You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
3.5 KiB
82 lines
3.5 KiB
10 months ago
|
From 039b8bc3887c7b052aa24453ac1212a6072459d2 Mon Sep 17 00:00:00 2001
|
||
|
From: Dan Streetman <ddstreet@ieee.org>
|
||
|
Date: Mon, 19 Dec 2022 09:58:05 -0500
|
||
|
Subject: [PATCH] tpm2: simplify tpm2_seal() blob creation
|
||
|
|
||
|
TPM2 marshalling will never increase the total size, only possibly decrease.
|
||
|
There is no need for checking for insufficient size if the buffer size
|
||
|
is set to the sizeof both objects to be marshalled.
|
||
|
|
||
|
(cherry picked from commit e8858f1104d87179abd8d9c413292e42f1eaf7c0)
|
||
|
|
||
|
Related: RHEL-16182
|
||
|
---
|
||
|
src/shared/tpm2-util.c | 40 ++++++++++++++--------------------------
|
||
|
1 file changed, 14 insertions(+), 26 deletions(-)
|
||
|
|
||
|
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
|
||
|
index a01c6537b5..6620f365d9 100644
|
||
|
--- a/src/shared/tpm2-util.c
|
||
|
+++ b/src/shared/tpm2-util.c
|
||
|
@@ -1418,12 +1418,11 @@ int tpm2_seal(const char *device,
|
||
|
_cleanup_(Esys_Freep) TPM2B_PUBLIC *public = NULL;
|
||
|
static const TPML_PCR_SELECTION creation_pcr = {};
|
||
|
_cleanup_(erase_and_freep) void *secret = NULL;
|
||
|
- _cleanup_free_ void *blob = NULL, *hash = NULL;
|
||
|
+ _cleanup_free_ void *hash = NULL;
|
||
|
TPM2B_SENSITIVE_CREATE hmac_sensitive;
|
||
|
TPMI_ALG_PUBLIC primary_alg;
|
||
|
TPM2B_PUBLIC hmac_template;
|
||
|
TPMI_ALG_HASH pcr_bank;
|
||
|
- size_t k, blob_size;
|
||
|
usec_t start;
|
||
|
TSS2_RC rc;
|
||
|
int r;
|
||
|
@@ -1553,33 +1552,22 @@ int tpm2_seal(const char *device,
|
||
|
|
||
|
log_debug("Marshalling private and public part of HMAC key.");
|
||
|
|
||
|
- k = ALIGN8(sizeof(*private)) + ALIGN8(sizeof(*public)); /* Some roughly sensible start value */
|
||
|
- for (;;) {
|
||
|
- _cleanup_free_ void *buf = NULL;
|
||
|
- size_t offset = 0;
|
||
|
-
|
||
|
- buf = malloc(k);
|
||
|
- if (!buf)
|
||
|
- return log_oom();
|
||
|
+ _cleanup_free_ void *blob = NULL;
|
||
|
+ size_t max_size = sizeof(*private) + sizeof(*public), blob_size = 0;
|
||
|
|
||
|
- rc = sym_Tss2_MU_TPM2B_PRIVATE_Marshal(private, buf, k, &offset);
|
||
|
- if (rc == TSS2_RC_SUCCESS) {
|
||
|
- rc = sym_Tss2_MU_TPM2B_PUBLIC_Marshal(public, buf, k, &offset);
|
||
|
- if (rc == TSS2_RC_SUCCESS) {
|
||
|
- blob = TAKE_PTR(buf);
|
||
|
- blob_size = offset;
|
||
|
- break;
|
||
|
- }
|
||
|
- }
|
||
|
- if (rc != TSS2_MU_RC_INSUFFICIENT_BUFFER)
|
||
|
- return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||
|
- "Failed to marshal private/public key: %s", sym_Tss2_RC_Decode(rc));
|
||
|
+ blob = malloc0(max_size);
|
||
|
+ if (!blob)
|
||
|
+ return log_oom();
|
||
|
|
||
|
- if (k > SIZE_MAX / 2)
|
||
|
- return log_oom();
|
||
|
+ rc = sym_Tss2_MU_TPM2B_PRIVATE_Marshal(private, blob, max_size, &blob_size);
|
||
|
+ if (rc != TSS2_RC_SUCCESS)
|
||
|
+ return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||
|
+ "Failed to marshal private key: %s", sym_Tss2_RC_Decode(rc));
|
||
|
|
||
|
- k *= 2;
|
||
|
- }
|
||
|
+ rc = sym_Tss2_MU_TPM2B_PUBLIC_Marshal(public, blob, max_size, &blob_size);
|
||
|
+ if (rc != TSS2_RC_SUCCESS)
|
||
|
+ return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||
|
+ "Failed to marshal public key: %s", sym_Tss2_RC_Decode(rc));
|
||
|
|
||
|
hash = memdup(policy_digest->buffer, policy_digest->size);
|
||
|
if (!hash)
|