Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\keys\trusted-keys\trusted_tpm1.c Create Date:2022-07-28 18:31:25
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:rusted_instantiate - create a new trusted key* Unseal an existing trusted blob or, for a new key, get a* random key, then seal and create a trusted key-type key,* adding it to the specified keyring.* On success, return 0. Otherwise return errno.

Proto:static int trusted_instantiate(struct key *key, struct key_preparsed_payload *prep)

Type:int

Parameter:

TypeParameterName
struct key *key
struct key_preparsed_payload *prep
955  struct trusted_key_payload * payload = NULL
956  struct trusted_key_options * options = NULL
957  datalen = Raw datalen
959  ret = 0
964  tpm2 = tpm_is_tpm2(chip)
965  If tpm2 < 0 Then Return tpm2
968  If datalen <= 0 || datalen > 32767 || Not Raw data Then Return -EINVAL
971  datablob = Allocation memory
972  If Not datablob Then Return -ENOMEM
974  memcpy(datablob, Raw data , datalen)
975  datablob[datalen] = '\0'
977  options = trusted_options_alloc()
978  If Not options Then
979  ret = -ENOMEM
980  Go to out
982  payload = trusted_payload_alloc(key)
983  If Not payload Then
984  ret = -ENOMEM
985  Go to out
988  key_cmd = datablob_parse - parse the keyctl data and fill in the* payload and options structures* On success returns 0, otherwise -EINVAL.
989  If key_cmd < 0 Then
990  ret = key_cmd
991  Go to out
994  If Not keyhandle Then
995  ret = -EINVAL
996  Go to out
999  dump_payload(payload)
1000  dump_options(options)
1003  Case key_cmd == Opt_load
1004  If tpm2 Then ret = tpm2_unseal_trusted(chip, payload, options)
1006  Else ret = Have the TPM unseal(decrypt) the symmetric key
1008  dump_payload(payload)
1009  dump_options(options)
1010  If ret < 0 Then pr_info("trusted_key: key_unseal failed (%d)\n", ret)
1012  Break
1013  Case key_cmd == Opt_new
1014  key_len = key_len
1015  ret = tpm_get_random(chip, key, key_len)
1016  If ret != key_len Then
1017  pr_info("trusted_key: key_create failed (%d)\n", ret)
1018  Go to out
1020  If tpm2 Then ret = pm2_seal_trusted() - seal the payload of a trusted key*@chip: TPM chip to use*@payload: the key data in clear and encrypted form*@options: authentication values and other options* Return: < 0 on error and 0 on success.
1022  Else ret = Have the TPM seal(encrypt) the symmetric key
1024  If ret < 0 Then pr_info("trusted_key: key_seal failed (%d)\n", ret)
1026  Break
1027  Default
1028  ret = -EINVAL
1029  Go to out
1031  If Not ret && pcrlock Then ret = Lock a trusted key, by extending a selected PCR.* Prevents a trusted key that is sealed to PCRs from being accessed.* This uses the tpm driver's extend function.
1033  out :
1034  kzfree - like kfree but zero memory*@p: object to free memory of* The memory of the object @p points to is zeroed before freed.* If @p is %NULL, kzfree() does nothing.* Note: this function zeroes the whole allocated buffer which can be a good
1035  kzfree - like kfree but zero memory*@p: object to free memory of* The memory of the object @p points to is zeroed before freed.* If @p is %NULL, kzfree() does nothing.* Note: this function zeroes the whole allocated buffer which can be a good
1036  If Not ret Then rcu_assign_keypointer(key, payload)
1038  Else kzfree - like kfree but zero memory*@p: object to free memory of* The memory of the object @p points to is zeroed before freed.* If @p is %NULL, kzfree() does nothing.* Note: this function zeroes the whole allocated buffer which can be a good
1040  Return ret