From 847fdae1579f4ee930b01f24a7847b8043bf468c Mon Sep 17 00:00:00 2001 From: Adrian Ratiu Date: Tue, 27 Jul 2021 20:13:12 +0300 Subject: char: tpm: Kconfig: remove bad i2c cr50 select This fixes a minor bug which went unnoticed during the initial driver upstreaming review: TCG_CR50 does not exist in mainline kernels, so remove it. Fixes: 3a253caaad11 ("char: tpm: add i2c driver for cr50") Cc: stable@vger.kernel.org Reviewed-by: Jarkko Sakkinen Signed-off-by: Adrian Ratiu Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index 4308f9ca7a43..d6ba644f6b00 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -89,7 +89,6 @@ config TCG_TIS_SYNQUACER config TCG_TIS_I2C_CR50 tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)" depends on I2C - select TCG_CR50 help This is a driver for the Google cr50 I2C TPM interface which is a custom microcontroller and requires a custom i2c protocol interface -- cgit v1.2.3 From 6824f8554a98cba516c3bfd5f9064d7ba0501644 Mon Sep 17 00:00:00 2001 From: Adrian Ratiu Date: Tue, 27 Jul 2021 20:13:13 +0300 Subject: char: tpm: cr50_i2c: convert to new probe interface Way back when this driver was written the I2C framework used to insist an ID table be defined even if the driver did not use it in favor of ACPI/OF matching, so it was added just to placate the hard I2C framework requirement. This is no longer the case so we can drop the table and also convert the driver to the new probe interface. Signed-off-by: Adrian Ratiu Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_tis_i2c_cr50.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/drivers/char/tpm/tpm_tis_i2c_cr50.c b/drivers/char/tpm/tpm_tis_i2c_cr50.c index 44dde2fbe2fb..c89278103703 100644 --- a/drivers/char/tpm/tpm_tis_i2c_cr50.c +++ b/drivers/char/tpm/tpm_tis_i2c_cr50.c @@ -639,12 +639,6 @@ static const struct tpm_class_ops cr50_i2c = { .req_canceled = &tpm_cr50_i2c_req_canceled, }; -static const struct i2c_device_id cr50_i2c_table[] = { - {"cr50_i2c", 0}, - {} -}; -MODULE_DEVICE_TABLE(i2c, cr50_i2c_table); - #ifdef CONFIG_ACPI static const struct acpi_device_id cr50_i2c_acpi_id[] = { { "GOOG0005", 0 }, @@ -670,8 +664,7 @@ MODULE_DEVICE_TABLE(of, of_cr50_i2c_match); * - 0: Success. * - -errno: A POSIX error code. */ -static int tpm_cr50_i2c_probe(struct i2c_client *client, - const struct i2c_device_id *id) +static int tpm_cr50_i2c_probe(struct i2c_client *client) { struct tpm_i2c_cr50_priv_data *priv; struct device *dev = &client->dev; @@ -774,8 +767,7 @@ static int tpm_cr50_i2c_remove(struct i2c_client *client) static SIMPLE_DEV_PM_OPS(cr50_i2c_pm, tpm_pm_suspend, tpm_pm_resume); static struct i2c_driver cr50_i2c_driver = { - .id_table = cr50_i2c_table, - .probe = tpm_cr50_i2c_probe, + .probe_new = tpm_cr50_i2c_probe, .remove = tpm_cr50_i2c_remove, .driver = { .name = "cr50_i2c", -- cgit v1.2.3 From ea35e0d5df6c92fa2e124bb1b91d09b2240715ba Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Tue, 29 Jun 2021 17:34:20 -0400 Subject: certs: Trigger creation of RSA module signing key if it's not an RSA key Address a kbuild issue where a developer created an ECDSA key for signing kernel modules and then builds an older version of the kernel, when bi- secting the kernel for example, that does not support ECDSA keys. If openssl is installed, trigger the creation of an RSA module signing key if it is not an RSA key. Fixes: cfc411e7fff3 ("Move certificate handling to its own directory") Cc: David Howells Cc: David Woodhouse Signed-off-by: Stefan Berger Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- certs/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/certs/Makefile b/certs/Makefile index 359239a0ee9e..f9344e52ecda 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -57,11 +57,19 @@ endif redirect_openssl = 2>&1 quiet_redirect_openssl = 2>&1 silent_redirect_openssl = 2>/dev/null +openssl_available = $(shell openssl help 2>/dev/null && echo yes) # We do it this way rather than having a boolean option for enabling an # external private key, because 'make randconfig' might enable such a # boolean option and we unfortunately can't make it depend on !RANDCONFIG. ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") + +ifeq ($(openssl_available),yes) +X509TEXT=$(shell openssl x509 -in "certs/signing_key.pem" -text 2>/dev/null) + +$(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f "certs/signing_key.pem")) +endif + $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "###" @$(kecho) "### Now generating an X.509 key pair to be used for signing modules." -- cgit v1.2.3 From a4aed36ed5924a05ecfadc470584188bfba2b928 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Tue, 29 Jun 2021 17:34:21 -0400 Subject: certs: Add support for using elliptic curve keys for signing modules Add support for using elliptic curve keys for signing modules. It uses a NIST P384 (secp384r1) key if the user chooses an elliptic curve key and will have ECDSA support built into the kernel. Note: A developer choosing an ECDSA key for signing modules should still delete the signing key (rm certs/signing_key.*) when building an older version of a kernel that only supports RSA keys. Unless kbuild automati- cally detects and generates a new kernel module key, ECDSA-signed kernel modules will fail signature verification. Cc: David Howells Cc: David Woodhouse Signed-off-by: Stefan Berger Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- certs/Kconfig | 26 ++++++++++++++++++++++++++ certs/Makefile | 13 +++++++++++++ crypto/asymmetric_keys/pkcs7_parser.c | 8 ++++++++ 3 files changed, 47 insertions(+) diff --git a/certs/Kconfig b/certs/Kconfig index f4e61116f94e..ae7f2e876a31 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -15,6 +15,32 @@ config MODULE_SIG_KEY then the kernel will automatically generate the private key and certificate as described in Documentation/admin-guide/module-signing.rst +choice + prompt "Type of module signing key to be generated" + default MODULE_SIG_KEY_TYPE_RSA + help + The type of module signing key type to generate. This option + does not apply if a #PKCS11 URI is used. + +config MODULE_SIG_KEY_TYPE_RSA + bool "RSA" + depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES) + help + Use an RSA key for module signing. + +config MODULE_SIG_KEY_TYPE_ECDSA + bool "ECDSA" + select CRYPTO_ECDSA + depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES) + help + Use an elliptic curve key (NIST P384) for module signing. Consider + using a strong hash like sha256 or sha384 for hashing modules. + + Note: Remove all ECDSA signing keys, e.g. certs/signing_key.pem, + when falling back to building Linux 5.14 and older kernels. + +endchoice + config SYSTEM_TRUSTED_KEYRING bool "Provide system-wide ring of trusted keys" depends on KEYS diff --git a/certs/Makefile b/certs/Makefile index f9344e52ecda..279433783b10 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -66,9 +66,21 @@ ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") ifeq ($(openssl_available),yes) X509TEXT=$(shell openssl x509 -in "certs/signing_key.pem" -text 2>/dev/null) +endif +# Support user changing key type +ifdef CONFIG_MODULE_SIG_KEY_TYPE_ECDSA +keytype_openssl = -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 +ifeq ($(openssl_available),yes) +$(if $(findstring id-ecPublicKey,$(X509TEXT)),,$(shell rm -f "certs/signing_key.pem")) +endif +endif # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA + +ifdef CONFIG_MODULE_SIG_KEY_TYPE_RSA +ifeq ($(openssl_available),yes) $(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f "certs/signing_key.pem")) endif +endif # CONFIG_MODULE_SIG_KEY_TYPE_RSA $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "###" @@ -83,6 +95,7 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey -batch -x509 -config $(obj)/x509.genkey \ -outform PEM -out $(obj)/signing_key.pem \ -keyout $(obj)/signing_key.pem \ + $(keytype_openssl) \ $($(quiet)redirect_openssl) @$(kecho) "###" @$(kecho) "### Key pair generated." diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index 967329e0a07b..6592279d839a 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -269,6 +269,14 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, ctx->sinfo->sig->pkey_algo = "rsa"; ctx->sinfo->sig->encoding = "pkcs1"; break; + case OID_id_ecdsa_with_sha1: + case OID_id_ecdsa_with_sha224: + case OID_id_ecdsa_with_sha256: + case OID_id_ecdsa_with_sha384: + case OID_id_ecdsa_with_sha512: + ctx->sinfo->sig->pkey_algo = "ecdsa"; + ctx->sinfo->sig->encoding = "x962"; + break; default: printk("Unsupported pkey algo: %u\n", ctx->last_oid); return -ENOPKG; -- cgit v1.2.3 From 047d4226b0bca1cda5267dc68bc8291cce5364ac Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 12 Aug 2021 22:45:48 +0300 Subject: tpm: ibmvtpm: Avoid error message when process gets signal while waiting When rngd is run as root then lots of these types of message will appear in the kernel log if the TPM has been configured to provide random bytes: [ 7406.275163] tpm tpm0: tpm_transmit: tpm_recv: error -4 The issue is caused by the following call that is interrupted while waiting for the TPM's response. sig = wait_event_interruptible(ibmvtpm->wq, !ibmvtpm->tpm_processing_cmd); Rather than waiting for the response in the low level driver, have it use the polling loop in tpm_try_transmit() that uses a command's duration to poll until a result has been returned by the TPM, thus ending when the timeout has occurred but not responding to signals and ctrl-c anymore. To stay in this polling loop extend tpm_ibmvtpm_status() to return 'true' for as long as the vTPM is indicated as being busy in tpm_processing_cmd. Since the loop requires the TPM's timeouts, get them now using tpm_get_timeouts() after setting the TPM2 version flag on the chip. To recreat the resolved issue start rngd like this: sudo rngd -r /dev/hwrng -t sudo rngd -r /dev/tpm0 -t Link: https://bugzilla.redhat.com/show_bug.cgi?id=1981473 Fixes: 6674ff145eef ("tpm_ibmvtpm: properly handle interrupted packet receptions") Cc: Nayna Jain Cc: George Wilson Reported-by: Nageswara R Sastry Signed-off-by: Stefan Berger Tested-by: Nageswara R Sastry Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_ibmvtpm.c | 26 +++++++++++++++----------- drivers/char/tpm/tpm_ibmvtpm.h | 2 +- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c index 903604769de9..3af4c07a9342 100644 --- a/drivers/char/tpm/tpm_ibmvtpm.c +++ b/drivers/char/tpm/tpm_ibmvtpm.c @@ -106,17 +106,12 @@ static int tpm_ibmvtpm_recv(struct tpm_chip *chip, u8 *buf, size_t count) { struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev); u16 len; - int sig; if (!ibmvtpm->rtce_buf) { dev_err(ibmvtpm->dev, "ibmvtpm device is not ready\n"); return 0; } - sig = wait_event_interruptible(ibmvtpm->wq, !ibmvtpm->tpm_processing_cmd); - if (sig) - return -EINTR; - len = ibmvtpm->res_len; if (count < len) { @@ -237,7 +232,7 @@ static int tpm_ibmvtpm_send(struct tpm_chip *chip, u8 *buf, size_t count) * set the processing flag before the Hcall, since we may get the * result (interrupt) before even being able to check rc. */ - ibmvtpm->tpm_processing_cmd = true; + ibmvtpm->tpm_processing_cmd = 1; again: rc = ibmvtpm_send_crq(ibmvtpm->vdev, @@ -255,7 +250,7 @@ again: goto again; } dev_err(ibmvtpm->dev, "tpm_ibmvtpm_send failed rc=%d\n", rc); - ibmvtpm->tpm_processing_cmd = false; + ibmvtpm->tpm_processing_cmd = 0; } spin_unlock(&ibmvtpm->rtce_lock); @@ -269,7 +264,9 @@ static void tpm_ibmvtpm_cancel(struct tpm_chip *chip) static u8 tpm_ibmvtpm_status(struct tpm_chip *chip) { - return 0; + struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev); + + return ibmvtpm->tpm_processing_cmd; } /** @@ -457,7 +454,7 @@ static const struct tpm_class_ops tpm_ibmvtpm = { .send = tpm_ibmvtpm_send, .cancel = tpm_ibmvtpm_cancel, .status = tpm_ibmvtpm_status, - .req_complete_mask = 0, + .req_complete_mask = 1, .req_complete_val = 0, .req_canceled = tpm_ibmvtpm_req_canceled, }; @@ -550,7 +547,7 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq, case VTPM_TPM_COMMAND_RES: /* len of the data in rtce buffer */ ibmvtpm->res_len = be16_to_cpu(crq->len); - ibmvtpm->tpm_processing_cmd = false; + ibmvtpm->tpm_processing_cmd = 0; wake_up_interruptible(&ibmvtpm->wq); return; default: @@ -688,8 +685,15 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev, goto init_irq_cleanup; } - if (!strcmp(id->compat, "IBM,vtpm20")) { + + if (!strcmp(id->compat, "IBM,vtpm20")) chip->flags |= TPM_CHIP_FLAG_TPM2; + + rc = tpm_get_timeouts(chip); + if (rc) + goto init_irq_cleanup; + + if (chip->flags & TPM_CHIP_FLAG_TPM2) { rc = tpm2_get_cc_attrs_tbl(chip); if (rc) goto init_irq_cleanup; diff --git a/drivers/char/tpm/tpm_ibmvtpm.h b/drivers/char/tpm/tpm_ibmvtpm.h index b92aa7d3e93e..51198b137461 100644 --- a/drivers/char/tpm/tpm_ibmvtpm.h +++ b/drivers/char/tpm/tpm_ibmvtpm.h @@ -41,7 +41,7 @@ struct ibmvtpm_dev { wait_queue_head_t wq; u16 res_len; u32 vtpm_version; - bool tpm_processing_cmd; + u8 tpm_processing_cmd; }; #define CRQ_RES_BUF_SIZE PAGE_SIZE -- cgit v1.2.3 From f985911b7bc75d5c98ed24d8aaa8b94c590f7c6a Mon Sep 17 00:00:00 2001 From: zhenwei pi Date: Thu, 19 Aug 2021 20:37:10 +0800 Subject: crypto: public_key: fix overflow during implicit conversion Hit kernel warning like this, it can be reproduced by verifying 256 bytes datafile by keyctl command, run script: RAWDATA=rawdata SIGDATA=sigdata modprobe pkcs8_key_parser rm -rf *.der *.pem *.pfx rm -rf $RAWDATA dd if=/dev/random of=$RAWDATA bs=256 count=1 openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \ -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com" KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \ padd asymmetric 123 @s` keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1 Then the kernel reports: WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540 pkcs1pad_verify+0x160/0x190 ... Call Trace: public_key_verify_signature+0x282/0x380 ? software_key_query+0x12d/0x180 ? keyctl_pkey_params_get+0xd6/0x130 asymmetric_key_verify_signature+0x66/0x80 keyctl_pkey_verify+0xa5/0x100 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae The reason of this issue, in function 'asymmetric_key_verify_signature': '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value, so use u32 instead of u8 for digest_size field. And reorder struct public_key_signature, it saves 8 bytes on a 64-bit machine. Cc: stable@vger.kernel.org Signed-off-by: zhenwei pi Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- include/crypto/public_key.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 47accec68cb0..f603325c0c30 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -38,9 +38,9 @@ extern void public_key_free(struct public_key *key); struct public_key_signature { struct asymmetric_key_id *auth_ids[2]; u8 *s; /* Signature */ - u32 s_size; /* Number of bytes in signature */ u8 *digest; - u8 digest_size; /* Number of bytes in digest */ + u32 s_size; /* Number of bytes in signature */ + u32 digest_size; /* Number of bytes in digest */ const char *pkey_algo; const char *hash_algo; const char *encoding; -- cgit v1.2.3