Commit e1ea9f86 authored by Denis Kenzior's avatar Denis Kenzior Committed by James Morris

KEYS: trusted: Expose common functionality [ver #2]

This patch exposes some common functionality needed to send TPM commands.
Several functions from keys/trusted.c are exposed for use by the new tpm
key subtype and a module dependency is introduced.

In the future, common functionality between the trusted key type and the
asym_tpm subtype should be factored out into a common utility library.
Signed-off-by: default avatarDenis Kenzior <denkenz@gmail.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Tested-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Reviewed-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
parent ad4b1eb5
...@@ -24,6 +24,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE ...@@ -24,6 +24,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
config ASYMMETRIC_TPM_KEY_SUBTYPE config ASYMMETRIC_TPM_KEY_SUBTYPE
tristate "Asymmetric TPM backed private key subtype" tristate "Asymmetric TPM backed private key subtype"
depends on TCG_TPM depends on TCG_TPM
depends on TRUSTED_KEYS
select CRYPTO_HMAC select CRYPTO_HMAC
select CRYPTO_SHA1 select CRYPTO_SHA1
select CRYPTO_HASH_INFO select CRYPTO_HASH_INFO
......
...@@ -121,7 +121,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, ...@@ -121,7 +121,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
/* /*
* calculate authorization info fields to send to TPM * calculate authorization info fields to send to TPM
*/ */
static int TSS_authhmac(unsigned char *digest, const unsigned char *key, int TSS_authhmac(unsigned char *digest, const unsigned char *key,
unsigned int keylen, unsigned char *h1, unsigned int keylen, unsigned char *h1,
unsigned char *h2, unsigned char h3, ...) unsigned char *h2, unsigned char h3, ...)
{ {
...@@ -168,11 +168,12 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, ...@@ -168,11 +168,12 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
kzfree(sdesc); kzfree(sdesc);
return ret; return ret;
} }
EXPORT_SYMBOL_GPL(TSS_authhmac);
/* /*
* verify the AUTH1_COMMAND (Seal) result from TPM * verify the AUTH1_COMMAND (Seal) result from TPM
*/ */
static int TSS_checkhmac1(unsigned char *buffer, int TSS_checkhmac1(unsigned char *buffer,
const uint32_t command, const uint32_t command,
const unsigned char *ononce, const unsigned char *ononce,
const unsigned char *key, const unsigned char *key,
...@@ -249,6 +250,7 @@ static int TSS_checkhmac1(unsigned char *buffer, ...@@ -249,6 +250,7 @@ static int TSS_checkhmac1(unsigned char *buffer,
kzfree(sdesc); kzfree(sdesc);
return ret; return ret;
} }
EXPORT_SYMBOL_GPL(TSS_checkhmac1);
/* /*
* verify the AUTH2_COMMAND (unseal) result from TPM * verify the AUTH2_COMMAND (unseal) result from TPM
...@@ -355,7 +357,7 @@ static int TSS_checkhmac2(unsigned char *buffer, ...@@ -355,7 +357,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
* For key specific tpm requests, we will generate and send our * For key specific tpm requests, we will generate and send our
* own TPM command packets using the drivers send function. * own TPM command packets using the drivers send function.
*/ */
static int trusted_tpm_send(unsigned char *cmd, size_t buflen) int trusted_tpm_send(unsigned char *cmd, size_t buflen)
{ {
int rc; int rc;
...@@ -367,6 +369,7 @@ static int trusted_tpm_send(unsigned char *cmd, size_t buflen) ...@@ -367,6 +369,7 @@ static int trusted_tpm_send(unsigned char *cmd, size_t buflen)
rc = -EPERM; rc = -EPERM;
return rc; return rc;
} }
EXPORT_SYMBOL_GPL(trusted_tpm_send);
/* /*
* Lock a trusted key, by extending a selected PCR. * Lock a trusted key, by extending a selected PCR.
...@@ -425,7 +428,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s, ...@@ -425,7 +428,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
/* /*
* Create an object independent authorisation protocol (oiap) session * Create an object independent authorisation protocol (oiap) session
*/ */
static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
{ {
int ret; int ret;
...@@ -442,6 +445,7 @@ static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) ...@@ -442,6 +445,7 @@ static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
TPM_NONCE_SIZE); TPM_NONCE_SIZE);
return 0; return 0;
} }
EXPORT_SYMBOL_GPL(oiap);
struct tpm_digests { struct tpm_digests {
unsigned char encauth[SHA1_DIGEST_SIZE]; unsigned char encauth[SHA1_DIGEST_SIZE];
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
#define __TRUSTED_KEY_H #define __TRUSTED_KEY_H
/* implementation specific TPM constants */ /* implementation specific TPM constants */
#define MAX_BUF_SIZE 512 #define MAX_BUF_SIZE 1024
#define TPM_GETRANDOM_SIZE 14 #define TPM_GETRANDOM_SIZE 14
#define TPM_OSAP_SIZE 36 #define TPM_OSAP_SIZE 36
#define TPM_OIAP_SIZE 10 #define TPM_OIAP_SIZE 10
...@@ -36,6 +36,18 @@ enum { ...@@ -36,6 +36,18 @@ enum {
SRK_keytype = 4 SRK_keytype = 4
}; };
int TSS_authhmac(unsigned char *digest, const unsigned char *key,
unsigned int keylen, unsigned char *h1,
unsigned char *h2, unsigned char h3, ...);
int TSS_checkhmac1(unsigned char *buffer,
const uint32_t command,
const unsigned char *ononce,
const unsigned char *key,
unsigned int keylen, ...);
int trusted_tpm_send(unsigned char *cmd, size_t buflen);
int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce);
#define TPM_DEBUG 0 #define TPM_DEBUG 0
#if TPM_DEBUG #if TPM_DEBUG
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment