[EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to TPM_LoadableKey
Bharat Bhushan
bbhushan2 at marvell.com
Tue May 21 05:47:40 UTC 2024
> -----Original Message-----
> From: Jarkko Sakkinen <jarkko at kernel.org>
> Sent: Tuesday, May 21, 2024 8:47 AM
> To: Herbert Xu <herbert at gondor.apana.org.au>
> Cc: linux-integrity at vger.kernel.org; keyrings at vger.kernel.org;
> Andreas.Fuchs at infineon.com; James Prestwood <prestwoj at gmail.com>;
> David Woodhouse <dwmw2 at infradead.org>; Eric Biggers
> <ebiggers at kernel.org>; James Bottomley
> <James.Bottomley at hansenpartnership.com>; Jarkko Sakkinen
> <jarkko at kernel.org>; David S. Miller <davem at davemloft.net>; open
> list:CRYPTO API <linux-crypto at vger.kernel.org>; open list <linux-
> kernel at vger.kernel.org>; Peter Huewe <peterhuewe at gmx.de>; Jason
> Gunthorpe <jgg at ziepe.ca>; James Bottomley
> <James.Bottomley at HansenPartnership.com>; Mimi Zohar
> <zohar at linux.ibm.com>; David Howells <dhowells at redhat.com>; Paul Moore
> <paul at paul-moore.com>; James Morris <jmorris at namei.org>; Serge E. Hallyn
> <serge at hallyn.com>; open list:SECURITY SUBSYSTEM <linux-security-
> module at vger.kernel.org>
> Subject: [EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to
> TPM_LoadableKey
>
> ----------------------------------------------------------------------
> Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key
> so that callers can differentiate different key types.
>
> Signed-off-by: Jarkko Sakkinen <jarkko at kernel.org>
> ---
> drivers/char/tpm/tpm2_key.c | 14 +++++++++++---
> include/crypto/tpm2_key.h | 2 ++
> security/keys/trusted-keys/trusted_tpm2.c | 4 ++++
> 3 files changed, 17 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c
> index 0112362e432e..59797dc232f1 100644
> --- a/drivers/char/tpm/tpm2_key.c
> +++ b/drivers/char/tpm/tpm2_key.c
> @@ -32,16 +32,24 @@ int tpm2_key_type(void *context, size_t hdrlen,
> const void *value, size_t vlen)
> {
> enum OID oid = look_up_OID(value, vlen);
> -
> - if (oid != OID_TPMSealedData) {
> + struct tpm2_key *key = context;
> +
> + switch (oid) {
> + case OID_TPMSealedData:
> + pr_info("TPMSealedData\n");
> + break;
> + case OID_TPMLoadableKey:
> + pr_info("TPMLodableKey\n");
> + break;
> + default:
> char buffer[50];
> -
> sprint_oid(value, vlen, buffer, sizeof(buffer));
> pr_debug("OID is \"%s\" which is not TPMSealedData\n",
> buffer);
Maybe extend this print to say "neither TPMSealedData nor TPMLodableKey"
Thanks
-Bharat
> return -EINVAL;
> }
>
> + key->oid = oid;
> return 0;
> }
>
> diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h
> index acf41b2e0c92..2d2434233000 100644
> --- a/include/crypto/tpm2_key.h
> +++ b/include/crypto/tpm2_key.h
> @@ -2,12 +2,14 @@
> #ifndef __LINUX_TPM2_KEY_H__
> #define __LINUX_TPM2_KEY_H__
>
> +#include <linux/oid_registry.h>
> #include <linux/slab.h>
>
> /*
> * TPM2 ASN.1 key
> */
> struct tpm2_key {
> + enum OID oid;
> u32 parent;
> const u8 *blob;
> u32 blob_len;
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c
> b/security/keys/trusted-keys/trusted_tpm2.c
> index f255388d32b8..ce4c667c3ee3 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -305,6 +305,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
> payload->old_format = 1;
> } else {
> blob = key.blob;
> + if (key.oid != OID_TPMSealedData) {
> + tpm2_key_destroy(&key);
> + return -EINVAL;
> + }
> }
>
> if (!blob)
> --
> 2.45.1
>
More information about the Linux-security-module-archive
mailing list