tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers
Take advantage of the new sized buffer (TPM2B) mode of struct tpm_buf in
tpm2_seal_trusted(). This allows to add robustness to the command
construction without requiring to calculate buffer sizes manually.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
+31
-23
+31
-23
security/keys/trusted-keys/trusted_tpm2.c
+31
-23
security/keys/trusted-keys/trusted_tpm2.c
···
228
228
struct trusted_key_payload *payload,
229
229
struct trusted_key_options *options)
230
230
{
231
+
off_t offset = TPM_HEADER_SIZE;
232
+
struct tpm_buf buf, sized;
231
233
int blob_len = 0;
232
-
struct tpm_buf buf;
233
234
u32 hash;
234
235
u32 flags;
235
236
int i;
···
259
258
return rc;
260
259
}
261
260
261
+
rc = tpm_buf_init_sized(&sized);
262
+
if (rc) {
263
+
tpm_buf_destroy(&buf);
264
+
tpm_put_ops(chip);
265
+
return rc;
266
+
}
267
+
268
+
tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
262
269
tpm_buf_append_u32(&buf, options->keyhandle);
263
270
tpm2_buf_append_auth(&buf, TPM2_RS_PW,
264
271
NULL /* nonce */, 0,
···
275
266
TPM_DIGEST_SIZE);
276
267
277
268
/* sensitive */
278
-
tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len);
269
+
tpm_buf_append_u16(&sized, options->blobauth_len);
279
270
280
-
tpm_buf_append_u16(&buf, options->blobauth_len);
281
271
if (options->blobauth_len)
282
-
tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
272
+
tpm_buf_append(&sized, options->blobauth, options->blobauth_len);
283
273
284
-
tpm_buf_append_u16(&buf, payload->key_len);
285
-
tpm_buf_append(&buf, payload->key, payload->key_len);
274
+
tpm_buf_append_u16(&sized, payload->key_len);
275
+
tpm_buf_append(&sized, payload->key, payload->key_len);
276
+
tpm_buf_append(&buf, sized.data, sized.length);
286
277
287
278
/* public */
288
-
tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
289
-
tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH);
290
-
tpm_buf_append_u16(&buf, hash);
279
+
tpm_buf_reset_sized(&sized);
280
+
tpm_buf_append_u16(&sized, TPM_ALG_KEYEDHASH);
281
+
tpm_buf_append_u16(&sized, hash);
291
282
292
283
/* key properties */
293
284
flags = 0;
294
285
flags |= options->policydigest_len ? 0 : TPM2_OA_USER_WITH_AUTH;
295
-
flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM |
296
-
TPM2_OA_FIXED_PARENT);
297
-
tpm_buf_append_u32(&buf, flags);
286
+
flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT);
287
+
tpm_buf_append_u32(&sized, flags);
298
288
299
289
/* policy */
300
-
tpm_buf_append_u16(&buf, options->policydigest_len);
290
+
tpm_buf_append_u16(&sized, options->policydigest_len);
301
291
if (options->policydigest_len)
302
-
tpm_buf_append(&buf, options->policydigest,
303
-
options->policydigest_len);
292
+
tpm_buf_append(&sized, options->policydigest, options->policydigest_len);
304
293
305
294
/* public parameters */
306
-
tpm_buf_append_u16(&buf, TPM_ALG_NULL);
307
-
tpm_buf_append_u16(&buf, 0);
295
+
tpm_buf_append_u16(&sized, TPM_ALG_NULL);
296
+
tpm_buf_append_u16(&sized, 0);
297
+
298
+
tpm_buf_append(&buf, sized.data, sized.length);
308
299
309
300
/* outside info */
310
301
tpm_buf_append_u16(&buf, 0);
···
321
312
if (rc)
322
313
goto out;
323
314
324
-
blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
325
-
if (blob_len > MAX_BLOB_SIZE) {
315
+
blob_len = tpm_buf_read_u32(&buf, &offset);
316
+
if (blob_len > MAX_BLOB_SIZE || buf.flags & TPM_BUF_BOUNDARY_ERROR) {
326
317
rc = -E2BIG;
327
318
goto out;
328
319
}
329
-
if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) {
320
+
if (buf.length - offset < blob_len) {
330
321
rc = -EFAULT;
331
322
goto out;
332
323
}
333
324
334
-
blob_len = tpm2_key_encode(payload, options,
335
-
&buf.data[TPM_HEADER_SIZE + 4],
336
-
blob_len);
325
+
blob_len = tpm2_key_encode(payload, options, &buf.data[offset], blob_len);
337
326
338
327
out:
328
+
tpm_buf_destroy(&sized);
339
329
tpm_buf_destroy(&buf);
340
330
341
331
if (rc > 0) {