include/keys/trusted-type.h

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2 /*
   3  * Copyright (C) 2010 IBM Corporation
   4  * Author: David Safford <safford@us.ibm.com>
   5  */
   6
   7 #ifndef _KEYS_TRUSTED_TYPE_H
   8 #define _KEYS_TRUSTED_TYPE_H
   9
  10 #include <linux/key.h>
  11 #include <linux/rcupdate.h>
  12 #include <linux/tpm.h>
  13
  14 #ifdef pr_fmt
  15 #undef pr_fmt
  16 #endif
  17
  18 #define pr_fmt(fmt) "trusted_key: " fmt
  19
  20 #define MIN_KEY_SIZE                    32
  21 #define MAX_KEY_SIZE                    128
  22 #define MAX_BLOB_SIZE                   512
  23 #define MAX_PCRINFO_SIZE                64
  24 #define MAX_DIGEST_SIZE                 64
  25
  26 struct trusted_key_payload {
  27         struct rcu_head rcu;
  28         unsigned int key_len;
  29         unsigned int blob_len;
  30         unsigned char migratable;
  31         unsigned char old_format;
  32         unsigned char key[MAX_KEY_SIZE + 1];
  33         unsigned char blob[MAX_BLOB_SIZE];
  34 };
  35
  36 struct trusted_key_options {
  37         uint16_t keytype;
  38         uint32_t keyhandle;
  39         unsigned char keyauth[TPM_DIGEST_SIZE];
  40         uint32_t blobauth_len;
  41         unsigned char blobauth[TPM_DIGEST_SIZE];
  42         uint32_t pcrinfo_len;
  43         unsigned char pcrinfo[MAX_PCRINFO_SIZE];
  44         int pcrlock;
  45         uint32_t hash;
  46         uint32_t policydigest_len;
  47         unsigned char policydigest[MAX_DIGEST_SIZE];
  48         uint32_t policyhandle;
  49 };
  50
  51 struct trusted_key_ops {
  52         /*
  53          * flag to indicate if trusted key implementation supports migration
  54          * or not.
  55          */
  56         unsigned char migratable;
  57
  58         /* Initialize key interface. */
  59         int (*init)(void);
  60
  61         /* Seal a key. */
  62         int (*seal)(struct trusted_key_payload *p, char *datablob);
  63
  64         /* Unseal a key. */
  65         int (*unseal)(struct trusted_key_payload *p, char *datablob);
  66
  67         /* Optional: Get a randomized key. */
  68         int (*get_random)(unsigned char *key, size_t key_len);
  69
  70         /* Exit key interface. */
  71         void (*exit)(void);
  72 };
  73
  74 struct trusted_key_source {
  75         char *name;
  76         struct trusted_key_ops *ops;
  77 };
  78
  79 extern struct key_type key_type_trusted;
  80
  81 #define TRUSTED_DEBUG 0
  82
  83 #if TRUSTED_DEBUG
  84 static inline void dump_payload(struct trusted_key_payload *p)
  85 {
  86         pr_info("key_len %d\n", p->key_len);
  87         print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
  88                        16, 1, p->key, p->key_len, 0);
  89         pr_info("bloblen %d\n", p->blob_len);
  90         print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
  91                        16, 1, p->blob, p->blob_len, 0);
  92         pr_info("migratable %d\n", p->migratable);
  93 }
  94 #else
  95 static inline void dump_payload(struct trusted_key_payload *p)
  96 {
  97 }
  98 #endif
  99
 100 #endif /* _KEYS_TRUSTED_TYPE_H */