| 1 | /* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ |
|---|---|
| 2 | /* keyctl.h: keyctl command IDs |
| 3 | * |
| 4 | * Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved. |
| 5 | * Written by David Howells (dhowells@redhat.com) |
| 6 | * |
| 7 | * This program is free software; you can redistribute it and/or |
| 8 | * modify it under the terms of the GNU General Public License |
| 9 | * as published by the Free Software Foundation; either version |
| 10 | * 2 of the License, or (at your option) any later version. |
| 11 | */ |
| 12 | |
| 13 | #ifndef _LINUX_KEYCTL_H |
| 14 | #define _LINUX_KEYCTL_H |
| 15 | |
| 16 | #include <linux/types.h> |
| 17 | |
| 18 | /* special process keyring shortcut IDs */ |
| 19 | #define KEY_SPEC_THREAD_KEYRING -1 /* - key ID for thread-specific keyring */ |
| 20 | #define KEY_SPEC_PROCESS_KEYRING -2 /* - key ID for process-specific keyring */ |
| 21 | #define KEY_SPEC_SESSION_KEYRING -3 /* - key ID for session-specific keyring */ |
| 22 | #define KEY_SPEC_USER_KEYRING -4 /* - key ID for UID-specific keyring */ |
| 23 | #define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ |
| 24 | #define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */ |
| 25 | #define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */ |
| 26 | #define KEY_SPEC_REQUESTOR_KEYRING -8 /* - key ID for request_key() dest keyring */ |
| 27 | |
| 28 | /* request-key default keyrings */ |
| 29 | #define KEY_REQKEY_DEFL_NO_CHANGE -1 |
| 30 | #define KEY_REQKEY_DEFL_DEFAULT 0 |
| 31 | #define KEY_REQKEY_DEFL_THREAD_KEYRING 1 |
| 32 | #define KEY_REQKEY_DEFL_PROCESS_KEYRING 2 |
| 33 | #define KEY_REQKEY_DEFL_SESSION_KEYRING 3 |
| 34 | #define KEY_REQKEY_DEFL_USER_KEYRING 4 |
| 35 | #define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 |
| 36 | #define KEY_REQKEY_DEFL_GROUP_KEYRING 6 |
| 37 | #define KEY_REQKEY_DEFL_REQUESTOR_KEYRING 7 |
| 38 | |
| 39 | /* keyctl commands */ |
| 40 | #define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */ |
| 41 | #define KEYCTL_JOIN_SESSION_KEYRING 1 /* join or start named session keyring */ |
| 42 | #define KEYCTL_UPDATE 2 /* update a key */ |
| 43 | #define KEYCTL_REVOKE 3 /* revoke a key */ |
| 44 | #define KEYCTL_CHOWN 4 /* set ownership of a key */ |
| 45 | #define KEYCTL_SETPERM 5 /* set perms on a key */ |
| 46 | #define KEYCTL_DESCRIBE 6 /* describe a key */ |
| 47 | #define KEYCTL_CLEAR 7 /* clear contents of a keyring */ |
| 48 | #define KEYCTL_LINK 8 /* link a key into a keyring */ |
| 49 | #define KEYCTL_UNLINK 9 /* unlink a key from a keyring */ |
| 50 | #define KEYCTL_SEARCH 10 /* search for a key in a keyring */ |
| 51 | #define KEYCTL_READ 11 /* read a key or keyring's contents */ |
| 52 | #define KEYCTL_INSTANTIATE 12 /* instantiate a partially constructed key */ |
| 53 | #define KEYCTL_NEGATE 13 /* negate a partially constructed key */ |
| 54 | #define KEYCTL_SET_REQKEY_KEYRING 14 /* set default request-key keyring */ |
| 55 | #define KEYCTL_SET_TIMEOUT 15 /* set key timeout */ |
| 56 | #define KEYCTL_ASSUME_AUTHORITY 16 /* assume request_key() authorisation */ |
| 57 | #define KEYCTL_GET_SECURITY 17 /* get key security label */ |
| 58 | #define KEYCTL_SESSION_TO_PARENT 18 /* apply session keyring to parent process */ |
| 59 | #define KEYCTL_REJECT 19 /* reject a partially constructed key */ |
| 60 | #define KEYCTL_INSTANTIATE_IOV 20 /* instantiate a partially constructed key */ |
| 61 | #define KEYCTL_INVALIDATE 21 /* invalidate a key */ |
| 62 | #define KEYCTL_GET_PERSISTENT 22 /* get a user's persistent keyring */ |
| 63 | #define KEYCTL_DH_COMPUTE 23 /* Compute Diffie-Hellman values */ |
| 64 | #define KEYCTL_PKEY_QUERY 24 /* Query public key parameters */ |
| 65 | #define KEYCTL_PKEY_ENCRYPT 25 /* Encrypt a blob using a public key */ |
| 66 | #define KEYCTL_PKEY_DECRYPT 26 /* Decrypt a blob using a public key */ |
| 67 | #define KEYCTL_PKEY_SIGN 27 /* Create a public key signature */ |
| 68 | #define KEYCTL_PKEY_VERIFY 28 /* Verify a public key signature */ |
| 69 | #define KEYCTL_RESTRICT_KEYRING 29 /* Restrict keys allowed to link to a keyring */ |
| 70 | #define KEYCTL_MOVE 30 /* Move keys between keyrings */ |
| 71 | #define KEYCTL_CAPABILITIES 31 /* Find capabilities of keyrings subsystem */ |
| 72 | #define KEYCTL_WATCH_KEY 32 /* Watch a key or ring of keys for changes */ |
| 73 | |
| 74 | /* keyctl structures */ |
| 75 | struct keyctl_dh_params { |
| 76 | union { |
| 77 | #ifndef __cplusplus |
| 78 | __s32 private; |
| 79 | #endif |
| 80 | __s32 priv; |
| 81 | }; |
| 82 | __s32 prime; |
| 83 | __s32 base; |
| 84 | }; |
| 85 | |
| 86 | struct keyctl_kdf_params { |
| 87 | char __user *hashname; |
| 88 | char __user *otherinfo; |
| 89 | __u32 otherinfolen; |
| 90 | __u32 __spare[8]; |
| 91 | }; |
| 92 | |
| 93 | #define KEYCTL_SUPPORTS_ENCRYPT 0x01 |
| 94 | #define KEYCTL_SUPPORTS_DECRYPT 0x02 |
| 95 | #define KEYCTL_SUPPORTS_SIGN 0x04 |
| 96 | #define KEYCTL_SUPPORTS_VERIFY 0x08 |
| 97 | |
| 98 | struct keyctl_pkey_query { |
| 99 | __u32 supported_ops; /* Which ops are supported */ |
| 100 | __u32 key_size; /* Size of the key in bits */ |
| 101 | __u16 max_data_size; /* Maximum size of raw data to sign in bytes */ |
| 102 | __u16 max_sig_size; /* Maximum size of signature in bytes */ |
| 103 | __u16 max_enc_size; /* Maximum size of encrypted blob in bytes */ |
| 104 | __u16 max_dec_size; /* Maximum size of decrypted blob in bytes */ |
| 105 | __u32 __spare[10]; |
| 106 | }; |
| 107 | |
| 108 | struct keyctl_pkey_params { |
| 109 | __s32 key_id; /* Serial no. of public key to use */ |
| 110 | __u32 in_len; /* Input data size */ |
| 111 | union { |
| 112 | __u32 out_len; /* Output buffer size (encrypt/decrypt/sign) */ |
| 113 | __u32 in2_len; /* 2nd input data size (verify) */ |
| 114 | }; |
| 115 | __u32 __spare[7]; |
| 116 | }; |
| 117 | |
| 118 | #define KEYCTL_MOVE_EXCL 0x00000001 /* Do not displace from the to-keyring */ |
| 119 | |
| 120 | /* |
| 121 | * Capabilities flags. The capabilities list is an array of 8-bit integers; |
| 122 | * each integer can carry up to 8 flags. |
| 123 | */ |
| 124 | #define KEYCTL_CAPS0_CAPABILITIES 0x01 /* KEYCTL_CAPABILITIES supported */ |
| 125 | #define KEYCTL_CAPS0_PERSISTENT_KEYRINGS 0x02 /* Persistent keyrings enabled */ |
| 126 | #define KEYCTL_CAPS0_DIFFIE_HELLMAN 0x04 /* Diffie-Hellman computation enabled */ |
| 127 | #define KEYCTL_CAPS0_PUBLIC_KEY 0x08 /* Public key ops enabled */ |
| 128 | #define KEYCTL_CAPS0_BIG_KEY 0x10 /* big_key-type enabled */ |
| 129 | #define KEYCTL_CAPS0_INVALIDATE 0x20 /* KEYCTL_INVALIDATE supported */ |
| 130 | #define KEYCTL_CAPS0_RESTRICT_KEYRING 0x40 /* KEYCTL_RESTRICT_KEYRING supported */ |
| 131 | #define KEYCTL_CAPS0_MOVE 0x80 /* KEYCTL_MOVE supported */ |
| 132 | #define KEYCTL_CAPS1_NS_KEYRING_NAME 0x01 /* Keyring names are per-user_namespace */ |
| 133 | #define KEYCTL_CAPS1_NS_KEY_TAG 0x02 /* Key indexing can include a namespace tag */ |
| 134 | #define KEYCTL_CAPS1_NOTIFICATIONS 0x04 /* Keys generate watchable notifications */ |
| 135 | |
| 136 | #endif /* _LINUX_KEYCTL_H */ |
| 137 |
Generated while processing Linux/certs/system_keyring.c
Generated on 2025-Oct-12 from project Linux revision 6.17.0 (67029a49db6c)
Powered by 
Code Browser 2.1
Generator usage only permitted with license.