From: Pankaj Gupta <pankaj.gupta@nxp.com>
To: Ben Boeckel <me@benboeckel.net>
Cc: "jarkko@kernel.org" <jarkko@kernel.org>,
"a.fatoum@pengutronix.de" <a.fatoum@pengutronix.de>,
"Jason@zx2c4.com" <Jason@zx2c4.com>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"sumit.garg@linaro.org" <sumit.garg@linaro.org>,
"david@sigma-star.at" <david@sigma-star.at>,
"michael@walle.cc" <michael@walle.cc>,
"john.ernberg@actia.se" <john.ernberg@actia.se>,
"jmorris@namei.org" <jmorris@namei.org>,
"serge@hallyn.com" <serge@hallyn.com>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"davem@davemloft.net" <davem@davemloft.net>,
"j.luebbe@pengutronix.de" <j.luebbe@pengutronix.de>,
"ebiggers@kernel.org" <ebiggers@kernel.org>,
"richard@nod.at" <richard@nod.at>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
Sahil Malhotra <sahil.malhotra@nxp.com>,
Kshitiz Varshney <kshitiz.varshney@nxp.com>,
Horia Geanta <horia.geanta@nxp.com>,
Varun Sethi <V.Sethi@nxp.com>
Subject: RE: [EXT] Re: [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added
Date: Wed, 7 Sep 2022 07:22:51 +0000 [thread overview]
Message-ID: <DU2PR04MB86303F82A10F5989DE0A0F7395419@DU2PR04MB8630.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <YxdEsCmQIwi7VSuv@farprobe>
> -----Original Message-----
> From: Ben Boeckel <me@benboeckel.net>
> Sent: Tuesday, September 6, 2022 6:32 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: jarkko@kernel.org; a.fatoum@pengutronix.de; Jason@zx2c4.com;
> jejb@linux.ibm.com; zohar@linux.ibm.com; dhowells@redhat.com;
> sumit.garg@linaro.org; david@sigma-star.at; michael@walle.cc;
> john.ernberg@actia.se; jmorris@namei.org; serge@hallyn.com;
> herbert@gondor.apana.org.au; davem@davemloft.net;
> j.luebbe@pengutronix.de; ebiggers@kernel.org; richard@nod.at;
> keyrings@vger.kernel.org; linux-crypto@vger.kernel.org; linux-
> integrity@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security-
> module@vger.kernel.org; Sahil Malhotra <sahil.malhotra@nxp.com>; Kshitiz
> Varshney <kshitiz.varshney@nxp.com>; Horia Geanta
> <horia.geanta@nxp.com>; Varun Sethi <V.Sethi@nxp.com>
> Subject: [EXT] Re: [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option
> added
>
> Caution: EXT Email
>
> On Tue, Sep 06, 2022 at 12:21:50 +0530, Pankaj Gupta wrote:
> > Two changes are done:
> > - new cmd line option "hw" needs to be suffix, to generate the
> > hw bound key.
> > for ex:
> > $:> keyctl add trusted <KEYNAME> 'new 32 hw' @s
> > $:> keyctl add trusted <KEYNAME> 'load $(cat <KEY_BLOB_FILE_NAME>)
> > hw' @s
> >
> > - For "new", generating the hw bounded trusted key, updating the input
> key
> > length as part of seal operation as well.
> >
> > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> > ---
> > include/keys/trusted-type.h | 2 ++
> > security/keys/trusted-keys/trusted_caam.c | 6 ++++++
> > security/keys/trusted-keys/trusted_core.c | 14 ++++++++++++++
> > 3 files changed, 22 insertions(+)
> >
> > diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
> > index 4eb64548a74f..064266b936c7 100644
> > --- a/include/keys/trusted-type.h
> > +++ b/include/keys/trusted-type.h
> > @@ -22,6 +22,7 @@
> > #define MAX_BLOB_SIZE 512
> > #define MAX_PCRINFO_SIZE 64
> > #define MAX_DIGEST_SIZE 64
> > +#define HW_BOUND_KEY 1
> >
> > struct trusted_key_payload {
> > struct rcu_head rcu;
> > @@ -29,6 +30,7 @@ struct trusted_key_payload {
> > unsigned int blob_len;
> > unsigned char migratable;
> > unsigned char old_format;
> > + unsigned char is_hw_bound;
> > unsigned char key[MAX_KEY_SIZE + 1];
> > unsigned char blob[MAX_BLOB_SIZE]; }; diff --git
> > a/security/keys/trusted-keys/trusted_caam.c
> > b/security/keys/trusted-keys/trusted_caam.c
> > index e3415c520c0a..fceb9a271c4d 100644
> > --- a/security/keys/trusted-keys/trusted_caam.c
> > +++ b/security/keys/trusted-keys/trusted_caam.c
> > @@ -1,6 +1,7 @@
> > // SPDX-License-Identifier: GPL-2.0-only
> > /*
> > * Copyright (C) 2021 Pengutronix, Ahmad Fatoum
> > <kernel@pengutronix.de>
> > + * Copyright 2022 NXP, Pankaj Gupta <pankaj.gupta@nxp.com>
> > */
> >
> > #include <keys/trusted_caam.h>
> > @@ -23,6 +24,7 @@ static int trusted_caam_seal(struct
> trusted_key_payload *p, char *datablob)
> > .input = p->key, .input_len = p->key_len,
> > .output = p->blob, .output_len = MAX_BLOB_SIZE,
> > .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
> > + .is_hw_bound = p->is_hw_bound,
> > };
> >
> > ret = caam_encap_blob(blobifier, &info); @@ -30,6 +32,9 @@
> > static int trusted_caam_seal(struct trusted_key_payload *p, char
> *datablob)
> > return ret;
> >
> > p->blob_len = info.output_len;
> > + if (p->is_hw_bound)
> > + p->key_len = info.input_len;
> > +
> > return 0;
> > }
> >
> > @@ -40,6 +45,7 @@ static int trusted_caam_unseal(struct
> trusted_key_payload *p, char *datablob)
> > .input = p->blob, .input_len = p->blob_len,
> > .output = p->key, .output_len = MAX_KEY_SIZE,
> > .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
> > + .is_hw_bound = p->is_hw_bound,
> > };
> >
> > ret = caam_decap_blob(blobifier, &info); diff --git
> > a/security/keys/trusted-keys/trusted_core.c
> > b/security/keys/trusted-keys/trusted_core.c
> > index c6fc50d67214..7f7cc2551b92 100644
> > --- a/security/keys/trusted-keys/trusted_core.c
> > +++ b/security/keys/trusted-keys/trusted_core.c
> > @@ -79,6 +79,8 @@ static int datablob_parse(char **datablob, struct
> trusted_key_payload *p)
> > int key_cmd;
> > char *c;
> >
> > + p->is_hw_bound = !HW_BOUND_KEY;
>
> This seems…backwards to me.
>
Initialized it to be a plain key & not a HW bounded key.
> > @@ -94,6 +96,12 @@ static int datablob_parse(char **datablob, struct
> trusted_key_payload *p)
> > if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE)
> > return -EINVAL;
> > p->key_len = keylen;
> > + /* second argument is to determine if tied to HW */
> > + c = strsep(datablob, " \t");
> > + if (c) {
> > + if (strcmp(c, "hw") == 0)
> > + p->is_hw_bound = HW_BOUND_KEY;
> > + }
>
> Userspace documentation is missing for this new field. Must it always be
> second or is it "any following argument"? For example, let's say we have
> another flag like this for "FIPS" (or whatever). It'd be nice if these all worked:
>
> 'new 32 fips hw'
> 'new 32 fips'
> 'new 32 hw fips'
> 'new 32 hw'
>
Will consider this, in the next version of this patch set.
> > @@ -107,6 +115,12 @@ static int datablob_parse(char **datablob, struct
> trusted_key_payload *p)
> > ret = hex2bin(p->blob, c, p->blob_len);
> > if (ret < 0)
> > return -EINVAL;
> > + /* second argument is to determine if tied to HW */
> > + c = strsep(datablob, " \t");
> > + if (c) {
> > + if (strcmp(c, "hw") == 0)
> > + p->is_hw_bound = HW_BOUND_KEY;
> > + }
>
> Same here.
>
> --Ben
next prev parent reply other threads:[~2022-09-07 7:23 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-06 6:51 [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added Pankaj Gupta
2022-09-06 13:01 ` Ben Boeckel
2022-09-07 7:22 ` Pankaj Gupta [this message]
2022-09-06 6:51 ` [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to the tfm Pankaj Gupta
2022-09-06 6:43 ` Herbert Xu
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 7:26 ` Herbert Xu
2022-09-07 9:58 ` Pankaj Gupta
2022-09-07 10:10 ` Herbert Xu
2022-09-12 17:19 ` Varun Sethi
2022-09-13 2:05 ` Herbert Xu
2022-09-13 10:01 ` Varun Sethi
2022-09-13 10:28 ` Herbert Xu
2022-09-21 11:07 ` Varun Sethi
2022-09-06 6:51 ` [RFC PATCH HBK: 3/8] sk_cipher: checking for hw bound operation Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 4/8] keys-trusted: re-factored caam based trusted key Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 5/8] caam blob-gen: moving blob_priv to caam_drv_private Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 6/8] KEYS: trusted: caam based black key Pankaj Gupta
2022-09-06 13:03 ` Ben Boeckel
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 7/8] caam alg: symmetric key ciphers are updated Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 8/8] dm-crypt: consumer-app setting the flag-is_hbk Pankaj Gupta
2022-09-06 7:12 ` [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Michael Walle
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 7:29 ` Michael Walle
2022-09-07 7:46 ` [EXT] " David Gstir
2022-09-07 8:11 ` Michael Walle
2022-09-07 9:57 ` Pankaj Gupta
2022-09-06 8:58 ` Jarkko Sakkinen
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 8:10 ` Jan Lübbe
2022-09-07 9:57 ` Pankaj Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DU2PR04MB86303F82A10F5989DE0A0F7395419@DU2PR04MB8630.eurprd04.prod.outlook.com \
--to=pankaj.gupta@nxp.com \
--cc=Jason@zx2c4.com \
--cc=V.Sethi@nxp.com \
--cc=a.fatoum@pengutronix.de \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=john.ernberg@actia.se \
--cc=keyrings@vger.kernel.org \
--cc=kshitiz.varshney@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=me@benboeckel.net \
--cc=michael@walle.cc \
--cc=richard@nod.at \
--cc=sahil.malhotra@nxp.com \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).