Re: [PATCH resend][CRYPTO]: RSA algorithm patch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bill Davidsen <davidsen@tmr.com>
To: Indan Zupancic <indan@nul.nu>
Cc: Tasos Parisinos <t.parisinos@sciensis.com>,
	Andi Kleen <andi@firstfloor.org>,
	herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org,
	randy.dunlap@oracle.com
Subject: Re: [PATCH resend][CRYPTO]: RSA algorithm patch
Date: Fri, 06 Apr 2007 23:53:24 -0400	[thread overview]
Message-ID: <461715B4.9060701@tmr.com> (raw)
In-Reply-To: <4152.81.207.0.53.1175900790.squirrel@secure.samage.net>

Indan Zupancic wrote:
> On Fri, April 6, 2007 23:30, Bill Davidsen wrote:
>   
>> Tasos Parisinos wrote:
>>     
>>> The main purpose behind the creation of this module was to create the
>>> cryptographic infrastructure to develop an in-kernel system of signed
>>> modules.
>>>
>>>       
>
>   
>>> Although this functionality can be achieved using userland helper
>>> programs this may create the need to physically secure entire
>>> filesystems which adds to the cost of developing such devices.
>>>       
>> So to save cost on your end you want to make this feature part of the
>> mainline kernel. Am I misreading your intent here?
>>     
>
> (Tasos was talking about the cost of securing whole file systems versus only
> the kernel binary.)
>
> But if that "entire filesystem" is initramfs, I don't
> see any problem. If it fits into the kernel, it also has enough room for an
> initramfs with a user space program with the RSA signing. I said this before,
> so please look up how initramfs works and tell us why that isn't sufficient
> for this case.
>
> I suspect your answer will be because it isn't the only part and a lot other
> infrastructure is need in the kernel to do all the binary signing. But that
> code you didn't post, only a MPI module, however nice, which is only a partial
> solution to what you want to achieve. Combine that with the kernel policy to
> not merge unused code, and you're in the current situation.
>
>   
>> Having said all this, we have a boatload of other crypto in the kernel,
>> if it's just the crypto module, like aes, anubis or micheal_mic, and is
>> GPL compatible, some people may agree. But if this is an embedded
>> system, and you have the patch, why not just apply it to your kernel and
>> forget mainline?
>>     
>
> Currently it's less than a cryptoapi module, as it only provide some functions
> to do multi-precision integer calculations, which happen to be the tricky part
> of implementing RSA.
>
> That said, this implementation seems quite good, from a code size and complexity
> point of view. So for that alone I think it wouldn't be bad to merge this or a
> modified version of this, even if it's unused by the rest of the kernel, it might
> be useful for other users. The burden to carry it along for the kernel is quite
> small, while the code is worth something and might get improved by their users,
> in the end having a central place to collect them. So I think from an open source
> ecological point of view, it wouldn't be bad to merge it.
>
> I see three possible way forwards (alternative is the status quo):
>
> 1) Move it to user space (into the initramfs embedded into the kernel).
> But you'd still need to add binary (modules, libs and programs) load hooks.
>
> 2) Flesh it out into a ready to use, full blown RSA cryptoAPI module. Whatever
> you said earlier, whether you want or not, it's just a block cipher, with the
> modulo as block size (I suspect there's some room for code simplification when
> assuming fixed block sizes too, by allocating blocksize * 2 space instead of
> resizing when needed).
>
>   
This would probably be the best solution, to provide most of the hooks 
while presenting the cryptoAPI for others to use if they wish. Good 
suggestion.
> 3) Go all the way, and post all the other kernel modifications too, to get the
> whole binary signing you want to achieve.
> Advantage will be that in the end you'll end up with something scrutinized to
> death. Disadvantage is that it will be scrutinized to death, as that can take
> a lot of time. Maybe you'll end up with a new LSM module, who knows?
>
> The list is in increasing order of difficulty and quality of your end code.
>
> It would help if you could find others who also wants something similar and
> work together to get it into the kernel. But even if the last step fails,
> you still have had people reviewing your code. And failing even that, you at
> least shared your code with the rest of the world, which is already something
> good (and required by the GPL. But doing it in the open is much more laudable
> than hiding it on a website).
>
> Greetings,
>
> Indan
>
>
>   
I think you have covered the possibilities, my read is that your item 
number two is most likely to be accepted.

-- 
Bill Davidsen <davidsen@tmr.com>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

next prev parent reply	other threads:[~2007-04-07  3:52 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-02  9:52 [PATCH resend][CRYPTO]: RSA algorithm patch Tasos Parisinos
2007-04-02 12:27 ` Andi Kleen
2007-04-02 11:50   ` Tasos Parisinos
2007-04-02 13:28     ` Andi Kleen
2007-04-02 15:10       ` Tasos Parisinos
2007-04-02 15:28         ` Andi Kleen
2007-04-03 16:03         ` Pavel Machek
2007-04-04  9:55           ` Tasos Parisinos
2007-04-04 12:01             ` Pavel Machek
2007-04-06 21:30     ` Bill Davidsen
2007-04-06 23:06       ` Indan Zupancic
2007-04-07  3:53         ` Bill Davidsen [this message]
2007-04-11 10:14           ` Tasos Parisinos
2007-04-11 14:37             ` Indan Zupancic
2007-04-12  8:34               ` Tasos Parisinos
2007-04-12  9:35                 ` Satyam Sharma
2007-04-12 12:22                   ` Indan Zupancic
2007-04-12 12:40                     ` Andi Kleen
2007-04-12 14:20                     ` Satyam Sharma
2007-04-12 15:01                       ` Indan Zupancic
2007-04-12 18:38                         ` Satyam Sharma
2007-04-12 19:05                           ` Indan Zupancic
2007-04-12 19:57                             ` Satyam Sharma
2007-04-12 20:44                               ` Indan Zupancic
2007-04-12 21:13                                 ` Satyam Sharma
2007-04-12 22:51                                   ` Indan Zupancic
2007-04-12 21:28                     ` David Wagner
2007-04-12 23:31                       ` Indan Zupancic
2007-04-13 13:56                         ` Tasos Parisinos
2007-04-12 13:09                 ` Indan Zupancic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=461715B4.9060701@tmr.com \
    --to=davidsen@tmr.com \
    --cc=andi@firstfloor.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=indan@nul.nu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=randy.dunlap@oracle.com \
    --cc=t.parisinos@sciensis.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.