From patchwork Tue Mar 29 16:48:57 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 603074 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3qZGwZ0zRMz9sD9 for ; Wed, 30 Mar 2016 03:50:06 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1akwqC-0000zH-2x; Tue, 29 Mar 2016 16:50:04 +0000 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1akwqB-0000zC-6C for tpmdd-devel@lists.sourceforge.net; Tue, 29 Mar 2016 16:50:03 +0000 X-ACL-Warn: Received: from mga01.intel.com ([192.55.52.88]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1akwq9-0004he-UM for tpmdd-devel@lists.sourceforge.net; Tue, 29 Mar 2016 16:50:03 +0000 Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP; 29 Mar 2016 09:49:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,411,1455004800"; d="scan'208";a="947370575" Received: from broland-mobl.ger.corp.intel.com (HELO localhost) ([10.252.26.217]) by fmsmga002.fm.intel.com with ESMTP; 29 Mar 2016 09:49:24 -0700 From: Jarkko Sakkinen To: Peter Huewe Date: Tue, 29 Mar 2016 19:48:57 +0300 Message-Id: <1459270137-27805-1-git-send-email-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.7.3 X-Spam-Score: -1.0 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1akwq9-0004he-UM Cc: David Howells , David Safford , open list , stable@vger.kernel.org, "open list:KEYS-TRUSTED" , "moderated list:TPM DEVICE DRIVER" , "open list:KEYS-TRUSTED" , James Morris , "Serge E. Hallyn" Subject: [tpmdd-devel] [PATCH] tpm: fix checks for policy digest existence in tpm2_seal_trusted() (resend for stable) X-BeenThere: tpmdd-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: Tpm Device Driver maintainance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: tpmdd-devel-bounces@lists.sourceforge.net In my original patch sealing with policy was done with dynamically allocated buffer that I changed later into an array so the checks in tpm2-cmd.c became invalid. This patch fixes the issue. Fixes: 5beb0c435bdd ("keys, trusted: seal with a TPM2 authorization policy") Reported-by: Dan Carpenter Signed-off-by: Jarkko Sakkinen Acked-by: Peter Huewe CC: stable@vger.kernel.org --- drivers/char/tpm/tpm2-cmd.c | 12 ++++-------- include/keys/trusted-type.h | 2 +- security/keys/trusted.c | 11 +++++------ 3 files changed, 10 insertions(+), 15 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 45a6340..66e04b4 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -478,20 +478,16 @@ int tpm2_seal_trusted(struct tpm_chip *chip, tpm_buf_append_u8(&buf, payload->migratable); /* public */ - if (options->policydigest) - tpm_buf_append_u16(&buf, 14 + options->digest_len); - else - tpm_buf_append_u16(&buf, 14); - + tpm_buf_append_u16(&buf, 14 + options->policydigest_len); tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); tpm_buf_append_u16(&buf, hash); /* policy */ - if (options->policydigest) { + if (options->policydigest_len) { tpm_buf_append_u32(&buf, 0); - tpm_buf_append_u16(&buf, options->digest_len); + tpm_buf_append_u16(&buf, options->policydigest_len); tpm_buf_append(&buf, options->policydigest, - options->digest_len); + options->policydigest_len); } else { tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); tpm_buf_append_u16(&buf, 0); diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index 42cf2d9..4ea7e55 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -38,7 +38,7 @@ struct trusted_key_options { unsigned char pcrinfo[MAX_PCRINFO_SIZE]; int pcrlock; uint32_t hash; - uint32_t digest_len; + uint32_t policydigest_len; unsigned char policydigest[MAX_DIGEST_SIZE]; uint32_t policyhandle; }; diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 0dcab20..90d6175 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -744,6 +744,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay, unsigned long handle; unsigned long lock; unsigned long token_mask = 0; + unsigned int digest_len; int i; int tpm2; @@ -752,7 +753,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay, return tpm2; opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1; - opt->digest_len = hash_digest_size[opt->hash]; while ((p = strsep(&c, " \t"))) { if (*p == '\0' || *p == ' ' || *p == '\t') @@ -812,8 +812,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay, for (i = 0; i < HASH_ALGO__LAST; i++) { if (!strcmp(args[0].from, hash_algo_name[i])) { opt->hash = i; - opt->digest_len = - hash_digest_size[opt->hash]; break; } } @@ -825,13 +823,14 @@ static int getoptions(char *c, struct trusted_key_payload *pay, } break; case Opt_policydigest: - if (!tpm2 || - strlen(args[0].from) != (2 * opt->digest_len)) + digest_len = hash_digest_size[opt->hash]; + if (!tpm2 || strlen(args[0].from) != (2 * digest_len)) return -EINVAL; res = hex2bin(opt->policydigest, args[0].from, - opt->digest_len); + digest_len); if (res < 0) return -EINVAL; + opt->policydigest_len = digest_len; break; case Opt_policyhandle: if (!tpm2)