linux::keyctl
Index
Types
type command = enum {
GET_KEYRING_ID = 0,
JOIN_SESSION_KEYRING = 1,
UPDATE = 2,
REVOKE = 3,
CHOWN = 4,
SETPERM = 5,
DESCRIBE = 6,
CLEAR = 7,
LINK = 8,
UNLINK = 9,
SEARCH = 10,
READ = 11,
INSTANTIATE = 12,
NEGATE = 13,
SET_REQKEY_KEYRING = 14,
SET_TIMEOUT = 15,
ASSUME_AUTHORITY = 16,
GET_SECURITY = 17,
SESSION_TO_PARENT = 18,
REJECT = 19,
INSTANTIATE_IOV = 20,
INVALIDATE = 21,
GET_PERSISTENT = 22,
DH_COMPUTE = 23,
PKEY_QUERY = 24,
PKEY_ENCRYPT = 25,
PKEY_DECRYPT = 26,
PKEY_SIGN = 27,
PKEY_VERIFY = 28,
RESTRICT_KEYRING = 29,
MOVE = 30,
CAPABILITIES = 31,
WATCH_KEY = 32,
};
type dh_params = struct {
private: i32,
prime: i32,
base: i32,
};
type kdf_params = struct {
hashname: *c::char,
otherinfo: *c::char,
otherinfolen: u32,
__spare: [8]u32,
};
type reqkey = enum {
NO_CHANGE = -1,
DEFAULT = 0,
THREAD_KEYRING = 1,
PROCESS_KEYRING = 2,
SESSION_KEYRING = 3,
USER_KEYRING = 4,
USER_SESSION_KEYRING = 5,
GROUP_KEYRING = 6,
REQUESTOR_KEYRING = 7,
};
type serial = i32;
type caps = enum u8 {
CAPS0_CAPABILITIES = 1,
CAPS0_PERSISTENT_KEYRINGS = 2,
CAPS0_DIFFIE_HELLMAN = 4,
CAPS0_PUBLIC_KEY = 8,
CAPS0_BIG_KEY = 16,
CAPS0_INVALIDATE = 32,
CAPS0_RESTRICT_KEYRING = 64,
CAPS0_MOVE = 128,
CAPS1_NS_KEYRING_NAME = 1,
CAPS1_NS_KEY_TAG = 2,
CAPS1_NOTIFICATIONS = 4,
};
type perm = enum u32 {
KEY_OTH_VIEW = 1,
KEY_OTH_READ = 2,
KEY_OTH_WRITE = 4,
KEY_OTH_SEARCH = 8,
KEY_OTH_LINK = 16,
KEY_OTH_SETATTR = 32,
KEY_OTH_ALL = 63,
KEY_GRP_VIEW = 256,
KEY_GRP_READ = 512,
KEY_GRP_WRITE = 1024,
KEY_GRP_SEARCH = 2048,
KEY_GRP_LINK = 4096,
KEY_GRP_SETATTR = 8192,
KEY_GRP_ALL = 16128,
KEY_USR_VIEW = 65536,
KEY_USR_READ = 131072,
KEY_USR_WRITE = 262144,
KEY_USR_SEARCH = 524288,
KEY_USR_LINK = 1048576,
KEY_USR_SETATTR = 2097152,
KEY_USR_ALL = 4128768,
KEY_POS_VIEW = 16777216,
KEY_POS_READ = 33554432,
KEY_POS_WRITE = 67108864,
KEY_POS_SEARCH = 134217728,
KEY_POS_LINK = 268435456,
KEY_POS_SETATTR = 536870912,
KEY_POS_ALL = 1056964608,
};
type pkey_params = struct {
key_id: i32,
in_len: u32,
union {
out_len: u32,
in2_len: u32,
},
__spare: [7]u32,
};
type pkey_query = struct {
supported_ops: u32,
key_size: u32,
max_data_size: u16,
max_sig_size: u16,
max_enc_size: u16,
max_dec_size: u16,
__spare: [10]u32,
};
type support = enum u32 {
SUPPORTS_ENCRYPT = 1,
SUPPORTS_DECRYPT = 2,
SUPPORTS_SIGN = 4,
SUPPORTS_VERIFY = 8,
};
Errors
type error = !(nokey | errors::error);
type nokey = !void;
Constants
def GROUP_KEYRING: serial = -6;
def PROCESS_KEYRING: serial = -2;
def REQKEY_AUTH_KEY: serial = -7;
def REQUESTOR_KEYRING: serial = -8;
def SESSION_KEYRING: serial = -3;
def THREAD_KEYRING: serial = -1;
def USER_KEYRING: serial = -4;
def USER_SESSION_KEYRING: serial = -5;
Functions
fn add_key(keytype: str, name: str, payload: []u8, keyring: serial) (serial | error);
fn chown(id: serial, uid: uint, gid: uint) (void | error);
fn get_keyring_id(key: serial, create: bool) (serial | error);
fn join_session_keyring(name: str) (serial | error);
fn read(id: serial, buf: []u8) (size | error);
fn revoke(id: serial) (void | error);
fn setperm(id: serial, perm: perm) (void | error);
fn strerror(err: error) const str;
fn update(id: serial, payload: []u8) (void | error);
Types
type command
type command = enum {
GET_KEYRING_ID = 0,
JOIN_SESSION_KEYRING = 1,
UPDATE = 2,
REVOKE = 3,
CHOWN = 4,
SETPERM = 5,
DESCRIBE = 6,
CLEAR = 7,
LINK = 8,
UNLINK = 9,
SEARCH = 10,
READ = 11,
INSTANTIATE = 12,
NEGATE = 13,
SET_REQKEY_KEYRING = 14,
SET_TIMEOUT = 15,
ASSUME_AUTHORITY = 16,
GET_SECURITY = 17,
SESSION_TO_PARENT = 18,
REJECT = 19,
INSTANTIATE_IOV = 20,
INVALIDATE = 21,
GET_PERSISTENT = 22,
DH_COMPUTE = 23,
PKEY_QUERY = 24,
PKEY_ENCRYPT = 25,
PKEY_DECRYPT = 26,
PKEY_SIGN = 27,
PKEY_VERIFY = 28,
RESTRICT_KEYRING = 29,
MOVE = 30,
CAPABILITIES = 31,
WATCH_KEY = 32,
};
keyctl commands
type dh_params
type dh_params = struct {
private: i32,
prime: i32,
base: i32,
};
Input for command::DH_COMPUTE
type kdf_params
type kdf_params = struct {
hashname: *c::char,
otherinfo: *c::char,
otherinfolen: u32,
__spare: [8]u32,
};
Output for command::DH_COMPUTE
type reqkey
type reqkey = enum {
NO_CHANGE = -1,
DEFAULT = 0,
THREAD_KEYRING = 1,
PROCESS_KEYRING = 2,
SESSION_KEYRING = 3,
USER_KEYRING = 4,
USER_SESSION_KEYRING = 5,
GROUP_KEYRING = 6,
REQUESTOR_KEYRING = 7,
};
request-key default keyrings
type serial
type serial = i32;
A key ID.
type caps
Show undocumented member
type caps = enum u8 {
CAPS0_CAPABILITIES = 1,
CAPS0_PERSISTENT_KEYRINGS = 2,
CAPS0_DIFFIE_HELLMAN = 4,
CAPS0_PUBLIC_KEY = 8,
CAPS0_BIG_KEY = 16,
CAPS0_INVALIDATE = 32,
CAPS0_RESTRICT_KEYRING = 64,
CAPS0_MOVE = 128,
CAPS1_NS_KEYRING_NAME = 1,
CAPS1_NS_KEY_TAG = 2,
CAPS1_NOTIFICATIONS = 4,
};
type perm
Show undocumented member
type perm = enum u32 {
KEY_OTH_VIEW = 1,
KEY_OTH_READ = 2,
KEY_OTH_WRITE = 4,
KEY_OTH_SEARCH = 8,
KEY_OTH_LINK = 16,
KEY_OTH_SETATTR = 32,
KEY_OTH_ALL = 63,
KEY_GRP_VIEW = 256,
KEY_GRP_READ = 512,
KEY_GRP_WRITE = 1024,
KEY_GRP_SEARCH = 2048,
KEY_GRP_LINK = 4096,
KEY_GRP_SETATTR = 8192,
KEY_GRP_ALL = 16128,
KEY_USR_VIEW = 65536,
KEY_USR_READ = 131072,
KEY_USR_WRITE = 262144,
KEY_USR_SEARCH = 524288,
KEY_USR_LINK = 1048576,
KEY_USR_SETATTR = 2097152,
KEY_USR_ALL = 4128768,
KEY_POS_VIEW = 16777216,
KEY_POS_READ = 33554432,
KEY_POS_WRITE = 67108864,
KEY_POS_SEARCH = 134217728,
KEY_POS_LINK = 268435456,
KEY_POS_SETATTR = 536870912,
KEY_POS_ALL = 1056964608,
};
type pkey_params
Show undocumented member
type pkey_params = struct {
key_id: i32,
in_len: u32,
union {
out_len: u32,
in2_len: u32,
},
__spare: [7]u32,
};
type pkey_query
Show undocumented member
type pkey_query = struct {
supported_ops: u32,
key_size: u32,
max_data_size: u16,
max_sig_size: u16,
max_enc_size: u16,
max_dec_size: u16,
__spare: [10]u32,
};
type support
Show undocumented member
type support = enum u32 {
SUPPORTS_ENCRYPT = 1,
SUPPORTS_DECRYPT = 2,
SUPPORTS_SIGN = 4,
SUPPORTS_VERIFY = 8,
};
Errors
type error
type error = !(nokey | errors::error);
A tagged union of all possible error types.
type nokey
type nokey = !void;
Returned when a desired key was not found.
Constants
def GROUP_KEYRING
def GROUP_KEYRING: serial = -6;
The caller's GID-specific keyring.
def PROCESS_KEYRING
def PROCESS_KEYRING: serial = -2;
The caller's process-specific keyring.
def REQKEY_AUTH_KEY
def REQKEY_AUTH_KEY: serial = -7;
The caller's GID-session keyring.
def REQUESTOR_KEYRING
def REQUESTOR_KEYRING: serial = -8;
The Key ID for the reqkey destination keyring.
def SESSION_KEYRING
def SESSION_KEYRING: serial = -3;
The caller's session-specific keyring.
def THREAD_KEYRING
def THREAD_KEYRING: serial = -1;
The caller's thread-specific keyring.
def USER_KEYRING
def USER_KEYRING: serial = -4;
The caller's UID-specific keyring.
def USER_SESSION_KEYRING
def USER_SESSION_KEYRING: serial = -5;
The caller's UID-session keyring.
Functions
fn add_key
fn add_key(keytype: str, name: str, payload: []u8, keyring: serial) (serial | error);
Adds a key to the kernel's key management facility.
fn chown
fn chown(id: serial, uid: uint, gid: uint) (void | error);
Changes the user and group ownership of the key.
fn get_keyring_id
fn get_keyring_id(key: serial, create: bool) (serial | error);
Maps a special key or keyring ID to the serial number of the key actually representing that feature. If it does not exist and 'create' is true, then the key or keyring will be created if it is appropriate to do so.
fn join_session_keyring
fn join_session_keyring(name: str) (serial | error);
Replace the session keyring this process subscribes to with a new session keyring using the given name, or, given an empty string, "_ses".
fn read
fn read(id: serial, buf: []u8) (size | error);
Reads the payload from a key, returning the size of the key data. The provided buffer may be empty to probe the key size without reading.
fn revoke
fn revoke(id: serial) (void | error);
Revoke the key with the provided ID.
fn setperm
fn setperm(id: serial, perm: perm) (void | error);
Changes the permissions mask of the key.
fn strerror
fn strerror(err: error) const str;
Converts an error into a human-friendly string.
fn update
fn update(id: serial, payload: []u8) (void | error);
Update a key's payload.