| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zj6da1nANulG5cb5@x130.lan> Date: Fri, 10 May 2024 15:19:23 -0700 From: Saeed Mahameed <saeed@...nel.org> To: Jakub Kicinski <kuba@...nel.org> Cc: netdev@...r.kernel.org, pabeni@...hat.com, willemdebruijn.kernel@...il.com, borisp@...dia.com, gal@...dia.com, cratiu@...dia.com, rrameshbabu@...dia.com, steffen.klassert@...unet.com, tariqt@...dia.com Subject: Re: [RFC net-next 01/15] psp: add documentation On 09 May 20:04, Jakub Kicinski wrote: >Add documentation of things which belong in the docs rather >than commit messages. > >Signed-off-by: Jakub Kicinski <kuba@...nel.org> >--- > Documentation/networking/index.rst | 1 + > Documentation/networking/psp.rst | 138 +++++++++++++++++++++++++++++ > 2 files changed, 139 insertions(+) > create mode 100644 Documentation/networking/psp.rst > >diff --git a/Documentation/networking/index.rst b/Documentation/networking/index.rst >index 7664c0bfe461..0376029ecbdf 100644 >--- a/Documentation/networking/index.rst >+++ b/Documentation/networking/index.rst >@@ -94,6 +94,7 @@ Refer to :ref:`netdev-FAQ` for a guide on netdev development process specifics. > ppp_generic > proc_net_tcp > pse-pd/index >+ psp > radiotap-headers > rds > regulatory >diff --git a/Documentation/networking/psp.rst b/Documentation/networking/psp.rst >new file mode 100644 >index 000000000000..a39b464813ab >--- /dev/null >+++ b/Documentation/networking/psp.rst >@@ -0,0 +1,138 @@ >+.. SPDX-License-Identifier: GPL-2.0-only >+ >+===================== >+PSP Security Protocol >+===================== >+ >+Protocol >+======== >+ >+PSP Security Protocol (PSP) was defined at Google and published in: >+ >+https://raw.githubusercontent.com/google/psp/main/doc/PSP_Arch_Spec.pdf >+ >+This section briefly covers protocol aspects crucial for understanding >+the kernel API. Refer to the protocol specification for further details. >+ >+Note that the kernel implementation and documentation uses the term >+"secret state" in place of "master key", it is both less confusing >+to an average developer and is less likely to run afoul any naming >+guidelines. >+ [ ... ] >+User facing API >+=============== >+ >+PSP is designed primarily for hardware offloads. There is currently >+no software fallback for systems which do not have PSP capable NICs. >+There is also no standard (or otherwise defined) way of establishing >+a PSP-secured connection or exchanging the symmetric keys. >+ >+The expectation is that higher layer protocols will take care of >+protocol and key negotiation. For example one may use TLS key exchange, >+announce the PSP capability, and switch to PSP if both endpoints >+are PSP-capable. >+ The documentation doesn't include anything about userspace, other than highlevel remarks on how this is expected to work. What are we planning for userspace? I know we have kperf basic support and some experimental python library, but nothing official or psp centric. I propose to start community driven project with a well established library, with some concrete sample implementation for key negotiation, as a plugin maybe, so anyone can implement their own key-exchange mechanisms on top of the official psp library.
Powered by blists - more mailing lists