1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * Copyright (C) 2010 IBM Corporation |
4 | * Author: David Safford <safford@us.ibm.com> |
5 | */ |
6 | |
7 | #ifndef _KEYS_TRUSTED_TYPE_H |
8 | #define _KEYS_TRUSTED_TYPE_H |
9 | |
10 | #include <linux/key.h> |
11 | #include <linux/rcupdate.h> |
12 | #include <linux/tpm.h> |
13 | |
14 | #ifdef pr_fmt |
15 | #undef pr_fmt |
16 | #endif |
17 | |
18 | #define pr_fmt(fmt) "trusted_key: " fmt |
19 | |
20 | #define MIN_KEY_SIZE 32 |
21 | #define MAX_KEY_SIZE 128 |
22 | #define MAX_BLOB_SIZE 512 |
23 | #define MAX_PCRINFO_SIZE 64 |
24 | #define MAX_DIGEST_SIZE 64 |
25 | |
26 | struct trusted_key_payload { |
27 | struct rcu_head rcu; |
28 | unsigned int key_len; |
29 | unsigned int blob_len; |
30 | unsigned char migratable; |
31 | unsigned char old_format; |
32 | unsigned char key[MAX_KEY_SIZE + 1]; |
33 | unsigned char blob[MAX_BLOB_SIZE]; |
34 | }; |
35 | |
36 | struct trusted_key_options { |
37 | uint16_t keytype; |
38 | uint32_t keyhandle; |
39 | unsigned char keyauth[TPM_DIGEST_SIZE]; |
40 | uint32_t blobauth_len; |
41 | unsigned char blobauth[TPM_DIGEST_SIZE]; |
42 | uint32_t pcrinfo_len; |
43 | unsigned char pcrinfo[MAX_PCRINFO_SIZE]; |
44 | int pcrlock; |
45 | uint32_t hash; |
46 | uint32_t policydigest_len; |
47 | unsigned char policydigest[MAX_DIGEST_SIZE]; |
48 | uint32_t policyhandle; |
49 | }; |
50 | |
51 | struct trusted_key_ops { |
52 | /* |
53 | * flag to indicate if trusted key implementation supports migration |
54 | * or not. |
55 | */ |
56 | unsigned char migratable; |
57 | |
58 | /* Initialize key interface. */ |
59 | int (*init)(void); |
60 | |
61 | /* Seal a key. */ |
62 | int (*seal)(struct trusted_key_payload *p, char *datablob); |
63 | |
64 | /* Unseal a key. */ |
65 | int (*unseal)(struct trusted_key_payload *p, char *datablob); |
66 | |
67 | /* Optional: Get a randomized key. */ |
68 | int (*get_random)(unsigned char *key, size_t key_len); |
69 | |
70 | /* Exit key interface. */ |
71 | void (*exit)(void); |
72 | }; |
73 | |
74 | struct trusted_key_source { |
75 | char *name; |
76 | struct trusted_key_ops *ops; |
77 | }; |
78 | |
79 | extern struct key_type key_type_trusted; |
80 | |
81 | #define TRUSTED_DEBUG 0 |
82 | |
83 | #if TRUSTED_DEBUG |
84 | static inline void dump_payload(struct trusted_key_payload *p) |
85 | { |
86 | pr_info("key_len %d\n" , p->key_len); |
87 | print_hex_dump(KERN_INFO, "key " , DUMP_PREFIX_NONE, |
88 | 16, 1, p->key, p->key_len, 0); |
89 | pr_info("bloblen %d\n" , p->blob_len); |
90 | print_hex_dump(KERN_INFO, "blob " , DUMP_PREFIX_NONE, |
91 | 16, 1, p->blob, p->blob_len, 0); |
92 | pr_info("migratable %d\n" , p->migratable); |
93 | } |
94 | #else |
95 | static inline void dump_payload(struct trusted_key_payload *p) |
96 | { |
97 | } |
98 | #endif |
99 | |
100 | #endif /* _KEYS_TRUSTED_TYPE_H */ |
101 | |