Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964775AbWAWUnI (ORCPT ); Mon, 23 Jan 2006 15:43:08 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964937AbWAWUnH (ORCPT ); Mon, 23 Jan 2006 15:43:07 -0500 Received: from 1-1-12-13a.han.sth.bostream.se ([82.182.30.168]:48052 "EHLO palpatine.hardeman.nu") by vger.kernel.org with ESMTP id S964775AbWAWUnF convert rfc822-to-8bit (ORCPT ); Mon, 23 Jan 2006 15:43:05 -0500 Cc: dhowells@redhat.com, david@2gen.com Subject: [PATCH 00/04] Add DSA key type In-Reply-To: <20060123173208.GA23964@2gen.com> X-Mailer: gregkh_patchbomb Date: Mon, 23 Jan 2006 21:42:32 +0100 Message-Id: <11380489522362@2gen.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Reply-To: David =?iso-8859-1?Q?H=E4rdeman?= To: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8BIT From: David =?iso-8859-1?Q?H=E4rdeman?= X-SA-Score: -0.8 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4013 Lines: 91 david@hardeman.nu, dhowells@redhat.com, david@2gen.com The following four patches add support for DSA keys to the in-kernel key management system. In-kernel dsa keys allows a process to use the request_key mechanism to request such keys on demand. One such example is a backup script that, when done, could issue a request for an appropriate ssh key. The request would then be forwarded by /sbin/request-key to the appropriate user who could supply the key which is in turn used by the backup script to transfer the results to a backup server. This allows for much more flexible and interesting solutions than passwordless ssh key files or shared ssh agents would ever be able to support. (I have a separate patch for openssh which allows ssh-add and ssh to work with in-kernel keys). In addition, the in-kernel keys have the advantage of being non-ptraceable, will not be swapped out to disk, and does not run the risk of being included in coredumps. The patch is split into four sub-patches: 1) Adds the multi-precision-integer maths library which was originally taken from GnuPG and ported to the kernel by David Howells in 2004 (http://people.redhat.com/~dhowells/modsign/modsign-269rc4mm1-2.diff.bz2) 2) Adds dsa cryptographic operations. Since a dsa signature is always two 160-bit integer, I've modeled the dsa crypto as a hash algorithm. 3) Changes the keyctl syscall to accept six arguments (is it valid to do so?) and adds encryption as one of the supported ops for in-kernel keys. 4) Adds the dsa in-kernel key type. This is quite some lines of code and may be controversial, so I've donned my finest asbestos underwear. Regards, David H?rdeman crypto/Kconfig | 15 crypto/Makefile | 2 crypto/dsa.c | 230 +++++ crypto/mpi/Makefile | 31 crypto/mpi/generic_mpi-asm-defs.h | 10 crypto/mpi/generic_mpih-add1.c | 65 + crypto/mpi/generic_mpih-lshift.c | 66 + crypto/mpi/generic_mpih-mul1.c | 60 + crypto/mpi/generic_mpih-mul2.c | 63 + crypto/mpi/generic_mpih-mul3.c | 64 + crypto/mpi/generic_mpih-rshift.c | 66 + crypto/mpi/generic_mpih-sub1.c | 63 + crypto/mpi/generic_udiv-w-sdiv.c | 108 ++ crypto/mpi/longlong.h | 1502 ++++++++++++++++++++++++++++++++++++++ crypto/mpi/mpi-add.c | 247 ++++++ crypto/mpi/mpi-bit.c | 255 ++++++ crypto/mpi/mpi-cmp.c | 72 + crypto/mpi/mpi-div.c | 350 ++++++++ crypto/mpi/mpi-gcd.c | 62 + crypto/mpi/mpi-inline.c | 32 crypto/mpi/mpi-inline.h | 128 +++ crypto/mpi/mpi-internal.h | 265 ++++++ crypto/mpi/mpi-inv.c | 190 ++++ crypto/mpi/mpi-mpow.c | 138 +++ crypto/mpi/mpi-mul.c | 203 +++++ crypto/mpi/mpi-pow.c | 325 ++++++++ crypto/mpi/mpi-scan.c | 143 +++ crypto/mpi/mpicoder.c | 390 +++++++++ crypto/mpi/mpih-cmp.c | 59 + crypto/mpi/mpih-div.c | 548 +++++++++++++ crypto/mpi/mpih-mul.c | 545 +++++++++++++ crypto/mpi/mpiutil.c | 237 +++++ include/linux/compat.h | 4 include/linux/dsa.h | 39 include/linux/key.h | 11 include/linux/keyctl.h | 1 include/linux/mpi.h | 154 +++ include/linux/syscalls.h | 5 security/Kconfig | 8 security/keys/Makefile | 1 security/keys/compat.c | 9 security/keys/dsa_key.c | 372 +++++++++ security/keys/keyctl.c | 72 + 43 files changed, 7201 insertions(+), 9 deletions(-) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/