Message ID | 20220222195819.2313913-4-a.fatoum@pengutronix.de (mailing list archive) |
---|---|
State | Not Applicable |
Delegated to: | Herbert Xu |
Headers | show |
Series | KEYS: trusted: Introduce support for NXP CAAM-based trusted keys | expand |
On 22.02.22 20:58, Ahmad Fatoum wrote: > The two existing trusted key sources don't make use of the kernel RNG, > but instead let the hardware that does the sealing/unsealing also > generate the random key material. While a previous change offers users > the choice to use the kernel RNG instead for both, new trust sources > may want to unconditionally use the kernel RNG for generating key > material, like it's done elsewhere in the kernel. > > This is especially prudent for hardware that has proven-in-production > HWRNG drivers implemented, as otherwise code would have to be duplicated > only to arrive at a possibly worse result. > > Make this possible by turning struct trusted_key_ops::get_random > into an optional member. If a driver leaves it NULL, kernel RNG > will be used instead. The rebase on the change in scope of the previous commit made this one here quite small. I would squash it into the previous commit for v6, unless there are objections. > > Acked-by: Sumit Garg <sumit.garg@linaro.org> > Reviewed-by: David Gstir <david@sigma-star.at> > Tested-By: Tim Harvey <tharvey@gateworks.com> > Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> > --- > To: James Bottomley <jejb@linux.ibm.com> > To: Jarkko Sakkinen <jarkko@kernel.org> > To: Mimi Zohar <zohar@linux.ibm.com> > To: David Howells <dhowells@redhat.com> > Cc: James Morris <jmorris@namei.org> > Cc: "Serge E. Hallyn" <serge@hallyn.com> > Cc: "Horia Geantă" <horia.geanta@nxp.com> > Cc: Aymen Sghaier <aymen.sghaier@nxp.com> > Cc: Herbert Xu <herbert@gondor.apana.org.au> > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Eric Biggers <ebiggers@kernel.org> > Cc: Jan Luebbe <j.luebbe@pengutronix.de> > Cc: David Gstir <david@sigma-star.at> > Cc: Richard Weinberger <richard@nod.at> > Cc: Franck LENORMAND <franck.lenormand@nxp.com> > Cc: Sumit Garg <sumit.garg@linaro.org> > Cc: Tim Harvey <tharvey@gateworks.com> > Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> > Cc: Pankaj Gupta <pankaj.gupta@nxp.com> > Cc: keyrings@vger.kernel.org > Cc: linux-crypto@vger.kernel.org > Cc: linux-integrity@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Cc: linux-security-module@vger.kernel.org > --- > include/keys/trusted-type.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h > index d89fa2579ac0..4eb64548a74f 100644 > --- a/include/keys/trusted-type.h > +++ b/include/keys/trusted-type.h > @@ -64,7 +64,7 @@ struct trusted_key_ops { > /* Unseal a key. */ > int (*unseal)(struct trusted_key_payload *p, char *datablob); > > - /* Get a randomized key. */ > + /* Optional: Get a randomized key. */ > int (*get_random)(unsigned char *key, size_t key_len); > > /* Exit key interface. */
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com> > -----Original Message----- > From: Ahmad Fatoum <a.fatoum@pengutronix.de> > Sent: Wednesday, February 23, 2022 9:53 PM > To: James Bottomley <jejb@linux.ibm.com>; Jarkko Sakkinen > <jarkko@kernel.org>; Mimi Zohar <zohar@linux.ibm.com>; David Howells > <dhowells@redhat.com> > Cc: kernel@pengutronix.de; Sumit Garg <sumit.garg@linaro.org>; David Gstir > <david@sigma-star.at>; tharvey@gateworks.com; James Morris > <jmorris@namei.org>; Serge E. Hallyn <serge@hallyn.com>; Horia Geanta > <horia.geanta@nxp.com>; Aymen Sghaier <aymen.sghaier@nxp.com>; Herbert > Xu <herbert@gondor.apana.org.au>; David S. Miller <davem@davemloft.net>; > Eric Biggers <ebiggers@kernel.org>; Jan Luebbe <j.luebbe@pengutronix.de>; > Richard Weinberger <richard@nod.at>; Franck Lenormand > <franck.lenormand@nxp.com>; Matthias Schiffer <matthias.schiffer@ew.tq- > group.com>; Pankaj Gupta <pankaj.gupta@nxp.com>; keyrings@vger.kernel.org; > linux-crypto@vger.kernel.org; linux-integrity@vger.kernel.org; linux- > kernel@vger.kernel.org; linux-security-module@vger.kernel.org > Subject: [EXT] Re: [PATCH v5 3/5] KEYS: trusted: allow trust sources to use > kernel RNG for key material > > Caution: EXT Email > > On 22.02.22 20:58, Ahmad Fatoum wrote: > > The two existing trusted key sources don't make use of the kernel RNG, > > but instead let the hardware that does the sealing/unsealing also > > generate the random key material. While a previous change offers users > > the choice to use the kernel RNG instead for both, new trust sources > > may want to unconditionally use the kernel RNG for generating key > > material, like it's done elsewhere in the kernel. > > > > This is especially prudent for hardware that has proven-in-production > > HWRNG drivers implemented, as otherwise code would have to be > > duplicated only to arrive at a possibly worse result. > > > > Make this possible by turning struct trusted_key_ops::get_random into > > an optional member. If a driver leaves it NULL, kernel RNG will be > > used instead. > > The rebase on the change in scope of the previous commit made this one here > quite small. I would squash it into the previous commit for v6, unless there are > objections. > > > > > > Acked-by: Sumit Garg <sumit.garg@linaro.org> > > Reviewed-by: David Gstir <david@sigma-star.at> > > Tested-By: Tim Harvey <tharvey@gateworks.com> > > Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> > > --- > > To: James Bottomley <jejb@linux.ibm.com> > > To: Jarkko Sakkinen <jarkko@kernel.org> > > To: Mimi Zohar <zohar@linux.ibm.com> > > To: David Howells <dhowells@redhat.com> > > Cc: James Morris <jmorris@namei.org> > > Cc: "Serge E. Hallyn" <serge@hallyn.com> > > Cc: "Horia Geantă" <horia.geanta@nxp.com> > > Cc: Aymen Sghaier <aymen.sghaier@nxp.com> > > Cc: Herbert Xu <herbert@gondor.apana.org.au> > > Cc: "David S. Miller" <davem@davemloft.net> > > Cc: Eric Biggers <ebiggers@kernel.org> > > Cc: Jan Luebbe <j.luebbe@pengutronix.de> > > Cc: David Gstir <david@sigma-star.at> > > Cc: Richard Weinberger <richard@nod.at> > > Cc: Franck LENORMAND <franck.lenormand@nxp.com> > > Cc: Sumit Garg <sumit.garg@linaro.org> > > Cc: Tim Harvey <tharvey@gateworks.com> > > Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> > > Cc: Pankaj Gupta <pankaj.gupta@nxp.com> > > Cc: keyrings@vger.kernel.org > > Cc: linux-crypto@vger.kernel.org > > Cc: linux-integrity@vger.kernel.org > > Cc: linux-kernel@vger.kernel.org > > Cc: linux-security-module@vger.kernel.org > > --- > > include/keys/trusted-type.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h > > index d89fa2579ac0..4eb64548a74f 100644 > > --- a/include/keys/trusted-type.h > > +++ b/include/keys/trusted-type.h > > @@ -64,7 +64,7 @@ struct trusted_key_ops { > > /* Unseal a key. */ > > int (*unseal)(struct trusted_key_payload *p, char *datablob); > > > > - /* Get a randomized key. */ > > + /* Optional: Get a randomized key. */ > > int (*get_random)(unsigned char *key, size_t key_len); > > > > /* Exit key interface. */ > > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.pen > gutronix.de%2F&data=04%7C01%7Cpankaj.gupta%40nxp.com%7Cd6143a > 1791a8494849f208d9f6e8cef8%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0 > %7C0%7C637812302026139014%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4 > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&am > p;sdata=2QRFygy%2BVafXrLIkF1BOHtDiwP%2Fz9kwU9ovtG1WJBTY%3D&r > eserved=0 | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Acked-by: Pankaj Gupta <pankaj.gupta@nxp.com> Regards Pankaj > -----Original Message----- > From: Ahmad Fatoum <a.fatoum@pengutronix.de> > Sent: Wednesday, February 23, 2022 9:53 PM > To: James Bottomley <jejb@linux.ibm.com>; Jarkko Sakkinen > <jarkko@kernel.org>; Mimi Zohar <zohar@linux.ibm.com>; David Howells > <dhowells@redhat.com> > Cc: kernel@pengutronix.de; Sumit Garg <sumit.garg@linaro.org>; David Gstir > <david@sigma-star.at>; tharvey@gateworks.com; James Morris > <jmorris@namei.org>; Serge E. Hallyn <serge@hallyn.com>; Horia Geanta > <horia.geanta@nxp.com>; Aymen Sghaier <aymen.sghaier@nxp.com>; > Herbert Xu <herbert@gondor.apana.org.au>; David S. Miller > <davem@davemloft.net>; Eric Biggers <ebiggers@kernel.org>; Jan Luebbe > <j.luebbe@pengutronix.de>; Richard Weinberger <richard@nod.at>; Franck > Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer > <matthias.schiffer@ew.tq-group.com>; Pankaj Gupta > <pankaj.gupta@nxp.com>; keyrings@vger.kernel.org; linux- > crypto@vger.kernel.org; linux-integrity@vger.kernel.org; linux- > kernel@vger.kernel.org; linux-security-module@vger.kernel.org > Subject: [EXT] Re: [PATCH v5 3/5] KEYS: trusted: allow trust sources to use > kernel RNG for key material > > Caution: EXT Email > > On 22.02.22 20:58, Ahmad Fatoum wrote: > > The two existing trusted key sources don't make use of the kernel RNG, > > but instead let the hardware that does the sealing/unsealing also > > generate the random key material. While a previous change offers users > > the choice to use the kernel RNG instead for both, new trust sources > > may want to unconditionally use the kernel RNG for generating key > > material, like it's done elsewhere in the kernel. > > > > This is especially prudent for hardware that has proven-in-production > > HWRNG drivers implemented, as otherwise code would have to be > > duplicated only to arrive at a possibly worse result. > > > > Make this possible by turning struct trusted_key_ops::get_random into > > an optional member. If a driver leaves it NULL, kernel RNG will be > > used instead. > > The rebase on the change in scope of the previous commit made this one > here quite small. I would squash it into the previous commit for v6, unless > there are objections. > > > > > > Acked-by: Sumit Garg <sumit.garg@linaro.org> > > Reviewed-by: David Gstir <david@sigma-star.at> > > Tested-By: Tim Harvey <tharvey@gateworks.com> > > Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> > > --- > > To: James Bottomley <jejb@linux.ibm.com> > > To: Jarkko Sakkinen <jarkko@kernel.org> > > To: Mimi Zohar <zohar@linux.ibm.com> > > To: David Howells <dhowells@redhat.com> > > Cc: James Morris <jmorris@namei.org> > > Cc: "Serge E. Hallyn" <serge@hallyn.com> > > Cc: "Horia Geantă" <horia.geanta@nxp.com> > > Cc: Aymen Sghaier <aymen.sghaier@nxp.com> > > Cc: Herbert Xu <herbert@gondor.apana.org.au> > > Cc: "David S. Miller" <davem@davemloft.net> > > Cc: Eric Biggers <ebiggers@kernel.org> > > Cc: Jan Luebbe <j.luebbe@pengutronix.de> > > Cc: David Gstir <david@sigma-star.at> > > Cc: Richard Weinberger <richard@nod.at> > > Cc: Franck LENORMAND <franck.lenormand@nxp.com> > > Cc: Sumit Garg <sumit.garg@linaro.org> > > Cc: Tim Harvey <tharvey@gateworks.com> > > Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> > > Cc: Pankaj Gupta <pankaj.gupta@nxp.com> > > Cc: keyrings@vger.kernel.org > > Cc: linux-crypto@vger.kernel.org > > Cc: linux-integrity@vger.kernel.org > > Cc: linux-kernel@vger.kernel.org > > Cc: linux-security-module@vger.kernel.org > > --- > > include/keys/trusted-type.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h > > index d89fa2579ac0..4eb64548a74f 100644 > > --- a/include/keys/trusted-type.h > > +++ b/include/keys/trusted-type.h > > @@ -64,7 +64,7 @@ struct trusted_key_ops { > > /* Unseal a key. */ > > int (*unseal)(struct trusted_key_payload *p, char *datablob); > > > > - /* Get a randomized key. */ > > + /* Optional: Get a randomized key. */ > > int (*get_random)(unsigned char *key, size_t key_len); > > > > /* Exit key interface. */ > > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. > pengutronix.de%2F&data=04%7C01%7Cpankaj.gupta%40nxp.com%7Cd > 6143a1791a8494849f208d9f6e8cef8%7C686ea1d3bc2b4c6fa92cd99c5c301635 > %7C0%7C0%7C637812302026139014%7CUnknown%7CTWFpbGZsb3d8eyJWIj > oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3 > 000&sdata=2QRFygy%2BVafXrLIkF1BOHtDiwP%2Fz9kwU9ovtG1WJBTY > %3D&reserved=0 | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index d89fa2579ac0..4eb64548a74f 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -64,7 +64,7 @@ struct trusted_key_ops { /* Unseal a key. */ int (*unseal)(struct trusted_key_payload *p, char *datablob); - /* Get a randomized key. */ + /* Optional: Get a randomized key. */ int (*get_random)(unsigned char *key, size_t key_len); /* Exit key interface. */