projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
security: keys: trusted: use ASN.1 TPM2 key format for the blobs
[linux-2.6-block.git] / security / keys / trusted-keys / trusted_tpm2.c
CommitLineData
2e19e101
SG		 1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2004 IBM Corporation
4 * Copyright (C) 2014 Intel Corporation
5 */
6
f2219745
JB		 7#include <linux/asn1_encoder.h>
8#include <linux/oid_registry.h>
2e19e101
SG		 9#include <linux/string.h>
10#include <linux/err.h>
11#include <linux/tpm.h>
12#include <linux/tpm_command.h>
13
14#include <keys/trusted-type.h>
15#include <keys/trusted_tpm.h>
16
f2219745
JB		 17#include <asm/unaligned.h>
18
19#include "tpm2key.asn1.h"
20
2e19e101
SG		 21static struct tpm2_hash tpm2_hash_map[] = {
22 {HASH_ALGO_SHA1, TPM_ALG_SHA1},
23 {HASH_ALGO_SHA256, TPM_ALG_SHA256},
24 {HASH_ALGO_SHA384, TPM_ALG_SHA384},
25 {HASH_ALGO_SHA512, TPM_ALG_SHA512},
26 {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
27};
28
f2219745
JB		 29static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
30
31static int tpm2_key_encode(struct trusted_key_payload *payload,
32 struct trusted_key_options *options,
33 u8 *src, u32 len)
34{
35 const int SCRATCH_SIZE = PAGE_SIZE;
36 u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL);
37 u8 *work = scratch, *work1;
38 u8 *end_work = scratch + SCRATCH_SIZE;
39 u8 *priv, *pub;
40 u16 priv_len, pub_len;
41
42 priv_len = get_unaligned_be16(src) + 2;
43 priv = src;
44
45 src += priv_len;
46
47 pub_len = get_unaligned_be16(src) + 2;
48 pub = src;
49
50 if (!scratch)
51 return -ENOMEM;
52
53 work = asn1_encode_oid(work, end_work, tpm2key_oid,
54 asn1_oid_len(tpm2key_oid));
55
56 if (options->blobauth_len == 0) {
57 unsigned char bool[3], *w = bool;
58 /* tag 0 is emptyAuth */
59 w = asn1_encode_boolean(w, w + sizeof(bool), true);
60 if (WARN(IS_ERR(w), "BUG: Boolean failed to encode"))
61 return PTR_ERR(w);
62 work = asn1_encode_tag(work, end_work, 0, bool, w - bool);
63 }
64
65 /*
66 * Assume both octet strings will encode to a 2 byte definite length
67 *
68 * Note: For a well behaved TPM, this warning should never
69 * trigger, so if it does there's something nefarious going on
70 */
71 if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE,
72 "BUG: scratch buffer is too small"))
73 return -EINVAL;
74
75 work = asn1_encode_integer(work, end_work, options->keyhandle);
76 work = asn1_encode_octet_string(work, end_work, pub, pub_len);
77 work = asn1_encode_octet_string(work, end_work, priv, priv_len);
78
79 work1 = payload->blob;
80 work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob),
81 scratch, work - scratch);
82 if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed"))
83 return PTR_ERR(work1);
84
85 return work1 - payload->blob;
86}
87
88struct tpm2_key_context {
89 u32 parent;
90 const u8 *pub;
91 u32 pub_len;
92 const u8 *priv;
93 u32 priv_len;
94};
95
96static int tpm2_key_decode(struct trusted_key_payload *payload,
97 struct trusted_key_options *options,
98 u8 **buf)
99{
100 int ret;
101 struct tpm2_key_context ctx;
102 u8 *blob;
103
104 memset(&ctx, 0, sizeof(ctx));
105
106 ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, payload->blob,
107 payload->blob_len);
108 if (ret < 0)
109 return ret;
110
111 if (ctx.priv_len + ctx.pub_len > MAX_BLOB_SIZE)
112 return -EINVAL;
113
114 blob = kmalloc(ctx.priv_len + ctx.pub_len + 4, GFP_KERNEL);
115 if (!blob)
116 return -ENOMEM;
117
118 *buf = blob;
119 options->keyhandle = ctx.parent;
120
121 memcpy(blob, ctx.priv, ctx.priv_len);
122 blob += ctx.priv_len;
123
124 memcpy(blob, ctx.pub, ctx.pub_len);
125
126 return 0;
127}
128
129int tpm2_key_parent(void *context, size_t hdrlen,
130 unsigned char tag,
131 const void *value, size_t vlen)
132{
133 struct tpm2_key_context *ctx = context;
134 const u8 *v = value;
135 int i;
136
137 ctx->parent = 0;
138 for (i = 0; i < vlen; i++) {
139 ctx->parent <<= 8;
140 ctx->parent |= v[i];
141 }
142
143 return 0;
144}
145
146int tpm2_key_type(void *context, size_t hdrlen,
147 unsigned char tag,
148 const void *value, size_t vlen)
149{
150 enum OID oid = look_up_OID(value, vlen);
151
152 if (oid != OID_TPMSealedData) {
153 char buffer[50];
154
155 sprint_oid(value, vlen, buffer, sizeof(buffer));
156 pr_debug("OID is \"%s\" which is not TPMSealedData\n",
157 buffer);
158 return -EINVAL;
159 }
160
161 return 0;
162}
163
164int tpm2_key_pub(void *context, size_t hdrlen,
165 unsigned char tag,
166 const void *value, size_t vlen)
167{
168 struct tpm2_key_context *ctx = context;
169
170 ctx->pub = value;
171 ctx->pub_len = vlen;
172
173 return 0;
174}
175
176int tpm2_key_priv(void *context, size_t hdrlen,
177 unsigned char tag,
178 const void *value, size_t vlen)
179{
180 struct tpm2_key_context *ctx = context;
181
182 ctx->priv = value;
183 ctx->priv_len = vlen;
184
185 return 0;
186}
187
2e19e101
SG		 188/**
189 * tpm_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer.
190 *
191 * @buf: an allocated tpm_buf instance
192 * @session_handle: session handle
193 * @nonce: the session nonce, may be NULL if not used
194 * @nonce_len: the session nonce length, may be 0 if not used
195 * @attributes: the session attributes
196 * @hmac: the session HMAC or password, may be NULL if not used
197 * @hmac_len: the session HMAC or password length, maybe 0 if not used
198 */
199static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
200 const u8 *nonce, u16 nonce_len,
201 u8 attributes,
202 const u8 *hmac, u16 hmac_len)
203{
204 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len);
205 tpm_buf_append_u32(buf, session_handle);
206 tpm_buf_append_u16(buf, nonce_len);
207
208 if (nonce && nonce_len)
209 tpm_buf_append(buf, nonce, nonce_len);
210
211 tpm_buf_append_u8(buf, attributes);
212 tpm_buf_append_u16(buf, hmac_len);
213
214 if (hmac && hmac_len)
215 tpm_buf_append(buf, hmac, hmac_len);
216}
217
218/**
219 * tpm2_seal_trusted() - seal the payload of a trusted key
220 *
221 * @chip: TPM chip to use
222 * @payload: the key data in clear and encrypted form
223 * @options: authentication values and other options
224 *
225 * Return: < 0 on error and 0 on success.
226 */
227int tpm2_seal_trusted(struct tpm_chip *chip,
228 struct trusted_key_payload *payload,
229 struct trusted_key_options *options)
230{
f2219745 231 int blob_len = 0;
2e19e101
SG		 232 struct tpm_buf buf;
233 u32 hash;
234 int i;
235 int rc;
236
237 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
238 if (options->hash == tpm2_hash_map[i].crypto_id) {
239 hash = tpm2_hash_map[i].tpm_id;
240 break;
241 }
242 }
243
244 if (i == ARRAY_SIZE(tpm2_hash_map))
245 return -EINVAL;
246
f2219745
JB		 247 if (!options->keyhandle)
248 return -EINVAL;
249
2e19e101
SG		 250 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
251 if (rc)
252 return rc;
253
8c657a05
JS		 254 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
255 if (rc) {
256 tpm_put_ops(chip);
257 return rc;
258 }
259
2e19e101
SG		 260 tpm_buf_append_u32(&buf, options->keyhandle);
261 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
262 NULL /* nonce */, 0,
263 0 /* session_attributes */,
264 options->keyauth /* hmac */,
265 TPM_DIGEST_SIZE);
266
267 /* sensitive */
de66514d
JB		 268 tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len + 1);
269
270 tpm_buf_append_u16(&buf, options->blobauth_len);
271 if (options->blobauth_len)
272 tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
2e19e101 273
2e19e101
SG		 274 tpm_buf_append_u16(&buf, payload->key_len + 1);
275 tpm_buf_append(&buf, payload->key, payload->key_len);
276 tpm_buf_append_u8(&buf, payload->migratable);
277
278 /* public */
279 tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
280 tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH);
281 tpm_buf_append_u16(&buf, hash);
282
283 /* policy */
284 if (options->policydigest_len) {
285 tpm_buf_append_u32(&buf, 0);
286 tpm_buf_append_u16(&buf, options->policydigest_len);
287 tpm_buf_append(&buf, options->policydigest,
288 options->policydigest_len);
289 } else {
290 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
291 tpm_buf_append_u16(&buf, 0);
292 }
293
294 /* public parameters */
295 tpm_buf_append_u16(&buf, TPM_ALG_NULL);
296 tpm_buf_append_u16(&buf, 0);
297
298 /* outside info */
299 tpm_buf_append_u16(&buf, 0);
300
301 /* creation PCR */
302 tpm_buf_append_u32(&buf, 0);
303
304 if (buf.flags & TPM_BUF_OVERFLOW) {
305 rc = -E2BIG;
306 goto out;
307 }
308
8c657a05 309 rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data");
2e19e101
SG		 310 if (rc)
311 goto out;
312
313 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
314 if (blob_len > MAX_BLOB_SIZE) {
315 rc = -E2BIG;
316 goto out;
317 }
318 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) {
319 rc = -EFAULT;
320 goto out;
321 }
322
f2219745
JB		 323 blob_len = tpm2_key_encode(payload, options,
324 &buf.data[TPM_HEADER_SIZE + 4],
325 blob_len);
2e19e101
SG		 326
327out:
328 tpm_buf_destroy(&buf);
329
330 if (rc > 0) {
331 if (tpm2_rc_value(rc) == TPM2_RC_HASH)
332 rc = -EINVAL;
333 else
334 rc = -EPERM;
335 }
f2219745
JB		 336 if (blob_len < 0)
337 return blob_len;
338
339 payload->blob_len = blob_len;
2e19e101 340
8c657a05 341 tpm_put_ops(chip);
2e19e101
SG		 342 return rc;
343}
344
345/**
346 * tpm2_load_cmd() - execute a TPM2_Load command
347 *
348 * @chip: TPM chip to use
349 * @payload: the key data in clear and encrypted form
350 * @options: authentication values and other options
351 * @blob_handle: returned blob handle
352 *
353 * Return: 0 on success.
354 * -E2BIG on wrong payload size.
355 * -EPERM on tpm error status.
356 * < 0 error from tpm_send.
357 */
358static int tpm2_load_cmd(struct tpm_chip *chip,
359 struct trusted_key_payload *payload,
360 struct trusted_key_options *options,
361 u32 *blob_handle)
362{
363 struct tpm_buf buf;
364 unsigned int private_len;
365 unsigned int public_len;
366 unsigned int blob_len;
f2219745 367 u8 *blob;
2e19e101
SG		 368 int rc;
369
f2219745
JB		 370 rc = tpm2_key_decode(payload, options, &blob);
371 if (rc) {
372 /* old form */
373 blob = payload->blob;
374 payload->old_format = 1;
375 }
376
377 /* new format carries keyhandle but old format doesn't */
378 if (!options->keyhandle)
379 return -EINVAL;
380
381 /* must be big enough for at least the two be16 size counts */
382 if (payload->blob_len < 4)
383 return -EINVAL;
384
385 private_len = get_unaligned_be16(blob);
386
387 /* must be big enough for following public_len */
388 if (private_len + 2 + 2 > (payload->blob_len))
389 return -E2BIG;
390
391 public_len = get_unaligned_be16(blob + 2 + private_len);
392 if (private_len + 2 + public_len + 2 > payload->blob_len)
2e19e101
SG		 393 return -E2BIG;
394
2e19e101
SG		 395 blob_len = private_len + public_len + 4;
396 if (blob_len > payload->blob_len)
397 return -E2BIG;
398
399 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
400 if (rc)
401 return rc;
402
403 tpm_buf_append_u32(&buf, options->keyhandle);
404 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
405 NULL /* nonce */, 0,
406 0 /* session_attributes */,
407 options->keyauth /* hmac */,
408 TPM_DIGEST_SIZE);
409
f2219745 410 tpm_buf_append(&buf, blob, blob_len);
2e19e101
SG		 411
412 if (buf.flags & TPM_BUF_OVERFLOW) {
413 rc = -E2BIG;
414 goto out;
415 }
416
8c657a05 417 rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob");
2e19e101
SG		 418 if (!rc)
419 *blob_handle = be32_to_cpup(
420 (__be32 *) &buf.data[TPM_HEADER_SIZE]);
421
422out:
f2219745
JB		 423 if (blob != payload->blob)
424 kfree(blob);
2e19e101
SG		 425 tpm_buf_destroy(&buf);
426
427 if (rc > 0)
428 rc = -EPERM;
429
430 return rc;
431}
432
433/**
434 * tpm2_unseal_cmd() - execute a TPM2_Unload command
435 *
436 * @chip: TPM chip to use
437 * @payload: the key data in clear and encrypted form
438 * @options: authentication values and other options
439 * @blob_handle: blob handle
440 *
441 * Return: 0 on success
442 * -EPERM on tpm error status
443 * < 0 error from tpm_send
444 */
445static int tpm2_unseal_cmd(struct tpm_chip *chip,
446 struct trusted_key_payload *payload,
447 struct trusted_key_options *options,
448 u32 blob_handle)
449{
450 struct tpm_buf buf;
451 u16 data_len;
452 u8 *data;
453 int rc;
454
455 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
456 if (rc)
457 return rc;
458
459 tpm_buf_append_u32(&buf, blob_handle);
460 tpm2_buf_append_auth(&buf,
461 options->policyhandle ?
462 options->policyhandle : TPM2_RS_PW,
463 NULL /* nonce */, 0,
464 TPM2_SA_CONTINUE_SESSION,
465 options->blobauth /* hmac */,
de66514d 466 options->blobauth_len);
2e19e101 467
8c657a05 468 rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing");
2e19e101
SG		 469 if (rc > 0)
470 rc = -EPERM;
471
472 if (!rc) {
473 data_len = be16_to_cpup(
474 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
475 if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) {
476 rc = -EFAULT;
477 goto out;
478 }
479
480 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 6 + data_len) {
481 rc = -EFAULT;
482 goto out;
483 }
484 data = &buf.data[TPM_HEADER_SIZE + 6];
485
486 memcpy(payload->key, data, data_len - 1);
487 payload->key_len = data_len - 1;
488 payload->migratable = data[data_len - 1];
489 }
490
491out:
492 tpm_buf_destroy(&buf);
493 return rc;
494}
495
496/**
497 * tpm2_unseal_trusted() - unseal the payload of a trusted key
498 *
499 * @chip: TPM chip to use
500 * @payload: the key data in clear and encrypted form
501 * @options: authentication values and other options
502 *
503 * Return: Same as with tpm_send.
504 */
505int tpm2_unseal_trusted(struct tpm_chip *chip,
506 struct trusted_key_payload *payload,
507 struct trusted_key_options *options)
508{
509 u32 blob_handle;
510 int rc;
511
8c657a05 512 rc = tpm_try_get_ops(chip);
2e19e101
SG		 513 if (rc)
514 return rc;
515
8c657a05
JS		 516 rc = tpm2_load_cmd(chip, payload, options, &blob_handle);
517 if (rc)
518 goto out;
519
2e19e101 520 rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
45477b3f 521 tpm2_flush_context(chip, blob_handle);
2e19e101 522
8c657a05
JS		 523out:
524 tpm_put_ops(chip);
525
2e19e101
SG		 526 return rc;
527}
Linux 6.x block layer and io_uring tree(s)