Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\keys\trusted-keys\trusted_tpm1.c Create Date:2022-07-28 18:30:49
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:se the AUTH2_COMMAND form of unseal, to authorize both key and blob

Proto:static int tpm_unseal(struct tpm_buf *tb, uint32_t keyhandle, const unsigned char *keyauth, const unsigned char *blob, int bloblen, const unsigned char *blobauth, unsigned char *data, unsigned int *datalen)

Type:int

Parameter:

TypeParameterName
struct tpm_buf *tb
uint32_tkeyhandle
const unsigned char *keyauth
const unsigned char *blob
intbloblen
const unsigned char *blobauth
unsigned char *data
unsigned int *datalen
584  authhandle1 = 0
585  authhandle2 = 0
586  cont = 0
591  ret = Create an object independent authorisation protocol (oiap) session
592  If ret < 0 Then
593  pr_info("trusted_key: oiap failed (%d)\n", ret)
594  Return ret
596  ret = Create an object independent authorisation protocol (oiap) session
597  If ret < 0 Then
598  pr_info("trusted_key: oiap failed (%d)\n", ret)
599  Return ret
602  ordinal = htonl(TPM_ORD_UNSEAL)
603  ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE)
604  If ret != TPM_NONCE_SIZE Then
605  pr_info("trusted_key: tpm_get_random failed (%d)\n", ret)
606  Return ret
608  ret = alculate authorization info fields to send to TPM
611  If ret < 0 Then Return ret
613  ret = alculate authorization info fields to send to TPM
616  If ret < 0 Then Return ret
620  tpm_buf_reset(tb, TPM_TAG_RQU_AUTH2_COMMAND, TPM_ORD_UNSEAL)
621  tpm_buf_append_u32(tb, keyhandle)
622  tpm_buf_append(tb, blob, bloblen)
623  tpm_buf_append_u32(tb, authhandle1)
624  tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE)
625  tpm_buf_append_u8(tb, cont)
626  tpm_buf_append(tb, authdata1, SHA1_DIGEST_SIZE)
627  tpm_buf_append_u32(tb, authhandle2)
628  tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE)
629  tpm_buf_append_u8(tb, cont)
630  tpm_buf_append(tb, authdata2, SHA1_DIGEST_SIZE)
632  ret = For key specific tpm requests, we will generate and send our* own TPM command packets using the drivers send function.
633  If ret < 0 Then
634  pr_info("trusted_key: authhmac failed (%d)\n", ret)
635  Return ret
638  datalen = LOAD32(data, TPM_DATA_OFFSET)
639  ret = verify the AUTH2_COMMAND (unseal) result from TPM
645  If ret < 0 Then
646  pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret)
647  Return ret
649  memcpy(data, data + TPM_DATA_OFFSET + sizeof(uint32_t), * datalen)
650  Return 0
Caller
NameDescribe
key_unsealHave the TPM unseal(decrypt) the symmetric key