lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20151103161217.GA13757@intel.com>
Date:	Tue, 3 Nov 2015 18:12:17 +0200
From:	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	Peter Huewe <peterhuewe@....de>,
	Marcel Selhorst <tpmdd@...horst.net>,
	David Howells <dhowells@...hat.com>,
	tpmdd-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
	chris.j.arges@...onical.com, seth.forshee@...onical.com,
	colin.king@...onical.com, josh@...htriplett.org,
	David Safford <safford@...ibm.com>,
	Jonathan Corbet <corbet@....net>,
	James Morris <james.l.morris@...cle.com>,
	"Serge E. Hallyn" <serge@...lyn.com>,
	"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>
Subject: Re: [PATCH v2 1/3] keys, trusted: select the hash algorithm

On Tue, Nov 03, 2015 at 10:39:11AM -0500, Mimi Zohar wrote:
> On Tue, 2015-11-03 at 09:39 +0200, Jarkko Sakkinen wrote:
> > On Mon, Nov 02, 2015 at 07:16:49AM -0500, Mimi Zohar wrote:
> > > On Fri, 2015-10-30 at 13:35 +0200, Jarkko Sakkinen wrote:
> > > 
> > > > @@ -787,6 +791,20 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> > > >  				return -EINVAL;
> > > >  			opt->pcrlock = lock;
> > > >  			break;
> > > > +		case Opt_hash:
> > > > +			for (i = 0; i < HASH_ALGO__LAST; i++) {
> > > > +				if (!strcmp(args[0].from, hash_algo_name[i])) {
> > > > +					opt->hash = i;
> > > > +					break;
> > > > +				}
> > > > +			}
> > > > +			res = tpm_is_tpm2(TPM_ANY_NUM);
> > > 
> > > While looking at this, I wanted to verify that chips are still added to
> > > the tail of the tpm_chip_list.  Unfortunately, commit "afb5abc tpm:
> > > two-phase chip management functions" reverted David Howell's commit
> > > "770ab65 TPM: Add new TPMs to the tail of the list to prevent
> > > inadvertent change of dev".
> > > 
> > > > +			if (res < 0)
> > > > +				return res;
> > > > +			if (i == HASH_ALGO__LAST ||
> > > > +			    (!res && i != HASH_ALGO_SHA1))
> > > > +				return -EINVAL;
> > > > +			break;
> > > 
> > > If the first TPM registered is a TPM 1.2, then changing the default TPM
> > > 2.0 hash algorithm will fail.
> > 
> > Now that we are going fix this issue in 4.3 and 4.4 do you find this
> > patch otherwise acceptable?
> > 
> > PS. In other options that we don't support in TPM2 I'm planning to
> > submit a fix that they will return -EINVAL (like pcrinfo).
> 
> I don't have a problem failing the request, but I do suggest adding some
> sort of error message.  Different systems might behavior differently
> without any explanation.

Something like the pr_info("trusted_key: TPM 1.x supports only sha1")?

> Mimi

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ