lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Y1tibAzBGI3F+6xw@gondor.apana.org.au>
Date:   Fri, 28 Oct 2022 13:02:36 +0800
From:   Herbert Xu <herbert@...dor.apana.org.au>
To:     Frederick Lawler <fred@...udflare.com>
Cc:     davem@...emloft.net, ebiggers@...gle.com, hch@....de,
        smueller@...onox.de, dhowells@...hat.com, omosnace@...hat.com,
        keyrings@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-crypto@...r.kernel.org, kernel-team@...udflare.com
Subject: Re: [PATCH 1/1] crypto: af_alg - Support symmetric encryption via
 keyring keys

On Mon, Oct 17, 2022 at 02:25:00PM -0500, Frederick Lawler wrote:
> We want to leverage keyring to store sensitive keys, and then use those
> keys for symmetric encryption via the crypto API. Among the key types we
> wish to support are: user, logon, encrypted, and trusted.
> 
> User key types are already able to have their data copied to user space,
> but logon does not support this. Further, trusted and encrypted keys will
> return their encrypted data back to user space on read, which does not
> make them ideal for symmetric encryption.
> 
> To support symmetric encryption for these key types, add a new
> ALG_SET_KEY_BY_KEY_SERIAL setsockopt() option to the crypto API. This
> allows users to pass a key_serial_t to the crypto API to perform
> symmetric encryption. The behavior is the same as ALG_SET_KEY, but
> the crypto key data is copied in kernel space from a keyring key,
> which allows for the support of logon, encrypted, and trusted key types.
> 
> Keyring keys must have the KEY_(POS|USR|GRP|OTH)_SEARCH permission set
> to leverage this feature. This follows the asymmetric_key type where key
> lookup calls eventually lead to keyring_search_rcu() without the
> KEYRING_SEARCH_NO_CHECK_PERM flag set.
> 
> Signed-off-by: Frederick Lawler <fred@...udflare.com>
> ---
> RFC: https://lore.kernel.org/all/20221004212927.1539105-1-fred@cloudflare.com/
> 
> We have an idea for handling the case of leaking key data with bad
> algorithms, but asymmetric keys currently have the same problem if any were
> added as a akcipher type. If KEY_*_SEARCH is not good enough, we thought
> of possibly implementing a KConfig such that we disable leaky algorithms
> when selected, or possibly the inverse where if a leaky algorithm is
> enabled, we don't allow to enable this. The problem there is now there's
> a list to maintain.
> ---
>  Documentation/crypto/userspace-if.rst |  15 ++-
>  crypto/af_alg.c                       | 135 +++++++++++++++++++++++++-
>  include/uapi/linux/if_alg.h           |   1 +
>  3 files changed, 147 insertions(+), 4 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ