Linux/security/keys/trusted-keys/trusted

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 // SPDX-License-Identifier: GPL-2.0-only 1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 2 /* 3 * Copyright (C) 2021 Pengutronix, Ahmad Fatou 3 * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de> 4 */ 4 */ 5 5 6 #include <keys/trusted_caam.h> 6 #include <keys/trusted_caam.h> 7 #include <keys/trusted-type.h> 7 #include <keys/trusted-type.h> 8 #include <linux/build_bug.h> 8 #include <linux/build_bug.h> 9 #include <linux/key-type.h> 9 #include <linux/key-type.h> 10 #include <soc/fsl/caam-blob.h> 10 #include <soc/fsl/caam-blob.h> 11 11 12 static struct caam_blob_priv *blobifier; 12 static struct caam_blob_priv *blobifier; 13 13 14 #define KEYMOD "SECURE_KEY" 14 #define KEYMOD "SECURE_KEY" 15 15 16 static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEA 16 static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN); 17 static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_L 17 static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN); 18 18 19 static int trusted_caam_seal(struct trusted_ke 19 static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) 20 { 20 { 21 int ret; 21 int ret; 22 struct caam_blob_info info = { 22 struct caam_blob_info info = { 23 .input = p->key, .input_len 23 .input = p->key, .input_len = p->key_len, 24 .output = p->blob, .output_len 24 .output = p->blob, .output_len = MAX_BLOB_SIZE, 25 .key_mod = KEYMOD, .key_mod_le 25 .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, 26 }; 26 }; 27 27 28 ret = caam_encap_blob(blobifier, &info 28 ret = caam_encap_blob(blobifier, &info); 29 if (ret) 29 if (ret) 30 return ret; 30 return ret; 31 31 32 p->blob_len = info.output_len; 32 p->blob_len = info.output_len; 33 return 0; 33 return 0; 34 } 34 } 35 35 36 static int trusted_caam_unseal(struct trusted_ 36 static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob) 37 { 37 { 38 int ret; 38 int ret; 39 struct caam_blob_info info = { 39 struct caam_blob_info info = { 40 .input = p->blob, .input_le 40 .input = p->blob, .input_len = p->blob_len, 41 .output = p->key, .output_l 41 .output = p->key, .output_len = MAX_KEY_SIZE, 42 .key_mod = KEYMOD, .key_mod_l 42 .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, 43 }; 43 }; 44 44 45 ret = caam_decap_blob(blobifier, &info 45 ret = caam_decap_blob(blobifier, &info); 46 if (ret) 46 if (ret) 47 return ret; 47 return ret; 48 48 49 p->key_len = info.output_len; 49 p->key_len = info.output_len; 50 return 0; 50 return 0; 51 } 51 } 52 52 53 static int trusted_caam_init(void) 53 static int trusted_caam_init(void) 54 { 54 { 55 int ret; 55 int ret; 56 56 57 blobifier = caam_blob_gen_init(); 57 blobifier = caam_blob_gen_init(); 58 if (IS_ERR(blobifier)) 58 if (IS_ERR(blobifier)) 59 return PTR_ERR(blobifier); 59 return PTR_ERR(blobifier); 60 60 61 ret = register_key_type(&key_type_trus 61 ret = register_key_type(&key_type_trusted); 62 if (ret) 62 if (ret) 63 caam_blob_gen_exit(blobifier); 63 caam_blob_gen_exit(blobifier); 64 64 65 return ret; 65 return ret; 66 } 66 } 67 67 68 static void trusted_caam_exit(void) 68 static void trusted_caam_exit(void) 69 { 69 { 70 unregister_key_type(&key_type_trusted) 70 unregister_key_type(&key_type_trusted); 71 caam_blob_gen_exit(blobifier); 71 caam_blob_gen_exit(blobifier); 72 } 72 } 73 73 74 struct trusted_key_ops trusted_key_caam_ops = 74 struct trusted_key_ops trusted_key_caam_ops = { 75 .migratable = 0, /* non-migratable */ 75 .migratable = 0, /* non-migratable */ 76 .init = trusted_caam_init, 76 .init = trusted_caam_init, 77 .seal = trusted_caam_seal, 77 .seal = trusted_caam_seal, 78 .unseal = trusted_caam_unseal, 78 .unseal = trusted_caam_unseal, 79 .exit = trusted_caam_exit, 79 .exit = trusted_caam_exit, 80 }; 80 }; 81 81

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/security/keys/trusted-keys/trusted_caam.c

Diff markup

Differences between /security/keys/trusted-keys/trusted_caam.c (Architecture m68k) and /security/keys/trusted-keys/trusted_caam.c (Architecture alpha)

TOMOYO Linux Cross Reference Linux/security/keys/trusted-keys/trusted_caam.c

Diff markup

Differences between /security/keys/trusted-keys/trusted_caam.c (Architecture m68k) and /security/keys/trusted-keys/trusted_caam.c (Architecture alpha)

TOMOYO Linux Cross Reference
Linux/security/keys/trusted-keys/trusted_caam.c