2 files changed, 21 insertions, 0 deletions

diff --git a/sys/linux/fs_ioctl_fscrypt.txt b/sys/linux/fs_ioctl_fscrypt.txt
index 781a63057..87c0c6f33 100644
--- a/sys/linux/fs_ioctl_fscrypt.txt
+++ b/sys/linux/fs_ioctl_fscrypt.txt
@@ -19,6 +19,24 @@ ioctl$FS_IOC_GET_ENCRYPTION_NONCE(fd fd, cmd const[FS_IOC_GET_ENCRYPTION_NONCE],
 type fscrypt_key_descriptor array[int8, FSCRYPT_KEY_DESCRIPTOR_SIZE]
 type fscrypt_key_identifier array[int8, FSCRYPT_KEY_IDENTIFIER_SIZE]
 
+# Below are the data structures needed to put keys for fscrypt_policy_v1 in the
+# regular Linux keyrings via the add_key() syscall.  Note that this part of the
+# API is deprecated in favor of FS_IOC_ADD_ENCRYPTION_KEY and fscrypt_policy_v2.
+
+fscrypt_v1_key_description {
+	prefix		stringnoz["fscrypt:"]
+	descriptor	array[flags[hex_chars, int8], 16]
+	nil		const[0, int8]
+}
+
+fscrypt_v1_key_payload {
+	mode	const[0, int32]
+	raw	array[int8, 64]
+	size	int32[16:64]
+}
+
+# Structs for the ioctls that get and set encryption policies
+
 fscrypt_policy_v1 {
 	version			const[0, int8]
 	modes			fscrypt_policy_modes
@@ -58,6 +76,8 @@ fscrypt_get_policy_ex_arg {
 	policy		array[const[0, int8]]
 }
 
+# Structs for the ioctls that manage keys in the filesystem-level keyring
+
 fscrypt_key_specifier {
 	type		flags[fscrypt_key_specifier_type, int32]
 	reserved	const[0, int32]
diff --git a/sys/linux/key.txt b/sys/linux/key.txt
index 9001bdd20..86ccaae29 100644
--- a/sys/linux/key.txt
+++ b/sys/linux/key.txt
@@ -22,6 +22,7 @@ add_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], payload ptr[in,
 add_key$keyring(type ptr[in, string["keyring"]], desc ptr[in, key_desc], payload const[0], paylen const[0], keyring keyring[opt]) keyring
 add_key$user(type ptr[in, string["user"]], desc ptr[in, key_desc], payload buffer[in], paylen len[payload], keyring keyring[opt]) user_key
 add_key$fscrypt_provisioning(type ptr[in, string["fscrypt-provisioning"]], desc ptr[in, key_desc], payload ptr[in, fscrypt_provisioning_key_payload], paylen len[payload], keyring keyring[opt]) fscrypt_provisioning_key
+add_key$fscrypt_v1(type ptr[in, string["logon"]], desc ptr[in, fscrypt_v1_key_description], payload ptr[in, fscrypt_v1_key_payload], paylen len[payload], keyring keyring[opt]) key
 request_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], callout ptr[in, string], keyring keyring[opt]) key
 keyctl$get_keyring_id(code const[KEYCTL_GET_KEYRING_ID], key key, create intptr)
 keyctl$join(code const[KEYCTL_JOIN_SESSION_KEYRING], session ptr[in, key_desc, opt])