[PATCH 00/04] Add DSA key type

["David Härdeman" <david@2gen.com>]

david@hardeman.nu, dhowells@redhat.com, david@2gen.com
The following four patches add support for DSA keys to the in-kernel key 
management system. 

In-kernel dsa keys allows a process to use the request_key mechanism to 
request such keys on demand. One such example is a backup script that,
when done, could issue a request for an appropriate ssh key. The request
would then be forwarded by /sbin/request-key to the appropriate user who
could supply the key which is in turn used by the backup script to transfer
the results to a backup server. This allows for much more flexible and
interesting solutions than passwordless ssh key files or shared ssh
agents would ever be able to support. (I have a separate patch for 
openssh which allows ssh-add and ssh to work with in-kernel keys).

In addition, the in-kernel keys have the advantage of being non-ptraceable, 
will not be swapped out to disk, and does not run the risk of being included
in coredumps.

The patch is split into four sub-patches:

1) Adds the multi-precision-integer maths library which was originally taken
   from GnuPG and ported to the kernel by David Howells in 2004
   (http://people.redhat.com/~dhowells/modsign/modsign-269rc4mm1-2.diff.bz2)

2) Adds dsa cryptographic operations. Since a dsa signature is always two 
   160-bit integer, I've modeled the dsa crypto as a hash algorithm.

3) Changes the keyctl syscall to accept six arguments (is it valid to do so?)
   and adds encryption as one of the supported ops for in-kernel keys.

4) Adds the dsa in-kernel key type.

This is quite some lines of code and may be controversial, so I've donned my
finest asbestos underwear.

Regards,
David Härdeman <david@2gen.com>


 crypto/Kconfig                    |   15 
 crypto/Makefile                   |    2 
 crypto/dsa.c                      |  230 +++++
 crypto/mpi/Makefile               |   31 
 crypto/mpi/generic_mpi-asm-defs.h |   10 
 crypto/mpi/generic_mpih-add1.c    |   65 +
 crypto/mpi/generic_mpih-lshift.c  |   66 +
 crypto/mpi/generic_mpih-mul1.c    |   60 +
 crypto/mpi/generic_mpih-mul2.c    |   63 +
 crypto/mpi/generic_mpih-mul3.c    |   64 +
 crypto/mpi/generic_mpih-rshift.c  |   66 +
 crypto/mpi/generic_mpih-sub1.c    |   63 +
 crypto/mpi/generic_udiv-w-sdiv.c  |  108 ++
 crypto/mpi/longlong.h             | 1502 ++++++++++++++++++++++++++++++++++++++
 crypto/mpi/mpi-add.c              |  247 ++++++
 crypto/mpi/mpi-bit.c              |  255 ++++++
 crypto/mpi/mpi-cmp.c              |   72 +
 crypto/mpi/mpi-div.c              |  350 ++++++++
 crypto/mpi/mpi-gcd.c              |   62 +
 crypto/mpi/mpi-inline.c           |   32 
 crypto/mpi/mpi-inline.h           |  128 +++
 crypto/mpi/mpi-internal.h         |  265 ++++++
 crypto/mpi/mpi-inv.c              |  190 ++++
 crypto/mpi/mpi-mpow.c             |  138 +++
 crypto/mpi/mpi-mul.c              |  203 +++++
 crypto/mpi/mpi-pow.c              |  325 ++++++++
 crypto/mpi/mpi-scan.c             |  143 +++
 crypto/mpi/mpicoder.c             |  390 +++++++++
 crypto/mpi/mpih-cmp.c             |   59 +
 crypto/mpi/mpih-div.c             |  548 +++++++++++++
 crypto/mpi/mpih-mul.c             |  545 +++++++++++++
 crypto/mpi/mpiutil.c              |  237 +++++
 include/linux/compat.h            |    4 
 include/linux/dsa.h               |   39 
 include/linux/key.h               |   11 
 include/linux/keyctl.h            |    1 
 include/linux/mpi.h               |  154 +++
 include/linux/syscalls.h          |    5 
 security/Kconfig                  |    8 
 security/keys/Makefile            |    1 
 security/keys/compat.c            |    9 
 security/keys/dsa_key.c           |  372 +++++++++
 security/keys/keyctl.c            |   72 +
 43 files changed, 7201 insertions(+), 9 deletions(-)