tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / security / keys / trusted.c
at v2.6.38-rc3 1181 lines 28 kB view raw
1/* 2 * Copyright (C) 2010 IBM Corporation 3 * 4 * Author: 5 * David Safford <safford@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation, version 2 of the License. 10 * 11 * See Documentation/keys-trusted-encrypted.txt 12 */ 13 14#include <linux/uaccess.h> 15#include <linux/module.h> 16#include <linux/init.h> 17#include <linux/slab.h> 18#include <linux/parser.h> 19#include <linux/string.h> 20#include <linux/err.h> 21#include <keys/user-type.h> 22#include <keys/trusted-type.h> 23#include <linux/key-type.h> 24#include <linux/rcupdate.h> 25#include <linux/crypto.h> 26#include <crypto/hash.h> 27#include <crypto/sha.h> 28#include <linux/capability.h> 29#include <linux/tpm.h> 30#include <linux/tpm_command.h> 31 32#include "trusted.h" 33 34static const char hmac_alg[] = "hmac(sha1)"; 35static const char hash_alg[] = "sha1"; 36 37struct sdesc { 38 struct shash_desc shash; 39 char ctx[]; 40}; 41 42static struct crypto_shash *hashalg; 43static struct crypto_shash *hmacalg; 44 45static struct sdesc *init_sdesc(struct crypto_shash *alg) 46{ 47 struct sdesc *sdesc; 48 int size; 49 50 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg); 51 sdesc = kmalloc(size, GFP_KERNEL); 52 if (!sdesc) 53 return ERR_PTR(-ENOMEM); 54 sdesc->shash.tfm = alg; 55 sdesc->shash.flags = 0x0; 56 return sdesc; 57} 58 59static int TSS_sha1(const unsigned char *data, unsigned int datalen, 60 unsigned char *digest) 61{ 62 struct sdesc *sdesc; 63 int ret; 64 65 sdesc = init_sdesc(hashalg); 66 if (IS_ERR(sdesc)) { 67 pr_info("trusted_key: can't alloc %s\n", hash_alg); 68 return PTR_ERR(sdesc); 69 } 70 71 ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); 72 kfree(sdesc); 73 return ret; 74} 75 76static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, 77 unsigned int keylen, ...) 78{ 79 struct sdesc *sdesc; 80 va_list argp; 81 unsigned int dlen; 82 unsigned char *data; 83 int ret; 84 85 sdesc = init_sdesc(hmacalg); 86 if (IS_ERR(sdesc)) { 87 pr_info("trusted_key: can't alloc %s\n", hmac_alg); 88 return PTR_ERR(sdesc); 89 } 90 91 ret = crypto_shash_setkey(hmacalg, key, keylen); 92 if (ret < 0) 93 goto out; 94 ret = crypto_shash_init(&sdesc->shash); 95 if (ret < 0) 96 goto out; 97 98 va_start(argp, keylen); 99 for (;;) { 100 dlen = va_arg(argp, unsigned int); 101 if (dlen == 0) 102 break; 103 data = va_arg(argp, unsigned char *); 104 if (data == NULL) { 105 ret = -EINVAL; 106 break; 107 } 108 ret = crypto_shash_update(&sdesc->shash, data, dlen); 109 if (ret < 0) 110 break; 111 } 112 va_end(argp); 113 if (!ret) 114 ret = crypto_shash_final(&sdesc->shash, digest); 115out: 116 kfree(sdesc); 117 return ret; 118} 119 120/* 121 * calculate authorization info fields to send to TPM 122 */ 123static int TSS_authhmac(unsigned char *digest, const unsigned char *key, 124 unsigned int keylen, unsigned char *h1, 125 unsigned char *h2, unsigned char h3, ...) 126{ 127 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 128 struct sdesc *sdesc; 129 unsigned int dlen; 130 unsigned char *data; 131 unsigned char c; 132 int ret; 133 va_list argp; 134 135 sdesc = init_sdesc(hashalg); 136 if (IS_ERR(sdesc)) { 137 pr_info("trusted_key: can't alloc %s\n", hash_alg); 138 return PTR_ERR(sdesc); 139 } 140 141 c = h3; 142 ret = crypto_shash_init(&sdesc->shash); 143 if (ret < 0) 144 goto out; 145 va_start(argp, h3); 146 for (;;) { 147 dlen = va_arg(argp, unsigned int); 148 if (dlen == 0) 149 break; 150 data = va_arg(argp, unsigned char *); 151 if (!data) { 152 ret = -EINVAL; 153 break; 154 } 155 ret = crypto_shash_update(&sdesc->shash, data, dlen); 156 if (ret < 0) 157 break; 158 } 159 va_end(argp); 160 if (!ret) 161 ret = crypto_shash_final(&sdesc->shash, paramdigest); 162 if (!ret) 163 ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, 164 paramdigest, TPM_NONCE_SIZE, h1, 165 TPM_NONCE_SIZE, h2, 1, &c, 0, 0); 166out: 167 kfree(sdesc); 168 return ret; 169} 170 171/* 172 * verify the AUTH1_COMMAND (Seal) result from TPM 173 */ 174static int TSS_checkhmac1(unsigned char *buffer, 175 const uint32_t command, 176 const unsigned char *ononce, 177 const unsigned char *key, 178 unsigned int keylen, ...) 179{ 180 uint32_t bufsize; 181 uint16_t tag; 182 uint32_t ordinal; 183 uint32_t result; 184 unsigned char *enonce; 185 unsigned char *continueflag; 186 unsigned char *authdata; 187 unsigned char testhmac[SHA1_DIGEST_SIZE]; 188 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 189 struct sdesc *sdesc; 190 unsigned int dlen; 191 unsigned int dpos; 192 va_list argp; 193 int ret; 194 195 bufsize = LOAD32(buffer, TPM_SIZE_OFFSET); 196 tag = LOAD16(buffer, 0); 197 ordinal = command; 198 result = LOAD32N(buffer, TPM_RETURN_OFFSET); 199 if (tag == TPM_TAG_RSP_COMMAND) 200 return 0; 201 if (tag != TPM_TAG_RSP_AUTH1_COMMAND) 202 return -EINVAL; 203 authdata = buffer + bufsize - SHA1_DIGEST_SIZE; 204 continueflag = authdata - 1; 205 enonce = continueflag - TPM_NONCE_SIZE; 206 207 sdesc = init_sdesc(hashalg); 208 if (IS_ERR(sdesc)) { 209 pr_info("trusted_key: can't alloc %s\n", hash_alg); 210 return PTR_ERR(sdesc); 211 } 212 ret = crypto_shash_init(&sdesc->shash); 213 if (ret < 0) 214 goto out; 215 ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result, 216 sizeof result); 217 if (ret < 0) 218 goto out; 219 ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal, 220 sizeof ordinal); 221 if (ret < 0) 222 goto out; 223 va_start(argp, keylen); 224 for (;;) { 225 dlen = va_arg(argp, unsigned int); 226 if (dlen == 0) 227 break; 228 dpos = va_arg(argp, unsigned int); 229 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); 230 if (ret < 0) 231 break; 232 } 233 va_end(argp); 234 if (!ret) 235 ret = crypto_shash_final(&sdesc->shash, paramdigest); 236 if (ret < 0) 237 goto out; 238 239 ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest, 240 TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce, 241 1, continueflag, 0, 0); 242 if (ret < 0) 243 goto out; 244 245 if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) 246 ret = -EINVAL; 247out: 248 kfree(sdesc); 249 return ret; 250} 251 252/* 253 * verify the AUTH2_COMMAND (unseal) result from TPM 254 */ 255static int TSS_checkhmac2(unsigned char *buffer, 256 const uint32_t command, 257 const unsigned char *ononce, 258 const unsigned char *key1, 259 unsigned int keylen1, 260 const unsigned char *key2, 261 unsigned int keylen2, ...) 262{ 263 uint32_t bufsize; 264 uint16_t tag; 265 uint32_t ordinal; 266 uint32_t result; 267 unsigned char *enonce1; 268 unsigned char *continueflag1; 269 unsigned char *authdata1; 270 unsigned char *enonce2; 271 unsigned char *continueflag2; 272 unsigned char *authdata2; 273 unsigned char testhmac1[SHA1_DIGEST_SIZE]; 274 unsigned char testhmac2[SHA1_DIGEST_SIZE]; 275 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 276 struct sdesc *sdesc; 277 unsigned int dlen; 278 unsigned int dpos; 279 va_list argp; 280 int ret; 281 282 bufsize = LOAD32(buffer, TPM_SIZE_OFFSET); 283 tag = LOAD16(buffer, 0); 284 ordinal = command; 285 result = LOAD32N(buffer, TPM_RETURN_OFFSET); 286 287 if (tag == TPM_TAG_RSP_COMMAND) 288 return 0; 289 if (tag != TPM_TAG_RSP_AUTH2_COMMAND) 290 return -EINVAL; 291 authdata1 = buffer + bufsize - (SHA1_DIGEST_SIZE + 1 292 + SHA1_DIGEST_SIZE + SHA1_DIGEST_SIZE); 293 authdata2 = buffer + bufsize - (SHA1_DIGEST_SIZE); 294 continueflag1 = authdata1 - 1; 295 continueflag2 = authdata2 - 1; 296 enonce1 = continueflag1 - TPM_NONCE_SIZE; 297 enonce2 = continueflag2 - TPM_NONCE_SIZE; 298 299 sdesc = init_sdesc(hashalg); 300 if (IS_ERR(sdesc)) { 301 pr_info("trusted_key: can't alloc %s\n", hash_alg); 302 return PTR_ERR(sdesc); 303 } 304 ret = crypto_shash_init(&sdesc->shash); 305 if (ret < 0) 306 goto out; 307 ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result, 308 sizeof result); 309 if (ret < 0) 310 goto out; 311 ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal, 312 sizeof ordinal); 313 if (ret < 0) 314 goto out; 315 316 va_start(argp, keylen2); 317 for (;;) { 318 dlen = va_arg(argp, unsigned int); 319 if (dlen == 0) 320 break; 321 dpos = va_arg(argp, unsigned int); 322 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); 323 if (ret < 0) 324 break; 325 } 326 va_end(argp); 327 if (!ret) 328 ret = crypto_shash_final(&sdesc->shash, paramdigest); 329 if (ret < 0) 330 goto out; 331 332 ret = TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE, 333 paramdigest, TPM_NONCE_SIZE, enonce1, 334 TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); 335 if (ret < 0) 336 goto out; 337 if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { 338 ret = -EINVAL; 339 goto out; 340 } 341 ret = TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE, 342 paramdigest, TPM_NONCE_SIZE, enonce2, 343 TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); 344 if (ret < 0) 345 goto out; 346 if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) 347 ret = -EINVAL; 348out: 349 kfree(sdesc); 350 return ret; 351} 352 353/* 354 * For key specific tpm requests, we will generate and send our 355 * own TPM command packets using the drivers send function. 356 */ 357static int trusted_tpm_send(const u32 chip_num, unsigned char *cmd, 358 size_t buflen) 359{ 360 int rc; 361 362 dump_tpm_buf(cmd); 363 rc = tpm_send(chip_num, cmd, buflen); 364 dump_tpm_buf(cmd); 365 if (rc > 0) 366 /* Can't return positive return codes values to keyctl */ 367 rc = -EPERM; 368 return rc; 369} 370 371/* 372 * get a random value from TPM 373 */ 374static int tpm_get_random(struct tpm_buf *tb, unsigned char *buf, uint32_t len) 375{ 376 int ret; 377 378 INIT_BUF(tb); 379 store16(tb, TPM_TAG_RQU_COMMAND); 380 store32(tb, TPM_GETRANDOM_SIZE); 381 store32(tb, TPM_ORD_GETRANDOM); 382 store32(tb, len); 383 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, sizeof tb->data); 384 if (!ret) 385 memcpy(buf, tb->data + TPM_GETRANDOM_SIZE, len); 386 return ret; 387} 388 389static int my_get_random(unsigned char *buf, int len) 390{ 391 struct tpm_buf *tb; 392 int ret; 393 394 tb = kmalloc(sizeof *tb, GFP_KERNEL); 395 if (!tb) 396 return -ENOMEM; 397 ret = tpm_get_random(tb, buf, len); 398 399 kfree(tb); 400 return ret; 401} 402 403/* 404 * Lock a trusted key, by extending a selected PCR. 405 * 406 * Prevents a trusted key that is sealed to PCRs from being accessed. 407 * This uses the tpm driver's extend function. 408 */ 409static int pcrlock(const int pcrnum) 410{ 411 unsigned char hash[SHA1_DIGEST_SIZE]; 412 int ret; 413 414 if (!capable(CAP_SYS_ADMIN)) 415 return -EPERM; 416 ret = my_get_random(hash, SHA1_DIGEST_SIZE); 417 if (ret < 0) 418 return ret; 419 return tpm_pcr_extend(TPM_ANY_NUM, pcrnum, hash) ? -EINVAL : 0; 420} 421 422/* 423 * Create an object specific authorisation protocol (OSAP) session 424 */ 425static int osap(struct tpm_buf *tb, struct osapsess *s, 426 const unsigned char *key, uint16_t type, uint32_t handle) 427{ 428 unsigned char enonce[TPM_NONCE_SIZE]; 429 unsigned char ononce[TPM_NONCE_SIZE]; 430 int ret; 431 432 ret = tpm_get_random(tb, ononce, TPM_NONCE_SIZE); 433 if (ret < 0) 434 return ret; 435 436 INIT_BUF(tb); 437 store16(tb, TPM_TAG_RQU_COMMAND); 438 store32(tb, TPM_OSAP_SIZE); 439 store32(tb, TPM_ORD_OSAP); 440 store16(tb, type); 441 store32(tb, handle); 442 storebytes(tb, ononce, TPM_NONCE_SIZE); 443 444 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); 445 if (ret < 0) 446 return ret; 447 448 s->handle = LOAD32(tb->data, TPM_DATA_OFFSET); 449 memcpy(s->enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)]), 450 TPM_NONCE_SIZE); 451 memcpy(enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t) + 452 TPM_NONCE_SIZE]), TPM_NONCE_SIZE); 453 return TSS_rawhmac(s->secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE, 454 enonce, TPM_NONCE_SIZE, ononce, 0, 0); 455} 456 457/* 458 * Create an object independent authorisation protocol (oiap) session 459 */ 460static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) 461{ 462 int ret; 463 464 INIT_BUF(tb); 465 store16(tb, TPM_TAG_RQU_COMMAND); 466 store32(tb, TPM_OIAP_SIZE); 467 store32(tb, TPM_ORD_OIAP); 468 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); 469 if (ret < 0) 470 return ret; 471 472 *handle = LOAD32(tb->data, TPM_DATA_OFFSET); 473 memcpy(nonce, &tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)], 474 TPM_NONCE_SIZE); 475 return 0; 476} 477 478struct tpm_digests { 479 unsigned char encauth[SHA1_DIGEST_SIZE]; 480 unsigned char pubauth[SHA1_DIGEST_SIZE]; 481 unsigned char xorwork[SHA1_DIGEST_SIZE * 2]; 482 unsigned char xorhash[SHA1_DIGEST_SIZE]; 483 unsigned char nonceodd[TPM_NONCE_SIZE]; 484}; 485 486/* 487 * Have the TPM seal(encrypt) the trusted key, possibly based on 488 * Platform Configuration Registers (PCRs). AUTH1 for sealing key. 489 */ 490static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, 491 uint32_t keyhandle, const unsigned char *keyauth, 492 const unsigned char *data, uint32_t datalen, 493 unsigned char *blob, uint32_t *bloblen, 494 const unsigned char *blobauth, 495 const unsigned char *pcrinfo, uint32_t pcrinfosize) 496{ 497 struct osapsess sess; 498 struct tpm_digests *td; 499 unsigned char cont; 500 uint32_t ordinal; 501 uint32_t pcrsize; 502 uint32_t datsize; 503 int sealinfosize; 504 int encdatasize; 505 int storedsize; 506 int ret; 507 int i; 508 509 /* alloc some work space for all the hashes */ 510 td = kmalloc(sizeof *td, GFP_KERNEL); 511 if (!td) 512 return -ENOMEM; 513 514 /* get session for sealing key */ 515 ret = osap(tb, &sess, keyauth, keytype, keyhandle); 516 if (ret < 0) 517 goto out; 518 dump_sess(&sess); 519 520 /* calculate encrypted authorization value */ 521 memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE); 522 memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); 523 ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); 524 if (ret < 0) 525 goto out; 526 527 ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE); 528 if (ret < 0) 529 goto out; 530 ordinal = htonl(TPM_ORD_SEAL); 531 datsize = htonl(datalen); 532 pcrsize = htonl(pcrinfosize); 533 cont = 0; 534 535 /* encrypt data authorization key */ 536 for (i = 0; i < SHA1_DIGEST_SIZE; ++i) 537 td->encauth[i] = td->xorhash[i] ^ blobauth[i]; 538 539 /* calculate authorization HMAC value */ 540 if (pcrinfosize == 0) { 541 /* no pcr info specified */ 542 ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE, 543 sess.enonce, td->nonceodd, cont, 544 sizeof(uint32_t), &ordinal, SHA1_DIGEST_SIZE, 545 td->encauth, sizeof(uint32_t), &pcrsize, 546 sizeof(uint32_t), &datsize, datalen, data, 0, 547 0); 548 } else { 549 /* pcr info specified */ 550 ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE, 551 sess.enonce, td->nonceodd, cont, 552 sizeof(uint32_t), &ordinal, SHA1_DIGEST_SIZE, 553 td->encauth, sizeof(uint32_t), &pcrsize, 554 pcrinfosize, pcrinfo, sizeof(uint32_t), 555 &datsize, datalen, data, 0, 0); 556 } 557 if (ret < 0) 558 goto out; 559 560 /* build and send the TPM request packet */ 561 INIT_BUF(tb); 562 store16(tb, TPM_TAG_RQU_AUTH1_COMMAND); 563 store32(tb, TPM_SEAL_SIZE + pcrinfosize + datalen); 564 store32(tb, TPM_ORD_SEAL); 565 store32(tb, keyhandle); 566 storebytes(tb, td->encauth, SHA1_DIGEST_SIZE); 567 store32(tb, pcrinfosize); 568 storebytes(tb, pcrinfo, pcrinfosize); 569 store32(tb, datalen); 570 storebytes(tb, data, datalen); 571 store32(tb, sess.handle); 572 storebytes(tb, td->nonceodd, TPM_NONCE_SIZE); 573 store8(tb, cont); 574 storebytes(tb, td->pubauth, SHA1_DIGEST_SIZE); 575 576 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); 577 if (ret < 0) 578 goto out; 579 580 /* calculate the size of the returned Blob */ 581 sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); 582 encdatasize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t) + 583 sizeof(uint32_t) + sealinfosize); 584 storedsize = sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize + 585 sizeof(uint32_t) + encdatasize; 586 587 /* check the HMAC in the response */ 588 ret = TSS_checkhmac1(tb->data, ordinal, td->nonceodd, sess.secret, 589 SHA1_DIGEST_SIZE, storedsize, TPM_DATA_OFFSET, 0, 590 0); 591 592 /* copy the returned blob to caller */ 593 if (!ret) { 594 memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); 595 *bloblen = storedsize; 596 } 597out: 598 kfree(td); 599 return ret; 600} 601 602/* 603 * use the AUTH2_COMMAND form of unseal, to authorize both key and blob 604 */ 605static int tpm_unseal(struct tpm_buf *tb, 606 uint32_t keyhandle, const unsigned char *keyauth, 607 const unsigned char *blob, int bloblen, 608 const unsigned char *blobauth, 609 unsigned char *data, unsigned int *datalen) 610{ 611 unsigned char nonceodd[TPM_NONCE_SIZE]; 612 unsigned char enonce1[TPM_NONCE_SIZE]; 613 unsigned char enonce2[TPM_NONCE_SIZE]; 614 unsigned char authdata1[SHA1_DIGEST_SIZE]; 615 unsigned char authdata2[SHA1_DIGEST_SIZE]; 616 uint32_t authhandle1 = 0; 617 uint32_t authhandle2 = 0; 618 unsigned char cont = 0; 619 uint32_t ordinal; 620 uint32_t keyhndl; 621 int ret; 622 623 /* sessions for unsealing key and data */ 624 ret = oiap(tb, &authhandle1, enonce1); 625 if (ret < 0) { 626 pr_info("trusted_key: oiap failed (%d)\n", ret); 627 return ret; 628 } 629 ret = oiap(tb, &authhandle2, enonce2); 630 if (ret < 0) { 631 pr_info("trusted_key: oiap failed (%d)\n", ret); 632 return ret; 633 } 634 635 ordinal = htonl(TPM_ORD_UNSEAL); 636 keyhndl = htonl(SRKHANDLE); 637 ret = tpm_get_random(tb, nonceodd, TPM_NONCE_SIZE); 638 if (ret < 0) { 639 pr_info("trusted_key: tpm_get_random failed (%d)\n", ret); 640 return ret; 641 } 642 ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE, 643 enonce1, nonceodd, cont, sizeof(uint32_t), 644 &ordinal, bloblen, blob, 0, 0); 645 if (ret < 0) 646 return ret; 647 ret = TSS_authhmac(authdata2, blobauth, TPM_NONCE_SIZE, 648 enonce2, nonceodd, cont, sizeof(uint32_t), 649 &ordinal, bloblen, blob, 0, 0); 650 if (ret < 0) 651 return ret; 652 653 /* build and send TPM request packet */ 654 INIT_BUF(tb); 655 store16(tb, TPM_TAG_RQU_AUTH2_COMMAND); 656 store32(tb, TPM_UNSEAL_SIZE + bloblen); 657 store32(tb, TPM_ORD_UNSEAL); 658 store32(tb, keyhandle); 659 storebytes(tb, blob, bloblen); 660 store32(tb, authhandle1); 661 storebytes(tb, nonceodd, TPM_NONCE_SIZE); 662 store8(tb, cont); 663 storebytes(tb, authdata1, SHA1_DIGEST_SIZE); 664 store32(tb, authhandle2); 665 storebytes(tb, nonceodd, TPM_NONCE_SIZE); 666 store8(tb, cont); 667 storebytes(tb, authdata2, SHA1_DIGEST_SIZE); 668 669 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); 670 if (ret < 0) { 671 pr_info("trusted_key: authhmac failed (%d)\n", ret); 672 return ret; 673 } 674 675 *datalen = LOAD32(tb->data, TPM_DATA_OFFSET); 676 ret = TSS_checkhmac2(tb->data, ordinal, nonceodd, 677 keyauth, SHA1_DIGEST_SIZE, 678 blobauth, SHA1_DIGEST_SIZE, 679 sizeof(uint32_t), TPM_DATA_OFFSET, 680 *datalen, TPM_DATA_OFFSET + sizeof(uint32_t), 0, 681 0); 682 if (ret < 0) { 683 pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret); 684 return ret; 685 } 686 memcpy(data, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t), *datalen); 687 return 0; 688} 689 690/* 691 * Have the TPM seal(encrypt) the symmetric key 692 */ 693static int key_seal(struct trusted_key_payload *p, 694 struct trusted_key_options *o) 695{ 696 struct tpm_buf *tb; 697 int ret; 698 699 tb = kzalloc(sizeof *tb, GFP_KERNEL); 700 if (!tb) 701 return -ENOMEM; 702 703 /* include migratable flag at end of sealed key */ 704 p->key[p->key_len] = p->migratable; 705 706 ret = tpm_seal(tb, o->keytype, o->keyhandle, o->keyauth, 707 p->key, p->key_len + 1, p->blob, &p->blob_len, 708 o->blobauth, o->pcrinfo, o->pcrinfo_len); 709 if (ret < 0) 710 pr_info("trusted_key: srkseal failed (%d)\n", ret); 711 712 kfree(tb); 713 return ret; 714} 715 716/* 717 * Have the TPM unseal(decrypt) the symmetric key 718 */ 719static int key_unseal(struct trusted_key_payload *p, 720 struct trusted_key_options *o) 721{ 722 struct tpm_buf *tb; 723 int ret; 724 725 tb = kzalloc(sizeof *tb, GFP_KERNEL); 726 if (!tb) 727 return -ENOMEM; 728 729 ret = tpm_unseal(tb, o->keyhandle, o->keyauth, p->blob, p->blob_len, 730 o->blobauth, p->key, &p->key_len); 731 if (ret < 0) 732 pr_info("trusted_key: srkunseal failed (%d)\n", ret); 733 else 734 /* pull migratable flag out of sealed key */ 735 p->migratable = p->key[--p->key_len]; 736 737 kfree(tb); 738 return ret; 739} 740 741enum { 742 Opt_err = -1, 743 Opt_new, Opt_load, Opt_update, 744 Opt_keyhandle, Opt_keyauth, Opt_blobauth, 745 Opt_pcrinfo, Opt_pcrlock, Opt_migratable 746}; 747 748static const match_table_t key_tokens = { 749 {Opt_new, "new"}, 750 {Opt_load, "load"}, 751 {Opt_update, "update"}, 752 {Opt_keyhandle, "keyhandle=%s"}, 753 {Opt_keyauth, "keyauth=%s"}, 754 {Opt_blobauth, "blobauth=%s"}, 755 {Opt_pcrinfo, "pcrinfo=%s"}, 756 {Opt_pcrlock, "pcrlock=%s"}, 757 {Opt_migratable, "migratable=%s"}, 758 {Opt_err, NULL} 759}; 760 761/* can have zero or more token= options */ 762static int getoptions(char *c, struct trusted_key_payload *pay, 763 struct trusted_key_options *opt) 764{ 765 substring_t args[MAX_OPT_ARGS]; 766 char *p = c; 767 int token; 768 int res; 769 unsigned long handle; 770 unsigned long lock; 771 772 while ((p = strsep(&c, " \t"))) { 773 if (*p == '\0' || *p == ' ' || *p == '\t') 774 continue; 775 token = match_token(p, key_tokens, args); 776 777 switch (token) { 778 case Opt_pcrinfo: 779 opt->pcrinfo_len = strlen(args[0].from) / 2; 780 if (opt->pcrinfo_len > MAX_PCRINFO_SIZE) 781 return -EINVAL; 782 hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len); 783 break; 784 case Opt_keyhandle: 785 res = strict_strtoul(args[0].from, 16, &handle); 786 if (res < 0) 787 return -EINVAL; 788 opt->keytype = SEAL_keytype; 789 opt->keyhandle = handle; 790 break; 791 case Opt_keyauth: 792 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) 793 return -EINVAL; 794 hex2bin(opt->keyauth, args[0].from, SHA1_DIGEST_SIZE); 795 break; 796 case Opt_blobauth: 797 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) 798 return -EINVAL; 799 hex2bin(opt->blobauth, args[0].from, SHA1_DIGEST_SIZE); 800 break; 801 case Opt_migratable: 802 if (*args[0].from == '0') 803 pay->migratable = 0; 804 else 805 return -EINVAL; 806 break; 807 case Opt_pcrlock: 808 res = strict_strtoul(args[0].from, 10, &lock); 809 if (res < 0) 810 return -EINVAL; 811 opt->pcrlock = lock; 812 break; 813 default: 814 return -EINVAL; 815 } 816 } 817 return 0; 818} 819 820/* 821 * datablob_parse - parse the keyctl data and fill in the 822 * payload and options structures 823 * 824 * On success returns 0, otherwise -EINVAL. 825 */ 826static int datablob_parse(char *datablob, struct trusted_key_payload *p, 827 struct trusted_key_options *o) 828{ 829 substring_t args[MAX_OPT_ARGS]; 830 long keylen; 831 int ret = -EINVAL; 832 int key_cmd; 833 char *c; 834 835 /* main command */ 836 c = strsep(&datablob, " \t"); 837 if (!c) 838 return -EINVAL; 839 key_cmd = match_token(c, key_tokens, args); 840 switch (key_cmd) { 841 case Opt_new: 842 /* first argument is key size */ 843 c = strsep(&datablob, " \t"); 844 if (!c) 845 return -EINVAL; 846 ret = strict_strtol(c, 10, &keylen); 847 if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) 848 return -EINVAL; 849 p->key_len = keylen; 850 ret = getoptions(datablob, p, o); 851 if (ret < 0) 852 return ret; 853 ret = Opt_new; 854 break; 855 case Opt_load: 856 /* first argument is sealed blob */ 857 c = strsep(&datablob, " \t"); 858 if (!c) 859 return -EINVAL; 860 p->blob_len = strlen(c) / 2; 861 if (p->blob_len > MAX_BLOB_SIZE) 862 return -EINVAL; 863 hex2bin(p->blob, c, p->blob_len); 864 ret = getoptions(datablob, p, o); 865 if (ret < 0) 866 return ret; 867 ret = Opt_load; 868 break; 869 case Opt_update: 870 /* all arguments are options */ 871 ret = getoptions(datablob, p, o); 872 if (ret < 0) 873 return ret; 874 ret = Opt_update; 875 break; 876 case Opt_err: 877 return -EINVAL; 878 break; 879 } 880 return ret; 881} 882 883static struct trusted_key_options *trusted_options_alloc(void) 884{ 885 struct trusted_key_options *options; 886 887 options = kzalloc(sizeof *options, GFP_KERNEL); 888 if (options) { 889 /* set any non-zero defaults */ 890 options->keytype = SRK_keytype; 891 options->keyhandle = SRKHANDLE; 892 } 893 return options; 894} 895 896static struct trusted_key_payload *trusted_payload_alloc(struct key *key) 897{ 898 struct trusted_key_payload *p = NULL; 899 int ret; 900 901 ret = key_payload_reserve(key, sizeof *p); 902 if (ret < 0) 903 return p; 904 p = kzalloc(sizeof *p, GFP_KERNEL); 905 if (p) 906 p->migratable = 1; /* migratable by default */ 907 return p; 908} 909 910/* 911 * trusted_instantiate - create a new trusted key 912 * 913 * Unseal an existing trusted blob or, for a new key, get a 914 * random key, then seal and create a trusted key-type key, 915 * adding it to the specified keyring. 916 * 917 * On success, return 0. Otherwise return errno. 918 */ 919static int trusted_instantiate(struct key *key, const void *data, 920 size_t datalen) 921{ 922 struct trusted_key_payload *payload = NULL; 923 struct trusted_key_options *options = NULL; 924 char *datablob; 925 int ret = 0; 926 int key_cmd; 927 928 if (datalen <= 0 || datalen > 32767 || !data) 929 return -EINVAL; 930 931 datablob = kmalloc(datalen + 1, GFP_KERNEL); 932 if (!datablob) 933 return -ENOMEM; 934 memcpy(datablob, data, datalen); 935 datablob[datalen] = '\0'; 936 937 options = trusted_options_alloc(); 938 if (!options) { 939 ret = -ENOMEM; 940 goto out; 941 } 942 payload = trusted_payload_alloc(key); 943 if (!payload) { 944 ret = -ENOMEM; 945 goto out; 946 } 947 948 key_cmd = datablob_parse(datablob, payload, options); 949 if (key_cmd < 0) { 950 ret = key_cmd; 951 goto out; 952 } 953 954 dump_payload(payload); 955 dump_options(options); 956 957 switch (key_cmd) { 958 case Opt_load: 959 ret = key_unseal(payload, options); 960 dump_payload(payload); 961 dump_options(options); 962 if (ret < 0) 963 pr_info("trusted_key: key_unseal failed (%d)\n", ret); 964 break; 965 case Opt_new: 966 ret = my_get_random(payload->key, payload->key_len); 967 if (ret < 0) { 968 pr_info("trusted_key: key_create failed (%d)\n", ret); 969 goto out; 970 } 971 ret = key_seal(payload, options); 972 if (ret < 0) 973 pr_info("trusted_key: key_seal failed (%d)\n", ret); 974 break; 975 default: 976 ret = -EINVAL; 977 goto out; 978 } 979 if (!ret && options->pcrlock) 980 ret = pcrlock(options->pcrlock); 981out: 982 kfree(datablob); 983 kfree(options); 984 if (!ret) 985 rcu_assign_pointer(key->payload.data, payload); 986 else 987 kfree(payload); 988 return ret; 989} 990 991static void trusted_rcu_free(struct rcu_head *rcu) 992{ 993 struct trusted_key_payload *p; 994 995 p = container_of(rcu, struct trusted_key_payload, rcu); 996 memset(p->key, 0, p->key_len); 997 kfree(p); 998} 999 1000/* 1001 * trusted_update - reseal an existing key with new PCR values 1002 */ 1003static int trusted_update(struct key *key, const void *data, size_t datalen) 1004{ 1005 struct trusted_key_payload *p = key->payload.data; 1006 struct trusted_key_payload *new_p; 1007 struct trusted_key_options *new_o; 1008 char *datablob; 1009 int ret = 0; 1010 1011 if (!p->migratable) 1012 return -EPERM; 1013 if (datalen <= 0 || datalen > 32767 || !data) 1014 return -EINVAL; 1015 1016 datablob = kmalloc(datalen + 1, GFP_KERNEL); 1017 if (!datablob) 1018 return -ENOMEM; 1019 new_o = trusted_options_alloc(); 1020 if (!new_o) { 1021 ret = -ENOMEM; 1022 goto out; 1023 } 1024 new_p = trusted_payload_alloc(key); 1025 if (!new_p) { 1026 ret = -ENOMEM; 1027 goto out; 1028 } 1029 1030 memcpy(datablob, data, datalen); 1031 datablob[datalen] = '\0'; 1032 ret = datablob_parse(datablob, new_p, new_o); 1033 if (ret != Opt_update) { 1034 ret = -EINVAL; 1035 kfree(new_p); 1036 goto out; 1037 } 1038 /* copy old key values, and reseal with new pcrs */ 1039 new_p->migratable = p->migratable; 1040 new_p->key_len = p->key_len; 1041 memcpy(new_p->key, p->key, p->key_len); 1042 dump_payload(p); 1043 dump_payload(new_p); 1044 1045 ret = key_seal(new_p, new_o); 1046 if (ret < 0) { 1047 pr_info("trusted_key: key_seal failed (%d)\n", ret); 1048 kfree(new_p); 1049 goto out; 1050 } 1051 if (new_o->pcrlock) { 1052 ret = pcrlock(new_o->pcrlock); 1053 if (ret < 0) { 1054 pr_info("trusted_key: pcrlock failed (%d)\n", ret); 1055 kfree(new_p); 1056 goto out; 1057 } 1058 } 1059 rcu_assign_pointer(key->payload.data, new_p); 1060 call_rcu(&p->rcu, trusted_rcu_free); 1061out: 1062 kfree(datablob); 1063 kfree(new_o); 1064 return ret; 1065} 1066 1067/* 1068 * trusted_read - copy the sealed blob data to userspace in hex. 1069 * On success, return to userspace the trusted key datablob size. 1070 */ 1071static long trusted_read(const struct key *key, char __user *buffer, 1072 size_t buflen) 1073{ 1074 struct trusted_key_payload *p; 1075 char *ascii_buf; 1076 char *bufp; 1077 int i; 1078 1079 p = rcu_dereference_protected(key->payload.data, 1080 rwsem_is_locked(&((struct key *)key)->sem)); 1081 if (!p) 1082 return -EINVAL; 1083 if (!buffer || buflen <= 0) 1084 return 2 * p->blob_len; 1085 ascii_buf = kmalloc(2 * p->blob_len, GFP_KERNEL); 1086 if (!ascii_buf) 1087 return -ENOMEM; 1088 1089 bufp = ascii_buf; 1090 for (i = 0; i < p->blob_len; i++) 1091 bufp = pack_hex_byte(bufp, p->blob[i]); 1092 if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { 1093 kfree(ascii_buf); 1094 return -EFAULT; 1095 } 1096 kfree(ascii_buf); 1097 return 2 * p->blob_len; 1098} 1099 1100/* 1101 * trusted_destroy - before freeing the key, clear the decrypted data 1102 */ 1103static void trusted_destroy(struct key *key) 1104{ 1105 struct trusted_key_payload *p = key->payload.data; 1106 1107 if (!p) 1108 return; 1109 memset(p->key, 0, p->key_len); 1110 kfree(key->payload.data); 1111} 1112 1113struct key_type key_type_trusted = { 1114 .name = "trusted", 1115 .instantiate = trusted_instantiate, 1116 .update = trusted_update, 1117 .match = user_match, 1118 .destroy = trusted_destroy, 1119 .describe = user_describe, 1120 .read = trusted_read, 1121}; 1122 1123EXPORT_SYMBOL_GPL(key_type_trusted); 1124 1125static void trusted_shash_release(void) 1126{ 1127 if (hashalg) 1128 crypto_free_shash(hashalg); 1129 if (hmacalg) 1130 crypto_free_shash(hmacalg); 1131} 1132 1133static int __init trusted_shash_alloc(void) 1134{ 1135 int ret; 1136 1137 hmacalg = crypto_alloc_shash(hmac_alg, 0, CRYPTO_ALG_ASYNC); 1138 if (IS_ERR(hmacalg)) { 1139 pr_info("trusted_key: could not allocate crypto %s\n", 1140 hmac_alg); 1141 return PTR_ERR(hmacalg); 1142 } 1143 1144 hashalg = crypto_alloc_shash(hash_alg, 0, CRYPTO_ALG_ASYNC); 1145 if (IS_ERR(hashalg)) { 1146 pr_info("trusted_key: could not allocate crypto %s\n", 1147 hash_alg); 1148 ret = PTR_ERR(hashalg); 1149 goto hashalg_fail; 1150 } 1151 1152 return 0; 1153 1154hashalg_fail: 1155 crypto_free_shash(hmacalg); 1156 return ret; 1157} 1158 1159static int __init init_trusted(void) 1160{ 1161 int ret; 1162 1163 ret = trusted_shash_alloc(); 1164 if (ret < 0) 1165 return ret; 1166 ret = register_key_type(&key_type_trusted); 1167 if (ret < 0) 1168 trusted_shash_release(); 1169 return ret; 1170} 1171 1172static void __exit cleanup_trusted(void) 1173{ 1174 trusted_shash_release(); 1175 unregister_key_type(&key_type_trusted); 1176} 1177 1178late_initcall(init_trusted); 1179module_exit(cleanup_trusted); 1180 1181MODULE_LICENSE("GPL");