From: Tadeusz Struk <tadeusz.struk-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
To: Marcel Holtmann <marcel-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org>,
Stephan Mueller
<smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org>,
David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
Cc: Herbert Xu
<herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>,
linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API
Date: Mon, 14 Dec 2015 10:06:21 -0800 [thread overview]
Message-ID: <566F051D.4080408@intel.com> (raw)
In-Reply-To: <BDD3AC1F-26D5-41D2-863B-CF8C7BF5FFEE-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org>
Hi,
On 10/26/2015 09:54 PM, Marcel Holtmann wrote:
> Hi Stephan,
>
>> This patch set adds the AF_ALG user space API to externalize the
>> asymmetric cipher API recently added to the kernel crypto API.
>>
>> The patch set is tested with the user space library of libkcapi [1].
>> Use [1] test/test.sh for a full test run. The test covers the
>> following scenarios:
>>
>> * sendmsg of one IOVEC
>>
>> * sendmsg of 16 IOVECs with non-linear buffer
>>
>> * vmsplice of one IOVEC
>>
>> * vmsplice of 15 IOVECs with non-linear buffer
>>
>> * invoking multiple separate cipher operations with one
>> open cipher handle
>>
>> * encryption with private key (using vector from testmgr.h)
>>
>> * encryption with public key (using vector from testmgr.h)
>>
>> * decryption with private key (using vector from testmgr.h)
>
> after having discussions with David Howells and David Woodhouse, I don't think we should expose akcipher via AF_ALG at all. I think the akcipher operations for sign/verify/encrypt/decrypt should operate on asymmetric keys in the first place. With akcipher you are pretty much bound to public and private keys and the key is the important part and not the akcipher itself. Especially since we want to support private keys in hardware (like TPM for example).
>
> It seems more appropriate to use keyctl to derive the symmetric session key from your asymmetric key. And then use the symmetric session key id with skcipher via AF_ALG. Especially once symmetric key type has been introduced this seems to be trivial then.
>
> I am not really in favor of having two userspace facing APIs for asymmetric cipher usage. And we need to have an API that is capable to work with hardware keys.
If we would have something like this:
diff --git a/include/uapi/linux/if_alg.h b/include/uapi/linux/if_alg.h
index f2acd2f..02e6162 100644
--- a/include/uapi/linux/if_alg.h
+++ b/include/uapi/linux/if_alg.h
@@ -34,9 +34,12 @@ struct af_alg_iv {
#define ALG_SET_OP 3
#define ALG_SET_AEAD_ASSOCLEN 4
#define ALG_SET_AEAD_AUTHSIZE 5
+#define ALG_SET_PUBKEY 6
+#define ALG_SET_PUBKEY_ID 7
in case of ALG_SET_PUBKEY the key will be provided by user space
and in case of ALG_SET_PUBKEY_ID the PF_ALG layer will retrieve the
key from the keyring using the ID provided form user space.
Will this be ok with you Marcel and David?
Thanks,
--
TS
prev parent reply other threads:[~2015-12-14 18:06 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-18 10:44 [PATCH v2 0/5] crypto: add algif_akcipher user space API Stephan Mueller
2015-10-18 10:45 ` [PATCH v2 1/5] MPI: fix off by one in mpi_read_raw_from_sgl Stephan Mueller
2015-10-19 23:25 ` Tadeusz Struk
[not found] ` <3192672.E3TvJmsW94-Veo+UhszpQh6vwJ5+F2VIg@public.gmane.org>
2015-10-20 14:20 ` Herbert Xu
2015-10-18 10:46 ` [PATCH v2 2/5] crypto: AF_ALG -- add sign/verify API Stephan Mueller
2015-10-18 10:47 ` [PATCH v2 3/5] crypto: AF_ALG -- add setpubkey setsockopt call Stephan Mueller
[not found] ` <1500043.fUe7nt4IEH-Veo+UhszpQh6vwJ5+F2VIg@public.gmane.org>
2015-10-30 8:16 ` Marcel Holtmann
2015-10-30 8:42 ` Stephan Mueller
2015-10-18 10:48 ` [PATCH v2 4/5] crypto: AF_ALG -- add asymmetric cipher interface Stephan Mueller
2015-10-18 10:49 ` [PATCH v2 5/5] crypto: algif_akcipher - enable compilation Stephan Mueller
[not found] ` <1831785.BBs8Hj3CxY-Veo+UhszpQh6vwJ5+F2VIg@public.gmane.org>
2015-10-19 1:32 ` [PATCH v2 0/5] crypto: add algif_akcipher user space API Herbert Xu
2015-10-19 7:14 ` Stephan Mueller
2015-10-19 7:27 ` Herbert Xu
2015-10-27 4:54 ` Marcel Holtmann
[not found] ` <BDD3AC1F-26D5-41D2-863B-CF8C7BF5FFEE-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org>
2015-10-27 9:12 ` Stephan Mueller
[not found] ` <1979544.kURdYDnObN-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2015-10-27 9:19 ` David Woodhouse
[not found] ` <1445937541.3405.75.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-10-27 10:50 ` Stephan Mueller
2015-10-27 23:15 ` David Woodhouse
2015-10-27 23:35 ` Stephan Mueller
[not found] ` <1499937.MpmApGzYrd-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2015-10-27 23:43 ` David Woodhouse
[not found] ` <1445989396.3405.131.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-10-27 23:47 ` Stephan Mueller
2015-10-28 0:37 ` David Woodhouse
[not found] ` <1445992622.3405.148.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-10-28 1:18 ` Stephan Mueller
[not found] ` <2035809.AHCPW286O9-Veo+UhszpQh6vwJ5+F2VIg@public.gmane.org>
2015-10-28 1:36 ` David Woodhouse
2015-10-28 0:46 ` Marcel Holtmann
2015-10-28 1:29 ` Stephan Mueller
2015-10-28 2:56 ` Marcel Holtmann
[not found] ` <F0D283A6-37C8-47EC-9DE0-998B8A59F138-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org>
2015-10-28 10:12 ` Stephan Mueller
2015-10-27 15:16 ` Tadeusz Struk
2015-12-14 18:06 ` Tadeusz Struk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=566F051D.4080408@intel.com \
--to=tadeusz.struk-ral2jqcrhueavxtiumwx3w@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=marcel-kz+m5ild9QBg9hUCZPvPmw@public.gmane.org \
--cc=smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).