Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp4049118rwe;
        Tue, 30 Aug 2022 03:51:23 -0700 (PDT)
X-Google-Smtp-Source: AA6agR5Cwd+oiNDan73+JyJmrHwiJgpW9OgAZmzIgqXre+og0QLxUzIXvZze8h0Ssb2fIsBf5HQ8
X-Received: by 2002:a17:90b:1bc2:b0:1fe:1ad3:4a81 with SMTP id oa2-20020a17090b1bc200b001fe1ad34a81mr787672pjb.61.1661856683446;
        Tue, 30 Aug 2022 03:51:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661856683; cv=none;
        d=google.com; s=arc-20160816;
        b=QMZ7FSjnjQwWgos/9b/lkvAgU1GQHRzH2EFddRwR0+bId1JsxFOgg0MUnj/o5OSJsQ
         zzkMk4iAzMZzpCVNf9goJ4lKNGt/Ft0T/yeUJVD0AaSfE4dp79TCNXhulOIfHNCgmDyP
         jmTBxF3DRLIIWv06p/wF8rqSt7kKjGzClbBcO0dS4CkKCOyv8cAmz/zXDyvuuFbHP3ww
         epCsy+pCNQVPc/OosNV0/btSC38MephbLrRVYUGlNInhh1XXLlB+2WQOQnDvefNDE+Rv
         oO6gxLwrZi1lkl7RtstVi6OYazWp7BcUHFd0QpGR+H7UjS1lCpSkPfJYtS2dKqFpIxii
         b90A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=D+Zr5m06Dz7pd1eCr8Zp9JUK+jm0toq4g0HWVGImRYA=;
        b=PWFM404ksV3MOhxDimx+PpqU+bn5ucIJ9YLQEsVZO2URjwgNTyWjluIHiFuAH3MgGH
         Jyt7BXZQ4dT+rLBAmwvrvTvc04n9B/u3vLth4vhWrcQQGog461h+j0keCUqYDWaH7073
         xsfZR7c7wd2MJXaSNmUBRfnu8qaRj4FFP/1c/DGq5XdukeS95BwraJh95luXQQhzOlHb
         ud3iV8a8I6jq3TDaef3zqvJIpj3QVzhsuTbnA0TGD905AIYw5zRjxx/bubGD3rt2DiRz
         Mj1fHTjU2fYSRQGJnQqqjX6S+wczZz8iaNXiS7V93hWPirPh/zLRXwUr370Rg9ScV22C
         uIbQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@cloudflare.com header.s=google header.b=abgFhPl4;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id rj5-20020a17090b3e8500b001fadd695e00si12521544pjb.146.2022.08.30.03.50.56;
        Tue, 30 Aug 2022 03:51:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@cloudflare.com header.s=google header.b=abgFhPl4;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229556AbiH3Ksi (ORCPT <rfc822;ooo213ooo@gmail.com> + 99 others);
        Tue, 30 Aug 2022 06:48:38 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49514 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229561AbiH3Ksf (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 30 Aug 2022 06:48:35 -0400
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90599DCFCE
        for <linux-crypto@vger.kernel.org>; Tue, 30 Aug 2022 03:48:34 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id q81so8859427iod.9
        for <linux-crypto@vger.kernel.org>; Tue, 30 Aug 2022 03:48:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cloudflare.com; s=google;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=D+Zr5m06Dz7pd1eCr8Zp9JUK+jm0toq4g0HWVGImRYA=;
        b=abgFhPl46C8ei+7f36OH7DAnCzAMmjSmJbnkvTvPumKxM3f1C6WzRbefKGvkLMtYsA
         NxpwF8HNjVwrUZ6K95DrwmzLJHXoauPusJCJ4avSH0MRD+rplq5ciQoaVkW+htEFWz4W
         sYCigAomDmWEBjn4ZQLux3KreIkC02bze3h9E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=D+Zr5m06Dz7pd1eCr8Zp9JUK+jm0toq4g0HWVGImRYA=;
        b=ZvfMMpW5tUmR7zPHaRrV0ImeMmtQZbV3/+wch77eoEse9dDvVj8VZmN2QmAPeg5rKn
         cxn/KOMRq/wQ6lmz899vjjRHTvtHycgfP6FaCL/2UHu/dnB/vImqaENh89aWvIj7QSLD
         2ySOGczDGoGB62NqPo+als3NGS2+zYy8qomxnpnud2mABzdiR3/jvpfZtbWMl8oxRSIS
         CIbNnsDhUV/xBUaJ5fvjBykoc4s/XWinzQoL6Non5yBcr7DDLOcjZ1797fscVtEua6w1
         YaioQPTxM3gUsc8WzIz4yUGGTbdBzP/Dx6IZg0kBf6tklEgjoxKU1/GKNEWv3eviwB1X
         F8qA==
X-Gm-Message-State: ACgBeo3JQY0cpQuXDLv3kA1ZiOQao5iEQBw0og7Tu5w//Jgz+b5lbdOZ
        4opy2pgbYXYVldUg3SmzLhznvImy89DC64xvv8LWbq1NcgRqiAmX
X-Received: by 2002:a05:6602:15ce:b0:688:e4fd:bbfc with SMTP id
 f14-20020a05660215ce00b00688e4fdbbfcmr10180294iow.121.1661856513754; Tue, 30
 Aug 2022 03:48:33 -0700 (PDT)
MIME-Version: 1.0
References: <20220729165954.991-1-ignat@cloudflare.com> <Yv9dvvy0rK/1T0sU@gondor.apana.org.au>
 <CALrw=nEh7LX3DSCa3FTu8BYr4QWx+W2h3Jei9Qo67+XXH-Vegw@mail.gmail.com> <Yw3Rneo6Ik1QEfbG@gondor.apana.org.au>
In-Reply-To: <Yw3Rneo6Ik1QEfbG@gondor.apana.org.au>
From:   Ignat Korchagin <ignat@cloudflare.com>
Date:   Tue, 30 Aug 2022 11:48:23 +0100
Message-ID: <CALrw=nGJgMACrFVy+FVVCDb4H3wNUN2E-GLZaXzLsm3ReOUeVg@mail.gmail.com>
Subject: Re: [PATCH] crypto: akcipher - default implementations for setting
 private/public keys
To:     Herbert Xu <herbert@gondor.apana.org.au>
Cc:     "David S . Miller" <davem@davemloft.net>,
        linux-crypto <linux-crypto@vger.kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        kernel-team <kernel-team@cloudflare.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Tue, Aug 30, 2022 at 10:00 AM Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> On Mon, Aug 29, 2022 at 11:48:23AM +0100, Ignat Korchagin wrote:
> >
> > I can only elaborate here as I didn't encounter any real-world
> > use-cases, but may assume some limited crypto hardware device, which
> > may somehow "encourage" doing public key operations in software and
> > providing only "private-key" operations due to its limited resources.
>
> In general if a hardware is missing a piece of the functinoality
> required by the API then it should implement a software fallback.
>
> The only time such a NULL helper would make sense if an algorithm
> had no public key.

I vaguely remember some initial research in quantum-resistant
signatures, which used HMAC for "signing" thus don't have any public
keys. But it is way beyond my expertise to comment on the practicality
and availability of such schemes.

I'm more concerned here about a buggy "third-party" RSA driver, which
may not implement the callback and which gets prioritised by the
framework, thus giving the ability to trigger a NULL-ptr dereference
from userspace via keyctl(2). I think the Crypto API framework should
be a bit more robust to handle such a case, but I also understand that
there are a lot of "if"s in this scenario and we can say it is up to
crypto driver not to be buggy. Therefore, consider my opinion as not
strong and I can post a v2, which does not provide a default stub for
set_pub_key, if you prefer.

Ignat