tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'tpmdd-next-6.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

Pull TPM fixes from Jarkko Sakkinen:
"This contains the fixes for !chip->auth condition, preventing the
breakage of:
- tpm_ftpm_tee.c
- tpm_i2c_nuvoton.c
- tpm_ibmvtpm.c
- tpm_tis_i2c_cr50.c
- tpm_vtpm_proxy.c

All drivers will continue to work as they did in 6.9, except a single
warning (dev_warn() not WARN()) is printed to klog only to inform that
authenticated sessions are not enabled"

* tag 'tpmdd-next-6.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
tpm: Address !chip->auth in tpm_buf_append_hmac_session*()
tpm: Address !chip->auth in tpm_buf_append_name()
tpm: Address !chip->auth in tpm2_*_auth_session()

Linus Torvalds 5cc46711 75aa87ca

+270 -234
+1 -1
drivers/char/tpm/Makefile
··· 16 16 tpm-y += eventlog/tpm1.o 17 17 tpm-y += eventlog/tpm2.o 18 18 tpm-y += tpm-buf.o 19 + tpm-y += tpm2-sessions.o 19 20 20 - tpm-$(CONFIG_TCG_TPM2_HMAC) += tpm2-sessions.o 21 21 tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o 22 22 tpm-$(CONFIG_EFI) += eventlog/efi.o 23 23 tpm-$(CONFIG_OF) += eventlog/of.o
+240 -179
drivers/char/tpm/tpm2-sessions.c
··· 83 83 #define AES_KEY_BYTES AES_KEYSIZE_128 84 84 #define AES_KEY_BITS (AES_KEY_BYTES*8) 85 85 86 - static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, 87 - u32 *handle, u8 *name); 88 - 89 86 /* 90 87 * This is the structure that carries all the auth information (like 91 88 * session handle, nonces, session key and auth) from use to use it is ··· 145 148 u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; 146 149 }; 147 150 151 + #ifdef CONFIG_TCG_TPM2_HMAC 148 152 /* 149 153 * Name Size based on TPM algorithm (assumes no hash bigger than 255) 150 154 */ ··· 160 162 u16 alg = get_unaligned_be16(name); 161 163 return size_map[alg] + 2; 162 164 } 165 + 166 + static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) 167 + { 168 + struct tpm_header *head = (struct tpm_header *)buf->data; 169 + off_t offset = TPM_HEADER_SIZE; 170 + u32 tot_len = be32_to_cpu(head->length); 171 + u32 val; 172 + 173 + /* we're starting after the header so adjust the length */ 174 + tot_len -= TPM_HEADER_SIZE; 175 + 176 + /* skip public */ 177 + val = tpm_buf_read_u16(buf, &offset); 178 + if (val > tot_len) 179 + return -EINVAL; 180 + offset += val; 181 + /* name */ 182 + val = tpm_buf_read_u16(buf, &offset); 183 + if (val != name_size(&buf->data[offset])) 184 + return -EINVAL; 185 + memcpy(name, &buf->data[offset], val); 186 + /* forget the rest */ 187 + return 0; 188 + } 189 + 190 + static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) 191 + { 192 + struct tpm_buf buf; 193 + int rc; 194 + 195 + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); 196 + if (rc) 197 + return rc; 198 + 199 + tpm_buf_append_u32(&buf, handle); 200 + rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); 201 + if (rc == TPM2_RC_SUCCESS) 202 + rc = tpm2_parse_read_public(name, &buf); 203 + 204 + tpm_buf_destroy(&buf); 205 + 206 + return rc; 207 + } 208 + #endif /* CONFIG_TCG_TPM2_HMAC */ 209 + 210 + /** 211 + * tpm_buf_append_name() - add a handle area to the buffer 212 + * @chip: the TPM chip structure 213 + * @buf: The buffer to be appended 214 + * @handle: The handle to be appended 215 + * @name: The name of the handle (may be NULL) 216 + * 217 + * In order to compute session HMACs, we need to know the names of the 218 + * objects pointed to by the handles. For most objects, this is simply 219 + * the actual 4 byte handle or an empty buf (in these cases @name 220 + * should be NULL) but for volatile objects, permanent objects and NV 221 + * areas, the name is defined as the hash (according to the name 222 + * algorithm which should be set to sha256) of the public area to 223 + * which the two byte algorithm id has been appended. For these 224 + * objects, the @name pointer should point to this. If a name is 225 + * required but @name is NULL, then TPM2_ReadPublic() will be called 226 + * on the handle to obtain the name. 227 + * 228 + * As with most tpm_buf operations, success is assumed because failure 229 + * will be caused by an incorrect programming model and indicated by a 230 + * kernel message. 231 + */ 232 + void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, 233 + u32 handle, u8 *name) 234 + { 235 + #ifdef CONFIG_TCG_TPM2_HMAC 236 + enum tpm2_mso_type mso = tpm2_handle_mso(handle); 237 + struct tpm2_auth *auth; 238 + int slot; 239 + #endif 240 + 241 + if (!tpm2_chip_auth(chip)) { 242 + tpm_buf_append_u32(buf, handle); 243 + /* count the number of handles in the upper bits of flags */ 244 + buf->handles++; 245 + return; 246 + } 247 + 248 + #ifdef CONFIG_TCG_TPM2_HMAC 249 + slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; 250 + if (slot >= AUTH_MAX_NAMES) { 251 + dev_err(&chip->dev, "TPM: too many handles\n"); 252 + return; 253 + } 254 + auth = chip->auth; 255 + WARN(auth->session != tpm_buf_length(buf), 256 + "name added in wrong place\n"); 257 + tpm_buf_append_u32(buf, handle); 258 + auth->session += 4; 259 + 260 + if (mso == TPM2_MSO_PERSISTENT || 261 + mso == TPM2_MSO_VOLATILE || 262 + mso == TPM2_MSO_NVRAM) { 263 + if (!name) 264 + tpm2_read_public(chip, handle, auth->name[slot]); 265 + } else { 266 + if (name) 267 + dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); 268 + } 269 + 270 + auth->name_h[slot] = handle; 271 + if (name) 272 + memcpy(auth->name[slot], name, name_size(name)); 273 + #endif 274 + } 275 + EXPORT_SYMBOL_GPL(tpm_buf_append_name); 276 + 277 + /** 278 + * tpm_buf_append_hmac_session() - Append a TPM session element 279 + * @chip: the TPM chip structure 280 + * @buf: The buffer to be appended 281 + * @attributes: The session attributes 282 + * @passphrase: The session authority (NULL if none) 283 + * @passphrase_len: The length of the session authority (0 if none) 284 + * 285 + * This fills in a session structure in the TPM command buffer, except 286 + * for the HMAC which cannot be computed until the command buffer is 287 + * complete. The type of session is controlled by the @attributes, 288 + * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the 289 + * session won't terminate after tpm_buf_check_hmac_response(), 290 + * TPM2_SA_DECRYPT which means this buffers first parameter should be 291 + * encrypted with a session key and TPM2_SA_ENCRYPT, which means the 292 + * response buffer's first parameter needs to be decrypted (confusing, 293 + * but the defines are written from the point of view of the TPM). 294 + * 295 + * Any session appended by this command must be finalized by calling 296 + * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect 297 + * and the TPM will reject the command. 298 + * 299 + * As with most tpm_buf operations, success is assumed because failure 300 + * will be caused by an incorrect programming model and indicated by a 301 + * kernel message. 302 + */ 303 + void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, 304 + u8 attributes, u8 *passphrase, 305 + int passphrase_len) 306 + { 307 + #ifdef CONFIG_TCG_TPM2_HMAC 308 + u8 nonce[SHA256_DIGEST_SIZE]; 309 + struct tpm2_auth *auth; 310 + u32 len; 311 + #endif 312 + 313 + if (!tpm2_chip_auth(chip)) { 314 + /* offset tells us where the sessions area begins */ 315 + int offset = buf->handles * 4 + TPM_HEADER_SIZE; 316 + u32 len = 9 + passphrase_len; 317 + 318 + if (tpm_buf_length(buf) != offset) { 319 + /* not the first session so update the existing length */ 320 + len += get_unaligned_be32(&buf->data[offset]); 321 + put_unaligned_be32(len, &buf->data[offset]); 322 + } else { 323 + tpm_buf_append_u32(buf, len); 324 + } 325 + /* auth handle */ 326 + tpm_buf_append_u32(buf, TPM2_RS_PW); 327 + /* nonce */ 328 + tpm_buf_append_u16(buf, 0); 329 + /* attributes */ 330 + tpm_buf_append_u8(buf, 0); 331 + /* passphrase */ 332 + tpm_buf_append_u16(buf, passphrase_len); 333 + tpm_buf_append(buf, passphrase, passphrase_len); 334 + return; 335 + } 336 + 337 + #ifdef CONFIG_TCG_TPM2_HMAC 338 + /* 339 + * The Architecture Guide requires us to strip trailing zeros 340 + * before computing the HMAC 341 + */ 342 + while (passphrase && passphrase_len > 0 && passphrase[passphrase_len - 1] == '\0') 343 + passphrase_len--; 344 + 345 + auth = chip->auth; 346 + auth->attrs = attributes; 347 + auth->passphrase_len = passphrase_len; 348 + if (passphrase_len) 349 + memcpy(auth->passphrase, passphrase, passphrase_len); 350 + 351 + if (auth->session != tpm_buf_length(buf)) { 352 + /* we're not the first session */ 353 + len = get_unaligned_be32(&buf->data[auth->session]); 354 + if (4 + len + auth->session != tpm_buf_length(buf)) { 355 + WARN(1, "session length mismatch, cannot append"); 356 + return; 357 + } 358 + 359 + /* add our new session */ 360 + len += 9 + 2 * SHA256_DIGEST_SIZE; 361 + put_unaligned_be32(len, &buf->data[auth->session]); 362 + } else { 363 + tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); 364 + } 365 + 366 + /* random number for our nonce */ 367 + get_random_bytes(nonce, sizeof(nonce)); 368 + memcpy(auth->our_nonce, nonce, sizeof(nonce)); 369 + tpm_buf_append_u32(buf, auth->handle); 370 + /* our new nonce */ 371 + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); 372 + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); 373 + tpm_buf_append_u8(buf, auth->attrs); 374 + /* and put a placeholder for the hmac */ 375 + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); 376 + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); 377 + #endif 378 + } 379 + EXPORT_SYMBOL_GPL(tpm_buf_append_hmac_session); 380 + 381 + #ifdef CONFIG_TCG_TPM2_HMAC 382 + 383 + static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, 384 + u32 *handle, u8 *name); 163 385 164 386 /* 165 387 * It turns out the crypto hmac(sha256) is hard for us to consume ··· 562 344 } 563 345 564 346 /** 565 - * tpm_buf_append_hmac_session() - Append a TPM session element 566 - * @chip: the TPM chip structure 567 - * @buf: The buffer to be appended 568 - * @attributes: The session attributes 569 - * @passphrase: The session authority (NULL if none) 570 - * @passphrase_len: The length of the session authority (0 if none) 571 - * 572 - * This fills in a session structure in the TPM command buffer, except 573 - * for the HMAC which cannot be computed until the command buffer is 574 - * complete. The type of session is controlled by the @attributes, 575 - * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the 576 - * session won't terminate after tpm_buf_check_hmac_response(), 577 - * TPM2_SA_DECRYPT which means this buffers first parameter should be 578 - * encrypted with a session key and TPM2_SA_ENCRYPT, which means the 579 - * response buffer's first parameter needs to be decrypted (confusing, 580 - * but the defines are written from the point of view of the TPM). 581 - * 582 - * Any session appended by this command must be finalized by calling 583 - * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect 584 - * and the TPM will reject the command. 585 - * 586 - * As with most tpm_buf operations, success is assumed because failure 587 - * will be caused by an incorrect programming model and indicated by a 588 - * kernel message. 589 - */ 590 - void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, 591 - u8 attributes, u8 *passphrase, 592 - int passphrase_len) 593 - { 594 - u8 nonce[SHA256_DIGEST_SIZE]; 595 - u32 len; 596 - struct tpm2_auth *auth = chip->auth; 597 - 598 - /* 599 - * The Architecture Guide requires us to strip trailing zeros 600 - * before computing the HMAC 601 - */ 602 - while (passphrase && passphrase_len > 0 603 - && passphrase[passphrase_len - 1] == '\0') 604 - passphrase_len--; 605 - 606 - auth->attrs = attributes; 607 - auth->passphrase_len = passphrase_len; 608 - if (passphrase_len) 609 - memcpy(auth->passphrase, passphrase, passphrase_len); 610 - 611 - if (auth->session != tpm_buf_length(buf)) { 612 - /* we're not the first session */ 613 - len = get_unaligned_be32(&buf->data[auth->session]); 614 - if (4 + len + auth->session != tpm_buf_length(buf)) { 615 - WARN(1, "session length mismatch, cannot append"); 616 - return; 617 - } 618 - 619 - /* add our new session */ 620 - len += 9 + 2 * SHA256_DIGEST_SIZE; 621 - put_unaligned_be32(len, &buf->data[auth->session]); 622 - } else { 623 - tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); 624 - } 625 - 626 - /* random number for our nonce */ 627 - get_random_bytes(nonce, sizeof(nonce)); 628 - memcpy(auth->our_nonce, nonce, sizeof(nonce)); 629 - tpm_buf_append_u32(buf, auth->handle); 630 - /* our new nonce */ 631 - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); 632 - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); 633 - tpm_buf_append_u8(buf, auth->attrs); 634 - /* and put a placeholder for the hmac */ 635 - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); 636 - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); 637 - } 638 - EXPORT_SYMBOL(tpm_buf_append_hmac_session); 639 - 640 - /** 641 347 * tpm_buf_fill_hmac_session() - finalize the session HMAC 642 348 * @chip: the TPM chip structure 643 349 * @buf: The buffer to be appended ··· 590 448 u32 attrs; 591 449 u8 cphash[SHA256_DIGEST_SIZE]; 592 450 struct sha256_state sctx; 451 + 452 + if (!auth) 453 + return; 593 454 594 455 /* save the command code in BE format */ 595 456 auth->ordinal = head->ordinal; ··· 712 567 } 713 568 EXPORT_SYMBOL(tpm_buf_fill_hmac_session); 714 569 715 - static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) 716 - { 717 - struct tpm_header *head = (struct tpm_header *)buf->data; 718 - off_t offset = TPM_HEADER_SIZE; 719 - u32 tot_len = be32_to_cpu(head->length); 720 - u32 val; 721 - 722 - /* we're starting after the header so adjust the length */ 723 - tot_len -= TPM_HEADER_SIZE; 724 - 725 - /* skip public */ 726 - val = tpm_buf_read_u16(buf, &offset); 727 - if (val > tot_len) 728 - return -EINVAL; 729 - offset += val; 730 - /* name */ 731 - val = tpm_buf_read_u16(buf, &offset); 732 - if (val != name_size(&buf->data[offset])) 733 - return -EINVAL; 734 - memcpy(name, &buf->data[offset], val); 735 - /* forget the rest */ 736 - return 0; 737 - } 738 - 739 - static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) 740 - { 741 - struct tpm_buf buf; 742 - int rc; 743 - 744 - rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); 745 - if (rc) 746 - return rc; 747 - 748 - tpm_buf_append_u32(&buf, handle); 749 - rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); 750 - if (rc == TPM2_RC_SUCCESS) 751 - rc = tpm2_parse_read_public(name, &buf); 752 - 753 - tpm_buf_destroy(&buf); 754 - 755 - return rc; 756 - } 757 - 758 - /** 759 - * tpm_buf_append_name() - add a handle area to the buffer 760 - * @chip: the TPM chip structure 761 - * @buf: The buffer to be appended 762 - * @handle: The handle to be appended 763 - * @name: The name of the handle (may be NULL) 764 - * 765 - * In order to compute session HMACs, we need to know the names of the 766 - * objects pointed to by the handles. For most objects, this is simply 767 - * the actual 4 byte handle or an empty buf (in these cases @name 768 - * should be NULL) but for volatile objects, permanent objects and NV 769 - * areas, the name is defined as the hash (according to the name 770 - * algorithm which should be set to sha256) of the public area to 771 - * which the two byte algorithm id has been appended. For these 772 - * objects, the @name pointer should point to this. If a name is 773 - * required but @name is NULL, then TPM2_ReadPublic() will be called 774 - * on the handle to obtain the name. 775 - * 776 - * As with most tpm_buf operations, success is assumed because failure 777 - * will be caused by an incorrect programming model and indicated by a 778 - * kernel message. 779 - */ 780 - void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, 781 - u32 handle, u8 *name) 782 - { 783 - enum tpm2_mso_type mso = tpm2_handle_mso(handle); 784 - struct tpm2_auth *auth = chip->auth; 785 - int slot; 786 - 787 - slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE)/4; 788 - if (slot >= AUTH_MAX_NAMES) { 789 - dev_err(&chip->dev, "TPM: too many handles\n"); 790 - return; 791 - } 792 - WARN(auth->session != tpm_buf_length(buf), 793 - "name added in wrong place\n"); 794 - tpm_buf_append_u32(buf, handle); 795 - auth->session += 4; 796 - 797 - if (mso == TPM2_MSO_PERSISTENT || 798 - mso == TPM2_MSO_VOLATILE || 799 - mso == TPM2_MSO_NVRAM) { 800 - if (!name) 801 - tpm2_read_public(chip, handle, auth->name[slot]); 802 - } else { 803 - if (name) 804 - dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); 805 - } 806 - 807 - auth->name_h[slot] = handle; 808 - if (name) 809 - memcpy(auth->name[slot], name, name_size(name)); 810 - } 811 - EXPORT_SYMBOL(tpm_buf_append_name); 812 - 813 570 /** 814 571 * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness 815 572 * @chip: the TPM chip structure ··· 751 704 u16 tag = be16_to_cpu(head->tag); 752 705 u32 cc = be32_to_cpu(auth->ordinal); 753 706 int parm_len, len, i, handles; 707 + 708 + if (!auth) 709 + return rc; 754 710 755 711 if (auth->session >= TPM_HEADER_SIZE) { 756 712 WARN(1, "tpm session not filled correctly\n"); ··· 874 824 */ 875 825 void tpm2_end_auth_session(struct tpm_chip *chip) 876 826 { 877 - tpm2_flush_context(chip, chip->auth->handle); 878 - memzero_explicit(chip->auth, sizeof(*chip->auth)); 827 + struct tpm2_auth *auth = chip->auth; 828 + 829 + if (!auth) 830 + return; 831 + 832 + tpm2_flush_context(chip, auth->handle); 833 + memzero_explicit(auth, sizeof(*auth)); 879 834 } 880 835 EXPORT_SYMBOL(tpm2_end_auth_session); 881 836 ··· 961 906 struct tpm2_auth *auth = chip->auth; 962 907 int rc; 963 908 u32 null_key; 909 + 910 + if (!auth) { 911 + dev_warn_once(&chip->dev, "auth session is not active\n"); 912 + return 0; 913 + } 964 914 965 915 rc = tpm2_load_null(chip, &null_key); 966 916 if (rc) ··· 1361 1301 1362 1302 return rc; 1363 1303 } 1304 + #endif /* CONFIG_TCG_TPM2_HMAC */
+29 -54
include/linux/tpm.h
··· 490 490 { 491 491 } 492 492 #endif 493 - #ifdef CONFIG_TCG_TPM2_HMAC 494 493 495 - int tpm2_start_auth_session(struct tpm_chip *chip); 494 + static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip) 495 + { 496 + #ifdef CONFIG_TCG_TPM2_HMAC 497 + return chip->auth; 498 + #else 499 + return NULL; 500 + #endif 501 + } 502 + 496 503 void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, 497 504 u32 handle, u8 *name); 498 505 void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, ··· 511 504 u8 *passphrase, 512 505 int passphraselen) 513 506 { 514 - tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, 515 - passphraselen); 507 + struct tpm_header *head; 508 + int offset; 509 + 510 + if (tpm2_chip_auth(chip)) { 511 + tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen); 512 + } else { 513 + offset = buf->handles * 4 + TPM_HEADER_SIZE; 514 + head = (struct tpm_header *)buf->data; 515 + 516 + /* 517 + * If the only sessions are optional, the command tag must change to 518 + * TPM2_ST_NO_SESSIONS. 519 + */ 520 + if (tpm_buf_length(buf) == offset) 521 + head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); 522 + } 516 523 } 524 + 525 + #ifdef CONFIG_TCG_TPM2_HMAC 526 + 527 + int tpm2_start_auth_session(struct tpm_chip *chip); 517 528 void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); 518 529 int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, 519 530 int rc); ··· 545 520 } 546 521 static inline void tpm2_end_auth_session(struct tpm_chip *chip) 547 522 { 548 - } 549 - static inline void tpm_buf_append_name(struct tpm_chip *chip, 550 - struct tpm_buf *buf, 551 - u32 handle, u8 *name) 552 - { 553 - tpm_buf_append_u32(buf, handle); 554 - /* count the number of handles in the upper bits of flags */ 555 - buf->handles++; 556 - } 557 - static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, 558 - struct tpm_buf *buf, 559 - u8 attributes, u8 *passphrase, 560 - int passphraselen) 561 - { 562 - /* offset tells us where the sessions area begins */ 563 - int offset = buf->handles * 4 + TPM_HEADER_SIZE; 564 - u32 len = 9 + passphraselen; 565 - 566 - if (tpm_buf_length(buf) != offset) { 567 - /* not the first session so update the existing length */ 568 - len += get_unaligned_be32(&buf->data[offset]); 569 - put_unaligned_be32(len, &buf->data[offset]); 570 - } else { 571 - tpm_buf_append_u32(buf, len); 572 - } 573 - /* auth handle */ 574 - tpm_buf_append_u32(buf, TPM2_RS_PW); 575 - /* nonce */ 576 - tpm_buf_append_u16(buf, 0); 577 - /* attributes */ 578 - tpm_buf_append_u8(buf, 0); 579 - /* passphrase */ 580 - tpm_buf_append_u16(buf, passphraselen); 581 - tpm_buf_append(buf, passphrase, passphraselen); 582 - } 583 - static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, 584 - struct tpm_buf *buf, 585 - u8 attributes, 586 - u8 *passphrase, 587 - int passphraselen) 588 - { 589 - int offset = buf->handles * 4 + TPM_HEADER_SIZE; 590 - struct tpm_header *head = (struct tpm_header *) buf->data; 591 - 592 - /* 593 - * if the only sessions are optional, the command tag 594 - * must change to TPM2_ST_NO_SESSIONS 595 - */ 596 - if (tpm_buf_length(buf) == offset) 597 - head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); 598 523 } 599 524 static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, 600 525 struct tpm_buf *buf)