Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

[David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>]

[-- Attachment #1: Type: text/plain, Size: 1694 bytes --]

On Tue, 2015-10-27 at 10:12 +0100, Stephan Mueller wrote:
> 
> >after having discussions with David Howells and David Woodhouse, I don't
> >think we should expose akcipher via AF_ALG at all. I think the akcipher
> >operations for sign/verify/encrypt/decrypt should operate on asymmetric keys
> >in the first place. With akcipher you are pretty much bound to public and
> >private keys and the key is the important part and not the akcipher itself.
> >Especially since we want to support private keys in hardware (like TPM for
> >example).
> >
> >It seems more appropriate to use keyctl to derive the symmetric session key
> 
> Are you saying that you consider importing parts of TLS into the kernel? 
> Considering the use case where akcipher would be used to speed up network 
> protocols, I would imply that your comment refers to importing parts of that 
> network protocol into the kernel.
> 
> The key derivation that you mention here would be: RSA-based key exchange plus 
> the TLS KDF. Do we really want to load that into the kernel given that TLS is 
> one protocol and there are many others?

That's largely orthogonal to the point Marcel was making.

The point is that akcipher is limited to using keys for which we have
the private key material available directly in software. We cannot
expose that critically limited API to userspace. We need to expose an
API which supports hardware keys, and basically that means using the
kernel's key subsystem.

For a key which *happens* to be in software, the key subsystem may end
up *using* akcipher behind the scenes. But the API we expose to
userspace cannot simply be based on akcipher.

-- 
dwmw2



[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5691 bytes --]