sys/linux: update fscrypt descriptions

- Add fscrypt_add_key_arg::key_id and "fscrypt-provisioning" key type
  (Linux 5.6, https://git.kernel.org/linus/93edd392cad7)

- Add FS_IOC_GET_ENCRYPTION_NONCE
  (Linux 5.7, https://git.kernel.org/linus/e98ad464750c)

- Add FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32
  (Linux 5.8, https://git.kernel.org/linus/e3b1078bedd3)

8 files changed, 26 insertions, 2 deletions

diff --git a/sys/linux/fscrypt.txt b/sys/linux/fscrypt.txt
index 78eef2c8e..4e48fc2ff 100644
--- a/sys/linux/fscrypt.txt
+++ b/sys/linux/fscrypt.txt
@@ -14,6 +14,7 @@ ioctl$FS_IOC_ADD_ENCRYPTION_KEY(fd fd, cmd const[FS_IOC_ADD_ENCRYPTION_KEY], arg
 ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(fd fd, cmd const[FS_IOC_REMOVE_ENCRYPTION_KEY], arg ptr[inout, fscrypt_remove_key_arg])
 ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(fd fd, cmd const[FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS], arg ptr[inout, fscrypt_remove_key_arg])
 ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(fd fd, cmd const[FS_IOC_GET_ENCRYPTION_KEY_STATUS], arg ptr[inout, fscrypt_get_key_status_arg])
+ioctl$FS_IOC_GET_ENCRYPTION_NONCE(fd fd, cmd const[FS_IOC_GET_ENCRYPTION_NONCE], arg ptr[out, array[int8, 16]])
 
 type fscrypt_key_descriptor array[int8, FSCRYPT_KEY_DESCRIPTOR_SIZE]
 type fscrypt_key_identifier array[int8, FSCRYPT_KEY_IDENTIFIER_SIZE]
@@ -49,7 +50,7 @@ type fscrypt_policy_mode_t[CONTENTS, FILENAMES] {
 	filenames_encryption_mode	const[FILENAMES, int8]
 }
 
-fscrypt_policy_flags = FSCRYPT_POLICY_FLAGS_PAD_4, FSCRYPT_POLICY_FLAGS_PAD_8, FSCRYPT_POLICY_FLAGS_PAD_16, FSCRYPT_POLICY_FLAGS_PAD_32, FSCRYPT_POLICY_FLAG_DIRECT_KEY, FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64
+fscrypt_policy_flags = FSCRYPT_POLICY_FLAGS_PAD_4, FSCRYPT_POLICY_FLAGS_PAD_8, FSCRYPT_POLICY_FLAGS_PAD_16, FSCRYPT_POLICY_FLAGS_PAD_32, FSCRYPT_POLICY_FLAG_DIRECT_KEY, FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32
 
 fscrypt_get_policy_ex_arg {
 	policy_size	len[policy, int64]
@@ -71,10 +72,17 @@ fscrypt_key_specifier_payload [
 	identifier	fscrypt_key_identifier
 ]
 
+fscrypt_provisioning_key_payload {
+	type		flags[fscrypt_key_specifier_type, int32]
+	reserved	const[0, int32]
+	raw		array[int8]
+}
+
 fscrypt_add_key_arg {
 	key_spec	fscrypt_key_specifier
 	raw_size	len[raw, int32]
-	reserved	array[const[0, int32], 9]
+	key_id		fscrypt_provisioning_key[opt]
+	reserved	array[const[0, int32], 8]
 	raw		array[int8]
 }
 
diff --git a/sys/linux/fscrypt_386.const b/sys/linux/fscrypt_386.const
index d3d854769..533525ee0 100644
--- a/sys/linux/fscrypt_386.const
+++ b/sys/linux/fscrypt_386.const
@@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3
 FSCRYPT_POLICY_FLAGS_PAD_4 = 0
 FSCRYPT_POLICY_FLAGS_PAD_8 = 1
 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4
+FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16
 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8
 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487
 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218
+FS_IOC_GET_ENCRYPTION_NONCE = 2148558363
 FS_IOC_GET_ENCRYPTION_POLICY = 1074554389
 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430
 FS_IOC_GET_ENCRYPTION_PWSALT = 1074816532
diff --git a/sys/linux/fscrypt_amd64.const b/sys/linux/fscrypt_amd64.const
index 6fa8feffb..f743b1bd7 100644
--- a/sys/linux/fscrypt_amd64.const
+++ b/sys/linux/fscrypt_amd64.const
@@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3
 FSCRYPT_POLICY_FLAGS_PAD_4 = 0
 FSCRYPT_POLICY_FLAGS_PAD_8 = 1
 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4
+FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16
 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8
 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487
 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218
+FS_IOC_GET_ENCRYPTION_NONCE = 2148558363
 FS_IOC_GET_ENCRYPTION_POLICY = 1074554389
 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430
 FS_IOC_GET_ENCRYPTION_PWSALT = 1074816532
diff --git a/sys/linux/fscrypt_arm.const b/sys/linux/fscrypt_arm.const
index d3d854769..533525ee0 100644
--- a/sys/linux/fscrypt_arm.const
+++ b/sys/linux/fscrypt_arm.const
@@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3
 FSCRYPT_POLICY_FLAGS_PAD_4 = 0
 FSCRYPT_POLICY_FLAGS_PAD_8 = 1
 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4
+FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16
 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8
 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487
 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218
+FS_IOC_GET_ENCRYPTION_NONCE = 2148558363
 FS_IOC_GET_ENCRYPTION_POLICY = 1074554389
 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430
 FS_IOC_GET_ENCRYPTION_PWSALT = 1074816532
diff --git a/sys/linux/fscrypt_arm64.const b/sys/linux/fscrypt_arm64.const
index 3bbe2589a..92d07b098 100644
--- a/sys/linux/fscrypt_arm64.const
+++ b/sys/linux/fscrypt_arm64.const
@@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3
 FSCRYPT_POLICY_FLAGS_PAD_4 = 0
 FSCRYPT_POLICY_FLAGS_PAD_8 = 1
 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4
+FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16
 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8
 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487
 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218
+FS_IOC_GET_ENCRYPTION_NONCE = 2148558363
 FS_IOC_GET_ENCRYPTION_POLICY = 1074554389
 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430
 FS_IOC_GET_ENCRYPTION_PWSALT = 1074816532
diff --git a/sys/linux/fscrypt_mips64le.const b/sys/linux/fscrypt_mips64le.const
index 53f3819d2..05f173c34 100644
--- a/sys/linux/fscrypt_mips64le.const
+++ b/sys/linux/fscrypt_mips64le.const
@@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3
 FSCRYPT_POLICY_FLAGS_PAD_4 = 0
 FSCRYPT_POLICY_FLAGS_PAD_8 = 1
 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4
+FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16
 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8
 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487
 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218
+FS_IOC_GET_ENCRYPTION_NONCE = 1074816539
 FS_IOC_GET_ENCRYPTION_POLICY = 2148296213
 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430
 FS_IOC_GET_ENCRYPTION_PWSALT = 2148558356
diff --git a/sys/linux/fscrypt_ppc64le.const b/sys/linux/fscrypt_ppc64le.const
index caf432ec9..40d63abef 100644
--- a/sys/linux/fscrypt_ppc64le.const
+++ b/sys/linux/fscrypt_ppc64le.const
@@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3
 FSCRYPT_POLICY_FLAGS_PAD_4 = 0
 FSCRYPT_POLICY_FLAGS_PAD_8 = 1
 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4
+FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16
 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8
 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487
 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218
+FS_IOC_GET_ENCRYPTION_NONCE = 1074816539
 FS_IOC_GET_ENCRYPTION_POLICY = 2148296213
 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430
 FS_IOC_GET_ENCRYPTION_PWSALT = 2148558356
diff --git a/sys/linux/key.txt b/sys/linux/key.txt
index 8cb29fff2..9001bdd20 100644
--- a/sys/linux/key.txt
+++ b/sys/linux/key.txt
@@ -15,9 +15,13 @@ resource keyring[key]: KEY_SPEC_THREAD_KEYRING, KEY_SPEC_PROCESS_KEYRING, KEY_SP
 # key of type "user"
 resource user_key[key]
 
+# key of type "fscrypt-provisioning"
+resource fscrypt_provisioning_key[key]
+
 add_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], payload ptr[in, array[int8], opt], paylen len[payload], keyring keyring[opt]) key
 add_key$keyring(type ptr[in, string["keyring"]], desc ptr[in, key_desc], payload const[0], paylen const[0], keyring keyring[opt]) keyring
 add_key$user(type ptr[in, string["user"]], desc ptr[in, key_desc], payload buffer[in], paylen len[payload], keyring keyring[opt]) user_key
+add_key$fscrypt_provisioning(type ptr[in, string["fscrypt-provisioning"]], desc ptr[in, key_desc], payload ptr[in, fscrypt_provisioning_key_payload], paylen len[payload], keyring keyring[opt]) fscrypt_provisioning_key
 request_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], callout ptr[in, string], keyring keyring[opt]) key
 keyctl$get_keyring_id(code const[KEYCTL_GET_KEYRING_ID], key key, create intptr)
 keyctl$join(code const[KEYCTL_JOIN_SESSION_KEYRING], session ptr[in, key_desc, opt])