From patchwork Fri Oct  2 08:38:18 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 7314131
Return-Path: <tpmdd-devel-bounces@lists.sourceforge.net>
X-Original-To: patchwork-tpmdd-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id DDCBF9F1D5
	for <patchwork-tpmdd-devel@patchwork.kernel.org>;
	Fri,  2 Oct 2015 08:39:08 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 089F720796
	for <patchwork-tpmdd-devel@patchwork.kernel.org>;
	Fri,  2 Oct 2015 08:39:08 +0000 (UTC)
Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 09A992084D
	for <patchwork-tpmdd-devel@patchwork.kernel.org>;
	Fri,  2 Oct 2015 08:39:07 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <tpmdd-devel-bounces@lists.sourceforge.net>)
	id 1Zhvrt-00054L-J8; Fri, 02 Oct 2015 08:39:05 +0000
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <jarkko.sakkinen@linux.intel.com>) id 1Zhvrs-00054E-Hm
	for tpmdd-devel@lists.sourceforge.net; Fri, 02 Oct 2015 08:39:04 +0000
X-ACL-Warn: 
Received: from mga01.intel.com ([192.55.52.88])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1Zhvrr-0001W1-CX
	for tpmdd-devel@lists.sourceforge.net; Fri, 02 Oct 2015 08:39:04 +0000
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
	by fmsmga101.fm.intel.com with ESMTP; 02 Oct 2015 01:38:57 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.17,622,1437462000"; d="scan'208";a="572675380"
Received: from dybugrov-mobl3.ccr.corp.intel.com (HELO localhost)
	([10.252.8.88])
	by FMSMGA003.fm.intel.com with ESMTP; 02 Oct 2015 01:38:52 -0700
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: tpmdd-devel@lists.sourceforge.net,
	linux-kernel@vger.kernel.org
Date: Fri,  2 Oct 2015 11:38:18 +0300
Message-Id: <1443775102-9727-5-git-send-email-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.5.0
In-Reply-To: 
 <1443775102-9727-1-git-send-email-jarkko.sakkinen@linux.intel.com>
References: <1443775102-9727-1-git-send-email-jarkko.sakkinen@linux.intel.com>
X-Spam-Score: -0.0 (/)
X-Headers-End: 1Zhvrr-0001W1-CX
Cc: David Howells <dhowells@redhat.com>, gregkh@linuxfoundation.org,
	"open list:KEYS-TRUSTED" <linux-security-module@vger.kernel.org>,
	"open list:KEYS-TRUSTED" <keyrings@vger.kernel.org>,
	James Morris <james.l.morris@oracle.com>,
	David Safford <safford@us.ibm.com>, akpm@linux-foundation.org,
	"Serge E. Hallyn" <serge@hallyn.com>
Subject: [tpmdd-devel] [PATCH 4/4] keys,
	trusted: seal/unseal with TPM 2.0 chips
X-BeenThere: tpmdd-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Tpm Device Driver maintainance <tpmdd-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/tpmdd-devel>,
	<mailto:tpmdd-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=tpmdd-devel>
List-Post: <mailto:tpmdd-devel@lists.sourceforge.net>
List-Help: <mailto:tpmdd-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/tpmdd-devel>,
	<mailto:tpmdd-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: tpmdd-devel-bounces@lists.sourceforge.net
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, HK_RANDOM_ENVFROM,
	RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Call tpm_seal_trusted() and tpm_unseal_trusted() for TPM 2.0 chips.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/char/tpm/tpm2-cmd.c |  2 +-
 include/linux/tpm_command.h |  1 -
 security/keys/trusted.c     | 18 ++++++++++++++----
 security/keys/trusted.h     |  7 +++++++
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 0986c96..0fba698 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -422,7 +422,7 @@ static int tpm2_load(struct tpm_chip *chip,
 			     options->keyauth /* hmac */,
 			     TPM_DIGEST_SIZE);
 
-	tpm_buf_append(&buf, payload->blob, payload->blob_len);
+	tpm_buf_append(&buf, payload->blob, blob_len);
 
 	rc = tpm_transmit_cmd(chip, buf.data, TPM_BUF_SIZE, "loading blob");
 	if (!rc)
diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
index 727512e..d7b0f82 100644
--- a/include/linux/tpm_command.h
+++ b/include/linux/tpm_command.h
@@ -22,7 +22,6 @@
 #define TPM_ORD_UNSEAL                  24
 
 /* Other constants */
-#define SRKHANDLE                       0x40000000
 #define TPM_NONCE_SIZE                  20
 
 #endif
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index c0594cb..f6557b1 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -601,7 +601,7 @@ static int tpm_unseal(struct tpm_buf *tb,
 	}
 
 	ordinal = htonl(TPM_ORD_UNSEAL);
-	keyhndl = htonl(SRKHANDLE);
+	keyhndl = htonl(TPM1_SRKHANDLE);
 	ret = tpm_get_random(TPM_ANY_NUM, nonceodd, TPM_NONCE_SIZE);
 	if (ret != TPM_NONCE_SIZE) {
 		pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
@@ -867,7 +867,11 @@ static struct trusted_key_options *trusted_options_alloc(void)
 	if (options) {
 		/* set any non-zero defaults */
 		options->keytype = SRK_keytype;
-		options->keyhandle = SRKHANDLE;
+
+		if (tpm_is_tpm2(TPM_ANY_NUM))
+			options->keyhandle = TPM2_SRKHANDLE;
+		else
+			options->keyhandle = TPM1_SRKHANDLE;
 	}
 	return options;
 }
@@ -937,7 +941,10 @@ static int trusted_instantiate(struct key *key,
 
 	switch (key_cmd) {
 	case Opt_load:
-		ret = key_unseal(payload, options);
+		if (tpm_is_tpm2(TPM_ANY_NUM))
+			ret = tpm_unseal_trusted(TPM_ANY_NUM, payload, options);
+		else
+			ret = key_unseal(payload, options);
 		dump_payload(payload);
 		dump_options(options);
 		if (ret < 0)
@@ -950,7 +957,10 @@ static int trusted_instantiate(struct key *key,
 			pr_info("trusted_key: key_create failed (%d)\n", ret);
 			goto out;
 		}
-		ret = key_seal(payload, options);
+		if (tpm_is_tpm2(TPM_ANY_NUM))
+			ret = tpm_seal_trusted(TPM_ANY_NUM, payload, options);
+		else
+			ret = key_seal(payload, options);
 		if (ret < 0)
 			pr_info("trusted_key: key_seal failed (%d)\n", ret);
 		break;
diff --git a/security/keys/trusted.h b/security/keys/trusted.h
index ff001a5..fc32c47 100644
--- a/security/keys/trusted.h
+++ b/security/keys/trusted.h
@@ -12,6 +12,13 @@
 #define TPM_RETURN_OFFSET		6
 #define TPM_DATA_OFFSET			10
 
+/* Transient object handles start from 0x80000000 in TPM 2.0, which makes it
+ * a sane default.
+ */
+
+#define TPM1_SRKHANDLE	0x40000000
+#define TPM2_SRKHANDLE	0x80000000
+
 #define LOAD32(buffer, offset)	(ntohl(*(uint32_t *)&buffer[offset]))
 #define LOAD32N(buffer, offset)	(*(uint32_t *)&buffer[offset])
 #define LOAD16(buffer, offset)	(ntohs(*(uint16_t *)&buffer[offset]))