1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * Copyright (C) 2010 IBM Corporation
4 * Author: David Safford <safford@us.ibm.com>
5 */
6
7 #ifndef _KEYS_TRUSTED_TYPE_H
8 #define _KEYS_TRUSTED_TYPE_H
9
10 #include <linux/key.h>
11 #include <linux/rcupdate.h>
12 #include <linux/tpm.h>
13
14 #ifdef pr_fmt
15 #undef pr_fmt
16 #endif
17
18 #define pr_fmt(fmt) "trusted_key: " fmt
19
20 #define MIN_KEY_SIZE 32
21 #define MAX_KEY_SIZE 128
22 #define MAX_BLOB_SIZE 512
23 #define MAX_PCRINFO_SIZE 64
24 #define MAX_DIGEST_SIZE 64
25
26 struct trusted_key_payload {
27 struct rcu_head rcu;
28 unsigned int key_len;
29 unsigned int blob_len;
30 unsigned char migratable;
31 unsigned char old_format;
32 unsigned char key[MAX_KEY_SIZE + 1];
33 unsigned char blob[MAX_BLOB_SIZE];
34 };
35
36 struct trusted_key_options {
37 uint16_t keytype;
38 uint32_t keyhandle;
39 unsigned char keyauth[TPM_DIGEST_SIZE];
40 uint32_t blobauth_len;
41 unsigned char blobauth[TPM_DIGEST_SIZE];
42 uint32_t pcrinfo_len;
43 unsigned char pcrinfo[MAX_PCRINFO_SIZE];
44 int pcrlock;
45 uint32_t hash;
46 uint32_t policydigest_len;
47 unsigned char policydigest[MAX_DIGEST_SIZE];
48 uint32_t policyhandle;
49 };
50
51 struct trusted_key_ops {
52 /*
53 * flag to indicate if trusted key implementation supports migration
54 * or not.
55 */
56 unsigned char migratable;
57
58 /* Initialize key interface. */
59 int (*init)(void);
60
61 /* Seal a key. */
62 int (*seal)(struct trusted_key_payload *p, char *datablob);
63
64 /* Unseal a key. */
65 int (*unseal)(struct trusted_key_payload *p, char *datablob);
66
67 /* Optional: Get a randomized key. */
68 int (*get_random)(unsigned char *key, size_t key_len);
69
70 /* Exit key interface. */
71 void (*exit)(void);
72 };
73
74 struct trusted_key_source {
75 char *name;
76 struct trusted_key_ops *ops;
77 };
78
79 extern struct key_type key_type_trusted;
80
81 #define TRUSTED_DEBUG 0
82
83 #if TRUSTED_DEBUG
dump_payload(struct trusted_key_payload * p)84 static inline void dump_payload(struct trusted_key_payload *p)
85 {
86 pr_info("key_len %d\n", p->key_len);
87 print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
88 16, 1, p->key, p->key_len, 0);
89 pr_info("bloblen %d\n", p->blob_len);
90 print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
91 16, 1, p->blob, p->blob_len, 0);
92 pr_info("migratable %d\n", p->migratable);
93 }
94 #else
dump_payload(struct trusted_key_payload * p)95 static inline void dump_payload(struct trusted_key_payload *p)
96 {
97 }
98 #endif
99
100 #endif /* _KEYS_TRUSTED_TYPE_H */
101