[PATCH 2/2] KEYS: trusted: Find tpm_chip and use it until module shutdown
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Jun 26 19:30:40 UTC 2018
Use tpm_default_chip() to find the system's default TPM chip and
use it as the tpm_chip parameter for all TPM operations. Release
the tpm_chip when the module is shut down.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
security/keys/trusted.c | 41 ++++++++++++++++++++++++++++-------------
1 file changed, 28 insertions(+), 13 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 423776682025..06d863caea43 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -42,6 +42,7 @@ struct sdesc {
static struct crypto_shash *hashalg;
static struct crypto_shash *hmacalg;
+static struct tpm_chip *tpm_chip;
static struct sdesc *init_sdesc(struct crypto_shash *alg)
{
@@ -360,7 +361,7 @@ static int trusted_tpm_send(unsigned char *cmd, size_t buflen)
int rc;
dump_tpm_buf(cmd);
- rc = tpm_send(NULL, cmd, buflen);
+ rc = tpm_send(tpm_chip, cmd, buflen);
dump_tpm_buf(cmd);
if (rc > 0)
/* Can't return positive return codes values to keyctl */
@@ -381,10 +382,10 @@ static int pcrlock(const int pcrnum)
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
+ ret = tpm_get_random(tpm_chip, hash, SHA1_DIGEST_SIZE);
if (ret != SHA1_DIGEST_SIZE)
return ret;
- return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
+ return tpm_pcr_extend(tpm_chip, pcrnum, hash) ? -EINVAL : 0;
}
/*
@@ -397,7 +398,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
unsigned char ononce[TPM_NONCE_SIZE];
int ret;
- ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
+ ret = tpm_get_random(tpm_chip, ononce, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE)
return ret;
@@ -492,7 +493,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
if (ret < 0)
goto out;
- ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
+ ret = tpm_get_random(tpm_chip, td->nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE)
goto out;
ordinal = htonl(TPM_ORD_SEAL);
@@ -602,7 +603,7 @@ static int tpm_unseal(struct tpm_buf *tb,
ordinal = htonl(TPM_ORD_UNSEAL);
keyhndl = htonl(SRKHANDLE);
- ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
+ ret = tpm_get_random(tpm_chip, nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE) {
pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
return ret;
@@ -747,7 +748,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
int i;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(tpm_chip);
if (tpm2 < 0)
return tpm2;
@@ -916,7 +917,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
struct trusted_key_options *options;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(tpm_chip);
if (tpm2 < 0)
return NULL;
@@ -966,7 +967,7 @@ static int trusted_instantiate(struct key *key,
size_t key_len;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(tpm_chip);
if (tpm2 < 0)
return tpm2;
@@ -1007,7 +1008,7 @@ static int trusted_instantiate(struct key *key,
switch (key_cmd) {
case Opt_load:
if (tpm2)
- ret = tpm_unseal_trusted(NULL, payload, options);
+ ret = tpm_unseal_trusted(tpm_chip, payload, options);
else
ret = key_unseal(payload, options);
dump_payload(payload);
@@ -1017,13 +1018,13 @@ static int trusted_instantiate(struct key *key,
break;
case Opt_new:
key_len = payload->key_len;
- ret = tpm_get_random(NULL, payload->key, key_len);
+ ret = tpm_get_random(tpm_chip, payload->key, key_len);
if (ret != key_len) {
pr_info("trusted_key: key_create failed (%d)\n", ret);
goto out;
}
if (tpm2)
- ret = tpm_seal_trusted(NULL, payload, options);
+ ret = tpm_seal_trusted(tpm_chip, payload, options);
else
ret = key_seal(payload, options);
if (ret < 0)
@@ -1226,12 +1227,26 @@ static int __init init_trusted(void)
return ret;
ret = register_key_type(&key_type_trusted);
if (ret < 0)
- trusted_shash_release();
+ goto exit_shash_release;
+ tpm_chip = tpm_default_chip();
+ if (!tpm_chip) {
+ ret = -ENODEV;
+ goto exit_unregister;
+ }
+ return 0;
+
+exit_unregister:
+ unregister_key_type(&key_type_trusted);
+
+exit_shash_release:
+ trusted_shash_release();
return ret;
}
static void __exit cleanup_trusted(void)
{
+ if (tpm_chip)
+ tpm_put_chip(tpm_chip);
trusted_shash_release();
unregister_key_type(&key_type_trusted);
}
--
2.17.1
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list