Re: [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy

2015-12-14 Thread Mimi Zohar 
On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote:
> TPM2 supports authorization policies, which are essentially
> combinational logic statements repsenting the conditions where the data
> can be unsealed based on the TPM state. This patch enables to use
> authorization policies to seal trusted keys.
> 
> Two following new options have been added for trusted keys:
> 
> * 'policydigest=': provide an auth policy digest for sealing.
> * 'policyhandle=': provide a policy session handle for unsealing.
> 
> If 'hash=' option is supplied after 'policydigest=' option, this
> will result an error because the state of the option would become
> mixed.
> 
> Signed-off-by: Jarkko Sakkinen 
> Tested-by: Colin Ian King 
> ---
>  Documentation/security/keys-trusted-encrypted.txt | 34 
> +--
>  drivers/char/tpm/tpm2-cmd.c   | 24 +---
>  include/keys/trusted-type.h   |  4 +++
>  security/keys/trusted.c   | 26 +
>  4 files changed, 70 insertions(+), 18 deletions(-)
> 
> diff --git a/Documentation/security/keys-trusted-encrypted.txt 
> b/Documentation/security/keys-trusted-encrypted.txt
> index fd2565b..324ddf5 100644
> --- a/Documentation/security/keys-trusted-encrypted.txt
> +++ b/Documentation/security/keys-trusted-encrypted.txt
> @@ -27,20 +27,26 @@ Usage:
>  keyctl print keyid
> 
>  options:
> -   keyhandle= ascii hex value of sealing key default 0x4000 (SRK)
> -   keyauth=ascii hex auth for sealing key default 0x00...i
> -   (40 ascii zeros)
> -   blobauth=  ascii hex auth for sealed data default 0x00...
> -   (40 ascii zeros)
> -   blobauth=  ascii hex auth for sealed data default 0x00...
> -   (40 ascii zeros)
> -   pcrinfo=ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> -   pcrlock=pcr number to be extended to "lock" blob
> -   migratable= 0|1 indicating permission to reseal to new PCR values,
> -   default 1 (resealing allowed)
> -   hash=  hash algorithm name as a string. For TPM 1.x the only
> -  allowed value is sha1. For TPM 2.x the allowed values
> -   are sha1, sha256, sha384, sha512 and sm3-256.
> +   keyhandle=ascii hex value of sealing key default 0x4000 (SRK)
> +   keyauth=   ascii hex auth for sealing key default 0x00...i
> + (40 ascii zeros)
> +   blobauth= ascii hex auth for sealed data default 0x00...
> + (40 ascii zeros)
> +   blobauth= ascii hex auth for sealed data default 0x00...
> + (40 ascii zeros)
> +   pcrinfo=   ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> +   pcrlock=   pcr number to be extended to "lock" blob
> +   migratable=   0|1 indicating permission to reseal to new PCR values,
> + default 1 (resealing allowed)
> +   hash= hash algorithm name as a string. For TPM 1.x the only
> + allowed value is sha1. For TPM 2.x the allowed values
> + are sha1, sha256, sha384, sha512 and sm3-256.
> +   policydigest= digest for the authorization policy. must be calculated
> + with the same hash algorithm as specified by the 'hash='
> + option.
> +   policyhandle= handle to an authorization policy session that defines 
> the
> + same policy and with the same hash algorithm as was 
> used to
> + seal the key.
> 
>  "keyctl print" returns an ascii hex copy of the sealed key, which is in 
> standard
>  TPM_STORED_DATA format.  The key length for new keys are always in bytes.
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index d9d0822..45a6340 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -478,12 +478,26 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
>   tpm_buf_append_u8(, payload->migratable);
> 
>   /* public */
> - tpm_buf_append_u16(, 14);
> + if (options->policydigest)
> + tpm_buf_append_u16(, 14 + options->digest_len);
> + else
> + tpm_buf_append_u16(, 14);
> 
>   tpm_buf_append_u16(, TPM2_ALG_KEYEDHASH);
>   tpm_buf_append_u16(, hash);
> - tpm_buf_append_u32(, TPM2_ATTR_USER_WITH_AUTH);
> - tpm_buf_append_u16(, 0); /* policy digest size */
> +
> + /* policy */
> + if (options->policydigest) {
> + tpm_buf_append_u32(, 0);
> + tpm_buf_append_u16(, options->digest_len);
> + tpm_buf_append(, options->policydigest,
> +options->digest_len);
> + } else {
> + tpm_buf_append_u32(, TPM2_ATTR_USER_WITH_AUTH);
> + tpm_buf_append_u16(, 0);
> + }
> +
> + /*

Re: [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy

2015-12-14 Thread Jarkko Sakkinen 
On Mon, Dec 14, 2015 at 08:49:00AM -0500, Mimi Zohar wrote:
> On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote:
> > TPM2 supports authorization policies, which are essentially
> > combinational logic statements repsenting the conditions where the data
> > can be unsealed based on the TPM state. This patch enables to use
> > authorization policies to seal trusted keys.
> > 
> > Two following new options have been added for trusted keys:
> > 
> > * 'policydigest=': provide an auth policy digest for sealing.
> > * 'policyhandle=': provide a policy session handle for unsealing.
> > 
> > If 'hash=' option is supplied after 'policydigest=' option, this
> > will result an error because the state of the option would become
> > mixed.
> > 
> > Signed-off-by: Jarkko Sakkinen 
> > Tested-by: Colin Ian King 
> > ---
> >  Documentation/security/keys-trusted-encrypted.txt | 34 
> > +--
> >  drivers/char/tpm/tpm2-cmd.c   | 24 +---
> >  include/keys/trusted-type.h   |  4 +++
> >  security/keys/trusted.c   | 26 +
> >  4 files changed, 70 insertions(+), 18 deletions(-)
> > 
> > diff --git a/Documentation/security/keys-trusted-encrypted.txt 
> > b/Documentation/security/keys-trusted-encrypted.txt
> > index fd2565b..324ddf5 100644
> > --- a/Documentation/security/keys-trusted-encrypted.txt
> > +++ b/Documentation/security/keys-trusted-encrypted.txt
> > @@ -27,20 +27,26 @@ Usage:
> >  keyctl print keyid
> > 
> >  options:
> > -   keyhandle= ascii hex value of sealing key default 0x4000 (SRK)
> > -   keyauth=  ascii hex auth for sealing key default 0x00...i
> > - (40 ascii zeros)
> > -   blobauth=  ascii hex auth for sealed data default 0x00...
> > - (40 ascii zeros)
> > -   blobauth=  ascii hex auth for sealed data default 0x00...
> > - (40 ascii zeros)
> > -   pcrinfo=  ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> > -   pcrlock=  pcr number to be extended to "lock" blob
> > -   migratable= 0|1 indicating permission to reseal to new PCR values,
> > -   default 1 (resealing allowed)
> > -   hash=  hash algorithm name as a string. For TPM 1.x the only
> > -  allowed value is sha1. For TPM 2.x the allowed values
> > - are sha1, sha256, sha384, sha512 and sm3-256.
> > +   keyhandle=ascii hex value of sealing key default 0x4000 
> > (SRK)
> > +   keyauth= ascii hex auth for sealing key default 0x00...i
> > + (40 ascii zeros)
> > +   blobauth= ascii hex auth for sealed data default 0x00...
> > + (40 ascii zeros)
> > +   blobauth= ascii hex auth for sealed data default 0x00...
> > + (40 ascii zeros)
> > +   pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
> > +   pcrlock= pcr number to be extended to "lock" blob
> > +   migratable=   0|1 indicating permission to reseal to new PCR values,
> > + default 1 (resealing allowed)
> > +   hash= hash algorithm name as a string. For TPM 1.x the only
> > + allowed value is sha1. For TPM 2.x the allowed values
> > + are sha1, sha256, sha384, sha512 and sm3-256.
> > +   policydigest= digest for the authorization policy. must be 
> > calculated
> > + with the same hash algorithm as specified by the 
> > 'hash='
> > + option.
> > +   policyhandle= handle to an authorization policy session that 
> > defines the
> > + same policy and with the same hash algorithm as was 
> > used to
> > + seal the key.
> > 
> >  "keyctl print" returns an ascii hex copy of the sealed key, which is in 
> > standard
> >  TPM_STORED_DATA format.  The key length for new keys are always in bytes.
> > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> > index d9d0822..45a6340 100644
> > --- a/drivers/char/tpm/tpm2-cmd.c
> > +++ b/drivers/char/tpm/tpm2-cmd.c
> > @@ -478,12 +478,26 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> > tpm_buf_append_u8(, payload->migratable);
> > 
> > /* public */
> > -   tpm_buf_append_u16(, 14);
> > +   if (options->policydigest)
> > +   tpm_buf_append_u16(, 14 + options->digest_len);
> > +   else
> > +   tpm_buf_append_u16(, 14);
> > 
> > tpm_buf_append_u16(, TPM2_ALG_KEYEDHASH);
> > tpm_buf_append_u16(, hash);
> > -   tpm_buf_append_u32(, TPM2_ATTR_USER_WITH_AUTH);
> > -   tpm_buf_append_u16(, 0); /* policy digest size */
> > +
> > +   /* policy */
> > +   if (options->policydigest) {
> > +   tpm_buf_append_u32(, 0);
> > +   tpm_buf_append_u16(, options->digest_len);
> > +   tpm_buf_append(,

[PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy

2015-12-13 Thread Jarkko Sakkinen 
TPM2 supports authorization policies, which are essentially
combinational logic statements repsenting the conditions where the data
can be unsealed based on the TPM state. This patch enables to use
authorization policies to seal trusted keys.

Two following new options have been added for trusted keys:

* 'policydigest=': provide an auth policy digest for sealing.
* 'policyhandle=': provide a policy session handle for unsealing.

If 'hash=' option is supplied after 'policydigest=' option, this
will result an error because the state of the option would become
mixed.

Signed-off-by: Jarkko Sakkinen 
Tested-by: Colin Ian King 
---
 Documentation/security/keys-trusted-encrypted.txt | 34 +--
 drivers/char/tpm/tpm2-cmd.c   | 24 +---
 include/keys/trusted-type.h   |  4 +++
 security/keys/trusted.c   | 26 +
 4 files changed, 70 insertions(+), 18 deletions(-)

diff --git a/Documentation/security/keys-trusted-encrypted.txt 
b/Documentation/security/keys-trusted-encrypted.txt
index fd2565b..324ddf5 100644
--- a/Documentation/security/keys-trusted-encrypted.txt
+++ b/Documentation/security/keys-trusted-encrypted.txt
@@ -27,20 +27,26 @@ Usage:
 keyctl print keyid
 
 options:
-   keyhandle= ascii hex value of sealing key default 0x4000 (SRK)
-   keyauth=  ascii hex auth for sealing key default 0x00...i
- (40 ascii zeros)
-   blobauth=  ascii hex auth for sealed data default 0x00...
- (40 ascii zeros)
-   blobauth=  ascii hex auth for sealed data default 0x00...
- (40 ascii zeros)
-   pcrinfo=  ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
-   pcrlock=  pcr number to be extended to "lock" blob
-   migratable= 0|1 indicating permission to reseal to new PCR values,
-   default 1 (resealing allowed)
-   hash=  hash algorithm name as a string. For TPM 1.x the only
-  allowed value is sha1. For TPM 2.x the allowed values
- are sha1, sha256, sha384, sha512 and sm3-256.
+   keyhandle=ascii hex value of sealing key default 0x4000 (SRK)
+   keyauth= ascii hex auth for sealing key default 0x00...i
+ (40 ascii zeros)
+   blobauth= ascii hex auth for sealed data default 0x00...
+ (40 ascii zeros)
+   blobauth= ascii hex auth for sealed data default 0x00...
+ (40 ascii zeros)
+   pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
+   pcrlock= pcr number to be extended to "lock" blob
+   migratable=   0|1 indicating permission to reseal to new PCR values,
+ default 1 (resealing allowed)
+   hash= hash algorithm name as a string. For TPM 1.x the only
+ allowed value is sha1. For TPM 2.x the allowed values
+ are sha1, sha256, sha384, sha512 and sm3-256.
+   policydigest= digest for the authorization policy. must be calculated
+ with the same hash algorithm as specified by the 'hash='
+ option.
+   policyhandle= handle to an authorization policy session that defines the
+ same policy and with the same hash algorithm as was used 
to
+ seal the key.
 
 "keyctl print" returns an ascii hex copy of the sealed key, which is in 
standard
 TPM_STORED_DATA format.  The key length for new keys are always in bytes.
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index d9d0822..45a6340 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -478,12 +478,26 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
tpm_buf_append_u8(, payload->migratable);
 
/* public */
-   tpm_buf_append_u16(, 14);
+   if (options->policydigest)
+   tpm_buf_append_u16(, 14 + options->digest_len);
+   else
+   tpm_buf_append_u16(, 14);
 
tpm_buf_append_u16(, TPM2_ALG_KEYEDHASH);
tpm_buf_append_u16(, hash);
-   tpm_buf_append_u32(, TPM2_ATTR_USER_WITH_AUTH);
-   tpm_buf_append_u16(, 0); /* policy digest size */
+
+   /* policy */
+   if (options->policydigest) {
+   tpm_buf_append_u32(, 0);
+   tpm_buf_append_u16(, options->digest_len);
+   tpm_buf_append(, options->policydigest,
+  options->digest_len);
+   } else {
+   tpm_buf_append_u32(, TPM2_ATTR_USER_WITH_AUTH);
+   tpm_buf_append_u16(, 0);
+   }
+
+   /* public parameters */
tpm_buf_append_u16(, TPM2_ALG_NULL);
tpm_buf_append_u16(, 0);
 
@@ -613,7 +627,9 @@ static int tpm2_unseal(struct tpm_chip *chip,
return rc;