linux/security/keys/encrypted_defined.c, branch master

encrypted-keys: rename encrypted_defined files to encrypted

2011-01-23T23:27:57Z

Rename encrypted_defined.c and encrypted_defined.h files to encrypted.c and encrypted.h, respectively. Based on request from David Howells. Signed-off-by: Mimi Zohar Acked-by: David Howells Signed-off-by: James Morris

KEYS: Do some style cleanup in the key management code.

2011-01-21T22:59:29Z

Do a bit of a style clean up in the key management code. No functional changes. Done using: perl -p -i -e 's!^/[*]*/\n!!' security/keys/*.c perl -p -i -e 's!} /[*] end [a-z0-9_]*[(][)] [*]/\n!}\n!' security/keys/*.c sed -i -s -e ": next" -e N -e 's/^\n[}]$/}/' -e t -e P -e 's/^.*\n//' -e "b next" security/keys/*.c To remove /*****/ lines, remove comments on the closing brace of a function to name the function and remove blank lines before the closing brace of a function. Signed-off-by: David Howells Signed-off-by: Linus Torvalds

encrypted-keys: style and other cleanup

2010-12-15T06:44:34Z

Cleanup based on David Howells suggestions: - use static const char arrays instead of #define - rename init_sdesc to alloc_sdesc - convert 'unsigned int' definitions to 'size_t' - revert remaining 'const unsigned int' definitions to 'unsigned int' Signed-off-by: Mimi Zohar Acked-by: David Howells Signed-off-by: James Morris

encrypted-keys: verify datablob size before converting to binary

2010-12-15T06:44:32Z

Verify the hex ascii datablob length is correct before converting the IV, encrypted data, and HMAC to binary. Reported-by: David Howells Signed-off-by: Mimi Zohar Acked-by: David Howells Signed-off-by: James Morris

keys: add missing include file for trusted and encrypted keys

2010-11-29T22:20:27Z

This patch fixes the linux-next powerpc build errors as reported by Stephen Rothwell. Reported-by: Stephen Rothwell Signed-off-by: Mimi Zohar Tested-by: Rajiv Andrade Signed-off-by: James Morris

keys: add new key-type encrypted

2010-11-28T21:55:29Z

Define a new kernel key-type called 'encrypted'. Encrypted keys are kernel generated random numbers, which are encrypted/decrypted with a 'trusted' symmetric key. Encrypted keys are created/encrypted/decrypted in the kernel. Userspace only ever sees/stores encrypted blobs. Changelog: - bug fix: replaced master-key rcu based locking with semaphore (reported by David Howells) - Removed memset of crypto_shash_digest() digest output - Replaced verification of 'key-type:key-desc' using strcspn(), with one based on string constants. - Moved documentation to Documentation/keys-trusted-encrypted.txt - Replace hash with shash (based on comments by David Howells) - Make lengths/counts size_t where possible (based on comments by David Howells) Could not convert most lengths, as crypto expects 'unsigned int' (size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long) - Add 'const' where possible (based on comments by David Howells) - allocate derived_buf dynamically to support arbitrary length master key (fixed by Roberto Sassu) - wait until late_initcall for crypto libraries to be registered - cleanup security/Kconfig - Add missing 'update' keyword (reported/fixed by Roberto Sassu) - Free epayload on failure to create key (reported/fixed by Roberto Sassu) - Increase the data size limit (requested by Roberto Sassu) - Crypto return codes are always 0 on success and negative on failure, remove unnecessary tests. - Replaced kzalloc() with kmalloc() Signed-off-by: Mimi Zohar Signed-off-by: David Safford Reviewed-by: Roberto Sassu Signed-off-by: James Morris