On Mon, Feb 10, 2025 at 07:53:57PM +0100, Lukas Wunner wrote: > > > > https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/key.c > > > https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/eap-tls.c > > > > Surely this doesn't use the private key part of the API, does it? > > It does use the private key part: > > It takes advantage of the kernel's Key Retention Service for EAP-TLS, > which generally uses mutual authentication. E.g. clients authenticate > against a wireless hotspot. Hence it does invoke KEYCTL_PKEY_SIGN and > KEYCTL_PKEY_ENCRYPT (with private keys, obviously). Does it really? I grepped the whole iwd git tree and the only use of private key functionality is to check that it matches the public key, IOW it encrypts a piece of text and then decrypts it again to check whether they match. It doesn't make use of any other private key functionality AFAICS. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
