[thirdparty/systemd.git] / src / cryptenroll / cryptenroll-tpm2.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include "alloc-util.h"
#include "ask-password-api.h"
#include "cryptenroll-tpm2.h"
#include "env-util.h"
#include "fileio.h"
#include "hexdecoct.h"
#include "json.h"
#include "memory-util.h"
#include "random-util.h"
#include "sha256.h"
#include "tpm2-util.h"

static int search_policy_hash(
                struct crypt_device *cd,
                const void *hash,
                size_t hash_size) {

        int r;

        assert(cd);
        assert(hash || hash_size == 0);

        if (hash_size == 0)
                return 0;

        for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token ++) {
                _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
                _cleanup_free_ void *thash = NULL;
                size_t thash_size = 0;
                int keyslot;
                JsonVariant *w;

                r = cryptsetup_get_token_as_json(cd, token, "systemd-tpm2", &v);
                if (IN_SET(r, -ENOENT, -EINVAL, -EMEDIUMTYPE))
                        continue;
                if (r < 0)
                        return log_error_errno(r, "Failed to read JSON token data off disk: %m");

                keyslot = cryptsetup_get_keyslot_from_token(v);
                if (keyslot < 0) {
                        /* Handle parsing errors of the keyslots field gracefully, since it's not 'owned' by
                         * us, but by the LUKS2 spec */
                        log_warning_errno(keyslot, "Failed to determine keyslot of JSON token %i, skipping: %m", token);
                        continue;
                }

                w = json_variant_by_key(v, "tpm2-policy-hash");
                if (!w || !json_variant_is_string(w))
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                               "TPM2 token data lacks 'tpm2-policy-hash' field.");

                r = unhexmem(json_variant_string(w), SIZE_MAX, &thash, &thash_size);
                if (r < 0)
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                               "Invalid base64 data in 'tpm2-policy-hash' field.");

                if (memcmp_nn(hash, hash_size, thash, thash_size) == 0)
                        return keyslot; /* Found entry with same hash. */
        }

        return -ENOENT; /* Not found */
}

static int get_pin(char **ret_pin_str, TPM2Flags *ret_flags) {
        _cleanup_free_ char *pin_str = NULL;
        int r;
        TPM2Flags flags = 0;

        assert(ret_pin_str);
        assert(ret_flags);

        r = getenv_steal_erase("NEWPIN", &pin_str);
        if (r < 0)
                return log_error_errno(r, "Failed to acquire PIN from environment: %m");
        if (r > 0)
                flags |= TPM2_FLAGS_USE_PIN;
        else {
                for (size_t i = 5;; i--) {
                        _cleanup_strv_free_erase_ char **pin = NULL, **pin2 = NULL;

                        if (i <= 0)
                                return log_error_errno(
                                                SYNTHETIC_ERRNO(ENOKEY), "Too many attempts, giving up.");

                        pin = strv_free_erase(pin);
                        r = ask_password_auto(
                                        "Please enter TPM2 PIN:",
                                        "drive-harddisk",
                                        NULL,
                                        "tpm2-pin",
                                        "cryptenroll.tpm2-pin",
                                        USEC_INFINITY,
                                        0,
                                        &pin);
                        if (r < 0)
                                return log_error_errno(r, "Failed to ask for user pin: %m");
                        assert(strv_length(pin) == 1);

                        r = ask_password_auto(
                                        "Please enter TPM2 PIN (repeat):",
                                        "drive-harddisk",
                                        NULL,
                                        "tpm2-pin",
                                        "cryptenroll.tpm2-pin",
                                        USEC_INFINITY,
                                        0,
                                        &pin2);
                        if (r < 0)
                                return log_error_errno(r, "Failed to ask for user pin: %m");
                        assert(strv_length(pin) == 1);

                        if (strv_equal(pin, pin2)) {
                                pin_str = strdup(*pin);
                                if (!pin_str)
                                        return log_oom();
                                flags |= TPM2_FLAGS_USE_PIN;
                                break;
                        }

                        log_error("PINs didn't match, please try again!");
                }
        }

        *ret_flags = flags;
        *ret_pin_str = TAKE_PTR(pin_str);

        return 0;
}

int enroll_tpm2(struct crypt_device *cd,
                const void *volume_key,
                size_t volume_key_size,
                const char *device,
                uint32_t hash_pcr_mask,
                const char *pubkey_path,
                uint32_t pubkey_pcr_mask,
                const char *signature_path,
                bool use_pin) {

        _cleanup_(erase_and_freep) void *secret = NULL;
        _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *signature_json = NULL;
        _cleanup_(erase_and_freep) char *base64_encoded = NULL;
        size_t secret_size, blob_size, hash_size, pubkey_size = 0;
        _cleanup_free_ void *blob = NULL, *hash = NULL, *pubkey = NULL;
        uint16_t pcr_bank, primary_alg;
        const char *node;
        _cleanup_(erase_and_freep) char *pin_str = NULL;
        ssize_t base64_encoded_size;
        int r, keyslot;
        TPM2Flags flags = 0;
        uint8_t binary_salt[SHA256_DIGEST_SIZE] = {};
        /*
         * erase the salt, we'd rather attempt to not have this in a coredump
         * as an attacker would have all the parameters but pin used to create
         * the session key. This problem goes away when we move to a trusted
         * primary key, aka the SRK.
         */
        CLEANUP_ERASE(binary_salt);

        assert(cd);
        assert(volume_key);
        assert(volume_key_size > 0);
        assert(TPM2_PCR_MASK_VALID(hash_pcr_mask));
        assert(TPM2_PCR_MASK_VALID(pubkey_pcr_mask));

        assert_se(node = crypt_get_device_name(cd));

        if (use_pin) {
                r = get_pin(&pin_str, &flags);
                if (r < 0)
                        return r;

                r = crypto_random_bytes(binary_salt, sizeof(binary_salt));
                if (r < 0)
                        return log_error_errno(r, "Failed to acquire random salt: %m");

                uint8_t salted_pin[SHA256_DIGEST_SIZE] = {};
                CLEANUP_ERASE(salted_pin);
                r = tpm2_util_pbkdf2_hmac_sha256(pin_str, strlen(pin_str), binary_salt, sizeof(binary_salt), salted_pin);
                if (r < 0)
                        return log_error_errno(r, "Failed to perform PBKDF2: %m");

                pin_str = erase_and_free(pin_str);
                /* re-stringify pin_str */
                base64_encoded_size = base64mem(salted_pin, sizeof(salted_pin), &pin_str);
                if (base64_encoded_size < 0)
                        return log_error_errno(base64_encoded_size, "Failed to base64 encode salted pin: %m");
        }

        r = tpm2_load_pcr_public_key(pubkey_path, &pubkey, &pubkey_size);
        if (r < 0) {
                if (pubkey_path || signature_path || r != -ENOENT)
                        return log_error_errno(r, "Failed read TPM PCR public key: %m");

                log_debug_errno(r, "Failed to read TPM2 PCR public key, proceeding without: %m");
                pubkey_pcr_mask = 0;
        } else if (signature_path) {
                /* Also try to load the signature JSON object, to verify that our enrollment will work.
                 * This is optional however, skip it if it's not explicitly provided. */

                r = tpm2_load_pcr_signature(signature_path, &signature_json);
                if (r < 0)
                        return log_debug_errno(r, "Failed to read TPM PCR signature: %m");
        }

        r = tpm2_seal(device,
                      hash_pcr_mask,
                      pubkey, pubkey_size,
                      pubkey_pcr_mask,
                      pin_str,
                      &secret, &secret_size,
                      &blob, &blob_size,
                      &hash, &hash_size,
                      &pcr_bank,
                      &primary_alg);
        if (r < 0)
                return r;

        /* Let's see if we already have this specific PCR policy hash enrolled, if so, exit early. */
        r = search_policy_hash(cd, hash, hash_size);
        if (r == -ENOENT)
                log_debug_errno(r, "PCR policy hash not yet enrolled, enrolling now.");
        else if (r < 0)
                return r;
        else {
                log_info("This PCR set is already enrolled, executing no operation.");
                return r; /* return existing keyslot, so that wiping won't kill it */
        }

        /* Quick verification that everything is in order, we are not in a hurry after all. */
        if (!pubkey || signature_json) {
                _cleanup_(erase_and_freep) void *secret2 = NULL;
                size_t secret2_size;

                log_debug("Unsealing for verification...");
                r = tpm2_unseal(device,
                                hash_pcr_mask,
                                pcr_bank,
                                pubkey, pubkey_size,
                                pubkey_pcr_mask,
                                signature_json,
                                pin_str,
                                primary_alg,
                                blob, blob_size,
                                hash, hash_size,
                                &secret2, &secret2_size);
                if (r < 0)
                        return r;

                if (memcmp_nn(secret, secret_size, secret2, secret2_size) != 0)
                        return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "TPM2 seal/unseal verification failed.");
        }

        /* let's base64 encode the key to use, for compat with homed (and it's easier to every type it in by keyboard, if that might end up being necessary. */
        base64_encoded_size = base64mem(secret, secret_size, &base64_encoded);
        if (base64_encoded_size < 0)
                return log_error_errno(base64_encoded_size, "Failed to base64 encode secret key: %m");

        r = cryptsetup_set_minimal_pbkdf(cd);
        if (r < 0)
                return log_error_errno(r, "Failed to set minimal PBKDF: %m");

        keyslot = crypt_keyslot_add_by_volume_key(
                        cd,
                        CRYPT_ANY_SLOT,
                        volume_key,
                        volume_key_size,
                        base64_encoded,
                        base64_encoded_size);
        if (keyslot < 0)
                return log_error_errno(keyslot, "Failed to add new TPM2 key to %s: %m", node);

        r = tpm2_make_luks2_json(
                        keyslot,
                        hash_pcr_mask,
                        pcr_bank,
                        pubkey, pubkey_size,
                        pubkey_pcr_mask,
                        primary_alg,
                        blob, blob_size,
                        hash, hash_size,
                        use_pin ? binary_salt : NULL,
                        use_pin ? sizeof(binary_salt) : 0,
                        flags,
                        &v);
        if (r < 0)
                return log_error_errno(r, "Failed to prepare TPM2 JSON token object: %m");

        r = cryptsetup_add_token_json(cd, v);
        if (r < 0)
                return log_error_errno(r, "Failed to add TPM2 JSON token to LUKS2 header: %m");

        log_info("New TPM2 token enrolled as key slot %i.", keyslot);
        return keyslot;
}
Commit	Line	Data
5e521624 LP	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
	2
	3	#include "alloc-util.h"
6c7a1681	4	#include "ask-password-api.h"
5e521624	5	#include "cryptenroll-tpm2.h"
6c7a1681	6	#include "env-util.h"
f0f4fcae	7	#include "fileio.h"
5e521624 LP	8	#include "hexdecoct.h"
	9	#include "json.h"
	10	#include "memory-util.h"
aae6eb96 WR	11	#include "random-util.h"
aae6eb96 WR	12	#include "sha256.h"
5e521624 LP	13	#include "tpm2-util.h"
	14
	15	static int search_policy_hash(
	16	struct crypt_device *cd,
	17	const void *hash,
	18	size_t hash_size) {
	19
	20	int r;
	21
	22	assert(cd);
	23	assert(hash \|\| hash_size == 0);
	24
	25	if (hash_size == 0)
	26	return 0;
	27
3c2c8e62	28	for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token ++) {
5e521624 LP	29	_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
	30	_cleanup_free_ void *thash = NULL;
	31	size_t thash_size = 0;
	32	int keyslot;
	33	JsonVariant *w;
	34
	35	r = cryptsetup_get_token_as_json(cd, token, "systemd-tpm2", &v);
	36	if (IN_SET(r, -ENOENT, -EINVAL, -EMEDIUMTYPE))
	37	continue;
	38	if (r < 0)
	39	return log_error_errno(r, "Failed to read JSON token data off disk: %m");
	40
	41	keyslot = cryptsetup_get_keyslot_from_token(v);
1641c2b1 LP	42	if (keyslot < 0) {
	43	/* Handle parsing errors of the keyslots field gracefully, since it's not 'owned' by
	44	* us, but by the LUKS2 spec */
	45	log_warning_errno(keyslot, "Failed to determine keyslot of JSON token %i, skipping: %m", token);
	46	continue;
	47	}
5e521624 LP	48
	49	w = json_variant_by_key(v, "tpm2-policy-hash");
	50	if (!w \|\| !json_variant_is_string(w))
	51	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	52	"TPM2 token data lacks 'tpm2-policy-hash' field.");
	53
f5fbe71d	54	r = unhexmem(json_variant_string(w), SIZE_MAX, &thash, &thash_size);
5e521624 LP	55	if (r < 0)
	56	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	57	"Invalid base64 data in 'tpm2-policy-hash' field.");
	58
	59	if (memcmp_nn(hash, hash_size, thash, thash_size) == 0)
	60	return keyslot; /* Found entry with same hash. */
	61	}
	62
	63	return -ENOENT; /* Not found */
	64	}
	65
6c7a1681 GG	66	static int get_pin(char *ret_pin_str, TPM2Flags ret_flags) {
	67	_cleanup_free_ char *pin_str = NULL;
	68	int r;
	69	TPM2Flags flags = 0;
	70
	71	assert(ret_pin_str);
	72	assert(ret_flags);
	73
	74	r = getenv_steal_erase("NEWPIN", &pin_str);
	75	if (r < 0)
	76	return log_error_errno(r, "Failed to acquire PIN from environment: %m");
	77	if (r > 0)
	78	flags \|= TPM2_FLAGS_USE_PIN;
	79	else {
	80	for (size_t i = 5;; i--) {
	81	_cleanup_strv_free_erase_ char pin = NULL, pin2 = NULL;
	82
	83	if (i <= 0)
	84	return log_error_errno(
	85	SYNTHETIC_ERRNO(ENOKEY), "Too many attempts, giving up.");
	86
	87	pin = strv_free_erase(pin);
	88	r = ask_password_auto(
	89	"Please enter TPM2 PIN:",
	90	"drive-harddisk",
	91	NULL,
	92	"tpm2-pin",
	93	"cryptenroll.tpm2-pin",
	94	USEC_INFINITY,
	95	0,
	96	&pin);
	97	if (r < 0)
	98	return log_error_errno(r, "Failed to ask for user pin: %m");
	99	assert(strv_length(pin) == 1);
	100
	101	r = ask_password_auto(
	102	"Please enter TPM2 PIN (repeat):",
	103	"drive-harddisk",
	104	NULL,
	105	"tpm2-pin",
	106	"cryptenroll.tpm2-pin",
	107	USEC_INFINITY,
	108	0,
	109	&pin2);
	110	if (r < 0)
	111	return log_error_errno(r, "Failed to ask for user pin: %m");
	112	assert(strv_length(pin) == 1);
	113
	114	if (strv_equal(pin, pin2)) {
	115	pin_str = strdup(*pin);
	116	if (!pin_str)
	117	return log_oom();
	118	flags \|= TPM2_FLAGS_USE_PIN;
	119	break;
	120	}
	121
	122	log_error("PINs didn't match, please try again!");
	123	}
	124	}
	125
	126	*ret_flags = flags;
	127	*ret_pin_str = TAKE_PTR(pin_str);
	128
	129	return 0;
130	}
131
5e521624 LP	132	int enroll_tpm2(struct crypt_device *cd,
	133	const void *volume_key,
	134	size_t volume_key_size,
	135	const char *device,
d9b5841d	136	uint32_t hash_pcr_mask,
f0f4fcae LP	137	const char *pubkey_path,
	138	uint32_t pubkey_pcr_mask,
	139	const char *signature_path,
6c7a1681	140	bool use_pin) {
5e521624	141
f0f4fcae LP	142	_cleanup_(erase_and_freep) void *secret = NULL;
f0f4fcae LP	143	_cleanup_(json_variant_unrefp) JsonVariant v = NULL, signature_json = NULL;
5e521624	144	_cleanup_(erase_and_freep) char *base64_encoded = NULL;
f0f4fcae LP	145	size_t secret_size, blob_size, hash_size, pubkey_size = 0;
f0f4fcae LP	146	_cleanup_free_ void blob = NULL, hash = NULL, *pubkey = NULL;
2b92a672	147	uint16_t pcr_bank, primary_alg;
5e521624	148	const char *node;
6c7a1681	149	_cleanup_(erase_and_freep) char *pin_str = NULL;
5e476b85	150	ssize_t base64_encoded_size;
5e521624	151	int r, keyslot;
6c7a1681	152	TPM2Flags flags = 0;
aae6eb96 WR	153	uint8_t binary_salt[SHA256_DIGEST_SIZE] = {};
	154	/*
	155	* erase the salt, we'd rather attempt to not have this in a coredump
	156	* as an attacker would have all the parameters but pin used to create
	157	* the session key. This problem goes away when we move to a trusted
	158	* primary key, aka the SRK.
	159	*/
	160	CLEANUP_ERASE(binary_salt);
5e521624 LP	161
	162	assert(cd);
	163	assert(volume_key);
	164	assert(volume_key_size > 0);
d9b5841d	165	assert(TPM2_PCR_MASK_VALID(hash_pcr_mask));
f0f4fcae	166	assert(TPM2_PCR_MASK_VALID(pubkey_pcr_mask));
5e521624 LP	167
	168	assert_se(node = crypt_get_device_name(cd));
	169
6c7a1681 GG	170	if (use_pin) {
	171	r = get_pin(&pin_str, &flags);
	172	if (r < 0)
	173	return r;
aae6eb96 WR	174
	175	r = crypto_random_bytes(binary_salt, sizeof(binary_salt));
	176	if (r < 0)
	177	return log_error_errno(r, "Failed to acquire random salt: %m");
	178
	179	uint8_t salted_pin[SHA256_DIGEST_SIZE] = {};
	180	CLEANUP_ERASE(salted_pin);
	181	r = tpm2_util_pbkdf2_hmac_sha256(pin_str, strlen(pin_str), binary_salt, sizeof(binary_salt), salted_pin);
	182	if (r < 0)
	183	return log_error_errno(r, "Failed to perform PBKDF2: %m");
	184
	185	pin_str = erase_and_free(pin_str);
	186	/* re-stringify pin_str */
	187	base64_encoded_size = base64mem(salted_pin, sizeof(salted_pin), &pin_str);
	188	if (base64_encoded_size < 0)
	189	return log_error_errno(base64_encoded_size, "Failed to base64 encode salted pin: %m");
6c7a1681 GG	190	}
6c7a1681 GG	191
f0f4fcae LP	192	r = tpm2_load_pcr_public_key(pubkey_path, &pubkey, &pubkey_size);
	193	if (r < 0) {
	194	if (pubkey_path \|\| signature_path \|\| r != -ENOENT)
	195	return log_error_errno(r, "Failed read TPM PCR public key: %m");
	196
	197	log_debug_errno(r, "Failed to read TPM2 PCR public key, proceeding without: %m");
	198	pubkey_pcr_mask = 0;
b0fc23fa LB	199	} else if (signature_path) {
	200	/* Also try to load the signature JSON object, to verify that our enrollment will work.
	201	* This is optional however, skip it if it's not explicitly provided. */
f0f4fcae LP	202
f0f4fcae LP	203	r = tpm2_load_pcr_signature(signature_path, &signature_json);
645063d1 YW	204	if (r < 0)
645063d1 YW	205	return log_debug_errno(r, "Failed to read TPM PCR signature: %m");
f0f4fcae LP	206	}
f0f4fcae LP	207
d9b5841d LP	208	r = tpm2_seal(device,
d9b5841d LP	209	hash_pcr_mask,
f0f4fcae LP	210	pubkey, pubkey_size,
f0f4fcae LP	211	pubkey_pcr_mask,
d9b5841d LP	212	pin_str,
	213	&secret, &secret_size,
	214	&blob, &blob_size,
	215	&hash, &hash_size,
	216	&pcr_bank,
	217	&primary_alg);
5e521624 LP	218	if (r < 0)
	219	return r;
	220
	221	/* Let's see if we already have this specific PCR policy hash enrolled, if so, exit early. */
	222	r = search_policy_hash(cd, hash, hash_size);
	223	if (r == -ENOENT)
	224	log_debug_errno(r, "PCR policy hash not yet enrolled, enrolling now.");
	225	else if (r < 0)
	226	return r;
	227	else {
	228	log_info("This PCR set is already enrolled, executing no operation.");
	229	return r; /* return existing keyslot, so that wiping won't kill it */
	230	}
	231
0b75493d	232	/* Quick verification that everything is in order, we are not in a hurry after all. */
f0f4fcae LP	233	if (!pubkey \|\| signature_json) {
	234	_cleanup_(erase_and_freep) void *secret2 = NULL;
	235	size_t secret2_size;
	236
	237	log_debug("Unsealing for verification...");
	238	r = tpm2_unseal(device,
	239	hash_pcr_mask,
	240	pcr_bank,
	241	pubkey, pubkey_size,
	242	pubkey_pcr_mask,
	243	signature_json,
	244	pin_str,
	245	primary_alg,
	246	blob, blob_size,
	247	hash, hash_size,
	248	&secret2, &secret2_size);
	249	if (r < 0)
	250	return r;
5e521624	251
f0f4fcae LP	252	if (memcmp_nn(secret, secret_size, secret2, secret2_size) != 0)
	253	return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "TPM2 seal/unseal verification failed.");
	254	}
5e521624 LP	255
5e521624 LP	256	/* let's base64 encode the key to use, for compat with homed (and it's easier to every type it in by keyboard, if that might end up being necessary. */
5e476b85 LP	257	base64_encoded_size = base64mem(secret, secret_size, &base64_encoded);
	258	if (base64_encoded_size < 0)
	259	return log_error_errno(base64_encoded_size, "Failed to base64 encode secret key: %m");
5e521624 LP	260
	261	r = cryptsetup_set_minimal_pbkdf(cd);
	262	if (r < 0)
	263	return log_error_errno(r, "Failed to set minimal PBKDF: %m");
	264
	265	keyslot = crypt_keyslot_add_by_volume_key(
	266	cd,
	267	CRYPT_ANY_SLOT,
	268	volume_key,
	269	volume_key_size,
	270	base64_encoded,
5e476b85	271	base64_encoded_size);
5e521624 LP	272	if (keyslot < 0)
	273	return log_error_errno(keyslot, "Failed to add new TPM2 key to %s: %m", node);
	274
f0f4fcae LP	275	r = tpm2_make_luks2_json(
	276	keyslot,
	277	hash_pcr_mask,
	278	pcr_bank,
	279	pubkey, pubkey_size,
	280	pubkey_pcr_mask,
	281	primary_alg,
	282	blob, blob_size,
	283	hash, hash_size,
aae6eb96 WR	284	use_pin ? binary_salt : NULL,
aae6eb96 WR	285	use_pin ? sizeof(binary_salt) : 0,
f0f4fcae LP	286	flags,
f0f4fcae LP	287	&v);
5e521624 LP	288	if (r < 0)
	289	return log_error_errno(r, "Failed to prepare TPM2 JSON token object: %m");
	290
	291	r = cryptsetup_add_token_json(cd, v);
	292	if (r < 0)
	293	return log_error_errno(r, "Failed to add TPM2 JSON token to LUKS2 header: %m");
	294
	295	log_info("New TPM2 token enrolled as key slot %i.", keyslot);
	296	return keyslot;
	297	}