xref: /openbmc/linux/security/keys/compat.c (revision 82df5b73)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* 32-bit compatibility syscall for 64-bit systems
3  *
4  * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #include <linux/syscalls.h>
9 #include <linux/keyctl.h>
10 #include <linux/compat.h>
11 #include <linux/slab.h>
12 #include "internal.h"
13 
14 /*
15  * Instantiate a key with the specified compatibility multipart payload and
16  * link the key into the destination keyring if one is given.
17  *
18  * The caller must have the appropriate instantiation permit set for this to
19  * work (see keyctl_assume_authority).  No other permissions are required.
20  *
21  * If successful, 0 will be returned.
22  */
23 static long compat_keyctl_instantiate_key_iov(
24 	key_serial_t id,
25 	const struct compat_iovec __user *_payload_iov,
26 	unsigned ioc,
27 	key_serial_t ringid)
28 {
29 	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
30 	struct iov_iter from;
31 	long ret;
32 
33 	if (!_payload_iov)
34 		ioc = 0;
35 
36 	ret = compat_import_iovec(WRITE, _payload_iov, ioc,
37 				  ARRAY_SIZE(iovstack), &iov,
38 				  &from);
39 	if (ret < 0)
40 		return ret;
41 
42 	ret = keyctl_instantiate_key_common(id, &from, ringid);
43 	kfree(iov);
44 	return ret;
45 }
46 
47 /*
48  * The key control system call, 32-bit compatibility version for 64-bit archs
49  */
50 COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
51 		       u32, arg2, u32, arg3, u32, arg4, u32, arg5)
52 {
53 	switch (option) {
54 	case KEYCTL_GET_KEYRING_ID:
55 		return keyctl_get_keyring_ID(arg2, arg3);
56 
57 	case KEYCTL_JOIN_SESSION_KEYRING:
58 		return keyctl_join_session_keyring(compat_ptr(arg2));
59 
60 	case KEYCTL_UPDATE:
61 		return keyctl_update_key(arg2, compat_ptr(arg3), arg4);
62 
63 	case KEYCTL_REVOKE:
64 		return keyctl_revoke_key(arg2);
65 
66 	case KEYCTL_DESCRIBE:
67 		return keyctl_describe_key(arg2, compat_ptr(arg3), arg4);
68 
69 	case KEYCTL_CLEAR:
70 		return keyctl_keyring_clear(arg2);
71 
72 	case KEYCTL_LINK:
73 		return keyctl_keyring_link(arg2, arg3);
74 
75 	case KEYCTL_UNLINK:
76 		return keyctl_keyring_unlink(arg2, arg3);
77 
78 	case KEYCTL_SEARCH:
79 		return keyctl_keyring_search(arg2, compat_ptr(arg3),
80 					     compat_ptr(arg4), arg5);
81 
82 	case KEYCTL_READ:
83 		return keyctl_read_key(arg2, compat_ptr(arg3), arg4);
84 
85 	case KEYCTL_CHOWN:
86 		return keyctl_chown_key(arg2, arg3, arg4);
87 
88 	case KEYCTL_SETPERM:
89 		return keyctl_setperm_key(arg2, arg3);
90 
91 	case KEYCTL_INSTANTIATE:
92 		return keyctl_instantiate_key(arg2, compat_ptr(arg3), arg4,
93 					      arg5);
94 
95 	case KEYCTL_NEGATE:
96 		return keyctl_negate_key(arg2, arg3, arg4);
97 
98 	case KEYCTL_SET_REQKEY_KEYRING:
99 		return keyctl_set_reqkey_keyring(arg2);
100 
101 	case KEYCTL_SET_TIMEOUT:
102 		return keyctl_set_timeout(arg2, arg3);
103 
104 	case KEYCTL_ASSUME_AUTHORITY:
105 		return keyctl_assume_authority(arg2);
106 
107 	case KEYCTL_GET_SECURITY:
108 		return keyctl_get_security(arg2, compat_ptr(arg3), arg4);
109 
110 	case KEYCTL_SESSION_TO_PARENT:
111 		return keyctl_session_to_parent();
112 
113 	case KEYCTL_REJECT:
114 		return keyctl_reject_key(arg2, arg3, arg4, arg5);
115 
116 	case KEYCTL_INSTANTIATE_IOV:
117 		return compat_keyctl_instantiate_key_iov(
118 			arg2, compat_ptr(arg3), arg4, arg5);
119 
120 	case KEYCTL_INVALIDATE:
121 		return keyctl_invalidate_key(arg2);
122 
123 	case KEYCTL_GET_PERSISTENT:
124 		return keyctl_get_persistent(arg2, arg3);
125 
126 	case KEYCTL_DH_COMPUTE:
127 		return compat_keyctl_dh_compute(compat_ptr(arg2),
128 						compat_ptr(arg3),
129 						arg4, compat_ptr(arg5));
130 
131 	case KEYCTL_RESTRICT_KEYRING:
132 		return keyctl_restrict_keyring(arg2, compat_ptr(arg3),
133 					       compat_ptr(arg4));
134 
135 	case KEYCTL_PKEY_QUERY:
136 		if (arg3 != 0)
137 			return -EINVAL;
138 		return keyctl_pkey_query(arg2,
139 					 compat_ptr(arg4),
140 					 compat_ptr(arg5));
141 
142 	case KEYCTL_PKEY_ENCRYPT:
143 	case KEYCTL_PKEY_DECRYPT:
144 	case KEYCTL_PKEY_SIGN:
145 		return keyctl_pkey_e_d_s(option,
146 					 compat_ptr(arg2), compat_ptr(arg3),
147 					 compat_ptr(arg4), compat_ptr(arg5));
148 
149 	case KEYCTL_PKEY_VERIFY:
150 		return keyctl_pkey_verify(compat_ptr(arg2), compat_ptr(arg3),
151 					  compat_ptr(arg4), compat_ptr(arg5));
152 
153 	case KEYCTL_MOVE:
154 		return keyctl_keyring_move(arg2, arg3, arg4, arg5);
155 
156 	case KEYCTL_CAPABILITIES:
157 		return keyctl_capabilities(compat_ptr(arg2), arg3);
158 
159 	case KEYCTL_WATCH_KEY:
160 		return keyctl_watch_key(arg2, arg3, arg4);
161 
162 	default:
163 		return -EOPNOTSUPP;
164 	}
165 }
166