Define TPM2_NAME_MAX_SIZE, which describes the maximum size for hashes encoded as TPMT_HA, which the prime identifier used for persistent and transient keys in TPM2 protocol.
Set its value to 'SHA512_DIGEST_SIZE + 2', as SHA512 has the largest digest size of the algorithms in TCG algorithm repository. In additionl, rename TPM2_NAME_SIZE as TPM2_NULL_NAME_SIZE in order to avoid any possible confusion. Signed-off-by: Jarkko Sakkinen <[email protected]> --- v6: - Rewrote the commit message. v2: - Rename TPM2_NAME_SIZE as TPM2_NULL_NAME_SIZE. --- drivers/char/tpm/tpm-sysfs.c | 2 +- drivers/char/tpm/tpm2-sessions.c | 2 +- include/linux/tpm.h | 37 +++++++++++++++++++++----------- 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c index 94231f052ea7..4a6a27ee295d 100644 --- a/drivers/char/tpm/tpm-sysfs.c +++ b/drivers/char/tpm/tpm-sysfs.c @@ -314,7 +314,7 @@ static ssize_t null_name_show(struct device *dev, struct device_attribute *attr, char *buf) { struct tpm_chip *chip = to_tpm_chip(dev); - int size = TPM2_NAME_SIZE; + int size = TPM2_NULL_NAME_SIZE; bin2hex(buf, chip->null_key_name, size); size *= 2; diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 4149379665c4..525b8622d1c3 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -137,7 +137,7 @@ struct tpm2_auth { * we must compute and remember */ u32 name_h[AUTH_MAX_NAMES]; - u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; + u8 name[AUTH_MAX_NAMES][TPM2_MAX_NAME_SIZE]; }; #ifdef CONFIG_TCG_TPM2_HMAC diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 202da079d500..e10f2096eae7 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -27,9 +27,33 @@ #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ +/* + * SHA-512 is, as of today, the largest digest in the TCG algorithm repository. + */ #define TPM2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE + +/* + * A TPM name digest i.e., TPMT_HA, is a concatenation of TPM_ALG_ID of the + * name algorithm and hash of TPMT_PUBLIC. + */ +#define TPM2_MAX_NAME_SIZE (TPM2_MAX_DIGEST_SIZE + 2) + +/* + * The maximum number of PCR banks. + */ #define TPM2_MAX_PCR_BANKS 8 +/* + * fixed define for the size of a name. This is actually HASHALG size + * plus 2, so 32 for SHA256 + */ +#define TPM2_NULL_NAME_SIZE 34 + +/* + * The maximum size for an object context + */ +#define TPM2_MAX_CONTEXT_SIZE 4096 + struct tpm_chip; struct trusted_key_payload; struct trusted_key_options; @@ -139,17 +163,6 @@ struct tpm_chip_seqops { /* fixed define for the curve we use which is NIST_P256 */ #define EC_PT_SZ 32 -/* - * fixed define for the size of a name. This is actually HASHALG size - * plus 2, so 32 for SHA256 - */ -#define TPM2_NAME_SIZE 34 - -/* - * The maximum size for an object context - */ -#define TPM2_MAX_CONTEXT_SIZE 4096 - struct tpm_chip { struct device dev; struct device devs; @@ -211,7 +224,7 @@ struct tpm_chip { /* saved context for NULL seed */ u8 null_key_context[TPM2_MAX_CONTEXT_SIZE]; /* name of NULL seed */ - u8 null_key_name[TPM2_NAME_SIZE]; + u8 null_key_name[TPM2_NULL_NAME_SIZE]; u8 null_ec_key_x[EC_PT_SZ]; u8 null_ec_key_y[EC_PT_SZ]; struct tpm2_auth *auth; -- 2.39.5
