Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space interface

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Pavel Machek

Subject: Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space interface

Date: Tuesday, August 24, 2010 - 11:20 pm

Hi!

quoted text> Motivations for the extensions: governments are asking for more security
> features in the operating systems they procure, which make user-space
> implementations impractical.  A few examples:
> 
> * Advanced crypto module for OSPP for Common Criteria requires OS services
>   implementing several low-level crypto algorithms (e.g. AES, RSA).  This
>   requires the separation of crypto services from the consumer of those
>   services. (The threat model is that apps tend to have more vulnerabilities
>   than libraries and compromise of the app will lead to the ability to access
>   key material.) An user-space library is not separated, options are a) root
>   running daemon that does crypto, but this would be slow due to context
>   switches, scheduler mismatching and all the IPC overhead and b) use crypto
>   that is in the kernel.

Hmm, root daemon seems like a way to go. You already do the switch
into the kernel... and "IPC is slow" is not good enough reason to put
everything in kernel. Plus, you should be able to get better usage of
multicore with daemon.

Numbers?
								Pavel


quoted text> * FIPS-140-3 calls out for cryptographic functions to be non-debuggable (ptrace)
>   meaning that you cannot get to the key material. The solution is the same as
>   above.
> 
> * GPOSPP requires auditing for crypto events (so does FIPS-140 level 2 cert).
>   To do this you need any crypto to have CAP_AUDIT_WRITE permissions which
>   means making everything that links to openssl, libgcrypt, or nss setuid
>   root. Making firefox and 400 other applications setuid root is a non-starter.
>   So, the solution is again to use crypto in the kernel where auditing needs no
>   special permissions.
> 
> Other advantages to having kernel crypto available to user space:
> 
> * User space will be able to take advantage of kernel drivers for hardware
>   crypto accelerators.
> 
> * glibc, which in some configurations links to libfreebl3.so for hashes
>   necessary for crypt(), will be able to use the kernel implementation; this
>   means one less library to load and dynamically link for each such process.
> 
> The code is derived from the original cryptodev-linux patch set; most of the
> new implementation was written by Nikos Mavrogiannopoulos
> <n.mavrogiannopoulos@gmail.com>.  Attributions are included in the respective
> source files.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 00/19] RFC, v2: "New" /dev/crypto user-space interface, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 01/19] User-space API definition, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 02/19] Add CRYPTO_USERSPACE config option, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 03/19] Add libtommath headers, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 04/19] Add libtomcrypt headers, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 05/19] Add internal /dev/crypto implementation headers, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 06/19] Add ioctl() argument and attribute handling ..., =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 07/19] Add crypto API utilities., =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 08/19] Add per-process and per-user limits, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 09/19] Add libtommath implementation, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 10/19] Add libtomcrypt implementation, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 10/19] Add libtommath implementation, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 11/19] Add algorithm properties table., =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 12/19] Add DH implementation and pubkey abstraction ..., =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 13/19] Add /dev/crypto auditing infrastructure, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 14/19] Add most operations on key objects., =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 15/19] Add key wrapping operations, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:45 am)

[PATCH 16/19] Add helpers for zero-copy userspace access, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:46 am)

[PATCH 17/19] Add session operations, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:46 am)

[PATCH 18/19] Add ioctl handlers, =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:46 am)

[PATCH 19/19] Finally, add the /dev/crypto device., =?UTF-8?q?Miloslav=2 ..., (Fri Aug 20, 1:46 am)

Re: [PATCH 01/19] User-space API definition, Stefan Richter, (Fri Aug 20, 5:48 am)

Re: [PATCH 06/19] Add ioctl() argument and attribute handl ..., Stefan Richter, (Fri Aug 20, 5:59 am)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Ted Ts'o, (Fri Aug 20, 6:56 am)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Nikos Mavrogiannopoulos, (Fri Aug 20, 10:03 am)

Re: [PATCH 01/19] User-space API definition, Randy Dunlap, (Fri Aug 20, 10:12 am)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Ted Ts'o, (Fri Aug 20, 4:48 pm)

Re: [PATCH 01/19] User-space API definition, Nikos Mavrogiannopoulos, (Sat Aug 21, 12:35 am)

Re: [PATCH 01/19] User-space API definition, Kyle Moffett, (Sat Aug 21, 6:09 am)

Re: [PATCH 01/19] User-space API definition, Nikos Mavrogiannopoulos, (Sat Aug 21, 7:54 am)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Arnd Bergmann, (Sat Aug 21, 10:08 am)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Nikos Mavrogiannopoulos, (Sun Aug 22, 12:52 am)

Re: [PATCH 01/19] User-space API definition, David Howells, (Sun Aug 22, 3:22 am)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Tomas Mraz, (Sun Aug 22, 11:39 pm)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Arnd Bergmann, (Mon Aug 23, 1:09 am)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Nikos Mavrogiannopoulos, (Mon Aug 23, 2:34 am)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Pavel Machek, (Tue Aug 24, 11:20 pm)

Re: [PATCH 00/19] RFC, v2: "New" /dev/crypto user-space in ..., Tomas Mraz, (Tue Aug 24, 11:44 pm)

Re: [PATCH 01/19] User-space API definition, Herbert Xu, (Fri Sep 3, 2:18 am)

Re: [PATCH 01/19] User-space API definition, Nikos Mavrogiannopoulos, (Fri Sep 3, 2:34 am)

Re: [PATCH 01/19] User-space API definition, Nikos Mavrogiannopoulos, (Fri Sep 3, 8:20 am)


linux-kernel:
Michael Trimarchi	Re: [PATCH] VFS: make file->f_pos access atomic on 32bit arch
Miklos Szeredi	[patch 14/15] vfs: more path_permission() conversions
Serge E. Hallyn	Re: [RFC v5][PATCH 7/8] Infrastructure for shared objects
Bernd Schmidt	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Takashi Iwai	[PATCH 2/2] input: Add LED support to Synaptics device
git:
Junio C Hamano	Re: mingw, windows, crlf/lf, and git
Eyvind Bernhardsen	Re: Where has "git ls-remote" reference pattern matching gone?
Shawn O. Pearce	Re: Switching from CVS to GIT
Todd Zullinger	Re: [PATCH 2/2] send-email: rfc2047-quote subject lines with non-ascii characters
Santi Béjar	Re: How to use git-fmt-merge-msg?
linux-netdev:
Ramkrishna Vepa	[net-2.6 PATCH 1/10] Neterion: New driver: Driver help file
Mark Anthony	invitation / inquiry
Ingo Molnar	Re: [PATCH 08/16] dma-debug: add core checking functions
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Sascha Hauer	[PATCH 03/12] fec: do not typedef struct types
git-commits-head:
Linux Kernel Mailing List	amba: struct device - replace bus_id with dev_name(), dev_set_name()
Linux Kernel Mailing List	MIPS: Yosemite: Convert SMP startup lock to arch spinlock.
Linux Kernel Mailing List	ARM: S5PC100: IRQ and timer
Linux Kernel Mailing List	davinci: edma: clear interrupt status for interrupt enabled channels only
Linux Kernel Mailing List	x86, mm, kprobes: fault.c, simplify notify_page_fault()
openbsd-misc:
Daniel A. Ramaley	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?
Matthias Kilian	Re: can't get vesa @ 1280x800 or nv
Tobias Ulmer	Re: Problem after upgrade 4.5 to 4.6: ERR M
Philip Guenther	Re: SIGCHLD and libpthread.so
J.C. Roberts	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?