| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Mar 2019 17:46:12 +0300
From: Vitaly Chikunov <vt@...linux.org>
To: Herbert Xu <herbert@...dor.apana.org.au>,
David Howells <dhowells@...hat.com>,
Denis Kenzior <denkenz@...il.com>, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] KEYS: asym_tpm: move setting set_pub_key parameters into derive_pub_key
The only reason for derive_pub_key() is to take a TPM-blob formatted
public key and convert it to ASN.1 format understood by
crypto_akcipher_set_pub_key. Because we are changing set_pub_key input
format (adding key parameters) - update that function to generate proper
zero values instead of generating them each time after the call.
Suggested-by: Denis Kenzior <denkenz@...il.com>
Signed-off-by: Vitaly Chikunov <vt@...linux.org>
---
This should be applied after "crypto: add EC-RDSA (GOST 34.10) algorithm" patchset.
crypto/asymmetric_keys/asym_tpm.c | 34 ++++++++++++++--------------------
1 file changed, 14 insertions(+), 20 deletions(-)
diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
index d95d7ec50e5a..b138acf3a5e6 100644
--- a/crypto/asymmetric_keys/asym_tpm.c
+++ b/crypto/asymmetric_keys/asym_tpm.c
@@ -276,6 +276,10 @@ static int tpm_sign(struct tpm_buf *tb,
return datalen;
}
+
+/* Room to fit two u32 zeros for algo id and parameters length. */
+#define SETKEY_PARAMS_SIZE (sizeof(u32) * 2)
+
/*
* Maximum buffer size for the BER/DER encoded public key. The public key
* is of the form SEQUENCE { INTEGER n, INTEGER e } where n is a maximum 2048
@@ -286,8 +290,9 @@ static int tpm_sign(struct tpm_buf *tb,
* - 257 bytes of n
* - max 2 bytes for INTEGER e type/length
* - 3 bytes of e
+ * - 4+4 of zeros for set_pub_key parameters (SETKEY_PARAMS_SIZE)
*/
-#define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3)
+#define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3 + SETKEY_PARAMS_SIZE)
/*
* Provide a part of a description of the key for /proc/keys.
@@ -364,6 +369,8 @@ static uint32_t derive_pub_key(const void *pub_key, uint32_t len, uint8_t *buf)
cur = encode_tag_length(cur, 0x02, sizeof(e));
memcpy(cur, e, sizeof(e));
cur += sizeof(e);
+ /* Zero parameters to satisfy set_pub_key ABI. */
+ memset(cur, 0, SETKEY_PARAMS_SIZE);
return cur - buf;
}
@@ -395,12 +402,6 @@ static int determine_akcipher(const char *encoding, const char *hash_algo,
return -ENOPKG;
}
-static u8 *tpm_pack_u32(u8 *dst, u32 val)
-{
- memcpy(dst, &val, sizeof(val));
- return dst + sizeof(val);
-}
-
/*
* Query information about a key.
*/
@@ -428,14 +429,11 @@ static int tpm_key_query(const struct kernel_pkey_params *params,
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
der_pub_key);
- pkey = kmalloc(der_pub_key_len + sizeof(u32) * 2, GFP_KERNEL);
+ pkey = kmalloc(der_pub_key_len + SETKEY_PARAMS_SIZE, GFP_KERNEL);
if (!pkey)
goto error_free_tfm;
- memcpy(pkey, der_pub_key, der_pub_key_len);
+ memcpy(pkey, der_pub_key, der_pub_key_len + SETKEY_PARAMS_SIZE);
ptr = pkey + der_pub_key_len;
- /* Set dummy parameters to satisfy set_pub_key ABI. */
- ptr = tpm_pack_u32(ptr, 0); /* algo */
- ptr = tpm_pack_u32(ptr, 0); /* parameter length */
ret = crypto_akcipher_set_pub_key(tfm, pkey, der_pub_key_len);
if (ret < 0)
@@ -493,13 +491,11 @@ static int tpm_key_encrypt(struct tpm_key *tk,
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
der_pub_key);
- pkey = kmalloc(der_pub_key_len + sizeof(u32) * 2, GFP_KERNEL);
+ pkey = kmalloc(der_pub_key_len + SETKEY_PARAMS_SIZE, GFP_KERNEL);
if (!pkey)
goto error_free_tfm;
- memcpy(pkey, der_pub_key, der_pub_key_len);
+ memcpy(pkey, der_pub_key, der_pub_key_len + SETKEY_PARAMS_SIZE);
ptr = pkey + der_pub_key_len;
- ptr = tpm_pack_u32(ptr, 0); /* algo */
- ptr = tpm_pack_u32(ptr, 0); /* parameter length */
ret = crypto_akcipher_set_pub_key(tfm, pkey, der_pub_key_len);
if (ret < 0)
@@ -798,13 +794,11 @@ static int tpm_key_verify_signature(const struct key *key,
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
der_pub_key);
- pkey = kmalloc(der_pub_key_len + sizeof(u32) * 2, GFP_KERNEL);
+ pkey = kmalloc(der_pub_key_len + SETKEY_PARAMS_SIZE, GFP_KERNEL);
if (!pkey)
goto error_free_tfm;
- memcpy(pkey, der_pub_key, der_pub_key_len);
+ memcpy(pkey, der_pub_key, der_pub_key_len + SETKEY_PARAMS_SIZE);
ptr = pkey + der_pub_key_len;
- ptr = tpm_pack_u32(ptr, 0); /* algo */
- ptr = tpm_pack_u32(ptr, 0); /* parameter length */
ret = crypto_akcipher_set_pub_key(tfm, pkey, der_pub_key_len);
if (ret < 0)
--
2.11.0
Powered by blists - more mailing lists