[EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to TPM_LoadableKey

Bharat Bhushan bbhushan2 at marvell.com
Tue May 21 05:47:40 UTC 2024



> -----Original Message-----
> From: Jarkko Sakkinen <jarkko at kernel.org>
> Sent: Tuesday, May 21, 2024 8:47 AM
> To: Herbert Xu <herbert at gondor.apana.org.au>
> Cc: linux-integrity at vger.kernel.org; keyrings at vger.kernel.org;
> Andreas.Fuchs at infineon.com; James Prestwood <prestwoj at gmail.com>;
> David Woodhouse <dwmw2 at infradead.org>; Eric Biggers
> <ebiggers at kernel.org>; James Bottomley
> <James.Bottomley at hansenpartnership.com>; Jarkko Sakkinen
> <jarkko at kernel.org>; David S. Miller <davem at davemloft.net>; open
> list:CRYPTO API <linux-crypto at vger.kernel.org>; open list <linux-
> kernel at vger.kernel.org>; Peter Huewe <peterhuewe at gmx.de>; Jason
> Gunthorpe <jgg at ziepe.ca>; James Bottomley
> <James.Bottomley at HansenPartnership.com>; Mimi Zohar
> <zohar at linux.ibm.com>; David Howells <dhowells at redhat.com>; Paul Moore
> <paul at paul-moore.com>; James Morris <jmorris at namei.org>; Serge E. Hallyn
> <serge at hallyn.com>; open list:SECURITY SUBSYSTEM <linux-security-
> module at vger.kernel.org>
> Subject: [EXTERNAL] [PATCH v2 5/6] tpm: tpm2_key: Extend parser to
> TPM_LoadableKey
> 
> ----------------------------------------------------------------------
> Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key
> so that callers can differentiate different key types.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko at kernel.org>
> ---
>  drivers/char/tpm/tpm2_key.c               | 14 +++++++++++---
>  include/crypto/tpm2_key.h                 |  2 ++
>  security/keys/trusted-keys/trusted_tpm2.c |  4 ++++
>  3 files changed, 17 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c
> index 0112362e432e..59797dc232f1 100644
> --- a/drivers/char/tpm/tpm2_key.c
> +++ b/drivers/char/tpm/tpm2_key.c
> @@ -32,16 +32,24 @@ int tpm2_key_type(void *context, size_t hdrlen,
>  		  const void *value, size_t vlen)
>  {
>  	enum OID oid = look_up_OID(value, vlen);
> -
> -	if (oid != OID_TPMSealedData) {
> +	struct tpm2_key *key = context;
> +
> +	switch (oid) {
> +	case OID_TPMSealedData:
> +		pr_info("TPMSealedData\n");
> +		break;
> +	case OID_TPMLoadableKey:
> +		pr_info("TPMLodableKey\n");
> +		break;
> +	default:
>  		char buffer[50];
> -
>  		sprint_oid(value, vlen, buffer, sizeof(buffer));
>  		pr_debug("OID is \"%s\" which is not TPMSealedData\n",
>  			 buffer);

Maybe extend this print to say "neither TPMSealedData nor TPMLodableKey"

Thanks
-Bharat

>  		return -EINVAL;
>  	}
> 
> +	key->oid = oid;
>  	return 0;
>  }
> 
> diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h
> index acf41b2e0c92..2d2434233000 100644
> --- a/include/crypto/tpm2_key.h
> +++ b/include/crypto/tpm2_key.h
> @@ -2,12 +2,14 @@
>  #ifndef __LINUX_TPM2_KEY_H__
>  #define __LINUX_TPM2_KEY_H__
> 
> +#include <linux/oid_registry.h>
>  #include <linux/slab.h>
> 
>  /*
>   * TPM2 ASN.1 key
>   */
>  struct tpm2_key {
> +	enum OID oid;
>  	u32 parent;
>  	const u8 *blob;
>  	u32 blob_len;
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c
> b/security/keys/trusted-keys/trusted_tpm2.c
> index f255388d32b8..ce4c667c3ee3 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -305,6 +305,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
>  		payload->old_format = 1;
>  	} else {
>  		blob = key.blob;
> +		if (key.oid != OID_TPMSealedData) {
> +			tpm2_key_destroy(&key);
> +			return -EINVAL;
> +		}
>  	}
> 
>  	if (!blob)
> --
> 2.45.1
> 




More information about the Linux-security-module-archive mailing list