From patchwork Mon Sep 25 11:19:49 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 9969755 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2E98C60365 for ; Mon, 25 Sep 2017 11:22:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 243BD2624A for ; Mon, 25 Sep 2017 11:22:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 191BE28066; Mon, 25 Sep 2017 11:22:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3DC6927FA3 for ; Mon, 25 Sep 2017 11:22:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933920AbdIYLWA (ORCPT ); Mon, 25 Sep 2017 07:22:00 -0400 Received: from lhrrgout.huawei.com ([194.213.3.17]:36474 "EHLO lhrrgout.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933537AbdIYLV7 (ORCPT ); Mon, 25 Sep 2017 07:21:59 -0400 Received: from 172.18.7.190 (EHLO LHREML711-CAH.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DPG47230; Mon, 25 Sep 2017 11:21:57 +0000 (GMT) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.254) by smtpsuk.huawei.com (10.201.108.34) with Microsoft SMTP Server (TLS) id 14.3.301.0; Mon, 25 Sep 2017 12:21:47 +0100 From: Roberto Sassu To: CC: , , , , Roberto Sassu Subject: [PATCH 2/3] tpm: retrieve digest size of unknown algorithms with PCR read Date: Mon, 25 Sep 2017 13:19:49 +0200 Message-ID: <20170925111950.21511-3-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170925111950.21511-1-roberto.sassu@huawei.com> References: <20170925111950.21511-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.65.254] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090203.59C8E6D5.0276, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 6968699ded7511ec4d7020f6d82902fb Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP PCRs can be extended by providing the TPM algorithm identifier and the digest. To correctly build the command buffer, the digest size must be known. The TPM driver cannot determine the digest size if the provided TPM algorithm is not mapped to any crypto algorithm. In this case, the PCR bank is not extended and could be used by attackers to protect measurements made by themselves, which do not reflect the true status of the platform. To avoid this situation, the digest size of unknown algorithms is determined at TPM initialization time with a PCR read, and stored in the tpm_chip structure. The array of algorithms (active_banks) has been replaced with an array of active_pcr_bank_info, a new structure containing both the TPM algorithm identifier and the digest size. Signed-off-by: Roberto Sassu --- drivers/char/tpm/tpm-interface.c | 4 +-- drivers/char/tpm/tpm.h | 2 +- drivers/char/tpm/tpm2-cmd.c | 55 ++++++++++++++++++++++++++++++++-------- include/linux/tpm.h | 5 ++++ 4 files changed, 52 insertions(+), 14 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 1d6729b..2c3d973 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -914,8 +914,8 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) memset(digest_list, 0, sizeof(digest_list)); for (i = 0; i < ARRAY_SIZE(chip->active_banks) && - chip->active_banks[i] != TPM2_ALG_ERROR; i++) { - digest_list[i].alg_id = chip->active_banks[i]; + chip->active_banks[i].alg_id != TPM2_ALG_ERROR; i++) { + digest_list[i].alg_id = chip->active_banks[i].alg_id; memcpy(digest_list[i].digest, hash, TPM_DIGEST_SIZE); count++; } diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 2d5466a..fb94bd2 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -225,7 +225,7 @@ struct tpm_chip { const struct attribute_group *groups[3]; unsigned int groups_cnt; - u16 active_banks[7]; + struct active_bank_info active_banks[7]; #ifdef CONFIG_ACPI acpi_handle acpi_dev_handle; char ppi_version[TPM_PPI_VERSION_LEN + 1]; diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 0cad0f6..b1356be 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -291,7 +291,6 @@ int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, struct tpm2_null_auth_area auth_area; int rc; int i; - int j; if (count > ARRAY_SIZE(chip->active_banks)) return -EINVAL; @@ -313,14 +312,10 @@ int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, tpm_buf_append_u32(&buf, count); for (i = 0; i < count; i++) { - for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) { - if (digests[i].alg_id != tpm2_hash_map[j].tpm_id) - continue; - tpm_buf_append_u16(&buf, digests[i].alg_id); - tpm_buf_append(&buf, (const unsigned char - *)&digests[i].digest, - hash_digest_size[tpm2_hash_map[j].crypto_id]); - } + /* digests[i].alg_id == chip->active_banks[i].alg_id */ + tpm_buf_append_u16(&buf, digests[i].alg_id); + tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest, + chip->active_banks[i].digest_size); } rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, @@ -943,6 +938,39 @@ int tpm2_probe(struct tpm_chip *chip) } EXPORT_SYMBOL_GPL(tpm2_probe); +static int tpm2_init_active_bank_info(struct tpm_chip *chip, u16 alg_id, + struct active_bank_info *active_bank) +{ + struct tpm_buf buf; + struct tpm2_pcr_read_out *out; + int rc, i; + + active_bank->alg_id = alg_id; + + for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { + enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id; + + if (active_bank->alg_id != tpm2_hash_map[i].tpm_id) + continue; + + active_bank->digest_size = hash_digest_size[crypto_algo]; + return 0; + } + + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); + if (rc) + return rc; + + rc = tpm2_pcr_read_common(chip, 0, alg_id, &buf, NULL); + if (rc == 0) { + out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; + active_bank->digest_size = be16_to_cpu(out->digest_size); + } + + tpm_buf_destroy(&buf); + return 0; +} + struct tpm2_pcr_selection { __be16 hash_alg; u8 size_of_select; @@ -997,7 +1025,12 @@ static ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) } memcpy(&pcr_selection, marker, sizeof(pcr_selection)); - chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg); + rc = tpm2_init_active_bank_info(chip, + be16_to_cpu(pcr_selection.hash_alg), + &chip->active_banks[i]); + if (rc) + break; + sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) + sizeof(pcr_selection.size_of_select) + pcr_selection.size_of_select; @@ -1006,7 +1039,7 @@ static ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) out: if (i < ARRAY_SIZE(chip->active_banks)) - chip->active_banks[i] = TPM2_ALG_ERROR; + chip->active_banks[i].alg_id = TPM2_ALG_ERROR; tpm_buf_destroy(&buf); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 5a090f5..3ecce21 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -52,6 +52,11 @@ struct tpm_class_ops { void (*relinquish_locality)(struct tpm_chip *chip, int loc); }; +struct active_bank_info { + u16 alg_id; + u16 digest_size; +}; + #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) extern int tpm_is_tpm2(u32 chip_num);