Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\keys\trusted-keys\trusted_tpm1.c Create Date:2022-07-28 18:30:40
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Have the TPM seal(encrypt) the trusted key, possibly based on* Platform Configuration Registers (PCRs). AUTH1 for sealing key.

Proto:static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, uint32_t keyhandle, const unsigned char *keyauth, const unsigned char *data, uint32_t datalen, unsigned char *blob, uint32_t *bloblen, const unsigned char *blobauth, const unsigned char *pcrinfo, uint32_t pcrinfosize)

Type:int

Parameter:

TypeParameterName
struct tpm_buf *tb
uint16_tkeytype
uint32_tkeyhandle
const unsigned char *keyauth
const unsigned char *data
uint32_tdatalen
unsigned char *blob
uint32_t *bloblen
const unsigned char *blobauth
const unsigned char *pcrinfo
uint32_tpcrinfosize
481  td = Allocation memory
482  If Not td Then Return -ENOMEM
486  ret = Create an object specific authorisation protocol (OSAP) session
487  If ret < 0 Then Go to out
489  dump_sess( & sess)
492  memcpy(xorwork, secret, SHA1_DIGEST_SIZE)
493  memcpy(xorwork + SHA1_DIGEST_SIZE, enonce, SHA1_DIGEST_SIZE)
494  ret = TSS_sha1(xorwork, SHA1_DIGEST_SIZE * 2, xorhash)
495  If ret < 0 Then Go to out
498  ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE)
499  If ret != TPM_NONCE_SIZE Then Go to out
501  ordinal = htonl(TPM_ORD_SEAL)
502  datsize = htonl(datalen)
503  pcrsize = htonl(pcrinfosize)
504  cont = 0
507  When i < SHA1_DIGEST_SIZE cycle encauth[i] = xorhash[i] ^ blobauth[i]
511  If pcrinfosize == 0 Then
513  ret = alculate authorization info fields to send to TPM
519  Else
521  ret = alculate authorization info fields to send to TPM
528  If ret < 0 Then Go to out
532  tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_SEAL)
533  tpm_buf_append_u32(tb, keyhandle)
534  tpm_buf_append(tb, encauth, SHA1_DIGEST_SIZE)
535  tpm_buf_append_u32(tb, pcrinfosize)
536  tpm_buf_append(tb, pcrinfo, pcrinfosize)
537  tpm_buf_append_u32(tb, datalen)
538  tpm_buf_append(tb, data, datalen)
539  tpm_buf_append_u32(tb, handle)
540  tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE)
541  tpm_buf_append_u8(tb, cont)
542  tpm_buf_append(tb, pubauth, SHA1_DIGEST_SIZE)
544  ret = For key specific tpm requests, we will generate and send our* own TPM command packets using the drivers send function.
545  If ret < 0 Then Go to out
549  sealinfosize = LOAD32(data, TPM_DATA_OFFSET + sizeof(uint32_t))
550  encdatasize = LOAD32(data, TPM_DATA_OFFSET + sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize)
552  storedsize = sizeof(uint32_t) + sizeof(uint32_t) + sealinfosize + sizeof(uint32_t) + encdatasize
556  ret = verify the AUTH1_COMMAND (Seal) result from TPM
561  If Not ret Then
562  memcpy(blob, data + TPM_DATA_OFFSET, storedsize)
563  bloblen = storedsize
565  out :
566  kzfree - like kfree but zero memory*@p: object to free memory of* The memory of the object @p points to is zeroed before freed.* If @p is %NULL, kzfree() does nothing.* Note: this function zeroes the whole allocated buffer which can be a good
567  Return ret
Caller
NameDescribe
key_sealHave the TPM seal(encrypt) the symmetric key