xref: /openbmc/linux/drivers/s390/crypto/pkey_api.c (revision c4c3c32d)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  pkey device driver
4  *
5  *  Copyright IBM Corp. 2017, 2023
6  *
7  *  Author(s): Harald Freudenberger
8  */
9 
10 #define KMSG_COMPONENT "pkey"
11 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
12 
13 #include <linux/fs.h>
14 #include <linux/init.h>
15 #include <linux/miscdevice.h>
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/kallsyms.h>
19 #include <linux/debugfs.h>
20 #include <linux/random.h>
21 #include <linux/cpufeature.h>
22 #include <asm/zcrypt.h>
23 #include <asm/cpacf.h>
24 #include <asm/pkey.h>
25 #include <crypto/aes.h>
26 
27 #include "zcrypt_api.h"
28 #include "zcrypt_ccamisc.h"
29 #include "zcrypt_ep11misc.h"
30 
31 MODULE_LICENSE("GPL");
32 MODULE_AUTHOR("IBM Corporation");
33 MODULE_DESCRIPTION("s390 protected key interface");
34 
35 #define KEYBLOBBUFSIZE 8192	/* key buffer size used for internal processing */
36 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header))
37 #define PROTKEYBLOBBUFSIZE 256	/* protected key buffer size used internal */
38 #define MAXAPQNSINLIST 64	/* max 64 apqns within a apqn list */
39 #define AES_WK_VP_SIZE 32	/* Size of WK VP block appended to a prot key */
40 
41 /*
42  * debug feature data and functions
43  */
44 
45 static debug_info_t *debug_info;
46 
47 #define DEBUG_DBG(...)	debug_sprintf_event(debug_info, 6, ##__VA_ARGS__)
48 #define DEBUG_INFO(...) debug_sprintf_event(debug_info, 5, ##__VA_ARGS__)
49 #define DEBUG_WARN(...) debug_sprintf_event(debug_info, 4, ##__VA_ARGS__)
50 #define DEBUG_ERR(...)	debug_sprintf_event(debug_info, 3, ##__VA_ARGS__)
51 
52 static void __init pkey_debug_init(void)
53 {
54 	/* 5 arguments per dbf entry (including the format string ptr) */
55 	debug_info = debug_register("pkey", 1, 1, 5 * sizeof(long));
56 	debug_register_view(debug_info, &debug_sprintf_view);
57 	debug_set_level(debug_info, 3);
58 }
59 
60 static void __exit pkey_debug_exit(void)
61 {
62 	debug_unregister(debug_info);
63 }
64 
65 /* inside view of a protected key token (only type 0x00 version 0x01) */
66 struct protaeskeytoken {
67 	u8  type;     /* 0x00 for PAES specific key tokens */
68 	u8  res0[3];
69 	u8  version;  /* should be 0x01 for protected AES key token */
70 	u8  res1[3];
71 	u32 keytype;  /* key type, one of the PKEY_KEYTYPE values */
72 	u32 len;      /* bytes actually stored in protkey[] */
73 	u8  protkey[MAXPROTKEYSIZE]; /* the protected key blob */
74 } __packed;
75 
76 /* inside view of a clear key token (type 0x00 version 0x02) */
77 struct clearkeytoken {
78 	u8  type;	/* 0x00 for PAES specific key tokens */
79 	u8  res0[3];
80 	u8  version;	/* 0x02 for clear key token */
81 	u8  res1[3];
82 	u32 keytype;	/* key type, one of the PKEY_KEYTYPE_* values */
83 	u32 len;	/* bytes actually stored in clearkey[] */
84 	u8  clearkey[]; /* clear key value */
85 } __packed;
86 
87 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */
88 static inline u32 pkey_keytype_aes_to_size(u32 keytype)
89 {
90 	switch (keytype) {
91 	case PKEY_KEYTYPE_AES_128:
92 		return 16;
93 	case PKEY_KEYTYPE_AES_192:
94 		return 24;
95 	case PKEY_KEYTYPE_AES_256:
96 		return 32;
97 	default:
98 		return 0;
99 	}
100 }
101 
102 /*
103  * Create a protected key from a clear key value via PCKMO instruction.
104  */
105 static int pkey_clr2protkey(u32 keytype, const u8 *clrkey,
106 			    u8 *protkey, u32 *protkeylen, u32 *protkeytype)
107 {
108 	/* mask of available pckmo subfunctions */
109 	static cpacf_mask_t pckmo_functions;
110 
111 	u8 paramblock[112];
112 	u32 pkeytype;
113 	int keysize;
114 	long fc;
115 
116 	switch (keytype) {
117 	case PKEY_KEYTYPE_AES_128:
118 		/* 16 byte key, 32 byte aes wkvp, total 48 bytes */
119 		keysize = 16;
120 		pkeytype = keytype;
121 		fc = CPACF_PCKMO_ENC_AES_128_KEY;
122 		break;
123 	case PKEY_KEYTYPE_AES_192:
124 		/* 24 byte key, 32 byte aes wkvp, total 56 bytes */
125 		keysize = 24;
126 		pkeytype = keytype;
127 		fc = CPACF_PCKMO_ENC_AES_192_KEY;
128 		break;
129 	case PKEY_KEYTYPE_AES_256:
130 		/* 32 byte key, 32 byte aes wkvp, total 64 bytes */
131 		keysize = 32;
132 		pkeytype = keytype;
133 		fc = CPACF_PCKMO_ENC_AES_256_KEY;
134 		break;
135 	case PKEY_KEYTYPE_ECC_P256:
136 		/* 32 byte key, 32 byte aes wkvp, total 64 bytes */
137 		keysize = 32;
138 		pkeytype = PKEY_KEYTYPE_ECC;
139 		fc = CPACF_PCKMO_ENC_ECC_P256_KEY;
140 		break;
141 	case PKEY_KEYTYPE_ECC_P384:
142 		/* 48 byte key, 32 byte aes wkvp, total 80 bytes */
143 		keysize = 48;
144 		pkeytype = PKEY_KEYTYPE_ECC;
145 		fc = CPACF_PCKMO_ENC_ECC_P384_KEY;
146 		break;
147 	case PKEY_KEYTYPE_ECC_P521:
148 		/* 80 byte key, 32 byte aes wkvp, total 112 bytes */
149 		keysize = 80;
150 		pkeytype = PKEY_KEYTYPE_ECC;
151 		fc = CPACF_PCKMO_ENC_ECC_P521_KEY;
152 		break;
153 	case PKEY_KEYTYPE_ECC_ED25519:
154 		/* 32 byte key, 32 byte aes wkvp, total 64 bytes */
155 		keysize = 32;
156 		pkeytype = PKEY_KEYTYPE_ECC;
157 		fc = CPACF_PCKMO_ENC_ECC_ED25519_KEY;
158 		break;
159 	case PKEY_KEYTYPE_ECC_ED448:
160 		/* 64 byte key, 32 byte aes wkvp, total 96 bytes */
161 		keysize = 64;
162 		pkeytype = PKEY_KEYTYPE_ECC;
163 		fc = CPACF_PCKMO_ENC_ECC_ED448_KEY;
164 		break;
165 	default:
166 		DEBUG_ERR("%s unknown/unsupported keytype %u\n",
167 			  __func__, keytype);
168 		return -EINVAL;
169 	}
170 
171 	if (*protkeylen < keysize + AES_WK_VP_SIZE) {
172 		DEBUG_ERR("%s prot key buffer size too small: %u < %d\n",
173 			  __func__, *protkeylen, keysize + AES_WK_VP_SIZE);
174 		return -EINVAL;
175 	}
176 
177 	/* Did we already check for PCKMO ? */
178 	if (!pckmo_functions.bytes[0]) {
179 		/* no, so check now */
180 		if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
181 			return -ENODEV;
182 	}
183 	/* check for the pckmo subfunction we need now */
184 	if (!cpacf_test_func(&pckmo_functions, fc)) {
185 		DEBUG_ERR("%s pckmo functions not available\n", __func__);
186 		return -ENODEV;
187 	}
188 
189 	/* prepare param block */
190 	memset(paramblock, 0, sizeof(paramblock));
191 	memcpy(paramblock, clrkey, keysize);
192 
193 	/* call the pckmo instruction */
194 	cpacf_pckmo(fc, paramblock);
195 
196 	/* copy created protected key to key buffer including the wkvp block */
197 	*protkeylen = keysize + AES_WK_VP_SIZE;
198 	memcpy(protkey, paramblock, *protkeylen);
199 	*protkeytype = pkeytype;
200 
201 	return 0;
202 }
203 
204 /*
205  * Find card and transform secure key into protected key.
206  */
207 static int pkey_skey2pkey(const u8 *key, u8 *protkey,
208 			  u32 *protkeylen, u32 *protkeytype)
209 {
210 	struct keytoken_header *hdr = (struct keytoken_header *)key;
211 	u16 cardnr, domain;
212 	int rc, verify;
213 
214 	zcrypt_wait_api_operational();
215 
216 	/*
217 	 * The cca_xxx2protkey call may fail when a card has been
218 	 * addressed where the master key was changed after last fetch
219 	 * of the mkvp into the cache. Try 3 times: First without verify
220 	 * then with verify and last round with verify and old master
221 	 * key verification pattern match not ignored.
222 	 */
223 	for (verify = 0; verify < 3; verify++) {
224 		rc = cca_findcard(key, &cardnr, &domain, verify);
225 		if (rc < 0)
226 			continue;
227 		if (rc > 0 && verify < 2)
228 			continue;
229 		switch (hdr->version) {
230 		case TOKVER_CCA_AES:
231 			rc = cca_sec2protkey(cardnr, domain, key,
232 					     protkey, protkeylen, protkeytype);
233 			break;
234 		case TOKVER_CCA_VLSC:
235 			rc = cca_cipher2protkey(cardnr, domain, key,
236 						protkey, protkeylen,
237 						protkeytype);
238 			break;
239 		default:
240 			return -EINVAL;
241 		}
242 		if (rc == 0)
243 			break;
244 	}
245 
246 	if (rc)
247 		DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
248 
249 	return rc;
250 }
251 
252 /*
253  * Construct EP11 key with given clear key value.
254  */
255 static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen,
256 			    u8 *keybuf, size_t *keybuflen)
257 {
258 	u32 nr_apqns, *apqns = NULL;
259 	u16 card, dom;
260 	int i, rc;
261 
262 	zcrypt_wait_api_operational();
263 
264 	/* build a list of apqns suitable for ep11 keys with cpacf support */
265 	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
266 			    ZCRYPT_CEX7, EP11_API_V, NULL);
267 	if (rc)
268 		goto out;
269 
270 	/* go through the list of apqns and try to bild an ep11 key */
271 	for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {
272 		card = apqns[i] >> 16;
273 		dom = apqns[i] & 0xFFFF;
274 		rc = ep11_clr2keyblob(card, dom, clrkeylen * 8,
275 				      0, clrkey, keybuf, keybuflen);
276 		if (rc == 0)
277 			break;
278 	}
279 
280 out:
281 	kfree(apqns);
282 	if (rc)
283 		DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
284 	return rc;
285 }
286 
287 /*
288  * Find card and transform EP11 secure key into protected key.
289  */
290 static int pkey_ep11key2pkey(const u8 *key, u8 *protkey,
291 			     u32 *protkeylen, u32 *protkeytype)
292 {
293 	struct ep11keyblob *kb = (struct ep11keyblob *)key;
294 	u32 nr_apqns, *apqns = NULL;
295 	u16 card, dom;
296 	int i, rc;
297 
298 	zcrypt_wait_api_operational();
299 
300 	/* build a list of apqns suitable for this key */
301 	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
302 			    ZCRYPT_CEX7, EP11_API_V, kb->wkvp);
303 	if (rc)
304 		goto out;
305 
306 	/* go through the list of apqns and try to derive an pkey */
307 	for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {
308 		card = apqns[i] >> 16;
309 		dom = apqns[i] & 0xFFFF;
310 		rc = ep11_kblob2protkey(card, dom, key, kb->head.len,
311 					protkey, protkeylen, protkeytype);
312 		if (rc == 0)
313 			break;
314 	}
315 
316 out:
317 	kfree(apqns);
318 	if (rc)
319 		DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
320 	return rc;
321 }
322 
323 /*
324  * Verify key and give back some info about the key.
325  */
326 static int pkey_verifykey(const struct pkey_seckey *seckey,
327 			  u16 *pcardnr, u16 *pdomain,
328 			  u16 *pkeysize, u32 *pattributes)
329 {
330 	struct secaeskeytoken *t = (struct secaeskeytoken *)seckey;
331 	u16 cardnr, domain;
332 	int rc;
333 
334 	/* check the secure key for valid AES secure key */
335 	rc = cca_check_secaeskeytoken(debug_info, 3, (u8 *)seckey, 0);
336 	if (rc)
337 		goto out;
338 	if (pattributes)
339 		*pattributes = PKEY_VERIFY_ATTR_AES;
340 	if (pkeysize)
341 		*pkeysize = t->bitsize;
342 
343 	/* try to find a card which can handle this key */
344 	rc = cca_findcard(seckey->seckey, &cardnr, &domain, 1);
345 	if (rc < 0)
346 		goto out;
347 
348 	if (rc > 0) {
349 		/* key mkvp matches to old master key mkvp */
350 		DEBUG_DBG("%s secure key has old mkvp\n", __func__);
351 		if (pattributes)
352 			*pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
353 		rc = 0;
354 	}
355 
356 	if (pcardnr)
357 		*pcardnr = cardnr;
358 	if (pdomain)
359 		*pdomain = domain;
360 
361 out:
362 	DEBUG_DBG("%s rc=%d\n", __func__, rc);
363 	return rc;
364 }
365 
366 /*
367  * Generate a random protected key
368  */
369 static int pkey_genprotkey(u32 keytype, u8 *protkey,
370 			   u32 *protkeylen, u32 *protkeytype)
371 {
372 	u8 clrkey[32];
373 	int keysize;
374 	int rc;
375 
376 	keysize = pkey_keytype_aes_to_size(keytype);
377 	if (!keysize) {
378 		DEBUG_ERR("%s unknown/unsupported keytype %d\n", __func__,
379 			  keytype);
380 		return -EINVAL;
381 	}
382 
383 	/* generate a dummy random clear key */
384 	get_random_bytes(clrkey, keysize);
385 
386 	/* convert it to a dummy protected key */
387 	rc = pkey_clr2protkey(keytype, clrkey,
388 			      protkey, protkeylen, protkeytype);
389 	if (rc)
390 		return rc;
391 
392 	/* replace the key part of the protected key with random bytes */
393 	get_random_bytes(protkey, keysize);
394 
395 	return 0;
396 }
397 
398 /*
399  * Verify if a protected key is still valid
400  */
401 static int pkey_verifyprotkey(const u8 *protkey, u32 protkeylen,
402 			      u32 protkeytype)
403 {
404 	struct {
405 		u8 iv[AES_BLOCK_SIZE];
406 		u8 key[MAXPROTKEYSIZE];
407 	} param;
408 	u8 null_msg[AES_BLOCK_SIZE];
409 	u8 dest_buf[AES_BLOCK_SIZE];
410 	unsigned int k, pkeylen;
411 	unsigned long fc;
412 
413 	switch (protkeytype) {
414 	case PKEY_KEYTYPE_AES_128:
415 		pkeylen = 16 + AES_WK_VP_SIZE;
416 		fc = CPACF_KMC_PAES_128;
417 		break;
418 	case PKEY_KEYTYPE_AES_192:
419 		pkeylen = 24 + AES_WK_VP_SIZE;
420 		fc = CPACF_KMC_PAES_192;
421 		break;
422 	case PKEY_KEYTYPE_AES_256:
423 		pkeylen = 32 + AES_WK_VP_SIZE;
424 		fc = CPACF_KMC_PAES_256;
425 		break;
426 	default:
427 		DEBUG_ERR("%s unknown/unsupported keytype %u\n", __func__,
428 			  protkeytype);
429 		return -EINVAL;
430 	}
431 	if (protkeylen != pkeylen) {
432 		DEBUG_ERR("%s invalid protected key size %u for keytype %u\n",
433 			  __func__, protkeylen, protkeytype);
434 		return -EINVAL;
435 	}
436 
437 	memset(null_msg, 0, sizeof(null_msg));
438 
439 	memset(param.iv, 0, sizeof(param.iv));
440 	memcpy(param.key, protkey, protkeylen);
441 
442 	k = cpacf_kmc(fc | CPACF_ENCRYPT, &param, null_msg, dest_buf,
443 		      sizeof(null_msg));
444 	if (k != sizeof(null_msg)) {
445 		DEBUG_ERR("%s protected key is not valid\n", __func__);
446 		return -EKEYREJECTED;
447 	}
448 
449 	return 0;
450 }
451 
452 /* Helper for pkey_nonccatok2pkey, handles aes clear key token */
453 static int nonccatokaes2pkey(const struct clearkeytoken *t,
454 			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)
455 {
456 	size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE);
457 	u8 *tmpbuf = NULL;
458 	u32 keysize;
459 	int rc;
460 
461 	keysize = pkey_keytype_aes_to_size(t->keytype);
462 	if (!keysize) {
463 		DEBUG_ERR("%s unknown/unsupported keytype %u\n",
464 			  __func__, t->keytype);
465 		return -EINVAL;
466 	}
467 	if (t->len != keysize) {
468 		DEBUG_ERR("%s non clear key aes token: invalid key len %u\n",
469 			  __func__, t->len);
470 		return -EINVAL;
471 	}
472 
473 	/* try direct way with the PCKMO instruction */
474 	rc = pkey_clr2protkey(t->keytype, t->clearkey,
475 			      protkey, protkeylen, protkeytype);
476 	if (!rc)
477 		goto out;
478 
479 	/* PCKMO failed, so try the CCA secure key way */
480 	tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC);
481 	if (!tmpbuf)
482 		return -ENOMEM;
483 	zcrypt_wait_api_operational();
484 	rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype, t->clearkey, tmpbuf);
485 	if (rc)
486 		goto try_via_ep11;
487 	rc = pkey_skey2pkey(tmpbuf,
488 			    protkey, protkeylen, protkeytype);
489 	if (!rc)
490 		goto out;
491 
492 try_via_ep11:
493 	/* if the CCA way also failed, let's try via EP11 */
494 	rc = pkey_clr2ep11key(t->clearkey, t->len,
495 			      tmpbuf, &tmpbuflen);
496 	if (rc)
497 		goto failure;
498 	rc = pkey_ep11key2pkey(tmpbuf,
499 			       protkey, protkeylen, protkeytype);
500 	if (!rc)
501 		goto out;
502 
503 failure:
504 	DEBUG_ERR("%s unable to build protected key from clear", __func__);
505 
506 out:
507 	kfree(tmpbuf);
508 	return rc;
509 }
510 
511 /* Helper for pkey_nonccatok2pkey, handles ecc clear key token */
512 static int nonccatokecc2pkey(const struct clearkeytoken *t,
513 			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)
514 {
515 	u32 keylen;
516 	int rc;
517 
518 	switch (t->keytype) {
519 	case PKEY_KEYTYPE_ECC_P256:
520 		keylen = 32;
521 		break;
522 	case PKEY_KEYTYPE_ECC_P384:
523 		keylen = 48;
524 		break;
525 	case PKEY_KEYTYPE_ECC_P521:
526 		keylen = 80;
527 		break;
528 	case PKEY_KEYTYPE_ECC_ED25519:
529 		keylen = 32;
530 		break;
531 	case PKEY_KEYTYPE_ECC_ED448:
532 		keylen = 64;
533 		break;
534 	default:
535 		DEBUG_ERR("%s unknown/unsupported keytype %u\n",
536 			  __func__, t->keytype);
537 		return -EINVAL;
538 	}
539 
540 	if (t->len != keylen) {
541 		DEBUG_ERR("%s non clear key ecc token: invalid key len %u\n",
542 			  __func__, t->len);
543 		return -EINVAL;
544 	}
545 
546 	/* only one path possible: via PCKMO instruction */
547 	rc = pkey_clr2protkey(t->keytype, t->clearkey,
548 			      protkey, protkeylen, protkeytype);
549 	if (rc) {
550 		DEBUG_ERR("%s unable to build protected key from clear",
551 			  __func__);
552 	}
553 
554 	return rc;
555 }
556 
557 /*
558  * Transform a non-CCA key token into a protected key
559  */
560 static int pkey_nonccatok2pkey(const u8 *key, u32 keylen,
561 			       u8 *protkey, u32 *protkeylen, u32 *protkeytype)
562 {
563 	struct keytoken_header *hdr = (struct keytoken_header *)key;
564 	int rc = -EINVAL;
565 
566 	switch (hdr->version) {
567 	case TOKVER_PROTECTED_KEY: {
568 		struct protaeskeytoken *t;
569 
570 		if (keylen != sizeof(struct protaeskeytoken))
571 			goto out;
572 		t = (struct protaeskeytoken *)key;
573 		rc = pkey_verifyprotkey(t->protkey, t->len, t->keytype);
574 		if (rc)
575 			goto out;
576 		memcpy(protkey, t->protkey, t->len);
577 		*protkeylen = t->len;
578 		*protkeytype = t->keytype;
579 		break;
580 	}
581 	case TOKVER_CLEAR_KEY: {
582 		struct clearkeytoken *t = (struct clearkeytoken *)key;
583 
584 		if (keylen < sizeof(struct clearkeytoken) ||
585 		    keylen != sizeof(*t) + t->len)
586 			goto out;
587 		switch (t->keytype) {
588 		case PKEY_KEYTYPE_AES_128:
589 		case PKEY_KEYTYPE_AES_192:
590 		case PKEY_KEYTYPE_AES_256:
591 			rc = nonccatokaes2pkey(t, protkey,
592 					       protkeylen, protkeytype);
593 			break;
594 		case PKEY_KEYTYPE_ECC_P256:
595 		case PKEY_KEYTYPE_ECC_P384:
596 		case PKEY_KEYTYPE_ECC_P521:
597 		case PKEY_KEYTYPE_ECC_ED25519:
598 		case PKEY_KEYTYPE_ECC_ED448:
599 			rc = nonccatokecc2pkey(t, protkey,
600 					       protkeylen, protkeytype);
601 			break;
602 		default:
603 			DEBUG_ERR("%s unknown/unsupported non cca clear key type %u\n",
604 				  __func__, t->keytype);
605 			return -EINVAL;
606 		}
607 		break;
608 	}
609 	case TOKVER_EP11_AES: {
610 		/* check ep11 key for exportable as protected key */
611 		rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
612 		if (rc)
613 			goto out;
614 		rc = pkey_ep11key2pkey(key,
615 				       protkey, protkeylen, protkeytype);
616 		break;
617 	}
618 	case TOKVER_EP11_AES_WITH_HEADER:
619 		/* check ep11 key with header for exportable as protected key */
620 		rc = ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1);
621 		if (rc)
622 			goto out;
623 		rc = pkey_ep11key2pkey(key + sizeof(struct ep11kblob_header),
624 				       protkey, protkeylen, protkeytype);
625 		break;
626 	default:
627 		DEBUG_ERR("%s unknown/unsupported non-CCA token version %d\n",
628 			  __func__, hdr->version);
629 	}
630 
631 out:
632 	return rc;
633 }
634 
635 /*
636  * Transform a CCA internal key token into a protected key
637  */
638 static int pkey_ccainttok2pkey(const u8 *key, u32 keylen,
639 			       u8 *protkey, u32 *protkeylen, u32 *protkeytype)
640 {
641 	struct keytoken_header *hdr = (struct keytoken_header *)key;
642 
643 	switch (hdr->version) {
644 	case TOKVER_CCA_AES:
645 		if (keylen != sizeof(struct secaeskeytoken))
646 			return -EINVAL;
647 		break;
648 	case TOKVER_CCA_VLSC:
649 		if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
650 			return -EINVAL;
651 		break;
652 	default:
653 		DEBUG_ERR("%s unknown/unsupported CCA internal token version %d\n",
654 			  __func__, hdr->version);
655 		return -EINVAL;
656 	}
657 
658 	return pkey_skey2pkey(key, protkey, protkeylen, protkeytype);
659 }
660 
661 /*
662  * Transform a key blob (of any type) into a protected key
663  */
664 int pkey_keyblob2pkey(const u8 *key, u32 keylen,
665 		      u8 *protkey, u32 *protkeylen, u32 *protkeytype)
666 {
667 	struct keytoken_header *hdr = (struct keytoken_header *)key;
668 	int rc;
669 
670 	if (keylen < sizeof(struct keytoken_header)) {
671 		DEBUG_ERR("%s invalid keylen %d\n", __func__, keylen);
672 		return -EINVAL;
673 	}
674 
675 	switch (hdr->type) {
676 	case TOKTYPE_NON_CCA:
677 		rc = pkey_nonccatok2pkey(key, keylen,
678 					 protkey, protkeylen, protkeytype);
679 		break;
680 	case TOKTYPE_CCA_INTERNAL:
681 		rc = pkey_ccainttok2pkey(key, keylen,
682 					 protkey, protkeylen, protkeytype);
683 		break;
684 	default:
685 		DEBUG_ERR("%s unknown/unsupported blob type %d\n",
686 			  __func__, hdr->type);
687 		return -EINVAL;
688 	}
689 
690 	DEBUG_DBG("%s rc=%d\n", __func__, rc);
691 	return rc;
692 }
693 EXPORT_SYMBOL(pkey_keyblob2pkey);
694 
695 static int pkey_genseckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
696 			   enum pkey_key_type ktype, enum pkey_key_size ksize,
697 			   u32 kflags, u8 *keybuf, size_t *keybufsize)
698 {
699 	int i, card, dom, rc;
700 
701 	/* check for at least one apqn given */
702 	if (!apqns || !nr_apqns)
703 		return -EINVAL;
704 
705 	/* check key type and size */
706 	switch (ktype) {
707 	case PKEY_TYPE_CCA_DATA:
708 	case PKEY_TYPE_CCA_CIPHER:
709 		if (*keybufsize < SECKEYBLOBSIZE)
710 			return -EINVAL;
711 		break;
712 	case PKEY_TYPE_EP11:
713 		if (*keybufsize < MINEP11AESKEYBLOBSIZE)
714 			return -EINVAL;
715 		break;
716 	default:
717 		return -EINVAL;
718 	}
719 	switch (ksize) {
720 	case PKEY_SIZE_AES_128:
721 	case PKEY_SIZE_AES_192:
722 	case PKEY_SIZE_AES_256:
723 		break;
724 	default:
725 		return -EINVAL;
726 	}
727 
728 	/* simple try all apqns from the list */
729 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
730 		card = apqns[i].card;
731 		dom = apqns[i].domain;
732 		if (ktype == PKEY_TYPE_EP11) {
733 			rc = ep11_genaeskey(card, dom, ksize, kflags,
734 					    keybuf, keybufsize);
735 		} else if (ktype == PKEY_TYPE_CCA_DATA) {
736 			rc = cca_genseckey(card, dom, ksize, keybuf);
737 			*keybufsize = (rc ? 0 : SECKEYBLOBSIZE);
738 		} else {
739 			/* TOKVER_CCA_VLSC */
740 			rc = cca_gencipherkey(card, dom, ksize, kflags,
741 					      keybuf, keybufsize);
742 		}
743 		if (rc == 0)
744 			break;
745 	}
746 
747 	return rc;
748 }
749 
750 static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
751 			    enum pkey_key_type ktype, enum pkey_key_size ksize,
752 			    u32 kflags, const u8 *clrkey,
753 			    u8 *keybuf, size_t *keybufsize)
754 {
755 	int i, card, dom, rc;
756 
757 	/* check for at least one apqn given */
758 	if (!apqns || !nr_apqns)
759 		return -EINVAL;
760 
761 	/* check key type and size */
762 	switch (ktype) {
763 	case PKEY_TYPE_CCA_DATA:
764 	case PKEY_TYPE_CCA_CIPHER:
765 		if (*keybufsize < SECKEYBLOBSIZE)
766 			return -EINVAL;
767 		break;
768 	case PKEY_TYPE_EP11:
769 		if (*keybufsize < MINEP11AESKEYBLOBSIZE)
770 			return -EINVAL;
771 		break;
772 	default:
773 		return -EINVAL;
774 	}
775 	switch (ksize) {
776 	case PKEY_SIZE_AES_128:
777 	case PKEY_SIZE_AES_192:
778 	case PKEY_SIZE_AES_256:
779 		break;
780 	default:
781 		return -EINVAL;
782 	}
783 
784 	zcrypt_wait_api_operational();
785 
786 	/* simple try all apqns from the list */
787 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
788 		card = apqns[i].card;
789 		dom = apqns[i].domain;
790 		if (ktype == PKEY_TYPE_EP11) {
791 			rc = ep11_clr2keyblob(card, dom, ksize, kflags,
792 					      clrkey, keybuf, keybufsize);
793 		} else if (ktype == PKEY_TYPE_CCA_DATA) {
794 			rc = cca_clr2seckey(card, dom, ksize,
795 					    clrkey, keybuf);
796 			*keybufsize = (rc ? 0 : SECKEYBLOBSIZE);
797 		} else {
798 			/* TOKVER_CCA_VLSC */
799 			rc = cca_clr2cipherkey(card, dom, ksize, kflags,
800 					       clrkey, keybuf, keybufsize);
801 		}
802 		if (rc == 0)
803 			break;
804 	}
805 
806 	return rc;
807 }
808 
809 static int pkey_verifykey2(const u8 *key, size_t keylen,
810 			   u16 *cardnr, u16 *domain,
811 			   enum pkey_key_type *ktype,
812 			   enum pkey_key_size *ksize, u32 *flags)
813 {
814 	struct keytoken_header *hdr = (struct keytoken_header *)key;
815 	u32 _nr_apqns, *_apqns = NULL;
816 	int rc;
817 
818 	if (keylen < sizeof(struct keytoken_header))
819 		return -EINVAL;
820 
821 	if (hdr->type == TOKTYPE_CCA_INTERNAL &&
822 	    hdr->version == TOKVER_CCA_AES) {
823 		struct secaeskeytoken *t = (struct secaeskeytoken *)key;
824 
825 		rc = cca_check_secaeskeytoken(debug_info, 3, key, 0);
826 		if (rc)
827 			goto out;
828 		if (ktype)
829 			*ktype = PKEY_TYPE_CCA_DATA;
830 		if (ksize)
831 			*ksize = (enum pkey_key_size)t->bitsize;
832 
833 		rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
834 				   ZCRYPT_CEX3C, AES_MK_SET, t->mkvp, 0, 1);
835 		if (rc == 0 && flags)
836 			*flags = PKEY_FLAGS_MATCH_CUR_MKVP;
837 		if (rc == -ENODEV) {
838 			rc = cca_findcard2(&_apqns, &_nr_apqns,
839 					   *cardnr, *domain,
840 					   ZCRYPT_CEX3C, AES_MK_SET,
841 					   0, t->mkvp, 1);
842 			if (rc == 0 && flags)
843 				*flags = PKEY_FLAGS_MATCH_ALT_MKVP;
844 		}
845 		if (rc)
846 			goto out;
847 
848 		*cardnr = ((struct pkey_apqn *)_apqns)->card;
849 		*domain = ((struct pkey_apqn *)_apqns)->domain;
850 
851 	} else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
852 		   hdr->version == TOKVER_CCA_VLSC) {
853 		struct cipherkeytoken *t = (struct cipherkeytoken *)key;
854 
855 		rc = cca_check_secaescipherkey(debug_info, 3, key, 0, 1);
856 		if (rc)
857 			goto out;
858 		if (ktype)
859 			*ktype = PKEY_TYPE_CCA_CIPHER;
860 		if (ksize) {
861 			*ksize = PKEY_SIZE_UNKNOWN;
862 			if (!t->plfver && t->wpllen == 512)
863 				*ksize = PKEY_SIZE_AES_128;
864 			else if (!t->plfver && t->wpllen == 576)
865 				*ksize = PKEY_SIZE_AES_192;
866 			else if (!t->plfver && t->wpllen == 640)
867 				*ksize = PKEY_SIZE_AES_256;
868 		}
869 
870 		rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
871 				   ZCRYPT_CEX6, AES_MK_SET, t->mkvp0, 0, 1);
872 		if (rc == 0 && flags)
873 			*flags = PKEY_FLAGS_MATCH_CUR_MKVP;
874 		if (rc == -ENODEV) {
875 			rc = cca_findcard2(&_apqns, &_nr_apqns,
876 					   *cardnr, *domain,
877 					   ZCRYPT_CEX6, AES_MK_SET,
878 					   0, t->mkvp0, 1);
879 			if (rc == 0 && flags)
880 				*flags = PKEY_FLAGS_MATCH_ALT_MKVP;
881 		}
882 		if (rc)
883 			goto out;
884 
885 		*cardnr = ((struct pkey_apqn *)_apqns)->card;
886 		*domain = ((struct pkey_apqn *)_apqns)->domain;
887 
888 	} else if (hdr->type == TOKTYPE_NON_CCA &&
889 		   hdr->version == TOKVER_EP11_AES) {
890 		struct ep11keyblob *kb = (struct ep11keyblob *)key;
891 
892 		rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
893 		if (rc)
894 			goto out;
895 		if (ktype)
896 			*ktype = PKEY_TYPE_EP11;
897 		if (ksize)
898 			*ksize = kb->head.keybitlen;
899 
900 		rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
901 				    ZCRYPT_CEX7, EP11_API_V, kb->wkvp);
902 		if (rc)
903 			goto out;
904 
905 		if (flags)
906 			*flags = PKEY_FLAGS_MATCH_CUR_MKVP;
907 
908 		*cardnr = ((struct pkey_apqn *)_apqns)->card;
909 		*domain = ((struct pkey_apqn *)_apqns)->domain;
910 
911 	} else {
912 		rc = -EINVAL;
913 	}
914 
915 out:
916 	kfree(_apqns);
917 	return rc;
918 }
919 
920 static int pkey_keyblob2pkey2(const struct pkey_apqn *apqns, size_t nr_apqns,
921 			      const u8 *key, size_t keylen,
922 			      u8 *protkey, u32 *protkeylen, u32 *protkeytype)
923 {
924 	struct keytoken_header *hdr = (struct keytoken_header *)key;
925 	int i, card, dom, rc;
926 
927 	/* check for at least one apqn given */
928 	if (!apqns || !nr_apqns)
929 		return -EINVAL;
930 
931 	if (keylen < sizeof(struct keytoken_header))
932 		return -EINVAL;
933 
934 	if (hdr->type == TOKTYPE_CCA_INTERNAL) {
935 		if (hdr->version == TOKVER_CCA_AES) {
936 			if (keylen != sizeof(struct secaeskeytoken))
937 				return -EINVAL;
938 			if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
939 				return -EINVAL;
940 		} else if (hdr->version == TOKVER_CCA_VLSC) {
941 			if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
942 				return -EINVAL;
943 			if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
944 				return -EINVAL;
945 		} else {
946 			DEBUG_ERR("%s unknown CCA internal token version %d\n",
947 				  __func__, hdr->version);
948 			return -EINVAL;
949 		}
950 	} else if (hdr->type == TOKTYPE_NON_CCA) {
951 		if (hdr->version == TOKVER_EP11_AES) {
952 			if (keylen < sizeof(struct ep11keyblob))
953 				return -EINVAL;
954 			if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
955 				return -EINVAL;
956 		} else {
957 			return pkey_nonccatok2pkey(key, keylen,
958 						   protkey, protkeylen,
959 						   protkeytype);
960 		}
961 	} else {
962 		DEBUG_ERR("%s unknown/unsupported blob type %d\n",
963 			  __func__, hdr->type);
964 		return -EINVAL;
965 	}
966 
967 	zcrypt_wait_api_operational();
968 
969 	/* simple try all apqns from the list */
970 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
971 		card = apqns[i].card;
972 		dom = apqns[i].domain;
973 		if (hdr->type == TOKTYPE_CCA_INTERNAL &&
974 		    hdr->version == TOKVER_CCA_AES) {
975 			rc = cca_sec2protkey(card, dom, key,
976 					     protkey, protkeylen, protkeytype);
977 		} else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
978 			   hdr->version == TOKVER_CCA_VLSC) {
979 			rc = cca_cipher2protkey(card, dom, key,
980 						protkey, protkeylen,
981 						protkeytype);
982 		} else {
983 			/* EP11 AES secure key blob */
984 			struct ep11keyblob *kb = (struct ep11keyblob *)key;
985 
986 			rc = ep11_kblob2protkey(card, dom, key, kb->head.len,
987 						protkey, protkeylen,
988 						protkeytype);
989 		}
990 		if (rc == 0)
991 			break;
992 	}
993 
994 	return rc;
995 }
996 
997 static int pkey_apqns4key(const u8 *key, size_t keylen, u32 flags,
998 			  struct pkey_apqn *apqns, size_t *nr_apqns)
999 {
1000 	struct keytoken_header *hdr = (struct keytoken_header *)key;
1001 	u32 _nr_apqns, *_apqns = NULL;
1002 	int rc;
1003 
1004 	if (keylen < sizeof(struct keytoken_header) || flags == 0)
1005 		return -EINVAL;
1006 
1007 	zcrypt_wait_api_operational();
1008 
1009 	if (hdr->type == TOKTYPE_NON_CCA &&
1010 	    (hdr->version == TOKVER_EP11_AES_WITH_HEADER ||
1011 	     hdr->version == TOKVER_EP11_ECC_WITH_HEADER) &&
1012 	    is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1013 		struct ep11keyblob *kb = (struct ep11keyblob *)
1014 			(key + sizeof(struct ep11kblob_header));
1015 		int minhwtype = 0, api = 0;
1016 
1017 		if (flags != PKEY_FLAGS_MATCH_CUR_MKVP)
1018 			return -EINVAL;
1019 		if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) {
1020 			minhwtype = ZCRYPT_CEX7;
1021 			api = EP11_API_V;
1022 		}
1023 		rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1024 				    minhwtype, api, kb->wkvp);
1025 		if (rc)
1026 			goto out;
1027 	} else if (hdr->type == TOKTYPE_NON_CCA &&
1028 		   hdr->version == TOKVER_EP11_AES &&
1029 		   is_ep11_keyblob(key)) {
1030 		struct ep11keyblob *kb = (struct ep11keyblob *)key;
1031 		int minhwtype = 0, api = 0;
1032 
1033 		if (flags != PKEY_FLAGS_MATCH_CUR_MKVP)
1034 			return -EINVAL;
1035 		if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) {
1036 			minhwtype = ZCRYPT_CEX7;
1037 			api = EP11_API_V;
1038 		}
1039 		rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1040 				    minhwtype, api, kb->wkvp);
1041 		if (rc)
1042 			goto out;
1043 	} else if (hdr->type == TOKTYPE_CCA_INTERNAL) {
1044 		u64 cur_mkvp = 0, old_mkvp = 0;
1045 		int minhwtype = ZCRYPT_CEX3C;
1046 
1047 		if (hdr->version == TOKVER_CCA_AES) {
1048 			struct secaeskeytoken *t = (struct secaeskeytoken *)key;
1049 
1050 			if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1051 				cur_mkvp = t->mkvp;
1052 			if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1053 				old_mkvp = t->mkvp;
1054 		} else if (hdr->version == TOKVER_CCA_VLSC) {
1055 			struct cipherkeytoken *t = (struct cipherkeytoken *)key;
1056 
1057 			minhwtype = ZCRYPT_CEX6;
1058 			if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1059 				cur_mkvp = t->mkvp0;
1060 			if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1061 				old_mkvp = t->mkvp0;
1062 		} else {
1063 			/* unknown cca internal token type */
1064 			return -EINVAL;
1065 		}
1066 		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1067 				   minhwtype, AES_MK_SET,
1068 				   cur_mkvp, old_mkvp, 1);
1069 		if (rc)
1070 			goto out;
1071 	} else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) {
1072 		struct eccprivkeytoken *t = (struct eccprivkeytoken *)key;
1073 		u64 cur_mkvp = 0, old_mkvp = 0;
1074 
1075 		if (t->secid == 0x20) {
1076 			if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1077 				cur_mkvp = t->mkvp;
1078 			if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1079 				old_mkvp = t->mkvp;
1080 		} else {
1081 			/* unknown cca internal 2 token type */
1082 			return -EINVAL;
1083 		}
1084 		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1085 				   ZCRYPT_CEX7, APKA_MK_SET,
1086 				   cur_mkvp, old_mkvp, 1);
1087 		if (rc)
1088 			goto out;
1089 	} else {
1090 		return -EINVAL;
1091 	}
1092 
1093 	if (apqns) {
1094 		if (*nr_apqns < _nr_apqns)
1095 			rc = -ENOSPC;
1096 		else
1097 			memcpy(apqns, _apqns, _nr_apqns * sizeof(u32));
1098 	}
1099 	*nr_apqns = _nr_apqns;
1100 
1101 out:
1102 	kfree(_apqns);
1103 	return rc;
1104 }
1105 
1106 static int pkey_apqns4keytype(enum pkey_key_type ktype,
1107 			      u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
1108 			      struct pkey_apqn *apqns, size_t *nr_apqns)
1109 {
1110 	u32 _nr_apqns, *_apqns = NULL;
1111 	int rc;
1112 
1113 	zcrypt_wait_api_operational();
1114 
1115 	if (ktype == PKEY_TYPE_CCA_DATA || ktype == PKEY_TYPE_CCA_CIPHER) {
1116 		u64 cur_mkvp = 0, old_mkvp = 0;
1117 		int minhwtype = ZCRYPT_CEX3C;
1118 
1119 		if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1120 			cur_mkvp = *((u64 *)cur_mkvp);
1121 		if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1122 			old_mkvp = *((u64 *)alt_mkvp);
1123 		if (ktype == PKEY_TYPE_CCA_CIPHER)
1124 			minhwtype = ZCRYPT_CEX6;
1125 		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1126 				   minhwtype, AES_MK_SET,
1127 				   cur_mkvp, old_mkvp, 1);
1128 		if (rc)
1129 			goto out;
1130 	} else if (ktype == PKEY_TYPE_CCA_ECC) {
1131 		u64 cur_mkvp = 0, old_mkvp = 0;
1132 
1133 		if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1134 			cur_mkvp = *((u64 *)cur_mkvp);
1135 		if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1136 			old_mkvp = *((u64 *)alt_mkvp);
1137 		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1138 				   ZCRYPT_CEX7, APKA_MK_SET,
1139 				   cur_mkvp, old_mkvp, 1);
1140 		if (rc)
1141 			goto out;
1142 
1143 	} else if (ktype == PKEY_TYPE_EP11 ||
1144 		   ktype == PKEY_TYPE_EP11_AES ||
1145 		   ktype == PKEY_TYPE_EP11_ECC) {
1146 		u8 *wkvp = NULL;
1147 
1148 		if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1149 			wkvp = cur_mkvp;
1150 		rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1151 				    ZCRYPT_CEX7, EP11_API_V, wkvp);
1152 		if (rc)
1153 			goto out;
1154 
1155 	} else {
1156 		return -EINVAL;
1157 	}
1158 
1159 	if (apqns) {
1160 		if (*nr_apqns < _nr_apqns)
1161 			rc = -ENOSPC;
1162 		else
1163 			memcpy(apqns, _apqns, _nr_apqns * sizeof(u32));
1164 	}
1165 	*nr_apqns = _nr_apqns;
1166 
1167 out:
1168 	kfree(_apqns);
1169 	return rc;
1170 }
1171 
1172 static int pkey_keyblob2pkey3(const struct pkey_apqn *apqns, size_t nr_apqns,
1173 			      const u8 *key, size_t keylen,
1174 			      u8 *protkey, u32 *protkeylen, u32 *protkeytype)
1175 {
1176 	struct keytoken_header *hdr = (struct keytoken_header *)key;
1177 	int i, card, dom, rc;
1178 
1179 	/* check for at least one apqn given */
1180 	if (!apqns || !nr_apqns)
1181 		return -EINVAL;
1182 
1183 	if (keylen < sizeof(struct keytoken_header))
1184 		return -EINVAL;
1185 
1186 	if (hdr->type == TOKTYPE_NON_CCA &&
1187 	    hdr->version == TOKVER_EP11_AES_WITH_HEADER &&
1188 	    is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1189 		/* EP11 AES key blob with header */
1190 		if (ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1))
1191 			return -EINVAL;
1192 	} else if (hdr->type == TOKTYPE_NON_CCA &&
1193 		   hdr->version == TOKVER_EP11_ECC_WITH_HEADER &&
1194 		   is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1195 		/* EP11 ECC key blob with header */
1196 		if (ep11_check_ecc_key_with_hdr(debug_info, 3, key, keylen, 1))
1197 			return -EINVAL;
1198 	} else if (hdr->type == TOKTYPE_NON_CCA &&
1199 		   hdr->version == TOKVER_EP11_AES &&
1200 		   is_ep11_keyblob(key)) {
1201 		/* EP11 AES key blob with header in session field */
1202 		if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
1203 			return -EINVAL;
1204 	} else	if (hdr->type == TOKTYPE_CCA_INTERNAL) {
1205 		if (hdr->version == TOKVER_CCA_AES) {
1206 			/* CCA AES data key */
1207 			if (keylen != sizeof(struct secaeskeytoken))
1208 				return -EINVAL;
1209 			if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
1210 				return -EINVAL;
1211 		} else if (hdr->version == TOKVER_CCA_VLSC) {
1212 			/* CCA AES cipher key */
1213 			if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
1214 				return -EINVAL;
1215 			if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
1216 				return -EINVAL;
1217 		} else {
1218 			DEBUG_ERR("%s unknown CCA internal token version %d\n",
1219 				  __func__, hdr->version);
1220 			return -EINVAL;
1221 		}
1222 	} else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) {
1223 		/* CCA ECC (private) key */
1224 		if (keylen < sizeof(struct eccprivkeytoken))
1225 			return -EINVAL;
1226 		if (cca_check_sececckeytoken(debug_info, 3, key, keylen, 1))
1227 			return -EINVAL;
1228 	} else if (hdr->type == TOKTYPE_NON_CCA) {
1229 		return pkey_nonccatok2pkey(key, keylen,
1230 					   protkey, protkeylen, protkeytype);
1231 	} else {
1232 		DEBUG_ERR("%s unknown/unsupported blob type %d\n",
1233 			  __func__, hdr->type);
1234 		return -EINVAL;
1235 	}
1236 
1237 	/* simple try all apqns from the list */
1238 	for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) {
1239 		card = apqns[i].card;
1240 		dom = apqns[i].domain;
1241 		if (hdr->type == TOKTYPE_NON_CCA &&
1242 		    (hdr->version == TOKVER_EP11_AES_WITH_HEADER ||
1243 		     hdr->version == TOKVER_EP11_ECC_WITH_HEADER) &&
1244 		    is_ep11_keyblob(key + sizeof(struct ep11kblob_header)))
1245 			rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1246 						protkey, protkeylen, protkeytype);
1247 		else if (hdr->type == TOKTYPE_NON_CCA &&
1248 			 hdr->version == TOKVER_EP11_AES &&
1249 			 is_ep11_keyblob(key))
1250 			rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1251 						protkey, protkeylen, protkeytype);
1252 		else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1253 			 hdr->version == TOKVER_CCA_AES)
1254 			rc = cca_sec2protkey(card, dom, key, protkey,
1255 					     protkeylen, protkeytype);
1256 		else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1257 			 hdr->version == TOKVER_CCA_VLSC)
1258 			rc = cca_cipher2protkey(card, dom, key, protkey,
1259 						protkeylen, protkeytype);
1260 		else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA)
1261 			rc = cca_ecc2protkey(card, dom, key, protkey,
1262 					     protkeylen, protkeytype);
1263 		else
1264 			return -EINVAL;
1265 	}
1266 
1267 	return rc;
1268 }
1269 
1270 /*
1271  * File io functions
1272  */
1273 
1274 static void *_copy_key_from_user(void __user *ukey, size_t keylen)
1275 {
1276 	if (!ukey || keylen < MINKEYBLOBBUFSIZE || keylen > KEYBLOBBUFSIZE)
1277 		return ERR_PTR(-EINVAL);
1278 
1279 	return memdup_user(ukey, keylen);
1280 }
1281 
1282 static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns)
1283 {
1284 	if (!uapqns || nr_apqns == 0)
1285 		return NULL;
1286 
1287 	return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
1288 }
1289 
1290 static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
1291 				unsigned long arg)
1292 {
1293 	int rc;
1294 
1295 	switch (cmd) {
1296 	case PKEY_GENSECK: {
1297 		struct pkey_genseck __user *ugs = (void __user *)arg;
1298 		struct pkey_genseck kgs;
1299 
1300 		if (copy_from_user(&kgs, ugs, sizeof(kgs)))
1301 			return -EFAULT;
1302 		rc = cca_genseckey(kgs.cardnr, kgs.domain,
1303 				   kgs.keytype, kgs.seckey.seckey);
1304 		DEBUG_DBG("%s cca_genseckey()=%d\n", __func__, rc);
1305 		if (rc)
1306 			break;
1307 		if (copy_to_user(ugs, &kgs, sizeof(kgs)))
1308 			return -EFAULT;
1309 		break;
1310 	}
1311 	case PKEY_CLR2SECK: {
1312 		struct pkey_clr2seck __user *ucs = (void __user *)arg;
1313 		struct pkey_clr2seck kcs;
1314 
1315 		if (copy_from_user(&kcs, ucs, sizeof(kcs)))
1316 			return -EFAULT;
1317 		rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype,
1318 				    kcs.clrkey.clrkey, kcs.seckey.seckey);
1319 		DEBUG_DBG("%s cca_clr2seckey()=%d\n", __func__, rc);
1320 		if (rc)
1321 			break;
1322 		if (copy_to_user(ucs, &kcs, sizeof(kcs)))
1323 			return -EFAULT;
1324 		memzero_explicit(&kcs, sizeof(kcs));
1325 		break;
1326 	}
1327 	case PKEY_SEC2PROTK: {
1328 		struct pkey_sec2protk __user *usp = (void __user *)arg;
1329 		struct pkey_sec2protk ksp;
1330 
1331 		if (copy_from_user(&ksp, usp, sizeof(ksp)))
1332 			return -EFAULT;
1333 		ksp.protkey.len = sizeof(ksp.protkey.protkey);
1334 		rc = cca_sec2protkey(ksp.cardnr, ksp.domain,
1335 				     ksp.seckey.seckey, ksp.protkey.protkey,
1336 				     &ksp.protkey.len, &ksp.protkey.type);
1337 		DEBUG_DBG("%s cca_sec2protkey()=%d\n", __func__, rc);
1338 		if (rc)
1339 			break;
1340 		if (copy_to_user(usp, &ksp, sizeof(ksp)))
1341 			return -EFAULT;
1342 		break;
1343 	}
1344 	case PKEY_CLR2PROTK: {
1345 		struct pkey_clr2protk __user *ucp = (void __user *)arg;
1346 		struct pkey_clr2protk kcp;
1347 
1348 		if (copy_from_user(&kcp, ucp, sizeof(kcp)))
1349 			return -EFAULT;
1350 		kcp.protkey.len = sizeof(kcp.protkey.protkey);
1351 		rc = pkey_clr2protkey(kcp.keytype, kcp.clrkey.clrkey,
1352 				      kcp.protkey.protkey,
1353 				      &kcp.protkey.len, &kcp.protkey.type);
1354 		DEBUG_DBG("%s pkey_clr2protkey()=%d\n", __func__, rc);
1355 		if (rc)
1356 			break;
1357 		if (copy_to_user(ucp, &kcp, sizeof(kcp)))
1358 			return -EFAULT;
1359 		memzero_explicit(&kcp, sizeof(kcp));
1360 		break;
1361 	}
1362 	case PKEY_FINDCARD: {
1363 		struct pkey_findcard __user *ufc = (void __user *)arg;
1364 		struct pkey_findcard kfc;
1365 
1366 		if (copy_from_user(&kfc, ufc, sizeof(kfc)))
1367 			return -EFAULT;
1368 		rc = cca_findcard(kfc.seckey.seckey,
1369 				  &kfc.cardnr, &kfc.domain, 1);
1370 		DEBUG_DBG("%s cca_findcard()=%d\n", __func__, rc);
1371 		if (rc < 0)
1372 			break;
1373 		if (copy_to_user(ufc, &kfc, sizeof(kfc)))
1374 			return -EFAULT;
1375 		break;
1376 	}
1377 	case PKEY_SKEY2PKEY: {
1378 		struct pkey_skey2pkey __user *usp = (void __user *)arg;
1379 		struct pkey_skey2pkey ksp;
1380 
1381 		if (copy_from_user(&ksp, usp, sizeof(ksp)))
1382 			return -EFAULT;
1383 		ksp.protkey.len = sizeof(ksp.protkey.protkey);
1384 		rc = pkey_skey2pkey(ksp.seckey.seckey, ksp.protkey.protkey,
1385 				    &ksp.protkey.len, &ksp.protkey.type);
1386 		DEBUG_DBG("%s pkey_skey2pkey()=%d\n", __func__, rc);
1387 		if (rc)
1388 			break;
1389 		if (copy_to_user(usp, &ksp, sizeof(ksp)))
1390 			return -EFAULT;
1391 		break;
1392 	}
1393 	case PKEY_VERIFYKEY: {
1394 		struct pkey_verifykey __user *uvk = (void __user *)arg;
1395 		struct pkey_verifykey kvk;
1396 
1397 		if (copy_from_user(&kvk, uvk, sizeof(kvk)))
1398 			return -EFAULT;
1399 		rc = pkey_verifykey(&kvk.seckey, &kvk.cardnr, &kvk.domain,
1400 				    &kvk.keysize, &kvk.attributes);
1401 		DEBUG_DBG("%s pkey_verifykey()=%d\n", __func__, rc);
1402 		if (rc)
1403 			break;
1404 		if (copy_to_user(uvk, &kvk, sizeof(kvk)))
1405 			return -EFAULT;
1406 		break;
1407 	}
1408 	case PKEY_GENPROTK: {
1409 		struct pkey_genprotk __user *ugp = (void __user *)arg;
1410 		struct pkey_genprotk kgp;
1411 
1412 		if (copy_from_user(&kgp, ugp, sizeof(kgp)))
1413 			return -EFAULT;
1414 		kgp.protkey.len = sizeof(kgp.protkey.protkey);
1415 		rc = pkey_genprotkey(kgp.keytype, kgp.protkey.protkey,
1416 				     &kgp.protkey.len, &kgp.protkey.type);
1417 		DEBUG_DBG("%s pkey_genprotkey()=%d\n", __func__, rc);
1418 		if (rc)
1419 			break;
1420 		if (copy_to_user(ugp, &kgp, sizeof(kgp)))
1421 			return -EFAULT;
1422 		break;
1423 	}
1424 	case PKEY_VERIFYPROTK: {
1425 		struct pkey_verifyprotk __user *uvp = (void __user *)arg;
1426 		struct pkey_verifyprotk kvp;
1427 
1428 		if (copy_from_user(&kvp, uvp, sizeof(kvp)))
1429 			return -EFAULT;
1430 		rc = pkey_verifyprotkey(kvp.protkey.protkey,
1431 					kvp.protkey.len, kvp.protkey.type);
1432 		DEBUG_DBG("%s pkey_verifyprotkey()=%d\n", __func__, rc);
1433 		break;
1434 	}
1435 	case PKEY_KBLOB2PROTK: {
1436 		struct pkey_kblob2pkey __user *utp = (void __user *)arg;
1437 		struct pkey_kblob2pkey ktp;
1438 		u8 *kkey;
1439 
1440 		if (copy_from_user(&ktp, utp, sizeof(ktp)))
1441 			return -EFAULT;
1442 		kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1443 		if (IS_ERR(kkey))
1444 			return PTR_ERR(kkey);
1445 		ktp.protkey.len = sizeof(ktp.protkey.protkey);
1446 		rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey,
1447 				       &ktp.protkey.len, &ktp.protkey.type);
1448 		DEBUG_DBG("%s pkey_keyblob2pkey()=%d\n", __func__, rc);
1449 		memzero_explicit(kkey, ktp.keylen);
1450 		kfree(kkey);
1451 		if (rc)
1452 			break;
1453 		if (copy_to_user(utp, &ktp, sizeof(ktp)))
1454 			return -EFAULT;
1455 		break;
1456 	}
1457 	case PKEY_GENSECK2: {
1458 		struct pkey_genseck2 __user *ugs = (void __user *)arg;
1459 		size_t klen = KEYBLOBBUFSIZE;
1460 		struct pkey_genseck2 kgs;
1461 		struct pkey_apqn *apqns;
1462 		u8 *kkey;
1463 
1464 		if (copy_from_user(&kgs, ugs, sizeof(kgs)))
1465 			return -EFAULT;
1466 		apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries);
1467 		if (IS_ERR(apqns))
1468 			return PTR_ERR(apqns);
1469 		kkey = kmalloc(klen, GFP_KERNEL);
1470 		if (!kkey) {
1471 			kfree(apqns);
1472 			return -ENOMEM;
1473 		}
1474 		rc = pkey_genseckey2(apqns, kgs.apqn_entries,
1475 				     kgs.type, kgs.size, kgs.keygenflags,
1476 				     kkey, &klen);
1477 		DEBUG_DBG("%s pkey_genseckey2()=%d\n", __func__, rc);
1478 		kfree(apqns);
1479 		if (rc) {
1480 			kfree(kkey);
1481 			break;
1482 		}
1483 		if (kgs.key) {
1484 			if (kgs.keylen < klen) {
1485 				kfree(kkey);
1486 				return -EINVAL;
1487 			}
1488 			if (copy_to_user(kgs.key, kkey, klen)) {
1489 				kfree(kkey);
1490 				return -EFAULT;
1491 			}
1492 		}
1493 		kgs.keylen = klen;
1494 		if (copy_to_user(ugs, &kgs, sizeof(kgs)))
1495 			rc = -EFAULT;
1496 		kfree(kkey);
1497 		break;
1498 	}
1499 	case PKEY_CLR2SECK2: {
1500 		struct pkey_clr2seck2 __user *ucs = (void __user *)arg;
1501 		size_t klen = KEYBLOBBUFSIZE;
1502 		struct pkey_clr2seck2 kcs;
1503 		struct pkey_apqn *apqns;
1504 		u8 *kkey;
1505 
1506 		if (copy_from_user(&kcs, ucs, sizeof(kcs)))
1507 			return -EFAULT;
1508 		apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
1509 		if (IS_ERR(apqns))
1510 			return PTR_ERR(apqns);
1511 		kkey = kmalloc(klen, GFP_KERNEL);
1512 		if (!kkey) {
1513 			kfree(apqns);
1514 			return -ENOMEM;
1515 		}
1516 		rc = pkey_clr2seckey2(apqns, kcs.apqn_entries,
1517 				      kcs.type, kcs.size, kcs.keygenflags,
1518 				      kcs.clrkey.clrkey, kkey, &klen);
1519 		DEBUG_DBG("%s pkey_clr2seckey2()=%d\n", __func__, rc);
1520 		kfree(apqns);
1521 		if (rc) {
1522 			kfree(kkey);
1523 			break;
1524 		}
1525 		if (kcs.key) {
1526 			if (kcs.keylen < klen) {
1527 				kfree(kkey);
1528 				return -EINVAL;
1529 			}
1530 			if (copy_to_user(kcs.key, kkey, klen)) {
1531 				kfree(kkey);
1532 				return -EFAULT;
1533 			}
1534 		}
1535 		kcs.keylen = klen;
1536 		if (copy_to_user(ucs, &kcs, sizeof(kcs)))
1537 			rc = -EFAULT;
1538 		memzero_explicit(&kcs, sizeof(kcs));
1539 		kfree(kkey);
1540 		break;
1541 	}
1542 	case PKEY_VERIFYKEY2: {
1543 		struct pkey_verifykey2 __user *uvk = (void __user *)arg;
1544 		struct pkey_verifykey2 kvk;
1545 		u8 *kkey;
1546 
1547 		if (copy_from_user(&kvk, uvk, sizeof(kvk)))
1548 			return -EFAULT;
1549 		kkey = _copy_key_from_user(kvk.key, kvk.keylen);
1550 		if (IS_ERR(kkey))
1551 			return PTR_ERR(kkey);
1552 		rc = pkey_verifykey2(kkey, kvk.keylen,
1553 				     &kvk.cardnr, &kvk.domain,
1554 				     &kvk.type, &kvk.size, &kvk.flags);
1555 		DEBUG_DBG("%s pkey_verifykey2()=%d\n", __func__, rc);
1556 		kfree(kkey);
1557 		if (rc)
1558 			break;
1559 		if (copy_to_user(uvk, &kvk, sizeof(kvk)))
1560 			return -EFAULT;
1561 		break;
1562 	}
1563 	case PKEY_KBLOB2PROTK2: {
1564 		struct pkey_kblob2pkey2 __user *utp = (void __user *)arg;
1565 		struct pkey_apqn *apqns = NULL;
1566 		struct pkey_kblob2pkey2 ktp;
1567 		u8 *kkey;
1568 
1569 		if (copy_from_user(&ktp, utp, sizeof(ktp)))
1570 			return -EFAULT;
1571 		apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries);
1572 		if (IS_ERR(apqns))
1573 			return PTR_ERR(apqns);
1574 		kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1575 		if (IS_ERR(kkey)) {
1576 			kfree(apqns);
1577 			return PTR_ERR(kkey);
1578 		}
1579 		ktp.protkey.len = sizeof(ktp.protkey.protkey);
1580 		rc = pkey_keyblob2pkey2(apqns, ktp.apqn_entries,
1581 					kkey, ktp.keylen,
1582 					ktp.protkey.protkey, &ktp.protkey.len,
1583 					&ktp.protkey.type);
1584 		DEBUG_DBG("%s pkey_keyblob2pkey2()=%d\n", __func__, rc);
1585 		kfree(apqns);
1586 		memzero_explicit(kkey, ktp.keylen);
1587 		kfree(kkey);
1588 		if (rc)
1589 			break;
1590 		if (copy_to_user(utp, &ktp, sizeof(ktp)))
1591 			return -EFAULT;
1592 		break;
1593 	}
1594 	case PKEY_APQNS4K: {
1595 		struct pkey_apqns4key __user *uak = (void __user *)arg;
1596 		struct pkey_apqn *apqns = NULL;
1597 		struct pkey_apqns4key kak;
1598 		size_t nr_apqns, len;
1599 		u8 *kkey;
1600 
1601 		if (copy_from_user(&kak, uak, sizeof(kak)))
1602 			return -EFAULT;
1603 		nr_apqns = kak.apqn_entries;
1604 		if (nr_apqns) {
1605 			apqns = kmalloc_array(nr_apqns,
1606 					      sizeof(struct pkey_apqn),
1607 					      GFP_KERNEL);
1608 			if (!apqns)
1609 				return -ENOMEM;
1610 		}
1611 		kkey = _copy_key_from_user(kak.key, kak.keylen);
1612 		if (IS_ERR(kkey)) {
1613 			kfree(apqns);
1614 			return PTR_ERR(kkey);
1615 		}
1616 		rc = pkey_apqns4key(kkey, kak.keylen, kak.flags,
1617 				    apqns, &nr_apqns);
1618 		DEBUG_DBG("%s pkey_apqns4key()=%d\n", __func__, rc);
1619 		kfree(kkey);
1620 		if (rc && rc != -ENOSPC) {
1621 			kfree(apqns);
1622 			break;
1623 		}
1624 		if (!rc && kak.apqns) {
1625 			if (nr_apqns > kak.apqn_entries) {
1626 				kfree(apqns);
1627 				return -EINVAL;
1628 			}
1629 			len = nr_apqns * sizeof(struct pkey_apqn);
1630 			if (len) {
1631 				if (copy_to_user(kak.apqns, apqns, len)) {
1632 					kfree(apqns);
1633 					return -EFAULT;
1634 				}
1635 			}
1636 		}
1637 		kak.apqn_entries = nr_apqns;
1638 		if (copy_to_user(uak, &kak, sizeof(kak)))
1639 			rc = -EFAULT;
1640 		kfree(apqns);
1641 		break;
1642 	}
1643 	case PKEY_APQNS4KT: {
1644 		struct pkey_apqns4keytype __user *uat = (void __user *)arg;
1645 		struct pkey_apqn *apqns = NULL;
1646 		struct pkey_apqns4keytype kat;
1647 		size_t nr_apqns, len;
1648 
1649 		if (copy_from_user(&kat, uat, sizeof(kat)))
1650 			return -EFAULT;
1651 		nr_apqns = kat.apqn_entries;
1652 		if (nr_apqns) {
1653 			apqns = kmalloc_array(nr_apqns,
1654 					      sizeof(struct pkey_apqn),
1655 					      GFP_KERNEL);
1656 			if (!apqns)
1657 				return -ENOMEM;
1658 		}
1659 		rc = pkey_apqns4keytype(kat.type, kat.cur_mkvp, kat.alt_mkvp,
1660 					kat.flags, apqns, &nr_apqns);
1661 		DEBUG_DBG("%s pkey_apqns4keytype()=%d\n", __func__, rc);
1662 		if (rc && rc != -ENOSPC) {
1663 			kfree(apqns);
1664 			break;
1665 		}
1666 		if (!rc && kat.apqns) {
1667 			if (nr_apqns > kat.apqn_entries) {
1668 				kfree(apqns);
1669 				return -EINVAL;
1670 			}
1671 			len = nr_apqns * sizeof(struct pkey_apqn);
1672 			if (len) {
1673 				if (copy_to_user(kat.apqns, apqns, len)) {
1674 					kfree(apqns);
1675 					return -EFAULT;
1676 				}
1677 			}
1678 		}
1679 		kat.apqn_entries = nr_apqns;
1680 		if (copy_to_user(uat, &kat, sizeof(kat)))
1681 			rc = -EFAULT;
1682 		kfree(apqns);
1683 		break;
1684 	}
1685 	case PKEY_KBLOB2PROTK3: {
1686 		struct pkey_kblob2pkey3 __user *utp = (void __user *)arg;
1687 		u32 protkeylen = PROTKEYBLOBBUFSIZE;
1688 		struct pkey_apqn *apqns = NULL;
1689 		struct pkey_kblob2pkey3 ktp;
1690 		u8 *kkey, *protkey;
1691 
1692 		if (copy_from_user(&ktp, utp, sizeof(ktp)))
1693 			return -EFAULT;
1694 		apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries);
1695 		if (IS_ERR(apqns))
1696 			return PTR_ERR(apqns);
1697 		kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1698 		if (IS_ERR(kkey)) {
1699 			kfree(apqns);
1700 			return PTR_ERR(kkey);
1701 		}
1702 		protkey = kmalloc(protkeylen, GFP_KERNEL);
1703 		if (!protkey) {
1704 			kfree(apqns);
1705 			kfree(kkey);
1706 			return -ENOMEM;
1707 		}
1708 		rc = pkey_keyblob2pkey3(apqns, ktp.apqn_entries,
1709 					kkey, ktp.keylen,
1710 					protkey, &protkeylen, &ktp.pkeytype);
1711 		DEBUG_DBG("%s pkey_keyblob2pkey3()=%d\n", __func__, rc);
1712 		kfree(apqns);
1713 		memzero_explicit(kkey, ktp.keylen);
1714 		kfree(kkey);
1715 		if (rc) {
1716 			kfree(protkey);
1717 			break;
1718 		}
1719 		if (ktp.pkey && ktp.pkeylen) {
1720 			if (protkeylen > ktp.pkeylen) {
1721 				kfree(protkey);
1722 				return -EINVAL;
1723 			}
1724 			if (copy_to_user(ktp.pkey, protkey, protkeylen)) {
1725 				kfree(protkey);
1726 				return -EFAULT;
1727 			}
1728 		}
1729 		kfree(protkey);
1730 		ktp.pkeylen = protkeylen;
1731 		if (copy_to_user(utp, &ktp, sizeof(ktp)))
1732 			return -EFAULT;
1733 		break;
1734 	}
1735 	default:
1736 		/* unknown/unsupported ioctl cmd */
1737 		return -ENOTTY;
1738 	}
1739 
1740 	return rc;
1741 }
1742 
1743 /*
1744  * Sysfs and file io operations
1745  */
1746 
1747 /*
1748  * Sysfs attribute read function for all protected key binary attributes.
1749  * The implementation can not deal with partial reads, because a new random
1750  * protected key blob is generated with each read. In case of partial reads
1751  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1752  */
1753 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
1754 					  loff_t off, size_t count)
1755 {
1756 	struct protaeskeytoken protkeytoken;
1757 	struct pkey_protkey protkey;
1758 	int rc;
1759 
1760 	if (off != 0 || count < sizeof(protkeytoken))
1761 		return -EINVAL;
1762 	if (is_xts)
1763 		if (count < 2 * sizeof(protkeytoken))
1764 			return -EINVAL;
1765 
1766 	memset(&protkeytoken, 0, sizeof(protkeytoken));
1767 	protkeytoken.type = TOKTYPE_NON_CCA;
1768 	protkeytoken.version = TOKVER_PROTECTED_KEY;
1769 	protkeytoken.keytype = keytype;
1770 
1771 	protkey.len = sizeof(protkey.protkey);
1772 	rc = pkey_genprotkey(protkeytoken.keytype,
1773 			     protkey.protkey, &protkey.len, &protkey.type);
1774 	if (rc)
1775 		return rc;
1776 
1777 	protkeytoken.len = protkey.len;
1778 	memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
1779 
1780 	memcpy(buf, &protkeytoken, sizeof(protkeytoken));
1781 
1782 	if (is_xts) {
1783 		/* xts needs a second protected key, reuse protkey struct */
1784 		protkey.len = sizeof(protkey.protkey);
1785 		rc = pkey_genprotkey(protkeytoken.keytype,
1786 				     protkey.protkey, &protkey.len, &protkey.type);
1787 		if (rc)
1788 			return rc;
1789 
1790 		protkeytoken.len = protkey.len;
1791 		memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
1792 
1793 		memcpy(buf + sizeof(protkeytoken), &protkeytoken,
1794 		       sizeof(protkeytoken));
1795 
1796 		return 2 * sizeof(protkeytoken);
1797 	}
1798 
1799 	return sizeof(protkeytoken);
1800 }
1801 
1802 static ssize_t protkey_aes_128_read(struct file *filp,
1803 				    struct kobject *kobj,
1804 				    struct bin_attribute *attr,
1805 				    char *buf, loff_t off,
1806 				    size_t count)
1807 {
1808 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
1809 					  off, count);
1810 }
1811 
1812 static ssize_t protkey_aes_192_read(struct file *filp,
1813 				    struct kobject *kobj,
1814 				    struct bin_attribute *attr,
1815 				    char *buf, loff_t off,
1816 				    size_t count)
1817 {
1818 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
1819 					  off, count);
1820 }
1821 
1822 static ssize_t protkey_aes_256_read(struct file *filp,
1823 				    struct kobject *kobj,
1824 				    struct bin_attribute *attr,
1825 				    char *buf, loff_t off,
1826 				    size_t count)
1827 {
1828 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
1829 					  off, count);
1830 }
1831 
1832 static ssize_t protkey_aes_128_xts_read(struct file *filp,
1833 					struct kobject *kobj,
1834 					struct bin_attribute *attr,
1835 					char *buf, loff_t off,
1836 					size_t count)
1837 {
1838 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
1839 					  off, count);
1840 }
1841 
1842 static ssize_t protkey_aes_256_xts_read(struct file *filp,
1843 					struct kobject *kobj,
1844 					struct bin_attribute *attr,
1845 					char *buf, loff_t off,
1846 					size_t count)
1847 {
1848 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
1849 					  off, count);
1850 }
1851 
1852 static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
1853 static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
1854 static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
1855 static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
1856 static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
1857 
1858 static struct bin_attribute *protkey_attrs[] = {
1859 	&bin_attr_protkey_aes_128,
1860 	&bin_attr_protkey_aes_192,
1861 	&bin_attr_protkey_aes_256,
1862 	&bin_attr_protkey_aes_128_xts,
1863 	&bin_attr_protkey_aes_256_xts,
1864 	NULL
1865 };
1866 
1867 static struct attribute_group protkey_attr_group = {
1868 	.name	   = "protkey",
1869 	.bin_attrs = protkey_attrs,
1870 };
1871 
1872 /*
1873  * Sysfs attribute read function for all secure key ccadata binary attributes.
1874  * The implementation can not deal with partial reads, because a new random
1875  * protected key blob is generated with each read. In case of partial reads
1876  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1877  */
1878 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
1879 					  loff_t off, size_t count)
1880 {
1881 	struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
1882 	int rc;
1883 
1884 	if (off != 0 || count < sizeof(struct secaeskeytoken))
1885 		return -EINVAL;
1886 	if (is_xts)
1887 		if (count < 2 * sizeof(struct secaeskeytoken))
1888 			return -EINVAL;
1889 
1890 	rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
1891 	if (rc)
1892 		return rc;
1893 
1894 	if (is_xts) {
1895 		seckey++;
1896 		rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
1897 		if (rc)
1898 			return rc;
1899 
1900 		return 2 * sizeof(struct secaeskeytoken);
1901 	}
1902 
1903 	return sizeof(struct secaeskeytoken);
1904 }
1905 
1906 static ssize_t ccadata_aes_128_read(struct file *filp,
1907 				    struct kobject *kobj,
1908 				    struct bin_attribute *attr,
1909 				    char *buf, loff_t off,
1910 				    size_t count)
1911 {
1912 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
1913 					  off, count);
1914 }
1915 
1916 static ssize_t ccadata_aes_192_read(struct file *filp,
1917 				    struct kobject *kobj,
1918 				    struct bin_attribute *attr,
1919 				    char *buf, loff_t off,
1920 				    size_t count)
1921 {
1922 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
1923 					  off, count);
1924 }
1925 
1926 static ssize_t ccadata_aes_256_read(struct file *filp,
1927 				    struct kobject *kobj,
1928 				    struct bin_attribute *attr,
1929 				    char *buf, loff_t off,
1930 				    size_t count)
1931 {
1932 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
1933 					  off, count);
1934 }
1935 
1936 static ssize_t ccadata_aes_128_xts_read(struct file *filp,
1937 					struct kobject *kobj,
1938 					struct bin_attribute *attr,
1939 					char *buf, loff_t off,
1940 					size_t count)
1941 {
1942 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
1943 					  off, count);
1944 }
1945 
1946 static ssize_t ccadata_aes_256_xts_read(struct file *filp,
1947 					struct kobject *kobj,
1948 					struct bin_attribute *attr,
1949 					char *buf, loff_t off,
1950 					size_t count)
1951 {
1952 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
1953 					  off, count);
1954 }
1955 
1956 static BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken));
1957 static BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken));
1958 static BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken));
1959 static BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken));
1960 static BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken));
1961 
1962 static struct bin_attribute *ccadata_attrs[] = {
1963 	&bin_attr_ccadata_aes_128,
1964 	&bin_attr_ccadata_aes_192,
1965 	&bin_attr_ccadata_aes_256,
1966 	&bin_attr_ccadata_aes_128_xts,
1967 	&bin_attr_ccadata_aes_256_xts,
1968 	NULL
1969 };
1970 
1971 static struct attribute_group ccadata_attr_group = {
1972 	.name	   = "ccadata",
1973 	.bin_attrs = ccadata_attrs,
1974 };
1975 
1976 #define CCACIPHERTOKENSIZE	(sizeof(struct cipherkeytoken) + 80)
1977 
1978 /*
1979  * Sysfs attribute read function for all secure key ccacipher binary attributes.
1980  * The implementation can not deal with partial reads, because a new random
1981  * secure key blob is generated with each read. In case of partial reads
1982  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1983  */
1984 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
1985 					    bool is_xts, char *buf, loff_t off,
1986 					    size_t count)
1987 {
1988 	size_t keysize = CCACIPHERTOKENSIZE;
1989 	u32 nr_apqns, *apqns = NULL;
1990 	int i, rc, card, dom;
1991 
1992 	if (off != 0 || count < CCACIPHERTOKENSIZE)
1993 		return -EINVAL;
1994 	if (is_xts)
1995 		if (count < 2 * CCACIPHERTOKENSIZE)
1996 			return -EINVAL;
1997 
1998 	/* build a list of apqns able to generate an cipher key */
1999 	rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
2000 			   ZCRYPT_CEX6, 0, 0, 0, 0);
2001 	if (rc)
2002 		return rc;
2003 
2004 	memset(buf, 0, is_xts ? 2 * keysize : keysize);
2005 
2006 	/* simple try all apqns from the list */
2007 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
2008 		card = apqns[i] >> 16;
2009 		dom = apqns[i] & 0xFFFF;
2010 		rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
2011 		if (rc == 0)
2012 			break;
2013 	}
2014 	if (rc)
2015 		return rc;
2016 
2017 	if (is_xts) {
2018 		keysize = CCACIPHERTOKENSIZE;
2019 		buf += CCACIPHERTOKENSIZE;
2020 		rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
2021 		if (rc == 0)
2022 			return 2 * CCACIPHERTOKENSIZE;
2023 	}
2024 
2025 	return CCACIPHERTOKENSIZE;
2026 }
2027 
2028 static ssize_t ccacipher_aes_128_read(struct file *filp,
2029 				      struct kobject *kobj,
2030 				      struct bin_attribute *attr,
2031 				      char *buf, loff_t off,
2032 				      size_t count)
2033 {
2034 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
2035 					    off, count);
2036 }
2037 
2038 static ssize_t ccacipher_aes_192_read(struct file *filp,
2039 				      struct kobject *kobj,
2040 				      struct bin_attribute *attr,
2041 				      char *buf, loff_t off,
2042 				      size_t count)
2043 {
2044 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
2045 					    off, count);
2046 }
2047 
2048 static ssize_t ccacipher_aes_256_read(struct file *filp,
2049 				      struct kobject *kobj,
2050 				      struct bin_attribute *attr,
2051 				      char *buf, loff_t off,
2052 				      size_t count)
2053 {
2054 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
2055 					    off, count);
2056 }
2057 
2058 static ssize_t ccacipher_aes_128_xts_read(struct file *filp,
2059 					  struct kobject *kobj,
2060 					  struct bin_attribute *attr,
2061 					  char *buf, loff_t off,
2062 					  size_t count)
2063 {
2064 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
2065 					    off, count);
2066 }
2067 
2068 static ssize_t ccacipher_aes_256_xts_read(struct file *filp,
2069 					  struct kobject *kobj,
2070 					  struct bin_attribute *attr,
2071 					  char *buf, loff_t off,
2072 					  size_t count)
2073 {
2074 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
2075 					    off, count);
2076 }
2077 
2078 static BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE);
2079 static BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE);
2080 static BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE);
2081 static BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE);
2082 static BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE);
2083 
2084 static struct bin_attribute *ccacipher_attrs[] = {
2085 	&bin_attr_ccacipher_aes_128,
2086 	&bin_attr_ccacipher_aes_192,
2087 	&bin_attr_ccacipher_aes_256,
2088 	&bin_attr_ccacipher_aes_128_xts,
2089 	&bin_attr_ccacipher_aes_256_xts,
2090 	NULL
2091 };
2092 
2093 static struct attribute_group ccacipher_attr_group = {
2094 	.name	   = "ccacipher",
2095 	.bin_attrs = ccacipher_attrs,
2096 };
2097 
2098 /*
2099  * Sysfs attribute read function for all ep11 aes key binary attributes.
2100  * The implementation can not deal with partial reads, because a new random
2101  * secure key blob is generated with each read. In case of partial reads
2102  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2103  * This function and the sysfs attributes using it provide EP11 key blobs
2104  * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently
2105  * 320 bytes.
2106  */
2107 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
2108 				       bool is_xts, char *buf, loff_t off,
2109 				       size_t count)
2110 {
2111 	size_t keysize = MAXEP11AESKEYBLOBSIZE;
2112 	u32 nr_apqns, *apqns = NULL;
2113 	int i, rc, card, dom;
2114 
2115 	if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
2116 		return -EINVAL;
2117 	if (is_xts)
2118 		if (count < 2 * MAXEP11AESKEYBLOBSIZE)
2119 			return -EINVAL;
2120 
2121 	/* build a list of apqns able to generate an cipher key */
2122 	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
2123 			    ZCRYPT_CEX7, EP11_API_V, NULL);
2124 	if (rc)
2125 		return rc;
2126 
2127 	memset(buf, 0, is_xts ? 2 * keysize : keysize);
2128 
2129 	/* simple try all apqns from the list */
2130 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
2131 		card = apqns[i] >> 16;
2132 		dom = apqns[i] & 0xFFFF;
2133 		rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize);
2134 		if (rc == 0)
2135 			break;
2136 	}
2137 	if (rc)
2138 		return rc;
2139 
2140 	if (is_xts) {
2141 		keysize = MAXEP11AESKEYBLOBSIZE;
2142 		buf += MAXEP11AESKEYBLOBSIZE;
2143 		rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize);
2144 		if (rc == 0)
2145 			return 2 * MAXEP11AESKEYBLOBSIZE;
2146 	}
2147 
2148 	return MAXEP11AESKEYBLOBSIZE;
2149 }
2150 
2151 static ssize_t ep11_aes_128_read(struct file *filp,
2152 				 struct kobject *kobj,
2153 				 struct bin_attribute *attr,
2154 				 char *buf, loff_t off,
2155 				 size_t count)
2156 {
2157 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
2158 				       off, count);
2159 }
2160 
2161 static ssize_t ep11_aes_192_read(struct file *filp,
2162 				 struct kobject *kobj,
2163 				 struct bin_attribute *attr,
2164 				 char *buf, loff_t off,
2165 				 size_t count)
2166 {
2167 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
2168 				       off, count);
2169 }
2170 
2171 static ssize_t ep11_aes_256_read(struct file *filp,
2172 				 struct kobject *kobj,
2173 				 struct bin_attribute *attr,
2174 				 char *buf, loff_t off,
2175 				 size_t count)
2176 {
2177 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
2178 				       off, count);
2179 }
2180 
2181 static ssize_t ep11_aes_128_xts_read(struct file *filp,
2182 				     struct kobject *kobj,
2183 				     struct bin_attribute *attr,
2184 				     char *buf, loff_t off,
2185 				     size_t count)
2186 {
2187 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
2188 				       off, count);
2189 }
2190 
2191 static ssize_t ep11_aes_256_xts_read(struct file *filp,
2192 				     struct kobject *kobj,
2193 				     struct bin_attribute *attr,
2194 				     char *buf, loff_t off,
2195 				     size_t count)
2196 {
2197 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
2198 				       off, count);
2199 }
2200 
2201 static BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE);
2202 static BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE);
2203 static BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE);
2204 static BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE);
2205 static BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE);
2206 
2207 static struct bin_attribute *ep11_attrs[] = {
2208 	&bin_attr_ep11_aes_128,
2209 	&bin_attr_ep11_aes_192,
2210 	&bin_attr_ep11_aes_256,
2211 	&bin_attr_ep11_aes_128_xts,
2212 	&bin_attr_ep11_aes_256_xts,
2213 	NULL
2214 };
2215 
2216 static struct attribute_group ep11_attr_group = {
2217 	.name	   = "ep11",
2218 	.bin_attrs = ep11_attrs,
2219 };
2220 
2221 static const struct attribute_group *pkey_attr_groups[] = {
2222 	&protkey_attr_group,
2223 	&ccadata_attr_group,
2224 	&ccacipher_attr_group,
2225 	&ep11_attr_group,
2226 	NULL,
2227 };
2228 
2229 static const struct file_operations pkey_fops = {
2230 	.owner		= THIS_MODULE,
2231 	.open		= nonseekable_open,
2232 	.llseek		= no_llseek,
2233 	.unlocked_ioctl = pkey_unlocked_ioctl,
2234 };
2235 
2236 static struct miscdevice pkey_dev = {
2237 	.name	= "pkey",
2238 	.minor	= MISC_DYNAMIC_MINOR,
2239 	.mode	= 0666,
2240 	.fops	= &pkey_fops,
2241 	.groups = pkey_attr_groups,
2242 };
2243 
2244 /*
2245  * Module init
2246  */
2247 static int __init pkey_init(void)
2248 {
2249 	cpacf_mask_t func_mask;
2250 
2251 	/*
2252 	 * The pckmo instruction should be available - even if we don't
2253 	 * actually invoke it. This instruction comes with MSA 3 which
2254 	 * is also the minimum level for the kmc instructions which
2255 	 * are able to work with protected keys.
2256 	 */
2257 	if (!cpacf_query(CPACF_PCKMO, &func_mask))
2258 		return -ENODEV;
2259 
2260 	/* check for kmc instructions available */
2261 	if (!cpacf_query(CPACF_KMC, &func_mask))
2262 		return -ENODEV;
2263 	if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
2264 	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||
2265 	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))
2266 		return -ENODEV;
2267 
2268 	pkey_debug_init();
2269 
2270 	return misc_register(&pkey_dev);
2271 }
2272 
2273 /*
2274  * Module exit
2275  */
2276 static void __exit pkey_exit(void)
2277 {
2278 	misc_deregister(&pkey_dev);
2279 	pkey_debug_exit();
2280 }
2281 
2282 module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init);
2283 module_exit(pkey_exit);
2284