aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/keys/trusted_defined.c34
1 files changed, 16 insertions, 18 deletions
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index 3dc3db15b5d9..975e9f29a52c 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -56,7 +56,7 @@ static struct sdesc *init_sdesc(struct crypto_shash *alg)
56 return sdesc; 56 return sdesc;
57} 57}
58 58
59static int TSS_sha1(const unsigned char *data, const unsigned int datalen, 59static int TSS_sha1(const unsigned char *data, unsigned int datalen,
60 unsigned char *digest) 60 unsigned char *digest)
61{ 61{
62 struct sdesc *sdesc; 62 struct sdesc *sdesc;
@@ -74,7 +74,7 @@ static int TSS_sha1(const unsigned char *data, const unsigned int datalen,
74} 74}
75 75
76static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, 76static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
77 const unsigned int keylen, ...) 77 unsigned int keylen, ...)
78{ 78{
79 struct sdesc *sdesc; 79 struct sdesc *sdesc;
80 va_list argp; 80 va_list argp;
@@ -119,7 +119,7 @@ out:
119 * calculate authorization info fields to send to TPM 119 * calculate authorization info fields to send to TPM
120 */ 120 */
121static int TSS_authhmac(unsigned char *digest, const unsigned char *key, 121static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
122 const unsigned int keylen, unsigned char *h1, 122 unsigned int keylen, unsigned char *h1,
123 unsigned char *h2, unsigned char h3, ...) 123 unsigned char *h2, unsigned char h3, ...)
124{ 124{
125 unsigned char paramdigest[SHA1_DIGEST_SIZE]; 125 unsigned char paramdigest[SHA1_DIGEST_SIZE];
@@ -170,7 +170,7 @@ static int TSS_checkhmac1(unsigned char *buffer,
170 const uint32_t command, 170 const uint32_t command,
171 const unsigned char *ononce, 171 const unsigned char *ononce,
172 const unsigned char *key, 172 const unsigned char *key,
173 const unsigned int keylen, ...) 173 unsigned int keylen, ...)
174{ 174{
175 uint32_t bufsize; 175 uint32_t bufsize;
176 uint16_t tag; 176 uint16_t tag;
@@ -252,9 +252,9 @@ static int TSS_checkhmac2(unsigned char *buffer,
252 const uint32_t command, 252 const uint32_t command,
253 const unsigned char *ononce, 253 const unsigned char *ononce,
254 const unsigned char *key1, 254 const unsigned char *key1,
255 const unsigned int keylen1, 255 unsigned int keylen1,
256 const unsigned char *key2, 256 const unsigned char *key2,
257 const unsigned int keylen2, ...) 257 unsigned int keylen2, ...)
258{ 258{
259 uint32_t bufsize; 259 uint32_t bufsize;
260 uint16_t tag; 260 uint16_t tag;
@@ -388,7 +388,7 @@ static int my_get_random(unsigned char *buf, int len)
388 struct tpm_buf *tb; 388 struct tpm_buf *tb;
389 int ret; 389 int ret;
390 390
391 tb = kzalloc(sizeof *tb, GFP_KERNEL); 391 tb = kmalloc(sizeof *tb, GFP_KERNEL);
392 if (!tb) 392 if (!tb)
393 return -ENOMEM; 393 return -ENOMEM;
394 ret = tpm_get_random(tb, buf, len); 394 ret = tpm_get_random(tb, buf, len);
@@ -420,8 +420,7 @@ static int pcrlock(const int pcrnum)
420 * Create an object specific authorisation protocol (OSAP) session 420 * Create an object specific authorisation protocol (OSAP) session
421 */ 421 */
422static int osap(struct tpm_buf *tb, struct osapsess *s, 422static int osap(struct tpm_buf *tb, struct osapsess *s,
423 const unsigned char *key, const uint16_t type, 423 const unsigned char *key, uint16_t type, uint32_t handle)
424 const uint32_t handle)
425{ 424{
426 unsigned char enonce[TPM_NONCE_SIZE]; 425 unsigned char enonce[TPM_NONCE_SIZE];
427 unsigned char ononce[TPM_NONCE_SIZE]; 426 unsigned char ononce[TPM_NONCE_SIZE];
@@ -485,12 +484,12 @@ struct tpm_digests {
485 * Have the TPM seal(encrypt) the trusted key, possibly based on 484 * Have the TPM seal(encrypt) the trusted key, possibly based on
486 * Platform Configuration Registers (PCRs). AUTH1 for sealing key. 485 * Platform Configuration Registers (PCRs). AUTH1 for sealing key.
487 */ 486 */
488static int tpm_seal(struct tpm_buf *tb, const uint16_t keytype, 487static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
489 const uint32_t keyhandle, const unsigned char *keyauth, 488 uint32_t keyhandle, const unsigned char *keyauth,
490 const unsigned char *data, const uint32_t datalen, 489 const unsigned char *data, uint32_t datalen,
491 unsigned char *blob, uint32_t *bloblen, 490 unsigned char *blob, uint32_t *bloblen,
492 const unsigned char *blobauth, 491 const unsigned char *blobauth,
493 const unsigned char *pcrinfo, const uint32_t pcrinfosize) 492 const unsigned char *pcrinfo, uint32_t pcrinfosize)
494{ 493{
495 struct osapsess sess; 494 struct osapsess sess;
496 struct tpm_digests *td; 495 struct tpm_digests *td;
@@ -599,8 +598,8 @@ static int tpm_seal(struct tpm_buf *tb, const uint16_t keytype,
599 * use the AUTH2_COMMAND form of unseal, to authorize both key and blob 598 * use the AUTH2_COMMAND form of unseal, to authorize both key and blob
600 */ 599 */
601static int tpm_unseal(struct tpm_buf *tb, 600static int tpm_unseal(struct tpm_buf *tb,
602 const uint32_t keyhandle, const unsigned char *keyauth, 601 uint32_t keyhandle, const unsigned char *keyauth,
603 const unsigned char *blob, const int bloblen, 602 const unsigned char *blob, int bloblen,
604 const unsigned char *blobauth, 603 const unsigned char *blobauth,
605 unsigned char *data, unsigned int *datalen) 604 unsigned char *data, unsigned int *datalen)
606{ 605{
@@ -913,7 +912,7 @@ static struct trusted_key_payload *trusted_payload_alloc(struct key *key)
913 * On success, return 0. Otherwise return errno. 912 * On success, return 0. Otherwise return errno.
914 */ 913 */
915static int trusted_instantiate(struct key *key, const void *data, 914static int trusted_instantiate(struct key *key, const void *data,
916 const size_t datalen) 915 size_t datalen)
917{ 916{
918 struct trusted_key_payload *payload = NULL; 917 struct trusted_key_payload *payload = NULL;
919 struct trusted_key_options *options = NULL; 918 struct trusted_key_options *options = NULL;
@@ -996,8 +995,7 @@ static void trusted_rcu_free(struct rcu_head *rcu)
996/* 995/*
997 * trusted_update - reseal an existing key with new PCR values 996 * trusted_update - reseal an existing key with new PCR values
998 */ 997 */
999static int trusted_update(struct key *key, const void *data, 998static int trusted_update(struct key *key, const void *data, size_t datalen)
1000 const size_t datalen)
1001{ 999{
1002 struct trusted_key_payload *p = key->payload.data; 1000 struct trusted_key_payload *p = key->payload.data;
1003 struct trusted_key_payload *new_p; 1001 struct trusted_key_payload *new_p;