[GIT PULL] KEYS: Keyring changes for security/next

[David Howells]

Hi James,

Can you pull my next branch into security/next?  Barring one fix, it's been
in linux-next since the 12th April.  That fix was to add a missing
dependency on a new IMA config option.  The keys-next branch is composed of
the merging of three other branches:

 (1) keys-misc.

     This contains some miscellaneous patches, including:

     (A) Efficiency enhancement in user_update().

     (B) big-type keys are encrypted with a random key when stored in a
     	 file.

     (C) Provision of KEYCTL_DH_COMPUTE to do Diffie-Hellman computations
     	 so that they can be offloaded to hardware if available in future.

 (2) keys-sig.

     These patches detach the public_key_signature struct from where it was
     previously stored when parsing X.509 and PKCS#7 and allocate it
     separately.  The signature details on an X.509 certificate is then
     retained with the asymmetric key so that trust determination can be
     made when a key is added to a keyring rather than just at the time the
     key is created.

     A bug is also fixed in the determination of whether an X.509
     certificate is self-signed (we were assuming that if a cert has
     neither AKID nor SKID then it must be self-signed).

 (3) keys-trust.

     These patches change how the trustworthiness of a certificate or key
     is determined.  It was originally based on being able to find a key in
     the system keyring that validated a signature.  This, however, got
     changed to add an IMA keyring as an additional source of keys.  With
     these patches, the signature on a key is checked any time a key is
     linked into a keyring.

     This is done by the use of a manager function that can be set on the
     target keyring and then gets to approve the addition of a key based on
     whatever criteria it likes.

     The IMA MOK keyring is absorbed into a general secondary system
     keyring and keys can be added there.  The builtin system keyring then
     only holds keys that were made part of the kernel at boot.  The
     manager function would then typically check one or both of these
     keyrings.

More information can be found in the merge messages for (2) and (3).

Thanks,
David
---
The following changes since commit 9735a22799b9214d17d3c231fe377fc852f042e9:

  Linux 4.6-rc2 (2016-04-03 09:09:40 -0500)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-next-20160505

for you to fetch changes up to d55201ce08bfae40ae0062be126f49471a55bcad:

  Merge branch 'keys-trust' into keys-next (2016-05-04 17:20:20 +0100)

----------------------------------------------------------------
Keyrings changes for next

----------------------------------------------------------------
Andreas Ziegler (1):
      security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA

David Howells (23):
      X.509: Whitespace cleanup
      KEYS: Allow authentication data to be stored in an asymmetric key
      KEYS: Add identifier pointers to public_key_signature struct
      X.509: Retain the key verification data
      PKCS#7: Make the signature a pointer rather than embedding it
      X.509: Extract signature digest and make self-signed cert checks earlier
      X.509: Fix self-signed determination
      KEYS: Generalise system_verify_data() to provide access to internal content
      PKCS#7: Make trust determination dependent on contents of trust keyring
      KEYS: Add a facility to restrict new links into a keyring
      KEYS: Move x509_request_asymmetric_key() to asymmetric_type.c
      KEYS: Generalise x509_request_asymmetric_key()
      X.509: Use verify_signature() if we have a struct key * to use
      X.509: Move the trust validation code out to its own file
      KEYS: Make the system trusted keyring depend on the asymmetric key type
      KEYS: Move the point of trust determination to __key_link()
      KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED
      certs: Add a secondary system keyring that can be added to dynamically
      IMA: Use the the system trusted keyrings instead of .ima_mok
      KEYS: user_update should use copy of payload made during preparsing
      Merge branch 'keys-misc' into keys-next
      Merge branch 'keys-sig' into keys-next
      Merge branch 'keys-trust' into keys-next

Kirill Marinushkin (1):
      Security: Keys: Big keys stored encrypted

Mat Martineau (1):
      KEYS: Add KEYCTL_DH_COMPUTE command

Paolo Abeni (1):
      security: drop the unused hook skb_owned_by

 Documentation/security/keys.txt           |  52 ++++++
 arch/x86/kernel/kexec-bzimage64.c         |  18 +-
 certs/Kconfig                             |   9 +
 certs/system_keyring.c                    | 139 +++++++++++---
 crypto/asymmetric_keys/Kconfig            |   6 +-
 crypto/asymmetric_keys/Makefile           |   5 +-
 crypto/asymmetric_keys/asymmetric_keys.h  |   2 +
 crypto/asymmetric_keys/asymmetric_type.c  |  96 +++++++++-
 crypto/asymmetric_keys/mscode_parser.c    |  21 +--
 crypto/asymmetric_keys/pkcs7_key_type.c   |  72 +++-----
 crypto/asymmetric_keys/pkcs7_parser.c     |  59 +++---
 crypto/asymmetric_keys/pkcs7_parser.h     |  11 +-
 crypto/asymmetric_keys/pkcs7_trust.c      |  43 ++---
 crypto/asymmetric_keys/pkcs7_verify.c     | 107 +++++------
 crypto/asymmetric_keys/public_key.c       |  20 +-
 crypto/asymmetric_keys/restrict.c         | 108 +++++++++++
 crypto/asymmetric_keys/signature.c        |  18 ++
 crypto/asymmetric_keys/verify_pefile.c    |  40 +---
 crypto/asymmetric_keys/verify_pefile.h    |   5 +-
 crypto/asymmetric_keys/x509_cert_parser.c |  52 +++---
 crypto/asymmetric_keys/x509_parser.h      |  12 +-
 crypto/asymmetric_keys/x509_public_key.c  | 297 +++++++++---------------------
 fs/cifs/cifsacl.c                         |   2 +-
 fs/nfs/nfs4idmap.c                        |   2 +-
 include/crypto/pkcs7.h                    |   6 +-
 include/crypto/public_key.h               |  33 ++--
 include/keys/asymmetric-subtype.h         |   2 +-
 include/keys/asymmetric-type.h            |  13 +-
 include/keys/system_keyring.h             |  41 ++---
 include/linux/key-type.h                  |   1 -
 include/linux/key.h                       |  44 +++--
 include/linux/lsm_hooks.h                 |   1 -
 include/linux/verification.h              |  49 +++++
 include/linux/verify_pefile.h             |  22 ---
 include/uapi/linux/keyctl.h               |  10 +
 kernel/module_signing.c                   |   7 +-
 net/dns_resolver/dns_key.c                |   2 +-
 net/rxrpc/ar-key.c                        |   4 +-
 security/integrity/Kconfig                |   1 -
 security/integrity/digsig.c               |  15 +-
 security/integrity/ima/Kconfig            |  36 ++--
 security/integrity/ima/Makefile           |   2 +-
 security/integrity/ima/ima_mok.c          |  23 +--
 security/keys/Kconfig                     |  15 ++
 security/keys/Makefile                    |   1 +
 security/keys/big_key.c                   | 198 ++++++++++++++++++--
 security/keys/compat.c                    |   4 +
 security/keys/dh.c                        | 160 ++++++++++++++++
 security/keys/internal.h                  |  12 ++
 security/keys/key.c                       |  42 ++++-
 security/keys/keyctl.c                    |   5 +
 security/keys/keyring.c                   |  46 ++++-
 security/keys/persistent.c                |   4 +-
 security/keys/process_keys.c              |  16 +-
 security/keys/request_key.c               |   4 +-
 security/keys/request_key_auth.c          |   2 +-
 security/keys/user_defined.c              |  42 ++---
 security/security.c                       |   1 -
 58 files changed, 1341 insertions(+), 719 deletions(-)
 create mode 100644 crypto/asymmetric_keys/restrict.c
 create mode 100644 include/linux/verification.h
 delete mode 100644 include/linux/verify_pefile.h
 create mode 100644 security/keys/dh.c