From patchwork Fri Jun 23 13:41:56 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 9806613 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 386ED60349 for ; Fri, 23 Jun 2017 13:43:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2767827480 for ; Fri, 23 Jun 2017 13:43:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1C5682877A; Fri, 23 Jun 2017 13:43:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 91EEB27480 for ; Fri, 23 Jun 2017 13:43:27 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1dOOru-0005C2-Lz; Fri, 23 Jun 2017 13:43:26 +0000 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1dOOrs-0005Bo-LG; Fri, 23 Jun 2017 13:43:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=1k6fMlMbtlsEHBxJAmURiGEkQ5TBSV6YhWeDv9WVLOk=; b=lK9rhx56olEqytGQQST0IbYgt/nF6qOkjgO1oYx62LLQrurPaVUeRp/A6bVf77XRENO89f5z4q/E3yo30dp8C+HrvoNNdQCGT2kvRebBPtlQgneuGkkj/VdSlTUqtLbWZsB3pL52HsW6DVTebjJkAfj9uz2larUUFOYJcO2f/3o=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x; h=Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=1k6fMlMbtlsEHBxJAmURiGEkQ5TBSV6YhWeDv9WVLOk=; b=jf7I24kQOGCVrHTnTAlVrMPKn0Q+YZt1BGGooXTk4AYgn6dsYTL9szzLHEvGVm1Hxr5X0goCO/WWa02IXp6X/tBj5N3QzH493SYtb3gL0nveC+201qt7ZuHbsXaNTesvj31vk2gDvKteESuBwkqyXvST0gw+VUEu92q1ERKYdYU=; Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of huawei.com designates 194.213.3.17 as permitted sender) client-ip=194.213.3.17; envelope-from=roberto.sassu@huawei.com; helo=lhrrgout.huawei.com; Received: from lhrrgout.huawei.com ([194.213.3.17]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1dOOrp-00062F-V4; Fri, 23 Jun 2017 13:43:24 +0000 Received: from 172.18.7.190 (EHLO lhreml702-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DJB57711; Fri, 23 Jun 2017 13:43:13 +0000 (GMT) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.245) by smtpsuk.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.301.0; Fri, 23 Jun 2017 14:43:03 +0100 From: Roberto Sassu To: Date: Fri, 23 Jun 2017 15:41:56 +0200 Message-ID: <20170623134157.30399-2-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170623134157.30399-1-roberto.sassu@huawei.com> References: <20170623134157.30399-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.65.245] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.594D1AF1.006F, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: ee83344408701e79b93efc66b31e00c7 X-Headers-End: 1dOOrp-00062F-V4 Subject: [tpmdd-devel] [PATCH 1/2] tpm: use tpm_buf functions in tpm2_pcr_read() X-BeenThere: tpmdd-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: Tpm Device Driver maintainance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Errors-To: tpmdd-devel-bounces@lists.sourceforge.net X-Virus-Scanned: ClamAV using ClamSMTP tpm2_pcr_read() now builds the PCR read command buffer with tpm_buf functions. This solution is preferred to using a tpm2_cmd structure, as tpm_buf functions provide protection against buffer overflow. Signed-off-by: Roberto Sassu Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen --- drivers/char/tpm/tpm2-cmd.c | 60 ++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 3a99643..fdce77d 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -42,17 +42,6 @@ struct tpm2_pcr_read_in { u8 pcr_select[TPM2_PCR_SELECT_MIN]; } __packed; -struct tpm2_pcr_read_out { - __be32 update_cnt; - __be32 pcr_selects_cnt; - __be16 hash_alg; - u8 pcr_select_size; - u8 pcr_select[TPM2_PCR_SELECT_MIN]; - __be32 digests_cnt; - __be16 digest_size; - u8 digest[TPM_DIGEST_SIZE]; -} __packed; - struct tpm2_get_tpm_pt_in { __be32 cap_id; __be32 property_id; @@ -80,7 +69,6 @@ union tpm2_cmd_params { struct tpm2_startup_in startup_in; struct tpm2_self_test_in selftest_in; struct tpm2_pcr_read_in pcrread_in; - struct tpm2_pcr_read_out pcrread_out; struct tpm2_get_tpm_pt_in get_tpm_pt_in; struct tpm2_get_tpm_pt_out get_tpm_pt_out; struct tpm2_get_random_in getrandom_in; @@ -231,15 +219,23 @@ static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = { (sizeof(struct tpm_input_header) + \ sizeof(struct tpm2_pcr_read_in)) -#define TPM2_PCR_READ_RESP_BODY_SIZE \ - sizeof(struct tpm2_pcr_read_out) - static const struct tpm_input_header tpm2_pcrread_header = { .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), .length = cpu_to_be32(TPM2_PCR_READ_IN_SIZE), .ordinal = cpu_to_be32(TPM2_CC_PCR_READ) }; +struct tpm2_pcr_read_out { + __be32 update_cnt; + __be32 pcr_selects_cnt; + __be16 hash_alg; + u8 pcr_select_size; + u8 pcr_select[TPM2_PCR_SELECT_MIN]; + __be32 digests_cnt; + __be16 digest_size; + u8 digest[]; +} __packed; + /** * tpm2_pcr_read() - read a PCR value * @chip: TPM chip to use. @@ -251,29 +247,33 @@ static const struct tpm_input_header tpm2_pcrread_header = { int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) { int rc; - struct tpm2_cmd cmd; - u8 *buf; + struct tpm_buf buf; + struct tpm2_pcr_read_out *out; + u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; if (pcr_idx >= TPM2_PLATFORM_PCR) return -EINVAL; - cmd.header.in = tpm2_pcrread_header; - cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1); - cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); - cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN; + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); + if (rc) + return rc; - memset(cmd.params.pcrread_in.pcr_select, 0, - sizeof(cmd.params.pcrread_in.pcr_select)); - cmd.params.pcrread_in.pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); + pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); - rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), - TPM2_PCR_READ_RESP_BODY_SIZE, - 0, "attempting to read a pcr value"); - if (rc == 0) { - buf = cmd.params.pcrread_out.digest; - memcpy(res_buf, buf, TPM_DIGEST_SIZE); + tpm_buf_append_u32(&buf, 1); + tpm_buf_append_u16(&buf, TPM2_ALG_SHA1); + tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN); + tpm_buf_append(&buf, (const unsigned char *)pcr_select, + sizeof(pcr_select)); + + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, + res_buf ? "attempting to read a pcr value" : NULL); + if (rc == 0 && res_buf) { + out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; + memcpy(res_buf, out->digest, SHA1_DIGEST_SIZE); } + tpm_buf_destroy(&buf); return rc; }