Re: [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling

2018-10-25 Thread Jarkko Sakkinen
On Wed, 24 Oct 2018, James Bottomley wrote: +static void KDFa(u8 *key, int keylen, const char *label, u8 *u, +u8 *v, int bytes, u8 *out) Should this be in lower case? I would rename it as tpm_kdfa(). This one is defined as KDFa() in the standards and it's not TPM specific (alt

Re: [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling

2018-10-24 Thread James Bottomley
On Wed, 2018-10-24 at 02:48 +0300, Jarkko Sakkinen wrote: > On Mon, 22 Oct 2018, James Bottomley wrote: > > [...] I'll tidy up the descriptions. > These all sould be combined with the existing session stuff inside > tpm2-cmd.c and not have duplicate infrastructures. The file name > should be tpm2

Re: [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling

2018-10-24 Thread Jarkko Sakkinen
On Tue, 23 Oct 2018, Ard Biesheuvel wrote: On 23 October 2018 at 04:01, James Bottomley wrote: On Mon, 2018-10-22 at 19:19 -0300, Ard Biesheuvel wrote: [...] +static void hmac_init(struct shash_desc *desc, u8 *key, int keylen) +{ + u8 pad[SHA256_BLOCK_SIZE]; + int i; + + desc

Re: [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling

2018-10-23 Thread Jarkko Sakkinen
On Mon, 22 Oct 2018, James Bottomley wrote: This code adds true session based HMAC authentication plus parameter decryption and response encryption using AES. In order to reduce complexity it would make sense to split into two commits: authentication and parameter encryption. The basic desig

Re: [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling

2018-10-23 Thread Ard Biesheuvel
On 23 October 2018 at 04:01, James Bottomley wrote: > On Mon, 2018-10-22 at 19:19 -0300, Ard Biesheuvel wrote: > [...] >> > +static void hmac_init(struct shash_desc *desc, u8 *key, int >> > keylen) >> > +{ >> > + u8 pad[SHA256_BLOCK_SIZE]; >> > + int i; >> > + >> > + desc->tfm =

Re: [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling

2018-10-23 Thread James Bottomley
On Mon, 2018-10-22 at 19:19 -0300, Ard Biesheuvel wrote: [...] > > +static void hmac_init(struct shash_desc *desc, u8 *key, int > > keylen) > > +{ > > + u8 pad[SHA256_BLOCK_SIZE]; > > + int i; > > + > > + desc->tfm = sha256_hash; > > + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;

Re: [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling

2018-10-22 Thread Ard Biesheuvel
Hi James, Some comments below on how you are using the crypto API. On 22 October 2018 at 04:36, James Bottomley wrote: > This code adds true session based HMAC authentication plus parameter > decryption and response encryption using AES. > > The basic design of this code is to segregate all the

[PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling

2018-10-22 Thread James Bottomley
This code adds true session based HMAC authentication plus parameter decryption and response encryption using AES. The basic design of this code is to segregate all the nasty crypto, hash and hmac code into tpm2-sessions.c and export a usable API. The API first of all starts off by gaining a sess