sys/linux: describe old way of adding fscrypt keys

Add a syscall "add_key$fscrypt_v1" which describes the old way of adding
fscrypt keys.  Previously only the new way (FS_IOC_ADD_ENCRYPTION_KEY)
was described.  Keys added by "add_key$fscrypt_v1" can be referred to
later in the fscrypt_policy_v1 passed to FS_IOC_SET_ENCRYPTION_POLICY.

1 files changed, 20 insertions, 0 deletions

diff --git a/sys/linux/fs_ioctl_fscrypt.txt b/sys/linux/fs_ioctl_fscrypt.txt
index 781a63057..87c0c6f33 100644
--- a/sys/linux/fs_ioctl_fscrypt.txt
+++ b/sys/linux/fs_ioctl_fscrypt.txt
@@ -19,6 +19,24 @@ ioctl$FS_IOC_GET_ENCRYPTION_NONCE(fd fd, cmd const[FS_IOC_GET_ENCRYPTION_NONCE],
 type fscrypt_key_descriptor array[int8, FSCRYPT_KEY_DESCRIPTOR_SIZE]
 type fscrypt_key_identifier array[int8, FSCRYPT_KEY_IDENTIFIER_SIZE]
 
+# Below are the data structures needed to put keys for fscrypt_policy_v1 in the
+# regular Linux keyrings via the add_key() syscall.  Note that this part of the
+# API is deprecated in favor of FS_IOC_ADD_ENCRYPTION_KEY and fscrypt_policy_v2.
+
+fscrypt_v1_key_description {
+	prefix		stringnoz["fscrypt:"]
+	descriptor	array[flags[hex_chars, int8], 16]
+	nil		const[0, int8]
+}
+
+fscrypt_v1_key_payload {
+	mode	const[0, int32]
+	raw	array[int8, 64]
+	size	int32[16:64]
+}
+
+# Structs for the ioctls that get and set encryption policies
+
 fscrypt_policy_v1 {
 	version			const[0, int8]
 	modes			fscrypt_policy_modes
@@ -58,6 +76,8 @@ fscrypt_get_policy_ex_arg {
 	policy		array[const[0, int8]]
 }
 
+# Structs for the ioctls that manage keys in the filesystem-level keyring
+
 fscrypt_key_specifier {
 	type		flags[fscrypt_key_specifier_type, int32]
 	reserved	const[0, int32]