From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757686AbbJ2Tid (ORCPT ); Thu, 29 Oct 2015 15:38:33 -0400 Received: from e23smtp05.au.ibm.com ([202.81.31.147]:58199 "EHLO e23smtp05.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757177AbbJ2Tia (ORCPT ); Thu, 29 Oct 2015 15:38:30 -0400 X-IBM-Helo: d23dlp02.au.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: keyrings@vger.kernel.org;linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org Message-ID: <1446147440.13911.5.camel@linux.vnet.ibm.com> Subject: Re: [PATCH v1 3/4] keys, trusted: select the hash algorithm From: Mimi Zohar To: Jarkko Sakkinen Cc: Peter Huewe , Marcel Selhorst , David Howells , tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, chris.j.arges@canonical.com, seth.forshee@canonical.com, colin.king@canonical.com, josh@joshtriplett.org, David Safford , James Morris , "Serge E. Hallyn" Date: Thu, 29 Oct 2015 15:37:20 -0400 In-Reply-To: <1446134370-11460-4-git-send-email-jarkko.sakkinen@linux.intel.com> References: <1446134370-11460-1-git-send-email-jarkko.sakkinen@linux.intel.com> <1446134370-11460-4-git-send-email-jarkko.sakkinen@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15102919-0017-0000-0000-00000221481E Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2015-10-29 at 17:59 +0200, Jarkko Sakkinen wrote: > Added 'hash=' option for selecting the hash algorithm for add_key() > syscall. > > Signed-off-by: Jarkko Sakkinen > --- > security/keys/trusted.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > > diff --git a/security/keys/trusted.c b/security/keys/trusted.c > index d3633cf..7a87bcd 100644 > --- a/security/keys/trusted.c > +++ b/security/keys/trusted.c > @@ -11,6 +11,7 @@ > * See Documentation/security/keys-trusted-encrypted.txt > */ > > +#include This introduces a Kconfig dependency on CRYPTO_HASH_INFO. Mimi > #include > #include > #include > @@ -710,7 +711,8 @@ enum { > Opt_err = -1, > Opt_new, Opt_load, Opt_update, > Opt_keyhandle, Opt_keyauth, Opt_blobauth, > - Opt_pcrinfo, Opt_pcrlock, Opt_migratable > + Opt_pcrinfo, Opt_pcrlock, Opt_migratable, > + Opt_hash, > }; > > static const match_table_t key_tokens = { > @@ -723,6 +725,7 @@ static const match_table_t key_tokens = { > {Opt_pcrinfo, "pcrinfo=%s"}, > {Opt_pcrlock, "pcrlock=%s"}, > {Opt_migratable, "migratable=%s"}, > + {Opt_hash, "hash=%s"}, > {Opt_err, NULL} > }; > > @@ -736,6 +739,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay, > int res; > unsigned long handle; > unsigned long lock; > + int i; > > while ((p = strsep(&c, " \t"))) { > if (*p == '\0' || *p == ' ' || *p == '\t') > @@ -787,6 +791,20 @@ static int getoptions(char *c, struct trusted_key_payload *pay, > return -EINVAL; > opt->pcrlock = lock; > break; > + case Opt_hash: > + for (i = 0; i < HASH_ALGO__LAST; i++) { > + if (!strcmp(args[0].from, hash_algo_name[i])) { > + opt->hash = i; > + break; > + } > + } > + res = tpm_is_tpm2(TPM_ANY_NUM); > + if (res < 0) > + return res; > + if (i == HASH_ALGO__LAST || > + (!res && i != HASH_ALGO_SHA1)) > + return -EINVAL; > + break; > default: > return -EINVAL; > }