Commit | Line | Data |
---|---|---|
b886d83c | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
d00a1c72 MZ |
2 | /* |
3 | * Copyright (C) 2010 IBM Corporation | |
4 | * Author: David Safford <safford@us.ibm.com> | |
d00a1c72 MZ |
5 | */ |
6 | ||
7 | #ifndef _KEYS_TRUSTED_TYPE_H | |
8 | #define _KEYS_TRUSTED_TYPE_H | |
9 | ||
10 | #include <linux/key.h> | |
11 | #include <linux/rcupdate.h> | |
fe351e8d | 12 | #include <linux/tpm.h> |
d00a1c72 | 13 | |
5d0682be SG |
14 | #ifdef pr_fmt |
15 | #undef pr_fmt | |
16 | #endif | |
17 | ||
18 | #define pr_fmt(fmt) "trusted_key: " fmt | |
19 | ||
d00a1c72 MZ |
20 | #define MIN_KEY_SIZE 32 |
21 | #define MAX_KEY_SIZE 128 | |
954650ef | 22 | #define MAX_BLOB_SIZE 512 |
fe351e8d | 23 | #define MAX_PCRINFO_SIZE 64 |
5beb0c43 | 24 | #define MAX_DIGEST_SIZE 64 |
d00a1c72 MZ |
25 | |
26 | struct trusted_key_payload { | |
27 | struct rcu_head rcu; | |
28 | unsigned int key_len; | |
29 | unsigned int blob_len; | |
30 | unsigned char migratable; | |
f2219745 | 31 | unsigned char old_format; |
d00a1c72 MZ |
32 | unsigned char key[MAX_KEY_SIZE + 1]; |
33 | unsigned char blob[MAX_BLOB_SIZE]; | |
34 | }; | |
35 | ||
fe351e8d JS |
36 | struct trusted_key_options { |
37 | uint16_t keytype; | |
38 | uint32_t keyhandle; | |
39 | unsigned char keyauth[TPM_DIGEST_SIZE]; | |
de66514d | 40 | uint32_t blobauth_len; |
fe351e8d JS |
41 | unsigned char blobauth[TPM_DIGEST_SIZE]; |
42 | uint32_t pcrinfo_len; | |
43 | unsigned char pcrinfo[MAX_PCRINFO_SIZE]; | |
44 | int pcrlock; | |
5ca4c20c | 45 | uint32_t hash; |
f3c82ade | 46 | uint32_t policydigest_len; |
5beb0c43 JS |
47 | unsigned char policydigest[MAX_DIGEST_SIZE]; |
48 | uint32_t policyhandle; | |
fe351e8d JS |
49 | }; |
50 | ||
5d0682be SG |
51 | struct trusted_key_ops { |
52 | /* | |
53 | * flag to indicate if trusted key implementation supports migration | |
54 | * or not. | |
55 | */ | |
56 | unsigned char migratable; | |
57 | ||
58 | /* Initialize key interface. */ | |
59 | int (*init)(void); | |
60 | ||
61 | /* Seal a key. */ | |
62 | int (*seal)(struct trusted_key_payload *p, char *datablob); | |
63 | ||
64 | /* Unseal a key. */ | |
65 | int (*unseal)(struct trusted_key_payload *p, char *datablob); | |
66 | ||
67 | /* Get a randomized key. */ | |
68 | int (*get_random)(unsigned char *key, size_t key_len); | |
69 | ||
70 | /* Exit key interface. */ | |
71 | void (*exit)(void); | |
72 | }; | |
73 | ||
74 | struct trusted_key_source { | |
75 | char *name; | |
76 | struct trusted_key_ops *ops; | |
77 | }; | |
78 | ||
d00a1c72 MZ |
79 | extern struct key_type key_type_trusted; |
80 | ||
5d0682be SG |
81 | #define TRUSTED_DEBUG 0 |
82 | ||
83 | #if TRUSTED_DEBUG | |
84 | static inline void dump_payload(struct trusted_key_payload *p) | |
85 | { | |
86 | pr_info("key_len %d\n", p->key_len); | |
87 | print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE, | |
88 | 16, 1, p->key, p->key_len, 0); | |
89 | pr_info("bloblen %d\n", p->blob_len); | |
90 | print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE, | |
91 | 16, 1, p->blob, p->blob_len, 0); | |
92 | pr_info("migratable %d\n", p->migratable); | |
93 | } | |
94 | #else | |
95 | static inline void dump_payload(struct trusted_key_payload *p) | |
96 | { | |
97 | } | |
98 | #endif | |
99 | ||
d00a1c72 | 100 | #endif /* _KEYS_TRUSTED_TYPE_H */ |