linux/security/keys/trusted.c
<<
v322v3=/spa1 v3=/form v3=a v322v3 href="../linux+v3val9/security/keys/trusted.c">v322v3=img src="../.static/gfx/right.png" alt=">>">v3=/spa1 v3=spa1 class="lxr_search">v3221="+search" method="post" onsubmit="return do_search(this);">v322v3=input typ 11hidden" nam 11navtarget" 1 11">v322v3=input typ 11text" nam 11search" id11search">v322v3=butt.11typ 11submit">Searchv322v3Prefs v3=/a>v3=/spa1 22v3 3=/div 22v3 3=form ac >1="ajax+*" method="post" onsubmit="return false;">v3=input typ 11hidden" nam 11ajax_lookup" id11ajax_lookup" 1 11">v22v3 3=/form v22v3 3=div class="headingbott.m">
=div id11file_contents"
3 31=/a>=spa1 class="comment">/*=/spa1  3 32=/a>=spa1 class="comment"> * Copyright (C) 2010 IBM Corpora  >1=/spa1  3 33=/a>=spa1 class="comment"> *=/spa1  3 34=/a>=spa1 class="comment"> * Author:=/spa1  3 35=/a>=spa1 class="comment"> * David Safford <safford@us.ibm.com>=/spa1  3 36=/a>=spa1 class="comment"> *=/spa1  3 37=/a>=spa1 class="comment"> * This program is free software; you ca1 redistribute it and/or modify=/spa1  3 38=/a>=spa1 class="comment"> * it under the terms of the GNU General Public License as published by=/spa1  3 39=/a>=spa1 class="comment"> * the Free Software Founda  >1, vers3.112 of the License.=/spa1  3   11a>=spa1 class="comment"> *=/spa1  3 11=/a>=spa1 class="comment"> * See Documenta  >1/security/keys-trusted-encrypted.txt=/spa1  3 12=/a>=spa1 class="comment"> */=/spa1  3 13=/a> 3 14=/a>#include <linux/uaccess.h=/a>> 3 15=/a>#include <linux/module.h=/a>> 3 16=/a>#include <linux/init.h=/a>> 3 17=/a>#include <linux/slab.h=/a>> 3 18=/a>#include <linux/parser.h=/a>> 3 19=/a>#include <linux/string.h=/a>> 3 20=/a>#include <linux/err.h=/a>> 3 21=/a>#include <keys/user-typ .h=/a>> 3 22=/a>#include <keys/trusted-typ .h=/a>> 3 23=/a>#include <linux/key-typ .h=/a>> 3 24=/a>#include <linux/rcupda  .h=/a>> 3 25=/a>#include <linux/crypto.h=/a>> 3 26=/a>#include <crypto/hash.h=/a>> 3 27=/a>#include <crypto/sha.h=/a>> 3 28=/a>#include <linux/capability.h=/a>> 3 29=/a>#include <linux/tpm.h=/a>> 3 30=/a>#include <linux/tpm_command.h=/a>> 3 31=/a> 3 32=/a>#include "trusted.h=/a>" 3 33=/a> 3 34=/a>static const char3=a href="+code=hmac_alg" class="sref">hmac_alg=/a>[] = =spa1 class="string">"hmac(sha1)"3 35=/a>static const char3=a href="+code=hash_alg" class="sref">hash_alg=/a>[] = =spa1 class="string">"sha1"3 36=/a> 3 37=/a>struct3=a href="+code=sdesc" class="sref">sdesc=/a> { 3 38=/a>        struct3=a href="+code=shash_desc" class="sref">shash_desc=/a> =a href="+code=shash" class="sref">shash=/a>; 3 39=/a>        char3=a href="+code=ctx" class="sref">ctx=/a>[]; 3 40=/a>}; 3 41=/a> 3 42=/a>static struct3=a href="+code=crypto_shash" class="sref">crypto_shash=/a> *=a href="+code=hashalg" class="sref">hashalg=/a>; 3 43=/a>static struct3=a href="+code=crypto_shash" class="sref">crypto_shash=/a> *=a href="+code=hmacalg" class="sref">hmacalg=/a>; 3 44=/a> 3 45=/a>static struct3=a href="+code=sdesc" class="sref">sdesc=/a> *=a href="+code=init_sdesc" class="sref">init_sdesc=/a>(struct3=a href="+code=crypto_shash" class="sref">crypto_shash=/a> *=a href="+code=alg" class="sref">alg=/a>) 3 46=/a>{ 3 47=/a>        struct3=a href="+code=sdesc" class="sref">sdesc=/a> *=a href="+code=sdesc" class="sref">sdesc=/a>; 3 48=/a>        int3=a href="+code=size" class="sref">size=/a>; 3 49=/a> 3 50=/a>        =a href="+code=size" class="sref">size=/a> = sizeof(struct3=a href="+code=shash_desc" class="sref">shash_desc=/a>) +3=a href="+code=crypto_shash_descsize" class="sref">crypto_shash_descsize=/a>(=a href="+code=alg" class="sref">alg=/a>); 3 51=/a>        =a href="+code=sdesc" class="sref">sdesc=/a> = =a href="+code=kmalloc" class="sref">kmalloc=/a>(=a href="+code=size" class="sref">size=/a>, =a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 3 52=/a>        if (!=a href="+code=sdesc" class="sref">sdesc=/a>) 3 53=/a>                return =a href="+code=ERR_PTR" class="sref">ERR_PTR=/a>(-=a href="+code=ENOMEM" class="sref">ENOMEM=/a>); 3 54=/a>        =a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>.=a href="+code=tfm" class="sref">tfm=/a> = =a href="+code=alg" class="sref">alg=/a>; 3 55=/a>        =a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>.=a href="+code=flags" class="sref">flags=/a> = 0x0; 3 56=/a>        return =a href="+code=sdesc" class="sref">sdesc=/a>; 3 57=/a>} 3 58=/a> 3 59=/a>static int3=a href="+code=TSS_sha1" class="sref">TSS_sha1=/a>(const unsigned char3*=a href="+code=data" class="sref">data=/a>, unsigned int3=a href="+code=datalen" class="sref">datalen=/a>, 3 60=/a>                    unsigned char3*=a href="+code=digest" class="sref">digest=/a>) 3 61=/a>{ 3 62=/a>        struct3=a href="+code=sdesc" class="sref">sdesc=/a> *=a href="+code=sdesc" class="sref">sdesc=/a>; 3 63=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3 64=/a> 3 65=/a>        =a href="+code=sdesc" class="sref">sdesc=/a> = =a href="+code=init_sdesc" class="sref">init_sdesc=/a>(=a href="+code=hashalg" class="sref">hashalg=/a>); 3 66=/a>        if (=a href="+code=IS_ERR" class="sref">IS_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>)) { 3 67=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: ca1't alloc %s\n"hash_alg=/a>); 3 68=/a>                return =a href="+code=PTR_ERR" class="sref">PTR_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3 69=/a>        } 3 70=/a> 3 71=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_digest" class="sref">crypto_shash_digest=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=data" class="sref">data=/a>, =a href="+code=datalen" class="sref">datalen=/a>, =a href="+code=digest" class="sref">digest=/a>); 3 72=/a>        =a href="+code=kfree" class="sref">kfree=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3 73=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3 74=/a>} 3 75=/a> 3 76=/a>static int3=a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac=/a>(unsigned char3*=a href="+code=digest" class="sref">digest=/a>, const unsigned char3*=a href="+code=key" class="sref">key=/a>, 3 77=/a>                       unsigned int3=a href="+code=keylen" class="sref">keylen=/a>, ...) 3 78=/a>{ 3 79=/a>        struct3=a href="+code=sdesc" class="sref">sdesc=/a> *=a href="+code=sdesc" class="sref">sdesc=/a>; 3 80=/a>        =a href="+code=va_list" class="sref">va_list=/a> =a href="+code=argp" class="sref">argp=/a>; 3 81=/a>        unsigned int3=a href="+code=dlen" class="sref">dlen=/a>; 3 82=/a>        unsigned char3*=a href="+code=data" class="sref">data=/a>; 3 83=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3 84=/a> 3 85=/a>        =a href="+code=sdesc" class="sref">sdesc=/a> = =a href="+code=init_sdesc" class="sref">init_sdesc=/a>(=a href="+code=hmacalg" class="sref">hmacalg=/a>); 3 86=/a>        if (=a href="+code=IS_ERR" class="sref">IS_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>)) { 3 87=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: ca1't alloc %s\n"hmac_alg=/a>); 3 88=/a>                return =a href="+code=PTR_ERR" class="sref">PTR_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3 89=/a>        } 3 90=/a> 3 91=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_setkey" class="sref">crypto_shash_setkey=/a>(=a href="+code=hmacalg" class="sref">hmacalg=/a>, =a href="+code=key" class="sref">key=/a>,3=a href="+code=keylen" class="sref">keylen=/a>); 3 92=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3 93=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3 94=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_init" class="sref">crypto_shash_init=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>); 3 95=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3 96=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3 97=/a> 3 98=/a>        =a href="+code=va_start" class="sref">va_start=/a>(=a href="+code=argp" class="sref">argp=/a>,3=a href="+code=keylen" class="sref">keylen=/a>); 3 99=/a>        for (;;) { 3100=/a>                =a href="+code=dlen" class="sref">dlen=/a> = =a href="+code=va_arg" class="sref">va_arg=/a>(=a href="+code=argp" class="sref">argp=/a>,3unsigned int); 3101=/a>                if (=a href="+code=dlen" class="sref">dlen=/a> == 0) 3102=/a>                        break; 3103=/a>                =a href="+code=data" class="sref">data=/a> = =a href="+code=va_arg" class="sref">va_arg=/a>(=a href="+code=argp" class="sref">argp=/a>,3unsigned char3*); 3104=/a>                if (=a href="+code=data" class="sref">data=/a> == =a href="+code=NULL" class="sref">NULL=/a>) { 3105=/a>                        =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3106=/a>                        break; 3107=/a>                } 3108=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_upda  " class="sref">crypto_shash_upda  =/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=data" class="sref">data=/a>, =a href="+code=dlen" class="sref">dlen=/a>); 3109=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3110=/a>                        break; 3111=/a>        } 3112=/a>        =a href="+code=va_end" class="sref">va_end=/a>(=a href="+code=argp" class="sref">argp=/a>); 3113=/a>        if (!=a href="+code=ret" class="sref">ret=/a>) 3114=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_final" class="sref">crypto_shash_final=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=digest" class="sref">digest=/a>); 3115=/a>=a href="+code=out" class="sref">out=/a>: 3116=/a>        =a href="+code=kfree" class="sref">kfree=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3117=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3118=/a>} 3119=/a> 312 11a>=spa1 class="comment">/*=/spa1  3121=/a>=spa1 class="comment"> * calcula   authoriza  >1 info fields to send to TPM=/spa1  3122=/a>=spa1 class="comment"> */=/spa1  3123=/a>static int3=a href="+code=TSS_authhmac" class="sref">TSS_authhmac=/a>(unsigned char3*=a href="+code=digest" class="sref">digest=/a>, const unsigned char3*=a href="+code=key" class="sref">key=/a>, 3124=/a>                        unsigned int3=a href="+code=keylen" class="sref">keylen=/a>, unsigned char3*=a href="+code=h1" class="sref">h1=/a>, 3125=/a>                        unsigned char3*=a href="+code=h2" class="sref">h2=/a>, unsigned char3=a href="+code=h3" class="sref">h3=/a>, ...) 3126=/a>{ 3127=/a>        unsigned char3=a href="+code=paramdigest" class="sref">paramdigest=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3128=/a>        struct3=a href="+code=sdesc" class="sref">sdesc=/a> *=a href="+code=sdesc" class="sref">sdesc=/a>; 3129=/a>        unsigned int3=a href="+code=dlen" class="sref">dlen=/a>; 3130=/a>        unsigned char3*=a href="+code=data" class="sref">data=/a>; 3131=/a>        unsigned char3=a href="+code=c" class="sref">c=/a>; 3132=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3133=/a>        =a href="+code=va_list" class="sref">va_list=/a> =a href="+code=argp" class="sref">argp=/a>; 3134=/a> 3135=/a>        =a href="+code=sdesc" class="sref">sdesc=/a> = =a href="+code=init_sdesc" class="sref">init_sdesc=/a>(=a href="+code=hashalg" class="sref">hashalg=/a>); 3136=/a>        if (=a href="+code=IS_ERR" class="sref">IS_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>)) { 3137=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: ca1't alloc %s\n"hash_alg=/a>); 3138=/a>                return =a href="+code=PTR_ERR" class="sref">PTR_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3139=/a>        } 3140=/a> 3141=/a>        =a href="+code=c" class="sref">c=/a> = =a href="+code=h3" class="sref">h3=/a>; 3142=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_init" class="sref">crypto_shash_init=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>); 3143=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3144=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3145=/a>        =a href="+code=va_start" class="sref">va_start=/a>(=a href="+code=argp" class="sref">argp=/a>,3=a href="+code=h3" class="sref">h3=/a>); 3146=/a>        for (;;) { 3147=/a>                =a href="+code=dlen" class="sref">dlen=/a> = =a href="+code=va_arg" class="sref">va_arg=/a>(=a href="+code=argp" class="sref">argp=/a>,3unsigned int); 3148=/a>                if (=a href="+code=dlen" class="sref">dlen=/a> == 0) 3149=/a>                        break; 3150=/a>                =a href="+code=data" class="sref">data=/a> = =a href="+code=va_arg" class="sref">va_arg=/a>(=a href="+code=argp" class="sref">argp=/a>,3unsigned char3*); 3151=/a>                if (!=a href="+code=data" class="sref">data=/a>) { 3152=/a>                        =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3153=/a>                        break; 3154=/a>                } 3155=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_upda  " class="sref">crypto_shash_upda  =/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=data" class="sref">data=/a>, =a href="+code=dlen" class="sref">dlen=/a>); 3156=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3157=/a>                        break; 3158=/a>        } 3159=/a>        =a href="+code=va_end" class="sref">va_end=/a>(=a href="+code=argp" class="sref">argp=/a>); 3160=/a>        if (!=a href="+code=ret" class="sref">ret=/a>) 3161=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_final" class="sref">crypto_shash_final=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=paramdigest" class="sref">paramdigest=/a>); 3162=/a>        if (!=a href="+code=ret" class="sref">ret=/a>) 3163=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac=/a>(=a href="+code=digest" class="sref">digest=/a>, =a href="+code=key" class="sref">key=/a>,3=a href="+code=keylen" class="sref">keylen=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3164=/a>                                  =a href="+code=paramdigest" class="sref">paramdigest=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>,3=a href="+code=h1" class="sref">h1=/a>, 3165=/a>                                  =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>,3=a href="+code=h2" class="sref">h2=/a>, 1, &=a href="+code=c" class="sref">c=/a>, 0, 0); 3166=/a>=a href="+code=out" class="sref">out=/a>: 3167=/a>        =a href="+code=kfree" class="sref">kfree=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3168=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3169=/a>} 3170=/a> 3171=/a>=spa1 class="comment">/*=/spa1  3172=/a>=spa1 class="comment"> * verify the AUTH1_COMMAND (Seal) result from TPM=/spa1  3173=/a>=spa1 class="comment"> */=/spa1  3174=/a>static int3=a href="+code=TSS_checkhmac1" class="sref">TSS_checkhmac1=/a>(unsigned char3*=a href="+code=buffer" class="sref">buffer=/a>, 3175=/a>                          const =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=command" class="sref">command=/a>, 3176=/a>                          const unsigned char3*=a href="+code=ononce" class="sref">ononce=/a>, 3177=/a>                          const unsigned char3*=a href="+code=key" class="sref">key=/a>, 3178=/a>                          unsigned int3=a href="+code=keylen" class="sref">keylen=/a>, ...) 3179=/a>{ 3180=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=bufsize" class="sref">bufsize=/a>; 3181=/a>        =a href="+code=uint16_t" class="sref">uint16_t=/a> =a href="+code=tag" class="sref">tag=/a>; 3182=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=ordinal" class="sref">ordinal=/a>; 3183=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=result" class="sref">result=/a>; 3184=/a>        unsigned char3*=a href="+code=enonce" class="sref">enonce=/a>; 3185=/a>        unsigned char3*=a href="+code=continueflag" class="sref">continueflag=/a>; 3186=/a>        unsigned char3*=a href="+code=authdata" class="sref">authdata=/a>; 3187=/a>        unsigned char3=a href="+code=testhmac" class="sref">testhmac=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3188=/a>        unsigned char3=a href="+code=paramdigest" class="sref">paramdigest=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3189=/a>        struct3=a href="+code=sdesc" class="sref">sdesc=/a> *=a href="+code=sdesc" class="sref">sdesc=/a>; 3190=/a>        unsigned int3=a href="+code=dlen" class="sref">dlen=/a>; 3191=/a>        unsigned int3=a href="+code=dpos" class="sref">dpos=/a>; 3192=/a>        =a href="+code=va_list" class="sref">va_list=/a> =a href="+code=argp" class="sref">argp=/a>; 3193=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3194=/a> 3195=/a>        =a href="+code=bufsize" class="sref">bufsize=/a> = =a href="+code=LOAD32" class="sref">LOAD32=/a>(=a href="+code=buffer" class="sref">buffer=/a>, =a href="+code=TPM_SIZE_OFFSET" class="sref">TPM_SIZE_OFFSET=/a>); 3196=/a>        =a href="+code=tag" class="sref">tag=/a> = =a href="+code=LOAD16" class="sref">LOAD16=/a>(=a href="+code=buffer" class="sref">buffer=/a>, 0); 3197=/a>        =a href="+code=ordinal" class="sref">ordinal=/a> = =a href="+code=command" class="sref">command=/a>; 3198=/a>        =a href="+code=result" class="sref">result=/a> = =a href="+code=LOAD32N" class="sref">LOAD32N=/a>(=a href="+code=buffer" class="sref">buffer=/a>, =a href="+code=TPM_RETURN_OFFSET" class="sref">TPM_RETURN_OFFSET=/a>); 3199=/a>        if (=a href="+code=tag" class="sref">tag=/a> == =a href="+code=TPM_TAG_RSP_COMMAND" class="sref">TPM_TAG_RSP_COMMAND=/a>) 3200=/a>                return 0; 3201=/a>        if (=a href="+code=tag" class="sref">tag=/a> != =a href="+code=TPM_TAG_RSP_AUTH1_COMMAND" class="sref">TPM_TAG_RSP_AUTH1_COMMAND=/a>) 3202=/a>                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3203=/a>        =a href="+code=authdata" class="sref">authdata=/a> = =a href="+code=buffer" class="sref">buffer=/a> +3=a href="+code=bufsize" class="sref">bufsize=/a> - =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>; 3204=/a>        =a href="+code=continueflag" class="sref">continueflag=/a> = =a href="+code=authdata" class="sref">authdata=/a> - 1; 3205=/a>        =a href="+code=enonce" class="sref">enonce=/a> = =a href="+code=continueflag" class="sref">continueflag=/a> - =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>; 3206=/a> 3207=/a>        =a href="+code=sdesc" class="sref">sdesc=/a> = =a href="+code=init_sdesc" class="sref">init_sdesc=/a>(=a href="+code=hashalg" class="sref">hashalg=/a>); 3208=/a>        if (=a href="+code=IS_ERR" class="sref">IS_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>)) { 3209=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: ca1't alloc %s\n"hash_alg=/a>); 3210=/a>                return =a href="+code=PTR_ERR" class="sref">PTR_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3211=/a>        } 3212=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_init" class="sref">crypto_shash_init=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>); 3213=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3214=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3215=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_upda  " class="sref">crypto_shash_upda  =/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, (const =a href="+code=u8" class="sref">u8=/a> *)&=a href="+code=result" class="sref">result=/a>, 3216=/a>                                  sizeof =a href="+code=result" class="sref">result=/a>); 3217=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3218=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3219=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_upda  " class="sref">crypto_shash_upda  =/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, (const =a href="+code=u8" class="sref">u8=/a> *)&=a href="+code=ordinal" class="sref">ordinal=/a>, 3220=/a>                                  sizeof =a href="+code=ordinal" class="sref">ordinal=/a>); 3221=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3222=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3223=/a>        =a href="+code=va_start" class="sref">va_start=/a>(=a href="+code=argp" class="sref">argp=/a>,3=a href="+code=keylen" class="sref">keylen=/a>); 3224=/a>        for (;;) { 3225=/a>                =a href="+code=dlen" class="sref">dlen=/a> = =a href="+code=va_arg" class="sref">va_arg=/a>(=a href="+code=argp" class="sref">argp=/a>,3unsigned int); 3226=/a>                if (=a href="+code=dlen" class="sref">dlen=/a> == 0) 3227=/a>                        break; 3228=/a>                =a href="+code=dpos" class="sref">dpos=/a> = =a href="+code=va_arg" class="sref">va_arg=/a>(=a href="+code=argp" class="sref">argp=/a>,3unsigned int); 3229=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_upda  " class="sref">crypto_shash_upda  =/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=buffer" class="sref">buffer=/a> +3=a href="+code=dpos" class="sref">dpos=/a>, =a href="+code=dlen" class="sref">dlen=/a>); 3230=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3231=/a>                        break; 3232=/a>        } 3233=/a>        =a href="+code=va_end" class="sref">va_end=/a>(=a href="+code=argp" class="sref">argp=/a>); 3234=/a>        if (!=a href="+code=ret" class="sref">ret=/a>) 3235=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_final" class="sref">crypto_shash_final=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=paramdigest" class="sref">paramdigest=/a>); 3236=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3237=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3238=/a> 3239=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac=/a>(=a href="+code=testhmac" class="sref">testhmac=/a>, =a href="+code=key" class="sref">key=/a>,3=a href="+code=keylen" class="sref">keylen=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, =a href="+code=paramdigest" class="sref">paramdigest=/a>, 3240=/a>                          =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>, =a href="+code=enonce" class="sref">enonce=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>,3=a href="+code=ononce" class="sref">ononce=/a>, 3241=/a>                          1, =a href="+code=continueflag" class="sref">continueflag=/a>, 0, 0); 3242=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3243=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3244=/a> 3245=/a>        if (=a href="+code=memcmp" class="sref">memcmp=/a>(=a href="+code=testhmac" class="sref">testhmac=/a>, =a href="+code=authdata" class="sref">authdata=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>)) 3246=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3247=/a>=a href="+code=out" class="sref">out=/a>: 3248=/a>        =a href="+code=kfree" class="sref">kfree=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3249=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3250=/a>} 3251=/a> 3252=/a>=spa1 class="comment">/*=/spa1  3253=/a>=spa1 class="comment"> * verify the AUTH2_COMMAND (unseal) result from TPM=/spa1  3254=/a>=spa1 class="comment"> */=/spa1  3255=/a>static int3=a href="+code=TSS_checkhmac2" class="sref">TSS_checkhmac2=/a>(unsigned char3*=a href="+code=buffer" class="sref">buffer=/a>, 3256=/a>                          const =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=command" class="sref">command=/a>, 3257=/a>                          const unsigned char3*=a href="+code=ononce" class="sref">ononce=/a>, 3258=/a>                          const unsigned char3*=a href="+code=key1" class="sref">key1=/a>, 3259=/a>                          unsigned int3=a href="+code=keylen1" class="sref">keylen1=/a>, 3260=/a>                          const unsigned char3*=a href="+code=key2" class="sref">key2=/a>, 3261=/a>                          unsigned int3=a href="+code=keylen2" class="sref">keylen2=/a>, ...) 3262=/a>{ 3263=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=bufsize" class="sref">bufsize=/a>; 3264=/a>        =a href="+code=uint16_t" class="sref">uint16_t=/a> =a href="+code=tag" class="sref">tag=/a>; 3265=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=ordinal" class="sref">ordinal=/a>; 3266=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=result" class="sref">result=/a>; 3267=/a>        unsigned char3*=a href="+code=enonce1" class="sref">enonce1=/a>; 3268=/a>        unsigned char3*=a href="+code=continueflag1" class="sref">continueflag1=/a>; 3269=/a>        unsigned char3*=a href="+code=authdata1" class="sref">authdata1=/a>; 3270=/a>        unsigned char3*=a href="+code=enonce2" class="sref">enonce2=/a>; 3271=/a>        unsigned char3*=a href="+code=continueflag2" class="sref">continueflag2=/a>; 3272=/a>        unsigned char3*=a href="+code=authdata2" class="sref">authdata2=/a>; 3273=/a>        unsigned char3=a href="+code=testhmac1" class="sref">testhmac1=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3274=/a>        unsigned char3=a href="+code=testhmac2" class="sref">testhmac2=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3275=/a>        unsigned char3=a href="+code=paramdigest" class="sref">paramdigest=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3276=/a>        struct3=a href="+code=sdesc" class="sref">sdesc=/a> *=a href="+code=sdesc" class="sref">sdesc=/a>; 3277=/a>        unsigned int3=a href="+code=dlen" class="sref">dlen=/a>; 3278=/a>        unsigned int3=a href="+code=dpos" class="sref">dpos=/a>; 3279=/a>        =a href="+code=va_list" class="sref">va_list=/a> =a href="+code=argp" class="sref">argp=/a>; 3280=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3281=/a> 3282=/a>        =a href="+code=bufsize" class="sref">bufsize=/a> = =a href="+code=LOAD32" class="sref">LOAD32=/a>(=a href="+code=buffer" class="sref">buffer=/a>, =a href="+code=TPM_SIZE_OFFSET" class="sref">TPM_SIZE_OFFSET=/a>); 3283=/a>        =a href="+code=tag" class="sref">tag=/a> = =a href="+code=LOAD16" class="sref">LOAD16=/a>(=a href="+code=buffer" class="sref">buffer=/a>, 0); 3284=/a>        =a href="+code=ordinal" class="sref">ordinal=/a> = =a href="+code=command" class="sref">command=/a>; 3285=/a>        =a href="+code=result" class="sref">result=/a> = =a href="+code=LOAD32N" class="sref">LOAD32N=/a>(=a href="+code=buffer" class="sref">buffer=/a>, =a href="+code=TPM_RETURN_OFFSET" class="sref">TPM_RETURN_OFFSET=/a>); 3286=/a> 3287=/a>        if (=a href="+code=tag" class="sref">tag=/a> == =a href="+code=TPM_TAG_RSP_COMMAND" class="sref">TPM_TAG_RSP_COMMAND=/a>) 3288=/a>                return 0; 3289=/a>        if (=a href="+code=tag" class="sref">tag=/a> != =a href="+code=TPM_TAG_RSP_AUTH2_COMMAND" class="sref">TPM_TAG_RSP_AUTH2_COMMAND=/a>) 3290=/a>                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3291=/a>        =a href="+code=authdata1" class="sref">authdata1=/a> = =a href="+code=buffer" class="sref">buffer=/a> +3=a href="+code=bufsize" class="sref">bufsize=/a> - (=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a> +31 3292=/a>                        +3=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a> +3=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3293=/a>        =a href="+code=authdata2" class="sref">authdata2=/a> = =a href="+code=buffer" class="sref">buffer=/a> +3=a href="+code=bufsize" class="sref">bufsize=/a> - (=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3294=/a>        =a href="+code=continueflag1" class="sref">continueflag1=/a> = =a href="+code=authdata1" class="sref">authdata1=/a> - 1; 3295=/a>        =a href="+code=continueflag2" class="sref">continueflag2=/a> = =a href="+code=authdata2" class="sref">authdata2=/a> - 1; 3296=/a>        =a href="+code=enonce1" class="sref">enonce1=/a> = =a href="+code=continueflag1" class="sref">continueflag1=/a> - =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>; 3297=/a>        =a href="+code=enonce2" class="sref">enonce2=/a> = =a href="+code=continueflag2" class="sref">continueflag2=/a> - =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>; 3298=/a> 3299=/a>        =a href="+code=sdesc" class="sref">sdesc=/a> = =a href="+code=init_sdesc" class="sref">init_sdesc=/a>(=a href="+code=hashalg" class="sref">hashalg=/a>); 3300=/a>        if (=a href="+code=IS_ERR" class="sref">IS_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>)) { 3301=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: ca1't alloc %s\n"hash_alg=/a>); 3302=/a>                return =a href="+code=PTR_ERR" class="sref">PTR_ERR=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3303=/a>        } 3304=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_init" class="sref">crypto_shash_init=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>); 3305=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3306=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3307=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_upda  " class="sref">crypto_shash_upda  =/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, (const =a href="+code=u8" class="sref">u8=/a> *)&=a href="+code=result" class="sref">result=/a>, 3308=/a>                                  sizeof =a href="+code=result" class="sref">result=/a>); 3309=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3310=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3311=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_upda  " class="sref">crypto_shash_upda  =/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, (const =a href="+code=u8" class="sref">u8=/a> *)&=a href="+code=ordinal" class="sref">ordinal=/a>, 3312=/a>                                  sizeof =a href="+code=ordinal" class="sref">ordinal=/a>); 3313=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3314=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3315=/a> 3316=/a>        =a href="+code=va_start" class="sref">va_start=/a>(=a href="+code=argp" class="sref">argp=/a>,3=a href="+code=keylen2" class="sref">keylen2=/a>); 3317=/a>        for (;;) { 3318=/a>                =a href="+code=dlen" class="sref">dlen=/a> = =a href="+code=va_arg" class="sref">va_arg=/a>(=a href="+code=argp" class="sref">argp=/a>,3unsigned int); 3319=/a>                if (=a href="+code=dlen" class="sref">dlen=/a> == 0) 3320=/a>                        break; 3321=/a>                =a href="+code=dpos" class="sref">dpos=/a> = =a href="+code=va_arg" class="sref">va_arg=/a>(=a href="+code=argp" class="sref">argp=/a>,3unsigned int); 3322=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_upda  " class="sref">crypto_shash_upda  =/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=buffer" class="sref">buffer=/a> +3=a href="+code=dpos" class="sref">dpos=/a>, =a href="+code=dlen" class="sref">dlen=/a>); 3323=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3324=/a>                        break; 3325=/a>        } 3326=/a>        =a href="+code=va_end" class="sref">va_end=/a>(=a href="+code=argp" class="sref">argp=/a>); 3327=/a>        if (!=a href="+code=ret" class="sref">ret=/a>) 3328=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=crypto_shash_final" class="sref">crypto_shash_final=/a>(&=a href="+code=sdesc" class="sref">sdesc=/a>->=a href="+code=shash" class="sref">shash=/a>, =a href="+code=paramdigest" class="sref">paramdigest=/a>); 3329=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3330=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3331=/a> 3332=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac=/a>(=a href="+code=testhmac1" class="sref">testhmac1=/a>,3=a href="+code=key1" class="sref">key1=/a>,3=a href="+code=keylen1" class="sref">keylen1=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3333=/a>                          =a href="+code=paramdigest" class="sref">paramdigest=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>,3=a href="+code=enonce1" class="sref">enonce1=/a>, 3334=/a>                          =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>, =a href="+code=ononce" class="sref">ononce=/a>, 1, =a href="+code=continueflag1" class="sref">continueflag1=/a>, 0, 0); 3335=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3336=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3337=/a>        if (=a href="+code=memcmp" class="sref">memcmp=/a>(=a href="+code=testhmac1" class="sref">testhmac1=/a>,3=a href="+code=authdata1" class="sref">authdata1=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>)) { 3338=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3339=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3340=/a>        } 3341=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac=/a>(=a href="+code=testhmac2" class="sref">testhmac2=/a>,3=a href="+code=key2" class="sref">key2=/a>,3=a href="+code=keylen2" class="sref">keylen2=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3342=/a>                          =a href="+code=paramdigest" class="sref">paramdigest=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>,3=a href="+code=enonce2" class="sref">enonce2=/a>, 3343=/a>                          =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>, =a href="+code=ononce" class="sref">ononce=/a>, 1, =a href="+code=continueflag2" class="sref">continueflag2=/a>, 0, 0); 3344=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3345=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3346=/a>        if (=a href="+code=memcmp" class="sref">memcmp=/a>(=a href="+code=testhmac2" class="sref">testhmac2=/a>,3=a href="+code=authdata2" class="sref">authdata2=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>)) 3347=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3348=/a>=a href="+code=out" class="sref">out=/a>: 3349=/a>        =a href="+code=kfree" class="sref">kfree=/a>(=a href="+code=sdesc" class="sref">sdesc=/a>); 3350=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3351=/a>} 3352=/a> 3353=/a>=spa1 class="comment">/*=/spa1  3354=/a>=spa1 class="comment"> * For key specific tpm requests, we will generate and send our=/spa1  3355=/a>=spa1 class="comment"> * own TPM command packets using the drivers send function.=/spa1  3356=/a>=spa1 class="comment"> */=/spa1  3357=/a>static int3=a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send=/a>(const =a href="+code=u32" class="sref">u32=/a> =a href="+code=chip_num" class="sref">chip_num=/a>,3unsigned char3*=a href="+code=cmd" class="sref">cmd=/a>, 3358=/a>                            =a href="+code=size_t" class="sref">size_t=/a> =a href="+code=buflen" class="sref">buflen=/a>) 3359=/a>{ 3360=/a>        int3=a href="+code=rc" class="sref">rc=/a>; 3361=/a> 3362=/a>        =a href="+code=dump_tpm_buf" class="sref">dump_tpm_buf=/a>(=a href="+code=cmd" class="sref">cmd=/a>); 3363=/a>        =a href="+code=rc" class="sref">rc=/a> = =a href="+code=tpm_send" class="sref">tpm_send=/a>(=a href="+code=chip_num" class="sref">chip_num=/a>,3=a href="+code=cmd" class="sref">cmd=/a>, =a href="+code=buflen" class="sref">buflen=/a>); 3364=/a>        =a href="+code=dump_tpm_buf" class="sref">dump_tpm_buf=/a>(=a href="+code=cmd" class="sref">cmd=/a>); 3365=/a>        if (=a href="+code=rc" class="sref">rc=/a> > 0) 3366=/a>                =spa1 class="comment">/* Ca1't return positive return codes values to3keyctl */=/spa1  3367=/a>                =a href="+code=rc" class="sref">rc=/a> = -=a href="+code=EPERM" class="sref">EPERM=/a>; 3368=/a>        return =a href="+code=rc" class="sref">rc=/a>; 3369=/a>} 3370=/a> 3371=/a>=spa1 class="comment">/*=/spa1  3372=/a>=spa1 class="comment"> * get a random value from TPM=/spa1  3373=/a>=spa1 class="comment"> */=/spa1  3374=/a>static int3=a href="+code=tpm_get_random" class="sref">tpm_get_random=/a>(struct3=a href="+code=tpm_buf" class="sref">tpm_buf=/a>3*=a href="+code=tb" class="sref">tb=/a>,3unsigned char3*=a href="+code=buf" class="sref">buf=/a>, =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=len" class="sref">len=/a>) 3375=/a>{ 3376=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3377=/a> 3378=/a>        =a href="+code=INIT_BUF" class="sref">INIT_BUF=/a>(=a href="+code=tb" class="sref">tb=/a>); 3379=/a>        =a href="+code=store16" class="sref">store16=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_TAG_RQU_COMMAND" class="sref">TPM_TAG_RQU_COMMAND=/a>); 3380=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_GETRANDOM_SIZE" class="sref">TPM_GETRANDOM_SIZE=/a>); 3381=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_ORD_GETRANDOM" class="sref">TPM_ORD_GETRANDOM=/a>); 3382=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=len" class="sref">len=/a>); 3383=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send=/a>(=a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM=/a>, =a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, sizeof =a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>); 3384=/a>        if (!=a href="+code=ret" class="sref">ret=/a>) 3385=/a>                =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=buf" class="sref">buf=/a>, =a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a> +3=a href="+code=TPM_GETRANDOM_SIZE" class="sref">TPM_GETRANDOM_SIZE=/a>, =a href="+code=len" class="sref">len=/a>); 3386=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3387=/a>} 3388=/a> 3389=/a>static int3=a href="+code=my_get_random" class="sref">my_get_random=/a>(unsigned char3*=a href="+code=buf" class="sref">buf=/a>, int3=a href="+code=len" class="sref">len=/a>) 3390=/a>{ 3391=/a>        struct3=a href="+code=tpm_buf" class="sref">tpm_buf=/a>3*=a href="+code=tb" class="sref">tb=/a>; 3392=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3393=/a> 3394=/a>        =a href="+code=tb" class="sref">tb=/a> = =a href="+code=kmalloc" class="sref">kmalloc=/a>(sizeof *=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 3395=/a>        if (!=a href="+code=tb" class="sref">tb=/a>) 3396=/a>                return -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 3397=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=tpm_get_random" class="sref">tpm_get_random=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=buf" class="sref">buf=/a>, =a href="+code=len" class="sref">len=/a>); 3398=/a> 3399=/a>        =a href="+code=kfree" class="sref">kfree=/a>(=a href="+code=tb" class="sref">tb=/a>); 3400=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3401=/a>} 3402=/a> 3403=/a>=spa1 class="comment">/*=/spa1  3404=/a>=spa1 class="comment"> * Lock a trusted3key, by extending a selected3PCR.=/spa1  3405=/a>=spa1 class="comment"> *=/spa1  3406=/a>=spa1 class="comment"> * Prevents a trusted3key that is sealed3to3PCRs from being accessed.=/spa1  3407=/a>=spa1 class="comment"> * This uses the tpm driver's extend function.=/spa1  3408=/a>=spa1 class="comment"> */=/spa1  3409=/a>static int3=a href="+code=pcrlock" class="sref">pcrlock=/a>(const int3=a href="+code=pcrnum" class="sref">pcrnum=/a>) 3410=/a>{ 3411=/a>        unsigned char3=a href="+code=hash" class="sref">hash=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3412=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3413=/a> 3414=/a>        if (!=a href="+code=capabl " class="sref">capabl =/a>(=a href="+code=CAP_SYS_ADMIN" class="sref">CAP_SYS_ADMIN=/a>)) 3415=/a>                return -=a href="+code=EPERM" class="sref">EPERM=/a>; 3416=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=my_get_random" class="sref">my_get_random=/a>(=a href="+code=hash" class="sref">hash=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3417=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3418=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3419=/a>        return =a href="+code=tpm_pcr_extend" class="sref">tpm_pcr_extend=/a>(=a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM=/a>, =a href="+code=pcrnum" class="sref">pcrnum=/a>, =a href="+code=hash" class="sref">hash=/a>) ? -=a href="+code=EINVAL" class="sref">EINVAL=/a> : 0; 3420=/a>} 3421=/a> 3422=/a>=spa1 class="comment">/*=/spa1  3423=/a>=spa1 class="comment"> * Create an object specific authorisation protocol (OSAP) session=/spa1  3424=/a>=spa1 class="comment"> */=/spa1  3425=/a>static int3=a href="+code=osap" class="sref">osap=/a>(struct3=a href="+code=tpm_buf" class="sref">tpm_buf=/a>3*=a href="+code=tb" class="sref">tb=/a>,3struct3=a href="+code=osapsess" class="sref">osapsess=/a>3*=a href="+code=s" class="sref">s=/a>, 3426=/a>                const unsigned char3*=a href="+code=key" class="sref">key=/a>, =a href="+code=uint16_t" class="sref">uint16_t=/a> =a href="+code=typ " class="sref">typ =/a>, =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=handl " class="sref">handl =/a>) 3427=/a>{ 3428=/a>        unsigned char3=a href="+code=enonce" class="sref">enonce=/a>[=a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>]; 3429=/a>        unsigned char3=a href="+code=ononce" class="sref">ononce=/a>[=a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>]; 3430=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3431=/a> 3432=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=tpm_get_random" class="sref">tpm_get_random=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=ononce" class="sref">ononce=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3433=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3434=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3435=/a> 3436=/a>        =a href="+code=INIT_BUF" class="sref">INIT_BUF=/a>(=a href="+code=tb" class="sref">tb=/a>); 3437=/a>        =a href="+code=store16" class="sref">store16=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_TAG_RQU_COMMAND" class="sref">TPM_TAG_RQU_COMMAND=/a>); 3438=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_OSAP_SIZE" class="sref">TPM_OSAP_SIZE=/a>); 3439=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_ORD_OSAP" class="sref">TPM_ORD_OSAP=/a>); 3440=/a>        =a href="+code=store16" class="sref">store16=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=typ " class="sref">typ =/a>); 3441=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=handl " class="sref">handl =/a>); 3442=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=ononce" class="sref">ononce=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3443=/a> 3444=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send=/a>(=a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM=/a>, =a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=MAX_BUF_SIZE" class="sref">MAX_BUF_SIZE=/a>); 3445=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3446=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3447=/a> 3448=/a>        =a href="+code=s" class="sref">s=/a>->=a href="+code=handl " class="sref">handl =/a> = =a href="+code=LOAD32" class="sref">LOAD32=/a>(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a>); 3449=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=s" class="sref">s=/a>->=a href="+code=enonce" class="sref">enonce=/a>, &(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>[=a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a> + sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>)]), 3450=/a>               =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3451=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=enonce" class="sref">enonce=/a>, &(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>[=a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a> + sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>) + 3452=/a>                                  =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>]), =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3453=/a>        return =a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac=/a>(=a href="+code=s" class="sref">s=/a>->=a href="+code=secret" class="sref">secret=/a>, =a href="+code=key" class="sref">key=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>, 3454=/a>                          3=a href="+code=enonce" class="sref">enonce=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>,3=a href="+code=ononce" class="sref">ononce=/a>, 0, 0); 3455=/a>} 3456=/a> 3457=/a>=spa1 class="comment">/*=/spa1  3458=/a>=spa1 class="comment"> * Create an object independent authorisation protocol (oiap) session=/spa1  3459=/a>=spa1 class="comment"> */=/spa1  3460=/a>static int3=a href="+code=oiap" class="sref">oiap=/a>(struct3=a href="+code=tpm_buf" class="sref">tpm_buf=/a>3*=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=uint32_t" class="sref">uint32_t=/a> *=a href="+code=handl " class="sref">handl =/a>,3unsigned char3*=a href="+code=nonce" class="sref">nonce=/a>) 3461=/a>{ 3462=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3463=/a> 3464=/a>        =a href="+code=INIT_BUF" class="sref">INIT_BUF=/a>(=a href="+code=tb" class="sref">tb=/a>); 3465=/a>        =a href="+code=store16" class="sref">store16=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_TAG_RQU_COMMAND" class="sref">TPM_TAG_RQU_COMMAND=/a>); 3466=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_OIAP_SIZE" class="sref">TPM_OIAP_SIZE=/a>); 3467=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_ORD_OIAP" class="sref">TPM_ORD_OIAP=/a>); 3468=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send=/a>(=a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM=/a>, =a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=MAX_BUF_SIZE" class="sref">MAX_BUF_SIZE=/a>); 3469=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3470=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3471=/a> 3472=/a>        *=a href="+code=handl " class="sref">handl =/a> = =a href="+code=LOAD32" class="sref">LOAD32=/a>(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a>); 3473=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=nonce" class="sref">nonce=/a>, &=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>[=a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a> + sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>)], 3474=/a>               =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3475=/a>        return 0; 3476=/a>} 3477=/a> 3478=/a>struct3=a href="+code=tpm_digests" class="sref">tpm_digests=/a> { 3479=/a>        unsigned char3=a href="+code=encauth" class="sref">encauth=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3480=/a>        unsigned char3=a href="+code=pubauth" class="sref">pubauth=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3481=/a>        unsigned char3=a href="+code=xorwork" class="sref">xorwork=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a> * 2]; 3482=/a>        unsigned char3=a href="+code=xorhash" class="sref">xorhash=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3483=/a>        unsigned char3=a href="+code=nonceodd" class="sref">nonceodd=/a>[=a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>]; 3484=/a>}; 3485=/a> 3486=/a>=spa1 class="comment">/*=/spa1  3487=/a>=spa1 class="comment"> * Have the TPM seal(encrypt) the trusted3key, possibly based3on=/spa1  3488=/a>=spa1 class="comment"> * Platform Configuration Registers (PCRs). AUTH1 for sealing key.=/spa1  3489=/a>=spa1 class="comment"> */=/spa1  3490=/a>static int3=a href="+code=tpm_seal" class="sref">tpm_seal=/a>(struct3=a href="+code=tpm_buf" class="sref">tpm_buf=/a>3*=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=uint16_t" class="sref">uint16_t=/a> =a href="+code=keytyp " class="sref">keytyp =/a>, 3491=/a>                    =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=keyhandl " class="sref">keyhandl =/a>,3const unsigned char3*=a href="+code=keyauth" class="sref">keyauth=/a>, 3492=/a>                    const unsigned char3*=a href="+code=data" class="sref">data=/a>, =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=datalen" class="sref">datalen=/a>, 3493=/a>                    unsigned char3*=a href="+code=blob" class="sref">blob=/a>,3=a href="+code=uint32_t" class="sref">uint32_t=/a> *=a href="+code=bloblen" class="sref">bloblen=/a>, 3494=/a>                    const unsigned char3*=a href="+code=blobauth" class="sref">blobauth=/a>, 3495=/a>                    const unsigned char3*=a href="+code=pcrinfo" class="sref">pcrinfo=/a>, =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=pcrinfosize" class="sref">pcrinfosize=/a>) 3496=/a>{ 3497=/a>        struct3=a href="+code=osapsess" class="sref">osapsess=/a>3=a href="+code=sess" class="sref">sess=/a>; 3498=/a>        struct3=a href="+code=tpm_digests" class="sref">tpm_digests=/a> *=a href="+code=td" class="sref">td=/a>; 3499=/a>        unsigned char3=a href="+code=cont" class="sref">cont=/a>; 3500=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=ordinal" class="sref">ordinal=/a>; 3501=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=pcrsize" class="sref">pcrsize=/a>; 3502=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=datsize" class="sref">datsize=/a>; 3503=/a>        int3=a href="+code=sealinfosize" class="sref">sealinfosize=/a>; 3504=/a>        int3=a href="+code=encdatasize" class="sref">encdatasize=/a>; 3505=/a>        int3=a href="+code=storedsize" class="sref">storedsize=/a>; 3506=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3507=/a>        int3=a href="+code=i" class="sref">i=/a>; 3508=/a> 3509=/a>        =spa1 class="comment">/* alloc some work space for all the hashes */=/spa1  3510=/a>        =a href="+code=td" class="sref">td=/a> = =a href="+code=kmalloc" class="sref">kmalloc=/a>(sizeof *=a href="+code=td" class="sref">td=/a>,3=a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 3511=/a>        if (!=a href="+code=td" class="sref">td=/a>) 3512=/a>                return -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 3513=/a> 3514=/a>        =spa1 class="comment">/* get session for sealing key */=/spa1  3515=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=osap" class="sref">osap=/a>(=a href="+code=tb" class="sref">tb=/a>,3&=a href="+code=sess" class="sref">sess=/a>, =a href="+code=keyauth" class="sref">keyauth=/a>, =a href="+code=keytyp " class="sref">keytyp =/a>, =a href="+code=keyhandl " class="sref">keyhandl =/a>); 3516=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3517=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3518=/a>        =a href="+code=dump_sess" class="sref">dump_sess=/a>(&=a href="+code=sess" class="sref">sess=/a>); 3519=/a> 3520=/a>        =spa1 class="comment">/* calculate encrypted authorization value */=/spa1  3521=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=td" class="sref">td=/a>->=a href="+code=xorwork" class="sref">xorwork=/a>, =a href="+code=sess" class="sref">sess=/a>.=a href="+code=secret" class="sref">secret=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3522=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=td" class="sref">td=/a>->=a href="+code=xorwork" class="sref">xorwork=/a> +3=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, =a href="+code=sess" class="sref">sess=/a>.=a href="+code=enonce" class="sref">enonce=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3523=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_sha1" class="sref">TSS_sha1=/a>(=a href="+code=td" class="sref">td=/a>->=a href="+code=xorwork" class="sref">xorwork=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a> * 2, =a href="+code=td" class="sref">td=/a>->=a href="+code=xorhash" class="sref">xorhash=/a>); 3524=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3525=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3526=/a> 3527=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=tpm_get_random" class="sref">tpm_get_random=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=td" class="sref">td=/a>->=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3528=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3529=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3530=/a>        =a href="+code=ordinal" class="sref">ordinal=/a> = =a href="+code=htonl" class="sref">htonl=/a>(=a href="+code=TPM_ORD_SEAL" class="sref">TPM_ORD_SEAL=/a>); 3531=/a>        =a href="+code=datsize" class="sref">datsize=/a> = =a href="+code=htonl" class="sref">htonl=/a>(=a href="+code=datalen" class="sref">datalen=/a>); 3532=/a>        =a href="+code=pcrsize" class="sref">pcrsize=/a> = =a href="+code=htonl" class="sref">htonl=/a>(=a href="+code=pcrinfosize" class="sref">pcrinfosize=/a>); 3533=/a>        =a href="+code=cont" class="sref">cont=/a> = 0; 3534=/a> 3535=/a>        =spa1 class="comment">/* encrypt data authorization key */=/spa1  3536=/a>        for (=a href="+code=i" class="sref">i=/a> = 0;3=a href="+code=i" class="sref">i=/a> < =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>; ++=a href="+code=i" class="sref">i=/a>) 3537=/a>                =a href="+code=td" class="sref">td=/a>->=a href="+code=encauth" class="sref">encauth=/a>[=a href="+code=i" class="sref">i=/a>] = =a href="+code=td" class="sref">td=/a>->=a href="+code=xorhash" class="sref">xorhash=/a>[=a href="+code=i" class="sref">i=/a>] ^ =a href="+code=blobauth" class="sref">blobauth=/a>[=a href="+code=i" class="sref">i=/a>]; 3538=/a> 3539=/a>        =spa1 class="comment">/* calculate authorization HMAC value */=/spa1  3540=/a>        if (=a href="+code=pcrinfosize" class="sref">pcrinfosize=/a> == 0) { 3541=/a>                =spa1 class="comment">/* no pcr info specified */=/spa1  3542=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_authhmac" class="sref">TSS_authhmac=/a>(=a href="+code=td" class="sref">td=/a>->=a href="+code=pubauth" class="sref">pubauth=/a>, =a href="+code=sess" class="sref">sess=/a>.=a href="+code=secret" class="sref">secret=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3543=/a>                                   =a href="+code=sess" class="sref">sess=/a>.=a href="+code=enonce" class="sref">enonce=/a>, =a href="+code=td" class="sref">td=/a>->=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=cont" class="sref">cont=/a>, 3544=/a>                                   sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>),3&=a href="+code=ordinal" class="sref">ordinal=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3545=/a>                                   =a href="+code=td" class="sref">td=/a>->=a href="+code=encauth" class="sref">encauth=/a>, sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>),3&=a href="+code=pcrsize" class="sref">pcrsize=/a>, 3546=/a>                                   sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>),3&=a href="+code=datsize" class="sref">datsize=/a>, =a href="+code=datalen" class="sref">datalen=/a>, =a href="+code=data" class="sref">data=/a>, 0, 3547=/a>                                   0); 3548=/a>        } else { 3549=/a>                =spa1 class="comment">/* pcr info specified */=/spa1  3550=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_authhmac" class="sref">TSS_authhmac=/a>(=a href="+code=td" class="sref">td=/a>->=a href="+code=pubauth" class="sref">pubauth=/a>, =a href="+code=sess" class="sref">sess=/a>.=a href="+code=secret" class="sref">secret=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3551=/a>                                   =a href="+code=sess" class="sref">sess=/a>.=a href="+code=enonce" class="sref">enonce=/a>, =a href="+code=td" class="sref">td=/a>->=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=cont" class="sref">cont=/a>, 3552=/a>                                   sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>),3&=a href="+code=ordinal" class="sref">ordinal=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3553=/a>                                   =a href="+code=td" class="sref">td=/a>->=a href="+code=encauth" class="sref">encauth=/a>, sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>),3&=a href="+code=pcrsize" class="sref">pcrsize=/a>, 3554=/a>                          3        =a href="+code=pcrinfosize" class="sref">pcrinfosize=/a>, =a href="+code=pcrinfo" class="sref">pcrinfo=/a>, sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>), 3555=/a>                                   &=a href="+code=datsize" class="sref">datsize=/a>, =a href="+code=datalen" class="sref">datalen=/a>, =a href="+code=data" class="sref">data=/a>, 0, 0); 3556=/a>        } 3557=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3558=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3559=/a> 3560=/a>        =spa1 class="comment">/* build and send the TPM request packet */=/spa1  3561=/a>        =a href="+code=INIT_BUF" class="sref">INIT_BUF=/a>(=a href="+code=tb" class="sref">tb=/a>); 3562=/a>        =a href="+code=store16" class="sref">store16=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_TAG_RQU_AUTH1_COMMAND" class="sref">TPM_TAG_RQU_AUTH1_COMMAND=/a>); 3563=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_SEAL_SIZE" class="sref">TPM_SEAL_SIZE=/a> +3=a href="+code=pcrinfosize" class="sref">pcrinfosize=/a> +3=a href="+code=datalen" class="sref">datalen=/a>); 3564=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_ORD_SEAL" class="sref">TPM_ORD_SEAL=/a>); 3565=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=keyhandl " class="sref">keyhandl =/a>); 3566=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=td" class="sref">td=/a>->=a href="+code=encauth" class="sref">encauth=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3567=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=pcrinfosize" class="sref">pcrinfosize=/a>); 3568=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=pcrinfo" class="sref">pcrinfo=/a>, =a href="+code=pcrinfosize" class="sref">pcrinfosize=/a>); 3569=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=datalen" class="sref">datalen=/a>); 3570=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=data" class="sref">data=/a>, =a href="+code=datalen" class="sref">datalen=/a>); 3571=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=sess" class="sref">sess=/a>.=a href="+code=handl " class="sref">handl =/a>); 3572=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=td" class="sref">td=/a>->=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3573=/a>        =a href="+code=store8" class="sref">store8=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=cont" class="sref">cont=/a>); 3574=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=td" class="sref">td=/a>->=a href="+code=pubauth" class="sref">pubauth=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3575=/a> 3576=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send=/a>(=a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM=/a>, =a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=MAX_BUF_SIZE" class="sref">MAX_BUF_SIZE=/a>); 3577=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3578=/a>                goto3=a href="+code=out" class="sref">out=/a>; 3579=/a> 3580=/a>        =spa1 class="comment">/* calculate the size of the returned Blob */=/spa1  3581=/a>        =a href="+code=sealinfosize" class="sref">sealinfosize=/a> = =a href="+code=LOAD32" class="sref">LOAD32=/a>(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a> + sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>)); 3582=/a>        =a href="+code=encdatasize" class="sref">encdatasize=/a> = =a href="+code=LOAD32" class="sref">LOAD32=/a>(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a> + sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>) + 3583=/a>                             sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>) + =a href="+code=sealinfosize" class="sref">sealinfosize=/a>); 3584=/a>        =a href="+code=storedsize" class="sref">storedsize=/a> = sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>) + sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>) + =a href="+code=sealinfosize" class="sref">sealinfosize=/a> + 3585=/a>            sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>) + =a href="+code=encdatasize" class="sref">encdatasize=/a>; 3586=/a> 3587=/a>        =spa1 class="comment">/* check the HMAC in the response */=/spa1  3588=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_checkhmac1" class="sref">TSS_checkhmac1=/a>(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=ordinal" class="sref">ordinal=/a>, =a href="+code=td" class="sref">td=/a>->=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=sess" class="sref">sess=/a>.=a href="+code=secret" class="sref">secret=/a>, 3589=/a>                             =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, =a href="+code=storedsize" class="sref">storedsize=/a>, =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a>, 0, 3590=/a>                             0); 3591=/a> 3592=/a>        =spa1 class="comment">/* copy the returned blob to3caller */=/spa1  3593=/a>        if (!=a href="+code=ret" class="sref">ret=/a>) { 3594=/a>                =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=blob" class="sref">blob=/a>,3=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a> + =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a>, =a href="+code=storedsize" class="sref">storedsize=/a>); 3595=/a>                *=a href="+code=bloblen" class="sref">bloblen=/a> = =a href="+code=storedsize" class="sref">storedsize=/a>; 3596=/a>        } 3597=/a>=a href="+code=out" class="sref">out=/a>: 3598=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=td" class="sref">td=/a>); 3599=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3600=/a>} 3601=/a> 3602=/a>=spa1 class="comment">/*=/spa1  3603=/a>=spa1 class="comment"> * use the AUTH2_COMMAND form of unseal, to3authorize both key and blob=/spa1  3604=/a>=spa1 class="comment"> */=/spa1  3605=/a>static int3=a href="+code=tpm_unseal" class="sref">tpm_unseal=/a>(struct3=a href="+code=tpm_buf" class="sref">tpm_buf=/a>3*=a href="+code=tb" class="sref">tb=/a>, 3606=/a>                      =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=keyhandl " class="sref">keyhandl =/a>,3const unsigned char3*=a href="+code=keyauth" class="sref">keyauth=/a>, 3607=/a>                      const unsigned char3*=a href="+code=blob" class="sref">blob=/a>,3int3=a href="+code=bloblen" class="sref">bloblen=/a>, 3608=/a>                      const unsigned char3*=a href="+code=blobauth" class="sref">blobauth=/a>, 3609=/a>                      unsigned char3*=a href="+code=data" class="sref">data=/a>, unsigned int3*=a href="+code=datalen" class="sref">datalen=/a>) 3610=/a>{ 3611=/a>        unsigned char3=a href="+code=nonceodd" class="sref">nonceodd=/a>[=a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>]; 3612=/a>        unsigned char3=a href="+code=enonce1" class="sref">enonce1=/a>[=a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>]; 3613=/a>        unsigned char3=a href="+code=enonce2" class="sref">enonce2=/a>[=a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>]; 3614=/a>        unsigned char3=a href="+code=authdata1" class="sref">authdata1=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3615=/a>        unsigned char3=a href="+code=authdata2" class="sref">authdata2=/a>[=a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>]; 3616=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=authhandl 1" class="sref">authhandl 1=/a> = 0; 3617=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=authhandl 2" class="sref">authhandl 2=/a> = 0; 3618=/a>        unsigned char3=a href="+code=cont" class="sref">cont=/a> = 0; 3619=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=ordinal" class="sref">ordinal=/a>; 3620=/a>        =a href="+code=uint32_t" class="sref">uint32_t=/a> =a href="+code=keyhndl" class="sref">keyhndl=/a>; 3621=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3622=/a> 3623=/a>        =spa1 class="comment">/* sessions for unsealing key and data */=/spa1  3624=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=oiap" class="sref">oiap=/a>(=a href="+code=tb" class="sref">tb=/a>,3&=a href="+code=authhandl 1" class="sref">authhandl 1=/a>, =a href="+code=enonce1" class="sref">enonce1=/a>); 3625=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) { 3626=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: oiap failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3627=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3628=/a>        } 3629=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=oiap" class="sref">oiap=/a>(=a href="+code=tb" class="sref">tb=/a>,3&=a href="+code=authhandl 2" class="sref">authhandl 2=/a>, =a href="+code=enonce2" class="sref">enonce2=/a>); 3630=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) { 3631=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: oiap failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3632=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3633=/a>        } 3634=/a> 3635=/a>        =a href="+code=ordinal" class="sref">ordinal=/a> = =a href="+code=htonl" class="sref">htonl=/a>(=a href="+code=TPM_ORD_UNSEAL" class="sref">TPM_ORD_UNSEAL=/a>); 3636=/a>        =a href="+code=keyhndl" class="sref">keyhndl=/a> = =a href="+code=htonl" class="sref">htonl=/a>(=a href="+code=SRKHANDLE" class="sref">SRKHANDLE=/a>); 3637=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=tpm_get_random" class="sref">tpm_get_random=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3638=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) { 3639=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: tpm_get_random failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3640=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3641=/a>        } 3642=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_authhmac" class="sref">TSS_authhmac=/a>(=a href="+code=authdata1" class="sref">authdata1=/a>, =a href="+code=keyauth" class="sref">keyauth=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>, 3643=/a>                           =a href="+code=enonce1" class="sref">enonce1=/a>,3=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=cont" class="sref">cont=/a>, sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>), 3644=/a>                           &=a href="+code=ordinal" class="sref">ordinal=/a>, =a href="+code=bloblen" class="sref">bloblen=/a>, =a href="+code=blob" class="sref">blob=/a>,30, 0); 3645=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3646=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3647=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_authhmac" class="sref">TSS_authhmac=/a>(=a href="+code=authdata2" class="sref">authdata2=/a>, =a href="+code=blobauth" class="sref">blobauth=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>, 3648=/a>                           =a href="+code=enonce2" class="sref">enonce2=/a>,3=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=cont" class="sref">cont=/a>, sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>), 3649=/a>                           &=a href="+code=ordinal" class="sref">ordinal=/a>, =a href="+code=bloblen" class="sref">bloblen=/a>, =a href="+code=blob" class="sref">blob=/a>,30, 0); 3650=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3651=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3652=/a> 3653=/a>        =spa1 class="comment">/* build and send TPM request packet */=/spa1  3654=/a>        =a href="+code=INIT_BUF" class="sref">INIT_BUF=/a>(=a href="+code=tb" class="sref">tb=/a>); 3655=/a>        =a href="+code=store16" class="sref">store16=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_TAG_RQU_AUTH2_COMMAND" class="sref">TPM_TAG_RQU_AUTH2_COMMAND=/a>); 3656=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_UNSEAL_SIZE" class="sref">TPM_UNSEAL_SIZE=/a> + =a href="+code=bloblen" class="sref">bloblen=/a>); 3657=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=TPM_ORD_UNSEAL" class="sref">TPM_ORD_UNSEAL=/a>); 3658=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=keyhandl " class="sref">keyhandl =/a>); 3659=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=blob" class="sref">blob=/a>,3=a href="+code=bloblen" class="sref">bloblen=/a>); 3660=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=authhandl 1" class="sref">authhandl 1=/a>); 3661=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3662=/a>        =a href="+code=store8" class="sref">store8=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=cont" class="sref">cont=/a>); 3663=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=authdata1" class="sref">authdata1=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3664=/a>        =a href="+code=store32" class="sref">store32=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=authhandl 2" class="sref">authhandl 2=/a>); 3665=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=nonceodd" class="sref">nonceodd=/a>, =a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE=/a>); 3666=/a>        =a href="+code=store8" class="sref">store8=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=cont" class="sref">cont=/a>); 3667=/a>        =a href="+code=storebytes" class="sref">storebytes=/a>(=a href="+code=tb" class="sref">tb=/a>,3=a href="+code=authdata2" class="sref">authdata2=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3668=/a> 3669=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send=/a>(=a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM=/a>, =a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=MAX_BUF_SIZE" class="sref">MAX_BUF_SIZE=/a>); 3670=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) { 3671=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: authhmac failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3672=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3673=/a>        } 3674=/a> 3675=/a>        *=a href="+code=datalen" class="sref">datalen=/a> = =a href="+code=LOAD32" class="sref">LOAD32=/a>(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a>); 3676=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=TSS_checkhmac2" class="sref">TSS_checkhmac2=/a>(=a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a>, =a href="+code=ordinal" class="sref">ordinal=/a>, =a href="+code=nonceodd" class="sref">nonceodd=/a>, 3677=/a>                             =a href="+code=keyauth" class="sref">keyauth=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3678=/a>                             =a href="+code=blobauth" class="sref">blobauth=/a>, =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>, 3679=/a>                             sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>),3=a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a>, 3680=/a>                             *=a href="+code=datalen" class="sref">datalen=/a>, =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a> + sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>), 0, 3681=/a>                             0); 3682=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) { 3683=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: TSS_checkhmac2 failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3684=/a>                return =a href="+code=ret" class="sref">ret=/a>; 3685=/a>        } 3686=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=data" class="sref">data=/a>, =a href="+code=tb" class="sref">tb=/a>->=a href="+code=data" class="sref">data=/a> + =a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET=/a> + sizeof(=a href="+code=uint32_t" class="sref">uint32_t=/a>), *=a href="+code=datalen" class="sref">datalen=/a>); 3687=/a>        return 0; 3688=/a>} 3689=/a> 3690=/a>=spa1 class="comment">/*=/spa1  3691=/a>=spa1 class="comment"> * Have the TPM seal(encrypt) the symmetric key=/spa1  3692=/a>=spa1 class="comment"> */=/spa1  3693=/a>static int3=a href="+code=key_seal" class="sref">key_seal=/a>(struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=p" class="sref">p=/a>, 3694=/a>                    struct3=a href="+code=trusted_key_options" class="sref">trusted_key_options=/a> *=a href="+code=o" class="sref">o=/a>) 3695=/a>{ 3696=/a>        struct3=a href="+code=tpm_buf" class="sref">tpm_buf=/a>3*=a href="+code=tb" class="sref">tb=/a>; 3697=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3698=/a> 3699=/a>        =a href="+code=tb" class="sref">tb=/a> = =a href="+code=kzalloc" class="sref">kzalloc=/a>(sizeof3*=a href="+code=tb" class="sref">tb=/a>, =a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 3700=/a>        if (!=a href="+code=tb" class="sref">tb=/a>) 3701=/a>                return -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 3702=/a> 3703=/a>        =spa1 class="comment">/* include migratable flag at end of3sealed key */=/spa1  3704=/a>        =a href="+code=p" class="sref">p=/a>->=a href="+code=key" class="sref">key=/a>[=a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a>] = =a href="+code=p" class="sref">p=/a>->=a href="+code=migratable" class="sref">migratable=/a>; 3705=/a> 3706=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=tpm_seal" class="sref">tpm_seal=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=o" class="sref">o=/a>->=a href="+code=keytyp " class="sref">keytyp =/a>, =a href="+code=o" class="sref">o=/a>->=a href="+code=keyhandl " class="sref">keyhandl =/a>,3=a href="+code=o" class="sref">o=/a>->=a href="+code=keyauth" class="sref">keyauth=/a>, 3707=/a>                       =a href="+code=p" class="sref">p=/a>->=a href="+code=key" class="sref">key=/a>, =a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a> + 1, =a href="+code=p" class="sref">p=/a>->=a href="+code=blob" class="sref">blob=/a>,3&=a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a>, 3708=/a>                      3=a href="+code=o" class="sref">o=/a>->=a href="+code=blobauth" class="sref">blobauth=/a>, =a href="+code=o" class="sref">o=/a>->=a href="+code=pcrinfo" class="sref">pcrinfo=/a>, =a href="+code=o" class="sref">o=/a>->=a href="+code=pcrinfo_len" class="sref">pcrinfo_len=/a>); 3709=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3710=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: srkseal failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3711=/a> 3712=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=tb" class="sref">tb=/a>); 3713=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3714=/a>} 3715=/a> 3716=/a>=spa1 class="comment">/*=/spa1  3717=/a>=spa1 class="comment"> * Have the TPM unseal(decrypt) the symmetric key=/spa1  3718=/a>=spa1 class="comment"> */=/spa1  3719=/a>static int3=a href="+code=key_unseal" class="sref">key_unseal=/a>(struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=p" class="sref">p=/a>, 3720=/a>                      struct3=a href="+code=trusted_key_options" class="sref">trusted_key_options=/a> *=a href="+code=o" class="sref">o=/a>) 3721=/a>{ 3722=/a>        struct3=a href="+code=tpm_buf" class="sref">tpm_buf=/a>3*=a href="+code=tb" class="sref">tb=/a>; 3723=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3724=/a> 3725=/a>        =a href="+code=tb" class="sref">tb=/a> = =a href="+code=kzalloc" class="sref">kzalloc=/a>(sizeof3*=a href="+code=tb" class="sref">tb=/a>, =a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 3726=/a>        if (!=a href="+code=tb" class="sref">tb=/a>) 3727=/a>                return -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 3728=/a> 3729=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=tpm_unseal" class="sref">tpm_unseal=/a>(=a href="+code=tb" class="sref">tb=/a>, =a href="+code=o" class="sref">o=/a>->=a href="+code=keyhandl " class="sref">keyhandl =/a>,3=a href="+code=o" class="sref">o=/a>->=a href="+code=keyauth" class="sref">keyauth=/a>, =a href="+code=p" class="sref">p=/a>->=a href="+code=blob" class="sref">blob=/a>,3=a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a>, 3730=/a>                         =a href="+code=o" class="sref">o=/a>->=a href="+code=blobauth" class="sref">blobauth=/a>, =a href="+code=p" class="sref">p=/a>->=a href="+code=key" class="sref">key=/a>, &=a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a>); 3731=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3732=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: srkunseal failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3733=/a>        else 3734=/a>                =spa1 class="comment">/* pull migratable flag out of3sealed key */=/spa1  3735=/a>                =a href="+code=p" class="sref">p=/a>->=a href="+code=migratable" class="sref">migratable=/a> = =a href="+code=p" class="sref">p=/a>->=a href="+code=key" class="sref">key=/a>[--=a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a>]; 3736=/a> 3737=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=tb" class="sref">tb=/a>); 3738=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3739=/a>} 3740=/a> 3741=/a>enum { 3742=/a>        =a href="+code=Opt_err" class="sref">Opt_err=/a> = -1, 3743=/a>        =a href="+code=Opt_new" class="sref">Opt_new=/a>, =a href="+code=Opt_load" class="sref">Opt_load=/a>, =a href="+code=Opt_updat " class="sref">Opt_updat =/a>, 3744=/a>        =a href="+code=Opt_keyhandl " class="sref">Opt_keyhandl =/a>, =a href="+code=Opt_keyauth" class="sref">Opt_keyauth=/a>, =a href="+code=Opt_blobauth" class="sref">Opt_blobauth=/a>, 3745=/a>        =a href="+code=Opt_pcrinfo" class="sref">Opt_pcrinfo=/a>, =a href="+code=Opt_pcrlock" class="sref">Opt_pcrlock=/a>, =a href="+code=Opt_migratable" class="sref">Opt_migratable=/a> 3746=/a>}; 3747=/a> 3748=/a>static const =a href="+code=match_table_t" class="sref">match_table_t=/a> =a href="+code=key_tokens" class="sref">key_tokens=/a> = { 3749=/a>        {=a href="+code=Opt_new" class="sref">Opt_new=/a>, =spa1 class="string">"new"=/spa1 }, 3750=/a>        {=a href="+code=Opt_load" class="sref">Opt_load=/a>, =spa1 class="string">"load"=/spa1 }, 3751=/a>        {=a href="+code=Opt_updat " class="sref">Opt_updat =/a>, =spa1 class="string">"updat "=/spa1 }, 3752=/a>        {=a href="+code=Opt_keyhandl " class="sref">Opt_keyhandl =/a>, =spa1 class="string">"keyhandl =%s"=/spa1 }, 3753=/a>        {=a href="+code=Opt_keyauth" class="sref">Opt_keyauth=/a>, =spa1 class="string">"keyauth=%s"=/spa1 }, 3754=/a>        {=a href="+code=Opt_blobauth" class="sref">Opt_blobauth=/a>, =spa1 class="string">"blobauth=%s"=/spa1 }, 3755=/a>        {=a href="+code=Opt_pcrinfo" class="sref">Opt_pcrinfo=/a>, =spa1 class="string">"pcrinfo=%s"=/spa1 }, 3756=/a>        {=a href="+code=Opt_pcrlock" class="sref">Opt_pcrlock=/a>, =spa1 class="string">"pcrlock=%s"=/spa1 }, 3757=/a>        {=a href="+code=Opt_migratable" class="sref">Opt_migratable=/a>, =spa1 class="string">"migratable=%s"=/spa1 }, 3758=/a>        {=a href="+code=Opt_err" class="sref">Opt_err=/a>, =a href="+code=NULL" class="sref">NULL=/a>} 3759=/a>}; 3760=/a> 3761=/a>=spa1 class="comment">/* ca1 have zero or more token= options */=/spa1  3762=/a>static int3=a href="+code=getoptions" class="sref">getoptions=/a>(char3*=a href="+code=c" class="sref">c=/a>, struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=pay" class="sref">pay=/a>, 3763=/a>                      struct3=a href="+code=trusted_key_options" class="sref">trusted_key_options=/a> *=a href="+code=opt" class="sref">opt=/a>) 3764=/a>{ 3765=/a>        =a href="+code=substring_t" class="sref">substring_t=/a> =a href="+code=args" class="sref">args=/a>[=a href="+code=MAX_OPT_ARGS" class="sref">MAX_OPT_ARGS=/a>]; 3766=/a>        char3*=a href="+code=p" class="sref">p=/a> = =a href="+code=c" class="sref">c=/a>; 3767=/a>        int3=a href="+code=token" class="sref">token=/a>; 3768=/a>        int3=a href="+code=res" class="sref">res=/a>; 3769=/a>        unsigned long3=a href="+code=handl " class="sref">handl =/a>; 3770=/a>        unsigned long3=a href="+code=lock" class="sref">lock=/a>; 3771=/a> 3772=/a>        while ((=a href="+code=p" class="sref">p=/a> = =a href="+code=strsep" class="sref">strsep=/a>(&=a href="+code=c" class="sref">c=/a>, =spa1 class="string">" \t"=/spa1 ))) { 3773=/a>                if (*=a href="+code=p" class="sref">p=/a> == =spa1 class="string">'\0'=/spa1  ||3*=a href="+code=p" class="sref">p=/a> == =spa1 class="string">' '=/spa1  ||3*=a href="+code=p" class="sref">p=/a> == =spa1 class="string">'\t'=/spa1 ) 3774=/a>                        continue; 3775=/a>                =a href="+code=token" class="sref">token=/a> = =a href="+code=match_token" class="sref">match_token=/a>(=a href="+code=p" class="sref">p=/a>, =a href="+code=key_tokens" class="sref">key_tokens=/a>,3=a href="+code=args" class="sref">args=/a>); 3776=/a> 3777=/a>                switch (=a href="+code=token" class="sref">token=/a>) { 3778=/a>                case =a href="+code=Opt_pcrinfo" class="sref">Opt_pcrinfo=/a>: 3779=/a>                        =a href="+code=opt" class="sref">opt=/a>->=a href="+code=pcrinfo_len" class="sref">pcrinfo_len=/a> = =a href="+code=strlen" class="sref">strlen=/a>(=a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a>) / 2; 3780=/a>                        if (=a href="+code=opt" class="sref">opt=/a>->=a href="+code=pcrinfo_len" class="sref">pcrinfo_len=/a> > =a href="+code=MAX_PCRINFO_SIZE" class="sref">MAX_PCRINFO_SIZE=/a>) 3781=/a>                                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3782=/a>                        =a href="+code=res" class="sref">res=/a> = =a href="+code=hex2bin" class="sref">hex2bin=/a>(=a href="+code=opt" class="sref">opt=/a>->=a href="+code=pcrinfo" class="sref">pcrinfo=/a>,3=a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a>, 3783=/a>                                      =a href="+code=opt" class="sref">opt=/a>->=a href="+code=pcrinfo_len" class="sref">pcrinfo_len=/a>); 3784=/a>                        if (=a href="+code=res" class="sref">res=/a> < 0) 3785=/a>                                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3786=/a>                        break; 3787=/a>                case =a href="+code=Opt_keyhandl " class="sref">Opt_keyhandl =/a>: 3788=/a>                        =a href="+code=res" class="sref">res=/a> = =a href="+code=strict_strtoul" class="sref">strict_strtoul=/a>(=a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a>, 16, &=a href="+code=handl " class="sref">handl =/a>); 3789=/a>                        if (=a href="+code=res" class="sref">res=/a> < 0) 3790=/a>                                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3791=/a>                        =a href="+code=opt" class="sref">opt=/a>->=a href="+code=keytyp " class="sref">keytyp =/a> = =a href="+code=SEAL_keytyp " class="sref">SEAL_keytyp =/a>; 3792=/a>                        =a href="+code=opt" class="sref">opt=/a>->=a href="+code=keyhandl " class="sref">keyhandl =/a> = =a href="+code=handl " class="sref">handl =/a>; 3793=/a>                        break; 3794=/a>                case =a href="+code=Opt_keyauth" class="sref">Opt_keyauth=/a>: 3795=/a>                        if (=a href="+code=strlen" class="sref">strlen=/a>(=a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a>) != 2 * =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>) 3796=/a>                                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3797=/a>                        =a href="+code=res" class="sref">res=/a> = =a href="+code=hex2bin" class="sref">hex2bin=/a>(=a href="+code=opt" class="sref">opt=/a>->=a href="+code=keyauth" class="sref">keyauth=/a>, =a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a>, 3798=/a>                                      =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3799=/a>                        if (=a href="+code=res" class="sref">res=/a> < 0) 3800=/a>                                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3801=/a>                        break; 3802=/a>                case =a href="+code=Opt_blobauth" class="sref">Opt_blobauth=/a>: 3803=/a>                        if (=a href="+code=strlen" class="sref">strlen=/a>(=a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a>) != 2 * =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>) 3804=/a>                                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3805=/a>                        =a href="+code=res" class="sref">res=/a> = =a href="+code=hex2bin" class="sref">hex2bin=/a>(=a href="+code=opt" class="sref">opt=/a>->=a href="+code=blobauth" class="sref">blobauth=/a>, =a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a>, 3806=/a>                                      =a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE=/a>); 3807=/a>                        if (=a href="+code=res" class="sref">res=/a> < 0) 3808=/a>                      3         return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3809=/a>                        break; 3810=/a>                case =a href="+code=Opt_migratable" class="sref">Opt_migratable=/a>: 3811=/a>                        if (*=a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a> == =spa1 class="string">'0'=/spa1 ) 3812=/a>                                =a href="+code=pay" class="sref">pay=/a>->=a href="+code=migratable" class="sref">migratable=/a> = 0; 3813=/a>                        else 3814=/a>                                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3815=/a>                        break; 3816=/a>                case =a href="+code=Opt_pcrlock" class="sref">Opt_pcrlock=/a>: 3817=/a>                        =a href="+code=res" class="sref">res=/a> = =a href="+code=strict_strtoul" class="sref">strict_strtoul=/a>(=a href="+code=args" class="sref">args=/a>[0].=a href="+code=from" class="sref">from=/a>, 10, &=a href="+code=lock" class="sref">lock=/a>); 3818=/a>                      3 if (=a href="+code=res" class="sref">res=/a> < 0) 3819=/a>                                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3820=/a>                        =a href="+code=opt" class="sref">opt=/a>->=a href="+code=pcrlock" class="sref">pcrlock=/a> = =a href="+code=lock" class="sref">lock=/a>; 3821=/a>                        break; 3822=/a>                default: 3823=/a>                        return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3824=/a>                } 3825=/a>        } 3826=/a>        return 0; 3827=/a>} 3828=/a> 3829=/a>=spa1 class="comment">/*=/spa1  3830=/a>=spa1 class="comment"> * datablob_parse - parse the keyctl data and fill in the=/spa1  3831=/a>=spa1 class="comment"> *                  payload and options structures=/spa1  3832=/a>=spa1 class="comment"> *=/spa1  3833=/a>=spa1 class="comment"> * On success returns 0, otherwise -EINVAL.=/spa1  3834=/a>=spa1 class="comment"> */=/spa1  3835=/a>static int3=a href="+code=datablob_parse" class="sref">datablob_parse=/a>(char3*=a href="+code=datablob" class="sref">datablob=/a>, struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=p" class="sref">p=/a>, 3836=/a>                          struct3=a href="+code=trusted_key_options" class="sref">trusted_key_options=/a> *=a href="+code=o" class="sref">o=/a>) 3837=/a>{ 3838=/a>        =a href="+code=substring_t" class="sref">substring_t=/a> =a href="+code=args" class="sref">args=/a>[=a href="+code=MAX_OPT_ARGS" class="sref">MAX_OPT_ARGS=/a>]; 3839=/a>        long3=a href="+code=keylen" class="sref">keylen=/a>; 3840=/a>        int3=a href="+code=ret" class="sref">ret=/a> = -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3841=/a>        int3=a href="+code=key_cmd" class="sref">key_cmd=/a>; 3842=/a>        char3*=a href="+code=c" class="sref">c=/a>; 3843=/a> 3844=/a>        =spa1 class="comment">/* main command */=/spa1  3845=/a>        =a href="+code=c" class="sref">c=/a> = =a href="+code=strsep" class="sref">strsep=/a>(&=a href="+code=datablob" class="sref">datablob=/a>, =spa1 class="string">" \t"=/spa1 ); 3846=/a>        if (!=a href="+code=c" class="sref">c=/a>) 3847=/a>                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3848=/a>        =a href="+code=key_cmd" class="sref">key_cmd=/a> = =a href="+code=match_token" class="sref">match_token=/a>(=a href="+code=c" class="sref">c=/a>, =a href="+code=key_tokens" class="sref">key_tokens=/a>,3=a href="+code=args" class="sref">args=/a>); 3849=/a>        switch (=a href="+code=key_cmd" class="sref">key_cmd=/a>) { 3850=/a>        case =a href="+code=Opt_new" class="sref">Opt_new=/a>: 3851=/a>                =spa1 class="comment">/* first argument is key size */=/spa1  3852=/a>                =a href="+code=c" class="sref">c=/a> = =a href="+code=strsep" class="sref">strsep=/a>(&=a href="+code=datablob" class="sref">datablob=/a>, =spa1 class="string">" \t"=/spa1 ); 3853=/a>                if (!=a href="+code=c" class="sref">c=/a>) 3854=/a>                        return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3855=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=strict_strtol" class="sref">strict_strtol=/a>(=a href="+code=c" class="sref">c=/a>, 10, &=a href="+code=keylen" class="sref">keylen=/a>); 3856=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0 ||3=a href="+code=keylen" class="sref">keylen=/a> < =a href="+code=MIN_KEY_SIZE" class="sref">MIN_KEY_SIZE=/a> ||3=a href="+code=keylen" class="sref">keylen=/a> > =a href="+code=MAX_KEY_SIZE" class="sref">MAX_KEY_SIZE=/a>) 3857=/a>                        return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3858=/a>                =a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a> = =a href="+code=keylen" class="sref">keylen=/a>; 3859=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=getoptions" class="sref">getoptions=/a>(=a href="+code=datablob" class="sref">datablob=/a>, =a href="+code=p" class="sref">p=/a>, =a href="+code=o" class="sref">o=/a>); 3860=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3861=/a>                        return =a href="+code=ret" class="sref">ret=/a>; 3862=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=Opt_new" class="sref">Opt_new=/a>; 3863=/a>                break; 3864=/a>        case =a href="+code=Opt_load" class="sref">Opt_load=/a>: 3865=/a>                =spa1 class="comment">/* first argument is sealed blob */=/spa1  3866=/a>                =a href="+code=c" class="sref">c=/a> = =a href="+code=strsep" class="sref">strsep=/a>(&=a href="+code=datablob" class="sref">datablob=/a>, =spa1 class="string">" \t"=/spa1 ); 3867=/a>                if (!=a href="+code=c" class="sref">c=/a>) 3868=/a>                      3 return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3869=/a>                =a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a> = =a href="+code=strlen" class="sref">strlen=/a>(=a href="+code=c" class="sref">c=/a>) / 2; 3870=/a>                if (=a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a> > =a href="+code=MAX_BLOB_SIZE" class="sref">MAX_BLOB_SIZE=/a>) 3871=/a>                        return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3872=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=hex2bin" class="sref">hex2bin=/a>(=a href="+code=p" class="sref">p=/a>->=a href="+code=blob" class="sref">blob=/a>,3=a href="+code=c" class="sref">c=/a>, =a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a>); 3873=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3874=/a>                        return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3875=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=getoptions" class="sref">getoptions=/a>(=a href="+code=datablob" class="sref">datablob=/a>, =a href="+code=p" class="sref">p=/a>, =a href="+code=o" class="sref">o=/a>); 3876=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3877=/a>                        return =a href="+code=ret" class="sref">ret=/a>; 3878=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=Opt_load" class="sref">Opt_load=/a>; 3879=/a>                break; 3880=/a>        case =a href="+code=Opt_updat " class="sref">Opt_updat =/a>: 3881=/a>                =spa1 class="comment">/* all arguments are options */=/spa1  3882=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=getoptions" class="sref">getoptions=/a>(=a href="+code=datablob" class="sref">datablob=/a>, =a href="+code=p" class="sref">p=/a>, =a href="+code=o" class="sref">o=/a>); 3883=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3884=/a>                        return =a href="+code=ret" class="sref">ret=/a>; 3885=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=Opt_updat " class="sref">Opt_updat =/a>; 3886=/a>                break; 3887=/a>        case =a href="+code=Opt_err" class="sref">Opt_err=/a>: 3888=/a>                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3889=/a>                break; 3890=/a>        } 3891=/a>        return =a href="+code=ret" class="sref">ret=/a>; 3892=/a>} 3893=/a> 3894=/a>static struct3=a href="+code=trusted_key_options" class="sref">trusted_key_options=/a> *=a href="+code=trusted_options_alloc" class="sref">trusted_options_alloc=/a>(void) 3895=/a>{ 3896=/a>        struct3=a href="+code=trusted_key_options" class="sref">trusted_key_options=/a> *=a href="+code=options" class="sref">options=/a>; 3897=/a> 3898=/a>        =a href="+code=options" class="sref">options=/a> = =a href="+code=kzalloc" class="sref">kzalloc=/a>(sizeof3*=a href="+code=options" class="sref">options=/a>, =a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 3899=/a>        if (=a href="+code=options" class="sref">options=/a>) { 3900=/a>                =spa1 class="comment">/* set any non-zero defaults */=/spa1  3901=/a>                =a href="+code=options" class="sref">options=/a>->=a href="+code=keytyp " class="sref">keytyp =/a> = =a href="+code=SRK_keytyp " class="sref">SRK_keytyp =/a>; 3902=/a>                =a href="+code=options" class="sref">options=/a>->=a href="+code=keyhandl " class="sref">keyhandl =/a> = =a href="+code=SRKHANDLE" class="sref">SRKHANDLE=/a>; 3903=/a>        } 3904=/a>        return =a href="+code=options" class="sref">options=/a>; 3905=/a>} 3906=/a> 3907=/a>static struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=trusted_payload_alloc" class="sref">trusted_payload_alloc=/a>(struct3=a href="+code=key" class="sref">key=/a> *=a href="+code=key" class="sref">key=/a>) 3908=/a>{ 3909=/a>        struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=p" class="sref">p=/a> = =a href="+code=NULL" class="sref">NULL=/a>; 3910=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 3911=/a> 3912=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=key_payload_reserv " class="sref">key_payload_reserv =/a>(=a href="+code=key" class="sref">key=/a>, sizeof3*=a href="+code=p" class="sref">p=/a>); 3913=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 3914=/a>                return =a href="+code=p" class="sref">p=/a>; 3915=/a>        =a href="+code=p" class="sref">p=/a> = =a href="+code=kzalloc" class="sref">kzalloc=/a>(sizeof3*=a href="+code=p" class="sref">p=/a>, =a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 3916=/a>        if (=a href="+code=p" class="sref">p=/a>) 3917=/a>                =a href="+code=p" class="sref">p=/a>->=a href="+code=migratable" class="sref">migratable=/a> = 1; =spa1 class="comment">/* migratable by default */=/spa1  3918=/a>        return =a href="+code=p" class="sref">p=/a>; 3919=/a>} 3920=/a> 3921=/a>=spa1 class="comment">/*=/spa1  3922=/a>=spa1 class="comment"> * trusted_instantiate - create a new trusted key=/spa1  3923=/a>=spa1 class="comment"> *=/spa1  3924=/a>=spa1 class="comment"> * Unseal an existing trusted blob or, for a new key, get a=/spa1  3925=/a>=spa1 class="comment"> * random key, then seal and create a trusted key-typ  key,=/spa1  3926=/a>=spa1 class="comment"> * adding it to the specified keyring.=/spa1  3927=/a>=spa1 class="comment"> *=/spa1  3928=/a>=spa1 class="comment"> * On success, return 0. Otherwise return errno.=/spa1  3929=/a>=spa1 class="comment"> */=/spa1  3930=/a>static int3=a href="+code=trusted_instantiate" class="sref">trusted_instantiate=/a>(struct3=a href="+code=key" class="sref">key=/a> *=a href="+code=key" class="sref">key=/a>, const void3*=a href="+code=data" class="sref">data=/a>, 3931=/a>                               =a href="+code=size_t" class="sref">size_t=/a> =a href="+code=datalen" class="sref">datalen=/a>) 3932=/a>{ 3933=/a>        struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=payload" class="sref">payload=/a> = =a href="+code=NULL" class="sref">NULL=/a>; 3934=/a>        struct3=a href="+code=trusted_key_options" class="sref">trusted_key_options=/a> *=a href="+code=options" class="sref">options=/a> = =a href="+code=NULL" class="sref">NULL=/a>; 3935=/a>        char3*=a href="+code=datablob" class="sref">datablob=/a>; 3936=/a>        int3=a href="+code=ret" class="sref">ret=/a> = 0; 3937=/a>        int3=a href="+code=key_cmd" class="sref">key_cmd=/a>; 3938=/a> 3939=/a>        if (=a href="+code=datalen" class="sref">datalen=/a> <= 0 ||3=a href="+code=datalen" class="sref">datalen=/a> > 32767 ||3!=a href="+code=data" class="sref">data=/a>) 3940=/a>                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3941=/a> 3942=/a>        =a href="+code=datablob" class="sref">datablob=/a> = =a href="+code=kmalloc" class="sref">kmalloc=/a>(=a href="+code=datalen" class="sref">datalen=/a> + 1, =a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 3943=/a>        if (!=a href="+code=datablob" class="sref">datablob=/a>) 3944=/a>                return -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 3945=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=datablob" class="sref">datablob=/a>, =a href="+code=data" class="sref">data=/a>, =a href="+code=datalen" class="sref">datalen=/a>); 3946=/a>        =a href="+code=datablob" class="sref">datablob=/a>[=a href="+code=datalen" class="sref">datalen=/a>] = =spa1 class="string">'\0'=/spa1 ; 3947=/a> 3948=/a>        =a href="+code=options" class="sref">options=/a> = =a href="+code=trusted_options_alloc" class="sref">trusted_options_alloc=/a>(); 3949=/a>        if (!=a href="+code=options" class="sref">options=/a>) { 3950=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 3951=/a>                goto =a href="+code=out" class="sref">out=/a>; 3952=/a>        } 3953=/a>        =a href="+code=payload" class="sref">payload=/a> = =a href="+code=trusted_payload_alloc" class="sref">trusted_payload_alloc=/a>(=a href="+code=key" class="sref">key=/a>); 3954=/a>        if (!=a href="+code=payload" class="sref">payload=/a>) { 3955=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 3956=/a>                goto =a href="+code=out" class="sref">out=/a>; 3957=/a>        } 3958=/a> 3959=/a>        =a href="+code=key_cmd" class="sref">key_cmd=/a> = =a href="+code=datablob_parse" class="sref">datablob_parse=/a>(=a href="+code=datablob" class="sref">datablob=/a>, =a href="+code=payload" class="sref">payload=/a>, =a href="+code=options" class="sref">options=/a>); 3960=/a>        if (=a href="+code=key_cmd" class="sref">key_cmd=/a> < 0) { 3961=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=key_cmd" class="sref">key_cmd=/a>; 3962=/a>                goto =a href="+code=out" class="sref">out=/a>; 3963=/a>        } 3964=/a> 3965=/a>        =a href="+code=dump_payload" class="sref">dump_payload=/a>(=a href="+code=payload" class="sref">payload=/a>); 3966=/a>        =a href="+code=dump_options" class="sref">dump_options=/a>(=a href="+code=options" class="sref">options=/a>); 3967=/a> 3968=/a>        switch (=a href="+code=key_cmd" class="sref">key_cmd=/a>) { 3969=/a>        case =a href="+code=Opt_load" class="sref">Opt_load=/a>: 3970=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=key_unseal" class="sref">key_unseal=/a>(=a href="+code=payload" class="sref">payload=/a>, =a href="+code=options" class="sref">options=/a>); 3971=/a>                =a href="+code=dump_payload" class="sref">dump_payload=/a>(=a href="+code=payload" class="sref">payload=/a>); 3972=/a>                =a href="+code=dump_options" class="sref">dump_options=/a>(=a href="+code=options" class="sref">options=/a>); 3973=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3974=/a>                        =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: key_unseal failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3975=/a>                break; 3976=/a>        case =a href="+code=Opt_new" class="sref">Opt_new=/a>: 3977=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=my_get_random" class="sref">my_get_random=/a>(=a href="+code=payload" class="sref">payload=/a>->=a href="+code=key" class="sref">key=/a>, =a href="+code=payload" class="sref">payload=/a>->=a href="+code=key_len" class="sref">key_len=/a>); 3978=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) { 3979=/a>                        =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: key_create failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3980=/a>                        goto =a href="+code=out" class="sref">out=/a>; 3981=/a>                } 3982=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=key_seal" class="sref">key_seal=/a>(=a href="+code=payload" class="sref">payload=/a>, =a href="+code=options" class="sref">options=/a>); 3983=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) 3984=/a>                        =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: key_seal failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 3985=/a>                break; 3986=/a>        default: 3987=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 3988=/a>                goto =a href="+code=out" class="sref">out=/a>; 3989=/a>        } 3990=/a>        if (!=a href="+code=ret" class="sref">ret=/a> && =a href="+code=options" class="sref">options=/a>->=a href="+code=pcrlock" class="sref">pcrlock=/a>) 3991=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=pcrlock" class="sref">pcrlock=/a>(=a href="+code=options" class="sref">options=/a>->=a href="+code=pcrlock" class="sref">pcrlock=/a>); 3992=/a>=a href="+code=out" class="sref">out=/a>: 3993=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=datablob" class="sref">datablob=/a>); 3994=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=options" class="sref">options=/a>); 3995=/a>        if (!=a href="+code=ret" class="sref">ret=/a>) 3996=/a>                =a href="+code=rcu_assign_keypointer" class="sref">rcu_assign_keypointer=/a>(=a href="+code=key" class="sref">key=/a>, =a href="+code=payload" class="sref">payload=/a>); 3997=/a>        else 3998=/a>                =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=payload" class="sref">payload=/a>); 3999=/a>        return =a href="+code=ret" class="sref">ret=/a>; 1000=/a>} 
1001=/a> 1002=/a>static void3=a href="+code=trusted_rcu_fre " class="sref">trusted_rcu_fre =/a>(struct3=a href="+code=rcu_head" class="sref">rcu_head=/a> *=a href="+code=rcu" class="sref">rcu=/a>) 1003=/a>{ 1004=/a>        struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=p" class="sref">p=/a>; 1005=/a> 1006=/a>        =a href="+code=p" class="sref">p=/a> = =a href="+code=container_of" class="sref">container_of=/a>(=a href="+code=rcu" class="sref">rcu=/a>, struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a>, =a href="+code=rcu" class="sref">rcu=/a>); 1007=/a>        =a href="+code=memset" class="sref">memset=/a>(=a href="+code=p" class="sref">p=/a>->=a href="+code=key" class="sref">key=/a>, 0, =a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a>); 1008=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=p" class="sref">p=/a>); 1009=/a>} 1010=/a> 1011=/a>=spa1 class="comment">/*=/spa1  1012=/a>=spa1 class="comment"> * trusted_updat  - reseal an existing key with new PCR values=/spa1  1013=/a>=spa1 class="comment"> */=/spa1  1014=/a>static int3=a href="+code=trusted_updat " class="sref">trusted_updat =/a>(struct3=a href="+code=key" class="sref">key=/a> *=a href="+code=key" class="sref">key=/a>, const void3*=a href="+code=data" class="sref">data=/a>, =a href="+code=size_t" class="sref">size_t=/a> =a href="+code=datalen" class="sref">datalen=/a>) 1015=/a>{ 1016=/a>        struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=p" class="sref">p=/a> = =a href="+code=key" class="sref">key=/a>->=a href="+code=payload" class="sref">payload=/a>.=a href="+code=data" class="sref">data=/a>; 1017=/a>        struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=new_p" class="sref">new_p=/a>; 1018=/a>        struct3=a href="+code=trusted_key_options" class="sref">trusted_key_options=/a> *=a href="+code=new_o" class="sref">new_o=/a>; 1019=/a>        char3*=a href="+code=datablob" class="sref">datablob=/a>; 1020=/a>        int3=a href="+code=ret" class="sref">ret=/a> = 0; 1021=/a> 1022=/a>        if (!=a href="+code=p" class="sref">p=/a>->=a href="+code=migratable" class="sref">migratable=/a>) 1023=/a>                return -=a href="+code=EPERM" class="sref">EPERM=/a>; 1024=/a>        if (=a href="+code=datalen" class="sref">datalen=/a> <= 0 ||3=a href="+code=datalen" class="sref">datalen=/a> > 32767 ||3!=a href="+code=data" class="sref">data=/a>) 1025=/a>                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 1026=/a> 1027=/a>        =a href="+code=datablob" class="sref">datablob=/a> = =a href="+code=kmalloc" class="sref">kmalloc=/a>(=a href="+code=datalen" class="sref">datalen=/a> + 1, =a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 1028=/a>        if (!=a href="+code=datablob" class="sref">datablob=/a>) 1029=/a>                return -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 1030=/a>        =a href="+code=new_o" class="sref">new_o=/a> = =a href="+code=trusted_options_alloc" class="sref">trusted_options_alloc=/a>(); 1031=/a>        if (!=a href="+code=new_o" class="sref">new_o=/a>) { 1032=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 1033=/a>                goto =a href="+code=out" class="sref">out=/a>; 1034=/a>        } 1035=/a>        =a href="+code=new_p" class="sref">new_p=/a> = =a href="+code=trusted_payload_alloc" class="sref">trusted_payload_alloc=/a>(=a href="+code=key" class="sref">key=/a>); 1036=/a>        if (!=a href="+code=new_p" class="sref">new_p=/a>) { 1037=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 1038=/a>                goto =a href="+code=out" class="sref">out=/a>; 1039=/a>        } 1040=/a> 1041=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=datablob" class="sref">datablob=/a>, =a href="+code=data" class="sref">data=/a>, =a href="+code=datalen" class="sref">datalen=/a>); 1042=/a>        =a href="+code=datablob" class="sref">datablob=/a>[=a href="+code=datalen" class="sref">datalen=/a>] = =spa1 class="string">'\0'=/spa1 ; 1043=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=datablob_parse" class="sref">datablob_parse=/a>(=a href="+code=datablob" class="sref">datablob=/a>, =a href="+code=new_p" class="sref">new_p=/a>, =a href="+code=new_o" class="sref">new_o=/a>); 1044=/a>        if (=a href="+code=ret" class="sref">ret=/a> != =a href="+code=Opt_updat " class="sref">Opt_updat =/a>) { 1045=/a>                =a href="+code=ret" class="sref">ret=/a> = -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 1046=/a>                =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=new_p" class="sref">new_p=/a>); 1047=/a>                goto =a href="+code=out" class="sref">out=/a>; 1048=/a>        } 1049=/a>        =spa1 class="comment">/* copy old key values, and reseal with new pcrs */=/spa1  1050=/a>        =a href="+code=new_p" class="sref">new_p=/a>->=a href="+code=migratable" class="sref">migratable=/a> = =a href="+code=p" class="sref">p=/a>->=a href="+code=migratable" class="sref">migratable=/a>; 1051=/a>        =a href="+code=new_p" class="sref">new_p=/a>->=a href="+code=key_len" class="sref">key_len=/a> = =a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a>; 1052=/a>        =a href="+code=memcpy" class="sref">memcpy=/a>(=a href="+code=new_p" class="sref">new_p=/a>->=a href="+code=key" class="sref">key=/a>, =a href="+code=p" class="sref">p=/a>->=a href="+code=key" class="sref">key=/a>, =a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a>); 1053=/a>        =a href="+code=dump_payload" class="sref">dump_payload=/a>(=a href="+code=p" class="sref">p=/a>); 1054=/a>        =a href="+code=dump_payload" class="sref">dump_payload=/a>(=a href="+code=new_p" class="sref">new_p=/a>); 1055=/a> 1056=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=key_seal" class="sref">key_seal=/a>(=a href="+code=new_p" class="sref">new_p=/a>, =a href="+code=new_o" class="sref">new_o=/a>); 1057=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) { 1058=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: key_seal failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 1059=/a>                =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=new_p" class="sref">new_p=/a>); 1060=/a>                goto =a href="+code=out" class="sref">out=/a>; 1061=/a>        } 1062=/a>        if (=a href="+code=new_o" class="sref">new_o=/a>->=a href="+code=pcrlock" class="sref">pcrlock=/a>) { 1063=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=pcrlock" class="sref">pcrlock=/a>(=a href="+code=new_o" class="sref">new_o=/a>->=a href="+code=pcrlock" class="sref">pcrlock=/a>); 1064=/a>                if (=a href="+code=ret" class="sref">ret=/a> < 0) { 1065=/a>                        =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: pcrlock failed (%d)\n"=/spa1 , =a href="+code=ret" class="sref">ret=/a>); 1066=/a>                        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=new_p" class="sref">new_p=/a>); 1067=/a>                        goto =a href="+code=out" class="sref">out=/a>; 1068=/a>                } 1069=/a>        } 1070=/a>        =a href="+code=rcu_assign_keypointer" class="sref">rcu_assign_keypointer=/a>(=a href="+code=key" class="sref">key=/a>, =a href="+code=new_p" class="sref">new_p=/a>); 1071=/a>        =a href="+code=call_rcu" class="sref">call_rcu=/a>(&=a href="+code=p" class="sref">p=/a>->=a href="+code=rcu" class="sref">rcu=/a>, =a href="+code=trusted_rcu_fre " class="sref">trusted_rcu_fre =/a>); 1072=/a>=a href="+code=out" class="sref">out=/a>: 1073=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=datablob" class="sref">datablob=/a>); 1074=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=new_o" class="sref">new_o=/a>); 1075=/a>        return =a href="+code=ret" class="sref">ret=/a>; 1076=/a>} 1077=/a> 1078=/a>=spa1 class="comment">/*=/spa1  1079=/a>=spa1 class="comment"> * trusted_read - copy the sealed blob data to userspace in hex.=/spa1  1080=/a>=spa1 class="comment"> * On success, return to userspace the trusted key datablob size.=/spa1  1081=/a>=spa1 class="comment"> */=/spa1  1082=/a>static long =a href="+code=trusted_read" class="sref">trusted_read=/a>(const struct3=a href="+code=key" class="sref">key=/a> *=a href="+code=key" class="sref">key=/a>, char3=a href="+code=__user" class="sref">__user=/a> *=a href="+code=buffer" class="sref">buffer=/a>, 1083=/a>                         =a href="+code=size_t" class="sref">size_t=/a> =a href="+code=buflen" class="sref">buflen=/a>) 1084=/a>{ 1085=/a>        struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=p" class="sref">p=/a>; 1086=/a>        char3*=a href="+code=ascii_buf" class="sref">ascii_buf=/a>; 1087=/a>        char3*=a href="+code=bufp" class="sref">bufp=/a>; 1088=/a>        int3=a href="+code=i" class="sref">i=/a>; 1089=/a> 1090=/a>        =a href="+code=p" class="sref">p=/a> = =a href="+code=rcu_dereference_key" class="sref">rcu_dereference_key=/a>(=a href="+code=key" class="sref">key=/a>); 1091=/a>        if (!=a href="+code=p" class="sref">p=/a>) 1092=/a>                return -=a href="+code=EINVAL" class="sref">EINVAL=/a>; 1093=/a>        if (!=a href="+code=buffer" class="sref">buffer=/a> ||3=a href="+code=buflen" class="sref">buflen=/a> <= 0) 1094=/a>                return 2 * =a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a>; 1095=/a>        =a href="+code=ascii_buf" class="sref">ascii_buf=/a> = =a href="+code=kmalloc" class="sref">kmalloc=/a>(2 * =a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a>, =a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL=/a>); 1096=/a>        if (!=a href="+code=ascii_buf" class="sref">ascii_buf=/a>) 1097=/a>                return -=a href="+code=ENOMEM" class="sref">ENOMEM=/a>; 1098=/a> 1099=/a>        =a href="+code=bufp" class="sref">bufp=/a> = =a href="+code=ascii_buf" class="sref">ascii_buf=/a>; 1100=/a>        for (=a href="+code=i" class="sref">i=/a> = 0;3=a href="+code=i" class="sref">i=/a> < =a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a>;3=a href="+code=i" class="sref">i=/a>++) 1101=/a>                =a href="+code=bufp" class="sref">bufp=/a> = =a href="+code=hex_byte_pack" class="sref">hex_byte_pack=/a>(=a href="+code=bufp" class="sref">bufp=/a>, =a href="+code=p" class="sref">p=/a>->=a href="+code=blob" class="sref">blob=/a>[=a href="+code=i" class="sref">i=/a>]); 1102=/a>        if ((=a href="+code=copy_to_user" class="sref">copy_to_user=/a>(=a href="+code=buffer" class="sref">buffer=/a>, =a href="+code=ascii_buf" class="sref">ascii_buf=/a>, 2 * =a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a>)) != 0) { 1103=/a>                =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=ascii_buf" class="sref">ascii_buf=/a>); 1104=/a>                return -=a href="+code=EFAULT" class="sref">EFAULT=/a>; 1105=/a>        } 1106=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=ascii_buf" class="sref">ascii_buf=/a>); 1107=/a>        return 2 * =a href="+code=p" class="sref">p=/a>->=a href="+code=blob_len" class="sref">blob_len=/a>; 1108=/a>} 1109=/a> 1110=/a>=spa1 class="comment">/*=/spa1  1111=/a>=spa1 class="comment"> * trusted_destroy - before fre ing the key, clear the decrypted data=/spa1  1112=/a>=spa1 class="comment"> */=/spa1  1113=/a>static void3=a href="+code=trusted_destroy" class="sref">trusted_destroy=/a>(struct3=a href="+code=key" class="sref">key=/a> *=a href="+code=key" class="sref">key=/a>) 1114=/a>{ 1115=/a>        struct3=a href="+code=trusted_key_payload" class="sref">trusted_key_payload=/a> *=a href="+code=p" class="sref">p=/a> = =a href="+code=key" class="sref">key=/a>->=a href="+code=payload" class="sref">payload=/a>.=a href="+code=data" class="sref">data=/a>; 1116=/a> 1117=/a>        if (!=a href="+code=p" class="sref">p=/a>) 1118=/a>                return; 1119=/a>        =a href="+code=memset" class="sref">memset=/a>(=a href="+code=p" class="sref">p=/a>->=a href="+code=key" class="sref">key=/a>, 0, =a href="+code=p" class="sref">p=/a>->=a href="+code=key_len" class="sref">key_len=/a>); 1120=/a>        =a href="+code=kfre " class="sref">kfre =/a>(=a href="+code=key" class="sref">key=/a>->=a href="+code=payload" class="sref">payload=/a>.=a href="+code=data" class="sref">data=/a>); 1121=/a>} 1122=/a> 1123=/a>struct3=a href="+code=key_typ " class="sref">key_typ =/a> =a href="+code=key_typ _trusted" class="sref">key_typ _trusted=/a> = { 1124=/a>        .=a href="+code=nam " class="sref">nam =/a> = =spa1 class="string">"trusted"=/spa1 , 1125=/a>        .=a href="+code=instantiat " class="sref">instantiat =/a> = =a href="+code=trusted_instantiat " class="sref">trusted_instantiat =/a>, 1126=/a>        .=a href="+code=updat " class="sref">updat =/a> = =a href="+code=trusted_updat " class="sref">trusted_updat =/a>, 1127=/a>        .=a href="+code=match" class="sref">match=/a> = =a href="+code=user_match" class="sref">user_match=/a>, 1128=/a>        .=a href="+code=destroy" class="sref">destroy=/a> = =a href="+code=trusted_destroy" class="sref">trusted_destroy=/a>, 1129=/a>        .=a href="+code=describe" class="sref">describe=/a> = =a href="+code=user_describe" class="sref">user_describe=/a>, 1130=/a>        .=a href="+code=read" class="sref">read=/a> = =a href="+code=trusted_read" class="sref">trusted_read=/a>, 1131=/a>}; 1132=/a> 1133=/a>=a href="+code=EXPORT_SYMBOL_GPL" class="sref">EXPORT_SYMBOL_GPL=/a>(=a href="+code=key_typ _trusted" class="sref">key_typ _trusted=/a>); 1134=/a> 1135=/a>static void3=a href="+code=trusted_shash_release" class="sref">trusted_shash_release=/a>(void) 1136=/a>{ 1137=/a>        if (=a href="+code=hashalg" class="sref">hashalg=/a>) 1138=/a>                =a href="+code=crypto_fre _shash" class="sref">crypto_fre _shash=/a>(=a href="+code=hashalg" class="sref">hashalg=/a>); 1139=/a>        if (=a href="+code=hmacalg" class="sref">hmacalg=/a>) 1140=/a>                =a href="+code=crypto_fre _shash" class="sref">crypto_fre _shash=/a>(=a href="+code=hmacalg" class="sref">hmacalg=/a>); 1141=/a>} 1142=/a> 1143=/a>static int3=a href="+code=__init" class="sref">__init=/a> =a href="+code=trusted_shash_alloc" class="sref">trusted_shash_alloc=/a>(void) 1144=/a>{ 1145=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 1146=/a> 1147=/a>        =a href="+code=hmacalg" class="sref">hmacalg=/a> = =a href="+code=crypto_alloc_shash" class="sref">crypto_alloc_shash=/a>(=a href="+code=hmac_alg" class="sref">hmac_alg=/a>, 0, =a href="+code=CRYPTO_ALG_ASYNC" class="sref">CRYPTO_ALG_ASYNC=/a>); 1148=/a>        if (=a href="+code=IS_ERR" class="sref">IS_ERR=/a>(=a href="+code=hmacalg" class="sref">hmacalg=/a>)) { 1149=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: could not allocat  crypto %s\n"=/spa1 , 1150=/a>                        =a href="+code=hmac_alg" class="sref">hmac_alg=/a>); 1151=/a>                return =a href="+code=PTR_ERR" class="sref">PTR_ERR=/a>(=a href="+code=hmacalg" class="sref">hmacalg=/a>); 1152=/a>        } 1153=/a> 1154=/a>        =a href="+code=hashalg" class="sref">hashalg=/a> = =a href="+code=crypto_alloc_shash" class="sref">crypto_alloc_shash=/a>(=a href="+code=hash_alg" class="sref">hash_alg=/a>, 0, =a href="+code=CRYPTO_ALG_ASYNC" class="sref">CRYPTO_ALG_ASYNC=/a>); 1155=/a>        if (=a href="+code=IS_ERR" class="sref">IS_ERR=/a>(=a href="+code=hashalg" class="sref">hashalg=/a>)) { 1156=/a>                =a href="+code=pr_info" class="sref">pr_info=/a>(=spa1 class="string">"trusted_key: could not allocat  crypto %s\n"=/spa1 , 1157=/a>                        =a href="+code=hash_alg" class="sref">hash_alg=/a>); 1158=/a>                =a href="+code=ret" class="sref">ret=/a> = =a href="+code=PTR_ERR" class="sref">PTR_ERR=/a>(=a href="+code=hashalg" class="sref">hashalg=/a>); 1159=/a>                goto =a href="+code=hashalg_fail" class="sref">hashalg_fail=/a>; 1160=/a>        } 1161=/a> 1162=/a>        return 0; 1163=/a> 1164=/a>=a href="+code=hashalg_fail" class="sref">hashalg_fail=/a>: 1165=/a>        =a href="+code=crypto_fre _shash" class="sref">crypto_fre _shash=/a>(=a href="+code=hmacalg" class="sref">hmacalg=/a>); 1166=/a>        return =a href="+code=ret" class="sref">ret=/a>; 1167=/a>} 1168=/a> 1169=/a>static int3=a href="+code=__init" class="sref">__init=/a> =a href="+code=init_trusted" class="sref">init_trusted=/a>(void) 1170=/a>{ 1171=/a>        int3=a href="+code=ret" class="sref">ret=/a>; 1172=/a> 1173=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=trusted_shash_alloc" class="sref">trusted_shash_alloc=/a>(); 1174=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 1175=/a>                return =a href="+code=ret" class="sref">ret=/a>; 1176=/a>        =a href="+code=ret" class="sref">ret=/a> = =a href="+code=register_key_typ " class="sref">register_key_typ =/a>(&=a href="+code=key_typ _trusted" class="sref">key_typ _trusted=/a>); 1177=/a>        if (=a href="+code=ret" class="sref">ret=/a> < 0) 1178=/a>                =a href="+code=trusted_shash_release" class="sref">trusted_shash_release=/a>(); 1179=/a>        return =a href="+code=ret" class="sref">ret=/a>; 1180=/a>} 1181=/a> 1182=/a>static void3=a href="+code=__exit" class="sref">__exit=/a> =a href="+code=cleanup_trusted" class="sref">cleanup_trusted=/a>(void) 1183=/a>{ 1184=/a>        =a href="+code=trusted_shash_release" class="sref">trusted_shash_release=/a>(); 1185=/a>        =a href="+code=unregister_key_typ " class="sref">unregister_key_typ =/a>(&=a href="+code=key_typ _trusted" class="sref">key_typ _trusted=/a>); 1186=/a>} 1187=/a> 1188=/a>=a href="+code=late_initcall" class="sref">late_initcall=/a>(=a href="+code=init_trusted" class="sref">init_trusted=/a>); 1189=/a>=a href="+code=module_exit" class="sref">module_exit=/a>(=a href="+code=cleanup_trusted" class="sref">cleanup_trusted=/a>); 1190=/a> 1191=/a>=a href="+code=MODULE_LICENSE" class="sref">MODULE_LICENSE=/a>(=spa1 class="string">"GPL"=/spa1 ); 1192=/a>
lxr.linux.no kindly hosted by Redpill Linpro AS=/a>, provider of Linux consulting and operations services since 1995.