github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/key.txt (about) 1 # Copyright 2015 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 include <linux/key.h> 5 include <linux/keyctl.h> 6 include <uapi/linux/keyctl.h> 7 8 # key serial number (key_serial_t) 9 resource key[int32]: 0 10 11 # key of type "keyring". Note: for now we include KEY_SPEC_REQKEY_AUTH_KEY here 12 # since it should be listed somewhere, though it's not actually a keyring. 13 resource keyring[key]: KEY_SPEC_THREAD_KEYRING, KEY_SPEC_PROCESS_KEYRING, KEY_SPEC_SESSION_KEYRING, KEY_SPEC_USER_KEYRING, KEY_SPEC_USER_SESSION_KEYRING, KEY_SPEC_GROUP_KEYRING, KEY_SPEC_REQKEY_AUTH_KEY, KEY_SPEC_REQUESTOR_KEYRING 14 15 # key of type "user" 16 resource user_key[key] 17 18 # key of type "fscrypt-provisioning" 19 resource fscrypt_provisioning_key[key] 20 21 add_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], payload ptr[in, array[int8], opt], paylen len[payload], keyring keyring[opt]) key 22 add_key$keyring(type ptr[in, string["keyring"]], desc ptr[in, key_desc], payload const[0], paylen const[0], keyring keyring[opt]) keyring 23 add_key$user(type ptr[in, string["user"]], desc ptr[in, key_desc], payload buffer[in], paylen len[payload], keyring keyring[opt]) user_key 24 add_key$fscrypt_provisioning(type ptr[in, string["fscrypt-provisioning"]], desc ptr[in, key_desc], payload ptr[in, fscrypt_provisioning_key_payload], paylen len[payload], keyring keyring[opt]) fscrypt_provisioning_key 25 add_key$fscrypt_v1(type ptr[in, string["logon"]], desc ptr[in, fscrypt_v1_key_description], payload ptr[in, fscrypt_v1_key_payload], paylen len[payload], keyring keyring[opt]) key 26 request_key(type ptr[in, string[key_type]], desc ptr[in, key_desc], callout ptr[in, string], keyring keyring[opt]) key 27 keyctl$get_keyring_id(code const[KEYCTL_GET_KEYRING_ID], key key, create intptr) 28 keyctl$join(code const[KEYCTL_JOIN_SESSION_KEYRING], session ptr[in, key_desc, opt]) 29 keyctl$update(code const[KEYCTL_UPDATE], key key, payload ptr[in, array[int8], opt], paylen len[payload]) 30 keyctl$revoke(code const[KEYCTL_REVOKE], key key) 31 keyctl$describe(code const[KEYCTL_DESCRIBE], key key, desc buffer[out], len len[desc]) 32 keyctl$clear(code const[KEYCTL_CLEAR], keyring keyring) 33 keyctl$link(code const[KEYCTL_LINK], key key, keyring keyring) 34 keyctl$unlink(code const[KEYCTL_UNLINK], key key, keyring keyring) 35 keyctl$search(code const[KEYCTL_SEARCH], key key, type ptr[in, string[key_type]], desc ptr[in, key_desc], destination keyring) 36 keyctl$read(code const[KEYCTL_READ], key key, payload buffer[out], len len[payload]) 37 keyctl$chown(code const[KEYCTL_CHOWN], key key, uid uid, gid gid) 38 # perm is a mask of KEY_POS_VIEW, etc consants, but they cover almost whole int32. 39 keyctl$setperm(code const[KEYCTL_SETPERM], key key, perm flags[key_perm]) 40 keyctl$instantiate(code const[KEYCTL_INSTANTIATE], key key, payload ptr[in, key_instantiate_payload, opt], paylen len[payload], keyring keyring[opt]) 41 keyctl$negate(code const[KEYCTL_NEGATE], key key, timeout intptr, keyring keyring) 42 keyctl$set_reqkey_keyring(code const[KEYCTL_SET_REQKEY_KEYRING], reqkey flags[reqkey_keyring]) 43 keyctl$set_timeout(code const[KEYCTL_SET_TIMEOUT], key key, timeout intptr) 44 keyctl$assume_authority(code const[KEYCTL_ASSUME_AUTHORITY], key key) 45 keyctl$get_security(code const[KEYCTL_GET_SECURITY], key key, label buffer[out], len len[label]) 46 keyctl$session_to_parent(code const[KEYCTL_SESSION_TO_PARENT]) 47 keyctl$reject(code const[KEYCTL_REJECT], key key, timeout intptr, error intptr, keyring keyring) 48 keyctl$instantiate_iov(code const[KEYCTL_INSTANTIATE_IOV], key key, payload ptr[in, array[iovec_in]], len len[payload], ring key) 49 keyctl$invalidate(code const[KEYCTL_INVALIDATE], key key) 50 keyctl$get_persistent(code const[KEYCTL_GET_PERSISTENT], uid uid, keyring keyring) 51 keyctl$dh_compute(code const[KEYCTL_DH_COMPUTE], params ptr[in, keyctl_dh_params], buffer buffer[out], buflen len[buffer], kdf ptr[in, keyctl_kdf_params, opt]) 52 keyctl$restrict_keyring(code const[KEYCTL_RESTRICT_KEYRING], keyring keyring, type ptr[in, string[key_type], opt], restriction ptr[in, string, opt]) 53 keyctl$KEYCTL_PKEY_QUERY(code const[KEYCTL_PKEY_QUERY], key key, arg3 const[0], info ptr[in, string], query ptr[out, array[int8, KEYCTL_PKEY_QUERY_SIZE]]) 54 keyctl$KEYCTL_PKEY_ENCRYPT(code const[KEYCTL_PKEY_ENCRYPT], params ptr[in, keyctl_pkey_params], info ptr[in, keyctl_pkey_info, opt], inout ptr[in, array[int8]], output ptr[out, array[int8]]) 55 keyctl$KEYCTL_PKEY_DECRYPT(code const[KEYCTL_PKEY_DECRYPT], params ptr[in, keyctl_pkey_params], info ptr[in, keyctl_pkey_info, opt], inout ptr[in, array[int8]], output ptr[out, array[int8]]) 56 keyctl$KEYCTL_PKEY_SIGN(code const[KEYCTL_PKEY_SIGN], params ptr[in, keyctl_pkey_params], info ptr[in, keyctl_pkey_info, opt], inout ptr[in, array[int8]], output ptr[out, array[int8]]) 57 keyctl$KEYCTL_PKEY_VERIFY(code const[KEYCTL_PKEY_VERIFY], params ptr[in, keyctl_pkey_params], info ptr[in, keyctl_pkey_info, opt], inout ptr[in, array[int8]], output ptr[in, array[int8]]) 58 keyctl$KEYCTL_RESTRICT_KEYRING(code const[KEYCTL_RESTRICT_KEYRING], key key, type ptr[in, string[key_type], opt], restriction ptr[in, key_restriction, opt]) 59 keyctl$KEYCTL_MOVE(code const[KEYCTL_MOVE], key key, from_keyring keyring, to_keyring keyring, flags flags[keyctl_move_flags]) 60 keyctl$KEYCTL_CAPABILITIES(code const[KEYCTL_CAPABILITIES], buffer ptr[out, array[int8]], buflen len[buffer]) 61 keyctl$KEYCTL_WATCH_KEY(code const[KEYCTL_WATCH_KEY], id key, watch_queue_fd fd_watch_queue, watch_id intptr[0:0xff]) 62 63 reqkey_keyring = KEY_REQKEY_DEFL_NO_CHANGE, KEY_REQKEY_DEFL_DEFAULT, KEY_REQKEY_DEFL_THREAD_KEYRING, KEY_REQKEY_DEFL_PROCESS_KEYRING, KEY_REQKEY_DEFL_SESSION_KEYRING, KEY_REQKEY_DEFL_USER_KEYRING, KEY_REQKEY_DEFL_USER_SESSION_KEYRING, KEY_REQKEY_DEFL_GROUP_KEYRING, KEY_REQKEY_DEFL_REQUESTOR_KEYRING 64 keyctl_move_flags = KEYCTL_MOVE_EXCL 65 key_perm = KEY_POS_VIEW, KEY_POS_READ, KEY_POS_WRITE, KEY_POS_SEARCH, KEY_POS_LINK, KEY_POS_SETATTR, KEY_USR_VIEW, KEY_USR_READ, KEY_USR_WRITE, KEY_USR_SEARCH, KEY_USR_LINK, KEY_USR_SETATTR, KEY_GRP_VIEW, KEY_GRP_READ, KEY_GRP_WRITE, KEY_GRP_SEARCH, KEY_GRP_LINK, KEY_GRP_SETATTR, KEY_OTH_VIEW, KEY_OTH_READ, KEY_OTH_WRITE, KEY_OTH_SEARCH, KEY_OTH_LINK, KEY_OTH_SETATTR 66 67 key_type = "asymmetric", "big_key", "blacklist", "ceph", "cifs.idmap", "cifs.spnego", ".dead", "dns_resolver", "encrypted", "id_legacy", "id_resolver", "keyring", "logon", "pkcs7_test", ".request_key_auth", "rxrpc", "rxrpc_s", "syzkaller", "trusted", "user" 68 69 # "syzP\x00" 70 key_desc { 71 prefix stringnoz["syz"] 72 id proc[' ', 4, int8] 73 z const[0, int8] 74 } 75 76 keyctl_dh_params { 77 private user_key 78 prime user_key 79 base user_key 80 } 81 82 keyctl_kdf_params { 83 hashname ptr[in, alg_hash_name] 84 otherinfo ptr[in, array[int8], opt] 85 otherinfolen len[otherinfo, int32] 86 __spare array[const[0, int32], 8] 87 } 88 89 key_instantiate_payload [ 90 encrypted_new key_encrypted_new 91 encrypted_load key_encrypted_load 92 encrypted_update key_encrypted_update 93 ] [varlen] 94 95 key_encrypted_new { 96 cmd stringnoz["new "] 97 format stringnoz[key_encrypted_format] 98 sp0 const[' ', int8] 99 key_type stringnoz[key_encrypted_key_type] 100 key_desc stringnoz 101 sp1 const[' ', int8] 102 datalen fmt[dec, int64] 103 z const[0, int8] 104 } [packed] 105 106 key_encrypted_load { 107 cmd stringnoz["load "] 108 format stringnoz[key_encrypted_format] 109 sp0 const[' ', int8] 110 key_type stringnoz[key_encrypted_key_type] 111 key_desc stringnoz 112 sp1 const[' ', int8] 113 datalen fmt[dec, int64] 114 sp2 const[' ', int8] 115 # TODO: this is something complex: hex-encoded iv of particular length, followed by delim? 116 # followed by something-hex-encoded of some particular length, followed by something more? 117 iv_data array[flags[hex_chars, int8]] 118 z const[0, int8] 119 } [packed] 120 121 key_encrypted_update { 122 cmd stringnoz["update "] 123 format stringnoz[key_encrypted_format] 124 sp0 const[' ', int8] 125 key_type stringnoz[key_encrypted_key_type] 126 key_desc stringnoz 127 z const[0, int8] 128 } [packed] 129 130 keyctl_pkey_params { 131 key_id key 132 in_len bytesize[syscall:inout, int32] 133 out_len bytesize[syscall:output, int32] 134 __spare array[const[0, int32], 7] 135 } 136 137 keyctl_pkey_info { 138 enc stringnoz["enc="] 139 env_val stringnoz[keyctl_pkey_info_enc] 140 hash stringnoz[" hash="] 141 hash_val alg_hash_name 142 } [packed] 143 144 key_encrypted_format = "ecryptfs", "default" 145 key_encrypted_key_type = "trusted:", "user:" 146 keyctl_pkey_info_enc = "raw", "pkcs1", "oaep" 147 148 key_restriction [ 149 builtin string["builtin_trusted"] 150 secondary string["builtin_and_secondary_trusted"] 151 keyring key_restriction_keyring 152 chain key_restriction_keyring_chain 153 ] [varlen] 154 155 key_restriction_keyring { 156 keyring stringnoz["key_or_keyring:"] 157 serial fmt[hex, key] 158 z const[0, int8] 159 } [packed] 160 161 key_restriction_keyring_chain { 162 keyring stringnoz["key_or_keyring:"] 163 serial fmt[hex, key] 164 chain string[":chain"] 165 } [packed] 166 167 define KEYCTL_PKEY_QUERY_SIZE sizeof(struct keyctl_pkey_query)