| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The interface has significantly changed since the first version.
Update to the upstreammed interface.
Fixes #3030
|
| |
|
|
|
|
|
| |
Add a syscall "add_key$fscrypt_v1" which describes the old way of adding
fscrypt keys. Previously only the new way (FS_IOC_ADD_ENCRYPTION_KEY)
was described. Keys added by "add_key$fscrypt_v1" can be referred to
later in the fscrypt_policy_v1 passed to FS_IOC_SET_ENCRYPTION_POLICY.
|
| |
|
|
|
|
|
|
|
|
|
| |
- Add fscrypt_add_key_arg::key_id and "fscrypt-provisioning" key type
(Linux 5.6, https://git.kernel.org/linus/93edd392cad7)
- Add FS_IOC_GET_ENCRYPTION_NONCE
(Linux 5.7, https://git.kernel.org/linus/e98ad464750c)
- Add FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32
(Linux 5.8, https://git.kernel.org/linus/e3b1078bedd3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure that we don't have conflicting sizes for the same argument
of the same syscall, e.g.:
foo$1(a int16)
foo$2(a int32)
This is useful for several reasons:
- we will be able avoid morphing syscalls into other syscalls
- we will be able to figure out more precise sizes for args
(lots of them are implicitly intptr, which is the largest
type on most important arches)
- found few bugs in linux descriptions
Update #477
Update #502
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update descriptions to be compatible with latest linux-next
(next-20190715), which in theory will match v5.3-rc1 when the merge
window closes.
- KEYCTL_GRANT_PERMISSION was reverted. So remove its description.
- CRYPTO_ALG_TYPE_DIGEST was removed. So remove its description.
- IB_QP_CREATE_SIGNATURE_EN was renamed to IB_QP_CREATE_INTEGRITY_EN.
Also remove the sys/linux/rdma_*.const files which were incorrectly
checked into git. The real copies of those files are in
sys/linux/dev_infiniband_rdma_*.const.
For now I did *not* check for other new APIs that need to be described.
|
| |
|
|
|
|
|
|
| |
- Add KEYCTL_MOVE (new in v5.3)
- Add KEYCTL_CAPABILITIES (new in v5.3)
- Add KEYCTL_GRANT_PERMISSION (new in v5.3)
- Remove KEY_PERM_UNDEF (was only ever in an internal kernel header,
not in UAPI; removed in v5.3)
|
| |
|
|
| |
Use the len paths to resolve pending TODOs.
|
| |
|
|
|
|
|
|
|
|
|
| |
Ptr type has special handling of direction (pointers are always input).
But buffer type missed this special case all the time.
Make buffer less special by aliasing to the ptr[array[int8]] type.
As the result buffer type can't have optional trailing "opt" attribute
because we don't have such support for templates yet.
Change such cases to use ptr type directly.
Fixes #1097
|
| | |
|
| | |
|
| |
|
|
|
| |
Mark output resources as opt in preparation for more
precise constructor calculation.
|
| | |
|
| |
|
|
|
|
|
| |
KEYCTL_DH_COMPUTE used the old fixed list of algorithm names.
Use the new code for algorithm generation.
+ it needs only SHASH algs, but we passed in all alg names.
Pass only SHASH algs.
|
| |
|
|
|
| |
Add a definition for keyctl_restrict_keyring(), which was added in the
v4.12 kernel.
|
| |
|
|
|
|
| |
Add a definition for keyctl_dh_compute(), which was added in the v4.7
kernel, then in the v4.12 kernel extended to take in an optional
'keyctl_kdf_params' argument. (Requires CONFIG_KEY_DH_OPERATIONS=y.)
|
| |
|
|
|
|
|
|
|
|
|
| |
Many functions in the keys API take in an ID parameter that is expected
to refer to a keyring, not to any key. Therefore, define a resource
subtype 'keyring' which can be created by add_key("keyring", ...) or by
using one of the special keyring IDs.
Also define a resource subtype 'user_key', since we'll be adding a
definition for KEYCTL_DH_COMPUTE which takes in a struct containing
"user" key IDs.
|
| |
|
|
|
|
|
| |
Add to key.txt all key types that currently might be present in the
kernel. It was missing a few important ones such as "asymmetric", which
has a significant attack surface since the payloads are run through an
ASN.1 decoder.
|
| |
|
