Re: [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random()

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

From: "Nícolas F. R. A. Prado" <nfraprado@collabora.com>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	linux-integrity@vger.kernel.org,
	Jarkko Sakkinen <jarkko@kernel.org>,
	keyrings@vger.kernel.org, regressions@lists.linux.dev,
	kernel@collabora.com
Subject: Re: [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random()
Date: Fri, 17 May 2024 12:22:47 -0400	[thread overview]
Message-ID: <dfb0d930-7cbe-46c5-be19-d132b4906ecf@notapiano> (raw)
In-Reply-To: <66ec985f3ee229135bf748f1b0874d5367a74d7f.camel@HansenPartnership.com>

On Fri, May 17, 2024 at 07:25:40AM -0700, James Bottomley wrote:
> On Fri, 2024-05-17 at 15:43 +0200, Ard Biesheuvel wrote:
> > On Fri, 17 May 2024 at 15:35, James Bottomley
> > <James.Bottomley@hansenpartnership.com> wrote:
> [...]
> > > Thanks for the analysis.  If I look at how CRYPTO_ECC does it, that
> > > selects CRYPTO_RNG_DEFAULT which pulls in CRYPTO_DRBG, so the fix
> > > would be the attached.  Does that look right to you Ard?
> > 
> > No it doesn't - it's CRYPTO_RNG_DEFAULT not CRYTPO_RNG_DEFAULT :-)
> > 
> > With that fixed,
> > 
> > Acked-by: Ard Biesheuvel <ardb@kernel.org>
> 
> Erm, oops, sorry about that; so attached is the update.
> 
> James
> 
> ---8>8>8><8<8<8---
> 
> From 2ac337a33e6416ef806e2c692b9239d193e8468f Mon Sep 17 00:00:00 2001
> From: James Bottomley <James.Bottomley@HansenPartnership.com>
> Date: Fri, 17 May 2024 06:29:31 -0700
> Subject: [PATCH] tpm: Fix sessions cryptography requirement for Random Numbers
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
> 
> The ECDH code in tpm2-sessions.c requires an initial random number
> generator to generate the key pair.  If the configuration doesn't have
> CONFIG_RNG_DEFAULT, it will try to pull this in as a module (which is
> impossible for the early kernel boot where the TPM starts).  Fix this
> by selecting the required RNG.
> 
> Reported-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
> Fixes: 1b6d7f9eb150 ("tpm: add session encryption protection to tpm2_get_random()")
> Acked-by: Ard Biesheuvel <ardb@kernel.org>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> ---
>  drivers/char/tpm/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
> index 4f83ee7021d0..ecdd3db4be2b 100644
> --- a/drivers/char/tpm/Kconfig
> +++ b/drivers/char/tpm/Kconfig
> @@ -31,6 +31,7 @@ config TCG_TPM2_HMAC
>  	bool "Use HMAC and encrypted transactions on the TPM bus"
>  	default y
>  	select CRYPTO_ECDH
> +	select CRYPTO_RNG_DEFAULT
>  	select CRYPTO_LIB_AESCFB
>  	select CRYPTO_LIB_SHA256
>  	help
> -- 
> 2.35.3
> 
> 

Hi James,

thanks for the patch. But I actually already had that config enabled builtin. I
also had ECDH and DRBG which have been suggested previously:

	CONFIG_CRYPTO_RNG_DEFAULT=y

	CONFIG_CRYPTO_DRBG_MENU=y
	CONFIG_CRYPTO_DRBG_HMAC=y
	# CONFIG_CRYPTO_DRBG_HASH is not set
	# CONFIG_CRYPTO_DRBG_CTR is not set
	CONFIG_CRYPTO_DRBG=y

	CONFIG_CRYPTO_ECDH=y

I've pasted my full config here: http://0x0.st/XPN_.txt

Adding a debug print I see that the module that the code tries to load is
"crypto-hmac(sha512)". I would have expected to see 

	MODULE_ALIAS_CRYPTO("hmac(sha512)");

in crypto/drbg.c, but I don't see it anywhere in the tree. Maybe it is missing?

Thanks,
Nícolas

next prev parent reply	other threads:[~2024-05-17 16:22 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20240429202811.13643-1-James.Bottomley@HansenPartnership.com>
     [not found] ` <20240429202811.13643-19-James.Bottomley@HansenPartnership.com>
     [not found]   ` <119dc5ed-f159-41be-9dda-1a056f29888d@notapiano>
     [not found]     ` <0f68c283ff4bbb89b8a019d47891f798c6fff287.camel@HansenPartnership.com>
2024-05-17  7:20       ` [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random() Ard Biesheuvel
2024-05-17  8:26         ` Jarkko Sakkinen
2024-05-17 13:35         ` James Bottomley
2024-05-17 13:43           ` Ard Biesheuvel
2024-05-17 14:25             ` James Bottomley
2024-05-17 16:22               ` Nícolas F. R. A. Prado [this message]
2024-05-17 16:48                 ` Jarkko Sakkinen
2024-05-18  4:31                   ` Eric Biggers
2024-05-18  7:03                     ` [PATCH] crypto: api - Do not load modules until algapi is ready Herbert Xu
2024-05-18 11:04                       ` Jarkko Sakkinen
2024-05-18 12:32                         ` Herbert Xu
2024-05-18 13:03                           ` Jarkko Sakkinen
2024-05-18 13:07                           ` James Bottomley
2024-05-19  4:19                             ` Herbert Xu
2024-05-20 15:49                       ` Nícolas F. R. A. Prado
2024-05-21  2:53                         ` [v2 PATCH] crypto: api - Do not load modules if called by async probing Herbert Xu
2024-05-21 19:37                           ` Nícolas F. R. A. Prado
2024-05-22  5:37                             ` [v3 PATCH] hwrng: core - Remove add_early_randomness Herbert Xu
2024-05-22 11:51                               ` Jarkko Sakkinen
2024-05-23  4:50                                 ` Herbert Xu
2024-05-22 19:19                               ` Nícolas F. R. A. Prado
2024-05-22 22:53                               ` Linus Torvalds
2024-05-23  4:49                                 ` Herbert Xu
2024-05-23  9:53                                   ` Jarkko Sakkinen
2024-05-23  9:58                                     ` Herbert Xu
2024-05-23 10:07                                       ` Jarkko Sakkinen
2024-05-23 10:02                                     ` Jarkko Sakkinen
2024-05-23 10:40                                   ` Torsten Duwe
2024-05-18 10:56                     ` [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random() Jarkko Sakkinen
2024-05-18 12:31                       ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=dfb0d930-7cbe-46c5-be19-d132b4906ecf@notapiano \
    --to=nfraprado@collabora.com \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=ardb@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko@kernel.org \
    --cc=kernel@collabora.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=regressions@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox