lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150603122331.GA3542@jsakkine-mobl1>
Date:	Wed, 3 Jun 2015 15:23:31 +0300
From:	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
Cc:	peterhuewe@....de, safford@...ibm.com,
	Marcel Selhorst <tpmdd@...horst.net>,
	"moderated list:TPM DEVICE DRIVER" 
	<tpmdd-devel@...ts.sourceforge.net>,
	open list <linux-kernel@...r.kernel.org>,
	richard.l.maliszewski@...el.com
Subject: Re: [PATCH] tpm: introduce struct tpm_buf

On Tue, Jun 02, 2015 at 12:13:15PM -0600, Jason Gunthorpe wrote:
> On Tue, Jun 02, 2015 at 04:04:22PM +0300, Jarkko Sakkinen wrote:
> > +/* A string buffer type for constructing TPM commands. This is based on the
> > + * code in security/keys/trusted.h.
> > + */
> > +
> > +#define TPM_BUF_SIZE 512
> > +
> > +struct tpm_buf {
> > +	u8 data[TPM_BUF_SIZE];
> This should be u32 or u64 to guarentee correct alignment for the
> casting.

Good catch. The functions where this might cause trouble are *_length()
and *_tag().

In other places misalignment should not cause any regressions since data
is not directly assigned to the buffer with pointer casting.

I would prefer to fix by changing *_length() and *_tag() to copy the
value to a local variable and return that. It's a fail safe way and here
the performance is not an issue.

> > +};
> > +
> > +static inline void tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal)
> > +{
> > +	struct tpm_input_header *head;
> > +
> > +	head = (struct tpm_input_header *) buf->data;
> > +
> > +	head->tag = cpu_to_be16(tag);
> > +	head->length = cpu_to_be32(sizeof(*head));
> > +	head->ordinal = cpu_to_be32(ordinal);
> > +}
> > +
> > +static inline u32 tpm_buf_length(struct tpm_buf *buf)
> > +{
> > +	struct tpm_input_header *head = (struct tpm_input_header *) buf->data;
> > +
> > +	return be32_to_cpu(head->length);
> > +}
> > +
> > +static inline u16 tpm_buf_tag(struct tpm_buf *buf)
> > +{
> > +	return be16_to_cpu(*(__be16 *) &buf->data[0]);
> 
> be16_to_cpup ?

Thanks, I'll change this.

> Any thought on someday using this for tpm1 as well?

Yes, I think this could form the baseline so that the sealing code that
currently resides is security/keys/trusted.c could be eventually moved
to drivers/char/tpm.

I will be contributing API to include/linux/tpm.h that can be then
called by trusted keys. I will also contribute the implementation for
TPM 2.0 sealing but it is up to those who implemented TPM 1.x sealing
code to do the migration. I put all the enablers in place so that doing
that transition should be relatively painless.

I have PoC for TPM 2.0 trusted keys written in Python available here:

https://github.com/jsakkine/tpm2-scripts/blob/master/tpm2.py

(In kernel version the default hash algorithm should be probably SHA-256
as SHA-1 is not considered secure by NIST anymore)

Doing also all the TPM 1.x migration on top of this would make
oversubscribed.

> Jason

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ