Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Hi, On 10/26/2015 09:54 PM, Marcel Holtmann wrote: > Hi Stephan, > >> This patch set adds the AF_ALG user space API to externalize the >> asymmetric cipher API recently added to the kernel crypto API. >> >> The patch set is tested with the user space library of libkcapi [1]. >> Use [1]

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Dienstag, 27. Oktober 2015, 18:19:01 schrieb David Woodhouse: Hi David, > >That's largely orthogonal to the point Marcel was making. > >The point is that akcipher is limited to using keys for which we have >the private key material available directly in software. We cannot Agreed. >expose

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Hi Marcel, On 10/26/2015 09:54 PM, Marcel Holtmann wrote: > after having discussions with David Howells and David Woodhouse, I don't > think we should expose akcipher via AF_ALG at all. I think the akcipher > operations for sign/verify/encrypt/decrypt should operate on asymmetric keys > in the

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

On Tue, 2015-10-27 at 11:50 +0100, Stephan Mueller wrote: > > >expose that critically limited API to userspace. We need to expose an > >API which supports hardware keys, and basically that means using the > >kernel's key subsystem. > > Agreed. But at the same time, that interface should be able

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Mittwoch, 28. Oktober 2015, 08:15:16 schrieb David Woodhouse: Hi David, > >Absolutely. The interface needs to support *both*. > >I've spent a lot of time chasing through userspace stacks, fixing >broken assumptions that we will *always* have the actual key material >in a file — and making

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Mittwoch, 28. Oktober 2015, 08:43:16 schrieb David Woodhouse: Hi David, > > Albeit that all sounds like the crown jewel, how do you propose that shall > > happen? > > > > Assume that you have a web server that has a pub and priv key in its > > current configuration -- I guess that is the

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Hi Stephan, >>> Albeit that all sounds like the crown jewel, how do you propose that shall >>> happen? >>> >>> Assume that you have a web server that has a pub and priv key in its >>> current configuration -- I guess that is the vast majority of configs. >>> >>> Can you please elaborate how the

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Mittwoch, 28. Oktober 2015, 09:37:02 schrieb David Woodhouse: Hi David, > On Wed, 2015-10-28 at 00:47 +0100, Stephan Mueller wrote: > > Ohh, I see. So, you are saying that there should not be a setpub/privkey > > for the akcipher AF_ALG interface?! > > > > If somebody wants to use akcipher,

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Mittwoch, 28. Oktober 2015, 09:46:51 schrieb Marcel Holtmann: Hi Marcel, > So if a server has public/private key pair, then the first thing that should > the server do is load this key pair into the kernel and retrieve a key > serial for it. And then use this key id to derive the session key.

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

On Wed, 2015-10-28 at 00:35 +0100, Stephan Mueller wrote: > Am Mittwoch, 28. Oktober 2015, 08:15:16 schrieb David Woodhouse: > > Hi David, > > > > Absolutely. The interface needs to support *both*. > > > > I've spent a lot of time chasing through userspace stacks, fixing > > broken assumptions

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

On Wed, 2015-10-28 at 00:47 +0100, Stephan Mueller wrote: > > Ohh, I see. So, you are saying that there should not be a setpub/privkey for > the akcipher AF_ALG interface?! > > If somebody wants to use akcipher, he shall set the key via the keyring and > akcipher shall obtain it from the

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

On Wed, 2015-10-28 at 02:18 +0100, Stephan Mueller wrote: > > But having a tie between both, the kernel crypto API and the key system, that > cannot be cut any more is something I am not sure about. Both should and > would > work in isolation of each other as both serve different needs. Sure,

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Hi Stephan, > This patch set adds the AF_ALG user space API to externalize the > asymmetric cipher API recently added to the kernel crypto API. > > The patch set is tested with the user space library of libkcapi [1]. > Use [1] test/test.sh for a full test run. The test covers the > following

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

On Mon, Oct 19, 2015 at 09:14:09AM +0200, Stephan Mueller wrote: > > However, I would suggest that you pull patch 1/5 as this is a bug fix that > may > affect even other users. Sure I'll look into it. Thanks, -- Email: Herbert Xu Home Page:

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Montag, 19. Oktober 2015, 09:32:30 schrieb Herbert Xu: Hi Herbert, > On Sun, Oct 18, 2015 at 12:44:00PM +0200, Stephan Mueller wrote: > > Hi, > > > > This patch set adds the AF_ALG user space API to externalize the > > asymmetric cipher API recently added to the kernel crypto API. > > > >

[PATCH v2 0/5] crypto: add algif_akcipher user space API

Hi, This patch set adds the AF_ALG user space API to externalize the asymmetric cipher API recently added to the kernel crypto API. The patch set is tested with the user space library of libkcapi [1]. Use [1] test/test.sh for a full test run. The test covers the following scenarios: *

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

On Sun, Oct 18, 2015 at 12:44:00PM +0200, Stephan Mueller wrote: > Hi, > > This patch set adds the AF_ALG user space API to externalize the > asymmetric cipher API recently added to the kernel crypto API. > > The patch set is tested with the user space library of libkcapi [1]. > Use [1]