From patchwork Sat Oct 24 12:42:42 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 535397
Return-Path: <tpmdd-devel-bounces@lists.sourceforge.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 1431B14132D
	for <incoming@patchwork.ozlabs.org>;
	Sat, 24 Oct 2015 23:43:16 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <tpmdd-devel-bounces@lists.sourceforge.net>)
	id 1ZpyA6-000829-E2; Sat, 24 Oct 2015 12:43:06 +0000
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <jarkko.sakkinen@linux.intel.com>) id 1ZpyA5-000823-PB
	for tpmdd-devel@lists.sourceforge.net; Sat, 24 Oct 2015 12:43:05 +0000
X-ACL-Warn: 
Received: from mga09.intel.com ([134.134.136.24])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1ZpyA4-00078J-KL
	for tpmdd-devel@lists.sourceforge.net; Sat, 24 Oct 2015 12:43:05 +0000
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
	by orsmga102.jf.intel.com with ESMTP; 24 Oct 2015 05:42:59 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.20,192,1444719600"; d="scan'208";a="818481978"
Received: from lmryan-mobl3.ger.corp.intel.com (HELO localhost)
	([10.252.22.100])
	by fmsmga001.fm.intel.com with ESMTP; 24 Oct 2015 05:42:53 -0700
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Peter Huewe <peterhuewe@gmx.de>, Marcel Selhorst <tpmdd@selhorst.net>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	David Howells <dhowells@redhat.com>
Date: Sat, 24 Oct 2015 15:42:42 +0300
Message-Id: 
 <1445690562-11405-1-git-send-email-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.5.0
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
X-Headers-End: 1ZpyA4-00078J-KL
Cc: David Safford <safford@us.ibm.com>, linux-kernel@vger.kernel.org,
	josh@joshtriplett.org, seth.forshee@canonical.com,
	linux-security-module@vger.kernel.org,
	tpmdd-devel@lists.sourceforge.net, keyrings@vger.kernel.org,
	James Morris <james.l.morris@oracle.com>,
	colin.king@canonical.com, "Serge E. Hallyn" <serge@hallyn.com>,
	chris.j.arges@canonical.com
Subject: [tpmdd-devel] [PATCH] keys, trusted: select TPM2 hash algorithm
X-BeenThere: tpmdd-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Tpm Device Driver maintainance <tpmdd-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/tpmdd-devel>,
	<mailto:tpmdd-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=tpmdd-devel>
List-Post: <mailto:tpmdd-devel@lists.sourceforge.net>
List-Help: <mailto:tpmdd-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/tpmdd-devel>,
	<mailto:tpmdd-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: tpmdd-devel-bounces@lists.sourceforge.net

Added 'hashalg=' option for selecting the hash algorithm.

Currently available options are:

* sha1
* sha256
* sha384
* sha512
* sm3_256

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/char/tpm/tpm.h      |  5 ++++-
 drivers/char/tpm/tpm2-cmd.c | 34 ++++++++++++++++++++++++++++++++++
 include/keys/trusted-type.h |  2 ++
 security/keys/trusted.c     |  8 +++++++-
 4 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index a4257a3..4c18f46 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -92,7 +92,10 @@ enum tpm2_algorithms {
 	TPM2_ALG_SHA1		= 0x0004,
 	TPM2_ALG_KEYEDHASH	= 0x0008,
 	TPM2_ALG_SHA256		= 0x000B,
-	TPM2_ALG_NULL		= 0x0010
+	TPM2_ALG_SHA384		= 0x000C,
+	TPM2_ALG_SHA512		= 0x000D,
+	TPM2_ALG_NULL		= 0x0010,
+	TPM2_ALG_SM3_256	= 0x0012,
 };
 
 enum tpm2_command_codes {
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index bd7039f..0704bd6 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -104,6 +104,22 @@ struct tpm2_cmd {
 	union tpm2_cmd_params	params;
 } __packed;
 
+struct tpm2_hashalg {
+	char	name[MAX_HASHALG_SIZE];
+	u32	id;
+};
+
+struct tpm2_hashalg tpm2_hashalg_map[] = {
+	{"sha1", TPM2_ALG_SHA1},
+	{"sha256", TPM2_ALG_SHA256},
+	{"sm3_256", TPM2_ALG_SM3_256},
+	{"sha384", TPM2_ALG_SHA384},
+	{"sha512", TPM2_ALG_SHA512},
+};
+
+#define TPM2_HASHALG_COUNT \
+	(sizeof(tpm2_hashalg_map) / sizeof(tpm2_hashalg_map[1]))
+
 /*
  * Array with one entry per ordinal defining the maximum amount
  * of time the chip could take to return the result. The values
@@ -429,8 +445,26 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 {
 	unsigned int blob_len;
 	struct tpm_buf buf;
+	u32 hashalg = TPM2_ALG_SHA256;
+	int i;
 	int rc;
 
+	if (strlen(options->hashalg) > 0) {
+		for (i = 0; i < TPM2_HASHALG_COUNT; i++) {
+			if (!strcmp(options->hashalg,
+				    tpm2_hashalg_map[i].name)) {
+				hashalg = tpm2_hashalg_map[i].id;
+				dev_dbg(chip->pdev, "%s: hashalg: %s 0x%08X\n",
+					__func__, tpm2_hashalg_map[i].name,
+					hashalg);
+				break;
+			}
+		}
+
+		if (i == TPM2_HASHALG_COUNT)
+			return -EINVAL;
+	}
+
 	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
 	if (rc)
 		return rc;
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index f91ecd9..a545733 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
@@ -18,6 +18,7 @@
 #define MAX_KEY_SIZE			128
 #define MAX_BLOB_SIZE			512
 #define MAX_PCRINFO_SIZE		64
+#define MAX_HASHALG_SIZE		16
 
 struct trusted_key_payload {
 	struct rcu_head rcu;
@@ -36,6 +37,7 @@ struct trusted_key_options {
 	uint32_t pcrinfo_len;
 	unsigned char pcrinfo[MAX_PCRINFO_SIZE];
 	int pcrlock;
+	unsigned char hashalg[MAX_HASHALG_SIZE];
 };
 
 extern struct key_type key_type_trusted;
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index d3633cf..9e7564d 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -710,7 +710,8 @@ enum {
 	Opt_err = -1,
 	Opt_new, Opt_load, Opt_update,
 	Opt_keyhandle, Opt_keyauth, Opt_blobauth,
-	Opt_pcrinfo, Opt_pcrlock, Opt_migratable
+	Opt_pcrinfo, Opt_pcrlock, Opt_migratable,
+	Opt_hashalg,
 };
 
 static const match_table_t key_tokens = {
@@ -723,6 +724,7 @@ static const match_table_t key_tokens = {
 	{Opt_pcrinfo, "pcrinfo=%s"},
 	{Opt_pcrlock, "pcrlock=%s"},
 	{Opt_migratable, "migratable=%s"},
+	{Opt_hashalg, "hashalg=%s"},
 	{Opt_err, NULL}
 };
 
@@ -787,6 +789,10 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
 				return -EINVAL;
 			opt->pcrlock = lock;
 			break;
+		case Opt_hashalg:
+			strncpy(opt->hashalg, args[0].from,
+				MAX_HASHALG_SIZE - 1);
+			break;
 		default:
 			return -EINVAL;
 		}