Re: Crypto Update for 2.6.38

From: Neil Horman
Date: Mon Jan 10 2011 - 07:03:38 EST

Next message: Ryusuke Konishi: "[GIT PULL] nilfs2 updates for 2.6.38"
Previous message: Felipe Balbi: "Re: [PATCH] musb: move usb_add_hcd to the core init code fromgadget code (v2)"
In reply to: Nikos Mavrogiannopoulos: "Re: Crypto Update for 2.6.38"
Next in thread: Dag Arne Osvik: "Re: Crypto Update for 2.6.38"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jan 08, 2011 at 03:23:04PM +0200, Nikos Mavrogiannopoulos wrote:
> On Fri, Jan 7, 2011 at 2:04 PM, Neil Horman <nhorman@xxxxxxxxxxxxx> wrote:
>
> >> Btw, it doesn't have to be about performance per se. Does this allow
> >> people to use keys without actually _seeing_ those keys? Your example
> >> implies that that is not the case, but that's actually one of the few
> >> reasons to actually support a kernel crypto interface - the ability to
> >> have private personal keys around, but not having to actually let
> >> possibly untrusted programs see them.
> > This actually is an indirect feature of this interface. Using it, you can open
> > a algorithm socket, select a specific alg, assign a key, and then pass that
> > socket descriptor over a unix socket to an another process using an
> > SCM_RIGHTS ancilliary message. The receiving process can then use children
> > acceppted from that passed socket to preform the configured crypto operation
> > without any knoweldge of the keys used in it. I can write a demo app if you
> > like.
>
> Several things have to be considered when extending an interface like
> that. For example, do the algorithm implementations protect against
> timing attacks, or keys can be recovered, using them? What is the
No, the kernel does not implement any protection against timing attacks in the
algorithms per-se, but preforming a timing attack against a kernel crypto
operation is going to be near impossible anyway, as precise timing measurements
are going to get obscured by interupts, scheduling jitter, lock contention, and
various other factors that will make measuring syscall time fairly useless.

> purpose of cryptographic key separation? If long term keys are to be
My only purpose was to answer Linus' question. He wondered if other user space
programs could use instances of cyrpto algs over this interface without needing
to hold key data. I was illustrating how that could be done.

Neil

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ryusuke Konishi: "[GIT PULL] nilfs2 updates for 2.6.38"
Previous message: Felipe Balbi: "Re: [PATCH] musb: move usb_add_hcd to the core init code fromgadget code (v2)"
In reply to: Nikos Mavrogiannopoulos: "Re: Crypto Update for 2.6.38"
Next in thread: Dag Arne Osvik: "Re: Crypto Update for 2.6.38"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]