lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 7 Mar 2019 13:17:48 +0000
From:   Franck Lenormand <franck.lenormand@....com>
To:     David Howells <dhowells@...hat.com>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-security-module@...r.kernel.org" 
        <linux-security-module@...r.kernel.org>,
        "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
        Horia Geanta <horia.geanta@....com>,
        Silvano Di Ninno <silvano.dininno@....com>,
        "agk@...hat.com" <agk@...hat.com>,
        "snitzer@...hat.com" <snitzer@...hat.com>,
        "dm-devel@...hat.com" <dm-devel@...hat.com>,
        "jmorris@...ei.org" <jmorris@...ei.org>,
        "serge@...lyn.com" <serge@...lyn.com>
Subject: RE: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in
 dmcrypt

> -----Original Message-----
> From: David Howells <dhowells@...hat.com>
> Sent: Wednesday, March 6, 2019 6:30 PM
> To: Franck Lenormand <franck.lenormand@....com>
> Cc: dhowells@...hat.com; linux-kernel@...r.kernel.org; linux-security-
> module@...r.kernel.org; keyrings@...r.kernel.org; Horia Geanta
> <horia.geanta@....com>; Silvano Di Ninno <silvano.dininno@....com>;
> agk@...hat.com; snitzer@...hat.com; dm-devel@...hat.com;
> jmorris@...ei.org; serge@...lyn.com
> Subject: Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in
> dmcrypt
> 
> Franck LENORMAND <franck.lenormand@....com> wrote:
> 
> > The capacity to generate or load keys already available in the Linux
> > key retention service does not allows to exploit CAAM capabilities
> > hence we need to create a new key_type. The new key type "caam_tk"
> allows to:
> >  - Create a black key from random
> >  - Create a black key from a red key
> >  - Load a black blob to retrieve the black key
> 
> Is it possible that this could be done through an existing key type, such as the
> asymmetric, trusted or encrypted key typed?
> 
> David

Hello David,

I didn't know about asymmetric key type so I looked it up, from my
observation, it would not be possible to use it for the caam_tk as
we must perform operations on the data provided.
The name " asymmetric " is also misleading for the use we would have.

The trusted and encrypted does not provides the necessary
callbacks to do what we would need or require huge modifications.

I would like, for this series to focus on the change related to
dm-crypt. In effect, it is currently not possible to pass a key
from the asymmetric key type to it.

Franck

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ