From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "James Bottomley" <James.Bottomley@HansenPartnership.com>,
"Eric Biggers" <ebiggers@kernel.org>,
"Zhang Yiqun" <zhangyiqun@phytium.com.cn>
Cc: <dhowells@redhat.com>, <corbet@lwn.net>,
<keyrings@vger.kernel.org>, <linux-doc@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH] KEYS: Add ECDH support
Date: Sun, 31 Mar 2024 18:44:19 +0300 [thread overview]
Message-ID: <D081UQF5758Q.3TO9YN0PEQ0O1@kernel.org> (raw)
In-Reply-To: <087bbfcf95c9014ee8f87d482773244f0833b892.camel@HansenPartnership.com>
On Sat Mar 30, 2024 at 3:09 PM EET, James Bottomley wrote:
> On Sat, 2024-03-30 at 00:04 -0700, Eric Biggers wrote:
> > [+Cc linux-crypto]
> >
> > On Sat, Mar 30, 2024 at 02:55:06PM +0800, Zhang Yiqun wrote:
> > > This patch is to introduce ECDH into keyctl syscall for
> > > userspace usage, containing public key generation and
> > > shared secret computation.
> > >
> > > It is mainly based on dh code, so it has the same condition
> > > to the input which only user keys is supported. The output
> > > result is storing into the buffer with the provided length.
> > >
> > > Signed-off-by: Zhang Yiqun <zhangyiqun@phytium.com.cn>
> > > ---
> > > Documentation/security/keys/core.rst | 62 ++++++
> > > include/linux/compat.h | 4 +
> > > include/uapi/linux/keyctl.h | 11 +
> > > security/keys/Kconfig | 12 +
> > > security/keys/Makefile | 2 +
> > > security/keys/compat_ecdh.c | 50 +++++
> > > security/keys/ecdh.c | 318
> > > +++++++++++++++++++++++++++
> > > security/keys/internal.h | 44 ++++
> > > security/keys/keyctl.c | 10 +
> > > 9 files changed, 513 insertions(+)
> > > create mode 100644 security/keys/compat_ecdh.c
> > > create mode 100644 security/keys/ecdh.c
> >
> > Nacked-by: Eric Biggers <ebiggers@google.com>
> >
> > The existing KEYCTL_PKEY_*, KEYCTL_DH_COMPUTE, and AF_ALG are causing
> > enough problems. We do not need any more UAPIs like this. They are
> > hard to maintain, break often, not properly documented, increase the
> > kernel's attack surface, and what they do is better done in
> > userspace.
>
> Actually that's not entirely true. There is a use case for keys which
> is where you'd like to harden unwrapped key handling and don't have the
> ability to use a device. The kernel provides a harder exfiltration
> environment than user space, so there is a use case for getting the
> kernel to handle operations on unwrapped keys for the protection it
> affords the crytpographic key material.
>
> For instance there are people who use the kernel keyring to replace
> ssh-agent and thus *reduce* the attack surface they have for storing
> ssh keys:
>
> https://blog.cloudflare.com/the-linux-kernel-key-retention-service-and-why-you-should-use-it-in-your-next-application/
>
> The same thing could be done with gpg keys or the gnome keyring.
Eric has a correct standing given that the commit message does not have
motivation part at all.
With a description of the problem that this patch is supposed to solve
this would be more meaningful to review.
BR, Jarkko
next prev parent reply other threads:[~2024-03-31 15:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-30 6:55 [PATCH] KEYS: Add ECDH support Zhang Yiqun
2024-03-30 7:04 ` Eric Biggers
2024-03-30 13:09 ` James Bottomley
2024-03-31 0:48 ` Eric Biggers
2024-03-31 2:38 ` Denis Kenzior
2024-03-31 2:38 ` Denis Kenzior
2024-03-31 13:01 ` James Bottomley
2024-03-31 15:44 ` Jarkko Sakkinen [this message]
2024-03-30 11:00 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D081UQF5758Q.3TO9YN0PEQ0O1@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zhangyiqun@phytium.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).