From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Bharat Bhushan" <bbhushan2@marvell.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>
Cc: "linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"Andreas.Fuchs@infineon.com" <Andreas.Fuchs@infineon.com>,
"James Prestwood" <prestwoj@gmail.com>,
"David Woodhouse" <dwmw2@infradead.org>,
"Eric Biggers" <ebiggers@kernel.org>,
"James Bottomley" <James.Bottomley@hansenpartnership.com>,
"David S. Miller" <davem@davemloft.net>,
"open list:CRYPTO API" <linux-crypto@vger.kernel.org>,
"open list" <linux-kernel@vger.kernel.org>,
"David Howells" <dhowells@redhat.com>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
"Stefan Berger" <stefanb@linux.ibm.com>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Mario Limonciello" <mario.limonciello@amd.com>
Subject: Re: [EXTERNAL] [PATCH v2 6/6] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE
Date: Tue, 21 May 2024 10:38:45 +0300 [thread overview]
Message-ID: <D1F5GQYP9JFC.3MXMKUM0CKGS5@kernel.org> (raw)
In-Reply-To: < <SN7PR18MB531494159D3996799475209DE3EA2@SN7PR18MB5314.namprd18.prod.outlook.com>
On Tue May 21, 2024 at 10:25 AM EEST, Bharat Bhushan wrote:
> > + rc = crypto_akcipher_encrypt(req);
> > + rc = crypto_wait_req(rc, &cwait);
> > +
>
> Few Minor comments,
> Extra line here
Yeah, makes sense.
> > + if (!rc)
> > + rc = req->dst_len;
> > +
> > + akcipher_request_free(req);
> > +
> > +err_tfm:
> > + crypto_free_akcipher(tfm);
> > +
> > + return rc;
> > +}
> > +
> > +static int __tpm2_key_rsa_decrypt(struct tpm_chip *chip,
> > + struct tpm2_key_rsa *key,
> > + struct kernel_pkey_params *params,
> > + const void *in, int in_len, void *out)
> > +{
> > + unsigned int offset = 0;
> > + u32 key_handle = 0;
> > + struct tpm_buf buf;
> > + u16 decrypted_len;
> > + u32 parent;
> > + u8 *pos;
> > + int ret;
> > +
> > + ret = tpm_try_get_ops(chip);
> > + if (ret)
> > + return ret;
> > +
> > + ret = tpm2_start_auth_session(chip);
> > + if (ret)
> > + goto err_ops;
> > +
> > + if (key->key.parent == TPM2_RH_NULL) {
> > + ret = tpm2_load_context(chip, chip->null_key_context,
> > &offset,
> > + &parent);
> > + if (ret) {
> > + ret = -EIO;
> > + goto err_auth;
> > + }
> > + } else {
> > + parent = key->key.parent;
> > + }
>
> Do we need braces here?
I think I added them because checkpatch complained me about not having
them. So I guess the rule is that if any branch has braces, all of them
should have...
>
> > +
> > + ret = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
> > + if (ret < 0)
> > + goto err_parent;
> > +
> > + tpm_buf_append_name(chip, &buf, parent, NULL);
> > + tpm_buf_append_hmac_session(chip, &buf,
> > TPM2_SA_CONTINUE_SESSION |
> > + TPM2_SA_ENCRYPT, NULL, 0);
> > + tpm_buf_append(&buf, key->key.blob, key->key.blob_len);
> > + if (buf.flags & TPM_BUF_OVERFLOW) {
> > + ret = -E2BIG;
> > + goto err_buf;
> > + }
> > + tpm_buf_fill_hmac_session(chip, &buf);
> > + ret = tpm_transmit_cmd(chip, &buf, 4, "RSA key loading");
> > + ret = tpm_buf_check_hmac_response(chip, &buf, ret);
> > + if (ret) {
> > + ret = -EIO;
> > + goto err_buf;
> > + }
> > + key_handle = be32_to_cpup((__be32
> > *)&buf.data[TPM_HEADER_SIZE]);
> > +
> > + tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_RSA_DECRYPT);
> > + tpm_buf_append_name(chip, &buf, key_handle, NULL);
> > + tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT,
> > NULL, 0);
> > + tpm_buf_append_u16(&buf, in_len);
> > + tpm_buf_append(&buf, in, in_len);
> > + tpm_buf_append_u16(&buf, TPM_ALG_NULL);
> > + tpm_buf_append_u16(&buf, 0);
> > + tpm_buf_fill_hmac_session(chip, &buf);
> > + ret = tpm_transmit_cmd(chip, &buf, 4, "RSA key decrypting");
> > + ret = tpm_buf_check_hmac_response(chip, &buf, ret);
> > + if (ret) {
> > + ret = -EIO;
> > + goto err_blob;
> > + }
> > +
> > + pos = buf.data + TPM_HEADER_SIZE + 4;
> > + decrypted_len = be16_to_cpup((__be16 *)pos);
> > + pos += 2;
> > +
> > + if (params->out_len < decrypted_len) {
> > + ret = -EMSGSIZE;
> > + goto err_blob;
> > + }
> > +
> > + memcpy(out, pos, decrypted_len);
> > + ret = decrypted_len;
> > +
> > +err_blob:
> > + tpm2_flush_context(chip, key_handle);
> > +
> > +err_buf:
> > + tpm_buf_destroy(&buf);
> > +
> > +err_parent:
> > + if (key->key.parent == TPM2_RH_NULL)
> > + tpm2_flush_context(chip, parent);
> > +
> > +err_auth:
> > + if (ret < 0)
> > + tpm2_end_auth_session(chip);
> > +
> > +err_ops:
> > + tpm_put_ops(chip);
> > + return ret;
> > +}
> > +
> > +static int tpm2_key_rsa_decrypt(struct tpm_chip *chip, struct tpm2_key_rsa
> > *key,
> > + struct kernel_pkey_params *params,
> > + const void *in, void *out)
> > +{
> > + const u8 *ptr;
> > + int out_len;
> > + u8 *work;
> > + int ret;
> > +
> > + work = kzalloc(params->out_len, GFP_KERNEL);
> > + if (!work)
> > + return -ENOMEM;
>
> Maybe use ERR_PTR() here and couple of more places
Hmm... but the function returns 'int'?
BR, Jarkko
prev parent reply other threads:[~2024-05-21 7:38 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-21 3:16 [PATCH v2 0/6] KEYS: asymmetric: tpm2_key_rsa Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 1/6] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 2/6] lib: Expand asn1_encode_integer() to variable size integers Jarkko Sakkinen
2024-05-21 5:36 ` [EXTERNAL] " Bharat Bhushan
[not found] ` < <SN7PR18MB5314CFBD18B011F292809EBFE3EA2@SN7PR18MB5314.namprd18.prod.outlook.com>
2024-05-21 6:21 ` Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 3/6] tpm: Export tpm2_load_context() Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 4/6] KEYS: trusted: Move tpm2_key_decode() to the TPM driver Jarkko Sakkinen
2024-05-21 18:18 ` James Bottomley
2024-05-21 21:17 ` Jarkko Sakkinen
2024-05-21 21:44 ` David Howells
2024-05-21 21:59 ` James Bottomley
2024-05-21 22:45 ` Jarkko Sakkinen
2024-05-21 22:59 ` Jarkko Sakkinen
2024-05-21 22:42 ` Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 5/6] tpm: tpm2_key: Extend parser to TPM_LoadableKey Jarkko Sakkinen
2024-05-21 5:47 ` [EXTERNAL] " Bharat Bhushan
[not found] ` < <SN7PR18MB53140F4341BC441C1C11586EE3EA2@SN7PR18MB5314.namprd18.prod.outlook.com>
2024-05-21 7:13 ` Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 6/6] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE Jarkko Sakkinen
2024-05-21 7:25 ` [EXTERNAL] " Bharat Bhushan
[not found] ` < <SN7PR18MB531494159D3996799475209DE3EA2@SN7PR18MB5314.namprd18.prod.outlook.com>
2024-05-21 7:38 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D1F5GQYP9JFC.3MXMKUM0CKGS5@kernel.org \
--to=jarkko@kernel.org \
--cc=Andreas.Fuchs@infineon.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ardb@kernel.org \
--cc=bbhushan2@marvell.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=prestwoj@gmail.com \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.