TSS_checkhmac2

Name:verify the AUTH2_COMMAND (unseal) result from TPM

Proto:static int TSS_checkhmac2(unsigned char *buffer, const uint32_t command, const unsigned char *ononce, const unsigned char *key1, unsigned int keylen1, const unsigned char *key2, unsigned int keylen2, ...)

Type:int

Parameter:

Type	Parameter	Name
unsigned char *	buffer
const uint32_t	command
const unsigned char *	ononce
const unsigned char *	key1
unsigned int	keylen1
const unsigned char *	key2
unsigned int	keylen2

289

bufsize = LOAD32(buffer, TPM_SIZE_OFFSET)

290

tag = LOAD16(buffer, 0)

291

ordinal = command

292

result = LOAD32N(buffer, TPM_RETURN_OFFSET)

294

If tag == TPM_TAG_RSP_COMMAND Then Return 0

296

If tag != TPM_TAG_RSP_AUTH2_COMMAND Then Return -EINVAL

298

authdata1 = buffer + bufsize - SHA1_DIGEST_SIZE + 1 + SHA1_DIGEST_SIZE + SHA1_DIGEST_SIZE

300

authdata2 = buffer + bufsize - SHA1_DIGEST_SIZE

301

continueflag1 = authdata1 - 1

302

continueflag2 = authdata2 - 1

303

enonce1 = continueflag1 - TPM_NONCE_SIZE

304

enonce2 = continueflag2 - TPM_NONCE_SIZE

306

sdesc = init_sdesc(hashalg)

307

If IS_ERR(sdesc) Then

308

pr_info("trusted_key: can't alloc %s\n", hash_alg)

309

Return PTR_ERR(sdesc)

311

ret = rypto_shash_init() - (re)initialize message digest*@desc: operational state handle that is already filled* The call (re-)initializes the message digest referenced by the* operational state handle. Any potentially existing state created by

312

If ret < 0 Then Go to out

314

ret = rypto_shash_update() - add data to message digest for processing*@desc: operational state handle that is already initialized*@data: input data to be added to the message digest*@len: length of the input data

316

If ret < 0 Then Go to out

318

ret = rypto_shash_update() - add data to message digest for processing*@desc: operational state handle that is already initialized*@data: input data to be added to the message digest*@len: length of the input data

320

If ret < 0 Then Go to out

323

va_start(argp, keylen2)

324

325

dlen = va_arg(argp, unsignedint)

326

If dlen == 0 Then Break

328

dpos = va_arg(argp, unsignedint)

329

ret = rypto_shash_update() - add data to message digest for processing*@desc: operational state handle that is already initialized*@data: input data to be added to the message digest*@len: length of the input data

330

If ret < 0 Then Break

333

334

If Not ret Then ret = rypto_shash_final() - calculate message digest*@desc: operational state handle that is already filled with data*@out: output buffer filled with the message digest* Finalize the message digest operation and create the message digest

336

If ret < 0 Then Go to out

339

ret = TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, enonce1, TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0)

342

If ret < 0 Then Go to out

344

If memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE) Then

345

346

Go to out

348

ret = TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, enonce2, TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0)

351

If ret < 0 Then Go to out

353

If memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE) Then ret = -EINVAL

355

out :

356

kzfree - like kfree but zero memory*@p: object to free memory of* The memory of the object @p points to is zeroed before freed.* If @p is %NULL, kzfree() does nothing.* Note: this function zeroes the whole allocated buffer which can be a good

357

Return ret

**Caller**
Name	Describe
tpm_unseal	se the AUTH2_COMMAND form of unseal, to authorize both key and blob

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion