--- v4
+++ v9
@@ -1,27 +1,75 @@
Current trusted keys framework is tightly coupled to use TPM device as
an underlying implementation which makes it difficult for implementations
-like Trusted Execution Environment (TEE) etc. to provide trusked keys
+like Trusted Execution Environment (TEE) etc. to provide trusted keys
support in case platform doesn't posses a TPM device.
-So this patch tries to add generic trusted keys framework where underlying
-implemtations like TPM, TEE etc. could be easily plugged-in.
+Add a generic trusted keys framework where underlying implementations
+can be easily plugged in. Create struct trusted_key_ops to achieve this,
+which contains necessary functions of a backend.
+
+Also, define a module parameter in order to select a particular trust
+source in case a platform support multiple trust sources. In case its
+not specified then implementation itetrates through trust sources list
+starting with TPM and assign the first trust source as a backend which
+has initiazed successfully during iteration.
+
+Note that current implementation only supports a single trust source at
+runtime which is either selectable at compile time or during boot via
+aforementioned module parameter.
Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
---
- include/keys/trusted-type.h | 45 ++++
- include/keys/trusted_tpm.h | 15 --
- security/keys/trusted-keys/Makefile | 1 +
- security/keys/trusted-keys/trusted_common.c | 333 +++++++++++++++++++++++++++
- security/keys/trusted-keys/trusted_tpm1.c | 335 +++++-----------------------
- 5 files changed, 437 insertions(+), 292 deletions(-)
- create mode 100644 security/keys/trusted-keys/trusted_common.c
+ .../admin-guide/kernel-parameters.txt | 12 +
+ include/keys/trusted-type.h | 53 +++
+ include/keys/trusted_tpm.h | 29 +-
+ security/keys/trusted-keys/Makefile | 1 +
+ security/keys/trusted-keys/trusted_core.c | 354 +++++++++++++++++
+ security/keys/trusted-keys/trusted_tpm1.c | 366 ++++--------------
+ 6 files changed, 497 insertions(+), 318 deletions(-)
+ create mode 100644 security/keys/trusted-keys/trusted_core.c
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index 0ac883777318..fbc828994b06 100644
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -5459,6 +5459,18 @@
+ See Documentation/admin-guide/mm/transhuge.rst
+ for more details.
+
++ trusted.source= [KEYS]
++ Format: <string>
++ This parameter identifies the trust source as a backend
++ for trusted keys implementation. Supported trust
++ sources:
++ - "tpm"
++ - "tee"
++ If not specified then it defaults to iterating through
++ the trust source list starting with TPM and assigns the
++ first trust source as a backend which is initialized
++ successfully during iteration.
++
+ tsc= Disable clocksource stability checks for TSC.
+ Format: <string>
+ [x86] reliable: mark tsc clocksource as reliable, this
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
-index a94c03a..5559010 100644
+index a94c03a61d8f..24016898ca41 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
-@@ -40,6 +40,51 @@ struct trusted_key_options {
+@@ -11,6 +11,12 @@
+ #include <linux/rcupdate.h>
+ #include <linux/tpm.h>
+
++#ifdef pr_fmt
++#undef pr_fmt
++#endif
++
++#define pr_fmt(fmt) "trusted_key: " fmt
++
+ #define MIN_KEY_SIZE 32
+ #define MAX_KEY_SIZE 128
+ #define MAX_BLOB_SIZE 512
+@@ -40,6 +46,53 @@ struct trusted_key_options {
uint32_t policyhandle;
};
@@ -32,52 +80,75 @@
+ */
+ unsigned char migratable;
+
-+ /* trusted key init */
++ /* Initialize key interface. */
+ int (*init)(void);
+
-+ /* seal a trusted key */
++ /* Seal a key. */
+ int (*seal)(struct trusted_key_payload *p, char *datablob);
+
-+ /* unseal a trusted key */
++ /* Unseal a key. */
+ int (*unseal)(struct trusted_key_payload *p, char *datablob);
+
-+ /* get random trusted key */
++ /* Get a randomized key. */
+ int (*get_random)(unsigned char *key, size_t key_len);
+
-+ /* trusted key cleanup */
-+ void (*cleanup)(void);
++ /* Exit key interface. */
++ void (*exit)(void);
+};
+
++struct trusted_key_source {
++ char *name;
++ struct trusted_key_ops *ops;
++};
++
extern struct key_type key_type_trusted;
-+#if defined(CONFIG_TCG_TPM)
-+extern struct trusted_key_ops tpm_trusted_key_ops;
-+#endif
-+
+
+#define TRUSTED_DEBUG 0
+
+#if TRUSTED_DEBUG
+static inline void dump_payload(struct trusted_key_payload *p)
+{
-+ pr_info("trusted_key: key_len %d\n", p->key_len);
++ pr_info("key_len %d\n", p->key_len);
+ print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
+ 16, 1, p->key, p->key_len, 0);
-+ pr_info("trusted_key: bloblen %d\n", p->blob_len);
++ pr_info("bloblen %d\n", p->blob_len);
+ print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
+ 16, 1, p->blob, p->blob_len, 0);
-+ pr_info("trusted_key: migratable %d\n", p->migratable);
++ pr_info("migratable %d\n", p->migratable);
+}
+#else
+static inline void dump_payload(struct trusted_key_payload *p)
+{
+}
+#endif
-
++
#endif /* _KEYS_TRUSTED_TYPE_H */
diff --git a/include/keys/trusted_tpm.h b/include/keys/trusted_tpm.h
-index a56d8e1..5753231 100644
+index a56d8e1298f2..7769b726863a 100644
--- a/include/keys/trusted_tpm.h
+++ b/include/keys/trusted_tpm.h
-@@ -60,17 +60,6 @@ static inline void dump_options(struct trusted_key_options *o)
+@@ -16,6 +16,8 @@
+ #define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset])
+ #define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset]))
+
++extern struct trusted_key_ops trusted_key_tpm_ops;
++
+ struct osapsess {
+ uint32_t handle;
+ unsigned char secret[SHA1_DIGEST_SIZE];
+@@ -52,30 +54,19 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
+ #if TPM_DEBUG
+ static inline void dump_options(struct trusted_key_options *o)
+ {
+- pr_info("trusted_key: sealing key type %d\n", o->keytype);
+- pr_info("trusted_key: sealing key handle %0X\n", o->keyhandle);
+- pr_info("trusted_key: pcrlock %d\n", o->pcrlock);
+- pr_info("trusted_key: pcrinfo %d\n", o->pcrinfo_len);
++ pr_info("sealing key type %d\n", o->keytype);
++ pr_info("sealing key handle %0X\n", o->keyhandle);
++ pr_info("pcrlock %d\n", o->pcrlock);
++ pr_info("pcrinfo %d\n", o->pcrinfo_len);
+ print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
16, 1, o->pcrinfo, o->pcrinfo_len, 0);
}
@@ -95,7 +166,22 @@
static inline void dump_sess(struct osapsess *s)
{
print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE,
-@@ -96,10 +85,6 @@ static inline void dump_options(struct trusted_key_options *o)
+ 16, 1, &s->handle, 4, 0);
+- pr_info("trusted-key: secret:\n");
++ pr_info("secret:\n");
+ print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
+ 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
+ pr_info("trusted-key: enonce:\n");
+@@ -87,7 +78,7 @@ static inline void dump_tpm_buf(unsigned char *buf)
+ {
+ int len;
+
+- pr_info("\ntrusted-key: tpm buffer\n");
++ pr_info("\ntpm buffer\n");
+ len = LOAD32(buf, TPM_SIZE_OFFSET);
+ print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
+ }
+@@ -96,10 +87,6 @@ static inline void dump_options(struct trusted_key_options *o)
{
}
@@ -107,36 +193,33 @@
{
}
diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile
-index 7b73ceb..2b1085b 100644
+index 7b73cebbb378..49e3bcfe704f 100644
--- a/security/keys/trusted-keys/Makefile
+++ b/security/keys/trusted-keys/Makefile
@@ -4,5 +4,6 @@
#
obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
-+trusted-y += trusted_common.o
++trusted-y += trusted_core.o
trusted-y += trusted_tpm1.o
trusted-y += trusted_tpm2.o
-diff --git a/security/keys/trusted-keys/trusted_common.c b/security/keys/trusted-keys/trusted_common.c
+diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
new file mode 100644
-index 0000000..9bfd081
+index 000000000000..0db86b44605d
--- /dev/null
-+++ b/security/keys/trusted-keys/trusted_common.c
-@@ -0,0 +1,333 @@
++++ b/security/keys/trusted-keys/trusted_core.c
+@@ -0,0 +1,354 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2010 IBM Corporation
-+ * Copyright (c) 2019, Linaro Limited
-+ *
-+ * Author:
-+ * David Safford <safford@us.ibm.com>
-+ * Added generic trusted key framework: Sumit Garg <sumit.garg@linaro.org>
++ * Copyright (c) 2019-2021, Linaro Limited
+ *
+ * See Documentation/security/keys/trusted-encrypted.rst
+ */
+
+#include <keys/user-type.h>
+#include <keys/trusted-type.h>
++#include <keys/trusted_tpm.h>
+#include <linux/capability.h>
+#include <linux/err.h>
+#include <linux/init.h>
@@ -145,15 +228,28 @@
+#include <linux/parser.h>
+#include <linux/rcupdate.h>
+#include <linux/slab.h>
++#include <linux/static_call.h>
+#include <linux/string.h>
+#include <linux/uaccess.h>
+
-+static struct trusted_key_ops *available_tk_ops[] = {
++static char *trusted_key_source;
++module_param_named(source, trusted_key_source, charp, 0);
++MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
++
++static const struct trusted_key_source trusted_key_sources[] = {
+#if defined(CONFIG_TCG_TPM)
-+ &tpm_trusted_key_ops,
++ { "tpm", &trusted_key_tpm_ops },
+#endif
+};
-+static struct trusted_key_ops *tk_ops;
++
++DEFINE_STATIC_CALL_NULL(trusted_key_init, *trusted_key_sources[0].ops->init);
++DEFINE_STATIC_CALL_NULL(trusted_key_seal, *trusted_key_sources[0].ops->seal);
++DEFINE_STATIC_CALL_NULL(trusted_key_unseal,
++ *trusted_key_sources[0].ops->unseal);
++DEFINE_STATIC_CALL_NULL(trusted_key_get_random,
++ *trusted_key_sources[0].ops->get_random);
++DEFINE_STATIC_CALL_NULL(trusted_key_exit, *trusted_key_sources[0].ops->exit);
++static unsigned char migratable;
+
+enum {
+ Opt_err,
@@ -230,7 +326,7 @@
+ return p;
+ p = kzalloc(sizeof(*p), GFP_KERNEL);
+
-+ p->migratable = tk_ops->migratable;
++ p->migratable = migratable;
+
+ return p;
+}
@@ -279,32 +375,37 @@
+
+ switch (key_cmd) {
+ case Opt_load:
-+ ret = tk_ops->unseal(payload, datablob);
++ ret = static_call(trusted_key_unseal)(payload, datablob);
+ dump_payload(payload);
+ if (ret < 0)
-+ pr_info("trusted_key: key_unseal failed (%d)\n", ret);
++ pr_info("key_unseal failed (%d)\n", ret);
+ break;
+ case Opt_new:
+ key_len = payload->key_len;
-+ ret = tk_ops->get_random(payload->key, key_len);
++ ret = static_call(trusted_key_get_random)(payload->key,
++ key_len);
++ if (ret < 0)
++ goto out;
++
+ if (ret != key_len) {
-+ pr_info("trusted_key: key_create failed (%d)\n", ret);
++ pr_info("key_create failed (%d)\n", ret);
++ ret = -EIO;
+ goto out;
+ }
+
-+ ret = tk_ops->seal(payload, datablob);
++ ret = static_call(trusted_key_seal)(payload, datablob);
+ if (ret < 0)
-+ pr_info("trusted_key: key_seal failed (%d)\n", ret);
++ pr_info("key_seal failed (%d)\n", ret);
+ break;
+ default:
+ ret = -EINVAL;
+ }
+out:
-+ kzfree(datablob);
++ kfree_sensitive(datablob);
+ if (!ret)
+ rcu_assign_keypointer(key, payload);
+ else
-+ kzfree(payload);
++ kfree_sensitive(payload);
+ return ret;
+}
+
@@ -313,7 +414,7 @@
+ struct trusted_key_payload *p;
+
+ p = container_of(rcu, struct trusted_key_payload, rcu);
-+ kzfree(p);
++ kfree_sensitive(p);
+}
+
+/*
@@ -350,7 +451,7 @@
+ ret = datablob_parse(datablob, new_p);
+ if (ret != Opt_update) {
+ ret = -EINVAL;
-+ kzfree(new_p);
++ kfree_sensitive(new_p);
+ goto out;
+ }
+
@@ -361,17 +462,17 @@
+ dump_payload(p);
+ dump_payload(new_p);
+
-+ ret = tk_ops->seal(new_p, datablob);
++ ret = static_call(trusted_key_seal)(new_p, datablob);
+ if (ret < 0) {
-+ pr_info("trusted_key: key_seal failed (%d)\n", ret);
-+ kzfree(new_p);
++ pr_info("key_seal failed (%d)\n", ret);
++ kfree_sensitive(new_p);
+ goto out;
+ }
+
+ rcu_assign_keypointer(key, new_p);
+ call_rcu(&p->rcu, trusted_rcu_free);
+out:
-+ kzfree(datablob);
++ kfree_sensitive(datablob);
+ return ret;
+}
+
@@ -403,7 +504,7 @@
+ */
+static void trusted_destroy(struct key *key)
+{
-+ kzfree(key->payload.data[0]);
++ kfree_sensitive(key->payload.data[0]);
+}
+
+struct key_type key_type_trusted = {
@@ -420,20 +521,27 @@
+{
+ int i, ret = 0;
+
-+ for (i = 0; i < sizeof(available_tk_ops); i++) {
-+ tk_ops = available_tk_ops[i];
-+
-+ if (!(tk_ops && tk_ops->init && tk_ops->seal &&
-+ tk_ops->unseal && tk_ops->get_random))
++ for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
++ if (trusted_key_source &&
++ strncmp(trusted_key_source, trusted_key_sources[i].name,
++ strlen(trusted_key_sources[i].name)))
+ continue;
+
-+ ret = tk_ops->init();
-+ if (ret) {
-+ if (tk_ops->cleanup)
-+ tk_ops->cleanup();
-+ } else {
++ static_call_update(trusted_key_init,
++ trusted_key_sources[i].ops->init);
++ static_call_update(trusted_key_seal,
++ trusted_key_sources[i].ops->seal);
++ static_call_update(trusted_key_unseal,
++ trusted_key_sources[i].ops->unseal);
++ static_call_update(trusted_key_get_random,
++ trusted_key_sources[i].ops->get_random);
++ static_call_update(trusted_key_exit,
++ trusted_key_sources[i].ops->exit);
++ migratable = trusted_key_sources[i].ops->migratable;
++
++ ret = static_call(trusted_key_init)();
++ if (!ret)
+ break;
-+ }
+ }
+
+ /*
@@ -448,8 +556,7 @@
+
+static void __exit cleanup_trusted(void)
+{
-+ if (tk_ops->cleanup)
-+ tk_ops->cleanup();
++ static_call(trusted_key_exit)();
+}
+
+late_initcall(init_trusted);
@@ -457,18 +564,17 @@
+
+MODULE_LICENSE("GPL");
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
-index 8001ab0..32fd1ea 100644
+index 493eb91ed017..99172af30d27 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
-@@ -1,29 +1,26 @@
+@@ -1,29 +1,22 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (C) 2010 IBM Corporation
-+ * Copyright (c) 2019, Linaro Limited
- *
- * Author:
- * David Safford <safford@us.ibm.com>
-+ * Switch to generic trusted key framework: Sumit Garg <sumit.garg@linaro.org>
+- *
+- * Author:
+- * David Safford <safford@us.ibm.com>
++ * Copyright (c) 2019-2021, Linaro Limited
*
* See Documentation/security/keys/trusted-encrypted.rst
*/
@@ -487,12 +593,117 @@
-#include <linux/rcupdate.h>
#include <linux/crypto.h>
#include <crypto/hash.h>
- #include <crypto/sha.h>
+ #include <crypto/sha1.h>
-#include <linux/capability.h>
#include <linux/tpm.h>
#include <linux/tpm_command.h>
-@@ -703,7 +700,6 @@ static int key_unseal(struct trusted_key_payload *p,
+@@ -63,7 +56,7 @@ static int TSS_sha1(const unsigned char *data, unsigned int datalen,
+
+ sdesc = init_sdesc(hashalg);
+ if (IS_ERR(sdesc)) {
+- pr_info("trusted_key: can't alloc %s\n", hash_alg);
++ pr_info("can't alloc %s\n", hash_alg);
+ return PTR_ERR(sdesc);
+ }
+
+@@ -83,7 +76,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
+
+ sdesc = init_sdesc(hmacalg);
+ if (IS_ERR(sdesc)) {
+- pr_info("trusted_key: can't alloc %s\n", hmac_alg);
++ pr_info("can't alloc %s\n", hmac_alg);
+ return PTR_ERR(sdesc);
+ }
+
+@@ -136,7 +129,7 @@ int TSS_authhmac(unsigned char *digest, const unsigned char *key,
+
+ sdesc = init_sdesc(hashalg);
+ if (IS_ERR(sdesc)) {
+- pr_info("trusted_key: can't alloc %s\n", hash_alg);
++ pr_info("can't alloc %s\n", hash_alg);
+ return PTR_ERR(sdesc);
+ }
+
+@@ -212,7 +205,7 @@ int TSS_checkhmac1(unsigned char *buffer,
+
+ sdesc = init_sdesc(hashalg);
+ if (IS_ERR(sdesc)) {
+- pr_info("trusted_key: can't alloc %s\n", hash_alg);
++ pr_info("can't alloc %s\n", hash_alg);
+ return PTR_ERR(sdesc);
+ }
+ ret = crypto_shash_init(&sdesc->shash);
+@@ -305,7 +298,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
+
+ sdesc = init_sdesc(hashalg);
+ if (IS_ERR(sdesc)) {
+- pr_info("trusted_key: can't alloc %s\n", hash_alg);
++ pr_info("can't alloc %s\n", hash_alg);
+ return PTR_ERR(sdesc);
+ }
+ ret = crypto_shash_init(&sdesc->shash);
+@@ -597,12 +590,12 @@ static int tpm_unseal(struct tpm_buf *tb,
+ /* sessions for unsealing key and data */
+ ret = oiap(tb, &authhandle1, enonce1);
+ if (ret < 0) {
+- pr_info("trusted_key: oiap failed (%d)\n", ret);
++ pr_info("oiap failed (%d)\n", ret);
+ return ret;
+ }
+ ret = oiap(tb, &authhandle2, enonce2);
+ if (ret < 0) {
+- pr_info("trusted_key: oiap failed (%d)\n", ret);
++ pr_info("oiap failed (%d)\n", ret);
+ return ret;
+ }
+
+@@ -612,7 +605,7 @@ static int tpm_unseal(struct tpm_buf *tb,
+ return ret;
+
+ if (ret != TPM_NONCE_SIZE) {
+- pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
++ pr_info("tpm_get_random failed (%d)\n", ret);
+ return -EIO;
+ }
+ ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE,
+@@ -641,7 +634,7 @@ static int tpm_unseal(struct tpm_buf *tb,
+
+ ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+ if (ret < 0) {
+- pr_info("trusted_key: authhmac failed (%d)\n", ret);
++ pr_info("authhmac failed (%d)\n", ret);
+ return ret;
+ }
+
+@@ -653,7 +646,7 @@ static int tpm_unseal(struct tpm_buf *tb,
+ *datalen, TPM_DATA_OFFSET + sizeof(uint32_t), 0,
+ 0);
+ if (ret < 0) {
+- pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret);
++ pr_info("TSS_checkhmac2 failed (%d)\n", ret);
+ return ret;
+ }
+ memcpy(data, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t), *datalen);
+@@ -680,7 +673,7 @@ static int key_seal(struct trusted_key_payload *p,
+ p->key, p->key_len + 1, p->blob, &p->blob_len,
+ o->blobauth, o->pcrinfo, o->pcrinfo_len);
+ if (ret < 0)
+- pr_info("trusted_key: srkseal failed (%d)\n", ret);
++ pr_info("srkseal failed (%d)\n", ret);
+
+ tpm_buf_destroy(&tb);
+ return ret;
+@@ -702,7 +695,7 @@ static int key_unseal(struct trusted_key_payload *p,
+ ret = tpm_unseal(&tb, o->keyhandle, o->keyauth, p->blob, p->blob_len,
+ o->blobauth, p->key, &p->key_len);
+ if (ret < 0)
+- pr_info("trusted_key: srkunseal failed (%d)\n", ret);
++ pr_info("srkunseal failed (%d)\n", ret);
+ else
+ /* pull migratable flag out of sealed key */
+ p->migratable = p->key[--p->key_len];
+@@ -713,7 +706,6 @@ static int key_unseal(struct trusted_key_payload *p,
enum {
Opt_err,
@@ -500,7 +711,7 @@
Opt_keyhandle, Opt_keyauth, Opt_blobauth,
Opt_pcrinfo, Opt_pcrlock, Opt_migratable,
Opt_hash,
-@@ -712,9 +708,6 @@ enum {
+@@ -722,9 +714,6 @@ enum {
};
static const match_table_t key_tokens = {
@@ -510,7 +721,16 @@
{Opt_keyhandle, "keyhandle=%s"},
{Opt_keyauth, "keyauth=%s"},
{Opt_blobauth, "blobauth=%s"},
-@@ -841,71 +834,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
+@@ -822,7 +811,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
+ if (i == HASH_ALGO__LAST)
+ return -EINVAL;
+ if (!tpm2 && i != HASH_ALGO_SHA1) {
+- pr_info("trusted_key: TPM 1.x only supports SHA-1.\n");
++ pr_info("TPM 1.x only supports SHA-1.\n");
+ return -EINVAL;
+ }
+ break;
+@@ -851,71 +840,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
return 0;
}
@@ -582,12 +802,12 @@
static struct trusted_key_options *trusted_options_alloc(void)
{
struct trusted_key_options *options;
-@@ -926,248 +854,99 @@ static struct trusted_key_options *trusted_options_alloc(void)
+@@ -936,252 +860,99 @@ static struct trusted_key_options *trusted_options_alloc(void)
return options;
}
-static struct trusted_key_payload *trusted_payload_alloc(struct key *key)
-+static int tpm_tk_seal(struct trusted_key_payload *p, char *datablob)
++static int trusted_tpm_seal(struct trusted_key_payload *p, char *datablob)
{
- struct trusted_key_payload *p = NULL;
- int ret;
@@ -664,15 +884,7 @@
- dump_payload(payload);
- dump_options(options);
-+ if (tpm2)
-+ ret = tpm2_seal_trusted(chip, p, options);
-+ else
-+ ret = key_seal(p, options);
-+ if (ret < 0) {
-+ pr_info("tpm_trusted_key: key_seal failed (%d)\n", ret);
-+ goto out;
-+ }
-
+-
- switch (key_cmd) {
- case Opt_load:
- if (tpm2)
@@ -687,12 +899,24 @@
- case Opt_new:
- key_len = payload->key_len;
- ret = tpm_get_random(chip, payload->key, key_len);
+- if (ret < 0)
+- goto out;
++ if (tpm2)
++ ret = tpm2_seal_trusted(chip, p, options);
++ else
++ ret = key_seal(p, options);
++ if (ret < 0) {
++ pr_info("key_seal failed (%d)\n", ret);
++ goto out;
++ }
+
- if (ret != key_len) {
- pr_info("trusted_key: key_create failed (%d)\n", ret);
+- ret = -EIO;
+ if (options->pcrlock) {
+ ret = pcrlock(options->pcrlock);
+ if (ret < 0) {
-+ pr_info("tpm_trusted_key: pcrlock failed (%d)\n", ret);
++ pr_info("pcrlock failed (%d)\n", ret);
goto out;
}
- if (tpm2)
@@ -709,29 +933,29 @@
- if (!ret && options->pcrlock)
- ret = pcrlock(options->pcrlock);
out:
-- kzfree(datablob);
- kzfree(options);
+- kfree_sensitive(datablob);
+ kfree_sensitive(options);
- if (!ret)
- rcu_assign_keypointer(key, payload);
- else
-- kzfree(payload);
+- kfree_sensitive(payload);
return ret;
}
-static void trusted_rcu_free(struct rcu_head *rcu)
-+static int tpm_tk_unseal(struct trusted_key_payload *p, char *datablob)
- {
+-{
- struct trusted_key_payload *p;
-
- p = container_of(rcu, struct trusted_key_payload, rcu);
-- kzfree(p);
+- kfree_sensitive(p);
-}
-
-/*
- * trusted_update - reseal an existing key with new PCR values
- */
-static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
--{
++static int trusted_tpm_unseal(struct trusted_key_payload *p, char *datablob)
+ {
- struct trusted_key_payload *p;
- struct trusted_key_payload *new_p;
- struct trusted_key_options *new_o;
@@ -773,7 +997,7 @@
- ret = datablob_parse(datablob, new_p, new_o);
- if (ret != Opt_update) {
- ret = -EINVAL;
-- kzfree(new_p);
+- kfree_sensitive(new_p);
+ ret = getoptions(datablob, p, options);
+ if (ret < 0)
goto out;
@@ -783,7 +1007,7 @@
- if (!new_o->keyhandle) {
+ if (!options->keyhandle) {
ret = -EINVAL;
-- kzfree(new_p);
+- kfree_sensitive(new_p);
goto out;
}
@@ -798,12 +1022,12 @@
+ else
+ ret = key_unseal(p, options);
+ if (ret < 0)
-+ pr_info("tpm_trusted_key: key_unseal failed (%d)\n", ret);
++ pr_info("key_unseal failed (%d)\n", ret);
- ret = key_seal(new_p, new_o);
- if (ret < 0) {
- pr_info("trusted_key: key_seal failed (%d)\n", ret);
-- kzfree(new_p);
+- kfree_sensitive(new_p);
- goto out;
- }
- if (new_o->pcrlock) {
@@ -812,17 +1036,17 @@
+ ret = pcrlock(options->pcrlock);
if (ret < 0) {
- pr_info("trusted_key: pcrlock failed (%d)\n", ret);
-- kzfree(new_p);
-+ pr_info("tpm_trusted_key: pcrlock failed (%d)\n", ret);
+- kfree_sensitive(new_p);
++ pr_info("pcrlock failed (%d)\n", ret);
goto out;
}
}
- rcu_assign_keypointer(key, new_p);
- call_rcu(&p->rcu, trusted_rcu_free);
out:
-- kzfree(datablob);
-- kzfree(new_o);
-+ kzfree(options);
+- kfree_sensitive(datablob);
+- kfree_sensitive(new_o);
++ kfree_sensitive(options);
return ret;
}
@@ -832,7 +1056,8 @@
- */
-static long trusted_read(const struct key *key, char *buffer,
- size_t buflen)
--{
++static int trusted_tpm_get_random(unsigned char *key, size_t key_len)
+ {
- const struct trusted_key_payload *p;
- char *bufp;
- int i;
@@ -847,18 +1072,17 @@
- bufp = hex_byte_pack(bufp, p->blob[i]);
- }
- return 2 * p->blob_len;
--}
--
++ return tpm_get_random(chip, key, key_len);
+ }
+
-/*
- * trusted_destroy - clear and free the key's payload
- */
-static void trusted_destroy(struct key *key)
-+int tpm_tk_get_random(unsigned char *key, size_t key_len)
- {
-- kzfree(key->payload.data[0]);
-+ return tpm_get_random(chip, key, key_len);
- }
-
+-{
+- kfree_sensitive(key->payload.data[0]);
+-}
+-
-struct key_type key_type_trusted = {
- .name = "trusted",
- .instantiate = trusted_instantiate,
@@ -873,12 +1097,12 @@
static void trusted_shash_release(void)
{
if (hashalg)
-@@ -1182,14 +961,14 @@ static int __init trusted_shash_alloc(void)
+@@ -1196,14 +967,14 @@ static int __init trusted_shash_alloc(void)
hmacalg = crypto_alloc_shash(hmac_alg, 0, 0);
if (IS_ERR(hmacalg)) {
- pr_info("trusted_key: could not allocate crypto %s\n",
-+ pr_info("tpm_trusted_key: could not allocate crypto %s\n",
++ pr_info("could not allocate crypto %s\n",
hmac_alg);
return PTR_ERR(hmacalg);
}
@@ -886,16 +1110,16 @@
hashalg = crypto_alloc_shash(hash_alg, 0, 0);
if (IS_ERR(hashalg)) {
- pr_info("trusted_key: could not allocate crypto %s\n",
-+ pr_info("tpm_trusted_key: could not allocate crypto %s\n",
++ pr_info("could not allocate crypto %s\n",
hash_alg);
ret = PTR_ERR(hashalg);
goto hashalg_fail;
-@@ -1217,16 +996,13 @@ static int __init init_digests(void)
+@@ -1231,16 +1002,13 @@ static int __init init_digests(void)
return 0;
}
-static int __init init_trusted(void)
-+static int __init init_tpm_trusted(void)
++static int trusted_tpm_init(void)
{
int ret;
@@ -909,16 +1133,16 @@
ret = init_digests();
if (ret < 0)
-@@ -1247,7 +1023,7 @@ static int __init init_trusted(void)
+@@ -1261,7 +1029,7 @@ static int __init init_trusted(void)
return ret;
}
-static void __exit cleanup_trusted(void)
-+static void __exit cleanup_tpm_trusted(void)
++static void trusted_tpm_exit(void)
{
if (chip) {
put_device(&chip->dev);
-@@ -1257,7 +1033,12 @@ static void __exit cleanup_trusted(void)
+@@ -1271,7 +1039,11 @@ static void __exit cleanup_trusted(void)
}
}
@@ -926,17 +1150,16 @@
-module_exit(cleanup_trusted);
-
-MODULE_LICENSE("GPL");
-+struct trusted_key_ops tpm_trusted_key_ops = {
++struct trusted_key_ops trusted_key_tpm_ops = {
+ .migratable = 1, /* migratable by default */
-+ .init = init_tpm_trusted,
-+ .seal = tpm_tk_seal,
-+ .unseal = tpm_tk_unseal,
-+ .get_random = tpm_tk_get_random,
-+ .cleanup = cleanup_tpm_trusted,
++ .init = trusted_tpm_init,
++ .seal = trusted_tpm_seal,
++ .unseal = trusted_tpm_unseal,
++ .get_random = trusted_tpm_get_random,
++ .exit = trusted_tpm_exit,
+};
-+EXPORT_SYMBOL_GPL(tpm_trusted_key_ops);
--
-2.7.4
+2.25.1
_______________________________________________