diff for duplicates of <aae9bc89-ca34-400f-9c5e-44be1df2befa@gmail.com> diff --git a/a/1.txt b/N1/1.txt index 684bdc2..b76601e 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -13,3 +13,198 @@ of a test app when I tried. Regards, -Denis + +X-sender: <linux-kernel+bounces-125931-steffen.klassert=secunet.com@vger.kernel.org> +X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com NOTIFY=NEVER; X-ExtendedProps=BQAVABYAAgAAAAUAFAARAPDFCS25BAlDktII2g02frgPADUAAABNaWNyb3NvZnQuRXhjaGFuZ2UuVHJhbnNwb3J0LkRpcmVjdG9yeURhdGEuSXNSZXNvdXJjZQIAAAUAagAJAAEAAAAAAAAABQAWAAIAAAUAQwACAAAFAEYABwADAAAABQBHAAIAAAUAEgAPAGIAAAAvbz1zZWN1bmV0L291PUV4Y2hhbmdlIEFkbWluaXN0cmF0aXZlIEdyb3VwIChGWURJQk9IRjIzU1BETFQpL2NuPVJlY2lwaWVudHMvY249U3RlZmZlbiBLbGFzc2VydDY4YwUACwAXAL4AAACheZxkHSGBRqAcAp3ukbifQ049REI2LENOPURhdGFiYXNlcyxDTj1FeGNoYW5nZSBBZG1pbmlzdHJhdGl2ZSBHcm91cCAoRllESUJPSEYyM1NQRExUKSxDTj1BZG1pbmlzdHJhdGl2ZSBHcm91cHMsQ049c2VjdW5ldCxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZWN1bmV0LERDPWRlBQAOABEABiAS9uuMOkqzwmEZDvWNNQUAHQAPAAwAAABtYngtZXNzZW4tMDIFADwAAgAADwA2AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50LkRpc3BsYXlOYW1lDwARAAAAS2xhc3NlcnQsIFN0ZWZmZW4FAAwAAgAABQBsAAIAAAUAWAAXAEoAAADwxQktuQQJQ5LSCNoNNn64Q049S2xhc3NlcnQgU3RlZmZlbixPVT1Vc2VycyxPVT1NaWdyYXRpb24sREM9c2VjdW5ldCxEQz1kZQUAJgACAAEFACIADwAxAAAAQXV0b1Jlc3BvbnNlU3VwcHJlc3M6IDANClRyYW5zbWl0SGlzdG9yeTogRmFsc2UNCg8ALwAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuRXhwYW5zaW9uR3JvdXBUeXBlDwAVAAAATWVtYmVyc0dyb3VwRXhwYW5zaW9uBQAjAAIAAQ== +X-CreatedBy: MSExchange15 +X-HeloDomain: b.mx.secunet.com +X-ExtendedProps: BQBjAAoAwapAQuxQ3AgFAGEACAABAAAABQA3AAIAAA8APAAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuTWFpbFJlY2lwaWVudC5Pcmdhbml6YXRpb25TY29wZREAAAAAAAAAAAAAAAAAAAAAAAUASQACAAEFAGIACgB2AAAAqIoAAAUABAAUIAEAAAAcAAAAc3RlZmZlbi5rbGFzc2VydEBzZWN1bmV0LmNvbQUABgACAAEFACkAAgABDwAJAAAAQ0lBdWRpdGVkAgABBQACAAcAAQAAAAUAAwAHAAAAAAAFAAUAAgABBQBkAA8AAwAAAEh1Yg== +X-Source: SMTP:Default MBX-DRESDEN-01 +X-SourceIPAddress: 62.96.220.37 +X-EndOfInjectedXHeaders: 12053 +Received: from cas-essen-02.secunet.de (10.53.40.202) by + mbx-dresden-01.secunet.de (10.53.40.199) with Microsoft SMTP Server + (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id + 15.1.2507.37; Sun, 31 Mar 2024 04:38:26 +0200 +Received: from b.mx.secunet.com (62.96.220.37) by cas-essen-02.secunet.de + (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.37 via Frontend + Transport; Sun, 31 Mar 2024 04:38:26 +0200 +Received: from localhost (localhost [127.0.0.1]) + by b.mx.secunet.com (Postfix) with ESMTP id 2AB2D20322 + for <steffen.klassert@secunet.com>; Sun, 31 Mar 2024 04:38:26 +0200 (CEST) +X-Virus-Scanned: by secunet +X-Spam-Flag: NO +X-Spam-Score: -2.749 +X-Spam-Level: +X-Spam-Status: No, score=-2.749 tagged_above=-999 required=2.1 + tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, + DKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, + FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, + MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, + SPF_HELO_NONE=0.001, SPF_PASS=-0.001] + autolearn=unavailable autolearn_force=no +Authentication-Results: a.mx.secunet.com (amavisd-new); + dkim=pass (2048-bit key) header.d=gmail.com +Received: from b.mx.secunet.com ([127.0.0.1]) + by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id Y6JZ0jC6kB3o for <steffen.klassert@secunet.com>; + Sun, 31 Mar 2024 04:38:25 +0200 (CEST) +Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=147.75.80.249; helo=am.mirrors.kernel.org; envelope-from=linux-kernel+bounces-125931-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com +DKIM-Filter: OpenDKIM Filter v2.11.0 b.mx.secunet.com A615920199 +Authentication-Results: b.mx.secunet.com; + dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XleIRPSp" +Received: from am.mirrors.kernel.org (am.mirrors.kernel.org [147.75.80.249]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by b.mx.secunet.com (Postfix) with ESMTPS id A615920199 + for <steffen.klassert@secunet.com>; Sun, 31 Mar 2024 04:38:25 +0200 (CEST) +Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by am.mirrors.kernel.org (Postfix) with ESMTPS id 584181F218D9 + for <steffen.klassert@secunet.com>; Sun, 31 Mar 2024 02:38:25 +0000 (UTC) +Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) + by smtp.subspace.kernel.org (Postfix) with ESMTP id EB1C03D6D; + Sun, 31 Mar 2024 02:38:11 +0000 (UTC) +Authentication-Results: smtp.subspace.kernel.org; + dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XleIRPSp" +Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) + (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) + (No client certificate requested) + by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54A6C181; + Sun, 31 Mar 2024 02:38:08 +0000 (UTC) +Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.45 +ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; + t=1711852689; cv=none; b=gXNEolHo55cI9s9E0fe7uOOSm88Jz7dwj3ls8ge3nw8RDM4vYnsK3QkV/TYCu8HKWXSxelrGFg26OaTa0ta2xAeaumLm+bNicuklMkDBxzgMakTmXxNf8xfV/uZLU1lr3i868qhdgUvfJgx0ptM9DjM8hr8IuQzNZ6hDb2tE66w= +ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; + s=arc-20240116; t=1711852689; c=relaxed/simple; + bh=SNeN2CYj+6bo6yYIrP8F5A4iIl0/Q9yGn+qoKYRUWH4=; + h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: + In-Reply-To:Content-Type; b=WX0BCLiJLkXYSF23cXoAUUoCaN3U++73B96a084d5eByR6abt19vx+RRgPeFHn/FNkK/J6TmDIJzyF4IYk3FZTEjQ9I/pyxKjnmYqJBhqHBxbDk+/e+NGJ90rlOfa4MF1hGhvlAequCF3PKJT9TuvWJc3UIpKmFlHj11ZC0GCMk= +ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XleIRPSp; arc=none smtp.client-ip=209.85.161.45 +Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com +Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com +Received: by mail-oo1-f45.google.com with SMTP id 006d021491bc7-5a47cecb98bso2073304eaf.0; + Sat, 30 Mar 2024 19:38:08 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=gmail.com; s=20230601; t=1711852687; x=1712457487; darn=vger.kernel.org; + h=content-transfer-encoding:in-reply-to:from:references:cc:to + :content-language:subject:user-agent:mime-version:date:message-id + :from:to:cc:subject:date:message-id:reply-to; + bh=lUs6NaIvupBIrN3kNgIHykr6WEWtZD3EhPX18G9uddY=; + b=XleIRPSp55P9VHB7a2r/titnJwBaAjVmwFFWncW/trJnpln7+XtSjSvi9uqMgHENno + mXoHhat/Z/Iu/etVc504MD8mbcqjpCdo92CyUAjqoOvDmqxWOTlUEoKSZpMXMU1tjGDE + XbpXwWhrrBDGTCSBhMimQlOAAiFIgIn6MMASG45+bZdtNZH3XVRJ5bVJUjjXsZsqVSuD + EAr0yLfv7Xw4ek1Nrgh1EsDej1shKOAN+fHmpmCt2k67uc0kQqgZTsLvlgNdkJABYumM + NqMAc3CT/Ikjfg8Q4m9fVK1ahVo7HmKBBnIuDdfrFTz3L4Mf85eUXTvDWIq6NjILU5Zk + EE5A== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20230601; t=1711852687; x=1712457487; + h=content-transfer-encoding:in-reply-to:from:references:cc:to + :content-language:subject:user-agent:mime-version:date:message-id + :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; + bh=lUs6NaIvupBIrN3kNgIHykr6WEWtZD3EhPX18G9uddY=; + b=dR8iI2wu/bgmWoKgd3fQy1Qs3x8Gg8zaFnPHbg0FZVEZ0RXNeEaOyPNYJ1aIfjy24D + 15h1F4+67W51lrSYAej/3JXzlWZZfwN+sEoBc+2m+UdBjvHf18AI150uR/j7E1kwLdbX + sGYqzl76u5sQvTr0S681UIXwuJI8SbyuckQSRFHBqVNDfJVH0TIeYJflzO0R6FpSMC8R + 9zz21UCZ3xMyhIWChGyQmc7Wt48iBBORmO2pxhHMcl7c4qiPRydQGd654U39D+gB3weL + ELldBLvIApWZmFYYutf7AN/jmQk6rSAo74Gm8P8UkZUIxFx+1qy0xVLs34o8roNuo1WX + +QIg== +X-Forwarded-Encrypted: i=1; AJvYcCVwL3cU3nCsvXYDTwS66oYsIOZe9xNTNPxXhx+b5LI0hF4hupv8P5wIUYO2JPUDl0WepDijhDJPYBg1N560PbnJ5RAa4R88i26Vu9VypwbBZecB5aqbsTeOFXgu4wuUSU6yA7yyNW3bsx+drdJwvoi1WZf5gLyATZ+18fbURnSBI4TAocIuILlIqVomkqoToJcDzLA9S5fTrbiTCkqMZeE= +X-Gm-Message-State: AOJu0YyW7TJsviPHgdYwWIVD+v3Bv1LiX1phxqUeZ9O5THjJ2TKywZ9M + IdQhsJIEEtX7xf5p5m/dh/a51J+VTrkHVZa0tY90NWObJeeGoGmG +X-Google-Smtp-Source: AGHT+IG8y/mw6Sg+NJ68AiBnOVhIGZhncP4yQFjwCnn6QvLTTTIKr8wBQM2lppgPQLGZ1h9+K7oVJA== +X-Received: by 2002:a05:6820:260e:b0:5a5:639a:2fb8 with SMTP id cy14-20020a056820260e00b005a5639a2fb8mr6074835oob.4.1711852687375; + Sat, 30 Mar 2024 19:38:07 -0700 (PDT) +Received: from [192.168.1.22] (070-114-247-242.res.spectrum.com. [70.114.247.242]) + by smtp.googlemail.com with ESMTPSA id bf14-20020a056820174e00b005a4bcb155basm1611035oob.23.2024.03.30.19.38.06 + (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); + Sat, 30 Mar 2024 19:38:07 -0700 (PDT) +Message-ID: <aae9bc89-ca34-400f-9c5e-44be1df2befa@gmail.com> +Date: Sat, 30 Mar 2024 21:38:05 -0500 +Precedence: bulk +X-Mailing-List: linux-kernel@vger.kernel.org +List-Id: <linux-kernel.vger.kernel.org> +List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> +List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> +MIME-Version: 1.0 +User-Agent: Mozilla Thunderbird +Subject: Re: [PATCH] KEYS: Add ECDH support +Content-Language: en-US +To: Eric Biggers <ebiggers@kernel.org>, + James Bottomley <James.Bottomley@hansenpartnership.com> +Cc: Zhang Yiqun <zhangyiqun@phytium.com.cn>, dhowells@redhat.com, + jarkko@kernel.org, corbet@lwn.net, keyrings@vger.kernel.org, + linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, + linux-crypto@vger.kernel.org +References: <20240330065506.3146-1-zhangyiqun@phytium.com.cn> + <20240330070436.GA2116@sol.localdomain> + <087bbfcf95c9014ee8f87d482773244f0833b892.camel@HansenPartnership.com> + <20240331004844.GA104623@sol.localdomain> +From: Denis Kenzior <denkenz@gmail.com> +In-Reply-To: <20240331004844.GA104623@sol.localdomain> +Content-Type: text/plain; charset="UTF-8"; format=flowed +Content-Transfer-Encoding: 7bit +Return-Path: linux-kernel+bounces-125931-steffen.klassert=secunet.com@vger.kernel.org +X-MS-Exchange-Organization-OriginalArrivalTime: 31 Mar 2024 02:38:26.2603 + (UTC) +X-MS-Exchange-Organization-Network-Message-Id: 25f48256-d726-4dcd-c568-08dc512ba45a +X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.37 +X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202 +X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de +X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=mbx-dresden-01.secunet.de:TOTAL-HUB=0.407|SMR=0.357(SMRDE=0.050|SMRC=0.306(SMRCL=0.100|X-SMRCR=0.306))|CAT=0.049(CATOS=0.011 + (CATSM=0.011(CATSM-Malware + Agent=0.011))|CATRESL=0.023(CATRESLP2R=0.017)|CATORES=0.012 + (CATRS=0.012(CATRS-Index Routing Agent=0.011)));2024-03-31T02:38:26.699Z +X-MS-Exchange-Forest-ArrivalHubServer: mbx-dresden-01.secunet.de +X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de +X-MS-Exchange-Organization-AuthAs: Anonymous +X-MS-Exchange-Organization-FromEntityHeader: Internet +X-MS-Exchange-Organization-OriginalSize: 9469 +X-MS-Exchange-Organization-HygienePolicy: Standard +X-MS-Exchange-Organization-MessageLatency: SRV=cas-essen-02.secunet.de:TOTAL-FE=0.032|SMR=0.022(SMRPI=0.020(SMRPI-FrontendProxyAgent=0.019))|SMS=0.009 +X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0 +X-MS-Exchange-Organization-Recipient-Limit-Verified: True +X-MS-Exchange-Organization-TotalRecipientCount: 1 +X-MS-Exchange-Organization-Rules-Execution-History: 0b0cf904-14ac-4724-8bdf-482ee6223cf2%%%fd34672d-751c-45ae-a963-ed177fcabe23%%%d8080257-b0c3-47b4-b0db-23bc0c8ddb3c%%%95e591a2-5d7d-4afa-b1d0-7573d6c0a5d9%%%f7d0f6bc-4dcc-4876-8c5d-b3d6ddbb3d55%%%16355082-c50b-4214-9c7d-d39575f9f79b +X-MS-Exchange-Forest-RulesExecuted: mbx-dresden-01 +X-MS-Exchange-Organization-RulesExecuted: mbx-dresden-01 +X-MS-Exchange-Forest-IndexAgent-0: AQ0CZW4AAfgBAAAPAAADH4sIAAAAAAAEAE1SXWvbMBRVE38k7jLYP7 + hvheDlJwxCE2jYHkbpy56KYt/Uoq5kJHmr/9N+5I6kzBQuRvfcc849 + Ev6bPSg6WtXUm2pTfUPR/m10Sr/0U02+Y+J35Tx6+n78df/04/nw8L + yl/c+Tq0nqNlKuk+P9PKPBmsE4buk8BU/fKWDSN11NRvcTmYGt9IyG + RseWXnlyYEkfDaFu2DnqpKPH4/5Asom9NzuiJ3gFzzeW+oMmOjRS05 + nJW/VbyR57+N1b2fgYhCS5jvueXGPV4MmOWoeLKU2TGW3wjFkcVimj + 4yrp7xxteyBb4M1oOWwMoYMSB+VML4P/NfNut4vvuKlOMY1jTrc/c1 + B4OzJdjE2bzLwsxq/pPHo6UWv0XbiU0q9JGy4cleYyvw20vrMsW3ID + N+qimuiB1HtPPUsXnBoz9m0wi0Spp/RMZvSbCl6SPIMnh4H+dKwhwM + txuwvxH/lF2tbhv/h6YB0SbCohFmKZic9rcbsU2UqsixtRiXIh8kwU + QFBAPokyC5WDsBAFDnlsS7GK8jwVyEDwxbm4mqzyyE8gvuCvRYXC4U + YsMAXzv88qelZFOAQ8Liowwt5SfAE/RUr4bAtCGSVok2eaLj5M8YUh + fLIQbAkCmLGds+Up0oxEq6oUt/k/l0NX+VQDAAABDs4BUmV0cmlldm + VyT3BlcmF0b3IsMTAsMTtSZXRyaWV2ZXJPcGVyYXRvciwxMSwwO1Bv + c3REb2NQYXJzZXJPcGVyYXRvciwxMCwwO1Bvc3REb2NQYXJzZXJPcG + VyYXRvciwxMSwwO1Bvc3RXb3JkQnJlYWtlckRpYWdub3N0aWNPcGVy + YXRvciwxMCwwO1Bvc3RXb3JkQnJlYWtlckRpYWdub3N0aWNPcGVyYX + RvciwxMSwwO1RyYW5zcG9ydFdyaXRlclByb2R1Y2VyLDIwLDY= +X-MS-Exchange-Forest-IndexAgent: 1 725 +X-MS-Exchange-Forest-EmailMessageHash: 759BD60A +X-MS-Exchange-Forest-Language: en +X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent + +Hi Eric, + +> +> Amusingly, the existing KEYCTL_DH_* APIs, and the KEYCTL_ECDH_* APIs proposed by +> this patch, only operate on user keys that the process has READ access to. This +> means that the keys can be trivially extracted by a shell script running in your +> user session. That's *less* secure than using an isolated process... +> + +I can see this being true for user or session keys, but I don't think this is +true of process or thread specific keys. At least I couldn't read any keys out +of a test app when I tried. + +Regards, +-Denis diff --git a/a/content_digest b/N1/content_digest index 9bc47b2..4d7a6a6 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -31,6 +31,201 @@ "of a test app when I tried.\n" "\n" "Regards,\n" + "-Denis\n" + "\n" + "X-sender: <linux-kernel+bounces-125931-steffen.klassert=secunet.com@vger.kernel.org>\n" + "X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com NOTIFY=NEVER; X-ExtendedProps=BQAVABYAAgAAAAUAFAARAPDFCS25BAlDktII2g02frgPADUAAABNaWNyb3NvZnQuRXhjaGFuZ2UuVHJhbnNwb3J0LkRpcmVjdG9yeURhdGEuSXNSZXNvdXJjZQIAAAUAagAJAAEAAAAAAAAABQAWAAIAAAUAQwACAAAFAEYABwADAAAABQBHAAIAAAUAEgAPAGIAAAAvbz1zZWN1bmV0L291PUV4Y2hhbmdlIEFkbWluaXN0cmF0aXZlIEdyb3VwIChGWURJQk9IRjIzU1BETFQpL2NuPVJlY2lwaWVudHMvY249U3RlZmZlbiBLbGFzc2VydDY4YwUACwAXAL4AAACheZxkHSGBRqAcAp3ukbifQ049REI2LENOPURhdGFiYXNlcyxDTj1FeGNoYW5nZSBBZG1pbmlzdHJhdGl2ZSBHcm91cCAoRllESUJPSEYyM1NQRExUKSxDTj1BZG1pbmlzdHJhdGl2ZSBHcm91cHMsQ049c2VjdW5ldCxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZWN1bmV0LERDPWRlBQAOABEABiAS9uuMOkqzwmEZDvWNNQUAHQAPAAwAAABtYngtZXNzZW4tMDIFADwAAgAADwA2AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50LkRpc3BsYXlOYW1lDwARAAAAS2xhc3NlcnQsIFN0ZWZmZW4FAAwAAgAABQBsAAIAAAUAWAAXAEoAAADwxQktuQQJQ5LSCNoNNn64Q049S2xhc3NlcnQgU3RlZmZlbixPVT1Vc2VycyxPVT1NaWdyYXRpb24sREM9c2VjdW5ldCxEQz1kZQUAJgACAAEFACIADwAxAAAAQXV0b1Jlc3BvbnNlU3VwcHJlc3M6IDANClRyYW5zbWl0SGlzdG9yeTogRmFsc2UNCg8ALwAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuRXhwYW5zaW9uR3JvdXBUeXBlDwAVAAAATWVtYmVyc0dyb3VwRXhwYW5zaW9uBQAjAAIAAQ==\n" + "X-CreatedBy: MSExchange15\n" + "X-HeloDomain: b.mx.secunet.com\n" + "X-ExtendedProps: BQBjAAoAwapAQuxQ3AgFAGEACAABAAAABQA3AAIAAA8APAAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuTWFpbFJlY2lwaWVudC5Pcmdhbml6YXRpb25TY29wZREAAAAAAAAAAAAAAAAAAAAAAAUASQACAAEFAGIACgB2AAAAqIoAAAUABAAUIAEAAAAcAAAAc3RlZmZlbi5rbGFzc2VydEBzZWN1bmV0LmNvbQUABgACAAEFACkAAgABDwAJAAAAQ0lBdWRpdGVkAgABBQACAAcAAQAAAAUAAwAHAAAAAAAFAAUAAgABBQBkAA8AAwAAAEh1Yg==\n" + "X-Source: SMTP:Default MBX-DRESDEN-01\n" + "X-SourceIPAddress: 62.96.220.37\n" + "X-EndOfInjectedXHeaders: 12053\n" + "Received: from cas-essen-02.secunet.de (10.53.40.202) by\n" + " mbx-dresden-01.secunet.de (10.53.40.199) with Microsoft SMTP Server\n" + " (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n" + " 15.1.2507.37; Sun, 31 Mar 2024 04:38:26 +0200\n" + "Received: from b.mx.secunet.com (62.96.220.37) by cas-essen-02.secunet.de\n" + " (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.37 via Frontend\n" + " Transport; Sun, 31 Mar 2024 04:38:26 +0200\n" + "Received: from localhost (localhost [127.0.0.1])\n" + "\tby b.mx.secunet.com (Postfix) with ESMTP id 2AB2D20322\n" + "\tfor <steffen.klassert@secunet.com>; Sun, 31 Mar 2024 04:38:26 +0200 (CEST)\n" + "X-Virus-Scanned: by secunet\n" + "X-Spam-Flag: NO\n" + "X-Spam-Score: -2.749\n" + "X-Spam-Level:\n" + "X-Spam-Status: No, score=-2.749 tagged_above=-999 required=2.1\n" + "\ttests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,\n" + "\tDKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001,\n" + "\tFREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249,\n" + "\tMAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001,\n" + "\tSPF_HELO_NONE=0.001, SPF_PASS=-0.001]\n" + "\tautolearn=unavailable autolearn_force=no\n" + "Authentication-Results: a.mx.secunet.com (amavisd-new);\n" + "\tdkim=pass (2048-bit key) header.d=gmail.com\n" + "Received: from b.mx.secunet.com ([127.0.0.1])\n" + "\tby localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)\n" + "\twith ESMTP id Y6JZ0jC6kB3o for <steffen.klassert@secunet.com>;\n" + "\tSun, 31 Mar 2024 04:38:25 +0200 (CEST)\n" + "Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=147.75.80.249; helo=am.mirrors.kernel.org; envelope-from=linux-kernel+bounces-125931-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com \n" + "DKIM-Filter: OpenDKIM Filter v2.11.0 b.mx.secunet.com A615920199\n" + "Authentication-Results: b.mx.secunet.com;\n" + "\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=\"XleIRPSp\"\n" + "Received: from am.mirrors.kernel.org (am.mirrors.kernel.org [147.75.80.249])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby b.mx.secunet.com (Postfix) with ESMTPS id A615920199\n" + "\tfor <steffen.klassert@secunet.com>; Sun, 31 Mar 2024 04:38:25 +0200 (CEST)\n" + "Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby am.mirrors.kernel.org (Postfix) with ESMTPS id 584181F218D9\n" + "\tfor <steffen.klassert@secunet.com>; Sun, 31 Mar 2024 02:38:25 +0000 (UTC)\n" + "Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])\n" + "\tby smtp.subspace.kernel.org (Postfix) with ESMTP id EB1C03D6D;\n" + "\tSun, 31 Mar 2024 02:38:11 +0000 (UTC)\n" + "Authentication-Results: smtp.subspace.kernel.org;\n" + "\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=\"XleIRPSp\"\n" + "Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n" + "\t(No client certificate requested)\n" + "\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 54A6C181;\n" + "\tSun, 31 Mar 2024 02:38:08 +0000 (UTC)\n" + "Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.45\n" + "ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n" + "\tt=1711852689; cv=none; b=gXNEolHo55cI9s9E0fe7uOOSm88Jz7dwj3ls8ge3nw8RDM4vYnsK3QkV/TYCu8HKWXSxelrGFg26OaTa0ta2xAeaumLm+bNicuklMkDBxzgMakTmXxNf8xfV/uZLU1lr3i868qhdgUvfJgx0ptM9DjM8hr8IuQzNZ6hDb2tE66w=\n" + "ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;\n" + "\ts=arc-20240116; t=1711852689; c=relaxed/simple;\n" + "\tbh=SNeN2CYj+6bo6yYIrP8F5A4iIl0/Q9yGn+qoKYRUWH4=;\n" + "\th=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:\n" + "\t In-Reply-To:Content-Type; b=WX0BCLiJLkXYSF23cXoAUUoCaN3U++73B96a084d5eByR6abt19vx+RRgPeFHn/FNkK/J6TmDIJzyF4IYk3FZTEjQ9I/pyxKjnmYqJBhqHBxbDk+/e+NGJ90rlOfa4MF1hGhvlAequCF3PKJT9TuvWJc3UIpKmFlHj11ZC0GCMk=\n" + "ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XleIRPSp; arc=none smtp.client-ip=209.85.161.45\n" + "Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com\n" + "Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com\n" + "Received: by mail-oo1-f45.google.com with SMTP id 006d021491bc7-5a47cecb98bso2073304eaf.0;\n" + " Sat, 30 Mar 2024 19:38:08 -0700 (PDT)\n" + "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;\n" + " d=gmail.com; s=20230601; t=1711852687; x=1712457487; darn=vger.kernel.org;\n" + " h=content-transfer-encoding:in-reply-to:from:references:cc:to\n" + " :content-language:subject:user-agent:mime-version:date:message-id\n" + " :from:to:cc:subject:date:message-id:reply-to;\n" + " bh=lUs6NaIvupBIrN3kNgIHykr6WEWtZD3EhPX18G9uddY=;\n" + " b=XleIRPSp55P9VHB7a2r/titnJwBaAjVmwFFWncW/trJnpln7+XtSjSvi9uqMgHENno\n" + " mXoHhat/Z/Iu/etVc504MD8mbcqjpCdo92CyUAjqoOvDmqxWOTlUEoKSZpMXMU1tjGDE\n" + " XbpXwWhrrBDGTCSBhMimQlOAAiFIgIn6MMASG45+bZdtNZH3XVRJ5bVJUjjXsZsqVSuD\n" + " EAr0yLfv7Xw4ek1Nrgh1EsDej1shKOAN+fHmpmCt2k67uc0kQqgZTsLvlgNdkJABYumM\n" + " NqMAc3CT/Ikjfg8Q4m9fVK1ahVo7HmKBBnIuDdfrFTz3L4Mf85eUXTvDWIq6NjILU5Zk\n" + " EE5A==\n" + "X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;\n" + " d=1e100.net; s=20230601; t=1711852687; x=1712457487;\n" + " h=content-transfer-encoding:in-reply-to:from:references:cc:to\n" + " :content-language:subject:user-agent:mime-version:date:message-id\n" + " :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;\n" + " bh=lUs6NaIvupBIrN3kNgIHykr6WEWtZD3EhPX18G9uddY=;\n" + " b=dR8iI2wu/bgmWoKgd3fQy1Qs3x8Gg8zaFnPHbg0FZVEZ0RXNeEaOyPNYJ1aIfjy24D\n" + " 15h1F4+67W51lrSYAej/3JXzlWZZfwN+sEoBc+2m+UdBjvHf18AI150uR/j7E1kwLdbX\n" + " sGYqzl76u5sQvTr0S681UIXwuJI8SbyuckQSRFHBqVNDfJVH0TIeYJflzO0R6FpSMC8R\n" + " 9zz21UCZ3xMyhIWChGyQmc7Wt48iBBORmO2pxhHMcl7c4qiPRydQGd654U39D+gB3weL\n" + " ELldBLvIApWZmFYYutf7AN/jmQk6rSAo74Gm8P8UkZUIxFx+1qy0xVLs34o8roNuo1WX\n" + " +QIg==\n" + "X-Forwarded-Encrypted: i=1; AJvYcCVwL3cU3nCsvXYDTwS66oYsIOZe9xNTNPxXhx+b5LI0hF4hupv8P5wIUYO2JPUDl0WepDijhDJPYBg1N560PbnJ5RAa4R88i26Vu9VypwbBZecB5aqbsTeOFXgu4wuUSU6yA7yyNW3bsx+drdJwvoi1WZf5gLyATZ+18fbURnSBI4TAocIuILlIqVomkqoToJcDzLA9S5fTrbiTCkqMZeE=\n" + "X-Gm-Message-State: AOJu0YyW7TJsviPHgdYwWIVD+v3Bv1LiX1phxqUeZ9O5THjJ2TKywZ9M\n" + "\tIdQhsJIEEtX7xf5p5m/dh/a51J+VTrkHVZa0tY90NWObJeeGoGmG\n" + "X-Google-Smtp-Source: AGHT+IG8y/mw6Sg+NJ68AiBnOVhIGZhncP4yQFjwCnn6QvLTTTIKr8wBQM2lppgPQLGZ1h9+K7oVJA==\n" + "X-Received: by 2002:a05:6820:260e:b0:5a5:639a:2fb8 with SMTP id cy14-20020a056820260e00b005a5639a2fb8mr6074835oob.4.1711852687375;\n" + " Sat, 30 Mar 2024 19:38:07 -0700 (PDT)\n" + "Received: from [192.168.1.22] (070-114-247-242.res.spectrum.com. [70.114.247.242])\n" + " by smtp.googlemail.com with ESMTPSA id bf14-20020a056820174e00b005a4bcb155basm1611035oob.23.2024.03.30.19.38.06\n" + " (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n" + " Sat, 30 Mar 2024 19:38:07 -0700 (PDT)\n" + "Message-ID: <aae9bc89-ca34-400f-9c5e-44be1df2befa@gmail.com>\n" + "Date: Sat, 30 Mar 2024 21:38:05 -0500\n" + "Precedence: bulk\n" + "X-Mailing-List: linux-kernel@vger.kernel.org\n" + "List-Id: <linux-kernel.vger.kernel.org>\n" + "List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>\n" + "List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>\n" + "MIME-Version: 1.0\n" + "User-Agent: Mozilla Thunderbird\n" + "Subject: Re: [PATCH] KEYS: Add ECDH support\n" + "Content-Language: en-US\n" + "To: Eric Biggers <ebiggers@kernel.org>,\n" + " James Bottomley <James.Bottomley@hansenpartnership.com>\n" + "Cc: Zhang Yiqun <zhangyiqun@phytium.com.cn>, dhowells@redhat.com,\n" + " jarkko@kernel.org, corbet@lwn.net, keyrings@vger.kernel.org,\n" + " linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,\n" + " linux-crypto@vger.kernel.org\n" + "References: <20240330065506.3146-1-zhangyiqun@phytium.com.cn>\n" + " <20240330070436.GA2116@sol.localdomain>\n" + " <087bbfcf95c9014ee8f87d482773244f0833b892.camel@HansenPartnership.com>\n" + " <20240331004844.GA104623@sol.localdomain>\n" + "From: Denis Kenzior <denkenz@gmail.com>\n" + "In-Reply-To: <20240331004844.GA104623@sol.localdomain>\n" + "Content-Type: text/plain; charset=\"UTF-8\"; format=flowed\n" + "Content-Transfer-Encoding: 7bit\n" + "Return-Path: linux-kernel+bounces-125931-steffen.klassert=secunet.com@vger.kernel.org\n" + "X-MS-Exchange-Organization-OriginalArrivalTime: 31 Mar 2024 02:38:26.2603\n" + " (UTC)\n" + "X-MS-Exchange-Organization-Network-Message-Id: 25f48256-d726-4dcd-c568-08dc512ba45a\n" + "X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.37\n" + "X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202\n" + "X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=mbx-dresden-01.secunet.de:TOTAL-HUB=0.407|SMR=0.357(SMRDE=0.050|SMRC=0.306(SMRCL=0.100|X-SMRCR=0.306))|CAT=0.049(CATOS=0.011\n" + " (CATSM=0.011(CATSM-Malware\n" + " Agent=0.011))|CATRESL=0.023(CATRESLP2R=0.017)|CATORES=0.012\n" + " (CATRS=0.012(CATRS-Index Routing Agent=0.011)));2024-03-31T02:38:26.699Z\n" + "X-MS-Exchange-Forest-ArrivalHubServer: mbx-dresden-01.secunet.de\n" + "X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-AuthAs: Anonymous\n" + "X-MS-Exchange-Organization-FromEntityHeader: Internet\n" + "X-MS-Exchange-Organization-OriginalSize: 9469\n" + "X-MS-Exchange-Organization-HygienePolicy: Standard\n" + "X-MS-Exchange-Organization-MessageLatency: SRV=cas-essen-02.secunet.de:TOTAL-FE=0.032|SMR=0.022(SMRPI=0.020(SMRPI-FrontendProxyAgent=0.019))|SMS=0.009\n" + "X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0\n" + "X-MS-Exchange-Organization-Recipient-Limit-Verified: True\n" + "X-MS-Exchange-Organization-TotalRecipientCount: 1\n" + "X-MS-Exchange-Organization-Rules-Execution-History: 0b0cf904-14ac-4724-8bdf-482ee6223cf2%%%fd34672d-751c-45ae-a963-ed177fcabe23%%%d8080257-b0c3-47b4-b0db-23bc0c8ddb3c%%%95e591a2-5d7d-4afa-b1d0-7573d6c0a5d9%%%f7d0f6bc-4dcc-4876-8c5d-b3d6ddbb3d55%%%16355082-c50b-4214-9c7d-d39575f9f79b\n" + "X-MS-Exchange-Forest-RulesExecuted: mbx-dresden-01\n" + "X-MS-Exchange-Organization-RulesExecuted: mbx-dresden-01\n" + "X-MS-Exchange-Forest-IndexAgent-0: AQ0CZW4AAfgBAAAPAAADH4sIAAAAAAAEAE1SXWvbMBRVE38k7jLYP7\n" + " hvheDlJwxCE2jYHkbpy56KYt/Uoq5kJHmr/9N+5I6kzBQuRvfcc849\n" + " Ev6bPSg6WtXUm2pTfUPR/m10Sr/0U02+Y+J35Tx6+n78df/04/nw8L\n" + " yl/c+Tq0nqNlKuk+P9PKPBmsE4buk8BU/fKWDSN11NRvcTmYGt9IyG\n" + " RseWXnlyYEkfDaFu2DnqpKPH4/5Asom9NzuiJ3gFzzeW+oMmOjRS05\n" + " nJW/VbyR57+N1b2fgYhCS5jvueXGPV4MmOWoeLKU2TGW3wjFkcVimj\n" + " 4yrp7xxteyBb4M1oOWwMoYMSB+VML4P/NfNut4vvuKlOMY1jTrc/c1\n" + " B4OzJdjE2bzLwsxq/pPHo6UWv0XbiU0q9JGy4cleYyvw20vrMsW3ID\n" + " N+qimuiB1HtPPUsXnBoz9m0wi0Spp/RMZvSbCl6SPIMnh4H+dKwhwM\n" + " txuwvxH/lF2tbhv/h6YB0SbCohFmKZic9rcbsU2UqsixtRiXIh8kwU\n" + " QFBAPokyC5WDsBAFDnlsS7GK8jwVyEDwxbm4mqzyyE8gvuCvRYXC4U\n" + " YsMAXzv88qelZFOAQ8Liowwt5SfAE/RUr4bAtCGSVok2eaLj5M8YUh\n" + " fLIQbAkCmLGds+Up0oxEq6oUt/k/l0NX+VQDAAABDs4BUmV0cmlldm\n" + " VyT3BlcmF0b3IsMTAsMTtSZXRyaWV2ZXJPcGVyYXRvciwxMSwwO1Bv\n" + " c3REb2NQYXJzZXJPcGVyYXRvciwxMCwwO1Bvc3REb2NQYXJzZXJPcG\n" + " VyYXRvciwxMSwwO1Bvc3RXb3JkQnJlYWtlckRpYWdub3N0aWNPcGVy\n" + " YXRvciwxMCwwO1Bvc3RXb3JkQnJlYWtlckRpYWdub3N0aWNPcGVyYX\n" + " RvciwxMSwwO1RyYW5zcG9ydFdyaXRlclByb2R1Y2VyLDIwLDY=\n" + "X-MS-Exchange-Forest-IndexAgent: 1 725\n" + "X-MS-Exchange-Forest-EmailMessageHash: 759BD60A\n" + "X-MS-Exchange-Forest-Language: en\n" + "X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent\n" + "\n" + "Hi Eric,\n" + "\n" + "> \n" + "> Amusingly, the existing KEYCTL_DH_* APIs, and the KEYCTL_ECDH_* APIs proposed by\n" + "> this patch, only operate on user keys that the process has READ access to. This\n" + "> means that the keys can be trivially extracted by a shell script running in your\n" + "> user session. That's *less* secure than using an isolated process...\n" + "> \n" + "\n" + "I can see this being true for user or session keys, but I don't think this is \n" + "true of process or thread specific keys. At least I couldn't read any keys out \n" + "of a test app when I tried.\n" + "\n" + "Regards,\n" -Denis -c2f44147ec963cefdcf26dfe6ec2163e1342141f94590df86b3dee664d87e28f +d40a0f849391276dc61b3de2eed25281a88973a5fff58959e4b752116c29683e
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox