Received: by 10.213.65.68 with SMTP id h4csp3346045imn; Tue, 3 Apr 2018 03:20:44 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+vGfUadZqzYMfSVppUF78pltgmZfrrw21E+IgUYXidLd96sOXAQBHRQe/b0BDkVzOcK/9B X-Received: by 2002:a17:902:5681:: with SMTP id j1-v6mr13601137pli.383.1522750844215; Tue, 03 Apr 2018 03:20:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522750844; cv=none; d=google.com; s=arc-20160816; b=z1q2pMXVjJ7LWwFZMDY5gZ6czmmtex6C4pIOtTP3CXC7MwPnrzX6+f5PhiXWOWmfpv dvWCu07b4frBlEo/UKvixqUhO8Xe0GMzL6nIo18X1K8Wb4tXK38pxklbMjTXlcU3SvVI vBCFOUXqMthm9XGTMisEOVk7fEs3ybTBIlZvdDBHxyBM+IWY+eIntrDjD+MlAezjhCou lb2fy9sO02dj1JtBWr9iF5h6v9aqWctYWyaLZNArh3H6EhelN1i+ojKQxu2Ar41xzKw2 ZkTd5IAWKAAb1EknB4sjXERrs9Fy9eAg/Rr9zoUmF3xj9aF/yxeLrzHKVTEAZUh41Y94 YLug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=O9osMXmJ4jSn5/USqTdScXL4aoPlRcieqmiGVzoJkGI=; b=UWsnySmJrzyM7FTEPL0saZWFETUXpnKf78IK6AJFcHOlw+P+8xU8UybV8L9Y2dBKzV +C9oORWkje1tzQQaoq973mgXpWT7jvEUZBYALCb71f0w8M29YdcqquAJm5V3L2+Zpwdm RvrBEqpApXibUQ7heNRnRCI66Agsog7SNA7ymd6ntn/OXeGf8VOdeLs0KgZTZwQlJp7j dQaveWUV5qxqMUuS76YGVuHizHpdE9YF/fDn042GSpx5gLQ3/S2DESQ+XEQXQW0XjwZ3 LQnI7QWn/0Df2w/+Vv6NM352TJNE1qjGggoTZeIw5aQ1u6rrnxJSES8dufFNY8PB+Q3P kyeQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h186si1747952pge.677.2018.04.03.03.20.29; Tue, 03 Apr 2018 03:20:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755103AbeDCKTW (ORCPT + 99 others); Tue, 3 Apr 2018 06:19:22 -0400 Received: from orcrist.hmeau.com ([104.223.48.154]:59222 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754949AbeDCKTV (ORCPT ); Tue, 3 Apr 2018 06:19:21 -0400 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtp (Exim 4.84_2 #2 (Debian)) id 1f3J20-0002dJ-PD; Tue, 03 Apr 2018 18:19:12 +0800 Received: from herbert by gondobar with local (Exim 4.84_2) (envelope-from ) id 1f3J1t-00018r-C0; Tue, 03 Apr 2018 18:19:05 +0800 Date: Tue, 3 Apr 2018 18:19:05 +0800 From: Herbert Xu To: Gilad Ben-Yossef Cc: "David S. Miller" , Ofir Drang , Linux Crypto Mailing List , Linux kernel mailing list Subject: Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys Message-ID: <20180403101905.GA4245@gondor.apana.org.au> References: <1522049540-10042-1-git-send-email-gilad@benyossef.com> <1522049540-10042-3-git-send-email-gilad@benyossef.com> <20180330172616.GB28120@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 31, 2018 at 08:30:46PM +0300, Gilad Ben-Yossef wrote: > > However, as it uses the exact same mechanism of the regular xts-aes-ccree > but takes the key from another source, I've marked it with a test of > alg_test_null() on the premise that if the xts-aes-ccree works, so must this. Well it appears to be stubbed out as cc_is_hw_key always returns false. > > Are there other crypto drivers doing this? > > I thought the exact same thing until I ran into a presentation about the s390 > secure keys implementation. I basically imitated their use (or abuse?) > of the Crypto API > assuming it is the way to go. > > Take a look at arch/s390/crypto/paes_s390.c It's always nice to discover code that was never reviewed. The general approach seems sane though. > Anyway, if this is not the way to go I'd be more than happy to do whatever > work is needed to create the right interface. > > PS. I'd be out of the office and away from email access to the coming week, so > kindly excuse any delay in response. I think it's fine. However, I don't really like the idea of everyone coming up with their own "paes", i.e., your patch's use of "haes". It should be OK to just use paes for everyone, no? As to your patch specifically, there is one issue where you're directly dereferencing the key as a struct. This is a no-no because the key may have come from user-space. You must treat it as a binary blob. The s390 code seems to do this correctly. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt