lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0222bc88-e3d1-243b-ffb1-111ba6bcd764@opensynergy.com>
Date:   Thu, 16 Jun 2022 17:09:04 +0200
From:   Harald Mommer <hmo@...nsynergy.com>
To:     Alex Bennée <alex.bennee@...aro.org>,
        linux-kernel@...r.kernel.org
Cc:     maxim.uvarov@...aro.org, joakim.bech@...aro.org,
        ulf.hansson@...aro.org, ilias.apalodimas@...aro.org,
        arnd@...aro.org, ruchika.gupta@...aro.org, tomas.winkler@...el.com,
        yang.huang@...el.com, bing.zhu@...el.com,
        Matti.Moell@...nsynergy.com, linux-mmc@...r.kernel.org,
        linux-scsi@...r.kernel.org,
        Linus Walleij <linus.walleij@...aro.org>,
        Arnd Bergmann <arnd.bergmann@...aro.org>,
        Alexander Usyskin <alexander.usyskin@...el.com>,
        Avri Altman <avri.altman@...disk.com>
Subject: Re: [PATCH v2 2/4] char: rpmb: provide a user space interface

Hello,

On 05.04.22 11:37, Alex Bennée wrote:
> The user space API is achieved via a number of synchronous IOCTLs.
>
>    * RPMB_IOC_VER_CMD - simple versioning API
>    * RPMB_IOC_CAP_CMD - query of underlying capabilities
>    * RPMB_IOC_PKEY_CMD - one time programming of access key
>    * RPMB_IOC_COUNTER_CMD - query the write counter
>    * RPMB_IOC_WBLOCKS_CMD - write blocks to device
>    * RPMB_IOC_RBLOCKS_CMD - read blocks from device
>
> The operations which require authenticated frames or will respond with
> MAC hashes of nonce filled frames that userspace will need to verify
> share a common command frame format. The other operations can be
> considered generic and allow for common handling.
>
> [AJB: here the are key difference is the avoiding a single ioctl where
> all the frame data is put together by user space. User space is still
> the only place where certain operations can be verified due to the
> need of a secret key]
I have less problems to understand this reworked ioctl() interface as I 
had with the older one. Nice.
> diff --git a/drivers/rpmb/cdev.c b/drivers/rpmb/cdev.c
> ...
> +static long rpmb_ioctl_cap_cmd(struct rpmb_dev *rdev,
> +			       struct rpmb_ioc_cap_cmd __user *ptr)
> +{
> +	struct rpmb_ioc_cap_cmd cap;
> +
> +	cap.target      = rdev->target;
> +	cap.block_size  = rdev->ops->block_size;
> +	cap.wr_cnt_max  = rdev->ops->wr_cnt_max;
> +	cap.rd_cnt_max  = rdev->ops->rd_cnt_max;
> +	cap.capacity    = rpmb_get_capacity(rdev);
> +	cap.reserved    = 0;
auth_method is still part of the structure but not set. Means arbitrary 
data from the stack is copied to user land.
> +
> +	return copy_to_user(ptr, &cap, sizeof(cap)) ? -EFAULT : 0;
> +}
> ...
> +/**
> + * struct rpmb_ioc_cap_cmd - rpmb capabilities
> + *
> + * @target: rpmb target/region within RPMB partition.
> + * @capacity: storage capacity (in units of 128K)
> + * @block_size: storage data block size (in units of 256B)
> + * @wr_cnt_max: maximal number of block that can be written in a single request.
> + * @rd_cnt_max: maximal number of block that can be read in a single request.
> + * @auth_method: authentication method: currently always HMAC_SHA_256
> + * @reserved: reserved to align to 4 bytes.
> + */
> +struct rpmb_ioc_cap_cmd {
> +	__u16 target;
> +	__u16 capacity;
> +	__u16 block_size;
> +	__u16 wr_cnt_max;
> +	__u16 rd_cnt_max;
> +	__u16 auth_method;
> +	__u16 reserved;
> +} __packed;
> ...+

-- 
Dipl.-Ing. Harald Mommer
Senior Software Engineer

OpenSynergy GmbH
Rotherstr. 20, 10245 Berlin

Phone:  +49 (30) 60 98 540-0 <== Zentrale
Fax:    +49 (30) 60 98 540-99
E-Mail: harald.mommer@...nsynergy.com

www.opensynergy.com

Handelsregister: Amtsgericht Charlottenburg, HRB 108616B
Geschäftsführer/Managing Director: Regis Adjamah


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ