From: David Howells <dhowells@redhat.com>
To: jmorris@namei.org
Cc: Denis Kenzior <denkenz@gmail.com>,
Marcel Holtmann <marcel@holtmann.org>,
Marcel Holtmann <marcel@holtmann.org>,
dhowells@redhat.com, denkenz@gmail.com, keyrings@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 10/22] KEYS: asym_tpm: add skeleton for asym_tpm [ver #2]
Date: Tue, 09 Oct 2018 17:48:02 +0100 [thread overview]
Message-ID: <153910368260.12141.584080509971034256.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <153910360263.12141.6032694262361399627.stgit@warthog.procyon.org.uk>
From: Denis Kenzior <denkenz@gmail.com>
This patch adds the basic skeleton for the asym_tpm asymmetric key
subtype.
Signed-off-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Marcel Holtmann <marcel@holtmann.org>
---
crypto/asymmetric_keys/Kconfig | 11 +++++
crypto/asymmetric_keys/Makefile | 1
crypto/asymmetric_keys/asym_tpm.c | 90 +++++++++++++++++++++++++++++++++++++
include/crypto/asym_tpm_subtype.h | 16 +++++++
4 files changed, 118 insertions(+)
create mode 100644 crypto/asymmetric_keys/asym_tpm.c
create mode 100644 include/crypto/asym_tpm_subtype.h
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 66a7dad7ed3d..b75555c7d8ae 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -21,6 +21,17 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
appropriate hash algorithms (such as SHA-1) must be available.
ENOPKG will be reported if the requisite algorithm is unavailable.
+config ASYMMETRIC_TPM_KEY_SUBTYPE
+ tristate "Asymmetric TPM backed private key subtype"
+ depends on TCG_TPM
+ select CRYPTO_HMAC
+ select CRYPTO_SHA1
+ select CRYPTO_HASH_INFO
+ help
+ This option provides support for TPM backed private key type handling.
+ Operations such as sign, verify, encrypt, decrypt are performed by
+ the TPM after the private key is loaded.
+
config X509_CERTIFICATE_PARSER
tristate "X.509 certificate parser"
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index c38424f55b08..73fbe650ff1d 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -11,6 +11,7 @@ asymmetric_keys-y := \
signature.o
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o
#
# X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
new file mode 100644
index 000000000000..d0b2b97e8e54
--- /dev/null
+++ b/crypto/asymmetric_keys/asym_tpm.c
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: GPL-2.0
+#define pr_fmt(fmt) "ASYM-TPM: "fmt
+#include <linux/slab.h>
+#include <linux/module.h>
+#include <linux/export.h>
+#include <linux/kernel.h>
+#include <linux/seq_file.h>
+#include <linux/scatterlist.h>
+#include <linux/tpm.h>
+#include <keys/asymmetric-subtype.h>
+#include <crypto/asym_tpm_subtype.h>
+
+/*
+ * Provide a part of a description of the key for /proc/keys.
+ */
+static void asym_tpm_describe(const struct key *asymmetric_key,
+ struct seq_file *m)
+{
+ struct tpm_key *tk = asymmetric_key->payload.data[asym_crypto];
+
+ if (!tk)
+ return;
+
+ seq_printf(m, "TPM1.2/Blob");
+}
+
+static void asym_tpm_destroy(void *payload0, void *payload3)
+{
+ struct tpm_key *tk = payload0;
+
+ if (!tk)
+ return;
+
+ kfree(tk->blob);
+ tk->blob_len = 0;
+
+ kfree(tk);
+}
+
+/* Given the blob, parse it and load it into the TPM */
+struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len)
+{
+ int r;
+ struct tpm_key *tk;
+
+ r = tpm_is_tpm2(NULL);
+ if (r < 0)
+ goto error;
+
+ /* We don't support TPM2 yet */
+ if (r > 0) {
+ r = -ENODEV;
+ goto error;
+ }
+
+ r = -ENOMEM;
+ tk = kzalloc(sizeof(struct tpm_key), GFP_KERNEL);
+ if (!tk)
+ goto error;
+
+ tk->blob = kmemdup(blob, blob_len, GFP_KERNEL);
+ if (!tk->blob)
+ goto error_memdup;
+
+ tk->blob_len = blob_len;
+
+ return tk;
+
+error_memdup:
+ kfree(tk);
+error:
+ return ERR_PTR(r);
+}
+EXPORT_SYMBOL_GPL(tpm_key_create);
+
+/*
+ * TPM-based asymmetric key subtype
+ */
+struct asymmetric_key_subtype asym_tpm_subtype = {
+ .owner = THIS_MODULE,
+ .name = "asym_tpm",
+ .name_len = sizeof("asym_tpm") - 1,
+ .describe = asym_tpm_describe,
+ .destroy = asym_tpm_destroy,
+};
+EXPORT_SYMBOL_GPL(asym_tpm_subtype);
+
+MODULE_DESCRIPTION("TPM based asymmetric key subtype");
+MODULE_AUTHOR("Intel Corporation");
+MODULE_LICENSE("GPL v2");
diff --git a/include/crypto/asym_tpm_subtype.h b/include/crypto/asym_tpm_subtype.h
new file mode 100644
index 000000000000..03550b850998
--- /dev/null
+++ b/include/crypto/asym_tpm_subtype.h
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: GPL-2.0
+#ifndef _LINUX_ASYM_TPM_SUBTYPE_H
+#define _LINUX_ASYM_TPM_SUBTYPE_H
+
+#include <linux/keyctl.h>
+
+struct tpm_key {
+ void *blob;
+ u32 blob_len;
+};
+
+struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len);
+
+extern struct asymmetric_key_subtype asym_tpm_subtype;
+
+#endif /* _LINUX_ASYM_TPM_SUBTYPE_H */
next prev parent reply other threads:[~2018-10-09 16:48 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-09 16:46 [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops [ver #2] David Howells
2018-10-09 16:46 ` [PATCH 01/22] KEYS: Provide key type operations for asymmetric key " David Howells
2018-10-09 16:46 ` [PATCH 02/22] KEYS: Provide keyctls to drive the new key type ops for asymmetric keys " David Howells
2018-10-09 16:47 ` [PATCH 03/22] KEYS: Provide missing asymmetric key subops for new key type ops " David Howells
2018-10-09 16:47 ` [PATCH 04/22] KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type " David Howells
2018-10-09 16:47 ` [PATCH 05/22] KEYS: Provide software public key query function " David Howells
2018-10-09 16:47 ` [PATCH 06/22] KEYS: Allow the public_key struct to hold a private key " David Howells
2018-10-09 16:47 ` [PATCH 07/22] KEYS: Implement encrypt, decrypt and sign for software asymmetric " David Howells
2018-10-09 16:47 ` [PATCH 08/22] KEYS: Implement PKCS#8 RSA Private Key parser " David Howells
2018-10-09 16:47 ` [PATCH 09/22] crypto: rsa-pkcs1pad: Allow hash to be optional " David Howells
2018-10-09 16:48 ` David Howells [this message]
2018-10-09 16:48 ` [PATCH 11/22] KEYS: asym_tpm: extract key size & public key " David Howells
2018-10-09 16:48 ` [PATCH 12/22] KEYS: Add parser for TPM-based keys " David Howells
2018-10-09 16:48 ` [PATCH 13/22] KEYS: asym_tpm: Implement pkey_query " David Howells
2018-10-09 16:48 ` [PATCH 14/22] KEYS: asym_tpm: Implement encryption operation " David Howells
2018-10-09 16:48 ` [PATCH 15/22] KEYS: trusted: Expose common functionality " David Howells
2018-10-09 16:48 ` [PATCH 16/22] KEYS: Move trusted.h to include/keys " David Howells
2018-10-09 16:48 ` [PATCH 17/22] KEYS: asym_tpm: Add loadkey2 and flushspecific " David Howells
2018-10-09 16:49 ` [PATCH 18/22] KEYS: asym_tpm: Implement tpm_unbind " David Howells
2018-10-09 16:49 ` [PATCH 19/22] KEYS: asym_tpm: Implement the decrypt operation " David Howells
2018-10-09 16:49 ` [PATCH 20/22] KEYS: asym_tpm: Implement signature verification " David Howells
2018-10-09 16:49 ` [PATCH 21/22] KEYS: asym_tpm: Implement tpm_sign " David Howells
2018-10-09 16:49 ` [PATCH 22/22] KEYS: asym_tpm: Add support for the sign operation " David Howells
2018-10-09 19:26 ` [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops " James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=153910368260.12141.584080509971034256.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=denkenz@gmail.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).