Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\keys\trusted-keys\trusted_tpm1.c Create Date:2022-07-28 18:30:08
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:verify the AUTH1_COMMAND (Seal) result from TPM

Proto:int TSS_checkhmac1(unsigned char *buffer, const uint32_t command, const unsigned char *ononce, const unsigned char *key, unsigned int keylen, ...)

Type:int

Parameter:

TypeParameterName
unsigned char *buffer
const uint32_tcommand
const unsigned char *ononce
const unsigned char *key
unsigned intkeylen
198  If Not chip Then Return -ENODEV
201  bufsize = LOAD32(buffer, TPM_SIZE_OFFSET)
202  tag = LOAD16(buffer, 0)
203  ordinal = command
204  result = LOAD32N(buffer, TPM_RETURN_OFFSET)
205  If tag == TPM_TAG_RSP_COMMAND Then Return 0
207  If tag != TPM_TAG_RSP_AUTH1_COMMAND Then Return -EINVAL
209  authdata = buffer + bufsize - SHA1_DIGEST_SIZE
210  continueflag = authdata - 1
211  enonce = continueflag - TPM_NONCE_SIZE
213  sdesc = init_sdesc(hashalg)
214  If IS_ERR(sdesc) Then
215  pr_info("trusted_key: can't alloc %s\n", hash_alg)
216  Return PTR_ERR(sdesc)
218  ret = rypto_shash_init() - (re)initialize message digest*@desc: operational state handle that is already filled* The call (re-)initializes the message digest referenced by the* operational state handle. Any potentially existing state created by
219  If ret < 0 Then Go to out
221  ret = rypto_shash_update() - add data to message digest for processing*@desc: operational state handle that is already initialized*@data: input data to be added to the message digest*@len: length of the input data
223  If ret < 0 Then Go to out
225  ret = rypto_shash_update() - add data to message digest for processing*@desc: operational state handle that is already initialized*@data: input data to be added to the message digest*@len: length of the input data
227  If ret < 0 Then Go to out
229  va_start(argp, keylen)
230  cycle
231  dlen = va_arg(argp, unsignedint)
232  If dlen == 0 Then Break
234  dpos = va_arg(argp, unsignedint)
235  ret = rypto_shash_update() - add data to message digest for processing*@desc: operational state handle that is already initialized*@data: input data to be added to the message digest*@len: length of the input data
236  If ret < 0 Then Break
239  va_end(argp)
240  If Not ret Then ret = rypto_shash_final() - calculate message digest*@desc: operational state handle that is already filled with data*@out: output buffer filled with the message digest* Finalize the message digest operation and create the message digest
242  If ret < 0 Then Go to out
245  ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce, 1, continueflag, 0, 0)
248  If ret < 0 Then Go to out
251  If memcmp(testhmac, authdata, SHA1_DIGEST_SIZE) Then ret = -EINVAL
253  out :
254  kzfree - like kfree but zero memory*@p: object to free memory of* The memory of the object @p points to is zeroed before freed.* If @p is %NULL, kzfree() does nothing.* Note: this function zeroes the whole allocated buffer which can be a good
255  Return ret
Caller
NameDescribe
tpm_sealHave the TPM seal(encrypt) the trusted key, possibly based on* Platform Configuration Registers (PCRs). AUTH1 for sealing key.