xref: /linux/include/keys/trusted-type.h (revision 4f2c0a4acffbec01079c28f839422e64ddeff004) 
1b886d83cSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-only */
2d00a1c72SMimi Zohar /*
3d00a1c72SMimi Zohar  * Copyright (C) 2010 IBM Corporation
4d00a1c72SMimi Zohar  * Author: David Safford <safford@us.ibm.com>
5d00a1c72SMimi Zohar  */
6d00a1c72SMimi Zohar 
7d00a1c72SMimi Zohar #ifndef _KEYS_TRUSTED_TYPE_H
8d00a1c72SMimi Zohar #define _KEYS_TRUSTED_TYPE_H
9d00a1c72SMimi Zohar 
10d00a1c72SMimi Zohar #include <linux/key.h>
11d00a1c72SMimi Zohar #include <linux/rcupdate.h>
12fe351e8dSJarkko Sakkinen #include <linux/tpm.h>
13d00a1c72SMimi Zohar 
145d0682beSSumit Garg #ifdef pr_fmt
155d0682beSSumit Garg #undef pr_fmt
165d0682beSSumit Garg #endif
175d0682beSSumit Garg 
185d0682beSSumit Garg #define pr_fmt(fmt) "trusted_key: " fmt
195d0682beSSumit Garg 
20d00a1c72SMimi Zohar #define MIN_KEY_SIZE			32
21d00a1c72SMimi Zohar #define MAX_KEY_SIZE			128
22954650efSJarkko Sakkinen #define MAX_BLOB_SIZE			512
23fe351e8dSJarkko Sakkinen #define MAX_PCRINFO_SIZE		64
245beb0c43SJarkko Sakkinen #define MAX_DIGEST_SIZE			64
25d00a1c72SMimi Zohar 
26d00a1c72SMimi Zohar struct trusted_key_payload {
27d00a1c72SMimi Zohar 	struct rcu_head rcu;
28d00a1c72SMimi Zohar 	unsigned int key_len;
29d00a1c72SMimi Zohar 	unsigned int blob_len;
30d00a1c72SMimi Zohar 	unsigned char migratable;
31f2219745SJames Bottomley 	unsigned char old_format;
32d00a1c72SMimi Zohar 	unsigned char key[MAX_KEY_SIZE + 1];
33d00a1c72SMimi Zohar 	unsigned char blob[MAX_BLOB_SIZE];
34d00a1c72SMimi Zohar };
35d00a1c72SMimi Zohar 
36fe351e8dSJarkko Sakkinen struct trusted_key_options {
37fe351e8dSJarkko Sakkinen 	uint16_t keytype;
38fe351e8dSJarkko Sakkinen 	uint32_t keyhandle;
39fe351e8dSJarkko Sakkinen 	unsigned char keyauth[TPM_DIGEST_SIZE];
40de66514dSJames Bottomley 	uint32_t blobauth_len;
41fe351e8dSJarkko Sakkinen 	unsigned char blobauth[TPM_DIGEST_SIZE];
42fe351e8dSJarkko Sakkinen 	uint32_t pcrinfo_len;
43fe351e8dSJarkko Sakkinen 	unsigned char pcrinfo[MAX_PCRINFO_SIZE];
44fe351e8dSJarkko Sakkinen 	int pcrlock;
455ca4c20cSJarkko Sakkinen 	uint32_t hash;
46f3c82adeSJarkko Sakkinen 	uint32_t policydigest_len;
475beb0c43SJarkko Sakkinen 	unsigned char policydigest[MAX_DIGEST_SIZE];
485beb0c43SJarkko Sakkinen 	uint32_t policyhandle;
49fe351e8dSJarkko Sakkinen };
50fe351e8dSJarkko Sakkinen 
515d0682beSSumit Garg struct trusted_key_ops {
525d0682beSSumit Garg 	/*
535d0682beSSumit Garg 	 * flag to indicate if trusted key implementation supports migration
545d0682beSSumit Garg 	 * or not.
555d0682beSSumit Garg 	 */
565d0682beSSumit Garg 	unsigned char migratable;
575d0682beSSumit Garg 
585d0682beSSumit Garg 	/* Initialize key interface. */
595d0682beSSumit Garg 	int (*init)(void);
605d0682beSSumit Garg 
615d0682beSSumit Garg 	/* Seal a key. */
625d0682beSSumit Garg 	int (*seal)(struct trusted_key_payload *p, char *datablob);
635d0682beSSumit Garg 
645d0682beSSumit Garg 	/* Unseal a key. */
655d0682beSSumit Garg 	int (*unseal)(struct trusted_key_payload *p, char *datablob);
665d0682beSSumit Garg 
67*fcd7c269SAhmad Fatoum 	/* Optional: Get a randomized key. */
685d0682beSSumit Garg 	int (*get_random)(unsigned char *key, size_t key_len);
695d0682beSSumit Garg 
705d0682beSSumit Garg 	/* Exit key interface. */
715d0682beSSumit Garg 	void (*exit)(void);
725d0682beSSumit Garg };
735d0682beSSumit Garg 
745d0682beSSumit Garg struct trusted_key_source {
755d0682beSSumit Garg 	char *name;
765d0682beSSumit Garg 	struct trusted_key_ops *ops;
775d0682beSSumit Garg };
785d0682beSSumit Garg 
79d00a1c72SMimi Zohar extern struct key_type key_type_trusted;
80d00a1c72SMimi Zohar 
815d0682beSSumit Garg #define TRUSTED_DEBUG 0
825d0682beSSumit Garg 
835d0682beSSumit Garg #if TRUSTED_DEBUG
dump_payload(struct trusted_key_payload * p)845d0682beSSumit Garg static inline void dump_payload(struct trusted_key_payload *p)
855d0682beSSumit Garg {
865d0682beSSumit Garg 	pr_info("key_len %d\n", p->key_len);
875d0682beSSumit Garg 	print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
885d0682beSSumit Garg 		       16, 1, p->key, p->key_len, 0);
895d0682beSSumit Garg 	pr_info("bloblen %d\n", p->blob_len);
905d0682beSSumit Garg 	print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
915d0682beSSumit Garg 		       16, 1, p->blob, p->blob_len, 0);
925d0682beSSumit Garg 	pr_info("migratable %d\n", p->migratable);
935d0682beSSumit Garg }
945d0682beSSumit Garg #else
dump_payload(struct trusted_key_payload * p)955d0682beSSumit Garg static inline void dump_payload(struct trusted_key_payload *p)
965d0682beSSumit Garg {
975d0682beSSumit Garg }
985d0682beSSumit Garg #endif
995d0682beSSumit Garg 
100d00a1c72SMimi Zohar #endif /* _KEYS_TRUSTED_TYPE_H */
101