1 // SPDX-License-Identifier: GPL-2.0
2 #define pr_fmt(fmt) "ASYM-TPM: "fmt
3 #include <linux/slab.h>
4 #include <linux/module.h>
5 #include <linux/export.h>
6 #include <linux/kernel.h>
7 #include <linux/seq_file.h>
8 #include <linux/scatterlist.h>
10 #include <linux/tpm_command.h>
11 #include <crypto/akcipher.h>
12 #include <crypto/hash.h>
13 #include <crypto/sha.h>
14 #include <asm/unaligned.h>
15 #include <keys/asymmetric-subtype.h>
16 #include <keys/trusted.h>
17 #include <crypto/asym_tpm_subtype.h>
18 #include <crypto/public_key.h>
20 #define TPM_ORD_FLUSHSPECIFIC 186
21 #define TPM_ORD_LOADKEY2 65
22 #define TPM_ORD_UNBIND 30
23 #define TPM_ORD_SIGN 60
24 #define TPM_LOADKEY2_SIZE 59
25 #define TPM_FLUSHSPECIFIC_SIZE 18
26 #define TPM_UNBIND_SIZE 63
27 #define TPM_SIGN_SIZE 63
29 #define TPM_RT_KEY 0x00000001
32 * Load a TPM key from the blob provided by userspace
34 static int tpm_loadkey2(struct tpm_buf
*tb
,
35 uint32_t keyhandle
, unsigned char *keyauth
,
36 const unsigned char *keyblob
, int keybloblen
,
39 unsigned char nonceodd
[TPM_NONCE_SIZE
];
40 unsigned char enonce
[TPM_NONCE_SIZE
];
41 unsigned char authdata
[SHA1_DIGEST_SIZE
];
42 uint32_t authhandle
= 0;
43 unsigned char cont
= 0;
47 ordinal
= htonl(TPM_ORD_LOADKEY2
);
49 /* session for loading the key */
50 ret
= oiap(tb
, &authhandle
, enonce
);
52 pr_info("oiap failed (%d)\n", ret
);
56 /* generate odd nonce */
57 ret
= tpm_get_random(NULL
, nonceodd
, TPM_NONCE_SIZE
);
59 pr_info("tpm_get_random failed (%d)\n", ret
);
63 /* calculate authorization HMAC value */
64 ret
= TSS_authhmac(authdata
, keyauth
, SHA1_DIGEST_SIZE
, enonce
,
65 nonceodd
, cont
, sizeof(uint32_t), &ordinal
,
66 keybloblen
, keyblob
, 0, 0);
70 /* build the request buffer */
72 store16(tb
, TPM_TAG_RQU_AUTH1_COMMAND
);
73 store32(tb
, TPM_LOADKEY2_SIZE
+ keybloblen
);
74 store32(tb
, TPM_ORD_LOADKEY2
);
75 store32(tb
, keyhandle
);
76 storebytes(tb
, keyblob
, keybloblen
);
77 store32(tb
, authhandle
);
78 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
80 storebytes(tb
, authdata
, SHA1_DIGEST_SIZE
);
82 ret
= trusted_tpm_send(tb
->data
, MAX_BUF_SIZE
);
84 pr_info("authhmac failed (%d)\n", ret
);
88 ret
= TSS_checkhmac1(tb
->data
, ordinal
, nonceodd
, keyauth
,
89 SHA1_DIGEST_SIZE
, 0, 0);
91 pr_info("TSS_checkhmac1 failed (%d)\n", ret
);
95 *newhandle
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
100 * Execute the FlushSpecific TPM command
102 static int tpm_flushspecific(struct tpm_buf
*tb
, uint32_t handle
)
105 store16(tb
, TPM_TAG_RQU_COMMAND
);
106 store32(tb
, TPM_FLUSHSPECIFIC_SIZE
);
107 store32(tb
, TPM_ORD_FLUSHSPECIFIC
);
109 store32(tb
, TPM_RT_KEY
);
111 return trusted_tpm_send(tb
->data
, MAX_BUF_SIZE
);
115 * Decrypt a blob provided by userspace using a specific key handle.
116 * The handle is a well known handle or previously loaded by e.g. LoadKey2
118 static int tpm_unbind(struct tpm_buf
*tb
,
119 uint32_t keyhandle
, unsigned char *keyauth
,
120 const unsigned char *blob
, uint32_t bloblen
,
121 void *out
, uint32_t outlen
)
123 unsigned char nonceodd
[TPM_NONCE_SIZE
];
124 unsigned char enonce
[TPM_NONCE_SIZE
];
125 unsigned char authdata
[SHA1_DIGEST_SIZE
];
126 uint32_t authhandle
= 0;
127 unsigned char cont
= 0;
132 ordinal
= htonl(TPM_ORD_UNBIND
);
133 datalen
= htonl(bloblen
);
135 /* session for loading the key */
136 ret
= oiap(tb
, &authhandle
, enonce
);
138 pr_info("oiap failed (%d)\n", ret
);
142 /* generate odd nonce */
143 ret
= tpm_get_random(NULL
, nonceodd
, TPM_NONCE_SIZE
);
145 pr_info("tpm_get_random failed (%d)\n", ret
);
149 /* calculate authorization HMAC value */
150 ret
= TSS_authhmac(authdata
, keyauth
, SHA1_DIGEST_SIZE
, enonce
,
151 nonceodd
, cont
, sizeof(uint32_t), &ordinal
,
152 sizeof(uint32_t), &datalen
,
153 bloblen
, blob
, 0, 0);
157 /* build the request buffer */
159 store16(tb
, TPM_TAG_RQU_AUTH1_COMMAND
);
160 store32(tb
, TPM_UNBIND_SIZE
+ bloblen
);
161 store32(tb
, TPM_ORD_UNBIND
);
162 store32(tb
, keyhandle
);
163 store32(tb
, bloblen
);
164 storebytes(tb
, blob
, bloblen
);
165 store32(tb
, authhandle
);
166 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
168 storebytes(tb
, authdata
, SHA1_DIGEST_SIZE
);
170 ret
= trusted_tpm_send(tb
->data
, MAX_BUF_SIZE
);
172 pr_info("authhmac failed (%d)\n", ret
);
176 datalen
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
178 ret
= TSS_checkhmac1(tb
->data
, ordinal
, nonceodd
,
179 keyauth
, SHA1_DIGEST_SIZE
,
180 sizeof(uint32_t), TPM_DATA_OFFSET
,
181 datalen
, TPM_DATA_OFFSET
+ sizeof(uint32_t),
184 pr_info("TSS_checkhmac1 failed (%d)\n", ret
);
188 memcpy(out
, tb
->data
+ TPM_DATA_OFFSET
+ sizeof(uint32_t),
189 min(outlen
, datalen
));
195 * Sign a blob provided by userspace (that has had the hash function applied)
196 * using a specific key handle. The handle is assumed to have been previously
197 * loaded by e.g. LoadKey2.
199 * Note that the key signature scheme of the used key should be set to
200 * TPM_SS_RSASSAPKCS1v15_DER. This allows the hashed input to be of any size
201 * up to key_length_in_bytes - 11 and not be limited to size 20 like the
202 * TPM_SS_RSASSAPKCS1v15_SHA1 signature scheme.
204 static int tpm_sign(struct tpm_buf
*tb
,
205 uint32_t keyhandle
, unsigned char *keyauth
,
206 const unsigned char *blob
, uint32_t bloblen
,
207 void *out
, uint32_t outlen
)
209 unsigned char nonceodd
[TPM_NONCE_SIZE
];
210 unsigned char enonce
[TPM_NONCE_SIZE
];
211 unsigned char authdata
[SHA1_DIGEST_SIZE
];
212 uint32_t authhandle
= 0;
213 unsigned char cont
= 0;
218 ordinal
= htonl(TPM_ORD_SIGN
);
219 datalen
= htonl(bloblen
);
221 /* session for loading the key */
222 ret
= oiap(tb
, &authhandle
, enonce
);
224 pr_info("oiap failed (%d)\n", ret
);
228 /* generate odd nonce */
229 ret
= tpm_get_random(NULL
, nonceodd
, TPM_NONCE_SIZE
);
231 pr_info("tpm_get_random failed (%d)\n", ret
);
235 /* calculate authorization HMAC value */
236 ret
= TSS_authhmac(authdata
, keyauth
, SHA1_DIGEST_SIZE
, enonce
,
237 nonceodd
, cont
, sizeof(uint32_t), &ordinal
,
238 sizeof(uint32_t), &datalen
,
239 bloblen
, blob
, 0, 0);
243 /* build the request buffer */
245 store16(tb
, TPM_TAG_RQU_AUTH1_COMMAND
);
246 store32(tb
, TPM_SIGN_SIZE
+ bloblen
);
247 store32(tb
, TPM_ORD_SIGN
);
248 store32(tb
, keyhandle
);
249 store32(tb
, bloblen
);
250 storebytes(tb
, blob
, bloblen
);
251 store32(tb
, authhandle
);
252 storebytes(tb
, nonceodd
, TPM_NONCE_SIZE
);
254 storebytes(tb
, authdata
, SHA1_DIGEST_SIZE
);
256 ret
= trusted_tpm_send(tb
->data
, MAX_BUF_SIZE
);
258 pr_info("authhmac failed (%d)\n", ret
);
262 datalen
= LOAD32(tb
->data
, TPM_DATA_OFFSET
);
264 ret
= TSS_checkhmac1(tb
->data
, ordinal
, nonceodd
,
265 keyauth
, SHA1_DIGEST_SIZE
,
266 sizeof(uint32_t), TPM_DATA_OFFSET
,
267 datalen
, TPM_DATA_OFFSET
+ sizeof(uint32_t),
270 pr_info("TSS_checkhmac1 failed (%d)\n", ret
);
274 memcpy(out
, tb
->data
+ TPM_DATA_OFFSET
+ sizeof(uint32_t),
275 min(datalen
, outlen
));
280 /* Room to fit two u32 zeros for algo id and parameters length. */
281 #define SETKEY_PARAMS_SIZE (sizeof(u32) * 2)
284 * Maximum buffer size for the BER/DER encoded public key. The public key
285 * is of the form SEQUENCE { INTEGER n, INTEGER e } where n is a maximum 2048
286 * bit key and e is usually 65537
287 * The encoding overhead is:
288 * - max 4 bytes for SEQUENCE
289 * - max 4 bytes for INTEGER n type/length
291 * - max 2 bytes for INTEGER e type/length
293 * - 4+4 of zeros for set_pub_key parameters (SETKEY_PARAMS_SIZE)
295 #define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3 + SETKEY_PARAMS_SIZE)
298 * Provide a part of a description of the key for /proc/keys.
300 static void asym_tpm_describe(const struct key
*asymmetric_key
,
303 struct tpm_key
*tk
= asymmetric_key
->payload
.data
[asym_crypto
];
308 seq_printf(m
, "TPM1.2/Blob");
311 static void asym_tpm_destroy(void *payload0
, void *payload3
)
313 struct tpm_key
*tk
= payload0
;
324 /* How many bytes will it take to encode the length */
325 static inline uint32_t definite_length(uint32_t len
)
334 static inline uint8_t *encode_tag_length(uint8_t *buf
, uint8_t tag
,
351 put_unaligned_be16(len
, buf
+ 1);
355 static uint32_t derive_pub_key(const void *pub_key
, uint32_t len
, uint8_t *buf
)
358 uint32_t n_len
= definite_length(len
) + 1 + len
+ 1;
359 uint32_t e_len
= definite_length(3) + 1 + 3;
360 uint8_t e
[3] = { 0x01, 0x00, 0x01 };
363 cur
= encode_tag_length(cur
, 0x30, n_len
+ e_len
);
365 cur
= encode_tag_length(cur
, 0x02, len
+ 1);
367 memcpy(cur
+ 1, pub_key
, len
);
369 cur
= encode_tag_length(cur
, 0x02, sizeof(e
));
370 memcpy(cur
, e
, sizeof(e
));
372 /* Zero parameters to satisfy set_pub_key ABI. */
373 memset(cur
, 0, SETKEY_PARAMS_SIZE
);
379 * Determine the crypto algorithm name.
381 static int determine_akcipher(const char *encoding
, const char *hash_algo
,
382 char alg_name
[CRYPTO_MAX_ALG_NAME
])
384 if (strcmp(encoding
, "pkcs1") == 0) {
386 strcpy(alg_name
, "pkcs1pad(rsa)");
390 if (snprintf(alg_name
, CRYPTO_MAX_ALG_NAME
, "pkcs1pad(rsa,%s)",
391 hash_algo
) >= CRYPTO_MAX_ALG_NAME
)
397 if (strcmp(encoding
, "raw") == 0) {
398 strcpy(alg_name
, "rsa");
406 * Query information about a key.
408 static int tpm_key_query(const struct kernel_pkey_params
*params
,
409 struct kernel_pkey_query
*info
)
411 struct tpm_key
*tk
= params
->key
->payload
.data
[asym_crypto
];
413 char alg_name
[CRYPTO_MAX_ALG_NAME
];
414 struct crypto_akcipher
*tfm
;
415 uint8_t der_pub_key
[PUB_KEY_BUF_SIZE
];
416 uint32_t der_pub_key_len
;
419 /* TPM only works on private keys, public keys still done in software */
420 ret
= determine_akcipher(params
->encoding
, params
->hash_algo
, alg_name
);
424 tfm
= crypto_alloc_akcipher(alg_name
, 0, 0);
428 der_pub_key_len
= derive_pub_key(tk
->pub_key
, tk
->pub_key_len
,
431 ret
= crypto_akcipher_set_pub_key(tfm
, der_pub_key
, der_pub_key_len
);
435 len
= crypto_akcipher_maxsize(tfm
);
437 info
->key_size
= tk
->key_len
;
438 info
->max_data_size
= tk
->key_len
/ 8;
439 info
->max_sig_size
= len
;
440 info
->max_enc_size
= len
;
441 info
->max_dec_size
= tk
->key_len
/ 8;
443 info
->supported_ops
= KEYCTL_SUPPORTS_ENCRYPT
|
444 KEYCTL_SUPPORTS_DECRYPT
|
445 KEYCTL_SUPPORTS_VERIFY
|
446 KEYCTL_SUPPORTS_SIGN
;
450 crypto_free_akcipher(tfm
);
451 pr_devel("<==%s() = %d\n", __func__
, ret
);
456 * Encryption operation is performed with the public key. Hence it is done
459 static int tpm_key_encrypt(struct tpm_key
*tk
,
460 struct kernel_pkey_params
*params
,
461 const void *in
, void *out
)
463 char alg_name
[CRYPTO_MAX_ALG_NAME
];
464 struct crypto_akcipher
*tfm
;
465 struct akcipher_request
*req
;
466 struct crypto_wait cwait
;
467 struct scatterlist in_sg
, out_sg
;
468 uint8_t der_pub_key
[PUB_KEY_BUF_SIZE
];
469 uint32_t der_pub_key_len
;
472 pr_devel("==>%s()\n", __func__
);
474 ret
= determine_akcipher(params
->encoding
, params
->hash_algo
, alg_name
);
478 tfm
= crypto_alloc_akcipher(alg_name
, 0, 0);
482 der_pub_key_len
= derive_pub_key(tk
->pub_key
, tk
->pub_key_len
,
485 ret
= crypto_akcipher_set_pub_key(tfm
, der_pub_key
, der_pub_key_len
);
489 req
= akcipher_request_alloc(tfm
, GFP_KERNEL
);
493 sg_init_one(&in_sg
, in
, params
->in_len
);
494 sg_init_one(&out_sg
, out
, params
->out_len
);
495 akcipher_request_set_crypt(req
, &in_sg
, &out_sg
, params
->in_len
,
497 crypto_init_wait(&cwait
);
498 akcipher_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
|
499 CRYPTO_TFM_REQ_MAY_SLEEP
,
500 crypto_req_done
, &cwait
);
502 ret
= crypto_akcipher_encrypt(req
);
503 ret
= crypto_wait_req(ret
, &cwait
);
508 akcipher_request_free(req
);
510 crypto_free_akcipher(tfm
);
511 pr_devel("<==%s() = %d\n", __func__
, ret
);
516 * Decryption operation is performed with the private key in the TPM.
518 static int tpm_key_decrypt(struct tpm_key
*tk
,
519 struct kernel_pkey_params
*params
,
520 const void *in
, void *out
)
524 uint8_t srkauth
[SHA1_DIGEST_SIZE
];
525 uint8_t keyauth
[SHA1_DIGEST_SIZE
];
528 pr_devel("==>%s()\n", __func__
);
530 if (params
->hash_algo
)
533 if (strcmp(params
->encoding
, "pkcs1"))
536 tb
= kzalloc(sizeof(*tb
), GFP_KERNEL
);
540 /* TODO: Handle a non-all zero SRK authorization */
541 memset(srkauth
, 0, sizeof(srkauth
));
543 r
= tpm_loadkey2(tb
, SRKHANDLE
, srkauth
,
544 tk
->blob
, tk
->blob_len
, &keyhandle
);
546 pr_devel("loadkey2 failed (%d)\n", r
);
550 /* TODO: Handle a non-all zero key authorization */
551 memset(keyauth
, 0, sizeof(keyauth
));
553 r
= tpm_unbind(tb
, keyhandle
, keyauth
,
554 in
, params
->in_len
, out
, params
->out_len
);
556 pr_devel("tpm_unbind failed (%d)\n", r
);
558 if (tpm_flushspecific(tb
, keyhandle
) < 0)
559 pr_devel("flushspecific failed (%d)\n", r
);
563 pr_devel("<==%s() = %d\n", __func__
, r
);
568 * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
570 static const u8 digest_info_md5
[] = {
571 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
572 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */
573 0x05, 0x00, 0x04, 0x10
576 static const u8 digest_info_sha1
[] = {
577 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
578 0x2b, 0x0e, 0x03, 0x02, 0x1a,
579 0x05, 0x00, 0x04, 0x14
582 static const u8 digest_info_rmd160
[] = {
583 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
584 0x2b, 0x24, 0x03, 0x02, 0x01,
585 0x05, 0x00, 0x04, 0x14
588 static const u8 digest_info_sha224
[] = {
589 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
590 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
591 0x05, 0x00, 0x04, 0x1c
594 static const u8 digest_info_sha256
[] = {
595 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
596 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
597 0x05, 0x00, 0x04, 0x20
600 static const u8 digest_info_sha384
[] = {
601 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
602 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
603 0x05, 0x00, 0x04, 0x30
606 static const u8 digest_info_sha512
[] = {
607 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
608 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
609 0x05, 0x00, 0x04, 0x40
612 static const struct asn1_template
{
616 } asn1_templates
[] = {
617 #define _(X) { #X, digest_info_##X, sizeof(digest_info_##X) }
629 static const struct asn1_template
*lookup_asn1(const char *name
)
631 const struct asn1_template
*p
;
633 for (p
= asn1_templates
; p
->name
; p
++)
634 if (strcmp(name
, p
->name
) == 0)
640 * Sign operation is performed with the private key in the TPM.
642 static int tpm_key_sign(struct tpm_key
*tk
,
643 struct kernel_pkey_params
*params
,
644 const void *in
, void *out
)
648 uint8_t srkauth
[SHA1_DIGEST_SIZE
];
649 uint8_t keyauth
[SHA1_DIGEST_SIZE
];
650 void *asn1_wrapped
= NULL
;
651 uint32_t in_len
= params
->in_len
;
654 pr_devel("==>%s()\n", __func__
);
656 if (strcmp(params
->encoding
, "pkcs1"))
659 if (params
->hash_algo
) {
660 const struct asn1_template
*asn1
=
661 lookup_asn1(params
->hash_algo
);
666 /* request enough space for the ASN.1 template + input hash */
667 asn1_wrapped
= kzalloc(in_len
+ asn1
->size
, GFP_KERNEL
);
671 /* Copy ASN.1 template, then the input */
672 memcpy(asn1_wrapped
, asn1
->data
, asn1
->size
);
673 memcpy(asn1_wrapped
+ asn1
->size
, in
, in_len
);
676 in_len
+= asn1
->size
;
679 if (in_len
> tk
->key_len
/ 8 - 11) {
681 goto error_free_asn1_wrapped
;
685 tb
= kzalloc(sizeof(*tb
), GFP_KERNEL
);
687 goto error_free_asn1_wrapped
;
689 /* TODO: Handle a non-all zero SRK authorization */
690 memset(srkauth
, 0, sizeof(srkauth
));
692 r
= tpm_loadkey2(tb
, SRKHANDLE
, srkauth
,
693 tk
->blob
, tk
->blob_len
, &keyhandle
);
695 pr_devel("loadkey2 failed (%d)\n", r
);
699 /* TODO: Handle a non-all zero key authorization */
700 memset(keyauth
, 0, sizeof(keyauth
));
702 r
= tpm_sign(tb
, keyhandle
, keyauth
, in
, in_len
, out
, params
->out_len
);
704 pr_devel("tpm_sign failed (%d)\n", r
);
706 if (tpm_flushspecific(tb
, keyhandle
) < 0)
707 pr_devel("flushspecific failed (%d)\n", r
);
711 error_free_asn1_wrapped
:
713 pr_devel("<==%s() = %d\n", __func__
, r
);
718 * Do encryption, decryption and signing ops.
720 static int tpm_key_eds_op(struct kernel_pkey_params
*params
,
721 const void *in
, void *out
)
723 struct tpm_key
*tk
= params
->key
->payload
.data
[asym_crypto
];
724 int ret
= -EOPNOTSUPP
;
726 /* Perform the encryption calculation. */
727 switch (params
->op
) {
728 case kernel_pkey_encrypt
:
729 ret
= tpm_key_encrypt(tk
, params
, in
, out
);
731 case kernel_pkey_decrypt
:
732 ret
= tpm_key_decrypt(tk
, params
, in
, out
);
734 case kernel_pkey_sign
:
735 ret
= tpm_key_sign(tk
, params
, in
, out
);
745 * Verify a signature using a public key.
747 static int tpm_key_verify_signature(const struct key
*key
,
748 const struct public_key_signature
*sig
)
750 const struct tpm_key
*tk
= key
->payload
.data
[asym_crypto
];
751 struct crypto_wait cwait
;
752 struct crypto_akcipher
*tfm
;
753 struct akcipher_request
*req
;
754 struct scatterlist src_sg
[2];
755 char alg_name
[CRYPTO_MAX_ALG_NAME
];
756 uint8_t der_pub_key
[PUB_KEY_BUF_SIZE
];
757 uint32_t der_pub_key_len
;
760 pr_devel("==>%s()\n", __func__
);
769 ret
= determine_akcipher(sig
->encoding
, sig
->hash_algo
, alg_name
);
773 tfm
= crypto_alloc_akcipher(alg_name
, 0, 0);
777 der_pub_key_len
= derive_pub_key(tk
->pub_key
, tk
->pub_key_len
,
780 ret
= crypto_akcipher_set_pub_key(tfm
, der_pub_key
, der_pub_key_len
);
785 req
= akcipher_request_alloc(tfm
, GFP_KERNEL
);
789 sg_init_table(src_sg
, 2);
790 sg_set_buf(&src_sg
[0], sig
->s
, sig
->s_size
);
791 sg_set_buf(&src_sg
[1], sig
->digest
, sig
->digest_size
);
792 akcipher_request_set_crypt(req
, src_sg
, NULL
, sig
->s_size
,
794 crypto_init_wait(&cwait
);
795 akcipher_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
|
796 CRYPTO_TFM_REQ_MAY_SLEEP
,
797 crypto_req_done
, &cwait
);
798 ret
= crypto_wait_req(crypto_akcipher_verify(req
), &cwait
);
800 akcipher_request_free(req
);
802 crypto_free_akcipher(tfm
);
803 pr_devel("<==%s() = %d\n", __func__
, ret
);
804 if (WARN_ON_ONCE(ret
> 0))
810 * Parse enough information out of TPM_KEY structure:
811 * TPM_STRUCT_VER -> 4 bytes
812 * TPM_KEY_USAGE -> 2 bytes
813 * TPM_KEY_FLAGS -> 4 bytes
814 * TPM_AUTH_DATA_USAGE -> 1 byte
815 * TPM_KEY_PARMS -> variable
816 * UINT32 PCRInfoSize -> 4 bytes
817 * BYTE* -> PCRInfoSize bytes
819 * UINT32 encDataSize;
820 * BYTE* -> encDataSize;
823 * TPM_ALGORITHM_ID -> 4 bytes
824 * TPM_ENC_SCHEME -> 2 bytes
825 * TPM_SIG_SCHEME -> 2 bytes
826 * UINT32 parmSize -> 4 bytes
829 static int extract_key_parameters(struct tpm_key
*tk
)
831 const void *cur
= tk
->blob
;
832 uint32_t len
= tk
->blob_len
;
840 /* Ensure this is a legacy key */
841 if (get_unaligned_be16(cur
+ 4) != 0x0015)
844 /* Skip to TPM_KEY_PARMS */
851 /* Make sure this is an RSA key */
852 if (get_unaligned_be32(cur
) != 0x00000001)
855 /* Make sure this is TPM_ES_RSAESPKCSv15 encoding scheme */
856 if (get_unaligned_be16(cur
+ 4) != 0x0002)
859 /* Make sure this is TPM_SS_RSASSAPKCS1v15_DER signature scheme */
860 if (get_unaligned_be16(cur
+ 6) != 0x0003)
863 sz
= get_unaligned_be32(cur
+ 8);
867 /* Move to TPM_RSA_KEY_PARMS */
871 /* Grab the RSA key length */
872 key_len
= get_unaligned_be32(cur
);
884 /* Move just past TPM_KEY_PARMS */
891 sz
= get_unaligned_be32(cur
);
895 /* Move to TPM_STORE_PUBKEY */
899 /* Grab the size of the public key, it should jive with the key size */
900 sz
= get_unaligned_be32(cur
);
906 tk
->key_len
= key_len
;
907 tk
->pub_key
= pub_key
;
908 tk
->pub_key_len
= sz
;
913 /* Given the blob, parse it and load it into the TPM */
914 struct tpm_key
*tpm_key_create(const void *blob
, uint32_t blob_len
)
919 r
= tpm_is_tpm2(NULL
);
923 /* We don't support TPM2 yet */
930 tk
= kzalloc(sizeof(struct tpm_key
), GFP_KERNEL
);
934 tk
->blob
= kmemdup(blob
, blob_len
, GFP_KERNEL
);
938 tk
->blob_len
= blob_len
;
940 r
= extract_key_parameters(tk
);
954 EXPORT_SYMBOL_GPL(tpm_key_create
);
957 * TPM-based asymmetric key subtype
959 struct asymmetric_key_subtype asym_tpm_subtype
= {
960 .owner
= THIS_MODULE
,
962 .name_len
= sizeof("asym_tpm") - 1,
963 .describe
= asym_tpm_describe
,
964 .destroy
= asym_tpm_destroy
,
965 .query
= tpm_key_query
,
966 .eds_op
= tpm_key_eds_op
,
967 .verify_signature
= tpm_key_verify_signature
,
969 EXPORT_SYMBOL_GPL(asym_tpm_subtype
);
971 MODULE_DESCRIPTION("TPM based asymmetric key subtype");
972 MODULE_AUTHOR("Intel Corporation");
973 MODULE_LICENSE("GPL v2");