uapi/linux/keyctl.h

0001 /* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
0002 /* keyctl.h: keyctl command IDs
0003  *
0004  * Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved.
0005  * Written by David Howells (dhowells@redhat.com)
0006  *
0007  * This program is free software; you can redistribute it and/or
0008  * modify it under the terms of the GNU General Public License
0009  * as published by the Free Software Foundation; either version
0010  * 2 of the License, or (at your option) any later version.
0011  */
0012
0013 #ifndef _LINUX_KEYCTL_H
0014 #define _LINUX_KEYCTL_H
0015
0016 #include <linux/types.h>
0017
0018 /* special process keyring shortcut IDs */
0019 #define KEY_SPEC_THREAD_KEYRING     -1  /* - key ID for thread-specific keyring */
0020 #define KEY_SPEC_PROCESS_KEYRING    -2  /* - key ID for process-specific keyring */
0021 #define KEY_SPEC_SESSION_KEYRING    -3  /* - key ID for session-specific keyring */
0022 #define KEY_SPEC_USER_KEYRING       -4  /* - key ID for UID-specific keyring */
0023 #define KEY_SPEC_USER_SESSION_KEYRING   -5  /* - key ID for UID-session keyring */
0024 #define KEY_SPEC_GROUP_KEYRING      -6  /* - key ID for GID-specific keyring */
0025 #define KEY_SPEC_REQKEY_AUTH_KEY    -7  /* - key ID for assumed request_key auth key */
0026 #define KEY_SPEC_REQUESTOR_KEYRING  -8  /* - key ID for request_key() dest keyring */
0027
0028 /* request-key default keyrings */
0029 #define KEY_REQKEY_DEFL_NO_CHANGE       -1
0030 #define KEY_REQKEY_DEFL_DEFAULT         0
0031 #define KEY_REQKEY_DEFL_THREAD_KEYRING      1
0032 #define KEY_REQKEY_DEFL_PROCESS_KEYRING     2
0033 #define KEY_REQKEY_DEFL_SESSION_KEYRING     3
0034 #define KEY_REQKEY_DEFL_USER_KEYRING        4
0035 #define KEY_REQKEY_DEFL_USER_SESSION_KEYRING    5
0036 #define KEY_REQKEY_DEFL_GROUP_KEYRING       6
0037 #define KEY_REQKEY_DEFL_REQUESTOR_KEYRING   7
0038
0039 /* keyctl commands */
0040 #define KEYCTL_GET_KEYRING_ID       0   /* ask for a keyring's ID */
0041 #define KEYCTL_JOIN_SESSION_KEYRING 1   /* join or start named session keyring */
0042 #define KEYCTL_UPDATE           2   /* update a key */
0043 #define KEYCTL_REVOKE           3   /* revoke a key */
0044 #define KEYCTL_CHOWN            4   /* set ownership of a key */
0045 #define KEYCTL_SETPERM          5   /* set perms on a key */
0046 #define KEYCTL_DESCRIBE         6   /* describe a key */
0047 #define KEYCTL_CLEAR            7   /* clear contents of a keyring */
0048 #define KEYCTL_LINK         8   /* link a key into a keyring */
0049 #define KEYCTL_UNLINK           9   /* unlink a key from a keyring */
0050 #define KEYCTL_SEARCH           10  /* search for a key in a keyring */
0051 #define KEYCTL_READ         11  /* read a key or keyring's contents */
0052 #define KEYCTL_INSTANTIATE      12  /* instantiate a partially constructed key */
0053 #define KEYCTL_NEGATE           13  /* negate a partially constructed key */
0054 #define KEYCTL_SET_REQKEY_KEYRING   14  /* set default request-key keyring */
0055 #define KEYCTL_SET_TIMEOUT      15  /* set key timeout */
0056 #define KEYCTL_ASSUME_AUTHORITY     16  /* assume request_key() authorisation */
0057 #define KEYCTL_GET_SECURITY     17  /* get key security label */
0058 #define KEYCTL_SESSION_TO_PARENT    18  /* apply session keyring to parent process */
0059 #define KEYCTL_REJECT           19  /* reject a partially constructed key */
0060 #define KEYCTL_INSTANTIATE_IOV      20  /* instantiate a partially constructed key */
0061 #define KEYCTL_INVALIDATE       21  /* invalidate a key */
0062 #define KEYCTL_GET_PERSISTENT       22  /* get a user's persistent keyring */
0063 #define KEYCTL_DH_COMPUTE       23  /* Compute Diffie-Hellman values */
0064 #define KEYCTL_PKEY_QUERY       24  /* Query public key parameters */
0065 #define KEYCTL_PKEY_ENCRYPT     25  /* Encrypt a blob using a public key */
0066 #define KEYCTL_PKEY_DECRYPT     26  /* Decrypt a blob using a public key */
0067 #define KEYCTL_PKEY_SIGN        27  /* Create a public key signature */
0068 #define KEYCTL_PKEY_VERIFY      28  /* Verify a public key signature */
0069 #define KEYCTL_RESTRICT_KEYRING     29  /* Restrict keys allowed to link to a keyring */
0070 #define KEYCTL_MOVE         30  /* Move keys between keyrings */
0071 #define KEYCTL_CAPABILITIES     31  /* Find capabilities of keyrings subsystem */
0072 #define KEYCTL_WATCH_KEY        32  /* Watch a key or ring of keys for changes */
0073
0074 /* keyctl structures */
0075 struct keyctl_dh_params {
0076     union {
0077 #ifndef __cplusplus
0078         __s32 private;
0079 #endif
0080         __s32 priv;
0081     };
0082     __s32 prime;
0083     __s32 base;
0084 };
0085
0086 struct keyctl_kdf_params {
0087     char __user *hashname;
0088     char __user *otherinfo;
0089     __u32 otherinfolen;
0090     __u32 __spare[8];
0091 };
0092
0093 #define KEYCTL_SUPPORTS_ENCRYPT     0x01
0094 #define KEYCTL_SUPPORTS_DECRYPT     0x02
0095 #define KEYCTL_SUPPORTS_SIGN        0x04
0096 #define KEYCTL_SUPPORTS_VERIFY      0x08
0097
0098 struct keyctl_pkey_query {
0099     __u32       supported_ops;  /* Which ops are supported */
0100     __u32       key_size;   /* Size of the key in bits */
0101     __u16       max_data_size;  /* Maximum size of raw data to sign in bytes */
0102     __u16       max_sig_size;   /* Maximum size of signature in bytes */
0103     __u16       max_enc_size;   /* Maximum size of encrypted blob in bytes */
0104     __u16       max_dec_size;   /* Maximum size of decrypted blob in bytes */
0105     __u32       __spare[10];
0106 };
0107
0108 struct keyctl_pkey_params {
0109     __s32       key_id;     /* Serial no. of public key to use */
0110     __u32       in_len;     /* Input data size */
0111     union {
0112         __u32       out_len;    /* Output buffer size (encrypt/decrypt/sign) */
0113         __u32       in2_len;    /* 2nd input data size (verify) */
0114     };
0115     __u32       __spare[7];
0116 };
0117
0118 #define KEYCTL_MOVE_EXCL    0x00000001 /* Do not displace from the to-keyring */
0119
0120 /*
0121  * Capabilities flags.  The capabilities list is an array of 8-bit integers;
0122  * each integer can carry up to 8 flags.
0123  */
0124 #define KEYCTL_CAPS0_CAPABILITIES   0x01 /* KEYCTL_CAPABILITIES supported */
0125 #define KEYCTL_CAPS0_PERSISTENT_KEYRINGS 0x02 /* Persistent keyrings enabled */
0126 #define KEYCTL_CAPS0_DIFFIE_HELLMAN 0x04 /* Diffie-Hellman computation enabled */
0127 #define KEYCTL_CAPS0_PUBLIC_KEY     0x08 /* Public key ops enabled */
0128 #define KEYCTL_CAPS0_BIG_KEY        0x10 /* big_key-type enabled */
0129 #define KEYCTL_CAPS0_INVALIDATE     0x20 /* KEYCTL_INVALIDATE supported */
0130 #define KEYCTL_CAPS0_RESTRICT_KEYRING   0x40 /* KEYCTL_RESTRICT_KEYRING supported */
0131 #define KEYCTL_CAPS0_MOVE       0x80 /* KEYCTL_MOVE supported */
0132 #define KEYCTL_CAPS1_NS_KEYRING_NAME    0x01 /* Keyring names are per-user_namespace */
0133 #define KEYCTL_CAPS1_NS_KEY_TAG     0x02 /* Key indexing can include a namespace tag */
0134 #define KEYCTL_CAPS1_NOTIFICATIONS  0x04 /* Keys generate watchable notifications */
0135
0136 #endif /*  _LINUX_KEYCTL_H */