From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH 1/2] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling
Date: Mon, 05 Mar 2018 06:58:32 -0800 [thread overview]
Message-ID: <1520261912.5312.3.camel@HansenPartnership.com> (raw)
In-Reply-To: <20180305113533.GJ25377@linux.intel.com>
On Mon, 2018-03-05 at 13:35 +0200, Jarkko Sakkinen wrote:
> On Fri, Mar 02, 2018 at 10:06:15PM -0800, James Bottomley wrote:
> >
> > diff --git a/drivers/char/tpm/tpm2b.h b/drivers/char/tpm/tpm2b.h
> > new file mode 100644
> > index 000000000000..c7726f2895aa
> > --- /dev/null
> > +++ b/drivers/char/tpm/tpm2b.h
> > @@ -0,0 +1,82 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +#ifndef _TPM2_TPM2B_H
> > +#define _TPM2_TPM2B_H
> > +/*
> > + * Handing for tpm2b structures to facilitate the building of
> > commands
> > + */
> > +
> > +#include "tpm.h"
> > +
> > +#include <asm/unaligned.h>
> > +
> > +struct tpm2b {
> > + struct tpm_buf buf;
> > +};
> > +
> > +/* opaque structure, holds auth session parameters like the
> > session key */
> > +struct tpm2_auth;
> > +
> > +static inline int tpm2b_init(struct tpm2b *buf)
> > +{
> > + return tpm_buf_init(&buf->buf, 0, 0);
> > +}
> > +
> > +static inline void tpm2b_reset(struct tpm2b *buf)
> > +{
> > + struct tpm_input_header *head;
> > +
> > + head = (struct tpm_input_header *)buf->buf.data;
> > + head->length = cpu_to_be32(sizeof(*head));
> > +}
> > +
> > +static inline void tpm2b_append(struct tpm2b *buf, const unsigned
> > char *data,
> > + unsigned int len)
> > +{
> > + tpm_buf_append(&buf->buf, data, len);
> > +}
> > +
> > +#define TPM2B_APPEND(type) \
> > + static inline void tpm2b_append_##type(struct tpm2b *buf,
> > const type value) { tpm_buf_append_##type(&buf->buf, value); }
> > +
> > +TPM2B_APPEND(u8)
> > +TPM2B_APPEND(u16)
> > +TPM2B_APPEND(u32)
> > +
> > +static inline void *tpm2b_buffer(const struct tpm2b *buf)
> > +{
> > + return buf->buf.data + sizeof(struct tpm_input_header);
> > +}
> > +
> > +static inline u16 tpm2b_len(struct tpm2b *buf)
> > +{
> > + return tpm_buf_length(&buf->buf) - sizeof(struct
> > tpm_input_header);
> > +}
> > +
> > +static inline void tpm2b_destroy(struct tpm2b *buf)
> > +{
> > + tpm_buf_destroy(&buf->buf);
> > +}
> > +
> > +static inline void tpm_buf_append_2b(struct tpm_buf *buf, struct
> > tpm2b *tpm2b)
> > +{
> > + u16 len = tpm2b_len(tpm2b);
> > +
> > + tpm_buf_append_u16(buf, len);
> > + tpm_buf_append(buf, tpm2b_buffer(tpm2b), len);
> > + /* clear the buf for reuse */
> > + tpm2b_reset(tpm2b);
> > +}
> > +
> > +/* Macros for unmarshalling known size BE data */
> > +#define GET_INC(type) \
> > +static inline u##type get_inc_##type(const u8 **ptr) { \
> > + u##type val; \
> > + val = get_unaligned_be##type(*ptr); \
> > + *ptr += sizeof(val); \
> > + return val; \
> > +}
> > +
> > +GET_INC(16)
> > +GET_INC(32)
> > +
> > +#endif
> > --
> > 2.12.3
> >
>
> Some meta stuff:
>
> * Add me to TO-field because I should probably review and eventually
> test these, right?
Eventually; they're an RFC because we need to get the API right first
(I've already got a couple of fixes to it).
> * CC to linux-security-module
There's no change to anything in security module, so why? All security
module people who care about the TPM should be on linux-integrity and
those who don't likely don't want to see the changes. The reason
linux-crypto is on the cc is because I want them to make sure I'm using
their crypto system correctly.
> * Why there is no RFC tag given that these are so quite large
> changes?
There is an RFC tag on 0/2
> * Why in hell tpm2b.h?
Because all sized TPM structures are in 2B form and manipulating them
can be made a lot easier with helper routines.
James
next prev parent reply other threads:[~2018-03-05 14:58 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-03 6:04 [RFC 0/2] add integrity and security to TPM2 transactions James Bottomley
[not found] ` <1520057175.27452.18.camel@HansenPartnership.com>
2018-03-05 11:35 ` [PATCH 1/2] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling Jarkko Sakkinen
2018-03-05 11:50 ` Jarkko Sakkinen
2018-03-05 11:50 ` Jarkko Sakkinen
2018-03-05 14:58 ` James Bottomley [this message]
2018-03-05 17:41 ` Jarkko Sakkinen
2018-03-05 14:04 ` [RFC 0/2] add integrity and security to TPM2 transactions Jason Gunthorpe
2018-03-05 15:42 ` James Bottomley
2018-04-08 20:28 ` Ken Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1520261912.5312.3.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.