2 * Copyright (C) 2010 IBM Corporation
5 * David Safford <safford@us.ibm.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
11 * See Documentation/security/keys-trusted-encrypted.txt
14 #include <linux/uaccess.h>
15 #include <linux/module.h>
16 #include <linux/init.h>
17 #include <linux/slab.h>
18 #include <linux/parser.h>
19 #include <linux/string.h>
20 #include <linux/err.h>
21 #include <keys/user-type.h>
22 #include <keys/trusted-type.h>
23 #include <linux/key-type.h>
24 #include <linux/rcupdate.h>
25 #include <linux/crypto.h>
26 #include <crypto/hash.h>
27 #include <crypto/sha.h>
28 #include <linux/capability.h>
29 #include <linux/tpm.h>
30 #include <linux/tpm_command.h>
34 static const char hmac_alg
[] = "hmac(sha1)";
35 static const char hash_alg
[] = "sha1";
38 struct shash_desc shash
;
42 static struct crypto_shash
*hashalg
;
43 static struct crypto_shash
*hmacalg
;
45 static struct sdesc
*init_sdesc(struct crypto_shash
*alg
)
50 size
= sizeof(struct shash_desc
) + crypto_shash_descsize(alg
);
51 sdesc
= kmalloc(size
, GFP_KERNEL
);
53 return ERR_PTR(-ENOMEM
);
54 sdesc
->shash
.tfm
= alg
;
55 sdesc
->shash
.flags
= 0x0;
59 static int TSS_sha1(const unsigned char *data
, unsigned int datalen
,
60 unsigned char *digest
)
65 sdesc
= init_sdesc(hashalg
);
67 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
68 return PTR_ERR(sdesc
);
71 ret
= crypto_shash_digest(&sdesc
->shash
, data
, datalen
, digest
);
76 static int TSS_rawhmac(unsigned char *digest
, const unsigned char *key
,
77 unsigned int keylen
, ...)
85 sdesc
= init_sdesc(hmacalg
);
87 pr_info("trusted_key: can't alloc %s\n", hmac_alg
);
88 return PTR_ERR(sdesc
);
91 ret
= crypto_shash_setkey(hmacalg
, key
, keylen
);
94 ret
= crypto_shash_init(&sdesc
->shash
);
98 va_start(argp
, keylen
);
100 dlen
= va_arg(argp
, unsigned int);
103 data
= va_arg(argp
, unsigned char *);
108 ret
= crypto_shash_update(&sdesc
->shash
, data
, dlen
);
114 ret
= crypto_shash_final(&sdesc
->shash
, digest
);
121 * calculate authorization info fields to send to TPM
123 static int TSS_authhmac(unsigned char *digest
, const unsigned char *key
,
124 unsigned int keylen
, unsigned char *h1
,
125 unsigned char *h2
, unsigned char h3
, ...)
127 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
135 sdesc
= init_sdesc(hashalg
);
137 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
138 return PTR_ERR(sdesc
);
142 ret
= crypto_shash_init(&sdesc
->shash
);
147 dlen
= va_arg(argp
, unsigned int);
150 data
= va_arg(argp
, unsigned char *);
155 ret
= crypto_shash_update(&sdesc
->shash
, data
, dlen
);
161 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
163 ret
= TSS_rawhmac(digest
, key
, keylen
, SHA1_DIGEST_SIZE
,
164 paramdigest
, TPM_NONCE_SIZE
, h1
,
165 TPM_NONCE_SIZE
, h2
, 1, &c
, 0, 0);
172 * verify the AUTH1_COMMAND (Seal) result from TPM
174 static int TSS_checkhmac1(unsigned char *buffer
,
175 const uint32_t command
,
176 const unsigned char *ononce
,
177 const unsigned char *key
,
178 unsigned int keylen
, ...)
184 unsigned char *enonce
;
185 unsigned char *continueflag
;
186 unsigned char *authdata
;
187 unsigned char testhmac
[SHA1_DIGEST_SIZE
];
188 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
195 bufsize
= LOAD32(buffer
, TPM_SIZE_OFFSET
);
196 tag
= LOAD16(buffer
, 0);
198 result
= LOAD32N(buffer
, TPM_RETURN_OFFSET
);
199 if (tag
== TPM_TAG_RSP_COMMAND
)
201 if (tag
!= TPM_TAG_RSP_AUTH1_COMMAND
)
203 authdata
= buffer
+ bufsize
- SHA1_DIGEST_SIZE
;
204 continueflag
= authdata
- 1;
205 enonce
= continueflag
- TPM_NONCE_SIZE
;
207 sdesc
= init_sdesc(hashalg
);
209 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
210 return PTR_ERR(sdesc
);
212 ret
= crypto_shash_init(&sdesc
->shash
);
215 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&result
,
219 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&ordinal
,
223 va_start(argp
, keylen
);
225 dlen
= va_arg(argp
, unsigned int);
228 dpos
= va_arg(argp
, unsigned int);
229 ret
= crypto_shash_update(&sdesc
->shash
, buffer
+ dpos
, dlen
);
235 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
239 ret
= TSS_rawhmac(testhmac
, key
, keylen
, SHA1_DIGEST_SIZE
, paramdigest
,
240 TPM_NONCE_SIZE
, enonce
, TPM_NONCE_SIZE
, ononce
,
241 1, continueflag
, 0, 0);
245 if (memcmp(testhmac
, authdata
, SHA1_DIGEST_SIZE
))
253 * verify the AUTH2_COMMAND (unseal) result from TPM
255 static int TSS_checkhmac2(unsigned char *buffer
,
256 const uint32_t command
,
257 const unsigned char *ononce
,
258 const unsigned char *key1
,
259 unsigned int keylen1
,
260 const unsigned char *key2
,
261 unsigned int keylen2
, ...)
267 unsigned char *enonce1
;
268 unsigned char *continueflag1
;
269 unsigned char *authdata1
;
270 unsigned char *enonce2
;
271 unsigned char *continueflag2
;
272 unsigned char *authdata2
;
273 unsigned char testhmac1
[SHA1_DIGEST_SIZE
];
274 unsigned char testhmac2
[SHA1_DIGEST_SIZE
];
275 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
282 bufsize
= LOAD32(buffer
, TPM_SIZE_OFFSET
);
283 tag
= LOAD16(buffer
, 0);
285 result
= LOAD32N(buffer
, TPM_RETURN_OFFSET
);
287 if (tag
== TPM_TAG_RSP_COMMAND
)
289 if (tag
!= TPM_TAG_RSP_AUTH2_COMMAND
)
291 authdata1
= buffer
+ bufsize
- (SHA1_DIGEST_SIZE
+ 1
292 + SHA1_DIGEST_SIZE
+ SHA1_DIGEST_SIZE
);
293 authdata2
= buffer
+ bufsize
- (SHA1_DIGEST_SIZE
);
294 continueflag1
= authdata1
- 1;
295 continueflag2
= authdata2
- 1;
296 enonce1
= continueflag1
- TPM_NONCE_SIZE
;
297 enonce2
= continueflag2
- TPM_NONCE_SIZE
;
299 sdesc
= init_sdesc(hashalg
);
301 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
302 return PTR_ERR(sdesc
);
304 ret
= crypto_shash_init(&sdesc
->shash
);
307 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&result
,
311 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&ordinal
,
316 va_start(argp
, keylen2
);
318 dlen
= va_arg(argp
, unsigned int);
321 dpos
= va_arg(argp
, unsigned int);
322 ret
= crypto_shash_update(&sdesc
->shash
, buffer
+ dpos
, dlen
);
328 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
332 ret
= TSS_rawhmac(testhmac1
, key1
, keylen1
, SHA1_DIGEST_SIZE
,
333 paramdigest
, TPM_NONCE_SIZE
, enonce1
,
334 TPM_NONCE_SIZE
, ononce
, 1, continueflag1
, 0, 0);
337 if (memcmp(testhmac1
, authdata1
, SHA1_DIGEST_SIZE
)) {
341 ret
= TSS_rawhmac(testhmac2
, key2
, keylen2
, SHA1_DIGEST_SIZE
,
342 paramdigest
, TPM_NONCE_SIZE
, enonce2
,
343 TPM_NONCE_SIZE
, ononce
, 1, continueflag2
, 0, 0);
346 if (memcmp(testhmac2
, authdata2
, SHA1_DIGEST_SIZE
))
354 * For key specific tpm requests, we will generate and send our
355 * own TPM command packets using the drivers send function.
357 static int trusted_tpm_send(const u32 chip_num
, unsigned char *cmd
,
363 rc
= tpm_send(chip_num
, cmd
, buflen
);
366 /* Can't return positive return codes values to keyctl */
372 * Lock a trusted key, by extending a selected PCR.
374 * Prevents a trusted key that is sealed to PCRs from being accessed.
375 * This uses the tpm driver's extend function.
377 static int pcrlock(const int pcrnum
)
379 unsigned char hash
[SHA1_DIGEST_SIZE
];
382 if (!capable(CAP_SYS_ADMIN
))
384 ret
= tpm_get_random(TPM_ANY_NUM
, hash
, SHA1_DIGEST_SIZE
);
385 if (ret
!= SHA1_DIGEST_SIZE
)
387 return tpm_pcr_extend(TPM_ANY_NUM
, pcrnum
, hash
) ? -EINVAL
: 0;
391 * Create an object specific authorisation protocol (OSAP) session
393 static int osap(struct tpm_buf
*tb
, struct osapsess
*s
,
394 const unsigned char *key
, uint16_t type
, uint32_t handle
)
396 unsigned char enonce
[TPM_NONCE_SIZE
];
397 unsigned char ononce
[TPM_NONCE_SIZE
];
400 ret
= tpm_get_random(TPM_ANY_NUM
, ononce
, TPM_NONCE_SIZE
);
401 if (ret
!= TPM_NONCE_SIZE
)
405 store16(tb
, TPM_TAG_RQU_COMMAND
);
406 store32(tb
, TPM_OSAP_SIZE
);
407 store32(tb
, TPM_ORD_OSAP
);
410 storebytes(tb
, ononce
, TPM_NONCE_SIZE
);
412 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
416 s
->handle
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
417 memcpy(s
->enonce
, &(tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t)]),
419 memcpy(enonce
, &(tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t) +
420 TPM_NONCE_SIZE
]), TPM_NONCE_SIZE
);
421 return TSS_rawhmac(s
->secret
, key
, SHA1_DIGEST_SIZE
, TPM_NONCE_SIZE
,
422 enonce
, TPM_NONCE_SIZE
, ononce
, 0, 0);
426 * Create an object independent authorisation protocol (oiap) session
428 static int oiap(struct tpm_buf
*tb
, uint32_t *handle
, unsigned char *nonce
)
433 store16(tb
, TPM_TAG_RQU_COMMAND
);
434 store32(tb
, TPM_OIAP_SIZE
);
435 store32(tb
, TPM_ORD_OIAP
);
436 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
440 *handle
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
441 memcpy(nonce
, &tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t)],
447 unsigned char encauth
[SHA1_DIGEST_SIZE
];
448 unsigned char pubauth
[SHA1_DIGEST_SIZE
];
449 unsigned char xorwork
[SHA1_DIGEST_SIZE
* 2];
450 unsigned char xorhash
[SHA1_DIGEST_SIZE
];
451 unsigned char nonceodd
[TPM_NONCE_SIZE
];
455 * Have the TPM seal(encrypt) the trusted key, possibly based on
456 * Platform Configuration Registers (PCRs). AUTH1 for sealing key.
458 static int tpm_seal(struct tpm_buf
*tb
, uint16_t keytype
,
459 uint32_t keyhandle
, const unsigned char *keyauth
,
460 const unsigned char *data
, uint32_t datalen
,
461 unsigned char *blob
, uint32_t *bloblen
,
462 const unsigned char *blobauth
,
463 const unsigned char *pcrinfo
, uint32_t pcrinfosize
)
465 struct osapsess sess
;
466 struct tpm_digests
*td
;
477 /* alloc some work space for all the hashes */
478 td
= kmalloc(sizeof *td
, GFP_KERNEL
);
482 /* get session for sealing key */
483 ret
= osap(tb
, &sess
, keyauth
, keytype
, keyhandle
);
488 /* calculate encrypted authorization value */
489 memcpy(td
->xorwork
, sess
.secret
, SHA1_DIGEST_SIZE
);
490 memcpy(td
->xorwork
+ SHA1_DIGEST_SIZE
, sess
.enonce
, SHA1_DIGEST_SIZE
);
491 ret
= TSS_sha1(td
->xorwork
, SHA1_DIGEST_SIZE
* 2, td
->xorhash
);
495 ret
= tpm_get_random(TPM_ANY_NUM
, td
->nonceodd
, TPM_NONCE_SIZE
);
496 if (ret
!= TPM_NONCE_SIZE
)
498 ordinal
= htonl(TPM_ORD_SEAL
);
499 datsize
= htonl(datalen
);
500 pcrsize
= htonl(pcrinfosize
);
503 /* encrypt data authorization key */
504 for (i
= 0; i
< SHA1_DIGEST_SIZE
; ++i
)
505 td
->encauth
[i
] = td
->xorhash
[i
] ^ blobauth
[i
];
507 /* calculate authorization HMAC value */
508 if (pcrinfosize
== 0) {
509 /* no pcr info specified */
510 ret
= TSS_authhmac(td
->pubauth
, sess
.secret
, SHA1_DIGEST_SIZE
,
511 sess
.enonce
, td
->nonceodd
, cont
,
512 sizeof(uint32_t), &ordinal
, SHA1_DIGEST_SIZE
,
513 td
->encauth
, sizeof(uint32_t), &pcrsize
,
514 sizeof(uint32_t), &datsize
, datalen
, data
, 0,
517 /* pcr info specified */
518 ret
= TSS_authhmac(td
->pubauth
, sess
.secret
, SHA1_DIGEST_SIZE
,
519 sess
.enonce
, td
->nonceodd
, cont
,
520 sizeof(uint32_t), &ordinal
, SHA1_DIGEST_SIZE
,
521 td
->encauth
, sizeof(uint32_t), &pcrsize
,
522 pcrinfosize
, pcrinfo
, sizeof(uint32_t),
523 &datsize
, datalen
, data
, 0, 0);
528 /* build and send the TPM request packet */
530 store16(tb
, TPM_TAG_RQU_AUTH1_COMMAND
);
531 store32(tb
, TPM_SEAL_SIZE
+ pcrinfosize
+ datalen
);
532 store32(tb
, TPM_ORD_SEAL
);
533 store32(tb
, keyhandle
);
534 storebytes(tb
, td
->encauth
, SHA1_DIGEST_SIZE
);
535 store32(tb
, pcrinfosize
);
536 storebytes(tb
, pcrinfo
, pcrinfosize
);
537 store32(tb
, datalen
);
538 storebytes(tb
, data
, datalen
);
539 store32(tb
, sess
.handle
);
540 storebytes(tb
, td
->nonceodd
, TPM_NONCE_SIZE
);
542 storebytes(tb
, td
->pubauth
, SHA1_DIGEST_SIZE
);
544 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
548 /* calculate the size of the returned Blob */
549 sealinfosize
= LOAD32(tb
->data
, TPM_DATA_OFFSET
+ sizeof(uint32_t));
550 encdatasize
= LOAD32(tb
->data
, TPM_DATA_OFFSET
+ sizeof(uint32_t) +
551 sizeof(uint32_t) + sealinfosize
);
552 storedsize
= sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize
+
553 sizeof(uint32_t) + encdatasize
;
555 /* check the HMAC in the response */
556 ret
= TSS_checkhmac1(tb
->data
, ordinal
, td
->nonceodd
, sess
.secret
,
557 SHA1_DIGEST_SIZE
, storedsize
, TPM_DATA_OFFSET
, 0,
560 /* copy the returned blob to caller */
562 memcpy(blob
, tb
->data
+ TPM_DATA_OFFSET
, storedsize
);
563 *bloblen
= storedsize
;
571 * use the AUTH2_COMMAND form of unseal, to authorize both key and blob
573 static int tpm_unseal(struct tpm_buf
*tb
,
574 uint32_t keyhandle
, const unsigned char *keyauth
,
575 const unsigned char *blob
, int bloblen
,
576 const unsigned char *blobauth
,
577 unsigned char *data
, unsigned int *datalen
)
579 unsigned char nonceodd
[TPM_NONCE_SIZE
];
580 unsigned char enonce1
[TPM_NONCE_SIZE
];
581 unsigned char enonce2
[TPM_NONCE_SIZE
];
582 unsigned char authdata1
[SHA1_DIGEST_SIZE
];
583 unsigned char authdata2
[SHA1_DIGEST_SIZE
];
584 uint32_t authhandle1
= 0;
585 uint32_t authhandle2
= 0;
586 unsigned char cont
= 0;
591 /* sessions for unsealing key and data */
592 ret
= oiap(tb
, &authhandle1
, enonce1
);
594 pr_info("trusted_key: oiap failed (%d)\n", ret
);
597 ret
= oiap(tb
, &authhandle2
, enonce2
);
599 pr_info("trusted_key: oiap failed (%d)\n", ret
);
603 ordinal
= htonl(TPM_ORD_UNSEAL
);
604 keyhndl
= htonl(SRKHANDLE
);
605 ret
= tpm_get_random(TPM_ANY_NUM
, nonceodd
, TPM_NONCE_SIZE
);
606 if (ret
!= TPM_NONCE_SIZE
) {
607 pr_info("trusted_key: tpm_get_random failed (%d)\n", ret
);
610 ret
= TSS_authhmac(authdata1
, keyauth
, TPM_NONCE_SIZE
,
611 enonce1
, nonceodd
, cont
, sizeof(uint32_t),
612 &ordinal
, bloblen
, blob
, 0, 0);
615 ret
= TSS_authhmac(authdata2
, blobauth
, TPM_NONCE_SIZE
,
616 enonce2
, nonceodd
, cont
, sizeof(uint32_t),
617 &ordinal
, bloblen
, blob
, 0, 0);
621 /* build and send TPM request packet */
623 store16(tb
, TPM_TAG_RQU_AUTH2_COMMAND
);
624 store32(tb
, TPM_UNSEAL_SIZE
+ bloblen
);
625 store32(tb
, TPM_ORD_UNSEAL
);
626 store32(tb
, keyhandle
);
627 storebytes(tb
, blob
, bloblen
);
628 store32(tb
, authhandle1
);
629 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
631 storebytes(tb
, authdata1
, SHA1_DIGEST_SIZE
);
632 store32(tb
, authhandle2
);
633 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
635 storebytes(tb
, authdata2
, SHA1_DIGEST_SIZE
);
637 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
639 pr_info("trusted_key: authhmac failed (%d)\n", ret
);
643 *datalen
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
644 ret
= TSS_checkhmac2(tb
->data
, ordinal
, nonceodd
,
645 keyauth
, SHA1_DIGEST_SIZE
,
646 blobauth
, SHA1_DIGEST_SIZE
,
647 sizeof(uint32_t), TPM_DATA_OFFSET
,
648 *datalen
, TPM_DATA_OFFSET
+ sizeof(uint32_t), 0,
651 pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret
);
654 memcpy(data
, tb
->data
+ TPM_DATA_OFFSET
+ sizeof(uint32_t), *datalen
);
659 * Have the TPM seal(encrypt) the symmetric key
661 static int key_seal(struct trusted_key_payload
*p
,
662 struct trusted_key_options
*o
)
667 tb
= kzalloc(sizeof *tb
, GFP_KERNEL
);
671 /* include migratable flag at end of sealed key */
672 p
->key
[p
->key_len
] = p
->migratable
;
674 ret
= tpm_seal(tb
, o
->keytype
, o
->keyhandle
, o
->keyauth
,
675 p
->key
, p
->key_len
+ 1, p
->blob
, &p
->blob_len
,
676 o
->blobauth
, o
->pcrinfo
, o
->pcrinfo_len
);
678 pr_info("trusted_key: srkseal failed (%d)\n", ret
);
685 * Have the TPM unseal(decrypt) the symmetric key
687 static int key_unseal(struct trusted_key_payload
*p
,
688 struct trusted_key_options
*o
)
693 tb
= kzalloc(sizeof *tb
, GFP_KERNEL
);
697 ret
= tpm_unseal(tb
, o
->keyhandle
, o
->keyauth
, p
->blob
, p
->blob_len
,
698 o
->blobauth
, p
->key
, &p
->key_len
);
700 pr_info("trusted_key: srkunseal failed (%d)\n", ret
);
702 /* pull migratable flag out of sealed key */
703 p
->migratable
= p
->key
[--p
->key_len
];
711 Opt_new
, Opt_load
, Opt_update
,
712 Opt_keyhandle
, Opt_keyauth
, Opt_blobauth
,
713 Opt_pcrinfo
, Opt_pcrlock
, Opt_migratable
716 static const match_table_t key_tokens
= {
719 {Opt_update
, "update"},
720 {Opt_keyhandle
, "keyhandle=%s"},
721 {Opt_keyauth
, "keyauth=%s"},
722 {Opt_blobauth
, "blobauth=%s"},
723 {Opt_pcrinfo
, "pcrinfo=%s"},
724 {Opt_pcrlock
, "pcrlock=%s"},
725 {Opt_migratable
, "migratable=%s"},
729 /* can have zero or more token= options */
730 static int getoptions(char *c
, struct trusted_key_payload
*pay
,
731 struct trusted_key_options
*opt
)
733 substring_t args
[MAX_OPT_ARGS
];
737 unsigned long handle
;
740 while ((p
= strsep(&c
, " \t"))) {
741 if (*p
== '\0' || *p
== ' ' || *p
== '\t')
743 token
= match_token(p
, key_tokens
, args
);
747 opt
->pcrinfo_len
= strlen(args
[0].from
) / 2;
748 if (opt
->pcrinfo_len
> MAX_PCRINFO_SIZE
)
750 res
= hex2bin(opt
->pcrinfo
, args
[0].from
,
756 res
= kstrtoul(args
[0].from
, 16, &handle
);
759 opt
->keytype
= SEAL_keytype
;
760 opt
->keyhandle
= handle
;
763 if (strlen(args
[0].from
) != 2 * SHA1_DIGEST_SIZE
)
765 res
= hex2bin(opt
->keyauth
, args
[0].from
,
771 if (strlen(args
[0].from
) != 2 * SHA1_DIGEST_SIZE
)
773 res
= hex2bin(opt
->blobauth
, args
[0].from
,
779 if (*args
[0].from
== '0')
785 res
= kstrtoul(args
[0].from
, 10, &lock
);
798 * datablob_parse - parse the keyctl data and fill in the
799 * payload and options structures
801 * On success returns 0, otherwise -EINVAL.
803 static int datablob_parse(char *datablob
, struct trusted_key_payload
*p
,
804 struct trusted_key_options
*o
)
806 substring_t args
[MAX_OPT_ARGS
];
813 c
= strsep(&datablob
, " \t");
816 key_cmd
= match_token(c
, key_tokens
, args
);
819 /* first argument is key size */
820 c
= strsep(&datablob
, " \t");
823 ret
= kstrtol(c
, 10, &keylen
);
824 if (ret
< 0 || keylen
< MIN_KEY_SIZE
|| keylen
> MAX_KEY_SIZE
)
827 ret
= getoptions(datablob
, p
, o
);
833 /* first argument is sealed blob */
834 c
= strsep(&datablob
, " \t");
837 p
->blob_len
= strlen(c
) / 2;
838 if (p
->blob_len
> MAX_BLOB_SIZE
)
840 ret
= hex2bin(p
->blob
, c
, p
->blob_len
);
843 ret
= getoptions(datablob
, p
, o
);
849 /* all arguments are options */
850 ret
= getoptions(datablob
, p
, o
);
862 static struct trusted_key_options
*trusted_options_alloc(void)
864 struct trusted_key_options
*options
;
867 tpm2
= tpm_is_tpm2(TPM_ANY_NUM
);
871 options
= kzalloc(sizeof *options
, GFP_KERNEL
);
873 /* set any non-zero defaults */
874 options
->keytype
= SRK_keytype
;
877 options
->keyhandle
= SRKHANDLE
;
882 static struct trusted_key_payload
*trusted_payload_alloc(struct key
*key
)
884 struct trusted_key_payload
*p
= NULL
;
887 ret
= key_payload_reserve(key
, sizeof *p
);
890 p
= kzalloc(sizeof *p
, GFP_KERNEL
);
892 p
->migratable
= 1; /* migratable by default */
897 * trusted_instantiate - create a new trusted key
899 * Unseal an existing trusted blob or, for a new key, get a
900 * random key, then seal and create a trusted key-type key,
901 * adding it to the specified keyring.
903 * On success, return 0. Otherwise return errno.
905 static int trusted_instantiate(struct key
*key
,
906 struct key_preparsed_payload
*prep
)
908 struct trusted_key_payload
*payload
= NULL
;
909 struct trusted_key_options
*options
= NULL
;
910 size_t datalen
= prep
->datalen
;
917 tpm2
= tpm_is_tpm2(TPM_ANY_NUM
);
921 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
924 datablob
= kmalloc(datalen
+ 1, GFP_KERNEL
);
927 memcpy(datablob
, prep
->data
, datalen
);
928 datablob
[datalen
] = '\0';
930 options
= trusted_options_alloc();
935 payload
= trusted_payload_alloc(key
);
941 key_cmd
= datablob_parse(datablob
, payload
, options
);
947 if (!options
->keyhandle
) {
952 dump_payload(payload
);
953 dump_options(options
);
958 ret
= tpm_unseal_trusted(TPM_ANY_NUM
, payload
, options
);
960 ret
= key_unseal(payload
, options
);
961 dump_payload(payload
);
962 dump_options(options
);
964 pr_info("trusted_key: key_unseal failed (%d)\n", ret
);
967 key_len
= payload
->key_len
;
968 ret
= tpm_get_random(TPM_ANY_NUM
, payload
->key
, key_len
);
969 if (ret
!= key_len
) {
970 pr_info("trusted_key: key_create failed (%d)\n", ret
);
974 ret
= tpm_seal_trusted(TPM_ANY_NUM
, payload
, options
);
976 ret
= key_seal(payload
, options
);
978 pr_info("trusted_key: key_seal failed (%d)\n", ret
);
984 if (!ret
&& options
->pcrlock
)
985 ret
= pcrlock(options
->pcrlock
);
990 rcu_assign_keypointer(key
, payload
);
996 static void trusted_rcu_free(struct rcu_head
*rcu
)
998 struct trusted_key_payload
*p
;
1000 p
= container_of(rcu
, struct trusted_key_payload
, rcu
);
1001 memset(p
->key
, 0, p
->key_len
);
1006 * trusted_update - reseal an existing key with new PCR values
1008 static int trusted_update(struct key
*key
, struct key_preparsed_payload
*prep
)
1010 struct trusted_key_payload
*p
;
1011 struct trusted_key_payload
*new_p
;
1012 struct trusted_key_options
*new_o
;
1013 size_t datalen
= prep
->datalen
;
1017 if (test_bit(KEY_FLAG_NEGATIVE
, &key
->flags
))
1019 p
= key
->payload
.data
[0];
1022 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
1025 datablob
= kmalloc(datalen
+ 1, GFP_KERNEL
);
1028 new_o
= trusted_options_alloc();
1033 new_p
= trusted_payload_alloc(key
);
1039 memcpy(datablob
, prep
->data
, datalen
);
1040 datablob
[datalen
] = '\0';
1041 ret
= datablob_parse(datablob
, new_p
, new_o
);
1042 if (ret
!= Opt_update
) {
1048 if (!new_o
->keyhandle
) {
1054 /* copy old key values, and reseal with new pcrs */
1055 new_p
->migratable
= p
->migratable
;
1056 new_p
->key_len
= p
->key_len
;
1057 memcpy(new_p
->key
, p
->key
, p
->key_len
);
1059 dump_payload(new_p
);
1061 ret
= key_seal(new_p
, new_o
);
1063 pr_info("trusted_key: key_seal failed (%d)\n", ret
);
1067 if (new_o
->pcrlock
) {
1068 ret
= pcrlock(new_o
->pcrlock
);
1070 pr_info("trusted_key: pcrlock failed (%d)\n", ret
);
1075 rcu_assign_keypointer(key
, new_p
);
1076 call_rcu(&p
->rcu
, trusted_rcu_free
);
1084 * trusted_read - copy the sealed blob data to userspace in hex.
1085 * On success, return to userspace the trusted key datablob size.
1087 static long trusted_read(const struct key
*key
, char __user
*buffer
,
1090 struct trusted_key_payload
*p
;
1095 p
= rcu_dereference_key(key
);
1098 if (!buffer
|| buflen
<= 0)
1099 return 2 * p
->blob_len
;
1100 ascii_buf
= kmalloc(2 * p
->blob_len
, GFP_KERNEL
);
1105 for (i
= 0; i
< p
->blob_len
; i
++)
1106 bufp
= hex_byte_pack(bufp
, p
->blob
[i
]);
1107 if ((copy_to_user(buffer
, ascii_buf
, 2 * p
->blob_len
)) != 0) {
1112 return 2 * p
->blob_len
;
1116 * trusted_destroy - before freeing the key, clear the decrypted data
1118 static void trusted_destroy(struct key
*key
)
1120 struct trusted_key_payload
*p
= key
->payload
.data
[0];
1124 memset(p
->key
, 0, p
->key_len
);
1125 kfree(key
->payload
.data
[0]);
1128 struct key_type key_type_trusted
= {
1130 .instantiate
= trusted_instantiate
,
1131 .update
= trusted_update
,
1132 .destroy
= trusted_destroy
,
1133 .describe
= user_describe
,
1134 .read
= trusted_read
,
1137 EXPORT_SYMBOL_GPL(key_type_trusted
);
1139 static void trusted_shash_release(void)
1142 crypto_free_shash(hashalg
);
1144 crypto_free_shash(hmacalg
);
1147 static int __init
trusted_shash_alloc(void)
1151 hmacalg
= crypto_alloc_shash(hmac_alg
, 0, CRYPTO_ALG_ASYNC
);
1152 if (IS_ERR(hmacalg
)) {
1153 pr_info("trusted_key: could not allocate crypto %s\n",
1155 return PTR_ERR(hmacalg
);
1158 hashalg
= crypto_alloc_shash(hash_alg
, 0, CRYPTO_ALG_ASYNC
);
1159 if (IS_ERR(hashalg
)) {
1160 pr_info("trusted_key: could not allocate crypto %s\n",
1162 ret
= PTR_ERR(hashalg
);
1169 crypto_free_shash(hmacalg
);
1173 static int __init
init_trusted(void)
1177 ret
= trusted_shash_alloc();
1180 ret
= register_key_type(&key_type_trusted
);
1182 trusted_shash_release();
1186 static void __exit
cleanup_trusted(void)
1188 trusted_shash_release();
1189 unregister_key_type(&key_type_trusted
);
1192 late_initcall(init_trusted
);
1193 module_exit(cleanup_trusted
);
1195 MODULE_LICENSE("GPL");