lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 7 Sep 2022 07:22:42 +0000
From:   Pankaj Gupta <pankaj.gupta@....com>
To:     Herbert Xu <herbert@...dor.apana.org.au>
CC:     "jarkko@...nel.org" <jarkko@...nel.org>,
        "a.fatoum@...gutronix.de" <a.fatoum@...gutronix.de>,
        "Jason@...c4.com" <Jason@...c4.com>,
        "jejb@...ux.ibm.com" <jejb@...ux.ibm.com>,
        "zohar@...ux.ibm.com" <zohar@...ux.ibm.com>,
        "dhowells@...hat.com" <dhowells@...hat.com>,
        "sumit.garg@...aro.org" <sumit.garg@...aro.org>,
        "david@...ma-star.at" <david@...ma-star.at>,
        "michael@...le.cc" <michael@...le.cc>,
        "john.ernberg@...ia.se" <john.ernberg@...ia.se>,
        "jmorris@...ei.org" <jmorris@...ei.org>,
        "serge@...lyn.com" <serge@...lyn.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "j.luebbe@...gutronix.de" <j.luebbe@...gutronix.de>,
        "ebiggers@...nel.org" <ebiggers@...nel.org>,
        "richard@....at" <richard@....at>,
        "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-security-module@...r.kernel.org" 
        <linux-security-module@...r.kernel.org>,
        Sahil Malhotra <sahil.malhotra@....com>,
        Kshitiz Varshney <kshitiz.varshney@....com>,
        Horia Geanta <horia.geanta@....com>,
        Varun Sethi <V.Sethi@....com>
Subject: RE: [EXT] Re: [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to
 the tfm



> -----Original Message-----
> From: Herbert Xu <herbert@...dor.apana.org.au>
> Sent: Tuesday, September 6, 2022 12:13 PM
> To: Pankaj Gupta <pankaj.gupta@....com>
> Cc: jarkko@...nel.org; a.fatoum@...gutronix.de; Jason@...c4.com;
> jejb@...ux.ibm.com; zohar@...ux.ibm.com; dhowells@...hat.com;
> sumit.garg@...aro.org; david@...ma-star.at; michael@...le.cc;
> john.ernberg@...ia.se; jmorris@...ei.org; serge@...lyn.com;
> davem@...emloft.net; j.luebbe@...gutronix.de; ebiggers@...nel.org;
> richard@....at; keyrings@...r.kernel.org; linux-crypto@...r.kernel.org;
> linux-integrity@...r.kernel.org; linux-kernel@...r.kernel.org; linux-
> security-module@...r.kernel.org; Sahil Malhotra
> <sahil.malhotra@....com>; Kshitiz Varshney <kshitiz.varshney@....com>;
> Horia Geanta <horia.geanta@....com>; Varun Sethi <V.Sethi@....com>
> Subject: [EXT] Re: [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to
> the tfm
> 
> Caution: EXT Email
> 
> On Tue, Sep 06, 2022 at 12:21:51PM +0530, Pankaj Gupta wrote:
> > Consumer of the kernel crypto api, after allocating the
> > transformation, sets this flag based on the basis of the type of key
> > consumer has. This helps:
> >
> > - This helps to influence the core processing logic
> >   for the encapsulated algorithm.
> > - This flag is set by the consumer after allocating
> >   the tfm and before calling the function crypto_xxx_setkey().
> >
> > Signed-off-by: Pankaj Gupta <pankaj.gupta@....com>
> > ---
> >  include/linux/crypto.h | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/include/linux/crypto.h b/include/linux/crypto.h index
> > 2324ab6f1846..b4fa83ca87bd 100644
> > --- a/include/linux/crypto.h
> > +++ b/include/linux/crypto.h
> > @@ -639,6 +639,8 @@ struct crypto_tfm {
> >
> >       u32 crt_flags;
> >
> > +     unsigned int is_hbk;
> > +
> 
> We already have plenty of drivers with hardware keys in the tree.
> Plesae explain why the current support is inadequate and you need to do
> this.
> 
Current support, does not permit the hardware to support both types of keys: HBK & Plain Key, at the same time.

This change is generic and permit any driver that supports both- HBK and plain-key, to differentiate and use the keys accordingly.

> Thanks,
> --
> Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo
> r.apana.org.au%2F~herbert%2F&amp;data=05%7C01%7Cpankaj.gupta%40nx
> p.com%7Cffd6105be88e4b82546c08da8fd33b6e%7C686ea1d3bc2b4c6fa92cd9
> 9c5c301635%7C0%7C0%7C637980434686220485%7CUnknown%7CTWFpbGZs
> b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
> 0%3D%7C3000%7C%7C%7C&amp;sdata=AErrjpwh%2FRZSCNDDbtH%2FWW
> %2B39J%2FrxPJwak2X2Fk%2BWBg%3D&amp;reserved=0
> PGP Key:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo
> r.apana.org.au%2F~herbert%2Fpubkey.txt&amp;data=05%7C01%7Cpankaj.g
> upta%40nxp.com%7Cffd6105be88e4b82546c08da8fd33b6e%7C686ea1d3bc2
> b4c6fa92cd99c5c301635%7C0%7C0%7C637980434686220485%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi
> LCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=%2F7axxa8nrYDiItrwcZi
> AfRTVc%2F25Ln5IgUzr%2F1uK%2FNk%3D&amp;reserved=0

Powered by blists - more mailing lists