1/* Authentication token and access key management
2 *
3 * Copyright (C) 2004, 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 *
12 * See Documentation/security/keys.txt for information on keys/keyrings.
13 */
14
15#ifndef _LINUX_KEY_H
16#define _LINUX_KEY_H
17
18#include <linux/types.h>
19#include <linux/list.h>
20#include <linux/rbtree.h>
21#include <linux/rcupdate.h>
22#include <linux/sysctl.h>
23#include <linux/rwsem.h>
24#include <linux/atomic.h>
25#include <linux/assoc_array.h>
26
27#ifdef __KERNEL__
28#include <linux/uidgid.h>
29
30/* key handle serial number */
31typedef int32_t key_serial_t;
32
33/* key handle permissions mask */
34typedef uint32_t key_perm_t;
35
36struct key;
37
38#ifdef CONFIG_KEYS
39
40#undef KEY_DEBUGGING
41
42#define KEY_POS_VIEW	0x01000000	/* possessor can view a key's attributes */
43#define KEY_POS_READ	0x02000000	/* possessor can read key payload / view keyring */
44#define KEY_POS_WRITE	0x04000000	/* possessor can update key payload / add link to keyring */
45#define KEY_POS_SEARCH	0x08000000	/* possessor can find a key in search / search a keyring */
46#define KEY_POS_LINK	0x10000000	/* possessor can create a link to a key/keyring */
47#define KEY_POS_SETATTR	0x20000000	/* possessor can set key attributes */
48#define KEY_POS_ALL	0x3f000000
49
50#define KEY_USR_VIEW	0x00010000	/* user permissions... */
51#define KEY_USR_READ	0x00020000
52#define KEY_USR_WRITE	0x00040000
53#define KEY_USR_SEARCH	0x00080000
54#define KEY_USR_LINK	0x00100000
55#define KEY_USR_SETATTR	0x00200000
56#define KEY_USR_ALL	0x003f0000
57
58#define KEY_GRP_VIEW	0x00000100	/* group permissions... */
59#define KEY_GRP_READ	0x00000200
60#define KEY_GRP_WRITE	0x00000400
61#define KEY_GRP_SEARCH	0x00000800
62#define KEY_GRP_LINK	0x00001000
63#define KEY_GRP_SETATTR	0x00002000
64#define KEY_GRP_ALL	0x00003f00
65
66#define KEY_OTH_VIEW	0x00000001	/* third party permissions... */
67#define KEY_OTH_READ	0x00000002
68#define KEY_OTH_WRITE	0x00000004
69#define KEY_OTH_SEARCH	0x00000008
70#define KEY_OTH_LINK	0x00000010
71#define KEY_OTH_SETATTR	0x00000020
72#define KEY_OTH_ALL	0x0000003f
73
74#define KEY_PERM_UNDEF	0xffffffff
75
76struct seq_file;
77struct user_struct;
78struct signal_struct;
79struct cred;
80
81struct key_type;
82struct key_owner;
83struct keyring_list;
84struct keyring_name;
85
86struct keyring_index_key {
87	struct key_type		*type;
88	const char		*description;
89	size_t			desc_len;
90};
91
92union key_payload {
93	void __rcu		*rcu_data0;
94	void			*data[4];
95};
96
97/*****************************************************************************/
98/*
99 * key reference with possession attribute handling
100 *
101 * NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
102 * defined. This is because we abuse the bottom bit of the reference to carry a
103 * flag to indicate whether the calling process possesses that key in one of
104 * its keyrings.
105 *
106 * the key_ref_t has been made a separate type so that the compiler can reject
107 * attempts to dereference it without proper conversion.
108 *
109 * the three functions are used to assemble and disassemble references
110 */
111typedef struct __key_reference_with_attributes *key_ref_t;
112
113static inline key_ref_t make_key_ref(const struct key *key,
114				     bool possession)
115{
116	return (key_ref_t) ((unsigned long) key | possession);
117}
118
119static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
120{
121	return (struct key *) ((unsigned long) key_ref & ~1UL);
122}
123
124static inline bool is_key_possessed(const key_ref_t key_ref)
125{
126	return (unsigned long) key_ref & 1UL;
127}
128
129/*****************************************************************************/
130/*
131 * authentication token / access credential / keyring
132 * - types of key include:
133 *   - keyrings
134 *   - disk encryption IDs
135 *   - Kerberos TGTs and tickets
136 */
137struct key {
138	atomic_t		usage;		/* number of references */
139	key_serial_t		serial;		/* key serial number */
140	union {
141		struct list_head graveyard_link;
142		struct rb_node	serial_node;
143	};
144	struct rw_semaphore	sem;		/* change vs change sem */
145	struct key_user		*user;		/* owner of this key */
146	void			*security;	/* security data for this key */
147	union {
148		time_t		expiry;		/* time at which key expires (or 0) */
149		time_t		revoked_at;	/* time at which key was revoked */
150	};
151	time_t			last_used_at;	/* last time used for LRU keyring discard */
152	kuid_t			uid;
153	kgid_t			gid;
154	key_perm_t		perm;		/* access permissions */
155	unsigned short		quotalen;	/* length added to quota */
156	unsigned short		datalen;	/* payload data length
157						 * - may not match RCU dereferenced payload
158						 * - payload should contain own length
159						 */
160
161#ifdef KEY_DEBUGGING
162	unsigned		magic;
163#define KEY_DEBUG_MAGIC		0x18273645u
164#define KEY_DEBUG_MAGIC_X	0xf8e9dacbu
165#endif
166
167	unsigned long		flags;		/* status flags (change with bitops) */
168#define KEY_FLAG_INSTANTIATED	0	/* set if key has been instantiated */
169#define KEY_FLAG_DEAD		1	/* set if key type has been deleted */
170#define KEY_FLAG_REVOKED	2	/* set if key had been revoked */
171#define KEY_FLAG_IN_QUOTA	3	/* set if key consumes quota */
172#define KEY_FLAG_USER_CONSTRUCT	4	/* set if key is being constructed in userspace */
173#define KEY_FLAG_NEGATIVE	5	/* set if key is negative */
174#define KEY_FLAG_ROOT_CAN_CLEAR	6	/* set if key can be cleared by root without permission */
175#define KEY_FLAG_INVALIDATED	7	/* set if key has been invalidated */
176#define KEY_FLAG_TRUSTED	8	/* set if key is trusted */
177#define KEY_FLAG_TRUSTED_ONLY	9	/* set if keyring only accepts links to trusted keys */
178#define KEY_FLAG_BUILTIN	10	/* set if key is builtin */
179#define KEY_FLAG_ROOT_CAN_INVAL	11	/* set if key can be invalidated by root without permission */
180
181	/* the key type and key description string
182	 * - the desc is used to match a key against search criteria
183	 * - it should be a printable string
184	 * - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
185	 */
186	union {
187		struct keyring_index_key index_key;
188		struct {
189			struct key_type	*type;		/* type of key */
190			char		*description;
191		};
192	};
193
194	/* key data
195	 * - this is used to hold the data actually used in cryptography or
196	 *   whatever
197	 */
198	union {
199		union key_payload payload;
200		struct {
201			/* Keyring bits */
202			struct list_head name_link;
203			struct assoc_array keys;
204		};
205		int reject_error;
206	};
207};
208
209extern struct key *key_alloc(struct key_type *type,
210			     const char *desc,
211			     kuid_t uid, kgid_t gid,
212			     const struct cred *cred,
213			     key_perm_t perm,
214			     unsigned long flags);
215
216
217#define KEY_ALLOC_IN_QUOTA	0x0000	/* add to quota, reject if would overrun */
218#define KEY_ALLOC_QUOTA_OVERRUN	0x0001	/* add to quota, permit even if overrun */
219#define KEY_ALLOC_NOT_IN_QUOTA	0x0002	/* not in quota */
220#define KEY_ALLOC_TRUSTED	0x0004	/* Key should be flagged as trusted */
221
222extern void key_revoke(struct key *key);
223extern void key_invalidate(struct key *key);
224extern void key_put(struct key *key);
225
226static inline struct key *__key_get(struct key *key)
227{
228	atomic_inc(&key->usage);
229	return key;
230}
231
232static inline struct key *key_get(struct key *key)
233{
234	return key ? __key_get(key) : key;
235}
236
237static inline void key_ref_put(key_ref_t key_ref)
238{
239	key_put(key_ref_to_ptr(key_ref));
240}
241
242extern struct key *request_key(struct key_type *type,
243			       const char *description,
244			       const char *callout_info);
245
246extern struct key *request_key_with_auxdata(struct key_type *type,
247					    const char *description,
248					    const void *callout_info,
249					    size_t callout_len,
250					    void *aux);
251
252extern struct key *request_key_async(struct key_type *type,
253				     const char *description,
254				     const void *callout_info,
255				     size_t callout_len);
256
257extern struct key *request_key_async_with_auxdata(struct key_type *type,
258						  const char *description,
259						  const void *callout_info,
260						  size_t callout_len,
261						  void *aux);
262
263extern int wait_for_key_construction(struct key *key, bool intr);
264
265extern int key_validate(const struct key *key);
266
267extern key_ref_t key_create_or_update(key_ref_t keyring,
268				      const char *type,
269				      const char *description,
270				      const void *payload,
271				      size_t plen,
272				      key_perm_t perm,
273				      unsigned long flags);
274
275extern int key_update(key_ref_t key,
276		      const void *payload,
277		      size_t plen);
278
279extern int key_link(struct key *keyring,
280		    struct key *key);
281
282extern int key_unlink(struct key *keyring,
283		      struct key *key);
284
285extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
286				 const struct cred *cred,
287				 key_perm_t perm,
288				 unsigned long flags,
289				 struct key *dest);
290
291extern int keyring_clear(struct key *keyring);
292
293extern key_ref_t keyring_search(key_ref_t keyring,
294				struct key_type *type,
295				const char *description);
296
297extern int keyring_add_key(struct key *keyring,
298			   struct key *key);
299
300extern struct key *key_lookup(key_serial_t id);
301
302static inline key_serial_t key_serial(const struct key *key)
303{
304	return key ? key->serial : 0;
305}
306
307extern void key_set_timeout(struct key *, unsigned);
308
309/*
310 * The permissions required on a key that we're looking up.
311 */
312#define	KEY_NEED_VIEW	0x01	/* Require permission to view attributes */
313#define	KEY_NEED_READ	0x02	/* Require permission to read content */
314#define	KEY_NEED_WRITE	0x04	/* Require permission to update / modify */
315#define	KEY_NEED_SEARCH	0x08	/* Require permission to search (keyring) or find (key) */
316#define	KEY_NEED_LINK	0x10	/* Require permission to link */
317#define	KEY_NEED_SETATTR 0x20	/* Require permission to change attributes */
318#define	KEY_NEED_ALL	0x3f	/* All the above permissions */
319
320/**
321 * key_is_instantiated - Determine if a key has been positively instantiated
322 * @key: The key to check.
323 *
324 * Return true if the specified key has been positively instantiated, false
325 * otherwise.
326 */
327static inline bool key_is_instantiated(const struct key *key)
328{
329	return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
330		!test_bit(KEY_FLAG_NEGATIVE, &key->flags);
331}
332
333#define rcu_dereference_key(KEY)					\
334	(rcu_dereference_protected((KEY)->payload.rcu_data0,		\
335				   rwsem_is_locked(&((struct key *)(KEY))->sem)))
336
337#define rcu_assign_keypointer(KEY, PAYLOAD)				\
338do {									\
339	rcu_assign_pointer((KEY)->payload.rcu_data0, (PAYLOAD));	\
340} while (0)
341
342#ifdef CONFIG_SYSCTL
343extern struct ctl_table key_sysctls[];
344#endif
345/*
346 * the userspace interface
347 */
348extern int install_thread_keyring_to_cred(struct cred *cred);
349extern void key_fsuid_changed(struct task_struct *tsk);
350extern void key_fsgid_changed(struct task_struct *tsk);
351extern void key_init(void);
352
353#else /* CONFIG_KEYS */
354
355#define key_validate(k)			0
356#define key_serial(k)			0
357#define key_get(k) 			({ NULL; })
358#define key_revoke(k)			do { } while(0)
359#define key_invalidate(k)		do { } while(0)
360#define key_put(k)			do { } while(0)
361#define key_ref_put(k)			do { } while(0)
362#define make_key_ref(k, p)		NULL
363#define key_ref_to_ptr(k)		NULL
364#define is_key_possessed(k)		0
365#define key_fsuid_changed(t)		do { } while(0)
366#define key_fsgid_changed(t)		do { } while(0)
367#define key_init()			do { } while(0)
368
369#endif /* CONFIG_KEYS */
370#endif /* __KERNEL__ */
371#endif /* _LINUX_KEY_H */
372