1
2
3
4
5
6
7#ifndef _KEYS_TRUSTED_TYPE_H
8#define _KEYS_TRUSTED_TYPE_H
9
10#include <linux/key.h>
11#include <linux/rcupdate.h>
12#include <linux/tpm.h>
13
14#ifdef pr_fmt
15#undef pr_fmt
16#endif
17
18#define pr_fmt(fmt) "trusted_key: " fmt
19
20#define MIN_KEY_SIZE 32
21#define MAX_KEY_SIZE 128
22#define MAX_BLOB_SIZE 512
23#define MAX_PCRINFO_SIZE 64
24#define MAX_DIGEST_SIZE 64
25
26struct trusted_key_payload {
27 struct rcu_head rcu;
28 unsigned int key_len;
29 unsigned int blob_len;
30 unsigned char migratable;
31 unsigned char old_format;
32 unsigned char key[MAX_KEY_SIZE + 1];
33 unsigned char blob[MAX_BLOB_SIZE];
34};
35
36struct trusted_key_options {
37 uint16_t keytype;
38 uint32_t keyhandle;
39 unsigned char keyauth[TPM_DIGEST_SIZE];
40 uint32_t blobauth_len;
41 unsigned char blobauth[TPM_DIGEST_SIZE];
42 uint32_t pcrinfo_len;
43 unsigned char pcrinfo[MAX_PCRINFO_SIZE];
44 int pcrlock;
45 uint32_t hash;
46 uint32_t policydigest_len;
47 unsigned char policydigest[MAX_DIGEST_SIZE];
48 uint32_t policyhandle;
49};
50
51struct trusted_key_ops {
52
53
54
55
56 unsigned char migratable;
57
58
59 int (*init)(void);
60
61
62 int (*seal)(struct trusted_key_payload *p, char *datablob);
63
64
65 int (*unseal)(struct trusted_key_payload *p, char *datablob);
66
67
68 int (*get_random)(unsigned char *key, size_t key_len);
69
70
71 void (*exit)(void);
72};
73
74struct trusted_key_source {
75 char *name;
76 struct trusted_key_ops *ops;
77};
78
79extern struct key_type key_type_trusted;
80
81#define TRUSTED_DEBUG 0
82
83#if TRUSTED_DEBUG
84static inline void dump_payload(struct trusted_key_payload *p)
85{
86 pr_info("key_len %d\n", p->key_len);
87 print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
88 16, 1, p->key, p->key_len, 0);
89 pr_info("bloblen %d\n", p->blob_len);
90 print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
91 16, 1, p->blob, p->blob_len, 0);
92 pr_info("migratable %d\n", p->migratable);
93}
94#else
95static inline void dump_payload(struct trusted_key_payload *p)
96{
97}
98#endif
99
100#endif
101
