Re: Crypto driver -DCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 03, 2015 at 03:02:13PM -0500, Jay Monkman wrote:
>
> That would be one use, but a more likely use would be to prevent
> access to the keys. A system could write keys to the key slots in
> the bootloader or in a TrustZone secure world. Then those keys could
> be used for crypto operations in Linux without ever exposing them.
> Key slots can be written to, but cannot be read from.
> 
> Even with keys stored in key slots, other keys may be used. For
> example, someone could do:
>     operation w/ key in slot 1
>     operation w/ key provided in descriptor
>     operation w/ key in slot 1
> 
> I don't think an LRU scheme would allow something like that.

In that case I would suggest using setkey with a length other
than that of a valid AES key.  For example, you could use a one-
byte value to select the key slot.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux