From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
To: Kyle Moffett <kyle@moffetthome.net>
Cc: Miloslav Trmac <mitr@redhat.com>,
Herbert Xu <herbert@gondor.hengli.com.au>,
linux-crypto@vger.kernel.org, Neil Horman <nhorman@redhat.com>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>
Subject: Re: [PATCH 01/19] User-space API definition
Date: Mon, 06 Sep 2010 23:11:25 +0200 [thread overview]
Message-ID: <4C8558FD.2010107@gmail.com> (raw)
In-Reply-To: <AANLkTi=kF880O_DuemgRPajvs3diyuvK8s4Ap04+kPzL@mail.gmail.com>
On 09/06/2010 10:42 PM, Kyle Moffett wrote:
>>> The problem with the approach you're proposing is that we then have
>>> two entirely separate classes of keys. First we have the existing
>>> keyring class, which can be securely and revokably passed between
>>> different processes with limited rights, but cannot be handed up to
>>> the kernel's cryptoapi.
>>
>> I don't think this is the case. The NCR does not store any keys nor
>> retrieves them. It does delegate the burden of that to userspace
>> application. NCR exports a wrapped version of the key and the userspace
>> application stores it. It could use the keyring to store the keys or
>> could directly store them in the filesystem.
>
> Hmm, I'm confused. You say "The NCR does not store any keys nor
> retrieves them", but ~75% of your API is specifically related to
> storing keys into kernel memory or retrieving them out of kernel
> memory.
> Specifically, putting keys into and out of the kernel and
> passing them around between processes is the *whole point* of the
> keyring API.
I suppose you mean the reference to the internal representation of the
key. This might be valid for few seconds until the required operation is
over.
This is not really what I would call storage. The storage and retrieval
of keys is being done using two ioctl() the STORAGE_WRAP and STORAGE_UNWRAP.
An example of how NCR works:
1. A Process generates an RSA key pair
2. Stores the (encrypted) pair using the STORAGE_WRAP to a file.
3. Another process loads the file, unwraps it using STORAGE_UNWRAP and
gets a reference to the key
4. Does an RSA decryption using the key
5. Discards the reference to the key
Consider the reference as a file descriptor after you have opened a file
(a wrapped key).
How do you see keyring being involved in a setup like this?
> So let me ask for some clarification:
> You talk a lot in the patches about the API itself, but what is the
> intended *use-case* for NCR?
In short: cryptographic operations.
> Is it to provide a back-end for code such as enhanced-security OpenSSL
> libraries? For example, a privileged process would loads a key from
> disk into the kernel, then fork the unprivileged SSL server process?
An unprivileged process will load a key from disk to kernel and use it.
The keys leave the NCR framework only encrypted and authenticated.
> Is it just a canonical interface for userspace to encrypt or decrypt
> data using the kernel's CryptoAPI?
I don't understand what do you mean by canonical, but this API can be
used to perform crypto operations. It uses the internal linux API where
possible.
regards,
Nikos
next prev parent reply other threads:[~2010-09-06 21:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <272391166.1009231283787434910.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-06 15:50 ` [PATCH 01/19] User-space API definition Miloslav Trmac
2010-09-06 18:00 ` Kyle Moffett
2010-09-06 19:13 ` Nikos Mavrogiannopoulos
2010-09-06 20:42 ` Kyle Moffett
2010-09-06 21:11 ` Nikos Mavrogiannopoulos [this message]
2010-09-07 3:05 ` Kyle Moffett
[not found] <1586512982.1019221283808142288.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-06 21:39 ` Miloslav Trmac
[not found] <423332662.861981283506383923.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-03 9:38 ` Miloslav Trmac
[not found] <1278368294.1123931282577639823.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-23 15:37 ` Miloslav Trmac
2010-09-06 12:17 ` Herbert Xu
2010-09-06 12:33 ` Nikos Mavrogiannopoulos
2010-08-20 8:45 [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space interface Miloslav Trmač
2010-08-20 8:45 ` [PATCH 01/19] User-space API definition Miloslav Trmač
2010-08-20 12:48 ` Stefan Richter
2010-08-21 7:35 ` Nikos Mavrogiannopoulos
2010-08-21 9:11 ` Miloslav Trmac
2010-08-20 17:12 ` Randy Dunlap
2010-08-21 13:09 ` Kyle Moffett
2010-08-21 14:54 ` Nikos Mavrogiannopoulos
2010-08-22 10:22 ` David Howells
2010-09-03 9:18 ` Herbert Xu
2010-09-03 9:34 ` Nikos Mavrogiannopoulos
2010-09-03 15:20 ` Nikos Mavrogiannopoulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C8558FD.2010107@gmail.com \
--to=n.mavrogiannopoulos@gmail.com \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.hengli.com.au \
--cc=kyle@moffetthome.net \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mitr@redhat.com \
--cc=nhorman@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).