* [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy
@ 2019-12-30 17:37 James Bottomley
2019-12-30 17:37 ` [PATCH v4 1/9] lib: add asn.1 encoder James Bottomley
` (9 more replies)
0 siblings, 10 replies; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:37 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
This is basically a respin to update the ASN.1 interface to pass
pointers in and out instead of updating in place. The remainder of
the patches haven't changed in substance, but have changed to support
the new ASN.1 encoder API.
General Cover letter description:
I've changed the output format to use the standardised ASN.1 coding
for TPM2 keys, meaning they should interoperate with userspace TPM2
key implementations. Apart from interoperability, another advantage
of the existing key format is that it carries all parameters like
parent and hash with it and it is capable of carrying policy
directives in a way that mean they're tied permanently to the key (no
having to try to remember what the policy was and reconstruct it from
userspace). This actually allows us to support the TPM 1.2 commands
like pcrinfo easily in 2.0.
Using the TPM2_PolicyPassword trick, this series now combines
authorization with policy in a flexible way that would allow us to
move to HMAC based authorizations later for TPM security. In getting
passwords to work, I fixed the tpm2 password format in a separate
patch. TPM 1.2 only allows fixed length authorizations, but TPM 2.0
allows for variable length passphrases, so we should support that in
the keys.
James
---
James Bottomley (9):
lib: add asn.1 encoder
oid_registry: Add TCG defined OIDS for TPM keys
security: keys: trusted fix tpm2 authorizations
security: keys: trusted: use ASN.1 tpm2 key format for the blobs
security: keys: trusted: Make sealed key properly interoperable
security: keys: trusted: add PCR policy to TPM2 keys
security: keys: trusted: add ability to specify arbitrary policy
security: keys: trusted: implement counter/timer policy
security: keys: trusted: add password based authorizations to policy
keys
Documentation/security/keys/trusted-encrypted.rst | 64 +++-
include/keys/trusted-type.h | 7 +-
include/linux/asn1_encoder.h | 32 ++
include/linux/oid_registry.h | 5 +
include/linux/tpm.h | 8 +
lib/Makefile | 2 +-
lib/asn1_encoder.c | 391 +++++++++++++++++++
security/keys/Kconfig | 2 +
security/keys/trusted-keys/Makefile | 2 +-
security/keys/trusted-keys/tpm2-policy.c | 433 ++++++++++++++++++++++
security/keys/trusted-keys/tpm2-policy.h | 31 ++
security/keys/trusted-keys/tpm2key.asn1 | 23 ++
security/keys/trusted-keys/trusted_tpm1.c | 46 ++-
security/keys/trusted-keys/trusted_tpm2.c | 360 ++++++++++++++++--
14 files changed, 1370 insertions(+), 36 deletions(-)
create mode 100644 include/linux/asn1_encoder.h
create mode 100644 lib/asn1_encoder.c
create mode 100644 security/keys/trusted-keys/tpm2-policy.c
create mode 100644 security/keys/trusted-keys/tpm2-policy.h
create mode 100644 security/keys/trusted-keys/tpm2key.asn1
--
2.16.4
^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH v4 1/9] lib: add asn.1 encoder
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
@ 2019-12-30 17:37 ` James Bottomley
2020-01-06 18:09 ` Jarkko Sakkinen
2019-12-30 17:37 ` [PATCH v4 2/9] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
` (8 subsequent siblings)
9 siblings, 1 reply; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:37 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
We have a need in the TPM trusted keys to return the ASN.1 form of the
TPM key blob so it can be operated on by tools outside of the kernel.
To do that, we have to be able to read and write the key format. The
current ASN.1 decoder does fine for reading, but we need pieces of an
ASN.1 encoder to return the key blob.
The current implementation only encodes the ASN.1 bits we actually need.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
v2: updated API to use indefinite length, and made symbol exports gpl
v3: add data length error handling
v4: use end_data instead of data_len pointer
---
include/linux/asn1_encoder.h | 32 ++++
lib/Makefile | 2 +-
lib/asn1_encoder.c | 391 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 424 insertions(+), 1 deletion(-)
create mode 100644 include/linux/asn1_encoder.h
create mode 100644 lib/asn1_encoder.c
diff --git a/include/linux/asn1_encoder.h b/include/linux/asn1_encoder.h
new file mode 100644
index 000000000000..08cd0c2ad34f
--- /dev/null
+++ b/include/linux/asn1_encoder.h
@@ -0,0 +1,32 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+#ifndef _LINUX_ASN1_ENCODER_H
+#define _LINUX_ASN1_ENCODER_H
+
+#include <linux/types.h>
+#include <linux/asn1.h>
+#include <linux/asn1_ber_bytecode.h>
+#include <linux/bug.h>
+
+#define asn1_oid_len(oid) (sizeof(oid)/sizeof(u32))
+unsigned char *
+asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
+ s64 integer);
+unsigned char *
+asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
+ u32 oid[], int oid_len);
+unsigned char *
+asn1_encode_tag(unsigned char *data, const unsigned char *end_data,
+ u32 tag, const unsigned char *string, int len);
+unsigned char *
+asn1_encode_octet_string(unsigned char *data,
+ const unsigned char *end_data,
+ const unsigned char *string, u32 len);
+unsigned char *
+asn1_encode_sequence(unsigned char *data, const unsigned char *end_data,
+ const unsigned char *seq, int len);
+unsigned char *
+asn1_encode_boolean(unsigned char *data, const unsigned char *end_data,
+ bool val);
+
+#endif
diff --git a/lib/Makefile b/lib/Makefile
index c2f0e2a4e4e8..515b35f92c3c 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -233,7 +233,7 @@ obj-$(CONFIG_INTERVAL_TREE_TEST) += interval_tree_test.o
obj-$(CONFIG_PERCPU_TEST) += percpu_test.o
-obj-$(CONFIG_ASN1) += asn1_decoder.o
+obj-$(CONFIG_ASN1) += asn1_decoder.o asn1_encoder.o
obj-$(CONFIG_FONT_SUPPORT) += fonts/
diff --git a/lib/asn1_encoder.c b/lib/asn1_encoder.c
new file mode 100644
index 000000000000..e3d9631a50fd
--- /dev/null
+++ b/lib/asn1_encoder.c
@@ -0,0 +1,391 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Simple encoder primitives for ASN.1 BER/DER/CER
+ *
+ * Copyright (C) 2019 James.Bottomley@HansenPartnership.com
+ */
+
+#include <linux/asn1_encoder.h>
+#include <linux/bug.h>
+#include <linux/string.h>
+#include <linux/module.h>
+
+/**
+ * asn1_encode_integer - encode positive integer to ASN.1
+ * @data: pointer to the pointer to the data
+ * @end_data: end of data pointer, points one beyond last usable byte in @data
+ * @integer: integer to be encoded
+ *
+ * This is a simplified encoder: it only currently does
+ * positive integers, but it should be simple enough to add the
+ * negative case if a use comes along.
+ */
+unsigned char *
+asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
+ s64 integer)
+{
+ unsigned char *d = &data[2];
+ int i;
+ bool found = false;
+ int data_len = end_data - data;
+
+ if (WARN(integer < 0,
+ "BUG: integer encode only supports positive integers"))
+ return ERR_PTR(-EINVAL);
+
+ if (IS_ERR(data))
+ return data;
+
+ if (data_len < 3)
+ return ERR_PTR(-EINVAL);
+
+ data_len -= 2;
+
+ data[0] = _tag(UNIV, PRIM, INT);
+ if (integer == 0) {
+ *d++ = 0;
+ goto out;
+ }
+ for (i = sizeof(integer); i > 0 ; i--) {
+ int byte = integer >> (8*(i-1));
+
+ if (!found && byte == 0)
+ continue;
+ /*
+ * for a positive number the first byte must have bit
+ * 7 clear in two's complement (otherwise it's a
+ * negative number) so prepend a leading zero if
+ * that's not the case
+ */
+ if (!found && (byte & 0x80)) {
+ /*
+ * no check needed here, we already know we
+ * have len >= 1
+ */
+ *d++ = 0;
+ data_len--;
+ }
+ found = true;
+ if (data_len == 0)
+ return ERR_PTR(-EINVAL);
+ *d++ = byte;
+ data_len--;
+ }
+ out:
+ data[1] = d - data - 2;
+
+ return d;
+}
+EXPORT_SYMBOL_GPL(asn1_encode_integer);
+
+/* calculate the base 128 digit values setting the top bit of the first octet */
+static int asn1_encode_oid_digit(unsigned char **_data, int *data_len, u32 oid)
+{
+ int start = 7 + 7 + 7 + 7;
+ unsigned char *data = *_data;
+ int ret = 0;
+
+ if (*data_len < 1)
+ return -EINVAL;
+
+ /* quick case */
+ if (oid == 0) {
+ *data++ = 0x80;
+ (*data_len)--;
+ goto out;
+ }
+
+ while (oid >> start == 0)
+ start -= 7;
+
+ while (start > 0 && *data_len > 0) {
+ u8 byte;
+
+ byte = oid >> start;
+ oid = oid - (byte << start);
+ start -= 7;
+ byte |= 0x80;
+ *data++ = byte;
+ (*data_len)--;
+ }
+ if (*data_len > 0) {
+ *data++ = oid;
+ (*data_len)--;
+ } else {
+ ret = -EINVAL;
+ }
+
+ out:
+ *_data = data;
+ return ret;
+}
+
+/**
+ * asn1_encode_oid - encode an oid to ASN.1
+ * @data: position to begin encoding at
+ * @end_data: end of data pointer, points one beyond last usable byte in @data
+ * @oid: array of oids
+ * @oid_len: length of oid array
+ *
+ * this encodes an OID up to ASN.1 when presented as an array of OID values
+ */
+unsigned char *
+asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
+ u32 oid[], int oid_len)
+{
+ unsigned char *d = data + 2;
+ int i, ret;
+ int data_len = end_data - data;
+
+ if (WARN(oid_len < 2, "OID must have at least two elements"))
+ return ERR_PTR(-EINVAL);
+ if (WARN(oid_len > 32, "OID is too large"))
+ return ERR_PTR(-EINVAL);
+ if (IS_ERR(data))
+ return data;
+ if (data_len < 2)
+ return ERR_PTR(-EINVAL);
+
+ data[0] = _tag(UNIV, PRIM, OID);
+ *d++ = oid[0] * 40 + oid[1];
+ data_len -= 2;
+ ret = 0;
+ for (i = 2; i < oid_len; i++) {
+ ret = asn1_encode_oid_digit(&d, &data_len, oid[i]);
+ if (ret < 0)
+ return ERR_PTR(ret);
+ }
+ data[1] = d - data - 2;
+ return d;
+}
+EXPORT_SYMBOL_GPL(asn1_encode_oid);
+
+static int asn1_encode_length(unsigned char **data, int *data_len, int len)
+{
+ if (*data_len < 1)
+ return -EINVAL;
+ if (len < 0) {
+ *((*data)++) = ASN1_INDEFINITE_LENGTH;
+ (*data_len)--;
+ return 0;
+ }
+ if (len <= 0x7f) {
+ *((*data)++) = len;
+ (*data_len)--;
+ return 0;
+ }
+
+ if (*data_len < 2)
+ return -EINVAL;
+ if (len <= 0xff) {
+ *((*data)++) = 0x81;
+ *((*data)++) = len & 0xff;
+ *data_len -= 2;
+ return 0;
+ }
+
+ if (*data_len < 3)
+ return -EINVAL;
+ if (len <= 0xffff) {
+ *((*data)++) = 0x82;
+ *((*data)++) = (len >> 8) & 0xff;
+ *((*data)++) = len & 0xff;
+ *data_len -= 3;
+ return 0;
+ }
+
+ if (WARN(len > 0xffffff, "ASN.1 length can't be > 0xffffff"))
+ return -EINVAL;
+
+ if (*data_len < 4)
+ return -EINVAL;
+ *((*data)++) = 0x83;
+ *((*data)++) = (len >> 16) & 0xff;
+ *((*data)++) = (len >> 8) & 0xff;
+ *((*data)++) = len & 0xff;
+ *data_len -= 4;
+
+ return 0;
+}
+
+/**
+ * asn1_encode_tag - add a tag for optional or explicit value
+ * @data: pointer to place tag at
+ * @end_data: end of data pointer, points one beyond last usable byte in @data
+ * @tag: tag to be placed
+ * @string: the data to be tagged
+ * @len: the length of the data to be tagged
+ *
+ * Note this currently only handles short form tags < 31. To encode
+ * in place pass a NULL @string and -1 for @len; all this will do is
+ * add an indefinite length tag and update the data pointer to the
+ * place where the tag contents should be placed. After the data is
+ * placed, repeat the prior statement but now with the known length.
+ * In order to avoid having to keep both before and after pointers,
+ * the repeat expects to be called with @data pointing to where the
+ * first encode placed it.
+ */
+unsigned char *
+asn1_encode_tag(unsigned char *data, const unsigned char *end_data,
+ u32 tag, const unsigned char *string, int len)
+{
+ int ret;
+ int data_len = end_data - data;
+
+ if (WARN(tag > 30, "ASN.1 tag can't be > 30"))
+ return ERR_PTR(-EINVAL);
+
+ if (!string && WARN(len > 127,
+ "BUG: recode tag is too big (>127)"))
+ return ERR_PTR(-EINVAL);
+ if (IS_ERR(data))
+ return data;
+
+ if (!string && len > 0) {
+ /*
+ * we're recoding, so move back to the start of the
+ * tag and install a dummy length because the real
+ * data_len should be NULL
+ */
+ data -= 2;
+ data_len = 2;
+ }
+
+ if (data_len < 2)
+ return ERR_PTR(-EINVAL);
+
+ *(data++) = _tagn(CONT, CONS, tag);
+ data_len--;
+ ret = asn1_encode_length(&data, &data_len, len);
+ if (ret < 0)
+ return ERR_PTR(ret);
+ if (!string)
+ return data;
+ if (data_len < len)
+ return ERR_PTR(-EINVAL);
+ memcpy(data, string, len);
+ data += len;
+
+ return data;
+}
+EXPORT_SYMBOL_GPL(asn1_encode_tag);
+
+/**
+ * asn1_encode_octet_string - encode an ASN.1 OCTET STRING
+ * @data: pointer to encode at
+ * @end_data: end of data pointer, points one beyond last usable byte in @data
+ * @string: string to be encoded
+ * @len: length of string
+ *
+ * Note ASN.1 octet strings may contain zeros, so the length is obligatory.
+ */
+unsigned char *
+asn1_encode_octet_string(unsigned char *data,
+ const unsigned char *end_data,
+ const unsigned char *string, u32 len)
+{
+ int ret;
+ int data_len = end_data - data;
+
+ if (IS_ERR(data))
+ return data;
+
+ if (data_len < 2)
+ return ERR_PTR(-EINVAL);
+
+ *(data++) = _tag(UNIV, PRIM, OTS);
+ data_len--;
+ ret = asn1_encode_length(&data, &data_len, len);
+ if (ret)
+ return ERR_PTR(ret);
+
+ if (data_len < len)
+ return ERR_PTR(-EINVAL);
+
+ memcpy(data, string, len);
+ data += len;
+
+ return data;
+}
+EXPORT_SYMBOL_GPL(asn1_encode_octet_string);
+
+/**
+ * asn1_encode_sequence - wrap a byte stream in an ASN.1 SEQUENCE
+ * @data: pointer to encode at
+ * @end_data: end of data pointer, points one beyond last usable byte in @data
+ * @seq: data to be encoded as a sequence
+ * @len: length of the data to be encoded as a sequence
+ *
+ * Fill in a sequence. To encode in place, pass NULL for @seq and -1
+ * for @len; then call again once the length is known (still with NULL
+ * for @seq). In order to avoid having to keep both before and after
+ * pointers, the repeat expects to be called with @data pointing to
+ * where the first encode placed it.
+ */
+unsigned char *
+asn1_encode_sequence(unsigned char *data, const unsigned char *end_data,
+ const unsigned char *seq, int len)
+{
+ int ret;
+ int data_len = end_data - data;
+
+ if (!seq && WARN(len > 127,
+ "BUG: recode sequence is too big (>127)"))
+ return ERR_PTR(-EINVAL);
+ if (IS_ERR(data))
+ return data;
+ if (!seq && len >= 0) {
+ /*
+ * we're recoding, so move back to the start of the
+ * sequence and install a dummy length because the
+ * real length should be NULL
+ */
+ data -= 2;
+ data_len = 2;
+ }
+
+ if (data_len < 2)
+ return ERR_PTR(-EINVAL);
+
+ *(data++) = _tag(UNIV, CONS, SEQ);
+ data_len--;
+ ret = asn1_encode_length(&data, &data_len, len);
+ if (ret)
+ return ERR_PTR(ret);
+ if (!seq)
+ return data;
+
+ if (data_len < len)
+ return ERR_PTR(-EINVAL);
+
+ memcpy(data, seq, len);
+ data += len;
+
+ return data;
+}
+EXPORT_SYMBOL_GPL(asn1_encode_sequence);
+
+/**
+ * asn1_encode_boolean - encode a boolean value to ASN.1
+ * @data: pointer to encode at
+ * @end_data: end of data pointer, points one beyond last usable byte in @data
+ * @val: the boolean true/false value
+ */
+unsigned char *
+asn1_encode_boolean(unsigned char *data, const unsigned char *end_data,
+ bool val)
+{
+ int data_len = end_data - data;
+
+ if (IS_ERR(data))
+ return data;
+ if (data_len < 3)
+ return ERR_PTR(-EINVAL);
+ *(data++) = _tag(UNIV, PRIM, BOOL);
+ data_len--;
+ asn1_encode_length(&data, &data_len, 1);
+ *(data++) = val ? 1 : 0;
+
+ return data;
+}
+EXPORT_SYMBOL_GPL(asn1_encode_boolean);
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 2/9] oid_registry: Add TCG defined OIDS for TPM keys
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
2019-12-30 17:37 ` [PATCH v4 1/9] lib: add asn.1 encoder James Bottomley
@ 2019-12-30 17:37 ` James Bottomley
2019-12-30 17:37 ` [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations James Bottomley
` (7 subsequent siblings)
9 siblings, 0 replies; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:37 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
The TCG has defined an OID prefix "2.23.133.10.1" for the various TPM
key uses. We've defined three of the available numbers:
2.23.133.10.1.3 TPM Loadable key. This is an asymmetric key (Usually
RSA2048 or Elliptic Curve) which can be imported by a
TPM2_Load() operation.
2.23.133.10.1.4 TPM Importable Key. This is an asymmetric key (Usually
RSA2048 or Elliptic Curve) which can be imported by a
TPM2_Import() operation.
Both loadable and importable keys are specific to a given TPM, the
difference is that a loadable key is wrapped with the symmetric
secret, so must have been created by the TPM itself. An importable
key is wrapped with a DH shared secret, and may be created without
access to the TPM provided you know the public part of the parent key.
2.23.133.10.1.5 TPM Sealed Data. This is a set of data (up to 128
bytes) which is sealed by the TPM. It usually
represents a symmetric key and must be unsealed before
use.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
v3: correct OID_TPMImportableKey name
---
include/linux/oid_registry.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 657d6bf2c064..f6e2276e5f30 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -107,6 +107,11 @@ enum OID {
OID_gostTC26Sign512B, /* 1.2.643.7.1.2.1.2.2 */
OID_gostTC26Sign512C, /* 1.2.643.7.1.2.1.2.3 */
+ /* TCG defined OIDS for TPM based keys */
+ OID_TPMLoadableKey, /* 2.23.133.10.1.3 */
+ OID_TPMImportableKey, /* 2.23.133.10.1.4 */
+ OID_TPMSealedData, /* 2.23.133.10.1.5 */
+
OID__NR
};
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
2019-12-30 17:37 ` [PATCH v4 1/9] lib: add asn.1 encoder James Bottomley
2019-12-30 17:37 ` [PATCH v4 2/9] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
@ 2019-12-30 17:37 ` James Bottomley
2020-01-06 21:45 ` Jarkko Sakkinen
2019-12-30 17:37 ` [PATCH v4 4/9] security: keys: trusted: use ASN.1 tpm2 key format for the blobs James Bottomley
` (6 subsequent siblings)
9 siblings, 1 reply; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:37 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
In TPM 1.2 an authorization was a 20 byte number. The spec actually
recommended you to hash variable length passwords and use the sha1
hash as the authorization. Because the spec doesn't require this
hashing, the current authorization for trusted keys is a 40 digit hex
number. For TPM 2.0 the spec allows the passing in of variable length
passwords and passphrases directly, so we should allow that in trusted
keys for ease of use. Update the 'blobauth' parameter to take this
into account, so we can now use plain text passwords for the keys.
so before
keyctl add trusted kmk "new 32 blobauth=f572d396fae9206628714fb2ce00f72e94f2258f"
after:
keyctl add trusted kmk "new 32 blobauth=hello keyhandle=81000001"
Note this is both and enhancement and a potential bug fix. The TPM
2.0 spec requires us to strip leading zeros, meaning empyty
authorization is a zero length HMAC whereas we're currently passing in
20 bytes of zeros. A lot of TPMs simply accept this as OK, but the
Microsoft TPM emulator rejects it with TPM_RC_BAD_AUTH, so this patch
makes the Microsoft TPM emulator work with trusted keys.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
include/keys/trusted-type.h | 1 +
security/keys/trusted-keys/trusted_tpm1.c | 24 +++++++++++++++++++-----
security/keys/trusted-keys/trusted_tpm2.c | 9 +++++----
3 files changed, 25 insertions(+), 9 deletions(-)
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index a94c03a61d8f..b2ed3481c6a0 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
@@ -30,6 +30,7 @@ struct trusted_key_options {
uint16_t keytype;
uint32_t keyhandle;
unsigned char keyauth[TPM_DIGEST_SIZE];
+ uint32_t blobauth_len;
unsigned char blobauth[TPM_DIGEST_SIZE];
uint32_t pcrinfo_len;
unsigned char pcrinfo[MAX_PCRINFO_SIZE];
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index d2c5ec1e040b..ef15b6cda6ec 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -781,12 +781,26 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
return -EINVAL;
break;
case Opt_blobauth:
- if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
- return -EINVAL;
- res = hex2bin(opt->blobauth, args[0].from,
- SHA1_DIGEST_SIZE);
- if (res < 0)
+ /*
+ * TPM 1.2 authorizations are sha1 hashes
+ * passed in as hex strings. TPM 2.0
+ * authorizations are simple passwords
+ * (although it can take a hash as well)
+ */
+ opt->blobauth_len = strlen(args[0].from);
+ if (opt->blobauth_len == 2 * TPM_DIGEST_SIZE) {
+ res = hex2bin(opt->blobauth, args[0].from,
+ TPM_DIGEST_SIZE);
+ if (res < 0)
+ return -EINVAL;
+ opt->blobauth_len = TPM_DIGEST_SIZE;
+ } else if (tpm2 &&
+ opt->blobauth_len <= sizeof(opt->blobauth)) {
+ memcpy(opt->blobauth, args[0].from,
+ opt->blobauth_len);
+ } else {
return -EINVAL;
+ }
break;
case Opt_migratable:
if (*args[0].from == '0')
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 08ec7f48f01d..11a331a94327 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -91,10 +91,11 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
TPM_DIGEST_SIZE);
/* sensitive */
- tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
+ tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len + 1);
- tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
- tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
+ tpm_buf_append_u16(&buf, options->blobauth_len);
+ if (options->blobauth_len)
+ tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
tpm_buf_append_u16(&buf, payload->key_len + 1);
tpm_buf_append(&buf, payload->key, payload->key_len);
tpm_buf_append_u8(&buf, payload->migratable);
@@ -258,7 +259,7 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
NULL /* nonce */, 0,
TPM2_SA_CONTINUE_SESSION,
options->blobauth /* hmac */,
- TPM_DIGEST_SIZE);
+ options->blobauth_len);
rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
if (rc > 0)
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 4/9] security: keys: trusted: use ASN.1 tpm2 key format for the blobs
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
` (2 preceding siblings ...)
2019-12-30 17:37 ` [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations James Bottomley
@ 2019-12-30 17:37 ` James Bottomley
2020-01-06 21:53 ` Jarkko Sakkinen
2019-12-30 17:37 ` [PATCH v4 5/9] security: keys: trusted: Make sealed key properly interoperable James Bottomley
` (5 subsequent siblings)
9 siblings, 1 reply; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:37 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
Modify the tpm2 key format blob output to export and import in the
ASN.1 form for tpm2 sealed object keys. For compatibility with prior
trusted keys, the importer will also accept two tpm2b quantities
representing the public and private parts of the key. However, the
export via keyctl pipe will only output the ASN.1 format.
The benefit of the ASN.1 format is that it's a standard and thus the
exported key can be used by userspace tools. The format includes
policy specifications, thus it gets us out of having to construct
policy handles in userspace and the format includes the parent meaning
you don't have to keep passing it in each time.
This patch only implements basic handling for the ASN.1 format, so
keys with passwords but no policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
v2: Updated encode API, added length checks
---
security/keys/trusted-keys/Makefile | 2 +-
security/keys/trusted-keys/tpm2key.asn1 | 23 ++++
security/keys/trusted-keys/trusted_tpm1.c | 2 +-
security/keys/trusted-keys/trusted_tpm2.c | 187 +++++++++++++++++++++++++++++-
4 files changed, 207 insertions(+), 7 deletions(-)
create mode 100644 security/keys/trusted-keys/tpm2key.asn1
diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile
index 7b73cebbb378..e0198641eff2 100644
--- a/security/keys/trusted-keys/Makefile
+++ b/security/keys/trusted-keys/Makefile
@@ -5,4 +5,4 @@
obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
trusted-y += trusted_tpm1.o
-trusted-y += trusted_tpm2.o
+trusted-y += trusted_tpm2.o tpm2key.asn1.o
diff --git a/security/keys/trusted-keys/tpm2key.asn1 b/security/keys/trusted-keys/tpm2key.asn1
new file mode 100644
index 000000000000..1851b7c80f08
--- /dev/null
+++ b/security/keys/trusted-keys/tpm2key.asn1
@@ -0,0 +1,23 @@
+---
+--- Note: This isn't quite the definition in the standard
+--- However, the Linux asn.1 parser doesn't understand
+--- [2] EXPLICIT SEQUENCE OF OPTIONAL
+--- So there's an extra intermediate TPMPolicySequence
+--- definition to work around this
+
+TPMKey ::= SEQUENCE {
+ type OBJECT IDENTIFIER ({tpmkey_type}),
+ emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL,
+ policy [1] EXPLICIT TPMPolicySequence OPTIONAL,
+ secret [2] EXPLICIT OCTET STRING OPTIONAL,
+ parent INTEGER ({tpmkey_parent}),
+ pubkey OCTET STRING ({tpmkey_pub}),
+ privkey OCTET STRING ({tpmkey_priv})
+ }
+
+TPMPolicySequence ::= SEQUENCE OF TPMPolicy
+
+TPMPolicy ::= SEQUENCE {
+ commandCode [0] EXPLICIT INTEGER,
+ commandPolicy [1] EXPLICIT OCTET STRING
+ }
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index ef15b6cda6ec..d92d45d759c6 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -1005,7 +1005,7 @@ static int trusted_instantiate(struct key *key,
goto out;
}
- if (!options->keyhandle) {
+ if (!options->keyhandle && !tpm2) {
ret = -EINVAL;
goto out;
}
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 11a331a94327..cd7008d499ba 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -4,6 +4,8 @@
* Copyright (C) 2014 Intel Corporation
*/
+#include <linux/asn1_encoder.h>
+#include <linux/oid_registry.h>
#include <linux/string.h>
#include <linux/err.h>
#include <linux/tpm.h>
@@ -12,6 +14,10 @@
#include <keys/trusted-type.h>
#include <keys/trusted_tpm.h>
+#include <asm/unaligned.h>
+
+#include "tpm2key.asn1.h"
+
static struct tpm2_hash tpm2_hash_map[] = {
{HASH_ALGO_SHA1, TPM_ALG_SHA1},
{HASH_ALGO_SHA256, TPM_ALG_SHA256},
@@ -20,6 +26,158 @@ static struct tpm2_hash tpm2_hash_map[] = {
{HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
};
+static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
+
+static int tpm2_key_encode(struct trusted_key_payload *payload,
+ struct trusted_key_options *options,
+ u8 *src, u32 len)
+{
+ const int SCRATCH_SIZE = PAGE_SIZE;
+ u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL);
+ u8 *work = scratch, *work1;
+ u8 *end_work = scratch + SCRATCH_SIZE;
+ u8 *priv, *pub;
+ u16 priv_len, pub_len;
+
+ priv_len = get_unaligned_be16(src);
+ src += 2;
+ priv = src;
+ src += priv_len;
+ pub_len = get_unaligned_be16(src);
+ src += 2;
+ pub = src;
+
+ if (!scratch)
+ return -ENOMEM;
+
+ work = asn1_encode_oid(work, end_work, tpm2key_oid,
+ asn1_oid_len(tpm2key_oid));
+ if (options->blobauth_len == 0) {
+ unsigned char bool[3], *w = bool;
+ /* tag 0 is emptyAuth */
+ w = asn1_encode_boolean(w, w + sizeof(bool), true);
+ if (WARN(IS_ERR(w), "BUG: Boolean failed to encode"))
+ return PTR_ERR(w);
+ work = asn1_encode_tag(work, end_work, 0, bool, w - bool);
+ }
+ /*
+ * Assume both octet strings will encode to a 2 byte definite length
+ *
+ * Note: For a well behaved TPM, this warning should never
+ * trigger, so if it does there's something nefarious going on
+ */
+ if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE,
+ "BUG: scratch buffer is too small"))
+ return -EINVAL;
+ work = asn1_encode_integer(work, end_work, options->keyhandle);
+ work = asn1_encode_octet_string(work, end_work, pub, pub_len);
+ work = asn1_encode_octet_string(work, end_work, priv, priv_len);
+
+ work1 = payload->blob;
+ work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob),
+ scratch, work - scratch);
+ if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed"))
+ return PTR_ERR(work1);
+
+ return work1 - payload->blob;
+}
+
+struct tpm2key_context {
+ u32 parent;
+ const u8 *pub;
+ u32 pub_len;
+ const u8 *priv;
+ u32 priv_len;
+};
+
+static int tpm2_key_decode(struct trusted_key_payload *payload,
+ struct trusted_key_options *options,
+ u8 **buf)
+{
+ int ret;
+ struct tpm2key_context ctx;
+ u8 *blob;
+
+ ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, payload->blob,
+ payload->blob_len);
+ if (ret < 0)
+ return ret;
+
+ if (ctx.priv_len + ctx.pub_len > MAX_BLOB_SIZE)
+ return -EINVAL;
+
+ blob = kmalloc(ctx.priv_len + ctx.pub_len + 4, GFP_KERNEL);
+ if (!blob)
+ return -ENOMEM;
+
+ *buf = blob;
+ options->keyhandle = ctx.parent;
+ put_unaligned_be16(ctx.priv_len, blob);
+ blob += 2;
+ memcpy(blob, ctx.priv, ctx.priv_len);
+ blob += ctx.priv_len;
+ put_unaligned_be16(ctx.pub_len, blob);
+ blob += 2;
+ memcpy(blob, ctx.pub, ctx.pub_len);
+
+ return 0;
+}
+
+int tpmkey_parent(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct tpm2key_context *ctx = context;
+ const u8 *v = value;
+ int i;
+
+ ctx->parent = 0;
+ for (i = 0; i < vlen; i++) {
+ ctx->parent <<= 8;
+ ctx->parent |= v[i];
+ }
+ return 0;
+}
+
+int tpmkey_type(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ enum OID oid = look_up_OID(value, vlen);
+
+ if (oid != OID_TPMSealedData) {
+ char buffer[50];
+
+ sprint_oid(value, vlen, buffer, sizeof(buffer));
+ pr_debug("OID is \"%s\" which is not TPMSealedData\n",
+ buffer);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+int tpmkey_pub(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct tpm2key_context *ctx = context;
+
+ ctx->pub = value;
+ ctx->pub_len = vlen;
+ return 0;
+}
+
+int tpmkey_priv(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct tpm2key_context *ctx = context;
+
+ ctx->priv = value;
+ ctx->priv_len = vlen;
+ return 0;
+}
+
/**
* tpm_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer.
*
@@ -79,6 +237,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
if (i == ARRAY_SIZE(tpm2_hash_map))
return -EINVAL;
+ if (!options->keyhandle)
+ return -EINVAL;
+
rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
if (rc)
return rc;
@@ -145,8 +306,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
goto out;
}
- memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len);
- payload->blob_len = blob_len;
+ payload->blob_len =
+ tpm2_key_encode(payload, options,
+ &buf.data[TPM_HEADER_SIZE + 4],
+ blob_len);
out:
tpm_buf_destroy(&buf);
@@ -157,6 +320,8 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
else
rc = -EPERM;
}
+ if (payload->blob_len < 0)
+ return payload->blob_len;
return rc;
}
@@ -183,13 +348,23 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
unsigned int private_len;
unsigned int public_len;
unsigned int blob_len;
+ u8 *blob;
int rc;
- private_len = be16_to_cpup((__be16 *) &payload->blob[0]);
+ rc = tpm2_key_decode(payload, options, &blob);
+ if (rc)
+ /* old form */
+ blob = payload->blob;
+
+ /* new format carries keyhandle but old format doesn't */
+ if (!options->keyhandle)
+ return -EINVAL;
+
+ private_len = be16_to_cpup((__be16 *) &blob[0]);
if (private_len > (payload->blob_len - 2))
return -E2BIG;
- public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]);
+ public_len = be16_to_cpup((__be16 *) &blob[2 + private_len]);
blob_len = private_len + public_len + 4;
if (blob_len > payload->blob_len)
return -E2BIG;
@@ -205,7 +380,7 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
options->keyauth /* hmac */,
TPM_DIGEST_SIZE);
- tpm_buf_append(&buf, payload->blob, blob_len);
+ tpm_buf_append(&buf, blob, blob_len);
if (buf.flags & TPM_BUF_OVERFLOW) {
rc = -E2BIG;
@@ -218,6 +393,8 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
(__be32 *) &buf.data[TPM_HEADER_SIZE]);
out:
+ if (blob != payload->blob)
+ kfree(blob);
tpm_buf_destroy(&buf);
if (rc > 0)
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 5/9] security: keys: trusted: Make sealed key properly interoperable
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
` (3 preceding siblings ...)
2019-12-30 17:37 ` [PATCH v4 4/9] security: keys: trusted: use ASN.1 tpm2 key format for the blobs James Bottomley
@ 2019-12-30 17:37 ` James Bottomley
2020-01-06 21:58 ` Jarkko Sakkinen
2019-12-30 17:37 ` [PATCH v4 6/9] security: keys: trusted: add PCR policy to TPM2 keys James Bottomley
` (4 subsequent siblings)
9 siblings, 1 reply; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:37 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
The current implementation appends a migratable flag to the end of a
key, meaning the format isn't exactly interoperable because the using
party needs to know to strip this extra byte. However, all other
consumers of TPM sealed blobs expect the unseal to return exactly the
key. Since TPM2 keys have a key property flag that corresponds to
migratable, use that flag instead and make the actual key the only
sealed quantity. This is secure because the key properties are bound
to a hash in the private part, so if they're altered the key won't
load.
Backwards compatibility is implemented by detecting whether we're
loading a new format key or not and correctly setting migratable from
the last byte of old format keys.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
v2: added length checks to untrusted payload
---
include/keys/trusted-type.h | 1 +
include/linux/tpm.h | 2 +
security/keys/trusted-keys/trusted_tpm2.c | 69 ++++++++++++++++++++++---------
3 files changed, 53 insertions(+), 19 deletions(-)
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index b2ed3481c6a0..b2d87ad21714 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
@@ -22,6 +22,7 @@ struct trusted_key_payload {
unsigned int key_len;
unsigned int blob_len;
unsigned char migratable;
+ unsigned char old_format;
unsigned char key[MAX_KEY_SIZE + 1];
unsigned char blob[MAX_BLOB_SIZE];
};
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 03e9b184411b..cd46ab27baa5 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -297,6 +297,8 @@ struct tpm_buf {
};
enum tpm2_object_attributes {
+ TPM2_OA_FIXED_TPM = BIT(1),
+ TPM2_OA_FIXED_PARENT = BIT(4),
TPM2_OA_USER_WITH_AUTH = BIT(6),
};
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index cd7008d499ba..4563a4c7b6ec 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -224,6 +224,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
unsigned int blob_len;
struct tpm_buf buf;
u32 hash;
+ u32 flags;
int i;
int rc;
@@ -252,30 +253,31 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
TPM_DIGEST_SIZE);
/* sensitive */
- tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len + 1);
+ tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len);
tpm_buf_append_u16(&buf, options->blobauth_len);
if (options->blobauth_len)
tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
- tpm_buf_append_u16(&buf, payload->key_len + 1);
+ tpm_buf_append_u16(&buf, payload->key_len);
tpm_buf_append(&buf, payload->key, payload->key_len);
- tpm_buf_append_u8(&buf, payload->migratable);
/* public */
tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH);
tpm_buf_append_u16(&buf, hash);
+ /* key properties */
+ flags = 0;
+ flags |= options->policydigest_len ? 0 : TPM2_OA_USER_WITH_AUTH;
+ flags |= payload->migratable ? (TPM2_OA_FIXED_TPM |
+ TPM2_OA_FIXED_PARENT) : 0;
+ tpm_buf_append_u32(&buf, flags);
+
/* policy */
- if (options->policydigest_len) {
- tpm_buf_append_u32(&buf, 0);
- tpm_buf_append_u16(&buf, options->policydigest_len);
+ tpm_buf_append_u16(&buf, options->policydigest_len);
+ if (options->policydigest_len)
tpm_buf_append(&buf, options->policydigest,
options->policydigest_len);
- } else {
- tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
- tpm_buf_append_u16(&buf, 0);
- }
/* public parameters */
tpm_buf_append_u16(&buf, TPM_ALG_NULL);
@@ -348,23 +350,42 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
unsigned int private_len;
unsigned int public_len;
unsigned int blob_len;
- u8 *blob;
+ u8 *blob, *pub;
int rc;
+ u32 attrs;
rc = tpm2_key_decode(payload, options, &blob);
- if (rc)
+ if (rc) {
/* old form */
blob = payload->blob;
+ payload->old_format = 1;
+ }
/* new format carries keyhandle but old format doesn't */
if (!options->keyhandle)
return -EINVAL;
- private_len = be16_to_cpup((__be16 *) &blob[0]);
- if (private_len > (payload->blob_len - 2))
+ /* must be big enough for at least the two be16 size counts */
+ if (payload->blob_len < 4)
+ return -EINVAL;
+ private_len = get_unaligned_be16(blob);
+ /* must be big enough for following public_len */
+ if (private_len + 2 + 2 > (payload->blob_len))
+ return -E2BIG;
+
+ public_len = get_unaligned_be16(blob + 2 + private_len);
+ if (private_len + 2 + public_len + 2 > payload->blob_len)
return -E2BIG;
- public_len = be16_to_cpup((__be16 *) &blob[2 + private_len]);
+ pub = blob + 2 + private_len + 2;
+ /* key attributes are always at offset 4 */
+ attrs = get_unaligned_be32(pub + 4);
+ if ((attrs & (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT)) ==
+ (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT))
+ payload->migratable = 0;
+ else
+ payload->migratable = 1;
+
blob_len = private_len + public_len + 4;
if (blob_len > payload->blob_len)
return -E2BIG;
@@ -445,7 +466,7 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
if (!rc) {
data_len = be16_to_cpup(
(__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
- if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) {
+ if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE) {
rc = -EFAULT;
goto out;
}
@@ -456,9 +477,19 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
}
data = &buf.data[TPM_HEADER_SIZE + 6];
- memcpy(payload->key, data, data_len - 1);
- payload->key_len = data_len - 1;
- payload->migratable = data[data_len - 1];
+ if (payload->old_format) {
+ /* migratable flag is at the end of the key */
+ memcpy(payload->key, data, data_len - 1);
+ payload->key_len = data_len - 1;
+ payload->migratable = data[data_len - 1];
+ } else {
+ /*
+ * migratable flag already collected from key
+ * attributes
+ */
+ memcpy(payload->key, data, data_len);
+ payload->key_len = data_len;
+ }
}
out:
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 6/9] security: keys: trusted: add PCR policy to TPM2 keys
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
` (4 preceding siblings ...)
2019-12-30 17:37 ` [PATCH v4 5/9] security: keys: trusted: Make sealed key properly interoperable James Bottomley
@ 2019-12-30 17:37 ` James Bottomley
2019-12-30 17:38 ` [PATCH v4 7/9] security: keys: trusted: add ability to specify arbitrary policy James Bottomley
` (3 subsequent siblings)
9 siblings, 0 replies; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:37 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
This commit adds the ability to specify a PCR lock policy to TPM2
keys. There is a complexity in that the creator of the key must chose
either to use a PCR lock policy or to use authentication. At the
current time they can't use both due to a complexity with the way
authentication works when policy registers are in use. The way to
construct a pcrinfo statement for a key is simply to use the
TPMS_PCR_SELECT structure to specify the PCRs and follow this by a
hash of all their values in order of ascending PCR number.
For simplicity, we require the policy name hash and the hash used for
the PCRs to be the same. Thus to construct a policy around the value
of the resettable PCR 16 using the sha1 bank, first reset the pcr to
zero giving a hash of all zeros as:
6768033e216468247bd031a0a2d9876d79818f8f
Then the TPMS_PCR_SELECT value for PCR 16 is
03000001
So create a new 32 byte key with a policy policy locking the key to
this value of PCR 16 with a parent key of 81000001 would be:
keyctl new 32 keyhandle=0x81000001 hash=sha1 pcrinfo=030000016768033e216468247bd
031a0a2d9876d79818f8f" @u
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
v2: fix for new ASN.1 API eliminating hack in place and check lengths
---
Documentation/security/keys/trusted-encrypted.rst | 19 +-
include/keys/trusted-type.h | 5 +-
include/linux/tpm.h | 5 +
security/keys/Kconfig | 2 +
security/keys/trusted-keys/Makefile | 2 +-
security/keys/trusted-keys/tpm2-policy.c | 354 ++++++++++++++++++++++
security/keys/trusted-keys/tpm2-policy.h | 30 ++
security/keys/trusted-keys/tpm2key.asn1 | 4 +-
security/keys/trusted-keys/trusted_tpm1.c | 7 +-
security/keys/trusted-keys/trusted_tpm2.c | 89 +++++-
10 files changed, 501 insertions(+), 16 deletions(-)
create mode 100644 security/keys/trusted-keys/tpm2-policy.c
create mode 100644 security/keys/trusted-keys/tpm2-policy.h
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index 50ac8bcd6970..053344c4df5b 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -60,7 +60,10 @@ Usage::
(40 ascii zeros)
blobauth= ascii hex auth for sealed data default 0x00...
(40 ascii zeros)
- pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
+ pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no
+ default) on TPM 1.2 and a TPMS_PCR_SELECTION
+ coupled with a hash of all the selected PCRs on
+ TPM 2.0 using the selected hash.
pcrlock= pcr number to be extended to "lock" blob
migratable= 0|1 indicating permission to reseal to new PCR values,
default 1 (resealing allowed)
@@ -151,6 +154,20 @@ Load a trusted key from the saved blob::
f1f8fff03ad0acb083725535636addb08d73dedb9832da198081e5deae84bfaf0409c22b
e4a8aea2b607ec96931e6f4d4fe563ba
+Create a trusted key on TPM 2.0 using an all zero value of PCR16 and
+using the NV storage root 81000001 as the parent::
+
+ $ keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha1 pcrinfo=030000016768033e216468247bd031a0a2d9876d79818f8f" @u
+
+Note the TPMS_PCR_SELECT value for PCR 16 is 03000001 because all
+current TPMs have 24 PCRs, so the initial 03 says there are three
+following bytes of selection and then because the bytes are big
+endian, 16 is bit zero of byte 2. the hash is the sha1 sum of all
+zeros (the value of PCR 16)::
+
+ $ dd if=/dev/zero bs=1 count=20 2>/dev/null|sha1sum
+ 6768033e216468247bd031a0a2d9876d79818f8f
+
Reseal a trusted key under new pcr values::
$ keyctl update 268728824 "update pcrinfo=`cat pcr.blob`"
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index b2d87ad21714..c117bf598230 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
@@ -14,9 +14,11 @@
#define MIN_KEY_SIZE 32
#define MAX_KEY_SIZE 128
#define MAX_BLOB_SIZE 512
-#define MAX_PCRINFO_SIZE 64
+#define MAX_PCRINFO_SIZE 128
#define MAX_DIGEST_SIZE 64
+#define TPM2_MAX_POLICIES 16
+
struct trusted_key_payload {
struct rcu_head rcu;
unsigned int key_len;
@@ -25,6 +27,7 @@ struct trusted_key_payload {
unsigned char old_format;
unsigned char key[MAX_KEY_SIZE + 1];
unsigned char blob[MAX_BLOB_SIZE];
+ struct tpm2_policies *policies;
};
struct trusted_key_options {
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index cd46ab27baa5..e32e9728adce 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -222,10 +222,14 @@ enum tpm2_command_codes {
TPM2_CC_CONTEXT_LOAD = 0x0161,
TPM2_CC_CONTEXT_SAVE = 0x0162,
TPM2_CC_FLUSH_CONTEXT = 0x0165,
+ TPM2_CC_POLICY_AUTHVALUE = 0x016B,
+ TPM2_CC_POLICY_COUNTER_TIMER = 0x016D,
+ TPM2_CC_START_AUTH_SESS = 0x0176,
TPM2_CC_VERIFY_SIGNATURE = 0x0177,
TPM2_CC_GET_CAPABILITY = 0x017A,
TPM2_CC_GET_RANDOM = 0x017B,
TPM2_CC_PCR_READ = 0x017E,
+ TPM2_CC_POLICY_PCR = 0x017F,
TPM2_CC_PCR_EXTEND = 0x0182,
TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
TPM2_CC_HASH_SEQUENCE_START = 0x0186,
@@ -234,6 +238,7 @@ enum tpm2_command_codes {
};
enum tpm2_permanent_handles {
+ TPM2_RH_NULL = 0x40000007,
TPM2_RS_PW = 0x40000009,
};
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index dd313438fecf..6c2f2c22b284 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -80,6 +80,8 @@ config TRUSTED_KEYS
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_SHA1
+ select CRYPTO_SHA256
+ select CRYPTO_SHA512
select CRYPTO_HASH_INFO
help
This option provides support for creating, sealing, and unsealing
diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile
index e0198641eff2..194febacf362 100644
--- a/security/keys/trusted-keys/Makefile
+++ b/security/keys/trusted-keys/Makefile
@@ -5,4 +5,4 @@
obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
trusted-y += trusted_tpm1.o
-trusted-y += trusted_tpm2.o tpm2key.asn1.o
+trusted-y += trusted_tpm2.o tpm2key.asn1.o tpm2-policy.o
diff --git a/security/keys/trusted-keys/tpm2-policy.c b/security/keys/trusted-keys/tpm2-policy.c
new file mode 100644
index 000000000000..31ba8ee80c09
--- /dev/null
+++ b/security/keys/trusted-keys/tpm2-policy.c
@@ -0,0 +1,354 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2019 James.Bottomley@HansenPartnership.com
+ */
+
+#include <linux/asn1_encoder.h>
+#include <linux/err.h>
+#include <linux/types.h>
+#include <linux/printk.h>
+#include <linux/string.h>
+#include <linux/tpm.h>
+
+#include <asm/unaligned.h>
+
+#include <crypto/hash.h>
+
+#include <keys/trusted-type.h>
+#include <keys/trusted_tpm.h>
+
+#include "tpm2key.asn1.h"
+#include "tpm2-policy.h"
+
+int tpmkey_code(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct tpm2key_context *ctx = context;
+ u32 code = 0;
+ const u8 *v = value;
+ int i;
+
+ for (i = 0; i < vlen; i++) {
+ code <<= 8;
+ code |= v[i];
+ }
+
+ ctx->policy_code[ctx->policy_count] = code;
+
+ return 0;
+}
+
+int tpmkey_policy(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct tpm2key_context *ctx = context;
+
+ ctx->policies[ctx->policy_count] = value;
+ ctx->policy_len[ctx->policy_count++] = vlen;
+
+ return 0;
+}
+
+/* we only support a limited number of policy statement so
+ * make sure we don't have anything we can't support
+ */
+static int tpm2_validate_policy(struct tpm2_policies *pols)
+{
+ int i;
+
+ if (pols->count == 0)
+ return 0;
+
+ for (i = 0; i < pols->count; i++) {
+ switch (pols->code[i]) {
+ case TPM2_CC_POLICY_COUNTER_TIMER:
+ case TPM2_CC_POLICY_PCR:
+ case TPM2_CC_POLICY_AUTHVALUE:
+ break;
+ default:
+ printk(KERN_INFO "tpm2 policy 0x%x is unsupported",
+ pols->code[i]);
+ return -EINVAL;
+ }
+ }
+ return 0;
+}
+
+/**
+ * tpmkey_process_policy - collect the policty from the context
+ * @ctx: the context to collect from
+ * @payload: the payload structure to place it in
+ *
+ * THis function sizes the policy statements and allocates space
+ * within the payload to receive them before copying them over. It
+ * should be used after the ber decoder has completed successfully
+ */
+int tpmkey_policy_process(struct tpm2key_context *ctx,
+ struct trusted_key_payload *payload)
+{
+ int tot_len = 0;
+ u8 *buf;
+ int i, ret, len = 0;
+ struct tpm2_policies *pols;
+
+ if (ctx->policy_count == 0)
+ return 0;
+
+ for (i = 0; i < ctx->policy_count; i++)
+ tot_len += ctx->policy_len[i];
+ tot_len += sizeof(*pols);
+
+ pols = kmalloc(tot_len, GFP_KERNEL);
+ if (!pols)
+ return -ENOMEM;
+
+ payload->policies = pols;
+ buf = (u8 *)(pols + 1);
+
+ for (i = 0; i < ctx->policy_count; i++) {
+ pols->policies[i] = &buf[len];
+ pols->len[i] = ctx->policy_len[i];
+ pols->code[i] = ctx->policy_code[i];
+ if (pols->len[i])
+ memcpy(pols->policies[i], ctx->policies[i],
+ ctx->policy_len[i]);
+ len += ctx->policy_len[i];
+ }
+ pols->count = ctx->policy_count;
+
+ ret = tpm2_validate_policy(pols);
+ if (ret) {
+ kfree(pols);
+ payload->policies = NULL;
+ }
+
+ /* capture the hash and size */
+
+ /* the hash is the second algorithm */
+ pols->hash = get_unaligned_be16(&ctx->pub[2]);
+ /* and the digest appears after the attributes */
+ pols->hash_size = get_unaligned_be16(&ctx->pub[8]);
+
+ return ret;
+}
+
+int tpm2_generate_policy_digest(struct tpm2_policies *pols,
+ u32 hash, u8 *policydigest, u32 *plen)
+{
+ int i;
+ struct crypto_shash *tfm;
+ int rc;
+
+ if (pols->count == 0)
+ return 0;
+
+ tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ rc = crypto_shash_digestsize(tfm);
+ if (WARN(rc > MAX_DIGEST_SIZE,
+ "BUG: trusted key code has alg %s with digest too large (%d)",
+ hash_algo_name[hash], rc)) {
+ rc = -EINVAL;
+ goto err;
+ }
+ pols->hash = hash;
+ pols->hash_size = rc;
+ *plen = rc;
+
+ /* policy digests always start out all zeros */
+ memset(policydigest, 0, rc);
+
+ for (i = 0; i < pols->count; i++) {
+ u8 *policy = pols->policies[i];
+ int len = pols->len[i];
+ u32 cmd = pols->code[i];
+ u8 digest[MAX_DIGEST_SIZE];
+ u8 code[4];
+ SHASH_DESC_ON_STACK(sdesc, tfm);
+
+ sdesc->tfm = tfm;
+ rc = crypto_shash_init(sdesc);
+ if (rc)
+ goto err;
+
+ /* first hash the previous digest */
+ crypto_shash_update(sdesc, policydigest, *plen);
+ /* then hash the command code */
+ put_unaligned_be32(cmd, code);
+ crypto_shash_update(sdesc, code, 4);
+
+ /* commands that need special handling */
+ if (cmd == TPM2_CC_POLICY_COUNTER_TIMER) {
+ SHASH_DESC_ON_STACK(sdesc1, tfm);
+
+ sdesc1->tfm = tfm;
+
+ /* counter timer policies are double hashed */
+ crypto_shash_digest(sdesc1, policy, len,
+ digest);
+ policy = digest;
+ len = *plen;
+ }
+ crypto_shash_update(sdesc, policy, len);
+ /* now output the intermediate to the policydigest */
+ crypto_shash_final(sdesc, policydigest);
+
+ }
+ rc = 0;
+
+ err:
+ crypto_free_shash(tfm);
+ return rc;
+}
+
+int tpm2_encode_policy(struct tpm2_policies *pols, u8 **data, u32 *len)
+{
+ const int SCRATCH_SIZE = PAGE_SIZE;
+ u8 *buf = kmalloc(2 * SCRATCH_SIZE, GFP_KERNEL);
+ u8 *work = buf + SCRATCH_SIZE;
+ u8 *ptr;
+ u8 *end_work = work + SCRATCH_SIZE;
+ int i, ret;
+
+ if (!buf)
+ return -ENOMEM;
+
+ for (i = 0; i < pols->count; i++) {
+ u8 *seq, *tag;
+ u32 cmd = pols->code[i];
+
+ if (WARN(work - buf + 14 + pols->len[i] > 2 * SCRATCH_SIZE,
+ "BUG: scratch buffer is too small"))
+ return -EINVAL;
+
+ work = asn1_encode_sequence(work, end_work, NULL, -1);
+ seq = work;
+
+ work = asn1_encode_tag(work, end_work, 0, NULL, -1);
+ tag = work;
+ work = asn1_encode_integer(work, end_work, cmd);
+ asn1_encode_tag(tag, end_work, 0, NULL, work - tag);
+
+ work = asn1_encode_tag(work, end_work, 1, NULL, -1);
+ tag = work;
+ work = asn1_encode_octet_string(work, end_work,
+ pols->policies[i],
+ pols->len[i]);
+ asn1_encode_tag(tag, end_work, 1, NULL, work - tag);
+
+ seq = asn1_encode_sequence(seq, end_work, NULL, work - seq);
+ if (IS_ERR(seq)) {
+ ret = PTR_ERR(seq);
+ goto err;
+ }
+ }
+ ptr = asn1_encode_sequence(buf, buf + SCRATCH_SIZE, buf + PAGE_SIZE,
+ work - buf - PAGE_SIZE);
+ if (IS_ERR(ptr)) {
+ ret = PTR_ERR(ptr);
+ goto err;
+ }
+ *data = buf;
+ *len = ptr - buf;
+
+ return 0;
+
+ err:
+ kfree(buf);
+ return ret;
+}
+
+int tpm2_start_policy_session(struct tpm_chip *chip, u16 hash, u32 *handle)
+{
+ struct tpm_buf buf;
+ int rc;
+ int i;
+
+ rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_START_AUTH_SESS);
+ if (rc)
+ return rc;
+
+ /* NULL salt key handle */
+ tpm_buf_append_u32(&buf, TPM2_RH_NULL);
+ /* NULL bind key handle */
+ tpm_buf_append_u32(&buf, TPM2_RH_NULL);
+ /* empty nonce caller */
+ tpm_buf_append_u16(&buf, 20);
+ for (i = 0; i < 20; i++)
+ tpm_buf_append_u8(&buf, 0);
+ /* empty auth */
+ tpm_buf_append_u16(&buf, 0);
+ /* session type policy */
+ tpm_buf_append_u8(&buf, 0x01);
+
+ /* symmetric encryption parameters */
+ /* symmetric algorithm */
+ tpm_buf_append_u16(&buf, TPM_ALG_NULL);
+ /* hash algorithm for session */
+ tpm_buf_append_u16(&buf, hash);
+
+ rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
+ if (rc)
+ goto out;
+
+ *handle = get_unaligned_be32(buf.data + TPM_HEADER_SIZE);
+ out:
+ tpm_buf_destroy(&buf);
+
+ return rc <= 0 ? rc : -EPERM;
+}
+
+int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
+ u32 *handle)
+{
+ int i, rc;
+ const char *failure;
+
+ rc = tpm2_start_policy_session(chip, pols->hash, handle);
+ if (rc)
+ return rc;
+
+ for (i = 0; i < pols->count; i++) {
+ u32 cmd = pols->code[i];
+ struct tpm_buf buf;
+
+ rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, cmd);
+ if (rc)
+ return rc;
+
+ tpm_buf_append_u32(&buf, *handle);
+
+ switch (cmd) {
+ case TPM2_CC_POLICY_PCR:
+ failure = "PCR";
+ /*
+ * for reasons best known to the TCG we have
+ * to reverse the two arguments to send to the
+ * policy command
+ */
+ tpm_buf_append_u16(&buf, pols->hash_size);
+ tpm_buf_append(&buf, pols->policies[i] + pols->len[i] -
+ pols->hash_size, pols->hash_size);
+ tpm_buf_append(&buf, pols->policies[i],
+ pols->len[i] - pols->hash_size);
+ break;
+ default:
+ failure = "unknown policy";
+ break;
+ }
+ rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
+ tpm_buf_destroy(&buf);
+ if (rc) {
+ printk(KERN_NOTICE "TPM policy %s failed, rc=%d\n",
+ failure, rc);
+ tpm2_flush_context(chip, *handle);
+ *handle = 0;
+ return -EPERM;
+ }
+ }
+ return 0;
+}
diff --git a/security/keys/trusted-keys/tpm2-policy.h b/security/keys/trusted-keys/tpm2-policy.h
new file mode 100644
index 000000000000..152c948743f3
--- /dev/null
+++ b/security/keys/trusted-keys/tpm2-policy.h
@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+struct tpm2key_context {
+ u32 parent;
+ const u8 *pub;
+ u32 pub_len;
+ const u8 *priv;
+ u32 priv_len;
+ const u8 *policies[TPM2_MAX_POLICIES];
+ u32 policy_code[TPM2_MAX_POLICIES];
+ u16 policy_len[TPM2_MAX_POLICIES];
+ u8 policy_count;
+};
+
+struct tpm2_policies {
+ u32 code[TPM2_MAX_POLICIES];
+ u8 *policies[TPM2_MAX_POLICIES];
+ u16 len[TPM2_MAX_POLICIES];
+ u8 count;
+ u16 hash;
+ u16 hash_size;
+};
+
+int tpmkey_policy_process(struct tpm2key_context *ctx,
+ struct trusted_key_payload *payload);
+int tpm2_generate_policy_digest(struct tpm2_policies *pols, u32 hash,
+ u8 *policydigest, u32 *plen);
+int tpm2_encode_policy(struct tpm2_policies *pols, u8 **data, u32 *len);
+int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
+ u32 *handle);
diff --git a/security/keys/trusted-keys/tpm2key.asn1 b/security/keys/trusted-keys/tpm2key.asn1
index 1851b7c80f08..f930fd812db3 100644
--- a/security/keys/trusted-keys/tpm2key.asn1
+++ b/security/keys/trusted-keys/tpm2key.asn1
@@ -18,6 +18,6 @@ TPMKey ::= SEQUENCE {
TPMPolicySequence ::= SEQUENCE OF TPMPolicy
TPMPolicy ::= SEQUENCE {
- commandCode [0] EXPLICIT INTEGER,
- commandPolicy [1] EXPLICIT OCTET STRING
+ commandCode [0] EXPLICIT INTEGER ({tpmkey_code}),
+ commandPolicy [1] EXPLICIT OCTET STRING ({tpmkey_policy})
}
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index d92d45d759c6..912792fd987a 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -1059,6 +1059,7 @@ static void trusted_rcu_free(struct rcu_head *rcu)
struct trusted_key_payload *p;
p = container_of(rcu, struct trusted_key_payload, rcu);
+ kzfree(p->policies);
kzfree(p);
}
@@ -1178,7 +1179,11 @@ static long trusted_read(const struct key *key, char __user *buffer,
*/
static void trusted_destroy(struct key *key)
{
- kzfree(key->payload.data[0]);
+ struct trusted_key_payload *p;
+
+ p = key->payload.data[0];
+ kzfree(p->policies);
+ kzfree(p);
}
struct key_type key_type_trusted = {
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 4563a4c7b6ec..1f039b39aa7f 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -17,6 +17,7 @@
#include <asm/unaligned.h>
#include "tpm2key.asn1.h"
+#include "tpm2-policy.h"
static struct tpm2_hash tpm2_hash_map[] = {
{HASH_ALGO_SHA1, TPM_ALG_SHA1},
@@ -60,6 +61,22 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
return PTR_ERR(w);
work = asn1_encode_tag(work, end_work, 0, bool, w - bool);
}
+
+ if (payload->policies) {
+ u8 *encoded_pols;
+ u32 encoded_pol_len;
+ int ret;
+
+ ret = tpm2_encode_policy(payload->policies, &encoded_pols,
+ &encoded_pol_len);
+ if (ret)
+ return ret;
+
+ work = asn1_encode_tag(work, end_work, 1, encoded_pols,
+ encoded_pol_len);
+ kfree(encoded_pols);
+ }
+
/*
* Assume both octet strings will encode to a 2 byte definite length
*
@@ -82,14 +99,6 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
return work1 - payload->blob;
}
-struct tpm2key_context {
- u32 parent;
- const u8 *pub;
- u32 pub_len;
- const u8 *priv;
- u32 priv_len;
-};
-
static int tpm2_key_decode(struct trusted_key_payload *payload,
struct trusted_key_options *options,
u8 **buf)
@@ -98,6 +107,8 @@ static int tpm2_key_decode(struct trusted_key_payload *payload,
struct tpm2key_context ctx;
u8 *blob;
+ memset(&ctx, 0, sizeof(ctx));
+
ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, payload->blob,
payload->blob_len);
if (ret < 0)
@@ -110,6 +121,12 @@ static int tpm2_key_decode(struct trusted_key_payload *payload,
if (!blob)
return -ENOMEM;
+ ret = tpmkey_policy_process(&ctx, payload);
+ if (ret) {
+ kfree(blob);
+ return ret;
+ }
+
*buf = blob;
options->keyhandle = ctx.parent;
put_unaligned_be16(ctx.priv_len, blob);
@@ -241,6 +258,42 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
if (!options->keyhandle)
return -EINVAL;
+ if (options->pcrinfo_len != 0) {
+ struct tpm2_policies *pols;
+ static u8 *scratch;
+ /* 4 array len, 2 hash alg */
+ const int len = 4 + 2 + options->pcrinfo_len;
+
+ pols = kmalloc(sizeof(*pols) + len, GFP_KERNEL);
+ if (!pols)
+ return -ENOMEM;
+
+ pols->count = 1;
+ pols->len[0] = len;
+ scratch = (u8 *)(pols + 1);
+ pols->policies[0] = scratch;
+ pols->code[0] = TPM2_CC_POLICY_PCR;
+
+ put_unaligned_be32(1, &scratch[0]);
+ put_unaligned_be16(hash, &scratch[4]);
+ memcpy(&scratch[6], options->pcrinfo, options->pcrinfo_len);
+ payload->policies = pols;
+ }
+
+ if (options->policydigest_len != 0 && payload->policies) {
+ /* can't specify both a digest and a policy */
+ return -EINVAL;
+ }
+
+ if (payload->policies) {
+ rc = tpm2_generate_policy_digest(payload->policies,
+ options->hash,
+ options->policydigest,
+ &options->policydigest_len);
+ if (rc)
+ return rc;
+ }
+
rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
if (rc)
return rc;
@@ -445,21 +498,37 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
u16 data_len;
u8 *data;
int rc;
+ u32 policyhandle;
+
+ if (payload->policies && options->policyhandle)
+ /* can't have both a passed in policy and a key resident one */
+ return -EINVAL;
rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
if (rc)
return rc;
+ if (payload->policies) {
+ rc = tpm2_get_policy_session(chip, payload->policies,
+ &policyhandle);
+ if (rc)
+ return rc;
+ } else {
+ policyhandle = options->policyhandle;
+ }
+
tpm_buf_append_u32(&buf, blob_handle);
tpm2_buf_append_auth(&buf,
- options->policyhandle ?
- options->policyhandle : TPM2_RS_PW,
+ policyhandle ?
+ policyhandle : TPM2_RS_PW,
NULL /* nonce */, 0,
TPM2_SA_CONTINUE_SESSION,
options->blobauth /* hmac */,
options->blobauth_len);
rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
+ if (payload->policies)
+ tpm2_flush_context(chip, policyhandle);
if (rc > 0)
rc = -EPERM;
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 7/9] security: keys: trusted: add ability to specify arbitrary policy
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
` (5 preceding siblings ...)
2019-12-30 17:37 ` [PATCH v4 6/9] security: keys: trusted: add PCR policy to TPM2 keys James Bottomley
@ 2019-12-30 17:38 ` James Bottomley
2019-12-30 17:38 ` [PATCH v4 8/9] security: keys: trusted: implement counter/timer policy James Bottomley
` (2 subsequent siblings)
9 siblings, 0 replies; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:38 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
This patch adds a policy= argument to key creation. The policy is the
standard tss policymaker format and each separate policy line must
have a newline after it.
Thus to construct a policy requiring authorized value and pcr 16
locking using a sha256 hash, the policy (policy.txt) file would be two
lines:
0000017F00000001000B03000001303095B49BE85E381E5B20E557E46363EF55B0F43B132C2D8E3DE9AC436656F2
0000016b
This can be inserted into the key with
keyctl add trusted kmk "new 32 policy=`cat policy.txt` keyhandle=0x81000001 hash=sha256" @u
Note that although a few policies work like this, most require special
handling which must be added to the kernel policy construction
routine.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
Documentation/security/keys/trusted-encrypted.rst | 16 ++++++++
security/keys/trusted-keys/tpm2-policy.c | 46 +++++++++++++++++++++++
security/keys/trusted-keys/tpm2-policy.h | 1 +
security/keys/trusted-keys/trusted_tpm1.c | 13 +++++++
4 files changed, 76 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index 053344c4df5b..b68d3eb73f00 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -76,6 +76,9 @@ Usage::
policyhandle= handle to an authorization policy session that defines the
same policy and with the same hash algorithm as was used to
seal the key.
+ policy= specify an arbitrary set of policies. These must
+ be in policymaker format with each separate
+ policy line newline terminated.
"keyctl print" returns an ascii hex copy of the sealed key, which is in standard
TPM_STORED_DATA format. The key length for new keys are always in bytes.
@@ -168,6 +171,19 @@ zeros (the value of PCR 16)::
$ dd if=/dev/zero bs=1 count=20 2>/dev/null|sha1sum
6768033e216468247bd031a0a2d9876d79818f8f
+You can also specify arbitrary policy in policymaker format, so a two
+value policy (the pcr example above and authvalue) would look like
+this in policymaker format::
+
+ 0000017F000000010004030000016768033e216468247bd031a0a2d9876d79818f8f
+ 0000016b
+
+This can be placed in a file (say policy.txt) and then added to the key as::
+
+ $ keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha1 policy=`cat policy.txt`" @u
+
+The newlines in the file policy.txt will be automatically processed.
+
Reseal a trusted key under new pcr values::
$ keyctl update 268728824 "update pcrinfo=`cat pcr.blob`"
diff --git a/security/keys/trusted-keys/tpm2-policy.c b/security/keys/trusted-keys/tpm2-policy.c
index 31ba8ee80c09..45fca829503b 100644
--- a/security/keys/trusted-keys/tpm2-policy.c
+++ b/security/keys/trusted-keys/tpm2-policy.c
@@ -352,3 +352,49 @@ int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
}
return 0;
}
+
+int tpm2_parse_policies(struct tpm2_policies **ppols, char *str)
+{
+ struct tpm2_policies *pols;
+ char *p;
+ u8 *ptr;
+ int i = 0, left = PAGE_SIZE, res;
+
+ pols = kmalloc(left, GFP_KERNEL);
+ if (!pols)
+ return -ENOMEM;
+
+ ptr = (u8 *)(pols + 1);
+ left -= ptr - (u8 *)pols;
+
+ while ((p = strsep(&str, "\n"))) {
+ if (*p == '\0' || *p == '\n')
+ continue;
+ pols->len[i] = strlen(p)/2;
+ if (pols->len[i] > left) {
+ res = -E2BIG;
+ goto err;
+ }
+ res = hex2bin(ptr, p, pols->len[i]);
+ if (res)
+ goto err;
+ /* get command code and skip past */
+ pols->code[i] = get_unaligned_be32(ptr);
+ pols->policies[i] = ptr + 4;
+ ptr += pols->len[i];
+ left -= pols->len[i];
+ pols->len[i] -= 4;
+ /*
+ * FIXME: this does leave the code embedded in dead
+ * regions of the memory, but it's easier than
+ * hexdumping to a temporary or copying over
+ */
+ i++;
+ }
+ pols->count = i;
+ *ppols = pols;
+ return 0;
+ err:
+ kfree(pols);
+ return res;
+}
diff --git a/security/keys/trusted-keys/tpm2-policy.h b/security/keys/trusted-keys/tpm2-policy.h
index 152c948743f3..cb804a544ced 100644
--- a/security/keys/trusted-keys/tpm2-policy.h
+++ b/security/keys/trusted-keys/tpm2-policy.h
@@ -28,3 +28,4 @@ int tpm2_generate_policy_digest(struct tpm2_policies *pols, u32 hash,
int tpm2_encode_policy(struct tpm2_policies *pols, u8 **data, u32 *len);
int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
u32 *handle);
+int tpm2_parse_policies(struct tpm2_policies **ppols, char *str);
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index 912792fd987a..af269f4774de 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -29,6 +29,8 @@
#include <keys/trusted_tpm.h>
+#include "tpm2-policy.h"
+
static const char hmac_alg[] = "hmac(sha1)";
static const char hash_alg[] = "sha1";
static struct tpm_chip *chip;
@@ -709,6 +711,7 @@ enum {
Opt_hash,
Opt_policydigest,
Opt_policyhandle,
+ Opt_policy,
};
static const match_table_t key_tokens = {
@@ -724,6 +727,7 @@ static const match_table_t key_tokens = {
{Opt_hash, "hash=%s"},
{Opt_policydigest, "policydigest=%s"},
{Opt_policyhandle, "policyhandle=%s"},
+ {Opt_policy, "policy=%s"},
{Opt_err, NULL}
};
@@ -848,6 +852,15 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
return -EINVAL;
opt->policyhandle = handle;
break;
+ case Opt_policy:
+ if (pay->policies)
+ return -EINVAL;
+ if (!tpm2)
+ return -EINVAL;
+ res = tpm2_parse_policies(&pay->policies, args[0].from);
+ if (res)
+ return res;
+ break;
default:
return -EINVAL;
}
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 8/9] security: keys: trusted: implement counter/timer policy
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
` (6 preceding siblings ...)
2019-12-30 17:38 ` [PATCH v4 7/9] security: keys: trusted: add ability to specify arbitrary policy James Bottomley
@ 2019-12-30 17:38 ` James Bottomley
2019-12-30 17:38 ` [PATCH v4 9/9] security: keys: trusted: add password based authorizations to policy keys James Bottomley
2019-12-31 16:05 ` [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy Jarkko Sakkinen
9 siblings, 0 replies; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:38 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
This is actually a generic policy allowing a range of comparisons
against any value set in the TPM Clock, which includes things like the
reset count, a monotonic millisecond count and the restart count. The
most useful comparison is against the millisecond count for expiring
keys. However, you have to remember that currently Linux doesn't try
to sync the epoch timer with the TPM, so the expiration is actually
measured in how long the TPM itself has been powered on ... the TPM
timer doesn't count while the system is powered down. The millisecond
counter is a u64 quantity found at offset 8 in the timer structure,
and the <= comparision operand is 9, so a policy set to expire after the
TPM has been up for 100 seconds would look like
0000016d00000000000f424000080009
Where 0x16d is the counter timer policy code and 0xf4240 is 100 000 in
hex.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
Documentation/security/keys/trusted-encrypted.rst | 29 +++++++++++++++++++++++
security/keys/trusted-keys/tpm2-policy.c | 19 +++++++++++++++
2 files changed, 48 insertions(+)
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index b68d3eb73f00..53a6196c7df9 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -241,3 +241,32 @@ about the usage can be found in the file
Another new format 'enc32' has been defined in order to support encrypted keys
with payload size of 32 bytes. This will initially be used for nvdimm security
but may expand to other usages that require 32 bytes payload.
+
+Appendix
+--------
+
+TPM 2.0 Policies
+----------------
+
+The current TPM supports PCR lock policies as documented above and
+CounterTimer policies which can be used to create expiring keys. One
+caveat with expiring keys is that the TPM millisecond counter does not
+update while a system is powered off and Linux does not sync the TPM
+millisecond count with its internal clock, so the best you can expire
+in is in terms of how long any given TPM has been powered on. (FIXME:
+Linux should simply update the millisecond clock to the current number
+of seconds past the epoch on boot).
+
+A CounterTimer policy is expressed in terms of length and offset
+against the TPM clock structure (TPMS_TIME_INFO), which looks like the
+packed structure::
+
+ struct tpms_time_info {
+ u64 uptime; /* time in ms since last start or reset */
+ u64 clock; /* cumulative uptime in ms */
+ u32 resetcount; /* numer of times the TPM has been reset */
+ u32 restartcount; /* number of times the TPM has been restarted */
+ u8 safe /* time was safely loaded from NVRam */
+ };
+
+The usual comparison for expiring keys is against clock, at offset 8.
diff --git a/security/keys/trusted-keys/tpm2-policy.c b/security/keys/trusted-keys/tpm2-policy.c
index 45fca829503b..3c7a8e6c84c8 100644
--- a/security/keys/trusted-keys/tpm2-policy.c
+++ b/security/keys/trusted-keys/tpm2-policy.c
@@ -336,6 +336,25 @@ int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
tpm_buf_append(&buf, pols->policies[i],
pols->len[i] - pols->hash_size);
break;
+ case TPM2_CC_POLICY_COUNTER_TIMER: {
+ /*
+ * the format of this is the last two u16
+ * quantities are the offset and operation
+ * respectively. The rest is operandB which
+ * must be zero padded in a hash digest
+ */
+ u16 opb_len = pols->len[i] - 4;
+
+ if (opb_len > pols->hash_size)
+ return -EINVAL;
+
+ tpm_buf_append_u16(&buf, opb_len);
+ tpm_buf_append(&buf, pols->policies[i], opb_len);
+ /* offset and operand*/
+ tpm_buf_append(&buf, pols->policies[i] + opb_len, 4);
+ failure = "Counter Timer";
+ break;
+ }
default:
failure = "unknown policy";
break;
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 9/9] security: keys: trusted: add password based authorizations to policy keys
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
` (7 preceding siblings ...)
2019-12-30 17:38 ` [PATCH v4 8/9] security: keys: trusted: implement counter/timer policy James Bottomley
@ 2019-12-30 17:38 ` James Bottomley
2019-12-31 16:05 ` [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy Jarkko Sakkinen
9 siblings, 0 replies; 19+ messages in thread
From: James Bottomley @ 2019-12-30 17:38 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Jarkko Sakkinen, David Woodhouse, keyrings
TPM 2.0 has a trick where you can turn off the usual HMAC password
session requirement using TPM2_PolicyPassword, so everywhere we see a
TPM2_PolicyAuthValue (which does require HMAC password), we replace
with the TPM2_PolicyPassword command instead. This allows us to use
passwords with TPM 2.0 trusted keys that also have a policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
include/linux/tpm.h | 1 +
security/keys/trusted-keys/tpm2-policy.c | 16 ++++++++++++++-
security/keys/trusted-keys/trusted_tpm2.c | 34 ++++++++++++++++++++++++++++++-
3 files changed, 49 insertions(+), 2 deletions(-)
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index e32e9728adce..5026a06977e1 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -233,6 +233,7 @@ enum tpm2_command_codes {
TPM2_CC_PCR_EXTEND = 0x0182,
TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
TPM2_CC_HASH_SEQUENCE_START = 0x0186,
+ TPM2_CC_POLICY_PASSWORD = 0x018c,
TPM2_CC_CREATE_LOADED = 0x0191,
TPM2_CC_LAST = 0x0193, /* Spec 1.36 */
};
diff --git a/security/keys/trusted-keys/tpm2-policy.c b/security/keys/trusted-keys/tpm2-policy.c
index 3c7a8e6c84c8..2c93197edf2b 100644
--- a/security/keys/trusted-keys/tpm2-policy.c
+++ b/security/keys/trusted-keys/tpm2-policy.c
@@ -193,7 +193,8 @@ int tpm2_generate_policy_digest(struct tpm2_policies *pols,
policy = digest;
len = *plen;
}
- crypto_shash_update(sdesc, policy, len);
+ if (len)
+ crypto_shash_update(sdesc, policy, len);
/* now output the intermediate to the policydigest */
crypto_shash_final(sdesc, policydigest);
@@ -316,6 +317,16 @@ int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
u32 cmd = pols->code[i];
struct tpm_buf buf;
+ if (cmd == TPM2_CC_POLICY_AUTHVALUE)
+ /*
+ * both PolicyAuthValue and PolicyPassword
+ * hash to the same thing, but one triggers
+ * HMAC authentication and the other simple
+ * authentication. Since we have no HMAC
+ * code, we're choosing the simple
+ */
+ cmd = TPM2_CC_POLICY_PASSWORD;
+
rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, cmd);
if (rc)
return rc;
@@ -357,6 +368,9 @@ int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
}
default:
failure = "unknown policy";
+ if (pols->len[i])
+ tpm_buf_append(&buf, pols->policies[i],
+ pols->len[i]);
break;
}
rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 1f039b39aa7f..169846fde5f7 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -244,6 +244,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
u32 flags;
int i;
int rc;
+ static const int POLICY_SIZE = 2 * PAGE_SIZE;
for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
if (options->hash == tpm2_hash_map[i].crypto_id) {
@@ -264,7 +265,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
/* 4 array len, 2 hash alg */
const int len = 4 + 2 + options->pcrinfo_len;
- pols = kmalloc(sizeof(*pols) + len, GFP_KERNEL);
+ pols = kmalloc(POLICY_SIZE, GFP_KERNEL);
if (!pols)
return -ENOMEM;
@@ -285,6 +286,37 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
return -EINVAL;
}
+ /*
+ * if we already have a policy, we have to add authorization
+ * to it. If we don't, we can simply follow the usual
+ * non-policy route.
+ */
+ if (options->blobauth_len != 0 && payload->policies) {
+ struct tpm2_policies *pols;
+ static u8 *scratch;
+ int i;
+ bool found = false;
+
+ pols = payload->policies;
+
+ /* make sure it's not already in policy */
+ for (i = 0; i < pols->count; i++) {
+ if (pols->code[i] == TPM2_CC_POLICY_AUTHVALUE) {
+ found = true;
+ break;
+ }
+ }
+
+ if (!found) {
+ i = pols->count++;
+ scratch = pols->policies[i - 1] + pols->len[i - 1];
+ /* the TPM2_PolicyPassword command has no payload */
+ pols->policies[i] = scratch;
+ pols->len[i] = 0;
+ pols->code[i] = TPM2_CC_POLICY_AUTHVALUE;
+ }
+ }
+
if (payload->policies) {
rc = tpm2_generate_policy_digest(payload->policies,
options->hash,
--
2.16.4
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
` (8 preceding siblings ...)
2019-12-30 17:38 ` [PATCH v4 9/9] security: keys: trusted: add password based authorizations to policy keys James Bottomley
@ 2019-12-31 16:05 ` Jarkko Sakkinen
9 siblings, 0 replies; 19+ messages in thread
From: Jarkko Sakkinen @ 2019-12-31 16:05 UTC (permalink / raw)
To: James Bottomley; +Cc: linux-integrity, Mimi Zohar, David Woodhouse, keyrings
On Mon, Dec 30, 2019 at 09:37:53AM -0800, James Bottomley wrote:
> This is basically a respin to update the ASN.1 interface to pass
> pointers in and out instead of updating in place. The remainder of
> the patches haven't changed in substance, but have changed to support
> the new ASN.1 encoder API.
>
> General Cover letter description:
>
> I've changed the output format to use the standardised ASN.1 coding
> for TPM2 keys, meaning they should interoperate with userspace TPM2
> key implementations. Apart from interoperability, another advantage
> of the existing key format is that it carries all parameters like
> parent and hash with it and it is capable of carrying policy
> directives in a way that mean they're tied permanently to the key (no
> having to try to remember what the policy was and reconstruct it from
> userspace). This actually allows us to support the TPM 1.2 commands
> like pcrinfo easily in 2.0.
>
> Using the TPM2_PolicyPassword trick, this series now combines
> authorization with policy in a flexible way that would allow us to
> move to HMAC based authorizations later for TPM security. In getting
> passwords to work, I fixed the tpm2 password format in a separate
> patch. TPM 1.2 only allows fixed length authorizations, but TPM 2.0
> allows for variable length passphrases, so we should support that in
> the keys.
>
> James
I'll finally go deep with this as soon as we land the fixes for
https://bugzilla.kernel.org/show_bug.cgi?id=205935.
I'm sorry for ignorance but there's been multiple factors that have
delayed the review (the bug mentioned, kind of sudden steep ramp up to
keyring maintenance as David had to focus on other things, SGX
upstreaming and generally time seems to dissappear somewhere towards the
end of the year).
This week is a bit catching up but I'm sure that next week I have space
to give the focus the patch set requires (and deserves).
/Jarkko
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 1/9] lib: add asn.1 encoder
2019-12-30 17:37 ` [PATCH v4 1/9] lib: add asn.1 encoder James Bottomley
@ 2020-01-06 18:09 ` Jarkko Sakkinen
2020-01-07 0:17 ` James Bottomley
0 siblings, 1 reply; 19+ messages in thread
From: Jarkko Sakkinen @ 2020-01-06 18:09 UTC (permalink / raw)
To: James Bottomley, linux-integrity; +Cc: Mimi Zohar, David Woodhouse, keyrings
On Mon, 2019-12-30 at 09:37 -0800, James Bottomley wrote:
> We have a need in the TPM trusted keys to return the ASN.1 form of the
> TPM key blob so it can be operated on by tools outside of the kernel.
> To do that, we have to be able to read and write the key format. The
> current ASN.1 decoder does fine for reading, but we need pieces of an
> ASN.1 encoder to return the key blob.
>
> The current implementation only encodes the ASN.1 bits we actually need.
>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Please be explicit with the external tools. You must have specific
tools in mind that you use. The abstraction level is unacceptable.
> ---
>
> v2: updated API to use indefinite length, and made symbol exports gpl
> v3: add data length error handling
> v4: use end_data instead of data_len pointer
> ---
> include/linux/asn1_encoder.h | 32 ++++
> lib/Makefile | 2 +-
> lib/asn1_encoder.c | 391 +++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 424 insertions(+), 1 deletion(-)
> create mode 100644 include/linux/asn1_encoder.h
> create mode 100644 lib/asn1_encoder.c
>
> diff --git a/include/linux/asn1_encoder.h b/include/linux/asn1_encoder.h
> new file mode 100644
> index 000000000000..08cd0c2ad34f
> --- /dev/null
> +++ b/include/linux/asn1_encoder.h
> @@ -0,0 +1,32 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +
> +#ifndef _LINUX_ASN1_ENCODER_H
> +#define _LINUX_ASN1_ENCODER_H
> +
> +#include <linux/types.h>
> +#include <linux/asn1.h>
> +#include <linux/asn1_ber_bytecode.h>
> +#include <linux/bug.h>
> +
> +#define asn1_oid_len(oid) (sizeof(oid)/sizeof(u32))
> +unsigned char *
> +asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
> + s64 integer);
> +unsigned char *
> +asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
> + u32 oid[], int oid_len);
> +unsigned char *
> +asn1_encode_tag(unsigned char *data, const unsigned char *end_data,
> + u32 tag, const unsigned char *string, int len);
> +unsigned char *
> +asn1_encode_octet_string(unsigned char *data,
> + const unsigned char *end_data,
> + const unsigned char *string, u32 len);
> +unsigned char *
> +asn1_encode_sequence(unsigned char *data, const unsigned char *end_data,
> + const unsigned char *seq, int len);
> +unsigned char *
> +asn1_encode_boolean(unsigned char *data, const unsigned char *end_data,
> + bool val);
> +
> +#endif
> diff --git a/lib/Makefile b/lib/Makefile
> index c2f0e2a4e4e8..515b35f92c3c 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -233,7 +233,7 @@ obj-$(CONFIG_INTERVAL_TREE_TEST) += interval_tree_test.o
>
> obj-$(CONFIG_PERCPU_TEST) += percpu_test.o
>
> -obj-$(CONFIG_ASN1) += asn1_decoder.o
> +obj-$(CONFIG_ASN1) += asn1_decoder.o asn1_encoder.o
>
> obj-$(CONFIG_FONT_SUPPORT) += fonts/
>
> diff --git a/lib/asn1_encoder.c b/lib/asn1_encoder.c
> new file mode 100644
> index 000000000000..e3d9631a50fd
> --- /dev/null
> +++ b/lib/asn1_encoder.c
> @@ -0,0 +1,391 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Simple encoder primitives for ASN.1 BER/DER/CER
> + *
> + * Copyright (C) 2019 James.Bottomley@HansenPartnership.com
How much explicit copyright statements really matter for new code? This is
something that bothers me when reviewing patches as GIT log itself should be
able to acknowledge the copyright implicitly.
> + */
> +
> +#include <linux/asn1_encoder.h>
> +#include <linux/bug.h>
> +#include <linux/string.h>
> +#include <linux/module.h>
> +
> +/**
> + * asn1_encode_integer - encode positive integer to ASN.1
Parentheses missing [1].
> + * @data: pointer to the pointer to the data
> + * @end_data: end of data pointer, points one beyond last usable byte in @data
> + * @integer: integer to be encoded
Please align [1].
> + *
> + * This is a simplified encoder: it only currently does
> + * positive integers, but it should be simple enough to add the
> + * negative case if a use comes along.
> + */
> +unsigned char *
> +asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
> + s64 integer)
> +{
> + unsigned char *d = &data[2];
> + int i;
> + bool found = false;
> + int data_len = end_data - data;
> +
> + if (WARN(integer < 0,
> + "BUG: integer encode only supports positive integers"))
Please replace with WARN_ON(). Maintaining custom log messages here is
senseless as this could only emit from a programming error.
> + return ERR_PTR(-EINVAL);
> +
> + if (IS_ERR(data))
> + return data;
> +
> + if (data_len < 3)
> + return ERR_PTR(-EINVAL);
> +
> + data_len -= 2;
What is point of this (please add a comment to the source code since it was not
obvious)? Also, why not have this substracted in the initialization.
> +
> + data[0] = _tag(UNIV, PRIM, INT);
Empty line.
> + if (integer == 0) {
> + *d++ = 0;
> + goto out;
> + }
Empty line.
> + for (i = sizeof(integer); i > 0 ; i--) {
> + int byte = integer >> (8*(i-1));
> +
> + if (!found && byte == 0)
> + continue;
Empty line.
> + /*
> + * for a positive number the first byte must have bit
> + * 7 clear in two's complement (otherwise it's a
> + * negative number) so prepend a leading zero if
> + * that's not the case
> + */
> + if (!found && (byte & 0x80)) {
> + /*
> + * no check needed here, we already know we
> + * have len >= 1
> + */
> + *d++ = 0;
> + data_len--;
> + }
Empty line.
> + found = true;
> + if (data_len == 0)
> + return ERR_PTR(-EINVAL);
Why not:
int data_len = end_data - data - 2;
> + *d++ = byte;
> + data_len--;
> + }
Empty line before the label.
> + out:
> + data[1] = d - data - 2;
> +
> + return d;
> +}
> +EXPORT_SYMBOL_GPL(asn1_encode_integer);
> +
> +/* calculate the base 128 digit values setting the top bit of the first octet */
> +static int asn1_encode_oid_digit(unsigned char **_data, int *data_len, u32 oid)
> +{
> + int start = 7 + 7 + 7 + 7;
> + unsigned char *data = *_data;
> + int ret = 0;
> +
> + if (*data_len < 1)
> + return -EINVAL;
> +
> + /* quick case */
> + if (oid == 0) {
> + *data++ = 0x80;
> + (*data_len)--;
> + goto out;
> + }
> +
> + while (oid >> start == 0)
> + start -= 7;
> +
> + while (start > 0 && *data_len > 0) {
> + u8 byte;
> +
> + byte = oid >> start;
> + oid = oid - (byte << start);
> + start -= 7;
> + byte |= 0x80;
> + *data++ = byte;
> + (*data_len)--;
> + }
> + if (*data_len > 0) {
> + *data++ = oid;
> + (*data_len)--;
> + } else {
> + ret = -EINVAL;
> + }
> +
> + out:
> + *_data = data;
> + return ret;
> +}
> +
> +/**
> + * asn1_encode_oid - encode an oid to ASN.1
> + * @data: position to begin encoding at
> + * @end_data: end of data pointer, points one beyond last usable byte in @data
> + * @oid: array of oids
> + * @oid_len: length of oid array
> + *
> + * this encodes an OID up to ASN.1 when presented as an array of OID values
> + */
> +unsigned char *
> +asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
> + u32 oid[], int oid_len)
> +{
> + unsigned char *d = data + 2;
> + int i, ret;
> + int data_len = end_data - data;
> +
> + if (WARN(oid_len < 2, "OID must have at least two elements"))
> + return ERR_PTR(-EINVAL);
> + if (WARN(oid_len > 32, "OID is too large"))
> + return ERR_PTR(-EINVAL);
> + if (IS_ERR(data))
> + return data;
> + if (data_len < 2)
> + return ERR_PTR(-EINVAL);
> +
> + data[0] = _tag(UNIV, PRIM, OID);
> + *d++ = oid[0] * 40 + oid[1];
> + data_len -= 2;
> + ret = 0;
> + for (i = 2; i < oid_len; i++) {
> + ret = asn1_encode_oid_digit(&d, &data_len, oid[i]);
> + if (ret < 0)
> + return ERR_PTR(ret);
> + }
> + data[1] = d - data - 2;
> + return d;
> +}
> +EXPORT_SYMBOL_GPL(asn1_encode_oid);
> +
> +static int asn1_encode_length(unsigned char **data, int *data_len, int len)
> +{
> + if (*data_len < 1)
> + return -EINVAL;
> + if (len < 0) {
> + *((*data)++) = ASN1_INDEFINITE_LENGTH;
> + (*data_len)--;
> + return 0;
> + }
> + if (len <= 0x7f) {
> + *((*data)++) = len;
> + (*data_len)--;
> + return 0;
> + }
> +
> + if (*data_len < 2)
> + return -EINVAL;
> + if (len <= 0xff) {
> + *((*data)++) = 0x81;
> + *((*data)++) = len & 0xff;
> + *data_len -= 2;
> + return 0;
> + }
> +
> + if (*data_len < 3)
> + return -EINVAL;
> + if (len <= 0xffff) {
> + *((*data)++) = 0x82;
> + *((*data)++) = (len >> 8) & 0xff;
> + *((*data)++) = len & 0xff;
> + *data_len -= 3;
> + return 0;
> + }
> +
> + if (WARN(len > 0xffffff, "ASN.1 length can't be > 0xffffff"))
> + return -EINVAL;
> +
> + if (*data_len < 4)
> + return -EINVAL;
> + *((*data)++) = 0x83;
> + *((*data)++) = (len >> 16) & 0xff;
> + *((*data)++) = (len >> 8) & 0xff;
> + *((*data)++) = len & 0xff;
> + *data_len -= 4;
> +
> + return 0;
> +}
> +
> +/**
> + * asn1_encode_tag - add a tag for optional or explicit value
> + * @data: pointer to place tag at
> + * @end_data: end of data pointer, points one beyond last usable byte in @data
> + * @tag: tag to be placed
> + * @string: the data to be tagged
> + * @len: the length of the data to be tagged
> + *
> + * Note this currently only handles short form tags < 31. To encode
> + * in place pass a NULL @string and -1 for @len; all this will do is
> + * add an indefinite length tag and update the data pointer to the
> + * place where the tag contents should be placed. After the data is
> + * placed, repeat the prior statement but now with the known length.
> + * In order to avoid having to keep both before and after pointers,
> + * the repeat expects to be called with @data pointing to where the
> + * first encode placed it.
> + */
> +unsigned char *
> +asn1_encode_tag(unsigned char *data, const unsigned char *end_data,
> + u32 tag, const unsigned char *string, int len)
> +{
> + int ret;
> + int data_len = end_data - data;
> +
> + if (WARN(tag > 30, "ASN.1 tag can't be > 30"))
> + return ERR_PTR(-EINVAL);
> +
> + if (!string && WARN(len > 127,
> + "BUG: recode tag is too big (>127)"))
> + return ERR_PTR(-EINVAL);
> + if (IS_ERR(data))
> + return data;
> +
> + if (!string && len > 0) {
> + /*
> + * we're recoding, so move back to the start of the
> + * tag and install a dummy length because the real
> + * data_len should be NULL
> + */
> + data -= 2;
> + data_len = 2;
> + }
> +
> + if (data_len < 2)
> + return ERR_PTR(-EINVAL);
> +
> + *(data++) = _tagn(CONT, CONS, tag);
> + data_len--;
> + ret = asn1_encode_length(&data, &data_len, len);
> + if (ret < 0)
> + return ERR_PTR(ret);
> + if (!string)
> + return data;
> + if (data_len < len)
> + return ERR_PTR(-EINVAL);
> + memcpy(data, string, len);
> + data += len;
> +
> + return data;
> +}
> +EXPORT_SYMBOL_GPL(asn1_encode_tag);
> +
> +/**
> + * asn1_encode_octet_string - encode an ASN.1 OCTET STRING
> + * @data: pointer to encode at
> + * @end_data: end of data pointer, points one beyond last usable byte in @data
> + * @string: string to be encoded
> + * @len: length of string
> + *
> + * Note ASN.1 octet strings may contain zeros, so the length is obligatory.
> + */
> +unsigned char *
> +asn1_encode_octet_string(unsigned char *data,
> + const unsigned char *end_data,
> + const unsigned char *string, u32 len)
> +{
> + int ret;
> + int data_len = end_data - data;
> +
> + if (IS_ERR(data))
> + return data;
> +
> + if (data_len < 2)
> + return ERR_PTR(-EINVAL);
> +
> + *(data++) = _tag(UNIV, PRIM, OTS);
> + data_len--;
> + ret = asn1_encode_length(&data, &data_len, len);
> + if (ret)
> + return ERR_PTR(ret);
> +
> + if (data_len < len)
> + return ERR_PTR(-EINVAL);
> +
> + memcpy(data, string, len);
> + data += len;
> +
> + return data;
> +}
> +EXPORT_SYMBOL_GPL(asn1_encode_octet_string);
> +
> +/**
> + * asn1_encode_sequence - wrap a byte stream in an ASN.1 SEQUENCE
> + * @data: pointer to encode at
> + * @end_data: end of data pointer, points one beyond last usable byte in @data
> + * @seq: data to be encoded as a sequence
> + * @len: length of the data to be encoded as a sequence
> + *
> + * Fill in a sequence. To encode in place, pass NULL for @seq and -1
> + * for @len; then call again once the length is known (still with NULL
> + * for @seq). In order to avoid having to keep both before and after
> + * pointers, the repeat expects to be called with @data pointing to
> + * where the first encode placed it.
> + */
> +unsigned char *
> +asn1_encode_sequence(unsigned char *data, const unsigned char *end_data,
> + const unsigned char *seq, int len)
> +{
> + int ret;
> + int data_len = end_data - data;
> +
> + if (!seq && WARN(len > 127,
> + "BUG: recode sequence is too big (>127)"))
> + return ERR_PTR(-EINVAL);
> + if (IS_ERR(data))
> + return data;
> + if (!seq && len >= 0) {
> + /*
> + * we're recoding, so move back to the start of the
> + * sequence and install a dummy length because the
> + * real length should be NULL
> + */
> + data -= 2;
> + data_len = 2;
> + }
> +
> + if (data_len < 2)
> + return ERR_PTR(-EINVAL);
> +
> + *(data++) = _tag(UNIV, CONS, SEQ);
> + data_len--;
> + ret = asn1_encode_length(&data, &data_len, len);
> + if (ret)
> + return ERR_PTR(ret);
> + if (!seq)
> + return data;
> +
> + if (data_len < len)
> + return ERR_PTR(-EINVAL);
> +
> + memcpy(data, seq, len);
> + data += len;
> +
> + return data;
> +}
> +EXPORT_SYMBOL_GPL(asn1_encode_sequence);
> +
> +/**
> + * asn1_encode_boolean - encode a boolean value to ASN.1
> + * @data: pointer to encode at
> + * @end_data: end of data pointer, points one beyond last usable byte in @data
> + * @val: the boolean true/false value
> + */
> +unsigned char *
> +asn1_encode_boolean(unsigned char *data, const unsigned char *end_data,
> + bool val)
> +{
> + int data_len = end_data - data;
> +
> + if (IS_ERR(data))
> + return data;
> + if (data_len < 3)
> + return ERR_PTR(-EINVAL);
This patch is full of overly packed code. Please just make
it more spacy and readable.
> + *(data++) = _tag(UNIV, PRIM, BOOL);
> + data_len--;
> + asn1_encode_length(&data, &data_len, 1);
> + *(data++) = val ? 1 : 0;
Please do not use ternary operator but instead:
if (*data)
*(data++) = 1;
else
*(data++) = 0;
> +
> + return data;
> +}
> +EXPORT_SYMBOL_GPL(asn1_encode_boolean);
[1] https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
/Jarkko
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations
2019-12-30 17:37 ` [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations James Bottomley
@ 2020-01-06 21:45 ` Jarkko Sakkinen
2020-01-06 21:48 ` Jarkko Sakkinen
2020-01-07 1:08 ` James Bottomley
0 siblings, 2 replies; 19+ messages in thread
From: Jarkko Sakkinen @ 2020-01-06 21:45 UTC (permalink / raw)
To: James Bottomley, linux-integrity; +Cc: Mimi Zohar, David Woodhouse, keyrings
On Mon, 2019-12-30 at 09:37 -0800, James Bottomley wrote:
> In TPM 1.2 an authorization was a 20 byte number. The spec actually
> recommended you to hash variable length passwords and use the sha1
> hash as the authorization. Because the spec doesn't require this
> hashing, the current authorization for trusted keys is a 40 digit hex
> number. For TPM 2.0 the spec allows the passing in of variable length
> passwords and passphrases directly, so we should allow that in trusted
> keys for ease of use. Update the 'blobauth' parameter to take this
> into account, so we can now use plain text passwords for the keys.
>
> so before
>
> keyctl add trusted kmk "new 32 blobauth=f572d396fae9206628714fb2ce00f72e94f2258f"
>
> after:
>
> keyctl add trusted kmk "new 32 blobauth=hello keyhandle=81000001"
>
> Note this is both and enhancement and a potential bug fix. The TPM
> 2.0 spec requires us to strip leading zeros, meaning empyty
> authorization is a zero length HMAC whereas we're currently passing in
> 20 bytes of zeros. A lot of TPMs simply accept this as OK, but the
> Microsoft TPM emulator rejects it with TPM_RC_BAD_AUTH, so this patch
> makes the Microsoft TPM emulator work with trusted keys.
Even if for good reasons, you should be explicit when you make an API
change that is not backwards compatible.
>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> ---
> include/keys/trusted-type.h | 1 +
> security/keys/trusted-keys/trusted_tpm1.c | 24 +++++++++++++++++++-----
> security/keys/trusted-keys/trusted_tpm2.c | 9 +++++----
> 3 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
> index a94c03a61d8f..b2ed3481c6a0 100644
> --- a/include/keys/trusted-type.h
> +++ b/include/keys/trusted-type.h
> @@ -30,6 +30,7 @@ struct trusted_key_options {
> uint16_t keytype;
> uint32_t keyhandle;
> unsigned char keyauth[TPM_DIGEST_SIZE];
> + uint32_t blobauth_len;
> unsigned char blobauth[TPM_DIGEST_SIZE];
> uint32_t pcrinfo_len;
> unsigned char pcrinfo[MAX_PCRINFO_SIZE];
> diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
> index d2c5ec1e040b..ef15b6cda6ec 100644
> --- a/security/keys/trusted-keys/trusted_tpm1.c
> +++ b/security/keys/trusted-keys/trusted_tpm1.c
> @@ -781,12 +781,26 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> return -EINVAL;
> break;
> case Opt_blobauth:
> - if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
> - return -EINVAL;
> - res = hex2bin(opt->blobauth, args[0].from,
> - SHA1_DIGEST_SIZE);
> - if (res < 0)
> + /*
> + * TPM 1.2 authorizations are sha1 hashes
> + * passed in as hex strings. TPM 2.0
> + * authorizations are simple passwords
> + * (although it can take a hash as well)
> + */
> + opt->blobauth_len = strlen(args[0].from);
> + if (opt->blobauth_len == 2 * TPM_DIGEST_SIZE) {
> + res = hex2bin(opt->blobauth, args[0].from,
> + TPM_DIGEST_SIZE);
> + if (res < 0)
> + return -EINVAL;
> + opt->blobauth_len = TPM_DIGEST_SIZE;
> + } else if (tpm2 &&
> + opt->blobauth_len <= sizeof(opt->blobauth)) {
> + memcpy(opt->blobauth, args[0].from,
> + opt->blobauth_len);
> + } else {
> return -EINVAL;
> + }
I don't see any reason of packing conditional statements like this even
if it has been done in the past. Makes the code only exhausting to read.
I'd consider moving the whole code block to a static function of its
own. Please also document to that function how the passphrase is
handled in TPM 1.2 and TPM 2.0 (you can derive it from you commit
message description) just to remind us how it is being handled when
reviewing future patches.
> break;
> case Opt_migratable:
> if (*args[0].from == '0')
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> index 08ec7f48f01d..11a331a94327 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -91,10 +91,11 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> TPM_DIGEST_SIZE);
>
> /* sensitive */
> - tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
> + tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len + 1);
>
> - tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
> - tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
> + tpm_buf_append_u16(&buf, options->blobauth_len);
Empty line.
> + if (options->blobauth_len)
> + tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
Empty line.
> tpm_buf_append_u16(&buf, payload->key_len + 1);
> tpm_buf_append(&buf, payload->key, payload->key_len);
> tpm_buf_append_u8(&buf, payload->migratable);
> @@ -258,7 +259,7 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
> NULL /* nonce */, 0,
> TPM2_SA_CONTINUE_SESSION,
> options->blobauth /* hmac */,
> - TPM_DIGEST_SIZE);
> + options->blobauth_len);
>
> rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
> if (rc > 0)
/Jarkko
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations
2020-01-06 21:45 ` Jarkko Sakkinen
@ 2020-01-06 21:48 ` Jarkko Sakkinen
2020-01-07 1:08 ` James Bottomley
1 sibling, 0 replies; 19+ messages in thread
From: Jarkko Sakkinen @ 2020-01-06 21:48 UTC (permalink / raw)
To: James Bottomley, linux-integrity; +Cc: Mimi Zohar, David Woodhouse, keyrings
On Mon, 2020-01-06 at 23:45 +0200, Jarkko Sakkinen wrote:
> On Mon, 2019-12-30 at 09:37 -0800, James Bottomley wrote:
> > In TPM 1.2 an authorization was a 20 byte number. The spec actually
> > recommended you to hash variable length passwords and use the sha1
> > hash as the authorization. Because the spec doesn't require this
> > hashing, the current authorization for trusted keys is a 40 digit hex
> > number. For TPM 2.0 the spec allows the passing in of variable length
> > passwords and passphrases directly, so we should allow that in trusted
> > keys for ease of use. Update the 'blobauth' parameter to take this
> > into account, so we can now use plain text passwords for the keys.
> >
> > so before
> >
> > keyctl add trusted kmk "new 32 blobauth=f572d396fae9206628714fb2ce00f72e94f2258f"
> >
> > after:
> >
> > keyctl add trusted kmk "new 32 blobauth=hello keyhandle=81000001"
> >
> > Note this is both and enhancement and a potential bug fix. The TPM
> > 2.0 spec requires us to strip leading zeros, meaning empyty
> > authorization is a zero length HMAC whereas we're currently passing in
> > 20 bytes of zeros. A lot of TPMs simply accept this as OK, but the
> > Microsoft TPM emulator rejects it with TPM_RC_BAD_AUTH, so this patch
> > makes the Microsoft TPM emulator work with trusted keys.
>
> Even if for good reasons, you should be explicit when you make an API
> change that is not backwards compatible.
Also you have illformed abbrevation in your short summary. Should
be TPM2, not tpm2.
/Jarkko
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 4/9] security: keys: trusted: use ASN.1 tpm2 key format for the blobs
2019-12-30 17:37 ` [PATCH v4 4/9] security: keys: trusted: use ASN.1 tpm2 key format for the blobs James Bottomley
@ 2020-01-06 21:53 ` Jarkko Sakkinen
0 siblings, 0 replies; 19+ messages in thread
From: Jarkko Sakkinen @ 2020-01-06 21:53 UTC (permalink / raw)
To: James Bottomley, linux-integrity; +Cc: Mimi Zohar, David Woodhouse, keyrings
On Mon, 2019-12-30 at 09:37 -0800, James Bottomley wrote:
Again bad formatting in the short summary.
> Modify the tpm2 key format blob output to export and import in the
> ASN.1 form for tpm2 sealed object keys. For compatibility with prior
> trusted keys, the importer will also accept two tpm2b quantities
> representing the public and private parts of the key. However, the
> export via keyctl pipe will only output the ASN.1 format.
I think this is fair enough when it comes to backwards compatibility.
What you should do with the earlier patch is to document in the commit
message this framework for backwards compatibility. It is redundancy
but makes the commit log easier to follow. E.g. tell in that commit
message that ASN.1 loader will handle loading old blobs.
> The benefit of the ASN.1 format is that it's a standard and thus the
> exported key can be used by userspace tools. The format includes
> policy specifications, thus it gets us out of having to construct
> policy handles in userspace and the format includes the parent meaning
> you don't have to keep passing it in each time.
Please be explicit with the tools you are referring. Point out what
you are using if there is variable number of choices.
In high-level the code change itself looks good.
/Jarkko
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 5/9] security: keys: trusted: Make sealed key properly interoperable
2019-12-30 17:37 ` [PATCH v4 5/9] security: keys: trusted: Make sealed key properly interoperable James Bottomley
@ 2020-01-06 21:58 ` Jarkko Sakkinen
0 siblings, 0 replies; 19+ messages in thread
From: Jarkko Sakkinen @ 2020-01-06 21:58 UTC (permalink / raw)
To: James Bottomley, linux-integrity; +Cc: Mimi Zohar, David Woodhouse, keyrings
On Mon, 2019-12-30 at 09:37 -0800, James Bottomley wrote:
> The current implementation appends a migratable flag to the end of a
> key, meaning the format isn't exactly interoperable because the using
> party needs to know to strip this extra byte. However, all other
> consumers of TPM sealed blobs expect the unseal to return exactly the
> key. Since TPM2 keys have a key property flag that corresponds to
> migratable, use that flag instead and make the actual key the only
> sealed quantity. This is secure because the key properties are bound
> to a hash in the private part, so if they're altered the key won't
> load.
>
> Backwards compatibility is implemented by detecting whether we're
> loading a new format key or not and correctly setting migratable from
> the last byte of old format keys.
>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
I'll stop review here as I'm now quite confident that in high-level
this going to right direction.
For remaining patches:
- Be more explict with the tools. That will also give a framework to
easily test the patches.
- Same remarks for the code formatting as I gave to earlier.
/Jarkko
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 1/9] lib: add asn.1 encoder
2020-01-06 18:09 ` Jarkko Sakkinen
@ 2020-01-07 0:17 ` James Bottomley
0 siblings, 0 replies; 19+ messages in thread
From: James Bottomley @ 2020-01-07 0:17 UTC (permalink / raw)
To: Jarkko Sakkinen, linux-integrity; +Cc: Mimi Zohar, David Woodhouse, keyrings
On Mon, 2020-01-06 at 20:09 +0200, Jarkko Sakkinen wrote:
> On Mon, 2019-12-30 at 09:37 -0800, James Bottomley wrote:
> > We have a need in the TPM trusted keys to return the ASN.1 form of
> > the TPM key blob so it can be operated on by tools outside of the
> > kernel. To do that, we have to be able to read and write the key
> > format. The current ASN.1 decoder does fine for reading, but we
> > need pieces of an ASN.1 encoder to return the key blob.
> >
> > The current implementation only encodes the ASN.1 bits we actually
> > need.
> >
> > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.c
> > om>
>
> Please be explicit with the external tools. You must have specific
> tools in mind that you use. The abstraction level is unacceptable.
There are three current tools that use the ASN.1 format: the
openssl_tpm2_engine:
https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/
Openconnect:
http://git.infradead.org/users/dwmw2/openconnect.git
And the Intel TSS implementation of the openssl engine:
https://github.com/tpm2-software/tpm2-tss-engine
[...]
> > --- /dev/null
> > +++ b/lib/asn1_encoder.c
> > @@ -0,0 +1,391 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +/*
> > + * Simple encoder primitives for ASN.1 BER/DER/CER
> > + *
> > + * Copyright (C) 2019 James.Bottomley@HansenPartnership.com
>
> How much explicit copyright statements really matter for new code?
> This is something that bothers me when reviewing patches as GIT log
> itself should be able to acknowledge the copyright implicitly.
This is actually the recommended statutory form of the US Copyright
Act:
https://www.copyright.gov/title17/92chap4.html
The Berne convention subsequently mandated that copyright should
subsist without the notice being required (and this became the law in
the US in 1989 meaning that for works after this date in the US, lack
of copyright notice can't be used as evidence of no copyright in the
file) but this is unevenly adhered to in the rest of the world, so the
US Copyright office recommends the notice should still be present.
The McHardy cases showed us the difficulty of convincing courts to
believe technology like git over simple statements in files, so it's
still best practice for all files in the kernel to have a copyright
notice just in case.
> > + */
> > +
> > +#include <linux/asn1_encoder.h>
> > +#include <linux/bug.h>
> > +#include <linux/string.h>
> > +#include <linux/module.h>
> > +
> > +/**
> > + * asn1_encode_integer - encode positive integer to ASN.1
>
> Parentheses missing [1].
>
> > + * @data: pointer to the pointer to the data
> > + * @end_data: end of data pointer, points one beyond last usable
> > byte in @data
> > + * @integer: integer to be encoded
>
> Please align [1].
Will fix both.
> > + *
> > + * This is a simplified encoder: it only currently does
> > + * positive integers, but it should be simple enough to add the
> > + * negative case if a use comes along.
> > + */
> > +unsigned char *
> > +asn1_encode_integer(unsigned char *data, const unsigned char
> > *end_data,
> > + s64 integer)
> > +{
> > + unsigned char *d = &data[2];
> > + int i;
> > + bool found = false;
> > + int data_len = end_data - data;
> > +
> > + if (WARN(integer < 0,
> > + "BUG: integer encode only supports positive
> > integers"))
>
> Please replace with WARN_ON(). Maintaining custom log messages here
> is senseless as this could only emit from a programming error.
I've got to say, having tripped a few of these, that I do like the
explicit message telling me why the warn on triggered and what I need
to do about it. But I do admit it's only a minor inconvenience to
trace the WARN_ON back throught the file.
> > + return ERR_PTR(-EINVAL);
> > +
> > + if (IS_ERR(data))
> > + return data;
> > +
> > + if (data_len < 3)
> > + return ERR_PTR(-EINVAL);
> > +
> > + data_len -= 2;
>
> What is point of this (please add a comment to the source code since
> it was not obvious)? Also, why not have this substracted in the
> initialization.
All ASN.1 elements begin with a tag and a length. An integer must also
have a value, so it must be at least 3 bytes. The reason for
subtracting 2 is that we insert the tag, save the length and begin
coding the integer in the for loop.
If I start data_len = end_data - data - 2 I then have to explain that
the if (data_len < 1) in fact means we need three bytes available
instead of its being obvious.
>
> > +
> > + data[0] = _tag(UNIV, PRIM, INT);
>
> Empty line.
Yes, I'll try to do more spacing.
[...]
> This patch is full of overly packed code. Please just make
> it more spacy and readable.
>
> > + *(data++) = _tag(UNIV, PRIM, BOOL);
> > + data_len--;
> > + asn1_encode_length(&data, &data_len, 1);
> > + *(data++) = val ? 1 : 0;
>
> Please do not use ternary operator but instead:
>
> if (*data)
> *(data++) = 1;
> else
> *(data++) = 0;
If (val) but yes, I can do that.
James
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations
2020-01-06 21:45 ` Jarkko Sakkinen
2020-01-06 21:48 ` Jarkko Sakkinen
@ 2020-01-07 1:08 ` James Bottomley
2020-01-08 16:19 ` Jarkko Sakkinen
1 sibling, 1 reply; 19+ messages in thread
From: James Bottomley @ 2020-01-07 1:08 UTC (permalink / raw)
To: Jarkko Sakkinen, linux-integrity; +Cc: Mimi Zohar, David Woodhouse, keyrings
On Mon, 2020-01-06 at 23:45 +0200, Jarkko Sakkinen wrote:
> On Mon, 2019-12-30 at 09:37 -0800, James Bottomley wrote:
> > In TPM 1.2 an authorization was a 20 byte number. The spec
> > actually
> > recommended you to hash variable length passwords and use the sha1
> > hash as the authorization. Because the spec doesn't require this
> > hashing, the current authorization for trusted keys is a 40 digit
> > hex number. For TPM 2.0 the spec allows the passing in of variable
> > length passwords and passphrases directly, so we should allow that
> > in trusted keys for ease of use. Update the 'blobauth' parameter
> > to take this into account, so we can now use plain text passwords
> > for the keys.
> >
> > so before
> >
> > keyctl add trusted kmk "new 32
> > blobauth=f572d396fae9206628714fb2ce00f72e94f2258f"
> >
> > after:
> >
> > keyctl add trusted kmk "new 32 blobauth=hello keyhandle=81000001"
> >
> > Note this is both and enhancement and a potential bug fix. The TPM
> > 2.0 spec requires us to strip leading zeros, meaning empyty
> > authorization is a zero length HMAC whereas we're currently passing
> > in 20 bytes of zeros. A lot of TPMs simply accept this as OK, but
> > the Microsoft TPM emulator rejects it with TPM_RC_BAD_AUTH, so this
> > patch makes the Microsoft TPM emulator work with trusted keys.
>
> Even if for good reasons, you should be explicit when you make an API
> change that is not backwards compatible.
This change should be backwards compatible. I've got a set of TPMs,
one of which works both before and after and another which doesn't work
before but does after, so all it does is increase the set of TPMs that
work with the authorizations i.e. if the TPM worked before, it
continues to work after.
I think what happens in the TPMs that work before is that they
explicily remove trailing zeros and ones that don't work before don't.
Actually, the before form (20 hex bytes) still works in the after case
... I'll make that clear in the commit message.
James
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations
2020-01-07 1:08 ` James Bottomley
@ 2020-01-08 16:19 ` Jarkko Sakkinen
0 siblings, 0 replies; 19+ messages in thread
From: Jarkko Sakkinen @ 2020-01-08 16:19 UTC (permalink / raw)
To: James Bottomley, linux-integrity; +Cc: Mimi Zohar, David Woodhouse, keyrings
On Mon, 2020-01-06 at 17:08 -0800, James Bottomley wrote:
> > Even if for good reasons, you should be explicit when you make an API
> > change that is not backwards compatible.
>
> This change should be backwards compatible. I've got a set of TPMs,
> one of which works both before and after and another which doesn't work
> before but does after, so all it does is increase the set of TPMs that
> work with the authorizations i.e. if the TPM worked before, it
> continues to work after.
>
> I think what happens in the TPMs that work before is that they
> explicily remove trailing zeros and ones that don't work before don't.
>
> Actually, the before form (20 hex bytes) still works in the after case
> ... I'll make that clear in the commit message.
OK, got it, thanks! Yeah, obviously would not hurt to be bit more
explicit.
/Jarkko
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2020-01-08 16:19 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-30 17:37 [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy James Bottomley
2019-12-30 17:37 ` [PATCH v4 1/9] lib: add asn.1 encoder James Bottomley
2020-01-06 18:09 ` Jarkko Sakkinen
2020-01-07 0:17 ` James Bottomley
2019-12-30 17:37 ` [PATCH v4 2/9] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
2019-12-30 17:37 ` [PATCH v4 3/9] security: keys: trusted fix tpm2 authorizations James Bottomley
2020-01-06 21:45 ` Jarkko Sakkinen
2020-01-06 21:48 ` Jarkko Sakkinen
2020-01-07 1:08 ` James Bottomley
2020-01-08 16:19 ` Jarkko Sakkinen
2019-12-30 17:37 ` [PATCH v4 4/9] security: keys: trusted: use ASN.1 tpm2 key format for the blobs James Bottomley
2020-01-06 21:53 ` Jarkko Sakkinen
2019-12-30 17:37 ` [PATCH v4 5/9] security: keys: trusted: Make sealed key properly interoperable James Bottomley
2020-01-06 21:58 ` Jarkko Sakkinen
2019-12-30 17:37 ` [PATCH v4 6/9] security: keys: trusted: add PCR policy to TPM2 keys James Bottomley
2019-12-30 17:38 ` [PATCH v4 7/9] security: keys: trusted: add ability to specify arbitrary policy James Bottomley
2019-12-30 17:38 ` [PATCH v4 8/9] security: keys: trusted: implement counter/timer policy James Bottomley
2019-12-30 17:38 ` [PATCH v4 9/9] security: keys: trusted: add password based authorizations to policy keys James Bottomley
2019-12-31 16:05 ` [PATCH v4 0/9] TPM 2.0 trusted keys with attached policy Jarkko Sakkinen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).