From patchwork Tue Aug 23 22:25:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Evan Green X-Patchwork-Id: 600665 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C1B2C32772 for ; Tue, 23 Aug 2022 22:26:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234231AbiHWW05 (ORCPT ); Tue, 23 Aug 2022 18:26:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233715AbiHWW0U (ORCPT ); Tue, 23 Aug 2022 18:26:20 -0400 Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36C0A883FD for ; Tue, 23 Aug 2022 15:26:13 -0700 (PDT) Received: by mail-pg1-x536.google.com with SMTP id 202so13438895pgc.8 for ; Tue, 23 Aug 2022 15:26:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=AH0m5uX9m9eVBwqeavNnIAVDLy7vjyilDU7TJihAT74=; b=W594fm+F0bf0F7aULxvN2MXuKQtM4O63z60L+1k+lkVZ62U1HPUCxzrKnuvFh6iyoY LHE7JTWBy2O9H7QzN3DjHFiLKHsXWCaRtjALBZ4B2A+yLzJVzBRlFcX2ldWg1z5A3GzE ag87X18z4RbMCK2rZbHYP5BxUQGlJdQwIy3Ng= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=AH0m5uX9m9eVBwqeavNnIAVDLy7vjyilDU7TJihAT74=; b=LTtX2+cjFVVh0AFFYgHJ4J4VlEQWWwZ4hpVInm0mK8038ay1UIw4unu0AikcWPEAco z6MAxGyHFfRddhXD9Icd8pl7y/kSOgU2mJVUKO+Twbb6QTM5H+w5ZIm5R7aE34eD/BLB cd6adPJ8qxzmeNo79Y76W+eJaj+R0KBmSE/fkFKCCzrizwAh1dNZSHgeFrBJxHo4OlLg H7rETP/1qEEfDr01nXSG3FM5uXsLfmO0TTuHv72qx7Zz5Tfj62svOEW0jNVNhRVO3nvE OEFX7d8ywgwreB+SJFqg6L2tmGdqd285UbV7/Z0ljq53kHF8B+yy00GJ+yz6eQWNZbzz hUZQ== X-Gm-Message-State: ACgBeo3F8JnOQhTFWsQmPI6CnvSsFq9BgPYgYK430vX2wcv/ivfLkS1j f8hhQOZhkJlWKCT90OstJ7Xx4A== X-Google-Smtp-Source: AA6agR5EcEZPXfjuvjfmB8jo8uwSY7SUJwW8B+EXmuDHhnPKNfd8blmLQtVGwt88Hv24JLlSVza8wQ== X-Received: by 2002:a63:4566:0:b0:41d:353:46b4 with SMTP id u38-20020a634566000000b0041d035346b4mr22568687pgk.316.1661293572666; Tue, 23 Aug 2022 15:26:12 -0700 (PDT) Received: from evgreen-glaptop.lan ([98.45.66.167]) by smtp.gmail.com with ESMTPSA id f76-20020a62384f000000b0052f20d70845sm11256292pfa.150.2022.08.23.15.26.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Aug 2022 15:26:12 -0700 (PDT) From: Evan Green To: linux-kernel@vger.kernel.org Cc: gwendal@chromium.org, Eric Biggers , Matthew Garrett , jarkko@kernel.org, zohar@linux.ibm.com, linux-integrity@vger.kernel.org, Pavel Machek , apronin@chromium.org, dlunev@google.com, rjw@rjwysocki.net, linux-pm@vger.kernel.org, corbet@lwn.net, jejb@linux.ibm.com, Evan Green , David Howells , Hao Wu , James Morris , Matthew Garrett , Paul Moore , "Serge E. Hallyn" , axelj , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v2 05/10] security: keys: trusted: Verify creation data Date: Tue, 23 Aug 2022 15:25:21 -0700 Message-Id: <20220823152108.v2.5.I6cdb522cb5ea28fcd1e35b4cd92cbd067f99269a@changeid> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20220823222526.1524851-1-evgreen@chromium.org> References: <20220823222526.1524851-1-evgreen@chromium.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org If a loaded key contains creation data, ask the TPM to verify that creation data. This allows users like encrypted hibernate to know that the loaded and parsed creation data has not been tampered with. Partially-sourced-from: Matthew Garrett Signed-off-by: Evan Green --- Source material for this change is at: https://patchwork.kernel.org/project/linux-pm/patch/20210220013255.1083202-9-matthewgarrett@google.com/ Changes in v2: - Adjust hash len by 2 due to new ASN.1 storage, and add underflow check. include/linux/tpm.h | 1 + security/keys/trusted-keys/trusted_tpm2.c | 77 ++++++++++++++++++++++- 2 files changed, 77 insertions(+), 1 deletion(-) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 8320cbac6f4009..438f8bc0a50582 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -224,6 +224,7 @@ enum tpm2_command_codes { TPM2_CC_SELF_TEST = 0x0143, TPM2_CC_STARTUP = 0x0144, TPM2_CC_SHUTDOWN = 0x0145, + TPM2_CC_CERTIFYCREATION = 0x014A, TPM2_CC_NV_READ = 0x014E, TPM2_CC_CREATE = 0x0153, TPM2_CC_LOAD = 0x0157, diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index 1d1470b880ca01..f81c6578c7f783 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -691,6 +691,74 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, return rc; } +/** + * tpm2_certify_creation() - execute a TPM2_CertifyCreation command + * + * @chip: TPM chip to use + * @payload: the key data in clear and encrypted form + * @blob_handle: the loaded TPM handle of the key + * + * Return: 0 on success + * -EINVAL on tpm error status + * < 0 error from tpm_send or tpm_buf_init + */ +static int tpm2_certify_creation(struct tpm_chip *chip, + struct trusted_key_payload *payload, + u32 blob_handle) +{ + struct tpm_header *head; + struct tpm_buf buf; + int rc; + + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CERTIFYCREATION); + if (rc) + return rc; + + /* Use TPM_RH_NULL for signHandle */ + tpm_buf_append_u32(&buf, 0x40000007); + + /* Object handle */ + tpm_buf_append_u32(&buf, blob_handle); + + /* Auth */ + tpm_buf_append_u32(&buf, 9); + tpm_buf_append_u32(&buf, TPM2_RS_PW); + tpm_buf_append_u16(&buf, 0); + tpm_buf_append_u8(&buf, 0); + tpm_buf_append_u16(&buf, 0); + + /* Qualifying data */ + tpm_buf_append_u16(&buf, 0); + + /* Creation data hash */ + if (payload->creation_hash_len < 2) { + rc = -EINVAL; + goto out; + } + + tpm_buf_append_u16(&buf, payload->creation_hash_len - 2); + tpm_buf_append(&buf, payload->creation_hash + 2, + payload->creation_hash_len - 2); + + /* signature scheme */ + tpm_buf_append_u16(&buf, TPM_ALG_NULL); + + /* creation ticket */ + tpm_buf_append(&buf, payload->tk, payload->tk_len); + + rc = tpm_transmit_cmd(chip, &buf, 6, "certifying creation data"); + if (rc) + goto out; + + head = (struct tpm_header *)buf.data; + + if (head->return_code != 0) + rc = -EINVAL; +out: + tpm_buf_destroy(&buf); + return rc; +} + /** * tpm2_unseal_trusted() - unseal the payload of a trusted key * @@ -716,8 +784,15 @@ int tpm2_unseal_trusted(struct tpm_chip *chip, goto out; rc = tpm2_unseal_cmd(chip, payload, options, blob_handle); - tpm2_flush_context(chip, blob_handle); + if (rc) + goto flush; + + if (payload->creation_len) + rc = tpm2_certify_creation(chip, payload, blob_handle); + +flush: + tpm2_flush_context(chip, blob_handle); out: tpm_put_ops(chip);