1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de> |
4 | */ |
5 | |
6 | #include <keys/trusted_caam.h> |
7 | #include <keys/trusted-type.h> |
8 | #include <linux/build_bug.h> |
9 | #include <linux/key-type.h> |
10 | #include <soc/fsl/caam-blob.h> |
11 | |
12 | static struct caam_blob_priv *blobifier; |
13 | |
14 | #define KEYMOD "SECURE_KEY" |
15 | |
16 | static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN); |
17 | static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN); |
18 | |
19 | static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) |
20 | { |
21 | int ret; |
22 | struct caam_blob_info info = { |
23 | .input = p->key, .input_len = p->key_len, |
24 | .output = p->blob, .output_len = MAX_BLOB_SIZE, |
25 | .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, |
26 | }; |
27 | |
28 | ret = caam_encap_blob(priv: blobifier, info: &info); |
29 | if (ret) |
30 | return ret; |
31 | |
32 | p->blob_len = info.output_len; |
33 | return 0; |
34 | } |
35 | |
36 | static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob) |
37 | { |
38 | int ret; |
39 | struct caam_blob_info info = { |
40 | .input = p->blob, .input_len = p->blob_len, |
41 | .output = p->key, .output_len = MAX_KEY_SIZE, |
42 | .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, |
43 | }; |
44 | |
45 | ret = caam_decap_blob(priv: blobifier, info: &info); |
46 | if (ret) |
47 | return ret; |
48 | |
49 | p->key_len = info.output_len; |
50 | return 0; |
51 | } |
52 | |
53 | static int trusted_caam_init(void) |
54 | { |
55 | int ret; |
56 | |
57 | blobifier = caam_blob_gen_init(); |
58 | if (IS_ERR(ptr: blobifier)) |
59 | return PTR_ERR(ptr: blobifier); |
60 | |
61 | ret = register_key_type(ktype: &key_type_trusted); |
62 | if (ret) |
63 | caam_blob_gen_exit(priv: blobifier); |
64 | |
65 | return ret; |
66 | } |
67 | |
68 | static void trusted_caam_exit(void) |
69 | { |
70 | unregister_key_type(ktype: &key_type_trusted); |
71 | caam_blob_gen_exit(priv: blobifier); |
72 | } |
73 | |
74 | struct trusted_key_ops trusted_key_caam_ops = { |
75 | .migratable = 0, /* non-migratable */ |
76 | .init = trusted_caam_init, |
77 | .seal = trusted_caam_seal, |
78 | .unseal = trusted_caam_unseal, |
79 | .exit = trusted_caam_exit, |
80 | }; |
81 | |