From: Steve Grubb <sgrubb@redhat.com>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: Miloslav Trmac <mitr@redhat.com>,
Herbert Xu <herbert@gondor.hengli.com.au>,
Neil Horman <nhorman@redhat.com>,
Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>,
linux-crypto@vger.kernel.org, Linda Wang <lwang@redhat.com>
Subject: Re: [PATCH 0/4] RFC: "New" /dev/crypto user-space interface
Date: Tue, 10 Aug 2010 09:24:31 -0400 [thread overview]
Message-ID: <201008100924.32326.sgrubb@redhat.com> (raw)
In-Reply-To: <20100810124628.GA3072@hmsreliant.think-freely.org>
On Tuesday, August 10, 2010 08:46:28 am Neil Horman wrote:
> Specifically, my concerns are twofold:
>
> 1) struct format. By passing down a structure as your doing through an
> ioctl call, theres no way to extend/modify that structure easily for
> future use. For instance the integration of aead might I think requires a
> blocking factor to be sepcified, and entry for which you have no available
> field in your crypt_ops structure. If you extend the structure in a later
> release of this code, you create a potential incompatibility with user
> space because you are no longer guaranteed that the size of the crypt_op
> structure is the same, and you need to be prepared for a range of sizes to
> get passed down, at which point it becomes difficult to differentiate
> between older code thats properly formatted, and newer code thats
> legitimately broken. You might could add a version field to mitigate
> that, but it gets ugly pretty quickly.
Yeah, this does call out for versioning. But the ioctls are just for crypto
parameter setup. Hopefully, that doesn't change too much since its just to
select an algorithm, possibly ask for a key to be wrapped and loaded, or ask
for a key to be created and exported. After setup, you just start using the
device.
> Thats why I had suggested the use of a netlink protocol to manage this kind
> of interface. There are other issue to manage there, but they're really
> not that big a deal, comparatively speaking, and that interface allows for
> the easy specification of arbitrary length data in a fashion that doesn't
> cause user space breakage when additional algorithms/apis are added.
The problem with the netlink approach is that auditing is not as good because
netlink is an async protocol. The kernel can only use the credentials that
ride in the skb with the command since there is no guarantee the process has
not changed credentials by the time you get the packet. Adding more
credentials to the netlink headers is also not good. As it is now, the
auditing is synchronous with the syscall and we can get at more information
and reliably create the audit records called out by the protection profiles or
FIPS-140 level 2.
-Steve
next prev parent reply other threads:[~2010-08-10 13:24 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-05 20:17 [PATCH 0/4] RFC: "New" /dev/crypto user-space interface Miloslav Trmač
2010-08-05 20:17 ` [PATCH 1/4] User-space API definition Miloslav Trmač
2010-08-05 20:17 ` [PATCH 3/4] Auditing infrastructure Miloslav Trmač
2010-08-06 0:25 ` [PATCH 0/4] RFC: "New" /dev/crypto user-space interface Neil Horman
2010-08-07 0:54 ` Miloslav Trmac
2010-08-09 14:39 ` Herbert Xu
2010-08-10 0:00 ` Miloslav Trmac
2010-08-10 12:46 ` Neil Horman
2010-08-10 13:24 ` Steve Grubb [this message]
2010-08-10 14:37 ` Neil Horman
2010-08-10 14:47 ` Miloslav Trmac
2010-08-10 14:51 ` Neil Horman
2010-08-11 6:50 ` Linus Walleij
2010-08-11 23:10 ` Nikos Mavrogiannopoulos
[not found] ` <1281039477-29703-3-git-send-email-mitr@redhat.com>
2010-08-11 11:13 ` [PATCH 2/4] /dev/crypto implementation Herbert Xu
[not found] <801204854.134521281454377550.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-10 15:36 ` [PATCH 0/4] RFC: "New" /dev/crypto user-space interface Miloslav Trmac
2010-08-10 16:17 ` Neil Horman
[not found] <1036252728.135401281454634072.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-10 15:40 ` Miloslav Trmac
2010-08-10 16:40 ` Neil Horman
2010-08-10 16:57 ` Miloslav Trmac
2010-08-10 17:57 ` Neil Horman
2010-08-10 18:14 ` Steve Grubb
2010-08-10 18:45 ` Neil Horman
2010-08-10 19:10 ` Steve Grubb
2010-08-10 19:17 ` Neil Horman
2010-08-10 20:08 ` Steve Grubb
2010-08-10 18:19 ` Miloslav Trmac
2010-08-10 18:34 ` Herbert Xu
2010-08-10 18:36 ` Miloslav Trmac
2010-08-10 19:10 ` Neil Horman
2010-08-10 19:37 ` Miloslav Trmac
2010-08-10 18:12 ` Loc Ho
[not found] <15765372.157161281465237985.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-10 18:34 ` Miloslav Trmac
2010-08-10 18:39 ` Loc Ho
[not found] <1250838696.160111281466456373.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-10 18:58 ` Miloslav Trmac
2010-08-10 19:37 ` Neil Horman
[not found] <1649376471.162481281467800176.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-10 19:18 ` Miloslav Trmac
[not found] <897762024.164521281469254847.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-10 19:44 ` Miloslav Trmac
[not found] <227903841.184591281491835434.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-11 2:06 ` Miloslav Trmac
2010-08-11 11:46 ` Neil Horman
[not found] <2115846701.201281281525518833.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-11 11:31 ` Miloslav Trmac
[not found] <1488103333.203081281527737237.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-11 12:09 ` Miloslav Trmac
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201008100924.32326.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=herbert@gondor.hengli.com.au \
--cc=linux-crypto@vger.kernel.org \
--cc=lwang@redhat.com \
--cc=mitr@redhat.com \
--cc=n.mavrogiannopoulos@gmail.com \
--cc=nhorman@redhat.com \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.