linuxdebug/security/keys/trusted-keys/trusted_caam.c

81 lines
1.8 KiB
C
Raw Normal View History

2024-07-16 15:50:57 +02:00
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
*/
#include <keys/trusted_caam.h>
#include <keys/trusted-type.h>
#include <linux/build_bug.h>
#include <linux/key-type.h>
#include <soc/fsl/caam-blob.h>
static struct caam_blob_priv *blobifier;
#define KEYMOD "SECURE_KEY"
static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN);
static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN);
static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob)
{
int ret;
struct caam_blob_info info = {
.input = p->key, .input_len = p->key_len,
.output = p->blob, .output_len = MAX_BLOB_SIZE,
.key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
};
ret = caam_encap_blob(blobifier, &info);
if (ret)
return ret;
p->blob_len = info.output_len;
return 0;
}
static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob)
{
int ret;
struct caam_blob_info info = {
.input = p->blob, .input_len = p->blob_len,
.output = p->key, .output_len = MAX_KEY_SIZE,
.key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
};
ret = caam_decap_blob(blobifier, &info);
if (ret)
return ret;
p->key_len = info.output_len;
return 0;
}
static int trusted_caam_init(void)
{
int ret;
blobifier = caam_blob_gen_init();
if (IS_ERR(blobifier))
return PTR_ERR(blobifier);
ret = register_key_type(&key_type_trusted);
if (ret)
caam_blob_gen_exit(blobifier);
return ret;
}
static void trusted_caam_exit(void)
{
unregister_key_type(&key_type_trusted);
caam_blob_gen_exit(blobifier);
}
struct trusted_key_ops trusted_key_caam_ops = {
.migratable = 0, /* non-migratable */
.init = trusted_caam_init,
.seal = trusted_caam_seal,
.unseal = trusted_caam_unseal,
.exit = trusted_caam_exit,
};