From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85EBAC4338F for ; Tue, 10 Aug 2021 11:29:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5989860F56 for ; Tue, 10 Aug 2021 11:29:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240123AbhHJL3i convert rfc822-to-8bit (ORCPT ); Tue, 10 Aug 2021 07:29:38 -0400 Received: from mail-0201.mail-europe.com ([51.77.79.158]:40431 "EHLO mail-0201.mail-europe.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240110AbhHJL3h (ORCPT ); Tue, 10 Aug 2021 07:29:37 -0400 Date: Tue, 10 Aug 2021 11:28:25 +0000 Authentication-Results: mail-4316.protonmail.ch; dkim=none To: Ahmad Fatoum From: David Gstir Cc: Jarkko Sakkinen , =?utf-8?Q?Horia_Geant=C4=83?= , Mimi Zohar , Aymen Sghaier , Herbert Xu , "David S. Miller" , James Bottomley , Jan Luebbe , Udit Agarwal , Sumit Garg , Eric Biggers , Franck LENORMAND , Richard Weinberger , James Morris , linux-kernel@vger.kernel.org, David Howells , linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, kernel@pengutronix.de, linux-integrity@vger.kernel.org, Steffen Trumtrar , "Serge E. Hallyn" Reply-To: David Gstir Subject: Re: [PATCH 0/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Message-ID: <74737543-4A73-49F8-92F7-F7FFE64A00DB@sigma-star.at> In-Reply-To: <8321cac9-350b-1325-4b7e-390f4f292070@pengutronix.de> References: <20210809093519.er32rmspuvkrww45@kernel.org> <8321cac9-350b-1325-4b7e-390f4f292070@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Ahmad, > On 09.08.2021, at 12:16, Ahmad Fatoum wrote: [...] > If it interests you, I described[2] my CAAM+ubifs+fscrypt use case in the > discussion thread on my fscrypt-trusted-keys v1. Jan, a colleague of mine, held a > talk[3] on the different solutions for authenticated and encrypted storage, which > you may want to check out. > > I'd really appreciate feedback here on the the CAAM parts of this series, so this can > eventually go mainline. Since you mention the fscrypt trusted-keys use case: I noticed that the key length for trusted-keys is limited to 256 - 1024bit keys. fscrypt does however also support keys with e.g. 128bit keys (AES-128-CBC-ESSIV, AES-128-CTS-CBC). AFAIK, CAAM and TEE key blobs would also support key lengths outside the 256 - 1024bit range. Wouldn’t it make sense to align the supported key lengths? I.e. extend the range of supported key lengths for trusted keys. Or is there a specific reason why key lengths below 256bit are not supported by trusted-keys? Cheers, David