Patched in Tegra support.

author: Jonathan Herman <hermanjl@cs.unc.edu> 2013-01-17 16:15:55 -0500
committer: Jonathan Herman <hermanjl@cs.unc.edu> 2013-01-17 16:15:55 -0500
commit: 8dea78da5cee153b8af9c07a2745f6c55057fe12 (patch)
tree: a8f4d49d63b1ecc92f2fddceba0655b2472c5bd9 /security/keys/trusted.c
parent: 406089d01562f1e2bf9f089fd7637009ebaad589 (diff)
1 files changed, 56 insertions, 39 deletions
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index e13fcf7636f..0c33e2ea1f3 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -369,6 +369,38 @@ static int trusted_tpm_send(const u32 chip_num, unsigned char *cmd,
 }
 /*
+ * get a random value from TPM
+ */
+static int tpm_get_random(struct tpm_buf *tb, unsigned char *buf, uint32_t len)
+{
+        int ret;
+        INIT_BUF(tb);
+        store16(tb, TPM_TAG_RQU_COMMAND);
+        store32(tb, TPM_GETRANDOM_SIZE);
+        store32(tb, TPM_ORD_GETRANDOM);
+        store32(tb, len);
+        ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, sizeof tb->data);
+        if (!ret)
+                memcpy(buf, tb->data + TPM_GETRANDOM_SIZE, len);
+        return ret;
+}
+static int my_get_random(unsigned char *buf, int len)
+{
+        struct tpm_buf *tb;
+        int ret;
+        tb = kmalloc(sizeof *tb, GFP_KERNEL);
+        if (!tb)
+                return -ENOMEM;
+        ret = tpm_get_random(tb, buf, len);
+        kfree(tb);
+        return ret;
+}
+/*
 * Lock a trusted key, by extending a selected PCR.
 *
 * Prevents a trusted key that is sealed to PCRs from being accessed.
@@ -381,8 +413,8 @@ static int pcrlock(const int pcrnum)
        if (!capable(CAP_SYS_ADMIN))
                return -EPERM;
-        ret = tpm_get_random(TPM_ANY_NUM, hash, SHA1_DIGEST_SIZE);
+        ret = my_get_random(hash, SHA1_DIGEST_SIZE);
-        if (ret != SHA1_DIGEST_SIZE)
+        if (ret < 0)
                return ret;
        return tpm_pcr_extend(TPM_ANY_NUM, pcrnum, hash) ? -EINVAL : 0;
 }
@@ -397,8 +429,8 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
        unsigned char ononce[TPM_NONCE_SIZE];
        int ret;
-        ret = tpm_get_random(TPM_ANY_NUM, ononce, TPM_NONCE_SIZE);
+        ret = tpm_get_random(tb, ononce, TPM_NONCE_SIZE);
-        if (ret != TPM_NONCE_SIZE)
+        if (ret < 0)
                return ret;
        INIT_BUF(tb);
@@ -492,8 +524,8 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
        if (ret < 0)
                goto out;
-        ret = tpm_get_random(TPM_ANY_NUM, td->nonceodd, TPM_NONCE_SIZE);
+        ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE);
-        if (ret != TPM_NONCE_SIZE)
+        if (ret < 0)
                goto out;
        ordinal = htonl(TPM_ORD_SEAL);
        datsize = htonl(datalen);
@@ -602,8 +634,8 @@ static int tpm_unseal(struct tpm_buf *tb,
        ordinal = htonl(TPM_ORD_UNSEAL);
        keyhndl = htonl(SRKHANDLE);
-        ret = tpm_get_random(TPM_ANY_NUM, nonceodd, TPM_NONCE_SIZE);
+        ret = tpm_get_random(tb, nonceodd, TPM_NONCE_SIZE);
-        if (ret != TPM_NONCE_SIZE) {
+        if (ret < 0) {
                pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
                return ret;
        }
@@ -747,10 +779,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
                        opt->pcrinfo_len = strlen(args[0].from) / 2;
                        if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
                                return -EINVAL;
-                        res = hex2bin(opt->pcrinfo, args[0].from,
+                        hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len);
-                                      opt->pcrinfo_len);
-                        if (res < 0)
-                                return -EINVAL;
                        break;
                case Opt_keyhandle:
                        res = strict_strtoul(args[0].from, 16, &handle);
@@ -762,18 +791,12 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
                case Opt_keyauth:
                        if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
                                return -EINVAL;
-                        res = hex2bin(opt->keyauth, args[0].from,
+                        hex2bin(opt->keyauth, args[0].from, SHA1_DIGEST_SIZE);
-                                      SHA1_DIGEST_SIZE);
-                        if (res < 0)
-                                return -EINVAL;
                        break;
                case Opt_blobauth:
                        if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
                                return -EINVAL;
-                        res = hex2bin(opt->blobauth, args[0].from,
+                        hex2bin(opt->blobauth, args[0].from, SHA1_DIGEST_SIZE);
-                                      SHA1_DIGEST_SIZE);
-                        if (res < 0)
-                                return -EINVAL;
                        break;
                case Opt_migratable:
                        if (*args[0].from == '0')
@@ -837,9 +860,7 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p,
                p->blob_len = strlen(c) / 2;
                if (p->blob_len > MAX_BLOB_SIZE)
                        return -EINVAL;
-                ret = hex2bin(p->blob, c, p->blob_len);
+                hex2bin(p->blob, c, p->blob_len);
-                if (ret < 0)
-                        return -EINVAL;
                ret = getoptions(datablob, p, o);
                if (ret < 0)
                        return ret;
@@ -895,24 +916,22 @@ static struct trusted_key_payload *trusted_payload_alloc(struct key *key)
 *
 * On success, return 0. Otherwise return errno.
 */
-static int trusted_instantiate(struct key *key,
+static int trusted_instantiate(struct key *key, const void *data,
-                               struct key_preparsed_payload *prep)
+                               size_t datalen)
 {
        struct trusted_key_payload *payload = NULL;
        struct trusted_key_options *options = NULL;
-        size_t datalen = prep->datalen;
        char *datablob;
        int ret = 0;
        int key_cmd;
-        size_t key_len;
-        if (datalen <= 0 || datalen > 32767 || !prep->data)
+        if (datalen <= 0 || datalen > 32767 || !data)
                return -EINVAL;
        datablob = kmalloc(datalen + 1, GFP_KERNEL);
        if (!datablob)
                return -ENOMEM;
-        memcpy(datablob, prep->data, datalen);
+        memcpy(datablob, data, datalen);
        datablob[datalen] = '\0';
        options = trusted_options_alloc();
@@ -944,9 +963,8 @@ static int trusted_instantiate(struct key *key,
                        pr_info("trusted_key: key_unseal failed (%d)\n", ret);
                break;
        case Opt_new:
-                key_len = payload->key_len;
+                ret = my_get_random(payload->key, payload->key_len);
-                ret = tpm_get_random(TPM_ANY_NUM, payload->key, key_len);
+                if (ret < 0) {
-                if (ret != key_len) {
                        pr_info("trusted_key: key_create failed (%d)\n", ret);
                        goto out;
                }
@@ -964,7 +982,7 @@ out:
        kfree(datablob);
        kfree(options);
        if (!ret)
-                rcu_assign_keypointer(key, payload);
+                rcu_assign_pointer(key->payload.data, payload);
        else
                kfree(payload);
        return ret;
@@ -982,18 +1000,17 @@ static void trusted_rcu_free(struct rcu_head *rcu)
 /*
 * trusted_update - reseal an existing key with new PCR values
 */
-static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
+static int trusted_update(struct key *key, const void *data, size_t datalen)
 {
        struct trusted_key_payload *p = key->payload.data;
        struct trusted_key_payload *new_p;
        struct trusted_key_options *new_o;
-        size_t datalen = prep->datalen;
        char *datablob;
        int ret = 0;
        if (!p->migratable)
                return -EPERM;
-        if (datalen <= 0 || datalen > 32767 || !prep->data)
+        if (datalen <= 0 || datalen > 32767 || !data)
                return -EINVAL;
        datablob = kmalloc(datalen + 1, GFP_KERNEL);
@@ -1010,7 +1027,7 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
                goto out;
        }
-        memcpy(datablob, prep->data, datalen);
+        memcpy(datablob, data, datalen);
        datablob[datalen] = '\0';
        ret = datablob_parse(datablob, new_p, new_o);
        if (ret != Opt_update) {
@@ -1039,7 +1056,7 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
                        goto out;
                }
        }
-        rcu_assign_keypointer(key, new_p);
+        rcu_assign_pointer(key->payload.data, new_p);
        call_rcu(&p->rcu, trusted_rcu_free);
 out:
        kfree(datablob);
@@ -1070,7 +1087,7 @@ static long trusted_read(const struct key *key, char __user *buffer,
        bufp = ascii_buf;
        for (i = 0; i < p->blob_len; i++)
-                bufp = hex_byte_pack(bufp, p->blob[i]);
+                bufp = pack_hex_byte(bufp, p->blob[i]);
        if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) {
                kfree(ascii_buf);
                return -EFAULT;
author	Jonathan Herman <hermanjl@cs.unc.edu>	2013-01-17 16:15:55 -0500
committer	Jonathan Herman <hermanjl@cs.unc.edu>	2013-01-17 16:15:55 -0500
commit	8dea78da5cee153b8af9c07a2745f6c55057fe12 (patch)
tree	a8f4d49d63b1ecc92f2fddceba0655b2472c5bd9 /security/keys/trusted.c
parent	406089d01562f1e2bf9f089fd7637009ebaad589 (diff)