diff options
| author | Steffen Trumtrar <s.trumtrar@pengutronix.de> | 2016-02-17 11:54:09 +0100 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-04-12 11:58:39 +0200 |
| commit | 6f91b9b1994fff3a627633b8883b9ea3fc3acef1 (patch) | |
| tree | 4121e97842292edcd00823b9d7e4a8be36d25d52 /include/blobgen.h | |
| parent | 4b4dc564f46d2179dbf7e40f6434ec0664ed7c53 (diff) | |
| download | barebox-6f91b9b1994fff3a627633b8883b9ea3fc3acef1.tar.gz barebox-6f91b9b1994fff3a627633b8883b9ea3fc3acef1.tar.xz | |
lib: add blobgen framework
This adds a framework for en/decrypting data blobs. Some SoCs have
support for hardware crypto engines that can en/decrypt using keys
that a tied to the SoC and are visible for the crypto hardware only.
With this patch it's possible to encrypt confidential data using
these keys and to decrypt it later for usage.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'include/blobgen.h')
| -rw-r--r-- | include/blobgen.h | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/include/blobgen.h b/include/blobgen.h new file mode 100644 index 0000000000..09a6637b77 --- /dev/null +++ b/include/blobgen.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2016 Pengutronix, Steffen Trumtrar <kernel@pengutronix.de> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#ifndef __BLOBGEN_H__ +#define __BLOBGEN_H__ + +#include <common.h> + +enum access_rights { + KERNEL, + KERNEL_EVM, + USERSPACE, +}; + +#define KEYMOD_LENGTH 16 +#define MAX_BLOB_LEN 4096 +#define BLOCKSIZE_BYTES 8 + +struct blobgen { + struct device_d dev; + int (*encrypt)(struct blobgen *bg, const char *modifier, + const void *plain, int plainsize, void *blob, + int *blobsize); + int (*decrypt)(struct blobgen *bg, const char *modifier, + const void *blob, int blobsize, void **plain, + int *plainsize); + + enum access_rights access; + unsigned int max_payload_size; + + struct list_head list; +}; + +int blob_gen_register(struct device_d *dev, struct blobgen *bg); + +struct blobgen *blobgen_get(const char *name); + +int blob_encrypt(struct blobgen *blg, const char *modifier, const void *plain, + int plainsize, void **blob, int *blobsize); +int blob_encrypt_to_env(struct blobgen *blg, const char *modifier, + const void *plain, int plainsize, const char *varname); +int blob_decrypt(struct blobgen *bg, const char *modifier, const void *blob, + int blobsize, void **plain, int *plainsize); +int blob_decrypt_from_base64(struct blobgen *blg, const char *modifier, + const char *encrypted, void **plain, int *plainsize); + +#endif |