lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180626193040.2509798-3-stefanb@linux.vnet.ibm.com>
Date:   Tue, 26 Jun 2018 15:30:40 -0400
From:   Stefan Berger <stefanb@...ux.vnet.ibm.com>
To:     linux-integrity@...r.kernel.org, jarkko.sakkinen@...ux.intel.com,
        zohar@...ux.vnet.ibm.com, jejb@...ux.vnet.ibm.com
Cc:     jgg@...pe.ca, linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org, dhowells@...hat.com,
        keyrings@...r.kernel.org,
        Stefan Berger <stefanb@...ux.vnet.ibm.com>
Subject: [PATCH 2/2] KEYS: trusted: Find tpm_chip and use it until module shutdown

Use tpm_default_chip() to find the system's default TPM chip and
use it as the tpm_chip parameter for all TPM operations. Release
the tpm_chip when the module is shut down.

Signed-off-by: Stefan Berger <stefanb@...ux.vnet.ibm.com>
---
 security/keys/trusted.c | 41 ++++++++++++++++++++++++++++-------------
 1 file changed, 28 insertions(+), 13 deletions(-)

diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 423776682025..06d863caea43 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -42,6 +42,7 @@ struct sdesc {
 
 static struct crypto_shash *hashalg;
 static struct crypto_shash *hmacalg;
+static struct tpm_chip *tpm_chip;
 
 static struct sdesc *init_sdesc(struct crypto_shash *alg)
 {
@@ -360,7 +361,7 @@ static int trusted_tpm_send(unsigned char *cmd, size_t buflen)
 	int rc;
 
 	dump_tpm_buf(cmd);
-	rc = tpm_send(NULL, cmd, buflen);
+	rc = tpm_send(tpm_chip, cmd, buflen);
 	dump_tpm_buf(cmd);
 	if (rc > 0)
 		/* Can't return positive return codes values to keyctl */
@@ -381,10 +382,10 @@ static int pcrlock(const int pcrnum)
 
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
-	ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
+	ret = tpm_get_random(tpm_chip, hash, SHA1_DIGEST_SIZE);
 	if (ret != SHA1_DIGEST_SIZE)
 		return ret;
-	return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
+	return tpm_pcr_extend(tpm_chip, pcrnum, hash) ? -EINVAL : 0;
 }
 
 /*
@@ -397,7 +398,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
 	unsigned char ononce[TPM_NONCE_SIZE];
 	int ret;
 
-	ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
+	ret = tpm_get_random(tpm_chip, ononce, TPM_NONCE_SIZE);
 	if (ret != TPM_NONCE_SIZE)
 		return ret;
 
@@ -492,7 +493,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
 	if (ret < 0)
 		goto out;
 
-	ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
+	ret = tpm_get_random(tpm_chip, td->nonceodd, TPM_NONCE_SIZE);
 	if (ret != TPM_NONCE_SIZE)
 		goto out;
 	ordinal = htonl(TPM_ORD_SEAL);
@@ -602,7 +603,7 @@ static int tpm_unseal(struct tpm_buf *tb,
 
 	ordinal = htonl(TPM_ORD_UNSEAL);
 	keyhndl = htonl(SRKHANDLE);
-	ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
+	ret = tpm_get_random(tpm_chip, nonceodd, TPM_NONCE_SIZE);
 	if (ret != TPM_NONCE_SIZE) {
 		pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
 		return ret;
@@ -747,7 +748,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
 	int i;
 	int tpm2;
 
-	tpm2 = tpm_is_tpm2(NULL);
+	tpm2 = tpm_is_tpm2(tpm_chip);
 	if (tpm2 < 0)
 		return tpm2;
 
@@ -916,7 +917,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
 	struct trusted_key_options *options;
 	int tpm2;
 
-	tpm2 = tpm_is_tpm2(NULL);
+	tpm2 = tpm_is_tpm2(tpm_chip);
 	if (tpm2 < 0)
 		return NULL;
 
@@ -966,7 +967,7 @@ static int trusted_instantiate(struct key *key,
 	size_t key_len;
 	int tpm2;
 
-	tpm2 = tpm_is_tpm2(NULL);
+	tpm2 = tpm_is_tpm2(tpm_chip);
 	if (tpm2 < 0)
 		return tpm2;
 
@@ -1007,7 +1008,7 @@ static int trusted_instantiate(struct key *key,
 	switch (key_cmd) {
 	case Opt_load:
 		if (tpm2)
-			ret = tpm_unseal_trusted(NULL, payload, options);
+			ret = tpm_unseal_trusted(tpm_chip, payload, options);
 		else
 			ret = key_unseal(payload, options);
 		dump_payload(payload);
@@ -1017,13 +1018,13 @@ static int trusted_instantiate(struct key *key,
 		break;
 	case Opt_new:
 		key_len = payload->key_len;
-		ret = tpm_get_random(NULL, payload->key, key_len);
+		ret = tpm_get_random(tpm_chip, payload->key, key_len);
 		if (ret != key_len) {
 			pr_info("trusted_key: key_create failed (%d)\n", ret);
 			goto out;
 		}
 		if (tpm2)
-			ret = tpm_seal_trusted(NULL, payload, options);
+			ret = tpm_seal_trusted(tpm_chip, payload, options);
 		else
 			ret = key_seal(payload, options);
 		if (ret < 0)
@@ -1226,12 +1227,26 @@ static int __init init_trusted(void)
 		return ret;
 	ret = register_key_type(&key_type_trusted);
 	if (ret < 0)
-		trusted_shash_release();
+		goto exit_shash_release;
+	tpm_chip = tpm_default_chip();
+	if (!tpm_chip) {
+		ret = -ENODEV;
+		goto exit_unregister;
+	}
+	return 0;
+
+exit_unregister:
+	unregister_key_type(&key_type_trusted);
+
+exit_shash_release:
+	trusted_shash_release();
 	return ret;
 }
 
 static void __exit cleanup_trusted(void)
 {
+	if (tpm_chip)
+		tpm_put_chip(tpm_chip);
 	trusted_shash_release();
 	unregister_key_type(&key_type_trusted);
 }
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ