From patchwork Wed Oct 16 05:14:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 176416 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp6866585ill; Tue, 15 Oct 2019 22:15:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqyxZnsUyNvXleKFB58WtU02kU5xkBq3Wg50oS2AVP/Xa9iTLFkVq6TwXfXjOym+PiLg4pMO X-Received: by 2002:a05:6402:13cc:: with SMTP id a12mr16401002edx.162.1571202932234; Tue, 15 Oct 2019 22:15:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571202932; cv=none; d=google.com; s=arc-20160816; b=lmJQSrvzXR3k+Oj7ginFd6E1e9uPGqPHkklaQXGhu+bNZyH+H8EPsRZf7eoBQQl7zl D/Ho7w7GApECUiLA8LkBatYHMJKTj2JNEk7dkWln8jjCwhHK5vDL6JiEnzzp6q0HWkZ1 +ImVWs3DZXlDHHzr/C9+Ij1zK9N9HSNXh34Bh4FbEiKocjPvwz8ORLlAQcdbBmNZt56Z e0M2k/Lwb/mKzyjdZqNK6O6AD4D2YhBJ2Ao9r5zxv/NHMBSM+HMf6m3FDH/vsOZWMcNl aiZVNsdmIWhpGQAhjWgk7fJzPSxQmy9UtOnQj3o1BhXA8vYihtCUeSQGqi9xvQHiIfHv UVvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=ucr524PubIUeoyxQUnnL5Q//zujjntBJWHUxIzHERf0=; b=IW7hJ8WbbIRVqhGSsre5YZu7ks9zsxIUWOso2XgH/p6TbcIMhIIKpJNYtTSxlAf99Y tE7McG9msTaNFtKazKmhRjuOfglTRDNguU8tgvTLfRAJ4YAIfyB7xovofB0uhvYxBobq 0ioiyplpy04Jcyx6HS31nMaXvmtUNm4J/Kubm8ihvpLczOGZ567pb8zv4rjV7ECtlZxV GrRa9BKyb9wJYm6Ot6W+rSt7PFPCTXE1Xs1QNtBC9urlEFCIQJsAA0476O+IjqIwNIu6 OL9Bdl4KfH5qtSSKH9qrLd9yR0nlucfttEBaXVo28buql+QPfOOdieVZYDHm5b7ywx1J 4Cyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="rC/IwiVH"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ym1si15102989ejb.263.2019.10.15.22.15.32; Tue, 15 Oct 2019 22:15:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="rC/IwiVH"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728638AbfJPFP3 (ORCPT + 3 others); Wed, 16 Oct 2019 01:15:29 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:39842 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728523AbfJPFP3 (ORCPT ); Wed, 16 Oct 2019 01:15:29 -0400 Received: by mail-pf1-f194.google.com with SMTP id v4so13929814pff.6 for ; Tue, 15 Oct 2019 22:15:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ucr524PubIUeoyxQUnnL5Q//zujjntBJWHUxIzHERf0=; b=rC/IwiVHFPw48T2bd68tOe7YqIQfFm27wpmbFYkpJZcj8mEH4ZKEP8azd6OrzvVNHT UzMn5z21OIldsIx3901U+bBgMWEVn+FJrI4gjGB7ogXqee+HLvHnuH34Fpw8aP+/mopM qH9lJaYQNJns3s3aPZc9g7/4xQZSDK9HRVaBLvEB9/rV9ek47aamzrgpn1+JPQbcXqyS dr/wu4qOnIb27rPfVYwHuNYqf0CQKnCBUyRK9o/cvn4uijJl0e3VsxLWCS4OWwXx623Q akavkxB+uGtg7olPh+jIqgNfSjJGfLV+/X0xlmEY4ghGVV8Hg3uU1TBWBkrbU7wVb66o xwXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ucr524PubIUeoyxQUnnL5Q//zujjntBJWHUxIzHERf0=; b=qG+X0AD+WI2QbyHJAYVju3omFkvrhU7Gw0rq2Dmk4Vrqb7M9/d0IlxpwxDSAILjRFD cjBgI2Q0fv7mYaXOVtVHduOSlbYdpY5aEQakXwbOI0RW32s8i3ZZO5FGCpcSVmwEB9dm 2yzTBN1W0cZ6R9Ci1DMWnD2o9Dm/Tm7hfXPlMK7C6dAR7t/kCJj7u1cg+iouRMLXWh/V H6Q6SbqbW9FAJxmzrMFzVhgfImv0Z9ychKKgr++R0/r7hdRAbV0MrjWyBne/eUkQm+0z dm91Kz4wEfMKXdAx6Y5zg8IiHn1ZbfgcrtIqbHr8DSKhlkgEKBFcop415T8XKmJCv9vU e8+A== X-Gm-Message-State: APjAAAUDGYhMbinchrIBj3Lv9EGQNqGmsjUdSwIV/093pO/mHyYfQ5PU 7jthEdwMVzn7jT6Szgnhh6Y3EA== X-Received: by 2002:a62:870c:: with SMTP id i12mr42655922pfe.247.1571202928103; Tue, 15 Oct 2019 22:15:28 -0700 (PDT) Received: from localhost.localdomain ([117.252.65.194]) by smtp.gmail.com with ESMTPSA id r81sm953297pgr.17.2019.10.15.22.15.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 22:15:27 -0700 (PDT) From: Sumit Garg To: jarkko.sakkinen@linux.intel.com, dhowells@redhat.com, peterhuewe@gmx.de Cc: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org, linux-security-module@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net, jgg@ziepe.ca, arnd@arndb.de, gregkh@linuxfoundation.org, jejb@linux.ibm.com, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, jsnitsel@redhat.com, linux-kernel@vger.kernel.org, daniel.thompson@linaro.org, Sumit Garg Subject: [Patch v8 1/4] tpm: Move tpm_buf code to include/linux/ Date: Wed, 16 Oct 2019 10:44:52 +0530 Message-Id: <1571202895-32651-2-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571202895-32651-1-git-send-email-sumit.garg@linaro.org> References: <1571202895-32651-1-git-send-email-sumit.garg@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move tpm_buf code to common include/linux/tpm.h header so that it can be reused via other subsystems like trusted keys etc. Also rename trusted keys and asymmetric keys usage of TPM 1.x buffer implementation to tpm1_buf to avoid any compilation errors. Suggested-by: Jarkko Sakkinen Signed-off-by: Sumit Garg Reviewed-by: Jarkko Sakkinen Reviewed-by: Jerry Snitselaar --- crypto/asymmetric_keys/asym_tpm.c | 12 +-- drivers/char/tpm/tpm.h | 212 -------------------------------------- include/keys/trusted.h | 12 +-- include/linux/tpm.h | 212 ++++++++++++++++++++++++++++++++++++++ security/keys/trusted.c | 12 +-- 5 files changed, 230 insertions(+), 230 deletions(-) -- 2.7.4 diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c index 76d2ce3..b88968d 100644 --- a/crypto/asymmetric_keys/asym_tpm.c +++ b/crypto/asymmetric_keys/asym_tpm.c @@ -31,7 +31,7 @@ /* * Load a TPM key from the blob provided by userspace */ -static int tpm_loadkey2(struct tpm_buf *tb, +static int tpm_loadkey2(struct tpm1_buf *tb, uint32_t keyhandle, unsigned char *keyauth, const unsigned char *keyblob, int keybloblen, uint32_t *newhandle) @@ -99,7 +99,7 @@ static int tpm_loadkey2(struct tpm_buf *tb, /* * Execute the FlushSpecific TPM command */ -static int tpm_flushspecific(struct tpm_buf *tb, uint32_t handle) +static int tpm_flushspecific(struct tpm1_buf *tb, uint32_t handle) { INIT_BUF(tb); store16(tb, TPM_TAG_RQU_COMMAND); @@ -115,7 +115,7 @@ static int tpm_flushspecific(struct tpm_buf *tb, uint32_t handle) * Decrypt a blob provided by userspace using a specific key handle. * The handle is a well known handle or previously loaded by e.g. LoadKey2 */ -static int tpm_unbind(struct tpm_buf *tb, +static int tpm_unbind(struct tpm1_buf *tb, uint32_t keyhandle, unsigned char *keyauth, const unsigned char *blob, uint32_t bloblen, void *out, uint32_t outlen) @@ -201,7 +201,7 @@ static int tpm_unbind(struct tpm_buf *tb, * up to key_length_in_bytes - 11 and not be limited to size 20 like the * TPM_SS_RSASSAPKCS1v15_SHA1 signature scheme. */ -static int tpm_sign(struct tpm_buf *tb, +static int tpm_sign(struct tpm1_buf *tb, uint32_t keyhandle, unsigned char *keyauth, const unsigned char *blob, uint32_t bloblen, void *out, uint32_t outlen) @@ -519,7 +519,7 @@ static int tpm_key_decrypt(struct tpm_key *tk, struct kernel_pkey_params *params, const void *in, void *out) { - struct tpm_buf *tb; + struct tpm1_buf *tb; uint32_t keyhandle; uint8_t srkauth[SHA1_DIGEST_SIZE]; uint8_t keyauth[SHA1_DIGEST_SIZE]; @@ -643,7 +643,7 @@ static int tpm_key_sign(struct tpm_key *tk, struct kernel_pkey_params *params, const void *in, void *out) { - struct tpm_buf *tb; + struct tpm1_buf *tb; uint32_t keyhandle; uint8_t srkauth[SHA1_DIGEST_SIZE]; uint8_t keyauth[SHA1_DIGEST_SIZE]; diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 0d1fd37..b174cf4 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -25,7 +25,6 @@ #include #include #include -#include #include #ifdef CONFIG_X86 @@ -58,124 +57,6 @@ enum tpm_addr { #define TPM_ERR_DISABLED 0x7 #define TPM_ERR_INVALID_POSTINIT 38 -#define TPM_HEADER_SIZE 10 - -enum tpm2_const { - TPM2_PLATFORM_PCR = 24, - TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8), -}; - -enum tpm2_timeouts { - TPM2_TIMEOUT_A = 750, - TPM2_TIMEOUT_B = 2000, - TPM2_TIMEOUT_C = 200, - TPM2_TIMEOUT_D = 30, - TPM2_DURATION_SHORT = 20, - TPM2_DURATION_MEDIUM = 750, - TPM2_DURATION_LONG = 2000, - TPM2_DURATION_LONG_LONG = 300000, - TPM2_DURATION_DEFAULT = 120000, -}; - -enum tpm2_structures { - TPM2_ST_NO_SESSIONS = 0x8001, - TPM2_ST_SESSIONS = 0x8002, -}; - -/* Indicates from what layer of the software stack the error comes from */ -#define TSS2_RC_LAYER_SHIFT 16 -#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT) - -enum tpm2_return_codes { - TPM2_RC_SUCCESS = 0x0000, - TPM2_RC_HASH = 0x0083, /* RC_FMT1 */ - TPM2_RC_HANDLE = 0x008B, - TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */ - TPM2_RC_FAILURE = 0x0101, - TPM2_RC_DISABLED = 0x0120, - TPM2_RC_COMMAND_CODE = 0x0143, - TPM2_RC_TESTING = 0x090A, /* RC_WARN */ - TPM2_RC_REFERENCE_H0 = 0x0910, - TPM2_RC_RETRY = 0x0922, -}; - -enum tpm2_command_codes { - TPM2_CC_FIRST = 0x011F, - TPM2_CC_HIERARCHY_CONTROL = 0x0121, - TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129, - TPM2_CC_CREATE_PRIMARY = 0x0131, - TPM2_CC_SEQUENCE_COMPLETE = 0x013E, - TPM2_CC_SELF_TEST = 0x0143, - TPM2_CC_STARTUP = 0x0144, - TPM2_CC_SHUTDOWN = 0x0145, - TPM2_CC_NV_READ = 0x014E, - TPM2_CC_CREATE = 0x0153, - TPM2_CC_LOAD = 0x0157, - TPM2_CC_SEQUENCE_UPDATE = 0x015C, - TPM2_CC_UNSEAL = 0x015E, - TPM2_CC_CONTEXT_LOAD = 0x0161, - TPM2_CC_CONTEXT_SAVE = 0x0162, - TPM2_CC_FLUSH_CONTEXT = 0x0165, - TPM2_CC_VERIFY_SIGNATURE = 0x0177, - TPM2_CC_GET_CAPABILITY = 0x017A, - TPM2_CC_GET_RANDOM = 0x017B, - TPM2_CC_PCR_READ = 0x017E, - TPM2_CC_PCR_EXTEND = 0x0182, - TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185, - TPM2_CC_HASH_SEQUENCE_START = 0x0186, - TPM2_CC_CREATE_LOADED = 0x0191, - TPM2_CC_LAST = 0x0193, /* Spec 1.36 */ -}; - -enum tpm2_permanent_handles { - TPM2_RS_PW = 0x40000009, -}; - -enum tpm2_capabilities { - TPM2_CAP_HANDLES = 1, - TPM2_CAP_COMMANDS = 2, - TPM2_CAP_PCRS = 5, - TPM2_CAP_TPM_PROPERTIES = 6, -}; - -enum tpm2_properties { - TPM_PT_TOTAL_COMMANDS = 0x0129, -}; - -enum tpm2_startup_types { - TPM2_SU_CLEAR = 0x0000, - TPM2_SU_STATE = 0x0001, -}; - -enum tpm2_cc_attrs { - TPM2_CC_ATTR_CHANDLES = 25, - TPM2_CC_ATTR_RHANDLE = 28, -}; - -#define TPM_VID_INTEL 0x8086 -#define TPM_VID_WINBOND 0x1050 -#define TPM_VID_STM 0x104A - -enum tpm_chip_flags { - TPM_CHIP_FLAG_TPM2 = BIT(1), - TPM_CHIP_FLAG_IRQ = BIT(2), - TPM_CHIP_FLAG_VIRTUAL = BIT(3), - TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(4), - TPM_CHIP_FLAG_ALWAYS_POWERED = BIT(5), - TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED = BIT(6), -}; - -#define to_tpm_chip(d) container_of(d, struct tpm_chip, dev) - -struct tpm_header { - __be16 tag; - __be32 length; - union { - __be32 ordinal; - __be32 return_code; - }; -} __packed; - #define TPM_TAG_RQU_COMMAND 193 struct stclear_flags_t { @@ -272,99 +153,6 @@ enum tpm_sub_capabilities { * compiler warnings about stack frame size. */ #define TPM_MAX_RNG_DATA 128 -/* A string buffer type for constructing TPM commands. This is based on the - * ideas of string buffer code in security/keys/trusted.h but is heap based - * in order to keep the stack usage minimal. - */ - -enum tpm_buf_flags { - TPM_BUF_OVERFLOW = BIT(0), -}; - -struct tpm_buf { - unsigned int flags; - u8 *data; -}; - -static inline void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - - head->tag = cpu_to_be16(tag); - head->length = cpu_to_be32(sizeof(*head)); - head->ordinal = cpu_to_be32(ordinal); -} - -static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) -{ - buf->data = (u8 *)__get_free_page(GFP_KERNEL); - if (!buf->data) - return -ENOMEM; - - buf->flags = 0; - tpm_buf_reset(buf, tag, ordinal); - return 0; -} - -static inline void tpm_buf_destroy(struct tpm_buf *buf) -{ - free_page((unsigned long)buf->data); -} - -static inline u32 tpm_buf_length(struct tpm_buf *buf) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - - return be32_to_cpu(head->length); -} - -static inline u16 tpm_buf_tag(struct tpm_buf *buf) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - - return be16_to_cpu(head->tag); -} - -static inline void tpm_buf_append(struct tpm_buf *buf, - const unsigned char *new_data, - unsigned int new_len) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - u32 len = tpm_buf_length(buf); - - /* Return silently if overflow has already happened. */ - if (buf->flags & TPM_BUF_OVERFLOW) - return; - - if ((len + new_len) > PAGE_SIZE) { - WARN(1, "tpm_buf: overflow\n"); - buf->flags |= TPM_BUF_OVERFLOW; - return; - } - - memcpy(&buf->data[len], new_data, new_len); - head->length = cpu_to_be32(len + new_len); -} - -static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value) -{ - tpm_buf_append(buf, &value, 1); -} - -static inline void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value) -{ - __be16 value2 = cpu_to_be16(value); - - tpm_buf_append(buf, (u8 *) &value2, 2); -} - -static inline void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) -{ - __be32 value2 = cpu_to_be32(value); - - tpm_buf_append(buf, (u8 *) &value2, 4); -} - extern struct class *tpm_class; extern struct class *tpmrm_class; extern dev_t tpm_devt; diff --git a/include/keys/trusted.h b/include/keys/trusted.h index 0071298..841ae11 100644 --- a/include/keys/trusted.h +++ b/include/keys/trusted.h @@ -17,7 +17,7 @@ #define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset]) #define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset])) -struct tpm_buf { +struct tpm1_buf { int len; unsigned char data[MAX_BUF_SIZE]; }; @@ -46,7 +46,7 @@ int TSS_checkhmac1(unsigned char *buffer, unsigned int keylen, ...); int trusted_tpm_send(unsigned char *cmd, size_t buflen); -int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce); +int oiap(struct tpm1_buf *tb, uint32_t *handle, unsigned char *nonce); #define TPM_DEBUG 0 @@ -110,24 +110,24 @@ static inline void dump_tpm_buf(unsigned char *buf) } #endif -static inline void store8(struct tpm_buf *buf, const unsigned char value) +static inline void store8(struct tpm1_buf *buf, const unsigned char value) { buf->data[buf->len++] = value; } -static inline void store16(struct tpm_buf *buf, const uint16_t value) +static inline void store16(struct tpm1_buf *buf, const uint16_t value) { *(uint16_t *) & buf->data[buf->len] = htons(value); buf->len += sizeof value; } -static inline void store32(struct tpm_buf *buf, const uint32_t value) +static inline void store32(struct tpm1_buf *buf, const uint32_t value) { *(uint32_t *) & buf->data[buf->len] = htonl(value); buf->len += sizeof value; } -static inline void storebytes(struct tpm_buf *buf, const unsigned char *in, +static inline void storebytes(struct tpm1_buf *buf, const unsigned char *in, const int len) { memcpy(buf->data + buf->len, in, len); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index bb1d1ac..c78119f 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -21,6 +21,7 @@ #include #include #include +#include #include #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ @@ -163,6 +164,217 @@ struct tpm_chip { int locality; }; +#define TPM_HEADER_SIZE 10 + +enum tpm2_const { + TPM2_PLATFORM_PCR = 24, + TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8), +}; + +enum tpm2_timeouts { + TPM2_TIMEOUT_A = 750, + TPM2_TIMEOUT_B = 2000, + TPM2_TIMEOUT_C = 200, + TPM2_TIMEOUT_D = 30, + TPM2_DURATION_SHORT = 20, + TPM2_DURATION_MEDIUM = 750, + TPM2_DURATION_LONG = 2000, + TPM2_DURATION_LONG_LONG = 300000, + TPM2_DURATION_DEFAULT = 120000, +}; + +enum tpm2_structures { + TPM2_ST_NO_SESSIONS = 0x8001, + TPM2_ST_SESSIONS = 0x8002, +}; + +/* Indicates from what layer of the software stack the error comes from */ +#define TSS2_RC_LAYER_SHIFT 16 +#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT) + +enum tpm2_return_codes { + TPM2_RC_SUCCESS = 0x0000, + TPM2_RC_HASH = 0x0083, /* RC_FMT1 */ + TPM2_RC_HANDLE = 0x008B, + TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */ + TPM2_RC_FAILURE = 0x0101, + TPM2_RC_DISABLED = 0x0120, + TPM2_RC_COMMAND_CODE = 0x0143, + TPM2_RC_TESTING = 0x090A, /* RC_WARN */ + TPM2_RC_REFERENCE_H0 = 0x0910, + TPM2_RC_RETRY = 0x0922, +}; + +enum tpm2_command_codes { + TPM2_CC_FIRST = 0x011F, + TPM2_CC_HIERARCHY_CONTROL = 0x0121, + TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129, + TPM2_CC_CREATE_PRIMARY = 0x0131, + TPM2_CC_SEQUENCE_COMPLETE = 0x013E, + TPM2_CC_SELF_TEST = 0x0143, + TPM2_CC_STARTUP = 0x0144, + TPM2_CC_SHUTDOWN = 0x0145, + TPM2_CC_NV_READ = 0x014E, + TPM2_CC_CREATE = 0x0153, + TPM2_CC_LOAD = 0x0157, + TPM2_CC_SEQUENCE_UPDATE = 0x015C, + TPM2_CC_UNSEAL = 0x015E, + TPM2_CC_CONTEXT_LOAD = 0x0161, + TPM2_CC_CONTEXT_SAVE = 0x0162, + TPM2_CC_FLUSH_CONTEXT = 0x0165, + TPM2_CC_VERIFY_SIGNATURE = 0x0177, + TPM2_CC_GET_CAPABILITY = 0x017A, + TPM2_CC_GET_RANDOM = 0x017B, + TPM2_CC_PCR_READ = 0x017E, + TPM2_CC_PCR_EXTEND = 0x0182, + TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185, + TPM2_CC_HASH_SEQUENCE_START = 0x0186, + TPM2_CC_CREATE_LOADED = 0x0191, + TPM2_CC_LAST = 0x0193, /* Spec 1.36 */ +}; + +enum tpm2_permanent_handles { + TPM2_RS_PW = 0x40000009, +}; + +enum tpm2_capabilities { + TPM2_CAP_HANDLES = 1, + TPM2_CAP_COMMANDS = 2, + TPM2_CAP_PCRS = 5, + TPM2_CAP_TPM_PROPERTIES = 6, +}; + +enum tpm2_properties { + TPM_PT_TOTAL_COMMANDS = 0x0129, +}; + +enum tpm2_startup_types { + TPM2_SU_CLEAR = 0x0000, + TPM2_SU_STATE = 0x0001, +}; + +enum tpm2_cc_attrs { + TPM2_CC_ATTR_CHANDLES = 25, + TPM2_CC_ATTR_RHANDLE = 28, +}; + +#define TPM_VID_INTEL 0x8086 +#define TPM_VID_WINBOND 0x1050 +#define TPM_VID_STM 0x104A + +enum tpm_chip_flags { + TPM_CHIP_FLAG_TPM2 = BIT(1), + TPM_CHIP_FLAG_IRQ = BIT(2), + TPM_CHIP_FLAG_VIRTUAL = BIT(3), + TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(4), + TPM_CHIP_FLAG_ALWAYS_POWERED = BIT(5), + TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED = BIT(6), +}; + +#define to_tpm_chip(d) container_of(d, struct tpm_chip, dev) + +struct tpm_header { + __be16 tag; + __be32 length; + union { + __be32 ordinal; + __be32 return_code; + }; +} __packed; + +/* A string buffer type for constructing TPM commands. This is based on the + * ideas of string buffer code in security/keys/trusted.h but is heap based + * in order to keep the stack usage minimal. + */ + +enum tpm_buf_flags { + TPM_BUF_OVERFLOW = BIT(0), +}; + +struct tpm_buf { + unsigned int flags; + u8 *data; +}; + +static inline void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + + head->tag = cpu_to_be16(tag); + head->length = cpu_to_be32(sizeof(*head)); + head->ordinal = cpu_to_be32(ordinal); +} + +static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) +{ + buf->data = (u8 *)__get_free_page(GFP_KERNEL); + if (!buf->data) + return -ENOMEM; + + buf->flags = 0; + tpm_buf_reset(buf, tag, ordinal); + return 0; +} + +static inline void tpm_buf_destroy(struct tpm_buf *buf) +{ + free_page((unsigned long)buf->data); +} + +static inline u32 tpm_buf_length(struct tpm_buf *buf) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + + return be32_to_cpu(head->length); +} + +static inline u16 tpm_buf_tag(struct tpm_buf *buf) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + + return be16_to_cpu(head->tag); +} + +static inline void tpm_buf_append(struct tpm_buf *buf, + const unsigned char *new_data, + unsigned int new_len) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + u32 len = tpm_buf_length(buf); + + /* Return silently if overflow has already happened. */ + if (buf->flags & TPM_BUF_OVERFLOW) + return; + + if ((len + new_len) > PAGE_SIZE) { + WARN(1, "tpm_buf: overflow\n"); + buf->flags |= TPM_BUF_OVERFLOW; + return; + } + + memcpy(&buf->data[len], new_data, new_len); + head->length = cpu_to_be32(len + new_len); +} + +static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value) +{ + tpm_buf_append(buf, &value, 1); +} + +static inline void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value) +{ + __be16 value2 = cpu_to_be16(value); + + tpm_buf_append(buf, (u8 *) &value2, 2); +} + +static inline void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) +{ + __be32 value2 = cpu_to_be32(value); + + tpm_buf_append(buf, (u8 *) &value2, 4); +} + #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) extern int tpm_is_tpm2(struct tpm_chip *chip); diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 1fbd778..4cfae208 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -395,7 +395,7 @@ static int pcrlock(const int pcrnum) /* * Create an object specific authorisation protocol (OSAP) session */ -static int osap(struct tpm_buf *tb, struct osapsess *s, +static int osap(struct tpm1_buf *tb, struct osapsess *s, const unsigned char *key, uint16_t type, uint32_t handle) { unsigned char enonce[TPM_NONCE_SIZE]; @@ -430,7 +430,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s, /* * Create an object independent authorisation protocol (oiap) session */ -int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) +int oiap(struct tpm1_buf *tb, uint32_t *handle, unsigned char *nonce) { int ret; @@ -464,7 +464,7 @@ struct tpm_digests { * Have the TPM seal(encrypt) the trusted key, possibly based on * Platform Configuration Registers (PCRs). AUTH1 for sealing key. */ -static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, +static int tpm_seal(struct tpm1_buf *tb, uint16_t keytype, uint32_t keyhandle, const unsigned char *keyauth, const unsigned char *data, uint32_t datalen, unsigned char *blob, uint32_t *bloblen, @@ -579,7 +579,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, /* * use the AUTH2_COMMAND form of unseal, to authorize both key and blob */ -static int tpm_unseal(struct tpm_buf *tb, +static int tpm_unseal(struct tpm1_buf *tb, uint32_t keyhandle, const unsigned char *keyauth, const unsigned char *blob, int bloblen, const unsigned char *blobauth, @@ -670,7 +670,7 @@ static int tpm_unseal(struct tpm_buf *tb, static int key_seal(struct trusted_key_payload *p, struct trusted_key_options *o) { - struct tpm_buf *tb; + struct tpm1_buf *tb; int ret; tb = kzalloc(sizeof *tb, GFP_KERNEL); @@ -696,7 +696,7 @@ static int key_seal(struct trusted_key_payload *p, static int key_unseal(struct trusted_key_payload *p, struct trusted_key_options *o) { - struct tpm_buf *tb; + struct tpm1_buf *tb; int ret; tb = kzalloc(sizeof *tb, GFP_KERNEL); From patchwork Wed Oct 16 05:14:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 176418 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp6866805ill; Tue, 15 Oct 2019 22:15:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqw60ItBPs5LNe45QDSbE/JjE5vMgSLPMDDXqFWEG+eOjyOK1aaKAPRnK1uJ2SAG3lAiXQ/P X-Received: by 2002:aa7:cd06:: with SMTP id b6mr38519881edw.58.1571202947431; Tue, 15 Oct 2019 22:15:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571202947; cv=none; d=google.com; s=arc-20160816; b=zCAT8zKdyJFqjcVv6tmflezfoKfluON3sxjOwJ6iiV4HWSkwUekjAFojM7ju9KNcDc 58XtA6/1Ttvtjp98etoNqWsTJg612ieYTVAb6AR/Fti51U0gnd09blzTPkknShyi5ZKB zhvfIXgjBNZvVXtpPhHS9EPGeE6NEV2YkMSU+dsLK5AVRv3sMsLsUJmTyTFi0gRYXdsY e9s3EIMA0yj43wOBEIbZTZ9mIKliNyDR9HxE1EH5LkyTrgCwvi+bUoMPAlfVlaEcBmv7 dSHkHN439umUfrUQV3dB0+T1XCZ99Z5lfalGbwief6q3Mb6XkoFca0ZhduAHndWEHppC FExQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=81Smj8hEjVGZHa4t6tbqbgnCLHuFdqzlQro1oH/HrWE=; b=Myp8V79837pWcsD3UbotAfvwLaVrCXrdwwudCKcdLmOfT0Q4cSPVN5DW1yPBVd0+dD dCVVmZTPtq2WKEcdgodEV/gQVeqcYj1g6jpBAZERXurX62iXzMMJeXb50T2bEQp8RhQ+ Srh1ihVJLjttHbMIzyse3QEzLpyI1aDyRxpEB0LX41UxD/7pQ8wH2kUyeboyDWmkETfj zJg1wThnSJjwt21v6tdgayT54HHN6sVkM/nb2+I7ILZOKJZSr080XLmdzAp1+Qj1tgMc 8INjtaW3aOAcJZ9kNBBXjN6zheDCRdBHnBJ30x2o1gkKjNbZWJwIVFcqcbuK4J1oMXTQ MPJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=p4Ig7iBt; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v53si15935701edc.378.2019.10.15.22.15.47; Tue, 15 Oct 2019 22:15:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=p4Ig7iBt; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729828AbfJPFPq (ORCPT + 3 others); Wed, 16 Oct 2019 01:15:46 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:38596 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728716AbfJPFPq (ORCPT ); Wed, 16 Oct 2019 01:15:46 -0400 Received: by mail-pf1-f193.google.com with SMTP id h195so13933340pfe.5 for ; Tue, 15 Oct 2019 22:15:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=81Smj8hEjVGZHa4t6tbqbgnCLHuFdqzlQro1oH/HrWE=; b=p4Ig7iBtTIMZ2SD7LG2ZW/fu2F7wrhTzaHthC+pSAall4UQ8iBGLk8VCtUZiRfCnZc WIae2/c4XoJ6RsHbLednBKAj/q6WbJUGQ0iXZagl0Ms6ExVYY3RyECLPRbmcGdM4FYcZ hKfkNVQls9ec4KxhItqNWecDsF0keruuNjY0PvUGrwFgBmL5CCByu68JxHfp08ECHLga WL+BS7yNKCQ6QYoCXi0IhvAfNl4JQovYZ1Vfev3vd2F8FvkkPgur1Bd33tz0MFIKuZOc 4xm6yJUaADcsK3eWAyJJc8fFWkBQ9A2zTLHIHdjTrzJiEzPJ8D9ZoyPEzih/hsSilalR Mm2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=81Smj8hEjVGZHa4t6tbqbgnCLHuFdqzlQro1oH/HrWE=; b=tLw9RCAMiUyRiIXRWtzSR59zi5kZ7ZJEKkG4FkVxe9RDErCWzIXQ2iLrkZMdcAtiJI EH2CBRXLpgs+d4M+CInSzAV9mAMuI7Bn9Tz/E14O5g1BuITVcf+nY0nMZu0as/FNlCdh O1P3WTA9hRMp3X58SXOvkzuBfbdEsymFESL+3IOrLeyKZbV3OuzxA6BLdd9NJ1mGeyve IRxP7ZBqW4bqIw1j+VcEGadlRAfpl5hpyCcyFXefqVn9kwMcFC6Ehgl322pNNJqqSjzQ NMy2Lr/QnXsuhHOGAkcKsjf438aHm2GzBj7Is3SKRiPgJemVaAkgor6IFYY5E/7ilXR+ KZ8g== X-Gm-Message-State: APjAAAWLLXmnJB5XIqasM8yFoCrT33iOFFmyxGl5JahB7xd9qAG0Qq4g iXN3UdSWy4UNI8/KBLnb+aPytA== X-Received: by 2002:a63:5c52:: with SMTP id n18mr2112914pgm.354.1571202944725; Tue, 15 Oct 2019 22:15:44 -0700 (PDT) Received: from localhost.localdomain ([117.252.65.194]) by smtp.gmail.com with ESMTPSA id r81sm953297pgr.17.2019.10.15.22.15.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 22:15:43 -0700 (PDT) From: Sumit Garg To: jarkko.sakkinen@linux.intel.com, dhowells@redhat.com, peterhuewe@gmx.de Cc: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org, linux-security-module@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net, jgg@ziepe.ca, arnd@arndb.de, gregkh@linuxfoundation.org, jejb@linux.ibm.com, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, jsnitsel@redhat.com, linux-kernel@vger.kernel.org, daniel.thompson@linaro.org, Sumit Garg Subject: [Patch v8 3/4] KEYS: trusted: Create trusted keys subsystem Date: Wed, 16 Oct 2019 10:44:54 +0530 Message-Id: <1571202895-32651-4-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571202895-32651-1-git-send-email-sumit.garg@linaro.org> References: <1571202895-32651-1-git-send-email-sumit.garg@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move existing code to trusted keys subsystem. Also, rename files with "tpm" as suffix which provides the underlying implementation. Suggested-by: Jarkko Sakkinen Signed-off-by: Sumit Garg Reviewed-by: Jarkko Sakkinen --- crypto/asymmetric_keys/asym_tpm.c | 2 +- include/Kbuild | 1 - include/keys/{trusted.h => trusted_tpm.h} | 7 +++++-- security/keys/Makefile | 2 +- security/keys/trusted-keys/Makefile | 7 +++++++ security/keys/{trusted.c => trusted-keys/trusted_tpm1.c} | 2 +- 6 files changed, 15 insertions(+), 6 deletions(-) rename include/keys/{trusted.h => trusted_tpm.h} (96%) create mode 100644 security/keys/trusted-keys/Makefile rename security/keys/{trusted.c => trusted-keys/trusted_tpm1.c} (99%) -- 2.7.4 diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c index a2b2a61..d16d893 100644 --- a/crypto/asymmetric_keys/asym_tpm.c +++ b/crypto/asymmetric_keys/asym_tpm.c @@ -13,7 +13,7 @@ #include #include #include -#include +#include #include #include diff --git a/include/Kbuild b/include/Kbuild index ffba794..6f9ec5a 100644 --- a/include/Kbuild +++ b/include/Kbuild @@ -65,7 +65,6 @@ header-test- += keys/asymmetric-subtype.h header-test- += keys/asymmetric-type.h header-test- += keys/big_key-type.h header-test- += keys/request_key_auth-type.h -header-test- += keys/trusted.h header-test- += kvm/arm_arch_timer.h header-test- += kvm/arm_pmu.h header-test-$(CONFIG_ARM) += kvm/arm_psci.h diff --git a/include/keys/trusted.h b/include/keys/trusted_tpm.h similarity index 96% rename from include/keys/trusted.h rename to include/keys/trusted_tpm.h index 29e3e9b..7b9d7b4 100644 --- a/include/keys/trusted.h +++ b/include/keys/trusted_tpm.h @@ -1,6 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 */ -#ifndef __TRUSTED_KEY_H -#define __TRUSTED_KEY_H +#ifndef __TRUSTED_TPM_H +#define __TRUSTED_TPM_H + +#include +#include /* implementation specific TPM constants */ #define MAX_BUF_SIZE 1024 diff --git a/security/keys/Makefile b/security/keys/Makefile index 9cef540..074f275 100644 --- a/security/keys/Makefile +++ b/security/keys/Makefile @@ -28,5 +28,5 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += keyctl_pkey.o # Key types # obj-$(CONFIG_BIG_KEYS) += big_key.o -obj-$(CONFIG_TRUSTED_KEYS) += trusted.o +obj-$(CONFIG_TRUSTED_KEYS) += trusted-keys/ obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile new file mode 100644 index 0000000..1a24680 --- /dev/null +++ b/security/keys/trusted-keys/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Makefile for trusted keys +# + +obj-$(CONFIG_TRUSTED_KEYS) += trusted.o +trusted-y += trusted_tpm1.o diff --git a/security/keys/trusted.c b/security/keys/trusted-keys/trusted_tpm1.c similarity index 99% rename from security/keys/trusted.c rename to security/keys/trusted-keys/trusted_tpm1.c index 7071011..e3155fd 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -27,7 +27,7 @@ #include #include -#include +#include static const char hmac_alg[] = "hmac(sha1)"; static const char hash_alg[] = "sha1";