1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * pkey device driver 4 * 5 * Copyright IBM Corp. 2017, 2023 6 * 7 * Author(s): Harald Freudenberger 8 */ 9 10 #define KMSG_COMPONENT "pkey" 11 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 12 13 #include <linux/fs.h> 14 #include <linux/init.h> 15 #include <linux/miscdevice.h> 16 #include <linux/module.h> 17 #include <linux/slab.h> 18 #include <linux/kallsyms.h> 19 #include <linux/debugfs.h> 20 #include <linux/random.h> 21 #include <linux/cpufeature.h> 22 #include <asm/zcrypt.h> 23 #include <asm/cpacf.h> 24 #include <asm/pkey.h> 25 #include <crypto/aes.h> 26 27 #include "zcrypt_api.h" 28 #include "zcrypt_ccamisc.h" 29 #include "zcrypt_ep11misc.h" 30 31 MODULE_LICENSE("GPL"); 32 MODULE_AUTHOR("IBM Corporation"); 33 MODULE_DESCRIPTION("s390 protected key interface"); 34 35 #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */ 36 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header)) 37 #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */ 38 #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */ 39 #define AES_WK_VP_SIZE 32 /* Size of WK VP block appended to a prot key */ 40 41 /* 42 * debug feature data and functions 43 */ 44 45 static debug_info_t *debug_info; 46 47 #define DEBUG_DBG(...) debug_sprintf_event(debug_info, 6, ##__VA_ARGS__) 48 #define DEBUG_INFO(...) debug_sprintf_event(debug_info, 5, ##__VA_ARGS__) 49 #define DEBUG_WARN(...) debug_sprintf_event(debug_info, 4, ##__VA_ARGS__) 50 #define DEBUG_ERR(...) debug_sprintf_event(debug_info, 3, ##__VA_ARGS__) 51 52 static void __init pkey_debug_init(void) 53 { 54 /* 5 arguments per dbf entry (including the format string ptr) */ 55 debug_info = debug_register("pkey", 1, 1, 5 * sizeof(long)); 56 debug_register_view(debug_info, &debug_sprintf_view); 57 debug_set_level(debug_info, 3); 58 } 59 60 static void __exit pkey_debug_exit(void) 61 { 62 debug_unregister(debug_info); 63 } 64 65 /* inside view of a protected key token (only type 0x00 version 0x01) */ 66 struct protaeskeytoken { 67 u8 type; /* 0x00 for PAES specific key tokens */ 68 u8 res0[3]; 69 u8 version; /* should be 0x01 for protected AES key token */ 70 u8 res1[3]; 71 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */ 72 u32 len; /* bytes actually stored in protkey[] */ 73 u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */ 74 } __packed; 75 76 /* inside view of a clear key token (type 0x00 version 0x02) */ 77 struct clearkeytoken { 78 u8 type; /* 0x00 for PAES specific key tokens */ 79 u8 res0[3]; 80 u8 version; /* 0x02 for clear key token */ 81 u8 res1[3]; 82 u32 keytype; /* key type, one of the PKEY_KEYTYPE_* values */ 83 u32 len; /* bytes actually stored in clearkey[] */ 84 u8 clearkey[]; /* clear key value */ 85 } __packed; 86 87 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */ 88 static inline u32 pkey_keytype_aes_to_size(u32 keytype) 89 { 90 switch (keytype) { 91 case PKEY_KEYTYPE_AES_128: 92 return 16; 93 case PKEY_KEYTYPE_AES_192: 94 return 24; 95 case PKEY_KEYTYPE_AES_256: 96 return 32; 97 default: 98 return 0; 99 } 100 } 101 102 /* 103 * Create a protected key from a clear key value via PCKMO instruction. 104 */ 105 static int pkey_clr2protkey(u32 keytype, const u8 *clrkey, 106 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 107 { 108 /* mask of available pckmo subfunctions */ 109 static cpacf_mask_t pckmo_functions; 110 111 u8 paramblock[112]; 112 u32 pkeytype; 113 int keysize; 114 long fc; 115 116 switch (keytype) { 117 case PKEY_KEYTYPE_AES_128: 118 /* 16 byte key, 32 byte aes wkvp, total 48 bytes */ 119 keysize = 16; 120 pkeytype = keytype; 121 fc = CPACF_PCKMO_ENC_AES_128_KEY; 122 break; 123 case PKEY_KEYTYPE_AES_192: 124 /* 24 byte key, 32 byte aes wkvp, total 56 bytes */ 125 keysize = 24; 126 pkeytype = keytype; 127 fc = CPACF_PCKMO_ENC_AES_192_KEY; 128 break; 129 case PKEY_KEYTYPE_AES_256: 130 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 131 keysize = 32; 132 pkeytype = keytype; 133 fc = CPACF_PCKMO_ENC_AES_256_KEY; 134 break; 135 case PKEY_KEYTYPE_ECC_P256: 136 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 137 keysize = 32; 138 pkeytype = PKEY_KEYTYPE_ECC; 139 fc = CPACF_PCKMO_ENC_ECC_P256_KEY; 140 break; 141 case PKEY_KEYTYPE_ECC_P384: 142 /* 48 byte key, 32 byte aes wkvp, total 80 bytes */ 143 keysize = 48; 144 pkeytype = PKEY_KEYTYPE_ECC; 145 fc = CPACF_PCKMO_ENC_ECC_P384_KEY; 146 break; 147 case PKEY_KEYTYPE_ECC_P521: 148 /* 80 byte key, 32 byte aes wkvp, total 112 bytes */ 149 keysize = 80; 150 pkeytype = PKEY_KEYTYPE_ECC; 151 fc = CPACF_PCKMO_ENC_ECC_P521_KEY; 152 break; 153 case PKEY_KEYTYPE_ECC_ED25519: 154 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 155 keysize = 32; 156 pkeytype = PKEY_KEYTYPE_ECC; 157 fc = CPACF_PCKMO_ENC_ECC_ED25519_KEY; 158 break; 159 case PKEY_KEYTYPE_ECC_ED448: 160 /* 64 byte key, 32 byte aes wkvp, total 96 bytes */ 161 keysize = 64; 162 pkeytype = PKEY_KEYTYPE_ECC; 163 fc = CPACF_PCKMO_ENC_ECC_ED448_KEY; 164 break; 165 default: 166 DEBUG_ERR("%s unknown/unsupported keytype %u\n", 167 __func__, keytype); 168 return -EINVAL; 169 } 170 171 if (*protkeylen < keysize + AES_WK_VP_SIZE) { 172 DEBUG_ERR("%s prot key buffer size too small: %u < %d\n", 173 __func__, *protkeylen, keysize + AES_WK_VP_SIZE); 174 return -EINVAL; 175 } 176 177 /* Did we already check for PCKMO ? */ 178 if (!pckmo_functions.bytes[0]) { 179 /* no, so check now */ 180 if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) 181 return -ENODEV; 182 } 183 /* check for the pckmo subfunction we need now */ 184 if (!cpacf_test_func(&pckmo_functions, fc)) { 185 DEBUG_ERR("%s pckmo functions not available\n", __func__); 186 return -ENODEV; 187 } 188 189 /* prepare param block */ 190 memset(paramblock, 0, sizeof(paramblock)); 191 memcpy(paramblock, clrkey, keysize); 192 193 /* call the pckmo instruction */ 194 cpacf_pckmo(fc, paramblock); 195 196 /* copy created protected key to key buffer including the wkvp block */ 197 *protkeylen = keysize + AES_WK_VP_SIZE; 198 memcpy(protkey, paramblock, *protkeylen); 199 *protkeytype = pkeytype; 200 201 return 0; 202 } 203 204 /* 205 * Find card and transform secure key into protected key. 206 */ 207 static int pkey_skey2pkey(const u8 *key, u8 *protkey, 208 u32 *protkeylen, u32 *protkeytype) 209 { 210 struct keytoken_header *hdr = (struct keytoken_header *)key; 211 u16 cardnr, domain; 212 int rc, verify; 213 214 zcrypt_wait_api_operational(); 215 216 /* 217 * The cca_xxx2protkey call may fail when a card has been 218 * addressed where the master key was changed after last fetch 219 * of the mkvp into the cache. Try 3 times: First without verify 220 * then with verify and last round with verify and old master 221 * key verification pattern match not ignored. 222 */ 223 for (verify = 0; verify < 3; verify++) { 224 rc = cca_findcard(key, &cardnr, &domain, verify); 225 if (rc < 0) 226 continue; 227 if (rc > 0 && verify < 2) 228 continue; 229 switch (hdr->version) { 230 case TOKVER_CCA_AES: 231 rc = cca_sec2protkey(cardnr, domain, key, 232 protkey, protkeylen, protkeytype); 233 break; 234 case TOKVER_CCA_VLSC: 235 rc = cca_cipher2protkey(cardnr, domain, key, 236 protkey, protkeylen, 237 protkeytype); 238 break; 239 default: 240 return -EINVAL; 241 } 242 if (rc == 0) 243 break; 244 } 245 246 if (rc) 247 DEBUG_DBG("%s failed rc=%d\n", __func__, rc); 248 249 return rc; 250 } 251 252 /* 253 * Construct EP11 key with given clear key value. 254 */ 255 static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen, 256 u8 *keybuf, size_t *keybuflen) 257 { 258 u32 nr_apqns, *apqns = NULL; 259 u16 card, dom; 260 int i, rc; 261 262 zcrypt_wait_api_operational(); 263 264 /* build a list of apqns suitable for ep11 keys with cpacf support */ 265 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 266 ZCRYPT_CEX7, 267 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 268 NULL); 269 if (rc) 270 goto out; 271 272 /* go through the list of apqns and try to bild an ep11 key */ 273 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) { 274 card = apqns[i] >> 16; 275 dom = apqns[i] & 0xFFFF; 276 rc = ep11_clr2keyblob(card, dom, clrkeylen * 8, 277 0, clrkey, keybuf, keybuflen, 278 PKEY_TYPE_EP11); 279 if (rc == 0) 280 break; 281 } 282 283 out: 284 kfree(apqns); 285 if (rc) 286 DEBUG_DBG("%s failed rc=%d\n", __func__, rc); 287 return rc; 288 } 289 290 /* 291 * Find card and transform EP11 secure key into protected key. 292 */ 293 static int pkey_ep11key2pkey(const u8 *key, size_t keylen, 294 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 295 { 296 u32 nr_apqns, *apqns = NULL; 297 u16 card, dom; 298 int i, rc; 299 300 zcrypt_wait_api_operational(); 301 302 /* build a list of apqns suitable for this key */ 303 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 304 ZCRYPT_CEX7, 305 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 306 ep11_kb_wkvp(key, keylen)); 307 if (rc) 308 goto out; 309 310 /* go through the list of apqns and try to derive an pkey */ 311 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) { 312 card = apqns[i] >> 16; 313 dom = apqns[i] & 0xFFFF; 314 rc = ep11_kblob2protkey(card, dom, key, keylen, 315 protkey, protkeylen, protkeytype); 316 if (rc == 0) 317 break; 318 } 319 320 out: 321 kfree(apqns); 322 if (rc) 323 DEBUG_DBG("%s failed rc=%d\n", __func__, rc); 324 return rc; 325 } 326 327 /* 328 * Verify key and give back some info about the key. 329 */ 330 static int pkey_verifykey(const struct pkey_seckey *seckey, 331 u16 *pcardnr, u16 *pdomain, 332 u16 *pkeysize, u32 *pattributes) 333 { 334 struct secaeskeytoken *t = (struct secaeskeytoken *)seckey; 335 u16 cardnr, domain; 336 int rc; 337 338 /* check the secure key for valid AES secure key */ 339 rc = cca_check_secaeskeytoken(debug_info, 3, (u8 *)seckey, 0); 340 if (rc) 341 goto out; 342 if (pattributes) 343 *pattributes = PKEY_VERIFY_ATTR_AES; 344 if (pkeysize) 345 *pkeysize = t->bitsize; 346 347 /* try to find a card which can handle this key */ 348 rc = cca_findcard(seckey->seckey, &cardnr, &domain, 1); 349 if (rc < 0) 350 goto out; 351 352 if (rc > 0) { 353 /* key mkvp matches to old master key mkvp */ 354 DEBUG_DBG("%s secure key has old mkvp\n", __func__); 355 if (pattributes) 356 *pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP; 357 rc = 0; 358 } 359 360 if (pcardnr) 361 *pcardnr = cardnr; 362 if (pdomain) 363 *pdomain = domain; 364 365 out: 366 DEBUG_DBG("%s rc=%d\n", __func__, rc); 367 return rc; 368 } 369 370 /* 371 * Generate a random protected key 372 */ 373 static int pkey_genprotkey(u32 keytype, u8 *protkey, 374 u32 *protkeylen, u32 *protkeytype) 375 { 376 u8 clrkey[32]; 377 int keysize; 378 int rc; 379 380 keysize = pkey_keytype_aes_to_size(keytype); 381 if (!keysize) { 382 DEBUG_ERR("%s unknown/unsupported keytype %d\n", __func__, 383 keytype); 384 return -EINVAL; 385 } 386 387 /* generate a dummy random clear key */ 388 get_random_bytes(clrkey, keysize); 389 390 /* convert it to a dummy protected key */ 391 rc = pkey_clr2protkey(keytype, clrkey, 392 protkey, protkeylen, protkeytype); 393 if (rc) 394 return rc; 395 396 /* replace the key part of the protected key with random bytes */ 397 get_random_bytes(protkey, keysize); 398 399 return 0; 400 } 401 402 /* 403 * Verify if a protected key is still valid 404 */ 405 static int pkey_verifyprotkey(const u8 *protkey, u32 protkeylen, 406 u32 protkeytype) 407 { 408 struct { 409 u8 iv[AES_BLOCK_SIZE]; 410 u8 key[MAXPROTKEYSIZE]; 411 } param; 412 u8 null_msg[AES_BLOCK_SIZE]; 413 u8 dest_buf[AES_BLOCK_SIZE]; 414 unsigned int k, pkeylen; 415 unsigned long fc; 416 417 switch (protkeytype) { 418 case PKEY_KEYTYPE_AES_128: 419 pkeylen = 16 + AES_WK_VP_SIZE; 420 fc = CPACF_KMC_PAES_128; 421 break; 422 case PKEY_KEYTYPE_AES_192: 423 pkeylen = 24 + AES_WK_VP_SIZE; 424 fc = CPACF_KMC_PAES_192; 425 break; 426 case PKEY_KEYTYPE_AES_256: 427 pkeylen = 32 + AES_WK_VP_SIZE; 428 fc = CPACF_KMC_PAES_256; 429 break; 430 default: 431 DEBUG_ERR("%s unknown/unsupported keytype %u\n", __func__, 432 protkeytype); 433 return -EINVAL; 434 } 435 if (protkeylen != pkeylen) { 436 DEBUG_ERR("%s invalid protected key size %u for keytype %u\n", 437 __func__, protkeylen, protkeytype); 438 return -EINVAL; 439 } 440 441 memset(null_msg, 0, sizeof(null_msg)); 442 443 memset(param.iv, 0, sizeof(param.iv)); 444 memcpy(param.key, protkey, protkeylen); 445 446 k = cpacf_kmc(fc | CPACF_ENCRYPT, ¶m, null_msg, dest_buf, 447 sizeof(null_msg)); 448 if (k != sizeof(null_msg)) { 449 DEBUG_ERR("%s protected key is not valid\n", __func__); 450 return -EKEYREJECTED; 451 } 452 453 return 0; 454 } 455 456 /* Helper for pkey_nonccatok2pkey, handles aes clear key token */ 457 static int nonccatokaes2pkey(const struct clearkeytoken *t, 458 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 459 { 460 size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE); 461 u8 *tmpbuf = NULL; 462 u32 keysize; 463 int rc; 464 465 keysize = pkey_keytype_aes_to_size(t->keytype); 466 if (!keysize) { 467 DEBUG_ERR("%s unknown/unsupported keytype %u\n", 468 __func__, t->keytype); 469 return -EINVAL; 470 } 471 if (t->len != keysize) { 472 DEBUG_ERR("%s non clear key aes token: invalid key len %u\n", 473 __func__, t->len); 474 return -EINVAL; 475 } 476 477 /* try direct way with the PCKMO instruction */ 478 rc = pkey_clr2protkey(t->keytype, t->clearkey, 479 protkey, protkeylen, protkeytype); 480 if (!rc) 481 goto out; 482 483 /* PCKMO failed, so try the CCA secure key way */ 484 tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC); 485 if (!tmpbuf) 486 return -ENOMEM; 487 zcrypt_wait_api_operational(); 488 rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype, t->clearkey, tmpbuf); 489 if (rc) 490 goto try_via_ep11; 491 rc = pkey_skey2pkey(tmpbuf, 492 protkey, protkeylen, protkeytype); 493 if (!rc) 494 goto out; 495 496 try_via_ep11: 497 /* if the CCA way also failed, let's try via EP11 */ 498 rc = pkey_clr2ep11key(t->clearkey, t->len, 499 tmpbuf, &tmpbuflen); 500 if (rc) 501 goto failure; 502 rc = pkey_ep11key2pkey(tmpbuf, tmpbuflen, 503 protkey, protkeylen, protkeytype); 504 if (!rc) 505 goto out; 506 507 failure: 508 DEBUG_ERR("%s unable to build protected key from clear", __func__); 509 510 out: 511 kfree(tmpbuf); 512 return rc; 513 } 514 515 /* Helper for pkey_nonccatok2pkey, handles ecc clear key token */ 516 static int nonccatokecc2pkey(const struct clearkeytoken *t, 517 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 518 { 519 u32 keylen; 520 int rc; 521 522 switch (t->keytype) { 523 case PKEY_KEYTYPE_ECC_P256: 524 keylen = 32; 525 break; 526 case PKEY_KEYTYPE_ECC_P384: 527 keylen = 48; 528 break; 529 case PKEY_KEYTYPE_ECC_P521: 530 keylen = 80; 531 break; 532 case PKEY_KEYTYPE_ECC_ED25519: 533 keylen = 32; 534 break; 535 case PKEY_KEYTYPE_ECC_ED448: 536 keylen = 64; 537 break; 538 default: 539 DEBUG_ERR("%s unknown/unsupported keytype %u\n", 540 __func__, t->keytype); 541 return -EINVAL; 542 } 543 544 if (t->len != keylen) { 545 DEBUG_ERR("%s non clear key ecc token: invalid key len %u\n", 546 __func__, t->len); 547 return -EINVAL; 548 } 549 550 /* only one path possible: via PCKMO instruction */ 551 rc = pkey_clr2protkey(t->keytype, t->clearkey, 552 protkey, protkeylen, protkeytype); 553 if (rc) { 554 DEBUG_ERR("%s unable to build protected key from clear", 555 __func__); 556 } 557 558 return rc; 559 } 560 561 /* 562 * Transform a non-CCA key token into a protected key 563 */ 564 static int pkey_nonccatok2pkey(const u8 *key, u32 keylen, 565 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 566 { 567 struct keytoken_header *hdr = (struct keytoken_header *)key; 568 int rc = -EINVAL; 569 570 switch (hdr->version) { 571 case TOKVER_PROTECTED_KEY: { 572 struct protaeskeytoken *t; 573 574 if (keylen != sizeof(struct protaeskeytoken)) 575 goto out; 576 t = (struct protaeskeytoken *)key; 577 rc = pkey_verifyprotkey(t->protkey, t->len, t->keytype); 578 if (rc) 579 goto out; 580 memcpy(protkey, t->protkey, t->len); 581 *protkeylen = t->len; 582 *protkeytype = t->keytype; 583 break; 584 } 585 case TOKVER_CLEAR_KEY: { 586 struct clearkeytoken *t = (struct clearkeytoken *)key; 587 588 if (keylen < sizeof(struct clearkeytoken) || 589 keylen != sizeof(*t) + t->len) 590 goto out; 591 switch (t->keytype) { 592 case PKEY_KEYTYPE_AES_128: 593 case PKEY_KEYTYPE_AES_192: 594 case PKEY_KEYTYPE_AES_256: 595 rc = nonccatokaes2pkey(t, protkey, 596 protkeylen, protkeytype); 597 break; 598 case PKEY_KEYTYPE_ECC_P256: 599 case PKEY_KEYTYPE_ECC_P384: 600 case PKEY_KEYTYPE_ECC_P521: 601 case PKEY_KEYTYPE_ECC_ED25519: 602 case PKEY_KEYTYPE_ECC_ED448: 603 rc = nonccatokecc2pkey(t, protkey, 604 protkeylen, protkeytype); 605 break; 606 default: 607 DEBUG_ERR("%s unknown/unsupported non cca clear key type %u\n", 608 __func__, t->keytype); 609 return -EINVAL; 610 } 611 break; 612 } 613 case TOKVER_EP11_AES: { 614 /* check ep11 key for exportable as protected key */ 615 rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1); 616 if (rc) 617 goto out; 618 rc = pkey_ep11key2pkey(key, keylen, 619 protkey, protkeylen, protkeytype); 620 break; 621 } 622 case TOKVER_EP11_AES_WITH_HEADER: 623 /* check ep11 key with header for exportable as protected key */ 624 rc = ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1); 625 if (rc) 626 goto out; 627 rc = pkey_ep11key2pkey(key, keylen, 628 protkey, protkeylen, protkeytype); 629 break; 630 default: 631 DEBUG_ERR("%s unknown/unsupported non-CCA token version %d\n", 632 __func__, hdr->version); 633 } 634 635 out: 636 return rc; 637 } 638 639 /* 640 * Transform a CCA internal key token into a protected key 641 */ 642 static int pkey_ccainttok2pkey(const u8 *key, u32 keylen, 643 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 644 { 645 struct keytoken_header *hdr = (struct keytoken_header *)key; 646 647 switch (hdr->version) { 648 case TOKVER_CCA_AES: 649 if (keylen != sizeof(struct secaeskeytoken)) 650 return -EINVAL; 651 break; 652 case TOKVER_CCA_VLSC: 653 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 654 return -EINVAL; 655 break; 656 default: 657 DEBUG_ERR("%s unknown/unsupported CCA internal token version %d\n", 658 __func__, hdr->version); 659 return -EINVAL; 660 } 661 662 return pkey_skey2pkey(key, protkey, protkeylen, protkeytype); 663 } 664 665 /* 666 * Transform a key blob (of any type) into a protected key 667 */ 668 int pkey_keyblob2pkey(const u8 *key, u32 keylen, 669 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 670 { 671 struct keytoken_header *hdr = (struct keytoken_header *)key; 672 int rc; 673 674 if (keylen < sizeof(struct keytoken_header)) { 675 DEBUG_ERR("%s invalid keylen %d\n", __func__, keylen); 676 return -EINVAL; 677 } 678 679 switch (hdr->type) { 680 case TOKTYPE_NON_CCA: 681 rc = pkey_nonccatok2pkey(key, keylen, 682 protkey, protkeylen, protkeytype); 683 break; 684 case TOKTYPE_CCA_INTERNAL: 685 rc = pkey_ccainttok2pkey(key, keylen, 686 protkey, protkeylen, protkeytype); 687 break; 688 default: 689 DEBUG_ERR("%s unknown/unsupported blob type %d\n", 690 __func__, hdr->type); 691 return -EINVAL; 692 } 693 694 DEBUG_DBG("%s rc=%d\n", __func__, rc); 695 return rc; 696 } 697 EXPORT_SYMBOL(pkey_keyblob2pkey); 698 699 static int pkey_genseckey2(const struct pkey_apqn *apqns, size_t nr_apqns, 700 enum pkey_key_type ktype, enum pkey_key_size ksize, 701 u32 kflags, u8 *keybuf, size_t *keybufsize) 702 { 703 int i, card, dom, rc; 704 705 /* check for at least one apqn given */ 706 if (!apqns || !nr_apqns) 707 return -EINVAL; 708 709 /* check key type and size */ 710 switch (ktype) { 711 case PKEY_TYPE_CCA_DATA: 712 case PKEY_TYPE_CCA_CIPHER: 713 if (*keybufsize < SECKEYBLOBSIZE) 714 return -EINVAL; 715 break; 716 case PKEY_TYPE_EP11: 717 if (*keybufsize < MINEP11AESKEYBLOBSIZE) 718 return -EINVAL; 719 break; 720 case PKEY_TYPE_EP11_AES: 721 if (*keybufsize < (sizeof(struct ep11kblob_header) + 722 MINEP11AESKEYBLOBSIZE)) 723 return -EINVAL; 724 break; 725 default: 726 return -EINVAL; 727 } 728 switch (ksize) { 729 case PKEY_SIZE_AES_128: 730 case PKEY_SIZE_AES_192: 731 case PKEY_SIZE_AES_256: 732 break; 733 default: 734 return -EINVAL; 735 } 736 737 /* simple try all apqns from the list */ 738 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 739 card = apqns[i].card; 740 dom = apqns[i].domain; 741 if (ktype == PKEY_TYPE_EP11 || 742 ktype == PKEY_TYPE_EP11_AES) { 743 rc = ep11_genaeskey(card, dom, ksize, kflags, 744 keybuf, keybufsize, ktype); 745 } else if (ktype == PKEY_TYPE_CCA_DATA) { 746 rc = cca_genseckey(card, dom, ksize, keybuf); 747 *keybufsize = (rc ? 0 : SECKEYBLOBSIZE); 748 } else { 749 /* TOKVER_CCA_VLSC */ 750 rc = cca_gencipherkey(card, dom, ksize, kflags, 751 keybuf, keybufsize); 752 } 753 if (rc == 0) 754 break; 755 } 756 757 return rc; 758 } 759 760 static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns, 761 enum pkey_key_type ktype, enum pkey_key_size ksize, 762 u32 kflags, const u8 *clrkey, 763 u8 *keybuf, size_t *keybufsize) 764 { 765 int i, card, dom, rc; 766 767 /* check for at least one apqn given */ 768 if (!apqns || !nr_apqns) 769 return -EINVAL; 770 771 /* check key type and size */ 772 switch (ktype) { 773 case PKEY_TYPE_CCA_DATA: 774 case PKEY_TYPE_CCA_CIPHER: 775 if (*keybufsize < SECKEYBLOBSIZE) 776 return -EINVAL; 777 break; 778 case PKEY_TYPE_EP11: 779 if (*keybufsize < MINEP11AESKEYBLOBSIZE) 780 return -EINVAL; 781 break; 782 case PKEY_TYPE_EP11_AES: 783 if (*keybufsize < (sizeof(struct ep11kblob_header) + 784 MINEP11AESKEYBLOBSIZE)) 785 return -EINVAL; 786 break; 787 default: 788 return -EINVAL; 789 } 790 switch (ksize) { 791 case PKEY_SIZE_AES_128: 792 case PKEY_SIZE_AES_192: 793 case PKEY_SIZE_AES_256: 794 break; 795 default: 796 return -EINVAL; 797 } 798 799 zcrypt_wait_api_operational(); 800 801 /* simple try all apqns from the list */ 802 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 803 card = apqns[i].card; 804 dom = apqns[i].domain; 805 if (ktype == PKEY_TYPE_EP11 || 806 ktype == PKEY_TYPE_EP11_AES) { 807 rc = ep11_clr2keyblob(card, dom, ksize, kflags, 808 clrkey, keybuf, keybufsize, 809 ktype); 810 } else if (ktype == PKEY_TYPE_CCA_DATA) { 811 rc = cca_clr2seckey(card, dom, ksize, 812 clrkey, keybuf); 813 *keybufsize = (rc ? 0 : SECKEYBLOBSIZE); 814 } else { 815 /* TOKVER_CCA_VLSC */ 816 rc = cca_clr2cipherkey(card, dom, ksize, kflags, 817 clrkey, keybuf, keybufsize); 818 } 819 if (rc == 0) 820 break; 821 } 822 823 return rc; 824 } 825 826 static int pkey_verifykey2(const u8 *key, size_t keylen, 827 u16 *cardnr, u16 *domain, 828 enum pkey_key_type *ktype, 829 enum pkey_key_size *ksize, u32 *flags) 830 { 831 struct keytoken_header *hdr = (struct keytoken_header *)key; 832 u32 _nr_apqns, *_apqns = NULL; 833 int rc; 834 835 if (keylen < sizeof(struct keytoken_header)) 836 return -EINVAL; 837 838 if (hdr->type == TOKTYPE_CCA_INTERNAL && 839 hdr->version == TOKVER_CCA_AES) { 840 struct secaeskeytoken *t = (struct secaeskeytoken *)key; 841 842 rc = cca_check_secaeskeytoken(debug_info, 3, key, 0); 843 if (rc) 844 goto out; 845 if (ktype) 846 *ktype = PKEY_TYPE_CCA_DATA; 847 if (ksize) 848 *ksize = (enum pkey_key_size)t->bitsize; 849 850 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 851 ZCRYPT_CEX3C, AES_MK_SET, t->mkvp, 0, 1); 852 if (rc == 0 && flags) 853 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 854 if (rc == -ENODEV) { 855 rc = cca_findcard2(&_apqns, &_nr_apqns, 856 *cardnr, *domain, 857 ZCRYPT_CEX3C, AES_MK_SET, 858 0, t->mkvp, 1); 859 if (rc == 0 && flags) 860 *flags = PKEY_FLAGS_MATCH_ALT_MKVP; 861 } 862 if (rc) 863 goto out; 864 865 *cardnr = ((struct pkey_apqn *)_apqns)->card; 866 *domain = ((struct pkey_apqn *)_apqns)->domain; 867 868 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && 869 hdr->version == TOKVER_CCA_VLSC) { 870 struct cipherkeytoken *t = (struct cipherkeytoken *)key; 871 872 rc = cca_check_secaescipherkey(debug_info, 3, key, 0, 1); 873 if (rc) 874 goto out; 875 if (ktype) 876 *ktype = PKEY_TYPE_CCA_CIPHER; 877 if (ksize) { 878 *ksize = PKEY_SIZE_UNKNOWN; 879 if (!t->plfver && t->wpllen == 512) 880 *ksize = PKEY_SIZE_AES_128; 881 else if (!t->plfver && t->wpllen == 576) 882 *ksize = PKEY_SIZE_AES_192; 883 else if (!t->plfver && t->wpllen == 640) 884 *ksize = PKEY_SIZE_AES_256; 885 } 886 887 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 888 ZCRYPT_CEX6, AES_MK_SET, t->mkvp0, 0, 1); 889 if (rc == 0 && flags) 890 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 891 if (rc == -ENODEV) { 892 rc = cca_findcard2(&_apqns, &_nr_apqns, 893 *cardnr, *domain, 894 ZCRYPT_CEX6, AES_MK_SET, 895 0, t->mkvp0, 1); 896 if (rc == 0 && flags) 897 *flags = PKEY_FLAGS_MATCH_ALT_MKVP; 898 } 899 if (rc) 900 goto out; 901 902 *cardnr = ((struct pkey_apqn *)_apqns)->card; 903 *domain = ((struct pkey_apqn *)_apqns)->domain; 904 905 } else if (hdr->type == TOKTYPE_NON_CCA && 906 hdr->version == TOKVER_EP11_AES) { 907 struct ep11keyblob *kb = (struct ep11keyblob *)key; 908 int api; 909 910 rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1); 911 if (rc) 912 goto out; 913 if (ktype) 914 *ktype = PKEY_TYPE_EP11; 915 if (ksize) 916 *ksize = kb->head.bitlen; 917 918 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 919 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 920 ZCRYPT_CEX7, api, 921 ep11_kb_wkvp(key, keylen)); 922 if (rc) 923 goto out; 924 925 if (flags) 926 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 927 928 *cardnr = ((struct pkey_apqn *)_apqns)->card; 929 *domain = ((struct pkey_apqn *)_apqns)->domain; 930 931 } else if (hdr->type == TOKTYPE_NON_CCA && 932 hdr->version == TOKVER_EP11_AES_WITH_HEADER) { 933 struct ep11kblob_header *kh = (struct ep11kblob_header *)key; 934 int api; 935 936 rc = ep11_check_aes_key_with_hdr(debug_info, 3, 937 key, keylen, 1); 938 if (rc) 939 goto out; 940 if (ktype) 941 *ktype = PKEY_TYPE_EP11_AES; 942 if (ksize) 943 *ksize = kh->bitlen; 944 945 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 946 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 947 ZCRYPT_CEX7, api, 948 ep11_kb_wkvp(key, keylen)); 949 if (rc) 950 goto out; 951 952 if (flags) 953 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 954 955 *cardnr = ((struct pkey_apqn *)_apqns)->card; 956 *domain = ((struct pkey_apqn *)_apqns)->domain; 957 } else { 958 rc = -EINVAL; 959 } 960 961 out: 962 kfree(_apqns); 963 return rc; 964 } 965 966 static int pkey_keyblob2pkey2(const struct pkey_apqn *apqns, size_t nr_apqns, 967 const u8 *key, size_t keylen, 968 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 969 { 970 struct keytoken_header *hdr = (struct keytoken_header *)key; 971 int i, card, dom, rc; 972 973 /* check for at least one apqn given */ 974 if (!apqns || !nr_apqns) 975 return -EINVAL; 976 977 if (keylen < sizeof(struct keytoken_header)) 978 return -EINVAL; 979 980 if (hdr->type == TOKTYPE_CCA_INTERNAL) { 981 if (hdr->version == TOKVER_CCA_AES) { 982 if (keylen != sizeof(struct secaeskeytoken)) 983 return -EINVAL; 984 if (cca_check_secaeskeytoken(debug_info, 3, key, 0)) 985 return -EINVAL; 986 } else if (hdr->version == TOKVER_CCA_VLSC) { 987 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 988 return -EINVAL; 989 if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1)) 990 return -EINVAL; 991 } else { 992 DEBUG_ERR("%s unknown CCA internal token version %d\n", 993 __func__, hdr->version); 994 return -EINVAL; 995 } 996 } else if (hdr->type == TOKTYPE_NON_CCA) { 997 if (hdr->version == TOKVER_EP11_AES) { 998 if (ep11_check_aes_key(debug_info, 3, key, keylen, 1)) 999 return -EINVAL; 1000 } else if (hdr->version == TOKVER_EP11_AES_WITH_HEADER) { 1001 if (ep11_check_aes_key_with_hdr(debug_info, 3, 1002 key, keylen, 1)) 1003 return -EINVAL; 1004 } else { 1005 return pkey_nonccatok2pkey(key, keylen, 1006 protkey, protkeylen, 1007 protkeytype); 1008 } 1009 } else { 1010 DEBUG_ERR("%s unknown/unsupported blob type %d\n", 1011 __func__, hdr->type); 1012 return -EINVAL; 1013 } 1014 1015 zcrypt_wait_api_operational(); 1016 1017 /* simple try all apqns from the list */ 1018 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 1019 card = apqns[i].card; 1020 dom = apqns[i].domain; 1021 if (hdr->type == TOKTYPE_CCA_INTERNAL && 1022 hdr->version == TOKVER_CCA_AES) { 1023 rc = cca_sec2protkey(card, dom, key, 1024 protkey, protkeylen, protkeytype); 1025 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1026 hdr->version == TOKVER_CCA_VLSC) { 1027 rc = cca_cipher2protkey(card, dom, key, 1028 protkey, protkeylen, 1029 protkeytype); 1030 } else { 1031 rc = ep11_kblob2protkey(card, dom, key, keylen, 1032 protkey, protkeylen, 1033 protkeytype); 1034 } 1035 if (rc == 0) 1036 break; 1037 } 1038 1039 return rc; 1040 } 1041 1042 static int pkey_apqns4key(const u8 *key, size_t keylen, u32 flags, 1043 struct pkey_apqn *apqns, size_t *nr_apqns) 1044 { 1045 struct keytoken_header *hdr = (struct keytoken_header *)key; 1046 u32 _nr_apqns, *_apqns = NULL; 1047 int rc; 1048 1049 if (keylen < sizeof(struct keytoken_header) || flags == 0) 1050 return -EINVAL; 1051 1052 zcrypt_wait_api_operational(); 1053 1054 if (hdr->type == TOKTYPE_NON_CCA && 1055 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || 1056 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && 1057 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1058 struct ep11keyblob *kb = (struct ep11keyblob *) 1059 (key + sizeof(struct ep11kblob_header)); 1060 int minhwtype = 0, api = 0; 1061 1062 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 1063 return -EINVAL; 1064 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 1065 minhwtype = ZCRYPT_CEX7; 1066 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1067 } 1068 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1069 minhwtype, api, kb->wkvp); 1070 if (rc) 1071 goto out; 1072 } else if (hdr->type == TOKTYPE_NON_CCA && 1073 hdr->version == TOKVER_EP11_AES && 1074 is_ep11_keyblob(key)) { 1075 struct ep11keyblob *kb = (struct ep11keyblob *)key; 1076 int minhwtype = 0, api = 0; 1077 1078 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 1079 return -EINVAL; 1080 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 1081 minhwtype = ZCRYPT_CEX7; 1082 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1083 } 1084 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1085 minhwtype, api, kb->wkvp); 1086 if (rc) 1087 goto out; 1088 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { 1089 u64 cur_mkvp = 0, old_mkvp = 0; 1090 int minhwtype = ZCRYPT_CEX3C; 1091 1092 if (hdr->version == TOKVER_CCA_AES) { 1093 struct secaeskeytoken *t = (struct secaeskeytoken *)key; 1094 1095 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1096 cur_mkvp = t->mkvp; 1097 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1098 old_mkvp = t->mkvp; 1099 } else if (hdr->version == TOKVER_CCA_VLSC) { 1100 struct cipherkeytoken *t = (struct cipherkeytoken *)key; 1101 1102 minhwtype = ZCRYPT_CEX6; 1103 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1104 cur_mkvp = t->mkvp0; 1105 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1106 old_mkvp = t->mkvp0; 1107 } else { 1108 /* unknown cca internal token type */ 1109 return -EINVAL; 1110 } 1111 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1112 minhwtype, AES_MK_SET, 1113 cur_mkvp, old_mkvp, 1); 1114 if (rc) 1115 goto out; 1116 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { 1117 struct eccprivkeytoken *t = (struct eccprivkeytoken *)key; 1118 u64 cur_mkvp = 0, old_mkvp = 0; 1119 1120 if (t->secid == 0x20) { 1121 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1122 cur_mkvp = t->mkvp; 1123 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1124 old_mkvp = t->mkvp; 1125 } else { 1126 /* unknown cca internal 2 token type */ 1127 return -EINVAL; 1128 } 1129 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1130 ZCRYPT_CEX7, APKA_MK_SET, 1131 cur_mkvp, old_mkvp, 1); 1132 if (rc) 1133 goto out; 1134 } else { 1135 return -EINVAL; 1136 } 1137 1138 if (apqns) { 1139 if (*nr_apqns < _nr_apqns) 1140 rc = -ENOSPC; 1141 else 1142 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 1143 } 1144 *nr_apqns = _nr_apqns; 1145 1146 out: 1147 kfree(_apqns); 1148 return rc; 1149 } 1150 1151 static int pkey_apqns4keytype(enum pkey_key_type ktype, 1152 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 1153 struct pkey_apqn *apqns, size_t *nr_apqns) 1154 { 1155 u32 _nr_apqns, *_apqns = NULL; 1156 int rc; 1157 1158 zcrypt_wait_api_operational(); 1159 1160 if (ktype == PKEY_TYPE_CCA_DATA || ktype == PKEY_TYPE_CCA_CIPHER) { 1161 u64 cur_mkvp = 0, old_mkvp = 0; 1162 int minhwtype = ZCRYPT_CEX3C; 1163 1164 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1165 cur_mkvp = *((u64 *)cur_mkvp); 1166 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1167 old_mkvp = *((u64 *)alt_mkvp); 1168 if (ktype == PKEY_TYPE_CCA_CIPHER) 1169 minhwtype = ZCRYPT_CEX6; 1170 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1171 minhwtype, AES_MK_SET, 1172 cur_mkvp, old_mkvp, 1); 1173 if (rc) 1174 goto out; 1175 } else if (ktype == PKEY_TYPE_CCA_ECC) { 1176 u64 cur_mkvp = 0, old_mkvp = 0; 1177 1178 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1179 cur_mkvp = *((u64 *)cur_mkvp); 1180 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1181 old_mkvp = *((u64 *)alt_mkvp); 1182 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1183 ZCRYPT_CEX7, APKA_MK_SET, 1184 cur_mkvp, old_mkvp, 1); 1185 if (rc) 1186 goto out; 1187 1188 } else if (ktype == PKEY_TYPE_EP11 || 1189 ktype == PKEY_TYPE_EP11_AES || 1190 ktype == PKEY_TYPE_EP11_ECC) { 1191 u8 *wkvp = NULL; 1192 int api; 1193 1194 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1195 wkvp = cur_mkvp; 1196 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1197 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1198 ZCRYPT_CEX7, api, wkvp); 1199 if (rc) 1200 goto out; 1201 1202 } else { 1203 return -EINVAL; 1204 } 1205 1206 if (apqns) { 1207 if (*nr_apqns < _nr_apqns) 1208 rc = -ENOSPC; 1209 else 1210 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 1211 } 1212 *nr_apqns = _nr_apqns; 1213 1214 out: 1215 kfree(_apqns); 1216 return rc; 1217 } 1218 1219 static int pkey_keyblob2pkey3(const struct pkey_apqn *apqns, size_t nr_apqns, 1220 const u8 *key, size_t keylen, 1221 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 1222 { 1223 struct keytoken_header *hdr = (struct keytoken_header *)key; 1224 int i, card, dom, rc; 1225 1226 /* check for at least one apqn given */ 1227 if (!apqns || !nr_apqns) 1228 return -EINVAL; 1229 1230 if (keylen < sizeof(struct keytoken_header)) 1231 return -EINVAL; 1232 1233 if (hdr->type == TOKTYPE_NON_CCA && 1234 hdr->version == TOKVER_EP11_AES_WITH_HEADER && 1235 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1236 /* EP11 AES key blob with header */ 1237 if (ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1)) 1238 return -EINVAL; 1239 } else if (hdr->type == TOKTYPE_NON_CCA && 1240 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && 1241 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1242 /* EP11 ECC key blob with header */ 1243 if (ep11_check_ecc_key_with_hdr(debug_info, 3, key, keylen, 1)) 1244 return -EINVAL; 1245 } else if (hdr->type == TOKTYPE_NON_CCA && 1246 hdr->version == TOKVER_EP11_AES && 1247 is_ep11_keyblob(key)) { 1248 /* EP11 AES key blob with header in session field */ 1249 if (ep11_check_aes_key(debug_info, 3, key, keylen, 1)) 1250 return -EINVAL; 1251 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { 1252 if (hdr->version == TOKVER_CCA_AES) { 1253 /* CCA AES data key */ 1254 if (keylen != sizeof(struct secaeskeytoken)) 1255 return -EINVAL; 1256 if (cca_check_secaeskeytoken(debug_info, 3, key, 0)) 1257 return -EINVAL; 1258 } else if (hdr->version == TOKVER_CCA_VLSC) { 1259 /* CCA AES cipher key */ 1260 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 1261 return -EINVAL; 1262 if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1)) 1263 return -EINVAL; 1264 } else { 1265 DEBUG_ERR("%s unknown CCA internal token version %d\n", 1266 __func__, hdr->version); 1267 return -EINVAL; 1268 } 1269 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { 1270 /* CCA ECC (private) key */ 1271 if (keylen < sizeof(struct eccprivkeytoken)) 1272 return -EINVAL; 1273 if (cca_check_sececckeytoken(debug_info, 3, key, keylen, 1)) 1274 return -EINVAL; 1275 } else if (hdr->type == TOKTYPE_NON_CCA) { 1276 return pkey_nonccatok2pkey(key, keylen, 1277 protkey, protkeylen, protkeytype); 1278 } else { 1279 DEBUG_ERR("%s unknown/unsupported blob type %d\n", 1280 __func__, hdr->type); 1281 return -EINVAL; 1282 } 1283 1284 /* simple try all apqns from the list */ 1285 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 1286 card = apqns[i].card; 1287 dom = apqns[i].domain; 1288 if (hdr->type == TOKTYPE_NON_CCA && 1289 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || 1290 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && 1291 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) 1292 rc = ep11_kblob2protkey(card, dom, key, hdr->len, 1293 protkey, protkeylen, 1294 protkeytype); 1295 else if (hdr->type == TOKTYPE_NON_CCA && 1296 hdr->version == TOKVER_EP11_AES && 1297 is_ep11_keyblob(key)) 1298 rc = ep11_kblob2protkey(card, dom, key, hdr->len, 1299 protkey, protkeylen, 1300 protkeytype); 1301 else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1302 hdr->version == TOKVER_CCA_AES) 1303 rc = cca_sec2protkey(card, dom, key, protkey, 1304 protkeylen, protkeytype); 1305 else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1306 hdr->version == TOKVER_CCA_VLSC) 1307 rc = cca_cipher2protkey(card, dom, key, protkey, 1308 protkeylen, protkeytype); 1309 else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) 1310 rc = cca_ecc2protkey(card, dom, key, protkey, 1311 protkeylen, protkeytype); 1312 else 1313 return -EINVAL; 1314 } 1315 1316 return rc; 1317 } 1318 1319 /* 1320 * File io functions 1321 */ 1322 1323 static void *_copy_key_from_user(void __user *ukey, size_t keylen) 1324 { 1325 if (!ukey || keylen < MINKEYBLOBBUFSIZE || keylen > KEYBLOBBUFSIZE) 1326 return ERR_PTR(-EINVAL); 1327 1328 return memdup_user(ukey, keylen); 1329 } 1330 1331 static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns) 1332 { 1333 if (!uapqns || nr_apqns == 0) 1334 return NULL; 1335 1336 return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn)); 1337 } 1338 1339 static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, 1340 unsigned long arg) 1341 { 1342 int rc; 1343 1344 switch (cmd) { 1345 case PKEY_GENSECK: { 1346 struct pkey_genseck __user *ugs = (void __user *)arg; 1347 struct pkey_genseck kgs; 1348 1349 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 1350 return -EFAULT; 1351 rc = cca_genseckey(kgs.cardnr, kgs.domain, 1352 kgs.keytype, kgs.seckey.seckey); 1353 DEBUG_DBG("%s cca_genseckey()=%d\n", __func__, rc); 1354 if (rc) 1355 break; 1356 if (copy_to_user(ugs, &kgs, sizeof(kgs))) 1357 return -EFAULT; 1358 break; 1359 } 1360 case PKEY_CLR2SECK: { 1361 struct pkey_clr2seck __user *ucs = (void __user *)arg; 1362 struct pkey_clr2seck kcs; 1363 1364 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 1365 return -EFAULT; 1366 rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype, 1367 kcs.clrkey.clrkey, kcs.seckey.seckey); 1368 DEBUG_DBG("%s cca_clr2seckey()=%d\n", __func__, rc); 1369 if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs))) 1370 rc = -EFAULT; 1371 memzero_explicit(&kcs, sizeof(kcs)); 1372 break; 1373 } 1374 case PKEY_SEC2PROTK: { 1375 struct pkey_sec2protk __user *usp = (void __user *)arg; 1376 struct pkey_sec2protk ksp; 1377 1378 if (copy_from_user(&ksp, usp, sizeof(ksp))) 1379 return -EFAULT; 1380 ksp.protkey.len = sizeof(ksp.protkey.protkey); 1381 rc = cca_sec2protkey(ksp.cardnr, ksp.domain, 1382 ksp.seckey.seckey, ksp.protkey.protkey, 1383 &ksp.protkey.len, &ksp.protkey.type); 1384 DEBUG_DBG("%s cca_sec2protkey()=%d\n", __func__, rc); 1385 if (rc) 1386 break; 1387 if (copy_to_user(usp, &ksp, sizeof(ksp))) 1388 return -EFAULT; 1389 break; 1390 } 1391 case PKEY_CLR2PROTK: { 1392 struct pkey_clr2protk __user *ucp = (void __user *)arg; 1393 struct pkey_clr2protk kcp; 1394 1395 if (copy_from_user(&kcp, ucp, sizeof(kcp))) 1396 return -EFAULT; 1397 kcp.protkey.len = sizeof(kcp.protkey.protkey); 1398 rc = pkey_clr2protkey(kcp.keytype, kcp.clrkey.clrkey, 1399 kcp.protkey.protkey, 1400 &kcp.protkey.len, &kcp.protkey.type); 1401 DEBUG_DBG("%s pkey_clr2protkey()=%d\n", __func__, rc); 1402 if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp))) 1403 rc = -EFAULT; 1404 memzero_explicit(&kcp, sizeof(kcp)); 1405 break; 1406 } 1407 case PKEY_FINDCARD: { 1408 struct pkey_findcard __user *ufc = (void __user *)arg; 1409 struct pkey_findcard kfc; 1410 1411 if (copy_from_user(&kfc, ufc, sizeof(kfc))) 1412 return -EFAULT; 1413 rc = cca_findcard(kfc.seckey.seckey, 1414 &kfc.cardnr, &kfc.domain, 1); 1415 DEBUG_DBG("%s cca_findcard()=%d\n", __func__, rc); 1416 if (rc < 0) 1417 break; 1418 if (copy_to_user(ufc, &kfc, sizeof(kfc))) 1419 return -EFAULT; 1420 break; 1421 } 1422 case PKEY_SKEY2PKEY: { 1423 struct pkey_skey2pkey __user *usp = (void __user *)arg; 1424 struct pkey_skey2pkey ksp; 1425 1426 if (copy_from_user(&ksp, usp, sizeof(ksp))) 1427 return -EFAULT; 1428 ksp.protkey.len = sizeof(ksp.protkey.protkey); 1429 rc = pkey_skey2pkey(ksp.seckey.seckey, ksp.protkey.protkey, 1430 &ksp.protkey.len, &ksp.protkey.type); 1431 DEBUG_DBG("%s pkey_skey2pkey()=%d\n", __func__, rc); 1432 if (rc) 1433 break; 1434 if (copy_to_user(usp, &ksp, sizeof(ksp))) 1435 return -EFAULT; 1436 break; 1437 } 1438 case PKEY_VERIFYKEY: { 1439 struct pkey_verifykey __user *uvk = (void __user *)arg; 1440 struct pkey_verifykey kvk; 1441 1442 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 1443 return -EFAULT; 1444 rc = pkey_verifykey(&kvk.seckey, &kvk.cardnr, &kvk.domain, 1445 &kvk.keysize, &kvk.attributes); 1446 DEBUG_DBG("%s pkey_verifykey()=%d\n", __func__, rc); 1447 if (rc) 1448 break; 1449 if (copy_to_user(uvk, &kvk, sizeof(kvk))) 1450 return -EFAULT; 1451 break; 1452 } 1453 case PKEY_GENPROTK: { 1454 struct pkey_genprotk __user *ugp = (void __user *)arg; 1455 struct pkey_genprotk kgp; 1456 1457 if (copy_from_user(&kgp, ugp, sizeof(kgp))) 1458 return -EFAULT; 1459 kgp.protkey.len = sizeof(kgp.protkey.protkey); 1460 rc = pkey_genprotkey(kgp.keytype, kgp.protkey.protkey, 1461 &kgp.protkey.len, &kgp.protkey.type); 1462 DEBUG_DBG("%s pkey_genprotkey()=%d\n", __func__, rc); 1463 if (rc) 1464 break; 1465 if (copy_to_user(ugp, &kgp, sizeof(kgp))) 1466 return -EFAULT; 1467 break; 1468 } 1469 case PKEY_VERIFYPROTK: { 1470 struct pkey_verifyprotk __user *uvp = (void __user *)arg; 1471 struct pkey_verifyprotk kvp; 1472 1473 if (copy_from_user(&kvp, uvp, sizeof(kvp))) 1474 return -EFAULT; 1475 rc = pkey_verifyprotkey(kvp.protkey.protkey, 1476 kvp.protkey.len, kvp.protkey.type); 1477 DEBUG_DBG("%s pkey_verifyprotkey()=%d\n", __func__, rc); 1478 break; 1479 } 1480 case PKEY_KBLOB2PROTK: { 1481 struct pkey_kblob2pkey __user *utp = (void __user *)arg; 1482 struct pkey_kblob2pkey ktp; 1483 u8 *kkey; 1484 1485 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1486 return -EFAULT; 1487 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1488 if (IS_ERR(kkey)) 1489 return PTR_ERR(kkey); 1490 ktp.protkey.len = sizeof(ktp.protkey.protkey); 1491 rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey, 1492 &ktp.protkey.len, &ktp.protkey.type); 1493 DEBUG_DBG("%s pkey_keyblob2pkey()=%d\n", __func__, rc); 1494 memzero_explicit(kkey, ktp.keylen); 1495 kfree(kkey); 1496 if (rc) 1497 break; 1498 if (copy_to_user(utp, &ktp, sizeof(ktp))) 1499 return -EFAULT; 1500 break; 1501 } 1502 case PKEY_GENSECK2: { 1503 struct pkey_genseck2 __user *ugs = (void __user *)arg; 1504 size_t klen = KEYBLOBBUFSIZE; 1505 struct pkey_genseck2 kgs; 1506 struct pkey_apqn *apqns; 1507 u8 *kkey; 1508 1509 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 1510 return -EFAULT; 1511 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries); 1512 if (IS_ERR(apqns)) 1513 return PTR_ERR(apqns); 1514 kkey = kzalloc(klen, GFP_KERNEL); 1515 if (!kkey) { 1516 kfree(apqns); 1517 return -ENOMEM; 1518 } 1519 rc = pkey_genseckey2(apqns, kgs.apqn_entries, 1520 kgs.type, kgs.size, kgs.keygenflags, 1521 kkey, &klen); 1522 DEBUG_DBG("%s pkey_genseckey2()=%d\n", __func__, rc); 1523 kfree(apqns); 1524 if (rc) { 1525 kfree(kkey); 1526 break; 1527 } 1528 if (kgs.key) { 1529 if (kgs.keylen < klen) { 1530 kfree(kkey); 1531 return -EINVAL; 1532 } 1533 if (copy_to_user(kgs.key, kkey, klen)) { 1534 kfree(kkey); 1535 return -EFAULT; 1536 } 1537 } 1538 kgs.keylen = klen; 1539 if (copy_to_user(ugs, &kgs, sizeof(kgs))) 1540 rc = -EFAULT; 1541 kfree(kkey); 1542 break; 1543 } 1544 case PKEY_CLR2SECK2: { 1545 struct pkey_clr2seck2 __user *ucs = (void __user *)arg; 1546 size_t klen = KEYBLOBBUFSIZE; 1547 struct pkey_clr2seck2 kcs; 1548 struct pkey_apqn *apqns; 1549 u8 *kkey; 1550 1551 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 1552 return -EFAULT; 1553 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); 1554 if (IS_ERR(apqns)) { 1555 memzero_explicit(&kcs, sizeof(kcs)); 1556 return PTR_ERR(apqns); 1557 } 1558 kkey = kzalloc(klen, GFP_KERNEL); 1559 if (!kkey) { 1560 kfree(apqns); 1561 memzero_explicit(&kcs, sizeof(kcs)); 1562 return -ENOMEM; 1563 } 1564 rc = pkey_clr2seckey2(apqns, kcs.apqn_entries, 1565 kcs.type, kcs.size, kcs.keygenflags, 1566 kcs.clrkey.clrkey, kkey, &klen); 1567 DEBUG_DBG("%s pkey_clr2seckey2()=%d\n", __func__, rc); 1568 kfree(apqns); 1569 if (rc) { 1570 kfree(kkey); 1571 memzero_explicit(&kcs, sizeof(kcs)); 1572 break; 1573 } 1574 if (kcs.key) { 1575 if (kcs.keylen < klen) { 1576 kfree(kkey); 1577 memzero_explicit(&kcs, sizeof(kcs)); 1578 return -EINVAL; 1579 } 1580 if (copy_to_user(kcs.key, kkey, klen)) { 1581 kfree(kkey); 1582 memzero_explicit(&kcs, sizeof(kcs)); 1583 return -EFAULT; 1584 } 1585 } 1586 kcs.keylen = klen; 1587 if (copy_to_user(ucs, &kcs, sizeof(kcs))) 1588 rc = -EFAULT; 1589 memzero_explicit(&kcs, sizeof(kcs)); 1590 kfree(kkey); 1591 break; 1592 } 1593 case PKEY_VERIFYKEY2: { 1594 struct pkey_verifykey2 __user *uvk = (void __user *)arg; 1595 struct pkey_verifykey2 kvk; 1596 u8 *kkey; 1597 1598 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 1599 return -EFAULT; 1600 kkey = _copy_key_from_user(kvk.key, kvk.keylen); 1601 if (IS_ERR(kkey)) 1602 return PTR_ERR(kkey); 1603 rc = pkey_verifykey2(kkey, kvk.keylen, 1604 &kvk.cardnr, &kvk.domain, 1605 &kvk.type, &kvk.size, &kvk.flags); 1606 DEBUG_DBG("%s pkey_verifykey2()=%d\n", __func__, rc); 1607 kfree(kkey); 1608 if (rc) 1609 break; 1610 if (copy_to_user(uvk, &kvk, sizeof(kvk))) 1611 return -EFAULT; 1612 break; 1613 } 1614 case PKEY_KBLOB2PROTK2: { 1615 struct pkey_kblob2pkey2 __user *utp = (void __user *)arg; 1616 struct pkey_apqn *apqns = NULL; 1617 struct pkey_kblob2pkey2 ktp; 1618 u8 *kkey; 1619 1620 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1621 return -EFAULT; 1622 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries); 1623 if (IS_ERR(apqns)) 1624 return PTR_ERR(apqns); 1625 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1626 if (IS_ERR(kkey)) { 1627 kfree(apqns); 1628 return PTR_ERR(kkey); 1629 } 1630 ktp.protkey.len = sizeof(ktp.protkey.protkey); 1631 rc = pkey_keyblob2pkey2(apqns, ktp.apqn_entries, 1632 kkey, ktp.keylen, 1633 ktp.protkey.protkey, &ktp.protkey.len, 1634 &ktp.protkey.type); 1635 DEBUG_DBG("%s pkey_keyblob2pkey2()=%d\n", __func__, rc); 1636 kfree(apqns); 1637 memzero_explicit(kkey, ktp.keylen); 1638 kfree(kkey); 1639 if (rc) 1640 break; 1641 if (copy_to_user(utp, &ktp, sizeof(ktp))) 1642 return -EFAULT; 1643 break; 1644 } 1645 case PKEY_APQNS4K: { 1646 struct pkey_apqns4key __user *uak = (void __user *)arg; 1647 struct pkey_apqn *apqns = NULL; 1648 struct pkey_apqns4key kak; 1649 size_t nr_apqns, len; 1650 u8 *kkey; 1651 1652 if (copy_from_user(&kak, uak, sizeof(kak))) 1653 return -EFAULT; 1654 nr_apqns = kak.apqn_entries; 1655 if (nr_apqns) { 1656 apqns = kmalloc_array(nr_apqns, 1657 sizeof(struct pkey_apqn), 1658 GFP_KERNEL); 1659 if (!apqns) 1660 return -ENOMEM; 1661 } 1662 kkey = _copy_key_from_user(kak.key, kak.keylen); 1663 if (IS_ERR(kkey)) { 1664 kfree(apqns); 1665 return PTR_ERR(kkey); 1666 } 1667 rc = pkey_apqns4key(kkey, kak.keylen, kak.flags, 1668 apqns, &nr_apqns); 1669 DEBUG_DBG("%s pkey_apqns4key()=%d\n", __func__, rc); 1670 kfree(kkey); 1671 if (rc && rc != -ENOSPC) { 1672 kfree(apqns); 1673 break; 1674 } 1675 if (!rc && kak.apqns) { 1676 if (nr_apqns > kak.apqn_entries) { 1677 kfree(apqns); 1678 return -EINVAL; 1679 } 1680 len = nr_apqns * sizeof(struct pkey_apqn); 1681 if (len) { 1682 if (copy_to_user(kak.apqns, apqns, len)) { 1683 kfree(apqns); 1684 return -EFAULT; 1685 } 1686 } 1687 } 1688 kak.apqn_entries = nr_apqns; 1689 if (copy_to_user(uak, &kak, sizeof(kak))) 1690 rc = -EFAULT; 1691 kfree(apqns); 1692 break; 1693 } 1694 case PKEY_APQNS4KT: { 1695 struct pkey_apqns4keytype __user *uat = (void __user *)arg; 1696 struct pkey_apqn *apqns = NULL; 1697 struct pkey_apqns4keytype kat; 1698 size_t nr_apqns, len; 1699 1700 if (copy_from_user(&kat, uat, sizeof(kat))) 1701 return -EFAULT; 1702 nr_apqns = kat.apqn_entries; 1703 if (nr_apqns) { 1704 apqns = kmalloc_array(nr_apqns, 1705 sizeof(struct pkey_apqn), 1706 GFP_KERNEL); 1707 if (!apqns) 1708 return -ENOMEM; 1709 } 1710 rc = pkey_apqns4keytype(kat.type, kat.cur_mkvp, kat.alt_mkvp, 1711 kat.flags, apqns, &nr_apqns); 1712 DEBUG_DBG("%s pkey_apqns4keytype()=%d\n", __func__, rc); 1713 if (rc && rc != -ENOSPC) { 1714 kfree(apqns); 1715 break; 1716 } 1717 if (!rc && kat.apqns) { 1718 if (nr_apqns > kat.apqn_entries) { 1719 kfree(apqns); 1720 return -EINVAL; 1721 } 1722 len = nr_apqns * sizeof(struct pkey_apqn); 1723 if (len) { 1724 if (copy_to_user(kat.apqns, apqns, len)) { 1725 kfree(apqns); 1726 return -EFAULT; 1727 } 1728 } 1729 } 1730 kat.apqn_entries = nr_apqns; 1731 if (copy_to_user(uat, &kat, sizeof(kat))) 1732 rc = -EFAULT; 1733 kfree(apqns); 1734 break; 1735 } 1736 case PKEY_KBLOB2PROTK3: { 1737 struct pkey_kblob2pkey3 __user *utp = (void __user *)arg; 1738 u32 protkeylen = PROTKEYBLOBBUFSIZE; 1739 struct pkey_apqn *apqns = NULL; 1740 struct pkey_kblob2pkey3 ktp; 1741 u8 *kkey, *protkey; 1742 1743 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1744 return -EFAULT; 1745 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries); 1746 if (IS_ERR(apqns)) 1747 return PTR_ERR(apqns); 1748 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1749 if (IS_ERR(kkey)) { 1750 kfree(apqns); 1751 return PTR_ERR(kkey); 1752 } 1753 protkey = kmalloc(protkeylen, GFP_KERNEL); 1754 if (!protkey) { 1755 kfree(apqns); 1756 kfree(kkey); 1757 return -ENOMEM; 1758 } 1759 rc = pkey_keyblob2pkey3(apqns, ktp.apqn_entries, 1760 kkey, ktp.keylen, 1761 protkey, &protkeylen, &ktp.pkeytype); 1762 DEBUG_DBG("%s pkey_keyblob2pkey3()=%d\n", __func__, rc); 1763 kfree(apqns); 1764 memzero_explicit(kkey, ktp.keylen); 1765 kfree(kkey); 1766 if (rc) { 1767 kfree(protkey); 1768 break; 1769 } 1770 if (ktp.pkey && ktp.pkeylen) { 1771 if (protkeylen > ktp.pkeylen) { 1772 kfree(protkey); 1773 return -EINVAL; 1774 } 1775 if (copy_to_user(ktp.pkey, protkey, protkeylen)) { 1776 kfree(protkey); 1777 return -EFAULT; 1778 } 1779 } 1780 kfree(protkey); 1781 ktp.pkeylen = protkeylen; 1782 if (copy_to_user(utp, &ktp, sizeof(ktp))) 1783 return -EFAULT; 1784 break; 1785 } 1786 default: 1787 /* unknown/unsupported ioctl cmd */ 1788 return -ENOTTY; 1789 } 1790 1791 return rc; 1792 } 1793 1794 /* 1795 * Sysfs and file io operations 1796 */ 1797 1798 /* 1799 * Sysfs attribute read function for all protected key binary attributes. 1800 * The implementation can not deal with partial reads, because a new random 1801 * protected key blob is generated with each read. In case of partial reads 1802 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 1803 */ 1804 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf, 1805 loff_t off, size_t count) 1806 { 1807 struct protaeskeytoken protkeytoken; 1808 struct pkey_protkey protkey; 1809 int rc; 1810 1811 if (off != 0 || count < sizeof(protkeytoken)) 1812 return -EINVAL; 1813 if (is_xts) 1814 if (count < 2 * sizeof(protkeytoken)) 1815 return -EINVAL; 1816 1817 memset(&protkeytoken, 0, sizeof(protkeytoken)); 1818 protkeytoken.type = TOKTYPE_NON_CCA; 1819 protkeytoken.version = TOKVER_PROTECTED_KEY; 1820 protkeytoken.keytype = keytype; 1821 1822 protkey.len = sizeof(protkey.protkey); 1823 rc = pkey_genprotkey(protkeytoken.keytype, 1824 protkey.protkey, &protkey.len, &protkey.type); 1825 if (rc) 1826 return rc; 1827 1828 protkeytoken.len = protkey.len; 1829 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len); 1830 1831 memcpy(buf, &protkeytoken, sizeof(protkeytoken)); 1832 1833 if (is_xts) { 1834 /* xts needs a second protected key, reuse protkey struct */ 1835 protkey.len = sizeof(protkey.protkey); 1836 rc = pkey_genprotkey(protkeytoken.keytype, 1837 protkey.protkey, &protkey.len, &protkey.type); 1838 if (rc) 1839 return rc; 1840 1841 protkeytoken.len = protkey.len; 1842 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len); 1843 1844 memcpy(buf + sizeof(protkeytoken), &protkeytoken, 1845 sizeof(protkeytoken)); 1846 1847 return 2 * sizeof(protkeytoken); 1848 } 1849 1850 return sizeof(protkeytoken); 1851 } 1852 1853 static ssize_t protkey_aes_128_read(struct file *filp, 1854 struct kobject *kobj, 1855 struct bin_attribute *attr, 1856 char *buf, loff_t off, 1857 size_t count) 1858 { 1859 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf, 1860 off, count); 1861 } 1862 1863 static ssize_t protkey_aes_192_read(struct file *filp, 1864 struct kobject *kobj, 1865 struct bin_attribute *attr, 1866 char *buf, loff_t off, 1867 size_t count) 1868 { 1869 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf, 1870 off, count); 1871 } 1872 1873 static ssize_t protkey_aes_256_read(struct file *filp, 1874 struct kobject *kobj, 1875 struct bin_attribute *attr, 1876 char *buf, loff_t off, 1877 size_t count) 1878 { 1879 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf, 1880 off, count); 1881 } 1882 1883 static ssize_t protkey_aes_128_xts_read(struct file *filp, 1884 struct kobject *kobj, 1885 struct bin_attribute *attr, 1886 char *buf, loff_t off, 1887 size_t count) 1888 { 1889 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf, 1890 off, count); 1891 } 1892 1893 static ssize_t protkey_aes_256_xts_read(struct file *filp, 1894 struct kobject *kobj, 1895 struct bin_attribute *attr, 1896 char *buf, loff_t off, 1897 size_t count) 1898 { 1899 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf, 1900 off, count); 1901 } 1902 1903 static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken)); 1904 static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken)); 1905 static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken)); 1906 static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken)); 1907 static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken)); 1908 1909 static struct bin_attribute *protkey_attrs[] = { 1910 &bin_attr_protkey_aes_128, 1911 &bin_attr_protkey_aes_192, 1912 &bin_attr_protkey_aes_256, 1913 &bin_attr_protkey_aes_128_xts, 1914 &bin_attr_protkey_aes_256_xts, 1915 NULL 1916 }; 1917 1918 static struct attribute_group protkey_attr_group = { 1919 .name = "protkey", 1920 .bin_attrs = protkey_attrs, 1921 }; 1922 1923 /* 1924 * Sysfs attribute read function for all secure key ccadata binary attributes. 1925 * The implementation can not deal with partial reads, because a new random 1926 * protected key blob is generated with each read. In case of partial reads 1927 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 1928 */ 1929 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf, 1930 loff_t off, size_t count) 1931 { 1932 struct pkey_seckey *seckey = (struct pkey_seckey *)buf; 1933 int rc; 1934 1935 if (off != 0 || count < sizeof(struct secaeskeytoken)) 1936 return -EINVAL; 1937 if (is_xts) 1938 if (count < 2 * sizeof(struct secaeskeytoken)) 1939 return -EINVAL; 1940 1941 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); 1942 if (rc) 1943 return rc; 1944 1945 if (is_xts) { 1946 seckey++; 1947 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); 1948 if (rc) 1949 return rc; 1950 1951 return 2 * sizeof(struct secaeskeytoken); 1952 } 1953 1954 return sizeof(struct secaeskeytoken); 1955 } 1956 1957 static ssize_t ccadata_aes_128_read(struct file *filp, 1958 struct kobject *kobj, 1959 struct bin_attribute *attr, 1960 char *buf, loff_t off, 1961 size_t count) 1962 { 1963 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf, 1964 off, count); 1965 } 1966 1967 static ssize_t ccadata_aes_192_read(struct file *filp, 1968 struct kobject *kobj, 1969 struct bin_attribute *attr, 1970 char *buf, loff_t off, 1971 size_t count) 1972 { 1973 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf, 1974 off, count); 1975 } 1976 1977 static ssize_t ccadata_aes_256_read(struct file *filp, 1978 struct kobject *kobj, 1979 struct bin_attribute *attr, 1980 char *buf, loff_t off, 1981 size_t count) 1982 { 1983 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf, 1984 off, count); 1985 } 1986 1987 static ssize_t ccadata_aes_128_xts_read(struct file *filp, 1988 struct kobject *kobj, 1989 struct bin_attribute *attr, 1990 char *buf, loff_t off, 1991 size_t count) 1992 { 1993 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf, 1994 off, count); 1995 } 1996 1997 static ssize_t ccadata_aes_256_xts_read(struct file *filp, 1998 struct kobject *kobj, 1999 struct bin_attribute *attr, 2000 char *buf, loff_t off, 2001 size_t count) 2002 { 2003 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf, 2004 off, count); 2005 } 2006 2007 static BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken)); 2008 static BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken)); 2009 static BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken)); 2010 static BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken)); 2011 static BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken)); 2012 2013 static struct bin_attribute *ccadata_attrs[] = { 2014 &bin_attr_ccadata_aes_128, 2015 &bin_attr_ccadata_aes_192, 2016 &bin_attr_ccadata_aes_256, 2017 &bin_attr_ccadata_aes_128_xts, 2018 &bin_attr_ccadata_aes_256_xts, 2019 NULL 2020 }; 2021 2022 static struct attribute_group ccadata_attr_group = { 2023 .name = "ccadata", 2024 .bin_attrs = ccadata_attrs, 2025 }; 2026 2027 #define CCACIPHERTOKENSIZE (sizeof(struct cipherkeytoken) + 80) 2028 2029 /* 2030 * Sysfs attribute read function for all secure key ccacipher binary attributes. 2031 * The implementation can not deal with partial reads, because a new random 2032 * secure key blob is generated with each read. In case of partial reads 2033 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 2034 */ 2035 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits, 2036 bool is_xts, char *buf, loff_t off, 2037 size_t count) 2038 { 2039 size_t keysize = CCACIPHERTOKENSIZE; 2040 u32 nr_apqns, *apqns = NULL; 2041 int i, rc, card, dom; 2042 2043 if (off != 0 || count < CCACIPHERTOKENSIZE) 2044 return -EINVAL; 2045 if (is_xts) 2046 if (count < 2 * CCACIPHERTOKENSIZE) 2047 return -EINVAL; 2048 2049 /* build a list of apqns able to generate an cipher key */ 2050 rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 2051 ZCRYPT_CEX6, 0, 0, 0, 0); 2052 if (rc) 2053 return rc; 2054 2055 memset(buf, 0, is_xts ? 2 * keysize : keysize); 2056 2057 /* simple try all apqns from the list */ 2058 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 2059 card = apqns[i] >> 16; 2060 dom = apqns[i] & 0xFFFF; 2061 rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize); 2062 if (rc == 0) 2063 break; 2064 } 2065 if (rc) 2066 return rc; 2067 2068 if (is_xts) { 2069 keysize = CCACIPHERTOKENSIZE; 2070 buf += CCACIPHERTOKENSIZE; 2071 rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize); 2072 if (rc == 0) 2073 return 2 * CCACIPHERTOKENSIZE; 2074 } 2075 2076 return CCACIPHERTOKENSIZE; 2077 } 2078 2079 static ssize_t ccacipher_aes_128_read(struct file *filp, 2080 struct kobject *kobj, 2081 struct bin_attribute *attr, 2082 char *buf, loff_t off, 2083 size_t count) 2084 { 2085 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf, 2086 off, count); 2087 } 2088 2089 static ssize_t ccacipher_aes_192_read(struct file *filp, 2090 struct kobject *kobj, 2091 struct bin_attribute *attr, 2092 char *buf, loff_t off, 2093 size_t count) 2094 { 2095 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf, 2096 off, count); 2097 } 2098 2099 static ssize_t ccacipher_aes_256_read(struct file *filp, 2100 struct kobject *kobj, 2101 struct bin_attribute *attr, 2102 char *buf, loff_t off, 2103 size_t count) 2104 { 2105 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf, 2106 off, count); 2107 } 2108 2109 static ssize_t ccacipher_aes_128_xts_read(struct file *filp, 2110 struct kobject *kobj, 2111 struct bin_attribute *attr, 2112 char *buf, loff_t off, 2113 size_t count) 2114 { 2115 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf, 2116 off, count); 2117 } 2118 2119 static ssize_t ccacipher_aes_256_xts_read(struct file *filp, 2120 struct kobject *kobj, 2121 struct bin_attribute *attr, 2122 char *buf, loff_t off, 2123 size_t count) 2124 { 2125 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf, 2126 off, count); 2127 } 2128 2129 static BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE); 2130 static BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE); 2131 static BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE); 2132 static BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE); 2133 static BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE); 2134 2135 static struct bin_attribute *ccacipher_attrs[] = { 2136 &bin_attr_ccacipher_aes_128, 2137 &bin_attr_ccacipher_aes_192, 2138 &bin_attr_ccacipher_aes_256, 2139 &bin_attr_ccacipher_aes_128_xts, 2140 &bin_attr_ccacipher_aes_256_xts, 2141 NULL 2142 }; 2143 2144 static struct attribute_group ccacipher_attr_group = { 2145 .name = "ccacipher", 2146 .bin_attrs = ccacipher_attrs, 2147 }; 2148 2149 /* 2150 * Sysfs attribute read function for all ep11 aes key binary attributes. 2151 * The implementation can not deal with partial reads, because a new random 2152 * secure key blob is generated with each read. In case of partial reads 2153 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 2154 * This function and the sysfs attributes using it provide EP11 key blobs 2155 * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently 2156 * 336 bytes. 2157 */ 2158 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits, 2159 bool is_xts, char *buf, loff_t off, 2160 size_t count) 2161 { 2162 size_t keysize = MAXEP11AESKEYBLOBSIZE; 2163 u32 nr_apqns, *apqns = NULL; 2164 int i, rc, card, dom; 2165 2166 if (off != 0 || count < MAXEP11AESKEYBLOBSIZE) 2167 return -EINVAL; 2168 if (is_xts) 2169 if (count < 2 * MAXEP11AESKEYBLOBSIZE) 2170 return -EINVAL; 2171 2172 /* build a list of apqns able to generate an cipher key */ 2173 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 2174 ZCRYPT_CEX7, 2175 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 2176 NULL); 2177 if (rc) 2178 return rc; 2179 2180 memset(buf, 0, is_xts ? 2 * keysize : keysize); 2181 2182 /* simple try all apqns from the list */ 2183 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 2184 card = apqns[i] >> 16; 2185 dom = apqns[i] & 0xFFFF; 2186 rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize, 2187 PKEY_TYPE_EP11_AES); 2188 if (rc == 0) 2189 break; 2190 } 2191 if (rc) 2192 return rc; 2193 2194 if (is_xts) { 2195 keysize = MAXEP11AESKEYBLOBSIZE; 2196 buf += MAXEP11AESKEYBLOBSIZE; 2197 rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize, 2198 PKEY_TYPE_EP11_AES); 2199 if (rc == 0) 2200 return 2 * MAXEP11AESKEYBLOBSIZE; 2201 } 2202 2203 return MAXEP11AESKEYBLOBSIZE; 2204 } 2205 2206 static ssize_t ep11_aes_128_read(struct file *filp, 2207 struct kobject *kobj, 2208 struct bin_attribute *attr, 2209 char *buf, loff_t off, 2210 size_t count) 2211 { 2212 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf, 2213 off, count); 2214 } 2215 2216 static ssize_t ep11_aes_192_read(struct file *filp, 2217 struct kobject *kobj, 2218 struct bin_attribute *attr, 2219 char *buf, loff_t off, 2220 size_t count) 2221 { 2222 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf, 2223 off, count); 2224 } 2225 2226 static ssize_t ep11_aes_256_read(struct file *filp, 2227 struct kobject *kobj, 2228 struct bin_attribute *attr, 2229 char *buf, loff_t off, 2230 size_t count) 2231 { 2232 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf, 2233 off, count); 2234 } 2235 2236 static ssize_t ep11_aes_128_xts_read(struct file *filp, 2237 struct kobject *kobj, 2238 struct bin_attribute *attr, 2239 char *buf, loff_t off, 2240 size_t count) 2241 { 2242 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf, 2243 off, count); 2244 } 2245 2246 static ssize_t ep11_aes_256_xts_read(struct file *filp, 2247 struct kobject *kobj, 2248 struct bin_attribute *attr, 2249 char *buf, loff_t off, 2250 size_t count) 2251 { 2252 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf, 2253 off, count); 2254 } 2255 2256 static BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE); 2257 static BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE); 2258 static BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE); 2259 static BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE); 2260 static BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE); 2261 2262 static struct bin_attribute *ep11_attrs[] = { 2263 &bin_attr_ep11_aes_128, 2264 &bin_attr_ep11_aes_192, 2265 &bin_attr_ep11_aes_256, 2266 &bin_attr_ep11_aes_128_xts, 2267 &bin_attr_ep11_aes_256_xts, 2268 NULL 2269 }; 2270 2271 static struct attribute_group ep11_attr_group = { 2272 .name = "ep11", 2273 .bin_attrs = ep11_attrs, 2274 }; 2275 2276 static const struct attribute_group *pkey_attr_groups[] = { 2277 &protkey_attr_group, 2278 &ccadata_attr_group, 2279 &ccacipher_attr_group, 2280 &ep11_attr_group, 2281 NULL, 2282 }; 2283 2284 static const struct file_operations pkey_fops = { 2285 .owner = THIS_MODULE, 2286 .open = nonseekable_open, 2287 .llseek = no_llseek, 2288 .unlocked_ioctl = pkey_unlocked_ioctl, 2289 }; 2290 2291 static struct miscdevice pkey_dev = { 2292 .name = "pkey", 2293 .minor = MISC_DYNAMIC_MINOR, 2294 .mode = 0666, 2295 .fops = &pkey_fops, 2296 .groups = pkey_attr_groups, 2297 }; 2298 2299 /* 2300 * Module init 2301 */ 2302 static int __init pkey_init(void) 2303 { 2304 cpacf_mask_t func_mask; 2305 2306 /* 2307 * The pckmo instruction should be available - even if we don't 2308 * actually invoke it. This instruction comes with MSA 3 which 2309 * is also the minimum level for the kmc instructions which 2310 * are able to work with protected keys. 2311 */ 2312 if (!cpacf_query(CPACF_PCKMO, &func_mask)) 2313 return -ENODEV; 2314 2315 /* check for kmc instructions available */ 2316 if (!cpacf_query(CPACF_KMC, &func_mask)) 2317 return -ENODEV; 2318 if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) || 2319 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) || 2320 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256)) 2321 return -ENODEV; 2322 2323 pkey_debug_init(); 2324 2325 return misc_register(&pkey_dev); 2326 } 2327 2328 /* 2329 * Module exit 2330 */ 2331 static void __exit pkey_exit(void) 2332 { 2333 misc_deregister(&pkey_dev); 2334 pkey_debug_exit(); 2335 } 2336 2337 module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init); 2338 module_exit(pkey_exit); 2339