Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp378791lqz; Sat, 30 Mar 2024 00:04:47 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXdAd8dkr3+cn3jDEu6R1pN8hLEJbmFJnc23PlQzawBZdUCiwxJBqIhMeWKcne3pHchO8sEO8Ijdrp6pEhUEncvllqQCbITEdlCMxhabw== X-Google-Smtp-Source: AGHT+IE6Qx6i8IETx7RgmsahhB5aKPl/Oob08yACw78BQ4lNTfdkA8t1t3l1QjTJW/+5D72OgZl1 X-Received: by 2002:a17:906:fe42:b0:a4e:375b:ef1a with SMTP id wz2-20020a170906fe4200b00a4e375bef1amr2637183ejb.13.1711782287555; Sat, 30 Mar 2024 00:04:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711782287; cv=pass; d=google.com; s=arc-20160816; b=yLaKDXOeUgQCLeyYkpi0x4JSoGqFV/tGWs5RakdJlAht21FOgvko8JGckfUNo9+mEP 4CjXZZBzlj71wWjIKrNzp/jxoWM48+hhEFWmXWuXWv47jL0QTm5gqZsth3sjwWGl9bzq HEWJei/aRKzTRZxH9SsYOs/gOq3HoWafQ9KZDUlX8Y75k9T65bfyxrfu+CQq7jd98V+Q arzseRwlAeiEH/Sk5cqwjlXRyJr+829HK10Z0mnRxPmD6pOTu5a5NklBXFlYQmTMj+VR QCfxfXviNCdlQY0VkahZ27Q/jgy+QVNxqKTrCHor5vWl6X5eAktgQb32Z7rJ3IEDxER0 XujA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=LBmSoGvAcG+0JDcRxSh5AOEssM+DbD1KFmGqg74rf28=; fh=xwdmWuMFNckQHDmzfJUDJnNiRsgHA83DMrELgO7cMrk=; b=QRCBzPEXWPdqwEz24rRdyr1NGlwShyqXpDw7WDVphwzNgm1sbOIoz14cBlFSzsMbXO vIblnZHstssoFd1FKLhAAqxSkKz/R5vEIb/o+6cohGJHtmKurwoqJTwJJxx/AMZPWzhY N4X4tzPRe/sJqgtCkaIXHyzT03tCZrQJ/58/Tu8OTCkiqtWeRvxzJIpMfUXf5GRU1Itx R8I8dMAbdY6UOgIXH/kMfN37Jr5V4ijykFnnXnSZp0ASEU+1Xn3NTuzt6MDEMjbhFclU ItLNeIbLCzQC4KpSpKDU4D67deHNZVrLO44U8Vm2Db7Ihq3gKuRB9xJPD3fLZCP0y83A WFTw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YUseh+i5; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-3118-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3118-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id ot14-20020a170906ccce00b00a46bcd6b654si2508573ejb.433.2024.03.30.00.04.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 Mar 2024 00:04:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3118-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YUseh+i5; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-3118-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3118-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 483201F215D6 for ; Sat, 30 Mar 2024 07:04:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 52C891C0DEA; Sat, 30 Mar 2024 07:04:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YUseh+i5" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0119B7FB; Sat, 30 Mar 2024 07:04:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711782280; cv=none; b=NClnz5hTmHhjpmggQHjUD8wqAHC+oiqw4ql6Mjblgdm6V4ia0OJ4MdrlbUCTM94oPIlYPENDjivp7nFiDvRQypWovHc8wK3kUTt2vzuA2FsnWZMNdtOJdnv3YLcyvXpNa8HZscOmIeVd1mfih4M46EOqJ8Ycwb5VDfaAfRJW4n0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711782280; c=relaxed/simple; bh=6skwf4Qku9XlVc9hVSWid4iW7kN43KKMxd9CZDDFHhE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=OSKQ8f6JePNYk/k6avA4FszrYUBqLC49XBMQ6gtf3VaOnhv/VaFz15ssmvetZ8m7N+TcaGSYqwBj8y2+/Bzf0sr9BJzeyrgCZQ81EpxSX0h6UPqhl6QGACC2iavfYpsAk2N+GRSsEeET9uy3rw9rDyaP6n+X3phxzuDVlL1c0AU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YUseh+i5; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 30554C433C7; Sat, 30 Mar 2024 07:04:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711782278; bh=6skwf4Qku9XlVc9hVSWid4iW7kN43KKMxd9CZDDFHhE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=YUseh+i5ndxW1primh8pCO2E/8TcMJ1bPVKtdAnBpp34J90y5pfd2lCIVIurFnpCF qUonlKS0MzoE3hYx77FM0N3ocDVFhCQOxtJrHjsBDKzkqYSpYGg5nNRFvNhvuQ242X kYRu3iHREYRhqL5/iJl0o5yh2Qg1uvK1LjVBGrVlH6y3I2xaTNJti0PFtKTd0tOucI MATCPMf2L7/yedOfhCyS6roaMc1fQFzELcb1DTTiyyoQGTiXQAOgU9DYw78mvsOC1b eiYs+k87RN1Slf1fM32DtPDORUnnREpf7rXkiX6T2gWKj7ttU+Bv0GvugbZQOnAD2c NBdl+o9JUzy8Q== Date: Sat, 30 Mar 2024 00:04:36 -0700 From: Eric Biggers To: Zhang Yiqun Cc: dhowells@redhat.com, jarkko@kernel.org, corbet@lwn.net, keyrings@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org Subject: Re: [PATCH] KEYS: Add ECDH support Message-ID: <20240330070436.GA2116@sol.localdomain> References: <20240330065506.3146-1-zhangyiqun@phytium.com.cn> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240330065506.3146-1-zhangyiqun@phytium.com.cn> [+Cc linux-crypto] On Sat, Mar 30, 2024 at 02:55:06PM +0800, Zhang Yiqun wrote: > This patch is to introduce ECDH into keyctl syscall for > userspace usage, containing public key generation and > shared secret computation. > > It is mainly based on dh code, so it has the same condition > to the input which only user keys is supported. The output > result is storing into the buffer with the provided length. > > Signed-off-by: Zhang Yiqun > --- > Documentation/security/keys/core.rst | 62 ++++++ > include/linux/compat.h | 4 + > include/uapi/linux/keyctl.h | 11 + > security/keys/Kconfig | 12 + > security/keys/Makefile | 2 + > security/keys/compat_ecdh.c | 50 +++++ > security/keys/ecdh.c | 318 +++++++++++++++++++++++++++ > security/keys/internal.h | 44 ++++ > security/keys/keyctl.c | 10 + > 9 files changed, 513 insertions(+) > create mode 100644 security/keys/compat_ecdh.c > create mode 100644 security/keys/ecdh.c Nacked-by: Eric Biggers The existing KEYCTL_PKEY_*, KEYCTL_DH_COMPUTE, and AF_ALG are causing enough problems. We do not need any more UAPIs like this. They are hard to maintain, break often, not properly documented, increase the kernel's attack surface, and what they do is better done in userspace. Please refer to the recent thread https://lore.kernel.org/linux-crypto/CZSHRUIJ4RKL.34T4EASV5DNJM@matfyz.cz/T/#u where these issues were discussed in detail. - Eric