Re: [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy

From: Jarkko Sakkinen
Date: Mon Dec 14 2015 - 09:56:40 EST


On Mon, Dec 14, 2015 at 08:49:00AM -0500, Mimi Zohar wrote:
> On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote:
> > TPM2 supports authorization policies, which are essentially
> > combinational logic statements repsenting the conditions where the data
> > can be unsealed based on the TPM state. This patch enables to use
> > authorization policies to seal trusted keys.
> >
> > Two following new options have been added for trusted keys:
> >
> > * 'policydigest=': provide an auth policy digest for sealing.
> > * 'policyhandle=': provide a policy session handle for unsealing.
> >
> > If 'hash=' option is supplied after 'policydigest=' option, this
> > will result an error because the state of the option would become
> > mixed.
> >
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> > Tested-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> > ---
> > Documentation/security/keys-trusted-encrypted.txt | 34 +++++++++++++----------
> > drivers/char/tpm/tpm2-cmd.c | 24 +++++++++++++---
> > include/keys/trusted-type.h | 4 +++
> > security/keys/trusted.c | 26 +++++++++++++++++
> > 4 files changed, 70 insertions(+), 18 deletions(-)
> >
> > diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt
> > index fd2565b..324ddf5 100644
> > --- a/Documentation/security/keys-trusted-encrypted.txt
> > +++ b/Documentation/security/keys-trusted-encrypted.txt
> > @@ -27,20 +27,26 @@ Usage:
> > keyctl print keyid
> >
> > options:
> > - keyhandle= ascii hex value of sealing key default 0x40000000 (SRK)
> > - keyauth= ascii hex auth for sealing key default 0x00...i
> > - (40 ascii zeros)
> > - blobauth= ascii hex auth for sealed data default 0x00...
> > - (40 ascii zeros)
> > - blobauth= ascii hex auth for sealed data default 0x00...
> > - (40 ascii zeros)
> > - pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> > - pcrlock= pcr number to be extended to "lock" blob
> > - migratable= 0|1 indicating permission to reseal to new PCR values,
> > - default 1 (resealing allowed)
> > - hash= hash algorithm name as a string. For TPM 1.x the only
> > - allowed value is sha1. For TPM 2.x the allowed values
> > - are sha1, sha256, sha384, sha512 and sm3-256.
> > + keyhandle= ascii hex value of sealing key default 0x40000000 (SRK)
> > + keyauth= ascii hex auth for sealing key default 0x00...i
> > + (40 ascii zeros)
> > + blobauth= ascii hex auth for sealed data default 0x00...
> > + (40 ascii zeros)
> > + blobauth= ascii hex auth for sealed data default 0x00...
> > + (40 ascii zeros)
> > + pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> > + pcrlock= pcr number to be extended to "lock" blob
> > + migratable= 0|1 indicating permission to reseal to new PCR values,
> > + default 1 (resealing allowed)
> > + hash= hash algorithm name as a string. For TPM 1.x the only
> > + allowed value is sha1. For TPM 2.x the allowed values
> > + are sha1, sha256, sha384, sha512 and sm3-256.
> > + policydigest= digest for the authorization policy. must be calculated
> > + with the same hash algorithm as specified by the 'hash='
> > + option.
> > + policyhandle= handle to an authorization policy session that defines the
> > + same policy and with the same hash algorithm as was used to
> > + seal the key.
> >
> > "keyctl print" returns an ascii hex copy of the sealed key, which is in standard
> > TPM_STORED_DATA format. The key length for new keys are always in bytes.
> > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> > index d9d0822..45a6340 100644
> > --- a/drivers/char/tpm/tpm2-cmd.c
> > +++ b/drivers/char/tpm/tpm2-cmd.c
> > @@ -478,12 +478,26 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> > tpm_buf_append_u8(&buf, payload->migratable);
> >
> > /* public */
> > - tpm_buf_append_u16(&buf, 14);
> > + if (options->policydigest)
> > + tpm_buf_append_u16(&buf, 14 + options->digest_len);
> > + else
> > + tpm_buf_append_u16(&buf, 14);
> >
> > tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
> > tpm_buf_append_u16(&buf, hash);
> > - tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
> > - tpm_buf_append_u16(&buf, 0); /* policy digest size */
> > +
> > + /* policy */
> > + if (options->policydigest) {
> > + tpm_buf_append_u32(&buf, 0);
> > + tpm_buf_append_u16(&buf, options->digest_len);
> > + tpm_buf_append(&buf, options->policydigest,
> > + options->digest_len);
> > + } else {
> > + tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
> > + tpm_buf_append_u16(&buf, 0);
> > + }
> > +
> > + /* public parameters */
> > tpm_buf_append_u16(&buf, TPM2_ALG_NULL);
> > tpm_buf_append_u16(&buf, 0);
> >
> > @@ -613,7 +627,9 @@ static int tpm2_unseal(struct tpm_chip *chip,
> > return rc;
> >
> > tpm_buf_append_u32(&buf, blob_handle);
> > - tpm2_buf_append_auth(&buf, TPM2_RS_PW,
> > + tpm2_buf_append_auth(&buf,
> > + options->policyhandle ?
> > + options->policyhandle : TPM2_RS_PW,
> > NULL /* nonce */, 0,
> > 0 /* session_attributes */,
> > options->blobauth /* hmac */,
> > diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
> > index a6a1008..42cf2d9 100644
> > --- a/include/keys/trusted-type.h
> > +++ b/include/keys/trusted-type.h
> > @@ -18,6 +18,7 @@
> > #define MAX_KEY_SIZE 128
> > #define MAX_BLOB_SIZE 512
> > #define MAX_PCRINFO_SIZE 64
> > +#define MAX_DIGEST_SIZE 64
> >
> > struct trusted_key_payload {
> > struct rcu_head rcu;
> > @@ -37,6 +38,9 @@ struct trusted_key_options {
> > unsigned char pcrinfo[MAX_PCRINFO_SIZE];
> > int pcrlock;
> > uint32_t hash;
> > + uint32_t digest_len;
> > + unsigned char policydigest[MAX_DIGEST_SIZE];
> > + uint32_t policyhandle;
> > };
> >
> > extern struct key_type key_type_trusted;
> > diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> > index 8f1300c..e15baf7 100644
> > --- a/security/keys/trusted.c
> > +++ b/security/keys/trusted.c
> > @@ -713,6 +713,8 @@ enum {
> > Opt_keyhandle, Opt_keyauth, Opt_blobauth,
> > Opt_pcrinfo, Opt_pcrlock, Opt_migratable,
> > Opt_hash,
> > + Opt_policydigest,
> > + Opt_policyhandle,
> > };
> >
> > static const match_table_t key_tokens = {
> > @@ -726,6 +728,8 @@ static const match_table_t key_tokens = {
> > {Opt_pcrlock, "pcrlock=%s"},
> > {Opt_migratable, "migratable=%s"},
> > {Opt_hash, "hash=%s"},
> > + {Opt_policydigest, "policydigest=%s"},
> > + {Opt_policyhandle, "policyhandle=%s"},
> > {Opt_err, NULL}
> > };
> >
> > @@ -748,6 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> > return tpm2;
> >
> > opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1;
> > + opt->digest_len = hash_digest_size[opt->hash];
> >
> > while ((p = strsep(&c, " \t"))) {
> > if (*p == '\0' || *p == ' ' || *p == '\t')
> > @@ -802,9 +807,13 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> > opt->pcrlock = lock;
> > break;
> > case Opt_hash:
> > + if (test_bit(Opt_policydigest, &token_mask))
> > + return -EINVAL;
>
> Thanks! Definitely better than having the test at the end of the while
> loop.

Yup, retrospectively the previous version looked like a mess. This is
now nicely localized change that cannot easily break the existing
functionality.

> Mimi

/Jarkko

>
> > for (i = 0; i < HASH_ALGO__LAST; i++) {
> > if (!strcmp(args[0].from, hash_algo_name[i])) {
> > opt->hash = i;
> > + opt->digest_len =
> > + hash_digest_size[opt->hash];
> > break;
> > }
> > }
> > @@ -815,6 +824,23 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> > return -EINVAL;
> > }
> > break;
> > + case Opt_policydigest:
> > + if (!tpm2 ||
> > + strlen(args[0].from) != (2 * opt->digest_len))
> > + return -EINVAL;
> > + res = hex2bin(opt->policydigest, args[0].from,
> > + opt->digest_len);
> > + if (res < 0)
> > + return -EINVAL;
> > + break;
> > + case Opt_policyhandle:
> > + if (!tpm2)
> > + return -EINVAL;
> > + res = kstrtoul(args[0].from, 16, &handle);
> > + if (res < 0)
> > + return -EINVAL;
> > + opt->policyhandle = handle;
> > + break;
> > default:
> > return -EINVAL;
> > }
>
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/