From patchwork Tue Oct 13 08:11:25 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 7381981 Return-Path: X-Original-To: patchwork-tpmdd-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 30F27BF90C for ; Tue, 13 Oct 2015 08:12:05 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 4C19120793 for ; Tue, 13 Oct 2015 08:12:04 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E6B282073B for ; Tue, 13 Oct 2015 08:12:02 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Zlugk-0005G5-DT; Tue, 13 Oct 2015 08:12:02 +0000 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Zlugi-0005Fk-SB for tpmdd-devel@lists.sourceforge.net; Tue, 13 Oct 2015 08:12:00 +0000 X-ACL-Warn: Received: from mga09.intel.com ([134.134.136.24]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1Zlugi-00039t-3x for tpmdd-devel@lists.sourceforge.net; Tue, 13 Oct 2015 08:12:00 +0000 Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP; 13 Oct 2015 01:11:56 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.17,677,1437462000"; d="scan'208";a="579609098" Received: from jsakkine-mobl1.tm.intel.com (HELO localhost) ([10.237.48.26]) by FMSMGA003.fm.intel.com with ESMTP; 13 Oct 2015 01:11:53 -0700 From: Jarkko Sakkinen To: tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org Date: Tue, 13 Oct 2015 11:11:25 +0300 Message-Id: <1444723889-11650-5-git-send-email-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1444723889-11650-1-git-send-email-jarkko.sakkinen@linux.intel.com> References: <1444723889-11650-1-git-send-email-jarkko.sakkinen@linux.intel.com> X-Spam-Score: -0.0 (/) X-Headers-End: 1Zlugi-00039t-3x Cc: David Howells , gregkh@linuxfoundation.org, David Safford , "open list:KEYS-TRUSTED" , "open list:KEYS-TRUSTED" , James Morris , "Serge E. Hallyn" Subject: [tpmdd-devel] [PATCH v2 4/4] keys, trusted: seal/unseal with TPM 2.0 chips X-BeenThere: tpmdd-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: Tpm Device Driver maintainance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: tpmdd-devel-bounces@lists.sourceforge.net X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, HK_RANDOM_ENVFROM, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Call tpm_seal_trusted() and tpm_unseal_trusted() for TPM 2.0 chips. Signed-off-by: Jarkko Sakkinen Reviewed-by: Andreas Fuchs --- security/keys/trusted.c | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/security/keys/trusted.c b/security/keys/trusted.c index c0594cb..d3633cf 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -862,12 +862,19 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p, static struct trusted_key_options *trusted_options_alloc(void) { struct trusted_key_options *options; + int tpm2; + + tpm2 = tpm_is_tpm2(TPM_ANY_NUM); + if (tpm2 < 0) + return NULL; options = kzalloc(sizeof *options, GFP_KERNEL); if (options) { /* set any non-zero defaults */ options->keytype = SRK_keytype; - options->keyhandle = SRKHANDLE; + + if (!tpm2) + options->keyhandle = SRKHANDLE; } return options; } @@ -905,6 +912,11 @@ static int trusted_instantiate(struct key *key, int ret = 0; int key_cmd; size_t key_len; + int tpm2; + + tpm2 = tpm_is_tpm2(TPM_ANY_NUM); + if (tpm2 < 0) + return tpm2; if (datalen <= 0 || datalen > 32767 || !prep->data) return -EINVAL; @@ -932,12 +944,20 @@ static int trusted_instantiate(struct key *key, goto out; } + if (!options->keyhandle) { + ret = -EINVAL; + goto out; + } + dump_payload(payload); dump_options(options); switch (key_cmd) { case Opt_load: - ret = key_unseal(payload, options); + if (tpm2) + ret = tpm_unseal_trusted(TPM_ANY_NUM, payload, options); + else + ret = key_unseal(payload, options); dump_payload(payload); dump_options(options); if (ret < 0) @@ -950,7 +970,10 @@ static int trusted_instantiate(struct key *key, pr_info("trusted_key: key_create failed (%d)\n", ret); goto out; } - ret = key_seal(payload, options); + if (tpm2) + ret = tpm_seal_trusted(TPM_ANY_NUM, payload, options); + else + ret = key_seal(payload, options); if (ret < 0) pr_info("trusted_key: key_seal failed (%d)\n", ret); break; @@ -1018,6 +1041,13 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep) kfree(new_p); goto out; } + + if (!new_o->keyhandle) { + ret = -EINVAL; + kfree(new_p); + goto out; + } + /* copy old key values, and reseal with new pcrs */ new_p->migratable = p->migratable; new_p->key_len = p->key_len;