2 * Copyright (C) 2010 IBM Corporation
5 * David Safford <safford@us.ibm.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
11 * See Documentation/security/keys-trusted-encrypted.txt
14 #include <linux/uaccess.h>
15 #include <linux/module.h>
16 #include <linux/init.h>
17 #include <linux/slab.h>
18 #include <linux/parser.h>
19 #include <linux/string.h>
20 #include <linux/err.h>
21 #include <keys/user-type.h>
22 #include <keys/trusted-type.h>
23 #include <linux/key-type.h>
24 #include <linux/rcupdate.h>
25 #include <linux/crypto.h>
26 #include <crypto/hash.h>
27 #include <crypto/sha.h>
28 #include <linux/capability.h>
29 #include <linux/tpm.h>
30 #include <linux/tpm_command.h>
34 static const char hmac_alg
[] = "hmac(sha1)";
35 static const char hash_alg
[] = "sha1";
38 struct shash_desc shash
;
42 static struct crypto_shash
*hashalg
;
43 static struct crypto_shash
*hmacalg
;
45 static struct sdesc
*init_sdesc(struct crypto_shash
*alg
)
50 size
= sizeof(struct shash_desc
) + crypto_shash_descsize(alg
);
51 sdesc
= kmalloc(size
, GFP_KERNEL
);
53 return ERR_PTR(-ENOMEM
);
54 sdesc
->shash
.tfm
= alg
;
55 sdesc
->shash
.flags
= 0x0;
59 static int TSS_sha1(const unsigned char *data
, unsigned int datalen
,
60 unsigned char *digest
)
65 sdesc
= init_sdesc(hashalg
);
67 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
68 return PTR_ERR(sdesc
);
71 ret
= crypto_shash_digest(&sdesc
->shash
, data
, datalen
, digest
);
76 static int TSS_rawhmac(unsigned char *digest
, const unsigned char *key
,
77 unsigned int keylen
, ...)
85 sdesc
= init_sdesc(hmacalg
);
87 pr_info("trusted_key: can't alloc %s\n", hmac_alg
);
88 return PTR_ERR(sdesc
);
91 ret
= crypto_shash_setkey(hmacalg
, key
, keylen
);
94 ret
= crypto_shash_init(&sdesc
->shash
);
98 va_start(argp
, keylen
);
100 dlen
= va_arg(argp
, unsigned int);
103 data
= va_arg(argp
, unsigned char *);
108 ret
= crypto_shash_update(&sdesc
->shash
, data
, dlen
);
114 ret
= crypto_shash_final(&sdesc
->shash
, digest
);
121 * calculate authorization info fields to send to TPM
123 static int TSS_authhmac(unsigned char *digest
, const unsigned char *key
,
124 unsigned int keylen
, unsigned char *h1
,
125 unsigned char *h2
, unsigned char h3
, ...)
127 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
135 sdesc
= init_sdesc(hashalg
);
137 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
138 return PTR_ERR(sdesc
);
142 ret
= crypto_shash_init(&sdesc
->shash
);
147 dlen
= va_arg(argp
, unsigned int);
150 data
= va_arg(argp
, unsigned char *);
155 ret
= crypto_shash_update(&sdesc
->shash
, data
, dlen
);
161 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
163 ret
= TSS_rawhmac(digest
, key
, keylen
, SHA1_DIGEST_SIZE
,
164 paramdigest
, TPM_NONCE_SIZE
, h1
,
165 TPM_NONCE_SIZE
, h2
, 1, &c
, 0, 0);
172 * verify the AUTH1_COMMAND (Seal) result from TPM
174 static int TSS_checkhmac1(unsigned char *buffer
,
175 const uint32_t command
,
176 const unsigned char *ononce
,
177 const unsigned char *key
,
178 unsigned int keylen
, ...)
184 unsigned char *enonce
;
185 unsigned char *continueflag
;
186 unsigned char *authdata
;
187 unsigned char testhmac
[SHA1_DIGEST_SIZE
];
188 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
195 bufsize
= LOAD32(buffer
, TPM_SIZE_OFFSET
);
196 tag
= LOAD16(buffer
, 0);
198 result
= LOAD32N(buffer
, TPM_RETURN_OFFSET
);
199 if (tag
== TPM_TAG_RSP_COMMAND
)
201 if (tag
!= TPM_TAG_RSP_AUTH1_COMMAND
)
203 authdata
= buffer
+ bufsize
- SHA1_DIGEST_SIZE
;
204 continueflag
= authdata
- 1;
205 enonce
= continueflag
- TPM_NONCE_SIZE
;
207 sdesc
= init_sdesc(hashalg
);
209 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
210 return PTR_ERR(sdesc
);
212 ret
= crypto_shash_init(&sdesc
->shash
);
215 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&result
,
219 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&ordinal
,
223 va_start(argp
, keylen
);
225 dlen
= va_arg(argp
, unsigned int);
228 dpos
= va_arg(argp
, unsigned int);
229 ret
= crypto_shash_update(&sdesc
->shash
, buffer
+ dpos
, dlen
);
235 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
239 ret
= TSS_rawhmac(testhmac
, key
, keylen
, SHA1_DIGEST_SIZE
, paramdigest
,
240 TPM_NONCE_SIZE
, enonce
, TPM_NONCE_SIZE
, ononce
,
241 1, continueflag
, 0, 0);
245 if (memcmp(testhmac
, authdata
, SHA1_DIGEST_SIZE
))
253 * verify the AUTH2_COMMAND (unseal) result from TPM
255 static int TSS_checkhmac2(unsigned char *buffer
,
256 const uint32_t command
,
257 const unsigned char *ononce
,
258 const unsigned char *key1
,
259 unsigned int keylen1
,
260 const unsigned char *key2
,
261 unsigned int keylen2
, ...)
267 unsigned char *enonce1
;
268 unsigned char *continueflag1
;
269 unsigned char *authdata1
;
270 unsigned char *enonce2
;
271 unsigned char *continueflag2
;
272 unsigned char *authdata2
;
273 unsigned char testhmac1
[SHA1_DIGEST_SIZE
];
274 unsigned char testhmac2
[SHA1_DIGEST_SIZE
];
275 unsigned char paramdigest
[SHA1_DIGEST_SIZE
];
282 bufsize
= LOAD32(buffer
, TPM_SIZE_OFFSET
);
283 tag
= LOAD16(buffer
, 0);
285 result
= LOAD32N(buffer
, TPM_RETURN_OFFSET
);
287 if (tag
== TPM_TAG_RSP_COMMAND
)
289 if (tag
!= TPM_TAG_RSP_AUTH2_COMMAND
)
291 authdata1
= buffer
+ bufsize
- (SHA1_DIGEST_SIZE
+ 1
292 + SHA1_DIGEST_SIZE
+ SHA1_DIGEST_SIZE
);
293 authdata2
= buffer
+ bufsize
- (SHA1_DIGEST_SIZE
);
294 continueflag1
= authdata1
- 1;
295 continueflag2
= authdata2
- 1;
296 enonce1
= continueflag1
- TPM_NONCE_SIZE
;
297 enonce2
= continueflag2
- TPM_NONCE_SIZE
;
299 sdesc
= init_sdesc(hashalg
);
301 pr_info("trusted_key: can't alloc %s\n", hash_alg
);
302 return PTR_ERR(sdesc
);
304 ret
= crypto_shash_init(&sdesc
->shash
);
307 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&result
,
311 ret
= crypto_shash_update(&sdesc
->shash
, (const u8
*)&ordinal
,
316 va_start(argp
, keylen2
);
318 dlen
= va_arg(argp
, unsigned int);
321 dpos
= va_arg(argp
, unsigned int);
322 ret
= crypto_shash_update(&sdesc
->shash
, buffer
+ dpos
, dlen
);
328 ret
= crypto_shash_final(&sdesc
->shash
, paramdigest
);
332 ret
= TSS_rawhmac(testhmac1
, key1
, keylen1
, SHA1_DIGEST_SIZE
,
333 paramdigest
, TPM_NONCE_SIZE
, enonce1
,
334 TPM_NONCE_SIZE
, ononce
, 1, continueflag1
, 0, 0);
337 if (memcmp(testhmac1
, authdata1
, SHA1_DIGEST_SIZE
)) {
341 ret
= TSS_rawhmac(testhmac2
, key2
, keylen2
, SHA1_DIGEST_SIZE
,
342 paramdigest
, TPM_NONCE_SIZE
, enonce2
,
343 TPM_NONCE_SIZE
, ononce
, 1, continueflag2
, 0, 0);
346 if (memcmp(testhmac2
, authdata2
, SHA1_DIGEST_SIZE
))
354 * For key specific tpm requests, we will generate and send our
355 * own TPM command packets using the drivers send function.
357 static int trusted_tpm_send(const u32 chip_num
, unsigned char *cmd
,
363 rc
= tpm_send(chip_num
, cmd
, buflen
);
366 /* Can't return positive return codes values to keyctl */
372 * get a random value from TPM
374 static int tpm_get_random(struct tpm_buf
*tb
, unsigned char *buf
, uint32_t len
)
379 store16(tb
, TPM_TAG_RQU_COMMAND
);
380 store32(tb
, TPM_GETRANDOM_SIZE
);
381 store32(tb
, TPM_ORD_GETRANDOM
);
383 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, sizeof tb
->data
);
385 memcpy(buf
, tb
->data
+ TPM_GETRANDOM_SIZE
, len
);
389 static int my_get_random(unsigned char *buf
, int len
)
394 tb
= kmalloc(sizeof *tb
, GFP_KERNEL
);
397 ret
= tpm_get_random(tb
, buf
, len
);
404 * Lock a trusted key, by extending a selected PCR.
406 * Prevents a trusted key that is sealed to PCRs from being accessed.
407 * This uses the tpm driver's extend function.
409 static int pcrlock(const int pcrnum
)
411 unsigned char hash
[SHA1_DIGEST_SIZE
];
414 if (!capable(CAP_SYS_ADMIN
))
416 ret
= my_get_random(hash
, SHA1_DIGEST_SIZE
);
419 return tpm_pcr_extend(TPM_ANY_NUM
, pcrnum
, hash
) ? -EINVAL
: 0;
423 * Create an object specific authorisation protocol (OSAP) session
425 static int osap(struct tpm_buf
*tb
, struct osapsess
*s
,
426 const unsigned char *key
, uint16_t type
, uint32_t handle
)
428 unsigned char enonce
[TPM_NONCE_SIZE
];
429 unsigned char ononce
[TPM_NONCE_SIZE
];
432 ret
= tpm_get_random(tb
, ononce
, TPM_NONCE_SIZE
);
437 store16(tb
, TPM_TAG_RQU_COMMAND
);
438 store32(tb
, TPM_OSAP_SIZE
);
439 store32(tb
, TPM_ORD_OSAP
);
442 storebytes(tb
, ononce
, TPM_NONCE_SIZE
);
444 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
448 s
->handle
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
449 memcpy(s
->enonce
, &(tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t)]),
451 memcpy(enonce
, &(tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t) +
452 TPM_NONCE_SIZE
]), TPM_NONCE_SIZE
);
453 return TSS_rawhmac(s
->secret
, key
, SHA1_DIGEST_SIZE
, TPM_NONCE_SIZE
,
454 enonce
, TPM_NONCE_SIZE
, ononce
, 0, 0);
458 * Create an object independent authorisation protocol (oiap) session
460 static int oiap(struct tpm_buf
*tb
, uint32_t *handle
, unsigned char *nonce
)
465 store16(tb
, TPM_TAG_RQU_COMMAND
);
466 store32(tb
, TPM_OIAP_SIZE
);
467 store32(tb
, TPM_ORD_OIAP
);
468 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
472 *handle
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
473 memcpy(nonce
, &tb
->data
[TPM_DATA_OFFSET
+ sizeof(uint32_t)],
479 unsigned char encauth
[SHA1_DIGEST_SIZE
];
480 unsigned char pubauth
[SHA1_DIGEST_SIZE
];
481 unsigned char xorwork
[SHA1_DIGEST_SIZE
* 2];
482 unsigned char xorhash
[SHA1_DIGEST_SIZE
];
483 unsigned char nonceodd
[TPM_NONCE_SIZE
];
487 * Have the TPM seal(encrypt) the trusted key, possibly based on
488 * Platform Configuration Registers (PCRs). AUTH1 for sealing key.
490 static int tpm_seal(struct tpm_buf
*tb
, uint16_t keytype
,
491 uint32_t keyhandle
, const unsigned char *keyauth
,
492 const unsigned char *data
, uint32_t datalen
,
493 unsigned char *blob
, uint32_t *bloblen
,
494 const unsigned char *blobauth
,
495 const unsigned char *pcrinfo
, uint32_t pcrinfosize
)
497 struct osapsess sess
;
498 struct tpm_digests
*td
;
509 /* alloc some work space for all the hashes */
510 td
= kmalloc(sizeof *td
, GFP_KERNEL
);
514 /* get session for sealing key */
515 ret
= osap(tb
, &sess
, keyauth
, keytype
, keyhandle
);
520 /* calculate encrypted authorization value */
521 memcpy(td
->xorwork
, sess
.secret
, SHA1_DIGEST_SIZE
);
522 memcpy(td
->xorwork
+ SHA1_DIGEST_SIZE
, sess
.enonce
, SHA1_DIGEST_SIZE
);
523 ret
= TSS_sha1(td
->xorwork
, SHA1_DIGEST_SIZE
* 2, td
->xorhash
);
527 ret
= tpm_get_random(tb
, td
->nonceodd
, TPM_NONCE_SIZE
);
530 ordinal
= htonl(TPM_ORD_SEAL
);
531 datsize
= htonl(datalen
);
532 pcrsize
= htonl(pcrinfosize
);
535 /* encrypt data authorization key */
536 for (i
= 0; i
< SHA1_DIGEST_SIZE
; ++i
)
537 td
->encauth
[i
] = td
->xorhash
[i
] ^ blobauth
[i
];
539 /* calculate authorization HMAC value */
540 if (pcrinfosize
== 0) {
541 /* no pcr info specified */
542 ret
= TSS_authhmac(td
->pubauth
, sess
.secret
, SHA1_DIGEST_SIZE
,
543 sess
.enonce
, td
->nonceodd
, cont
,
544 sizeof(uint32_t), &ordinal
, SHA1_DIGEST_SIZE
,
545 td
->encauth
, sizeof(uint32_t), &pcrsize
,
546 sizeof(uint32_t), &datsize
, datalen
, data
, 0,
549 /* pcr info specified */
550 ret
= TSS_authhmac(td
->pubauth
, sess
.secret
, SHA1_DIGEST_SIZE
,
551 sess
.enonce
, td
->nonceodd
, cont
,
552 sizeof(uint32_t), &ordinal
, SHA1_DIGEST_SIZE
,
553 td
->encauth
, sizeof(uint32_t), &pcrsize
,
554 pcrinfosize
, pcrinfo
, sizeof(uint32_t),
555 &datsize
, datalen
, data
, 0, 0);
560 /* build and send the TPM request packet */
562 store16(tb
, TPM_TAG_RQU_AUTH1_COMMAND
);
563 store32(tb
, TPM_SEAL_SIZE
+ pcrinfosize
+ datalen
);
564 store32(tb
, TPM_ORD_SEAL
);
565 store32(tb
, keyhandle
);
566 storebytes(tb
, td
->encauth
, SHA1_DIGEST_SIZE
);
567 store32(tb
, pcrinfosize
);
568 storebytes(tb
, pcrinfo
, pcrinfosize
);
569 store32(tb
, datalen
);
570 storebytes(tb
, data
, datalen
);
571 store32(tb
, sess
.handle
);
572 storebytes(tb
, td
->nonceodd
, TPM_NONCE_SIZE
);
574 storebytes(tb
, td
->pubauth
, SHA1_DIGEST_SIZE
);
576 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
580 /* calculate the size of the returned Blob */
581 sealinfosize
= LOAD32(tb
->data
, TPM_DATA_OFFSET
+ sizeof(uint32_t));
582 encdatasize
= LOAD32(tb
->data
, TPM_DATA_OFFSET
+ sizeof(uint32_t) +
583 sizeof(uint32_t) + sealinfosize
);
584 storedsize
= sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize
+
585 sizeof(uint32_t) + encdatasize
;
587 /* check the HMAC in the response */
588 ret
= TSS_checkhmac1(tb
->data
, ordinal
, td
->nonceodd
, sess
.secret
,
589 SHA1_DIGEST_SIZE
, storedsize
, TPM_DATA_OFFSET
, 0,
592 /* copy the returned blob to caller */
594 memcpy(blob
, tb
->data
+ TPM_DATA_OFFSET
, storedsize
);
595 *bloblen
= storedsize
;
603 * use the AUTH2_COMMAND form of unseal, to authorize both key and blob
605 static int tpm_unseal(struct tpm_buf
*tb
,
606 uint32_t keyhandle
, const unsigned char *keyauth
,
607 const unsigned char *blob
, int bloblen
,
608 const unsigned char *blobauth
,
609 unsigned char *data
, unsigned int *datalen
)
611 unsigned char nonceodd
[TPM_NONCE_SIZE
];
612 unsigned char enonce1
[TPM_NONCE_SIZE
];
613 unsigned char enonce2
[TPM_NONCE_SIZE
];
614 unsigned char authdata1
[SHA1_DIGEST_SIZE
];
615 unsigned char authdata2
[SHA1_DIGEST_SIZE
];
616 uint32_t authhandle1
= 0;
617 uint32_t authhandle2
= 0;
618 unsigned char cont
= 0;
623 /* sessions for unsealing key and data */
624 ret
= oiap(tb
, &authhandle1
, enonce1
);
626 pr_info("trusted_key: oiap failed (%d)\n", ret
);
629 ret
= oiap(tb
, &authhandle2
, enonce2
);
631 pr_info("trusted_key: oiap failed (%d)\n", ret
);
635 ordinal
= htonl(TPM_ORD_UNSEAL
);
636 keyhndl
= htonl(SRKHANDLE
);
637 ret
= tpm_get_random(tb
, nonceodd
, TPM_NONCE_SIZE
);
639 pr_info("trusted_key: tpm_get_random failed (%d)\n", ret
);
642 ret
= TSS_authhmac(authdata1
, keyauth
, TPM_NONCE_SIZE
,
643 enonce1
, nonceodd
, cont
, sizeof(uint32_t),
644 &ordinal
, bloblen
, blob
, 0, 0);
647 ret
= TSS_authhmac(authdata2
, blobauth
, TPM_NONCE_SIZE
,
648 enonce2
, nonceodd
, cont
, sizeof(uint32_t),
649 &ordinal
, bloblen
, blob
, 0, 0);
653 /* build and send TPM request packet */
655 store16(tb
, TPM_TAG_RQU_AUTH2_COMMAND
);
656 store32(tb
, TPM_UNSEAL_SIZE
+ bloblen
);
657 store32(tb
, TPM_ORD_UNSEAL
);
658 store32(tb
, keyhandle
);
659 storebytes(tb
, blob
, bloblen
);
660 store32(tb
, authhandle1
);
661 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
663 storebytes(tb
, authdata1
, SHA1_DIGEST_SIZE
);
664 store32(tb
, authhandle2
);
665 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
667 storebytes(tb
, authdata2
, SHA1_DIGEST_SIZE
);
669 ret
= trusted_tpm_send(TPM_ANY_NUM
, tb
->data
, MAX_BUF_SIZE
);
671 pr_info("trusted_key: authhmac failed (%d)\n", ret
);
675 *datalen
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
676 ret
= TSS_checkhmac2(tb
->data
, ordinal
, nonceodd
,
677 keyauth
, SHA1_DIGEST_SIZE
,
678 blobauth
, SHA1_DIGEST_SIZE
,
679 sizeof(uint32_t), TPM_DATA_OFFSET
,
680 *datalen
, TPM_DATA_OFFSET
+ sizeof(uint32_t), 0,
683 pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret
);
686 memcpy(data
, tb
->data
+ TPM_DATA_OFFSET
+ sizeof(uint32_t), *datalen
);
691 * Have the TPM seal(encrypt) the symmetric key
693 static int key_seal(struct trusted_key_payload
*p
,
694 struct trusted_key_options
*o
)
699 tb
= kzalloc(sizeof *tb
, GFP_KERNEL
);
703 /* include migratable flag at end of sealed key */
704 p
->key
[p
->key_len
] = p
->migratable
;
706 ret
= tpm_seal(tb
, o
->keytype
, o
->keyhandle
, o
->keyauth
,
707 p
->key
, p
->key_len
+ 1, p
->blob
, &p
->blob_len
,
708 o
->blobauth
, o
->pcrinfo
, o
->pcrinfo_len
);
710 pr_info("trusted_key: srkseal failed (%d)\n", ret
);
717 * Have the TPM unseal(decrypt) the symmetric key
719 static int key_unseal(struct trusted_key_payload
*p
,
720 struct trusted_key_options
*o
)
725 tb
= kzalloc(sizeof *tb
, GFP_KERNEL
);
729 ret
= tpm_unseal(tb
, o
->keyhandle
, o
->keyauth
, p
->blob
, p
->blob_len
,
730 o
->blobauth
, p
->key
, &p
->key_len
);
732 pr_info("trusted_key: srkunseal failed (%d)\n", ret
);
734 /* pull migratable flag out of sealed key */
735 p
->migratable
= p
->key
[--p
->key_len
];
743 Opt_new
, Opt_load
, Opt_update
,
744 Opt_keyhandle
, Opt_keyauth
, Opt_blobauth
,
745 Opt_pcrinfo
, Opt_pcrlock
, Opt_migratable
748 static const match_table_t key_tokens
= {
751 {Opt_update
, "update"},
752 {Opt_keyhandle
, "keyhandle=%s"},
753 {Opt_keyauth
, "keyauth=%s"},
754 {Opt_blobauth
, "blobauth=%s"},
755 {Opt_pcrinfo
, "pcrinfo=%s"},
756 {Opt_pcrlock
, "pcrlock=%s"},
757 {Opt_migratable
, "migratable=%s"},
761 /* can have zero or more token= options */
762 static int getoptions(char *c
, struct trusted_key_payload
*pay
,
763 struct trusted_key_options
*opt
)
765 substring_t args
[MAX_OPT_ARGS
];
769 unsigned long handle
;
772 while ((p
= strsep(&c
, " \t"))) {
773 if (*p
== '\0' || *p
== ' ' || *p
== '\t')
775 token
= match_token(p
, key_tokens
, args
);
779 opt
->pcrinfo_len
= strlen(args
[0].from
) / 2;
780 if (opt
->pcrinfo_len
> MAX_PCRINFO_SIZE
)
782 res
= hex2bin(opt
->pcrinfo
, args
[0].from
,
788 res
= strict_strtoul(args
[0].from
, 16, &handle
);
791 opt
->keytype
= SEAL_keytype
;
792 opt
->keyhandle
= handle
;
795 if (strlen(args
[0].from
) != 2 * SHA1_DIGEST_SIZE
)
797 res
= hex2bin(opt
->keyauth
, args
[0].from
,
803 if (strlen(args
[0].from
) != 2 * SHA1_DIGEST_SIZE
)
805 res
= hex2bin(opt
->blobauth
, args
[0].from
,
811 if (*args
[0].from
== '0')
817 res
= strict_strtoul(args
[0].from
, 10, &lock
);
830 * datablob_parse - parse the keyctl data and fill in the
831 * payload and options structures
833 * On success returns 0, otherwise -EINVAL.
835 static int datablob_parse(char *datablob
, struct trusted_key_payload
*p
,
836 struct trusted_key_options
*o
)
838 substring_t args
[MAX_OPT_ARGS
];
845 c
= strsep(&datablob
, " \t");
848 key_cmd
= match_token(c
, key_tokens
, args
);
851 /* first argument is key size */
852 c
= strsep(&datablob
, " \t");
855 ret
= strict_strtol(c
, 10, &keylen
);
856 if (ret
< 0 || keylen
< MIN_KEY_SIZE
|| keylen
> MAX_KEY_SIZE
)
859 ret
= getoptions(datablob
, p
, o
);
865 /* first argument is sealed blob */
866 c
= strsep(&datablob
, " \t");
869 p
->blob_len
= strlen(c
) / 2;
870 if (p
->blob_len
> MAX_BLOB_SIZE
)
872 ret
= hex2bin(p
->blob
, c
, p
->blob_len
);
875 ret
= getoptions(datablob
, p
, o
);
881 /* all arguments are options */
882 ret
= getoptions(datablob
, p
, o
);
894 static struct trusted_key_options
*trusted_options_alloc(void)
896 struct trusted_key_options
*options
;
898 options
= kzalloc(sizeof *options
, GFP_KERNEL
);
900 /* set any non-zero defaults */
901 options
->keytype
= SRK_keytype
;
902 options
->keyhandle
= SRKHANDLE
;
907 static struct trusted_key_payload
*trusted_payload_alloc(struct key
*key
)
909 struct trusted_key_payload
*p
= NULL
;
912 ret
= key_payload_reserve(key
, sizeof *p
);
915 p
= kzalloc(sizeof *p
, GFP_KERNEL
);
917 p
->migratable
= 1; /* migratable by default */
922 * trusted_instantiate - create a new trusted key
924 * Unseal an existing trusted blob or, for a new key, get a
925 * random key, then seal and create a trusted key-type key,
926 * adding it to the specified keyring.
928 * On success, return 0. Otherwise return errno.
930 static int trusted_instantiate(struct key
*key
, const void *data
,
933 struct trusted_key_payload
*payload
= NULL
;
934 struct trusted_key_options
*options
= NULL
;
939 if (datalen
<= 0 || datalen
> 32767 || !data
)
942 datablob
= kmalloc(datalen
+ 1, GFP_KERNEL
);
945 memcpy(datablob
, data
, datalen
);
946 datablob
[datalen
] = '\0';
948 options
= trusted_options_alloc();
953 payload
= trusted_payload_alloc(key
);
959 key_cmd
= datablob_parse(datablob
, payload
, options
);
965 dump_payload(payload
);
966 dump_options(options
);
970 ret
= key_unseal(payload
, options
);
971 dump_payload(payload
);
972 dump_options(options
);
974 pr_info("trusted_key: key_unseal failed (%d)\n", ret
);
977 ret
= my_get_random(payload
->key
, payload
->key_len
);
979 pr_info("trusted_key: key_create failed (%d)\n", ret
);
982 ret
= key_seal(payload
, options
);
984 pr_info("trusted_key: key_seal failed (%d)\n", ret
);
990 if (!ret
&& options
->pcrlock
)
991 ret
= pcrlock(options
->pcrlock
);
996 rcu_assign_pointer(key
->payload
.data
, payload
);
1002 static void trusted_rcu_free(struct rcu_head
*rcu
)
1004 struct trusted_key_payload
*p
;
1006 p
= container_of(rcu
, struct trusted_key_payload
, rcu
);
1007 memset(p
->key
, 0, p
->key_len
);
1012 * trusted_update - reseal an existing key with new PCR values
1014 static int trusted_update(struct key
*key
, const void *data
, size_t datalen
)
1016 struct trusted_key_payload
*p
= key
->payload
.data
;
1017 struct trusted_key_payload
*new_p
;
1018 struct trusted_key_options
*new_o
;
1024 if (datalen
<= 0 || datalen
> 32767 || !data
)
1027 datablob
= kmalloc(datalen
+ 1, GFP_KERNEL
);
1030 new_o
= trusted_options_alloc();
1035 new_p
= trusted_payload_alloc(key
);
1041 memcpy(datablob
, data
, datalen
);
1042 datablob
[datalen
] = '\0';
1043 ret
= datablob_parse(datablob
, new_p
, new_o
);
1044 if (ret
!= Opt_update
) {
1049 /* copy old key values, and reseal with new pcrs */
1050 new_p
->migratable
= p
->migratable
;
1051 new_p
->key_len
= p
->key_len
;
1052 memcpy(new_p
->key
, p
->key
, p
->key_len
);
1054 dump_payload(new_p
);
1056 ret
= key_seal(new_p
, new_o
);
1058 pr_info("trusted_key: key_seal failed (%d)\n", ret
);
1062 if (new_o
->pcrlock
) {
1063 ret
= pcrlock(new_o
->pcrlock
);
1065 pr_info("trusted_key: pcrlock failed (%d)\n", ret
);
1070 rcu_assign_pointer(key
->payload
.data
, new_p
);
1071 call_rcu(&p
->rcu
, trusted_rcu_free
);
1079 * trusted_read - copy the sealed blob data to userspace in hex.
1080 * On success, return to userspace the trusted key datablob size.
1082 static long trusted_read(const struct key
*key
, char __user
*buffer
,
1085 struct trusted_key_payload
*p
;
1090 p
= rcu_dereference_key(key
);
1093 if (!buffer
|| buflen
<= 0)
1094 return 2 * p
->blob_len
;
1095 ascii_buf
= kmalloc(2 * p
->blob_len
, GFP_KERNEL
);
1100 for (i
= 0; i
< p
->blob_len
; i
++)
1101 bufp
= hex_byte_pack(bufp
, p
->blob
[i
]);
1102 if ((copy_to_user(buffer
, ascii_buf
, 2 * p
->blob_len
)) != 0) {
1107 return 2 * p
->blob_len
;
1111 * trusted_destroy - before freeing the key, clear the decrypted data
1113 static void trusted_destroy(struct key
*key
)
1115 struct trusted_key_payload
*p
= key
->payload
.data
;
1119 memset(p
->key
, 0, p
->key_len
);
1120 kfree(key
->payload
.data
);
1123 struct key_type key_type_trusted
= {
1125 .instantiate
= trusted_instantiate
,
1126 .update
= trusted_update
,
1127 .match
= user_match
,
1128 .destroy
= trusted_destroy
,
1129 .describe
= user_describe
,
1130 .read
= trusted_read
,
1133 EXPORT_SYMBOL_GPL(key_type_trusted
);
1135 static void trusted_shash_release(void)
1138 crypto_free_shash(hashalg
);
1140 crypto_free_shash(hmacalg
);
1143 static int __init
trusted_shash_alloc(void)
1147 hmacalg
= crypto_alloc_shash(hmac_alg
, 0, CRYPTO_ALG_ASYNC
);
1148 if (IS_ERR(hmacalg
)) {
1149 pr_info("trusted_key: could not allocate crypto %s\n",
1151 return PTR_ERR(hmacalg
);
1154 hashalg
= crypto_alloc_shash(hash_alg
, 0, CRYPTO_ALG_ASYNC
);
1155 if (IS_ERR(hashalg
)) {
1156 pr_info("trusted_key: could not allocate crypto %s\n",
1158 ret
= PTR_ERR(hashalg
);
1165 crypto_free_shash(hmacalg
);
1169 static int __init
init_trusted(void)
1173 ret
= trusted_shash_alloc();
1176 ret
= register_key_type(&key_type_trusted
);
1178 trusted_shash_release();
1182 static void __exit
cleanup_trusted(void)
1184 trusted_shash_release();
1185 unregister_key_type(&key_type_trusted
);
1188 late_initcall(init_trusted
);
1189 module_exit(cleanup_trusted
);
1191 MODULE_LICENSE("GPL");