From: Evan Green <evgreen@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: corbet@lwn.net, linux-integrity@vger.kernel.org,
Eric Biggers <ebiggers@kernel.org>,
gwendal@chromium.org, dianders@chromium.org,
apronin@chromium.org, Pavel Machek <pavel@ucw.cz>,
Ben Boeckel <me@benboeckel.net>,
rjw@rjwysocki.net, jejb@linux.ibm.com,
Kees Cook <keescook@chromium.org>,
dlunev@google.com, zohar@linux.ibm.com,
Matthew Garrett <mgarrett@aurora.tech>,
jarkko@kernel.org, linux-pm@vger.kernel.org,
Evan Green <evgreen@chromium.org>,
Matthew Garrett <mjg59@google.com>,
David Howells <dhowells@redhat.com>,
James Morris <jmorris@namei.org>,
Paul Moore <paul@paul-moore.com>,
"Serge E. Hallyn" <serge@hallyn.com>, axelj <axelj@axis.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: [PATCH v5 06/11] security: keys: trusted: Verify creation data
Date: Fri, 11 Nov 2022 15:16:31 -0800 [thread overview]
Message-ID: <20221111151451.v5.6.I6cdb522cb5ea28fcd1e35b4cd92cbd067f99269a@changeid> (raw)
In-Reply-To: <20221111231636.3748636-1-evgreen@chromium.org>
If a loaded key contains creation data, ask the TPM to verify that
creation data. This allows users like encrypted hibernate to know that
the loaded and parsed creation data has not been tampered with.
Suggested-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
Source material for this change is at:
https://patchwork.kernel.org/project/linux-pm/patch/20210220013255.1083202-9-matthewgarrett@google.com/
(no changes since v3)
Changes in v3:
- Changed funky tag to suggested-by (Kees). Matthew, holler if you want
something different.
Changes in v2:
- Adjust hash len by 2 due to new ASN.1 storage, and add underflow
check.
include/linux/tpm.h | 1 +
security/keys/trusted-keys/trusted_tpm2.c | 77 ++++++++++++++++++++++-
2 files changed, 77 insertions(+), 1 deletion(-)
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 70134e6551745f..9c2ee3e30ffa5d 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -224,6 +224,7 @@ enum tpm2_command_codes {
TPM2_CC_SELF_TEST = 0x0143,
TPM2_CC_STARTUP = 0x0144,
TPM2_CC_SHUTDOWN = 0x0145,
+ TPM2_CC_CERTIFYCREATION = 0x014A,
TPM2_CC_NV_READ = 0x014E,
TPM2_CC_CREATE = 0x0153,
TPM2_CC_LOAD = 0x0157,
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 3d84c3d41bdee1..402933f8c99ede 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -730,6 +730,74 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
return rc;
}
+/**
+ * tpm2_certify_creation() - execute a TPM2_CertifyCreation command
+ *
+ * @chip: TPM chip to use
+ * @payload: the key data in clear and encrypted form
+ * @blob_handle: the loaded TPM handle of the key
+ *
+ * Return: 0 on success
+ * -EINVAL on tpm error status
+ * < 0 error from tpm_send or tpm_buf_init
+ */
+static int tpm2_certify_creation(struct tpm_chip *chip,
+ struct trusted_key_payload *payload,
+ u32 blob_handle)
+{
+ struct tpm_header *head;
+ struct tpm_buf buf;
+ int rc;
+
+ rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CERTIFYCREATION);
+ if (rc)
+ return rc;
+
+ /* Use TPM_RH_NULL for signHandle */
+ tpm_buf_append_u32(&buf, 0x40000007);
+
+ /* Object handle */
+ tpm_buf_append_u32(&buf, blob_handle);
+
+ /* Auth */
+ tpm_buf_append_u32(&buf, 9);
+ tpm_buf_append_u32(&buf, TPM2_RS_PW);
+ tpm_buf_append_u16(&buf, 0);
+ tpm_buf_append_u8(&buf, 0);
+ tpm_buf_append_u16(&buf, 0);
+
+ /* Qualifying data */
+ tpm_buf_append_u16(&buf, 0);
+
+ /* Creation data hash */
+ if (payload->creation_hash_len < 2) {
+ rc = -EINVAL;
+ goto out;
+ }
+
+ tpm_buf_append_u16(&buf, payload->creation_hash_len - 2);
+ tpm_buf_append(&buf, payload->creation_hash + 2,
+ payload->creation_hash_len - 2);
+
+ /* signature scheme */
+ tpm_buf_append_u16(&buf, TPM_ALG_NULL);
+
+ /* creation ticket */
+ tpm_buf_append(&buf, payload->tk, payload->tk_len);
+
+ rc = tpm_transmit_cmd(chip, &buf, 6, "certifying creation data");
+ if (rc)
+ goto out;
+
+ head = (struct tpm_header *)buf.data;
+
+ if (be32_to_cpu(head->return_code) != TPM2_RC_SUCCESS)
+ rc = -EINVAL;
+out:
+ tpm_buf_destroy(&buf);
+ return rc;
+}
+
/**
* tpm2_unseal_trusted() - unseal the payload of a trusted key
*
@@ -755,8 +823,15 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
goto out;
rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
- tpm2_flush_context(chip, blob_handle);
+ if (rc)
+ goto flush;
+
+ if (payload->creation_len)
+ rc = tpm2_certify_creation(chip, payload, blob_handle);
+
+flush:
+ tpm2_flush_context(chip, blob_handle);
out:
tpm_put_ops(chip);
--
2.38.1.431.g37b22c650d-goog
next prev parent reply other threads:[~2022-11-11 23:20 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-11 23:16 [PATCH v5 00/11] Encrypted Hibernation Evan Green
2022-11-11 23:16 ` [PATCH v5 01/11] tpm: Add support for in-kernel resetting of PCRs Evan Green
2022-11-13 20:31 ` Eric Biggers
2022-11-27 16:06 ` Jarkko Sakkinen
2022-11-27 16:07 ` Jarkko Sakkinen
2022-11-11 23:16 ` [PATCH v5 02/11] tpm: Export and rename tpm2_find_and_validate_cc() Evan Green
2022-11-11 23:16 ` [PATCH v5 03/11] tpm: Allow PCR 23 to be restricted to kernel-only use Evan Green
2022-11-13 20:46 ` Eric Biggers
2022-11-14 17:11 ` James Bottomley
2022-11-27 16:33 ` Jarkko Sakkinen
2022-11-27 16:41 ` James Bottomley
2022-11-30 20:22 ` Dr. Greg
2022-11-30 21:34 ` Casey Schaufler
2022-12-02 1:10 ` Dr. Greg
2023-01-03 20:42 ` Matthew Garrett
2023-01-03 21:04 ` William Roberts
2023-01-03 21:10 ` Matthew Garrett
2023-01-14 14:55 ` James Bottomley
2023-01-14 15:11 ` William Roberts
2023-01-15 3:05 ` Matthew Garrett
2023-01-15 14:41 ` William Roberts
2023-01-17 21:26 ` James Bottomley
2023-01-21 3:29 ` Jarkko Sakkinen
2023-01-23 17:48 ` William Roberts
2023-01-24 11:51 ` Dr. Greg
2023-01-24 12:38 ` James Bottomley
2023-01-24 15:05 ` William Roberts
2023-01-26 17:21 ` Jarkko Sakkinen
2023-01-26 17:32 ` William Roberts
2023-01-26 21:30 ` Jarkko Sakkinen
2023-01-26 22:01 ` William Roberts
2023-02-07 23:20 ` Jarkko Sakkinen
2023-01-26 17:07 ` Jarkko Sakkinen
2023-01-26 17:12 ` Jarkko Sakkinen
2023-01-26 17:20 ` William Roberts
2023-01-10 16:07 ` William Roberts
2022-11-27 16:29 ` Jarkko Sakkinen
2022-11-11 23:16 ` [PATCH v5 04/11] security: keys: trusted: Include TPM2 creation data Evan Green
2022-11-13 21:20 ` Eric Biggers
2022-11-14 3:32 ` James Bottomley
2022-11-14 16:32 ` Evan Green
2022-11-14 16:56 ` James Bottomley
2022-11-14 17:43 ` Evan Green
2022-11-14 18:00 ` James Bottomley
2022-12-02 21:03 ` James Bottomley
2022-12-05 18:43 ` Evan Green
2022-11-11 23:16 ` [PATCH v5 05/11] security: keys: trusted: Allow storage of PCR values in " Evan Green
2022-11-13 22:01 ` Eric Biggers
2022-11-11 23:16 ` Evan Green [this message]
2022-11-13 22:13 ` [PATCH v5 06/11] security: keys: trusted: Verify " Eric Biggers
2022-11-11 23:16 ` [PATCH v5 07/11] PM: hibernate: Add kernel-based encryption Evan Green
2022-11-13 22:55 ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 08/11] PM: hibernate: Use TPM-backed keys to encrypt image Evan Green
2022-11-13 23:33 ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 09/11] PM: hibernate: Mix user key in encrypted hibernate Evan Green
2022-11-13 23:44 ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 10/11] PM: hibernate: Verify the digest encryption key Evan Green
2022-11-13 23:47 ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 11/11] PM: hibernate: seal the encryption key with a PCR policy Evan Green
2022-11-13 23:51 ` Eric Biggers
2022-12-07 23:54 ` [PATCH v5 00/11] Encrypted Hibernation Evan Green
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221111151451.v5.6.I6cdb522cb5ea28fcd1e35b4cd92cbd067f99269a@changeid \
--to=evgreen@chromium.org \
--cc=apronin@chromium.org \
--cc=axelj@axis.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=dianders@chromium.org \
--cc=dlunev@google.com \
--cc=ebiggers@kernel.org \
--cc=gwendal@chromium.org \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=me@benboeckel.net \
--cc=mgarrett@aurora.tech \
--cc=mjg59@google.com \
--cc=paul@paul-moore.com \
--cc=pavel@ucw.cz \
--cc=rjw@rjwysocki.net \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.