xref: /linux/include/keys/trusted-type.h (revision c8bfe3fad4f86a029da7157bae9699c816f0c309)
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Copyright (C) 2010 IBM Corporation
4  * Author: David Safford <safford@us.ibm.com>
5  */
6 
7 #ifndef _KEYS_TRUSTED_TYPE_H
8 #define _KEYS_TRUSTED_TYPE_H
9 
10 #include <linux/key.h>
11 #include <linux/rcupdate.h>
12 #include <linux/tpm.h>
13 
14 #ifdef pr_fmt
15 #undef pr_fmt
16 #endif
17 
18 #define pr_fmt(fmt) "trusted_key: " fmt
19 
20 #define MIN_KEY_SIZE			32
21 #define MAX_KEY_SIZE			128
22 #define MAX_BLOB_SIZE			512
23 #define MAX_PCRINFO_SIZE		64
24 #define MAX_DIGEST_SIZE			64
25 
26 struct trusted_key_payload {
27 	struct rcu_head rcu;
28 	unsigned int key_len;
29 	unsigned int blob_len;
30 	unsigned char migratable;
31 	unsigned char old_format;
32 	unsigned char key[MAX_KEY_SIZE + 1];
33 	unsigned char blob[MAX_BLOB_SIZE];
34 };
35 
36 struct trusted_key_options {
37 	uint16_t keytype;
38 	uint32_t keyhandle;
39 	unsigned char keyauth[TPM_DIGEST_SIZE];
40 	uint32_t blobauth_len;
41 	unsigned char blobauth[TPM_DIGEST_SIZE];
42 	uint32_t pcrinfo_len;
43 	unsigned char pcrinfo[MAX_PCRINFO_SIZE];
44 	int pcrlock;
45 	uint32_t hash;
46 	uint32_t policydigest_len;
47 	unsigned char policydigest[MAX_DIGEST_SIZE];
48 	uint32_t policyhandle;
49 };
50 
51 struct trusted_key_ops {
52 	/*
53 	 * flag to indicate if trusted key implementation supports migration
54 	 * or not.
55 	 */
56 	unsigned char migratable;
57 
58 	/* Initialize key interface. */
59 	int (*init)(void);
60 
61 	/* Seal a key. */
62 	int (*seal)(struct trusted_key_payload *p, char *datablob);
63 
64 	/* Unseal a key. */
65 	int (*unseal)(struct trusted_key_payload *p, char *datablob);
66 
67 	/* Optional: Get a randomized key. */
68 	int (*get_random)(unsigned char *key, size_t key_len);
69 
70 	/* Exit key interface. */
71 	void (*exit)(void);
72 };
73 
74 struct trusted_key_source {
75 	char *name;
76 	struct trusted_key_ops *ops;
77 };
78 
79 extern struct key_type key_type_trusted;
80 
81 #define TRUSTED_DEBUG 0
82 
83 #if TRUSTED_DEBUG
84 static inline void dump_payload(struct trusted_key_payload *p)
85 {
86 	pr_info("key_len %d\n", p->key_len);
87 	print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
88 		       16, 1, p->key, p->key_len, 0);
89 	pr_info("bloblen %d\n", p->blob_len);
90 	print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
91 		       16, 1, p->blob, p->blob_len, 0);
92 	pr_info("migratable %d\n", p->migratable);
93 }
94 #else
95 static inline void dump_payload(struct trusted_key_payload *p)
96 {
97 }
98 #endif
99 
100 #endif /* _KEYS_TRUSTED_TYPE_H */
101