Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp5831829ybp; Tue, 15 Oct 2019 05:50:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqx7mh/Mon3/5DWOMRjIRijba9oexf/MlX0eRfh9JxGbEoU4Jdnu6uXk2jog5Kk83lQNBBK1 X-Received: by 2002:a17:906:5051:: with SMTP id e17mr33425400ejk.139.1571143814707; Tue, 15 Oct 2019 05:50:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571143814; cv=none; d=google.com; s=arc-20160816; b=RBUAeiK40y2D5ye9+B436haBOUDkQD78IlJ0zqQ8YMnuxGUdeQ3M1gaZYcWQ9t+DxP GhOjszAVx4IbmnxU1L05xZYRiAalLS0mF+E6RTbXC9Eje2d2c8/buULMFKO1i5berZzQ HXP40HyLqK6ZHkjuriKlGMDXBt8uXaaI2OvLHB7q4aR8GkhMzAADYXZDb2qb5syMknII +jA4pvFrmVC1RXJ/lNU6bYwb8+Kl/NuNCPzdlhBbSDi3PZ07ltXJevgAwBKnBd8WOsRu gyhJlkab1MCxvcTadjBJygik3S6Q1uvtOs0QsLj5BV05xooHIMygEJRIy9wkr9daKfkt vGJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=oqOBT1bHPfEof8PhcJt+Sa+pudYsDX2P7QVQu1pHKtE=; b=pChM34s6ofUnEC50VyvduznanqSVUzKdOLdzTOhKNcOs5zWWIdo4Wb5jI9t9AZU/lq zWg04A7GnTu9EuUk8wBJFXlDsZnabcDD7AbvUWTunUOqdqvQBzl67j68Yd1WKMH7Mhvx M9Rb67iFaW31Ak95DAcqohYPjLIRE+n7ca6Vqk6/Cn4rrNVCp128aRLc6CDhdwZtPp/c oVw9v/oxyq5cNWTqJ8W7s/mix7m4d/jqBJtNq1fziaQJ1FQG5EXljUlJmVDZoT3t/cfL HLTk6vJbWgv85ygSrWUOjj2ubW7xrHuR/mZ3e7XU/pfiS4f4bLV7RXolSHyv/SwnpYnV 2LxA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g7si13409057ejd.78.2019.10.15.05.49.51; Tue, 15 Oct 2019 05:50:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726217AbfJOMrU (ORCPT + 99 others); Tue, 15 Oct 2019 08:47:20 -0400 Received: from mga07.intel.com ([134.134.136.100]:26311 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725710AbfJOMrU (ORCPT ); Tue, 15 Oct 2019 08:47:20 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Oct 2019 05:47:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,300,1566889200"; d="scan'208";a="207538674" Received: from shacharl-mobl.ger.corp.intel.com (HELO localhost) ([10.252.9.88]) by orsmga002.jf.intel.com with ESMTP; 15 Oct 2019 05:47:14 -0700 From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , David Safford , Pascal Van Leeuwen , James Bottomley , Peter Huewe , Jason Gunthorpe , Arnd Bergmann , Greg Kroah-Hartman , linux-kernel@vger.kernel.org (open list) Subject: [PATCH] tpm: Salt tpm_get_random() result with get_random_bytes() Date: Tue, 15 Oct 2019 15:47:02 +0300 Message-Id: <20191015124702.633-1-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Salt the result that comes from the TPM RNG with random bytes from the kernel RNG. This will allow to use tpm_get_random() as a substitute for get_random_bytes(). TPM could have a bug (making results predicatable), backdoor or even an inteposer in the bus. Salting gives protections against these concerns. Cc: David Safford Cc: Pascal Van Leeuwen Cc: James Bottomley Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm-interface.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 7f105490604c..a135b1cd5a17 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -431,16 +432,24 @@ int tpm_pm_resume(struct device *dev) EXPORT_SYMBOL_GPL(tpm_pm_resume); /** - * tpm_get_random() - get random bytes from the TPM's RNG + * tpm_get_random() - Get random bytes from the TPM's RNG * @chip: a &struct tpm_chip instance, %NULL for the default chip * @out: destination buffer for the random bytes * @max: the max number of bytes to write to @out * - * Return: number of random bytes read or a negative error value. + * Get random bytes from the TPM's RNG and salt the result with the same amount + * of bytes from the kernel RNG. Salting allows to call this function as a + * substitute for get_random_bytes() where appropriate. + * + * Return: + * number of random bytes on success, + * -errno on error */ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) { + u8 salt[TPM_MAX_RNG_DATA]; int rc; + int i; if (!out || max > TPM_MAX_RNG_DATA) return -EINVAL; @@ -455,6 +464,14 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) rc = tpm1_get_random(chip, out, max); tpm_put_ops(chip); + + if (rc > 0) { + get_random_bytes(salt, rc); + + for (i = 0; i < rc; i++) + out[i] ^= salt[i]; + } + return rc; } EXPORT_SYMBOL_GPL(tpm_get_random); -- 2.20.1