Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp1078175imd; Thu, 1 Nov 2018 09:53:41 -0700 (PDT) X-Google-Smtp-Source: AJdET5eT36jP1VIuoJJbXw4GLIB7qYtzXV/pIH6yIOYPybV3pUQhwEv+jThbyDl1WK/TGhqfJKA1 X-Received: by 2002:a17:902:8210:: with SMTP id x16-v6mr8549971pln.229.1541091221279; Thu, 01 Nov 2018 09:53:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541091221; cv=none; d=google.com; s=arc-20160816; b=XflSXCFbM2l2VyMbg5SnJIb0gCRqJ7uw3yt20rlKd8UJKDN0sEOqGhq6Bv4Cfl4LGr aahnQiJvMAZWgD204RGK1lCH+2wcBkvXggOuZ50m9w7IaLKH2Jis2RPqYZRExi6boe/M IQxp4+zfn9tvW/bgv3oCDbUgETSJ0hb/ESC8z3M1AaID3n2pLiHvDvidtZP7RlOM0E1m kDfioVg1a2ACRNgJf6O/PVgZojq1GKKzzjfhiLjchAPL8i5LMpKxXfkKcYCFAhkMkeHh 7C3eVccjJ8b5ybTV5pb3+KFkPHv7fxgrQbHPk8UXQnHwGttsLli5cXXDOj+cvF3HJqio 18BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=VZYK8bEql8V42mXqBSWToCK/oedRU/Ork9W6+nO8icY=; b=MiZ2OOlRS+07bk+hMJi7ykYv91f9XCF6UGvGzyPp6OMFOj6zEU8cBIO1675WNVEKtO ZTV37EvwNUBfmMZ/6lCKaFI/B3xxEaGFeoCqaMMo7xQPXrj8+cXHYpdcu2eyJ6l49Zmh AnCxdiAUjYAkrYDUM/LKWEO+wg7jv823hI0jTegLTiZGSdLhx3H5m+YlN/LVBxe9nKWa NAf7jZitN7R3uWPTzxoUs4F4IKBEkP7gzPwcMa4SmPk0zeBmn8xz192EhbcoWLtyIifV NuyOSaV070TfsetMsZ2l0J1CAWOu00V+r3VFYfHQ3RBxRBPpNVyoo3OjCBoz/GSrGpLH ZycQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e38-v6si9804041pgm.281.2018.11.01.09.53.26; Thu, 01 Nov 2018 09:53:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727597AbeKBB4O (ORCPT + 99 others); Thu, 1 Nov 2018 21:56:14 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:36542 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727561AbeKBB4O (ORCPT ); Thu, 1 Nov 2018 21:56:14 -0400 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wA1GmpBv115070 for ; Thu, 1 Nov 2018 12:52:27 -0400 Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100]) by mx0b-001b2d01.pphosted.com with ESMTP id 2ng5at8687-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 01 Nov 2018 12:52:26 -0400 Received: from localhost by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 1 Nov 2018 16:52:25 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 1 Nov 2018 16:52:23 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wA1GqMfa52166768 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 1 Nov 2018 16:52:22 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2BBCD4C044; Thu, 1 Nov 2018 16:52:22 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2B65A4C058; Thu, 1 Nov 2018 16:52:21 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.105.26]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 1 Nov 2018 16:52:21 +0000 (GMT) Subject: Re: [PATCH v3 5/5] tpm: ensure that output of PCR read contains the correct digest size From: Mimi Zohar To: Roberto Sassu , jarkko.sakkinen@linux.intel.com Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com Date: Thu, 01 Nov 2018 12:52:10 -0400 In-Reply-To: <20181030154711.2782-6-roberto.sassu@huawei.com> References: <20181030154711.2782-1-roberto.sassu@huawei.com> <20181030154711.2782-6-roberto.sassu@huawei.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18110116-0016-0000-0000-0000021DB450 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18110116-0017-0000-0000-00003275E5CE Message-Id: <1541091130.4035.41.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-11-01_11:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1811010143 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-10-30 at 16:47 +0100, Roberto Sassu wrote: > This patch ensures that the digest size returned by the TPM during a PCR > read matches the size of the algorithm passed as argument to > tpm2_pcr_read(). The check is performed after information about the PCR > banks has been retrieved. > > Signed-off-by: Roberto Sassu > --- > drivers/char/tpm/tpm2-cmd.c | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c > index 8e821e7b4674..477dcc30fc53 100644 > --- a/drivers/char/tpm/tpm2-cmd.c > +++ b/drivers/char/tpm/tpm2-cmd.c > @@ -187,15 +187,28 @@ struct tpm2_pcr_read_out { > int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, > struct tpm_digest *digest_struct, u16 *digest_size_ptr) > { > + int i; > int rc; > struct tpm_buf buf; > struct tpm2_pcr_read_out *out; > u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; > u16 digest_size; > + u16 expected_digest_size = 0; > > if (pcr_idx >= TPM2_PLATFORM_PCR) > return -EINVAL; > > + if (!digest_size_ptr) { > + for (i = 0; i < ARRAY_SIZE(chip->active_banks) && > + chip->active_banks[i].alg_id != digest_struct->alg_id; i++) > + ; > + > + if (i == ARRAY_SIZE(chip->active_banks)) > + return -EINVAL; > + > + expected_digest_size = chip->active_banks[i].digest_size; > + } > + > rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); > if (rc) > return rc; > @@ -215,7 +228,8 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, > > out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; > digest_size = be16_to_cpu(out->digest_size); > - if (digest_size > sizeof(digest_struct->digest)) { > + if ((digest_size_ptr && digest_size > sizeof(digest_struct->digest)) || The returned digest size should never be larger than the structure field.  The digest_size_ptr test is unnecessary. Mimi > + (!digest_size_ptr && digest_size != expected_digest_size)) { > rc = -EINVAL; > goto out; > }