From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752463AbbLNO4g (ORCPT ); Mon, 14 Dec 2015 09:56:36 -0500 Received: from mga11.intel.com ([192.55.52.93]:63937 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751700AbbLNO4d (ORCPT ); Mon, 14 Dec 2015 09:56:33 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,427,1444719600"; d="scan'208";a="873276394" Date: Mon, 14 Dec 2015 16:56:27 +0200 From: Jarkko Sakkinen To: Mimi Zohar Cc: Peter Huewe , Marcel Selhorst , David Howells , Jonathan Corbet , David Safford , Jason Gunthorpe , James Morris , "Serge E. Hallyn" , "open list:KEYS-ENCRYPTED" , "open list:KEYS-ENCRYPTED" , "open list:DOCUMENTATION" , open list , "moderated list:TPM DEVICE DRIVER" Subject: Re: [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy Message-ID: <20151214145627.GB2237@intel.com> References: <1450021353-8775-1-git-send-email-jarkko.sakkinen@linux.intel.com> <1450021353-8775-4-git-send-email-jarkko.sakkinen@linux.intel.com> <1450100940.2702.44.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1450100940.2702.44.camel@linux.vnet.ibm.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 14, 2015 at 08:49:00AM -0500, Mimi Zohar wrote: > On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote: > > TPM2 supports authorization policies, which are essentially > > combinational logic statements repsenting the conditions where the data > > can be unsealed based on the TPM state. This patch enables to use > > authorization policies to seal trusted keys. > > > > Two following new options have been added for trusted keys: > > > > * 'policydigest=': provide an auth policy digest for sealing. > > * 'policyhandle=': provide a policy session handle for unsealing. > > > > If 'hash=' option is supplied after 'policydigest=' option, this > > will result an error because the state of the option would become > > mixed. > > > > Signed-off-by: Jarkko Sakkinen > > Tested-by: Colin Ian King > > --- > > Documentation/security/keys-trusted-encrypted.txt | 34 +++++++++++++---------- > > drivers/char/tpm/tpm2-cmd.c | 24 +++++++++++++--- > > include/keys/trusted-type.h | 4 +++ > > security/keys/trusted.c | 26 +++++++++++++++++ > > 4 files changed, 70 insertions(+), 18 deletions(-) > > > > diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt > > index fd2565b..324ddf5 100644 > > --- a/Documentation/security/keys-trusted-encrypted.txt > > +++ b/Documentation/security/keys-trusted-encrypted.txt > > @@ -27,20 +27,26 @@ Usage: > > keyctl print keyid > > > > options: > > - keyhandle= ascii hex value of sealing key default 0x40000000 (SRK) > > - keyauth= ascii hex auth for sealing key default 0x00...i > > - (40 ascii zeros) > > - blobauth= ascii hex auth for sealed data default 0x00... > > - (40 ascii zeros) > > - blobauth= ascii hex auth for sealed data default 0x00... > > - (40 ascii zeros) > > - pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default) > > - pcrlock= pcr number to be extended to "lock" blob > > - migratable= 0|1 indicating permission to reseal to new PCR values, > > - default 1 (resealing allowed) > > - hash= hash algorithm name as a string. For TPM 1.x the only > > - allowed value is sha1. For TPM 2.x the allowed values > > - are sha1, sha256, sha384, sha512 and sm3-256. > > + keyhandle= ascii hex value of sealing key default 0x40000000 (SRK) > > + keyauth= ascii hex auth for sealing key default 0x00...i > > + (40 ascii zeros) > > + blobauth= ascii hex auth for sealed data default 0x00... > > + (40 ascii zeros) > > + blobauth= ascii hex auth for sealed data default 0x00... > > + (40 ascii zeros) > > + pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default) > > + pcrlock= pcr number to be extended to "lock" blob > > + migratable= 0|1 indicating permission to reseal to new PCR values, > > + default 1 (resealing allowed) > > + hash= hash algorithm name as a string. For TPM 1.x the only > > + allowed value is sha1. For TPM 2.x the allowed values > > + are sha1, sha256, sha384, sha512 and sm3-256. > > + policydigest= digest for the authorization policy. must be calculated > > + with the same hash algorithm as specified by the 'hash=' > > + option. > > + policyhandle= handle to an authorization policy session that defines the > > + same policy and with the same hash algorithm as was used to > > + seal the key. > > > > "keyctl print" returns an ascii hex copy of the sealed key, which is in standard > > TPM_STORED_DATA format. The key length for new keys are always in bytes. > > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c > > index d9d0822..45a6340 100644 > > --- a/drivers/char/tpm/tpm2-cmd.c > > +++ b/drivers/char/tpm/tpm2-cmd.c > > @@ -478,12 +478,26 @@ int tpm2_seal_trusted(struct tpm_chip *chip, > > tpm_buf_append_u8(&buf, payload->migratable); > > > > /* public */ > > - tpm_buf_append_u16(&buf, 14); > > + if (options->policydigest) > > + tpm_buf_append_u16(&buf, 14 + options->digest_len); > > + else > > + tpm_buf_append_u16(&buf, 14); > > > > tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); > > tpm_buf_append_u16(&buf, hash); > > - tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); > > - tpm_buf_append_u16(&buf, 0); /* policy digest size */ > > + > > + /* policy */ > > + if (options->policydigest) { > > + tpm_buf_append_u32(&buf, 0); > > + tpm_buf_append_u16(&buf, options->digest_len); > > + tpm_buf_append(&buf, options->policydigest, > > + options->digest_len); > > + } else { > > + tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); > > + tpm_buf_append_u16(&buf, 0); > > + } > > + > > + /* public parameters */ > > tpm_buf_append_u16(&buf, TPM2_ALG_NULL); > > tpm_buf_append_u16(&buf, 0); > > > > @@ -613,7 +627,9 @@ static int tpm2_unseal(struct tpm_chip *chip, > > return rc; > > > > tpm_buf_append_u32(&buf, blob_handle); > > - tpm2_buf_append_auth(&buf, TPM2_RS_PW, > > + tpm2_buf_append_auth(&buf, > > + options->policyhandle ? > > + options->policyhandle : TPM2_RS_PW, > > NULL /* nonce */, 0, > > 0 /* session_attributes */, > > options->blobauth /* hmac */, > > diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h > > index a6a1008..42cf2d9 100644 > > --- a/include/keys/trusted-type.h > > +++ b/include/keys/trusted-type.h > > @@ -18,6 +18,7 @@ > > #define MAX_KEY_SIZE 128 > > #define MAX_BLOB_SIZE 512 > > #define MAX_PCRINFO_SIZE 64 > > +#define MAX_DIGEST_SIZE 64 > > > > struct trusted_key_payload { > > struct rcu_head rcu; > > @@ -37,6 +38,9 @@ struct trusted_key_options { > > unsigned char pcrinfo[MAX_PCRINFO_SIZE]; > > int pcrlock; > > uint32_t hash; > > + uint32_t digest_len; > > + unsigned char policydigest[MAX_DIGEST_SIZE]; > > + uint32_t policyhandle; > > }; > > > > extern struct key_type key_type_trusted; > > diff --git a/security/keys/trusted.c b/security/keys/trusted.c > > index 8f1300c..e15baf7 100644 > > --- a/security/keys/trusted.c > > +++ b/security/keys/trusted.c > > @@ -713,6 +713,8 @@ enum { > > Opt_keyhandle, Opt_keyauth, Opt_blobauth, > > Opt_pcrinfo, Opt_pcrlock, Opt_migratable, > > Opt_hash, > > + Opt_policydigest, > > + Opt_policyhandle, > > }; > > > > static const match_table_t key_tokens = { > > @@ -726,6 +728,8 @@ static const match_table_t key_tokens = { > > {Opt_pcrlock, "pcrlock=%s"}, > > {Opt_migratable, "migratable=%s"}, > > {Opt_hash, "hash=%s"}, > > + {Opt_policydigest, "policydigest=%s"}, > > + {Opt_policyhandle, "policyhandle=%s"}, > > {Opt_err, NULL} > > }; > > > > @@ -748,6 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay, > > return tpm2; > > > > opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1; > > + opt->digest_len = hash_digest_size[opt->hash]; > > > > while ((p = strsep(&c, " \t"))) { > > if (*p == '\0' || *p == ' ' || *p == '\t') > > @@ -802,9 +807,13 @@ static int getoptions(char *c, struct trusted_key_payload *pay, > > opt->pcrlock = lock; > > break; > > case Opt_hash: > > + if (test_bit(Opt_policydigest, &token_mask)) > > + return -EINVAL; > > Thanks! Definitely better than having the test at the end of the while > loop. Yup, retrospectively the previous version looked like a mess. This is now nicely localized change that cannot easily break the existing functionality. > Mimi /Jarkko > > > for (i = 0; i < HASH_ALGO__LAST; i++) { > > if (!strcmp(args[0].from, hash_algo_name[i])) { > > opt->hash = i; > > + opt->digest_len = > > + hash_digest_size[opt->hash]; > > break; > > } > > } > > @@ -815,6 +824,23 @@ static int getoptions(char *c, struct trusted_key_payload *pay, > > return -EINVAL; > > } > > break; > > + case Opt_policydigest: > > + if (!tpm2 || > > + strlen(args[0].from) != (2 * opt->digest_len)) > > + return -EINVAL; > > + res = hex2bin(opt->policydigest, args[0].from, > > + opt->digest_len); > > + if (res < 0) > > + return -EINVAL; > > + break; > > + case Opt_policyhandle: > > + if (!tpm2) > > + return -EINVAL; > > + res = kstrtoul(args[0].from, 16, &handle); > > + if (res < 0) > > + return -EINVAL; > > + opt->policyhandle = handle; > > + break; > > default: > > return -EINVAL; > > } > >