linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: David Gstir <david@sigma-star.at>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc: "Jarkko Sakkinen" <jarkko@kernel.org>,
	"Horia Geantă" <horia.geanta@nxp.com>,
	"Mimi Zohar" <zohar@linux.ibm.com>,
	"Aymen Sghaier" <aymen.sghaier@nxp.com>,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"James Bottomley" <jejb@linux.ibm.com>,
	"Jan Luebbe" <j.luebbe@pengutronix.de>,
	"Udit Agarwal" <udit.agarwal@nxp.com>,
	"Sumit Garg" <sumit.garg@linaro.org>,
	"Eric Biggers" <ebiggers@kernel.org>,
	"Franck LENORMAND" <franck.lenormand@nxp.com>,
	"Richard Weinberger" <richard@nod.at>,
	"James Morris" <jmorris@namei.org>,
	linux-kernel@vger.kernel.org,
	"David Howells" <dhowells@redhat.com>,
	linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
	linux-crypto@vger.kernel.org, kernel@pengutronix.de,
	linux-integrity@vger.kernel.org,
	"Steffen Trumtrar" <s.trumtrar@pengutronix.de>,
	"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH 0/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Date: Tue, 10 Aug 2021 11:28:25 +0000	[thread overview]
Message-ID: <74737543-4A73-49F8-92F7-F7FFE64A00DB@sigma-star.at> (raw)
In-Reply-To: <8321cac9-350b-1325-4b7e-390f4f292070@pengutronix.de>

Hi Ahmad,

> On 09.08.2021, at 12:16, Ahmad Fatoum <a.fatoum@pengutronix.de> wrote:

[...]

> If it interests you, I described[2] my CAAM+ubifs+fscrypt use case in the
> discussion thread on my fscrypt-trusted-keys v1. Jan, a colleague of mine, held a
> talk[3] on the different solutions for authenticated and encrypted storage, which
> you may want to check out.
>
> I'd really appreciate feedback here on the the CAAM parts of this series, so this can
> eventually go mainline.

Since you mention the fscrypt trusted-keys use case:

I noticed that the key length for trusted-keys is limited to
256 - 1024bit keys. fscrypt does however also support keys
with e.g. 128bit keys (AES-128-CBC-ESSIV, AES-128-CTS-CBC).
AFAIK, CAAM and TEE key blobs would also support key lengths outside the 256 - 1024bit range.

Wouldn’t it make sense to align the supported key lengths?
I.e. extend the range of supported key lengths for trusted keys.
Or is there a specific reason why key lengths below 256bit are
not supported by trusted-keys?

Cheers,
David



  reply	other threads:[~2021-08-10 11:29 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-21 16:48 Ahmad Fatoum
2021-07-21 16:48 ` [PATCH 1/4] KEYS: trusted: allow users to use kernel RNG for key material Ahmad Fatoum
2021-07-22  6:17   ` Sumit Garg
2021-07-21 16:48 ` [PATCH 2/4] KEYS: trusted: allow trust sources " Ahmad Fatoum
2021-07-22  6:31   ` Sumit Garg
2021-08-09  7:52     ` Ahmad Fatoum
2021-08-09  9:56       ` Jarkko Sakkinen
2021-08-10  5:24         ` Sumit Garg
2021-07-21 16:48 ` [PATCH 3/4] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2021-08-10 11:29   ` David Gstir
2021-08-11 10:22     ` Ahmad Fatoum
2021-08-11 10:43       ` David Gstir
2021-07-21 16:48 ` [PATCH 4/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-08-06 15:12 ` [PATCH 0/4] " Ahmad Fatoum
2021-08-09  9:35   ` Jarkko Sakkinen
2021-08-09 10:16     ` Ahmad Fatoum
2021-08-10 11:28       ` David Gstir [this message]
2021-08-20 16:25         ` Ahmad Fatoum
2021-08-20 15:39 ` Tim Harvey
2021-08-20 16:19   ` Ahmad Fatoum
2021-08-20 20:20     ` Tim Harvey
2021-08-20 20:36       ` Ahmad Fatoum
2021-08-20 21:19         ` Tim Harvey
2021-08-23 13:29           ` Ahmad Fatoum
2021-08-23 17:50             ` Tim Harvey
2021-08-24  7:33               ` Ahmad Fatoum
2021-08-24 15:23                 ` Tim Harvey
2021-08-25  9:34                   ` Ahmad Fatoum

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=74737543-4A73-49F8-92F7-F7FFE64A00DB@sigma-star.at \
    --to=david@sigma-star.at \
    --cc=a.fatoum@pengutronix.de \
    --cc=aymen.sghaier@nxp.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=franck.lenormand@nxp.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=j.luebbe@pengutronix.de \
    --cc=jarkko@kernel.org \
    --cc=jejb@linux.ibm.com \
    --cc=jmorris@namei.org \
    --cc=kernel@pengutronix.de \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=richard@nod.at \
    --cc=s.trumtrar@pengutronix.de \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=udit.agarwal@nxp.com \
    --cc=zohar@linux.ibm.com \
    --subject='Re: [PATCH 0/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).