Hello David, On 10.08.21 13:28, David Gstir wrote: > Hi Ahmad, > >> On 09.08.2021, at 12:16, Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> wrote: > > [...] > >> If it interests you, I described[2] my CAAM+ubifs+fscrypt use case in the >> discussion thread on my fscrypt-trusted-keys v1. Jan, a colleague of mine, held a >> talk[3] on the different solutions for authenticated and encrypted storage, which >> you may want to check out. >> >> I'd really appreciate feedback here on the the CAAM parts of this series, so this can >> eventually go mainline. > > Since you mention the fscrypt trusted-keys use case: > > I noticed that the key length for trusted-keys is limited to > 256 - 1024bit keys. fscrypt does however also support keys > with e.g. 128bit keys (AES-128-CBC-ESSIV, AES-128-CTS-CBC). > AFAIK, CAAM and TEE key blobs would also support key lengths outside the 256 - 1024bit range. > > Wouldn’t it make sense to align the supported key lengths? > I.e. extend the range of supported key lengths for trusted keys. > Or is there a specific reason why key lengths below 256bit are > not supported by trusted-keys? No idea. I would suggest staying clear about arguing in its favor though until CAAM and DCP are merged. My parallel fscrypt endeavors seem to have only diverted maintainer attention. ;-) Cheers, Ahmad > > Cheers, > David > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
