From: "David Härdeman" <david@2gen.com>
To: linux-kernel@vger.kernel.org
Cc: dhowells@redhat.com, keyrings@linux-nfs.org, david@2gen.com
Subject: [PATCH 00/04] Add DSA key type
Date: Thu, 26 Jan 2006 22:58:14 +0100 [thread overview]
Message-ID: <1138312694656@2gen.com> (raw)
The following four patches add support for DSA keys to the in-kernel key
management system.
In-kernel dsa keys allows a process to use the request_key mechanism to
request such keys on demand. One such example is a backup script that,
when done, could issue a request for an appropriate ssh key. The request
would then be forwarded by /sbin/request-key to the appropriate user who
could supply the key which is in turn used by the backup script to transfer
the results to a backup server. This allows for much more flexible and
interesting solutions than passwordless ssh key files or shared ssh
agents would ever be able to support. (I have a separate patch for
openssh which allows ssh-add and ssh to work with in-kernel keys).
In addition, the in-kernel keys have the advantage of being non-ptraceable,
will not be swapped out to disk, and does not run the risk of being included
in coredumps. The functionality added by these patches should also be
interesting to some other security features (such as signed modules, signed
binaries and possibly some encrypted filesystems).
The patch is split into four sub-patches:
1) Adds a multi-precision-integer maths library
2) Adds dsa cryptographic operations. Since a dsa signature is always two
160-bit integer, I've modeled the dsa crypto as a hash algorithm.
3) Adds encryption as one of the supported ops for in-kernel keys.
4) Adds the dsa in-kernel key type.
This is the second version of these patches with the following changes from
the first version:
* Make sure all functions have proper dsa_ prefixes
* Use kenter/kleave/kdebug in dsa_key.c instead of duplicated versions
* Let key type decide which locking to use for encrypt ops (semaphore or rcu)
* Add KERN_XXX levels for printk's
* Merge newer mpilib from Fedora kernel 2.6.15-1.1871_FC5
* Change some non-tab whitespace to tabs
* Change mpilib exports from EXPORT_SYMBOL to EXPORT_SYMBOL_GPL
* Change crypto/dsa.c to copy key instead of referencing it
* Add documentation
Regards,
David Härdeman
--
Documentation/keys.txt | 77 +
crypto/Kconfig | 15
crypto/Makefile | 2
crypto/dsa.c | 265 ++++++
crypto/mpi/Makefile | 31
crypto/mpi/generic_mpi-asm-defs.h | 10
crypto/mpi/generic_mpih-add1.c | 64 +
crypto/mpi/generic_mpih-lshift.c | 66 +
crypto/mpi/generic_mpih-mul1.c | 60 +
crypto/mpi/generic_mpih-mul2.c | 63 +
crypto/mpi/generic_mpih-mul3.c | 64 +
crypto/mpi/generic_mpih-rshift.c | 66 +
crypto/mpi/generic_mpih-sub1.c | 63 +
crypto/mpi/generic_udiv-w-sdiv.c | 108 ++
crypto/mpi/longlong.h | 1502 ++++++++++++++++++++++++++++++++++++++
crypto/mpi/mpi-add.c | 241 ++++++
crypto/mpi/mpi-bit.c | 240 ++++++
crypto/mpi/mpi-cmp.c | 70 +
crypto/mpi/mpi-div.c | 342 ++++++++
crypto/mpi/mpi-gcd.c | 62 +
crypto/mpi/mpi-inline.c | 32
crypto/mpi/mpi-inline.h | 128 +++
crypto/mpi/mpi-internal.h | 265 ++++++
crypto/mpi/mpi-inv.c | 189 ++++
crypto/mpi/mpi-mpow.c | 136 +++
crypto/mpi/mpi-mul.c | 199 +++++
crypto/mpi/mpi-pow.c | 324 ++++++++
crypto/mpi/mpi-scan.c | 127 +++
crypto/mpi/mpicoder.c | 388 +++++++++
crypto/mpi/mpih-cmp.c | 58 +
crypto/mpi/mpih-div.c | 545 +++++++++++++
crypto/mpi/mpih-mul.c | 537 +++++++++++++
crypto/mpi/mpiutil.c | 224 +++++
include/linux/compat.h | 4
include/linux/dsa.h | 33
include/linux/key.h | 10
include/linux/keyctl.h | 1
include/linux/mpi.h | 154 +++
include/linux/syscalls.h | 5
security/Kconfig | 8
security/keys/Makefile | 1
security/keys/compat.c | 9
security/keys/dsa_key.c | 376 +++++++++
security/keys/keyctl.c | 67 +
44 files changed, 7221 insertions(+), 10 deletions(-)
next reply other threads:[~2006-01-26 21:58 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-26 21:58 David Härdeman [this message]
2006-01-26 21:58 ` [PATCH 03/04] Add encryption ops to the keyctl syscall David Härdeman
2006-01-26 21:58 ` [PATCH 01/04] Add multi-precision-integer maths library David Härdeman
2006-01-27 9:28 ` Christoph Hellwig
2006-01-27 20:07 ` David Howells
2006-01-27 20:41 ` David Härdeman
2006-01-27 22:19 ` [Keyrings] " Trond Myklebust
2006-01-27 23:35 ` Kyle Moffett
2006-01-28 0:27 ` Adrian Bunk
2006-01-28 3:45 ` Trond Myklebust
2006-01-28 7:17 ` Kyle Moffett
2006-01-28 10:39 ` Adrian Bunk
2006-01-28 0:22 ` Adrian Bunk
2006-01-28 10:46 ` David Härdeman
2006-01-28 13:03 ` Adrian Bunk
2006-01-28 17:09 ` David Härdeman
2006-01-28 16:37 ` [Keyrings] " Trond Myklebust
2006-01-28 16:57 ` David Härdeman
2006-01-29 3:20 ` Trond Myklebust
2006-01-29 11:33 ` David Härdeman
2006-01-29 12:29 ` Adrian Bunk
2006-01-29 13:09 ` Arjan van de Ven
2006-01-29 20:05 ` Steve French
2006-01-29 20:52 ` Arjan van de Ven
2006-01-29 21:41 ` Steve French
2006-02-06 12:31 ` David Howells
2006-01-29 23:18 ` Adrian Bunk
2006-01-29 13:18 ` David Härdeman
2006-01-29 23:36 ` Adrian Bunk
2006-01-30 18:09 ` Nix
2006-01-29 16:38 ` Trond Myklebust
2006-01-29 18:49 ` Dax Kelson
2006-01-29 19:10 ` Trond Myklebust
2006-01-29 21:29 ` David Härdeman
2006-01-29 21:46 ` Trond Myklebust
2006-01-29 21:13 ` David Härdeman
2006-01-29 21:28 ` Trond Myklebust
2006-01-29 22:02 ` David Härdeman
2006-01-29 22:05 ` Trond Myklebust
2006-01-29 22:54 ` Kyle Moffett
2006-01-29 23:07 ` Trond Myklebust
2006-01-29 23:15 ` Adrian Bunk
2006-01-29 21:09 ` Pavel Machek
2006-01-26 21:58 ` [PATCH 02/04] Add dsa crypto ops David Härdeman
2006-01-26 21:58 ` [PATCH 04/04] Add dsa key type David Härdeman
2006-01-27 1:10 ` [PATCH 00/04] Add DSA " Herbert Xu
2006-01-27 7:18 ` David Härdeman
2006-01-27 20:11 ` David Howells
2006-01-27 23:22 ` Herbert Xu
[not found] <20060123173208.GA23964@2gen.com>
2006-01-23 20:42 ` David Härdeman
2006-01-23 20:56 ` David Härdeman
2006-01-24 10:39 ` David Howells
2006-01-27 1:22 ` Herbert Xu
2006-01-27 7:23 ` David Härdeman
2006-01-27 12:28 ` Herbert Xu
2006-01-28 11:25 ` David Härdeman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1138312694656@2gen.com \
--to=david@2gen.com \
--cc=dhowells@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox