Path: blob/master/security/keys/trusted-keys/trusted_caam.c
26442 views
// SPDX-License-Identifier: GPL-2.0-only1/*2* Copyright (C) 2021 Pengutronix, Ahmad Fatoum <[email protected]>3*/45#include <keys/trusted_caam.h>6#include <keys/trusted-type.h>7#include <linux/build_bug.h>8#include <linux/key-type.h>9#include <soc/fsl/caam-blob.h>1011static struct caam_blob_priv *blobifier;1213#define KEYMOD "SECURE_KEY"1415static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN);16static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN);1718static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob)19{20int ret;21struct caam_blob_info info = {22.input = p->key, .input_len = p->key_len,23.output = p->blob, .output_len = MAX_BLOB_SIZE,24.key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,25};2627ret = caam_encap_blob(blobifier, &info);28if (ret)29return ret;3031p->blob_len = info.output_len;32return 0;33}3435static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob)36{37int ret;38struct caam_blob_info info = {39.input = p->blob, .input_len = p->blob_len,40.output = p->key, .output_len = MAX_KEY_SIZE,41.key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,42};4344ret = caam_decap_blob(blobifier, &info);45if (ret)46return ret;4748p->key_len = info.output_len;49return 0;50}5152static int trusted_caam_init(void)53{54int ret;5556blobifier = caam_blob_gen_init();57if (IS_ERR(blobifier))58return PTR_ERR(blobifier);5960ret = register_key_type(&key_type_trusted);61if (ret)62caam_blob_gen_exit(blobifier);6364return ret;65}6667static void trusted_caam_exit(void)68{69unregister_key_type(&key_type_trusted);70caam_blob_gen_exit(blobifier);71}7273struct trusted_key_ops trusted_key_caam_ops = {74.migratable = 0, /* non-migratable */75.init = trusted_caam_init,76.seal = trusted_caam_seal,77.unseal = trusted_caam_unseal,78.exit = trusted_caam_exit,79};808182