[PATCH v5 0/8] Extend struct tpm_buf to support sized buffers (TPM2B)

[PATCH v5 0/8] Extend struct tpm_buf to support sized buffers (TPM2B)

[Jarkko Sakkinen]

This patch set extends struct tpm_buf to support TPM2 sized buffers, and
adds reader functions for parsing more complex response data.  It is
implemented to support smooth landing of [2]. Sealing of the TPM2 trusted
keys is updated to utilize the new functionality, and thus provides a
legit test case for it.

TPM2 sized buffer, i.e. the buffers in TPM2 format, are defined in the
section 10.4 of the TPM2 Structures [1] specification.

Here's the smoke test that I've run for TPM2:

/usr/lib/kselftests/run_kselftest.sh
tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
tpm2_evictcontrol -c key.ctxt 0x81000001
keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u
keyctl add encrypted 1000100010001000 "new ecryptfs trusted:kmk 64" @u

[1] https://trustedcomputinggroup.org/resource/tpm-library-specification/
[2] https://lore.kernel.org/linux-integrity/20230403214003.32093-1-James.Bottomley@HansenPartnership.com/

v5:
- Fixed glitch in tpm_buf_read() reported by James Bottomley to the v4.
  Was forgotten from v4.
- Remove a spurious memset() call introduced in v4.
- Allow command buffer tag to be initially set to zero (caused spurious
  warnings).
v4:
- Cleaned up the bit too spread code changes based on the v3 review.
- For testing instructions see the previous cover letter, and use
  linux-v6.6.y branch:
  https://lore.kernel.org/linux-integrity/20231024011531.442587-1-jarkko@kernel.org/
v3:
- Resend with rebase to the latest upstream.

Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: William Roberts <bill.c.roberts@gmail.com> 
Cc: Stefan Berger <stefanb@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Jerry Snitselaar <jsnitsel@redhat.com>

James Bottomley (1):
  tpm: Move buffer handling from static inlines to real functions

Jarkko Sakkinen (7):
  tpm: Remove unused tpm_buf_tag()
  tpm: Remove tpm_send()
  tpm: Update &tpm_buf documentation
  tpm: Store the length of the tpm_buf data separately.
  tpm: TPM2B formatted buffers
  tpm: Add tpm_buf_read_{u8,u16,u32}
  KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers

 drivers/char/tpm/Makefile                 |   1 +
 drivers/char/tpm/tpm-buf.c                | 222 ++++++++++++++++++++++
 drivers/char/tpm/tpm-interface.c          |  26 +--
 include/keys/trusted_tpm.h                |   2 -
 include/linux/tpm.h                       | 112 +++--------
 security/keys/trusted-keys/trusted_tpm1.c |  23 ++-
 security/keys/trusted-keys/trusted_tpm2.c |  54 +++---
 7 files changed, 295 insertions(+), 145 deletions(-)
 create mode 100644 drivers/char/tpm/tpm-buf.c

-- 
2.42.1

[PATCH v5 1/8] tpm: Remove unused tpm_buf_tag()

[Jarkko Sakkinen]

The helper function has no call sites. Thus, remove it.

Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
v1 [2023-11-21]: A new patch.
---
 include/linux/tpm.h | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 4ee9d13749ad..6588ca87cf93 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -358,13 +358,6 @@ static inline u32 tpm_buf_length(struct tpm_buf *buf)
 	return be32_to_cpu(head->length);
 }
 
-static inline u16 tpm_buf_tag(struct tpm_buf *buf)
-{
-	struct tpm_header *head = (struct tpm_header *)buf->data;
-
-	return be16_to_cpu(head->tag);
-}
-
 static inline void tpm_buf_append(struct tpm_buf *buf,
 				  const unsigned char *new_data,
 				  unsigned int new_len)
-- 
2.42.1

[PATCH v5 2/8] tpm: Remove tpm_send()

[Jarkko Sakkinen]

Open code the last remaining call site for tpm_send().

Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
v1 [2023-11-21]: A new patch.
---
 drivers/char/tpm/tpm-interface.c          | 25 -----------------------
 include/linux/tpm.h                       |  5 -----
 security/keys/trusted-keys/trusted_tpm1.c | 14 +++++++++++--
 3 files changed, 12 insertions(+), 32 deletions(-)

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 66b16d26eecc..163ae247bff2 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -342,31 +342,6 @@ int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
 }
 EXPORT_SYMBOL_GPL(tpm_pcr_extend);
 
-/**
- * tpm_send - send a TPM command
- * @chip:	a &struct tpm_chip instance, %NULL for the default chip
- * @cmd:	a TPM command buffer
- * @buflen:	the length of the TPM command buffer
- *
- * Return: same as with tpm_transmit_cmd()
- */
-int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
-{
-	struct tpm_buf buf;
-	int rc;
-
-	chip = tpm_find_get_ops(chip);
-	if (!chip)
-		return -ENODEV;
-
-	buf.data = cmd;
-	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to a send a command");
-
-	tpm_put_ops(chip);
-	return rc;
-}
-EXPORT_SYMBOL_GPL(tpm_send);
-
 int tpm_auto_startup(struct tpm_chip *chip)
 {
 	int rc;
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 6588ca87cf93..d9d645e9c52c 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -422,7 +422,6 @@ extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
 			struct tpm_digest *digest);
 extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
 			  struct tpm_digest *digests);
-extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen);
 extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
 extern struct tpm_chip *tpm_default_chip(void);
 void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
@@ -443,10 +442,6 @@ static inline int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
 	return -ENODEV;
 }
 
-static inline int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
-{
-	return -ENODEV;
-}
 static inline int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max)
 {
 	return -ENODEV;
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index aa108bea6739..37bce84eef99 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -356,17 +356,27 @@ static int TSS_checkhmac2(unsigned char *buffer,
  */
 int trusted_tpm_send(unsigned char *cmd, size_t buflen)
 {
+	struct tpm_buf buf;
 	int rc;
 
 	if (!chip)
 		return -ENODEV;
 
+	rc = tpm_try_get_ops(chip);
+	if (rc)
+		return rc;
+
+	buf.flags = 0;
+	buf.data = cmd;
 	dump_tpm_buf(cmd);
-	rc = tpm_send(chip, cmd, buflen);
+	rc = tpm_transmit_cmd(chip, &buf, 4, "sending data");
 	dump_tpm_buf(cmd);
+
 	if (rc > 0)
-		/* Can't return positive return codes values to keyctl */
+		/* TPM error */
 		rc = -EPERM;
+
+	tpm_put_ops(chip);
 	return rc;
 }
 EXPORT_SYMBOL_GPL(trusted_tpm_send);
-- 
2.42.1

[PATCH v5 0/8] Extend struct tpm_buf to support sized buffers (TPM2B)

[Jarkko Sakkinen]

This patch set extends struct tpm_buf to support TPM2 sized buffers, and
adds reader functions for parsing more complex response data.  It is
implemented to support smooth landing of [2]. Sealing of the TPM2 trusted
keys is updated to utilize the new functionality, and thus provides a
legit test case for it.

TPM2 sized buffer, i.e. the buffers in TPM2 format, are defined in the
section 10.4 of the TPM2 Structures [1] specification.

Here's the smoke test that I've run for TPM2:

/usr/lib/kselftests/run_kselftest.sh
tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
tpm2_evictcontrol -c key.ctxt 0x81000001
keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u
keyctl add encrypted 1000100010001000 "new ecryptfs trusted:kmk 64" @u

[1] https://trustedcomputinggroup.org/resource/tpm-library-specification/
[2] https://lore.kernel.org/linux-integrity/20230403214003.32093-1-James.Bottomley@HansenPartnership.com/

v5:
- Fixed glitch in tpm_buf_read() reported by James Bottomley to the v4.
  Was forgotten from v4.
- Remove a spurious memset() call introduced in v4.
- Allow command buffer tag to be initially set to zero (caused spurious
  warnings).
v4:
- Cleaned up the bit too spread code changes based on the v3 review.
- For testing instructions see the previous cover letter, and use
  linux-v6.6.y branch:
  https://lore.kernel.org/linux-integrity/20231024011531.442587-1-jarkko@kernel.org/
v3:
- Resend with rebase to the latest upstream.

Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: William Roberts <bill.c.roberts@gmail.com> 
Cc: Stefan Berger <stefanb@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Jerry Snitselaar <jsnitsel@redhat.com>

James Bottomley (1):
  tpm: Move buffer handling from static inlines to real functions

Jarkko Sakkinen (7):
  tpm: Remove unused tpm_buf_tag()
  tpm: Remove tpm_send()
  tpm: Update &tpm_buf documentation
  tpm: Store the length of the tpm_buf data separately.
  tpm: TPM2B formatted buffers
  tpm: Add tpm_buf_read_{u8,u16,u32}
  KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers

 drivers/char/tpm/Makefile                 |   1 +
 drivers/char/tpm/tpm-buf.c                | 222 ++++++++++++++++++++++
 drivers/char/tpm/tpm-interface.c          |  26 +--
 include/keys/trusted_tpm.h                |   2 -
 include/linux/tpm.h                       | 112 +++--------
 security/keys/trusted-keys/trusted_tpm1.c |  23 ++-
 security/keys/trusted-keys/trusted_tpm2.c |  54 +++---
 7 files changed, 295 insertions(+), 145 deletions(-)
 create mode 100644 drivers/char/tpm/tpm-buf.c

-- 
2.42.1

Re: [PATCH v5 0/8] Extend struct tpm_buf to support sized buffers (TPM2B)

[Serge E. Hallyn]

On Wed, Nov 22, 2023 at 12:31:12AM +0200, Jarkko Sakkinen wrote:
> This patch set extends struct tpm_buf to support TPM2 sized buffers, and
> adds reader functions for parsing more complex response data.  It is
> implemented to support smooth landing of [2]. Sealing of the TPM2 trusted
> keys is updated to utilize the new functionality, and thus provides a
> legit test case for it.
> 
> TPM2 sized buffer, i.e. the buffers in TPM2 format, are defined in the
> section 10.4 of the TPM2 Structures [1] specification.
> 
> Here's the smoke test that I've run for TPM2:
> 
> /usr/lib/kselftests/run_kselftest.sh
> tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
> tpm2_evictcontrol -c key.ctxt 0x81000001
> keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u
> keyctl add encrypted 1000100010001000 "new ecryptfs trusted:kmk 64" @u
> 
> [1] https://trustedcomputinggroup.org/resource/tpm-library-specification/
> [2] https://lore.kernel.org/linux-integrity/20230403214003.32093-1-James.Bottomley@HansenPartnership.com/
> 
> v5:
> - Fixed glitch in tpm_buf_read() reported by James Bottomley to the v4.
>   Was forgotten from v4.
> - Remove a spurious memset() call introduced in v4.
> - Allow command buffer tag to be initially set to zero (caused spurious
>   warnings).
> v4:
> - Cleaned up the bit too spread code changes based on the v3 review.
> - For testing instructions see the previous cover letter, and use
>   linux-v6.6.y branch:
>   https://lore.kernel.org/linux-integrity/20231024011531.442587-1-jarkko@kernel.org/
> v3:
> - Resend with rebase to the latest upstream.
> 
> Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
> Cc: William Roberts <bill.c.roberts@gmail.com> 
> Cc: Stefan Berger <stefanb@linux.ibm.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> Cc: Mimi Zohar <zohar@linux.ibm.com>
> Cc: Mario Limonciello <mario.limonciello@amd.com>
> Cc: Jerry Snitselaar <jsnitsel@redhat.com>

I'm not an expert in this area, but my interest is piqued when I see
tpm/tpm2, so I took a pretty close look, and all looked good to me

Reviewed-by: Serge Hallyn <serge@hallyn.com>

Re: [PATCH v5 0/8] Extend struct tpm_buf to support sized buffers (TPM2B)

[Jarkko Sakkinen]

On Tue Nov 28, 2023 at 4:42 PM EET, Serge E. Hallyn wrote:
> On Wed, Nov 22, 2023 at 12:31:12AM +0200, Jarkko Sakkinen wrote:
> > This patch set extends struct tpm_buf to support TPM2 sized buffers, and
> > adds reader functions for parsing more complex response data.  It is
> > implemented to support smooth landing of [2]. Sealing of the TPM2 trusted
> > keys is updated to utilize the new functionality, and thus provides a
> > legit test case for it.
> > 
> > TPM2 sized buffer, i.e. the buffers in TPM2 format, are defined in the
> > section 10.4 of the TPM2 Structures [1] specification.
> > 
> > Here's the smoke test that I've run for TPM2:
> > 
> > /usr/lib/kselftests/run_kselftest.sh
> > tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
> > tpm2_evictcontrol -c key.ctxt 0x81000001
> > keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u
> > keyctl add encrypted 1000100010001000 "new ecryptfs trusted:kmk 64" @u
> > 
> > [1] https://trustedcomputinggroup.org/resource/tpm-library-specification/
> > [2] https://lore.kernel.org/linux-integrity/20230403214003.32093-1-James.Bottomley@HansenPartnership.com/
> > 
> > v5:
> > - Fixed glitch in tpm_buf_read() reported by James Bottomley to the v4.
> >   Was forgotten from v4.
> > - Remove a spurious memset() call introduced in v4.
> > - Allow command buffer tag to be initially set to zero (caused spurious
> >   warnings).
> > v4:
> > - Cleaned up the bit too spread code changes based on the v3 review.
> > - For testing instructions see the previous cover letter, and use
> >   linux-v6.6.y branch:
> >   https://lore.kernel.org/linux-integrity/20231024011531.442587-1-jarkko@kernel.org/
> > v3:
> > - Resend with rebase to the latest upstream.
> > 
> > Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
> > Cc: William Roberts <bill.c.roberts@gmail.com> 
> > Cc: Stefan Berger <stefanb@linux.ibm.com>
> > Cc: David Howells <dhowells@redhat.com>
> > Cc: Jason Gunthorpe <jgg@ziepe.ca>
> > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > Cc: Mario Limonciello <mario.limonciello@amd.com>
> > Cc: Jerry Snitselaar <jsnitsel@redhat.com>
>
> I'm not an expert in this area, but my interest is piqued when I see
> tpm/tpm2, so I took a pretty close look, and all looked good to me
>
> Reviewed-by: Serge Hallyn <serge@hallyn.com>

Thanks for the review and comments!

BR, Jarkko