keys: add new key-type encrypted

/*

 * Copyright (C) 2010 IBM Corporation

 * Author: Mimi Zohar <zohar@us.ibm.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation, version 2 of the License.

 */

#ifndef _KEYS_ENCRYPTED_TYPE_H

#define _KEYS_ENCRYPTED_TYPE_H

#include <linux/key.h>

#include <linux/rcupdate.h>

struct encrypted_key_payload {

	struct rcu_head rcu;

	char *master_desc;	/* datablob: master key name */

	char *datalen;		/* datablob: decrypted key length */

	u8 *iv;			/* datablob: iv */

	u8 *encrypted_data;	/* datablob: encrypted data */

	unsigned short datablob_len;	/* length of datablob */

	unsigned short decrypted_datalen;	/* decrypted data length */

	u8 decrypted_data[0];	/* decrypted data +  datablob + hmac */

};

extern struct key_type key_type_encrypted;

#endif /* _KEYS_ENCRYPTED_TYPE_H */

	  If you are unsure as to whether this is required, answer N.

config ENCRYPTED_KEYS

	tristate "ENCRYPTED KEYS"

	depends on KEYS && TRUSTED_KEYS

	select CRYPTO_AES

	select CRYPTO_CBC

	select CRYPTO_SHA256

	select CRYPTO_RNG

	help

	  This option provides support for create/encrypting/decrypting keys

	  in the kernel.  Encrypted keys are kernel generated random numbers,

	  which are encrypted/decrypted with a 'master' symmetric key. The

	  'master' key can be either a trusted-key or user-key type.

	  Userspace only ever sees/stores encrypted blobs.

	  If you are unsure as to whether this is required, answer N.

config KEYS_DEBUG_PROC_KEYS

	bool "Enable the /proc/keys file by which keys may be viewed"

	depends on KEYS

	user_defined.o

obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o

obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o

obj-$(CONFIG_KEYS_COMPAT) += compat.o

obj-$(CONFIG_PROC_FS) += proc.o

obj-$(CONFIG_SYSCTL) += sysctl.o