[v6,11/20] tpm: export the context save and load commands

Message ID	20240102170408.21969-12-James.Bottomley@HansenPartnership.com (mailing list archive)
State	New
Headers	show Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D481B156F5; Tue, 2 Jan 2024 17:12:18 +0000 (UTC) From: James Bottomley <James.Bottomley@HansenPartnership.com> To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen <jarkko@kernel.org>, keyrings@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org> Subject: [PATCH v6 11/20] tpm: export the context save and load commands Date: Tue, 2 Jan 2024 12:03:59 -0500 Message-Id: <20240102170408.21969-12-James.Bottomley@HansenPartnership.com> In-Reply-To: <20240102170408.21969-1-James.Bottomley@HansenPartnership.com> References: <20240102170408.21969-1-James.Bottomley@HansenPartnership.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	add integrity and security to TPM2 transactions \| expand [v6,00/20] add integrity and security to TPM2 transactions [v6,01/20] tpm: Remove unused tpm_buf_tag() [v6,02/20] tpm: Remove tpm_send() [v6,03/20] tpm: Move buffer handling from static inlines to real functions [v6,04/20] tpm: Update struct tpm_buf documentation comments [v6,05/20] tpm: Store the length of the tpm_buf data separately. [v6,06/20] tpm: TPM2B formatted buffers [v6,07/20] tpm: Add tpm_buf_read_{u8,u16,u32} [v6,08/20] KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers [v6,09/20] crypto: lib - implement library version of AES in CFB mode [v6,10/20] tpm: add buffer function to point to returned parameters [v6,11/20] tpm: export the context save and load commands [v6,12/20] tpm: Add NULL primary creation [v6,13/20] tpm: Add HMAC session start and end functions [v6,14/20] tpm: Add HMAC session name/handle append [v6,15/20] tpm: Add the rest of the session HMAC API [v6,16/20] tpm: add hmac checks to tpm2_pcr_extend() [v6,17/20] tpm: add session encryption protection to tpm2_get_random() [v6,18/20] KEYS: trusted: Add session encryption protection to the seal/unseal path [v6,19/20] tpm: add the null key name as a sysfs export [v6,20/20] Documentation: add tpm-security.rst

Message ID

20240102170408.21969-12-James.Bottomley@HansenPartnership.com (mailing list archive)

State

New

Headers

From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
	keyrings@vger.kernel.org,
	Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH v6 11/20] tpm: export the context save and load commands
Date: Tue,  2 Jan 2024 12:03:59 -0500
Message-Id: <20240102170408.21969-12-James.Bottomley@HansenPartnership.com>
In-Reply-To: <20240102170408.21969-1-James.Bottomley@HansenPartnership.com>
References: <20240102170408.21969-1-James.Bottomley@HansenPartnership.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

add integrity and security to TPM2 transactions | expand

Commit Message

James Bottomley Jan. 2, 2024, 5:03 p.m. UTC

The TPM2 session HMAC and encryption handling code needs to save and
restore a single volatile context for the elliptic curve version of
the NULL seed, so export the APIs which do this for internal use.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>

---

v5: add review
---
 drivers/char/tpm/tpm.h        | 4 ++++
 drivers/char/tpm/tpm2-space.c | 8 ++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

Comments

Jarkko Sakkinen Jan. 3, 2024, 3:01 p.m. UTC | #1

On Tue Jan 2, 2024 at 7:03 PM EET, James Bottomley wrote:
> The TPM2 session HMAC and encryption handling code needs to save and
> restore a single volatile context for the elliptic curve version of
> the NULL seed, so export the APIs which do this for internal use.
>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
>
> ---
>
> v5: add review
> ---
>  drivers/char/tpm/tpm.h        | 4 ++++
>  drivers/char/tpm/tpm2-space.c | 8 ++++----
>  2 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 61445f1dc46d..cbc9d1e2974d 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -312,6 +312,10 @@ int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, void *buf,
>  		      size_t *bufsiz);
>  int tpm_devs_add(struct tpm_chip *chip);
>  void tpm_devs_remove(struct tpm_chip *chip);
> +int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
> +		      unsigned int buf_size, unsigned int *offset);
> +int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
> +		      unsigned int *offset, u32 *handle);
>  
>  void tpm_bios_log_setup(struct tpm_chip *chip);
>  void tpm_bios_log_teardown(struct tpm_chip *chip);
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index 363afdd4d1d3..24479a81c23c 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -68,8 +68,8 @@ void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space)
>  	kfree(space->session_buf);
>  }
>  
> -static int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
> -			     unsigned int *offset, u32 *handle)
> +int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
> +		      unsigned int *offset, u32 *handle)
>  {
>  	struct tpm_buf tbuf;
>  	struct tpm2_context *ctx;
> @@ -119,8 +119,8 @@ static int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
>  	return 0;
>  }
>  
> -static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
> -			     unsigned int buf_size, unsigned int *offset)
> +int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
> +		      unsigned int buf_size, unsigned int *offset)
>  {
>  	struct tpm_buf tbuf;
>  	unsigned int body_size;

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 61445f1dc46d..cbc9d1e2974d 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -312,6 +312,10 @@  int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, void *buf,
 		      size_t *bufsiz);
 int tpm_devs_add(struct tpm_chip *chip);
 void tpm_devs_remove(struct tpm_chip *chip);
+int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
+		      unsigned int buf_size, unsigned int *offset);
+int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
+		      unsigned int *offset, u32 *handle);
 
 void tpm_bios_log_setup(struct tpm_chip *chip);
 void tpm_bios_log_teardown(struct tpm_chip *chip);
diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
index 363afdd4d1d3..24479a81c23c 100644
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -68,8 +68,8 @@  void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space)
 	kfree(space->session_buf);
 }
 
-static int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
-			     unsigned int *offset, u32 *handle)
+int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
+		      unsigned int *offset, u32 *handle)
 {
 	struct tpm_buf tbuf;
 	struct tpm2_context *ctx;
@@ -119,8 +119,8 @@  static int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
 	return 0;
 }
 
-static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
-			     unsigned int buf_size, unsigned int *offset)
+int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
+		      unsigned int buf_size, unsigned int *offset)
 {
 	struct tpm_buf tbuf;
 	unsigned int body_size;

[v6,11/20] tpm: export the context save and load commands

Commit Message

Comments

Patch