| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- // SPDX-License-Identifier: GPL-2.0-only
- /*
- * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <[email protected]>
- */
- #include <keys/trusted_caam.h>
- #include <keys/trusted-type.h>
- #include <linux/build_bug.h>
- #include <linux/key-type.h>
- #include <soc/fsl/caam-blob.h>
- static struct caam_blob_priv *blobifier;
- #define KEYMOD "SECURE_KEY"
- static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN);
- static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN);
- static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob)
- {
- int ret;
- struct caam_blob_info info = {
- .input = p->key, .input_len = p->key_len,
- .output = p->blob, .output_len = MAX_BLOB_SIZE,
- .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
- };
- ret = caam_encap_blob(blobifier, &info);
- if (ret)
- return ret;
- p->blob_len = info.output_len;
- return 0;
- }
- static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob)
- {
- int ret;
- struct caam_blob_info info = {
- .input = p->blob, .input_len = p->blob_len,
- .output = p->key, .output_len = MAX_KEY_SIZE,
- .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
- };
- ret = caam_decap_blob(blobifier, &info);
- if (ret)
- return ret;
- p->key_len = info.output_len;
- return 0;
- }
- static int trusted_caam_init(void)
- {
- int ret;
- blobifier = caam_blob_gen_init();
- if (IS_ERR(blobifier))
- return PTR_ERR(blobifier);
- ret = register_key_type(&key_type_trusted);
- if (ret)
- caam_blob_gen_exit(blobifier);
- return ret;
- }
- static void trusted_caam_exit(void)
- {
- unregister_key_type(&key_type_trusted);
- caam_blob_gen_exit(blobifier);
- }
- struct trusted_key_ops trusted_key_caam_ops = {
- .migratable = 0, /* non-migratable */
- .init = trusted_caam_init,
- .seal = trusted_caam_seal,
- .unseal = trusted_caam_unseal,
- .exit = trusted_caam_exit,
- };
|
