Commit | Line | Data |
---|---|---|
e9c5048c AF |
1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* | |
3 | * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de> | |
4 | */ | |
5 | ||
6 | #include <keys/trusted_caam.h> | |
7 | #include <keys/trusted-type.h> | |
8 | #include <linux/build_bug.h> | |
9 | #include <linux/key-type.h> | |
10 | #include <soc/fsl/caam-blob.h> | |
11 | ||
12 | static struct caam_blob_priv *blobifier; | |
13 | ||
14 | #define KEYMOD "SECURE_KEY" | |
15 | ||
16 | static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN); | |
17 | static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN); | |
18 | ||
19 | static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) | |
20 | { | |
21 | int ret; | |
22 | struct caam_blob_info info = { | |
23 | .input = p->key, .input_len = p->key_len, | |
24 | .output = p->blob, .output_len = MAX_BLOB_SIZE, | |
25 | .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, | |
26 | }; | |
27 | ||
28 | ret = caam_encap_blob(blobifier, &info); | |
29 | if (ret) | |
30 | return ret; | |
31 | ||
32 | p->blob_len = info.output_len; | |
33 | return 0; | |
34 | } | |
35 | ||
36 | static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob) | |
37 | { | |
38 | int ret; | |
39 | struct caam_blob_info info = { | |
40 | .input = p->blob, .input_len = p->blob_len, | |
41 | .output = p->key, .output_len = MAX_KEY_SIZE, | |
42 | .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, | |
43 | }; | |
44 | ||
45 | ret = caam_decap_blob(blobifier, &info); | |
46 | if (ret) | |
47 | return ret; | |
48 | ||
49 | p->key_len = info.output_len; | |
50 | return 0; | |
51 | } | |
52 | ||
53 | static int trusted_caam_init(void) | |
54 | { | |
55 | int ret; | |
56 | ||
57 | blobifier = caam_blob_gen_init(); | |
58 | if (IS_ERR(blobifier)) | |
59 | return PTR_ERR(blobifier); | |
60 | ||
61 | ret = register_key_type(&key_type_trusted); | |
62 | if (ret) | |
63 | caam_blob_gen_exit(blobifier); | |
64 | ||
65 | return ret; | |
66 | } | |
67 | ||
68 | static void trusted_caam_exit(void) | |
69 | { | |
70 | unregister_key_type(&key_type_trusted); | |
71 | caam_blob_gen_exit(blobifier); | |
72 | } | |
73 | ||
74 | struct trusted_key_ops trusted_key_caam_ops = { | |
75 | .migratable = 0, /* non-migratable */ | |
76 | .init = trusted_caam_init, | |
77 | .seal = trusted_caam_seal, | |
78 | .unseal = trusted_caam_unseal, | |
79 | .exit = trusted_caam_exit, | |
80 | }; |