8 files changed, 273 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index a3238051b03e..1ca0b246f29f 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1043,5 +1043,6 @@ config CRYPTO_USER_API_SKCIPHER
          key cipher algorithms.
 source "drivers/crypto/Kconfig"
+source crypto/asymmetric_keys/Kconfig
 endif   # if CRYPTO
diff --git a/crypto/Makefile b/crypto/Makefile
index 30f33d675330..ced472e18fc3 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -96,3 +96,4 @@ obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o
 #
 obj-$(CONFIG_XOR_BLOCKS) += xor.o
 obj-$(CONFIG_ASYNC_CORE) += async_tx/
+obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys/
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
new file mode 100644
index 000000000000..cad29b3efa0e
--- /dev/null
+++ b/crypto/asymmetric_keys/Kconfig
@@ -0,0 +1,13 @@
+menuconfig ASYMMETRIC_KEY_TYPE
+        tristate "Asymmetric (public-key cryptographic) key type"
+        depends on KEYS
+        help
+          This option provides support for a key type that holds the data for
+          the asymmetric keys used for public key cryptographic operations such
+          as encryption, decryption, signature generation and signature
+          verification.
+if ASYMMETRIC_KEY_TYPE
+endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
new file mode 100644
index 000000000000..b725bcce4cfd
--- /dev/null
+++ b/crypto/asymmetric_keys/Makefile
@@ -0,0 +1,7 @@
+#
+# Makefile for asymmetric cryptographic keys
+#
+obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
+asymmetric_keys-y := asymmetric_type.o
diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h
new file mode 100644
index 000000000000..515b63430812
--- /dev/null
+++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -0,0 +1,15 @@
+/* Internal definitions for asymmetric key type
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+static inline const char *asymmetric_key_id(const struct key *key)
+{
+        return key->type_data.p[1];
+}
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
new file mode 100644
index 000000000000..bfb0424026aa
--- /dev/null
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -0,0 +1,156 @@
+/* Asymmetric public-key cryptography key type
+ *
+ * See Documentation/security/asymmetric-keys.txt
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#include <keys/asymmetric-subtype.h>
+#include <linux/seq_file.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include "asymmetric_keys.h"
+MODULE_LICENSE("GPL");
+/*
+ * Match asymmetric keys on (part of) their name
+ * We have some shorthand methods for matching keys.  We allow:
+ *
+ *      "<desc>"        - request a key by description
+ *      "id:<id>"       - request a key matching the ID
+ *      "<subtype>:<id>" - request a key of a subtype
+ */
+static int asymmetric_key_match(const struct key *key, const void *description)
+{
+        const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
+        const char *spec = description;
+        const char *id, *kid;
+        ptrdiff_t speclen;
+        size_t idlen, kidlen;
+        if (!subtype || !spec || !*spec)
+                return 0;
+        /* See if the full key description matches as is */
+        if (key->description && strcmp(key->description, description) == 0)
+                return 1;
+        /* All tests from here on break the criterion description into a
+         * specifier, a colon and then an identifier.
+         */
+        id = strchr(spec, ':');
+        if (!id)
+                return 0;
+        speclen = id - spec;
+        id++;
+        /* Anything after here requires a partial match on the ID string */
+        kid = asymmetric_key_id(key);
+        if (!kid)
+                return 0;
+        idlen = strlen(id);
+        kidlen = strlen(kid);
+        if (idlen > kidlen)
+                return 0;
+        kid += kidlen - idlen;
+        if (strcasecmp(id, kid) != 0)
+                return 0;
+        if (speclen == 2 &&
+            memcmp(spec, "id", 2) == 0)
+                return 1;
+        if (speclen == subtype->name_len &&
+            memcmp(spec, subtype->name, speclen) == 0)
+                return 1;
+        return 0;
+}
+/*
+ * Describe the asymmetric key
+ */
+static void asymmetric_key_describe(const struct key *key, struct seq_file *m)
+{
+        const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
+        const char *kid = asymmetric_key_id(key);
+        size_t n;
+        seq_puts(m, key->description);
+        if (subtype) {
+                seq_puts(m, ": ");
+                subtype->describe(key, m);
+                if (kid) {
+                        seq_putc(m, ' ');
+                        n = strlen(kid);
+                        if (n <= 8)
+                                seq_puts(m, kid);
+                        else
+                                seq_puts(m, kid + n - 8);
+                }
+                seq_puts(m, " [");
+                /* put something here to indicate the key's capabilities */
+                seq_putc(m, ']');
+        }
+}
+/*
+ * Instantiate a asymmetric_key defined key.  The key was preparsed, so we just
+ * have to transfer the data here.
+ */
+static int asymmetric_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
+{
+        return -EOPNOTSUPP;
+}
+/*
+ * dispose of the data dangling from the corpse of a asymmetric key
+ */
+static void asymmetric_key_destroy(struct key *key)
+{
+        struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
+        if (subtype) {
+                subtype->destroy(key->payload.data);
+                module_put(subtype->owner);
+                key->type_data.p[0] = NULL;
+        }
+        kfree(key->type_data.p[1]);
+        key->type_data.p[1] = NULL;
+}
+struct key_type key_type_asymmetric = {
+        .name           = "asymmetric",
+        .instantiate    = asymmetric_key_instantiate,
+        .match          = asymmetric_key_match,
+        .destroy        = asymmetric_key_destroy,
+        .describe       = asymmetric_key_describe,
+};
+EXPORT_SYMBOL_GPL(key_type_asymmetric);
+/*
+ * Module stuff
+ */
+static int __init asymmetric_key_init(void)
+{
+        return register_key_type(&key_type_asymmetric);
+}
+static void __exit asymmetric_key_cleanup(void)
+{
+        unregister_key_type(&key_type_asymmetric);
+}
+module_init(asymmetric_key_init);
+module_exit(asymmetric_key_cleanup);
diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h
new file mode 100644
index 000000000000..4b840e822209
--- /dev/null
+++ b/include/keys/asymmetric-subtype.h
@@ -0,0 +1,55 @@
+/* Asymmetric public-key cryptography key subtype
+ *
+ * See Documentation/security/asymmetric-keys.txt
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#ifndef _KEYS_ASYMMETRIC_SUBTYPE_H
+#define _KEYS_ASYMMETRIC_SUBTYPE_H
+#include <linux/seq_file.h>
+#include <keys/asymmetric-type.h>
+struct public_key_signature;
+/*
+ * Keys of this type declare a subtype that indicates the handlers and
+ * capabilities.
+ */
+struct asymmetric_key_subtype {
+        struct module           *owner;
+        const char              *name;
+        unsigned short          name_len;       /* length of name */
+        /* Describe a key of this subtype for /proc/keys */
+        void (*describe)(const struct key *key, struct seq_file *m);
+        /* Destroy a key of this subtype */
+        void (*destroy)(void *payload);
+        /* Verify the signature on a key of this subtype (optional) */
+        int (*verify_signature)(const struct key *key,
+                                const struct public_key_signature *sig);
+};
+/**
+ * asymmetric_key_subtype - Get the subtype from an asymmetric key
+ * @key: The key of interest.
+ *
+ * Retrieves and returns the subtype pointer of the asymmetric key from the
+ * type-specific data attached to the key.
+ */
+static inline
+struct asymmetric_key_subtype *asymmetric_key_subtype(const struct key *key)
+{
+        return key->type_data.p[0];
+}
+#endif /* _KEYS_ASYMMETRIC_SUBTYPE_H */
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
new file mode 100644
index 000000000000..7dd473496180
--- /dev/null
+++ b/include/keys/asymmetric-type.h
@@ -0,0 +1,25 @@
+/* Asymmetric Public-key cryptography key type interface
+ *
+ * See Documentation/security/asymmetric-keys.txt
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#ifndef _KEYS_ASYMMETRIC_TYPE_H
+#define _KEYS_ASYMMETRIC_TYPE_H
+#include <linux/key-type.h>
+extern struct key_type key_type_asymmetric;
+/*
+ * The payload is at the discretion of the subtype.
+ */
+#endif /* _KEYS_ASYMMETRIC_TYPE_H */

diff --git a/crypto/Kconfig b/crypto/Kconfig index a3238051b03e..1ca0b246f29f 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig
@@ -1043,5 +1043,6 @@ config CRYPTO_USER_API_SKCIPHER
1043	key cipher algorithms.	1043	key cipher algorithms.
1044		1044
1045	source "drivers/crypto/Kconfig"	1045	source "drivers/crypto/Kconfig"
		1046	source crypto/asymmetric_keys/Kconfig
1046		1047
1047	endif # if CRYPTO	1048	endif # if CRYPTO


diff --git a/crypto/Makefile b/crypto/Makefile index 30f33d675330..ced472e18fc3 100644 --- a/crypto/Makefile +++ b/crypto/Makefile
@@ -96,3 +96,4 @@ obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o
96	#	96	#
97	obj-$(CONFIG_XOR_BLOCKS) += xor.o	97	obj-$(CONFIG_XOR_BLOCKS) += xor.o
98	obj-$(CONFIG_ASYNC_CORE) += async_tx/	98	obj-$(CONFIG_ASYNC_CORE) += async_tx/
		99	obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys/


diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig new file mode 100644 index 000000000000..cad29b3efa0e --- /dev/null +++ b/crypto/asymmetric_keys/Kconfig
@@ -0,0 +1,13 @@
		1	menuconfig ASYMMETRIC_KEY_TYPE
		2	tristate "Asymmetric (public-key cryptographic) key type"
		3	depends on KEYS
		4	help
		5	This option provides support for a key type that holds the data for
		6	the asymmetric keys used for public key cryptographic operations such
		7	as encryption, decryption, signature generation and signature
		8	verification.
		9
		10	if ASYMMETRIC_KEY_TYPE
		11
		12
		13	endif # ASYMMETRIC_KEY_TYPE


diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile new file mode 100644 index 000000000000..b725bcce4cfd --- /dev/null +++ b/crypto/asymmetric_keys/Makefile
@@ -0,0 +1,7 @@
		1	#
		2	# Makefile for asymmetric cryptographic keys
		3	#
		4
		5	obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
		6
		7	asymmetric_keys-y := asymmetric_type.o


diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h new file mode 100644 index 000000000000..515b63430812 --- /dev/null +++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -0,0 +1,15 @@
		1	/* Internal definitions for asymmetric key type
		2	*
		3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		4	* Written by David Howells (dhowells@redhat.com)
		5	*
		6	* This program is free software; you can redistribute it and/or
		7	* modify it under the terms of the GNU General Public Licence
		8	* as published by the Free Software Foundation; either version
		9	* 2 of the Licence, or (at your option) any later version.
		10	*/
		11
		12	static inline const char asymmetric_key_id(const struct key key)
		13	{
		14	return key->type_data.p[1];
		15	}


diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c new file mode 100644 index 000000000000..bfb0424026aa --- /dev/null +++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -0,0 +1,156 @@
		1	/* Asymmetric public-key cryptography key type
		2	*
		3	* See Documentation/security/asymmetric-keys.txt
		4	*
		5	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		6	* Written by David Howells (dhowells@redhat.com)
		7	*
		8	* This program is free software; you can redistribute it and/or
		9	* modify it under the terms of the GNU General Public Licence
		10	* as published by the Free Software Foundation; either version
		11	* 2 of the Licence, or (at your option) any later version.
		12	*/
		13	#include <keys/asymmetric-subtype.h>
		14	#include <linux/seq_file.h>
		15	#include <linux/module.h>
		16	#include <linux/slab.h>
		17	#include "asymmetric_keys.h"
		18
		19	MODULE_LICENSE("GPL");
		20
		21	/*
		22	* Match asymmetric keys on (part of) their name
		23	* We have some shorthand methods for matching keys. We allow:
		24	*
		25	* "<desc>" - request a key by description
		26	* "id:<id>" - request a key matching the ID
		27	* "<subtype>:<id>" - request a key of a subtype
		28	*/
		29	static int asymmetric_key_match(const struct key key, const void description)
		30	{
		31	const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
		32	const char *spec = description;
		33	const char id, kid;
		34	ptrdiff_t speclen;
		35	size_t idlen, kidlen;
		36
		37	if (!subtype \|\| !spec \|\| !*spec)
		38	return 0;
		39
		40	/* See if the full key description matches as is */
		41	if (key->description && strcmp(key->description, description) == 0)
		42	return 1;
		43
		44	/* All tests from here on break the criterion description into a
		45	* specifier, a colon and then an identifier.
		46	*/
		47	id = strchr(spec, ':');
		48	if (!id)
		49	return 0;
		50
		51	speclen = id - spec;
		52	id++;
		53
		54	/* Anything after here requires a partial match on the ID string */
		55	kid = asymmetric_key_id(key);
		56	if (!kid)
		57	return 0;
		58
		59	idlen = strlen(id);
		60	kidlen = strlen(kid);
		61	if (idlen > kidlen)
		62	return 0;
		63
		64	kid += kidlen - idlen;
		65	if (strcasecmp(id, kid) != 0)
		66	return 0;
		67
		68	if (speclen == 2 &&
		69	memcmp(spec, "id", 2) == 0)
		70	return 1;
		71
		72	if (speclen == subtype->name_len &&
		73	memcmp(spec, subtype->name, speclen) == 0)
		74	return 1;
		75
		76	return 0;
		77	}
		78
		79	/*
		80	* Describe the asymmetric key
		81	*/
		82	static void asymmetric_key_describe(const struct key key, struct seq_file m)
		83	{
		84	const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
		85	const char *kid = asymmetric_key_id(key);
		86	size_t n;
		87
		88	seq_puts(m, key->description);
		89
		90	if (subtype) {
		91	seq_puts(m, ": ");
		92	subtype->describe(key, m);
		93
		94	if (kid) {
		95	seq_putc(m, ' ');
		96	n = strlen(kid);
		97	if (n <= 8)
		98	seq_puts(m, kid);
		99	else
		100	seq_puts(m, kid + n - 8);
		101	}
		102
		103	seq_puts(m, " [");
		104	/* put something here to indicate the key's capabilities */
		105	seq_putc(m, ']');
		106	}
		107	}
		108
		109	/*
		110	* Instantiate a asymmetric_key defined key. The key was preparsed, so we just
		111	* have to transfer the data here.
		112	*/
		113	static int asymmetric_key_instantiate(struct key key, struct key_preparsed_payload prep)
		114	{
		115	return -EOPNOTSUPP;
		116	}
		117
		118	/*
		119	* dispose of the data dangling from the corpse of a asymmetric key
		120	*/
		121	static void asymmetric_key_destroy(struct key *key)
		122	{
		123	struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
		124	if (subtype) {
		125	subtype->destroy(key->payload.data);
		126	module_put(subtype->owner);
		127	key->type_data.p[0] = NULL;
		128	}
		129	kfree(key->type_data.p[1]);
		130	key->type_data.p[1] = NULL;
		131	}
		132
		133	struct key_type key_type_asymmetric = {
		134	.name = "asymmetric",
		135	.instantiate = asymmetric_key_instantiate,
		136	.match = asymmetric_key_match,
		137	.destroy = asymmetric_key_destroy,
		138	.describe = asymmetric_key_describe,
		139	};
		140	EXPORT_SYMBOL_GPL(key_type_asymmetric);
		141
		142	/*
		143	* Module stuff
		144	*/
		145	static int __init asymmetric_key_init(void)
		146	{
		147	return register_key_type(&key_type_asymmetric);
		148	}
		149
		150	static void __exit asymmetric_key_cleanup(void)
		151	{
		152	unregister_key_type(&key_type_asymmetric);
		153	}
		154
		155	module_init(asymmetric_key_init);
		156	module_exit(asymmetric_key_cleanup);


diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h new file mode 100644 index 000000000000..4b840e822209 --- /dev/null +++ b/include/keys/asymmetric-subtype.h
@@ -0,0 +1,55 @@
		1	/* Asymmetric public-key cryptography key subtype
		2	*
		3	* See Documentation/security/asymmetric-keys.txt
		4	*
		5	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		6	* Written by David Howells (dhowells@redhat.com)
		7	*
		8	* This program is free software; you can redistribute it and/or
		9	* modify it under the terms of the GNU General Public Licence
		10	* as published by the Free Software Foundation; either version
		11	* 2 of the Licence, or (at your option) any later version.
		12	*/
		13
		14	#ifndef _KEYS_ASYMMETRIC_SUBTYPE_H
		15	#define _KEYS_ASYMMETRIC_SUBTYPE_H
		16
		17	#include <linux/seq_file.h>
		18	#include <keys/asymmetric-type.h>
		19
		20	struct public_key_signature;
		21
		22	/*
		23	* Keys of this type declare a subtype that indicates the handlers and
		24	* capabilities.
		25	*/
		26	struct asymmetric_key_subtype {
		27	struct module *owner;
		28	const char *name;
		29	unsigned short name_len; /* length of name */
		30
		31	/* Describe a key of this subtype for /proc/keys */
		32	void (describe)(const struct key key, struct seq_file *m);
		33
		34	/* Destroy a key of this subtype */
		35	void (destroy)(void payload);
		36
		37	/* Verify the signature on a key of this subtype (optional) */
		38	int (verify_signature)(const struct key key,
		39	const struct public_key_signature *sig);
		40	};
		41
		42	/**
		43	* asymmetric_key_subtype - Get the subtype from an asymmetric key
		44	* @key: The key of interest.
		45	*
		46	* Retrieves and returns the subtype pointer of the asymmetric key from the
		47	* type-specific data attached to the key.
		48	*/
		49	static inline
		50	struct asymmetric_key_subtype asymmetric_key_subtype(const struct key key)
		51	{
		52	return key->type_data.p[0];
		53	}
		54
		55	#endif /* _KEYS_ASYMMETRIC_SUBTYPE_H */


diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h new file mode 100644 index 000000000000..7dd473496180 --- /dev/null +++ b/include/keys/asymmetric-type.h
@@ -0,0 +1,25 @@
		1	/* Asymmetric Public-key cryptography key type interface
		2	*
		3	* See Documentation/security/asymmetric-keys.txt
		4	*
		5	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		6	* Written by David Howells (dhowells@redhat.com)
		7	*
		8	* This program is free software; you can redistribute it and/or
		9	* modify it under the terms of the GNU General Public Licence
		10	* as published by the Free Software Foundation; either version
		11	* 2 of the Licence, or (at your option) any later version.
		12	*/
		13
		14	#ifndef _KEYS_ASYMMETRIC_TYPE_H
		15	#define _KEYS_ASYMMETRIC_TYPE_H
		16
		17	#include <linux/key-type.h>
		18
		19	extern struct key_type key_type_asymmetric;
		20
		21	/*
		22	* The payload is at the discretion of the subtype.
		23	*/
		24
		25	#endif /* _KEYS_ASYMMETRIC_TYPE_H */