KEYS: trusted_tpm1: Move private functionality out of public header

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Move functionality used only by trusted_tpm1.c out of the public header
<keys/trusted_tpm.h>. Specifically, change the exported functions into
static functions, since they are not used outside trusted_tpm1.c, and
move various other definitions and inline functions to trusted_tpm1.c.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

authored by

Eric Biggers and committed by

Jarkko Sakkinen 6 months ago 720a485d 366284cf

+72 -87

2 changed files

expand all

include

keys

trusted_tpm.h

security

keys

trusted-keys

trusted_tpm1.c

-79

include/keys/trusted_tpm.h

··· 5 5 #include <keys/trusted-type.h> 6 6 #include <linux/tpm_command.h> 7 7 8 - /* implementation specific TPM constants */ 9 - #define TPM_SIZE_OFFSET 2 10 - #define TPM_RETURN_OFFSET 6 11 - #define TPM_DATA_OFFSET 10 12 - 13 - #define LOAD32(buffer, offset) (ntohl(*(uint32_t *)&buffer[offset])) 14 - #define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset]) 15 - #define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset])) 16 - 17 8 extern struct trusted_key_ops trusted_key_tpm_ops; 18 - 19 - struct osapsess { 20 - uint32_t handle; 21 - unsigned char secret[SHA1_DIGEST_SIZE]; 22 - unsigned char enonce[TPM_NONCE_SIZE]; 23 - }; 24 - 25 - /* discrete values, but have to store in uint16_t for TPM use */ 26 - enum { 27 - SEAL_keytype = 1, 28 - SRK_keytype = 4 29 - }; 30 - 31 - int TSS_authhmac(unsigned char *digest, const unsigned char *key, 32 - unsigned int keylen, unsigned char *h1, 33 - unsigned char *h2, unsigned int h3, ...); 34 - int TSS_checkhmac1(unsigned char *buffer, 35 - const uint32_t command, 36 - const unsigned char *ononce, 37 - const unsigned char *key, 38 - unsigned int keylen, ...); 39 - 40 - int trusted_tpm_send(unsigned char *cmd, size_t buflen); 41 - int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce); 42 9 43 10 int tpm2_seal_trusted(struct tpm_chip *chip, 44 11 struct trusted_key_payload *payload, ··· 14 47 struct trusted_key_payload *payload, 15 48 struct trusted_key_options *options); 16 49 17 - #define TPM_DEBUG 0 18 - 19 - #if TPM_DEBUG 20 - static inline void dump_options(struct trusted_key_options *o) 21 - { 22 - pr_info("sealing key type %d\n", o->keytype); 23 - pr_info("sealing key handle %0X\n", o->keyhandle); 24 - pr_info("pcrlock %d\n", o->pcrlock); 25 - pr_info("pcrinfo %d\n", o->pcrinfo_len); 26 - print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, 27 - 16, 1, o->pcrinfo, o->pcrinfo_len, 0); 28 - } 29 - 30 - static inline void dump_sess(struct osapsess *s) 31 - { 32 - print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, 33 - 16, 1, &s->handle, 4, 0); 34 - pr_info("secret:\n"); 35 - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 36 - 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); 37 - pr_info("trusted-key: enonce:\n"); 38 - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 39 - 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); 40 - } 41 - 42 - static inline void dump_tpm_buf(unsigned char *buf) 43 - { 44 - int len; 45 - 46 - pr_info("\ntpm buffer\n"); 47 - len = LOAD32(buf, TPM_SIZE_OFFSET); 48 - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); 49 - } 50 - #else 51 - static inline void dump_options(struct trusted_key_options *o) 52 - { 53 - } 54 - 55 - static inline void dump_sess(struct osapsess *s) 56 - { 57 - } 58 - 59 - static inline void dump_tpm_buf(unsigned char *buf) 60 - { 61 - } 62 - #endif 63 50 #endif

+72 -8

security/keys/trusted-keys/trusted_tpm1.c

··· 24 24 static struct tpm_chip *chip; 25 25 static struct tpm_digest *digests; 26 26 27 + /* implementation specific TPM constants */ 28 + #define TPM_SIZE_OFFSET 2 29 + #define TPM_RETURN_OFFSET 6 30 + #define TPM_DATA_OFFSET 10 31 + 32 + #define LOAD32(buffer, offset) (ntohl(*(uint32_t *)&buffer[offset])) 33 + #define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset]) 34 + #define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset])) 35 + 36 + struct osapsess { 37 + uint32_t handle; 38 + unsigned char secret[SHA1_DIGEST_SIZE]; 39 + unsigned char enonce[TPM_NONCE_SIZE]; 40 + }; 41 + 42 + /* discrete values, but have to store in uint16_t for TPM use */ 43 + enum { 44 + SEAL_keytype = 1, 45 + SRK_keytype = 4 46 + }; 47 + 48 + #define TPM_DEBUG 0 49 + 50 + #if TPM_DEBUG 51 + static inline void dump_options(struct trusted_key_options *o) 52 + { 53 + pr_info("sealing key type %d\n", o->keytype); 54 + pr_info("sealing key handle %0X\n", o->keyhandle); 55 + pr_info("pcrlock %d\n", o->pcrlock); 56 + pr_info("pcrinfo %d\n", o->pcrinfo_len); 57 + print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, 58 + 16, 1, o->pcrinfo, o->pcrinfo_len, 0); 59 + } 60 + 61 + static inline void dump_sess(struct osapsess *s) 62 + { 63 + print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, 64 + 16, 1, &s->handle, 4, 0); 65 + pr_info("secret:\n"); 66 + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 67 + 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); 68 + pr_info("trusted-key: enonce:\n"); 69 + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 70 + 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); 71 + } 72 + 73 + static inline void dump_tpm_buf(unsigned char *buf) 74 + { 75 + int len; 76 + 77 + pr_info("\ntpm buffer\n"); 78 + len = LOAD32(buf, TPM_SIZE_OFFSET); 79 + print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); 80 + } 81 + #else 82 + static inline void dump_options(struct trusted_key_options *o) 83 + { 84 + } 85 + 86 + static inline void dump_sess(struct osapsess *s) 87 + { 88 + } 89 + 90 + static inline void dump_tpm_buf(unsigned char *buf) 91 + { 92 + } 93 + #endif 94 + 27 95 static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, 28 96 unsigned int keylen, ...) 29 97 { ··· 124 56 /* 125 57 * calculate authorization info fields to send to TPM 126 58 */ 127 - int TSS_authhmac(unsigned char *digest, const unsigned char *key, 59 + static int TSS_authhmac(unsigned char *digest, const unsigned char *key, 128 60 unsigned int keylen, unsigned char *h1, 129 61 unsigned char *h2, unsigned int h3, ...) 130 62 { ··· 162 94 TPM_NONCE_SIZE, h2, 1, &c, 0, 0); 163 95 return ret; 164 96 } 165 - EXPORT_SYMBOL_GPL(TSS_authhmac); 166 97 167 98 /* 168 99 * verify the AUTH1_COMMAND (Seal) result from TPM 169 100 */ 170 - int TSS_checkhmac1(unsigned char *buffer, 101 + static int TSS_checkhmac1(unsigned char *buffer, 171 102 const uint32_t command, 172 103 const unsigned char *ononce, 173 104 const unsigned char *key, ··· 226 159 return -EINVAL; 227 160 return 0; 228 161 } 229 - EXPORT_SYMBOL_GPL(TSS_checkhmac1); 230 162 231 163 /* 232 164 * verify the AUTH2_COMMAND (unseal) result from TPM ··· 310 244 * For key specific tpm requests, we will generate and send our 311 245 * own TPM command packets using the drivers send function. 312 246 */ 313 - int trusted_tpm_send(unsigned char *cmd, size_t buflen) 247 + static int trusted_tpm_send(unsigned char *cmd, size_t buflen) 314 248 { 315 249 struct tpm_buf buf; 316 250 int rc; ··· 336 270 tpm_put_ops(chip); 337 271 return rc; 338 272 } 339 - EXPORT_SYMBOL_GPL(trusted_tpm_send); 340 273 341 274 /* 342 275 * Lock a trusted key, by extending a selected PCR. ··· 389 324 /* 390 325 * Create an object independent authorisation protocol (oiap) session 391 326 */ 392 - int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) 327 + static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) 393 328 { 394 329 int ret; 395 330 ··· 406 341 TPM_NONCE_SIZE); 407 342 return 0; 408 343 } 409 - EXPORT_SYMBOL_GPL(oiap); 410 344 411 345 struct tpm_digests { 412 346 unsigned char encauth[SHA1_DIGEST_SIZE];