create_tpm2_key, seal_tpm2_data: add option to create signed policy

Add a --signed-policy option to both which takes a public key and then
uses tpm2_add_signed_policy() to create a key policy which requires
additional signed policies.

Note that keys/blobs so created cannot be used until at least one
signed policy is added.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

4 files changed, 59 insertions, 4 deletions

diff --git a/create_tpm2_key.1.in b/create_tpm2_key.1.in
index d7ff3ec..848afdc 100644
--- a/create_tpm2_key.1.in
+++ b/create_tpm2_key.1.in
@@ -45,6 +45,16 @@ well as comma separated ranges.  So
 
  sha512:1,3-5 means PCRs 1,3,4 and 5 in the sha512 bank
 
+[Signed Policies]
+
+When the option --signed-policy <key> is used, it creates a key whose
+policy can be extended by anyone possessing the private part of <key>.
+The <key> presented must be a public key (so the owner of the private
+key doesn't have to be the owner of the created tpm key).
+
+Note that keys created with --signed-policy cannot be used until at
+least one signed policy is added.
+
 [examples]
 
 Create a self-signed cert using the TPM engine:
diff --git a/create_tpm2_key.c b/create_tpm2_key.c
index fc710b6..edb8668 100644
--- a/create_tpm2_key.c
+++ b/create_tpm2_key.c
@@ -28,6 +28,7 @@
 
 #define OPT_DEPRECATED 0x1ff
 #define OPT_RESTRICTED 0x1fe
+#define OPT_SIGNED_POLICY 0x1fd
 
 static struct option long_options[] = {
 	{"auth", 0, 0, 'a'},
@@ -37,6 +38,7 @@ static struct option long_options[] = {
 	{"name-scheme", 1, 0, 'n'},
 	{"parent-handle", 1, 0, 'p'},
 	{"pcr-lock", 1, 0, 'x'},
+	{"signed-policy", 1, 0, OPT_SIGNED_POLICY },
 	{"wrap", 1, 0, 'w'},
 	{"version", 0, 0, 'v'},
 	{"password", 1, 0, 'k'},
@@ -46,7 +48,7 @@ static struct option long_options[] = {
 	{"da", 0, 0, 'd'},
 	{"key-policy", 1, 0, 'c'},
 	{"import", 1, 0, 'i'},
-	{"restricted", 0, 0, OPT_RESTRICTED},
+	{"restricted", 0, 0, OPT_RESTRICTED },
 	/*
 	 * The option --deprecated allows us to create old format keys
 	 * for the purposes of testing.  It should never be used in
@@ -96,6 +98,9 @@ usage(char *argv0)
 		"\t-x, --pcr-lock <pcrs>         Lock the created key to the specified PCRs\n"
 		"                                By current value.  See PCR VALUES for\n"
 		"                                details about formatting\n"
+		"\t--signed-policy <key>         Add a signed policy directive that allows\n"
+		"\t                              policies signed by the specified public <key>\n"
+		"\t                              to authorize use of the key\n"
 		"\n"
 		"Report bugs to " PACKAGE_BUGREPORT "\n",
 		argv0);
@@ -594,6 +599,7 @@ int main(int argc, char **argv)
 	TPM2B_PUBLIC *pub;
 	PRIVATE_2B *priv;
 	char *key = NULL, *parent_auth = NULL, *import = NULL;
+	char *signed_policy = NULL;
 	TPMI_ECC_CURVE ecc = TPM_ECC_NONE;
 	int rsa = -1;
 	uint32_t noda = TPMA_OBJECT_NODA;
@@ -699,6 +705,9 @@ int main(int argc, char **argv)
 			case OPT_RESTRICTED:
 				restricted = 1;
 				break;
+			case OPT_SIGNED_POLICY:
+				signed_policy = optarg;
+				break;
 			default:
 				printf("Unknown option '%c'\n", c);
 				usage(argv[0]);
@@ -738,6 +747,11 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
+	if (signed_policy && policyFilename) {
+		fprintf(stderr, "cannot specify both signed policy and policy file\n");
+		exit(1);
+	}
+
 	if (pcr_lock.count !=0 && policyFilename) {
 		fprintf(stderr, "cannot specify both policy file and pcr lock\n");
 		exit(1);
@@ -748,7 +762,7 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
-	if (pcr_lock.count != 0 || policyFilename)
+	if (pcr_lock.count != 0 || policyFilename || signed_policy)
 		has_policy = 1;
 
 	digest.hashAlg = name_alg;
@@ -768,6 +782,11 @@ int main(int argc, char **argv)
 			reason = "parse_policy_file";
 			if (rc)
 				goto out_free_policy;
+		} else if (signed_policy) {
+			rc = tpm2_add_signed_policy(sk, signed_policy, &digest);
+			reason = "add_signed_policy";
+			if (rc)
+				goto out_free_policy;
 		}
 	}
 
diff --git a/seal_tpm2_data.1.in b/seal_tpm2_data.1.in
index 48c008e..621b011 100644
--- a/seal_tpm2_data.1.in
+++ b/seal_tpm2_data.1.in
@@ -21,6 +21,17 @@ well as comma separated ranges.  So
 
  sha512:1,3-5 means PCRs 1,3,4 and 5 in the sha512 bank
 
+[Signed Policies]
+
+When the option --signed-policy <key> is used, it creates a sealed
+blob whose policy can be extended by anyone possessing the private
+part of <key>.  The <key> presented must be a public key (so the owner
+of the private key doesn't have to be the owner of the created tpm
+sealed blob).
+
+Note that sealed blobs created with --signed-policy cannot be used
+until at least one signed policy is added.
+
 [examples]
 
 Create a sealed data blob to the storage parent (owner hierarchy)
diff --git a/seal_tpm2_data.c b/seal_tpm2_data.c
index cd74d1c..6432255 100644
--- a/seal_tpm2_data.c
+++ b/seal_tpm2_data.c
@@ -20,12 +20,15 @@
 #include "tpm2-asn.h"
 #include "tpm2-common.h"
 
+#define OPT_SIGNED_POLICY 0x1fd
+
 static struct option long_options[] = {
 	{"auth", 0, 0, 'a'},
 	{"auth-parent", 1, 0, 'b'},
 	{"help", 0, 0, 'h'},
 	{"parent-handle", 1, 0, 'p'},
 	{"pcr-lock", 1, 0, 'x'},
+	{"signed-policy", 1, 0, OPT_SIGNED_POLICY },
 	{"version", 0, 0, 'v'},
 	{"password", 1, 0, 'k'},
 	{"da", 0, 0, 'd'},
@@ -67,12 +70,15 @@ usage(char *argv0)
 		"\t                              respectively\n"
 		"\t-v, --version                 print package version\n"
 		"\t-k, --password <pwd>          use this password instead of prompting\n"
-		"\t-m,--nomigrate                Create a sealed data bundle that can be\n"
+		"\t-m, --nomigrate                Create a sealed data bundle that can be\n"
 		"                                migrated to other systems.\n"
 		"\t-n, --name-scheme <scheme>    name algorithm to use sha1 [sha256] sha384 sha512\n"
 		"\t-x, --pcr-lock <pcrs>         Lock the created key to the specified PCRs\n"
 		"                                By current value.  See PCR VALUES for\n"
 		"                                details about formatting\n"
+		"\t--signed-policy <key>         Add a signed policy directive that allows\n"
+		"\t                              policies signed by the specified public <key>\n"
+		"\t                              to authorize use of the key\n"
 		"\n"
 		"\n"
 		"Report bugs to " PACKAGE_BUGREPORT "\n",
@@ -111,6 +117,7 @@ int main(int argc, char **argv)
 	char *parent_str = NULL;
 	TPML_PCR_SELECTION pcr_lock;
 	int has_policy = 0;
+	char *signed_policy = NULL;
 
 	pcr_lock.count = 0;
 
@@ -175,6 +182,9 @@ int main(int argc, char **argv)
 		case 'x':
 			tpm2_get_pcr_lock(&pcr_lock, optarg);
 			break;
+		case OPT_SIGNED_POLICY:
+			signed_policy = optarg;
+			break;
 		default:
 			printf("Unknown option '%c'\n", c);
 			usage(argv[0]);
@@ -198,7 +208,7 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
-	if (pcr_lock.count != 0 || policyFilename)
+	if (pcr_lock.count != 0 || policyFilename || signed_policy)
 		has_policy = 1;
 
 	digest.hashAlg = name_alg;
@@ -219,6 +229,11 @@ int main(int argc, char **argv)
 				reason = "parse_policy_file";
 				goto out_free_policy;
 			}
+		} else if (signed_policy) {
+			rc = tpm2_add_signed_policy(sk, signed_policy, &digest);
+			reason = "add_signed_policy";
+			if (rc)
+				goto out_free_policy;
 		}
 	}