| From: |
| Eric Biggers <ebiggers-AT-kernel.org> |
| To: |
| James Bottomley <James.Bottomley-AT-HansenPartnership.com>, Jarkko Sakkinen <jarkko-AT-kernel.org>, Mimi Zohar <zohar-AT-linux.ibm.com>, keyrings-AT-vger.kernel.org |
| Subject: |
| [PATCH 0/3] KEYS: trusted_tpm1: HMAC fix and cleanup |
| Date: |
| Thu, 31 Jul 2025 14:23:51 -0700 |
| Message-ID: |
| <20250731212354.105044-1-ebiggers@kernel.org> |
| Cc: |
| David Howells <dhowells-AT-redhat.com>, linux-integrity-AT-vger.kernel.org, linux-crypto-AT-vger.kernel.org, linux-kernel-AT-vger.kernel.org, Eric Biggers <ebiggers-AT-kernel.org> |
| Archive-link: |
| Article |
Patch 1 fixes the HMAC-SHA1 comparison in trusted_tpm1 to be
constant-time.
Patch 2 simplifies the SHA-1 and HMAC-SHA1 computation in trusted_tpm1
by using library APIs instead of crypto_shash. Note that this depends
on the SHA-1 and HMAC-SHA1 library APIs that were merged for v6.17-rc1.
Patch 3 is a trusted_tpm1 cleanup that moves private functionality out
of a public header.
Eric Biggers (3):
KEYS: trusted_tpm1: Compare HMAC values in constant time
KEYS: trusted_tpm1: Use SHA-1 library instead of crypto_shash
KEYS: trusted_tpm1: Move private functionality out of public header
include/keys/trusted_tpm.h | 79 ------
security/keys/trusted-keys/Kconfig | 5 +-
security/keys/trusted-keys/trusted_tpm1.c | 284 ++++++++--------------
3 files changed, 100 insertions(+), 268 deletions(-)
base-commit: d6084bb815c453de27af8071a23163a711586a6c
--
2.50.1
