Loading...
1/*
2 * Copyright (C) 2010 IBM Corporation
3 * Author: David Safford <safford@us.ibm.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, version 2 of the License.
8 */
9
10#ifndef _KEYS_TRUSTED_TYPE_H
11#define _KEYS_TRUSTED_TYPE_H
12
13#include <linux/key.h>
14#include <linux/rcupdate.h>
15#include <linux/tpm.h>
16
17#define MIN_KEY_SIZE 32
18#define MAX_KEY_SIZE 128
19#define MAX_BLOB_SIZE 512
20#define MAX_PCRINFO_SIZE 64
21#define MAX_DIGEST_SIZE 64
22
23struct trusted_key_payload {
24 struct rcu_head rcu;
25 unsigned int key_len;
26 unsigned int blob_len;
27 unsigned char migratable;
28 unsigned char key[MAX_KEY_SIZE + 1];
29 unsigned char blob[MAX_BLOB_SIZE];
30};
31
32struct trusted_key_options {
33 uint16_t keytype;
34 uint32_t keyhandle;
35 unsigned char keyauth[TPM_DIGEST_SIZE];
36 unsigned char blobauth[TPM_DIGEST_SIZE];
37 uint32_t pcrinfo_len;
38 unsigned char pcrinfo[MAX_PCRINFO_SIZE];
39 int pcrlock;
40 uint32_t hash;
41 uint32_t policydigest_len;
42 unsigned char policydigest[MAX_DIGEST_SIZE];
43 uint32_t policyhandle;
44};
45
46extern struct key_type key_type_trusted;
47
48#endif /* _KEYS_TRUSTED_TYPE_H */
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * Copyright (C) 2010 IBM Corporation
4 * Author: David Safford <safford@us.ibm.com>
5 */
6
7#ifndef _KEYS_TRUSTED_TYPE_H
8#define _KEYS_TRUSTED_TYPE_H
9
10#include <linux/key.h>
11#include <linux/rcupdate.h>
12#include <linux/tpm.h>
13
14#ifdef pr_fmt
15#undef pr_fmt
16#endif
17
18#define pr_fmt(fmt) "trusted_key: " fmt
19
20#define MIN_KEY_SIZE 32
21#define MAX_KEY_SIZE 128
22#define MAX_BLOB_SIZE 512
23#define MAX_PCRINFO_SIZE 64
24#define MAX_DIGEST_SIZE 64
25
26struct trusted_key_payload {
27 struct rcu_head rcu;
28 unsigned int key_len;
29 unsigned int blob_len;
30 unsigned char migratable;
31 unsigned char old_format;
32 unsigned char key[MAX_KEY_SIZE + 1];
33 unsigned char blob[MAX_BLOB_SIZE];
34};
35
36struct trusted_key_options {
37 uint16_t keytype;
38 uint32_t keyhandle;
39 unsigned char keyauth[TPM_DIGEST_SIZE];
40 uint32_t blobauth_len;
41 unsigned char blobauth[TPM_DIGEST_SIZE];
42 uint32_t pcrinfo_len;
43 unsigned char pcrinfo[MAX_PCRINFO_SIZE];
44 int pcrlock;
45 uint32_t hash;
46 uint32_t policydigest_len;
47 unsigned char policydigest[MAX_DIGEST_SIZE];
48 uint32_t policyhandle;
49};
50
51struct trusted_key_ops {
52 /*
53 * flag to indicate if trusted key implementation supports migration
54 * or not.
55 */
56 unsigned char migratable;
57
58 /* Initialize key interface. */
59 int (*init)(void);
60
61 /* Seal a key. */
62 int (*seal)(struct trusted_key_payload *p, char *datablob);
63
64 /* Unseal a key. */
65 int (*unseal)(struct trusted_key_payload *p, char *datablob);
66
67 /* Optional: Get a randomized key. */
68 int (*get_random)(unsigned char *key, size_t key_len);
69
70 /* Exit key interface. */
71 void (*exit)(void);
72};
73
74struct trusted_key_source {
75 char *name;
76 struct trusted_key_ops *ops;
77};
78
79extern struct key_type key_type_trusted;
80
81#define TRUSTED_DEBUG 0
82
83#if TRUSTED_DEBUG
84static inline void dump_payload(struct trusted_key_payload *p)
85{
86 pr_info("key_len %d\n", p->key_len);
87 print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
88 16, 1, p->key, p->key_len, 0);
89 pr_info("bloblen %d\n", p->blob_len);
90 print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
91 16, 1, p->blob, p->blob_len, 0);
92 pr_info("migratable %d\n", p->migratable);
93}
94#else
95static inline void dump_payload(struct trusted_key_payload *p)
96{
97}
98#endif
99
100#endif /* _KEYS_TRUSTED_TYPE_H */