Received: by 10.213.65.68 with SMTP id h4csp547544imn; Fri, 30 Mar 2018 10:28:09 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+rYSX4CERh7Ud6WJ+xpgZcvKn/H62zqr/puxmIuyb6wYA0dP9o7fe0Fbv+LrKE0iRAMICR X-Received: by 2002:a17:902:b682:: with SMTP id c2-v6mr3212629pls.40.1522430889878; Fri, 30 Mar 2018 10:28:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522430889; cv=none; d=google.com; s=arc-20160816; b=1CBG5ujy+27F8JUlnPn1wyIa23dk6T3Hd2yWy1IvCh4EGqoOjyULcHURGcvG5qeYA0 O+9RPQYIWWeTMxDjThMnCuJkQxkH2Eq4ZJM2QXzdxTzMagj8/TJRl0WvSnUy0fFM6Tf0 DhHPe69AS+FMCzVGrQp/Ckw8jGpoyy+Ut7Mr+CKboY2JkqC4N7iuoa8A85mrmq6SOuAk NSBOdLMDN8zuD6+51irpHuvg05Clpml/ii+UwtGWssYdLZ0ERSb1XQyQCi4Bc+nZGCSw Biu5FWNDYR7F1ggvm33osaJlI0A92a8pDyTroWJZ7z7D9xCla/MdVf8dLT3mPeordf+e FqBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=3NoIskNw7Ad0hQdV3yVPbYrHElDyeLwPIAxA4DXZRvA=; b=CMZ7bWDx7UqUwyvNUE1giJtwHu/5l1zOVE685t8h91wkerkoXGdvcAL05/lfqLA/8H n8j1o59ImvYdckdn0avU2vFXXX5bHE1Rbj77MHC1e+EEmYmhPaka1M57W4Bt1SB7MTa+ av0f8mZTJ8dswmI8xeHx7wFDp0NJIqHJj5ZJxRwtoeCYn1Vmzv2X+ZRdZyNAdlb8OfdS vBEMZAUjVk4GcdfNrh2wVlRgUvKzUcDxRno43K7gWSn+/mWKCS5ukmKQFrdbTXl2W0VZ 7dVWhYP2fzaqai6UGHu9Sfl3YeTGyzjhNl22O2rXaURS3jElQ9TUpiOQOjakyi9onCOa W3jg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si1524319pll.449.2018.03.30.10.27.56; Fri, 30 Mar 2018 10:28:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752778AbeC3R03 (ORCPT + 99 others); Fri, 30 Mar 2018 13:26:29 -0400 Received: from orcrist.hmeau.com ([104.223.48.154]:51518 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752486AbeC3R02 (ORCPT ); Fri, 30 Mar 2018 13:26:28 -0400 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtp (Exim 4.84_2 #2 (Debian)) id 1f1xnA-0001VJ-1a; Sat, 31 Mar 2018 01:26:20 +0800 Received: from herbert by gondobar with local (Exim 4.84_2) (envelope-from ) id 1f1xn7-0007Km-1C; Sat, 31 Mar 2018 01:26:17 +0800 Date: Sat, 31 Mar 2018 01:26:17 +0800 From: Herbert Xu To: Gilad Ben-Yossef Cc: "David S. Miller" , Ofir Drang , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys Message-ID: <20180330172616.GB28120@gondor.apana.org.au> References: <1522049540-10042-1-git-send-email-gilad@benyossef.com> <1522049540-10042-3-git-send-email-gilad@benyossef.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1522049540-10042-3-git-send-email-gilad@benyossef.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 26, 2018 at 08:32:19AM +0100, Gilad Ben-Yossef wrote: > Enable CryptoCell support for hardware keys. > > Hardware keys are regular AES keys loaded into CryptoCell internal memory > via firmware, often from secure boot ROM or hardware fuses at boot time. > > As such, they can be used for enc/dec purposes like any other key but > cannot (read: extremely hard to) be extracted since since they are not > available anywhere in RAM during runtime. > > The mechanism has some similarities to s390 secure keys although the keys > are not wrapped or sealed, but simply loaded offline. The interface was > therefore modeled based on the s390 secure keys support. > > Signed-off-by: Gilad Ben-Yossef ... > static const struct cc_alg_template skcipher_algs[] = { > { > + .name = "xts(haes)", > + .driver_name = "xts-haes-ccree", > + .blocksize = AES_BLOCK_SIZE, > + .template_skcipher = { > + .setkey = cc_cipher_sethkey, > + .encrypt = cc_cipher_encrypt, > + .decrypt = cc_cipher_decrypt, > + .min_keysize = CC_HW_KEY_SIZE, > + .max_keysize = CC_HW_KEY_SIZE, > + .ivsize = AES_BLOCK_SIZE, > + }, > + .cipher_mode = DRV_CIPHER_XTS, > + .flow_mode = S_DIN_to_AES, > + .min_hw_rev = CC_HW_REV_630, > + }, How can this possibly pass the self-test? If we want to add hardware keys we will need to figure out how to deal with it in the top-level API first. Are there other crypto drivers doing this? Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt