1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2010 IBM Corporation 4 * Copyright (c) 2019-2021, Linaro Limited 5 * 6 * See Documentation/security/keys/trusted-encrypted.rst 7 */ 8 9 #include <keys/user-type.h> 10 #include <keys/trusted-type.h> 11 #include <keys/trusted_tee.h> 12 #include <keys/trusted_caam.h> 13 #include <keys/trusted_tpm.h> 14 #include <linux/capability.h> 15 #include <linux/err.h> 16 #include <linux/init.h> 17 #include <linux/key-type.h> 18 #include <linux/module.h> 19 #include <linux/parser.h> 20 #include <linux/random.h> 21 #include <linux/rcupdate.h> 22 #include <linux/slab.h> 23 #include <linux/static_call.h> 24 #include <linux/string.h> 25 #include <linux/uaccess.h> 26 27 static char *trusted_rng = "default"; 28 module_param_named(rng, trusted_rng, charp, 0); 29 MODULE_PARM_DESC(rng, "Select trusted key RNG"); 30 31 static char *trusted_key_source; 32 module_param_named(source, trusted_key_source, charp, 0); 33 MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or caam)"); 34 35 static const struct trusted_key_source trusted_key_sources[] = { 36 #if defined(CONFIG_TRUSTED_KEYS_TPM) 37 { "tpm", &trusted_key_tpm_ops }, 38 #endif 39 #if defined(CONFIG_TRUSTED_KEYS_TEE) 40 { "tee", &trusted_key_tee_ops }, 41 #endif 42 #if defined(CONFIG_TRUSTED_KEYS_CAAM) 43 { "caam", &trusted_key_caam_ops }, 44 #endif 45 }; 46 47 DEFINE_STATIC_CALL_NULL(trusted_key_seal, *trusted_key_sources[0].ops->seal); 48 DEFINE_STATIC_CALL_NULL(trusted_key_unseal, 49 *trusted_key_sources[0].ops->unseal); 50 DEFINE_STATIC_CALL_NULL(trusted_key_get_random, 51 *trusted_key_sources[0].ops->get_random); 52 static void (*trusted_key_exit)(void); 53 static unsigned char migratable; 54 55 enum { 56 Opt_err, 57 Opt_new, Opt_load, Opt_update, 58 }; 59 60 static const match_table_t key_tokens = { 61 {Opt_new, "new"}, 62 {Opt_load, "load"}, 63 {Opt_update, "update"}, 64 {Opt_err, NULL} 65 }; 66 67 /* 68 * datablob_parse - parse the keyctl data and fill in the 69 * payload structure 70 * 71 * On success returns 0, otherwise -EINVAL. 72 */ 73 static int datablob_parse(char **datablob, struct trusted_key_payload *p) 74 { 75 substring_t args[MAX_OPT_ARGS]; 76 long keylen; 77 int ret = -EINVAL; 78 int key_cmd; 79 char *c; 80 81 /* main command */ 82 c = strsep(datablob, " \t"); 83 if (!c) 84 return -EINVAL; 85 key_cmd = match_token(c, key_tokens, args); 86 switch (key_cmd) { 87 case Opt_new: 88 /* first argument is key size */ 89 c = strsep(datablob, " \t"); 90 if (!c) 91 return -EINVAL; 92 ret = kstrtol(c, 10, &keylen); 93 if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) 94 return -EINVAL; 95 p->key_len = keylen; 96 ret = Opt_new; 97 break; 98 case Opt_load: 99 /* first argument is sealed blob */ 100 c = strsep(datablob, " \t"); 101 if (!c) 102 return -EINVAL; 103 p->blob_len = strlen(c) / 2; 104 if (p->blob_len > MAX_BLOB_SIZE) 105 return -EINVAL; 106 ret = hex2bin(p->blob, c, p->blob_len); 107 if (ret < 0) 108 return -EINVAL; 109 ret = Opt_load; 110 break; 111 case Opt_update: 112 ret = Opt_update; 113 break; 114 case Opt_err: 115 return -EINVAL; 116 } 117 return ret; 118 } 119 120 static struct trusted_key_payload *trusted_payload_alloc(struct key *key) 121 { 122 struct trusted_key_payload *p = NULL; 123 int ret; 124 125 ret = key_payload_reserve(key, sizeof(*p)); 126 if (ret < 0) 127 goto err; 128 p = kzalloc(sizeof(*p), GFP_KERNEL); 129 if (!p) 130 goto err; 131 132 p->migratable = migratable; 133 err: 134 return p; 135 } 136 137 /* 138 * trusted_instantiate - create a new trusted key 139 * 140 * Unseal an existing trusted blob or, for a new key, get a 141 * random key, then seal and create a trusted key-type key, 142 * adding it to the specified keyring. 143 * 144 * On success, return 0. Otherwise return errno. 145 */ 146 static int trusted_instantiate(struct key *key, 147 struct key_preparsed_payload *prep) 148 { 149 struct trusted_key_payload *payload = NULL; 150 size_t datalen = prep->datalen; 151 char *datablob, *orig_datablob; 152 int ret = 0; 153 int key_cmd; 154 size_t key_len; 155 156 if (datalen <= 0 || datalen > 32767 || !prep->data) 157 return -EINVAL; 158 159 orig_datablob = datablob = kmalloc(datalen + 1, GFP_KERNEL); 160 if (!datablob) 161 return -ENOMEM; 162 memcpy(datablob, prep->data, datalen); 163 datablob[datalen] = '\0'; 164 165 payload = trusted_payload_alloc(key); 166 if (!payload) { 167 ret = -ENOMEM; 168 goto out; 169 } 170 171 key_cmd = datablob_parse(&datablob, payload); 172 if (key_cmd < 0) { 173 ret = key_cmd; 174 goto out; 175 } 176 177 dump_payload(payload); 178 179 switch (key_cmd) { 180 case Opt_load: 181 ret = static_call(trusted_key_unseal)(payload, datablob); 182 dump_payload(payload); 183 if (ret < 0) 184 pr_info("key_unseal failed (%d)\n", ret); 185 break; 186 case Opt_new: 187 key_len = payload->key_len; 188 ret = static_call(trusted_key_get_random)(payload->key, 189 key_len); 190 if (ret < 0) 191 goto out; 192 193 if (ret != key_len) { 194 pr_info("key_create failed (%d)\n", ret); 195 ret = -EIO; 196 goto out; 197 } 198 199 ret = static_call(trusted_key_seal)(payload, datablob); 200 if (ret < 0) 201 pr_info("key_seal failed (%d)\n", ret); 202 break; 203 default: 204 ret = -EINVAL; 205 } 206 out: 207 kfree_sensitive(orig_datablob); 208 if (!ret) 209 rcu_assign_keypointer(key, payload); 210 else 211 kfree_sensitive(payload); 212 return ret; 213 } 214 215 static void trusted_rcu_free(struct rcu_head *rcu) 216 { 217 struct trusted_key_payload *p; 218 219 p = container_of(rcu, struct trusted_key_payload, rcu); 220 kfree_sensitive(p); 221 } 222 223 /* 224 * trusted_update - reseal an existing key with new PCR values 225 */ 226 static int trusted_update(struct key *key, struct key_preparsed_payload *prep) 227 { 228 struct trusted_key_payload *p; 229 struct trusted_key_payload *new_p; 230 size_t datalen = prep->datalen; 231 char *datablob, *orig_datablob; 232 int ret = 0; 233 234 if (key_is_negative(key)) 235 return -ENOKEY; 236 p = key->payload.data[0]; 237 if (!p->migratable) 238 return -EPERM; 239 if (datalen <= 0 || datalen > 32767 || !prep->data) 240 return -EINVAL; 241 242 orig_datablob = datablob = kmalloc(datalen + 1, GFP_KERNEL); 243 if (!datablob) 244 return -ENOMEM; 245 246 new_p = trusted_payload_alloc(key); 247 if (!new_p) { 248 ret = -ENOMEM; 249 goto out; 250 } 251 252 memcpy(datablob, prep->data, datalen); 253 datablob[datalen] = '\0'; 254 ret = datablob_parse(&datablob, new_p); 255 if (ret != Opt_update) { 256 ret = -EINVAL; 257 kfree_sensitive(new_p); 258 goto out; 259 } 260 261 /* copy old key values, and reseal with new pcrs */ 262 new_p->migratable = p->migratable; 263 new_p->key_len = p->key_len; 264 memcpy(new_p->key, p->key, p->key_len); 265 dump_payload(p); 266 dump_payload(new_p); 267 268 ret = static_call(trusted_key_seal)(new_p, datablob); 269 if (ret < 0) { 270 pr_info("key_seal failed (%d)\n", ret); 271 kfree_sensitive(new_p); 272 goto out; 273 } 274 275 rcu_assign_keypointer(key, new_p); 276 call_rcu(&p->rcu, trusted_rcu_free); 277 out: 278 kfree_sensitive(orig_datablob); 279 return ret; 280 } 281 282 /* 283 * trusted_read - copy the sealed blob data to userspace in hex. 284 * On success, return to userspace the trusted key datablob size. 285 */ 286 static long trusted_read(const struct key *key, char *buffer, 287 size_t buflen) 288 { 289 const struct trusted_key_payload *p; 290 char *bufp; 291 int i; 292 293 p = dereference_key_locked(key); 294 if (!p) 295 return -EINVAL; 296 297 if (buffer && buflen >= 2 * p->blob_len) { 298 bufp = buffer; 299 for (i = 0; i < p->blob_len; i++) 300 bufp = hex_byte_pack(bufp, p->blob[i]); 301 } 302 return 2 * p->blob_len; 303 } 304 305 /* 306 * trusted_destroy - clear and free the key's payload 307 */ 308 static void trusted_destroy(struct key *key) 309 { 310 kfree_sensitive(key->payload.data[0]); 311 } 312 313 struct key_type key_type_trusted = { 314 .name = "trusted", 315 .instantiate = trusted_instantiate, 316 .update = trusted_update, 317 .destroy = trusted_destroy, 318 .describe = user_describe, 319 .read = trusted_read, 320 }; 321 EXPORT_SYMBOL_GPL(key_type_trusted); 322 323 static int kernel_get_random(unsigned char *key, size_t key_len) 324 { 325 return get_random_bytes_wait(key, key_len) ?: key_len; 326 } 327 328 static int __init init_trusted(void) 329 { 330 int (*get_random)(unsigned char *key, size_t key_len); 331 int i, ret = 0; 332 333 for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) { 334 if (trusted_key_source && 335 strncmp(trusted_key_source, trusted_key_sources[i].name, 336 strlen(trusted_key_sources[i].name))) 337 continue; 338 339 /* 340 * We always support trusted.rng="kernel" and "default" as 341 * well as trusted.rng=$trusted.source if the trust source 342 * defines its own get_random callback. 343 */ 344 get_random = trusted_key_sources[i].ops->get_random; 345 if (trusted_rng && strcmp(trusted_rng, "default")) { 346 if (!strcmp(trusted_rng, "kernel")) { 347 get_random = kernel_get_random; 348 } else if (strcmp(trusted_rng, trusted_key_sources[i].name) || 349 !get_random) { 350 pr_warn("Unsupported RNG. Supported: kernel"); 351 if (get_random) 352 pr_cont(", %s", trusted_key_sources[i].name); 353 pr_cont(", default\n"); 354 return -EINVAL; 355 } 356 } 357 358 if (!get_random) 359 get_random = kernel_get_random; 360 361 static_call_update(trusted_key_seal, 362 trusted_key_sources[i].ops->seal); 363 static_call_update(trusted_key_unseal, 364 trusted_key_sources[i].ops->unseal); 365 static_call_update(trusted_key_get_random, 366 get_random); 367 trusted_key_exit = trusted_key_sources[i].ops->exit; 368 migratable = trusted_key_sources[i].ops->migratable; 369 370 ret = trusted_key_sources[i].ops->init(); 371 if (!ret) 372 break; 373 } 374 375 /* 376 * encrypted_keys.ko depends on successful load of this module even if 377 * trusted key implementation is not found. 378 */ 379 if (ret == -ENODEV) 380 return 0; 381 382 return ret; 383 } 384 385 static void __exit cleanup_trusted(void) 386 { 387 if (trusted_key_exit) 388 (*trusted_key_exit)(); 389 } 390 391 late_initcall(init_trusted); 392 module_exit(cleanup_trusted); 393 394 MODULE_LICENSE("GPL"); 395