summaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/gc.c8
-rw-r--r--security/keys/key.c42
-rw-r--r--security/keys/keyctl.c13
-rw-r--r--security/keys/sysctl.c1
-rw-r--r--security/keys/trusted-keys/Kconfig18
-rw-r--r--security/keys/trusted-keys/Makefile2
-rw-r--r--security/keys/trusted-keys/trusted_core.c6
-rw-r--r--security/keys/trusted-keys/trusted_dcp.c332
-rw-r--r--security/keys/trusted-keys/trusted_tpm1.c23
-rw-r--r--security/keys/trusted-keys/trusted_tpm2.c136
10 files changed, 494 insertions, 87 deletions
diff --git a/security/keys/gc.c b/security/keys/gc.c
index eaddaceda1..7d687b0962 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -155,14 +155,6 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
security_key_free(key);
- /* deal with the user's key tracking and quota */
- if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
- spin_lock(&key->user->lock);
- key->user->qnkeys--;
- key->user->qnbytes -= key->quotalen;
- spin_unlock(&key->user->lock);
- }
-
atomic_dec(&key->user->nkeys);
if (state != KEY_IS_UNINSTANTIATED)
atomic_dec(&key->user->nikeys);
diff --git a/security/keys/key.c b/security/keys/key.c
index 74dfd961af..3d7d185019 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -13,7 +13,6 @@
#include <linux/security.h>
#include <linux/workqueue.h>
#include <linux/random.h>
-#include <linux/ima.h>
#include <linux/err.h>
#include "internal.h"
@@ -231,6 +230,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
struct key *key;
size_t desclen, quotalen;
int ret;
+ unsigned long irqflags;
key = ERR_PTR(-EINVAL);
if (!desc || !*desc)
@@ -260,7 +260,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
key_quota_root_maxbytes : key_quota_maxbytes;
- spin_lock(&user->lock);
+ spin_lock_irqsave(&user->lock, irqflags);
if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
if (user->qnkeys + 1 > maxkeys ||
user->qnbytes + quotalen > maxbytes ||
@@ -270,7 +270,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
user->qnkeys++;
user->qnbytes += quotalen;
- spin_unlock(&user->lock);
+ spin_unlock_irqrestore(&user->lock, irqflags);
}
/* allocate and initialise the key and its description */
@@ -328,10 +328,10 @@ security_error:
kfree(key->description);
kmem_cache_free(key_jar, key);
if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
- spin_lock(&user->lock);
+ spin_lock_irqsave(&user->lock, irqflags);
user->qnkeys--;
user->qnbytes -= quotalen;
- spin_unlock(&user->lock);
+ spin_unlock_irqrestore(&user->lock, irqflags);
}
key_user_put(user);
key = ERR_PTR(ret);
@@ -341,10 +341,10 @@ no_memory_3:
kmem_cache_free(key_jar, key);
no_memory_2:
if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
- spin_lock(&user->lock);
+ spin_lock_irqsave(&user->lock, irqflags);
user->qnkeys--;
user->qnbytes -= quotalen;
- spin_unlock(&user->lock);
+ spin_unlock_irqrestore(&user->lock, irqflags);
}
key_user_put(user);
no_memory_1:
@@ -352,7 +352,7 @@ no_memory_1:
goto error;
no_quota:
- spin_unlock(&user->lock);
+ spin_unlock_irqrestore(&user->lock, irqflags);
key_user_put(user);
key = ERR_PTR(-EDQUOT);
goto error;
@@ -381,8 +381,9 @@ int key_payload_reserve(struct key *key, size_t datalen)
if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
unsigned maxbytes = uid_eq(key->user->uid, GLOBAL_ROOT_UID) ?
key_quota_root_maxbytes : key_quota_maxbytes;
+ unsigned long flags;
- spin_lock(&key->user->lock);
+ spin_lock_irqsave(&key->user->lock, flags);
if (delta > 0 &&
(key->user->qnbytes + delta > maxbytes ||
@@ -393,7 +394,7 @@ int key_payload_reserve(struct key *key, size_t datalen)
key->user->qnbytes += delta;
key->quotalen += delta;
}
- spin_unlock(&key->user->lock);
+ spin_unlock_irqrestore(&key->user->lock, flags);
}
/* change the recorded data length if that didn't generate an error */
@@ -647,8 +648,18 @@ void key_put(struct key *key)
if (key) {
key_check(key);
- if (refcount_dec_and_test(&key->usage))
+ if (refcount_dec_and_test(&key->usage)) {
+ unsigned long flags;
+
+ /* deal with the user's key tracking and quota */
+ if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
+ spin_lock_irqsave(&key->user->lock, flags);
+ key->user->qnkeys--;
+ key->user->qnbytes -= key->quotalen;
+ spin_unlock_irqrestore(&key->user->lock, flags);
+ }
schedule_work(&key_gc_work);
+ }
}
}
EXPORT_SYMBOL(key_put);
@@ -931,8 +942,8 @@ static key_ref_t __key_create_or_update(key_ref_t keyring_ref,
goto error_link_end;
}
- ima_post_key_create_or_update(keyring, key, payload, plen,
- flags, true);
+ security_key_post_create_or_update(keyring, key, payload, plen, flags,
+ true);
key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
@@ -965,9 +976,8 @@ error:
key_ref = __key_update(key_ref, &prep);
if (!IS_ERR(key_ref))
- ima_post_key_create_or_update(keyring, key,
- payload, plen,
- flags, false);
+ security_key_post_create_or_update(keyring, key, payload, plen,
+ flags, false);
goto error_free_prep;
}
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 10ba439968..ab927a142f 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -954,6 +954,7 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
long ret;
kuid_t uid;
kgid_t gid;
+ unsigned long flags;
uid = make_kuid(current_user_ns(), user);
gid = make_kgid(current_user_ns(), group);
@@ -1010,7 +1011,7 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
key_quota_root_maxbytes : key_quota_maxbytes;
- spin_lock(&newowner->lock);
+ spin_lock_irqsave(&newowner->lock, flags);
if (newowner->qnkeys + 1 > maxkeys ||
newowner->qnbytes + key->quotalen > maxbytes ||
newowner->qnbytes + key->quotalen <
@@ -1019,12 +1020,12 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
newowner->qnkeys++;
newowner->qnbytes += key->quotalen;
- spin_unlock(&newowner->lock);
+ spin_unlock_irqrestore(&newowner->lock, flags);
- spin_lock(&key->user->lock);
+ spin_lock_irqsave(&key->user->lock, flags);
key->user->qnkeys--;
key->user->qnbytes -= key->quotalen;
- spin_unlock(&key->user->lock);
+ spin_unlock_irqrestore(&key->user->lock, flags);
}
atomic_dec(&key->user->nkeys);
@@ -1056,7 +1057,7 @@ error:
return ret;
quota_overrun:
- spin_unlock(&newowner->lock);
+ spin_unlock_irqrestore(&newowner->lock, flags);
zapowner = newowner;
ret = -EDQUOT;
goto error_put;
@@ -1693,7 +1694,7 @@ long keyctl_session_to_parent(void)
goto unlock;
/* cancel an already pending keyring replacement */
- oldwork = task_work_cancel(parent, key_change_session_keyring);
+ oldwork = task_work_cancel_func(parent, key_change_session_keyring);
/* the replacement session keyring is applied just prior to userspace
* restarting */
diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c
index b348e1679d..91f000eef3 100644
--- a/security/keys/sysctl.c
+++ b/security/keys/sysctl.c
@@ -66,7 +66,6 @@ static struct ctl_table key_sysctls[] = {
.extra2 = (void *) SYSCTL_INT_MAX,
},
#endif
- { }
};
static int __init init_security_keys_sysctls(void)
diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig
index dbfdd85364..1fb8aa0019 100644
--- a/security/keys/trusted-keys/Kconfig
+++ b/security/keys/trusted-keys/Kconfig
@@ -1,3 +1,6 @@
+config HAVE_TRUSTED_KEYS
+ bool
+
config TRUSTED_KEYS_TPM
bool "TPM-based trusted keys"
depends on TCG_TPM >= TRUSTED_KEYS
@@ -9,6 +12,7 @@ config TRUSTED_KEYS_TPM
select ASN1_ENCODER
select OID_REGISTRY
select ASN1
+ select HAVE_TRUSTED_KEYS
help
Enable use of the Trusted Platform Module (TPM) as trusted key
backend. Trusted keys are random number symmetric keys,
@@ -20,6 +24,7 @@ config TRUSTED_KEYS_TEE
bool "TEE-based trusted keys"
depends on TEE >= TRUSTED_KEYS
default y
+ select HAVE_TRUSTED_KEYS
help
Enable use of the Trusted Execution Environment (TEE) as trusted
key backend.
@@ -29,10 +34,19 @@ config TRUSTED_KEYS_CAAM
depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
default y
+ select HAVE_TRUSTED_KEYS
help
Enable use of NXP's Cryptographic Accelerator and Assurance Module
(CAAM) as trusted key backend.
-if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM
-comment "No trust source selected!"
+config TRUSTED_KEYS_DCP
+ bool "DCP-based trusted keys"
+ depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
+ default y
+ select HAVE_TRUSTED_KEYS
+ help
+ Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.
+
+if !HAVE_TRUSTED_KEYS
+ comment "No trust source selected!"
endif
diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile
index 735aa0bc08..f0f3b27f68 100644
--- a/security/keys/trusted-keys/Makefile
+++ b/security/keys/trusted-keys/Makefile
@@ -14,3 +14,5 @@ trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
+
+trusted-$(CONFIG_TRUSTED_KEYS_DCP) += trusted_dcp.o
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index fee1ab2c73..5113aeae56 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -10,6 +10,7 @@
#include <keys/trusted-type.h>
#include <keys/trusted_tee.h>
#include <keys/trusted_caam.h>
+#include <keys/trusted_dcp.h>
#include <keys/trusted_tpm.h>
#include <linux/capability.h>
#include <linux/err.h>
@@ -30,7 +31,7 @@ MODULE_PARM_DESC(rng, "Select trusted key RNG");
static char *trusted_key_source;
module_param_named(source, trusted_key_source, charp, 0);
-MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or caam)");
+MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee, caam or dcp)");
static const struct trusted_key_source trusted_key_sources[] = {
#if defined(CONFIG_TRUSTED_KEYS_TPM)
@@ -42,6 +43,9 @@ static const struct trusted_key_source trusted_key_sources[] = {
#if defined(CONFIG_TRUSTED_KEYS_CAAM)
{ "caam", &trusted_key_caam_ops },
#endif
+#if defined(CONFIG_TRUSTED_KEYS_DCP)
+ { "dcp", &dcp_trusted_key_ops },
+#endif
};
DEFINE_STATIC_CALL_NULL(trusted_key_seal, *trusted_key_sources[0].ops->seal);
diff --git a/security/keys/trusted-keys/trusted_dcp.c b/security/keys/trusted-keys/trusted_dcp.c
new file mode 100644
index 0000000000..b5f81a05be
--- /dev/null
+++ b/security/keys/trusted-keys/trusted_dcp.c
@@ -0,0 +1,332 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2021 sigma star gmbh
+ */
+
+#include <crypto/aead.h>
+#include <crypto/aes.h>
+#include <crypto/algapi.h>
+#include <crypto/gcm.h>
+#include <crypto/skcipher.h>
+#include <keys/trusted-type.h>
+#include <linux/key-type.h>
+#include <linux/module.h>
+#include <linux/printk.h>
+#include <linux/random.h>
+#include <linux/scatterlist.h>
+#include <soc/fsl/dcp.h>
+
+#define DCP_BLOB_VERSION 1
+#define DCP_BLOB_AUTHLEN 16
+
+/**
+ * DOC: dcp blob format
+ *
+ * The Data Co-Processor (DCP) provides hardware-bound AES keys using its
+ * AES encryption engine only. It does not provide direct key sealing/unsealing.
+ * To make DCP hardware encryption keys usable as trust source, we define
+ * our own custom format that uses a hardware-bound key to secure the sealing
+ * key stored in the key blob.
+ *
+ * Whenever a new trusted key using DCP is generated, we generate a random 128-bit
+ * blob encryption key (BEK) and 128-bit nonce. The BEK and nonce are used to
+ * encrypt the trusted key payload using AES-128-GCM.
+ *
+ * The BEK itself is encrypted using the hardware-bound key using the DCP's AES
+ * encryption engine with AES-128-ECB. The encrypted BEK, generated nonce,
+ * BEK-encrypted payload and authentication tag make up the blob format together
+ * with a version number, payload length and authentication tag.
+ */
+
+/**
+ * struct dcp_blob_fmt - DCP BLOB format.
+ *
+ * @fmt_version: Format version, currently being %1.
+ * @blob_key: Random AES 128 key which is used to encrypt @payload,
+ * @blob_key itself is encrypted with OTP or UNIQUE device key in
+ * AES-128-ECB mode by DCP.
+ * @nonce: Random nonce used for @payload encryption.
+ * @payload_len: Length of the plain text @payload.
+ * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
+ * GCM auth tag of size DCP_BLOB_AUTHLEN is attached at the end of it.
+ *
+ * The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload_len +
+ * DCP_BLOB_AUTHLEN.
+ */
+struct dcp_blob_fmt {
+ __u8 fmt_version;
+ __u8 blob_key[AES_KEYSIZE_128];
+ __u8 nonce[AES_KEYSIZE_128];
+ __le32 payload_len;
+ __u8 payload[];
+} __packed;
+
+static bool use_otp_key;
+module_param_named(dcp_use_otp_key, use_otp_key, bool, 0);
+MODULE_PARM_DESC(dcp_use_otp_key, "Use OTP instead of UNIQUE key for sealing");
+
+static bool skip_zk_test;
+module_param_named(dcp_skip_zk_test, skip_zk_test, bool, 0);
+MODULE_PARM_DESC(dcp_skip_zk_test, "Don't test whether device keys are zero'ed");
+
+static unsigned int calc_blob_len(unsigned int payload_len)
+{
+ return sizeof(struct dcp_blob_fmt) + payload_len + DCP_BLOB_AUTHLEN;
+}
+
+static int do_dcp_crypto(u8 *in, u8 *out, bool do_encrypt)
+{
+ struct skcipher_request *req = NULL;
+ struct scatterlist src_sg, dst_sg;
+ struct crypto_skcipher *tfm;
+ u8 paes_key[DCP_PAES_KEYSIZE];
+ DECLARE_CRYPTO_WAIT(wait);
+ int res = 0;
+
+ if (use_otp_key)
+ paes_key[0] = DCP_PAES_KEY_OTP;
+ else
+ paes_key[0] = DCP_PAES_KEY_UNIQUE;
+
+ tfm = crypto_alloc_skcipher("ecb-paes-dcp", CRYPTO_ALG_INTERNAL,
+ CRYPTO_ALG_INTERNAL);
+ if (IS_ERR(tfm)) {
+ res = PTR_ERR(tfm);
+ tfm = NULL;
+ goto out;
+ }
+
+ req = skcipher_request_alloc(tfm, GFP_NOFS);
+ if (!req) {
+ res = -ENOMEM;
+ goto out;
+ }
+
+ skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
+ CRYPTO_TFM_REQ_MAY_SLEEP,
+ crypto_req_done, &wait);
+ res = crypto_skcipher_setkey(tfm, paes_key, sizeof(paes_key));
+ if (res < 0)
+ goto out;
+
+ sg_init_one(&src_sg, in, AES_KEYSIZE_128);
+ sg_init_one(&dst_sg, out, AES_KEYSIZE_128);
+ skcipher_request_set_crypt(req, &src_sg, &dst_sg, AES_KEYSIZE_128,
+ NULL);
+
+ if (do_encrypt)
+ res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
+ else
+ res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
+
+out:
+ skcipher_request_free(req);
+ crypto_free_skcipher(tfm);
+
+ return res;
+}
+
+static int do_aead_crypto(u8 *in, u8 *out, size_t len, u8 *key, u8 *nonce,
+ bool do_encrypt)
+{
+ struct aead_request *aead_req = NULL;
+ struct scatterlist src_sg, dst_sg;
+ struct crypto_aead *aead;
+ int ret;
+
+ aead = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(aead)) {
+ ret = PTR_ERR(aead);
+ goto out;
+ }
+
+ ret = crypto_aead_setauthsize(aead, DCP_BLOB_AUTHLEN);
+ if (ret < 0) {
+ pr_err("Can't set crypto auth tag len: %d\n", ret);
+ goto free_aead;
+ }
+
+ aead_req = aead_request_alloc(aead, GFP_KERNEL);
+ if (!aead_req) {
+ ret = -ENOMEM;
+ goto free_aead;
+ }
+
+ sg_init_one(&src_sg, in, len);
+ if (do_encrypt) {
+ /*
+ * If we encrypt our buffer has extra space for the auth tag.
+ */
+ sg_init_one(&dst_sg, out, len + DCP_BLOB_AUTHLEN);
+ } else {
+ sg_init_one(&dst_sg, out, len);
+ }
+
+ aead_request_set_crypt(aead_req, &src_sg, &dst_sg, len, nonce);
+ aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL,
+ NULL);
+ aead_request_set_ad(aead_req, 0);
+
+ if (crypto_aead_setkey(aead, key, AES_KEYSIZE_128)) {
+ pr_err("Can't set crypto AEAD key\n");
+ ret = -EINVAL;
+ goto free_req;
+ }
+
+ if (do_encrypt)
+ ret = crypto_aead_encrypt(aead_req);
+ else
+ ret = crypto_aead_decrypt(aead_req);
+
+free_req:
+ aead_request_free(aead_req);
+free_aead:
+ crypto_free_aead(aead);
+out:
+ return ret;
+}
+
+static int decrypt_blob_key(u8 *key)
+{
+ return do_dcp_crypto(key, key, false);
+}
+
+static int encrypt_blob_key(u8 *key)
+{
+ return do_dcp_crypto(key, key, true);
+}
+
+static int trusted_dcp_seal(struct trusted_key_payload *p, char *datablob)
+{
+ struct dcp_blob_fmt *b = (struct dcp_blob_fmt *)p->blob;
+ int blen, ret;
+
+ blen = calc_blob_len(p->key_len);
+ if (blen > MAX_BLOB_SIZE)
+ return -E2BIG;
+
+ b->fmt_version = DCP_BLOB_VERSION;
+ get_random_bytes(b->nonce, AES_KEYSIZE_128);
+ get_random_bytes(b->blob_key, AES_KEYSIZE_128);
+
+ ret = do_aead_crypto(p->key, b->payload, p->key_len, b->blob_key,
+ b->nonce, true);
+ if (ret) {
+ pr_err("Unable to encrypt blob payload: %i\n", ret);
+ return ret;
+ }
+
+ ret = encrypt_blob_key(b->blob_key);
+ if (ret) {
+ pr_err("Unable to encrypt blob key: %i\n", ret);
+ return ret;
+ }
+
+ b->payload_len = get_unaligned_le32(&p->key_len);
+ p->blob_len = blen;
+ return 0;
+}
+
+static int trusted_dcp_unseal(struct trusted_key_payload *p, char *datablob)
+{
+ struct dcp_blob_fmt *b = (struct dcp_blob_fmt *)p->blob;
+ int blen, ret;
+
+ if (b->fmt_version != DCP_BLOB_VERSION) {
+ pr_err("DCP blob has bad version: %i, expected %i\n",
+ b->fmt_version, DCP_BLOB_VERSION);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ p->key_len = le32_to_cpu(b->payload_len);
+ blen = calc_blob_len(p->key_len);
+ if (blen != p->blob_len) {
+ pr_err("DCP blob has bad length: %i != %i\n", blen,
+ p->blob_len);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ ret = decrypt_blob_key(b->blob_key);
+ if (ret) {
+ pr_err("Unable to decrypt blob key: %i\n", ret);
+ goto out;
+ }
+
+ ret = do_aead_crypto(b->payload, p->key, p->key_len + DCP_BLOB_AUTHLEN,
+ b->blob_key, b->nonce, false);
+ if (ret) {
+ pr_err("Unwrap of DCP payload failed: %i\n", ret);
+ goto out;
+ }
+
+ ret = 0;
+out:
+ return ret;
+}
+
+static int test_for_zero_key(void)
+{
+ /*
+ * Encrypting a plaintext of all 0x55 bytes will yield
+ * this ciphertext in case the DCP test key is used.
+ */
+ static const u8 bad[] = {0x9a, 0xda, 0xe0, 0x54, 0xf6, 0x3d, 0xfa, 0xff,
+ 0x5e, 0xa1, 0x8e, 0x45, 0xed, 0xf6, 0xea, 0x6f};
+ void *buf = NULL;
+ int ret = 0;
+
+ if (skip_zk_test)
+ goto out;
+
+ buf = kmalloc(AES_BLOCK_SIZE, GFP_KERNEL);
+ if (!buf) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ memset(buf, 0x55, AES_BLOCK_SIZE);
+
+ ret = do_dcp_crypto(buf, buf, true);
+ if (ret)
+ goto out;
+
+ if (memcmp(buf, bad, AES_BLOCK_SIZE) == 0) {
+ pr_warn("Device neither in secure nor trusted mode!\n");
+ ret = -EINVAL;
+ }
+out:
+ kfree(buf);
+ return ret;
+}
+
+static int trusted_dcp_init(void)
+{
+ int ret;
+
+ if (use_otp_key)
+ pr_info("Using DCP OTP key\n");
+
+ ret = test_for_zero_key();
+ if (ret) {
+ pr_warn("Test for zero'ed keys failed: %i\n", ret);
+
+ return -EINVAL;
+ }
+
+ return register_key_type(&key_type_trusted);
+}
+
+static void trusted_dcp_exit(void)
+{
+ unregister_key_type(&key_type_trusted);
+}
+
+struct trusted_key_ops dcp_trusted_key_ops = {
+ .exit = trusted_dcp_exit,
+ .init = trusted_dcp_init,
+ .seal = trusted_dcp_seal,
+ .unseal = trusted_dcp_unseal,
+ .migratable = 0,
+};
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index aa108bea67..89c9798d18 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -356,17 +356,28 @@ out:
*/
int trusted_tpm_send(unsigned char *cmd, size_t buflen)
{
+ struct tpm_buf buf;
int rc;
if (!chip)
return -ENODEV;
+ rc = tpm_try_get_ops(chip);
+ if (rc)
+ return rc;
+
+ buf.flags = 0;
+ buf.length = buflen;
+ buf.data = cmd;
dump_tpm_buf(cmd);
- rc = tpm_send(chip, cmd, buflen);
+ rc = tpm_transmit_cmd(chip, &buf, 4, "sending data");
dump_tpm_buf(cmd);
+
if (rc > 0)
- /* Can't return positive return codes values to keyctl */
+ /* TPM error */
rc = -EPERM;
+
+ tpm_put_ops(chip);
return rc;
}
EXPORT_SYMBOL_GPL(trusted_tpm_send);
@@ -407,7 +418,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
tpm_buf_append_u32(tb, handle);
tpm_buf_append(tb, ononce, TPM_NONCE_SIZE);
- ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+ ret = trusted_tpm_send(tb->data, tb->length);
if (ret < 0)
return ret;
@@ -431,7 +442,7 @@ int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
return -ENODEV;
tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_OIAP);
- ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+ ret = trusted_tpm_send(tb->data, tb->length);
if (ret < 0)
return ret;
@@ -543,7 +554,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
tpm_buf_append_u8(tb, cont);
tpm_buf_append(tb, td->pubauth, SHA1_DIGEST_SIZE);
- ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+ ret = trusted_tpm_send(tb->data, tb->length);
if (ret < 0)
goto out;
@@ -634,7 +645,7 @@ static int tpm_unseal(struct tpm_buf *tb,
tpm_buf_append_u8(tb, cont);
tpm_buf_append(tb, authdata2, SHA1_DIGEST_SIZE);
- ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+ ret = trusted_tpm_send(tb->data, tb->length);
if (ret < 0) {
pr_info("authhmac failed (%d)\n", ret);
return ret;
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index ea277c55a3..8b7dd73d94 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -241,8 +241,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload,
struct trusted_key_options *options)
{
+ off_t offset = TPM_HEADER_SIZE;
+ struct tpm_buf buf, sized;
int blob_len = 0;
- struct tpm_buf buf;
u32 hash;
u32 flags;
int i;
@@ -265,50 +266,58 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
if (rc)
return rc;
+ rc = tpm2_start_auth_session(chip);
+ if (rc)
+ goto out_put;
+
rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
if (rc) {
- tpm_put_ops(chip);
- return rc;
+ tpm2_end_auth_session(chip);
+ goto out_put;
}
- tpm_buf_append_u32(&buf, options->keyhandle);
- tpm2_buf_append_auth(&buf, TPM2_RS_PW,
- NULL /* nonce */, 0,
- 0 /* session_attributes */,
- options->keyauth /* hmac */,
- TPM_DIGEST_SIZE);
+ rc = tpm_buf_init_sized(&sized);
+ if (rc) {
+ tpm_buf_destroy(&buf);
+ tpm2_end_auth_session(chip);
+ goto out_put;
+ }
+
+ tpm_buf_append_name(chip, &buf, options->keyhandle, NULL);
+ tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT,
+ options->keyauth, TPM_DIGEST_SIZE);
/* sensitive */
- tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len);
+ tpm_buf_append_u16(&sized, options->blobauth_len);
- tpm_buf_append_u16(&buf, options->blobauth_len);
if (options->blobauth_len)
- tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
+ tpm_buf_append(&sized, options->blobauth, options->blobauth_len);
- tpm_buf_append_u16(&buf, payload->key_len);
- tpm_buf_append(&buf, payload->key, payload->key_len);
+ tpm_buf_append_u16(&sized, payload->key_len);
+ tpm_buf_append(&sized, payload->key, payload->key_len);
+ tpm_buf_append(&buf, sized.data, sized.length);
/* public */
- tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
- tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH);
- tpm_buf_append_u16(&buf, hash);
+ tpm_buf_reset_sized(&sized);
+ tpm_buf_append_u16(&sized, TPM_ALG_KEYEDHASH);
+ tpm_buf_append_u16(&sized, hash);
/* key properties */
flags = 0;
flags |= options->policydigest_len ? 0 : TPM2_OA_USER_WITH_AUTH;
- flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM |
- TPM2_OA_FIXED_PARENT);
- tpm_buf_append_u32(&buf, flags);
+ flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT);
+ tpm_buf_append_u32(&sized, flags);
/* policy */
- tpm_buf_append_u16(&buf, options->policydigest_len);
+ tpm_buf_append_u16(&sized, options->policydigest_len);
if (options->policydigest_len)
- tpm_buf_append(&buf, options->policydigest,
- options->policydigest_len);
+ tpm_buf_append(&sized, options->policydigest, options->policydigest_len);
/* public parameters */
- tpm_buf_append_u16(&buf, TPM_ALG_NULL);
- tpm_buf_append_u16(&buf, 0);
+ tpm_buf_append_u16(&sized, TPM_ALG_NULL);
+ tpm_buf_append_u16(&sized, 0);
+
+ tpm_buf_append(&buf, sized.data, sized.length);
/* outside info */
tpm_buf_append_u16(&buf, 0);
@@ -318,28 +327,30 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
if (buf.flags & TPM_BUF_OVERFLOW) {
rc = -E2BIG;
+ tpm2_end_auth_session(chip);
goto out;
}
+ tpm_buf_fill_hmac_session(chip, &buf);
rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data");
+ rc = tpm_buf_check_hmac_response(chip, &buf, rc);
if (rc)
goto out;
- blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
- if (blob_len > MAX_BLOB_SIZE) {
+ blob_len = tpm_buf_read_u32(&buf, &offset);
+ if (blob_len > MAX_BLOB_SIZE || buf.flags & TPM_BUF_BOUNDARY_ERROR) {
rc = -E2BIG;
goto out;
}
- if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) {
+ if (buf.length - offset < blob_len) {
rc = -EFAULT;
goto out;
}
- blob_len = tpm2_key_encode(payload, options,
- &buf.data[TPM_HEADER_SIZE + 4],
- blob_len);
+ blob_len = tpm2_key_encode(payload, options, &buf.data[offset], blob_len);
out:
+ tpm_buf_destroy(&sized);
tpm_buf_destroy(&buf);
if (rc > 0) {
@@ -353,6 +364,7 @@ out:
else
payload->blob_len = blob_len;
+out_put:
tpm_put_ops(chip);
return rc;
}
@@ -422,25 +434,31 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
if (blob_len > payload->blob_len)
return -E2BIG;
- rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
+ rc = tpm2_start_auth_session(chip);
if (rc)
return rc;
- tpm_buf_append_u32(&buf, options->keyhandle);
- tpm2_buf_append_auth(&buf, TPM2_RS_PW,
- NULL /* nonce */, 0,
- 0 /* session_attributes */,
- options->keyauth /* hmac */,
- TPM_DIGEST_SIZE);
+ rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
+ if (rc) {
+ tpm2_end_auth_session(chip);
+ return rc;
+ }
+
+ tpm_buf_append_name(chip, &buf, options->keyhandle, NULL);
+ tpm_buf_append_hmac_session(chip, &buf, 0, options->keyauth,
+ TPM_DIGEST_SIZE);
tpm_buf_append(&buf, blob, blob_len);
if (buf.flags & TPM_BUF_OVERFLOW) {
rc = -E2BIG;
+ tpm2_end_auth_session(chip);
goto out;
}
+ tpm_buf_fill_hmac_session(chip, &buf);
rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob");
+ rc = tpm_buf_check_hmac_response(chip, &buf, rc);
if (!rc)
*blob_handle = be32_to_cpup(
(__be32 *) &buf.data[TPM_HEADER_SIZE]);
@@ -478,20 +496,44 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
u8 *data;
int rc;
- rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
+ rc = tpm2_start_auth_session(chip);
if (rc)
return rc;
- tpm_buf_append_u32(&buf, blob_handle);
- tpm2_buf_append_auth(&buf,
- options->policyhandle ?
- options->policyhandle : TPM2_RS_PW,
- NULL /* nonce */, 0,
- TPM2_SA_CONTINUE_SESSION,
- options->blobauth /* hmac */,
- options->blobauth_len);
+ rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
+ if (rc) {
+ tpm2_end_auth_session(chip);
+ return rc;
+ }
+
+ tpm_buf_append_name(chip, &buf, blob_handle, NULL);
+
+ if (!options->policyhandle) {
+ tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT,
+ options->blobauth,
+ options->blobauth_len);
+ } else {
+ /*
+ * FIXME: The policy session was generated outside the
+ * kernel so we don't known the nonce and thus can't
+ * calculate a HMAC on it. Therefore, the user can
+ * only really use TPM2_PolicyPassword and we must
+ * send down the plain text password, which could be
+ * intercepted. We can still encrypt the returned
+ * key, but that's small comfort since the interposer
+ * could repeat our actions with the exfiltrated
+ * password.
+ */
+ tpm2_buf_append_auth(&buf, options->policyhandle,
+ NULL /* nonce */, 0, 0,
+ options->blobauth, options->blobauth_len);
+ tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT,
+ NULL, 0);
+ }
+ tpm_buf_fill_hmac_session(chip, &buf);
rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing");
+ rc = tpm_buf_check_hmac_response(chip, &buf, rc);
if (rc > 0)
rc = -EPERM;