[PATCH 00/04] Add DSA key type

[PATCH 00/04] Add DSA key type

[David Härdeman]

david@hardeman.nu, dhowells@redhat.com, david@2gen.com
The following four patches add support for DSA keys to the in-kernel key 
management system. 

In-kernel dsa keys allows a process to use the request_key mechanism to 
request such keys on demand. One such example is a backup script that,
when done, could issue a request for an appropriate ssh key. The request
would then be forwarded by /sbin/request-key to the appropriate user who
could supply the key which is in turn used by the backup script to transfer
the results to a backup server. This allows for much more flexible and
interesting solutions than passwordless ssh key files or shared ssh
agents would ever be able to support. (I have a separate patch for 
openssh which allows ssh-add and ssh to work with in-kernel keys).

In addition, the in-kernel keys have the advantage of being non-ptraceable, 
will not be swapped out to disk, and does not run the risk of being included
in coredumps.

The patch is split into four sub-patches:

1) Adds the multi-precision-integer maths library which was originally taken
   from GnuPG and ported to the kernel by David Howells in 2004
   (http://people.redhat.com/~dhowells/modsign/modsign-269rc4mm1-2.diff.bz2)

2) Adds dsa cryptographic operations. Since a dsa signature is always two 
   160-bit integer, I've modeled the dsa crypto as a hash algorithm.

3) Changes the keyctl syscall to accept six arguments (is it valid to do so?)
   and adds encryption as one of the supported ops for in-kernel keys.

4) Adds the dsa in-kernel key type.

This is quite some lines of code and may be controversial, so I've donned my
finest asbestos underwear.

Regards,
David Härdeman <david@2gen.com>


 crypto/Kconfig                    |   15 
 crypto/Makefile                   |    2 
 crypto/dsa.c                      |  230 +++++
 crypto/mpi/Makefile               |   31 
 crypto/mpi/generic_mpi-asm-defs.h |   10 
 crypto/mpi/generic_mpih-add1.c    |   65 +
 crypto/mpi/generic_mpih-lshift.c  |   66 +
 crypto/mpi/generic_mpih-mul1.c    |   60 +
 crypto/mpi/generic_mpih-mul2.c    |   63 +
 crypto/mpi/generic_mpih-mul3.c    |   64 +
 crypto/mpi/generic_mpih-rshift.c  |   66 +
 crypto/mpi/generic_mpih-sub1.c    |   63 +
 crypto/mpi/generic_udiv-w-sdiv.c  |  108 ++
 crypto/mpi/longlong.h             | 1502 ++++++++++++++++++++++++++++++++++++++
 crypto/mpi/mpi-add.c              |  247 ++++++
 crypto/mpi/mpi-bit.c              |  255 ++++++
 crypto/mpi/mpi-cmp.c              |   72 +
 crypto/mpi/mpi-div.c              |  350 ++++++++
 crypto/mpi/mpi-gcd.c              |   62 +
 crypto/mpi/mpi-inline.c           |   32 
 crypto/mpi/mpi-inline.h           |  128 +++
 crypto/mpi/mpi-internal.h         |  265 ++++++
 crypto/mpi/mpi-inv.c              |  190 ++++
 crypto/mpi/mpi-mpow.c             |  138 +++
 crypto/mpi/mpi-mul.c              |  203 +++++
 crypto/mpi/mpi-pow.c              |  325 ++++++++
 crypto/mpi/mpi-scan.c             |  143 +++
 crypto/mpi/mpicoder.c             |  390 +++++++++
 crypto/mpi/mpih-cmp.c             |   59 +
 crypto/mpi/mpih-div.c             |  548 +++++++++++++
 crypto/mpi/mpih-mul.c             |  545 +++++++++++++
 crypto/mpi/mpiutil.c              |  237 +++++
 include/linux/compat.h            |    4 
 include/linux/dsa.h               |   39 
 include/linux/key.h               |   11 
 include/linux/keyctl.h            |    1 
 include/linux/mpi.h               |  154 +++
 include/linux/syscalls.h          |    5 
 security/Kconfig                  |    8 
 security/keys/Makefile            |    1 
 security/keys/compat.c            |    9 
 security/keys/dsa_key.c           |  372 +++++++++
 security/keys/keyctl.c            |   72 +
 43 files changed, 7201 insertions(+), 9 deletions(-)
 

Re: [PATCH 00/04] Add DSA key type

[David Härdeman]

On Mon, Jan 23, 2006 at 09:42:32PM +0100, David Härdeman wrote:
>The following four patches add support for DSA keys to the in-kernel key 
>management system. 
[...]
>1) Adds the multi-precision-integer maths library which was originally taken
>   from GnuPG and ported to the kernel by David Howells in 2004
>   (http://people.redhat.com/~dhowells/modsign/modsign-269rc4mm1-2.diff.bz2)

And in case that patch is caught by any size restrictions, it's also 
available at:
http://www.hardeman.nu/~david/lkml/01-add-mpilib.patch

Re,
David

Re: [PATCH 00/04] Add DSA key type

[David Howells]

David Härdeman <david@2gen.com> wrote:

> The following four patches add support for DSA keys to the in-kernel key 
> management system. 

Can you copy your emails to key management mailing list please:

	keyrings@linux-nfs.org
	http://linux-nfs.org/cgi-bin/mailman/listinfo/keyrings

David

Re: [PATCH 00/04] Add DSA key type

[Herbert Xu]

David H?rdeman <david@2gen.com> wrote:
>
> 3) Changes the keyctl syscall to accept six arguments (is it valid to do so?)
>   and adds encryption as one of the supported ops for in-kernel keys.

The asymmetric encryption support should be done inside the crypto/
framework rather than as an extension to the key management system.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 00/04] Add DSA key type

[David Härdeman]

On Fri, Jan 27, 2006 at 12:22:31PM +1100, Herbert Xu wrote:
>David H?rdeman <david@2gen.com> wrote:
>>
>> 3) Changes the keyctl syscall to accept six arguments (is it valid to do so?)
>>   and adds encryption as one of the supported ops for in-kernel keys.
>
>The asymmetric encryption support should be done inside the crypto/
>framework rather than as an extension to the key management system.

It is done inside the crypto/ framework. crypto/dsa.c implements the DSA 
signing as a hash crypto algorithm (since a DSA signature is two 160-bit 
integers, the result has a fixed size).

The above patch just adds the syscall to tell the in-kernel system that 
you wish to encrypt/sign something with a given key. In the case that 
the type of the given key is a DSA key, security/keys/dsa_key.c uses the 
dsa crypto alg from crypto/dsa.c to satisfy that request.

Regards,
David

Re: [PATCH 00/04] Add DSA key type

[Herbert Xu]

On Fri, Jan 27, 2006 at 08:23:45AM +0100, David H?rdeman wrote:
> On Fri, Jan 27, 2006 at 12:22:31PM +1100, Herbert Xu wrote:
> >David H?rdeman <david@2gen.com> wrote:
> >>
> >>3) Changes the keyctl syscall to accept six arguments (is it valid to do 
> >>so?)
> >>  and adds encryption as one of the supported ops for in-kernel keys.
> >
> >The asymmetric encryption support should be done inside the crypto/
> >framework rather than as an extension to the key management system.
> 
> It is done inside the crypto/ framework. crypto/dsa.c implements the DSA 
> signing as a hash crypto algorithm (since a DSA signature is two 160-bit 
> integers, the result has a fixed size).

Right.  I mistook the name encrypt to mean generic asymmetric encryption.
Now I see that it is simply an interface to the signature algorithm.
This is fine by me.  However, wouldn't "sign" be a better name for it?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 00/04] Add DSA key type

[David Härdeman]

On Fri, Jan 27, 2006 at 11:28:56PM +1100, Herbert Xu wrote:
>On Fri, Jan 27, 2006 at 08:23:45AM +0100, David H?rdeman wrote:
>>On Fri, Jan 27, 2006 at 12:22:31PM +1100, Herbert Xu wrote:
>>>The asymmetric encryption support should be done inside the crypto/
>>>framework rather than as an extension to the key management system.
>> 
>> It is done inside the crypto/ framework. crypto/dsa.c implements the DSA 
>> signing as a hash crypto algorithm (since a DSA signature is two 160-bit 
>> integers, the result has a fixed size).
>
>Right.  I mistook the name encrypt to mean generic asymmetric encryption.
>Now I see that it is simply an interface to the signature algorithm.
>This is fine by me.  However, wouldn't "sign" be a better name for it?
>

I don't know, the function which is performed upon the data is 
keytype-specific (i.e. with the dsa key the data is signed, with another 
key type it might be encrypted, etc). So perhaps the operation should be 
given a more generic name such as "crypto".

Re,
David

Re: [PATCH 00/04] Add DSA key type

[Herbert Xu]

On Fri, Jan 27, 2006 at 08:11:25PM +0000, David Howells wrote:
> David H?rdeman <david@2gen.com> wrote:
> 
> > I have no problems with moving it to lib/mpi unless someone feels its a bad
> > idea (DHowells, do you agree?).
> 
> I don't think that's the right place for it, except for the fact you can then
> use the archive library generated to only include as much of mpilib as you
> actually require. It seems to me that it should really belong with the crypto
> stuff.

IMHO crypto/ should only contain things that are actually part of the
crypto layer: API code and crypto_alg implementations.

We have precedents for this.  We have the crypto_alg implementation of
sha1 in crypto, but the actual algorithm lives in lib.  Ditto for crc
and zlib.

In this case, the MPI library is even further away from the crypto layer
than any of these cases since it is not a crypto algorithm by itself.
In fact, we can't be sure that there won't ever be another part of the
kernel that requires direct access to the MPI library without going
through the crypto layer.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 00/04] Add DSA key type

[David Howells]

David Härdeman <david@2gen.com> wrote:

> I have no problems with moving it to lib/mpi unless someone feels its a bad
> idea (DHowells, do you agree?).

I don't think that's the right place for it, except for the fact you can then
use the archive library generated to only include as much of mpilib as you
actually require. It seems to me that it should really belong with the crypto
stuff.

David

Re: [PATCH 00/04] Add DSA key type

[David Härdeman]

On Fri, Jan 27, 2006 at 12:10:06PM +1100, Herbert Xu wrote:
>David H?rdeman <david@2gen.com> wrote:
>>
>> crypto/mpi/Makefile               |   31 
>
>Wouldn't this make more sense under lib/mpi?

I have no problems with moving it to lib/mpi unless someone feels its a 
bad idea (DHowells, do you agree?).

Re,
David

Re: [PATCH 00/04] Add DSA key type

[Herbert Xu]

David H?rdeman <david@2gen.com> wrote:
>
> crypto/mpi/Makefile               |   31 

Wouldn't this make more sense under lib/mpi?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH 00/04] Add DSA key type

[David Härdeman]

The following four patches add support for DSA keys to the in-kernel key 
management system. 

In-kernel dsa keys allows a process to use the request_key mechanism to 
request such keys on demand. One such example is a backup script that,
when done, could issue a request for an appropriate ssh key. The request
would then be forwarded by /sbin/request-key to the appropriate user who
could supply the key which is in turn used by the backup script to transfer
the results to a backup server. This allows for much more flexible and
interesting solutions than passwordless ssh key files or shared ssh
agents would ever be able to support. (I have a separate patch for 
openssh which allows ssh-add and ssh to work with in-kernel keys).

In addition, the in-kernel keys have the advantage of being non-ptraceable, 
will not be swapped out to disk, and does not run the risk of being included
in coredumps. The functionality added by these patches should also be 
interesting to some other security features (such as signed modules, signed
binaries and possibly some encrypted filesystems).

The patch is split into four sub-patches:

1) Adds a multi-precision-integer maths library

2) Adds dsa cryptographic operations. Since a dsa signature is always two 
   160-bit integer, I've modeled the dsa crypto as a hash algorithm.

3) Adds encryption as one of the supported ops for in-kernel keys.

4) Adds the dsa in-kernel key type.

This is the second version of these patches with the following changes from 
the first version:

* Make sure all functions have proper dsa_ prefixes
* Use kenter/kleave/kdebug in dsa_key.c instead of duplicated versions
* Let key type decide which locking to use for encrypt ops (semaphore or rcu)
* Add KERN_XXX levels for printk's
* Merge newer mpilib from Fedora kernel 2.6.15-1.1871_FC5
* Change some non-tab whitespace to tabs
* Change mpilib exports from EXPORT_SYMBOL to EXPORT_SYMBOL_GPL
* Change crypto/dsa.c to copy key instead of referencing it
* Add documentation

Regards,
David Härdeman

--
 Documentation/keys.txt            |   77 +
 crypto/Kconfig                    |   15 
 crypto/Makefile                   |    2 
 crypto/dsa.c                      |  265 ++++++
 crypto/mpi/Makefile               |   31 
 crypto/mpi/generic_mpi-asm-defs.h |   10 
 crypto/mpi/generic_mpih-add1.c    |   64 +
 crypto/mpi/generic_mpih-lshift.c  |   66 +
 crypto/mpi/generic_mpih-mul1.c    |   60 +
 crypto/mpi/generic_mpih-mul2.c    |   63 +
 crypto/mpi/generic_mpih-mul3.c    |   64 +
 crypto/mpi/generic_mpih-rshift.c  |   66 +
 crypto/mpi/generic_mpih-sub1.c    |   63 +
 crypto/mpi/generic_udiv-w-sdiv.c  |  108 ++
 crypto/mpi/longlong.h             | 1502 ++++++++++++++++++++++++++++++++++++++
 crypto/mpi/mpi-add.c              |  241 ++++++
 crypto/mpi/mpi-bit.c              |  240 ++++++
 crypto/mpi/mpi-cmp.c              |   70 +
 crypto/mpi/mpi-div.c              |  342 ++++++++
 crypto/mpi/mpi-gcd.c              |   62 +
 crypto/mpi/mpi-inline.c           |   32 
 crypto/mpi/mpi-inline.h           |  128 +++
 crypto/mpi/mpi-internal.h         |  265 ++++++
 crypto/mpi/mpi-inv.c              |  189 ++++
 crypto/mpi/mpi-mpow.c             |  136 +++
 crypto/mpi/mpi-mul.c              |  199 +++++
 crypto/mpi/mpi-pow.c              |  324 ++++++++
 crypto/mpi/mpi-scan.c             |  127 +++
 crypto/mpi/mpicoder.c             |  388 +++++++++
 crypto/mpi/mpih-cmp.c             |   58 +
 crypto/mpi/mpih-div.c             |  545 +++++++++++++
 crypto/mpi/mpih-mul.c             |  537 +++++++++++++
 crypto/mpi/mpiutil.c              |  224 +++++
 include/linux/compat.h            |    4 
 include/linux/dsa.h               |   33 
 include/linux/key.h               |   10 
 include/linux/keyctl.h            |    1 
 include/linux/mpi.h               |  154 +++
 include/linux/syscalls.h          |    5 
 security/Kconfig                  |    8 
 security/keys/Makefile            |    1 
 security/keys/compat.c            |    9 
 security/keys/dsa_key.c           |  376 +++++++++
 security/keys/keyctl.c            |   67 +
 44 files changed, 7221 insertions(+), 10 deletions(-)