Preliminary LKI (Linux Key Infrastructure)

From: Kyle Moffett
Date: Fri Jul 23 2004 - 17:13:34 EST

Next message: Tony: "Seeking joint-venture partners for ERW oil casing project"
Previous message: Roger Luethi: "Re: LTT user input"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here is my starting work on a key architecture for the kernel. This hasn't even
been test compiled yet, so there are still bugs galore, but if anyone wants to
have a look, here it is:

Linux Key Infrastructure: <http://www.tjhsst.edu/~kmoffett/lki.tar.bz2>

Implemented:
- lki_key_t
A single key implemented with a generic blob

- lki_keytype_t
A keytype, either auto-generated by calling from user-space or
registered by a kernel module with lki_keytype_register

- lki_key_create, lki_key_destroy
Kernel functions to create and destroy keys. They allocate from
a number pool.

- lki_key_hash_add, lki_key_hash_remove, lki_key_hash_search
Kernel functions to look up keys by number.

In progress:
- lki_key_handle_t
This will be tied to a file-descriptor for access by user processes. If
a process "revokes" a given file-descriptor that it has open, then that
key file-descriptor and any that it created (children) through dup() or
being passed to another process will be destroyed.
- Permissions on lki_key_t
I'm still learning about this posix_acl_t stuff. It would be nice if
somebody could write a patch to seperate the POSIX ACL functions
from inodes so they could be applied to lki_key_t objects even when
the keyfs(TODO) isn't mounted

Not yet started:
- key-rings
They'll be a special case of a key where the BLOB contains a list of
lki_key_handle_t and some extra metadata.
- keyfs
I'm not ready to open _that_ can of worms yet
- syscall "keyctl"
Once I get the kernel-side interfaces finalized, I'll build keyctl to match.

Cheers,
Kyle Moffett

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a17 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r !y?(-)
------END GEEK CODE BLOCK------

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tony: "Seeking joint-venture partners for ERW oil casing project"
Previous message: Roger Luethi: "Re: LTT user input"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]