1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2010 IBM Corporation
4 * Copyright (C) 2010 Politecnico di Torino, Italy
5 * TORSEC group -- http://security.polito.it
6 *
7 * Authors:
8 * Mimi Zohar <zohar@us.ibm.com>
9 * Roberto Sassu <roberto.sassu@polito.it>
10 *
11 * See Documentation/security/keys/trusted-encrypted.rst
12 */
13
14 #include <linux/uaccess.h>
15 #include <linux/err.h>
16 #include <keys/trusted-type.h>
17 #include <keys/encrypted-type.h>
18 #include "encrypted.h"
19
20 /*
21 * request_trusted_key - request the trusted key
22 *
23 * Trusted keys are sealed to PCRs and other metadata. Although userspace
24 * manages both trusted/encrypted key-types, like the encrypted key type
25 * data, trusted key type data is not visible decrypted from userspace.
26 */
27 struct key *request_trusted_key(const char *trusted_desc,
28 const u8 **master_key, size_t *master_keylen)
29 {
30 struct trusted_key_payload *tpayload;
31 struct key *tkey;
32
33 tkey = request_key(&key_type_trusted, trusted_desc, NULL);
34 if (IS_ERR(tkey))
35 goto error;
36
37 down_read(&tkey->sem);
38 tpayload = tkey->payload.data[0];
39 *master_key = tpayload->key;
40 *master_keylen = tpayload->key_len;
41 error:
42 return tkey;
43 }