[v1,3/4] keys, trusted: select the hash algorithm

Commit Message

Jarkko Sakkinen Oct. 29, 2015, 3:59 p.m. UTC

Added 'hash=' option for selecting the hash algorithm for add_key()
syscall.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 security/keys/trusted.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

Comments

kernel test robot Oct. 29, 2015, 7:18 p.m. UTC | #1

Hi Jarkko,

[auto build test ERROR on next-20151022 -- if it's inappropriate base, please suggest rules for selecting the more suitable base]

url:    https://github.com/0day-ci/linux/commits/Jarkko-Sakkinen/TPM2-select-hash-algorithm-for-a-trusted-key/20151030-000439
config: x86_64-acpi-redef (attached as .config)
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All errors (new ones prefixed by >>):

   security/built-in.o: In function `getoptions.isra.0':
>> trusted.c:(.text+0x6678): undefined reference to `hash_algo_name'

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
------------------------------------------------------------------------------

Mimi Zohar Oct. 29, 2015, 7:37 p.m. UTC | #2

On Thu, 2015-10-29 at 17:59 +0200, Jarkko Sakkinen wrote:
> Added 'hash=' option for selecting the hash algorithm for add_key()
> syscall.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
>  security/keys/trusted.c | 20 +++++++++++++++++++-
>  1 file changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> index d3633cf..7a87bcd 100644
> --- a/security/keys/trusted.c
> +++ b/security/keys/trusted.c
> @@ -11,6 +11,7 @@
>   * See Documentation/security/keys-trusted-encrypted.txt
>   */
> 
> +#include <crypto/hash_info.h>

This introduces a Kconfig dependency on CRYPTO_HASH_INFO. 

Mimi

>  #include <linux/uaccess.h>
>  #include <linux/module.h>
>  #include <linux/init.h>
> @@ -710,7 +711,8 @@ enum {
>  	Opt_err = -1,
>  	Opt_new, Opt_load, Opt_update,
>  	Opt_keyhandle, Opt_keyauth, Opt_blobauth,
> -	Opt_pcrinfo, Opt_pcrlock, Opt_migratable
> +	Opt_pcrinfo, Opt_pcrlock, Opt_migratable,
> +	Opt_hash,
>  };
> 
>  static const match_table_t key_tokens = {
> @@ -723,6 +725,7 @@ static const match_table_t key_tokens = {
>  	{Opt_pcrinfo, "pcrinfo=%s"},
>  	{Opt_pcrlock, "pcrlock=%s"},
>  	{Opt_migratable, "migratable=%s"},
> +	{Opt_hash, "hash=%s"},
>  	{Opt_err, NULL}
>  };
> 
> @@ -736,6 +739,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
>  	int res;
>  	unsigned long handle;
>  	unsigned long lock;
> +	int i;
> 
>  	while ((p = strsep(&c, " \t"))) {
>  		if (*p == '\0' || *p == ' ' || *p == '\t')
> @@ -787,6 +791,20 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
>  				return -EINVAL;
>  			opt->pcrlock = lock;
>  			break;
> +		case Opt_hash:
> +			for (i = 0; i < HASH_ALGO__LAST; i++) {
> +				if (!strcmp(args[0].from, hash_algo_name[i])) {
> +					opt->hash = i;
> +					break;
> +				}
> +			}
> +			res = tpm_is_tpm2(TPM_ANY_NUM);
> +			if (res < 0)
> +				return res;
> +			if (i == HASH_ALGO__LAST ||
> +			    (!res && i != HASH_ALGO_SHA1))
> +				return -EINVAL;
> +			break;
>  		default:
>  			return -EINVAL;
>  		}



------------------------------------------------------------------------------

Jarkko Sakkinen Oct. 30, 2015, 11:16 a.m. UTC | #3

On Thu, Oct 29, 2015 at 03:37:20PM -0400, Mimi Zohar wrote:
> On Thu, 2015-10-29 at 17:59 +0200, Jarkko Sakkinen wrote:
> > Added 'hash=' option for selecting the hash algorithm for add_key()
> > syscall.
> > 
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > ---
> >  security/keys/trusted.c | 20 +++++++++++++++++++-
> >  1 file changed, 19 insertions(+), 1 deletion(-)
> > 
> > diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> > index d3633cf..7a87bcd 100644
> > --- a/security/keys/trusted.c
> > +++ b/security/keys/trusted.c
> > @@ -11,6 +11,7 @@
> >   * See Documentation/security/keys-trusted-encrypted.txt
> >   */
> > 
> > +#include <crypto/hash_info.h>
> 
> This introduces a Kconfig dependency on CRYPTO_HASH_INFO. 

Thanks. I'll add it. Got also build error from kbuild bot. I'll use that
config to reproduce and fix this error.

> Mimi

/Jarkko

------------------------------------------------------------------------------

Patch

diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index d3633cf..7a87bcd 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -11,6 +11,7 @@ 
  * See Documentation/security/keys-trusted-encrypted.txt
  */
 
+#include <crypto/hash_info.h>
 #include <linux/uaccess.h>
 #include <linux/module.h>
 #include <linux/init.h>
@@ -710,7 +711,8 @@  enum {
 	Opt_err = -1,
 	Opt_new, Opt_load, Opt_update,
 	Opt_keyhandle, Opt_keyauth, Opt_blobauth,
-	Opt_pcrinfo, Opt_pcrlock, Opt_migratable
+	Opt_pcrinfo, Opt_pcrlock, Opt_migratable,
+	Opt_hash,
 };
 
 static const match_table_t key_tokens = {
@@ -723,6 +725,7 @@  static const match_table_t key_tokens = {
 	{Opt_pcrinfo, "pcrinfo=%s"},
 	{Opt_pcrlock, "pcrlock=%s"},
 	{Opt_migratable, "migratable=%s"},
+	{Opt_hash, "hash=%s"},
 	{Opt_err, NULL}
 };
 
@@ -736,6 +739,7 @@  static int getoptions(char *c, struct trusted_key_payload *pay,
 	int res;
 	unsigned long handle;
 	unsigned long lock;
+	int i;
 
 	while ((p = strsep(&c, " \t"))) {
 		if (*p == '\0' || *p == ' ' || *p == '\t')
@@ -787,6 +791,20 @@  static int getoptions(char *c, struct trusted_key_payload *pay,
 				return -EINVAL;
 			opt->pcrlock = lock;
 			break;
+		case Opt_hash:
+			for (i = 0; i < HASH_ALGO__LAST; i++) {
+				if (!strcmp(args[0].from, hash_algo_name[i])) {
+					opt->hash = i;
+					break;
+				}
+			}
+			res = tpm_is_tpm2(TPM_ANY_NUM);
+			if (res < 0)
+				return res;
+			if (i == HASH_ALGO__LAST ||
+			    (!res && i != HASH_ALGO_SHA1))
+				return -EINVAL;
+			break;
 		default:
 			return -EINVAL;
 		}