RE: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm
From: Pankaj Gupta <pankaj.gupta@nxp.com>
Date: 2022-10-11 11:32:57
Also in:
keyrings, linux-crypto, linux-integrity, lkml
-----Original Message----- From: Herbert Xu <herbert@gondor.apana.org.au> Sent: Tuesday, October 11, 2022 2:34 PM To: Jason A. Donenfeld <Jason@zx2c4.com> Cc: Pankaj Gupta <pankaj.gupta@nxp.com>; jarkko@kernel.org; a.fatoum@pengutronix.de; gilad@benyossef.com; jejb@linux.ibm.com; zohar@linux.ibm.com; dhowells@redhat.com; sumit.garg@linaro.org; david@sigma-star.at; michael@walle.cc; john.ernberg@actia.se; jmorris@namei.org; serge@hallyn.com; davem@davemloft.net; j.luebbe@pengutronix.de; ebiggers@kernel.org; richard@nod.at; keyrings@vger.kernel.org; linux-crypto@vger.kernel.org; linux- integrity@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security- module@vger.kernel.org; Sahil Malhotra [off-list ref]; Kshitiz Varshney [off-list ref]; Horia Geanta [off-list ref]; Varun Sethi [off-list ref] Subject: Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Caution: EXT Email On Mon, Oct 10, 2022 at 09:15:48AM -0600, Jason A. Donenfeld wrote:quoted
Do you mean to say that other drivers that use hardware-backed keys do so by setting "cra_name" to something particular? Like instead of "aes" it'd be "aes-but-special-for-this-driver"? If so, that would seem to break the design of the crypto API. Which driver did you see that does this? Or perhaps, more generally, what are the drivers that Herbert is talking about when he mentions the "plenty of existing drivers" that already do this?Grep for paes for the existing drivers that support this. I don't have anything against this feature per se, but the last thing we want is a proliferation of different ways of doing the same thing.
Our goal is to have a generic solution, which can be extended to any driver dealing with: - Generating HBK and adding to trusted keyring. - Using the trusted keyring's HBK for crypto operation. With this framework in place, driver specific custom changes can be avoided, bridging the interface-gap of: kernel-keyring <-> kernel-crypto-layer. Thanks.
Cheers, -- Email: Herbert Xu [off-list ref] Home Page: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo r.apana.org.au%2F~herbert%2F&data=05%7C01%7Cpankaj.gupta%40nx p.com%7C4ef27fc922d04350ca9f08daab67a1a3%7C686ea1d3bc2b4c6fa92cd9 9c5c301635%7C0%7C0%7C638010758832054902%7CUnknown%7CTWFpbGZs b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn 0%3D%7C3000%7C%7C%7C&sdata=SOguJ9LGhSCDmspbjDIEzkQLk9Bz% 2FsS0B%2BLNc4gzRo8%3D&reserved=0 PGP Key: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo r.apana.org.au%2F~herbert%2Fpubkey.txt&data=05%7C01%7Cpankaj.g upta%40nxp.com%7C4ef27fc922d04350ca9f08daab67a1a3%7C686ea1d3bc2b 4c6fa92cd99c5c301635%7C0%7C0%7C638010758832054902%7CUnknown%7C TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hCzT2fPfJ%2BBNVqN6JR wMx9zNJkqvdRSLrR68ubhCvN4%3D&reserved=0