diff --git a/man2/keyctl.2 b/man2/keyctl.2 index e45188a30..f7cb221d1 100644 --- a/man2/keyctl.2 +++ b/man2/keyctl.2 @@ -136,7 +136,7 @@ does not exist depends on the value of .IR int ). If .I arg3 -contains a non-zero value, then\(emif it is appropriate to do so +contains a nonzero value, then\(emif it is appropriate to do so (e.g., when looking up the user, user-session, or session key)\(ema new key is created and its real key ID returned as the function result. .\" The keyctl_get_keyring_ID.3 page says that a new key @@ -1504,31 +1504,33 @@ struct keyctl_kdf_params { .in .IP The -.B hashname -field is a null-terminated string which specifies hash name -(available into the kernel's crypto API; the list of the hashes available +.I hashname +field is a null-terminated string which specifies a hash name +(available in the kernel's crypto API; the list of the hashes available is rather tricky to observe; please refer to the -.URL https://www.kernel.org/doc/html/latest/crypto/architecture.html "Kernel Crypto API Architecture" -for the information regarding how hash names are constructed and -to your kernel's source and configuration regarding what ciphers +.UR https://www.kernel.org/doc/html/latest/crypto/architecture.html +("Kernel Crypto API Architecture") +.UE +documentation for the information regarding how hash names are constructed and +your kernel's source and configuration regarding what ciphers and templates with type .B CRYPTO_ALG_TYPE_SHASH are available) to be applied to DH result in KDF operation. .IP The -.B otherinfo +.I otherinfo field is an .I OtherInfo data as described in SP800-56A section 5.8.1.2 and is algorithm-specific. This data is concatenated with the result of DH operation and is provided as an input to the KDF operation. Its size is provided in the -.B otherinfolen +.I otherinfolen field and is limited by .B KEYCTL_KDF_MAX_OI_LEN constant that defined in -.B security/keys/internal.h +.I security/keys/internal.h to a value of 64. .IP The @@ -1570,7 +1572,7 @@ to which implicitly requested keys were linked .B KEYCTL_ASSUME_AUTHORITY Either 0, if the ID given was 0, or the ID of the authorization key matching the specified key, -if a non-zero key ID was provided. +if a nonzero key ID was provided. .TP .B KEYCTL_GET_SECURITY The size of the LSM security label string @@ -1619,34 +1621,34 @@ was and one of the following has failed: .RS .IP \(bu 3 -copying of -.BR "struct keyctl_dh_params" , -provided in +copying of the +.IR "struct keyctl_dh_params" , +provided in the .I arg2 -argument, from the user space; +argument, from user space; .IP \(bu -copying of -.BR "struct keyctl_kdf_params" , -provided in non-NULL +copying of the +.IR "struct keyctl_kdf_params" , +provided in the non-NULL .I arg5 -argument, from the user space +argument, from user space (in case kernel supports performing KDF operation on DH operation result); .IP \(bu -copying of data pointed by -.B hashname -field of -.B "struct keyctl_kdf_params" -from the user space; +copying of data pointed by the +.I hashname +field of the +.I "struct keyctl_kdf_params" +from user space; .IP \(bu -copying of data pointed by -.B otherinfo -field of -.B struct keyctl_kdf_params -from the user space if -.B otherinfolen -field was non-zero; +copying of data pointed by the +.I otherinfo +field of the +.I struct keyctl_kdf_params +from user space if the +.I otherinfolen +field was nonzero; .IP \(bu -copying of the result to the user space. +copying of the result to user space. .RE .TP .B EINVAL @@ -1697,9 +1699,9 @@ Provide 0 as a buffer size in order to obtain the minimum buffer size. was .B KEYCTL_DH_COMPUTE and the hash name provided in the -.B hashname +.I hashname field of the -.B struct keyctl_kdf_params +.I struct keyctl_kdf_params pointed by .I arg5 argument is too big (the limit is implementation-specific and varies between @@ -1711,13 +1713,12 @@ kernel versions, but it is deemed big enough for all valid algorithm names). was .B KEYCTL_DH_COMPUTE and the -.B __spare +.I __spare field of the -.B struct keyctl_kdf_params -provided in +.I struct keyctl_kdf_params +provided in the .I arg5 -argument -contains non-zero values. +argument contains nonzero values. .TP .B EKEYEXPIRED An expired key was found or specified. @@ -1743,9 +1744,9 @@ and the buffer length exceeds .B KEYCTL_KDF_MAX_OUTPUT_LEN (which is 1024 currently) or the -.B otherinfolen -field of -.B struct keyctl_kdf_parms +.I otherinfolen +field of the +.I struct keyctl_kdf_parms passed in .I arg5 exceeds @@ -1773,9 +1774,9 @@ and the key to be unlinked isn't linked to the keyring. was .B KEYCTL_DH_COMPUTE and the hashing algorithm specified in the -.B hashname +.I hashname field of the -.B struct keyctl_kdf_params +.I struct keyctl_kdf_params pointed by .I arg5 argument hasn't been found.