1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
# Copyright 2015 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <linux/key.h>
include <linux/keyctl.h>
include <uapi/linux/keyctl.h>
# key serial number (key_serial_t)
resource key[int32]: 0
# key of type "keyring". Note: for now we include KEY_SPEC_REQKEY_AUTH_KEY here
# since it should be listed somewhere, though it's not actually a keyring.
resource keyring[key]: KEY_SPEC_THREAD_KEYRING, KEY_SPEC_PROCESS_KEYRING, KEY_SPEC_SESSION_KEYRING, KEY_SPEC_USER_KEYRING, KEY_SPEC_USER_SESSION_KEYRING, KEY_SPEC_GROUP_KEYRING, KEY_SPEC_REQKEY_AUTH_KEY, KEY_SPEC_REQUESTOR_KEYRING
# key of type "user"
resource user_key[key]
# key of type "fscrypt-provisioning"
resource fscrypt_provisioning_key[key]
add_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], payload ptr[in, array[int8], opt], paylen len[payload], keyring keyring[opt]) key
add_key$keyring(type ptr[in, string["keyring"]], desc ptr[in, key_desc], payload const[0], paylen const[0], keyring keyring[opt]) keyring
add_key$user(type ptr[in, string["user"]], desc ptr[in, key_desc], payload buffer[in], paylen len[payload], keyring keyring[opt]) user_key
add_key$fscrypt_provisioning(type ptr[in, string["fscrypt-provisioning"]], desc ptr[in, key_desc], payload ptr[in, fscrypt_provisioning_key_payload], paylen len[payload], keyring keyring[opt]) fscrypt_provisioning_key
add_key$fscrypt_v1(type ptr[in, string["logon"]], desc ptr[in, fscrypt_v1_key_description], payload ptr[in, fscrypt_v1_key_payload], paylen len[payload], keyring keyring[opt]) key
request_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], callout ptr[in, string], keyring keyring[opt]) key
keyctl$get_keyring_id(code const[KEYCTL_GET_KEYRING_ID], key key, create intptr)
keyctl$join(code const[KEYCTL_JOIN_SESSION_KEYRING], session ptr[in, key_desc, opt])
keyctl$update(code const[KEYCTL_UPDATE], key key, payload ptr[in, array[int8], opt], paylen len[payload])
keyctl$revoke(code const[KEYCTL_REVOKE], key key)
keyctl$describe(code const[KEYCTL_DESCRIBE], key key, desc buffer[out], len len[desc])
keyctl$clear(code const[KEYCTL_CLEAR], keyring keyring)
keyctl$link(code const[KEYCTL_LINK], key key, keyring keyring)
keyctl$unlink(code const[KEYCTL_UNLINK], key key, keyring keyring)
keyctl$search(code const[KEYCTL_SEARCH], key key, type ptr[in, string[key_type]], desc ptr[in, key_desc], destination keyring)
keyctl$read(code const[KEYCTL_READ], key key, payload buffer[out], len len[payload])
keyctl$chown(code const[KEYCTL_CHOWN], key key, uid uid, gid gid)
# perm is a mask of KEY_POS_VIEW, etc consants, but they cover almost whole int32.
keyctl$setperm(code const[KEYCTL_SETPERM], key key, perm flags[key_perm])
keyctl$instantiate(code const[KEYCTL_INSTANTIATE], key key, payload ptr[in, key_instantiate_payload, opt], paylen len[payload], keyring keyring[opt])
keyctl$negate(code const[KEYCTL_NEGATE], key key, timeout intptr, keyring keyring)
keyctl$set_reqkey_keyring(code const[KEYCTL_SET_REQKEY_KEYRING], reqkey flags[reqkey_keyring])
keyctl$set_timeout(code const[KEYCTL_SET_TIMEOUT], key key, timeout intptr)
keyctl$assume_authority(code const[KEYCTL_ASSUME_AUTHORITY], key key)
keyctl$get_security(code const[KEYCTL_GET_SECURITY], key key, label buffer[out], len len[label])
keyctl$session_to_parent(code const[KEYCTL_SESSION_TO_PARENT])
keyctl$reject(code const[KEYCTL_REJECT], key key, timeout intptr, error intptr, keyring keyring)
keyctl$instantiate_iov(code const[KEYCTL_INSTANTIATE_IOV], key key, payload ptr[in, array[iovec_in]], len len[payload], ring key)
keyctl$invalidate(code const[KEYCTL_INVALIDATE], key key)
keyctl$get_persistent(code const[KEYCTL_GET_PERSISTENT], uid uid, keyring keyring)
keyctl$dh_compute(code const[KEYCTL_DH_COMPUTE], params ptr[in, keyctl_dh_params], buffer buffer[out], buflen len[buffer], kdf ptr[in, keyctl_kdf_params, opt])
keyctl$restrict_keyring(code const[KEYCTL_RESTRICT_KEYRING], keyring keyring, type ptr[in, string[key_type], opt], restriction ptr[in, string, opt])
keyctl$KEYCTL_PKEY_QUERY(code const[KEYCTL_PKEY_QUERY], key key, arg3 const[0], info ptr[in, string], query ptr[out, array[int8, KEYCTL_PKEY_QUERY_SIZE]])
keyctl$KEYCTL_PKEY_ENCRYPT(code const[KEYCTL_PKEY_ENCRYPT], params ptr[in, keyctl_pkey_params], info ptr[in, keyctl_pkey_info, opt], inout ptr[in, array[int8]], output ptr[out, array[int8]])
keyctl$KEYCTL_PKEY_DECRYPT(code const[KEYCTL_PKEY_DECRYPT], params ptr[in, keyctl_pkey_params], info ptr[in, keyctl_pkey_info, opt], inout ptr[in, array[int8]], output ptr[out, array[int8]])
keyctl$KEYCTL_PKEY_SIGN(code const[KEYCTL_PKEY_SIGN], params ptr[in, keyctl_pkey_params], info ptr[in, keyctl_pkey_info, opt], inout ptr[in, array[int8]], output ptr[out, array[int8]])
keyctl$KEYCTL_PKEY_VERIFY(code const[KEYCTL_PKEY_VERIFY], params ptr[in, keyctl_pkey_params], info ptr[in, keyctl_pkey_info, opt], inout ptr[in, array[int8]], output ptr[in, array[int8]])
keyctl$KEYCTL_RESTRICT_KEYRING(code const[KEYCTL_RESTRICT_KEYRING], key key, type ptr[in, string[key_type], opt], restriction ptr[in, key_restriction, opt])
keyctl$KEYCTL_MOVE(code const[KEYCTL_MOVE], key key, from_keyring keyring, to_keyring keyring, flags flags[keyctl_move_flags])
keyctl$KEYCTL_CAPABILITIES(code const[KEYCTL_CAPABILITIES], buffer ptr[out, array[int8]], buflen len[buffer])
keyctl$KEYCTL_WATCH_KEY(code const[KEYCTL_WATCH_KEY], id key, watch_queue_fd fd_watch_queue, watch_id intptr[0:0xff])
reqkey_keyring = KEY_REQKEY_DEFL_NO_CHANGE, KEY_REQKEY_DEFL_DEFAULT, KEY_REQKEY_DEFL_THREAD_KEYRING, KEY_REQKEY_DEFL_PROCESS_KEYRING, KEY_REQKEY_DEFL_SESSION_KEYRING, KEY_REQKEY_DEFL_USER_KEYRING, KEY_REQKEY_DEFL_USER_SESSION_KEYRING, KEY_REQKEY_DEFL_GROUP_KEYRING, KEY_REQKEY_DEFL_REQUESTOR_KEYRING
keyctl_move_flags = KEYCTL_MOVE_EXCL
key_perm = KEY_POS_VIEW, KEY_POS_READ, KEY_POS_WRITE, KEY_POS_SEARCH, KEY_POS_LINK, KEY_POS_SETATTR, KEY_USR_VIEW, KEY_USR_READ, KEY_USR_WRITE, KEY_USR_SEARCH, KEY_USR_LINK, KEY_USR_SETATTR, KEY_GRP_VIEW, KEY_GRP_READ, KEY_GRP_WRITE, KEY_GRP_SEARCH, KEY_GRP_LINK, KEY_GRP_SETATTR, KEY_OTH_VIEW, KEY_OTH_READ, KEY_OTH_WRITE, KEY_OTH_SEARCH, KEY_OTH_LINK, KEY_OTH_SETATTR
key_type = "asymmetric", "big_key", "blacklist", "ceph", "cifs.idmap", "cifs.spnego", ".dead", "dns_resolver", "encrypted", "id_legacy", "id_resolver", "keyring", "logon", "pkcs7_test", ".request_key_auth", "rxrpc", "rxrpc_s", "syzkaller", "trusted", "user"
# "syzP\x00"
key_desc {
prefix stringnoz["syz"]
id proc[' ', 4, int8]
z const[0, int8]
}
keyctl_dh_params {
private user_key
prime user_key
base user_key
}
keyctl_kdf_params {
hashname ptr[in, alg_hash_name]
otherinfo ptr[in, array[int8], opt]
otherinfolen len[otherinfo, int32]
__spare array[const[0, int32], 8]
}
key_instantiate_payload [
encrypted_new key_encrypted_new
encrypted_load key_encrypted_load
encrypted_update key_encrypted_update
] [varlen]
key_encrypted_new {
cmd stringnoz["new "]
format stringnoz[key_encrypted_format]
sp0 const[' ', int8]
key_type stringnoz[key_encrypted_key_type]
key_desc stringnoz
sp1 const[' ', int8]
datalen fmt[dec, int64]
z const[0, int8]
} [packed]
key_encrypted_load {
cmd stringnoz["load "]
format stringnoz[key_encrypted_format]
sp0 const[' ', int8]
key_type stringnoz[key_encrypted_key_type]
key_desc stringnoz
sp1 const[' ', int8]
datalen fmt[dec, int64]
sp2 const[' ', int8]
# TODO: this is something complex: hex-encoded iv of particular length, followed by delim?
# followed by something-hex-encoded of some particular length, followed by something more?
iv_data array[flags[hex_chars, int8]]
z const[0, int8]
} [packed]
key_encrypted_update {
cmd stringnoz["update "]
format stringnoz[key_encrypted_format]
sp0 const[' ', int8]
key_type stringnoz[key_encrypted_key_type]
key_desc stringnoz
z const[0, int8]
} [packed]
keyctl_pkey_params {
key_id key
in_len bytesize[syscall:inout, int32]
out_len bytesize[syscall:output, int32]
__spare array[const[0, int32], 7]
}
keyctl_pkey_info {
enc stringnoz["enc="]
env_val stringnoz[keyctl_pkey_info_enc]
hash stringnoz[" hash="]
hash_val alg_hash_name
} [packed]
key_encrypted_format = "ecryptfs", "default"
key_encrypted_key_type = "trusted:", "user:"
keyctl_pkey_info_enc = "raw", "pkcs1", "oaep"
key_restriction [
builtin string["builtin_trusted"]
secondary string["builtin_and_secondary_trusted"]
keyring key_restriction_keyring
chain key_restriction_keyring_chain
] [varlen]
key_restriction_keyring {
keyring stringnoz["key_or_keyring:"]
serial fmt[hex, key]
z const[0, int8]
} [packed]
key_restriction_keyring_chain {
keyring stringnoz["key_or_keyring:"]
serial fmt[hex, key]
chain string[":chain"]
} [packed]
define KEYCTL_PKEY_QUERY_SIZE sizeof(struct keyctl_pkey_query)
|
