lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOOmCE-jP8Romsx+wYrRjOHj_VNh3m+JR4fnd1T0gjJm+n145Q@mail.gmail.com>
Date:   Wed, 3 May 2023 14:34:43 -0500
From:   Jorge Lopez <jorgealtxwork@...il.com>
To:     thomas@...ch.de
Cc:     hdegoede@...hat.com, platform-driver-x86@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v11 11/14] HP BIOSCFG driver - spmobj-attributes

On Sun, Apr 23, 2023 at 4:24 AM <thomas@...ch.de> wrote:
>
> On 2023-04-20 11:54:51-0500, Jorge Lopez wrote:
> >  .../x86/hp/hp-bioscfg/spmobj-attributes.c     | 405 ++++++++++++++++++
> >  1 file changed, 405 insertions(+)
> >  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> > new file mode 100644
> > index 000000000000..78228f44c39b
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> > @@ -0,0 +1,405 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to secure platform management object type
> > + * attributes under BIOS PASSWORD for use with hp-bioscfg driver
> > + *
> > + *  Copyright (c) 2022 HP Development Company, L.P.
> > + */
> > +
> > +#include "bioscfg.h"
> > +
> > +
> > +static const char * const spm_state_types[] = {
> > +     "not provisioned",
> > +     "provisioned",
> > +     "provisioning in progress"
> > +};
> > +
> > +static const char * const spm_mechanism_types[] = {
> > +     "not provision",
>
> "not provisioned" as above?

Good catch.  Done!
>
> > +     "signing-key",
> > +     "endorsement-key"
>
> Trailing commas please.
>
Done!
> > +};
> > +
> > +
> > +int check_spm_is_enabled(void)
> > +{
> > +     /* do we need to check the admin password is also configured */
> > +     return bioscfg_drv.spm_data.is_enabled;
> > +}
> > +
> > +/*
> > + * calculate_security_buffer() - determines size of security buffer
> > + * for authentication scheme
> > + *
> > + * @authentication: the authentication content
> > + *
> > + * Currently only supported type is Admin password
> > + */
> > +size_t calculate_security_buffer(const char *authentication)
> > +{
> > +     int size;
> > +
> > +     if (authentication != NULL && strlen(authentication) > 0) {
> > +
> > +             size = (sizeof(u16) + (strlen(authentication) * sizeof(u16)));
> > +             if (strncmp(authentication, BEAM_PREFIX, strlen(BEAM_PREFIX)) != 0)
>
> strstarts()

Done!
>
> > +                     size += (strlen(UTF_PREFIX) * sizeof(u16));
>
> No need for braces.

Done!
>
> > +
> > +             return size;
> > +     }
> > +
> > +     size  = sizeof(u16) * 2;
> > +     return size;
> > +}
> > +
> > +/*
> > + * populate_security_buffer() - builds a security buffer for
> > + * authentication scheme
> > + *
> > + * @buffer: the buffer to populate
> > + * @authentication: the authentication content
> > + *
> > + * Currently only supported type is PLAIN TEXT
> > + */
> > +void populate_security_buffer(u16 *buffer, const char *authentication)
> > +{
> > +     u16 *auth = buffer;
> > +     char *strprefix = NULL;
> > +
> > +     if (strncmp(authentication, BEAM_PREFIX, strlen(BEAM_PREFIX)) == 0) {
>
> strstarts()

Done!
>
> > +             /*
> > +              * BEAM_PREFIX is append to buffer when a signature
> > +              * is provided and Sure Admin is enabled in BIOS
> > +              */
> > +             // BEAM_PREFIX found, convert part to unicode
> > +             auth = ascii_to_utf16_unicode(auth, authentication);
> > +     } else {
> > +             /*
> > +              * UTF-16 prefix is append to the * buffer when a BIOS
> > +              * admin password is configured in BIOS
> > +              */
> > +
> > +             // append UTF_PREFIX to part and then convert it to unicode
> > +             strprefix = kasprintf(GFP_KERNEL, "%s%s", UTF_PREFIX,
> > +                                   authentication);
> > +             if (!strprefix)
> > +                     goto out_buffer;
> > +
> > +             auth = ascii_to_utf16_unicode(auth, strprefix);
> > +     }
> > +out_buffer:
> > +
> > +     kfree(strprefix);
> > +}
> > +
> > +ssize_t update_spm_state(void)
> > +{
> > +     int ret;
> > +     struct secureplatform_provisioning_data *data = NULL;
>
> This can be allocated on the stack.

Done!
>
> > +
> > +     data = kmalloc(sizeof(struct secureplatform_provisioning_data),
> > +                    GFP_KERNEL);
> > +     if (!data) {
> > +             ret = -ENOMEM;
> > +             goto state_exit;
> > +     }
> > +
> > +     ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
> > +                                HPWMI_SECUREPLATFORM, data, 0,
> > +                                sizeof(*data));
> > +     if (ret < 0)
> > +             goto state_exit;
> > +
> > +     bioscfg_drv.spm_data.mechanism = data->state;
> > +     if (bioscfg_drv.spm_data.mechanism)
> > +             bioscfg_drv.spm_data.is_enabled = 1;
> > +
> > +state_exit:
> > +     kfree(data);
> > +
> > +     return ret;
> > +}
> > +
> > +ssize_t statusbin(struct kobject *kobj,
> > +               struct kobj_attribute *attr, char *buf)
>
> This can be static.

Done!
>
> If it is known that a struct secureplatform_provisioning_data is to be
> passed, then the type can reflect that.

Done!
>
> > +{
> > +     int ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
> > +                                    HPWMI_SECUREPLATFORM, buf, 0,
> > +                                    sizeof(struct secureplatform_provisioning_data));
> > +
> > +     return ret ? -ENODEV : sizeof(struct secureplatform_provisioning_data);
>
> Why not return "ret" on error?

Good point. Done!
>
> > +}
> > +
> > +/*
> > + * status_show - Reads SPM status
> > + */
> > +ssize_t status_show(struct kobject *kobj, struct kobj_attribute
> > +                 *attr, char *buf)
> > +{
> > +     int ret, i;
> > +     struct secureplatform_provisioning_data *data = NULL;
>
> Can also be on-stack.

Done!
>
<snip>
> > +static struct kobj_attribute password_spm_key_mechanism = __ATTR_RO(key_mechanism);
> > +
> > +static ssize_t sk_store(struct kobject *kobj,
> > +                     struct kobj_attribute *attr,
> > +                     const char *buf, size_t count)
> > +{
> > +     int ret;
> > +     int length;
> > +
> > +     length = count;
> > +     if (buf[length-1] == '\n')
> > +             length--;
> > +
> > +     /* allocate space and copy current signing key */
> > +     bioscfg_drv.spm_data.signing_key = kmalloc(length, GFP_KERNEL);
> > +     if (!bioscfg_drv.spm_data.signing_key) {
> > +             ret = -ENOMEM;
> > +             goto exit_sk;
> > +     }
> > +
> > +     memcpy(bioscfg_drv.spm_data.signing_key, buf, length);
> > +     bioscfg_drv.spm_data.signing_key[length] = '\0';
>
> Is this supposed to handle zero-bytes in the input?
> If yes: Did you test this with zero bytes, I don't think the normal
> attribute APIs handle this.
> If no: Why not use strscpy?
>

Done!

<snip>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ