[v2,3/6] tpm: Export tpm2_load_context()

Message ID	20240521031645.17008-4-jarkko@kernel.org (mailing list archive)
State	Superseded
Delegated to:	Herbert Xu
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B86E25634; Tue, 21 May 2024 03:17:09 +0000 (UTC) From: Jarkko Sakkinen <jarkko@kernel.org> To: Herbert Xu <herbert@gondor.apana.org.au> Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, Andreas.Fuchs@infineon.com, James Prestwood <prestwoj@gmail.com>, David Woodhouse <dwmw2@infradead.org>, Eric Biggers <ebiggers@kernel.org>, James Bottomley <James.Bottomley@hansenpartnership.com>, Jarkko Sakkinen <jarkko@kernel.org>, "David S. Miller" <davem@davemloft.net>, linux-crypto@vger.kernel.org (open list:CRYPTO API), linux-kernel@vger.kernel.org (open list), Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>, James Bottomley <James.Bottomley@HansenPartnership.com>, Stefan Berger <stefanb@linux.ibm.com>, Ard Biesheuvel <ardb@kernel.org>, Mario Limonciello <mario.limonciello@amd.com> Subject: [PATCH v2 3/6] tpm: Export tpm2_load_context() Date: Tue, 21 May 2024 06:16:28 +0300 Message-ID: <20240521031645.17008-4-jarkko@kernel.org> In-Reply-To: <20240521031645.17008-1-jarkko@kernel.org> References: <20240521031645.17008-1-jarkko@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	KEYS: asymmetric: tpm2_key_rsa \| expand [v2,0/6] KEYS: asymmetric: tpm2_key_rsa [v2,1/6] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() [v2,2/6] lib: Expand asn1_encode_integer() to variable size integers [v2,3/6] tpm: Export tpm2_load_context() [v2,4/6] KEYS: trusted: Move tpm2_key_decode() to the TPM driver [v2,5/6] tpm: tpm2_key: Extend parser to TPM_LoadableKey [v2,6/6] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 6b8b9956ba69..c9c67fe84f33 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -314,8 +314,6 @@ int tpm_devs_add(struct tpm_chip *chip); void tpm_devs_remove(struct tpm_chip *chip); int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, unsigned int buf_size, unsigned int *offset); -int tpm2_load_context(struct tpm_chip *chip, u8 *buf, - unsigned int *offset, u32 *handle); void tpm_bios_log_setup(struct tpm_chip *chip); void tpm_bios_log_teardown(struct tpm_chip *chip); diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 0cdf892ec2a7..eb07a109e2ba 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -370,6 +370,83 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle) } EXPORT_SYMBOL_GPL(tpm2_flush_context); +struct tpm2_context { + __be64 sequence; + __be32 saved_handle; + __be32 hierarchy; + __be16 blob_size; +} __packed; + +/** + * tpm2_load_context() - Load TPM2 object to the TPM memory + * @chip: TPM chip to use + * @buf: Blob containing TPM2 object. + * @offset: Output variable for the offset in @buf reached. + * @handle: Output variable for the handle of the object in TPM memory. + * + * Load a blob encrypted with TPM from the memory to the TPM chip. + * + * Return: + * - 0 when the blob is successfully loaded to the TPM. + * - -EFAULT if the TPM chip itself fails. + * - -ENOENT if the TPM object is replayed. + * - -EINVAL if the TPM object is corrupted. + */ +int tpm2_load_context(struct tpm_chip *chip, const u8 *buf, + unsigned int *offset, u32 *handle) +{ + struct tpm_buf tbuf; + struct tpm2_context *ctx; + unsigned int body_size; + int rc; + + rc = tpm_buf_init(&tbuf, TPM2_ST_NO_SESSIONS, TPM2_CC_CONTEXT_LOAD); + if (rc) + return rc; + + ctx = (struct tpm2_context *)&buf[*offset]; + body_size = sizeof(*ctx) + be16_to_cpu(ctx->blob_size); + tpm_buf_append(&tbuf, &buf[*offset], body_size); + + rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL); + if (rc < 0) { + dev_warn(&chip->dev, "%s: failed with a system error %d\n", + __func__, rc); + tpm_buf_destroy(&tbuf); + return -EFAULT; + } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE || + rc == TPM2_RC_REFERENCE_H0) { + /* + * TPM_RC_HANDLE means that the session context can't + * be loaded because of an internal counter mismatch + * that makes the TPM think there might have been a + * replay. This might happen if the context was saved + * and loaded outside the space. + * + * TPM_RC_REFERENCE_H0 means the session has been + * flushed outside the space + */ + *handle = 0; + tpm_buf_destroy(&tbuf); + return -ENOENT; + } else if (tpm2_rc_value(rc) == TPM2_RC_INTEGRITY) { + tpm_buf_destroy(&tbuf); + return -EINVAL; + } else if (rc > 0) { + dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n", + __func__, rc); + tpm_buf_destroy(&tbuf); + return -EFAULT; + } + + *handle = be32_to_cpup((__be32 *)&tbuf.data[TPM_HEADER_SIZE]); + *offset += body_size; + + tpm_buf_destroy(&tbuf); + return 0; +} +EXPORT_SYMBOL_GPL(tpm2_load_context); + struct tpm2_get_cap_out { u8 more_data; __be32 subcap_id; diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index 4892d491da8d..708c6e4d64cd 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -21,13 +21,6 @@ enum tpm2_handle_types { TPM2_HT_TRANSIENT = 0x80000000, }; -struct tpm2_context { - __be64 sequence; - __be32 saved_handle; - __be32 hierarchy; - __be16 blob_size; -} __packed; - static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space) { int i; @@ -68,60 +61,6 @@ void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space) kfree(space->session_buf); } -int tpm2_load_context(struct tpm_chip *chip, u8 *buf, - unsigned int *offset, u32 *handle) -{ - struct tpm_buf tbuf; - struct tpm2_context *ctx; - unsigned int body_size; - int rc; - - rc = tpm_buf_init(&tbuf, TPM2_ST_NO_SESSIONS, TPM2_CC_CONTEXT_LOAD); - if (rc) - return rc; - - ctx = (struct tpm2_context *)&buf[*offset]; - body_size = sizeof(*ctx) + be16_to_cpu(ctx->blob_size); - tpm_buf_append(&tbuf, &buf[*offset], body_size); - - rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL); - if (rc < 0) { - dev_warn(&chip->dev, "%s: failed with a system error %d\n", - __func__, rc); - tpm_buf_destroy(&tbuf); - return -EFAULT; - } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE || - rc == TPM2_RC_REFERENCE_H0) { - /* - * TPM_RC_HANDLE means that the session context can't - * be loaded because of an internal counter mismatch - * that makes the TPM think there might have been a - * replay. This might happen if the context was saved - * and loaded outside the space. - * - * TPM_RC_REFERENCE_H0 means the session has been - * flushed outside the space - */ - *handle = 0; - tpm_buf_destroy(&tbuf); - return -ENOENT; - } else if (tpm2_rc_value(rc) == TPM2_RC_INTEGRITY) { - tpm_buf_destroy(&tbuf); - return -EINVAL; - } else if (rc > 0) { - dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n", - __func__, rc); - tpm_buf_destroy(&tbuf); - return -EFAULT; - } - - *handle = be32_to_cpup((__be32 *)&tbuf.data[TPM_HEADER_SIZE]); - *offset += body_size; - - tpm_buf_destroy(&tbuf); - return 0; -} - int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, unsigned int buf_size, unsigned int *offset) { diff --git a/include/linux/tpm.h b/include/linux/tpm.h index c17e4efbb2e5..2f25ca07127b 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -466,6 +466,8 @@ extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max); extern struct tpm_chip *tpm_default_chip(void); void tpm2_flush_context(struct tpm_chip *chip, u32 handle); +int tpm2_load_context(struct tpm_chip *chip, const u8 *buf, + unsigned int *offset, u32 *handle); static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) {

[v2,3/6] tpm: Export tpm2_load_context()

Commit Message

Patch