KEYS: asym_tpm: add skeleton for asym_tpm [ver #2]

This patch adds the basic skeleton for the asym_tpm asymmetric key subtype. Signed-off-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: James Morris <james.morris@microsoft.com>
author: Denis Kenzior <denkenz@gmail.com> 2018-10-09 12:48:02 -0400
committer: James Morris <james.morris@microsoft.com> 2018-10-26 04:30:46 -0400
commit: 903be6bb84c544551150a6f5aab9fda1ed9a6895 (patch)
tree: 6f928c9ef96fc34d19b6041ece54a5a30cfe7ae4
parent: b3a8c8a5ebb5b4c3eb7b104364e63c453cc85f14 (diff)
4 files changed, 118 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 66a7dad7ed3d..b75555c7d8ae 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -21,6 +21,17 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
          appropriate hash algorithms (such as SHA-1) must be available.
          ENOPKG will be reported if the requisite algorithm is unavailable.
+config ASYMMETRIC_TPM_KEY_SUBTYPE
+        tristate "Asymmetric TPM backed private key subtype"
+        depends on TCG_TPM
+        select CRYPTO_HMAC
+        select CRYPTO_SHA1
+        select CRYPTO_HASH_INFO
+        help
+          This option provides support for TPM backed private key type handling.
+          Operations such as sign, verify, encrypt, decrypt are performed by
+          the TPM after the private key is loaded.
 config X509_CERTIFICATE_PARSER
        tristate "X.509 certificate parser"
        depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index c38424f55b08..73fbe650ff1d 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -11,6 +11,7 @@ asymmetric_keys-y := \
        signature.o
 obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o
 #
 # X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
new file mode 100644
index 000000000000..d0b2b97e8e54
--- /dev/null
+++ b/crypto/asymmetric_keys/asym_tpm.c
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: GPL-2.0
+#define pr_fmt(fmt) "ASYM-TPM: "fmt
+#include <linux/slab.h>
+#include <linux/module.h>
+#include <linux/export.h>
+#include <linux/kernel.h>
+#include <linux/seq_file.h>
+#include <linux/scatterlist.h>
+#include <linux/tpm.h>
+#include <keys/asymmetric-subtype.h>
+#include <crypto/asym_tpm_subtype.h>
+/*
+ * Provide a part of a description of the key for /proc/keys.
+ */
+static void asym_tpm_describe(const struct key *asymmetric_key,
+                              struct seq_file *m)
+{
+        struct tpm_key *tk = asymmetric_key->payload.data[asym_crypto];
+        if (!tk)
+                return;
+        seq_printf(m, "TPM1.2/Blob");
+}
+static void asym_tpm_destroy(void *payload0, void *payload3)
+{
+        struct tpm_key *tk = payload0;
+        if (!tk)
+                return;
+        kfree(tk->blob);
+        tk->blob_len = 0;
+        kfree(tk);
+}
+/* Given the blob, parse it and load it into the TPM */
+struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len)
+{
+        int r;
+        struct tpm_key *tk;
+        r = tpm_is_tpm2(NULL);
+        if (r < 0)
+                goto error;
+        /* We don't support TPM2 yet */
+        if (r > 0) {
+                r = -ENODEV;
+                goto error;
+        }
+        r = -ENOMEM;
+        tk = kzalloc(sizeof(struct tpm_key), GFP_KERNEL);
+        if (!tk)
+                goto error;
+        tk->blob = kmemdup(blob, blob_len, GFP_KERNEL);
+        if (!tk->blob)
+                goto error_memdup;
+        tk->blob_len = blob_len;
+        return tk;
+error_memdup:
+        kfree(tk);
+error:
+        return ERR_PTR(r);
+}
+EXPORT_SYMBOL_GPL(tpm_key_create);
+/*
+ * TPM-based asymmetric key subtype
+ */
+struct asymmetric_key_subtype asym_tpm_subtype = {
+        .owner                  = THIS_MODULE,
+        .name                   = "asym_tpm",
+        .name_len               = sizeof("asym_tpm") - 1,
+        .describe               = asym_tpm_describe,
+        .destroy                = asym_tpm_destroy,
+};
+EXPORT_SYMBOL_GPL(asym_tpm_subtype);
+MODULE_DESCRIPTION("TPM based asymmetric key subtype");
+MODULE_AUTHOR("Intel Corporation");
+MODULE_LICENSE("GPL v2");
diff --git a/include/crypto/asym_tpm_subtype.h b/include/crypto/asym_tpm_subtype.h
new file mode 100644
index 000000000000..03550b850998
--- /dev/null
+++ b/include/crypto/asym_tpm_subtype.h
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: GPL-2.0
+#ifndef _LINUX_ASYM_TPM_SUBTYPE_H
+#define _LINUX_ASYM_TPM_SUBTYPE_H
+#include <linux/keyctl.h>
+struct tpm_key {
+        void *blob;
+        u32 blob_len;
+};
+struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len);
+extern struct asymmetric_key_subtype asym_tpm_subtype;
+#endif /* _LINUX_ASYM_TPM_SUBTYPE_H */
author	Denis Kenzior <denkenz@gmail.com>	2018-10-09 12:48:02 -0400
committer	James Morris <james.morris@microsoft.com>	2018-10-26 04:30:46 -0400
commit	903be6bb84c544551150a6f5aab9fda1ed9a6895 (patch)
tree	6f928c9ef96fc34d19b6041ece54a5a30cfe7ae4
parent	b3a8c8a5ebb5b4c3eb7b104364e63c453cc85f14 (diff)

diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index 66a7dad7ed3d..b75555c7d8ae 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig
@@ -21,6 +21,17 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
21	appropriate hash algorithms (such as SHA-1) must be available.	21	appropriate hash algorithms (such as SHA-1) must be available.
22	ENOPKG will be reported if the requisite algorithm is unavailable.	22	ENOPKG will be reported if the requisite algorithm is unavailable.
23		23
		24	config ASYMMETRIC_TPM_KEY_SUBTYPE
		25	tristate "Asymmetric TPM backed private key subtype"
		26	depends on TCG_TPM
		27	select CRYPTO_HMAC
		28	select CRYPTO_SHA1
		29	select CRYPTO_HASH_INFO
		30	help
		31	This option provides support for TPM backed private key type handling.
		32	Operations such as sign, verify, encrypt, decrypt are performed by
		33	the TPM after the private key is loaded.
		34
24	config X509_CERTIFICATE_PARSER	35	config X509_CERTIFICATE_PARSER
25	tristate "X.509 certificate parser"	36	tristate "X.509 certificate parser"
26	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE	37	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE


diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index c38424f55b08..73fbe650ff1d 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile
@@ -11,6 +11,7 @@ asymmetric_keys-y := \
11	signature.o	11	signature.o
12		12
13	obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o	13	obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
		14	obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o
14		15
15	#	16	#
16	# X.509 Certificate handling	17	# X.509 Certificate handling


diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c new file mode 100644 index 000000000000..d0b2b97e8e54 --- /dev/null +++ b/crypto/asymmetric_keys/asym_tpm.c
@@ -0,0 +1,90 @@
		1	// SPDX-License-Identifier: GPL-2.0
		2	#define pr_fmt(fmt) "ASYM-TPM: "fmt
		3	#include <linux/slab.h>
		4	#include <linux/module.h>
		5	#include <linux/export.h>
		6	#include <linux/kernel.h>
		7	#include <linux/seq_file.h>
		8	#include <linux/scatterlist.h>
		9	#include <linux/tpm.h>
		10	#include <keys/asymmetric-subtype.h>
		11	#include <crypto/asym_tpm_subtype.h>
		12
		13	/*
		14	* Provide a part of a description of the key for /proc/keys.
		15	*/
		16	static void asym_tpm_describe(const struct key *asymmetric_key,
		17	struct seq_file *m)
		18	{
		19	struct tpm_key *tk = asymmetric_key->payload.data[asym_crypto];
		20
		21	if (!tk)
		22	return;
		23
		24	seq_printf(m, "TPM1.2/Blob");
		25	}
		26
		27	static void asym_tpm_destroy(void payload0, void payload3)
		28	{
		29	struct tpm_key *tk = payload0;
		30
		31	if (!tk)
		32	return;
		33
		34	kfree(tk->blob);
		35	tk->blob_len = 0;
		36
		37	kfree(tk);
		38	}
		39
		40	/* Given the blob, parse it and load it into the TPM */
		41	struct tpm_key tpm_key_create(const void blob, uint32_t blob_len)
		42	{
		43	int r;
		44	struct tpm_key *tk;
		45
		46	r = tpm_is_tpm2(NULL);
		47	if (r < 0)
		48	goto error;
		49
		50	/* We don't support TPM2 yet */
		51	if (r > 0) {
		52	r = -ENODEV;
		53	goto error;
		54	}
		55
		56	r = -ENOMEM;
		57	tk = kzalloc(sizeof(struct tpm_key), GFP_KERNEL);
		58	if (!tk)
		59	goto error;
		60
		61	tk->blob = kmemdup(blob, blob_len, GFP_KERNEL);
		62	if (!tk->blob)
		63	goto error_memdup;
		64
		65	tk->blob_len = blob_len;
		66
		67	return tk;
		68
		69	error_memdup:
		70	kfree(tk);
		71	error:
		72	return ERR_PTR(r);
		73	}
		74	EXPORT_SYMBOL_GPL(tpm_key_create);
		75
		76	/*
		77	* TPM-based asymmetric key subtype
		78	*/
		79	struct asymmetric_key_subtype asym_tpm_subtype = {
		80	.owner = THIS_MODULE,
		81	.name = "asym_tpm",
		82	.name_len = sizeof("asym_tpm") - 1,
		83	.describe = asym_tpm_describe,
		84	.destroy = asym_tpm_destroy,
		85	};
		86	EXPORT_SYMBOL_GPL(asym_tpm_subtype);
		87
		88	MODULE_DESCRIPTION("TPM based asymmetric key subtype");
		89	MODULE_AUTHOR("Intel Corporation");
		90	MODULE_LICENSE("GPL v2");


diff --git a/include/crypto/asym_tpm_subtype.h b/include/crypto/asym_tpm_subtype.h new file mode 100644 index 000000000000..03550b850998 --- /dev/null +++ b/include/crypto/asym_tpm_subtype.h
@@ -0,0 +1,16 @@
		1	// SPDX-License-Identifier: GPL-2.0
		2	#ifndef _LINUX_ASYM_TPM_SUBTYPE_H
		3	#define _LINUX_ASYM_TPM_SUBTYPE_H
		4
		5	#include <linux/keyctl.h>
		6
		7	struct tpm_key {
		8	void *blob;
		9	u32 blob_len;
		10	};
		11
		12	struct tpm_key tpm_key_create(const void blob, uint32_t blob_len);
		13
		14	extern struct asymmetric_key_subtype asym_tpm_subtype;
		15
		16	#endif /* _LINUX_ASYM_TPM_SUBTYPE_H */