undefined | Better HN

0 pointsangry_octet25d ago0 comments

All the uses of vmsplice etc are a bit tricky, and that points to the need for a better interface. But given you're using splice, why not do the crypto in user space? A belief that it is better to be fast and buggy than safe and slower?

0 comments

eqvinox25d ago

If neither a hardware component nor kernel key management is involved, crypto should be done in userspace, end of sentence.

The more I think about it, the more I think it should be behind CAP_SYS_ADMIN, or a new CAP_KCRYPT (better name TBD. CAP_CRYPT_OFFLOAD?)

angry_octetOP25d ago

Yes it should definitely require a capability.

Still a risk that some admin-enabled method (like enabling an IPsec VPN) provides a path to it, but would reduce the potential for crafting weird inputs.

angry_octetOP25d ago

I'm also wondering if it couldn't be rewritten to use io_uring interfaces.

j / k navigate · click thread line to collapse

0 comments

eqvinox25d ago

If neither a hardware component nor kernel key management is involved, crypto should be done in userspace, end of sentence.

The more I think about it, the more I think it should be behind CAP_SYS_ADMIN, or a new CAP_KCRYPT (better name TBD. CAP_CRYPT_OFFLOAD?)

angry_octetOP25d ago

Yes it should definitely require a capability.

Still a risk that some admin-enabled method (like enabling an IPsec VPN) provides a path to it, but would reduce the potential for crafting weird inputs.

angry_octetOP25d ago

I'm also wondering if it couldn't be rewritten to use io_uring interfaces.

j / k navigate · click thread line to collapse