trusted_core.c source code [linux/security/keys/trusted-keys/trusted_core.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Copyright (C) 2010 IBM Corporation
4	* Copyright (c) 2019-2021, Linaro Limited
5	*
6	* See Documentation/security/keys/trusted-encrypted.rst
7	*/
8
9	#include <keys/user-type.h>
10	#include <keys/trusted-type.h>
11	#include <keys/trusted_tee.h>
12	#include <keys/trusted_caam.h>
13	#include <keys/trusted_tpm.h>
14	#include <linux/capability.h>
15	#include <linux/err.h>
16	#include <linux/init.h>
17	#include <linux/key-type.h>
18	#include <linux/module.h>
19	#include <linux/parser.h>
20	#include <linux/random.h>
21	#include <linux/rcupdate.h>
22	#include <linux/slab.h>
23	#include <linux/static_call.h>
24	#include <linux/string.h>
25	#include <linux/uaccess.h>
26
27	static char *trusted_rng = "default";
28	module_param_named(rng, trusted_rng, charp, `0`);
29	MODULE_PARM_DESC(rng, "Select trusted key RNG");
30
31	static char *trusted_key_source;
32	module_param_named(source, trusted_key_source, charp, `0`);
33	MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or caam)");
34
35	static const struct trusted_key_source trusted_key_sources[] = {
36	#if defined(CONFIG_TRUSTED_KEYS_TPM)
37	{ "tpm", &trusted_key_tpm_ops },
38	#endif
39	#if defined(CONFIG_TRUSTED_KEYS_TEE)
40	{ "tee", &trusted_key_tee_ops },
41	#endif
42	#if defined(CONFIG_TRUSTED_KEYS_CAAM)
43	{ "caam", &trusted_key_caam_ops },
44	#endif
45	};
46
47	DEFINE_STATIC_CALL_NULL(trusted_key_seal, *trusted_key_sources[`0`].ops->seal);
48	DEFINE_STATIC_CALL_NULL(trusted_key_unseal,
49	*trusted_key_sources[`0`].ops->unseal);
50	DEFINE_STATIC_CALL_NULL(trusted_key_get_random,
51	*trusted_key_sources[`0`].ops->get_random);
52	static void (trusted_key_exit)(void*);
53	static unsigned char migratable;
54
55	enum {
56	Opt_err,
57	Opt_new, Opt_load, Opt_update,
58	};
59
60	static const match_table_t key_tokens = {
61	{Opt_new, "new"},
62	{Opt_load, "load"},
63	{Opt_update, "update"},
64	{Opt_err, NULL}
65	};
66
67	/*
68	* datablob_parse - parse the keyctl data and fill in the
69	* payload structure
70	*
71	* On success returns 0, otherwise -EINVAL.
72	*/
73	static int datablob_parse(char datablob, struct** trusted_key_payload *p)
74	{
75	substring_t args[MAX_OPT_ARGS];
76	long keylen;
77	int ret = -EINVAL;
78	int key_cmd;
79	char *c;
80
81	/ main command /
82	c = strsep(datablob, " \t");
83	if (!c)
84	return -EINVAL;
85	key_cmd = match_token(c, table: key_tokens, args);
86	switch (key_cmd) {
87	case Opt_new:
88	/ first argument is key size /
89	c = strsep(datablob, " \t");
90	if (!c)
91	return -EINVAL;
92	ret = kstrtol(s: c, base: `10`, res: &keylen);
93	if (ret < `0` \|\| keylen < MIN_KEY_SIZE \|\| keylen > MAX_KEY_SIZE)
94	return -EINVAL;
95	p->key_len = keylen;
96	ret = Opt_new;
97	break;
98	case Opt_load:
99	/ first argument is sealed blob /
100	c = strsep(datablob, " \t");
101	if (!c)
102	return -EINVAL;
103	p->blob_len = strlen(c) / `2`;
104	if (p->blob_len > MAX_BLOB_SIZE)
105	return -EINVAL;
106	ret = hex2bin(dst: p->blob, src: c, count: p->blob_len);
107	if (ret < `0`)
108	return -EINVAL;
109	ret = Opt_load;
110	break;
111	case Opt_update:
112	ret = Opt_update;
113	break;
114	case Opt_err:
115	return -EINVAL;
116	}
117	return ret;
118	}
119
120	static struct trusted_key_payload trusted_payload_alloc(struct* key *key)
121	{
122	struct trusted_key_payload *p = NULL;
123	int ret;
124
125	ret = key_payload_reserve(key, datalen: sizeof(*p));
126	if (ret < `0`)
127	goto err;
128	p = kzalloc(size: sizeof(*p), GFP_KERNEL);
129	if (!p)
130	goto err;
131
132	p->migratable = migratable;
133	err:
134	return p;
135	}
136
137	/*
138	* trusted_instantiate - create a new trusted key
139	*
140	* Unseal an existing trusted blob or, for a new key, get a
141	* random key, then seal and create a trusted key-type key,
142	* adding it to the specified keyring.
143	*
144	* On success, return 0. Otherwise return errno.
145	*/
146	static int trusted_instantiate(struct key *key,
147	struct key_preparsed_payload *prep)
148	{
149	struct trusted_key_payload *payload = NULL;
150	size_t datalen = prep->datalen;
151	char datablob, orig_datablob;
152	int ret = `0`;
153	int key_cmd;
154	size_t key_len;
155
156	if (datalen <= `0` \|\| datalen > `32767` \|\| !prep->data)
157	return -EINVAL;
158
159	orig_datablob = datablob = kmalloc(size: datalen + `1`, GFP_KERNEL);
160	if (!datablob)
161	return -ENOMEM;
162	memcpy(datablob, prep->data, datalen);
163	datablob[datalen] = `'\0'`;
164
165	payload = trusted_payload_alloc(key);
166	if (!payload) {
167	ret = -ENOMEM;
168	goto out;
169	}
170
171	key_cmd = datablob_parse(datablob: &datablob, p: payload);
172	if (key_cmd < `0`) {
173	ret = key_cmd;
174	goto out;
175	}
176
177	dump_payload(p: payload);
178
179	switch (key_cmd) {
180	case Opt_load:
181	ret = static_call(trusted_key_unseal)(payload, datablob);
182	dump_payload(p: payload);
183	if (ret < `0`)
184	pr_info("key_unseal failed (%d)\n", ret);
185	break;
186	case Opt_new:
187	key_len = payload->key_len;
188	ret = static_call(trusted_key_get_random)(payload->key,
189	key_len);
190	if (ret < `0`)
191	goto out;
192
193	if (ret != key_len) {
194	pr_info("key_create failed (%d)\n", ret);
195	ret = -EIO;
196	goto out;
197	}
198
199	ret = static_call(trusted_key_seal)(payload, datablob);
200	if (ret < `0`)
201	pr_info("key_seal failed (%d)\n", ret);
202	break;
203	default:
204	ret = -EINVAL;
205	}
206	out:
207	kfree_sensitive(objp: orig_datablob);
208	if (!ret)
209	rcu_assign_keypointer(key, payload);
210	else
211	kfree_sensitive(objp: payload);
212	return ret;
213	}
214
215	static void trusted_rcu_free(struct rcu_head *rcu)
216	{
217	struct trusted_key_payload *p;
218
219	p = container_of(rcu, struct trusted_key_payload, rcu);
220	kfree_sensitive(objp: p);
221	}
222
223	/*
224	* trusted_update - reseal an existing key with new PCR values
225	*/
226	static int trusted_update(struct key key, struct* key_preparsed_payload *prep)
227	{
228	struct trusted_key_payload *p;
229	struct trusted_key_payload *new_p;
230	size_t datalen = prep->datalen;
231	char datablob, orig_datablob;
232	int ret = `0`;
233
234	if (key_is_negative(key))
235	return -ENOKEY;
236	p = key->payload.data[`0`];
237	if (!p->migratable)
238	return -EPERM;
239	if (datalen <= `0` \|\| datalen > `32767` \|\| !prep->data)
240	return -EINVAL;
241
242	orig_datablob = datablob = kmalloc(size: datalen + `1`, GFP_KERNEL);
243	if (!datablob)
244	return -ENOMEM;
245
246	new_p = trusted_payload_alloc(key);
247	if (!new_p) {
248	ret = -ENOMEM;
249	goto out;
250	}
251
252	memcpy(datablob, prep->data, datalen);
253	datablob[datalen] = `'\0'`;
254	ret = datablob_parse(datablob: &datablob, p: new_p);
255	if (ret != Opt_update) {
256	ret = -EINVAL;
257	kfree_sensitive(objp: new_p);
258	goto out;
259	}
260
261	/ copy old key values, and reseal with new pcrs /
262	new_p->migratable = p->migratable;
263	new_p->key_len = p->key_len;
264	memcpy(new_p->key, p->key, p->key_len);
265	dump_payload(p);
266	dump_payload(p: new_p);
267
268	ret = static_call(trusted_key_seal)(new_p, datablob);
269	if (ret < `0`) {
270	pr_info("key_seal failed (%d)\n", ret);
271	kfree_sensitive(objp: new_p);
272	goto out;
273	}
274
275	rcu_assign_keypointer(key, new_p);
276	call_rcu(head: &p->rcu, func: trusted_rcu_free);
277	out:
278	kfree_sensitive(objp: orig_datablob);
279	return ret;
280	}
281
282	/*
283	* trusted_read - copy the sealed blob data to userspace in hex.
284	* On success, return to userspace the trusted key datablob size.
285	*/
286	static long trusted_read(const struct key key, char* *buffer,
287	size_t buflen)
288	{
289	const struct trusted_key_payload *p;
290	char *bufp;
291	int i;
292
293	p = dereference_key_locked(key);
294	if (!p)
295	return -EINVAL;
296
297	if (buffer && buflen >= `2` * p->blob_len) {
298	bufp = buffer;
299	for (i = `0`; i < p->blob_len; i++)
300	bufp = hex_byte_pack(buf: bufp, byte: p->blob[i]);
301	}
302	return `2` * p->blob_len;
303	}
304
305	/*
306	* trusted_destroy - clear and free the key's payload
307	*/
308	static void trusted_destroy(struct key *key)
309	{
310	kfree_sensitive(objp: key->payload.data[`0`]);
311	}
312
313	struct key_type key_type_trusted = {
314	.name = "trusted",
315	.instantiate = trusted_instantiate,
316	.update = trusted_update,
317	.destroy = trusted_destroy,
318	.describe = user_describe,
319	.read = trusted_read,
320	};
321	EXPORT_SYMBOL_GPL(key_type_trusted);
322
323	static int kernel_get_random(unsigned char *key, size_t key_len)
324	{
325	return get_random_bytes_wait(buf: key, nbytes: key_len) ?: key_len;
326	}
327
328	static int __init init_trusted(void)
329	{
330	int (get_random)(unsigned* char *key, size_t key_len);
331	int i, ret = `0`;
332
333	for (i = `0`; i < ARRAY_SIZE(trusted_key_sources); i++) {
334	if (trusted_key_source &&
335	strncmp(trusted_key_source, trusted_key_sources[i].name,
336	strlen(trusted_key_sources[i].name)))
337	continue;
338
339	/*
340	* We always support trusted.rng="kernel" and "default" as
341	* well as trusted.rng=$trusted.source if the trust source
342	* defines its own get_random callback.
343	*/
344	get_random = trusted_key_sources[i].ops->get_random;
345	if (trusted_rng && strcmp(trusted_rng, "default")) {
346	if (!strcmp(trusted_rng, "kernel")) {
347	get_random = kernel_get_random;
348	} else if (strcmp(trusted_rng, trusted_key_sources[i].name) \|\|
349	!get_random) {
350	pr_warn("Unsupported RNG. Supported: kernel");
351	if (get_random)
352	pr_cont(", %s", trusted_key_sources[i].name);
353	pr_cont(", default\n");
354	return -EINVAL;
355	}
356	}
357
358	if (!get_random)
359	get_random = kernel_get_random;
360
361	ret = trusted_key_sources[i].ops->init();
362	if (!ret) {
363	static_call_update(trusted_key_seal, trusted_key_sources[i].ops->seal);
364	static_call_update(trusted_key_unseal, trusted_key_sources[i].ops->unseal);
365	static_call_update(trusted_key_get_random, get_random);
366
367	trusted_key_exit = trusted_key_sources[i].ops->exit;
368	migratable = trusted_key_sources[i].ops->migratable;
369	}
370
371	if (!ret \|\| ret != -ENODEV)
372	break;
373	}
374
375	/*
376	* encrypted_keys.ko depends on successful load of this module even if
377	* trusted key implementation is not found.
378	*/
379	if (ret == -ENODEV)
380	return `0`;
381
382	return ret;
383	}
384
385	static void __exit cleanup_trusted(void)
386	{
387	if (trusted_key_exit)
388	(*trusted_key_exit)();
389	}
390
391	late_initcall(init_trusted);
392	module_exit(cleanup_trusted);
393
394	MODULE_LICENSE("GPL");
395

source code of linux/security/keys/trusted-keys/trusted_core.c