From: Kees Cook <keescook@chromium.org>
To: Evan Green <evgreen@chromium.org>
Cc: linux-kernel@vger.kernel.org, gwendal@chromium.org,
Eric Biggers <ebiggers@kernel.org>,
Matthew Garrett <mgarrett@aurora.tech>,
jarkko@kernel.org, zohar@linux.ibm.com,
linux-integrity@vger.kernel.org, Pavel Machek <pavel@ucw.cz>,
apronin@chromium.org, dlunev@google.com, rjw@rjwysocki.net,
linux-pm@vger.kernel.org, corbet@lwn.net, jejb@linux.ibm.com,
David Howells <dhowells@redhat.com>, Hao Wu <hao.wu@rubrik.com>,
James Morris <jmorris@namei.org>,
Matthew Garrett <matthewgarrett@google.com>,
Paul Moore <paul@paul-moore.com>,
"Serge E. Hallyn" <serge@hallyn.com>, axelj <axelj@axis.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH v2 05/10] security: keys: trusted: Verify creation data
Date: Tue, 20 Sep 2022 16:06:55 -0700 [thread overview]
Message-ID: <202209201605.505F96D@keescook> (raw)
In-Reply-To: <20220823152108.v2.5.I6cdb522cb5ea28fcd1e35b4cd92cbd067f99269a@changeid>
On Tue, Aug 23, 2022 at 03:25:21PM -0700, Evan Green wrote:
> If a loaded key contains creation data, ask the TPM to verify that
> creation data. This allows users like encrypted hibernate to know that
> the loaded and parsed creation data has not been tampered with.
>
> Partially-sourced-from: Matthew Garrett <mjg59@google.com>
> Signed-off-by: Evan Green <evgreen@chromium.org>
>
> ---
> Source material for this change is at:
> https://patchwork.kernel.org/project/linux-pm/patch/20210220013255.1083202-9-matthewgarrett@google.com/
>
> Changes in v2:
> - Adjust hash len by 2 due to new ASN.1 storage, and add underflow
> check.
>
> include/linux/tpm.h | 1 +
> security/keys/trusted-keys/trusted_tpm2.c | 77 ++++++++++++++++++++++-
> 2 files changed, 77 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 8320cbac6f4009..438f8bc0a50582 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -224,6 +224,7 @@ enum tpm2_command_codes {
> TPM2_CC_SELF_TEST = 0x0143,
> TPM2_CC_STARTUP = 0x0144,
> TPM2_CC_SHUTDOWN = 0x0145,
> + TPM2_CC_CERTIFYCREATION = 0x014A,
> TPM2_CC_NV_READ = 0x014E,
> TPM2_CC_CREATE = 0x0153,
> TPM2_CC_LOAD = 0x0157,
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> index 1d1470b880ca01..f81c6578c7f783 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -691,6 +691,74 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
> return rc;
> }
>
> +/**
> + * tpm2_certify_creation() - execute a TPM2_CertifyCreation command
> + *
> + * @chip: TPM chip to use
> + * @payload: the key data in clear and encrypted form
> + * @blob_handle: the loaded TPM handle of the key
> + *
> + * Return: 0 on success
> + * -EINVAL on tpm error status
> + * < 0 error from tpm_send or tpm_buf_init
> + */
> +static int tpm2_certify_creation(struct tpm_chip *chip,
> + struct trusted_key_payload *payload,
> + u32 blob_handle)
> +{
> + struct tpm_header *head;
> + struct tpm_buf buf;
> + int rc;
> +
> + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CERTIFYCREATION);
> + if (rc)
> + return rc;
> +
> + /* Use TPM_RH_NULL for signHandle */
> + tpm_buf_append_u32(&buf, 0x40000007);
> +
> + /* Object handle */
> + tpm_buf_append_u32(&buf, blob_handle);
> +
> + /* Auth */
> + tpm_buf_append_u32(&buf, 9);
> + tpm_buf_append_u32(&buf, TPM2_RS_PW);
> + tpm_buf_append_u16(&buf, 0);
> + tpm_buf_append_u8(&buf, 0);
> + tpm_buf_append_u16(&buf, 0);
> +
> + /* Qualifying data */
> + tpm_buf_append_u16(&buf, 0);
> +
> + /* Creation data hash */
> + if (payload->creation_hash_len < 2) {
> + rc = -EINVAL;
> + goto out;
> + }
> +
> + tpm_buf_append_u16(&buf, payload->creation_hash_len - 2);
> + tpm_buf_append(&buf, payload->creation_hash + 2,
> + payload->creation_hash_len - 2);
> +
> + /* signature scheme */
> + tpm_buf_append_u16(&buf, TPM_ALG_NULL);
> +
> + /* creation ticket */
> + tpm_buf_append(&buf, payload->tk, payload->tk_len);
> +
> + rc = tpm_transmit_cmd(chip, &buf, 6, "certifying creation data");
> + if (rc)
> + goto out;
> +
> + head = (struct tpm_header *)buf.data;
> +
> + if (head->return_code != 0)
> + rc = -EINVAL;
Do you have a reference to this TPM command spec? I have a dim memory of
some of these commands having success/failure listed separately from
other things in the reply. Is that true here? (i.e. is the return_code
only about "yes I replied" and there is a missing "but the answer is no"
check?)
> +out:
> + tpm_buf_destroy(&buf);
> + return rc;
> +}
> +
> /**
> * tpm2_unseal_trusted() - unseal the payload of a trusted key
> *
> @@ -716,8 +784,15 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
> goto out;
>
> rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
> - tpm2_flush_context(chip, blob_handle);
> + if (rc)
> + goto flush;
> +
> + if (payload->creation_len)
> + rc = tpm2_certify_creation(chip, payload, blob_handle);
>
> +
> +flush:
> + tpm2_flush_context(chip, blob_handle);
> out:
> tpm_put_ops(chip);
>
> --
> 2.31.0
>
Otherwise looks good to me. :)
--
Kees Cook
next prev parent reply other threads:[~2022-09-20 23:07 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-23 22:25 [PATCH v2 00/10] Encrypted Hibernation Evan Green
2022-08-23 22:25 ` [PATCH v2 01/10] tpm: Add support for in-kernel resetting of PCRs Evan Green
2022-08-26 2:59 ` Jarkko Sakkinen
2022-09-07 17:02 ` Evan Green
2022-09-08 5:22 ` Jarkko Sakkinen
2022-08-23 22:25 ` [PATCH v2 02/10] tpm: Allow PCR 23 to be restricted to kernel-only use Evan Green
2022-08-26 3:02 ` Jarkko Sakkinen
2022-09-07 17:03 ` Evan Green
2022-09-13 12:26 ` Stefan Berger
2022-09-20 4:50 ` Jarkko Sakkinen
2022-09-21 15:35 ` Evan Green
2022-09-21 18:02 ` Jarkko Sakkinen
2022-09-21 18:05 ` Jarkko Sakkinen
2022-09-21 19:02 ` Evan Green
2022-08-23 22:25 ` [PATCH v2 03/10] security: keys: trusted: Include TPM2 creation data Evan Green
2022-09-20 23:04 ` Kees Cook
2022-09-23 22:22 ` Evan Green
2022-08-23 22:25 ` [PATCH v2 04/10] security: keys: trusted: Allow storage of PCR values in " Evan Green
2022-08-24 11:56 ` Ben Boeckel
2022-08-24 17:34 ` Evan Green
2022-08-23 22:25 ` [PATCH v2 05/10] security: keys: trusted: Verify " Evan Green
2022-09-20 23:06 ` Kees Cook [this message]
2022-09-23 22:23 ` Evan Green
2022-08-23 22:25 ` [PATCH v2 06/10] PM: hibernate: Add kernel-based encryption Evan Green
2022-09-20 23:09 ` Kees Cook
2022-08-23 22:25 ` [PATCH v2 07/10] PM: hibernate: Use TPM-backed keys to encrypt image Evan Green
2022-09-20 23:16 ` Kees Cook
2022-09-23 22:23 ` Evan Green
2022-09-24 4:31 ` Kees Cook
2022-08-23 22:25 ` [PATCH v2 08/10] PM: hibernate: Mix user key in encrypted hibernate Evan Green
2022-08-23 22:25 ` [PATCH v2 09/10] PM: hibernate: Verify the digest encryption key Evan Green
2022-08-23 22:25 ` [PATCH v2 10/10] PM: hibernate: seal the encryption key with a PCR policy Evan Green
2022-09-20 23:24 ` Kees Cook
2022-08-31 18:34 ` [PATCH v2 00/10] Encrypted Hibernation Limonciello, Mario
2022-09-07 17:03 ` Evan Green
2022-09-20 8:46 ` Pavel Machek
2022-09-20 16:39 ` Evan Green
2022-09-21 18:09 ` Jason Gunthorpe
2022-09-20 22:52 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202209201605.505F96D@keescook \
--to=keescook@chromium.org \
--cc=apronin@chromium.org \
--cc=axelj@axis.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=dlunev@google.com \
--cc=ebiggers@kernel.org \
--cc=evgreen@chromium.org \
--cc=gwendal@chromium.org \
--cc=hao.wu@rubrik.com \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mgarrett@aurora.tech \
--cc=paul@paul-moore.com \
--cc=pavel@ucw.cz \
--cc=rjw@rjwysocki.net \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).