Hi,
On 10/26/2015 09:54 PM, Marcel Holtmann wrote:
> Hi Stephan,
>
>> This patch set adds the AF_ALG user space API to externalize the
>> asymmetric cipher API recently added to the kernel crypto API.
>>
>> The patch set is tested with the user space library of libkcapi [1].
>> Use [1]
Am Dienstag, 27. Oktober 2015, 18:19:01 schrieb David Woodhouse:
Hi David,
>
>That's largely orthogonal to the point Marcel was making.
>
>The point is that akcipher is limited to using keys for which we have
>the private key material available directly in software. We cannot
Agreed.
>expose
Hi Marcel,
On 10/26/2015 09:54 PM, Marcel Holtmann wrote:
> after having discussions with David Howells and David Woodhouse, I don't
> think we should expose akcipher via AF_ALG at all. I think the akcipher
> operations for sign/verify/encrypt/decrypt should operate on asymmetric keys
> in the
On Tue, 2015-10-27 at 11:50 +0100, Stephan Mueller wrote:
>
> >expose that critically limited API to userspace. We need to expose an
> >API which supports hardware keys, and basically that means using the
> >kernel's key subsystem.
>
> Agreed. But at the same time, that interface should be able
Am Mittwoch, 28. Oktober 2015, 08:15:16 schrieb David Woodhouse:
Hi David,
>
>Absolutely. The interface needs to support *both*.
>
>I've spent a lot of time chasing through userspace stacks, fixing
>broken assumptions that we will *always* have the actual key material
>in a file — and making
Am Mittwoch, 28. Oktober 2015, 08:43:16 schrieb David Woodhouse:
Hi David,
> > Albeit that all sounds like the crown jewel, how do you propose that shall
> > happen?
> >
> > Assume that you have a web server that has a pub and priv key in its
> > current configuration -- I guess that is the
Hi Stephan,
>>> Albeit that all sounds like the crown jewel, how do you propose that shall
>>> happen?
>>>
>>> Assume that you have a web server that has a pub and priv key in its
>>> current configuration -- I guess that is the vast majority of configs.
>>>
>>> Can you please elaborate how the
Am Mittwoch, 28. Oktober 2015, 09:37:02 schrieb David Woodhouse:
Hi David,
> On Wed, 2015-10-28 at 00:47 +0100, Stephan Mueller wrote:
> > Ohh, I see. So, you are saying that there should not be a setpub/privkey
> > for the akcipher AF_ALG interface?!
> >
> > If somebody wants to use akcipher,
Am Mittwoch, 28. Oktober 2015, 09:46:51 schrieb Marcel Holtmann:
Hi Marcel,
> So if a server has public/private key pair, then the first thing that should
> the server do is load this key pair into the kernel and retrieve a key
> serial for it. And then use this key id to derive the session key.
On Wed, 2015-10-28 at 00:35 +0100, Stephan Mueller wrote:
> Am Mittwoch, 28. Oktober 2015, 08:15:16 schrieb David Woodhouse:
>
> Hi David,
> >
> > Absolutely. The interface needs to support *both*.
> >
> > I've spent a lot of time chasing through userspace stacks, fixing
> > broken assumptions
On Wed, 2015-10-28 at 00:47 +0100, Stephan Mueller wrote:
>
> Ohh, I see. So, you are saying that there should not be a setpub/privkey for
> the akcipher AF_ALG interface?!
>
> If somebody wants to use akcipher, he shall set the key via the keyring and
> akcipher shall obtain it from the
On Wed, 2015-10-28 at 02:18 +0100, Stephan Mueller wrote:
>
> But having a tie between both, the kernel crypto API and the key system, that
> cannot be cut any more is something I am not sure about. Both should and
> would
> work in isolation of each other as both serve different needs.
Sure,
Hi Stephan,
> This patch set adds the AF_ALG user space API to externalize the
> asymmetric cipher API recently added to the kernel crypto API.
>
> The patch set is tested with the user space library of libkcapi [1].
> Use [1] test/test.sh for a full test run. The test covers the
> following
On Mon, Oct 19, 2015 at 09:14:09AM +0200, Stephan Mueller wrote:
>
> However, I would suggest that you pull patch 1/5 as this is a bug fix that
> may
> affect even other users.
Sure I'll look into it.
Thanks,
--
Email: Herbert Xu
Home Page:
Am Montag, 19. Oktober 2015, 09:32:30 schrieb Herbert Xu:
Hi Herbert,
> On Sun, Oct 18, 2015 at 12:44:00PM +0200, Stephan Mueller wrote:
> > Hi,
> >
> > This patch set adds the AF_ALG user space API to externalize the
> > asymmetric cipher API recently added to the kernel crypto API.
> >
> >
Hi,
This patch set adds the AF_ALG user space API to externalize the
asymmetric cipher API recently added to the kernel crypto API.
The patch set is tested with the user space library of libkcapi [1].
Use [1] test/test.sh for a full test run. The test covers the
following scenarios:
*
On Sun, Oct 18, 2015 at 12:44:00PM +0200, Stephan Mueller wrote:
> Hi,
>
> This patch set adds the AF_ALG user space API to externalize the
> asymmetric cipher API recently added to the kernel crypto API.
>
> The patch set is tested with the user space library of libkcapi [1].
> Use [1]
17 matches
Mail list logo