Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3846412ybi; Mon, 3 Jun 2019 01:00:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqwDhmkO5Vu6BuHw+rrTIvJMrEauHa3WyICRvz7/brcWKv8bHtDh/2PqMx+uLB7IW8hNwy+f X-Received: by 2002:a17:90a:8586:: with SMTP id m6mr28165463pjn.129.1559548822472; Mon, 03 Jun 2019 01:00:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559548822; cv=none; d=google.com; s=arc-20160816; b=av/UzLNNP8dOOLS7fTiJlT05xE7thmvrdxPfydgQb2EXLh4sMEs03O0bnoow6mqbem Uco4bU9zvQISHFJSrXEQ35Rcn+tl0F7+3pwxce6n7qtsp82ADBBFTcNHH2PsGHYVABYM eqrtGML8UE8nKAZAnnX4/rTaO3wi+ft4c6iabmIl7uA96axerP9lw1TBE8dFZK07WMV3 jlfZ8VPxwZoDldg0bgvJGt8Q1Ggj+q9p2PmYkRCjpYp7P5EabeFTorlGdgpwehnTCOgk 2NecnC30e46YH9nixzl3amDpNRJCXwOGQ9b6PCQJ69Kbgm2jIazr7x/b6rfp/oUWGy09 i8yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject; bh=IVsDSYdXamLN3dJdiZYj+CAKS5+TbHKN3G4Dp/Zw1vo=; b=zQ0RAc+YpivAbqUUs3+70SQGyH/ey/6vhrkPF1yYrD4K8azMJ/fxu04sVczKK9FPus fawo+9O7cRU+f8CCFbWLH/prO0AQHOjbKhaOrsYF5vqcwTozs4ATK2wpnwWfBZwYubLQ TuL0/knxgBEzElCY3AJO1X0CmiNFdIVdt1puEi3yWBu22Jn0T1lbWLXmf39RL2ZOEhV+ QLjasw7bLOWkHmLPgKitRux+dJ0Yi6rvAUa2yoj+5QDVbEx+4FilHmmR6pcEQdAJgW4Z 9WzLDGUjfgeOb5lf40hzGR8iO6CHXUE94bFgSx2k5/e6Cr7QjXtCBlClSDFoSU5FPmct 9W2Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u9si18158362pfn.253.2019.06.03.01.00.07; Mon, 03 Jun 2019 01:00:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726715AbfFCIAD (ORCPT + 99 others); Mon, 3 Jun 2019 04:00:03 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:52334 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725856AbfFCIAD (ORCPT ); Mon, 3 Jun 2019 04:00:03 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x537vSKo139405 for ; Mon, 3 Jun 2019 04:00:01 -0400 Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100]) by mx0b-001b2d01.pphosted.com with ESMTP id 2svvpeec88-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 03 Jun 2019 04:00:01 -0400 Received: from localhost by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 3 Jun 2019 08:59:59 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 3 Jun 2019 08:59:55 +0100 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x537xsA146989420 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 3 Jun 2019 07:59:54 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0CEC342045; Mon, 3 Jun 2019 07:59:54 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 870E642042; Mon, 3 Jun 2019 07:59:53 +0000 (GMT) Received: from [10.0.2.15] (unknown [9.152.224.114]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 3 Jun 2019 07:59:53 +0000 (GMT) Subject: Re: [RFC PATCH 1/2] crypto: Allow working with key references To: Richard Weinberger , Herbert Xu Cc: Linux Crypto Mailing List , linux-arm-kernel@lists.infradead.org, linux-kernel , linux-imx@nxp.com, festevam@gmail.com, kernel , Sascha Hauer , shawnguo@kernel.org, davem@davemloft.net, david References: <20190529224844.25203-1-richard@nod.at> <20190530023357.2mrjtslnka4i6dbl@gondor.apana.org.au> <2084969721.73871.1559201016164.JavaMail.zimbra@nod.at> From: Harald Freudenberger Date: Mon, 3 Jun 2019 09:59:53 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <2084969721.73871.1559201016164.JavaMail.zimbra@nod.at> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 19060307-0016-0000-0000-000002830744 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19060307-0017-0000-0000-000032E00F2A Message-Id: <14ffcdf2-ed9f-be07-fde5-62dfb1fce4f9@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-06-03_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906030059 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 30.05.19 09:23, Richard Weinberger wrote: > ----- Ursprüngliche Mail ----- >> Von: "Herbert Xu" >> An: "richard" >> CC: "Linux Crypto Mailing List" , linux-arm-kernel@lists.infradead.org, "linux-kernel" >> , linux-imx@nxp.com, festevam@gmail.com, "kernel" , "Sascha Hauer" >> , shawnguo@kernel.org, davem@davemloft.net, "david" >> Gesendet: Donnerstag, 30. Mai 2019 04:33:57 >> Betreff: Re: [RFC PATCH 1/2] crypto: Allow working with key references >> On Thu, May 30, 2019 at 12:48:43AM +0200, Richard Weinberger wrote: >>> Some crypto accelerators allow working with secure or hidden keys. >>> This keys are not exposed to Linux nor main memory. To use them >>> for a crypto operation they are referenced with a device specific id. >>> >>> This patch adds a new flag, CRYPTO_TFM_REQ_REF_KEY. >>> If this flag is set, crypto drivers should tread the key as >>> specified via setkey as reference and not as regular key. >>> Since we reuse the key data structure such a reference is limited >>> by the key size of the chiper and is chip specific. >>> >>> TODO: If the cipher implementation or the driver does not >>> support reference keys, we need a way to detect this an fail >>> upon setkey. >>> How should the driver indicate that it supports this feature? >>> >>> Signed-off-by: Richard Weinberger >> We already have existing drivers doing this. Please have a look >> at how they're doing it and use the same paradigm. You can grep >> for paes under drivers/crypto. > Thanks for the pointer. > So the preferred way is defining a new crypto algorithm prefixed with > "p" and reusing setkey to provide the key reference. The "p" in paes is because we call it "protected key aes". I think you are not limited to the "p". What Herbert tries to point out is that you may define your own cipher with an unique name and there you can handle your secure key references as you like. You may use the s390 paes implementation as a starting point. regards Harald Freudenberger > > Thanks, > //richard >