lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 18 Mar 2019 15:35:08 -0700
From:   Dan Williams <dan.j.williams@...il.com>
To:     Roberto Sassu <roberto.sassu@...wei.com>
Cc:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        zohar@...ux.ibm.com, david.safford@...com, monty.wiseman@...com,
        matthewgarrett@...gle.com, linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        silviu.vlasceanu@...wei.com,
        linux-nvdimm <linux-nvdimm@...ts.01.org>
Subject: Re: [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip
 structure from tpm_default_chip()

On Wed, Feb 6, 2019 at 10:30 AM Roberto Sassu <roberto.sassu@...wei.com> wrote:
>
> When crypto agility support will be added to the TPM driver, users of the
> driver have to retrieve the allocated banks from chip->allocated_banks and
> use this information to prepare the array of tpm_digest structures to be
> passed to tpm_pcr_extend().
>
> This patch retrieves a tpm_chip pointer from tpm_default_chip() so that the
> pointer can be used to prepare the array of tpm_digest structures.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> ---
>  security/keys/trusted.c | 38 ++++++++++++++++++++++++--------------
>  1 file changed, 24 insertions(+), 14 deletions(-)
>
> diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> index 4d98f4f87236..5b852263eae1 100644
> --- a/security/keys/trusted.c
> +++ b/security/keys/trusted.c
> @@ -34,6 +34,7 @@
>
>  static const char hmac_alg[] = "hmac(sha1)";
>  static const char hash_alg[] = "sha1";
> +static struct tpm_chip *chip;
>
>  struct sdesc {
>         struct shash_desc shash;
> @@ -362,7 +363,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
>         int rc;
>
>         dump_tpm_buf(cmd);
> -       rc = tpm_send(NULL, cmd, buflen);
> +       rc = tpm_send(chip, cmd, buflen);
>         dump_tpm_buf(cmd);
>         if (rc > 0)
>                 /* Can't return positive return codes values to keyctl */
> @@ -384,10 +385,10 @@ static int pcrlock(const int pcrnum)
>
>         if (!capable(CAP_SYS_ADMIN))
>                 return -EPERM;
> -       ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
> +       ret = tpm_get_random(chip, hash, SHA1_DIGEST_SIZE);
>         if (ret != SHA1_DIGEST_SIZE)
>                 return ret;
> -       return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
> +       return tpm_pcr_extend(chip, pcrnum, hash) ? -EINVAL : 0;
>  }
>
>  /*
> @@ -400,7 +401,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
>         unsigned char ononce[TPM_NONCE_SIZE];
>         int ret;
>
> -       ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
> +       ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
>         if (ret != TPM_NONCE_SIZE)
>                 return ret;
>
> @@ -496,7 +497,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
>         if (ret < 0)
>                 goto out;
>
> -       ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
> +       ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
>         if (ret != TPM_NONCE_SIZE)
>                 goto out;
>         ordinal = htonl(TPM_ORD_SEAL);
> @@ -606,7 +607,7 @@ static int tpm_unseal(struct tpm_buf *tb,
>
>         ordinal = htonl(TPM_ORD_UNSEAL);
>         keyhndl = htonl(SRKHANDLE);
> -       ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
> +       ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
>         if (ret != TPM_NONCE_SIZE) {
>                 pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
>                 return ret;
> @@ -751,7 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
>         int i;
>         int tpm2;
>
> -       tpm2 = tpm_is_tpm2(NULL);
> +       tpm2 = tpm_is_tpm2(chip);
>         if (tpm2 < 0)
>                 return tpm2;
>
> @@ -920,7 +921,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
>         struct trusted_key_options *options;
>         int tpm2;
>
> -       tpm2 = tpm_is_tpm2(NULL);
> +       tpm2 = tpm_is_tpm2(chip);
>         if (tpm2 < 0)
>                 return NULL;
>
> @@ -970,7 +971,7 @@ static int trusted_instantiate(struct key *key,
>         size_t key_len;
>         int tpm2;
>
> -       tpm2 = tpm_is_tpm2(NULL);
> +       tpm2 = tpm_is_tpm2(chip);
>         if (tpm2 < 0)
>                 return tpm2;
>
> @@ -1011,7 +1012,7 @@ static int trusted_instantiate(struct key *key,
>         switch (key_cmd) {
>         case Opt_load:
>                 if (tpm2)
> -                       ret = tpm_unseal_trusted(NULL, payload, options);
> +                       ret = tpm_unseal_trusted(chip, payload, options);
>                 else
>                         ret = key_unseal(payload, options);
>                 dump_payload(payload);
> @@ -1021,13 +1022,13 @@ static int trusted_instantiate(struct key *key,
>                 break;
>         case Opt_new:
>                 key_len = payload->key_len;
> -               ret = tpm_get_random(NULL, payload->key, key_len);
> +               ret = tpm_get_random(chip, payload->key, key_len);
>                 if (ret != key_len) {
>                         pr_info("trusted_key: key_create failed (%d)\n", ret);
>                         goto out;
>                 }
>                 if (tpm2)
> -                       ret = tpm_seal_trusted(NULL, payload, options);
> +                       ret = tpm_seal_trusted(chip, payload, options);
>                 else
>                         ret = key_seal(payload, options);
>                 if (ret < 0)
> @@ -1225,17 +1226,26 @@ static int __init init_trusted(void)
>  {
>         int ret;
>
> +       chip = tpm_default_chip();
> +       if (!chip)
> +               return -ENOENT;

This change causes a regression loading the encrypted_keys module on
systems that don't have a tpm.

Module init functions should not have hardware dependencies.

The effect is that the libnvdimm module, which is an encrypted_keys
user, fails to load, but up until this change encrypted_keys did not
have a hard dependency on TPM presence.

Powered by blists - more mailing lists