WireGuard to port to existing Crypto API

WireGuard to port to existing Crypto API

[Jason A. Donenfeld]

Hi folks,

I'm at the Kernel Recipes conference now and got a chance to talk with
DaveM a bit about WireGuard upstreaming. His viewpoint has recently
solidified: in order to go upstream, WireGuard must port to the
existing crypto API, and handle the Zinc project separately. As DaveM
is the upstream network tree maintainer, his opinion is quite
instructive.

I've long resisted the idea of porting to the existing crypto API,
because I think there are serious problems with it, in terms of
primitives, API, performance, and overall safety. I didn't want to
ship WireGuard in a form that I thought was sub-optimal from a
security perspective, since WireGuard is a security-focused project.

But it seems like with or without us, WireGuard will get ported to the
existing crypto API. So it's probably better that we just fully
embrace it, and afterwards work evolutionarily to get Zinc into Linux
piecemeal. I've ported WireGuard already several times as a PoC to the
API and have a decent idea of the ways it can go wrong and generally
how to do it in the least-bad way.

I realize this kind of compromise might come as a disappointment for
some folks. But it's probably better that as a project we remain
intimately involved with our Linux kernel users and the security of
the implementation, rather than slinking away in protest because we
couldn't get it all in at once. So we'll work with upstream, port to
the crypto API, and get the process moving again. We'll pick up the
Zinc work after that's done.

I also understand there might be interested folks out there who enjoy
working with the crypto API quite a bit and would be happy to work on
the WireGuard port. Please do get in touch if you'd like to
collaborate.

Jason
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard to port to existing Crypto API

[Toke Høiland-Jørgensen]

"Jason A. Donenfeld" <Jason@zx2c4.com> writes:

> Hi folks,
>
> I'm at the Kernel Recipes conference now and got a chance to talk with
> DaveM a bit about WireGuard upstreaming. His viewpoint has recently
> solidified: in order to go upstream, WireGuard must port to the
> existing crypto API, and handle the Zinc project separately. As DaveM
> is the upstream network tree maintainer, his opinion is quite
> instructive.
>
> I've long resisted the idea of porting to the existing crypto API,
> because I think there are serious problems with it, in terms of
> primitives, API, performance, and overall safety. I didn't want to
> ship WireGuard in a form that I thought was sub-optimal from a
> security perspective, since WireGuard is a security-focused project.
>
> But it seems like with or without us, WireGuard will get ported to the
> existing crypto API. So it's probably better that we just fully
> embrace it, and afterwards work evolutionarily to get Zinc into Linux
> piecemeal. I've ported WireGuard already several times as a PoC to the
> API and have a decent idea of the ways it can go wrong and generally
> how to do it in the least-bad way.
>
> I realize this kind of compromise might come as a disappointment for
> some folks. But it's probably better that as a project we remain
> intimately involved with our Linux kernel users and the security of
> the implementation, rather than slinking away in protest because we
> couldn't get it all in at once. So we'll work with upstream, port to
> the crypto API, and get the process moving again. We'll pick up the
> Zinc work after that's done.

On the contrary, kudos on taking the pragmatic route! Much as I have
enjoyed watching your efforts on Zinc, I always thought it was a shame
it had to hold back the upstreaming of WireGuard. So as far as I'm
concerned, doing that separately sounds like the right approach at this
point, and I'll look forward to seeing the patches land :)

-Toke
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard to port to existing Crypto API

[Bruno Wolff III]

Are there going to be two branches, one for using the current API and one 
using Zinc?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard to port to existing Crypto API

[David Miller]

From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Wed, 25 Sep 2019 10:29:45 +0200

> His viewpoint has recently solidified: in order to go upstream,
> WireGuard must port to the existing crypto API, and handle the Zinc
> project separately.

I didn't say "must" anything, I suggested this as a more smoothe
and efficient way forward.

I'm also a bit disappointed that you felt the need to so quickly
make such an explosive posting to the mailing list when we've
just spoken about this amongst ourselves only 20 minutes ago.

Please proceed in a more smoothe and considerate manner for all
parties involved.

Thank you.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard to port to existing Crypto API

[David Miller]

From: Bruno Wolff III <bruno@wolff.to>
Date: Wed, 25 Sep 2019 04:17:00 -0500

> Are there going to be two branches, one for using the current API and
> one using Zinc?

This is inapproprate to even discuss at this point.

Let's see what the crypto based stuff looks like, evaluate it,
and then decide how to proceed forward.

Thank you.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard to port to existing Crypto API

[Jason A. Donenfeld]

Hi Dave,

On Wed, Sep 25, 2019 at 12:03 PM David Miller <davem@davemloft.net> wrote:
> I didn't say "must" anything, I suggested this as a more smoothe
> and efficient way forward.

s/must/should/g? However it's characterized, I think your jugements
and opinions are generally sound, and I intend to put them into
action.

> I'm also a bit disappointed that you felt the need to so quickly
> make such an explosive posting to the mailing list when we've

Explosive? That's certainly not the intent here. The project is
changing direction in a big way. Collaborating with others on the
crypto API will be an important part of that. Announcing the change in
direction, those intentions, a rationale on why it will be okay, and
inviting collaboration is a responsible thing to do at the earliest
opportunity. Better to announce intent early rather than surprise
people or deter potential collaborators by keeping plans secret.

Jason
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard to port to existing Crypto API

[Jason A. Donenfeld]

Hey folks,

Small update on this thread: it turns out that at the same time as I
was stepping toward compromising and using the old crypto API here
with this thread, other kernel developers were interested in
compromising to upstream some aspects of Zinc. The result is that
everybody took constructive steps toward each other, and the first
part of Zinc has been merged:

https://lore.kernel.org/linux-crypto/CAHmME9rxGp439vNYECm85bgibkVyrN7Qc+5v3r8QBmBXPZM=Dg@mail.gmail.com/

It's not called "Zinc" any more, and some of the design decisions I
liked aren't there, but I think the lion's share of what we were after
is there, and a few other pieces should be possible to upstream one at
a time.

These steps forward should unlock WireGuard upstreaming, which I
expect to get rolling again soon. WireGuard is probably mostly okay,
but I still do anticipate review with lots of feedback to incorporate,
since now there's more impetus for people to take the patch submission
seriously. I'll keep this list updated as we move forward.

Regards,
Jason
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard to port to existing Crypto API

[Toke Høiland-Jørgensen]

"Jason A. Donenfeld" <Jason@zx2c4.com> writes:

> Hey folks,
>
> Small update on this thread: it turns out that at the same time as I
> was stepping toward compromising and using the old crypto API here
> with this thread, other kernel developers were interested in
> compromising to upstream some aspects of Zinc. The result is that
> everybody took constructive steps toward each other, and the first
> part of Zinc has been merged:
>
> https://lore.kernel.org/linux-crypto/CAHmME9rxGp439vNYECm85bgibkVyrN7Qc+5v3r8QBmBXPZM=Dg@mail.gmail.com/
>
> It's not called "Zinc" any more, and some of the design decisions I
> liked aren't there, but I think the lion's share of what we were after
> is there, and a few other pieces should be possible to upstream one at
> a time.
>
> These steps forward should unlock WireGuard upstreaming, which I
> expect to get rolling again soon. WireGuard is probably mostly okay,
> but I still do anticipate review with lots of feedback to incorporate,
> since now there's more impetus for people to take the patch submission
> seriously. I'll keep this list updated as we move forward.

This is great news! I'll keep by eyes peeled for the wireguard
submission. Do note that net-next closes during the merge window,
though, so you'll probably have to wait until after 5.5-rc1 is out the
door to submit that (and so we'll get Wireguard with Linux 5.6).

-Toke
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard