Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5244710ybe; Tue, 10 Sep 2019 00:15:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqyWLuTOjZMxGeyoMmzHkbsAJJSxZIKNFaLc6pfopoTCZKy7y6Jx/0mm7zI8RjHllFYh7nHs X-Received: by 2002:aa7:c154:: with SMTP id r20mr8072802edp.268.1568099753297; Tue, 10 Sep 2019 00:15:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568099753; cv=none; d=google.com; s=arc-20160816; b=pYF5TeApuP5ZEZj+1F3VLnMgXopmMLgrJxVyGPApFZtPhyogcp20sqvcN0p4rYcZ+W XXdEzajksy3HiksIXteQdJrjnmDgnI5VRPegs5yeiPCiBSkCmPg/cPs87gzbLNZ1Mc1M oKPSiGhMJyBQY5g1jW4ABN5IytdlhKTE2pOcos+lTQh3DMKr3mkKmiP15bHW9AF5I0Gi 6m/WO+yT9YAf/X02o5U14Ng01/68q4acYWy/qae73l8v9GTAZqitX/bLnP6usZvHHcrH CBoeqkcz5/Er5oPNbvzMJ97wRIijIqjEuk/nhcZNol4uXz5YLyk5uR8e6WoEZT8Cnem2 HiXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:dkim-signature; bh=KWXZy/VRY8xwSeXvHEO0hacnWYiPymkahkUNBnyZHYY=; b=XtSHHaismH6WVuSjLKbXPUulVzRcmjCfWuDNOYZ786iw+0bzT/rtFZch+1DYpEsycT coKReZnOvryC+NbcMAxpMMc6r4ImnahAPHqaSOvjbQrnBlsGmREaEFks0ZXxfKEDfkDO B6nweQcH+szTNo43/B3f6bb3qcF7+rO97a+uOgxd3/tI4ex9zZqBGX+T7PB9A7hz8yJp QL6NVssPxlgP6fvcKgpYAlgrO8mcak39WS6/gFJ5Nw7/jd0SyXQrErzQ3gnqziR7Fvu0 FhIYRDGQ4+xCNsFDyOpzllV3GuGUKYUloT/RrfC8eUFVju44Q8r89S8kFy51MeJJQM3j LDtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ZwlPUCMg; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ZwlPUCMg; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w25si8791634ejq.338.2019.09.10.00.15.19; Tue, 10 Sep 2019 00:15:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ZwlPUCMg; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ZwlPUCMg; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731802AbfIIMWX (ORCPT + 99 others); Mon, 9 Sep 2019 08:22:23 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:48312 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731677AbfIIMWW (ORCPT ); Mon, 9 Sep 2019 08:22:22 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 7F87D8EE180; Mon, 9 Sep 2019 05:22:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1568031742; bh=i7MrhvQ94JMBQj1p8wKiylhyLzjjRYfsQm4gyztxsWs=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=ZwlPUCMge59+Lbf3+zTN10yyl4Tdi/aB4FTJXnIic9Xk3bwCK4CjamlvHMnGj4SXl q28wM68xLMRyN8//fbwr6prUuqOAscc7tsNI7vyqLuplBfEr44UMGxezXTWPQIZvba yeTWkSNFskCCpoNSn+zSCaq3trC/7xh1iTi6l2lo= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4e4JzhYcOCP; Mon, 9 Sep 2019 05:22:22 -0700 (PDT) Received: from [192.168.6.117] (unknown [148.69.85.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 3B5878EE105; Mon, 9 Sep 2019 05:22:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1568031742; bh=i7MrhvQ94JMBQj1p8wKiylhyLzjjRYfsQm4gyztxsWs=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=ZwlPUCMge59+Lbf3+zTN10yyl4Tdi/aB4FTJXnIic9Xk3bwCK4CjamlvHMnGj4SXl q28wM68xLMRyN8//fbwr6prUuqOAscc7tsNI7vyqLuplBfEr44UMGxezXTWPQIZvba yeTWkSNFskCCpoNSn+zSCaq3trC/7xh1iTi6l2lo= Message-ID: <1568031739.6613.36.camel@HansenPartnership.com> Subject: [PATCH v6 07/12] tpm2: add hmac checks to tpm2_pcr_extend() From: James Bottomley To: linux-integrity@vger.kernel.org Cc: linux-crypto@vger.kernel.org, linux-security-module@vger.kernel.org, Jarkko Sakkinen Date: Mon, 09 Sep 2019 13:22:19 +0100 In-Reply-To: <1568031408.6613.29.camel@HansenPartnership.com> References: <1568031408.6613.29.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org We use tpm2_pcr_extend() in trusted keys to extend a PCR to prevent a key from being re-loaded until the next reboot. To use this functionality securely, that extend must be protected by a session hmac. Signed-off-by: James Bottomley --- v3: add error handling to sessions --- drivers/char/tpm/tpm2-cmd.c | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index d120b0a260eb..0012657d3617 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -223,13 +223,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, return rc; } -struct tpm2_null_auth_area { - __be32 handle; - __be16 nonce_size; - u8 attributes; - __be16 auth_size; -} __packed; - /** * tpm2_pcr_extend() - extend a PCR value * @@ -243,24 +236,23 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digests) { struct tpm_buf buf; - struct tpm2_null_auth_area auth_area; + struct tpm2_auth *auth; int rc; int i; - rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); + rc = tpm2_start_auth_session(chip, &auth); if (rc) return rc; - tpm_buf_append_u32(&buf, pcr_idx); + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); + if (rc) { + tpm2_end_auth_session(auth); + return rc; + } - auth_area.handle = cpu_to_be32(TPM2_RS_PW); - auth_area.nonce_size = 0; - auth_area.attributes = 0; - auth_area.auth_size = 0; + tpm_buf_append_name(&buf, auth, pcr_idx, NULL); + tpm_buf_append_hmac_session(&buf, auth, 0, NULL, 0); - tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area)); - tpm_buf_append(&buf, (const unsigned char *)&auth_area, - sizeof(auth_area)); tpm_buf_append_u32(&buf, chip->nr_allocated_banks); for (i = 0; i < chip->nr_allocated_banks; i++) { @@ -269,7 +261,9 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, chip->allocated_banks[i].digest_size); } + tpm_buf_fill_hmac_session(&buf, auth); rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value"); + rc = tpm_buf_check_hmac_response(&buf, auth, rc); tpm_buf_destroy(&buf); -- 2.16.4