tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
KEYS: trusted_tpm1: Use SHA-1 library instead of crypto_shash
Use the SHA-1 and HMAC-SHA1 library functions instead of crypto_shash.
This is simpler and faster.
Replace the selection of CRYPTO, CRYPTO_HMAC, and CRYPTO_SHA1 with
CRYPTO_LIB_SHA1 and CRYPTO_LIB_UTILS. The latter is needed for
crypto_memneq() which was previously being pulled in via CRYPTO.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
authored by
Eric Biggers
and committed by
Jarkko Sakkinen
366284cf
eed0e3d3
+36
-190
+2
-3
security/keys/trusted-keys/Kconfig
+2
-3
security/keys/trusted-keys/Kconfig
···
5
5
bool "TPM-based trusted keys"
6
6
depends on TCG_TPM >= TRUSTED_KEYS
7
7
default y
8
-
select CRYPTO
9
-
select CRYPTO_HMAC
10
-
select CRYPTO_SHA1
11
8
select CRYPTO_HASH_INFO
9
+
select CRYPTO_LIB_SHA1
10
+
select CRYPTO_LIB_UTILS
12
11
select ASN1_ENCODER
13
12
select OID_REGISTRY
14
13
select ASN1
+34
-187
security/keys/trusted-keys/trusted_tpm1.c
+34
-187
security/keys/trusted-keys/trusted_tpm1.c
···
7
7
*/
8
8
9
9
#include <crypto/hash_info.h>
10
+
#include <crypto/sha1.h>
10
11
#include <crypto/utils.h>
11
12
#include <linux/init.h>
12
13
#include <linux/slab.h>
···
16
15
#include <linux/err.h>
17
16
#include <keys/trusted-type.h>
18
17
#include <linux/key-type.h>
19
-
#include <linux/crypto.h>
20
-
#include <crypto/hash.h>
21
-
#include <crypto/sha1.h>
22
18
#include <linux/tpm.h>
23
19
#include <linux/tpm_command.h>
24
20
25
21
#include <keys/trusted_tpm.h>
26
22
27
-
static const char hmac_alg[] = "hmac(sha1)";
28
-
static const char hash_alg[] = "sha1";
29
23
static struct tpm_chip *chip;
30
24
static struct tpm_digest *digests;
31
-
32
-
struct sdesc {
33
-
struct shash_desc shash;
34
-
char ctx[];
35
-
};
36
-
37
-
static struct crypto_shash *hashalg;
38
-
static struct crypto_shash *hmacalg;
39
-
40
-
static struct sdesc *init_sdesc(struct crypto_shash *alg)
41
-
{
42
-
struct sdesc *sdesc;
43
-
int size;
44
-
45
-
size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
46
-
sdesc = kmalloc(size, GFP_KERNEL);
47
-
if (!sdesc)
48
-
return ERR_PTR(-ENOMEM);
49
-
sdesc->shash.tfm = alg;
50
-
return sdesc;
51
-
}
52
-
53
-
static int TSS_sha1(const unsigned char *data, unsigned int datalen,
54
-
unsigned char *digest)
55
-
{
56
-
struct sdesc *sdesc;
57
-
int ret;
58
-
59
-
sdesc = init_sdesc(hashalg);
60
-
if (IS_ERR(sdesc)) {
61
-
pr_info("can't alloc %s\n", hash_alg);
62
-
return PTR_ERR(sdesc);
63
-
}
64
-
65
-
ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
66
-
kfree_sensitive(sdesc);
67
-
return ret;
68
-
}
69
25
70
26
static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
71
27
unsigned int keylen, ...)
72
28
{
73
-
struct sdesc *sdesc;
29
+
struct hmac_sha1_ctx hmac_ctx;
74
30
va_list argp;
75
31
unsigned int dlen;
76
32
unsigned char *data;
77
-
int ret;
33
+
int ret = 0;
78
34
79
-
sdesc = init_sdesc(hmacalg);
80
-
if (IS_ERR(sdesc)) {
81
-
pr_info("can't alloc %s\n", hmac_alg);
82
-
return PTR_ERR(sdesc);
83
-
}
84
-
85
-
ret = crypto_shash_setkey(hmacalg, key, keylen);
86
-
if (ret < 0)
87
-
goto out;
88
-
ret = crypto_shash_init(&sdesc->shash);
89
-
if (ret < 0)
90
-
goto out;
35
+
hmac_sha1_init_usingrawkey(&hmac_ctx, key, keylen);
91
36
92
37
va_start(argp, keylen);
93
38
for (;;) {
···
45
98
ret = -EINVAL;
46
99
break;
47
100
}
48
-
ret = crypto_shash_update(&sdesc->shash, data, dlen);
49
-
if (ret < 0)
50
-
break;
101
+
hmac_sha1_update(&hmac_ctx, data, dlen);
51
102
}
52
103
va_end(argp);
53
104
if (!ret)
54
-
ret = crypto_shash_final(&sdesc->shash, digest);
55
-
out:
56
-
kfree_sensitive(sdesc);
105
+
hmac_sha1_final(&hmac_ctx, digest);
57
106
return ret;
58
107
}
59
108
···
61
118
unsigned char *h2, unsigned int h3, ...)
62
119
{
63
120
unsigned char paramdigest[SHA1_DIGEST_SIZE];
64
-
struct sdesc *sdesc;
121
+
struct sha1_ctx sha_ctx;
65
122
unsigned int dlen;
66
123
unsigned char *data;
67
124
unsigned char c;
68
-
int ret;
125
+
int ret = 0;
69
126
va_list argp;
70
127
71
128
if (!chip)
72
129
return -ENODEV;
73
130
74
-
sdesc = init_sdesc(hashalg);
75
-
if (IS_ERR(sdesc)) {
76
-
pr_info("can't alloc %s\n", hash_alg);
77
-
return PTR_ERR(sdesc);
78
-
}
79
-
80
131
c = !!h3;
81
-
ret = crypto_shash_init(&sdesc->shash);
82
-
if (ret < 0)
83
-
goto out;
132
+
sha1_init(&sha_ctx);
84
133
va_start(argp, h3);
85
134
for (;;) {
86
135
dlen = va_arg(argp, unsigned int);
···
83
148
ret = -EINVAL;
84
149
break;
85
150
}
86
-
ret = crypto_shash_update(&sdesc->shash, data, dlen);
87
-
if (ret < 0)
88
-
break;
151
+
sha1_update(&sha_ctx, data, dlen);
89
152
}
90
153
va_end(argp);
91
154
if (!ret)
92
-
ret = crypto_shash_final(&sdesc->shash, paramdigest);
155
+
sha1_final(&sha_ctx, paramdigest);
93
156
if (!ret)
94
157
ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
95
158
paramdigest, TPM_NONCE_SIZE, h1,
96
159
TPM_NONCE_SIZE, h2, 1, &c, 0, 0);
97
-
out:
98
-
kfree_sensitive(sdesc);
99
160
return ret;
100
161
}
101
162
EXPORT_SYMBOL_GPL(TSS_authhmac);
···
114
183
unsigned char *authdata;
115
184
unsigned char testhmac[SHA1_DIGEST_SIZE];
116
185
unsigned char paramdigest[SHA1_DIGEST_SIZE];
117
-
struct sdesc *sdesc;
186
+
struct sha1_ctx sha_ctx;
118
187
unsigned int dlen;
119
188
unsigned int dpos;
120
189
va_list argp;
···
135
204
continueflag = authdata - 1;
136
205
enonce = continueflag - TPM_NONCE_SIZE;
137
206
138
-
sdesc = init_sdesc(hashalg);
139
-
if (IS_ERR(sdesc)) {
140
-
pr_info("can't alloc %s\n", hash_alg);
141
-
return PTR_ERR(sdesc);
142
-
}
143
-
ret = crypto_shash_init(&sdesc->shash);
144
-
if (ret < 0)
145
-
goto out;
146
-
ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result,
147
-
sizeof result);
148
-
if (ret < 0)
149
-
goto out;
150
-
ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal,
151
-
sizeof ordinal);
152
-
if (ret < 0)
153
-
goto out;
207
+
sha1_init(&sha_ctx);
208
+
sha1_update(&sha_ctx, (const u8 *)&result, sizeof(result));
209
+
sha1_update(&sha_ctx, (const u8 *)&ordinal, sizeof(ordinal));
154
210
va_start(argp, keylen);
155
211
for (;;) {
156
212
dlen = va_arg(argp, unsigned int);
157
213
if (dlen == 0)
158
214
break;
159
215
dpos = va_arg(argp, unsigned int);
160
-
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
161
-
if (ret < 0)
162
-
break;
216
+
sha1_update(&sha_ctx, buffer + dpos, dlen);
163
217
}
164
218
va_end(argp);
165
-
if (!ret)
166
-
ret = crypto_shash_final(&sdesc->shash, paramdigest);
167
-
if (ret < 0)
168
-
goto out;
219
+
sha1_final(&sha_ctx, paramdigest);
169
220
170
221
ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest,
171
222
TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce,
172
223
1, continueflag, 0, 0);
173
224
if (ret < 0)
174
-
goto out;
225
+
return ret;
175
226
176
227
if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE))
177
-
ret = -EINVAL;
178
-
out:
179
-
kfree_sensitive(sdesc);
180
-
return ret;
228
+
return -EINVAL;
229
+
return 0;
181
230
}
182
231
EXPORT_SYMBOL_GPL(TSS_checkhmac1);
183
232
···
185
274
unsigned char testhmac1[SHA1_DIGEST_SIZE];
186
275
unsigned char testhmac2[SHA1_DIGEST_SIZE];
187
276
unsigned char paramdigest[SHA1_DIGEST_SIZE];
188
-
struct sdesc *sdesc;
277
+
struct sha1_ctx sha_ctx;
189
278
unsigned int dlen;
190
279
unsigned int dpos;
191
280
va_list argp;
···
208
297
enonce1 = continueflag1 - TPM_NONCE_SIZE;
209
298
enonce2 = continueflag2 - TPM_NONCE_SIZE;
210
299
211
-
sdesc = init_sdesc(hashalg);
212
-
if (IS_ERR(sdesc)) {
213
-
pr_info("can't alloc %s\n", hash_alg);
214
-
return PTR_ERR(sdesc);
215
-
}
216
-
ret = crypto_shash_init(&sdesc->shash);
217
-
if (ret < 0)
218
-
goto out;
219
-
ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result,
220
-
sizeof result);
221
-
if (ret < 0)
222
-
goto out;
223
-
ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal,
224
-
sizeof ordinal);
225
-
if (ret < 0)
226
-
goto out;
300
+
sha1_init(&sha_ctx);
301
+
sha1_update(&sha_ctx, (const u8 *)&result, sizeof(result));
302
+
sha1_update(&sha_ctx, (const u8 *)&ordinal, sizeof(ordinal));
227
303
228
304
va_start(argp, keylen2);
229
305
for (;;) {
···
218
320
if (dlen == 0)
219
321
break;
220
322
dpos = va_arg(argp, unsigned int);
221
-
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
222
-
if (ret < 0)
223
-
break;
323
+
sha1_update(&sha_ctx, buffer + dpos, dlen);
224
324
}
225
325
va_end(argp);
226
-
if (!ret)
227
-
ret = crypto_shash_final(&sdesc->shash, paramdigest);
228
-
if (ret < 0)
229
-
goto out;
326
+
sha1_final(&sha_ctx, paramdigest);
230
327
231
328
ret = TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE,
232
329
paramdigest, TPM_NONCE_SIZE, enonce1,
233
330
TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
234
331
if (ret < 0)
235
-
goto out;
236
-
if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
237
-
ret = -EINVAL;
238
-
goto out;
239
-
}
332
+
return ret;
333
+
if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE))
334
+
return -EINVAL;
240
335
ret = TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE,
241
336
paramdigest, TPM_NONCE_SIZE, enonce2,
242
337
TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
243
338
if (ret < 0)
244
-
goto out;
339
+
return ret;
245
340
if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE))
246
-
ret = -EINVAL;
247
-
out:
248
-
kfree_sensitive(sdesc);
249
-
return ret;
341
+
return -EINVAL;
342
+
return 0;
250
343
}
251
344
252
345
/*
···
388
499
/* calculate encrypted authorization value */
389
500
memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE);
390
501
memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE);
391
-
ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash);
392
-
if (ret < 0)
393
-
goto out;
502
+
sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash);
394
503
395
504
ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
396
505
if (ret < 0)
···
877
990
return tpm_get_random(chip, key, key_len);
878
991
}
879
992
880
-
static void trusted_shash_release(void)
881
-
{
882
-
if (hashalg)
883
-
crypto_free_shash(hashalg);
884
-
if (hmacalg)
885
-
crypto_free_shash(hmacalg);
886
-
}
887
-
888
-
static int __init trusted_shash_alloc(void)
889
-
{
890
-
int ret;
891
-
892
-
hmacalg = crypto_alloc_shash(hmac_alg, 0, 0);
893
-
if (IS_ERR(hmacalg)) {
894
-
pr_info("could not allocate crypto %s\n",
895
-
hmac_alg);
896
-
return PTR_ERR(hmacalg);
897
-
}
898
-
899
-
hashalg = crypto_alloc_shash(hash_alg, 0, 0);
900
-
if (IS_ERR(hashalg)) {
901
-
pr_info("could not allocate crypto %s\n",
902
-
hash_alg);
903
-
ret = PTR_ERR(hashalg);
904
-
goto hashalg_fail;
905
-
}
906
-
907
-
return 0;
908
-
909
-
hashalg_fail:
910
-
crypto_free_shash(hmacalg);
911
-
return ret;
912
-
}
913
-
914
993
static int __init init_digests(void)
915
994
{
916
995
int i;
···
903
1050
ret = init_digests();
904
1051
if (ret < 0)
905
1052
goto err_put;
906
-
ret = trusted_shash_alloc();
907
-
if (ret < 0)
908
-
goto err_free;
909
1053
ret = register_key_type(&key_type_trusted);
910
1054
if (ret < 0)
911
-
goto err_release;
1055
+
goto err_free;
912
1056
return 0;
913
-
err_release:
914
-
trusted_shash_release();
915
1057
err_free:
916
1058
kfree(digests);
917
1059
err_put:
···
919
1071
if (chip) {
920
1072
put_device(&chip->dev);
921
1073
kfree(digests);
922
-
trusted_shash_release();
923
1074
unregister_key_type(&key_type_trusted);
924
1075
}
925
1076
}