Re: [PATCH 5.10 258/530] security: keys: trusted: fix TPM2 authorizations

[Pavel Machek]

Hi!

> [ Upstream commit de66514d934d70ce73c302ce0644b54970fc7196 ]
> 
> In TPM 1.2 an authorization was a 20 byte number.  The spec actually
> recommended you to hash variable length passwords and use the sha1
> hash as the authorization.  Because the spec doesn't require this
> hashing, the current authorization for trusted keys is a 40 digit hex
> number.  For TPM 2.0 the spec allows the passing in of variable length
> passwords and passphrases directly, so we should allow that in trusted
> keys for ease of use.  Update the 'blobauth' parameter to take this
> into account, so we can now use plain text passwords for the keys.

I guess break should now be deleted. If tools don't warn about this,
they should.

> +			if (tpm2 && opt->blobauth_len <= sizeof(opt->blobauth)) {
> +				memcpy(opt->blobauth, args[0].from,
> +				       opt->blobauth_len);
> +				break;
> +			}
> +
> +			return -EINVAL;
> +
>  			break;
> +

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Attachment: signature.asc
Description: Digital signature