tpm: fix RC value check in tpm2_seal_trusted
diff mbox

Message ID 20170125210348.13790-1-jarkko.sakkinen@linux.intel.com
State New
Headers show

Commit Message

Jarkko Sakkinen Jan. 25, 2017, 9:03 p.m. UTC
Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/char/tpm/tpm.h      | 5 +++++
 drivers/char/tpm/tpm2-cmd.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

Comments

Jason Gunthorpe Jan. 25, 2017, 10:12 p.m. UTC | #1
On Wed, Jan 25, 2017 at 11:03:48PM +0200, Jarkko Sakkinen wrote:
> Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

I think you need a commit message for this.. Is this following the
spec?

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jarkko Sakkinen Jan. 26, 2017, 11:27 a.m. UTC | #2
On Wed, Jan 25, 2017 at 03:12:45PM -0700, Jason Gunthorpe wrote:
> On Wed, Jan 25, 2017 at 11:03:48PM +0200, Jarkko Sakkinen wrote:
> > Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> 
> I think you need a commit message for this.. Is this following the
> spec?

Yes.

Format one commands the upper bits contain either handle, session or
parameter index. Bit 7 tells whether it the error code is format zero or
one. Format zero errors do not require masking. They do not have any
data in addition to value.

The reason why this bug was repeated in TPM space code was that I
originally melded that code form my trusted keys code (copy pasted and
edited message construction).

"The error code handling is bogus as any error code that has the bits
set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
parse the error value from FMT0 and FMT1 error codes to use to check the
error so that these types of mistakes is prevented in the future."

Is that suitable or do you want me to add something?

Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jason Gunthorpe Jan. 26, 2017, 6:32 p.m. UTC | #3
On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:

> "The error code handling is bogus as any error code that has the bits
> set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> parse the error value from FMT0 and FMT1 error codes to use to check the
> error so that these types of mistakes is prevented in the future."

Great thanks

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jarkko Sakkinen Jan. 27, 2017, 6:43 a.m. UTC | #4
On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> 
> > "The error code handling is bogus as any error code that has the bits
> > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > parse the error value from FMT0 and FMT1 error codes to use to check the
> > error so that these types of mistakes is prevented in the future."
> 
> Great thanks
> 
> Jason

Can I put your Reviewed-by? I would like to get this into 4.11.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jason Gunthorpe Jan. 27, 2017, 4:24 p.m. UTC | #5
On Fri, Jan 27, 2017 at 08:43:27AM +0200, Jarkko Sakkinen wrote:
> On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> > On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> > 
> > > "The error code handling is bogus as any error code that has the bits
> > > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > > parse the error value from FMT0 and FMT1 error codes to use to check the
> > > error so that these types of mistakes is prevented in the future."
> > 
> > Great thanks
> > 
> > Jason
> 
> Can I put your Reviewed-by? I would like to get this into 4.11.

I'm not up to speed on the TPM2 parsing, but it looks OK based on your
description.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jarkko Sakkinen Jan. 29, 2017, 3:11 p.m. UTC | #6
On Fri, Jan 27, 2017 at 09:24:16AM -0700, Jason Gunthorpe wrote:
> On Fri, Jan 27, 2017 at 08:43:27AM +0200, Jarkko Sakkinen wrote:
> > On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> > > On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> > > 
> > > > "The error code handling is bogus as any error code that has the bits
> > > > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > > > parse the error value from FMT0 and FMT1 error codes to use to check the
> > > > error so that these types of mistakes is prevented in the future."
> > > 
> > > Great thanks
> > > 
> > > Jason
> > 
> > Can I put your Reviewed-by? I would like to get this into 4.11.
> 
> I'm not up to speed on the TPM2 parsing, but it looks OK based on your
> description.
> 
> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
> 
> Jason

Thanks I applied this patch to master.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 4e5fb22..abc621e 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -523,6 +523,11 @@  static inline void tpm_add_ppi(struct tpm_chip *chip)
 }
 #endif
 
+static inline inline u32 tpm2_rc_value(u32 rc)
+{
+	return (rc & BIT(7)) ? rc & 0xff : rc;
+}
+
 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
 		    struct tpm2_digest *digests);
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6c8174a..40b09ca 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -551,7 +551,7 @@  int tpm2_seal_trusted(struct tpm_chip *chip,
 	tpm_buf_destroy(&buf);
 
 	if (rc > 0) {
-		if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH)
+		if (tpm2_rc_value(rc) == TPM2_RC_HASH)
 			rc = -EINVAL;
 		else
 			rc = -EPERM;