Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp3572740pxt;
        Tue, 10 Aug 2021 06:41:11 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwybW204N1GfHSVsS5QmlKRy1PbTUa0w2jxGIC4yqfnoykZpf7cGVyqDrx1eudGp0ydbL1P
X-Received: by 2002:a92:ddc9:: with SMTP id d9mr92249ilr.204.1628602871750;
        Tue, 10 Aug 2021 06:41:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1628602871; cv=none;
        d=google.com; s=arc-20160816;
        b=MHjtT5SmrBLHZIANwhgLax3fZDxFay2XNLy62fJwa0Gm2r57GuvEN4Djo8REcKPPC1
         Uayf1jIF3x+PApF4MM4JmLi/X7wdTqf1zubJ3HBsH9IclYO9cbQbUT0PQIkllJdyME7F
         NyVA8amJsC1HPgMuOmxGktQ1wBy1K/9xl3fAMHblbr82g6Ar9aG0xAjwvnsImKpV9+Ho
         RiXoIVVr9N38BoNf5+wyUynIQp3DNizUWJSUbN0g9obfrAdd03446BUcwmGbUR4H3SDC
         UuOHMng17pbmxZILM7gnBJx0nSzKBQbvaLl8r8oW9TmMgRjZt7YzFHK+d0L7Faz6/XOp
         ZVkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:reply-to:cc:from:to:date;
        bh=voDTaJtGSmmrOlmqLskrt8lbIiqFRGpCDRLeNrECw30=;
        b=SO0ldORBU0gRunD6h90du42JunaFy3AC0rzs592FQTcRAOnn+/zZv5T5ATqtf/bylT
         7/RGFHFvenwLjnO/q9cHnrkMxMZXRSgT9wzCy/mSInys650R/pT+B6u5aZZMBWurkrnz
         vQYEEHAylFyjaiux5aaObMgyZKAUZLJsMzYJ/y+RUuRPHTuFZdwYNnZwXWwCayfYnFHN
         fox/fVVP33/Y6m6SNLIZPCmAup+rJeeb4k4KnbmlDgR4ELnC1lVLSPx7SjQpPxrcpNY1
         un0B1Eae8OX3ewczKlMe/uH1t1aacOU/42y0kNUg7gq8bRpNDqqhMSGu0mUnq1oZiaxr
         6HSw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id j15si2160473ile.95.2021.08.10.06.41.00;
        Tue, 10 Aug 2021 06:41:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238252AbhHJL3i convert rfc822-to-8bit (ORCPT
        <rfc822;sonicqiang@gmail.com> + 99 others);
        Tue, 10 Aug 2021 07:29:38 -0400
Received: from mail-0201.mail-europe.com ([51.77.79.158]:40431 "EHLO
        mail-0201.mail-europe.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240110AbhHJL3h (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 10 Aug 2021 07:29:37 -0400
Date:   Tue, 10 Aug 2021 11:28:25 +0000
Authentication-Results: mail-4316.protonmail.ch; dkim=none
To:     Ahmad Fatoum <a.fatoum@pengutronix.de>
From:   David Gstir <david@sigma-star.at>
Cc:     Jarkko Sakkinen <jarkko@kernel.org>,
        =?utf-8?Q?Horia_Geant=C4=83?= <horia.geanta@nxp.com>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Aymen Sghaier <aymen.sghaier@nxp.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        James Bottomley <jejb@linux.ibm.com>,
        Jan Luebbe <j.luebbe@pengutronix.de>,
        Udit Agarwal <udit.agarwal@nxp.com>,
        Sumit Garg <sumit.garg@linaro.org>,
        Eric Biggers <ebiggers@kernel.org>,
        Franck LENORMAND <franck.lenormand@nxp.com>,
        Richard Weinberger <richard@nod.at>,
        James Morris <jmorris@namei.org>, linux-kernel@vger.kernel.org,
        David Howells <dhowells@redhat.com>,
        linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, kernel@pengutronix.de,
        linux-integrity@vger.kernel.org,
        Steffen Trumtrar <s.trumtrar@pengutronix.de>,
        "Serge E. Hallyn" <serge@hallyn.com>
Reply-To: David Gstir <david@sigma-star.at>
Subject: Re: [PATCH 0/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Message-ID: <74737543-4A73-49F8-92F7-F7FFE64A00DB@sigma-star.at>
In-Reply-To: <8321cac9-350b-1325-4b7e-390f4f292070@pengutronix.de>
References: <cover.9fc9298fd9d63553491871d043a18affc2dbc8a8.1626885907.git-series.a.fatoum@pengutronix.de> <b9e44f8e-84a0-90be-6cfc-d3a0bde12178@pengutronix.de> <20210809093519.er32rmspuvkrww45@kernel.org> <8321cac9-350b-1325-4b7e-390f4f292070@pengutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8BIT
X-Spam-Status: No, score=-1.0 required=10.0 tests=ALL_TRUSTED shortcircuit=no
        autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
        mailout.protonmail.ch
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hi Ahmad,

> On 09.08.2021, at 12:16, Ahmad Fatoum <a.fatoum@pengutronix.de> wrote:

[...]

> If it interests you, I described[2] my CAAM+ubifs+fscrypt use case in the
> discussion thread on my fscrypt-trusted-keys v1. Jan, a colleague of mine, held a
> talk[3] on the different solutions for authenticated and encrypted storage, which
> you may want to check out.
>
> I'd really appreciate feedback here on the the CAAM parts of this series, so this can
> eventually go mainline.

Since you mention the fscrypt trusted-keys use case:

I noticed that the key length for trusted-keys is limited to
256 - 1024bit keys. fscrypt does however also support keys
with e.g. 128bit keys (AES-128-CBC-ESSIV, AES-128-CTS-CBC).
AFAIK, CAAM and TEE key blobs would also support key lengths outside the 256 - 1024bit range.

Wouldn’t it make sense to align the supported key lengths?
I.e. extend the range of supported key lengths for trusted keys.
Or is there a specific reason why key lengths below 256bit are
not supported by trusted-keys?

Cheers,
David