root/security/keys/trusted.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. init_sdesc
  2. TSS_sha1
  3. TSS_rawhmac
  4. TSS_authhmac
  5. TSS_checkhmac1
  6. TSS_checkhmac2
  7. trusted_tpm_send
  8. pcrlock
  9. osap
  10. oiap
  11. tpm_seal
  12. tpm_unseal
  13. key_seal
  14. key_unseal
  15. getoptions
  16. datablob_parse
  17. trusted_options_alloc
  18. trusted_payload_alloc
  19. trusted_instantiate
  20. trusted_rcu_free
  21. trusted_update
  22. trusted_read
  23. trusted_destroy
  24. trusted_shash_release
  25. trusted_shash_alloc
  26. init_digests
  27. init_trusted
  28. cleanup_trusted

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * Copyright (C) 2010 IBM Corporation
   4  *
   5  * Author:
   6  * David Safford <safford@us.ibm.com>
   7  *
   8  * See Documentation/security/keys/trusted-encrypted.rst
   9  */
  10 
  11 #include <crypto/hash_info.h>
  12 #include <linux/uaccess.h>
  13 #include <linux/module.h>
  14 #include <linux/init.h>
  15 #include <linux/slab.h>
  16 #include <linux/parser.h>
  17 #include <linux/string.h>
  18 #include <linux/err.h>
  19 #include <keys/user-type.h>
  20 #include <keys/trusted-type.h>
  21 #include <linux/key-type.h>
  22 #include <linux/rcupdate.h>
  23 #include <linux/crypto.h>
  24 #include <crypto/hash.h>
  25 #include <crypto/sha.h>
  26 #include <linux/capability.h>
  27 #include <linux/tpm.h>
  28 #include <linux/tpm_command.h>
  29 
  30 #include <keys/trusted.h>
  31 
  32 static const char hmac_alg[] = "hmac(sha1)";
  33 static const char hash_alg[] = "sha1";
  34 static struct tpm_chip *chip;
  35 static struct tpm_digest *digests;
  36 
  37 struct sdesc {
  38         struct shash_desc shash;
  39         char ctx[];
  40 };
  41 
  42 static struct crypto_shash *hashalg;
  43 static struct crypto_shash *hmacalg;
  44 
  45 static struct sdesc *init_sdesc(struct crypto_shash *alg)
  46 {
  47         struct sdesc *sdesc;
  48         int size;
  49 
  50         size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
  51         sdesc = kmalloc(size, GFP_KERNEL);
  52         if (!sdesc)
  53                 return ERR_PTR(-ENOMEM);
  54         sdesc->shash.tfm = alg;
  55         return sdesc;
  56 }
  57 
  58 static int TSS_sha1(const unsigned char *data, unsigned int datalen,
  59                     unsigned char *digest)
  60 {
  61         struct sdesc *sdesc;
  62         int ret;
  63 
  64         sdesc = init_sdesc(hashalg);
  65         if (IS_ERR(sdesc)) {
  66                 pr_info("trusted_key: can't alloc %s\n", hash_alg);
  67                 return PTR_ERR(sdesc);
  68         }
  69 
  70         ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
  71         kzfree(sdesc);
  72         return ret;
  73 }
  74 
  75 static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
  76                        unsigned int keylen, ...)
  77 {
  78         struct sdesc *sdesc;
  79         va_list argp;
  80         unsigned int dlen;
  81         unsigned char *data;
  82         int ret;
  83 
  84         sdesc = init_sdesc(hmacalg);
  85         if (IS_ERR(sdesc)) {
  86                 pr_info("trusted_key: can't alloc %s\n", hmac_alg);
  87                 return PTR_ERR(sdesc);
  88         }
  89 
  90         ret = crypto_shash_setkey(hmacalg, key, keylen);
  91         if (ret < 0)
  92                 goto out;
  93         ret = crypto_shash_init(&sdesc->shash);
  94         if (ret < 0)
  95                 goto out;
  96 
  97         va_start(argp, keylen);
  98         for (;;) {
  99                 dlen = va_arg(argp, unsigned int);
 100                 if (dlen == 0)
 101                         break;
 102                 data = va_arg(argp, unsigned char *);
 103                 if (data == NULL) {
 104                         ret = -EINVAL;
 105                         break;
 106                 }
 107                 ret = crypto_shash_update(&sdesc->shash, data, dlen);
 108                 if (ret < 0)
 109                         break;
 110         }
 111         va_end(argp);
 112         if (!ret)
 113                 ret = crypto_shash_final(&sdesc->shash, digest);
 114 out:
 115         kzfree(sdesc);
 116         return ret;
 117 }
 118 
 119 /*
 120  * calculate authorization info fields to send to TPM
 121  */
 122 int TSS_authhmac(unsigned char *digest, const unsigned char *key,
 123                         unsigned int keylen, unsigned char *h1,
 124                         unsigned char *h2, unsigned int h3, ...)
 125 {
 126         unsigned char paramdigest[SHA1_DIGEST_SIZE];
 127         struct sdesc *sdesc;
 128         unsigned int dlen;
 129         unsigned char *data;
 130         unsigned char c;
 131         int ret;
 132         va_list argp;
 133 
 134         if (!chip)
 135                 return -ENODEV;
 136 
 137         sdesc = init_sdesc(hashalg);
 138         if (IS_ERR(sdesc)) {
 139                 pr_info("trusted_key: can't alloc %s\n", hash_alg);
 140                 return PTR_ERR(sdesc);
 141         }
 142 
 143         c = !!h3;
 144         ret = crypto_shash_init(&sdesc->shash);
 145         if (ret < 0)
 146                 goto out;
 147         va_start(argp, h3);
 148         for (;;) {
 149                 dlen = va_arg(argp, unsigned int);
 150                 if (dlen == 0)
 151                         break;
 152                 data = va_arg(argp, unsigned char *);
 153                 if (!data) {
 154                         ret = -EINVAL;
 155                         break;
 156                 }
 157                 ret = crypto_shash_update(&sdesc->shash, data, dlen);
 158                 if (ret < 0)
 159                         break;
 160         }
 161         va_end(argp);
 162         if (!ret)
 163                 ret = crypto_shash_final(&sdesc->shash, paramdigest);
 164         if (!ret)
 165                 ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
 166                                   paramdigest, TPM_NONCE_SIZE, h1,
 167                                   TPM_NONCE_SIZE, h2, 1, &c, 0, 0);
 168 out:
 169         kzfree(sdesc);
 170         return ret;
 171 }
 172 EXPORT_SYMBOL_GPL(TSS_authhmac);
 173 
 174 /*
 175  * verify the AUTH1_COMMAND (Seal) result from TPM
 176  */
 177 int TSS_checkhmac1(unsigned char *buffer,
 178                           const uint32_t command,
 179                           const unsigned char *ononce,
 180                           const unsigned char *key,
 181                           unsigned int keylen, ...)
 182 {
 183         uint32_t bufsize;
 184         uint16_t tag;
 185         uint32_t ordinal;
 186         uint32_t result;
 187         unsigned char *enonce;
 188         unsigned char *continueflag;
 189         unsigned char *authdata;
 190         unsigned char testhmac[SHA1_DIGEST_SIZE];
 191         unsigned char paramdigest[SHA1_DIGEST_SIZE];
 192         struct sdesc *sdesc;
 193         unsigned int dlen;
 194         unsigned int dpos;
 195         va_list argp;
 196         int ret;
 197 
 198         if (!chip)
 199                 return -ENODEV;
 200 
 201         bufsize = LOAD32(buffer, TPM_SIZE_OFFSET);
 202         tag = LOAD16(buffer, 0);
 203         ordinal = command;
 204         result = LOAD32N(buffer, TPM_RETURN_OFFSET);
 205         if (tag == TPM_TAG_RSP_COMMAND)
 206                 return 0;
 207         if (tag != TPM_TAG_RSP_AUTH1_COMMAND)
 208                 return -EINVAL;
 209         authdata = buffer + bufsize - SHA1_DIGEST_SIZE;
 210         continueflag = authdata - 1;
 211         enonce = continueflag - TPM_NONCE_SIZE;
 212 
 213         sdesc = init_sdesc(hashalg);
 214         if (IS_ERR(sdesc)) {
 215                 pr_info("trusted_key: can't alloc %s\n", hash_alg);
 216                 return PTR_ERR(sdesc);
 217         }
 218         ret = crypto_shash_init(&sdesc->shash);
 219         if (ret < 0)
 220                 goto out;
 221         ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result,
 222                                   sizeof result);
 223         if (ret < 0)
 224                 goto out;
 225         ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal,
 226                                   sizeof ordinal);
 227         if (ret < 0)
 228                 goto out;
 229         va_start(argp, keylen);
 230         for (;;) {
 231                 dlen = va_arg(argp, unsigned int);
 232                 if (dlen == 0)
 233                         break;
 234                 dpos = va_arg(argp, unsigned int);
 235                 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
 236                 if (ret < 0)
 237                         break;
 238         }
 239         va_end(argp);
 240         if (!ret)
 241                 ret = crypto_shash_final(&sdesc->shash, paramdigest);
 242         if (ret < 0)
 243                 goto out;
 244 
 245         ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest,
 246                           TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce,
 247                           1, continueflag, 0, 0);
 248         if (ret < 0)
 249                 goto out;
 250 
 251         if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
 252                 ret = -EINVAL;
 253 out:
 254         kzfree(sdesc);
 255         return ret;
 256 }
 257 EXPORT_SYMBOL_GPL(TSS_checkhmac1);
 258 
 259 /*
 260  * verify the AUTH2_COMMAND (unseal) result from TPM
 261  */
 262 static int TSS_checkhmac2(unsigned char *buffer,
 263                           const uint32_t command,
 264                           const unsigned char *ononce,
 265                           const unsigned char *key1,
 266                           unsigned int keylen1,
 267                           const unsigned char *key2,
 268                           unsigned int keylen2, ...)
 269 {
 270         uint32_t bufsize;
 271         uint16_t tag;
 272         uint32_t ordinal;
 273         uint32_t result;
 274         unsigned char *enonce1;
 275         unsigned char *continueflag1;
 276         unsigned char *authdata1;
 277         unsigned char *enonce2;
 278         unsigned char *continueflag2;
 279         unsigned char *authdata2;
 280         unsigned char testhmac1[SHA1_DIGEST_SIZE];
 281         unsigned char testhmac2[SHA1_DIGEST_SIZE];
 282         unsigned char paramdigest[SHA1_DIGEST_SIZE];
 283         struct sdesc *sdesc;
 284         unsigned int dlen;
 285         unsigned int dpos;
 286         va_list argp;
 287         int ret;
 288 
 289         bufsize = LOAD32(buffer, TPM_SIZE_OFFSET);
 290         tag = LOAD16(buffer, 0);
 291         ordinal = command;
 292         result = LOAD32N(buffer, TPM_RETURN_OFFSET);
 293 
 294         if (tag == TPM_TAG_RSP_COMMAND)
 295                 return 0;
 296         if (tag != TPM_TAG_RSP_AUTH2_COMMAND)
 297                 return -EINVAL;
 298         authdata1 = buffer + bufsize - (SHA1_DIGEST_SIZE + 1
 299                         + SHA1_DIGEST_SIZE + SHA1_DIGEST_SIZE);
 300         authdata2 = buffer + bufsize - (SHA1_DIGEST_SIZE);
 301         continueflag1 = authdata1 - 1;
 302         continueflag2 = authdata2 - 1;
 303         enonce1 = continueflag1 - TPM_NONCE_SIZE;
 304         enonce2 = continueflag2 - TPM_NONCE_SIZE;
 305 
 306         sdesc = init_sdesc(hashalg);
 307         if (IS_ERR(sdesc)) {
 308                 pr_info("trusted_key: can't alloc %s\n", hash_alg);
 309                 return PTR_ERR(sdesc);
 310         }
 311         ret = crypto_shash_init(&sdesc->shash);
 312         if (ret < 0)
 313                 goto out;
 314         ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result,
 315                                   sizeof result);
 316         if (ret < 0)
 317                 goto out;
 318         ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal,
 319                                   sizeof ordinal);
 320         if (ret < 0)
 321                 goto out;
 322 
 323         va_start(argp, keylen2);
 324         for (;;) {
 325                 dlen = va_arg(argp, unsigned int);
 326                 if (dlen == 0)
 327                         break;
 328                 dpos = va_arg(argp, unsigned int);
 329                 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
 330                 if (ret < 0)
 331                         break;
 332         }
 333         va_end(argp);
 334         if (!ret)
 335                 ret = crypto_shash_final(&sdesc->shash, paramdigest);
 336         if (ret < 0)
 337                 goto out;
 338 
 339         ret = TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE,
 340                           paramdigest, TPM_NONCE_SIZE, enonce1,
 341                           TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
 342         if (ret < 0)
 343                 goto out;
 344         if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
 345                 ret = -EINVAL;
 346                 goto out;
 347         }
 348         ret = TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE,
 349                           paramdigest, TPM_NONCE_SIZE, enonce2,
 350                           TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
 351         if (ret < 0)
 352                 goto out;
 353         if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
 354                 ret = -EINVAL;
 355 out:
 356         kzfree(sdesc);
 357         return ret;
 358 }
 359 
 360 /*
 361  * For key specific tpm requests, we will generate and send our
 362  * own TPM command packets using the drivers send function.
 363  */
 364 int trusted_tpm_send(unsigned char *cmd, size_t buflen)
 365 {
 366         int rc;
 367 
 368         if (!chip)
 369                 return -ENODEV;
 370 
 371         dump_tpm_buf(cmd);
 372         rc = tpm_send(chip, cmd, buflen);
 373         dump_tpm_buf(cmd);
 374         if (rc > 0)
 375                 /* Can't return positive return codes values to keyctl */
 376                 rc = -EPERM;
 377         return rc;
 378 }
 379 EXPORT_SYMBOL_GPL(trusted_tpm_send);
 380 
 381 /*
 382  * Lock a trusted key, by extending a selected PCR.
 383  *
 384  * Prevents a trusted key that is sealed to PCRs from being accessed.
 385  * This uses the tpm driver's extend function.
 386  */
 387 static int pcrlock(const int pcrnum)
 388 {
 389         if (!capable(CAP_SYS_ADMIN))
 390                 return -EPERM;
 391 
 392         return tpm_pcr_extend(chip, pcrnum, digests) ? -EINVAL : 0;
 393 }
 394 
 395 /*
 396  * Create an object specific authorisation protocol (OSAP) session
 397  */
 398 static int osap(struct tpm_buf *tb, struct osapsess *s,
 399                 const unsigned char *key, uint16_t type, uint32_t handle)
 400 {
 401         unsigned char enonce[TPM_NONCE_SIZE];
 402         unsigned char ononce[TPM_NONCE_SIZE];
 403         int ret;
 404 
 405         ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
 406         if (ret != TPM_NONCE_SIZE)
 407                 return ret;
 408 
 409         INIT_BUF(tb);
 410         store16(tb, TPM_TAG_RQU_COMMAND);
 411         store32(tb, TPM_OSAP_SIZE);
 412         store32(tb, TPM_ORD_OSAP);
 413         store16(tb, type);
 414         store32(tb, handle);
 415         storebytes(tb, ononce, TPM_NONCE_SIZE);
 416 
 417         ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
 418         if (ret < 0)
 419                 return ret;
 420 
 421         s->handle = LOAD32(tb->data, TPM_DATA_OFFSET);
 422         memcpy(s->enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)]),
 423                TPM_NONCE_SIZE);
 424         memcpy(enonce, &(tb->data[TPM_DATA_OFFSET + sizeof(uint32_t) +
 425                                   TPM_NONCE_SIZE]), TPM_NONCE_SIZE);
 426         return TSS_rawhmac(s->secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE,
 427                            enonce, TPM_NONCE_SIZE, ononce, 0, 0);
 428 }
 429 
 430 /*
 431  * Create an object independent authorisation protocol (oiap) session
 432  */
 433 int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
 434 {
 435         int ret;
 436 
 437         if (!chip)
 438                 return -ENODEV;
 439 
 440         INIT_BUF(tb);
 441         store16(tb, TPM_TAG_RQU_COMMAND);
 442         store32(tb, TPM_OIAP_SIZE);
 443         store32(tb, TPM_ORD_OIAP);
 444         ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
 445         if (ret < 0)
 446                 return ret;
 447 
 448         *handle = LOAD32(tb->data, TPM_DATA_OFFSET);
 449         memcpy(nonce, &tb->data[TPM_DATA_OFFSET + sizeof(uint32_t)],
 450                TPM_NONCE_SIZE);
 451         return 0;
 452 }
 453 EXPORT_SYMBOL_GPL(oiap);
 454 
 455 struct tpm_digests {
 456         unsigned char encauth[SHA1_DIGEST_SIZE];
 457         unsigned char pubauth[SHA1_DIGEST_SIZE];
 458         unsigned char xorwork[SHA1_DIGEST_SIZE * 2];
 459         unsigned char xorhash[SHA1_DIGEST_SIZE];
 460         unsigned char nonceodd[TPM_NONCE_SIZE];
 461 };
 462 
 463 /*
 464  * Have the TPM seal(encrypt) the trusted key, possibly based on
 465  * Platform Configuration Registers (PCRs). AUTH1 for sealing key.
 466  */
 467 static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
 468                     uint32_t keyhandle, const unsigned char *keyauth,
 469                     const unsigned char *data, uint32_t datalen,
 470                     unsigned char *blob, uint32_t *bloblen,
 471                     const unsigned char *blobauth,
 472                     const unsigned char *pcrinfo, uint32_t pcrinfosize)
 473 {
 474         struct osapsess sess;
 475         struct tpm_digests *td;
 476         unsigned char cont;
 477         uint32_t ordinal;
 478         uint32_t pcrsize;
 479         uint32_t datsize;
 480         int sealinfosize;
 481         int encdatasize;
 482         int storedsize;
 483         int ret;
 484         int i;
 485 
 486         /* alloc some work space for all the hashes */
 487         td = kmalloc(sizeof *td, GFP_KERNEL);
 488         if (!td)
 489                 return -ENOMEM;
 490 
 491         /* get session for sealing key */
 492         ret = osap(tb, &sess, keyauth, keytype, keyhandle);
 493         if (ret < 0)
 494                 goto out;
 495         dump_sess(&sess);
 496 
 497         /* calculate encrypted authorization value */
 498         memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE);
 499         memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE);
 500         ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash);
 501         if (ret < 0)
 502                 goto out;
 503 
 504         ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
 505         if (ret != TPM_NONCE_SIZE)
 506                 goto out;
 507         ordinal = htonl(TPM_ORD_SEAL);
 508         datsize = htonl(datalen);
 509         pcrsize = htonl(pcrinfosize);
 510         cont = 0;
 511 
 512         /* encrypt data authorization key */
 513         for (i = 0; i < SHA1_DIGEST_SIZE; ++i)
 514                 td->encauth[i] = td->xorhash[i] ^ blobauth[i];
 515 
 516         /* calculate authorization HMAC value */
 517         if (pcrinfosize == 0) {
 518                 /* no pcr info specified */
 519                 ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE,
 520                                    sess.enonce, td->nonceodd, cont,
 521                                    sizeof(uint32_t), &ordinal, SHA1_DIGEST_SIZE,
 522                                    td->encauth, sizeof(uint32_t), &pcrsize,
 523                                    sizeof(uint32_t), &datsize, datalen, data, 0,
 524                                    0);
 525         } else {
 526                 /* pcr info specified */
 527                 ret = TSS_authhmac(td->pubauth, sess.secret, SHA1_DIGEST_SIZE,
 528                                    sess.enonce, td->nonceodd, cont,
 529                                    sizeof(uint32_t), &ordinal, SHA1_DIGEST_SIZE,
 530                                    td->encauth, sizeof(uint32_t), &pcrsize,
 531                                    pcrinfosize, pcrinfo, sizeof(uint32_t),
 532                                    &datsize, datalen, data, 0, 0);
 533         }
 534         if (ret < 0)
 535                 goto out;
 536 
 537         /* build and send the TPM request packet */
 538         INIT_BUF(tb);
 539         store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
 540         store32(tb, TPM_SEAL_SIZE + pcrinfosize + datalen);
 541         store32(tb, TPM_ORD_SEAL);
 542         store32(tb, keyhandle);
 543         storebytes(tb, td->encauth, SHA1_DIGEST_SIZE);
 544         store32(tb, pcrinfosize);
 545         storebytes(tb, pcrinfo, pcrinfosize);
 546         store32(tb, datalen);
 547         storebytes(tb, data, datalen);
 548         store32(tb, sess.handle);
 549         storebytes(tb, td->nonceodd, TPM_NONCE_SIZE);
 550         store8(tb, cont);
 551         storebytes(tb, td->pubauth, SHA1_DIGEST_SIZE);
 552 
 553         ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
 554         if (ret < 0)
 555                 goto out;
 556 
 557         /* calculate the size of the returned Blob */
 558         sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t));
 559         encdatasize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t) +
 560                              sizeof(uint32_t) + sealinfosize);
 561         storedsize = sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize +
 562             sizeof(uint32_t) + encdatasize;
 563 
 564         /* check the HMAC in the response */
 565         ret = TSS_checkhmac1(tb->data, ordinal, td->nonceodd, sess.secret,
 566                              SHA1_DIGEST_SIZE, storedsize, TPM_DATA_OFFSET, 0,
 567                              0);
 568 
 569         /* copy the returned blob to caller */
 570         if (!ret) {
 571                 memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize);
 572                 *bloblen = storedsize;
 573         }
 574 out:
 575         kzfree(td);
 576         return ret;
 577 }
 578 
 579 /*
 580  * use the AUTH2_COMMAND form of unseal, to authorize both key and blob
 581  */
 582 static int tpm_unseal(struct tpm_buf *tb,
 583                       uint32_t keyhandle, const unsigned char *keyauth,
 584                       const unsigned char *blob, int bloblen,
 585                       const unsigned char *blobauth,
 586                       unsigned char *data, unsigned int *datalen)
 587 {
 588         unsigned char nonceodd[TPM_NONCE_SIZE];
 589         unsigned char enonce1[TPM_NONCE_SIZE];
 590         unsigned char enonce2[TPM_NONCE_SIZE];
 591         unsigned char authdata1[SHA1_DIGEST_SIZE];
 592         unsigned char authdata2[SHA1_DIGEST_SIZE];
 593         uint32_t authhandle1 = 0;
 594         uint32_t authhandle2 = 0;
 595         unsigned char cont = 0;
 596         uint32_t ordinal;
 597         uint32_t keyhndl;
 598         int ret;
 599 
 600         /* sessions for unsealing key and data */
 601         ret = oiap(tb, &authhandle1, enonce1);
 602         if (ret < 0) {
 603                 pr_info("trusted_key: oiap failed (%d)\n", ret);
 604                 return ret;
 605         }
 606         ret = oiap(tb, &authhandle2, enonce2);
 607         if (ret < 0) {
 608                 pr_info("trusted_key: oiap failed (%d)\n", ret);
 609                 return ret;
 610         }
 611 
 612         ordinal = htonl(TPM_ORD_UNSEAL);
 613         keyhndl = htonl(SRKHANDLE);
 614         ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
 615         if (ret != TPM_NONCE_SIZE) {
 616                 pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
 617                 return ret;
 618         }
 619         ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE,
 620                            enonce1, nonceodd, cont, sizeof(uint32_t),
 621                            &ordinal, bloblen, blob, 0, 0);
 622         if (ret < 0)
 623                 return ret;
 624         ret = TSS_authhmac(authdata2, blobauth, TPM_NONCE_SIZE,
 625                            enonce2, nonceodd, cont, sizeof(uint32_t),
 626                            &ordinal, bloblen, blob, 0, 0);
 627         if (ret < 0)
 628                 return ret;
 629 
 630         /* build and send TPM request packet */
 631         INIT_BUF(tb);
 632         store16(tb, TPM_TAG_RQU_AUTH2_COMMAND);
 633         store32(tb, TPM_UNSEAL_SIZE + bloblen);
 634         store32(tb, TPM_ORD_UNSEAL);
 635         store32(tb, keyhandle);
 636         storebytes(tb, blob, bloblen);
 637         store32(tb, authhandle1);
 638         storebytes(tb, nonceodd, TPM_NONCE_SIZE);
 639         store8(tb, cont);
 640         storebytes(tb, authdata1, SHA1_DIGEST_SIZE);
 641         store32(tb, authhandle2);
 642         storebytes(tb, nonceodd, TPM_NONCE_SIZE);
 643         store8(tb, cont);
 644         storebytes(tb, authdata2, SHA1_DIGEST_SIZE);
 645 
 646         ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
 647         if (ret < 0) {
 648                 pr_info("trusted_key: authhmac failed (%d)\n", ret);
 649                 return ret;
 650         }
 651 
 652         *datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
 653         ret = TSS_checkhmac2(tb->data, ordinal, nonceodd,
 654                              keyauth, SHA1_DIGEST_SIZE,
 655                              blobauth, SHA1_DIGEST_SIZE,
 656                              sizeof(uint32_t), TPM_DATA_OFFSET,
 657                              *datalen, TPM_DATA_OFFSET + sizeof(uint32_t), 0,
 658                              0);
 659         if (ret < 0) {
 660                 pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret);
 661                 return ret;
 662         }
 663         memcpy(data, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t), *datalen);
 664         return 0;
 665 }
 666 
 667 /*
 668  * Have the TPM seal(encrypt) the symmetric key
 669  */
 670 static int key_seal(struct trusted_key_payload *p,
 671                     struct trusted_key_options *o)
 672 {
 673         struct tpm_buf *tb;
 674         int ret;
 675 
 676         tb = kzalloc(sizeof *tb, GFP_KERNEL);
 677         if (!tb)
 678                 return -ENOMEM;
 679 
 680         /* include migratable flag at end of sealed key */
 681         p->key[p->key_len] = p->migratable;
 682 
 683         ret = tpm_seal(tb, o->keytype, o->keyhandle, o->keyauth,
 684                        p->key, p->key_len + 1, p->blob, &p->blob_len,
 685                        o->blobauth, o->pcrinfo, o->pcrinfo_len);
 686         if (ret < 0)
 687                 pr_info("trusted_key: srkseal failed (%d)\n", ret);
 688 
 689         kzfree(tb);
 690         return ret;
 691 }
 692 
 693 /*
 694  * Have the TPM unseal(decrypt) the symmetric key
 695  */
 696 static int key_unseal(struct trusted_key_payload *p,
 697                       struct trusted_key_options *o)
 698 {
 699         struct tpm_buf *tb;
 700         int ret;
 701 
 702         tb = kzalloc(sizeof *tb, GFP_KERNEL);
 703         if (!tb)
 704                 return -ENOMEM;
 705 
 706         ret = tpm_unseal(tb, o->keyhandle, o->keyauth, p->blob, p->blob_len,
 707                          o->blobauth, p->key, &p->key_len);
 708         if (ret < 0)
 709                 pr_info("trusted_key: srkunseal failed (%d)\n", ret);
 710         else
 711                 /* pull migratable flag out of sealed key */
 712                 p->migratable = p->key[--p->key_len];
 713 
 714         kzfree(tb);
 715         return ret;
 716 }
 717 
 718 enum {
 719         Opt_err,
 720         Opt_new, Opt_load, Opt_update,
 721         Opt_keyhandle, Opt_keyauth, Opt_blobauth,
 722         Opt_pcrinfo, Opt_pcrlock, Opt_migratable,
 723         Opt_hash,
 724         Opt_policydigest,
 725         Opt_policyhandle,
 726 };
 727 
 728 static const match_table_t key_tokens = {
 729         {Opt_new, "new"},
 730         {Opt_load, "load"},
 731         {Opt_update, "update"},
 732         {Opt_keyhandle, "keyhandle=%s"},
 733         {Opt_keyauth, "keyauth=%s"},
 734         {Opt_blobauth, "blobauth=%s"},
 735         {Opt_pcrinfo, "pcrinfo=%s"},
 736         {Opt_pcrlock, "pcrlock=%s"},
 737         {Opt_migratable, "migratable=%s"},
 738         {Opt_hash, "hash=%s"},
 739         {Opt_policydigest, "policydigest=%s"},
 740         {Opt_policyhandle, "policyhandle=%s"},
 741         {Opt_err, NULL}
 742 };
 743 
 744 /* can have zero or more token= options */
 745 static int getoptions(char *c, struct trusted_key_payload *pay,
 746                       struct trusted_key_options *opt)
 747 {
 748         substring_t args[MAX_OPT_ARGS];
 749         char *p = c;
 750         int token;
 751         int res;
 752         unsigned long handle;
 753         unsigned long lock;
 754         unsigned long token_mask = 0;
 755         unsigned int digest_len;
 756         int i;
 757         int tpm2;
 758 
 759         tpm2 = tpm_is_tpm2(chip);
 760         if (tpm2 < 0)
 761                 return tpm2;
 762 
 763         opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1;
 764 
 765         while ((p = strsep(&c, " \t"))) {
 766                 if (*p == '\0' || *p == ' ' || *p == '\t')
 767                         continue;
 768                 token = match_token(p, key_tokens, args);
 769                 if (test_and_set_bit(token, &token_mask))
 770                         return -EINVAL;
 771 
 772                 switch (token) {
 773                 case Opt_pcrinfo:
 774                         opt->pcrinfo_len = strlen(args[0].from) / 2;
 775                         if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
 776                                 return -EINVAL;
 777                         res = hex2bin(opt->pcrinfo, args[0].from,
 778                                       opt->pcrinfo_len);
 779                         if (res < 0)
 780                                 return -EINVAL;
 781                         break;
 782                 case Opt_keyhandle:
 783                         res = kstrtoul(args[0].from, 16, &handle);
 784                         if (res < 0)
 785                                 return -EINVAL;
 786                         opt->keytype = SEAL_keytype;
 787                         opt->keyhandle = handle;
 788                         break;
 789                 case Opt_keyauth:
 790                         if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
 791                                 return -EINVAL;
 792                         res = hex2bin(opt->keyauth, args[0].from,
 793                                       SHA1_DIGEST_SIZE);
 794                         if (res < 0)
 795                                 return -EINVAL;
 796                         break;
 797                 case Opt_blobauth:
 798                         if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
 799                                 return -EINVAL;
 800                         res = hex2bin(opt->blobauth, args[0].from,
 801                                       SHA1_DIGEST_SIZE);
 802                         if (res < 0)
 803                                 return -EINVAL;
 804                         break;
 805                 case Opt_migratable:
 806                         if (*args[0].from == '0')
 807                                 pay->migratable = 0;
 808                         else
 809                                 return -EINVAL;
 810                         break;
 811                 case Opt_pcrlock:
 812                         res = kstrtoul(args[0].from, 10, &lock);
 813                         if (res < 0)
 814                                 return -EINVAL;
 815                         opt->pcrlock = lock;
 816                         break;
 817                 case Opt_hash:
 818                         if (test_bit(Opt_policydigest, &token_mask))
 819                                 return -EINVAL;
 820                         for (i = 0; i < HASH_ALGO__LAST; i++) {
 821                                 if (!strcmp(args[0].from, hash_algo_name[i])) {
 822                                         opt->hash = i;
 823                                         break;
 824                                 }
 825                         }
 826                         if (i == HASH_ALGO__LAST)
 827                                 return -EINVAL;
 828                         if  (!tpm2 && i != HASH_ALGO_SHA1) {
 829                                 pr_info("trusted_key: TPM 1.x only supports SHA-1.\n");
 830                                 return -EINVAL;
 831                         }
 832                         break;
 833                 case Opt_policydigest:
 834                         digest_len = hash_digest_size[opt->hash];
 835                         if (!tpm2 || strlen(args[0].from) != (2 * digest_len))
 836                                 return -EINVAL;
 837                         res = hex2bin(opt->policydigest, args[0].from,
 838                                       digest_len);
 839                         if (res < 0)
 840                                 return -EINVAL;
 841                         opt->policydigest_len = digest_len;
 842                         break;
 843                 case Opt_policyhandle:
 844                         if (!tpm2)
 845                                 return -EINVAL;
 846                         res = kstrtoul(args[0].from, 16, &handle);
 847                         if (res < 0)
 848                                 return -EINVAL;
 849                         opt->policyhandle = handle;
 850                         break;
 851                 default:
 852                         return -EINVAL;
 853                 }
 854         }
 855         return 0;
 856 }
 857 
 858 /*
 859  * datablob_parse - parse the keyctl data and fill in the
 860  *                  payload and options structures
 861  *
 862  * On success returns 0, otherwise -EINVAL.
 863  */
 864 static int datablob_parse(char *datablob, struct trusted_key_payload *p,
 865                           struct trusted_key_options *o)
 866 {
 867         substring_t args[MAX_OPT_ARGS];
 868         long keylen;
 869         int ret = -EINVAL;
 870         int key_cmd;
 871         char *c;
 872 
 873         /* main command */
 874         c = strsep(&datablob, " \t");
 875         if (!c)
 876                 return -EINVAL;
 877         key_cmd = match_token(c, key_tokens, args);
 878         switch (key_cmd) {
 879         case Opt_new:
 880                 /* first argument is key size */
 881                 c = strsep(&datablob, " \t");
 882                 if (!c)
 883                         return -EINVAL;
 884                 ret = kstrtol(c, 10, &keylen);
 885                 if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE)
 886                         return -EINVAL;
 887                 p->key_len = keylen;
 888                 ret = getoptions(datablob, p, o);
 889                 if (ret < 0)
 890                         return ret;
 891                 ret = Opt_new;
 892                 break;
 893         case Opt_load:
 894                 /* first argument is sealed blob */
 895                 c = strsep(&datablob, " \t");
 896                 if (!c)
 897                         return -EINVAL;
 898                 p->blob_len = strlen(c) / 2;
 899                 if (p->blob_len > MAX_BLOB_SIZE)
 900                         return -EINVAL;
 901                 ret = hex2bin(p->blob, c, p->blob_len);
 902                 if (ret < 0)
 903                         return -EINVAL;
 904                 ret = getoptions(datablob, p, o);
 905                 if (ret < 0)
 906                         return ret;
 907                 ret = Opt_load;
 908                 break;
 909         case Opt_update:
 910                 /* all arguments are options */
 911                 ret = getoptions(datablob, p, o);
 912                 if (ret < 0)
 913                         return ret;
 914                 ret = Opt_update;
 915                 break;
 916         case Opt_err:
 917                 return -EINVAL;
 918                 break;
 919         }
 920         return ret;
 921 }
 922 
 923 static struct trusted_key_options *trusted_options_alloc(void)
 924 {
 925         struct trusted_key_options *options;
 926         int tpm2;
 927 
 928         tpm2 = tpm_is_tpm2(chip);
 929         if (tpm2 < 0)
 930                 return NULL;
 931 
 932         options = kzalloc(sizeof *options, GFP_KERNEL);
 933         if (options) {
 934                 /* set any non-zero defaults */
 935                 options->keytype = SRK_keytype;
 936 
 937                 if (!tpm2)
 938                         options->keyhandle = SRKHANDLE;
 939         }
 940         return options;
 941 }
 942 
 943 static struct trusted_key_payload *trusted_payload_alloc(struct key *key)
 944 {
 945         struct trusted_key_payload *p = NULL;
 946         int ret;
 947 
 948         ret = key_payload_reserve(key, sizeof *p);
 949         if (ret < 0)
 950                 return p;
 951         p = kzalloc(sizeof *p, GFP_KERNEL);
 952         if (p)
 953                 p->migratable = 1; /* migratable by default */
 954         return p;
 955 }
 956 
 957 /*
 958  * trusted_instantiate - create a new trusted key
 959  *
 960  * Unseal an existing trusted blob or, for a new key, get a
 961  * random key, then seal and create a trusted key-type key,
 962  * adding it to the specified keyring.
 963  *
 964  * On success, return 0. Otherwise return errno.
 965  */
 966 static int trusted_instantiate(struct key *key,
 967                                struct key_preparsed_payload *prep)
 968 {
 969         struct trusted_key_payload *payload = NULL;
 970         struct trusted_key_options *options = NULL;
 971         size_t datalen = prep->datalen;
 972         char *datablob;
 973         int ret = 0;
 974         int key_cmd;
 975         size_t key_len;
 976         int tpm2;
 977 
 978         tpm2 = tpm_is_tpm2(chip);
 979         if (tpm2 < 0)
 980                 return tpm2;
 981 
 982         if (datalen <= 0 || datalen > 32767 || !prep->data)
 983                 return -EINVAL;
 984 
 985         datablob = kmalloc(datalen + 1, GFP_KERNEL);
 986         if (!datablob)
 987                 return -ENOMEM;
 988         memcpy(datablob, prep->data, datalen);
 989         datablob[datalen] = '\0';
 990 
 991         options = trusted_options_alloc();
 992         if (!options) {
 993                 ret = -ENOMEM;
 994                 goto out;
 995         }
 996         payload = trusted_payload_alloc(key);
 997         if (!payload) {
 998                 ret = -ENOMEM;
 999                 goto out;
1000         }
1001 
1002         key_cmd = datablob_parse(datablob, payload, options);
1003         if (key_cmd < 0) {
1004                 ret = key_cmd;
1005                 goto out;
1006         }
1007 
1008         if (!options->keyhandle) {
1009                 ret = -EINVAL;
1010                 goto out;
1011         }
1012 
1013         dump_payload(payload);
1014         dump_options(options);
1015 
1016         switch (key_cmd) {
1017         case Opt_load:
1018                 if (tpm2)
1019                         ret = tpm_unseal_trusted(chip, payload, options);
1020                 else
1021                         ret = key_unseal(payload, options);
1022                 dump_payload(payload);
1023                 dump_options(options);
1024                 if (ret < 0)
1025                         pr_info("trusted_key: key_unseal failed (%d)\n", ret);
1026                 break;
1027         case Opt_new:
1028                 key_len = payload->key_len;
1029                 ret = tpm_get_random(chip, payload->key, key_len);
1030                 if (ret != key_len) {
1031                         pr_info("trusted_key: key_create failed (%d)\n", ret);
1032                         goto out;
1033                 }
1034                 if (tpm2)
1035                         ret = tpm_seal_trusted(chip, payload, options);
1036                 else
1037                         ret = key_seal(payload, options);
1038                 if (ret < 0)
1039                         pr_info("trusted_key: key_seal failed (%d)\n", ret);
1040                 break;
1041         default:
1042                 ret = -EINVAL;
1043                 goto out;
1044         }
1045         if (!ret && options->pcrlock)
1046                 ret = pcrlock(options->pcrlock);
1047 out:
1048         kzfree(datablob);
1049         kzfree(options);
1050         if (!ret)
1051                 rcu_assign_keypointer(key, payload);
1052         else
1053                 kzfree(payload);
1054         return ret;
1055 }
1056 
1057 static void trusted_rcu_free(struct rcu_head *rcu)
1058 {
1059         struct trusted_key_payload *p;
1060 
1061         p = container_of(rcu, struct trusted_key_payload, rcu);
1062         kzfree(p);
1063 }
1064 
1065 /*
1066  * trusted_update - reseal an existing key with new PCR values
1067  */
1068 static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
1069 {
1070         struct trusted_key_payload *p;
1071         struct trusted_key_payload *new_p;
1072         struct trusted_key_options *new_o;
1073         size_t datalen = prep->datalen;
1074         char *datablob;
1075         int ret = 0;
1076 
1077         if (key_is_negative(key))
1078                 return -ENOKEY;
1079         p = key->payload.data[0];
1080         if (!p->migratable)
1081                 return -EPERM;
1082         if (datalen <= 0 || datalen > 32767 || !prep->data)
1083                 return -EINVAL;
1084 
1085         datablob = kmalloc(datalen + 1, GFP_KERNEL);
1086         if (!datablob)
1087                 return -ENOMEM;
1088         new_o = trusted_options_alloc();
1089         if (!new_o) {
1090                 ret = -ENOMEM;
1091                 goto out;
1092         }
1093         new_p = trusted_payload_alloc(key);
1094         if (!new_p) {
1095                 ret = -ENOMEM;
1096                 goto out;
1097         }
1098 
1099         memcpy(datablob, prep->data, datalen);
1100         datablob[datalen] = '\0';
1101         ret = datablob_parse(datablob, new_p, new_o);
1102         if (ret != Opt_update) {
1103                 ret = -EINVAL;
1104                 kzfree(new_p);
1105                 goto out;
1106         }
1107 
1108         if (!new_o->keyhandle) {
1109                 ret = -EINVAL;
1110                 kzfree(new_p);
1111                 goto out;
1112         }
1113 
1114         /* copy old key values, and reseal with new pcrs */
1115         new_p->migratable = p->migratable;
1116         new_p->key_len = p->key_len;
1117         memcpy(new_p->key, p->key, p->key_len);
1118         dump_payload(p);
1119         dump_payload(new_p);
1120 
1121         ret = key_seal(new_p, new_o);
1122         if (ret < 0) {
1123                 pr_info("trusted_key: key_seal failed (%d)\n", ret);
1124                 kzfree(new_p);
1125                 goto out;
1126         }
1127         if (new_o->pcrlock) {
1128                 ret = pcrlock(new_o->pcrlock);
1129                 if (ret < 0) {
1130                         pr_info("trusted_key: pcrlock failed (%d)\n", ret);
1131                         kzfree(new_p);
1132                         goto out;
1133                 }
1134         }
1135         rcu_assign_keypointer(key, new_p);
1136         call_rcu(&p->rcu, trusted_rcu_free);
1137 out:
1138         kzfree(datablob);
1139         kzfree(new_o);
1140         return ret;
1141 }
1142 
1143 /*
1144  * trusted_read - copy the sealed blob data to userspace in hex.
1145  * On success, return to userspace the trusted key datablob size.
1146  */
1147 static long trusted_read(const struct key *key, char *buffer,
1148                          size_t buflen)
1149 {
1150         const struct trusted_key_payload *p;
1151         char *bufp;
1152         int i;
1153 
1154         p = dereference_key_locked(key);
1155         if (!p)
1156                 return -EINVAL;
1157 
1158         if (buffer && buflen >= 2 * p->blob_len) {
1159                 bufp = buffer;
1160                 for (i = 0; i < p->blob_len; i++)
1161                         bufp = hex_byte_pack(bufp, p->blob[i]);
1162         }
1163         return 2 * p->blob_len;
1164 }
1165 
1166 /*
1167  * trusted_destroy - clear and free the key's payload
1168  */
1169 static void trusted_destroy(struct key *key)
1170 {
1171         kzfree(key->payload.data[0]);
1172 }
1173 
1174 struct key_type key_type_trusted = {
1175         .name = "trusted",
1176         .instantiate = trusted_instantiate,
1177         .update = trusted_update,
1178         .destroy = trusted_destroy,
1179         .describe = user_describe,
1180         .read = trusted_read,
1181 };
1182 
1183 EXPORT_SYMBOL_GPL(key_type_trusted);
1184 
1185 static void trusted_shash_release(void)
1186 {
1187         if (hashalg)
1188                 crypto_free_shash(hashalg);
1189         if (hmacalg)
1190                 crypto_free_shash(hmacalg);
1191 }
1192 
1193 static int __init trusted_shash_alloc(void)
1194 {
1195         int ret;
1196 
1197         hmacalg = crypto_alloc_shash(hmac_alg, 0, 0);
1198         if (IS_ERR(hmacalg)) {
1199                 pr_info("trusted_key: could not allocate crypto %s\n",
1200                         hmac_alg);
1201                 return PTR_ERR(hmacalg);
1202         }
1203 
1204         hashalg = crypto_alloc_shash(hash_alg, 0, 0);
1205         if (IS_ERR(hashalg)) {
1206                 pr_info("trusted_key: could not allocate crypto %s\n",
1207                         hash_alg);
1208                 ret = PTR_ERR(hashalg);
1209                 goto hashalg_fail;
1210         }
1211 
1212         return 0;
1213 
1214 hashalg_fail:
1215         crypto_free_shash(hmacalg);
1216         return ret;
1217 }
1218 
1219 static int __init init_digests(void)
1220 {
1221         int i;
1222 
1223         digests = kcalloc(chip->nr_allocated_banks, sizeof(*digests),
1224                           GFP_KERNEL);
1225         if (!digests)
1226                 return -ENOMEM;
1227 
1228         for (i = 0; i < chip->nr_allocated_banks; i++)
1229                 digests[i].alg_id = chip->allocated_banks[i].alg_id;
1230 
1231         return 0;
1232 }
1233 
1234 static int __init init_trusted(void)
1235 {
1236         int ret;
1237 
1238         /* encrypted_keys.ko depends on successful load of this module even if
1239          * TPM is not used.
1240          */
1241         chip = tpm_default_chip();
1242         if (!chip)
1243                 return 0;
1244 
1245         ret = init_digests();
1246         if (ret < 0)
1247                 goto err_put;
1248         ret = trusted_shash_alloc();
1249         if (ret < 0)
1250                 goto err_free;
1251         ret = register_key_type(&key_type_trusted);
1252         if (ret < 0)
1253                 goto err_release;
1254         return 0;
1255 err_release:
1256         trusted_shash_release();
1257 err_free:
1258         kfree(digests);
1259 err_put:
1260         put_device(&chip->dev);
1261         return ret;
1262 }
1263 
1264 static void __exit cleanup_trusted(void)
1265 {
1266         if (chip) {
1267                 put_device(&chip->dev);
1268                 kfree(digests);
1269                 trusted_shash_release();
1270                 unregister_key_type(&key_type_trusted);
1271         }
1272 }
1273 
1274 late_initcall(init_trusted);
1275 module_exit(cleanup_trusted);
1276 
1277 MODULE_LICENSE("GPL");

/* [<][>][^][v][top][bottom][index][help] */