2 * Copyright (C) 2010 IBM Corporation
5 * David Safford <safford@us.ibm.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
11 * See Documentation/security/keys/trusted-encrypted.rst
14 #include <crypto/hash_info.h>
15 #include <linux/uaccess.h>
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/slab.h>
19 #include <linux/parser.h>
20 #include <linux/string.h>
21 #include <linux/err.h>
22 #include <keys/user-type.h>
23 #include <keys/trusted-type.h>
24 #include <linux/key-type.h>
25 #include <linux/rcupdate.h>
26 #include <linux/crypto.h>
27 #include <crypto/hash.h>
28 #include <crypto/sha.h>
29 #include <linux/capability.h>
30 #include <linux/tpm.h>
31 #include <linux/tpm_command.h>
35 static const char hmac_alg
[] = "hmac(sha1)";
36 static const char hash_alg
[] = "sha1";
39 struct shash_desc shash
;
43 static struct crypto_shash
*hashalg
;
44 static struct crypto_shash
*hmacalg
;
46 static struct sdesc
*init_sdesc(struct crypto_shash
*alg
)
51 size
= sizeof(struct shash_desc
) + crypto_shash_descsize(alg
);
52 sdesc
= kmalloc(size
, GFP_KERNEL
);
54 return ERR_PTR(-ENOMEM
);
55 sdesc
->shash
.tfm
= alg
;
56 sdesc
->shash
.flags
= 0x0;
60 static int TSS_sha1(const unsigned char *data
, unsigned int datalen
,
61 unsigned char *digest
)
66 sdesc
= init_sdesc(hashalg
);
68 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
69 return PTR_ERR(sdesc
);
72 ret
= crypto_shash_digest(&sdesc
->shash
, data
, datalen
, digest
);
77 static int TSS_rawhmac(unsigned char *digest
, const unsigned char *key
,
78 unsigned int keylen
, ...)
86 sdesc
= init_sdesc(hmacalg
);
88 pr_info("trusted_key: can't alloc %s\n", hmac_alg
);
89 return PTR_ERR(sdesc
);
92 ret
= crypto_shash_setkey(hmacalg
, key
, keylen
);
95 ret
= crypto_shash_init(&sdesc
->shash
);
99 va_start(argp
, keylen
);
101 dlen
= va_arg(argp
, unsigned int);
104 data
= va_arg(argp
, unsigned char *);
109 ret
= crypto_shash_update(&sdesc
->shash
, data
, dlen
);
115 ret
= crypto_shash_final(&sdesc
->shash
, digest
);
122 * calculate authorization info fields to send to TPM
124 static int TSS_authhmac(unsigned char *digest
, const unsigned char *key
,
125 unsigned int keylen
, unsigned char *h1
,
126 unsigned char *h2
, unsigned char h3
, ...)
128 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
136 sdesc
= init_sdesc(hashalg
);
138 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
139 return PTR_ERR(sdesc
);
143 ret
= crypto_shash_init(&sdesc
->shash
);
148 dlen
= va_arg(argp
, unsigned int);
151 data
= va_arg(argp
, unsigned char *);
156 ret
= crypto_shash_update(&sdesc
->shash
, data
, dlen
);
162 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
164 ret
= TSS_rawhmac(digest
, key
, keylen
, SHA1_DIGEST_SIZE
,
165 paramdigest
, TPM_NONCE_SIZE
, h1
,
166 TPM_NONCE_SIZE
, h2
, 1, &c
, 0, 0);
173 * verify the AUTH1_COMMAND (Seal) result from TPM
175 static int TSS_checkhmac1(unsigned char *buffer
,
176 const uint32_t command
,
177 const unsigned char *ononce
,
178 const unsigned char *key
,
179 unsigned int keylen
, ...)
185 unsigned char *enonce
;
186 unsigned char *continueflag
;
187 unsigned char *authdata
;
188 unsigned char testhmac
[SHA1_DIGEST_SIZE
];
189 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
196 bufsize
= LOAD32(buffer
, TPM_SIZE_OFFSET
);
197 tag
= LOAD16(buffer
, 0);
199 result
= LOAD32N(buffer
, TPM_RETURN_OFFSET
);
200 if (tag
== TPM_TAG_RSP_COMMAND
)
202 if (tag
!= TPM_TAG_RSP_AUTH1_COMMAND
)
204 authdata
= buffer
+ bufsize
- SHA1_DIGEST_SIZE
;
205 continueflag
= authdata
- 1;
206 enonce
= continueflag
- TPM_NONCE_SIZE
;
208 sdesc
= init_sdesc(hashalg
);
210 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
211 return PTR_ERR(sdesc
);
213 ret
= crypto_shash_init(&sdesc
->shash
);
216 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&result
,
220 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&ordinal
,
224 va_start(argp
, keylen
);
226 dlen
= va_arg(argp
, unsigned int);
229 dpos
= va_arg(argp
, unsigned int);
230 ret
= crypto_shash_update(&sdesc
->shash
, buffer
+ dpos
, dlen
);
236 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
240 ret
= TSS_rawhmac(testhmac
, key
, keylen
, SHA1_DIGEST_SIZE
, paramdigest
,
241 TPM_NONCE_SIZE
, enonce
, TPM_NONCE_SIZE
, ononce
,
242 1, continueflag
, 0, 0);
246 if (memcmp(testhmac
, authdata
, SHA1_DIGEST_SIZE
))
254 * verify the AUTH2_COMMAND (unseal) result from TPM
256 static int TSS_checkhmac2(unsigned char *buffer
,
257 const uint32_t command
,
258 const unsigned char *ononce
,
259 const unsigned char *key1
,
260 unsigned int keylen1
,
261 const unsigned char *key2
,
262 unsigned int keylen2
, ...)
268 unsigned char *enonce1
;
269 unsigned char *continueflag1
;
270 unsigned char *authdata1
;
271 unsigned char *enonce2
;
272 unsigned char *continueflag2
;
273 unsigned char *authdata2
;
274 unsigned char testhmac1
[SHA1_DIGEST_SIZE
];
275 unsigned char testhmac2
[SHA1_DIGEST_SIZE
];
276 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
283 bufsize
= LOAD32(buffer
, TPM_SIZE_OFFSET
);
284 tag
= LOAD16(buffer
, 0);
286 result
= LOAD32N(buffer
, TPM_RETURN_OFFSET
);
288 if (tag
== TPM_TAG_RSP_COMMAND
)
290 if (tag
!= TPM_TAG_RSP_AUTH2_COMMAND
)
292 authdata1
= buffer
+ bufsize
- (SHA1_DIGEST_SIZE
+ 1
293 + SHA1_DIGEST_SIZE
+ SHA1_DIGEST_SIZE
);
294 authdata2
= buffer
+ bufsize
- (SHA1_DIGEST_SIZE
);
295 continueflag1
= authdata1
- 1;
296 continueflag2
= authdata2
- 1;
297 enonce1
= continueflag1
- TPM_NONCE_SIZE
;
298 enonce2
= continueflag2
- TPM_NONCE_SIZE
;
300 sdesc
= init_sdesc(hashalg
);
302 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
303 return PTR_ERR(sdesc
);
305 ret
= crypto_shash_init(&sdesc
->shash
);
308 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&result
,
312 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&ordinal
,
317 va_start(argp
, keylen2
);
319 dlen
= va_arg(argp
, unsigned int);
322 dpos
= va_arg(argp
, unsigned int);
323 ret
= crypto_shash_update(&sdesc
->shash
, buffer
+ dpos
, dlen
);
329 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
333 ret
= TSS_rawhmac(testhmac1
, key1
, keylen1
, SHA1_DIGEST_SIZE
,
334 paramdigest
, TPM_NONCE_SIZE
, enonce1
,
335 TPM_NONCE_SIZE
, ononce
, 1, continueflag1
, 0, 0);
338 if (memcmp(testhmac1
, authdata1
, SHA1_DIGEST_SIZE
)) {
342 ret
= TSS_rawhmac(testhmac2
, key2
, keylen2
, SHA1_DIGEST_SIZE
,
343 paramdigest
, TPM_NONCE_SIZE
, enonce2
,
344 TPM_NONCE_SIZE
, ononce
, 1, continueflag2
, 0, 0);
347 if (memcmp(testhmac2
, authdata2
, SHA1_DIGEST_SIZE
))
355 * For key specific tpm requests, we will generate and send our
356 * own TPM command packets using the drivers send function.
358 static int trusted_tpm_send(const u32 chip_num
, unsigned char *cmd
,
364 rc
= tpm_send(chip_num
, cmd
, buflen
);
367 /* Can't return positive return codes values to keyctl */
373 * Lock a trusted key, by extending a selected PCR.
375 * Prevents a trusted key that is sealed to PCRs from being accessed.
376 * This uses the tpm driver's extend function.
378 static int pcrlock(const int pcrnum
)
380 unsigned char hash
[SHA1_DIGEST_SIZE
];
383 if (!capable(CAP_SYS_ADMIN
))
385 ret
= tpm_get_random(TPM_ANY_NUM
, hash
, SHA1_DIGEST_SIZE
);
386 if (ret
!= SHA1_DIGEST_SIZE
)
388 return tpm_pcr_extend(TPM_ANY_NUM
, pcrnum
, hash
) ? -EINVAL
: 0;
392 * Create an object specific authorisation protocol (OSAP) session
394 static int osap(struct tpm_buf
*tb
, struct osapsess
*s
,
395 const unsigned char *key
, uint16_t type
, uint32_t handle
)
397 unsigned char enonce
[TPM_NONCE_SIZE
];
398 unsigned char ononce
[TPM_NONCE_SIZE
];
401 ret
= tpm_get_random(TPM_ANY_NUM
, ononce
, TPM_NONCE_SIZE
);
402 if (ret
!= TPM_NONCE_SIZE
)
406 store16(tb
, TPM_TAG_RQU_COMMAND
);
407 store32(tb
, TPM_OSAP_SIZE
);
408 store32(tb
, TPM_ORD_OSAP
);
411 storebytes(tb
, ononce
, TPM_NONCE_SIZE
);
413 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
417 s
->handle
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
418 memcpy(s
->enonce
, &(tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t)]),
420 memcpy(enonce
, &(tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t) +
421 TPM_NONCE_SIZE
]), TPM_NONCE_SIZE
);
422 return TSS_rawhmac(s
->secret
, key
, SHA1_DIGEST_SIZE
, TPM_NONCE_SIZE
,
423 enonce
, TPM_NONCE_SIZE
, ononce
, 0, 0);
427 * Create an object independent authorisation protocol (oiap) session
429 static int oiap(struct tpm_buf
*tb
, uint32_t *handle
, unsigned char *nonce
)
434 store16(tb
, TPM_TAG_RQU_COMMAND
);
435 store32(tb
, TPM_OIAP_SIZE
);
436 store32(tb
, TPM_ORD_OIAP
);
437 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
441 *handle
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
442 memcpy(nonce
, &tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t)],
448 unsigned char encauth
[SHA1_DIGEST_SIZE
];
449 unsigned char pubauth
[SHA1_DIGEST_SIZE
];
450 unsigned char xorwork
[SHA1_DIGEST_SIZE
* 2];
451 unsigned char xorhash
[SHA1_DIGEST_SIZE
];
452 unsigned char nonceodd
[TPM_NONCE_SIZE
];
456 * Have the TPM seal(encrypt) the trusted key, possibly based on
457 * Platform Configuration Registers (PCRs). AUTH1 for sealing key.
459 static int tpm_seal(struct tpm_buf
*tb
, uint16_t keytype
,
460 uint32_t keyhandle
, const unsigned char *keyauth
,
461 const unsigned char *data
, uint32_t datalen
,
462 unsigned char *blob
, uint32_t *bloblen
,
463 const unsigned char *blobauth
,
464 const unsigned char *pcrinfo
, uint32_t pcrinfosize
)
466 struct osapsess sess
;
467 struct tpm_digests
*td
;
478 /* alloc some work space for all the hashes */
479 td
= kmalloc(sizeof *td
, GFP_KERNEL
);
483 /* get session for sealing key */
484 ret
= osap(tb
, &sess
, keyauth
, keytype
, keyhandle
);
489 /* calculate encrypted authorization value */
490 memcpy(td
->xorwork
, sess
.secret
, SHA1_DIGEST_SIZE
);
491 memcpy(td
->xorwork
+ SHA1_DIGEST_SIZE
, sess
.enonce
, SHA1_DIGEST_SIZE
);
492 ret
= TSS_sha1(td
->xorwork
, SHA1_DIGEST_SIZE
* 2, td
->xorhash
);
496 ret
= tpm_get_random(TPM_ANY_NUM
, td
->nonceodd
, TPM_NONCE_SIZE
);
497 if (ret
!= TPM_NONCE_SIZE
)
499 ordinal
= htonl(TPM_ORD_SEAL
);
500 datsize
= htonl(datalen
);
501 pcrsize
= htonl(pcrinfosize
);
504 /* encrypt data authorization key */
505 for (i
= 0; i
< SHA1_DIGEST_SIZE
; ++i
)
506 td
->encauth
[i
] = td
->xorhash
[i
] ^ blobauth
[i
];
508 /* calculate authorization HMAC value */
509 if (pcrinfosize
== 0) {
510 /* no pcr info specified */
511 ret
= TSS_authhmac(td
->pubauth
, sess
.secret
, SHA1_DIGEST_SIZE
,
512 sess
.enonce
, td
->nonceodd
, cont
,
513 sizeof(uint32_t), &ordinal
, SHA1_DIGEST_SIZE
,
514 td
->encauth
, sizeof(uint32_t), &pcrsize
,
515 sizeof(uint32_t), &datsize
, datalen
, data
, 0,
518 /* pcr info specified */
519 ret
= TSS_authhmac(td
->pubauth
, sess
.secret
, SHA1_DIGEST_SIZE
,
520 sess
.enonce
, td
->nonceodd
, cont
,
521 sizeof(uint32_t), &ordinal
, SHA1_DIGEST_SIZE
,
522 td
->encauth
, sizeof(uint32_t), &pcrsize
,
523 pcrinfosize
, pcrinfo
, sizeof(uint32_t),
524 &datsize
, datalen
, data
, 0, 0);
529 /* build and send the TPM request packet */
531 store16(tb
, TPM_TAG_RQU_AUTH1_COMMAND
);
532 store32(tb
, TPM_SEAL_SIZE
+ pcrinfosize
+ datalen
);
533 store32(tb
, TPM_ORD_SEAL
);
534 store32(tb
, keyhandle
);
535 storebytes(tb
, td
->encauth
, SHA1_DIGEST_SIZE
);
536 store32(tb
, pcrinfosize
);
537 storebytes(tb
, pcrinfo
, pcrinfosize
);
538 store32(tb
, datalen
);
539 storebytes(tb
, data
, datalen
);
540 store32(tb
, sess
.handle
);
541 storebytes(tb
, td
->nonceodd
, TPM_NONCE_SIZE
);
543 storebytes(tb
, td
->pubauth
, SHA1_DIGEST_SIZE
);
545 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
549 /* calculate the size of the returned Blob */
550 sealinfosize
= LOAD32(tb
->data
, TPM_DATA_OFFSET
+ sizeof(uint32_t));
551 encdatasize
= LOAD32(tb
->data
, TPM_DATA_OFFSET
+ sizeof(uint32_t) +
552 sizeof(uint32_t) + sealinfosize
);
553 storedsize
= sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize
+
554 sizeof(uint32_t) + encdatasize
;
556 /* check the HMAC in the response */
557 ret
= TSS_checkhmac1(tb
->data
, ordinal
, td
->nonceodd
, sess
.secret
,
558 SHA1_DIGEST_SIZE
, storedsize
, TPM_DATA_OFFSET
, 0,
561 /* copy the returned blob to caller */
563 memcpy(blob
, tb
->data
+ TPM_DATA_OFFSET
, storedsize
);
564 *bloblen
= storedsize
;
572 * use the AUTH2_COMMAND form of unseal, to authorize both key and blob
574 static int tpm_unseal(struct tpm_buf
*tb
,
575 uint32_t keyhandle
, const unsigned char *keyauth
,
576 const unsigned char *blob
, int bloblen
,
577 const unsigned char *blobauth
,
578 unsigned char *data
, unsigned int *datalen
)
580 unsigned char nonceodd
[TPM_NONCE_SIZE
];
581 unsigned char enonce1
[TPM_NONCE_SIZE
];
582 unsigned char enonce2
[TPM_NONCE_SIZE
];
583 unsigned char authdata1
[SHA1_DIGEST_SIZE
];
584 unsigned char authdata2
[SHA1_DIGEST_SIZE
];
585 uint32_t authhandle1
= 0;
586 uint32_t authhandle2
= 0;
587 unsigned char cont
= 0;
592 /* sessions for unsealing key and data */
593 ret
= oiap(tb
, &authhandle1
, enonce1
);
595 pr_info("trusted_key: oiap failed (%d)\n", ret
);
598 ret
= oiap(tb
, &authhandle2
, enonce2
);
600 pr_info("trusted_key: oiap failed (%d)\n", ret
);
604 ordinal
= htonl(TPM_ORD_UNSEAL
);
605 keyhndl
= htonl(SRKHANDLE
);
606 ret
= tpm_get_random(TPM_ANY_NUM
, nonceodd
, TPM_NONCE_SIZE
);
607 if (ret
!= TPM_NONCE_SIZE
) {
608 pr_info("trusted_key: tpm_get_random failed (%d)\n", ret
);
611 ret
= TSS_authhmac(authdata1
, keyauth
, TPM_NONCE_SIZE
,
612 enonce1
, nonceodd
, cont
, sizeof(uint32_t),
613 &ordinal
, bloblen
, blob
, 0, 0);
616 ret
= TSS_authhmac(authdata2
, blobauth
, TPM_NONCE_SIZE
,
617 enonce2
, nonceodd
, cont
, sizeof(uint32_t),
618 &ordinal
, bloblen
, blob
, 0, 0);
622 /* build and send TPM request packet */
624 store16(tb
, TPM_TAG_RQU_AUTH2_COMMAND
);
625 store32(tb
, TPM_UNSEAL_SIZE
+ bloblen
);
626 store32(tb
, TPM_ORD_UNSEAL
);
627 store32(tb
, keyhandle
);
628 storebytes(tb
, blob
, bloblen
);
629 store32(tb
, authhandle1
);
630 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
632 storebytes(tb
, authdata1
, SHA1_DIGEST_SIZE
);
633 store32(tb
, authhandle2
);
634 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
636 storebytes(tb
, authdata2
, SHA1_DIGEST_SIZE
);
638 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
640 pr_info("trusted_key: authhmac failed (%d)\n", ret
);
644 *datalen
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
645 ret
= TSS_checkhmac2(tb
->data
, ordinal
, nonceodd
,
646 keyauth
, SHA1_DIGEST_SIZE
,
647 blobauth
, SHA1_DIGEST_SIZE
,
648 sizeof(uint32_t), TPM_DATA_OFFSET
,
649 *datalen
, TPM_DATA_OFFSET
+ sizeof(uint32_t), 0,
652 pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret
);
655 memcpy(data
, tb
->data
+ TPM_DATA_OFFSET
+ sizeof(uint32_t), *datalen
);
660 * Have the TPM seal(encrypt) the symmetric key
662 static int key_seal(struct trusted_key_payload
*p
,
663 struct trusted_key_options
*o
)
668 tb
= kzalloc(sizeof *tb
, GFP_KERNEL
);
672 /* include migratable flag at end of sealed key */
673 p
->key
[p
->key_len
] = p
->migratable
;
675 ret
= tpm_seal(tb
, o
->keytype
, o
->keyhandle
, o
->keyauth
,
676 p
->key
, p
->key_len
+ 1, p
->blob
, &p
->blob_len
,
677 o
->blobauth
, o
->pcrinfo
, o
->pcrinfo_len
);
679 pr_info("trusted_key: srkseal failed (%d)\n", ret
);
686 * Have the TPM unseal(decrypt) the symmetric key
688 static int key_unseal(struct trusted_key_payload
*p
,
689 struct trusted_key_options
*o
)
694 tb
= kzalloc(sizeof *tb
, GFP_KERNEL
);
698 ret
= tpm_unseal(tb
, o
->keyhandle
, o
->keyauth
, p
->blob
, p
->blob_len
,
699 o
->blobauth
, p
->key
, &p
->key_len
);
701 pr_info("trusted_key: srkunseal failed (%d)\n", ret
);
703 /* pull migratable flag out of sealed key */
704 p
->migratable
= p
->key
[--p
->key_len
];
712 Opt_new
, Opt_load
, Opt_update
,
713 Opt_keyhandle
, Opt_keyauth
, Opt_blobauth
,
714 Opt_pcrinfo
, Opt_pcrlock
, Opt_migratable
,
720 static const match_table_t key_tokens
= {
723 {Opt_update
, "update"},
724 {Opt_keyhandle
, "keyhandle=%s"},
725 {Opt_keyauth
, "keyauth=%s"},
726 {Opt_blobauth
, "blobauth=%s"},
727 {Opt_pcrinfo
, "pcrinfo=%s"},
728 {Opt_pcrlock
, "pcrlock=%s"},
729 {Opt_migratable
, "migratable=%s"},
730 {Opt_hash
, "hash=%s"},
731 {Opt_policydigest
, "policydigest=%s"},
732 {Opt_policyhandle
, "policyhandle=%s"},
736 /* can have zero or more token= options */
737 static int getoptions(char *c
, struct trusted_key_payload
*pay
,
738 struct trusted_key_options
*opt
)
740 substring_t args
[MAX_OPT_ARGS
];
744 unsigned long handle
;
746 unsigned long token_mask
= 0;
747 unsigned int digest_len
;
751 tpm2
= tpm_is_tpm2(TPM_ANY_NUM
);
755 opt
->hash
= tpm2
? HASH_ALGO_SHA256
: HASH_ALGO_SHA1
;
757 while ((p
= strsep(&c
, " \t"))) {
758 if (*p
== '\0' || *p
== ' ' || *p
== '\t')
760 token
= match_token(p
, key_tokens
, args
);
761 if (test_and_set_bit(token
, &token_mask
))
766 opt
->pcrinfo_len
= strlen(args
[0].from
) / 2;
767 if (opt
->pcrinfo_len
> MAX_PCRINFO_SIZE
)
769 res
= hex2bin(opt
->pcrinfo
, args
[0].from
,
775 res
= kstrtoul(args
[0].from
, 16, &handle
);
778 opt
->keytype
= SEAL_keytype
;
779 opt
->keyhandle
= handle
;
782 if (strlen(args
[0].from
) != 2 * SHA1_DIGEST_SIZE
)
784 res
= hex2bin(opt
->keyauth
, args
[0].from
,
790 if (strlen(args
[0].from
) != 2 * SHA1_DIGEST_SIZE
)
792 res
= hex2bin(opt
->blobauth
, args
[0].from
,
798 if (*args
[0].from
== '0')
804 res
= kstrtoul(args
[0].from
, 10, &lock
);
810 if (test_bit(Opt_policydigest
, &token_mask
))
812 for (i
= 0; i
< HASH_ALGO__LAST
; i
++) {
813 if (!strcmp(args
[0].from
, hash_algo_name
[i
])) {
818 if (i
== HASH_ALGO__LAST
)
820 if (!tpm2
&& i
!= HASH_ALGO_SHA1
) {
821 pr_info("trusted_key: TPM 1.x only supports SHA-1.\n");
825 case Opt_policydigest
:
826 digest_len
= hash_digest_size
[opt
->hash
];
827 if (!tpm2
|| strlen(args
[0].from
) != (2 * digest_len
))
829 res
= hex2bin(opt
->policydigest
, args
[0].from
,
833 opt
->policydigest_len
= digest_len
;
835 case Opt_policyhandle
:
838 res
= kstrtoul(args
[0].from
, 16, &handle
);
841 opt
->policyhandle
= handle
;
851 * datablob_parse - parse the keyctl data and fill in the
852 * payload and options structures
854 * On success returns 0, otherwise -EINVAL.
856 static int datablob_parse(char *datablob
, struct trusted_key_payload
*p
,
857 struct trusted_key_options
*o
)
859 substring_t args
[MAX_OPT_ARGS
];
866 c
= strsep(&datablob
, " \t");
869 key_cmd
= match_token(c
, key_tokens
, args
);
872 /* first argument is key size */
873 c
= strsep(&datablob
, " \t");
876 ret
= kstrtol(c
, 10, &keylen
);
877 if (ret
< 0 || keylen
< MIN_KEY_SIZE
|| keylen
> MAX_KEY_SIZE
)
880 ret
= getoptions(datablob
, p
, o
);
886 /* first argument is sealed blob */
887 c
= strsep(&datablob
, " \t");
890 p
->blob_len
= strlen(c
) / 2;
891 if (p
->blob_len
> MAX_BLOB_SIZE
)
893 ret
= hex2bin(p
->blob
, c
, p
->blob_len
);
896 ret
= getoptions(datablob
, p
, o
);
902 /* all arguments are options */
903 ret
= getoptions(datablob
, p
, o
);
915 static struct trusted_key_options
*trusted_options_alloc(void)
917 struct trusted_key_options
*options
;
920 tpm2
= tpm_is_tpm2(TPM_ANY_NUM
);
924 options
= kzalloc(sizeof *options
, GFP_KERNEL
);
926 /* set any non-zero defaults */
927 options
->keytype
= SRK_keytype
;
930 options
->keyhandle
= SRKHANDLE
;
935 static struct trusted_key_payload
*trusted_payload_alloc(struct key
*key
)
937 struct trusted_key_payload
*p
= NULL
;
940 ret
= key_payload_reserve(key
, sizeof *p
);
943 p
= kzalloc(sizeof *p
, GFP_KERNEL
);
945 p
->migratable
= 1; /* migratable by default */
950 * trusted_instantiate - create a new trusted key
952 * Unseal an existing trusted blob or, for a new key, get a
953 * random key, then seal and create a trusted key-type key,
954 * adding it to the specified keyring.
956 * On success, return 0. Otherwise return errno.
958 static int trusted_instantiate(struct key
*key
,
959 struct key_preparsed_payload
*prep
)
961 struct trusted_key_payload
*payload
= NULL
;
962 struct trusted_key_options
*options
= NULL
;
963 size_t datalen
= prep
->datalen
;
970 tpm2
= tpm_is_tpm2(TPM_ANY_NUM
);
974 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
977 datablob
= kmalloc(datalen
+ 1, GFP_KERNEL
);
980 memcpy(datablob
, prep
->data
, datalen
);
981 datablob
[datalen
] = '\0';
983 options
= trusted_options_alloc();
988 payload
= trusted_payload_alloc(key
);
994 key_cmd
= datablob_parse(datablob
, payload
, options
);
1000 if (!options
->keyhandle
) {
1005 dump_payload(payload
);
1006 dump_options(options
);
1011 ret
= tpm_unseal_trusted(TPM_ANY_NUM
, payload
, options
);
1013 ret
= key_unseal(payload
, options
);
1014 dump_payload(payload
);
1015 dump_options(options
);
1017 pr_info("trusted_key: key_unseal failed (%d)\n", ret
);
1020 key_len
= payload
->key_len
;
1021 ret
= tpm_get_random(TPM_ANY_NUM
, payload
->key
, key_len
);
1022 if (ret
!= key_len
) {
1023 pr_info("trusted_key: key_create failed (%d)\n", ret
);
1027 ret
= tpm_seal_trusted(TPM_ANY_NUM
, payload
, options
);
1029 ret
= key_seal(payload
, options
);
1031 pr_info("trusted_key: key_seal failed (%d)\n", ret
);
1037 if (!ret
&& options
->pcrlock
)
1038 ret
= pcrlock(options
->pcrlock
);
1043 rcu_assign_keypointer(key
, payload
);
1049 static void trusted_rcu_free(struct rcu_head
*rcu
)
1051 struct trusted_key_payload
*p
;
1053 p
= container_of(rcu
, struct trusted_key_payload
, rcu
);
1058 * trusted_update - reseal an existing key with new PCR values
1060 static int trusted_update(struct key
*key
, struct key_preparsed_payload
*prep
)
1062 struct trusted_key_payload
*p
;
1063 struct trusted_key_payload
*new_p
;
1064 struct trusted_key_options
*new_o
;
1065 size_t datalen
= prep
->datalen
;
1069 if (test_bit(KEY_FLAG_NEGATIVE
, &key
->flags
))
1071 p
= key
->payload
.data
[0];
1074 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
1077 datablob
= kmalloc(datalen
+ 1, GFP_KERNEL
);
1080 new_o
= trusted_options_alloc();
1085 new_p
= trusted_payload_alloc(key
);
1091 memcpy(datablob
, prep
->data
, datalen
);
1092 datablob
[datalen
] = '\0';
1093 ret
= datablob_parse(datablob
, new_p
, new_o
);
1094 if (ret
!= Opt_update
) {
1100 if (!new_o
->keyhandle
) {
1106 /* copy old key values, and reseal with new pcrs */
1107 new_p
->migratable
= p
->migratable
;
1108 new_p
->key_len
= p
->key_len
;
1109 memcpy(new_p
->key
, p
->key
, p
->key_len
);
1111 dump_payload(new_p
);
1113 ret
= key_seal(new_p
, new_o
);
1115 pr_info("trusted_key: key_seal failed (%d)\n", ret
);
1119 if (new_o
->pcrlock
) {
1120 ret
= pcrlock(new_o
->pcrlock
);
1122 pr_info("trusted_key: pcrlock failed (%d)\n", ret
);
1127 rcu_assign_keypointer(key
, new_p
);
1128 call_rcu(&p
->rcu
, trusted_rcu_free
);
1136 * trusted_read - copy the sealed blob data to userspace in hex.
1137 * On success, return to userspace the trusted key datablob size.
1139 static long trusted_read(const struct key
*key
, char __user
*buffer
,
1142 const struct trusted_key_payload
*p
;
1147 p
= dereference_key_locked(key
);
1150 if (!buffer
|| buflen
<= 0)
1151 return 2 * p
->blob_len
;
1152 ascii_buf
= kmalloc(2 * p
->blob_len
, GFP_KERNEL
);
1157 for (i
= 0; i
< p
->blob_len
; i
++)
1158 bufp
= hex_byte_pack(bufp
, p
->blob
[i
]);
1159 if ((copy_to_user(buffer
, ascii_buf
, 2 * p
->blob_len
)) != 0) {
1164 return 2 * p
->blob_len
;
1168 * trusted_destroy - clear and free the key's payload
1170 static void trusted_destroy(struct key
*key
)
1172 kzfree(key
->payload
.data
[0]);
1175 struct key_type key_type_trusted
= {
1177 .instantiate
= trusted_instantiate
,
1178 .update
= trusted_update
,
1179 .destroy
= trusted_destroy
,
1180 .describe
= user_describe
,
1181 .read
= trusted_read
,
1184 EXPORT_SYMBOL_GPL(key_type_trusted
);
1186 static void trusted_shash_release(void)
1189 crypto_free_shash(hashalg
);
1191 crypto_free_shash(hmacalg
);
1194 static int __init
trusted_shash_alloc(void)
1198 hmacalg
= crypto_alloc_shash(hmac_alg
, 0, CRYPTO_ALG_ASYNC
);
1199 if (IS_ERR(hmacalg
)) {
1200 pr_info("trusted_key: could not allocate crypto %s\n",
1202 return PTR_ERR(hmacalg
);
1205 hashalg
= crypto_alloc_shash(hash_alg
, 0, CRYPTO_ALG_ASYNC
);
1206 if (IS_ERR(hashalg
)) {
1207 pr_info("trusted_key: could not allocate crypto %s\n",
1209 ret
= PTR_ERR(hashalg
);
1216 crypto_free_shash(hmacalg
);
1220 static int __init
init_trusted(void)
1224 ret
= trusted_shash_alloc();
1227 ret
= register_key_type(&key_type_trusted
);
1229 trusted_shash_release();
1233 static void __exit
cleanup_trusted(void)
1235 trusted_shash_release();
1236 unregister_key_type(&key_type_trusted
);
1239 late_initcall(init_trusted
);
1240 module_exit(cleanup_trusted
);
1242 MODULE_LICENSE("GPL");