KEYS: trusted: Expose common functionality [ver #2]
This patch exposes some common functionality needed to send TPM commands. Several functions from keys/trusted.c are exposed for use by the new tpm key subtype and a module dependency is introduced. In the future, common functionality between the trusted key type and the asym_tpm subtype should be factored out into a common utility library. Signed-off-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: James Morris <james.morris@microsoft.com>
This commit is contained in:
parent
ad4b1eb5fb
commit
e1ea9f8602
@ -24,6 +24,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|||||||
config ASYMMETRIC_TPM_KEY_SUBTYPE
|
config ASYMMETRIC_TPM_KEY_SUBTYPE
|
||||||
tristate "Asymmetric TPM backed private key subtype"
|
tristate "Asymmetric TPM backed private key subtype"
|
||||||
depends on TCG_TPM
|
depends on TCG_TPM
|
||||||
|
depends on TRUSTED_KEYS
|
||||||
select CRYPTO_HMAC
|
select CRYPTO_HMAC
|
||||||
select CRYPTO_SHA1
|
select CRYPTO_SHA1
|
||||||
select CRYPTO_HASH_INFO
|
select CRYPTO_HASH_INFO
|
||||||
|
@ -121,7 +121,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
|
|||||||
/*
|
/*
|
||||||
* calculate authorization info fields to send to TPM
|
* calculate authorization info fields to send to TPM
|
||||||
*/
|
*/
|
||||||
static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
|
int TSS_authhmac(unsigned char *digest, const unsigned char *key,
|
||||||
unsigned int keylen, unsigned char *h1,
|
unsigned int keylen, unsigned char *h1,
|
||||||
unsigned char *h2, unsigned char h3, ...)
|
unsigned char *h2, unsigned char h3, ...)
|
||||||
{
|
{
|
||||||
@ -168,11 +168,12 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
|
|||||||
kzfree(sdesc);
|
kzfree(sdesc);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(TSS_authhmac);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* verify the AUTH1_COMMAND (Seal) result from TPM
|
* verify the AUTH1_COMMAND (Seal) result from TPM
|
||||||
*/
|
*/
|
||||||
static int TSS_checkhmac1(unsigned char *buffer,
|
int TSS_checkhmac1(unsigned char *buffer,
|
||||||
const uint32_t command,
|
const uint32_t command,
|
||||||
const unsigned char *ononce,
|
const unsigned char *ononce,
|
||||||
const unsigned char *key,
|
const unsigned char *key,
|
||||||
@ -249,6 +250,7 @@ static int TSS_checkhmac1(unsigned char *buffer,
|
|||||||
kzfree(sdesc);
|
kzfree(sdesc);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(TSS_checkhmac1);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* verify the AUTH2_COMMAND (unseal) result from TPM
|
* verify the AUTH2_COMMAND (unseal) result from TPM
|
||||||
@ -355,7 +357,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
|
|||||||
* For key specific tpm requests, we will generate and send our
|
* For key specific tpm requests, we will generate and send our
|
||||||
* own TPM command packets using the drivers send function.
|
* own TPM command packets using the drivers send function.
|
||||||
*/
|
*/
|
||||||
static int trusted_tpm_send(unsigned char *cmd, size_t buflen)
|
int trusted_tpm_send(unsigned char *cmd, size_t buflen)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
@ -367,6 +369,7 @@ static int trusted_tpm_send(unsigned char *cmd, size_t buflen)
|
|||||||
rc = -EPERM;
|
rc = -EPERM;
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(trusted_tpm_send);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Lock a trusted key, by extending a selected PCR.
|
* Lock a trusted key, by extending a selected PCR.
|
||||||
@ -425,7 +428,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
|
|||||||
/*
|
/*
|
||||||
* Create an object independent authorisation protocol (oiap) session
|
* Create an object independent authorisation protocol (oiap) session
|
||||||
*/
|
*/
|
||||||
static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
|
int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
@ -442,6 +445,7 @@ static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
|
|||||||
TPM_NONCE_SIZE);
|
TPM_NONCE_SIZE);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(oiap);
|
||||||
|
|
||||||
struct tpm_digests {
|
struct tpm_digests {
|
||||||
unsigned char encauth[SHA1_DIGEST_SIZE];
|
unsigned char encauth[SHA1_DIGEST_SIZE];
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
#define __TRUSTED_KEY_H
|
#define __TRUSTED_KEY_H
|
||||||
|
|
||||||
/* implementation specific TPM constants */
|
/* implementation specific TPM constants */
|
||||||
#define MAX_BUF_SIZE 512
|
#define MAX_BUF_SIZE 1024
|
||||||
#define TPM_GETRANDOM_SIZE 14
|
#define TPM_GETRANDOM_SIZE 14
|
||||||
#define TPM_OSAP_SIZE 36
|
#define TPM_OSAP_SIZE 36
|
||||||
#define TPM_OIAP_SIZE 10
|
#define TPM_OIAP_SIZE 10
|
||||||
@ -36,6 +36,18 @@ enum {
|
|||||||
SRK_keytype = 4
|
SRK_keytype = 4
|
||||||
};
|
};
|
||||||
|
|
||||||
|
int TSS_authhmac(unsigned char *digest, const unsigned char *key,
|
||||||
|
unsigned int keylen, unsigned char *h1,
|
||||||
|
unsigned char *h2, unsigned char h3, ...);
|
||||||
|
int TSS_checkhmac1(unsigned char *buffer,
|
||||||
|
const uint32_t command,
|
||||||
|
const unsigned char *ononce,
|
||||||
|
const unsigned char *key,
|
||||||
|
unsigned int keylen, ...);
|
||||||
|
|
||||||
|
int trusted_tpm_send(unsigned char *cmd, size_t buflen);
|
||||||
|
int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce);
|
||||||
|
|
||||||
#define TPM_DEBUG 0
|
#define TPM_DEBUG 0
|
||||||
|
|
||||||
#if TPM_DEBUG
|
#if TPM_DEBUG
|
||||||
|
Loading…
Reference in New Issue
Block a user