From nobody Sat Feb 7 15:10:47 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8A2827F015; Tue, 9 Dec 2025 07:39:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765265956; cv=none; b=aVLpbQAJ1nBz593m3Ho++F8YuDfK96L4I3xfmcAk2a2EzWXCXwtyTRcHPpfaQO9m2TBlGJPIAQ61m4ItPFPE7bNc5p3kRR4C2yU9wAZ/GVeGu9SzgGpq8mugSR59IYQJbgBT2O40OvEZc00/r6F95HKjbHrxJ9ULLc53hCuXlKQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765265956; c=relaxed/simple; bh=ztm1TpqE5Z71RcSkmDyFfN5kJE/eM01hp7rBZY1g174=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=P6QJJhrUPkwjoK79F6XITzw4sFNGACxe2i9Irrp6sfEc5m3xt9yPlr4GhKfDjl7CZXiq1U5c03D3UTnvLcro0C2VpaHTE6GYLzyQjgTa//hrEJjMt0oUrB8AZ6hMwKhWVDPVAmEti6bESxWxDtsTL+3ruNWmwsqS2faT4H7zKx4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=R9kWDKJr; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="R9kWDKJr" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 60F8EC4CEF5; Tue, 9 Dec 2025 07:39:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1765265956; bh=ztm1TpqE5Z71RcSkmDyFfN5kJE/eM01hp7rBZY1g174=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=R9kWDKJrb8vomUvUkh/zBVXgoa5NBMkzDH9xO2p3IlDYflNYSvTFuRLd7X74jDNB7 rZu7BnihvWGK+QaARIE0PGVAHwvq2XF+oyvkkenfC7QczvGC+viLq1qaKQHN1XDCEQ TRT3Y34egVpWcuYvbGCXVgnbFLJnQIaeFVYRSvPHi0DaOKIK2m66O6/sOnwRCBwTtb Veawpps3RGIOVGB/rdE7s+2gbE+3g+ZQfqUjwuhv+BAetr9CvRYf7rItGHb4RzkXBT Hw1Giuad5xn+abLwVaGNtZPXG8L4FJlD6z/HBCVbxcgdmS4Gek8AWsHk3J58wwYcNk KvG7Ki1vP2fNw== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , Peter Huewe , Jason Gunthorpe , linux-kernel@vger.kernel.org (open list) Subject: [PATCH 1/4] tpm2-sessions: Define TPM2_NAME_MAX_SIZE Date: Tue, 9 Dec 2025 09:38:59 +0200 Message-ID: <20251209073903.767518-2-jarkko@kernel.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251209073903.767518-1-jarkko@kernel.org> References: <20251209073903.767518-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is somewhat cosmetic change but it does serve a purpose on tracking the value set for the maximum length of TPM names, and to clearly states what components it is composed of. It also anchors the value so that when buffers are declared for this particular purpose, the same value is used for the capacity. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm2-sessions.c | 2 +- include/linux/tpm.h | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 79f27a46bd7f..a0c88fb1804c 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -137,7 +137,7 @@ struct tpm2_auth { * we must compute and remember */ u32 name_h[AUTH_MAX_NAMES]; - u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; + u8 name[AUTH_MAX_NAMES][TPM2_MAX_NAME_SIZE]; }; =20 #ifdef CONFIG_TCG_TPM2_HMAC diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 42e2a091f43d..b4b5bd586501 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -28,7 +28,16 @@ #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ #define TPM_BUFSIZE 4096 =20 +/* + * SHA-512 is, as of today, the largest digest in the TCG algorithm reposi= tory. + */ #define TPM2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE + +/* + * A TPM name digest i.e., TPMT_HA, is a concatenation of TPM_ALG_ID of the + * name algorithm and hash of TPMT_PUBLIC. + */ +#define TPM2_MAX_NAME_SIZE (TPM2_MAX_DIGEST_SIZE + 2) #define TPM2_MAX_PCR_BANKS 8 =20 struct tpm_chip; --=20 2.52.0 From nobody Sat Feb 7 15:10:47 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92EFD256C70; Tue, 9 Dec 2025 07:39:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765265961; cv=none; b=tE+rJhuQP93gEpwU+Jp/0bfnE3kl/WZt+vbK6gTeCxmXr3ZGJ5czKU5GHsfyVlQchg4mfrggMRRNj5LhcCBOUB2xQxuWy/d1WXGE6TDVf9NIBuL3/XLvCCL9qzZIXQMZ96Vu4RTI03gmVWXucaoOn4NXPFFIW0I3H4aVpCnoR8I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765265961; c=relaxed/simple; bh=B1/goJORDOy51uhOdruU/8J9NcISWpzQ7ZQlXtDTEco=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=q24QGfmXqWELcNnIIplvUK+1i2TF1XHz18WbkieP+AiauB8XGALOPdcHmfD4NivkH6JjkDR3EWK29JD0JO8y09srPJ97NM030gGKOU4OiKh2p0pYiHxI72d9Db1aIJZ0HdJyjcCMNdkNoEjBu9GFSmyz0OMLD/PpCLaftRukRj4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=vN+WK8NI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="vN+WK8NI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0678C4CEF5; Tue, 9 Dec 2025 07:39:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1765265961; bh=B1/goJORDOy51uhOdruU/8J9NcISWpzQ7ZQlXtDTEco=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vN+WK8NIh+2HZT9NOHLZ/0akJE5veiLwW0iUevFzY/imwJIQNNArDCU21aEgcmJJ5 +UeoPDVBR1zs6z4weUjVK9KjNPDOz1gFF29kdFMYhLtiP593WQODfjRDEjjNfe5YZx j2neJWSPrUV2B9rZRK0G59jEtccMsZnZDbilfLvITUVd4eFmdQzb/A01aP/8wIeAeO I2fkfG7PeUGD3JRYcvXGVbeVbZp9kV9FU2/3QyP5Zg1CkQFD4jiMqecBYooWWWL8vg w8z3dY0c8eIOMR/wLKDkaVMW2kcHGh4mtZ5JqdIh1zyhoNZGTmVxQjM14zNqw4I3YY sImfgiO8M3lKg== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , Peter Huewe , Jason Gunthorpe , James Bottomley , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , linux-kernel@vger.kernel.org (open list), keyrings@vger.kernel.org (open list:KEYS-TRUSTED), linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM) Subject: [PATCH 2/4] KEYS: trusted: Re-orchestrate tpm2_read_public() calls Date: Tue, 9 Dec 2025 09:39:00 +0200 Message-ID: <20251209073903.767518-3-jarkko@kernel.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251209073903.767518-1-jarkko@kernel.org> References: <20251209073903.767518-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" tpm2_load_cmd() and tpm2_unseal_cmd() use the same parent, and calls to tpm_buf_append_name() cause the exact same TPM2_ReadPublic command to be sent to the chip, causing unnecessary traffic. 1. Export tpm2_read_public in order to make it callable from 'trusted_tpm2'. 2. Re-orchestrate tpm2_seal_trusted() and tpm2_unseal_trusted() in order to halve the name resolutions required: 2a. Move tpm2_read_public() calls into trusted_tpm2. 2b. Pass TPM name to tpm_buf_append_name(). 2c. Rework tpm_buf_append_name() to use the pre-resolved name. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm2-cmd.c | 3 +- drivers/char/tpm/tpm2-sessions.c | 95 +++++------------ include/linux/tpm.h | 10 +- security/keys/trusted-keys/trusted_tpm2.c | 124 ++++++++++++++-------- 4 files changed, 118 insertions(+), 114 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 2682f5ec09cb..5b04e74b6377 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -199,7 +199,8 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, tpm_buf_reset(buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); =20 if (!disable_pcr_integrity) { - rc =3D tpm_buf_append_name(chip, buf, pcr_idx, NULL); + rc =3D tpm_buf_append_name(chip, buf, pcr_idx, (u8 *)&pcr_idx, + sizeof(u32)); if (rc) return rc; tpm_buf_append_hmac_session(chip, buf, 0, NULL, 0); diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index a0c88fb1804c..0816a91134fc 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -136,8 +136,8 @@ struct tpm2_auth { * handle, but they are part of the session by name, which * we must compute and remember */ - u32 name_h[AUTH_MAX_NAMES]; u8 name[AUTH_MAX_NAMES][TPM2_MAX_NAME_SIZE]; + u16 name_size_tbl[AUTH_MAX_NAMES]; }; =20 #ifdef CONFIG_TCG_TPM2_HMAC @@ -163,7 +163,17 @@ static int name_size(const u8 *name) } } =20 -static int tpm2_read_public(struct tpm_chip *chip, u32 handle, void *name) +/** + * tpm2_read_public: Resolve TPM name for a handle + * @chip: TPM chip to use. + * @handle: TPM handle. + * @name: A buffer for returning the name blob. Must have a + * capacity of 'SHA512_DIGET_SIZE + 2' bytes at minimum + * + * Returns size of TPM handle name of success. + * Returns tpm_transmit_cmd error codes when TPM2_ReadPublic fails. + */ +int tpm2_read_public(struct tpm_chip *chip, u32 handle, void *name) { u32 mso =3D tpm2_handle_mso(handle); off_t offset =3D TPM_HEADER_SIZE; @@ -212,14 +222,16 @@ static int tpm2_read_public(struct tpm_chip *chip, u3= 2 handle, void *name) memcpy(name, &buf->data[offset], rc); return name_size_alg; } +EXPORT_SYMBOL_GPL(tpm2_read_public); #endif /* CONFIG_TCG_TPM2_HMAC */ =20 /** - * tpm_buf_append_name() - add a handle area to the buffer - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @handle: The handle to be appended - * @name: The name of the handle (may be NULL) + * tpm_buf_append_name() - Append a handle and store TPM name + * @chip: TPM chip to use. + * @buf: TPM buffer containing the TPM command in-transit. + * @handle: TPM handle to be appended. + * @name: TPM name of the handle + * @name_size: Size of the TPM name. * * In order to compute session HMACs, we need to know the names of the * objects pointed to by the handles. For most objects, this is simply @@ -236,15 +248,14 @@ static int tpm2_read_public(struct tpm_chip *chip, u3= 2 handle, void *name) * will be caused by an incorrect programming model and indicated by a * kernel message. * - * Ends the authorization session on failure. + * Returns zero on success. + * Returns -EIO when the authorization area state is malformed. */ int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name) + u32 handle, u8 *name, u16 name_size) { #ifdef CONFIG_TCG_TPM2_HMAC - enum tpm2_mso_type mso =3D tpm2_handle_mso(handle); struct tpm2_auth *auth; - u16 name_size_alg; int slot; int ret; #endif @@ -269,36 +280,15 @@ int tpm_buf_append_name(struct tpm_chip *chip, struct= tpm_buf *buf, } tpm_buf_append_u32(buf, handle); auth->session +=3D 4; - - if (mso =3D=3D TPM2_MSO_PERSISTENT || - mso =3D=3D TPM2_MSO_VOLATILE || - mso =3D=3D TPM2_MSO_NVRAM) { - if (!name) { - ret =3D tpm2_read_public(chip, handle, auth->name[slot]); - if (ret < 0) - goto err; - - name_size_alg =3D ret; - } - } else { - if (name) { - dev_err(&chip->dev, "handle 0x%08x does not use a name\n", - handle); - ret =3D -EIO; - goto err; - } - } - - auth->name_h[slot] =3D handle; - if (name) - memcpy(auth->name[slot], name, name_size_alg); + memcpy(auth->name[slot], name, name_size); + auth->name_size_tbl[slot] =3D name_size; #endif return 0; =20 #ifdef CONFIG_TCG_TPM2_HMAC err: tpm2_end_auth_session(chip); - return tpm_ret_to_err(ret); + return ret; #endif } EXPORT_SYMBOL_GPL(tpm_buf_append_name); @@ -606,22 +596,8 @@ int tpm_buf_fill_hmac_session(struct tpm_chip *chip, s= truct tpm_buf *buf) attrs =3D chip->cc_attrs_tbl[i]; =20 handles =3D (attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0); + offset_s +=3D handles * sizeof(u32); =20 - /* - * just check the names, it's easy to make mistakes. This - * would happen if someone added a handle via - * tpm_buf_append_u32() instead of tpm_buf_append_name() - */ - for (i =3D 0; i < handles; i++) { - u32 handle =3D tpm_buf_read_u32(buf, &offset_s); - - if (auth->name_h[i] !=3D handle) { - dev_err(&chip->dev, "invalid handle 0x%08x\n", handle); - ret =3D -EIO; - goto err; - } - } - /* point offset_s to the start of the sessions */ val =3D tpm_buf_read_u32(buf, &offset_s); /* point offset_p to the start of the parameters */ offset_p =3D offset_s + val; @@ -682,23 +658,8 @@ int tpm_buf_fill_hmac_session(struct tpm_chip *chip, s= truct tpm_buf *buf) /* ordinal is already BE */ sha256_update(&sctx, (u8 *)&head->ordinal, sizeof(head->ordinal)); /* add the handle names */ - for (i =3D 0; i < handles; i++) { - enum tpm2_mso_type mso =3D tpm2_handle_mso(auth->name_h[i]); - - if (mso =3D=3D TPM2_MSO_PERSISTENT || - mso =3D=3D TPM2_MSO_VOLATILE || - mso =3D=3D TPM2_MSO_NVRAM) { - ret =3D name_size(auth->name[i]); - if (ret < 0) - goto err; - - sha256_update(&sctx, auth->name[i], ret); - } else { - __be32 h =3D cpu_to_be32(auth->name_h[i]); - - sha256_update(&sctx, (u8 *)&h, 4); - } - } + for (i =3D 0; i < handles; i++) + sha256_update(&sctx, auth->name[i], auth->name_size_tbl[i]); if (offset_s !=3D tpm_buf_length(buf)) sha256_update(&sctx, &buf->data[offset_s], tpm_buf_length(buf) - offset_s); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index b4b5bd586501..db716841973f 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -539,7 +539,7 @@ static inline struct tpm2_auth *tpm2_chip_auth(struct t= pm_chip *chip) } =20 int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name); + u32 handle, u8 *name, u16 name_size); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *bu= f, u8 attributes, u8 *passphrase, int passphraselen); @@ -553,6 +553,7 @@ int tpm_buf_fill_hmac_session(struct tpm_chip *chip, st= ruct tpm_buf *buf); int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc); void tpm2_end_auth_session(struct tpm_chip *chip); +int tpm2_read_public(struct tpm_chip *chip, u32 handle, void *name); #else #include =20 @@ -576,6 +577,13 @@ static inline int tpm_buf_check_hmac_response(struct t= pm_chip *chip, { return rc; } + +static inline int tpm2_read_public(struct tpm_chip *chip, u32 handle, + void *name) +{ + memcpy(name, &handle, sizeof(u32)); + return sizeof(u32); +} #endif /* CONFIG_TCG_TPM2_HMAC */ =20 #endif diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trus= ted-keys/trusted_tpm2.c index 9074ae1a5896..7756aa839d81 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -203,7 +203,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, struct trusted_key_options *options) { + u8 parent_name[TPM2_MAX_NAME_SIZE]; off_t offset =3D TPM_HEADER_SIZE; + u16 parent_name_size; int blob_len =3D 0; int hash; u32 flags; @@ -220,6 +222,12 @@ int tpm2_seal_trusted(struct tpm_chip *chip, if (rc) return rc; =20 + rc =3D tpm2_read_public(chip, options->keyhandle, parent_name); + if (rc < 0) + goto out_put; + + parent_name_size =3D rc; + rc =3D tpm2_start_auth_session(chip); if (rc) goto out_put; @@ -234,7 +242,8 @@ int tpm2_seal_trusted(struct tpm_chip *chip, tpm_buf_init(buf, TPM_BUFSIZE); tpm_buf_reset(buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); =20 - rc =3D tpm_buf_append_name(chip, buf, options->keyhandle, NULL); + rc =3D tpm_buf_append_name(chip, buf, options->keyhandle, parent_name, + parent_name_size); if (rc) goto out_put; =20 @@ -326,48 +335,38 @@ int tpm2_seal_trusted(struct tpm_chip *chip, } =20 /** - * tpm2_load_cmd() - execute a TPM2_Load command - * - * @chip: TPM chip to use - * @payload: the key data in clear and encrypted form - * @options: authentication values and other options - * @blob_handle: returned blob handle + * tpm2_load_cmd() - Execute TPM2_Load + * @chip: TPM chip to use. + * @payload: Key data in clear text. + * @options: Trusted key options. + * @parent_name: A cryptographic name, i.e. a TPMT_HA blob, of the + * parent key. + * @blob: The decoded payload for the key. + * @blob_handle: On success, will contain handle to the loaded keyedhash + * blob. * - * Return: 0 on success. - * -E2BIG on wrong payload size. - * -EPERM on tpm error status. - * < 0 error from tpm_send. + * Return -E2BIG when the blob size is too small for all the data. + * Returns tpm_transmit_cmd() error codes when either TPM2_Load fails. */ static int tpm2_load_cmd(struct tpm_chip *chip, struct trusted_key_payload *payload, struct trusted_key_options *options, + u8 *parent_name, + u16 parent_name_size, + const u8 *blob, u32 *blob_handle) { u8 *blob_ref __free(kfree) =3D NULL; unsigned int private_len; unsigned int public_len; unsigned int blob_len; - u8 *blob, *pub; + const u8 *pub; int rc; u32 attrs; =20 - rc =3D tpm2_key_decode(payload, options, &blob); - if (rc) { - /* old form */ - blob =3D payload->blob; - payload->old_format =3D 1; - } else { - /* Bind for cleanup: */ - blob_ref =3D blob; - } - - /* new format carries keyhandle but old format doesn't */ - if (!options->keyhandle) - return -EINVAL; - /* must be big enough for at least the two be16 size counts */ if (payload->blob_len < 4) - return -EINVAL; + return -E2BIG; =20 private_len =3D get_unaligned_be16(blob); =20 @@ -406,7 +405,8 @@ static int tpm2_load_cmd(struct tpm_chip *chip, tpm_buf_init(buf, TPM_BUFSIZE); tpm_buf_reset(buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); =20 - rc =3D tpm_buf_append_name(chip, buf, options->keyhandle, NULL); + rc =3D tpm_buf_append_name(chip, buf, options->keyhandle, parent_name, + parent_name_size); if (rc) return rc; =20 @@ -434,20 +434,23 @@ static int tpm2_load_cmd(struct tpm_chip *chip, } =20 /** - * tpm2_unseal_cmd() - execute a TPM2_Unload command + * tpm2_unseal_cmd() - Execute TPM2_Unload * - * @chip: TPM chip to use - * @payload: the key data in clear and encrypted form - * @options: authentication values and other options - * @blob_handle: blob handle + * @chip: TPM chip to use + * @payload: Key data in clear text. + * @options: Trusted key options. + * @parent_name: A cryptographic name, i.e. a TPMT_HA blob, of the + * parent key. + * @blob_handle: Handle to the loaded keyedhash blob. * - * Return: 0 on success - * -EPERM on tpm error status - * < 0 error from tpm_send + * Return -E2BIG when the blob size is too small for all the data. + * Returns tpm_transmit_cmd() error codes when either TPM2_Load fails. */ static int tpm2_unseal_cmd(struct tpm_chip *chip, struct trusted_key_payload *payload, struct trusted_key_options *options, + u8 *parent_name, + u16 parent_name_size, u32 blob_handle) { struct tpm_header *head; @@ -467,7 +470,8 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, tpm_buf_init(buf, TPM_BUFSIZE); tpm_buf_reset(buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); =20 - rc =3D tpm_buf_append_name(chip, buf, options->keyhandle, NULL); + rc =3D tpm_buf_append_name(chip, buf, options->keyhandle, parent_name, + parent_name_size); if (rc) return rc; =20 @@ -534,30 +538,60 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, } =20 /** - * tpm2_unseal_trusted() - unseal the payload of a trusted key + * tpm2_unseal_trusted() - Unseal a trusted key + * @chip: TPM chip to use. + * @payload: Key data in clear text. + * @options: Trusted key options. * - * @chip: TPM chip to use - * @payload: the key data in clear and encrypted form - * @options: authentication values and other options - * - * Return: Same as with tpm_send. + * Return -E2BIG when the blob size is too small for all the data. + * Return -EINVAL when parent's key handle has not been set. + * Returns tpm_transmit_cmd() error codes when either TPM2_Load or TPM2_Un= seal + * fails. */ int tpm2_unseal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, struct trusted_key_options *options) { + u8 *blob_ref __free(kfree) =3D NULL; + u8 parent_name[TPM2_MAX_NAME_SIZE]; + u16 parent_name_size; u32 blob_handle; + u8 *blob; int rc; =20 + /* + * Try to decode the provided blob as an ASN.1 blob. Assume that the + * blob is in the legacy format if decoding does not end successfully. + */ + rc =3D tpm2_key_decode(payload, options, &blob); + if (rc) { + blob =3D payload->blob; + payload->old_format =3D 1; + } else { + blob_ref =3D blob; + } + + if (!options->keyhandle) + return -EINVAL; + rc =3D tpm_try_get_ops(chip); if (rc) return rc; =20 - rc =3D tpm2_load_cmd(chip, payload, options, &blob_handle); + rc =3D tpm2_read_public(chip, options->keyhandle, parent_name); + if (rc < 0) + goto out; + + parent_name_size =3D rc; + + rc =3D tpm2_load_cmd(chip, payload, options, parent_name, + parent_name_size, blob, &blob_handle); if (rc) goto out; =20 - rc =3D tpm2_unseal_cmd(chip, payload, options, blob_handle); + rc =3D tpm2_unseal_cmd(chip, payload, options, parent_name, + parent_name_size, blob_handle); + tpm2_flush_context(chip, blob_handle); =20 out: --=20 2.52.0 From nobody Sat Feb 7 15:10:47 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E33C25A645; Tue, 9 Dec 2025 07:39:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765265966; cv=none; b=haFamzz7XeJqAZdwEVpa2qc8EGgq03PEr3eq/I4fZNN4cZI2D0LAZIg3IwiYTVNFQMpqzgLBaZFVg0ieJ4FplNt9M9S8ywT5g8Sa7ml/egEXdTpB76YwBilqpWGBSaRNOexQV39UVR61Xm0GQO38c0s08xdir8E7J1Y/qAcl50k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765265966; c=relaxed/simple; bh=j3sRY/5DqDHwhme3v+bOihyZBmakSNazCo3LEzMzmDU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LgUs2hVprVn9CAFgAIACvPJPvFrMq7BSCE4o6lxtpCxkFyeCmPzxdP4vozy9ocEmbM4BBmzk22TgJncP8m5s69rgaPX4mHahEDmVTQ7yRBJXH3RtO6wbqhxyYvt9s6PtwHR9/Qg2k9zpIou23Tr6B3LGnNmvms8ooXhqAVFnxZk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZwM0ss64; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZwM0ss64" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 824EDC4CEF5; Tue, 9 Dec 2025 07:39:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1765265966; bh=j3sRY/5DqDHwhme3v+bOihyZBmakSNazCo3LEzMzmDU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZwM0ss64wf2/mscrqUG1jMWGbwSQnca8DRmBJVCP/b9T4t2tFK1tminLcaK/72HE8 G0pGItrTX82UspBgykef10TZnYMMsJZr8Y/unzTb3Km8FCa4k2AoEyGmMuVgyJoZMJ emG13OQErikFUV0Kmigi3UMxxT558ApmtzAztBwwNfrMy/UbvjwFXAMX7aRO4MlrS0 3lkZoYhPPJLbNyUxTI7/NAJd8pFtERwjULOkd9KLSgzfGTRRYCDNPpK+c81sWjcUmR BzZnUfbptIl2zt9as1qAgok65lsV4LW898U/iXro4OP4C/PeKWwkXp2/MBj3fz2Ys6 cR/c8gaIIxl/Q== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , Peter Huewe , Jason Gunthorpe , linux-kernel@vger.kernel.org (open list) Subject: [PATCH 3/4] tpm2-sessions: Remove AUTH_MAX_NAMES Date: Tue, 9 Dec 2025 09:39:01 +0200 Message-ID: <20251209073903.767518-4-jarkko@kernel.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251209073903.767518-1-jarkko@kernel.org> References: <20251209073903.767518-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In all of the call sites only one session is ever append. Thus, reduce AUTH_MAX_NAMES, which leads into removing constant completely. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm2-sessions.c | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 0816a91134fc..62a200ae72d7 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -72,9 +72,6 @@ #include #include =20 -/* maximum number of names the TPM must remember for authorization */ -#define AUTH_MAX_NAMES 3 - #define AES_KEY_BYTES AES_KEYSIZE_128 #define AES_KEY_BITS (AES_KEY_BYTES*8) =20 @@ -136,8 +133,8 @@ struct tpm2_auth { * handle, but they are part of the session by name, which * we must compute and remember */ - u8 name[AUTH_MAX_NAMES][TPM2_MAX_NAME_SIZE]; - u16 name_size_tbl[AUTH_MAX_NAMES]; + u8 name[TPM2_MAX_NAME_SIZE]; + u16 name_size; }; =20 #ifdef CONFIG_TCG_TPM2_HMAC @@ -254,11 +251,14 @@ EXPORT_SYMBOL_GPL(tpm2_read_public); int tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name, u16 name_size) { -#ifdef CONFIG_TCG_TPM2_HMAC struct tpm2_auth *auth; - int slot; int ret; -#endif + + if (tpm_buf_length(buf) !=3D TPM_HEADER_SIZE) { + dev_err(&chip->dev, "too many handles\n"); + ret =3D -EIO; + goto err; + } =20 if (!tpm2_chip_auth(chip)) { tpm_buf_append_handle(buf, handle); @@ -266,12 +266,6 @@ int tpm_buf_append_name(struct tpm_chip *chip, struct = tpm_buf *buf, } =20 #ifdef CONFIG_TCG_TPM2_HMAC - slot =3D (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; - if (slot >=3D AUTH_MAX_NAMES) { - dev_err(&chip->dev, "too many handles\n"); - ret =3D -EIO; - goto err; - } auth =3D chip->auth; if (auth->session !=3D tpm_buf_length(buf)) { dev_err(&chip->dev, "session state malformed"); @@ -280,16 +274,14 @@ int tpm_buf_append_name(struct tpm_chip *chip, struct= tpm_buf *buf, } tpm_buf_append_u32(buf, handle); auth->session +=3D 4; - memcpy(auth->name[slot], name, name_size); - auth->name_size_tbl[slot] =3D name_size; + memcpy(auth->name, name, name_size); + auth->name_size =3D name_size; #endif return 0; =20 -#ifdef CONFIG_TCG_TPM2_HMAC err: tpm2_end_auth_session(chip); return ret; -#endif } EXPORT_SYMBOL_GPL(tpm_buf_append_name); =20 @@ -658,8 +650,7 @@ int tpm_buf_fill_hmac_session(struct tpm_chip *chip, st= ruct tpm_buf *buf) /* ordinal is already BE */ sha256_update(&sctx, (u8 *)&head->ordinal, sizeof(head->ordinal)); /* add the handle names */ - for (i =3D 0; i < handles; i++) - sha256_update(&sctx, auth->name[i], auth->name_size_tbl[i]); + sha256_update(&sctx, auth->name, auth->name_size); if (offset_s !=3D tpm_buf_length(buf)) sha256_update(&sctx, &buf->data[offset_s], tpm_buf_length(buf) - offset_s); --=20 2.52.0 From nobody Sat Feb 7 15:10:47 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2FEF8256C70; Tue, 9 Dec 2025 07:39:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765265971; cv=none; b=u6QGLNSj9LHttRsPoAiIvrIVuRxkd95tlG3R3p8yir3W1pnaTF3C8UJZPepLaBaRy5wiR/XR6fzOhlp8QCxxOJvNAF5Kq/o7o2j0WxNC/HO+xmVRtdoITtXXpjfgxJKP4GLEg4vEv1HYTbkKL4PIuwNwSz85HSIiE92mI0zJiv8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765265971; c=relaxed/simple; bh=dFuocr7ISngAObHRPsUc07GBxdyZmEy3cK629rJgpCM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fAVAg7q9/23kJaCH1ARl4DfyG55eEuM/FKMG61zz/zNS5/1xF2e+1y/psS2sKWfRbR/em28k6iSkSJBCaW2BR2DAxCyZ20qVGwVhvuWx3DbIlbacLtP0bib4swwuhG1xVrnPSmF/N+7/sxtckcZ8hRT3XO3U8x5wd3SIANUADaI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=a97k0cxe; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="a97k0cxe" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 47BF9C19421; Tue, 9 Dec 2025 07:39:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1765265971; bh=dFuocr7ISngAObHRPsUc07GBxdyZmEy3cK629rJgpCM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=a97k0cxeOlp3QLeokdm1qdmL3BEw6DEu1oHtefSYfol+yiER6GBbb/oAkz15D5mxL pM+DPO+uv/0gYGEzYr3lCIDCgXOcTTatUe7hcDh/S1T7gJqjdD/tPdo+W7v2zgysbF TsCtYA4wSrh1s9Cs30o3WVjLEe5VwKWx7UIEebs5X6SegSVm9e9fC4h0YOC1CBXyjY XHQNWCqH3lPJ2FvOFp+IZ9PY3wyKvuv+0EvlmP0QPJwPifPrAup8Ubnd6y3yic4Iev K//YfV87BIsY54xXoNmCgFCLka5sP6noi0vFshESK2oqRYO85Yo5BW/iKzlYYz4TII w1RlgHCfFjtSA== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , Peter Huewe , Jason Gunthorpe , James Bottomley , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , linux-kernel@vger.kernel.org (open list), keyrings@vger.kernel.org (open list:KEYS-TRUSTED), linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM) Subject: [PATCH 4/4] tpm-buf: Remove tpm_buf_append_handle Date: Tue, 9 Dec 2025 09:39:02 +0200 Message-ID: <20251209073903.767518-5-jarkko@kernel.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251209073903.767518-1-jarkko@kernel.org> References: <20251209073903.767518-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Since the number of handles is fixed to a single handle, eliminate all uses of buf->handles and deduce values during compile-time. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm-buf.c | 25 ----------------------- drivers/char/tpm/tpm2-cmd.c | 4 ++-- drivers/char/tpm/tpm2-sessions.c | 4 ++-- include/linux/tpm.h | 1 - security/keys/trusted-keys/trusted_tpm2.c | 2 +- 5 files changed, 5 insertions(+), 31 deletions(-) diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c index 73be8a87b472..752c69b8a4f5 100644 --- a/drivers/char/tpm/tpm-buf.c +++ b/drivers/char/tpm/tpm-buf.c @@ -40,7 +40,6 @@ static void __tpm_buf_reset(struct tpm_buf *buf, u16 buf_= size, u16 tag, u32 ordi buf->flags =3D 0; buf->length =3D sizeof(*head); buf->capacity =3D buf_size - sizeof(*buf); - buf->handles =3D 0; head->tag =3D cpu_to_be16(tag); head->length =3D cpu_to_be32(sizeof(*head)); head->ordinal =3D cpu_to_be32(ordinal); @@ -56,7 +55,6 @@ static void __tpm_buf_reset_sized(struct tpm_buf *buf, u1= 6 buf_size) buf->flags =3D TPM_BUF_TPM2B; buf->length =3D 2; buf->capacity =3D buf_size - sizeof(*buf); - buf->handles =3D 0; buf->data[0] =3D 0; buf->data[1] =3D 0; } @@ -177,29 +175,6 @@ void tpm_buf_append_u32(struct tpm_buf *buf, const u32= value) } EXPORT_SYMBOL_GPL(tpm_buf_append_u32); =20 -/** - * tpm_buf_append_handle() - Add a handle - * @buf: &tpm_buf instance - * @handle: a TPM object handle - * - * Add a handle to the buffer, and increase the count tracking the number = of - * handles in the command buffer. Works only for command buffers. - */ -void tpm_buf_append_handle(struct tpm_buf *buf, u32 handle) -{ - if (buf->flags & TPM_BUF_INVALID) - return; - - if (buf->flags & TPM_BUF_TPM2B) { - WARN(1, "tpm-buf: invalid type: TPM2B\n"); - buf->flags |=3D TPM_BUF_INVALID; - return; - } - - tpm_buf_append_u32(buf, handle); - buf->handles++; -} - /** * tpm_buf_read() - Read from a TPM buffer * @buf: &tpm_buf instance diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 5b04e74b6377..d14e249831c7 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -205,7 +205,7 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, return rc; tpm_buf_append_hmac_session(chip, buf, 0, NULL, 0); } else { - tpm_buf_append_handle(buf, pcr_idx); + tpm_buf_append_u32(buf, pcr_idx); tpm_buf_append_auth(chip, buf, NULL, 0); } =20 @@ -281,7 +281,7 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *dest, si= ze_t max) TPM2_SA_CONTINUE_SESSION, NULL, 0); } else { - offset =3D buf->handles * 4 + TPM_HEADER_SIZE; + offset =3D TPM_HEADER_SIZE + sizeof(u32); head =3D (struct tpm_header *)buf->data; if (tpm_buf_length(buf) =3D=3D offset) head->tag =3D cpu_to_be16(TPM2_ST_NO_SESSIONS); diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 62a200ae72d7..dfd1abe673bc 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -261,7 +261,7 @@ int tpm_buf_append_name(struct tpm_chip *chip, struct t= pm_buf *buf, } =20 if (!tpm2_chip_auth(chip)) { - tpm_buf_append_handle(buf, handle); + tpm_buf_append_u32(buf, handle); return 0; } =20 @@ -289,7 +289,7 @@ void tpm_buf_append_auth(struct tpm_chip *chip, struct = tpm_buf *buf, u8 *passphrase, int passphrase_len) { /* offset tells us where the sessions area begins */ - int offset =3D buf->handles * 4 + TPM_HEADER_SIZE; + int offset =3D TPM_HEADER_SIZE + sizeof(u32); u32 len =3D 9 + passphrase_len; =20 if (tpm_buf_length(buf) !=3D offset) { diff --git a/include/linux/tpm.h b/include/linux/tpm.h index db716841973f..e20647cc0a0f 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -437,7 +437,6 @@ void tpm_buf_append_u32(struct tpm_buf *buf, const u32 = value); u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset); u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset); u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset); -void tpm_buf_append_handle(struct tpm_buf *buf, u32 handle); =20 /* * Check if TPM device is in the firmware upgrade mode. diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trus= ted-keys/trusted_tpm2.c index 7756aa839d81..0a07a18da2ed 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -495,7 +495,7 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, if (tpm2_chip_auth(chip)) { tpm_buf_append_hmac_session(chip, buf, TPM2_SA_ENCRYPT, NULL, 0); } else { - offset =3D buf->handles * 4 + TPM_HEADER_SIZE; + offset =3D TPM_HEADER_SIZE + sizeof(u32); head =3D (struct tpm_header *)buf->data; if (tpm_buf_length(buf) =3D=3D offset) head->tag =3D cpu_to_be16(TPM2_ST_NO_SESSIONS); --=20 2.52.0