Re: [RFC PATCH 2/8] KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver 3]

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: David Woodhouse <dwmw2@infradead.org>
To: Mat Martineau <mathew.j.martineau@linux.intel.com>,
	David Howells <dhowells@redhat.com>
Cc: tadeusz.struk@intel.com, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
	linux-crypto@vger.kernel.org
Subject: Re: [RFC PATCH 2/8] KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver 3]
Date: Thu, 12 May 2016 12:04:05 +0100	[thread overview]
Message-ID: <1463051045.2484.97.camel@infradead.org> (raw)
In-Reply-To: <alpine.OSX.2.20.1605111426140.16566@mjmartin-mac01.local>

[-- Attachment #1: Type: text/plain, Size: 1881 bytes --]

On Wed, 2016-05-11 at 15:17 -0700, Mat Martineau wrote:
> 
> On Wed, 11 May 2016, David Howells wrote:
> 
> > diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
> > index ca72b70a24b9..01c2ae28a8c0 100644
> > --- a/Documentation/security/keys.txt
> > +++ b/Documentation/security/keys.txt
> > +     If the key needs to be unlocked with a password, a logon-type key that
> > +     holds the password may be given as the password argument
> ...
> > +     If the key must be unlocked with a password before it can be used,
> > +     password_id should point to a logon-type key that holds this.
> 
> It should be noted that the password_id should be 0 if no password is to 
> be used.

Hm, I would like to properly explore the use cases for these passwords,
before any API is set in stone.

To start with, I'll insist quite strongly that we should never be
passing an encrypted key into the kernel alongside the password needed
to decrypt it. We should let userspace do that gruntwork, and pass in a
canonical DER PKCS#8 (or PKCS#1) blob. As I said before, the other way
lies madness, and requests to support all the obscure formats that keys
are stored in.

So where *might* we want a password... mostly for things like TPM and
other crypto hardware (USB tokens, HSMs). And the usage model there is
normally that the password isn't tied to the *key*, it's a password or
PIN to unlock the *device*.

So I'm not quite sure this 'password_id' makes much sense at all...
unless the idea is that you load the (encrypted) key in advance and
then request the password *later* on demand, in order to use it? Is
that something we really need to support?

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@intel.com                              Intel Corporation

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5760 bytes --]

next prev parent reply	other threads:[~2016-05-12 11:04 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-11 14:21 [RFC PATCH 0/8] KEYS: keyctl operations for asymmetric keys [ver 3] David Howells
2016-05-11 14:22 ` [RFC PATCH 1/8] KEYS: Provide key type operations for asymmetric key ops " David Howells
2016-05-11 14:22 ` [RFC PATCH 2/8] KEYS: Provide keyctls to drive the new key type ops for asymmetric keys " David Howells
2016-05-11 22:17   ` Mat Martineau
2016-05-12 10:16     ` David Howells
2016-05-12 11:04     ` David Woodhouse [this message]
2016-05-11 14:22 ` [RFC PATCH 3/8] KEYS: Provide missing asymmetric key subops for new key type ops " David Howells
2016-05-11 14:22 ` [RFC PATCH 4/8] KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type " David Howells
2016-05-11 14:22 ` [RFC PATCH 5/8] KEYS: Provide software public key query function " David Howells
2016-05-11 23:50   ` Mat Martineau
2016-05-12  0:17     ` Tadeusz Struk
2016-05-12 10:19     ` David Howells
2016-05-12 17:01       ` Mat Martineau
2016-05-11 14:22 ` [RFC PATCH 6/8] KEYS: Allow the public_key struct to hold a private key " David Howells
2016-05-11 14:22 ` [RFC PATCH 7/8] KEYS: Implement encrypt, decrypt and sign for software asymmetric " David Howells
2016-05-11 14:22 ` [RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser " David Howells
2016-05-11 19:11   ` David Woodhouse
2016-05-12  0:09   ` Mat Martineau
2016-05-12 10:20     ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1463051045.2484.97.camel@infradead.org \
    --to=dwmw2@infradead.org \
    --cc=dhowells@redhat.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mathew.j.martineau@linux.intel.com \
    --cc=tadeusz.struk@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox