Commit | Line | Data |
---|---|---|
2e19e101 SG |
1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* | |
3 | * Copyright (C) 2004 IBM Corporation | |
4 | * Copyright (C) 2014 Intel Corporation | |
5 | */ | |
6 | ||
f2219745 JB |
7 | #include <linux/asn1_encoder.h> |
8 | #include <linux/oid_registry.h> | |
2e19e101 SG |
9 | #include <linux/string.h> |
10 | #include <linux/err.h> | |
11 | #include <linux/tpm.h> | |
12 | #include <linux/tpm_command.h> | |
13 | ||
14 | #include <keys/trusted-type.h> | |
15 | #include <keys/trusted_tpm.h> | |
16 | ||
f2219745 JB |
17 | #include <asm/unaligned.h> |
18 | ||
19 | #include "tpm2key.asn1.h" | |
20 | ||
2e19e101 SG |
21 | static struct tpm2_hash tpm2_hash_map[] = { |
22 | {HASH_ALGO_SHA1, TPM_ALG_SHA1}, | |
23 | {HASH_ALGO_SHA256, TPM_ALG_SHA256}, | |
24 | {HASH_ALGO_SHA384, TPM_ALG_SHA384}, | |
25 | {HASH_ALGO_SHA512, TPM_ALG_SHA512}, | |
26 | {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, | |
27 | }; | |
28 | ||
f2219745 JB |
29 | static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 }; |
30 | ||
31 | static int tpm2_key_encode(struct trusted_key_payload *payload, | |
32 | struct trusted_key_options *options, | |
33 | u8 *src, u32 len) | |
34 | { | |
35 | const int SCRATCH_SIZE = PAGE_SIZE; | |
36 | u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL); | |
37 | u8 *work = scratch, *work1; | |
38 | u8 *end_work = scratch + SCRATCH_SIZE; | |
39 | u8 *priv, *pub; | |
40 | u16 priv_len, pub_len; | |
41 | ||
42 | priv_len = get_unaligned_be16(src) + 2; | |
43 | priv = src; | |
44 | ||
45 | src += priv_len; | |
46 | ||
47 | pub_len = get_unaligned_be16(src) + 2; | |
48 | pub = src; | |
49 | ||
50 | if (!scratch) | |
51 | return -ENOMEM; | |
52 | ||
53 | work = asn1_encode_oid(work, end_work, tpm2key_oid, | |
54 | asn1_oid_len(tpm2key_oid)); | |
55 | ||
56 | if (options->blobauth_len == 0) { | |
57 | unsigned char bool[3], *w = bool; | |
58 | /* tag 0 is emptyAuth */ | |
59 | w = asn1_encode_boolean(w, w + sizeof(bool), true); | |
60 | if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) | |
61 | return PTR_ERR(w); | |
62 | work = asn1_encode_tag(work, end_work, 0, bool, w - bool); | |
63 | } | |
64 | ||
65 | /* | |
66 | * Assume both octet strings will encode to a 2 byte definite length | |
67 | * | |
68 | * Note: For a well behaved TPM, this warning should never | |
69 | * trigger, so if it does there's something nefarious going on | |
70 | */ | |
71 | if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, | |
72 | "BUG: scratch buffer is too small")) | |
73 | return -EINVAL; | |
74 | ||
75 | work = asn1_encode_integer(work, end_work, options->keyhandle); | |
76 | work = asn1_encode_octet_string(work, end_work, pub, pub_len); | |
77 | work = asn1_encode_octet_string(work, end_work, priv, priv_len); | |
78 | ||
79 | work1 = payload->blob; | |
80 | work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), | |
81 | scratch, work - scratch); | |
82 | if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) | |
83 | return PTR_ERR(work1); | |
84 | ||
85 | return work1 - payload->blob; | |
86 | } | |
87 | ||
88 | struct tpm2_key_context { | |
89 | u32 parent; | |
90 | const u8 *pub; | |
91 | u32 pub_len; | |
92 | const u8 *priv; | |
93 | u32 priv_len; | |
94 | }; | |
95 | ||
96 | static int tpm2_key_decode(struct trusted_key_payload *payload, | |
97 | struct trusted_key_options *options, | |
98 | u8 **buf) | |
99 | { | |
100 | int ret; | |
101 | struct tpm2_key_context ctx; | |
102 | u8 *blob; | |
103 | ||
104 | memset(&ctx, 0, sizeof(ctx)); | |
105 | ||
106 | ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, payload->blob, | |
107 | payload->blob_len); | |
108 | if (ret < 0) | |
109 | return ret; | |
110 | ||
111 | if (ctx.priv_len + ctx.pub_len > MAX_BLOB_SIZE) | |
112 | return -EINVAL; | |
113 | ||
114 | blob = kmalloc(ctx.priv_len + ctx.pub_len + 4, GFP_KERNEL); | |
115 | if (!blob) | |
116 | return -ENOMEM; | |
117 | ||
118 | *buf = blob; | |
119 | options->keyhandle = ctx.parent; | |
120 | ||
121 | memcpy(blob, ctx.priv, ctx.priv_len); | |
122 | blob += ctx.priv_len; | |
123 | ||
124 | memcpy(blob, ctx.pub, ctx.pub_len); | |
125 | ||
126 | return 0; | |
127 | } | |
128 | ||
129 | int tpm2_key_parent(void *context, size_t hdrlen, | |
130 | unsigned char tag, | |
131 | const void *value, size_t vlen) | |
132 | { | |
133 | struct tpm2_key_context *ctx = context; | |
134 | const u8 *v = value; | |
135 | int i; | |
136 | ||
137 | ctx->parent = 0; | |
138 | for (i = 0; i < vlen; i++) { | |
139 | ctx->parent <<= 8; | |
140 | ctx->parent |= v[i]; | |
141 | } | |
142 | ||
143 | return 0; | |
144 | } | |
145 | ||
146 | int tpm2_key_type(void *context, size_t hdrlen, | |
147 | unsigned char tag, | |
148 | const void *value, size_t vlen) | |
149 | { | |
150 | enum OID oid = look_up_OID(value, vlen); | |
151 | ||
152 | if (oid != OID_TPMSealedData) { | |
153 | char buffer[50]; | |
154 | ||
155 | sprint_oid(value, vlen, buffer, sizeof(buffer)); | |
156 | pr_debug("OID is \"%s\" which is not TPMSealedData\n", | |
157 | buffer); | |
158 | return -EINVAL; | |
159 | } | |
160 | ||
161 | return 0; | |
162 | } | |
163 | ||
164 | int tpm2_key_pub(void *context, size_t hdrlen, | |
165 | unsigned char tag, | |
166 | const void *value, size_t vlen) | |
167 | { | |
168 | struct tpm2_key_context *ctx = context; | |
169 | ||
170 | ctx->pub = value; | |
171 | ctx->pub_len = vlen; | |
172 | ||
173 | return 0; | |
174 | } | |
175 | ||
176 | int tpm2_key_priv(void *context, size_t hdrlen, | |
177 | unsigned char tag, | |
178 | const void *value, size_t vlen) | |
179 | { | |
180 | struct tpm2_key_context *ctx = context; | |
181 | ||
182 | ctx->priv = value; | |
183 | ctx->priv_len = vlen; | |
184 | ||
185 | return 0; | |
186 | } | |
187 | ||
2e19e101 SG |
188 | /** |
189 | * tpm_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. | |
190 | * | |
191 | * @buf: an allocated tpm_buf instance | |
192 | * @session_handle: session handle | |
193 | * @nonce: the session nonce, may be NULL if not used | |
194 | * @nonce_len: the session nonce length, may be 0 if not used | |
195 | * @attributes: the session attributes | |
196 | * @hmac: the session HMAC or password, may be NULL if not used | |
197 | * @hmac_len: the session HMAC or password length, maybe 0 if not used | |
198 | */ | |
199 | static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, | |
200 | const u8 *nonce, u16 nonce_len, | |
201 | u8 attributes, | |
202 | const u8 *hmac, u16 hmac_len) | |
203 | { | |
204 | tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); | |
205 | tpm_buf_append_u32(buf, session_handle); | |
206 | tpm_buf_append_u16(buf, nonce_len); | |
207 | ||
208 | if (nonce && nonce_len) | |
209 | tpm_buf_append(buf, nonce, nonce_len); | |
210 | ||
211 | tpm_buf_append_u8(buf, attributes); | |
212 | tpm_buf_append_u16(buf, hmac_len); | |
213 | ||
214 | if (hmac && hmac_len) | |
215 | tpm_buf_append(buf, hmac, hmac_len); | |
216 | } | |
217 | ||
218 | /** | |
219 | * tpm2_seal_trusted() - seal the payload of a trusted key | |
220 | * | |
221 | * @chip: TPM chip to use | |
222 | * @payload: the key data in clear and encrypted form | |
223 | * @options: authentication values and other options | |
224 | * | |
225 | * Return: < 0 on error and 0 on success. | |
226 | */ | |
227 | int tpm2_seal_trusted(struct tpm_chip *chip, | |
228 | struct trusted_key_payload *payload, | |
229 | struct trusted_key_options *options) | |
230 | { | |
f2219745 | 231 | int blob_len = 0; |
2e19e101 SG |
232 | struct tpm_buf buf; |
233 | u32 hash; | |
234 | int i; | |
235 | int rc; | |
236 | ||
237 | for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { | |
238 | if (options->hash == tpm2_hash_map[i].crypto_id) { | |
239 | hash = tpm2_hash_map[i].tpm_id; | |
240 | break; | |
241 | } | |
242 | } | |
243 | ||
244 | if (i == ARRAY_SIZE(tpm2_hash_map)) | |
245 | return -EINVAL; | |
246 | ||
f2219745 JB |
247 | if (!options->keyhandle) |
248 | return -EINVAL; | |
249 | ||
2e19e101 SG |
250 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); |
251 | if (rc) | |
252 | return rc; | |
253 | ||
8c657a05 JS |
254 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); |
255 | if (rc) { | |
256 | tpm_put_ops(chip); | |
257 | return rc; | |
258 | } | |
259 | ||
2e19e101 SG |
260 | tpm_buf_append_u32(&buf, options->keyhandle); |
261 | tpm2_buf_append_auth(&buf, TPM2_RS_PW, | |
262 | NULL /* nonce */, 0, | |
263 | 0 /* session_attributes */, | |
264 | options->keyauth /* hmac */, | |
265 | TPM_DIGEST_SIZE); | |
266 | ||
267 | /* sensitive */ | |
de66514d JB |
268 | tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len + 1); |
269 | ||
270 | tpm_buf_append_u16(&buf, options->blobauth_len); | |
271 | if (options->blobauth_len) | |
272 | tpm_buf_append(&buf, options->blobauth, options->blobauth_len); | |
2e19e101 | 273 | |
2e19e101 SG |
274 | tpm_buf_append_u16(&buf, payload->key_len + 1); |
275 | tpm_buf_append(&buf, payload->key, payload->key_len); | |
276 | tpm_buf_append_u8(&buf, payload->migratable); | |
277 | ||
278 | /* public */ | |
279 | tpm_buf_append_u16(&buf, 14 + options->policydigest_len); | |
280 | tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH); | |
281 | tpm_buf_append_u16(&buf, hash); | |
282 | ||
283 | /* policy */ | |
284 | if (options->policydigest_len) { | |
285 | tpm_buf_append_u32(&buf, 0); | |
286 | tpm_buf_append_u16(&buf, options->policydigest_len); | |
287 | tpm_buf_append(&buf, options->policydigest, | |
288 | options->policydigest_len); | |
289 | } else { | |
290 | tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH); | |
291 | tpm_buf_append_u16(&buf, 0); | |
292 | } | |
293 | ||
294 | /* public parameters */ | |
295 | tpm_buf_append_u16(&buf, TPM_ALG_NULL); | |
296 | tpm_buf_append_u16(&buf, 0); | |
297 | ||
298 | /* outside info */ | |
299 | tpm_buf_append_u16(&buf, 0); | |
300 | ||
301 | /* creation PCR */ | |
302 | tpm_buf_append_u32(&buf, 0); | |
303 | ||
304 | if (buf.flags & TPM_BUF_OVERFLOW) { | |
305 | rc = -E2BIG; | |
306 | goto out; | |
307 | } | |
308 | ||
8c657a05 | 309 | rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data"); |
2e19e101 SG |
310 | if (rc) |
311 | goto out; | |
312 | ||
313 | blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]); | |
314 | if (blob_len > MAX_BLOB_SIZE) { | |
315 | rc = -E2BIG; | |
316 | goto out; | |
317 | } | |
318 | if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) { | |
319 | rc = -EFAULT; | |
320 | goto out; | |
321 | } | |
322 | ||
f2219745 JB |
323 | blob_len = tpm2_key_encode(payload, options, |
324 | &buf.data[TPM_HEADER_SIZE + 4], | |
325 | blob_len); | |
2e19e101 SG |
326 | |
327 | out: | |
328 | tpm_buf_destroy(&buf); | |
329 | ||
330 | if (rc > 0) { | |
331 | if (tpm2_rc_value(rc) == TPM2_RC_HASH) | |
332 | rc = -EINVAL; | |
333 | else | |
334 | rc = -EPERM; | |
335 | } | |
f2219745 JB |
336 | if (blob_len < 0) |
337 | return blob_len; | |
338 | ||
339 | payload->blob_len = blob_len; | |
2e19e101 | 340 | |
8c657a05 | 341 | tpm_put_ops(chip); |
2e19e101 SG |
342 | return rc; |
343 | } | |
344 | ||
345 | /** | |
346 | * tpm2_load_cmd() - execute a TPM2_Load command | |
347 | * | |
348 | * @chip: TPM chip to use | |
349 | * @payload: the key data in clear and encrypted form | |
350 | * @options: authentication values and other options | |
351 | * @blob_handle: returned blob handle | |
352 | * | |
353 | * Return: 0 on success. | |
354 | * -E2BIG on wrong payload size. | |
355 | * -EPERM on tpm error status. | |
356 | * < 0 error from tpm_send. | |
357 | */ | |
358 | static int tpm2_load_cmd(struct tpm_chip *chip, | |
359 | struct trusted_key_payload *payload, | |
360 | struct trusted_key_options *options, | |
361 | u32 *blob_handle) | |
362 | { | |
363 | struct tpm_buf buf; | |
364 | unsigned int private_len; | |
365 | unsigned int public_len; | |
366 | unsigned int blob_len; | |
f2219745 | 367 | u8 *blob; |
2e19e101 SG |
368 | int rc; |
369 | ||
f2219745 JB |
370 | rc = tpm2_key_decode(payload, options, &blob); |
371 | if (rc) { | |
372 | /* old form */ | |
373 | blob = payload->blob; | |
374 | payload->old_format = 1; | |
375 | } | |
376 | ||
377 | /* new format carries keyhandle but old format doesn't */ | |
378 | if (!options->keyhandle) | |
379 | return -EINVAL; | |
380 | ||
381 | /* must be big enough for at least the two be16 size counts */ | |
382 | if (payload->blob_len < 4) | |
383 | return -EINVAL; | |
384 | ||
385 | private_len = get_unaligned_be16(blob); | |
386 | ||
387 | /* must be big enough for following public_len */ | |
388 | if (private_len + 2 + 2 > (payload->blob_len)) | |
389 | return -E2BIG; | |
390 | ||
391 | public_len = get_unaligned_be16(blob + 2 + private_len); | |
392 | if (private_len + 2 + public_len + 2 > payload->blob_len) | |
2e19e101 SG |
393 | return -E2BIG; |
394 | ||
2e19e101 SG |
395 | blob_len = private_len + public_len + 4; |
396 | if (blob_len > payload->blob_len) | |
397 | return -E2BIG; | |
398 | ||
399 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); | |
400 | if (rc) | |
401 | return rc; | |
402 | ||
403 | tpm_buf_append_u32(&buf, options->keyhandle); | |
404 | tpm2_buf_append_auth(&buf, TPM2_RS_PW, | |
405 | NULL /* nonce */, 0, | |
406 | 0 /* session_attributes */, | |
407 | options->keyauth /* hmac */, | |
408 | TPM_DIGEST_SIZE); | |
409 | ||
f2219745 | 410 | tpm_buf_append(&buf, blob, blob_len); |
2e19e101 SG |
411 | |
412 | if (buf.flags & TPM_BUF_OVERFLOW) { | |
413 | rc = -E2BIG; | |
414 | goto out; | |
415 | } | |
416 | ||
8c657a05 | 417 | rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob"); |
2e19e101 SG |
418 | if (!rc) |
419 | *blob_handle = be32_to_cpup( | |
420 | (__be32 *) &buf.data[TPM_HEADER_SIZE]); | |
421 | ||
422 | out: | |
f2219745 JB |
423 | if (blob != payload->blob) |
424 | kfree(blob); | |
2e19e101 SG |
425 | tpm_buf_destroy(&buf); |
426 | ||
427 | if (rc > 0) | |
428 | rc = -EPERM; | |
429 | ||
430 | return rc; | |
431 | } | |
432 | ||
433 | /** | |
434 | * tpm2_unseal_cmd() - execute a TPM2_Unload command | |
435 | * | |
436 | * @chip: TPM chip to use | |
437 | * @payload: the key data in clear and encrypted form | |
438 | * @options: authentication values and other options | |
439 | * @blob_handle: blob handle | |
440 | * | |
441 | * Return: 0 on success | |
442 | * -EPERM on tpm error status | |
443 | * < 0 error from tpm_send | |
444 | */ | |
445 | static int tpm2_unseal_cmd(struct tpm_chip *chip, | |
446 | struct trusted_key_payload *payload, | |
447 | struct trusted_key_options *options, | |
448 | u32 blob_handle) | |
449 | { | |
450 | struct tpm_buf buf; | |
451 | u16 data_len; | |
452 | u8 *data; | |
453 | int rc; | |
454 | ||
455 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); | |
456 | if (rc) | |
457 | return rc; | |
458 | ||
459 | tpm_buf_append_u32(&buf, blob_handle); | |
460 | tpm2_buf_append_auth(&buf, | |
461 | options->policyhandle ? | |
462 | options->policyhandle : TPM2_RS_PW, | |
463 | NULL /* nonce */, 0, | |
464 | TPM2_SA_CONTINUE_SESSION, | |
465 | options->blobauth /* hmac */, | |
de66514d | 466 | options->blobauth_len); |
2e19e101 | 467 | |
8c657a05 | 468 | rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing"); |
2e19e101 SG |
469 | if (rc > 0) |
470 | rc = -EPERM; | |
471 | ||
472 | if (!rc) { | |
473 | data_len = be16_to_cpup( | |
474 | (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); | |
475 | if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) { | |
476 | rc = -EFAULT; | |
477 | goto out; | |
478 | } | |
479 | ||
480 | if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 6 + data_len) { | |
481 | rc = -EFAULT; | |
482 | goto out; | |
483 | } | |
484 | data = &buf.data[TPM_HEADER_SIZE + 6]; | |
485 | ||
486 | memcpy(payload->key, data, data_len - 1); | |
487 | payload->key_len = data_len - 1; | |
488 | payload->migratable = data[data_len - 1]; | |
489 | } | |
490 | ||
491 | out: | |
492 | tpm_buf_destroy(&buf); | |
493 | return rc; | |
494 | } | |
495 | ||
496 | /** | |
497 | * tpm2_unseal_trusted() - unseal the payload of a trusted key | |
498 | * | |
499 | * @chip: TPM chip to use | |
500 | * @payload: the key data in clear and encrypted form | |
501 | * @options: authentication values and other options | |
502 | * | |
503 | * Return: Same as with tpm_send. | |
504 | */ | |
505 | int tpm2_unseal_trusted(struct tpm_chip *chip, | |
506 | struct trusted_key_payload *payload, | |
507 | struct trusted_key_options *options) | |
508 | { | |
509 | u32 blob_handle; | |
510 | int rc; | |
511 | ||
8c657a05 | 512 | rc = tpm_try_get_ops(chip); |
2e19e101 SG |
513 | if (rc) |
514 | return rc; | |
515 | ||
8c657a05 JS |
516 | rc = tpm2_load_cmd(chip, payload, options, &blob_handle); |
517 | if (rc) | |
518 | goto out; | |
519 | ||
2e19e101 | 520 | rc = tpm2_unseal_cmd(chip, payload, options, blob_handle); |
45477b3f | 521 | tpm2_flush_context(chip, blob_handle); |
2e19e101 | 522 | |
8c657a05 JS |
523 | out: |
524 | tpm_put_ops(chip); | |
525 | ||
2e19e101 SG |
526 | return rc; |
527 | } |