From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
linux-integrity <linux-integrity@vger.kernel.org>,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Subject: Re: [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling
Date: Wed, 24 Oct 2018 11:40:49 +0300 (EEST) [thread overview]
Message-ID: <alpine.DEB.2.21.1810241137400.3525@jsakkine-mobl1> (raw)
In-Reply-To: <CAKv+Gu8T8yGEu2GWWKzLXR=wgd=mYHcTYLrD69_zpaddQK3Zxw@mail.gmail.com>
On Tue, 23 Oct 2018, Ard Biesheuvel wrote:
> On 23 October 2018 at 04:01, James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
>> On Mon, 2018-10-22 at 19:19 -0300, Ard Biesheuvel wrote:
>> [...]
>>>> +static void hmac_init(struct shash_desc *desc, u8 *key, int
>>>> keylen)
>>>> +{
>>>> + u8 pad[SHA256_BLOCK_SIZE];
>>>> + int i;
>>>> +
>>>> + desc->tfm = sha256_hash;
>>>> + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
>>>
>>> I don't think this actually does anything in the shash API
>>> implementation, so you can drop this.
>>
>> OK, I find crypto somewhat hard to follow. There were bits I had to
>> understand, like when I wrote the CFB implementation or when I fixed
>> the ECDH scatterlist handling, but I've got to confess, in time
>> honoured tradition I simply copied this from EVM crypto without
>> actually digging into the code to understand why.
>>
>
> Yeah, it is notoriously hard to use, and we should try to improve that.
James,
I would hope (already said in my review) to use longer than one
character variable names for most of the stuff. I did not quite
understand why you decided to use 'counter' for obvious counter
variable and one character names for non-obvious stuff :-)
I'm not sure where the 'encoded' exactly comes in the variable
name 'encoded_key' especially in the context of these cryptic
names.
/Jarkko
next prev parent reply other threads:[~2018-10-24 8:40 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-22 7:33 [PATCH v4 0/7] add integrity and security to TPM2 transactions James Bottomley
2018-10-22 7:35 ` [PATCH v4 1/7] tpm-buf: create new functions for handling TPM buffers James Bottomley
2018-10-23 19:12 ` Jarkko Sakkinen
2018-10-23 19:16 ` Jarkko Sakkinen
2018-10-22 7:36 ` [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling James Bottomley
2018-10-22 22:19 ` Ard Biesheuvel
2018-10-23 7:01 ` James Bottomley
2018-10-23 10:08 ` Ard Biesheuvel
2018-10-24 8:40 ` Jarkko Sakkinen [this message]
2018-10-23 23:48 ` Jarkko Sakkinen
2018-10-24 9:31 ` James Bottomley
2018-10-25 15:56 ` Jarkko Sakkinen
2018-10-22 7:37 ` [PATCH v4 3/7] tpm2: add hmac checks to tpm2_pcr_extend() James Bottomley
2018-10-22 7:37 ` [PATCH v4 4/7] tpm2: add session encryption protection to tpm2_get_random() James Bottomley
2018-10-22 7:38 ` [PATCH v4 5/7] trusted keys: Add session encryption protection to the seal/unseal path James Bottomley
2018-10-24 0:03 ` Jarkko Sakkinen
2018-10-22 7:39 ` [PATCH v4 6/7] tpm: add the null key name as a tpm2 sysfs variable James Bottomley
2018-10-22 7:40 ` [PATCH v4 7/7] tpm2-sessions: NOT FOR COMMITTING add sessions testing James Bottomley
2018-10-22 13:53 ` [PATCH v4 0/7] add integrity and security to TPM2 transactions Ken Goldman
2018-10-22 14:18 ` James Bottomley
2018-10-22 15:50 ` Ken Goldman
2018-10-22 15:55 ` James Bottomley
2018-10-24 0:13 ` Jarkko Sakkinen
2018-10-24 7:41 ` James Bottomley
2018-10-25 15:39 ` Jarkko Sakkinen
2018-10-24 0:06 ` Jarkko Sakkinen
2018-10-24 7:34 ` James Bottomley
2018-10-25 16:53 ` Ken Goldman
2018-10-23 23:51 ` Jarkko Sakkinen
2018-10-24 7:43 ` James Bottomley
2018-10-25 15:42 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.1810241137400.3525@jsakkine-mobl1 \
--to=jarkko.sakkinen@linux.intel.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ard.biesheuvel@linaro.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).