unsigned long) key_ref & 1UL;
128}
129
130typedef int (*key_restrict_link_func_t)(struct key *dest_keyring,
131					const struct key_type *type,
132					const union key_payload *payload,
133					struct key *restriction_key);
134
135struct key_restriction {
136	key_restrict_link_func_t check;
137	struct key *key;
138	struct key_type *keytype;
139};
140
141/*****************************************************************************/
142/*
143 * authentication token / access credential / keyring
144 * - types of key include:
145 *   - keyrings
146 *   - disk encryption IDs
147 *   - Kerberos TGTs and tickets
148 */
149struct key {
150	refcount_t		usage;		/* number of references */
151	key_serial_t		serial;		/* key serial number */
152	union {
153		struct list_head graveyard_link;
154		struct rb_node	serial_node;
155	};
156	struct rw_semaphore	sem;		/* change vs change sem */
157	struct key_user		*user;		/* owner of this key */
158	void			*security;	/* security data for this key */
159	union {
160		time_t		expiry;		/* time at which key expires (or 0) */
161		time_t		revoked_at;	/* time at which key was revoked */
162	};
163	time_t			last_used_at;	/* last time used for LRU keyring discard */
164	kuid_t			uid;
165	kgid_t			gid;
166	key_perm_t		perm;		/* access permissions */
167	unsigned short		quotalen;	/* length added to quota */
168	unsigned short		datalen;	/* payload data length
169						 * - may not match RCU dereferenced payload
170						 * - payload should contain own length
171						 */
172
173#ifdef KEY_DEBUGGING
174	unsigned		magic;
175#define KEY_DEBUG_MAGIC		0x18273645u
176#endif
177
178	unsigned long		flags;		/* status flags (change with bitops) */
179#define KEY_FLAG_INSTANTIATED	0	/* set if key has been instantiated */
180#define KEY_FLAG_DEAD		1	/* set if key type has been deleted */
181#define KEY_FLAG_REVOKED	2	/* set if key had been revoked */
182#define KEY_FLAG_IN_QUOTA	3	/* set if key consumes quota */
183#define KEY_FLAG_USER_CONSTRUCT	4	/* set if key is being constructed in userspace */
184#define KEY_FLAG_NEGATIVE	5	/* set if key is negative */
185#define KEY_FLAG_ROOT_CAN_CLEAR	6	/* set if key can be cleared by root without permission */
186#define KEY_FLAG_INVALIDATED	7	/* set if key has been invalidated */
187#define KEY_FLAG_BUILTIN	8	/* set if key is built in to the kernel */
188#define KEY_FLAG_ROOT_CAN_INVAL	9	/* set if key can be invalidated by root without permission */
189#define KEY_FLAG_KEEP		10	/* set if key should not be removed */
190
191	/* the key type and key description string
192	 * - the desc is used to match a key against search criteria
193	 * - it should be a printable string
194	 * - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
195	 */
196	union {
197		struct keyring_index_key index_key;
198		struct {
199			struct key_type	*type;		/* type of key */
200			char		*description;
201		};
202	};
203
204	/* key data
205	 * - this is used to hold the data actually used in cryptography or
206	 *   whatever
207	 */
208	union {
209		union key_payload payload;
210		struct {
211			/* Keyring bits */
212			struct list_head name_link;
213			struct assoc_array keys;
214		};
215		int reject_error;
216	};
217
218	/* This is set on a keyring to restrict the addition of a link to a key
219	 * to it.  If this structure isn't provided then it is assumed that the
220	 * keyring is open to any addition.  It is ignored for non-keyring
221	 * keys. Only set this value using keyring_restrict(), keyring_alloc(),
222	 * or key_alloc().
223	 *
224	 * This is intended for use with rings of trusted keys whereby addition
225	 * to the keyring needs to be controlled.  KEY_ALLOC_BYPASS_RESTRICTION
226	 * overrides this, allowing the kernel to add extra keys without
227	 * restriction.
228	 */
229	struct key_restriction *restrict_link;
230};
231
232extern struct key *key_alloc(struct key_type *type,
233			     const char *desc,
234			     kuid_t uid, kgid_t gid,
235			     const struct cred *cred,
236			     key_perm_t perm,
237			     unsigned long flags,
238			     struct key_restriction *restrict_link);
239
240
241#define KEY_ALLOC_IN_QUOTA		0x0000	/* add to quota, reject if would overrun */
242#define KEY_ALLOC_QUOTA_OVERRUN		0x0001	/* add to quota, permit even if overrun */
243#define KEY_ALLOC_NOT_IN_QUOTA		0x0002	/* not in quota */
244#define KEY_ALLOC_BUILT_IN		0x0004	/* Key is built into kernel */
245#define KEY_ALLOC_BYPASS_RESTRICTION	0x0008	/* Override the check on restricted keyrings */
246
247extern void key_revoke(struct key *key);
248extern void key_invalidate(struct key *key);
249extern void key_put(struct key *key);
250
251static inline struct key *__key_get(struct key *key)
252{
253	refcount_inc(&key->usage);
254	return key;
255}
256
257static inline struct key *key_get(struct key *key)
258{
259	return key ? __key_get(key) : key;
260}
261
262static inline void key_ref_put(key_ref_t key_ref)
263{
264	key_put(key_ref_to_ptr(key_ref));
265}
266
267extern struct key *request_key(struct key_type *type,
268			       const char *description,
269			       const char *callout_info);
270
271extern struct key *request_key_with_auxdata(struct key_type *type,
272					    const char *description,
273					    const void *callout_info,
274					    size_t callout_len,
275					    void *aux);
276
277extern struct key *request_key_async(struct key_type *type,
278				     const char *description,
279				     const void *callout_info,
280				     size_t callout_len);
281
282extern struct key *request_key_async_with_auxdata(struct key_type *type,
283						  const char *description,
284						  const void *callout_info,
285						  size_t callout_len,
286						  void *aux);
287
288extern int wait_for_key_construction(struct key *key, bool intr);
289
290extern int key_validate(const struct key *key);
291
292extern key_ref_t key_create_or_update(key_ref_t keyring,
293				      const char *type,
294				      const char *description,
295				      const void *payload,
296				      size_t plen,
297				      key_perm_t perm,
298				      unsigned long flags);
299
300extern int key_update(key_ref_t key,
301		      const void *payload,
302		      size_t plen);
303
304extern int key_link(struct key *keyring,
305		    struct key *key);
306
307extern int key_unlink(struct key *keyring,
308		      struct key *key);
309
310extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
311				 const struct cred *cred,
312				 key_perm_t perm,
313				 unsigned long flags,
314				 struct key_restriction *restrict_link,
315				 struct key *dest);
316
317extern int restrict_link_reject(struct key *keyring,
318				const struct key_type *type,
319				const union key_payload *payload,
320				struct key *restriction_key);
321
322extern int keyring_clear(struct key *keyring);
323
324extern key_ref_t keyring_search(key_ref_t keyring,
325				struct key_type *type,
326				const char *description);
327
328extern int keyring_add_key(struct key *keyring,
329			   struct key *key);
330
331extern int keyring_restrict(key_ref_t keyring, const char *type,
332			    const char *restriction);
333
334extern struct key *key_lookup(key_serial_t id);
335
336static inline key_serial_t key_serial(const struct key *key)
337{
338	return key ? key->serial : 0;
339}
340
341extern void key_set_timeout(struct key *, unsigned);
342
343/*
344 * The permissions required on a key that we're looking up.
345 */
346#define	KEY_NEED_VIEW	0x01	/* Require permission to view attributes */
347#define	KEY_NEED_READ	0x02	/* Require permission to read content */
348#define	KEY_NEED_WRITE	0x04	/* Require permission to update / modify */
349#define	KEY_NEED_SEARCH	0x08	/* Require permission to search (keyring) or find (key) */
350#define	KEY_NEED_LINK	0x10	/* Require permission to link */
351#define	KEY_NEED_SETATTR 0x20	/* Require permission to change attributes */
352#define	KEY_NEED_ALL	0x3f	/* All the above permissions */
353
354/**
355 * key_is_instantiated - Determine if a key has been positively instantiated
356 * @key: The key to check.
357 *
358 * Return true if the specified key has been positively instantiated, false
359 * otherwise.
360 */
361static inline bool key_is_instantiated(const struct key *key)
362{
363	return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
364		!test_bit(KEY_FLAG_NEGATIVE, &key->flags);
365}
366
367#define dereference_key_rcu(KEY)					\
368	(rcu_dereference((KEY)->payload.rcu_data0))
369
370#define dereference_key_locked(KEY)					\
371	(rcu_dereference_protected((KEY)->payload.rcu_data0,		\
372				   rwsem_is_locked(&((struct key *)(KEY))->sem)))
373
374#define rcu_assign_keypointer(KEY, PAYLOAD)				\
375do {									\
376	rcu_assign_pointer((KEY)->payload.rcu_data0, (PAYLOAD));	\
377} while (0)
378
379#ifdef CONFIG_SYSCTL
380extern struct ctl_table key_sysctls[];
381#endif
382/*
383 * the userspace interface
384 */
385extern int install_thread_keyring_to_cred(struct cred *cred);
386extern void key_fsuid_changed(struct task_struct *tsk);
387extern void key_fsgid_changed(struct task_struct *tsk);
388extern void key_init(void);
389
390#else /* CONFIG_KEYS */
391
392#define key_validate(k)			0
393#define key_serial(k)			0
394#define key_get(k) 			({ NULL; })
395#define key_revoke(k)			do { } while(0)
396#define key_invalidate(k)		do { } while(0)
397#define key_put(k)			do { } while(0)
398#define key_ref_put(k)			do { } while(0)
399#define make_key_ref(k, p)		NULL
400#define key_ref_to_ptr(k)		NULL
401#define is_key_possessed(k)		0
402#define key_fsuid_changed(t)		do { } while(0)
403#define key_fsgid_changed(t)		do { } while(0)
404#define key_init()			do { } while(0)
405
406#endif /* CONFIG_KEYS */
407#endif /* __KERNEL__ */
408#endif /* _LINUX_KEY_H */