Confusion in the usage of linux key management APIs

Ranjan Sinha rnjn.sinha at gmail.com
Fri Mar 22 02:56:59 EDT 2013


Hi,

I need to store some crypto keys in the kernel where each key is
related to a path on the disk. A restricted set of users can create
files on such a path but the crypto keys are shared by all such user.
I am thinking of using linux kernel key management facilities for my
project. I have a usermode application that manages key and a kernel
module. However the add_key interface is not clear to me. How do I
create a global keyring that is accessible to everyone? Man page of
add_key has this to say about add_key

-----------------------8<------------------------------------8<----------------------
key_serial_t add_key(const char *type, const char *description, const
void *payload, size_t plen, key_serial_t keyring);

DESCRIPTION

add_key() asks the kernel to create or update a key of the given type
and description, Instantiate it with the payload of length plen, and
to attach it to the nominated keyring and to return its serial number.

The destination keyring serial number may be that of a valid keyring
to which the caller has write permission, or it may be a special
keyring ID:

KEY_SPEC_THREAD_KEYRING This specifies the caller's thread-specific keyring.

KEY_SPEC_PROCESS_KEYRING This specifies the caller's process-specific keyring.

KEY_SPEC_SESSION_KEYRING This specifies the caller's session-specific keyring.

KEY_SPEC_USER_KEYRING This specifies the caller's UID-specific keyring.

KEY_SPEC_USER_SESSION_KEYRING This specifies the caller's UID-session keyring.

-----------------------8<------------------------------------8<----------------------

I understand that I may need to register my own "type" in the kernel
using register_key_type API in the kernel. However I do not understand
what value should be passed to the keyring parameter. Also what is
meant by possessor in assigning permissions?

Also what should be passed to uid and gid parameters in the call to
kernel API key_alloc()

--
Regards,
Ranjan



More information about the Kernelnewbies mailing list