From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=f8G7=4O=vger.kernel.org=linux-integrity-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,
	USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3F2B6C4BA12
	for <linux-integrity@archiver.kernel.org>; Wed, 26 Feb 2020 15:15:18 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 1AA342467D
	for <linux-integrity@archiver.kernel.org>; Wed, 26 Feb 2020 15:15:18 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727265AbgBZPPR (ORCPT
        <rfc822;linux-integrity@archiver.kernel.org>);
        Wed, 26 Feb 2020 10:15:17 -0500
Received: from mga01.intel.com ([192.55.52.88]:20755 "EHLO mga01.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726148AbgBZPPR (ORCPT <rfc822;linux-integrity@vger.kernel.org>);
        Wed, 26 Feb 2020 10:15:17 -0500
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Feb 2020 07:15:16 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,488,1574150400"; 
   d="scan'208";a="384831657"
Received: from avgorshk-mobl.ccr.corp.intel.com (HELO localhost) ([10.252.15.208])
  by orsmga004.jf.intel.com with ESMTP; 26 Feb 2020 07:15:13 -0800
Date:   Wed, 26 Feb 2020 17:15:12 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To:     James Bottomley <James.Bottomley@HansenPartnership.com>
Cc:     linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
        David Woodhouse <dwmw2@infradead.org>, keyrings@vger.kernel.org
Subject: Re: [PATCH v5 3/6] security: keys: trusted fix tpm2 authorizations
Message-ID: <20200226151512.GF3407@linux.intel.com>
References: <20200130101812.6271-1-James.Bottomley@HansenPartnership.com>
 <20200130101812.6271-4-James.Bottomley@HansenPartnership.com>
 <20200225164850.GB15662@linux.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200225164850.GB15662@linux.intel.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org

On Tue, Feb 25, 2020 at 06:48:50PM +0200, Jarkko Sakkinen wrote:
> On Thu, Jan 30, 2020 at 11:18:09AM +0100, James Bottomley wrote:
> > In TPM 1.2 an authorization was a 20 byte number.  The spec actually
> > recommended you to hash variable length passwords and use the sha1
> > hash as the authorization.  Because the spec doesn't require this
> > hashing, the current authorization for trusted keys is a 40 digit hex
> > number.  For TPM 2.0 the spec allows the passing in of variable length
> > passwords and passphrases directly, so we should allow that in trusted
> > keys for ease of use.  Update the 'blobauth' parameter to take this
> > into account, so we can now use plain text passwords for the keys.
> > 
> > so before
> > 
> > keyctl add trusted kmk "new 32 blobauth=f572d396fae9206628714fb2ce00f72e94f2258f"
> > 
> > after we will accept both the old hex sha1 form as well as a new
> > directly supplied password:
> > 
> > keyctl add trusted kmk "new 32 blobauth=hello keyhandle=81000001"
> > 
> > Since a sha1 hex code must be exactly 40 bytes long and a direct
> > password must be 20 or less, we use the length as the discriminator
> > for which form is input.
> > 
> > Note this is both and enhancement and a potential bug fix.  The TPM
> > 2.0 spec requires us to strip leading zeros, meaning empyty
> > authorization is a zero length HMAC whereas we're currently passing in
> > 20 bytes of zeros.  A lot of TPMs simply accept this as OK, but the
> > Microsoft TPM emulator rejects it with TPM_RC_BAD_AUTH, so this patch
> > makes the Microsoft TPM emulator work with trusted keys.
> > 
> > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> 
> Should have a fixes tag.
> 
> > ---
> >  include/keys/trusted-type.h               |  1 +
> >  security/keys/trusted-keys/trusted_tpm1.c | 26 +++++++++++++++++++++-----
> >  security/keys/trusted-keys/trusted_tpm2.c | 10 ++++++----
> >  3 files changed, 28 insertions(+), 9 deletions(-)
> > 
> > diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
> > index a94c03a61d8f..b2ed3481c6a0 100644
> > --- a/include/keys/trusted-type.h
> > +++ b/include/keys/trusted-type.h
> > @@ -30,6 +30,7 @@ struct trusted_key_options {
> >  	uint16_t keytype;
> >  	uint32_t keyhandle;
> >  	unsigned char keyauth[TPM_DIGEST_SIZE];
> > +	uint32_t blobauth_len;
> >  	unsigned char blobauth[TPM_DIGEST_SIZE];
> >  	uint32_t pcrinfo_len;
> >  	unsigned char pcrinfo[MAX_PCRINFO_SIZE];
> > diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
> > index d2c5ec1e040b..3f33d3f74d3c 100644
> > --- a/security/keys/trusted-keys/trusted_tpm1.c
> > +++ b/security/keys/trusted-keys/trusted_tpm1.c
> > @@ -781,12 +781,28 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> >  				return -EINVAL;
> >  			break;
> >  		case Opt_blobauth:
> > -			if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
> > -				return -EINVAL;
> > -			res = hex2bin(opt->blobauth, args[0].from,
> > -				      SHA1_DIGEST_SIZE);
> > -			if (res < 0)
> > +			/*
> > +			 * TPM 1.2 authorizations are sha1 hashes
> > +			 * passed in as hex strings.  TPM 2.0
> > +			 * authorizations are simple passwords
> > +			 * (although it can take a hash as well)
> 
> Justify to the 80 character line length.
> 
> > +			 */
> > +			opt->blobauth_len = strlen(args[0].from);
> > +			if (opt->blobauth_len == 2 * TPM_DIGEST_SIZE) {
> > +				res = hex2bin(opt->blobauth, args[0].from,
> > +					      TPM_DIGEST_SIZE);
> > +				if (res < 0)
> > +					return -EINVAL;
> > +
> > +				opt->blobauth_len = TPM_DIGEST_SIZE;
> > +			} else if (tpm2 &&
> > +				   opt->blobauth_len <= sizeof(opt->blobauth)) {
> > +				memcpy(opt->blobauth, args[0].from,
> > +				       opt->blobauth_len);
> > +			} else {
> >  				return -EINVAL;
> > +			}
> 
> This starts to be unnecessarily complicated.
> 
> This is what I would suggest:
> 
> opt->blobauth_len = strlen(args[0].from);
> if (opt->blobauth_len == 2 * TPM_DIGEST_SIZE) {
> 	res = hex2bin(opt->blobauth, args[0].from,
> 		      TPM_DIGEST_SIZE);
> 	if (res < 0)
> 		return -EINVAL;
> 
> 	opt->blobauth_len = TPM_DIGEST_SIZE;
> 	return 0;
> }
> 
> if (tpm2 && opt->blobauth_len <= sizeof(opt->blobauth)) {
> 	memcpy(opt->blobauth, args[0].from,
> 	       opt->blobauth_len);
> 	return 0;
> }
> 
> return -EINVAL;
> 
> Easier to see quickly "when happens what".
> 
> /Jarkko

And in short summary "TPM2" instead of tpm2.

/Jarkko