1 /* 2 * Copyright (C) 2010 IBM Corporation 3 * Copyright (C) 2010 Politecnico di Torino, Italy 4 * TORSEC group -- http://security.polito.it 5 * 6 * Authors: 7 * Mimi Zohar <zohar@us.ibm.com> 8 * Roberto Sassu <roberto.sassu@polito.it> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation, version 2 of the License. 13 * 14 * See Documentation/security/keys-trusted-encrypted.txt 15 */ 16 17 #include <linux/uaccess.h> 18 #include <linux/module.h> 19 #include <linux/err.h> 20 #include <keys/trusted-type.h> 21 22 /* 23 * request_trusted_key - request the trusted key 24 * 25 * Trusted keys are sealed to PCRs and other metadata. Although userspace 26 * manages both trusted/encrypted key-types, like the encrypted key type 27 * data, trusted key type data is not visible decrypted from userspace. 28 */ 29 struct key *request_trusted_key(const char *trusted_desc, 30 u8 **master_key, size_t *master_keylen) 31 { 32 struct trusted_key_payload *tpayload; 33 struct key *tkey; 34 35 tkey = request_key(&key_type_trusted, trusted_desc, NULL); 36 if (IS_ERR(tkey)) 37 goto error; 38 39 down_read(&tkey->sem); 40 tpayload = rcu_dereference(tkey->payload.data); 41 *master_key = tpayload->key; 42 *master_keylen = tpayload->key_len; 43 error: 44 return tkey; 45 } 46