1 // SPDX-License-Identifier: GPL-2.0-only
11 #include <keys/trusted-type.h>
12 #include <linux/key-type.h>
25  * The Data Co-Processor (DCP) provides hardware-bound AES keys using its
27  * To make DCP hardware encryption keys usable as trust source, we define
28  * our own custom format that uses a hardware-bound key to secure the sealing
31  * Whenever a new trusted key using DCP is generated, we generate a random 128-bit
32  * blob encryption key (BEK) and 128-bit nonce. The BEK and nonce are used to
33  * encrypt the trusted key payload using AES-128-GCM.
35  * The BEK itself is encrypted using the hardware-bound key using the DCP's AES
36  * encryption engine with AES-128-ECB. The encrypted BEK, generated nonce,
37  * BEK-encrypted payload and authentication tag make up the blob format together
42  * struct dcp_blob_fmt - DCP BLOB format.
47  *            AES-128-ECB mode by DCP.
50  * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
91 	tfm = crypto_alloc_skcipher("ecb-paes-dcp", CRYPTO_ALG_INTERNAL,  in do_dcp_crypto()
101 		res = -ENOMEM;  in do_dcp_crypto()
152 		ret = -ENOMEM;  in do_aead_crypto()
173 		ret = -EINVAL;  in do_aead_crypto()
202 	struct dcp_blob_fmt *b = (struct dcp_blob_fmt *)p->blob;  in trusted_dcp_seal()
206 	blen = calc_blob_len(p->key_len);  in trusted_dcp_seal()
208 		return -E2BIG;  in trusted_dcp_seal()
212 		return -ENOMEM;  in trusted_dcp_seal()
214 	b->fmt_version = DCP_BLOB_VERSION;  in trusted_dcp_seal()
215 	get_random_bytes(b->nonce, AES_KEYSIZE_128);  in trusted_dcp_seal()
218 	ret = do_aead_crypto(p->key, b->payload, p->key_len, plain_blob_key,  in trusted_dcp_seal()
219 			     b->nonce, true);  in trusted_dcp_seal()
225 	ret = encrypt_blob_key(plain_blob_key, b->blob_key);  in trusted_dcp_seal()
231 	put_unaligned_le32(p->key_len, &b->payload_len);  in trusted_dcp_seal()
232 	p->blob_len = blen;  in trusted_dcp_seal()
244 	struct dcp_blob_fmt *b = (struct dcp_blob_fmt *)p->blob;  in trusted_dcp_unseal()
248 	if (b->fmt_version != DCP_BLOB_VERSION) {  in trusted_dcp_unseal()
250 		       b->fmt_version, DCP_BLOB_VERSION);  in trusted_dcp_unseal()
251 		ret = -EINVAL;  in trusted_dcp_unseal()
255 	p->key_len = le32_to_cpu(b->payload_len);  in trusted_dcp_unseal()
256 	blen = calc_blob_len(p->key_len);  in trusted_dcp_unseal()
257 	if (blen != p->blob_len) {  in trusted_dcp_unseal()
259 		       p->blob_len);  in trusted_dcp_unseal()
260 		ret = -EINVAL;  in trusted_dcp_unseal()
266 		ret = -ENOMEM;  in trusted_dcp_unseal()
270 	ret = decrypt_blob_key(b->blob_key, plain_blob_key);  in trusted_dcp_unseal()
276 	ret = do_aead_crypto(b->payload, p->key, p->key_len + DCP_BLOB_AUTHLEN,  in trusted_dcp_unseal()
277 			     plain_blob_key, b->nonce, false);  in trusted_dcp_unseal()
309 		ret = -ENOMEM;  in test_for_zero_key()
321 		ret = -EINVAL;  in test_for_zero_key()
339 		return -EINVAL;  in trusted_dcp_init()