From 80e99b01d739cb73dfb817708671b8cf40d4f2b4 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 9 Jun 2020 15:42:39 -0700 Subject: sys/linux: update fscrypt descriptions - Add fscrypt_add_key_arg::key_id and "fscrypt-provisioning" key type (Linux 5.6, https://git.kernel.org/linus/93edd392cad7) - Add FS_IOC_GET_ENCRYPTION_NONCE (Linux 5.7, https://git.kernel.org/linus/e98ad464750c) - Add FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 (Linux 5.8, https://git.kernel.org/linus/e3b1078bedd3) --- sys/linux/fscrypt.txt | 12 ++++++++++-- sys/linux/fscrypt_386.const | 2 ++ sys/linux/fscrypt_amd64.const | 2 ++ sys/linux/fscrypt_arm.const | 2 ++ sys/linux/fscrypt_arm64.const | 2 ++ sys/linux/fscrypt_mips64le.const | 2 ++ sys/linux/fscrypt_ppc64le.const | 2 ++ sys/linux/key.txt | 4 ++++ 8 files changed, 26 insertions(+), 2 deletions(-) (limited to 'sys') diff --git a/sys/linux/fscrypt.txt b/sys/linux/fscrypt.txt index 78eef2c8e..4e48fc2ff 100644 --- a/sys/linux/fscrypt.txt +++ b/sys/linux/fscrypt.txt @@ -14,6 +14,7 @@ ioctl$FS_IOC_ADD_ENCRYPTION_KEY(fd fd, cmd const[FS_IOC_ADD_ENCRYPTION_KEY], arg ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(fd fd, cmd const[FS_IOC_REMOVE_ENCRYPTION_KEY], arg ptr[inout, fscrypt_remove_key_arg]) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(fd fd, cmd const[FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS], arg ptr[inout, fscrypt_remove_key_arg]) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(fd fd, cmd const[FS_IOC_GET_ENCRYPTION_KEY_STATUS], arg ptr[inout, fscrypt_get_key_status_arg]) +ioctl$FS_IOC_GET_ENCRYPTION_NONCE(fd fd, cmd const[FS_IOC_GET_ENCRYPTION_NONCE], arg ptr[out, array[int8, 16]]) type fscrypt_key_descriptor array[int8, FSCRYPT_KEY_DESCRIPTOR_SIZE] type fscrypt_key_identifier array[int8, FSCRYPT_KEY_IDENTIFIER_SIZE] @@ -49,7 +50,7 @@ type fscrypt_policy_mode_t[CONTENTS, FILENAMES] { filenames_encryption_mode const[FILENAMES, int8] } -fscrypt_policy_flags = FSCRYPT_POLICY_FLAGS_PAD_4, FSCRYPT_POLICY_FLAGS_PAD_8, FSCRYPT_POLICY_FLAGS_PAD_16, FSCRYPT_POLICY_FLAGS_PAD_32, FSCRYPT_POLICY_FLAG_DIRECT_KEY, FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 +fscrypt_policy_flags = FSCRYPT_POLICY_FLAGS_PAD_4, FSCRYPT_POLICY_FLAGS_PAD_8, FSCRYPT_POLICY_FLAGS_PAD_16, FSCRYPT_POLICY_FLAGS_PAD_32, FSCRYPT_POLICY_FLAG_DIRECT_KEY, FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 fscrypt_get_policy_ex_arg { policy_size len[policy, int64] @@ -71,10 +72,17 @@ fscrypt_key_specifier_payload [ identifier fscrypt_key_identifier ] +fscrypt_provisioning_key_payload { + type flags[fscrypt_key_specifier_type, int32] + reserved const[0, int32] + raw array[int8] +} + fscrypt_add_key_arg { key_spec fscrypt_key_specifier raw_size len[raw, int32] - reserved array[const[0, int32], 9] + key_id fscrypt_provisioning_key[opt] + reserved array[const[0, int32], 8] raw array[int8] } diff --git a/sys/linux/fscrypt_386.const b/sys/linux/fscrypt_386.const index d3d854769..533525ee0 100644 --- a/sys/linux/fscrypt_386.const +++ b/sys/linux/fscrypt_386.const @@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3 FSCRYPT_POLICY_FLAGS_PAD_4 = 0 FSCRYPT_POLICY_FLAGS_PAD_8 = 1 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4 +FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218 +FS_IOC_GET_ENCRYPTION_NONCE = 2148558363 FS_IOC_GET_ENCRYPTION_POLICY = 1074554389 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430 FS_IOC_GET_ENCRYPTION_PWSALT = 1074816532 diff --git a/sys/linux/fscrypt_amd64.const b/sys/linux/fscrypt_amd64.const index 6fa8feffb..f743b1bd7 100644 --- a/sys/linux/fscrypt_amd64.const +++ b/sys/linux/fscrypt_amd64.const @@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3 FSCRYPT_POLICY_FLAGS_PAD_4 = 0 FSCRYPT_POLICY_FLAGS_PAD_8 = 1 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4 +FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218 +FS_IOC_GET_ENCRYPTION_NONCE = 2148558363 FS_IOC_GET_ENCRYPTION_POLICY = 1074554389 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430 FS_IOC_GET_ENCRYPTION_PWSALT = 1074816532 diff --git a/sys/linux/fscrypt_arm.const b/sys/linux/fscrypt_arm.const index d3d854769..533525ee0 100644 --- a/sys/linux/fscrypt_arm.const +++ b/sys/linux/fscrypt_arm.const @@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3 FSCRYPT_POLICY_FLAGS_PAD_4 = 0 FSCRYPT_POLICY_FLAGS_PAD_8 = 1 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4 +FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218 +FS_IOC_GET_ENCRYPTION_NONCE = 2148558363 FS_IOC_GET_ENCRYPTION_POLICY = 1074554389 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430 FS_IOC_GET_ENCRYPTION_PWSALT = 1074816532 diff --git a/sys/linux/fscrypt_arm64.const b/sys/linux/fscrypt_arm64.const index 3bbe2589a..92d07b098 100644 --- a/sys/linux/fscrypt_arm64.const +++ b/sys/linux/fscrypt_arm64.const @@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3 FSCRYPT_POLICY_FLAGS_PAD_4 = 0 FSCRYPT_POLICY_FLAGS_PAD_8 = 1 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4 +FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218 +FS_IOC_GET_ENCRYPTION_NONCE = 2148558363 FS_IOC_GET_ENCRYPTION_POLICY = 1074554389 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430 FS_IOC_GET_ENCRYPTION_PWSALT = 1074816532 diff --git a/sys/linux/fscrypt_mips64le.const b/sys/linux/fscrypt_mips64le.const index 53f3819d2..05f173c34 100644 --- a/sys/linux/fscrypt_mips64le.const +++ b/sys/linux/fscrypt_mips64le.const @@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3 FSCRYPT_POLICY_FLAGS_PAD_4 = 0 FSCRYPT_POLICY_FLAGS_PAD_8 = 1 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4 +FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218 +FS_IOC_GET_ENCRYPTION_NONCE = 1074816539 FS_IOC_GET_ENCRYPTION_POLICY = 2148296213 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430 FS_IOC_GET_ENCRYPTION_PWSALT = 2148558356 diff --git a/sys/linux/fscrypt_ppc64le.const b/sys/linux/fscrypt_ppc64le.const index caf432ec9..40d63abef 100644 --- a/sys/linux/fscrypt_ppc64le.const +++ b/sys/linux/fscrypt_ppc64le.const @@ -13,9 +13,11 @@ FSCRYPT_POLICY_FLAGS_PAD_32 = 3 FSCRYPT_POLICY_FLAGS_PAD_4 = 0 FSCRYPT_POLICY_FLAGS_PAD_8 = 1 FSCRYPT_POLICY_FLAG_DIRECT_KEY = 4 +FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 = 16 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 = 8 FS_IOC_ADD_ENCRYPTION_KEY = 3226494487 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 3229640218 +FS_IOC_GET_ENCRYPTION_NONCE = 1074816539 FS_IOC_GET_ENCRYPTION_POLICY = 2148296213 FS_IOC_GET_ENCRYPTION_POLICY_EX = 3221841430 FS_IOC_GET_ENCRYPTION_PWSALT = 2148558356 diff --git a/sys/linux/key.txt b/sys/linux/key.txt index 8cb29fff2..9001bdd20 100644 --- a/sys/linux/key.txt +++ b/sys/linux/key.txt @@ -15,9 +15,13 @@ resource keyring[key]: KEY_SPEC_THREAD_KEYRING, KEY_SPEC_PROCESS_KEYRING, KEY_SP # key of type "user" resource user_key[key] +# key of type "fscrypt-provisioning" +resource fscrypt_provisioning_key[key] + add_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], payload ptr[in, array[int8], opt], paylen len[payload], keyring keyring[opt]) key add_key$keyring(type ptr[in, string["keyring"]], desc ptr[in, key_desc], payload const[0], paylen const[0], keyring keyring[opt]) keyring add_key$user(type ptr[in, string["user"]], desc ptr[in, key_desc], payload buffer[in], paylen len[payload], keyring keyring[opt]) user_key +add_key$fscrypt_provisioning(type ptr[in, string["fscrypt-provisioning"]], desc ptr[in, key_desc], payload ptr[in, fscrypt_provisioning_key_payload], paylen len[payload], keyring keyring[opt]) fscrypt_provisioning_key request_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], callout ptr[in, string], keyring keyring[opt]) key keyctl$get_keyring_id(code const[KEYCTL_GET_KEYRING_ID], key key, create intptr) keyctl$join(code const[KEYCTL_JOIN_SESSION_KEYRING], session ptr[in, key_desc, opt]) -- cgit mrf-deployment