From patchwork Mon Feb 15 01:41:04 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 582666
Return-Path: <tpmdd-devel-bounces@lists.sourceforge.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 162D3140325
	for <incoming@patchwork.ozlabs.org>;
	Mon, 15 Feb 2016 12:41:58 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <tpmdd-devel-bounces@lists.sourceforge.net>)
	id 1aV8Ah-0004ej-0t; Mon, 15 Feb 2016 01:41:51 +0000
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <jarkko.sakkinen@linux.intel.com>) id 1aV8Af-0004eV-US
	for tpmdd-devel@lists.sourceforge.net; Mon, 15 Feb 2016 01:41:49 +0000
X-ACL-Warn: 
Received: from mga03.intel.com ([134.134.136.65])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1aV8Af-0007g6-4P
	for tpmdd-devel@lists.sourceforge.net; Mon, 15 Feb 2016 01:41:49 +0000
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
	by orsmga103.jf.intel.com with ESMTP; 14 Feb 2016 17:41:22 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.22,448,1449561600"; d="scan'208";a="652145983"
Received: from mmoreau-mobl.ger.corp.intel.com (HELO localhost)
	([10.252.15.20])
	by FMSMGA003.fm.intel.com with ESMTP; 14 Feb 2016 17:41:20 -0800
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Peter Huewe <peterhuewe@gmx.de>, Marcel Selhorst <tpmdd@selhorst.net>,
	David Howells <dhowells@redhat.com>
Date: Mon, 15 Feb 2016 03:41:04 +0200
Message-Id: 
 <1455500466-11266-2-git-send-email-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.7.0
In-Reply-To: 
 <1455500466-11266-1-git-send-email-jarkko.sakkinen@linux.intel.com>
References: 
 <1455500466-11266-1-git-send-email-jarkko.sakkinen@linux.intel.com>
X-Spam-Score: -0.1 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
	-0.1 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1aV8Af-0007g6-4P
Cc: "moderated list:TPM DEVICE DRIVER" <tpmdd-devel@lists.sourceforge.net>,
	jmorris@namei.org, open list <linux-kernel@vger.kernel.org>
Subject: [tpmdd-devel] [PATCH 1/3] tpm: fix: keep auth session intact after
	unseal operation
X-BeenThere: tpmdd-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Tpm Device Driver maintainance <tpmdd-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/tpmdd-devel>,
	<mailto:tpmdd-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=tpmdd-devel>
List-Post: <mailto:tpmdd-devel@lists.sourceforge.net>
List-Help: <mailto:tpmdd-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/tpmdd-devel>,
	<mailto:tpmdd-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: tpmdd-devel-bounces@lists.sourceforge.net

The behavior of policy based unseal operation is not consistent:

* When there is an error in TPM2_Unseal operation, the session object
  stays in the TPM transient memory.
* When the unseal is successful, the TPM automatically removes the
  session object.

This patch sets the continueSession attribute to keep the session intact
after a successful unseal operation thus making the behavior consistent.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Fixes: 5beb0c435b ("keys, trusted: seal with a TPM2 authorization policy")
---
 drivers/char/tpm/tpm2-cmd.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 66e04b4..b28e4da 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -20,7 +20,11 @@
 #include <keys/trusted-type.h>
 
 enum tpm2_object_attributes {
-	TPM2_ATTR_USER_WITH_AUTH	= BIT(6),
+	TPM2_OA_USER_WITH_AUTH		= BIT(6),
+};
+
+enum tpm2_session_attributes {
+	TPM2_SA_CONTINUE_SESSION	= BIT(0),
 };
 
 struct tpm2_startup_in {
@@ -489,7 +493,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 		tpm_buf_append(&buf, options->policydigest,
 			       options->policydigest_len);
 	} else {
-		tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
+		tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
 		tpm_buf_append_u16(&buf, 0);
 	}
 
@@ -627,7 +631,7 @@ static int tpm2_unseal(struct tpm_chip *chip,
 			     options->policyhandle ?
 			     options->policyhandle : TPM2_RS_PW,
 			     NULL /* nonce */, 0,
-			     0 /* session_attributes */,
+			     TPM2_SA_CONTINUE_SESSION,
 			     options->blobauth /* hmac */,
 			     TPM_DIGEST_SIZE);