keys: add new key-type encrypted

/*

 * Copyright (C) 2010 IBM Corporation

 * Author: Mimi Zohar <zohar@us.ibm.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation, version 2 of the License.

 */

#ifndef _KEYS_ENCRYPTED_TYPE_H

#define _KEYS_ENCRYPTED_TYPE_H

#include <linux/key.h>

#include <linux/rcupdate.h>

struct encrypted_key_payload {

	struct rcu_head rcu;

	char *master_desc;	/* datablob: master key name */

	char *datalen;		/* datablob: decrypted key length */

	u8 *iv;			/* datablob: iv */

	u8 *encrypted_data;	/* datablob: encrypted data */

	unsigned short datablob_len;	/* length of datablob */

	unsigned short decrypted_datalen;	/* decrypted data length */

	u8 decrypted_data[0];	/* decrypted data +  datablob + hmac */

};

extern struct key_type key_type_encrypted;

#endif /* _KEYS_ENCRYPTED_TYPE_H */

	  If you are unsure as to whether this is required, answer N.

	  If you are unsure as to whether this is required, answer N.

config ENCRYPTED_KEYS

	tristate "ENCRYPTED KEYS"

	depends on KEYS && TRUSTED_KEYS

	select CRYPTO_AES

	select CRYPTO_CBC

	select CRYPTO_SHA256

	select CRYPTO_RNG

	help

	  This option provides support for create/encrypting/decrypting keys

	  in the kernel.  Encrypted keys are kernel generated random numbers,

	  which are encrypted/decrypted with a 'master' symmetric key. The

	  'master' key can be either a trusted-key or user-key type.

	  Userspace only ever sees/stores encrypted blobs.

	  If you are unsure as to whether this is required, answer N.

config KEYS_DEBUG_PROC_KEYS

config KEYS_DEBUG_PROC_KEYS

	bool "Enable the /proc/keys file by which keys may be viewed"

	bool "Enable the /proc/keys file by which keys may be viewed"

	depends on KEYS

	depends on KEYS

	user_defined.o

	user_defined.o

obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o

obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o

obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o

obj-$(CONFIG_KEYS_COMPAT) += compat.o

obj-$(CONFIG_KEYS_COMPAT) += compat.o

obj-$(CONFIG_PROC_FS) += proc.o

obj-$(CONFIG_PROC_FS) += proc.o

obj-$(CONFIG_SYSCTL) += sysctl.o

obj-$(CONFIG_SYSCTL) += sysctl.o

#ifndef __ENCRYPTED_KEY_H

#define __ENCRYPTED_KEY_H

#define ENCRYPTED_DEBUG 0

#if ENCRYPTED_DEBUG

static inline void dump_master_key(const u8 *master_key,

				   unsigned int master_keylen)

{

	print_hex_dump(KERN_ERR, "master key: ", DUMP_PREFIX_NONE, 32, 1,

		       master_key, master_keylen, 0);

}

static inline void dump_decrypted_data(struct encrypted_key_payload *epayload)

{

	print_hex_dump(KERN_ERR, "decrypted data: ", DUMP_PREFIX_NONE, 32, 1,

		       epayload->decrypted_data,

		       epayload->decrypted_datalen, 0);

}

static inline void dump_encrypted_data(struct encrypted_key_payload *epayload,

				       unsigned int encrypted_datalen)

{

	print_hex_dump(KERN_ERR, "encrypted data: ", DUMP_PREFIX_NONE, 32, 1,

		       epayload->encrypted_data, encrypted_datalen, 0);

}

static inline void dump_hmac(const char *str, const u8 *digest,

			     unsigned int hmac_size)

{

	if (str)

		pr_info("encrypted_key: %s", str);

	print_hex_dump(KERN_ERR, "hmac: ", DUMP_PREFIX_NONE, 32, 1, digest,

		       hmac_size, 0);

}

#else

static inline void dump_master_key(const u8 *master_key,

				   unsigned int master_keylen)

{

}

static inline void dump_decrypted_data(struct encrypted_key_payload *epayload)

{

}

static inline void dump_encrypted_data(struct encrypted_key_payload *epayload,

				       unsigned int encrypted_datalen)

{

}

static inline void dump_hmac(const char *str, const u8 *digest,

			     unsigned int hmac_size)

{

}

#endif

#endif