trusted_caam.c (1818B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de> 4 */ 5 6#include <keys/trusted_caam.h> 7#include <keys/trusted-type.h> 8#include <linux/build_bug.h> 9#include <linux/key-type.h> 10#include <soc/fsl/caam-blob.h> 11 12static struct caam_blob_priv *blobifier; 13 14#define KEYMOD "SECURE_KEY" 15 16static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN); 17static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN); 18 19static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) 20{ 21 int ret; 22 struct caam_blob_info info = { 23 .input = p->key, .input_len = p->key_len, 24 .output = p->blob, .output_len = MAX_BLOB_SIZE, 25 .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, 26 }; 27 28 ret = caam_encap_blob(blobifier, &info); 29 if (ret) 30 return ret; 31 32 p->blob_len = info.output_len; 33 return 0; 34} 35 36static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob) 37{ 38 int ret; 39 struct caam_blob_info info = { 40 .input = p->blob, .input_len = p->blob_len, 41 .output = p->key, .output_len = MAX_KEY_SIZE, 42 .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, 43 }; 44 45 ret = caam_decap_blob(blobifier, &info); 46 if (ret) 47 return ret; 48 49 p->key_len = info.output_len; 50 return 0; 51} 52 53static int trusted_caam_init(void) 54{ 55 int ret; 56 57 blobifier = caam_blob_gen_init(); 58 if (IS_ERR(blobifier)) 59 return PTR_ERR(blobifier); 60 61 ret = register_key_type(&key_type_trusted); 62 if (ret) 63 caam_blob_gen_exit(blobifier); 64 65 return ret; 66} 67 68static void trusted_caam_exit(void) 69{ 70 unregister_key_type(&key_type_trusted); 71 caam_blob_gen_exit(blobifier); 72} 73 74struct trusted_key_ops trusted_key_caam_ops = { 75 .migratable = 0, /* non-migratable */ 76 .init = trusted_caam_init, 77 .seal = trusted_caam_seal, 78 .unseal = trusted_caam_unseal, 79 .exit = trusted_caam_exit, 80};