Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1324604rwb; Tue, 27 Sep 2022 11:20:44 -0700 (PDT) X-Google-Smtp-Source: AMsMyM52/Lh621IO07R/oUwybko3NQbRXctCz3fd/Y5z7FagKhx1UJiJizToHKZUYGuQEY39aDGS X-Received: by 2002:a17:903:230d:b0:178:29a3:df38 with SMTP id d13-20020a170903230d00b0017829a3df38mr28140324plh.10.1664302844310; Tue, 27 Sep 2022 11:20:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664302844; cv=none; d=google.com; s=arc-20160816; b=xB4w5wZsSRIFJ9dP9FJYDeojRpsyOFfSX3Xnveq3HWSCvQrExCSVLBDN2FT/22g0m5 8lxwDBHSp7jYQM+/gaWAJRsmopbfotSStM1ziN1p8Q27ohGw9YLGcb63Zfl5yhYGBRYs mV8xe90RSiizxFYEVC1H46kgA0e7TCXI1NKfG7UQn+bkFAJbvfBkf8PdSGNxqe5XPQw0 GxdN96APYo08d8i2XA0Ec25DSQ0Q9hp8mi5C1mL3XbmTqbMHOfRWTnHGWj2k2SVOtuaH oqmMgk6EYd/n/d+3VNOtWXpQtYnh10gpOp8vAgIhTSfzPGA9X13gO42+7nwYodK4fDIt zaXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=p+EwdeqCoE27EgkHyCYpqbbvZj82cYcu+QCeLhfwJXs=; b=FA62PCrLAjrxIqc9b+lMOR665WshhJeaqqMbMeeTTPqo6ebBIuusH5lT1WFAKM9eyP 5JOlljQBhvJOZC5S3xuzs/944101QE17Lwbfl0HgE5YxymWLl2T7rwGWdXp2H73PFFxV T01Uaac645DjGbfEv4Z4WgwbsNzKqwIIcvFGJ1YuEl2PYYj5anFIu34sPdbl+SxMwTUO HxEIFRbFi36tFuwQM9tw2NkKINvOe+BelDBp0czw58GUi+DL9ZLdRz6E5zKEE5KxTf2f hhwwNiF2SsRhqN2cq0WrQZZ8ldxv3qZJl/aB48TPqW2uDqL6g2eCb1+6y/rdoZWXwDk6 hQLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=aUL0i1ZY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w37-20020a634925000000b0043961d06befsi2650334pga.486.2022.09.27.11.20.32; Tue, 27 Sep 2022 11:20:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=aUL0i1ZY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232623AbiI0Qvw (ORCPT + 99 others); Tue, 27 Sep 2022 12:51:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52658 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233194AbiI0Quo (ORCPT ); Tue, 27 Sep 2022 12:50:44 -0400 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C22A671734 for ; Tue, 27 Sep 2022 09:50:28 -0700 (PDT) Received: by mail-pj1-x102c.google.com with SMTP id l9-20020a17090a4d4900b00205e295400eso1290111pjh.4 for ; Tue, 27 Sep 2022 09:50:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date; bh=p+EwdeqCoE27EgkHyCYpqbbvZj82cYcu+QCeLhfwJXs=; b=aUL0i1ZYy8YBSietWoW55lkWRiA6ms2vaAGiwhHLSHfFYLJGBYVuEu1KknbIzTmLIu 3tdKkYnE/QPVoN9ri1hM7KskuvlVA8EFWSdvnEJuUCSz3dmDugvG5op0xEABb8KrIkhb Jj0ZosfPt3fXaPg0Dyoir6cAAJqLTfyGzA5vY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=p+EwdeqCoE27EgkHyCYpqbbvZj82cYcu+QCeLhfwJXs=; b=4AMWwztpPx49Zkze+Vch4g23hxNJDdYy7ILiGZ5wjqJ7Z9ywEn60WYZODUAfycLJ/6 2AJyvRgVRpSecAqezAJffEAdH1o4Z1xKCpHCgZrz5n7+jHCqan8KMwZbNHgYUhs3h5c0 OMdALoJTeYmikjfHuRk5mumA9lfPxM8xoYQ/Qym1GlAPDJrTaCzoyB5HR/ys7PGK+iE2 H+wVEFWqk/BdOZlTGOxR5hPccyB71c0JelpZPmWVKCAFd8K18vXs1PgqJQWce/DSdfdm dRfM6kmgIi0YozWjCCtiqIONr2zfEb4JWzXlDJuWf2WlSdD8ch4zecC7MkhQFCz1ZD87 gXvg== X-Gm-Message-State: ACrzQf1b70jhxucHdcbahIfAMDoYiP/L1+uHeqDmQpr5hJSiwjIY3gFh XjVeYcpxHb3stuwRQnNcWOKTy3jDEY58eyPzEvE= X-Received: by 2002:a17:90a:4607:b0:202:e22d:489c with SMTP id w7-20020a17090a460700b00202e22d489cmr5620580pjg.80.1664297428055; Tue, 27 Sep 2022 09:50:28 -0700 (PDT) Received: from evgreen-glaptop.lan ([73.231.74.141]) by smtp.gmail.com with ESMTPSA id p13-20020a63950d000000b00434272fe870sm1753509pgd.88.2022.09.27.09.50.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Sep 2022 09:50:27 -0700 (PDT) From: Evan Green To: linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org, apronin@chromium.org, dlunev@google.com, jarkko@kernel.org, Pavel Machek , Ben Boeckel , rjw@rjwysocki.net, corbet@lwn.net, linux-pm@vger.kernel.org, zohar@linux.ibm.com, Kees Cook , Eric Biggers , jejb@linux.ibm.com, gwendal@chromium.org, Matthew Garrett , Evan Green , Matthew Garrett , Len Brown , "Rafael J. Wysocki" Subject: [PATCH v3 10/11] PM: hibernate: Verify the digest encryption key Date: Tue, 27 Sep 2022 09:49:21 -0700 Message-Id: <20220927094559.v3.10.I504d456c7a94ef1aaa7a2c63775ce9690c3ad7ab@changeid> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20220927164922.3383711-1-evgreen@chromium.org> References: <20220927164922.3383711-1-evgreen@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We want to ensure that the key used to encrypt the digest was created by the kernel during hibernation. To do this we request that the TPM include information about the value of PCR 23 at the time of key creation in the sealed blob. On resume, we can make sure that the PCR information in the creation data blob (already certified by the TPM to be accurate) corresponds to the expected value. Since only the kernel can touch PCR 23, if an attacker generates a key themselves the value of PCR 23 will have been different, allowing us to reject the key and boot normally instead of resuming. Co-developed-by: Matthew Garrett Signed-off-by: Matthew Garrett Signed-off-by: Evan Green --- Matthew's original version of this patch is here: https://patchwork.kernel.org/project/linux-pm/patch/20210220013255.1083202-9-matthewgarrett@google.com/ I moved the TPM2_CC_CERTIFYCREATION code into a separate change in the trusted key code because the blob_handle was being flushed and was no longer valid for use in CC_CERTIFYCREATION after the key was loaded. As an added benefit of moving the certification into the trusted keys code, we can drop the other patch from the original series that squirrelled the blob_handle away. Changes in v3: - Changed funky tag to Co-developed-by (Kees). Matthew, holler if you want something different. Changes in v2: - Fixed some sparse warnings - Use CRYPTO_LIB_SHA256 to get rid of sha256_data() (Eric) - Adjusted offsets due to new ASN.1 format, and added a creation data length check. kernel/power/snapenc.c | 67 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 65 insertions(+), 2 deletions(-) diff --git a/kernel/power/snapenc.c b/kernel/power/snapenc.c index e0b902d2dcf13a..1f08942450775a 100644 --- a/kernel/power/snapenc.c +++ b/kernel/power/snapenc.c @@ -22,6 +22,12 @@ static struct tpm_digest known_digest = { .alg_id = TPM_ALG_SHA256, 0xf1, 0x22, 0x38, 0x6c, 0x33, 0xb1, 0x14, 0xb7, 0xec, 0x05, 0x5f, 0x49}}; +/* sha256(sha256(empty_pcr | known_digest)) */ +static const char expected_digest[] = {0x2f, 0x96, 0xf2, 0x1b, 0x70, 0xa9, 0xe8, + 0x42, 0x25, 0x8e, 0x66, 0x07, 0xbe, 0xbc, 0xe3, 0x1f, 0x2c, 0x84, 0x4a, + 0x3f, 0x85, 0x17, 0x31, 0x47, 0x9a, 0xa5, 0x53, 0xbb, 0x23, 0x0c, 0x32, + 0xf3}; + /* Derive a key from the kernel and user keys for data encryption. */ static int snapshot_use_user_key(struct snapshot_data *data) { @@ -486,7 +492,7 @@ static int snapshot_create_kernel_key(struct snapshot_data *data) struct key *key = NULL; int ret, i; /* Create a key sealed by the SRK. */ - char *keyinfo = "new\t32\tkeyhandle=0x81000000"; + char *keyinfo = "new\t32\tkeyhandle=0x81000000\tcreationpcrs=0x00800000"; chip = tpm_default_chip(); if (!chip) @@ -605,6 +611,7 @@ static int snapshot_load_kernel_key(struct snapshot_data *data, struct uswsusp_key_blob *blob) { + char certhash[SHA256_DIGEST_SIZE]; const struct cred *cred = current_cred(); char *keytemplate = "load\t%s\tkeyhandle=0x81000000"; struct tpm_digest *digests = NULL; @@ -612,6 +619,7 @@ static int snapshot_load_kernel_key(struct snapshot_data *data, char *keyinfo = NULL; struct tpm_chip *chip; struct key *key = NULL; + struct trusted_key_payload *payload; int i, ret; chip = tpm_default_chip(); @@ -629,8 +637,10 @@ static int snapshot_load_kernel_key(struct snapshot_data *data, digests = kcalloc(chip->nr_allocated_banks, sizeof(struct tpm_digest), GFP_KERNEL); - if (!digests) + if (!digests) { + ret = -ENOMEM; goto out; + } for (i = 0; i <= chip->nr_allocated_banks; i++) { digests[i].alg_id = chip->allocated_banks[i].alg_id; @@ -670,6 +680,59 @@ static int snapshot_load_kernel_key(struct snapshot_data *data, if (ret != 0) goto out; + /* Verify the creation hash matches the creation data. */ + payload = key->payload.data[0]; + if (!payload->creation || !payload->creation_hash || + (payload->creation_len < 3) || + (payload->creation_hash_len < SHA256_DIGEST_SIZE)) { + ret = -EINVAL; + goto out; + } + + sha256(payload->creation + 2, payload->creation_len - 2, certhash); + if (memcmp(payload->creation_hash + 2, certhash, SHA256_DIGEST_SIZE) != 0) { + ret = -EINVAL; + goto out; + } + + /* We now know that the creation data is authentic - parse it */ + + /* TPML_PCR_SELECTION.count */ + if (be32_to_cpu(*(__be32 *)&payload->creation[2]) != 1) { + ret = -EINVAL; + goto out; + } + + if (be16_to_cpu(*(__be16 *)&payload->creation[6]) != TPM_ALG_SHA256) { + ret = -EINVAL; + goto out; + } + + if (*(char *)&payload->creation[8] != 3) { + ret = -EINVAL; + goto out; + } + + /* PCR 23 selected */ + if (be32_to_cpu(*(__be32 *)&payload->creation[8]) != 0x03000080) { + ret = -EINVAL; + goto out; + } + + if (be16_to_cpu(*(__be16 *)&payload->creation[12]) != + SHA256_DIGEST_SIZE) { + ret = -EINVAL; + goto out; + } + + /* Verify PCR 23 contained the expected value when the key was created. */ + if (memcmp(&payload->creation[14], expected_digest, + SHA256_DIGEST_SIZE) != 0) { + + ret = -EINVAL; + goto out; + } + data->key = key; key = NULL; -- 2.31.0