Re: [PATCH 2/2] keys, trusted: seal with a policy

From: Jarkko Sakkinen
Date: Mon Nov 23 2015 - 09:49:59 EST

Next message: Jiri Kosina: "Re: [PATCH] USB: quirks: Fix another ELAN touchscreen"
Previous message: Pali RohÃr: "Re: [PATCH] dell-rbtn: Ignore ACPI notifications if device is suspended"
In reply to: Jarkko Sakkinen: "Re: [PATCH 2/2] keys, trusted: seal with a policy"
Next in thread: Jarkko Sakkinen: "[PATCH 1/2] keys, trusted: select hash algorithm for TPM2 chips"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 17, 2015 at 06:27:22PM +0200, Jarkko Sakkinen wrote:
> Support for sealing with a authorization policy.
>
> Two new options for trusted keys:
>
> * 'policydigest=': provide an auth policy digest for sealing.
> * 'policyhandle=': provide a policy session handle for unsealing.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>

This patch has been now peer tested by Colin Ian King. There's still one
thing that I'm thinking before daring to put this into pull request.
Should the option names reflect that they associate to the blob and not
to the root key?

My *guess* would be that it's not very common use case to seal primary
keys with policies (PCRs and so forth) and therefore I think these
names are fine.

[1] In TPM 2.0 there is no fixed root key in the chip. Instead tit
contains random seeds from which you can derive primary keys by using
the TPM2_CreatePrimary command. That's why we require for example
keyhandle as an explicit option when used with a TPM 2.0 chip.

/Jarkko

> ---
> Documentation/security/keys-trusted-encrypted.txt | 34 ++++++++++-------
> drivers/char/tpm/tpm2-cmd.c | 24 ++++++++++--
> include/keys/trusted-type.h | 3 ++
> security/keys/trusted.c | 46 ++++++++++++++++++++++-
> 4 files changed, 87 insertions(+), 20 deletions(-)
>
> diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt
> index fd2565b..324ddf5 100644
> --- a/Documentation/security/keys-trusted-encrypted.txt
> +++ b/Documentation/security/keys-trusted-encrypted.txt
> @@ -27,20 +27,26 @@ Usage:
> keyctl print keyid
>
> options:
> - keyhandle= ascii hex value of sealing key default 0x40000000 (SRK)
> - keyauth= ascii hex auth for sealing key default 0x00...i
> - (40 ascii zeros)
> - blobauth= ascii hex auth for sealed data default 0x00...
> - (40 ascii zeros)
> - blobauth= ascii hex auth for sealed data default 0x00...
> - (40 ascii zeros)
> - pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> - pcrlock= pcr number to be extended to "lock" blob
> - migratable= 0|1 indicating permission to reseal to new PCR values,
> - default 1 (resealing allowed)
> - hash= hash algorithm name as a string. For TPM 1.x the only
> - allowed value is sha1. For TPM 2.x the allowed values
> - are sha1, sha256, sha384, sha512 and sm3-256.
> + keyhandle= ascii hex value of sealing key default 0x40000000 (SRK)
> + keyauth= ascii hex auth for sealing key default 0x00...i
> + (40 ascii zeros)
> + blobauth= ascii hex auth for sealed data default 0x00...
> + (40 ascii zeros)
> + blobauth= ascii hex auth for sealed data default 0x00...
> + (40 ascii zeros)
> + pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> + pcrlock= pcr number to be extended to "lock" blob
> + migratable= 0|1 indicating permission to reseal to new PCR values,
> + default 1 (resealing allowed)
> + hash= hash algorithm name as a string. For TPM 1.x the only
> + allowed value is sha1. For TPM 2.x the allowed values
> + are sha1, sha256, sha384, sha512 and sm3-256.
> + policydigest= digest for the authorization policy. must be calculated
> + with the same hash algorithm as specified by the 'hash='
> + option.
> + policyhandle= handle to an authorization policy session that defines the
> + same policy and with the same hash algorithm as was used to
> + seal the key.
>
> "keyctl print" returns an ascii hex copy of the sealed key, which is in standard
> TPM_STORED_DATA format. The key length for new keys are always in bytes.
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index d9d0822..45a6340 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -478,12 +478,26 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> tpm_buf_append_u8(&buf, payload->migratable);
>
> /* public */
> - tpm_buf_append_u16(&buf, 14);
> + if (options->policydigest)
> + tpm_buf_append_u16(&buf, 14 + options->digest_len);
> + else
> + tpm_buf_append_u16(&buf, 14);
>
> tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
> tpm_buf_append_u16(&buf, hash);
> - tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
> - tpm_buf_append_u16(&buf, 0); /* policy digest size */
> +
> + /* policy */
> + if (options->policydigest) {
> + tpm_buf_append_u32(&buf, 0);
> + tpm_buf_append_u16(&buf, options->digest_len);
> + tpm_buf_append(&buf, options->policydigest,
> + options->digest_len);
> + } else {
> + tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
> + tpm_buf_append_u16(&buf, 0);
> + }
> +
> + /* public parameters */
> tpm_buf_append_u16(&buf, TPM2_ALG_NULL);
> tpm_buf_append_u16(&buf, 0);
>
> @@ -613,7 +627,9 @@ static int tpm2_unseal(struct tpm_chip *chip,
> return rc;
>
> tpm_buf_append_u32(&buf, blob_handle);
> - tpm2_buf_append_auth(&buf, TPM2_RS_PW,
> + tpm2_buf_append_auth(&buf,
> + options->policyhandle ?
> + options->policyhandle : TPM2_RS_PW,
> NULL /* nonce */, 0,
> 0 /* session_attributes */,
> options->blobauth /* hmac */,
> diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
> index a6a1008..2c3f9f7 100644
> --- a/include/keys/trusted-type.h
> +++ b/include/keys/trusted-type.h
> @@ -37,6 +37,9 @@ struct trusted_key_options {
> unsigned char pcrinfo[MAX_PCRINFO_SIZE];
> int pcrlock;
> uint32_t hash;
> + uint32_t digest_len;
> + unsigned char *policydigest;
> + uint32_t policyhandle;
> };
>
> extern struct key_type key_type_trusted;
> diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> index b5b0a55..b726a83 100644
> --- a/security/keys/trusted.c
> +++ b/security/keys/trusted.c
> @@ -713,6 +713,8 @@ enum {
> Opt_keyhandle, Opt_keyauth, Opt_blobauth,
> Opt_pcrinfo, Opt_pcrlock, Opt_migratable,
> Opt_hash,
> + Opt_policydigest,
> + Opt_policyhandle,
> };
>
> static const match_table_t key_tokens = {
> @@ -726,6 +728,8 @@ static const match_table_t key_tokens = {
> {Opt_pcrlock, "pcrlock=%s"},
> {Opt_migratable, "migratable=%s"},
> {Opt_hash, "hash=%s"},
> + {Opt_policydigest, "policydigest=%s"},
> + {Opt_policyhandle, "policyhandle=%s"},
> {Opt_err, NULL}
> };
>
> @@ -739,6 +743,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> int res;
> unsigned long handle;
> unsigned long lock;
> + unsigned int policydigest_len;
> int i;
> int tpm2;
>
> @@ -747,6 +752,8 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> return tpm2;
>
> opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1;
> + opt->digest_len = hash_digest_size[opt->hash];
> + policydigest_len = opt->digest_len;
>
> while ((p = strsep(&c, " \t"))) {
> if (*p == '\0' || *p == ' ' || *p == '\t')
> @@ -802,6 +809,8 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> for (i = 0; i < HASH_ALGO__LAST; i++) {
> if (!strcmp(args[0].from, hash_algo_name[i])) {
> opt->hash = i;
> + opt->digest_len =
> + hash_digest_size[opt->hash];
> break;
> }
> }
> @@ -812,10 +821,37 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> return -EINVAL;
> }
> break;
> + case Opt_policydigest:
> + if (!tpm2 ||
> + strlen(args[0].from) != (2 * opt->digest_len))
> + return -EINVAL;
> + kfree(opt->policydigest);
> + opt->policydigest = kzalloc(opt->digest_len,
> + GFP_KERNEL);
> + if (!opt->policydigest)
> + return -ENOMEM;
> + res = hex2bin(opt->policydigest, args[0].from,
> + opt->digest_len);
> + if (res < 0)
> + return -EINVAL;
> + policydigest_len = opt->digest_len;
> + break;
> + case Opt_policyhandle:
> + if (!tpm2)
> + return -EINVAL;
> + res = kstrtoul(args[0].from, 16, &handle);
> + if (res < 0)
> + return -EINVAL;
> + opt->policyhandle = handle;
> + break;
> default:
> return -EINVAL;
> }
> }
> +
> + if (opt->policydigest && policydigest_len != opt->digest_len)
> + return -EINVAL;
> +
> return 0;
> }
>
> @@ -904,6 +940,12 @@ static struct trusted_key_options *trusted_options_alloc(void)
> return options;
> }
>
> +static void trusted_options_free(struct trusted_key_options *options)
> +{
> + kfree(options->policydigest);
> + kfree(options);
> +}
> +
> static struct trusted_key_payload *trusted_payload_alloc(struct key *key)
> {
> struct trusted_key_payload *p = NULL;
> @@ -1010,7 +1052,7 @@ static int trusted_instantiate(struct key *key,
> ret = pcrlock(options->pcrlock);
> out:
> kfree(datablob);
> - kfree(options);
> + trusted_options_free(options);
> if (!ret)
> rcu_assign_keypointer(key, payload);
> else
> @@ -1098,7 +1140,7 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
> call_rcu(&p->rcu, trusted_rcu_free);
> out:
> kfree(datablob);
> - kfree(new_o);
> + trusted_options_free(new_o);
> return ret;
> }
>
> --
> 2.5.0
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "Re: [PATCH] USB: quirks: Fix another ELAN touchscreen"
Previous message: Pali RohÃr: "Re: [PATCH] dell-rbtn: Ignore ACPI notifications if device is suspended"
In reply to: Jarkko Sakkinen: "Re: [PATCH 2/2] keys, trusted: seal with a policy"
Next in thread: Jarkko Sakkinen: "[PATCH 1/2] keys, trusted: select hash algorithm for TPM2 chips"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]