1 /* 2 * Copyright (C) 2010 IBM Corporation 3 * Copyright (C) 2010 Politecnico di Torino, Italy 4 * TORSEC group -- http://security.polito.it 5 * 6 * Authors: 7 * Mimi Zohar <zohar@us.ibm.com> 8 * Roberto Sassu <roberto.sassu@polito.it> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation, version 2 of the License. 13 * 14 * See Documentation/security/keys-trusted-encrypted.txt 15 */ 16 17 #include <linux/uaccess.h> 18 #include <linux/module.h> 19 #include <linux/err.h> 20 #include <keys/trusted-type.h> 21 #include <keys/encrypted-type.h> 22 #include "encrypted.h" 23 24 /* 25 * request_trusted_key - request the trusted key 26 * 27 * Trusted keys are sealed to PCRs and other metadata. Although userspace 28 * manages both trusted/encrypted key-types, like the encrypted key type 29 * data, trusted key type data is not visible decrypted from userspace. 30 */ 31 struct key *request_trusted_key(const char *trusted_desc, 32 u8 **master_key, size_t *master_keylen) 33 { 34 struct trusted_key_payload *tpayload; 35 struct key *tkey; 36 37 tkey = request_key(&key_type_trusted, trusted_desc, NULL); 38 if (IS_ERR(tkey)) 39 goto error; 40 41 down_read(&tkey->sem); 42 tpayload = rcu_dereference(tkey->payload.data); 43 *master_key = tpayload->key; 44 *master_keylen = tpayload->key_len; 45 error: 46 return tkey; 47 } 48