Received: by 2002:ab2:2994:0:b0:1ef:ca3e:3cd5 with SMTP id n20csp359308lqb; Thu, 14 Mar 2024 13:21:17 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXKfijaPxAPeBjnAAYcp9XfH77bWj2O5W3q1P1dmtlILX9Lp2X97VWAQItTxgLKYph/YV9sEQ6K3ZGT3uBLiLpZsNOhdOq+7BXnN9J1AA== X-Google-Smtp-Source: AGHT+IHx/vo9tI0kqCl5xptcoKIwjvYp7Q6lVifFeKOo69nKvu3QW0EccV8jL/7nQx7CXqRyMQmV X-Received: by 2002:ac2:5609:0:b0:513:a088:176b with SMTP id v9-20020ac25609000000b00513a088176bmr834900lfd.66.1710447677817; Thu, 14 Mar 2024 13:21:17 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710447677; cv=pass; d=google.com; s=arc-20160816; b=ID0Qi1dyUjP9sOkfldMe4gyCCWlXptej/t3XYLlaca9AzQEWlJ6+3goU9vZnzD3ndP lTnhyVY786INsRv5njOcg7UfnBoOqQeky4L6tECSNl82OJetU4u0fZ6qNjv5DxFs7+pC 28svB9ZMPbydRvmQllJ56DlIcqSb7ObMs6agJ72IfyEgwdmjbMEZly14aj2VIurjEDZL ld6GNrLXTYwoB0FKZbWF2StLMfGdh8P+SWGLB9XHwD1p9+akQc+BczpzwMv8m90M+dng Li90grcM/Y1nsNrbALTiCaFFQF2KsS5XEjuRwdIWvlQGdHStnu0GRjutj16q/OL95Mk2 PieQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Z+cn3ko8whY4rEyoa9egEWKPt2NsSP7gQgUVo8WnucY=; fh=3NzQ/+bDWEjk5ejIKSblePpZ/3GP2vQgVUZmJh8CqNg=; b=jWJvb3ozOc8Unw7HkL1wZ/ZB7DgJ922oracqTOKnb73tJPHSoniQNP9SkL83KNJXnQ aHmYyNktsOimdYVJx1K8O9WN4xz3sfJdfRKOxTE/tr7hvQreSzPduEBs7YndKQMb1Wj7 izxfKKZGS+gfD+vOB4AMp5WM7J3FAdiIqoOgeOLz7jXHXTfX+TwW6+RdacTY1bnasOVt LBaj2ZefOY001yi0T8w3UruPKgfuP7/Tl6/QApQlFzQeQ2KEZoz6x3eJ2Puw5AC59h2Z VJCR2KFa83ee2vc5Z69WOvpCuked5ovDots53RmXsI2PdrfyHFLUElkK/nHTyAdHV2Jt 4FHA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JiGgULrq; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-wireless+bounces-4773-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4773-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id s3-20020a170906354300b00a4678f28502si479283eja.789.2024.03.14.13.21.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Mar 2024 13:21:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless+bounces-4773-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JiGgULrq; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-wireless+bounces-4773-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4773-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 5D1A11F21FBF for ; Thu, 14 Mar 2024 20:21:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6B96D762E5; Thu, 14 Mar 2024 20:20:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JiGgULrq" X-Original-To: linux-wireless@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B73C73539; Thu, 14 Mar 2024 20:20:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710447614; cv=none; b=e/YY0nz9fUdcd4ZE7HzTliBVlyTGoTv0r+GUjHNR/ms7E0zKSMPFDwUtER8cA0dU3zlq38VTaw+A0obENdYIV8od8zR2LUrz1UgS3z3vvyGk2wkbsvZbh88oAmAq4/xXye5JdzHeOZlSgD8QC7TkyU7GeLD4cpamL443+XjvHNU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710447614; c=relaxed/simple; bh=cy3JVoqeyW0KH3SWl1WPmlAiApJJBcq4bi9azOVKekw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=sNOgcvhftCOpiZJf9O/s0UnWVSkF9PpSEUScgowHGkaaj4Ysc+F56O2LBleVyillEeURaRpnULNF2zymrwHy/3DTuoAkYqOCdDpQBBAXy83n86GNXCAhfzkfA7p2DEtUBrCx5bKWulfWxr8E7nTEPbZ9l4RqHhJ8xDBfpFGI8Og= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JiGgULrq; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 160F0C433C7; Thu, 14 Mar 2024 20:20:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710447613; bh=cy3JVoqeyW0KH3SWl1WPmlAiApJJBcq4bi9azOVKekw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=JiGgULrqLSJsLtSgR8WM03tmpRc3CMAFhR/bfDoeU+9LPGerE4Pc/mPwuhUZoVf+p UhfvwuKWV9A0L6E9N9z+dI1nAQEd+BGX6oagzqpUMnCBzIiWOyDGMfu0ZezDpH/OKQ XVLEEhf/zPktdjGWnL2bR0gy+R/qfXYcKrVcndfus/hEcBOVKe4HU01b0F7ZeHmLI5 RtvgBv/aMi21Mn/NlgpRoIR3I6sv+Pgcx0F8yJBID1e7imSz3zmMbO0bZys0UFCndM FfRrgj7/173xy3VGd9djYP6FlvpiiGVV+K4QDnrGYph8/LR5bOYayXEUEI9CM2EFtX k2B1rVZXvmBrA== Date: Thu, 14 Mar 2024 13:20:11 -0700 From: Eric Biggers To: James Prestwood Cc: Jeff Johnson , Johannes Berg , Karel Balej , dimitri.ledkov@canonical.com, alexandre.torgue@foss.st.com, davem@davemloft.net, dhowells@redhat.com, herbert@gondor.apana.org.au, keyrings@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, mcgrof@kernel.org, mcoquelin.stm32@gmail.com, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, iwd@lists.linux.dev Subject: Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support Message-ID: <20240314202011.GB1132@sol.localdomain> References: <005f998ec59e27633b1b99fdf929e40ccfd401c1.camel@sipsolutions.net> <20240313194423.GA1111@sol.localdomain> <20240313202223.GB1111@sol.localdomain> <20240313221043.GC1111@sol.localdomain> <20240313230611.GD1111@sol.localdomain> Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Thu, Mar 14, 2024 at 04:52:47AM -0700, James Prestwood wrote: > IWD uses AF_ALG/keyctl for _all_ its crypto, cipher, and checksum needs. > Anything that wifi requires as far as crypto goes IWD uses the kernel, > except ECC is the only exception. The entire list of crypto requirements > (for full support at least) for IWD is here: > > https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/tools/test_runner_kernel_config That's quite an extensive list, and it's not documented in the iwd README. Don't you get bug reports from users who are running a kernel that's missing one of those options? > For KEYCTL_PKEY_* specifically we use it for all asymmetric crypto > operations, (query), encrypt, decrypt, sign, verify. > > I'll be honest, the AF_ALG/keyctl support in ELL was mostly done by the time > I started working on IWD so I was not aware the documentation was so poor. > That is an entirely separate issue than this IMO, and I'm happy to help with > getting docs updated to include a proper list of supported features. In > addition maybe some automated testing that gets run on kernel builds which > actually exercises this API so it doesn't get accidentally get broken in the > future? Docs/tests IMO are the proper "fix" here, not telling someone to > stop using an API that has existed a long time. I looked into the history, and it seems the KEYCTL_PKEY_* APIs were added as a collaboration between the iwd developers and the kernel keyrings maintainer. So, as far as I can tell, it's not that the kernel had an existing API that iwd started using. It's that iwd got some APIs added to the kernel for themselves. KEYCTL_PKEY_* don't seem to have been adopted elsewhere; Debian Code Search doesn't return any notable results. keyctl does provide a command-line interface to them, but I can't find any users of the keyctl commands either. Then, everyone disappeared and it got dumped on the next generation of kernel developers, who often don't know that this API even exists. And since the API is also poorly specified and difficult to maintain (e.g., changing a seemingly unrelated part of the kernel can break it), the results are predictable... And of course the only thing that breaks is iwd, since it's the only user. It would be worth taking a step back and looking at the overall system architecture here. Is this the best way to ensure a reliable wireless experience for Linux users? Maybe it's time to admit that KEYCTL_PKEY_* was basically an experiment, and a different direction (e.g. using OpenSSL) should be taken... (Another issue with the kernel keyrings stuff is that provides a significant attack surface for the kernel to be exploited.) If you do decide to continue with the status quo, it may be necessary for the iwd developers to take a more active role in maintaining this API in order to ensure it continues working properly for you. AF_ALG is on *slightly* firmer ground since it's been around for longer, is properly part of the crypto subsystem, and has a few other users. Unfortunately it still suffers from the same issues though, just to a slightly lesser degree. > I'm also not entirely sure why this stuff continues to be removed from the > kernel. First MD4, then it got reverted, then this (now reverted, thanks). > Both cases there was not clear justification of why it was being removed. These algorithms are insecure, and it's likely that the author of these commits thought that there were no remaining users and nothing would break. Removing them is a worthy goal for code maintenance purposes and to avoid providing insecure options that could accidentally be used. The AF_ALG and KEYCTL_PKEY_* APIs are very easy to overlook and I suspect that the author of these commits did not know about them. These APIs are rarely used, not well specified, the availability of them and specific algorithms varies by kernel configuration, and userspace only uses a subset of the algorithms in the kernel's museum of crypto primitives anyway. So it's plausible that there are algorithms that no one is using or that at least there is a fallback for, so can be safely removed... - Eric