Received: by 10.213.65.68 with SMTP id h4csp3456377imn; Tue, 3 Apr 2018 05:24:11 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+acBWyBvCJhRr9PdqBWXRgELFRfYToWh9ZkNohdufJplzrDt6RKzKzaHtKPkpOUQfyIvVL X-Received: by 10.98.185.23 with SMTP id z23mr2916807pfe.180.1522758251431; Tue, 03 Apr 2018 05:24:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522758251; cv=none; d=google.com; s=arc-20160816; b=zePcdjgMWEsT7NpIf9IZoUxaX5Ie2l9c2kgD6s2PODiUl9+SmqhLgH/LflKgOtFGzC wP+bHgS29NTeC/ZjQu8lYrYHuI+n2lFF+OspMaFrgBPDZGDKB8e0PPVWCQa1TRjiPqMx vIzwCtfrSrsOB1slf05VaoMfHnMwgbgjy31jafBW9aUQhLPCiNOZngCeVs0zIhTIyCMR 18P/v9Ze/XBx7ZP0FYsyGE/Fx6mUQlEMNP5tMGbhzQRD/fS+ne7UmGmEoqClcMMrDv7F K+7BsVZPW1nDBrXUEBwa9TR5w5cZIjl7dxYsV/Yin58CM7fVb273NFlRBygm3ysucFYD AZCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=bc35J8AoStME9sP6pqKGEbn61qGu5CVzZUZZZDD61CI=; b=04T5OYIRZPKfjljTYdoIllstzgPQ6BzaAcXFRHq4zuJlB1QZt1SLIBh74BmQ3vAqp/ DtmZIotaCanEs7MYMFIE6ZGnruc1i8mqSaeRmyHDkYkJkFHpj7g1Kh404S8V80vN09lS qNjn5I/vwAF7c05i3nBQJLIfLeyuL+ya15zxAnD2/P6aT0CRkozjkWDPUcYfTuFPeDmN PrSJnomI3NXGVMhJFQIBIlqiq6X343wW2YY+gUF3hSVgYWbls4ezui9JACTzrPYHXK+5 KgxNIQFVkt52c+U7CZDGw8r6l+AywJU91JaAKeEbF74uAENhVZeo4xldYVVoCbm6vQHY 5fSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=sKIHJtFH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t6si2092490pfb.98.2018.04.03.05.23.56; Tue, 03 Apr 2018 05:24:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=sKIHJtFH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755468AbeDCMWr (ORCPT + 99 others); Tue, 3 Apr 2018 08:22:47 -0400 Received: from mail-wr0-f193.google.com ([209.85.128.193]:42701 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755300AbeDCMWp (ORCPT ); Tue, 3 Apr 2018 08:22:45 -0400 Received: by mail-wr0-f193.google.com with SMTP id s18so18523120wrg.9; Tue, 03 Apr 2018 05:22:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=bc35J8AoStME9sP6pqKGEbn61qGu5CVzZUZZZDD61CI=; b=sKIHJtFHhDkb1AqFTi+R7VtdMCrGTtw3LX8J6hxKzk0OcSwG+toFSMINkYBtBjdgaQ 558/BZZLvvViEDCmU3uLO+p4UlrpcTUez7xkchVldXZeiHWWryqJYyvMXQYhcYbJYiGE EVMj726v9GL8EL181yliUE8+ZE7NppBVwQAFQRnQLjLmWjlkMnv5IlhL4R+iUlSkQhjj 7q6rDH/868WiTByxVW/GSpFtd2wtfy75jOdUh69NM6n7cR0NUwlAsJpSD353RCjdRgRS Z4QhMOGNGVqCIPErnclXHbD8w769GItryynDKHMvGpR1FblsDVSc12KXC6KgnYRBOM2i fBbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=bc35J8AoStME9sP6pqKGEbn61qGu5CVzZUZZZDD61CI=; b=RstdW69a3PeKzOPp3eGIgFdjt+m8dr/q11seZFuOxEyI20qaUsIcKEb37aUCQr6IJR VkXtq3Ghk2STAVDZ281D1NsaTws2egMDDZKubpRTOzmE8sElNsOABrJbEF90O7WVFxfS 0hhMdDuogknO7FzrWXsdVskBK9HSIV6Hbsm5JYQaHxg49QTZAqeZmKQ0cTx4QLPxXMf3 n9R3ea4f04DkACs2xYCVWydWVaRdM2LWe6dWhGM3xgCW/F7gKTXEOy3tk7FuI7T2bw41 gM1fxgrAwqzk1X56bG2A3uBjrT7cRlz//GKmHCqNbAmBxH/k2Y93WzJthc16XglpuI2i GXkA== X-Gm-Message-State: AElRT7HgNGOZBlBWEpBgU2QvhIi2pwVIBjCmVbuzwCp/e1/zMseNVMRK AuOVWVQsOt94yJD2sg1uSfxcNg== X-Received: by 10.223.152.142 with SMTP id w14mr10500235wrb.210.1522758163958; Tue, 03 Apr 2018 05:22:43 -0700 (PDT) Received: from [10.43.17.143] (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id p197sm251386wme.43.2018.04.03.05.22.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Apr 2018 05:22:43 -0700 (PDT) Subject: Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys To: Gilad Ben-Yossef , Herbert Xu Cc: "David S. Miller" , Ofir Drang , Linux Crypto Mailing List , Linux kernel mailing list References: <1522049540-10042-1-git-send-email-gilad@benyossef.com> <1522049540-10042-3-git-send-email-gilad@benyossef.com> <20180330172616.GB28120@gondor.apana.org.au> From: Milan Broz Message-ID: <13b816b2-cae1-a926-d60b-734c77a6361c@gmail.com> Date: Tue, 3 Apr 2018 14:22:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/31/2018 07:30 PM, Gilad Ben-Yossef wrote: ... >> Are there other crypto drivers doing this? > > I thought the exact same thing until I ran into a presentation about the s390 > secure keys implementation. I basically imitated their use (or abuse?) > of the Crypto API > assuming it is the way to go. > > Take a look at arch/s390/crypto/paes_s390.c > > The slide for the presentation describing this is here: > http://schd.ws/hosted_files/ossna2017/89/LC2017SecKeyDmCryptV5.pdf > > And they seem to even have support for it in the DM-Crypt tools, which at > the time they claimed to be in the process of getting it up-streamed. It is "in the process", but definitely not accepted. We are just discussing how to integrate paes wrapped keys in cryptsetup and it will definitely not be the way presented in the slides above. If you plan more such ciphers, I would welcome some unified way in crypto API how to handle these HSM keys flavors. For kernel dm-crypt, there is no change needed (dmcrypt just treats it as a normal cipher key). (I would say that it is not the best idea either, IMHO it would be better to use kernel keyring reference instead and somehow handle hw keys through keyring.) Milan