From patchwork Sat Oct 31 15:53:44 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 7531321 Return-Path: X-Original-To: patchwork-tpmdd-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 0133A9F399 for ; Sat, 31 Oct 2015 15:55:02 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id DFFE520644 for ; Sat, 31 Oct 2015 15:55:01 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 804FF20643 for ; Sat, 31 Oct 2015 15:55:00 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1ZsYUd-00005g-9a; Sat, 31 Oct 2015 15:54:59 +0000 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1ZsYUb-00005Z-It for tpmdd-devel@lists.sourceforge.net; Sat, 31 Oct 2015 15:54:57 +0000 X-ACL-Warn: Received: from mga09.intel.com ([134.134.136.24]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1ZsYUa-0000m3-21 for tpmdd-devel@lists.sourceforge.net; Sat, 31 Oct 2015 15:54:57 +0000 Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP; 31 Oct 2015 08:54:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,224,1444719600"; d="scan'208";a="675701728" Received: from befengex-mobl.ger.corp.intel.com (HELO localhost) ([10.252.10.98]) by orsmga003.jf.intel.com with ESMTP; 31 Oct 2015 08:54:45 -0700 From: Jarkko Sakkinen To: Peter Huewe , Marcel Selhorst , Mimi Zohar , David Howells Date: Sat, 31 Oct 2015 17:53:44 +0200 Message-Id: <1446306824-25175-1-git-send-email-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.5.0 X-Spam-Score: -0.2 (/) X-Headers-End: 1ZsYUa-0000m3-21 Cc: David Safford , linux-kernel@vger.kernel.org, josh@joshtriplett.org, seth.forshee@canonical.com, linux-security-module@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, keyrings@vger.kernel.org, James Morris , colin.king@canonical.com, "Serge E. Hallyn" , chris.j.arges@canonical.com Subject: [tpmdd-devel] [PATCH RFC] tpm: seal with a policy X-BeenThere: tpmdd-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: Tpm Device Driver maintainance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: tpmdd-devel-bounces@lists.sourceforge.net X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, HK_RANDOM_ENVFROM, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Support for sealing with a policy. Two new options for trusted keys: * 'policydigest=': provide a policydigest for the seal operation. * 'policyhandle=': provide handle for a policy session for unsealing. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/Kconfig | 1 + drivers/char/tpm/tpm2-cmd.c | 20 +++++++++++++++++--- include/keys/trusted-type.h | 3 +++ security/keys/trusted.c | 26 ++++++++++++++++++++++++-- 4 files changed, 45 insertions(+), 5 deletions(-) diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index 3b84a8b..bd86261 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -6,6 +6,7 @@ menuconfig TCG_TPM tristate "TPM Hardware Support" depends on HAS_IOMEM select SECURITYFS + select CRYPTO_HASH_INFO ---help--- If you have a TPM security chip in your system, which implements the Trusted Computing Group's specification, diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index b08a0b4..6f567c3 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -463,6 +463,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip, return -EINVAL; } + if (options->policydigest_len > hash_digest_size[options->hash]) + return -EINVAL; + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); if (rc) return rc; @@ -488,8 +491,17 @@ int tpm2_seal_trusted(struct tpm_chip *chip, tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); tpm_buf_append_u16(&buf, hash); - tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); - tpm_buf_append_u16(&buf, 0); /* policy digest size */ + + if (options->policydigest_len) { + tpm_buf_append_u32(&buf, 0); + tpm_buf_append_u16(&buf, options->policydigest_len); + tpm_buf_append(&buf, options->policydigest, + options->policydigest_len); + } else { + tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); + tpm_buf_append_u16(&buf, 0); + } + tpm_buf_append_u16(&buf, TPM2_ALG_NULL); tpm_buf_append_u16(&buf, 0); @@ -617,7 +629,9 @@ static int tpm2_unseal(struct tpm_chip *chip, return rc; tpm_buf_append_u32(&buf, blob_handle); - tpm2_buf_append_auth(&buf, TPM2_RS_PW, + tpm2_buf_append_auth(&buf, + options->policyhandle ? + options->policyhandle : TPM2_RS_PW, NULL /* nonce */, 0, 0 /* session_attributes */, options->blobauth /* hmac */, diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index a6a1008..e4beeca 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -37,6 +37,9 @@ struct trusted_key_options { unsigned char pcrinfo[MAX_PCRINFO_SIZE]; int pcrlock; uint32_t hash; + uint32_t policydigest_len; + unsigned char *policydigest; + uint32_t policyhandle; }; extern struct key_type key_type_trusted; diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 7a87bcd..ea043ff 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -713,6 +713,8 @@ enum { Opt_keyhandle, Opt_keyauth, Opt_blobauth, Opt_pcrinfo, Opt_pcrlock, Opt_migratable, Opt_hash, + Opt_policydigest, + Opt_policyhandle, }; static const match_table_t key_tokens = { @@ -726,6 +728,8 @@ static const match_table_t key_tokens = { {Opt_pcrlock, "pcrlock=%s"}, {Opt_migratable, "migratable=%s"}, {Opt_hash, "hash=%s"}, + {Opt_policydigest, "policydigest=%s"}, + {Opt_policyhandle, "policyhandle=%s"}, {Opt_err, NULL} }; @@ -804,6 +808,17 @@ static int getoptions(char *c, struct trusted_key_payload *pay, if (i == HASH_ALGO__LAST || (!res && i != HASH_ALGO_SHA1)) return -EINVAL; + case Opt_policydigest: + opt->policydigest_len = strlen(args[0].from); + opt->policydigest = kstrdup(args[0].from, GFP_KERNEL); + if (!opt->policydigest) + return -ENOMEM; + break; + case Opt_policyhandle: + res = kstrtoul(args[0].from, 16, &handle); + if (res < 0) + return -EINVAL; + opt->policyhandle = handle; break; default: return -EINVAL; @@ -897,6 +912,13 @@ static struct trusted_key_options *trusted_options_alloc(void) return options; } +static void trusted_options_free(struct trusted_key_options *options) +{ + if (options->policydigest) + kfree(options->policydigest); + kfree(options); +} + static struct trusted_key_payload *trusted_payload_alloc(struct key *key) { struct trusted_key_payload *p = NULL; @@ -1003,7 +1025,7 @@ static int trusted_instantiate(struct key *key, ret = pcrlock(options->pcrlock); out: kfree(datablob); - kfree(options); + trusted_options_free(options); if (!ret) rcu_assign_keypointer(key, payload); else @@ -1091,7 +1113,7 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep) call_rcu(&p->rcu, trusted_rcu_free); out: kfree(datablob); - kfree(new_o); + trusted_options_free(new_o); return ret; }