| 1 | // SPDX-License-Identifier: GPL-2.0 |
|---|---|
| 2 | |
| 3 | /* |
| 4 | * Copyright (C) 2018 James.Bottomley@HansenPartnership.com |
| 5 | * |
| 6 | * Cryptographic helper routines for handling TPM2 sessions for |
| 7 | * authorization HMAC and request response encryption. |
| 8 | * |
| 9 | * The idea is to ensure that every TPM command is HMAC protected by a |
| 10 | * session, meaning in-flight tampering would be detected and in |
| 11 | * addition all sensitive inputs and responses should be encrypted. |
| 12 | * |
| 13 | * The basic way this works is to use a TPM feature called salted |
| 14 | * sessions where a random secret used in session construction is |
| 15 | * encrypted to the public part of a known TPM key. The problem is we |
| 16 | * have no known keys, so initially a primary Elliptic Curve key is |
| 17 | * derived from the NULL seed (we use EC because most TPMs generate |
| 18 | * these keys much faster than RSA ones). The curve used is NIST_P256 |
| 19 | * because that's now mandated to be present in 'TCG TPM v2.0 |
| 20 | * Provisioning Guidance' |
| 21 | * |
| 22 | * Threat problems: the initial TPM2_CreatePrimary is not (and cannot |
| 23 | * be) session protected, so a clever Man in the Middle could return a |
| 24 | * public key they control to this command and from there intercept |
| 25 | * and decode all subsequent session based transactions. The kernel |
| 26 | * cannot mitigate this threat but, after boot, userspace can get |
| 27 | * proof this has not happened by asking the TPM to certify the NULL |
| 28 | * key. This certification would chain back to the TPM Endorsement |
| 29 | * Certificate and prove the NULL seed primary had not been tampered |
| 30 | * with and thus all sessions must have been cryptographically secure. |
| 31 | * To assist with this, the initial NULL seed public key name is made |
| 32 | * available in a sysfs file. |
| 33 | * |
| 34 | * Use of these functions: |
| 35 | * |
| 36 | * The design is all the crypto, hash and hmac gunk is confined in this |
| 37 | * file and never needs to be seen even by the kernel internal user. To |
| 38 | * the user there's an init function tpm2_sessions_init() that needs to |
| 39 | * be called once per TPM which generates the NULL seed primary key. |
| 40 | * |
| 41 | * These are the usage functions: |
| 42 | * |
| 43 | * tpm2_end_auth_session() kills the session and frees the resources. |
| 44 | * Under normal operation this function is done by |
| 45 | * tpm_buf_check_hmac_response(), so this is only to be used on |
| 46 | * error legs where the latter is not executed. |
| 47 | * tpm_buf_append_name() to add a handle to the buffer. This must be |
| 48 | * used in place of the usual tpm_buf_append_u32() for adding |
| 49 | * handles because handles have to be processed specially when |
| 50 | * calculating the HMAC. In particular, for NV, volatile and |
| 51 | * permanent objects you now need to provide the name. |
| 52 | * tpm_buf_append_hmac_session() which appends the hmac session to the |
| 53 | * buf in the same way tpm_buf_append_auth does(). |
| 54 | * tpm_buf_fill_hmac_session() This calculates the correct hash and |
| 55 | * places it in the buffer. It must be called after the complete |
| 56 | * command buffer is finalized so it can fill in the correct HMAC |
| 57 | * based on the parameters. |
| 58 | * tpm_buf_check_hmac_response() which checks the session response in |
| 59 | * the buffer and calculates what it should be. If there's a |
| 60 | * mismatch it will log a warning and return an error. If |
| 61 | * tpm_buf_append_hmac_session() did not specify |
| 62 | * TPM_SA_CONTINUE_SESSION then the session will be closed (if it |
| 63 | * hasn't been consumed) and the auth structure freed. |
| 64 | */ |
| 65 | |
| 66 | #include "tpm.h" |
| 67 | #include <linux/random.h> |
| 68 | #include <linux/scatterlist.h> |
| 69 | #include <linux/unaligned.h> |
| 70 | #include <crypto/kpp.h> |
| 71 | #include <crypto/ecdh.h> |
| 72 | #include <crypto/hash.h> |
| 73 | #include <crypto/hmac.h> |
| 74 | |
| 75 | /* maximum number of names the TPM must remember for authorization */ |
| 76 | #define AUTH_MAX_NAMES 3 |
| 77 | |
| 78 | #define AES_KEY_BYTES AES_KEYSIZE_128 |
| 79 | #define AES_KEY_BITS (AES_KEY_BYTES*8) |
| 80 | |
| 81 | /* |
| 82 | * This is the structure that carries all the auth information (like |
| 83 | * session handle, nonces, session key and auth) from use to use it is |
| 84 | * designed to be opaque to anything outside. |
| 85 | */ |
| 86 | struct tpm2_auth { |
| 87 | u32 handle; |
| 88 | /* |
| 89 | * This has two meanings: before tpm_buf_fill_hmac_session() |
| 90 | * it marks the offset in the buffer of the start of the |
| 91 | * sessions (i.e. after all the handles). Once the buffer has |
| 92 | * been filled it markes the session number of our auth |
| 93 | * session so we can find it again in the response buffer. |
| 94 | * |
| 95 | * The two cases are distinguished because the first offset |
| 96 | * must always be greater than TPM_HEADER_SIZE and the second |
| 97 | * must be less than or equal to 5. |
| 98 | */ |
| 99 | u32 session; |
| 100 | /* |
| 101 | * the size here is variable and set by the size of our_nonce |
| 102 | * which must be between 16 and the name hash length. we set |
| 103 | * the maximum sha256 size for the greatest protection |
| 104 | */ |
| 105 | u8 our_nonce[SHA256_DIGEST_SIZE]; |
| 106 | u8 tpm_nonce[SHA256_DIGEST_SIZE]; |
| 107 | /* |
| 108 | * the salt is only used across the session command/response |
| 109 | * after that it can be used as a scratch area |
| 110 | */ |
| 111 | union { |
| 112 | u8 salt[EC_PT_SZ]; |
| 113 | /* scratch for key + IV */ |
| 114 | u8 scratch[AES_KEY_BYTES + AES_BLOCK_SIZE]; |
| 115 | }; |
| 116 | /* |
| 117 | * the session key and passphrase are the same size as the |
| 118 | * name digest (sha256 again). The session key is constant |
| 119 | * for the use of the session and the passphrase can change |
| 120 | * with every invocation. |
| 121 | * |
| 122 | * Note: these fields must be adjacent and in this order |
| 123 | * because several HMAC/KDF schemes use the combination of the |
| 124 | * session_key and passphrase. |
| 125 | */ |
| 126 | u8 session_key[SHA256_DIGEST_SIZE]; |
| 127 | u8 passphrase[SHA256_DIGEST_SIZE]; |
| 128 | int passphrase_len; |
| 129 | struct crypto_aes_ctx aes_ctx; |
| 130 | /* saved session attributes: */ |
| 131 | u8 attrs; |
| 132 | __be32 ordinal; |
| 133 | |
| 134 | /* |
| 135 | * memory for three authorization handles. We know them by |
| 136 | * handle, but they are part of the session by name, which |
| 137 | * we must compute and remember |
| 138 | */ |
| 139 | u32 name_h[AUTH_MAX_NAMES]; |
| 140 | u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; |
| 141 | }; |
| 142 | |
| 143 | #ifdef CONFIG_TCG_TPM2_HMAC |
| 144 | /* |
| 145 | * Name Size based on TPM algorithm (assumes no hash bigger than 255) |
| 146 | */ |
| 147 | static u8 name_size(const u8 *name) |
| 148 | { |
| 149 | static u8 size_map[] = { |
| 150 | [TPM_ALG_SHA1] = SHA1_DIGEST_SIZE, |
| 151 | [TPM_ALG_SHA256] = SHA256_DIGEST_SIZE, |
| 152 | [TPM_ALG_SHA384] = SHA384_DIGEST_SIZE, |
| 153 | [TPM_ALG_SHA512] = SHA512_DIGEST_SIZE, |
| 154 | }; |
| 155 | u16 alg = get_unaligned_be16(p: name); |
| 156 | return size_map[alg] + 2; |
| 157 | } |
| 158 | |
| 159 | static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) |
| 160 | { |
| 161 | struct tpm_header *head = (struct tpm_header *)buf->data; |
| 162 | off_t offset = TPM_HEADER_SIZE; |
| 163 | u32 tot_len = be32_to_cpu(head->length); |
| 164 | u32 val; |
| 165 | |
| 166 | /* we're starting after the header so adjust the length */ |
| 167 | tot_len -= TPM_HEADER_SIZE; |
| 168 | |
| 169 | /* skip public */ |
| 170 | val = tpm_buf_read_u16(buf, offset: &offset); |
| 171 | if (val > tot_len) |
| 172 | return -EINVAL; |
| 173 | offset += val; |
| 174 | /* name */ |
| 175 | val = tpm_buf_read_u16(buf, offset: &offset); |
| 176 | if (val != name_size(name: &buf->data[offset])) |
| 177 | return -EINVAL; |
| 178 | memcpy(name, &buf->data[offset], val); |
| 179 | /* forget the rest */ |
| 180 | return 0; |
| 181 | } |
| 182 | |
| 183 | static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) |
| 184 | { |
| 185 | struct tpm_buf buf; |
| 186 | int rc; |
| 187 | |
| 188 | rc = tpm_buf_init(buf: &buf, tag: TPM2_ST_NO_SESSIONS, ordinal: TPM2_CC_READ_PUBLIC); |
| 189 | if (rc) |
| 190 | return rc; |
| 191 | |
| 192 | tpm_buf_append_u32(buf: &buf, value: handle); |
| 193 | rc = tpm_transmit_cmd(chip, buf: &buf, min_rsp_body_length: 0, desc: "read public"); |
| 194 | if (rc == TPM2_RC_SUCCESS) |
| 195 | rc = tpm2_parse_read_public(name, buf: &buf); |
| 196 | |
| 197 | tpm_buf_destroy(buf: &buf); |
| 198 | |
| 199 | return rc; |
| 200 | } |
| 201 | #endif /* CONFIG_TCG_TPM2_HMAC */ |
| 202 | |
| 203 | /** |
| 204 | * tpm_buf_append_name() - add a handle area to the buffer |
| 205 | * @chip: the TPM chip structure |
| 206 | * @buf: The buffer to be appended |
| 207 | * @handle: The handle to be appended |
| 208 | * @name: The name of the handle (may be NULL) |
| 209 | * |
| 210 | * In order to compute session HMACs, we need to know the names of the |
| 211 | * objects pointed to by the handles. For most objects, this is simply |
| 212 | * the actual 4 byte handle or an empty buf (in these cases @name |
| 213 | * should be NULL) but for volatile objects, permanent objects and NV |
| 214 | * areas, the name is defined as the hash (according to the name |
| 215 | * algorithm which should be set to sha256) of the public area to |
| 216 | * which the two byte algorithm id has been appended. For these |
| 217 | * objects, the @name pointer should point to this. If a name is |
| 218 | * required but @name is NULL, then TPM2_ReadPublic() will be called |
| 219 | * on the handle to obtain the name. |
| 220 | * |
| 221 | * As with most tpm_buf operations, success is assumed because failure |
| 222 | * will be caused by an incorrect programming model and indicated by a |
| 223 | * kernel message. |
| 224 | */ |
| 225 | void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, |
| 226 | u32 handle, u8 *name) |
| 227 | { |
| 228 | #ifdef CONFIG_TCG_TPM2_HMAC |
| 229 | enum tpm2_mso_type mso = tpm2_handle_mso(handle); |
| 230 | struct tpm2_auth *auth; |
| 231 | int slot; |
| 232 | #endif |
| 233 | |
| 234 | if (!tpm2_chip_auth(chip)) { |
| 235 | tpm_buf_append_handle(chip, buf, handle); |
| 236 | return; |
| 237 | } |
| 238 | |
| 239 | #ifdef CONFIG_TCG_TPM2_HMAC |
| 240 | slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; |
| 241 | if (slot >= AUTH_MAX_NAMES) { |
| 242 | dev_err(&chip->dev, "TPM: too many handles\n"); |
| 243 | return; |
| 244 | } |
| 245 | auth = chip->auth; |
| 246 | WARN(auth->session != tpm_buf_length(buf), |
| 247 | "name added in wrong place\n"); |
| 248 | tpm_buf_append_u32(buf, value: handle); |
| 249 | auth->session += 4; |
| 250 | |
| 251 | if (mso == TPM2_MSO_PERSISTENT || |
| 252 | mso == TPM2_MSO_VOLATILE || |
| 253 | mso == TPM2_MSO_NVRAM) { |
| 254 | if (!name) |
| 255 | tpm2_read_public(chip, handle, name: auth->name[slot]); |
| 256 | } else { |
| 257 | if (name) |
| 258 | dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); |
| 259 | } |
| 260 | |
| 261 | auth->name_h[slot] = handle; |
| 262 | if (name) |
| 263 | memcpy(auth->name[slot], name, name_size(name)); |
| 264 | #endif |
| 265 | } |
| 266 | EXPORT_SYMBOL_GPL(tpm_buf_append_name); |
| 267 | |
| 268 | void tpm_buf_append_auth(struct tpm_chip *chip, struct tpm_buf *buf, |
| 269 | u8 attributes, u8 *passphrase, int passphrase_len) |
| 270 | { |
| 271 | /* offset tells us where the sessions area begins */ |
| 272 | int offset = buf->handles * 4 + TPM_HEADER_SIZE; |
| 273 | u32 len = 9 + passphrase_len; |
| 274 | |
| 275 | if (tpm_buf_length(buf) != offset) { |
| 276 | /* not the first session so update the existing length */ |
| 277 | len += get_unaligned_be32(p: &buf->data[offset]); |
| 278 | put_unaligned_be32(val: len, p: &buf->data[offset]); |
| 279 | } else { |
| 280 | tpm_buf_append_u32(buf, value: len); |
| 281 | } |
| 282 | /* auth handle */ |
| 283 | tpm_buf_append_u32(buf, value: TPM2_RS_PW); |
| 284 | /* nonce */ |
| 285 | tpm_buf_append_u16(buf, value: 0); |
| 286 | /* attributes */ |
| 287 | tpm_buf_append_u8(buf, value: 0); |
| 288 | /* passphrase */ |
| 289 | tpm_buf_append_u16(buf, value: passphrase_len); |
| 290 | tpm_buf_append(buf, new_data: passphrase, new_length: passphrase_len); |
| 291 | } |
| 292 | |
| 293 | /** |
| 294 | * tpm_buf_append_hmac_session() - Append a TPM session element |
| 295 | * @chip: the TPM chip structure |
| 296 | * @buf: The buffer to be appended |
| 297 | * @attributes: The session attributes |
| 298 | * @passphrase: The session authority (NULL if none) |
| 299 | * @passphrase_len: The length of the session authority (0 if none) |
| 300 | * |
| 301 | * This fills in a session structure in the TPM command buffer, except |
| 302 | * for the HMAC which cannot be computed until the command buffer is |
| 303 | * complete. The type of session is controlled by the @attributes, |
| 304 | * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the |
| 305 | * session won't terminate after tpm_buf_check_hmac_response(), |
| 306 | * TPM2_SA_DECRYPT which means this buffers first parameter should be |
| 307 | * encrypted with a session key and TPM2_SA_ENCRYPT, which means the |
| 308 | * response buffer's first parameter needs to be decrypted (confusing, |
| 309 | * but the defines are written from the point of view of the TPM). |
| 310 | * |
| 311 | * Any session appended by this command must be finalized by calling |
| 312 | * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect |
| 313 | * and the TPM will reject the command. |
| 314 | * |
| 315 | * As with most tpm_buf operations, success is assumed because failure |
| 316 | * will be caused by an incorrect programming model and indicated by a |
| 317 | * kernel message. |
| 318 | */ |
| 319 | void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, |
| 320 | u8 attributes, u8 *passphrase, |
| 321 | int passphrase_len) |
| 322 | { |
| 323 | #ifdef CONFIG_TCG_TPM2_HMAC |
| 324 | u8 nonce[SHA256_DIGEST_SIZE]; |
| 325 | struct tpm2_auth *auth; |
| 326 | u32 len; |
| 327 | #endif |
| 328 | |
| 329 | if (!tpm2_chip_auth(chip)) { |
| 330 | tpm_buf_append_auth(chip, buf, attributes, passphrase, |
| 331 | passphrase_len); |
| 332 | return; |
| 333 | } |
| 334 | |
| 335 | #ifdef CONFIG_TCG_TPM2_HMAC |
| 336 | /* The first write to /dev/tpm{rm0} will flush the session. */ |
| 337 | attributes |= TPM2_SA_CONTINUE_SESSION; |
| 338 | |
| 339 | /* |
| 340 | * The Architecture Guide requires us to strip trailing zeros |
| 341 | * before computing the HMAC |
| 342 | */ |
| 343 | while (passphrase && passphrase_len > 0 && passphrase[passphrase_len - 1] == '\0') |
| 344 | passphrase_len--; |
| 345 | |
| 346 | auth = chip->auth; |
| 347 | auth->attrs = attributes; |
| 348 | auth->passphrase_len = passphrase_len; |
| 349 | if (passphrase_len) |
| 350 | memcpy(auth->passphrase, passphrase, passphrase_len); |
| 351 | |
| 352 | if (auth->session != tpm_buf_length(buf)) { |
| 353 | /* we're not the first session */ |
| 354 | len = get_unaligned_be32(p: &buf->data[auth->session]); |
| 355 | if (4 + len + auth->session != tpm_buf_length(buf)) { |
| 356 | WARN(1, "session length mismatch, cannot append"); |
| 357 | return; |
| 358 | } |
| 359 | |
| 360 | /* add our new session */ |
| 361 | len += 9 + 2 * SHA256_DIGEST_SIZE; |
| 362 | put_unaligned_be32(val: len, p: &buf->data[auth->session]); |
| 363 | } else { |
| 364 | tpm_buf_append_u32(buf, value: 9 + 2 * SHA256_DIGEST_SIZE); |
| 365 | } |
| 366 | |
| 367 | /* random number for our nonce */ |
| 368 | get_random_bytes(buf: nonce, len: sizeof(nonce)); |
| 369 | memcpy(auth->our_nonce, nonce, sizeof(nonce)); |
| 370 | tpm_buf_append_u32(buf, value: auth->handle); |
| 371 | /* our new nonce */ |
| 372 | tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); |
| 373 | tpm_buf_append(buf, new_data: nonce, SHA256_DIGEST_SIZE); |
| 374 | tpm_buf_append_u8(buf, value: auth->attrs); |
| 375 | /* and put a placeholder for the hmac */ |
| 376 | tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); |
| 377 | tpm_buf_append(buf, new_data: nonce, SHA256_DIGEST_SIZE); |
| 378 | #endif |
| 379 | } |
| 380 | EXPORT_SYMBOL_GPL(tpm_buf_append_hmac_session); |
| 381 | |
| 382 | #ifdef CONFIG_TCG_TPM2_HMAC |
| 383 | |
| 384 | static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, |
| 385 | u32 *handle, u8 *name); |
| 386 | |
| 387 | /* |
| 388 | * It turns out the crypto hmac(sha256) is hard for us to consume |
| 389 | * because it assumes a fixed key and the TPM seems to change the key |
| 390 | * on every operation, so we weld the hmac init and final functions in |
| 391 | * here to give it the same usage characteristics as a regular hash |
| 392 | */ |
| 393 | static void tpm2_hmac_init(struct sha256_state *sctx, u8 *key, u32 key_len) |
| 394 | { |
| 395 | u8 pad[SHA256_BLOCK_SIZE]; |
| 396 | int i; |
| 397 | |
| 398 | sha256_init(sctx); |
| 399 | for (i = 0; i < sizeof(pad); i++) { |
| 400 | if (i < key_len) |
| 401 | pad[i] = key[i]; |
| 402 | else |
| 403 | pad[i] = 0; |
| 404 | pad[i] ^= HMAC_IPAD_VALUE; |
| 405 | } |
| 406 | sha256_update(sctx, data: pad, len: sizeof(pad)); |
| 407 | } |
| 408 | |
| 409 | static void tpm2_hmac_final(struct sha256_state *sctx, u8 *key, u32 key_len, |
| 410 | u8 *out) |
| 411 | { |
| 412 | u8 pad[SHA256_BLOCK_SIZE]; |
| 413 | int i; |
| 414 | |
| 415 | for (i = 0; i < sizeof(pad); i++) { |
| 416 | if (i < key_len) |
| 417 | pad[i] = key[i]; |
| 418 | else |
| 419 | pad[i] = 0; |
| 420 | pad[i] ^= HMAC_OPAD_VALUE; |
| 421 | } |
| 422 | |
| 423 | /* collect the final hash; use out as temporary storage */ |
| 424 | sha256_final(sctx, out); |
| 425 | |
| 426 | sha256_init(sctx); |
| 427 | sha256_update(sctx, data: pad, len: sizeof(pad)); |
| 428 | sha256_update(sctx, data: out, SHA256_DIGEST_SIZE); |
| 429 | sha256_final(sctx, out); |
| 430 | } |
| 431 | |
| 432 | /* |
| 433 | * assume hash sha256 and nonces u, v of size SHA256_DIGEST_SIZE but |
| 434 | * otherwise standard tpm2_KDFa. Note output is in bytes not bits. |
| 435 | */ |
| 436 | static void tpm2_KDFa(u8 *key, u32 key_len, const char *label, u8 *u, |
| 437 | u8 *v, u32 bytes, u8 *out) |
| 438 | { |
| 439 | u32 counter = 1; |
| 440 | const __be32 bits = cpu_to_be32(bytes * 8); |
| 441 | |
| 442 | while (bytes > 0) { |
| 443 | struct sha256_state sctx; |
| 444 | __be32 c = cpu_to_be32(counter); |
| 445 | |
| 446 | tpm2_hmac_init(sctx: &sctx, key, key_len); |
| 447 | sha256_update(sctx: &sctx, data: (u8 *)&c, len: sizeof(c)); |
| 448 | sha256_update(sctx: &sctx, data: label, strlen(label)+1); |
| 449 | sha256_update(sctx: &sctx, data: u, SHA256_DIGEST_SIZE); |
| 450 | sha256_update(sctx: &sctx, data: v, SHA256_DIGEST_SIZE); |
| 451 | sha256_update(sctx: &sctx, data: (u8 *)&bits, len: sizeof(bits)); |
| 452 | tpm2_hmac_final(sctx: &sctx, key, key_len, out); |
| 453 | |
| 454 | bytes -= SHA256_DIGEST_SIZE; |
| 455 | counter++; |
| 456 | out += SHA256_DIGEST_SIZE; |
| 457 | } |
| 458 | } |
| 459 | |
| 460 | /* |
| 461 | * Somewhat of a bastardization of the real KDFe. We're assuming |
| 462 | * we're working with known point sizes for the input parameters and |
| 463 | * the hash algorithm is fixed at sha256. Because we know that the |
| 464 | * point size is 32 bytes like the hash size, there's no need to loop |
| 465 | * in this KDF. |
| 466 | */ |
| 467 | static void tpm2_KDFe(u8 z[EC_PT_SZ], const char *str, u8 *pt_u, u8 *pt_v, |
| 468 | u8 *out) |
| 469 | { |
| 470 | struct sha256_state sctx; |
| 471 | /* |
| 472 | * this should be an iterative counter, but because we know |
| 473 | * we're only taking 32 bytes for the point using a sha256 |
| 474 | * hash which is also 32 bytes, there's only one loop |
| 475 | */ |
| 476 | __be32 c = cpu_to_be32(1); |
| 477 | |
| 478 | sha256_init(sctx: &sctx); |
| 479 | /* counter (BE) */ |
| 480 | sha256_update(sctx: &sctx, data: (u8 *)&c, len: sizeof(c)); |
| 481 | /* secret value */ |
| 482 | sha256_update(sctx: &sctx, data: z, EC_PT_SZ); |
| 483 | /* string including trailing zero */ |
| 484 | sha256_update(sctx: &sctx, data: str, strlen(str)+1); |
| 485 | sha256_update(sctx: &sctx, data: pt_u, EC_PT_SZ); |
| 486 | sha256_update(sctx: &sctx, data: pt_v, EC_PT_SZ); |
| 487 | sha256_final(sctx: &sctx, out); |
| 488 | } |
| 489 | |
| 490 | static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip, |
| 491 | struct tpm2_auth *auth) |
| 492 | { |
| 493 | struct crypto_kpp *kpp; |
| 494 | struct kpp_request *req; |
| 495 | struct scatterlist s[2], d[1]; |
| 496 | struct ecdh p = {0}; |
| 497 | u8 encoded_key[EC_PT_SZ], *x, *y; |
| 498 | unsigned int buf_len; |
| 499 | |
| 500 | /* secret is two sized points */ |
| 501 | tpm_buf_append_u16(buf, value: (EC_PT_SZ + 2)*2); |
| 502 | /* |
| 503 | * we cheat here and append uninitialized data to form |
| 504 | * the points. All we care about is getting the two |
| 505 | * co-ordinate pointers, which will be used to overwrite |
| 506 | * the uninitialized data |
| 507 | */ |
| 508 | tpm_buf_append_u16(buf, EC_PT_SZ); |
| 509 | x = &buf->data[tpm_buf_length(buf)]; |
| 510 | tpm_buf_append(buf, new_data: encoded_key, EC_PT_SZ); |
| 511 | tpm_buf_append_u16(buf, EC_PT_SZ); |
| 512 | y = &buf->data[tpm_buf_length(buf)]; |
| 513 | tpm_buf_append(buf, new_data: encoded_key, EC_PT_SZ); |
| 514 | sg_init_table(s, 2); |
| 515 | sg_set_buf(sg: &s[0], buf: x, EC_PT_SZ); |
| 516 | sg_set_buf(sg: &s[1], buf: y, EC_PT_SZ); |
| 517 | |
| 518 | kpp = crypto_alloc_kpp(alg_name: "ecdh-nist-p256", CRYPTO_ALG_INTERNAL, mask: 0); |
| 519 | if (IS_ERR(ptr: kpp)) { |
| 520 | dev_err(&chip->dev, "crypto ecdh allocation failed\n"); |
| 521 | return; |
| 522 | } |
| 523 | |
| 524 | buf_len = crypto_ecdh_key_len(params: &p); |
| 525 | if (sizeof(encoded_key) < buf_len) { |
| 526 | dev_err(&chip->dev, "salt buffer too small needs %d\n", |
| 527 | buf_len); |
| 528 | goto out; |
| 529 | } |
| 530 | crypto_ecdh_encode_key(buf: encoded_key, len: buf_len, p: &p); |
| 531 | /* this generates a random private key */ |
| 532 | crypto_kpp_set_secret(tfm: kpp, buffer: encoded_key, len: buf_len); |
| 533 | |
| 534 | /* salt is now the public point of this private key */ |
| 535 | req = kpp_request_alloc(tfm: kpp, GFP_KERNEL); |
| 536 | if (!req) |
| 537 | goto out; |
| 538 | kpp_request_set_input(req, NULL, input_len: 0); |
| 539 | kpp_request_set_output(req, output: s, EC_PT_SZ*2); |
| 540 | crypto_kpp_generate_public_key(req); |
| 541 | /* |
| 542 | * we're not done: now we have to compute the shared secret |
| 543 | * which is our private key multiplied by the tpm_key public |
| 544 | * point, we actually only take the x point and discard the y |
| 545 | * point and feed it through KDFe to get the final secret salt |
| 546 | */ |
| 547 | sg_set_buf(sg: &s[0], buf: chip->null_ec_key_x, EC_PT_SZ); |
| 548 | sg_set_buf(sg: &s[1], buf: chip->null_ec_key_y, EC_PT_SZ); |
| 549 | kpp_request_set_input(req, input: s, EC_PT_SZ*2); |
| 550 | sg_init_one(d, auth->salt, EC_PT_SZ); |
| 551 | kpp_request_set_output(req, output: d, EC_PT_SZ); |
| 552 | crypto_kpp_compute_shared_secret(req); |
| 553 | kpp_request_free(req); |
| 554 | |
| 555 | /* |
| 556 | * pass the shared secret through KDFe for salt. Note salt |
| 557 | * area is used both for input shared secret and output salt. |
| 558 | * This works because KDFe fully consumes the secret before it |
| 559 | * writes the salt |
| 560 | */ |
| 561 | tpm2_KDFe(z: auth->salt, str: "SECRET", pt_u: x, pt_v: chip->null_ec_key_x, out: auth->salt); |
| 562 | |
| 563 | out: |
| 564 | crypto_free_kpp(tfm: kpp); |
| 565 | } |
| 566 | |
| 567 | /** |
| 568 | * tpm_buf_fill_hmac_session() - finalize the session HMAC |
| 569 | * @chip: the TPM chip structure |
| 570 | * @buf: The buffer to be appended |
| 571 | * |
| 572 | * This command must not be called until all of the parameters have |
| 573 | * been appended to @buf otherwise the computed HMAC will be |
| 574 | * incorrect. |
| 575 | * |
| 576 | * This function computes and fills in the session HMAC using the |
| 577 | * session key and, if TPM2_SA_DECRYPT was specified, computes the |
| 578 | * encryption key and encrypts the first parameter of the command |
| 579 | * buffer with it. |
| 580 | * |
| 581 | * As with most tpm_buf operations, success is assumed because failure |
| 582 | * will be caused by an incorrect programming model and indicated by a |
| 583 | * kernel message. |
| 584 | */ |
| 585 | void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) |
| 586 | { |
| 587 | u32 cc, handles, val; |
| 588 | struct tpm2_auth *auth = chip->auth; |
| 589 | int i; |
| 590 | struct tpm_header *head = (struct tpm_header *)buf->data; |
| 591 | off_t offset_s = TPM_HEADER_SIZE, offset_p; |
| 592 | u8 *hmac = NULL; |
| 593 | u32 attrs; |
| 594 | u8 cphash[SHA256_DIGEST_SIZE]; |
| 595 | struct sha256_state sctx; |
| 596 | |
| 597 | if (!auth) |
| 598 | return; |
| 599 | |
| 600 | /* save the command code in BE format */ |
| 601 | auth->ordinal = head->ordinal; |
| 602 | |
| 603 | cc = be32_to_cpu(head->ordinal); |
| 604 | |
| 605 | i = tpm2_find_cc(chip, cc); |
| 606 | if (i < 0) { |
| 607 | dev_err(&chip->dev, "Command 0x%x not found in TPM\n", cc); |
| 608 | return; |
| 609 | } |
| 610 | attrs = chip->cc_attrs_tbl[i]; |
| 611 | |
| 612 | handles = (attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0); |
| 613 | |
| 614 | /* |
| 615 | * just check the names, it's easy to make mistakes. This |
| 616 | * would happen if someone added a handle via |
| 617 | * tpm_buf_append_u32() instead of tpm_buf_append_name() |
| 618 | */ |
| 619 | for (i = 0; i < handles; i++) { |
| 620 | u32 handle = tpm_buf_read_u32(buf, offset: &offset_s); |
| 621 | |
| 622 | if (auth->name_h[i] != handle) { |
| 623 | dev_err(&chip->dev, "TPM: handle %d wrong for name\n", |
| 624 | i); |
| 625 | return; |
| 626 | } |
| 627 | } |
| 628 | /* point offset_s to the start of the sessions */ |
| 629 | val = tpm_buf_read_u32(buf, offset: &offset_s); |
| 630 | /* point offset_p to the start of the parameters */ |
| 631 | offset_p = offset_s + val; |
| 632 | for (i = 1; offset_s < offset_p; i++) { |
| 633 | u32 handle = tpm_buf_read_u32(buf, offset: &offset_s); |
| 634 | u16 len; |
| 635 | u8 a; |
| 636 | |
| 637 | /* nonce (already in auth) */ |
| 638 | len = tpm_buf_read_u16(buf, offset: &offset_s); |
| 639 | offset_s += len; |
| 640 | |
| 641 | a = tpm_buf_read_u8(buf, offset: &offset_s); |
| 642 | |
| 643 | len = tpm_buf_read_u16(buf, offset: &offset_s); |
| 644 | if (handle == auth->handle && auth->attrs == a) { |
| 645 | hmac = &buf->data[offset_s]; |
| 646 | /* |
| 647 | * save our session number so we know which |
| 648 | * session in the response belongs to us |
| 649 | */ |
| 650 | auth->session = i; |
| 651 | } |
| 652 | |
| 653 | offset_s += len; |
| 654 | } |
| 655 | if (offset_s != offset_p) { |
| 656 | dev_err(&chip->dev, "TPM session length is incorrect\n"); |
| 657 | return; |
| 658 | } |
| 659 | if (!hmac) { |
| 660 | dev_err(&chip->dev, "TPM could not find HMAC session\n"); |
| 661 | return; |
| 662 | } |
| 663 | |
| 664 | /* encrypt before HMAC */ |
| 665 | if (auth->attrs & TPM2_SA_DECRYPT) { |
| 666 | u16 len; |
| 667 | |
| 668 | /* need key and IV */ |
| 669 | tpm2_KDFa(key: auth->session_key, SHA256_DIGEST_SIZE |
| 670 | + auth->passphrase_len, label: "CFB", u: auth->our_nonce, |
| 671 | v: auth->tpm_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE, |
| 672 | out: auth->scratch); |
| 673 | |
| 674 | len = tpm_buf_read_u16(buf, offset: &offset_p); |
| 675 | aes_expandkey(ctx: &auth->aes_ctx, in_key: auth->scratch, AES_KEY_BYTES); |
| 676 | aescfb_encrypt(ctx: &auth->aes_ctx, dst: &buf->data[offset_p], |
| 677 | src: &buf->data[offset_p], len, |
| 678 | iv: auth->scratch + AES_KEY_BYTES); |
| 679 | /* reset p to beginning of parameters for HMAC */ |
| 680 | offset_p -= 2; |
| 681 | } |
| 682 | |
| 683 | sha256_init(sctx: &sctx); |
| 684 | /* ordinal is already BE */ |
| 685 | sha256_update(sctx: &sctx, data: (u8 *)&head->ordinal, len: sizeof(head->ordinal)); |
| 686 | /* add the handle names */ |
| 687 | for (i = 0; i < handles; i++) { |
| 688 | enum tpm2_mso_type mso = tpm2_handle_mso(handle: auth->name_h[i]); |
| 689 | |
| 690 | if (mso == TPM2_MSO_PERSISTENT || |
| 691 | mso == TPM2_MSO_VOLATILE || |
| 692 | mso == TPM2_MSO_NVRAM) { |
| 693 | sha256_update(sctx: &sctx, data: auth->name[i], |
| 694 | len: name_size(name: auth->name[i])); |
| 695 | } else { |
| 696 | __be32 h = cpu_to_be32(auth->name_h[i]); |
| 697 | |
| 698 | sha256_update(sctx: &sctx, data: (u8 *)&h, len: 4); |
| 699 | } |
| 700 | } |
| 701 | if (offset_s != tpm_buf_length(buf)) |
| 702 | sha256_update(sctx: &sctx, data: &buf->data[offset_s], |
| 703 | len: tpm_buf_length(buf) - offset_s); |
| 704 | sha256_final(sctx: &sctx, out: cphash); |
| 705 | |
| 706 | /* now calculate the hmac */ |
| 707 | tpm2_hmac_init(sctx: &sctx, key: auth->session_key, key_len: sizeof(auth->session_key) |
| 708 | + auth->passphrase_len); |
| 709 | sha256_update(sctx: &sctx, data: cphash, len: sizeof(cphash)); |
| 710 | sha256_update(sctx: &sctx, data: auth->our_nonce, len: sizeof(auth->our_nonce)); |
| 711 | sha256_update(sctx: &sctx, data: auth->tpm_nonce, len: sizeof(auth->tpm_nonce)); |
| 712 | sha256_update(sctx: &sctx, data: &auth->attrs, len: 1); |
| 713 | tpm2_hmac_final(sctx: &sctx, key: auth->session_key, key_len: sizeof(auth->session_key) |
| 714 | + auth->passphrase_len, out: hmac); |
| 715 | } |
| 716 | EXPORT_SYMBOL(tpm_buf_fill_hmac_session); |
| 717 | |
| 718 | /** |
| 719 | * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness |
| 720 | * @chip: the TPM chip structure |
| 721 | * @buf: the original command buffer (which now contains the response) |
| 722 | * @rc: the return code from tpm_transmit_cmd |
| 723 | * |
| 724 | * If @rc is non zero, @buf may not contain an actual return, so @rc |
| 725 | * is passed through as the return and the session cleaned up and |
| 726 | * de-allocated if required (this is required if |
| 727 | * TPM2_SA_CONTINUE_SESSION was not specified as a session flag). |
| 728 | * |
| 729 | * If @rc is zero, the response HMAC is computed against the returned |
| 730 | * @buf and matched to the TPM one in the session area. If there is a |
| 731 | * mismatch, an error is logged and -EINVAL returned. |
| 732 | * |
| 733 | * The reason for this is that the command issue and HMAC check |
| 734 | * sequence should look like: |
| 735 | * |
| 736 | * rc = tpm_transmit_cmd(...); |
| 737 | * rc = tpm_buf_check_hmac_response(&buf, auth, rc); |
| 738 | * if (rc) |
| 739 | * ... |
| 740 | * |
| 741 | * Which is easily layered into the current contrl flow. |
| 742 | * |
| 743 | * Returns: 0 on success or an error. |
| 744 | */ |
| 745 | int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, |
| 746 | int rc) |
| 747 | { |
| 748 | struct tpm_header *head = (struct tpm_header *)buf->data; |
| 749 | struct tpm2_auth *auth = chip->auth; |
| 750 | off_t offset_s, offset_p; |
| 751 | u8 rphash[SHA256_DIGEST_SIZE]; |
| 752 | u32 attrs, cc; |
| 753 | struct sha256_state sctx; |
| 754 | u16 tag = be16_to_cpu(head->tag); |
| 755 | int parm_len, len, i, handles; |
| 756 | |
| 757 | if (!auth) |
| 758 | return rc; |
| 759 | |
| 760 | cc = be32_to_cpu(auth->ordinal); |
| 761 | |
| 762 | if (auth->session >= TPM_HEADER_SIZE) { |
| 763 | WARN(1, "tpm session not filled correctly\n"); |
| 764 | goto out; |
| 765 | } |
| 766 | |
| 767 | if (rc != 0) |
| 768 | /* pass non success rc through and close the session */ |
| 769 | goto out; |
| 770 | |
| 771 | rc = -EINVAL; |
| 772 | if (tag != TPM2_ST_SESSIONS) { |
| 773 | dev_err(&chip->dev, "TPM: HMAC response check has no sessions tag\n"); |
| 774 | goto out; |
| 775 | } |
| 776 | |
| 777 | i = tpm2_find_cc(chip, cc); |
| 778 | if (i < 0) |
| 779 | goto out; |
| 780 | attrs = chip->cc_attrs_tbl[i]; |
| 781 | handles = (attrs >> TPM2_CC_ATTR_RHANDLE) & 1; |
| 782 | |
| 783 | /* point to area beyond handles */ |
| 784 | offset_s = TPM_HEADER_SIZE + handles * 4; |
| 785 | parm_len = tpm_buf_read_u32(buf, offset: &offset_s); |
| 786 | offset_p = offset_s; |
| 787 | offset_s += parm_len; |
| 788 | /* skip over any sessions before ours */ |
| 789 | for (i = 0; i < auth->session - 1; i++) { |
| 790 | len = tpm_buf_read_u16(buf, offset: &offset_s); |
| 791 | offset_s += len + 1; |
| 792 | len = tpm_buf_read_u16(buf, offset: &offset_s); |
| 793 | offset_s += len; |
| 794 | } |
| 795 | /* TPM nonce */ |
| 796 | len = tpm_buf_read_u16(buf, offset: &offset_s); |
| 797 | if (offset_s + len > tpm_buf_length(buf)) |
| 798 | goto out; |
| 799 | if (len != SHA256_DIGEST_SIZE) |
| 800 | goto out; |
| 801 | memcpy(auth->tpm_nonce, &buf->data[offset_s], len); |
| 802 | offset_s += len; |
| 803 | attrs = tpm_buf_read_u8(buf, offset: &offset_s); |
| 804 | len = tpm_buf_read_u16(buf, offset: &offset_s); |
| 805 | if (offset_s + len != tpm_buf_length(buf)) |
| 806 | goto out; |
| 807 | if (len != SHA256_DIGEST_SIZE) |
| 808 | goto out; |
| 809 | /* |
| 810 | * offset_s points to the HMAC. now calculate comparison, beginning |
| 811 | * with rphash |
| 812 | */ |
| 813 | sha256_init(sctx: &sctx); |
| 814 | /* yes, I know this is now zero, but it's what the standard says */ |
| 815 | sha256_update(sctx: &sctx, data: (u8 *)&head->return_code, |
| 816 | len: sizeof(head->return_code)); |
| 817 | /* ordinal is already BE */ |
| 818 | sha256_update(sctx: &sctx, data: (u8 *)&auth->ordinal, len: sizeof(auth->ordinal)); |
| 819 | sha256_update(sctx: &sctx, data: &buf->data[offset_p], len: parm_len); |
| 820 | sha256_final(sctx: &sctx, out: rphash); |
| 821 | |
| 822 | /* now calculate the hmac */ |
| 823 | tpm2_hmac_init(sctx: &sctx, key: auth->session_key, key_len: sizeof(auth->session_key) |
| 824 | + auth->passphrase_len); |
| 825 | sha256_update(sctx: &sctx, data: rphash, len: sizeof(rphash)); |
| 826 | sha256_update(sctx: &sctx, data: auth->tpm_nonce, len: sizeof(auth->tpm_nonce)); |
| 827 | sha256_update(sctx: &sctx, data: auth->our_nonce, len: sizeof(auth->our_nonce)); |
| 828 | sha256_update(sctx: &sctx, data: &auth->attrs, len: 1); |
| 829 | /* we're done with the rphash, so put our idea of the hmac there */ |
| 830 | tpm2_hmac_final(sctx: &sctx, key: auth->session_key, key_len: sizeof(auth->session_key) |
| 831 | + auth->passphrase_len, out: rphash); |
| 832 | if (memcmp(p: rphash, q: &buf->data[offset_s], SHA256_DIGEST_SIZE) == 0) { |
| 833 | rc = 0; |
| 834 | } else { |
| 835 | dev_err(&chip->dev, "TPM: HMAC check failed\n"); |
| 836 | goto out; |
| 837 | } |
| 838 | |
| 839 | /* now do response decryption */ |
| 840 | if (auth->attrs & TPM2_SA_ENCRYPT) { |
| 841 | /* need key and IV */ |
| 842 | tpm2_KDFa(key: auth->session_key, SHA256_DIGEST_SIZE |
| 843 | + auth->passphrase_len, label: "CFB", u: auth->tpm_nonce, |
| 844 | v: auth->our_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE, |
| 845 | out: auth->scratch); |
| 846 | |
| 847 | len = tpm_buf_read_u16(buf, offset: &offset_p); |
| 848 | aes_expandkey(ctx: &auth->aes_ctx, in_key: auth->scratch, AES_KEY_BYTES); |
| 849 | aescfb_decrypt(ctx: &auth->aes_ctx, dst: &buf->data[offset_p], |
| 850 | src: &buf->data[offset_p], len, |
| 851 | iv: auth->scratch + AES_KEY_BYTES); |
| 852 | } |
| 853 | |
| 854 | out: |
| 855 | if ((auth->attrs & TPM2_SA_CONTINUE_SESSION) == 0) { |
| 856 | if (rc) |
| 857 | /* manually close the session if it wasn't consumed */ |
| 858 | tpm2_flush_context(chip, handle: auth->handle); |
| 859 | |
| 860 | kfree_sensitive(objp: auth); |
| 861 | chip->auth = NULL; |
| 862 | } else { |
| 863 | /* reset for next use */ |
| 864 | auth->session = TPM_HEADER_SIZE; |
| 865 | } |
| 866 | |
| 867 | return rc; |
| 868 | } |
| 869 | EXPORT_SYMBOL(tpm_buf_check_hmac_response); |
| 870 | |
| 871 | /** |
| 872 | * tpm2_end_auth_session() - kill the allocated auth session |
| 873 | * @chip: the TPM chip structure |
| 874 | * |
| 875 | * ends the session started by tpm2_start_auth_session and frees all |
| 876 | * the resources. Under normal conditions, |
| 877 | * tpm_buf_check_hmac_response() will correctly end the session if |
| 878 | * required, so this function is only for use in error legs that will |
| 879 | * bypass the normal invocation of tpm_buf_check_hmac_response(). |
| 880 | */ |
| 881 | void tpm2_end_auth_session(struct tpm_chip *chip) |
| 882 | { |
| 883 | struct tpm2_auth *auth = chip->auth; |
| 884 | |
| 885 | if (!auth) |
| 886 | return; |
| 887 | |
| 888 | tpm2_flush_context(chip, handle: auth->handle); |
| 889 | kfree_sensitive(objp: auth); |
| 890 | chip->auth = NULL; |
| 891 | } |
| 892 | EXPORT_SYMBOL(tpm2_end_auth_session); |
| 893 | |
| 894 | static int tpm2_parse_start_auth_session(struct tpm2_auth *auth, |
| 895 | struct tpm_buf *buf) |
| 896 | { |
| 897 | struct tpm_header *head = (struct tpm_header *)buf->data; |
| 898 | u32 tot_len = be32_to_cpu(head->length); |
| 899 | off_t offset = TPM_HEADER_SIZE; |
| 900 | u32 val; |
| 901 | |
| 902 | /* we're starting after the header so adjust the length */ |
| 903 | tot_len -= TPM_HEADER_SIZE; |
| 904 | |
| 905 | /* should have handle plus nonce */ |
| 906 | if (tot_len != 4 + 2 + sizeof(auth->tpm_nonce)) |
| 907 | return -EINVAL; |
| 908 | |
| 909 | auth->handle = tpm_buf_read_u32(buf, offset: &offset); |
| 910 | val = tpm_buf_read_u16(buf, offset: &offset); |
| 911 | if (val != sizeof(auth->tpm_nonce)) |
| 912 | return -EINVAL; |
| 913 | memcpy(auth->tpm_nonce, &buf->data[offset], sizeof(auth->tpm_nonce)); |
| 914 | /* now compute the session key from the nonces */ |
| 915 | tpm2_KDFa(key: auth->salt, key_len: sizeof(auth->salt), label: "ATH", u: auth->tpm_nonce, |
| 916 | v: auth->our_nonce, bytes: sizeof(auth->session_key), |
| 917 | out: auth->session_key); |
| 918 | |
| 919 | return 0; |
| 920 | } |
| 921 | |
| 922 | static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) |
| 923 | { |
| 924 | unsigned int offset = 0; /* dummy offset for null seed context */ |
| 925 | u8 name[SHA256_DIGEST_SIZE + 2]; |
| 926 | u32 tmp_null_key; |
| 927 | int rc; |
| 928 | |
| 929 | rc = tpm2_load_context(chip, buf: chip->null_key_context, offset: &offset, |
| 930 | handle: &tmp_null_key); |
| 931 | if (rc != -EINVAL) { |
| 932 | if (!rc) |
| 933 | *null_key = tmp_null_key; |
| 934 | goto err; |
| 935 | } |
| 936 | |
| 937 | /* Try to re-create null key, given the integrity failure: */ |
| 938 | rc = tpm2_create_primary(chip, hierarchy: TPM2_RH_NULL, handle: &tmp_null_key, name); |
| 939 | if (rc) |
| 940 | goto err; |
| 941 | |
| 942 | /* Return null key if the name has not been changed: */ |
| 943 | if (!memcmp(p: name, q: chip->null_key_name, size: sizeof(name))) { |
| 944 | *null_key = tmp_null_key; |
| 945 | return 0; |
| 946 | } |
| 947 | |
| 948 | /* Deduce from the name change TPM interference: */ |
| 949 | dev_err(&chip->dev, "null key integrity check failed\n"); |
| 950 | tpm2_flush_context(chip, handle: tmp_null_key); |
| 951 | |
| 952 | err: |
| 953 | if (rc) { |
| 954 | chip->flags |= TPM_CHIP_FLAG_DISABLE; |
| 955 | rc = -ENODEV; |
| 956 | } |
| 957 | return rc; |
| 958 | } |
| 959 | |
| 960 | /** |
| 961 | * tpm2_start_auth_session() - Create an a HMAC authentication session |
| 962 | * @chip: A TPM chip |
| 963 | * |
| 964 | * Loads the ephemeral key (null seed), and starts an HMAC authenticated |
| 965 | * session. The null seed is flushed before the return. |
| 966 | * |
| 967 | * Returns zero on success, or a POSIX error code. |
| 968 | */ |
| 969 | int tpm2_start_auth_session(struct tpm_chip *chip) |
| 970 | { |
| 971 | struct tpm2_auth *auth; |
| 972 | struct tpm_buf buf; |
| 973 | u32 null_key; |
| 974 | int rc; |
| 975 | |
| 976 | if (chip->auth) { |
| 977 | dev_dbg_once(&chip->dev, "auth session is active\n"); |
| 978 | return 0; |
| 979 | } |
| 980 | |
| 981 | auth = kzalloc(sizeof(*auth), GFP_KERNEL); |
| 982 | if (!auth) |
| 983 | return -ENOMEM; |
| 984 | |
| 985 | rc = tpm2_load_null(chip, null_key: &null_key); |
| 986 | if (rc) |
| 987 | goto out; |
| 988 | |
| 989 | auth->session = TPM_HEADER_SIZE; |
| 990 | |
| 991 | rc = tpm_buf_init(buf: &buf, tag: TPM2_ST_NO_SESSIONS, ordinal: TPM2_CC_START_AUTH_SESS); |
| 992 | if (rc) |
| 993 | goto out; |
| 994 | |
| 995 | /* salt key handle */ |
| 996 | tpm_buf_append_u32(buf: &buf, value: null_key); |
| 997 | /* bind key handle */ |
| 998 | tpm_buf_append_u32(buf: &buf, value: TPM2_RH_NULL); |
| 999 | /* nonce caller */ |
| 1000 | get_random_bytes(buf: auth->our_nonce, len: sizeof(auth->our_nonce)); |
| 1001 | tpm_buf_append_u16(buf: &buf, value: sizeof(auth->our_nonce)); |
| 1002 | tpm_buf_append(buf: &buf, new_data: auth->our_nonce, new_length: sizeof(auth->our_nonce)); |
| 1003 | |
| 1004 | /* append encrypted salt and squirrel away unencrypted in auth */ |
| 1005 | tpm_buf_append_salt(buf: &buf, chip, auth); |
| 1006 | /* session type (HMAC, audit or policy) */ |
| 1007 | tpm_buf_append_u8(buf: &buf, value: TPM2_SE_HMAC); |
| 1008 | |
| 1009 | /* symmetric encryption parameters */ |
| 1010 | /* symmetric algorithm */ |
| 1011 | tpm_buf_append_u16(buf: &buf, value: TPM_ALG_AES); |
| 1012 | /* bits for symmetric algorithm */ |
| 1013 | tpm_buf_append_u16(buf: &buf, AES_KEY_BITS); |
| 1014 | /* symmetric algorithm mode (must be CFB) */ |
| 1015 | tpm_buf_append_u16(buf: &buf, value: TPM_ALG_CFB); |
| 1016 | /* hash algorithm for session */ |
| 1017 | tpm_buf_append_u16(buf: &buf, value: TPM_ALG_SHA256); |
| 1018 | |
| 1019 | rc = tpm_ret_to_err(ret: tpm_transmit_cmd(chip, buf: &buf, min_rsp_body_length: 0, desc: "StartAuthSession")); |
| 1020 | tpm2_flush_context(chip, handle: null_key); |
| 1021 | |
| 1022 | if (rc == TPM2_RC_SUCCESS) |
| 1023 | rc = tpm2_parse_start_auth_session(auth, buf: &buf); |
| 1024 | |
| 1025 | tpm_buf_destroy(buf: &buf); |
| 1026 | |
| 1027 | if (rc == TPM2_RC_SUCCESS) { |
| 1028 | chip->auth = auth; |
| 1029 | return 0; |
| 1030 | } |
| 1031 | |
| 1032 | out: |
| 1033 | kfree_sensitive(objp: auth); |
| 1034 | return rc; |
| 1035 | } |
| 1036 | EXPORT_SYMBOL(tpm2_start_auth_session); |
| 1037 | |
| 1038 | /* |
| 1039 | * A mask containing the object attributes for the kernel held null primary key |
| 1040 | * used in HMAC encryption. For more information on specific attributes look up |
| 1041 | * to "8.3 TPMA_OBJECT (Object Attributes)". |
| 1042 | */ |
| 1043 | #define TPM2_OA_NULL_KEY ( \ |
| 1044 | TPM2_OA_NO_DA | \ |
| 1045 | TPM2_OA_FIXED_TPM | \ |
| 1046 | TPM2_OA_FIXED_PARENT | \ |
| 1047 | TPM2_OA_SENSITIVE_DATA_ORIGIN | \ |
| 1048 | TPM2_OA_USER_WITH_AUTH | \ |
| 1049 | TPM2_OA_DECRYPT | \ |
| 1050 | TPM2_OA_RESTRICTED) |
| 1051 | |
| 1052 | /** |
| 1053 | * tpm2_parse_create_primary() - parse the data returned from TPM_CC_CREATE_PRIMARY |
| 1054 | * |
| 1055 | * @chip: The TPM the primary was created under |
| 1056 | * @buf: The response buffer from the chip |
| 1057 | * @handle: pointer to be filled in with the return handle of the primary |
| 1058 | * @hierarchy: The hierarchy the primary was created for |
| 1059 | * @name: pointer to be filled in with the primary key name |
| 1060 | * |
| 1061 | * Return: |
| 1062 | * * 0 - OK |
| 1063 | * * -errno - A system error |
| 1064 | * * TPM_RC - A TPM error |
| 1065 | */ |
| 1066 | static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf, |
| 1067 | u32 *handle, u32 hierarchy, u8 *name) |
| 1068 | { |
| 1069 | struct tpm_header *head = (struct tpm_header *)buf->data; |
| 1070 | off_t offset_r = TPM_HEADER_SIZE, offset_t; |
| 1071 | u16 len = TPM_HEADER_SIZE; |
| 1072 | u32 total_len = be32_to_cpu(head->length); |
| 1073 | u32 val, param_len, keyhandle; |
| 1074 | |
| 1075 | keyhandle = tpm_buf_read_u32(buf, offset: &offset_r); |
| 1076 | if (handle) |
| 1077 | *handle = keyhandle; |
| 1078 | else |
| 1079 | tpm2_flush_context(chip, handle: keyhandle); |
| 1080 | |
| 1081 | param_len = tpm_buf_read_u32(buf, offset: &offset_r); |
| 1082 | /* |
| 1083 | * param_len doesn't include the header, but all the other |
| 1084 | * lengths and offsets do, so add it to parm len to make |
| 1085 | * the comparisons easier |
| 1086 | */ |
| 1087 | param_len += TPM_HEADER_SIZE; |
| 1088 | |
| 1089 | if (param_len + 8 > total_len) |
| 1090 | return -EINVAL; |
| 1091 | len = tpm_buf_read_u16(buf, offset: &offset_r); |
| 1092 | offset_t = offset_r; |
| 1093 | if (name) { |
| 1094 | /* |
| 1095 | * now we have the public area, compute the name of |
| 1096 | * the object |
| 1097 | */ |
| 1098 | put_unaligned_be16(val: TPM_ALG_SHA256, p: name); |
| 1099 | sha256(data: &buf->data[offset_r], len, out: name + 2); |
| 1100 | } |
| 1101 | |
| 1102 | /* validate the public key */ |
| 1103 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1104 | |
| 1105 | /* key type (must be what we asked for) */ |
| 1106 | if (val != TPM_ALG_ECC) |
| 1107 | return -EINVAL; |
| 1108 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1109 | |
| 1110 | /* name algorithm */ |
| 1111 | if (val != TPM_ALG_SHA256) |
| 1112 | return -EINVAL; |
| 1113 | val = tpm_buf_read_u32(buf, offset: &offset_t); |
| 1114 | |
| 1115 | /* object properties */ |
| 1116 | if (val != TPM2_OA_NULL_KEY) |
| 1117 | return -EINVAL; |
| 1118 | |
| 1119 | /* auth policy (empty) */ |
| 1120 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1121 | if (val != 0) |
| 1122 | return -EINVAL; |
| 1123 | |
| 1124 | /* symmetric key parameters */ |
| 1125 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1126 | if (val != TPM_ALG_AES) |
| 1127 | return -EINVAL; |
| 1128 | |
| 1129 | /* symmetric key length */ |
| 1130 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1131 | if (val != AES_KEY_BITS) |
| 1132 | return -EINVAL; |
| 1133 | |
| 1134 | /* symmetric encryption scheme */ |
| 1135 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1136 | if (val != TPM_ALG_CFB) |
| 1137 | return -EINVAL; |
| 1138 | |
| 1139 | /* signing scheme */ |
| 1140 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1141 | if (val != TPM_ALG_NULL) |
| 1142 | return -EINVAL; |
| 1143 | |
| 1144 | /* ECC Curve */ |
| 1145 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1146 | if (val != TPM2_ECC_NIST_P256) |
| 1147 | return -EINVAL; |
| 1148 | |
| 1149 | /* KDF Scheme */ |
| 1150 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1151 | if (val != TPM_ALG_NULL) |
| 1152 | return -EINVAL; |
| 1153 | |
| 1154 | /* extract public key (x and y points) */ |
| 1155 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1156 | if (val != EC_PT_SZ) |
| 1157 | return -EINVAL; |
| 1158 | memcpy(chip->null_ec_key_x, &buf->data[offset_t], val); |
| 1159 | offset_t += val; |
| 1160 | val = tpm_buf_read_u16(buf, offset: &offset_t); |
| 1161 | if (val != EC_PT_SZ) |
| 1162 | return -EINVAL; |
| 1163 | memcpy(chip->null_ec_key_y, &buf->data[offset_t], val); |
| 1164 | offset_t += val; |
| 1165 | |
| 1166 | /* original length of the whole TPM2B */ |
| 1167 | offset_r += len; |
| 1168 | |
| 1169 | /* should have exactly consumed the TPM2B public structure */ |
| 1170 | if (offset_t != offset_r) |
| 1171 | return -EINVAL; |
| 1172 | if (offset_r > param_len) |
| 1173 | return -EINVAL; |
| 1174 | |
| 1175 | /* creation data (skip) */ |
| 1176 | len = tpm_buf_read_u16(buf, offset: &offset_r); |
| 1177 | offset_r += len; |
| 1178 | if (offset_r > param_len) |
| 1179 | return -EINVAL; |
| 1180 | |
| 1181 | /* creation digest (must be sha256) */ |
| 1182 | len = tpm_buf_read_u16(buf, offset: &offset_r); |
| 1183 | offset_r += len; |
| 1184 | if (len != SHA256_DIGEST_SIZE || offset_r > param_len) |
| 1185 | return -EINVAL; |
| 1186 | |
| 1187 | /* TPMT_TK_CREATION follows */ |
| 1188 | /* tag, must be TPM_ST_CREATION (0x8021) */ |
| 1189 | val = tpm_buf_read_u16(buf, offset: &offset_r); |
| 1190 | if (val != TPM2_ST_CREATION || offset_r > param_len) |
| 1191 | return -EINVAL; |
| 1192 | |
| 1193 | /* hierarchy */ |
| 1194 | val = tpm_buf_read_u32(buf, offset: &offset_r); |
| 1195 | if (val != hierarchy || offset_r > param_len) |
| 1196 | return -EINVAL; |
| 1197 | |
| 1198 | /* the ticket digest HMAC (might not be sha256) */ |
| 1199 | len = tpm_buf_read_u16(buf, offset: &offset_r); |
| 1200 | offset_r += len; |
| 1201 | if (offset_r > param_len) |
| 1202 | return -EINVAL; |
| 1203 | |
| 1204 | /* |
| 1205 | * finally we have the name, which is a sha256 digest plus a 2 |
| 1206 | * byte algorithm type |
| 1207 | */ |
| 1208 | len = tpm_buf_read_u16(buf, offset: &offset_r); |
| 1209 | if (offset_r + len != param_len + 8) |
| 1210 | return -EINVAL; |
| 1211 | if (len != SHA256_DIGEST_SIZE + 2) |
| 1212 | return -EINVAL; |
| 1213 | |
| 1214 | if (memcmp(p: chip->null_key_name, q: &buf->data[offset_r], |
| 1215 | SHA256_DIGEST_SIZE + 2) != 0) { |
| 1216 | dev_err(&chip->dev, "NULL Seed name comparison failed\n"); |
| 1217 | return -EINVAL; |
| 1218 | } |
| 1219 | |
| 1220 | return 0; |
| 1221 | } |
| 1222 | |
| 1223 | /** |
| 1224 | * tpm2_create_primary() - create a primary key using a fixed P-256 template |
| 1225 | * |
| 1226 | * @chip: the TPM chip to create under |
| 1227 | * @hierarchy: The hierarchy handle to create under |
| 1228 | * @handle: The returned volatile handle on success |
| 1229 | * @name: The name of the returned key |
| 1230 | * |
| 1231 | * For platforms that might not have a persistent primary, this can be |
| 1232 | * used to create one quickly on the fly (it uses Elliptic Curve not |
| 1233 | * RSA, so even slow TPMs can create one fast). The template uses the |
| 1234 | * TCG mandated H one for non-endorsement ECC primaries, i.e. P-256 |
| 1235 | * elliptic curve (the only current one all TPM2s are required to |
| 1236 | * have) a sha256 name hash and no policy. |
| 1237 | * |
| 1238 | * Return: |
| 1239 | * * 0 - OK |
| 1240 | * * -errno - A system error |
| 1241 | * * TPM_RC - A TPM error |
| 1242 | */ |
| 1243 | static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, |
| 1244 | u32 *handle, u8 *name) |
| 1245 | { |
| 1246 | int rc; |
| 1247 | struct tpm_buf buf; |
| 1248 | struct tpm_buf template; |
| 1249 | |
| 1250 | rc = tpm_buf_init(buf: &buf, tag: TPM2_ST_SESSIONS, ordinal: TPM2_CC_CREATE_PRIMARY); |
| 1251 | if (rc) |
| 1252 | return rc; |
| 1253 | |
| 1254 | rc = tpm_buf_init_sized(buf: &template); |
| 1255 | if (rc) { |
| 1256 | tpm_buf_destroy(buf: &buf); |
| 1257 | return rc; |
| 1258 | } |
| 1259 | |
| 1260 | /* |
| 1261 | * create the template. Note: in order for userspace to |
| 1262 | * verify the security of the system, it will have to create |
| 1263 | * and certify this NULL primary, meaning all the template |
| 1264 | * parameters will have to be identical, so conform exactly to |
| 1265 | * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC |
| 1266 | * key H template (H has zero size unique points) |
| 1267 | */ |
| 1268 | |
| 1269 | /* key type */ |
| 1270 | tpm_buf_append_u16(buf: &template, value: TPM_ALG_ECC); |
| 1271 | |
| 1272 | /* name algorithm */ |
| 1273 | tpm_buf_append_u16(buf: &template, value: TPM_ALG_SHA256); |
| 1274 | |
| 1275 | /* object properties */ |
| 1276 | tpm_buf_append_u32(buf: &template, TPM2_OA_NULL_KEY); |
| 1277 | |
| 1278 | /* sauth policy (empty) */ |
| 1279 | tpm_buf_append_u16(buf: &template, value: 0); |
| 1280 | |
| 1281 | /* BEGIN parameters: key specific; for ECC*/ |
| 1282 | |
| 1283 | /* symmetric algorithm */ |
| 1284 | tpm_buf_append_u16(buf: &template, value: TPM_ALG_AES); |
| 1285 | |
| 1286 | /* bits for symmetric algorithm */ |
| 1287 | tpm_buf_append_u16(buf: &template, AES_KEY_BITS); |
| 1288 | |
| 1289 | /* algorithm mode (must be CFB) */ |
| 1290 | tpm_buf_append_u16(buf: &template, value: TPM_ALG_CFB); |
| 1291 | |
| 1292 | /* scheme (NULL means any scheme) */ |
| 1293 | tpm_buf_append_u16(buf: &template, value: TPM_ALG_NULL); |
| 1294 | |
| 1295 | /* ECC Curve ID */ |
| 1296 | tpm_buf_append_u16(buf: &template, value: TPM2_ECC_NIST_P256); |
| 1297 | |
| 1298 | /* KDF Scheme */ |
| 1299 | tpm_buf_append_u16(buf: &template, value: TPM_ALG_NULL); |
| 1300 | |
| 1301 | /* unique: key specific; for ECC it is two zero size points */ |
| 1302 | tpm_buf_append_u16(buf: &template, value: 0); |
| 1303 | tpm_buf_append_u16(buf: &template, value: 0); |
| 1304 | |
| 1305 | /* END parameters */ |
| 1306 | |
| 1307 | /* primary handle */ |
| 1308 | tpm_buf_append_u32(buf: &buf, value: hierarchy); |
| 1309 | tpm_buf_append_empty_auth(buf: &buf, handle: TPM2_RS_PW); |
| 1310 | |
| 1311 | /* sensitive create size is 4 for two empty buffers */ |
| 1312 | tpm_buf_append_u16(buf: &buf, value: 4); |
| 1313 | |
| 1314 | /* sensitive create auth data (empty) */ |
| 1315 | tpm_buf_append_u16(buf: &buf, value: 0); |
| 1316 | |
| 1317 | /* sensitive create sensitive data (empty) */ |
| 1318 | tpm_buf_append_u16(buf: &buf, value: 0); |
| 1319 | |
| 1320 | /* the public template */ |
| 1321 | tpm_buf_append(buf: &buf, new_data: template.data, new_length: template.length); |
| 1322 | tpm_buf_destroy(buf: &template); |
| 1323 | |
| 1324 | /* outside info (empty) */ |
| 1325 | tpm_buf_append_u16(buf: &buf, value: 0); |
| 1326 | |
| 1327 | /* creation PCR (none) */ |
| 1328 | tpm_buf_append_u32(buf: &buf, value: 0); |
| 1329 | |
| 1330 | rc = tpm_transmit_cmd(chip, buf: &buf, min_rsp_body_length: 0, |
| 1331 | desc: "attempting to create NULL primary"); |
| 1332 | |
| 1333 | if (rc == TPM2_RC_SUCCESS) |
| 1334 | rc = tpm2_parse_create_primary(chip, buf: &buf, handle, hierarchy, |
| 1335 | name); |
| 1336 | |
| 1337 | tpm_buf_destroy(buf: &buf); |
| 1338 | |
| 1339 | return rc; |
| 1340 | } |
| 1341 | |
| 1342 | static int tpm2_create_null_primary(struct tpm_chip *chip) |
| 1343 | { |
| 1344 | u32 null_key; |
| 1345 | int rc; |
| 1346 | |
| 1347 | rc = tpm2_create_primary(chip, hierarchy: TPM2_RH_NULL, handle: &null_key, |
| 1348 | name: chip->null_key_name); |
| 1349 | |
| 1350 | if (rc == TPM2_RC_SUCCESS) { |
| 1351 | unsigned int offset = 0; /* dummy offset for null key context */ |
| 1352 | |
| 1353 | rc = tpm2_save_context(chip, handle: null_key, buf: chip->null_key_context, |
| 1354 | buf_size: sizeof(chip->null_key_context), offset: &offset); |
| 1355 | tpm2_flush_context(chip, handle: null_key); |
| 1356 | } |
| 1357 | |
| 1358 | return rc; |
| 1359 | } |
| 1360 | |
| 1361 | /** |
| 1362 | * tpm2_sessions_init() - start of day initialization for the sessions code |
| 1363 | * @chip: TPM chip |
| 1364 | * |
| 1365 | * Derive and context save the null primary and allocate memory in the |
| 1366 | * struct tpm_chip for the authorizations. |
| 1367 | * |
| 1368 | * Return: |
| 1369 | * * 0 - OK |
| 1370 | * * -errno - A system error |
| 1371 | * * TPM_RC - A TPM error |
| 1372 | */ |
| 1373 | int tpm2_sessions_init(struct tpm_chip *chip) |
| 1374 | { |
| 1375 | int rc; |
| 1376 | |
| 1377 | rc = tpm2_create_null_primary(chip); |
| 1378 | if (rc) { |
| 1379 | dev_err(&chip->dev, "null key creation failed with %d\n", rc); |
| 1380 | return rc; |
| 1381 | } |
| 1382 | |
| 1383 | return rc; |
| 1384 | } |
| 1385 | #endif /* CONFIG_TCG_TPM2_HMAC */ |
| 1386 |
Definitions
- tpm2_auth
- name_size
- tpm2_parse_read_public
- tpm2_read_public
- tpm_buf_append_name
- tpm_buf_append_auth
- tpm_buf_append_hmac_session
- tpm2_hmac_init
- tpm2_hmac_final
- tpm2_KDFa
- tpm2_KDFe
- tpm_buf_append_salt
- tpm_buf_fill_hmac_session
- tpm_buf_check_hmac_response
- tpm2_end_auth_session
- tpm2_parse_start_auth_session
- tpm2_load_null
- tpm2_start_auth_session
- tpm2_parse_create_primary
- tpm2_create_primary
- tpm2_create_null_primary
Improve your Profiling and Debugging skills
Find out more