tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'tpmdd-next-v6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

Pull tpm updates from Jarkko Sakkinen:

- Disable TCG_TPM2_HMAC from defconfig

It causes performance issues, and breaks some atypical
configurations.

- simplify code using the new crypto library

- misc fixes and cleanups

* tag 'tpmdd-next-v6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
tpm: Prevent local DOS via tpm/tpm0/ppi/*operations
tpm: use a map for tpm2_calc_ordinal_duration()
tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
tpm: Use HMAC-SHA256 library instead of open-coded HMAC
tpm: Compare HMAC values in constant time
tpm: Disable TPM2_TCG_HMAC by default

Linus Torvalds 84d4e8b6 5472d60c

+137 -199
+2 -1
drivers/char/tpm/Kconfig
··· 29 29 30 30 config TCG_TPM2_HMAC 31 31 bool "Use HMAC and encrypted transactions on the TPM bus" 32 - default X86_64 32 + default n 33 33 select CRYPTO_ECDH 34 34 select CRYPTO_LIB_AESCFB 35 35 select CRYPTO_LIB_SHA256 36 + select CRYPTO_LIB_UTILS 36 37 help 37 38 Setting this causes us to deploy a scheme which uses request 38 39 and response HMACs in addition to encryption for
+1 -1
drivers/char/tpm/tpm-interface.c
··· 52 52 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 53 53 { 54 54 if (chip->flags & TPM_CHIP_FLAG_TPM2) 55 - return tpm2_calc_ordinal_duration(chip, ordinal); 55 + return tpm2_calc_ordinal_duration(ordinal); 56 56 else 57 57 return tpm1_calc_ordinal_duration(chip, ordinal); 58 58 }
+1 -1
drivers/char/tpm/tpm.h
··· 299 299 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip); 300 300 int tpm2_auto_startup(struct tpm_chip *chip); 301 301 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type); 302 - unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal); 302 + unsigned long tpm2_calc_ordinal_duration(u32 ordinal); 303 303 int tpm2_probe(struct tpm_chip *chip); 304 304 int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip); 305 305 int tpm2_find_cc(struct tpm_chip *chip, u32 cc);
+32 -95
drivers/char/tpm/tpm2-cmd.c
··· 28 28 29 29 int tpm2_get_timeouts(struct tpm_chip *chip) 30 30 { 31 - /* Fixed timeouts for TPM2 */ 32 31 chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A); 33 32 chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B); 34 33 chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C); 35 34 chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D); 36 - 37 - /* PTP spec timeouts */ 38 - chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT); 39 - chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM); 40 - chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG); 41 - 42 - /* Key creation commands long timeouts */ 43 - chip->duration[TPM_LONG_LONG] = 44 - msecs_to_jiffies(TPM2_DURATION_LONG_LONG); 45 - 46 35 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 47 - 48 36 return 0; 49 37 } 50 38 51 - /** 52 - * tpm2_ordinal_duration_index() - returns an index to the chip duration table 53 - * @ordinal: TPM command ordinal. 54 - * 55 - * The function returns an index to the chip duration table 56 - * (enum tpm_duration), that describes the maximum amount of 57 - * time the chip could take to return the result for a particular ordinal. 58 - * 59 - * The values of the MEDIUM, and LONG durations are taken 60 - * from the PC Client Profile (PTP) specification (750, 2000 msec) 61 - * 62 - * LONG_LONG is for commands that generates keys which empirically takes 63 - * a longer time on some systems. 64 - * 65 - * Return: 66 - * * TPM_MEDIUM 67 - * * TPM_LONG 68 - * * TPM_LONG_LONG 69 - * * TPM_UNDEFINED 39 + /* 40 + * Contains the maximum durations in milliseconds for TPM2 commands. 70 41 */ 71 - static u8 tpm2_ordinal_duration_index(u32 ordinal) 72 - { 73 - switch (ordinal) { 74 - /* Startup */ 75 - case TPM2_CC_STARTUP: /* 144 */ 76 - return TPM_MEDIUM; 77 - 78 - case TPM2_CC_SELF_TEST: /* 143 */ 79 - return TPM_LONG; 80 - 81 - case TPM2_CC_GET_RANDOM: /* 17B */ 82 - return TPM_LONG; 83 - 84 - case TPM2_CC_SEQUENCE_UPDATE: /* 15C */ 85 - return TPM_MEDIUM; 86 - case TPM2_CC_SEQUENCE_COMPLETE: /* 13E */ 87 - return TPM_MEDIUM; 88 - case TPM2_CC_EVENT_SEQUENCE_COMPLETE: /* 185 */ 89 - return TPM_MEDIUM; 90 - case TPM2_CC_HASH_SEQUENCE_START: /* 186 */ 91 - return TPM_MEDIUM; 92 - 93 - case TPM2_CC_VERIFY_SIGNATURE: /* 177 */ 94 - return TPM_LONG_LONG; 95 - 96 - case TPM2_CC_PCR_EXTEND: /* 182 */ 97 - return TPM_MEDIUM; 98 - 99 - case TPM2_CC_HIERARCHY_CONTROL: /* 121 */ 100 - return TPM_LONG; 101 - case TPM2_CC_HIERARCHY_CHANGE_AUTH: /* 129 */ 102 - return TPM_LONG; 103 - 104 - case TPM2_CC_GET_CAPABILITY: /* 17A */ 105 - return TPM_MEDIUM; 106 - 107 - case TPM2_CC_NV_READ: /* 14E */ 108 - return TPM_LONG; 109 - 110 - case TPM2_CC_CREATE_PRIMARY: /* 131 */ 111 - return TPM_LONG_LONG; 112 - case TPM2_CC_CREATE: /* 153 */ 113 - return TPM_LONG_LONG; 114 - case TPM2_CC_CREATE_LOADED: /* 191 */ 115 - return TPM_LONG_LONG; 116 - 117 - default: 118 - return TPM_UNDEFINED; 119 - } 120 - } 42 + static const struct { 43 + unsigned long ordinal; 44 + unsigned long duration; 45 + } tpm2_ordinal_duration_map[] = { 46 + {TPM2_CC_STARTUP, 750}, 47 + {TPM2_CC_SELF_TEST, 3000}, 48 + {TPM2_CC_GET_RANDOM, 2000}, 49 + {TPM2_CC_SEQUENCE_UPDATE, 750}, 50 + {TPM2_CC_SEQUENCE_COMPLETE, 750}, 51 + {TPM2_CC_EVENT_SEQUENCE_COMPLETE, 750}, 52 + {TPM2_CC_HASH_SEQUENCE_START, 750}, 53 + {TPM2_CC_VERIFY_SIGNATURE, 30000}, 54 + {TPM2_CC_PCR_EXTEND, 750}, 55 + {TPM2_CC_HIERARCHY_CONTROL, 2000}, 56 + {TPM2_CC_HIERARCHY_CHANGE_AUTH, 2000}, 57 + {TPM2_CC_GET_CAPABILITY, 750}, 58 + {TPM2_CC_NV_READ, 2000}, 59 + {TPM2_CC_CREATE_PRIMARY, 30000}, 60 + {TPM2_CC_CREATE, 30000}, 61 + {TPM2_CC_CREATE_LOADED, 30000}, 62 + }; 121 63 122 64 /** 123 - * tpm2_calc_ordinal_duration() - calculate the maximum command duration 124 - * @chip: TPM chip to use. 65 + * tpm2_calc_ordinal_duration() - Calculate the maximum command duration 125 66 * @ordinal: TPM command ordinal. 126 67 * 127 - * The function returns the maximum amount of time the chip could take 128 - * to return the result for a particular ordinal in jiffies. 129 - * 130 - * Return: A maximal duration time for an ordinal in jiffies. 68 + * Returns the maximum amount of time the chip is expected by kernel to 69 + * take in jiffies. 131 70 */ 132 - unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 71 + unsigned long tpm2_calc_ordinal_duration(u32 ordinal) 133 72 { 134 - unsigned int index; 73 + int i; 135 74 136 - index = tpm2_ordinal_duration_index(ordinal); 75 + for (i = 0; i < ARRAY_SIZE(tpm2_ordinal_duration_map); i++) 76 + if (ordinal == tpm2_ordinal_duration_map[i].ordinal) 77 + return msecs_to_jiffies(tpm2_ordinal_duration_map[i].duration); 137 78 138 - if (index != TPM_UNDEFINED) 139 - return chip->duration[index]; 140 - else 141 - return msecs_to_jiffies(TPM2_DURATION_DEFAULT); 79 + return msecs_to_jiffies(TPM2_DURATION_DEFAULT); 142 80 } 143 - 144 81 145 82 struct tpm2_pcr_read_out { 146 83 __be32 update_cnt;
+30 -74
drivers/char/tpm/tpm2-sessions.c
··· 69 69 #include <linux/unaligned.h> 70 70 #include <crypto/kpp.h> 71 71 #include <crypto/ecdh.h> 72 - #include <crypto/hash.h> 73 - #include <crypto/hmac.h> 72 + #include <crypto/sha2.h> 73 + #include <crypto/utils.h> 74 74 75 75 /* maximum number of names the TPM must remember for authorization */ 76 76 #define AUTH_MAX_NAMES 3 ··· 385 385 u32 *handle, u8 *name); 386 386 387 387 /* 388 - * It turns out the crypto hmac(sha256) is hard for us to consume 389 - * because it assumes a fixed key and the TPM seems to change the key 390 - * on every operation, so we weld the hmac init and final functions in 391 - * here to give it the same usage characteristics as a regular hash 392 - */ 393 - static void tpm2_hmac_init(struct sha256_ctx *sctx, u8 *key, u32 key_len) 394 - { 395 - u8 pad[SHA256_BLOCK_SIZE]; 396 - int i; 397 - 398 - sha256_init(sctx); 399 - for (i = 0; i < sizeof(pad); i++) { 400 - if (i < key_len) 401 - pad[i] = key[i]; 402 - else 403 - pad[i] = 0; 404 - pad[i] ^= HMAC_IPAD_VALUE; 405 - } 406 - sha256_update(sctx, pad, sizeof(pad)); 407 - } 408 - 409 - static void tpm2_hmac_final(struct sha256_ctx *sctx, u8 *key, u32 key_len, 410 - u8 *out) 411 - { 412 - u8 pad[SHA256_BLOCK_SIZE]; 413 - int i; 414 - 415 - for (i = 0; i < sizeof(pad); i++) { 416 - if (i < key_len) 417 - pad[i] = key[i]; 418 - else 419 - pad[i] = 0; 420 - pad[i] ^= HMAC_OPAD_VALUE; 421 - } 422 - 423 - /* collect the final hash; use out as temporary storage */ 424 - sha256_final(sctx, out); 425 - 426 - sha256_init(sctx); 427 - sha256_update(sctx, pad, sizeof(pad)); 428 - sha256_update(sctx, out, SHA256_DIGEST_SIZE); 429 - sha256_final(sctx, out); 430 - } 431 - 432 - /* 433 388 * assume hash sha256 and nonces u, v of size SHA256_DIGEST_SIZE but 434 389 * otherwise standard tpm2_KDFa. Note output is in bytes not bits. 435 390 */ ··· 395 440 const __be32 bits = cpu_to_be32(bytes * 8); 396 441 397 442 while (bytes > 0) { 398 - struct sha256_ctx sctx; 443 + struct hmac_sha256_ctx hctx; 399 444 __be32 c = cpu_to_be32(counter); 400 445 401 - tpm2_hmac_init(&sctx, key, key_len); 402 - sha256_update(&sctx, (u8 *)&c, sizeof(c)); 403 - sha256_update(&sctx, label, strlen(label)+1); 404 - sha256_update(&sctx, u, SHA256_DIGEST_SIZE); 405 - sha256_update(&sctx, v, SHA256_DIGEST_SIZE); 406 - sha256_update(&sctx, (u8 *)&bits, sizeof(bits)); 407 - tpm2_hmac_final(&sctx, key, key_len, out); 446 + hmac_sha256_init_usingrawkey(&hctx, key, key_len); 447 + hmac_sha256_update(&hctx, (u8 *)&c, sizeof(c)); 448 + hmac_sha256_update(&hctx, label, strlen(label) + 1); 449 + hmac_sha256_update(&hctx, u, SHA256_DIGEST_SIZE); 450 + hmac_sha256_update(&hctx, v, SHA256_DIGEST_SIZE); 451 + hmac_sha256_update(&hctx, (u8 *)&bits, sizeof(bits)); 452 + hmac_sha256_final(&hctx, out); 408 453 409 454 bytes -= SHA256_DIGEST_SIZE; 410 455 counter++; ··· 548 593 u32 attrs; 549 594 u8 cphash[SHA256_DIGEST_SIZE]; 550 595 struct sha256_ctx sctx; 596 + struct hmac_sha256_ctx hctx; 551 597 552 598 if (!auth) 553 599 return; ··· 660 704 sha256_final(&sctx, cphash); 661 705 662 706 /* now calculate the hmac */ 663 - tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key) 664 - + auth->passphrase_len); 665 - sha256_update(&sctx, cphash, sizeof(cphash)); 666 - sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce)); 667 - sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); 668 - sha256_update(&sctx, &auth->attrs, 1); 669 - tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key) 670 - + auth->passphrase_len, hmac); 707 + hmac_sha256_init_usingrawkey(&hctx, auth->session_key, 708 + sizeof(auth->session_key) + 709 + auth->passphrase_len); 710 + hmac_sha256_update(&hctx, cphash, sizeof(cphash)); 711 + hmac_sha256_update(&hctx, auth->our_nonce, sizeof(auth->our_nonce)); 712 + hmac_sha256_update(&hctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); 713 + hmac_sha256_update(&hctx, &auth->attrs, 1); 714 + hmac_sha256_final(&hctx, hmac); 671 715 } 672 716 EXPORT_SYMBOL(tpm_buf_fill_hmac_session); 673 717 ··· 707 751 u8 rphash[SHA256_DIGEST_SIZE]; 708 752 u32 attrs, cc; 709 753 struct sha256_ctx sctx; 754 + struct hmac_sha256_ctx hctx; 710 755 u16 tag = be16_to_cpu(head->tag); 711 756 int parm_len, len, i, handles; 712 757 ··· 777 820 sha256_final(&sctx, rphash); 778 821 779 822 /* now calculate the hmac */ 780 - tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key) 781 - + auth->passphrase_len); 782 - sha256_update(&sctx, rphash, sizeof(rphash)); 783 - sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); 784 - sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce)); 785 - sha256_update(&sctx, &auth->attrs, 1); 823 + hmac_sha256_init_usingrawkey(&hctx, auth->session_key, 824 + sizeof(auth->session_key) + 825 + auth->passphrase_len); 826 + hmac_sha256_update(&hctx, rphash, sizeof(rphash)); 827 + hmac_sha256_update(&hctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); 828 + hmac_sha256_update(&hctx, auth->our_nonce, sizeof(auth->our_nonce)); 829 + hmac_sha256_update(&hctx, &auth->attrs, 1); 786 830 /* we're done with the rphash, so put our idea of the hmac there */ 787 - tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key) 788 - + auth->passphrase_len, rphash); 789 - if (memcmp(rphash, &buf->data[offset_s], SHA256_DIGEST_SIZE) == 0) { 790 - rc = 0; 791 - } else { 831 + hmac_sha256_final(&hctx, rphash); 832 + if (crypto_memneq(rphash, &buf->data[offset_s], SHA256_DIGEST_SIZE)) { 792 833 dev_err(&chip->dev, "TPM: HMAC check failed\n"); 793 834 goto out; 794 835 } 836 + rc = 0; 795 837 796 838 /* now do response decryption */ 797 839 if (auth->attrs & TPM2_SA_ENCRYPT) {
+66 -23
drivers/char/tpm/tpm_ppi.c
··· 33 33 GUID_INIT(0x3DDDFAA6, 0x361B, 0x4EB4, 34 34 0xA4, 0x24, 0x8D, 0x10, 0x08, 0x9D, 0x16, 0x53); 35 35 36 + static const char * const tpm_ppi_info[] = { 37 + "Not implemented", 38 + "BIOS only", 39 + "Blocked for OS by system firmware", 40 + "User required", 41 + "User not required", 42 + }; 43 + 44 + /* A spinlock to protect access to the cache from concurrent reads */ 45 + static DEFINE_MUTEX(tpm_ppi_lock); 46 + 47 + static u32 ppi_operations_cache[PPI_VS_REQ_END + 1]; 48 + static bool ppi_cache_populated; 49 + 36 50 static bool tpm_ppi_req_has_parameter(u64 req) 37 51 { 38 52 return req == 23; ··· 291 277 return status; 292 278 } 293 279 294 - static ssize_t show_ppi_operations(acpi_handle dev_handle, char *buf, u32 start, 295 - u32 end) 280 + static ssize_t cache_ppi_operations(acpi_handle dev_handle, char *buf) 296 281 { 297 282 int i; 298 283 u32 ret; ··· 299 286 union acpi_object *obj, tmp; 300 287 union acpi_object argv = ACPI_INIT_DSM_ARGV4(1, &tmp); 301 288 302 - static char *info[] = { 303 - "Not implemented", 304 - "BIOS only", 305 - "Blocked for OS by BIOS", 306 - "User required", 307 - "User not required", 308 - }; 309 - 310 289 if (!acpi_check_dsm(dev_handle, &tpm_ppi_guid, TPM_PPI_REVISION_ID_1, 311 290 1 << TPM_PPI_FN_GETOPR)) 312 291 return -EPERM; 313 292 314 293 tmp.integer.type = ACPI_TYPE_INTEGER; 315 - for (i = start; i <= end; i++) { 294 + for (i = 0; i <= PPI_VS_REQ_END; i++) { 316 295 tmp.integer.value = i; 317 296 obj = tpm_eval_dsm(dev_handle, TPM_PPI_FN_GETOPR, 318 297 ACPI_TYPE_INTEGER, &argv, 319 298 TPM_PPI_REVISION_ID_1); 320 - if (!obj) { 299 + if (!obj) 321 300 return -ENOMEM; 322 - } else { 323 - ret = obj->integer.value; 324 - ACPI_FREE(obj); 325 - } 326 301 327 - if (ret > 0 && ret < ARRAY_SIZE(info)) 328 - len += sysfs_emit_at(buf, len, "%d %d: %s\n", 329 - i, ret, info[ret]); 302 + ret = obj->integer.value; 303 + ppi_operations_cache[i] = ret; 304 + ACPI_FREE(obj); 330 305 } 331 306 332 307 return len; ··· 325 324 char *buf) 326 325 { 327 326 struct tpm_chip *chip = to_tpm_chip(dev); 327 + ssize_t len = 0; 328 + u32 ret; 329 + int i; 328 330 329 - return show_ppi_operations(chip->acpi_dev_handle, buf, 0, 330 - PPI_TPM_REQ_MAX); 331 + mutex_lock(&tpm_ppi_lock); 332 + if (!ppi_cache_populated) { 333 + len = cache_ppi_operations(chip->acpi_dev_handle, buf); 334 + if (len < 0) { 335 + mutex_unlock(&tpm_ppi_lock); 336 + return len; 337 + } 338 + 339 + ppi_cache_populated = true; 340 + } 341 + 342 + for (i = 0; i <= PPI_TPM_REQ_MAX; i++) { 343 + ret = ppi_operations_cache[i]; 344 + if (ret >= 0 && ret < ARRAY_SIZE(tpm_ppi_info)) 345 + len += sysfs_emit_at(buf, len, "%d %d: %s\n", 346 + i, ret, tpm_ppi_info[ret]); 347 + } 348 + mutex_unlock(&tpm_ppi_lock); 349 + 350 + return len; 331 351 } 332 352 333 353 static ssize_t tpm_show_ppi_vs_operations(struct device *dev, ··· 356 334 char *buf) 357 335 { 358 336 struct tpm_chip *chip = to_tpm_chip(dev); 337 + ssize_t len = 0; 338 + u32 ret; 339 + int i; 359 340 360 - return show_ppi_operations(chip->acpi_dev_handle, buf, PPI_VS_REQ_START, 361 - PPI_VS_REQ_END); 341 + mutex_lock(&tpm_ppi_lock); 342 + if (!ppi_cache_populated) { 343 + len = cache_ppi_operations(chip->acpi_dev_handle, buf); 344 + if (len < 0) { 345 + mutex_unlock(&tpm_ppi_lock); 346 + return len; 347 + } 348 + 349 + ppi_cache_populated = true; 350 + } 351 + 352 + for (i = PPI_VS_REQ_START; i <= PPI_VS_REQ_END; i++) { 353 + ret = ppi_operations_cache[i]; 354 + if (ret >= 0 && ret < ARRAY_SIZE(tpm_ppi_info)) 355 + len += sysfs_emit_at(buf, len, "%d %d: %s\n", 356 + i, ret, tpm_ppi_info[ret]); 357 + } 358 + mutex_unlock(&tpm_ppi_lock); 359 + 360 + return len; 362 361 } 363 362 364 363 static DEVICE_ATTR(version, S_IRUGO, tpm_show_ppi_version, NULL);
+2 -2
drivers/char/tpm/tpm_tis_core.c
··· 978 978 * will call disable_irq which undoes all of the above. 979 979 */ 980 980 if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) { 981 - tpm_tis_write8(priv, original_int_vec, 982 - TPM_INT_VECTOR(priv->locality)); 981 + tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), 982 + original_int_vec); 983 983 rc = -1; 984 984 } 985 985
+3 -2
include/linux/tpm.h
··· 228 228 TPM2_TIMEOUT_B = 4000, 229 229 TPM2_TIMEOUT_C = 200, 230 230 TPM2_TIMEOUT_D = 30, 231 + }; 232 + 233 + enum tpm2_durations { 231 234 TPM2_DURATION_SHORT = 20, 232 - TPM2_DURATION_MEDIUM = 750, 233 235 TPM2_DURATION_LONG = 2000, 234 - TPM2_DURATION_LONG_LONG = 300000, 235 236 TPM2_DURATION_DEFAULT = 120000, 236 237 }; 237 238