lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <085CABBD-1EA1-44A9-AA9C-C04039A627AB@sigma-star.at>
Date:   Wed, 27 Sep 2023 08:33:01 +0200
From:   David Gstir <david@...ma-star.at>
To:     Jarkko Sakkinen <jarkko@...nel.org>
Cc:     Mimi Zohar <zohar@...ux.ibm.com>,
        James Bottomley <jejb@...ux.ibm.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        Shawn Guo <shawnguo@...nel.org>,
        Jonathan Corbet <corbet@....net>,
        Sascha Hauer <s.hauer@...gutronix.de>,
        "kernel@...gutronix.de" <kernel@...gutronix.de>,
        Fabio Estevam <festevam@...il.com>,
        NXP Linux Team <linux-imx@....com>,
        Ahmad Fatoum <a.fatoum@...gutronix.de>,
        sigma star Kernel Team <upstream+dcp@...ma-star.at>,
        David Howells <dhowells@...hat.com>,
        Li Yang <leoyang.li@....com>, Paul Moore <paul@...l-moore.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        "Paul E. McKenney" <paulmck@...nel.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        Catalin Marinas <catalin.marinas@....com>,
        "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
        Tejun Heo <tj@...nel.org>,
        "Steven Rostedt (Google)" <rostedt@...dmis.org>,
        linux-doc@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        linux-arm-kernel@...ts.infradead.org,
        linuxppc-dev@...ts.ozlabs.org,
        "linux-security-module@...r.kernel.org" 
        <linux-security-module@...r.kernel.org>,
        Richard Weinberger <richard@....at>,
        David Oberhollenzer <david.oberhollenzer@...ma-star.at>
Subject: Re: [PATCH v3 2/3] KEYS: trusted: Introduce support for NXP DCP-based
 trusted keys

Jarkko,

> On 25.09.2023, at 17:34, Jarkko Sakkinen <jarkko@...nel.org> wrote:
> 
> On Mon Sep 18, 2023 at 5:18 PM EEST, David Gstir wrote:
>> DCP (Data Co-Processor) is the little brother of NXP's CAAM IP.
>> 
>> Beside of accelerated crypto operations, it also offers support for
>> hardware-bound keys. Using this feature it is possible to implement a blob
>> mechanism just like CAAM offers. Unlike on CAAM, constructing and
>> parsing the blob has to happen in software.
>> 
>> We chose the following format for the blob:
> 
> Who is we?

The authors of this patch. But I’ll rephrase that to get rid
of the academic paper style.

> And there is no choosing anything if the below structure if hardware
> defined (not software defined):

The below structure is actually software-defined by this patch.
Contrary to CAAM, DCP does not have a key blob feature.
DCP’s hardware-bound UNIQUE or OTP key is used to bind
these key blobs to a specific DCP chip.


> 
>> /*
>> * struct dcp_blob_fmt - DCP BLOB format.
>> *
>> * @fmt_version: Format version, currently being %1
>> * @blob_key: Random AES 128 key which is used to encrypt @payload,
>> *            @blob_key itself is encrypted with OTP or UNIQUE device key in
>> *            AES-128-ECB mode by DCP.
>> * @nonce: Random nonce used for @payload encryption.
>> * @payload_len: Length of the plain text @payload.
>> * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
>> *           GCM auth tag of size AES_BLOCK_SIZE is attached at the end of it.
>> *
>> * The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload_len +
>> * AES_BLOCK_SIZE.
>> */
>> struct dcp_blob_fmt {
>> __u8 fmt_version;
>> __u8 blob_key[AES_KEYSIZE_128];
>> __u8 nonce[AES_KEYSIZE_128];
>> __le32 payload_len;
>> __u8 payload[];
>> } __packed;
>> 
>> @payload is the key provided by trusted_key_ops->seal().
>> 
>> By default the UNIQUE device key is used, it is also possible to use
>> the OTP key. While the UNIQUE device key should be unique it is not
>> entirely clear whether this is the case due to unclear documentation.
>> If someone wants to be sure they can burn their own unique key
>> into the OTP fuse and set the use_otp_key module parameter.
>> 
>> Co-developed-by: Richard Weinberger <richard@....at>
>> Signed-off-by: Richard Weinberger <richard@....at>
>> Co-developed-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at>
>> Signed-off-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at>
>> Signed-off-by: David Gstir <david@...ma-star.at>
>> ---
>> .../admin-guide/kernel-parameters.txt         |  13 +
> 
> Separate commit for this.
> 
>> MAINTAINERS                                   |   9 +
> 
> Ditto (i.e. total two additional patches).

Will do for v4! 

Thanks,
- David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ