tpm: fix missing migratable flag in sealing functionality for TPM2
The 'migratable' flag was not added to the key payload. This patch
fixes the problem.
Fixes: 0fe5480303
("keys, trusted: seal/unseal with TPM 2.0 chips")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <PeterHuewe@gmx.de>
This commit is contained in:
parent
b1a4144a69
commit
2e31125c24
@ -443,12 +443,13 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
|
||||
TPM_DIGEST_SIZE);
|
||||
|
||||
/* sensitive */
|
||||
tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len);
|
||||
tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
|
||||
|
||||
tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
|
||||
tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
|
||||
tpm_buf_append_u16(&buf, payload->key_len);
|
||||
tpm_buf_append_u16(&buf, payload->key_len + 1);
|
||||
tpm_buf_append(&buf, payload->key, payload->key_len);
|
||||
tpm_buf_append_u8(&buf, payload->migratable);
|
||||
|
||||
/* public */
|
||||
tpm_buf_append_u16(&buf, 14);
|
||||
@ -573,6 +574,8 @@ static int tpm2_unseal(struct tpm_chip *chip,
|
||||
u32 blob_handle)
|
||||
{
|
||||
struct tpm_buf buf;
|
||||
u16 data_len;
|
||||
u8 *data;
|
||||
int rc;
|
||||
|
||||
rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
|
||||
@ -591,11 +594,13 @@ static int tpm2_unseal(struct tpm_chip *chip,
|
||||
rc = -EPERM;
|
||||
|
||||
if (!rc) {
|
||||
payload->key_len = be16_to_cpup(
|
||||
data_len = be16_to_cpup(
|
||||
(__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
|
||||
data = &buf.data[TPM_HEADER_SIZE + 6];
|
||||
|
||||
memcpy(payload->key, &buf.data[TPM_HEADER_SIZE + 6],
|
||||
payload->key_len);
|
||||
memcpy(payload->key, data, data_len - 1);
|
||||
payload->key_len = data_len - 1;
|
||||
payload->migratable = data[data_len - 1];
|
||||
}
|
||||
|
||||
tpm_buf_destroy(&buf);
|
||||
|
Loading…
Reference in New Issue
Block a user