1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  *  Copyright IBM Corp. 2019
4  *  Author(s): Harald Freudenberger <freude@linux.ibm.com>
5  *	       Ingo Franzki <ifranzki@linux.ibm.com>
6  *
7  *  Collection of CCA misc functions used by zcrypt and pkey
8  */
9 
10 #ifndef _ZCRYPT_CCAMISC_H_
11 #define _ZCRYPT_CCAMISC_H_
12 
13 #include <asm/zcrypt.h>
14 #include <asm/pkey.h>
15 
16 /* Key token types */
17 #define TOKTYPE_NON_CCA		0x00 /* Non-CCA key token */
18 #define TOKTYPE_CCA_INTERNAL	0x01 /* CCA internal key token */
19 
20 /* For TOKTYPE_NON_CCA: */
21 #define TOKVER_PROTECTED_KEY	0x01 /* Protected key token */
22 #define TOKVER_CLEAR_KEY	0x02 /* Clear key token */
23 
24 /* For TOKTYPE_CCA_INTERNAL: */
25 #define TOKVER_CCA_AES		0x04 /* CCA AES key token */
26 #define TOKVER_CCA_VLSC		0x05 /* var length sym cipher key token */
27 
28 /* Max size of a cca variable length cipher key token */
29 #define MAXCCAVLSCTOKENSIZE 725
30 
31 /* header part of a CCA key token */
32 struct keytoken_header {
33 	u8  type;     /* one of the TOKTYPE values */
34 	u8  res0[1];
35 	u16 len;      /* vlsc token: total length in bytes */
36 	u8  version;  /* one of the TOKVER values */
37 	u8  res1[3];
38 } __packed;
39 
40 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
41 struct secaeskeytoken {
42 	u8  type;     /* 0x01 for internal key token */
43 	u8  res0[3];
44 	u8  version;  /* should be 0x04 */
45 	u8  res1[1];
46 	u8  flag;     /* key flags */
47 	u8  res2[1];
48 	u64 mkvp;     /* master key verification pattern */
49 	u8  key[32];  /* key value (encrypted) */
50 	u8  cv[8];    /* control vector */
51 	u16 bitsize;  /* key bit size */
52 	u16 keysize;  /* key byte size */
53 	u8  tvv[4];   /* token validation value */
54 } __packed;
55 
56 /* inside view of a variable length symmetric cipher AES key token */
57 struct cipherkeytoken {
58 	u8  type;     /* 0x01 for internal key token */
59 	u8  res0[1];
60 	u16 len;      /* total key token length in bytes */
61 	u8  version;  /* should be 0x05 */
62 	u8  res1[3];
63 	u8  kms;      /* key material state, 0x03 means wrapped with MK */
64 	u8  kvpt;     /* key verification pattern type, should be 0x01 */
65 	u64 mkvp0;    /* master key verification pattern, lo part */
66 	u64 mkvp1;    /* master key verification pattern, hi part (unused) */
67 	u8  eskwm;    /* encrypted section key wrapping method */
68 	u8  hashalg;  /* hash algorithmus used for wrapping key */
69 	u8  plfver;   /* pay load format version */
70 	u8  res2[1];
71 	u8  adsver;   /* associated data section version */
72 	u8  res3[1];
73 	u16 adslen;   /* associated data section length */
74 	u8  kllen;    /* optional key label length */
75 	u8  ieaslen;  /* optional extended associated data length */
76 	u8  uadlen;   /* optional user definable associated data length */
77 	u8  res4[1];
78 	u16 wpllen;   /* wrapped payload length in bits: */
79 		      /*   plfver  0x00 0x01		 */
80 		      /*   AES-128  512  640		 */
81 		      /*   AES-192  576  640		 */
82 		      /*   AES-256  640  640		 */
83 	u8  res5[1];
84 	u8  algtype;  /* 0x02 for AES cipher */
85 	u16 keytype;  /* 0x0001 for 'cipher' */
86 	u8  kufc;     /* key usage field count */
87 	u16 kuf1;     /* key usage field 1 */
88 	u16 kuf2;     /* key usage field 2 */
89 	u8  kmfc;     /* key management field count */
90 	u16 kmf1;     /* key management field 1 */
91 	u16 kmf2;     /* key management field 2 */
92 	u16 kmf3;     /* key management field 3 */
93 	u8  vdata[0]; /* variable part data follows */
94 } __packed;
95 
96 /* Some defines for the CCA AES cipherkeytoken kmf1 field */
97 #define KMF1_XPRT_SYM  0x8000
98 #define KMF1_XPRT_UASY 0x4000
99 #define KMF1_XPRT_AASY 0x2000
100 #define KMF1_XPRT_RAW  0x1000
101 #define KMF1_XPRT_CPAC 0x0800
102 #define KMF1_XPRT_DES  0x0080
103 #define KMF1_XPRT_AES  0x0040
104 #define KMF1_XPRT_RSA  0x0008
105 
106 /*
107  * Simple check if the token is a valid CCA secure AES data key
108  * token. If keybitsize is given, the bitsize of the key is
109  * also checked. Returns 0 on success or errno value on failure.
110  */
111 int cca_check_secaeskeytoken(debug_info_t *dbg, int dbflvl,
112 			     const u8 *token, int keybitsize);
113 
114 /*
115  * Simple check if the token is a valid CCA secure AES cipher key
116  * token. If keybitsize is given, the bitsize of the key is
117  * also checked. If checkcpacfexport is enabled, the key is also
118  * checked for the export flag to allow CPACF export.
119  * Returns 0 on success or errno value on failure.
120  */
121 int cca_check_secaescipherkey(debug_info_t *dbg, int dbflvl,
122 			      const u8 *token, int keybitsize,
123 			      int checkcpacfexport);
124 
125 /*
126  * Generate (random) CCA AES DATA secure key.
127  */
128 int cca_genseckey(u16 cardnr, u16 domain, u32 keybitsize, u8 *seckey);
129 
130 /*
131  * Generate CCA AES DATA secure key with given clear key value.
132  */
133 int cca_clr2seckey(u16 cardnr, u16 domain, u32 keybitsize,
134 		   const u8 *clrkey, u8 *seckey);
135 
136 /*
137  * Derive proteced key from an CCA AES DATA secure key.
138  */
139 int cca_sec2protkey(u16 cardnr, u16 domain,
140 		    const u8 seckey[SECKEYBLOBSIZE],
141 		    u8 *protkey, u32 *protkeylen, u32 *protkeytype);
142 
143 /*
144  * Generate (random) CCA AES CIPHER secure key.
145  */
146 int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
147 		     u8 *keybuf, size_t *keybufsize);
148 
149 /*
150  * Derive proteced key from CCA AES cipher secure key.
151  */
152 int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey,
153 		       u8 *protkey, u32 *protkeylen, u32 *protkeytype);
154 
155 /*
156  * Build CCA AES CIPHER secure key with a given clear key value.
157  */
158 int cca_clr2cipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
159 		      const u8 *clrkey, u8 *keybuf, size_t *keybufsize);
160 
161 /*
162  * Query cryptographic facility from CCA adapter
163  */
164 int cca_query_crypto_facility(u16 cardnr, u16 domain,
165 			      const char *keyword,
166 			      u8 *rarray, size_t *rarraylen,
167 			      u8 *varray, size_t *varraylen);
168 
169 /*
170  * Search for a matching crypto card based on the Master Key
171  * Verification Pattern provided inside a secure key.
172  * Works with CCA AES data and cipher keys.
173  * Returns < 0 on failure, 0 if CURRENT MKVP matches and
174  * 1 if OLD MKVP matches.
175  */
176 int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify);
177 
178 /*
179  * Build a list of cca apqns meeting the following constrains:
180  * - apqn is online and is in fact a CCA apqn
181  * - if cardnr is not FFFF only apqns with this cardnr
182  * - if domain is not FFFF only apqns with this domainnr
183  * - if minhwtype > 0 only apqns with hwtype >= minhwtype
184  * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp
185  * - if old_mkvp != 0 only apqns where old_mkvp == mkvp
186  * - if verify is enabled and a cur_mkvp and/or old_mkvp
187  *   value is given, then refetch the cca_info and make sure the current
188  *   cur_mkvp or old_mkvp values of the apqn are used.
189  * The array of apqn entries is allocated with kmalloc and returned in *apqns;
190  * the number of apqns stored into the list is returned in *nr_apqns. One apqn
191  * entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and
192  * may be casted to struct pkey_apqn. The return value is either 0 for success
193  * or a negative errno value. If no apqn meeting the criterias is found,
194  * -ENODEV is returned.
195  */
196 int cca_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
197 		  int minhwtype, u64 cur_mkvp, u64 old_mkvp, int verify);
198 
199 /* struct to hold info for each CCA queue */
200 struct cca_info {
201 	int  hwtype;	    /* one of the defined AP_DEVICE_TYPE_* */
202 	char new_mk_state;  /* '1' empty, '2' partially full, '3' full */
203 	char cur_mk_state;  /* '1' invalid, '2' valid */
204 	char old_mk_state;  /* '1' invalid, '2' valid */
205 	u64  new_mkvp;	    /* truncated sha256 hash of new master key */
206 	u64  cur_mkvp;	    /* truncated sha256 hash of current master key */
207 	u64  old_mkvp;	    /* truncated sha256 hash of old master key */
208 	char serial[9];     /* serial number string (8 ascii numbers + 0x00) */
209 };
210 
211 /*
212  * Fetch cca information about an CCA queue.
213  */
214 int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify);
215 
216 void zcrypt_ccamisc_exit(void);
217 
218 #endif /* _ZCRYPT_CCAMISC_H_ */
219