From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Peter Huewe <peterhuewe@gmx.de>,
Marcel Selhorst <tpmdd@selhorst.net>,
David Howells <dhowells@redhat.com>,
Jonathan Corbet <corbet@lwn.net>,
David Safford <safford@us.ibm.com>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"open list:KEYS-ENCRYPTED"
<linux-security-module@vger.kernel.org>,
"open list:KEYS-ENCRYPTED" <keyrings@vger.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>,
"moderated list:TPM DEVICE DRIVER"
<tpmdd-devel@lists.sourceforge.net>
Subject: Re: [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy
Date: Mon, 14 Dec 2015 08:49:00 -0500 [thread overview]
Message-ID: <1450100940.2702.44.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <1450021353-8775-4-git-send-email-jarkko.sakkinen@linux.intel.com>
On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote:
> TPM2 supports authorization policies, which are essentially
> combinational logic statements repsenting the conditions where the data
> can be unsealed based on the TPM state. This patch enables to use
> authorization policies to seal trusted keys.
>
> Two following new options have been added for trusted keys:
>
> * 'policydigest=': provide an auth policy digest for sealing.
> * 'policyhandle=': provide a policy session handle for unsealing.
>
> If 'hash=' option is supplied after 'policydigest=' option, this
> will result an error because the state of the option would become
> mixed.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> Tested-by: Colin Ian King <colin.king@canonical.com>
> ---
> Documentation/security/keys-trusted-encrypted.txt | 34 +++++++++++++----------
> drivers/char/tpm/tpm2-cmd.c | 24 +++++++++++++---
> include/keys/trusted-type.h | 4 +++
> security/keys/trusted.c | 26 +++++++++++++++++
> 4 files changed, 70 insertions(+), 18 deletions(-)
>
> diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt
> index fd2565b..324ddf5 100644
> --- a/Documentation/security/keys-trusted-encrypted.txt
> +++ b/Documentation/security/keys-trusted-encrypted.txt
> @@ -27,20 +27,26 @@ Usage:
> keyctl print keyid
>
> options:
> - keyhandle= ascii hex value of sealing key default 0x40000000 (SRK)
> - keyauth= ascii hex auth for sealing key default 0x00...i
> - (40 ascii zeros)
> - blobauth= ascii hex auth for sealed data default 0x00...
> - (40 ascii zeros)
> - blobauth= ascii hex auth for sealed data default 0x00...
> - (40 ascii zeros)
> - pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> - pcrlock= pcr number to be extended to "lock" blob
> - migratable= 0|1 indicating permission to reseal to new PCR values,
> - default 1 (resealing allowed)
> - hash= hash algorithm name as a string. For TPM 1.x the only
> - allowed value is sha1. For TPM 2.x the allowed values
> - are sha1, sha256, sha384, sha512 and sm3-256.
> + keyhandle= ascii hex value of sealing key default 0x40000000 (SRK)
> + keyauth= ascii hex auth for sealing key default 0x00...i
> + (40 ascii zeros)
> + blobauth= ascii hex auth for sealed data default 0x00...
> + (40 ascii zeros)
> + blobauth= ascii hex auth for sealed data default 0x00...
> + (40 ascii zeros)
> + pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> + pcrlock= pcr number to be extended to "lock" blob
> + migratable= 0|1 indicating permission to reseal to new PCR values,
> + default 1 (resealing allowed)
> + hash= hash algorithm name as a string. For TPM 1.x the only
> + allowed value is sha1. For TPM 2.x the allowed values
> + are sha1, sha256, sha384, sha512 and sm3-256.
> + policydigest= digest for the authorization policy. must be calculated
> + with the same hash algorithm as specified by the 'hash='
> + option.
> + policyhandle= handle to an authorization policy session that defines the
> + same policy and with the same hash algorithm as was used to
> + seal the key.
>
> "keyctl print" returns an ascii hex copy of the sealed key, which is in standard
> TPM_STORED_DATA format. The key length for new keys are always in bytes.
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index d9d0822..45a6340 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -478,12 +478,26 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> tpm_buf_append_u8(&buf, payload->migratable);
>
> /* public */
> - tpm_buf_append_u16(&buf, 14);
> + if (options->policydigest)
> + tpm_buf_append_u16(&buf, 14 + options->digest_len);
> + else
> + tpm_buf_append_u16(&buf, 14);
>
> tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
> tpm_buf_append_u16(&buf, hash);
> - tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
> - tpm_buf_append_u16(&buf, 0); /* policy digest size */
> +
> + /* policy */
> + if (options->policydigest) {
> + tpm_buf_append_u32(&buf, 0);
> + tpm_buf_append_u16(&buf, options->digest_len);
> + tpm_buf_append(&buf, options->policydigest,
> + options->digest_len);
> + } else {
> + tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
> + tpm_buf_append_u16(&buf, 0);
> + }
> +
> + /* public parameters */
> tpm_buf_append_u16(&buf, TPM2_ALG_NULL);
> tpm_buf_append_u16(&buf, 0);
>
> @@ -613,7 +627,9 @@ static int tpm2_unseal(struct tpm_chip *chip,
> return rc;
>
> tpm_buf_append_u32(&buf, blob_handle);
> - tpm2_buf_append_auth(&buf, TPM2_RS_PW,
> + tpm2_buf_append_auth(&buf,
> + options->policyhandle ?
> + options->policyhandle : TPM2_RS_PW,
> NULL /* nonce */, 0,
> 0 /* session_attributes */,
> options->blobauth /* hmac */,
> diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
> index a6a1008..42cf2d9 100644
> --- a/include/keys/trusted-type.h
> +++ b/include/keys/trusted-type.h
> @@ -18,6 +18,7 @@
> #define MAX_KEY_SIZE 128
> #define MAX_BLOB_SIZE 512
> #define MAX_PCRINFO_SIZE 64
> +#define MAX_DIGEST_SIZE 64
>
> struct trusted_key_payload {
> struct rcu_head rcu;
> @@ -37,6 +38,9 @@ struct trusted_key_options {
> unsigned char pcrinfo[MAX_PCRINFO_SIZE];
> int pcrlock;
> uint32_t hash;
> + uint32_t digest_len;
> + unsigned char policydigest[MAX_DIGEST_SIZE];
> + uint32_t policyhandle;
> };
>
> extern struct key_type key_type_trusted;
> diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> index 8f1300c..e15baf7 100644
> --- a/security/keys/trusted.c
> +++ b/security/keys/trusted.c
> @@ -713,6 +713,8 @@ enum {
> Opt_keyhandle, Opt_keyauth, Opt_blobauth,
> Opt_pcrinfo, Opt_pcrlock, Opt_migratable,
> Opt_hash,
> + Opt_policydigest,
> + Opt_policyhandle,
> };
>
> static const match_table_t key_tokens = {
> @@ -726,6 +728,8 @@ static const match_table_t key_tokens = {
> {Opt_pcrlock, "pcrlock=%s"},
> {Opt_migratable, "migratable=%s"},
> {Opt_hash, "hash=%s"},
> + {Opt_policydigest, "policydigest=%s"},
> + {Opt_policyhandle, "policyhandle=%s"},
> {Opt_err, NULL}
> };
>
> @@ -748,6 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> return tpm2;
>
> opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1;
> + opt->digest_len = hash_digest_size[opt->hash];
>
> while ((p = strsep(&c, " \t"))) {
> if (*p == '\0' || *p == ' ' || *p == '\t')
> @@ -802,9 +807,13 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> opt->pcrlock = lock;
> break;
> case Opt_hash:
> + if (test_bit(Opt_policydigest, &token_mask))
> + return -EINVAL;
Thanks! Definitely better than having the test at the end of the while
loop.
Mimi
> for (i = 0; i < HASH_ALGO__LAST; i++) {
> if (!strcmp(args[0].from, hash_algo_name[i])) {
> opt->hash = i;
> + opt->digest_len =
> + hash_digest_size[opt->hash];
> break;
> }
> }
> @@ -815,6 +824,23 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> return -EINVAL;
> }
> break;
> + case Opt_policydigest:
> + if (!tpm2 ||
> + strlen(args[0].from) != (2 * opt->digest_len))
> + return -EINVAL;
> + res = hex2bin(opt->policydigest, args[0].from,
> + opt->digest_len);
> + if (res < 0)
> + return -EINVAL;
> + break;
> + case Opt_policyhandle:
> + if (!tpm2)
> + return -EINVAL;
> + res = kstrtoul(args[0].from, 16, &handle);
> + if (res < 0)
> + return -EINVAL;
> + opt->policyhandle = handle;
> + break;
> default:
> return -EINVAL;
> }
next prev parent reply other threads:[~2015-12-14 13:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-13 15:42 [PATCH v2 0/3] TPM 2.0 trusted key features for v4.5 Jarkko Sakkinen
2015-12-13 15:42 ` [PATCH v2 1/3] keys, trusted: fix: *do not* allow duplicate key options Jarkko Sakkinen
2015-12-14 13:46 ` Mimi Zohar
2015-12-14 14:54 ` Jarkko Sakkinen
2015-12-13 15:42 ` [PATCH v2 2/3] keys, trusted: select hash algorithm for TPM2 chips Jarkko Sakkinen
2015-12-13 15:42 ` [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy Jarkko Sakkinen
2015-12-14 13:49 ` Mimi Zohar [this message]
2015-12-14 14:56 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1450100940.2702.44.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=james.l.morris@oracle.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgunthorpe@obsidianresearch.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=safford@us.ibm.com \
--cc=serge@hallyn.com \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tpmdd@selhorst.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox