Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp4333787pxt;
        Wed, 11 Aug 2021 03:44:16 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwyr7ik7lsTxHxrZApai1BUyTkeG7SqBkRSCcevQUkEpT0Gpea52FvEkyr+AfyO3amyCedH
X-Received: by 2002:a17:906:3cf2:: with SMTP id d18mr2979824ejh.437.1628678655918;
        Wed, 11 Aug 2021 03:44:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1628678655; cv=none;
        d=google.com; s=arc-20160816;
        b=wurxHM+sCfOoYDdngWmW4b8APlqZeb7PNvMNZWiEdT3bvD85UVR5iKA7LTVhkbPB+Y
         Md3pY2jFLPnrK5qsimaeNDdW9aUZXSpHy1xxN10a/rlSqIIZHL8OHp+6zXAjj49j6owI
         0te8vnXpwIQHEu0zA2HKjIjEYcT/RWWIyFfGYTdsx9pvjuY26cAxFswWIWl2pTIFz453
         aKC6D8Ntw2bz1XLECEEnxf14KfLirpktLATF1o9JpMsli/0VShZtNsQaeY7Cud0bpxeA
         scz+I/Zv8VJJCjjZ/y/0j6mWXKZ+liVciIYpn3odu90mIjE5a7+cLASUZdl5nNBoiXPY
         Cw7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:reply-to:cc:from:to:date;
        bh=R7fdky6j7Kq7850tqm10aFTTYYmW2vn1nIwzsqX1zDQ=;
        b=ucAVlm03kctMQiBMQp93Pyem0+cd7HH0BnyYmdkHJs3r3NZSFYTGF1t9bIlxt4pqVD
         AVZAPmaHM+4BMZDtrgmA6jK7cz6abJbZ3JYGl1oP3vX5jwr+A7SQ4hvnpJxJcybhutuJ
         0Kan02wBiB5pQiZABGGBBmpY7ECXnlJTA1stfx2aHqlN2MxTP6NE/IRyhPzEADOswpBm
         kzhw8A/NF5+A2VjfMjYGrXa0bgwcNUqibmHnOTserjvQ/FqfhtLpXHfY9I8Tx6cElYAi
         sDlqbEiUDGiz0Q9L6SnraKzKsGKL7pSBRvTPIWfyo95LhlOOrGw8Hh5Qr6YUVlL9L0s3
         dTnw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x8si4746875edd.516.2021.08.11.03.43.45;
        Wed, 11 Aug 2021 03:44:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236863AbhHKKoE convert rfc822-to-8bit (ORCPT
        <rfc822;sonicqiang@gmail.com> + 99 others);
        Wed, 11 Aug 2021 06:44:04 -0400
Received: from mail-0201.mail-europe.com ([51.77.79.158]:34795 "EHLO
        mail-0201.mail-europe.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236830AbhHKKoE (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 11 Aug 2021 06:44:04 -0400
Date:   Wed, 11 Aug 2021 10:43:01 +0000
Authentication-Results: mail-4316.protonmail.ch; dkim=none
To:     Ahmad Fatoum <a.fatoum@pengutronix.de>
From:   David Gstir <david@sigma-star.at>
Cc:     =?utf-8?Q?Horia_Geant=C4=83?= <horia.geanta@nxp.com>,
        Aymen Sghaier <aymen.sghaier@nxp.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>, kernel@pengutronix.de,
        James Bottomley <jejb@linux.ibm.com>,
        Jarkko Sakkinen <jarkko@kernel.org>,
        Mimi Zohar <zohar@linux.ibm.com>,
        David Howells <dhowells@redhat.com>,
        James Morris <jmorris@namei.org>,
        Eric Biggers <ebiggers@kernel.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Udit Agarwal <udit.agarwal@nxp.com>,
        Jan Luebbe <j.luebbe@pengutronix.de>,
        Richard Weinberger <richard@nod.at>,
        Franck LENORMAND <franck.lenormand@nxp.com>,
        Sumit Garg <sumit.garg@linaro.org>,
        linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org
Reply-To: David Gstir <david@sigma-star.at>
Subject: Re: [PATCH 3/4] crypto: caam - add in-kernel interface for blob generator
Message-ID: <85A1078F-B8E1-4E5F-A59A-23BDFB750C83@sigma-star.at>
In-Reply-To: <7cc83edd-dc39-ee7e-d18c-30b2492247ea@pengutronix.de>
References: <cover.9fc9298fd9d63553491871d043a18affc2dbc8a8.1626885907.git-series.a.fatoum@pengutronix.de> <4078060ab2e44114af8204b4defea4f3d4b9e285.1626885907.git-series.a.fatoum@pengutronix.de> <796E18E6-1329-40D6-B12F-4CE6C90DD988@sigma-star.at> <7cc83edd-dc39-ee7e-d18c-30b2492247ea@pengutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8BIT
X-Spam-Status: No, score=-1.0 required=10.0 tests=ALL_TRUSTED shortcircuit=no
        autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
        mailout.protonmail.ch
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hi Ahmad,

> On 11.08.2021, at 12:22, Ahmad Fatoum <a.fatoum@pengutronix.de> wrote:
>
>> Since you already assert that MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN
>> in security/keys/trusted-keys/trusted_caam.c, this will never
>> be an issue for CAAM-based trusted-keys though.
> I omitted checks in code, which are verified at compile-time.
> Would you prefer a runtime check to be added as well?

I’d say the compile-time check suffices, unless this is intended
to be used outside of trusted-keys. But I don’t think this is very likely…

Cheers,
David