1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * Copyright (C) 2010 IBM Corporation |
4 | * Copyright (c) 2019-2021, Linaro Limited |
5 | * |
6 | * See Documentation/security/keys/trusted-encrypted.rst |
7 | */ |
8 | |
9 | #include <keys/user-type.h> |
10 | #include <keys/trusted-type.h> |
11 | #include <keys/trusted_tee.h> |
12 | #include <keys/trusted_caam.h> |
13 | #include <keys/trusted_tpm.h> |
14 | #include <linux/capability.h> |
15 | #include <linux/err.h> |
16 | #include <linux/init.h> |
17 | #include <linux/key-type.h> |
18 | #include <linux/module.h> |
19 | #include <linux/parser.h> |
20 | #include <linux/random.h> |
21 | #include <linux/rcupdate.h> |
22 | #include <linux/slab.h> |
23 | #include <linux/static_call.h> |
24 | #include <linux/string.h> |
25 | #include <linux/uaccess.h> |
26 | |
27 | static char *trusted_rng = "default" ; |
28 | module_param_named(rng, trusted_rng, charp, 0); |
29 | MODULE_PARM_DESC(rng, "Select trusted key RNG" ); |
30 | |
31 | static char *trusted_key_source; |
32 | module_param_named(source, trusted_key_source, charp, 0); |
33 | MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or caam)" ); |
34 | |
35 | static const struct trusted_key_source trusted_key_sources[] = { |
36 | #if defined(CONFIG_TRUSTED_KEYS_TPM) |
37 | { "tpm" , &trusted_key_tpm_ops }, |
38 | #endif |
39 | #if defined(CONFIG_TRUSTED_KEYS_TEE) |
40 | { "tee" , &trusted_key_tee_ops }, |
41 | #endif |
42 | #if defined(CONFIG_TRUSTED_KEYS_CAAM) |
43 | { "caam" , &trusted_key_caam_ops }, |
44 | #endif |
45 | }; |
46 | |
47 | DEFINE_STATIC_CALL_NULL(trusted_key_seal, *trusted_key_sources[0].ops->seal); |
48 | DEFINE_STATIC_CALL_NULL(trusted_key_unseal, |
49 | *trusted_key_sources[0].ops->unseal); |
50 | DEFINE_STATIC_CALL_NULL(trusted_key_get_random, |
51 | *trusted_key_sources[0].ops->get_random); |
52 | static void (*trusted_key_exit)(void); |
53 | static unsigned char migratable; |
54 | |
55 | enum { |
56 | Opt_err, |
57 | Opt_new, Opt_load, Opt_update, |
58 | }; |
59 | |
60 | static const match_table_t key_tokens = { |
61 | {Opt_new, "new" }, |
62 | {Opt_load, "load" }, |
63 | {Opt_update, "update" }, |
64 | {Opt_err, NULL} |
65 | }; |
66 | |
67 | /* |
68 | * datablob_parse - parse the keyctl data and fill in the |
69 | * payload structure |
70 | * |
71 | * On success returns 0, otherwise -EINVAL. |
72 | */ |
73 | static int datablob_parse(char **datablob, struct trusted_key_payload *p) |
74 | { |
75 | substring_t args[MAX_OPT_ARGS]; |
76 | long keylen; |
77 | int ret = -EINVAL; |
78 | int key_cmd; |
79 | char *c; |
80 | |
81 | /* main command */ |
82 | c = strsep(datablob, " \t" ); |
83 | if (!c) |
84 | return -EINVAL; |
85 | key_cmd = match_token(c, table: key_tokens, args); |
86 | switch (key_cmd) { |
87 | case Opt_new: |
88 | /* first argument is key size */ |
89 | c = strsep(datablob, " \t" ); |
90 | if (!c) |
91 | return -EINVAL; |
92 | ret = kstrtol(s: c, base: 10, res: &keylen); |
93 | if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) |
94 | return -EINVAL; |
95 | p->key_len = keylen; |
96 | ret = Opt_new; |
97 | break; |
98 | case Opt_load: |
99 | /* first argument is sealed blob */ |
100 | c = strsep(datablob, " \t" ); |
101 | if (!c) |
102 | return -EINVAL; |
103 | p->blob_len = strlen(c) / 2; |
104 | if (p->blob_len > MAX_BLOB_SIZE) |
105 | return -EINVAL; |
106 | ret = hex2bin(dst: p->blob, src: c, count: p->blob_len); |
107 | if (ret < 0) |
108 | return -EINVAL; |
109 | ret = Opt_load; |
110 | break; |
111 | case Opt_update: |
112 | ret = Opt_update; |
113 | break; |
114 | case Opt_err: |
115 | return -EINVAL; |
116 | } |
117 | return ret; |
118 | } |
119 | |
120 | static struct trusted_key_payload *trusted_payload_alloc(struct key *key) |
121 | { |
122 | struct trusted_key_payload *p = NULL; |
123 | int ret; |
124 | |
125 | ret = key_payload_reserve(key, datalen: sizeof(*p)); |
126 | if (ret < 0) |
127 | goto err; |
128 | p = kzalloc(size: sizeof(*p), GFP_KERNEL); |
129 | if (!p) |
130 | goto err; |
131 | |
132 | p->migratable = migratable; |
133 | err: |
134 | return p; |
135 | } |
136 | |
137 | /* |
138 | * trusted_instantiate - create a new trusted key |
139 | * |
140 | * Unseal an existing trusted blob or, for a new key, get a |
141 | * random key, then seal and create a trusted key-type key, |
142 | * adding it to the specified keyring. |
143 | * |
144 | * On success, return 0. Otherwise return errno. |
145 | */ |
146 | static int trusted_instantiate(struct key *key, |
147 | struct key_preparsed_payload *prep) |
148 | { |
149 | struct trusted_key_payload *payload = NULL; |
150 | size_t datalen = prep->datalen; |
151 | char *datablob, *orig_datablob; |
152 | int ret = 0; |
153 | int key_cmd; |
154 | size_t key_len; |
155 | |
156 | if (datalen <= 0 || datalen > 32767 || !prep->data) |
157 | return -EINVAL; |
158 | |
159 | orig_datablob = datablob = kmalloc(size: datalen + 1, GFP_KERNEL); |
160 | if (!datablob) |
161 | return -ENOMEM; |
162 | memcpy(datablob, prep->data, datalen); |
163 | datablob[datalen] = '\0'; |
164 | |
165 | payload = trusted_payload_alloc(key); |
166 | if (!payload) { |
167 | ret = -ENOMEM; |
168 | goto out; |
169 | } |
170 | |
171 | key_cmd = datablob_parse(datablob: &datablob, p: payload); |
172 | if (key_cmd < 0) { |
173 | ret = key_cmd; |
174 | goto out; |
175 | } |
176 | |
177 | dump_payload(p: payload); |
178 | |
179 | switch (key_cmd) { |
180 | case Opt_load: |
181 | ret = static_call(trusted_key_unseal)(payload, datablob); |
182 | dump_payload(p: payload); |
183 | if (ret < 0) |
184 | pr_info("key_unseal failed (%d)\n" , ret); |
185 | break; |
186 | case Opt_new: |
187 | key_len = payload->key_len; |
188 | ret = static_call(trusted_key_get_random)(payload->key, |
189 | key_len); |
190 | if (ret < 0) |
191 | goto out; |
192 | |
193 | if (ret != key_len) { |
194 | pr_info("key_create failed (%d)\n" , ret); |
195 | ret = -EIO; |
196 | goto out; |
197 | } |
198 | |
199 | ret = static_call(trusted_key_seal)(payload, datablob); |
200 | if (ret < 0) |
201 | pr_info("key_seal failed (%d)\n" , ret); |
202 | break; |
203 | default: |
204 | ret = -EINVAL; |
205 | } |
206 | out: |
207 | kfree_sensitive(objp: orig_datablob); |
208 | if (!ret) |
209 | rcu_assign_keypointer(key, payload); |
210 | else |
211 | kfree_sensitive(objp: payload); |
212 | return ret; |
213 | } |
214 | |
215 | static void trusted_rcu_free(struct rcu_head *rcu) |
216 | { |
217 | struct trusted_key_payload *p; |
218 | |
219 | p = container_of(rcu, struct trusted_key_payload, rcu); |
220 | kfree_sensitive(objp: p); |
221 | } |
222 | |
223 | /* |
224 | * trusted_update - reseal an existing key with new PCR values |
225 | */ |
226 | static int trusted_update(struct key *key, struct key_preparsed_payload *prep) |
227 | { |
228 | struct trusted_key_payload *p; |
229 | struct trusted_key_payload *new_p; |
230 | size_t datalen = prep->datalen; |
231 | char *datablob, *orig_datablob; |
232 | int ret = 0; |
233 | |
234 | if (key_is_negative(key)) |
235 | return -ENOKEY; |
236 | p = key->payload.data[0]; |
237 | if (!p->migratable) |
238 | return -EPERM; |
239 | if (datalen <= 0 || datalen > 32767 || !prep->data) |
240 | return -EINVAL; |
241 | |
242 | orig_datablob = datablob = kmalloc(size: datalen + 1, GFP_KERNEL); |
243 | if (!datablob) |
244 | return -ENOMEM; |
245 | |
246 | new_p = trusted_payload_alloc(key); |
247 | if (!new_p) { |
248 | ret = -ENOMEM; |
249 | goto out; |
250 | } |
251 | |
252 | memcpy(datablob, prep->data, datalen); |
253 | datablob[datalen] = '\0'; |
254 | ret = datablob_parse(datablob: &datablob, p: new_p); |
255 | if (ret != Opt_update) { |
256 | ret = -EINVAL; |
257 | kfree_sensitive(objp: new_p); |
258 | goto out; |
259 | } |
260 | |
261 | /* copy old key values, and reseal with new pcrs */ |
262 | new_p->migratable = p->migratable; |
263 | new_p->key_len = p->key_len; |
264 | memcpy(new_p->key, p->key, p->key_len); |
265 | dump_payload(p); |
266 | dump_payload(p: new_p); |
267 | |
268 | ret = static_call(trusted_key_seal)(new_p, datablob); |
269 | if (ret < 0) { |
270 | pr_info("key_seal failed (%d)\n" , ret); |
271 | kfree_sensitive(objp: new_p); |
272 | goto out; |
273 | } |
274 | |
275 | rcu_assign_keypointer(key, new_p); |
276 | call_rcu(head: &p->rcu, func: trusted_rcu_free); |
277 | out: |
278 | kfree_sensitive(objp: orig_datablob); |
279 | return ret; |
280 | } |
281 | |
282 | /* |
283 | * trusted_read - copy the sealed blob data to userspace in hex. |
284 | * On success, return to userspace the trusted key datablob size. |
285 | */ |
286 | static long trusted_read(const struct key *key, char *buffer, |
287 | size_t buflen) |
288 | { |
289 | const struct trusted_key_payload *p; |
290 | char *bufp; |
291 | int i; |
292 | |
293 | p = dereference_key_locked(key); |
294 | if (!p) |
295 | return -EINVAL; |
296 | |
297 | if (buffer && buflen >= 2 * p->blob_len) { |
298 | bufp = buffer; |
299 | for (i = 0; i < p->blob_len; i++) |
300 | bufp = hex_byte_pack(buf: bufp, byte: p->blob[i]); |
301 | } |
302 | return 2 * p->blob_len; |
303 | } |
304 | |
305 | /* |
306 | * trusted_destroy - clear and free the key's payload |
307 | */ |
308 | static void trusted_destroy(struct key *key) |
309 | { |
310 | kfree_sensitive(objp: key->payload.data[0]); |
311 | } |
312 | |
313 | struct key_type key_type_trusted = { |
314 | .name = "trusted" , |
315 | .instantiate = trusted_instantiate, |
316 | .update = trusted_update, |
317 | .destroy = trusted_destroy, |
318 | .describe = user_describe, |
319 | .read = trusted_read, |
320 | }; |
321 | EXPORT_SYMBOL_GPL(key_type_trusted); |
322 | |
323 | static int kernel_get_random(unsigned char *key, size_t key_len) |
324 | { |
325 | return get_random_bytes_wait(buf: key, nbytes: key_len) ?: key_len; |
326 | } |
327 | |
328 | static int __init init_trusted(void) |
329 | { |
330 | int (*get_random)(unsigned char *key, size_t key_len); |
331 | int i, ret = 0; |
332 | |
333 | for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) { |
334 | if (trusted_key_source && |
335 | strncmp(trusted_key_source, trusted_key_sources[i].name, |
336 | strlen(trusted_key_sources[i].name))) |
337 | continue; |
338 | |
339 | /* |
340 | * We always support trusted.rng="kernel" and "default" as |
341 | * well as trusted.rng=$trusted.source if the trust source |
342 | * defines its own get_random callback. |
343 | */ |
344 | get_random = trusted_key_sources[i].ops->get_random; |
345 | if (trusted_rng && strcmp(trusted_rng, "default" )) { |
346 | if (!strcmp(trusted_rng, "kernel" )) { |
347 | get_random = kernel_get_random; |
348 | } else if (strcmp(trusted_rng, trusted_key_sources[i].name) || |
349 | !get_random) { |
350 | pr_warn("Unsupported RNG. Supported: kernel" ); |
351 | if (get_random) |
352 | pr_cont(", %s" , trusted_key_sources[i].name); |
353 | pr_cont(", default\n" ); |
354 | return -EINVAL; |
355 | } |
356 | } |
357 | |
358 | if (!get_random) |
359 | get_random = kernel_get_random; |
360 | |
361 | ret = trusted_key_sources[i].ops->init(); |
362 | if (!ret) { |
363 | static_call_update(trusted_key_seal, trusted_key_sources[i].ops->seal); |
364 | static_call_update(trusted_key_unseal, trusted_key_sources[i].ops->unseal); |
365 | static_call_update(trusted_key_get_random, get_random); |
366 | |
367 | trusted_key_exit = trusted_key_sources[i].ops->exit; |
368 | migratable = trusted_key_sources[i].ops->migratable; |
369 | } |
370 | |
371 | if (!ret || ret != -ENODEV) |
372 | break; |
373 | } |
374 | |
375 | /* |
376 | * encrypted_keys.ko depends on successful load of this module even if |
377 | * trusted key implementation is not found. |
378 | */ |
379 | if (ret == -ENODEV) |
380 | return 0; |
381 | |
382 | return ret; |
383 | } |
384 | |
385 | static void __exit cleanup_trusted(void) |
386 | { |
387 | if (trusted_key_exit) |
388 | (*trusted_key_exit)(); |
389 | } |
390 | |
391 | late_initcall(init_trusted); |
392 | module_exit(cleanup_trusted); |
393 | |
394 | MODULE_LICENSE("GPL" ); |
395 | |