From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>
Subject: [PATCH v12 3/3] security: keys: trusted: implement counter/timer policy
Date: Sun, 20 Sep 2020 16:40:36 +0000 [thread overview]
Message-ID: <20200920164036.11667-4-James.Bottomley@HansenPartnership.com> (raw)
In-Reply-To: <20200920164036.11667-1-James.Bottomley@HansenPartnership.com>
This is actually a generic policy allowing a range of comparisons
against any value set in the TPM Clock, which includes things like the
reset count, a monotonic millisecond count and the restart count. The
most useful comparison is against the millisecond count for expiring
keys. However, you have to remember that currently Linux doesn't try
to sync the epoch timer with the TPM, so the expiration is actually
measured in how long the TPM itself has been powered on ... the TPM
timer doesn't count while the system is powered down. The millisecond
counter is a u64 quantity found at offset 8 in the timer structure,
and the <= comparision operand is 9, so a policy set to expire after the
TPM has been up for 100 seconds would look like
0000016d00000000000f424000080009
Where 0x16d is the counter timer policy code and 0xf4240 is 100 000 in
hex.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
.../security/keys/trusted-encrypted.rst | 31 +++++++++++++-
include/linux/tpm.h | 1 +
security/keys/trusted-keys/tpm2-policy.c | 40 ++++++++++++++++++-
security/keys/trusted-keys/trusted_tpm2.c | 36 ++++++++++++++++-
4 files changed, 105 insertions(+), 3 deletions(-)
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index f001752adaa1..e5414ed996bf 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -242,7 +242,6 @@ Another new format 'enc32' has been defined in order to support encrypted keys
with payload size of 32 bytes. This will initially be used for nvdimm security
but may expand to other usages that require 32 bytes payload.
-
TPM 2.0 ASN.1 Key Format
------------------------
@@ -316,3 +315,33 @@ string length.
privkey is the binary representation of TPM2B_PUBLIC excluding the
initial TPM2B header which can be reconstructed from the ASN.1 octed
string length.
+
+
+Appendix
+--------
+
+TPM 2.0 Policies
+----------------
+
+The current TPM supports PCR lock policies as documented above and
+CounterTimer policies which can be used to create expiring keys. One
+caveat with expiring keys is that the TPM millisecond counter does not
+update while a system is powered off and Linux does not sync the TPM
+millisecond count with its internal clock, so the best you can expire
+in is in terms of how long any given TPM has been powered on. (FIXME:
+Linux should simply update the millisecond clock to the current number
+of seconds past the epoch on boot).
+
+A CounterTimer policy is expressed in terms of length and offset
+against the TPM clock structure (TPMS_TIME_INFO), which looks like the
+packed structure::
+
+ struct tpms_time_info {
+ u64 uptime; /* time in ms since last start or reset */
+ u64 clock; /* cumulative uptime in ms */
+ u32 resetcount; /* numer of times the TPM has been reset */
+ u32 restartcount; /* number of times the TPM has been restarted */
+ u8 safe /* time was safely loaded from NVRam */
+ };
+
+The usual comparison for expiring keys is against clock, at offset 8.
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 254c33086288..cc0b94dcf21e 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -241,6 +241,7 @@ enum tpm2_command_codes {
TPM2_CC_PCR_EXTEND = 0x0182,
TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
TPM2_CC_HASH_SEQUENCE_START = 0x0186,
+ TPM2_CC_POLICY_PASSWORD = 0x018c,
TPM2_CC_CREATE_LOADED = 0x0191,
TPM2_CC_LAST = 0x0193, /* Spec 1.36 */
};
diff --git a/security/keys/trusted-keys/tpm2-policy.c b/security/keys/trusted-keys/tpm2-policy.c
index 78daa0310e9e..e0632838351c 100644
--- a/security/keys/trusted-keys/tpm2-policy.c
+++ b/security/keys/trusted-keys/tpm2-policy.c
@@ -199,7 +199,8 @@ int tpm2_generate_policy_digest(struct tpm2_policies *pols,
len = *plen;
}
- crypto_shash_update(sdesc, policy, len);
+ if (len)
+ crypto_shash_update(sdesc, policy, len);
/* now output the intermediate to the policydigest */
crypto_shash_final(sdesc, policydigest);
@@ -334,6 +335,16 @@ int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
u32 cmd = pols->code[i];
struct tpm_buf buf;
+ if (cmd = TPM2_CC_POLICY_AUTHVALUE)
+ /*
+ * both PolicyAuthValue and PolicyPassword
+ * hash to the same thing, but one triggers
+ * HMAC authentication and the other simple
+ * authentication. Since we have no HMAC
+ * code, we're choosing the simple
+ */
+ cmd = TPM2_CC_POLICY_PASSWORD;
+
rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, cmd);
if (rc)
return rc;
@@ -354,8 +365,35 @@ int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
tpm_buf_append(&buf, pols->policies[i],
pols->len[i] - pols->hash_size);
break;
+
+ case TPM2_CC_POLICY_COUNTER_TIMER: {
+ /*
+ * the format of this is the last two u16
+ * quantities are the offset and operation
+ * respectively. The rest is operandB which
+ * must be zero padded in a hash digest
+ */
+ u16 opb_len = pols->len[i] - 4;
+
+ if (opb_len > pols->hash_size)
+ return -EINVAL;
+
+ tpm_buf_append_u16(&buf, opb_len);
+ tpm_buf_append(&buf, pols->policies[i], opb_len);
+
+ /* offset and operand*/
+ tpm_buf_append(&buf, pols->policies[i] + opb_len, 4);
+ failure = "Counter Timer";
+
+ break;
+ }
+
default:
failure = "unknown policy";
+ if (pols->len[i])
+ tpm_buf_append(&buf, pols->policies[i],
+ pols->len[i]);
+
break;
}
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 98c65431ca75..3ec01ed874d9 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -248,6 +248,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
u32 flags;
int i;
int rc;
+ static const int POLICY_SIZE = 2 * PAGE_SIZE;
for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
if (options->hash = tpm2_hash_map[i].crypto_id) {
@@ -268,7 +269,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
/* 4 array len, 2 hash alg */
const int len = 4 + 2 + options->pcrinfo_len;
- pols = kmalloc(sizeof(*pols) + len, GFP_KERNEL);
+ pols = kmalloc(POLICY_SIZE, GFP_KERNEL);
if (!pols)
return -ENOMEM;
@@ -289,6 +290,39 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
return -EINVAL;
}
+ /*
+ * if we already have a policy, we have to add authorization
+ * to it. If we don't, we can simply follow the usual
+ * non-policy route.
+ */
+ if (options->blobauth_len != 0 && payload->policies) {
+ struct tpm2_policies *pols;
+ static u8 *scratch;
+ int i;
+ bool found = false;
+
+ pols = payload->policies;
+
+ /* make sure it's not already in policy */
+ for (i = 0; i < pols->count; i++) {
+ if (pols->code[i] = TPM2_CC_POLICY_AUTHVALUE) {
+ found = true;
+
+ break;
+ }
+ }
+
+ if (!found) {
+ i = pols->count++;
+ scratch = pols->policies[i - 1] + pols->len[i - 1];
+
+ /* the TPM2_PolicyPassword command has no payload */
+ pols->policies[i] = scratch;
+ pols->len[i] = 0;
+ pols->code[i] = TPM2_CC_POLICY_AUTHVALUE;
+ }
+ }
+
if (payload->policies) {
rc = tpm2_generate_policy_digest(payload->policies,
options->hash,
--
2.26.2
WARNING: multiple messages have this Message-ID (diff)
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>
Subject: [PATCH v12 3/3] security: keys: trusted: implement counter/timer policy
Date: Sun, 20 Sep 2020 09:40:36 -0700 [thread overview]
Message-ID: <20200920164036.11667-4-James.Bottomley@HansenPartnership.com> (raw)
In-Reply-To: <20200920164036.11667-1-James.Bottomley@HansenPartnership.com>
This is actually a generic policy allowing a range of comparisons
against any value set in the TPM Clock, which includes things like the
reset count, a monotonic millisecond count and the restart count. The
most useful comparison is against the millisecond count for expiring
keys. However, you have to remember that currently Linux doesn't try
to sync the epoch timer with the TPM, so the expiration is actually
measured in how long the TPM itself has been powered on ... the TPM
timer doesn't count while the system is powered down. The millisecond
counter is a u64 quantity found at offset 8 in the timer structure,
and the <= comparision operand is 9, so a policy set to expire after the
TPM has been up for 100 seconds would look like
0000016d00000000000f424000080009
Where 0x16d is the counter timer policy code and 0xf4240 is 100 000 in
hex.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
.../security/keys/trusted-encrypted.rst | 31 +++++++++++++-
include/linux/tpm.h | 1 +
security/keys/trusted-keys/tpm2-policy.c | 40 ++++++++++++++++++-
security/keys/trusted-keys/trusted_tpm2.c | 36 ++++++++++++++++-
4 files changed, 105 insertions(+), 3 deletions(-)
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index f001752adaa1..e5414ed996bf 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -242,7 +242,6 @@ Another new format 'enc32' has been defined in order to support encrypted keys
with payload size of 32 bytes. This will initially be used for nvdimm security
but may expand to other usages that require 32 bytes payload.
-
TPM 2.0 ASN.1 Key Format
------------------------
@@ -316,3 +315,33 @@ string length.
privkey is the binary representation of TPM2B_PUBLIC excluding the
initial TPM2B header which can be reconstructed from the ASN.1 octed
string length.
+
+
+Appendix
+--------
+
+TPM 2.0 Policies
+----------------
+
+The current TPM supports PCR lock policies as documented above and
+CounterTimer policies which can be used to create expiring keys. One
+caveat with expiring keys is that the TPM millisecond counter does not
+update while a system is powered off and Linux does not sync the TPM
+millisecond count with its internal clock, so the best you can expire
+in is in terms of how long any given TPM has been powered on. (FIXME:
+Linux should simply update the millisecond clock to the current number
+of seconds past the epoch on boot).
+
+A CounterTimer policy is expressed in terms of length and offset
+against the TPM clock structure (TPMS_TIME_INFO), which looks like the
+packed structure::
+
+ struct tpms_time_info {
+ u64 uptime; /* time in ms since last start or reset */
+ u64 clock; /* cumulative uptime in ms */
+ u32 resetcount; /* numer of times the TPM has been reset */
+ u32 restartcount; /* number of times the TPM has been restarted */
+ u8 safe /* time was safely loaded from NVRam */
+ };
+
+The usual comparison for expiring keys is against clock, at offset 8.
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 254c33086288..cc0b94dcf21e 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -241,6 +241,7 @@ enum tpm2_command_codes {
TPM2_CC_PCR_EXTEND = 0x0182,
TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
TPM2_CC_HASH_SEQUENCE_START = 0x0186,
+ TPM2_CC_POLICY_PASSWORD = 0x018c,
TPM2_CC_CREATE_LOADED = 0x0191,
TPM2_CC_LAST = 0x0193, /* Spec 1.36 */
};
diff --git a/security/keys/trusted-keys/tpm2-policy.c b/security/keys/trusted-keys/tpm2-policy.c
index 78daa0310e9e..e0632838351c 100644
--- a/security/keys/trusted-keys/tpm2-policy.c
+++ b/security/keys/trusted-keys/tpm2-policy.c
@@ -199,7 +199,8 @@ int tpm2_generate_policy_digest(struct tpm2_policies *pols,
len = *plen;
}
- crypto_shash_update(sdesc, policy, len);
+ if (len)
+ crypto_shash_update(sdesc, policy, len);
/* now output the intermediate to the policydigest */
crypto_shash_final(sdesc, policydigest);
@@ -334,6 +335,16 @@ int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
u32 cmd = pols->code[i];
struct tpm_buf buf;
+ if (cmd == TPM2_CC_POLICY_AUTHVALUE)
+ /*
+ * both PolicyAuthValue and PolicyPassword
+ * hash to the same thing, but one triggers
+ * HMAC authentication and the other simple
+ * authentication. Since we have no HMAC
+ * code, we're choosing the simple
+ */
+ cmd = TPM2_CC_POLICY_PASSWORD;
+
rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, cmd);
if (rc)
return rc;
@@ -354,8 +365,35 @@ int tpm2_get_policy_session(struct tpm_chip *chip, struct tpm2_policies *pols,
tpm_buf_append(&buf, pols->policies[i],
pols->len[i] - pols->hash_size);
break;
+
+ case TPM2_CC_POLICY_COUNTER_TIMER: {
+ /*
+ * the format of this is the last two u16
+ * quantities are the offset and operation
+ * respectively. The rest is operandB which
+ * must be zero padded in a hash digest
+ */
+ u16 opb_len = pols->len[i] - 4;
+
+ if (opb_len > pols->hash_size)
+ return -EINVAL;
+
+ tpm_buf_append_u16(&buf, opb_len);
+ tpm_buf_append(&buf, pols->policies[i], opb_len);
+
+ /* offset and operand*/
+ tpm_buf_append(&buf, pols->policies[i] + opb_len, 4);
+ failure = "Counter Timer";
+
+ break;
+ }
+
default:
failure = "unknown policy";
+ if (pols->len[i])
+ tpm_buf_append(&buf, pols->policies[i],
+ pols->len[i]);
+
break;
}
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 98c65431ca75..3ec01ed874d9 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -248,6 +248,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
u32 flags;
int i;
int rc;
+ static const int POLICY_SIZE = 2 * PAGE_SIZE;
for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
if (options->hash == tpm2_hash_map[i].crypto_id) {
@@ -268,7 +269,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
/* 4 array len, 2 hash alg */
const int len = 4 + 2 + options->pcrinfo_len;
- pols = kmalloc(sizeof(*pols) + len, GFP_KERNEL);
+ pols = kmalloc(POLICY_SIZE, GFP_KERNEL);
if (!pols)
return -ENOMEM;
@@ -289,6 +290,39 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
return -EINVAL;
}
+ /*
+ * if we already have a policy, we have to add authorization
+ * to it. If we don't, we can simply follow the usual
+ * non-policy route.
+ */
+ if (options->blobauth_len != 0 && payload->policies) {
+ struct tpm2_policies *pols;
+ static u8 *scratch;
+ int i;
+ bool found = false;
+
+ pols = payload->policies;
+
+ /* make sure it's not already in policy */
+ for (i = 0; i < pols->count; i++) {
+ if (pols->code[i] == TPM2_CC_POLICY_AUTHVALUE) {
+ found = true;
+
+ break;
+ }
+ }
+
+ if (!found) {
+ i = pols->count++;
+ scratch = pols->policies[i - 1] + pols->len[i - 1];
+
+ /* the TPM2_PolicyPassword command has no payload */
+ pols->policies[i] = scratch;
+ pols->len[i] = 0;
+ pols->code[i] = TPM2_CC_POLICY_AUTHVALUE;
+ }
+ }
+
if (payload->policies) {
rc = tpm2_generate_policy_digest(payload->policies,
options->hash,
--
2.26.2
next prev parent reply other threads:[~2020-09-20 16:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-20 16:40 [PATCH v12 0/3] Trusted Key policy for TPM 2.0 James Bottomley
2020-09-20 16:40 ` James Bottomley
2020-09-20 16:40 ` [PATCH v12 1/3] security: keys: trusted: add PCR policy to TPM2 keys James Bottomley
2020-09-20 16:40 ` James Bottomley
2020-09-20 16:40 ` [PATCH v12 2/3] security: keys: trusted: add ability to specify arbitrary policy James Bottomley
2020-09-20 16:40 ` James Bottomley
2020-09-20 16:40 ` James Bottomley [this message]
2020-09-20 16:40 ` [PATCH v12 3/3] security: keys: trusted: implement counter/timer policy James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200920164036.11667-4-James.Bottomley@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.