lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHmME9o4Vu_rPqWkPYgD79perwqgL-f8hh1j7dWZQczBZD1dww@mail.gmail.com>
Date:   Tue, 1 Mar 2022 19:18:53 +0100
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     "Rafael J. Wysocki" <rafael@...nel.org>
Cc:     Pavel Machek <pavel@....cz>, Len Brown <len.brown@...el.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux PM <linux-pm@...r.kernel.org>
Subject: Re: [PATCH] PM: notify of PM_POST_VMFORK events from vmgenid

Hi Rafael,

On Tue, Mar 1, 2022 at 6:36 PM Rafael J. Wysocki <rafael@...nel.org> wrote:
>
> On Tue, Mar 1, 2022 at 6:31 PM Jason A. Donenfeld <Jason@...c4.com> wrote:
> >
> > There's an additional virtual power state that various crypto-oriented
> > drivers may benefit from being notified of, such as WireGuard: right
> > after a virtual machine has forked. In WireGuard's case, the PM notifier
> > there that clears keys pre-suspend will be adjusted to also clear them
> > post-vmfork. This trivial commit wires up the machinery for that change,
> > which builds on the recently added vmgenid driver in the random.git
> > tree.
>
> Well, what does power management have to do with WireGuard'?

I guess a bit more background would be in order. If I post a v2 of
this, I'll include that there. But for now:

WireGuard has ephemeral session keys. They're not supposed to exist
for longer than a few minutes for a crypto property called "forward
secrecy". In order to ensure this, WireGuard currently registers a PM
notifier that fires before suspend/hibernate, which memzeros the
various keys. That's all well and fine and works.

There's now another power-ish event that WireGuard also cares about:
when a virtual machine has been forked. In this case, too, the
reaction is the same - memzero the various keys, only for a different
reason: rather than forward secrecy, the property we want here is that
a key+nonce tuple is never used on more than one plaintext.

The argument of this patchset is that VM forking is kind of like a
power event, so why not re-use the same notifier for that. However, if
you disagree, I could move ahead with a separate notification
mechanism not involving the PM notifier.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ