Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp183524ybp;
        Thu, 3 Oct 2019 12:00:31 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzZUmMMKSyzaJNaR1FVAliJOQddJvxx2Hp+X2YskpJ6d6meYKNoXjCDgZM0/X4Eu6i4YLcO
X-Received: by 2002:a05:6402:150a:: with SMTP id f10mr10895540edw.110.1570129231573;
        Thu, 03 Oct 2019 12:00:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570129231; cv=none;
        d=google.com; s=arc-20160816;
        b=iRxzzFLJiIXd+biNdhqbo8xJzYykEjIIugm+wtAYJm3buB5yTBlPNlfF9ROrky+vNC
         3DnHpuY65UAyv8mdBIeOs6zNHH3dNKPllaOt17XBxNgJJpRhH/mdOKV1p0DeTds3+isM
         ZT4UW7Vc3/41UxfFClJSDOZlWyaJtZz9qa7Ie0GAqwZyEKdj2ZqxUOHPHe7BmguTY8ej
         ymjBmKUgn3lTQ572ttlzS5L9qDf5FSOU5DsMyu/t+KSGMF9KS1xQYtvjHwywWM60q8uU
         mUZa/YE4XxOxSD9G4JO1VGz6wf0ILV0ZQhONknp6y8Xhj/WDq6dU9yAsuNBCohTvqv48
         eEkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:organization:in-reply-to
         :content-transfer-encoding:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=DYsFv013yHd2GOEtMMuDio7KS/3V/bPmv/Mt6MAHN4Y=;
        b=0sJjKIORlxrNZGPy7fNzMei7FPFASZhSzX3MhNTfHrWgpXtvtV0scW/opbfSzfxFfR
         eDGTBa5O0A8DSYnQABgPfHPccirip4rVA5XOSIFmD4Q8oE50R6EvhSs/i0ryM8E/7UTx
         5VnfmCoCGOJ8RHoA23UPhZ6QzT2nEkDH7sT7A2f3rTiKDcbV+/rdnzMzWxgfZ1Qh47nt
         1V1g1dRbjAraFJ7gqzayNQUCn2KhfKwZFsuzGfx/ajTLBgTF2epK/tRbcd0HJYJUFkzT
         ZdS38Sfl49Fq4U6OBwL1xFLJQCnwlSj+24AViETkcqFILDTp4xW2Qg1dGfcwDFGLQvNy
         IpNQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d10si1679299eja.69.2019.10.03.12.00.06;
        Thu, 03 Oct 2019 12:00:31 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732890AbfJCSPi (ORCPT <rfc822;corchopanconchocolate@gmail.com>
        + 99 others); Thu, 3 Oct 2019 14:15:38 -0400
Received: from mga06.intel.com ([134.134.136.31]:31189 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729199AbfJCSPi (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 3 Oct 2019 14:15:38 -0400
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Oct 2019 11:15:37 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.67,253,1566889200"; 
   d="scan'208";a="195300707"
Received: from okiselev-mobl1.ccr.corp.intel.com (HELO localhost) ([10.251.93.117])
  by orsmga003.jf.intel.com with ESMTP; 03 Oct 2019 11:15:32 -0700
Date:   Thu, 3 Oct 2019 21:15:31 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To:     Mimi Zohar <zohar@linux.ibm.com>
Cc:     linux-integrity@vger.kernel.org, stable@vger.kernel.org,
        David Howells <dhowells@redhat.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        "open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
        "open list:CRYPTO API" <linux-crypto@vger.kernel.org>,
        open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()
Message-ID: <20191003181531.GD19679@linux.intel.com>
References: <20190926171601.30404-1-jarkko.sakkinen@linux.intel.com>
 <1570024819.4999.119.camel@linux.ibm.com>
 <20191003114119.GF8933@linux.intel.com>
 <1570107752.4421.183.camel@linux.ibm.com>
 <20191003180201.GC19679@linux.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20191003180201.GC19679@linux.intel.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Thu, Oct 03, 2019 at 09:02:01PM +0300, Jarkko Sakkinen wrote:
> On Thu, Oct 03, 2019 at 09:02:32AM -0400, Mimi Zohar wrote:
> > That isn't a valid justification for changing the original definition
> > of trusted keys. ?Just as the kernel supports different methods of
> > implementing the same function on different architectures, trusted
> > keys will need to support different methods of generating a random
> > number. ??
> 
> This is completely incorrect deduction. The random number generator
> inside the kernel is there to gather entropy from different sources.
> You would exploit trusted keys to potential weaknesses of a single
> entropy source by doing that.
> 
> Of course in TEE platform, TEE can be one of the entropy sources but
> there is no reason to weaken the security by using it as the only
> sources.

I.e. where you go wrong is that you are inter mixing requirements
for the payload and for sealing. They are disjoint assets. The rules
for the payload should not be dependent on how you seal your trusted
key.

/Jarkko