tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-asym-keyctl head: d52436c871ba75df0b9934fac93c12410ff26e3f commit: d52436c871ba75df0b9934fac93c12410ff26e3f [21/21] [RFCv3 13/13] KEYS: asym_tpm: Add support for the sign operation
New smatch warnings: crypto/asymmetric_keys/asym_tpm.c:657 get_digest() warn: passing freed memory 'digest' crypto/asymmetric_keys/asym_tpm.c:728 tpm_key_sign() warn: unsigned 'tpm_flushspecific(tb, keyhandle)' is never less than zero. Old smatch warnings: crypto/asymmetric_keys/asym_tpm.c:559 tpm_key_decrypt() warn: unsigned 'tpm_flushspecific(tb, keyhandle)' is never less than zero. # https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?id=d52436c871ba75df0b9934fac93c12410ff26e3f git remote add dhowells-fs https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git git remote update dhowells-fs git checkout d52436c871ba75df0b9934fac93c12410ff26e3f vim +/digest +657 crypto/asymmetric_keys/asym_tpm.c d52436c8 Denis Kenzior 2018-08-02 604 d52436c8 Denis Kenzior 2018-08-02 605 static uint8_t *get_digest(const void *in, size_t in_len, d52436c8 Denis Kenzior 2018-08-02 606 const char *hash_algo, uint32_t *out_digest_len) d52436c8 Denis Kenzior 2018-08-02 607 { d52436c8 Denis Kenzior 2018-08-02 608 struct crypto_ahash *tfm; d52436c8 Denis Kenzior 2018-08-02 609 struct ahash_request *req; d52436c8 Denis Kenzior 2018-08-02 610 struct scatterlist in_sg; d52436c8 Denis Kenzior 2018-08-02 611 struct crypto_wait cwait; d52436c8 Denis Kenzior 2018-08-02 612 const struct asn1_template *asn1; d52436c8 Denis Kenzior 2018-08-02 613 void *digest; d52436c8 Denis Kenzior 2018-08-02 614 uint32_t digest_len; d52436c8 Denis Kenzior 2018-08-02 615 int r; d52436c8 Denis Kenzior 2018-08-02 616 d52436c8 Denis Kenzior 2018-08-02 617 pr_devel("==>%s()\n", __func__); d52436c8 Denis Kenzior 2018-08-02 618 d52436c8 Denis Kenzior 2018-08-02 619 asn1 = lookup_asn1(hash_algo); d52436c8 Denis Kenzior 2018-08-02 620 if (!asn1) d52436c8 Denis Kenzior 2018-08-02 621 return ERR_PTR(-ENOPKG); d52436c8 Denis Kenzior 2018-08-02 622 d52436c8 Denis Kenzior 2018-08-02 623 tfm = crypto_alloc_ahash(hash_algo, 0, 0); d52436c8 Denis Kenzior 2018-08-02 624 if (IS_ERR(tfm)) d52436c8 Denis Kenzior 2018-08-02 625 return ERR_CAST(tfm); d52436c8 Denis Kenzior 2018-08-02 626 d52436c8 Denis Kenzior 2018-08-02 627 digest_len = crypto_ahash_digestsize(tfm); d52436c8 Denis Kenzior 2018-08-02 628 pr_info("digest_len: %u\n", digest_len); d52436c8 Denis Kenzior 2018-08-02 629 d52436c8 Denis Kenzior 2018-08-02 630 r = -ENOMEM; d52436c8 Denis Kenzior 2018-08-02 631 req = ahash_request_alloc(tfm, GFP_KERNEL); d52436c8 Denis Kenzior 2018-08-02 632 if (!req) d52436c8 Denis Kenzior 2018-08-02 633 goto error_free_tfm; d52436c8 Denis Kenzior 2018-08-02 634 d52436c8 Denis Kenzior 2018-08-02 635 r = -ENOMEM; d52436c8 Denis Kenzior 2018-08-02 636 /* Also request enough space for the ASN.1 template */ d52436c8 Denis Kenzior 2018-08-02 637 digest_len += asn1->size; d52436c8 Denis Kenzior 2018-08-02 638 digest = kzalloc(digest_len, GFP_KERNEL); d52436c8 Denis Kenzior 2018-08-02 639 if (!digest) d52436c8 Denis Kenzior 2018-08-02 640 goto error_free_req; d52436c8 Denis Kenzior 2018-08-02 641 d52436c8 Denis Kenzior 2018-08-02 642 sg_init_one(&in_sg, in, in_len); d52436c8 Denis Kenzior 2018-08-02 643 ahash_request_set_crypt(req, &in_sg, digest + asn1->size, in_len); d52436c8 Denis Kenzior 2018-08-02 644 crypto_init_wait(&cwait); d52436c8 Denis Kenzior 2018-08-02 645 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | d52436c8 Denis Kenzior 2018-08-02 646 CRYPTO_TFM_REQ_MAY_SLEEP, d52436c8 Denis Kenzior 2018-08-02 647 crypto_req_done, &cwait); d52436c8 Denis Kenzior 2018-08-02 648 d52436c8 Denis Kenzior 2018-08-02 649 r = crypto_wait_req(crypto_ahash_digest(req), &cwait); d52436c8 Denis Kenzior 2018-08-02 650 d52436c8 Denis Kenzior 2018-08-02 651 if (r) d52436c8 Denis Kenzior 2018-08-02 652 kfree(digest); d52436c8 Denis Kenzior 2018-08-02 653 else if (out_digest_len) d52436c8 Denis Kenzior 2018-08-02 654 *out_digest_len = digest_len; d52436c8 Denis Kenzior 2018-08-02 655 d52436c8 Denis Kenzior 2018-08-02 656 /* Copy the ASN.1 template before the digest */ d52436c8 Denis Kenzior 2018-08-02 @657 memcpy(digest, asn1->data, asn1->size); d52436c8 Denis Kenzior 2018-08-02 658 d52436c8 Denis Kenzior 2018-08-02 659 error_free_req: d52436c8 Denis Kenzior 2018-08-02 660 ahash_request_free(req); d52436c8 Denis Kenzior 2018-08-02 661 error_free_tfm: d52436c8 Denis Kenzior 2018-08-02 662 crypto_free_ahash(tfm); d52436c8 Denis Kenzior 2018-08-02 663 d52436c8 Denis Kenzior 2018-08-02 664 if (r) d52436c8 Denis Kenzior 2018-08-02 665 return ERR_PTR(r); d52436c8 Denis Kenzior 2018-08-02 666 d52436c8 Denis Kenzior 2018-08-02 667 return digest; d52436c8 Denis Kenzior 2018-08-02 668 } d52436c8 Denis Kenzior 2018-08-02 669 d52436c8 Denis Kenzior 2018-08-02 670 /* d52436c8 Denis Kenzior 2018-08-02 671 * Sign operation is performed with the private key in the TPM. d52436c8 Denis Kenzior 2018-08-02 672 */ d52436c8 Denis Kenzior 2018-08-02 673 static int tpm_key_sign(struct tpm_key *tk, d52436c8 Denis Kenzior 2018-08-02 674 struct kernel_pkey_params *params, d52436c8 Denis Kenzior 2018-08-02 675 const void *in, void *out) d52436c8 Denis Kenzior 2018-08-02 676 { d52436c8 Denis Kenzior 2018-08-02 677 struct tpm_buf *tb; d52436c8 Denis Kenzior 2018-08-02 678 uint32_t keyhandle; d52436c8 Denis Kenzior 2018-08-02 679 uint8_t srkauth[SHA1_DIGEST_SIZE]; d52436c8 Denis Kenzior 2018-08-02 680 uint8_t keyauth[SHA1_DIGEST_SIZE]; d52436c8 Denis Kenzior 2018-08-02 681 void *digest = NULL; d52436c8 Denis Kenzior 2018-08-02 682 uint32_t digest_len; d52436c8 Denis Kenzior 2018-08-02 683 uint32_t in_len = params->in_len; d52436c8 Denis Kenzior 2018-08-02 684 int r; d52436c8 Denis Kenzior 2018-08-02 685 d52436c8 Denis Kenzior 2018-08-02 686 pr_devel("==>%s()\n", __func__); d52436c8 Denis Kenzior 2018-08-02 687 d52436c8 Denis Kenzior 2018-08-02 688 if (strcmp(params->encoding, "pkcs1")) d52436c8 Denis Kenzior 2018-08-02 689 return -ENOPKG; d52436c8 Denis Kenzior 2018-08-02 690 d52436c8 Denis Kenzior 2018-08-02 691 if (params->hash_algo) { d52436c8 Denis Kenzior 2018-08-02 692 digest = get_digest(in, in_len, params->hash_algo, &digest_len); d52436c8 Denis Kenzior 2018-08-02 693 if (IS_ERR(digest)) d52436c8 Denis Kenzior 2018-08-02 694 return PTR_ERR(digest); d52436c8 Denis Kenzior 2018-08-02 695 d52436c8 Denis Kenzior 2018-08-02 696 pr_info("computing digest succeeded\n"); d52436c8 Denis Kenzior 2018-08-02 697 in = digest; d52436c8 Denis Kenzior 2018-08-02 698 in_len = digest_len; d52436c8 Denis Kenzior 2018-08-02 699 } d52436c8 Denis Kenzior 2018-08-02 700 d52436c8 Denis Kenzior 2018-08-02 701 if (in_len > tk->key_len / 8 - 11) { d52436c8 Denis Kenzior 2018-08-02 702 r = -EOVERFLOW; d52436c8 Denis Kenzior 2018-08-02 703 goto error_free_digest; d52436c8 Denis Kenzior 2018-08-02 704 } d52436c8 Denis Kenzior 2018-08-02 705 d52436c8 Denis Kenzior 2018-08-02 706 r = -ENOMEM; d52436c8 Denis Kenzior 2018-08-02 707 tb = kzalloc(sizeof(*tb), GFP_KERNEL); d52436c8 Denis Kenzior 2018-08-02 708 if (!tb) d52436c8 Denis Kenzior 2018-08-02 709 goto error_free_digest; d52436c8 Denis Kenzior 2018-08-02 710 d52436c8 Denis Kenzior 2018-08-02 711 /* TODO: Handle a non-all zero SRK authorization */ d52436c8 Denis Kenzior 2018-08-02 712 memset(srkauth, 0, sizeof(srkauth)); d52436c8 Denis Kenzior 2018-08-02 713 d52436c8 Denis Kenzior 2018-08-02 714 r = tpm_loadkey2(tb, SRKHANDLE, srkauth, d52436c8 Denis Kenzior 2018-08-02 715 tk->blob, tk->blob_len, &keyhandle); d52436c8 Denis Kenzior 2018-08-02 716 if (r < 0) { d52436c8 Denis Kenzior 2018-08-02 717 pr_devel("loadkey2 failed (%d)\n", r); d52436c8 Denis Kenzior 2018-08-02 718 goto error_free_tb; d52436c8 Denis Kenzior 2018-08-02 719 } d52436c8 Denis Kenzior 2018-08-02 720 d52436c8 Denis Kenzior 2018-08-02 721 /* TODO: Handle a non-all zero key authorization */ d52436c8 Denis Kenzior 2018-08-02 722 memset(keyauth, 0, sizeof(keyauth)); d52436c8 Denis Kenzior 2018-08-02 723 d52436c8 Denis Kenzior 2018-08-02 724 r = tpm_sign(tb, keyhandle, keyauth, in, in_len, out, params->out_len); d52436c8 Denis Kenzior 2018-08-02 725 if (r < 0) d52436c8 Denis Kenzior 2018-08-02 726 pr_devel("tpm_sign failed (%d)\n", r); d52436c8 Denis Kenzior 2018-08-02 727 d52436c8 Denis Kenzior 2018-08-02 @728 if (tpm_flushspecific(tb, keyhandle) < 0) d52436c8 Denis Kenzior 2018-08-02 729 pr_devel("flushspecific failed (%d)\n", r); d52436c8 Denis Kenzior 2018-08-02 730 d52436c8 Denis Kenzior 2018-08-02 731 error_free_tb: d52436c8 Denis Kenzior 2018-08-02 732 kzfree(tb); d52436c8 Denis Kenzior 2018-08-02 733 error_free_digest: d52436c8 Denis Kenzior 2018-08-02 734 kfree(digest); d52436c8 Denis Kenzior 2018-08-02 735 pr_devel("<==%s() = %d\n", __func__, r); d52436c8 Denis Kenzior 2018-08-02 736 return r; d52436c8 Denis Kenzior 2018-08-02 737 } d52436c8 Denis Kenzior 2018-08-02 738 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation _______________________________________________ kbuild mailing list kbuild@lists.01.org https://lists.01.org/mailman/listinfo/kbuild