From nobody Sun Oct 5 03:35:10 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9D412BE02B; Sat, 9 Aug 2025 17:20:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754760002; cv=none; b=AY4dw/NI4tjRSdXux8BaHUwRBF2/3SQ8lyqhm8tQ1+Uogqx11ijzp9ZPe3s8HSIukIv0EZOTx+3Loj2XD9iqf03hI1ZD3pr+pU0bnSSHkq6/8odcQh30TFk2lfiI5jO3rN5bVTFZP0eXpcHNGxV7HU71D7AQwq3V0O7c7vEWfsY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754760002; c=relaxed/simple; bh=p4VgDCfNWSwQmiD28FtKXM90bkB1udf6+XynMyDdr6k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CqEJ8Emst99ysGhIsOhR3vgTDY118Dk22KkXudGQIJI2kLB/apukfIYGWFzSlf0JI4qadHM/3ebT1NEFGlnbEIo2vt3Tq7l1fqSN/hQwX7MBri30nAXtRx7yGiOakJRQblf3x/GjB6eMq/cOXeMreR1E2HTqukIjo7T+nUGdBsc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CfYC63TP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CfYC63TP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17C7AC4CEF8; Sat, 9 Aug 2025 17:20:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1754760001; bh=p4VgDCfNWSwQmiD28FtKXM90bkB1udf6+XynMyDdr6k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CfYC63TP5BjHYMCPX8V7fJF6xx+RVIMDuEm0ItZv5xU9MPTjUwgm2AOhCJ5d7RFBp Nx/wMKtaN4jWGzpsRFp7ZrxDM6vjFwl5PXUHpsv+Iuff7S8yWLRSJ2vYoOBWuVfmY+ FOxEf4uOOzJaKX00+wohpogDJYA0ygBg6Y/oxpAEXiaZmyyS7avHzBJbm9+vpOKpPS A3Rt+eECoHhVyE22npWrIyXNLspewgl4ZpN7lHedeUtJlcR9PgPE57RDjU2Mb/kI0f 2AORBgshDEQkOYDNZgmePWV1vU2nWV6c5MNBpi++i0MuG4IjYVNDYKTH6csi7LBnrk FND7CKwnIwqfw== From: Eric Biggers To: James Bottomley , Jarkko Sakkinen , Mimi Zohar , keyrings@vger.kernel.org Cc: David Howells , linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Biggers , stable@vger.kernel.org Subject: [PATCH v2 1/3] KEYS: trusted_tpm1: Compare HMAC values in constant time Date: Sat, 9 Aug 2025 10:19:39 -0700 Message-ID: <20250809171941.5497-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250809171941.5497-1-ebiggers@kernel.org> References: <20250809171941.5497-1-ebiggers@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" To prevent timing attacks, HMAC value comparison needs to be constant time. Replace the memcmp() with the correct function, crypto_memneq(). [For the Fixes commit I used the commit that introduced the memcmp(). It predates the introduction of crypto_memneq(), but it was still a bug at the time even though a helper function didn't exist yet.] Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers Reviewed-by: Jarkko Sakkinen --- security/keys/trusted-keys/trusted_tpm1.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trus= ted-keys/trusted_tpm1.c index 89c9798d18007..e73f2c6c817a0 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -5,10 +5,11 @@ * * See Documentation/security/keys/trusted-encrypted.rst */ =20 #include +#include #include #include #include #include #include @@ -239,11 +240,11 @@ int TSS_checkhmac1(unsigned char *buffer, TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce, 1, continueflag, 0, 0); if (ret < 0) goto out; =20 - if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) + if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) ret =3D -EINVAL; out: kfree_sensitive(sdesc); return ret; } @@ -332,20 +333,20 @@ static int TSS_checkhmac2(unsigned char *buffer, ret =3D TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, enonce1, TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); if (ret < 0) goto out; - if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { + if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { ret =3D -EINVAL; goto out; } ret =3D TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, enonce2, TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); if (ret < 0) goto out; - if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) + if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE)) ret =3D -EINVAL; out: kfree_sensitive(sdesc); return ret; } --=20 2.50.1 From nobody Sun Oct 5 03:35:10 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B98D2BF002; Sat, 9 Aug 2025 17:20:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754760002; cv=none; b=WKLdgMZOqTc0tZen+E+lc6f2mlDfXBiiUJKzxm4bkPi6pGfJ2LedfglLUJabW+z4fFcULALDH69d8T0m6rbMuJ0Rg3A6M8kY46wuvMZTivV2pdJn+20jt6DcYs8WWAFFS0fpIPtOIW3HT3OOkd88gNM/esLVW4ZW8hyZ5I8ZGA4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754760002; c=relaxed/simple; bh=dR6vOMWEPjhlmZbolXrf+iI1lHaDLDgIIZ4iN8Ge0KQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=krk+YI8JYzYebbFMDIiqRIW1MXsoFIUojPHTcFWc/Q/RbD2PPauMBgo+FttkyjbVaOv3vT30+CQ8GAGVWfvecfr0AwzsDLvb/tvva1SdcjMTcon+7oacBjFnfPA8vvlrxElqieynh3E4OxJzYBXCipQc1gSgSxYeyLgHuMbd3+A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JeB9KgOi; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JeB9KgOi" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A8F4FC4CEF6; Sat, 9 Aug 2025 17:20:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1754760002; bh=dR6vOMWEPjhlmZbolXrf+iI1lHaDLDgIIZ4iN8Ge0KQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JeB9KgOiBWsUUmQHD3B0bdXi52vlaT7pDlZL6bpU0kOZk2jipvoWghhP0A4OtjFF7 B+NUEOG9NvGvJDBoxxCQdiDz8GOVhlCHz7JYcg8nAxC6Z/m+IS/g6wn3rlGSsh5uuS ljo3PceaFCQ8uhy6DoXB5f+9zxpLvGnXogleh/5s+MMny+x3hq5P7BOW7Mh3DrdxAY NjgsSncpArtu4GH2dkez5TTBxsi4NbUkI3J2uQ8UTh3EhSoFBK6voYv76lVjE1MsVR I51p2ALryL2Jw5rWotil/VInCXW2PB3vCBQed47iY9CfGVcgqAgZga0SKYBSHjL13Y j6FkLc6ZKyT8Q== From: Eric Biggers To: James Bottomley , Jarkko Sakkinen , Mimi Zohar , keyrings@vger.kernel.org Cc: David Howells , linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH v2 2/3] KEYS: trusted_tpm1: Use SHA-1 library instead of crypto_shash Date: Sat, 9 Aug 2025 10:19:40 -0700 Message-ID: <20250809171941.5497-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250809171941.5497-1-ebiggers@kernel.org> References: <20250809171941.5497-1-ebiggers@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use the SHA-1 and HMAC-SHA1 library functions instead of crypto_shash. This is simpler and faster. Replace the selection of CRYPTO, CRYPTO_HMAC, and CRYPTO_SHA1 with CRYPTO_LIB_SHA1 and CRYPTO_LIB_UTILS. The latter is needed for crypto_memneq() which was previously being pulled in via CRYPTO. Reviewed-by: Jarkko Sakkinen Signed-off-by: Eric Biggers --- security/keys/trusted-keys/Kconfig | 5 +- security/keys/trusted-keys/trusted_tpm1.c | 221 ++++------------------ 2 files changed, 36 insertions(+), 190 deletions(-) diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-key= s/Kconfig index 1fb8aa0019953..204a68c1429df 100644 --- a/security/keys/trusted-keys/Kconfig +++ b/security/keys/trusted-keys/Kconfig @@ -3,14 +3,13 @@ config HAVE_TRUSTED_KEYS =20 config TRUSTED_KEYS_TPM bool "TPM-based trusted keys" depends on TCG_TPM >=3D TRUSTED_KEYS default y - select CRYPTO - select CRYPTO_HMAC - select CRYPTO_SHA1 select CRYPTO_HASH_INFO + select CRYPTO_LIB_SHA1 + select CRYPTO_LIB_UTILS select ASN1_ENCODER select OID_REGISTRY select ASN1 select HAVE_TRUSTED_KEYS help diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trus= ted-keys/trusted_tpm1.c index e73f2c6c817a0..126437459a74d 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -5,90 +5,37 @@ * * See Documentation/security/keys/trusted-encrypted.rst */ =20 #include +#include #include #include #include #include #include #include #include #include -#include -#include -#include #include #include =20 #include =20 -static const char hmac_alg[] =3D "hmac(sha1)"; -static const char hash_alg[] =3D "sha1"; static struct tpm_chip *chip; static struct tpm_digest *digests; =20 -struct sdesc { - struct shash_desc shash; - char ctx[]; -}; - -static struct crypto_shash *hashalg; -static struct crypto_shash *hmacalg; - -static struct sdesc *init_sdesc(struct crypto_shash *alg) -{ - struct sdesc *sdesc; - int size; - - size =3D sizeof(struct shash_desc) + crypto_shash_descsize(alg); - sdesc =3D kmalloc(size, GFP_KERNEL); - if (!sdesc) - return ERR_PTR(-ENOMEM); - sdesc->shash.tfm =3D alg; - return sdesc; -} - -static int TSS_sha1(const unsigned char *data, unsigned int datalen, - unsigned char *digest) -{ - struct sdesc *sdesc; - int ret; - - sdesc =3D init_sdesc(hashalg); - if (IS_ERR(sdesc)) { - pr_info("can't alloc %s\n", hash_alg); - return PTR_ERR(sdesc); - } - - ret =3D crypto_shash_digest(&sdesc->shash, data, datalen, digest); - kfree_sensitive(sdesc); - return ret; -} - static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...) { - struct sdesc *sdesc; + struct hmac_sha1_ctx hmac_ctx; va_list argp; unsigned int dlen; unsigned char *data; - int ret; - - sdesc =3D init_sdesc(hmacalg); - if (IS_ERR(sdesc)) { - pr_info("can't alloc %s\n", hmac_alg); - return PTR_ERR(sdesc); - } + int ret =3D 0; =20 - ret =3D crypto_shash_setkey(hmacalg, key, keylen); - if (ret < 0) - goto out; - ret =3D crypto_shash_init(&sdesc->shash); - if (ret < 0) - goto out; + hmac_sha1_init_usingrawkey(&hmac_ctx, key, keylen); =20 va_start(argp, keylen); for (;;) { dlen =3D va_arg(argp, unsigned int); if (dlen =3D=3D 0) @@ -96,19 +43,15 @@ static int TSS_rawhmac(unsigned char *digest, const uns= igned char *key, data =3D va_arg(argp, unsigned char *); if (data =3D=3D NULL) { ret =3D -EINVAL; break; } - ret =3D crypto_shash_update(&sdesc->shash, data, dlen); - if (ret < 0) - break; + hmac_sha1_update(&hmac_ctx, data, dlen); } va_end(argp); if (!ret) - ret =3D crypto_shash_final(&sdesc->shash, digest); -out: - kfree_sensitive(sdesc); + hmac_sha1_final(&hmac_ctx, digest); return ret; } =20 /* * calculate authorization info fields to send to TPM @@ -116,53 +59,41 @@ static int TSS_rawhmac(unsigned char *digest, const un= signed char *key, int TSS_authhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, unsigned char *h1, unsigned char *h2, unsigned int h3, ...) { unsigned char paramdigest[SHA1_DIGEST_SIZE]; - struct sdesc *sdesc; + struct sha1_ctx sha_ctx; unsigned int dlen; unsigned char *data; unsigned char c; - int ret; + int ret =3D 0; va_list argp; =20 if (!chip) return -ENODEV; =20 - sdesc =3D init_sdesc(hashalg); - if (IS_ERR(sdesc)) { - pr_info("can't alloc %s\n", hash_alg); - return PTR_ERR(sdesc); - } - c =3D !!h3; - ret =3D crypto_shash_init(&sdesc->shash); - if (ret < 0) - goto out; + sha1_init(&sha_ctx); va_start(argp, h3); for (;;) { dlen =3D va_arg(argp, unsigned int); if (dlen =3D=3D 0) break; data =3D va_arg(argp, unsigned char *); if (!data) { ret =3D -EINVAL; break; } - ret =3D crypto_shash_update(&sdesc->shash, data, dlen); - if (ret < 0) - break; + sha1_update(&sha_ctx, data, dlen); } va_end(argp); if (!ret) - ret =3D crypto_shash_final(&sdesc->shash, paramdigest); + sha1_final(&sha_ctx, paramdigest); if (!ret) ret =3D TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, h1, TPM_NONCE_SIZE, h2, 1, &c, 0, 0); -out: - kfree_sensitive(sdesc); return ret; } EXPORT_SYMBOL_GPL(TSS_authhmac); =20 /* @@ -181,11 +112,11 @@ int TSS_checkhmac1(unsigned char *buffer, unsigned char *enonce; unsigned char *continueflag; unsigned char *authdata; unsigned char testhmac[SHA1_DIGEST_SIZE]; unsigned char paramdigest[SHA1_DIGEST_SIZE]; - struct sdesc *sdesc; + struct sha1_ctx sha_ctx; unsigned int dlen; unsigned int dpos; va_list argp; int ret; =20 @@ -202,53 +133,33 @@ int TSS_checkhmac1(unsigned char *buffer, return -EINVAL; authdata =3D buffer + bufsize - SHA1_DIGEST_SIZE; continueflag =3D authdata - 1; enonce =3D continueflag - TPM_NONCE_SIZE; =20 - sdesc =3D init_sdesc(hashalg); - if (IS_ERR(sdesc)) { - pr_info("can't alloc %s\n", hash_alg); - return PTR_ERR(sdesc); - } - ret =3D crypto_shash_init(&sdesc->shash); - if (ret < 0) - goto out; - ret =3D crypto_shash_update(&sdesc->shash, (const u8 *)&result, - sizeof result); - if (ret < 0) - goto out; - ret =3D crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal, - sizeof ordinal); - if (ret < 0) - goto out; + sha1_init(&sha_ctx); + sha1_update(&sha_ctx, (const u8 *)&result, sizeof(result)); + sha1_update(&sha_ctx, (const u8 *)&ordinal, sizeof(ordinal)); va_start(argp, keylen); for (;;) { dlen =3D va_arg(argp, unsigned int); if (dlen =3D=3D 0) break; dpos =3D va_arg(argp, unsigned int); - ret =3D crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) - break; + sha1_update(&sha_ctx, buffer + dpos, dlen); } va_end(argp); - if (!ret) - ret =3D crypto_shash_final(&sdesc->shash, paramdigest); - if (ret < 0) - goto out; + sha1_final(&sha_ctx, paramdigest); =20 ret =3D TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce, 1, continueflag, 0, 0); if (ret < 0) - goto out; + return ret; =20 if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) - ret =3D -EINVAL; -out: - kfree_sensitive(sdesc); - return ret; + return -EINVAL; + return 0; } EXPORT_SYMBOL_GPL(TSS_checkhmac1); =20 /* * verify the AUTH2_COMMAND (unseal) result from TPM @@ -272,11 +183,11 @@ static int TSS_checkhmac2(unsigned char *buffer, unsigned char *continueflag2; unsigned char *authdata2; unsigned char testhmac1[SHA1_DIGEST_SIZE]; unsigned char testhmac2[SHA1_DIGEST_SIZE]; unsigned char paramdigest[SHA1_DIGEST_SIZE]; - struct sdesc *sdesc; + struct sha1_ctx sha_ctx; unsigned int dlen; unsigned int dpos; va_list argp; int ret; =20 @@ -295,62 +206,40 @@ static int TSS_checkhmac2(unsigned char *buffer, continueflag1 =3D authdata1 - 1; continueflag2 =3D authdata2 - 1; enonce1 =3D continueflag1 - TPM_NONCE_SIZE; enonce2 =3D continueflag2 - TPM_NONCE_SIZE; =20 - sdesc =3D init_sdesc(hashalg); - if (IS_ERR(sdesc)) { - pr_info("can't alloc %s\n", hash_alg); - return PTR_ERR(sdesc); - } - ret =3D crypto_shash_init(&sdesc->shash); - if (ret < 0) - goto out; - ret =3D crypto_shash_update(&sdesc->shash, (const u8 *)&result, - sizeof result); - if (ret < 0) - goto out; - ret =3D crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal, - sizeof ordinal); - if (ret < 0) - goto out; + sha1_init(&sha_ctx); + sha1_update(&sha_ctx, (const u8 *)&result, sizeof(result)); + sha1_update(&sha_ctx, (const u8 *)&ordinal, sizeof(ordinal)); =20 va_start(argp, keylen2); for (;;) { dlen =3D va_arg(argp, unsigned int); if (dlen =3D=3D 0) break; dpos =3D va_arg(argp, unsigned int); - ret =3D crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) - break; + sha1_update(&sha_ctx, buffer + dpos, dlen); } va_end(argp); - if (!ret) - ret =3D crypto_shash_final(&sdesc->shash, paramdigest); - if (ret < 0) - goto out; + sha1_final(&sha_ctx, paramdigest); =20 ret =3D TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, enonce1, TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); if (ret < 0) - goto out; - if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { - ret =3D -EINVAL; - goto out; - } + return ret; + if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) + return -EINVAL; ret =3D TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, enonce2, TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); if (ret < 0) - goto out; + return ret; if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE)) - ret =3D -EINVAL; -out: - kfree_sensitive(sdesc); - return ret; + return -EINVAL; + return 0; } =20 /* * For key specific tpm requests, we will generate and send our * own TPM command packets using the drivers send function. @@ -497,13 +386,11 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keyt= ype, dump_sess(&sess); =20 /* calculate encrypted authorization value */ memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE); memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); - ret =3D TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); - if (ret < 0) - goto out; + sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); =20 ret =3D tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE); if (ret < 0) goto out; =20 @@ -988,44 +875,10 @@ static int trusted_tpm_unseal(struct trusted_key_payl= oad *p, char *datablob) static int trusted_tpm_get_random(unsigned char *key, size_t key_len) { return tpm_get_random(chip, key, key_len); } =20 -static void trusted_shash_release(void) -{ - if (hashalg) - crypto_free_shash(hashalg); - if (hmacalg) - crypto_free_shash(hmacalg); -} - -static int __init trusted_shash_alloc(void) -{ - int ret; - - hmacalg =3D crypto_alloc_shash(hmac_alg, 0, 0); - if (IS_ERR(hmacalg)) { - pr_info("could not allocate crypto %s\n", - hmac_alg); - return PTR_ERR(hmacalg); - } - - hashalg =3D crypto_alloc_shash(hash_alg, 0, 0); - if (IS_ERR(hashalg)) { - pr_info("could not allocate crypto %s\n", - hash_alg); - ret =3D PTR_ERR(hashalg); - goto hashalg_fail; - } - - return 0; - -hashalg_fail: - crypto_free_shash(hmacalg); - return ret; -} - static int __init init_digests(void) { int i; =20 digests =3D kcalloc(chip->nr_allocated_banks, sizeof(*digests), @@ -1048,19 +901,14 @@ static int __init trusted_tpm_init(void) return -ENODEV; =20 ret =3D init_digests(); if (ret < 0) goto err_put; - ret =3D trusted_shash_alloc(); - if (ret < 0) - goto err_free; ret =3D register_key_type(&key_type_trusted); if (ret < 0) - goto err_release; + goto err_free; return 0; -err_release: - trusted_shash_release(); err_free: kfree(digests); err_put: put_device(&chip->dev); return ret; @@ -1069,11 +917,10 @@ static int __init trusted_tpm_init(void) static void trusted_tpm_exit(void) { if (chip) { put_device(&chip->dev); kfree(digests); - trusted_shash_release(); unregister_key_type(&key_type_trusted); } } =20 struct trusted_key_ops trusted_key_tpm_ops =3D { --=20 2.50.1 From nobody Sun Oct 5 03:35:10 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 17D302BF3CF; Sat, 9 Aug 2025 17:20:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754760003; cv=none; b=Duph66no9qfO/wlPCT4qv0sQK1QBgTRevwXTo6RyqX+yoe69TK1jEs84f4doMX1PD7XeNY/py/o9Loxzrv8R6BveoMixKlVFTSPxyKSyo+GN6TXnP0hIAmbHgcK1evZ9rvTdsNcnb5jbYVG9hRo05YsFDEJVyYjb1jt34ckexFU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754760003; c=relaxed/simple; bh=id3V7RxYJTcnGfXIIJnRAXsAif9WQHqpKirnW70demk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tVHcfwKRQ5343NCHRKVzAyrYA8mkUNsX63hJC55+4W1KpDykAcwJf6NNbzFSQa90SPTEyk0XM7Pia8u3EIREd4uvwjA7U/VMpgcBg543/IHH8jx6QhJ9eUPN5JajAizeqbRyCSCtmgQeYJub5Uc3qNDmk9bAp/uqZCyMQqWXBho= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tEFsQm1D; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tEFsQm1D" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 459E0C4CEF9; Sat, 9 Aug 2025 17:20:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1754760002; bh=id3V7RxYJTcnGfXIIJnRAXsAif9WQHqpKirnW70demk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tEFsQm1Dxs/LicmbD+Mw2mU8Yhj2ZeGM8LcvXY7+SDGOdGcr+ksn7fM36JfiPcdcU ZSFprGj6CA6tSszuZ1AZUU83i7RsHdbOpdvmX12zpKKSraa7mffbZ4yyAYE+yC3nu1 T7LJ5bh6144VAOb3PEmMhdBOHlc1ZU7rgPnoAMGBEcYY4rcv2+/szv09fdY8IGMZVS 88/SrlHwXu63PjGb9Hna8h77ht/LrDChlA/PRB9Ia55bzht14nKHsuyyKwubfs+b9t 2UD96+bGEoyz9HY/SIQ5yiHyajS8ddNkbuwOrjihsHhWqvpEwMWeO3434YqfbsQX3F 7hIigJlk+JAlw== From: Eric Biggers To: James Bottomley , Jarkko Sakkinen , Mimi Zohar , keyrings@vger.kernel.org Cc: David Howells , linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH v2 3/3] KEYS: trusted_tpm1: Move private functionality out of public header Date: Sat, 9 Aug 2025 10:19:41 -0700 Message-ID: <20250809171941.5497-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250809171941.5497-1-ebiggers@kernel.org> References: <20250809171941.5497-1-ebiggers@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move functionality used only by trusted_tpm1.c out of the public header . Specifically, change the exported functions into static functions, since they are not used outside trusted_tpm1.c, and move various other definitions and inline functions to trusted_tpm1.c. Signed-off-by: Eric Biggers Reviewed-by: Jarkko Sakkinen --- include/keys/trusted_tpm.h | 79 ---------------------- security/keys/trusted-keys/trusted_tpm1.c | 80 ++++++++++++++++++++--- 2 files changed, 72 insertions(+), 87 deletions(-) diff --git a/include/keys/trusted_tpm.h b/include/keys/trusted_tpm.h index a088b33fd0e3b..0fadc6a4f1663 100644 --- a/include/keys/trusted_tpm.h +++ b/include/keys/trusted_tpm.h @@ -3,94 +3,15 @@ #define __TRUSTED_TPM_H =20 #include #include =20 -/* implementation specific TPM constants */ -#define TPM_SIZE_OFFSET 2 -#define TPM_RETURN_OFFSET 6 -#define TPM_DATA_OFFSET 10 - -#define LOAD32(buffer, offset) (ntohl(*(uint32_t *)&buffer[offset])) -#define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset]) -#define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset])) - extern struct trusted_key_ops trusted_key_tpm_ops; =20 -struct osapsess { - uint32_t handle; - unsigned char secret[SHA1_DIGEST_SIZE]; - unsigned char enonce[TPM_NONCE_SIZE]; -}; - -/* discrete values, but have to store in uint16_t for TPM use */ -enum { - SEAL_keytype =3D 1, - SRK_keytype =3D 4 -}; - -int TSS_authhmac(unsigned char *digest, const unsigned char *key, - unsigned int keylen, unsigned char *h1, - unsigned char *h2, unsigned int h3, ...); -int TSS_checkhmac1(unsigned char *buffer, - const uint32_t command, - const unsigned char *ononce, - const unsigned char *key, - unsigned int keylen, ...); - -int trusted_tpm_send(unsigned char *cmd, size_t buflen); -int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce); - int tpm2_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, struct trusted_key_options *options); int tpm2_unseal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, struct trusted_key_options *options); =20 -#define TPM_DEBUG 0 - -#if TPM_DEBUG -static inline void dump_options(struct trusted_key_options *o) -{ - pr_info("sealing key type %d\n", o->keytype); - pr_info("sealing key handle %0X\n", o->keyhandle); - pr_info("pcrlock %d\n", o->pcrlock); - pr_info("pcrinfo %d\n", o->pcrinfo_len); - print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, - 16, 1, o->pcrinfo, o->pcrinfo_len, 0); -} - -static inline void dump_sess(struct osapsess *s) -{ - print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, - 16, 1, &s->handle, 4, 0); - pr_info("secret:\n"); - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, - 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); - pr_info("trusted-key: enonce:\n"); - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, - 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); -} - -static inline void dump_tpm_buf(unsigned char *buf) -{ - int len; - - pr_info("\ntpm buffer\n"); - len =3D LOAD32(buf, TPM_SIZE_OFFSET); - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); -} -#else -static inline void dump_options(struct trusted_key_options *o) -{ -} - -static inline void dump_sess(struct osapsess *s) -{ -} - -static inline void dump_tpm_buf(unsigned char *buf) -{ -} -#endif #endif diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trus= ted-keys/trusted_tpm1.c index 126437459a74d..636acb66a4f69 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -22,10 +22,78 @@ #include =20 static struct tpm_chip *chip; static struct tpm_digest *digests; =20 +/* implementation specific TPM constants */ +#define TPM_SIZE_OFFSET 2 +#define TPM_RETURN_OFFSET 6 +#define TPM_DATA_OFFSET 10 + +#define LOAD32(buffer, offset) (ntohl(*(uint32_t *)&buffer[offset])) +#define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset]) +#define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset])) + +struct osapsess { + uint32_t handle; + unsigned char secret[SHA1_DIGEST_SIZE]; + unsigned char enonce[TPM_NONCE_SIZE]; +}; + +/* discrete values, but have to store in uint16_t for TPM use */ +enum { + SEAL_keytype =3D 1, + SRK_keytype =3D 4 +}; + +#define TPM_DEBUG 0 + +#if TPM_DEBUG +static inline void dump_options(struct trusted_key_options *o) +{ + pr_info("sealing key type %d\n", o->keytype); + pr_info("sealing key handle %0X\n", o->keyhandle); + pr_info("pcrlock %d\n", o->pcrlock); + pr_info("pcrinfo %d\n", o->pcrinfo_len); + print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, + 16, 1, o->pcrinfo, o->pcrinfo_len, 0); +} + +static inline void dump_sess(struct osapsess *s) +{ + print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, + 16, 1, &s->handle, 4, 0); + pr_info("secret:\n"); + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, + 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); + pr_info("trusted-key: enonce:\n"); + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, + 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); +} + +static inline void dump_tpm_buf(unsigned char *buf) +{ + int len; + + pr_info("\ntpm buffer\n"); + len =3D LOAD32(buf, TPM_SIZE_OFFSET); + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); +} +#else +static inline void dump_options(struct trusted_key_options *o) +{ +} + +static inline void dump_sess(struct osapsess *s) +{ +} + +static inline void dump_tpm_buf(unsigned char *buf) +{ +} +#endif + static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...) { struct hmac_sha1_ctx hmac_ctx; va_list argp; @@ -54,11 +122,11 @@ static int TSS_rawhmac(unsigned char *digest, const un= signed char *key, } =20 /* * calculate authorization info fields to send to TPM */ -int TSS_authhmac(unsigned char *digest, const unsigned char *key, +static int TSS_authhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, unsigned char *h1, unsigned char *h2, unsigned int h3, ...) { unsigned char paramdigest[SHA1_DIGEST_SIZE]; struct sha1_ctx sha_ctx; @@ -92,16 +160,15 @@ int TSS_authhmac(unsigned char *digest, const unsigned= char *key, ret =3D TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, h1, TPM_NONCE_SIZE, h2, 1, &c, 0, 0); return ret; } -EXPORT_SYMBOL_GPL(TSS_authhmac); =20 /* * verify the AUTH1_COMMAND (Seal) result from TPM */ -int TSS_checkhmac1(unsigned char *buffer, +static int TSS_checkhmac1(unsigned char *buffer, const uint32_t command, const unsigned char *ononce, const unsigned char *key, unsigned int keylen, ...) { @@ -157,11 +224,10 @@ int TSS_checkhmac1(unsigned char *buffer, =20 if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) return -EINVAL; return 0; } -EXPORT_SYMBOL_GPL(TSS_checkhmac1); =20 /* * verify the AUTH2_COMMAND (unseal) result from TPM */ static int TSS_checkhmac2(unsigned char *buffer, @@ -242,11 +308,11 @@ static int TSS_checkhmac2(unsigned char *buffer, =20 /* * For key specific tpm requests, we will generate and send our * own TPM command packets using the drivers send function. */ -int trusted_tpm_send(unsigned char *cmd, size_t buflen) +static int trusted_tpm_send(unsigned char *cmd, size_t buflen) { struct tpm_buf buf; int rc; =20 if (!chip) @@ -268,11 +334,10 @@ int trusted_tpm_send(unsigned char *cmd, size_t bufle= n) rc =3D -EPERM; =20 tpm_put_ops(chip); return rc; } -EXPORT_SYMBOL_GPL(trusted_tpm_send); =20 /* * Lock a trusted key, by extending a selected PCR. * * Prevents a trusted key that is sealed to PCRs from being accessed. @@ -322,11 +387,11 @@ static int osap(struct tpm_buf *tb, struct osapsess *= s, } =20 /* * Create an object independent authorisation protocol (oiap) session */ -int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) +static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) { int ret; =20 if (!chip) return -ENODEV; @@ -339,11 +404,10 @@ int oiap(struct tpm_buf *tb, uint32_t *handle, unsign= ed char *nonce) *handle =3D LOAD32(tb->data, TPM_DATA_OFFSET); memcpy(nonce, &tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)], TPM_NONCE_SIZE); return 0; } -EXPORT_SYMBOL_GPL(oiap); =20 struct tpm_digests { unsigned char encauth[SHA1_DIGEST_SIZE]; unsigned char pubauth[SHA1_DIGEST_SIZE]; unsigned char xorwork[SHA1_DIGEST_SIZE * 2]; --=20 2.50.1