From: Stephan Mueller <smueller@chronox.de>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: David Woodhouse <dwmw2@infradead.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
linux-crypto@vger.kernel.org,
linux-kernel <linux-kernel@vger.kernel.org>,
linux-api@vger.kernel.org, David Howells <dhowells@redhat.com>
Subject: Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API
Date: Wed, 28 Oct 2015 02:29:59 +0100 [thread overview]
Message-ID: <4777180.cceLVNSOUa@myon.chronox.de> (raw)
In-Reply-To: <1CD8D5EC-1BAA-495E-B671-6423C3CA4104@holtmann.org>
Am Mittwoch, 28. Oktober 2015, 09:46:51 schrieb Marcel Holtmann:
Hi Marcel,
> So if a server has public/private key pair, then the first thing that should
> the server do is load this key pair into the kernel and retrieve a key
> serial for it. And then use this key id to derive the session key. That
> session key can then be used with AF_ALG and skcipher for the data
> shoveling.
>
> However that all said, the keys should never leave the kernel. Neither the
I personally do not fully agree here. For our day-to-day desktops and servers
I would fully and completely agree. But I see other use cases of Linux in
routers or other embedded systems where there may be other checks and balances
in place where this hard demand is not warranted.
Thus, I feel that this is a policy decision to be made in user space (see my
other email -- please answer on that topic there to keep a single thread).
> private key nor the session key. There is no point in sending keys through
> userspace. We actually do not want this at all. That is especially
> important if your actual private/public key pair is in hardware. So maybe
> your RSA accelerator might expose secure storage for the keys. Loading them
> over and over again from userspace makes no sense.
>
> As David mentioned, we need to take a deep look at what the userspace API
> for asymmetric cipher suites (and we also have needs for ECDH etc. and not
> just RSA) should look like. Just exposing akcipher via AF_ALG is premature.
> If we expose it now, it is not an API that we can take back. Having two
> userspace APIs for the exactly the same functionality is a bad thing.
> Especially if one is limited to software only keys.
Do not get me wrong, my patch is shall be there for all to comment. I have no
issues when we find a better solution. And I also do not like multiple
interfaces that would not be needed if we would have thought better.
>
> We also need to look at the larger picture here. And that is TLS support in
> the kernel. Potentially via AF_KCM or something similar.
With all due respect, I would object here. When we say yes to TLS (even if it
is parts of TLS up to the point where the KDF happens), we invite all higher
level crypto implementations: IKE, SNMP, SSH -- I would not want to go down
that path that started by simply supporting accelerated asymmetric ciphers.
Look at user space crypto libs: where is the most fuzz happening? Not in the
cipher implementations, but in the network protocols.
--
Ciao
Stephan
next prev parent reply other threads:[~2015-10-28 1:29 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-18 10:44 [PATCH v2 0/5] crypto: add algif_akcipher user space API Stephan Mueller
2015-10-18 10:45 ` [PATCH v2 1/5] MPI: fix off by one in mpi_read_raw_from_sgl Stephan Mueller
2015-10-19 23:25 ` Tadeusz Struk
[not found] ` <3192672.E3TvJmsW94-Veo+UhszpQh6vwJ5+F2VIg@public.gmane.org>
2015-10-20 14:20 ` Herbert Xu
2015-10-20 14:20 ` Herbert Xu
2015-10-18 10:46 ` [PATCH v2 2/5] crypto: AF_ALG -- add sign/verify API Stephan Mueller
2015-10-18 10:47 ` [PATCH v2 3/5] crypto: AF_ALG -- add setpubkey setsockopt call Stephan Mueller
[not found] ` <1500043.fUe7nt4IEH-Veo+UhszpQh6vwJ5+F2VIg@public.gmane.org>
2015-10-30 8:16 ` Marcel Holtmann
2015-10-30 8:16 ` Marcel Holtmann
2015-10-30 8:42 ` Stephan Mueller
2015-10-18 10:48 ` [PATCH v2 4/5] crypto: AF_ALG -- add asymmetric cipher interface Stephan Mueller
2015-10-18 10:49 ` [PATCH v2 5/5] crypto: algif_akcipher - enable compilation Stephan Mueller
[not found] ` <1831785.BBs8Hj3CxY-Veo+UhszpQh6vwJ5+F2VIg@public.gmane.org>
2015-10-19 1:32 ` [PATCH v2 0/5] crypto: add algif_akcipher user space API Herbert Xu
2015-10-19 1:32 ` Herbert Xu
2015-10-19 7:14 ` Stephan Mueller
2015-10-19 7:27 ` Herbert Xu
2015-10-27 4:54 ` Marcel Holtmann
[not found] ` <BDD3AC1F-26D5-41D2-863B-CF8C7BF5FFEE-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org>
2015-10-27 9:12 ` Stephan Mueller
2015-10-27 9:12 ` Stephan Mueller
[not found] ` <1979544.kURdYDnObN-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2015-10-27 9:19 ` David Woodhouse
2015-10-27 9:19 ` David Woodhouse
[not found] ` <1445937541.3405.75.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-10-27 10:50 ` Stephan Mueller
2015-10-27 10:50 ` Stephan Mueller
2015-10-27 23:15 ` David Woodhouse
2015-10-27 23:35 ` Stephan Mueller
[not found] ` <1499937.MpmApGzYrd-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2015-10-27 23:43 ` David Woodhouse
2015-10-27 23:43 ` David Woodhouse
[not found] ` <1445989396.3405.131.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-10-27 23:47 ` Stephan Mueller
2015-10-27 23:47 ` Stephan Mueller
2015-10-28 0:37 ` David Woodhouse
[not found] ` <1445992622.3405.148.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-10-28 1:18 ` Stephan Mueller
2015-10-28 1:18 ` Stephan Mueller
[not found] ` <2035809.AHCPW286O9-Veo+UhszpQh6vwJ5+F2VIg@public.gmane.org>
2015-10-28 1:36 ` David Woodhouse
2015-10-28 1:36 ` David Woodhouse
2015-10-28 0:46 ` Marcel Holtmann
2015-10-28 1:29 ` Stephan Mueller [this message]
2015-10-28 2:56 ` Marcel Holtmann
[not found] ` <F0D283A6-37C8-47EC-9DE0-998B8A59F138-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org>
2015-10-28 10:12 ` Stephan Mueller
2015-10-28 10:12 ` Stephan Mueller
2015-10-27 15:16 ` Tadeusz Struk
2015-10-27 15:16 ` Tadeusz Struk
2015-12-14 18:06 ` Tadeusz Struk
2015-12-14 18:06 ` Tadeusz Struk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4777180.cceLVNSOUa@myon.chronox.de \
--to=smueller@chronox.de \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-api@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.