// SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2010 IBM Corporation * Copyright (c) 2019-2021, Linaro Limited * * See Documentation/security/keys/trusted-encrypted.rst */ #include <crypto/hash_info.h> #include <linux/init.h> #include <linux/slab.h> #include <linux/parser.h> #include <linux/string.h> #include <linux/err.h> #include <keys/trusted-type.h> #include <linux/key-type.h> #include <linux/crypto.h> #include <crypto/hash.h> #include <crypto/sha1.h> #include <linux/tpm.h> #include <linux/tpm_command.h> #include <keys/trusted_tpm.h> static const char hmac_alg[] = …; static const char hash_alg[] = …; static struct tpm_chip *chip; static struct tpm_digest *digests; struct sdesc { … }; static struct crypto_shash *hashalg; static struct crypto_shash *hmacalg; static struct sdesc *init_sdesc(struct crypto_shash *alg) { … } static int TSS_sha1(const unsigned char *data, unsigned int datalen, unsigned char *digest) { … } static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...) { … } /* * calculate authorization info fields to send to TPM */ int TSS_authhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, unsigned char *h1, unsigned char *h2, unsigned int h3, ...) { … } EXPORT_SYMBOL_GPL(…); /* * verify the AUTH1_COMMAND (Seal) result from TPM */ int TSS_checkhmac1(unsigned char *buffer, const uint32_t command, const unsigned char *ononce, const unsigned char *key, unsigned int keylen, ...) { … } EXPORT_SYMBOL_GPL(…); /* * verify the AUTH2_COMMAND (unseal) result from TPM */ static int TSS_checkhmac2(unsigned char *buffer, const uint32_t command, const unsigned char *ononce, const unsigned char *key1, unsigned int keylen1, const unsigned char *key2, unsigned int keylen2, ...) { … } /* * For key specific tpm requests, we will generate and send our * own TPM command packets using the drivers send function. */ int trusted_tpm_send(unsigned char *cmd, size_t buflen) { … } EXPORT_SYMBOL_GPL(…); /* * Lock a trusted key, by extending a selected PCR. * * Prevents a trusted key that is sealed to PCRs from being accessed. * This uses the tpm driver's extend function. */ static int pcrlock(const int pcrnum) { … } /* * Create an object specific authorisation protocol (OSAP) session */ static int osap(struct tpm_buf *tb, struct osapsess *s, const unsigned char *key, uint16_t type, uint32_t handle) { … } /* * Create an object independent authorisation protocol (oiap) session */ int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) { … } EXPORT_SYMBOL_GPL(…); struct tpm_digests { … }; /* * Have the TPM seal(encrypt) the trusted key, possibly based on * Platform Configuration Registers (PCRs). AUTH1 for sealing key. */ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, uint32_t keyhandle, const unsigned char *keyauth, const unsigned char *data, uint32_t datalen, unsigned char *blob, uint32_t *bloblen, const unsigned char *blobauth, const unsigned char *pcrinfo, uint32_t pcrinfosize) { … } /* * use the AUTH2_COMMAND form of unseal, to authorize both key and blob */ static int tpm_unseal(struct tpm_buf *tb, uint32_t keyhandle, const unsigned char *keyauth, const unsigned char *blob, int bloblen, const unsigned char *blobauth, unsigned char *data, unsigned int *datalen) { … } /* * Have the TPM seal(encrypt) the symmetric key */ static int key_seal(struct trusted_key_payload *p, struct trusted_key_options *o) { … } /* * Have the TPM unseal(decrypt) the symmetric key */ static int key_unseal(struct trusted_key_payload *p, struct trusted_key_options *o) { … } enum { … }; static const match_table_t key_tokens = …; /* can have zero or more token= options */ static int getoptions(char *c, struct trusted_key_payload *pay, struct trusted_key_options *opt) { … } static struct trusted_key_options *trusted_options_alloc(void) { … } static int trusted_tpm_seal(struct trusted_key_payload *p, char *datablob) { … } static int trusted_tpm_unseal(struct trusted_key_payload *p, char *datablob) { … } static int trusted_tpm_get_random(unsigned char *key, size_t key_len) { … } static void trusted_shash_release(void) { … } static int __init trusted_shash_alloc(void) { … } static int __init init_digests(void) { … } static int __init trusted_tpm_init(void) { … } static void trusted_tpm_exit(void) { … } struct trusted_key_ops trusted_key_tpm_ops = …;
Codebase Browser
linux