Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp2313532rdb; Mon, 5 Feb 2024 02:39:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IGQ6n4AbJiBmlnY/xVDQhybRRWdrqDim2kzA3MnbgTQ2pP+pXVWBuccQQtq8gag05Zq2FxR X-Received: by 2002:a05:6a20:d498:b0:19c:9a00:1351 with SMTP id im24-20020a056a20d49800b0019c9a001351mr9494693pzb.25.1707129561693; Mon, 05 Feb 2024 02:39:21 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707129561; cv=pass; d=google.com; s=arc-20160816; b=BppqD0O9oe99InXGHav/7qdupfkWggt5NJGVHqdTXkQ0Xk5aQ16xTFl6OBq3a/RMxQ YQAEhR3KHjLZCrv6yaSO0k67Ubpcr4VlT6z93ja6pMIVthNoxEJBTbHKJdgZHrBl67jv FTKY+1kGoe98b+o/iWkXXQaR1UMbzBXKyng7Ah0OP7rJ6uHKBhQTU+/YdUhweumw6/Rp fLBsH/sD9GPIog7Bw1sMbTX4LW1aH49rph3D0zCBNZY7wVUSzhQfkZH0pTZodhkB/m71 QSnZ3iebrzWjpzPfDQv8r0WS1ylA7w+2k7Ie7ZtZbV4o3KmsYR3GIVYVeerwoqs5Q+KK iq8g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:organization:references :in-reply-to:message-id:subject:cc:to:from:date; bh=U694o1DSpmzO4vnOFEoBEkD2LHaxIqFbaunsqDHb7ng=; fh=+wGryovmK9RTwaTVIGoL1Y5VZm6guQqB4srielWX5sM=; b=KTEOD/nFRf97xD4+wvLj93mgQV2A6X5Td8nnDLumKk+xclDdCiezNQ0Dzx3/oddWd/ CYTtu7ULV3/GIanPfm0V4JA2mXzQd2oQ2hG5Jhbko1h7M9YF3PG6ww6OqiIGamZHOg2b HEHv+5K1palNLMXJKHS9bLQV0GU/OxdApFvEP0oBFT15SK5kZb+tltbXTspGbU9Z8OdL Zlyd8RyMV2khQfWHyCpEXNObxclJ34lbTxLfCqPxhlj46GMXrfbwvqnp36OQIjJsruvg ds1rKU20MMw/R8vmvDSpJTlMbFqaprafEGrwzY08nbcF3vXESfmPK5VoT0YwjNSdzulQ 1bqw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-crypto+bounces-1833-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1833-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com X-Forwarded-Encrypted: i=1; AJvYcCVjKpdvkoGgpxHbK+QDz/r9BIujP35NCcUL6TBdblY7JkZ6emhvRxMxeBnLxxM7HvlakpfAL4qL5N4TFrsK7whAbDJ3ew2vUfS2Wb/PKQ== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id i71-20020a639d4a000000b005d988899a48si5860857pgd.16.2024.02.05.02.39.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Feb 2024 02:39:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1833-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-crypto+bounces-1833-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1833-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id F1B10B2B7FB for ; Mon, 5 Feb 2024 10:08:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4783714276; Mon, 5 Feb 2024 10:07:59 +0000 (UTC) X-Original-To: linux-crypto@vger.kernel.org Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F37CB168D9; Mon, 5 Feb 2024 10:07:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.176.79.56 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707127679; cv=none; b=aI/jCq6PKunj/bSeJq7XxqoDLtJPwDo8ry4i+00hayWrW+W5b1F0NhuldU7AE/dK0GRhtk0bNgeNu/9q0ZlPUZcd123cNCjLRGxaD0P8zl1XOcBPZBJ4P9c/xzGSXil8PVjxY/n2BEGGXzTnOIHWTcQPY1mNuG8UeNUttkxhlT0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707127679; c=relaxed/simple; bh=iBaUmXBlN0VxxLhGqD9SvUefjOy+3CbgHgnuPzCue3A=; h=Date:From:To:CC:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FxqXdmmtIAicsRKyp9mODHykKfiu6kIQfQow/pK6ddGWPfp2kPpZHzueGHtzDS0lPMILClToBaDDJOEvV0heuhZqZlP+JXY5jwfMxyYXEfxs4hK6QU/gWCWqLAW1Zdw/KsQDtYy8GXSFsZV3QCrRmPxwDkbxrtDHgySs3pwNJqc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=Huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=185.176.79.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=Huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.18.186.231]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4TT26g0TNXz6GBd5; Mon, 5 Feb 2024 18:04:43 +0800 (CST) Received: from lhrpeml500005.china.huawei.com (unknown [7.191.163.240]) by mail.maildlp.com (Postfix) with ESMTPS id BFC8314185F; Mon, 5 Feb 2024 18:07:54 +0800 (CST) Received: from localhost (10.202.227.76) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 5 Feb 2024 10:07:54 +0000 Date: Mon, 5 Feb 2024 10:07:53 +0000 From: Jonathan Cameron To: Lukas Wunner CC: Ilpo =?ISO-8859-1?Q?J=E4rvinen?= , "Bjorn Helgaas" , David Howells , "David Woodhouse" , Herbert Xu , "David S. Miller" , Alex Williamson , , , , , , , , David Box , Dan Williams , "Dave Jiang" , "Li, Ming" , Zhi Wang , Alistair Francis , Wilfred Mallawa , Alexey Kardashevskiy , Tom Lendacky , "Sean Christopherson" , Alexander Graf Subject: Re: [PATCH 07/12] spdm: Introduce library to authenticate devices Message-ID: <20240205100753.0000798b@Huawei.com> In-Reply-To: <20240204172510.GA19805@wunner.de> References: <89a83f42ae3c411f46efd968007e9b2afd839e74.1695921657.git.lukas@wunner.de> <20231003153937.000034ca@Huawei.com> <20240204172510.GA19805@wunner.de> Organization: Huawei Technologies Research and Development (UK) Ltd. X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-ClientProxiedBy: lhrpeml500006.china.huawei.com (7.191.161.198) To lhrpeml500005.china.huawei.com (7.191.163.240) On Sun, 4 Feb 2024 18:25:10 +0100 Lukas Wunner wrote: > On Tue, Oct 03, 2023 at 03:39:37PM +0100, Jonathan Cameron wrote: > > On Thu, 28 Sep 2023 19:32:37 +0200 Lukas Wunner wrote: > > > +/** > > > + * spdm_challenge_rsp_sz() - Calculate CHALLENGE_AUTH response size > > > + * > > > + * @spdm_state: SPDM session state > > > + * @rsp: CHALLENGE_AUTH response (optional) > > > + * > > > + * A CHALLENGE_AUTH response contains multiple variable-length fields > > > + * as well as optional fields. This helper eases calculating its size. > > > + * > > > + * If @rsp is %NULL, assume the maximum OpaqueDataLength of 1024 bytes > > > + * (SPDM 1.0.0 table 21). Otherwise read OpaqueDataLength from @rsp. > > > + * OpaqueDataLength can only be > 0 for SPDM 1.0 and 1.1, as they lack > > > + * the OtherParamsSupport field in the NEGOTIATE_ALGORITHMS request. > > > + * For SPDM 1.2+, we do not offer any Opaque Data Formats in that field, > > > + * which forces OpaqueDataLength to 0 (SPDM 1.2.0 margin no 261). > > > + */ > > > +static size_t spdm_challenge_rsp_sz(struct spdm_state *spdm_state, > > > + struct spdm_challenge_rsp *rsp) > > > +{ > > > + size_t size = sizeof(*rsp) /* Header */ > > > > Double spaces look a bit strange... > > > > > + + spdm_state->h /* CertChainHash */ > > > + + 32; /* Nonce */ > > > + > > > + if (rsp) > > > + /* May be unaligned if hash algorithm has unusual length. */ > > > + size += get_unaligned_le16((u8 *)rsp + size); > > > + else > > > + size += SPDM_MAX_OPAQUE_DATA; /* OpaqueData */ > > > + > > > + size += 2; /* OpaqueDataLength */ > > > + > > > + if (spdm_state->version >= 0x13) > > > + size += 8; /* RequesterContext */ > > > + > > > + return size + spdm_state->s; /* Signature */ > > > > Double space here as well looks odd to me. > > This was criticized by Ilpo as well, but the double spaces are > intentional to vertically align "size" on each line for neatness. > > How strongly do you guys feel about it? ;) I suspect we'll see 'fixes' for this creating noise for maintainers. So whilst I don't feel that strongly about it I'm not sure the alignment really helps much with readability either. > > > > > +int spdm_authenticate(struct spdm_state *spdm_state) > > > +{ > > > + size_t transcript_sz; > > > + void *transcript; > > > + int rc = -ENOMEM; > > > + u8 slot; > > > + > > > + mutex_lock(&spdm_state->lock); > > > + spdm_reset(spdm_state); > [...] > > > + rc = spdm_challenge(spdm_state, slot); > > > + > > > +unlock: > > > + if (rc) > > > + spdm_reset(spdm_state); > > > > I'd expect reset to also clear authenticated. Seems odd to do it separately > > and relies on reset only being called here. If that were the case and you > > were handling locking and freeing using cleanup.h magic, then > > > > rc = spdm_challenge(spdm_state); > > if (rc) > > goto reset; > > return 0; > > > > reset: > > spdm_reset(spdm_state); > > Unfortunately clearing "authenticated" in spdm_reset() is not an > option: > > Note that spdm_reset() is also called at the top of spdm_authenticate(). > > If the device was previously successfully authenticated and is now > re-authenticated successfully, clearing "authenticated" in spdm_reset() > would cause the flag to be briefly set to false, which may irritate > user space inspecting the sysfs attribute at just the wrong moment. That makes sense. Thanks. > > If the device was previously successfully authenticated and is > re-authenticated successfully, I want the "authenticated" attribute > to show "true" without any gaps. Hence it's only cleared at the end > of spdm_authenticate() if there was an error. > > I agree with all your other review feedback and have amended the > patch accordingly. Thanks a lot! > > Lukas >