From: Miloslav Trmac <mitr@redhat.com>
To: Kyle Moffett <kyle@moffetthome.net>
Cc: Herbert Xu <herbert@gondor.hengli.com.au>,
linux-crypto@vger.kernel.org,
Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>,
Neil Horman <nhorman@redhat.com>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>
Subject: Re: [PATCH 01/19] User-space API definition
Date: Mon, 23 Aug 2010 11:37:40 -0400 (EDT) [thread overview]
Message-ID: <1269957386.1124701282577860651.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> (raw)
In-Reply-To: <1278368294.1123931282577639823.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
----- "Kyle Moffett" <kyle@moffetthome.net> wrote:
> On Fri, Aug 20, 2010 at 04:45, Miloslav Trmač <mitr@redhat.com>
> wrote:
> > * ioctl(NCRIO_KEY_INIT) to allocate a key object; then generate the key
> > material inside the kernel, load a plaintext key, unwrap a key, or
> > derive a key. Similarly the key material can be copied out of the
> > kernel or wrapped.
> >
> Ugh... We already have one very nice key/keyring API in the kernel
> (see Documentation/keys.txt) that's being used for crypto keys for
> NFSv4, AFS, etc. Can't you just add a bunch of cryptoapi key types to
> that API instead?
I have examined that API; going purely by the names, having only one facility to manage "keys" does sound reasonable.
Looking at the details, the keyring API is primarily designed for long-term secure storage of unstructured, named blobs, in various namespaces - in some respects it is quite similar to a memory-only filesystem: each key has an explicit name and permissions, there is a hierarchy, and keys are designed to be shared between processes (although in some namespaces they are not).
The keys for crypto are often short-lived, almost exclusively local to a specific process, most don't have an unique name (which means a kernel-choosen integer is a better identifier than an application-choosen string, especially if user-space libraries hide the existence of the kernel crypto API from applications, because choosing an unique string identifier is non-trivial). The crypto keys also are also formatted for use by a specific algorithm, often using a non-trivial format (e.g. a RSA key should be internally stored as the separate integer components, not as a blob). They have some attribute flags, with no overlap with the flags in the keyring API.
I can see almost no overlap between the two sets of requirements. Probably the only common use case is handling session keys (e.g. keys used in a kerberos ticket), which should be stored in the kernel for the duration of the session, made available to each process in the session, and available as keys for kernel crypto. Such keys will be in the minority, though, and it seems to me the best approach for handling these is to allow key export/import from/to keyring keys in addition to export/import from/to data in userspace: the long-term storage would be handled by the existing keyring API, which stores the key as unformatted binary data, and import into the crypto context would convert the key into the internal representation more suitable for crypto.
I have seriously considered the keyring API, and this is what I came up with - but I'd love to be shown a better way.
Mirek
next parent reply other threads:[~2010-08-23 15:39 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1278368294.1123931282577639823.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-23 15:37 ` Miloslav Trmac [this message]
2010-09-06 12:17 ` [PATCH 01/19] User-space API definition Herbert Xu
2010-09-06 12:33 ` Nikos Mavrogiannopoulos
[not found] <1586512982.1019221283808142288.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-06 21:39 ` Miloslav Trmac
[not found] <272391166.1009231283787434910.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-06 15:50 ` Miloslav Trmac
2010-09-06 18:00 ` Kyle Moffett
2010-09-06 19:13 ` Nikos Mavrogiannopoulos
2010-09-06 20:42 ` Kyle Moffett
2010-09-06 21:11 ` Nikos Mavrogiannopoulos
2010-09-07 3:05 ` Kyle Moffett
[not found] <423332662.861981283506383923.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-03 9:38 ` Miloslav Trmac
2010-08-20 8:45 [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space interface Miloslav Trmač
2010-08-20 8:45 ` [PATCH 01/19] User-space API definition Miloslav Trmač
2010-08-20 12:48 ` Stefan Richter
2010-08-21 7:35 ` Nikos Mavrogiannopoulos
2010-08-21 9:11 ` Miloslav Trmac
2010-08-20 17:12 ` Randy Dunlap
2010-08-21 13:09 ` Kyle Moffett
2010-08-21 14:54 ` Nikos Mavrogiannopoulos
2010-08-22 10:22 ` David Howells
2010-09-03 9:18 ` Herbert Xu
2010-09-03 9:34 ` Nikos Mavrogiannopoulos
2010-09-03 15:20 ` Nikos Mavrogiannopoulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1269957386.1124701282577860651.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com \
--to=mitr@redhat.com \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.hengli.com.au \
--cc=kyle@moffetthome.net \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=n.mavrogiannopoulos@gmail.com \
--cc=nhorman@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).