[Swan-dev] talk about new wireless daemon uses interesting kernel crypto facilities
Paul Wouters
paul at nohats.ca
Wed Nov 30 14:36:55 UTC 2016
On Tue, 29 Nov 2016, D. Hugh Redelmeier wrote:
> Could we, should we use the kernel instead of NSS?
There are pros and cons for this:
Pros:
+ New ciphers seem to appear in the kernel before they appear in NSS
+ Less dependency on userland crypto library
+ Using the same implementation for IKE and ESP/AH seems good.
+ FIPS code reduction
Conns:
- We still need a lot of X.509 code for verifying certificates, so
still need a crypto library
- We still need FIPS file verification which depends on userland crypto
(could be changed to use AF_ALG as well but test labs recommend against it)
- Adds kernel version dependency on libreswan (bad for FIPS)
- NSS handles key/cert storage via PKCS#11 interface. We do not want to
go back to manually having to create/store/read/write files on disk.
(apparently openssl can also read an nss db though)
- We still need a library for OCSP/CRL handling
- Kernel would contain (long term) IKE keys - exploits easier
Unknowns:
? Does this make EAP easier (another userland + crypto dependency)
? How well does kernel AF_ALG scale for thousands of IKE sessions ?
Paul
More information about the Swan-dev
mailing list