From: Roberto Sassu <roberto.sassu@huawei.com>
To: jarkko.sakkinen@linux.intel.com, zohar@linux.ibm.com,
david.safford@ge.com, monty.wiseman@ge.com,
matthewgarrett@google.com
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Date: Wed, 06 Feb 2019 16:24:51 +0000 [thread overview]
Message-ID: <20190206162452.7749-6-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20190206162452.7749-1-roberto.sassu@huawei.com>
When crypto agility support will be added to the TPM driver, users of the
driver have to retrieve the allocated banks from chip->allocated_banks and
use this information to prepare the array of tpm_digest structures to be
passed to tpm_pcr_extend().
This patch retrieves a tpm_chip pointer from tpm_default_chip() so that the
pointer can be used to prepare the array of tpm_digest structures.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
security/keys/trusted.c | 38 ++++++++++++++++++++++++--------------
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 4d98f4f87236..5b852263eae1 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -34,6 +34,7 @@
static const char hmac_alg[] = "hmac(sha1)";
static const char hash_alg[] = "sha1";
+static struct tpm_chip *chip;
struct sdesc {
struct shash_desc shash;
@@ -362,7 +363,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
int rc;
dump_tpm_buf(cmd);
- rc = tpm_send(NULL, cmd, buflen);
+ rc = tpm_send(chip, cmd, buflen);
dump_tpm_buf(cmd);
if (rc > 0)
/* Can't return positive return codes values to keyctl */
@@ -384,10 +385,10 @@ static int pcrlock(const int pcrnum)
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
+ ret = tpm_get_random(chip, hash, SHA1_DIGEST_SIZE);
if (ret != SHA1_DIGEST_SIZE)
return ret;
- return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
+ return tpm_pcr_extend(chip, pcrnum, hash) ? -EINVAL : 0;
}
/*
@@ -400,7 +401,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
unsigned char ononce[TPM_NONCE_SIZE];
int ret;
- ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
+ ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE)
return ret;
@@ -496,7 +497,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
if (ret < 0)
goto out;
- ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
+ ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE)
goto out;
ordinal = htonl(TPM_ORD_SEAL);
@@ -606,7 +607,7 @@ static int tpm_unseal(struct tpm_buf *tb,
ordinal = htonl(TPM_ORD_UNSEAL);
keyhndl = htonl(SRKHANDLE);
- ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
+ ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE) {
pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
return ret;
@@ -751,7 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
int i;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(chip);
if (tpm2 < 0)
return tpm2;
@@ -920,7 +921,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
struct trusted_key_options *options;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(chip);
if (tpm2 < 0)
return NULL;
@@ -970,7 +971,7 @@ static int trusted_instantiate(struct key *key,
size_t key_len;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(chip);
if (tpm2 < 0)
return tpm2;
@@ -1011,7 +1012,7 @@ static int trusted_instantiate(struct key *key,
switch (key_cmd) {
case Opt_load:
if (tpm2)
- ret = tpm_unseal_trusted(NULL, payload, options);
+ ret = tpm_unseal_trusted(chip, payload, options);
else
ret = key_unseal(payload, options);
dump_payload(payload);
@@ -1021,13 +1022,13 @@ static int trusted_instantiate(struct key *key,
break;
case Opt_new:
key_len = payload->key_len;
- ret = tpm_get_random(NULL, payload->key, key_len);
+ ret = tpm_get_random(chip, payload->key, key_len);
if (ret != key_len) {
pr_info("trusted_key: key_create failed (%d)\n", ret);
goto out;
}
if (tpm2)
- ret = tpm_seal_trusted(NULL, payload, options);
+ ret = tpm_seal_trusted(chip, payload, options);
else
ret = key_seal(payload, options);
if (ret < 0)
@@ -1225,17 +1226,26 @@ static int __init init_trusted(void)
{
int ret;
+ chip = tpm_default_chip();
+ if (!chip)
+ return -ENOENT;
ret = trusted_shash_alloc();
if (ret < 0)
- return ret;
+ goto err_put;
ret = register_key_type(&key_type_trusted);
if (ret < 0)
- trusted_shash_release();
+ goto err_release;
+ return 0;
+err_release:
+ trusted_shash_release();
+err_put:
+ put_device(&chip->dev);
return ret;
}
static void __exit cleanup_trusted(void)
{
+ put_device(&chip->dev);
trusted_shash_release();
unregister_key_type(&key_type_trusted);
}
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Roberto Sassu <roberto.sassu@huawei.com>
To: <jarkko.sakkinen@linux.intel.com>, <zohar@linux.ibm.com>,
<david.safford@ge.com>, <monty.wiseman@ge.com>,
<matthewgarrett@google.com>
Cc: <linux-integrity@vger.kernel.org>,
<linux-security-module@vger.kernel.org>,
<keyrings@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<silviu.vlasceanu@huawei.com>,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Date: Wed, 6 Feb 2019 17:24:51 +0100 [thread overview]
Message-ID: <20190206162452.7749-6-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20190206162452.7749-1-roberto.sassu@huawei.com>
When crypto agility support will be added to the TPM driver, users of the
driver have to retrieve the allocated banks from chip->allocated_banks and
use this information to prepare the array of tpm_digest structures to be
passed to tpm_pcr_extend().
This patch retrieves a tpm_chip pointer from tpm_default_chip() so that the
pointer can be used to prepare the array of tpm_digest structures.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
security/keys/trusted.c | 38 ++++++++++++++++++++++++--------------
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 4d98f4f87236..5b852263eae1 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -34,6 +34,7 @@
static const char hmac_alg[] = "hmac(sha1)";
static const char hash_alg[] = "sha1";
+static struct tpm_chip *chip;
struct sdesc {
struct shash_desc shash;
@@ -362,7 +363,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
int rc;
dump_tpm_buf(cmd);
- rc = tpm_send(NULL, cmd, buflen);
+ rc = tpm_send(chip, cmd, buflen);
dump_tpm_buf(cmd);
if (rc > 0)
/* Can't return positive return codes values to keyctl */
@@ -384,10 +385,10 @@ static int pcrlock(const int pcrnum)
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
+ ret = tpm_get_random(chip, hash, SHA1_DIGEST_SIZE);
if (ret != SHA1_DIGEST_SIZE)
return ret;
- return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
+ return tpm_pcr_extend(chip, pcrnum, hash) ? -EINVAL : 0;
}
/*
@@ -400,7 +401,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
unsigned char ononce[TPM_NONCE_SIZE];
int ret;
- ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
+ ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE)
return ret;
@@ -496,7 +497,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
if (ret < 0)
goto out;
- ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
+ ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE)
goto out;
ordinal = htonl(TPM_ORD_SEAL);
@@ -606,7 +607,7 @@ static int tpm_unseal(struct tpm_buf *tb,
ordinal = htonl(TPM_ORD_UNSEAL);
keyhndl = htonl(SRKHANDLE);
- ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
+ ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE) {
pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
return ret;
@@ -751,7 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
int i;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(chip);
if (tpm2 < 0)
return tpm2;
@@ -920,7 +921,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
struct trusted_key_options *options;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(chip);
if (tpm2 < 0)
return NULL;
@@ -970,7 +971,7 @@ static int trusted_instantiate(struct key *key,
size_t key_len;
int tpm2;
- tpm2 = tpm_is_tpm2(NULL);
+ tpm2 = tpm_is_tpm2(chip);
if (tpm2 < 0)
return tpm2;
@@ -1011,7 +1012,7 @@ static int trusted_instantiate(struct key *key,
switch (key_cmd) {
case Opt_load:
if (tpm2)
- ret = tpm_unseal_trusted(NULL, payload, options);
+ ret = tpm_unseal_trusted(chip, payload, options);
else
ret = key_unseal(payload, options);
dump_payload(payload);
@@ -1021,13 +1022,13 @@ static int trusted_instantiate(struct key *key,
break;
case Opt_new:
key_len = payload->key_len;
- ret = tpm_get_random(NULL, payload->key, key_len);
+ ret = tpm_get_random(chip, payload->key, key_len);
if (ret != key_len) {
pr_info("trusted_key: key_create failed (%d)\n", ret);
goto out;
}
if (tpm2)
- ret = tpm_seal_trusted(NULL, payload, options);
+ ret = tpm_seal_trusted(chip, payload, options);
else
ret = key_seal(payload, options);
if (ret < 0)
@@ -1225,17 +1226,26 @@ static int __init init_trusted(void)
{
int ret;
+ chip = tpm_default_chip();
+ if (!chip)
+ return -ENOENT;
ret = trusted_shash_alloc();
if (ret < 0)
- return ret;
+ goto err_put;
ret = register_key_type(&key_type_trusted);
if (ret < 0)
- trusted_shash_release();
+ goto err_release;
+ return 0;
+err_release:
+ trusted_shash_release();
+err_put:
+ put_device(&chip->dev);
return ret;
}
static void __exit cleanup_trusted(void)
{
+ put_device(&chip->dev);
trusted_shash_release();
unregister_key_type(&key_type_trusted);
}
--
2.17.1
next prev parent reply other threads:[~2019-02-06 16:24 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-06 16:24 [PATCH v10, RESEND 0/6] tpm: retrieve digest size of unknown algorithms from TPM Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 1/6] tpm: dynamically allocate the allocated_banks array Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 2/6] tpm: rename and export tpm2_digest and tpm2_algorithms Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 3/6] tpm: retrieve digest size of unknown algorithms with PCR read Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 4/6] tpm: move tpm_chip definition to include/linux/tpm.h Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-08 4:24 ` Nathan Chancellor
2019-02-08 4:24 ` Nathan Chancellor
2019-02-08 8:41 ` Roberto Sassu
2019-02-08 8:41 ` Roberto Sassu
2019-02-08 16:16 ` Nathan Chancellor
2019-02-08 16:16 ` Nathan Chancellor
2019-02-08 16:38 ` Roberto Sassu
2019-02-08 16:38 ` Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu [this message]
2019-02-06 16:24 ` [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip() Roberto Sassu
2019-03-18 22:35 ` Dan Williams
2019-03-18 22:35 ` Dan Williams
2019-03-18 22:35 ` Dan Williams
2019-03-21 13:15 ` Jarkko Sakkinen
2019-03-21 13:15 ` Jarkko Sakkinen
2019-03-21 13:15 ` Jarkko Sakkinen
2019-03-21 13:25 ` Roberto Sassu
2019-03-21 13:25 ` Roberto Sassu
2019-03-21 13:25 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 6/6] tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190206162452.7749-6-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=david.safford@ge.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=monty.wiseman@ge.com \
--cc=silviu.vlasceanu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.