From patchwork Thu Jan 28 23:56:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 12054787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30620C433E0 for ; Thu, 28 Jan 2021 23:57:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F03F764DFF for ; Thu, 28 Jan 2021 23:57:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229819AbhA1X5O (ORCPT ); Thu, 28 Jan 2021 18:57:14 -0500 Received: from mail.kernel.org ([198.145.29.99]:57446 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229530AbhA1X5N (ORCPT ); Thu, 28 Jan 2021 18:57:13 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 91BEC64DFF; Thu, 28 Jan 2021 23:56:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1611878192; bh=wP+Nl3jUZAq7xkUZsNf6xweQEVJK89APxRPIbA2w5io=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EGHJX1TlKVUnsL/qT5K44crE4XuWmKk6+KzBRnjQGUU2OgM0XfTQ62bzVlZTcs2Wt gh88uWFjEGevpaVY4T3dxN418TU0rnxu9ZHvysE7eSvw6ZghjxN6ASK/WXkLljrBQA B/0VzBDRYyQ6f3dycLmyO1eyQ28hf9PO7anBTStmzx4ND4I+25yb7jAt3jXL0GRIS1 P1mNb0f8J4Oi52L1n20EFhuTiy04LJuDTevdvCZHIav/DVMEprXMOp7Yk0W5HslWsf EgDOnRKMXxXfwNZE4FOEEPaS7oM4px0ySHjOB0jphBhDhO943+nnV2ap1SAJ0wMAl9 nmfbUgCQiOwlw== From: jarkko@kernel.org To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , stable@vger.kernel.org, Mimi Zohar , "James E.J. Bottomley" , David Howells , Kent Yoder , James Bottomley , James Morris , "Serge E. Hallyn" , David Safford , "H. Peter Anvin" Subject: [PATCH v5 1/3] KEYS: trusted: Fix incorrect handling of tpm_get_random() Date: Fri, 29 Jan 2021 01:56:19 +0200 Message-Id: <20210128235621.127925-2-jarkko@kernel.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210128235621.127925-1-jarkko@kernel.org> References: <20210128235621.127925-1-jarkko@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org From: Jarkko Sakkinen When tpm_get_random() was introduced, it defined the following API for the return value: 1. A positive value tells how many bytes of random data was generated. 2. A negative value on error. However, in the call sites the API was used incorrectly, i.e. as it would only return negative values and otherwise zero. Returning he positive read counts to the user space does not make any possible sense. Fix this by returning -EIO when tpm_get_random() returns a positive value. Fixes: 41ab999c80f1 ("tpm: Move tpm_get_random api into the TPM device driver") Cc: stable@vger.kernel.org Cc: Mimi Zohar Cc: "James E.J. Bottomley" Cc: David Howells Cc: Kent Yoder Signed-off-by: Jarkko Sakkinen Reviewed-by: Mimi Zohar --- security/keys/trusted-keys/trusted_tpm1.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c index 74d82093cbaa..204826b734ac 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -403,9 +403,12 @@ static int osap(struct tpm_buf *tb, struct osapsess *s, int ret; ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE); - if (ret != TPM_NONCE_SIZE) + if (ret < 0) return ret; + if (ret != TPM_NONCE_SIZE) + return -EIO; + tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_OSAP); tpm_buf_append_u16(tb, type); tpm_buf_append_u32(tb, handle); @@ -496,8 +499,12 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, goto out; ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE); + if (ret < 0) + return ret; + if (ret != TPM_NONCE_SIZE) - goto out; + return -EIO; + ordinal = htonl(TPM_ORD_SEAL); datsize = htonl(datalen); pcrsize = htonl(pcrinfosize); @@ -601,9 +608,12 @@ static int tpm_unseal(struct tpm_buf *tb, ordinal = htonl(TPM_ORD_UNSEAL); ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE); + if (ret < 0) + return ret; + if (ret != TPM_NONCE_SIZE) { pr_info("trusted_key: tpm_get_random failed (%d)\n", ret); - return ret; + return -EIO; } ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE, enonce1, nonceodd, cont, sizeof(uint32_t), @@ -1013,8 +1023,12 @@ static int trusted_instantiate(struct key *key, case Opt_new: key_len = payload->key_len; ret = tpm_get_random(chip, payload->key, key_len); + if (ret < 0) + goto out; + if (ret != key_len) { pr_info("trusted_key: key_create failed (%d)\n", ret); + ret = -EIO; goto out; } if (tpm2)