type command[permalink] [source]

type command = enum {
	GET_KEYRING_ID = 0,
	JOIN_SESSION_KEYRING = 1,
	UPDATE = 2,
	REVOKE = 3,
	CHOWN = 4,
	SETPERM = 5,
	DESCRIBE = 6,
	CLEAR = 7,
	LINK = 8,
	UNLINK = 9,
	SEARCH = 10,
	READ = 11,
	INSTANTIATE = 12,
	NEGATE = 13,
	SET_REQKEY_KEYRING = 14,
	SET_TIMEOUT = 15,
	ASSUME_AUTHORITY = 16,
	GET_SECURITY = 17,
	SESSION_TO_PARENT = 18,
	REJECT = 19,
	INSTANTIATE_IOV = 20,
	INVALIDATE = 21,
	GET_PERSISTENT = 22,
	DH_COMPUTE = 23,
	PKEY_QUERY = 24,
	PKEY_ENCRYPT = 25,
	PKEY_DECRYPT = 26,
	PKEY_SIGN = 27,
	PKEY_VERIFY = 28,
	RESTRICT_KEYRING = 29,
	MOVE = 30,
	CAPABILITIES = 31,
	WATCH_KEY = 32,
};

keyctl commands

type dh_params[permalink] [source]

type dh_params = struct {
	private: i32,
	prime: i32,
	base: i32,
};

Input for command::DH_COMPUTE

type kdf_params[permalink] [source]

type kdf_params = struct {
	hashname: *c::char,
	otherinfo: *c::char,
	otherinfolen: u32,
	__spare: [8]u32,
};

Output for command::DH_COMPUTE

type reqkey[permalink] [source]

type reqkey = enum {
	NO_CHANGE = -1,
	DEFAULT = 0,
	THREAD_KEYRING = 1,
	PROCESS_KEYRING = 2,
	SESSION_KEYRING = 3,
	USER_KEYRING = 4,
	USER_SESSION_KEYRING = 5,
	GROUP_KEYRING = 6,
	REQUESTOR_KEYRING = 7,
};

request-key default keyrings

type serial[permalink] [source]

type serial = i32;

A key ID.

type caps[permalink] [source]

type caps = enum u8 {
	CAPS0_CAPABILITIES = 1,
	CAPS0_PERSISTENT_KEYRINGS = 2,
	CAPS0_DIFFIE_HELLMAN = 4,
	CAPS0_PUBLIC_KEY = 8,
	CAPS0_BIG_KEY = 16,
	CAPS0_INVALIDATE = 32,
	CAPS0_RESTRICT_KEYRING = 64,
	CAPS0_MOVE = 128,
	CAPS1_NS_KEYRING_NAME = 1,
	CAPS1_NS_KEY_TAG = 2,
	CAPS1_NOTIFICATIONS = 4,
};

type perm[permalink] [source]

type perm = enum u32 {
	KEY_OTH_VIEW = 1,
	KEY_OTH_READ = 2,
	KEY_OTH_WRITE = 4,
	KEY_OTH_SEARCH = 8,
	KEY_OTH_LINK = 16,
	KEY_OTH_SETATTR = 32,
	KEY_OTH_ALL = 63,
	KEY_GRP_VIEW = 256,
	KEY_GRP_READ = 512,
	KEY_GRP_WRITE = 1024,
	KEY_GRP_SEARCH = 2048,
	KEY_GRP_LINK = 4096,
	KEY_GRP_SETATTR = 8192,
	KEY_GRP_ALL = 16128,
	KEY_USR_VIEW = 65536,
	KEY_USR_READ = 131072,
	KEY_USR_WRITE = 262144,
	KEY_USR_SEARCH = 524288,
	KEY_USR_LINK = 1048576,
	KEY_USR_SETATTR = 2097152,
	KEY_USR_ALL = 4128768,
	KEY_POS_VIEW = 16777216,
	KEY_POS_READ = 33554432,
	KEY_POS_WRITE = 67108864,
	KEY_POS_SEARCH = 134217728,
	KEY_POS_LINK = 268435456,
	KEY_POS_SETATTR = 536870912,
	KEY_POS_ALL = 1056964608,
};

type pkey_params[permalink] [source]

type pkey_params = struct {
	key_id: i32,
	in_len: u32,
	union {
		out_len: u32,
		in2_len: u32,
	},
	__spare: [7]u32,
};

type pkey_query[permalink] [source]

type pkey_query = struct {
	supported_ops: u32,
	key_size: u32,
	max_data_size: u16,
	max_sig_size: u16,
	max_enc_size: u16,
	max_dec_size: u16,
	__spare: [10]u32,
};

type support[permalink] [source]

type support = enum u32 {
	SUPPORTS_ENCRYPT = 1,
	SUPPORTS_DECRYPT = 2,
	SUPPORTS_SIGN = 4,
	SUPPORTS_VERIFY = 8,
};

type error[permalink] [source]

type error = !(nokey | errors::error);

A tagged union of all possible error types.

type nokey[permalink] [source]

type nokey = !void;

Returned when a desired key was not found.

def GROUP_KEYRING[permalink] [source]

def GROUP_KEYRING: serial = -6;

The caller's GID-specific keyring.

def PROCESS_KEYRING[permalink] [source]

def PROCESS_KEYRING: serial = -2;

The caller's process-specific keyring.

def REQKEY_AUTH_KEY[permalink] [source]

def REQKEY_AUTH_KEY: serial = -7;

The caller's GID-session keyring.

def REQUESTOR_KEYRING[permalink] [source]

def REQUESTOR_KEYRING: serial = -8;

The Key ID for the reqkey destination keyring.

def SESSION_KEYRING[permalink] [source]

def SESSION_KEYRING: serial = -3;

The caller's session-specific keyring.

def THREAD_KEYRING[permalink] [source]

def THREAD_KEYRING: serial = -1;

The caller's thread-specific keyring.

def USER_KEYRING[permalink] [source]

def USER_KEYRING: serial = -4;

The caller's UID-specific keyring.

def USER_SESSION_KEYRING[permalink] [source]

def USER_SESSION_KEYRING: serial = -5;

The caller's UID-session keyring.

fn add_key[permalink] [source]

fn add_key(keytype: str, name: str, payload: []u8, keyring: serial) (serial | error | nomem);

Adds a key to the kernel's key management facility.

fn chown[permalink] [source]

fn chown(id: serial, uid: uint, gid: uint) (void | error);

Changes the user and group ownership of the key.

fn get_keyring_id[permalink] [source]

fn get_keyring_id(key: serial, create: bool) (serial | error);

Maps a special key or keyring ID to the serial number of the key actually representing that feature. If it does not exist and 'create' is true, then the key or keyring will be created if it is appropriate to do so.

fn join_session_keyring[permalink] [source]

fn join_session_keyring(name: str) (serial | error | nomem);

Replace the session keyring this process subscribes to with a new session keyring using the given name, or, given an empty string, "_ses".

fn link[permalink] [source]

fn link(keyring: serial, key: serial) (void | error);

Adds a secret key to a keyring.

fn move[permalink] [source]

fn move(id: serial, from_ring_id: serial, to_ring_id: serial, flags: uint) (void | error);

Moves a secret key from one keyring to another.

fn read[permalink] [source]

fn read(id: serial, buf: []u8) (size | error);

Reads the payload from a key, returning the size of the key data. The provided buffer may be empty to probe the key size without reading.

fn revoke[permalink] [source]

fn revoke(id: serial) (void | error);

Revoke the key with the provided ID.

fn set_timeout[permalink] [source]

fn set_timeout(key: serial, seconds: uint) (void | error);

Sets the timeout on a secret key, such that it will be removed from the keyring once expired. Setting the timeout to zero cancels the expiration.

fn setperm[permalink] [source]

fn setperm(id: serial, perm: perm) (void | error);

Changes the permissions mask of the key.

fn strerror[permalink] [source]

fn strerror(err: error) const str;

Converts an error into a human-friendly string.

fn unlink[permalink] [source]

fn unlink(keyring: serial, key: serial) (void | error);

Removes a secret key from a keyring.

fn update[permalink] [source]

fn update(id: serial, payload: []u8) (void | error);

Update a key's payload.