From nobody Sat Feb 7 11:31:28 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAA162F0C78; Sun, 25 Jan 2026 19:25:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769369157; cv=none; b=t2en38O96XG69PQscM/jE0DwB+ZKWTl9ZumNe3x8VnEnymr6qrQt1MlIL6GhLBFtBNn8bqBNaTsyhD5dlPCu3Jb/u4QIoklnCsW4bsBvZ/1kYmD+ZvpOG6Gwd2xDJxkQdjm9KCC4XPJP6zOfjvbsd313+K0OR2DRaXeOezqfEGI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769369157; c=relaxed/simple; bh=gjape427JNzLHhUzr7axo+sf4FV+4SSZgRTvzcK97t0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DmtrcD0GIUIWRonn11SpLQuXfwNU6QKXrnjTJTaDLA1rNQsvxegw0u/oFw7nPF4CYleeaaXlr4gAk9L5ejpIOcdE9zUFdKwaH0EjrEtR2oQTicfdAhlyAQEjNOHtm4UDFZF+86fTH5frjQQM2+TT+imR+LhGPlmjdhWVObFCisc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=M76CeO6t; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="M76CeO6t" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 20AA6C2BC86; Sun, 25 Jan 2026 19:25:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1769369157; bh=gjape427JNzLHhUzr7axo+sf4FV+4SSZgRTvzcK97t0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=M76CeO6tPcBKib73EVdNVVekwque6eBz3qKAsx1YZ06wLbyp+mnl7Qk3MN2aO2FNQ 1w52Sl33U3vrAUxFn4d7WH8GMjO8qv9pPl6LAEH2kARdi5Qmys0I/v9l5azCIsYsGL Kzp7Pnl4Z8AhsLDiKNLN/qMrso5saoKxp6eZzekRo3QWbJogaUrVYb6FLVkv29BYO2 BnIf2ShbpxHTAIaG7HyUygiyjc+gg/cw8H3WmjTCmV3B6i13eHrWKgQX3DbuwTwXiH fDJDT1rC6XzLdbD51xy4c/RAuNdSgSKruitQoostf0yBzuLELAK8huAk9jvNCr3Oox kbYZnDiV66Nyg== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , Jonathan McDowell , James Bottomley , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org (open list:KEYS-TRUSTED), linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM), linux-kernel@vger.kernel.org (open list) Subject: [PATCH v9 04/11] tpm2-sessions: Define TPM2_NAME_MAX_SIZE Date: Sun, 25 Jan 2026 21:25:14 +0200 Message-ID: <20260125192526.782202-5-jarkko@kernel.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260125192526.782202-1-jarkko@kernel.org> References: <20260125192526.782202-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Define TPM2_NAME_MAX_SIZE, which describes the maximum size for hashes encoded as TPMT_HA, which the prime identifier used for persistent and transient keys in TPM2 protocol. Set its value to 'SHA512_DIGEST_SIZE + 2', as SHA512 has the largest digest size of the algorithms in TCG algorithm repository. In additionl, rename TPM2_NAME_SIZE as TPM2_NULL_NAME_SIZE in order to avoid any possible confusion. Reviewed-by: Jonathan McDowell Signed-off-by: Jarkko Sakkinen --- v6: - Rewrote the commit message. v2: - Rename TPM2_NAME_SIZE as TPM2_NULL_NAME_SIZE. --- drivers/char/tpm/tpm-sysfs.c | 2 +- drivers/char/tpm/tpm2-sessions.c | 2 +- include/linux/tpm.h | 37 +++++++++++++++++++++----------- 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c index 94231f052ea7..4a6a27ee295d 100644 --- a/drivers/char/tpm/tpm-sysfs.c +++ b/drivers/char/tpm/tpm-sysfs.c @@ -314,7 +314,7 @@ static ssize_t null_name_show(struct device *dev, struc= t device_attribute *attr, char *buf) { struct tpm_chip *chip =3D to_tpm_chip(dev); - int size =3D TPM2_NAME_SIZE; + int size =3D TPM2_NULL_NAME_SIZE; =20 bin2hex(buf, chip->null_key_name, size); size *=3D 2; diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 4149379665c4..525b8622d1c3 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -137,7 +137,7 @@ struct tpm2_auth { * we must compute and remember */ u32 name_h[AUTH_MAX_NAMES]; - u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; + u8 name[AUTH_MAX_NAMES][TPM2_MAX_NAME_SIZE]; }; =20 #ifdef CONFIG_TCG_TPM2_HMAC diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 202da079d500..8b82290de99f 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -27,9 +27,33 @@ =20 #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ =20 +/* + * SHA-512 is, as of today, the largest digest in the TCG algorithm reposi= tory. + */ #define TPM2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE + +/* + * A TPM name digest i.e., TPMT_HA, is a concatenation of TPM_ALG_ID of the + * name algorithm and hash of TPMT_PUBLIC. + */ +#define TPM2_MAX_NAME_SIZE (TPM2_MAX_DIGEST_SIZE + 2) + +/* + * The maximum number of PCR banks. + */ #define TPM2_MAX_PCR_BANKS 8 =20 +/* + * Fixed define for the size of a name. This is actually HASHALG size + * plus 2, so 32 for SHA256 + */ +#define TPM2_NULL_NAME_SIZE 34 + +/* + * The maximum size for an object context + */ +#define TPM2_MAX_CONTEXT_SIZE 4096 + struct tpm_chip; struct trusted_key_payload; struct trusted_key_options; @@ -139,17 +163,6 @@ struct tpm_chip_seqops { /* fixed define for the curve we use which is NIST_P256 */ #define EC_PT_SZ 32 =20 -/* - * fixed define for the size of a name. This is actually HASHALG size - * plus 2, so 32 for SHA256 - */ -#define TPM2_NAME_SIZE 34 - -/* - * The maximum size for an object context - */ -#define TPM2_MAX_CONTEXT_SIZE 4096 - struct tpm_chip { struct device dev; struct device devs; @@ -211,7 +224,7 @@ struct tpm_chip { /* saved context for NULL seed */ u8 null_key_context[TPM2_MAX_CONTEXT_SIZE]; /* name of NULL seed */ - u8 null_key_name[TPM2_NAME_SIZE]; + u8 null_key_name[TPM2_NULL_NAME_SIZE]; u8 null_ec_key_x[EC_PT_SZ]; u8 null_ec_key_y[EC_PT_SZ]; struct tpm2_auth *auth; --=20 2.52.0