Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1450266lqo; Sat, 18 May 2024 03:56:54 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVfGUBpWROYt3UCheCnS8E7AZGK7zG39+7PDzlpKWxd0sgR7sgSDpnK8q8bqTao3xIO2Dll4T6XRmmmDrYhPP8H0fVM8pVVeSoMO0RRuQ== X-Google-Smtp-Source: AGHT+IF7K/nOK8we8IQRbdGreu5ioo78kjqmVQF15eBwRq8bQhKxeqqxmyhBYpA3gsUfnrTSQugn X-Received: by 2002:a05:6214:5890:b0:6a0:c982:e1ac with SMTP id 6a1803df08f44-6a16825646emr278927196d6.63.1716029814159; Sat, 18 May 2024 03:56:54 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716029814; cv=pass; d=google.com; s=arc-20160816; b=E/j/xRszKVWSUZI3NKeZiqW9JakoObyW52RUmKyvpMGmjLG7U0phPPAxrVCpYHTGLO sYWvJ4Ay3zE1uaZmAug0DimoCtf9fMN9IAZgayGdz1upSasTslgjf+wVZ7qvKkmIUZEz 2ASdHyRpDr6roFqu6Tr7evjPLEum8c96AXpTC7PflWdKml3gjy6wF7mcysv7mFuo7mDs nGJxW9RenIcsbf6pgAVmLdEhgOm6hvByySJKUE6yravTRPK2PXRF/rIG00b44v9HPRTT EUE3CjPIxHpnthNtoUlwxpAFHyyh3J+asMpBmIvnZO9wHcY5CR06Dr5jt75JiwU+hjr6 bwrg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:from:subject:cc:to:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=Sj9RshxdGHgv57ceWh7Q9LDqguChnPv7cTAk0+xCz3Q=; fh=fVR5PweIFsiNDekp1ViwJMwg+BXejVNNcOrrBk2eF4I=; b=fqaaeb+NtRM0gSqN59o6FgdiXIvkIVMQqHOc0G4ZmtdLTkhTwnpPUhXCuUT/2HWpax GNd4IzeDfz7JtLTEu95mCAsKCGMt/bc+3QUaVqgkqdekocZyj2mwE+o4di7i2DZimYub JoOMg83F8c8CgPmdfhIzvkMJ/irFNWzzSjnU8fSDA4KIHdz/50RRcYQB6+vLIoJb96XR odGBJHNEMBiHe6hUhfcUBOcI9MJRfv6Yx/lli+W4dNhfRrdlszFBKN/uxJIewpLQbr85 vnFLzQqiVPQSBGHj+fQuPwSWloZjfcCf+e4pypPCojzOPV4YKltsTP7MwSP7vdIVnRyz seXw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="U/IJ2yD5"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4237-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4237-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d75a77b69052e-43df566fb8dsi213948631cf.365.2024.05.18.03.56.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 03:56:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4237-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="U/IJ2yD5"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4237-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4237-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D0F761C20E31 for ; Sat, 18 May 2024 10:56:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5208F22071; Sat, 18 May 2024 10:56:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="U/IJ2yD5" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0158914A9D; Sat, 18 May 2024 10:56:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716029809; cv=none; b=gH7LzFPxH7FBDd15PD3xQvb/KCoqn1Oh2nqZ5YU2yb/3TtN3xEEHKENWSJvPSxfVXpZ5liHvhg6J1bFNuV/R0+drnyUrwqMWP7C7rbVP/M75LMODOiYhRHh0oyV6DlApcxjfIU6OMOcKffK2Fltj7ZFElw7H5b+KpLdd02969pA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716029809; c=relaxed/simple; bh=MqvPdrBURHBn30SfZ0XaRXnTniJYhYM73WWqxybnAJc=; h=Mime-Version:Content-Type:Date:Message-Id:To:Cc:Subject:From: References:In-Reply-To; b=jmBPNw2NbeFqOqxCeT8kVnydyaw/Ool4ghItnsZX83LiBCWnWee98L7axs5fiKqzUjiCIyzqs01B4M63dYPiSDx9P1EubOX/dAxthRoMLLQ27YqOG89ImSIQwgPPlyAXtYl4M3gfNNlibvqUkqEX3Ywt6xuZ0GMuyILb2ipq//s= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=U/IJ2yD5; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 753C6C113CC; Sat, 18 May 2024 10:56:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716029808; bh=MqvPdrBURHBn30SfZ0XaRXnTniJYhYM73WWqxybnAJc=; h=Date:To:Cc:Subject:From:References:In-Reply-To:From; b=U/IJ2yD5ds6OBlnxnL1kzlMaJj5PrR6+iKIOdV5mPVTcEFBlKXV9oGs+iVxCD12Zw 8uh29tawsSMHKtBkqZPT7991GlwPnJtTnlljf857tEOPkZBqMnJ8VZUkJvPiDufhZw YwfEjqQ4xzQntMHKeoLcy9lj/u7sAvhwKj5UVGbSc9er/Ot6XwjCeUdqBBBYM8udqs 56+z6BpFiaKF0JTfRGazQujXoxawn2yCdNxK7or5XOgXBYlIUt+sF7T2/6CCqTM65i EH3CiaCvKolS2dVYQ9drQsu52lamBgoqai/alm7iw0PUbG+vUOdFlUoZEFG5itSWuV FBe7YBD+E65YA== Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 18 May 2024 13:56:44 +0300 Message-Id: To: "Eric Biggers" Cc: =?utf-8?b?TsOtY29sYXMgRi4gUi4gQS4gUHJhZG8=?= , "James Bottomley" , "Ard Biesheuvel" , "Linux Crypto Mailing List" , "Herbert Xu" , , , , Subject: Re: [PATCH v8 18/22] tpm: add session encryption protection to tpm2_get_random() From: "Jarkko Sakkinen" X-Mailer: aerc 0.17.0 References: <20240429202811.13643-1-James.Bottomley@HansenPartnership.com> <20240429202811.13643-19-James.Bottomley@HansenPartnership.com> <119dc5ed-f159-41be-9dda-1a056f29888d@notapiano> <0f68c283ff4bbb89b8a019d47891f798c6fff287.camel@HansenPartnership.com> <0d260c2f7a9f67ec8bd2305919636678d06000d1.camel@HansenPartnership.com> <66ec985f3ee229135bf748f1b0874d5367a74d7f.camel@HansenPartnership.com> <20240518043115.GA53815@sol.localdomain> In-Reply-To: <20240518043115.GA53815@sol.localdomain> On Sat May 18, 2024 at 7:31 AM EEST, Eric Biggers wrote: > This is "normal" behavior when the crypto API instantiates a template: > > 1. drbg.c asks for "hmac(sha512)" > > 2. The crypto API looks for a direct implementation of "hmac(sha512)"= . > This includes requesting a module with alias "crypto-hmac(sha512)"= . > > 3. If none is found, the "hmac" template is instantiated instead. > > There are two possible fixes for the bug. Either fix ecc_gen_privkey() t= o just > use get_random_bytes() instead of the weird crypto API RNG, or make > drbg_init_hash_kernel() pass the CRYPTO_NOLOAD flag to crypto_alloc_shash= (). > > Or if the TPM driver could be changed to not need to generate an ECC priv= ate key > at probe time, that would also avoid this problem. Issues: - IMA extends PCR's. This requires encrypted communications path. - HWRNG uses auth session (see tpm2_get_radom()). - TPM trusted keys Null key is required before any other legit use in initialization. Even something like=20 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -36,6 +36,8 @@ config TCG_TPM2_HMAC bool "Use HMAC and encrypted transactions on the TPM bus" default y + select CRYPTO_DRBG select CRYPTO_ECDH + select CRYPTO_HMAC + select CRYPTO_SHA512 select CRYPTO_LIB_AESCFB select CRYPTO_LIB_SHA256 help would be more decent. > > - Eric BR, Jarkko