diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-11-23 13:50:48 +0000 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-12-14 10:41:29 -0500 |
commit | 8cbc00ce2535dcb864f6ccf7c07f3fc1b6f39f27 (patch) | |
tree | 1fd57f0e7ba463f3e3ab43d8508e92103c110c9c | |
parent | f5f7a3dde4bdb9b781d9f9026d36817385f1b5e4 (diff) | |
download | openssl_tpm2_engine-8cbc00ce2535dcb864f6ccf7c07f3fc1b6f39f27.tar.gz |
Add locality policy
This allows the tools to bind to a locality using the policy flag
--locality. The locality is a bitmap. The usual localities are 0-4.
On kernels which support executing the kernel at a different locality
from userspace, this allows things like the creation of sealed data
that can only be unsealed in the kernel (or never unsealed in the
kernel).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | src/include/tpm2-common.h | 2 | ||||
-rw-r--r-- | src/libcommon/tpm2-common.c | 31 | ||||
-rw-r--r-- | src/tools/create_tpm2_key.c | 22 | ||||
-rw-r--r-- | src/tools/seal_tpm2_data.c | 20 | ||||
-rw-r--r-- | src/tools/signed_tpm2_policy.c | 19 |
5 files changed, 90 insertions, 4 deletions
diff --git a/src/include/tpm2-common.h b/src/include/tpm2-common.h index 0e6251b..29dcb40 100644 --- a/src/include/tpm2-common.h +++ b/src/include/tpm2-common.h @@ -104,6 +104,8 @@ TPM_RC tpm2_pcr_lock_policy(TSS_CONTEXT *tssContext, STACK_OF(TSSOPTPOLICY) *sk, TPMT_HA *digest); void tpm2_add_auth_policy(STACK_OF(TSSOPTPOLICY) *sk, TPMT_HA *digest); +void tpm2_add_locality(STACK_OF(TSSOPTPOLICY) *sk, UINT8 locality, + TPMT_HA *digest); EVP_PKEY *openssl_read_public_key(char *filename); void tpm2_public_template_rsa(TPMT_PUBLIC *pub); void tpm2_public_template_ecc(TPMT_PUBLIC *pub, TPMI_ECC_CURVE curve); diff --git a/src/libcommon/tpm2-common.c b/src/libcommon/tpm2-common.c index 3d70ea6..2822414 100644 --- a/src/libcommon/tpm2-common.c +++ b/src/libcommon/tpm2-common.c @@ -1173,6 +1173,13 @@ static TPM_RC tpm2_try_policy(TSS_CONTEXT *tssContext, TPM_HANDLE handle, break; } + case TPM_CC_PolicyLocality: + rc = tpm2_PolicyLocality(tssContext, handle, policy[0]); + if (rc) + sprintf(reason, "Locality Check 0x%x failed", + policy[0]); + break; + default: fprintf(stderr, "%sUnsupported policy command %d\n", prefix, commands[i].code); @@ -2760,6 +2767,30 @@ void tpm2_add_auth_policy(STACK_OF(TSSOPTPOLICY) *sk, TPMT_HA *digest) written, buf, 0, NULL); } +void tpm2_add_locality(STACK_OF(TSSOPTPOLICY) *sk, UINT8 locality, + TPMT_HA *digest) +{ + TSSOPTPOLICY *policy = TSSOPTPOLICY_new(); + BYTE buf[5]; + BYTE *buffer = buf; + UINT16 written = 0; + INT32 size = sizeof(buf); + const TPM_CC cc = TPM_CC_PolicyLocality; + + TSS_TPM_CC_Marshal(&cc, &written, &buffer, &size); + TSS_UINT8_Marshal(&locality, &written, &buffer, &size); + + ASN1_INTEGER_set(policy->CommandCode, cc); + ASN1_STRING_set(policy->CommandPolicy, buf + 4, written - 4); + + sk_TSSOPTPOLICY_push(sk, policy); + + TSS_Hash_Generate(digest, + TSS_GetDigestSize(digest->hashAlg), + (uint8_t *)&digest->digest, + written, buf, 0, NULL); +} + TPM_RC tpm2_add_signed_policy(STACK_OF(TSSOPTPOLICY) *sk, char *key_file, TPMT_HA *digest) { diff --git a/src/tools/create_tpm2_key.c b/src/tools/create_tpm2_key.c index 87c55cb..9271a9b 100644 --- a/src/tools/create_tpm2_key.c +++ b/src/tools/create_tpm2_key.c @@ -29,6 +29,7 @@ #define OPT_DEPRECATED 0x1ff #define OPT_RESTRICTED 0x1fe #define OPT_SIGNED_POLICY 0x1fd +#define OPT_LOCALITY 0x1fc static struct option long_options[] = { {"auth", 0, 0, 'a'}, @@ -39,6 +40,7 @@ static struct option long_options[] = { {"parent-handle", 1, 0, 'p'}, {"pcr-lock", 1, 0, 'x'}, {"signed-policy", 1, 0, OPT_SIGNED_POLICY }, + {"locality", 1, 0, OPT_LOCALITY }, {"wrap", 1, 0, 'w'}, {"version", 0, 0, 'v'}, {"password", 1, 0, 'k'}, @@ -98,6 +100,8 @@ usage(char *argv0) "\t-x, --pcr-lock <pcrs> Lock the created key to the specified PCRs\n" " By current value. See PCR VALUES for\n" " details about formatting\n" + "\t--locality <loc> Can only be used in a set of localities\n" + " described by the <loc> bitmap\n" "\t--signed-policy <key> Add a signed policy directive that allows\n" "\t policies signed by the specified public <key>\n" "\t to authorize use of the key\n" @@ -478,7 +482,8 @@ int main(int argc, char **argv) int restricted = 0; char *parent_str = NULL; TPML_PCR_SELECTION pcr_lock = { 0 }; - int has_policy = 0; + int has_policy = 0, has_locality = 0; + UINT8 locality = 0; OpenSSL_add_all_digests(); /* may be needed to decrypt the key */ @@ -573,6 +578,10 @@ int main(int argc, char **argv) case OPT_SIGNED_POLICY: signed_policy = optarg; break; + case OPT_LOCALITY: + has_locality = 1; + locality = strtol(optarg, NULL, 0); + break; default: printf("Unknown option '%c'\n", c); usage(argv[0]); @@ -627,7 +636,13 @@ int main(int argc, char **argv) exit(1); } - if (pcr_lock.count != 0 || policyFilename || signed_policy) + if (has_locality && locality == 0) { + fprintf(stderr, "zero is an illegal locality bitmap\n"); + exit(1); + } + + if (pcr_lock.count != 0 || policyFilename || signed_policy || + has_locality) has_policy = 1; digest.hashAlg = name_alg; @@ -671,6 +686,9 @@ int main(int argc, char **argv) tpm2_add_auth_policy(sk, &digest); } + if (has_locality) + tpm2_add_locality(sk, locality, &digest); + if (import) { EVP_PKEY *p_pkey = openssl_read_public_key(import); EVP_PKEY *pkey = openssl_read_key(wrap); diff --git a/src/tools/seal_tpm2_data.c b/src/tools/seal_tpm2_data.c index b0fc5f9..c9c66bc 100644 --- a/src/tools/seal_tpm2_data.c +++ b/src/tools/seal_tpm2_data.c @@ -22,6 +22,7 @@ #include "tpm2-common.h" #define OPT_SIGNED_POLICY 0x1fd +#define OPT_LOCALITY 0x1fc static struct option long_options[] = { {"auth", 0, 0, 'a'}, @@ -29,6 +30,7 @@ static struct option long_options[] = { {"help", 0, 0, 'h'}, {"parent-handle", 1, 0, 'p'}, {"pcr-lock", 1, 0, 'x'}, + {"locality", 1, 0, OPT_LOCALITY }, {"signed-policy", 1, 0, OPT_SIGNED_POLICY }, {"version", 0, 0, 'v'}, {"password", 1, 0, 'k'}, @@ -78,6 +80,8 @@ usage(char *argv0) "\t-x, --pcr-lock <pcrs> Lock the created key to the specified PCRs\n" " By current value. See PCR VALUES for\n" " details about formatting\n" + "\t--locality <loc> Can only be unsealed in a set of localities\n" + " described by the <loc> bitmap\n" "\t--signed-policy <key> Add a signed policy directive that allows\n" "\t policies signed by the specified public <key>\n" "\t to authorize unsealing\n" @@ -143,6 +147,7 @@ int main(int argc, char **argv) int has_policy = 0; char *signed_policy = NULL; ENCRYPTED_SECRET_2B secret, *enc_secret = NULL; + int has_locality = 0, locality = 0; pcr_lock.count = 0; @@ -213,6 +218,10 @@ int main(int argc, char **argv) case OPT_SIGNED_POLICY: signed_policy = optarg; break; + case OPT_LOCALITY: + has_locality = 1; + locality = strtol(optarg, NULL, 0); + break; default: printf("Unknown option '%c'\n", c); usage(argv[0]); @@ -241,7 +250,13 @@ int main(int argc, char **argv) exit(1); } - if (pcr_lock.count != 0 || policyFilename || signed_policy) + if (has_locality && locality == 0) { + fprintf(stderr, "zero is an illegal locality bitmap\n"); + exit(1); + } + + if (pcr_lock.count != 0 || policyFilename || signed_policy || + has_locality) has_policy = 1; digest.hashAlg = name_alg; @@ -322,6 +337,9 @@ int main(int argc, char **argv) } } + if (has_locality) + tpm2_add_locality(sk, locality, &digest); + tpm2_public_template_seal(p); if (has_policy) { diff --git a/src/tools/signed_tpm2_policy.c b/src/tools/signed_tpm2_policy.c index 2968174..e42db63 100644 --- a/src/tools/signed_tpm2_policy.c +++ b/src/tools/signed_tpm2_policy.c @@ -27,11 +27,13 @@ #include "tpm2-common.h" #define OPT_SIGNED_POLICY 0x1fd +#define OPT_LOCALITY 0x1fc static struct option long_options[] = { {"auth", 0, 0, 'a'}, {"help", 0, 0, 'h'}, {"pcr-lock", 1, 0, 'x'}, + {"locality", 1, 0, OPT_LOCALITY }, {"signed-policy", 1, 0, OPT_SIGNED_POLICY }, {"version", 0, 0, 'v'}, {"key-policy", 1, 0, 'c'}, @@ -53,7 +55,8 @@ usage(char *argv0) "\t-x, --pcr-lock <pcrs> Lock the created key to the specified PCRs\n" " By current value. See PCR VALUES for\n" " details about formatting\n" - "\n" + "\t--locality <loc> Can only be used in a set of localities\n" + " described by the <loc> bitmap\n" "\t--signed-policy <key> Add a signed policy directive that allows\n" "\t policies signed by the specified public <key>\n" "\t to authorize use of the key\n" @@ -110,6 +113,8 @@ int main(int argc, char **argv) TPMT_HA digest; int size; TPML_PCR_SELECTION pcr_lock = { 0 }; + int has_locality = 0; + int locality = 0; STACK_OF(TSSAUTHPOLICY) *sk; enum cmd { CMD_ADD = 0, @@ -177,6 +182,10 @@ int main(int argc, char **argv) case OPT_SIGNED_POLICY: signed_policy = optarg; break; + case OPT_LOCALITY: + has_locality = 1; + locality = strtol(optarg, NULL, 0); + break; default: printf("Unknown option '%c'\n", c); usage(argv0); @@ -190,6 +199,11 @@ int main(int argc, char **argv) usage(argv0); } + if (has_locality && locality == 0) { + fprintf(stderr, "zero is an illegal locality bitmap\n"); + exit(1); + } + switch(cmd) { case CMD_ADD: filename = argv[argc - 2]; @@ -254,6 +268,9 @@ int main(int argc, char **argv) } } + if (has_locality) + tpm2_add_locality(ap->policy, locality, &digest); + rc = tpm2_new_signed_policy(filename, policy_signing_key, engine, ap, &digest); if (rc == 0) |