1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2004 IBM Corporation 4 * Copyright (C) 2014 Intel Corporation 5 */ 6 7 #include <linux/asn1_encoder.h> 8 #include <linux/oid_registry.h> 9 #include <linux/string.h> 10 #include <linux/err.h> 11 #include <linux/tpm.h> 12 #include <linux/tpm_command.h> 13 14 #include <keys/trusted-type.h> 15 #include <keys/trusted_tpm.h> 16 17 #include <asm/unaligned.h> 18 19 #include "tpm2key.asn1.h" 20 21 static struct tpm2_hash tpm2_hash_map[] = { 22 {HASH_ALGO_SHA1, TPM_ALG_SHA1}, 23 {HASH_ALGO_SHA256, TPM_ALG_SHA256}, 24 {HASH_ALGO_SHA384, TPM_ALG_SHA384}, 25 {HASH_ALGO_SHA512, TPM_ALG_SHA512}, 26 {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, 27 }; 28 29 static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 }; 30 31 static int tpm2_key_encode(struct trusted_key_payload *payload, 32 struct trusted_key_options *options, 33 u8 *src, u32 len) 34 { 35 const int SCRATCH_SIZE = PAGE_SIZE; 36 u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL); 37 u8 *work = scratch, *work1; 38 u8 *end_work = scratch + SCRATCH_SIZE; 39 u8 *priv, *pub; 40 u16 priv_len, pub_len; 41 42 priv_len = get_unaligned_be16(src) + 2; 43 priv = src; 44 45 src += priv_len; 46 47 pub_len = get_unaligned_be16(src) + 2; 48 pub = src; 49 50 if (!scratch) 51 return -ENOMEM; 52 53 work = asn1_encode_oid(work, end_work, tpm2key_oid, 54 asn1_oid_len(tpm2key_oid)); 55 56 if (options->blobauth_len == 0) { 57 unsigned char bool[3], *w = bool; 58 /* tag 0 is emptyAuth */ 59 w = asn1_encode_boolean(w, w + sizeof(bool), true); 60 if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) 61 return PTR_ERR(w); 62 work = asn1_encode_tag(work, end_work, 0, bool, w - bool); 63 } 64 65 /* 66 * Assume both octet strings will encode to a 2 byte definite length 67 * 68 * Note: For a well behaved TPM, this warning should never 69 * trigger, so if it does there's something nefarious going on 70 */ 71 if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, 72 "BUG: scratch buffer is too small")) 73 return -EINVAL; 74 75 work = asn1_encode_integer(work, end_work, options->keyhandle); 76 work = asn1_encode_octet_string(work, end_work, pub, pub_len); 77 work = asn1_encode_octet_string(work, end_work, priv, priv_len); 78 79 work1 = payload->blob; 80 work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), 81 scratch, work - scratch); 82 if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) 83 return PTR_ERR(work1); 84 85 return work1 - payload->blob; 86 } 87 88 struct tpm2_key_context { 89 u32 parent; 90 const u8 *pub; 91 u32 pub_len; 92 const u8 *priv; 93 u32 priv_len; 94 }; 95 96 static int tpm2_key_decode(struct trusted_key_payload *payload, 97 struct trusted_key_options *options, 98 u8 **buf) 99 { 100 int ret; 101 struct tpm2_key_context ctx; 102 u8 *blob; 103 104 memset(&ctx, 0, sizeof(ctx)); 105 106 ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, payload->blob, 107 payload->blob_len); 108 if (ret < 0) 109 return ret; 110 111 if (ctx.priv_len + ctx.pub_len > MAX_BLOB_SIZE) 112 return -EINVAL; 113 114 blob = kmalloc(ctx.priv_len + ctx.pub_len + 4, GFP_KERNEL); 115 if (!blob) 116 return -ENOMEM; 117 118 *buf = blob; 119 options->keyhandle = ctx.parent; 120 121 memcpy(blob, ctx.priv, ctx.priv_len); 122 blob += ctx.priv_len; 123 124 memcpy(blob, ctx.pub, ctx.pub_len); 125 126 return 0; 127 } 128 129 int tpm2_key_parent(void *context, size_t hdrlen, 130 unsigned char tag, 131 const void *value, size_t vlen) 132 { 133 struct tpm2_key_context *ctx = context; 134 const u8 *v = value; 135 int i; 136 137 ctx->parent = 0; 138 for (i = 0; i < vlen; i++) { 139 ctx->parent <<= 8; 140 ctx->parent |= v[i]; 141 } 142 143 return 0; 144 } 145 146 int tpm2_key_type(void *context, size_t hdrlen, 147 unsigned char tag, 148 const void *value, size_t vlen) 149 { 150 enum OID oid = look_up_OID(value, vlen); 151 152 if (oid != OID_TPMSealedData) { 153 char buffer[50]; 154 155 sprint_oid(value, vlen, buffer, sizeof(buffer)); 156 pr_debug("OID is \"%s\" which is not TPMSealedData\n", 157 buffer); 158 return -EINVAL; 159 } 160 161 return 0; 162 } 163 164 int tpm2_key_pub(void *context, size_t hdrlen, 165 unsigned char tag, 166 const void *value, size_t vlen) 167 { 168 struct tpm2_key_context *ctx = context; 169 170 ctx->pub = value; 171 ctx->pub_len = vlen; 172 173 return 0; 174 } 175 176 int tpm2_key_priv(void *context, size_t hdrlen, 177 unsigned char tag, 178 const void *value, size_t vlen) 179 { 180 struct tpm2_key_context *ctx = context; 181 182 ctx->priv = value; 183 ctx->priv_len = vlen; 184 185 return 0; 186 } 187 188 /** 189 * tpm2_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. 190 * 191 * @buf: an allocated tpm_buf instance 192 * @session_handle: session handle 193 * @nonce: the session nonce, may be NULL if not used 194 * @nonce_len: the session nonce length, may be 0 if not used 195 * @attributes: the session attributes 196 * @hmac: the session HMAC or password, may be NULL if not used 197 * @hmac_len: the session HMAC or password length, maybe 0 if not used 198 */ 199 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, 200 const u8 *nonce, u16 nonce_len, 201 u8 attributes, 202 const u8 *hmac, u16 hmac_len) 203 { 204 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); 205 tpm_buf_append_u32(buf, session_handle); 206 tpm_buf_append_u16(buf, nonce_len); 207 208 if (nonce && nonce_len) 209 tpm_buf_append(buf, nonce, nonce_len); 210 211 tpm_buf_append_u8(buf, attributes); 212 tpm_buf_append_u16(buf, hmac_len); 213 214 if (hmac && hmac_len) 215 tpm_buf_append(buf, hmac, hmac_len); 216 } 217 218 /** 219 * tpm2_seal_trusted() - seal the payload of a trusted key 220 * 221 * @chip: TPM chip to use 222 * @payload: the key data in clear and encrypted form 223 * @options: authentication values and other options 224 * 225 * Return: < 0 on error and 0 on success. 226 */ 227 int tpm2_seal_trusted(struct tpm_chip *chip, 228 struct trusted_key_payload *payload, 229 struct trusted_key_options *options) 230 { 231 off_t offset = TPM_HEADER_SIZE; 232 struct tpm_buf buf, sized; 233 int blob_len = 0; 234 u32 hash; 235 u32 flags; 236 int i; 237 int rc; 238 239 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { 240 if (options->hash == tpm2_hash_map[i].crypto_id) { 241 hash = tpm2_hash_map[i].tpm_id; 242 break; 243 } 244 } 245 246 if (i == ARRAY_SIZE(tpm2_hash_map)) 247 return -EINVAL; 248 249 if (!options->keyhandle) 250 return -EINVAL; 251 252 rc = tpm_try_get_ops(chip); 253 if (rc) 254 return rc; 255 256 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); 257 if (rc) { 258 tpm_put_ops(chip); 259 return rc; 260 } 261 262 rc = tpm_buf_init_sized(&sized); 263 if (rc) { 264 tpm_buf_destroy(&buf); 265 tpm_put_ops(chip); 266 return rc; 267 } 268 269 tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); 270 tpm_buf_append_u32(&buf, options->keyhandle); 271 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 272 NULL /* nonce */, 0, 273 0 /* session_attributes */, 274 options->keyauth /* hmac */, 275 TPM_DIGEST_SIZE); 276 277 /* sensitive */ 278 tpm_buf_append_u16(&sized, options->blobauth_len); 279 280 if (options->blobauth_len) 281 tpm_buf_append(&sized, options->blobauth, options->blobauth_len); 282 283 tpm_buf_append_u16(&sized, payload->key_len); 284 tpm_buf_append(&sized, payload->key, payload->key_len); 285 tpm_buf_append(&buf, sized.data, sized.length); 286 287 /* public */ 288 tpm_buf_reset_sized(&sized); 289 tpm_buf_append_u16(&sized, TPM_ALG_KEYEDHASH); 290 tpm_buf_append_u16(&sized, hash); 291 292 /* key properties */ 293 flags = 0; 294 flags |= options->policydigest_len ? 0 : TPM2_OA_USER_WITH_AUTH; 295 flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT); 296 tpm_buf_append_u32(&sized, flags); 297 298 /* policy */ 299 tpm_buf_append_u16(&sized, options->policydigest_len); 300 if (options->policydigest_len) 301 tpm_buf_append(&sized, options->policydigest, options->policydigest_len); 302 303 /* public parameters */ 304 tpm_buf_append_u16(&sized, TPM_ALG_NULL); 305 tpm_buf_append_u16(&sized, 0); 306 307 tpm_buf_append(&buf, sized.data, sized.length); 308 309 /* outside info */ 310 tpm_buf_append_u16(&buf, 0); 311 312 /* creation PCR */ 313 tpm_buf_append_u32(&buf, 0); 314 315 if (buf.flags & TPM_BUF_OVERFLOW) { 316 rc = -E2BIG; 317 goto out; 318 } 319 320 rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data"); 321 if (rc) 322 goto out; 323 324 blob_len = tpm_buf_read_u32(&buf, &offset); 325 if (blob_len > MAX_BLOB_SIZE || buf.flags & TPM_BUF_BOUNDARY_ERROR) { 326 rc = -E2BIG; 327 goto out; 328 } 329 if (buf.length - offset < blob_len) { 330 rc = -EFAULT; 331 goto out; 332 } 333 334 blob_len = tpm2_key_encode(payload, options, &buf.data[offset], blob_len); 335 336 out: 337 tpm_buf_destroy(&sized); 338 tpm_buf_destroy(&buf); 339 340 if (rc > 0) { 341 if (tpm2_rc_value(rc) == TPM2_RC_HASH) 342 rc = -EINVAL; 343 else 344 rc = -EPERM; 345 } 346 if (blob_len < 0) 347 rc = blob_len; 348 else 349 payload->blob_len = blob_len; 350 351 tpm_put_ops(chip); 352 return rc; 353 } 354 355 /** 356 * tpm2_load_cmd() - execute a TPM2_Load command 357 * 358 * @chip: TPM chip to use 359 * @payload: the key data in clear and encrypted form 360 * @options: authentication values and other options 361 * @blob_handle: returned blob handle 362 * 363 * Return: 0 on success. 364 * -E2BIG on wrong payload size. 365 * -EPERM on tpm error status. 366 * < 0 error from tpm_send. 367 */ 368 static int tpm2_load_cmd(struct tpm_chip *chip, 369 struct trusted_key_payload *payload, 370 struct trusted_key_options *options, 371 u32 *blob_handle) 372 { 373 struct tpm_buf buf; 374 unsigned int private_len; 375 unsigned int public_len; 376 unsigned int blob_len; 377 u8 *blob, *pub; 378 int rc; 379 u32 attrs; 380 381 rc = tpm2_key_decode(payload, options, &blob); 382 if (rc) { 383 /* old form */ 384 blob = payload->blob; 385 payload->old_format = 1; 386 } 387 388 /* new format carries keyhandle but old format doesn't */ 389 if (!options->keyhandle) 390 return -EINVAL; 391 392 /* must be big enough for at least the two be16 size counts */ 393 if (payload->blob_len < 4) 394 return -EINVAL; 395 396 private_len = get_unaligned_be16(blob); 397 398 /* must be big enough for following public_len */ 399 if (private_len + 2 + 2 > (payload->blob_len)) 400 return -E2BIG; 401 402 public_len = get_unaligned_be16(blob + 2 + private_len); 403 if (private_len + 2 + public_len + 2 > payload->blob_len) 404 return -E2BIG; 405 406 pub = blob + 2 + private_len + 2; 407 /* key attributes are always at offset 4 */ 408 attrs = get_unaligned_be32(pub + 4); 409 410 if ((attrs & (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT)) == 411 (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT)) 412 payload->migratable = 0; 413 else 414 payload->migratable = 1; 415 416 blob_len = private_len + public_len + 4; 417 if (blob_len > payload->blob_len) 418 return -E2BIG; 419 420 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); 421 if (rc) 422 return rc; 423 424 tpm_buf_append_u32(&buf, options->keyhandle); 425 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 426 NULL /* nonce */, 0, 427 0 /* session_attributes */, 428 options->keyauth /* hmac */, 429 TPM_DIGEST_SIZE); 430 431 tpm_buf_append(&buf, blob, blob_len); 432 433 if (buf.flags & TPM_BUF_OVERFLOW) { 434 rc = -E2BIG; 435 goto out; 436 } 437 438 rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob"); 439 if (!rc) 440 *blob_handle = be32_to_cpup( 441 (__be32 *) &buf.data[TPM_HEADER_SIZE]); 442 443 out: 444 if (blob != payload->blob) 445 kfree(blob); 446 tpm_buf_destroy(&buf); 447 448 if (rc > 0) 449 rc = -EPERM; 450 451 return rc; 452 } 453 454 /** 455 * tpm2_unseal_cmd() - execute a TPM2_Unload command 456 * 457 * @chip: TPM chip to use 458 * @payload: the key data in clear and encrypted form 459 * @options: authentication values and other options 460 * @blob_handle: blob handle 461 * 462 * Return: 0 on success 463 * -EPERM on tpm error status 464 * < 0 error from tpm_send 465 */ 466 static int tpm2_unseal_cmd(struct tpm_chip *chip, 467 struct trusted_key_payload *payload, 468 struct trusted_key_options *options, 469 u32 blob_handle) 470 { 471 struct tpm_buf buf; 472 u16 data_len; 473 u8 *data; 474 int rc; 475 476 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); 477 if (rc) 478 return rc; 479 480 tpm_buf_append_u32(&buf, blob_handle); 481 tpm2_buf_append_auth(&buf, 482 options->policyhandle ? 483 options->policyhandle : TPM2_RS_PW, 484 NULL /* nonce */, 0, 485 TPM2_SA_CONTINUE_SESSION, 486 options->blobauth /* hmac */, 487 options->blobauth_len); 488 489 rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing"); 490 if (rc > 0) 491 rc = -EPERM; 492 493 if (!rc) { 494 data_len = be16_to_cpup( 495 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); 496 if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE) { 497 rc = -EFAULT; 498 goto out; 499 } 500 501 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 6 + data_len) { 502 rc = -EFAULT; 503 goto out; 504 } 505 data = &buf.data[TPM_HEADER_SIZE + 6]; 506 507 if (payload->old_format) { 508 /* migratable flag is at the end of the key */ 509 memcpy(payload->key, data, data_len - 1); 510 payload->key_len = data_len - 1; 511 payload->migratable = data[data_len - 1]; 512 } else { 513 /* 514 * migratable flag already collected from key 515 * attributes 516 */ 517 memcpy(payload->key, data, data_len); 518 payload->key_len = data_len; 519 } 520 } 521 522 out: 523 tpm_buf_destroy(&buf); 524 return rc; 525 } 526 527 /** 528 * tpm2_unseal_trusted() - unseal the payload of a trusted key 529 * 530 * @chip: TPM chip to use 531 * @payload: the key data in clear and encrypted form 532 * @options: authentication values and other options 533 * 534 * Return: Same as with tpm_send. 535 */ 536 int tpm2_unseal_trusted(struct tpm_chip *chip, 537 struct trusted_key_payload *payload, 538 struct trusted_key_options *options) 539 { 540 u32 blob_handle; 541 int rc; 542 543 rc = tpm_try_get_ops(chip); 544 if (rc) 545 return rc; 546 547 rc = tpm2_load_cmd(chip, payload, options, &blob_handle); 548 if (rc) 549 goto out; 550 551 rc = tpm2_unseal_cmd(chip, payload, options, blob_handle); 552 tpm2_flush_context(chip, blob_handle); 553 554 out: 555 tpm_put_ops(chip); 556 557 return rc; 558 } 559