From: Tadeusz Struk <tadeusz.struk-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
To: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Tadeusz Struk <tstruk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org,
smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
marcel-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org,
dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org
Subject: Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type
Date: Wed, 13 Jan 2016 06:05:32 -0800 [thread overview]
Message-ID: <569659AC.9070506@intel.com> (raw)
In-Reply-To: <10464.1452691882-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
Hi David,
On 01/13/2016 05:31 AM, David Howells wrote:
>> > + pkey = keyring->payload.data[asym_crypto];
>> > + if (!pkey) {
>> > + key_put(keyring);
>> > + goto out;
>> > + }
>> > +
>> > + err = setkey(private, pkey->key, pkey->keylen);
>> > + key_put(keyring);
> Note that you may not assume that there's data there that you can use in this
> manner. The key might be a pointer to some hardware device such as a TPM. I
> have a TPM asymmetric subtype in progress.
So is there anything in place that can be used to tell what the key actually is?
The security/integrity/digsig_asymmetric.c is using this api in a similar way, so
if it is incorrect digsig_asymmetric shouldn't work neither.
>
> I think this really needs to be driven from a keyctl() because you need to let
> the asymmetric subtype decide how it wants to handle this. I would suggest
> adding KEYCTL_{ASYM_GETINFO,SIGN,VERIFY,ENCRYPT,DECRYPT} - the problem is how
> to pass sufficient arguments, how to decrypt the private key and what metadata
> needs to be passed vs what is inline with the data.
I agree, ideally keyctl should do the job for all the cases and request_key()
should just return a key data.
Thanks,
--
TS
WARNING: multiple messages have this Message-ID (diff)
From: Tadeusz Struk <tadeusz.struk@intel.com>
To: David Howells <dhowells@redhat.com>, Tadeusz Struk <tstruk@gmail.com>
Cc: herbert@gondor.apana.org.au, smueller@chronox.de,
linux-api@vger.kernel.org, marcel@holtmann.org,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, zohar@linux.vnet.ibm.com,
dwmw2@infradead.org
Subject: Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type
Date: Wed, 13 Jan 2016 06:05:32 -0800 [thread overview]
Message-ID: <569659AC.9070506@intel.com> (raw)
In-Reply-To: <10464.1452691882@warthog.procyon.org.uk>
Hi David,
On 01/13/2016 05:31 AM, David Howells wrote:
>> > + pkey = keyring->payload.data[asym_crypto];
>> > + if (!pkey) {
>> > + key_put(keyring);
>> > + goto out;
>> > + }
>> > +
>> > + err = setkey(private, pkey->key, pkey->keylen);
>> > + key_put(keyring);
> Note that you may not assume that there's data there that you can use in this
> manner. The key might be a pointer to some hardware device such as a TPM. I
> have a TPM asymmetric subtype in progress.
So is there anything in place that can be used to tell what the key actually is?
The security/integrity/digsig_asymmetric.c is using this api in a similar way, so
if it is incorrect digsig_asymmetric shouldn't work neither.
>
> I think this really needs to be driven from a keyctl() because you need to let
> the asymmetric subtype decide how it wants to handle this. I would suggest
> adding KEYCTL_{ASYM_GETINFO,SIGN,VERIFY,ENCRYPT,DECRYPT} - the problem is how
> to pass sufficient arguments, how to decrypt the private key and what metadata
> needs to be passed vs what is inline with the data.
I agree, ideally keyctl should do the job for all the cases and request_key()
should just return a key data.
Thanks,
--
TS
next prev parent reply other threads:[~2016-01-13 14:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-26 15:50 [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type Tadeusz Struk
[not found] ` <20151226155014.27615.14985.stgit-r49W/1Cwd2f9zxVx7UNMDg@public.gmane.org>
2016-01-12 5:56 ` Tadeusz Struk
2016-01-12 5:56 ` Tadeusz Struk
2016-01-13 12:27 ` David Woodhouse
2016-01-13 13:31 ` David Howells
[not found] ` <10464.1452691882-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-01-13 14:05 ` Tadeusz Struk [this message]
2016-01-13 14:05 ` Tadeusz Struk
[not found] ` <569659AC.9070506-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-01-13 15:06 ` David Woodhouse
2016-01-13 15:06 ` David Woodhouse
[not found] ` <1452697593.88154.49.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2016-01-13 16:14 ` Tadeusz Struk
2016-01-13 16:14 ` Tadeusz Struk
2016-01-16 10:51 ` David Howells
[not found] ` <1452688062.88154.32.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2016-01-13 13:36 ` David Howells
2016-01-13 13:36 ` David Howells
2016-01-13 13:45 ` David Woodhouse
2016-01-13 13:52 ` Tadeusz Struk
2016-01-13 13:52 ` Tadeusz Struk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=569659AC.9070506@intel.com \
--to=tadeusz.struk-ral2jqcrhueavxtiumwx3w@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org \
--cc=keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=marcel-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org \
--cc=smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org \
--cc=tstruk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.