Re: Crypto driver -DCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, June 04, 2015 at 05:24:00 AM, Herbert Xu wrote:
> On Wed, Jun 03, 2015 at 03:02:13PM -0500, Jay Monkman wrote:
> > That would be one use, but a more likely use would be to prevent
> > access to the keys. A system could write keys to the key slots in
> > the bootloader or in a TrustZone secure world. Then those keys could
> > be used for crypto operations in Linux without ever exposing them.
> > Key slots can be written to, but cannot be read from.
> > 
> > Even with keys stored in key slots, other keys may be used. For
> > 
> > example, someone could do:
> >     operation w/ key in slot 1
> >     operation w/ key provided in descriptor
> >     operation w/ key in slot 1
> > 
> > I don't think an LRU scheme would allow something like that.
> 
> In that case I would suggest using setkey with a length other
> than that of a valid AES key.  For example, you could use a one-
> byte value to select the key slot.

Is this really a valid way to go about crypto -- introduce all kinds
of obscure nuances into the API which are driver specific at best ?

Best regards,
Marek Vasut
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux