linux/security/keys/trusted.c
<<
" /spaon> /formn> a " href="../linux+v32.61/security/keys/trusted.c">" img src="../.static/gfx/right.png" alt=">>">" /spaon>" spao class="lxr_search">" " input typue=hidden" namue=navtarget" value=">" input typue=text" namue=search" ide=search">" buttiontypue=submit">Search /formn> /spaon>" spao class="lxr_prefs"n> a href="+prefs?return=security/keys/trusted.c"" onclick="return ajax_prefs();">" Prefs> /a>" /spaon> /divn> form acptio="ajax+*" method="post" onsubmit="return false;">" input typue=hidden" namue=ajax_lookup" ide=ajax_lookup" value=">" /formn>" div class="headingbottim"> div ide=search_results" class="search_results"> n> /divn> div ide=content">> div ide=file_contents"n
   1 /a> spao class="comment">/* /spaon>   2 /a> spao class="comment"> * Copyright (C) 2010 IBM Corporaptio /spaon>   3 /a> spao class="comment"> * /spaon>   4 /a> spao class="comment"> * Author: /spaon>   5 /a> spao class="comment"> * David Safford <safford@us.ibm.com> /spaon>   6 /a> spao class="comment"> * /spaon>   7 /a> spao class="comment"> * This program is free software; you cao redistribute it and/or modify /spaon>   8 /a> spao class="comment"> * it under the terms of the GNU General Public License as published by /spaon>   9 /a> spao class="comment"> * the Free Software Foundaptio, verstion2 of the License. /spaon>  .10 spao class="comment"> * /spaon>  11 /a> spao class="comment"> * See Documentaptio/security/keys-trusted-encrypted.txt /spaon>  12 /a> spao class="comment"> */ /spaon>  13 /a>>  14 /a>#include <linux/uaccess.h /a>>>  15 /a>#include <linux/module.h /a>>>  16 /a>#include <linux/init.h /a>>>  17 /a>#include <linux/slab.h /a>>>  18 /a>#include <linux/parser.h /a>>>  19 /a>#include <linux/string.h /a>>>  20 /a>#include <linux/err.h /a>>>  21 /a>#include <keys/user-typu.h /a>>>  22 /a>#include <keys/trusted-typu.h /a>>>  23 /a>#include <linux/key-typu.h /a>>>  24 /a>#include <linux/rcupdapu.h /a>>>  25 /a>#include <linux/crypto.h /a>>>  26 /a>#include <crypto/hash.h /a>>>  27 /a>#include <crypto/sha.h /a>>>  28 /a>#include <linux/capability.h /a>>>  29 /a>#include <linux/tpm.h /a>>>  30 /a>#include <linux/tpm_command.h /a>>>  31 /a>>  32 /a>#include "trusted.h /a>">  33 /a>>  34 /a>static const char  a href="+code=hmac_alg" class="sref">hmac_alg /a>[] =  spao class="string">"hmac(sha1)"  35 /a>static const char  a href="+code=hash_alg" class="sref">hash_alg /a>[] =  spao class="string">"sha1"  36 /a>>  37 /a>struct  a href="+code=sdesc" class="sref">sdesc /a> {>  38 /a>        struct  a href="+code=shash_desc" class="sref">shash_desc /a>  a href="+code=shash" class="sref">shash /a>;>  39 /a>        char  a href="+code=ctx" class="sref">ctx /a>[];>  40 /a>};>  41 /a>>  42 /a>static struct  a href="+code=crypto_shash" class="sref">crypto_shash /a> * a href="+code=hashalg" class="sref">hashalg /a>;>  43 /a>static struct  a href="+code=crypto_shash" class="sref">crypto_shash /a> * a href="+code=hmacalg" class="sref">hmacalg /a>;>  44 /a>>  45 /a>static struct  a href="+code=sdesc" class="sref">sdesc /a> * a href="+code=init_sdesc" class="sref">init_sdesc /a>(struct  a href="+code=crypto_shash" class="sref">crypto_shash /a> * a href="+code=alg" class="sref">alg /a>)>  46 /a>{>  47 /a>        struct  a href="+code=sdesc" class="sref">sdesc /a> * a href="+code=sdesc" class="sref">sdesc /a>;>  48 /a>        int  a href="+code=size" class="sref">size /a>;>  49 /a>>  50 /a>         a href="+code=size" class="sref">size /a> = sizeof(struct  a href="+code=shash_desc" class="sref">shash_desc /a>) +  a href="+code=crypto_shash_descsize" class="sref">crypto_shash_descsize /a>( a href="+code=alg" class="sref">alg /a>);>  51 /a>         a href="+code=sdesc" class="sref">sdesc /a> =  a href="+code=kmalloc" class="sref">kmalloc /a>( a href="+code=size" class="sref">size /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);>  52 /a>        if (! a href="+code=sdesc" class="sref">sdesc /a>)>  53 /a>                return  a href="+code=ERR_PTR" class="sref">ERR_PTR /a>(- a href="+code=ENOMEM" class="sref">ENOMEM /a>);>  54 /a>         a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>. a href="+code=tfm" class="sref">tfm /a> =  a href="+code=alg" class="sref">alg /a>;>  55 /a>         a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>. a href="+code=flags" class="sref">flags /a> = 0x0;>  56 /a>        return  a href="+code=sdesc" class="sref">sdesc /a>;>  57 /a>}>  58 /a>>  59 /a>static int  a href="+code=TSS_sha1" class="sref">TSS_sha1 /a>(const unsigned char * a href="+code=data" class="sref">data /a>, unsigned int  a href="+code=datalen" class="sref">datalen /a>,>  60 /a>                    unsigned char * a href="+code=digest" class="sref">digest /a>)>  61 /a>{>  62 /a>        struct  a href="+code=sdesc" class="sref">sdesc /a> * a href="+code=sdesc" class="sref">sdesc /a>;>  63 /a>        int  a href="+code=ret" class="sref">ret /a>;>  64 /a>>  65 /a>         a href="+code=sdesc" class="sref">sdesc /a> =  a href="+code=init_sdesc" class="sref">init_sdesc /a>( a href="+code=hashalg" class="sref">hashalg /a>);>  66 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>)) {>  67 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: cao't alloc %s\n"hash_alg /a>);>  68 /a>                return  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>);>  69 /a>        }>  70 /a>>  71 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_digest" class="sref">crypto_shash_digest /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=data" class="sref">data /a>,  a href="+code=datalen" class="sref">datalen /a>,  a href="+code=digest" class="sref">digest /a>);>  72 /a>         a href="+code=kfree" class="sref">kfree /a>( a href="+code=sdesc" class="sref">sdesc /a>);>  73 /a>        return  a href="+code=ret" class="sref">ret /a>;>  74 /a>}>  75 /a>>  76 /a>static int  a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac /a>(unsigned char * a href="+code=digest" class="sref">digest /a>, const unsigned char * a href="+code=key" class="sref">key /a>,>  77 /a>                       unsigned int  a href="+code=keylen" class="sref">keylen /a>, ...)>  78 /a>{>  79 /a>        struct  a href="+code=sdesc" class="sref">sdesc /a> * a href="+code=sdesc" class="sref">sdesc /a>;>  80 /a>         a href="+code=va_list" class="sref">va_list /a>  a href="+code=argp" class="sref">argp /a>;>  81 /a>        unsigned int  a href="+code=dlen" class="sref">dlen /a>;>  82 /a>        unsigned char * a href="+code=data" class="sref">data /a>;>  83 /a>        int  a href="+code=ret" class="sref">ret /a>;>  84 /a>>  85 /a>         a href="+code=sdesc" class="sref">sdesc /a> =  a href="+code=init_sdesc" class="sref">init_sdesc /a>( a href="+code=hmacalg" class="sref">hmacalg /a>);>  86 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>)) {>  87 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: cao't alloc %s\n"hmac_alg /a>);>  88 /a>                return  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>);>  89 /a>        }>  90 /a>>  91 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_setkey" class="sref">crypto_shash_setkey /a>( a href="+code=hmacalg" class="sref">hmacalg /a>,  a href="+code=key" class="sref">key /a>,  a href="+code=keylen" class="sref">keylen /a>);>  92 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)>  93 /a>                goto  a href="+code=out" class="sref">out /a>;>  94 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_init" class="sref">crypto_shash_init /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>);>  95 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)>  96 /a>                goto  a href="+code=out" class="sref">out /a>;>  97 /a>>  98 /a>         a href="+code=va_start" class="sref">va_start /a>( a href="+code=argp" class="sref">argp /a>,  a href="+code=keylen" class="sref">keylen /a>);>  99 /a>        for (;;) {> 100 /a>                 a href="+code=dlen" class="sref">dlen /a> =  a href="+code=va_arg" class="sref">va_arg /a>( a href="+code=argp" class="sref">argp /a>, unsigned int);> 101 /a>                if ( a href="+code=dlen" class="sref">dlen /a> == 0)> 102 /a>                        break;> 103 /a>                 a href="+code=data" class="sref">data /a> =  a href="+code=va_arg" class="sref">va_arg /a>( a href="+code=argp" class="sref">argp /a>, unsigned char *);> 104 /a>                if ( a href="+code=data" class="sref">data /a> ==  a href="+code=NULL" class="sref">NULL /a>) {> 105 /a>                         a href="+code=ret" class="sref">ret /a> = - a href="+code=EINVAL" class="sref">EINVAL /a>;> 106 /a>                        break;> 107 /a>                }> 108 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_updapu" class="sref">crypto_shash_updapu /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=data" class="sref">data /a>,  a href="+code=dlen" class="sref">dlen /a>);> 109 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 110 /a>                        break;> 111 /a>        }> 112 /a>         a href="+code=va_end" class="sref">va_end /a>( a href="+code=argp" class="sref">argp /a>);> 113 /a>        if (! a href="+code=ret" class="sref">ret /a>)> 114 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_final" class="sref">crypto_shash_final /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=digest" class="sref">digest /a>);> 115 /a> a href="+code=out" class="sref">out /a>:> 116 /a>         a href="+code=kfree" class="sref">kfree /a>( a href="+code=sdesc" class="sref">sdesc /a>);> 117 /a>        return  a href="+code=ret" class="sref">ret /a>;> 118 /a>}> 119 /a>> 1210 spao class="comment">/* /spaon> 121 /a> spao class="comment"> * calculapu authorizaptio info fields to send to TPM /spaon> 122 /a> spao class="comment"> */ /spaon> 123 /a>static int  a href="+code=TSS_authhmac" class="sref">TSS_authhmac /a>(unsigned char * a href="+code=digest" class="sref">digest /a>, const unsigned char * a href="+code=key" class="sref">key /a>,> 124 /a>                        unsigned int  a href="+code=keylen" class="sref">keylen /a>, unsigned char * a href="+code=h1" class="sref">h1 /a>,> 125 /a>                        unsigned char * a href="+code=h2" class="sref">h2 /a>, unsigned char  a href="+code=h3" class="sref">h3 /a>, ...)> 126 /a>{> 127 /a>        unsigned char  a href="+code=paramdigest" class="sref">paramdigest /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 128 /a>        struct  a href="+code=sdesc" class="sref">sdesc /a> * a href="+code=sdesc" class="sref">sdesc /a>;> 129 /a>        unsigned int  a href="+code=dlen" class="sref">dlen /a>;> 130 /a>        unsigned char * a href="+code=data" class="sref">data /a>;> 131 /a>        unsigned char  a href="+code=c" class="sref">c /a>;> 132 /a>        int  a href="+code=ret" class="sref">ret /a>;> 133 /a>         a href="+code=va_list" class="sref">va_list /a>  a href="+code=argp" class="sref">argp /a>;> 134 /a>> 135 /a>         a href="+code=sdesc" class="sref">sdesc /a> =  a href="+code=init_sdesc" class="sref">init_sdesc /a>( a href="+code=hashalg" class="sref">hashalg /a>);> 136 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>)) {> 137 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: cao't alloc %s\n"hash_alg /a>);> 138 /a>                return  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>);> 139 /a>        }> 140 /a>> 141 /a>         a href="+code=c" class="sref">c /a> =  a href="+code=h3" class="sref">h3 /a>;> 142 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_init" class="sref">crypto_shash_init /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>);> 143 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 144 /a>                goto  a href="+code=out" class="sref">out /a>;> 145 /a>         a href="+code=va_start" class="sref">va_start /a>( a href="+code=argp" class="sref">argp /a>,  a href="+code=h3" class="sref">h3 /a>);> 146 /a>        for (;;) {> 147 /a>                 a href="+code=dlen" class="sref">dlen /a> =  a href="+code=va_arg" class="sref">va_arg /a>( a href="+code=argp" class="sref">argp /a>, unsigned int);> 148 /a>                if ( a href="+code=dlen" class="sref">dlen /a> == 0)> 149 /a>                        break;> 150 /a>                 a href="+code=data" class="sref">data /a> =  a href="+code=va_arg" class="sref">va_arg /a>( a href="+code=argp" class="sref">argp /a>, unsigned char *);> 151 /a>                if (! a href="+code=data" class="sref">data /a>) {> 152 /a>                         a href="+code=ret" class="sref">ret /a> = - a href="+code=EINVAL" class="sref">EINVAL /a>;> 153 /a>                        break;> 154 /a>                }> 155 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_updapu" class="sref">crypto_shash_updapu /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=data" class="sref">data /a>,  a href="+code=dlen" class="sref">dlen /a>);> 156 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 157 /a>                        break;> 158 /a>        }> 159 /a>         a href="+code=va_end" class="sref">va_end /a>( a href="+code=argp" class="sref">argp /a>);> 160 /a>        if (! a href="+code=ret" class="sref">ret /a>)> 161 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_final" class="sref">crypto_shash_final /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=paramdigest" class="sref">paramdigest /a>);> 162 /a>        if (! a href="+code=ret" class="sref">ret /a>)> 163 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac /a>( a href="+code=digest" class="sref">digest /a>,  a href="+code=key" class="sref">key /a>,  a href="+code=keylen" class="sref">keylen /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 164 /a>                                   a href="+code=paramdigest" class="sref">paramdigest /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=h1" class="sref">h1 /a>,> 165 /a>                                   a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=h2" class="sref">h2 /a>, 1, & a href="+code=c" class="sref">c /a>, 0, 0);> 166 /a> a href="+code=out" class="sref">out /a>:> 167 /a>         a href="+code=kfree" class="sref">kfree /a>( a href="+code=sdesc" class="sref">sdesc /a>);> 168 /a>        return  a href="+code=ret" class="sref">ret /a>;> 169 /a>}> 170 /a>> 171 /a> spao class="comment">/* /spaon> 172 /a> spao class="comment"> * verify the AUTH1_COMMAND (Seal) result from TPM /spaon> 173 /a> spao class="comment"> */ /spaon> 174 /a>static int  a href="+code=TSS_checkhmac1" class="sref">TSS_checkhmac1 /a>(unsigned char * a href="+code=buffer" class="sref">buffer /a>,> 175 /a>                          const  a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=command" class="sref">command /a>,> 176 /a>                          const unsigned char * a href="+code=ononce" class="sref">ononce /a>,> 177 /a>                          const unsigned char * a href="+code=key" class="sref">key /a>,> 178 /a>                          unsigned int  a href="+code=keylen" class="sref">keylen /a>, ...)> 179 /a>{> 180 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=bufsize" class="sref">bufsize /a>;> 181 /a>         a href="+code=uint16_t" class="sref">uint16_t /a>  a href="+code=tag" class="sref">tag /a>;> 182 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=ordinal" class="sref">ordinal /a>;> 183 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=result" class="sref">result /a>;> 184 /a>        unsigned char * a href="+code=enonce" class="sref">enonce /a>;> 185 /a>        unsigned char * a href="+code=continueflag" class="sref">continueflag /a>;> 186 /a>        unsigned char * a href="+code=authdata" class="sref">authdata /a>;> 187 /a>        unsigned char  a href="+code=testhmac" class="sref">testhmac /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 188 /a>        unsigned char  a href="+code=paramdigest" class="sref">paramdigest /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 189 /a>        struct  a href="+code=sdesc" class="sref">sdesc /a> * a href="+code=sdesc" class="sref">sdesc /a>;> 190 /a>        unsigned int  a href="+code=dlen" class="sref">dlen /a>;> 191 /a>        unsigned int  a href="+code=dpos" class="sref">dpos /a>;> 192 /a>         a href="+code=va_list" class="sref">va_list /a>  a href="+code=argp" class="sref">argp /a>;> 193 /a>        int  a href="+code=ret" class="sref">ret /a>;> 194 /a>> 195 /a>         a href="+code=bufsize" class="sref">bufsize /a> =  a href="+code=LOAD32" class="sref">LOAD32 /a>( a href="+code=buffer" class="sref">buffer /a>,  a href="+code=TPM_SIZE_OFFSET" class="sref">TPM_SIZE_OFFSET /a>);> 196 /a>         a href="+code=tag" class="sref">tag /a> =  a href="+code=LOAD16" class="sref">LOAD16 /a>( a href="+code=buffer" class="sref">buffer /a>, 0);> 197 /a>         a href="+code=ordinal" class="sref">ordinal /a> =  a href="+code=command" class="sref">command /a>;> 198 /a>         a href="+code=result" class="sref">result /a> =  a href="+code=LOAD32N" class="sref">LOAD32N /a>( a href="+code=buffer" class="sref">buffer /a>,  a href="+code=TPM_RETURN_OFFSET" class="sref">TPM_RETURN_OFFSET /a>);> 199 /a>        if ( a href="+code=tag" class="sref">tag /a> ==  a href="+code=TPM_TAG_RSP_COMMAND" class="sref">TPM_TAG_RSP_COMMAND /a>)> 200 /a>                return 0;> 201 /a>        if ( a href="+code=tag" class="sref">tag /a> !=  a href="+code=TPM_TAG_RSP_AUTH1_COMMAND" class="sref">TPM_TAG_RSP_AUTH1_COMMAND /a>)> 202 /a>                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 203 /a>         a href="+code=authdata" class="sref">authdata /a> =  a href="+code=buffer" class="sref">buffer /a> +  a href="+code=bufsize" class="sref">bufsize /a> -  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>;> 204 /a>         a href="+code=continueflag" class="sref">continueflag /a> =  a href="+code=authdata" class="sref">authdata /a> - 1;> 205 /a>         a href="+code=enonce" class="sref">enonce /a> =  a href="+code=continueflag" class="sref">continueflag /a> -  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>;> 206 /a>> 207 /a>         a href="+code=sdesc" class="sref">sdesc /a> =  a href="+code=init_sdesc" class="sref">init_sdesc /a>( a href="+code=hashalg" class="sref">hashalg /a>);> 208 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>)) {> 209 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: cao't alloc %s\n"hash_alg /a>);> 210 /a>                return  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>);> 211 /a>        }> 212 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_init" class="sref">crypto_shash_init /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>);> 213 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 214 /a>                goto  a href="+code=out" class="sref">out /a>;> 215 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_updapu" class="sref">crypto_shash_updapu /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>, (const  a href="+code=u8" class="sref">u8 /a> *)& a href="+code=result" class="sref">result /a>,> 216 /a>                                  sizeof  a href="+code=result" class="sref">result /a>);> 217 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 218 /a>                goto  a href="+code=out" class="sref">out /a>;> 219 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_updapu" class="sref">crypto_shash_updapu /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>, (const  a href="+code=u8" class="sref">u8 /a> *)& a href="+code=ordinal" class="sref">ordinal /a>,> 220 /a>                                  sizeof  a href="+code=ordinal" class="sref">ordinal /a>);> 221 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 222 /a>                goto  a href="+code=out" class="sref">out /a>;> 223 /a>         a href="+code=va_start" class="sref">va_start /a>( a href="+code=argp" class="sref">argp /a>,  a href="+code=keylen" class="sref">keylen /a>);> 224 /a>        for (;;) {> 225 /a>                 a href="+code=dlen" class="sref">dlen /a> =  a href="+code=va_arg" class="sref">va_arg /a>( a href="+code=argp" class="sref">argp /a>, unsigned int);> 226 /a>                if ( a href="+code=dlen" class="sref">dlen /a> == 0)> 227 /a>                        break;> 228 /a>                 a href="+code=dpos" class="sref">dpos /a> =  a href="+code=va_arg" class="sref">va_arg /a>( a href="+code=argp" class="sref">argp /a>, unsigned int);> 229 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_updapu" class="sref">crypto_shash_updapu /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=buffer" class="sref">buffer /a> +  a href="+code=dpos" class="sref">dpos /a>,  a href="+code=dlen" class="sref">dlen /a>);> 230 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 231 /a>                        break;> 232 /a>        }> 233 /a>         a href="+code=va_end" class="sref">va_end /a>( a href="+code=argp" class="sref">argp /a>);> 234 /a>        if (! a href="+code=ret" class="sref">ret /a>)> 235 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_final" class="sref">crypto_shash_final /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=paramdigest" class="sref">paramdigest /a>);> 236 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 237 /a>                goto  a href="+code=out" class="sref">out /a>;> 238 /a>> 239 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac /a>( a href="+code=testhmac" class="sref">testhmac /a>,  a href="+code=key" class="sref">key /a>,  a href="+code=keylen" class="sref">keylen /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,  a href="+code=paramdigest" class="sref">paramdigest /a>,> 240 /a>                           a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=enonce" class="sref">enonce /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=ononce" class="sref">ononce /a>,> 241 /a>                          1,  a href="+code=continueflag" class="sref">continueflag /a>, 0, 0);> 242 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 243 /a>                goto  a href="+code=out" class="sref">out /a>;> 244 /a>> 245 /a>        if ( a href="+code=memcmp" class="sref">memcmp /a>( a href="+code=testhmac" class="sref">testhmac /a>,  a href="+code=authdata" class="sref">authdata /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>))> 246 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=EINVAL" class="sref">EINVAL /a>;> 247 /a> a href="+code=out" class="sref">out /a>:> 248 /a>         a href="+code=kfree" class="sref">kfree /a>( a href="+code=sdesc" class="sref">sdesc /a>);> 249 /a>        return  a href="+code=ret" class="sref">ret /a>;> 250 /a>}> 251 /a>> 252 /a> spao class="comment">/* /spaon> 253 /a> spao class="comment"> * verify the AUTH2_COMMAND (unseal) result from TPM /spaon> 254 /a> spao class="comment"> */ /spaon> 255 /a>static int  a href="+code=TSS_checkhmac2" class="sref">TSS_checkhmac2 /a>(unsigned char * a href="+code=buffer" class="sref">buffer /a>,> 256 /a>                          const  a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=command" class="sref">command /a>,> 257 /a>                          const unsigned char * a href="+code=ononce" class="sref">ononce /a>,> 258 /a>                          const unsigned char * a href="+code=key1" class="sref">key1 /a>,> 259 /a>                          unsigned int  a href="+code=keylen1" class="sref">keylen1 /a>,> 260 /a>                          const unsigned char * a href="+code=key2" class="sref">key2 /a>,> 261 /a>                          unsigned int  a href="+code=keylen2" class="sref">keylen2 /a>, ...)> 262 /a>{> 263 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=bufsize" class="sref">bufsize /a>;> 264 /a>         a href="+code=uint16_t" class="sref">uint16_t /a>  a href="+code=tag" class="sref">tag /a>;> 265 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=ordinal" class="sref">ordinal /a>;> 266 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=result" class="sref">result /a>;> 267 /a>        unsigned char * a href="+code=enonce1" class="sref">enonce1 /a>;> 268 /a>        unsigned char * a href="+code=continueflag1" class="sref">continueflag1 /a>;> 269 /a>        unsigned char * a href="+code=authdata1" class="sref">authdata1 /a>;> 270 /a>        unsigned char * a href="+code=enonce2" class="sref">enonce2 /a>;> 271 /a>        unsigned char * a href="+code=continueflag2" class="sref">continueflag2 /a>;> 272 /a>        unsigned char * a href="+code=authdata2" class="sref">authdata2 /a>;> 273 /a>        unsigned char  a href="+code=testhmac1" class="sref">testhmac1 /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 274 /a>        unsigned char  a href="+code=testhmac2" class="sref">testhmac2 /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 275 /a>        unsigned char  a href="+code=paramdigest" class="sref">paramdigest /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 276 /a>        struct  a href="+code=sdesc" class="sref">sdesc /a> * a href="+code=sdesc" class="sref">sdesc /a>;> 277 /a>        unsigned int  a href="+code=dlen" class="sref">dlen /a>;> 278 /a>        unsigned int  a href="+code=dpos" class="sref">dpos /a>;> 279 /a>         a href="+code=va_list" class="sref">va_list /a>  a href="+code=argp" class="sref">argp /a>;> 280 /a>        int  a href="+code=ret" class="sref">ret /a>;> 281 /a>> 282 /a>         a href="+code=bufsize" class="sref">bufsize /a> =  a href="+code=LOAD32" class="sref">LOAD32 /a>( a href="+code=buffer" class="sref">buffer /a>,  a href="+code=TPM_SIZE_OFFSET" class="sref">TPM_SIZE_OFFSET /a>);> 283 /a>         a href="+code=tag" class="sref">tag /a> =  a href="+code=LOAD16" class="sref">LOAD16 /a>( a href="+code=buffer" class="sref">buffer /a>, 0);> 284 /a>         a href="+code=ordinal" class="sref">ordinal /a> =  a href="+code=command" class="sref">command /a>;> 285 /a>         a href="+code=result" class="sref">result /a> =  a href="+code=LOAD32N" class="sref">LOAD32N /a>( a href="+code=buffer" class="sref">buffer /a>,  a href="+code=TPM_RETURN_OFFSET" class="sref">TPM_RETURN_OFFSET /a>);> 286 /a>> 287 /a>        if ( a href="+code=tag" class="sref">tag /a> ==  a href="+code=TPM_TAG_RSP_COMMAND" class="sref">TPM_TAG_RSP_COMMAND /a>)> 288 /a>                return 0;> 289 /a>        if ( a href="+code=tag" class="sref">tag /a> !=  a href="+code=TPM_TAG_RSP_AUTH2_COMMAND" class="sref">TPM_TAG_RSP_AUTH2_COMMAND /a>)> 290 /a>                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 291 /a>         a href="+code=authdata1" class="sref">authdata1 /a> =  a href="+code=buffer" class="sref">buffer /a> +  a href="+code=bufsize" class="sref">bufsize /a> - ( a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a> + 1> 292 /a>                        +  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a> +  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 293 /a>         a href="+code=authdata2" class="sref">authdata2 /a> =  a href="+code=buffer" class="sref">buffer /a> +  a href="+code=bufsize" class="sref">bufsize /a> - ( a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 294 /a>         a href="+code=continueflag1" class="sref">continueflag1 /a> =  a href="+code=authdata1" class="sref">authdata1 /a> - 1;> 295 /a>         a href="+code=continueflag2" class="sref">continueflag2 /a> =  a href="+code=authdata2" class="sref">authdata2 /a> - 1;> 296 /a>         a href="+code=enonce1" class="sref">enonce1 /a> =  a href="+code=continueflag1" class="sref">continueflag1 /a> -  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>;> 297 /a>         a href="+code=enonce2" class="sref">enonce2 /a> =  a href="+code=continueflag2" class="sref">continueflag2 /a> -  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>;> 298 /a>> 299 /a>         a href="+code=sdesc" class="sref">sdesc /a> =  a href="+code=init_sdesc" class="sref">init_sdesc /a>( a href="+code=hashalg" class="sref">hashalg /a>);> 300 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>)) {> 301 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: cao't alloc %s\n"hash_alg /a>);> 302 /a>                return  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=sdesc" class="sref">sdesc /a>);> 303 /a>        }> 304 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_init" class="sref">crypto_shash_init /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>);> 305 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 306 /a>                goto  a href="+code=out" class="sref">out /a>;> 307 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_updapu" class="sref">crypto_shash_updapu /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>, (const  a href="+code=u8" class="sref">u8 /a> *)& a href="+code=result" class="sref">result /a>,> 308 /a>                                  sizeof  a href="+code=result" class="sref">result /a>);> 309 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 310 /a>                goto  a href="+code=out" class="sref">out /a>;> 311 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_updapu" class="sref">crypto_shash_updapu /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>, (const  a href="+code=u8" class="sref">u8 /a> *)& a href="+code=ordinal" class="sref">ordinal /a>,> 312 /a>                                  sizeof  a href="+code=ordinal" class="sref">ordinal /a>);> 313 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 314 /a>                goto  a href="+code=out" class="sref">out /a>;> 315 /a>> 316 /a>         a href="+code=va_start" class="sref">va_start /a>( a href="+code=argp" class="sref">argp /a>,  a href="+code=keylen2" class="sref">keylen2 /a>);> 317 /a>        for (;;) {> 318 /a>                 a href="+code=dlen" class="sref">dlen /a> =  a href="+code=va_arg" class="sref">va_arg /a>( a href="+code=argp" class="sref">argp /a>, unsigned int);> 319 /a>                if ( a href="+code=dlen" class="sref">dlen /a> == 0)> 320 /a>                        break;> 321 /a>                 a href="+code=dpos" class="sref">dpos /a> =  a href="+code=va_arg" class="sref">va_arg /a>( a href="+code=argp" class="sref">argp /a>, unsigned int);> 322 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_updapu" class="sref">crypto_shash_updapu /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=buffer" class="sref">buffer /a> +  a href="+code=dpos" class="sref">dpos /a>,  a href="+code=dlen" class="sref">dlen /a>);> 323 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 324 /a>                        break;> 325 /a>        }> 326 /a>         a href="+code=va_end" class="sref">va_end /a>( a href="+code=argp" class="sref">argp /a>);> 327 /a>        if (! a href="+code=ret" class="sref">ret /a>)> 328 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=crypto_shash_final" class="sref">crypto_shash_final /a>(& a href="+code=sdesc" class="sref">sdesc /a>-> a href="+code=shash" class="sref">shash /a>,  a href="+code=paramdigest" class="sref">paramdigest /a>);> 329 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 330 /a>                goto  a href="+code=out" class="sref">out /a>;> 331 /a>> 332 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac /a>( a href="+code=testhmac1" class="sref">testhmac1 /a>,  a href="+code=key1" class="sref">key1 /a>,  a href="+code=keylen1" class="sref">keylen1 /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 333 /a>                           a href="+code=paramdigest" class="sref">paramdigest /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=enonce1" class="sref">enonce1 /a>,> 334 /a>                           a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=ononce" class="sref">ononce /a>, 1,  a href="+code=continueflag1" class="sref">continueflag1 /a>, 0, 0);> 335 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 336 /a>                goto  a href="+code=out" class="sref">out /a>;> 337 /a>        if ( a href="+code=memcmp" class="sref">memcmp /a>( a href="+code=testhmac1" class="sref">testhmac1 /a>,  a href="+code=authdata1" class="sref">authdata1 /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>)) {> 338 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=EINVAL" class="sref">EINVAL /a>;> 339 /a>                goto  a href="+code=out" class="sref">out /a>;> 340 /a>        }> 341 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac /a>( a href="+code=testhmac2" class="sref">testhmac2 /a>,  a href="+code=key2" class="sref">key2 /a>,  a href="+code=keylen2" class="sref">keylen2 /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 342 /a>                           a href="+code=paramdigest" class="sref">paramdigest /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=enonce2" class="sref">enonce2 /a>,> 343 /a>                           a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=ononce" class="sref">ononce /a>, 1,  a href="+code=continueflag2" class="sref">continueflag2 /a>, 0, 0);> 344 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 345 /a>                goto  a href="+code=out" class="sref">out /a>;> 346 /a>        if ( a href="+code=memcmp" class="sref">memcmp /a>( a href="+code=testhmac2" class="sref">testhmac2 /a>,  a href="+code=authdata2" class="sref">authdata2 /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>))> 347 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=EINVAL" class="sref">EINVAL /a>;> 348 /a> a href="+code=out" class="sref">out /a>:> 349 /a>         a href="+code=kfree" class="sref">kfree /a>( a href="+code=sdesc" class="sref">sdesc /a>);> 350 /a>        return  a href="+code=ret" class="sref">ret /a>;> 351 /a>}> 352 /a>> 353 /a> spao class="comment">/* /spaon> 354 /a> spao class="comment"> * For key specific tpm requests, we will generate and send our /spaon> 355 /a> spao class="comment"> * own TPM command packets using the drivers send function. /spaon> 356 /a> spao class="comment"> */ /spaon> 357 /a>static int  a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send /a>(const  a href="+code=u32" class="sref">u32 /a>  a href="+code=chip_num" class="sref">chip_num /a>, unsigned char * a href="+code=cmd" class="sref">cmd /a>,> 358 /a>                             a href="+code=size_t" class="sref">size_t /a>  a href="+code=buflen" class="sref">buflen /a>)> 359 /a>{> 360 /a>        int  a href="+code=rc" class="sref">rc /a>;> 361 /a>> 362 /a>         a href="+code=dump_tpm_buf" class="sref">dump_tpm_buf /a>( a href="+code=cmd" class="sref">cmd /a>);> 363 /a>         a href="+code=rc" class="sref">rc /a> =  a href="+code=tpm_send" class="sref">tpm_send /a>( a href="+code=chip_num" class="sref">chip_num /a>,  a href="+code=cmd" class="sref">cmd /a>,  a href="+code=buflen" class="sref">buflen /a>);> 364 /a>         a href="+code=dump_tpm_buf" class="sref">dump_tpm_buf /a>( a href="+code=cmd" class="sref">cmd /a>);> 365 /a>        if ( a href="+code=rc" class="sref">rc /a> > 0)> 366 /a>                 spao class="comment">/* Cao't return positive return codes values to keyctl */ /spaon> 367 /a>                 a href="+code=rc" class="sref">rc /a> = - a href="+code=EPERM" class="sref">EPERM /a>;> 368 /a>        return  a href="+code=rc" class="sref">rc /a>;> 369 /a>}> 370 /a>> 371 /a> spao class="comment">/* /spaon> 372 /a> spao class="comment"> * get a random value from TPM /spaon> 373 /a> spao class="comment"> */ /spaon> 374 /a>static int  a href="+code=tpm_get_random" class="sref">tpm_get_random /a>(struct  a href="+code=tpm_buf" class="sref">tpm_buf /a> * a href="+code=tb" class="sref">tb /a>, unsigned char * a href="+code=buf" class="sref">buf /a>,  a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=len" class="sref">len /a>)> 375 /a>{> 376 /a>        int  a href="+code=ret" class="sref">ret /a>;> 377 /a>> 378 /a>         a href="+code=INIT_BUF" class="sref">INIT_BUF /a>( a href="+code=tb" class="sref">tb /a>);> 379 /a>         a href="+code=store16" class="sref">store16 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_TAG_RQU_COMMAND" class="sref">TPM_TAG_RQU_COMMAND /a>);> 380 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_GETRANDOM_SIZE" class="sref">TPM_GETRANDOM_SIZE /a>);> 381 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_ORD_GETRANDOM" class="sref">TPM_ORD_GETRANDOM /a>);> 382 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=len" class="sref">len /a>);> 383 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send /a>( a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM /a>,  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>, sizeof  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>);> 384 /a>        if (! a href="+code=ret" class="sref">ret /a>)> 385 /a>                 a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=buf" class="sref">buf /a>,  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a> +  a href="+code=TPM_GETRANDOM_SIZE" class="sref">TPM_GETRANDOM_SIZE /a>,  a href="+code=len" class="sref">len /a>);> 386 /a>        return  a href="+code=ret" class="sref">ret /a>;> 387 /a>}> 388 /a>> 389 /a>static int  a href="+code=my_get_random" class="sref">my_get_random /a>(unsigned char * a href="+code=buf" class="sref">buf /a>, int  a href="+code=len" class="sref">len /a>)> 390 /a>{> 391 /a>        struct  a href="+code=tpm_buf" class="sref">tpm_buf /a> * a href="+code=tb" class="sref">tb /a>;> 392 /a>        int  a href="+code=ret" class="sref">ret /a>;> 393 /a>> 394 /a>         a href="+code=tb" class="sref">tb /a> =  a href="+code=kmalloc" class="sref">kmalloc /a>(sizeof * a href="+code=tb" class="sref">tb /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);> 395 /a>        if (! a href="+code=tb" class="sref">tb /a>)> 396 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;> 397 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=tpm_get_random" class="sref">tpm_get_random /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=buf" class="sref">buf /a>,  a href="+code=len" class="sref">len /a>);> 398 /a>> 399 /a>         a href="+code=kfree" class="sref">kfree /a>( a href="+code=tb" class="sref">tb /a>);> 400 /a>        return  a href="+code=ret" class="sref">ret /a>;> 401 /a>}> 402 /a>> 403 /a> spao class="comment">/* /spaon> 404 /a> spao class="comment"> * Lock a trusted key, by extending a selected PCR. /spaon> 405 /a> spao class="comment"> * /spaon> 406 /a> spao class="comment"> * Prevents a trusted key that is sealed to PCRs from being accessed. /spaon> 407 /a> spao class="comment"> * This uses the tpm driver's extend function. /spaon> 408 /a> spao class="comment"> */ /spaon> 409 /a>static int  a href="+code=pcrlock" class="sref">pcrlock /a>(const int  a href="+code=pcrnum" class="sref">pcrnum /a>)> 410 /a>{> 411 /a>        unsigned char  a href="+code=hash" class="sref">hash /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 412 /a>        int  a href="+code=ret" class="sref">ret /a>;> 413 /a>> 414 /a>        if (! a href="+code=capablu" class="sref">capablu /a>( a href="+code=CAP_SYS_ADMIN" class="sref">CAP_SYS_ADMIN /a>))> 415 /a>                return - a href="+code=EPERM" class="sref">EPERM /a>;> 416 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=my_get_random" class="sref">my_get_random /a>( a href="+code=hash" class="sref">hash /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 417 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 418 /a>                return  a href="+code=ret" class="sref">ret /a>;> 419 /a>        return  a href="+code=tpm_pcr_extend" class="sref">tpm_pcr_extend /a>( a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM /a>,  a href="+code=pcrnum" class="sref">pcrnum /a>,  a href="+code=hash" class="sref">hash /a>) ? - a href="+code=EINVAL" class="sref">EINVAL /a> : 0;> 420 /a>}> 421 /a>> 422 /a> spao class="comment">/* /spaon> 423 /a> spao class="comment"> * Create an object specific authorisation protocol (OSAP) session /spaon> 424 /a> spao class="comment"> */ /spaon> 425 /a>static int  a href="+code=osap" class="sref">osap /a>(struct  a href="+code=tpm_buf" class="sref">tpm_buf /a> * a href="+code=tb" class="sref">tb /a>, struct  a href="+code=osapsess" class="sref">osapsess /a> * a href="+code=s" class="sref">s /a>,> 426 /a>                const unsigned char * a href="+code=key" class="sref">key /a>,  a href="+code=uint16_t" class="sref">uint16_t /a>  a href="+code=typu" class="sref">typu /a>,  a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=handlu" class="sref">handlu /a>)> 427 /a>{> 428 /a>        unsigned char  a href="+code=enonce" class="sref">enonce /a>[ a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>];> 429 /a>        unsigned char  a href="+code=ononce" class="sref">ononce /a>[ a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>];> 430 /a>        int  a href="+code=ret" class="sref">ret /a>;> 431 /a>> 432 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=tpm_get_random" class="sref">tpm_get_random /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=ononce" class="sref">ononce /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 433 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 434 /a>                return  a href="+code=ret" class="sref">ret /a>;> 435 /a>> 436 /a>         a href="+code=INIT_BUF" class="sref">INIT_BUF /a>( a href="+code=tb" class="sref">tb /a>);> 437 /a>         a href="+code=store16" class="sref">store16 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_TAG_RQU_COMMAND" class="sref">TPM_TAG_RQU_COMMAND /a>);> 438 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_OSAP_SIZE" class="sref">TPM_OSAP_SIZE /a>);> 439 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_ORD_OSAP" class="sref">TPM_ORD_OSAP /a>);> 440 /a>         a href="+code=store16" class="sref">store16 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=typu" class="sref">typu /a>);> 441 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=handlu" class="sref">handlu /a>);> 442 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=ononce" class="sref">ononce /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 443 /a>> 444 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send /a>( a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM /a>,  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=MAX_BUF_SIZE" class="sref">MAX_BUF_SIZE /a>);> 445 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 446 /a>                return  a href="+code=ret" class="sref">ret /a>;> 447 /a>> 448 /a>         a href="+code=s" class="sref">s /a>-> a href="+code=handlu" class="sref">handlu /a> =  a href="+code=LOAD32" class="sref">LOAD32 /a>( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a>);> 449 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=s" class="sref">s /a>-> a href="+code=enonce" class="sref">enonce /a>, &( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>[ a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a> + sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>)]),> 450 /a>                a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 451 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=enonce" class="sref">enonce /a>, &( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>[ a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a> + sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>) +> 452 /a>                                   a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>]),  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 453 /a>        return  a href="+code=TSS_rawhmac" class="sref">TSS_rawhmac /a>( a href="+code=s" class="sref">s /a>-> a href="+code=secret" class="sref">secret /a>,  a href="+code=key" class="sref">key /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,> 454 /a>                            a href="+code=enonce" class="sref">enonce /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,  a href="+code=ononce" class="sref">ononce /a>, 0, 0);> 455 /a>}> 456 /a>> 457 /a> spao class="comment">/* /spaon> 458 /a> spao class="comment"> * Create an object independent authorisation protocol (oiap) session /spaon> 459 /a> spao class="comment"> */ /spaon> 460 /a>static int  a href="+code=oiap" class="sref">oiap /a>(struct  a href="+code=tpm_buf" class="sref">tpm_buf /a> * a href="+code=tb" class="sref">tb /a>,  a href="+code=uint32_t" class="sref">uint32_t /a> * a href="+code=handlu" class="sref">handlu /a>, unsigned char * a href="+code=nonce" class="sref">nonce /a>)> 461 /a>{> 462 /a>        int  a href="+code=ret" class="sref">ret /a>;> 463 /a>> 464 /a>         a href="+code=INIT_BUF" class="sref">INIT_BUF /a>( a href="+code=tb" class="sref">tb /a>);> 465 /a>         a href="+code=store16" class="sref">store16 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_TAG_RQU_COMMAND" class="sref">TPM_TAG_RQU_COMMAND /a>);> 466 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_OIAP_SIZE" class="sref">TPM_OIAP_SIZE /a>);> 467 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_ORD_OIAP" class="sref">TPM_ORD_OIAP /a>);> 468 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send /a>( a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM /a>,  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=MAX_BUF_SIZE" class="sref">MAX_BUF_SIZE /a>);> 469 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 470 /a>                return  a href="+code=ret" class="sref">ret /a>;> 471 /a>> 472 /a>        * a href="+code=handlu" class="sref">handlu /a> =  a href="+code=LOAD32" class="sref">LOAD32 /a>( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a>);> 473 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=nonce" class="sref">nonce /a>, & a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>[ a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a> + sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>)],> 474 /a>                a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 475 /a>        return 0;> 476 /a>}> 477 /a>> 478 /a>struct  a href="+code=tpm_digests" class="sref">tpm_digests /a> {> 479 /a>        unsigned char  a href="+code=encauth" class="sref">encauth /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 480 /a>        unsigned char  a href="+code=pubauth" class="sref">pubauth /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 481 /a>        unsigned char  a href="+code=xorwork" class="sref">xorwork /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a> * 2];> 482 /a>        unsigned char  a href="+code=xorhash" class="sref">xorhash /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 483 /a>        unsigned char  a href="+code=nonceodd" class="sref">nonceodd /a>[ a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>];> 484 /a>};> 485 /a>> 486 /a> spao class="comment">/* /spaon> 487 /a> spao class="comment"> * Have the TPM seal(encrypt) the trusted key, possibly based on /spaon> 488 /a> spao class="comment"> * Platform Configuration Registers (PCRs). AUTH1 for sealing key. /spaon> 489 /a> spao class="comment"> */ /spaon> 490 /a>static int  a href="+code=tpm_seal" class="sref">tpm_seal /a>(struct  a href="+code=tpm_buf" class="sref">tpm_buf /a> * a href="+code=tb" class="sref">tb /a>,  a href="+code=uint16_t" class="sref">uint16_t /a>  a href="+code=keytypu" class="sref">keytypu /a>,> 491 /a>                     a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=keyhandlu" class="sref">keyhandlu /a>, const unsigned char * a href="+code=keyauth" class="sref">keyauth /a>,> 492 /a>                    const unsigned char * a href="+code=data" class="sref">data /a>,  a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=datalen" class="sref">datalen /a>,> 493 /a>                    unsigned char * a href="+code=blob" class="sref">blob /a>,  a href="+code=uint32_t" class="sref">uint32_t /a> * a href="+code=bloblen" class="sref">bloblen /a>,> 494 /a>                    const unsigned char * a href="+code=blobauth" class="sref">blobauth /a>,> 495 /a>                    const unsigned char * a href="+code=pcrinfo" class="sref">pcrinfo /a>,  a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=pcrinfosize" class="sref">pcrinfosize /a>)> 496 /a>{> 497 /a>        struct  a href="+code=osapsess" class="sref">osapsess /a>  a href="+code=sess" class="sref">sess /a>;> 498 /a>        struct  a href="+code=tpm_digests" class="sref">tpm_digests /a> * a href="+code=td" class="sref">td /a>;> 499 /a>        unsigned char  a href="+code=cont" class="sref">cont /a>;> 500 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=ordinal" class="sref">ordinal /a>;> 501 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=pcrsize" class="sref">pcrsize /a>;> 502 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=datsize" class="sref">datsize /a>;> 503 /a>        int  a href="+code=sealinfosize" class="sref">sealinfosize /a>;> 504 /a>        int  a href="+code=encdatasize" class="sref">encdatasize /a>;> 505 /a>        int  a href="+code=storedsize" class="sref">storedsize /a>;> 506 /a>        int  a href="+code=ret" class="sref">ret /a>;> 507 /a>        int  a href="+code=i" class="sref">i /a>;> 508 /a>> 509 /a>         spao class="comment">/* alloc some work space for all the hashes */ /spaon> 510 /a>         a href="+code=td" class="sref">td /a> =  a href="+code=kmalloc" class="sref">kmalloc /a>(sizeof * a href="+code=td" class="sref">td /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);> 511 /a>        if (! a href="+code=td" class="sref">td /a>)> 512 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;> 513 /a>> 514 /a>         spao class="comment">/* get session for sealing key */ /spaon> 515 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=osap" class="sref">osap /a>( a href="+code=tb" class="sref">tb /a>, & a href="+code=sess" class="sref">sess /a>,  a href="+code=keyauth" class="sref">keyauth /a>,  a href="+code=keytypu" class="sref">keytypu /a>,  a href="+code=keyhandlu" class="sref">keyhandlu /a>);> 516 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 517 /a>                goto  a href="+code=out" class="sref">out /a>;> 518 /a>         a href="+code=dump_sess" class="sref">dump_sess /a>(& a href="+code=sess" class="sref">sess /a>);> 519 /a>> 520 /a>         spao class="comment">/* calculate encrypted authorization value */ /spaon> 521 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=td" class="sref">td /a>-> a href="+code=xorwork" class="sref">xorwork /a>,  a href="+code=sess" class="sref">sess /a>. a href="+code=secret" class="sref">secret /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 522 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=td" class="sref">td /a>-> a href="+code=xorwork" class="sref">xorwork /a> +  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,  a href="+code=sess" class="sref">sess /a>. a href="+code=enonce" class="sref">enonce /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 523 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_sha1" class="sref">TSS_sha1 /a>( a href="+code=td" class="sref">td /a>-> a href="+code=xorwork" class="sref">xorwork /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a> * 2,  a href="+code=td" class="sref">td /a>-> a href="+code=xorhash" class="sref">xorhash /a>);> 524 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 525 /a>                goto  a href="+code=out" class="sref">out /a>;> 526 /a>> 527 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=tpm_get_random" class="sref">tpm_get_random /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=td" class="sref">td /a>-> a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 528 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 529 /a>                goto  a href="+code=out" class="sref">out /a>;> 530 /a>         a href="+code=ordinal" class="sref">ordinal /a> =  a href="+code=htonl" class="sref">htonl /a>( a href="+code=TPM_ORD_SEAL" class="sref">TPM_ORD_SEAL /a>);> 531 /a>         a href="+code=datsize" class="sref">datsize /a> =  a href="+code=htonl" class="sref">htonl /a>( a href="+code=datalen" class="sref">datalen /a>);> 532 /a>         a href="+code=pcrsize" class="sref">pcrsize /a> =  a href="+code=htonl" class="sref">htonl /a>( a href="+code=pcrinfosize" class="sref">pcrinfosize /a>);> 533 /a>         a href="+code=cont" class="sref">cont /a> = 0;> 534 /a>> 535 /a>         spao class="comment">/* encrypt data authorization key */ /spaon> 536 /a>        for ( a href="+code=i" class="sref">i /a> = 0;  a href="+code=i" class="sref">i /a> <  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>; ++ a href="+code=i" class="sref">i /a>)> 537 /a>                 a href="+code=td" class="sref">td /a>-> a href="+code=encauth" class="sref">encauth /a>[ a href="+code=i" class="sref">i /a>] =  a href="+code=td" class="sref">td /a>-> a href="+code=xorhash" class="sref">xorhash /a>[ a href="+code=i" class="sref">i /a>] ^  a href="+code=blobauth" class="sref">blobauth /a>[ a href="+code=i" class="sref">i /a>];> 538 /a>> 539 /a>         spao class="comment">/* calculate authorization HMAC value */ /spaon> 540 /a>        if ( a href="+code=pcrinfosize" class="sref">pcrinfosize /a> == 0) {> 541 /a>                 spao class="comment">/* no pcr info specified */ /spaon> 542 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_authhmac" class="sref">TSS_authhmac /a>( a href="+code=td" class="sref">td /a>-> a href="+code=pubauth" class="sref">pubauth /a>,  a href="+code=sess" class="sref">sess /a>. a href="+code=secret" class="sref">secret /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 543 /a>                                    a href="+code=sess" class="sref">sess /a>. a href="+code=enonce" class="sref">enonce /a>,  a href="+code=td" class="sref">td /a>-> a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=cont" class="sref">cont /a>,> 544 /a>                                   sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>), & a href="+code=ordinal" class="sref">ordinal /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 545 /a>                                    a href="+code=td" class="sref">td /a>-> a href="+code=encauth" class="sref">encauth /a>, sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>), & a href="+code=pcrsize" class="sref">pcrsize /a>,> 546 /a>                                   sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>), & a href="+code=datsize" class="sref">datsize /a>,  a href="+code=datalen" class="sref">datalen /a>,  a href="+code=data" class="sref">data /a>, 0,> 547 /a>                                   0);> 548 /a>        } else {> 549 /a>                 spao class="comment">/* pcr info specified */ /spaon> 550 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_authhmac" class="sref">TSS_authhmac /a>( a href="+code=td" class="sref">td /a>-> a href="+code=pubauth" class="sref">pubauth /a>,  a href="+code=sess" class="sref">sess /a>. a href="+code=secret" class="sref">secret /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 551 /a>                                    a href="+code=sess" class="sref">sess /a>. a href="+code=enonce" class="sref">enonce /a>,  a href="+code=td" class="sref">td /a>-> a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=cont" class="sref">cont /a>,> 552 /a>                                   sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>), & a href="+code=ordinal" class="sref">ordinal /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 553 /a>                                    a href="+code=td" class="sref">td /a>-> a href="+code=encauth" class="sref">encauth /a>, sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>), & a href="+code=pcrsize" class="sref">pcrsize /a>,> 554 /a>                                    a href="+code=pcrinfosize" class="sref">pcrinfosize /a>,  a href="+code=pcrinfo" class="sref">pcrinfo /a>, sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>),> 555 /a>                                   & a href="+code=datsize" class="sref">datsize /a>,  a href="+code=datalen" class="sref">datalen /a>,  a href="+code=data" class="sref">data /a>, 0, 0);> 556 /a>        }> 557 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 558 /a>                goto  a href="+code=out" class="sref">out /a>;> 559 /a>> 560 /a>         spao class="comment">/* build and send the TPM request packet */ /spaon> 561 /a>         a href="+code=INIT_BUF" class="sref">INIT_BUF /a>( a href="+code=tb" class="sref">tb /a>);> 562 /a>         a href="+code=store16" class="sref">store16 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_TAG_RQU_AUTH1_COMMAND" class="sref">TPM_TAG_RQU_AUTH1_COMMAND /a>);> 563 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_SEAL_SIZE" class="sref">TPM_SEAL_SIZE /a> +  a href="+code=pcrinfosize" class="sref">pcrinfosize /a> +  a href="+code=datalen" class="sref">datalen /a>);> 564 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_ORD_SEAL" class="sref">TPM_ORD_SEAL /a>);> 565 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=keyhandlu" class="sref">keyhandlu /a>);> 566 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=td" class="sref">td /a>-> a href="+code=encauth" class="sref">encauth /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 567 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=pcrinfosize" class="sref">pcrinfosize /a>);> 568 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=pcrinfo" class="sref">pcrinfo /a>,  a href="+code=pcrinfosize" class="sref">pcrinfosize /a>);> 569 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=datalen" class="sref">datalen /a>);> 570 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=data" class="sref">data /a>,  a href="+code=datalen" class="sref">datalen /a>);> 571 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=sess" class="sref">sess /a>. a href="+code=handlu" class="sref">handlu /a>);> 572 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=td" class="sref">td /a>-> a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 573 /a>         a href="+code=store8" class="sref">store8 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=cont" class="sref">cont /a>);> 574 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=td" class="sref">td /a>-> a href="+code=pubauth" class="sref">pubauth /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 575 /a>> 576 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send /a>( a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM /a>,  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=MAX_BUF_SIZE" class="sref">MAX_BUF_SIZE /a>);> 577 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 578 /a>                goto  a href="+code=out" class="sref">out /a>;> 579 /a>> 580 /a>         spao class="comment">/* calculate the size of the returned Blob */ /spaon> 581 /a>         a href="+code=sealinfosize" class="sref">sealinfosize /a> =  a href="+code=LOAD32" class="sref">LOAD32 /a>( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a> + sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>));> 582 /a>         a href="+code=encdatasize" class="sref">encdatasize /a> =  a href="+code=LOAD32" class="sref">LOAD32 /a>( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a> + sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>) +> 583 /a>                             sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>) +  a href="+code=sealinfosize" class="sref">sealinfosize /a>);> 584 /a>         a href="+code=storedsize" class="sref">storedsize /a> = sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>) + sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>) +  a href="+code=sealinfosize" class="sref">sealinfosize /a> +> 585 /a>            sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>) +  a href="+code=encdatasize" class="sref">encdatasize /a>;> 586 /a>> 587 /a>         spao class="comment">/* check the HMAC in the response */ /spaon> 588 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_checkhmac1" class="sref">TSS_checkhmac1 /a>( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=ordinal" class="sref">ordinal /a>,  a href="+code=td" class="sref">td /a>-> a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=sess" class="sref">sess /a>. a href="+code=secret" class="sref">secret /a>,> 589 /a>                              a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,  a href="+code=storedsize" class="sref">storedsize /a>,  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a>, 0,> 590 /a>                             0);> 591 /a>> 592 /a>         spao class="comment">/* copy the returned blob to caller */ /spaon> 593 /a>        if (! a href="+code=ret" class="sref">ret /a>) {> 594 /a>                 a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=blob" class="sref">blob /a>,  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a> +  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a>,  a href="+code=storedsize" class="sref">storedsize /a>);> 595 /a>                * a href="+code=bloblen" class="sref">bloblen /a> =  a href="+code=storedsize" class="sref">storedsize /a>;> 596 /a>        }> 597 /a> a href="+code=out" class="sref">out /a>:> 598 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=td" class="sref">td /a>);> 599 /a>        return  a href="+code=ret" class="sref">ret /a>;> 600 /a>}> 601 /a>> 602 /a> spao class="comment">/* /spaon> 603 /a> spao class="comment"> * use the AUTH2_COMMAND form of unseal, to authorize both key and blob /spaon> 604 /a> spao class="comment"> */ /spaon> 605 /a>static int  a href="+code=tpm_unseal" class="sref">tpm_unseal /a>(struct  a href="+code=tpm_buf" class="sref">tpm_buf /a> * a href="+code=tb" class="sref">tb /a>,> 606 /a>                       a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=keyhandlu" class="sref">keyhandlu /a>, const unsigned char * a href="+code=keyauth" class="sref">keyauth /a>,> 607 /a>                      const unsigned char * a href="+code=blob" class="sref">blob /a>, int  a href="+code=bloblen" class="sref">bloblen /a>,> 608 /a>                      const unsigned char * a href="+code=blobauth" class="sref">blobauth /a>,> 609 /a>                      unsigned char * a href="+code=data" class="sref">data /a>, unsigned int * a href="+code=datalen" class="sref">datalen /a>)> 610 /a>{> 611 /a>        unsigned char  a href="+code=nonceodd" class="sref">nonceodd /a>[ a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>];> 612 /a>        unsigned char  a href="+code=enonce1" class="sref">enonce1 /a>[ a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>];> 613 /a>        unsigned char  a href="+code=enonce2" class="sref">enonce2 /a>[ a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>];> 614 /a>        unsigned char  a href="+code=authdata1" class="sref">authdata1 /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 615 /a>        unsigned char  a href="+code=authdata2" class="sref">authdata2 /a>[ a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>];> 616 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=authhandlu1" class="sref">authhandlu1 /a> = 0;> 617 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=authhandlu2" class="sref">authhandlu2 /a> = 0;> 618 /a>        unsigned char  a href="+code=cont" class="sref">cont /a> = 0;> 619 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=ordinal" class="sref">ordinal /a>;> 620 /a>         a href="+code=uint32_t" class="sref">uint32_t /a>  a href="+code=keyhndl" class="sref">keyhndl /a>;> 621 /a>        int  a href="+code=ret" class="sref">ret /a>;> 622 /a>> 623 /a>         spao class="comment">/* sessions for unsealing key and data */ /spaon> 624 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=oiap" class="sref">oiap /a>( a href="+code=tb" class="sref">tb /a>, & a href="+code=authhandlu1" class="sref">authhandlu1 /a>,  a href="+code=enonce1" class="sref">enonce1 /a>);> 625 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0) {> 626 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: oiap failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 627 /a>                return  a href="+code=ret" class="sref">ret /a>;> 628 /a>        }> 629 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=oiap" class="sref">oiap /a>( a href="+code=tb" class="sref">tb /a>, & a href="+code=authhandlu2" class="sref">authhandlu2 /a>,  a href="+code=enonce2" class="sref">enonce2 /a>);> 630 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0) {> 631 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: oiap failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 632 /a>                return  a href="+code=ret" class="sref">ret /a>;> 633 /a>        }> 634 /a>> 635 /a>         a href="+code=ordinal" class="sref">ordinal /a> =  a href="+code=htonl" class="sref">htonl /a>( a href="+code=TPM_ORD_UNSEAL" class="sref">TPM_ORD_UNSEAL /a>);> 636 /a>         a href="+code=keyhndl" class="sref">keyhndl /a> =  a href="+code=htonl" class="sref">htonl /a>( a href="+code=SRKHANDLE" class="sref">SRKHANDLE /a>);> 637 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=tpm_get_random" class="sref">tpm_get_random /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 638 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0) {> 639 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: tpm_get_random failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 640 /a>                return  a href="+code=ret" class="sref">ret /a>;> 641 /a>        }> 642 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_authhmac" class="sref">TSS_authhmac /a>( a href="+code=authdata1" class="sref">authdata1 /a>,  a href="+code=keyauth" class="sref">keyauth /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,> 643 /a>                            a href="+code=enonce1" class="sref">enonce1 /a>,  a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=cont" class="sref">cont /a>, sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>),> 644 /a>                           & a href="+code=ordinal" class="sref">ordinal /a>,  a href="+code=bloblen" class="sref">bloblen /a>,  a href="+code=blob" class="sref">blob /a>, 0, 0);> 645 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 646 /a>                return  a href="+code=ret" class="sref">ret /a>;> 647 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_authhmac" class="sref">TSS_authhmac /a>( a href="+code=authdata2" class="sref">authdata2 /a>,  a href="+code=blobauth" class="sref">blobauth /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>,> 648 /a>                            a href="+code=enonce2" class="sref">enonce2 /a>,  a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=cont" class="sref">cont /a>, sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>),> 649 /a>                           & a href="+code=ordinal" class="sref">ordinal /a>,  a href="+code=bloblen" class="sref">bloblen /a>,  a href="+code=blob" class="sref">blob /a>, 0, 0);> 650 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 651 /a>                return  a href="+code=ret" class="sref">ret /a>;> 652 /a>> 653 /a>         spao class="comment">/* build and send TPM request packet */ /spaon> 654 /a>         a href="+code=INIT_BUF" class="sref">INIT_BUF /a>( a href="+code=tb" class="sref">tb /a>);> 655 /a>         a href="+code=store16" class="sref">store16 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_TAG_RQU_AUTH2_COMMAND" class="sref">TPM_TAG_RQU_AUTH2_COMMAND /a>);> 656 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_UNSEAL_SIZE" class="sref">TPM_UNSEAL_SIZE /a> +  a href="+code=bloblen" class="sref">bloblen /a>);> 657 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=TPM_ORD_UNSEAL" class="sref">TPM_ORD_UNSEAL /a>);> 658 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=keyhandlu" class="sref">keyhandlu /a>);> 659 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=blob" class="sref">blob /a>,  a href="+code=bloblen" class="sref">bloblen /a>);> 660 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=authhandlu1" class="sref">authhandlu1 /a>);> 661 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 662 /a>         a href="+code=store8" class="sref">store8 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=cont" class="sref">cont /a>);> 663 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=authdata1" class="sref">authdata1 /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 664 /a>         a href="+code=store32" class="sref">store32 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=authhandlu2" class="sref">authhandlu2 /a>);> 665 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=nonceodd" class="sref">nonceodd /a>,  a href="+code=TPM_NONCE_SIZE" class="sref">TPM_NONCE_SIZE /a>);> 666 /a>         a href="+code=store8" class="sref">store8 /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=cont" class="sref">cont /a>);> 667 /a>         a href="+code=storebytes" class="sref">storebytes /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=authdata2" class="sref">authdata2 /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 668 /a>> 669 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=trusted_tpm_send" class="sref">trusted_tpm_send /a>( a href="+code=TPM_ANY_NUM" class="sref">TPM_ANY_NUM /a>,  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=MAX_BUF_SIZE" class="sref">MAX_BUF_SIZE /a>);> 670 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0) {> 671 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: authhmac failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 672 /a>                return  a href="+code=ret" class="sref">ret /a>;> 673 /a>        }> 674 /a>> 675 /a>        * a href="+code=datalen" class="sref">datalen /a> =  a href="+code=LOAD32" class="sref">LOAD32 /a>( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a>);> 676 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=TSS_checkhmac2" class="sref">TSS_checkhmac2 /a>( a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a>,  a href="+code=ordinal" class="sref">ordinal /a>,  a href="+code=nonceodd" class="sref">nonceodd /a>,> 677 /a>                              a href="+code=keyauth" class="sref">keyauth /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 678 /a>                              a href="+code=blobauth" class="sref">blobauth /a>,  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>,> 679 /a>                             sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>),  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a>,> 680 /a>                             * a href="+code=datalen" class="sref">datalen /a>,  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a> + sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>), 0,> 681 /a>                             0);> 682 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0) {> 683 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: TSS_checkhmac2 failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 684 /a>                return  a href="+code=ret" class="sref">ret /a>;> 685 /a>        }> 686 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=data" class="sref">data /a>,  a href="+code=tb" class="sref">tb /a>-> a href="+code=data" class="sref">data /a> +  a href="+code=TPM_DATA_OFFSET" class="sref">TPM_DATA_OFFSET /a> + sizeof( a href="+code=uint32_t" class="sref">uint32_t /a>), * a href="+code=datalen" class="sref">datalen /a>);> 687 /a>        return 0;> 688 /a>}> 689 /a>> 690 /a> spao class="comment">/* /spaon> 691 /a> spao class="comment"> * Have the TPM seal(encrypt) the symmetric key /spaon> 692 /a> spao class="comment"> */ /spaon> 693 /a>static int  a href="+code=key_seal" class="sref">key_seal /a>(struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=p" class="sref">p /a>,> 694 /a>                    struct  a href="+code=trusted_key_options" class="sref">trusted_key_options /a> * a href="+code=o" class="sref">o /a>)> 695 /a>{> 696 /a>        struct  a href="+code=tpm_buf" class="sref">tpm_buf /a> * a href="+code=tb" class="sref">tb /a>;> 697 /a>        int  a href="+code=ret" class="sref">ret /a>;> 698 /a>> 699 /a>         a href="+code=tb" class="sref">tb /a> =  a href="+code=kzalloc" class="sref">kzalloc /a>(sizeof * a href="+code=tb" class="sref">tb /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);> 700 /a>        if (! a href="+code=tb" class="sref">tb /a>)> 701 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;> 702 /a>> 703 /a>         spao class="comment">/* include migratable flag at end of sealed key */ /spaon> 704 /a>         a href="+code=p" class="sref">p /a>-> a href="+code=key" class="sref">key /a>[ a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a>] =  a href="+code=p" class="sref">p /a>-> a href="+code=migratable" class="sref">migratable /a>;> 705 /a>> 706 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=tpm_seal" class="sref">tpm_seal /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=o" class="sref">o /a>-> a href="+code=keytypu" class="sref">keytypu /a>,  a href="+code=o" class="sref">o /a>-> a href="+code=keyhandlu" class="sref">keyhandlu /a>,  a href="+code=o" class="sref">o /a>-> a href="+code=keyauth" class="sref">keyauth /a>,> 707 /a>                        a href="+code=p" class="sref">p /a>-> a href="+code=key" class="sref">key /a>,  a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a> + 1,  a href="+code=p" class="sref">p /a>-> a href="+code=blob" class="sref">blob /a>, & a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a>,> 708 /a>                        a href="+code=o" class="sref">o /a>-> a href="+code=blobauth" class="sref">blobauth /a>,  a href="+code=o" class="sref">o /a>-> a href="+code=pcrinfo" class="sref">pcrinfo /a>,  a href="+code=o" class="sref">o /a>-> a href="+code=pcrinfo_len" class="sref">pcrinfo_len /a>);> 709 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 710 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: srkseal failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 711 /a>> 712 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=tb" class="sref">tb /a>);> 713 /a>        return  a href="+code=ret" class="sref">ret /a>;> 714 /a>}> 715 /a>> 716 /a> spao class="comment">/* /spaon> 717 /a> spao class="comment"> * Have the TPM unseal(decrypt) the symmetric key /spaon> 718 /a> spao class="comment"> */ /spaon> 719 /a>static int  a href="+code=key_unseal" class="sref">key_unseal /a>(struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=p" class="sref">p /a>,> 720 /a>                      struct  a href="+code=trusted_key_options" class="sref">trusted_key_options /a> * a href="+code=o" class="sref">o /a>)> 721 /a>{> 722 /a>        struct  a href="+code=tpm_buf" class="sref">tpm_buf /a> * a href="+code=tb" class="sref">tb /a>;> 723 /a>        int  a href="+code=ret" class="sref">ret /a>;> 724 /a>> 725 /a>         a href="+code=tb" class="sref">tb /a> =  a href="+code=kzalloc" class="sref">kzalloc /a>(sizeof * a href="+code=tb" class="sref">tb /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);> 726 /a>        if (! a href="+code=tb" class="sref">tb /a>)> 727 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;> 728 /a>> 729 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=tpm_unseal" class="sref">tpm_unseal /a>( a href="+code=tb" class="sref">tb /a>,  a href="+code=o" class="sref">o /a>-> a href="+code=keyhandlu" class="sref">keyhandlu /a>,  a href="+code=o" class="sref">o /a>-> a href="+code=keyauth" class="sref">keyauth /a>,  a href="+code=p" class="sref">p /a>-> a href="+code=blob" class="sref">blob /a>,  a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a>,> 730 /a>                          a href="+code=o" class="sref">o /a>-> a href="+code=blobauth" class="sref">blobauth /a>,  a href="+code=p" class="sref">p /a>-> a href="+code=key" class="sref">key /a>, & a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a>);> 731 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 732 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: srkunseal failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 733 /a>        else> 734 /a>                 spao class="comment">/* pull migratable flag out of sealed key */ /spaon> 735 /a>                 a href="+code=p" class="sref">p /a>-> a href="+code=migratable" class="sref">migratable /a> =  a href="+code=p" class="sref">p /a>-> a href="+code=key" class="sref">key /a>[-- a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a>];> 736 /a>> 737 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=tb" class="sref">tb /a>);> 738 /a>        return  a href="+code=ret" class="sref">ret /a>;> 739 /a>}> 740 /a>> 741 /a>enum {> 742 /a>         a href="+code=Opt_err" class="sref">Opt_err /a> = -1,> 743 /a>         a href="+code=Opt_new" class="sref">Opt_new /a>,  a href="+code=Opt_load" class="sref">Opt_load /a>,  a href="+code=Opt_updatu" class="sref">Opt_updatu /a>,> 744 /a>         a href="+code=Opt_keyhandlu" class="sref">Opt_keyhandlu /a>,  a href="+code=Opt_keyauth" class="sref">Opt_keyauth /a>,  a href="+code=Opt_blobauth" class="sref">Opt_blobauth /a>,> 745 /a>         a href="+code=Opt_pcrinfo" class="sref">Opt_pcrinfo /a>,  a href="+code=Opt_pcrlock" class="sref">Opt_pcrlock /a>,  a href="+code=Opt_migratable" class="sref">Opt_migratable /a>> 746 /a>};> 747 /a>> 748 /a>static const  a href="+code=match_table_t" class="sref">match_table_t /a>  a href="+code=key_tokens" class="sref">key_tokens /a> = {> 749 /a>        { a href="+code=Opt_new" class="sref">Opt_new /a>,  spao class="string">"new" /spaon},> 750 /a>        { a href="+code=Opt_load" class="sref">Opt_load /a>,  spao class="string">"load" /spaon},> 751 /a>        { a href="+code=Opt_updatu" class="sref">Opt_updatu /a>,  spao class="string">"updatu" /spaon},> 752 /a>        { a href="+code=Opt_keyhandlu" class="sref">Opt_keyhandlu /a>,  spao class="string">"keyhandlu=%s" /spaon},> 753 /a>        { a href="+code=Opt_keyauth" class="sref">Opt_keyauth /a>,  spao class="string">"keyauth=%s" /spaon},> 754 /a>        { a href="+code=Opt_blobauth" class="sref">Opt_blobauth /a>,  spao class="string">"blobauth=%s" /spaon},> 755 /a>        { a href="+code=Opt_pcrinfo" class="sref">Opt_pcrinfo /a>,  spao class="string">"pcrinfo=%s" /spaon},> 756 /a>        { a href="+code=Opt_pcrlock" class="sref">Opt_pcrlock /a>,  spao class="string">"pcrlock=%s" /spaon},> 757 /a>        { a href="+code=Opt_migratable" class="sref">Opt_migratable /a>,  spao class="string">"migratable=%s" /spaon},> 758 /a>        { a href="+code=Opt_err" class="sref">Opt_err /a>,  a href="+code=NULL" class="sref">NULL /a>}> 759 /a>};> 760 /a>> 761 /a> spao class="comment">/* cao have zero or more token= options */ /spaon> 762 /a>static int  a href="+code=getoptions" class="sref">getoptions /a>(char * a href="+code=c" class="sref">c /a>, struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=pay" class="sref">pay /a>,> 763 /a>                      struct  a href="+code=trusted_key_options" class="sref">trusted_key_options /a> * a href="+code=opt" class="sref">opt /a>)> 764 /a>{> 765 /a>         a href="+code=substring_t" class="sref">substring_t /a>  a href="+code=args" class="sref">args /a>[ a href="+code=MAX_OPT_ARGS" class="sref">MAX_OPT_ARGS /a>];> 766 /a>        char * a href="+code=p" class="sref">p /a> =  a href="+code=c" class="sref">c /a>;> 767 /a>        int  a href="+code=token" class="sref">token /a>;> 768 /a>        int  a href="+code=res" class="sref">res /a>;> 769 /a>        unsigned long  a href="+code=handlu" class="sref">handlu /a>;> 770 /a>        unsigned long  a href="+code=lock" class="sref">lock /a>;> 771 /a>> 772 /a>        while (( a href="+code=p" class="sref">p /a> =  a href="+code=strsep" class="sref">strsep /a>(& a href="+code=c" class="sref">c /a>,  spao class="string">" \t" /spaon))) {> 773 /a>                if (* a href="+code=p" class="sref">p /a> ==  spao class="string">'\0' /spaon || * a href="+code=p" class="sref">p /a> ==  spao class="string">' ' /spaon || * a href="+code=p" class="sref">p /a> ==  spao class="string">'\t' /spaon)> 774 /a>                        continue;> 775 /a>                 a href="+code=token" class="sref">token /a> =  a href="+code=match_token" class="sref">match_token /a>( a href="+code=p" class="sref">p /a>,  a href="+code=key_tokens" class="sref">key_tokens /a>,  a href="+code=args" class="sref">args /a>);> 776 /a>> 777 /a>                switch ( a href="+code=token" class="sref">token /a>) {> 778 /a>                case  a href="+code=Opt_pcrinfo" class="sref">Opt_pcrinfo /a>:> 779 /a>                         a href="+code=opt" class="sref">opt /a>-> a href="+code=pcrinfo_len" class="sref">pcrinfo_len /a> =  a href="+code=strlen" class="sref">strlen /a>( a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a>) / 2;> 780 /a>                        if ( a href="+code=opt" class="sref">opt /a>-> a href="+code=pcrinfo_len" class="sref">pcrinfo_len /a> >  a href="+code=MAX_PCRINFO_SIZE" class="sref">MAX_PCRINFO_SIZE /a>)> 781 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 782 /a>                         a href="+code=res" class="sref">res /a> =  a href="+code=hex2bin" class="sref">hex2bin /a>( a href="+code=opt" class="sref">opt /a>-> a href="+code=pcrinfo" class="sref">pcrinfo /a>,  a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a>,> 783 /a>                                       a href="+code=opt" class="sref">opt /a>-> a href="+code=pcrinfo_len" class="sref">pcrinfo_len /a>);> 784 /a>                        if ( a href="+code=res" class="sref">res /a> < 0)> 785 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 786 /a>                        break;> 787 /a>                case  a href="+code=Opt_keyhandlu" class="sref">Opt_keyhandlu /a>:> 788 /a>                         a href="+code=res" class="sref">res /a> =  a href="+code=strict_strtoul" class="sref">strict_strtoul /a>( a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a>, 16, & a href="+code=handlu" class="sref">handlu /a>);> 789 /a>                        if ( a href="+code=res" class="sref">res /a> < 0)> 790 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 791 /a>                         a href="+code=opt" class="sref">opt /a>-> a href="+code=keytypu" class="sref">keytypu /a> =  a href="+code=SEAL_keytypu" class="sref">SEAL_keytypu /a>;> 792 /a>                         a href="+code=opt" class="sref">opt /a>-> a href="+code=keyhandlu" class="sref">keyhandlu /a> =  a href="+code=handlu" class="sref">handlu /a>;> 793 /a>                        break;> 794 /a>                case  a href="+code=Opt_keyauth" class="sref">Opt_keyauth /a>:> 795 /a>                        if ( a href="+code=strlen" class="sref">strlen /a>( a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a>) != 2 *  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>)> 796 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 797 /a>                         a href="+code=res" class="sref">res /a> =  a href="+code=hex2bin" class="sref">hex2bin /a>( a href="+code=opt" class="sref">opt /a>-> a href="+code=keyauth" class="sref">keyauth /a>,  a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a>,> 798 /a>                                       a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 799 /a>                        if ( a href="+code=res" class="sref">res /a> < 0)> 800 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 801 /a>                        break;> 802 /a>                case  a href="+code=Opt_blobauth" class="sref">Opt_blobauth /a>:> 803 /a>                        if ( a href="+code=strlen" class="sref">strlen /a>( a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a>) != 2 *  a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>)> 804 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 805 /a>                         a href="+code=res" class="sref">res /a> =  a href="+code=hex2bin" class="sref">hex2bin /a>( a href="+code=opt" class="sref">opt /a>-> a href="+code=blobauth" class="sref">blobauth /a>,  a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a>,> 806 /a>                                       a href="+code=SHA1_DIGEST_SIZE" class="sref">SHA1_DIGEST_SIZE /a>);> 807 /a>                        if ( a href="+code=res" class="sref">res /a> < 0)> 808 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 809 /a>                        break;> 810 /a>                case  a href="+code=Opt_migratable" class="sref">Opt_migratable /a>:> 811 /a>                        if (* a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a> ==  spao class="string">'0' /spaon)> 812 /a>                                 a href="+code=pay" class="sref">pay /a>-> a href="+code=migratable" class="sref">migratable /a> = 0;> 813 /a>                        else> 814 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 815 /a>                        break;> 816 /a>                case  a href="+code=Opt_pcrlock" class="sref">Opt_pcrlock /a>:> 817 /a>                         a href="+code=res" class="sref">res /a> =  a href="+code=strict_strtoul" class="sref">strict_strtoul /a>( a href="+code=args" class="sref">args /a>[0]. a href="+code=from" class="sref">from /a>, 10, & a href="+code=lock" class="sref">lock /a>);> 818 /a>                        if ( a href="+code=res" class="sref">res /a> < 0)> 819 /a>                                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 820 /a>                         a href="+code=opt" class="sref">opt /a>-> a href="+code=pcrlock" class="sref">pcrlock /a> =  a href="+code=lock" class="sref">lock /a>;> 821 /a>                        break;> 822 /a>                default:> 823 /a>                        return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 824 /a>                }> 825 /a>        }> 826 /a>        return 0;> 827 /a>}> 828 /a>> 829 /a> spao class="comment">/* /spaon> 830 /a> spao class="comment"> * datablob_parse - parse the keyctl data and fill in the /spaon> 831 /a> spao class="comment"> *                  payload and options structures /spaon> 832 /a> spao class="comment"> * /spaon> 833 /a> spao class="comment"> * On success returns 0, otherwise -EINVAL. /spaon> 834 /a> spao class="comment"> */ /spaon> 835 /a>static int  a href="+code=datablob_parse" class="sref">datablob_parse /a>(char * a href="+code=datablob" class="sref">datablob /a>, struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=p" class="sref">p /a>,> 836 /a>                          struct  a href="+code=trusted_key_options" class="sref">trusted_key_options /a> * a href="+code=o" class="sref">o /a>)> 837 /a>{> 838 /a>         a href="+code=substring_t" class="sref">substring_t /a>  a href="+code=args" class="sref">args /a>[ a href="+code=MAX_OPT_ARGS" class="sref">MAX_OPT_ARGS /a>];> 839 /a>        long  a href="+code=keylen" class="sref">keylen /a>;> 840 /a>        int  a href="+code=ret" class="sref">ret /a> = - a href="+code=EINVAL" class="sref">EINVAL /a>;> 841 /a>        int  a href="+code=key_cmd" class="sref">key_cmd /a>;> 842 /a>        char * a href="+code=c" class="sref">c /a>;> 843 /a>> 844 /a>         spao class="comment">/* main command */ /spaon> 845 /a>         a href="+code=c" class="sref">c /a> =  a href="+code=strsep" class="sref">strsep /a>(& a href="+code=datablob" class="sref">datablob /a>,  spao class="string">" \t" /spaon);> 846 /a>        if (! a href="+code=c" class="sref">c /a>)> 847 /a>                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 848 /a>         a href="+code=key_cmd" class="sref">key_cmd /a> =  a href="+code=match_token" class="sref">match_token /a>( a href="+code=c" class="sref">c /a>,  a href="+code=key_tokens" class="sref">key_tokens /a>,  a href="+code=args" class="sref">args /a>);> 849 /a>        switch ( a href="+code=key_cmd" class="sref">key_cmd /a>) {> 850 /a>        case  a href="+code=Opt_new" class="sref">Opt_new /a>:> 851 /a>                 spao class="comment">/* first argument is key size */ /spaon> 852 /a>                 a href="+code=c" class="sref">c /a> =  a href="+code=strsep" class="sref">strsep /a>(& a href="+code=datablob" class="sref">datablob /a>,  spao class="string">" \t" /spaon);> 853 /a>                if (! a href="+code=c" class="sref">c /a>)> 854 /a>                        return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 855 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=strict_strtol" class="sref">strict_strtol /a>( a href="+code=c" class="sref">c /a>, 10, & a href="+code=keylen" class="sref">keylen /a>);> 856 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0 ||  a href="+code=keylen" class="sref">keylen /a> <  a href="+code=MIN_KEY_SIZE" class="sref">MIN_KEY_SIZE /a> ||  a href="+code=keylen" class="sref">keylen /a> >  a href="+code=MAX_KEY_SIZE" class="sref">MAX_KEY_SIZE /a>)> 857 /a>                        return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 858 /a>                 a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a> =  a href="+code=keylen" class="sref">keylen /a>;> 859 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=getoptions" class="sref">getoptions /a>( a href="+code=datablob" class="sref">datablob /a>,  a href="+code=p" class="sref">p /a>,  a href="+code=o" class="sref">o /a>);> 860 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 861 /a>                        return  a href="+code=ret" class="sref">ret /a>;> 862 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=Opt_new" class="sref">Opt_new /a>;> 863 /a>                break;> 864 /a>        case  a href="+code=Opt_load" class="sref">Opt_load /a>:> 865 /a>                 spao class="comment">/* first argument is sealed blob */ /spaon> 866 /a>                 a href="+code=c" class="sref">c /a> =  a href="+code=strsep" class="sref">strsep /a>(& a href="+code=datablob" class="sref">datablob /a>,  spao class="string">" \t" /spaon);> 867 /a>                if (! a href="+code=c" class="sref">c /a>)> 868 /a>                        return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 869 /a>                 a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a> =  a href="+code=strlen" class="sref">strlen /a>( a href="+code=c" class="sref">c /a>) / 2;> 870 /a>                if ( a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a> >  a href="+code=MAX_BLOB_SIZE" class="sref">MAX_BLOB_SIZE /a>)> 871 /a>                        return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 872 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=hex2bin" class="sref">hex2bin /a>( a href="+code=p" class="sref">p /a>-> a href="+code=blob" class="sref">blob /a>,  a href="+code=c" class="sref">c /a>,  a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a>);> 873 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 874 /a>                        return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 875 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=getoptions" class="sref">getoptions /a>( a href="+code=datablob" class="sref">datablob /a>,  a href="+code=p" class="sref">p /a>,  a href="+code=o" class="sref">o /a>);> 876 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 877 /a>                        return  a href="+code=ret" class="sref">ret /a>;> 878 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=Opt_load" class="sref">Opt_load /a>;> 879 /a>                break;> 880 /a>        case  a href="+code=Opt_updatu" class="sref">Opt_updatu /a>:> 881 /a>                 spao class="comment">/* all arguments are options */ /spaon> 882 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=getoptions" class="sref">getoptions /a>( a href="+code=datablob" class="sref">datablob /a>,  a href="+code=p" class="sref">p /a>,  a href="+code=o" class="sref">o /a>);> 883 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 884 /a>                        return  a href="+code=ret" class="sref">ret /a>;> 885 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=Opt_updatu" class="sref">Opt_updatu /a>;> 886 /a>                break;> 887 /a>        case  a href="+code=Opt_err" class="sref">Opt_err /a>:> 888 /a>                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 889 /a>                break;> 890 /a>        }> 891 /a>        return  a href="+code=ret" class="sref">ret /a>;> 892 /a>}> 893 /a>> 894 /a>static struct  a href="+code=trusted_key_options" class="sref">trusted_key_options /a> * a href="+code=trusted_options_alloc" class="sref">trusted_options_alloc /a>(void)> 895 /a>{> 896 /a>        struct  a href="+code=trusted_key_options" class="sref">trusted_key_options /a> * a href="+code=options" class="sref">options /a>;> 897 /a>> 898 /a>         a href="+code=options" class="sref">options /a> =  a href="+code=kzalloc" class="sref">kzalloc /a>(sizeof * a href="+code=options" class="sref">options /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);> 899 /a>        if ( a href="+code=options" class="sref">options /a>) {> 900 /a>                 spao class="comment">/* set any non-zero defaults */ /spaon> 901 /a>                 a href="+code=options" class="sref">options /a>-> a href="+code=keytypu" class="sref">keytypu /a> =  a href="+code=SRK_keytypu" class="sref">SRK_keytypu /a>;> 902 /a>                 a href="+code=options" class="sref">options /a>-> a href="+code=keyhandlu" class="sref">keyhandlu /a> =  a href="+code=SRKHANDLE" class="sref">SRKHANDLE /a>;> 903 /a>        }> 904 /a>        return  a href="+code=options" class="sref">options /a>;> 905 /a>}> 906 /a>> 907 /a>static struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=trusted_payload_alloc" class="sref">trusted_payload_alloc /a>(struct  a href="+code=key" class="sref">key /a> * a href="+code=key" class="sref">key /a>)> 908 /a>{> 909 /a>        struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=p" class="sref">p /a> =  a href="+code=NULL" class="sref">NULL /a>;> 910 /a>        int  a href="+code=ret" class="sref">ret /a>;> 911 /a>> 912 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=key_payload_reservu" class="sref">key_payload_reservu /a>( a href="+code=key" class="sref">key /a>, sizeof * a href="+code=p" class="sref">p /a>);> 913 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)> 914 /a>                return  a href="+code=p" class="sref">p /a>;> 915 /a>         a href="+code=p" class="sref">p /a> =  a href="+code=kzalloc" class="sref">kzalloc /a>(sizeof * a href="+code=p" class="sref">p /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);> 916 /a>        if ( a href="+code=p" class="sref">p /a>)> 917 /a>                 a href="+code=p" class="sref">p /a>-> a href="+code=migratable" class="sref">migratable /a> = 1;  spao class="comment">/* migratable by default */ /spaon> 918 /a>        return  a href="+code=p" class="sref">p /a>;> 919 /a>}> 920 /a>> 921 /a> spao class="comment">/* /spaon> 922 /a> spao class="comment"> * trusted_instantiate - create a new trusted key /spaon> 923 /a> spao class="comment"> * /spaon> 924 /a> spao class="comment"> * Unseal an existing trusted blob or, for a new key, get a /spaon> 925 /a> spao class="comment"> * random key, then seal and create a trusted key-typu key, /spaon> 926 /a> spao class="comment"> * adding it to the specified keyring. /spaon> 927 /a> spao class="comment"> * /spaon> 928 /a> spao class="comment"> * On success, return 0. Otherwise return errno. /spaon> 929 /a> spao class="comment"> */ /spaon> 930 /a>static int  a href="+code=trusted_instantiate" class="sref">trusted_instantiate /a>(struct  a href="+code=key" class="sref">key /a> * a href="+code=key" class="sref">key /a>, const void * a href="+code=data" class="sref">data /a>,> 931 /a>                                a href="+code=size_t" class="sref">size_t /a>  a href="+code=datalen" class="sref">datalen /a>)> 932 /a>{> 933 /a>        struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=payload" class="sref">payload /a> =  a href="+code=NULL" class="sref">NULL /a>;> 934 /a>        struct  a href="+code=trusted_key_options" class="sref">trusted_key_options /a> * a href="+code=options" class="sref">options /a> =  a href="+code=NULL" class="sref">NULL /a>;> 935 /a>        char * a href="+code=datablob" class="sref">datablob /a>;> 936 /a>        int  a href="+code=ret" class="sref">ret /a> = 0;> 937 /a>        int  a href="+code=key_cmd" class="sref">key_cmd /a>;> 938 /a>> 939 /a>        if ( a href="+code=datalen" class="sref">datalen /a> <= 0 ||  a href="+code=datalen" class="sref">datalen /a> > 32767 || ! a href="+code=data" class="sref">data /a>)> 940 /a>                return - a href="+code=EINVAL" class="sref">EINVAL /a>;> 941 /a>> 942 /a>         a href="+code=datablob" class="sref">datablob /a> =  a href="+code=kmalloc" class="sref">kmalloc /a>( a href="+code=datalen" class="sref">datalen /a> + 1,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);> 943 /a>        if (! a href="+code=datablob" class="sref">datablob /a>)> 944 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;> 945 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=datablob" class="sref">datablob /a>,  a href="+code=data" class="sref">data /a>,  a href="+code=datalen" class="sref">datalen /a>);> 946 /a>         a href="+code=datablob" class="sref">datablob /a>[ a href="+code=datalen" class="sref">datalen /a>] =  spao class="string">'\0' /spaon;> 947 /a>> 948 /a>         a href="+code=options" class="sref">options /a> =  a href="+code=trusted_options_alloc" class="sref">trusted_options_alloc /a>();> 949 /a>        if (! a href="+code=options" class="sref">options /a>) {> 950 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=ENOMEM" class="sref">ENOMEM /a>;> 951 /a>                goto  a href="+code=out" class="sref">out /a>;> 952 /a>        }> 953 /a>         a href="+code=payload" class="sref">payload /a> =  a href="+code=trusted_payload_alloc" class="sref">trusted_payload_alloc /a>( a href="+code=key" class="sref">key /a>);> 954 /a>        if (! a href="+code=payload" class="sref">payload /a>) {> 955 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=ENOMEM" class="sref">ENOMEM /a>;> 956 /a>                goto  a href="+code=out" class="sref">out /a>;> 957 /a>        }> 958 /a>> 959 /a>         a href="+code=key_cmd" class="sref">key_cmd /a> =  a href="+code=datablob_parse" class="sref">datablob_parse /a>( a href="+code=datablob" class="sref">datablob /a>,  a href="+code=payload" class="sref">payload /a>,  a href="+code=options" class="sref">options /a>);> 960 /a>        if ( a href="+code=key_cmd" class="sref">key_cmd /a> < 0) {> 961 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=key_cmd" class="sref">key_cmd /a>;> 962 /a>                goto  a href="+code=out" class="sref">out /a>;> 963 /a>        }> 964 /a>> 965 /a>         a href="+code=dump_payload" class="sref">dump_payload /a>( a href="+code=payload" class="sref">payload /a>);> 966 /a>         a href="+code=dump_options" class="sref">dump_options /a>( a href="+code=options" class="sref">options /a>);> 967 /a>> 968 /a>        switch ( a href="+code=key_cmd" class="sref">key_cmd /a>) {> 969 /a>        case  a href="+code=Opt_load" class="sref">Opt_load /a>:> 970 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=key_unseal" class="sref">key_unseal /a>( a href="+code=payload" class="sref">payload /a>,  a href="+code=options" class="sref">options /a>);> 971 /a>                 a href="+code=dump_payload" class="sref">dump_payload /a>( a href="+code=payload" class="sref">payload /a>);> 972 /a>                 a href="+code=dump_options" class="sref">dump_options /a>( a href="+code=options" class="sref">options /a>);> 973 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 974 /a>                         a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: key_unseal failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 975 /a>                break;> 976 /a>        case  a href="+code=Opt_new" class="sref">Opt_new /a>:> 977 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=my_get_random" class="sref">my_get_random /a>( a href="+code=payload" class="sref">payload /a>-> a href="+code=key" class="sref">key /a>,  a href="+code=payload" class="sref">payload /a>-> a href="+code=key_len" class="sref">key_len /a>);> 978 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0) {> 979 /a>                         a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: key_create failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 980 /a>                        goto  a href="+code=out" class="sref">out /a>;> 981 /a>                }> 982 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=key_seal" class="sref">key_seal /a>( a href="+code=payload" class="sref">payload /a>,  a href="+code=options" class="sref">options /a>);> 983 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0)> 984 /a>                         a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: key_seal failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);> 985 /a>                break;> 986 /a>        default:> 987 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=EINVAL" class="sref">EINVAL /a>;> 988 /a>                goto  a href="+code=out" class="sref">out /a>;> 989 /a>        }> 990 /a>        if (! a href="+code=ret" class="sref">ret /a> &&  a href="+code=options" class="sref">options /a>-> a href="+code=pcrlock" class="sref">pcrlock /a>)> 991 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=pcrlock" class="sref">pcrlock /a>( a href="+code=options" class="sref">options /a>-> a href="+code=pcrlock" class="sref">pcrlock /a>);> 992 /a> a href="+code=out" class="sref">out /a>:> 993 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=datablob" class="sref">datablob /a>);> 994 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=options" class="sref">options /a>);> 995 /a>        if (! a href="+code=ret" class="sref">ret /a>)> 996 /a>                 a href="+code=rcu_assign_keypointer" class="sref">rcu_assign_keypointer /a>( a href="+code=key" class="sref">key /a>,  a href="+code=payload" class="sref">payload /a>);> 997 /a>        else> 998 /a>                 a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=payload" class="sref">payload /a>);> 999 /a>        return  a href="+code=ret" class="sref">ret /a>;>1000 /a>}>
1001 /a>>1002 /a>static void  a href="+code=trusted_rcu_freu" class="sref">trusted_rcu_freu /a>(struct  a href="+code=rcu_head" class="sref">rcu_head /a> * a href="+code=rcu" class="sref">rcu /a>)>1003 /a>{>1004 /a>        struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=p" class="sref">p /a>;>1005 /a>>1006 /a>         a href="+code=p" class="sref">p /a> =  a href="+code=container_of" class="sref">container_of /a>( a href="+code=rcu" class="sref">rcu /a>, struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a>,  a href="+code=rcu" class="sref">rcu /a>);>1007 /a>         a href="+code=memset" class="sref">memset /a>( a href="+code=p" class="sref">p /a>-> a href="+code=key" class="sref">key /a>, 0,  a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a>);>1008 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=p" class="sref">p /a>);>1009 /a>}>1010 /a>>1011 /a> spao class="comment">/* /spaon>1012 /a> spao class="comment"> * trusted_updatu - reseal an existing key with new PCR values /spaon>1013 /a> spao class="comment"> */ /spaon>1014 /a>static int  a href="+code=trusted_updatu" class="sref">trusted_updatu /a>(struct  a href="+code=key" class="sref">key /a> * a href="+code=key" class="sref">key /a>, const void * a href="+code=data" class="sref">data /a>,  a href="+code=size_t" class="sref">size_t /a>  a href="+code=datalen" class="sref">datalen /a>)>1015 /a>{>1016 /a>        struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=p" class="sref">p /a> =  a href="+code=key" class="sref">key /a>-> a href="+code=payload" class="sref">payload /a>. a href="+code=data" class="sref">data /a>;>1017 /a>        struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=new_p" class="sref">new_p /a>;>1018 /a>        struct  a href="+code=trusted_key_options" class="sref">trusted_key_options /a> * a href="+code=new_o" class="sref">new_o /a>;>1019 /a>        char * a href="+code=datablob" class="sref">datablob /a>;>1020 /a>        int  a href="+code=ret" class="sref">ret /a> = 0;>1021 /a>>1022 /a>        if (! a href="+code=p" class="sref">p /a>-> a href="+code=migratable" class="sref">migratable /a>)>1023 /a>                return - a href="+code=EPERM" class="sref">EPERM /a>;>1024 /a>        if ( a href="+code=datalen" class="sref">datalen /a> <= 0 ||  a href="+code=datalen" class="sref">datalen /a> > 32767 || ! a href="+code=data" class="sref">data /a>)>1025 /a>                return - a href="+code=EINVAL" class="sref">EINVAL /a>;>1026 /a>>1027 /a>         a href="+code=datablob" class="sref">datablob /a> =  a href="+code=kmalloc" class="sref">kmalloc /a>( a href="+code=datalen" class="sref">datalen /a> + 1,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);>1028 /a>        if (! a href="+code=datablob" class="sref">datablob /a>)>1029 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;>1030 /a>         a href="+code=new_o" class="sref">new_o /a> =  a href="+code=trusted_options_alloc" class="sref">trusted_options_alloc /a>();>1031 /a>        if (! a href="+code=new_o" class="sref">new_o /a>) {>1032 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=ENOMEM" class="sref">ENOMEM /a>;>1033 /a>                goto  a href="+code=out" class="sref">out /a>;>1034 /a>        }>1035 /a>         a href="+code=new_p" class="sref">new_p /a> =  a href="+code=trusted_payload_alloc" class="sref">trusted_payload_alloc /a>( a href="+code=key" class="sref">key /a>);>1036 /a>        if (! a href="+code=new_p" class="sref">new_p /a>) {>1037 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=ENOMEM" class="sref">ENOMEM /a>;>1038 /a>                goto  a href="+code=out" class="sref">out /a>;>1039 /a>        }>1040 /a>>1041 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=datablob" class="sref">datablob /a>,  a href="+code=data" class="sref">data /a>,  a href="+code=datalen" class="sref">datalen /a>);>1042 /a>         a href="+code=datablob" class="sref">datablob /a>[ a href="+code=datalen" class="sref">datalen /a>] =  spao class="string">'\0' /spaon;>1043 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=datablob_parse" class="sref">datablob_parse /a>( a href="+code=datablob" class="sref">datablob /a>,  a href="+code=new_p" class="sref">new_p /a>,  a href="+code=new_o" class="sref">new_o /a>);>1044 /a>        if ( a href="+code=ret" class="sref">ret /a> !=  a href="+code=Opt_updatu" class="sref">Opt_updatu /a>) {>1045 /a>                 a href="+code=ret" class="sref">ret /a> = - a href="+code=EINVAL" class="sref">EINVAL /a>;>1046 /a>                 a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=new_p" class="sref">new_p /a>);>1047 /a>                goto  a href="+code=out" class="sref">out /a>;>1048 /a>        }>1049 /a>         spao class="comment">/* copy old key values, and reseal with new pcrs */ /spaon>1050 /a>         a href="+code=new_p" class="sref">new_p /a>-> a href="+code=migratable" class="sref">migratable /a> =  a href="+code=p" class="sref">p /a>-> a href="+code=migratable" class="sref">migratable /a>;>1051 /a>         a href="+code=new_p" class="sref">new_p /a>-> a href="+code=key_len" class="sref">key_len /a> =  a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a>;>1052 /a>         a href="+code=memcpy" class="sref">memcpy /a>( a href="+code=new_p" class="sref">new_p /a>-> a href="+code=key" class="sref">key /a>,  a href="+code=p" class="sref">p /a>-> a href="+code=key" class="sref">key /a>,  a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a>);>1053 /a>         a href="+code=dump_payload" class="sref">dump_payload /a>( a href="+code=p" class="sref">p /a>);>1054 /a>         a href="+code=dump_payload" class="sref">dump_payload /a>( a href="+code=new_p" class="sref">new_p /a>);>1055 /a>>1056 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=key_seal" class="sref">key_seal /a>( a href="+code=new_p" class="sref">new_p /a>,  a href="+code=new_o" class="sref">new_o /a>);>1057 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0) {>1058 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: key_seal failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);>1059 /a>                 a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=new_p" class="sref">new_p /a>);>1060 /a>                goto  a href="+code=out" class="sref">out /a>;>1061 /a>        }>1062 /a>        if ( a href="+code=new_o" class="sref">new_o /a>-> a href="+code=pcrlock" class="sref">pcrlock /a>) {>1063 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=pcrlock" class="sref">pcrlock /a>( a href="+code=new_o" class="sref">new_o /a>-> a href="+code=pcrlock" class="sref">pcrlock /a>);>1064 /a>                if ( a href="+code=ret" class="sref">ret /a> < 0) {>1065 /a>                         a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: pcrlock failed (%d)\n" /spaon,  a href="+code=ret" class="sref">ret /a>);>1066 /a>                         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=new_p" class="sref">new_p /a>);>1067 /a>                        goto  a href="+code=out" class="sref">out /a>;>1068 /a>                }>1069 /a>        }>1070 /a>         a href="+code=rcu_assign_keypointer" class="sref">rcu_assign_keypointer /a>( a href="+code=key" class="sref">key /a>,  a href="+code=new_p" class="sref">new_p /a>);>1071 /a>         a href="+code=call_rcu" class="sref">call_rcu /a>(& a href="+code=p" class="sref">p /a>-> a href="+code=rcu" class="sref">rcu /a>,  a href="+code=trusted_rcu_freu" class="sref">trusted_rcu_freu /a>);>1072 /a> a href="+code=out" class="sref">out /a>:>1073 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=datablob" class="sref">datablob /a>);>1074 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=new_o" class="sref">new_o /a>);>1075 /a>        return  a href="+code=ret" class="sref">ret /a>;>1076 /a>}>1077 /a>>1078 /a> spao class="comment">/* /spaon>1079 /a> spao class="comment"> * trusted_read - copy the sealed blob data to userspace in hex. /spaon>1080 /a> spao class="comment"> * On success, return to userspace the trusted key datablob size. /spaon>1081 /a> spao class="comment"> */ /spaon>1082 /a>static long  a href="+code=trusted_read" class="sref">trusted_read /a>(const struct  a href="+code=key" class="sref">key /a> * a href="+code=key" class="sref">key /a>, char  a href="+code=__user" class="sref">__user /a> * a href="+code=buffer" class="sref">buffer /a>,>1083 /a>                          a href="+code=size_t" class="sref">size_t /a>  a href="+code=buflen" class="sref">buflen /a>)>1084 /a>{>1085 /a>        struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=p" class="sref">p /a>;>1086 /a>        char * a href="+code=ascii_buf" class="sref">ascii_buf /a>;>1087 /a>        char * a href="+code=bufp" class="sref">bufp /a>;>1088 /a>        int  a href="+code=i" class="sref">i /a>;>1089 /a>>1090 /a>         a href="+code=p" class="sref">p /a> =  a href="+code=rcu_dereference_key" class="sref">rcu_dereference_key /a>( a href="+code=key" class="sref">key /a>);>1091 /a>        if (! a href="+code=p" class="sref">p /a>)>1092 /a>                return - a href="+code=EINVAL" class="sref">EINVAL /a>;>1093 /a>        if (! a href="+code=buffer" class="sref">buffer /a> ||  a href="+code=buflen" class="sref">buflen /a> <= 0)>1094 /a>                return 2 *  a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a>;>1095 /a>         a href="+code=ascii_buf" class="sref">ascii_buf /a> =  a href="+code=kmalloc" class="sref">kmalloc /a>(2 *  a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);>1096 /a>        if (! a href="+code=ascii_buf" class="sref">ascii_buf /a>)>1097 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;>1098 /a>>1099 /a>         a href="+code=bufp" class="sref">bufp /a> =  a href="+code=ascii_buf" class="sref">ascii_buf /a>;>1100 /a>        for ( a href="+code=i" class="sref">i /a> = 0;  a href="+code=i" class="sref">i /a> <  a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a>;  a href="+code=i" class="sref">i /a>++)>1101 /a>                 a href="+code=bufp" class="sref">bufp /a> =  a href="+code=hex_byte_pack" class="sref">hex_byte_pack /a>( a href="+code=bufp" class="sref">bufp /a>,  a href="+code=p" class="sref">p /a>-> a href="+code=blob" class="sref">blob /a>[ a href="+code=i" class="sref">i /a>]);>1102 /a>        if (( a href="+code=copy_to_user" class="sref">copy_to_user /a>( a href="+code=buffer" class="sref">buffer /a>,  a href="+code=ascii_buf" class="sref">ascii_buf /a>, 2 *  a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a>)) != 0) {>1103 /a>                 a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=ascii_buf" class="sref">ascii_buf /a>);>1104 /a>                return - a href="+code=EFAULT" class="sref">EFAULT /a>;>1105 /a>        }>1106 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=ascii_buf" class="sref">ascii_buf /a>);>1107 /a>        return 2 *  a href="+code=p" class="sref">p /a>-> a href="+code=blob_len" class="sref">blob_len /a>;>1108 /a>}>1109 /a>>1110 /a> spao class="comment">/* /spaon>1111 /a> spao class="comment"> * trusted_destroy - before freuing the key, clear the decrypted data /spaon>1112 /a> spao class="comment"> */ /spaon>1113 /a>static void  a href="+code=trusted_destroy" class="sref">trusted_destroy /a>(struct  a href="+code=key" class="sref">key /a> * a href="+code=key" class="sref">key /a>)>1114 /a>{>1115 /a>        struct  a href="+code=trusted_key_payload" class="sref">trusted_key_payload /a> * a href="+code=p" class="sref">p /a> =  a href="+code=key" class="sref">key /a>-> a href="+code=payload" class="sref">payload /a>. a href="+code=data" class="sref">data /a>;>1116 /a>>1117 /a>        if (! a href="+code=p" class="sref">p /a>)>1118 /a>                return;>1119 /a>         a href="+code=memset" class="sref">memset /a>( a href="+code=p" class="sref">p /a>-> a href="+code=key" class="sref">key /a>, 0,  a href="+code=p" class="sref">p /a>-> a href="+code=key_len" class="sref">key_len /a>);>1120 /a>         a href="+code=kfreu" class="sref">kfreu /a>( a href="+code=key" class="sref">key /a>-> a href="+code=payload" class="sref">payload /a>. a href="+code=data" class="sref">data /a>);>1121 /a>}>1122 /a>>1123 /a>struct  a href="+code=key_typu" class="sref">key_typu /a>  a href="+code=key_typu_trusted" class="sref">key_typu_trusted /a> = {>1124 /a>        . a href="+code=namu" class="sref">namu /a> =  spao class="string">"trusted" /spaon,>1125 /a>        . a href="+code=instantiatu" class="sref">instantiatu /a> =  a href="+code=trusted_instantiatu" class="sref">trusted_instantiatu /a>,>1126 /a>        . a href="+code=updatu" class="sref">updatu /a> =  a href="+code=trusted_updatu" class="sref">trusted_updatu /a>,>1127 /a>        . a href="+code=match" class="sref">match /a> =  a href="+code=user_match" class="sref">user_match /a>,>1128 /a>        . a href="+code=destroy" class="sref">destroy /a> =  a href="+code=trusted_destroy" class="sref">trusted_destroy /a>,>1129 /a>        . a href="+code=describe" class="sref">describe /a> =  a href="+code=user_describe" class="sref">user_describe /a>,>1130 /a>        . a href="+code=read" class="sref">read /a> =  a href="+code=trusted_read" class="sref">trusted_read /a>,>1131 /a>};>1132 /a>>1133 /a> a href="+code=EXPORT_SYMBOL_GPL" class="sref">EXPORT_SYMBOL_GPL /a>( a href="+code=key_typu_trusted" class="sref">key_typu_trusted /a>);>1134 /a>>1135 /a>static void  a href="+code=trusted_shash_release" class="sref">trusted_shash_release /a>(void)>1136 /a>{>1137 /a>        if ( a href="+code=hashalg" class="sref">hashalg /a>)>1138 /a>                 a href="+code=crypto_freu_shash" class="sref">crypto_freu_shash /a>( a href="+code=hashalg" class="sref">hashalg /a>);>1139 /a>        if ( a href="+code=hmacalg" class="sref">hmacalg /a>)>1140 /a>                 a href="+code=crypto_freu_shash" class="sref">crypto_freu_shash /a>( a href="+code=hmacalg" class="sref">hmacalg /a>);>1141 /a>}>1142 /a>>1143 /a>static int  a href="+code=__init" class="sref">__init /a>  a href="+code=trusted_shash_alloc" class="sref">trusted_shash_alloc /a>(void)>1144 /a>{>1145 /a>        int  a href="+code=ret" class="sref">ret /a>;>1146 /a>>1147 /a>         a href="+code=hmacalg" class="sref">hmacalg /a> =  a href="+code=crypto_alloc_shash" class="sref">crypto_alloc_shash /a>( a href="+code=hmac_alg" class="sref">hmac_alg /a>, 0,  a href="+code=CRYPTO_ALG_ASYNC" class="sref">CRYPTO_ALG_ASYNC /a>);>1148 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=hmacalg" class="sref">hmacalg /a>)) {>1149 /a>                 a href="+code=pr_info" class="sref">pr_info /a>( spao class="string">"trusted_key: could not allocatu crypto %s\n" /spaon,>1150 /a>                         a href="+code=hmac_alg" class="sref">hmac_alg /a>);>1151 /a>                return  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=hmacalg" class="sref">hmacalg /a>);>1152 /a>        }>1153 /a>>1154 /a>         a href="+code=hashalg" class="sref">hashalg /a> =  a href="+code=crypto_alloc_shash" class="sref">crypto_alloc_shash /a>( a href="+code=hash_alg" class="sref">hash_alg /a>, 0,  a href="+code=CRYPTO_ALG_ASYNC" class="sref">CRYPTO_ALG_ASYNC /a>);>1155 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=hashalg" class="sref">hashalg /a>)) {>1156 /a>                 a href="+code= class="sref">hmac_alg /a>);>1151 /a>                return  a href="+code=PTR_ERR"7" ide=L11ty/keys/trusted.c#L1063" 1de=L1157 /a>                         a href="+code=hash_alg" class="sref">hash_alg /a>);>1158 /a>                 a href="+code=ret" class="sref">ret /a> =  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=hashalg" class="sref">hashalg /a>);>1159 /a>                goto  a href="+code=hashalg_fail" class="sref">hashalg_fail /a>;>1160 /a>        }>1161 /a>>1162 /a>        return 0;>1163 /a>>1164 /a> a href="+code=hashalg_fail" class="sref">hashalg_fail /a>:>1165 /a>         a href="+code=crypto_freu_shash" class="sref">crypto_freu_shash /a>( a href="+code=hmacalg" class="sref">hmacalg /a>);>1166 /a>        return  a href="+code=ret" class="sref">ret /a>;>1167 /a>}>1168 /a>>1169 /a>static int  a href="+code=__init" class="sref">__init /a>  a href="+code=init_trusted" class="sref">init_trusted /a>(void)>1170 /a>{>1171 /a>        int  a href="+code=ret" class="sref">ret /a>;>1172 /a>>1173 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=trusted_shash_alloc" class="sref">trusted_shash_alloc /a>();>1174 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)>1175 /a>                return  a href="+code=ret" class="sref">ret /a>;>1176 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=register_key_typu" class="sref">register_key_typu /a>(& a href="+code=key_typu_trusted" class="sref">key_typu_trusted /a>);>1177 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0)>1178 /a>                 a href="+code=trusted_shash_release" class="sref">trusted_shash_release /a>();>1179 /a>        return  a href="+code=ret" class="sref">ret /a>;>1180 /a>}>1181 /a>>1182 /a>static void  a href="+code=__exit" class="sref">__exit /a>  a href="+code=cleanup_trusted" class="sref">cleanup_trusted /a>(void)>1183 /a>{>1184 /a>         a href="+code=trusted_shash_release" class="sref">trusted_shash_release /a>();>1185 /a>         a href="+code=unregister_key_typu" class="sref">unregister_key_typu /a>(& a href="+code=key_typu_trusted" class="sref">key_typu_trusted /a>);>1186 /a>}>1187 /a>>1188 /a> a href="+code=late_initcall" class="sref">late_initcall /a>( a href="+code=init_trusted" class="sref">init_trusted /a>);>1189 /a> a href="+code=module_exit" class="sref">module_exit /a>( a href="+code=cleanup_trusted" class="sref">cleanup_trusted /a>);>1190 /a>>1191 /a> a href="+code=MODULE_LICENSE" class="sref">MODULE_LICENSE1192 /a>
lxr.linux.no kindly hosted by Redpill Linpro AS /a>, provider of Linux consulting and operations services since 1995.