mirror of https://github.com/mkerrisk/man-pages
keyctl.2: Minor fixes to Eugene's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
a02cbc788b
commit
df81149955
|
|
@ -136,7 +136,7 @@ does not exist depends on the value of
|
|||
.IR int ).
|
||||
If
|
||||
.I arg3
|
||||
contains a non-zero value, then\(emif it is appropriate to do so
|
||||
contains a nonzero value, then\(emif it is appropriate to do so
|
||||
(e.g., when looking up the user, user-session, or session key)\(ema new key
|
||||
is created and its real key ID returned as the function result.
|
||||
.\" The keyctl_get_keyring_ID.3 page says that a new key
|
||||
|
|
@ -1504,31 +1504,33 @@ struct keyctl_kdf_params {
|
|||
.in
|
||||
.IP
|
||||
The
|
||||
.B hashname
|
||||
field is a null-terminated string which specifies hash name
|
||||
(available into the kernel's crypto API; the list of the hashes available
|
||||
.I hashname
|
||||
field is a null-terminated string which specifies a hash name
|
||||
(available in the kernel's crypto API; the list of the hashes available
|
||||
is rather tricky to observe; please refer to the
|
||||
.URL https://www.kernel.org/doc/html/latest/crypto/architecture.html "Kernel Crypto API Architecture"
|
||||
for the information regarding how hash names are constructed and
|
||||
to your kernel's source and configuration regarding what ciphers
|
||||
.UR https://www.kernel.org/doc/html/latest/crypto/architecture.html
|
||||
("Kernel Crypto API Architecture")
|
||||
.UE
|
||||
documentation for the information regarding how hash names are constructed and
|
||||
your kernel's source and configuration regarding what ciphers
|
||||
and templates with type
|
||||
.B CRYPTO_ALG_TYPE_SHASH
|
||||
are available)
|
||||
to be applied to DH result in KDF operation.
|
||||
.IP
|
||||
The
|
||||
.B otherinfo
|
||||
.I otherinfo
|
||||
field is an
|
||||
.I OtherInfo
|
||||
data as described in SP800-56A section 5.8.1.2 and is algorithm-specific.
|
||||
This data is concatenated with the result of DH operation and is provided as
|
||||
an input to the KDF operation.
|
||||
Its size is provided in the
|
||||
.B otherinfolen
|
||||
.I otherinfolen
|
||||
field and is limited by
|
||||
.B KEYCTL_KDF_MAX_OI_LEN
|
||||
constant that defined in
|
||||
.B security/keys/internal.h
|
||||
.I security/keys/internal.h
|
||||
to a value of 64.
|
||||
.IP
|
||||
The
|
||||
|
|
@ -1570,7 +1572,7 @@ to which implicitly requested keys were linked
|
|||
.B KEYCTL_ASSUME_AUTHORITY
|
||||
Either 0, if the ID given was 0,
|
||||
or the ID of the authorization key matching the specified key,
|
||||
if a non-zero key ID was provided.
|
||||
if a nonzero key ID was provided.
|
||||
.TP
|
||||
.B KEYCTL_GET_SECURITY
|
||||
The size of the LSM security label string
|
||||
|
|
@ -1619,34 +1621,34 @@ was
|
|||
and one of the following has failed:
|
||||
.RS
|
||||
.IP \(bu 3
|
||||
copying of
|
||||
.BR "struct keyctl_dh_params" ,
|
||||
provided in
|
||||
copying of the
|
||||
.IR "struct keyctl_dh_params" ,
|
||||
provided in the
|
||||
.I arg2
|
||||
argument, from the user space;
|
||||
argument, from user space;
|
||||
.IP \(bu
|
||||
copying of
|
||||
.BR "struct keyctl_kdf_params" ,
|
||||
provided in non-NULL
|
||||
copying of the
|
||||
.IR "struct keyctl_kdf_params" ,
|
||||
provided in the non-NULL
|
||||
.I arg5
|
||||
argument, from the user space
|
||||
argument, from user space
|
||||
(in case kernel supports performing KDF operation on DH operation result);
|
||||
.IP \(bu
|
||||
copying of data pointed by
|
||||
.B hashname
|
||||
field of
|
||||
.B "struct keyctl_kdf_params"
|
||||
from the user space;
|
||||
copying of data pointed by the
|
||||
.I hashname
|
||||
field of the
|
||||
.I "struct keyctl_kdf_params"
|
||||
from user space;
|
||||
.IP \(bu
|
||||
copying of data pointed by
|
||||
.B otherinfo
|
||||
field of
|
||||
.B struct keyctl_kdf_params
|
||||
from the user space if
|
||||
.B otherinfolen
|
||||
field was non-zero;
|
||||
copying of data pointed by the
|
||||
.I otherinfo
|
||||
field of the
|
||||
.I struct keyctl_kdf_params
|
||||
from user space if the
|
||||
.I otherinfolen
|
||||
field was nonzero;
|
||||
.IP \(bu
|
||||
copying of the result to the user space.
|
||||
copying of the result to user space.
|
||||
.RE
|
||||
.TP
|
||||
.B EINVAL
|
||||
|
|
@ -1697,9 +1699,9 @@ Provide 0 as a buffer size in order to obtain the minimum buffer size.
|
|||
was
|
||||
.B KEYCTL_DH_COMPUTE
|
||||
and the hash name provided in the
|
||||
.B hashname
|
||||
.I hashname
|
||||
field of the
|
||||
.B struct keyctl_kdf_params
|
||||
.I struct keyctl_kdf_params
|
||||
pointed by
|
||||
.I arg5
|
||||
argument is too big (the limit is implementation-specific and varies between
|
||||
|
|
@ -1711,13 +1713,12 @@ kernel versions, but it is deemed big enough for all valid algorithm names).
|
|||
was
|
||||
.B KEYCTL_DH_COMPUTE
|
||||
and the
|
||||
.B __spare
|
||||
.I __spare
|
||||
field of the
|
||||
.B struct keyctl_kdf_params
|
||||
provided in
|
||||
.I struct keyctl_kdf_params
|
||||
provided in the
|
||||
.I arg5
|
||||
argument
|
||||
contains non-zero values.
|
||||
argument contains nonzero values.
|
||||
.TP
|
||||
.B EKEYEXPIRED
|
||||
An expired key was found or specified.
|
||||
|
|
@ -1743,9 +1744,9 @@ and the buffer length exceeds
|
|||
.B KEYCTL_KDF_MAX_OUTPUT_LEN
|
||||
(which is 1024 currently)
|
||||
or the
|
||||
.B otherinfolen
|
||||
field of
|
||||
.B struct keyctl_kdf_parms
|
||||
.I otherinfolen
|
||||
field of the
|
||||
.I struct keyctl_kdf_parms
|
||||
passed in
|
||||
.I arg5
|
||||
exceeds
|
||||
|
|
@ -1773,9 +1774,9 @@ and the key to be unlinked isn't linked to the keyring.
|
|||
was
|
||||
.B KEYCTL_DH_COMPUTE
|
||||
and the hashing algorithm specified in the
|
||||
.B hashname
|
||||
.I hashname
|
||||
field of the
|
||||
.B struct keyctl_kdf_params
|
||||
.I struct keyctl_kdf_params
|
||||
pointed by
|
||||
.I arg5
|
||||
argument hasn't been found.
|
||||
|
|
|
|||
Loading…
Reference in New Issue