> -----Original Message-----
> From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> Sent: Tuesday, May 21, 2024 8:47 AM
> To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: linux-integrity@xxxxxxxxxxxxxxx; keyrings@xxxxxxxxxxxxxxx;
> Andreas.Fuchs@xxxxxxxxxxxx; James Prestwood <prestwoj@xxxxxxxxx>;
> David Woodhouse <dwmw2@xxxxxxxxxxxxx>; Eric Biggers
> <ebiggers@xxxxxxxxxx>; James Bottomley
> <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; Jarkko Sakkinen
> <jarkko@xxxxxxxxxx>; David S. Miller <davem@xxxxxxxxxxxxx>; open
> list:CRYPTO API <linux-crypto@xxxxxxxxxxxxxxx>; open list <linux-
> kernel@xxxxxxxxxxxxxxx>; Peter Huewe <peterhuewe@xxxxxx>; Jason
> Gunthorpe <jgg@xxxxxxxx>; James Bottomley
> <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; Mimi Zohar
> <zohar@xxxxxxxxxxxxx>; David Howells <dhowells@xxxxxxxxxx>; Paul Moore
> <paul@xxxxxxxxxxxxxx>; James Morris <jmorris@xxxxxxxxx>; Serge E. Hallyn
> <serge@xxxxxxxxxx>; open list:SECURITY SUBSYSTEM <linux-security-
> module@xxxxxxxxxxxxxxx>
> Subject: [EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to
> TPM_LoadableKey
>
> ----------------------------------------------------------------------
> Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key
> so that callers can differentiate different key types.
>
> Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> ---
> drivers/char/tpm/tpm2_key.c | 14 +++++++++++---
> include/crypto/tpm2_key.h | 2 ++
> security/keys/trusted-keys/trusted_tpm2.c | 4 ++++
> 3 files changed, 17 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c
> index 0112362e432e..59797dc232f1 100644
> --- a/drivers/char/tpm/tpm2_key.c
> +++ b/drivers/char/tpm/tpm2_key.c
> @@ -32,16 +32,24 @@ int tpm2_key_type(void *context, size_t hdrlen,
> const void *value, size_t vlen)
> {
> enum OID oid = look_up_OID(value, vlen);
> -
> - if (oid != OID_TPMSealedData) {
> + struct tpm2_key *key = context;
> +
> + switch (oid) {
> + case OID_TPMSealedData:
> + pr_info("TPMSealedData\n");
> + break;
> + case OID_TPMLoadableKey:
> + pr_info("TPMLodableKey\n");
> + break;
> + default:
> char buffer[50];
> -
> sprint_oid(value, vlen, buffer, sizeof(buffer));
> pr_debug("OID is \"%s\" which is not TPMSealedData\n",
> buffer);
Maybe extend this print to say "neither TPMSealedData nor TPMLodableKey"
Thanks
-Bharat
> return -EINVAL;
> }
>
> + key->oid = oid;
> return 0;
> }
>
> diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h
> index acf41b2e0c92..2d2434233000 100644
> --- a/include/crypto/tpm2_key.h
> +++ b/include/crypto/tpm2_key.h
> @@ -2,12 +2,14 @@
> #ifndef __LINUX_TPM2_KEY_H__
> #define __LINUX_TPM2_KEY_H__
>
> +#include <linux/oid_registry.h>
> #include <linux/slab.h>
>
> /*
> * TPM2 ASN.1 key
> */
> struct tpm2_key {
> + enum OID oid;
> u32 parent;
> const u8 *blob;
> u32 blob_len;
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c
> b/security/keys/trusted-keys/trusted_tpm2.c
> index f255388d32b8..ce4c667c3ee3 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -305,6 +305,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
> payload->old_format = 1;
> } else {
> blob = key.blob;
> + if (key.oid != OID_TPMSealedData) {
> + tpm2_key_destroy(&key);
> + return -EINVAL;
> + }
> }
>
> if (!blob)
> --
> 2.45.1
>
