On Wed, Mar 13, 2024 at 01:12:54PM -0700, James Prestwood wrote:
Hi,Thanks for pointing out that the relevant code is really in that separate
On 3/13/24 12:44 PM, Eric Biggers wrote:
On Wed, Mar 13, 2024 at 10:26:06AM -0700, James Prestwood wrote:IWD uses ELL for its crypto, which uses the AF_ALG API:
Hi,Which specific API is iwd using that is relevant here?
On 3/13/24 1:56 AM, Johannes Berg wrote:
Not sure why you're CC'ing the world, but I guess adding a few moreYes, the wireless stack has zero bearing on the issue. I think that's what
doesn't hurt ...
On Wed, 2024-03-13 at 09:50 +0100, Karel Balej wrote:
and I use iwdThis is your problem, the wireless stack in the kernel doesn't use any
kernel crypto code for 802.1X.
you meant by "problem".
IWD has used the kernel crypto API forever which was abruptly broken, that
is the problem.
The original commit says it was to remove support for sha1 signed kernel
modules, but it did more than that and broke the keyctl API.
I cloned https://kernel.googlesource.com/pub/scm/network/wireless/iwd
and grepped for keyctl and AF_ALG, but there are no matches.
https://git.kernel.org/pub/scm/libs/ell/ell.git/
repository. Note, it seems that keyctl() is the problem here, not AF_ALG. The
blamed commit didn't change anything for AF_ALG.
I believe the failure is when calling:Okay, I guess that's what's actually causing the problem. KEYCTL_PKEY_* are a
KEYCTL_PKEY_QUERY enc="x962" hash="sha1"
From logs Michael posted on the IWD list, the ELL API that fails is:
l_key_get_info (ell.git/ell/key.c:416)
weird set of APIs where userspace can ask the kernel to do asymmetric key
operations. It's unclear why they exist, as the same functionality is available
in userspace crypto libraries.
I suppose that the blamed commit, or at least part of it, will need to be
reverted to keep these weird keyctls working.
For the future, why doesn't iwd just use a userspace crypto library such as
OpenSSL?
- Eric