]>
Commit | Line | Data |
---|---|---|
5e521624 LP |
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | ||
3 | #include "alloc-util.h" | |
6c7a1681 | 4 | #include "ask-password-api.h" |
5e521624 | 5 | #include "cryptenroll-tpm2.h" |
631cf7f0 | 6 | #include "cryptsetup-tpm2.h" |
6c7a1681 | 7 | #include "env-util.h" |
631cf7f0 | 8 | #include "errno-util.h" |
f0f4fcae | 9 | #include "fileio.h" |
5e521624 LP |
10 | #include "hexdecoct.h" |
11 | #include "json.h" | |
631cf7f0 | 12 | #include "log.h" |
5e521624 | 13 | #include "memory-util.h" |
aae6eb96 WR |
14 | #include "random-util.h" |
15 | #include "sha256.h" | |
5e521624 LP |
16 | #include "tpm2-util.h" |
17 | ||
18 | static int search_policy_hash( | |
19 | struct crypt_device *cd, | |
20 | const void *hash, | |
21 | size_t hash_size) { | |
22 | ||
23 | int r; | |
24 | ||
25 | assert(cd); | |
26 | assert(hash || hash_size == 0); | |
27 | ||
28 | if (hash_size == 0) | |
29 | return 0; | |
30 | ||
b3a9d980 | 31 | for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) { |
5e521624 LP |
32 | _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; |
33 | _cleanup_free_ void *thash = NULL; | |
34 | size_t thash_size = 0; | |
35 | int keyslot; | |
36 | JsonVariant *w; | |
37 | ||
38 | r = cryptsetup_get_token_as_json(cd, token, "systemd-tpm2", &v); | |
39 | if (IN_SET(r, -ENOENT, -EINVAL, -EMEDIUMTYPE)) | |
40 | continue; | |
41 | if (r < 0) | |
42 | return log_error_errno(r, "Failed to read JSON token data off disk: %m"); | |
43 | ||
44 | keyslot = cryptsetup_get_keyslot_from_token(v); | |
1641c2b1 LP |
45 | if (keyslot < 0) { |
46 | /* Handle parsing errors of the keyslots field gracefully, since it's not 'owned' by | |
47 | * us, but by the LUKS2 spec */ | |
48 | log_warning_errno(keyslot, "Failed to determine keyslot of JSON token %i, skipping: %m", token); | |
49 | continue; | |
50 | } | |
5e521624 LP |
51 | |
52 | w = json_variant_by_key(v, "tpm2-policy-hash"); | |
53 | if (!w || !json_variant_is_string(w)) | |
54 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
55 | "TPM2 token data lacks 'tpm2-policy-hash' field."); | |
56 | ||
bdd2036e | 57 | r = unhexmem(json_variant_string(w), &thash, &thash_size); |
5e521624 LP |
58 | if (r < 0) |
59 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
60 | "Invalid base64 data in 'tpm2-policy-hash' field."); | |
61 | ||
62 | if (memcmp_nn(hash, hash_size, thash, thash_size) == 0) | |
63 | return keyslot; /* Found entry with same hash. */ | |
64 | } | |
65 | ||
66 | return -ENOENT; /* Not found */ | |
67 | } | |
68 | ||
6c7a1681 | 69 | static int get_pin(char **ret_pin_str, TPM2Flags *ret_flags) { |
a3b46c6b | 70 | _cleanup_(erase_and_freep) char *pin_str = NULL; |
6c7a1681 | 71 | TPM2Flags flags = 0; |
a3b46c6b | 72 | int r; |
6c7a1681 GG |
73 | |
74 | assert(ret_pin_str); | |
75 | assert(ret_flags); | |
76 | ||
77 | r = getenv_steal_erase("NEWPIN", &pin_str); | |
78 | if (r < 0) | |
79 | return log_error_errno(r, "Failed to acquire PIN from environment: %m"); | |
80 | if (r > 0) | |
81 | flags |= TPM2_FLAGS_USE_PIN; | |
82 | else { | |
83 | for (size_t i = 5;; i--) { | |
84 | _cleanup_strv_free_erase_ char **pin = NULL, **pin2 = NULL; | |
85 | ||
86 | if (i <= 0) | |
87 | return log_error_errno( | |
88 | SYNTHETIC_ERRNO(ENOKEY), "Too many attempts, giving up."); | |
89 | ||
d08fd4c3 LP |
90 | AskPasswordRequest req = { |
91 | .message = "Please enter TPM2 PIN:", | |
92 | .icon = "drive-harddisk", | |
93 | .keyring = "tpm2-pin", | |
7252be60 | 94 | .credential = "cryptenroll.new-tpm2-pin", |
d08fd4c3 LP |
95 | }; |
96 | ||
6c7a1681 GG |
97 | pin = strv_free_erase(pin); |
98 | r = ask_password_auto( | |
d08fd4c3 LP |
99 | &req, |
100 | /* until= */ USEC_INFINITY, | |
101 | /* flags= */ 0, | |
6c7a1681 GG |
102 | &pin); |
103 | if (r < 0) | |
104 | return log_error_errno(r, "Failed to ask for user pin: %m"); | |
105 | assert(strv_length(pin) == 1); | |
106 | ||
d08fd4c3 LP |
107 | req.message = "Please enter TPM2 PIN (repeat):"; |
108 | ||
6c7a1681 | 109 | r = ask_password_auto( |
d08fd4c3 | 110 | &req, |
6c7a1681 | 111 | USEC_INFINITY, |
d08fd4c3 | 112 | /* flags= */ 0, |
6c7a1681 GG |
113 | &pin2); |
114 | if (r < 0) | |
115 | return log_error_errno(r, "Failed to ask for user pin: %m"); | |
116 | assert(strv_length(pin) == 1); | |
117 | ||
118 | if (strv_equal(pin, pin2)) { | |
119 | pin_str = strdup(*pin); | |
120 | if (!pin_str) | |
121 | return log_oom(); | |
122 | flags |= TPM2_FLAGS_USE_PIN; | |
123 | break; | |
124 | } | |
125 | ||
126 | log_error("PINs didn't match, please try again!"); | |
127 | } | |
128 | } | |
129 | ||
130 | *ret_flags = flags; | |
131 | *ret_pin_str = TAKE_PTR(pin_str); | |
132 | ||
133 | return 0; | |
134 | } | |
135 | ||
631cf7f0 GAP |
136 | int load_volume_key_tpm2( |
137 | struct crypt_device *cd, | |
138 | const char *cd_node, | |
139 | const char *device, | |
140 | void *ret_vk, | |
141 | size_t *ret_vks) { | |
142 | ||
143 | _cleanup_(iovec_done_erase) struct iovec decrypted_key = {}; | |
144 | _cleanup_(erase_and_freep) char *passphrase = NULL; | |
145 | ssize_t passphrase_size; | |
146 | int r; | |
147 | ||
148 | assert_se(cd); | |
149 | assert_se(cd_node); | |
150 | assert_se(ret_vk); | |
151 | assert_se(ret_vks); | |
152 | ||
153 | bool found_some = false; | |
154 | int token = 0; /* first token to look at */ | |
155 | ||
156 | for (;;) { | |
157 | _cleanup_(iovec_done) struct iovec pubkey = {}, salt = {}, srk = {}, pcrlock_nv = {}; | |
158 | _cleanup_(iovec_done) struct iovec blob = {}, policy_hash = {}; | |
159 | uint32_t hash_pcr_mask, pubkey_pcr_mask; | |
160 | uint16_t pcr_bank, primary_alg; | |
161 | TPM2Flags tpm2_flags; | |
162 | int keyslot; | |
163 | ||
164 | r = find_tpm2_auto_data( | |
165 | cd, | |
166 | UINT32_MAX, | |
167 | token, | |
168 | &hash_pcr_mask, | |
169 | &pcr_bank, | |
170 | &pubkey, | |
171 | &pubkey_pcr_mask, | |
172 | &primary_alg, | |
173 | &blob, | |
174 | &policy_hash, | |
175 | &salt, | |
176 | &srk, | |
177 | &pcrlock_nv, | |
178 | &tpm2_flags, | |
179 | &keyslot, | |
180 | &token); | |
181 | if (r == -ENXIO) | |
182 | return log_full_errno(LOG_NOTICE, | |
183 | SYNTHETIC_ERRNO(EAGAIN), | |
184 | found_some | |
185 | ? "No TPM2 metadata matching the current system state found in LUKS2 header." | |
186 | : "No TPM2 metadata enrolled in LUKS2 header."); | |
187 | if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) | |
188 | /* TPM2 support not compiled in? */ | |
189 | return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available."); | |
190 | if (r < 0) | |
191 | return r; | |
192 | ||
193 | found_some = true; | |
194 | ||
195 | r = acquire_tpm2_key( | |
196 | cd_node, | |
197 | device, | |
198 | hash_pcr_mask, | |
199 | pcr_bank, | |
200 | &pubkey, | |
201 | pubkey_pcr_mask, | |
202 | /* signature_path= */ NULL, | |
203 | /* pcrlock_path= */ NULL, | |
204 | primary_alg, | |
205 | /* key_file= */ NULL, /* key_file_size= */ 0, /* key_file_offset= */ 0, /* no key file */ | |
206 | &blob, | |
207 | &policy_hash, | |
208 | &salt, | |
209 | &srk, | |
210 | &pcrlock_nv, | |
211 | tpm2_flags, | |
212 | /* until= */ 0, | |
b3a63584 LP |
213 | "cryptenroll.tpm2-pin", |
214 | /* askpw_flags= */ 0, | |
631cf7f0 GAP |
215 | &decrypted_key); |
216 | if (IN_SET(r, -EACCES, -ENOLCK)) | |
217 | return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed"); | |
218 | if (r != -EPERM) | |
219 | break; | |
220 | ||
221 | token++; /* try a different token next time */ | |
222 | } | |
223 | ||
224 | if (r < 0) | |
225 | return log_error_errno(r, "Unlocking via TPM2 device failed: %m"); | |
226 | ||
227 | passphrase_size = base64mem(decrypted_key.iov_base, decrypted_key.iov_len, &passphrase); | |
228 | if (passphrase_size < 0) | |
229 | return log_oom(); | |
230 | ||
231 | r = crypt_volume_key_get( | |
232 | cd, | |
233 | CRYPT_ANY_SLOT, | |
234 | ret_vk, | |
235 | ret_vks, | |
236 | passphrase, | |
237 | passphrase_size); | |
238 | if (r < 0) | |
239 | return log_error_errno(r, "Unlocking via TPM2 device failed: %m"); | |
240 | ||
241 | return r; | |
242 | } | |
243 | ||
5e521624 LP |
244 | int enroll_tpm2(struct crypt_device *cd, |
245 | const void *volume_key, | |
246 | size_t volume_key_size, | |
247 | const char *device, | |
382bfd90 | 248 | uint32_t seal_key_handle, |
c3a2a681 | 249 | const char *device_key, |
9e437994 DS |
250 | Tpm2PCRValue *hash_pcr_values, |
251 | size_t n_hash_pcr_values, | |
27f42786 LP |
252 | const char *pcr_pubkey_path, |
253 | bool load_pcr_pubkey, | |
f0f4fcae LP |
254 | uint32_t pubkey_pcr_mask, |
255 | const char *signature_path, | |
404aea78 | 256 | bool use_pin, |
47ec2c8a GAP |
257 | const char *pcrlock_path, |
258 | int *ret_slot_to_wipe) { | |
5e521624 | 259 | |
f0f4fcae | 260 | _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *signature_json = NULL; |
5e521624 | 261 | _cleanup_(erase_and_freep) char *base64_encoded = NULL; |
8d042bc4 LP |
262 | _cleanup_(iovec_done) struct iovec srk = {}, blob = {}, pubkey = {}; |
263 | _cleanup_(iovec_done_erase) struct iovec secret = {}; | |
5e521624 | 264 | const char *node; |
6c7a1681 | 265 | _cleanup_(erase_and_freep) char *pin_str = NULL; |
5e476b85 | 266 | ssize_t base64_encoded_size; |
47ec2c8a | 267 | int r, keyslot, slot_to_wipe = -1; |
6c7a1681 | 268 | TPM2Flags flags = 0; |
aae6eb96 WR |
269 | uint8_t binary_salt[SHA256_DIGEST_SIZE] = {}; |
270 | /* | |
271 | * erase the salt, we'd rather attempt to not have this in a coredump | |
272 | * as an attacker would have all the parameters but pin used to create | |
273 | * the session key. This problem goes away when we move to a trusted | |
274 | * primary key, aka the SRK. | |
275 | */ | |
276 | CLEANUP_ERASE(binary_salt); | |
5e521624 LP |
277 | |
278 | assert(cd); | |
279 | assert(volume_key); | |
280 | assert(volume_key_size > 0); | |
cc1a78d5 | 281 | assert(tpm2_pcr_values_valid(hash_pcr_values, n_hash_pcr_values)); |
f0f4fcae | 282 | assert(TPM2_PCR_MASK_VALID(pubkey_pcr_mask)); |
47ec2c8a | 283 | assert(ret_slot_to_wipe); |
5e521624 LP |
284 | |
285 | assert_se(node = crypt_get_device_name(cd)); | |
286 | ||
6c7a1681 GG |
287 | if (use_pin) { |
288 | r = get_pin(&pin_str, &flags); | |
289 | if (r < 0) | |
290 | return r; | |
aae6eb96 WR |
291 | |
292 | r = crypto_random_bytes(binary_salt, sizeof(binary_salt)); | |
293 | if (r < 0) | |
294 | return log_error_errno(r, "Failed to acquire random salt: %m"); | |
295 | ||
296 | uint8_t salted_pin[SHA256_DIGEST_SIZE] = {}; | |
297 | CLEANUP_ERASE(salted_pin); | |
298 | r = tpm2_util_pbkdf2_hmac_sha256(pin_str, strlen(pin_str), binary_salt, sizeof(binary_salt), salted_pin); | |
299 | if (r < 0) | |
300 | return log_error_errno(r, "Failed to perform PBKDF2: %m"); | |
301 | ||
302 | pin_str = erase_and_free(pin_str); | |
303 | /* re-stringify pin_str */ | |
304 | base64_encoded_size = base64mem(salted_pin, sizeof(salted_pin), &pin_str); | |
305 | if (base64_encoded_size < 0) | |
306 | return log_error_errno(base64_encoded_size, "Failed to base64 encode salted pin: %m"); | |
6c7a1681 GG |
307 | } |
308 | ||
a4e9f3d3 | 309 | TPM2B_PUBLIC public = {}; |
27f42786 LP |
310 | /* Load the PCR public key if specified explicitly, or if no pcrlock policy was specified and |
311 | * automatic loading of PCR public keys wasn't disabled explicitly. The reason we turn this off when | |
312 | * pcrlock is configured is simply that we currently not support both in combination. */ | |
313 | if (pcr_pubkey_path || (load_pcr_pubkey && !pcrlock_path)) { | |
314 | r = tpm2_load_pcr_public_key(pcr_pubkey_path, &pubkey.iov_base, &pubkey.iov_len); | |
03e3b267 | 315 | if (r < 0) { |
27f42786 | 316 | if (pcr_pubkey_path || signature_path || r != -ENOENT) |
03e3b267 SL |
317 | return log_error_errno(r, "Failed to read TPM PCR public key: %m"); |
318 | ||
319 | log_debug_errno(r, "Failed to read TPM2 PCR public key, proceeding without: %m"); | |
320 | pubkey_pcr_mask = 0; | |
321 | } else { | |
322 | r = tpm2_tpm2b_public_from_pem(pubkey.iov_base, pubkey.iov_len, &public); | |
323 | if (r < 0) | |
324 | return log_error_errno(r, "Could not convert public key to TPM2B_PUBLIC: %m"); | |
a4e9f3d3 | 325 | |
03e3b267 SL |
326 | if (signature_path) { |
327 | /* Also try to load the signature JSON object, to verify that our enrollment will work. | |
328 | * This is optional however, skip it if it's not explicitly provided. */ | |
a4e9f3d3 | 329 | |
03e3b267 SL |
330 | r = tpm2_load_pcr_signature(signature_path, &signature_json); |
331 | if (r < 0) | |
332 | return log_debug_errno(r, "Failed to read TPM PCR signature: %m"); | |
333 | } | |
a4e9f3d3 | 334 | } |
27f42786 LP |
335 | } else |
336 | pubkey_pcr_mask = 0; | |
f0f4fcae | 337 | |
c3a2a681 DS |
338 | bool any_pcr_value_specified = tpm2_pcr_values_has_any_values(hash_pcr_values, n_hash_pcr_values); |
339 | ||
404aea78 LP |
340 | _cleanup_(tpm2_pcrlock_policy_done) Tpm2PCRLockPolicy pcrlock_policy = {}; |
341 | if (pcrlock_path) { | |
342 | r = tpm2_pcrlock_policy_load(pcrlock_path, &pcrlock_policy); | |
343 | if (r < 0) | |
344 | return r; | |
345 | ||
c3a2a681 | 346 | any_pcr_value_specified = true; |
404aea78 LP |
347 | flags |= TPM2_FLAGS_USE_PCRLOCK; |
348 | } | |
349 | ||
9e437994 | 350 | _cleanup_(tpm2_context_unrefp) Tpm2Context *tpm2_context = NULL; |
c3a2a681 DS |
351 | TPM2B_PUBLIC device_key_public = {}; |
352 | if (device_key) { | |
a8d8d34b | 353 | r = tpm2_load_public_key_file(device_key, &device_key_public); |
c3a2a681 | 354 | if (r < 0) |
a8d8d34b | 355 | return r; |
c3a2a681 DS |
356 | |
357 | if (!tpm2_pcr_values_has_all_values(hash_pcr_values, n_hash_pcr_values)) | |
358 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
359 | "Must provide all PCR values when using TPM2 device key."); | |
360 | } else { | |
21a3bc6b | 361 | r = tpm2_context_new_or_warn(device, &tpm2_context); |
c3a2a681 | 362 | if (r < 0) |
21a3bc6b | 363 | return r; |
c3a2a681 DS |
364 | |
365 | if (!tpm2_pcr_values_has_all_values(hash_pcr_values, n_hash_pcr_values)) { | |
366 | r = tpm2_pcr_read_missing_values(tpm2_context, hash_pcr_values, n_hash_pcr_values); | |
367 | if (r < 0) | |
368 | return log_error_errno(r, "Could not read pcr values: %m"); | |
369 | } | |
370 | } | |
9e437994 DS |
371 | |
372 | uint16_t hash_pcr_bank = 0; | |
373 | uint32_t hash_pcr_mask = 0; | |
96bf8aa0 | 374 | |
9e437994 DS |
375 | if (n_hash_pcr_values > 0) { |
376 | size_t hash_count; | |
96bf8aa0 | 377 | |
9e437994 DS |
378 | r = tpm2_pcr_values_hash_count(hash_pcr_values, n_hash_pcr_values, &hash_count); |
379 | if (r < 0) | |
380 | return log_error_errno(r, "Could not get hash count: %m"); | |
381 | ||
382 | if (hash_count > 1) | |
383 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Multiple PCR banks selected."); | |
384 | ||
96bf8aa0 | 385 | /* If we use a literal PCR value policy, derive the bank to use from the algorithm specified on the hash values */ |
9e437994 DS |
386 | hash_pcr_bank = hash_pcr_values[0].hash; |
387 | r = tpm2_pcr_values_to_mask(hash_pcr_values, n_hash_pcr_values, hash_pcr_bank, &hash_pcr_mask); | |
388 | if (r < 0) | |
389 | return log_error_errno(r, "Could not get hash mask: %m"); | |
96bf8aa0 LP |
390 | } else if (pubkey_pcr_mask != 0) { |
391 | ||
392 | /* If no literal PCR value policy is used, then let's determine the mask to use automatically | |
393 | * from the measurements of the TPM. */ | |
394 | r = tpm2_get_best_pcr_bank( | |
395 | tpm2_context, | |
396 | pubkey_pcr_mask, | |
397 | &hash_pcr_bank); | |
398 | if (r < 0) | |
399 | return log_error_errno(r, "Failed to determine best PCR bank: %m"); | |
9e437994 DS |
400 | } |
401 | ||
9e437994 DS |
402 | TPM2B_DIGEST policy = TPM2B_DIGEST_MAKE(NULL, TPM2_SHA256_DIGEST_SIZE); |
403 | r = tpm2_calculate_sealing_policy( | |
404 | hash_pcr_values, | |
405 | n_hash_pcr_values, | |
8d042bc4 | 406 | iovec_is_set(&pubkey) ? &public : NULL, |
9e437994 | 407 | use_pin, |
404aea78 | 408 | pcrlock_path ? &pcrlock_policy : NULL, |
9e437994 DS |
409 | &policy); |
410 | if (r < 0) | |
411 | return r; | |
412 | ||
c3a2a681 DS |
413 | if (device_key) |
414 | r = tpm2_calculate_seal( | |
415 | seal_key_handle, | |
416 | &device_key_public, | |
417 | /* attributes= */ NULL, | |
8d042bc4 | 418 | /* secret= */ NULL, |
c3a2a681 DS |
419 | &policy, |
420 | pin_str, | |
8d042bc4 LP |
421 | &secret, |
422 | &blob, | |
423 | &srk); | |
c3a2a681 DS |
424 | else |
425 | r = tpm2_seal(tpm2_context, | |
426 | seal_key_handle, | |
427 | &policy, | |
428 | pin_str, | |
8d042bc4 LP |
429 | &secret, |
430 | &blob, | |
c3a2a681 | 431 | /* ret_primary_alg= */ NULL, |
8d042bc4 | 432 | &srk); |
5e521624 | 433 | if (r < 0) |
f9a0ee75 | 434 | return log_error_errno(r, "Failed to seal to TPM2: %m"); |
5e521624 LP |
435 | |
436 | /* Let's see if we already have this specific PCR policy hash enrolled, if so, exit early. */ | |
9e437994 | 437 | r = search_policy_hash(cd, policy.buffer, policy.size); |
5e521624 LP |
438 | if (r == -ENOENT) |
439 | log_debug_errno(r, "PCR policy hash not yet enrolled, enrolling now."); | |
440 | else if (r < 0) | |
441 | return r; | |
47ec2c8a GAP |
442 | else if (use_pin) { |
443 | log_debug("This PCR set is already enrolled, re-enrolling anyway to update PIN."); | |
444 | slot_to_wipe = r; | |
445 | } else { | |
5e521624 | 446 | log_info("This PCR set is already enrolled, executing no operation."); |
47ec2c8a | 447 | *ret_slot_to_wipe = slot_to_wipe; |
5e521624 LP |
448 | return r; /* return existing keyslot, so that wiping won't kill it */ |
449 | } | |
450 | ||
c3a2a681 | 451 | /* If possible, verify the sealed data object. */ |
8d042bc4 LP |
452 | if ((!iovec_is_set(&pubkey) || signature_json) && !any_pcr_value_specified && !device_key) { |
453 | _cleanup_(iovec_done_erase) struct iovec secret2 = {}; | |
f0f4fcae LP |
454 | |
455 | log_debug("Unsealing for verification..."); | |
db7fdf15 | 456 | r = tpm2_unseal(tpm2_context, |
f0f4fcae | 457 | hash_pcr_mask, |
9e437994 | 458 | hash_pcr_bank, |
8d042bc4 | 459 | &pubkey, |
f0f4fcae LP |
460 | pubkey_pcr_mask, |
461 | signature_json, | |
462 | pin_str, | |
404aea78 | 463 | pcrlock_path ? &pcrlock_policy : NULL, |
9e437994 | 464 | /* primary_alg= */ 0, |
8d042bc4 LP |
465 | &blob, |
466 | &IOVEC_MAKE(policy.buffer, policy.size), | |
467 | &srk, | |
468 | &secret2); | |
f0f4fcae | 469 | if (r < 0) |
f9a0ee75 | 470 | return log_error_errno(r, "Failed to unseal secret using TPM2: %m"); |
5e521624 | 471 | |
8d042bc4 | 472 | if (iovec_memcmp(&secret, &secret2) != 0) |
f0f4fcae LP |
473 | return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "TPM2 seal/unseal verification failed."); |
474 | } | |
5e521624 LP |
475 | |
476 | /* let's base64 encode the key to use, for compat with homed (and it's easier to every type it in by keyboard, if that might end up being necessary. */ | |
8d042bc4 | 477 | base64_encoded_size = base64mem(secret.iov_base, secret.iov_len, &base64_encoded); |
5e476b85 LP |
478 | if (base64_encoded_size < 0) |
479 | return log_error_errno(base64_encoded_size, "Failed to base64 encode secret key: %m"); | |
5e521624 LP |
480 | |
481 | r = cryptsetup_set_minimal_pbkdf(cd); | |
482 | if (r < 0) | |
483 | return log_error_errno(r, "Failed to set minimal PBKDF: %m"); | |
484 | ||
485 | keyslot = crypt_keyslot_add_by_volume_key( | |
486 | cd, | |
487 | CRYPT_ANY_SLOT, | |
488 | volume_key, | |
489 | volume_key_size, | |
490 | base64_encoded, | |
5e476b85 | 491 | base64_encoded_size); |
5e521624 LP |
492 | if (keyslot < 0) |
493 | return log_error_errno(keyslot, "Failed to add new TPM2 key to %s: %m", node); | |
494 | ||
f0f4fcae LP |
495 | r = tpm2_make_luks2_json( |
496 | keyslot, | |
497 | hash_pcr_mask, | |
9e437994 | 498 | hash_pcr_bank, |
8d042bc4 | 499 | &pubkey, |
f0f4fcae | 500 | pubkey_pcr_mask, |
9e437994 | 501 | /* primary_alg= */ 0, |
8d042bc4 LP |
502 | &blob, |
503 | &IOVEC_MAKE(policy.buffer, policy.size), | |
504 | use_pin ? &IOVEC_MAKE(binary_salt, sizeof(binary_salt)) : NULL, | |
505 | &srk, | |
d37c312b | 506 | pcrlock_path ? &pcrlock_policy.nv_handle : NULL, |
f0f4fcae LP |
507 | flags, |
508 | &v); | |
5e521624 LP |
509 | if (r < 0) |
510 | return log_error_errno(r, "Failed to prepare TPM2 JSON token object: %m"); | |
511 | ||
512 | r = cryptsetup_add_token_json(cd, v); | |
513 | if (r < 0) | |
514 | return log_error_errno(r, "Failed to add TPM2 JSON token to LUKS2 header: %m"); | |
515 | ||
516 | log_info("New TPM2 token enrolled as key slot %i.", keyslot); | |
47ec2c8a GAP |
517 | |
518 | *ret_slot_to_wipe = slot_to_wipe; | |
5e521624 LP |
519 | return keyslot; |
520 | } |