Add keyring package

In preparation for introducing support for the new filesystem-level keyrings, move the existing user keyring management code from security/keyring.go and crypto/crypto.go into a new package, 'keyring'. This package provides functions AddEncryptionKey, RemoveEncryptionKey, and GetEncryptionKeyStatus which delegate to either the filesystem keyring (added by a later patch) or to the user keyring. This provides a common interface to both types of keyrings, to the extent possible.
author: Eric Biggers <ebiggers@google.com> 2019-12-15 19:31:39 -0800
committer: Eric Biggers <ebiggers@google.com> 2020-01-05 10:02:13 -0800
commit: 462d166d5355d33a05271d24de4d52f30dd62f67 (patch)
tree: 9bf53558105694002d442e0d997a9bb2b95140e2 /actions/context.go
parent: 80654f23ebfd552277ed217a2c5e1d0bb1374189 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/actions/context.go b/actions/context.go
index 5a56789..7703db5 100644
--- a/actions/context.go
+++ b/actions/context.go
@@ -37,6 +37,7 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/keyring"
 	"github.com/google/fscrypt/metadata"
 	"github.com/google/fscrypt/util"
 )
@@ -145,6 +146,13 @@ func (ctx *Context) getService() string {
 	return unix.FSCRYPT_KEY_DESC_PREFIX
 }
 
+func (ctx *Context) getKeyringOptions() *keyring.Options {
+	return &keyring.Options{
+		User:    ctx.TargetUser,
+		Service: ctx.getService(),
+	}
+}
+
 // getProtectorOption returns the ProtectorOption for the protector on the
 // context's mountpoint with the specified descriptor.
 func (ctx *Context) getProtectorOption(protectorDescriptor string) *ProtectorOption {
author	Eric Biggers <ebiggers@google.com>	2019-12-15 19:31:39 -0800
committer	Eric Biggers <ebiggers@google.com>	2020-01-05 10:02:13 -0800
commit	462d166d5355d33a05271d24de4d52f30dd62f67 (patch)
tree	9bf53558105694002d442e0d997a9bb2b95140e2 /actions/context.go
parent	80654f23ebfd552277ed217a2c5e1d0bb1374189 (diff)