Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1248789ybh; Thu, 16 Jul 2020 07:13:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyFMEw+XRfGtAicaEScSoE8EeCrSSMqmbJ3tFII+il+TILiOJCOCZ7EdwZUL9GFC9PkugsO X-Received: by 2002:a50:d55b:: with SMTP id f27mr4731568edj.312.1594908823999; Thu, 16 Jul 2020 07:13:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594908823; cv=none; d=google.com; s=arc-20160816; b=f2IYJyn6NyF5JXBk9NVKwKhCBuLmr91dGOHqdrR7heKKe73UPS52iSKdYreg9nSTGu mcHbLvASIFlPgzpXED7VPjduFYKqth0D8Y0dOAGvdp1u3YiVEzkbtw49LPHiFFULRjcx kljwj0lmQpQcnCqzVPG+EETnfUd55LviCsozoNw4CMDKvAFWXVGendNMj1ko8R7oXedC Q/C6bI2HTnAfGTMyHKWyIPCLqt6qzikDfwkvjt1LhlZ169iMcIla+IZNI7hOr1tN4fMm M24agYh67RhEU9Ylt6CuXJSSM+316srunvp9r/zLJBBFP3OdbtYe3x00UyEgOTy2mmyg 4xAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=MunR6GZ/FxKH9Lu0jf46UJO1MCI3dtMcL3Xjnx8nY0k=; b=dhkZmjLunXjvEUgc0nyrYP5x9hUakd7+1OrP6EAH7I5xAG0sTW1PpqOjd+03Y8S6lU PY6/dA0NivFo1SKeoIVCd/pm5PkEx1tma9Z/GTjyjoa/RkMfAz3POGbRVF80oXZjbLyG +WgeHMPEvjCRsUbm0JaaLfXOnBObWIplFYNznyiGzK/MDhfq1iTNnF+Bm93RcKotqnOe X/WtF3vX0FrmaKlAqjr1VZVI6gIqMcRNRzsPzDpz5GKLIlx5Y0SAdtjcBOj7SmQN9/pw KdlBtLKZ4KJkUvH/Pru41z0EMBLLYRvwffotIqwLPbqt0x1Tvz6SfPAD+j+gc789CqFF uoLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=K77ER9aR; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a3si3370928ejd.741.2020.07.16.07.13.17; Thu, 16 Jul 2020 07:13:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=K77ER9aR; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726986AbgGPONK (ORCPT + 99 others); Thu, 16 Jul 2020 10:13:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726537AbgGPONK (ORCPT ); Thu, 16 Jul 2020 10:13:10 -0400 Received: from mail-qv1-xf44.google.com (mail-qv1-xf44.google.com [IPv6:2607:f8b0:4864:20::f44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23FE7C061755; Thu, 16 Jul 2020 07:13:10 -0700 (PDT) Received: by mail-qv1-xf44.google.com with SMTP id h17so2756167qvr.0; Thu, 16 Jul 2020 07:13:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MunR6GZ/FxKH9Lu0jf46UJO1MCI3dtMcL3Xjnx8nY0k=; b=K77ER9aR+pqx/w1FjvCLoGx4bmnx/2ysFiLoCUKUY743rR4JHoFmv5q72gUKIDhEbL uq9bCW1jTLMn5WJKuKz2As/WzA3039C1Y2yWBCVe+uxNC8upI5Z/dvX777At+scMYozm y7lHDAFd6Pj7h1TzD6TEGTSD34DunHCjsV15uFKKnOYSnHM+xpOVW2EERo7Q/XBywkzO l5tiSnIjnASSa+Pzxm2FzMVCTbnQdKv/gbbIYYYXEfEukhN5Qy9ksfqg1pUn+W35LJUA SDvyzW1Zir1Po3jZUJQUceDtPlKN6iWas44Rk0J2lVdo/kZQSaP7mLgHyhq2Fno4PKpo N4vQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MunR6GZ/FxKH9Lu0jf46UJO1MCI3dtMcL3Xjnx8nY0k=; b=b5omWWBeJ89zzkqEgRvkyk19OpihynKp0yVcFa1/dA6wfpYjGatZHJO0R+YyhshCRd 16wMJv72t2znFp+lFd1X1nnBy28Ju1jUgqDMeSQZmLstqPsvnEz7zzJWkNIoD7AxUaPF FXfCN4TGqsoqkqXNrK/xbFsUfbZGb/hs0HMPV1Nn/71S11ffIDLTVvjxs5Y12Ts53ANW 5EDDjyPwAmHxTR+WRLzlFB4WgcR8l3U5oOHdA5DegDwa7qKJJeW3Jb1lq6+GZk9Wpvus y2v9FzDx8lL2P9ShW09F5MFGgV4gjb74f6aZzLXpVY8715LvnpRM+EKZZv44KI+UoSvR UtNw== X-Gm-Message-State: AOAM53025JsILQHGGUR8fUackYqlT4tcvoMy+gVhD7aiKNCuXo5FyxIQ ZhembtiE4gpxEEKVFOeEcOXn05RZ+zN2DVu1KMPhkg== X-Received: by 2002:a05:6214:a85:: with SMTP id ev5mr4277615qvb.153.1594908789189; Thu, 16 Jul 2020 07:13:09 -0700 (PDT) MIME-Version: 1.0 References: <1594591536-531-1-git-send-email-iuliana.prodan@nxp.com> <1594591536-531-3-git-send-email-iuliana.prodan@nxp.com> In-Reply-To: <1594591536-531-3-git-send-email-iuliana.prodan@nxp.com> From: Richard Weinberger Date: Thu, 16 Jul 2020 16:12:57 +0200 Message-ID: Subject: Re: [PATCH 2/2] crypto: caam - support tagged keys for skcipher algorithms To: Iuliana Prodan Cc: Herbert Xu , Horia Geanta , Aymen Sghaier , "David S. Miller" , Silvano Di Ninno , Franck Lenormand , Linux Crypto Mailing List , LKML , linux-imx , David Gstir Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jul 13, 2020 at 12:09 AM Iuliana Prodan wrote: > > Tagged keys are keys that contain metadata indicating what > they are and how to handle them using tag_object API. > > Add support, for tagged keys, to skcipher algorithms by > adding new transformations, with _tk_ prefix to distinguish > between plaintext and tagged keys. > > For job descriptors a new option (key_cmd_opt) was added for KEY command. > Tagged keys can be loaded using only a KEY command with ENC=1 > and the proper setting of the EKT bit. The EKT bit in the > KEY command indicates which encryption algorithm (AES-ECB or > AES-CCM) should be used to decrypt the key. These options will be kept in > key_cmd_opt. > > The tk_ transformations can be used directly by their name: > struct sockaddr_alg sa = { > .salg_family = AF_ALG, > .salg_type = "skcipher", /* this selects the symmetric cipher */ > .salg_name = "tk(cbc(aes))" /* this is the cipher name */ > }; > or for dm-crypt, e.g. using dmsetup: > dmsetup -v create encrypted --table "0 $(blockdev --getsz /dev/mmcblk2p10) > crypt capi:tk(cbc(aes))-plain :32:logon:seckey 0 /dev/mmcblk2p10 0 1 > sector_size:512". How to use it with cryptsetup? I'm asking because it is not clear to me why you are not implementing a new kernel key type (KEYS subsystem) to utilize tagged keys. Many tools already support the keyctl userspace interface (cryptsetup, fscrypt, ...). -- Thanks, //richard