[RFC PATCH 0/5] KEYS: add kpp keyctl operations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This series provides keyctl access for kpp operations, including
a query function, a function to generate the public key that is
associated with the private key and a function to compute the
shared secret.

I've added a KPP ecdh parser so that you can load an ECDH private
key into the kernel. The ECDH private keys are expected to be encoded
with the ecdh helpers from kernel. If the private key is valid, the
parser will allocate a tfm and set the private key. There is a
one-to-one binding between the private key and the tfm. The tfm will be
associated with the key for the entire life of the key. The tfm is
allocated once and used as many times as needed.

The kernel patches can be found here also:

https://github.com/ambarus/linux/commits/keys-kpp

The keyutils changes can be found here:

https://github.com/ambarus/keyutils/commits/keys-kpp

These patches are similar to what David Howells proposed for akcipher:

https://www.mail-archive.com/linux-crypto@xxxxxxxxxxxxxxx/msg19915.html

I've ported David's patches on top of keys-next and then I've added my
patches on top of them.

Both proposals, David's and mine, lack support for accessing TPM.
Before getting familiar with TPM, please let me know how you feel
about this series.

Tudor Ambarus (5):
  KEYS: Provide key type operations for kpp ops
  KEYS: Provide keyctls to drive the new key type ops for kpp
  KEYS: Provide missing asym kpp subops for new key type ops
  KEYS: add asymmetric kpp subtype
  KEYS: add KPP ecdh parser

 Documentation/security/keys/core.rst     | 113 +++++++++++++++++
 crypto/asymmetric_keys/Kconfig           |  15 +++
 crypto/asymmetric_keys/Makefile          |   6 +
 crypto/asymmetric_keys/asym_kpp.c        | 142 +++++++++++++++++++++
 crypto/asymmetric_keys/asymmetric_type.c |  77 ++++++++++++
 crypto/asymmetric_keys/kpp_parser.c      | 124 +++++++++++++++++++
 include/crypto/asym_kpp_subtype.h        |  14 +++
 include/keys/asymmetric-subtype.h        |  12 ++
 include/linux/key-type.h                 |   7 ++
 include/linux/keyctl.h                   |  11 ++
 include/uapi/linux/keyctl.h              |  19 +++
 security/keys/Makefile                   |   1 +
 security/keys/compat.c                   |  10 ++
 security/keys/internal.h                 |  28 +++++
 security/keys/keyctl.c                   |  13 ++
 security/keys/keyctl_kpp.c               | 205 +++++++++++++++++++++++++++++++
 16 files changed, 797 insertions(+)
 create mode 100644 crypto/asymmetric_keys/asym_kpp.c
 create mode 100644 crypto/asymmetric_keys/kpp_parser.c
 create mode 100644 include/crypto/asym_kpp_subtype.h
 create mode 100644 security/keys/keyctl_kpp.c

-- 
2.9.4




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux