1/*
 2 * Copyright (C) 2010 IBM Corporation
 3 * Author: David Safford <safford@us.ibm.com>
 4 *
 5 * This program is free software; you can redistribute it and/or modify
 6 * it under the terms of the GNU General Public License as published by
 7 * the Free Software Foundation, version 2 of the License.
 8 */
 9
10#ifndef _KEYS_TRUSTED_TYPE_H
11#define _KEYS_TRUSTED_TYPE_H
12
13#include <linux/key.h>
14#include <linux/rcupdate.h>
 
 
 
 
 
 
 
15
16#define MIN_KEY_SIZE			32
17#define MAX_KEY_SIZE			128
18#define MAX_BLOB_SIZE			320
 
 
19
20struct trusted_key_payload {
21	struct rcu_head rcu;
22	unsigned int key_len;
23	unsigned int blob_len;
24	unsigned char migratable;
 
25	unsigned char key[MAX_KEY_SIZE + 1];
26	unsigned char blob[MAX_BLOB_SIZE];
27};
28
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
29extern struct key_type key_type_trusted;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
30
31#endif /* _KEYS_TRUSTED_TYPE_H */

  1/* SPDX-License-Identifier: GPL-2.0-only */
  2/*
  3 * Copyright (C) 2010 IBM Corporation
  4 * Author: David Safford <safford@us.ibm.com>
 
 
 
 
  5 */
  6
  7#ifndef _KEYS_TRUSTED_TYPE_H
  8#define _KEYS_TRUSTED_TYPE_H
  9
 10#include <linux/key.h>
 11#include <linux/rcupdate.h>
 12#include <linux/tpm.h>
 13
 14#ifdef pr_fmt
 15#undef pr_fmt
 16#endif
 17
 18#define pr_fmt(fmt) "trusted_key: " fmt
 19
 20#define MIN_KEY_SIZE			32
 21#define MAX_KEY_SIZE			128
 22#define MAX_BLOB_SIZE			512
 23#define MAX_PCRINFO_SIZE		64
 24#define MAX_DIGEST_SIZE			64
 25
 26struct trusted_key_payload {
 27	struct rcu_head rcu;
 28	unsigned int key_len;
 29	unsigned int blob_len;
 30	unsigned char migratable;
 31	unsigned char old_format;
 32	unsigned char key[MAX_KEY_SIZE + 1];
 33	unsigned char blob[MAX_BLOB_SIZE];
 34};
 35
 36struct trusted_key_options {
 37	uint16_t keytype;
 38	uint32_t keyhandle;
 39	unsigned char keyauth[TPM_DIGEST_SIZE];
 40	uint32_t blobauth_len;
 41	unsigned char blobauth[TPM_DIGEST_SIZE];
 42	uint32_t pcrinfo_len;
 43	unsigned char pcrinfo[MAX_PCRINFO_SIZE];
 44	int pcrlock;
 45	uint32_t hash;
 46	uint32_t policydigest_len;
 47	unsigned char policydigest[MAX_DIGEST_SIZE];
 48	uint32_t policyhandle;
 49};
 50
 51struct trusted_key_ops {
 52	/*
 53	 * flag to indicate if trusted key implementation supports migration
 54	 * or not.
 55	 */
 56	unsigned char migratable;
 57
 58	/* Initialize key interface. */
 59	int (*init)(void);
 60
 61	/* Seal a key. */
 62	int (*seal)(struct trusted_key_payload *p, char *datablob);
 63
 64	/* Unseal a key. */
 65	int (*unseal)(struct trusted_key_payload *p, char *datablob);
 66
 67	/* Optional: Get a randomized key. */
 68	int (*get_random)(unsigned char *key, size_t key_len);
 69
 70	/* Exit key interface. */
 71	void (*exit)(void);
 72};
 73
 74struct trusted_key_source {
 75	char *name;
 76	struct trusted_key_ops *ops;
 77};
 78
 79extern struct key_type key_type_trusted;
 80
 81#define TRUSTED_DEBUG 0
 82
 83#if TRUSTED_DEBUG
 84static inline void dump_payload(struct trusted_key_payload *p)
 85{
 86	pr_info("key_len %d\n", p->key_len);
 87	print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
 88		       16, 1, p->key, p->key_len, 0);
 89	pr_info("bloblen %d\n", p->blob_len);
 90	print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
 91		       16, 1, p->blob, p->blob_len, 0);
 92	pr_info("migratable %d\n", p->migratable);
 93}
 94#else
 95static inline void dump_payload(struct trusted_key_payload *p)
 96{
 97}
 98#endif
 99
100#endif /* _KEYS_TRUSTED_TYPE_H */