162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Copyright (C) 2010 IBM Corporation 462306a36Sopenharmony_ci * Copyright (C) 2010 Politecnico di Torino, Italy 562306a36Sopenharmony_ci * TORSEC group -- https://security.polito.it 662306a36Sopenharmony_ci * 762306a36Sopenharmony_ci * Authors: 862306a36Sopenharmony_ci * Mimi Zohar <zohar@us.ibm.com> 962306a36Sopenharmony_ci * Roberto Sassu <roberto.sassu@polito.it> 1062306a36Sopenharmony_ci * 1162306a36Sopenharmony_ci * See Documentation/security/keys/trusted-encrypted.rst 1262306a36Sopenharmony_ci */ 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_ci#include <linux/uaccess.h> 1562306a36Sopenharmony_ci#include <linux/err.h> 1662306a36Sopenharmony_ci#include <keys/trusted-type.h> 1762306a36Sopenharmony_ci#include <keys/encrypted-type.h> 1862306a36Sopenharmony_ci#include "encrypted.h" 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ci/* 2162306a36Sopenharmony_ci * request_trusted_key - request the trusted key 2262306a36Sopenharmony_ci * 2362306a36Sopenharmony_ci * Trusted keys are sealed to PCRs and other metadata. Although userspace 2462306a36Sopenharmony_ci * manages both trusted/encrypted key-types, like the encrypted key type 2562306a36Sopenharmony_ci * data, trusted key type data is not visible decrypted from userspace. 2662306a36Sopenharmony_ci */ 2762306a36Sopenharmony_cistruct key *request_trusted_key(const char *trusted_desc, 2862306a36Sopenharmony_ci const u8 **master_key, size_t *master_keylen) 2962306a36Sopenharmony_ci{ 3062306a36Sopenharmony_ci struct trusted_key_payload *tpayload; 3162306a36Sopenharmony_ci struct key *tkey; 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci tkey = request_key(&key_type_trusted, trusted_desc, NULL); 3462306a36Sopenharmony_ci if (IS_ERR(tkey)) 3562306a36Sopenharmony_ci goto error; 3662306a36Sopenharmony_ci 3762306a36Sopenharmony_ci down_read(&tkey->sem); 3862306a36Sopenharmony_ci tpayload = tkey->payload.data[0]; 3962306a36Sopenharmony_ci *master_key = tpayload->key; 4062306a36Sopenharmony_ci *master_keylen = tpayload->key_len; 4162306a36Sopenharmony_cierror: 4262306a36Sopenharmony_ci return tkey; 4362306a36Sopenharmony_ci} 44