rjmcmahon
/
umber-kernel
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
umber-kernel/include
History
James Bottomley 1085b8276b tpm: Add the rest of the session HMAC API 
The final pieces of the HMAC API are for manipulating the session area
of the command.  To add an authentication HMAC session
tpm_buf_append_hmac_session() is called where tpm2_append_auth() would
go. If a non empty password is passed in, this is correctly added to
the HMAC to prove knowledge of it without revealing it.  Note that if
the session is only used to encrypt or decrypt parameters (no
authentication) then tpm_buf_append_hmac_session_opt() must be used
instead.  This functions identically to tpm_buf_append_hmac_session()
when TPM_BUS_SECURITY is enabled, but differently when it isn't,
because effectively nothing is appended to the session area.

Next the parameters should be filled in for the command and finally
tpm_buf_fill_hmac_session() is called immediately prior to transmitting
the command which computes the correct HMAC and places it in the
command at the session location in the tpm buffer

Finally, after tpm_transmit_cmd() is called,
tpm_buf_check_hmac_response() is called to check that the returned
HMAC matched and collect the new state for the next use of the
session, if any.

The features of the session are controlled by the session attributes
set in tpm_buf_append_hmac_session().  If TPM2_SA_CONTINUE_SESSION is
not specified, the session will be flushed and the tpm2_auth structure
freed in tpm_buf_check_hmac_response(); otherwise the session may be
used again.  Parameter encryption is specified by or'ing the flag
TPM2_SA_DECRYPT and response encryption by or'ing the flag
TPM2_SA_ENCRYPT.  the various encryptions will be taken care of by
tpm_buf_fill_hmac_session() and tpm_buf_check_hmac_response()
respectively.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> # crypto API parts
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
 		2024-05-09 22:30:51 +03:00
..
acpi ACPI: bus: allow _UID matching for integer zero 2024-04-08 16:57:51 +02:00
asm-generic sched: Add missing memory barrier in switch_mm_cid 2024-04-16 13:59:45 +02:00
clocksource
crypto crypto: lib - implement library version of AES in CFB mode 2024-05-09 22:30:51 +03:00
drm
dt-bindings
keys tpm: Store the length of the tpm_buf data separately. 2024-05-09 22:30:51 +03:00
kunit
kvm
linux tpm: Add the rest of the session HMAC API 2024-05-09 22:30:51 +03:00
math-emu
media
memory
misc
net net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-02 11:02:48 +02:00
pcmcia
ras
rdma
rv
scsi
soc
sound ASoC: Fixes for v6.9 2024-05-01 18:05:13 +02:00
target
trace 11 hotfixes. 8 are cc:stable and the remaining 3 (nice ratio!) address 2024-04-26 13:48:03 -07:00
uapi drm fixes for 6.9-rc6 2024-04-26 10:47:18 -07:00
ufs
vdso
video
xen