linux-stable/crypto/asymmetric_keys/asym_tpm.c
Greg Kroah-Hartman f93274ef0f crypto: asym_tpm: correct zero out potential secrets
The function derive_pub_key() should be calling memzero_explicit()
instead of memset() in case the complier decides to optimize away the
call to memset() because it "knows" no one is going to touch the memory
anymore.

Cc: stable <stable@vger.kernel.org>
Reported-by: Ilil Blum Shem-Tov <ilil.blum.shem-tov@intel.com>
Tested-by: Ilil Blum Shem-Tov <ilil.blum.shem-tov@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/X8ns4AfwjKudpyfe@kroah.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-31 10:48:53 +01:00

957 lines
22 KiB
C

// SPDX-License-Identifier: GPL-2.0
#define pr_fmt(fmt) "ASYM-TPM: "fmt
#include <linux/slab.h>
#include <linux/module.h>
#include <linux/export.h>
#include <linux/kernel.h>
#include <linux/seq_file.h>
#include <linux/scatterlist.h>
#include <linux/tpm.h>
#include <linux/tpm_command.h>
#include <crypto/akcipher.h>
#include <crypto/hash.h>
#include <crypto/sha1.h>
#include <asm/unaligned.h>
#include <keys/asymmetric-subtype.h>
#include <keys/trusted_tpm.h>
#include <crypto/asym_tpm_subtype.h>
#include <crypto/public_key.h>
#define TPM_ORD_FLUSHSPECIFIC 186
#define TPM_ORD_LOADKEY2 65
#define TPM_ORD_UNBIND 30
#define TPM_ORD_SIGN 60
#define TPM_RT_KEY 0x00000001
/*
* Load a TPM key from the blob provided by userspace
*/
static int tpm_loadkey2(struct tpm_buf *tb,
uint32_t keyhandle, unsigned char *keyauth,
const unsigned char *keyblob, int keybloblen,
uint32_t *newhandle)
{
unsigned char nonceodd[TPM_NONCE_SIZE];
unsigned char enonce[TPM_NONCE_SIZE];
unsigned char authdata[SHA1_DIGEST_SIZE];
uint32_t authhandle = 0;
unsigned char cont = 0;
uint32_t ordinal;
int ret;
ordinal = htonl(TPM_ORD_LOADKEY2);
/* session for loading the key */
ret = oiap(tb, &authhandle, enonce);
if (ret < 0) {
pr_info("oiap failed (%d)\n", ret);
return ret;
}
/* generate odd nonce */
ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
if (ret < 0) {
pr_info("tpm_get_random failed (%d)\n", ret);
return ret;
}
/* calculate authorization HMAC value */
ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
nonceodd, cont, sizeof(uint32_t), &ordinal,
keybloblen, keyblob, 0, 0);
if (ret < 0)
return ret;
/* build the request buffer */
tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_LOADKEY2);
tpm_buf_append_u32(tb, keyhandle);
tpm_buf_append(tb, keyblob, keybloblen);
tpm_buf_append_u32(tb, authhandle);
tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);
tpm_buf_append_u8(tb, cont);
tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
if (ret < 0) {
pr_info("authhmac failed (%d)\n", ret);
return ret;
}
ret = TSS_checkhmac1(tb->data, ordinal, nonceodd, keyauth,
SHA1_DIGEST_SIZE, 0, 0);
if (ret < 0) {
pr_info("TSS_checkhmac1 failed (%d)\n", ret);
return ret;
}
*newhandle = LOAD32(tb->data, TPM_DATA_OFFSET);
return 0;
}
/*
* Execute the FlushSpecific TPM command
*/
static int tpm_flushspecific(struct tpm_buf *tb, uint32_t handle)
{
tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_FLUSHSPECIFIC);
tpm_buf_append_u32(tb, handle);
tpm_buf_append_u32(tb, TPM_RT_KEY);
return trusted_tpm_send(tb->data, MAX_BUF_SIZE);
}
/*
* Decrypt a blob provided by userspace using a specific key handle.
* The handle is a well known handle or previously loaded by e.g. LoadKey2
*/
static int tpm_unbind(struct tpm_buf *tb,
uint32_t keyhandle, unsigned char *keyauth,
const unsigned char *blob, uint32_t bloblen,
void *out, uint32_t outlen)
{
unsigned char nonceodd[TPM_NONCE_SIZE];
unsigned char enonce[TPM_NONCE_SIZE];
unsigned char authdata[SHA1_DIGEST_SIZE];
uint32_t authhandle = 0;
unsigned char cont = 0;
uint32_t ordinal;
uint32_t datalen;
int ret;
ordinal = htonl(TPM_ORD_UNBIND);
datalen = htonl(bloblen);
/* session for loading the key */
ret = oiap(tb, &authhandle, enonce);
if (ret < 0) {
pr_info("oiap failed (%d)\n", ret);
return ret;
}
/* generate odd nonce */
ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
if (ret < 0) {
pr_info("tpm_get_random failed (%d)\n", ret);
return ret;
}
/* calculate authorization HMAC value */
ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
nonceodd, cont, sizeof(uint32_t), &ordinal,
sizeof(uint32_t), &datalen,
bloblen, blob, 0, 0);
if (ret < 0)
return ret;
/* build the request buffer */
tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_UNBIND);
tpm_buf_append_u32(tb, keyhandle);
tpm_buf_append_u32(tb, bloblen);
tpm_buf_append(tb, blob, bloblen);
tpm_buf_append_u32(tb, authhandle);
tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);
tpm_buf_append_u8(tb, cont);
tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
if (ret < 0) {
pr_info("authhmac failed (%d)\n", ret);
return ret;
}
datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
keyauth, SHA1_DIGEST_SIZE,
sizeof(uint32_t), TPM_DATA_OFFSET,
datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
0, 0);
if (ret < 0) {
pr_info("TSS_checkhmac1 failed (%d)\n", ret);
return ret;
}
memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
min(outlen, datalen));
return datalen;
}
/*
* Sign a blob provided by userspace (that has had the hash function applied)
* using a specific key handle. The handle is assumed to have been previously
* loaded by e.g. LoadKey2.
*
* Note that the key signature scheme of the used key should be set to
* TPM_SS_RSASSAPKCS1v15_DER. This allows the hashed input to be of any size
* up to key_length_in_bytes - 11 and not be limited to size 20 like the
* TPM_SS_RSASSAPKCS1v15_SHA1 signature scheme.
*/
static int tpm_sign(struct tpm_buf *tb,
uint32_t keyhandle, unsigned char *keyauth,
const unsigned char *blob, uint32_t bloblen,
void *out, uint32_t outlen)
{
unsigned char nonceodd[TPM_NONCE_SIZE];
unsigned char enonce[TPM_NONCE_SIZE];
unsigned char authdata[SHA1_DIGEST_SIZE];
uint32_t authhandle = 0;
unsigned char cont = 0;
uint32_t ordinal;
uint32_t datalen;
int ret;
ordinal = htonl(TPM_ORD_SIGN);
datalen = htonl(bloblen);
/* session for loading the key */
ret = oiap(tb, &authhandle, enonce);
if (ret < 0) {
pr_info("oiap failed (%d)\n", ret);
return ret;
}
/* generate odd nonce */
ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
if (ret < 0) {
pr_info("tpm_get_random failed (%d)\n", ret);
return ret;
}
/* calculate authorization HMAC value */
ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
nonceodd, cont, sizeof(uint32_t), &ordinal,
sizeof(uint32_t), &datalen,
bloblen, blob, 0, 0);
if (ret < 0)
return ret;
/* build the request buffer */
tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_SIGN);
tpm_buf_append_u32(tb, keyhandle);
tpm_buf_append_u32(tb, bloblen);
tpm_buf_append(tb, blob, bloblen);
tpm_buf_append_u32(tb, authhandle);
tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);
tpm_buf_append_u8(tb, cont);
tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
if (ret < 0) {
pr_info("authhmac failed (%d)\n", ret);
return ret;
}
datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
keyauth, SHA1_DIGEST_SIZE,
sizeof(uint32_t), TPM_DATA_OFFSET,
datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
0, 0);
if (ret < 0) {
pr_info("TSS_checkhmac1 failed (%d)\n", ret);
return ret;
}
memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
min(datalen, outlen));
return datalen;
}
/* Room to fit two u32 zeros for algo id and parameters length. */
#define SETKEY_PARAMS_SIZE (sizeof(u32) * 2)
/*
* Maximum buffer size for the BER/DER encoded public key. The public key
* is of the form SEQUENCE { INTEGER n, INTEGER e } where n is a maximum 2048
* bit key and e is usually 65537
* The encoding overhead is:
* - max 4 bytes for SEQUENCE
* - max 4 bytes for INTEGER n type/length
* - 257 bytes of n
* - max 2 bytes for INTEGER e type/length
* - 3 bytes of e
* - 4+4 of zeros for set_pub_key parameters (SETKEY_PARAMS_SIZE)
*/
#define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3 + SETKEY_PARAMS_SIZE)
/*
* Provide a part of a description of the key for /proc/keys.
*/
static void asym_tpm_describe(const struct key *asymmetric_key,
struct seq_file *m)
{
struct tpm_key *tk = asymmetric_key->payload.data[asym_crypto];
if (!tk)
return;
seq_printf(m, "TPM1.2/Blob");
}
static void asym_tpm_destroy(void *payload0, void *payload3)
{
struct tpm_key *tk = payload0;
if (!tk)
return;
kfree(tk->blob);
tk->blob_len = 0;
kfree(tk);
}
/* How many bytes will it take to encode the length */
static inline uint32_t definite_length(uint32_t len)
{
if (len <= 127)
return 1;
if (len <= 255)
return 2;
return 3;
}
static inline uint8_t *encode_tag_length(uint8_t *buf, uint8_t tag,
uint32_t len)
{
*buf++ = tag;
if (len <= 127) {
buf[0] = len;
return buf + 1;
}
if (len <= 255) {
buf[0] = 0x81;
buf[1] = len;
return buf + 2;
}
buf[0] = 0x82;
put_unaligned_be16(len, buf + 1);
return buf + 3;
}
static uint32_t derive_pub_key(const void *pub_key, uint32_t len, uint8_t *buf)
{
uint8_t *cur = buf;
uint32_t n_len = definite_length(len) + 1 + len + 1;
uint32_t e_len = definite_length(3) + 1 + 3;
uint8_t e[3] = { 0x01, 0x00, 0x01 };
/* SEQUENCE */
cur = encode_tag_length(cur, 0x30, n_len + e_len);
/* INTEGER n */
cur = encode_tag_length(cur, 0x02, len + 1);
cur[0] = 0x00;
memcpy(cur + 1, pub_key, len);
cur += len + 1;
cur = encode_tag_length(cur, 0x02, sizeof(e));
memcpy(cur, e, sizeof(e));
cur += sizeof(e);
/* Zero parameters to satisfy set_pub_key ABI. */
memzero_explicit(cur, SETKEY_PARAMS_SIZE);
return cur - buf;
}
/*
* Determine the crypto algorithm name.
*/
static int determine_akcipher(const char *encoding, const char *hash_algo,
char alg_name[CRYPTO_MAX_ALG_NAME])
{
if (strcmp(encoding, "pkcs1") == 0) {
if (!hash_algo) {
strcpy(alg_name, "pkcs1pad(rsa)");
return 0;
}
if (snprintf(alg_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(rsa,%s)",
hash_algo) >= CRYPTO_MAX_ALG_NAME)
return -EINVAL;
return 0;
}
if (strcmp(encoding, "raw") == 0) {
strcpy(alg_name, "rsa");
return 0;
}
return -ENOPKG;
}
/*
* Query information about a key.
*/
static int tpm_key_query(const struct kernel_pkey_params *params,
struct kernel_pkey_query *info)
{
struct tpm_key *tk = params->key->payload.data[asym_crypto];
int ret;
char alg_name[CRYPTO_MAX_ALG_NAME];
struct crypto_akcipher *tfm;
uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
uint32_t der_pub_key_len;
int len;
/* TPM only works on private keys, public keys still done in software */
ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
if (ret < 0)
return ret;
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
if (IS_ERR(tfm))
return PTR_ERR(tfm);
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
der_pub_key);
ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
if (ret < 0)
goto error_free_tfm;
len = crypto_akcipher_maxsize(tfm);
info->key_size = tk->key_len;
info->max_data_size = tk->key_len / 8;
info->max_sig_size = len;
info->max_enc_size = len;
info->max_dec_size = tk->key_len / 8;
info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT |
KEYCTL_SUPPORTS_DECRYPT |
KEYCTL_SUPPORTS_VERIFY |
KEYCTL_SUPPORTS_SIGN;
ret = 0;
error_free_tfm:
crypto_free_akcipher(tfm);
pr_devel("<==%s() = %d\n", __func__, ret);
return ret;
}
/*
* Encryption operation is performed with the public key. Hence it is done
* in software
*/
static int tpm_key_encrypt(struct tpm_key *tk,
struct kernel_pkey_params *params,
const void *in, void *out)
{
char alg_name[CRYPTO_MAX_ALG_NAME];
struct crypto_akcipher *tfm;
struct akcipher_request *req;
struct crypto_wait cwait;
struct scatterlist in_sg, out_sg;
uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
uint32_t der_pub_key_len;
int ret;
pr_devel("==>%s()\n", __func__);
ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
if (ret < 0)
return ret;
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
if (IS_ERR(tfm))
return PTR_ERR(tfm);
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
der_pub_key);
ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
if (ret < 0)
goto error_free_tfm;
ret = -ENOMEM;
req = akcipher_request_alloc(tfm, GFP_KERNEL);
if (!req)
goto error_free_tfm;
sg_init_one(&in_sg, in, params->in_len);
sg_init_one(&out_sg, out, params->out_len);
akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
params->out_len);
crypto_init_wait(&cwait);
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
CRYPTO_TFM_REQ_MAY_SLEEP,
crypto_req_done, &cwait);
ret = crypto_akcipher_encrypt(req);
ret = crypto_wait_req(ret, &cwait);
if (ret == 0)
ret = req->dst_len;
akcipher_request_free(req);
error_free_tfm:
crypto_free_akcipher(tfm);
pr_devel("<==%s() = %d\n", __func__, ret);
return ret;
}
/*
* Decryption operation is performed with the private key in the TPM.
*/
static int tpm_key_decrypt(struct tpm_key *tk,
struct kernel_pkey_params *params,
const void *in, void *out)
{
struct tpm_buf tb;
uint32_t keyhandle;
uint8_t srkauth[SHA1_DIGEST_SIZE];
uint8_t keyauth[SHA1_DIGEST_SIZE];
int r;
pr_devel("==>%s()\n", __func__);
if (params->hash_algo)
return -ENOPKG;
if (strcmp(params->encoding, "pkcs1"))
return -ENOPKG;
r = tpm_buf_init(&tb, 0, 0);
if (r)
return r;
/* TODO: Handle a non-all zero SRK authorization */
memset(srkauth, 0, sizeof(srkauth));
r = tpm_loadkey2(&tb, SRKHANDLE, srkauth,
tk->blob, tk->blob_len, &keyhandle);
if (r < 0) {
pr_devel("loadkey2 failed (%d)\n", r);
goto error;
}
/* TODO: Handle a non-all zero key authorization */
memset(keyauth, 0, sizeof(keyauth));
r = tpm_unbind(&tb, keyhandle, keyauth,
in, params->in_len, out, params->out_len);
if (r < 0)
pr_devel("tpm_unbind failed (%d)\n", r);
if (tpm_flushspecific(&tb, keyhandle) < 0)
pr_devel("flushspecific failed (%d)\n", r);
error:
tpm_buf_destroy(&tb);
pr_devel("<==%s() = %d\n", __func__, r);
return r;
}
/*
* Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
*/
static const u8 digest_info_md5[] = {
0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */
0x05, 0x00, 0x04, 0x10
};
static const u8 digest_info_sha1[] = {
0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x05, 0x00, 0x04, 0x14
};
static const u8 digest_info_rmd160[] = {
0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x24, 0x03, 0x02, 0x01,
0x05, 0x00, 0x04, 0x14
};
static const u8 digest_info_sha224[] = {
0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
0x05, 0x00, 0x04, 0x1c
};
static const u8 digest_info_sha256[] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
0x05, 0x00, 0x04, 0x20
};
static const u8 digest_info_sha384[] = {
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
0x05, 0x00, 0x04, 0x30
};
static const u8 digest_info_sha512[] = {
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
0x05, 0x00, 0x04, 0x40
};
static const struct asn1_template {
const char *name;
const u8 *data;
size_t size;
} asn1_templates[] = {
#define _(X) { #X, digest_info_##X, sizeof(digest_info_##X) }
_(md5),
_(sha1),
_(rmd160),
_(sha256),
_(sha384),
_(sha512),
_(sha224),
{ NULL }
#undef _
};
static const struct asn1_template *lookup_asn1(const char *name)
{
const struct asn1_template *p;
for (p = asn1_templates; p->name; p++)
if (strcmp(name, p->name) == 0)
return p;
return NULL;
}
/*
* Sign operation is performed with the private key in the TPM.
*/
static int tpm_key_sign(struct tpm_key *tk,
struct kernel_pkey_params *params,
const void *in, void *out)
{
struct tpm_buf tb;
uint32_t keyhandle;
uint8_t srkauth[SHA1_DIGEST_SIZE];
uint8_t keyauth[SHA1_DIGEST_SIZE];
void *asn1_wrapped = NULL;
uint32_t in_len = params->in_len;
int r;
pr_devel("==>%s()\n", __func__);
if (strcmp(params->encoding, "pkcs1"))
return -ENOPKG;
if (params->hash_algo) {
const struct asn1_template *asn1 =
lookup_asn1(params->hash_algo);
if (!asn1)
return -ENOPKG;
/* request enough space for the ASN.1 template + input hash */
asn1_wrapped = kzalloc(in_len + asn1->size, GFP_KERNEL);
if (!asn1_wrapped)
return -ENOMEM;
/* Copy ASN.1 template, then the input */
memcpy(asn1_wrapped, asn1->data, asn1->size);
memcpy(asn1_wrapped + asn1->size, in, in_len);
in = asn1_wrapped;
in_len += asn1->size;
}
if (in_len > tk->key_len / 8 - 11) {
r = -EOVERFLOW;
goto error_free_asn1_wrapped;
}
r = tpm_buf_init(&tb, 0, 0);
if (r)
goto error_free_asn1_wrapped;
/* TODO: Handle a non-all zero SRK authorization */
memset(srkauth, 0, sizeof(srkauth));
r = tpm_loadkey2(&tb, SRKHANDLE, srkauth,
tk->blob, tk->blob_len, &keyhandle);
if (r < 0) {
pr_devel("loadkey2 failed (%d)\n", r);
goto error_free_tb;
}
/* TODO: Handle a non-all zero key authorization */
memset(keyauth, 0, sizeof(keyauth));
r = tpm_sign(&tb, keyhandle, keyauth, in, in_len, out, params->out_len);
if (r < 0)
pr_devel("tpm_sign failed (%d)\n", r);
if (tpm_flushspecific(&tb, keyhandle) < 0)
pr_devel("flushspecific failed (%d)\n", r);
error_free_tb:
tpm_buf_destroy(&tb);
error_free_asn1_wrapped:
kfree(asn1_wrapped);
pr_devel("<==%s() = %d\n", __func__, r);
return r;
}
/*
* Do encryption, decryption and signing ops.
*/
static int tpm_key_eds_op(struct kernel_pkey_params *params,
const void *in, void *out)
{
struct tpm_key *tk = params->key->payload.data[asym_crypto];
int ret = -EOPNOTSUPP;
/* Perform the encryption calculation. */
switch (params->op) {
case kernel_pkey_encrypt:
ret = tpm_key_encrypt(tk, params, in, out);
break;
case kernel_pkey_decrypt:
ret = tpm_key_decrypt(tk, params, in, out);
break;
case kernel_pkey_sign:
ret = tpm_key_sign(tk, params, in, out);
break;
default:
BUG();
}
return ret;
}
/*
* Verify a signature using a public key.
*/
static int tpm_key_verify_signature(const struct key *key,
const struct public_key_signature *sig)
{
const struct tpm_key *tk = key->payload.data[asym_crypto];
struct crypto_wait cwait;
struct crypto_akcipher *tfm;
struct akcipher_request *req;
struct scatterlist src_sg[2];
char alg_name[CRYPTO_MAX_ALG_NAME];
uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
uint32_t der_pub_key_len;
int ret;
pr_devel("==>%s()\n", __func__);
BUG_ON(!tk);
BUG_ON(!sig);
BUG_ON(!sig->s);
if (!sig->digest)
return -ENOPKG;
ret = determine_akcipher(sig->encoding, sig->hash_algo, alg_name);
if (ret < 0)
return ret;
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
if (IS_ERR(tfm))
return PTR_ERR(tfm);
der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
der_pub_key);
ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
if (ret < 0)
goto error_free_tfm;
ret = -ENOMEM;
req = akcipher_request_alloc(tfm, GFP_KERNEL);
if (!req)
goto error_free_tfm;
sg_init_table(src_sg, 2);
sg_set_buf(&src_sg[0], sig->s, sig->s_size);
sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
sig->digest_size);
crypto_init_wait(&cwait);
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
CRYPTO_TFM_REQ_MAY_SLEEP,
crypto_req_done, &cwait);
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
akcipher_request_free(req);
error_free_tfm:
crypto_free_akcipher(tfm);
pr_devel("<==%s() = %d\n", __func__, ret);
if (WARN_ON_ONCE(ret > 0))
ret = -EINVAL;
return ret;
}
/*
* Parse enough information out of TPM_KEY structure:
* TPM_STRUCT_VER -> 4 bytes
* TPM_KEY_USAGE -> 2 bytes
* TPM_KEY_FLAGS -> 4 bytes
* TPM_AUTH_DATA_USAGE -> 1 byte
* TPM_KEY_PARMS -> variable
* UINT32 PCRInfoSize -> 4 bytes
* BYTE* -> PCRInfoSize bytes
* TPM_STORE_PUBKEY
* UINT32 encDataSize;
* BYTE* -> encDataSize;
*
* TPM_KEY_PARMS:
* TPM_ALGORITHM_ID -> 4 bytes
* TPM_ENC_SCHEME -> 2 bytes
* TPM_SIG_SCHEME -> 2 bytes
* UINT32 parmSize -> 4 bytes
* BYTE* -> variable
*/
static int extract_key_parameters(struct tpm_key *tk)
{
const void *cur = tk->blob;
uint32_t len = tk->blob_len;
const void *pub_key;
uint32_t sz;
uint32_t key_len;
if (len < 11)
return -EBADMSG;
/* Ensure this is a legacy key */
if (get_unaligned_be16(cur + 4) != 0x0015)
return -EBADMSG;
/* Skip to TPM_KEY_PARMS */
cur += 11;
len -= 11;
if (len < 12)
return -EBADMSG;
/* Make sure this is an RSA key */
if (get_unaligned_be32(cur) != 0x00000001)
return -EBADMSG;
/* Make sure this is TPM_ES_RSAESPKCSv15 encoding scheme */
if (get_unaligned_be16(cur + 4) != 0x0002)
return -EBADMSG;
/* Make sure this is TPM_SS_RSASSAPKCS1v15_DER signature scheme */
if (get_unaligned_be16(cur + 6) != 0x0003)
return -EBADMSG;
sz = get_unaligned_be32(cur + 8);
if (len < sz + 12)
return -EBADMSG;
/* Move to TPM_RSA_KEY_PARMS */
len -= 12;
cur += 12;
/* Grab the RSA key length */
key_len = get_unaligned_be32(cur);
switch (key_len) {
case 512:
case 1024:
case 1536:
case 2048:
break;
default:
return -EINVAL;
}
/* Move just past TPM_KEY_PARMS */
cur += sz;
len -= sz;
if (len < 4)
return -EBADMSG;
sz = get_unaligned_be32(cur);
if (len < 4 + sz)
return -EBADMSG;
/* Move to TPM_STORE_PUBKEY */
cur += 4 + sz;
len -= 4 + sz;
/* Grab the size of the public key, it should jive with the key size */
sz = get_unaligned_be32(cur);
if (sz > 256)
return -EINVAL;
pub_key = cur + 4;
tk->key_len = key_len;
tk->pub_key = pub_key;
tk->pub_key_len = sz;
return 0;
}
/* Given the blob, parse it and load it into the TPM */
struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len)
{
int r;
struct tpm_key *tk;
r = tpm_is_tpm2(NULL);
if (r < 0)
goto error;
/* We don't support TPM2 yet */
if (r > 0) {
r = -ENODEV;
goto error;
}
r = -ENOMEM;
tk = kzalloc(sizeof(struct tpm_key), GFP_KERNEL);
if (!tk)
goto error;
tk->blob = kmemdup(blob, blob_len, GFP_KERNEL);
if (!tk->blob)
goto error_memdup;
tk->blob_len = blob_len;
r = extract_key_parameters(tk);
if (r < 0)
goto error_extract;
return tk;
error_extract:
kfree(tk->blob);
tk->blob_len = 0;
error_memdup:
kfree(tk);
error:
return ERR_PTR(r);
}
EXPORT_SYMBOL_GPL(tpm_key_create);
/*
* TPM-based asymmetric key subtype
*/
struct asymmetric_key_subtype asym_tpm_subtype = {
.owner = THIS_MODULE,
.name = "asym_tpm",
.name_len = sizeof("asym_tpm") - 1,
.describe = asym_tpm_describe,
.destroy = asym_tpm_destroy,
.query = tpm_key_query,
.eds_op = tpm_key_eds_op,
.verify_signature = tpm_key_verify_signature,
};
EXPORT_SYMBOL_GPL(asym_tpm_subtype);
MODULE_DESCRIPTION("TPM based asymmetric key subtype");
MODULE_AUTHOR("Intel Corporation");
MODULE_LICENSE("GPL v2");