Commit | Line | Data |
---|---|---|
d2add27c JB |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | /* | |
4 | * Copyright (C) 2018 James.Bottomley@HansenPartnership.com | |
5 | * | |
699e3efd JB |
6 | * Cryptographic helper routines for handling TPM2 sessions for |
7 | * authorization HMAC and request response encryption. | |
8 | * | |
9 | * The idea is to ensure that every TPM command is HMAC protected by a | |
10 | * session, meaning in-flight tampering would be detected and in | |
11 | * addition all sensitive inputs and responses should be encrypted. | |
12 | * | |
13 | * The basic way this works is to use a TPM feature called salted | |
14 | * sessions where a random secret used in session construction is | |
15 | * encrypted to the public part of a known TPM key. The problem is we | |
16 | * have no known keys, so initially a primary Elliptic Curve key is | |
17 | * derived from the NULL seed (we use EC because most TPMs generate | |
18 | * these keys much faster than RSA ones). The curve used is NIST_P256 | |
19 | * because that's now mandated to be present in 'TCG TPM v2.0 | |
20 | * Provisioning Guidance' | |
21 | * | |
22 | * Threat problems: the initial TPM2_CreatePrimary is not (and cannot | |
23 | * be) session protected, so a clever Man in the Middle could return a | |
24 | * public key they control to this command and from there intercept | |
25 | * and decode all subsequent session based transactions. The kernel | |
26 | * cannot mitigate this threat but, after boot, userspace can get | |
27 | * proof this has not happened by asking the TPM to certify the NULL | |
28 | * key. This certification would chain back to the TPM Endorsement | |
29 | * Certificate and prove the NULL seed primary had not been tampered | |
30 | * with and thus all sessions must have been cryptographically secure. | |
31 | * To assist with this, the initial NULL seed public key name is made | |
32 | * available in a sysfs file. | |
33 | * | |
34 | * Use of these functions: | |
35 | * | |
36 | * The design is all the crypto, hash and hmac gunk is confined in this | |
37 | * file and never needs to be seen even by the kernel internal user. To | |
38 | * the user there's an init function tpm2_sessions_init() that needs to | |
39 | * be called once per TPM which generates the NULL seed primary key. | |
40 | * | |
41 | * These are the usage functions: | |
42 | * | |
43 | * tpm2_start_auth_session() which allocates the opaque auth structure | |
44 | * and gets a session from the TPM. This must be called before | |
45 | * any of the following functions. The session is protected by a | |
46 | * session_key which is derived from a random salt value | |
47 | * encrypted to the NULL seed. | |
48 | * tpm2_end_auth_session() kills the session and frees the resources. | |
49 | * Under normal operation this function is done by | |
50 | * tpm_buf_check_hmac_response(), so this is only to be used on | |
51 | * error legs where the latter is not executed. | |
d0a25bb9 JB |
52 | * tpm_buf_append_name() to add a handle to the buffer. This must be |
53 | * used in place of the usual tpm_buf_append_u32() for adding | |
54 | * handles because handles have to be processed specially when | |
55 | * calculating the HMAC. In particular, for NV, volatile and | |
56 | * permanent objects you now need to provide the name. | |
1085b827 JB |
57 | * tpm_buf_append_hmac_session() which appends the hmac session to the |
58 | * buf in the same way tpm_buf_append_auth does(). | |
59 | * tpm_buf_fill_hmac_session() This calculates the correct hash and | |
60 | * places it in the buffer. It must be called after the complete | |
61 | * command buffer is finalized so it can fill in the correct HMAC | |
62 | * based on the parameters. | |
63 | * tpm_buf_check_hmac_response() which checks the session response in | |
64 | * the buffer and calculates what it should be. If there's a | |
65 | * mismatch it will log a warning and return an error. If | |
66 | * tpm_buf_append_hmac_session() did not specify | |
67 | * TPM_SA_CONTINUE_SESSION then the session will be closed (if it | |
68 | * hasn't been consumed) and the auth structure freed. | |
d2add27c JB |
69 | */ |
70 | ||
71 | #include "tpm.h" | |
699e3efd JB |
72 | #include <linux/random.h> |
73 | #include <linux/scatterlist.h> | |
d2add27c | 74 | #include <asm/unaligned.h> |
699e3efd JB |
75 | #include <crypto/kpp.h> |
76 | #include <crypto/ecdh.h> | |
033ee84e JB |
77 | #include <crypto/hash.h> |
78 | #include <crypto/hmac.h> | |
79 | ||
d0a25bb9 JB |
80 | /* maximum number of names the TPM must remember for authorization */ |
81 | #define AUTH_MAX_NAMES 3 | |
82 | ||
699e3efd JB |
83 | /* |
84 | * This is the structure that carries all the auth information (like | |
85 | * session handle, nonces, session key and auth) from use to use it is | |
86 | * designed to be opaque to anything outside. | |
87 | */ | |
88 | struct tpm2_auth { | |
89 | u32 handle; | |
90 | /* | |
91 | * This has two meanings: before tpm_buf_fill_hmac_session() | |
92 | * it marks the offset in the buffer of the start of the | |
93 | * sessions (i.e. after all the handles). Once the buffer has | |
94 | * been filled it markes the session number of our auth | |
95 | * session so we can find it again in the response buffer. | |
96 | * | |
97 | * The two cases are distinguished because the first offset | |
98 | * must always be greater than TPM_HEADER_SIZE and the second | |
99 | * must be less than or equal to 5. | |
100 | */ | |
101 | u32 session; | |
102 | /* | |
103 | * the size here is variable and set by the size of our_nonce | |
104 | * which must be between 16 and the name hash length. we set | |
105 | * the maximum sha256 size for the greatest protection | |
106 | */ | |
107 | u8 our_nonce[SHA256_DIGEST_SIZE]; | |
108 | u8 tpm_nonce[SHA256_DIGEST_SIZE]; | |
109 | /* | |
110 | * the salt is only used across the session command/response | |
111 | * after that it can be used as a scratch area | |
112 | */ | |
113 | union { | |
114 | u8 salt[EC_PT_SZ]; | |
115 | /* scratch for key + IV */ | |
116 | u8 scratch[AES_KEY_BYTES + AES_BLOCK_SIZE]; | |
117 | }; | |
1085b827 JB |
118 | /* |
119 | * the session key and passphrase are the same size as the | |
120 | * name digest (sha256 again). The session key is constant | |
121 | * for the use of the session and the passphrase can change | |
122 | * with every invocation. | |
123 | * | |
124 | * Note: these fields must be adjacent and in this order | |
125 | * because several HMAC/KDF schemes use the combination of the | |
126 | * session_key and passphrase. | |
127 | */ | |
699e3efd | 128 | u8 session_key[SHA256_DIGEST_SIZE]; |
1085b827 JB |
129 | u8 passphrase[SHA256_DIGEST_SIZE]; |
130 | int passphrase_len; | |
131 | struct crypto_aes_ctx aes_ctx; | |
132 | /* saved session attributes: */ | |
133 | u8 attrs; | |
134 | __be32 ordinal; | |
d0a25bb9 JB |
135 | |
136 | /* | |
137 | * memory for three authorization handles. We know them by | |
138 | * handle, but they are part of the session by name, which | |
139 | * we must compute and remember | |
140 | */ | |
141 | u32 name_h[AUTH_MAX_NAMES]; | |
142 | u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; | |
699e3efd JB |
143 | }; |
144 | ||
d0a25bb9 JB |
145 | /* |
146 | * Name Size based on TPM algorithm (assumes no hash bigger than 255) | |
147 | */ | |
148 | static u8 name_size(const u8 *name) | |
149 | { | |
150 | static u8 size_map[] = { | |
151 | [TPM_ALG_SHA1] = SHA1_DIGEST_SIZE, | |
152 | [TPM_ALG_SHA256] = SHA256_DIGEST_SIZE, | |
153 | [TPM_ALG_SHA384] = SHA384_DIGEST_SIZE, | |
154 | [TPM_ALG_SHA512] = SHA512_DIGEST_SIZE, | |
155 | }; | |
156 | u16 alg = get_unaligned_be16(name); | |
157 | return size_map[alg] + 2; | |
158 | } | |
159 | ||
033ee84e JB |
160 | /* |
161 | * It turns out the crypto hmac(sha256) is hard for us to consume | |
162 | * because it assumes a fixed key and the TPM seems to change the key | |
163 | * on every operation, so we weld the hmac init and final functions in | |
164 | * here to give it the same usage characteristics as a regular hash | |
165 | */ | |
166 | static void tpm2_hmac_init(struct sha256_state *sctx, u8 *key, u32 key_len) | |
167 | { | |
168 | u8 pad[SHA256_BLOCK_SIZE]; | |
169 | int i; | |
170 | ||
171 | sha256_init(sctx); | |
172 | for (i = 0; i < sizeof(pad); i++) { | |
173 | if (i < key_len) | |
174 | pad[i] = key[i]; | |
175 | else | |
176 | pad[i] = 0; | |
177 | pad[i] ^= HMAC_IPAD_VALUE; | |
178 | } | |
179 | sha256_update(sctx, pad, sizeof(pad)); | |
180 | } | |
181 | ||
182 | static void tpm2_hmac_final(struct sha256_state *sctx, u8 *key, u32 key_len, | |
183 | u8 *out) | |
184 | { | |
185 | u8 pad[SHA256_BLOCK_SIZE]; | |
186 | int i; | |
187 | ||
188 | for (i = 0; i < sizeof(pad); i++) { | |
189 | if (i < key_len) | |
190 | pad[i] = key[i]; | |
191 | else | |
192 | pad[i] = 0; | |
193 | pad[i] ^= HMAC_OPAD_VALUE; | |
194 | } | |
195 | ||
196 | /* collect the final hash; use out as temporary storage */ | |
197 | sha256_final(sctx, out); | |
198 | ||
199 | sha256_init(sctx); | |
200 | sha256_update(sctx, pad, sizeof(pad)); | |
201 | sha256_update(sctx, out, SHA256_DIGEST_SIZE); | |
202 | sha256_final(sctx, out); | |
203 | } | |
204 | ||
205 | /* | |
206 | * assume hash sha256 and nonces u, v of size SHA256_DIGEST_SIZE but | |
207 | * otherwise standard tpm2_KDFa. Note output is in bytes not bits. | |
208 | */ | |
209 | static void tpm2_KDFa(u8 *key, u32 key_len, const char *label, u8 *u, | |
210 | u8 *v, u32 bytes, u8 *out) | |
211 | { | |
212 | u32 counter = 1; | |
213 | const __be32 bits = cpu_to_be32(bytes * 8); | |
214 | ||
215 | while (bytes > 0) { | |
216 | struct sha256_state sctx; | |
217 | __be32 c = cpu_to_be32(counter); | |
218 | ||
219 | tpm2_hmac_init(&sctx, key, key_len); | |
220 | sha256_update(&sctx, (u8 *)&c, sizeof(c)); | |
221 | sha256_update(&sctx, label, strlen(label)+1); | |
222 | sha256_update(&sctx, u, SHA256_DIGEST_SIZE); | |
223 | sha256_update(&sctx, v, SHA256_DIGEST_SIZE); | |
224 | sha256_update(&sctx, (u8 *)&bits, sizeof(bits)); | |
225 | tpm2_hmac_final(&sctx, key, key_len, out); | |
226 | ||
227 | bytes -= SHA256_DIGEST_SIZE; | |
228 | counter++; | |
229 | out += SHA256_DIGEST_SIZE; | |
230 | } | |
231 | } | |
232 | ||
233 | /* | |
234 | * Somewhat of a bastardization of the real KDFe. We're assuming | |
235 | * we're working with known point sizes for the input parameters and | |
236 | * the hash algorithm is fixed at sha256. Because we know that the | |
237 | * point size is 32 bytes like the hash size, there's no need to loop | |
238 | * in this KDF. | |
239 | */ | |
240 | static void tpm2_KDFe(u8 z[EC_PT_SZ], const char *str, u8 *pt_u, u8 *pt_v, | |
241 | u8 *out) | |
242 | { | |
243 | struct sha256_state sctx; | |
244 | /* | |
245 | * this should be an iterative counter, but because we know | |
246 | * we're only taking 32 bytes for the point using a sha256 | |
247 | * hash which is also 32 bytes, there's only one loop | |
248 | */ | |
249 | __be32 c = cpu_to_be32(1); | |
250 | ||
251 | sha256_init(&sctx); | |
252 | /* counter (BE) */ | |
253 | sha256_update(&sctx, (u8 *)&c, sizeof(c)); | |
254 | /* secret value */ | |
255 | sha256_update(&sctx, z, EC_PT_SZ); | |
256 | /* string including trailing zero */ | |
257 | sha256_update(&sctx, str, strlen(str)+1); | |
258 | sha256_update(&sctx, pt_u, EC_PT_SZ); | |
259 | sha256_update(&sctx, pt_v, EC_PT_SZ); | |
260 | sha256_final(&sctx, out); | |
261 | } | |
d2add27c | 262 | |
699e3efd JB |
263 | static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) |
264 | { | |
265 | struct crypto_kpp *kpp; | |
266 | struct kpp_request *req; | |
267 | struct scatterlist s[2], d[1]; | |
268 | struct ecdh p = {0}; | |
269 | u8 encoded_key[EC_PT_SZ], *x, *y; | |
270 | unsigned int buf_len; | |
271 | ||
272 | /* secret is two sized points */ | |
273 | tpm_buf_append_u16(buf, (EC_PT_SZ + 2)*2); | |
274 | /* | |
275 | * we cheat here and append uninitialized data to form | |
276 | * the points. All we care about is getting the two | |
277 | * co-ordinate pointers, which will be used to overwrite | |
278 | * the uninitialized data | |
279 | */ | |
280 | tpm_buf_append_u16(buf, EC_PT_SZ); | |
281 | x = &buf->data[tpm_buf_length(buf)]; | |
282 | tpm_buf_append(buf, encoded_key, EC_PT_SZ); | |
283 | tpm_buf_append_u16(buf, EC_PT_SZ); | |
284 | y = &buf->data[tpm_buf_length(buf)]; | |
285 | tpm_buf_append(buf, encoded_key, EC_PT_SZ); | |
286 | sg_init_table(s, 2); | |
287 | sg_set_buf(&s[0], x, EC_PT_SZ); | |
288 | sg_set_buf(&s[1], y, EC_PT_SZ); | |
289 | ||
290 | kpp = crypto_alloc_kpp("ecdh-nist-p256", CRYPTO_ALG_INTERNAL, 0); | |
291 | if (IS_ERR(kpp)) { | |
292 | dev_err(&chip->dev, "crypto ecdh allocation failed\n"); | |
293 | return; | |
294 | } | |
295 | ||
296 | buf_len = crypto_ecdh_key_len(&p); | |
297 | if (sizeof(encoded_key) < buf_len) { | |
298 | dev_err(&chip->dev, "salt buffer too small needs %d\n", | |
299 | buf_len); | |
300 | goto out; | |
301 | } | |
302 | crypto_ecdh_encode_key(encoded_key, buf_len, &p); | |
303 | /* this generates a random private key */ | |
304 | crypto_kpp_set_secret(kpp, encoded_key, buf_len); | |
305 | ||
306 | /* salt is now the public point of this private key */ | |
307 | req = kpp_request_alloc(kpp, GFP_KERNEL); | |
308 | if (!req) | |
309 | goto out; | |
310 | kpp_request_set_input(req, NULL, 0); | |
311 | kpp_request_set_output(req, s, EC_PT_SZ*2); | |
312 | crypto_kpp_generate_public_key(req); | |
313 | /* | |
314 | * we're not done: now we have to compute the shared secret | |
315 | * which is our private key multiplied by the tpm_key public | |
316 | * point, we actually only take the x point and discard the y | |
317 | * point and feed it through KDFe to get the final secret salt | |
318 | */ | |
319 | sg_set_buf(&s[0], chip->null_ec_key_x, EC_PT_SZ); | |
320 | sg_set_buf(&s[1], chip->null_ec_key_y, EC_PT_SZ); | |
321 | kpp_request_set_input(req, s, EC_PT_SZ*2); | |
322 | sg_init_one(d, chip->auth->salt, EC_PT_SZ); | |
323 | kpp_request_set_output(req, d, EC_PT_SZ); | |
324 | crypto_kpp_compute_shared_secret(req); | |
325 | kpp_request_free(req); | |
326 | ||
327 | /* | |
328 | * pass the shared secret through KDFe for salt. Note salt | |
329 | * area is used both for input shared secret and output salt. | |
330 | * This works because KDFe fully consumes the secret before it | |
331 | * writes the salt | |
332 | */ | |
333 | tpm2_KDFe(chip->auth->salt, "SECRET", x, chip->null_ec_key_x, | |
334 | chip->auth->salt); | |
335 | ||
336 | out: | |
337 | crypto_free_kpp(kpp); | |
338 | } | |
d0a25bb9 | 339 | |
1085b827 JB |
340 | /** |
341 | * tpm_buf_append_hmac_session() - Append a TPM session element | |
342 | * @chip: the TPM chip structure | |
343 | * @buf: The buffer to be appended | |
344 | * @attributes: The session attributes | |
345 | * @passphrase: The session authority (NULL if none) | |
346 | * @passphrase_len: The length of the session authority (0 if none) | |
347 | * | |
348 | * This fills in a session structure in the TPM command buffer, except | |
349 | * for the HMAC which cannot be computed until the command buffer is | |
350 | * complete. The type of session is controlled by the @attributes, | |
351 | * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the | |
352 | * session won't terminate after tpm_buf_check_hmac_response(), | |
353 | * TPM2_SA_DECRYPT which means this buffers first parameter should be | |
354 | * encrypted with a session key and TPM2_SA_ENCRYPT, which means the | |
355 | * response buffer's first parameter needs to be decrypted (confusing, | |
356 | * but the defines are written from the point of view of the TPM). | |
357 | * | |
358 | * Any session appended by this command must be finalized by calling | |
359 | * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect | |
360 | * and the TPM will reject the command. | |
361 | * | |
362 | * As with most tpm_buf operations, success is assumed because failure | |
363 | * will be caused by an incorrect programming model and indicated by a | |
364 | * kernel message. | |
365 | */ | |
366 | void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, | |
367 | u8 attributes, u8 *passphrase, | |
368 | int passphrase_len) | |
369 | { | |
370 | u8 nonce[SHA256_DIGEST_SIZE]; | |
371 | u32 len; | |
372 | struct tpm2_auth *auth = chip->auth; | |
373 | ||
374 | /* | |
375 | * The Architecture Guide requires us to strip trailing zeros | |
376 | * before computing the HMAC | |
377 | */ | |
378 | while (passphrase && passphrase_len > 0 | |
379 | && passphrase[passphrase_len - 1] == '\0') | |
380 | passphrase_len--; | |
381 | ||
382 | auth->attrs = attributes; | |
383 | auth->passphrase_len = passphrase_len; | |
384 | if (passphrase_len) | |
385 | memcpy(auth->passphrase, passphrase, passphrase_len); | |
386 | ||
387 | if (auth->session != tpm_buf_length(buf)) { | |
388 | /* we're not the first session */ | |
389 | len = get_unaligned_be32(&buf->data[auth->session]); | |
390 | if (4 + len + auth->session != tpm_buf_length(buf)) { | |
391 | WARN(1, "session length mismatch, cannot append"); | |
392 | return; | |
393 | } | |
394 | ||
395 | /* add our new session */ | |
396 | len += 9 + 2 * SHA256_DIGEST_SIZE; | |
397 | put_unaligned_be32(len, &buf->data[auth->session]); | |
398 | } else { | |
399 | tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); | |
400 | } | |
401 | ||
402 | /* random number for our nonce */ | |
403 | get_random_bytes(nonce, sizeof(nonce)); | |
404 | memcpy(auth->our_nonce, nonce, sizeof(nonce)); | |
405 | tpm_buf_append_u32(buf, auth->handle); | |
406 | /* our new nonce */ | |
407 | tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); | |
408 | tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); | |
409 | tpm_buf_append_u8(buf, auth->attrs); | |
410 | /* and put a placeholder for the hmac */ | |
411 | tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); | |
412 | tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); | |
413 | } | |
414 | EXPORT_SYMBOL(tpm_buf_append_hmac_session); | |
415 | ||
416 | /** | |
417 | * tpm_buf_fill_hmac_session() - finalize the session HMAC | |
418 | * @chip: the TPM chip structure | |
419 | * @buf: The buffer to be appended | |
420 | * | |
421 | * This command must not be called until all of the parameters have | |
422 | * been appended to @buf otherwise the computed HMAC will be | |
423 | * incorrect. | |
424 | * | |
425 | * This function computes and fills in the session HMAC using the | |
426 | * session key and, if TPM2_SA_DECRYPT was specified, computes the | |
427 | * encryption key and encrypts the first parameter of the command | |
428 | * buffer with it. | |
429 | * | |
430 | * As with most tpm_buf operations, success is assumed because failure | |
431 | * will be caused by an incorrect programming model and indicated by a | |
432 | * kernel message. | |
433 | */ | |
434 | void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) | |
435 | { | |
436 | u32 cc, handles, val; | |
437 | struct tpm2_auth *auth = chip->auth; | |
438 | int i; | |
439 | struct tpm_header *head = (struct tpm_header *)buf->data; | |
440 | off_t offset_s = TPM_HEADER_SIZE, offset_p; | |
441 | u8 *hmac = NULL; | |
442 | u32 attrs; | |
443 | u8 cphash[SHA256_DIGEST_SIZE]; | |
444 | struct sha256_state sctx; | |
445 | ||
446 | /* save the command code in BE format */ | |
447 | auth->ordinal = head->ordinal; | |
448 | ||
449 | cc = be32_to_cpu(head->ordinal); | |
450 | ||
451 | i = tpm2_find_cc(chip, cc); | |
452 | if (i < 0) { | |
453 | dev_err(&chip->dev, "Command 0x%x not found in TPM\n", cc); | |
454 | return; | |
455 | } | |
456 | attrs = chip->cc_attrs_tbl[i]; | |
457 | ||
458 | handles = (attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0); | |
459 | ||
460 | /* | |
461 | * just check the names, it's easy to make mistakes. This | |
462 | * would happen if someone added a handle via | |
463 | * tpm_buf_append_u32() instead of tpm_buf_append_name() | |
464 | */ | |
465 | for (i = 0; i < handles; i++) { | |
466 | u32 handle = tpm_buf_read_u32(buf, &offset_s); | |
467 | ||
468 | if (auth->name_h[i] != handle) { | |
469 | dev_err(&chip->dev, "TPM: handle %d wrong for name\n", | |
470 | i); | |
471 | return; | |
472 | } | |
473 | } | |
474 | /* point offset_s to the start of the sessions */ | |
475 | val = tpm_buf_read_u32(buf, &offset_s); | |
476 | /* point offset_p to the start of the parameters */ | |
477 | offset_p = offset_s + val; | |
478 | for (i = 1; offset_s < offset_p; i++) { | |
479 | u32 handle = tpm_buf_read_u32(buf, &offset_s); | |
480 | u16 len; | |
481 | u8 a; | |
482 | ||
483 | /* nonce (already in auth) */ | |
484 | len = tpm_buf_read_u16(buf, &offset_s); | |
485 | offset_s += len; | |
486 | ||
487 | a = tpm_buf_read_u8(buf, &offset_s); | |
488 | ||
489 | len = tpm_buf_read_u16(buf, &offset_s); | |
490 | if (handle == auth->handle && auth->attrs == a) { | |
491 | hmac = &buf->data[offset_s]; | |
492 | /* | |
493 | * save our session number so we know which | |
494 | * session in the response belongs to us | |
495 | */ | |
496 | auth->session = i; | |
497 | } | |
498 | ||
499 | offset_s += len; | |
500 | } | |
501 | if (offset_s != offset_p) { | |
502 | dev_err(&chip->dev, "TPM session length is incorrect\n"); | |
503 | return; | |
504 | } | |
505 | if (!hmac) { | |
506 | dev_err(&chip->dev, "TPM could not find HMAC session\n"); | |
507 | return; | |
508 | } | |
509 | ||
510 | /* encrypt before HMAC */ | |
511 | if (auth->attrs & TPM2_SA_DECRYPT) { | |
512 | u16 len; | |
513 | ||
514 | /* need key and IV */ | |
515 | tpm2_KDFa(auth->session_key, SHA256_DIGEST_SIZE | |
516 | + auth->passphrase_len, "CFB", auth->our_nonce, | |
517 | auth->tpm_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE, | |
518 | auth->scratch); | |
519 | ||
520 | len = tpm_buf_read_u16(buf, &offset_p); | |
521 | aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES); | |
522 | aescfb_encrypt(&auth->aes_ctx, &buf->data[offset_p], | |
523 | &buf->data[offset_p], len, | |
524 | auth->scratch + AES_KEY_BYTES); | |
525 | /* reset p to beginning of parameters for HMAC */ | |
526 | offset_p -= 2; | |
527 | } | |
528 | ||
529 | sha256_init(&sctx); | |
530 | /* ordinal is already BE */ | |
531 | sha256_update(&sctx, (u8 *)&head->ordinal, sizeof(head->ordinal)); | |
532 | /* add the handle names */ | |
533 | for (i = 0; i < handles; i++) { | |
534 | enum tpm2_mso_type mso = tpm2_handle_mso(auth->name_h[i]); | |
535 | ||
536 | if (mso == TPM2_MSO_PERSISTENT || | |
537 | mso == TPM2_MSO_VOLATILE || | |
538 | mso == TPM2_MSO_NVRAM) { | |
539 | sha256_update(&sctx, auth->name[i], | |
540 | name_size(auth->name[i])); | |
541 | } else { | |
542 | __be32 h = cpu_to_be32(auth->name_h[i]); | |
543 | ||
544 | sha256_update(&sctx, (u8 *)&h, 4); | |
545 | } | |
546 | } | |
547 | if (offset_s != tpm_buf_length(buf)) | |
548 | sha256_update(&sctx, &buf->data[offset_s], | |
549 | tpm_buf_length(buf) - offset_s); | |
550 | sha256_final(&sctx, cphash); | |
551 | ||
552 | /* now calculate the hmac */ | |
553 | tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key) | |
554 | + auth->passphrase_len); | |
555 | sha256_update(&sctx, cphash, sizeof(cphash)); | |
556 | sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce)); | |
557 | sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); | |
558 | sha256_update(&sctx, &auth->attrs, 1); | |
559 | tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key) | |
560 | + auth->passphrase_len, hmac); | |
561 | } | |
562 | EXPORT_SYMBOL(tpm_buf_fill_hmac_session); | |
563 | ||
d0a25bb9 JB |
564 | static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) |
565 | { | |
566 | struct tpm_header *head = (struct tpm_header *)buf->data; | |
567 | off_t offset = TPM_HEADER_SIZE; | |
568 | u32 tot_len = be32_to_cpu(head->length); | |
569 | u32 val; | |
570 | ||
571 | /* we're starting after the header so adjust the length */ | |
572 | tot_len -= TPM_HEADER_SIZE; | |
573 | ||
574 | /* skip public */ | |
575 | val = tpm_buf_read_u16(buf, &offset); | |
576 | if (val > tot_len) | |
577 | return -EINVAL; | |
578 | offset += val; | |
579 | /* name */ | |
580 | val = tpm_buf_read_u16(buf, &offset); | |
581 | if (val != name_size(&buf->data[offset])) | |
582 | return -EINVAL; | |
583 | memcpy(name, &buf->data[offset], val); | |
584 | /* forget the rest */ | |
585 | return 0; | |
586 | } | |
587 | ||
588 | static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) | |
589 | { | |
590 | struct tpm_buf buf; | |
591 | int rc; | |
592 | ||
593 | rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); | |
594 | if (rc) | |
595 | return rc; | |
596 | ||
597 | tpm_buf_append_u32(&buf, handle); | |
598 | rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); | |
599 | if (rc == TPM2_RC_SUCCESS) | |
600 | rc = tpm2_parse_read_public(name, &buf); | |
601 | ||
602 | tpm_buf_destroy(&buf); | |
603 | ||
604 | return rc; | |
605 | } | |
606 | ||
607 | /** | |
608 | * tpm_buf_append_name() - add a handle area to the buffer | |
609 | * @chip: the TPM chip structure | |
610 | * @buf: The buffer to be appended | |
611 | * @handle: The handle to be appended | |
612 | * @name: The name of the handle (may be NULL) | |
613 | * | |
614 | * In order to compute session HMACs, we need to know the names of the | |
615 | * objects pointed to by the handles. For most objects, this is simply | |
616 | * the actual 4 byte handle or an empty buf (in these cases @name | |
617 | * should be NULL) but for volatile objects, permanent objects and NV | |
618 | * areas, the name is defined as the hash (according to the name | |
619 | * algorithm which should be set to sha256) of the public area to | |
620 | * which the two byte algorithm id has been appended. For these | |
621 | * objects, the @name pointer should point to this. If a name is | |
622 | * required but @name is NULL, then TPM2_ReadPublic() will be called | |
623 | * on the handle to obtain the name. | |
624 | * | |
625 | * As with most tpm_buf operations, success is assumed because failure | |
626 | * will be caused by an incorrect programming model and indicated by a | |
627 | * kernel message. | |
628 | */ | |
629 | void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, | |
630 | u32 handle, u8 *name) | |
631 | { | |
632 | enum tpm2_mso_type mso = tpm2_handle_mso(handle); | |
633 | struct tpm2_auth *auth = chip->auth; | |
634 | int slot; | |
635 | ||
636 | slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE)/4; | |
637 | if (slot >= AUTH_MAX_NAMES) { | |
638 | dev_err(&chip->dev, "TPM: too many handles\n"); | |
639 | return; | |
640 | } | |
641 | WARN(auth->session != tpm_buf_length(buf), | |
642 | "name added in wrong place\n"); | |
643 | tpm_buf_append_u32(buf, handle); | |
644 | auth->session += 4; | |
645 | ||
646 | if (mso == TPM2_MSO_PERSISTENT || | |
647 | mso == TPM2_MSO_VOLATILE || | |
648 | mso == TPM2_MSO_NVRAM) { | |
649 | if (!name) | |
650 | tpm2_read_public(chip, handle, auth->name[slot]); | |
651 | } else { | |
652 | if (name) | |
653 | dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); | |
654 | } | |
655 | ||
656 | auth->name_h[slot] = handle; | |
657 | if (name) | |
658 | memcpy(auth->name[slot], name, name_size(name)); | |
659 | } | |
660 | EXPORT_SYMBOL(tpm_buf_append_name); | |
1085b827 JB |
661 | |
662 | /** | |
663 | * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness | |
664 | * @chip: the TPM chip structure | |
665 | * @buf: the original command buffer (which now contains the response) | |
666 | * @rc: the return code from tpm_transmit_cmd | |
667 | * | |
668 | * If @rc is non zero, @buf may not contain an actual return, so @rc | |
669 | * is passed through as the return and the session cleaned up and | |
670 | * de-allocated if required (this is required if | |
671 | * TPM2_SA_CONTINUE_SESSION was not specified as a session flag). | |
672 | * | |
673 | * If @rc is zero, the response HMAC is computed against the returned | |
674 | * @buf and matched to the TPM one in the session area. If there is a | |
675 | * mismatch, an error is logged and -EINVAL returned. | |
676 | * | |
677 | * The reason for this is that the command issue and HMAC check | |
678 | * sequence should look like: | |
679 | * | |
680 | * rc = tpm_transmit_cmd(...); | |
681 | * rc = tpm_buf_check_hmac_response(&buf, auth, rc); | |
682 | * if (rc) | |
683 | * ... | |
684 | * | |
685 | * Which is easily layered into the current contrl flow. | |
686 | * | |
687 | * Returns: 0 on success or an error. | |
688 | */ | |
689 | int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, | |
690 | int rc) | |
691 | { | |
692 | struct tpm_header *head = (struct tpm_header *)buf->data; | |
693 | struct tpm2_auth *auth = chip->auth; | |
694 | off_t offset_s, offset_p; | |
695 | u8 rphash[SHA256_DIGEST_SIZE]; | |
696 | u32 attrs; | |
697 | struct sha256_state sctx; | |
698 | u16 tag = be16_to_cpu(head->tag); | |
699 | u32 cc = be32_to_cpu(auth->ordinal); | |
700 | int parm_len, len, i, handles; | |
701 | ||
702 | if (auth->session >= TPM_HEADER_SIZE) { | |
703 | WARN(1, "tpm session not filled correctly\n"); | |
704 | goto out; | |
705 | } | |
706 | ||
707 | if (rc != 0) | |
708 | /* pass non success rc through and close the session */ | |
709 | goto out; | |
710 | ||
711 | rc = -EINVAL; | |
712 | if (tag != TPM2_ST_SESSIONS) { | |
713 | dev_err(&chip->dev, "TPM: HMAC response check has no sessions tag\n"); | |
714 | goto out; | |
715 | } | |
716 | ||
717 | i = tpm2_find_cc(chip, cc); | |
718 | if (i < 0) | |
719 | goto out; | |
720 | attrs = chip->cc_attrs_tbl[i]; | |
721 | handles = (attrs >> TPM2_CC_ATTR_RHANDLE) & 1; | |
722 | ||
723 | /* point to area beyond handles */ | |
724 | offset_s = TPM_HEADER_SIZE + handles * 4; | |
725 | parm_len = tpm_buf_read_u32(buf, &offset_s); | |
726 | offset_p = offset_s; | |
727 | offset_s += parm_len; | |
728 | /* skip over any sessions before ours */ | |
729 | for (i = 0; i < auth->session - 1; i++) { | |
730 | len = tpm_buf_read_u16(buf, &offset_s); | |
731 | offset_s += len + 1; | |
732 | len = tpm_buf_read_u16(buf, &offset_s); | |
733 | offset_s += len; | |
734 | } | |
735 | /* TPM nonce */ | |
736 | len = tpm_buf_read_u16(buf, &offset_s); | |
737 | if (offset_s + len > tpm_buf_length(buf)) | |
738 | goto out; | |
739 | if (len != SHA256_DIGEST_SIZE) | |
740 | goto out; | |
741 | memcpy(auth->tpm_nonce, &buf->data[offset_s], len); | |
742 | offset_s += len; | |
743 | attrs = tpm_buf_read_u8(buf, &offset_s); | |
744 | len = tpm_buf_read_u16(buf, &offset_s); | |
745 | if (offset_s + len != tpm_buf_length(buf)) | |
746 | goto out; | |
747 | if (len != SHA256_DIGEST_SIZE) | |
748 | goto out; | |
749 | /* | |
750 | * offset_s points to the HMAC. now calculate comparison, beginning | |
751 | * with rphash | |
752 | */ | |
753 | sha256_init(&sctx); | |
754 | /* yes, I know this is now zero, but it's what the standard says */ | |
755 | sha256_update(&sctx, (u8 *)&head->return_code, | |
756 | sizeof(head->return_code)); | |
757 | /* ordinal is already BE */ | |
758 | sha256_update(&sctx, (u8 *)&auth->ordinal, sizeof(auth->ordinal)); | |
759 | sha256_update(&sctx, &buf->data[offset_p], parm_len); | |
760 | sha256_final(&sctx, rphash); | |
761 | ||
762 | /* now calculate the hmac */ | |
763 | tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key) | |
764 | + auth->passphrase_len); | |
765 | sha256_update(&sctx, rphash, sizeof(rphash)); | |
766 | sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); | |
767 | sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce)); | |
768 | sha256_update(&sctx, &auth->attrs, 1); | |
769 | /* we're done with the rphash, so put our idea of the hmac there */ | |
770 | tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key) | |
771 | + auth->passphrase_len, rphash); | |
772 | if (memcmp(rphash, &buf->data[offset_s], SHA256_DIGEST_SIZE) == 0) { | |
773 | rc = 0; | |
774 | } else { | |
775 | dev_err(&chip->dev, "TPM: HMAC check failed\n"); | |
776 | goto out; | |
777 | } | |
778 | ||
779 | /* now do response decryption */ | |
780 | if (auth->attrs & TPM2_SA_ENCRYPT) { | |
781 | /* need key and IV */ | |
782 | tpm2_KDFa(auth->session_key, SHA256_DIGEST_SIZE | |
783 | + auth->passphrase_len, "CFB", auth->tpm_nonce, | |
784 | auth->our_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE, | |
785 | auth->scratch); | |
786 | ||
787 | len = tpm_buf_read_u16(buf, &offset_p); | |
788 | aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES); | |
789 | aescfb_decrypt(&auth->aes_ctx, &buf->data[offset_p], | |
790 | &buf->data[offset_p], len, | |
791 | auth->scratch + AES_KEY_BYTES); | |
792 | } | |
793 | ||
794 | out: | |
795 | if ((auth->attrs & TPM2_SA_CONTINUE_SESSION) == 0) { | |
796 | if (rc) | |
797 | /* manually close the session if it wasn't consumed */ | |
798 | tpm2_flush_context(chip, auth->handle); | |
799 | memzero_explicit(auth, sizeof(*auth)); | |
800 | } else { | |
801 | /* reset for next use */ | |
802 | auth->session = TPM_HEADER_SIZE; | |
803 | } | |
804 | ||
805 | return rc; | |
806 | } | |
807 | EXPORT_SYMBOL(tpm_buf_check_hmac_response); | |
808 | ||
699e3efd JB |
809 | /** |
810 | * tpm2_end_auth_session() - kill the allocated auth session | |
811 | * @chip: the TPM chip structure | |
812 | * | |
813 | * ends the session started by tpm2_start_auth_session and frees all | |
814 | * the resources. Under normal conditions, | |
815 | * tpm_buf_check_hmac_response() will correctly end the session if | |
816 | * required, so this function is only for use in error legs that will | |
817 | * bypass the normal invocation of tpm_buf_check_hmac_response(). | |
818 | */ | |
819 | void tpm2_end_auth_session(struct tpm_chip *chip) | |
820 | { | |
821 | tpm2_flush_context(chip, chip->auth->handle); | |
822 | memzero_explicit(chip->auth, sizeof(*chip->auth)); | |
823 | } | |
824 | EXPORT_SYMBOL(tpm2_end_auth_session); | |
825 | ||
826 | static int tpm2_parse_start_auth_session(struct tpm2_auth *auth, | |
827 | struct tpm_buf *buf) | |
828 | { | |
829 | struct tpm_header *head = (struct tpm_header *)buf->data; | |
830 | u32 tot_len = be32_to_cpu(head->length); | |
831 | off_t offset = TPM_HEADER_SIZE; | |
832 | u32 val; | |
833 | ||
834 | /* we're starting after the header so adjust the length */ | |
835 | tot_len -= TPM_HEADER_SIZE; | |
836 | ||
837 | /* should have handle plus nonce */ | |
838 | if (tot_len != 4 + 2 + sizeof(auth->tpm_nonce)) | |
839 | return -EINVAL; | |
840 | ||
841 | auth->handle = tpm_buf_read_u32(buf, &offset); | |
842 | val = tpm_buf_read_u16(buf, &offset); | |
843 | if (val != sizeof(auth->tpm_nonce)) | |
844 | return -EINVAL; | |
845 | memcpy(auth->tpm_nonce, &buf->data[offset], sizeof(auth->tpm_nonce)); | |
846 | /* now compute the session key from the nonces */ | |
847 | tpm2_KDFa(auth->salt, sizeof(auth->salt), "ATH", auth->tpm_nonce, | |
848 | auth->our_nonce, sizeof(auth->session_key), | |
849 | auth->session_key); | |
850 | ||
851 | return 0; | |
852 | } | |
853 | ||
854 | /** | |
855 | * tpm2_start_auth_session() - create a HMAC authentication session with the TPM | |
856 | * @chip: the TPM chip structure to create the session with | |
857 | * | |
858 | * This function loads the NULL seed from its saved context and starts | |
859 | * an authentication session on the null seed, fills in the | |
860 | * @chip->auth structure to contain all the session details necessary | |
861 | * for performing the HMAC, encrypt and decrypt operations and | |
862 | * returns. The NULL seed is flushed before this function returns. | |
863 | * | |
864 | * Return: zero on success or actual error encountered. | |
865 | */ | |
866 | int tpm2_start_auth_session(struct tpm_chip *chip) | |
867 | { | |
868 | struct tpm_buf buf; | |
869 | struct tpm2_auth *auth = chip->auth; | |
870 | int rc; | |
871 | /* null seed context has no offset, but we must provide one */ | |
872 | unsigned int offset = 0; | |
873 | u32 nullkey; | |
874 | ||
875 | rc = tpm2_load_context(chip, chip->null_key_context, &offset, | |
876 | &nullkey); | |
877 | if (rc) | |
878 | goto out; | |
879 | ||
880 | auth->session = TPM_HEADER_SIZE; | |
881 | ||
882 | rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_START_AUTH_SESS); | |
883 | if (rc) | |
884 | goto out; | |
885 | ||
886 | /* salt key handle */ | |
887 | tpm_buf_append_u32(&buf, nullkey); | |
888 | /* bind key handle */ | |
889 | tpm_buf_append_u32(&buf, TPM2_RH_NULL); | |
890 | /* nonce caller */ | |
891 | get_random_bytes(auth->our_nonce, sizeof(auth->our_nonce)); | |
892 | tpm_buf_append_u16(&buf, sizeof(auth->our_nonce)); | |
893 | tpm_buf_append(&buf, auth->our_nonce, sizeof(auth->our_nonce)); | |
894 | ||
895 | /* append encrypted salt and squirrel away unencrypted in auth */ | |
896 | tpm_buf_append_salt(&buf, chip); | |
897 | /* session type (HMAC, audit or policy) */ | |
898 | tpm_buf_append_u8(&buf, TPM2_SE_HMAC); | |
899 | ||
900 | /* symmetric encryption parameters */ | |
901 | /* symmetric algorithm */ | |
902 | tpm_buf_append_u16(&buf, TPM_ALG_AES); | |
903 | /* bits for symmetric algorithm */ | |
904 | tpm_buf_append_u16(&buf, AES_KEY_BITS); | |
905 | /* symmetric algorithm mode (must be CFB) */ | |
906 | tpm_buf_append_u16(&buf, TPM_ALG_CFB); | |
907 | /* hash algorithm for session */ | |
908 | tpm_buf_append_u16(&buf, TPM_ALG_SHA256); | |
909 | ||
910 | rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); | |
911 | tpm2_flush_context(chip, nullkey); | |
912 | ||
913 | if (rc == TPM2_RC_SUCCESS) | |
914 | rc = tpm2_parse_start_auth_session(auth, &buf); | |
915 | ||
916 | tpm_buf_destroy(&buf); | |
917 | ||
918 | if (rc) | |
919 | goto out; | |
920 | ||
921 | out: | |
922 | return rc; | |
923 | } | |
924 | EXPORT_SYMBOL(tpm2_start_auth_session); | |
925 | ||
d2add27c JB |
926 | /** |
927 | * tpm2_parse_create_primary() - parse the data returned from TPM_CC_CREATE_PRIMARY | |
928 | * | |
929 | * @chip: The TPM the primary was created under | |
930 | * @buf: The response buffer from the chip | |
931 | * @handle: pointer to be filled in with the return handle of the primary | |
932 | * @hierarchy: The hierarchy the primary was created for | |
933 | * | |
934 | * Return: | |
935 | * * 0 - OK | |
936 | * * -errno - A system error | |
937 | * * TPM_RC - A TPM error | |
938 | */ | |
939 | static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf, | |
940 | u32 *handle, u32 hierarchy) | |
941 | { | |
942 | struct tpm_header *head = (struct tpm_header *)buf->data; | |
943 | off_t offset_r = TPM_HEADER_SIZE, offset_t; | |
944 | u16 len = TPM_HEADER_SIZE; | |
945 | u32 total_len = be32_to_cpu(head->length); | |
946 | u32 val, param_len; | |
947 | ||
948 | *handle = tpm_buf_read_u32(buf, &offset_r); | |
949 | param_len = tpm_buf_read_u32(buf, &offset_r); | |
950 | /* | |
951 | * param_len doesn't include the header, but all the other | |
952 | * lengths and offsets do, so add it to parm len to make | |
953 | * the comparisons easier | |
954 | */ | |
955 | param_len += TPM_HEADER_SIZE; | |
956 | ||
957 | if (param_len + 8 > total_len) | |
958 | return -EINVAL; | |
959 | len = tpm_buf_read_u16(buf, &offset_r); | |
960 | offset_t = offset_r; | |
961 | /* now we have the public area, compute the name of the object */ | |
962 | put_unaligned_be16(TPM_ALG_SHA256, chip->null_key_name); | |
963 | sha256(&buf->data[offset_r], len, chip->null_key_name + 2); | |
964 | ||
965 | /* validate the public key */ | |
966 | val = tpm_buf_read_u16(buf, &offset_t); | |
967 | ||
968 | /* key type (must be what we asked for) */ | |
969 | if (val != TPM_ALG_ECC) | |
970 | return -EINVAL; | |
971 | val = tpm_buf_read_u16(buf, &offset_t); | |
972 | ||
973 | /* name algorithm */ | |
974 | if (val != TPM_ALG_SHA256) | |
975 | return -EINVAL; | |
976 | val = tpm_buf_read_u32(buf, &offset_t); | |
977 | ||
978 | /* object properties */ | |
979 | if (val != TPM2_OA_TMPL) | |
980 | return -EINVAL; | |
981 | ||
982 | /* auth policy (empty) */ | |
983 | val = tpm_buf_read_u16(buf, &offset_t); | |
984 | if (val != 0) | |
985 | return -EINVAL; | |
986 | ||
987 | /* symmetric key parameters */ | |
988 | val = tpm_buf_read_u16(buf, &offset_t); | |
989 | if (val != TPM_ALG_AES) | |
990 | return -EINVAL; | |
991 | ||
992 | /* symmetric key length */ | |
993 | val = tpm_buf_read_u16(buf, &offset_t); | |
994 | if (val != AES_KEY_BITS) | |
995 | return -EINVAL; | |
996 | ||
997 | /* symmetric encryption scheme */ | |
998 | val = tpm_buf_read_u16(buf, &offset_t); | |
999 | if (val != TPM_ALG_CFB) | |
1000 | return -EINVAL; | |
1001 | ||
1002 | /* signing scheme */ | |
1003 | val = tpm_buf_read_u16(buf, &offset_t); | |
1004 | if (val != TPM_ALG_NULL) | |
1005 | return -EINVAL; | |
1006 | ||
1007 | /* ECC Curve */ | |
1008 | val = tpm_buf_read_u16(buf, &offset_t); | |
1009 | if (val != TPM2_ECC_NIST_P256) | |
1010 | return -EINVAL; | |
1011 | ||
1012 | /* KDF Scheme */ | |
1013 | val = tpm_buf_read_u16(buf, &offset_t); | |
1014 | if (val != TPM_ALG_NULL) | |
1015 | return -EINVAL; | |
1016 | ||
1017 | /* extract public key (x and y points) */ | |
1018 | val = tpm_buf_read_u16(buf, &offset_t); | |
1019 | if (val != EC_PT_SZ) | |
1020 | return -EINVAL; | |
1021 | memcpy(chip->null_ec_key_x, &buf->data[offset_t], val); | |
1022 | offset_t += val; | |
1023 | val = tpm_buf_read_u16(buf, &offset_t); | |
1024 | if (val != EC_PT_SZ) | |
1025 | return -EINVAL; | |
1026 | memcpy(chip->null_ec_key_y, &buf->data[offset_t], val); | |
1027 | offset_t += val; | |
1028 | ||
1029 | /* original length of the whole TPM2B */ | |
1030 | offset_r += len; | |
1031 | ||
1032 | /* should have exactly consumed the TPM2B public structure */ | |
1033 | if (offset_t != offset_r) | |
1034 | return -EINVAL; | |
1035 | if (offset_r > param_len) | |
1036 | return -EINVAL; | |
1037 | ||
1038 | /* creation data (skip) */ | |
1039 | len = tpm_buf_read_u16(buf, &offset_r); | |
1040 | offset_r += len; | |
1041 | if (offset_r > param_len) | |
1042 | return -EINVAL; | |
1043 | ||
1044 | /* creation digest (must be sha256) */ | |
1045 | len = tpm_buf_read_u16(buf, &offset_r); | |
1046 | offset_r += len; | |
1047 | if (len != SHA256_DIGEST_SIZE || offset_r > param_len) | |
1048 | return -EINVAL; | |
1049 | ||
1050 | /* TPMT_TK_CREATION follows */ | |
1051 | /* tag, must be TPM_ST_CREATION (0x8021) */ | |
1052 | val = tpm_buf_read_u16(buf, &offset_r); | |
1053 | if (val != TPM2_ST_CREATION || offset_r > param_len) | |
1054 | return -EINVAL; | |
1055 | ||
1056 | /* hierarchy */ | |
1057 | val = tpm_buf_read_u32(buf, &offset_r); | |
1058 | if (val != hierarchy || offset_r > param_len) | |
1059 | return -EINVAL; | |
1060 | ||
1061 | /* the ticket digest HMAC (might not be sha256) */ | |
1062 | len = tpm_buf_read_u16(buf, &offset_r); | |
1063 | offset_r += len; | |
1064 | if (offset_r > param_len) | |
1065 | return -EINVAL; | |
1066 | ||
1067 | /* | |
1068 | * finally we have the name, which is a sha256 digest plus a 2 | |
1069 | * byte algorithm type | |
1070 | */ | |
1071 | len = tpm_buf_read_u16(buf, &offset_r); | |
1072 | if (offset_r + len != param_len + 8) | |
1073 | return -EINVAL; | |
1074 | if (len != SHA256_DIGEST_SIZE + 2) | |
1075 | return -EINVAL; | |
1076 | ||
1077 | if (memcmp(chip->null_key_name, &buf->data[offset_r], | |
1078 | SHA256_DIGEST_SIZE + 2) != 0) { | |
1079 | dev_err(&chip->dev, "NULL Seed name comparison failed\n"); | |
1080 | return -EINVAL; | |
1081 | } | |
1082 | ||
1083 | return 0; | |
1084 | } | |
1085 | ||
1086 | /** | |
1087 | * tpm2_create_primary() - create a primary key using a fixed P-256 template | |
1088 | * | |
1089 | * @chip: the TPM chip to create under | |
1090 | * @hierarchy: The hierarchy handle to create under | |
1091 | * @handle: The returned volatile handle on success | |
1092 | * | |
1093 | * For platforms that might not have a persistent primary, this can be | |
1094 | * used to create one quickly on the fly (it uses Elliptic Curve not | |
1095 | * RSA, so even slow TPMs can create one fast). The template uses the | |
1096 | * TCG mandated H one for non-endorsement ECC primaries, i.e. P-256 | |
1097 | * elliptic curve (the only current one all TPM2s are required to | |
1098 | * have) a sha256 name hash and no policy. | |
1099 | * | |
1100 | * Return: | |
1101 | * * 0 - OK | |
1102 | * * -errno - A system error | |
1103 | * * TPM_RC - A TPM error | |
1104 | */ | |
1105 | static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, | |
1106 | u32 *handle) | |
1107 | { | |
1108 | int rc; | |
1109 | struct tpm_buf buf; | |
1110 | struct tpm_buf template; | |
1111 | ||
1112 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE_PRIMARY); | |
1113 | if (rc) | |
1114 | return rc; | |
1115 | ||
1116 | rc = tpm_buf_init_sized(&template); | |
1117 | if (rc) { | |
1118 | tpm_buf_destroy(&buf); | |
1119 | return rc; | |
1120 | } | |
1121 | ||
1122 | /* | |
1123 | * create the template. Note: in order for userspace to | |
1124 | * verify the security of the system, it will have to create | |
1125 | * and certify this NULL primary, meaning all the template | |
1126 | * parameters will have to be identical, so conform exactly to | |
1127 | * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC | |
1128 | * key H template (H has zero size unique points) | |
1129 | */ | |
1130 | ||
1131 | /* key type */ | |
1132 | tpm_buf_append_u16(&template, TPM_ALG_ECC); | |
1133 | ||
1134 | /* name algorithm */ | |
1135 | tpm_buf_append_u16(&template, TPM_ALG_SHA256); | |
1136 | ||
1137 | /* object properties */ | |
1138 | tpm_buf_append_u32(&template, TPM2_OA_TMPL); | |
1139 | ||
1140 | /* sauth policy (empty) */ | |
1141 | tpm_buf_append_u16(&template, 0); | |
1142 | ||
1143 | /* BEGIN parameters: key specific; for ECC*/ | |
1144 | ||
1145 | /* symmetric algorithm */ | |
1146 | tpm_buf_append_u16(&template, TPM_ALG_AES); | |
1147 | ||
1148 | /* bits for symmetric algorithm */ | |
1149 | tpm_buf_append_u16(&template, AES_KEY_BITS); | |
1150 | ||
1151 | /* algorithm mode (must be CFB) */ | |
1152 | tpm_buf_append_u16(&template, TPM_ALG_CFB); | |
1153 | ||
1154 | /* scheme (NULL means any scheme) */ | |
1155 | tpm_buf_append_u16(&template, TPM_ALG_NULL); | |
1156 | ||
1157 | /* ECC Curve ID */ | |
1158 | tpm_buf_append_u16(&template, TPM2_ECC_NIST_P256); | |
1159 | ||
1160 | /* KDF Scheme */ | |
1161 | tpm_buf_append_u16(&template, TPM_ALG_NULL); | |
1162 | ||
1163 | /* unique: key specific; for ECC it is two zero size points */ | |
1164 | tpm_buf_append_u16(&template, 0); | |
1165 | tpm_buf_append_u16(&template, 0); | |
1166 | ||
1167 | /* END parameters */ | |
1168 | ||
1169 | /* primary handle */ | |
1170 | tpm_buf_append_u32(&buf, hierarchy); | |
1171 | tpm_buf_append_empty_auth(&buf, TPM2_RS_PW); | |
1172 | ||
1173 | /* sensitive create size is 4 for two empty buffers */ | |
1174 | tpm_buf_append_u16(&buf, 4); | |
1175 | ||
1176 | /* sensitive create auth data (empty) */ | |
1177 | tpm_buf_append_u16(&buf, 0); | |
1178 | ||
1179 | /* sensitive create sensitive data (empty) */ | |
1180 | tpm_buf_append_u16(&buf, 0); | |
1181 | ||
1182 | /* the public template */ | |
1183 | tpm_buf_append(&buf, template.data, template.length); | |
1184 | tpm_buf_destroy(&template); | |
1185 | ||
1186 | /* outside info (empty) */ | |
1187 | tpm_buf_append_u16(&buf, 0); | |
1188 | ||
1189 | /* creation PCR (none) */ | |
1190 | tpm_buf_append_u32(&buf, 0); | |
1191 | ||
1192 | rc = tpm_transmit_cmd(chip, &buf, 0, | |
1193 | "attempting to create NULL primary"); | |
1194 | ||
1195 | if (rc == TPM2_RC_SUCCESS) | |
1196 | rc = tpm2_parse_create_primary(chip, &buf, handle, hierarchy); | |
1197 | ||
1198 | tpm_buf_destroy(&buf); | |
1199 | ||
1200 | return rc; | |
1201 | } | |
1202 | ||
1203 | static int tpm2_create_null_primary(struct tpm_chip *chip) | |
1204 | { | |
1205 | u32 null_key; | |
1206 | int rc; | |
1207 | ||
1208 | rc = tpm2_create_primary(chip, TPM2_RH_NULL, &null_key); | |
1209 | ||
1210 | if (rc == TPM2_RC_SUCCESS) { | |
1211 | unsigned int offset = 0; /* dummy offset for null key context */ | |
1212 | ||
1213 | rc = tpm2_save_context(chip, null_key, chip->null_key_context, | |
1214 | sizeof(chip->null_key_context), &offset); | |
1215 | tpm2_flush_context(chip, null_key); | |
1216 | } | |
1217 | ||
1218 | return rc; | |
1219 | } | |
1220 | ||
1221 | /** | |
1222 | * tpm2_sessions_init() - start of day initialization for the sessions code | |
1223 | * @chip: TPM chip | |
1224 | * | |
1225 | * Derive and context save the null primary and allocate memory in the | |
1226 | * struct tpm_chip for the authorizations. | |
1227 | */ | |
1228 | int tpm2_sessions_init(struct tpm_chip *chip) | |
1229 | { | |
1230 | int rc; | |
1231 | ||
1232 | rc = tpm2_create_null_primary(chip); | |
1233 | if (rc) | |
1234 | dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc); | |
1235 | ||
699e3efd JB |
1236 | chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL); |
1237 | if (!chip->auth) | |
1238 | return -ENOMEM; | |
1239 | ||
d2add27c JB |
1240 | return rc; |
1241 | } |