1 /* 2 * Copyright (C) 2010 IBM Corporation 3 * Copyright (C) 2010 Politecnico di Torino, Italy 4 * TORSEC group -- http://security.polito.it 5 * 6 * Authors: 7 * Mimi Zohar <zohar@us.ibm.com> 8 * Roberto Sassu <roberto.sassu@polito.it> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation, version 2 of the License. 13 * 14 * See Documentation/security/keys/trusted-encrypted.rst 15 */ 16 17 #include <linux/uaccess.h> 18 #include <linux/err.h> 19 #include <keys/trusted-type.h> 20 #include <keys/encrypted-type.h> 21 #include "encrypted.h" 22 23 /* 24 * request_trusted_key - request the trusted key 25 * 26 * Trusted keys are sealed to PCRs and other metadata. Although userspace 27 * manages both trusted/encrypted key-types, like the encrypted key type 28 * data, trusted key type data is not visible decrypted from userspace. 29 */ 30 struct key *request_trusted_key(const char *trusted_desc, 31 const u8 **master_key, size_t *master_keylen) 32 { 33 struct trusted_key_payload *tpayload; 34 struct key *tkey; 35 36 tkey = request_key(&key_type_trusted, trusted_desc, NULL); 37 if (IS_ERR(tkey)) 38 goto error; 39 40 down_read(&tkey->sem); 41 tpayload = tkey->payload.data[0]; 42 *master_key = tpayload->key; 43 *master_keylen = tpayload->key_len; 44 error: 45 return tkey; 46 } 47