Commit db50ebc6 authored by Jarkko Sakkinen's avatar Jarkko Sakkinen Committed by Tim Gardner

tpm: fix checks for policy digest existence in tpm2_seal_trusted()

BugLink: http://bugs.launchpad.net/bugs/1398274

In my original patch sealing with policy was done with dynamically
allocated buffer that I changed later into an array so the checks in
tpm2-cmd.c became invalid. This patch fixes the issue.

Fixes: 5beb0c43 ("keys, trusted: seal with a TPM2 authorization policy")
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: default avatarPeter Huewe <peterhuewe@gmx.de>
(cherry picked from commit f3c82ade)
Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
parent fa058273
...@@ -478,20 +478,16 @@ int tpm2_seal_trusted(struct tpm_chip *chip, ...@@ -478,20 +478,16 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
tpm_buf_append_u8(&buf, payload->migratable); tpm_buf_append_u8(&buf, payload->migratable);
/* public */ /* public */
if (options->policydigest) tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
tpm_buf_append_u16(&buf, 14 + options->digest_len);
else
tpm_buf_append_u16(&buf, 14);
tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
tpm_buf_append_u16(&buf, hash); tpm_buf_append_u16(&buf, hash);
/* policy */ /* policy */
if (options->policydigest) { if (options->policydigest_len) {
tpm_buf_append_u32(&buf, 0); tpm_buf_append_u32(&buf, 0);
tpm_buf_append_u16(&buf, options->digest_len); tpm_buf_append_u16(&buf, options->policydigest_len);
tpm_buf_append(&buf, options->policydigest, tpm_buf_append(&buf, options->policydigest,
options->digest_len); options->policydigest_len);
} else { } else {
tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
tpm_buf_append_u16(&buf, 0); tpm_buf_append_u16(&buf, 0);
......
...@@ -38,7 +38,7 @@ struct trusted_key_options { ...@@ -38,7 +38,7 @@ struct trusted_key_options {
unsigned char pcrinfo[MAX_PCRINFO_SIZE]; unsigned char pcrinfo[MAX_PCRINFO_SIZE];
int pcrlock; int pcrlock;
uint32_t hash; uint32_t hash;
uint32_t digest_len; uint32_t policydigest_len;
unsigned char policydigest[MAX_DIGEST_SIZE]; unsigned char policydigest[MAX_DIGEST_SIZE];
uint32_t policyhandle; uint32_t policyhandle;
}; };
......
...@@ -744,6 +744,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay, ...@@ -744,6 +744,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
unsigned long handle; unsigned long handle;
unsigned long lock; unsigned long lock;
unsigned long token_mask = 0; unsigned long token_mask = 0;
unsigned int digest_len;
int i; int i;
int tpm2; int tpm2;
...@@ -752,7 +753,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay, ...@@ -752,7 +753,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
return tpm2; return tpm2;
opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1; opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1;
opt->digest_len = hash_digest_size[opt->hash];
while ((p = strsep(&c, " \t"))) { while ((p = strsep(&c, " \t"))) {
if (*p == '\0' || *p == ' ' || *p == '\t') if (*p == '\0' || *p == ' ' || *p == '\t')
...@@ -812,8 +812,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay, ...@@ -812,8 +812,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
for (i = 0; i < HASH_ALGO__LAST; i++) { for (i = 0; i < HASH_ALGO__LAST; i++) {
if (!strcmp(args[0].from, hash_algo_name[i])) { if (!strcmp(args[0].from, hash_algo_name[i])) {
opt->hash = i; opt->hash = i;
opt->digest_len =
hash_digest_size[opt->hash];
break; break;
} }
} }
...@@ -825,13 +823,14 @@ static int getoptions(char *c, struct trusted_key_payload *pay, ...@@ -825,13 +823,14 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
} }
break; break;
case Opt_policydigest: case Opt_policydigest:
if (!tpm2 || digest_len = hash_digest_size[opt->hash];
strlen(args[0].from) != (2 * opt->digest_len)) if (!tpm2 || strlen(args[0].from) != (2 * digest_len))
return -EINVAL; return -EINVAL;
res = hex2bin(opt->policydigest, args[0].from, res = hex2bin(opt->policydigest, args[0].from,
opt->digest_len); digest_len);
if (res < 0) if (res < 0)
return -EINVAL; return -EINVAL;
opt->policydigest_len = digest_len;
break; break;
case Opt_policyhandle: case Opt_policyhandle:
if (!tpm2) if (!tpm2)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment