Re: [PATCH v6 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend()

From: Roberto Sassu
Date: Thu Dec 13 2018 - 02:57:34 EST


On 12/12/2018 7:27 PM, Jarkko Sakkinen wrote:
On Thu, Dec 06, 2018 at 07:38:30PM +0100, Roberto Sassu wrote:
On 12/5/2018 1:14 AM, Jarkko Sakkinen wrote:
On Tue, Dec 04, 2018 at 09:21:38AM +0100, Roberto Sassu wrote:
The new tpm_bank_list structure has been preferred to the tpm_digest
structure, to let the caller specify the size of the digest (which may be
unknown to the TPM driver).

Why is that? Didn't previous commit query these?

Since the TPM driver pads/truncates the first digest passed by the
caller to extend PCRs for which no digest was provided, it must know
which amount of data it can use. It is possible that the algorithm of
the first digest is unknown for the TPM driver, if the caller of
tpm_pcr_extend() didn't check chip->allocated_banks.

By requiring that the caller passes also the digest size, this problem
does not arise. It seems reasonable to me to pass this information, as
the caller calculated the digest and it should know the digest size.

OK. I noticed something other things that look to alarming:

1. The function does not fail if alg_id is not found. This will go
silent.

It is intentional. If alg_id is not found, the PCR is extended with the
first digest passed by the caller of tpm_pcr_extend(). If no digest was
provided, the PCR is extended with 0s. This is done to prevent that
PCRs in unused banks are extended later with fake measurements.


2. The function does not fail if there is a mismatch with the digest
sizes.

The data passed by the caller of tpm_pcr_extend() is copied to
dummy_hash, which has the maximum length. Then, tpm2_pcr_extend() takes
from dummy_hash as many bytes as needed, depending on the current
algorithm.

Roberto


/Jarkko


--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI