include/keys/trusted-type.h

0001 /* SPDX-License-Identifier: GPL-2.0-only */
0002 /*
0003  * Copyright (C) 2010 IBM Corporation
0004  * Author: David Safford <safford@us.ibm.com>
0005  */
0006
0007 #ifndef _KEYS_TRUSTED_TYPE_H
0008 #define _KEYS_TRUSTED_TYPE_H
0009
0010 #include <linux/key.h>
0011 #include <linux/rcupdate.h>
0012 #include <linux/tpm.h>
0013
0014 #ifdef pr_fmt
0015 #undef pr_fmt
0016 #endif
0017
0018 #define pr_fmt(fmt) "trusted_key: " fmt
0019
0020 #define MIN_KEY_SIZE            32
0021 #define MAX_KEY_SIZE            128
0022 #define MAX_BLOB_SIZE           512
0023 #define MAX_PCRINFO_SIZE        64
0024 #define MAX_DIGEST_SIZE         64
0025
0026 struct trusted_key_payload {
0027     struct rcu_head rcu;
0028     unsigned int key_len;
0029     unsigned int blob_len;
0030     unsigned char migratable;
0031     unsigned char old_format;
0032     unsigned char key[MAX_KEY_SIZE + 1];
0033     unsigned char blob[MAX_BLOB_SIZE];
0034 };
0035
0036 struct trusted_key_options {
0037     uint16_t keytype;
0038     uint32_t keyhandle;
0039     unsigned char keyauth[TPM_DIGEST_SIZE];
0040     uint32_t blobauth_len;
0041     unsigned char blobauth[TPM_DIGEST_SIZE];
0042     uint32_t pcrinfo_len;
0043     unsigned char pcrinfo[MAX_PCRINFO_SIZE];
0044     int pcrlock;
0045     uint32_t hash;
0046     uint32_t policydigest_len;
0047     unsigned char policydigest[MAX_DIGEST_SIZE];
0048     uint32_t policyhandle;
0049 };
0050
0051 struct trusted_key_ops {
0052     /*
0053      * flag to indicate if trusted key implementation supports migration
0054      * or not.
0055      */
0056     unsigned char migratable;
0057
0058     /* Initialize key interface. */
0059     int (*init)(void);
0060
0061     /* Seal a key. */
0062     int (*seal)(struct trusted_key_payload *p, char *datablob);
0063
0064     /* Unseal a key. */
0065     int (*unseal)(struct trusted_key_payload *p, char *datablob);
0066
0067     /* Optional: Get a randomized key. */
0068     int (*get_random)(unsigned char *key, size_t key_len);
0069
0070     /* Exit key interface. */
0071     void (*exit)(void);
0072 };
0073
0074 struct trusted_key_source {
0075     char *name;
0076     struct trusted_key_ops *ops;
0077 };
0078
0079 extern struct key_type key_type_trusted;
0080
0081 #define TRUSTED_DEBUG 0
0082
0083 #if TRUSTED_DEBUG
0084 static inline void dump_payload(struct trusted_key_payload *p)
0085 {
0086     pr_info("key_len %d\n", p->key_len);
0087     print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
0088                16, 1, p->key, p->key_len, 0);
0089     pr_info("bloblen %d\n", p->blob_len);
0090     print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
0091                16, 1, p->blob, p->blob_len, 0);
0092     pr_info("migratable %d\n", p->migratable);
0093 }
0094 #else
0095 static inline void dump_payload(struct trusted_key_payload *p)
0096 {
0097 }
0098 #endif
0099
0100 #endif /* _KEYS_TRUSTED_TYPE_H */