Merge tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

+1

Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml

··· 32 32 - enum: 33 33 - infineon,slb9673 34 34 - nuvoton,npct75x 35 + - st,st33ktpm2xi2c 35 36 - const: tcg,tpm-tis-i2c 36 37 37 38 - description: TPM 1.2 and 2.0 chips with vendor-specific I²C interface

+2

Documentation/security/tpm/index.rst

··· 5 5 .. toctree:: 6 6 7 7 tpm_event_log 8 + tpm-security 9 + tpm_tis 8 10 tpm_vtpm_proxy 9 11 xen-tpmfront 10 12 tpm_ftpm_tee

+216

Documentation/security/tpm/tpm-security.rst

··· 1 + .. SPDX-License-Identifier: GPL-2.0-only 2 + 3 + TPM Security 4 + ============ 5 + 6 + The object of this document is to describe how we make the kernel's 7 + use of the TPM reasonably robust in the face of external snooping and 8 + packet alteration attacks (called passive and active interposer attack 9 + in the literature). The current security document is for TPM 2.0. 10 + 11 + Introduction 12 + ------------ 13 + 14 + The TPM is usually a discrete chip attached to a PC via some type of 15 + low bandwidth bus. There are exceptions to this such as the Intel 16 + PTT, which is a software TPM running inside a software environment 17 + close to the CPU, which are subject to different attacks, but right at 18 + the moment, most hardened security environments require a discrete 19 + hardware TPM, which is the use case discussed here. 20 + 21 + Snooping and Alteration Attacks against the bus 22 + ----------------------------------------------- 23 + 24 + The current state of the art for snooping the `TPM Genie`_ hardware 25 + interposer which is a simple external device that can be installed in 26 + a couple of seconds on any system or laptop. Recently attacks were 27 + successfully demonstrated against the `Windows Bitlocker TPM`_ system. 28 + Most recently the same `attack against TPM based Linux disk 29 + encryption`_ schemes. The next phase of research seems to be hacking 30 + existing devices on the bus to act as interposers, so the fact that 31 + the attacker requires physical access for a few seconds might 32 + evaporate. However, the goal of this document is to protect TPM 33 + secrets and integrity as far as we are able in this environment and to 34 + try to insure that if we can't prevent the attack then at least we can 35 + detect it. 36 + 37 + Unfortunately, most of the TPM functionality, including the hardware 38 + reset capability can be controlled by an attacker who has access to 39 + the bus, so we'll discuss some of the disruption possibilities below. 40 + 41 + Measurement (PCR) Integrity 42 + --------------------------- 43 + 44 + Since the attacker can send their own commands to the TPM, they can 45 + send arbitrary PCR extends and thus disrupt the measurement system, 46 + which would be an annoying denial of service attack. However, there 47 + are two, more serious, classes of attack aimed at entities sealed to 48 + trust measurements. 49 + 50 + 1. The attacker could intercept all PCR extends coming from the system 51 + and completely substitute their own values, producing a replay of 52 + an untampered state that would cause PCR measurements to attest to 53 + a trusted state and release secrets 54 + 55 + 2. At some point in time the attacker could reset the TPM, clearing 56 + the PCRs and then send down their own measurements which would 57 + effectively overwrite the boot time measurements the TPM has 58 + already done. 59 + 60 + The first can be thwarted by always doing HMAC protection of the PCR 61 + extend and read command meaning measurement values cannot be 62 + substituted without producing a detectable HMAC failure in the 63 + response. However, the second can only really be detected by relying 64 + on some sort of mechanism for protection which would change over TPM 65 + reset. 66 + 67 + Secrets Guarding 68 + ---------------- 69 + 70 + Certain information passing in and out of the TPM, such as key sealing 71 + and private key import and random number generation, is vulnerable to 72 + interception which HMAC protection alone cannot protect against, so 73 + for these types of command we must also employ request and response 74 + encryption to prevent the loss of secret information. 75 + 76 + Establishing Initial Trust with the TPM 77 + --------------------------------------- 78 + 79 + In order to provide security from the beginning, an initial shared or 80 + asymmetric secret must be established which must also be unknown to 81 + the attacker. The most obvious avenues for this are the endorsement 82 + and storage seeds, which can be used to derive asymmetric keys. 83 + However, using these keys is difficult because the only way to pass 84 + them into the kernel would be on the command line, which requires 85 + extensive support in the boot system, and there's no guarantee that 86 + either hierarchy would not have some type of authorization. 87 + 88 + The mechanism chosen for the Linux Kernel is to derive the primary 89 + elliptic curve key from the null seed using the standard storage seed 90 + parameters. The null seed has two advantages: firstly the hierarchy 91 + physically cannot have an authorization, so we are always able to use 92 + it and secondly, the null seed changes across TPM resets, meaning if 93 + we establish trust on the null seed at start of day, all sessions 94 + salted with the derived key will fail if the TPM is reset and the seed 95 + changes. 96 + 97 + Obviously using the null seed without any other prior shared secrets, 98 + we have to create and read the initial public key which could, of 99 + course, be intercepted and substituted by the bus interposer. 100 + However, the TPM has a key certification mechanism (using the EK 101 + endorsement certificate, creating an attestation identity key and 102 + certifying the null seed primary with that key) which is too complex 103 + to run within the kernel, so we keep a copy of the null primary key 104 + name, which is what is exported via sysfs so user-space can run the 105 + full certification when it boots. The definitive guarantee here is 106 + that if the null primary key certifies correctly, you know all your 107 + TPM transactions since start of day were secure and if it doesn't, you 108 + know there's an interposer on your system (and that any secret used 109 + during boot may have been leaked). 110 + 111 + Stacking Trust 112 + -------------- 113 + 114 + In the current null primary scenario, the TPM must be completely 115 + cleared before handing it on to the next consumer. However the kernel 116 + hands to user-space the name of the derived null seed key which can 117 + then be verified by certification in user-space. Therefore, this chain 118 + of name handoff can be used between the various boot components as 119 + well (via an unspecified mechanism). For instance, grub could use the 120 + null seed scheme for security and hand the name off to the kernel in 121 + the boot area. The kernel could make its own derivation of the key 122 + and the name and know definitively that if they differ from the handed 123 + off version that tampering has occurred. Thus it becomes possible to 124 + chain arbitrary boot components together (UEFI to grub to kernel) via 125 + the name handoff provided each successive component knows how to 126 + collect the name and verifies it against its derived key. 127 + 128 + Session Properties 129 + ------------------ 130 + 131 + All TPM commands the kernel uses allow sessions. HMAC sessions may be 132 + used to check the integrity of requests and responses and decrypt and 133 + encrypt flags may be used to shield parameters and responses. The 134 + HMAC and encryption keys are usually derived from the shared 135 + authorization secret, but for a lot of kernel operations that is well 136 + known (and usually empty). Thus, every HMAC session used by the 137 + kernel must be created using the null primary key as the salt key 138 + which thus provides a cryptographic input into the session key 139 + derivation. Thus, the kernel creates the null primary key once (as a 140 + volatile TPM handle) and keeps it around in a saved context stored in 141 + tpm_chip for every in-kernel use of the TPM. Currently, because of a 142 + lack of de-gapping in the in-kernel resource manager, the session must 143 + be created and destroyed for each operation, but, in future, a single 144 + session may also be reused for the in-kernel HMAC, encryption and 145 + decryption sessions. 146 + 147 + Protection Types 148 + ---------------- 149 + 150 + For every in-kernel operation we use null primary salted HMAC to 151 + protect the integrity. Additionally, we use parameter encryption to 152 + protect key sealing and parameter decryption to protect key unsealing 153 + and random number generation. 154 + 155 + Null Primary Key Certification in Userspace 156 + =========================================== 157 + 158 + Every TPM comes shipped with a couple of X.509 certificates for the 159 + primary endorsement key. This document assumes that the Elliptic 160 + Curve version of the certificate exists at 01C00002, but will work 161 + equally well with the RSA certificate (at 01C00001). 162 + 163 + The first step in the certification is primary creation using the 164 + template from the `TCG EK Credential Profile`_ which allows comparison 165 + of the generated primary key against the one in the certificate (the 166 + public key must match). Note that generation of the EK primary 167 + requires the EK hierarchy password, but a pre-generated version of the 168 + EC primary should exist at 81010002 and a TPM2_ReadPublic() may be 169 + performed on this without needing the key authority. Next, the 170 + certificate itself must be verified to chain back to the manufacturer 171 + root (which should be published on the manufacturer website). Once 172 + this is done, an attestation key (AK) is generated within the TPM and 173 + it's name and the EK public key can be used to encrypt a secret using 174 + TPM2_MakeCredential. The TPM then runs TPM2_ActivateCredential which 175 + will only recover the secret if the binding between the TPM, the EK 176 + and the AK is true. the generated AK may now be used to run a 177 + certification of the null primary key whose name the kernel has 178 + exported. Since TPM2_MakeCredential/ActivateCredential are somewhat 179 + complicated, a more simplified process involving an externally 180 + generated private key is described below. 181 + 182 + This process is a simplified abbreviation of the usual privacy CA 183 + based attestation process. The assumption here is that the 184 + attestation is done by the TPM owner who thus has access to only the 185 + owner hierarchy. The owner creates an external public/private key 186 + pair (assume elliptic curve in this case) and wraps the private key 187 + for import using an inner wrapping process and parented to the EC 188 + derived storage primary. The TPM2_Import() is done using a parameter 189 + decryption HMAC session salted to the EK primary (which also does not 190 + require the EK key authority) meaning that the inner wrapping key is 191 + the encrypted parameter and thus the TPM will not be able to perform 192 + the import unless is possesses the certified EK so if the command 193 + succeeds and the HMAC verifies on return we know we have a loadable 194 + copy of the private key only for the certified TPM. This key is now 195 + loaded into the TPM and the Storage primary flushed (to free up space 196 + for the null key generation). 197 + 198 + The null EC primary is now generated using the Storage profile 199 + outlined in the `TCG TPM v2.0 Provisioning Guidance`_; the name of 200 + this key (the hash of the public area) is computed and compared to the 201 + null seed name presented by the kernel in 202 + /sys/class/tpm/tpm0/null_name. If the names do not match, the TPM is 203 + compromised. If the names match, the user performs a TPM2_Certify() 204 + using the null primary as the object handle and the loaded private key 205 + as the sign handle and providing randomized qualifying data. The 206 + signature of the returned certifyInfo is verified against the public 207 + part of the loaded private key and the qualifying data checked to 208 + prevent replay. If all of these tests pass, the user is now assured 209 + that TPM integrity and privacy was preserved across the entire boot 210 + sequence of this kernel. 211 + 212 + .. _TPM Genie: https://www.nccgroup.trust/globalassets/about-us/us/documents/tpm-genie.pdf 213 + .. _Windows Bitlocker TPM: https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network 214 + .. _attack against TPM based Linux disk encryption: https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets 215 + .. _TCG EK Credential Profile: https://trustedcomputinggroup.org/resource/tcg-ek-credential-profile-for-tpm-family-2-0/ 216 + .. _TCG TPM v2.0 Provisioning Guidance: https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/

+46

Documentation/security/tpm/tpm_tis.rst

··· 1 + .. SPDX-License-Identifier: GPL-2.0 2 + 3 + ========================= 4 + TPM FIFO interface driver 5 + ========================= 6 + 7 + TCG PTP Specification defines two interface types: FIFO and CRB. The former is 8 + based on sequenced read and write operations, and the latter is based on a 9 + buffer containing the full command or response. 10 + 11 + FIFO (First-In-First-Out) interface is used by the tpm_tis_core dependent 12 + drivers. Originally Linux had only a driver called tpm_tis, which covered 13 + memory mapped (aka MMIO) interface but it was later on extended to cover other 14 + physical interfaces supported by the TCG standard. 15 + 16 + For historical reasons above the original MMIO driver is called tpm_tis and the 17 + framework for FIFO drivers is named as tpm_tis_core. The postfix "tis" in 18 + tpm_tis comes from the TPM Interface Specification, which is the hardware 19 + interface specification for TPM 1.x chips. 20 + 21 + Communication is based on a 20 KiB buffer shared by the TPM chip through a 22 + hardware bus or memory map, depending on the physical wiring. The buffer is 23 + further split into five equal-size 4 KiB buffers, which provide equivalent 24 + sets of registers for communication between the CPU and TPM. These 25 + communication endpoints are called localities in the TCG terminology. 26 + 27 + When the kernel wants to send commands to the TPM chip, it first reserves 28 + locality 0 by setting the requestUse bit in the TPM_ACCESS register. The bit is 29 + cleared by the chip when the access is granted. Once it completes its 30 + communication, the kernel writes the TPM_ACCESS.activeLocality bit. This 31 + informs the chip that the locality has been relinquished. 32 + 33 + Pending localities are served in order by the chip in descending order, one at 34 + a time: 35 + 36 + - Locality 0 has the lowest priority. 37 + - Locality 5 has the highest priority. 38 + 39 + Further information on the purpose and meaning of the localities can be found 40 + in section 3.2 of the TCG PC Client Platform TPM Profile Specification. 41 + 42 + References 43 + ========== 44 + 45 + TCG PC Client Platform TPM Profile (PTP) Specification 46 + https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/

+16 -1

drivers/char/tpm/Kconfig

··· 27 27 28 28 if TCG_TPM 29 29 30 + config TCG_TPM2_HMAC 31 + bool "Use HMAC and encrypted transactions on the TPM bus" 32 + default y 33 + select CRYPTO_ECDH 34 + select CRYPTO_LIB_AESCFB 35 + select CRYPTO_LIB_SHA256 36 + help 37 + Setting this causes us to deploy a scheme which uses request 38 + and response HMACs in addition to encryption for 39 + communicating with the TPM to prevent or detect bus snooping 40 + and interposer attacks (see tpm-security.rst). Saying Y 41 + here adds some encryption overhead to all kernel to TPM 42 + transactions. 43 + 30 44 config HW_RANDOM_TPM 31 45 bool "TPM HW Random Number Generator support" 32 46 depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) ··· 163 149 config TCG_ATMEL 164 150 tristate "Atmel TPM Interface" 165 151 depends on PPC64 || HAS_IOPORT_MAP 152 + depends on HAS_IOPORT 166 153 help 167 154 If you have a TPM security chip from Atmel say Yes and it 168 155 will be accessible from within Linux. To compile this driver ··· 171 156 172 157 config TCG_INFINEON 173 158 tristate "Infineon Technologies TPM Interface" 174 - depends on PNP 159 + depends on PNP || COMPILE_TEST 175 160 help 176 161 If you have a TPM security chip from Infineon Technologies 177 162 (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it

+2

drivers/char/tpm/Makefile

··· 15 15 tpm-y += eventlog/common.o 16 16 tpm-y += eventlog/tpm1.o 17 17 tpm-y += eventlog/tpm2.o 18 + tpm-y += tpm-buf.o 18 19 20 + tpm-$(CONFIG_TCG_TPM2_HMAC) += tpm2-sessions.o 19 21 tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o 20 22 tpm-$(CONFIG_EFI) += eventlog/efi.o 21 23 tpm-$(CONFIG_OF) += eventlog/of.o

-1

drivers/char/tpm/eventlog/acpi.c

··· 142 142 143 143 log->bios_event_log_end = log->bios_event_log + len; 144 144 145 - ret = -EIO; 146 145 virt = acpi_os_map_iomem(start, len); 147 146 if (!virt) { 148 147 dev_warn(&chip->dev, "%s: Failed to map ACPI memory\n", __func__);

+252

drivers/char/tpm/tpm-buf.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* 3 + * Handling of TPM command and other buffers. 4 + */ 5 + 6 + #include <linux/tpm_command.h> 7 + #include <linux/module.h> 8 + #include <linux/tpm.h> 9 + 10 + /** 11 + * tpm_buf_init() - Allocate and initialize a TPM command 12 + * @buf: A &tpm_buf 13 + * @tag: TPM_TAG_RQU_COMMAND, TPM2_ST_NO_SESSIONS or TPM2_ST_SESSIONS 14 + * @ordinal: A command ordinal 15 + * 16 + * Return: 0 or -ENOMEM 17 + */ 18 + int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) 19 + { 20 + buf->data = (u8 *)__get_free_page(GFP_KERNEL); 21 + if (!buf->data) 22 + return -ENOMEM; 23 + 24 + tpm_buf_reset(buf, tag, ordinal); 25 + return 0; 26 + } 27 + EXPORT_SYMBOL_GPL(tpm_buf_init); 28 + 29 + /** 30 + * tpm_buf_reset() - Initialize a TPM command 31 + * @buf: A &tpm_buf 32 + * @tag: TPM_TAG_RQU_COMMAND, TPM2_ST_NO_SESSIONS or TPM2_ST_SESSIONS 33 + * @ordinal: A command ordinal 34 + */ 35 + void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) 36 + { 37 + struct tpm_header *head = (struct tpm_header *)buf->data; 38 + 39 + WARN_ON(tag != TPM_TAG_RQU_COMMAND && tag != TPM2_ST_NO_SESSIONS && 40 + tag != TPM2_ST_SESSIONS && tag != 0); 41 + 42 + buf->flags = 0; 43 + buf->length = sizeof(*head); 44 + head->tag = cpu_to_be16(tag); 45 + head->length = cpu_to_be32(sizeof(*head)); 46 + head->ordinal = cpu_to_be32(ordinal); 47 + buf->handles = 0; 48 + } 49 + EXPORT_SYMBOL_GPL(tpm_buf_reset); 50 + 51 + /** 52 + * tpm_buf_init_sized() - Allocate and initialize a sized (TPM2B) buffer 53 + * @buf: A @tpm_buf 54 + * 55 + * Return: 0 or -ENOMEM 56 + */ 57 + int tpm_buf_init_sized(struct tpm_buf *buf) 58 + { 59 + buf->data = (u8 *)__get_free_page(GFP_KERNEL); 60 + if (!buf->data) 61 + return -ENOMEM; 62 + 63 + tpm_buf_reset_sized(buf); 64 + return 0; 65 + } 66 + EXPORT_SYMBOL_GPL(tpm_buf_init_sized); 67 + 68 + /** 69 + * tpm_buf_reset_sized() - Initialize a sized buffer 70 + * @buf: A &tpm_buf 71 + */ 72 + void tpm_buf_reset_sized(struct tpm_buf *buf) 73 + { 74 + buf->flags = TPM_BUF_TPM2B; 75 + buf->length = 2; 76 + buf->data[0] = 0; 77 + buf->data[1] = 0; 78 + } 79 + EXPORT_SYMBOL_GPL(tpm_buf_reset_sized); 80 + 81 + void tpm_buf_destroy(struct tpm_buf *buf) 82 + { 83 + free_page((unsigned long)buf->data); 84 + } 85 + EXPORT_SYMBOL_GPL(tpm_buf_destroy); 86 + 87 + /** 88 + * tpm_buf_length() - Return the number of bytes consumed by the data 89 + * @buf: A &tpm_buf 90 + * 91 + * Return: The number of bytes consumed by the buffer 92 + */ 93 + u32 tpm_buf_length(struct tpm_buf *buf) 94 + { 95 + return buf->length; 96 + } 97 + EXPORT_SYMBOL_GPL(tpm_buf_length); 98 + 99 + /** 100 + * tpm_buf_append() - Append data to an initialized buffer 101 + * @buf: A &tpm_buf 102 + * @new_data: A data blob 103 + * @new_length: Size of the appended data 104 + */ 105 + void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length) 106 + { 107 + /* Return silently if overflow has already happened. */ 108 + if (buf->flags & TPM_BUF_OVERFLOW) 109 + return; 110 + 111 + if ((buf->length + new_length) > PAGE_SIZE) { 112 + WARN(1, "tpm_buf: write overflow\n"); 113 + buf->flags |= TPM_BUF_OVERFLOW; 114 + return; 115 + } 116 + 117 + memcpy(&buf->data[buf->length], new_data, new_length); 118 + buf->length += new_length; 119 + 120 + if (buf->flags & TPM_BUF_TPM2B) 121 + ((__be16 *)buf->data)[0] = cpu_to_be16(buf->length - 2); 122 + else 123 + ((struct tpm_header *)buf->data)->length = cpu_to_be32(buf->length); 124 + } 125 + EXPORT_SYMBOL_GPL(tpm_buf_append); 126 + 127 + void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value) 128 + { 129 + tpm_buf_append(buf, &value, 1); 130 + } 131 + EXPORT_SYMBOL_GPL(tpm_buf_append_u8); 132 + 133 + void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value) 134 + { 135 + __be16 value2 = cpu_to_be16(value); 136 + 137 + tpm_buf_append(buf, (u8 *)&value2, 2); 138 + } 139 + EXPORT_SYMBOL_GPL(tpm_buf_append_u16); 140 + 141 + void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) 142 + { 143 + __be32 value2 = cpu_to_be32(value); 144 + 145 + tpm_buf_append(buf, (u8 *)&value2, 4); 146 + } 147 + EXPORT_SYMBOL_GPL(tpm_buf_append_u32); 148 + 149 + /** 150 + * tpm_buf_read() - Read from a TPM buffer 151 + * @buf: &tpm_buf instance 152 + * @offset: offset within the buffer 153 + * @count: the number of bytes to read 154 + * @output: the output buffer 155 + */ 156 + static void tpm_buf_read(struct tpm_buf *buf, off_t *offset, size_t count, void *output) 157 + { 158 + off_t next_offset; 159 + 160 + /* Return silently if overflow has already happened. */ 161 + if (buf->flags & TPM_BUF_BOUNDARY_ERROR) 162 + return; 163 + 164 + next_offset = *offset + count; 165 + if (next_offset > buf->length) { 166 + WARN(1, "tpm_buf: read out of boundary\n"); 167 + buf->flags |= TPM_BUF_BOUNDARY_ERROR; 168 + return; 169 + } 170 + 171 + memcpy(output, &buf->data[*offset], count); 172 + *offset = next_offset; 173 + } 174 + 175 + /** 176 + * tpm_buf_read_u8() - Read 8-bit word from a TPM buffer 177 + * @buf: &tpm_buf instance 178 + * @offset: offset within the buffer 179 + * 180 + * Return: next 8-bit word 181 + */ 182 + u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset) 183 + { 184 + u8 value; 185 + 186 + tpm_buf_read(buf, offset, sizeof(value), &value); 187 + 188 + return value; 189 + } 190 + EXPORT_SYMBOL_GPL(tpm_buf_read_u8); 191 + 192 + /** 193 + * tpm_buf_read_u16() - Read 16-bit word from a TPM buffer 194 + * @buf: &tpm_buf instance 195 + * @offset: offset within the buffer 196 + * 197 + * Return: next 16-bit word 198 + */ 199 + u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset) 200 + { 201 + u16 value; 202 + 203 + tpm_buf_read(buf, offset, sizeof(value), &value); 204 + 205 + return be16_to_cpu(value); 206 + } 207 + EXPORT_SYMBOL_GPL(tpm_buf_read_u16); 208 + 209 + /** 210 + * tpm_buf_read_u32() - Read 32-bit word from a TPM buffer 211 + * @buf: &tpm_buf instance 212 + * @offset: offset within the buffer 213 + * 214 + * Return: next 32-bit word 215 + */ 216 + u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset) 217 + { 218 + u32 value; 219 + 220 + tpm_buf_read(buf, offset, sizeof(value), &value); 221 + 222 + return be32_to_cpu(value); 223 + } 224 + EXPORT_SYMBOL_GPL(tpm_buf_read_u32); 225 + 226 + static u16 tpm_buf_tag(struct tpm_buf *buf) 227 + { 228 + struct tpm_header *head = (struct tpm_header *)buf->data; 229 + 230 + return be16_to_cpu(head->tag); 231 + } 232 + 233 + /** 234 + * tpm_buf_parameters - return the TPM response parameters area of the tpm_buf 235 + * @buf: tpm_buf to use 236 + * 237 + * Where the parameters are located depends on the tag of a TPM 238 + * command (it's immediately after the header for TPM_ST_NO_SESSIONS 239 + * or 4 bytes after for TPM_ST_SESSIONS). Evaluate this and return a 240 + * pointer to the first byte of the parameters area. 241 + * 242 + * @return: pointer to parameters area 243 + */ 244 + u8 *tpm_buf_parameters(struct tpm_buf *buf) 245 + { 246 + int offset = TPM_HEADER_SIZE; 247 + 248 + if (tpm_buf_tag(buf) == TPM2_ST_SESSIONS) 249 + offset += 4; 250 + 251 + return &buf->data[offset]; 252 + }

+6

drivers/char/tpm/tpm-chip.c

··· 158 158 { 159 159 int rc = -EIO; 160 160 161 + if (chip->flags & TPM_CHIP_FLAG_DISABLE) 162 + return rc; 163 + 161 164 get_device(&chip->dev); 162 165 163 166 down_read(&chip->ops_sem); ··· 278 275 kfree(chip->work_space.context_buf); 279 276 kfree(chip->work_space.session_buf); 280 277 kfree(chip->allocated_banks); 278 + #ifdef CONFIG_TCG_TPM2_HMAC 279 + kfree(chip->auth); 280 + #endif 281 281 kfree(chip); 282 282 } 283 283

+1 -25

drivers/char/tpm/tpm-interface.c

··· 232 232 if (len < min_rsp_body_length + TPM_HEADER_SIZE) 233 233 return -EFAULT; 234 234 235 + buf->length = len; 235 236 return 0; 236 237 } 237 238 EXPORT_SYMBOL_GPL(tpm_transmit_cmd); ··· 342 341 return rc; 343 342 } 344 343 EXPORT_SYMBOL_GPL(tpm_pcr_extend); 345 - 346 - /** 347 - * tpm_send - send a TPM command 348 - * @chip: a &struct tpm_chip instance, %NULL for the default chip 349 - * @cmd: a TPM command buffer 350 - * @buflen: the length of the TPM command buffer 351 - * 352 - * Return: same as with tpm_transmit_cmd() 353 - */ 354 - int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) 355 - { 356 - struct tpm_buf buf; 357 - int rc; 358 - 359 - chip = tpm_find_get_ops(chip); 360 - if (!chip) 361 - return -ENODEV; 362 - 363 - buf.data = cmd; 364 - rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to a send a command"); 365 - 366 - tpm_put_ops(chip); 367 - return rc; 368 - } 369 - EXPORT_SYMBOL_GPL(tpm_send); 370 344 371 345 int tpm_auto_startup(struct tpm_chip *chip) 372 346 {

+18

drivers/char/tpm/tpm-sysfs.c

··· 309 309 } 310 310 static DEVICE_ATTR_RO(tpm_version_major); 311 311 312 + #ifdef CONFIG_TCG_TPM2_HMAC 313 + static ssize_t null_name_show(struct device *dev, struct device_attribute *attr, 314 + char *buf) 315 + { 316 + struct tpm_chip *chip = to_tpm_chip(dev); 317 + int size = TPM2_NAME_SIZE; 318 + 319 + bin2hex(buf, chip->null_key_name, size); 320 + size *= 2; 321 + buf[size++] = '\n'; 322 + return size; 323 + } 324 + static DEVICE_ATTR_RO(null_name); 325 + #endif 326 + 312 327 static struct attribute *tpm1_dev_attrs[] = { 313 328 &dev_attr_pubek.attr, 314 329 &dev_attr_pcrs.attr, ··· 341 326 342 327 static struct attribute *tpm2_dev_attrs[] = { 343 328 &dev_attr_tpm_version_major.attr, 329 + #ifdef CONFIG_TCG_TPM2_HMAC 330 + &dev_attr_null_name.attr, 331 + #endif 344 332 NULL 345 333 }; 346 334

+14

drivers/char/tpm/tpm.h

··· 312 312 size_t *bufsiz); 313 313 int tpm_devs_add(struct tpm_chip *chip); 314 314 void tpm_devs_remove(struct tpm_chip *chip); 315 + int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, 316 + unsigned int buf_size, unsigned int *offset); 317 + int tpm2_load_context(struct tpm_chip *chip, u8 *buf, 318 + unsigned int *offset, u32 *handle); 315 319 316 320 void tpm_bios_log_setup(struct tpm_chip *chip); 317 321 void tpm_bios_log_teardown(struct tpm_chip *chip); 318 322 int tpm_dev_common_init(void); 319 323 void tpm_dev_common_exit(void); 324 + 325 + #ifdef CONFIG_TCG_TPM2_HMAC 326 + int tpm2_sessions_init(struct tpm_chip *chip); 327 + #else 328 + static inline int tpm2_sessions_init(struct tpm_chip *chip) 329 + { 330 + return 0; 331 + } 332 + #endif 333 + 320 334 #endif

+32 -21

drivers/char/tpm/tpm2-cmd.c

··· 216 216 return rc; 217 217 } 218 218 219 - struct tpm2_null_auth_area { 220 - __be32 handle; 221 - __be16 nonce_size; 222 - u8 attributes; 223 - __be16 auth_size; 224 - } __packed; 225 - 226 219 /** 227 220 * tpm2_pcr_extend() - extend a PCR value 228 221 * ··· 229 236 struct tpm_digest *digests) 230 237 { 231 238 struct tpm_buf buf; 232 - struct tpm2_null_auth_area auth_area; 233 239 int rc; 234 240 int i; 235 241 236 - rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); 242 + rc = tpm2_start_auth_session(chip); 237 243 if (rc) 238 244 return rc; 239 245 240 - tpm_buf_append_u32(&buf, pcr_idx); 246 + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); 247 + if (rc) { 248 + tpm2_end_auth_session(chip); 249 + return rc; 250 + } 241 251 242 - auth_area.handle = cpu_to_be32(TPM2_RS_PW); 243 - auth_area.nonce_size = 0; 244 - auth_area.attributes = 0; 245 - auth_area.auth_size = 0; 252 + tpm_buf_append_name(chip, &buf, pcr_idx, NULL); 253 + tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0); 246 254 247 - tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area)); 248 - tpm_buf_append(&buf, (const unsigned char *)&auth_area, 249 - sizeof(auth_area)); 250 255 tpm_buf_append_u32(&buf, chip->nr_allocated_banks); 251 256 252 257 for (i = 0; i < chip->nr_allocated_banks; i++) { ··· 253 262 chip->allocated_banks[i].digest_size); 254 263 } 255 264 265 + tpm_buf_fill_hmac_session(chip, &buf); 256 266 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value"); 267 + rc = tpm_buf_check_hmac_response(chip, &buf, rc); 257 268 258 269 tpm_buf_destroy(&buf); 259 270 ··· 292 299 if (!num_bytes || max > TPM_MAX_RNG_DATA) 293 300 return -EINVAL; 294 301 295 - err = tpm_buf_init(&buf, 0, 0); 302 + err = tpm2_start_auth_session(chip); 296 303 if (err) 297 304 return err; 298 305 306 + err = tpm_buf_init(&buf, 0, 0); 307 + if (err) { 308 + tpm2_end_auth_session(chip); 309 + return err; 310 + } 311 + 299 312 do { 300 - tpm_buf_reset(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_RANDOM); 313 + tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM); 314 + tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT 315 + | TPM2_SA_CONTINUE_SESSION, 316 + NULL, 0); 301 317 tpm_buf_append_u16(&buf, num_bytes); 318 + tpm_buf_fill_hmac_session(chip, &buf); 302 319 err = tpm_transmit_cmd(chip, &buf, 303 320 offsetof(struct tpm2_get_random_out, 304 321 buffer), 305 322 "attempting get random"); 323 + err = tpm_buf_check_hmac_response(chip, &buf, err); 306 324 if (err) { 307 325 if (err > 0) 308 326 err = -EIO; 309 327 goto out; 310 328 } 311 329 312 - out = (struct tpm2_get_random_out *) 313 - &buf.data[TPM_HEADER_SIZE]; 330 + out = (struct tpm2_get_random_out *)tpm_buf_parameters(&buf); 314 331 recd = min_t(u32, be16_to_cpu(out->size), num_bytes); 315 332 if (tpm_buf_length(&buf) < 316 333 TPM_HEADER_SIZE + ··· 337 334 } while (retries-- && total < max); 338 335 339 336 tpm_buf_destroy(&buf); 337 + tpm2_end_auth_session(chip); 338 + 340 339 return total ? total : -EIO; 341 340 out: 342 341 tpm_buf_destroy(&buf); 342 + tpm2_end_auth_session(chip); 343 343 return err; 344 344 } 345 345 ··· 764 758 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE; 765 759 rc = 0; 766 760 } 761 + 762 + if (rc) 763 + goto out; 764 + 765 + rc = tpm2_sessions_init(chip); 767 766 768 767 out: 769 768 /*

+1286

drivers/char/tpm/tpm2-sessions.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + /* 4 + * Copyright (C) 2018 James.Bottomley@HansenPartnership.com 5 + * 6 + * Cryptographic helper routines for handling TPM2 sessions for 7 + * authorization HMAC and request response encryption. 8 + * 9 + * The idea is to ensure that every TPM command is HMAC protected by a 10 + * session, meaning in-flight tampering would be detected and in 11 + * addition all sensitive inputs and responses should be encrypted. 12 + * 13 + * The basic way this works is to use a TPM feature called salted 14 + * sessions where a random secret used in session construction is 15 + * encrypted to the public part of a known TPM key. The problem is we 16 + * have no known keys, so initially a primary Elliptic Curve key is 17 + * derived from the NULL seed (we use EC because most TPMs generate 18 + * these keys much faster than RSA ones). The curve used is NIST_P256 19 + * because that's now mandated to be present in 'TCG TPM v2.0 20 + * Provisioning Guidance' 21 + * 22 + * Threat problems: the initial TPM2_CreatePrimary is not (and cannot 23 + * be) session protected, so a clever Man in the Middle could return a 24 + * public key they control to this command and from there intercept 25 + * and decode all subsequent session based transactions. The kernel 26 + * cannot mitigate this threat but, after boot, userspace can get 27 + * proof this has not happened by asking the TPM to certify the NULL 28 + * key. This certification would chain back to the TPM Endorsement 29 + * Certificate and prove the NULL seed primary had not been tampered 30 + * with and thus all sessions must have been cryptographically secure. 31 + * To assist with this, the initial NULL seed public key name is made 32 + * available in a sysfs file. 33 + * 34 + * Use of these functions: 35 + * 36 + * The design is all the crypto, hash and hmac gunk is confined in this 37 + * file and never needs to be seen even by the kernel internal user. To 38 + * the user there's an init function tpm2_sessions_init() that needs to 39 + * be called once per TPM which generates the NULL seed primary key. 40 + * 41 + * These are the usage functions: 42 + * 43 + * tpm2_start_auth_session() which allocates the opaque auth structure 44 + * and gets a session from the TPM. This must be called before 45 + * any of the following functions. The session is protected by a 46 + * session_key which is derived from a random salt value 47 + * encrypted to the NULL seed. 48 + * tpm2_end_auth_session() kills the session and frees the resources. 49 + * Under normal operation this function is done by 50 + * tpm_buf_check_hmac_response(), so this is only to be used on 51 + * error legs where the latter is not executed. 52 + * tpm_buf_append_name() to add a handle to the buffer. This must be 53 + * used in place of the usual tpm_buf_append_u32() for adding 54 + * handles because handles have to be processed specially when 55 + * calculating the HMAC. In particular, for NV, volatile and 56 + * permanent objects you now need to provide the name. 57 + * tpm_buf_append_hmac_session() which appends the hmac session to the 58 + * buf in the same way tpm_buf_append_auth does(). 59 + * tpm_buf_fill_hmac_session() This calculates the correct hash and 60 + * places it in the buffer. It must be called after the complete 61 + * command buffer is finalized so it can fill in the correct HMAC 62 + * based on the parameters. 63 + * tpm_buf_check_hmac_response() which checks the session response in 64 + * the buffer and calculates what it should be. If there's a 65 + * mismatch it will log a warning and return an error. If 66 + * tpm_buf_append_hmac_session() did not specify 67 + * TPM_SA_CONTINUE_SESSION then the session will be closed (if it 68 + * hasn't been consumed) and the auth structure freed. 69 + */ 70 + 71 + #include "tpm.h" 72 + #include <linux/random.h> 73 + #include <linux/scatterlist.h> 74 + #include <asm/unaligned.h> 75 + #include <crypto/kpp.h> 76 + #include <crypto/ecdh.h> 77 + #include <crypto/hash.h> 78 + #include <crypto/hmac.h> 79 + 80 + /* maximum number of names the TPM must remember for authorization */ 81 + #define AUTH_MAX_NAMES 3 82 + 83 + static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, 84 + u32 *handle, u8 *name); 85 + 86 + /* 87 + * This is the structure that carries all the auth information (like 88 + * session handle, nonces, session key and auth) from use to use it is 89 + * designed to be opaque to anything outside. 90 + */ 91 + struct tpm2_auth { 92 + u32 handle; 93 + /* 94 + * This has two meanings: before tpm_buf_fill_hmac_session() 95 + * it marks the offset in the buffer of the start of the 96 + * sessions (i.e. after all the handles). Once the buffer has 97 + * been filled it markes the session number of our auth 98 + * session so we can find it again in the response buffer. 99 + * 100 + * The two cases are distinguished because the first offset 101 + * must always be greater than TPM_HEADER_SIZE and the second 102 + * must be less than or equal to 5. 103 + */ 104 + u32 session; 105 + /* 106 + * the size here is variable and set by the size of our_nonce 107 + * which must be between 16 and the name hash length. we set 108 + * the maximum sha256 size for the greatest protection 109 + */ 110 + u8 our_nonce[SHA256_DIGEST_SIZE]; 111 + u8 tpm_nonce[SHA256_DIGEST_SIZE]; 112 + /* 113 + * the salt is only used across the session command/response 114 + * after that it can be used as a scratch area 115 + */ 116 + union { 117 + u8 salt[EC_PT_SZ]; 118 + /* scratch for key + IV */ 119 + u8 scratch[AES_KEY_BYTES + AES_BLOCK_SIZE]; 120 + }; 121 + /* 122 + * the session key and passphrase are the same size as the 123 + * name digest (sha256 again). The session key is constant 124 + * for the use of the session and the passphrase can change 125 + * with every invocation. 126 + * 127 + * Note: these fields must be adjacent and in this order 128 + * because several HMAC/KDF schemes use the combination of the 129 + * session_key and passphrase. 130 + */ 131 + u8 session_key[SHA256_DIGEST_SIZE]; 132 + u8 passphrase[SHA256_DIGEST_SIZE]; 133 + int passphrase_len; 134 + struct crypto_aes_ctx aes_ctx; 135 + /* saved session attributes: */ 136 + u8 attrs; 137 + __be32 ordinal; 138 + 139 + /* 140 + * memory for three authorization handles. We know them by 141 + * handle, but they are part of the session by name, which 142 + * we must compute and remember 143 + */ 144 + u32 name_h[AUTH_MAX_NAMES]; 145 + u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; 146 + }; 147 + 148 + /* 149 + * Name Size based on TPM algorithm (assumes no hash bigger than 255) 150 + */ 151 + static u8 name_size(const u8 *name) 152 + { 153 + static u8 size_map[] = { 154 + [TPM_ALG_SHA1] = SHA1_DIGEST_SIZE, 155 + [TPM_ALG_SHA256] = SHA256_DIGEST_SIZE, 156 + [TPM_ALG_SHA384] = SHA384_DIGEST_SIZE, 157 + [TPM_ALG_SHA512] = SHA512_DIGEST_SIZE, 158 + }; 159 + u16 alg = get_unaligned_be16(name); 160 + return size_map[alg] + 2; 161 + } 162 + 163 + /* 164 + * It turns out the crypto hmac(sha256) is hard for us to consume 165 + * because it assumes a fixed key and the TPM seems to change the key 166 + * on every operation, so we weld the hmac init and final functions in 167 + * here to give it the same usage characteristics as a regular hash 168 + */ 169 + static void tpm2_hmac_init(struct sha256_state *sctx, u8 *key, u32 key_len) 170 + { 171 + u8 pad[SHA256_BLOCK_SIZE]; 172 + int i; 173 + 174 + sha256_init(sctx); 175 + for (i = 0; i < sizeof(pad); i++) { 176 + if (i < key_len) 177 + pad[i] = key[i]; 178 + else 179 + pad[i] = 0; 180 + pad[i] ^= HMAC_IPAD_VALUE; 181 + } 182 + sha256_update(sctx, pad, sizeof(pad)); 183 + } 184 + 185 + static void tpm2_hmac_final(struct sha256_state *sctx, u8 *key, u32 key_len, 186 + u8 *out) 187 + { 188 + u8 pad[SHA256_BLOCK_SIZE]; 189 + int i; 190 + 191 + for (i = 0; i < sizeof(pad); i++) { 192 + if (i < key_len) 193 + pad[i] = key[i]; 194 + else 195 + pad[i] = 0; 196 + pad[i] ^= HMAC_OPAD_VALUE; 197 + } 198 + 199 + /* collect the final hash; use out as temporary storage */ 200 + sha256_final(sctx, out); 201 + 202 + sha256_init(sctx); 203 + sha256_update(sctx, pad, sizeof(pad)); 204 + sha256_update(sctx, out, SHA256_DIGEST_SIZE); 205 + sha256_final(sctx, out); 206 + } 207 + 208 + /* 209 + * assume hash sha256 and nonces u, v of size SHA256_DIGEST_SIZE but 210 + * otherwise standard tpm2_KDFa. Note output is in bytes not bits. 211 + */ 212 + static void tpm2_KDFa(u8 *key, u32 key_len, const char *label, u8 *u, 213 + u8 *v, u32 bytes, u8 *out) 214 + { 215 + u32 counter = 1; 216 + const __be32 bits = cpu_to_be32(bytes * 8); 217 + 218 + while (bytes > 0) { 219 + struct sha256_state sctx; 220 + __be32 c = cpu_to_be32(counter); 221 + 222 + tpm2_hmac_init(&sctx, key, key_len); 223 + sha256_update(&sctx, (u8 *)&c, sizeof(c)); 224 + sha256_update(&sctx, label, strlen(label)+1); 225 + sha256_update(&sctx, u, SHA256_DIGEST_SIZE); 226 + sha256_update(&sctx, v, SHA256_DIGEST_SIZE); 227 + sha256_update(&sctx, (u8 *)&bits, sizeof(bits)); 228 + tpm2_hmac_final(&sctx, key, key_len, out); 229 + 230 + bytes -= SHA256_DIGEST_SIZE; 231 + counter++; 232 + out += SHA256_DIGEST_SIZE; 233 + } 234 + } 235 + 236 + /* 237 + * Somewhat of a bastardization of the real KDFe. We're assuming 238 + * we're working with known point sizes for the input parameters and 239 + * the hash algorithm is fixed at sha256. Because we know that the 240 + * point size is 32 bytes like the hash size, there's no need to loop 241 + * in this KDF. 242 + */ 243 + static void tpm2_KDFe(u8 z[EC_PT_SZ], const char *str, u8 *pt_u, u8 *pt_v, 244 + u8 *out) 245 + { 246 + struct sha256_state sctx; 247 + /* 248 + * this should be an iterative counter, but because we know 249 + * we're only taking 32 bytes for the point using a sha256 250 + * hash which is also 32 bytes, there's only one loop 251 + */ 252 + __be32 c = cpu_to_be32(1); 253 + 254 + sha256_init(&sctx); 255 + /* counter (BE) */ 256 + sha256_update(&sctx, (u8 *)&c, sizeof(c)); 257 + /* secret value */ 258 + sha256_update(&sctx, z, EC_PT_SZ); 259 + /* string including trailing zero */ 260 + sha256_update(&sctx, str, strlen(str)+1); 261 + sha256_update(&sctx, pt_u, EC_PT_SZ); 262 + sha256_update(&sctx, pt_v, EC_PT_SZ); 263 + sha256_final(&sctx, out); 264 + } 265 + 266 + static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) 267 + { 268 + struct crypto_kpp *kpp; 269 + struct kpp_request *req; 270 + struct scatterlist s[2], d[1]; 271 + struct ecdh p = {0}; 272 + u8 encoded_key[EC_PT_SZ], *x, *y; 273 + unsigned int buf_len; 274 + 275 + /* secret is two sized points */ 276 + tpm_buf_append_u16(buf, (EC_PT_SZ + 2)*2); 277 + /* 278 + * we cheat here and append uninitialized data to form 279 + * the points. All we care about is getting the two 280 + * co-ordinate pointers, which will be used to overwrite 281 + * the uninitialized data 282 + */ 283 + tpm_buf_append_u16(buf, EC_PT_SZ); 284 + x = &buf->data[tpm_buf_length(buf)]; 285 + tpm_buf_append(buf, encoded_key, EC_PT_SZ); 286 + tpm_buf_append_u16(buf, EC_PT_SZ); 287 + y = &buf->data[tpm_buf_length(buf)]; 288 + tpm_buf_append(buf, encoded_key, EC_PT_SZ); 289 + sg_init_table(s, 2); 290 + sg_set_buf(&s[0], x, EC_PT_SZ); 291 + sg_set_buf(&s[1], y, EC_PT_SZ); 292 + 293 + kpp = crypto_alloc_kpp("ecdh-nist-p256", CRYPTO_ALG_INTERNAL, 0); 294 + if (IS_ERR(kpp)) { 295 + dev_err(&chip->dev, "crypto ecdh allocation failed\n"); 296 + return; 297 + } 298 + 299 + buf_len = crypto_ecdh_key_len(&p); 300 + if (sizeof(encoded_key) < buf_len) { 301 + dev_err(&chip->dev, "salt buffer too small needs %d\n", 302 + buf_len); 303 + goto out; 304 + } 305 + crypto_ecdh_encode_key(encoded_key, buf_len, &p); 306 + /* this generates a random private key */ 307 + crypto_kpp_set_secret(kpp, encoded_key, buf_len); 308 + 309 + /* salt is now the public point of this private key */ 310 + req = kpp_request_alloc(kpp, GFP_KERNEL); 311 + if (!req) 312 + goto out; 313 + kpp_request_set_input(req, NULL, 0); 314 + kpp_request_set_output(req, s, EC_PT_SZ*2); 315 + crypto_kpp_generate_public_key(req); 316 + /* 317 + * we're not done: now we have to compute the shared secret 318 + * which is our private key multiplied by the tpm_key public 319 + * point, we actually only take the x point and discard the y 320 + * point and feed it through KDFe to get the final secret salt 321 + */ 322 + sg_set_buf(&s[0], chip->null_ec_key_x, EC_PT_SZ); 323 + sg_set_buf(&s[1], chip->null_ec_key_y, EC_PT_SZ); 324 + kpp_request_set_input(req, s, EC_PT_SZ*2); 325 + sg_init_one(d, chip->auth->salt, EC_PT_SZ); 326 + kpp_request_set_output(req, d, EC_PT_SZ); 327 + crypto_kpp_compute_shared_secret(req); 328 + kpp_request_free(req); 329 + 330 + /* 331 + * pass the shared secret through KDFe for salt. Note salt 332 + * area is used both for input shared secret and output salt. 333 + * This works because KDFe fully consumes the secret before it 334 + * writes the salt 335 + */ 336 + tpm2_KDFe(chip->auth->salt, "SECRET", x, chip->null_ec_key_x, 337 + chip->auth->salt); 338 + 339 + out: 340 + crypto_free_kpp(kpp); 341 + } 342 + 343 + /** 344 + * tpm_buf_append_hmac_session() - Append a TPM session element 345 + * @chip: the TPM chip structure 346 + * @buf: The buffer to be appended 347 + * @attributes: The session attributes 348 + * @passphrase: The session authority (NULL if none) 349 + * @passphrase_len: The length of the session authority (0 if none) 350 + * 351 + * This fills in a session structure in the TPM command buffer, except 352 + * for the HMAC which cannot be computed until the command buffer is 353 + * complete. The type of session is controlled by the @attributes, 354 + * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the 355 + * session won't terminate after tpm_buf_check_hmac_response(), 356 + * TPM2_SA_DECRYPT which means this buffers first parameter should be 357 + * encrypted with a session key and TPM2_SA_ENCRYPT, which means the 358 + * response buffer's first parameter needs to be decrypted (confusing, 359 + * but the defines are written from the point of view of the TPM). 360 + * 361 + * Any session appended by this command must be finalized by calling 362 + * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect 363 + * and the TPM will reject the command. 364 + * 365 + * As with most tpm_buf operations, success is assumed because failure 366 + * will be caused by an incorrect programming model and indicated by a 367 + * kernel message. 368 + */ 369 + void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, 370 + u8 attributes, u8 *passphrase, 371 + int passphrase_len) 372 + { 373 + u8 nonce[SHA256_DIGEST_SIZE]; 374 + u32 len; 375 + struct tpm2_auth *auth = chip->auth; 376 + 377 + /* 378 + * The Architecture Guide requires us to strip trailing zeros 379 + * before computing the HMAC 380 + */ 381 + while (passphrase && passphrase_len > 0 382 + && passphrase[passphrase_len - 1] == '\0') 383 + passphrase_len--; 384 + 385 + auth->attrs = attributes; 386 + auth->passphrase_len = passphrase_len; 387 + if (passphrase_len) 388 + memcpy(auth->passphrase, passphrase, passphrase_len); 389 + 390 + if (auth->session != tpm_buf_length(buf)) { 391 + /* we're not the first session */ 392 + len = get_unaligned_be32(&buf->data[auth->session]); 393 + if (4 + len + auth->session != tpm_buf_length(buf)) { 394 + WARN(1, "session length mismatch, cannot append"); 395 + return; 396 + } 397 + 398 + /* add our new session */ 399 + len += 9 + 2 * SHA256_DIGEST_SIZE; 400 + put_unaligned_be32(len, &buf->data[auth->session]); 401 + } else { 402 + tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); 403 + } 404 + 405 + /* random number for our nonce */ 406 + get_random_bytes(nonce, sizeof(nonce)); 407 + memcpy(auth->our_nonce, nonce, sizeof(nonce)); 408 + tpm_buf_append_u32(buf, auth->handle); 409 + /* our new nonce */ 410 + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); 411 + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); 412 + tpm_buf_append_u8(buf, auth->attrs); 413 + /* and put a placeholder for the hmac */ 414 + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); 415 + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); 416 + } 417 + EXPORT_SYMBOL(tpm_buf_append_hmac_session); 418 + 419 + /** 420 + * tpm_buf_fill_hmac_session() - finalize the session HMAC 421 + * @chip: the TPM chip structure 422 + * @buf: The buffer to be appended 423 + * 424 + * This command must not be called until all of the parameters have 425 + * been appended to @buf otherwise the computed HMAC will be 426 + * incorrect. 427 + * 428 + * This function computes and fills in the session HMAC using the 429 + * session key and, if TPM2_SA_DECRYPT was specified, computes the 430 + * encryption key and encrypts the first parameter of the command 431 + * buffer with it. 432 + * 433 + * As with most tpm_buf operations, success is assumed because failure 434 + * will be caused by an incorrect programming model and indicated by a 435 + * kernel message. 436 + */ 437 + void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) 438 + { 439 + u32 cc, handles, val; 440 + struct tpm2_auth *auth = chip->auth; 441 + int i; 442 + struct tpm_header *head = (struct tpm_header *)buf->data; 443 + off_t offset_s = TPM_HEADER_SIZE, offset_p; 444 + u8 *hmac = NULL; 445 + u32 attrs; 446 + u8 cphash[SHA256_DIGEST_SIZE]; 447 + struct sha256_state sctx; 448 + 449 + /* save the command code in BE format */ 450 + auth->ordinal = head->ordinal; 451 + 452 + cc = be32_to_cpu(head->ordinal); 453 + 454 + i = tpm2_find_cc(chip, cc); 455 + if (i < 0) { 456 + dev_err(&chip->dev, "Command 0x%x not found in TPM\n", cc); 457 + return; 458 + } 459 + attrs = chip->cc_attrs_tbl[i]; 460 + 461 + handles = (attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0); 462 + 463 + /* 464 + * just check the names, it's easy to make mistakes. This 465 + * would happen if someone added a handle via 466 + * tpm_buf_append_u32() instead of tpm_buf_append_name() 467 + */ 468 + for (i = 0; i < handles; i++) { 469 + u32 handle = tpm_buf_read_u32(buf, &offset_s); 470 + 471 + if (auth->name_h[i] != handle) { 472 + dev_err(&chip->dev, "TPM: handle %d wrong for name\n", 473 + i); 474 + return; 475 + } 476 + } 477 + /* point offset_s to the start of the sessions */ 478 + val = tpm_buf_read_u32(buf, &offset_s); 479 + /* point offset_p to the start of the parameters */ 480 + offset_p = offset_s + val; 481 + for (i = 1; offset_s < offset_p; i++) { 482 + u32 handle = tpm_buf_read_u32(buf, &offset_s); 483 + u16 len; 484 + u8 a; 485 + 486 + /* nonce (already in auth) */ 487 + len = tpm_buf_read_u16(buf, &offset_s); 488 + offset_s += len; 489 + 490 + a = tpm_buf_read_u8(buf, &offset_s); 491 + 492 + len = tpm_buf_read_u16(buf, &offset_s); 493 + if (handle == auth->handle && auth->attrs == a) { 494 + hmac = &buf->data[offset_s]; 495 + /* 496 + * save our session number so we know which 497 + * session in the response belongs to us 498 + */ 499 + auth->session = i; 500 + } 501 + 502 + offset_s += len; 503 + } 504 + if (offset_s != offset_p) { 505 + dev_err(&chip->dev, "TPM session length is incorrect\n"); 506 + return; 507 + } 508 + if (!hmac) { 509 + dev_err(&chip->dev, "TPM could not find HMAC session\n"); 510 + return; 511 + } 512 + 513 + /* encrypt before HMAC */ 514 + if (auth->attrs & TPM2_SA_DECRYPT) { 515 + u16 len; 516 + 517 + /* need key and IV */ 518 + tpm2_KDFa(auth->session_key, SHA256_DIGEST_SIZE 519 + + auth->passphrase_len, "CFB", auth->our_nonce, 520 + auth->tpm_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE, 521 + auth->scratch); 522 + 523 + len = tpm_buf_read_u16(buf, &offset_p); 524 + aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES); 525 + aescfb_encrypt(&auth->aes_ctx, &buf->data[offset_p], 526 + &buf->data[offset_p], len, 527 + auth->scratch + AES_KEY_BYTES); 528 + /* reset p to beginning of parameters for HMAC */ 529 + offset_p -= 2; 530 + } 531 + 532 + sha256_init(&sctx); 533 + /* ordinal is already BE */ 534 + sha256_update(&sctx, (u8 *)&head->ordinal, sizeof(head->ordinal)); 535 + /* add the handle names */ 536 + for (i = 0; i < handles; i++) { 537 + enum tpm2_mso_type mso = tpm2_handle_mso(auth->name_h[i]); 538 + 539 + if (mso == TPM2_MSO_PERSISTENT || 540 + mso == TPM2_MSO_VOLATILE || 541 + mso == TPM2_MSO_NVRAM) { 542 + sha256_update(&sctx, auth->name[i], 543 + name_size(auth->name[i])); 544 + } else { 545 + __be32 h = cpu_to_be32(auth->name_h[i]); 546 + 547 + sha256_update(&sctx, (u8 *)&h, 4); 548 + } 549 + } 550 + if (offset_s != tpm_buf_length(buf)) 551 + sha256_update(&sctx, &buf->data[offset_s], 552 + tpm_buf_length(buf) - offset_s); 553 + sha256_final(&sctx, cphash); 554 + 555 + /* now calculate the hmac */ 556 + tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key) 557 + + auth->passphrase_len); 558 + sha256_update(&sctx, cphash, sizeof(cphash)); 559 + sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce)); 560 + sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); 561 + sha256_update(&sctx, &auth->attrs, 1); 562 + tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key) 563 + + auth->passphrase_len, hmac); 564 + } 565 + EXPORT_SYMBOL(tpm_buf_fill_hmac_session); 566 + 567 + static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) 568 + { 569 + struct tpm_header *head = (struct tpm_header *)buf->data; 570 + off_t offset = TPM_HEADER_SIZE; 571 + u32 tot_len = be32_to_cpu(head->length); 572 + u32 val; 573 + 574 + /* we're starting after the header so adjust the length */ 575 + tot_len -= TPM_HEADER_SIZE; 576 + 577 + /* skip public */ 578 + val = tpm_buf_read_u16(buf, &offset); 579 + if (val > tot_len) 580 + return -EINVAL; 581 + offset += val; 582 + /* name */ 583 + val = tpm_buf_read_u16(buf, &offset); 584 + if (val != name_size(&buf->data[offset])) 585 + return -EINVAL; 586 + memcpy(name, &buf->data[offset], val); 587 + /* forget the rest */ 588 + return 0; 589 + } 590 + 591 + static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) 592 + { 593 + struct tpm_buf buf; 594 + int rc; 595 + 596 + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); 597 + if (rc) 598 + return rc; 599 + 600 + tpm_buf_append_u32(&buf, handle); 601 + rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); 602 + if (rc == TPM2_RC_SUCCESS) 603 + rc = tpm2_parse_read_public(name, &buf); 604 + 605 + tpm_buf_destroy(&buf); 606 + 607 + return rc; 608 + } 609 + 610 + /** 611 + * tpm_buf_append_name() - add a handle area to the buffer 612 + * @chip: the TPM chip structure 613 + * @buf: The buffer to be appended 614 + * @handle: The handle to be appended 615 + * @name: The name of the handle (may be NULL) 616 + * 617 + * In order to compute session HMACs, we need to know the names of the 618 + * objects pointed to by the handles. For most objects, this is simply 619 + * the actual 4 byte handle or an empty buf (in these cases @name 620 + * should be NULL) but for volatile objects, permanent objects and NV 621 + * areas, the name is defined as the hash (according to the name 622 + * algorithm which should be set to sha256) of the public area to 623 + * which the two byte algorithm id has been appended. For these 624 + * objects, the @name pointer should point to this. If a name is 625 + * required but @name is NULL, then TPM2_ReadPublic() will be called 626 + * on the handle to obtain the name. 627 + * 628 + * As with most tpm_buf operations, success is assumed because failure 629 + * will be caused by an incorrect programming model and indicated by a 630 + * kernel message. 631 + */ 632 + void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, 633 + u32 handle, u8 *name) 634 + { 635 + enum tpm2_mso_type mso = tpm2_handle_mso(handle); 636 + struct tpm2_auth *auth = chip->auth; 637 + int slot; 638 + 639 + slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE)/4; 640 + if (slot >= AUTH_MAX_NAMES) { 641 + dev_err(&chip->dev, "TPM: too many handles\n"); 642 + return; 643 + } 644 + WARN(auth->session != tpm_buf_length(buf), 645 + "name added in wrong place\n"); 646 + tpm_buf_append_u32(buf, handle); 647 + auth->session += 4; 648 + 649 + if (mso == TPM2_MSO_PERSISTENT || 650 + mso == TPM2_MSO_VOLATILE || 651 + mso == TPM2_MSO_NVRAM) { 652 + if (!name) 653 + tpm2_read_public(chip, handle, auth->name[slot]); 654 + } else { 655 + if (name) 656 + dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); 657 + } 658 + 659 + auth->name_h[slot] = handle; 660 + if (name) 661 + memcpy(auth->name[slot], name, name_size(name)); 662 + } 663 + EXPORT_SYMBOL(tpm_buf_append_name); 664 + 665 + /** 666 + * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness 667 + * @chip: the TPM chip structure 668 + * @buf: the original command buffer (which now contains the response) 669 + * @rc: the return code from tpm_transmit_cmd 670 + * 671 + * If @rc is non zero, @buf may not contain an actual return, so @rc 672 + * is passed through as the return and the session cleaned up and 673 + * de-allocated if required (this is required if 674 + * TPM2_SA_CONTINUE_SESSION was not specified as a session flag). 675 + * 676 + * If @rc is zero, the response HMAC is computed against the returned 677 + * @buf and matched to the TPM one in the session area. If there is a 678 + * mismatch, an error is logged and -EINVAL returned. 679 + * 680 + * The reason for this is that the command issue and HMAC check 681 + * sequence should look like: 682 + * 683 + * rc = tpm_transmit_cmd(...); 684 + * rc = tpm_buf_check_hmac_response(&buf, auth, rc); 685 + * if (rc) 686 + * ... 687 + * 688 + * Which is easily layered into the current contrl flow. 689 + * 690 + * Returns: 0 on success or an error. 691 + */ 692 + int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, 693 + int rc) 694 + { 695 + struct tpm_header *head = (struct tpm_header *)buf->data; 696 + struct tpm2_auth *auth = chip->auth; 697 + off_t offset_s, offset_p; 698 + u8 rphash[SHA256_DIGEST_SIZE]; 699 + u32 attrs; 700 + struct sha256_state sctx; 701 + u16 tag = be16_to_cpu(head->tag); 702 + u32 cc = be32_to_cpu(auth->ordinal); 703 + int parm_len, len, i, handles; 704 + 705 + if (auth->session >= TPM_HEADER_SIZE) { 706 + WARN(1, "tpm session not filled correctly\n"); 707 + goto out; 708 + } 709 + 710 + if (rc != 0) 711 + /* pass non success rc through and close the session */ 712 + goto out; 713 + 714 + rc = -EINVAL; 715 + if (tag != TPM2_ST_SESSIONS) { 716 + dev_err(&chip->dev, "TPM: HMAC response check has no sessions tag\n"); 717 + goto out; 718 + } 719 + 720 + i = tpm2_find_cc(chip, cc); 721 + if (i < 0) 722 + goto out; 723 + attrs = chip->cc_attrs_tbl[i]; 724 + handles = (attrs >> TPM2_CC_ATTR_RHANDLE) & 1; 725 + 726 + /* point to area beyond handles */ 727 + offset_s = TPM_HEADER_SIZE + handles * 4; 728 + parm_len = tpm_buf_read_u32(buf, &offset_s); 729 + offset_p = offset_s; 730 + offset_s += parm_len; 731 + /* skip over any sessions before ours */ 732 + for (i = 0; i < auth->session - 1; i++) { 733 + len = tpm_buf_read_u16(buf, &offset_s); 734 + offset_s += len + 1; 735 + len = tpm_buf_read_u16(buf, &offset_s); 736 + offset_s += len; 737 + } 738 + /* TPM nonce */ 739 + len = tpm_buf_read_u16(buf, &offset_s); 740 + if (offset_s + len > tpm_buf_length(buf)) 741 + goto out; 742 + if (len != SHA256_DIGEST_SIZE) 743 + goto out; 744 + memcpy(auth->tpm_nonce, &buf->data[offset_s], len); 745 + offset_s += len; 746 + attrs = tpm_buf_read_u8(buf, &offset_s); 747 + len = tpm_buf_read_u16(buf, &offset_s); 748 + if (offset_s + len != tpm_buf_length(buf)) 749 + goto out; 750 + if (len != SHA256_DIGEST_SIZE) 751 + goto out; 752 + /* 753 + * offset_s points to the HMAC. now calculate comparison, beginning 754 + * with rphash 755 + */ 756 + sha256_init(&sctx); 757 + /* yes, I know this is now zero, but it's what the standard says */ 758 + sha256_update(&sctx, (u8 *)&head->return_code, 759 + sizeof(head->return_code)); 760 + /* ordinal is already BE */ 761 + sha256_update(&sctx, (u8 *)&auth->ordinal, sizeof(auth->ordinal)); 762 + sha256_update(&sctx, &buf->data[offset_p], parm_len); 763 + sha256_final(&sctx, rphash); 764 + 765 + /* now calculate the hmac */ 766 + tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key) 767 + + auth->passphrase_len); 768 + sha256_update(&sctx, rphash, sizeof(rphash)); 769 + sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); 770 + sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce)); 771 + sha256_update(&sctx, &auth->attrs, 1); 772 + /* we're done with the rphash, so put our idea of the hmac there */ 773 + tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key) 774 + + auth->passphrase_len, rphash); 775 + if (memcmp(rphash, &buf->data[offset_s], SHA256_DIGEST_SIZE) == 0) { 776 + rc = 0; 777 + } else { 778 + dev_err(&chip->dev, "TPM: HMAC check failed\n"); 779 + goto out; 780 + } 781 + 782 + /* now do response decryption */ 783 + if (auth->attrs & TPM2_SA_ENCRYPT) { 784 + /* need key and IV */ 785 + tpm2_KDFa(auth->session_key, SHA256_DIGEST_SIZE 786 + + auth->passphrase_len, "CFB", auth->tpm_nonce, 787 + auth->our_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE, 788 + auth->scratch); 789 + 790 + len = tpm_buf_read_u16(buf, &offset_p); 791 + aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES); 792 + aescfb_decrypt(&auth->aes_ctx, &buf->data[offset_p], 793 + &buf->data[offset_p], len, 794 + auth->scratch + AES_KEY_BYTES); 795 + } 796 + 797 + out: 798 + if ((auth->attrs & TPM2_SA_CONTINUE_SESSION) == 0) { 799 + if (rc) 800 + /* manually close the session if it wasn't consumed */ 801 + tpm2_flush_context(chip, auth->handle); 802 + memzero_explicit(auth, sizeof(*auth)); 803 + } else { 804 + /* reset for next use */ 805 + auth->session = TPM_HEADER_SIZE; 806 + } 807 + 808 + return rc; 809 + } 810 + EXPORT_SYMBOL(tpm_buf_check_hmac_response); 811 + 812 + /** 813 + * tpm2_end_auth_session() - kill the allocated auth session 814 + * @chip: the TPM chip structure 815 + * 816 + * ends the session started by tpm2_start_auth_session and frees all 817 + * the resources. Under normal conditions, 818 + * tpm_buf_check_hmac_response() will correctly end the session if 819 + * required, so this function is only for use in error legs that will 820 + * bypass the normal invocation of tpm_buf_check_hmac_response(). 821 + */ 822 + void tpm2_end_auth_session(struct tpm_chip *chip) 823 + { 824 + tpm2_flush_context(chip, chip->auth->handle); 825 + memzero_explicit(chip->auth, sizeof(*chip->auth)); 826 + } 827 + EXPORT_SYMBOL(tpm2_end_auth_session); 828 + 829 + static int tpm2_parse_start_auth_session(struct tpm2_auth *auth, 830 + struct tpm_buf *buf) 831 + { 832 + struct tpm_header *head = (struct tpm_header *)buf->data; 833 + u32 tot_len = be32_to_cpu(head->length); 834 + off_t offset = TPM_HEADER_SIZE; 835 + u32 val; 836 + 837 + /* we're starting after the header so adjust the length */ 838 + tot_len -= TPM_HEADER_SIZE; 839 + 840 + /* should have handle plus nonce */ 841 + if (tot_len != 4 + 2 + sizeof(auth->tpm_nonce)) 842 + return -EINVAL; 843 + 844 + auth->handle = tpm_buf_read_u32(buf, &offset); 845 + val = tpm_buf_read_u16(buf, &offset); 846 + if (val != sizeof(auth->tpm_nonce)) 847 + return -EINVAL; 848 + memcpy(auth->tpm_nonce, &buf->data[offset], sizeof(auth->tpm_nonce)); 849 + /* now compute the session key from the nonces */ 850 + tpm2_KDFa(auth->salt, sizeof(auth->salt), "ATH", auth->tpm_nonce, 851 + auth->our_nonce, sizeof(auth->session_key), 852 + auth->session_key); 853 + 854 + return 0; 855 + } 856 + 857 + static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) 858 + { 859 + int rc; 860 + unsigned int offset = 0; /* dummy offset for null seed context */ 861 + u8 name[SHA256_DIGEST_SIZE + 2]; 862 + 863 + rc = tpm2_load_context(chip, chip->null_key_context, &offset, 864 + null_key); 865 + if (rc != -EINVAL) 866 + return rc; 867 + 868 + /* an integrity failure may mean the TPM has been reset */ 869 + dev_err(&chip->dev, "NULL key integrity failure!\n"); 870 + /* check the null name against what we know */ 871 + tpm2_create_primary(chip, TPM2_RH_NULL, NULL, name); 872 + if (memcmp(name, chip->null_key_name, sizeof(name)) == 0) 873 + /* name unchanged, assume transient integrity failure */ 874 + return rc; 875 + /* 876 + * Fatal TPM failure: the NULL seed has actually changed, so 877 + * the TPM must have been illegally reset. All in-kernel TPM 878 + * operations will fail because the NULL primary can't be 879 + * loaded to salt the sessions, but disable the TPM anyway so 880 + * userspace programmes can't be compromised by it. 881 + */ 882 + dev_err(&chip->dev, "NULL name has changed, disabling TPM due to interference\n"); 883 + chip->flags |= TPM_CHIP_FLAG_DISABLE; 884 + 885 + return rc; 886 + } 887 + 888 + /** 889 + * tpm2_start_auth_session() - create a HMAC authentication session with the TPM 890 + * @chip: the TPM chip structure to create the session with 891 + * 892 + * This function loads the NULL seed from its saved context and starts 893 + * an authentication session on the null seed, fills in the 894 + * @chip->auth structure to contain all the session details necessary 895 + * for performing the HMAC, encrypt and decrypt operations and 896 + * returns. The NULL seed is flushed before this function returns. 897 + * 898 + * Return: zero on success or actual error encountered. 899 + */ 900 + int tpm2_start_auth_session(struct tpm_chip *chip) 901 + { 902 + struct tpm_buf buf; 903 + struct tpm2_auth *auth = chip->auth; 904 + int rc; 905 + u32 null_key; 906 + 907 + rc = tpm2_load_null(chip, &null_key); 908 + if (rc) 909 + goto out; 910 + 911 + auth->session = TPM_HEADER_SIZE; 912 + 913 + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_START_AUTH_SESS); 914 + if (rc) 915 + goto out; 916 + 917 + /* salt key handle */ 918 + tpm_buf_append_u32(&buf, null_key); 919 + /* bind key handle */ 920 + tpm_buf_append_u32(&buf, TPM2_RH_NULL); 921 + /* nonce caller */ 922 + get_random_bytes(auth->our_nonce, sizeof(auth->our_nonce)); 923 + tpm_buf_append_u16(&buf, sizeof(auth->our_nonce)); 924 + tpm_buf_append(&buf, auth->our_nonce, sizeof(auth->our_nonce)); 925 + 926 + /* append encrypted salt and squirrel away unencrypted in auth */ 927 + tpm_buf_append_salt(&buf, chip); 928 + /* session type (HMAC, audit or policy) */ 929 + tpm_buf_append_u8(&buf, TPM2_SE_HMAC); 930 + 931 + /* symmetric encryption parameters */ 932 + /* symmetric algorithm */ 933 + tpm_buf_append_u16(&buf, TPM_ALG_AES); 934 + /* bits for symmetric algorithm */ 935 + tpm_buf_append_u16(&buf, AES_KEY_BITS); 936 + /* symmetric algorithm mode (must be CFB) */ 937 + tpm_buf_append_u16(&buf, TPM_ALG_CFB); 938 + /* hash algorithm for session */ 939 + tpm_buf_append_u16(&buf, TPM_ALG_SHA256); 940 + 941 + rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); 942 + tpm2_flush_context(chip, null_key); 943 + 944 + if (rc == TPM2_RC_SUCCESS) 945 + rc = tpm2_parse_start_auth_session(auth, &buf); 946 + 947 + tpm_buf_destroy(&buf); 948 + 949 + if (rc) 950 + goto out; 951 + 952 + out: 953 + return rc; 954 + } 955 + EXPORT_SYMBOL(tpm2_start_auth_session); 956 + 957 + /** 958 + * tpm2_parse_create_primary() - parse the data returned from TPM_CC_CREATE_PRIMARY 959 + * 960 + * @chip: The TPM the primary was created under 961 + * @buf: The response buffer from the chip 962 + * @handle: pointer to be filled in with the return handle of the primary 963 + * @hierarchy: The hierarchy the primary was created for 964 + * @name: pointer to be filled in with the primary key name 965 + * 966 + * Return: 967 + * * 0 - OK 968 + * * -errno - A system error 969 + * * TPM_RC - A TPM error 970 + */ 971 + static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf, 972 + u32 *handle, u32 hierarchy, u8 *name) 973 + { 974 + struct tpm_header *head = (struct tpm_header *)buf->data; 975 + off_t offset_r = TPM_HEADER_SIZE, offset_t; 976 + u16 len = TPM_HEADER_SIZE; 977 + u32 total_len = be32_to_cpu(head->length); 978 + u32 val, param_len, keyhandle; 979 + 980 + keyhandle = tpm_buf_read_u32(buf, &offset_r); 981 + if (handle) 982 + *handle = keyhandle; 983 + else 984 + tpm2_flush_context(chip, keyhandle); 985 + 986 + param_len = tpm_buf_read_u32(buf, &offset_r); 987 + /* 988 + * param_len doesn't include the header, but all the other 989 + * lengths and offsets do, so add it to parm len to make 990 + * the comparisons easier 991 + */ 992 + param_len += TPM_HEADER_SIZE; 993 + 994 + if (param_len + 8 > total_len) 995 + return -EINVAL; 996 + len = tpm_buf_read_u16(buf, &offset_r); 997 + offset_t = offset_r; 998 + if (name) { 999 + /* 1000 + * now we have the public area, compute the name of 1001 + * the object 1002 + */ 1003 + put_unaligned_be16(TPM_ALG_SHA256, name); 1004 + sha256(&buf->data[offset_r], len, name + 2); 1005 + } 1006 + 1007 + /* validate the public key */ 1008 + val = tpm_buf_read_u16(buf, &offset_t); 1009 + 1010 + /* key type (must be what we asked for) */ 1011 + if (val != TPM_ALG_ECC) 1012 + return -EINVAL; 1013 + val = tpm_buf_read_u16(buf, &offset_t); 1014 + 1015 + /* name algorithm */ 1016 + if (val != TPM_ALG_SHA256) 1017 + return -EINVAL; 1018 + val = tpm_buf_read_u32(buf, &offset_t); 1019 + 1020 + /* object properties */ 1021 + if (val != TPM2_OA_TMPL) 1022 + return -EINVAL; 1023 + 1024 + /* auth policy (empty) */ 1025 + val = tpm_buf_read_u16(buf, &offset_t); 1026 + if (val != 0) 1027 + return -EINVAL; 1028 + 1029 + /* symmetric key parameters */ 1030 + val = tpm_buf_read_u16(buf, &offset_t); 1031 + if (val != TPM_ALG_AES) 1032 + return -EINVAL; 1033 + 1034 + /* symmetric key length */ 1035 + val = tpm_buf_read_u16(buf, &offset_t); 1036 + if (val != AES_KEY_BITS) 1037 + return -EINVAL; 1038 + 1039 + /* symmetric encryption scheme */ 1040 + val = tpm_buf_read_u16(buf, &offset_t); 1041 + if (val != TPM_ALG_CFB) 1042 + return -EINVAL; 1043 + 1044 + /* signing scheme */ 1045 + val = tpm_buf_read_u16(buf, &offset_t); 1046 + if (val != TPM_ALG_NULL) 1047 + return -EINVAL; 1048 + 1049 + /* ECC Curve */ 1050 + val = tpm_buf_read_u16(buf, &offset_t); 1051 + if (val != TPM2_ECC_NIST_P256) 1052 + return -EINVAL; 1053 + 1054 + /* KDF Scheme */ 1055 + val = tpm_buf_read_u16(buf, &offset_t); 1056 + if (val != TPM_ALG_NULL) 1057 + return -EINVAL; 1058 + 1059 + /* extract public key (x and y points) */ 1060 + val = tpm_buf_read_u16(buf, &offset_t); 1061 + if (val != EC_PT_SZ) 1062 + return -EINVAL; 1063 + memcpy(chip->null_ec_key_x, &buf->data[offset_t], val); 1064 + offset_t += val; 1065 + val = tpm_buf_read_u16(buf, &offset_t); 1066 + if (val != EC_PT_SZ) 1067 + return -EINVAL; 1068 + memcpy(chip->null_ec_key_y, &buf->data[offset_t], val); 1069 + offset_t += val; 1070 + 1071 + /* original length of the whole TPM2B */ 1072 + offset_r += len; 1073 + 1074 + /* should have exactly consumed the TPM2B public structure */ 1075 + if (offset_t != offset_r) 1076 + return -EINVAL; 1077 + if (offset_r > param_len) 1078 + return -EINVAL; 1079 + 1080 + /* creation data (skip) */ 1081 + len = tpm_buf_read_u16(buf, &offset_r); 1082 + offset_r += len; 1083 + if (offset_r > param_len) 1084 + return -EINVAL; 1085 + 1086 + /* creation digest (must be sha256) */ 1087 + len = tpm_buf_read_u16(buf, &offset_r); 1088 + offset_r += len; 1089 + if (len != SHA256_DIGEST_SIZE || offset_r > param_len) 1090 + return -EINVAL; 1091 + 1092 + /* TPMT_TK_CREATION follows */ 1093 + /* tag, must be TPM_ST_CREATION (0x8021) */ 1094 + val = tpm_buf_read_u16(buf, &offset_r); 1095 + if (val != TPM2_ST_CREATION || offset_r > param_len) 1096 + return -EINVAL; 1097 + 1098 + /* hierarchy */ 1099 + val = tpm_buf_read_u32(buf, &offset_r); 1100 + if (val != hierarchy || offset_r > param_len) 1101 + return -EINVAL; 1102 + 1103 + /* the ticket digest HMAC (might not be sha256) */ 1104 + len = tpm_buf_read_u16(buf, &offset_r); 1105 + offset_r += len; 1106 + if (offset_r > param_len) 1107 + return -EINVAL; 1108 + 1109 + /* 1110 + * finally we have the name, which is a sha256 digest plus a 2 1111 + * byte algorithm type 1112 + */ 1113 + len = tpm_buf_read_u16(buf, &offset_r); 1114 + if (offset_r + len != param_len + 8) 1115 + return -EINVAL; 1116 + if (len != SHA256_DIGEST_SIZE + 2) 1117 + return -EINVAL; 1118 + 1119 + if (memcmp(chip->null_key_name, &buf->data[offset_r], 1120 + SHA256_DIGEST_SIZE + 2) != 0) { 1121 + dev_err(&chip->dev, "NULL Seed name comparison failed\n"); 1122 + return -EINVAL; 1123 + } 1124 + 1125 + return 0; 1126 + } 1127 + 1128 + /** 1129 + * tpm2_create_primary() - create a primary key using a fixed P-256 template 1130 + * 1131 + * @chip: the TPM chip to create under 1132 + * @hierarchy: The hierarchy handle to create under 1133 + * @handle: The returned volatile handle on success 1134 + * @name: The name of the returned key 1135 + * 1136 + * For platforms that might not have a persistent primary, this can be 1137 + * used to create one quickly on the fly (it uses Elliptic Curve not 1138 + * RSA, so even slow TPMs can create one fast). The template uses the 1139 + * TCG mandated H one for non-endorsement ECC primaries, i.e. P-256 1140 + * elliptic curve (the only current one all TPM2s are required to 1141 + * have) a sha256 name hash and no policy. 1142 + * 1143 + * Return: 1144 + * * 0 - OK 1145 + * * -errno - A system error 1146 + * * TPM_RC - A TPM error 1147 + */ 1148 + static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, 1149 + u32 *handle, u8 *name) 1150 + { 1151 + int rc; 1152 + struct tpm_buf buf; 1153 + struct tpm_buf template; 1154 + 1155 + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE_PRIMARY); 1156 + if (rc) 1157 + return rc; 1158 + 1159 + rc = tpm_buf_init_sized(&template); 1160 + if (rc) { 1161 + tpm_buf_destroy(&buf); 1162 + return rc; 1163 + } 1164 + 1165 + /* 1166 + * create the template. Note: in order for userspace to 1167 + * verify the security of the system, it will have to create 1168 + * and certify this NULL primary, meaning all the template 1169 + * parameters will have to be identical, so conform exactly to 1170 + * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC 1171 + * key H template (H has zero size unique points) 1172 + */ 1173 + 1174 + /* key type */ 1175 + tpm_buf_append_u16(&template, TPM_ALG_ECC); 1176 + 1177 + /* name algorithm */ 1178 + tpm_buf_append_u16(&template, TPM_ALG_SHA256); 1179 + 1180 + /* object properties */ 1181 + tpm_buf_append_u32(&template, TPM2_OA_TMPL); 1182 + 1183 + /* sauth policy (empty) */ 1184 + tpm_buf_append_u16(&template, 0); 1185 + 1186 + /* BEGIN parameters: key specific; for ECC*/ 1187 + 1188 + /* symmetric algorithm */ 1189 + tpm_buf_append_u16(&template, TPM_ALG_AES); 1190 + 1191 + /* bits for symmetric algorithm */ 1192 + tpm_buf_append_u16(&template, AES_KEY_BITS); 1193 + 1194 + /* algorithm mode (must be CFB) */ 1195 + tpm_buf_append_u16(&template, TPM_ALG_CFB); 1196 + 1197 + /* scheme (NULL means any scheme) */ 1198 + tpm_buf_append_u16(&template, TPM_ALG_NULL); 1199 + 1200 + /* ECC Curve ID */ 1201 + tpm_buf_append_u16(&template, TPM2_ECC_NIST_P256); 1202 + 1203 + /* KDF Scheme */ 1204 + tpm_buf_append_u16(&template, TPM_ALG_NULL); 1205 + 1206 + /* unique: key specific; for ECC it is two zero size points */ 1207 + tpm_buf_append_u16(&template, 0); 1208 + tpm_buf_append_u16(&template, 0); 1209 + 1210 + /* END parameters */ 1211 + 1212 + /* primary handle */ 1213 + tpm_buf_append_u32(&buf, hierarchy); 1214 + tpm_buf_append_empty_auth(&buf, TPM2_RS_PW); 1215 + 1216 + /* sensitive create size is 4 for two empty buffers */ 1217 + tpm_buf_append_u16(&buf, 4); 1218 + 1219 + /* sensitive create auth data (empty) */ 1220 + tpm_buf_append_u16(&buf, 0); 1221 + 1222 + /* sensitive create sensitive data (empty) */ 1223 + tpm_buf_append_u16(&buf, 0); 1224 + 1225 + /* the public template */ 1226 + tpm_buf_append(&buf, template.data, template.length); 1227 + tpm_buf_destroy(&template); 1228 + 1229 + /* outside info (empty) */ 1230 + tpm_buf_append_u16(&buf, 0); 1231 + 1232 + /* creation PCR (none) */ 1233 + tpm_buf_append_u32(&buf, 0); 1234 + 1235 + rc = tpm_transmit_cmd(chip, &buf, 0, 1236 + "attempting to create NULL primary"); 1237 + 1238 + if (rc == TPM2_RC_SUCCESS) 1239 + rc = tpm2_parse_create_primary(chip, &buf, handle, hierarchy, 1240 + name); 1241 + 1242 + tpm_buf_destroy(&buf); 1243 + 1244 + return rc; 1245 + } 1246 + 1247 + static int tpm2_create_null_primary(struct tpm_chip *chip) 1248 + { 1249 + u32 null_key; 1250 + int rc; 1251 + 1252 + rc = tpm2_create_primary(chip, TPM2_RH_NULL, &null_key, 1253 + chip->null_key_name); 1254 + 1255 + if (rc == TPM2_RC_SUCCESS) { 1256 + unsigned int offset = 0; /* dummy offset for null key context */ 1257 + 1258 + rc = tpm2_save_context(chip, null_key, chip->null_key_context, 1259 + sizeof(chip->null_key_context), &offset); 1260 + tpm2_flush_context(chip, null_key); 1261 + } 1262 + 1263 + return rc; 1264 + } 1265 + 1266 + /** 1267 + * tpm2_sessions_init() - start of day initialization for the sessions code 1268 + * @chip: TPM chip 1269 + * 1270 + * Derive and context save the null primary and allocate memory in the 1271 + * struct tpm_chip for the authorizations. 1272 + */ 1273 + int tpm2_sessions_init(struct tpm_chip *chip) 1274 + { 1275 + int rc; 1276 + 1277 + rc = tpm2_create_null_primary(chip); 1278 + if (rc) 1279 + dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc); 1280 + 1281 + chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL); 1282 + if (!chip->auth) 1283 + return -ENOMEM; 1284 + 1285 + return rc; 1286 + }

+7 -4

drivers/char/tpm/tpm2-space.c

··· 68 68 kfree(space->session_buf); 69 69 } 70 70 71 - static int tpm2_load_context(struct tpm_chip *chip, u8 *buf, 72 - unsigned int *offset, u32 *handle) 71 + int tpm2_load_context(struct tpm_chip *chip, u8 *buf, 72 + unsigned int *offset, u32 *handle) 73 73 { 74 74 struct tpm_buf tbuf; 75 75 struct tpm2_context *ctx; ··· 105 105 *handle = 0; 106 106 tpm_buf_destroy(&tbuf); 107 107 return -ENOENT; 108 + } else if (tpm2_rc_value(rc) == TPM2_RC_INTEGRITY) { 109 + tpm_buf_destroy(&tbuf); 110 + return -EINVAL; 108 111 } else if (rc > 0) { 109 112 dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n", 110 113 __func__, rc); ··· 122 119 return 0; 123 120 } 124 121 125 - static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, 126 - unsigned int buf_size, unsigned int *offset) 122 + int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, 123 + unsigned int buf_size, unsigned int *offset) 127 124 { 128 125 struct tpm_buf tbuf; 129 126 unsigned int body_size;

+10 -4

drivers/char/tpm/tpm_infineon.c

··· 51 51 52 52 static inline void tpm_data_out(unsigned char data, unsigned char offset) 53 53 { 54 + #ifdef CONFIG_HAS_IOPORT 54 55 if (tpm_dev.iotype == TPM_INF_IO_PORT) 55 56 outb(data, tpm_dev.data_regs + offset); 56 57 else 58 + #endif 57 59 writeb(data, tpm_dev.mem_base + tpm_dev.data_regs + offset); 58 60 } 59 61 60 62 static inline unsigned char tpm_data_in(unsigned char offset) 61 63 { 64 + #ifdef CONFIG_HAS_IOPORT 62 65 if (tpm_dev.iotype == TPM_INF_IO_PORT) 63 66 return inb(tpm_dev.data_regs + offset); 64 - else 65 - return readb(tpm_dev.mem_base + tpm_dev.data_regs + offset); 67 + #endif 68 + return readb(tpm_dev.mem_base + tpm_dev.data_regs + offset); 66 69 } 67 70 68 71 static inline void tpm_config_out(unsigned char data, unsigned char offset) 69 72 { 73 + #ifdef CONFIG_HAS_IOPORT 70 74 if (tpm_dev.iotype == TPM_INF_IO_PORT) 71 75 outb(data, tpm_dev.config_port + offset); 72 76 else 77 + #endif 73 78 writeb(data, tpm_dev.mem_base + tpm_dev.index_off + offset); 74 79 } 75 80 76 81 static inline unsigned char tpm_config_in(unsigned char offset) 77 82 { 83 + #ifdef CONFIG_HAS_IOPORT 78 84 if (tpm_dev.iotype == TPM_INF_IO_PORT) 79 85 return inb(tpm_dev.config_port + offset); 80 - else 81 - return readb(tpm_dev.mem_base + tpm_dev.index_off + offset); 86 + #endif 87 + return readb(tpm_dev.mem_base + tpm_dev.index_off + offset); 82 88 } 83 89 84 90 /* TPM header definitions */

+8 -11

drivers/char/tpm/tpm_tis_core.c

··· 1057 1057 clkrun_val &= ~LPC_CLKRUN_EN; 1058 1058 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); 1059 1059 1060 - /* 1061 - * Write any random value on port 0x80 which is on LPC, to make 1062 - * sure LPC clock is running before sending any TPM command. 1063 - */ 1064 - outb(0xCC, 0x80); 1065 1060 } else { 1066 1061 data->clkrun_enabled--; 1067 1062 if (data->clkrun_enabled) ··· 1067 1072 /* Enable LPC CLKRUN# */ 1068 1073 clkrun_val |= LPC_CLKRUN_EN; 1069 1074 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); 1070 - 1071 - /* 1072 - * Write any random value on port 0x80 which is on LPC, to make 1073 - * sure LPC clock is running before sending any TPM command. 1074 - */ 1075 - outb(0xCC, 0x80); 1076 1075 } 1076 + 1077 + #ifdef CONFIG_HAS_IOPORT 1078 + /* 1079 + * Write any random value on port 0x80 which is on LPC, to make 1080 + * sure LPC clock is running before sending any TPM command. 1081 + */ 1082 + outb(0xCC, 0x80); 1083 + #endif 1077 1084 } 1078 1085 1079 1086 static const struct tpm_class_ops tpm_tis = {

+5

include/crypto/aes.h

··· 87 87 extern const u8 crypto_aes_sbox[]; 88 88 extern const u8 crypto_aes_inv_sbox[]; 89 89 90 + void aescfb_encrypt(const struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src, 91 + int len, const u8 iv[AES_BLOCK_SIZE]); 92 + void aescfb_decrypt(const struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src, 93 + int len, const u8 iv[AES_BLOCK_SIZE]); 94 + 90 95 #endif

-2

include/keys/trusted_tpm.h

··· 6 6 #include <linux/tpm_command.h> 7 7 8 8 /* implementation specific TPM constants */ 9 - #define MAX_BUF_SIZE 1024 10 - #define TPM_GETRANDOM_SIZE 14 11 9 #define TPM_SIZE_OFFSET 2 12 10 #define TPM_RETURN_OFFSET 6 13 11 #define TPM_DATA_OFFSET 10

+225 -89

include/linux/tpm.h

··· 23 23 #include <linux/fs.h> 24 24 #include <linux/highmem.h> 25 25 #include <crypto/hash_info.h> 26 + #include <crypto/aes.h> 26 27 27 28 #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ 28 29 #define TPM_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE ··· 31 30 struct tpm_chip; 32 31 struct trusted_key_payload; 33 32 struct trusted_key_options; 33 + /* opaque structure, holds auth session parameters like the session key */ 34 + struct tpm2_auth; 35 + 36 + enum tpm2_session_types { 37 + TPM2_SE_HMAC = 0x00, 38 + TPM2_SE_POLICY = 0x01, 39 + TPM2_SE_TRIAL = 0x02, 40 + }; 34 41 35 42 /* if you add a new hash to this, increment TPM_MAX_HASHES below */ 36 43 enum tpm_algorithms { 37 44 TPM_ALG_ERROR = 0x0000, 38 45 TPM_ALG_SHA1 = 0x0004, 46 + TPM_ALG_AES = 0x0006, 39 47 TPM_ALG_KEYEDHASH = 0x0008, 40 48 TPM_ALG_SHA256 = 0x000B, 41 49 TPM_ALG_SHA384 = 0x000C, 42 50 TPM_ALG_SHA512 = 0x000D, 43 51 TPM_ALG_NULL = 0x0010, 44 52 TPM_ALG_SM3_256 = 0x0012, 53 + TPM_ALG_ECC = 0x0023, 54 + TPM_ALG_CFB = 0x0043, 45 55 }; 46 56 47 57 /* ··· 60 48 * basically a count of every hash in tpm_algorithms above 61 49 */ 62 50 #define TPM_MAX_HASHES 5 51 + 52 + enum tpm2_curves { 53 + TPM2_ECC_NONE = 0x0000, 54 + TPM2_ECC_NIST_P256 = 0x0003, 55 + }; 63 56 64 57 struct tpm_digest { 65 58 u16 alg_id; ··· 133 116 const struct seq_operations *seqops; 134 117 }; 135 118 119 + /* fixed define for the curve we use which is NIST_P256 */ 120 + #define EC_PT_SZ 32 121 + 122 + /* 123 + * fixed define for the size of a name. This is actually HASHALG size 124 + * plus 2, so 32 for SHA256 125 + */ 126 + #define TPM2_NAME_SIZE 34 127 + 128 + /* 129 + * The maximum size for an object context 130 + */ 131 + #define TPM2_MAX_CONTEXT_SIZE 4096 132 + 136 133 struct tpm_chip { 137 134 struct device dev; 138 135 struct device devs; ··· 201 170 202 171 /* active locality */ 203 172 int locality; 173 + 174 + #ifdef CONFIG_TCG_TPM2_HMAC 175 + /* details for communication security via sessions */ 176 + 177 + /* saved context for NULL seed */ 178 + u8 null_key_context[TPM2_MAX_CONTEXT_SIZE]; 179 + /* name of NULL seed */ 180 + u8 null_key_name[TPM2_NAME_SIZE]; 181 + u8 null_ec_key_x[EC_PT_SZ]; 182 + u8 null_ec_key_y[EC_PT_SZ]; 183 + struct tpm2_auth *auth; 184 + #endif 204 185 }; 205 186 206 187 #define TPM_HEADER_SIZE 10 ··· 237 194 enum tpm2_structures { 238 195 TPM2_ST_NO_SESSIONS = 0x8001, 239 196 TPM2_ST_SESSIONS = 0x8002, 197 + TPM2_ST_CREATION = 0x8021, 240 198 }; 241 199 242 200 /* Indicates from what layer of the software stack the error comes from */ ··· 248 204 TPM2_RC_SUCCESS = 0x0000, 249 205 TPM2_RC_HASH = 0x0083, /* RC_FMT1 */ 250 206 TPM2_RC_HANDLE = 0x008B, 207 + TPM2_RC_INTEGRITY = 0x009F, 251 208 TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */ 252 209 TPM2_RC_FAILURE = 0x0101, 253 210 TPM2_RC_DISABLED = 0x0120, ··· 276 231 TPM2_CC_CONTEXT_LOAD = 0x0161, 277 232 TPM2_CC_CONTEXT_SAVE = 0x0162, 278 233 TPM2_CC_FLUSH_CONTEXT = 0x0165, 234 + TPM2_CC_READ_PUBLIC = 0x0173, 235 + TPM2_CC_START_AUTH_SESS = 0x0176, 279 236 TPM2_CC_VERIFY_SIGNATURE = 0x0177, 280 237 TPM2_CC_GET_CAPABILITY = 0x017A, 281 238 TPM2_CC_GET_RANDOM = 0x017B, ··· 290 243 }; 291 244 292 245 enum tpm2_permanent_handles { 246 + TPM2_RH_NULL = 0x40000007, 293 247 TPM2_RS_PW = 0x40000009, 294 248 }; 249 + 250 + /* Most Significant Octet for key types */ 251 + enum tpm2_mso_type { 252 + TPM2_MSO_NVRAM = 0x01, 253 + TPM2_MSO_SESSION = 0x02, 254 + TPM2_MSO_POLICY = 0x03, 255 + TPM2_MSO_PERMANENT = 0x40, 256 + TPM2_MSO_VOLATILE = 0x80, 257 + TPM2_MSO_PERSISTENT = 0x81, 258 + }; 259 + 260 + static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle) 261 + { 262 + return handle >> 24; 263 + } 295 264 296 265 enum tpm2_capabilities { 297 266 TPM2_CAP_HANDLES = 1, ··· 347 284 TPM_CHIP_FLAG_FIRMWARE_UPGRADE = BIT(7), 348 285 TPM_CHIP_FLAG_SUSPENDED = BIT(8), 349 286 TPM_CHIP_FLAG_HWRNG_DISABLED = BIT(9), 287 + TPM_CHIP_FLAG_DISABLE = BIT(10), 350 288 }; 351 289 352 290 #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev) ··· 361 297 }; 362 298 } __packed; 363 299 364 - /* A string buffer type for constructing TPM commands. This is based on the 365 - * ideas of string buffer code in security/keys/trusted.h but is heap based 366 - * in order to keep the stack usage minimal. 367 - */ 368 - 369 300 enum tpm_buf_flags { 301 + /* the capacity exceeded: */ 370 302 TPM_BUF_OVERFLOW = BIT(0), 303 + /* TPM2B format: */ 304 + TPM_BUF_TPM2B = BIT(1), 305 + /* read out of boundary: */ 306 + TPM_BUF_BOUNDARY_ERROR = BIT(2), 371 307 }; 372 308 309 + /* 310 + * A string buffer type for constructing TPM commands. 311 + */ 373 312 struct tpm_buf { 374 - unsigned int flags; 313 + u32 flags; 314 + u32 length; 375 315 u8 *data; 316 + u8 handles; 376 317 }; 377 318 378 319 enum tpm2_object_attributes { 379 320 TPM2_OA_FIXED_TPM = BIT(1), 321 + TPM2_OA_ST_CLEAR = BIT(2), 380 322 TPM2_OA_FIXED_PARENT = BIT(4), 323 + TPM2_OA_SENSITIVE_DATA_ORIGIN = BIT(5), 381 324 TPM2_OA_USER_WITH_AUTH = BIT(6), 325 + TPM2_OA_ADMIN_WITH_POLICY = BIT(7), 326 + TPM2_OA_NO_DA = BIT(10), 327 + TPM2_OA_ENCRYPTED_DUPLICATION = BIT(11), 328 + TPM2_OA_RESTRICTED = BIT(16), 329 + TPM2_OA_DECRYPT = BIT(17), 330 + TPM2_OA_SIGN = BIT(18), 382 331 }; 332 + 333 + /* 334 + * definitions for the canonical template. These are mandated 335 + * by the TCG key template documents 336 + */ 337 + 338 + #define AES_KEY_BYTES AES_KEYSIZE_128 339 + #define AES_KEY_BITS (AES_KEY_BYTES*8) 340 + #define TPM2_OA_TMPL (TPM2_OA_NO_DA | \ 341 + TPM2_OA_FIXED_TPM | \ 342 + TPM2_OA_FIXED_PARENT | \ 343 + TPM2_OA_SENSITIVE_DATA_ORIGIN | \ 344 + TPM2_OA_USER_WITH_AUTH | \ 345 + TPM2_OA_DECRYPT | \ 346 + TPM2_OA_RESTRICTED) 383 347 384 348 enum tpm2_session_attributes { 385 349 TPM2_SA_CONTINUE_SESSION = BIT(0), 350 + TPM2_SA_AUDIT_EXCLUSIVE = BIT(1), 351 + TPM2_SA_AUDIT_RESET = BIT(3), 352 + TPM2_SA_DECRYPT = BIT(5), 353 + TPM2_SA_ENCRYPT = BIT(6), 354 + TPM2_SA_AUDIT = BIT(7), 386 355 }; 387 356 388 357 struct tpm2_hash { ··· 423 326 unsigned int tpm_id; 424 327 }; 425 328 426 - static inline void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) 427 - { 428 - struct tpm_header *head = (struct tpm_header *)buf->data; 329 + int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal); 330 + void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal); 331 + int tpm_buf_init_sized(struct tpm_buf *buf); 332 + void tpm_buf_reset_sized(struct tpm_buf *buf); 333 + void tpm_buf_destroy(struct tpm_buf *buf); 334 + u32 tpm_buf_length(struct tpm_buf *buf); 335 + void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length); 336 + void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value); 337 + void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value); 338 + void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value); 339 + u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset); 340 + u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset); 341 + u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset); 429 342 430 - head->tag = cpu_to_be16(tag); 431 - head->length = cpu_to_be32(sizeof(*head)); 432 - head->ordinal = cpu_to_be32(ordinal); 433 - } 434 - 435 - static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) 436 - { 437 - buf->data = (u8 *)__get_free_page(GFP_KERNEL); 438 - if (!buf->data) 439 - return -ENOMEM; 440 - 441 - buf->flags = 0; 442 - tpm_buf_reset(buf, tag, ordinal); 443 - return 0; 444 - } 445 - 446 - static inline void tpm_buf_destroy(struct tpm_buf *buf) 447 - { 448 - free_page((unsigned long)buf->data); 449 - } 450 - 451 - static inline u32 tpm_buf_length(struct tpm_buf *buf) 452 - { 453 - struct tpm_header *head = (struct tpm_header *)buf->data; 454 - 455 - return be32_to_cpu(head->length); 456 - } 457 - 458 - static inline u16 tpm_buf_tag(struct tpm_buf *buf) 459 - { 460 - struct tpm_header *head = (struct tpm_header *)buf->data; 461 - 462 - return be16_to_cpu(head->tag); 463 - } 464 - 465 - static inline void tpm_buf_append(struct tpm_buf *buf, 466 - const unsigned char *new_data, 467 - unsigned int new_len) 468 - { 469 - struct tpm_header *head = (struct tpm_header *)buf->data; 470 - u32 len = tpm_buf_length(buf); 471 - 472 - /* Return silently if overflow has already happened. */ 473 - if (buf->flags & TPM_BUF_OVERFLOW) 474 - return; 475 - 476 - if ((len + new_len) > PAGE_SIZE) { 477 - WARN(1, "tpm_buf: overflow\n"); 478 - buf->flags |= TPM_BUF_OVERFLOW; 479 - return; 480 - } 481 - 482 - memcpy(&buf->data[len], new_data, new_len); 483 - head->length = cpu_to_be32(len + new_len); 484 - } 485 - 486 - static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value) 487 - { 488 - tpm_buf_append(buf, &value, 1); 489 - } 490 - 491 - static inline void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value) 492 - { 493 - __be16 value2 = cpu_to_be16(value); 494 - 495 - tpm_buf_append(buf, (u8 *) &value2, 2); 496 - } 497 - 498 - static inline void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) 499 - { 500 - __be32 value2 = cpu_to_be32(value); 501 - 502 - tpm_buf_append(buf, (u8 *) &value2, 4); 503 - } 343 + u8 *tpm_buf_parameters(struct tpm_buf *buf); 504 344 505 345 /* 506 346 * Check if TPM device is in the firmware upgrade mode. ··· 449 415 450 416 static inline u32 tpm2_rc_value(u32 rc) 451 417 { 452 - return (rc & BIT(7)) ? rc & 0xff : rc; 418 + return (rc & BIT(7)) ? rc & 0xbf : rc; 453 419 } 454 420 455 421 #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) ··· 463 429 struct tpm_digest *digest); 464 430 extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, 465 431 struct tpm_digest *digests); 466 - extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen); 467 432 extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max); 468 433 extern struct tpm_chip *tpm_default_chip(void); 469 434 void tpm2_flush_context(struct tpm_chip *chip, u32 handle); 435 + 436 + static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) 437 + { 438 + /* simple authorization for empty auth */ 439 + tpm_buf_append_u32(buf, 9); /* total length of auth */ 440 + tpm_buf_append_u32(buf, handle); 441 + tpm_buf_append_u16(buf, 0); /* nonce len */ 442 + tpm_buf_append_u8(buf, 0); /* attributes */ 443 + tpm_buf_append_u16(buf, 0); /* hmac len */ 444 + } 470 445 #else 471 446 static inline int tpm_is_tpm2(struct tpm_chip *chip) 472 447 { ··· 493 450 return -ENODEV; 494 451 } 495 452 496 - static inline int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) 497 - { 498 - return -ENODEV; 499 - } 500 453 static inline int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max) 501 454 { 502 455 return -ENODEV; ··· 502 463 { 503 464 return NULL; 504 465 } 466 + 467 + static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) 468 + { 469 + } 505 470 #endif 471 + #ifdef CONFIG_TCG_TPM2_HMAC 472 + 473 + int tpm2_start_auth_session(struct tpm_chip *chip); 474 + void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, 475 + u32 handle, u8 *name); 476 + void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, 477 + u8 attributes, u8 *passphrase, 478 + int passphraselen); 479 + static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, 480 + struct tpm_buf *buf, 481 + u8 attributes, 482 + u8 *passphrase, 483 + int passphraselen) 484 + { 485 + tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, 486 + passphraselen); 487 + } 488 + void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); 489 + int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, 490 + int rc); 491 + void tpm2_end_auth_session(struct tpm_chip *chip); 492 + #else 493 + #include <asm/unaligned.h> 494 + 495 + static inline int tpm2_start_auth_session(struct tpm_chip *chip) 496 + { 497 + return 0; 498 + } 499 + static inline void tpm2_end_auth_session(struct tpm_chip *chip) 500 + { 501 + } 502 + static inline void tpm_buf_append_name(struct tpm_chip *chip, 503 + struct tpm_buf *buf, 504 + u32 handle, u8 *name) 505 + { 506 + tpm_buf_append_u32(buf, handle); 507 + /* count the number of handles in the upper bits of flags */ 508 + buf->handles++; 509 + } 510 + static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, 511 + struct tpm_buf *buf, 512 + u8 attributes, u8 *passphrase, 513 + int passphraselen) 514 + { 515 + /* offset tells us where the sessions area begins */ 516 + int offset = buf->handles * 4 + TPM_HEADER_SIZE; 517 + u32 len = 9 + passphraselen; 518 + 519 + if (tpm_buf_length(buf) != offset) { 520 + /* not the first session so update the existing length */ 521 + len += get_unaligned_be32(&buf->data[offset]); 522 + put_unaligned_be32(len, &buf->data[offset]); 523 + } else { 524 + tpm_buf_append_u32(buf, len); 525 + } 526 + /* auth handle */ 527 + tpm_buf_append_u32(buf, TPM2_RS_PW); 528 + /* nonce */ 529 + tpm_buf_append_u16(buf, 0); 530 + /* attributes */ 531 + tpm_buf_append_u8(buf, 0); 532 + /* passphrase */ 533 + tpm_buf_append_u16(buf, passphraselen); 534 + tpm_buf_append(buf, passphrase, passphraselen); 535 + } 536 + static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, 537 + struct tpm_buf *buf, 538 + u8 attributes, 539 + u8 *passphrase, 540 + int passphraselen) 541 + { 542 + int offset = buf->handles * 4 + TPM_HEADER_SIZE; 543 + struct tpm_header *head = (struct tpm_header *) buf->data; 544 + 545 + /* 546 + * if the only sessions are optional, the command tag 547 + * must change to TPM2_ST_NO_SESSIONS 548 + */ 549 + if (tpm_buf_length(buf) == offset) 550 + head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); 551 + } 552 + static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, 553 + struct tpm_buf *buf) 554 + { 555 + } 556 + static inline int tpm_buf_check_hmac_response(struct tpm_chip *chip, 557 + struct tpm_buf *buf, 558 + int rc) 559 + { 560 + return rc; 561 + } 562 + #endif /* CONFIG_TCG_TPM2_HMAC */ 563 + 506 564 #endif

+5

lib/crypto/Kconfig

··· 8 8 config CRYPTO_LIB_AES 9 9 tristate 10 10 11 + config CRYPTO_LIB_AESCFB 12 + tristate 13 + select CRYPTO_LIB_AES 14 + select CRYPTO_LIB_UTILS 15 + 11 16 config CRYPTO_LIB_AESGCM 12 17 tristate 13 18 select CRYPTO_LIB_AES

+3

lib/crypto/Makefile

··· 10 10 obj-$(CONFIG_CRYPTO_LIB_AES) += libaes.o 11 11 libaes-y := aes.o 12 12 13 + obj-$(CONFIG_CRYPTO_LIB_AESCFB) += libaescfb.o 14 + libaescfb-y := aescfb.o 15 + 13 16 obj-$(CONFIG_CRYPTO_LIB_AESGCM) += libaesgcm.o 14 17 libaesgcm-y := aesgcm.o 15 18

+257

lib/crypto/aescfb.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* 3 + * Minimal library implementation of AES in CFB mode 4 + * 5 + * Copyright 2023 Google LLC 6 + */ 7 + 8 + #include <linux/module.h> 9 + 10 + #include <crypto/algapi.h> 11 + #include <crypto/aes.h> 12 + 13 + #include <asm/irqflags.h> 14 + 15 + static void aescfb_encrypt_block(const struct crypto_aes_ctx *ctx, void *dst, 16 + const void *src) 17 + { 18 + unsigned long flags; 19 + 20 + /* 21 + * In AES-CFB, the AES encryption operates on known 'plaintext' (the IV 22 + * and ciphertext), making it susceptible to timing attacks on the 23 + * encryption key. The AES library already mitigates this risk to some 24 + * extent by pulling the entire S-box into the caches before doing any 25 + * substitutions, but this strategy is more effective when running with 26 + * interrupts disabled. 27 + */ 28 + local_irq_save(flags); 29 + aes_encrypt(ctx, dst, src); 30 + local_irq_restore(flags); 31 + } 32 + 33 + /** 34 + * aescfb_encrypt - Perform AES-CFB encryption on a block of data 35 + * 36 + * @ctx: The AES-CFB key schedule 37 + * @dst: Pointer to the ciphertext output buffer 38 + * @src: Pointer the plaintext (may equal @dst for encryption in place) 39 + * @len: The size in bytes of the plaintext and ciphertext. 40 + * @iv: The initialization vector (IV) to use for this block of data 41 + */ 42 + void aescfb_encrypt(const struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src, 43 + int len, const u8 iv[AES_BLOCK_SIZE]) 44 + { 45 + u8 ks[AES_BLOCK_SIZE]; 46 + const u8 *v = iv; 47 + 48 + while (len > 0) { 49 + aescfb_encrypt_block(ctx, ks, v); 50 + crypto_xor_cpy(dst, src, ks, min(len, AES_BLOCK_SIZE)); 51 + v = dst; 52 + 53 + dst += AES_BLOCK_SIZE; 54 + src += AES_BLOCK_SIZE; 55 + len -= AES_BLOCK_SIZE; 56 + } 57 + 58 + memzero_explicit(ks, sizeof(ks)); 59 + } 60 + EXPORT_SYMBOL(aescfb_encrypt); 61 + 62 + /** 63 + * aescfb_decrypt - Perform AES-CFB decryption on a block of data 64 + * 65 + * @ctx: The AES-CFB key schedule 66 + * @dst: Pointer to the plaintext output buffer 67 + * @src: Pointer the ciphertext (may equal @dst for decryption in place) 68 + * @len: The size in bytes of the plaintext and ciphertext. 69 + * @iv: The initialization vector (IV) to use for this block of data 70 + */ 71 + void aescfb_decrypt(const struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src, 72 + int len, const u8 iv[AES_BLOCK_SIZE]) 73 + { 74 + u8 ks[2][AES_BLOCK_SIZE]; 75 + 76 + aescfb_encrypt_block(ctx, ks[0], iv); 77 + 78 + for (int i = 0; len > 0; i ^= 1) { 79 + if (len > AES_BLOCK_SIZE) 80 + /* 81 + * Generate the keystream for the next block before 82 + * performing the XOR, as that may update in place and 83 + * overwrite the ciphertext. 84 + */ 85 + aescfb_encrypt_block(ctx, ks[!i], src); 86 + 87 + crypto_xor_cpy(dst, src, ks[i], min(len, AES_BLOCK_SIZE)); 88 + 89 + dst += AES_BLOCK_SIZE; 90 + src += AES_BLOCK_SIZE; 91 + len -= AES_BLOCK_SIZE; 92 + } 93 + 94 + memzero_explicit(ks, sizeof(ks)); 95 + } 96 + EXPORT_SYMBOL(aescfb_decrypt); 97 + 98 + MODULE_DESCRIPTION("Generic AES-CFB library"); 99 + MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>"); 100 + MODULE_LICENSE("GPL"); 101 + 102 + #ifndef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS 103 + 104 + /* 105 + * Test code below. Vectors taken from crypto/testmgr.h 106 + */ 107 + 108 + static struct { 109 + u8 ptext[64]; 110 + u8 ctext[64]; 111 + 112 + u8 key[AES_MAX_KEY_SIZE]; 113 + u8 iv[AES_BLOCK_SIZE]; 114 + 115 + int klen; 116 + int len; 117 + } const aescfb_tv[] __initconst = { 118 + { /* From NIST SP800-38A */ 119 + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" 120 + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 121 + .klen = 16, 122 + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" 123 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 124 + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" 125 + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" 126 + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" 127 + "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" 128 + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" 129 + "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" 130 + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" 131 + "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 132 + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20" 133 + "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" 134 + "\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f" 135 + "\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b" 136 + "\x26\x75\x1f\x67\xa3\xcb\xb1\x40" 137 + "\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf" 138 + "\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e" 139 + "\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6", 140 + .len = 64, 141 + }, { 142 + .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52" 143 + "\xc8\x10\xf3\x2b\x80\x90\x79\xe5" 144 + "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 145 + .klen = 24, 146 + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" 147 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 148 + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" 149 + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" 150 + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" 151 + "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" 152 + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" 153 + "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" 154 + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" 155 + "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 156 + .ctext = "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab" 157 + "\x34\xc2\x59\x09\xc9\x9a\x41\x74" 158 + "\x67\xce\x7f\x7f\x81\x17\x36\x21" 159 + "\x96\x1a\x2b\x70\x17\x1d\x3d\x7a" 160 + "\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1" 161 + "\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9" 162 + "\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0" 163 + "\x42\xae\x8f\xba\x58\x4b\x09\xff", 164 + .len = 64, 165 + }, { 166 + .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe" 167 + "\x2b\x73\xae\xf0\x85\x7d\x77\x81" 168 + "\x1f\x35\x2c\x07\x3b\x61\x08\xd7" 169 + "\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 170 + .klen = 32, 171 + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" 172 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 173 + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" 174 + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" 175 + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" 176 + "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" 177 + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" 178 + "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" 179 + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" 180 + "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 181 + .ctext = "\xdc\x7e\x84\xbf\xda\x79\x16\x4b" 182 + "\x7e\xcd\x84\x86\x98\x5d\x38\x60" 183 + "\x39\xff\xed\x14\x3b\x28\xb1\xc8" 184 + "\x32\x11\x3c\x63\x31\xe5\x40\x7b" 185 + "\xdf\x10\x13\x24\x15\xe5\x4b\x92" 186 + "\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9" 187 + "\x75\xa3\x85\x74\x1a\xb9\xce\xf8" 188 + "\x20\x31\x62\x3d\x55\xb1\xe4\x71", 189 + .len = 64, 190 + }, { /* > 16 bytes, not a multiple of 16 bytes */ 191 + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" 192 + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 193 + .klen = 16, 194 + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" 195 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 196 + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" 197 + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" 198 + "\xae", 199 + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20" 200 + "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" 201 + "\xc8", 202 + .len = 17, 203 + }, { /* < 16 bytes */ 204 + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" 205 + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 206 + .klen = 16, 207 + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" 208 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 209 + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f", 210 + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad", 211 + .len = 7, 212 + }, 213 + }; 214 + 215 + static int __init libaescfb_init(void) 216 + { 217 + for (int i = 0; i < ARRAY_SIZE(aescfb_tv); i++) { 218 + struct crypto_aes_ctx ctx; 219 + u8 buf[64]; 220 + 221 + if (aes_expandkey(&ctx, aescfb_tv[i].key, aescfb_tv[i].klen)) { 222 + pr_err("aes_expandkey() failed on vector %d\n", i); 223 + return -ENODEV; 224 + } 225 + 226 + aescfb_encrypt(&ctx, buf, aescfb_tv[i].ptext, aescfb_tv[i].len, 227 + aescfb_tv[i].iv); 228 + if (memcmp(buf, aescfb_tv[i].ctext, aescfb_tv[i].len)) { 229 + pr_err("aescfb_encrypt() #1 failed on vector %d\n", i); 230 + return -ENODEV; 231 + } 232 + 233 + /* decrypt in place */ 234 + aescfb_decrypt(&ctx, buf, buf, aescfb_tv[i].len, aescfb_tv[i].iv); 235 + if (memcmp(buf, aescfb_tv[i].ptext, aescfb_tv[i].len)) { 236 + pr_err("aescfb_decrypt() failed on vector %d\n", i); 237 + return -ENODEV; 238 + } 239 + 240 + /* encrypt in place */ 241 + aescfb_encrypt(&ctx, buf, buf, aescfb_tv[i].len, aescfb_tv[i].iv); 242 + if (memcmp(buf, aescfb_tv[i].ctext, aescfb_tv[i].len)) { 243 + pr_err("aescfb_encrypt() #2 failed on vector %d\n", i); 244 + 245 + return -ENODEV; 246 + } 247 + 248 + } 249 + return 0; 250 + } 251 + module_init(libaescfb_init); 252 + 253 + static void __exit libaescfb_exit(void) 254 + { 255 + } 256 + module_exit(libaescfb_exit); 257 + #endif

+17 -6

security/keys/trusted-keys/trusted_tpm1.c

··· 356 356 */ 357 357 int trusted_tpm_send(unsigned char *cmd, size_t buflen) 358 358 { 359 + struct tpm_buf buf; 359 360 int rc; 360 361 361 362 if (!chip) 362 363 return -ENODEV; 363 364 365 + rc = tpm_try_get_ops(chip); 366 + if (rc) 367 + return rc; 368 + 369 + buf.flags = 0; 370 + buf.length = buflen; 371 + buf.data = cmd; 364 372 dump_tpm_buf(cmd); 365 - rc = tpm_send(chip, cmd, buflen); 373 + rc = tpm_transmit_cmd(chip, &buf, 4, "sending data"); 366 374 dump_tpm_buf(cmd); 375 + 367 376 if (rc > 0) 368 - /* Can't return positive return codes values to keyctl */ 377 + /* TPM error */ 369 378 rc = -EPERM; 379 + 380 + tpm_put_ops(chip); 370 381 return rc; 371 382 } 372 383 EXPORT_SYMBOL_GPL(trusted_tpm_send); ··· 418 407 tpm_buf_append_u32(tb, handle); 419 408 tpm_buf_append(tb, ononce, TPM_NONCE_SIZE); 420 409 421 - ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE); 410 + ret = trusted_tpm_send(tb->data, tb->length); 422 411 if (ret < 0) 423 412 return ret; 424 413 ··· 442 431 return -ENODEV; 443 432 444 433 tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_OIAP); 445 - ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE); 434 + ret = trusted_tpm_send(tb->data, tb->length); 446 435 if (ret < 0) 447 436 return ret; 448 437 ··· 554 543 tpm_buf_append_u8(tb, cont); 555 544 tpm_buf_append(tb, td->pubauth, SHA1_DIGEST_SIZE); 556 545 557 - ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE); 546 + ret = trusted_tpm_send(tb->data, tb->length); 558 547 if (ret < 0) 559 548 goto out; 560 549 ··· 645 634 tpm_buf_append_u8(tb, cont); 646 635 tpm_buf_append(tb, authdata2, SHA1_DIGEST_SIZE); 647 636 648 - ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE); 637 + ret = trusted_tpm_send(tb->data, tb->length); 649 638 if (ret < 0) { 650 639 pr_info("authhmac failed (%d)\n", ret); 651 640 return ret;

+89 -47

security/keys/trusted-keys/trusted_tpm2.c

··· 228 228 struct trusted_key_payload *payload, 229 229 struct trusted_key_options *options) 230 230 { 231 + off_t offset = TPM_HEADER_SIZE; 232 + struct tpm_buf buf, sized; 231 233 int blob_len = 0; 232 - struct tpm_buf buf; 233 234 u32 hash; 234 235 u32 flags; 235 236 int i; ··· 253 252 if (rc) 254 253 return rc; 255 254 255 + rc = tpm2_start_auth_session(chip); 256 + if (rc) 257 + goto out_put; 258 + 256 259 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); 257 260 if (rc) { 258 - tpm_put_ops(chip); 259 - return rc; 261 + tpm2_end_auth_session(chip); 262 + goto out_put; 260 263 } 261 264 262 - tpm_buf_append_u32(&buf, options->keyhandle); 263 - tpm2_buf_append_auth(&buf, TPM2_RS_PW, 264 - NULL /* nonce */, 0, 265 - 0 /* session_attributes */, 266 - options->keyauth /* hmac */, 267 - TPM_DIGEST_SIZE); 265 + rc = tpm_buf_init_sized(&sized); 266 + if (rc) { 267 + tpm_buf_destroy(&buf); 268 + tpm2_end_auth_session(chip); 269 + goto out_put; 270 + } 271 + 272 + tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); 273 + tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT, 274 + options->keyauth, TPM_DIGEST_SIZE); 268 275 269 276 /* sensitive */ 270 - tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len); 277 + tpm_buf_append_u16(&sized, options->blobauth_len); 271 278 272 - tpm_buf_append_u16(&buf, options->blobauth_len); 273 279 if (options->blobauth_len) 274 - tpm_buf_append(&buf, options->blobauth, options->blobauth_len); 280 + tpm_buf_append(&sized, options->blobauth, options->blobauth_len); 275 281 276 - tpm_buf_append_u16(&buf, payload->key_len); 277 - tpm_buf_append(&buf, payload->key, payload->key_len); 282 + tpm_buf_append_u16(&sized, payload->key_len); 283 + tpm_buf_append(&sized, payload->key, payload->key_len); 284 + tpm_buf_append(&buf, sized.data, sized.length); 278 285 279 286 /* public */ 280 - tpm_buf_append_u16(&buf, 14 + options->policydigest_len); 281 - tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH); 282 - tpm_buf_append_u16(&buf, hash); 287 + tpm_buf_reset_sized(&sized); 288 + tpm_buf_append_u16(&sized, TPM_ALG_KEYEDHASH); 289 + tpm_buf_append_u16(&sized, hash); 283 290 284 291 /* key properties */ 285 292 flags = 0; 286 293 flags |= options->policydigest_len ? 0 : TPM2_OA_USER_WITH_AUTH; 287 - flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM | 288 - TPM2_OA_FIXED_PARENT); 289 - tpm_buf_append_u32(&buf, flags); 294 + flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT); 295 + tpm_buf_append_u32(&sized, flags); 290 296 291 297 /* policy */ 292 - tpm_buf_append_u16(&buf, options->policydigest_len); 298 + tpm_buf_append_u16(&sized, options->policydigest_len); 293 299 if (options->policydigest_len) 294 - tpm_buf_append(&buf, options->policydigest, 295 - options->policydigest_len); 300 + tpm_buf_append(&sized, options->policydigest, options->policydigest_len); 296 301 297 302 /* public parameters */ 298 - tpm_buf_append_u16(&buf, TPM_ALG_NULL); 299 - tpm_buf_append_u16(&buf, 0); 303 + tpm_buf_append_u16(&sized, TPM_ALG_NULL); 304 + tpm_buf_append_u16(&sized, 0); 305 + 306 + tpm_buf_append(&buf, sized.data, sized.length); 300 307 301 308 /* outside info */ 302 309 tpm_buf_append_u16(&buf, 0); ··· 314 305 315 306 if (buf.flags & TPM_BUF_OVERFLOW) { 316 307 rc = -E2BIG; 308 + tpm2_end_auth_session(chip); 317 309 goto out; 318 310 } 319 311 312 + tpm_buf_fill_hmac_session(chip, &buf); 320 313 rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data"); 314 + rc = tpm_buf_check_hmac_response(chip, &buf, rc); 321 315 if (rc) 322 316 goto out; 323 317 324 - blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]); 325 - if (blob_len > MAX_BLOB_SIZE) { 318 + blob_len = tpm_buf_read_u32(&buf, &offset); 319 + if (blob_len > MAX_BLOB_SIZE || buf.flags & TPM_BUF_BOUNDARY_ERROR) { 326 320 rc = -E2BIG; 327 321 goto out; 328 322 } 329 - if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) { 323 + if (buf.length - offset < blob_len) { 330 324 rc = -EFAULT; 331 325 goto out; 332 326 } 333 327 334 - blob_len = tpm2_key_encode(payload, options, 335 - &buf.data[TPM_HEADER_SIZE + 4], 336 - blob_len); 328 + blob_len = tpm2_key_encode(payload, options, &buf.data[offset], blob_len); 337 329 338 330 out: 331 + tpm_buf_destroy(&sized); 339 332 tpm_buf_destroy(&buf); 340 333 341 334 if (rc > 0) { ··· 351 340 else 352 341 payload->blob_len = blob_len; 353 342 343 + out_put: 354 344 tpm_put_ops(chip); 355 345 return rc; 356 346 } ··· 421 409 if (blob_len > payload->blob_len) 422 410 return -E2BIG; 423 411 424 - rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); 412 + rc = tpm2_start_auth_session(chip); 425 413 if (rc) 426 414 return rc; 427 415 428 - tpm_buf_append_u32(&buf, options->keyhandle); 429 - tpm2_buf_append_auth(&buf, TPM2_RS_PW, 430 - NULL /* nonce */, 0, 431 - 0 /* session_attributes */, 432 - options->keyauth /* hmac */, 433 - TPM_DIGEST_SIZE); 416 + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); 417 + if (rc) { 418 + tpm2_end_auth_session(chip); 419 + return rc; 420 + } 421 + 422 + tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); 423 + tpm_buf_append_hmac_session(chip, &buf, 0, options->keyauth, 424 + TPM_DIGEST_SIZE); 434 425 435 426 tpm_buf_append(&buf, blob, blob_len); 436 427 437 428 if (buf.flags & TPM_BUF_OVERFLOW) { 438 429 rc = -E2BIG; 430 + tpm2_end_auth_session(chip); 439 431 goto out; 440 432 } 441 433 434 + tpm_buf_fill_hmac_session(chip, &buf); 442 435 rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob"); 436 + rc = tpm_buf_check_hmac_response(chip, &buf, rc); 443 437 if (!rc) 444 438 *blob_handle = be32_to_cpup( 445 439 (__be32 *) &buf.data[TPM_HEADER_SIZE]); ··· 483 465 u8 *data; 484 466 int rc; 485 467 486 - rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); 468 + rc = tpm2_start_auth_session(chip); 487 469 if (rc) 488 470 return rc; 489 471 490 - tpm_buf_append_u32(&buf, blob_handle); 491 - tpm2_buf_append_auth(&buf, 492 - options->policyhandle ? 493 - options->policyhandle : TPM2_RS_PW, 494 - NULL /* nonce */, 0, 495 - TPM2_SA_CONTINUE_SESSION, 496 - options->blobauth /* hmac */, 497 - options->blobauth_len); 472 + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); 473 + if (rc) { 474 + tpm2_end_auth_session(chip); 475 + return rc; 476 + } 498 477 478 + tpm_buf_append_name(chip, &buf, blob_handle, NULL); 479 + 480 + if (!options->policyhandle) { 481 + tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, 482 + options->blobauth, 483 + options->blobauth_len); 484 + } else { 485 + /* 486 + * FIXME: The policy session was generated outside the 487 + * kernel so we don't known the nonce and thus can't 488 + * calculate a HMAC on it. Therefore, the user can 489 + * only really use TPM2_PolicyPassword and we must 490 + * send down the plain text password, which could be 491 + * intercepted. We can still encrypt the returned 492 + * key, but that's small comfort since the interposer 493 + * could repeat our actions with the exfiltrated 494 + * password. 495 + */ 496 + tpm2_buf_append_auth(&buf, options->policyhandle, 497 + NULL /* nonce */, 0, 0, 498 + options->blobauth, options->blobauth_len); 499 + tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT, 500 + NULL, 0); 501 + } 502 + 503 + tpm_buf_fill_hmac_session(chip, &buf); 499 504 rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing"); 505 + rc = tpm_buf_check_hmac_response(chip, &buf, rc); 500 506 if (rc > 0) 501 507 rc = -EPERM; 502 508