From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752199AbbKIJv1 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 9 Nov 2015 04:51:27 -0500
Received: from mga11.intel.com ([192.55.52.93]:23527 "EHLO mga11.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751185AbbKIJvZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 9 Nov 2015 04:51:25 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.20,265,1444719600"; 
   d="scan'208";a="846553851"
Date: Mon, 9 Nov 2015 11:51:19 +0200
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Peter Huewe <peterhuewe@gmx.de>, Marcel Selhorst <tpmdd@selhorst.net>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
        "moderated list:TPM DEVICE DRIVER" 
	<tpmdd-devel@lists.sourceforge.net>,
        open list <linux-kernel@vger.kernel.org>,
        linux-security-module@vger.kernel.org
Subject: Re: [PATCH 3/3] tpm: fix missing migratable flag in sealing
 functionality for TPM2
Message-ID: <20151109095119.GA11250@intel.com>
References: <1446718824-5249-1-git-send-email-jarkko.sakkinen@linux.intel.com>
 <1446718824-5249-4-git-send-email-jarkko.sakkinen@linux.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1446718824-5249-4-git-send-email-jarkko.sakkinen@linux.intel.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi

Other fixes are ready for the pull request but for this patch peer
check might be useful.

I'm anyway sending the pull request with the five pull patches over
here even if I don't get 'Tested-by:':

https://github.com/jsakkine/linux-tpmdd/commits/fixes

I've tested this patch with fTPM and dTPM and it does not have any
side-effects to TPM 1.2.

/Jarkko

On Thu, Nov 05, 2015 at 12:20:23PM +0200, Jarkko Sakkinen wrote:
> The 'migratable' flag was not added to the key payload. This patch
> fixes the problem.
> 
> Fixes: 0fe5480303a1 ("keys, trusted: seal/unseal with TPM 2.0 chips")
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
>  drivers/char/tpm/tpm2-cmd.c | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index bd7039f..c121304 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -443,12 +443,13 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
>  			     TPM_DIGEST_SIZE);
>  
>  	/* sensitive */
> -	tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len);
> +	tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
>  
>  	tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
>  	tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
> -	tpm_buf_append_u16(&buf, payload->key_len);
> +	tpm_buf_append_u16(&buf, payload->key_len + 1);
>  	tpm_buf_append(&buf, payload->key, payload->key_len);
> +	tpm_buf_append_u8(&buf, payload->migratable);
>  
>  	/* public */
>  	tpm_buf_append_u16(&buf, 14);
> @@ -573,6 +574,8 @@ static int tpm2_unseal(struct tpm_chip *chip,
>  		       u32 blob_handle)
>  {
>  	struct tpm_buf buf;
> +	u16 data_len;
> +	u8 *data;
>  	int rc;
>  
>  	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
> @@ -591,11 +594,13 @@ static int tpm2_unseal(struct tpm_chip *chip,
>  		rc = -EPERM;
>  
>  	if (!rc) {
> -		payload->key_len = be16_to_cpup(
> +		data_len = be16_to_cpup(
>  			(__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
> +		data = &buf.data[TPM_HEADER_SIZE + 6];
>  
> -		memcpy(payload->key, &buf.data[TPM_HEADER_SIZE + 6],
> -		       payload->key_len);
> +		memcpy(payload->key, data, data_len - 1);
> +		payload->key_len = data_len - 1;
> +		payload->migratable = data[data_len - 1];
>  	}
>  
>  	tpm_buf_destroy(&buf);
> -- 
> 2.5.0
>