1 // SPDX-License-Identifier: GPL-2.0
2
3 /*
4 * Copyright (C) 2018 James.Bottomley@HansenPartnership.com
5 *
6 * Cryptographic helper routines for handling TPM2 sessions for
7 * authorization HMAC and request response encryption.
8 *
9 * The idea is to ensure that every TPM command is HMAC protected by a
10 * session, meaning in-flight tampering would be detected and in
11 * addition all sensitive inputs and responses should be encrypted.
12 *
13 * The basic way this works is to use a TPM feature called salted
14 * sessions where a random secret used in session construction is
15 * encrypted to the public part of a known TPM key. The problem is we
16 * have no known keys, so initially a primary Elliptic Curve key is
17 * derived from the NULL seed (we use EC because most TPMs generate
18 * these keys much faster than RSA ones). The curve used is NIST_P256
19 * because that's now mandated to be present in 'TCG TPM v2.0
20 * Provisioning Guidance'
21 *
22 * Threat problems: the initial TPM2_CreatePrimary is not (and cannot
23 * be) session protected, so a clever Man in the Middle could return a
24 * public key they control to this command and from there intercept
25 * and decode all subsequent session based transactions. The kernel
26 * cannot mitigate this threat but, after boot, userspace can get
27 * proof this has not happened by asking the TPM to certify the NULL
28 * key. This certification would chain back to the TPM Endorsement
29 * Certificate and prove the NULL seed primary had not been tampered
30 * with and thus all sessions must have been cryptographically secure.
31 * To assist with this, the initial NULL seed public key name is made
32 * available in a sysfs file.
33 *
34 * Use of these functions:
35 *
36 * The design is all the crypto, hash and hmac gunk is confined in this
37 * file and never needs to be seen even by the kernel internal user. To
38 * the user there's an init function tpm2_sessions_init() that needs to
39 * be called once per TPM which generates the NULL seed primary key.
40 *
41 * These are the usage functions:
42 *
43 * tpm2_start_auth_session() which allocates the opaque auth structure
44 * and gets a session from the TPM. This must be called before
45 * any of the following functions. The session is protected by a
46 * session_key which is derived from a random salt value
47 * encrypted to the NULL seed.
48 * tpm2_end_auth_session() kills the session and frees the resources.
49 * Under normal operation this function is done by
50 * tpm_buf_check_hmac_response(), so this is only to be used on
51 * error legs where the latter is not executed.
52 * tpm_buf_append_name() to add a handle to the buffer. This must be
53 * used in place of the usual tpm_buf_append_u32() for adding
54 * handles because handles have to be processed specially when
55 * calculating the HMAC. In particular, for NV, volatile and
56 * permanent objects you now need to provide the name.
57 * tpm_buf_append_hmac_session() which appends the hmac session to the
58 * buf in the same way tpm_buf_append_auth does().
59 * tpm_buf_fill_hmac_session() This calculates the correct hash and
60 * places it in the buffer. It must be called after the complete
61 * command buffer is finalized so it can fill in the correct HMAC
62 * based on the parameters.
63 * tpm_buf_check_hmac_response() which checks the session response in
64 * the buffer and calculates what it should be. If there's a
65 * mismatch it will log a warning and return an error. If
66 * tpm_buf_append_hmac_session() did not specify
67 * TPM_SA_CONTINUE_SESSION then the session will be closed (if it
68 * hasn't been consumed) and the auth structure freed.
69 */
70
71 #include "tpm.h"
72 #include <linux/random.h>
73 #include <linux/scatterlist.h>
74 #include <linux/unaligned.h>
75 #include <crypto/kpp.h>
76 #include <crypto/ecdh.h>
77 #include <crypto/hash.h>
78 #include <crypto/hmac.h>
79
80 /* maximum number of names the TPM must remember for authorization */
81 #define AUTH_MAX_NAMES 3
82
83 #define AES_KEY_BYTES AES_KEYSIZE_128
84 #define AES_KEY_BITS (AES_KEY_BYTES*8)
85
86 /*
87 * This is the structure that carries all the auth information (like
88 * session handle, nonces, session key and auth) from use to use it is
89 * designed to be opaque to anything outside.
90 */
91 struct tpm2_auth {
92 u32 handle;
93 /*
94 * This has two meanings: before tpm_buf_fill_hmac_session()
95 * it marks the offset in the buffer of the start of the
96 * sessions (i.e. after all the handles). Once the buffer has
97 * been filled it markes the session number of our auth
98 * session so we can find it again in the response buffer.
99 *
100 * The two cases are distinguished because the first offset
101 * must always be greater than TPM_HEADER_SIZE and the second
102 * must be less than or equal to 5.
103 */
104 u32 session;
105 /*
106 * the size here is variable and set by the size of our_nonce
107 * which must be between 16 and the name hash length. we set
108 * the maximum sha256 size for the greatest protection
109 */
110 u8 our_nonce[SHA256_DIGEST_SIZE];
111 u8 tpm_nonce[SHA256_DIGEST_SIZE];
112 /*
113 * the salt is only used across the session command/response
114 * after that it can be used as a scratch area
115 */
116 union {
117 u8 salt[EC_PT_SZ];
118 /* scratch for key + IV */
119 u8 scratch[AES_KEY_BYTES + AES_BLOCK_SIZE];
120 };
121 /*
122 * the session key and passphrase are the same size as the
123 * name digest (sha256 again). The session key is constant
124 * for the use of the session and the passphrase can change
125 * with every invocation.
126 *
127 * Note: these fields must be adjacent and in this order
128 * because several HMAC/KDF schemes use the combination of the
129 * session_key and passphrase.
130 */
131 u8 session_key[SHA256_DIGEST_SIZE];
132 u8 passphrase[SHA256_DIGEST_SIZE];
133 int passphrase_len;
134 struct crypto_aes_ctx aes_ctx;
135 /* saved session attributes: */
136 u8 attrs;
137 __be32 ordinal;
138
139 /*
140 * memory for three authorization handles. We know them by
141 * handle, but they are part of the session by name, which
142 * we must compute and remember
143 */
144 u32 name_h[AUTH_MAX_NAMES];
145 u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE];
146 };
147
148 #ifdef CONFIG_TCG_TPM2_HMAC
149 /*
150 * Name Size based on TPM algorithm (assumes no hash bigger than 255)
151 */
name_size(const u8 * name)152 static u8 name_size(const u8 *name)
153 {
154 static u8 size_map[] = {
155 [TPM_ALG_SHA1] = SHA1_DIGEST_SIZE,
156 [TPM_ALG_SHA256] = SHA256_DIGEST_SIZE,
157 [TPM_ALG_SHA384] = SHA384_DIGEST_SIZE,
158 [TPM_ALG_SHA512] = SHA512_DIGEST_SIZE,
159 };
160 u16 alg = get_unaligned_be16(name);
161 return size_map[alg] + 2;
162 }
163
tpm2_parse_read_public(char * name,struct tpm_buf * buf)164 static int tpm2_parse_read_public(char *name, struct tpm_buf *buf)
165 {
166 struct tpm_header *head = (struct tpm_header *)buf->data;
167 off_t offset = TPM_HEADER_SIZE;
168 u32 tot_len = be32_to_cpu(head->length);
169 u32 val;
170
171 /* we're starting after the header so adjust the length */
172 tot_len -= TPM_HEADER_SIZE;
173
174 /* skip public */
175 val = tpm_buf_read_u16(buf, &offset);
176 if (val > tot_len)
177 return -EINVAL;
178 offset += val;
179 /* name */
180 val = tpm_buf_read_u16(buf, &offset);
181 if (val != name_size(&buf->data[offset]))
182 return -EINVAL;
183 memcpy(name, &buf->data[offset], val);
184 /* forget the rest */
185 return 0;
186 }
187
tpm2_read_public(struct tpm_chip * chip,u32 handle,char * name)188 static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name)
189 {
190 struct tpm_buf buf;
191 int rc;
192
193 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC);
194 if (rc)
195 return rc;
196
197 tpm_buf_append_u32(&buf, handle);
198 rc = tpm_transmit_cmd(chip, &buf, 0, "read public");
199 if (rc == TPM2_RC_SUCCESS)
200 rc = tpm2_parse_read_public(name, &buf);
201
202 tpm_buf_destroy(&buf);
203
204 return rc;
205 }
206 #endif /* CONFIG_TCG_TPM2_HMAC */
207
208 /**
209 * tpm_buf_append_name() - add a handle area to the buffer
210 * @chip: the TPM chip structure
211 * @buf: The buffer to be appended
212 * @handle: The handle to be appended
213 * @name: The name of the handle (may be NULL)
214 *
215 * In order to compute session HMACs, we need to know the names of the
216 * objects pointed to by the handles. For most objects, this is simply
217 * the actual 4 byte handle or an empty buf (in these cases @name
218 * should be NULL) but for volatile objects, permanent objects and NV
219 * areas, the name is defined as the hash (according to the name
220 * algorithm which should be set to sha256) of the public area to
221 * which the two byte algorithm id has been appended. For these
222 * objects, the @name pointer should point to this. If a name is
223 * required but @name is NULL, then TPM2_ReadPublic() will be called
224 * on the handle to obtain the name.
225 *
226 * As with most tpm_buf operations, success is assumed because failure
227 * will be caused by an incorrect programming model and indicated by a
228 * kernel message.
229 */
tpm_buf_append_name(struct tpm_chip * chip,struct tpm_buf * buf,u32 handle,u8 * name)230 void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf,
231 u32 handle, u8 *name)
232 {
233 #ifdef CONFIG_TCG_TPM2_HMAC
234 enum tpm2_mso_type mso = tpm2_handle_mso(handle);
235 struct tpm2_auth *auth;
236 int slot;
237 #endif
238
239 if (!tpm2_chip_auth(chip)) {
240 tpm_buf_append_u32(buf, handle);
241 /* count the number of handles in the upper bits of flags */
242 buf->handles++;
243 return;
244 }
245
246 #ifdef CONFIG_TCG_TPM2_HMAC
247 slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4;
248 if (slot >= AUTH_MAX_NAMES) {
249 dev_err(&chip->dev, "TPM: too many handles\n");
250 return;
251 }
252 auth = chip->auth;
253 WARN(auth->session != tpm_buf_length(buf),
254 "name added in wrong place\n");
255 tpm_buf_append_u32(buf, handle);
256 auth->session += 4;
257
258 if (mso == TPM2_MSO_PERSISTENT ||
259 mso == TPM2_MSO_VOLATILE ||
260 mso == TPM2_MSO_NVRAM) {
261 if (!name)
262 tpm2_read_public(chip, handle, auth->name[slot]);
263 } else {
264 if (name)
265 dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n");
266 }
267
268 auth->name_h[slot] = handle;
269 if (name)
270 memcpy(auth->name[slot], name, name_size(name));
271 #endif
272 }
273 EXPORT_SYMBOL_GPL(tpm_buf_append_name);
274
275 /**
276 * tpm_buf_append_hmac_session() - Append a TPM session element
277 * @chip: the TPM chip structure
278 * @buf: The buffer to be appended
279 * @attributes: The session attributes
280 * @passphrase: The session authority (NULL if none)
281 * @passphrase_len: The length of the session authority (0 if none)
282 *
283 * This fills in a session structure in the TPM command buffer, except
284 * for the HMAC which cannot be computed until the command buffer is
285 * complete. The type of session is controlled by the @attributes,
286 * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the
287 * session won't terminate after tpm_buf_check_hmac_response(),
288 * TPM2_SA_DECRYPT which means this buffers first parameter should be
289 * encrypted with a session key and TPM2_SA_ENCRYPT, which means the
290 * response buffer's first parameter needs to be decrypted (confusing,
291 * but the defines are written from the point of view of the TPM).
292 *
293 * Any session appended by this command must be finalized by calling
294 * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect
295 * and the TPM will reject the command.
296 *
297 * As with most tpm_buf operations, success is assumed because failure
298 * will be caused by an incorrect programming model and indicated by a
299 * kernel message.
300 */
tpm_buf_append_hmac_session(struct tpm_chip * chip,struct tpm_buf * buf,u8 attributes,u8 * passphrase,int passphrase_len)301 void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf,
302 u8 attributes, u8 *passphrase,
303 int passphrase_len)
304 {
305 #ifdef CONFIG_TCG_TPM2_HMAC
306 u8 nonce[SHA256_DIGEST_SIZE];
307 struct tpm2_auth *auth;
308 u32 len;
309 #endif
310
311 if (!tpm2_chip_auth(chip)) {
312 /* offset tells us where the sessions area begins */
313 int offset = buf->handles * 4 + TPM_HEADER_SIZE;
314 u32 len = 9 + passphrase_len;
315
316 if (tpm_buf_length(buf) != offset) {
317 /* not the first session so update the existing length */
318 len += get_unaligned_be32(&buf->data[offset]);
319 put_unaligned_be32(len, &buf->data[offset]);
320 } else {
321 tpm_buf_append_u32(buf, len);
322 }
323 /* auth handle */
324 tpm_buf_append_u32(buf, TPM2_RS_PW);
325 /* nonce */
326 tpm_buf_append_u16(buf, 0);
327 /* attributes */
328 tpm_buf_append_u8(buf, 0);
329 /* passphrase */
330 tpm_buf_append_u16(buf, passphrase_len);
331 tpm_buf_append(buf, passphrase, passphrase_len);
332 return;
333 }
334
335 #ifdef CONFIG_TCG_TPM2_HMAC
336 /* The first write to /dev/tpm{rm0} will flush the session. */
337 attributes |= TPM2_SA_CONTINUE_SESSION;
338
339 /*
340 * The Architecture Guide requires us to strip trailing zeros
341 * before computing the HMAC
342 */
343 while (passphrase && passphrase_len > 0 && passphrase[passphrase_len - 1] == '\0')
344 passphrase_len--;
345
346 auth = chip->auth;
347 auth->attrs = attributes;
348 auth->passphrase_len = passphrase_len;
349 if (passphrase_len)
350 memcpy(auth->passphrase, passphrase, passphrase_len);
351
352 if (auth->session != tpm_buf_length(buf)) {
353 /* we're not the first session */
354 len = get_unaligned_be32(&buf->data[auth->session]);
355 if (4 + len + auth->session != tpm_buf_length(buf)) {
356 WARN(1, "session length mismatch, cannot append");
357 return;
358 }
359
360 /* add our new session */
361 len += 9 + 2 * SHA256_DIGEST_SIZE;
362 put_unaligned_be32(len, &buf->data[auth->session]);
363 } else {
364 tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE);
365 }
366
367 /* random number for our nonce */
368 get_random_bytes(nonce, sizeof(nonce));
369 memcpy(auth->our_nonce, nonce, sizeof(nonce));
370 tpm_buf_append_u32(buf, auth->handle);
371 /* our new nonce */
372 tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE);
373 tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE);
374 tpm_buf_append_u8(buf, auth->attrs);
375 /* and put a placeholder for the hmac */
376 tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE);
377 tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE);
378 #endif
379 }
380 EXPORT_SYMBOL_GPL(tpm_buf_append_hmac_session);
381
382 #ifdef CONFIG_TCG_TPM2_HMAC
383
384 static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy,
385 u32 *handle, u8 *name);
386
387 /*
388 * It turns out the crypto hmac(sha256) is hard for us to consume
389 * because it assumes a fixed key and the TPM seems to change the key
390 * on every operation, so we weld the hmac init and final functions in
391 * here to give it the same usage characteristics as a regular hash
392 */
tpm2_hmac_init(struct sha256_state * sctx,u8 * key,u32 key_len)393 static void tpm2_hmac_init(struct sha256_state *sctx, u8 *key, u32 key_len)
394 {
395 u8 pad[SHA256_BLOCK_SIZE];
396 int i;
397
398 sha256_init(sctx);
399 for (i = 0; i < sizeof(pad); i++) {
400 if (i < key_len)
401 pad[i] = key[i];
402 else
403 pad[i] = 0;
404 pad[i] ^= HMAC_IPAD_VALUE;
405 }
406 sha256_update(sctx, pad, sizeof(pad));
407 }
408
tpm2_hmac_final(struct sha256_state * sctx,u8 * key,u32 key_len,u8 * out)409 static void tpm2_hmac_final(struct sha256_state *sctx, u8 *key, u32 key_len,
410 u8 *out)
411 {
412 u8 pad[SHA256_BLOCK_SIZE];
413 int i;
414
415 for (i = 0; i < sizeof(pad); i++) {
416 if (i < key_len)
417 pad[i] = key[i];
418 else
419 pad[i] = 0;
420 pad[i] ^= HMAC_OPAD_VALUE;
421 }
422
423 /* collect the final hash; use out as temporary storage */
424 sha256_final(sctx, out);
425
426 sha256_init(sctx);
427 sha256_update(sctx, pad, sizeof(pad));
428 sha256_update(sctx, out, SHA256_DIGEST_SIZE);
429 sha256_final(sctx, out);
430 }
431
432 /*
433 * assume hash sha256 and nonces u, v of size SHA256_DIGEST_SIZE but
434 * otherwise standard tpm2_KDFa. Note output is in bytes not bits.
435 */
tpm2_KDFa(u8 * key,u32 key_len,const char * label,u8 * u,u8 * v,u32 bytes,u8 * out)436 static void tpm2_KDFa(u8 *key, u32 key_len, const char *label, u8 *u,
437 u8 *v, u32 bytes, u8 *out)
438 {
439 u32 counter = 1;
440 const __be32 bits = cpu_to_be32(bytes * 8);
441
442 while (bytes > 0) {
443 struct sha256_state sctx;
444 __be32 c = cpu_to_be32(counter);
445
446 tpm2_hmac_init(&sctx, key, key_len);
447 sha256_update(&sctx, (u8 *)&c, sizeof(c));
448 sha256_update(&sctx, label, strlen(label)+1);
449 sha256_update(&sctx, u, SHA256_DIGEST_SIZE);
450 sha256_update(&sctx, v, SHA256_DIGEST_SIZE);
451 sha256_update(&sctx, (u8 *)&bits, sizeof(bits));
452 tpm2_hmac_final(&sctx, key, key_len, out);
453
454 bytes -= SHA256_DIGEST_SIZE;
455 counter++;
456 out += SHA256_DIGEST_SIZE;
457 }
458 }
459
460 /*
461 * Somewhat of a bastardization of the real KDFe. We're assuming
462 * we're working with known point sizes for the input parameters and
463 * the hash algorithm is fixed at sha256. Because we know that the
464 * point size is 32 bytes like the hash size, there's no need to loop
465 * in this KDF.
466 */
tpm2_KDFe(u8 z[EC_PT_SZ],const char * str,u8 * pt_u,u8 * pt_v,u8 * out)467 static void tpm2_KDFe(u8 z[EC_PT_SZ], const char *str, u8 *pt_u, u8 *pt_v,
468 u8 *out)
469 {
470 struct sha256_state sctx;
471 /*
472 * this should be an iterative counter, but because we know
473 * we're only taking 32 bytes for the point using a sha256
474 * hash which is also 32 bytes, there's only one loop
475 */
476 __be32 c = cpu_to_be32(1);
477
478 sha256_init(&sctx);
479 /* counter (BE) */
480 sha256_update(&sctx, (u8 *)&c, sizeof(c));
481 /* secret value */
482 sha256_update(&sctx, z, EC_PT_SZ);
483 /* string including trailing zero */
484 sha256_update(&sctx, str, strlen(str)+1);
485 sha256_update(&sctx, pt_u, EC_PT_SZ);
486 sha256_update(&sctx, pt_v, EC_PT_SZ);
487 sha256_final(&sctx, out);
488 }
489
tpm_buf_append_salt(struct tpm_buf * buf,struct tpm_chip * chip,struct tpm2_auth * auth)490 static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip,
491 struct tpm2_auth *auth)
492 {
493 struct crypto_kpp *kpp;
494 struct kpp_request *req;
495 struct scatterlist s[2], d[1];
496 struct ecdh p = {0};
497 u8 encoded_key[EC_PT_SZ], *x, *y;
498 unsigned int buf_len;
499
500 /* secret is two sized points */
501 tpm_buf_append_u16(buf, (EC_PT_SZ + 2)*2);
502 /*
503 * we cheat here and append uninitialized data to form
504 * the points. All we care about is getting the two
505 * co-ordinate pointers, which will be used to overwrite
506 * the uninitialized data
507 */
508 tpm_buf_append_u16(buf, EC_PT_SZ);
509 x = &buf->data[tpm_buf_length(buf)];
510 tpm_buf_append(buf, encoded_key, EC_PT_SZ);
511 tpm_buf_append_u16(buf, EC_PT_SZ);
512 y = &buf->data[tpm_buf_length(buf)];
513 tpm_buf_append(buf, encoded_key, EC_PT_SZ);
514 sg_init_table(s, 2);
515 sg_set_buf(&s[0], x, EC_PT_SZ);
516 sg_set_buf(&s[1], y, EC_PT_SZ);
517
518 kpp = crypto_alloc_kpp("ecdh-nist-p256", CRYPTO_ALG_INTERNAL, 0);
519 if (IS_ERR(kpp)) {
520 dev_err(&chip->dev, "crypto ecdh allocation failed\n");
521 return;
522 }
523
524 buf_len = crypto_ecdh_key_len(&p);
525 if (sizeof(encoded_key) < buf_len) {
526 dev_err(&chip->dev, "salt buffer too small needs %d\n",
527 buf_len);
528 goto out;
529 }
530 crypto_ecdh_encode_key(encoded_key, buf_len, &p);
531 /* this generates a random private key */
532 crypto_kpp_set_secret(kpp, encoded_key, buf_len);
533
534 /* salt is now the public point of this private key */
535 req = kpp_request_alloc(kpp, GFP_KERNEL);
536 if (!req)
537 goto out;
538 kpp_request_set_input(req, NULL, 0);
539 kpp_request_set_output(req, s, EC_PT_SZ*2);
540 crypto_kpp_generate_public_key(req);
541 /*
542 * we're not done: now we have to compute the shared secret
543 * which is our private key multiplied by the tpm_key public
544 * point, we actually only take the x point and discard the y
545 * point and feed it through KDFe to get the final secret salt
546 */
547 sg_set_buf(&s[0], chip->null_ec_key_x, EC_PT_SZ);
548 sg_set_buf(&s[1], chip->null_ec_key_y, EC_PT_SZ);
549 kpp_request_set_input(req, s, EC_PT_SZ*2);
550 sg_init_one(d, auth->salt, EC_PT_SZ);
551 kpp_request_set_output(req, d, EC_PT_SZ);
552 crypto_kpp_compute_shared_secret(req);
553 kpp_request_free(req);
554
555 /*
556 * pass the shared secret through KDFe for salt. Note salt
557 * area is used both for input shared secret and output salt.
558 * This works because KDFe fully consumes the secret before it
559 * writes the salt
560 */
561 tpm2_KDFe(auth->salt, "SECRET", x, chip->null_ec_key_x, auth->salt);
562
563 out:
564 crypto_free_kpp(kpp);
565 }
566
567 /**
568 * tpm_buf_fill_hmac_session() - finalize the session HMAC
569 * @chip: the TPM chip structure
570 * @buf: The buffer to be appended
571 *
572 * This command must not be called until all of the parameters have
573 * been appended to @buf otherwise the computed HMAC will be
574 * incorrect.
575 *
576 * This function computes and fills in the session HMAC using the
577 * session key and, if TPM2_SA_DECRYPT was specified, computes the
578 * encryption key and encrypts the first parameter of the command
579 * buffer with it.
580 *
581 * As with most tpm_buf operations, success is assumed because failure
582 * will be caused by an incorrect programming model and indicated by a
583 * kernel message.
584 */
tpm_buf_fill_hmac_session(struct tpm_chip * chip,struct tpm_buf * buf)585 void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf)
586 {
587 u32 cc, handles, val;
588 struct tpm2_auth *auth = chip->auth;
589 int i;
590 struct tpm_header *head = (struct tpm_header *)buf->data;
591 off_t offset_s = TPM_HEADER_SIZE, offset_p;
592 u8 *hmac = NULL;
593 u32 attrs;
594 u8 cphash[SHA256_DIGEST_SIZE];
595 struct sha256_state sctx;
596
597 if (!auth)
598 return;
599
600 /* save the command code in BE format */
601 auth->ordinal = head->ordinal;
602
603 cc = be32_to_cpu(head->ordinal);
604
605 i = tpm2_find_cc(chip, cc);
606 if (i < 0) {
607 dev_err(&chip->dev, "Command 0x%x not found in TPM\n", cc);
608 return;
609 }
610 attrs = chip->cc_attrs_tbl[i];
611
612 handles = (attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0);
613
614 /*
615 * just check the names, it's easy to make mistakes. This
616 * would happen if someone added a handle via
617 * tpm_buf_append_u32() instead of tpm_buf_append_name()
618 */
619 for (i = 0; i < handles; i++) {
620 u32 handle = tpm_buf_read_u32(buf, &offset_s);
621
622 if (auth->name_h[i] != handle) {
623 dev_err(&chip->dev, "TPM: handle %d wrong for name\n",
624 i);
625 return;
626 }
627 }
628 /* point offset_s to the start of the sessions */
629 val = tpm_buf_read_u32(buf, &offset_s);
630 /* point offset_p to the start of the parameters */
631 offset_p = offset_s + val;
632 for (i = 1; offset_s < offset_p; i++) {
633 u32 handle = tpm_buf_read_u32(buf, &offset_s);
634 u16 len;
635 u8 a;
636
637 /* nonce (already in auth) */
638 len = tpm_buf_read_u16(buf, &offset_s);
639 offset_s += len;
640
641 a = tpm_buf_read_u8(buf, &offset_s);
642
643 len = tpm_buf_read_u16(buf, &offset_s);
644 if (handle == auth->handle && auth->attrs == a) {
645 hmac = &buf->data[offset_s];
646 /*
647 * save our session number so we know which
648 * session in the response belongs to us
649 */
650 auth->session = i;
651 }
652
653 offset_s += len;
654 }
655 if (offset_s != offset_p) {
656 dev_err(&chip->dev, "TPM session length is incorrect\n");
657 return;
658 }
659 if (!hmac) {
660 dev_err(&chip->dev, "TPM could not find HMAC session\n");
661 return;
662 }
663
664 /* encrypt before HMAC */
665 if (auth->attrs & TPM2_SA_DECRYPT) {
666 u16 len;
667
668 /* need key and IV */
669 tpm2_KDFa(auth->session_key, SHA256_DIGEST_SIZE
670 + auth->passphrase_len, "CFB", auth->our_nonce,
671 auth->tpm_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE,
672 auth->scratch);
673
674 len = tpm_buf_read_u16(buf, &offset_p);
675 aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES);
676 aescfb_encrypt(&auth->aes_ctx, &buf->data[offset_p],
677 &buf->data[offset_p], len,
678 auth->scratch + AES_KEY_BYTES);
679 /* reset p to beginning of parameters for HMAC */
680 offset_p -= 2;
681 }
682
683 sha256_init(&sctx);
684 /* ordinal is already BE */
685 sha256_update(&sctx, (u8 *)&head->ordinal, sizeof(head->ordinal));
686 /* add the handle names */
687 for (i = 0; i < handles; i++) {
688 enum tpm2_mso_type mso = tpm2_handle_mso(auth->name_h[i]);
689
690 if (mso == TPM2_MSO_PERSISTENT ||
691 mso == TPM2_MSO_VOLATILE ||
692 mso == TPM2_MSO_NVRAM) {
693 sha256_update(&sctx, auth->name[i],
694 name_size(auth->name[i]));
695 } else {
696 __be32 h = cpu_to_be32(auth->name_h[i]);
697
698 sha256_update(&sctx, (u8 *)&h, 4);
699 }
700 }
701 if (offset_s != tpm_buf_length(buf))
702 sha256_update(&sctx, &buf->data[offset_s],
703 tpm_buf_length(buf) - offset_s);
704 sha256_final(&sctx, cphash);
705
706 /* now calculate the hmac */
707 tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key)
708 + auth->passphrase_len);
709 sha256_update(&sctx, cphash, sizeof(cphash));
710 sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce));
711 sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce));
712 sha256_update(&sctx, &auth->attrs, 1);
713 tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key)
714 + auth->passphrase_len, hmac);
715 }
716 EXPORT_SYMBOL(tpm_buf_fill_hmac_session);
717
718 /**
719 * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness
720 * @chip: the TPM chip structure
721 * @buf: the original command buffer (which now contains the response)
722 * @rc: the return code from tpm_transmit_cmd
723 *
724 * If @rc is non zero, @buf may not contain an actual return, so @rc
725 * is passed through as the return and the session cleaned up and
726 * de-allocated if required (this is required if
727 * TPM2_SA_CONTINUE_SESSION was not specified as a session flag).
728 *
729 * If @rc is zero, the response HMAC is computed against the returned
730 * @buf and matched to the TPM one in the session area. If there is a
731 * mismatch, an error is logged and -EINVAL returned.
732 *
733 * The reason for this is that the command issue and HMAC check
734 * sequence should look like:
735 *
736 * rc = tpm_transmit_cmd(...);
737 * rc = tpm_buf_check_hmac_response(&buf, auth, rc);
738 * if (rc)
739 * ...
740 *
741 * Which is easily layered into the current contrl flow.
742 *
743 * Returns: 0 on success or an error.
744 */
tpm_buf_check_hmac_response(struct tpm_chip * chip,struct tpm_buf * buf,int rc)745 int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf,
746 int rc)
747 {
748 struct tpm_header *head = (struct tpm_header *)buf->data;
749 struct tpm2_auth *auth = chip->auth;
750 off_t offset_s, offset_p;
751 u8 rphash[SHA256_DIGEST_SIZE];
752 u32 attrs, cc;
753 struct sha256_state sctx;
754 u16 tag = be16_to_cpu(head->tag);
755 int parm_len, len, i, handles;
756
757 if (!auth)
758 return rc;
759
760 cc = be32_to_cpu(auth->ordinal);
761
762 if (auth->session >= TPM_HEADER_SIZE) {
763 WARN(1, "tpm session not filled correctly\n");
764 goto out;
765 }
766
767 if (rc != 0)
768 /* pass non success rc through and close the session */
769 goto out;
770
771 rc = -EINVAL;
772 if (tag != TPM2_ST_SESSIONS) {
773 dev_err(&chip->dev, "TPM: HMAC response check has no sessions tag\n");
774 goto out;
775 }
776
777 i = tpm2_find_cc(chip, cc);
778 if (i < 0)
779 goto out;
780 attrs = chip->cc_attrs_tbl[i];
781 handles = (attrs >> TPM2_CC_ATTR_RHANDLE) & 1;
782
783 /* point to area beyond handles */
784 offset_s = TPM_HEADER_SIZE + handles * 4;
785 parm_len = tpm_buf_read_u32(buf, &offset_s);
786 offset_p = offset_s;
787 offset_s += parm_len;
788 /* skip over any sessions before ours */
789 for (i = 0; i < auth->session - 1; i++) {
790 len = tpm_buf_read_u16(buf, &offset_s);
791 offset_s += len + 1;
792 len = tpm_buf_read_u16(buf, &offset_s);
793 offset_s += len;
794 }
795 /* TPM nonce */
796 len = tpm_buf_read_u16(buf, &offset_s);
797 if (offset_s + len > tpm_buf_length(buf))
798 goto out;
799 if (len != SHA256_DIGEST_SIZE)
800 goto out;
801 memcpy(auth->tpm_nonce, &buf->data[offset_s], len);
802 offset_s += len;
803 attrs = tpm_buf_read_u8(buf, &offset_s);
804 len = tpm_buf_read_u16(buf, &offset_s);
805 if (offset_s + len != tpm_buf_length(buf))
806 goto out;
807 if (len != SHA256_DIGEST_SIZE)
808 goto out;
809 /*
810 * offset_s points to the HMAC. now calculate comparison, beginning
811 * with rphash
812 */
813 sha256_init(&sctx);
814 /* yes, I know this is now zero, but it's what the standard says */
815 sha256_update(&sctx, (u8 *)&head->return_code,
816 sizeof(head->return_code));
817 /* ordinal is already BE */
818 sha256_update(&sctx, (u8 *)&auth->ordinal, sizeof(auth->ordinal));
819 sha256_update(&sctx, &buf->data[offset_p], parm_len);
820 sha256_final(&sctx, rphash);
821
822 /* now calculate the hmac */
823 tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key)
824 + auth->passphrase_len);
825 sha256_update(&sctx, rphash, sizeof(rphash));
826 sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce));
827 sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce));
828 sha256_update(&sctx, &auth->attrs, 1);
829 /* we're done with the rphash, so put our idea of the hmac there */
830 tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key)
831 + auth->passphrase_len, rphash);
832 if (memcmp(rphash, &buf->data[offset_s], SHA256_DIGEST_SIZE) == 0) {
833 rc = 0;
834 } else {
835 dev_err(&chip->dev, "TPM: HMAC check failed\n");
836 goto out;
837 }
838
839 /* now do response decryption */
840 if (auth->attrs & TPM2_SA_ENCRYPT) {
841 /* need key and IV */
842 tpm2_KDFa(auth->session_key, SHA256_DIGEST_SIZE
843 + auth->passphrase_len, "CFB", auth->tpm_nonce,
844 auth->our_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE,
845 auth->scratch);
846
847 len = tpm_buf_read_u16(buf, &offset_p);
848 aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES);
849 aescfb_decrypt(&auth->aes_ctx, &buf->data[offset_p],
850 &buf->data[offset_p], len,
851 auth->scratch + AES_KEY_BYTES);
852 }
853
854 out:
855 if ((auth->attrs & TPM2_SA_CONTINUE_SESSION) == 0) {
856 if (rc)
857 /* manually close the session if it wasn't consumed */
858 tpm2_flush_context(chip, auth->handle);
859
860 kfree_sensitive(auth);
861 chip->auth = NULL;
862 } else {
863 /* reset for next use */
864 auth->session = TPM_HEADER_SIZE;
865 }
866
867 return rc;
868 }
869 EXPORT_SYMBOL(tpm_buf_check_hmac_response);
870
871 /**
872 * tpm2_end_auth_session() - kill the allocated auth session
873 * @chip: the TPM chip structure
874 *
875 * ends the session started by tpm2_start_auth_session and frees all
876 * the resources. Under normal conditions,
877 * tpm_buf_check_hmac_response() will correctly end the session if
878 * required, so this function is only for use in error legs that will
879 * bypass the normal invocation of tpm_buf_check_hmac_response().
880 */
tpm2_end_auth_session(struct tpm_chip * chip)881 void tpm2_end_auth_session(struct tpm_chip *chip)
882 {
883 struct tpm2_auth *auth = chip->auth;
884
885 if (!auth)
886 return;
887
888 tpm2_flush_context(chip, auth->handle);
889 kfree_sensitive(auth);
890 chip->auth = NULL;
891 }
892 EXPORT_SYMBOL(tpm2_end_auth_session);
893
tpm2_parse_start_auth_session(struct tpm2_auth * auth,struct tpm_buf * buf)894 static int tpm2_parse_start_auth_session(struct tpm2_auth *auth,
895 struct tpm_buf *buf)
896 {
897 struct tpm_header *head = (struct tpm_header *)buf->data;
898 u32 tot_len = be32_to_cpu(head->length);
899 off_t offset = TPM_HEADER_SIZE;
900 u32 val;
901
902 /* we're starting after the header so adjust the length */
903 tot_len -= TPM_HEADER_SIZE;
904
905 /* should have handle plus nonce */
906 if (tot_len != 4 + 2 + sizeof(auth->tpm_nonce))
907 return -EINVAL;
908
909 auth->handle = tpm_buf_read_u32(buf, &offset);
910 val = tpm_buf_read_u16(buf, &offset);
911 if (val != sizeof(auth->tpm_nonce))
912 return -EINVAL;
913 memcpy(auth->tpm_nonce, &buf->data[offset], sizeof(auth->tpm_nonce));
914 /* now compute the session key from the nonces */
915 tpm2_KDFa(auth->salt, sizeof(auth->salt), "ATH", auth->tpm_nonce,
916 auth->our_nonce, sizeof(auth->session_key),
917 auth->session_key);
918
919 return 0;
920 }
921
tpm2_load_null(struct tpm_chip * chip,u32 * null_key)922 static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key)
923 {
924 unsigned int offset = 0; /* dummy offset for null seed context */
925 u8 name[SHA256_DIGEST_SIZE + 2];
926 u32 tmp_null_key;
927 int rc;
928
929 rc = tpm2_load_context(chip, chip->null_key_context, &offset,
930 &tmp_null_key);
931 if (rc != -EINVAL) {
932 if (!rc)
933 *null_key = tmp_null_key;
934 goto err;
935 }
936
937 /* Try to re-create null key, given the integrity failure: */
938 rc = tpm2_create_primary(chip, TPM2_RH_NULL, &tmp_null_key, name);
939 if (rc)
940 goto err;
941
942 /* Return null key if the name has not been changed: */
943 if (!memcmp(name, chip->null_key_name, sizeof(name))) {
944 *null_key = tmp_null_key;
945 return 0;
946 }
947
948 /* Deduce from the name change TPM interference: */
949 dev_err(&chip->dev, "null key integrity check failed\n");
950 tpm2_flush_context(chip, tmp_null_key);
951 chip->flags |= TPM_CHIP_FLAG_DISABLE;
952
953 err:
954 return rc ? -ENODEV : 0;
955 }
956
957 /**
958 * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
959 * @chip: the TPM chip structure to create the session with
960 *
961 * This function loads the NULL seed from its saved context and starts
962 * an authentication session on the null seed, fills in the
963 * @chip->auth structure to contain all the session details necessary
964 * for performing the HMAC, encrypt and decrypt operations and
965 * returns. The NULL seed is flushed before this function returns.
966 *
967 * Return: zero on success or actual error encountered.
968 */
tpm2_start_auth_session(struct tpm_chip * chip)969 int tpm2_start_auth_session(struct tpm_chip *chip)
970 {
971 struct tpm2_auth *auth;
972 struct tpm_buf buf;
973 u32 null_key;
974 int rc;
975
976 if (chip->auth) {
977 dev_warn_once(&chip->dev, "auth session is active\n");
978 return 0;
979 }
980
981 auth = kzalloc(sizeof(*auth), GFP_KERNEL);
982 if (!auth)
983 return -ENOMEM;
984
985 rc = tpm2_load_null(chip, &null_key);
986 if (rc)
987 goto out;
988
989 auth->session = TPM_HEADER_SIZE;
990
991 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_START_AUTH_SESS);
992 if (rc)
993 goto out;
994
995 /* salt key handle */
996 tpm_buf_append_u32(&buf, null_key);
997 /* bind key handle */
998 tpm_buf_append_u32(&buf, TPM2_RH_NULL);
999 /* nonce caller */
1000 get_random_bytes(auth->our_nonce, sizeof(auth->our_nonce));
1001 tpm_buf_append_u16(&buf, sizeof(auth->our_nonce));
1002 tpm_buf_append(&buf, auth->our_nonce, sizeof(auth->our_nonce));
1003
1004 /* append encrypted salt and squirrel away unencrypted in auth */
1005 tpm_buf_append_salt(&buf, chip, auth);
1006 /* session type (HMAC, audit or policy) */
1007 tpm_buf_append_u8(&buf, TPM2_SE_HMAC);
1008
1009 /* symmetric encryption parameters */
1010 /* symmetric algorithm */
1011 tpm_buf_append_u16(&buf, TPM_ALG_AES);
1012 /* bits for symmetric algorithm */
1013 tpm_buf_append_u16(&buf, AES_KEY_BITS);
1014 /* symmetric algorithm mode (must be CFB) */
1015 tpm_buf_append_u16(&buf, TPM_ALG_CFB);
1016 /* hash algorithm for session */
1017 tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
1018
1019 rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
1020 tpm2_flush_context(chip, null_key);
1021
1022 if (rc == TPM2_RC_SUCCESS)
1023 rc = tpm2_parse_start_auth_session(auth, &buf);
1024
1025 tpm_buf_destroy(&buf);
1026
1027 if (rc == TPM2_RC_SUCCESS) {
1028 chip->auth = auth;
1029 return 0;
1030 }
1031
1032 out:
1033 kfree_sensitive(auth);
1034 return rc;
1035 }
1036 EXPORT_SYMBOL(tpm2_start_auth_session);
1037
1038 /*
1039 * A mask containing the object attributes for the kernel held null primary key
1040 * used in HMAC encryption. For more information on specific attributes look up
1041 * to "8.3 TPMA_OBJECT (Object Attributes)".
1042 */
1043 #define TPM2_OA_NULL_KEY ( \
1044 TPM2_OA_NO_DA | \
1045 TPM2_OA_FIXED_TPM | \
1046 TPM2_OA_FIXED_PARENT | \
1047 TPM2_OA_SENSITIVE_DATA_ORIGIN | \
1048 TPM2_OA_USER_WITH_AUTH | \
1049 TPM2_OA_DECRYPT | \
1050 TPM2_OA_RESTRICTED)
1051
1052 /**
1053 * tpm2_parse_create_primary() - parse the data returned from TPM_CC_CREATE_PRIMARY
1054 *
1055 * @chip: The TPM the primary was created under
1056 * @buf: The response buffer from the chip
1057 * @handle: pointer to be filled in with the return handle of the primary
1058 * @hierarchy: The hierarchy the primary was created for
1059 * @name: pointer to be filled in with the primary key name
1060 *
1061 * Return:
1062 * * 0 - OK
1063 * * -errno - A system error
1064 * * TPM_RC - A TPM error
1065 */
tpm2_parse_create_primary(struct tpm_chip * chip,struct tpm_buf * buf,u32 * handle,u32 hierarchy,u8 * name)1066 static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf,
1067 u32 *handle, u32 hierarchy, u8 *name)
1068 {
1069 struct tpm_header *head = (struct tpm_header *)buf->data;
1070 off_t offset_r = TPM_HEADER_SIZE, offset_t;
1071 u16 len = TPM_HEADER_SIZE;
1072 u32 total_len = be32_to_cpu(head->length);
1073 u32 val, param_len, keyhandle;
1074
1075 keyhandle = tpm_buf_read_u32(buf, &offset_r);
1076 if (handle)
1077 *handle = keyhandle;
1078 else
1079 tpm2_flush_context(chip, keyhandle);
1080
1081 param_len = tpm_buf_read_u32(buf, &offset_r);
1082 /*
1083 * param_len doesn't include the header, but all the other
1084 * lengths and offsets do, so add it to parm len to make
1085 * the comparisons easier
1086 */
1087 param_len += TPM_HEADER_SIZE;
1088
1089 if (param_len + 8 > total_len)
1090 return -EINVAL;
1091 len = tpm_buf_read_u16(buf, &offset_r);
1092 offset_t = offset_r;
1093 if (name) {
1094 /*
1095 * now we have the public area, compute the name of
1096 * the object
1097 */
1098 put_unaligned_be16(TPM_ALG_SHA256, name);
1099 sha256(&buf->data[offset_r], len, name + 2);
1100 }
1101
1102 /* validate the public key */
1103 val = tpm_buf_read_u16(buf, &offset_t);
1104
1105 /* key type (must be what we asked for) */
1106 if (val != TPM_ALG_ECC)
1107 return -EINVAL;
1108 val = tpm_buf_read_u16(buf, &offset_t);
1109
1110 /* name algorithm */
1111 if (val != TPM_ALG_SHA256)
1112 return -EINVAL;
1113 val = tpm_buf_read_u32(buf, &offset_t);
1114
1115 /* object properties */
1116 if (val != TPM2_OA_NULL_KEY)
1117 return -EINVAL;
1118
1119 /* auth policy (empty) */
1120 val = tpm_buf_read_u16(buf, &offset_t);
1121 if (val != 0)
1122 return -EINVAL;
1123
1124 /* symmetric key parameters */
1125 val = tpm_buf_read_u16(buf, &offset_t);
1126 if (val != TPM_ALG_AES)
1127 return -EINVAL;
1128
1129 /* symmetric key length */
1130 val = tpm_buf_read_u16(buf, &offset_t);
1131 if (val != AES_KEY_BITS)
1132 return -EINVAL;
1133
1134 /* symmetric encryption scheme */
1135 val = tpm_buf_read_u16(buf, &offset_t);
1136 if (val != TPM_ALG_CFB)
1137 return -EINVAL;
1138
1139 /* signing scheme */
1140 val = tpm_buf_read_u16(buf, &offset_t);
1141 if (val != TPM_ALG_NULL)
1142 return -EINVAL;
1143
1144 /* ECC Curve */
1145 val = tpm_buf_read_u16(buf, &offset_t);
1146 if (val != TPM2_ECC_NIST_P256)
1147 return -EINVAL;
1148
1149 /* KDF Scheme */
1150 val = tpm_buf_read_u16(buf, &offset_t);
1151 if (val != TPM_ALG_NULL)
1152 return -EINVAL;
1153
1154 /* extract public key (x and y points) */
1155 val = tpm_buf_read_u16(buf, &offset_t);
1156 if (val != EC_PT_SZ)
1157 return -EINVAL;
1158 memcpy(chip->null_ec_key_x, &buf->data[offset_t], val);
1159 offset_t += val;
1160 val = tpm_buf_read_u16(buf, &offset_t);
1161 if (val != EC_PT_SZ)
1162 return -EINVAL;
1163 memcpy(chip->null_ec_key_y, &buf->data[offset_t], val);
1164 offset_t += val;
1165
1166 /* original length of the whole TPM2B */
1167 offset_r += len;
1168
1169 /* should have exactly consumed the TPM2B public structure */
1170 if (offset_t != offset_r)
1171 return -EINVAL;
1172 if (offset_r > param_len)
1173 return -EINVAL;
1174
1175 /* creation data (skip) */
1176 len = tpm_buf_read_u16(buf, &offset_r);
1177 offset_r += len;
1178 if (offset_r > param_len)
1179 return -EINVAL;
1180
1181 /* creation digest (must be sha256) */
1182 len = tpm_buf_read_u16(buf, &offset_r);
1183 offset_r += len;
1184 if (len != SHA256_DIGEST_SIZE || offset_r > param_len)
1185 return -EINVAL;
1186
1187 /* TPMT_TK_CREATION follows */
1188 /* tag, must be TPM_ST_CREATION (0x8021) */
1189 val = tpm_buf_read_u16(buf, &offset_r);
1190 if (val != TPM2_ST_CREATION || offset_r > param_len)
1191 return -EINVAL;
1192
1193 /* hierarchy */
1194 val = tpm_buf_read_u32(buf, &offset_r);
1195 if (val != hierarchy || offset_r > param_len)
1196 return -EINVAL;
1197
1198 /* the ticket digest HMAC (might not be sha256) */
1199 len = tpm_buf_read_u16(buf, &offset_r);
1200 offset_r += len;
1201 if (offset_r > param_len)
1202 return -EINVAL;
1203
1204 /*
1205 * finally we have the name, which is a sha256 digest plus a 2
1206 * byte algorithm type
1207 */
1208 len = tpm_buf_read_u16(buf, &offset_r);
1209 if (offset_r + len != param_len + 8)
1210 return -EINVAL;
1211 if (len != SHA256_DIGEST_SIZE + 2)
1212 return -EINVAL;
1213
1214 if (memcmp(chip->null_key_name, &buf->data[offset_r],
1215 SHA256_DIGEST_SIZE + 2) != 0) {
1216 dev_err(&chip->dev, "NULL Seed name comparison failed\n");
1217 return -EINVAL;
1218 }
1219
1220 return 0;
1221 }
1222
1223 /**
1224 * tpm2_create_primary() - create a primary key using a fixed P-256 template
1225 *
1226 * @chip: the TPM chip to create under
1227 * @hierarchy: The hierarchy handle to create under
1228 * @handle: The returned volatile handle on success
1229 * @name: The name of the returned key
1230 *
1231 * For platforms that might not have a persistent primary, this can be
1232 * used to create one quickly on the fly (it uses Elliptic Curve not
1233 * RSA, so even slow TPMs can create one fast). The template uses the
1234 * TCG mandated H one for non-endorsement ECC primaries, i.e. P-256
1235 * elliptic curve (the only current one all TPM2s are required to
1236 * have) a sha256 name hash and no policy.
1237 *
1238 * Return:
1239 * * 0 - OK
1240 * * -errno - A system error
1241 * * TPM_RC - A TPM error
1242 */
tpm2_create_primary(struct tpm_chip * chip,u32 hierarchy,u32 * handle,u8 * name)1243 static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy,
1244 u32 *handle, u8 *name)
1245 {
1246 int rc;
1247 struct tpm_buf buf;
1248 struct tpm_buf template;
1249
1250 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE_PRIMARY);
1251 if (rc)
1252 return rc;
1253
1254 rc = tpm_buf_init_sized(&template);
1255 if (rc) {
1256 tpm_buf_destroy(&buf);
1257 return rc;
1258 }
1259
1260 /*
1261 * create the template. Note: in order for userspace to
1262 * verify the security of the system, it will have to create
1263 * and certify this NULL primary, meaning all the template
1264 * parameters will have to be identical, so conform exactly to
1265 * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC
1266 * key H template (H has zero size unique points)
1267 */
1268
1269 /* key type */
1270 tpm_buf_append_u16(&template, TPM_ALG_ECC);
1271
1272 /* name algorithm */
1273 tpm_buf_append_u16(&template, TPM_ALG_SHA256);
1274
1275 /* object properties */
1276 tpm_buf_append_u32(&template, TPM2_OA_NULL_KEY);
1277
1278 /* sauth policy (empty) */
1279 tpm_buf_append_u16(&template, 0);
1280
1281 /* BEGIN parameters: key specific; for ECC*/
1282
1283 /* symmetric algorithm */
1284 tpm_buf_append_u16(&template, TPM_ALG_AES);
1285
1286 /* bits for symmetric algorithm */
1287 tpm_buf_append_u16(&template, AES_KEY_BITS);
1288
1289 /* algorithm mode (must be CFB) */
1290 tpm_buf_append_u16(&template, TPM_ALG_CFB);
1291
1292 /* scheme (NULL means any scheme) */
1293 tpm_buf_append_u16(&template, TPM_ALG_NULL);
1294
1295 /* ECC Curve ID */
1296 tpm_buf_append_u16(&template, TPM2_ECC_NIST_P256);
1297
1298 /* KDF Scheme */
1299 tpm_buf_append_u16(&template, TPM_ALG_NULL);
1300
1301 /* unique: key specific; for ECC it is two zero size points */
1302 tpm_buf_append_u16(&template, 0);
1303 tpm_buf_append_u16(&template, 0);
1304
1305 /* END parameters */
1306
1307 /* primary handle */
1308 tpm_buf_append_u32(&buf, hierarchy);
1309 tpm_buf_append_empty_auth(&buf, TPM2_RS_PW);
1310
1311 /* sensitive create size is 4 for two empty buffers */
1312 tpm_buf_append_u16(&buf, 4);
1313
1314 /* sensitive create auth data (empty) */
1315 tpm_buf_append_u16(&buf, 0);
1316
1317 /* sensitive create sensitive data (empty) */
1318 tpm_buf_append_u16(&buf, 0);
1319
1320 /* the public template */
1321 tpm_buf_append(&buf, template.data, template.length);
1322 tpm_buf_destroy(&template);
1323
1324 /* outside info (empty) */
1325 tpm_buf_append_u16(&buf, 0);
1326
1327 /* creation PCR (none) */
1328 tpm_buf_append_u32(&buf, 0);
1329
1330 rc = tpm_transmit_cmd(chip, &buf, 0,
1331 "attempting to create NULL primary");
1332
1333 if (rc == TPM2_RC_SUCCESS)
1334 rc = tpm2_parse_create_primary(chip, &buf, handle, hierarchy,
1335 name);
1336
1337 tpm_buf_destroy(&buf);
1338
1339 return rc;
1340 }
1341
tpm2_create_null_primary(struct tpm_chip * chip)1342 static int tpm2_create_null_primary(struct tpm_chip *chip)
1343 {
1344 u32 null_key;
1345 int rc;
1346
1347 rc = tpm2_create_primary(chip, TPM2_RH_NULL, &null_key,
1348 chip->null_key_name);
1349
1350 if (rc == TPM2_RC_SUCCESS) {
1351 unsigned int offset = 0; /* dummy offset for null key context */
1352
1353 rc = tpm2_save_context(chip, null_key, chip->null_key_context,
1354 sizeof(chip->null_key_context), &offset);
1355 tpm2_flush_context(chip, null_key);
1356 }
1357
1358 return rc;
1359 }
1360
1361 /**
1362 * tpm2_sessions_init() - start of day initialization for the sessions code
1363 * @chip: TPM chip
1364 *
1365 * Derive and context save the null primary and allocate memory in the
1366 * struct tpm_chip for the authorizations.
1367 *
1368 * Return:
1369 * * 0 - OK
1370 * * -errno - A system error
1371 * * TPM_RC - A TPM error
1372 */
tpm2_sessions_init(struct tpm_chip * chip)1373 int tpm2_sessions_init(struct tpm_chip *chip)
1374 {
1375 int rc;
1376
1377 rc = tpm2_create_null_primary(chip);
1378 if (rc) {
1379 dev_err(&chip->dev, "null key creation failed with %d\n", rc);
1380 return rc;
1381 }
1382
1383 return rc;
1384 }
1385 EXPORT_SYMBOL(tpm2_sessions_init);
1386 #endif /* CONFIG_TCG_TPM2_HMAC */
1387