linux-keyutils 0.1.0

Rust interface to the Linux key-management facility. Provides a safe interface around the raw system calls allowing user-space programs to perform key manipulation.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

//! Example CLI application that allows you to interact
//! with the Linux kernel keyring from user space.
//!
//! Demo code for the linux_keyutils crate.
use clap::Parser;
use linux_keyutils::{Key, KeyRing, KeyRingIdentifier, KeySerialId};
use linux_keyutils::{KeyPermissionsBuilder, Permission};
use std::error::Error;
use zeroize::Zeroizing;

#[derive(Parser, Debug)]
#[clap(author, version, about, long_about = None)]
struct Args {
    #[clap(subcommand)]
    subcommand: Command,
}

#[derive(clap::Subcommand, Debug, PartialEq)]
enum Command {
    /// Create a new key
    Create {
        #[clap(short, long)]
        description: String,

        #[clap(short, long)]
        secret: String,
    },
    /// Read the secret from a key
    Read {
        #[clap(short, long)]
        id: i32,
    },
    /// Change ownership of a key
    Chown {
        #[clap(short, long)]
        id: i32,

        #[clap(short, long)]
        uid: Option<u32>,

        #[clap(short, long)]
        gid: Option<u32>,
    },
    /// Change permissions of a key
    Chmod {
        #[clap(short, long)]
        id: i32,
    },
    /// Invalidate a key
    Invalidate {
        #[clap(short, long)]
        id: i32,
    },
}

fn main() -> Result<(), Box<dyn Error>> {
    let args = Args::parse();

    // Obtain the default User keyring for the current UID/user
    // See [KeyRingIdentifier] and `man 2 keyctl` for more information on default
    // keyrings for processes.
    let ring = KeyRing::from_special_id(KeyRingIdentifier::User, false)?;

    _ = match args.subcommand {
        Command::Create {
            description,
            secret,
        } => {
            let key = ring.add_key(&description, &secret)?;
            println!("Created key with ID {:?}", key.get_id());
        }
        Command::Read { id } => {
            let key = Key::from_id(KeySerialId(id));
            let mut buf = Zeroizing::new([0u8; 2048]);
            let len = key.read(&mut buf)?;
            println!("Secret {:?}", std::str::from_utf8(&buf[..len])?);
        }
        Command::Chown { id, uid, gid } => {
            let key = Key::from_id(KeySerialId(id));
            key.chown(uid, gid)?;
        }
        Command::Chmod { id } => {
            let key = Key::from_id(KeySerialId(id));
            let perms = KeyPermissionsBuilder::builder()
                .user(Permission::ALL)
                .build();
            key.set_perm(perms)?;
        }
        Command::Invalidate { id } => {
            let key = Key::from_id(KeySerialId(id));
            key.invalidate()?;
        }
    };

    Ok(())
}