From patchwork Sat May 18 21:36:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13667711 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2077F6BB26; Sat, 18 May 2024 21:37:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068233; cv=none; b=nkJapSPyy4DD70cS1jT7wK2acUYYoGLBjSFbgX6o3dCzeJm3v8BZ5fVcG5z6Ox+STbjE5ss3pkRKwYiWTtsfJ+lNX6DqT0s+2t3HKjmCxPwRBtDgGHgT2IU+p6uUR+TX/IUpIeZHJgxjpzCJ6uYsU1T9zI67Ox7e/l771jRAhow= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068233; c=relaxed/simple; bh=rQTPLrmfpCPpQ7Zz53PlLkcw1m7mUahOVVqZUGpxmKU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HSlK9VA1/ZxT5Q+CgGxrpsmpcU9wxgaEXJlz5b7iVfrBdtbIj9r08Sj8JgemKSf0Kz73hPxSOHuHMrtgQ1XEOMOFB3CuNmqVq9MxR2bCSEydlinuPsiUw/FLh6+7ENqpvZMpn5d+8TZbiUNs55abM84Q+VtPshu2H82SKcTWxsg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=XSYiLLKI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="XSYiLLKI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4737BC113CC; Sat, 18 May 2024 21:37:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716068232; bh=rQTPLrmfpCPpQ7Zz53PlLkcw1m7mUahOVVqZUGpxmKU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XSYiLLKIHu7Nrg0S8+XZkRLFKSjClMj5gKU88AhUwhdr1TVBY0wxmSW1Nu5q5yLeI uUgnFyLL6KKLz7ZRA4gFXM7YN9B8xfR3ZhsD8AGL6a98VLe/eW2mie1P3AE7giDotb WwAOMaXOgjUZAlQHjy0w10VwnQN9V1mJId53W/bd/Fwge7xO6DYUvCJHnAWb2rbMRt 7ymY7IoeVJXm/NJZA5+aXa0dnD5I8BFGWsVkAv7cBrxoj0SBfdlvgVZoUbiegG9ja2 5Qyp5l5f2WMpCaV+I3IIc7CBLhxquIT9Ijf8WVlu5qlmDZ+PLx4S3BFnBqZtgSFrtt f/TWXvOUXX1Dg== From: Jarkko Sakkinen To: Herbert Xu Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, Andreas.Fuchs@infineon.com, James Prestwood , David Woodhouse , Jarkko Sakkinen , David Howells , "David S. Miller" , Peter Huewe , Jason Gunthorpe , James Bottomley , Stefan Berger , Ard Biesheuvel , Mario Limonciello , linux-crypto@vger.kernel.org (open list:CRYPTO API), linux-kernel@vger.kernel.org (open list) Subject: [PATCH RFC 1/5] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() Date: Sun, 19 May 2024 00:36:21 +0300 Message-ID: <20240518213700.5960-2-jarkko@kernel.org> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240518213700.5960-1-jarkko@kernel.org> References: <20240518213700.5960-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 ASN.1 template is required for TPM2 asymmetric keys, as it needs to be piggy-packed with the input data before applying TPM2_RSA_Decrypt. This patch prepares crypto subsystem for the addition of those keys. Signed-off-by: Jarkko Sakkinen --- crypto/rsa-pkcs1pad.c | 16 ++++++++++------ include/crypto/rsa-pkcs1pad.h | 20 ++++++++++++++++++++ 2 files changed, 30 insertions(+), 6 deletions(-) create mode 100644 include/crypto/rsa-pkcs1pad.h diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index cd501195f34a..00b6c14f861c 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -7,6 +7,7 @@ #include #include +#include #include #include #include @@ -79,11 +80,7 @@ static const u8 rsa_digest_info_sha3_512[] = { 0x05, 0x00, 0x04, 0x40 }; -static const struct rsa_asn1_template { - const char *name; - const u8 *data; - size_t size; -} rsa_asn1_templates[] = { +static const struct rsa_asn1_template rsa_asn1_templates[] = { #define _(X) { #X, rsa_digest_info_##X, sizeof(rsa_digest_info_##X) } _(md5), _(sha1), @@ -101,7 +98,13 @@ static const struct rsa_asn1_template { { NULL } }; -static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name) +/** + * rsa_lookup_asn1() - Lookup the ASN.1 digest info given the hash + * name: hash algorithm name + * + * Returns the ASN.1 digest info on success, and NULL on failure. + */ +const struct rsa_asn1_template *rsa_lookup_asn1(const char *name) { const struct rsa_asn1_template *p; @@ -110,6 +113,7 @@ static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name) return p; return NULL; } +EXPORT_SYMBOL_GPL(rsa_lookup_asn1); struct pkcs1pad_ctx { struct crypto_akcipher *child; diff --git a/include/crypto/rsa-pkcs1pad.h b/include/crypto/rsa-pkcs1pad.h new file mode 100644 index 000000000000..32c7453ff644 --- /dev/null +++ b/include/crypto/rsa-pkcs1pad.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * RSA padding templates. + */ + +#ifndef _CRYPTO_RSA_PKCS1PAD_H +#define _CRYPTO_RSA_PKCS1PAD_H + +/* + * Hash algorithm name to ASN.1 template mapping. + */ +struct rsa_asn1_template { + const char *name; + const u8 *data; + size_t size; +}; + +const struct rsa_asn1_template *rsa_lookup_asn1(const char *name); + +#endif /* _CRYPTO_RSA_PKCS1PAD_H */ From patchwork Sat May 18 21:36:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13667712 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 948906D1A6; Sat, 18 May 2024 21:37:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068241; cv=none; b=MU6OXJKlzeSJjaWAe0olWsy1ZlK2OtOMat9uLXeT4spQ9lCn/8csFsQPXwhQ1mwW7jBPc9K3Irh4hSmBGL67v8m+wfLV71zK/4J5zbCulR4tLxDSPCHliXlXui3JdsysbTTgStmh8J+JJhVWBRcpVAc7bPB4owWDkUOomcCONc4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068241; c=relaxed/simple; bh=oTDI4GPnHAbi7+pIHO4XaSxp6pYbisRl2egk0kE22ZY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YS5+WE6ANE+1c9vEwfK7quliRE59FwP9GysXmXWBKyFyFmYxjZ6dU2z2Qk/YnbW5bfLhcFLgXxZ+6LlwQl0Fb9ZCqNdTx5Cqo3bjKpW0Vvx8nURMieRp+6I7UXhH0fXUEDJ9O0/KkDIl2VY7pX8RrTCd3EYTTmjqrV6tIZ1Yv14= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=IZyR8USm; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="IZyR8USm" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B5E08C113CC; Sat, 18 May 2024 21:37:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716068241; bh=oTDI4GPnHAbi7+pIHO4XaSxp6pYbisRl2egk0kE22ZY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IZyR8USmjGrMZh5FqP07EwY10XC4MOoeEw8TJBPCT6yB/TNQW/6H10duJtYv3aOgn RN+JI/BhSQPsPI7I2gooPd/GnxrXn/4DQA4FeKCxv5VqMwrtA2ayHNA08iv4jJJ0dp JEcpYetneQecfmz7LbiNvuL9O7wwU3UmBaBXtkuXAa/mSrJ9eEVkaM82rzePSSlKmO Rr9rr7xo9u2BMIaweRULRhLBxhQF1dEZtW1p8z9Vm5ewv/GSFPCo6tR0DXD/ktu/tM NxzrPd85NEHD4kwe7ZmfbWNplYXKOMGaIjBIKWmtIcfi7YAOiYoQ+xdjZfef+MRWaQ Wjc7YWPe3sUxg== From: Jarkko Sakkinen To: Herbert Xu Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, Andreas.Fuchs@infineon.com, James Prestwood , David Woodhouse , Jarkko Sakkinen , David Howells , "David S. Miller" , Peter Huewe , Jason Gunthorpe , James Bottomley , Stefan Berger , Ard Biesheuvel , Mario Limonciello , linux-crypto@vger.kernel.org (open list:CRYPTO API), linux-kernel@vger.kernel.org (open list) Subject: [PATCH RFC 2/5] tpm: export tpm2_load_context() Date: Sun, 19 May 2024 00:36:22 +0300 Message-ID: <20240518213700.5960-3-jarkko@kernel.org> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240518213700.5960-1-jarkko@kernel.org> References: <20240518213700.5960-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm.h | 2 - drivers/char/tpm/tpm2-cmd.c | 77 +++++++++++++++++++++++++++++++++++ drivers/char/tpm/tpm2-space.c | 61 --------------------------- include/linux/tpm.h | 2 + 4 files changed, 79 insertions(+), 63 deletions(-) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 6b8b9956ba69..c9c67fe84f33 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -314,8 +314,6 @@ int tpm_devs_add(struct tpm_chip *chip); void tpm_devs_remove(struct tpm_chip *chip); int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, unsigned int buf_size, unsigned int *offset); -int tpm2_load_context(struct tpm_chip *chip, u8 *buf, - unsigned int *offset, u32 *handle); void tpm_bios_log_setup(struct tpm_chip *chip); void tpm_bios_log_teardown(struct tpm_chip *chip); diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 0cdf892ec2a7..eb07a109e2ba 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -370,6 +370,83 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle) } EXPORT_SYMBOL_GPL(tpm2_flush_context); +struct tpm2_context { + __be64 sequence; + __be32 saved_handle; + __be32 hierarchy; + __be16 blob_size; +} __packed; + +/** + * tpm2_load_context() - Load TPM2 object to the TPM memory + * @chip: TPM chip to use + * @buf: Blob containing TPM2 object. + * @offset: Output variable for the offset in @buf reached. + * @handle: Output variable for the handle of the object in TPM memory. + * + * Load a blob encrypted with TPM from the memory to the TPM chip. + * + * Return: + * - 0 when the blob is successfully loaded to the TPM. + * - -EFAULT if the TPM chip itself fails. + * - -ENOENT if the TPM object is replayed. + * - -EINVAL if the TPM object is corrupted. + */ +int tpm2_load_context(struct tpm_chip *chip, const u8 *buf, + unsigned int *offset, u32 *handle) +{ + struct tpm_buf tbuf; + struct tpm2_context *ctx; + unsigned int body_size; + int rc; + + rc = tpm_buf_init(&tbuf, TPM2_ST_NO_SESSIONS, TPM2_CC_CONTEXT_LOAD); + if (rc) + return rc; + + ctx = (struct tpm2_context *)&buf[*offset]; + body_size = sizeof(*ctx) + be16_to_cpu(ctx->blob_size); + tpm_buf_append(&tbuf, &buf[*offset], body_size); + + rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL); + if (rc < 0) { + dev_warn(&chip->dev, "%s: failed with a system error %d\n", + __func__, rc); + tpm_buf_destroy(&tbuf); + return -EFAULT; + } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE || + rc == TPM2_RC_REFERENCE_H0) { + /* + * TPM_RC_HANDLE means that the session context can't + * be loaded because of an internal counter mismatch + * that makes the TPM think there might have been a + * replay. This might happen if the context was saved + * and loaded outside the space. + * + * TPM_RC_REFERENCE_H0 means the session has been + * flushed outside the space + */ + *handle = 0; + tpm_buf_destroy(&tbuf); + return -ENOENT; + } else if (tpm2_rc_value(rc) == TPM2_RC_INTEGRITY) { + tpm_buf_destroy(&tbuf); + return -EINVAL; + } else if (rc > 0) { + dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n", + __func__, rc); + tpm_buf_destroy(&tbuf); + return -EFAULT; + } + + *handle = be32_to_cpup((__be32 *)&tbuf.data[TPM_HEADER_SIZE]); + *offset += body_size; + + tpm_buf_destroy(&tbuf); + return 0; +} +EXPORT_SYMBOL_GPL(tpm2_load_context); + struct tpm2_get_cap_out { u8 more_data; __be32 subcap_id; diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index 4892d491da8d..708c6e4d64cd 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -21,13 +21,6 @@ enum tpm2_handle_types { TPM2_HT_TRANSIENT = 0x80000000, }; -struct tpm2_context { - __be64 sequence; - __be32 saved_handle; - __be32 hierarchy; - __be16 blob_size; -} __packed; - static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space) { int i; @@ -68,60 +61,6 @@ void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space) kfree(space->session_buf); } -int tpm2_load_context(struct tpm_chip *chip, u8 *buf, - unsigned int *offset, u32 *handle) -{ - struct tpm_buf tbuf; - struct tpm2_context *ctx; - unsigned int body_size; - int rc; - - rc = tpm_buf_init(&tbuf, TPM2_ST_NO_SESSIONS, TPM2_CC_CONTEXT_LOAD); - if (rc) - return rc; - - ctx = (struct tpm2_context *)&buf[*offset]; - body_size = sizeof(*ctx) + be16_to_cpu(ctx->blob_size); - tpm_buf_append(&tbuf, &buf[*offset], body_size); - - rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL); - if (rc < 0) { - dev_warn(&chip->dev, "%s: failed with a system error %d\n", - __func__, rc); - tpm_buf_destroy(&tbuf); - return -EFAULT; - } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE || - rc == TPM2_RC_REFERENCE_H0) { - /* - * TPM_RC_HANDLE means that the session context can't - * be loaded because of an internal counter mismatch - * that makes the TPM think there might have been a - * replay. This might happen if the context was saved - * and loaded outside the space. - * - * TPM_RC_REFERENCE_H0 means the session has been - * flushed outside the space - */ - *handle = 0; - tpm_buf_destroy(&tbuf); - return -ENOENT; - } else if (tpm2_rc_value(rc) == TPM2_RC_INTEGRITY) { - tpm_buf_destroy(&tbuf); - return -EINVAL; - } else if (rc > 0) { - dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n", - __func__, rc); - tpm_buf_destroy(&tbuf); - return -EFAULT; - } - - *handle = be32_to_cpup((__be32 *)&tbuf.data[TPM_HEADER_SIZE]); - *offset += body_size; - - tpm_buf_destroy(&tbuf); - return 0; -} - int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, unsigned int buf_size, unsigned int *offset) { diff --git a/include/linux/tpm.h b/include/linux/tpm.h index c17e4efbb2e5..2f25ca07127b 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -466,6 +466,8 @@ extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max); extern struct tpm_chip *tpm_default_chip(void); void tpm2_flush_context(struct tpm_chip *chip, u32 handle); +int tpm2_load_context(struct tpm_chip *chip, const u8 *buf, + unsigned int *offset, u32 *handle); static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) { From patchwork Sat May 18 21:36:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13667713 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFCA56CDC8; Sat, 18 May 2024 21:37:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068250; cv=none; b=kWHM6l8JsCpNCZXEJrcs5aFTrolPT6OVSeS5JiGFYL+j+IVKtpgJeLo+FaWaT9+nEEOUg46slHDhjlQvBfdI8hJjjoxxCIRsw+oiuwShWDui1lZlDX6gxW41u6WHwktNuqdbpml7EOV4FzrUAhS2qTeGCkNR9iKUuWKtfsXiBbA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068250; c=relaxed/simple; bh=tA41U9a2wJeaKnsli+rQ8ii0Z8V5FL/JPrU6bK6Nik0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KwiOah7lL+fXq5tiVqmppfXx9eOlxIbSvqsZanoxv92nB8Iro+s7MCgbxmyTkYGheY6t5W7g6S+yTJ5b628qjlmbU4NZAw8zq5HePIIvlqErTl6VH1JTkbek/WwLpFySZABzXbsi0PKQ18DtdjaIc9a3hzdL3MSR55JYtrm4VvM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ed+nA6ka; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ed+nA6ka" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 172B0C113CC; Sat, 18 May 2024 21:37:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716068249; bh=tA41U9a2wJeaKnsli+rQ8ii0Z8V5FL/JPrU6bK6Nik0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ed+nA6karKcB1mIgDVAhFBBO0U0GV0RiNJn9faBv9vR9wtVAbUetdW90GPR9guC/z GUhJ3gJHRP4MvyroDIgA8cSML9SJ4X0iO9bTc1Ys0QJbXlFn3xgMeUYcRdCcsRgcY1 zuXCuB0kd9/B1UZq7pTdpegek1Aq+z6cmx8twpK1oBd9ydTWsqzSUX7OkFbXicWTom S0cCTpIQqeSs121rSkOwVYzO8iQyrvVQR3JKMDBs5demkfjH/mKGgyd6aylpI89Sgv +WkeKvQCSY+jVn3J6xS+YgawI0ReLuDcvk3q3w0Y/s75xpTvHr+Hg+S/fronCo9NMK lsl7nPmiJN5Ng== From: Jarkko Sakkinen To: Herbert Xu Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, Andreas.Fuchs@infineon.com, James Prestwood , David Woodhouse , Jarkko Sakkinen , David Howells , "David S. Miller" , Peter Huewe , Jason Gunthorpe , James Bottomley , Stefan Berger , Ard Biesheuvel , Mario Limonciello , linux-crypto@vger.kernel.org (open list:CRYPTO API), linux-kernel@vger.kernel.org (open list), stable@vger.kernel.org, Mimi Zohar , Paul Moore , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM) Subject: [PATCH RFC 3/5] KEYS: trusted: Do not use WARN when encode fails Date: Sun, 19 May 2024 00:36:23 +0300 Message-ID: <20240518213700.5960-4-jarkko@kernel.org> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240518213700.5960-1-jarkko@kernel.org> References: <20240518213700.5960-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable@vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..dbdd6a318b8b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -79,8 +80,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } From patchwork Sat May 18 21:36:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13667714 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 518387173C; Sat, 18 May 2024 21:37:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068258; cv=none; b=G0PBCpsNtnxZQA9GOQYIjUjBAyhV1JGVpHBZ1xnE/lMjWBcwY5XLHlx2islVSWyNQ/5jzK2CGUITE52tw6JJd/9Ppdl0xbpipaNJXWPe9q2x9F7uiVf8GMp6WUoFOQzZLtBdAvCdOZDt1rec/pYTx4CFwR+XqGK39QrOttS6e/M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068258; c=relaxed/simple; bh=/DeeGeqKplWQhwy76qpyNbT8TjV3ONNLsN34x0zSwng=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZGMl/eyzJqifhzZM5bTbok6x8EMN9rvlx9zwFL1hpsvolXgZnzToBba2JtdY9awIW2BydRe0ZdlCY/G4NSeU4jtwPRUrsG/gJN1SCisRFr+FHg0atIJVmme7icioaYJji5sRRDeVhhxm/E+f5OUffZ7rjQIFZw9I+PSSGobFi9Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RM7bQN+7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RM7bQN+7" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C07C7C113CC; Sat, 18 May 2024 21:37:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716068258; bh=/DeeGeqKplWQhwy76qpyNbT8TjV3ONNLsN34x0zSwng=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RM7bQN+78tMaMPKzx+VLfvv7mt22m3GRK89963TS1JXKifwjf2b1+wIk0bNo3bhNA e5Eb+DsBMSOgSSjQggmPRXQ82VpgiqiRt71jTdbc52iFy2cUqRzic/3PlyqyipkpTI EX8DEBglFUctV+PxmPtkpR9OGXU1DXokZzqJ09ssXcKjCIxWixasXjhQGCZDcG7TI4 Y4BbavE2kxZ0UdOfivb9Kj8nPBbT97aOeRX33M3W7opNU+Fj+0FKEL9wEpO2ctbWCe 1zfAi1MYMOBNi4NUk/Aqp1Az4fCeunrGffdLUxkd8grvLjyMPK3+TMMP9uXrGY13ya 4Y4Bit0tHLNFA== From: Jarkko Sakkinen To: Herbert Xu Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, Andreas.Fuchs@infineon.com, James Prestwood , David Woodhouse , Jarkko Sakkinen , David Howells , "David S. Miller" , Peter Huewe , Jason Gunthorpe , James Bottomley , Stefan Berger , Ard Biesheuvel , Mario Limonciello , linux-crypto@vger.kernel.org (open list:CRYPTO API), linux-kernel@vger.kernel.org (open list), Mimi Zohar , Paul Moore , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM) Subject: [PATCH RFC 4/5] KEYS: trusted: Migrate tpm2_key_{encode,decode}() to TPM driver Date: Sun, 19 May 2024 00:36:24 +0300 Message-ID: <20240518213700.5960-5-jarkko@kernel.org> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240518213700.5960-1-jarkko@kernel.org> References: <20240518213700.5960-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Migrate tpm2_key_{encode,decode}() to TPM driver and export the symbols to make them callable from trusted keys. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/Kconfig | 5 + drivers/char/tpm/Makefile | 5 + drivers/char/tpm/tpm2_key.c | 181 +++++++++++++++++ .../char/tpm}/tpm2key.asn1 | 0 include/crypto/tpm2_key.h | 33 ++++ security/keys/trusted-keys/Makefile | 2 - security/keys/trusted-keys/trusted_tpm2.c | 187 ++---------------- 7 files changed, 242 insertions(+), 171 deletions(-) create mode 100644 drivers/char/tpm/tpm2_key.c rename {security/keys/trusted-keys => drivers/char/tpm}/tpm2key.asn1 (100%) create mode 100644 include/crypto/tpm2_key.h diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index db41301e63f2..d5d06cc96932 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -3,10 +3,15 @@ # TPM device configuration # +config TCG_TPM2_KEY + bool + menuconfig TCG_TPM tristate "TPM Hardware Support" depends on HAS_IOMEM imply SECURITYFS + select ASN1 + select ASN1_ENCODER select CRYPTO select CRYPTO_HASH_INFO help diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile index 4c695b0388f3..071437058ef6 100644 --- a/drivers/char/tpm/Makefile +++ b/drivers/char/tpm/Makefile @@ -17,6 +17,11 @@ tpm-y += eventlog/tpm1.o tpm-y += eventlog/tpm2.o tpm-y += tpm-buf.o +# TPM2 Asymmetric Key +$(obj)/trusted_tpm2.o: $(obj)/tpm2key.asn1.h +tpm-y += tpm2key.asn1.o +tpm-y += tpm2_key.o + tpm-$(CONFIG_TCG_TPM2_HMAC) += tpm2-sessions.o tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o tpm-$(CONFIG_EFI) += eventlog/efi.o diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c new file mode 100644 index 000000000000..e09441efb0f0 --- /dev/null +++ b/drivers/char/tpm/tpm2_key.c @@ -0,0 +1,181 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#define pr_fmt(fmt) "tpm2_key: "fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include "tpm2key.asn1.h" + +static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 }; + +int tpm2_key_parent(void *context, size_t hdrlen, + unsigned char tag, + const void *value, size_t vlen) +{ + struct tpm2_key *ctx = context; + const u8 *v = value; + int i; + + ctx->parent = 0; + for (i = 0; i < vlen; i++) { + ctx->parent <<= 8; + ctx->parent |= v[i]; + } + + return 0; +} + +int tpm2_key_type(void *context, size_t hdrlen, + unsigned char tag, + const void *value, size_t vlen) +{ + enum OID oid = look_up_OID(value, vlen); + + if (oid != OID_TPMSealedData) { + char buffer[50]; + + sprint_oid(value, vlen, buffer, sizeof(buffer)); + pr_debug("OID is \"%s\" which is not TPMSealedData\n", + buffer); + return -EINVAL; + } + + return 0; +} + +int tpm2_key_pub(void *context, size_t hdrlen, + unsigned char tag, + const void *value, size_t vlen) +{ + struct tpm2_key *ctx = context; + + ctx->pub = value; + ctx->pub_len = vlen; + + return 0; +} + +int tpm2_key_priv(void *context, size_t hdrlen, + unsigned char tag, + const void *value, size_t vlen) +{ + struct tpm2_key *ctx = context; + + ctx->priv = value; + ctx->priv_len = vlen; + + return 0; +} + +/** + * tpm2_key_encode() - Encode TPM2 ASN.1 key. + * @blob: Decoded blob. + * @blob_auth_len: Authorization length. + * @key_handle: TPM2 handle of the key. + * @src: ASN.1 source. + * + * Encodes TPM2 ASN.1 key on success. Returns POSIX error code on failure. + */ +int tpm2_key_encode(u8 *blob, u32 blob_auth_len, u32 key_handle, u8 *src) +{ + const int SCRATCH_SIZE = PAGE_SIZE; + u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL); + u8 *work = scratch, *work1; + u8 *end_work = scratch + SCRATCH_SIZE; + u8 *priv, *pub; + u16 priv_len, pub_len; + int ret; + + priv_len = get_unaligned_be16(src) + 2; + priv = src; + + src += priv_len; + + pub_len = get_unaligned_be16(src) + 2; + pub = src; + + if (!scratch) + return -ENOMEM; + + work = asn1_encode_oid(work, end_work, tpm2key_oid, + asn1_oid_len(tpm2key_oid)); + + if (blob_auth_len == 0) { + unsigned char bool[3], *w = bool; + /* tag 0 is emptyAuth */ + w = asn1_encode_boolean(w, w + sizeof(bool), true); + if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) + return PTR_ERR(w); + work = asn1_encode_tag(work, end_work, 0, bool, w - bool); + } + + /* + * Assume both octet strings will encode to a 2 byte definite length + * + * Note: For a well behaved TPM, this warning should never + * trigger, so if it does there's something nefarious going on + */ + if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, + "BUG: scratch buffer is too small")) + return -EINVAL; + + work = asn1_encode_integer(work, end_work, key_handle); + work = asn1_encode_octet_string(work, end_work, pub, pub_len); + work = asn1_encode_octet_string(work, end_work, priv, priv_len); + + work1 = blob; + work1 = asn1_encode_sequence(work1, work1 + MAX_BLOB_SIZE, scratch, work - scratch); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encoder failed with %d\n", ret); + return ret; + } + + return work1 - blob; +} +EXPORT_SYMBOL_GPL(tpm2_key_encode); + +/** + * tpm_key_decode() - Decode TPM2 ASN.1 key. + * @src: ASN.1 source. + * @src_len: ASN.1 source length. + * @key: TPM2 asymmetric key. + * @max_key_len: Maximum length of the TPM2 asymmetric key. + * + * Decodes TPM2 ASN.1 key on success. Returns POSIX error code on failure. + */ +int tpm2_key_decode(const u8 *src, u32 src_len, struct tpm2_key *key, + u32 max_key_len) +{ + struct tpm2_key ctx; + int ret; + + memset(&ctx, 0, sizeof(ctx)); + + ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, src, src_len); + if (ret < 0) + return ret; + + if (ctx.priv_len + ctx.pub_len > max_key_len) + return -EINVAL; + + ctx.priv = kmemdup(ctx.priv, ctx.priv_len, GFP_KERNEL); + if (!ctx.priv) + return -ENOMEM; + + ctx.pub = kmemdup(ctx.pub, ctx.pub_len, GFP_KERNEL); + if (!ctx.pub) { + kfree(ctx.priv); + return -ENOMEM; + } + + memcpy(key, &ctx, sizeof(ctx)); + return 0; +} +EXPORT_SYMBOL_GPL(tpm2_key_decode); diff --git a/security/keys/trusted-keys/tpm2key.asn1 b/drivers/char/tpm/tpm2key.asn1 similarity index 100% rename from security/keys/trusted-keys/tpm2key.asn1 rename to drivers/char/tpm/tpm2key.asn1 diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h new file mode 100644 index 000000000000..e5d3330afef5 --- /dev/null +++ b/include/crypto/tpm2_key.h @@ -0,0 +1,33 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef __LINUX_TPM2_KEY_H__ +#define __LINUX_TPM2_KEY_H__ + +#include + +/* + * TPM2 ASN.1 key + */ +struct tpm2_key { + u32 parent; + const u8 *pub; + u32 pub_len; + const u8 *priv; + u32 priv_len; +}; + +int tpm2_key_encode(u8 *blob, u32 blob_auth_len, u32 key_handle, u8 *src); +int tpm2_key_decode(const u8 *src, u32 src_len, struct tpm2_key *key, + u32 max_key_len); + +/** + * tpm2_key_free() - Release TPM2 asymmetric key resources and reset values + * @key: TPM2 asymmetric key. + */ +static inline void tpm2_key_destroy(struct tpm2_key *key) +{ + kfree(key->priv); + kfree(key->pub); + memset(key, 0, sizeof(*key)); +} + +#endif /* __LINUX_TPM2_KEY_H__ */ diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile index f0f3b27f688b..2674d5c10fc9 100644 --- a/security/keys/trusted-keys/Makefile +++ b/security/keys/trusted-keys/Makefile @@ -7,9 +7,7 @@ obj-$(CONFIG_TRUSTED_KEYS) += trusted.o trusted-y += trusted_core.o trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o -$(obj)/trusted_tpm2.o: $(obj)/tpm2key.asn1.h trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o -trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dbdd6a318b8b..3e1140914ca4 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -13,11 +13,10 @@ #include #include +#include #include -#include "tpm2key.asn1.h" - static struct tpm2_hash tpm2_hash_map[] = { {HASH_ALGO_SHA1, TPM_ALG_SHA1}, {HASH_ALGO_SHA256, TPM_ALG_SHA256}, @@ -26,169 +25,6 @@ static struct tpm2_hash tpm2_hash_map[] = { {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, }; -static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 }; - -static int tpm2_key_encode(struct trusted_key_payload *payload, - struct trusted_key_options *options, - u8 *src, u32 len) -{ - const int SCRATCH_SIZE = PAGE_SIZE; - u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL); - u8 *work = scratch, *work1; - u8 *end_work = scratch + SCRATCH_SIZE; - u8 *priv, *pub; - u16 priv_len, pub_len; - int ret; - - priv_len = get_unaligned_be16(src) + 2; - priv = src; - - src += priv_len; - - pub_len = get_unaligned_be16(src) + 2; - pub = src; - - if (!scratch) - return -ENOMEM; - - work = asn1_encode_oid(work, end_work, tpm2key_oid, - asn1_oid_len(tpm2key_oid)); - - if (options->blobauth_len == 0) { - unsigned char bool[3], *w = bool; - /* tag 0 is emptyAuth */ - w = asn1_encode_boolean(w, w + sizeof(bool), true); - if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) - return PTR_ERR(w); - work = asn1_encode_tag(work, end_work, 0, bool, w - bool); - } - - /* - * Assume both octet strings will encode to a 2 byte definite length - * - * Note: For a well behaved TPM, this warning should never - * trigger, so if it does there's something nefarious going on - */ - if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, - "BUG: scratch buffer is too small")) - return -EINVAL; - - work = asn1_encode_integer(work, end_work, options->keyhandle); - work = asn1_encode_octet_string(work, end_work, pub, pub_len); - work = asn1_encode_octet_string(work, end_work, priv, priv_len); - - work1 = payload->blob; - work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), - scratch, work - scratch); - if (IS_ERR(work1)) { - ret = PTR_ERR(work1); - pr_err("ASN.1 encode error %d\n", ret); - return ret; - } - - return work1 - payload->blob; -} - -struct tpm2_key_context { - u32 parent; - const u8 *pub; - u32 pub_len; - const u8 *priv; - u32 priv_len; -}; - -static int tpm2_key_decode(struct trusted_key_payload *payload, - struct trusted_key_options *options, - u8 **buf) -{ - int ret; - struct tpm2_key_context ctx; - u8 *blob; - - memset(&ctx, 0, sizeof(ctx)); - - ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, payload->blob, - payload->blob_len); - if (ret < 0) - return ret; - - if (ctx.priv_len + ctx.pub_len > MAX_BLOB_SIZE) - return -EINVAL; - - blob = kmalloc(ctx.priv_len + ctx.pub_len + 4, GFP_KERNEL); - if (!blob) - return -ENOMEM; - - *buf = blob; - options->keyhandle = ctx.parent; - - memcpy(blob, ctx.priv, ctx.priv_len); - blob += ctx.priv_len; - - memcpy(blob, ctx.pub, ctx.pub_len); - - return 0; -} - -int tpm2_key_parent(void *context, size_t hdrlen, - unsigned char tag, - const void *value, size_t vlen) -{ - struct tpm2_key_context *ctx = context; - const u8 *v = value; - int i; - - ctx->parent = 0; - for (i = 0; i < vlen; i++) { - ctx->parent <<= 8; - ctx->parent |= v[i]; - } - - return 0; -} - -int tpm2_key_type(void *context, size_t hdrlen, - unsigned char tag, - const void *value, size_t vlen) -{ - enum OID oid = look_up_OID(value, vlen); - - if (oid != OID_TPMSealedData) { - char buffer[50]; - - sprint_oid(value, vlen, buffer, sizeof(buffer)); - pr_debug("OID is \"%s\" which is not TPMSealedData\n", - buffer); - return -EINVAL; - } - - return 0; -} - -int tpm2_key_pub(void *context, size_t hdrlen, - unsigned char tag, - const void *value, size_t vlen) -{ - struct tpm2_key_context *ctx = context; - - ctx->pub = value; - ctx->pub_len = vlen; - - return 0; -} - -int tpm2_key_priv(void *context, size_t hdrlen, - unsigned char tag, - const void *value, size_t vlen) -{ - struct tpm2_key_context *ctx = context; - - ctx->priv = value; - ctx->priv_len = vlen; - - return 0; -} - /** * tpm2_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. * @@ -338,7 +174,8 @@ int tpm2_seal_trusted(struct tpm_chip *chip, goto out; } - blob_len = tpm2_key_encode(payload, options, &buf.data[offset], blob_len); + blob_len = tpm2_key_encode(payload->blob, options->blobauth_len, + options->keyhandle, &buf.data[offset]); out: tpm_buf_destroy(&sized); @@ -378,20 +215,32 @@ static int tpm2_load_cmd(struct tpm_chip *chip, struct trusted_key_options *options, u32 *blob_handle) { - struct tpm_buf buf; unsigned int private_len; unsigned int public_len; unsigned int blob_len; + struct tpm2_key key; + struct tpm_buf buf; u8 *blob, *pub; int rc; u32 attrs; - rc = tpm2_key_decode(payload, options, &blob); + rc = tpm2_key_decode(payload->blob, payload->blob_len, &key, + MAX_BLOB_SIZE); if (rc) { - /* old form */ + /* legacy format: */ blob = payload->blob; payload->old_format = 1; + } else { + blob = kmalloc(key.priv_len + key.pub_len + 4, GFP_KERNEL); + if (blob) { + options->keyhandle = key.parent; + memcpy(blob, key.priv, key.priv_len); + memcpy(&blob[key.priv_len], key.pub, key.pub_len); + } } + tpm2_key_destroy(&key); + if (!blob) + return -ENOMEM; /* new format carries keyhandle but old format doesn't */ if (!options->keyhandle) From patchwork Sat May 18 21:36:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13667715 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C19606CDA3; Sat, 18 May 2024 21:37:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068266; cv=none; b=LwJCdOlNDWAljq8X8txpcKouK7DPOFsZyzEvTniotGxm4S/hFeh3DOm10nBrMYf9WrnQoYRvMUjpROkTTg9Yy2UgHf7KUKX/OpX/b/aQOdfbcyOqpGe4awZV19I+HeWoldgf/Ufs6y/jg2vJPP9kYoGiXweAxRxUxlDzPkI0eFE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716068266; c=relaxed/simple; bh=R2SZeE+P5GdD5yWwmn4/xrJZ3ND6iUZHLjBTx0bcb6g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZycYMy3OsVwy1BNXoh6i3BPu+pmOjWho1eS+3MDZp/6sDL9m0kiXkxciehZ8OupSmHiXXKWfsN5aoAsysewiVnwtO3jCuDaIEafwKzL9BSBXGS5tyqs86ZBn3Xe5/YMndmMCjfbBGRtWi2kSYw1UuBaHMCXaquIiCsD9ghl5hHc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OtIFinNO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OtIFinNO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D42AC113CC; Sat, 18 May 2024 21:37:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716068266; bh=R2SZeE+P5GdD5yWwmn4/xrJZ3ND6iUZHLjBTx0bcb6g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OtIFinNOX0kCH+VULG9GRBPKgigsAsbX8OhqUdD6kFj+HtAxWi7c1Fg43+LpZuY7h BZJNyzgUweifFVBmXtcUsRPUfSFix7dDa5EkmIJ0/jD4+44m8PAwkYc66HYK1Laecr 2r52U2OEFnmwJapxTqUVVj5Im6gFOqGXaLg0BQc+EOinOUIspQHgz2Ff22dx+7vFNu StsmUIlj2ksuR+FY3csvZtD9abCQV1YB/BJvtBrhh2OaAg5OJkLq0p+emwgiZ5GW5W jHbfIftJEh/Xk1WpWxpoUJijMMXroj/JkCNrRgkZ++WpXvgnCCsFV2TZB+m2R2yrAB WKuTnpIkmLokA== From: Jarkko Sakkinen To: Herbert Xu Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, Andreas.Fuchs@infineon.com, James Prestwood , David Woodhouse , Jarkko Sakkinen , David Howells , "David S. Miller" , Peter Huewe , Jason Gunthorpe , James Bottomley , Stefan Berger , Ard Biesheuvel , Mario Limonciello , linux-crypto@vger.kernel.org (open list:CRYPTO API), linux-kernel@vger.kernel.org (open list) Subject: [PATCH RFC 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE Date: Sun, 19 May 2024 00:36:25 +0300 Message-ID: <20240518213700.5960-6-jarkko@kernel.org> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240518213700.5960-1-jarkko@kernel.org> References: <20240518213700.5960-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: James Prestwood Based on earlier work by James Prestwood. Add ASN.1 compatible asymmetric TPM2 RSA key subtype: 1. Signing and decryption (with the private key) is handled by TPM2_RSA_Decrypt. 2. Encryption (with the public key) is handled by the kernel RSA implementation. Link: https://lore.kernel.org/all/20200518172704.29608-1-prestwoj@gmail.com/ Signed-off-by: James Prestwood Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- crypto/asymmetric_keys/Kconfig | 12 + crypto/asymmetric_keys/Makefile | 1 + crypto/asymmetric_keys/tpm2_key_rsa.c | 648 ++++++++++++++++++++++++++ drivers/char/tpm/tpm2_key.c | 11 + include/crypto/tpm2_key.h | 3 + include/linux/tpm.h | 1 + 6 files changed, 676 insertions(+) create mode 100644 crypto/asymmetric_keys/tpm2_key_rsa.c diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index e1345b8f39f1..0ccbc0e80aa2 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig @@ -23,6 +23,18 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE appropriate hash algorithms (such as SHA-1) must be available. ENOPKG will be reported if the requisite algorithm is unavailable. +config ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE + tristate "Asymmetric TPM2 RSA crypto algorithm subtype" + depends on TCG_TPM && TCG_TPM2_HAMC + select CRYPTO_RSA + select CRYPTO_SHA256 + select CRYPTO_HASH_INFO + help + This option provides support for asymmetric TPM2 key type handling. + If signature generation and/or verification are to be used, + appropriate hash algorithms (such as SHA-256) must be available. + ENOPKG will be reported if the requisite algorithm is unavailable. + config X509_CERTIFICATE_PARSER tristate "X.509 certificate parser" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index bc65d3b98dcb..f9730b39f008 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -11,6 +11,7 @@ asymmetric_keys-y := \ signature.o obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_ASYMMETRIC_TPM2_KEY_SUBTYPE) += tpm2_key_rsa.o # # X.509 Certificate handling diff --git a/crypto/asymmetric_keys/tpm2_key_rsa.c b/crypto/asymmetric_keys/tpm2_key_rsa.c new file mode 100644 index 000000000000..8f245dd1b8b0 --- /dev/null +++ b/crypto/asymmetric_keys/tpm2_key_rsa.c @@ -0,0 +1,648 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* TPM2 asymmetric public-key crypto subtype + * + * See Documentation/crypto/asymmetric-keys.rst + * + * Copyright (c) 2020 Intel Corporation + */ + +#define pr_fmt(fmt) "tpm2_key: "fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* Room to fit two u32 zeros for algo id and parameters length. */ +#define SETKEY_PARAMS_SIZE (sizeof(u32) * 2) + +/* + * Maximum buffer size for the BER/DER encoded public key. The public key + * is of the form SEQUENCE { INTEGER n, INTEGER e } where n is a maximum 2048 + * bit key and e is usually 65537 + * The encoding overhead is: + * - max 4 bytes for SEQUENCE + * - max 4 bytes for INTEGER n type/length + * - 257 bytes of n + * - max 2 bytes for INTEGER e type/length + * - 3 bytes of e + * - 4+4 of zeros for set_pub_key parameters (SETKEY_PARAMS_SIZE) + */ +#define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3 + SETKEY_PARAMS_SIZE) + +static int tpm2_rsa_decrypt(struct tpm_chip *chip, u32 parent, + const unsigned char *keyblob, size_t bloblen, + const void *data, size_t len, void *out) +{ + unsigned int private_len; + unsigned int public_len; + unsigned int parsed_len; + unsigned int offset = 0; + u32 blob_handle = 0; + u32 key_handle = 0; + struct tpm_buf buf; + u16 decrypted_len; + u8 *pos; + int ret; + + private_len = be16_to_cpup((__be16 *)&keyblob[0]); + if (private_len > (bloblen - 2)) + return -EINVAL; + + public_len = be16_to_cpup((__be16 *)&keyblob[2 + private_len]); + parsed_len = private_len + public_len + 4; + if (parsed_len > bloblen) + return -EINVAL; + + chip = tpm_find_get_ops(chip); + if (!chip) + return -ENODEV; + + ret = tpm2_start_auth_session(chip); + if (ret) + goto err_ops; + + if (parent == TPM2_RH_NULL) { + ret = tpm2_load_context(chip, chip->null_key_context, &offset, + &key_handle); + if (ret) { + ret = -EIO; + goto err_auth; + } + } else { + key_handle = parent; + } + + ret = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); + if (ret < 0) + goto err_key; + + tpm_buf_append_name(chip, &buf, key_handle, NULL); + tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_CONTINUE_SESSION | + TPM2_SA_ENCRYPT, NULL, 0); + tpm_buf_append(&buf, keyblob, bloblen); + + if (buf.flags & TPM_BUF_OVERFLOW) { + ret = -E2BIG; + goto err_buf; + } + + tpm_buf_fill_hmac_session(chip, &buf); + ret = tpm_transmit_cmd(chip, &buf, 4, "loading blob"); + ret = tpm_buf_check_hmac_response(chip, &buf, ret); + if (ret) { + ret = -EIO; + goto err_buf; + } + + blob_handle = be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE]); + + tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_RSA_DECRYPT); + + tpm_buf_append_name(chip, &buf, blob_handle, NULL); + tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT, NULL, 0); + + tpm_buf_append_u16(&buf, len); + tpm_buf_append(&buf, data, len); + tpm_buf_append_u16(&buf, TPM_ALG_NULL); + tpm_buf_append_u16(&buf, 0); + + tpm_buf_fill_hmac_session(chip, &buf); + ret = tpm_transmit_cmd(chip, &buf, 4, "decrypting RSA"); + ret = tpm_buf_check_hmac_response(chip, &buf, ret); + if (ret) { + ret = -EIO; + goto err_blob; + } + + pos = buf.data + TPM_HEADER_SIZE + 4; + decrypted_len = be16_to_cpup((__be16 *)pos); + pos += 2; + + memcpy(out, pos, decrypted_len); + ret = decrypted_len; + +err_blob: + tpm2_flush_context(chip, blob_handle); + +err_buf: + tpm_buf_destroy(&buf); + +err_key: + tpm2_flush_context(chip, key_handle); + +err_auth: + if (ret < 0) + tpm2_end_auth_session(chip); + +err_ops: + tpm_put_ops(chip); + return ret; +} + +/* + * PKCS1 padding (type 1) + */ +static int __maybe_unused tpm2_pad_pkcs1(const u8 *m, unsigned int mlen, + u8 *em, unsigned int em_len) +{ + unsigned int ps_len = em_len - mlen - 3; + + if (mlen > em_len - 11) + return -EBADMSG; + + em[0] = 0; + em[1] = 1; + + memset(em + 2, 0xff, ps_len); + + em[2 + ps_len] = 0; + memcpy(em + 2 + ps_len + 1, m, mlen); + + return 0; +} + +/* + * RFC 3447 - Section 7.2.2 + */ +static const u8 *tpm2_unpad_pkcs1(const u8 *data, unsigned int len, + unsigned int *out_len) +{ + unsigned int i; + + /* + * Size of input data should be checked against public key size by + * caller. + */ + if (data[0] != 0 || data[1] != 2) + return NULL; + + i = 2; + + while (data[i] != 0 && i < len) + i++; + + if (i == len) + return NULL; + + *out_len = len - i - 1; + + return data + i + 1; +} + +/* + * Outputs the cipher algorithm name on success, and retuns -ENOPKG + * on failure. + */ +static int tpm2_key_get_akcipher(const char *encoding, const char *hash_algo, + char *cipher) +{ + ssize_t ret; + + if (strcmp(encoding, "pkcs1") == 0) { + if (!hash_algo) { + strscpy(cipher, "pkcs1pad(rsa)"); + return 0; + } + + ret = snprintf(cipher, CRYPTO_MAX_ALG_NAME, + "pkcs1pad(rsa,%s)", + hash_algo); + if (ret >= CRYPTO_MAX_ALG_NAME) + return -ENOPKG; + + return 0; + } + + if (strcmp(encoding, "raw") == 0) { + strscpy(cipher, "rsa"); + return 0; + } + + return -ENOPKG; +} + +static inline u8 *tpm2_key_append_tag(u8 *buf, u8 tag, u32 len) +{ + *buf++ = tag; + + if (len <= 127) { + buf[0] = len; + return buf + 1; + } + + if (len <= 255) { + buf[0] = 0x81; + buf[1] = len; + return buf + 2; + } + + buf[0] = 0x82; + put_unaligned_be16(len, buf + 1); + return buf + 3; +} + +static inline u32 tpm2_key_definite_length(u32 len) +{ + if (len <= 127) + return 1; + if (len <= 255) + return 2; + return 3; +} + +static u32 tpm2_key_to_der(const void *pub_key, u32 len, u8 *buf) +{ + u8 *cur = buf; + u32 n_len = tpm2_key_definite_length(len) + 1 + len + 1; + u32 e_len = tpm2_key_definite_length(3) + 1 + 3; + u8 e[3] = { 0x01, 0x00, 0x01 }; + + /* SEQUENCE */ + cur = tpm2_key_append_tag(cur, 0x30, n_len + e_len); + /* INTEGER n */ + cur = tpm2_key_append_tag(cur, 0x02, len + 1); + cur[0] = 0x00; + memcpy(cur + 1, pub_key, len); + cur += len + 1; + cur = tpm2_key_append_tag(cur, 0x02, sizeof(e)); + memcpy(cur, e, sizeof(e)); + cur += sizeof(e); + /* Zero parameters to satisfy set_pub_key ABI. */ + memset(cur, 0, SETKEY_PARAMS_SIZE); + + return cur - buf; +} + +/* + * Encryption operation is performed with the public key. Hence it is done + * in software + */ +static int tpm2_key_rsa_encrypt(struct tpm2_key *key, + struct kernel_pkey_params *params, + const void *in, void *out) +{ + char cipher[CRYPTO_MAX_ALG_NAME]; + struct scatterlist in_sg, out_sg; + u8 der_pub_key[PUB_KEY_BUF_SIZE]; + struct akcipher_request *req; + struct crypto_akcipher *tfm; + struct crypto_wait cwait; + u32 der_pub_key_len; + int rc; + + rc = tpm2_key_get_akcipher(params->encoding, params->hash_algo, cipher); + if (rc < 0) + return rc; + + tfm = crypto_alloc_akcipher(cipher, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + der_pub_key_len = tpm2_key_to_der(key->pub, key->pub_len, der_pub_key); + + rc = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len); + if (rc < 0) + goto err_tfm; + + req = akcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) { + rc = -ENOMEM; + goto err_tfm; + } + + sg_init_one(&in_sg, in, params->in_len); + sg_init_one(&out_sg, out, params->out_len); + akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len, + params->out_len); + + crypto_init_wait(&cwait); + akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | + CRYPTO_TFM_REQ_MAY_SLEEP, + crypto_req_done, &cwait); + + rc = crypto_akcipher_encrypt(req); + rc = crypto_wait_req(rc, &cwait); + + if (!rc) + rc = req->dst_len; + + akcipher_request_free(req); + +err_tfm: + crypto_free_akcipher(tfm); + + return rc; +} + +/* + * Decryption operation is performed with the private key in the TPM. + */ +static int tpm2_key_rsa_decrypt(struct tpm_chip *chip, struct tpm2_key *key, + size_t in_len, const void *in, void *out) +{ + unsigned int unpadded_len; + const u8 *unpadded; + u8 *decrypted; + int rc; + + decrypted = kmalloc(key->pub_len, GFP_KERNEL); + + rc = tpm2_rsa_decrypt(chip, key->parent, key->blob, key->blob_len, in, + in_len, decrypted); + if (rc < 0) + return rc; + + unpadded = tpm2_unpad_pkcs1(decrypted, rc, &unpadded_len); + if (!unpadded) + return -EINVAL; + + memcpy(out, unpadded, unpadded_len); + return unpadded_len; +} + +/* + * Sign operation is an encryption using the TPM's private key. With RSA the + * only difference between encryption and decryption is where the padding goes. + * Since own padding can be used, TPM2_RSA_Decrypt can be repurposed to do + * encryption. + */ +static int tpm2_key_rsa_sign(struct tpm_chip *chip, struct tpm2_key *key, + struct kernel_pkey_params *params, + const void *in, void *out) +{ + const struct rsa_asn1_template *asn1; + u32 in_len = params->in_len; + void *asn1_wrapped = NULL; + u8 *padded; + int rc; + + if (strcmp(params->encoding, "pkcs1")) { + rc = -ENOPKG; + goto done; + } + + if (params->hash_algo) { + asn1 = rsa_lookup_asn1(params->hash_algo); + if (!asn1) { + rc = -ENOPKG; + goto done; + } + + /* Request enough space for the ASN.1 template + input hash */ + asn1_wrapped = kzalloc(in_len + asn1->size, GFP_KERNEL); + if (!asn1_wrapped) { + rc = -ENOMEM; + goto done; + } + + /* Copy ASN.1 template, then the input */ + memcpy(asn1_wrapped, asn1->data, asn1->size); + memcpy(asn1_wrapped + asn1->size, in, in_len); + + in = asn1_wrapped; + in_len += asn1->size; + } + + /* + * Using the TPM's decrypt call to sign (aka encrypt). This + * requires pre-padding the data with PKCS1. + */ + padded = kmalloc(key->pub_len, GFP_KERNEL); + tpm2_pad_pkcs1(in, in_len, padded, key->pub_len); + + rc = tpm2_rsa_decrypt(chip, key->parent, key->blob, key->blob_len, + padded, key->pub_len, out); + + kfree(padded); +done: + kfree(asn1_wrapped); + return rc; +} + +static void tpm2_key_rsa_describe(const struct key *asymmetric_key, + struct seq_file *m) +{ + struct tpm2_key *key = asymmetric_key->payload.data[asym_crypto]; + + if (!key) { + pr_err("key is empty"); + return; + } + + seq_puts(m, "TPM2/RSA"); +} + +static void tpm2_key_rsa_destroy(void *payload0, void *payload3) +{ + struct tpm2_key *key = payload0; + + if (!key) + return; + + tpm2_key_destroy(key); +} + +static int tpm2_key_rsa_eds_op(struct kernel_pkey_params *params, + const void *in, void *out) +{ + struct tpm2_key *tk = params->key->payload.data[asym_crypto]; + struct tpm_chip *chip = tpm_default_chip(); + int rc = -EOPNOTSUPP; + + if (!chip) + return -ENODEV; + + switch (params->op) { + case kernel_pkey_encrypt: + rc = tpm2_key_encrypt(tk, params, in, out); + break; + case kernel_pkey_decrypt: + rc = tpm2_key_decrypt(tk, chip, params, in, out); + break; + case kernel_pkey_sign: + rc = tpm2_key_sign(tk, chip, params, in, out); + break; + default: + return -EINVAL; + } + + return rc; +} + +static int tpm2_key_rsa_verify(const struct key *key, + const struct public_key_signature *sig) +{ + const struct tpm2_key *tk = key->payload.data[asym_crypto]; + char alg_name[CRYPTO_MAX_ALG_NAME]; + u8 der_pub_key[PUB_KEY_BUF_SIZE]; + struct akcipher_request *req; + struct scatterlist src_sg[2]; + struct crypto_akcipher *tfm; + struct crypto_wait cwait; + u32 der_pub_key_len; + int rc; + + if (WARN_ON(!tk || !sig || !sig->s)) + return -EINVAL; + + if (!sig->digest) + return -ENOPKG; + + rc = determine_akcipher(sig->encoding, sig->hash_algo, alg_name); + if (rc < 0) + return rc; + + tfm = crypto_alloc_akcipher(alg_name, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + der_pub_key_len = derive_pub_key(tk->pub, tk->pub_len, + der_pub_key); + + rc = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len); + if (rc < 0) + goto err_tfm; + + rc = -ENOMEM; + req = akcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) + goto err_tfm; + + sg_init_table(src_sg, 2); + sg_set_buf(&src_sg[0], sig->s, sig->s_size); + sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); + akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size, + sig->digest_size); + crypto_init_wait(&cwait); + akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | + CRYPTO_TFM_REQ_MAY_SLEEP, + crypto_req_done, &cwait); + rc = crypto_wait_req(crypto_akcipher_verify(req), &cwait); + + akcipher_request_free(req); +err_tfm: + crypto_free_akcipher(tfm); + pr_devel("<=%s() = %d\n", __func__, rc); + if (WARN_ON_ONCE(rc > 0)) + rc = -EINVAL; + return rc; +} + +static int tpm2_key_query(const struct kernel_pkey_params *params, + struct kernel_pkey_query *info) +{ + struct tpm2_key *tk = params->key->payload.data[asym_crypto]; + char alg_name[CRYPTO_MAX_ALG_NAME]; + u8 der_pub_key[PUB_KEY_BUF_SIZE]; + struct crypto_akcipher *tfm; + u32 der_pub_key_len = 0; + unsigned int len; + int ret; + + ret = determine_akcipher(params->encoding, params->hash_algo, alg_name); + if (ret < 0) + return ret; + + tfm = crypto_alloc_akcipher(alg_name, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + der_pub_key_len = derive_pub_key(tk->pub, tk->pub_len, + der_pub_key); + + ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len); + if (ret < 0) + goto err_tfm; + + len = crypto_akcipher_maxsize(tfm); + + info->key_size = tk->pub_len * 8; + info->max_data_size = tk->pub_len; + info->max_sig_size = len; + info->max_enc_size = len; + info->max_dec_size = tk->pub_len; + + info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT | + KEYCTL_SUPPORTS_DECRYPT | + KEYCTL_SUPPORTS_VERIFY | + KEYCTL_SUPPORTS_SIGN; + +err_tfm: + crypto_free_akcipher(tfm); + return ret; +} + +/* + * Asymmetric TPM2 RSA key. Signs and decrypts with TPM. + */ +struct asymmetric_key_subtype tpm2_key_rsa_subtype = { + .owner = THIS_MODULE, + .name = "tpm2_key_rsa", + .name_len = sizeof("tpm2_key_rsa") - 1, + .describe = tpm2_key_rsa_describe, + .destroy = tpm2_key_rsa_destroy, + .query = tpm2_key_rsa_query, + .eds_op = tpm2_key_rsa_eds_op, + .verify_signature = tpm2_key_rsa_verify, +}; +EXPORT_SYMBOL_GPL(tpm2_key_rsa_subtype); + +/* + * Attempt to parse a data blob for a key as a TPM private key blob. + */ +static int tpm2_key_preparse(struct key_preparsed_payload *prep) +{ + struct tpm2_key key; + int ret; + + memset(&key, 0, sizeof(key)); + + /* + * TPM 2.0 RSA keys are recommended to be 2048 bits long. Assume the + * blob is no more than 4x that. + */ + if (prep->datalen > 256 * 4) + return -EMSGSIZE; + + ret = tpm2_key_decode(prep->data, prep->data_len, &key, MAX_BLOB_SIZE); + if (ret) + return ret; + + prep->payload.data[asym_subtype] = &tpm2_key_rsa_subtype; + prep->payload.data[asym_key_ids] = NULL; + prep->payload.data[asym_crypto] = tk; + prep->payload.data[asym_auth] = NULL; + prep->quotalen = 100; + + return 0; +} + +static struct asymmetric_key_parser tpm2_key_rsa_parser = { + .owner = THIS_MODULE, + .name = "tpm2_key_rsa_parser", + .parse = tpm2_key_preparse, +}; + +static int __init tpm2_key_rsa_init(void) +{ + return register_asymmetric_key_parser(&tpm2_key_parser); +} + +static void __exit tpm2_key_rsa_exit(void) +{ + unregister_asymmetric_key_parser(&tpm2_key_parser); +} + +module_init(tpm2_key_rsa_init); +module_exit(tpm2_key_rsa_exit); + +MODULE_DESCRIPTION("Asymmetric TPM2 RSA key"); +MODULE_LICENSE("GPL"); diff --git a/drivers/char/tpm/tpm2_key.c b/drivers/char/tpm/tpm2_key.c index e09441efb0f0..0d125b53de0e 100644 --- a/drivers/char/tpm/tpm2_key.c +++ b/drivers/char/tpm/tpm2_key.c @@ -175,6 +175,17 @@ int tpm2_key_decode(const u8 *src, u32 src_len, struct tpm2_key *key, return -ENOMEM; } + ctx.blob_len = ctx.priv_len + ctx.pub_len; + ctx.blob = kmalloc(ctx.priv_len + ctx.pub_len, GFP_KERNEL); + if (!ctx.blob) { + kfree(ctx.pub); + kfree(ctx.priv); + return -ENOMEM; + } + + memcpy((void *)ctx.blob, ctx.priv, ctx.priv_len); + memcpy((void *)ctx.blob + ctx.priv_len, ctx.pub, ctx.pub_len); + memcpy(key, &ctx, sizeof(ctx)); return 0; } diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h index e5d3330afef5..7b5c5ec6bed5 100644 --- a/include/crypto/tpm2_key.h +++ b/include/crypto/tpm2_key.h @@ -13,6 +13,8 @@ struct tpm2_key { u32 pub_len; const u8 *priv; u32 priv_len; + const u8 *blob; + u32 blob_len; }; int tpm2_key_encode(u8 *blob, u32 blob_auth_len, u32 key_handle, u8 *src); @@ -27,6 +29,7 @@ static inline void tpm2_key_destroy(struct tpm2_key *key) { kfree(key->priv); kfree(key->pub); + kfree(key->blob); memset(key, 0, sizeof(*key)); } diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 2f25ca07127b..238814ee5c6f 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -271,6 +271,7 @@ enum tpm2_command_codes { TPM2_CC_NV_READ = 0x014E, TPM2_CC_CREATE = 0x0153, TPM2_CC_LOAD = 0x0157, + TPM2_CC_RSA_DECRYPT = 0x0159, TPM2_CC_SEQUENCE_UPDATE = 0x015C, TPM2_CC_UNSEAL = 0x015E, TPM2_CC_CONTEXT_LOAD = 0x0161,