[PATCH v4 09/13] tpm: add hmac checks to tpm2_pcr_extend()

public inbox for linux-integrity@vger.kernel.org
 help / color / mirror / Atom feed

From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
	keyrings@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH v4 09/13] tpm: add hmac checks to tpm2_pcr_extend()
Date: Mon,  3 Apr 2023 17:39:59 -0400	[thread overview]
Message-ID: <20230403214003.32093-10-James.Bottomley@HansenPartnership.com> (raw)
In-Reply-To: <20230403214003.32093-1-James.Bottomley@HansenPartnership.com>

tpm2_pcr_extend() is used by trusted keys to extend a PCR to prevent a
key from being re-loaded until the next reboot.  To use this
functionality securely, that extend must be protected by a session
hmac.  This patch adds HMAC protection so tampering with the
tpm2_pcr_extend() command in flight is detected.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 drivers/char/tpm/tpm2-cmd.c | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index b0e72fb563d9..a53a843294ed 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -216,13 +216,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
 	return rc;
 }
 
-struct tpm2_null_auth_area {
-	__be32  handle;
-	__be16  nonce_size;
-	u8  attributes;
-	__be16  auth_size;
-} __packed;
-
 /**
  * tpm2_pcr_extend() - extend a PCR value
  *
@@ -236,24 +229,22 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
 		    struct tpm_digest *digests)
 {
 	struct tpm_buf buf;
-	struct tpm2_null_auth_area auth_area;
 	int rc;
 	int i;
 
-	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
+	rc = tpm2_start_auth_session(chip);
 	if (rc)
 		return rc;
 
-	tpm_buf_append_u32(&buf, pcr_idx);
+	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
+	if (rc) {
+		tpm2_end_auth_session(chip);
+		return rc;
+	}
 
-	auth_area.handle = cpu_to_be32(TPM2_RS_PW);
-	auth_area.nonce_size = 0;
-	auth_area.attributes = 0;
-	auth_area.auth_size = 0;
+	tpm_buf_append_name(chip, &buf, pcr_idx, NULL);
+	tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
 
-	tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
-	tpm_buf_append(&buf, (const unsigned char *)&auth_area,
-		       sizeof(auth_area));
 	tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
 
 	for (i = 0; i < chip->nr_allocated_banks; i++) {
@@ -262,7 +253,9 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
 			       chip->allocated_banks[i].digest_size);
 	}
 
+	tpm_buf_fill_hmac_session(chip, &buf);
 	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
+	rc = tpm_buf_check_hmac_response(chip, &buf, rc);
 
 	tpm_buf_destroy(&buf);
 
-- 
2.35.3

next prev parent reply	other threads:[~2023-04-03 21:48 UTC|newest]

Thread overview: 62+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-03 21:39 [PATCH v4 00/13] add integrity and security to TPM2 transactions James Bottomley
2023-04-03 21:39 ` [PATCH v4 01/13] crypto: lib - implement library version of AES in CFB mode James Bottomley
2023-04-23  3:34   ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 02/13] tpm: move buffer handling from static inlines to real functions James Bottomley
2023-04-23  3:36   ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 03/13] tpm: add kernel doc to buffer handling functions James Bottomley
2023-04-23  3:40   ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 04/13] tpm: add buffer handling for TPM2B types James Bottomley
2023-04-23  4:12   ` Jarkko Sakkinen
2023-05-02 15:43   ` Stefan Berger
2023-05-03 11:29     ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 05/13] tpm: add cursor based buffer functions for response parsing James Bottomley
2023-04-23  4:14   ` Jarkko Sakkinen
2023-05-02 13:54   ` Stefan Berger
2023-08-22 11:15   ` Jarkko Sakkinen
2023-08-22 13:51     ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 06/13] tpm: add buffer function to point to returned parameters James Bottomley
2023-05-02 14:09   ` Stefan Berger
2023-05-03 11:31     ` Jarkko Sakkinen
2023-06-06  2:09       ` James Bottomley
2023-06-06 15:34         ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 07/13] tpm: export the context save and load commands James Bottomley
2023-05-02 14:12   ` Stefan Berger
2023-04-03 21:39 ` [PATCH v4 08/13] tpm: Add full HMAC and encrypt/decrypt session handling code James Bottomley
2023-04-04  1:49   ` kernel test robot
2023-04-23  5:29   ` Jarkko Sakkinen
2023-11-26  3:39   ` Jarkko Sakkinen
2023-11-26  3:45     ` Jarkko Sakkinen
2023-11-26 15:07       ` James Bottomley
2023-11-26 15:05     ` James Bottomley
2023-12-04  2:29       ` Jarkko Sakkinen
2023-12-04 12:35         ` James Bottomley
2023-12-04 13:43           ` Mimi Zohar
2023-12-04 13:53             ` James Bottomley
2023-12-04 13:59               ` Mimi Zohar
2023-12-04 14:02                 ` James Bottomley
2023-12-04 14:10                   ` Mimi Zohar
2023-12-04 14:23                     ` James Bottomley
2023-12-04 22:58             ` Jarkko Sakkinen
2023-12-04 22:46           ` Jarkko Sakkinen
2023-04-03 21:39 ` James Bottomley [this message]
2023-04-23  5:32   ` [PATCH v4 09/13] tpm: add hmac checks to tpm2_pcr_extend() Jarkko Sakkinen
2023-04-03 21:40 ` [PATCH v4 10/13] tpm: add session encryption protection to tpm2_get_random() James Bottomley
2023-04-03 21:40 ` [PATCH v4 11/13] KEYS: trusted: Add session encryption protection to the seal/unseal path James Bottomley
2023-04-03 21:40 ` [PATCH v4 12/13] tpm: add the null key name as a sysfs export James Bottomley
2023-04-23  5:38   ` Jarkko Sakkinen
2023-04-03 21:40 ` [PATCH v4 13/13] Documentation: add tpm-security.rst James Bottomley
2023-04-04 18:43 ` [PATCH v4 00/13] add integrity and security to TPM2 transactions William Roberts
2023-04-04 19:18   ` James Bottomley
2023-04-04 19:42     ` William Roberts
2023-04-04 20:19       ` James Bottomley
2023-04-04 21:10         ` William Roberts
2023-04-04 21:33           ` James Bottomley
2023-04-04 21:44             ` William Roberts
2023-04-05 18:39 ` William Roberts
2023-04-05 19:41   ` James Bottomley
2023-04-07 14:40     ` William Roberts
2023-04-23  5:42 ` Jarkko Sakkinen
2023-12-04 18:56 ` Stefan Berger
2023-12-04 19:24   ` James Bottomley
2023-12-04 21:02     ` Stefan Berger
2023-12-05 13:50       ` James Bottomley

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b0e72fb563d dfblob:a53a843294e )
 OR (
bs:"[PATCH v4 09/13] tpm: add hmac checks to tpm2_pcr_extend()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230403214003.32093-10-James.Bottomley@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=ardb@kernel.org \
    --cc=jarkko@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox