projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Smack: UDS revision
[deliverable/linux.git] / security / keys / trusted_defined.c
CommitLineData
d00a1c72
MZ		 1/*
2 * Copyright (C) 2010 IBM Corporation
3 *
4 * Author:
5 * David Safford <safford@us.ibm.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
10 *
11 * See Documentation/keys-trusted-encrypted.txt
12 */
13
14#include <linux/uaccess.h>
15#include <linux/module.h>
16#include <linux/init.h>
17#include <linux/slab.h>
18#include <linux/parser.h>
19#include <linux/string.h>
20#include <keys/user-type.h>
21#include <keys/trusted-type.h>
22#include <linux/key-type.h>
23#include <linux/rcupdate.h>
24#include <linux/crypto.h>
25#include <crypto/hash.h>
26#include <crypto/sha.h>
27#include <linux/capability.h>
28#include <linux/tpm.h>
29#include <linux/tpm_command.h>
30
31#include "trusted_defined.h"
32
33static const char hmac_alg[] = "hmac(sha1)";
34static const char hash_alg[] = "sha1";
35
36struct sdesc {
37 struct shash_desc shash;
38 char ctx[];
39};
40
41static struct crypto_shash *hashalg;
42static struct crypto_shash *hmacalg;
43
44static struct sdesc *init_sdesc(struct crypto_shash *alg)
45{
46 struct sdesc *sdesc;
47 int size;
48
49 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
50 sdesc = kmalloc(size, GFP_KERNEL);
51 if (!sdesc)
52 return ERR_PTR(-ENOMEM);
53 sdesc->shash.tfm = alg;
54 sdesc->shash.flags = 0x0;
55 return sdesc;
56}
57
58static int TSS_sha1(const unsigned char *data, const unsigned int datalen,
59 unsigned char *digest)
60{
61 struct sdesc *sdesc;
62 int ret;
63
64 sdesc = init_sdesc(hashalg);
65 if (IS_ERR(sdesc)) {
66 pr_info("trusted_key: can't alloc %s\n", hash_alg);
67 return PTR_ERR(sdesc);
68 }
69
70 ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
71 kfree(sdesc);
72 return ret;
73}
74
75static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
76 const unsigned int keylen, ...)
77{
78 struct sdesc *sdesc;
79 va_list argp;
80 unsigned int dlen;
81 unsigned char *data;
82 int ret;
83
84 sdesc = init_sdesc(hmacalg);
85 if (IS_ERR(sdesc)) {
86 pr_info("trusted_key: can't alloc %s\n", hmac_alg);
87 return PTR_ERR(sdesc);
88 }
89
90 ret = crypto_shash_setkey(hmacalg, key, keylen);
91 if (ret < 0)
92 goto out;
93 ret = crypto_shash_init(&sdesc->shash);
94 if (ret < 0)
95 goto out;
96
97 va_start(argp, keylen);
98 for (;;) {
99 dlen = va_arg(argp, unsigned int);
100 if (dlen == 0)
101 break;
102 data = va_arg(argp, unsigned char *);
103 if (data == NULL)
104 return -EINVAL;
105 ret = crypto_shash_update(&sdesc->shash, data, dlen);
106 if (ret < 0)
107 goto out;
108 }
109 va_end(argp);
110 ret = crypto_shash_final(&sdesc->shash, digest);
111out:
112 kfree(sdesc);
113 return ret;
114}
115
116/*
117 * calculate authorization info fields to send to TPM
118 */
119static uint32_t TSS_authhmac(unsigned char *digest, const unsigned char *key,
120 const unsigned int keylen, unsigned char *h1,
121 unsigned char *h2, unsigned char h3, ...)
122{
123 unsigned char paramdigest[SHA1_DIGEST_SIZE];
124 struct sdesc *sdesc;
125 unsigned int dlen;
126 unsigned char *data;
127 unsigned char c;
128 int ret;
129 va_list argp;
130
131 sdesc = init_sdesc(hashalg);
132 if (IS_ERR(sdesc)) {
133 pr_info("trusted_key: can't alloc %s\n", hash_alg);
134 return PTR_ERR(sdesc);
135 }
136
137 c = h3;
138 ret = crypto_shash_init(&sdesc->shash);
139 if (ret < 0)
140 goto out;
141 va_start(argp, h3);
142 for (;;) {
143 dlen = va_arg(argp, unsigned int);
144 if (dlen == 0)
145 break;
146 data = va_arg(argp, unsigned char *);
147 ret = crypto_shash_update(&sdesc->shash, data, dlen);
148 if (ret < 0)
149 goto out;
150 }
151 va_end(argp);
152 ret = crypto_shash_final(&sdesc->shash, paramdigest);
153 if (!ret)
154 TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
155 paramdigest, TPM_NONCE_SIZE, h1,
156 TPM_NONCE_SIZE, h2, 1, &c, 0, 0);
157out:
158 kfree(sdesc);
159 return ret;
160}
161
162/*
163 * verify the AUTH1_COMMAND (Seal) result from TPM
164 */
165static uint32_t TSS_checkhmac1(unsigned char *buffer,
166 const uint32_t command,
167 const unsigned char *ononce,
168 const unsigned char *key,
169 const unsigned int keylen, ...)
170{
171 uint32_t bufsize;
172 uint16_t tag;
173 uint32_t ordinal;
174 uint32_t result;
175 unsigned char *enonce;
176 unsigned char *continueflag;
177 unsigned char *authdata;
178 unsigned char testhmac[SHA1_DIGEST_SIZE];
179 unsigned char paramdigest[SHA1_DIGEST_SIZE];
180 struct sdesc *sdesc;
181 unsigned int dlen;
182 unsigned int dpos;
183 va_list argp;
184 int ret;
185
186 bufsize = LOAD32(buffer, TPM_SIZE_OFFSET);
187 tag = LOAD16(buffer, 0);
188 ordinal = command;
189 result = LOAD32N(buffer, TPM_RETURN_OFFSET);
190 if (tag == TPM_TAG_RSP_COMMAND)
191 return 0;
192 if (tag != TPM_TAG_RSP_AUTH1_COMMAND)
193 return -EINVAL;
194 authdata = buffer + bufsize - SHA1_DIGEST_SIZE;
195 continueflag = authdata - 1;
196 enonce = continueflag - TPM_NONCE_SIZE;
197
198 sdesc = init_sdesc(hashalg);
199 if (IS_ERR(sdesc)) {
200 pr_info("trusted_key: can't alloc %s\n", hash_alg);
201 return PTR_ERR(sdesc);
202 }
203 ret = crypto_shash_init(&sdesc->shash);
204 if (ret < 0)
205 goto out;
206 ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result,
207 sizeof result);
208 if (ret < 0)
209 goto out;
210 ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal,
211 sizeof ordinal);
212 if (ret < 0)
213 goto out;
214 va_start(argp, keylen);
215 for (;;) {
216 dlen = va_arg(argp, unsigned int);
217 if (dlen == 0)
218 break;
219 dpos = va_arg(argp, unsigned int);
220 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
221 if (ret < 0)
222 goto out;
223 }
224 va_end(argp);
225 ret = crypto_shash_final(&sdesc->shash, paramdigest);
226 if (ret < 0)
227 goto out;
228 ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest,
229 TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce,
230 1, continueflag, 0, 0);
231 if (ret < 0)
232 goto out;
233 if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
234 ret = -EINVAL;
235out:
236 kfree(sdesc);
237 return ret;
238}
239
240/*
241 * verify the AUTH2_COMMAND (unseal) result from TPM
242 */
243static uint32_t TSS_checkhmac2(unsigned char *buffer,
244 const uint32_t command,
245 const unsigned char *ononce,
246 const unsigned char *key1,
247 const unsigned int keylen1,
248 const unsigned char *key2,
249 const unsigned int keylen2, ...)
250{
251 uint32_t bufsize;
252 uint16_t tag;
253 uint32_t ordinal;
254 uint32_t result;
255 unsigned char *enonce1;
256 unsigned char *continueflag1;
257 unsigned char *authdata1;
258 unsigned char *enonce2;
259 unsigned char *continueflag2;
260 unsigned char *authdata2;
261 unsigned char testhmac1[SHA1_DIGEST_SIZE];
262 unsigned char testhmac2[SHA1_DIGEST_SIZE];
263 unsigned char paramdigest[SHA1_DIGEST_SIZE];
264 struct sdesc *sdesc;
265 unsigned int dlen;
266 unsigned int dpos;
267 va_list argp;
268 int ret;
269
270 bufsize = LOAD32(buffer, TPM_SIZE_OFFSET);
271 tag = LOAD16(buffer, 0);
272 ordinal = command;
273 result = LOAD32N(buffer, TPM_RETURN_OFFSET);
274
275 if (tag == TPM_TAG_RSP_COMMAND)
276 return 0;
277 if (tag != TPM_TAG_RSP_AUTH2_COMMAND)
278 return -EINVAL;
279 authdata1 = buffer + bufsize - (SHA1_DIGEST_SIZE + 1
280 + SHA1_DIGEST_SIZE + SHA1_DIGEST_SIZE);
281 authdata2 = buffer + bufsize - (SHA1_DIGEST_SIZE);
282 continueflag1 = authdata1 - 1;
283 continueflag2 = authdata2 - 1;
284 enonce1 = continueflag1 - TPM_NONCE_SIZE;
285 enonce2 = continueflag2 - TPM_NONCE_SIZE;
286
287 sdesc = init_sdesc(hashalg);
288 if (IS_ERR(sdesc)) {
289 pr_info("trusted_key: can't alloc %s\n", hash_alg);
290 return PTR_ERR(sdesc);
291 }
292 ret = crypto_shash_init(&sdesc->shash);
293 if (ret < 0)
294 goto out;
295 ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result,
296 sizeof result);
297 if (ret < 0)
298 goto out;
299 ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal,
300 sizeof ordinal);
301 if (ret < 0)
302 goto out;
303
304 va_start(argp, keylen2);
305 for (;;) {
306 dlen = va_arg(argp, unsigned int);
307 if (dlen == 0)
308 break;
309 dpos = va_arg(argp, unsigned int);
310 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
311 if (ret < 0)
312 goto out;
313 }
314 ret = crypto_shash_final(&sdesc->shash, paramdigest);
315 if (ret < 0)
316 goto out;
317
318 ret = TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE,
319 paramdigest, TPM_NONCE_SIZE, enonce1,
320 TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
321 if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
322 ret = -EINVAL;
323 goto out;
324 }
325 ret = TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE,
326 paramdigest, TPM_NONCE_SIZE, enonce2,
327 TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
328 if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
329 ret = -EINVAL;
330out:
331 kfree(sdesc);
332 return ret;
333}
334
335/*
336 * For key specific tpm requests, we will generate and send our
337 * own TPM command packets using the drivers send function.
338 */
339static int trusted_tpm_send(const u32 chip_num, unsigned char *cmd,
340 size_t buflen)
341{
342 int rc;
343
344 dump_tpm_buf(cmd);
345 rc = tpm_send(chip_num, cmd, buflen);
346 dump_tpm_buf(cmd);
347 if (rc > 0)
348 /* Can't return positive return codes values to keyctl */
349 rc = -EPERM;
350 return rc;
351}
352
353/*
354 * get a random value from TPM
355 */
356static int tpm_get_random(struct tpm_buf *tb, unsigned char *buf, uint32_t len)
357{
358 int ret;
359
360 INIT_BUF(tb);
361 store16(tb, TPM_TAG_RQU_COMMAND);
362 store32(tb, TPM_GETRANDOM_SIZE);
363 store32(tb, TPM_ORD_GETRANDOM);
364 store32(tb, len);
365 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, sizeof tb->data);
366 memcpy(buf, tb->data + TPM_GETRANDOM_SIZE, len);
367
368 return ret;
369}
370
371static int my_get_random(unsigned char *buf, int len)
372{
373 struct tpm_buf *tb;
374 int ret;
375
376 tb = kzalloc(sizeof *tb, GFP_KERNEL);
377 if (!tb)
378 return -ENOMEM;
379 ret = tpm_get_random(tb, buf, len);
380
381 kfree(tb);
382 return ret;
383}
384
385/*
386 * Lock a trusted key, by extending a selected PCR.
387 *
388 * Prevents a trusted key that is sealed to PCRs from being accessed.
389 * This uses the tpm driver's extend function.
390 */
391static int pcrlock(const int pcrnum)
392{
393 unsigned char hash[SHA1_DIGEST_SIZE];
394
395 if (!capable(CAP_SYS_ADMIN))
396 return -EPERM;
397 my_get_random(hash, SHA1_DIGEST_SIZE);
398 return tpm_pcr_extend(TPM_ANY_NUM, pcrnum, hash) ? -EINVAL : 0;
399}
400
401/*
402 * Create an object specific authorisation protocol (OSAP) session
403 */
404static int osap(struct tpm_buf *tb, struct osapsess *s,
405 const unsigned char *key, const uint16_t type,
406 const uint32_t handle)
407{
408 unsigned char enonce[TPM_NONCE_SIZE];
409 unsigned char ononce[TPM_NONCE_SIZE];
410 int ret;
411
412 ret = tpm_get_random(tb, ononce, TPM_NONCE_SIZE);
413 if (ret < 0)
414 return ret;
415
416 INIT_BUF(tb);
417 store16(tb, TPM_TAG_RQU_COMMAND);
418 store32(tb, TPM_OSAP_SIZE);
419 store32(tb, TPM_ORD_OSAP);
420 store16(tb, type);
421 store32(tb, handle);
422 storebytes(tb, ononce, TPM_NONCE_SIZE);
423
424 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
425 if (ret < 0)
426 return ret;
427
428 s->handle = LOAD32(tb->data, TPM_DATA_OFFSET);
429 memcpy(s->enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)]),
430 TPM_NONCE_SIZE);
431 memcpy(enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t) +
432 TPM_NONCE_SIZE]), TPM_NONCE_SIZE);
433 ret = TSS_rawhmac(s->secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE,
434 enonce, TPM_NONCE_SIZE, ononce, 0, 0);
435 return ret;
436}
437
438/*
439 * Create an object independent authorisation protocol (oiap) session
440 */
441static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
442{
443 int ret;
444
445 INIT_BUF(tb);
446 store16(tb, TPM_TAG_RQU_COMMAND);
447 store32(tb, TPM_OIAP_SIZE);
448 store32(tb, TPM_ORD_OIAP);
449 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
450 if (ret < 0)
451 return ret;
452
453 *handle = LOAD32(tb->data, TPM_DATA_OFFSET);
454 memcpy(nonce, &tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)],
455 TPM_NONCE_SIZE);
456 return ret;
457}
458
459struct tpm_digests {
460 unsigned char encauth[SHA1_DIGEST_SIZE];
461 unsigned char pubauth[SHA1_DIGEST_SIZE];
462 unsigned char xorwork[SHA1_DIGEST_SIZE * 2];
463 unsigned char xorhash[SHA1_DIGEST_SIZE];
464 unsigned char nonceodd[TPM_NONCE_SIZE];
465};
466
467/*
468 * Have the TPM seal(encrypt) the trusted key, possibly based on
469 * Platform Configuration Registers (PCRs). AUTH1 for sealing key.
470 */
471static int tpm_seal(struct tpm_buf *tb, const uint16_t keytype,
472 const uint32_t keyhandle, const unsigned char *keyauth,
473 const unsigned char *data, const uint32_t datalen,
474 unsigned char *blob, uint32_t *bloblen,
475 const unsigned char *blobauth,
476 const unsigned char *pcrinfo, const uint32_t pcrinfosize)
477{
478 struct osapsess sess;
479 struct tpm_digests *td;
480 unsigned char cont;
481 uint32_t ordinal;
482 uint32_t pcrsize;
483 uint32_t datsize;
484 int sealinfosize;
485 int encdatasize;
486 int storedsize;
487 int ret;
488 int i;
489
490 /* alloc some work space for all the hashes */
491 td = kmalloc(sizeof *td, GFP_KERNEL);
492 if (!td)
493 return -ENOMEM;
494
495 /* get session for sealing key */
496 ret = osap(tb, &sess, keyauth, keytype, keyhandle);
497 if (ret < 0)
498 return ret;
499 dump_sess(&sess);
500
501 /* calculate encrypted authorization value */
502 memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE);
503 memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE);
504 ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash);
505 if (ret < 0)
506 return ret;
507
508 ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE);
509 if (ret < 0)
510 return ret;
511 ordinal = htonl(TPM_ORD_SEAL);
512 datsize = htonl(datalen);
513 pcrsize = htonl(pcrinfosize);
514 cont = 0;
515
516 /* encrypt data authorization key */
517 for (i = 0; i < SHA1_DIGEST_SIZE; ++i)
518 td->encauth[i] = td->xorhash[i] ^ blobauth[i];
519
520 /* calculate authorization HMAC value */
521 if (pcrinfosize == 0) {
522 /* no pcr info specified */
523 TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE,
524 sess.enonce, td->nonceodd, cont, sizeof(uint32_t),
525 &ordinal, SHA1_DIGEST_SIZE, td->encauth,
526 sizeof(uint32_t), &pcrsize, sizeof(uint32_t),
527 &datsize, datalen, data, 0, 0);
528 } else {
529 /* pcr info specified */
530 TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE,
531 sess.enonce, td->nonceodd, cont, sizeof(uint32_t),
532 &ordinal, SHA1_DIGEST_SIZE, td->encauth,
533 sizeof(uint32_t), &pcrsize, pcrinfosize,
534 pcrinfo, sizeof(uint32_t), &datsize, datalen,
535 data, 0, 0);
536 }
537
538 /* build and send the TPM request packet */
539 INIT_BUF(tb);
540 store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
541 store32(tb, TPM_SEAL_SIZE + pcrinfosize + datalen);
542 store32(tb, TPM_ORD_SEAL);
543 store32(tb, keyhandle);
544 storebytes(tb, td->encauth, SHA1_DIGEST_SIZE);
545 store32(tb, pcrinfosize);
546 storebytes(tb, pcrinfo, pcrinfosize);
547 store32(tb, datalen);
548 storebytes(tb, data, datalen);
549 store32(tb, sess.handle);
550 storebytes(tb, td->nonceodd, TPM_NONCE_SIZE);
551 store8(tb, cont);
552 storebytes(tb, td->pubauth, SHA1_DIGEST_SIZE);
553
554 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
555 if (ret < 0)
556 return ret;
557
558 /* calculate the size of the returned Blob */
559 sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t));
560 encdatasize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t) +
561 sizeof(uint32_t) + sealinfosize);
562 storedsize = sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize +
563 sizeof(uint32_t) + encdatasize;
564
565 /* check the HMAC in the response */
566 ret = TSS_checkhmac1(tb->data, ordinal, td->nonceodd, sess.secret,
567 SHA1_DIGEST_SIZE, storedsize, TPM_DATA_OFFSET, 0,
568 0);
569
570 /* copy the returned blob to caller */
571 memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize);
572 *bloblen = storedsize;
573 return ret;
574}
575
576/*
577 * use the AUTH2_COMMAND form of unseal, to authorize both key and blob
578 */
579static int tpm_unseal(struct tpm_buf *tb,
580 const uint32_t keyhandle, const unsigned char *keyauth,
581 const unsigned char *blob, const int bloblen,
582 const unsigned char *blobauth,
583 unsigned char *data, unsigned int *datalen)
584{
585 unsigned char nonceodd[TPM_NONCE_SIZE];
586 unsigned char enonce1[TPM_NONCE_SIZE];
587 unsigned char enonce2[TPM_NONCE_SIZE];
588 unsigned char authdata1[SHA1_DIGEST_SIZE];
589 unsigned char authdata2[SHA1_DIGEST_SIZE];
590 uint32_t authhandle1 = 0;
591 uint32_t authhandle2 = 0;
592 unsigned char cont = 0;
593 uint32_t ordinal;
594 uint32_t keyhndl;
595 int ret;
596
597 /* sessions for unsealing key and data */
598 ret = oiap(tb, &authhandle1, enonce1);
599 if (ret < 0) {
600 pr_info("trusted_key: oiap failed (%d)\n", ret);
601 return ret;
602 }
603 ret = oiap(tb, &authhandle2, enonce2);
604 if (ret < 0) {
605 pr_info("trusted_key: oiap failed (%d)\n", ret);
606 return ret;
607 }
608
609 ordinal = htonl(TPM_ORD_UNSEAL);
610 keyhndl = htonl(SRKHANDLE);
611 ret = tpm_get_random(tb, nonceodd, TPM_NONCE_SIZE);
612 if (ret < 0) {
613 pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
614 return ret;
615 }
616 TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE,
617 enonce1, nonceodd, cont, sizeof(uint32_t),
618 &ordinal, bloblen, blob, 0, 0);
619 TSS_authhmac(authdata2, blobauth, TPM_NONCE_SIZE,
620 enonce2, nonceodd, cont, sizeof(uint32_t),
621 &ordinal, bloblen, blob, 0, 0);
622
623 /* build and send TPM request packet */
624 INIT_BUF(tb);
625 store16(tb, TPM_TAG_RQU_AUTH2_COMMAND);
626 store32(tb, TPM_UNSEAL_SIZE + bloblen);
627 store32(tb, TPM_ORD_UNSEAL);
628 store32(tb, keyhandle);
629 storebytes(tb, blob, bloblen);
630 store32(tb, authhandle1);
631 storebytes(tb, nonceodd, TPM_NONCE_SIZE);
632 store8(tb, cont);
633 storebytes(tb, authdata1, SHA1_DIGEST_SIZE);
634 store32(tb, authhandle2);
635 storebytes(tb, nonceodd, TPM_NONCE_SIZE);
636 store8(tb, cont);
637 storebytes(tb, authdata2, SHA1_DIGEST_SIZE);
638
639 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
640 if (ret < 0) {
641 pr_info("trusted_key: authhmac failed (%d)\n", ret);
642 return ret;
643 }
644
645 *datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
646 ret = TSS_checkhmac2(tb->data, ordinal, nonceodd,
647 keyauth, SHA1_DIGEST_SIZE,
648 blobauth, SHA1_DIGEST_SIZE,
649 sizeof(uint32_t), TPM_DATA_OFFSET,
650 *datalen, TPM_DATA_OFFSET + sizeof(uint32_t), 0,
651 0);
652 if (ret < 0)
653 pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret);
654 memcpy(data, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t), *datalen);
655 return ret;
656}
657
658/*
659 * Have the TPM seal(encrypt) the symmetric key
660 */
661static int key_seal(struct trusted_key_payload *p,
662 struct trusted_key_options *o)
663{
664 struct tpm_buf *tb;
665 int ret;
666
667 tb = kzalloc(sizeof *tb, GFP_KERNEL);
668 if (!tb)
669 return -ENOMEM;
670
671 /* include migratable flag at end of sealed key */
672 p->key[p->key_len] = p->migratable;
673
674 ret = tpm_seal(tb, o->keytype, o->keyhandle, o->keyauth,
675 p->key, p->key_len + 1, p->blob, &p->blob_len,
676 o->blobauth, o->pcrinfo, o->pcrinfo_len);
677 if (ret < 0)
678 pr_info("trusted_key: srkseal failed (%d)\n", ret);
679
680 kfree(tb);
681 return ret;
682}
683
684/*
685 * Have the TPM unseal(decrypt) the symmetric key
686 */
687static int key_unseal(struct trusted_key_payload *p,
688 struct trusted_key_options *o)
689{
690 struct tpm_buf *tb;
691 int ret;
692
693 tb = kzalloc(sizeof *tb, GFP_KERNEL);
694 if (!tb)
695 return -ENOMEM;
696
697 ret = tpm_unseal(tb, o->keyhandle, o->keyauth, p->blob, p->blob_len,
698 o->blobauth, p->key, &p->key_len);
699 /* pull migratable flag out of sealed key */
700 p->migratable = p->key[--p->key_len];
701
702 if (ret < 0)
703 pr_info("trusted_key: srkunseal failed (%d)\n", ret);
704
705 kfree(tb);
706 return ret;
707}
708
709enum {
710 Opt_err = -1,
711 Opt_new, Opt_load, Opt_update,
712 Opt_keyhandle, Opt_keyauth, Opt_blobauth,
713 Opt_pcrinfo, Opt_pcrlock, Opt_migratable
714};
715
716static const match_table_t key_tokens = {
717 {Opt_new, "new"},
718 {Opt_load, "load"},
719 {Opt_update, "update"},
720 {Opt_keyhandle, "keyhandle=%s"},
721 {Opt_keyauth, "keyauth=%s"},
722 {Opt_blobauth, "blobauth=%s"},
723 {Opt_pcrinfo, "pcrinfo=%s"},
724 {Opt_pcrlock, "pcrlock=%s"},
725 {Opt_migratable, "migratable=%s"},
726 {Opt_err, NULL}
727};
728
729/* can have zero or more token= options */
730static int getoptions(char *c, struct trusted_key_payload *pay,
731 struct trusted_key_options *opt)
732{
733 substring_t args[MAX_OPT_ARGS];
734 char *p = c;
735 int token;
736 int res;
737 unsigned long handle;
738 unsigned long lock;
739
740 while ((p = strsep(&c, " \t"))) {
741 if (*p == '\0' || *p == ' ' || *p == '\t')
742 continue;
743 token = match_token(p, key_tokens, args);
744
745 switch (token) {
746 case Opt_pcrinfo:
747 opt->pcrinfo_len = strlen(args[0].from) / 2;
748 if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
749 return -EINVAL;
750 hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len);
751 break;
752 case Opt_keyhandle:
753 res = strict_strtoul(args[0].from, 16, &handle);
754 if (res < 0)
755 return -EINVAL;
756 opt->keytype = SEAL_keytype;
757 opt->keyhandle = handle;
758 break;
759 case Opt_keyauth:
760 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
761 return -EINVAL;
762 hex2bin(opt->keyauth, args[0].from, SHA1_DIGEST_SIZE);
763 break;
764 case Opt_blobauth:
765 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
766 return -EINVAL;
767 hex2bin(opt->blobauth, args[0].from, SHA1_DIGEST_SIZE);
768 break;
769 case Opt_migratable:
770 if (*args[0].from == '0')
771 pay->migratable = 0;
772 else
773 return -EINVAL;
774 break;
775 case Opt_pcrlock:
776 res = strict_strtoul(args[0].from, 10, &lock);
777 if (res < 0)
778 return -EINVAL;
779 opt->pcrlock = lock;
780 break;
781 default:
782 return -EINVAL;
783 }
784 }
785 return 0;
786}
787
788/*
789 * datablob_parse - parse the keyctl data and fill in the
790 * payload and options structures
791 *
792 * On success returns 0, otherwise -EINVAL.
793 */
794static int datablob_parse(char *datablob, struct trusted_key_payload *p,
795 struct trusted_key_options *o)
796{
797 substring_t args[MAX_OPT_ARGS];
798 long keylen;
799 int ret = -EINVAL;
800 int key_cmd;
801 char *c;
802
803 /* main command */
804 c = strsep(&datablob, " \t");
805 if (!c)
806 return -EINVAL;
807 key_cmd = match_token(c, key_tokens, args);
808 switch (key_cmd) {
809 case Opt_new:
810 /* first argument is key size */
811 c = strsep(&datablob, " \t");
812 if (!c)
813 return -EINVAL;
814 ret = strict_strtol(c, 10, &keylen);
815 if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE)
816 return -EINVAL;
817 p->key_len = keylen;
818 ret = getoptions(datablob, p, o);
819 if (ret < 0)
820 return ret;
821 ret = Opt_new;
822 break;
823 case Opt_load:
824 /* first argument is sealed blob */
825 c = strsep(&datablob, " \t");
826 if (!c)
827 return -EINVAL;
828 p->blob_len = strlen(c) / 2;
829 if (p->blob_len > MAX_BLOB_SIZE)
830 return -EINVAL;
831 hex2bin(p->blob, c, p->blob_len);
832 ret = getoptions(datablob, p, o);
833 if (ret < 0)
834 return ret;
835 ret = Opt_load;
836 break;
837 case Opt_update:
838 /* all arguments are options */
839 ret = getoptions(datablob, p, o);
840 if (ret < 0)
841 return ret;
842 ret = Opt_update;
843 break;
844 case Opt_err:
845 return -EINVAL;
846 break;
847 }
848 return ret;
849}
850
851static struct trusted_key_options *trusted_options_alloc(void)
852{
853 struct trusted_key_options *options;
854
855 options = kzalloc(sizeof *options, GFP_KERNEL);
856 if (!options)
857 return options;
858
859 /* set any non-zero defaults */
860 options->keytype = SRK_keytype;
861 options->keyhandle = SRKHANDLE;
862 return options;
863}
864
865static struct trusted_key_payload *trusted_payload_alloc(struct key *key)
866{
867 struct trusted_key_payload *p = NULL;
868 int ret;
869
870 ret = key_payload_reserve(key, sizeof *p);
871 if (ret < 0)
872 return p;
873 p = kzalloc(sizeof *p, GFP_KERNEL);
874
875 /* migratable by default */
876 p->migratable = 1;
877 return p;
878}
879
880/*
881 * trusted_instantiate - create a new trusted key
882 *
883 * Unseal an existing trusted blob or, for a new key, get a
884 * random key, then seal and create a trusted key-type key,
885 * adding it to the specified keyring.
886 *
887 * On success, return 0. Otherwise return errno.
888 */
889static int trusted_instantiate(struct key *key, const void *data,
890 const size_t datalen)
891{
892 struct trusted_key_payload *payload = NULL;
893 struct trusted_key_options *options = NULL;
894 char *datablob;
895 int ret = 0;
896 int key_cmd;
897
898 if (datalen <= 0 || datalen > 32767 || !data)
899 return -EINVAL;
900
901 datablob = kmalloc(datalen + 1, GFP_KERNEL);
902 if (!datablob)
903 return -ENOMEM;
904 memcpy(datablob, data, datalen);
905 datablob[datalen] = '\0';
906
907 options = trusted_options_alloc();
908 if (!options) {
909 ret = -ENOMEM;
910 goto out;
911 }
912 payload = trusted_payload_alloc(key);
913 if (!payload) {
914 ret = -ENOMEM;
915 goto out;
916 }
917
918 key_cmd = datablob_parse(datablob, payload, options);
919 if (key_cmd < 0) {
920 ret = key_cmd;
921 goto out;
922 }
923
924 dump_payload(payload);
925 dump_options(options);
926
927 switch (key_cmd) {
928 case Opt_load:
929 ret = key_unseal(payload, options);
930 dump_payload(payload);
931 dump_options(options);
932 if (ret < 0)
933 pr_info("trusted_key: key_unseal failed (%d)\n", ret);
934 break;
935 case Opt_new:
936 ret = my_get_random(payload->key, payload->key_len);
937 if (ret < 0) {
938 pr_info("trusted_key: key_create failed (%d)\n", ret);
939 goto out;
940 }
941 ret = key_seal(payload, options);
942 if (ret < 0)
943 pr_info("trusted_key: key_seal failed (%d)\n", ret);
944 break;
945 default:
946 ret = -EINVAL;
947 goto out;
948 }
949 if (!ret && options->pcrlock)
950 ret = pcrlock(options->pcrlock);
951out:
952 kfree(datablob);
953 kfree(options);
954 if (!ret)
955 rcu_assign_pointer(key->payload.data, payload);
956 else
957 kfree(payload);
958 return ret;
959}
960
961static void trusted_rcu_free(struct rcu_head *rcu)
962{
963 struct trusted_key_payload *p;
964
965 p = container_of(rcu, struct trusted_key_payload, rcu);
966 memset(p->key, 0, p->key_len);
967 kfree(p);
968}
969
970/*
971 * trusted_update - reseal an existing key with new PCR values
972 */
973static int trusted_update(struct key *key, const void *data,
974 const size_t datalen)
975{
976 struct trusted_key_payload *p = key->payload.data;
977 struct trusted_key_payload *new_p;
978 struct trusted_key_options *new_o;
979 char *datablob;
980 int ret = 0;
981
982 if (!p->migratable)
983 return -EPERM;
984 if (datalen <= 0 || datalen > 32767 || !data)
985 return -EINVAL;
986
987 datablob = kmalloc(datalen + 1, GFP_KERNEL);
988 if (!datablob)
989 return -ENOMEM;
990 new_o = trusted_options_alloc();
991 if (!new_o) {
992 ret = -ENOMEM;
993 goto out;
994 }
995 new_p = trusted_payload_alloc(key);
996 if (!new_p) {
997 ret = -ENOMEM;
998 goto out;
999 }
1000
1001 memcpy(datablob, data, datalen);
1002 datablob[datalen] = '\0';
1003 ret = datablob_parse(datablob, new_p, new_o);
1004 if (ret != Opt_update) {
1005 ret = -EINVAL;
1006 goto out;
1007 }
1008 /* copy old key values, and reseal with new pcrs */
1009 new_p->migratable = p->migratable;
1010 new_p->key_len = p->key_len;
1011 memcpy(new_p->key, p->key, p->key_len);
1012 dump_payload(p);
1013 dump_payload(new_p);
1014
1015 ret = key_seal(new_p, new_o);
1016 if (ret < 0) {
1017 pr_info("trusted_key: key_seal failed (%d)\n", ret);
1018 kfree(new_p);
1019 goto out;
1020 }
1021 if (new_o->pcrlock) {
1022 ret = pcrlock(new_o->pcrlock);
1023 if (ret < 0) {
1024 pr_info("trusted_key: pcrlock failed (%d)\n", ret);
1025 kfree(new_p);
1026 goto out;
1027 }
1028 }
1029 rcu_assign_pointer(key->payload.data, new_p);
1030 call_rcu(&p->rcu, trusted_rcu_free);
1031out:
1032 kfree(datablob);
1033 kfree(new_o);
1034 return ret;
1035}
1036
1037/*
1038 * trusted_read - copy the sealed blob data to userspace in hex.
1039 * On success, return to userspace the trusted key datablob size.
1040 */
1041static long trusted_read(const struct key *key, char __user *buffer,
1042 size_t buflen)
1043{
1044 struct trusted_key_payload *p;
1045 char *ascii_buf;
1046 char *bufp;
1047 int i;
1048
1049 p = rcu_dereference_protected(key->payload.data,
1050 rwsem_is_locked(&((struct key *)key)->sem));
1051 if (!p)
1052 return -EINVAL;
1053 if (!buffer || buflen <= 0)
1054 return 2 * p->blob_len;
1055 ascii_buf = kmalloc(2 * p->blob_len, GFP_KERNEL);
1056 if (!ascii_buf)
1057 return -ENOMEM;
1058
1059 bufp = ascii_buf;
1060 for (i = 0; i < p->blob_len; i++)
1061 bufp = pack_hex_byte(bufp, p->blob[i]);
1062 if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) {
1063 kfree(ascii_buf);
1064 return -EFAULT;
1065 }
1066 kfree(ascii_buf);
1067 return 2 * p->blob_len;
1068}
1069
1070/*
1071 * trusted_destroy - before freeing the key, clear the decrypted data
1072 */
1073static void trusted_destroy(struct key *key)
1074{
1075 struct trusted_key_payload *p = key->payload.data;
1076
1077 if (!p)
1078 return;
1079 memset(p->key, 0, p->key_len);
1080 kfree(key->payload.data);
1081}
1082
1083struct key_type key_type_trusted = {
1084 .name = "trusted",
1085 .instantiate = trusted_instantiate,
1086 .update = trusted_update,
1087 .match = user_match,
1088 .destroy = trusted_destroy,
1089 .describe = user_describe,
1090 .read = trusted_read,
1091};
1092
1093EXPORT_SYMBOL_GPL(key_type_trusted);
1094
1095static void trusted_shash_release(void)
1096{
1097 if (hashalg)
1098 crypto_free_shash(hashalg);
1099 if (hmacalg)
1100 crypto_free_shash(hmacalg);
1101}
1102
1103static int __init trusted_shash_alloc(void)
1104{
1105 int ret;
1106
1107 hmacalg = crypto_alloc_shash(hmac_alg, 0, CRYPTO_ALG_ASYNC);
1108 if (IS_ERR(hmacalg)) {
1109 pr_info("trusted_key: could not allocate crypto %s\n",
1110 hmac_alg);
1111 return PTR_ERR(hmacalg);
1112 }
1113
1114 hashalg = crypto_alloc_shash(hash_alg, 0, CRYPTO_ALG_ASYNC);
1115 if (IS_ERR(hashalg)) {
1116 pr_info("trusted_key: could not allocate crypto %s\n",
1117 hash_alg);
1118 ret = PTR_ERR(hashalg);
1119 goto hashalg_fail;
1120 }
1121
1122 return 0;
1123
1124hashalg_fail:
1125 crypto_free_shash(hmacalg);
1126 return ret;
1127}
1128
1129static int __init init_trusted(void)
1130{
1131 int ret;
1132
1133 ret = trusted_shash_alloc();
1134 if (ret < 0)
1135 return ret;
1136 ret = register_key_type(&key_type_trusted);
1137 if (ret < 0)
1138 trusted_shash_release();
1139 return ret;
1140}
1141
1142static void __exit cleanup_trusted(void)
1143{
1144 trusted_shash_release();
1145 unregister_key_type(&key_type_trusted);
1146}
1147
1148late_initcall(init_trusted);
1149module_exit(cleanup_trusted);
1150
1151MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.067223 seconds and 5 git commands to generate.