1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2010 IBM Corporation 4 * Copyright (c) 2019-2021, Linaro Limited 5 * 6 * See Documentation/security/keys/trusted-encrypted.rst 7 */ 8 9 #include <crypto/hash_info.h> 10 #include <crypto/sha1.h> 11 #include <crypto/utils.h> 12 #include <linux/init.h> 13 #include <linux/slab.h> 14 #include <linux/parser.h> 15 #include <linux/string.h> 16 #include <linux/err.h> 17 #include <keys/trusted-type.h> 18 #include <linux/key-type.h> 19 #include <linux/tpm.h> 20 #include <linux/tpm_command.h> 21 22 #include <keys/trusted_tpm.h> 23 24 static struct tpm_chip *chip; 25 static struct tpm_digest *digests; 26 27 static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, 28 unsigned int keylen, ...) 29 { 30 struct hmac_sha1_ctx hmac_ctx; 31 va_list argp; 32 unsigned int dlen; 33 unsigned char *data; 34 int ret = 0; 35 36 hmac_sha1_init_usingrawkey(&hmac_ctx, key, keylen); 37 38 va_start(argp, keylen); 39 for (;;) { 40 dlen = va_arg(argp, unsigned int); 41 if (dlen == 0) 42 break; 43 data = va_arg(argp, unsigned char *); 44 if (data == NULL) { 45 ret = -EINVAL; 46 break; 47 } 48 hmac_sha1_update(&hmac_ctx, data, dlen); 49 } 50 va_end(argp); 51 if (!ret) 52 hmac_sha1_final(&hmac_ctx, digest); 53 return ret; 54 } 55 56 /* 57 * calculate authorization info fields to send to TPM 58 */ 59 int TSS_authhmac(unsigned char *digest, const unsigned char *key, 60 unsigned int keylen, unsigned char *h1, 61 unsigned char *h2, unsigned int h3, ...) 62 { 63 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 64 struct sha1_ctx sha_ctx; 65 unsigned int dlen; 66 unsigned char *data; 67 unsigned char c; 68 int ret = 0; 69 va_list argp; 70 71 if (!chip) 72 return -ENODEV; 73 74 c = !!h3; 75 sha1_init(&sha_ctx); 76 va_start(argp, h3); 77 for (;;) { 78 dlen = va_arg(argp, unsigned int); 79 if (dlen == 0) 80 break; 81 data = va_arg(argp, unsigned char *); 82 if (!data) { 83 ret = -EINVAL; 84 break; 85 } 86 sha1_update(&sha_ctx, data, dlen); 87 } 88 va_end(argp); 89 if (!ret) 90 sha1_final(&sha_ctx, paramdigest); 91 if (!ret) 92 ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, 93 paramdigest, TPM_NONCE_SIZE, h1, 94 TPM_NONCE_SIZE, h2, 1, &c, 0, 0); 95 return ret; 96 } 97 EXPORT_SYMBOL_GPL(TSS_authhmac); 98 99 /* 100 * verify the AUTH1_COMMAND (Seal) result from TPM 101 */ 102 int TSS_checkhmac1(unsigned char *buffer, 103 const uint32_t command, 104 const unsigned char *ononce, 105 const unsigned char *key, 106 unsigned int keylen, ...) 107 { 108 uint32_t bufsize; 109 uint16_t tag; 110 uint32_t ordinal; 111 uint32_t result; 112 unsigned char *enonce; 113 unsigned char *continueflag; 114 unsigned char *authdata; 115 unsigned char testhmac[SHA1_DIGEST_SIZE]; 116 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 117 struct sha1_ctx sha_ctx; 118 unsigned int dlen; 119 unsigned int dpos; 120 va_list argp; 121 int ret; 122 123 if (!chip) 124 return -ENODEV; 125 126 bufsize = LOAD32(buffer, TPM_SIZE_OFFSET); 127 tag = LOAD16(buffer, 0); 128 ordinal = command; 129 result = LOAD32N(buffer, TPM_RETURN_OFFSET); 130 if (tag == TPM_TAG_RSP_COMMAND) 131 return 0; 132 if (tag != TPM_TAG_RSP_AUTH1_COMMAND) 133 return -EINVAL; 134 authdata = buffer + bufsize - SHA1_DIGEST_SIZE; 135 continueflag = authdata - 1; 136 enonce = continueflag - TPM_NONCE_SIZE; 137 138 sha1_init(&sha_ctx); 139 sha1_update(&sha_ctx, (const u8 *)&result, sizeof(result)); 140 sha1_update(&sha_ctx, (const u8 *)&ordinal, sizeof(ordinal)); 141 va_start(argp, keylen); 142 for (;;) { 143 dlen = va_arg(argp, unsigned int); 144 if (dlen == 0) 145 break; 146 dpos = va_arg(argp, unsigned int); 147 sha1_update(&sha_ctx, buffer + dpos, dlen); 148 } 149 va_end(argp); 150 sha1_final(&sha_ctx, paramdigest); 151 152 ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest, 153 TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce, 154 1, continueflag, 0, 0); 155 if (ret < 0) 156 return ret; 157 158 if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) 159 return -EINVAL; 160 return 0; 161 } 162 EXPORT_SYMBOL_GPL(TSS_checkhmac1); 163 164 /* 165 * verify the AUTH2_COMMAND (unseal) result from TPM 166 */ 167 static int TSS_checkhmac2(unsigned char *buffer, 168 const uint32_t command, 169 const unsigned char *ononce, 170 const unsigned char *key1, 171 unsigned int keylen1, 172 const unsigned char *key2, 173 unsigned int keylen2, ...) 174 { 175 uint32_t bufsize; 176 uint16_t tag; 177 uint32_t ordinal; 178 uint32_t result; 179 unsigned char *enonce1; 180 unsigned char *continueflag1; 181 unsigned char *authdata1; 182 unsigned char *enonce2; 183 unsigned char *continueflag2; 184 unsigned char *authdata2; 185 unsigned char testhmac1[SHA1_DIGEST_SIZE]; 186 unsigned char testhmac2[SHA1_DIGEST_SIZE]; 187 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 188 struct sha1_ctx sha_ctx; 189 unsigned int dlen; 190 unsigned int dpos; 191 va_list argp; 192 int ret; 193 194 bufsize = LOAD32(buffer, TPM_SIZE_OFFSET); 195 tag = LOAD16(buffer, 0); 196 ordinal = command; 197 result = LOAD32N(buffer, TPM_RETURN_OFFSET); 198 199 if (tag == TPM_TAG_RSP_COMMAND) 200 return 0; 201 if (tag != TPM_TAG_RSP_AUTH2_COMMAND) 202 return -EINVAL; 203 authdata1 = buffer + bufsize - (SHA1_DIGEST_SIZE + 1 204 + SHA1_DIGEST_SIZE + SHA1_DIGEST_SIZE); 205 authdata2 = buffer + bufsize - (SHA1_DIGEST_SIZE); 206 continueflag1 = authdata1 - 1; 207 continueflag2 = authdata2 - 1; 208 enonce1 = continueflag1 - TPM_NONCE_SIZE; 209 enonce2 = continueflag2 - TPM_NONCE_SIZE; 210 211 sha1_init(&sha_ctx); 212 sha1_update(&sha_ctx, (const u8 *)&result, sizeof(result)); 213 sha1_update(&sha_ctx, (const u8 *)&ordinal, sizeof(ordinal)); 214 215 va_start(argp, keylen2); 216 for (;;) { 217 dlen = va_arg(argp, unsigned int); 218 if (dlen == 0) 219 break; 220 dpos = va_arg(argp, unsigned int); 221 sha1_update(&sha_ctx, buffer + dpos, dlen); 222 } 223 va_end(argp); 224 sha1_final(&sha_ctx, paramdigest); 225 226 ret = TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE, 227 paramdigest, TPM_NONCE_SIZE, enonce1, 228 TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); 229 if (ret < 0) 230 return ret; 231 if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) 232 return -EINVAL; 233 ret = TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE, 234 paramdigest, TPM_NONCE_SIZE, enonce2, 235 TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); 236 if (ret < 0) 237 return ret; 238 if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE)) 239 return -EINVAL; 240 return 0; 241 } 242 243 /* 244 * For key specific tpm requests, we will generate and send our 245 * own TPM command packets using the drivers send function. 246 */ 247 int trusted_tpm_send(unsigned char *cmd, size_t buflen) 248 { 249 struct tpm_buf buf; 250 int rc; 251 252 if (!chip) 253 return -ENODEV; 254 255 rc = tpm_try_get_ops(chip); 256 if (rc) 257 return rc; 258 259 buf.flags = 0; 260 buf.length = buflen; 261 buf.data = cmd; 262 dump_tpm_buf(cmd); 263 rc = tpm_transmit_cmd(chip, &buf, 4, "sending data"); 264 dump_tpm_buf(cmd); 265 266 if (rc > 0) 267 /* TPM error */ 268 rc = -EPERM; 269 270 tpm_put_ops(chip); 271 return rc; 272 } 273 EXPORT_SYMBOL_GPL(trusted_tpm_send); 274 275 /* 276 * Lock a trusted key, by extending a selected PCR. 277 * 278 * Prevents a trusted key that is sealed to PCRs from being accessed. 279 * This uses the tpm driver's extend function. 280 */ 281 static int pcrlock(const int pcrnum) 282 { 283 if (!capable(CAP_SYS_ADMIN)) 284 return -EPERM; 285 286 return tpm_pcr_extend(chip, pcrnum, digests) ? -EINVAL : 0; 287 } 288 289 /* 290 * Create an object specific authorisation protocol (OSAP) session 291 */ 292 static int osap(struct tpm_buf *tb, struct osapsess *s, 293 const unsigned char *key, uint16_t type, uint32_t handle) 294 { 295 unsigned char enonce[TPM_NONCE_SIZE]; 296 unsigned char ononce[TPM_NONCE_SIZE]; 297 int ret; 298 299 ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE); 300 if (ret < 0) 301 return ret; 302 303 if (ret != TPM_NONCE_SIZE) 304 return -EIO; 305 306 tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_OSAP); 307 tpm_buf_append_u16(tb, type); 308 tpm_buf_append_u32(tb, handle); 309 tpm_buf_append(tb, ononce, TPM_NONCE_SIZE); 310 311 ret = trusted_tpm_send(tb->data, tb->length); 312 if (ret < 0) 313 return ret; 314 315 s->handle = LOAD32(tb->data, TPM_DATA_OFFSET); 316 memcpy(s->enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)]), 317 TPM_NONCE_SIZE); 318 memcpy(enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t) + 319 TPM_NONCE_SIZE]), TPM_NONCE_SIZE); 320 return TSS_rawhmac(s->secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE, 321 enonce, TPM_NONCE_SIZE, ononce, 0, 0); 322 } 323 324 /* 325 * Create an object independent authorisation protocol (oiap) session 326 */ 327 int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) 328 { 329 int ret; 330 331 if (!chip) 332 return -ENODEV; 333 334 tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_OIAP); 335 ret = trusted_tpm_send(tb->data, tb->length); 336 if (ret < 0) 337 return ret; 338 339 *handle = LOAD32(tb->data, TPM_DATA_OFFSET); 340 memcpy(nonce, &tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)], 341 TPM_NONCE_SIZE); 342 return 0; 343 } 344 EXPORT_SYMBOL_GPL(oiap); 345 346 struct tpm_digests { 347 unsigned char encauth[SHA1_DIGEST_SIZE]; 348 unsigned char pubauth[SHA1_DIGEST_SIZE]; 349 unsigned char xorwork[SHA1_DIGEST_SIZE * 2]; 350 unsigned char xorhash[SHA1_DIGEST_SIZE]; 351 unsigned char nonceodd[TPM_NONCE_SIZE]; 352 }; 353 354 /* 355 * Have the TPM seal(encrypt) the trusted key, possibly based on 356 * Platform Configuration Registers (PCRs). AUTH1 for sealing key. 357 */ 358 static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, 359 uint32_t keyhandle, const unsigned char *keyauth, 360 const unsigned char *data, uint32_t datalen, 361 unsigned char *blob, uint32_t *bloblen, 362 const unsigned char *blobauth, 363 const unsigned char *pcrinfo, uint32_t pcrinfosize) 364 { 365 struct osapsess sess; 366 struct tpm_digests *td; 367 unsigned char cont; 368 uint32_t ordinal; 369 uint32_t pcrsize; 370 uint32_t datsize; 371 int sealinfosize; 372 int encdatasize; 373 int storedsize; 374 int ret; 375 int i; 376 377 /* alloc some work space for all the hashes */ 378 td = kmalloc(sizeof *td, GFP_KERNEL); 379 if (!td) 380 return -ENOMEM; 381 382 /* get session for sealing key */ 383 ret = osap(tb, &sess, keyauth, keytype, keyhandle); 384 if (ret < 0) 385 goto out; 386 dump_sess(&sess); 387 388 /* calculate encrypted authorization value */ 389 memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE); 390 memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); 391 sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); 392 393 ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE); 394 if (ret < 0) 395 goto out; 396 397 if (ret != TPM_NONCE_SIZE) { 398 ret = -EIO; 399 goto out; 400 } 401 402 ordinal = htonl(TPM_ORD_SEAL); 403 datsize = htonl(datalen); 404 pcrsize = htonl(pcrinfosize); 405 cont = 0; 406 407 /* encrypt data authorization key */ 408 for (i = 0; i < SHA1_DIGEST_SIZE; ++i) 409 td->encauth[i] = td->xorhash[i] ^ blobauth[i]; 410 411 /* calculate authorization HMAC value */ 412 if (pcrinfosize == 0) { 413 /* no pcr info specified */ 414 ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE, 415 sess.enonce, td->nonceodd, cont, 416 sizeof(uint32_t), &ordinal, SHA1_DIGEST_SIZE, 417 td->encauth, sizeof(uint32_t), &pcrsize, 418 sizeof(uint32_t), &datsize, datalen, data, 0, 419 0); 420 } else { 421 /* pcr info specified */ 422 ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE, 423 sess.enonce, td->nonceodd, cont, 424 sizeof(uint32_t), &ordinal, SHA1_DIGEST_SIZE, 425 td->encauth, sizeof(uint32_t), &pcrsize, 426 pcrinfosize, pcrinfo, sizeof(uint32_t), 427 &datsize, datalen, data, 0, 0); 428 } 429 if (ret < 0) 430 goto out; 431 432 /* build and send the TPM request packet */ 433 tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_SEAL); 434 tpm_buf_append_u32(tb, keyhandle); 435 tpm_buf_append(tb, td->encauth, SHA1_DIGEST_SIZE); 436 tpm_buf_append_u32(tb, pcrinfosize); 437 tpm_buf_append(tb, pcrinfo, pcrinfosize); 438 tpm_buf_append_u32(tb, datalen); 439 tpm_buf_append(tb, data, datalen); 440 tpm_buf_append_u32(tb, sess.handle); 441 tpm_buf_append(tb, td->nonceodd, TPM_NONCE_SIZE); 442 tpm_buf_append_u8(tb, cont); 443 tpm_buf_append(tb, td->pubauth, SHA1_DIGEST_SIZE); 444 445 ret = trusted_tpm_send(tb->data, tb->length); 446 if (ret < 0) 447 goto out; 448 449 /* calculate the size of the returned Blob */ 450 sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); 451 encdatasize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t) + 452 sizeof(uint32_t) + sealinfosize); 453 storedsize = sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize + 454 sizeof(uint32_t) + encdatasize; 455 456 /* check the HMAC in the response */ 457 ret = TSS_checkhmac1(tb->data, ordinal, td->nonceodd, sess.secret, 458 SHA1_DIGEST_SIZE, storedsize, TPM_DATA_OFFSET, 0, 459 0); 460 461 /* copy the returned blob to caller */ 462 if (!ret) { 463 memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); 464 *bloblen = storedsize; 465 } 466 out: 467 kfree_sensitive(td); 468 return ret; 469 } 470 471 /* 472 * use the AUTH2_COMMAND form of unseal, to authorize both key and blob 473 */ 474 static int tpm_unseal(struct tpm_buf *tb, 475 uint32_t keyhandle, const unsigned char *keyauth, 476 const unsigned char *blob, int bloblen, 477 const unsigned char *blobauth, 478 unsigned char *data, unsigned int *datalen) 479 { 480 unsigned char nonceodd[TPM_NONCE_SIZE]; 481 unsigned char enonce1[TPM_NONCE_SIZE]; 482 unsigned char enonce2[TPM_NONCE_SIZE]; 483 unsigned char authdata1[SHA1_DIGEST_SIZE]; 484 unsigned char authdata2[SHA1_DIGEST_SIZE]; 485 uint32_t authhandle1 = 0; 486 uint32_t authhandle2 = 0; 487 unsigned char cont = 0; 488 uint32_t ordinal; 489 int ret; 490 491 /* sessions for unsealing key and data */ 492 ret = oiap(tb, &authhandle1, enonce1); 493 if (ret < 0) { 494 pr_info("oiap failed (%d)\n", ret); 495 return ret; 496 } 497 ret = oiap(tb, &authhandle2, enonce2); 498 if (ret < 0) { 499 pr_info("oiap failed (%d)\n", ret); 500 return ret; 501 } 502 503 ordinal = htonl(TPM_ORD_UNSEAL); 504 ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE); 505 if (ret < 0) 506 return ret; 507 508 if (ret != TPM_NONCE_SIZE) { 509 pr_info("tpm_get_random failed (%d)\n", ret); 510 return -EIO; 511 } 512 ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE, 513 enonce1, nonceodd, cont, sizeof(uint32_t), 514 &ordinal, bloblen, blob, 0, 0); 515 if (ret < 0) 516 return ret; 517 ret = TSS_authhmac(authdata2, blobauth, TPM_NONCE_SIZE, 518 enonce2, nonceodd, cont, sizeof(uint32_t), 519 &ordinal, bloblen, blob, 0, 0); 520 if (ret < 0) 521 return ret; 522 523 /* build and send TPM request packet */ 524 tpm_buf_reset(tb, TPM_TAG_RQU_AUTH2_COMMAND, TPM_ORD_UNSEAL); 525 tpm_buf_append_u32(tb, keyhandle); 526 tpm_buf_append(tb, blob, bloblen); 527 tpm_buf_append_u32(tb, authhandle1); 528 tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE); 529 tpm_buf_append_u8(tb, cont); 530 tpm_buf_append(tb, authdata1, SHA1_DIGEST_SIZE); 531 tpm_buf_append_u32(tb, authhandle2); 532 tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE); 533 tpm_buf_append_u8(tb, cont); 534 tpm_buf_append(tb, authdata2, SHA1_DIGEST_SIZE); 535 536 ret = trusted_tpm_send(tb->data, tb->length); 537 if (ret < 0) { 538 pr_info("authhmac failed (%d)\n", ret); 539 return ret; 540 } 541 542 *datalen = LOAD32(tb->data, TPM_DATA_OFFSET); 543 ret = TSS_checkhmac2(tb->data, ordinal, nonceodd, 544 keyauth, SHA1_DIGEST_SIZE, 545 blobauth, SHA1_DIGEST_SIZE, 546 sizeof(uint32_t), TPM_DATA_OFFSET, 547 *datalen, TPM_DATA_OFFSET + sizeof(uint32_t), 0, 548 0); 549 if (ret < 0) { 550 pr_info("TSS_checkhmac2 failed (%d)\n", ret); 551 return ret; 552 } 553 memcpy(data, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t), *datalen); 554 return 0; 555 } 556 557 /* 558 * Have the TPM seal(encrypt) the symmetric key 559 */ 560 static int key_seal(struct trusted_key_payload *p, 561 struct trusted_key_options *o) 562 { 563 struct tpm_buf tb; 564 int ret; 565 566 ret = tpm_buf_init(&tb, 0, 0); 567 if (ret) 568 return ret; 569 570 /* include migratable flag at end of sealed key */ 571 p->key[p->key_len] = p->migratable; 572 573 ret = tpm_seal(&tb, o->keytype, o->keyhandle, o->keyauth, 574 p->key, p->key_len + 1, p->blob, &p->blob_len, 575 o->blobauth, o->pcrinfo, o->pcrinfo_len); 576 if (ret < 0) 577 pr_info("srkseal failed (%d)\n", ret); 578 579 tpm_buf_destroy(&tb); 580 return ret; 581 } 582 583 /* 584 * Have the TPM unseal(decrypt) the symmetric key 585 */ 586 static int key_unseal(struct trusted_key_payload *p, 587 struct trusted_key_options *o) 588 { 589 struct tpm_buf tb; 590 int ret; 591 592 ret = tpm_buf_init(&tb, 0, 0); 593 if (ret) 594 return ret; 595 596 ret = tpm_unseal(&tb, o->keyhandle, o->keyauth, p->blob, p->blob_len, 597 o->blobauth, p->key, &p->key_len); 598 if (ret < 0) 599 pr_info("srkunseal failed (%d)\n", ret); 600 else 601 /* pull migratable flag out of sealed key */ 602 p->migratable = p->key[--p->key_len]; 603 604 tpm_buf_destroy(&tb); 605 return ret; 606 } 607 608 enum { 609 Opt_err, 610 Opt_keyhandle, Opt_keyauth, Opt_blobauth, 611 Opt_pcrinfo, Opt_pcrlock, Opt_migratable, 612 Opt_hash, 613 Opt_policydigest, 614 Opt_policyhandle, 615 }; 616 617 static const match_table_t key_tokens = { 618 {Opt_keyhandle, "keyhandle=%s"}, 619 {Opt_keyauth, "keyauth=%s"}, 620 {Opt_blobauth, "blobauth=%s"}, 621 {Opt_pcrinfo, "pcrinfo=%s"}, 622 {Opt_pcrlock, "pcrlock=%s"}, 623 {Opt_migratable, "migratable=%s"}, 624 {Opt_hash, "hash=%s"}, 625 {Opt_policydigest, "policydigest=%s"}, 626 {Opt_policyhandle, "policyhandle=%s"}, 627 {Opt_err, NULL} 628 }; 629 630 /* can have zero or more token= options */ 631 static int getoptions(char *c, struct trusted_key_payload *pay, 632 struct trusted_key_options *opt) 633 { 634 substring_t args[MAX_OPT_ARGS]; 635 char *p = c; 636 int token; 637 int res; 638 unsigned long handle; 639 unsigned long lock; 640 unsigned long token_mask = 0; 641 unsigned int digest_len; 642 int i; 643 int tpm2; 644 645 tpm2 = tpm_is_tpm2(chip); 646 if (tpm2 < 0) 647 return tpm2; 648 649 opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1; 650 651 if (!c) 652 return 0; 653 654 while ((p = strsep(&c, " \t"))) { 655 if (*p == '\0' || *p == ' ' || *p == '\t') 656 continue; 657 token = match_token(p, key_tokens, args); 658 if (test_and_set_bit(token, &token_mask)) 659 return -EINVAL; 660 661 switch (token) { 662 case Opt_pcrinfo: 663 opt->pcrinfo_len = strlen(args[0].from) / 2; 664 if (opt->pcrinfo_len > MAX_PCRINFO_SIZE) 665 return -EINVAL; 666 res = hex2bin(opt->pcrinfo, args[0].from, 667 opt->pcrinfo_len); 668 if (res < 0) 669 return -EINVAL; 670 break; 671 case Opt_keyhandle: 672 res = kstrtoul(args[0].from, 16, &handle); 673 if (res < 0) 674 return -EINVAL; 675 opt->keytype = SEAL_keytype; 676 opt->keyhandle = handle; 677 break; 678 case Opt_keyauth: 679 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) 680 return -EINVAL; 681 res = hex2bin(opt->keyauth, args[0].from, 682 SHA1_DIGEST_SIZE); 683 if (res < 0) 684 return -EINVAL; 685 break; 686 case Opt_blobauth: 687 /* 688 * TPM 1.2 authorizations are sha1 hashes passed in as 689 * hex strings. TPM 2.0 authorizations are simple 690 * passwords (although it can take a hash as well) 691 */ 692 opt->blobauth_len = strlen(args[0].from); 693 694 if (opt->blobauth_len == 2 * TPM_DIGEST_SIZE) { 695 res = hex2bin(opt->blobauth, args[0].from, 696 TPM_DIGEST_SIZE); 697 if (res < 0) 698 return -EINVAL; 699 700 opt->blobauth_len = TPM_DIGEST_SIZE; 701 break; 702 } 703 704 if (tpm2 && opt->blobauth_len <= sizeof(opt->blobauth)) { 705 memcpy(opt->blobauth, args[0].from, 706 opt->blobauth_len); 707 break; 708 } 709 710 return -EINVAL; 711 712 break; 713 714 case Opt_migratable: 715 if (*args[0].from == '0') 716 pay->migratable = 0; 717 else if (*args[0].from != '1') 718 return -EINVAL; 719 break; 720 case Opt_pcrlock: 721 res = kstrtoul(args[0].from, 10, &lock); 722 if (res < 0) 723 return -EINVAL; 724 opt->pcrlock = lock; 725 break; 726 case Opt_hash: 727 if (test_bit(Opt_policydigest, &token_mask)) 728 return -EINVAL; 729 for (i = 0; i < HASH_ALGO__LAST; i++) { 730 if (!strcmp(args[0].from, hash_algo_name[i])) { 731 opt->hash = i; 732 break; 733 } 734 } 735 if (i == HASH_ALGO__LAST) 736 return -EINVAL; 737 if (!tpm2 && i != HASH_ALGO_SHA1) { 738 pr_info("TPM 1.x only supports SHA-1.\n"); 739 return -EINVAL; 740 } 741 break; 742 case Opt_policydigest: 743 digest_len = hash_digest_size[opt->hash]; 744 if (!tpm2 || strlen(args[0].from) != (2 * digest_len)) 745 return -EINVAL; 746 res = hex2bin(opt->policydigest, args[0].from, 747 digest_len); 748 if (res < 0) 749 return -EINVAL; 750 opt->policydigest_len = digest_len; 751 break; 752 case Opt_policyhandle: 753 if (!tpm2) 754 return -EINVAL; 755 res = kstrtoul(args[0].from, 16, &handle); 756 if (res < 0) 757 return -EINVAL; 758 opt->policyhandle = handle; 759 break; 760 default: 761 return -EINVAL; 762 } 763 } 764 return 0; 765 } 766 767 static struct trusted_key_options *trusted_options_alloc(void) 768 { 769 struct trusted_key_options *options; 770 int tpm2; 771 772 tpm2 = tpm_is_tpm2(chip); 773 if (tpm2 < 0) 774 return NULL; 775 776 options = kzalloc(sizeof *options, GFP_KERNEL); 777 if (options) { 778 /* set any non-zero defaults */ 779 options->keytype = SRK_keytype; 780 781 if (!tpm2) 782 options->keyhandle = SRKHANDLE; 783 } 784 return options; 785 } 786 787 static int trusted_tpm_seal(struct trusted_key_payload *p, char *datablob) 788 { 789 struct trusted_key_options *options = NULL; 790 int ret = 0; 791 int tpm2; 792 793 tpm2 = tpm_is_tpm2(chip); 794 if (tpm2 < 0) 795 return tpm2; 796 797 options = trusted_options_alloc(); 798 if (!options) 799 return -ENOMEM; 800 801 ret = getoptions(datablob, p, options); 802 if (ret < 0) 803 goto out; 804 dump_options(options); 805 806 if (!options->keyhandle && !tpm2) { 807 ret = -EINVAL; 808 goto out; 809 } 810 811 if (tpm2) 812 ret = tpm2_seal_trusted(chip, p, options); 813 else 814 ret = key_seal(p, options); 815 if (ret < 0) { 816 pr_info("key_seal failed (%d)\n", ret); 817 goto out; 818 } 819 820 if (options->pcrlock) { 821 ret = pcrlock(options->pcrlock); 822 if (ret < 0) { 823 pr_info("pcrlock failed (%d)\n", ret); 824 goto out; 825 } 826 } 827 out: 828 kfree_sensitive(options); 829 return ret; 830 } 831 832 static int trusted_tpm_unseal(struct trusted_key_payload *p, char *datablob) 833 { 834 struct trusted_key_options *options = NULL; 835 int ret = 0; 836 int tpm2; 837 838 tpm2 = tpm_is_tpm2(chip); 839 if (tpm2 < 0) 840 return tpm2; 841 842 options = trusted_options_alloc(); 843 if (!options) 844 return -ENOMEM; 845 846 ret = getoptions(datablob, p, options); 847 if (ret < 0) 848 goto out; 849 dump_options(options); 850 851 if (!options->keyhandle && !tpm2) { 852 ret = -EINVAL; 853 goto out; 854 } 855 856 if (tpm2) 857 ret = tpm2_unseal_trusted(chip, p, options); 858 else 859 ret = key_unseal(p, options); 860 if (ret < 0) 861 pr_info("key_unseal failed (%d)\n", ret); 862 863 if (options->pcrlock) { 864 ret = pcrlock(options->pcrlock); 865 if (ret < 0) { 866 pr_info("pcrlock failed (%d)\n", ret); 867 goto out; 868 } 869 } 870 out: 871 kfree_sensitive(options); 872 return ret; 873 } 874 875 static int trusted_tpm_get_random(unsigned char *key, size_t key_len) 876 { 877 return tpm_get_random(chip, key, key_len); 878 } 879 880 static int __init init_digests(void) 881 { 882 int i; 883 884 digests = kcalloc(chip->nr_allocated_banks, sizeof(*digests), 885 GFP_KERNEL); 886 if (!digests) 887 return -ENOMEM; 888 889 for (i = 0; i < chip->nr_allocated_banks; i++) 890 digests[i].alg_id = chip->allocated_banks[i].alg_id; 891 892 return 0; 893 } 894 895 static int __init trusted_tpm_init(void) 896 { 897 int ret; 898 899 chip = tpm_default_chip(); 900 if (!chip) 901 return -ENODEV; 902 903 ret = init_digests(); 904 if (ret < 0) 905 goto err_put; 906 ret = register_key_type(&key_type_trusted); 907 if (ret < 0) 908 goto err_free; 909 return 0; 910 err_free: 911 kfree(digests); 912 err_put: 913 put_device(&chip->dev); 914 return ret; 915 } 916 917 static void trusted_tpm_exit(void) 918 { 919 if (chip) { 920 put_device(&chip->dev); 921 kfree(digests); 922 unregister_key_type(&key_type_trusted); 923 } 924 } 925 926 struct trusted_key_ops trusted_key_tpm_ops = { 927 .migratable = 1, /* migratable by default */ 928 .init = trusted_tpm_init, 929 .seal = trusted_tpm_seal, 930 .unseal = trusted_tpm_unseal, 931 .get_random = trusted_tpm_get_random, 932 .exit = trusted_tpm_exit, 933 }; 934