Commit e1ea9f86 authored by Denis Kenzior's avatar Denis Kenzior Committed by James Morris
Browse files

KEYS: trusted: Expose common functionality [ver #2] 



This patch exposes some common functionality needed to send TPM commands.
Several functions from keys/trusted.c are exposed for use by the new tpm
key subtype and a module dependency is introduced.

In the future, common functionality between the trusted key type and the
asym_tpm subtype should be factored out into a common utility library.

Signed-off-by: default avatarDenis Kenzior <denkenz@gmail.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Tested-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Reviewed-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
parent ad4b1eb5

crypto/asymmetric_keys/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE 
config ASYMMETRIC_TPM_KEY_SUBTYPE

	tristate "Asymmetric TPM backed private key subtype"

	depends on TCG_TPM

	depends on TRUSTED_KEYS

	select CRYPTO_HMAC

	select CRYPTO_SHA1

	select CRYPTO_HASH_INFO

security/keys/trusted.c

+8 −4
Original line number Diff line number Diff line
@@ -121,7 +121,7 @@ out: 
/*

 * calculate authorization info fields to send to TPM

 */

static int TSS_authhmac(unsigned char *digest, const unsigned char *key,

int TSS_authhmac(unsigned char *digest, const unsigned char *key,

			unsigned int keylen, unsigned char *h1,

			unsigned char *h2, unsigned char h3, ...)

{
@@ -168,11 +168,12 @@ out: 
	kzfree(sdesc);

	return ret;

}

EXPORT_SYMBOL_GPL(TSS_authhmac);



/*

 * verify the AUTH1_COMMAND (Seal) result from TPM

 */

static int TSS_checkhmac1(unsigned char *buffer,

int TSS_checkhmac1(unsigned char *buffer,

			  const uint32_t command,

			  const unsigned char *ononce,

			  const unsigned char *key,
@@ -249,6 +250,7 @@ out: 
	kzfree(sdesc);

	return ret;

}

EXPORT_SYMBOL_GPL(TSS_checkhmac1);



/*

 * verify the AUTH2_COMMAND (unseal) result from TPM
@@ -355,7 +357,7 @@ out: 
 * For key specific tpm requests, we will generate and send our

 * own TPM command packets using the drivers send function.

 */

static int trusted_tpm_send(unsigned char *cmd, size_t buflen)

int trusted_tpm_send(unsigned char *cmd, size_t buflen)

{

	int rc;
@@ -367,6 +369,7 @@ static int trusted_tpm_send(unsigned char *cmd, size_t buflen) 
		rc = -EPERM;

	return rc;

}

EXPORT_SYMBOL_GPL(trusted_tpm_send);



/*

 * Lock a trusted key, by extending a selected PCR.
@@ -425,7 +428,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s, 
/*

 * Create an object independent authorisation protocol (oiap) session

 */

static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)

int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)

{

	int ret;
@@ -442,6 +445,7 @@ static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) 
	       TPM_NONCE_SIZE);

	return 0;

}

EXPORT_SYMBOL_GPL(oiap);



struct tpm_digests {

	unsigned char encauth[SHA1_DIGEST_SIZE];

security/keys/trusted.h

+13 −1
Original line number Diff line number Diff line
@@ -3,7 +3,7 @@ 
#define __TRUSTED_KEY_H



/* implementation specific TPM constants */

#define MAX_BUF_SIZE			512

#define MAX_BUF_SIZE			1024

#define TPM_GETRANDOM_SIZE		14

#define TPM_OSAP_SIZE			36

#define TPM_OIAP_SIZE			10
@@ -36,6 +36,18 @@ enum { 
	SRK_keytype = 4

};



int TSS_authhmac(unsigned char *digest, const unsigned char *key,

			unsigned int keylen, unsigned char *h1,

			unsigned char *h2, unsigned char h3, ...);

int TSS_checkhmac1(unsigned char *buffer,

			  const uint32_t command,

			  const unsigned char *ononce,

			  const unsigned char *key,

			  unsigned int keylen, ...);



int trusted_tpm_send(unsigned char *cmd, size_t buflen);

int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce);



#define TPM_DEBUG 0



#if TPM_DEBUG

CRA Git | Maintained and supported by SUSTech CRA and CCSE