Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type

From: Tadeusz Struk
Date: Wed Jan 13 2016 - 11:18:04 EST


On 01/13/2016 07:06 AM, David Woodhouse wrote:
> On Wed, 2016-01-13 at 06:05 -0800, Tadeusz Struk wrote:
>>
>> I agree, ideally keyctl should do the job for all the cases and
>> request_key() should just return a key data.
>
> No, you can NOT RELY ON HAVING THE KEY DATA. It might be in hardware.

Ok, I get it now.

> You might have something which will perform sign/verify/encrypt/decrypt
> operations *with* the key at your request, but which can never just
> *give* you the key.
>
> Any crypto API which relies on *having* the key is fundamentally wrong.
>

All the crypto APIs out there rely on this.

I think the coupling of an algorithm to its key is the problem here.
Usually an algorithm should be able to work with any (valid) key.

The solution to this can be implemented on the crypto API.
If the TMP driver would register its supported algorithms on the crypto API
and in the setkey function it would check if a key is a real key or this
"something" (probably a ptr to TMP dev instance?) then in the first
case it would fallback to an implementation that takes a key data.
In the second case it can do its thing whatever it is.

This will make it transparent to the users of both the request_key()
and the crypto API.
Thanks,
--
TS