From patchwork Fri May 5 14:21:49 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 9713659 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 543516034B for ; Fri, 5 May 2017 14:23:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5D762286B3 for ; Fri, 5 May 2017 14:23:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5057F28675; Fri, 5 May 2017 14:23:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9DB4128675 for ; Fri, 5 May 2017 14:23:36 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1d6e8t-0001E3-PO; Fri, 05 May 2017 14:23:35 +0000 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1d6e8t-0001Du-1H; Fri, 05 May 2017 14:23:35 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of huawei.com designates 194.213.3.17 as permitted sender) client-ip=194.213.3.17; envelope-from=roberto.sassu@huawei.com; helo=lhrrgout.huawei.com; Received: from lhrrgout.huawei.com ([194.213.3.17]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1d6e8r-0006fV-PA; Fri, 05 May 2017 14:23:35 +0000 Received: from 172.18.7.190 (EHLO LHREML712-CAH.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DGB12976; Fri, 05 May 2017 14:23:24 +0000 (GMT) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.66.1) by smtpsuk.huawei.com (10.201.108.35) with Microsoft SMTP Server (TLS) id 14.3.301.0; Fri, 5 May 2017 15:23:14 +0100 From: Roberto Sassu To: Date: Fri, 5 May 2017 16:21:49 +0200 Message-ID: <20170505142152.29795-3-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170505142152.29795-1-roberto.sassu@huawei.com> References: <20170505142152.29795-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.66.1] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.590C8ADC.0219, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 29f3cd919127f7e5470f639486a8552c X-Headers-End: 1d6e8r-0006fV-PA Cc: linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [tpmdd-devel] [PATCH v2 2/5] tpm: introduce tpm_pcr_algo_to_crypto() and tpm_pcr_algo_from_crypto() X-BeenThere: tpmdd-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: Tpm Device Driver maintainance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces@lists.sourceforge.net X-Virus-Scanned: ClamAV using ClamSMTP tpm_pcr_algorithms() returns to its callers the IDs of the hash algorithms supported by the TPM. This patch introduces tpm_pcr_algo_to_crypto(), so that the callers can use the crypto subsystem to calculate the digest to be passed to tpm_pcr_extend(). tpm_pcr_algo_from_crypto(), implemented for completeness, is instead used by tpm2_seal_trusted() to perform the opposite conversion. Signed-off-by: Roberto Sassu --- v2 - fixed return values of tpm2_pcr_algo_to_crypto() and tpm2_pcr_algo_from_crypto() if TPM support is disabled in the kernel drivers/char/tpm/tpm-interface.c | 51 ++++++++++++++++++++++++++++++++++++++++ drivers/char/tpm/tpm2-cmd.c | 42 +++++++++------------------------ include/linux/tpm.h | 13 ++++++++++ 3 files changed, 75 insertions(+), 31 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index b90de3d..aac703e 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -956,6 +956,57 @@ int tpm_pcr_algorithms(u32 chip_num, int count, } EXPORT_SYMBOL_GPL(tpm_pcr_algorithms); +struct tpm2_hash { + unsigned int crypto_id; + unsigned int tpm_id; +}; + +static struct tpm2_hash tpm2_hash_map[] = { + {HASH_ALGO_SHA1, TPM2_ALG_SHA1}, + {HASH_ALGO_SHA256, TPM2_ALG_SHA256}, + {HASH_ALGO_SHA384, TPM2_ALG_SHA384}, + {HASH_ALGO_SHA512, TPM2_ALG_SHA512}, + {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256}, +}; + +/** + * tpm_pcr_algo_to_crypto() - convert from TPM ID to crypto ID + * @tpm_id: TPM ID + * + * Return: crypto ID + */ +enum hash_algo tpm_pcr_algo_to_crypto(enum tpm2_algorithms tpm_id) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { + if (tpm_id == tpm2_hash_map[i].tpm_id) + return tpm2_hash_map[i].crypto_id; + } + + return HASH_ALGO__LAST; +} +EXPORT_SYMBOL_GPL(tpm_pcr_algo_to_crypto); + +/** + * tpm_pcr_algo_from_crypto() - convert from crypto ID to TPM ID + * @crypto_id: crypto ID + * + * Return: TPM ID + */ +enum tpm2_algorithms tpm_pcr_algo_from_crypto(enum hash_algo crypto_id) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { + if (crypto_id == tpm2_hash_map[i].crypto_id) + return tpm2_hash_map[i].tpm_id; + } + + return TPM2_ALG_ERROR; +} +EXPORT_SYMBOL_GPL(tpm_pcr_algo_from_crypto); + /** * tpm_do_selftest - have the TPM continue its selftest and wait until it * can receive further commands diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 3ee6883..828a688 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -92,19 +92,6 @@ struct tpm2_cmd { union tpm2_cmd_params params; } __packed; -struct tpm2_hash { - unsigned int crypto_id; - unsigned int tpm_id; -}; - -static struct tpm2_hash tpm2_hash_map[] = { - {HASH_ALGO_SHA1, TPM2_ALG_SHA1}, - {HASH_ALGO_SHA256, TPM2_ALG_SHA256}, - {HASH_ALGO_SHA384, TPM2_ALG_SHA384}, - {HASH_ALGO_SHA512, TPM2_ALG_SHA512}, - {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256}, -}; - /* * Array with one entry per ordinal defining the maximum amount * of time the chip could take to return the result. The values @@ -301,7 +288,6 @@ int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, struct tpm2_null_auth_area auth_area; int rc; int i; - int j; if (count > ARRAY_SIZE(chip->active_banks)) return -EINVAL; @@ -323,14 +309,15 @@ int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, tpm_buf_append_u32(&buf, count); for (i = 0; i < count; i++) { - for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) { - if (digests[i].alg_id != tpm2_hash_map[j].tpm_id) - continue; - tpm_buf_append_u16(&buf, digests[i].alg_id); - tpm_buf_append(&buf, (const unsigned char - *)&digests[i].digest, - hash_digest_size[tpm2_hash_map[j].crypto_id]); - } + enum tpm2_algorithms tpm_id = digests[i].alg_id; + enum hash_algo crypto_id = tpm_pcr_algo_to_crypto(tpm_id); + + if (crypto_id == HASH_ALGO__LAST) + continue; + + tpm_buf_append_u16(&buf, digests[i].alg_id); + tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest, + hash_digest_size[crypto_id]); } rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, @@ -493,17 +480,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip, unsigned int blob_len; struct tpm_buf buf; u32 hash, rlength; - int i; int rc; - for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { - if (options->hash == tpm2_hash_map[i].crypto_id) { - hash = tpm2_hash_map[i].tpm_id; - break; - } - } - - if (i == ARRAY_SIZE(tpm2_hash_map)) + hash = tpm_pcr_algo_from_crypto(options->hash); + if (hash == TPM2_ALG_ERROR) return -EINVAL; rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index b0d0061..9ecd12c 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -22,6 +22,8 @@ #ifndef __LINUX_TPM_H__ #define __LINUX_TPM_H__ +#include + #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ #define TPM_ACTIVE_BANKS_MAX 7 /* Max num of active banks for TPM 2.0 */ @@ -71,6 +73,8 @@ extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf); extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash); extern int tpm_pcr_algorithms(u32 chip_num, int count, enum tpm2_algorithms *algorithms); +extern enum hash_algo tpm_pcr_algo_to_crypto(enum tpm2_algorithms tpm_id); +extern enum tpm2_algorithms tpm_pcr_algo_from_crypto(enum hash_algo crypto_id); extern int tpm_send(u32 chip_num, void *cmd, size_t buflen); extern int tpm_get_random(u32 chip_num, u8 *data, size_t max); extern int tpm_seal_trusted(u32 chip_num, @@ -95,6 +99,15 @@ static inline int tpm_pcr_algorithms(u32 chip_num, int count, { return -ENODEV; } +static inline enum hash_algo tpm_pcr_algo_to_crypto(enum tpm2_algorithms tpm_id) +{ + return HASH_ALGO__LAST; +} +static inline enum tpm2_algorithms tpm_pcr_algo_from_crypto( + enum hash_algo crypto_id) +{ + return TPM2_ALG_ERROR; +} static inline int tpm_send(u32 chip_num, void *cmd, size_t buflen) { return -ENODEV; }