Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp5110715imm; Tue, 9 Oct 2018 09:49:42 -0700 (PDT) X-Google-Smtp-Source: ACcGV60zVOUINve/zI2K1ddC+mgmcv2JrCpndy44LBlOYf4HL/J1HDLA48J1/f+jHbHD9P8BsFQR X-Received: by 2002:a17:902:70c7:: with SMTP id l7-v6mr28633365plt.29.1539103782099; Tue, 09 Oct 2018 09:49:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539103782; cv=none; d=google.com; s=arc-20160816; b=mvWP+PwBD+P850diMTJx+tj2iNm5J4fi0EXCCFxFK4f2orx6ZWmTGgogLh6+4u84je MLHEoQp/Tk8abaE0kiXvEQUyZk3fuUONpDhUAAgY/Ds/H4dLtzHXxlu6IZ5D4sAUJ3jl vSkEjhfiq6RyXyzxxse3EGoyra7FS1JnnkUdTeyFJiDQdgfoKbGQuatiB+xv1oDDW/Ek O5OtHYVHMMQJO9OgSsmF8yYqpruT5uck9f474HExsilT3AYlDR53qk/DvmUEvuJ87ojy AnPLGmnsPfsBhmJWLbT7lJMwUVFjQ+RffyDbMctrD+LA3GJXCVd3xN1+F32IddtpDj8n Wpzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization; bh=TasI3HJ60wJKQmYsh1rJW+PLO7eLoWAKjrY4oKUFN5Y=; b=H03VSiVcIN3CUlGwgvw+pU/LPFsPdK9yqDaRUtyEA5JuTxGufP3zDjQHnVViSqfDR6 KOVM+Mp5j+SiitXX8CRfSSDfO12GCdDX0XonWNNAigbtRIpDSU9zCE85EDQN1W65LMF/ N5/dFGkHy9GTYYp4emiOzR752pakKOn1E33QBizRYzoO8n9JpR2+0kG7re3YFY3Fdnpv MMUZp34B97PO6Ly/5jO7CjehawfPNQ3mFS9frTszBick9APk0U4O19ncvZFnwXUxrS1D wu2qX2iRx6RhS5Xu1tkUm1NkFDNbyxhEeFp3GUbx3Ro2BMw4kLdKjnKtEM4arfo+iYlk 7FwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r28-v6si19987302pgk.263.2018.10.09.09.49.27; Tue, 09 Oct 2018 09:49:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726933AbeJJAG1 (ORCPT + 99 others); Tue, 9 Oct 2018 20:06:27 -0400 Received: from mx1.redhat.com ([209.132.183.28]:55526 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726393AbeJJAG1 (ORCPT ); Tue, 9 Oct 2018 20:06:27 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B01B0C050012; Tue, 9 Oct 2018 16:48:36 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-149.rdu2.redhat.com [10.10.120.149]) by smtp.corp.redhat.com (Postfix) with ESMTP id D3E525F59A; Tue, 9 Oct 2018 16:48:33 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 14/22] KEYS: asym_tpm: Implement encryption operation [ver #2] From: David Howells To: jmorris@namei.org Cc: Denis Kenzior , Marcel Holtmann , Marcel Holtmann , dhowells@redhat.com, denkenz@gmail.com, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Date: Tue, 09 Oct 2018 17:48:33 +0100 Message-ID: <153910371304.12141.3922421291748583148.stgit@warthog.procyon.org.uk> In-Reply-To: <153910360263.12141.6032694262361399627.stgit@warthog.procyon.org.uk> References: <153910360263.12141.6032694262361399627.stgit@warthog.procyon.org.uk> User-Agent: StGit/unknown-version MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 09 Oct 2018 16:48:36 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Denis Kenzior This patch impelements the pkey_encrypt operation. The public key portion extracted from the TPM key blob is used. The operation is performed entirely in software using the crypto API. Signed-off-by: Denis Kenzior Signed-off-by: David Howells Tested-by: Marcel Holtmann Reviewed-by: Marcel Holtmann --- crypto/asymmetric_keys/asym_tpm.c | 84 +++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c index 837472d107d5..8edca3c4c193 100644 --- a/crypto/asymmetric_keys/asym_tpm.c +++ b/crypto/asymmetric_keys/asym_tpm.c @@ -165,6 +165,8 @@ static int tpm_key_query(const struct kernel_pkey_params *params, info->max_enc_size = len; info->max_dec_size = tk->key_len / 8; + info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT; + ret = 0; error_free_tfm: crypto_free_akcipher(tfm); @@ -172,6 +174,87 @@ static int tpm_key_query(const struct kernel_pkey_params *params, return ret; } +/* + * Encryption operation is performed with the public key. Hence it is done + * in software + */ +static int tpm_key_encrypt(struct tpm_key *tk, + struct kernel_pkey_params *params, + const void *in, void *out) +{ + char alg_name[CRYPTO_MAX_ALG_NAME]; + struct crypto_akcipher *tfm; + struct akcipher_request *req; + struct crypto_wait cwait; + struct scatterlist in_sg, out_sg; + uint8_t der_pub_key[PUB_KEY_BUF_SIZE]; + uint32_t der_pub_key_len; + int ret; + + pr_devel("==>%s()\n", __func__); + + ret = determine_akcipher(params->encoding, params->hash_algo, alg_name); + if (ret < 0) + return ret; + + tfm = crypto_alloc_akcipher(alg_name, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len, + der_pub_key); + + ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len); + if (ret < 0) + goto error_free_tfm; + + req = akcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) + goto error_free_tfm; + + sg_init_one(&in_sg, in, params->in_len); + sg_init_one(&out_sg, out, params->out_len); + akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len, + params->out_len); + crypto_init_wait(&cwait); + akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | + CRYPTO_TFM_REQ_MAY_SLEEP, + crypto_req_done, &cwait); + + ret = crypto_akcipher_encrypt(req); + ret = crypto_wait_req(ret, &cwait); + + if (ret == 0) + ret = req->dst_len; + + akcipher_request_free(req); +error_free_tfm: + crypto_free_akcipher(tfm); + pr_devel("<==%s() = %d\n", __func__, ret); + return ret; +} + +/* + * Do encryption, decryption and signing ops. + */ +static int tpm_key_eds_op(struct kernel_pkey_params *params, + const void *in, void *out) +{ + struct tpm_key *tk = params->key->payload.data[asym_crypto]; + int ret = -EOPNOTSUPP; + + /* Perform the encryption calculation. */ + switch (params->op) { + case kernel_pkey_encrypt: + ret = tpm_key_encrypt(tk, params, in, out); + break; + default: + BUG(); + } + + return ret; +} + /* * Parse enough information out of TPM_KEY structure: * TPM_STRUCT_VER -> 4 bytes @@ -329,6 +412,7 @@ struct asymmetric_key_subtype asym_tpm_subtype = { .describe = asym_tpm_describe, .destroy = asym_tpm_destroy, .query = tpm_key_query, + .eds_op = tpm_key_eds_op, }; EXPORT_SYMBOL_GPL(asym_tpm_subtype);