From patchwork Wed Jun 12 12:27:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 166544 Delivered-To: patches@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3619156ilk; Wed, 12 Jun 2019 05:27:27 -0700 (PDT) X-Received: by 2002:aa7:8c52:: with SMTP id e18mr17486496pfd.233.1560342447896; Wed, 12 Jun 2019 05:27:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560342447; cv=none; d=google.com; s=arc-20160816; b=WO5FYx3bDe0SSSReudqODcBe2+pylcod9sAUWMv/sfMbRxL5nK04qcn3P6yY0fe5+r Q1n/25/9iybvXs0uaWHALVFonn/fPPoqsuHHcLZJ+WPAS2n7BVjyQP+k1mGo+4K5JLGt emAlnkzL9Dvcwd1599FTZy6RnbPpWYYW/B8nwXZYgrfDVgCcCueocullfp8h7g3fvBa2 Ez2EYQCJzsIQCMNdzp3Bz70LBTu0MZuVA+seZNG6UEp0suWKl3JlfaElbIH/DtG4cIB5 2YnCWITC3i9EdOR7TK3OYeokyyRwp1vnqbRiM/vSwI1ImWTCjSHALsfNW2/IFJBGt+ha MFnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:dkim-signature; bh=Ax8SVnf/ukHNeDO9SiQEtcjhFi1mqv/zJ164Zb09+sk=; b=io5+Gj1lL90wc16ahj+85aRJ9uN668yqitDF4czOlNi9wLmS/NBweVxglRav68Fo9X tvkp2qfntw7W4N/U8Tl1tov7kS/7mIw+vxj5ePOQP7zeajqTuvPwmjpBPRgr65q9QNr2 tNTKVXCrr0C7tT2Gsf+QF7WqEwawIFBRpWz3MP75cdlF3FB3w9+i8fYOALjDrhe6ahct GQPCAHBp0EfCtrtVy76kORYq2DMiph1RWamTcg472PiwK77Jrm8nlurpa7bpc+k2qu4k ouigarizKpf4UhLaUoGlLE+0pci+IPaql/SY9XX1oCCeTLX6eyq7SuSVMxOa8plrrM3g n7Nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Vga0Kg5u; spf=pass (google.com: domain of sumit.garg@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=sumit.garg@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id x10sor6129758pjn.26.2019.06.12.05.27.27 for (Google Transport Security); Wed, 12 Jun 2019 05:27:27 -0700 (PDT) Received-SPF: pass (google.com: domain of sumit.garg@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Vga0Kg5u; spf=pass (google.com: domain of sumit.garg@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=sumit.garg@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=Ax8SVnf/ukHNeDO9SiQEtcjhFi1mqv/zJ164Zb09+sk=; b=Vga0Kg5uxX0BbPbiaK4qEDs4u1dMbZPig3V6vQp0X+HMf2MhhMk/+EdoSDAcO3Pbxo M0pnD6U3PAILDWv2o5bebnW6J8vwaO4Lm6Nvs36+f+wxx1AvNbAnOMufKahFFXNn2nGY RRMf/WQ8NleTlNytkjBjSj7uJ6QdsEM8DWOKOBi22OdV/zBTNR0Z7XX9beznZzJE18Hi q8v9qjJKhC+7Xa9IpEg0TOa67g+/IDc4mIYgYbiss4WME9Yq2D8gSC7Q6knef9uXR1f+ 51tyrx4lyQbNN9ju5MKrTSySDaZoxVZ9RY+Wj+XTYOxTiP8h4JBPULgaN37aWe5ORNR1 5CJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Ax8SVnf/ukHNeDO9SiQEtcjhFi1mqv/zJ164Zb09+sk=; b=q/bh1VZsBd1Z+Fvu6HNfm6rZzRuMBPiroHTkkM6F69uudj3WcuB4Nu/oWwiuL93YlE UtgBaW6n4hI/mG2lkq1xOlF9ngP5wi2/Lwm0xZ6gZvDK3jJfqgykhfmaNcNzQRgbWYW5 OIlPA8gDTe/C/0flfs2VAlWQjX0BCJlJoIdmmwpQ4K5z4cc58gRdgDiHFsu7TmF3myrn WydDGo58qFawCahD/Sj9/7oVJlPYbM8IQY0drmb8SlDQZtHS3/ypRFEeWdOieOdfOBgt 84VsWsq+won/GEq3wmb92pS2IB27jc5hDYmpZwM5C686/pPSeM6jtpb+JlDURYPaqftp yofA== X-Gm-Message-State: APjAAAVv+yKHpyuR3QPm6J8/0J53eTmgntBTYCOi602aJGHvkyhQyE0f Ta0YiECFXdVo+uFOVZ4VIf+zPPP7xP7vTg== X-Google-Smtp-Source: APXvYqxaCsNUH5Wex3DUQV2CNIv2kWodNRiMs41YFwKIs2Rw7ErTdYXp8PgBBlVsNMzOaY0ll8uOFQ== X-Received: by 2002:a17:90a:258b:: with SMTP id k11mr31107381pje.110.1560342447415; Wed, 12 Jun 2019 05:27:27 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([117.196.234.139]) by smtp.gmail.com with ESMTPSA id m19sm38764982pff.153.2019.06.12.05.27.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 12 Jun 2019 05:27:26 -0700 (PDT) From: Sumit Garg To: daniel.thompson@linaro.org Cc: patches@linaro.org, Sumit Garg Subject: [RFC] pta: add pseudo TA to seal and unseal Linux trusted keys Date: Wed, 12 Jun 2019 17:57:07 +0530 Message-Id: <1560342427-30199-1-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 This patch adds a pseudo TA which acts as Linux TEE bus device to provide a service of sealing/unsealing of trusted keys in case platform doesn't posses a TPM device. To do sealing/unsealing we use Secure Storage Key (SSK) using common api as done for FEK (using AES_ECB algo). Also, this pseudo TA only accepts login with a new private login method specifically used by REE kernel. Signed-off-by: Sumit Garg --- core/arch/arm/pta/sub.mk | 1 + core/arch/arm/pta/trusted_key.c | 131 ++++++++++++++++++++++++++++++++++ core/arch/arm/tee/entry_std.c | 1 + core/tee/tee_fs_key_manager.c | 2 +- lib/libutee/include/pta_trusted_key.h | 51 +++++++++++++ lib/libutee/include/tee_api_defines.h | 2 + 6 files changed, 187 insertions(+), 1 deletion(-) create mode 100644 core/arch/arm/pta/trusted_key.c create mode 100644 lib/libutee/include/pta_trusted_key.h -- 2.7.4 diff --git a/core/arch/arm/pta/sub.mk b/core/arch/arm/pta/sub.mk index 8f9451b..131a93e 100644 --- a/core/arch/arm/pta/sub.mk +++ b/core/arch/arm/pta/sub.mk @@ -15,3 +15,4 @@ srcs-$(CFG_TEE_BENCHMARK) += benchmark.c srcs-$(CFG_SDP_PTA) += sdp_pta.c srcs-$(CFG_SYSTEM_PTA) += system.c srcs-$(CFG_DEVICE_ENUM_PTA) += device.c +srcs-y += trusted_key.c diff --git a/core/arch/arm/pta/trusted_key.c b/core/arch/arm/pta/trusted_key.c new file mode 100644 index 0000000..350609f --- /dev/null +++ b/core/arch/arm/pta/trusted_key.c @@ -0,0 +1,131 @@ +// SPDX-License-Identifier: BSD-2-Clause +/* + * Copyright (C) 2019, Linaro Limited + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define PTA_NAME "trusted_key.pta" + +static TEE_Result get_random(uint32_t types, + TEE_Param params[TEE_NUM_PARAMS]) +{ + FMSG("Invoked TA_CMD_GET_RANDOM"); + + if (types != TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_OUTPUT, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) + return TEE_ERROR_BAD_PARAMETERS; + + if (!params[0].memref.buffer || params[0].memref.size == 0) + return TEE_ERROR_BAD_PARAMETERS; + + return crypto_rng_read(params[0].memref.buffer, params[0].memref.size); +} + +static TEE_Result seal_trusted_key(uint32_t types, + TEE_Param params[TEE_NUM_PARAMS]) +{ + TEE_Result res = TEE_SUCCESS; + const TEE_UUID uuid = PTA_TRUSTED_KEY_UUID; + + FMSG("Invoked TA_CMD_SEAL"); + + if (types != TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, + TEE_PARAM_TYPE_MEMREF_OUTPUT, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) + return TEE_ERROR_BAD_PARAMETERS; + + if (!params[0].memref.buffer || params[0].memref.size == 0) + return TEE_ERROR_BAD_PARAMETERS; + if (!params[1].memref.buffer || params[1].memref.size == 0) + return TEE_ERROR_BAD_PARAMETERS; + + res = tee_fs_fek_crypt(&uuid, TEE_MODE_ENCRYPT, params[0].memref.buffer, + params[0].memref.size, params[1].memref.buffer); + if (res == TEE_SUCCESS) + params[1].memref.size = params[0].memref.size; + else + params[1].memref.size = 0; + + return res; +} + +static TEE_Result unseal_trusted_key(uint32_t types, + TEE_Param params[TEE_NUM_PARAMS]) +{ + TEE_Result res = TEE_SUCCESS; + const TEE_UUID uuid = PTA_TRUSTED_KEY_UUID; + + FMSG("Invoked TA_CMD_UNSEAL"); + + if (types != TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, + TEE_PARAM_TYPE_MEMREF_OUTPUT, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) + return TEE_ERROR_BAD_PARAMETERS; + + if (!params[0].memref.buffer || params[0].memref.size == 0) + return TEE_ERROR_BAD_PARAMETERS; + if (!params[1].memref.buffer || params[1].memref.size == 0) + return TEE_ERROR_BAD_PARAMETERS; + + res = tee_fs_fek_crypt(&uuid, TEE_MODE_DECRYPT, params[0].memref.buffer, + params[0].memref.size, params[1].memref.buffer); + if (res == TEE_SUCCESS) + params[1].memref.size = params[0].memref.size; + else + params[1].memref.size = 0; + + return res; +} + +static TEE_Result invoke_command(void *pSessionContext __unused, + uint32_t nCommandID, uint32_t nParamTypes, + TEE_Param pParams[TEE_NUM_PARAMS]) +{ + switch (nCommandID) { + case TA_CMD_GET_RANDOM: + return get_random(nParamTypes, pParams); + case TA_CMD_SEAL: + return seal_trusted_key(nParamTypes, pParams); + case TA_CMD_UNSEAL: + return unseal_trusted_key(nParamTypes, pParams); + default: + break; + } + + return TEE_ERROR_NOT_IMPLEMENTED; +} + +static TEE_Result open_session(uint32_t param_types __unused, + TEE_Param params[TEE_NUM_PARAMS] __unused, + void **sess_ctx __unused) +{ + TEE_Result res = TEE_SUCCESS; + struct tee_ta_session *s; + + /* Check that we're called from a REE kernel client */ + res = tee_ta_get_current_session(&s); + if (res != TEE_SUCCESS) + return res; + if (s->clnt_id.login != TEE_LOGIN_REE_KERNEL) + res = TEE_ERROR_ACCESS_DENIED; + + return res; +} + + +pseudo_ta_register(.uuid = PTA_TRUSTED_KEY_UUID, .name = PTA_NAME, + .flags = PTA_DEFAULT_FLAGS | TA_FLAG_DEVICE_ENUM, + .open_session_entry_point = open_session, + .invoke_command_entry_point = invoke_command); diff --git a/core/arch/arm/tee/entry_std.c b/core/arch/arm/tee/entry_std.c index 876f97e..a3ca33c 100644 --- a/core/arch/arm/tee/entry_std.c +++ b/core/arch/arm/tee/entry_std.c @@ -281,6 +281,7 @@ static TEE_Result get_open_session_meta(size_t num_params, clnt_id->login = params[1].u.value.c; switch (clnt_id->login) { case TEE_LOGIN_PUBLIC: + case TEE_LOGIN_REE_KERNEL: memset(&clnt_id->uuid, 0, sizeof(clnt_id->uuid)); break; case TEE_LOGIN_USER: diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c index 314554d..560dc4c 100644 --- a/core/tee/tee_fs_key_manager.c +++ b/core/tee/tee_fs_key_manager.c @@ -83,7 +83,7 @@ TEE_Result tee_fs_fek_crypt(const TEE_UUID *uuid, TEE_OperationMode mode, if (!in_key || !out_key) return TEE_ERROR_BAD_PARAMETERS; - if (size != TEE_FS_KM_FEK_SIZE) + if (size > TEE_SHA256_HASH_SIZE) return TEE_ERROR_BAD_PARAMETERS; if (tee_fs_ssk.is_init == 0) diff --git a/lib/libutee/include/pta_trusted_key.h b/lib/libutee/include/pta_trusted_key.h new file mode 100644 index 0000000..666ae43 --- /dev/null +++ b/lib/libutee/include/pta_trusted_key.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/* + * Copyright (C) 2019, Linaro Limited + */ + +/* + * Enumerate the pseudo TAs that have the TA_FLAG_DEVICE_ENUM flag enabled. + */ + +#ifndef __PTA_TRUSTED_KEY_H +#define __PTA_TRUSTED_KEY_H + +#define PTA_TRUSTED_KEY_UUID { 0xf04a0fe7, 0x1f5d, 0x4b9b, \ + { 0xab, 0xf7, 0x61, 0x9b, 0x85, 0xb4, 0xce, 0x8c } } + +/* + * Get random data for symmetric key + * + * [out] memref[0] Random data + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ +#define TA_CMD_GET_RANDOM 0x0 + +/* + * Seal trusted key using hardware unique key + * + * [in] memref[0] Plain key + * [out] memref[1] Sealed key datablob + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ +#define TA_CMD_SEAL 0x1 + +/* + * Unseal trusted key using hardware unique key + * + * [in] memref[0] Sealed key datablob + * [out] memref[1] Plain key + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ +#define TA_CMD_UNSEAL 0x2 + +#endif /* __PTA_TRUSTED_KEY_H */ diff --git a/lib/libutee/include/tee_api_defines.h b/lib/libutee/include/tee_api_defines.h index c71108a..d1dbecc 100644 --- a/lib/libutee/include/tee_api_defines.h +++ b/lib/libutee/include/tee_api_defines.h @@ -63,6 +63,8 @@ #define TEE_LOGIN_APPLICATION_USER 0x00000005 #define TEE_LOGIN_APPLICATION_GROUP 0x00000006 #define TEE_LOGIN_TRUSTED_APP 0xF0000000 +/* Private login method for REE kernel clients */ +#define TEE_LOGIN_REE_KERNEL 0x80000000 /* Origin Code Constants */ #define TEE_ORIGIN_API 0x00000001