Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp94280ybi; Fri, 24 May 2019 00:22:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqxQrkZ9HLCM273PKMK95cUbIf2pMj3Mn871vGK6b0tZuo7AK8W3NMEaRtNClipP7zqjYWHc X-Received: by 2002:a17:902:8c8f:: with SMTP id t15mr48164684plo.87.1558682530178; Fri, 24 May 2019 00:22:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558682530; cv=none; d=google.com; s=arc-20160816; b=PrLmqbK8zjydf9HVCdw498XpNvWy1p1BeS0relxKUg43ytw/gMxUZFF7JM/7IIziPb CZ+lsbMPk8jY43tf4HLFRZ+unV6FxiWlMIDQ/DqP5fCy/vRikj6yZ/SNq7EA3cx/hjIY Xum3fTxhmRWIKJ6tKIvb/IM2BH8BH/TgP/yOhnuPpjQJiID6wbkN7gLUFAH649nKLSOs SIlSOZ8Q3BSrhgNtT91wQ32g8+ll+68HLXYbOlnbe03SGLioKI1UHS2ceJdyZqcg19r2 t3BNpEcD4hunTrjvx2xiCJf9j3UH51RikxEqzKmK6tTcW1i9ZCdbiCYix+qcTxVE4oWB 6OtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pwDJiBeaj+t4RmLWFQQ2ZThZEzCnUpWhfbbPnBxxLRE=; b=Zyh5yfpBqob7xEEMX+8XTn7tHfY3zx74CTlub91H4Jb2sl1LSPZLmXDxmZCoLsncgh zbJCTEQfU5b+dG1o2KCXIP3XF+G96N9sqTSj+7c12dcTymtR1j6KSa+JbV6Ok3QRHMXd hWTeR/+67tl+i9vfSoYWps6xT9CYpF2EPsSodI+Xuj3AR/imxC5c2Fb7JJJftk3vtOi7 N6ysQyoMvCZi3SOHdBkEaSJYjqmUR4oRTY0fvySevaaSCqzSCUfVETpmR384CghMN7mS KYPHLksRx+n+6d/NCpgVNN9wDywIWVqHt2f0Nb9knGeX8n29GqPAXPd+CNC/8EG+ob+g KDXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b="qCk/j1xz"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b13si2675867plz.194.2019.05.24.00.21.50; Fri, 24 May 2019 00:22:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b="qCk/j1xz"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389039AbfEXHUZ (ORCPT + 99 others); Fri, 24 May 2019 03:20:25 -0400 Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.54]:10079 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388979AbfEXHUZ (ORCPT ); Fri, 24 May 2019 03:20:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1558682420; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=pwDJiBeaj+t4RmLWFQQ2ZThZEzCnUpWhfbbPnBxxLRE=; b=qCk/j1xzUVorKPPvQeWe/EcJJkbLkrIkV7a5qINiv8+v9/fUE0izVTVFt6Y+lqXC1n VXhmOIK/t5BJeMma+eiZu5NwK2uL67ZZu5866HOsGkHlOy3yytnKuS16/FfeZcAJCEJa laxScPccz9RFL9iPmn0hJb/XkBx63NWyKm06cxrOiUIskdGX07nf07D4ebRYGaWEkKQN zXfIu02mm2pRcP/ViIoJxtxJDyPbTzsqcwgGK9MEvEKpAtAd8J8mQvU+02khu5Nm5AdV sFKfkkK/aRG8Eu2kLn2JME2v6LvbUU56Bnotf3OgVgHMPPIya4e5rv5sLE0yh02u+NPi /NHQ== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPbL/Sf94Hg" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 44.18 DYNA|AUTH) with ESMTPSA id R0373fv4O7JvSyw (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Fri, 24 May 2019 09:19:57 +0200 (CEST) From: Stephan Mueller To: Kalyani Akula , keyrings@vger.kernel.org Cc: "herbert@gondor.apana.org.au" , "davem@davemloft.net" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Sarat Chand Savitala Subject: Re: [RFC PATCH 4/5] crypto: Adds user space interface for ALG_SET_KEY_TYPE Date: Fri, 24 May 2019 09:19:56 +0200 Message-ID: <2554415.t45IJDmies@tauon.chronox.de> In-Reply-To: References: <1547708541-23730-1-git-send-email-kalyani.akula@xilinx.com> <18759853.IUaQuE38eh@tauon.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Mittwoch, 8. Mai 2019, 11:31:08 CEST schrieb Kalyani Akula: Hi Kalyani, > Hi Stephan, > > Keyrings is in-kernel key-management and retention facility. User can use it > to manage keys used for applications. > > Xilinx cryptographic hardware has a mechanism to store keys in its internal > hardware and do not have mechanism to read it back due to security reasons. > It stores key internally in different forms like simple key, key encrypted > with unique hardware DNA, key encrypted with hardware family key, key > stored in eFUSEs/BBRAM etc. > Based on security level expected, user can select one of the key for AES > operation. Since AES hardware internally has access to these keys, user do > not require to provide key to hardware, but need to tell which internal > hardware key user application like to use for AES operation. > > Basic need is to pass information to AES hardware about which internal > hardware key to be used for AES operation. > > I agree that from general use case perspective we are not selecting key type > but selecting internal hardware keys provided by user. How about providing > option to select custom hardware keys provided by hardware > (AES_SEL_HW_KEY)? I am not intimately familiary with the keyring facility. Thus, let us ask the experts at the keyring mailing list :-) > > Thanks > kalyani > > > -----Original Message----- > > From: Stephan Mueller > > Sent: Thursday, April 25, 2019 12:01 AM > > To: Kalyani Akula > > Cc: herbert@gondor.apana.org.au; davem@davemloft.net; linux- > > crypto@vger.kernel.org; linux-kernel@vger.kernel.org > > Subject: Re: [RFC PATCH 4/5] crypto: Adds user space interface for > > ALG_SET_KEY_TYPE > > > > Am Montag, 22. April 2019, 11:17:55 CEST schrieb Kalyani Akula: > > > > Hi Kalyani, > > > > > > Besides, seem to be more a key handling issue. Wouldn't it make > > > > sense to rather have such issue solved with key rings than in the > > > > kernel crypto API? > > > > > > [kalyani] Can you please elaborate on this further ? > > > > The kernel has a keyring support in security/keys which has a user space > > interface with keyutils. That interface is commonly used for any sort of > > key manipulation. > > > > Ciao > > Stephan Ciao Stephan