aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch')
-rw-r--r--target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch162
1 files changed, 0 insertions, 162 deletions
diff --git a/target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch b/target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch
deleted file mode 100644
index 3a354e1fa8..0000000000
--- a/target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-From a8b1717089d6d215a48bb2816dff4a02376f3d16 Mon Sep 17 00:00:00 2001
-From: Udit Agarwal <udit.agarwal@nxp.com>
-Date: Wed, 4 Jul 2018 11:24:49 +0530
-Subject: [PATCH] encrypted_keys: Adds support for secure key-type as master
- key.
-
-Encrypted keys can use secure key-type as master key along with
-trusted/user keys.
-
-Secure key as master key uses, secure key type payload derieved
-using CAAM hardware.
-
-Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
-Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
----
- MAINTAINERS | 1 +
- security/keys/encrypted-keys/Makefile | 2 ++
- security/keys/encrypted-keys/encrypted.c | 13 +++++++--
- security/keys/encrypted-keys/encrypted.h | 13 +++++++++
- security/keys/encrypted-keys/masterkey_secure.c | 37 +++++++++++++++++++++++++
- 5 files changed, 64 insertions(+), 2 deletions(-)
- create mode 100644 security/keys/encrypted-keys/masterkey_secure.c
-
---- a/MAINTAINERS
-+++ b/MAINTAINERS
-@@ -9085,6 +9085,7 @@ F: include/keys/secure-type.h
- F: security/keys/secure_key.c
- F: security/keys/securekey_desc.c
- F: security/keys/securekey_desc.h
-+F: security/keys/encrypted-keys/masterkey_secure.c
-
- KEYS/KEYRINGS:
- M: David Howells <dhowells@redhat.com>
---- a/security/keys/encrypted-keys/Makefile
-+++ b/security/keys/encrypted-keys/Makefile
-@@ -7,5 +7,7 @@ obj-$(CONFIG_ENCRYPTED_KEYS) += encrypte
-
- encrypted-keys-y := encrypted.o ecryptfs_format.o
- masterkey-$(CONFIG_TRUSTED_KEYS) := masterkey_trusted.o
-+masterkey-$(CONFIG_SECURE_KEYS) := masterkey_secure.o
- masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_trusted.o
-+masterkey-$(CONFIG_SECURE_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_secure.o
- encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
---- a/security/keys/encrypted-keys/encrypted.c
-+++ b/security/keys/encrypted-keys/encrypted.c
-@@ -36,6 +36,7 @@
- #include "ecryptfs_format.h"
-
- static const char KEY_TRUSTED_PREFIX[] = "trusted:";
-+static const char KEY_SECURE_PREFIX[] = "secure:";
- static const char KEY_USER_PREFIX[] = "user:";
- static const char hash_alg[] = "sha256";
- static const char hmac_alg[] = "hmac(sha256)";
-@@ -47,6 +48,7 @@ static unsigned int ivsize;
- static int blksize;
-
- #define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)
-+#define KEY_SECURE_PREFIX_LEN (sizeof(KEY_SECURE_PREFIX) - 1)
- #define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)
- #define KEY_ECRYPTFS_DESC_LEN 16
- #define HASH_SIZE SHA256_DIGEST_SIZE
-@@ -125,7 +127,7 @@ static int valid_ecryptfs_desc(const cha
- /*
- * valid_master_desc - verify the 'key-type:desc' of a new/updated master-key
- *
-- * key-type:= "trusted:" | "user:"
-+ * key-type:= "trusted:" | "user:" | "secure:"
- * desc:= master-key description
- *
- * Verify that 'key-type' is valid and that 'desc' exists. On key update,
-@@ -140,6 +142,8 @@ static int valid_master_desc(const char
-
- if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN))
- prefix_len = KEY_TRUSTED_PREFIX_LEN;
-+ else if (!strncmp(new_desc, KEY_SECURE_PREFIX, KEY_SECURE_PREFIX_LEN))
-+ prefix_len = KEY_SECURE_PREFIX_LEN;
- else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN))
- prefix_len = KEY_USER_PREFIX_LEN;
- else
-@@ -358,7 +362,7 @@ static int calc_hmac(u8 *digest, const u
-
- enum derived_key_type { ENC_KEY, AUTH_KEY };
-
--/* Derive authentication/encryption key from trusted key */
-+/* Derive authentication/encryption key from trusted/secure key */
- static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
- const u8 *master_key, size_t master_keylen)
- {
-@@ -429,6 +433,11 @@ static struct key *request_master_key(st
- mkey = request_trusted_key(epayload->master_desc +
- KEY_TRUSTED_PREFIX_LEN,
- master_key, master_keylen);
-+ } else if (!strncmp(epayload->master_desc, KEY_SECURE_PREFIX,
-+ KEY_SECURE_PREFIX_LEN)) {
-+ mkey = request_secure_key(epayload->master_desc +
-+ KEY_SECURE_PREFIX_LEN,
-+ master_key, master_keylen);
- } else if (!strncmp(epayload->master_desc, KEY_USER_PREFIX,
- KEY_USER_PREFIX_LEN)) {
- mkey = request_user_key(epayload->master_desc +
---- a/security/keys/encrypted-keys/encrypted.h
-+++ b/security/keys/encrypted-keys/encrypted.h
-@@ -16,6 +16,19 @@ static inline struct key *request_truste
- }
- #endif
-
-+#if defined(CONFIG_SECURE_KEYS)
-+extern struct key *request_secure_key(const char *secure_desc,
-+ const u8 **master_key,
-+ size_t *master_keylen);
-+#else
-+static inline struct key *request_secure_key(const char *secure_desc,
-+ const u8 **master_key,
-+ size_t *master_keylen)
-+{
-+ return ERR_PTR(-EOPNOTSUPP);
-+}
-+#endif
-+
- #if ENCRYPTED_DEBUG
- static inline void dump_master_key(const u8 *master_key, size_t master_keylen)
- {
---- /dev/null
-+++ b/security/keys/encrypted-keys/masterkey_secure.c
-@@ -0,0 +1,37 @@
-+// SPDX-License-Identifier: GPL-2.0
-+/*
-+ * Copyright (C) 2018 NXP.
-+ *
-+ */
-+
-+#include <linux/uaccess.h>
-+#include <linux/module.h>
-+#include <linux/err.h>
-+#include <keys/secure-type.h>
-+#include <keys/encrypted-type.h>
-+#include "encrypted.h"
-+
-+/*
-+ * request_secure_key - request the secure key
-+ *
-+ * Secure keys and their blobs are derived from CAAM hardware.
-+ * Userspace manages secure key-type data, but key data is not
-+ * visible in plain form. It is presented as blobs.
-+ */
-+struct key *request_secure_key(const char *secure_desc,
-+ const u8 **master_key, size_t *master_keylen)
-+{
-+ struct secure_key_payload *spayload;
-+ struct key *skey;
-+
-+ skey = request_key(&key_type_secure, secure_desc, NULL);
-+ if (IS_ERR(skey))
-+ goto error;
-+
-+ down_read(&skey->sem);
-+ spayload = skey->payload.data[0];
-+ *master_key = spayload->key;
-+ *master_keylen = spayload->key_len;
-+error:
-+ return skey;
-+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 08:37:01 +0000