2 * kernel keyring utilities
4 * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2016-2021 Ondrej Kozina
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 #include <sys/syscall.h>
28 #include "libcryptsetup.h"
29 #include "utils_keyring.h"
31 #ifndef HAVE_KEY_SERIAL_T
32 #define HAVE_KEY_SERIAL_T
33 typedef int32_t key_serial_t;
37 # define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
44 const char *type_name;
46 { LOGON_KEY, "logon" },
50 #include <linux/keyctl.h>
53 static key_serial_t request_key(const char *type,
54 const char *description,
55 const char *callout_info,
58 return syscall(__NR_request_key, type, description, callout_info, keyring);
62 static key_serial_t add_key(const char *type,
63 const char *description,
68 return syscall(__NR_add_key, type, description, payload, plen, keyring);
72 static long keyctl_read(key_serial_t key, char *buffer, size_t buflen)
74 return syscall(__NR_keyctl, KEYCTL_READ, key, buffer, buflen);
78 static long keyctl_revoke(key_serial_t key)
80 return syscall(__NR_keyctl, KEYCTL_REVOKE, key);
84 static long keyctl_unlink(key_serial_t key, key_serial_t keyring)
86 return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring);
90 int keyring_check(void)
93 /* logon type key descriptions must be in format "prefix:description" */
94 return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS;
100 int keyring_add_key_in_thread_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size)
102 #ifdef KERNEL_KEYRING
104 const char *type_name = key_type_name(ktype);
106 if (!type_name || !key_desc)
109 kid = add_key(type_name, key_desc, key, key_size, KEY_SPEC_THREAD_KEYRING);
119 /* currently used in client utilities only */
120 int keyring_add_key_in_user_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size)
122 #ifdef KERNEL_KEYRING
123 const char *type_name = key_type_name(ktype);
126 if (!type_name || !key_desc)
129 kid = add_key(type_name, key_desc, key, key_size, KEY_SPEC_USER_KEYRING);
139 /* alias for the same code */
140 int keyring_get_key(const char *key_desc,
144 return keyring_get_passphrase(key_desc, key, key_size);
147 int keyring_get_passphrase(const char *key_desc,
149 size_t *passphrase_len)
151 #ifdef KERNEL_KEYRING
159 kid = request_key(key_type_name(USER_KEY), key_desc, NULL, 0);
160 while (kid < 0 && errno == EINTR);
165 /* just get payload size */
166 ret = keyctl_read(kid, NULL, 0);
173 /* retrieve actual payload data */
174 ret = keyctl_read(kid, buf, len);
180 crypt_safe_memzero(buf, len);
186 *passphrase_len = len;
194 static int keyring_revoke_and_unlink_key_type(const char *type_name, const char *key_desc)
196 #ifdef KERNEL_KEYRING
199 if (!type_name || !key_desc)
203 kid = request_key(type_name, key_desc, NULL, 0);
204 while (kid < 0 && errno == EINTR);
209 if (keyctl_revoke(kid))
213 * best effort only. the key could have been linked
214 * in some other keyring and its payload is now
217 keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING);
218 keyctl_unlink(kid, KEY_SPEC_PROCESS_KEYRING);
219 keyctl_unlink(kid, KEY_SPEC_USER_KEYRING);
227 const char *key_type_name(key_type_t type)
229 #ifdef KERNEL_KEYRING
232 for (i = 0; i < ARRAY_SIZE(key_types); i++)
233 if (type == key_types[i].type)
234 return key_types[i].type_name;
239 int keyring_revoke_and_unlink_key(key_type_t ktype, const char *key_desc)
241 return keyring_revoke_and_unlink_key_type(key_type_name(ktype), key_desc);