Commit | Line | Data |
---|---|---|
d2add27c JB |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | /* | |
4 | * Copyright (C) 2018 James.Bottomley@HansenPartnership.com | |
5 | * | |
699e3efd JB |
6 | * Cryptographic helper routines for handling TPM2 sessions for |
7 | * authorization HMAC and request response encryption. | |
8 | * | |
9 | * The idea is to ensure that every TPM command is HMAC protected by a | |
10 | * session, meaning in-flight tampering would be detected and in | |
11 | * addition all sensitive inputs and responses should be encrypted. | |
12 | * | |
13 | * The basic way this works is to use a TPM feature called salted | |
14 | * sessions where a random secret used in session construction is | |
15 | * encrypted to the public part of a known TPM key. The problem is we | |
16 | * have no known keys, so initially a primary Elliptic Curve key is | |
17 | * derived from the NULL seed (we use EC because most TPMs generate | |
18 | * these keys much faster than RSA ones). The curve used is NIST_P256 | |
19 | * because that's now mandated to be present in 'TCG TPM v2.0 | |
20 | * Provisioning Guidance' | |
21 | * | |
22 | * Threat problems: the initial TPM2_CreatePrimary is not (and cannot | |
23 | * be) session protected, so a clever Man in the Middle could return a | |
24 | * public key they control to this command and from there intercept | |
25 | * and decode all subsequent session based transactions. The kernel | |
26 | * cannot mitigate this threat but, after boot, userspace can get | |
27 | * proof this has not happened by asking the TPM to certify the NULL | |
28 | * key. This certification would chain back to the TPM Endorsement | |
29 | * Certificate and prove the NULL seed primary had not been tampered | |
30 | * with and thus all sessions must have been cryptographically secure. | |
31 | * To assist with this, the initial NULL seed public key name is made | |
32 | * available in a sysfs file. | |
33 | * | |
34 | * Use of these functions: | |
35 | * | |
36 | * The design is all the crypto, hash and hmac gunk is confined in this | |
37 | * file and never needs to be seen even by the kernel internal user. To | |
38 | * the user there's an init function tpm2_sessions_init() that needs to | |
39 | * be called once per TPM which generates the NULL seed primary key. | |
40 | * | |
41 | * These are the usage functions: | |
42 | * | |
43 | * tpm2_start_auth_session() which allocates the opaque auth structure | |
44 | * and gets a session from the TPM. This must be called before | |
45 | * any of the following functions. The session is protected by a | |
46 | * session_key which is derived from a random salt value | |
47 | * encrypted to the NULL seed. | |
48 | * tpm2_end_auth_session() kills the session and frees the resources. | |
49 | * Under normal operation this function is done by | |
50 | * tpm_buf_check_hmac_response(), so this is only to be used on | |
51 | * error legs where the latter is not executed. | |
d2add27c JB |
52 | */ |
53 | ||
54 | #include "tpm.h" | |
699e3efd JB |
55 | #include <linux/random.h> |
56 | #include <linux/scatterlist.h> | |
d2add27c | 57 | #include <asm/unaligned.h> |
699e3efd JB |
58 | #include <crypto/kpp.h> |
59 | #include <crypto/ecdh.h> | |
033ee84e JB |
60 | #include <crypto/hash.h> |
61 | #include <crypto/hmac.h> | |
62 | ||
699e3efd JB |
63 | /* |
64 | * This is the structure that carries all the auth information (like | |
65 | * session handle, nonces, session key and auth) from use to use it is | |
66 | * designed to be opaque to anything outside. | |
67 | */ | |
68 | struct tpm2_auth { | |
69 | u32 handle; | |
70 | /* | |
71 | * This has two meanings: before tpm_buf_fill_hmac_session() | |
72 | * it marks the offset in the buffer of the start of the | |
73 | * sessions (i.e. after all the handles). Once the buffer has | |
74 | * been filled it markes the session number of our auth | |
75 | * session so we can find it again in the response buffer. | |
76 | * | |
77 | * The two cases are distinguished because the first offset | |
78 | * must always be greater than TPM_HEADER_SIZE and the second | |
79 | * must be less than or equal to 5. | |
80 | */ | |
81 | u32 session; | |
82 | /* | |
83 | * the size here is variable and set by the size of our_nonce | |
84 | * which must be between 16 and the name hash length. we set | |
85 | * the maximum sha256 size for the greatest protection | |
86 | */ | |
87 | u8 our_nonce[SHA256_DIGEST_SIZE]; | |
88 | u8 tpm_nonce[SHA256_DIGEST_SIZE]; | |
89 | /* | |
90 | * the salt is only used across the session command/response | |
91 | * after that it can be used as a scratch area | |
92 | */ | |
93 | union { | |
94 | u8 salt[EC_PT_SZ]; | |
95 | /* scratch for key + IV */ | |
96 | u8 scratch[AES_KEY_BYTES + AES_BLOCK_SIZE]; | |
97 | }; | |
98 | u8 session_key[SHA256_DIGEST_SIZE]; | |
99 | }; | |
100 | ||
033ee84e JB |
101 | /* |
102 | * It turns out the crypto hmac(sha256) is hard for us to consume | |
103 | * because it assumes a fixed key and the TPM seems to change the key | |
104 | * on every operation, so we weld the hmac init and final functions in | |
105 | * here to give it the same usage characteristics as a regular hash | |
106 | */ | |
107 | static void tpm2_hmac_init(struct sha256_state *sctx, u8 *key, u32 key_len) | |
108 | { | |
109 | u8 pad[SHA256_BLOCK_SIZE]; | |
110 | int i; | |
111 | ||
112 | sha256_init(sctx); | |
113 | for (i = 0; i < sizeof(pad); i++) { | |
114 | if (i < key_len) | |
115 | pad[i] = key[i]; | |
116 | else | |
117 | pad[i] = 0; | |
118 | pad[i] ^= HMAC_IPAD_VALUE; | |
119 | } | |
120 | sha256_update(sctx, pad, sizeof(pad)); | |
121 | } | |
122 | ||
123 | static void tpm2_hmac_final(struct sha256_state *sctx, u8 *key, u32 key_len, | |
124 | u8 *out) | |
125 | { | |
126 | u8 pad[SHA256_BLOCK_SIZE]; | |
127 | int i; | |
128 | ||
129 | for (i = 0; i < sizeof(pad); i++) { | |
130 | if (i < key_len) | |
131 | pad[i] = key[i]; | |
132 | else | |
133 | pad[i] = 0; | |
134 | pad[i] ^= HMAC_OPAD_VALUE; | |
135 | } | |
136 | ||
137 | /* collect the final hash; use out as temporary storage */ | |
138 | sha256_final(sctx, out); | |
139 | ||
140 | sha256_init(sctx); | |
141 | sha256_update(sctx, pad, sizeof(pad)); | |
142 | sha256_update(sctx, out, SHA256_DIGEST_SIZE); | |
143 | sha256_final(sctx, out); | |
144 | } | |
145 | ||
146 | /* | |
147 | * assume hash sha256 and nonces u, v of size SHA256_DIGEST_SIZE but | |
148 | * otherwise standard tpm2_KDFa. Note output is in bytes not bits. | |
149 | */ | |
150 | static void tpm2_KDFa(u8 *key, u32 key_len, const char *label, u8 *u, | |
151 | u8 *v, u32 bytes, u8 *out) | |
152 | { | |
153 | u32 counter = 1; | |
154 | const __be32 bits = cpu_to_be32(bytes * 8); | |
155 | ||
156 | while (bytes > 0) { | |
157 | struct sha256_state sctx; | |
158 | __be32 c = cpu_to_be32(counter); | |
159 | ||
160 | tpm2_hmac_init(&sctx, key, key_len); | |
161 | sha256_update(&sctx, (u8 *)&c, sizeof(c)); | |
162 | sha256_update(&sctx, label, strlen(label)+1); | |
163 | sha256_update(&sctx, u, SHA256_DIGEST_SIZE); | |
164 | sha256_update(&sctx, v, SHA256_DIGEST_SIZE); | |
165 | sha256_update(&sctx, (u8 *)&bits, sizeof(bits)); | |
166 | tpm2_hmac_final(&sctx, key, key_len, out); | |
167 | ||
168 | bytes -= SHA256_DIGEST_SIZE; | |
169 | counter++; | |
170 | out += SHA256_DIGEST_SIZE; | |
171 | } | |
172 | } | |
173 | ||
174 | /* | |
175 | * Somewhat of a bastardization of the real KDFe. We're assuming | |
176 | * we're working with known point sizes for the input parameters and | |
177 | * the hash algorithm is fixed at sha256. Because we know that the | |
178 | * point size is 32 bytes like the hash size, there's no need to loop | |
179 | * in this KDF. | |
180 | */ | |
181 | static void tpm2_KDFe(u8 z[EC_PT_SZ], const char *str, u8 *pt_u, u8 *pt_v, | |
182 | u8 *out) | |
183 | { | |
184 | struct sha256_state sctx; | |
185 | /* | |
186 | * this should be an iterative counter, but because we know | |
187 | * we're only taking 32 bytes for the point using a sha256 | |
188 | * hash which is also 32 bytes, there's only one loop | |
189 | */ | |
190 | __be32 c = cpu_to_be32(1); | |
191 | ||
192 | sha256_init(&sctx); | |
193 | /* counter (BE) */ | |
194 | sha256_update(&sctx, (u8 *)&c, sizeof(c)); | |
195 | /* secret value */ | |
196 | sha256_update(&sctx, z, EC_PT_SZ); | |
197 | /* string including trailing zero */ | |
198 | sha256_update(&sctx, str, strlen(str)+1); | |
199 | sha256_update(&sctx, pt_u, EC_PT_SZ); | |
200 | sha256_update(&sctx, pt_v, EC_PT_SZ); | |
201 | sha256_final(&sctx, out); | |
202 | } | |
d2add27c | 203 | |
699e3efd JB |
204 | static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) |
205 | { | |
206 | struct crypto_kpp *kpp; | |
207 | struct kpp_request *req; | |
208 | struct scatterlist s[2], d[1]; | |
209 | struct ecdh p = {0}; | |
210 | u8 encoded_key[EC_PT_SZ], *x, *y; | |
211 | unsigned int buf_len; | |
212 | ||
213 | /* secret is two sized points */ | |
214 | tpm_buf_append_u16(buf, (EC_PT_SZ + 2)*2); | |
215 | /* | |
216 | * we cheat here and append uninitialized data to form | |
217 | * the points. All we care about is getting the two | |
218 | * co-ordinate pointers, which will be used to overwrite | |
219 | * the uninitialized data | |
220 | */ | |
221 | tpm_buf_append_u16(buf, EC_PT_SZ); | |
222 | x = &buf->data[tpm_buf_length(buf)]; | |
223 | tpm_buf_append(buf, encoded_key, EC_PT_SZ); | |
224 | tpm_buf_append_u16(buf, EC_PT_SZ); | |
225 | y = &buf->data[tpm_buf_length(buf)]; | |
226 | tpm_buf_append(buf, encoded_key, EC_PT_SZ); | |
227 | sg_init_table(s, 2); | |
228 | sg_set_buf(&s[0], x, EC_PT_SZ); | |
229 | sg_set_buf(&s[1], y, EC_PT_SZ); | |
230 | ||
231 | kpp = crypto_alloc_kpp("ecdh-nist-p256", CRYPTO_ALG_INTERNAL, 0); | |
232 | if (IS_ERR(kpp)) { | |
233 | dev_err(&chip->dev, "crypto ecdh allocation failed\n"); | |
234 | return; | |
235 | } | |
236 | ||
237 | buf_len = crypto_ecdh_key_len(&p); | |
238 | if (sizeof(encoded_key) < buf_len) { | |
239 | dev_err(&chip->dev, "salt buffer too small needs %d\n", | |
240 | buf_len); | |
241 | goto out; | |
242 | } | |
243 | crypto_ecdh_encode_key(encoded_key, buf_len, &p); | |
244 | /* this generates a random private key */ | |
245 | crypto_kpp_set_secret(kpp, encoded_key, buf_len); | |
246 | ||
247 | /* salt is now the public point of this private key */ | |
248 | req = kpp_request_alloc(kpp, GFP_KERNEL); | |
249 | if (!req) | |
250 | goto out; | |
251 | kpp_request_set_input(req, NULL, 0); | |
252 | kpp_request_set_output(req, s, EC_PT_SZ*2); | |
253 | crypto_kpp_generate_public_key(req); | |
254 | /* | |
255 | * we're not done: now we have to compute the shared secret | |
256 | * which is our private key multiplied by the tpm_key public | |
257 | * point, we actually only take the x point and discard the y | |
258 | * point and feed it through KDFe to get the final secret salt | |
259 | */ | |
260 | sg_set_buf(&s[0], chip->null_ec_key_x, EC_PT_SZ); | |
261 | sg_set_buf(&s[1], chip->null_ec_key_y, EC_PT_SZ); | |
262 | kpp_request_set_input(req, s, EC_PT_SZ*2); | |
263 | sg_init_one(d, chip->auth->salt, EC_PT_SZ); | |
264 | kpp_request_set_output(req, d, EC_PT_SZ); | |
265 | crypto_kpp_compute_shared_secret(req); | |
266 | kpp_request_free(req); | |
267 | ||
268 | /* | |
269 | * pass the shared secret through KDFe for salt. Note salt | |
270 | * area is used both for input shared secret and output salt. | |
271 | * This works because KDFe fully consumes the secret before it | |
272 | * writes the salt | |
273 | */ | |
274 | tpm2_KDFe(chip->auth->salt, "SECRET", x, chip->null_ec_key_x, | |
275 | chip->auth->salt); | |
276 | ||
277 | out: | |
278 | crypto_free_kpp(kpp); | |
279 | } | |
280 | /** | |
281 | * tpm2_end_auth_session() - kill the allocated auth session | |
282 | * @chip: the TPM chip structure | |
283 | * | |
284 | * ends the session started by tpm2_start_auth_session and frees all | |
285 | * the resources. Under normal conditions, | |
286 | * tpm_buf_check_hmac_response() will correctly end the session if | |
287 | * required, so this function is only for use in error legs that will | |
288 | * bypass the normal invocation of tpm_buf_check_hmac_response(). | |
289 | */ | |
290 | void tpm2_end_auth_session(struct tpm_chip *chip) | |
291 | { | |
292 | tpm2_flush_context(chip, chip->auth->handle); | |
293 | memzero_explicit(chip->auth, sizeof(*chip->auth)); | |
294 | } | |
295 | EXPORT_SYMBOL(tpm2_end_auth_session); | |
296 | ||
297 | static int tpm2_parse_start_auth_session(struct tpm2_auth *auth, | |
298 | struct tpm_buf *buf) | |
299 | { | |
300 | struct tpm_header *head = (struct tpm_header *)buf->data; | |
301 | u32 tot_len = be32_to_cpu(head->length); | |
302 | off_t offset = TPM_HEADER_SIZE; | |
303 | u32 val; | |
304 | ||
305 | /* we're starting after the header so adjust the length */ | |
306 | tot_len -= TPM_HEADER_SIZE; | |
307 | ||
308 | /* should have handle plus nonce */ | |
309 | if (tot_len != 4 + 2 + sizeof(auth->tpm_nonce)) | |
310 | return -EINVAL; | |
311 | ||
312 | auth->handle = tpm_buf_read_u32(buf, &offset); | |
313 | val = tpm_buf_read_u16(buf, &offset); | |
314 | if (val != sizeof(auth->tpm_nonce)) | |
315 | return -EINVAL; | |
316 | memcpy(auth->tpm_nonce, &buf->data[offset], sizeof(auth->tpm_nonce)); | |
317 | /* now compute the session key from the nonces */ | |
318 | tpm2_KDFa(auth->salt, sizeof(auth->salt), "ATH", auth->tpm_nonce, | |
319 | auth->our_nonce, sizeof(auth->session_key), | |
320 | auth->session_key); | |
321 | ||
322 | return 0; | |
323 | } | |
324 | ||
325 | /** | |
326 | * tpm2_start_auth_session() - create a HMAC authentication session with the TPM | |
327 | * @chip: the TPM chip structure to create the session with | |
328 | * | |
329 | * This function loads the NULL seed from its saved context and starts | |
330 | * an authentication session on the null seed, fills in the | |
331 | * @chip->auth structure to contain all the session details necessary | |
332 | * for performing the HMAC, encrypt and decrypt operations and | |
333 | * returns. The NULL seed is flushed before this function returns. | |
334 | * | |
335 | * Return: zero on success or actual error encountered. | |
336 | */ | |
337 | int tpm2_start_auth_session(struct tpm_chip *chip) | |
338 | { | |
339 | struct tpm_buf buf; | |
340 | struct tpm2_auth *auth = chip->auth; | |
341 | int rc; | |
342 | /* null seed context has no offset, but we must provide one */ | |
343 | unsigned int offset = 0; | |
344 | u32 nullkey; | |
345 | ||
346 | rc = tpm2_load_context(chip, chip->null_key_context, &offset, | |
347 | &nullkey); | |
348 | if (rc) | |
349 | goto out; | |
350 | ||
351 | auth->session = TPM_HEADER_SIZE; | |
352 | ||
353 | rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_START_AUTH_SESS); | |
354 | if (rc) | |
355 | goto out; | |
356 | ||
357 | /* salt key handle */ | |
358 | tpm_buf_append_u32(&buf, nullkey); | |
359 | /* bind key handle */ | |
360 | tpm_buf_append_u32(&buf, TPM2_RH_NULL); | |
361 | /* nonce caller */ | |
362 | get_random_bytes(auth->our_nonce, sizeof(auth->our_nonce)); | |
363 | tpm_buf_append_u16(&buf, sizeof(auth->our_nonce)); | |
364 | tpm_buf_append(&buf, auth->our_nonce, sizeof(auth->our_nonce)); | |
365 | ||
366 | /* append encrypted salt and squirrel away unencrypted in auth */ | |
367 | tpm_buf_append_salt(&buf, chip); | |
368 | /* session type (HMAC, audit or policy) */ | |
369 | tpm_buf_append_u8(&buf, TPM2_SE_HMAC); | |
370 | ||
371 | /* symmetric encryption parameters */ | |
372 | /* symmetric algorithm */ | |
373 | tpm_buf_append_u16(&buf, TPM_ALG_AES); | |
374 | /* bits for symmetric algorithm */ | |
375 | tpm_buf_append_u16(&buf, AES_KEY_BITS); | |
376 | /* symmetric algorithm mode (must be CFB) */ | |
377 | tpm_buf_append_u16(&buf, TPM_ALG_CFB); | |
378 | /* hash algorithm for session */ | |
379 | tpm_buf_append_u16(&buf, TPM_ALG_SHA256); | |
380 | ||
381 | rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); | |
382 | tpm2_flush_context(chip, nullkey); | |
383 | ||
384 | if (rc == TPM2_RC_SUCCESS) | |
385 | rc = tpm2_parse_start_auth_session(auth, &buf); | |
386 | ||
387 | tpm_buf_destroy(&buf); | |
388 | ||
389 | if (rc) | |
390 | goto out; | |
391 | ||
392 | out: | |
393 | return rc; | |
394 | } | |
395 | EXPORT_SYMBOL(tpm2_start_auth_session); | |
396 | ||
d2add27c JB |
397 | /** |
398 | * tpm2_parse_create_primary() - parse the data returned from TPM_CC_CREATE_PRIMARY | |
399 | * | |
400 | * @chip: The TPM the primary was created under | |
401 | * @buf: The response buffer from the chip | |
402 | * @handle: pointer to be filled in with the return handle of the primary | |
403 | * @hierarchy: The hierarchy the primary was created for | |
404 | * | |
405 | * Return: | |
406 | * * 0 - OK | |
407 | * * -errno - A system error | |
408 | * * TPM_RC - A TPM error | |
409 | */ | |
410 | static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf, | |
411 | u32 *handle, u32 hierarchy) | |
412 | { | |
413 | struct tpm_header *head = (struct tpm_header *)buf->data; | |
414 | off_t offset_r = TPM_HEADER_SIZE, offset_t; | |
415 | u16 len = TPM_HEADER_SIZE; | |
416 | u32 total_len = be32_to_cpu(head->length); | |
417 | u32 val, param_len; | |
418 | ||
419 | *handle = tpm_buf_read_u32(buf, &offset_r); | |
420 | param_len = tpm_buf_read_u32(buf, &offset_r); | |
421 | /* | |
422 | * param_len doesn't include the header, but all the other | |
423 | * lengths and offsets do, so add it to parm len to make | |
424 | * the comparisons easier | |
425 | */ | |
426 | param_len += TPM_HEADER_SIZE; | |
427 | ||
428 | if (param_len + 8 > total_len) | |
429 | return -EINVAL; | |
430 | len = tpm_buf_read_u16(buf, &offset_r); | |
431 | offset_t = offset_r; | |
432 | /* now we have the public area, compute the name of the object */ | |
433 | put_unaligned_be16(TPM_ALG_SHA256, chip->null_key_name); | |
434 | sha256(&buf->data[offset_r], len, chip->null_key_name + 2); | |
435 | ||
436 | /* validate the public key */ | |
437 | val = tpm_buf_read_u16(buf, &offset_t); | |
438 | ||
439 | /* key type (must be what we asked for) */ | |
440 | if (val != TPM_ALG_ECC) | |
441 | return -EINVAL; | |
442 | val = tpm_buf_read_u16(buf, &offset_t); | |
443 | ||
444 | /* name algorithm */ | |
445 | if (val != TPM_ALG_SHA256) | |
446 | return -EINVAL; | |
447 | val = tpm_buf_read_u32(buf, &offset_t); | |
448 | ||
449 | /* object properties */ | |
450 | if (val != TPM2_OA_TMPL) | |
451 | return -EINVAL; | |
452 | ||
453 | /* auth policy (empty) */ | |
454 | val = tpm_buf_read_u16(buf, &offset_t); | |
455 | if (val != 0) | |
456 | return -EINVAL; | |
457 | ||
458 | /* symmetric key parameters */ | |
459 | val = tpm_buf_read_u16(buf, &offset_t); | |
460 | if (val != TPM_ALG_AES) | |
461 | return -EINVAL; | |
462 | ||
463 | /* symmetric key length */ | |
464 | val = tpm_buf_read_u16(buf, &offset_t); | |
465 | if (val != AES_KEY_BITS) | |
466 | return -EINVAL; | |
467 | ||
468 | /* symmetric encryption scheme */ | |
469 | val = tpm_buf_read_u16(buf, &offset_t); | |
470 | if (val != TPM_ALG_CFB) | |
471 | return -EINVAL; | |
472 | ||
473 | /* signing scheme */ | |
474 | val = tpm_buf_read_u16(buf, &offset_t); | |
475 | if (val != TPM_ALG_NULL) | |
476 | return -EINVAL; | |
477 | ||
478 | /* ECC Curve */ | |
479 | val = tpm_buf_read_u16(buf, &offset_t); | |
480 | if (val != TPM2_ECC_NIST_P256) | |
481 | return -EINVAL; | |
482 | ||
483 | /* KDF Scheme */ | |
484 | val = tpm_buf_read_u16(buf, &offset_t); | |
485 | if (val != TPM_ALG_NULL) | |
486 | return -EINVAL; | |
487 | ||
488 | /* extract public key (x and y points) */ | |
489 | val = tpm_buf_read_u16(buf, &offset_t); | |
490 | if (val != EC_PT_SZ) | |
491 | return -EINVAL; | |
492 | memcpy(chip->null_ec_key_x, &buf->data[offset_t], val); | |
493 | offset_t += val; | |
494 | val = tpm_buf_read_u16(buf, &offset_t); | |
495 | if (val != EC_PT_SZ) | |
496 | return -EINVAL; | |
497 | memcpy(chip->null_ec_key_y, &buf->data[offset_t], val); | |
498 | offset_t += val; | |
499 | ||
500 | /* original length of the whole TPM2B */ | |
501 | offset_r += len; | |
502 | ||
503 | /* should have exactly consumed the TPM2B public structure */ | |
504 | if (offset_t != offset_r) | |
505 | return -EINVAL; | |
506 | if (offset_r > param_len) | |
507 | return -EINVAL; | |
508 | ||
509 | /* creation data (skip) */ | |
510 | len = tpm_buf_read_u16(buf, &offset_r); | |
511 | offset_r += len; | |
512 | if (offset_r > param_len) | |
513 | return -EINVAL; | |
514 | ||
515 | /* creation digest (must be sha256) */ | |
516 | len = tpm_buf_read_u16(buf, &offset_r); | |
517 | offset_r += len; | |
518 | if (len != SHA256_DIGEST_SIZE || offset_r > param_len) | |
519 | return -EINVAL; | |
520 | ||
521 | /* TPMT_TK_CREATION follows */ | |
522 | /* tag, must be TPM_ST_CREATION (0x8021) */ | |
523 | val = tpm_buf_read_u16(buf, &offset_r); | |
524 | if (val != TPM2_ST_CREATION || offset_r > param_len) | |
525 | return -EINVAL; | |
526 | ||
527 | /* hierarchy */ | |
528 | val = tpm_buf_read_u32(buf, &offset_r); | |
529 | if (val != hierarchy || offset_r > param_len) | |
530 | return -EINVAL; | |
531 | ||
532 | /* the ticket digest HMAC (might not be sha256) */ | |
533 | len = tpm_buf_read_u16(buf, &offset_r); | |
534 | offset_r += len; | |
535 | if (offset_r > param_len) | |
536 | return -EINVAL; | |
537 | ||
538 | /* | |
539 | * finally we have the name, which is a sha256 digest plus a 2 | |
540 | * byte algorithm type | |
541 | */ | |
542 | len = tpm_buf_read_u16(buf, &offset_r); | |
543 | if (offset_r + len != param_len + 8) | |
544 | return -EINVAL; | |
545 | if (len != SHA256_DIGEST_SIZE + 2) | |
546 | return -EINVAL; | |
547 | ||
548 | if (memcmp(chip->null_key_name, &buf->data[offset_r], | |
549 | SHA256_DIGEST_SIZE + 2) != 0) { | |
550 | dev_err(&chip->dev, "NULL Seed name comparison failed\n"); | |
551 | return -EINVAL; | |
552 | } | |
553 | ||
554 | return 0; | |
555 | } | |
556 | ||
557 | /** | |
558 | * tpm2_create_primary() - create a primary key using a fixed P-256 template | |
559 | * | |
560 | * @chip: the TPM chip to create under | |
561 | * @hierarchy: The hierarchy handle to create under | |
562 | * @handle: The returned volatile handle on success | |
563 | * | |
564 | * For platforms that might not have a persistent primary, this can be | |
565 | * used to create one quickly on the fly (it uses Elliptic Curve not | |
566 | * RSA, so even slow TPMs can create one fast). The template uses the | |
567 | * TCG mandated H one for non-endorsement ECC primaries, i.e. P-256 | |
568 | * elliptic curve (the only current one all TPM2s are required to | |
569 | * have) a sha256 name hash and no policy. | |
570 | * | |
571 | * Return: | |
572 | * * 0 - OK | |
573 | * * -errno - A system error | |
574 | * * TPM_RC - A TPM error | |
575 | */ | |
576 | static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, | |
577 | u32 *handle) | |
578 | { | |
579 | int rc; | |
580 | struct tpm_buf buf; | |
581 | struct tpm_buf template; | |
582 | ||
583 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE_PRIMARY); | |
584 | if (rc) | |
585 | return rc; | |
586 | ||
587 | rc = tpm_buf_init_sized(&template); | |
588 | if (rc) { | |
589 | tpm_buf_destroy(&buf); | |
590 | return rc; | |
591 | } | |
592 | ||
593 | /* | |
594 | * create the template. Note: in order for userspace to | |
595 | * verify the security of the system, it will have to create | |
596 | * and certify this NULL primary, meaning all the template | |
597 | * parameters will have to be identical, so conform exactly to | |
598 | * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC | |
599 | * key H template (H has zero size unique points) | |
600 | */ | |
601 | ||
602 | /* key type */ | |
603 | tpm_buf_append_u16(&template, TPM_ALG_ECC); | |
604 | ||
605 | /* name algorithm */ | |
606 | tpm_buf_append_u16(&template, TPM_ALG_SHA256); | |
607 | ||
608 | /* object properties */ | |
609 | tpm_buf_append_u32(&template, TPM2_OA_TMPL); | |
610 | ||
611 | /* sauth policy (empty) */ | |
612 | tpm_buf_append_u16(&template, 0); | |
613 | ||
614 | /* BEGIN parameters: key specific; for ECC*/ | |
615 | ||
616 | /* symmetric algorithm */ | |
617 | tpm_buf_append_u16(&template, TPM_ALG_AES); | |
618 | ||
619 | /* bits for symmetric algorithm */ | |
620 | tpm_buf_append_u16(&template, AES_KEY_BITS); | |
621 | ||
622 | /* algorithm mode (must be CFB) */ | |
623 | tpm_buf_append_u16(&template, TPM_ALG_CFB); | |
624 | ||
625 | /* scheme (NULL means any scheme) */ | |
626 | tpm_buf_append_u16(&template, TPM_ALG_NULL); | |
627 | ||
628 | /* ECC Curve ID */ | |
629 | tpm_buf_append_u16(&template, TPM2_ECC_NIST_P256); | |
630 | ||
631 | /* KDF Scheme */ | |
632 | tpm_buf_append_u16(&template, TPM_ALG_NULL); | |
633 | ||
634 | /* unique: key specific; for ECC it is two zero size points */ | |
635 | tpm_buf_append_u16(&template, 0); | |
636 | tpm_buf_append_u16(&template, 0); | |
637 | ||
638 | /* END parameters */ | |
639 | ||
640 | /* primary handle */ | |
641 | tpm_buf_append_u32(&buf, hierarchy); | |
642 | tpm_buf_append_empty_auth(&buf, TPM2_RS_PW); | |
643 | ||
644 | /* sensitive create size is 4 for two empty buffers */ | |
645 | tpm_buf_append_u16(&buf, 4); | |
646 | ||
647 | /* sensitive create auth data (empty) */ | |
648 | tpm_buf_append_u16(&buf, 0); | |
649 | ||
650 | /* sensitive create sensitive data (empty) */ | |
651 | tpm_buf_append_u16(&buf, 0); | |
652 | ||
653 | /* the public template */ | |
654 | tpm_buf_append(&buf, template.data, template.length); | |
655 | tpm_buf_destroy(&template); | |
656 | ||
657 | /* outside info (empty) */ | |
658 | tpm_buf_append_u16(&buf, 0); | |
659 | ||
660 | /* creation PCR (none) */ | |
661 | tpm_buf_append_u32(&buf, 0); | |
662 | ||
663 | rc = tpm_transmit_cmd(chip, &buf, 0, | |
664 | "attempting to create NULL primary"); | |
665 | ||
666 | if (rc == TPM2_RC_SUCCESS) | |
667 | rc = tpm2_parse_create_primary(chip, &buf, handle, hierarchy); | |
668 | ||
669 | tpm_buf_destroy(&buf); | |
670 | ||
671 | return rc; | |
672 | } | |
673 | ||
674 | static int tpm2_create_null_primary(struct tpm_chip *chip) | |
675 | { | |
676 | u32 null_key; | |
677 | int rc; | |
678 | ||
679 | rc = tpm2_create_primary(chip, TPM2_RH_NULL, &null_key); | |
680 | ||
681 | if (rc == TPM2_RC_SUCCESS) { | |
682 | unsigned int offset = 0; /* dummy offset for null key context */ | |
683 | ||
684 | rc = tpm2_save_context(chip, null_key, chip->null_key_context, | |
685 | sizeof(chip->null_key_context), &offset); | |
686 | tpm2_flush_context(chip, null_key); | |
687 | } | |
688 | ||
689 | return rc; | |
690 | } | |
691 | ||
692 | /** | |
693 | * tpm2_sessions_init() - start of day initialization for the sessions code | |
694 | * @chip: TPM chip | |
695 | * | |
696 | * Derive and context save the null primary and allocate memory in the | |
697 | * struct tpm_chip for the authorizations. | |
698 | */ | |
699 | int tpm2_sessions_init(struct tpm_chip *chip) | |
700 | { | |
701 | int rc; | |
702 | ||
703 | rc = tpm2_create_null_primary(chip); | |
704 | if (rc) | |
705 | dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc); | |
706 | ||
699e3efd JB |
707 | chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL); |
708 | if (!chip->auth) | |
709 | return -ENOMEM; | |
710 | ||
d2add27c JB |
711 | return rc; |
712 | } |