Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1073018lqo; Fri, 17 May 2024 09:49:04 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXs1ABOCLFMEff/3g4Nhl8OAKlTet0EHeSkUiXfUdXOzQdDd+ntnZjmrMZonRpwuXKMuiVOMaDH/pYEsE5OjjJWsYFInSiu/5n1HRmhSw== X-Google-Smtp-Source: AGHT+IFCi2OrhKZ5nrlxAVSW5eiPKdhDSqctj+K4tUQepIXwPC5ZU9IIhcCQ8LMbyY4j6WDGJgA8 X-Received: by 2002:a17:907:130f:b0:a5c:df6b:a9b5 with SMTP id a640c23a62f3a-a5cdf6bade3mr414070466b.59.1715964544596; Fri, 17 May 2024 09:49:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715964544; cv=pass; d=google.com; s=arc-20160816; b=mezwVYK0cpipTRwAr+zUW44DvekRBKaH3bkjVOJKGAqJAYPWxh3KIfNBPy1B6eHHu1 UMaZedRnroWlU8FA/rv5fz+/fBzejSd+C6Gu/0LqO4wWQNCCPDGS4MlZo4eCtEEyheiU 9zZc3SKqTi34VzDC/4K7W16XIvbT1hJcREilX4zy/OLC5eBeJPdVmhm5t7jCp91AnD2l 6TB2k6xmdUAUKYM3xbUdGicxJlM79TqjQ/QwlIQCIggnJmEPjPZD7PS7AQ6c9ph6K9s8 o2DZrsd8SWCd6twzAcPvrieZCWyqrOfdm59drKyMI6NZDH+4pjiNTy8PJPNC83Kd81Tq uwyQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=MxOmvIDML8vJai217izTle4jgdJP1WMeSVbugmNPcM4=; fh=xZ4OIhalaEAAV1D50QCMit9x1yJ6QeXg0yzG63Si8eU=; b=vLBieIW8FSZZMLFmkGatn5H0e/mj0hwFb/MiGhtV4o0CGcheAAqLku+x0gz5POw7no j0xuXPFr7T6E/czcn8tERp1eU0thVTHiWI60RYjPPkiYZp8I/WqXvbXKCUcxOxOYrRcP 2yJFtQ2LhT+Oq5wn2uI9updXcSsMiV3BzNcqYAuxvHHBoyocWmmYO9IumbwCjjiFT+sO 8s3OM8K78AREoWpFM/vj1eyJU4qVSO+mFaXZBcJS9xHguzBeCJziC3Zl7wOBljq/J62Q GiPPlcFoC0ULEHPV9+rIGK1Y5xWF4Nl/IN1XC3ia5Gm791AIyYBKNt5fhQ1CdYnL06Zl tlsw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kDUJlkxZ; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4233-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4233-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a5a53fd7bd6si683047866b.349.2024.05.17.09.49.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 May 2024 09:49:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4233-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kDUJlkxZ; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4233-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4233-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 270FE1F24582 for ; Fri, 17 May 2024 16:49:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 39AB913D89B; Fri, 17 May 2024 16:48:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kDUJlkxZ" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF0A738DD6; Fri, 17 May 2024 16:48:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715964533; cv=none; b=gcK96rqsuVHCQSdPVyJRxYesLop7dGopXoWHhsbabq2QPCE974sPfuNzqKzPHpD1vHmolZXLomPud/zLxQ+dtAWmK+1Nh6dzNC68t0i7yFEwsn/QDa3NehcEF0ryZqDDxBnsmK0NntGlMpN1q++QbJqrTNcefj8PrY9CRRKaMe0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715964533; c=relaxed/simple; bh=UGkdLRqZ6n3b8m0rCAFb9FxggqgZvS7s7r5YjUFxV/s=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=HZy6oZMe8iaIC5oD/4jGdEbizuST+6zvtGpHSRXwjKD5ezLapWiIht+nt+acb+9YPXYLDoagrAG6Z16yuLkge6sT0QnzrxD7tkne5Sg97B2bLb/npWI3Y6VaWFj6ZjnKAjcTJrfs4LXq/hjXSOU/Bm7PR1wTZGc0jqchjtXCIsc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kDUJlkxZ; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3CD1EC2BD10; Fri, 17 May 2024 16:48:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1715964532; bh=UGkdLRqZ6n3b8m0rCAFb9FxggqgZvS7s7r5YjUFxV/s=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=kDUJlkxZiXqWz8DV3xX4JG+pjnQr7+gpM5367q5r2232f7PxD7E103JpoVL3dcb3v BPfHFX6Mq6AZhQxSPViM5+nCYxYK4uIYA1mMowSoqyjsX0OqHhejUttWRkJjfphQ/O QhKLOR0e2o4X2p4fE+OmYu4p8i2kWHouN4a5Uw9zAhKs10wuRfHjr6J3Aw+GIy3/6N tGSmod6sTDtm8RNx8dO/yILAY7u0vCcqsRRyRV028Ep8j5F0ZyutSZOj2N47GeFWpP bt9IOJtsIHf88gH3+Sf4j6GNDZCeaoB9+JrsM07P6Dvfdu06tT6h2KnxFAdwuD5Ehl 1S9Cso3tRTOpA== Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 17 May 2024 19:48:48 +0300 Message-Id: Cc: "Ard Biesheuvel" , "Linux Crypto Mailing List" , "Herbert Xu" , , , , Subject: Re: [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random() From: "Jarkko Sakkinen" To: =?utf-8?b?TsOtY29sYXMgRi4gUi4gQS4gUHJhZG8=?= , "James Bottomley" X-Mailer: aerc 0.17.0 References: <20240429202811.13643-1-James.Bottomley@HansenPartnership.com> <20240429202811.13643-19-James.Bottomley@HansenPartnership.com> <119dc5ed-f159-41be-9dda-1a056f29888d@notapiano> <0f68c283ff4bbb89b8a019d47891f798c6fff287.camel@HansenPartnership.com> <0d260c2f7a9f67ec8bd2305919636678d06000d1.camel@HansenPartnership.com> <66ec985f3ee229135bf748f1b0874d5367a74d7f.camel@HansenPartnership.com> In-Reply-To: On Fri May 17, 2024 at 7:22 PM EEST, N=C3=ADcolas F. R. A. Prado wrote: > On Fri, May 17, 2024 at 07:25:40AM -0700, James Bottomley wrote: > > On Fri, 2024-05-17 at 15:43 +0200, Ard Biesheuvel wrote: > > > On Fri, 17 May 2024 at 15:35, James Bottomley > > > wrote: > > [...] > > > > Thanks for the analysis.=C2=A0 If I look at how CRYPTO_ECC does it,= that > > > > selects CRYPTO_RNG_DEFAULT which pulls in CRYPTO_DRBG, so the fix > > > > would be the attached.=C2=A0 Does that look right to you Ard? > > >=20 > > > No it doesn't - it's CRYPTO_RNG_DEFAULT not CRYTPO_RNG_DEFAULT :-) > > >=20 > > > With that fixed, > > >=20 > > > Acked-by: Ard Biesheuvel > >=20 > > Erm, oops, sorry about that; so attached is the update. > >=20 > > James > >=20 > > ---8>8>8><8<8<8--- > >=20 > > From 2ac337a33e6416ef806e2c692b9239d193e8468f Mon Sep 17 00:00:00 2001 > > From: James Bottomley > > Date: Fri, 17 May 2024 06:29:31 -0700 > > Subject: [PATCH] tpm: Fix sessions cryptography requirement for Random = Numbers > > MIME-Version: 1.0 > > Content-Type: text/plain; charset=3DUTF-8 > > Content-Transfer-Encoding: 8bit > >=20 > > The ECDH code in tpm2-sessions.c requires an initial random number > > generator to generate the key pair. If the configuration doesn't have > > CONFIG_RNG_DEFAULT, it will try to pull this in as a module (which is > > impossible for the early kernel boot where the TPM starts). Fix this > > by selecting the required RNG. > >=20 > > Reported-by: N=C3=ADcolas F. R. A. Prado > > Fixes: 1b6d7f9eb150 ("tpm: add session encryption protection to tpm2_ge= t_random()") > > Acked-by: Ard Biesheuvel > > Signed-off-by: James Bottomley > > --- > > drivers/char/tpm/Kconfig | 1 + > > 1 file changed, 1 insertion(+) > >=20 > > diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig > > index 4f83ee7021d0..ecdd3db4be2b 100644 > > --- a/drivers/char/tpm/Kconfig > > +++ b/drivers/char/tpm/Kconfig > > @@ -31,6 +31,7 @@ config TCG_TPM2_HMAC > > bool "Use HMAC and encrypted transactions on the TPM bus" > > default y > > select CRYPTO_ECDH > > + select CRYPTO_RNG_DEFAULT > > select CRYPTO_LIB_AESCFB > > select CRYPTO_LIB_SHA256 > > help > > --=20 > > 2.35.3 > >=20 > >=20 > > Hi James, > > thanks for the patch. But I actually already had that config enabled buil= tin. I > also had ECDH and DRBG which have been suggested previously: > > CONFIG_CRYPTO_RNG_DEFAULT=3Dy > > CONFIG_CRYPTO_DRBG_MENU=3Dy > CONFIG_CRYPTO_DRBG_HMAC=3Dy > # CONFIG_CRYPTO_DRBG_HASH is not set > # CONFIG_CRYPTO_DRBG_CTR is not set > CONFIG_CRYPTO_DRBG=3Dy > > CONFIG_CRYPTO_ECDH=3Dy > > I've pasted my full config here: http://0x0.st/XPN_.txt > > Adding a debug print I see that the module that the code tries to load is > "crypto-hmac(sha512)". I would have expected to see=20 > > MODULE_ALIAS_CRYPTO("hmac(sha512)"); > > in crypto/drbg.c, but I don't see it anywhere in the tree. Maybe it is mi= ssing? 1. Bug fixes need to be submitted as described in https://www.kernel.org/doc/html/latest/process/submitting-patches.html 2. The patch is missing the transcript: https://lore.kernel.org/linux-integrity/D1BRZ60B9O5S.3NAT20QPQE6KH@kerne= l.org/ There's nothing to review at this point. > > Thanks, > N=C3=ADcolas BR, Jarkko