Commit 117f02a4 authored by Jakub Kicinski's avatar Jakub Kicinski Committed by Paolo Abeni
Browse files

psp: add op for rotation of device key 



Rotating the device key is a key part of the PSP protocol design.
Some external daemon needs to do it once a day, or so.
Add a netlink op to perform this operation.
Add a notification group for informing users that key has been
rotated and they should rekey (next rotation will cut them off).

Reviewed-by: default avatarWillem de Bruijn <willemb@google.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarDaniel Zahka <daniel.zahka@gmail.com>
Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250917000954.859376-6-daniel.zahka@gmail.com


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent 659a2899

Documentation/netlink/specs/psp.yaml

+21 −0
Original line number Diff line number Diff line
@@ -88,9 +88,30 @@ operations: 
      notify: dev-get

      mcgrp: mgmt



    -

      name: key-rotate

      doc: Rotate the device key.

      attribute-set: dev

      do:

        request:

          attributes:

            - id

        reply:

          attributes:

            - id

        pre: psp-device-get-locked

        post: psp-device-unlock

    -

      name: key-rotate-ntf

      doc: Notification about device key getting rotated.

      notify: key-rotate

      mcgrp: use



mcast-groups:

  list:

    -

      name: mgmt

    -

      name: use



...

include/net/psp/types.h

+5 −0
Original line number Diff line number Diff line
@@ -102,6 +102,11 @@ struct psp_dev_ops { 
	 */

	int (*set_config)(struct psp_dev *psd, struct psp_dev_config *conf,

			  struct netlink_ext_ack *extack);



	/**

	 * @key_rotate: rotate the device key

	 */

	int (*key_rotate)(struct psp_dev *psd, struct netlink_ext_ack *extack);

};



#endif /* __NET_PSP_H */

include/uapi/linux/psp.h

+3 −0
Original line number Diff line number Diff line
@@ -32,11 +32,14 @@ enum { 
	PSP_CMD_DEV_DEL_NTF,

	PSP_CMD_DEV_SET,

	PSP_CMD_DEV_CHANGE_NTF,

	PSP_CMD_KEY_ROTATE,

	PSP_CMD_KEY_ROTATE_NTF,



	__PSP_CMD_MAX,

	PSP_CMD_MAX = (__PSP_CMD_MAX - 1)

};



#define PSP_MCGRP_MGMT	"mgmt"

#define PSP_MCGRP_USE	"use"



#endif /* _UAPI_LINUX_PSP_H */

net/psp/psp-nl-gen.c

+15 −0
Original line number Diff line number Diff line
@@ -21,6 +21,11 @@ static const struct nla_policy psp_dev_set_nl_policy[PSP_A_DEV_PSP_VERSIONS_ENA 
	[PSP_A_DEV_PSP_VERSIONS_ENA] = NLA_POLICY_MASK(NLA_U32, 0xf),

};



/* PSP_CMD_KEY_ROTATE - do */

static const struct nla_policy psp_key_rotate_nl_policy[PSP_A_DEV_ID + 1] = {

	[PSP_A_DEV_ID] = NLA_POLICY_MIN(NLA_U32, 1),

};



/* Ops table for psp */

static const struct genl_split_ops psp_nl_ops[] = {

	{
@@ -46,10 +51,20 @@ static const struct genl_split_ops psp_nl_ops[] = { 
		.maxattr	= PSP_A_DEV_PSP_VERSIONS_ENA,

		.flags		= GENL_CMD_CAP_DO,

	},

	{

		.cmd		= PSP_CMD_KEY_ROTATE,

		.pre_doit	= psp_device_get_locked,

		.doit		= psp_nl_key_rotate_doit,

		.post_doit	= psp_device_unlock,

		.policy		= psp_key_rotate_nl_policy,

		.maxattr	= PSP_A_DEV_ID,

		.flags		= GENL_CMD_CAP_DO,

	},

};



static const struct genl_multicast_group psp_nl_mcgrps[] = {

	[PSP_NLGRP_MGMT] = { "mgmt", },

	[PSP_NLGRP_USE] = { "use", },

};



struct genl_family psp_nl_family __ro_after_init = {

net/psp/psp-nl-gen.h

+2 −0
Original line number Diff line number Diff line
@@ -20,9 +20,11 @@ psp_device_unlock(const struct genl_split_ops *ops, struct sk_buff *skb, 
int psp_nl_dev_get_doit(struct sk_buff *skb, struct genl_info *info);

int psp_nl_dev_get_dumpit(struct sk_buff *skb, struct netlink_callback *cb);

int psp_nl_dev_set_doit(struct sk_buff *skb, struct genl_info *info);

int psp_nl_key_rotate_doit(struct sk_buff *skb, struct genl_info *info);



enum {

	PSP_NLGRP_MGMT,

	PSP_NLGRP_USE,

};



extern struct genl_family psp_nl_family;