pub struct Key { /* private fields */ }
Expand description
Representation of a kernel key.
Implementations§
source§impl Key
impl Key
sourcepub unsafe fn new(id: KeyringSerial) -> Self
pub unsafe fn new(id: KeyringSerial) -> Self
Instantiate a key from an ID.
This is unsafe because no key is known to exist with the given ID.
Safety
This method assumes that the given serial is a valid key ID at the kernel level.
sourcepub fn request<'s, 'a, K, D, I, T>(
description: D,
info: I,
target: T
) -> Result<Self>where
K: KeyType,
D: Borrow<K::Description>,
I: Into<Option<&'s str>>,
T: Into<Option<TargetKeyring<'a>>>,
pub fn request<'s, 'a, K, D, I, T>( description: D, info: I, target: T ) -> Result<Self>where K: KeyType, D: Borrow<K::Description>, I: Into<Option<&'s str>>, T: Into<Option<TargetKeyring<'a>>>,
Requests a key with the given type and description by searching the thread, process, and session keyrings.
If it is not found, the info
string (if provided) will be handed off to
/sbin/request-key
to generate the key.
If target
is given, the found keyring will be linked into it. If target
is not given
and a new key is constructed due to the request, it will be linked into the default
keyring (see Keyring::set_default
).
sourcepub fn is_keytype<K>(&self) -> Result<bool>where
K: KeyType,
pub fn is_keytype<K>(&self) -> Result<bool>where K: KeyType,
Determine whether the key is of a specific implementation or not.
sourcepub fn update<K, P>(&mut self, payload: P) -> Result<()>where
K: KeyType,
P: Borrow<K::Payload>,
pub fn update<K, P>(&mut self, payload: P) -> Result<()>where K: KeyType, P: Borrow<K::Payload>,
Update the payload in the key.
sourcepub fn chown(&mut self, uid: uid_t) -> Result<()>
pub fn chown(&mut self, uid: uid_t) -> Result<()>
Change the user which owns the key.
Requires the setattr
permission on the key and the SysAdmin capability to change it to
anything other than the current user.
sourcepub fn chgrp(&mut self, gid: gid_t) -> Result<()>
pub fn chgrp(&mut self, gid: gid_t) -> Result<()>
Change the group which owns the key.
Requires the setattr
permission on the key and the SysAdmin capability to change it to
anything other than a group of which the current user is a member.
sourcepub fn set_permissions(&mut self, perms: Permission) -> Result<()>
pub fn set_permissions(&mut self, perms: Permission) -> Result<()>
Set the permissions on the key.
Requires the setattr
permission on the key and the SysAdmin capability if the current
user does not own the key.
sourcepub fn description(&self) -> Result<Description>
pub fn description(&self) -> Result<Description>
Retrieve metadata about the key.
Panics
If the kernel returns malformed data, the parser will panic.
sourcepub fn read(&self) -> Result<Vec<u8>>
pub fn read(&self) -> Result<Vec<u8>>
Read the payload of the key. Requires read
permissions on the key.
sourcepub fn set_timeout(&mut self, timeout: Duration) -> Result<()>
pub fn set_timeout(&mut self, timeout: Duration) -> Result<()>
Set an expiration timer on the keyring to timeout
.
Any partial seconds are ignored. A timeout of 0 means “no expiration”. Requires the
setattr
permission on the key.
sourcepub fn security(&self) -> Result<String>
pub fn security(&self) -> Result<String>
The security context of the key.
Depends on the security manager loaded into the kernel (e.g., SELinux or AppArmor).
sourcepub fn invalidate(self) -> Result<()>
pub fn invalidate(self) -> Result<()>
Invalidates the key and schedules it for removal.
Requires the search
permission on the key.
sourcepub fn manage(&mut self) -> Result<KeyManager>
pub fn manage(&mut self) -> Result<KeyManager>
Create an object to manage a key request.
Before a key may be managed on a thread, an authorization key must be attached to an available thread keyring.
Only one key may be managed on a thread at a time. Managing a second key will
invalidate any previous KeyManager
constructions.
See KeyManager::request_key_auth_key
.
sourcepub fn compute_dh(private: &Key, prime: &Key, base: &Key) -> Result<Vec<u8>>
pub fn compute_dh(private: &Key, prime: &Key, base: &Key) -> Result<Vec<u8>>
Compute a Diffie-Hellman prime for use as a shared secret or public key.
sourcepub fn compute_dh_kdf<O>(
private: &Key,
prime: &Key,
base: &Key,
hash: KeyctlHash,
other: Option<O>
) -> Result<Vec<u8>>where
O: AsRef<[u8]>,
pub fn compute_dh_kdf<O>( private: &Key, prime: &Key, base: &Key, hash: KeyctlHash, other: Option<O> ) -> Result<Vec<u8>>where O: AsRef<[u8]>,
Compute a key from a Diffie-Hellman shared secret.
The base
key contains the remote public key to create a share secret which is then
processed using hash
.
See SP800-56A for details.
sourcepub fn pkey_query_support(
&self,
query: &PublicKeyOptions
) -> Result<KeySupportInfo>
pub fn pkey_query_support( &self, query: &PublicKeyOptions ) -> Result<KeySupportInfo>
Query which optionally supported features may be used by the key.
sourcepub fn encrypt(
&self,
options: &PublicKeyOptions,
data: &[u8]
) -> Result<Vec<u8>>
pub fn encrypt( &self, options: &PublicKeyOptions, data: &[u8] ) -> Result<Vec<u8>>
Encrypt data using the key.
sourcepub fn decrypt(
&self,
options: &PublicKeyOptions,
data: &[u8]
) -> Result<Vec<u8>>
pub fn decrypt( &self, options: &PublicKeyOptions, data: &[u8] ) -> Result<Vec<u8>>
Decrypt data using the key.