Received: by 10.192.165.148 with SMTP id m20csp3118097imm; Mon, 23 Apr 2018 00:26:31 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/Mum0/RP/dgJNNM2YD9vtTwRZAZ5TdLvKDqrGacrOs5E6jci9gWyfc85/Zr7u2JoLAnQUa X-Received: by 10.98.192.80 with SMTP id x77mr17656116pff.67.1524468391347; Mon, 23 Apr 2018 00:26:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524468391; cv=none; d=google.com; s=arc-20160816; b=gvC3JbRly9+C4CxZlJFqhfYS+ecEnAqUJStmJmfkV3sO1WfeMP7UH9tI+20p5MBvkt O6Fc0uJ+QE5ZzERy148wABJYExxxB+rkJiAhs3o2h8IEzxdiA0+dEz45qxKFeJpCELE8 90HcLC6DE1jArii8+E7s9hisXfmc+pj6V03L0vjQfqCMp55IsNjjvpieaERbE978b+mW FifGLYPTjaxfgJZ7mk+326NsCUmmyg6/9MXtHGJYibW063FtwWTCKJFTepjDp6PyNRTu vPs40kgQnCIhUS1naQws1njdvBYcm8zYbgBx8FpNcFJNCFKcahnGhwLoOpsfZYqrTBzP HY8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=z+eVg6P+JMIsYeGCTXaxYDFbegSM7rcscGmUe7sxl2M=; b=eZuYBeZTxxVFyFcXdii3EEeNW/rnCunoQXahlc1LUA8LVC09EBrQt5KnydBgFmIG2G LyPD8GSWv/N7tLOAUVfLbr32b0LvZ79LQRjReATPUk2cWiBVJkbX3+3e5/tn2K97tNU9 tIiixR4vPOxhyTSBc2WyExvRJVSKt6FRTxcEIP6u6a7w5pMMpzkMyHjndm8czmFWt2hE 8CS1gxyzmg6rwzZ9jmB4c7EaZMYhrbWQ30C1h6S/60DUTuEHICwBegwOEC4h23zDmwvc QHKKl86CtzGBhJbDPcug6Z9kqfLOebgVD3FDMkquyS+HihZCtBELIDcifp1MrQKwQgCf lGTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@benyossef-com.20150623.gappssmtp.com header.s=20150623 header.b=Zyczh5CZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v23si10633889pfk.116.2018.04.23.00.26.17; Mon, 23 Apr 2018 00:26:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@benyossef-com.20150623.gappssmtp.com header.s=20150623 header.b=Zyczh5CZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754421AbeDWHYu (ORCPT + 99 others); Mon, 23 Apr 2018 03:24:50 -0400 Received: from mail-ua0-f173.google.com ([209.85.217.173]:33962 "EHLO mail-ua0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751356AbeDWHYo (ORCPT ); Mon, 23 Apr 2018 03:24:44 -0400 Received: by mail-ua0-f173.google.com with SMTP id t4so9550705ual.1 for ; Mon, 23 Apr 2018 00:24:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benyossef-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=z+eVg6P+JMIsYeGCTXaxYDFbegSM7rcscGmUe7sxl2M=; b=Zyczh5CZeTCvc6e2a5t5MNjL76q5vb5ffyA5BY2YmQYkviRLFFgoGf/9wWtpCVNGK8 is5SRjKwqftCgc1sGG4rWHs6j6JpgdD+ewIcCboF6g9M82D/4Tv5oDIOvv8nqIzJzux5 cXfnD7fw1L0ekCb43dHvMErT3Qvr7zvOpokG9BP24kDxWmXyotJw4Ks0dXPZvsng8EkT y/KQid3p5ooinrvEll6MxqFJ9lMxb2vu7Yyy3pj8BHnYOtI64EHH2oeMVJjQ94peqzk7 wuLY3t2FNnCTYY8fOj9NH9zPv2nkUT9GOisdWJh0GXJsTvKGWeMvlThu+OmLcZVH4gjm 70lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=z+eVg6P+JMIsYeGCTXaxYDFbegSM7rcscGmUe7sxl2M=; b=Jnz1Y0xXj6YrzMrof9y8EI6VX4pgQdmH/kEynVD5G2+J+cAEb01sBzdkxiMZRt+CZV gwwALR5RMX+IehpNzrdYSn9/RzakWiuPnry3VUhvA8NB0RJqdVlcAVM7LRKwOzkCsf8r IL3rTs5s+MAIgDZpiXvNGfqzoxgn6aK5+5ImW5BKvNyGdOQD/km3zffZs288ByUe4GTO FTaPNJqTfANZHxr9pu6gfZbD46E+KPXRIDhXihCjjYokNJCJyLEfvP+UbMAggPm/f6PR S0B8/1sLxcEfboUPE8iox92Lbsu0Xq0MuX1/4qr2eOpY2TIov7jsXCsPnOVSpUKfNFMc wpqQ== X-Gm-Message-State: ALQs6tDG3gPKs3ApOFUxhzbYyqL6z9XJoAYpnaFC9ZXT59KgmTqJsMm3 CDq1L1h4+LevFgC1Xk3zB0GwXuL1xYzK6TLTWdycqw== X-Received: by 10.176.22.131 with SMTP id e3mr14828020uaf.45.1524468283454; Mon, 23 Apr 2018 00:24:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.176.70.146 with HTTP; Mon, 23 Apr 2018 00:24:43 -0700 (PDT) X-Originating-IP: [217.140.96.140] In-Reply-To: <20180419033509.dbzetnt4bv7lj7cb@gondor.apana.org.au> References: <1522049540-10042-1-git-send-email-gilad@benyossef.com> <1522049540-10042-3-git-send-email-gilad@benyossef.com> <20180330172616.GB28120@gondor.apana.org.au> <20180403101905.GA4245@gondor.apana.org.au> <20180419033509.dbzetnt4bv7lj7cb@gondor.apana.org.au> From: Gilad Ben-Yossef Date: Mon, 23 Apr 2018 10:24:43 +0300 Message-ID: Subject: Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys To: Herbert Xu Cc: "David S. Miller" , Ofir Drang , Linux Crypto Mailing List , Linux kernel mailing list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 19, 2018 at 6:35 AM, Herbert Xu wrote: > On Mon, Apr 09, 2018 at 11:42:31AM +0300, Gilad Ben-Yossef wrote: >> >> Please look again. The stub version of cc_is_hw_key() doing that is being >> replaced in this patch. > > The point is that the existing mechanism was unused before and this > is new code. So you can't really point to the stubbed-out function > as a precedent. hm... I was trying to point to the s390 implementation as a precedent, not my own stub code. Sorry if I miscommunicated my intent. > >> The s390 key and the cryptocell keys are not the same: >> >> Their is, I believe, is an AES key encrypted by some internal key/algorithm. >> >> The cryptocell "key" is a token, which is internally comprised of one >> or two indexes, referencing slots in the internal memory in the >> hardware, and a key size, that describe the size of the key. >> >> I thought it would be confusing to use "paes" to describe both, since >> they are not interchangeable. >> You would not be able to feed an paes key that works with the s390 >> version to cryptocell and vice verse and get it work. > > Thanks for the info. > >> Having said, if you prefer to have "paes" simply designate >> "implementation specific token for an AES key" I'm perfectly fine with >> that. > > Well by definition none of these hardware keys will be compatible > with each other so I don't really see the point of using individual > algorithm names such as paes or haes. This would make sense only if > they were somehow compatible with each other. > > So instead of using algorithm names, you really want refer to the > specific driver name, which means that they can all use the same > algorithm name. Sounds good to me. > >> > As to your patch specifically, there is one issue where you're >> > directly dereferencing the key as a struct. This is a no-no because >> > the key may have come from user-space. You must treat it as a >> > binary blob. The s390 code seems to do this correctly. >> >> As noted above, the haes "key" is really a token encoding 3 different >> pieces of information: > > My point is that you should not just cast it but instead do a > copy to properly aligned kernel memory. That is a good point I completely missed. Thanks! A v2 will follow shortly. Thanks, Gilad -- Gilad Ben-Yossef Chief Coffee Drinker "If you take a class in large-scale robotics, can you end up in a situation where the homework eats your dog?" -- Jean-Baptiste Queru