Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp3456838rwi;
        Wed, 12 Oct 2022 02:11:46 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM50kTlxRd9u5iZyWCwhmUyDdqDQe7L4qaheM29Bj/61KwNvXkjue4NVQ2cL/5nT1JRwhqHh
X-Received: by 2002:a17:907:72c7:b0:78d:513d:c2b8 with SMTP id du7-20020a17090772c700b0078d513dc2b8mr20899639ejc.470.1665565906685;
        Wed, 12 Oct 2022 02:11:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1665565906; cv=none;
        d=google.com; s=arc-20160816;
        b=AtjpWB8OkpXkbrvF9EF0RSSTlGy3MJ/wVWYfytxoDhJSl754OvWFuwHZ3inmsgOMsv
         QBmr5EbdXfSTpsL57PHYYk81EeVE0VHg5w1DJz5Kl/Zy+A2Xly4oixILa8Y5aBOtNGRw
         gxAHpnp7qkTNSsGt4iIRAgle1FwyvetGEKti8iPAPUcaxhI7nxuFOJSnK2e+DJbuOUZ5
         vyE4qyZwQO9UcrUEOOMPewKC52XMQCpFMJNf1HtSLipTpk3PbEjVaY0BycIKbuR7ja00
         NJzN7ooT6wf3P4CgQGtzYDq9Ttdl3NRJJR2aYrWYnJ5kciTiNLej5RFOsGG5ekHUhLff
         ceJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=wN9c81j2ThJO148IBcm9LdQeJiOll0iTN/b74xSa7Pg=;
        b=mvbMxauYCBkVIRGP8W2C795v21zmpeaWg6dF+0j0zWg91XKWgtDiaEVVhf27iOwa8m
         7CWRc3uC7yeXnTC+X7cAU+XAM/hvJtC4VP9IuWUvIHAr7N/WZXtsev33OpOZSzQHt6el
         OrMlEvdF8snCD47DnYtvY1mP+jUJDEBq8vKRAzeEvLRRHLvZ8Fc4WyYHPtoAoEmRY4NL
         UKshzheMeki6tJWX9z2QAEufRMckkKcGR4QQitL9IhzF1aRpN4QTQaFoaP/SgvqKooXd
         K7Z7XkrLPGxjpDLm0wAGW2zq6qmF9QZHX3E1geoAWcfBqyp9ZFrTGBeZbhF9TptoWk07
         iqSQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id n10-20020a1709067b4a00b0078d4b2754b5si15009610ejo.332.2022.10.12.02.11.22;
        Wed, 12 Oct 2022 02:11:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229542AbiJLJHe (ORCPT <rfc822;logchen2009@gmail.com>
        + 99 others); Wed, 12 Oct 2022 05:07:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45220 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229436AbiJLJHd (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 12 Oct 2022 05:07:33 -0400
Received: from fornost.hmeau.com (helcar.hmeau.com [216.24.177.18])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 911884599A;
        Wed, 12 Oct 2022 02:07:28 -0700 (PDT)
Received: from gwarestrin.arnor.me.apana.org.au ([192.168.103.7])
        by fornost.hmeau.com with smtp (Exim 4.94.2 #2 (Debian))
        id 1oiXgv-00DsnR-3W; Wed, 12 Oct 2022 20:06:18 +1100
Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Wed, 12 Oct 2022 17:06:17 +0800
Date:   Wed, 12 Oct 2022 17:06:16 +0800
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc:     Pankaj Gupta <pankaj.gupta@nxp.com>,
        "jarkko@kernel.org" <jarkko@kernel.org>,
        "a.fatoum@pengutronix.de" <a.fatoum@pengutronix.de>,
        "gilad@benyossef.com" <gilad@benyossef.com>,
        "jejb@linux.ibm.com" <jejb@linux.ibm.com>,
        "zohar@linux.ibm.com" <zohar@linux.ibm.com>,
        "dhowells@redhat.com" <dhowells@redhat.com>,
        "sumit.garg@linaro.org" <sumit.garg@linaro.org>,
        "david@sigma-star.at" <david@sigma-star.at>,
        "michael@walle.cc" <michael@walle.cc>,
        "john.ernberg@actia.se" <john.ernberg@actia.se>,
        "jmorris@namei.org" <jmorris@namei.org>,
        "serge@hallyn.com" <serge@hallyn.com>,
        "davem@davemloft.net" <davem@davemloft.net>,
        "j.luebbe@pengutronix.de" <j.luebbe@pengutronix.de>,
        "ebiggers@kernel.org" <ebiggers@kernel.org>,
        "richard@nod.at" <richard@nod.at>,
        "keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
        "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
        "linux-integrity@vger.kernel.org" <linux-integrity@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-security-module@vger.kernel.org" 
        <linux-security-module@vger.kernel.org>,
        Sahil Malhotra <sahil.malhotra@nxp.com>,
        Kshitiz Varshney <kshitiz.varshney@nxp.com>,
        Horia Geanta <horia.geanta@nxp.com>,
        Varun Sethi <V.Sethi@nxp.com>
Subject: Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the
 tfm
Message-ID: <Y0aDiLp7BztzwNez@gondor.apana.org.au>
References: <20221006130837.17587-1-pankaj.gupta@nxp.com>
 <20221006130837.17587-4-pankaj.gupta@nxp.com>
 <Yz/OEwDtyTm+VH0p@gondor.apana.org.au>
 <DU2PR04MB8630CBBB8ABDC3768320C18195209@DU2PR04MB8630.eurprd04.prod.outlook.com>
 <Y0Q3JKnWSNIC4Xlu@zx2c4.com>
 <Y0UxY51KQoKCq59o@gondor.apana.org.au>
 <Y0XLqd/+C1sxq2G0@zx2c4.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Y0XLqd/+C1sxq2G0@zx2c4.com>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Tue, Oct 11, 2022 at 02:01:45PM -0600, Jason A. Donenfeld wrote:
>
> I've got no stake in this, but isn't the whole idea that if you specify
> "aes" you get AES, and if you specify "cbc(aes)" you get AES-CBC, and so
> forth? And so leaking implementation details into the algorithm name
> feels like it breaks the abstraction a bit.

Well, keys stored in hardware are fundamentally incompatible with
the algorithm/implementation model.  The whole point of having
algorithms with multiple implementations (e.g., drivers) is that
they all provide exactly the same functionality and could be
substituted at will.

This completely breaks down with hardware keys because by definition
the key is stored in a specific piece of hardware so it will only
work with a particular driver.  IOW it almost never makes sense
to allocate "aes" if you have a hardware key, you almost always
want to allocate "aes-mydriver" instead.

> Rather, drivers that do AES should be called "aes". For this hardware
> key situation, I guess that means keys have a type (in-memory vs
> hardware-resident). Then, a crypto operation takes an "algorithm" and a
> "key", and the abstraction then picks the best implementation that's
> compatible with both the "algorithm" and the "key".

No the key is already in a specific hardware bound to some driver.
The user already knows where the key is and therefore they know
which driver it is.

> If you don't want a proliferation of different ways of doing the same
> thing, maybe the requirement should be that the author of this series
> also converts the existing "paes" kludge to use the new thing he's
> proposing?

Yes that would definitely be a good idea.  We should also talk to the
people who added paes in the first place, i.e., s390.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt