Crate twizzler_security

Source

Expand description

Security primitives and capabilities for Twizzler.

This crate provides the core security infrastructure including capabilities, delegations, gates, and security contexts.

§Features

kernel - Enable kernel-space functionality
user - Enable user-space functionality (mutually exclusive with kernel)

Structs§

Cap: A capability that represents authorization for a Security Context to access an object.
CapFlags: Flags pertaining to a Cap Currently only used to set which hashing scheme to use when forming a capability.
CtxMapItem: This type is stored inside the CtxMap. The map serves to store information about where Caps and Dels are stored inside the SecCtx object.
Del: A Delegation, which can be used to delegate capabilities into other security contexts. Currently not implemented
Gate: Gates are a range into an object that a Cap / Del provides access to. Typically Gates are set to the entire object, but can be defined to the byte-level. This primitive is used to support Secure API Calls TODO: link more info about secure api calls
Mask: Used to store Mask data that will be applied to permissions granted by a SecCtx for specific target object.
PermsInfo: Information about protections for a given object within a context.
Revoc: Specifies when a Capability is invalid. Currenty is a time in ns from unix epoch but plan to change later.
SecCtx: A User-space representation of a Security Context.
SecCtxBase: The base of a Security Context, holding a map to the capabilities and delegations stored inside, masks on targets
SecCtxFlags: Flags for a SecCtx.
Signature: Represents a Scheme agnostic Signature;
SigningKey: Helper type for keybuffer An Objects SigningKey, used in creating Caps and Dels. Is agnostic over SigningSchemes.
VerifyingKey: An Objects SigningKey, used to create an Object. Is also reffered to as an Objects’ kuid. The kernel uses this key to verify any Caps or Dels. Is agnostic over SigningSchemes.

Enums§

CtxMapItemType: The type of item stored inside the map inside the SecCtx.
DelInner: A delegation can hold a Delegation or a Capability
HashingAlgo: The hashing algorithm used when creating a Cap
SigningScheme: The signing scheme used when creating a Cap

Constants§

MAP_ITEMS_PER_OBJ: arbitrary number of map items per target object
MASKS_MAX: completely arbitrary amount of mask entries in a security context
MAX_KEY_SIZE: The maximum key size the security system supports NOTE: can be increased while preserving backwards compatibility.
OBJECT_ROOT_OFFSET: The root offset into the object, after the size of the base.
SEC_CTX_MAP_LEN: completely arbitrary amount of capabilites and delegations in a security context

Traits§

SecureBuilderExt: An extension trait for the ObjectBuilder from the twizzler crate that allows for the creation of objects that have restrained default permissions.

Crate twizzler_securityCopy item path

§Features

Structs§

Enums§

Constants§

Traits§

Crate twizzler_security