tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'keys-next-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

Pull keys updates from Jarkko Sakkinen:
"A few minor updates/fixes for keys"

* tag 'keys-next-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
security: keys: use menuconfig for KEYS symbol
KEYS: encrypted: Use SHA-256 library instead of crypto_shash
KEYS: trusted_tpm1: Move private functionality out of public header
KEYS: trusted_tpm1: Use SHA-1 library instead of crypto_shash
KEYS: trusted_tpm1: Compare HMAC values in constant time

Linus Torvalds b4e5bb55 908057d1

+119 -333
-79
include/keys/trusted_tpm.h
··· 5 5 #include <keys/trusted-type.h> 6 6 #include <linux/tpm_command.h> 7 7 8 - /* implementation specific TPM constants */ 9 - #define TPM_SIZE_OFFSET 2 10 - #define TPM_RETURN_OFFSET 6 11 - #define TPM_DATA_OFFSET 10 12 - 13 - #define LOAD32(buffer, offset) (ntohl(*(uint32_t *)&buffer[offset])) 14 - #define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset]) 15 - #define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset])) 16 - 17 8 extern struct trusted_key_ops trusted_key_tpm_ops; 18 - 19 - struct osapsess { 20 - uint32_t handle; 21 - unsigned char secret[SHA1_DIGEST_SIZE]; 22 - unsigned char enonce[TPM_NONCE_SIZE]; 23 - }; 24 - 25 - /* discrete values, but have to store in uint16_t for TPM use */ 26 - enum { 27 - SEAL_keytype = 1, 28 - SRK_keytype = 4 29 - }; 30 - 31 - int TSS_authhmac(unsigned char *digest, const unsigned char *key, 32 - unsigned int keylen, unsigned char *h1, 33 - unsigned char *h2, unsigned int h3, ...); 34 - int TSS_checkhmac1(unsigned char *buffer, 35 - const uint32_t command, 36 - const unsigned char *ononce, 37 - const unsigned char *key, 38 - unsigned int keylen, ...); 39 - 40 - int trusted_tpm_send(unsigned char *cmd, size_t buflen); 41 - int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce); 42 9 43 10 int tpm2_seal_trusted(struct tpm_chip *chip, 44 11 struct trusted_key_payload *payload, ··· 14 47 struct trusted_key_payload *payload, 15 48 struct trusted_key_options *options); 16 49 17 - #define TPM_DEBUG 0 18 - 19 - #if TPM_DEBUG 20 - static inline void dump_options(struct trusted_key_options *o) 21 - { 22 - pr_info("sealing key type %d\n", o->keytype); 23 - pr_info("sealing key handle %0X\n", o->keyhandle); 24 - pr_info("pcrlock %d\n", o->pcrlock); 25 - pr_info("pcrinfo %d\n", o->pcrinfo_len); 26 - print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, 27 - 16, 1, o->pcrinfo, o->pcrinfo_len, 0); 28 - } 29 - 30 - static inline void dump_sess(struct osapsess *s) 31 - { 32 - print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, 33 - 16, 1, &s->handle, 4, 0); 34 - pr_info("secret:\n"); 35 - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 36 - 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); 37 - pr_info("trusted-key: enonce:\n"); 38 - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 39 - 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); 40 - } 41 - 42 - static inline void dump_tpm_buf(unsigned char *buf) 43 - { 44 - int len; 45 - 46 - pr_info("\ntpm buffer\n"); 47 - len = LOAD32(buf, TPM_SIZE_OFFSET); 48 - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); 49 - } 50 - #else 51 - static inline void dump_options(struct trusted_key_options *o) 52 - { 53 - } 54 - 55 - static inline void dump_sess(struct osapsess *s) 56 - { 57 - } 58 - 59 - static inline void dump_tpm_buf(unsigned char *buf) 60 - { 61 - } 62 - #endif 63 50 #endif
+7 -10
security/keys/Kconfig
··· 3 3 # Key management configuration 4 4 # 5 5 6 - config KEYS 6 + menuconfig KEYS 7 7 bool "Enable access key retention support" 8 8 select ASSOCIATIVE_ARRAY 9 9 help ··· 21 21 22 22 If you are unsure as to whether this is required, answer N. 23 23 24 + if KEYS 25 + 24 26 config KEYS_REQUEST_CACHE 25 27 bool "Enable temporary caching of the last request_key() result" 26 - depends on KEYS 27 28 help 28 29 This option causes the result of the last successful request_key() 29 30 call that didn't upcall to the kernel to be cached temporarily in the ··· 42 41 43 42 config PERSISTENT_KEYRINGS 44 43 bool "Enable register of persistent per-UID keyrings" 45 - depends on KEYS 46 44 help 47 45 This option provides a register of persistent per-UID keyrings, 48 46 primarily aimed at Kerberos key storage. The keyrings are persistent ··· 58 58 59 59 config BIG_KEYS 60 60 bool "Large payload keys" 61 - depends on KEYS 62 61 depends on TMPFS 63 62 select CRYPTO_LIB_CHACHA20POLY1305 64 63 help ··· 69 70 70 71 config TRUSTED_KEYS 71 72 tristate "TRUSTED KEYS" 72 - depends on KEYS 73 73 help 74 74 This option provides support for creating, sealing, and unsealing 75 75 keys in the kernel. Trusted keys are random number symmetric keys, ··· 83 85 84 86 config ENCRYPTED_KEYS 85 87 tristate "ENCRYPTED KEYS" 86 - depends on KEYS 87 88 select CRYPTO 88 - select CRYPTO_HMAC 89 89 select CRYPTO_AES 90 90 select CRYPTO_CBC 91 - select CRYPTO_SHA256 91 + select CRYPTO_LIB_SHA256 92 92 select CRYPTO_RNG 93 93 help 94 94 This option provides support for create/encrypting/decrypting keys ··· 110 114 111 115 config KEY_DH_OPERATIONS 112 116 bool "Diffie-Hellman operations on retained keys" 113 - depends on KEYS 114 117 select CRYPTO 115 118 select CRYPTO_KDF800108_CTR 116 119 select CRYPTO_DH ··· 122 127 123 128 config KEY_NOTIFICATIONS 124 129 bool "Provide key/keyring change notifications" 125 - depends on KEYS && WATCH_QUEUE 130 + depends on WATCH_QUEUE 126 131 help 127 132 This option provides support for getting change notifications 128 133 on keys and keyrings on which the caller has View permission. 129 134 This makes use of pipes to handle the notification buffer and 130 135 provides KEYCTL_WATCH_KEY to enable/disable watches. 136 + 137 + endif # KEYS
+10 -53
security/keys/encrypted-keys/encrypted.c
··· 27 27 #include <linux/scatterlist.h> 28 28 #include <linux/ctype.h> 29 29 #include <crypto/aes.h> 30 - #include <crypto/hash.h> 31 30 #include <crypto/sha2.h> 32 31 #include <crypto/skcipher.h> 33 32 #include <crypto/utils.h> ··· 36 37 37 38 static const char KEY_TRUSTED_PREFIX[] = "trusted:"; 38 39 static const char KEY_USER_PREFIX[] = "user:"; 39 - static const char hash_alg[] = "sha256"; 40 - static const char hmac_alg[] = "hmac(sha256)"; 41 40 static const char blkcipher_alg[] = "cbc(aes)"; 42 41 static const char key_format_default[] = "default"; 43 42 static const char key_format_ecryptfs[] = "ecryptfs"; ··· 50 53 #define MAX_DATA_SIZE 4096 51 54 #define MIN_DATA_SIZE 20 52 55 #define KEY_ENC32_PAYLOAD_LEN 32 53 - 54 - static struct crypto_shash *hash_tfm; 55 56 56 57 enum { 57 58 Opt_new, Opt_load, Opt_update, Opt_err ··· 324 329 return ukey; 325 330 } 326 331 327 - static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen, 328 - const u8 *buf, unsigned int buflen) 329 - { 330 - struct crypto_shash *tfm; 331 - int err; 332 - 333 - tfm = crypto_alloc_shash(hmac_alg, 0, 0); 334 - if (IS_ERR(tfm)) { 335 - pr_err("encrypted_key: can't alloc %s transform: %ld\n", 336 - hmac_alg, PTR_ERR(tfm)); 337 - return PTR_ERR(tfm); 338 - } 339 - 340 - err = crypto_shash_setkey(tfm, key, keylen); 341 - if (!err) 342 - err = crypto_shash_tfm_digest(tfm, buf, buflen, digest); 343 - crypto_free_shash(tfm); 344 - return err; 345 - } 346 - 347 332 enum derived_key_type { ENC_KEY, AUTH_KEY }; 348 333 349 334 /* Derive authentication/encryption key from trusted key */ ··· 332 357 { 333 358 u8 *derived_buf; 334 359 unsigned int derived_buf_len; 335 - int ret; 336 360 337 361 derived_buf_len = strlen("AUTH_KEY") + 1 + master_keylen; 338 362 if (derived_buf_len < HASH_SIZE) ··· 348 374 349 375 memcpy(derived_buf + strlen(derived_buf) + 1, master_key, 350 376 master_keylen); 351 - ret = crypto_shash_tfm_digest(hash_tfm, derived_buf, derived_buf_len, 352 - derived_key); 377 + sha256(derived_buf, derived_buf_len, derived_key); 353 378 kfree_sensitive(derived_buf); 354 - return ret; 379 + return 0; 355 380 } 356 381 357 382 static struct skcipher_request *init_skcipher_req(const u8 *key, ··· 476 503 goto out; 477 504 478 505 digest = epayload->format + epayload->datablob_len; 479 - ret = calc_hmac(digest, derived_key, sizeof derived_key, 480 - epayload->format, epayload->datablob_len); 481 - if (!ret) 482 - dump_hmac(NULL, digest, HASH_SIZE); 506 + hmac_sha256_usingrawkey(derived_key, sizeof(derived_key), 507 + epayload->format, epayload->datablob_len, 508 + digest); 509 + dump_hmac(NULL, digest, HASH_SIZE); 483 510 out: 484 511 memzero_explicit(derived_key, sizeof(derived_key)); 485 512 return ret; ··· 507 534 } else 508 535 p = epayload->format; 509 536 510 - ret = calc_hmac(digest, derived_key, sizeof derived_key, p, len); 511 - if (ret < 0) 512 - goto out; 537 + hmac_sha256_usingrawkey(derived_key, sizeof(derived_key), p, len, 538 + digest); 513 539 ret = crypto_memneq(digest, epayload->format + epayload->datablob_len, 514 540 sizeof(digest)); 515 541 if (ret) { ··· 983 1011 { 984 1012 int ret; 985 1013 986 - hash_tfm = crypto_alloc_shash(hash_alg, 0, 0); 987 - if (IS_ERR(hash_tfm)) { 988 - pr_err("encrypted_key: can't allocate %s transform: %ld\n", 989 - hash_alg, PTR_ERR(hash_tfm)); 990 - return PTR_ERR(hash_tfm); 991 - } 992 - 993 1014 ret = aes_get_sizes(); 994 1015 if (ret < 0) 995 - goto out; 996 - ret = register_key_type(&key_type_encrypted); 997 - if (ret < 0) 998 - goto out; 999 - return 0; 1000 - out: 1001 - crypto_free_shash(hash_tfm); 1002 - return ret; 1003 - 1016 + return ret; 1017 + return register_key_type(&key_type_encrypted); 1004 1018 } 1005 1019 1006 1020 static void __exit cleanup_encrypted(void) 1007 1021 { 1008 - crypto_free_shash(hash_tfm); 1009 1022 unregister_key_type(&key_type_encrypted); 1010 1023 } 1011 1024
+2 -3
security/keys/trusted-keys/Kconfig
··· 5 5 bool "TPM-based trusted keys" 6 6 depends on TCG_TPM >= TRUSTED_KEYS 7 7 default y 8 - select CRYPTO 9 - select CRYPTO_HMAC 10 - select CRYPTO_SHA1 11 8 select CRYPTO_HASH_INFO 9 + select CRYPTO_LIB_SHA1 10 + select CRYPTO_LIB_UTILS 12 11 select ASN1_ENCODER 13 12 select OID_REGISTRY 14 13 select ASN1
+100 -188
security/keys/trusted-keys/trusted_tpm1.c
··· 7 7 */ 8 8 9 9 #include <crypto/hash_info.h> 10 + #include <crypto/sha1.h> 11 + #include <crypto/utils.h> 10 12 #include <linux/init.h> 11 13 #include <linux/slab.h> 12 14 #include <linux/parser.h> ··· 16 14 #include <linux/err.h> 17 15 #include <keys/trusted-type.h> 18 16 #include <linux/key-type.h> 19 - #include <linux/crypto.h> 20 - #include <crypto/hash.h> 21 - #include <crypto/sha1.h> 22 17 #include <linux/tpm.h> 23 18 #include <linux/tpm_command.h> 24 19 25 20 #include <keys/trusted_tpm.h> 26 21 27 - static const char hmac_alg[] = "hmac(sha1)"; 28 - static const char hash_alg[] = "sha1"; 29 22 static struct tpm_chip *chip; 30 23 static struct tpm_digest *digests; 31 24 32 - struct sdesc { 33 - struct shash_desc shash; 34 - char ctx[]; 25 + /* implementation specific TPM constants */ 26 + #define TPM_SIZE_OFFSET 2 27 + #define TPM_RETURN_OFFSET 6 28 + #define TPM_DATA_OFFSET 10 29 + 30 + #define LOAD32(buffer, offset) (ntohl(*(uint32_t *)&buffer[offset])) 31 + #define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset]) 32 + #define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset])) 33 + 34 + struct osapsess { 35 + uint32_t handle; 36 + unsigned char secret[SHA1_DIGEST_SIZE]; 37 + unsigned char enonce[TPM_NONCE_SIZE]; 35 38 }; 36 39 37 - static struct crypto_shash *hashalg; 38 - static struct crypto_shash *hmacalg; 40 + /* discrete values, but have to store in uint16_t for TPM use */ 41 + enum { 42 + SEAL_keytype = 1, 43 + SRK_keytype = 4 44 + }; 39 45 40 - static struct sdesc *init_sdesc(struct crypto_shash *alg) 46 + #define TPM_DEBUG 0 47 + 48 + #if TPM_DEBUG 49 + static inline void dump_options(struct trusted_key_options *o) 41 50 { 42 - struct sdesc *sdesc; 43 - int size; 44 - 45 - size = sizeof(struct shash_desc) + crypto_shash_descsize(alg); 46 - sdesc = kmalloc(size, GFP_KERNEL); 47 - if (!sdesc) 48 - return ERR_PTR(-ENOMEM); 49 - sdesc->shash.tfm = alg; 50 - return sdesc; 51 + pr_info("sealing key type %d\n", o->keytype); 52 + pr_info("sealing key handle %0X\n", o->keyhandle); 53 + pr_info("pcrlock %d\n", o->pcrlock); 54 + pr_info("pcrinfo %d\n", o->pcrinfo_len); 55 + print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, 56 + 16, 1, o->pcrinfo, o->pcrinfo_len, 0); 51 57 } 52 58 53 - static int TSS_sha1(const unsigned char *data, unsigned int datalen, 54 - unsigned char *digest) 59 + static inline void dump_sess(struct osapsess *s) 55 60 { 56 - struct sdesc *sdesc; 57 - int ret; 58 - 59 - sdesc = init_sdesc(hashalg); 60 - if (IS_ERR(sdesc)) { 61 - pr_info("can't alloc %s\n", hash_alg); 62 - return PTR_ERR(sdesc); 63 - } 64 - 65 - ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); 66 - kfree_sensitive(sdesc); 67 - return ret; 61 + print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, 62 + 16, 1, &s->handle, 4, 0); 63 + pr_info("secret:\n"); 64 + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 65 + 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); 66 + pr_info("trusted-key: enonce:\n"); 67 + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 68 + 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); 68 69 } 70 + 71 + static inline void dump_tpm_buf(unsigned char *buf) 72 + { 73 + int len; 74 + 75 + pr_info("\ntpm buffer\n"); 76 + len = LOAD32(buf, TPM_SIZE_OFFSET); 77 + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); 78 + } 79 + #else 80 + static inline void dump_options(struct trusted_key_options *o) 81 + { 82 + } 83 + 84 + static inline void dump_sess(struct osapsess *s) 85 + { 86 + } 87 + 88 + static inline void dump_tpm_buf(unsigned char *buf) 89 + { 90 + } 91 + #endif 69 92 70 93 static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, 71 94 unsigned int keylen, ...) 72 95 { 73 - struct sdesc *sdesc; 96 + struct hmac_sha1_ctx hmac_ctx; 74 97 va_list argp; 75 98 unsigned int dlen; 76 99 unsigned char *data; 77 - int ret; 100 + int ret = 0; 78 101 79 - sdesc = init_sdesc(hmacalg); 80 - if (IS_ERR(sdesc)) { 81 - pr_info("can't alloc %s\n", hmac_alg); 82 - return PTR_ERR(sdesc); 83 - } 84 - 85 - ret = crypto_shash_setkey(hmacalg, key, keylen); 86 - if (ret < 0) 87 - goto out; 88 - ret = crypto_shash_init(&sdesc->shash); 89 - if (ret < 0) 90 - goto out; 102 + hmac_sha1_init_usingrawkey(&hmac_ctx, key, keylen); 91 103 92 104 va_start(argp, keylen); 93 105 for (;;) { ··· 113 97 ret = -EINVAL; 114 98 break; 115 99 } 116 - ret = crypto_shash_update(&sdesc->shash, data, dlen); 117 - if (ret < 0) 118 - break; 100 + hmac_sha1_update(&hmac_ctx, data, dlen); 119 101 } 120 102 va_end(argp); 121 103 if (!ret) 122 - ret = crypto_shash_final(&sdesc->shash, digest); 123 - out: 124 - kfree_sensitive(sdesc); 104 + hmac_sha1_final(&hmac_ctx, digest); 125 105 return ret; 126 106 } 127 107 128 108 /* 129 109 * calculate authorization info fields to send to TPM 130 110 */ 131 - int TSS_authhmac(unsigned char *digest, const unsigned char *key, 111 + static int TSS_authhmac(unsigned char *digest, const unsigned char *key, 132 112 unsigned int keylen, unsigned char *h1, 133 113 unsigned char *h2, unsigned int h3, ...) 134 114 { 135 115 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 136 - struct sdesc *sdesc; 116 + struct sha1_ctx sha_ctx; 137 117 unsigned int dlen; 138 118 unsigned char *data; 139 119 unsigned char c; 140 - int ret; 120 + int ret = 0; 141 121 va_list argp; 142 122 143 123 if (!chip) 144 124 return -ENODEV; 145 125 146 - sdesc = init_sdesc(hashalg); 147 - if (IS_ERR(sdesc)) { 148 - pr_info("can't alloc %s\n", hash_alg); 149 - return PTR_ERR(sdesc); 150 - } 151 - 152 126 c = !!h3; 153 - ret = crypto_shash_init(&sdesc->shash); 154 - if (ret < 0) 155 - goto out; 127 + sha1_init(&sha_ctx); 156 128 va_start(argp, h3); 157 129 for (;;) { 158 130 dlen = va_arg(argp, unsigned int); ··· 151 147 ret = -EINVAL; 152 148 break; 153 149 } 154 - ret = crypto_shash_update(&sdesc->shash, data, dlen); 155 - if (ret < 0) 156 - break; 150 + sha1_update(&sha_ctx, data, dlen); 157 151 } 158 152 va_end(argp); 159 153 if (!ret) 160 - ret = crypto_shash_final(&sdesc->shash, paramdigest); 154 + sha1_final(&sha_ctx, paramdigest); 161 155 if (!ret) 162 156 ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, 163 157 paramdigest, TPM_NONCE_SIZE, h1, 164 158 TPM_NONCE_SIZE, h2, 1, &c, 0, 0); 165 - out: 166 - kfree_sensitive(sdesc); 167 159 return ret; 168 160 } 169 - EXPORT_SYMBOL_GPL(TSS_authhmac); 170 161 171 162 /* 172 163 * verify the AUTH1_COMMAND (Seal) result from TPM 173 164 */ 174 - int TSS_checkhmac1(unsigned char *buffer, 165 + static int TSS_checkhmac1(unsigned char *buffer, 175 166 const uint32_t command, 176 167 const unsigned char *ononce, 177 168 const unsigned char *key, ··· 181 182 unsigned char *authdata; 182 183 unsigned char testhmac[SHA1_DIGEST_SIZE]; 183 184 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 184 - struct sdesc *sdesc; 185 + struct sha1_ctx sha_ctx; 185 186 unsigned int dlen; 186 187 unsigned int dpos; 187 188 va_list argp; ··· 202 203 continueflag = authdata - 1; 203 204 enonce = continueflag - TPM_NONCE_SIZE; 204 205 205 - sdesc = init_sdesc(hashalg); 206 - if (IS_ERR(sdesc)) { 207 - pr_info("can't alloc %s\n", hash_alg); 208 - return PTR_ERR(sdesc); 209 - } 210 - ret = crypto_shash_init(&sdesc->shash); 211 - if (ret < 0) 212 - goto out; 213 - ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result, 214 - sizeof result); 215 - if (ret < 0) 216 - goto out; 217 - ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal, 218 - sizeof ordinal); 219 - if (ret < 0) 220 - goto out; 206 + sha1_init(&sha_ctx); 207 + sha1_update(&sha_ctx, (const u8 *)&result, sizeof(result)); 208 + sha1_update(&sha_ctx, (const u8 *)&ordinal, sizeof(ordinal)); 221 209 va_start(argp, keylen); 222 210 for (;;) { 223 211 dlen = va_arg(argp, unsigned int); 224 212 if (dlen == 0) 225 213 break; 226 214 dpos = va_arg(argp, unsigned int); 227 - ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); 228 - if (ret < 0) 229 - break; 215 + sha1_update(&sha_ctx, buffer + dpos, dlen); 230 216 } 231 217 va_end(argp); 232 - if (!ret) 233 - ret = crypto_shash_final(&sdesc->shash, paramdigest); 234 - if (ret < 0) 235 - goto out; 218 + sha1_final(&sha_ctx, paramdigest); 236 219 237 220 ret = TSS_rawhmac(testhmac, key, keylen, SHA1_DIGEST_SIZE, paramdigest, 238 221 TPM_NONCE_SIZE, enonce, TPM_NONCE_SIZE, ononce, 239 222 1, continueflag, 0, 0); 240 223 if (ret < 0) 241 - goto out; 224 + return ret; 242 225 243 - if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) 244 - ret = -EINVAL; 245 - out: 246 - kfree_sensitive(sdesc); 247 - return ret; 226 + if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) 227 + return -EINVAL; 228 + return 0; 248 229 } 249 - EXPORT_SYMBOL_GPL(TSS_checkhmac1); 250 230 251 231 /* 252 232 * verify the AUTH2_COMMAND (unseal) result from TPM ··· 251 273 unsigned char testhmac1[SHA1_DIGEST_SIZE]; 252 274 unsigned char testhmac2[SHA1_DIGEST_SIZE]; 253 275 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 254 - struct sdesc *sdesc; 276 + struct sha1_ctx sha_ctx; 255 277 unsigned int dlen; 256 278 unsigned int dpos; 257 279 va_list argp; ··· 274 296 enonce1 = continueflag1 - TPM_NONCE_SIZE; 275 297 enonce2 = continueflag2 - TPM_NONCE_SIZE; 276 298 277 - sdesc = init_sdesc(hashalg); 278 - if (IS_ERR(sdesc)) { 279 - pr_info("can't alloc %s\n", hash_alg); 280 - return PTR_ERR(sdesc); 281 - } 282 - ret = crypto_shash_init(&sdesc->shash); 283 - if (ret < 0) 284 - goto out; 285 - ret = crypto_shash_update(&sdesc->shash, (const u8 *)&result, 286 - sizeof result); 287 - if (ret < 0) 288 - goto out; 289 - ret = crypto_shash_update(&sdesc->shash, (const u8 *)&ordinal, 290 - sizeof ordinal); 291 - if (ret < 0) 292 - goto out; 299 + sha1_init(&sha_ctx); 300 + sha1_update(&sha_ctx, (const u8 *)&result, sizeof(result)); 301 + sha1_update(&sha_ctx, (const u8 *)&ordinal, sizeof(ordinal)); 293 302 294 303 va_start(argp, keylen2); 295 304 for (;;) { ··· 284 319 if (dlen == 0) 285 320 break; 286 321 dpos = va_arg(argp, unsigned int); 287 - ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); 288 - if (ret < 0) 289 - break; 322 + sha1_update(&sha_ctx, buffer + dpos, dlen); 290 323 } 291 324 va_end(argp); 292 - if (!ret) 293 - ret = crypto_shash_final(&sdesc->shash, paramdigest); 294 - if (ret < 0) 295 - goto out; 325 + sha1_final(&sha_ctx, paramdigest); 296 326 297 327 ret = TSS_rawhmac(testhmac1, key1, keylen1, SHA1_DIGEST_SIZE, 298 328 paramdigest, TPM_NONCE_SIZE, enonce1, 299 329 TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); 300 330 if (ret < 0) 301 - goto out; 302 - if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { 303 - ret = -EINVAL; 304 - goto out; 305 - } 331 + return ret; 332 + if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) 333 + return -EINVAL; 306 334 ret = TSS_rawhmac(testhmac2, key2, keylen2, SHA1_DIGEST_SIZE, 307 335 paramdigest, TPM_NONCE_SIZE, enonce2, 308 336 TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); 309 337 if (ret < 0) 310 - goto out; 311 - if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) 312 - ret = -EINVAL; 313 - out: 314 - kfree_sensitive(sdesc); 315 - return ret; 338 + return ret; 339 + if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE)) 340 + return -EINVAL; 341 + return 0; 316 342 } 317 343 318 344 /* 319 345 * For key specific tpm requests, we will generate and send our 320 346 * own TPM command packets using the drivers send function. 321 347 */ 322 - int trusted_tpm_send(unsigned char *cmd, size_t buflen) 348 + static int trusted_tpm_send(unsigned char *cmd, size_t buflen) 323 349 { 324 350 struct tpm_buf buf; 325 351 int rc; ··· 336 380 tpm_put_ops(chip); 337 381 return rc; 338 382 } 339 - EXPORT_SYMBOL_GPL(trusted_tpm_send); 340 383 341 384 /* 342 385 * Lock a trusted key, by extending a selected PCR. ··· 389 434 /* 390 435 * Create an object independent authorisation protocol (oiap) session 391 436 */ 392 - int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) 437 + static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) 393 438 { 394 439 int ret; 395 440 ··· 406 451 TPM_NONCE_SIZE); 407 452 return 0; 408 453 } 409 - EXPORT_SYMBOL_GPL(oiap); 410 454 411 455 struct tpm_digests { 412 456 unsigned char encauth[SHA1_DIGEST_SIZE]; ··· 452 498 /* calculate encrypted authorization value */ 453 499 memcpy(td->xorwork, sess.secret, SHA1_DIGEST_SIZE); 454 500 memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); 455 - ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); 456 - if (ret < 0) 457 - goto out; 501 + sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); 458 502 459 503 ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE); 460 504 if (ret < 0) ··· 941 989 return tpm_get_random(chip, key, key_len); 942 990 } 943 991 944 - static void trusted_shash_release(void) 945 - { 946 - if (hashalg) 947 - crypto_free_shash(hashalg); 948 - if (hmacalg) 949 - crypto_free_shash(hmacalg); 950 - } 951 - 952 - static int __init trusted_shash_alloc(void) 953 - { 954 - int ret; 955 - 956 - hmacalg = crypto_alloc_shash(hmac_alg, 0, 0); 957 - if (IS_ERR(hmacalg)) { 958 - pr_info("could not allocate crypto %s\n", 959 - hmac_alg); 960 - return PTR_ERR(hmacalg); 961 - } 962 - 963 - hashalg = crypto_alloc_shash(hash_alg, 0, 0); 964 - if (IS_ERR(hashalg)) { 965 - pr_info("could not allocate crypto %s\n", 966 - hash_alg); 967 - ret = PTR_ERR(hashalg); 968 - goto hashalg_fail; 969 - } 970 - 971 - return 0; 972 - 973 - hashalg_fail: 974 - crypto_free_shash(hmacalg); 975 - return ret; 976 - } 977 - 978 992 static int __init init_digests(void) 979 993 { 980 994 int i; ··· 967 1049 ret = init_digests(); 968 1050 if (ret < 0) 969 1051 goto err_put; 970 - ret = trusted_shash_alloc(); 971 - if (ret < 0) 972 - goto err_free; 973 1052 ret = register_key_type(&key_type_trusted); 974 1053 if (ret < 0) 975 - goto err_release; 1054 + goto err_free; 976 1055 return 0; 977 - err_release: 978 - trusted_shash_release(); 979 1056 err_free: 980 1057 kfree(digests); 981 1058 err_put: ··· 983 1070 if (chip) { 984 1071 put_device(&chip->dev); 985 1072 kfree(digests); 986 - trusted_shash_release(); 987 1073 unregister_key_type(&key_type_trusted); 988 1074 } 989 1075 }