Am Sonntag, 13. August 2017, 10:52:00 CEST schrieb Gilad Ben-Yossef: Hi Gilad, > While I don't have anything to contribute to the choice between > keyctl() vs ALG_IF as interfaces for asymmetric cryptography, I would > like to point out that there is both interest and HW support for > private symmetric key operations as well, for example for storage > encryption via DM-Crypt and fscrypt, so I do hope (and will work on) > adding some sort of HW key support the crypto API, community > acceptance withstanding of course. > > So I hope we won't treat the idea of crypto API lack of support for HW > keys as a long standing immutable argument. See the patch set that was offered by Tudor regarding the in-kernel or in- hardware generation of the ECDH private keys. There is nothing that prevents us having such API for akcipher. In fact, it would even be more or less a copy-n-paste job. Exporting that logic to user space could be done as follows: - keyctl API is used to trigger the key generation process and to obtain a handle - AF_ALG to perform the asym operation where the key handle from keyctl is handed into the kernel. I am aware that this link between AF_ALG and keyctl is yet missing. But it on my desk and I am willing to integrate it. The integration should even not be specific to algif_akcipher, but to all cipher types. Ciao Stephan
