1
2#define pr_fmt(fmt) "ASYM-TPM: "fmt
3#include <linux/slab.h>
4#include <linux/module.h>
5#include <linux/export.h>
6#include <linux/kernel.h>
7#include <linux/seq_file.h>
8#include <linux/scatterlist.h>
9#include <linux/tpm.h>
10#include <linux/tpm_command.h>
11#include <crypto/akcipher.h>
12#include <crypto/hash.h>
13#include <crypto/sha1.h>
14#include <asm/unaligned.h>
15#include <keys/asymmetric-subtype.h>
16#include <keys/trusted_tpm.h>
17#include <crypto/asym_tpm_subtype.h>
18#include <crypto/public_key.h>
19
20#define TPM_ORD_FLUSHSPECIFIC 186
21#define TPM_ORD_LOADKEY2 65
22#define TPM_ORD_UNBIND 30
23#define TPM_ORD_SIGN 60
24
25#define TPM_RT_KEY 0x00000001
26
27
28
29
30static int tpm_loadkey2(struct tpm_buf *tb,
31 uint32_t keyhandle, unsigned char *keyauth,
32 const unsigned char *keyblob, int keybloblen,
33 uint32_t *newhandle)
34{
35 unsigned char nonceodd[TPM_NONCE_SIZE];
36 unsigned char enonce[TPM_NONCE_SIZE];
37 unsigned char authdata[SHA1_DIGEST_SIZE];
38 uint32_t authhandle = 0;
39 unsigned char cont = 0;
40 uint32_t ordinal;
41 int ret;
42
43 ordinal = htonl(TPM_ORD_LOADKEY2);
44
45
46 ret = oiap(tb, &authhandle, enonce);
47 if (ret < 0) {
48 pr_info("oiap failed (%d)\n", ret);
49 return ret;
50 }
51
52
53 ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
54 if (ret < 0) {
55 pr_info("tpm_get_random failed (%d)\n", ret);
56 return ret;
57 }
58
59
60 ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
61 nonceodd, cont, sizeof(uint32_t), &ordinal,
62 keybloblen, keyblob, 0, 0);
63 if (ret < 0)
64 return ret;
65
66
67 tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_LOADKEY2);
68 tpm_buf_append_u32(tb, keyhandle);
69 tpm_buf_append(tb, keyblob, keybloblen);
70 tpm_buf_append_u32(tb, authhandle);
71 tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);
72 tpm_buf_append_u8(tb, cont);
73 tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);
74
75 ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
76 if (ret < 0) {
77 pr_info("authhmac failed (%d)\n", ret);
78 return ret;
79 }
80
81 ret = TSS_checkhmac1(tb->data, ordinal, nonceodd, keyauth,
82 SHA1_DIGEST_SIZE, 0, 0);
83 if (ret < 0) {
84 pr_info("TSS_checkhmac1 failed (%d)\n", ret);
85 return ret;
86 }
87
88 *newhandle = LOAD32(tb->data, TPM_DATA_OFFSET);
89 return 0;
90}
91
92
93
94
95static int tpm_flushspecific(struct tpm_buf *tb, uint32_t handle)
96{
97 tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_FLUSHSPECIFIC);
98 tpm_buf_append_u32(tb, handle);
99 tpm_buf_append_u32(tb, TPM_RT_KEY);
100
101 return trusted_tpm_send(tb->data, MAX_BUF_SIZE);
102}
103
104
105
106
107
108static int tpm_unbind(struct tpm_buf *tb,
109 uint32_t keyhandle, unsigned char *keyauth,
110 const unsigned char *blob, uint32_t bloblen,
111 void *out, uint32_t outlen)
112{
113 unsigned char nonceodd[TPM_NONCE_SIZE];
114 unsigned char enonce[TPM_NONCE_SIZE];
115 unsigned char authdata[SHA1_DIGEST_SIZE];
116 uint32_t authhandle = 0;
117 unsigned char cont = 0;
118 uint32_t ordinal;
119 uint32_t datalen;
120 int ret;
121
122 ordinal = htonl(TPM_ORD_UNBIND);
123 datalen = htonl(bloblen);
124
125
126 ret = oiap(tb, &authhandle, enonce);
127 if (ret < 0) {
128 pr_info("oiap failed (%d)\n", ret);
129 return ret;
130 }
131
132
133 ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
134 if (ret < 0) {
135 pr_info("tpm_get_random failed (%d)\n", ret);
136 return ret;
137 }
138
139
140 ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
141 nonceodd, cont, sizeof(uint32_t), &ordinal,
142 sizeof(uint32_t), &datalen,
143 bloblen, blob, 0, 0);
144 if (ret < 0)
145 return ret;
146
147
148 tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_UNBIND);
149 tpm_buf_append_u32(tb, keyhandle);
150 tpm_buf_append_u32(tb, bloblen);
151 tpm_buf_append(tb, blob, bloblen);
152 tpm_buf_append_u32(tb, authhandle);
153 tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);
154 tpm_buf_append_u8(tb, cont);
155 tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);
156
157 ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
158 if (ret < 0) {
159 pr_info("authhmac failed (%d)\n", ret);
160 return ret;
161 }
162
163 datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
164
165 ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
166 keyauth, SHA1_DIGEST_SIZE,
167 sizeof(uint32_t), TPM_DATA_OFFSET,
168 datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
169 0, 0);
170 if (ret < 0) {
171 pr_info("TSS_checkhmac1 failed (%d)\n", ret);
172 return ret;
173 }
174
175 memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
176 min(outlen, datalen));
177
178 return datalen;
179}
180
181
182
183
184
185
186
187
188
189
190
191static int tpm_sign(struct tpm_buf *tb,
192 uint32_t keyhandle, unsigned char *keyauth,
193 const unsigned char *blob, uint32_t bloblen,
194 void *out, uint32_t outlen)
195{
196 unsigned char nonceodd[TPM_NONCE_SIZE];
197 unsigned char enonce[TPM_NONCE_SIZE];
198 unsigned char authdata[SHA1_DIGEST_SIZE];
199 uint32_t authhandle = 0;
200 unsigned char cont = 0;
201 uint32_t ordinal;
202 uint32_t datalen;
203 int ret;
204
205 ordinal = htonl(TPM_ORD_SIGN);
206 datalen = htonl(bloblen);
207
208
209 ret = oiap(tb, &authhandle, enonce);
210 if (ret < 0) {
211 pr_info("oiap failed (%d)\n", ret);
212 return ret;
213 }
214
215
216 ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
217 if (ret < 0) {
218 pr_info("tpm_get_random failed (%d)\n", ret);
219 return ret;
220 }
221
222
223 ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
224 nonceodd, cont, sizeof(uint32_t), &ordinal,
225 sizeof(uint32_t), &datalen,
226 bloblen, blob, 0, 0);
227 if (ret < 0)
228 return ret;
229
230
231 tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_SIGN);
232 tpm_buf_append_u32(tb, keyhandle);
233 tpm_buf_append_u32(tb, bloblen);
234 tpm_buf_append(tb, blob, bloblen);
235 tpm_buf_append_u32(tb, authhandle);
236 tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);
237 tpm_buf_append_u8(tb, cont);
238 tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);
239
240 ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
241 if (ret < 0) {
242 pr_info("authhmac failed (%d)\n", ret);
243 return ret;
244 }
245
246 datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
247
248 ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
249 keyauth, SHA1_DIGEST_SIZE,
250 sizeof(uint32_t), TPM_DATA_OFFSET,
251 datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
252 0, 0);
253 if (ret < 0) {
254 pr_info("TSS_checkhmac1 failed (%d)\n", ret);
255 return ret;
256 }
257
258 memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
259 min(datalen, outlen));
260
261 return datalen;
262}
263
264
265#define SETKEY_PARAMS_SIZE (sizeof(u32) * 2)
266
267
268
269
270
271
272
273
274
275
276
277
278
279#define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3 + SETKEY_PARAMS_SIZE)
280
281
282
283
284static void asym_tpm_describe(const struct key *asymmetric_key,
285 struct seq_file *m)
286{
287 struct tpm_key *tk = asymmetric_key->payload.data[asym_crypto];
288
289 if (!tk)
290 return;
291
292 seq_printf(m, "TPM1.2/Blob");
293}
294
295static void asym_tpm_destroy(void *payload0, void *payload3)
296{
297 struct tpm_key *tk = payload0;
298
299 if (!tk)
300 return;
301
302 kfree(tk->blob);
303 tk->blob_len = 0;
304
305 kfree(tk);
306}
307
308
309static inline uint32_t definite_length(uint32_t len)
310{
311 if (len <= 127)
312 return 1;
313 if (len <= 255)
314 return 2;
315 return 3;
316}
317
318static inline uint8_t *encode_tag_length(uint8_t *buf, uint8_t tag,
319 uint32_t len)
320{
321 *buf++ = tag;
322
323 if (len <= 127) {
324 buf[0] = len;
325 return buf + 1;
326 }
327
328 if (len <= 255) {
329 buf[0] = 0x81;
330 buf[1] = len;
331 return buf + 2;
332 }
333
334 buf[0] = 0x82;
335 put_unaligned_be16(len, buf + 1);
336 return buf + 3;
337}
338
339static uint32_t derive_pub_key(const void *pub_key, uint32_t len, uint8_t *buf)
340{
341 uint8_t *cur = buf;
342 uint32_t n_len = definite_length(len) + 1 + len + 1;
343 uint32_t e_len = definite_length(3) + 1 + 3;
344 uint8_t e[3] = { 0x01, 0x00, 0x01 };
345
346
347 cur = encode_tag_length(cur, 0x30, n_len + e_len);
348
349 cur = encode_tag_length(cur, 0x02, len + 1);
350 cur[0] = 0x00;
351 memcpy(cur + 1, pub_key, len);
352 cur += len + 1;
353 cur = encode_tag_length(cur, 0x02, sizeof(e));
354 memcpy(cur, e, sizeof(e));
355 cur += sizeof(e);
356
357 memzero_explicit(cur, SETKEY_PARAMS_SIZE);
358
359 return cur - buf;
360}
361
362
363
364
365static int determine_akcipher(const char *encoding, const char *hash_algo,
366 char alg_name[CRYPTO_MAX_ALG_NAME])
367{
368 if (strcmp(encoding, "pkcs1") == 0) {
369 if (!hash_algo) {
370 strcpy(alg_name, "pkcs1pad(rsa)");
371 return 0;
372 }
373
374 if (snprintf(alg_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(rsa,%s)",
375 hash_algo) >= CRYPTO_MAX_ALG_NAME)
376 return -EINVAL;
377
378 return 0;
379 }
380
381 if (strcmp(encoding, "raw") == 0) {
382 strcpy(alg_name, "rsa");
383 return 0;
384 }
385
386 return -ENOPKG;
387}
388
389
390
391
392static int tpm_key_query(const struct kernel_pkey_params *params,
393 struct kernel_pkey_query *info)
394{
395 struct tpm_key *tk = params->key->payload.data[asym_crypto];
396 int ret;
397 char alg_name[CRYPTO_MAX_ALG_NAME];
398 struct crypto_akcipher *tfm;
399 uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
400 uint32_t der_pub_key_len;
401 int len;
402
403
404 ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
405 if (ret < 0)
406 return ret;
407
408 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
409 if (IS_ERR(tfm))
410 return PTR_ERR(tfm);
411
412 der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
413 der_pub_key);
414
415 ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
416 if (ret < 0)
417 goto error_free_tfm;
418
419 len = crypto_akcipher_maxsize(tfm);
420
421 info->key_size = tk->key_len;
422 info->max_data_size = tk->key_len / 8;
423 info->max_sig_size = len;
424 info->max_enc_size = len;
425 info->max_dec_size = tk->key_len / 8;
426
427 info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT |
428 KEYCTL_SUPPORTS_DECRYPT |
429 KEYCTL_SUPPORTS_VERIFY |
430 KEYCTL_SUPPORTS_SIGN;
431
432 ret = 0;
433error_free_tfm:
434 crypto_free_akcipher(tfm);
435 pr_devel("<==%s() = %d\n", __func__, ret);
436 return ret;
437}
438
439
440
441
442
443static int tpm_key_encrypt(struct tpm_key *tk,
444 struct kernel_pkey_params *params,
445 const void *in, void *out)
446{
447 char alg_name[CRYPTO_MAX_ALG_NAME];
448 struct crypto_akcipher *tfm;
449 struct akcipher_request *req;
450 struct crypto_wait cwait;
451 struct scatterlist in_sg, out_sg;
452 uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
453 uint32_t der_pub_key_len;
454 int ret;
455
456 pr_devel("==>%s()\n", __func__);
457
458 ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
459 if (ret < 0)
460 return ret;
461
462 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
463 if (IS_ERR(tfm))
464 return PTR_ERR(tfm);
465
466 der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
467 der_pub_key);
468
469 ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
470 if (ret < 0)
471 goto error_free_tfm;
472
473 ret = -ENOMEM;
474 req = akcipher_request_alloc(tfm, GFP_KERNEL);
475 if (!req)
476 goto error_free_tfm;
477
478 sg_init_one(&in_sg, in, params->in_len);
479 sg_init_one(&out_sg, out, params->out_len);
480 akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
481 params->out_len);
482 crypto_init_wait(&cwait);
483 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
484 CRYPTO_TFM_REQ_MAY_SLEEP,
485 crypto_req_done, &cwait);
486
487 ret = crypto_akcipher_encrypt(req);
488 ret = crypto_wait_req(ret, &cwait);
489
490 if (ret == 0)
491 ret = req->dst_len;
492
493 akcipher_request_free(req);
494error_free_tfm:
495 crypto_free_akcipher(tfm);
496 pr_devel("<==%s() = %d\n", __func__, ret);
497 return ret;
498}
499
500
501
502
503static int tpm_key_decrypt(struct tpm_key *tk,
504 struct kernel_pkey_params *params,
505 const void *in, void *out)
506{
507 struct tpm_buf tb;
508 uint32_t keyhandle;
509 uint8_t srkauth[SHA1_DIGEST_SIZE];
510 uint8_t keyauth[SHA1_DIGEST_SIZE];
511 int r;
512
513 pr_devel("==>%s()\n", __func__);
514
515 if (params->hash_algo)
516 return -ENOPKG;
517
518 if (strcmp(params->encoding, "pkcs1"))
519 return -ENOPKG;
520
521 r = tpm_buf_init(&tb, 0, 0);
522 if (r)
523 return r;
524
525
526 memset(srkauth, 0, sizeof(srkauth));
527
528 r = tpm_loadkey2(&tb, SRKHANDLE, srkauth,
529 tk->blob, tk->blob_len, &keyhandle);
530 if (r < 0) {
531 pr_devel("loadkey2 failed (%d)\n", r);
532 goto error;
533 }
534
535
536 memset(keyauth, 0, sizeof(keyauth));
537
538 r = tpm_unbind(&tb, keyhandle, keyauth,
539 in, params->in_len, out, params->out_len);
540 if (r < 0)
541 pr_devel("tpm_unbind failed (%d)\n", r);
542
543 if (tpm_flushspecific(&tb, keyhandle) < 0)
544 pr_devel("flushspecific failed (%d)\n", r);
545
546error:
547 tpm_buf_destroy(&tb);
548 pr_devel("<==%s() = %d\n", __func__, r);
549 return r;
550}
551
552
553
554
555static const u8 digest_info_md5[] = {
556 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
557 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05,
558 0x05, 0x00, 0x04, 0x10
559};
560
561static const u8 digest_info_sha1[] = {
562 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
563 0x2b, 0x0e, 0x03, 0x02, 0x1a,
564 0x05, 0x00, 0x04, 0x14
565};
566
567static const u8 digest_info_rmd160[] = {
568 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
569 0x2b, 0x24, 0x03, 0x02, 0x01,
570 0x05, 0x00, 0x04, 0x14
571};
572
573static const u8 digest_info_sha224[] = {
574 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
575 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
576 0x05, 0x00, 0x04, 0x1c
577};
578
579static const u8 digest_info_sha256[] = {
580 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
581 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
582 0x05, 0x00, 0x04, 0x20
583};
584
585static const u8 digest_info_sha384[] = {
586 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
587 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
588 0x05, 0x00, 0x04, 0x30
589};
590
591static const u8 digest_info_sha512[] = {
592 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
593 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
594 0x05, 0x00, 0x04, 0x40
595};
596
597static const struct asn1_template {
598 const char *name;
599 const u8 *data;
600 size_t size;
601} asn1_templates[] = {
602#define _(X) { #X, digest_info_##X, sizeof(digest_info_##X) }
603 _(md5),
604 _(sha1),
605 _(rmd160),
606 _(sha256),
607 _(sha384),
608 _(sha512),
609 _(sha224),
610 { NULL }
611#undef _
612};
613
614static const struct asn1_template *lookup_asn1(const char *name)
615{
616 const struct asn1_template *p;
617
618 for (p = asn1_templates; p->name; p++)
619 if (strcmp(name, p->name) == 0)
620 return p;
621 return NULL;
622}
623
624
625
626
627static int tpm_key_sign(struct tpm_key *tk,
628 struct kernel_pkey_params *params,
629 const void *in, void *out)
630{
631 struct tpm_buf tb;
632 uint32_t keyhandle;
633 uint8_t srkauth[SHA1_DIGEST_SIZE];
634 uint8_t keyauth[SHA1_DIGEST_SIZE];
635 void *asn1_wrapped = NULL;
636 uint32_t in_len = params->in_len;
637 int r;
638
639 pr_devel("==>%s()\n", __func__);
640
641 if (strcmp(params->encoding, "pkcs1"))
642 return -ENOPKG;
643
644 if (params->hash_algo) {
645 const struct asn1_template *asn1 =
646 lookup_asn1(params->hash_algo);
647
648 if (!asn1)
649 return -ENOPKG;
650
651
652 asn1_wrapped = kzalloc(in_len + asn1->size, GFP_KERNEL);
653 if (!asn1_wrapped)
654 return -ENOMEM;
655
656
657 memcpy(asn1_wrapped, asn1->data, asn1->size);
658 memcpy(asn1_wrapped + asn1->size, in, in_len);
659
660 in = asn1_wrapped;
661 in_len += asn1->size;
662 }
663
664 if (in_len > tk->key_len / 8 - 11) {
665 r = -EOVERFLOW;
666 goto error_free_asn1_wrapped;
667 }
668
669 r = tpm_buf_init(&tb, 0, 0);
670 if (r)
671 goto error_free_asn1_wrapped;
672
673
674 memset(srkauth, 0, sizeof(srkauth));
675
676 r = tpm_loadkey2(&tb, SRKHANDLE, srkauth,
677 tk->blob, tk->blob_len, &keyhandle);
678 if (r < 0) {
679 pr_devel("loadkey2 failed (%d)\n", r);
680 goto error_free_tb;
681 }
682
683
684 memset(keyauth, 0, sizeof(keyauth));
685
686 r = tpm_sign(&tb, keyhandle, keyauth, in, in_len, out, params->out_len);
687 if (r < 0)
688 pr_devel("tpm_sign failed (%d)\n", r);
689
690 if (tpm_flushspecific(&tb, keyhandle) < 0)
691 pr_devel("flushspecific failed (%d)\n", r);
692
693error_free_tb:
694 tpm_buf_destroy(&tb);
695error_free_asn1_wrapped:
696 kfree(asn1_wrapped);
697 pr_devel("<==%s() = %d\n", __func__, r);
698 return r;
699}
700
701
702
703
704static int tpm_key_eds_op(struct kernel_pkey_params *params,
705 const void *in, void *out)
706{
707 struct tpm_key *tk = params->key->payload.data[asym_crypto];
708 int ret = -EOPNOTSUPP;
709
710
711 switch (params->op) {
712 case kernel_pkey_encrypt:
713 ret = tpm_key_encrypt(tk, params, in, out);
714 break;
715 case kernel_pkey_decrypt:
716 ret = tpm_key_decrypt(tk, params, in, out);
717 break;
718 case kernel_pkey_sign:
719 ret = tpm_key_sign(tk, params, in, out);
720 break;
721 default:
722 BUG();
723 }
724
725 return ret;
726}
727
728
729
730
731static int tpm_key_verify_signature(const struct key *key,
732 const struct public_key_signature *sig)
733{
734 const struct tpm_key *tk = key->payload.data[asym_crypto];
735 struct crypto_wait cwait;
736 struct crypto_akcipher *tfm;
737 struct akcipher_request *req;
738 struct scatterlist src_sg[2];
739 char alg_name[CRYPTO_MAX_ALG_NAME];
740 uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
741 uint32_t der_pub_key_len;
742 int ret;
743
744 pr_devel("==>%s()\n", __func__);
745
746 BUG_ON(!tk);
747 BUG_ON(!sig);
748 BUG_ON(!sig->s);
749
750 if (!sig->digest)
751 return -ENOPKG;
752
753 ret = determine_akcipher(sig->encoding, sig->hash_algo, alg_name);
754 if (ret < 0)
755 return ret;
756
757 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
758 if (IS_ERR(tfm))
759 return PTR_ERR(tfm);
760
761 der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
762 der_pub_key);
763
764 ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
765 if (ret < 0)
766 goto error_free_tfm;
767
768 ret = -ENOMEM;
769 req = akcipher_request_alloc(tfm, GFP_KERNEL);
770 if (!req)
771 goto error_free_tfm;
772
773 sg_init_table(src_sg, 2);
774 sg_set_buf(&src_sg[0], sig->s, sig->s_size);
775 sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
776 akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
777 sig->digest_size);
778 crypto_init_wait(&cwait);
779 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
780 CRYPTO_TFM_REQ_MAY_SLEEP,
781 crypto_req_done, &cwait);
782 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
783
784 akcipher_request_free(req);
785error_free_tfm:
786 crypto_free_akcipher(tfm);
787 pr_devel("<==%s() = %d\n", __func__, ret);
788 if (WARN_ON_ONCE(ret > 0))
789 ret = -EINVAL;
790 return ret;
791}
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813static int extract_key_parameters(struct tpm_key *tk)
814{
815 const void *cur = tk->blob;
816 uint32_t len = tk->blob_len;
817 const void *pub_key;
818 uint32_t sz;
819 uint32_t key_len;
820
821 if (len < 11)
822 return -EBADMSG;
823
824
825 if (get_unaligned_be16(cur + 4) != 0x0015)
826 return -EBADMSG;
827
828
829 cur += 11;
830 len -= 11;
831
832 if (len < 12)
833 return -EBADMSG;
834
835
836 if (get_unaligned_be32(cur) != 0x00000001)
837 return -EBADMSG;
838
839
840 if (get_unaligned_be16(cur + 4) != 0x0002)
841 return -EBADMSG;
842
843
844 if (get_unaligned_be16(cur + 6) != 0x0003)
845 return -EBADMSG;
846
847 sz = get_unaligned_be32(cur + 8);
848 if (len < sz + 12)
849 return -EBADMSG;
850
851
852 len -= 12;
853 cur += 12;
854
855
856 key_len = get_unaligned_be32(cur);
857
858 switch (key_len) {
859 case 512:
860 case 1024:
861 case 1536:
862 case 2048:
863 break;
864 default:
865 return -EINVAL;
866 }
867
868
869 cur += sz;
870 len -= sz;
871
872 if (len < 4)
873 return -EBADMSG;
874
875 sz = get_unaligned_be32(cur);
876 if (len < 4 + sz)
877 return -EBADMSG;
878
879
880 cur += 4 + sz;
881 len -= 4 + sz;
882
883
884 sz = get_unaligned_be32(cur);
885 if (sz > 256)
886 return -EINVAL;
887
888 pub_key = cur + 4;
889
890 tk->key_len = key_len;
891 tk->pub_key = pub_key;
892 tk->pub_key_len = sz;
893
894 return 0;
895}
896
897
898struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len)
899{
900 int r;
901 struct tpm_key *tk;
902
903 r = tpm_is_tpm2(NULL);
904 if (r < 0)
905 goto error;
906
907
908 if (r > 0) {
909 r = -ENODEV;
910 goto error;
911 }
912
913 r = -ENOMEM;
914 tk = kzalloc(sizeof(struct tpm_key), GFP_KERNEL);
915 if (!tk)
916 goto error;
917
918 tk->blob = kmemdup(blob, blob_len, GFP_KERNEL);
919 if (!tk->blob)
920 goto error_memdup;
921
922 tk->blob_len = blob_len;
923
924 r = extract_key_parameters(tk);
925 if (r < 0)
926 goto error_extract;
927
928 return tk;
929
930error_extract:
931 kfree(tk->blob);
932 tk->blob_len = 0;
933error_memdup:
934 kfree(tk);
935error:
936 return ERR_PTR(r);
937}
938EXPORT_SYMBOL_GPL(tpm_key_create);
939
940
941
942
943struct asymmetric_key_subtype asym_tpm_subtype = {
944 .owner = THIS_MODULE,
945 .name = "asym_tpm",
946 .name_len = sizeof("asym_tpm") - 1,
947 .describe = asym_tpm_describe,
948 .destroy = asym_tpm_destroy,
949 .query = tpm_key_query,
950 .eds_op = tpm_key_eds_op,
951 .verify_signature = tpm_key_verify_signature,
952};
953EXPORT_SYMBOL_GPL(asym_tpm_subtype);
954
955MODULE_DESCRIPTION("TPM based asymmetric key subtype");
956MODULE_AUTHOR("Intel Corporation");
957MODULE_LICENSE("GPL v2");
958
