From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "James Bottomley" <James.Bottomley@HansenPartnership.com>,
"Eric Biggers" <ebiggers@kernel.org>,
"Zhang Yiqun" <zhangyiqun@phytium.com.cn>
Cc: <dhowells@redhat.com>, <corbet@lwn.net>,
<keyrings@vger.kernel.org>, <linux-doc@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH] KEYS: Add ECDH support
Date: Sun, 31 Mar 2024 18:44:19 +0300 [thread overview]
Message-ID: <D081UQF5758Q.3TO9YN0PEQ0O1@kernel.org> (raw)
In-Reply-To: <087bbfcf95c9014ee8f87d482773244f0833b892.camel@HansenPartnership.com>
On Sat Mar 30, 2024 at 3:09 PM EET, James Bottomley wrote:
> On Sat, 2024-03-30 at 00:04 -0700, Eric Biggers wrote:
> > [+Cc linux-crypto]
> >
> > On Sat, Mar 30, 2024 at 02:55:06PM +0800, Zhang Yiqun wrote:
> > > This patch is to introduce ECDH into keyctl syscall for
> > > userspace usage, containing public key generation and
> > > shared secret computation.
> > >
> > > It is mainly based on dh code, so it has the same condition
> > > to the input which only user keys is supported. The output
> > > result is storing into the buffer with the provided length.
> > >
> > > Signed-off-by: Zhang Yiqun <zhangyiqun@phytium.com.cn>
> > > ---
> > > Documentation/security/keys/core.rst | 62 ++++++
> > > include/linux/compat.h | 4 +
> > > include/uapi/linux/keyctl.h | 11 +
> > > security/keys/Kconfig | 12 +
> > > security/keys/Makefile | 2 +
> > > security/keys/compat_ecdh.c | 50 +++++
> > > security/keys/ecdh.c | 318
> > > +++++++++++++++++++++++++++
> > > security/keys/internal.h | 44 ++++
> > > security/keys/keyctl.c | 10 +
> > > 9 files changed, 513 insertions(+)
> > > create mode 100644 security/keys/compat_ecdh.c
> > > create mode 100644 security/keys/ecdh.c
> >
> > Nacked-by: Eric Biggers <ebiggers@google.com>
> >
> > The existing KEYCTL_PKEY_*, KEYCTL_DH_COMPUTE, and AF_ALG are causing
> > enough problems. We do not need any more UAPIs like this. They are
> > hard to maintain, break often, not properly documented, increase the
> > kernel's attack surface, and what they do is better done in
> > userspace.
>
> Actually that's not entirely true. There is a use case for keys which
> is where you'd like to harden unwrapped key handling and don't have the
> ability to use a device. The kernel provides a harder exfiltration
> environment than user space, so there is a use case for getting the
> kernel to handle operations on unwrapped keys for the protection it
> affords the crytpographic key material.
>
> For instance there are people who use the kernel keyring to replace
> ssh-agent and thus *reduce* the attack surface they have for storing
> ssh keys:
>
> https://blog.cloudflare.com/the-linux-kernel-key-retention-service-and-why-you-should-use-it-in-your-next-application/
>
> The same thing could be done with gpg keys or the gnome keyring.
Eric has a correct standing given that the commit message does not have
motivation part at all.
With a description of the problem that this patch is supposed to solve
this would be more meaningful to review.
BR, Jarkko
next prev parent reply other threads:[~2024-03-31 15:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-30 6:55 [PATCH] KEYS: Add ECDH support Zhang Yiqun
2024-03-30 7:04 ` Eric Biggers
2024-03-30 13:09 ` James Bottomley
2024-03-31 0:48 ` Eric Biggers
2024-03-31 2:38 ` Denis Kenzior
2024-03-31 2:38 ` Denis Kenzior
2024-03-31 13:01 ` James Bottomley
2024-03-31 15:44 ` Jarkko Sakkinen [this message]
2024-03-30 11:00 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D081UQF5758Q.3TO9YN0PEQ0O1@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zhangyiqun@phytium.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.