From patchwork Tue Aug 21 15:58:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 10571985 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2690C17E0 for ; Tue, 21 Aug 2018 15:58:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 15BB92A9AE for ; Tue, 21 Aug 2018 15:58:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 09F4F2A9B3; Tue, 21 Aug 2018 15:58:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A98A82A9B1 for ; Tue, 21 Aug 2018 15:58:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728166AbeHUTTh (ORCPT ); Tue, 21 Aug 2018 15:19:37 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:45178 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727593AbeHUTTh (ORCPT ); Tue, 21 Aug 2018 15:19:37 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 58AB4402178A; Tue, 21 Aug 2018 15:58:53 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-123-147.rdu2.redhat.com [10.10.123.147]) by smtp.corp.redhat.com (Postfix) with ESMTP id 64FB91010413; Tue, 21 Aug 2018 15:58:52 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 18/23] TPMLIB: Encapsulate XOR-based encryption with authkey derivative From: David Howells To: denkenz@gmail.com, jarkko.sakkinen@linux.intel.com, jejb@linux.vnet.ibm.com Cc: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org Date: Tue, 21 Aug 2018 16:58:51 +0100 Message-ID: <153486713189.13066.10919642243213217779.stgit@warthog.procyon.org.uk> In-Reply-To: <153486700916.13066.12870860668352070081.stgit@warthog.procyon.org.uk> References: <153486700916.13066.12870860668352070081.stgit@warthog.procyon.org.uk> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Tue, 21 Aug 2018 15:58:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Tue, 21 Aug 2018 15:58:53 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Encapsulate XOR-based encryption with a symmetric key derived from the authkey so that it can be used in multiple functions. Signed-off-by: David Howells --- drivers/char/tpm/tpm-library.c | 42 +++++++++++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/drivers/char/tpm/tpm-library.c b/drivers/char/tpm/tpm-library.c index 329b5c3f23a2..9234a2e7608f 100644 --- a/drivers/char/tpm/tpm-library.c +++ b/drivers/char/tpm/tpm-library.c @@ -489,6 +489,30 @@ struct tpm_digests { struct tpm_odd_nonce ononce; }; +/* + * Calculate an XOR-based symmetric key that can be used to encrypt protected + * data. The key is left in td->xorhash. + */ +static int tpm_calc_symmetric_authkey(struct tpm_digests *td, + const u8 *secret, + const struct tpm_even_nonce *enonce) +{ + memcpy(td->xorwork, secret, SHA1_DIGEST_SIZE); + memcpy(td->xorwork + SHA1_DIGEST_SIZE, enonce->data, SHA1_DIGEST_SIZE); + return TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); +} + +/* + * Encrypt/decrypt data with a previously calculated XOR-based symmetric key. + */ +static void tpm_crypt_with_authkey(const struct tpm_digests *td, + const u8 *data, u8 *buffer) +{ + int i; + for (i = 0; i < SHA1_DIGEST_SIZE; ++i) + buffer[i] = td->xorhash[i] ^ data[i]; +} + /** * tpm_seal - Encrypt one key according to another plus PCR state * @chip: The chip to use @@ -528,7 +552,6 @@ int tpm_seal(struct tpm_chip *chip, int encdatasize; int storedsize; int ret; - int i; /* alloc some work space for all the hashes */ td = kmalloc(sizeof *td, GFP_KERNEL); @@ -541,13 +564,18 @@ int tpm_seal(struct tpm_chip *chip, goto out; dump_sess(&sess); - /* calculate encrypted authorization value */ - memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE); - memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce.data, SHA1_DIGEST_SIZE); - ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); + /* We need to pass a 'password' to the TPM with which it will encrypt + * the sealed data before returning it. So that the password doesn't + * travel to the TPM in the clear, we generate a symmetric key from the + * negotiated and encrypted session data and encrypt the password with + * that. + */ + ret = tpm_calc_symmetric_authkey(td, sess.secret, &sess.enonce); if (ret < 0) goto out; + tpm_crypt_with_authkey(td, encauth, td->encauth); + /* Set up the parameters we will be sending */ ret = tpm_gen_odd_nonce(chip, &td->ononce); if (ret < 0) goto out; @@ -556,10 +584,6 @@ int tpm_seal(struct tpm_chip *chip, pcrinfosize_be = cpu_to_be32(pcrinfosize); cont = 0; - /* encrypt data authorization key */ - for (i = 0; i < SHA1_DIGEST_SIZE; ++i) - td->encauth[i] = td->xorhash[i] ^ encauth[i]; - /* calculate authorization HMAC value */ BUG_ON(!pcrinfo); ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE,