| Message ID | 20211026075626.61975-3-tianjia.zhang@linux.alibaba.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | use SM3 instead of SM3_256 | expand |
On Tue, 2021-10-26 at 15:56 +0800, Tianjia Zhang wrote: > According to https://tools.ietf.org/id/draft-oscca-cfrg-sm3-01.html, > SM3 always produces a 256-bit hash value and there are no plans for > other length development, so there is no ambiguity in the name of > sm3. Please just drop this piece. [...] > hash= hash algorithm name as a string. For TPM 1.x > the only > allowed value is sha1. For TPM 2.x the allowed > values > - are sha1, sha256, sha384, sha512 and sm3-256. > + are sha1, sha256, sha384, sha512 and sm3. the hash parameter is an external ABI we can't simply change ... as Jarkko already told you. The rest are constants defined in the TPM standard, which we shouldn't change because then it makes everyone wonder why we're deviating. James
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst index 80d5a5af62a1..3292461517f6 100644 --- a/Documentation/security/keys/trusted-encrypted.rst +++ b/Documentation/security/keys/trusted-encrypted.rst @@ -162,7 +162,7 @@ Usage:: default 1 (resealing allowed) hash= hash algorithm name as a string. For TPM 1.x the only allowed value is sha1. For TPM 2.x the allowed values - are sha1, sha256, sha384, sha512 and sm3-256. + are sha1, sha256, sha384, sha512 and sm3. policydigest= digest for the authorization policy. must be calculated with the same hash algorithm as specified by the 'hash=' option. diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c index 63f03cfb8e6a..fe6c785dc84a 100644 --- a/drivers/char/tpm/tpm-sysfs.c +++ b/drivers/char/tpm/tpm-sysfs.c @@ -471,7 +471,7 @@ PCR_ATTR_BUILD(TPM_ALG_SHA1, sha1); PCR_ATTR_BUILD(TPM_ALG_SHA256, sha256); PCR_ATTR_BUILD(TPM_ALG_SHA384, sha384); PCR_ATTR_BUILD(TPM_ALG_SHA512, sha512); -PCR_ATTR_BUILD(TPM_ALG_SM3_256, sm3); +PCR_ATTR_BUILD(TPM_ALG_SM3, sm3); void tpm_sysfs_add_device(struct tpm_chip *chip) @@ -500,7 +500,7 @@ void tpm_sysfs_add_device(struct tpm_chip *chip) case TPM_ALG_SHA512: chip->groups[chip->groups_cnt++] = &pcr_group_sha512; break; - case TPM_ALG_SM3_256: + case TPM_ALG_SM3: chip->groups[chip->groups_cnt++] = &pcr_group_sm3; break; default: diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 20f55de9d87b..d5a9410d2273 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -19,7 +19,7 @@ static struct tpm2_hash tpm2_hash_map[] = { {HASH_ALGO_SHA256, TPM_ALG_SHA256}, {HASH_ALGO_SHA384, TPM_ALG_SHA384}, {HASH_ALGO_SHA512, TPM_ALG_SHA512}, - {HASH_ALGO_SM3, TPM_ALG_SM3_256}, + {HASH_ALGO_SM3, TPM_ALG_SM3}, }; int tpm2_get_timeouts(struct tpm_chip *chip) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index aa11fe323c56..56a79fee1250 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -40,7 +40,7 @@ enum tpm_algorithms { TPM_ALG_SHA384 = 0x000C, TPM_ALG_SHA512 = 0x000D, TPM_ALG_NULL = 0x0010, - TPM_ALG_SM3_256 = 0x0012, + TPM_ALG_SM3 = 0x0012, }; /* diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index 52a696035176..b15a9961213d 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -23,7 +23,7 @@ static struct tpm2_hash tpm2_hash_map[] = { {HASH_ALGO_SHA256, TPM_ALG_SHA256}, {HASH_ALGO_SHA384, TPM_ALG_SHA384}, {HASH_ALGO_SHA512, TPM_ALG_SHA512}, - {HASH_ALGO_SM3, TPM_ALG_SM3_256}, + {HASH_ALGO_SM3, TPM_ALG_SM3}, }; static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
According to https://tools.ietf.org/id/draft-oscca-cfrg-sm3-01.html, SM3 always produces a 256-bit hash value and there are no plans for other length development, so there is no ambiguity in the name of sm3. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- Documentation/security/keys/trusted-encrypted.rst | 2 +- drivers/char/tpm/tpm-sysfs.c | 4 ++-- drivers/char/tpm/tpm2-cmd.c | 2 +- include/linux/tpm.h | 2 +- security/keys/trusted-keys/trusted_tpm2.c | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-)