lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <9431f31594f9ea693b201cfbfa9e7b221e500e6a.1633946449.git-series.a.fatoum@pengutronix.de>
Date:   Mon, 11 Oct 2021 12:02:36 +0200
From:   Ahmad Fatoum <a.fatoum@...gutronix.de>
To:     James Bottomley <jejb@...ux.ibm.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        David Howells <dhowells@...hat.com>
Cc:     kernel@...gutronix.de, Sumit Garg <sumit.garg@...aro.org>,
        David Gstir <david@...ma-star.at>,
        Tim Harvey <tharvey@...eworks.com>,
        Ahmad Fatoum <a.fatoum@...gutronix.de>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Horia Geantă <horia.geanta@....com>,
        Aymen Sghaier <aymen.sghaier@....com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        Udit Agarwal <udit.agarwal@....com>,
        Eric Biggers <ebiggers@...nel.org>,
        Jan Luebbe <j.luebbe@...gutronix.de>,
        Richard Weinberger <richard@....at>,
        Franck LENORMAND <franck.lenormand@....com>,
        keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
        linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org
Subject: [PATCH v4 3/5] KEYS: trusted: allow trust sources to use kernel RNG for key material

The two existing trusted key sources don't make use of the kernel RNG,
but instead let the hardware that does the sealing/unsealing also
generate the random key material. While a previous change offers users
the choice to use the kernel RNG instead for both, new trust sources
may want to unconditionally use the kernel RNG for generating key
material, like it's done elsewhere in the kernel.

This is especially prudent for hardware that has proven-in-production
HWRNG drivers implemented, as otherwise code would have to be duplicated
only to arrive at a possibly worse result.

Make this possible by turning struct trusted_key_ops::get_random
into an optional member. If a driver leaves it NULL, kernel RNG
will be used instead.

Acked-by: Sumit Garg <sumit.garg@...aro.org>
Reviewed-by: David Gstir <david@...ma-star.at>
Tested-By: Tim Harvey <tharvey@...eworks.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@...gutronix.de>
---
To: James Bottomley <jejb@...ux.ibm.com>
To: Jarkko Sakkinen <jarkko@...nel.org>
To: Mimi Zohar <zohar@...ux.ibm.com>
To: David Howells <dhowells@...hat.com>
Cc: James Morris <jmorris@...ei.org>
Cc: "Serge E. Hallyn" <serge@...lyn.com>
Cc: "Horia Geantă" <horia.geanta@....com>
Cc: Aymen Sghaier <aymen.sghaier@....com>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Udit Agarwal <udit.agarwal@....com>
Cc: Eric Biggers <ebiggers@...nel.org>
Cc: Jan Luebbe <j.luebbe@...gutronix.de>
Cc: David Gstir <david@...ma-star.at>
Cc: Richard Weinberger <richard@....at>
Cc: Franck LENORMAND <franck.lenormand@....com>
Cc: Sumit Garg <sumit.garg@...aro.org>
Cc: keyrings@...r.kernel.org
Cc: linux-crypto@...r.kernel.org
Cc: linux-integrity@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Cc: linux-security-module@...r.kernel.org
---
 include/keys/trusted-type.h               | 2 +-
 security/keys/trusted-keys/trusted_core.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index d89fa2579ac0..4eb64548a74f 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
@@ -64,7 +64,7 @@ struct trusted_key_ops {
 	/* Unseal a key. */
 	int (*unseal)(struct trusted_key_payload *p, char *datablob);
 
-	/* Get a randomized key. */
+	/* Optional: Get a randomized key. */
 	int (*get_random)(unsigned char *key, size_t key_len);
 
 	/* Exit key interface. */
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index 569af9af8df0..d2b7626cde8b 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -334,7 +334,7 @@ static int __init init_trusted(void)
 			continue;
 
 		get_random = trusted_key_sources[i].ops->get_random;
-		if (trusted_kernel_rng)
+		if (trusted_kernel_rng || !get_random)
 			get_random = kernel_get_random;
 
 		static_call_update(trusted_key_init,
-- 
git-series 0.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ