xref: /openbmc/linux/drivers/s390/crypto/zcrypt_ccamisc.h (revision 2612e3bbc0386368a850140a6c9b990cd496a5ec) 
1  /* SPDX-License-Identifier: GPL-2.0+ */
2  /*
3   *  Copyright IBM Corp. 2019
4   *  Author(s): Harald Freudenberger <freude@linux.ibm.com>
5   *	       Ingo Franzki <ifranzki@linux.ibm.com>
6   *
7   *  Collection of CCA misc functions used by zcrypt and pkey
8   */
9  
10  #ifndef _ZCRYPT_CCAMISC_H_
11  #define _ZCRYPT_CCAMISC_H_
12  
13  #include <asm/zcrypt.h>
14  #include <asm/pkey.h>
15  
16  /* Key token types */
17  #define TOKTYPE_NON_CCA		 0x00 /* Non-CCA key token */
18  #define TOKTYPE_CCA_INTERNAL	 0x01 /* CCA internal sym key token */
19  #define TOKTYPE_CCA_INTERNAL_PKA 0x1f /* CCA internal asym key token */
20  
21  /* For TOKTYPE_NON_CCA: */
22  #define TOKVER_PROTECTED_KEY	0x01 /* Protected key token */
23  #define TOKVER_CLEAR_KEY	0x02 /* Clear key token */
24  
25  /* For TOKTYPE_CCA_INTERNAL: */
26  #define TOKVER_CCA_AES		0x04 /* CCA AES key token */
27  #define TOKVER_CCA_VLSC		0x05 /* var length sym cipher key token */
28  
29  /* Max size of a cca variable length cipher key token */
30  #define MAXCCAVLSCTOKENSIZE 725
31  
32  /* header part of a CCA key token */
33  struct keytoken_header {
34  	u8  type;     /* one of the TOKTYPE values */
35  	u8  res0[1];
36  	u16 len;      /* vlsc token: total length in bytes */
37  	u8  version;  /* one of the TOKVER values */
38  	u8  res1[3];
39  } __packed;
40  
41  /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
42  struct secaeskeytoken {
43  	u8  type;     /* 0x01 for internal key token */
44  	u8  res0[3];
45  	u8  version;  /* should be 0x04 */
46  	u8  res1[1];
47  	u8  flag;     /* key flags */
48  	u8  res2[1];
49  	u64 mkvp;     /* master key verification pattern */
50  	u8  key[32];  /* key value (encrypted) */
51  	u8  cv[8];    /* control vector */
52  	u16 bitsize;  /* key bit size */
53  	u16 keysize;  /* key byte size */
54  	u8  tvv[4];   /* token validation value */
55  } __packed;
56  
57  /* inside view of a variable length symmetric cipher AES key token */
58  struct cipherkeytoken {
59  	u8  type;     /* 0x01 for internal key token */
60  	u8  res0[1];
61  	u16 len;      /* total key token length in bytes */
62  	u8  version;  /* should be 0x05 */
63  	u8  res1[3];
64  	u8  kms;      /* key material state, 0x03 means wrapped with MK */
65  	u8  kvpt;     /* key verification pattern type, should be 0x01 */
66  	u64 mkvp0;    /* master key verification pattern, lo part */
67  	u64 mkvp1;    /* master key verification pattern, hi part (unused) */
68  	u8  eskwm;    /* encrypted section key wrapping method */
69  	u8  hashalg;  /* hash algorithmus used for wrapping key */
70  	u8  plfver;   /* pay load format version */
71  	u8  res2[1];
72  	u8  adsver;   /* associated data section version */
73  	u8  res3[1];
74  	u16 adslen;   /* associated data section length */
75  	u8  kllen;    /* optional key label length */
76  	u8  ieaslen;  /* optional extended associated data length */
77  	u8  uadlen;   /* optional user definable associated data length */
78  	u8  res4[1];
79  	u16 wpllen;   /* wrapped payload length in bits: */
80  		      /*   plfver  0x00 0x01		 */
81  		      /*   AES-128  512  640		 */
82  		      /*   AES-192  576  640		 */
83  		      /*   AES-256  640  640		 */
84  	u8  res5[1];
85  	u8  algtype;  /* 0x02 for AES cipher */
86  	u16 keytype;  /* 0x0001 for 'cipher' */
87  	u8  kufc;     /* key usage field count */
88  	u16 kuf1;     /* key usage field 1 */
89  	u16 kuf2;     /* key usage field 2 */
90  	u8  kmfc;     /* key management field count */
91  	u16 kmf1;     /* key management field 1 */
92  	u16 kmf2;     /* key management field 2 */
93  	u16 kmf3;     /* key management field 3 */
94  	u8  vdata[]; /* variable part data follows */
95  } __packed;
96  
97  /* inside view of an CCA secure ECC private key */
98  struct eccprivkeytoken {
99  	u8  type;     /* 0x1f for internal asym key token */
100  	u8  version;  /* should be 0x00 */
101  	u16 len;      /* total key token length in bytes */
102  	u8  res1[4];
103  	u8  secid;    /* 0x20 for ECC priv key section marker */
104  	u8  secver;   /* section version */
105  	u16 seclen;   /* section length */
106  	u8  wtype;    /* wrapping method, 0x00 clear, 0x01 AES */
107  	u8  htype;    /* hash method, 0x02 for SHA-256 */
108  	u8  res2[2];
109  	u8  kutc;     /* key usage and translation control */
110  	u8  ctype;    /* curve type */
111  	u8  kfs;      /* key format and security */
112  	u8  ksrc;     /* key source */
113  	u16 pbitlen;  /* length of prime p in bits */
114  	u16 ibmadlen; /* IBM associated data length in bytes */
115  	u64 mkvp;     /* master key verification pattern */
116  	u8  opk[48];  /* encrypted object protection key data */
117  	u16 adatalen; /* associated data length in bytes */
118  	u16 fseclen;  /* formatted section length in bytes */
119  	u8  more_data[]; /* more data follows */
120  } __packed;
121  
122  /* Some defines for the CCA AES cipherkeytoken kmf1 field */
123  #define KMF1_XPRT_SYM  0x8000
124  #define KMF1_XPRT_UASY 0x4000
125  #define KMF1_XPRT_AASY 0x2000
126  #define KMF1_XPRT_RAW  0x1000
127  #define KMF1_XPRT_CPAC 0x0800
128  #define KMF1_XPRT_DES  0x0080
129  #define KMF1_XPRT_AES  0x0040
130  #define KMF1_XPRT_RSA  0x0008
131  
132  /*
133   * Simple check if the token is a valid CCA secure AES data key
134   * token. If keybitsize is given, the bitsize of the key is
135   * also checked. Returns 0 on success or errno value on failure.
136   */
137  int cca_check_secaeskeytoken(debug_info_t *dbg, int dbflvl,
138  			     const u8 *token, int keybitsize);
139  
140  /*
141   * Simple check if the token is a valid CCA secure AES cipher key
142   * token. If keybitsize is given, the bitsize of the key is
143   * also checked. If checkcpacfexport is enabled, the key is also
144   * checked for the export flag to allow CPACF export.
145   * Returns 0 on success or errno value on failure.
146   */
147  int cca_check_secaescipherkey(debug_info_t *dbg, int dbflvl,
148  			      const u8 *token, int keybitsize,
149  			      int checkcpacfexport);
150  
151  /*
152   * Simple check if the token is a valid CCA secure ECC private
153   * key token. Returns 0 on success or errno value on failure.
154   */
155  int cca_check_sececckeytoken(debug_info_t *dbg, int dbflvl,
156  			     const u8 *token, size_t keysize,
157  			     int checkcpacfexport);
158  
159  /*
160   * Generate (random) CCA AES DATA secure key.
161   */
162  int cca_genseckey(u16 cardnr, u16 domain, u32 keybitsize, u8 *seckey);
163  
164  /*
165   * Generate CCA AES DATA secure key with given clear key value.
166   */
167  int cca_clr2seckey(u16 cardnr, u16 domain, u32 keybitsize,
168  		   const u8 *clrkey, u8 *seckey);
169  
170  /*
171   * Derive proteced key from an CCA AES DATA secure key.
172   */
173  int cca_sec2protkey(u16 cardnr, u16 domain,
174  		    const u8 *seckey, u8 *protkey, u32 *protkeylen,
175  		    u32 *protkeytype);
176  
177  /*
178   * Generate (random) CCA AES CIPHER secure key.
179   */
180  int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
181  		     u8 *keybuf, size_t *keybufsize);
182  
183  /*
184   * Derive proteced key from CCA AES cipher secure key.
185   */
186  int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey,
187  		       u8 *protkey, u32 *protkeylen, u32 *protkeytype);
188  
189  /*
190   * Build CCA AES CIPHER secure key with a given clear key value.
191   */
192  int cca_clr2cipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
193  		      const u8 *clrkey, u8 *keybuf, size_t *keybufsize);
194  
195  /*
196   * Derive proteced key from CCA ECC secure private key.
197   */
198  int cca_ecc2protkey(u16 cardnr, u16 domain, const u8 *key,
199  		    u8 *protkey, u32 *protkeylen, u32 *protkeytype);
200  
201  /*
202   * Query cryptographic facility from CCA adapter
203   */
204  int cca_query_crypto_facility(u16 cardnr, u16 domain,
205  			      const char *keyword,
206  			      u8 *rarray, size_t *rarraylen,
207  			      u8 *varray, size_t *varraylen);
208  
209  /*
210   * Search for a matching crypto card based on the Master Key
211   * Verification Pattern provided inside a secure key.
212   * Works with CCA AES data and cipher keys.
213   * Returns < 0 on failure, 0 if CURRENT MKVP matches and
214   * 1 if OLD MKVP matches.
215   */
216  int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify);
217  
218  /*
219   * Build a list of cca apqns meeting the following constrains:
220   * - apqn is online and is in fact a CCA apqn
221   * - if cardnr is not FFFF only apqns with this cardnr
222   * - if domain is not FFFF only apqns with this domainnr
223   * - if minhwtype > 0 only apqns with hwtype >= minhwtype
224   * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp
225   * - if old_mkvp != 0 only apqns where old_mkvp == mkvp
226   * - if verify is enabled and a cur_mkvp and/or old_mkvp
227   *   value is given, then refetch the cca_info and make sure the current
228   *   cur_mkvp or old_mkvp values of the apqn are used.
229   * The mktype determines which set of master keys to use:
230   *   0 = AES_MK_SET - AES MK set, 1 = APKA MK_SET - APKA MK set
231   * The array of apqn entries is allocated with kmalloc and returned in *apqns;
232   * the number of apqns stored into the list is returned in *nr_apqns. One apqn
233   * entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and
234   * may be casted to struct pkey_apqn. The return value is either 0 for success
235   * or a negative errno value. If no apqn meeting the criteria is found,
236   * -ENODEV is returned.
237   */
238  int cca_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
239  		  int minhwtype, int mktype, u64 cur_mkvp, u64 old_mkvp,
240  		  int verify);
241  
242  #define AES_MK_SET  0
243  #define APKA_MK_SET 1
244  
245  /* struct to hold info for each CCA queue */
246  struct cca_info {
247  	int  hwtype;		/* one of the defined AP_DEVICE_TYPE_* */
248  	char new_aes_mk_state;	/* '1' empty, '2' partially full, '3' full */
249  	char cur_aes_mk_state;	/* '1' invalid, '2' valid */
250  	char old_aes_mk_state;	/* '1' invalid, '2' valid */
251  	char new_apka_mk_state; /* '1' empty, '2' partially full, '3' full */
252  	char cur_apka_mk_state; /* '1' invalid, '2' valid */
253  	char old_apka_mk_state; /* '1' invalid, '2' valid */
254  	char new_asym_mk_state;	/* '1' empty, '2' partially full, '3' full */
255  	char cur_asym_mk_state;	/* '1' invalid, '2' valid */
256  	char old_asym_mk_state;	/* '1' invalid, '2' valid */
257  	u64  new_aes_mkvp;	/* truncated sha256 of new aes master key */
258  	u64  cur_aes_mkvp;	/* truncated sha256 of current aes master key */
259  	u64  old_aes_mkvp;	/* truncated sha256 of old aes master key */
260  	u64  new_apka_mkvp;	/* truncated sha256 of new apka master key */
261  	u64  cur_apka_mkvp;	/* truncated sha256 of current apka mk */
262  	u64  old_apka_mkvp;	/* truncated sha256 of old apka mk */
263  	u8   new_asym_mkvp[16];	/* verify pattern of new asym master key */
264  	u8   cur_asym_mkvp[16];	/* verify pattern of current asym master key */
265  	u8   old_asym_mkvp[16];	/* verify pattern of old asym master key */
266  	char serial[9];		/* serial number (8 ascii numbers + 0x00) */
267  };
268  
269  /*
270   * Fetch cca information about an CCA queue.
271   */
272  int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify);
273  
274  void zcrypt_ccamisc_exit(void);
275  
276  #endif /* _ZCRYPT_CCAMISC_H_ */
277