^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Copyright (C) 2010 IBM Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * Copyright (C) 2010 Politecnico di Torino, Italy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * TORSEC group -- https://security.polito.it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Authors:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Mimi Zohar <zohar@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Roberto Sassu <roberto.sassu@polito.it>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * See Documentation/security/keys/trusted-encrypted.rst
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/uaccess.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/err.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <keys/trusted-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <keys/encrypted-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include "encrypted.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * request_trusted_key - request the trusted key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) * Trusted keys are sealed to PCRs and other metadata. Although userspace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) * manages both trusted/encrypted key-types, like the encrypted key type
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) * data, trusted key type data is not visible decrypted from userspace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) struct key *request_trusted_key(const char *trusted_desc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) const u8 **master_key, size_t *master_keylen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) struct trusted_key_payload *tpayload;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) struct key *tkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) tkey = request_key(&key_type_trusted, trusted_desc, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) if (IS_ERR(tkey))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) down_read(&tkey->sem);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) tpayload = tkey->payload.data[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) *master_key = tpayload->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) *master_keylen = tpayload->key_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) return tkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) }