diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-11-27 11:28:50 -0800 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-11-28 12:52:15 +0100 |
| commit | fd74f76fc53b1b7eaeec299b9454aac4230c68cf (patch) | |
| tree | 6b4cf2f67db0454cd47f7bf7a2967e0c4ff939a8 /sys/linux | |
| parent | 41774125d1340563b70dc512e089af74b61868af (diff) | |
sys/linux: describe old way of adding fscrypt keys
Add a syscall "add_key$fscrypt_v1" which describes the old way of adding
fscrypt keys. Previously only the new way (FS_IOC_ADD_ENCRYPTION_KEY)
was described. Keys added by "add_key$fscrypt_v1" can be referred to
later in the fscrypt_policy_v1 passed to FS_IOC_SET_ENCRYPTION_POLICY.
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/fs_ioctl_fscrypt.txt | 20 | ||||
| -rw-r--r-- | sys/linux/key.txt | 1 |
2 files changed, 21 insertions, 0 deletions
diff --git a/sys/linux/fs_ioctl_fscrypt.txt b/sys/linux/fs_ioctl_fscrypt.txt index 781a63057..87c0c6f33 100644 --- a/sys/linux/fs_ioctl_fscrypt.txt +++ b/sys/linux/fs_ioctl_fscrypt.txt @@ -19,6 +19,24 @@ ioctl$FS_IOC_GET_ENCRYPTION_NONCE(fd fd, cmd const[FS_IOC_GET_ENCRYPTION_NONCE], type fscrypt_key_descriptor array[int8, FSCRYPT_KEY_DESCRIPTOR_SIZE] type fscrypt_key_identifier array[int8, FSCRYPT_KEY_IDENTIFIER_SIZE] +# Below are the data structures needed to put keys for fscrypt_policy_v1 in the +# regular Linux keyrings via the add_key() syscall. Note that this part of the +# API is deprecated in favor of FS_IOC_ADD_ENCRYPTION_KEY and fscrypt_policy_v2. + +fscrypt_v1_key_description { + prefix stringnoz["fscrypt:"] + descriptor array[flags[hex_chars, int8], 16] + nil const[0, int8] +} + +fscrypt_v1_key_payload { + mode const[0, int32] + raw array[int8, 64] + size int32[16:64] +} + +# Structs for the ioctls that get and set encryption policies + fscrypt_policy_v1 { version const[0, int8] modes fscrypt_policy_modes @@ -58,6 +76,8 @@ fscrypt_get_policy_ex_arg { policy array[const[0, int8]] } +# Structs for the ioctls that manage keys in the filesystem-level keyring + fscrypt_key_specifier { type flags[fscrypt_key_specifier_type, int32] reserved const[0, int32] diff --git a/sys/linux/key.txt b/sys/linux/key.txt index 9001bdd20..86ccaae29 100644 --- a/sys/linux/key.txt +++ b/sys/linux/key.txt @@ -22,6 +22,7 @@ add_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], payload ptr[in, add_key$keyring(type ptr[in, string["keyring"]], desc ptr[in, key_desc], payload const[0], paylen const[0], keyring keyring[opt]) keyring add_key$user(type ptr[in, string["user"]], desc ptr[in, key_desc], payload buffer[in], paylen len[payload], keyring keyring[opt]) user_key add_key$fscrypt_provisioning(type ptr[in, string["fscrypt-provisioning"]], desc ptr[in, key_desc], payload ptr[in, fscrypt_provisioning_key_payload], paylen len[payload], keyring keyring[opt]) fscrypt_provisioning_key +add_key$fscrypt_v1(type ptr[in, string["logon"]], desc ptr[in, fscrypt_v1_key_description], payload ptr[in, fscrypt_v1_key_payload], paylen len[payload], keyring keyring[opt]) key request_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], callout ptr[in, string], keyring keyring[opt]) key keyctl$get_keyring_id(code const[KEYCTL_GET_KEYRING_ID], key key, create intptr) keyctl$join(code const[KEYCTL_JOIN_SESSION_KEYRING], session ptr[in, key_desc, opt]) |