Add locality policy

This allows the tools to bind to a locality using the policy flag
--locality.  The locality is a bitmap.  The usual localities are 0-4.
On kernels which support executing the kernel at a different locality
from userspace, this allows things like the creation of sealed data
that can only be unsealed in the kernel (or never unsealed in the
kernel).

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

5 files changed, 90 insertions, 4 deletions

diff --git a/src/include/tpm2-common.h b/src/include/tpm2-common.h
index 0e6251b..29dcb40 100644
--- a/src/include/tpm2-common.h
+++ b/src/include/tpm2-common.h
@@ -104,6 +104,8 @@ TPM_RC tpm2_pcr_lock_policy(TSS_CONTEXT *tssContext,
 			    STACK_OF(TSSOPTPOLICY) *sk,
 			    TPMT_HA *digest);
 void tpm2_add_auth_policy(STACK_OF(TSSOPTPOLICY) *sk, TPMT_HA *digest);
+void tpm2_add_locality(STACK_OF(TSSOPTPOLICY) *sk, UINT8 locality,
+		       TPMT_HA *digest);
 EVP_PKEY *openssl_read_public_key(char *filename);
 void tpm2_public_template_rsa(TPMT_PUBLIC *pub);
 void tpm2_public_template_ecc(TPMT_PUBLIC *pub, TPMI_ECC_CURVE curve);
diff --git a/src/libcommon/tpm2-common.c b/src/libcommon/tpm2-common.c
index 3d70ea6..2822414 100644
--- a/src/libcommon/tpm2-common.c
+++ b/src/libcommon/tpm2-common.c
@@ -1173,6 +1173,13 @@ static TPM_RC tpm2_try_policy(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
 
 			break;
 		}
+		case TPM_CC_PolicyLocality:
+			rc = tpm2_PolicyLocality(tssContext, handle, policy[0]);
+			if (rc)
+				sprintf(reason, "Locality Check 0x%x failed",
+					policy[0]);
+			break;
+
 		default:
 			fprintf(stderr, "%sUnsupported policy command %d\n",
 				prefix, commands[i].code);
@@ -2760,6 +2767,30 @@ void tpm2_add_auth_policy(STACK_OF(TSSOPTPOLICY) *sk, TPMT_HA *digest)
 			  written, buf, 0, NULL);
 }
 
+void tpm2_add_locality(STACK_OF(TSSOPTPOLICY) *sk, UINT8 locality,
+		       TPMT_HA *digest)
+{
+	TSSOPTPOLICY *policy = TSSOPTPOLICY_new();
+	BYTE buf[5];
+	BYTE *buffer = buf;
+	UINT16 written = 0;
+	INT32 size = sizeof(buf);
+	const TPM_CC cc = TPM_CC_PolicyLocality;
+
+	TSS_TPM_CC_Marshal(&cc, &written, &buffer, &size);
+	TSS_UINT8_Marshal(&locality, &written, &buffer, &size);
+
+	ASN1_INTEGER_set(policy->CommandCode, cc);
+	ASN1_STRING_set(policy->CommandPolicy, buf + 4, written - 4);
+
+	sk_TSSOPTPOLICY_push(sk, policy);
+
+	TSS_Hash_Generate(digest,
+			  TSS_GetDigestSize(digest->hashAlg),
+			  (uint8_t *)&digest->digest,
+			  written, buf, 0, NULL);
+}
+
 TPM_RC tpm2_add_signed_policy(STACK_OF(TSSOPTPOLICY) *sk, char *key_file,
 			      TPMT_HA *digest)
 {
diff --git a/src/tools/create_tpm2_key.c b/src/tools/create_tpm2_key.c
index 87c55cb..9271a9b 100644
--- a/src/tools/create_tpm2_key.c
+++ b/src/tools/create_tpm2_key.c
@@ -29,6 +29,7 @@
 #define OPT_DEPRECATED 0x1ff
 #define OPT_RESTRICTED 0x1fe
 #define OPT_SIGNED_POLICY 0x1fd
+#define OPT_LOCALITY 0x1fc
 
 static struct option long_options[] = {
 	{"auth", 0, 0, 'a'},
@@ -39,6 +40,7 @@ static struct option long_options[] = {
 	{"parent-handle", 1, 0, 'p'},
 	{"pcr-lock", 1, 0, 'x'},
 	{"signed-policy", 1, 0, OPT_SIGNED_POLICY },
+	{"locality", 1, 0, OPT_LOCALITY },
 	{"wrap", 1, 0, 'w'},
 	{"version", 0, 0, 'v'},
 	{"password", 1, 0, 'k'},
@@ -98,6 +100,8 @@ usage(char *argv0)
 		"\t-x, --pcr-lock <pcrs>         Lock the created key to the specified PCRs\n"
 		"                                By current value.  See PCR VALUES for\n"
 		"                                details about formatting\n"
+		"\t--locality <loc>              Can only be used in a set of localities\n"
+		"                                described by the <loc> bitmap\n"
 		"\t--signed-policy <key>         Add a signed policy directive that allows\n"
 		"\t                              policies signed by the specified public <key>\n"
 		"\t                              to authorize use of the key\n"
@@ -478,7 +482,8 @@ int main(int argc, char **argv)
 	int restricted = 0;
 	char *parent_str = NULL;
 	TPML_PCR_SELECTION pcr_lock = { 0 };
-	int has_policy = 0;
+	int has_policy = 0, has_locality = 0;
+	UINT8 locality = 0;
 
 	OpenSSL_add_all_digests();
 	/* may be needed to decrypt the key */
@@ -573,6 +578,10 @@ int main(int argc, char **argv)
 			case OPT_SIGNED_POLICY:
 				signed_policy = optarg;
 				break;
+			case OPT_LOCALITY:
+				has_locality = 1;
+				locality = strtol(optarg, NULL, 0);
+				break;
 			default:
 				printf("Unknown option '%c'\n", c);
 				usage(argv[0]);
@@ -627,7 +636,13 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
-	if (pcr_lock.count != 0 || policyFilename || signed_policy)
+	if (has_locality && locality == 0) {
+		fprintf(stderr, "zero is an illegal locality bitmap\n");
+		exit(1);
+	}
+
+	if (pcr_lock.count != 0 || policyFilename || signed_policy ||
+	    has_locality)
 		has_policy = 1;
 
 	digest.hashAlg = name_alg;
@@ -671,6 +686,9 @@ int main(int argc, char **argv)
 			tpm2_add_auth_policy(sk, &digest);
 	}
 
+	if (has_locality)
+		tpm2_add_locality(sk, locality, &digest);
+
 	if (import) {
 		EVP_PKEY *p_pkey = openssl_read_public_key(import);
 		EVP_PKEY *pkey = openssl_read_key(wrap);
diff --git a/src/tools/seal_tpm2_data.c b/src/tools/seal_tpm2_data.c
index b0fc5f9..c9c66bc 100644
--- a/src/tools/seal_tpm2_data.c
+++ b/src/tools/seal_tpm2_data.c
@@ -22,6 +22,7 @@
 #include "tpm2-common.h"
 
 #define OPT_SIGNED_POLICY 0x1fd
+#define OPT_LOCALITY 0x1fc
 
 static struct option long_options[] = {
 	{"auth", 0, 0, 'a'},
@@ -29,6 +30,7 @@ static struct option long_options[] = {
 	{"help", 0, 0, 'h'},
 	{"parent-handle", 1, 0, 'p'},
 	{"pcr-lock", 1, 0, 'x'},
+	{"locality", 1, 0, OPT_LOCALITY },
 	{"signed-policy", 1, 0, OPT_SIGNED_POLICY },
 	{"version", 0, 0, 'v'},
 	{"password", 1, 0, 'k'},
@@ -78,6 +80,8 @@ usage(char *argv0)
 		"\t-x, --pcr-lock <pcrs>         Lock the created key to the specified PCRs\n"
 		"                                By current value.  See PCR VALUES for\n"
 		"                                details about formatting\n"
+		"\t--locality <loc>              Can only be unsealed in a set of localities\n"
+		"                                described by the <loc> bitmap\n"
 		"\t--signed-policy <key>         Add a signed policy directive that allows\n"
 		"\t                              policies signed by the specified public <key>\n"
 		"\t                              to authorize unsealing\n"
@@ -143,6 +147,7 @@ int main(int argc, char **argv)
 	int has_policy = 0;
 	char *signed_policy = NULL;
 	ENCRYPTED_SECRET_2B secret, *enc_secret = NULL;
+	int has_locality = 0, locality = 0;
 
 	pcr_lock.count = 0;
 
@@ -213,6 +218,10 @@ int main(int argc, char **argv)
 		case OPT_SIGNED_POLICY:
 			signed_policy = optarg;
 			break;
+		case OPT_LOCALITY:
+			has_locality = 1;
+			locality = strtol(optarg, NULL, 0);
+			break;
 		default:
 			printf("Unknown option '%c'\n", c);
 			usage(argv[0]);
@@ -241,7 +250,13 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
-	if (pcr_lock.count != 0 || policyFilename || signed_policy)
+	if (has_locality && locality == 0) {
+		fprintf(stderr, "zero is an illegal locality bitmap\n");
+		exit(1);
+	}
+
+	if (pcr_lock.count != 0 || policyFilename || signed_policy ||
+	    has_locality)
 		has_policy = 1;
 
 	digest.hashAlg = name_alg;
@@ -322,6 +337,9 @@ int main(int argc, char **argv)
 		}
 	}
 
+	if (has_locality)
+		tpm2_add_locality(sk, locality, &digest);
+
 	tpm2_public_template_seal(p);
 
 	if (has_policy) {
diff --git a/src/tools/signed_tpm2_policy.c b/src/tools/signed_tpm2_policy.c
index 2968174..e42db63 100644
--- a/src/tools/signed_tpm2_policy.c
+++ b/src/tools/signed_tpm2_policy.c
@@ -27,11 +27,13 @@
 #include "tpm2-common.h"
 
 #define OPT_SIGNED_POLICY 0x1fd
+#define OPT_LOCALITY 0x1fc
 
 static struct option long_options[] = {
 	{"auth", 0, 0, 'a'},
 	{"help", 0, 0, 'h'},
 	{"pcr-lock", 1, 0, 'x'},
+	{"locality", 1, 0, OPT_LOCALITY },
 	{"signed-policy", 1, 0, OPT_SIGNED_POLICY },
 	{"version", 0, 0, 'v'},
 	{"key-policy", 1, 0, 'c'},
@@ -53,7 +55,8 @@ usage(char *argv0)
 		"\t-x, --pcr-lock <pcrs>         Lock the created key to the specified PCRs\n"
 		"                                By current value.  See PCR VALUES for\n"
 		"                                details about formatting\n"
-		"\n"
+		"\t--locality <loc>              Can only be used in a set of localities\n"
+		"                                described by the <loc> bitmap\n"
 		"\t--signed-policy <key>         Add a signed policy directive that allows\n"
 		"\t                              policies signed by the specified public <key>\n"
 		"\t                              to authorize use of the key\n"
@@ -110,6 +113,8 @@ int main(int argc, char **argv)
 	TPMT_HA digest;
 	int size;
 	TPML_PCR_SELECTION pcr_lock = { 0 };
+	int has_locality = 0;
+	int locality = 0;
 	STACK_OF(TSSAUTHPOLICY) *sk;
 	enum cmd {
 		CMD_ADD = 0,
@@ -177,6 +182,10 @@ int main(int argc, char **argv)
 			case OPT_SIGNED_POLICY:
 				signed_policy = optarg;
 				break;
+			case OPT_LOCALITY:
+				has_locality = 1;
+				locality = strtol(optarg, NULL, 0);
+				break;
 			default:
 				printf("Unknown option '%c'\n", c);
 				usage(argv0);
@@ -190,6 +199,11 @@ int main(int argc, char **argv)
 		usage(argv0);
 	}
 
+	if (has_locality && locality == 0) {
+		fprintf(stderr, "zero is an illegal locality bitmap\n");
+		exit(1);
+	}
+
 	switch(cmd) {
 	case CMD_ADD:
 		filename = argv[argc - 2];
@@ -254,6 +268,9 @@ int main(int argc, char **argv)
 			}
 		}
 
+		if (has_locality)
+			tpm2_add_locality(ap->policy, locality, &digest);
+
 		rc = tpm2_new_signed_policy(filename, policy_signing_key,
 					    engine, ap, &digest);
 		if (rc == 0)