| Message ID | 20200217093649.97938-2-tianjia.zhang@linux.alibaba.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2,1/2] crypto: fix mismatched hash algorithm name sm3-256 to sm3 | expand |
On Mon, 2020-02-17 at 17:36 +0800, Tianjia Zhang wrote: > The name sm3-256 is defined in hash_algo_name in hash_info, but the > algorithm name implemented in sm3_generic.c is sm3, which will cause > the sm3-256 algorithm to be not found in some application scenarios of > the hash algorithm, and an ENOENT error will occur. For example, > IMA, keys, and other subsystems that reference hash_algo_name all use > the hash algorithm of sm3. > > According to https://tools.ietf.org/id/draft-oscca-cfrg-sm3-01.html, > SM3 always produces a 256-bit hash value and there are no plans for > other length development, so there is no ambiguity in the name of sm3. > > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> The previous version of this patch set is queued in the next- integrity-testing branch. That version of this patch didn't change TPM_ALG_SM3_256. Unless the TPM standard was modified, the TPM spec refers to it as TPM_ALG_SM3_256. Has that changed? Mimi
On 2020/2/18 9:33, Mimi Zohar wrote: > On Mon, 2020-02-17 at 17:36 +0800, Tianjia Zhang wrote: >> The name sm3-256 is defined in hash_algo_name in hash_info, but the >> algorithm name implemented in sm3_generic.c is sm3, which will cause >> the sm3-256 algorithm to be not found in some application scenarios of >> the hash algorithm, and an ENOENT error will occur. For example, >> IMA, keys, and other subsystems that reference hash_algo_name all use >> the hash algorithm of sm3. >> >> According to https://tools.ietf.org/id/draft-oscca-cfrg-sm3-01.html, >> SM3 always produces a 256-bit hash value and there are no plans for >> other length development, so there is no ambiguity in the name of sm3. >> >> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> >> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > > The previous version of this patch set is queued in the next- > integrity-testing branch. That version of this patch didn't > change TPM_ALG_SM3_256. Unless the TPM standard was modified, the TPM > spec refers to it as TPM_ALG_SM3_256. Has that changed? > > Mimi > The definition in the TPM specification is still TPM_ALG_SM3_256, please ignore the modification to the TPM definition in this patch. Thanks, Tianjia
On Tue, 2020-02-18 at 10:34 +0800, Tianjia Zhang wrote: > On 2020/2/18 9:33, Mimi Zohar wrote: > > On Mon, 2020-02-17 at 17:36 +0800, Tianjia Zhang wrote: > >> The name sm3-256 is defined in hash_algo_name in hash_info, but the > >> algorithm name implemented in sm3_generic.c is sm3, which will cause > >> the sm3-256 algorithm to be not found in some application scenarios of > >> the hash algorithm, and an ENOENT error will occur. For example, > >> IMA, keys, and other subsystems that reference hash_algo_name all use > >> the hash algorithm of sm3. > >> > >> According to https://tools.ietf.org/id/draft-oscca-cfrg-sm3-01.html, > >> SM3 always produces a 256-bit hash value and there are no plans for > >> other length development, so there is no ambiguity in the name of sm3. > >> > >> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > >> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > > The previous version of this patch set is queued in the next- > > integrity-testing branch. That version of this patch didn't > > change TPM_ALG_SM3_256. Unless the TPM standard was modified, the TPM > > spec refers to it as TPM_ALG_SM3_256. Has that changed? > > > > Mimi > > The definition in the TPM specification is still TPM_ALG_SM3_256, please > ignore the modification to the TPM definition in this patch. Ok. Just confirming that I should ignore v2 of this patch set. Upstreaming the original version, as queued in next-integrity- testing, is fine. thanks, Mimi
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst index 50ac8bcd6970..5b6fea88f335 100644 --- a/Documentation/security/keys/trusted-encrypted.rst +++ b/Documentation/security/keys/trusted-encrypted.rst @@ -66,7 +66,7 @@ Usage:: default 1 (resealing allowed) hash= hash algorithm name as a string. For TPM 1.x the only allowed value is sha1. For TPM 2.x the allowed values - are sha1, sha256, sha384, sha512 and sm3-256. + are sha1, sha256, sha384, sha512 and sm3. policydigest= digest for the authorization policy. must be calculated with the same hash algorithm as specified by the 'hash=' option. diff --git a/crypto/hash_info.c b/crypto/hash_info.c index c754cb75dd1a..fe0119407219 100644 --- a/crypto/hash_info.c +++ b/crypto/hash_info.c @@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = { [HASH_ALGO_TGR_128] = "tgr128", [HASH_ALGO_TGR_160] = "tgr160", [HASH_ALGO_TGR_192] = "tgr192", - [HASH_ALGO_SM3_256] = "sm3-256", + [HASH_ALGO_SM3] = "sm3", [HASH_ALGO_STREEBOG_256] = "streebog256", [HASH_ALGO_STREEBOG_512] = "streebog512", }; @@ -50,7 +50,7 @@ const int hash_digest_size[HASH_ALGO__LAST] = { [HASH_ALGO_TGR_128] = TGR128_DIGEST_SIZE, [HASH_ALGO_TGR_160] = TGR160_DIGEST_SIZE, [HASH_ALGO_TGR_192] = TGR192_DIGEST_SIZE, - [HASH_ALGO_SM3_256] = SM3256_DIGEST_SIZE, + [HASH_ALGO_SM3] = SM3_DIGEST_SIZE, [HASH_ALGO_STREEBOG_256] = STREEBOG256_DIGEST_SIZE, [HASH_ALGO_STREEBOG_512] = STREEBOG512_DIGEST_SIZE, }; diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 13696deceae8..44412538e47c 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -19,7 +19,7 @@ static struct tpm2_hash tpm2_hash_map[] = { {HASH_ALGO_SHA256, TPM_ALG_SHA256}, {HASH_ALGO_SHA384, TPM_ALG_SHA384}, {HASH_ALGO_SHA512, TPM_ALG_SHA512}, - {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, + {HASH_ALGO_SM3, TPM_ALG_SM3}, }; int tpm2_get_timeouts(struct tpm_chip *chip) diff --git a/include/crypto/hash_info.h b/include/crypto/hash_info.h index eb9d2e368969..07cd6e0b0fee 100644 --- a/include/crypto/hash_info.h +++ b/include/crypto/hash_info.h @@ -31,7 +31,7 @@ #define TGR192_DIGEST_SIZE 24 /* not defined in include/crypto/ */ -#define SM3256_DIGEST_SIZE 32 +#define SM3_DIGEST_SIZE 32 extern const char *const hash_algo_name[HASH_ALGO__LAST]; extern const int hash_digest_size[HASH_ALGO__LAST]; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 03e9b184411b..042c3eb5f051 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -39,7 +39,7 @@ enum tpm_algorithms { TPM_ALG_SHA384 = 0x000C, TPM_ALG_SHA512 = 0x000D, TPM_ALG_NULL = 0x0010, - TPM_ALG_SM3_256 = 0x0012, + TPM_ALG_SM3 = 0x0012, }; struct tpm_digest { diff --git a/include/uapi/linux/hash_info.h b/include/uapi/linux/hash_info.h index 74a8609fcb4d..1355525dd4aa 100644 --- a/include/uapi/linux/hash_info.h +++ b/include/uapi/linux/hash_info.h @@ -32,7 +32,7 @@ enum hash_algo { HASH_ALGO_TGR_128, HASH_ALGO_TGR_160, HASH_ALGO_TGR_192, - HASH_ALGO_SM3_256, + HASH_ALGO_SM3, HASH_ALGO_STREEBOG_256, HASH_ALGO_STREEBOG_512, HASH_ALGO__LAST diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index 08ec7f48f01d..cbd5574a88c8 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -17,7 +17,7 @@ static struct tpm2_hash tpm2_hash_map[] = { {HASH_ALGO_SHA256, TPM_ALG_SHA256}, {HASH_ALGO_SHA384, TPM_ALG_SHA384}, {HASH_ALGO_SHA512, TPM_ALG_SHA512}, - {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, + {HASH_ALGO_SM3, TPM_ALG_SM3}, }; /**
The name sm3-256 is defined in hash_algo_name in hash_info, but the algorithm name implemented in sm3_generic.c is sm3, which will cause the sm3-256 algorithm to be not found in some application scenarios of the hash algorithm, and an ENOENT error will occur. For example, IMA, keys, and other subsystems that reference hash_algo_name all use the hash algorithm of sm3. According to https://tools.ietf.org/id/draft-oscca-cfrg-sm3-01.html, SM3 always produces a 256-bit hash value and there are no plans for other length development, so there is no ambiguity in the name of sm3. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- Documentation/security/keys/trusted-encrypted.rst | 2 +- crypto/hash_info.c | 4 ++-- drivers/char/tpm/tpm2-cmd.c | 2 +- include/crypto/hash_info.h | 2 +- include/linux/tpm.h | 2 +- include/uapi/linux/hash_info.h | 2 +- security/keys/trusted-keys/trusted_tpm2.c | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-)