Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1065697rwi; Fri, 14 Oct 2022 12:20:31 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6g9XR0wFo2fK6YVhOYWukKWE35kyqRgLzKyq5KyyITxlQhQiBgq3IxZe3jtQfrM8nAxY2u X-Received: by 2002:a65:6e4a:0:b0:438:874c:53fd with SMTP id be10-20020a656e4a000000b00438874c53fdmr5991204pgb.355.1665775231095; Fri, 14 Oct 2022 12:20:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665775231; cv=none; d=google.com; s=arc-20160816; b=NAgpOtXJNoSJJAgIK16eAOBafKASh68Oa7S2mccIBDB/6Quqd7dNNNvvNt4P0SFiSS 0dEQantmmHtReqIQosRu/2q7Jwtt1LgcK1smyporoySF2sU4tMTbhr+5RTjrcJJt08V1 +oNqrm+h4rlS9ECH3ygKV9ulNAxS7dpoUgFnWhlIXZydEOV9StFZW9nI+CxbqzyOMM+/ wm1ujoxKf5lfzk+Y+t5zgsGVef14JuhgRkFw2uNzs8VtAwZvsTXHKYgL0ljyhLWyxAZf M/ZpHWKv7T+PF75lKjnrjjGwnmACQLxr/OewTdJJ9rwqY3NUXwEUjiLgUk+5/eFOlSE9 SRGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=AoUaVX7WeSWMFX3nree3fUpxXXfgx6Q4WFZ3tSVkQHg=; b=J0HIwWmC0cdjCyWYKHOSW6YXhdV7dIG1xYaGrCZ10tQHHfh4RAUeyPx3hbNUbPfG4Y GFOlOTi88ABOVBdHRbAhicqyxY4pokAwNt8HVLOR/aQZFRjjyFXPD3SntNH78Lto+ZnR 5ZW5sPiRnJXvSHzIeyjY9PN9YdvnGjoD896QJJFoUEHMaM6lZfYlZ/Fc84UR9Kh/d10d 7rRh6PmhPIfoEzwR4J6HKuO2GlKndDXXG8f19bv24bCBSfJSwiIpKqk9rRGg5h9hsBcd iGu/B0c3CkXfaWnnLAV5d9T+3X2QWmMZO6qZmmW0nmJbmBmV9j5bFNM1pWgSsQSFqXW7 NTtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=UiEjKjYP; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u15-20020a170902e5cf00b0017dcda20fefsi4169254plf.232.2022.10.14.12.20.04; Fri, 14 Oct 2022 12:20:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=UiEjKjYP; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231231AbiJNTTs (ORCPT + 99 others); Fri, 14 Oct 2022 15:19:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38658 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231159AbiJNTTr (ORCPT ); Fri, 14 Oct 2022 15:19:47 -0400 Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6775F186FA for ; Fri, 14 Oct 2022 12:19:43 -0700 (PDT) Received: by mail-qk1-x729.google.com with SMTP id o2so3109089qkk.10 for ; Fri, 14 Oct 2022 12:19:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ziepe.ca; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=AoUaVX7WeSWMFX3nree3fUpxXXfgx6Q4WFZ3tSVkQHg=; b=UiEjKjYPArwu+erj/QUVX0fUkhEFZapV4R65wkaTG4gFBsMcgJkyatk9panVMud2En ULChv0jbZe6RCkW9Iub/eHAKRijGlZZLlyB/QtBtT8Jd2DMUP/dA/wbvumatgVajvxbP G7SxU8S1iwmPUTUEjd4IaN98wy6rQ8LTLC+JOHaboTX6clRtjnZnCfMw6W74UA5pn3tr f4O0lOsL1wNhPGua2PNkidmINtdhwvKbbfBBogrEW1mfetqWW+iVvZDMD0V2+7XBDAhI qJKG3H0SORHdEHhf5ZgcnL9I0h1XitsYBQy83ToiZvytz5BMG8lso5aBrU5+WRL62ScD yTsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=AoUaVX7WeSWMFX3nree3fUpxXXfgx6Q4WFZ3tSVkQHg=; b=56p4aUMIMwSIwSQsE2CrILgZlEMtMhwCyEfLiEMpyAOjOZDfK9Se4aG9rOhbsCN63a oaGpkG5ByWrC6kN225G8+2HZidZyRYXfeKu+kbFXXm+WP93+PDfwDjwxLIPe21YtCtX2 KCTeb2derqnf8GXfBwJvWrBuHh/8LjVPyh7znSULJpaIKyuTN0eV2oUgFGS4gypkHg// eB04Vtshfhc7e5cxgJNisDGrbnnnyWRzzZOgvqMSvO8byUFbCWhgENVG1dRyo91act37 muefmRvsU3hgk8jE/NKibJWE6y35vi7gHpAXdAOZuQ+KsWdX6ehXtwcdXJwHgxIRdQac LczQ== X-Gm-Message-State: ACrzQf1vOZontkoQM4xUeu7L9hOvSqyaKQ/Tl1v0sdK1VomKlkQcq1rt Pg4p1bLYhvAjc/OsRSXcGlnH4A== X-Received: by 2002:a37:bd84:0:b0:6cf:6049:f12a with SMTP id n126-20020a37bd84000000b006cf6049f12amr4919050qkf.697.1665775183082; Fri, 14 Oct 2022 12:19:43 -0700 (PDT) Received: from ziepe.ca (hlfxns017vw-47-55-122-23.dhcp-dynamic.fibreop.ns.bellaliant.net. [47.55.122.23]) by smtp.gmail.com with ESMTPSA id x78-20020a376351000000b006ce3cffa2c8sm3020159qkb.43.2022.10.14.12.19.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Oct 2022 12:19:42 -0700 (PDT) Received: from jgg by wakko with local (Exim 4.95) (envelope-from ) id 1ojQDd-003BJU-IB; Fri, 14 Oct 2022 16:19:41 -0300 Date: Fri, 14 Oct 2022 16:19:41 -0300 From: Jason Gunthorpe To: Herbert Xu Cc: "Jason A. Donenfeld" , Pankaj Gupta , "jarkko@kernel.org" , "a.fatoum@pengutronix.de" , "gilad@benyossef.com" , "jejb@linux.ibm.com" , "zohar@linux.ibm.com" , "dhowells@redhat.com" , "sumit.garg@linaro.org" , "david@sigma-star.at" , "michael@walle.cc" , "john.ernberg@actia.se" , "jmorris@namei.org" , "serge@hallyn.com" , "davem@davemloft.net" , "j.luebbe@pengutronix.de" , "ebiggers@kernel.org" , "richard@nod.at" , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Sahil Malhotra , Kshitiz Varshney , Horia Geanta , Varun Sethi Subject: Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Message-ID: References: <20221006130837.17587-1-pankaj.gupta@nxp.com> <20221006130837.17587-4-pankaj.gupta@nxp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Oct 12, 2022 at 05:06:16PM +0800, Herbert Xu wrote: > > Rather, drivers that do AES should be called "aes". For this hardware > > key situation, I guess that means keys have a type (in-memory vs > > hardware-resident). Then, a crypto operation takes an "algorithm" and a > > "key", and the abstraction then picks the best implementation that's > > compatible with both the "algorithm" and the "key". > > No the key is already in a specific hardware bound to some driver. > The user already knows where the key is and therefore they know > which driver it is. Do they? We have HW that can do HW resident keys as as well, in our case it is plugged into the storage system with fscrypt and all the crypto operations are being done "inline" as the data is DMA'd into/out of the storage. So, no crypto API here. I would say the user knows about the key and its binding in the sense they loaded a key into the storage device and mounted a fscrypt filesystem from that storage device - but the kernel may not know this explicitly. > > If you don't want a proliferation of different ways of doing the same > > thing, maybe the requirement should be that the author of this series > > also converts the existing "paes" kludge to use the new thing he's > > proposing? > > Yes that would definitely be a good idea. We should also talk to the > people who added paes in the first place, i.e., s390. Yes, it would be nice to see a comprehensive understand on how HW resident keys can be modeled in the keyring. Almost every computer now has a TPM that is also quite capable of doing operations with these kinds of keys. Seeing the whole picture, including how we generate and load/save/provision these things seems important. Jason