15 #include <linux/module.h>
17 #include <linux/slab.h>
19 #include <linux/string.h>
27 #include <crypto/sha.h>
28 #include <linux/capability.h>
34 static const char hmac_alg[] =
"hmac(sha1)";
35 static const char hash_alg[] =
"sha1";
50 size =
sizeof(
struct shash_desc) + crypto_shash_descsize(alg);
54 sdesc->shash.tfm = alg;
55 sdesc->shash.flags = 0x0;
59 static int TSS_sha1(
const unsigned char *
data,
unsigned int datalen,
65 sdesc = init_sdesc(hashalg);
68 return PTR_ERR(sdesc);
76 static int TSS_rawhmac(
unsigned char *digest,
const unsigned char *
key,
77 unsigned int keylen, ...)
85 sdesc = init_sdesc(hmacalg);
87 pr_info(
"trusted_key: can't alloc %s\n", hmac_alg);
88 return PTR_ERR(sdesc);
94 ret = crypto_shash_init(&sdesc->
shash);
100 dlen =
va_arg(argp,
unsigned int);
103 data =
va_arg(argp,
unsigned char *);
123 static int TSS_authhmac(
unsigned char *digest,
const unsigned char *key,
124 unsigned int keylen,
unsigned char *h1,
125 unsigned char *h2,
unsigned char h3, ...)
135 sdesc = init_sdesc(hashalg);
138 return PTR_ERR(sdesc);
142 ret = crypto_shash_init(&sdesc->
shash);
147 dlen =
va_arg(argp,
unsigned int);
150 data =
va_arg(argp,
unsigned char *);
174 static int TSS_checkhmac1(
unsigned char *
buffer,
176 const unsigned char *ononce,
177 const unsigned char *key,
178 unsigned int keylen, ...)
184 unsigned char *enonce;
185 unsigned char *continueflag;
186 unsigned char *authdata;
204 continueflag = authdata - 1;
207 sdesc = init_sdesc(hashalg);
210 return PTR_ERR(sdesc);
212 ret = crypto_shash_init(&sdesc->
shash);
225 dlen =
va_arg(argp,
unsigned int);
228 dpos =
va_arg(argp,
unsigned int);
239 ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest,
240 TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce,
241 1, continueflag, 0, 0);
245 if (
memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
255 static int TSS_checkhmac2(
unsigned char *buffer,
257 const unsigned char *ononce,
258 const unsigned char *key1,
259 unsigned int keylen1,
260 const unsigned char *key2,
261 unsigned int keylen2, ...)
267 unsigned char *enonce1;
268 unsigned char *continueflag1;
269 unsigned char *authdata1;
270 unsigned char *enonce2;
271 unsigned char *continueflag2;
272 unsigned char *authdata2;
291 authdata1 = buffer + bufsize - (SHA1_DIGEST_SIZE + 1
294 continueflag1 = authdata1 - 1;
295 continueflag2 = authdata2 - 1;
299 sdesc = init_sdesc(hashalg);
302 return PTR_ERR(sdesc);
304 ret = crypto_shash_init(&sdesc->
shash);
318 dlen =
va_arg(argp,
unsigned int);
321 dpos =
va_arg(argp,
unsigned int);
332 ret = TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE,
333 paramdigest, TPM_NONCE_SIZE, enonce1,
334 TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
337 if (
memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
341 ret = TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE,
342 paramdigest, TPM_NONCE_SIZE, enonce2,
343 TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
346 if (
memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
357 static int trusted_tpm_send(
const u32 chip_num,
unsigned char *
cmd,
363 rc =
tpm_send(chip_num, cmd, buflen);
377 static int pcrlock(
const int pcrnum)
385 if (ret != SHA1_DIGEST_SIZE)
401 if (ret != TPM_NONCE_SIZE)
410 storebytes(tb, ononce, TPM_NONCE_SIZE);
420 TPM_NONCE_SIZE]), TPM_NONCE_SIZE);
421 return TSS_rawhmac(s->
secret, key, SHA1_DIGEST_SIZE, TPM_NONCE_SIZE,
422 enonce, TPM_NONCE_SIZE, ononce, 0, 0);
459 uint32_t keyhandle,
const unsigned char *keyauth,
460 const unsigned char *data,
uint32_t datalen,
462 const unsigned char *blobauth,
463 const unsigned char *pcrinfo,
uint32_t pcrinfosize)
483 ret = osap(tb, &sess, keyauth, keytype, keyhandle);
496 if (ret != TPM_NONCE_SIZE)
499 datsize =
htonl(datalen);
500 pcrsize =
htonl(pcrinfosize);
508 if (pcrinfosize == 0) {
510 ret = TSS_authhmac(td->
pubauth, sess.
secret, SHA1_DIGEST_SIZE,
512 sizeof(
uint32_t), &ordinal, SHA1_DIGEST_SIZE,
514 sizeof(
uint32_t), &datsize, datalen, data, 0,
518 ret = TSS_authhmac(td->
pubauth, sess.
secret, SHA1_DIGEST_SIZE,
520 sizeof(
uint32_t), &ordinal, SHA1_DIGEST_SIZE,
522 pcrinfosize, pcrinfo,
sizeof(
uint32_t),
523 &datsize, datalen, data, 0, 0);
533 store32(tb, keyhandle);
534 storebytes(tb, td->
encauth, SHA1_DIGEST_SIZE);
535 store32(tb, pcrinfosize);
536 storebytes(tb, pcrinfo, pcrinfosize);
537 store32(tb, datalen);
538 storebytes(tb, data, datalen);
540 storebytes(tb, td->
nonceodd, TPM_NONCE_SIZE);
542 storebytes(tb, td->
pubauth, SHA1_DIGEST_SIZE);
563 *bloblen = storedsize;
573 static int tpm_unseal(
struct tpm_buf *tb,
574 uint32_t keyhandle,
const unsigned char *keyauth,
575 const unsigned char *blob,
int bloblen,
576 const unsigned char *blobauth,
577 unsigned char *data,
unsigned int *datalen)
586 unsigned char cont = 0;
592 ret = oiap(tb, &authhandle1, enonce1);
594 pr_info(
"trusted_key: oiap failed (%d)\n", ret);
597 ret = oiap(tb, &authhandle2, enonce2);
599 pr_info(
"trusted_key: oiap failed (%d)\n", ret);
606 if (ret != TPM_NONCE_SIZE) {
607 pr_info(
"trusted_key: tpm_get_random failed (%d)\n", ret);
610 ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE,
611 enonce1, nonceodd, cont,
sizeof(
uint32_t),
612 &ordinal, bloblen, blob, 0, 0);
615 ret = TSS_authhmac(authdata2, blobauth, TPM_NONCE_SIZE,
616 enonce2, nonceodd, cont,
sizeof(
uint32_t),
617 &ordinal, bloblen, blob, 0, 0);
626 store32(tb, keyhandle);
627 storebytes(tb, blob, bloblen);
628 store32(tb, authhandle1);
629 storebytes(tb, nonceodd, TPM_NONCE_SIZE);
631 storebytes(tb, authdata1, SHA1_DIGEST_SIZE);
632 store32(tb, authhandle2);
633 storebytes(tb, nonceodd, TPM_NONCE_SIZE);
635 storebytes(tb, authdata2, SHA1_DIGEST_SIZE);
639 pr_info(
"trusted_key: authhmac failed (%d)\n", ret);
644 ret = TSS_checkhmac2(tb->
data, ordinal, nonceodd,
645 keyauth, SHA1_DIGEST_SIZE,
646 blobauth, SHA1_DIGEST_SIZE,
651 pr_info(
"trusted_key: TSS_checkhmac2 failed (%d)\n", ret);
678 pr_info(
"trusted_key: srkseal failed (%d)\n", ret);
700 pr_info(
"trusted_key: srkunseal failed (%d)\n", ret);
740 while ((p =
strsep(&c,
" \t"))) {
741 if (*p ==
'\0' || *p ==
' ' || *p ==
'\t')
763 if (
strlen(args[0].
from) != 2 * SHA1_DIGEST_SIZE)
771 if (
strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
779 if (*args[0].from ==
'0')
813 c =
strsep(&datablob,
" \t");
820 c =
strsep(&datablob,
" \t");
824 if (ret < 0 || keylen < MIN_KEY_SIZE || keylen >
MAX_KEY_SIZE)
827 ret = getoptions(datablob, p, o);
834 c =
strsep(&datablob,
" \t");
843 ret = getoptions(datablob, p, o);
850 ret = getoptions(datablob, p, o);
866 options = kzalloc(
sizeof *options,
GFP_KERNEL);
898 static int trusted_instantiate(
struct key *key,
899 struct key_preparsed_payload *prep)
903 size_t datalen = prep->datalen;
909 if (datalen <= 0 || datalen > 32767 || !prep->data)
915 memcpy(datablob, prep->data, datalen);
918 options = trusted_options_alloc();
923 payload = trusted_payload_alloc(key);
929 key_cmd = datablob_parse(datablob, payload, options);
935 dump_payload(payload);
936 dump_options(options);
940 ret = key_unseal(payload, options);
941 dump_payload(payload);
942 dump_options(options);
944 pr_info(
"trusted_key: key_unseal failed (%d)\n", ret);
949 if (ret != key_len) {
950 pr_info(
"trusted_key: key_create failed (%d)\n", ret);
953 ret = key_seal(payload, options);
955 pr_info(
"trusted_key: key_seal failed (%d)\n", ret);
967 rcu_assign_keypointer(key, payload);
973 static void trusted_rcu_free(
struct rcu_head *rcu)
985 static int trusted_update(
struct key *key,
struct key_preparsed_payload *prep)
990 size_t datalen = prep->datalen;
996 if (datalen <= 0 || datalen > 32767 || !prep->data)
1002 new_o = trusted_options_alloc();
1007 new_p = trusted_payload_alloc(key);
1013 memcpy(datablob, prep->data, datalen);
1015 ret = datablob_parse(datablob, new_p, new_o);
1026 dump_payload(new_p);
1028 ret = key_seal(new_p, new_o);
1030 pr_info(
"trusted_key: key_seal failed (%d)\n", ret);
1037 pr_info(
"trusted_key: pcrlock failed (%d)\n", ret);
1042 rcu_assign_keypointer(key, new_p);
1054 static long trusted_read(
const struct key *key,
char __user *buffer,
1062 p = rcu_dereference_key(key);
1065 if (!buffer || buflen <= 0)
1073 bufp = hex_byte_pack(bufp, p->
blob[i]);
1085 static void trusted_destroy(
struct key *key)
1092 kfree(key->payload.data);
1097 .instantiate = trusted_instantiate,
1098 .update = trusted_update,
1100 .destroy = trusted_destroy,
1102 .read = trusted_read,
1107 static void trusted_shash_release(
void)
1110 crypto_free_shash(hashalg);
1112 crypto_free_shash(hmacalg);
1115 static int __init trusted_shash_alloc(
void)
1120 if (IS_ERR(hmacalg)) {
1121 pr_info(
"trusted_key: could not allocate crypto %s\n",
1123 return PTR_ERR(hmacalg);
1127 if (IS_ERR(hashalg)) {
1128 pr_info(
"trusted_key: could not allocate crypto %s\n",
1130 ret = PTR_ERR(hashalg);
1137 crypto_free_shash(hmacalg);
1141 static int __init init_trusted(
void)
1145 ret = trusted_shash_alloc();
1150 trusted_shash_release();
1154 static void __exit cleanup_trusted(
void)
1156 trusted_shash_release();