Re: [tpmdd-devel] [PATCH 1/4] tpm: check whether all digests have been provided for TPM 2.0 extend

Wed, 05 Apr 2017 05:12:46 -0700 

On Wed, Mar 29, 2017 at 12:24:49PM +0200, Roberto Sassu wrote:
> TCG mandates that all PCR banks must be extended during the same operation.
> tpm2_pcr_extend() will check whether all digests have been provided.
> 
> The check is necessary because tpm2_pcr_extend() will be called by a new
> function, allowing callers to provide a digest for each PCR bank.
> 
> Signed-off-by: Roberto Sassu <[email protected]>

When can this happen?

/Jarkko

> ---
>  drivers/char/tpm/tpm2-cmd.c | 23 +++++++++++++++++++++++
>  1 file changed, 23 insertions(+)
> 
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 881aea9..f4d534c 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -284,6 +284,26 @@ struct tpm2_null_auth_area {
>       __be16  auth_size;
>  } __packed;
>  
> +static bool tpm2_digests_all_banks(struct tpm_chip *chip, u32 count,
> +                                struct tpm2_digest *digests)
> +{
> +     int i, j;
> +
> +     for (i = 0; i < ARRAY_SIZE(chip->active_banks) &&
> +          chip->active_banks[i] != TPM2_ALG_ERROR; i++) {
> +             for (j = 0; j < count; j++)
> +                     if (digests[j].alg_id == chip->active_banks[i])
> +                             break;
> +             if (j == count) {
> +                     pr_err("missing TPM algorithm 0x%x\n",
> +                            chip->active_banks[i]);
> +                     return false;
> +             }
> +     }
> +
> +     return true;
> +}
> +

What if 'digests' contains the same 'alg_id' multiple times?

>  /**
>   * tpm2_pcr_extend() - extend a PCR value
>   *
> @@ -306,6 +326,9 @@ int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, 
> u32 count,
>       if (count > ARRAY_SIZE(chip->active_banks))
>               return -EINVAL;
>  
> +     if (!tpm2_digests_all_banks(chip, count, digests))
> +             return -EINVAL;
> +
>       rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
>       if (rc)
>               return rc;
> -- 
> 2.9.3
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Reply via email to