public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed
From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Eric Biggers" <ebiggers@kernel.org>
Cc: "Nícolas F. R. A. Prado" <nfraprado@collabora.com>,
	"James Bottomley" <James.Bottomley@hansenpartnership.com>,
	"Ard Biesheuvel" <ardb@kernel.org>,
	"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
	regressions@lists.linux.dev, kernel@collabora.com
Subject: Re: [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random()
Date: Sat, 18 May 2024 13:56:44 +0300	[thread overview]
Message-ID: <D1CPSP3UHQPK.1LOE5IQ6IMHYP@kernel.org> (raw)
In-Reply-To: <20240518043115.GA53815@sol.localdomain>

On Sat May 18, 2024 at 7:31 AM EEST, Eric Biggers wrote:
> This is "normal" behavior when the crypto API instantiates a template:
>
>     1. drbg.c asks for "hmac(sha512)"
>
>     2. The crypto API looks for a direct implementation of "hmac(sha512)".
>        This includes requesting a module with alias "crypto-hmac(sha512)".
>
>     3. If none is found, the "hmac" template is instantiated instead.
>
> There are two possible fixes for the bug.  Either fix ecc_gen_privkey() to just
> use get_random_bytes() instead of the weird crypto API RNG, or make
> drbg_init_hash_kernel() pass the CRYPTO_NOLOAD flag to crypto_alloc_shash().
>
> Or if the TPM driver could be changed to not need to generate an ECC private key
> at probe time, that would also avoid this problem.

Issues:

- IMA extends PCR's. This requires encrypted communications path.
- HWRNG uses auth session (see tpm2_get_radom()).
- TPM trusted keys

Null key is required before any other legit use in initialization.

Even something like 

--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -36,6 +36,8 @@ config TCG_TPM2_HMAC
        bool "Use HMAC and encrypted transactions on the TPM bus"
        default y
+       select CRYPTO_DRBG
        select CRYPTO_ECDH
+       select CRYPTO_HMAC
+       select CRYPTO_SHA512
        select CRYPTO_LIB_AESCFB
        select CRYPTO_LIB_SHA256
        help

would be more decent.

>
> - Eric

BR, Jarkko

  parent reply	other threads:[~2024-05-18 10:56 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20240429202811.13643-1-James.Bottomley@HansenPartnership.com>
     [not found] ` <20240429202811.13643-19-James.Bottomley@HansenPartnership.com>
     [not found]   ` <119dc5ed-f159-41be-9dda-1a056f29888d@notapiano>
     [not found]     ` <0f68c283ff4bbb89b8a019d47891f798c6fff287.camel@HansenPartnership.com>
2024-05-17  7:20       ` [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random() Ard Biesheuvel
2024-05-17  8:26         ` Jarkko Sakkinen
2024-05-17 13:35         ` James Bottomley
2024-05-17 13:43           ` Ard Biesheuvel
2024-05-17 14:25             ` James Bottomley
2024-05-17 16:22               ` Nícolas F. R. A. Prado
2024-05-17 16:48                 ` Jarkko Sakkinen
2024-05-18  4:31                   ` Eric Biggers
2024-05-18  7:03                     ` [PATCH] crypto: api - Do not load modules until algapi is ready Herbert Xu
2024-05-18 11:04                       ` Jarkko Sakkinen
2024-05-18 12:32                         ` Herbert Xu
2024-05-18 13:03                           ` Jarkko Sakkinen
2024-05-18 13:07                           ` James Bottomley
2024-05-19  4:19                             ` Herbert Xu
2024-05-20 15:49                       ` Nícolas F. R. A. Prado
2024-05-21  2:53                         ` [v2 PATCH] crypto: api - Do not load modules if called by async probing Herbert Xu
2024-05-21 19:37                           ` Nícolas F. R. A. Prado
2024-05-22  5:37                             ` [v3 PATCH] hwrng: core - Remove add_early_randomness Herbert Xu
2024-05-22 11:51                               ` Jarkko Sakkinen
2024-05-23  4:50                                 ` Herbert Xu
2024-05-22 19:19                               ` Nícolas F. R. A. Prado
2024-05-22 22:53                               ` Linus Torvalds
2024-05-23  4:49                                 ` Herbert Xu
2024-05-23  9:53                                   ` Jarkko Sakkinen
2024-05-23  9:58                                     ` Herbert Xu
2024-05-23 10:07                                       ` Jarkko Sakkinen
2024-05-23 10:02                                     ` Jarkko Sakkinen
2024-05-23 10:40                                   ` Torsten Duwe
2024-05-18 10:56                     ` Jarkko Sakkinen [this message]
2024-05-18 12:31                       ` [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random() Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D1CPSP3UHQPK.1LOE5IQ6IMHYP@kernel.org \
    --to=jarkko@kernel.org \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=ardb@kernel.org \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=kernel@collabora.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=nfraprado@collabora.com \
    --cc=regressions@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox