RE: [EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to TPM_LoadableKey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> Sent: Tuesday, May 21, 2024 8:47 AM
> To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: linux-integrity@xxxxxxxxxxxxxxx; keyrings@xxxxxxxxxxxxxxx;
> Andreas.Fuchs@xxxxxxxxxxxx; James Prestwood <prestwoj@xxxxxxxxx>;
> David Woodhouse <dwmw2@xxxxxxxxxxxxx>; Eric Biggers
> <ebiggers@xxxxxxxxxx>; James Bottomley
> <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; Jarkko Sakkinen
> <jarkko@xxxxxxxxxx>; David S. Miller <davem@xxxxxxxxxxxxx>; open
> list:CRYPTO API <linux-crypto@xxxxxxxxxxxxxxx>; open list <linux-
> kernel@xxxxxxxxxxxxxxx>; Peter Huewe <peterhuewe@xxxxxx>; Jason
> Gunthorpe <jgg@xxxxxxxx>; James Bottomley
> <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; Mimi Zohar
> <zohar@xxxxxxxxxxxxx>; David Howells <dhowells@xxxxxxxxxx>; Paul Moore
> <paul@xxxxxxxxxxxxxx>; James Morris <jmorris@xxxxxxxxx>; Serge E. Hallyn
> <serge@xxxxxxxxxx>; open list:SECURITY SUBSYSTEM <linux-security-
> module@xxxxxxxxxxxxxxx>
> Subject: [EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to
> TPM_LoadableKey
> 
> ----------------------------------------------------------------------
> Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key
> so that callers can differentiate different key types.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> ---
>  drivers/char/tpm/tpm2_key.c               | 14 +++++++++++---
>  include/crypto/tpm2_key.h                 |  2 ++
>  security/keys/trusted-keys/trusted_tpm2.c |  4 ++++
>  3 files changed, 17 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c
> index 0112362e432e..59797dc232f1 100644
> --- a/drivers/char/tpm/tpm2_key.c
> +++ b/drivers/char/tpm/tpm2_key.c
> @@ -32,16 +32,24 @@ int tpm2_key_type(void *context, size_t hdrlen,
>  		  const void *value, size_t vlen)
>  {
>  	enum OID oid = look_up_OID(value, vlen);
> -
> -	if (oid != OID_TPMSealedData) {
> +	struct tpm2_key *key = context;
> +
> +	switch (oid) {
> +	case OID_TPMSealedData:
> +		pr_info("TPMSealedData\n");
> +		break;
> +	case OID_TPMLoadableKey:
> +		pr_info("TPMLodableKey\n");
> +		break;
> +	default:
>  		char buffer[50];
> -
>  		sprint_oid(value, vlen, buffer, sizeof(buffer));
>  		pr_debug("OID is \"%s\" which is not TPMSealedData\n",
>  			 buffer);

Maybe extend this print to say "neither TPMSealedData nor TPMLodableKey"

Thanks
-Bharat

>  		return -EINVAL;
>  	}
> 
> +	key->oid = oid;
>  	return 0;
>  }
> 
> diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h
> index acf41b2e0c92..2d2434233000 100644
> --- a/include/crypto/tpm2_key.h
> +++ b/include/crypto/tpm2_key.h
> @@ -2,12 +2,14 @@
>  #ifndef __LINUX_TPM2_KEY_H__
>  #define __LINUX_TPM2_KEY_H__
> 
> +#include <linux/oid_registry.h>
>  #include <linux/slab.h>
> 
>  /*
>   * TPM2 ASN.1 key
>   */
>  struct tpm2_key {
> +	enum OID oid;
>  	u32 parent;
>  	const u8 *blob;
>  	u32 blob_len;
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c
> b/security/keys/trusted-keys/trusted_tpm2.c
> index f255388d32b8..ce4c667c3ee3 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -305,6 +305,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
>  		payload->old_format = 1;
>  	} else {
>  		blob = key.blob;
> +		if (key.oid != OID_TPMSealedData) {
> +			tpm2_key_destroy(&key);
> +			return -EINVAL;
> +		}
>  	}
> 
>  	if (!blob)
> --
> 2.45.1
> 






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux