Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-04-23 Thread Gilad Ben-Yossef
On Thu, Apr 19, 2018 at 6:35 AM, Herbert Xu wrote: > On Mon, Apr 09, 2018 at 11:42:31AM +0300, Gilad Ben-Yossef wrote: >> >> Please look again. The stub version of cc_is_hw_key() doing that is being >> replaced in this patch. > > The point is that the existing

Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-04-18 Thread Herbert Xu
On Mon, Apr 09, 2018 at 11:42:31AM +0300, Gilad Ben-Yossef wrote: > > Please look again. The stub version of cc_is_hw_key() doing that is being > replaced in this patch. The point is that the existing mechanism was unused before and this is new code. So you can't really point to the stubbed-out

Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-04-09 Thread Harald Freudenberger
On 04/03/2018 12:19 PM, Herbert Xu wrote: > On Sat, Mar 31, 2018 at 08:30:46PM +0300, Gilad Ben-Yossef wrote: >> However, as it uses the exact same mechanism of the regular xts-aes-ccree >> but takes the key from another source, I've marked it with a test of >> alg_test_null() on the premise that

Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-04-09 Thread Gilad Ben-Yossef
On Tue, Apr 3, 2018 at 3:22 PM, Milan Broz wrote: > On 03/31/2018 07:30 PM, Gilad Ben-Yossef wrote: > ... >>> Are there other crypto drivers doing this? >> >> I thought the exact same thing until I ran into a presentation about the s390 >> secure keys implementation. I

Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-04-09 Thread Gilad Ben-Yossef
On Tue, Apr 3, 2018 at 1:19 PM, Herbert Xu wrote: > On Sat, Mar 31, 2018 at 08:30:46PM +0300, Gilad Ben-Yossef wrote: >> >> However, as it uses the exact same mechanism of the regular xts-aes-ccree >> but takes the key from another source, I've marked it with a test

Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-04-03 Thread Milan Broz
On 03/31/2018 07:30 PM, Gilad Ben-Yossef wrote: ... >> Are there other crypto drivers doing this? > > I thought the exact same thing until I ran into a presentation about the s390 > secure keys implementation. I basically imitated their use (or abuse?) > of the Crypto API > assuming it is the way

Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-04-03 Thread Herbert Xu
On Sat, Mar 31, 2018 at 08:30:46PM +0300, Gilad Ben-Yossef wrote: > > However, as it uses the exact same mechanism of the regular xts-aes-ccree > but takes the key from another source, I've marked it with a test of > alg_test_null() on the premise that if the xts-aes-ccree works, so must this.

Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-03-31 Thread Gilad Ben-Yossef
On Fri, Mar 30, 2018 at 8:26 PM, Herbert Xu wrote: > On Mon, Mar 26, 2018 at 08:32:19AM +0100, Gilad Ben-Yossef wrote: >> Enable CryptoCell support for hardware keys. >> >> Hardware keys are regular AES keys loaded into CryptoCell internal memory >> via firmware,

Re: [PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-03-30 Thread Herbert Xu
On Mon, Mar 26, 2018 at 08:32:19AM +0100, Gilad Ben-Yossef wrote: > Enable CryptoCell support for hardware keys. > > Hardware keys are regular AES keys loaded into CryptoCell internal memory > via firmware, often from secure boot ROM or hardware fuses at boot time. > > As such, they can be used

[PATCH 2/2] crypto: ccree: enable support for hardware keys

2018-03-26 Thread Gilad Ben-Yossef
Enable CryptoCell support for hardware keys. Hardware keys are regular AES keys loaded into CryptoCell internal memory via firmware, often from secure boot ROM or hardware fuses at boot time. As such, they can be used for enc/dec purposes like any other key but cannot (read: extremely hard to)