security/keys/trusted-keys/trusted_tpm1.c
Source file repositories/reference/linux-study-clean/security/keys/trusted-keys/trusted_tpm1.c
File Facts
- System
- Linux kernel
- Corpus path
security/keys/trusted-keys/trusted_tpm1.c- Extension
.c- Size
- 24292 bytes
- Lines
- 1004
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
crypto/hash_info.hcrypto/sha1.hcrypto/utils.hlinux/hex.hlinux/init.hlinux/slab.hlinux/parser.hlinux/string.hlinux/err.hkeys/trusted-type.hlinux/key-type.hlinux/tpm.hlinux/tpm_command.hkeys/trusted_tpm.h
Detected Declarations
struct osapsessstruct tpm_digestsfunction dump_optionsfunction dump_sessfunction dump_tpm_buffunction dump_optionsfunction TSS_authhmacfunction AUTH1_COMMANDfunction AUTH2_COMMANDfunction trusted_tpm_sendfunction pcrlockfunction protocolfunction protocolfunction sealfunction tpm_unsealfunction sealfunction unsealfunction getoptionsfunction trusted_tpm_sealfunction trusted_tpm_unsealfunction trusted_tpm_get_randomfunction init_digestsfunction trusted_tpm_initfunction trusted_tpm_exit
Annotated Snippet
struct osapsess {
uint32_t handle;
unsigned char secret[SHA1_DIGEST_SIZE];
unsigned char enonce[TPM_NONCE_SIZE];
};
/* discrete values, but have to store in uint16_t for TPM use */
enum {
SEAL_keytype = 1,
SRK_keytype = 4
};
#ifdef CONFIG_TRUSTED_KEYS_DEBUG
static inline void dump_options(struct trusted_key_options *o)
{
if (!trusted_debug)
return;
pr_debug("sealing key type %d\n", o->keytype);
pr_debug("sealing key handle %0X\n", o->keyhandle);
pr_debug("pcrlock %d\n", o->pcrlock);
pr_debug("pcrinfo %d\n", o->pcrinfo_len);
print_hex_dump_debug("pcrinfo ", DUMP_PREFIX_NONE,
16, 1, o->pcrinfo, o->pcrinfo_len, 0);
}
static inline void dump_sess(struct osapsess *s)
{
if (!trusted_debug)
return;
print_hex_dump_debug("trusted-key: handle ", DUMP_PREFIX_NONE,
16, 1, &s->handle, 4, 0);
pr_debug("secret:\n");
print_hex_dump_debug("", DUMP_PREFIX_NONE,
16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
pr_debug("trusted-key: enonce:\n");
print_hex_dump_debug("", DUMP_PREFIX_NONE,
16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0);
}
static inline void dump_tpm_buf(unsigned char *buf)
{
int len;
if (!trusted_debug)
return;
pr_debug("\ntpm buffer\n");
len = LOAD32(buf, TPM_SIZE_OFFSET);
print_hex_dump_debug("", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
}
#else
static inline void dump_options(struct trusted_key_options *o)
{
}
static inline void dump_sess(struct osapsess *s)
{
}
static inline void dump_tpm_buf(unsigned char *buf)
{
}
#endif
static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
unsigned int keylen, ...)
{
struct hmac_sha1_ctx hmac_ctx;
va_list argp;
unsigned int dlen;
unsigned char *data;
int ret = 0;
hmac_sha1_init_usingrawkey(&hmac_ctx, key, keylen);
va_start(argp, keylen);
for (;;) {
dlen = va_arg(argp, unsigned int);
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
if (data == NULL) {
ret = -EINVAL;
break;
}
hmac_sha1_update(&hmac_ctx, data, dlen);
}
va_end(argp);
if (!ret)
Annotation
- Immediate include surface: `crypto/hash_info.h`, `crypto/sha1.h`, `crypto/utils.h`, `linux/hex.h`, `linux/init.h`, `linux/slab.h`, `linux/parser.h`, `linux/string.h`.
- Detected declarations: `struct osapsess`, `struct tpm_digests`, `function dump_options`, `function dump_sess`, `function dump_tpm_buf`, `function dump_options`, `function TSS_authhmac`, `function AUTH1_COMMAND`, `function AUTH2_COMMAND`, `function trusted_tpm_send`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.