[email protected], [email protected], [email protected]
The following four patches add support for DSA keys to the in-kernel key
management system.
In-kernel dsa keys allows a process to use the request_key mechanism to
request such keys on demand. One such example is a backup script that,
when done, could issue a request for an appropriate ssh key. The request
would then be forwarded by /sbin/request-key to the appropriate user who
could supply the key which is in turn used by the backup script to transfer
the results to a backup server. This allows for much more flexible and
interesting solutions than passwordless ssh key files or shared ssh
agents would ever be able to support. (I have a separate patch for
openssh which allows ssh-add and ssh to work with in-kernel keys).
In addition, the in-kernel keys have the advantage of being non-ptraceable,
will not be swapped out to disk, and does not run the risk of being included
in coredumps.
The patch is split into four sub-patches:
1) Adds the multi-precision-integer maths library which was originally taken
from GnuPG and ported to the kernel by David Howells in 2004
(http://people.redhat.com/~dhowells/modsign/modsign-269rc4mm1-2.diff.bz2)
2) Adds dsa cryptographic operations. Since a dsa signature is always two
160-bit integer, I've modeled the dsa crypto as a hash algorithm.
3) Changes the keyctl syscall to accept six arguments (is it valid to do so?)
and adds encryption as one of the supported ops for in-kernel keys.
4) Adds the dsa in-kernel key type.
This is quite some lines of code and may be controversial, so I've donned my
finest asbestos underwear.
Regards,
David Härdeman <[email protected]>
crypto/Kconfig | 15
crypto/Makefile | 2
crypto/dsa.c | 230 +++++
crypto/mpi/Makefile | 31
crypto/mpi/generic_mpi-asm-defs.h | 10
crypto/mpi/generic_mpih-add1.c | 65 +
crypto/mpi/generic_mpih-lshift.c | 66 +
crypto/mpi/generic_mpih-mul1.c | 60 +
crypto/mpi/generic_mpih-mul2.c | 63 +
crypto/mpi/generic_mpih-mul3.c | 64 +
crypto/mpi/generic_mpih-rshift.c | 66 +
crypto/mpi/generic_mpih-sub1.c | 63 +
crypto/mpi/generic_udiv-w-sdiv.c | 108 ++
crypto/mpi/longlong.h | 1502 ++++++++++++++++++++++++++++++++++++++
crypto/mpi/mpi-add.c | 247 ++++++
crypto/mpi/mpi-bit.c | 255 ++++++
crypto/mpi/mpi-cmp.c | 72 +
crypto/mpi/mpi-div.c | 350 ++++++++
crypto/mpi/mpi-gcd.c | 62 +
crypto/mpi/mpi-inline.c | 32
crypto/mpi/mpi-inline.h | 128 +++
crypto/mpi/mpi-internal.h | 265 ++++++
crypto/mpi/mpi-inv.c | 190 ++++
crypto/mpi/mpi-mpow.c | 138 +++
crypto/mpi/mpi-mul.c | 203 +++++
crypto/mpi/mpi-pow.c | 325 ++++++++
crypto/mpi/mpi-scan.c | 143 +++
crypto/mpi/mpicoder.c | 390 +++++++++
crypto/mpi/mpih-cmp.c | 59 +
crypto/mpi/mpih-div.c | 548 +++++++++++++
crypto/mpi/mpih-mul.c | 545 +++++++++++++
crypto/mpi/mpiutil.c | 237 +++++
include/linux/compat.h | 4
include/linux/dsa.h | 39
include/linux/key.h | 11
include/linux/keyctl.h | 1
include/linux/mpi.h | 154 +++
include/linux/syscalls.h | 5
security/Kconfig | 8
security/keys/Makefile | 1
security/keys/compat.c | 9
security/keys/dsa_key.c | 372 +++++++++
security/keys/keyctl.c | 72 +
43 files changed, 7201 insertions(+), 9 deletions(-)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]