From: David Safford <safford@watson.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@linux-nfs.org,
linux-crypto@vger.kernel.org,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
James Morris <jmorris@namei.org>,
Rajiv Andrade <srajiv@linux.vnet.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH v1.3 3/4] keys: add new trusted key-type
Date: Fri, 12 Nov 2010 12:39:52 -0500 [thread overview]
Message-ID: <1289583592.4341.58.camel@localhost.localdomain> (raw)
In-Reply-To: <24801.1289580779@redhat.com>
On Fri, 2010-11-12 at 16:52 +0000, David Howells wrote:
> Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
Again, thanks for the detailed review!
Willdo on all suggestions with a couple of comments/questions:
> > +#define TPM_MAX_BUF_SIZE 512
> > +#define TPM_TAG_RQU_COMMAND 193
> > +#define TPM_TAG_RQU_AUTH1_COMMAND 194
> > +#define TPM_TAG_RQU_AUTH2_COMMAND 195
> > +#define TPM_TAG_RSP_COMMAND 196
> > +#define TPM_TAG_RSP_AUTH1_COMMAND 197
> > +#define TPM_TAG_RSP_AUTH2_COMMAND 198
> > +#define TPM_NONCE_SIZE 20
> > +#define TPM_HASH_SIZE 20
> > +#define TPM_SIZE_OFFSET 2
> > +#define TPM_RETURN_OFFSET 6
> > +#define TPM_DATA_OFFSET 10
> > +#define TPM_U32_SIZE 4
> > +#define TPM_GETRANDOM_SIZE 14
> > +#define TPM_GETRANDOM_RETURN 14
> > +#define TPM_ORD_GETRANDOM 70
> > +#define TPM_RESET_SIZE 10
> > +#define TPM_ORD_RESET 90
> > +#define TPM_OSAP_SIZE 36
> > +#define TPM_ORD_OSAP 11
> > +#define TPM_OIAP_SIZE 10
> > +#define TPM_ORD_OIAP 10
> > +#define TPM_SEAL_SIZE 87
> > +#define TPM_ORD_SEAL 23
> > +#define TPM_ORD_UNSEAL 24
> > +#define TPM_UNSEAL_SIZE 104
> > +#define SEALKEYTYPE 1
> > +#define SRKKEYTYPE 4
> > +#define SRKHANDLE 0x40000000
> > +#define TPM_ANY_NUM 0xFFFF
> > +#define MAX_PCRINFO_SIZE 64
>
> I suspect some of these should be in somewhere like linux/tpm.h rather than
> here. They're specific to TPM access not TPM key management.
Most of them are not already defined in tpm.h, as they are never used
there, but you are right, some are generic. I'll double check these..
> > +#define TPM_DEBUG 0
>
> The TPM_DEBUG stuff should probably be in the directory with the sources, not
> in a directory for others to include.
Maybe some confusion here - trusted_defined.h is in the sources - only
trusted-type.h is public in include/keys/.
> > +#if TPM_DEBUG
> > +static inline void dump_options(struct trusted_key_options *o)
> > +{
> > + pr_info("trusted_key: sealing key type %d\n", o->keytype);
> > + pr_info("trusted_key: sealing key handle %0X\n", o->keyhandle);
> > + pr_info("trusted_key: pcrlock %d\n", o->pcrlock);
> > + pr_info("trusted_key: pcrinfo %d\n", o->pcrinfo_len);
> > + print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
> > + 16, 1, o->pcrinfo, o->pcrinfo_len, 0);
> > +}
> > +
...
> > +
> > +static inline void store16(struct tpm_buf *buf, uint16_t value)
> > +{
> > + *(uint16_t *) & buf->data[buf->len] = htons(value);
> > + buf->len += sizeof(value);
> > +}
> > +
> > +static inline void store32(struct tpm_buf *buf, uint32_t value)
> > +{
> > + *(uint32_t *) & buf->data[buf->len] = htonl(value);
> > + buf->len += sizeof(value);
> > +}
> > +
> > +static inline void storebytes(struct tpm_buf *buf, unsigned char *in, int len)
> > +{
> > + memcpy(buf->data + buf->len, in, len);
> > + buf->len += len;
> > +}
>
> Also these look like internal functions which shouldn't be in the global
> headers.
This is in trusted_defined.h, which is with sources, not in
include/keys/
thanks!
dave
next prev parent reply other threads:[~2010-11-12 17:40 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-10 15:51 [PATCH v1.3 0/4] keys: trusted and encrypted keys Mimi Zohar
2010-11-10 15:51 ` [PATCH v1.3 1/4] lib: hex2bin converts ascii hexadecimal string to binary Mimi Zohar
2010-11-10 15:51 ` [PATCH v1.3 2/4] key: add tpm_send command Mimi Zohar
2010-11-10 15:51 ` [PATCH v1.3 3/4] keys: add new trusted key-type Mimi Zohar
2010-11-10 15:51 ` [PATCH v1.3 4/4] keys: add new key-type encrypted Mimi Zohar
2010-11-11 19:48 ` [PATCH v1.3 1/4] lib: hex2bin converts ascii hexadecimal string to binary David Howells
2010-11-11 22:23 ` Mimi Zohar
2010-11-11 19:48 ` [PATCH v1.3 2/4] key: add tpm_send command David Howells
2010-11-11 22:25 ` Mimi Zohar
2010-11-12 14:11 ` David Howells
2010-11-12 14:48 ` David Safford
2010-11-12 21:24 ` Rajiv Andrade
2010-11-12 22:06 ` David Safford
2010-11-12 22:11 ` David Howells
2010-11-17 13:12 ` Rajiv Andrade
2010-11-11 21:57 ` [PATCH v1.3 3/4] keys: add new trusted key-type David Howells
2010-11-12 12:58 ` David Safford
2010-11-12 16:52 ` David Howells
2010-11-12 17:39 ` David Safford [this message]
2010-11-12 18:36 ` David Howells
2010-11-12 19:45 ` [PATCH v1.3 4/4] keys: add new key-type encrypted David Howells
2010-11-12 21:02 ` Mimi Zohar
2010-11-12 21:23 ` David Howells
2010-11-14 0:33 ` Mimi Zohar
2010-11-15 16:18 ` David Howells
2010-11-15 19:35 ` Mimi Zohar
2010-11-16 14:08 ` David Howells
2010-11-16 14:38 ` Mimi Zohar
2010-11-16 17:50 ` David Howells
2010-11-16 18:54 ` Mimi Zohar
2010-11-16 18:58 ` David Howells
2010-11-16 20:43 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1289583592.4341.58.camel@localhost.localdomain \
--to=safford@watson.ibm.com \
--cc=dhowells@redhat.com \
--cc=jgunthorpe@obsidianresearch.com \
--cc=jmorris@namei.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=srajiv@linux.vnet.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.