tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'next-keys2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull keys updates from James Morris:
"Provide five new operations in the key_type struct that can be used to
provide access to asymmetric key operations. These will be implemented
for the asymmetric key type in a later patch and may refer to a key
retained in RAM by the kernel or a key retained in crypto hardware.
int (*asym_query)(const struct kernel_pkey_params *params,
struct kernel_pkey_query *info);
int (*asym_eds_op)(struct kernel_pkey_params *params,
const void *in, void *out);
int (*asym_verify_signature)(struct kernel_pkey_params *params,
const void *in, const void *in2);
Since encrypt, decrypt and sign are identical in their interfaces,
they're rolled together in the asym_eds_op() operation and there's an
operation ID in the params argument to distinguish them.
Verify is different in that we supply the data and the signature
instead and get an error value (or 0) as the only result on the
expectation that this may well be how a hardware crypto device may
work"
* 'next-keys2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (22 commits)
KEYS: asym_tpm: Add support for the sign operation [ver #2]
KEYS: asym_tpm: Implement tpm_sign [ver #2]
KEYS: asym_tpm: Implement signature verification [ver #2]
KEYS: asym_tpm: Implement the decrypt operation [ver #2]
KEYS: asym_tpm: Implement tpm_unbind [ver #2]
KEYS: asym_tpm: Add loadkey2 and flushspecific [ver #2]
KEYS: Move trusted.h to include/keys [ver #2]
KEYS: trusted: Expose common functionality [ver #2]
KEYS: asym_tpm: Implement encryption operation [ver #2]
KEYS: asym_tpm: Implement pkey_query [ver #2]
KEYS: Add parser for TPM-based keys [ver #2]
KEYS: asym_tpm: extract key size & public key [ver #2]
KEYS: asym_tpm: add skeleton for asym_tpm [ver #2]
crypto: rsa-pkcs1pad: Allow hash to be optional [ver #2]
KEYS: Implement PKCS#8 RSA Private Key parser [ver #2]
KEYS: Implement encrypt, decrypt and sign for software asymmetric key [ver #2]
KEYS: Allow the public_key struct to hold a private key [ver #2]
KEYS: Provide software public key query function [ver #2]
KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type [ver #2]
KEYS: Provide missing asymmetric key subops for new key type ops [ver #2]
...
+2516
-61
+21
-5
Documentation/crypto/asymmetric-keys.txt
+21
-5
Documentation/crypto/asymmetric-keys.txt
···
183
183
184
184
void (*describe)(const struct key *key, struct seq_file *m);
185
185
void (*destroy)(void *payload);
186
+
int (*query)(const struct kernel_pkey_params *params,
187
+
struct kernel_pkey_query *info);
188
+
int (*eds_op)(struct kernel_pkey_params *params,
189
+
const void *in, void *out);
186
190
int (*verify_signature)(const struct key *key,
187
191
const struct public_key_signature *sig);
188
192
};
···
211
207
asymmetric key will look after freeing the fingerprint and releasing the
212
208
reference on the subtype module.
213
209
214
-
(3) verify_signature().
210
+
(3) query().
215
211
216
-
Optional. These are the entry points for the key usage operations.
217
-
Currently there is only the one defined. If not set, the caller will be
218
-
given -ENOTSUPP. The subtype may do anything it likes to implement an
219
-
operation, including offloading to hardware.
212
+
Mandatory. This is a function for querying the capabilities of a key.
213
+
214
+
(4) eds_op().
215
+
216
+
Optional. This is the entry point for the encryption, decryption and
217
+
signature creation operations (which are distinguished by the operation ID
218
+
in the parameter struct). The subtype may do anything it likes to
219
+
implement an operation, including offloading to hardware.
220
+
221
+
(5) verify_signature().
222
+
223
+
Optional. This is the entry point for signature verification. The
224
+
subtype may do anything it likes to implement an operation, including
225
+
offloading to hardware.
220
226
221
227
222
228
==========================
···
248
234
- X.509 ASN.1 stream.
249
235
- Pointer to TPM key.
250
236
- Pointer to UEFI key.
237
+
- PKCS#8 private key [RFC 5208].
238
+
- PKCS#5 encrypted private key [RFC 2898].
251
239
252
240
During key instantiation each parser in the list is tried until one doesn't
253
241
return -EBADMSG.
+217
Documentation/security/keys/core.rst
+217
Documentation/security/keys/core.rst
···
859
859
and either the buffer length or the OtherInfo length exceeds the
860
860
allowed length.
861
861
862
+
862
863
* Restrict keyring linkage::
863
864
864
865
long keyctl(KEYCTL_RESTRICT_KEYRING, key_serial_t keyring,
···
889
888
chains or individual certificate signatures using the asymmetric key type.
890
889
See Documentation/crypto/asymmetric-keys.txt for specific restrictions
891
890
applicable to the asymmetric key type.
891
+
892
+
893
+
* Query an asymmetric key::
894
+
895
+
long keyctl(KEYCTL_PKEY_QUERY,
896
+
key_serial_t key_id, unsigned long reserved,
897
+
struct keyctl_pkey_query *info);
898
+
899
+
Get information about an asymmetric key. The information is returned in
900
+
the keyctl_pkey_query struct::
901
+
902
+
__u32 supported_ops;
903
+
__u32 key_size;
904
+
__u16 max_data_size;
905
+
__u16 max_sig_size;
906
+
__u16 max_enc_size;
907
+
__u16 max_dec_size;
908
+
__u32 __spare[10];
909
+
910
+
``supported_ops`` contains a bit mask of flags indicating which ops are
911
+
supported. This is constructed from a bitwise-OR of::
912
+
913
+
KEYCTL_SUPPORTS_{ENCRYPT,DECRYPT,SIGN,VERIFY}
914
+
915
+
``key_size`` indicated the size of the key in bits.
916
+
917
+
``max_*_size`` indicate the maximum sizes in bytes of a blob of data to be
918
+
signed, a signature blob, a blob to be encrypted and a blob to be
919
+
decrypted.
920
+
921
+
``__spare[]`` must be set to 0. This is intended for future use to hand
922
+
over one or more passphrases needed unlock a key.
923
+
924
+
If successful, 0 is returned. If the key is not an asymmetric key,
925
+
EOPNOTSUPP is returned.
926
+
927
+
928
+
* Encrypt, decrypt, sign or verify a blob using an asymmetric key::
929
+
930
+
long keyctl(KEYCTL_PKEY_ENCRYPT,
931
+
const struct keyctl_pkey_params *params,
932
+
const char *info,
933
+
const void *in,
934
+
void *out);
935
+
936
+
long keyctl(KEYCTL_PKEY_DECRYPT,
937
+
const struct keyctl_pkey_params *params,
938
+
const char *info,
939
+
const void *in,
940
+
void *out);
941
+
942
+
long keyctl(KEYCTL_PKEY_SIGN,
943
+
const struct keyctl_pkey_params *params,
944
+
const char *info,
945
+
const void *in,
946
+
void *out);
947
+
948
+
long keyctl(KEYCTL_PKEY_VERIFY,
949
+
const struct keyctl_pkey_params *params,
950
+
const char *info,
951
+
const void *in,
952
+
const void *in2);
953
+
954
+
Use an asymmetric key to perform a public-key cryptographic operation a
955
+
blob of data. For encryption and verification, the asymmetric key may
956
+
only need the public parts to be available, but for decryption and signing
957
+
the private parts are required also.
958
+
959
+
The parameter block pointed to by params contains a number of integer
960
+
values::
961
+
962
+
__s32 key_id;
963
+
__u32 in_len;
964
+
__u32 out_len;
965
+
__u32 in2_len;
966
+
967
+
``key_id`` is the ID of the asymmetric key to be used. ``in_len`` and
968
+
``in2_len`` indicate the amount of data in the in and in2 buffers and
969
+
``out_len`` indicates the size of the out buffer as appropriate for the
970
+
above operations.
971
+
972
+
For a given operation, the in and out buffers are used as follows::
973
+
974
+
Operation ID in,in_len out,out_len in2,in2_len
975
+
======================= =============== =============== ===============
976
+
KEYCTL_PKEY_ENCRYPT Raw data Encrypted data -
977
+
KEYCTL_PKEY_DECRYPT Encrypted data Raw data -
978
+
KEYCTL_PKEY_SIGN Raw data Signature -
979
+
KEYCTL_PKEY_VERIFY Raw data - Signature
980
+
981
+
``info`` is a string of key=value pairs that supply supplementary
982
+
information. These include:
983
+
984
+
``enc=<encoding>`` The encoding of the encrypted/signature blob. This
985
+
can be "pkcs1" for RSASSA-PKCS1-v1.5 or
986
+
RSAES-PKCS1-v1.5; "pss" for "RSASSA-PSS"; "oaep" for
987
+
"RSAES-OAEP". If omitted or is "raw", the raw output
988
+
of the encryption function is specified.
989
+
990
+
``hash=<algo>`` If the data buffer contains the output of a hash
991
+
function and the encoding includes some indication of
992
+
which hash function was used, the hash function can be
993
+
specified with this, eg. "hash=sha256".
994
+
995
+
The ``__spare[]`` space in the parameter block must be set to 0. This is
996
+
intended, amongst other things, to allow the passing of passphrases
997
+
required to unlock a key.
998
+
999
+
If successful, encrypt, decrypt and sign all return the amount of data
1000
+
written into the output buffer. Verification returns 0 on success.
892
1001
893
1002
894
1003
Kernel Services
···
1592
1481
name) is passed in, and this method returns a pointer to a key_restriction
1593
1482
structure containing the relevant functions and data to evaluate each
1594
1483
attempted key link operation. If there is no match, -EINVAL is returned.
1484
+
1485
+
1486
+
* ``int (*asym_eds_op)(struct kernel_pkey_params *params,
1487
+
const void *in, void *out);``
1488
+
``int (*asym_verify_signature)(struct kernel_pkey_params *params,
1489
+
const void *in, const void *in2);``
1490
+
1491
+
These methods are optional. If provided the first allows a key to be
1492
+
used to encrypt, decrypt or sign a blob of data, and the second allows a
1493
+
key to verify a signature.
1494
+
1495
+
In all cases, the following information is provided in the params block::
1496
+
1497
+
struct kernel_pkey_params {
1498
+
struct key *key;
1499
+
const char *encoding;
1500
+
const char *hash_algo;
1501
+
char *info;
1502
+
__u32 in_len;
1503
+
union {
1504
+
__u32 out_len;
1505
+
__u32 in2_len;
1506
+
};
1507
+
enum kernel_pkey_operation op : 8;
1508
+
};
1509
+
1510
+
This includes the key to be used; a string indicating the encoding to use
1511
+
(for instance, "pkcs1" may be used with an RSA key to indicate
1512
+
RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding or "raw" if no encoding);
1513
+
the name of the hash algorithm used to generate the data for a signature
1514
+
(if appropriate); the sizes of the input and output (or second input)
1515
+
buffers; and the ID of the operation to be performed.
1516
+
1517
+
For a given operation ID, the input and output buffers are used as
1518
+
follows::
1519
+
1520
+
Operation ID in,in_len out,out_len in2,in2_len
1521
+
======================= =============== =============== ===============
1522
+
kernel_pkey_encrypt Raw data Encrypted data -
1523
+
kernel_pkey_decrypt Encrypted data Raw data -
1524
+
kernel_pkey_sign Raw data Signature -
1525
+
kernel_pkey_verify Raw data - Signature
1526
+
1527
+
asym_eds_op() deals with encryption, decryption and signature creation as
1528
+
specified by params->op. Note that params->op is also set for
1529
+
asym_verify_signature().
1530
+
1531
+
Encrypting and signature creation both take raw data in the input buffer
1532
+
and return the encrypted result in the output buffer. Padding may have
1533
+
been added if an encoding was set. In the case of signature creation,
1534
+
depending on the encoding, the padding created may need to indicate the
1535
+
digest algorithm - the name of which should be supplied in hash_algo.
1536
+
1537
+
Decryption takes encrypted data in the input buffer and returns the raw
1538
+
data in the output buffer. Padding will get checked and stripped off if
1539
+
an encoding was set.
1540
+
1541
+
Verification takes raw data in the input buffer and the signature in the
1542
+
second input buffer and checks that the one matches the other. Padding
1543
+
will be validated. Depending on the encoding, the digest algorithm used
1544
+
to generate the raw data may need to be indicated in hash_algo.
1545
+
1546
+
If successful, asym_eds_op() should return the number of bytes written
1547
+
into the output buffer. asym_verify_signature() should return 0.
1548
+
1549
+
A variety of errors may be returned, including EOPNOTSUPP if the operation
1550
+
is not supported; EKEYREJECTED if verification fails; ENOPKG if the
1551
+
required crypto isn't available.
1552
+
1553
+
1554
+
* ``int (*asym_query)(const struct kernel_pkey_params *params,
1555
+
struct kernel_pkey_query *info);``
1556
+
1557
+
This method is optional. If provided it allows information about the
1558
+
public or asymmetric key held in the key to be determined.
1559
+
1560
+
The parameter block is as for asym_eds_op() and co. but in_len and out_len
1561
+
are unused. The encoding and hash_algo fields should be used to reduce
1562
+
the returned buffer/data sizes as appropriate.
1563
+
1564
+
If successful, the following information is filled in::
1565
+
1566
+
struct kernel_pkey_query {
1567
+
__u32 supported_ops;
1568
+
__u32 key_size;
1569
+
__u16 max_data_size;
1570
+
__u16 max_sig_size;
1571
+
__u16 max_enc_size;
1572
+
__u16 max_dec_size;
1573
+
};
1574
+
1575
+
The supported_ops field will contain a bitmask indicating what operations
1576
+
are supported by the key, including encryption of a blob, decryption of a
1577
+
blob, signing a blob and verifying the signature on a blob. The following
1578
+
constants are defined for this::
1579
+
1580
+
KEYCTL_SUPPORTS_{ENCRYPT,DECRYPT,SIGN,VERIFY}
1581
+
1582
+
The key_size field is the size of the key in bits. max_data_size and
1583
+
max_sig_size are the maximum raw data and signature sizes for creation and
1584
+
verification of a signature; max_enc_size and max_dec_size are the maximum
1585
+
raw data and signature sizes for encryption and decryption. The
1586
+
max_*_size fields are measured in bytes.
1587
+
1588
+
If successful, 0 will be returned. If the key doesn't support this,
1589
+
EOPNOTSUPP will be returned.
1595
1590
1596
1591
1597
1592
Request-Key Callback Service
+31
crypto/asymmetric_keys/Kconfig
+31
crypto/asymmetric_keys/Kconfig
···
21
21
appropriate hash algorithms (such as SHA-1) must be available.
22
22
ENOPKG will be reported if the requisite algorithm is unavailable.
23
23
24
+
config ASYMMETRIC_TPM_KEY_SUBTYPE
25
+
tristate "Asymmetric TPM backed private key subtype"
26
+
depends on TCG_TPM
27
+
depends on TRUSTED_KEYS
28
+
select CRYPTO_HMAC
29
+
select CRYPTO_SHA1
30
+
select CRYPTO_HASH_INFO
31
+
help
32
+
This option provides support for TPM backed private key type handling.
33
+
Operations such as sign, verify, encrypt, decrypt are performed by
34
+
the TPM after the private key is loaded.
35
+
24
36
config X509_CERTIFICATE_PARSER
25
37
tristate "X.509 certificate parser"
26
38
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
···
42
30
This option provides support for parsing X.509 format blobs for key
43
31
data and provides the ability to instantiate a crypto key from a
44
32
public key packet found inside the certificate.
33
+
34
+
config PKCS8_PRIVATE_KEY_PARSER
35
+
tristate "PKCS#8 private key parser"
36
+
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
37
+
select ASN1
38
+
select OID_REGISTRY
39
+
help
40
+
This option provides support for parsing PKCS#8 format blobs for
41
+
private key data and provides the ability to instantiate a crypto key
42
+
from that data.
43
+
44
+
config TPM_KEY_PARSER
45
+
tristate "TPM private key parser"
46
+
depends on ASYMMETRIC_TPM_KEY_SUBTYPE
47
+
select ASN1
48
+
help
49
+
This option provides support for parsing TPM format blobs for
50
+
private key data and provides the ability to instantiate a crypto key
51
+
from that data.
45
52
46
53
config PKCS7_MESSAGE_PARSER
47
54
tristate "PKCS#7 message parser"
+25
crypto/asymmetric_keys/Makefile
+25
crypto/asymmetric_keys/Makefile
···
11
11
signature.o
12
12
13
13
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
14
+
obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o
14
15
15
16
#
16
17
# X.509 Certificate handling
···
29
28
30
29
$(obj)/x509.asn1.o: $(obj)/x509.asn1.c $(obj)/x509.asn1.h
31
30
$(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h
31
+
32
+
#
33
+
# PKCS#8 private key handling
34
+
#
35
+
obj-$(CONFIG_PKCS8_PRIVATE_KEY_PARSER) += pkcs8_key_parser.o
36
+
pkcs8_key_parser-y := \
37
+
pkcs8.asn1.o \
38
+
pkcs8_parser.o
39
+
40
+
$(obj)/pkcs8_parser.o: $(obj)/pkcs8.asn1.h
41
+
$(obj)/pkcs8-asn1.o: $(obj)/pkcs8.asn1.c $(obj)/pkcs8.asn1.h
42
+
43
+
clean-files += pkcs8.asn1.c pkcs8.asn1.h
32
44
33
45
#
34
46
# PKCS#7 message handling
···
75
61
76
62
$(obj)/mscode_parser.o: $(obj)/mscode.asn1.h $(obj)/mscode.asn1.h
77
63
$(obj)/mscode.asn1.o: $(obj)/mscode.asn1.c $(obj)/mscode.asn1.h
64
+
65
+
#
66
+
# TPM private key parsing
67
+
#
68
+
obj-$(CONFIG_TPM_KEY_PARSER) += tpm_key_parser.o
69
+
tpm_key_parser-y := \
70
+
tpm.asn1.o \
71
+
tpm_parser.o
72
+
73
+
$(obj)/tpm_parser.o: $(obj)/tpm.asn1.h
74
+
$(obj)/tpm.asn1.o: $(obj)/tpm.asn1.c $(obj)/tpm.asn1.h
+988
crypto/asymmetric_keys/asym_tpm.c
+988
crypto/asymmetric_keys/asym_tpm.c
···
1
+
// SPDX-License-Identifier: GPL-2.0
2
+
#define pr_fmt(fmt) "ASYM-TPM: "fmt
3
+
#include <linux/slab.h>
4
+
#include <linux/module.h>
5
+
#include <linux/export.h>
6
+
#include <linux/kernel.h>
7
+
#include <linux/seq_file.h>
8
+
#include <linux/scatterlist.h>
9
+
#include <linux/tpm.h>
10
+
#include <linux/tpm_command.h>
11
+
#include <crypto/akcipher.h>
12
+
#include <crypto/hash.h>
13
+
#include <crypto/sha.h>
14
+
#include <asm/unaligned.h>
15
+
#include <keys/asymmetric-subtype.h>
16
+
#include <keys/trusted.h>
17
+
#include <crypto/asym_tpm_subtype.h>
18
+
#include <crypto/public_key.h>
19
+
20
+
#define TPM_ORD_FLUSHSPECIFIC 186
21
+
#define TPM_ORD_LOADKEY2 65
22
+
#define TPM_ORD_UNBIND 30
23
+
#define TPM_ORD_SIGN 60
24
+
#define TPM_LOADKEY2_SIZE 59
25
+
#define TPM_FLUSHSPECIFIC_SIZE 18
26
+
#define TPM_UNBIND_SIZE 63
27
+
#define TPM_SIGN_SIZE 63
28
+
29
+
#define TPM_RT_KEY 0x00000001
30
+
31
+
/*
32
+
* Load a TPM key from the blob provided by userspace
33
+
*/
34
+
static int tpm_loadkey2(struct tpm_buf *tb,
35
+
uint32_t keyhandle, unsigned char *keyauth,
36
+
const unsigned char *keyblob, int keybloblen,
37
+
uint32_t *newhandle)
38
+
{
39
+
unsigned char nonceodd[TPM_NONCE_SIZE];
40
+
unsigned char enonce[TPM_NONCE_SIZE];
41
+
unsigned char authdata[SHA1_DIGEST_SIZE];
42
+
uint32_t authhandle = 0;
43
+
unsigned char cont = 0;
44
+
uint32_t ordinal;
45
+
int ret;
46
+
47
+
ordinal = htonl(TPM_ORD_LOADKEY2);
48
+
49
+
/* session for loading the key */
50
+
ret = oiap(tb, &authhandle, enonce);
51
+
if (ret < 0) {
52
+
pr_info("oiap failed (%d)\n", ret);
53
+
return ret;
54
+
}
55
+
56
+
/* generate odd nonce */
57
+
ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
58
+
if (ret < 0) {
59
+
pr_info("tpm_get_random failed (%d)\n", ret);
60
+
return ret;
61
+
}
62
+
63
+
/* calculate authorization HMAC value */
64
+
ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
65
+
nonceodd, cont, sizeof(uint32_t), &ordinal,
66
+
keybloblen, keyblob, 0, 0);
67
+
if (ret < 0)
68
+
return ret;
69
+
70
+
/* build the request buffer */
71
+
INIT_BUF(tb);
72
+
store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
73
+
store32(tb, TPM_LOADKEY2_SIZE + keybloblen);
74
+
store32(tb, TPM_ORD_LOADKEY2);
75
+
store32(tb, keyhandle);
76
+
storebytes(tb, keyblob, keybloblen);
77
+
store32(tb, authhandle);
78
+
storebytes(tb, nonceodd, TPM_NONCE_SIZE);
79
+
store8(tb, cont);
80
+
storebytes(tb, authdata, SHA1_DIGEST_SIZE);
81
+
82
+
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
83
+
if (ret < 0) {
84
+
pr_info("authhmac failed (%d)\n", ret);
85
+
return ret;
86
+
}
87
+
88
+
ret = TSS_checkhmac1(tb->data, ordinal, nonceodd, keyauth,
89
+
SHA1_DIGEST_SIZE, 0, 0);
90
+
if (ret < 0) {
91
+
pr_info("TSS_checkhmac1 failed (%d)\n", ret);
92
+
return ret;
93
+
}
94
+
95
+
*newhandle = LOAD32(tb->data, TPM_DATA_OFFSET);
96
+
return 0;
97
+
}
98
+
99
+
/*
100
+
* Execute the FlushSpecific TPM command
101
+
*/
102
+
static int tpm_flushspecific(struct tpm_buf *tb, uint32_t handle)
103
+
{
104
+
INIT_BUF(tb);
105
+
store16(tb, TPM_TAG_RQU_COMMAND);
106
+
store32(tb, TPM_FLUSHSPECIFIC_SIZE);
107
+
store32(tb, TPM_ORD_FLUSHSPECIFIC);
108
+
store32(tb, handle);
109
+
store32(tb, TPM_RT_KEY);
110
+
111
+
return trusted_tpm_send(tb->data, MAX_BUF_SIZE);
112
+
}
113
+
114
+
/*
115
+
* Decrypt a blob provided by userspace using a specific key handle.
116
+
* The handle is a well known handle or previously loaded by e.g. LoadKey2
117
+
*/
118
+
static int tpm_unbind(struct tpm_buf *tb,
119
+
uint32_t keyhandle, unsigned char *keyauth,
120
+
const unsigned char *blob, uint32_t bloblen,
121
+
void *out, uint32_t outlen)
122
+
{
123
+
unsigned char nonceodd[TPM_NONCE_SIZE];
124
+
unsigned char enonce[TPM_NONCE_SIZE];
125
+
unsigned char authdata[SHA1_DIGEST_SIZE];
126
+
uint32_t authhandle = 0;
127
+
unsigned char cont = 0;
128
+
uint32_t ordinal;
129
+
uint32_t datalen;
130
+
int ret;
131
+
132
+
ordinal = htonl(TPM_ORD_UNBIND);
133
+
datalen = htonl(bloblen);
134
+
135
+
/* session for loading the key */
136
+
ret = oiap(tb, &authhandle, enonce);
137
+
if (ret < 0) {
138
+
pr_info("oiap failed (%d)\n", ret);
139
+
return ret;
140
+
}
141
+
142
+
/* generate odd nonce */
143
+
ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
144
+
if (ret < 0) {
145
+
pr_info("tpm_get_random failed (%d)\n", ret);
146
+
return ret;
147
+
}
148
+
149
+
/* calculate authorization HMAC value */
150
+
ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
151
+
nonceodd, cont, sizeof(uint32_t), &ordinal,
152
+
sizeof(uint32_t), &datalen,
153
+
bloblen, blob, 0, 0);
154
+
if (ret < 0)
155
+
return ret;
156
+
157
+
/* build the request buffer */
158
+
INIT_BUF(tb);
159
+
store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
160
+
store32(tb, TPM_UNBIND_SIZE + bloblen);
161
+
store32(tb, TPM_ORD_UNBIND);
162
+
store32(tb, keyhandle);
163
+
store32(tb, bloblen);
164
+
storebytes(tb, blob, bloblen);
165
+
store32(tb, authhandle);
166
+
storebytes(tb, nonceodd, TPM_NONCE_SIZE);
167
+
store8(tb, cont);
168
+
storebytes(tb, authdata, SHA1_DIGEST_SIZE);
169
+
170
+
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
171
+
if (ret < 0) {
172
+
pr_info("authhmac failed (%d)\n", ret);
173
+
return ret;
174
+
}
175
+
176
+
datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
177
+
178
+
ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
179
+
keyauth, SHA1_DIGEST_SIZE,
180
+
sizeof(uint32_t), TPM_DATA_OFFSET,
181
+
datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
182
+
0, 0);
183
+
if (ret < 0) {
184
+
pr_info("TSS_checkhmac1 failed (%d)\n", ret);
185
+
return ret;
186
+
}
187
+
188
+
memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
189
+
min(outlen, datalen));
190
+
191
+
return datalen;
192
+
}
193
+
194
+
/*
195
+
* Sign a blob provided by userspace (that has had the hash function applied)
196
+
* using a specific key handle. The handle is assumed to have been previously
197
+
* loaded by e.g. LoadKey2.
198
+
*
199
+
* Note that the key signature scheme of the used key should be set to
200
+
* TPM_SS_RSASSAPKCS1v15_DER. This allows the hashed input to be of any size
201
+
* up to key_length_in_bytes - 11 and not be limited to size 20 like the
202
+
* TPM_SS_RSASSAPKCS1v15_SHA1 signature scheme.
203
+
*/
204
+
static int tpm_sign(struct tpm_buf *tb,
205
+
uint32_t keyhandle, unsigned char *keyauth,
206
+
const unsigned char *blob, uint32_t bloblen,
207
+
void *out, uint32_t outlen)
208
+
{
209
+
unsigned char nonceodd[TPM_NONCE_SIZE];
210
+
unsigned char enonce[TPM_NONCE_SIZE];
211
+
unsigned char authdata[SHA1_DIGEST_SIZE];
212
+
uint32_t authhandle = 0;
213
+
unsigned char cont = 0;
214
+
uint32_t ordinal;
215
+
uint32_t datalen;
216
+
int ret;
217
+
218
+
ordinal = htonl(TPM_ORD_SIGN);
219
+
datalen = htonl(bloblen);
220
+
221
+
/* session for loading the key */
222
+
ret = oiap(tb, &authhandle, enonce);
223
+
if (ret < 0) {
224
+
pr_info("oiap failed (%d)\n", ret);
225
+
return ret;
226
+
}
227
+
228
+
/* generate odd nonce */
229
+
ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
230
+
if (ret < 0) {
231
+
pr_info("tpm_get_random failed (%d)\n", ret);
232
+
return ret;
233
+
}
234
+
235
+
/* calculate authorization HMAC value */
236
+
ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
237
+
nonceodd, cont, sizeof(uint32_t), &ordinal,
238
+
sizeof(uint32_t), &datalen,
239
+
bloblen, blob, 0, 0);
240
+
if (ret < 0)
241
+
return ret;
242
+
243
+
/* build the request buffer */
244
+
INIT_BUF(tb);
245
+
store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
246
+
store32(tb, TPM_SIGN_SIZE + bloblen);
247
+
store32(tb, TPM_ORD_SIGN);
248
+
store32(tb, keyhandle);
249
+
store32(tb, bloblen);
250
+
storebytes(tb, blob, bloblen);
251
+
store32(tb, authhandle);
252
+
storebytes(tb, nonceodd, TPM_NONCE_SIZE);
253
+
store8(tb, cont);
254
+
storebytes(tb, authdata, SHA1_DIGEST_SIZE);
255
+
256
+
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
257
+
if (ret < 0) {
258
+
pr_info("authhmac failed (%d)\n", ret);
259
+
return ret;
260
+
}
261
+
262
+
datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
263
+
264
+
ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
265
+
keyauth, SHA1_DIGEST_SIZE,
266
+
sizeof(uint32_t), TPM_DATA_OFFSET,
267
+
datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
268
+
0, 0);
269
+
if (ret < 0) {
270
+
pr_info("TSS_checkhmac1 failed (%d)\n", ret);
271
+
return ret;
272
+
}
273
+
274
+
memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
275
+
min(datalen, outlen));
276
+
277
+
return datalen;
278
+
}
279
+
/*
280
+
* Maximum buffer size for the BER/DER encoded public key. The public key
281
+
* is of the form SEQUENCE { INTEGER n, INTEGER e } where n is a maximum 2048
282
+
* bit key and e is usually 65537
283
+
* The encoding overhead is:
284
+
* - max 4 bytes for SEQUENCE
285
+
* - max 4 bytes for INTEGER n type/length
286
+
* - 257 bytes of n
287
+
* - max 2 bytes for INTEGER e type/length
288
+
* - 3 bytes of e
289
+
*/
290
+
#define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3)
291
+
292
+
/*
293
+
* Provide a part of a description of the key for /proc/keys.
294
+
*/
295
+
static void asym_tpm_describe(const struct key *asymmetric_key,
296
+
struct seq_file *m)
297
+
{
298
+
struct tpm_key *tk = asymmetric_key->payload.data[asym_crypto];
299
+
300
+
if (!tk)
301
+
return;
302
+
303
+
seq_printf(m, "TPM1.2/Blob");
304
+
}
305
+
306
+
static void asym_tpm_destroy(void *payload0, void *payload3)
307
+
{
308
+
struct tpm_key *tk = payload0;
309
+
310
+
if (!tk)
311
+
return;
312
+
313
+
kfree(tk->blob);
314
+
tk->blob_len = 0;
315
+
316
+
kfree(tk);
317
+
}
318
+
319
+
/* How many bytes will it take to encode the length */
320
+
static inline uint32_t definite_length(uint32_t len)
321
+
{
322
+
if (len <= 127)
323
+
return 1;
324
+
if (len <= 255)
325
+
return 2;
326
+
return 3;
327
+
}
328
+
329
+
static inline uint8_t *encode_tag_length(uint8_t *buf, uint8_t tag,
330
+
uint32_t len)
331
+
{
332
+
*buf++ = tag;
333
+
334
+
if (len <= 127) {
335
+
buf[0] = len;
336
+
return buf + 1;
337
+
}
338
+
339
+
if (len <= 255) {
340
+
buf[0] = 0x81;
341
+
buf[1] = len;
342
+
return buf + 2;
343
+
}
344
+
345
+
buf[0] = 0x82;
346
+
put_unaligned_be16(len, buf + 1);
347
+
return buf + 3;
348
+
}
349
+
350
+
static uint32_t derive_pub_key(const void *pub_key, uint32_t len, uint8_t *buf)
351
+
{
352
+
uint8_t *cur = buf;
353
+
uint32_t n_len = definite_length(len) + 1 + len + 1;
354
+
uint32_t e_len = definite_length(3) + 1 + 3;
355
+
uint8_t e[3] = { 0x01, 0x00, 0x01 };
356
+
357
+
/* SEQUENCE */
358
+
cur = encode_tag_length(cur, 0x30, n_len + e_len);
359
+
/* INTEGER n */
360
+
cur = encode_tag_length(cur, 0x02, len + 1);
361
+
cur[0] = 0x00;
362
+
memcpy(cur + 1, pub_key, len);
363
+
cur += len + 1;
364
+
cur = encode_tag_length(cur, 0x02, sizeof(e));
365
+
memcpy(cur, e, sizeof(e));
366
+
cur += sizeof(e);
367
+
368
+
return cur - buf;
369
+
}
370
+
371
+
/*
372
+
* Determine the crypto algorithm name.
373
+
*/
374
+
static int determine_akcipher(const char *encoding, const char *hash_algo,
375
+
char alg_name[CRYPTO_MAX_ALG_NAME])
376
+
{
377
+
if (strcmp(encoding, "pkcs1") == 0) {
378
+
if (!hash_algo) {
379
+
strcpy(alg_name, "pkcs1pad(rsa)");
380
+
return 0;
381
+
}
382
+
383
+
if (snprintf(alg_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(rsa,%s)",
384
+
hash_algo) >= CRYPTO_MAX_ALG_NAME)
385
+
return -EINVAL;
386
+
387
+
return 0;
388
+
}
389
+
390
+
if (strcmp(encoding, "raw") == 0) {
391
+
strcpy(alg_name, "rsa");
392
+
return 0;
393
+
}
394
+
395
+
return -ENOPKG;
396
+
}
397
+
398
+
/*
399
+
* Query information about a key.
400
+
*/
401
+
static int tpm_key_query(const struct kernel_pkey_params *params,
402
+
struct kernel_pkey_query *info)
403
+
{
404
+
struct tpm_key *tk = params->key->payload.data[asym_crypto];
405
+
int ret;
406
+
char alg_name[CRYPTO_MAX_ALG_NAME];
407
+
struct crypto_akcipher *tfm;
408
+
uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
409
+
uint32_t der_pub_key_len;
410
+
int len;
411
+
412
+
/* TPM only works on private keys, public keys still done in software */
413
+
ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
414
+
if (ret < 0)
415
+
return ret;
416
+
417
+
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
418
+
if (IS_ERR(tfm))
419
+
return PTR_ERR(tfm);
420
+
421
+
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
422
+
der_pub_key);
423
+
424
+
ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
425
+
if (ret < 0)
426
+
goto error_free_tfm;
427
+
428
+
len = crypto_akcipher_maxsize(tfm);
429
+
430
+
info->key_size = tk->key_len;
431
+
info->max_data_size = tk->key_len / 8;
432
+
info->max_sig_size = len;
433
+
info->max_enc_size = len;
434
+
info->max_dec_size = tk->key_len / 8;
435
+
436
+
info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT |
437
+
KEYCTL_SUPPORTS_DECRYPT |
438
+
KEYCTL_SUPPORTS_VERIFY |
439
+
KEYCTL_SUPPORTS_SIGN;
440
+
441
+
ret = 0;
442
+
error_free_tfm:
443
+
crypto_free_akcipher(tfm);
444
+
pr_devel("<==%s() = %d\n", __func__, ret);
445
+
return ret;
446
+
}
447
+
448
+
/*
449
+
* Encryption operation is performed with the public key. Hence it is done
450
+
* in software
451
+
*/
452
+
static int tpm_key_encrypt(struct tpm_key *tk,
453
+
struct kernel_pkey_params *params,
454
+
const void *in, void *out)
455
+
{
456
+
char alg_name[CRYPTO_MAX_ALG_NAME];
457
+
struct crypto_akcipher *tfm;
458
+
struct akcipher_request *req;
459
+
struct crypto_wait cwait;
460
+
struct scatterlist in_sg, out_sg;
461
+
uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
462
+
uint32_t der_pub_key_len;
463
+
int ret;
464
+
465
+
pr_devel("==>%s()\n", __func__);
466
+
467
+
ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
468
+
if (ret < 0)
469
+
return ret;
470
+
471
+
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
472
+
if (IS_ERR(tfm))
473
+
return PTR_ERR(tfm);
474
+
475
+
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
476
+
der_pub_key);
477
+
478
+
ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
479
+
if (ret < 0)
480
+
goto error_free_tfm;
481
+
482
+
req = akcipher_request_alloc(tfm, GFP_KERNEL);
483
+
if (!req)
484
+
goto error_free_tfm;
485
+
486
+
sg_init_one(&in_sg, in, params->in_len);
487
+
sg_init_one(&out_sg, out, params->out_len);
488
+
akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
489
+
params->out_len);
490
+
crypto_init_wait(&cwait);
491
+
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
492
+
CRYPTO_TFM_REQ_MAY_SLEEP,
493
+
crypto_req_done, &cwait);
494
+
495
+
ret = crypto_akcipher_encrypt(req);
496
+
ret = crypto_wait_req(ret, &cwait);
497
+
498
+
if (ret == 0)
499
+
ret = req->dst_len;
500
+
501
+
akcipher_request_free(req);
502
+
error_free_tfm:
503
+
crypto_free_akcipher(tfm);
504
+
pr_devel("<==%s() = %d\n", __func__, ret);
505
+
return ret;
506
+
}
507
+
508
+
/*
509
+
* Decryption operation is performed with the private key in the TPM.
510
+
*/
511
+
static int tpm_key_decrypt(struct tpm_key *tk,
512
+
struct kernel_pkey_params *params,
513
+
const void *in, void *out)
514
+
{
515
+
struct tpm_buf *tb;
516
+
uint32_t keyhandle;
517
+
uint8_t srkauth[SHA1_DIGEST_SIZE];
518
+
uint8_t keyauth[SHA1_DIGEST_SIZE];
519
+
int r;
520
+
521
+
pr_devel("==>%s()\n", __func__);
522
+
523
+
if (params->hash_algo)
524
+
return -ENOPKG;
525
+
526
+
if (strcmp(params->encoding, "pkcs1"))
527
+
return -ENOPKG;
528
+
529
+
tb = kzalloc(sizeof(*tb), GFP_KERNEL);
530
+
if (!tb)
531
+
return -ENOMEM;
532
+
533
+
/* TODO: Handle a non-all zero SRK authorization */
534
+
memset(srkauth, 0, sizeof(srkauth));
535
+
536
+
r = tpm_loadkey2(tb, SRKHANDLE, srkauth,
537
+
tk->blob, tk->blob_len, &keyhandle);
538
+
if (r < 0) {
539
+
pr_devel("loadkey2 failed (%d)\n", r);
540
+
goto error;
541
+
}
542
+
543
+
/* TODO: Handle a non-all zero key authorization */
544
+
memset(keyauth, 0, sizeof(keyauth));
545
+
546
+
r = tpm_unbind(tb, keyhandle, keyauth,
547
+
in, params->in_len, out, params->out_len);
548
+
if (r < 0)
549
+
pr_devel("tpm_unbind failed (%d)\n", r);
550
+
551
+
if (tpm_flushspecific(tb, keyhandle) < 0)
552
+
pr_devel("flushspecific failed (%d)\n", r);
553
+
554
+
error:
555
+
kzfree(tb);
556
+
pr_devel("<==%s() = %d\n", __func__, r);
557
+
return r;
558
+
}
559
+
560
+
/*
561
+
* Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
562
+
*/
563
+
static const u8 digest_info_md5[] = {
564
+
0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
565
+
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */
566
+
0x05, 0x00, 0x04, 0x10
567
+
};
568
+
569
+
static const u8 digest_info_sha1[] = {
570
+
0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
571
+
0x2b, 0x0e, 0x03, 0x02, 0x1a,
572
+
0x05, 0x00, 0x04, 0x14
573
+
};
574
+
575
+
static const u8 digest_info_rmd160[] = {
576
+
0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
577
+
0x2b, 0x24, 0x03, 0x02, 0x01,
578
+
0x05, 0x00, 0x04, 0x14
579
+
};
580
+
581
+
static const u8 digest_info_sha224[] = {
582
+
0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
583
+
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
584
+
0x05, 0x00, 0x04, 0x1c
585
+
};
586
+
587
+
static const u8 digest_info_sha256[] = {
588
+
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
589
+
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
590
+
0x05, 0x00, 0x04, 0x20
591
+
};
592
+
593
+
static const u8 digest_info_sha384[] = {
594
+
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
595
+
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
596
+
0x05, 0x00, 0x04, 0x30
597
+
};
598
+
599
+
static const u8 digest_info_sha512[] = {
600
+
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
601
+
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
602
+
0x05, 0x00, 0x04, 0x40
603
+
};
604
+
605
+
static const struct asn1_template {
606
+
const char *name;
607
+
const u8 *data;
608
+
size_t size;
609
+
} asn1_templates[] = {
610
+
#define _(X) { #X, digest_info_##X, sizeof(digest_info_##X) }
611
+
_(md5),
612
+
_(sha1),
613
+
_(rmd160),
614
+
_(sha256),
615
+
_(sha384),
616
+
_(sha512),
617
+
_(sha224),
618
+
{ NULL }
619
+
#undef _
620
+
};
621
+
622
+
static const struct asn1_template *lookup_asn1(const char *name)
623
+
{
624
+
const struct asn1_template *p;
625
+
626
+
for (p = asn1_templates; p->name; p++)
627
+
if (strcmp(name, p->name) == 0)
628
+
return p;
629
+
return NULL;
630
+
}
631
+
632
+
/*
633
+
* Sign operation is performed with the private key in the TPM.
634
+
*/
635
+
static int tpm_key_sign(struct tpm_key *tk,
636
+
struct kernel_pkey_params *params,
637
+
const void *in, void *out)
638
+
{
639
+
struct tpm_buf *tb;
640
+
uint32_t keyhandle;
641
+
uint8_t srkauth[SHA1_DIGEST_SIZE];
642
+
uint8_t keyauth[SHA1_DIGEST_SIZE];
643
+
void *asn1_wrapped = NULL;
644
+
uint32_t in_len = params->in_len;
645
+
int r;
646
+
647
+
pr_devel("==>%s()\n", __func__);
648
+
649
+
if (strcmp(params->encoding, "pkcs1"))
650
+
return -ENOPKG;
651
+
652
+
if (params->hash_algo) {
653
+
const struct asn1_template *asn1 =
654
+
lookup_asn1(params->hash_algo);
655
+
656
+
if (!asn1)
657
+
return -ENOPKG;
658
+
659
+
/* request enough space for the ASN.1 template + input hash */
660
+
asn1_wrapped = kzalloc(in_len + asn1->size, GFP_KERNEL);
661
+
if (!asn1_wrapped)
662
+
return -ENOMEM;
663
+
664
+
/* Copy ASN.1 template, then the input */
665
+
memcpy(asn1_wrapped, asn1->data, asn1->size);
666
+
memcpy(asn1_wrapped + asn1->size, in, in_len);
667
+
668
+
in = asn1_wrapped;
669
+
in_len += asn1->size;
670
+
}
671
+
672
+
if (in_len > tk->key_len / 8 - 11) {
673
+
r = -EOVERFLOW;
674
+
goto error_free_asn1_wrapped;
675
+
}
676
+
677
+
r = -ENOMEM;
678
+
tb = kzalloc(sizeof(*tb), GFP_KERNEL);
679
+
if (!tb)
680
+
goto error_free_asn1_wrapped;
681
+
682
+
/* TODO: Handle a non-all zero SRK authorization */
683
+
memset(srkauth, 0, sizeof(srkauth));
684
+
685
+
r = tpm_loadkey2(tb, SRKHANDLE, srkauth,
686
+
tk->blob, tk->blob_len, &keyhandle);
687
+
if (r < 0) {
688
+
pr_devel("loadkey2 failed (%d)\n", r);
689
+
goto error_free_tb;
690
+
}
691
+
692
+
/* TODO: Handle a non-all zero key authorization */
693
+
memset(keyauth, 0, sizeof(keyauth));
694
+
695
+
r = tpm_sign(tb, keyhandle, keyauth, in, in_len, out, params->out_len);
696
+
if (r < 0)
697
+
pr_devel("tpm_sign failed (%d)\n", r);
698
+
699
+
if (tpm_flushspecific(tb, keyhandle) < 0)
700
+
pr_devel("flushspecific failed (%d)\n", r);
701
+
702
+
error_free_tb:
703
+
kzfree(tb);
704
+
error_free_asn1_wrapped:
705
+
kfree(asn1_wrapped);
706
+
pr_devel("<==%s() = %d\n", __func__, r);
707
+
return r;
708
+
}
709
+
710
+
/*
711
+
* Do encryption, decryption and signing ops.
712
+
*/
713
+
static int tpm_key_eds_op(struct kernel_pkey_params *params,
714
+
const void *in, void *out)
715
+
{
716
+
struct tpm_key *tk = params->key->payload.data[asym_crypto];
717
+
int ret = -EOPNOTSUPP;
718
+
719
+
/* Perform the encryption calculation. */
720
+
switch (params->op) {
721
+
case kernel_pkey_encrypt:
722
+
ret = tpm_key_encrypt(tk, params, in, out);
723
+
break;
724
+
case kernel_pkey_decrypt:
725
+
ret = tpm_key_decrypt(tk, params, in, out);
726
+
break;
727
+
case kernel_pkey_sign:
728
+
ret = tpm_key_sign(tk, params, in, out);
729
+
break;
730
+
default:
731
+
BUG();
732
+
}
733
+
734
+
return ret;
735
+
}
736
+
737
+
/*
738
+
* Verify a signature using a public key.
739
+
*/
740
+
static int tpm_key_verify_signature(const struct key *key,
741
+
const struct public_key_signature *sig)
742
+
{
743
+
const struct tpm_key *tk = key->payload.data[asym_crypto];
744
+
struct crypto_wait cwait;
745
+
struct crypto_akcipher *tfm;
746
+
struct akcipher_request *req;
747
+
struct scatterlist sig_sg, digest_sg;
748
+
char alg_name[CRYPTO_MAX_ALG_NAME];
749
+
uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
750
+
uint32_t der_pub_key_len;
751
+
void *output;
752
+
unsigned int outlen;
753
+
int ret;
754
+
755
+
pr_devel("==>%s()\n", __func__);
756
+
757
+
BUG_ON(!tk);
758
+
BUG_ON(!sig);
759
+
BUG_ON(!sig->s);
760
+
761
+
if (!sig->digest)
762
+
return -ENOPKG;
763
+
764
+
ret = determine_akcipher(sig->encoding, sig->hash_algo, alg_name);
765
+
if (ret < 0)
766
+
return ret;
767
+
768
+
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
769
+
if (IS_ERR(tfm))
770
+
return PTR_ERR(tfm);
771
+
772
+
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
773
+
der_pub_key);
774
+
775
+
ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
776
+
if (ret < 0)
777
+
goto error_free_tfm;
778
+
779
+
ret = -ENOMEM;
780
+
req = akcipher_request_alloc(tfm, GFP_KERNEL);
781
+
if (!req)
782
+
goto error_free_tfm;
783
+
784
+
ret = -ENOMEM;
785
+
outlen = crypto_akcipher_maxsize(tfm);
786
+
output = kmalloc(outlen, GFP_KERNEL);
787
+
if (!output)
788
+
goto error_free_req;
789
+
790
+
sg_init_one(&sig_sg, sig->s, sig->s_size);
791
+
sg_init_one(&digest_sg, output, outlen);
792
+
akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
793
+
outlen);
794
+
crypto_init_wait(&cwait);
795
+
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
796
+
CRYPTO_TFM_REQ_MAY_SLEEP,
797
+
crypto_req_done, &cwait);
798
+
799
+
/* Perform the verification calculation. This doesn't actually do the
800
+
* verification, but rather calculates the hash expected by the
801
+
* signature and returns that to us.
802
+
*/
803
+
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
804
+
if (ret)
805
+
goto out_free_output;
806
+
807
+
/* Do the actual verification step. */
808
+
if (req->dst_len != sig->digest_size ||
809
+
memcmp(sig->digest, output, sig->digest_size) != 0)
810
+
ret = -EKEYREJECTED;
811
+
812
+
out_free_output:
813
+
kfree(output);
814
+
error_free_req:
815
+
akcipher_request_free(req);
816
+
error_free_tfm:
817
+
crypto_free_akcipher(tfm);
818
+
pr_devel("<==%s() = %d\n", __func__, ret);
819
+
if (WARN_ON_ONCE(ret > 0))
820
+
ret = -EINVAL;
821
+
return ret;
822
+
}
823
+
824
+
/*
825
+
* Parse enough information out of TPM_KEY structure:
826
+
* TPM_STRUCT_VER -> 4 bytes
827
+
* TPM_KEY_USAGE -> 2 bytes
828
+
* TPM_KEY_FLAGS -> 4 bytes
829
+
* TPM_AUTH_DATA_USAGE -> 1 byte
830
+
* TPM_KEY_PARMS -> variable
831
+
* UINT32 PCRInfoSize -> 4 bytes
832
+
* BYTE* -> PCRInfoSize bytes
833
+
* TPM_STORE_PUBKEY
834
+
* UINT32 encDataSize;
835
+
* BYTE* -> encDataSize;
836
+
*
837
+
* TPM_KEY_PARMS:
838
+
* TPM_ALGORITHM_ID -> 4 bytes
839
+
* TPM_ENC_SCHEME -> 2 bytes
840
+
* TPM_SIG_SCHEME -> 2 bytes
841
+
* UINT32 parmSize -> 4 bytes
842
+
* BYTE* -> variable
843
+
*/
844
+
static int extract_key_parameters(struct tpm_key *tk)
845
+
{
846
+
const void *cur = tk->blob;
847
+
uint32_t len = tk->blob_len;
848
+
const void *pub_key;
849
+
uint32_t sz;
850
+
uint32_t key_len;
851
+
852
+
if (len < 11)
853
+
return -EBADMSG;
854
+
855
+
/* Ensure this is a legacy key */
856
+
if (get_unaligned_be16(cur + 4) != 0x0015)
857
+
return -EBADMSG;
858
+
859
+
/* Skip to TPM_KEY_PARMS */
860
+
cur += 11;
861
+
len -= 11;
862
+
863
+
if (len < 12)
864
+
return -EBADMSG;
865
+
866
+
/* Make sure this is an RSA key */
867
+
if (get_unaligned_be32(cur) != 0x00000001)
868
+
return -EBADMSG;
869
+
870
+
/* Make sure this is TPM_ES_RSAESPKCSv15 encoding scheme */
871
+
if (get_unaligned_be16(cur + 4) != 0x0002)
872
+
return -EBADMSG;
873
+
874
+
/* Make sure this is TPM_SS_RSASSAPKCS1v15_DER signature scheme */
875
+
if (get_unaligned_be16(cur + 6) != 0x0003)
876
+
return -EBADMSG;
877
+
878
+
sz = get_unaligned_be32(cur + 8);
879
+
if (len < sz + 12)
880
+
return -EBADMSG;
881
+
882
+
/* Move to TPM_RSA_KEY_PARMS */
883
+
len -= 12;
884
+
cur += 12;
885
+
886
+
/* Grab the RSA key length */
887
+
key_len = get_unaligned_be32(cur);
888
+
889
+
switch (key_len) {
890
+
case 512:
891
+
case 1024:
892
+
case 1536:
893
+
case 2048:
894
+
break;
895
+
default:
896
+
return -EINVAL;
897
+
}
898
+
899
+
/* Move just past TPM_KEY_PARMS */
900
+
cur += sz;
901
+
len -= sz;
902
+
903
+
if (len < 4)
904
+
return -EBADMSG;
905
+
906
+
sz = get_unaligned_be32(cur);
907
+
if (len < 4 + sz)
908
+
return -EBADMSG;
909
+
910
+
/* Move to TPM_STORE_PUBKEY */
911
+
cur += 4 + sz;
912
+
len -= 4 + sz;
913
+
914
+
/* Grab the size of the public key, it should jive with the key size */
915
+
sz = get_unaligned_be32(cur);
916
+
if (sz > 256)
917
+
return -EINVAL;
918
+
919
+
pub_key = cur + 4;
920
+
921
+
tk->key_len = key_len;
922
+
tk->pub_key = pub_key;
923
+
tk->pub_key_len = sz;
924
+
925
+
return 0;
926
+
}
927
+
928
+
/* Given the blob, parse it and load it into the TPM */
929
+
struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len)
930
+
{
931
+
int r;
932
+
struct tpm_key *tk;
933
+
934
+
r = tpm_is_tpm2(NULL);
935
+
if (r < 0)
936
+
goto error;
937
+
938
+
/* We don't support TPM2 yet */
939
+
if (r > 0) {
940
+
r = -ENODEV;
941
+
goto error;
942
+
}
943
+
944
+
r = -ENOMEM;
945
+
tk = kzalloc(sizeof(struct tpm_key), GFP_KERNEL);
946
+
if (!tk)
947
+
goto error;
948
+
949
+
tk->blob = kmemdup(blob, blob_len, GFP_KERNEL);
950
+
if (!tk->blob)
951
+
goto error_memdup;
952
+
953
+
tk->blob_len = blob_len;
954
+
955
+
r = extract_key_parameters(tk);
956
+
if (r < 0)
957
+
goto error_extract;
958
+
959
+
return tk;
960
+
961
+
error_extract:
962
+
kfree(tk->blob);
963
+
tk->blob_len = 0;
964
+
error_memdup:
965
+
kfree(tk);
966
+
error:
967
+
return ERR_PTR(r);
968
+
}
969
+
EXPORT_SYMBOL_GPL(tpm_key_create);
970
+
971
+
/*
972
+
* TPM-based asymmetric key subtype
973
+
*/
974
+
struct asymmetric_key_subtype asym_tpm_subtype = {
975
+
.owner = THIS_MODULE,
976
+
.name = "asym_tpm",
977
+
.name_len = sizeof("asym_tpm") - 1,
978
+
.describe = asym_tpm_describe,
979
+
.destroy = asym_tpm_destroy,
980
+
.query = tpm_key_query,
981
+
.eds_op = tpm_key_eds_op,
982
+
.verify_signature = tpm_key_verify_signature,
983
+
};
984
+
EXPORT_SYMBOL_GPL(asym_tpm_subtype);
985
+
986
+
MODULE_DESCRIPTION("TPM based asymmetric key subtype");
987
+
MODULE_AUTHOR("Intel Corporation");
988
+
MODULE_LICENSE("GPL v2");
+3
crypto/asymmetric_keys/asymmetric_keys.h
+3
crypto/asymmetric_keys/asymmetric_keys.h
+43
crypto/asymmetric_keys/asymmetric_type.c
+43
crypto/asymmetric_keys/asymmetric_type.c
···
18
18
#include <linux/slab.h>
19
19
#include <linux/ctype.h>
20
20
#include <keys/system_keyring.h>
21
+
#include <keys/user-type.h>
21
22
#include "asymmetric_keys.h"
22
23
23
24
MODULE_LICENSE("GPL");
···
539
538
return ret;
540
539
}
541
540
541
+
int asymmetric_key_eds_op(struct kernel_pkey_params *params,
542
+
const void *in, void *out)
543
+
{
544
+
const struct asymmetric_key_subtype *subtype;
545
+
struct key *key = params->key;
546
+
int ret;
547
+
548
+
pr_devel("==>%s()\n", __func__);
549
+
550
+
if (key->type != &key_type_asymmetric)
551
+
return -EINVAL;
552
+
subtype = asymmetric_key_subtype(key);
553
+
if (!subtype ||
554
+
!key->payload.data[0])
555
+
return -EINVAL;
556
+
if (!subtype->eds_op)
557
+
return -ENOTSUPP;
558
+
559
+
ret = subtype->eds_op(params, in, out);
560
+
561
+
pr_devel("<==%s() = %d\n", __func__, ret);
562
+
return ret;
563
+
}
564
+
565
+
static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
566
+
const void *in, const void *in2)
567
+
{
568
+
struct public_key_signature sig = {
569
+
.s_size = params->in2_len,
570
+
.digest_size = params->in_len,
571
+
.encoding = params->encoding,
572
+
.hash_algo = params->hash_algo,
573
+
.digest = (void *)in,
574
+
.s = (void *)in2,
575
+
};
576
+
577
+
return verify_signature(params->key, &sig);
578
+
}
579
+
542
580
struct key_type key_type_asymmetric = {
543
581
.name = "asymmetric",
544
582
.preparse = asymmetric_key_preparse,
···
588
548
.destroy = asymmetric_key_destroy,
589
549
.describe = asymmetric_key_describe,
590
550
.lookup_restriction = asymmetric_lookup_restriction,
551
+
.asym_query = query_asymmetric_key,
552
+
.asym_eds_op = asymmetric_key_eds_op,
553
+
.asym_verify_signature = asymmetric_key_verify_signature,
591
554
};
592
555
EXPORT_SYMBOL_GPL(key_type_asymmetric);
593
556
+1
crypto/asymmetric_keys/pkcs7_parser.c
+1
crypto/asymmetric_keys/pkcs7_parser.c
+24
crypto/asymmetric_keys/pkcs8.asn1
+24
crypto/asymmetric_keys/pkcs8.asn1
···
1
+
--
2
+
-- This is the unencrypted variant
3
+
--
4
+
PrivateKeyInfo ::= SEQUENCE {
5
+
version Version,
6
+
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
7
+
privateKey PrivateKey,
8
+
attributes [0] IMPLICIT Attributes OPTIONAL
9
+
}
10
+
11
+
Version ::= INTEGER ({ pkcs8_note_version })
12
+
13
+
PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier ({ pkcs8_note_algo })
14
+
15
+
PrivateKey ::= OCTET STRING ({ pkcs8_note_key })
16
+
17
+
Attributes ::= SET OF Attribute
18
+
19
+
Attribute ::= ANY
20
+
21
+
AlgorithmIdentifier ::= SEQUENCE {
22
+
algorithm OBJECT IDENTIFIER ({ pkcs8_note_OID }),
23
+
parameters ANY OPTIONAL
24
+
}
+184
crypto/asymmetric_keys/pkcs8_parser.c
+184
crypto/asymmetric_keys/pkcs8_parser.c
···
1
+
/* PKCS#8 Private Key parser [RFC 5208].
2
+
*
3
+
* Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4
+
* Written by David Howells (dhowells@redhat.com)
5
+
*
6
+
* This program is free software; you can redistribute it and/or
7
+
* modify it under the terms of the GNU General Public Licence
8
+
* as published by the Free Software Foundation; either version
9
+
* 2 of the Licence, or (at your option) any later version.
10
+
*/
11
+
12
+
#define pr_fmt(fmt) "PKCS8: "fmt
13
+
#include <linux/module.h>
14
+
#include <linux/kernel.h>
15
+
#include <linux/export.h>
16
+
#include <linux/slab.h>
17
+
#include <linux/err.h>
18
+
#include <linux/oid_registry.h>
19
+
#include <keys/asymmetric-subtype.h>
20
+
#include <keys/asymmetric-parser.h>
21
+
#include <crypto/public_key.h>
22
+
#include "pkcs8.asn1.h"
23
+
24
+
struct pkcs8_parse_context {
25
+
struct public_key *pub;
26
+
unsigned long data; /* Start of data */
27
+
enum OID last_oid; /* Last OID encountered */
28
+
enum OID algo_oid; /* Algorithm OID */
29
+
u32 key_size;
30
+
const void *key;
31
+
};
32
+
33
+
/*
34
+
* Note an OID when we find one for later processing when we know how to
35
+
* interpret it.
36
+
*/
37
+
int pkcs8_note_OID(void *context, size_t hdrlen,
38
+
unsigned char tag,
39
+
const void *value, size_t vlen)
40
+
{
41
+
struct pkcs8_parse_context *ctx = context;
42
+
43
+
ctx->last_oid = look_up_OID(value, vlen);
44
+
if (ctx->last_oid == OID__NR) {
45
+
char buffer[50];
46
+
47
+
sprint_oid(value, vlen, buffer, sizeof(buffer));
48
+
pr_info("Unknown OID: [%lu] %s\n",
49
+
(unsigned long)value - ctx->data, buffer);
50
+
}
51
+
return 0;
52
+
}
53
+
54
+
/*
55
+
* Note the version number of the ASN.1 blob.
56
+
*/
57
+
int pkcs8_note_version(void *context, size_t hdrlen,
58
+
unsigned char tag,
59
+
const void *value, size_t vlen)
60
+
{
61
+
if (vlen != 1 || ((const u8 *)value)[0] != 0) {
62
+
pr_warn("Unsupported PKCS#8 version\n");
63
+
return -EBADMSG;
64
+
}
65
+
return 0;
66
+
}
67
+
68
+
/*
69
+
* Note the public algorithm.
70
+
*/
71
+
int pkcs8_note_algo(void *context, size_t hdrlen,
72
+
unsigned char tag,
73
+
const void *value, size_t vlen)
74
+
{
75
+
struct pkcs8_parse_context *ctx = context;
76
+
77
+
if (ctx->last_oid != OID_rsaEncryption)
78
+
return -ENOPKG;
79
+
80
+
ctx->pub->pkey_algo = "rsa";
81
+
return 0;
82
+
}
83
+
84
+
/*
85
+
* Note the key data of the ASN.1 blob.
86
+
*/
87
+
int pkcs8_note_key(void *context, size_t hdrlen,
88
+
unsigned char tag,
89
+
const void *value, size_t vlen)
90
+
{
91
+
struct pkcs8_parse_context *ctx = context;
92
+
93
+
ctx->key = value;
94
+
ctx->key_size = vlen;
95
+
return 0;
96
+
}
97
+
98
+
/*
99
+
* Parse a PKCS#8 private key blob.
100
+
*/
101
+
static struct public_key *pkcs8_parse(const void *data, size_t datalen)
102
+
{
103
+
struct pkcs8_parse_context ctx;
104
+
struct public_key *pub;
105
+
long ret;
106
+
107
+
memset(&ctx, 0, sizeof(ctx));
108
+
109
+
ret = -ENOMEM;
110
+
ctx.pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
111
+
if (!ctx.pub)
112
+
goto error;
113
+
114
+
ctx.data = (unsigned long)data;
115
+
116
+
/* Attempt to decode the private key */
117
+
ret = asn1_ber_decoder(&pkcs8_decoder, &ctx, data, datalen);
118
+
if (ret < 0)
119
+
goto error_decode;
120
+
121
+
ret = -ENOMEM;
122
+
pub = ctx.pub;
123
+
pub->key = kmemdup(ctx.key, ctx.key_size, GFP_KERNEL);
124
+
if (!pub->key)
125
+
goto error_decode;
126
+
127
+
pub->keylen = ctx.key_size;
128
+
pub->key_is_private = true;
129
+
return pub;
130
+
131
+
error_decode:
132
+
kfree(ctx.pub);
133
+
error:
134
+
return ERR_PTR(ret);
135
+
}
136
+
137
+
/*
138
+
* Attempt to parse a data blob for a key as a PKCS#8 private key.
139
+
*/
140
+
static int pkcs8_key_preparse(struct key_preparsed_payload *prep)
141
+
{
142
+
struct public_key *pub;
143
+
144
+
pub = pkcs8_parse(prep->data, prep->datalen);
145
+
if (IS_ERR(pub))
146
+
return PTR_ERR(pub);
147
+
148
+
pr_devel("Cert Key Algo: %s\n", pub->pkey_algo);
149
+
pub->id_type = "PKCS8";
150
+
151
+
/* We're pinning the module by being linked against it */
152
+
__module_get(public_key_subtype.owner);
153
+
prep->payload.data[asym_subtype] = &public_key_subtype;
154
+
prep->payload.data[asym_key_ids] = NULL;
155
+
prep->payload.data[asym_crypto] = pub;
156
+
prep->payload.data[asym_auth] = NULL;
157
+
prep->quotalen = 100;
158
+
return 0;
159
+
}
160
+
161
+
static struct asymmetric_key_parser pkcs8_key_parser = {
162
+
.owner = THIS_MODULE,
163
+
.name = "pkcs8",
164
+
.parse = pkcs8_key_preparse,
165
+
};
166
+
167
+
/*
168
+
* Module stuff
169
+
*/
170
+
static int __init pkcs8_key_init(void)
171
+
{
172
+
return register_asymmetric_key_parser(&pkcs8_key_parser);
173
+
}
174
+
175
+
static void __exit pkcs8_key_exit(void)
176
+
{
177
+
unregister_asymmetric_key_parser(&pkcs8_key_parser);
178
+
}
179
+
180
+
module_init(pkcs8_key_init);
181
+
module_exit(pkcs8_key_exit);
182
+
183
+
MODULE_DESCRIPTION("PKCS#8 certificate parser");
184
+
MODULE_LICENSE("GPL");
+173
-18
crypto/asymmetric_keys/public_key.c
+173
-18
crypto/asymmetric_keys/public_key.c
···
60
60
}
61
61
62
62
/*
63
+
* Determine the crypto algorithm name.
64
+
*/
65
+
static
66
+
int software_key_determine_akcipher(const char *encoding,
67
+
const char *hash_algo,
68
+
const struct public_key *pkey,
69
+
char alg_name[CRYPTO_MAX_ALG_NAME])
70
+
{
71
+
int n;
72
+
73
+
if (strcmp(encoding, "pkcs1") == 0) {
74
+
/* The data wangled by the RSA algorithm is typically padded
75
+
* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
76
+
* sec 8.2].
77
+
*/
78
+
if (!hash_algo)
79
+
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
80
+
"pkcs1pad(%s)",
81
+
pkey->pkey_algo);
82
+
else
83
+
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
84
+
"pkcs1pad(%s,%s)",
85
+
pkey->pkey_algo, hash_algo);
86
+
return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
87
+
}
88
+
89
+
if (strcmp(encoding, "raw") == 0) {
90
+
strcpy(alg_name, pkey->pkey_algo);
91
+
return 0;
92
+
}
93
+
94
+
return -ENOPKG;
95
+
}
96
+
97
+
/*
98
+
* Query information about a key.
99
+
*/
100
+
static int software_key_query(const struct kernel_pkey_params *params,
101
+
struct kernel_pkey_query *info)
102
+
{
103
+
struct crypto_akcipher *tfm;
104
+
struct public_key *pkey = params->key->payload.data[asym_crypto];
105
+
char alg_name[CRYPTO_MAX_ALG_NAME];
106
+
int ret, len;
107
+
108
+
ret = software_key_determine_akcipher(params->encoding,
109
+
params->hash_algo,
110
+
pkey, alg_name);
111
+
if (ret < 0)
112
+
return ret;
113
+
114
+
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
115
+
if (IS_ERR(tfm))
116
+
return PTR_ERR(tfm);
117
+
118
+
if (pkey->key_is_private)
119
+
ret = crypto_akcipher_set_priv_key(tfm,
120
+
pkey->key, pkey->keylen);
121
+
else
122
+
ret = crypto_akcipher_set_pub_key(tfm,
123
+
pkey->key, pkey->keylen);
124
+
if (ret < 0)
125
+
goto error_free_tfm;
126
+
127
+
len = crypto_akcipher_maxsize(tfm);
128
+
info->key_size = len * 8;
129
+
info->max_data_size = len;
130
+
info->max_sig_size = len;
131
+
info->max_enc_size = len;
132
+
info->max_dec_size = len;
133
+
info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
134
+
KEYCTL_SUPPORTS_VERIFY);
135
+
if (pkey->key_is_private)
136
+
info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
137
+
KEYCTL_SUPPORTS_SIGN);
138
+
ret = 0;
139
+
140
+
error_free_tfm:
141
+
crypto_free_akcipher(tfm);
142
+
pr_devel("<==%s() = %d\n", __func__, ret);
143
+
return ret;
144
+
}
145
+
146
+
/*
147
+
* Do encryption, decryption and signing ops.
148
+
*/
149
+
static int software_key_eds_op(struct kernel_pkey_params *params,
150
+
const void *in, void *out)
151
+
{
152
+
const struct public_key *pkey = params->key->payload.data[asym_crypto];
153
+
struct akcipher_request *req;
154
+
struct crypto_akcipher *tfm;
155
+
struct crypto_wait cwait;
156
+
struct scatterlist in_sg, out_sg;
157
+
char alg_name[CRYPTO_MAX_ALG_NAME];
158
+
int ret;
159
+
160
+
pr_devel("==>%s()\n", __func__);
161
+
162
+
ret = software_key_determine_akcipher(params->encoding,
163
+
params->hash_algo,
164
+
pkey, alg_name);
165
+
if (ret < 0)
166
+
return ret;
167
+
168
+
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
169
+
if (IS_ERR(tfm))
170
+
return PTR_ERR(tfm);
171
+
172
+
req = akcipher_request_alloc(tfm, GFP_KERNEL);
173
+
if (!req)
174
+
goto error_free_tfm;
175
+
176
+
if (pkey->key_is_private)
177
+
ret = crypto_akcipher_set_priv_key(tfm,
178
+
pkey->key, pkey->keylen);
179
+
else
180
+
ret = crypto_akcipher_set_pub_key(tfm,
181
+
pkey->key, pkey->keylen);
182
+
if (ret)
183
+
goto error_free_req;
184
+
185
+
sg_init_one(&in_sg, in, params->in_len);
186
+
sg_init_one(&out_sg, out, params->out_len);
187
+
akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
188
+
params->out_len);
189
+
crypto_init_wait(&cwait);
190
+
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
191
+
CRYPTO_TFM_REQ_MAY_SLEEP,
192
+
crypto_req_done, &cwait);
193
+
194
+
/* Perform the encryption calculation. */
195
+
switch (params->op) {
196
+
case kernel_pkey_encrypt:
197
+
ret = crypto_akcipher_encrypt(req);
198
+
break;
199
+
case kernel_pkey_decrypt:
200
+
ret = crypto_akcipher_decrypt(req);
201
+
break;
202
+
case kernel_pkey_sign:
203
+
ret = crypto_akcipher_sign(req);
204
+
break;
205
+
default:
206
+
BUG();
207
+
}
208
+
209
+
ret = crypto_wait_req(ret, &cwait);
210
+
if (ret == 0)
211
+
ret = req->dst_len;
212
+
213
+
error_free_req:
214
+
akcipher_request_free(req);
215
+
error_free_tfm:
216
+
crypto_free_akcipher(tfm);
217
+
pr_devel("<==%s() = %d\n", __func__, ret);
218
+
return ret;
219
+
}
220
+
221
+
/*
63
222
* Verify a signature using a public key.
64
223
*/
65
224
int public_key_verify_signature(const struct public_key *pkey,
···
228
69
struct crypto_akcipher *tfm;
229
70
struct akcipher_request *req;
230
71
struct scatterlist sig_sg, digest_sg;
231
-
const char *alg_name;
232
-
char alg_name_buf[CRYPTO_MAX_ALG_NAME];
72
+
char alg_name[CRYPTO_MAX_ALG_NAME];
233
73
void *output;
234
74
unsigned int outlen;
235
75
int ret;
···
239
81
BUG_ON(!sig);
240
82
BUG_ON(!sig->s);
241
83
242
-
if (!sig->digest)
243
-
return -ENOPKG;
244
-
245
-
alg_name = sig->pkey_algo;
246
-
if (strcmp(sig->pkey_algo, "rsa") == 0) {
247
-
/* The data wangled by the RSA algorithm is typically padded
248
-
* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
249
-
* sec 8.2].
250
-
*/
251
-
if (snprintf(alg_name_buf, CRYPTO_MAX_ALG_NAME,
252
-
"pkcs1pad(rsa,%s)", sig->hash_algo
253
-
) >= CRYPTO_MAX_ALG_NAME)
254
-
return -EINVAL;
255
-
alg_name = alg_name_buf;
256
-
}
84
+
ret = software_key_determine_akcipher(sig->encoding,
85
+
sig->hash_algo,
86
+
pkey, alg_name);
87
+
if (ret < 0)
88
+
return ret;
257
89
258
90
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
259
91
if (IS_ERR(tfm))
···
254
106
if (!req)
255
107
goto error_free_tfm;
256
108
257
-
ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen);
109
+
if (pkey->key_is_private)
110
+
ret = crypto_akcipher_set_priv_key(tfm,
111
+
pkey->key, pkey->keylen);
112
+
else
113
+
ret = crypto_akcipher_set_pub_key(tfm,
114
+
pkey->key, pkey->keylen);
258
115
if (ret)
259
116
goto error_free_req;
260
117
···
320
167
.name_len = sizeof("public_key") - 1,
321
168
.describe = public_key_describe,
322
169
.destroy = public_key_destroy,
170
+
.query = software_key_query,
171
+
.eds_op = software_key_eds_op,
323
172
.verify_signature = public_key_verify_signature_2,
324
173
};
325
174
EXPORT_SYMBOL_GPL(public_key_subtype);
+95
crypto/asymmetric_keys/signature.c
+95
crypto/asymmetric_keys/signature.c
···
16
16
#include <linux/export.h>
17
17
#include <linux/err.h>
18
18
#include <linux/slab.h>
19
+
#include <linux/keyctl.h>
19
20
#include <crypto/public_key.h>
21
+
#include <keys/user-type.h>
20
22
#include "asymmetric_keys.h"
21
23
22
24
/*
···
37
35
}
38
36
}
39
37
EXPORT_SYMBOL_GPL(public_key_signature_free);
38
+
39
+
/**
40
+
* query_asymmetric_key - Get information about an aymmetric key.
41
+
* @params: Various parameters.
42
+
* @info: Where to put the information.
43
+
*/
44
+
int query_asymmetric_key(const struct kernel_pkey_params *params,
45
+
struct kernel_pkey_query *info)
46
+
{
47
+
const struct asymmetric_key_subtype *subtype;
48
+
struct key *key = params->key;
49
+
int ret;
50
+
51
+
pr_devel("==>%s()\n", __func__);
52
+
53
+
if (key->type != &key_type_asymmetric)
54
+
return -EINVAL;
55
+
subtype = asymmetric_key_subtype(key);
56
+
if (!subtype ||
57
+
!key->payload.data[0])
58
+
return -EINVAL;
59
+
if (!subtype->query)
60
+
return -ENOTSUPP;
61
+
62
+
ret = subtype->query(params, info);
63
+
64
+
pr_devel("<==%s() = %d\n", __func__, ret);
65
+
return ret;
66
+
}
67
+
EXPORT_SYMBOL_GPL(query_asymmetric_key);
68
+
69
+
/**
70
+
* encrypt_blob - Encrypt data using an asymmetric key
71
+
* @params: Various parameters
72
+
* @data: Data blob to be encrypted, length params->data_len
73
+
* @enc: Encrypted data buffer, length params->enc_len
74
+
*
75
+
* Encrypt the specified data blob using the private key specified by
76
+
* params->key. The encrypted data is wrapped in an encoding if
77
+
* params->encoding is specified (eg. "pkcs1").
78
+
*
79
+
* Returns the length of the data placed in the encrypted data buffer or an
80
+
* error.
81
+
*/
82
+
int encrypt_blob(struct kernel_pkey_params *params,
83
+
const void *data, void *enc)
84
+
{
85
+
params->op = kernel_pkey_encrypt;
86
+
return asymmetric_key_eds_op(params, data, enc);
87
+
}
88
+
EXPORT_SYMBOL_GPL(encrypt_blob);
89
+
90
+
/**
91
+
* decrypt_blob - Decrypt data using an asymmetric key
92
+
* @params: Various parameters
93
+
* @enc: Encrypted data to be decrypted, length params->enc_len
94
+
* @data: Decrypted data buffer, length params->data_len
95
+
*
96
+
* Decrypt the specified data blob using the private key specified by
97
+
* params->key. The decrypted data is wrapped in an encoding if
98
+
* params->encoding is specified (eg. "pkcs1").
99
+
*
100
+
* Returns the length of the data placed in the decrypted data buffer or an
101
+
* error.
102
+
*/
103
+
int decrypt_blob(struct kernel_pkey_params *params,
104
+
const void *enc, void *data)
105
+
{
106
+
params->op = kernel_pkey_decrypt;
107
+
return asymmetric_key_eds_op(params, enc, data);
108
+
}
109
+
EXPORT_SYMBOL_GPL(decrypt_blob);
110
+
111
+
/**
112
+
* create_signature - Sign some data using an asymmetric key
113
+
* @params: Various parameters
114
+
* @data: Data blob to be signed, length params->data_len
115
+
* @enc: Signature buffer, length params->enc_len
116
+
*
117
+
* Sign the specified data blob using the private key specified by params->key.
118
+
* The signature is wrapped in an encoding if params->encoding is specified
119
+
* (eg. "pkcs1"). If the encoding needs to know the digest type, this can be
120
+
* passed through params->hash_algo (eg. "sha1").
121
+
*
122
+
* Returns the length of the data placed in the signature buffer or an error.
123
+
*/
124
+
int create_signature(struct kernel_pkey_params *params,
125
+
const void *data, void *enc)
126
+
{
127
+
params->op = kernel_pkey_sign;
128
+
return asymmetric_key_eds_op(params, data, enc);
129
+
}
130
+
EXPORT_SYMBOL_GPL(create_signature);
40
131
41
132
/**
42
133
* verify_signature - Initiate the use of an asymmetric key to verify a signature
+5
crypto/asymmetric_keys/tpm.asn1
+5
crypto/asymmetric_keys/tpm.asn1
+102
crypto/asymmetric_keys/tpm_parser.c
+102
crypto/asymmetric_keys/tpm_parser.c
···
1
+
// SPDX-License-Identifier: GPL-2.0
2
+
#define pr_fmt(fmt) "TPM-PARSER: "fmt
3
+
#include <linux/module.h>
4
+
#include <linux/kernel.h>
5
+
#include <linux/export.h>
6
+
#include <linux/slab.h>
7
+
#include <linux/err.h>
8
+
#include <keys/asymmetric-subtype.h>
9
+
#include <keys/asymmetric-parser.h>
10
+
#include <crypto/asym_tpm_subtype.h>
11
+
#include "tpm.asn1.h"
12
+
13
+
struct tpm_parse_context {
14
+
const void *blob;
15
+
u32 blob_len;
16
+
};
17
+
18
+
/*
19
+
* Note the key data of the ASN.1 blob.
20
+
*/
21
+
int tpm_note_key(void *context, size_t hdrlen,
22
+
unsigned char tag,
23
+
const void *value, size_t vlen)
24
+
{
25
+
struct tpm_parse_context *ctx = context;
26
+
27
+
ctx->blob = value;
28
+
ctx->blob_len = vlen;
29
+
30
+
return 0;
31
+
}
32
+
33
+
/*
34
+
* Parse a TPM-encrypted private key blob.
35
+
*/
36
+
static struct tpm_key *tpm_parse(const void *data, size_t datalen)
37
+
{
38
+
struct tpm_parse_context ctx;
39
+
long ret;
40
+
41
+
memset(&ctx, 0, sizeof(ctx));
42
+
43
+
/* Attempt to decode the private key */
44
+
ret = asn1_ber_decoder(&tpm_decoder, &ctx, data, datalen);
45
+
if (ret < 0)
46
+
goto error;
47
+
48
+
return tpm_key_create(ctx.blob, ctx.blob_len);
49
+
50
+
error:
51
+
return ERR_PTR(ret);
52
+
}
53
+
/*
54
+
* Attempt to parse a data blob for a key as a TPM private key blob.
55
+
*/
56
+
static int tpm_key_preparse(struct key_preparsed_payload *prep)
57
+
{
58
+
struct tpm_key *tk;
59
+
60
+
/*
61
+
* TPM 1.2 keys are max 2048 bits long, so assume the blob is no
62
+
* more than 4x that
63
+
*/
64
+
if (prep->datalen > 256 * 4)
65
+
return -EMSGSIZE;
66
+
67
+
tk = tpm_parse(prep->data, prep->datalen);
68
+
69
+
if (IS_ERR(tk))
70
+
return PTR_ERR(tk);
71
+
72
+
/* We're pinning the module by being linked against it */
73
+
__module_get(asym_tpm_subtype.owner);
74
+
prep->payload.data[asym_subtype] = &asym_tpm_subtype;
75
+
prep->payload.data[asym_key_ids] = NULL;
76
+
prep->payload.data[asym_crypto] = tk;
77
+
prep->payload.data[asym_auth] = NULL;
78
+
prep->quotalen = 100;
79
+
return 0;
80
+
}
81
+
82
+
static struct asymmetric_key_parser tpm_key_parser = {
83
+
.owner = THIS_MODULE,
84
+
.name = "tpm_parser",
85
+
.parse = tpm_key_preparse,
86
+
};
87
+
88
+
static int __init tpm_key_init(void)
89
+
{
90
+
return register_asymmetric_key_parser(&tpm_key_parser);
91
+
}
92
+
93
+
static void __exit tpm_key_exit(void)
94
+
{
95
+
unregister_asymmetric_key_parser(&tpm_key_parser);
96
+
}
97
+
98
+
module_init(tpm_key_init);
99
+
module_exit(tpm_key_exit);
100
+
101
+
MODULE_DESCRIPTION("TPM private key-blob parser");
102
+
MODULE_LICENSE("GPL v2");
+9
-12
crypto/asymmetric_keys/x509_cert_parser.c
+9
-12
crypto/asymmetric_keys/x509_cert_parser.c
···
199
199
200
200
case OID_md4WithRSAEncryption:
201
201
ctx->cert->sig->hash_algo = "md4";
202
-
ctx->cert->sig->pkey_algo = "rsa";
203
-
break;
202
+
goto rsa_pkcs1;
204
203
205
204
case OID_sha1WithRSAEncryption:
206
205
ctx->cert->sig->hash_algo = "sha1";
207
-
ctx->cert->sig->pkey_algo = "rsa";
208
-
break;
206
+
goto rsa_pkcs1;
209
207
210
208
case OID_sha256WithRSAEncryption:
211
209
ctx->cert->sig->hash_algo = "sha256";
212
-
ctx->cert->sig->pkey_algo = "rsa";
213
-
break;
210
+
goto rsa_pkcs1;
214
211
215
212
case OID_sha384WithRSAEncryption:
216
213
ctx->cert->sig->hash_algo = "sha384";
217
-
ctx->cert->sig->pkey_algo = "rsa";
218
-
break;
214
+
goto rsa_pkcs1;
219
215
220
216
case OID_sha512WithRSAEncryption:
221
217
ctx->cert->sig->hash_algo = "sha512";
222
-
ctx->cert->sig->pkey_algo = "rsa";
223
-
break;
218
+
goto rsa_pkcs1;
224
219
225
220
case OID_sha224WithRSAEncryption:
226
221
ctx->cert->sig->hash_algo = "sha224";
227
-
ctx->cert->sig->pkey_algo = "rsa";
228
-
break;
222
+
goto rsa_pkcs1;
229
223
}
230
224
225
+
rsa_pkcs1:
226
+
ctx->cert->sig->pkey_algo = "rsa";
227
+
ctx->cert->sig->encoding = "pkcs1";
231
228
ctx->algo_oid = ctx->last_oid;
232
229
return 0;
233
230
}
+41
-18
crypto/rsa-pkcs1pad.c
+41
-18
crypto/rsa-pkcs1pad.c
···
392
392
if (!ctx->key_size)
393
393
return -EINVAL;
394
394
395
-
digest_size = digest_info->size;
395
+
if (digest_info)
396
+
digest_size = digest_info->size;
396
397
397
398
if (req->src_len + digest_size > ctx->key_size - 11)
398
399
return -EOVERFLOW;
···
413
412
memset(req_ctx->in_buf + 1, 0xff, ps_end - 1);
414
413
req_ctx->in_buf[ps_end] = 0x00;
415
414
416
-
memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
417
-
digest_info->size);
415
+
if (digest_info)
416
+
memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
417
+
digest_info->size);
418
418
419
419
pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
420
420
ctx->key_size - 1 - req->src_len, req->src);
···
477
475
goto done;
478
476
pos++;
479
477
480
-
if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
481
-
goto done;
478
+
if (digest_info) {
479
+
if (crypto_memneq(out_buf + pos, digest_info->data,
480
+
digest_info->size))
481
+
goto done;
482
482
483
-
pos += digest_info->size;
483
+
pos += digest_info->size;
484
+
}
484
485
485
486
err = 0;
486
487
···
613
608
614
609
hash_name = crypto_attr_alg_name(tb[2]);
615
610
if (IS_ERR(hash_name))
616
-
return PTR_ERR(hash_name);
611
+
hash_name = NULL;
617
612
618
-
digest_info = rsa_lookup_asn1(hash_name);
619
-
if (!digest_info)
620
-
return -EINVAL;
613
+
if (hash_name) {
614
+
digest_info = rsa_lookup_asn1(hash_name);
615
+
if (!digest_info)
616
+
return -EINVAL;
617
+
} else
618
+
digest_info = NULL;
621
619
622
620
inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
623
621
if (!inst)
···
640
632
641
633
err = -ENAMETOOLONG;
642
634
643
-
if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
644
-
"pkcs1pad(%s,%s)", rsa_alg->base.cra_name, hash_name) >=
645
-
CRYPTO_MAX_ALG_NAME ||
646
-
snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
647
-
"pkcs1pad(%s,%s)",
648
-
rsa_alg->base.cra_driver_name, hash_name) >=
649
-
CRYPTO_MAX_ALG_NAME)
650
-
goto out_drop_alg;
635
+
if (!hash_name) {
636
+
if (snprintf(inst->alg.base.cra_name,
637
+
CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)",
638
+
rsa_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
639
+
goto out_drop_alg;
640
+
641
+
if (snprintf(inst->alg.base.cra_driver_name,
642
+
CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)",
643
+
rsa_alg->base.cra_driver_name) >=
644
+
CRYPTO_MAX_ALG_NAME)
645
+
goto out_drop_alg;
646
+
} else {
647
+
if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
648
+
"pkcs1pad(%s,%s)", rsa_alg->base.cra_name,
649
+
hash_name) >= CRYPTO_MAX_ALG_NAME)
650
+
goto out_drop_alg;
651
+
652
+
if (snprintf(inst->alg.base.cra_driver_name,
653
+
CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s,%s)",
654
+
rsa_alg->base.cra_driver_name,
655
+
hash_name) >= CRYPTO_MAX_ALG_NAME)
656
+
goto out_drop_alg;
657
+
}
651
658
652
659
inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC;
653
660
inst->alg.base.cra_priority = rsa_alg->base.cra_priority;
+19
include/crypto/asym_tpm_subtype.h
+19
include/crypto/asym_tpm_subtype.h
···
1
+
// SPDX-License-Identifier: GPL-2.0
2
+
#ifndef _LINUX_ASYM_TPM_SUBTYPE_H
3
+
#define _LINUX_ASYM_TPM_SUBTYPE_H
4
+
5
+
#include <linux/keyctl.h>
6
+
7
+
struct tpm_key {
8
+
void *blob;
9
+
u32 blob_len;
10
+
uint16_t key_len; /* Size in bits of the key */
11
+
const void *pub_key; /* pointer inside blob to the public key bytes */
12
+
uint16_t pub_key_len; /* length of the public key */
13
+
};
14
+
15
+
struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len);
16
+
17
+
extern struct asymmetric_key_subtype asym_tpm_subtype;
18
+
19
+
#endif /* _LINUX_ASYM_TPM_SUBTYPE_H */
+12
-2
include/crypto/public_key.h
+12
-2
include/crypto/public_key.h
···
14
14
#ifndef _LINUX_PUBLIC_KEY_H
15
15
#define _LINUX_PUBLIC_KEY_H
16
16
17
+
#include <linux/keyctl.h>
18
+
17
19
/*
18
20
* Cryptographic data for the public-key subtype of the asymmetric key type.
19
21
*
···
25
23
struct public_key {
26
24
void *key;
27
25
u32 keylen;
26
+
bool key_is_private;
28
27
const char *id_type;
29
28
const char *pkey_algo;
30
29
};
···
43
40
u8 digest_size; /* Number of bytes in digest */
44
41
const char *pkey_algo;
45
42
const char *hash_algo;
43
+
const char *encoding;
46
44
};
47
45
48
46
extern void public_key_signature_free(struct public_key_signature *sig);
···
69
65
const union key_payload *payload,
70
66
struct key *trusted);
71
67
72
-
extern int verify_signature(const struct key *key,
73
-
const struct public_key_signature *sig);
68
+
extern int query_asymmetric_key(const struct kernel_pkey_params *,
69
+
struct kernel_pkey_query *);
70
+
71
+
extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
72
+
extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
73
+
extern int create_signature(struct kernel_pkey_params *, const void *, void *);
74
+
extern int verify_signature(const struct key *,
75
+
const struct public_key_signature *);
74
76
75
77
int public_key_verify_signature(const struct public_key *pkey,
76
78
const struct public_key_signature *sig);
+9
include/keys/asymmetric-subtype.h
+9
include/keys/asymmetric-subtype.h
···
17
17
#include <linux/seq_file.h>
18
18
#include <keys/asymmetric-type.h>
19
19
20
+
struct kernel_pkey_query;
21
+
struct kernel_pkey_params;
20
22
struct public_key_signature;
21
23
22
24
/*
···
35
33
36
34
/* Destroy a key of this subtype */
37
35
void (*destroy)(void *payload_crypto, void *payload_auth);
36
+
37
+
int (*query)(const struct kernel_pkey_params *params,
38
+
struct kernel_pkey_query *info);
39
+
40
+
/* Encrypt/decrypt/sign data */
41
+
int (*eds_op)(struct kernel_pkey_params *params,
42
+
const void *in, void *out);
38
43
39
44
/* Verify the signature on a key of this subtype (optional) */
40
45
int (*verify_signature)(const struct key *key,
+11
include/linux/key-type.h
+11
include/linux/key-type.h
···
17
17
18
18
#ifdef CONFIG_KEYS
19
19
20
+
struct kernel_pkey_query;
21
+
struct kernel_pkey_params;
22
+
20
23
/*
21
24
* key under-construction record
22
25
* - passed to the request_key actor if supplied
···
157
154
* - should return -EINVAL if the restriction is unknown
158
155
*/
159
156
struct key_restriction *(*lookup_restriction)(const char *params);
157
+
158
+
/* Asymmetric key accessor functions. */
159
+
int (*asym_query)(const struct kernel_pkey_params *params,
160
+
struct kernel_pkey_query *info);
161
+
int (*asym_eds_op)(struct kernel_pkey_params *params,
162
+
const void *in, void *out);
163
+
int (*asym_verify_signature)(struct kernel_pkey_params *params,
164
+
const void *in, const void *in2);
160
165
161
166
/* internal fields */
162
167
struct list_head link; /* link in types list */
+46
include/linux/keyctl.h
+46
include/linux/keyctl.h
···
1
+
/* keyctl kernel bits
2
+
*
3
+
* Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4
+
* Written by David Howells (dhowells@redhat.com)
5
+
*
6
+
* This program is free software; you can redistribute it and/or
7
+
* modify it under the terms of the GNU General Public Licence
8
+
* as published by the Free Software Foundation; either version
9
+
* 2 of the Licence, or (at your option) any later version.
10
+
*/
11
+
12
+
#ifndef __LINUX_KEYCTL_H
13
+
#define __LINUX_KEYCTL_H
14
+
15
+
#include <uapi/linux/keyctl.h>
16
+
17
+
struct kernel_pkey_query {
18
+
__u32 supported_ops; /* Which ops are supported */
19
+
__u32 key_size; /* Size of the key in bits */
20
+
__u16 max_data_size; /* Maximum size of raw data to sign in bytes */
21
+
__u16 max_sig_size; /* Maximum size of signature in bytes */
22
+
__u16 max_enc_size; /* Maximum size of encrypted blob in bytes */
23
+
__u16 max_dec_size; /* Maximum size of decrypted blob in bytes */
24
+
};
25
+
26
+
enum kernel_pkey_operation {
27
+
kernel_pkey_encrypt,
28
+
kernel_pkey_decrypt,
29
+
kernel_pkey_sign,
30
+
kernel_pkey_verify,
31
+
};
32
+
33
+
struct kernel_pkey_params {
34
+
struct key *key;
35
+
const char *encoding; /* Encoding (eg. "oaep" or "raw" for none) */
36
+
const char *hash_algo; /* Digest algorithm used (eg. "sha1") or NULL if N/A */
37
+
char *info; /* Modified info string to be released later */
38
+
__u32 in_len; /* Input data size */
39
+
union {
40
+
__u32 out_len; /* Output buffer size (enc/dec/sign) */
41
+
__u32 in2_len; /* 2nd input data size (verify) */
42
+
};
43
+
enum kernel_pkey_operation op : 8;
44
+
};
45
+
46
+
#endif /* __LINUX_KEYCTL_H */
+30
include/uapi/linux/keyctl.h
+30
include/uapi/linux/keyctl.h
···
61
61
#define KEYCTL_INVALIDATE 21 /* invalidate a key */
62
62
#define KEYCTL_GET_PERSISTENT 22 /* get a user's persistent keyring */
63
63
#define KEYCTL_DH_COMPUTE 23 /* Compute Diffie-Hellman values */
64
+
#define KEYCTL_PKEY_QUERY 24 /* Query public key parameters */
65
+
#define KEYCTL_PKEY_ENCRYPT 25 /* Encrypt a blob using a public key */
66
+
#define KEYCTL_PKEY_DECRYPT 26 /* Decrypt a blob using a public key */
67
+
#define KEYCTL_PKEY_SIGN 27 /* Create a public key signature */
68
+
#define KEYCTL_PKEY_VERIFY 28 /* Verify a public key signature */
64
69
#define KEYCTL_RESTRICT_KEYRING 29 /* Restrict keys allowed to link to a keyring */
65
70
66
71
/* keyctl structures */
···
85
80
char __user *otherinfo;
86
81
__u32 otherinfolen;
87
82
__u32 __spare[8];
83
+
};
84
+
85
+
#define KEYCTL_SUPPORTS_ENCRYPT 0x01
86
+
#define KEYCTL_SUPPORTS_DECRYPT 0x02
87
+
#define KEYCTL_SUPPORTS_SIGN 0x04
88
+
#define KEYCTL_SUPPORTS_VERIFY 0x08
89
+
90
+
struct keyctl_pkey_query {
91
+
__u32 supported_ops; /* Which ops are supported */
92
+
__u32 key_size; /* Size of the key in bits */
93
+
__u16 max_data_size; /* Maximum size of raw data to sign in bytes */
94
+
__u16 max_sig_size; /* Maximum size of signature in bytes */
95
+
__u16 max_enc_size; /* Maximum size of encrypted blob in bytes */
96
+
__u16 max_dec_size; /* Maximum size of decrypted blob in bytes */
97
+
__u32 __spare[10];
98
+
};
99
+
100
+
struct keyctl_pkey_params {
101
+
__s32 key_id; /* Serial no. of public key to use */
102
+
__u32 in_len; /* Input data size */
103
+
union {
104
+
__u32 out_len; /* Output buffer size (encrypt/decrypt/sign) */
105
+
__u32 in2_len; /* 2nd input data size (verify) */
106
+
};
107
+
__u32 __spare[7];
88
108
};
89
109
90
110
#endif /* _LINUX_KEYCTL_H */
+1
security/keys/Makefile
+1
security/keys/Makefile
+18
security/keys/compat.c
+18
security/keys/compat.c
···
141
141
return keyctl_restrict_keyring(arg2, compat_ptr(arg3),
142
142
compat_ptr(arg4));
143
143
144
+
case KEYCTL_PKEY_QUERY:
145
+
if (arg3 != 0)
146
+
return -EINVAL;
147
+
return keyctl_pkey_query(arg2,
148
+
compat_ptr(arg4),
149
+
compat_ptr(arg5));
150
+
151
+
case KEYCTL_PKEY_ENCRYPT:
152
+
case KEYCTL_PKEY_DECRYPT:
153
+
case KEYCTL_PKEY_SIGN:
154
+
return keyctl_pkey_e_d_s(option,
155
+
compat_ptr(arg2), compat_ptr(arg3),
156
+
compat_ptr(arg4), compat_ptr(arg5));
157
+
158
+
case KEYCTL_PKEY_VERIFY:
159
+
return keyctl_pkey_verify(compat_ptr(arg2), compat_ptr(arg3),
160
+
compat_ptr(arg4), compat_ptr(arg5));
161
+
144
162
default:
145
163
return -EOPNOTSUPP;
146
164
}
+39
security/keys/internal.h
+39
security/keys/internal.h
···
298
298
#endif
299
299
#endif
300
300
301
+
#ifdef CONFIG_ASYMMETRIC_KEY_TYPE
302
+
extern long keyctl_pkey_query(key_serial_t,
303
+
const char __user *,
304
+
struct keyctl_pkey_query __user *);
305
+
306
+
extern long keyctl_pkey_verify(const struct keyctl_pkey_params __user *,
307
+
const char __user *,
308
+
const void __user *, const void __user *);
309
+
310
+
extern long keyctl_pkey_e_d_s(int,
311
+
const struct keyctl_pkey_params __user *,
312
+
const char __user *,
313
+
const void __user *, void __user *);
314
+
#else
315
+
static inline long keyctl_pkey_query(key_serial_t id,
316
+
const char __user *_info,
317
+
struct keyctl_pkey_query __user *_res)
318
+
{
319
+
return -EOPNOTSUPP;
320
+
}
321
+
322
+
static inline long keyctl_pkey_verify(const struct keyctl_pkey_params __user *params,
323
+
const char __user *_info,
324
+
const void __user *_in,
325
+
const void __user *_in2)
326
+
{
327
+
return -EOPNOTSUPP;
328
+
}
329
+
330
+
static inline long keyctl_pkey_e_d_s(int op,
331
+
const struct keyctl_pkey_params __user *params,
332
+
const char __user *_info,
333
+
const void __user *_in,
334
+
void __user *_out)
335
+
{
336
+
return -EOPNOTSUPP;
337
+
}
338
+
#endif
339
+
301
340
/*
302
341
* Debugging key validation
303
342
*/
+24
security/keys/keyctl.c
+24
security/keys/keyctl.c
···
1747
1747
(const char __user *) arg3,
1748
1748
(const char __user *) arg4);
1749
1749
1750
+
case KEYCTL_PKEY_QUERY:
1751
+
if (arg3 != 0)
1752
+
return -EINVAL;
1753
+
return keyctl_pkey_query((key_serial_t)arg2,
1754
+
(const char __user *)arg4,
1755
+
(struct keyctl_pkey_query *)arg5);
1756
+
1757
+
case KEYCTL_PKEY_ENCRYPT:
1758
+
case KEYCTL_PKEY_DECRYPT:
1759
+
case KEYCTL_PKEY_SIGN:
1760
+
return keyctl_pkey_e_d_s(
1761
+
option,
1762
+
(const struct keyctl_pkey_params __user *)arg2,
1763
+
(const char __user *)arg3,
1764
+
(const void __user *)arg4,
1765
+
(void __user *)arg5);
1766
+
1767
+
case KEYCTL_PKEY_VERIFY:
1768
+
return keyctl_pkey_verify(
1769
+
(const struct keyctl_pkey_params __user *)arg2,
1770
+
(const char __user *)arg3,
1771
+
(const void __user *)arg4,
1772
+
(const void __user *)arg5);
1773
+
1750
1774
default:
1751
1775
return -EOPNOTSUPP;
1752
1776
}
+323
security/keys/keyctl_pkey.c
+323
security/keys/keyctl_pkey.c
···
1
+
/* Public-key operation keyctls
2
+
*
3
+
* Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4
+
* Written by David Howells (dhowells@redhat.com)
5
+
*
6
+
* This program is free software; you can redistribute it and/or
7
+
* modify it under the terms of the GNU General Public Licence
8
+
* as published by the Free Software Foundation; either version
9
+
* 2 of the Licence, or (at your option) any later version.
10
+
*/
11
+
12
+
#include <linux/slab.h>
13
+
#include <linux/err.h>
14
+
#include <linux/key.h>
15
+
#include <linux/keyctl.h>
16
+
#include <linux/parser.h>
17
+
#include <linux/uaccess.h>
18
+
#include <keys/user-type.h>
19
+
#include "internal.h"
20
+
21
+
static void keyctl_pkey_params_free(struct kernel_pkey_params *params)
22
+
{
23
+
kfree(params->info);
24
+
key_put(params->key);
25
+
}
26
+
27
+
enum {
28
+
Opt_err = -1,
29
+
Opt_enc, /* "enc=<encoding>" eg. "enc=oaep" */
30
+
Opt_hash, /* "hash=<digest-name>" eg. "hash=sha1" */
31
+
};
32
+
33
+
static const match_table_t param_keys = {
34
+
{ Opt_enc, "enc=%s" },
35
+
{ Opt_hash, "hash=%s" },
36
+
{ Opt_err, NULL }
37
+
};
38
+
39
+
/*
40
+
* Parse the information string which consists of key=val pairs.
41
+
*/
42
+
static int keyctl_pkey_params_parse(struct kernel_pkey_params *params)
43
+
{
44
+
unsigned long token_mask = 0;
45
+
substring_t args[MAX_OPT_ARGS];
46
+
char *c = params->info, *p, *q;
47
+
int token;
48
+
49
+
while ((p = strsep(&c, " \t"))) {
50
+
if (*p == '\0' || *p == ' ' || *p == '\t')
51
+
continue;
52
+
token = match_token(p, param_keys, args);
53
+
if (__test_and_set_bit(token, &token_mask))
54
+
return -EINVAL;
55
+
q = args[0].from;
56
+
if (!q[0])
57
+
return -EINVAL;
58
+
59
+
switch (token) {
60
+
case Opt_enc:
61
+
params->encoding = q;
62
+
break;
63
+
64
+
case Opt_hash:
65
+
params->hash_algo = q;
66
+
break;
67
+
68
+
default:
69
+
return -EINVAL;
70
+
}
71
+
}
72
+
73
+
return 0;
74
+
}
75
+
76
+
/*
77
+
* Interpret parameters. Callers must always call the free function
78
+
* on params, even if an error is returned.
79
+
*/
80
+
static int keyctl_pkey_params_get(key_serial_t id,
81
+
const char __user *_info,
82
+
struct kernel_pkey_params *params)
83
+
{
84
+
key_ref_t key_ref;
85
+
void *p;
86
+
int ret;
87
+
88
+
memset(params, 0, sizeof(*params));
89
+
params->encoding = "raw";
90
+
91
+
p = strndup_user(_info, PAGE_SIZE);
92
+
if (IS_ERR(p))
93
+
return PTR_ERR(p);
94
+
params->info = p;
95
+
96
+
ret = keyctl_pkey_params_parse(params);
97
+
if (ret < 0)
98
+
return ret;
99
+
100
+
key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
101
+
if (IS_ERR(key_ref))
102
+
return PTR_ERR(key_ref);
103
+
params->key = key_ref_to_ptr(key_ref);
104
+
105
+
if (!params->key->type->asym_query)
106
+
return -EOPNOTSUPP;
107
+
108
+
return 0;
109
+
}
110
+
111
+
/*
112
+
* Get parameters from userspace. Callers must always call the free function
113
+
* on params, even if an error is returned.
114
+
*/
115
+
static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_params,
116
+
const char __user *_info,
117
+
int op,
118
+
struct kernel_pkey_params *params)
119
+
{
120
+
struct keyctl_pkey_params uparams;
121
+
struct kernel_pkey_query info;
122
+
int ret;
123
+
124
+
memset(params, 0, sizeof(*params));
125
+
params->encoding = "raw";
126
+
127
+
if (copy_from_user(&uparams, _params, sizeof(uparams)) != 0)
128
+
return -EFAULT;
129
+
130
+
ret = keyctl_pkey_params_get(uparams.key_id, _info, params);
131
+
if (ret < 0)
132
+
return ret;
133
+
134
+
ret = params->key->type->asym_query(params, &info);
135
+
if (ret < 0)
136
+
return ret;
137
+
138
+
switch (op) {
139
+
case KEYCTL_PKEY_ENCRYPT:
140
+
case KEYCTL_PKEY_DECRYPT:
141
+
if (uparams.in_len > info.max_enc_size ||
142
+
uparams.out_len > info.max_dec_size)
143
+
return -EINVAL;
144
+
break;
145
+
case KEYCTL_PKEY_SIGN:
146
+
case KEYCTL_PKEY_VERIFY:
147
+
if (uparams.in_len > info.max_sig_size ||
148
+
uparams.out_len > info.max_data_size)
149
+
return -EINVAL;
150
+
break;
151
+
default:
152
+
BUG();
153
+
}
154
+
155
+
params->in_len = uparams.in_len;
156
+
params->out_len = uparams.out_len;
157
+
return 0;
158
+
}
159
+
160
+
/*
161
+
* Query information about an asymmetric key.
162
+
*/
163
+
long keyctl_pkey_query(key_serial_t id,
164
+
const char __user *_info,
165
+
struct keyctl_pkey_query __user *_res)
166
+
{
167
+
struct kernel_pkey_params params;
168
+
struct kernel_pkey_query res;
169
+
long ret;
170
+
171
+
memset(¶ms, 0, sizeof(params));
172
+
173
+
ret = keyctl_pkey_params_get(id, _info, ¶ms);
174
+
if (ret < 0)
175
+
goto error;
176
+
177
+
ret = params.key->type->asym_query(¶ms, &res);
178
+
if (ret < 0)
179
+
goto error;
180
+
181
+
ret = -EFAULT;
182
+
if (copy_to_user(_res, &res, sizeof(res)) == 0 &&
183
+
clear_user(_res->__spare, sizeof(_res->__spare)) == 0)
184
+
ret = 0;
185
+
186
+
error:
187
+
keyctl_pkey_params_free(¶ms);
188
+
return ret;
189
+
}
190
+
191
+
/*
192
+
* Encrypt/decrypt/sign
193
+
*
194
+
* Encrypt data, decrypt data or sign data using a public key.
195
+
*
196
+
* _info is a string of supplementary information in key=val format. For
197
+
* instance, it might contain:
198
+
*
199
+
* "enc=pkcs1 hash=sha256"
200
+
*
201
+
* where enc= specifies the encoding and hash= selects the OID to go in that
202
+
* particular encoding if required. If enc= isn't supplied, it's assumed that
203
+
* the caller is supplying raw values.
204
+
*
205
+
* If successful, the amount of data written into the output buffer is
206
+
* returned.
207
+
*/
208
+
long keyctl_pkey_e_d_s(int op,
209
+
const struct keyctl_pkey_params __user *_params,
210
+
const char __user *_info,
211
+
const void __user *_in,
212
+
void __user *_out)
213
+
{
214
+
struct kernel_pkey_params params;
215
+
void *in, *out;
216
+
long ret;
217
+
218
+
ret = keyctl_pkey_params_get_2(_params, _info, op, ¶ms);
219
+
if (ret < 0)
220
+
goto error_params;
221
+
222
+
ret = -EOPNOTSUPP;
223
+
if (!params.key->type->asym_eds_op)
224
+
goto error_params;
225
+
226
+
switch (op) {
227
+
case KEYCTL_PKEY_ENCRYPT:
228
+
params.op = kernel_pkey_encrypt;
229
+
break;
230
+
case KEYCTL_PKEY_DECRYPT:
231
+
params.op = kernel_pkey_decrypt;
232
+
break;
233
+
case KEYCTL_PKEY_SIGN:
234
+
params.op = kernel_pkey_sign;
235
+
break;
236
+
default:
237
+
BUG();
238
+
}
239
+
240
+
in = memdup_user(_in, params.in_len);
241
+
if (IS_ERR(in)) {
242
+
ret = PTR_ERR(in);
243
+
goto error_params;
244
+
}
245
+
246
+
ret = -ENOMEM;
247
+
out = kmalloc(params.out_len, GFP_KERNEL);
248
+
if (!out)
249
+
goto error_in;
250
+
251
+
ret = params.key->type->asym_eds_op(¶ms, in, out);
252
+
if (ret < 0)
253
+
goto error_out;
254
+
255
+
if (copy_to_user(_out, out, ret) != 0)
256
+
ret = -EFAULT;
257
+
258
+
error_out:
259
+
kfree(out);
260
+
error_in:
261
+
kfree(in);
262
+
error_params:
263
+
keyctl_pkey_params_free(¶ms);
264
+
return ret;
265
+
}
266
+
267
+
/*
268
+
* Verify a signature.
269
+
*
270
+
* Verify a public key signature using the given key, or if not given, search
271
+
* for a matching key.
272
+
*
273
+
* _info is a string of supplementary information in key=val format. For
274
+
* instance, it might contain:
275
+
*
276
+
* "enc=pkcs1 hash=sha256"
277
+
*
278
+
* where enc= specifies the signature blob encoding and hash= selects the OID
279
+
* to go in that particular encoding. If enc= isn't supplied, it's assumed
280
+
* that the caller is supplying raw values.
281
+
*
282
+
* If successful, 0 is returned.
283
+
*/
284
+
long keyctl_pkey_verify(const struct keyctl_pkey_params __user *_params,
285
+
const char __user *_info,
286
+
const void __user *_in,
287
+
const void __user *_in2)
288
+
{
289
+
struct kernel_pkey_params params;
290
+
void *in, *in2;
291
+
long ret;
292
+
293
+
ret = keyctl_pkey_params_get_2(_params, _info, KEYCTL_PKEY_VERIFY,
294
+
¶ms);
295
+
if (ret < 0)
296
+
goto error_params;
297
+
298
+
ret = -EOPNOTSUPP;
299
+
if (!params.key->type->asym_verify_signature)
300
+
goto error_params;
301
+
302
+
in = memdup_user(_in, params.in_len);
303
+
if (IS_ERR(in)) {
304
+
ret = PTR_ERR(in);
305
+
goto error_params;
306
+
}
307
+
308
+
in2 = memdup_user(_in2, params.in2_len);
309
+
if (IS_ERR(in2)) {
310
+
ret = PTR_ERR(in2);
311
+
goto error_in;
312
+
}
313
+
314
+
params.op = kernel_pkey_verify;
315
+
ret = params.key->type->asym_verify_signature(¶ms, in, in2);
316
+
317
+
kfree(in2);
318
+
error_in:
319
+
kfree(in);
320
+
error_params:
321
+
keyctl_pkey_params_free(¶ms);
322
+
return ret;
323
+
}
+9
-5
security/keys/trusted.c
+9
-5
security/keys/trusted.c
···
30
30
#include <linux/tpm.h>
31
31
#include <linux/tpm_command.h>
32
32
33
-
#include "trusted.h"
33
+
#include <keys/trusted.h>
34
34
35
35
static const char hmac_alg[] = "hmac(sha1)";
36
36
static const char hash_alg[] = "sha1";
···
121
121
/*
122
122
* calculate authorization info fields to send to TPM
123
123
*/
124
-
static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
124
+
int TSS_authhmac(unsigned char *digest, const unsigned char *key,
125
125
unsigned int keylen, unsigned char *h1,
126
126
unsigned char *h2, unsigned char h3, ...)
127
127
{
···
168
168
kzfree(sdesc);
169
169
return ret;
170
170
}
171
+
EXPORT_SYMBOL_GPL(TSS_authhmac);
171
172
172
173
/*
173
174
* verify the AUTH1_COMMAND (Seal) result from TPM
174
175
*/
175
-
static int TSS_checkhmac1(unsigned char *buffer,
176
+
int TSS_checkhmac1(unsigned char *buffer,
176
177
const uint32_t command,
177
178
const unsigned char *ononce,
178
179
const unsigned char *key,
···
250
249
kzfree(sdesc);
251
250
return ret;
252
251
}
252
+
EXPORT_SYMBOL_GPL(TSS_checkhmac1);
253
253
254
254
/*
255
255
* verify the AUTH2_COMMAND (unseal) result from TPM
···
357
355
* For key specific tpm requests, we will generate and send our
358
356
* own TPM command packets using the drivers send function.
359
357
*/
360
-
static int trusted_tpm_send(unsigned char *cmd, size_t buflen)
358
+
int trusted_tpm_send(unsigned char *cmd, size_t buflen)
361
359
{
362
360
int rc;
363
361
···
369
367
rc = -EPERM;
370
368
return rc;
371
369
}
370
+
EXPORT_SYMBOL_GPL(trusted_tpm_send);
372
371
373
372
/*
374
373
* Lock a trusted key, by extending a selected PCR.
···
428
425
/*
429
426
* Create an object independent authorisation protocol (oiap) session
430
427
*/
431
-
static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
428
+
int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
432
429
{
433
430
int ret;
434
431
···
445
442
TPM_NONCE_SIZE);
446
443
return 0;
447
444
}
445
+
EXPORT_SYMBOL_GPL(oiap);
448
446
449
447
struct tpm_digests {
450
448
unsigned char encauth[SHA1_DIGEST_SIZE];
+13
-1
security/keys/trusted.h
include/keys/trusted.h
+13
-1
security/keys/trusted.h
include/keys/trusted.h
···
3
3
#define __TRUSTED_KEY_H
4
4
5
5
/* implementation specific TPM constants */
6
-
#define MAX_BUF_SIZE 512
6
+
#define MAX_BUF_SIZE 1024
7
7
#define TPM_GETRANDOM_SIZE 14
8
8
#define TPM_OSAP_SIZE 36
9
9
#define TPM_OIAP_SIZE 10
···
35
35
SEAL_keytype = 1,
36
36
SRK_keytype = 4
37
37
};
38
+
39
+
int TSS_authhmac(unsigned char *digest, const unsigned char *key,
40
+
unsigned int keylen, unsigned char *h1,
41
+
unsigned char *h2, unsigned char h3, ...);
42
+
int TSS_checkhmac1(unsigned char *buffer,
43
+
const uint32_t command,
44
+
const unsigned char *ononce,
45
+
const unsigned char *key,
46
+
unsigned int keylen, ...);
47
+
48
+
int trusted_tpm_send(unsigned char *cmd, size_t buflen);
49
+
int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce);
38
50
39
51
#define TPM_DEBUG 0
40
52