admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'tpmdd-sessions-next-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

Browse Source 
Pull more tpm updates from Jarkko Sakkinen:
 "This is targeted for tpm2-sessions updates.

  There's two bug fixes and two more cosmetic tweaks for HMAC protected
  sessions. They provide a baseine for further improvements to be
  implemented during the the course of the release cycle"

* tag 'tpmdd-sessions-next-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
  tpm2-sessions: Open code tpm_buf_append_hmac_session()
  tpm2-sessions: Remove 'attributes' parameter from tpm_buf_append_auth
  tpm2-sessions: Fix tpm2_read_public range checks
  tpm2-sessions: Fix out of range indexing in name_size
This commit is contained in:
Linus Torvalds
2025-12-05 20:36:28 -08:00
parent f19b84186d b7960b9048
commit 001eefb503
4 changed files with 204 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
security/keys/trusted-keys/trusted_tpm2.c
View File

@@ -268,7 +268,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
goto out_put;
}
tpm_buf_append_name(chip, &buf, options->keyhandle, NULL);
rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL);
if (rc)
goto out;
tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT,
options->keyauth, TPM_DIGEST_SIZE);
@@ -316,7 +319,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
goto out;
}
tpm_buf_fill_hmac_session(chip, &buf);
rc = tpm_buf_fill_hmac_session(chip, &buf);
if (rc)
goto out;
rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data");
rc = tpm_buf_check_hmac_response(chip, &buf, rc);
if (rc)
@@ -427,7 +433,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
return rc;
}
tpm_buf_append_name(chip, &buf, options->keyhandle, NULL);
rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL);
if (rc)
goto out;
tpm_buf_append_hmac_session(chip, &buf, 0, options->keyauth,
TPM_DIGEST_SIZE);
@@ -439,7 +448,10 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
goto out;
}
tpm_buf_fill_hmac_session(chip, &buf);
rc = tpm_buf_fill_hmac_session(chip, &buf);
if (rc)
goto out;
rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob");
rc = tpm_buf_check_hmac_response(chip, &buf, rc);
if (!rc)
@@ -469,8 +481,10 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
struct trusted_key_options *options,
u32 blob_handle)
{
struct tpm_header *head;
struct tpm_buf buf;
u16 data_len;
int offset;
u8 *data;
int rc;
@@ -484,7 +498,9 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
return rc;
}
tpm_buf_append_name(chip, &buf, blob_handle, NULL);
rc = tpm_buf_append_name(chip, &buf, options->keyhandle, NULL);
if (rc)
goto out;
if (!options->policyhandle) {
tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT,
@@ -505,11 +521,20 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
tpm2_buf_append_auth(&buf, options->policyhandle,
NULL /* nonce */, 0, 0,
options->blobauth, options->blobauth_len);
tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT,
NULL, 0);
if (tpm2_chip_auth(chip)) {
tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, NULL, 0);
} else {
offset = buf.handles * 4 + TPM_HEADER_SIZE;
head = (struct tpm_header *)buf.data;
if (tpm_buf_length(&buf) == offset)
head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
}
}
tpm_buf_fill_hmac_session(chip, &buf);
rc = tpm_buf_fill_hmac_session(chip, &buf);
if (rc)
goto out;
rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing");
rc = tpm_buf_check_hmac_response(chip, &buf, rc);