Darren J Moffat wrote:
> Dan McDonald wrote:
>> On Mon, Apr 30, 2007 at 05:23:32PM +0100, Darren J Moffat wrote:
>>> Can someone refresh my memory, do we have an API for creating keys
>>> in kernel ? Specifically I want to create a random AES key of a
>>> given length.
>>>
>>> I don't think we have this - but I need it!
>>
>> Closest thing is probably random_get{,_pseudo}_bytes(). Is that
>> sufficient?
>
> Indeed but I was hoping for something better, because we can do better
> for userland PKCS#11 applications who call C_GenerateKey().
>
> Specifically I was hoping to be able to create a sensitive session key
> on a given provider from with in the kernel. That sensitive session
> key would then be wrapped and stored in the ZFS pool.
>
> I'm trying to make sure that I can operate ZFS crypto in a mode where
> there is never a clear text encryption key in host memory. Doing that
> means I need to do key creation in the hardware provider too.
>
Could you not use crypto_object_create() for this task? See
sys/crypto/api.h.
-- Garrett
