Lines Matching refs:auth

230 	struct tpm2_auth *auth;  in tpm_buf_append_name()  local
245 auth = chip->auth; in tpm_buf_append_name()
246 WARN(auth->session != tpm_buf_length(buf), in tpm_buf_append_name()
249 auth->session += 4; in tpm_buf_append_name()
255 tpm2_read_public(chip, handle, auth->name[slot]); in tpm_buf_append_name()
261 auth->name_h[slot] = handle; in tpm_buf_append_name()
263 memcpy(auth->name[slot], name, name_size(name)); in tpm_buf_append_name()
325 struct tpm2_auth *auth; in tpm_buf_append_hmac_session() local
346 auth = chip->auth; in tpm_buf_append_hmac_session()
347 auth->attrs = attributes; in tpm_buf_append_hmac_session()
348 auth->passphrase_len = passphrase_len; in tpm_buf_append_hmac_session()
350 memcpy(auth->passphrase, passphrase, passphrase_len); in tpm_buf_append_hmac_session()
352 if (auth->session != tpm_buf_length(buf)) { in tpm_buf_append_hmac_session()
354 len = get_unaligned_be32(&buf->data[auth->session]); in tpm_buf_append_hmac_session()
355 if (4 + len + auth->session != tpm_buf_length(buf)) { in tpm_buf_append_hmac_session()
362 put_unaligned_be32(len, &buf->data[auth->session]); in tpm_buf_append_hmac_session()
369 memcpy(auth->our_nonce, nonce, sizeof(nonce)); in tpm_buf_append_hmac_session()
370 tpm_buf_append_u32(buf, auth->handle); in tpm_buf_append_hmac_session()
374 tpm_buf_append_u8(buf, auth->attrs); in tpm_buf_append_hmac_session()
491 struct tpm2_auth *auth) in tpm_buf_append_salt() argument
550 sg_init_one(d, auth->salt, EC_PT_SZ); in tpm_buf_append_salt()
561 tpm2_KDFe(auth->salt, "SECRET", x, chip->null_ec_key_x, auth->salt); in tpm_buf_append_salt()
588 struct tpm2_auth *auth = chip->auth; in tpm_buf_fill_hmac_session() local
597 if (!auth) in tpm_buf_fill_hmac_session()
601 auth->ordinal = head->ordinal; in tpm_buf_fill_hmac_session()
622 if (auth->name_h[i] != handle) { in tpm_buf_fill_hmac_session()
644 if (handle == auth->handle && auth->attrs == a) { in tpm_buf_fill_hmac_session()
650 auth->session = i; in tpm_buf_fill_hmac_session()
665 if (auth->attrs & TPM2_SA_DECRYPT) { in tpm_buf_fill_hmac_session()
669 tpm2_KDFa(auth->session_key, SHA256_DIGEST_SIZE in tpm_buf_fill_hmac_session()
670 + auth->passphrase_len, "CFB", auth->our_nonce, in tpm_buf_fill_hmac_session()
671 auth->tpm_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE, in tpm_buf_fill_hmac_session()
672 auth->scratch); in tpm_buf_fill_hmac_session()
675 aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES); in tpm_buf_fill_hmac_session()
676 aescfb_encrypt(&auth->aes_ctx, &buf->data[offset_p], in tpm_buf_fill_hmac_session()
678 auth->scratch + AES_KEY_BYTES); in tpm_buf_fill_hmac_session()
688 enum tpm2_mso_type mso = tpm2_handle_mso(auth->name_h[i]); in tpm_buf_fill_hmac_session()
693 sha256_update(&sctx, auth->name[i], in tpm_buf_fill_hmac_session()
694 name_size(auth->name[i])); in tpm_buf_fill_hmac_session()
696 __be32 h = cpu_to_be32(auth->name_h[i]); in tpm_buf_fill_hmac_session()
707 tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key) in tpm_buf_fill_hmac_session()
708 + auth->passphrase_len); in tpm_buf_fill_hmac_session()
710 sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce)); in tpm_buf_fill_hmac_session()
711 sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); in tpm_buf_fill_hmac_session()
712 sha256_update(&sctx, &auth->attrs, 1); in tpm_buf_fill_hmac_session()
713 tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key) in tpm_buf_fill_hmac_session()
714 + auth->passphrase_len, hmac); in tpm_buf_fill_hmac_session()
749 struct tpm2_auth *auth = chip->auth; in tpm_buf_check_hmac_response() local
757 if (!auth) in tpm_buf_check_hmac_response()
760 cc = be32_to_cpu(auth->ordinal); in tpm_buf_check_hmac_response()
762 if (auth->session >= TPM_HEADER_SIZE) { in tpm_buf_check_hmac_response()
789 for (i = 0; i < auth->session - 1; i++) { in tpm_buf_check_hmac_response()
801 memcpy(auth->tpm_nonce, &buf->data[offset_s], len); in tpm_buf_check_hmac_response()
818 sha256_update(&sctx, (u8 *)&auth->ordinal, sizeof(auth->ordinal)); in tpm_buf_check_hmac_response()
823 tpm2_hmac_init(&sctx, auth->session_key, sizeof(auth->session_key) in tpm_buf_check_hmac_response()
824 + auth->passphrase_len); in tpm_buf_check_hmac_response()
826 sha256_update(&sctx, auth->tpm_nonce, sizeof(auth->tpm_nonce)); in tpm_buf_check_hmac_response()
827 sha256_update(&sctx, auth->our_nonce, sizeof(auth->our_nonce)); in tpm_buf_check_hmac_response()
828 sha256_update(&sctx, &auth->attrs, 1); in tpm_buf_check_hmac_response()
830 tpm2_hmac_final(&sctx, auth->session_key, sizeof(auth->session_key) in tpm_buf_check_hmac_response()
831 + auth->passphrase_len, rphash); in tpm_buf_check_hmac_response()
840 if (auth->attrs & TPM2_SA_ENCRYPT) { in tpm_buf_check_hmac_response()
842 tpm2_KDFa(auth->session_key, SHA256_DIGEST_SIZE in tpm_buf_check_hmac_response()
843 + auth->passphrase_len, "CFB", auth->tpm_nonce, in tpm_buf_check_hmac_response()
844 auth->our_nonce, AES_KEY_BYTES + AES_BLOCK_SIZE, in tpm_buf_check_hmac_response()
845 auth->scratch); in tpm_buf_check_hmac_response()
848 aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES); in tpm_buf_check_hmac_response()
849 aescfb_decrypt(&auth->aes_ctx, &buf->data[offset_p], in tpm_buf_check_hmac_response()
851 auth->scratch + AES_KEY_BYTES); in tpm_buf_check_hmac_response()
855 if ((auth->attrs & TPM2_SA_CONTINUE_SESSION) == 0) { in tpm_buf_check_hmac_response()
858 tpm2_flush_context(chip, auth->handle); in tpm_buf_check_hmac_response()
860 kfree_sensitive(auth); in tpm_buf_check_hmac_response()
861 chip->auth = NULL; in tpm_buf_check_hmac_response()
864 auth->session = TPM_HEADER_SIZE; in tpm_buf_check_hmac_response()
883 struct tpm2_auth *auth = chip->auth; in tpm2_end_auth_session() local
885 if (!auth) in tpm2_end_auth_session()
888 tpm2_flush_context(chip, auth->handle); in tpm2_end_auth_session()
889 kfree_sensitive(auth); in tpm2_end_auth_session()
890 chip->auth = NULL; in tpm2_end_auth_session()
894 static int tpm2_parse_start_auth_session(struct tpm2_auth *auth, in tpm2_parse_start_auth_session() argument
906 if (tot_len != 4 + 2 + sizeof(auth->tpm_nonce)) in tpm2_parse_start_auth_session()
909 auth->handle = tpm_buf_read_u32(buf, &offset); in tpm2_parse_start_auth_session()
911 if (val != sizeof(auth->tpm_nonce)) in tpm2_parse_start_auth_session()
913 memcpy(auth->tpm_nonce, &buf->data[offset], sizeof(auth->tpm_nonce)); in tpm2_parse_start_auth_session()
915 tpm2_KDFa(auth->salt, sizeof(auth->salt), "ATH", auth->tpm_nonce, in tpm2_parse_start_auth_session()
916 auth->our_nonce, sizeof(auth->session_key), in tpm2_parse_start_auth_session()
917 auth->session_key); in tpm2_parse_start_auth_session()
971 struct tpm2_auth *auth; in tpm2_start_auth_session() local
976 if (chip->auth) { in tpm2_start_auth_session()
981 auth = kzalloc(sizeof(*auth), GFP_KERNEL); in tpm2_start_auth_session()
982 if (!auth) in tpm2_start_auth_session()
989 auth->session = TPM_HEADER_SIZE; in tpm2_start_auth_session()
1000 get_random_bytes(auth->our_nonce, sizeof(auth->our_nonce)); in tpm2_start_auth_session()
1001 tpm_buf_append_u16(&buf, sizeof(auth->our_nonce)); in tpm2_start_auth_session()
1002 tpm_buf_append(&buf, auth->our_nonce, sizeof(auth->our_nonce)); in tpm2_start_auth_session()
1005 tpm_buf_append_salt(&buf, chip, auth); in tpm2_start_auth_session()
1023 rc = tpm2_parse_start_auth_session(auth, &buf); in tpm2_start_auth_session()
1028 chip->auth = auth; in tpm2_start_auth_session()
1033 kfree_sensitive(auth); in tpm2_start_auth_session()