mirror of https://github.com/Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
80 lines
1.8 KiB
80 lines
1.8 KiB
// SPDX-License-Identifier: GPL-2.0-only |
|
/* |
|
* Copyright (C) 2021 Pengutronix, Ahmad Fatoum <[email protected]> |
|
*/ |
|
|
|
#include <keys/trusted_caam.h> |
|
#include <keys/trusted-type.h> |
|
#include <linux/build_bug.h> |
|
#include <linux/key-type.h> |
|
#include <soc/fsl/caam-blob.h> |
|
|
|
static struct caam_blob_priv *blobifier; |
|
|
|
#define KEYMOD "SECURE_KEY" |
|
|
|
static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN); |
|
static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN); |
|
|
|
static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) |
|
{ |
|
int ret; |
|
struct caam_blob_info info = { |
|
.input = p->key, .input_len = p->key_len, |
|
.output = p->blob, .output_len = MAX_BLOB_SIZE, |
|
.key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, |
|
}; |
|
|
|
ret = caam_encap_blob(blobifier, &info); |
|
if (ret) |
|
return ret; |
|
|
|
p->blob_len = info.output_len; |
|
return 0; |
|
} |
|
|
|
static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob) |
|
{ |
|
int ret; |
|
struct caam_blob_info info = { |
|
.input = p->blob, .input_len = p->blob_len, |
|
.output = p->key, .output_len = MAX_KEY_SIZE, |
|
.key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, |
|
}; |
|
|
|
ret = caam_decap_blob(blobifier, &info); |
|
if (ret) |
|
return ret; |
|
|
|
p->key_len = info.output_len; |
|
return 0; |
|
} |
|
|
|
static int trusted_caam_init(void) |
|
{ |
|
int ret; |
|
|
|
blobifier = caam_blob_gen_init(); |
|
if (IS_ERR(blobifier)) |
|
return PTR_ERR(blobifier); |
|
|
|
ret = register_key_type(&key_type_trusted); |
|
if (ret) |
|
caam_blob_gen_exit(blobifier); |
|
|
|
return ret; |
|
} |
|
|
|
static void trusted_caam_exit(void) |
|
{ |
|
unregister_key_type(&key_type_trusted); |
|
caam_blob_gen_exit(blobifier); |
|
} |
|
|
|
struct trusted_key_ops trusted_key_caam_ops = { |
|
.migratable = 0, /* non-migratable */ |
|
.init = trusted_caam_init, |
|
.seal = trusted_caam_seal, |
|
.unseal = trusted_caam_unseal, |
|
.exit = trusted_caam_exit, |
|
};
|
|
|