On Wed, 2018-10-24 at 02:48 +0300, Jarkko Sakkinen wrote:
> On Mon, 22 Oct 2018, James Bottomley wrote:
> > [...]
I'll tidy up the descriptions.
> These all sould be combined with the existing session stuff inside
> tpm2-cmd.c and not have duplicate infrastructures. The fil
On Wed, 2018-10-24 at 02:51 +0300, Jarkko Sakkinen wrote:
> I would consider sending first a patch set that would iterate the
> existing session stuff to be ready for this i.e. merge in two
> iterations (emphasis on the word "consider"). We can probably merge
> the groundwork quite fast.
I
On Mon, 2018-10-22 at 19:19 -0300, Ard Biesheuvel wrote:
[...]
> > +static void hmac_init(struct shash_desc *desc, u8 *key, int
> > keylen)
> > +{
> > + u8 pad[SHA256_BLOCK_SIZE];
> > + int i;
> > +
> > + desc->tfm = sha256_hash;
> > + desc->flags =
encryption. It also does policy unsealing which
mimics the more complex of the trusted key scenarios.
Signed-off-by: James Bottomley
---
v3: add policy unseal testing with two sessions
---
drivers/char/tpm/Makefile | 1 +
drivers/char/tpm/tpm-chip.c | 1 +
drivers/char/tpm
and the TPM can then run a
TPM2_Certify operation on this derived primary key using the newly
created AIK.
Signed-off-by: James Bottomley
---
drivers/char/tpm/tpm-sysfs.c | 27 ++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm-sysfs.c b
to get rid of this security hole.
Signed-off-by: James Bottomley
---
drivers/char/tpm/tpm2-cmd.c | 155
1 file changed, 98 insertions(+), 57 deletions(-)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 22f1c7bee173
If some entity is snooping the TPM bus, they can see the random
numbers we're extracting from the TPM and do prediction attacks
against their consumers. Foil this attack by using response
encryption to prevent the attacker from seeing the random sequence.
Signed-off-by: James Bottomley
---
v3
We use tpm2_pcr_extend() in trusted keys to extend a PCR to prevent a
key from being re-loaded until the next reboot. To use this
functionality securely, that extend must be protected by a session
hmac.
Signed-off-by: James Bottomley
---
v3: add error handling to sessions
---
drivers/char
remains for the kernel by using a kernel space to take
it out of the TPM when userspace wants to use it.
Signed-off-by: James Bottomley
---
v2: Added docbook and improved response check API
v3: Add readpublic, fix hmac length, add API for close on error
allow for the hmac session not being
This separates out the old tpm_buf_... handling functions from static
inlines into tpm.h and makes them their own tpm-buf.c file. It also
adds handling for tpm2b structures and also incremental pointer
advancing parsers.
Signed-off-by: James Bottomley
---
v2: added this patch to separate out
.
I've verified this using the test suite in the last patch on a VM
connected to a tpm2 emulator. I also instrumented the emulator to make
sure the sensitive data was properly encrypted.
James
---
James Bottomley (7):
tpm-buf: create new functions for handling TPM buffers
tpm2-sessions: Add
On October 21, 2018 9:58:04 AM GMT, Ard Biesheuvel
wrote:
>On 21 October 2018 at 10:07, James Bottomley
> wrote:
>> On Sun, 2018-10-21 at 09:05 +0200, Ard Biesheuvel wrote:
>>> (+ James)
>>
>> Thanks!
>>
>>> On 20 October 2
On Sun, 2018-10-21 at 09:05 +0200, Ard Biesheuvel wrote:
> (+ James)
Thanks!
> On 20 October 2018 at 01:01, Dmitry Eremin-Solenikov
> wrote:
> > crypto_cfb_decrypt_segment() incorrectly XOR'ed generated keystream
> > with
> > IV, rather than with data stream, resulting in incorrect
> >
On Tue, 2018-04-10 at 23:01 +0100, Martin Townsend wrote:
> Using openssl to get the signature in my x509 cert
>
> Signature Algorithm: sha256WithRSAEncryption
> 68:82:cc:5d:f9:ee:fb:1a:77:72:a6:a9:c6:4c:cc:d7:f6:2a:
> 17:a5:db:bf:5a:2b:8d:39:60:dc:a0:93:39:45:0f:bc:a7:e8:
>
On Mon, 2018-03-12 at 20:56 +0100, Stephan Mueller wrote:
> Am Montag, 12. März 2018, 19:09:18 CET schrieb James Bottomley:
>
> Hi James,
>
> >
> > On Mon, 2018-03-12 at 19:07 +0200, Tudor Ambarus wrote:
> > >
> > > Hi,
> > >
> > >
On Mon, 2018-03-12 at 19:07 +0200, Tudor Ambarus wrote:
> Hi,
>
> Would you consider using ECDSA in the kernel module signing facility?
> When compared with RSA, ECDSA has shorter keys, the key generation
> process is faster, the sign operation is faster, but the verify
> operation is slower than
On Mon, 2018-03-12 at 09:00 -0700, J Freyensee wrote:
> >
> > +int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal)
> > +{
> > + int rc;
> > +
> > + rc = __tpm_buf_init(buf);
>
>
> Assuming that functions like tpm_buf_init() are the top-level API
> being defined in this patch,
On Mon, 2018-03-12 at 12:58 +0200, Jarkko Sakkinen wrote:
> On Sat, 2018-03-10 at 14:13 -0800, James Bottomley wrote:
> >
> > By now, everybody knows we have a problem with the TPM2_RS_PW easy
> > button on TPM2 in that transactions on the TPM bus can be
> > intercepte
encryption. It also does policy unsealing which
mimics the more complex of the trusted key scenarios.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
v3: add policy unseal testing with two sessions
---
drivers/char/tpm/Makefile | 1 +
drivers/char/tpm/tpm-
to get rid of this security hole.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
drivers/char/tpm/tpm2-cmd.c | 156
1 file changed, 98 insertions(+), 58 deletions(-)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/driver
If some entity is snooping the TPM bus, they can see the random
numbers we're extracting from the TPM and do prediction attacks
against their consumers. Foil this attack by using response
encryption to prevent the attacker from seeing the random sequence.
Signed-off-by: James Bottomley
We use tpm2_pcr_extend() in trusted keys to extend a PCR to prevent a
key from being re-loaded until the next reboot. To use this
functionality securely, that extend must be protected by a session
hmac.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
v3: add
remains for the kernel by using a kernel space to take
it out of the TPM when userspace wants to use it.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
v2: Added docbook and improved response check API
v3: Add readpublic, fix hmac length, add API for close on
This separates out the old tpm_buf_... handling functions from static
inlines into tpm.h and makes them their own tpm-buf.c file. It also
adds handling for tpm2b structures and also incremental pointer
advancing parsers.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.
that comes with a policy, so the API will have to be extended to fix
that case
I've verified this using the test suite in the last patch on a VM
connected to a tpm2 emulator. I also instrumented the emulator to make
sure the sensitive data was properly encrypted.
James
---
James Bottomley (6):
tpm
On Sat, 2018-03-10 at 14:49 +0200, Jarkko Sakkinen wrote:
> On Wed, 2018-03-07 at 15:29 -0800, James Bottomley wrote:
> >
> > By now, everybody knows we have a problem with the TPM2_RS_PW easy
> > button on TPM2 in that transactions on the TPM bus can be
> > intercepte
ing that the same sealed data comes back again via
an HMAC and response encryption.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
drivers/char/tpm/Makefile | 1 +
drivers/char/tpm/tpm-chip.c | 1 +
drivers/char/tpm/tpm2-sessions-tes
We use tpm2_pcr_extend() in trusted keys to extend a PCR to prevent a
key from being re-loaded until the next reboot. To use this
functionality securely, that extend must be protected by a session
hmac.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
drivers/ch
remains for the kernel by using a kernel space to take
it out of the TPM when userspace wants to use it.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
v2: Added docbook and improved response check API
---
drivers/char/tpm/Kconfig |3 +
drivers/ch
This separates out the old tpm_buf_... handling functions from static
inlines into tpm.h and makes them their own tpm-buf.c file. It also
adds handling for tpm2b structures and also incremental pointer
advancing parsers.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.
file.
James
---
James Bottomley (5):
tpm-buf: create new functions for handling TPM buffers
tpm2-sessions: Add full HMAC and encrypt/decrypt session handling
tpm2: add hmac checks to tpm2_pcr_extend()
tpm2: add session encryption protection to tpm2_get_random()
tpm2-sessions
On Mon, 2018-03-05 at 07:04 -0700, Jason Gunthorpe wrote:
> On Fri, Mar 02, 2018 at 10:04:54PM -0800, James Bottomley wrote:
> >
> > By now, everybody knows we have a problem with the TPM2_RS_PW easy
> > button on TPM2 in that transactions on the TPM bus can be
> &
On Mon, 2018-03-05 at 13:35 +0200, Jarkko Sakkinen wrote:
> On Fri, Mar 02, 2018 at 10:06:15PM -0800, James Bottomley wrote:
> >
> > diff --git a/drivers/char/tpm/tpm2b.h b/drivers/char/tpm/tpm2b.h
> > new file mode 100644
> > index ..c7726f2895aa
> >
encryption.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
drivers/char/tpm/Makefile | 1 +
drivers/char/tpm/tpm-chip.c | 1 +
drivers/char/tpm/tpm2-sessions-test.c | 178 ++
3 files changed, 180 insertions(+)
remains for the kernel by using a kernel space to take
it out of the TPM when userspace wants to use it.
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
drivers/char/tpm/Kconfig | 3 +
drivers/char/tpm/Makefile| 2 +-
drivers/char/tpm
handling and add the Cipher
FeedBack encryption scheme:
https://marc.info/?l=linux-crypto-vger=151994371015475
---
James Bottomley (2):
tpm2-sessions: Add full HMAC and encrypt/decrypt session handling
tpm2-sessions: NOT FOR COMMITTING add sessions testing
drivers/char/tpm/Kconfig
Apparently the ecdh use case was in bluetooth which always has single
element scatterlists, so the ecdh module was hard coded to expect
them. Now we're using this in TPM, we need multi-element
scatterlists, so remove this limitation.
Signed-off-by: James Bottomley <james.bot
into the plain text to get the final
ciphertext.
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB
Signed-off-by: James Bottomley <james.bottom...@hansenpartnership.com>
---
crypto/Kconfig | 8 ++
crypto/Makefile | 1 +
crypto/cfb.c
of the scatterlist is hard coded to 1 which causes a
kernel BUG if you use a longer scatterlist. Since all the current
kernel consumers use a single element scatterlist, this bug won't
manifest until we add the TPM routines to use crypto, so I didn't mark
it for stable.
James Bottomley (2):
crypto
On Thu, 2013-09-26 at 08:24 +0200, Jiri Kosina wrote:
On Wed, 25 Sep 2013, James Bottomley wrote:
I don't get this. Why is it important that current kernel can't
recreate the signature?
The thread model is an attack on the saved information (i.e. the suspend
image) between it being
On Wed, 2013-09-25 at 17:25 -0400, Alan Stern wrote:
On Wed, 25 Sep 2013, David Howells wrote:
I have pushed some keyrings patches that will likely affect this to:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-devel
I intend to ask James to
On Thu, 2013-09-26 at 02:27 +0200, Pavel Machek wrote:
On Wed 2013-09-25 15:16:54, James Bottomley wrote:
On Wed, 2013-09-25 at 17:25 -0400, Alan Stern wrote:
On Wed, 25 Sep 2013, David Howells wrote:
I have pushed some keyrings patches that will likely affect
42 matches
Mail list logo