[0/6] Add policy to sealed keys

Message ID	20240524130459.21510-1-James.Bottomley@HansenPartnership.com (mailing list archive)
Headers	show Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C89285639; Fri, 24 May 2024 13:05:07 +0000 (UTC) From: James Bottomley <James.Bottomley@HansenPartnership.com> To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen <jarkko@kernel.org>, keyrings@vger.kernel.org Subject: [PATCH 0/6] Add policy to sealed keys Date: Fri, 24 May 2024 09:04:53 -0400 Message-Id: <20240524130459.21510-1-James.Bottomley@HansenPartnership.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Add policy to sealed keys \| expand [0/6] Add policy to sealed keys [1/6] tpm: consolidate TPM to crypto hash algorithm conversion [2/6] tpm: add policy sessions [3/6] KEYS: trusted: add PCR policy to TPM2 keys [4/6] KEYS: trusted: add ability to specify arbitrary policy [5/6] KEYS: trusted: implement counter/timer policy [6/6] KEYS: trusted: add support for TPM keys with signed policy

Message ID

20240524130459.21510-1-James.Bottomley@HansenPartnership.com (mailing list archive)

Headers

From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
	keyrings@vger.kernel.org
Subject: [PATCH 0/6] Add policy to sealed keys
Date: Fri, 24 May 2024 09:04:53 -0400
Message-Id: <20240524130459.21510-1-James.Bottomley@HansenPartnership.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Add policy to sealed keys | expand

Message

James Bottomley May 24, 2024, 1:04 p.m. UTC

TPM2 policy is much more complicated than the original TPM 1.2 which
only supported PCR value binding.  TPM2 policy may be a sequence of
policy statements each of which must be correctly executed and may
include choices in which set of policy statements will execute
correctly.  The actual policy is identified in the key by a single
hash, which is the end result of extending all the policy statements.
However, since it is impossible to reverse engineer the policy
statements from the hash value, the ASN.1 key format is extended to
give a broken out list of statements the kernel must execute to get
the correct policy hash value.

In order to create policy sessions (which are usable as HMAC sessions,
but also respond to policy statements), the TPM HMAC code is reused to
create the required policy sessions (while preserving bus security).
However, because the session hash algorithm must match the name
algorithm of the sealed data (which is used for the policy hash), the
TPM session code is changed to use a variable hash algorithm.

The first patch consolidates the hash definitions and conversion
routines, the second adds both variable hash type and policy support
and the remaining patches add specific policy statement
implementations.

James

---

James Bottomley (6):
  tpm: consolidate TPM to crypto hash algorithm conversion
  tpm: add policy sessions
  KEYS: trusted: add PCR policy to TPM2 keys
  KEYS: trusted: add ability to specify arbitrary policy
  KEYS: trusted: implement counter/timer policy
  KEYS: trusted: add support for TPM keys with signed policy

 .../security/keys/trusted-encrypted.rst       |  99 ++-
 drivers/char/tpm/tpm2-cmd.c                   |   8 -
 drivers/char/tpm/tpm2-sessions.c              | 313 ++++++---
 include/keys/trusted-type.h                   |   8 +-
 include/linux/tpm.h                           |  81 ++-
 security/keys/trusted-keys/Kconfig            |   2 +
 security/keys/trusted-keys/Makefile           |   3 +
 security/keys/trusted-keys/tpm2-policy.c      | 662 ++++++++++++++++++
 security/keys/trusted-keys/tpm2-policy.h      |  61 ++
 security/keys/trusted-keys/tpm2key.asn1       |  21 +
 security/keys/trusted-keys/trusted_core.c     |   7 +-
 security/keys/trusted-keys/trusted_tpm1.c     |  15 +
 security/keys/trusted-keys/trusted_tpm2.c     | 206 ++++--
 13 files changed, 1314 insertions(+), 172 deletions(-)
 create mode 100644 security/keys/trusted-keys/tpm2-policy.c
 create mode 100644 security/keys/trusted-keys/tpm2-policy.h

Comments

Jarkko Sakkinen May 24, 2024, 1:24 p.m. UTC | #1

On Fri May 24, 2024 at 4:04 PM EEST, James Bottomley wrote:
> TPM2 policy is much more complicated than the original TPM 1.2 which
> only supported PCR value binding.  TPM2 policy may be a sequence of
> policy statements each of which must be correctly executed and may
> include choices in which set of policy statements will execute
> correctly.  The actual policy is identified in the key by a single
> hash, which is the end result of extending all the policy statements.
> However, since it is impossible to reverse engineer the policy
> statements from the hash value, the ASN.1 key format is extended to
> give a broken out list of statements the kernel must execute to get
> the correct policy hash value.
>
> In order to create policy sessions (which are usable as HMAC sessions,
> but also respond to policy statements), the TPM HMAC code is reused to
> create the required policy sessions (while preserving bus security).
> However, because the session hash algorithm must match the name
> algorithm of the sealed data (which is used for the policy hash), the
> TPM session code is changed to use a variable hash algorithm.
>
> The first patch consolidates the hash definitions and conversion
> routines, the second adds both variable hash type and policy support
> and the remaining patches add specific policy statement
> implementations.
>
> James
>
> ---
>
> James Bottomley (6):
>   tpm: consolidate TPM to crypto hash algorithm conversion
>   tpm: add policy sessions
>   KEYS: trusted: add PCR policy to TPM2 keys
>   KEYS: trusted: add ability to specify arbitrary policy
>   KEYS: trusted: implement counter/timer policy
>   KEYS: trusted: add support for TPM keys with signed policy
>
>  .../security/keys/trusted-encrypted.rst       |  99 ++-
>  drivers/char/tpm/tpm2-cmd.c                   |   8 -
>  drivers/char/tpm/tpm2-sessions.c              | 313 ++++++---
>  include/keys/trusted-type.h                   |   8 +-
>  include/linux/tpm.h                           |  81 ++-
>  security/keys/trusted-keys/Kconfig            |   2 +
>  security/keys/trusted-keys/Makefile           |   3 +
>  security/keys/trusted-keys/tpm2-policy.c      | 662 ++++++++++++++++++
>  security/keys/trusted-keys/tpm2-policy.h      |  61 ++
>  security/keys/trusted-keys/tpm2key.asn1       |  21 +
>  security/keys/trusted-keys/trusted_core.c     |   7 +-
>  security/keys/trusted-keys/trusted_tpm1.c     |  15 +
>  security/keys/trusted-keys/trusted_tpm2.c     | 206 ++++--
>  13 files changed, 1314 insertions(+), 172 deletions(-)
>  create mode 100644 security/keys/trusted-keys/tpm2-policy.c
>  create mode 100644 security/keys/trusted-keys/tpm2-policy.h

I'd prefer to this postponed after asymmetric keys and also when
the issues have been fixed from HMAC.

Also I fixed myself some bugs like memory leak and useless WARN
from existing trusted keys code so those needs to be fixed too.

So NAK at the time can be rebased later on top.

BR, Jarkko