Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
4 */
5
6#include <keys/trusted_caam.h>
7#include <keys/trusted-type.h>
8#include <linux/build_bug.h>
9#include <linux/key-type.h>
10#include <soc/fsl/caam-blob.h>
11
12static struct caam_blob_priv *blobifier;
13
14#define KEYMOD "SECURE_KEY"
15
16static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN);
17static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN);
18
19static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob)
20{
21 int ret;
22 struct caam_blob_info info = {
23 .input = p->key, .input_len = p->key_len,
24 .output = p->blob, .output_len = MAX_BLOB_SIZE,
25 .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
26 };
27
28 ret = caam_encap_blob(blobifier, &info);
29 if (ret)
30 return ret;
31
32 p->blob_len = info.output_len;
33 return 0;
34}
35
36static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob)
37{
38 int ret;
39 struct caam_blob_info info = {
40 .input = p->blob, .input_len = p->blob_len,
41 .output = p->key, .output_len = MAX_KEY_SIZE,
42 .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
43 };
44
45 ret = caam_decap_blob(blobifier, &info);
46 if (ret)
47 return ret;
48
49 p->key_len = info.output_len;
50 return 0;
51}
52
53static int trusted_caam_init(void)
54{
55 int ret;
56
57 blobifier = caam_blob_gen_init();
58 if (IS_ERR(blobifier))
59 return PTR_ERR(blobifier);
60
61 ret = register_key_type(&key_type_trusted);
62 if (ret)
63 caam_blob_gen_exit(blobifier);
64
65 return ret;
66}
67
68static void trusted_caam_exit(void)
69{
70 unregister_key_type(&key_type_trusted);
71 caam_blob_gen_exit(blobifier);
72}
73
74struct trusted_key_ops trusted_key_caam_ops = {
75 .migratable = 0, /* non-migratable */
76 .init = trusted_caam_init,
77 .seal = trusted_caam_seal,
78 .unseal = trusted_caam_unseal,
79 .exit = trusted_caam_exit,
80};
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
4 */
5
6#include <keys/trusted_caam.h>
7#include <keys/trusted-type.h>
8#include <linux/build_bug.h>
9#include <linux/key-type.h>
10#include <soc/fsl/caam-blob.h>
11
12static struct caam_blob_priv *blobifier;
13
14#define KEYMOD "SECURE_KEY"
15
16static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN);
17static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN);
18
19static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob)
20{
21 int ret;
22 struct caam_blob_info info = {
23 .input = p->key, .input_len = p->key_len,
24 .output = p->blob, .output_len = MAX_BLOB_SIZE,
25 .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
26 };
27
28 ret = caam_encap_blob(blobifier, &info);
29 if (ret)
30 return ret;
31
32 p->blob_len = info.output_len;
33 return 0;
34}
35
36static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob)
37{
38 int ret;
39 struct caam_blob_info info = {
40 .input = p->blob, .input_len = p->blob_len,
41 .output = p->key, .output_len = MAX_KEY_SIZE,
42 .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
43 };
44
45 ret = caam_decap_blob(blobifier, &info);
46 if (ret)
47 return ret;
48
49 p->key_len = info.output_len;
50 return 0;
51}
52
53static int trusted_caam_init(void)
54{
55 int ret;
56
57 blobifier = caam_blob_gen_init();
58 if (IS_ERR(blobifier))
59 return PTR_ERR(blobifier);
60
61 ret = register_key_type(&key_type_trusted);
62 if (ret)
63 caam_blob_gen_exit(blobifier);
64
65 return ret;
66}
67
68static void trusted_caam_exit(void)
69{
70 unregister_key_type(&key_type_trusted);
71 caam_blob_gen_exit(blobifier);
72}
73
74struct trusted_key_ops trusted_key_caam_ops = {
75 .migratable = 0, /* non-migratable */
76 .init = trusted_caam_init,
77 .seal = trusted_caam_seal,
78 .unseal = trusted_caam_unseal,
79 .exit = trusted_caam_exit,
80};