Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1318373rwi; Mon, 10 Oct 2022 14:42:06 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5G5LqfBhSYP3NLMy9taBi0IKAfGWcOgWchfmykVp0ckSsadgU9b9N4yK69wMnSv0W7swV+ X-Received: by 2002:a05:6402:2947:b0:451:32a:2222 with SMTP id ed7-20020a056402294700b00451032a2222mr19819196edb.376.1665438125763; Mon, 10 Oct 2022 14:42:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665438125; cv=none; d=google.com; s=arc-20160816; b=mlcROBhILGcA3teVD6FkGz6nWwJlONIE49yDGIt7YYmYRpTIZp4OFnbmmLFG/BFXoH /zWdmbgDZQRDsPk4UEhTR8BGwk5Vp6YpvETu29n8mmaiQ93Xh0wVDZyfr+LYeOPeNHOk oFM1ASDxks/FDwm4CeYmdmQl+qS5C6R3JeMhhoTpdHAgSQGgiZPF2FB0XxfdgsJGzLa7 5yXKLCa5o9kbPHMY4ZxQiJPL3dNzp7BnZFn2kDycjqW1f5+/7yNcE6PdphVEAerEOd2k 3aZQ9W5zSFOSsndT8BXPSc9vBts834rQWS5pSSXwmkR8SXXg819pCa3doeXxtxppzwxf dEkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=VMldxqHe7oqZnxhOWbNDSf+/ipc4cdrY3PI40/wIFyY=; b=qutpm5O8UrfzFKuip/sbrKwD+HRGkG+SXWtt9zaQDYyTyqtuw0Bl23pr31371MxwV2 Lxs3GYgF/lZGjs+8RNJhsnD9BRUP3fty0JsrhYcTbk+6RjAzJhrPdOBbjJBGRRLyI0+D c7Me48YFy1srkUh82vS+zQh4GAhd7VA1eX4EK5tvcFir7/H9EsmGe40sSI8rYOU1SQIx SPw2eeLGuVuhGKPtbUiDMpNP8iUqMa53qeTAM3NmPI7Z/DvovBMJm54DJgAep99sHYeZ LdytYxux8KKFplavRQze8Ev00iTnpg9kwNB/G36jWVtc61qQjyUHcZ39HTgqhtvA11gw DILw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=CAEjxiNC; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b13-20020a056402278d00b00459348cc7d0si12625285ede.588.2022.10.10.14.41.35; Mon, 10 Oct 2022 14:42:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@sigma-star.at header.s=google header.b=CAEjxiNC; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sigma-star.at Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229481AbiJJVf4 (ORCPT + 99 others); Mon, 10 Oct 2022 17:35:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229587AbiJJVfy (ORCPT ); Mon, 10 Oct 2022 17:35:54 -0400 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E83C7D1D5 for ; Mon, 10 Oct 2022 14:35:51 -0700 (PDT) Received: by mail-wm1-x32e.google.com with SMTP id bg9-20020a05600c3c8900b003bf249616b0so7087931wmb.3 for ; Mon, 10 Oct 2022 14:35:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigma-star.at; s=google; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=VMldxqHe7oqZnxhOWbNDSf+/ipc4cdrY3PI40/wIFyY=; b=CAEjxiNCW9LHGV0xN0Q++SUzIDZqtVfDFAw45WPF7haNM/KA16A0B7RWvuzWIX4/Tg u4rVcvonRwwbM+VKFKRgS+gqIftQVevj3jrBCQuhibhDTjXeX63XVCHR4iHyB6O7L38z AeBm6A46eDkB5FzYqTvpSF0KewaxxhG9qiX05EX21km//OEPWyb7Dd8kO+Wf8FMMwRtj 7YUouRiS4jFlHvoTM7OX1ayed0QHJKGrKUEQpbLLsu4tZqbc4wDwe81sJSfUo+Hxi6j9 b8rfj36BGLda+/XjH5/Beh0FU0mPZY/E6Q4oqA3K6qc+0XUvje2G2qlvtZEMXJQjhFP/ peNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VMldxqHe7oqZnxhOWbNDSf+/ipc4cdrY3PI40/wIFyY=; b=R51cOEmgkYQ4fadlEXHWf7G68OIDGV2wJciZ1oYYNcuOTbsrB9IoY2sackJvlYnByp BLSEg82nB8fiUL1YfbehW6RzW5lMQNPkQVteb5vk+5WHG6SxLZv490s3wYCnSTaFW9BR AwR9m8O+Jb11H3lL367xR5nsZ8QpNuUH9JWHB3gZKgklDyQnc3kr7k+ZTtCihSbyXHLh rlutEu+MFH2rtBL35Rx3AcqgyP6PnWyIkROVRnpEvzPZeFW5Yq3NVDLuVvpKRmJDlffH LoT5vmncGv/7+/mw6tVpnQeBNE60oUjfCBW3Qpxyjsx3B1hhCwzgmz2VVJOGpOJeg3Hv PdVQ== X-Gm-Message-State: ACrzQf0NLWnJ9HdZCIXm1P/dW45kC7YccMf1XXl5gr/afG22/8g4TPRX 6YrVtHJhcl+Y4TtAXb6jyHhVHQ== X-Received: by 2002:a05:600c:444b:b0:3b4:cb9e:bd5c with SMTP id v11-20020a05600c444b00b003b4cb9ebd5cmr21012193wmn.124.1665437749904; Mon, 10 Oct 2022 14:35:49 -0700 (PDT) Received: from smtpclient.apple (17-14-114.cgnat.fonira.net. [185.17.14.114]) by smtp.gmail.com with ESMTPSA id l5-20020adfe9c5000000b0022da3977ec5sm9674476wrn.113.2022.10.10.14.35.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Oct 2022 14:35:49 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\)) Subject: Re: [EXT] [PATCH v0 3/8] crypto: hbk flags & info added to the tfm From: David Gstir In-Reply-To: Date: Mon, 10 Oct 2022 23:35:47 +0200 Cc: Pankaj Gupta , Herbert Xu , Jarkko Sakkinen , Ahmad Fatoum , "gilad@benyossef.com" , James Bottomley , Mimi Zohar , David Howells , Sumit Garg , "michael@walle.cc" , "john.ernberg@actia.se" , James Morris , "Serge E. Hallyn" , "David S. Miller" , Jan Luebbe , Eric Biggers , Richard Weinberger , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Sahil Malhotra , Kshitiz Varshney , =?utf-8?Q?Horia_Geant=C4=83?= , Varun Sethi Content-Transfer-Encoding: quoted-printable Message-Id: <6A3D70F9-1206-4EBB-BFCC-CA3733688EFC@sigma-star.at> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> <20221006130837.17587-4-pankaj.gupta@nxp.com> To: "Jason A. Donenfeld" X-Mailer: Apple Mail (2.3696.120.41.1.1) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org > On 10.10.2022, at 17:15, Jason A. Donenfeld wrote: >=20 > On Mon, Oct 10, 2022 at 11:15:00AM +0000, Pankaj Gupta wrote: >>> Nack. You still have not provided a convincing argument why this is = necessary >>> since there are plenty of existing drivers in the kernel already = providing similar >>> features. >>>=20 >> CAAM is used as a trusted source for trusted keyring. CAAM can expose >> these keys either as plain key or HBK(hardware bound key- managed by >> the hardware only and never visible in plain outside of hardware). >>=20 >> Thus, Keys that are inside CAAM-backed-trusted-keyring, can either be >> plain key or HBK. So the trusted-key-payload requires additional flag >> & info(key-encryption-protocol) to help differentiate it from each >> other. Now when CAAM trusted-key is presented to the kernel crypto >> framework, the additional information associated with the key, needs >> to be passed to the hardware driver. Currently the kernel keyring and >> kernel crypto frameworks are associated for plain key, but completely >> dis-associated for HBK. This patch addresses this problem. >>=20 >> Similar capabilities (trusted source), are there in other crypto >> accelerators on NXP SoC(s). Having hardware specific crypto algorithm >> name, does not seems to be a scalable solution. >=20 > Do you mean to say that other drivers that use hardware-backed keys do > so by setting "cra_name" to something particular? Like instead of = "aes" > it'd be "aes-but-special-for-this-driver"? If so, that would seem to > break the design of the crypto API. Which driver did you see that does > this? Or perhaps, more generally, what are the drivers that Herbert is > talking about when he mentions the "plenty of existing drivers" that > already do this? I believe what Herbert means are drivers registered with the cipher name=20= prefix =E2=80=9Cp=E2=80=9D. E.g. [1] registers multiple =E2=80=9Cpaes=E2=80= =9D variants. There was a previous patch set for CAAM where this was suggested as well [2]. - David [1] = https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/dr= ivers/crypto/ccree/cc_cipher.c#n1011 [2] = https://lore.kernel.org/linux-crypto/20200716073610.GA28215@gondor.apana.o= rg.au/=