diff options
-rw-r--r-- | security/keys/trusted_defined.c | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 3dc3db15b5d9..975e9f29a52c 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c | |||
@@ -56,7 +56,7 @@ static struct sdesc *init_sdesc(struct crypto_shash *alg) | |||
56 | return sdesc; | 56 | return sdesc; |
57 | } | 57 | } |
58 | 58 | ||
59 | static int TSS_sha1(const unsigned char *data, const unsigned int datalen, | 59 | static int TSS_sha1(const unsigned char *data, unsigned int datalen, |
60 | unsigned char *digest) | 60 | unsigned char *digest) |
61 | { | 61 | { |
62 | struct sdesc *sdesc; | 62 | struct sdesc *sdesc; |
@@ -74,7 +74,7 @@ static int TSS_sha1(const unsigned char *data, const unsigned int datalen, | |||
74 | } | 74 | } |
75 | 75 | ||
76 | static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, | 76 | static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, |
77 | const unsigned int keylen, ...) | 77 | unsigned int keylen, ...) |
78 | { | 78 | { |
79 | struct sdesc *sdesc; | 79 | struct sdesc *sdesc; |
80 | va_list argp; | 80 | va_list argp; |
@@ -119,7 +119,7 @@ out: | |||
119 | * calculate authorization info fields to send to TPM | 119 | * calculate authorization info fields to send to TPM |
120 | */ | 120 | */ |
121 | static int TSS_authhmac(unsigned char *digest, const unsigned char *key, | 121 | static int TSS_authhmac(unsigned char *digest, const unsigned char *key, |
122 | const unsigned int keylen, unsigned char *h1, | 122 | unsigned int keylen, unsigned char *h1, |
123 | unsigned char *h2, unsigned char h3, ...) | 123 | unsigned char *h2, unsigned char h3, ...) |
124 | { | 124 | { |
125 | unsigned char paramdigest[SHA1_DIGEST_SIZE]; | 125 | unsigned char paramdigest[SHA1_DIGEST_SIZE]; |
@@ -170,7 +170,7 @@ static int TSS_checkhmac1(unsigned char *buffer, | |||
170 | const uint32_t command, | 170 | const uint32_t command, |
171 | const unsigned char *ononce, | 171 | const unsigned char *ononce, |
172 | const unsigned char *key, | 172 | const unsigned char *key, |
173 | const unsigned int keylen, ...) | 173 | unsigned int keylen, ...) |
174 | { | 174 | { |
175 | uint32_t bufsize; | 175 | uint32_t bufsize; |
176 | uint16_t tag; | 176 | uint16_t tag; |
@@ -252,9 +252,9 @@ static int TSS_checkhmac2(unsigned char *buffer, | |||
252 | const uint32_t command, | 252 | const uint32_t command, |
253 | const unsigned char *ononce, | 253 | const unsigned char *ononce, |
254 | const unsigned char *key1, | 254 | const unsigned char *key1, |
255 | const unsigned int keylen1, | 255 | unsigned int keylen1, |
256 | const unsigned char *key2, | 256 | const unsigned char *key2, |
257 | const unsigned int keylen2, ...) | 257 | unsigned int keylen2, ...) |
258 | { | 258 | { |
259 | uint32_t bufsize; | 259 | uint32_t bufsize; |
260 | uint16_t tag; | 260 | uint16_t tag; |
@@ -388,7 +388,7 @@ static int my_get_random(unsigned char *buf, int len) | |||
388 | struct tpm_buf *tb; | 388 | struct tpm_buf *tb; |
389 | int ret; | 389 | int ret; |
390 | 390 | ||
391 | tb = kzalloc(sizeof *tb, GFP_KERNEL); | 391 | tb = kmalloc(sizeof *tb, GFP_KERNEL); |
392 | if (!tb) | 392 | if (!tb) |
393 | return -ENOMEM; | 393 | return -ENOMEM; |
394 | ret = tpm_get_random(tb, buf, len); | 394 | ret = tpm_get_random(tb, buf, len); |
@@ -420,8 +420,7 @@ static int pcrlock(const int pcrnum) | |||
420 | * Create an object specific authorisation protocol (OSAP) session | 420 | * Create an object specific authorisation protocol (OSAP) session |
421 | */ | 421 | */ |
422 | static int osap(struct tpm_buf *tb, struct osapsess *s, | 422 | static int osap(struct tpm_buf *tb, struct osapsess *s, |
423 | const unsigned char *key, const uint16_t type, | 423 | const unsigned char *key, uint16_t type, uint32_t handle) |
424 | const uint32_t handle) | ||
425 | { | 424 | { |
426 | unsigned char enonce[TPM_NONCE_SIZE]; | 425 | unsigned char enonce[TPM_NONCE_SIZE]; |
427 | unsigned char ononce[TPM_NONCE_SIZE]; | 426 | unsigned char ononce[TPM_NONCE_SIZE]; |
@@ -485,12 +484,12 @@ struct tpm_digests { | |||
485 | * Have the TPM seal(encrypt) the trusted key, possibly based on | 484 | * Have the TPM seal(encrypt) the trusted key, possibly based on |
486 | * Platform Configuration Registers (PCRs). AUTH1 for sealing key. | 485 | * Platform Configuration Registers (PCRs). AUTH1 for sealing key. |
487 | */ | 486 | */ |
488 | static int tpm_seal(struct tpm_buf *tb, const uint16_t keytype, | 487 | static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, |
489 | const uint32_t keyhandle, const unsigned char *keyauth, | 488 | uint32_t keyhandle, const unsigned char *keyauth, |
490 | const unsigned char *data, const uint32_t datalen, | 489 | const unsigned char *data, uint32_t datalen, |
491 | unsigned char *blob, uint32_t *bloblen, | 490 | unsigned char *blob, uint32_t *bloblen, |
492 | const unsigned char *blobauth, | 491 | const unsigned char *blobauth, |
493 | const unsigned char *pcrinfo, const uint32_t pcrinfosize) | 492 | const unsigned char *pcrinfo, uint32_t pcrinfosize) |
494 | { | 493 | { |
495 | struct osapsess sess; | 494 | struct osapsess sess; |
496 | struct tpm_digests *td; | 495 | struct tpm_digests *td; |
@@ -599,8 +598,8 @@ static int tpm_seal(struct tpm_buf *tb, const uint16_t keytype, | |||
599 | * use the AUTH2_COMMAND form of unseal, to authorize both key and blob | 598 | * use the AUTH2_COMMAND form of unseal, to authorize both key and blob |
600 | */ | 599 | */ |
601 | static int tpm_unseal(struct tpm_buf *tb, | 600 | static int tpm_unseal(struct tpm_buf *tb, |
602 | const uint32_t keyhandle, const unsigned char *keyauth, | 601 | uint32_t keyhandle, const unsigned char *keyauth, |
603 | const unsigned char *blob, const int bloblen, | 602 | const unsigned char *blob, int bloblen, |
604 | const unsigned char *blobauth, | 603 | const unsigned char *blobauth, |
605 | unsigned char *data, unsigned int *datalen) | 604 | unsigned char *data, unsigned int *datalen) |
606 | { | 605 | { |
@@ -913,7 +912,7 @@ static struct trusted_key_payload *trusted_payload_alloc(struct key *key) | |||
913 | * On success, return 0. Otherwise return errno. | 912 | * On success, return 0. Otherwise return errno. |
914 | */ | 913 | */ |
915 | static int trusted_instantiate(struct key *key, const void *data, | 914 | static int trusted_instantiate(struct key *key, const void *data, |
916 | const size_t datalen) | 915 | size_t datalen) |
917 | { | 916 | { |
918 | struct trusted_key_payload *payload = NULL; | 917 | struct trusted_key_payload *payload = NULL; |
919 | struct trusted_key_options *options = NULL; | 918 | struct trusted_key_options *options = NULL; |
@@ -996,8 +995,7 @@ static void trusted_rcu_free(struct rcu_head *rcu) | |||
996 | /* | 995 | /* |
997 | * trusted_update - reseal an existing key with new PCR values | 996 | * trusted_update - reseal an existing key with new PCR values |
998 | */ | 997 | */ |
999 | static int trusted_update(struct key *key, const void *data, | 998 | static int trusted_update(struct key *key, const void *data, size_t datalen) |
1000 | const size_t datalen) | ||
1001 | { | 999 | { |
1002 | struct trusted_key_payload *p = key->payload.data; | 1000 | struct trusted_key_payload *p = key->payload.data; |
1003 | struct trusted_key_payload *new_p; | 1001 | struct trusted_key_payload *new_p; |