| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210515082127.GB30461@amd>
Date: Sat, 15 May 2021 10:21:27 +0200
From: Pavel Machek <pavel@...x.de>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
James Bottomley <James.Bottomley@...senPartnership.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Sasha Levin <sashal@...nel.org>
Subject: Re: [PATCH 5.10 258/530] security: keys: trusted: fix TPM2
authorizations
Hi!
> [ Upstream commit de66514d934d70ce73c302ce0644b54970fc7196 ]
>
> In TPM 1.2 an authorization was a 20 byte number. The spec actually
> recommended you to hash variable length passwords and use the sha1
> hash as the authorization. Because the spec doesn't require this
> hashing, the current authorization for trusted keys is a 40 digit hex
> number. For TPM 2.0 the spec allows the passing in of variable length
> passwords and passphrases directly, so we should allow that in trusted
> keys for ease of use. Update the 'blobauth' parameter to take this
> into account, so we can now use plain text passwords for the keys.
I guess break should now be deleted. If tools don't warn about this,
they should.
> + if (tpm2 && opt->blobauth_len <= sizeof(opt->blobauth)) {
> + memcpy(opt->blobauth, args[0].from,
> + opt->blobauth_len);
> + break;
> + }
> +
> + return -EINVAL;
> +
> break;
> +
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists