18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * Copyright (C) 2010 IBM Corporation 48c2ecf20Sopenharmony_ci * Copyright (C) 2010 Politecnico di Torino, Italy 58c2ecf20Sopenharmony_ci * TORSEC group -- https://security.polito.it 68c2ecf20Sopenharmony_ci * 78c2ecf20Sopenharmony_ci * Authors: 88c2ecf20Sopenharmony_ci * Mimi Zohar <zohar@us.ibm.com> 98c2ecf20Sopenharmony_ci * Roberto Sassu <roberto.sassu@polito.it> 108c2ecf20Sopenharmony_ci * 118c2ecf20Sopenharmony_ci * See Documentation/security/keys/trusted-encrypted.rst 128c2ecf20Sopenharmony_ci */ 138c2ecf20Sopenharmony_ci 148c2ecf20Sopenharmony_ci#include <linux/uaccess.h> 158c2ecf20Sopenharmony_ci#include <linux/err.h> 168c2ecf20Sopenharmony_ci#include <keys/trusted-type.h> 178c2ecf20Sopenharmony_ci#include <keys/encrypted-type.h> 188c2ecf20Sopenharmony_ci#include "encrypted.h" 198c2ecf20Sopenharmony_ci 208c2ecf20Sopenharmony_ci/* 218c2ecf20Sopenharmony_ci * request_trusted_key - request the trusted key 228c2ecf20Sopenharmony_ci * 238c2ecf20Sopenharmony_ci * Trusted keys are sealed to PCRs and other metadata. Although userspace 248c2ecf20Sopenharmony_ci * manages both trusted/encrypted key-types, like the encrypted key type 258c2ecf20Sopenharmony_ci * data, trusted key type data is not visible decrypted from userspace. 268c2ecf20Sopenharmony_ci */ 278c2ecf20Sopenharmony_cistruct key *request_trusted_key(const char *trusted_desc, 288c2ecf20Sopenharmony_ci const u8 **master_key, size_t *master_keylen) 298c2ecf20Sopenharmony_ci{ 308c2ecf20Sopenharmony_ci struct trusted_key_payload *tpayload; 318c2ecf20Sopenharmony_ci struct key *tkey; 328c2ecf20Sopenharmony_ci 338c2ecf20Sopenharmony_ci tkey = request_key(&key_type_trusted, trusted_desc, NULL); 348c2ecf20Sopenharmony_ci if (IS_ERR(tkey)) 358c2ecf20Sopenharmony_ci goto error; 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_ci down_read(&tkey->sem); 388c2ecf20Sopenharmony_ci tpayload = tkey->payload.data[0]; 398c2ecf20Sopenharmony_ci *master_key = tpayload->key; 408c2ecf20Sopenharmony_ci *master_keylen = tpayload->key_len; 418c2ecf20Sopenharmony_cierror: 428c2ecf20Sopenharmony_ci return tkey; 438c2ecf20Sopenharmony_ci} 44