This source file includes following definitions.
- tpm_loadkey2
- tpm_flushspecific
- tpm_unbind
- tpm_sign
- asym_tpm_describe
- asym_tpm_destroy
- definite_length
- encode_tag_length
- derive_pub_key
- determine_akcipher
- tpm_key_query
- tpm_key_encrypt
- tpm_key_decrypt
- lookup_asn1
- tpm_key_sign
- tpm_key_eds_op
- tpm_key_verify_signature
- extract_key_parameters
- tpm_key_create
1
2 #define pr_fmt(fmt) "ASYM-TPM: "fmt
3 #include <linux/slab.h>
4 #include <linux/module.h>
5 #include <linux/export.h>
6 #include <linux/kernel.h>
7 #include <linux/seq_file.h>
8 #include <linux/scatterlist.h>
9 #include <linux/tpm.h>
10 #include <linux/tpm_command.h>
11 #include <crypto/akcipher.h>
12 #include <crypto/hash.h>
13 #include <crypto/sha.h>
14 #include <asm/unaligned.h>
15 #include <keys/asymmetric-subtype.h>
16 #include <keys/trusted.h>
17 #include <crypto/asym_tpm_subtype.h>
18 #include <crypto/public_key.h>
19
20 #define TPM_ORD_FLUSHSPECIFIC 186
21 #define TPM_ORD_LOADKEY2 65
22 #define TPM_ORD_UNBIND 30
23 #define TPM_ORD_SIGN 60
24 #define TPM_LOADKEY2_SIZE 59
25 #define TPM_FLUSHSPECIFIC_SIZE 18
26 #define TPM_UNBIND_SIZE 63
27 #define TPM_SIGN_SIZE 63
28
29 #define TPM_RT_KEY 0x00000001
30
31
32
33
34 static int tpm_loadkey2(struct tpm_buf *tb,
35 uint32_t keyhandle, unsigned char *keyauth,
36 const unsigned char *keyblob, int keybloblen,
37 uint32_t *newhandle)
38 {
39 unsigned char nonceodd[TPM_NONCE_SIZE];
40 unsigned char enonce[TPM_NONCE_SIZE];
41 unsigned char authdata[SHA1_DIGEST_SIZE];
42 uint32_t authhandle = 0;
43 unsigned char cont = 0;
44 uint32_t ordinal;
45 int ret;
46
47 ordinal = htonl(TPM_ORD_LOADKEY2);
48
49
50 ret = oiap(tb, &authhandle, enonce);
51 if (ret < 0) {
52 pr_info("oiap failed (%d)\n", ret);
53 return ret;
54 }
55
56
57 ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
58 if (ret < 0) {
59 pr_info("tpm_get_random failed (%d)\n", ret);
60 return ret;
61 }
62
63
64 ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
65 nonceodd, cont, sizeof(uint32_t), &ordinal,
66 keybloblen, keyblob, 0, 0);
67 if (ret < 0)
68 return ret;
69
70
71 INIT_BUF(tb);
72 store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
73 store32(tb, TPM_LOADKEY2_SIZE + keybloblen);
74 store32(tb, TPM_ORD_LOADKEY2);
75 store32(tb, keyhandle);
76 storebytes(tb, keyblob, keybloblen);
77 store32(tb, authhandle);
78 storebytes(tb, nonceodd, TPM_NONCE_SIZE);
79 store8(tb, cont);
80 storebytes(tb, authdata, SHA1_DIGEST_SIZE);
81
82 ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
83 if (ret < 0) {
84 pr_info("authhmac failed (%d)\n", ret);
85 return ret;
86 }
87
88 ret = TSS_checkhmac1(tb->data, ordinal, nonceodd, keyauth,
89 SHA1_DIGEST_SIZE, 0, 0);
90 if (ret < 0) {
91 pr_info("TSS_checkhmac1 failed (%d)\n", ret);
92 return ret;
93 }
94
95 *newhandle = LOAD32(tb->data, TPM_DATA_OFFSET);
96 return 0;
97 }
98
99
100
101
102 static int tpm_flushspecific(struct tpm_buf *tb, uint32_t handle)
103 {
104 INIT_BUF(tb);
105 store16(tb, TPM_TAG_RQU_COMMAND);
106 store32(tb, TPM_FLUSHSPECIFIC_SIZE);
107 store32(tb, TPM_ORD_FLUSHSPECIFIC);
108 store32(tb, handle);
109 store32(tb, TPM_RT_KEY);
110
111 return trusted_tpm_send(tb->data, MAX_BUF_SIZE);
112 }
113
114
115
116
117
118 static int tpm_unbind(struct tpm_buf *tb,
119 uint32_t keyhandle, unsigned char *keyauth,
120 const unsigned char *blob, uint32_t bloblen,
121 void *out, uint32_t outlen)
122 {
123 unsigned char nonceodd[TPM_NONCE_SIZE];
124 unsigned char enonce[TPM_NONCE_SIZE];
125 unsigned char authdata[SHA1_DIGEST_SIZE];
126 uint32_t authhandle = 0;
127 unsigned char cont = 0;
128 uint32_t ordinal;
129 uint32_t datalen;
130 int ret;
131
132 ordinal = htonl(TPM_ORD_UNBIND);
133 datalen = htonl(bloblen);
134
135
136 ret = oiap(tb, &authhandle, enonce);
137 if (ret < 0) {
138 pr_info("oiap failed (%d)\n", ret);
139 return ret;
140 }
141
142
143 ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
144 if (ret < 0) {
145 pr_info("tpm_get_random failed (%d)\n", ret);
146 return ret;
147 }
148
149
150 ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
151 nonceodd, cont, sizeof(uint32_t), &ordinal,
152 sizeof(uint32_t), &datalen,
153 bloblen, blob, 0, 0);
154 if (ret < 0)
155 return ret;
156
157
158 INIT_BUF(tb);
159 store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
160 store32(tb, TPM_UNBIND_SIZE + bloblen);
161 store32(tb, TPM_ORD_UNBIND);
162 store32(tb, keyhandle);
163 store32(tb, bloblen);
164 storebytes(tb, blob, bloblen);
165 store32(tb, authhandle);
166 storebytes(tb, nonceodd, TPM_NONCE_SIZE);
167 store8(tb, cont);
168 storebytes(tb, authdata, SHA1_DIGEST_SIZE);
169
170 ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
171 if (ret < 0) {
172 pr_info("authhmac failed (%d)\n", ret);
173 return ret;
174 }
175
176 datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
177
178 ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
179 keyauth, SHA1_DIGEST_SIZE,
180 sizeof(uint32_t), TPM_DATA_OFFSET,
181 datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
182 0, 0);
183 if (ret < 0) {
184 pr_info("TSS_checkhmac1 failed (%d)\n", ret);
185 return ret;
186 }
187
188 memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
189 min(outlen, datalen));
190
191 return datalen;
192 }
193
194
195
196
197
198
199
200
201
202
203
204 static int tpm_sign(struct tpm_buf *tb,
205 uint32_t keyhandle, unsigned char *keyauth,
206 const unsigned char *blob, uint32_t bloblen,
207 void *out, uint32_t outlen)
208 {
209 unsigned char nonceodd[TPM_NONCE_SIZE];
210 unsigned char enonce[TPM_NONCE_SIZE];
211 unsigned char authdata[SHA1_DIGEST_SIZE];
212 uint32_t authhandle = 0;
213 unsigned char cont = 0;
214 uint32_t ordinal;
215 uint32_t datalen;
216 int ret;
217
218 ordinal = htonl(TPM_ORD_SIGN);
219 datalen = htonl(bloblen);
220
221
222 ret = oiap(tb, &authhandle, enonce);
223 if (ret < 0) {
224 pr_info("oiap failed (%d)\n", ret);
225 return ret;
226 }
227
228
229 ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
230 if (ret < 0) {
231 pr_info("tpm_get_random failed (%d)\n", ret);
232 return ret;
233 }
234
235
236 ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
237 nonceodd, cont, sizeof(uint32_t), &ordinal,
238 sizeof(uint32_t), &datalen,
239 bloblen, blob, 0, 0);
240 if (ret < 0)
241 return ret;
242
243
244 INIT_BUF(tb);
245 store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
246 store32(tb, TPM_SIGN_SIZE + bloblen);
247 store32(tb, TPM_ORD_SIGN);
248 store32(tb, keyhandle);
249 store32(tb, bloblen);
250 storebytes(tb, blob, bloblen);
251 store32(tb, authhandle);
252 storebytes(tb, nonceodd, TPM_NONCE_SIZE);
253 store8(tb, cont);
254 storebytes(tb, authdata, SHA1_DIGEST_SIZE);
255
256 ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
257 if (ret < 0) {
258 pr_info("authhmac failed (%d)\n", ret);
259 return ret;
260 }
261
262 datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
263
264 ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
265 keyauth, SHA1_DIGEST_SIZE,
266 sizeof(uint32_t), TPM_DATA_OFFSET,
267 datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
268 0, 0);
269 if (ret < 0) {
270 pr_info("TSS_checkhmac1 failed (%d)\n", ret);
271 return ret;
272 }
273
274 memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
275 min(datalen, outlen));
276
277 return datalen;
278 }
279
280
281 #define SETKEY_PARAMS_SIZE (sizeof(u32) * 2)
282
283
284
285
286
287
288
289
290
291
292
293
294
295 #define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3 + SETKEY_PARAMS_SIZE)
296
297
298
299
300 static void asym_tpm_describe(const struct key *asymmetric_key,
301 struct seq_file *m)
302 {
303 struct tpm_key *tk = asymmetric_key->payload.data[asym_crypto];
304
305 if (!tk)
306 return;
307
308 seq_printf(m, "TPM1.2/Blob");
309 }
310
311 static void asym_tpm_destroy(void *payload0, void *payload3)
312 {
313 struct tpm_key *tk = payload0;
314
315 if (!tk)
316 return;
317
318 kfree(tk->blob);
319 tk->blob_len = 0;
320
321 kfree(tk);
322 }
323
324
325 static inline uint32_t definite_length(uint32_t len)
326 {
327 if (len <= 127)
328 return 1;
329 if (len <= 255)
330 return 2;
331 return 3;
332 }
333
334 static inline uint8_t *encode_tag_length(uint8_t *buf, uint8_t tag,
335 uint32_t len)
336 {
337 *buf++ = tag;
338
339 if (len <= 127) {
340 buf[0] = len;
341 return buf + 1;
342 }
343
344 if (len <= 255) {
345 buf[0] = 0x81;
346 buf[1] = len;
347 return buf + 2;
348 }
349
350 buf[0] = 0x82;
351 put_unaligned_be16(len, buf + 1);
352 return buf + 3;
353 }
354
355 static uint32_t derive_pub_key(const void *pub_key, uint32_t len, uint8_t *buf)
356 {
357 uint8_t *cur = buf;
358 uint32_t n_len = definite_length(len) + 1 + len + 1;
359 uint32_t e_len = definite_length(3) + 1 + 3;
360 uint8_t e[3] = { 0x01, 0x00, 0x01 };
361
362
363 cur = encode_tag_length(cur, 0x30, n_len + e_len);
364
365 cur = encode_tag_length(cur, 0x02, len + 1);
366 cur[0] = 0x00;
367 memcpy(cur + 1, pub_key, len);
368 cur += len + 1;
369 cur = encode_tag_length(cur, 0x02, sizeof(e));
370 memcpy(cur, e, sizeof(e));
371 cur += sizeof(e);
372
373 memset(cur, 0, SETKEY_PARAMS_SIZE);
374
375 return cur - buf;
376 }
377
378
379
380
381 static int determine_akcipher(const char *encoding, const char *hash_algo,
382 char alg_name[CRYPTO_MAX_ALG_NAME])
383 {
384 if (strcmp(encoding, "pkcs1") == 0) {
385 if (!hash_algo) {
386 strcpy(alg_name, "pkcs1pad(rsa)");
387 return 0;
388 }
389
390 if (snprintf(alg_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(rsa,%s)",
391 hash_algo) >= CRYPTO_MAX_ALG_NAME)
392 return -EINVAL;
393
394 return 0;
395 }
396
397 if (strcmp(encoding, "raw") == 0) {
398 strcpy(alg_name, "rsa");
399 return 0;
400 }
401
402 return -ENOPKG;
403 }
404
405
406
407
408 static int tpm_key_query(const struct kernel_pkey_params *params,
409 struct kernel_pkey_query *info)
410 {
411 struct tpm_key *tk = params->key->payload.data[asym_crypto];
412 int ret;
413 char alg_name[CRYPTO_MAX_ALG_NAME];
414 struct crypto_akcipher *tfm;
415 uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
416 uint32_t der_pub_key_len;
417 int len;
418
419
420 ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
421 if (ret < 0)
422 return ret;
423
424 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
425 if (IS_ERR(tfm))
426 return PTR_ERR(tfm);
427
428 der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
429 der_pub_key);
430
431 ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
432 if (ret < 0)
433 goto error_free_tfm;
434
435 len = crypto_akcipher_maxsize(tfm);
436
437 info->key_size = tk->key_len;
438 info->max_data_size = tk->key_len / 8;
439 info->max_sig_size = len;
440 info->max_enc_size = len;
441 info->max_dec_size = tk->key_len / 8;
442
443 info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT |
444 KEYCTL_SUPPORTS_DECRYPT |
445 KEYCTL_SUPPORTS_VERIFY |
446 KEYCTL_SUPPORTS_SIGN;
447
448 ret = 0;
449 error_free_tfm:
450 crypto_free_akcipher(tfm);
451 pr_devel("<==%s() = %d\n", __func__, ret);
452 return ret;
453 }
454
455
456
457
458
459 static int tpm_key_encrypt(struct tpm_key *tk,
460 struct kernel_pkey_params *params,
461 const void *in, void *out)
462 {
463 char alg_name[CRYPTO_MAX_ALG_NAME];
464 struct crypto_akcipher *tfm;
465 struct akcipher_request *req;
466 struct crypto_wait cwait;
467 struct scatterlist in_sg, out_sg;
468 uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
469 uint32_t der_pub_key_len;
470 int ret;
471
472 pr_devel("==>%s()\n", __func__);
473
474 ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
475 if (ret < 0)
476 return ret;
477
478 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
479 if (IS_ERR(tfm))
480 return PTR_ERR(tfm);
481
482 der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
483 der_pub_key);
484
485 ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
486 if (ret < 0)
487 goto error_free_tfm;
488
489 ret = -ENOMEM;
490 req = akcipher_request_alloc(tfm, GFP_KERNEL);
491 if (!req)
492 goto error_free_tfm;
493
494 sg_init_one(&in_sg, in, params->in_len);
495 sg_init_one(&out_sg, out, params->out_len);
496 akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
497 params->out_len);
498 crypto_init_wait(&cwait);
499 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
500 CRYPTO_TFM_REQ_MAY_SLEEP,
501 crypto_req_done, &cwait);
502
503 ret = crypto_akcipher_encrypt(req);
504 ret = crypto_wait_req(ret, &cwait);
505
506 if (ret == 0)
507 ret = req->dst_len;
508
509 akcipher_request_free(req);
510 error_free_tfm:
511 crypto_free_akcipher(tfm);
512 pr_devel("<==%s() = %d\n", __func__, ret);
513 return ret;
514 }
515
516
517
518
519 static int tpm_key_decrypt(struct tpm_key *tk,
520 struct kernel_pkey_params *params,
521 const void *in, void *out)
522 {
523 struct tpm_buf *tb;
524 uint32_t keyhandle;
525 uint8_t srkauth[SHA1_DIGEST_SIZE];
526 uint8_t keyauth[SHA1_DIGEST_SIZE];
527 int r;
528
529 pr_devel("==>%s()\n", __func__);
530
531 if (params->hash_algo)
532 return -ENOPKG;
533
534 if (strcmp(params->encoding, "pkcs1"))
535 return -ENOPKG;
536
537 tb = kzalloc(sizeof(*tb), GFP_KERNEL);
538 if (!tb)
539 return -ENOMEM;
540
541
542 memset(srkauth, 0, sizeof(srkauth));
543
544 r = tpm_loadkey2(tb, SRKHANDLE, srkauth,
545 tk->blob, tk->blob_len, &keyhandle);
546 if (r < 0) {
547 pr_devel("loadkey2 failed (%d)\n", r);
548 goto error;
549 }
550
551
552 memset(keyauth, 0, sizeof(keyauth));
553
554 r = tpm_unbind(tb, keyhandle, keyauth,
555 in, params->in_len, out, params->out_len);
556 if (r < 0)
557 pr_devel("tpm_unbind failed (%d)\n", r);
558
559 if (tpm_flushspecific(tb, keyhandle) < 0)
560 pr_devel("flushspecific failed (%d)\n", r);
561
562 error:
563 kzfree(tb);
564 pr_devel("<==%s() = %d\n", __func__, r);
565 return r;
566 }
567
568
569
570
571 static const u8 digest_info_md5[] = {
572 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
573 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05,
574 0x05, 0x00, 0x04, 0x10
575 };
576
577 static const u8 digest_info_sha1[] = {
578 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
579 0x2b, 0x0e, 0x03, 0x02, 0x1a,
580 0x05, 0x00, 0x04, 0x14
581 };
582
583 static const u8 digest_info_rmd160[] = {
584 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
585 0x2b, 0x24, 0x03, 0x02, 0x01,
586 0x05, 0x00, 0x04, 0x14
587 };
588
589 static const u8 digest_info_sha224[] = {
590 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
591 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
592 0x05, 0x00, 0x04, 0x1c
593 };
594
595 static const u8 digest_info_sha256[] = {
596 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
597 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
598 0x05, 0x00, 0x04, 0x20
599 };
600
601 static const u8 digest_info_sha384[] = {
602 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
603 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
604 0x05, 0x00, 0x04, 0x30
605 };
606
607 static const u8 digest_info_sha512[] = {
608 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
609 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
610 0x05, 0x00, 0x04, 0x40
611 };
612
613 static const struct asn1_template {
614 const char *name;
615 const u8 *data;
616 size_t size;
617 } asn1_templates[] = {
618 #define _(X) { #X, digest_info_##X, sizeof(digest_info_##X) }
619 _(md5),
620 _(sha1),
621 _(rmd160),
622 _(sha256),
623 _(sha384),
624 _(sha512),
625 _(sha224),
626 { NULL }
627 #undef _
628 };
629
630 static const struct asn1_template *lookup_asn1(const char *name)
631 {
632 const struct asn1_template *p;
633
634 for (p = asn1_templates; p->name; p++)
635 if (strcmp(name, p->name) == 0)
636 return p;
637 return NULL;
638 }
639
640
641
642
643 static int tpm_key_sign(struct tpm_key *tk,
644 struct kernel_pkey_params *params,
645 const void *in, void *out)
646 {
647 struct tpm_buf *tb;
648 uint32_t keyhandle;
649 uint8_t srkauth[SHA1_DIGEST_SIZE];
650 uint8_t keyauth[SHA1_DIGEST_SIZE];
651 void *asn1_wrapped = NULL;
652 uint32_t in_len = params->in_len;
653 int r;
654
655 pr_devel("==>%s()\n", __func__);
656
657 if (strcmp(params->encoding, "pkcs1"))
658 return -ENOPKG;
659
660 if (params->hash_algo) {
661 const struct asn1_template *asn1 =
662 lookup_asn1(params->hash_algo);
663
664 if (!asn1)
665 return -ENOPKG;
666
667
668 asn1_wrapped = kzalloc(in_len + asn1->size, GFP_KERNEL);
669 if (!asn1_wrapped)
670 return -ENOMEM;
671
672
673 memcpy(asn1_wrapped, asn1->data, asn1->size);
674 memcpy(asn1_wrapped + asn1->size, in, in_len);
675
676 in = asn1_wrapped;
677 in_len += asn1->size;
678 }
679
680 if (in_len > tk->key_len / 8 - 11) {
681 r = -EOVERFLOW;
682 goto error_free_asn1_wrapped;
683 }
684
685 r = -ENOMEM;
686 tb = kzalloc(sizeof(*tb), GFP_KERNEL);
687 if (!tb)
688 goto error_free_asn1_wrapped;
689
690
691 memset(srkauth, 0, sizeof(srkauth));
692
693 r = tpm_loadkey2(tb, SRKHANDLE, srkauth,
694 tk->blob, tk->blob_len, &keyhandle);
695 if (r < 0) {
696 pr_devel("loadkey2 failed (%d)\n", r);
697 goto error_free_tb;
698 }
699
700
701 memset(keyauth, 0, sizeof(keyauth));
702
703 r = tpm_sign(tb, keyhandle, keyauth, in, in_len, out, params->out_len);
704 if (r < 0)
705 pr_devel("tpm_sign failed (%d)\n", r);
706
707 if (tpm_flushspecific(tb, keyhandle) < 0)
708 pr_devel("flushspecific failed (%d)\n", r);
709
710 error_free_tb:
711 kzfree(tb);
712 error_free_asn1_wrapped:
713 kfree(asn1_wrapped);
714 pr_devel("<==%s() = %d\n", __func__, r);
715 return r;
716 }
717
718
719
720
721 static int tpm_key_eds_op(struct kernel_pkey_params *params,
722 const void *in, void *out)
723 {
724 struct tpm_key *tk = params->key->payload.data[asym_crypto];
725 int ret = -EOPNOTSUPP;
726
727
728 switch (params->op) {
729 case kernel_pkey_encrypt:
730 ret = tpm_key_encrypt(tk, params, in, out);
731 break;
732 case kernel_pkey_decrypt:
733 ret = tpm_key_decrypt(tk, params, in, out);
734 break;
735 case kernel_pkey_sign:
736 ret = tpm_key_sign(tk, params, in, out);
737 break;
738 default:
739 BUG();
740 }
741
742 return ret;
743 }
744
745
746
747
748 static int tpm_key_verify_signature(const struct key *key,
749 const struct public_key_signature *sig)
750 {
751 const struct tpm_key *tk = key->payload.data[asym_crypto];
752 struct crypto_wait cwait;
753 struct crypto_akcipher *tfm;
754 struct akcipher_request *req;
755 struct scatterlist src_sg[2];
756 char alg_name[CRYPTO_MAX_ALG_NAME];
757 uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
758 uint32_t der_pub_key_len;
759 int ret;
760
761 pr_devel("==>%s()\n", __func__);
762
763 BUG_ON(!tk);
764 BUG_ON(!sig);
765 BUG_ON(!sig->s);
766
767 if (!sig->digest)
768 return -ENOPKG;
769
770 ret = determine_akcipher(sig->encoding, sig->hash_algo, alg_name);
771 if (ret < 0)
772 return ret;
773
774 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
775 if (IS_ERR(tfm))
776 return PTR_ERR(tfm);
777
778 der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
779 der_pub_key);
780
781 ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
782 if (ret < 0)
783 goto error_free_tfm;
784
785 ret = -ENOMEM;
786 req = akcipher_request_alloc(tfm, GFP_KERNEL);
787 if (!req)
788 goto error_free_tfm;
789
790 sg_init_table(src_sg, 2);
791 sg_set_buf(&src_sg[0], sig->s, sig->s_size);
792 sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
793 akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
794 sig->digest_size);
795 crypto_init_wait(&cwait);
796 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
797 CRYPTO_TFM_REQ_MAY_SLEEP,
798 crypto_req_done, &cwait);
799 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
800
801 akcipher_request_free(req);
802 error_free_tfm:
803 crypto_free_akcipher(tfm);
804 pr_devel("<==%s() = %d\n", __func__, ret);
805 if (WARN_ON_ONCE(ret > 0))
806 ret = -EINVAL;
807 return ret;
808 }
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830 static int extract_key_parameters(struct tpm_key *tk)
831 {
832 const void *cur = tk->blob;
833 uint32_t len = tk->blob_len;
834 const void *pub_key;
835 uint32_t sz;
836 uint32_t key_len;
837
838 if (len < 11)
839 return -EBADMSG;
840
841
842 if (get_unaligned_be16(cur + 4) != 0x0015)
843 return -EBADMSG;
844
845
846 cur += 11;
847 len -= 11;
848
849 if (len < 12)
850 return -EBADMSG;
851
852
853 if (get_unaligned_be32(cur) != 0x00000001)
854 return -EBADMSG;
855
856
857 if (get_unaligned_be16(cur + 4) != 0x0002)
858 return -EBADMSG;
859
860
861 if (get_unaligned_be16(cur + 6) != 0x0003)
862 return -EBADMSG;
863
864 sz = get_unaligned_be32(cur + 8);
865 if (len < sz + 12)
866 return -EBADMSG;
867
868
869 len -= 12;
870 cur += 12;
871
872
873 key_len = get_unaligned_be32(cur);
874
875 switch (key_len) {
876 case 512:
877 case 1024:
878 case 1536:
879 case 2048:
880 break;
881 default:
882 return -EINVAL;
883 }
884
885
886 cur += sz;
887 len -= sz;
888
889 if (len < 4)
890 return -EBADMSG;
891
892 sz = get_unaligned_be32(cur);
893 if (len < 4 + sz)
894 return -EBADMSG;
895
896
897 cur += 4 + sz;
898 len -= 4 + sz;
899
900
901 sz = get_unaligned_be32(cur);
902 if (sz > 256)
903 return -EINVAL;
904
905 pub_key = cur + 4;
906
907 tk->key_len = key_len;
908 tk->pub_key = pub_key;
909 tk->pub_key_len = sz;
910
911 return 0;
912 }
913
914
915 struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len)
916 {
917 int r;
918 struct tpm_key *tk;
919
920 r = tpm_is_tpm2(NULL);
921 if (r < 0)
922 goto error;
923
924
925 if (r > 0) {
926 r = -ENODEV;
927 goto error;
928 }
929
930 r = -ENOMEM;
931 tk = kzalloc(sizeof(struct tpm_key), GFP_KERNEL);
932 if (!tk)
933 goto error;
934
935 tk->blob = kmemdup(blob, blob_len, GFP_KERNEL);
936 if (!tk->blob)
937 goto error_memdup;
938
939 tk->blob_len = blob_len;
940
941 r = extract_key_parameters(tk);
942 if (r < 0)
943 goto error_extract;
944
945 return tk;
946
947 error_extract:
948 kfree(tk->blob);
949 tk->blob_len = 0;
950 error_memdup:
951 kfree(tk);
952 error:
953 return ERR_PTR(r);
954 }
955 EXPORT_SYMBOL_GPL(tpm_key_create);
956
957
958
959
960 struct asymmetric_key_subtype asym_tpm_subtype = {
961 .owner = THIS_MODULE,
962 .name = "asym_tpm",
963 .name_len = sizeof("asym_tpm") - 1,
964 .describe = asym_tpm_describe,
965 .destroy = asym_tpm_destroy,
966 .query = tpm_key_query,
967 .eds_op = tpm_key_eds_op,
968 .verify_signature = tpm_key_verify_signature,
969 };
970 EXPORT_SYMBOL_GPL(asym_tpm_subtype);
971
972 MODULE_DESCRIPTION("TPM based asymmetric key subtype");
973 MODULE_AUTHOR("Intel Corporation");
974 MODULE_LICENSE("GPL v2");