From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
keyrings@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH v2 07/11] tpm: add hmac checks to tpm2_pcr_extend()
Date: Tue, 24 Jan 2023 12:55:12 -0500 [thread overview]
Message-ID: <20230124175516.5984-8-James.Bottomley@HansenPartnership.com> (raw)
In-Reply-To: <20230124175516.5984-1-James.Bottomley@HansenPartnership.com>
We use tpm2_pcr_extend() in trusted keys to extend a PCR to prevent a
key from being re-loaded until the next reboot. To use this
functionality securely, that extend must be protected by a session
hmac.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
drivers/char/tpm/tpm2-cmd.c | 28 +++++++++++-----------------
1 file changed, 11 insertions(+), 17 deletions(-)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 056dad3dd5c9..001360d5956d 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -216,13 +216,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
return rc;
}
-struct tpm2_null_auth_area {
- __be32 handle;
- __be16 nonce_size;
- u8 attributes;
- __be16 auth_size;
-} __packed;
-
/**
* tpm2_pcr_extend() - extend a PCR value
*
@@ -236,24 +229,23 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
struct tpm_digest *digests)
{
struct tpm_buf buf;
- struct tpm2_null_auth_area auth_area;
+ struct tpm2_auth *auth;
int rc;
int i;
- rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
+ rc = tpm2_start_auth_session(chip, &auth);
if (rc)
return rc;
- tpm_buf_append_u32(&buf, pcr_idx);
+ rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
+ if (rc) {
+ tpm2_end_auth_session(auth);
+ return rc;
+ }
- auth_area.handle = cpu_to_be32(TPM2_RS_PW);
- auth_area.nonce_size = 0;
- auth_area.attributes = 0;
- auth_area.auth_size = 0;
+ tpm_buf_append_name(&buf, auth, pcr_idx, NULL);
+ tpm_buf_append_hmac_session(&buf, auth, 0, NULL, 0);
- tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
- tpm_buf_append(&buf, (const unsigned char *)&auth_area,
- sizeof(auth_area));
tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
for (i = 0; i < chip->nr_allocated_banks; i++) {
@@ -262,7 +254,9 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
chip->allocated_banks[i].digest_size);
}
+ tpm_buf_fill_hmac_session(&buf, auth);
rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
+ rc = tpm_buf_check_hmac_response(&buf, auth, rc);
tpm_buf_destroy(&buf);
--
2.35.3
next prev parent reply other threads:[~2023-01-24 17:57 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-24 17:55 [PATCH v2 00/11] add integrity and security to TPM2 transactions James Bottomley
2023-01-24 17:55 ` [PATCH v2 01/11] tpm: move buffer handling from static inlines to real functions James Bottomley
2023-01-24 19:57 ` kernel test robot
2023-01-25 14:01 ` James Bottomley
2023-01-24 17:55 ` [PATCH v2 02/11] tpm: add buffer handling for TPM2B types James Bottomley
2023-01-24 17:55 ` [PATCH v2 03/11] tpm: add cursor based buffer functions for response parsing James Bottomley
2023-01-24 17:55 ` [PATCH v2 04/11] tpm: add buffer function to point to returned parameters James Bottomley
2023-01-24 17:55 ` [PATCH v2 05/11] tpm: export the context save and load commands James Bottomley
2023-01-24 17:55 ` [PATCH v2 06/11] tpm: Add full HMAC and encrypt/decrypt session handling code James Bottomley
2023-01-24 20:48 ` kernel test robot
2023-01-24 23:11 ` kernel test robot
2023-01-25 12:59 ` James Bottomley
2023-02-03 6:06 ` Yujie Liu
2023-02-08 2:49 ` Jarkko Sakkinen
2023-02-10 14:48 ` James Bottomley
2023-02-13 7:45 ` Jarkko Sakkinen
2023-02-13 9:31 ` Yujie Liu
2023-02-14 13:54 ` Ard Biesheuvel
2023-02-14 14:28 ` James Bottomley
2023-02-14 14:36 ` Ard Biesheuvel
2023-02-16 14:52 ` James Bottomley
2023-02-17 8:49 ` Ard Biesheuvel
2023-02-14 14:34 ` James Bottomley
2023-02-17 21:51 ` Jarkko Sakkinen
2023-02-08 4:35 ` James Bottomley
2023-01-25 6:03 ` kernel test robot
2023-01-24 17:55 ` James Bottomley [this message]
2023-01-24 17:55 ` [PATCH v2 08/11] tpm: add session encryption protection to tpm2_get_random() James Bottomley
2023-01-24 17:55 ` [PATCH v2 09/11] KEYS: trusted: Add session encryption protection to the seal/unseal path James Bottomley
2023-01-29 13:06 ` Ben Boeckel
2023-01-24 17:55 ` [PATCH v2 10/11] tpm: add the null key name as a sysfs export James Bottomley
2023-01-24 17:55 ` [PATCH v2 11/11] Documentation: add tpm-security.rst James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230124175516.5984-8-James.Bottomley@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=ardb@kernel.org \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).