Received: by 2002:ab2:6842:0:b0:1f9:713f:1f5d with SMTP id l2csp2496985lqp;
        Tue, 21 May 2024 16:00:10 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVt5W+fyNG064P/BSRKY1tE9qKRq+P60Xqym/t4+tu78Vnx9afgGND+L0GdcFBtgoxMMMbyYXIYpT/ZKFM9t4hjsM9QJ5vUXtsH87c8TQ==
X-Google-Smtp-Source: AGHT+IEcjgQNUYMsoigfqcdeh2up23A5nIY8huAbvhflj1Bq2+FM0E6hKC60MdO8Oy9Av9DnEGtO
X-Received: by 2002:a05:6808:a10:b0:3c7:3b1d:bb59 with SMTP id 5614622812f47-3cdb1cda2cfmr469343b6e.2.1716332410388;
        Tue, 21 May 2024 16:00:10 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716332410; cv=pass;
        d=google.com; s=arc-20160816;
        b=nvB+d4NNU/FRztXfrTb5jkCQ5IWVdlCZZeFoP586UNLlAnY+YdyoFpHRQmA/YTFugi
         x+3P5NhFoZ47TmL23fvmVynEZ0Az2zgw3isJ4YYWzet2vg2/d0udEmxL3omK5kYusC+n
         iKkZH9bQIMLJFPNaYyMohVrZD6SQr4BLMlpmoAvk1xNhQ/OADO1SRnf+5vCCqKYhULf2
         8RHauI7m0dm0n0SoZdvEAgc2m9Z0BYanQI3ySapdBL3zFT0cJnSBhphDgqgJrrJtk6eM
         MDxhOtdpkaPjAM/84LLDy7p7zsH6zbWuY5o+L1PVT80bUCavdzpj0jfI8Zd+kv/8i3Yw
         8Tcw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:references:from:subject:cc:to:message-id:date
         :content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:dkim-signature;
        bh=UzzMGw7A5+QBsVQy8H75n48NG+cmgGmLMsFK0F8FOzY=;
        fh=dC4CFANdd1N8L686h6amE6XZ5jIhz1oSM/WHsQmV3Y4=;
        b=dq0Ec/Tl7xH02m0MMsKdG7pdkX4PVB0UdzGr974ukAi/fizMKk9bNKjAj7ipGesxKu
         ZGuDOp3OnzWOY7Z/Ja00lGWed248CTuPyr2X5/uKeMsjZE+sUb8EDMQWEbwKj97lnyNw
         AnWPXsnfpi9kunbVvj9Ua9IJPUSJWSjuTRDcjdFVdDg2yQT9Nk8cggjNJ7VU2Osky2LZ
         ze9tkRvDzf1ohA/lBdgmyXHoSaJiaH3GMdUYIYZ8VbkyHJ02wnNrG9AKfGNo/cbS//N0
         uzL+ZBojFxqYv+agwGbQH70SVMz8YkdJsLd2pBuFGLEnoLW2TkqLzaqKRiCdQYD+eSuj
         Bigw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qNYTRCOy;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-crypto+bounces-4319-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4319-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto+bounces-4319-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id af79cd13be357-7948bc4d8bdsi395261885a.719.2024.05.21.16.00.10
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 May 2024 16:00:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-4319-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qNYTRCOy;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-crypto+bounces-4319-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4319-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0D1591C21BF9
	for <linux.lists.archive@gmail.com>; Tue, 21 May 2024 23:00:10 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 4A4B814A4C8;
	Tue, 21 May 2024 23:00:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qNYTRCOy"
X-Original-To: linux-crypto@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E74EA14A096;
	Tue, 21 May 2024 23:00:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716332403; cv=none; b=Qc82HpKyMgWLR3CdxNKi6B3uAuqy+n08G/iavWxRAwizMjuqp3n8bATCIfa5Zw6rOQ1rOniOTTG3coNuieLwgfhKeKJegwZFGoM4KFjJeymsSynJl9IZypABv/Cv4VlxZlAPLnDZa9UpsK3w/EdWH0WSMRrkCJkJCsw9qBiVj6s=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716332403; c=relaxed/simple;
	bh=iJA/F33R/LtZ4Uq9GOkWjVAyXoIG43uY1j5/qRey5p8=;
	h=Mime-Version:Content-Type:Date:Message-Id:To:Cc:Subject:From:
	 References:In-Reply-To; b=Th2043Z4su3YFnOjaDbORBHbkUK0D3M26mujJRR8eAvLrvV+XBqBMhjmdb+qn2iUXhJ8jPB4BPjCdsv2h6C+m2mJfUbUayzt0fX/Rqa6jXbU4ldcK+ifSp3jx0miM5PHU0fcXhmvKQCr5oUlIx1dZXNe4osX+YqfonS7aMz0tRQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qNYTRCOy; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 56DC9C2BD11;
	Tue, 21 May 2024 22:59:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1716332402;
	bh=iJA/F33R/LtZ4Uq9GOkWjVAyXoIG43uY1j5/qRey5p8=;
	h=Date:To:Cc:Subject:From:References:In-Reply-To:From;
	b=qNYTRCOyd10U8Dr2Tzw965mydVoF/OGlzzJ5W/HyNMqxVBkWDVFKqoZ7fksXI+LQB
	 mFEDpwCOG0p3F/8x+twrJZl5NPzq4k26K1y+SXj2Pozxb7kfirdV1PbuoPP/PK30QK
	 H68apjdPEGtqD1XzySMrxVzvx5KXtFRQeDlxzaoUJjc4LNwXArvNuU3ggro0D+JPZi
	 ySWzSgReIviOIq05uCA8Y0a1/COtseXeLrdAXZ7vCC05BdNmtZkmwQ/Ajep9Q8jib9
	 M3C7OAcBXd+VZ6O5+LWtvlSfB7tSIQgcYD5VHDy1BOa1F6SEZUJzVESvVagccF1v+g
	 LPYCZ+LEW55GA==
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Wed, 22 May 2024 01:59:56 +0300
Message-Id: <D1FP21Y7J8QO.7JCTW22LRSXF@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>, "James Bottomley"
 <James.Bottomley@HansenPartnership.com>, "David Howells"
 <dhowells@redhat.com>
Cc: "Herbert Xu" <herbert@gondor.apana.org.au>,
 <linux-integrity@vger.kernel.org>, <keyrings@vger.kernel.org>,
 <Andreas.Fuchs@infineon.com>, "James Prestwood" <prestwoj@gmail.com>,
 "David Woodhouse" <dwmw2@infradead.org>, "Eric Biggers"
 <ebiggers@kernel.org>, "David S. Miller" <davem@davemloft.net>, "open
 list:CRYPTO API" <linux-crypto@vger.kernel.org>, "open list"
 <linux-kernel@vger.kernel.org>, "Peter Huewe" <peterhuewe@gmx.de>, "Jason
 Gunthorpe" <jgg@ziepe.ca>, "Mimi Zohar" <zohar@linux.ibm.com>, "Paul Moore"
 <paul@paul-moore.com>, "James Morris" <jmorris@namei.org>, "Serge E.
 Hallyn" <serge@hallyn.com>, "open list:SECURITY SUBSYSTEM"
 <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v2 4/6] KEYS: trusted: Move tpm2_key_decode() to the TPM
 driver
From: "Jarkko Sakkinen" <jarkko@kernel.org>
X-Mailer: aerc 0.17.0
References: <D1FMVEJWGLEW.14QGHPAYPHQG1@kernel.org>
 <20240521031645.17008-1-jarkko@kernel.org>
 <20240521031645.17008-5-jarkko@kernel.org>
 <cc3d952f8295b52b052fbffe009b796ffb45707a.camel@HansenPartnership.com>
 <336755.1716327854@warthog.procyon.org.uk>
 <239a52eb5ed3a6c891382b63d08fe7b264850d38.camel@HansenPartnership.com>
 <D1FOQSFNZ794.23R2JV1SD8X8W@kernel.org>
In-Reply-To: <D1FOQSFNZ794.23R2JV1SD8X8W@kernel.org>

On Wed May 22, 2024 at 1:45 AM EEST, Jarkko Sakkinen wrote:
> On Wed May 22, 2024 at 12:59 AM EEST, James Bottomley wrote:
> > On Tue, 2024-05-21 at 22:44 +0100, David Howells wrote:
> > > Jarkko Sakkinen <jarkko@kernel.org> wrote:
> > >=20
> > > > On Tue May 21, 2024 at 9:18 PM EEST, James Bottomley wrote:
> > > > ...
> > > > You don't save a single byte of memory with any constant that
> > > > dictates the size requirements for multiple modules in two disjoint
> > > > subsystems.
> > >=20
> > > I think James is just suggesting you replace your limit argument with
> > > a constant not that you always allocate that amount of memory.
> >
> > Exactly.  All we use it for is the -E2BIG check to ensure user space
> > isn't allowed to run away with loads of kernel memory.
>
> Not true.
>
> It did return -EINVAL. This patch changes it to -E2BIG.
>
> >
> > > What the limit should be, OTOH, is up for discussion, but PAGE_SIZE
> > > seems not unreasonable.
> >
> > A page is fine currently (MAX_BLOB_SIZE is 512).  However, it may be
> > too small for some of the complex policies when they're introduced.=20
> > I'm not bothered about what it currently is, I just want it to be able
> > to be increased easily when the time comes.
>
> MAX_BLOB_SIZE would be used to cap key blob, not the policy.
>
> And you are ignoring it yourself too in the driver.

Obviously policy is part of the key blob i.e. expected value for that.

... but that does not reduce space requirements to rsa asymmetric keys.
It increases them but I think at this point 8192 is good starting point.
And it cap can be scaled later.

Being a parameter also allows to have even kernel-command line or sysfs
parameter and stuff like that. It is robust not a bad choice.

BR, Jarkko