Received: by 10.213.65.68 with SMTP id h4csp3456377imn;
        Tue, 3 Apr 2018 05:24:11 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+acBWyBvCJhRr9PdqBWXRgELFRfYToWh9ZkNohdufJplzrDt6RKzKzaHtKPkpOUQfyIvVL
X-Received: by 10.98.185.23 with SMTP id z23mr2916807pfe.180.1522758251431;
        Tue, 03 Apr 2018 05:24:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522758251; cv=none;
        d=google.com; s=arc-20160816;
        b=zePcdjgMWEsT7NpIf9IZoUxaX5Ie2l9c2kgD6s2PODiUl9+SmqhLgH/LflKgOtFGzC
         wP+bHgS29NTeC/ZjQu8lYrYHuI+n2lFF+OspMaFrgBPDZGDKB8e0PPVWCQa1TRjiPqMx
         vIzwCtfrSrsOB1slf05VaoMfHnMwgbgjy31jafBW9aUQhLPCiNOZngCeVs0zIhTIyCMR
         18P/v9Ze/XBx7ZP0FYsyGE/Fx6mUQlEMNP5tMGbhzQRD/fS+ne7UmGmEoqClcMMrDv7F
         K+7BsVZPW1nDBrXUEBwa9TR5w5cZIjl7dxYsV/Yin58CM7fVb273NFlRBygm3ysucFYD
         AZCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=bc35J8AoStME9sP6pqKGEbn61qGu5CVzZUZZZDD61CI=;
        b=04T5OYIRZPKfjljTYdoIllstzgPQ6BzaAcXFRHq4zuJlB1QZt1SLIBh74BmQ3vAqp/
         DtmZIotaCanEs7MYMFIE6ZGnruc1i8mqSaeRmyHDkYkJkFHpj7g1Kh404S8V80vN09lS
         qNjn5I/vwAF7c05i3nBQJLIfLeyuL+ya15zxAnD2/P6aT0CRkozjkWDPUcYfTuFPeDmN
         PrSJnomI3NXGVMhJFQIBIlqiq6X343wW2YY+gUF3hSVgYWbls4ezui9JACTzrPYHXK+5
         KgxNIQFVkt52c+U7CZDGw8r6l+AywJU91JaAKeEbF74uAENhVZeo4xldYVVoCbm6vQHY
         5fSQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=sKIHJtFH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t6si2092490pfb.98.2018.04.03.05.23.56;
        Tue, 03 Apr 2018 05:24:11 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=sKIHJtFH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755468AbeDCMWr (ORCPT <rfc822;ivid.suvarna@gmail.com>
        + 99 others); Tue, 3 Apr 2018 08:22:47 -0400
Received: from mail-wr0-f193.google.com ([209.85.128.193]:42701 "EHLO
        mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1755300AbeDCMWp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Apr 2018 08:22:45 -0400
Received: by mail-wr0-f193.google.com with SMTP id s18so18523120wrg.9;
        Tue, 03 Apr 2018 05:22:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=bc35J8AoStME9sP6pqKGEbn61qGu5CVzZUZZZDD61CI=;
        b=sKIHJtFHhDkb1AqFTi+R7VtdMCrGTtw3LX8J6hxKzk0OcSwG+toFSMINkYBtBjdgaQ
         558/BZZLvvViEDCmU3uLO+p4UlrpcTUez7xkchVldXZeiHWWryqJYyvMXQYhcYbJYiGE
         EVMj726v9GL8EL181yliUE8+ZE7NppBVwQAFQRnQLjLmWjlkMnv5IlhL4R+iUlSkQhjj
         7q6rDH/868WiTByxVW/GSpFtd2wtfy75jOdUh69NM6n7cR0NUwlAsJpSD353RCjdRgRS
         Z4QhMOGNGVqCIPErnclXHbD8w769GItryynDKHMvGpR1FblsDVSc12KXC6KgnYRBOM2i
         fBbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=bc35J8AoStME9sP6pqKGEbn61qGu5CVzZUZZZDD61CI=;
        b=RstdW69a3PeKzOPp3eGIgFdjt+m8dr/q11seZFuOxEyI20qaUsIcKEb37aUCQr6IJR
         VkXtq3Ghk2STAVDZ281D1NsaTws2egMDDZKubpRTOzmE8sElNsOABrJbEF90O7WVFxfS
         0hhMdDuogknO7FzrWXsdVskBK9HSIV6Hbsm5JYQaHxg49QTZAqeZmKQ0cTx4QLPxXMf3
         n9R3ea4f04DkACs2xYCVWydWVaRdM2LWe6dWhGM3xgCW/F7gKTXEOy3tk7FuI7T2bw41
         gM1fxgrAwqzk1X56bG2A3uBjrT7cRlz//GKmHCqNbAmBxH/k2Y93WzJthc16XglpuI2i
         GXkA==
X-Gm-Message-State: AElRT7HgNGOZBlBWEpBgU2QvhIi2pwVIBjCmVbuzwCp/e1/zMseNVMRK
        AuOVWVQsOt94yJD2sg1uSfxcNg==
X-Received: by 10.223.152.142 with SMTP id w14mr10500235wrb.210.1522758163958;
        Tue, 03 Apr 2018 05:22:43 -0700 (PDT)
Received: from [10.43.17.143] (nat-pool-brq-t.redhat.com. [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id p197sm251386wme.43.2018.04.03.05.22.43
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 03 Apr 2018 05:22:43 -0700 (PDT)
Subject: Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys
To:     Gilad Ben-Yossef <gilad@benyossef.com>,
        Herbert Xu <herbert@gondor.apana.org.au>
Cc:     "David S. Miller" <davem@davemloft.net>,
        Ofir Drang <ofir.drang@arm.com>,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        Linux kernel mailing list <linux-kernel@vger.kernel.org>
References: <1522049540-10042-1-git-send-email-gilad@benyossef.com>
 <1522049540-10042-3-git-send-email-gilad@benyossef.com>
 <20180330172616.GB28120@gondor.apana.org.au>
 <CAOtvUMd6MMyQBHU4E=5DKXndhZw90=K1V1apD0uRRaMLyp-0Ag@mail.gmail.com>
From:   Milan Broz <gmazyland@gmail.com>
Message-ID: <13b816b2-cae1-a926-d60b-734c77a6361c@gmail.com>
Date:   Tue, 3 Apr 2018 14:22:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101
 Thunderbird/31.3.0
MIME-Version: 1.0
In-Reply-To: <CAOtvUMd6MMyQBHU4E=5DKXndhZw90=K1V1apD0uRRaMLyp-0Ag@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 03/31/2018 07:30 PM, Gilad Ben-Yossef wrote:
...
>> Are there other crypto drivers doing this?
> 
> I thought the exact same thing until I ran into a presentation about the s390
> secure keys implementation. I basically imitated their use (or abuse?)
> of the Crypto API
> assuming it is the way to go.
> 
> Take a look at arch/s390/crypto/paes_s390.c
> 
> The slide for the presentation describing this is here:
> http://schd.ws/hosted_files/ossna2017/89/LC2017SecKeyDmCryptV5.pdf
> 
> And they seem to even have support for it in the DM-Crypt tools, which at
> the time they claimed to be in the process of getting it up-streamed.

It is "in the process", but definitely not accepted.

We are just discussing how to integrate paes wrapped keys in cryptsetup and
it will definitely not be the way presented in the slides above.

If you plan more such ciphers, I would welcome some unified way in crypto API
how to handle these HSM keys flavors.

For kernel dm-crypt, there is no change needed (dmcrypt just treats it as a normal cipher key).
(I would say that it is not the best idea either, IMHO it would be better to use
kernel keyring reference instead and somehow handle hw keys through keyring.)

Milan