forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 lines
2.2 KiB
100 lines
2.2 KiB
/* SPDX-License-Identifier: GPL-2.0-only */ |
|
/* |
|
* Copyright (C) 2010 IBM Corporation |
|
* Author: David Safford <[email protected]> |
|
*/ |
|
|
|
#ifndef _KEYS_TRUSTED_TYPE_H |
|
#define _KEYS_TRUSTED_TYPE_H |
|
|
|
#include <linux/key.h> |
|
#include <linux/rcupdate.h> |
|
#include <linux/tpm.h> |
|
|
|
#ifdef pr_fmt |
|
#undef pr_fmt |
|
#endif |
|
|
|
#define pr_fmt(fmt) "trusted_key: " fmt |
|
|
|
#define MIN_KEY_SIZE 32 |
|
#define MAX_KEY_SIZE 128 |
|
#define MAX_BLOB_SIZE 512 |
|
#define MAX_PCRINFO_SIZE 64 |
|
#define MAX_DIGEST_SIZE 64 |
|
|
|
struct trusted_key_payload { |
|
struct rcu_head rcu; |
|
unsigned int key_len; |
|
unsigned int blob_len; |
|
unsigned char migratable; |
|
unsigned char old_format; |
|
unsigned char key[MAX_KEY_SIZE + 1]; |
|
unsigned char blob[MAX_BLOB_SIZE]; |
|
}; |
|
|
|
struct trusted_key_options { |
|
uint16_t keytype; |
|
uint32_t keyhandle; |
|
unsigned char keyauth[TPM_DIGEST_SIZE]; |
|
uint32_t blobauth_len; |
|
unsigned char blobauth[TPM_DIGEST_SIZE]; |
|
uint32_t pcrinfo_len; |
|
unsigned char pcrinfo[MAX_PCRINFO_SIZE]; |
|
int pcrlock; |
|
uint32_t hash; |
|
uint32_t policydigest_len; |
|
unsigned char policydigest[MAX_DIGEST_SIZE]; |
|
uint32_t policyhandle; |
|
}; |
|
|
|
struct trusted_key_ops { |
|
/* |
|
* flag to indicate if trusted key implementation supports migration |
|
* or not. |
|
*/ |
|
unsigned char migratable; |
|
|
|
/* Initialize key interface. */ |
|
int (*init)(void); |
|
|
|
/* Seal a key. */ |
|
int (*seal)(struct trusted_key_payload *p, char *datablob); |
|
|
|
/* Unseal a key. */ |
|
int (*unseal)(struct trusted_key_payload *p, char *datablob); |
|
|
|
/* Get a randomized key. */ |
|
int (*get_random)(unsigned char *key, size_t key_len); |
|
|
|
/* Exit key interface. */ |
|
void (*exit)(void); |
|
}; |
|
|
|
struct trusted_key_source { |
|
char *name; |
|
struct trusted_key_ops *ops; |
|
}; |
|
|
|
extern struct key_type key_type_trusted; |
|
|
|
#define TRUSTED_DEBUG 0 |
|
|
|
#if TRUSTED_DEBUG |
|
static inline void dump_payload(struct trusted_key_payload *p) |
|
{ |
|
pr_info("key_len %d\n", p->key_len); |
|
print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE, |
|
16, 1, p->key, p->key_len, 0); |
|
pr_info("bloblen %d\n", p->blob_len); |
|
print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE, |
|
16, 1, p->blob, p->blob_len, 0); |
|
pr_info("migratable %d\n", p->migratable); |
|
} |
|
#else |
|
static inline void dump_payload(struct trusted_key_payload *p) |
|
{ |
|
} |
|
#endif |
|
|
|
#endif /* _KEYS_TRUSTED_TYPE_H */
|
|
|