1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  Copyright IBM Corp. 2019
4  *  Author(s): Harald Freudenberger <freude@linux.ibm.com>
5  *
6  *  Collection of EP11 misc functions used by zcrypt and pkey
7  */
8 
9 #define KMSG_COMPONENT "zcrypt"
10 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
11 
12 #include <linux/init.h>
13 #include <linux/module.h>
14 #include <linux/slab.h>
15 #include <linux/random.h>
16 #include <asm/zcrypt.h>
17 #include <asm/pkey.h>
18 #include <crypto/aes.h>
19 
20 #include "ap_bus.h"
21 #include "zcrypt_api.h"
22 #include "zcrypt_debug.h"
23 #include "zcrypt_msgtype6.h"
24 #include "zcrypt_ep11misc.h"
25 #include "zcrypt_ccamisc.h"
26 
27 #define DEBUG_DBG(...)	ZCRYPT_DBF(DBF_DEBUG, ##__VA_ARGS__)
28 #define DEBUG_INFO(...) ZCRYPT_DBF(DBF_INFO, ##__VA_ARGS__)
29 #define DEBUG_WARN(...) ZCRYPT_DBF(DBF_WARN, ##__VA_ARGS__)
30 #define DEBUG_ERR(...)	ZCRYPT_DBF(DBF_ERR, ##__VA_ARGS__)
31 
32 /* default iv used here */
33 static const u8 def_iv[16] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
34 			       0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
35 
36 /* ep11 card info cache */
37 struct card_list_entry {
38 	struct list_head list;
39 	u16 cardnr;
40 	struct ep11_card_info info;
41 };
42 static LIST_HEAD(card_list);
43 static DEFINE_SPINLOCK(card_list_lock);
44 
45 static int card_cache_fetch(u16 cardnr, struct ep11_card_info *ci)
46 {
47 	int rc = -ENOENT;
48 	struct card_list_entry *ptr;
49 
50 	spin_lock_bh(&card_list_lock);
51 	list_for_each_entry(ptr, &card_list, list) {
52 		if (ptr->cardnr == cardnr) {
53 			memcpy(ci, &ptr->info, sizeof(*ci));
54 			rc = 0;
55 			break;
56 		}
57 	}
58 	spin_unlock_bh(&card_list_lock);
59 
60 	return rc;
61 }
62 
63 static void card_cache_update(u16 cardnr, const struct ep11_card_info *ci)
64 {
65 	int found = 0;
66 	struct card_list_entry *ptr;
67 
68 	spin_lock_bh(&card_list_lock);
69 	list_for_each_entry(ptr, &card_list, list) {
70 		if (ptr->cardnr == cardnr) {
71 			memcpy(&ptr->info, ci, sizeof(*ci));
72 			found = 1;
73 			break;
74 		}
75 	}
76 	if (!found) {
77 		ptr = kmalloc(sizeof(*ptr), GFP_ATOMIC);
78 		if (!ptr) {
79 			spin_unlock_bh(&card_list_lock);
80 			return;
81 		}
82 		ptr->cardnr = cardnr;
83 		memcpy(&ptr->info, ci, sizeof(*ci));
84 		list_add(&ptr->list, &card_list);
85 	}
86 	spin_unlock_bh(&card_list_lock);
87 }
88 
89 static void card_cache_scrub(u16 cardnr)
90 {
91 	struct card_list_entry *ptr;
92 
93 	spin_lock_bh(&card_list_lock);
94 	list_for_each_entry(ptr, &card_list, list) {
95 		if (ptr->cardnr == cardnr) {
96 			list_del(&ptr->list);
97 			kfree(ptr);
98 			break;
99 		}
100 	}
101 	spin_unlock_bh(&card_list_lock);
102 }
103 
104 static void __exit card_cache_free(void)
105 {
106 	struct card_list_entry *ptr, *pnext;
107 
108 	spin_lock_bh(&card_list_lock);
109 	list_for_each_entry_safe(ptr, pnext, &card_list, list) {
110 		list_del(&ptr->list);
111 		kfree(ptr);
112 	}
113 	spin_unlock_bh(&card_list_lock);
114 }
115 
116 /*
117  * Simple check if the key blob is a valid EP11 AES key blob with header.
118  */
119 int ep11_check_aes_key_with_hdr(debug_info_t *dbg, int dbflvl,
120 				const u8 *key, size_t keylen, int checkcpacfexp)
121 {
122 	struct ep11kblob_header *hdr = (struct ep11kblob_header *) key;
123 	struct ep11keyblob *kb = (struct ep11keyblob *) (key + sizeof(*hdr));
124 
125 #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
126 
127 	if (keylen < sizeof(*hdr) + sizeof(*kb)) {
128 		DBF("%s key check failed, keylen %zu < %zu\n",
129 		    __func__, keylen, sizeof(*hdr) + sizeof(*kb));
130 		return -EINVAL;
131 	}
132 
133 	if (hdr->type != TOKTYPE_NON_CCA) {
134 		if (dbg)
135 			DBF("%s key check failed, type 0x%02x != 0x%02x\n",
136 			    __func__, (int) hdr->type, TOKTYPE_NON_CCA);
137 		return -EINVAL;
138 	}
139 	if (hdr->hver != 0x00) {
140 		if (dbg)
141 			DBF("%s key check failed, header version 0x%02x != 0x00\n",
142 			    __func__, (int) hdr->hver);
143 		return -EINVAL;
144 	}
145 	if (hdr->version != TOKVER_EP11_AES_WITH_HEADER) {
146 		if (dbg)
147 			DBF("%s key check failed, version 0x%02x != 0x%02x\n",
148 			    __func__, (int) hdr->version, TOKVER_EP11_AES_WITH_HEADER);
149 		return -EINVAL;
150 	}
151 	if (hdr->len > keylen) {
152 		if (dbg)
153 			DBF("%s key check failed, header len %d keylen %zu mismatch\n",
154 			    __func__, (int) hdr->len, keylen);
155 		return -EINVAL;
156 	}
157 	if (hdr->len < sizeof(*hdr) + sizeof(*kb)) {
158 		if (dbg)
159 			DBF("%s key check failed, header len %d < %zu\n",
160 			    __func__, (int) hdr->len, sizeof(*hdr) + sizeof(*kb));
161 		return -EINVAL;
162 	}
163 
164 	if (kb->version != EP11_STRUCT_MAGIC) {
165 		if (dbg)
166 			DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
167 			    __func__, (int) kb->version, EP11_STRUCT_MAGIC);
168 		return -EINVAL;
169 	}
170 	if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
171 		if (dbg)
172 			DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
173 			    __func__);
174 		return -EINVAL;
175 	}
176 
177 #undef DBF
178 
179 	return 0;
180 }
181 EXPORT_SYMBOL(ep11_check_aes_key_with_hdr);
182 
183 /*
184  * Simple check if the key blob is a valid EP11 ECC key blob with header.
185  */
186 int ep11_check_ecc_key_with_hdr(debug_info_t *dbg, int dbflvl,
187 				const u8 *key, size_t keylen, int checkcpacfexp)
188 {
189 	struct ep11kblob_header *hdr = (struct ep11kblob_header *) key;
190 	struct ep11keyblob *kb = (struct ep11keyblob *) (key + sizeof(*hdr));
191 
192 #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
193 
194 	if (keylen < sizeof(*hdr) + sizeof(*kb)) {
195 		DBF("%s key check failed, keylen %zu < %zu\n",
196 		    __func__, keylen, sizeof(*hdr) + sizeof(*kb));
197 		return -EINVAL;
198 	}
199 
200 	if (hdr->type != TOKTYPE_NON_CCA) {
201 		if (dbg)
202 			DBF("%s key check failed, type 0x%02x != 0x%02x\n",
203 			    __func__, (int) hdr->type, TOKTYPE_NON_CCA);
204 		return -EINVAL;
205 	}
206 	if (hdr->hver != 0x00) {
207 		if (dbg)
208 			DBF("%s key check failed, header version 0x%02x != 0x00\n",
209 			    __func__, (int) hdr->hver);
210 		return -EINVAL;
211 	}
212 	if (hdr->version != TOKVER_EP11_ECC_WITH_HEADER) {
213 		if (dbg)
214 			DBF("%s key check failed, version 0x%02x != 0x%02x\n",
215 			    __func__, (int) hdr->version, TOKVER_EP11_ECC_WITH_HEADER);
216 		return -EINVAL;
217 	}
218 	if (hdr->len > keylen) {
219 		if (dbg)
220 			DBF("%s key check failed, header len %d keylen %zu mismatch\n",
221 			    __func__, (int) hdr->len, keylen);
222 		return -EINVAL;
223 	}
224 	if (hdr->len < sizeof(*hdr) + sizeof(*kb)) {
225 		if (dbg)
226 			DBF("%s key check failed, header len %d < %zu\n",
227 			    __func__, (int) hdr->len, sizeof(*hdr) + sizeof(*kb));
228 		return -EINVAL;
229 	}
230 
231 	if (kb->version != EP11_STRUCT_MAGIC) {
232 		if (dbg)
233 			DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
234 			    __func__, (int) kb->version, EP11_STRUCT_MAGIC);
235 		return -EINVAL;
236 	}
237 	if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
238 		if (dbg)
239 			DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
240 			    __func__);
241 		return -EINVAL;
242 	}
243 
244 #undef DBF
245 
246 	return 0;
247 }
248 EXPORT_SYMBOL(ep11_check_ecc_key_with_hdr);
249 
250 /*
251  * Simple check if the key blob is a valid EP11 AES key blob with
252  * the header in the session field (old style EP11 AES key).
253  */
254 int ep11_check_aes_key(debug_info_t *dbg, int dbflvl,
255 		       const u8 *key, size_t keylen, int checkcpacfexp)
256 {
257 	struct ep11keyblob *kb = (struct ep11keyblob *) key;
258 
259 #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
260 
261 	if (keylen < sizeof(*kb)) {
262 		DBF("%s key check failed, keylen %zu < %zu\n",
263 		    __func__, keylen, sizeof(*kb));
264 		return -EINVAL;
265 	}
266 
267 	if (kb->head.type != TOKTYPE_NON_CCA) {
268 		if (dbg)
269 			DBF("%s key check failed, type 0x%02x != 0x%02x\n",
270 			    __func__, (int) kb->head.type, TOKTYPE_NON_CCA);
271 		return -EINVAL;
272 	}
273 	if (kb->head.version != TOKVER_EP11_AES) {
274 		if (dbg)
275 			DBF("%s key check failed, version 0x%02x != 0x%02x\n",
276 			    __func__, (int) kb->head.version, TOKVER_EP11_AES);
277 		return -EINVAL;
278 	}
279 	if (kb->head.len > keylen) {
280 		if (dbg)
281 			DBF("%s key check failed, header len %d keylen %zu mismatch\n",
282 			    __func__, (int) kb->head.len, keylen);
283 		return -EINVAL;
284 	}
285 	if (kb->head.len < sizeof(*kb)) {
286 		if (dbg)
287 			DBF("%s key check failed, header len %d < %zu\n",
288 			    __func__, (int) kb->head.len, sizeof(*kb));
289 		return -EINVAL;
290 	}
291 
292 	if (kb->version != EP11_STRUCT_MAGIC) {
293 		if (dbg)
294 			DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
295 			    __func__, (int) kb->version, EP11_STRUCT_MAGIC);
296 		return -EINVAL;
297 	}
298 	if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
299 		if (dbg)
300 			DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
301 			    __func__);
302 		return -EINVAL;
303 	}
304 
305 #undef DBF
306 
307 	return 0;
308 }
309 EXPORT_SYMBOL(ep11_check_aes_key);
310 
311 /*
312  * Allocate and prepare ep11 cprb plus additional payload.
313  */
314 static inline struct ep11_cprb *alloc_cprb(size_t payload_len)
315 {
316 	size_t len = sizeof(struct ep11_cprb) + payload_len;
317 	struct ep11_cprb *cprb;
318 
319 	cprb = kzalloc(len, GFP_KERNEL);
320 	if (!cprb)
321 		return NULL;
322 
323 	cprb->cprb_len = sizeof(struct ep11_cprb);
324 	cprb->cprb_ver_id = 0x04;
325 	memcpy(cprb->func_id, "T4", 2);
326 	cprb->ret_code = 0xFFFFFFFF;
327 	cprb->payload_len = payload_len;
328 
329 	return cprb;
330 }
331 
332 /*
333  * Some helper functions related to ASN1 encoding.
334  * Limited to length info <= 2 byte.
335  */
336 
337 #define ASN1TAGLEN(x) (2 + (x) + ((x) > 127 ? 1 : 0) + ((x) > 255 ? 1 : 0))
338 
339 static int asn1tag_write(u8 *ptr, u8 tag, const u8 *pvalue, u16 valuelen)
340 {
341 	ptr[0] = tag;
342 	if (valuelen > 255) {
343 		ptr[1] = 0x82;
344 		*((u16 *)(ptr + 2)) = valuelen;
345 		memcpy(ptr + 4, pvalue, valuelen);
346 		return 4 + valuelen;
347 	}
348 	if (valuelen > 127) {
349 		ptr[1] = 0x81;
350 		ptr[2] = (u8) valuelen;
351 		memcpy(ptr + 3, pvalue, valuelen);
352 		return 3 + valuelen;
353 	}
354 	ptr[1] = (u8) valuelen;
355 	memcpy(ptr + 2, pvalue, valuelen);
356 	return 2 + valuelen;
357 }
358 
359 /* EP11 payload > 127 bytes starts with this struct */
360 struct pl_head {
361 	u8  tag;
362 	u8  lenfmt;
363 	u16 len;
364 	u8  func_tag;
365 	u8  func_len;
366 	u32 func;
367 	u8  dom_tag;
368 	u8  dom_len;
369 	u32 dom;
370 } __packed;
371 
372 /* prep ep11 payload head helper function */
373 static inline void prep_head(struct pl_head *h,
374 			     size_t pl_size, int api, int func)
375 {
376 	h->tag = 0x30;
377 	h->lenfmt = 0x82;
378 	h->len = pl_size - 4;
379 	h->func_tag = 0x04;
380 	h->func_len = sizeof(u32);
381 	h->func = (api << 16) + func;
382 	h->dom_tag = 0x04;
383 	h->dom_len = sizeof(u32);
384 }
385 
386 /* prep urb helper function */
387 static inline void prep_urb(struct ep11_urb *u,
388 			    struct ep11_target_dev *t, int nt,
389 			    struct ep11_cprb *req, size_t req_len,
390 			    struct ep11_cprb *rep, size_t rep_len)
391 {
392 	u->targets = (u8 __user *) t;
393 	u->targets_num = nt;
394 	u->req = (u8 __user *) req;
395 	u->req_len = req_len;
396 	u->resp = (u8 __user *) rep;
397 	u->resp_len = rep_len;
398 }
399 
400 /* Check ep11 reply payload, return 0 or suggested errno value. */
401 static int check_reply_pl(const u8 *pl, const char *func)
402 {
403 	int len;
404 	u32 ret;
405 
406 	/* start tag */
407 	if (*pl++ != 0x30) {
408 		DEBUG_ERR("%s reply start tag mismatch\n", func);
409 		return -EIO;
410 	}
411 
412 	/* payload length format */
413 	if (*pl < 127) {
414 		len = *pl;
415 		pl++;
416 	} else if (*pl == 0x81) {
417 		pl++;
418 		len = *pl;
419 		pl++;
420 	} else if (*pl == 0x82) {
421 		pl++;
422 		len = *((u16 *)pl);
423 		pl += 2;
424 	} else {
425 		DEBUG_ERR("%s reply start tag lenfmt mismatch 0x%02hhx\n",
426 			  func, *pl);
427 		return -EIO;
428 	}
429 
430 	/* len should cover at least 3 fields with 32 bit value each */
431 	if (len < 3 * 6) {
432 		DEBUG_ERR("%s reply length %d too small\n", func, len);
433 		return -EIO;
434 	}
435 
436 	/* function tag, length and value */
437 	if (pl[0] != 0x04 || pl[1] != 0x04) {
438 		DEBUG_ERR("%s function tag or length mismatch\n", func);
439 		return -EIO;
440 	}
441 	pl += 6;
442 
443 	/* dom tag, length and value */
444 	if (pl[0] != 0x04 || pl[1] != 0x04) {
445 		DEBUG_ERR("%s dom tag or length mismatch\n", func);
446 		return -EIO;
447 	}
448 	pl += 6;
449 
450 	/* return value tag, length and value */
451 	if (pl[0] != 0x04 || pl[1] != 0x04) {
452 		DEBUG_ERR("%s return value tag or length mismatch\n", func);
453 		return -EIO;
454 	}
455 	pl += 2;
456 	ret = *((u32 *)pl);
457 	if (ret != 0) {
458 		DEBUG_ERR("%s return value 0x%04x != 0\n", func, ret);
459 		return -EIO;
460 	}
461 
462 	return 0;
463 }
464 
465 
466 /*
467  * Helper function which does an ep11 query with given query type.
468  */
469 static int ep11_query_info(u16 cardnr, u16 domain, u32 query_type,
470 			   size_t buflen, u8 *buf)
471 {
472 	struct ep11_info_req_pl {
473 		struct pl_head head;
474 		u8  query_type_tag;
475 		u8  query_type_len;
476 		u32 query_type;
477 		u8  query_subtype_tag;
478 		u8  query_subtype_len;
479 		u32 query_subtype;
480 	} __packed * req_pl;
481 	struct ep11_info_rep_pl {
482 		struct pl_head head;
483 		u8  rc_tag;
484 		u8  rc_len;
485 		u32 rc;
486 		u8  data_tag;
487 		u8  data_lenfmt;
488 		u16 data_len;
489 	} __packed * rep_pl;
490 	struct ep11_cprb *req = NULL, *rep = NULL;
491 	struct ep11_target_dev target;
492 	struct ep11_urb *urb = NULL;
493 	int api = 1, rc = -ENOMEM;
494 
495 	/* request cprb and payload */
496 	req = alloc_cprb(sizeof(struct ep11_info_req_pl));
497 	if (!req)
498 		goto out;
499 	req_pl = (struct ep11_info_req_pl *) (((u8 *) req) + sizeof(*req));
500 	prep_head(&req_pl->head, sizeof(*req_pl), api, 38); /* get xcp info */
501 	req_pl->query_type_tag = 0x04;
502 	req_pl->query_type_len = sizeof(u32);
503 	req_pl->query_type = query_type;
504 	req_pl->query_subtype_tag = 0x04;
505 	req_pl->query_subtype_len = sizeof(u32);
506 
507 	/* reply cprb and payload */
508 	rep = alloc_cprb(sizeof(struct ep11_info_rep_pl) + buflen);
509 	if (!rep)
510 		goto out;
511 	rep_pl = (struct ep11_info_rep_pl *) (((u8 *) rep) + sizeof(*rep));
512 
513 	/* urb and target */
514 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
515 	if (!urb)
516 		goto out;
517 	target.ap_id = cardnr;
518 	target.dom_id = domain;
519 	prep_urb(urb, &target, 1,
520 		 req, sizeof(*req) + sizeof(*req_pl),
521 		 rep, sizeof(*rep) + sizeof(*rep_pl) + buflen);
522 
523 	rc = zcrypt_send_ep11_cprb(urb);
524 	if (rc) {
525 		DEBUG_ERR(
526 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
527 			__func__, (int) cardnr, (int) domain, rc);
528 		goto out;
529 	}
530 
531 	rc = check_reply_pl((u8 *)rep_pl, __func__);
532 	if (rc)
533 		goto out;
534 	if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
535 		DEBUG_ERR("%s unknown reply data format\n", __func__);
536 		rc = -EIO;
537 		goto out;
538 	}
539 	if (rep_pl->data_len > buflen) {
540 		DEBUG_ERR("%s mismatch between reply data len and buffer len\n",
541 			  __func__);
542 		rc = -ENOSPC;
543 		goto out;
544 	}
545 
546 	memcpy(buf, ((u8 *) rep_pl) + sizeof(*rep_pl), rep_pl->data_len);
547 
548 out:
549 	kfree(req);
550 	kfree(rep);
551 	kfree(urb);
552 	return rc;
553 }
554 
555 /*
556  * Provide information about an EP11 card.
557  */
558 int ep11_get_card_info(u16 card, struct ep11_card_info *info, int verify)
559 {
560 	int rc;
561 	struct ep11_module_query_info {
562 		u32 API_ord_nr;
563 		u32 firmware_id;
564 		u8  FW_major_vers;
565 		u8  FW_minor_vers;
566 		u8  CSP_major_vers;
567 		u8  CSP_minor_vers;
568 		u8  fwid[32];
569 		u8  xcp_config_hash[32];
570 		u8  CSP_config_hash[32];
571 		u8  serial[16];
572 		u8  module_date_time[16];
573 		u64 op_mode;
574 		u32 PKCS11_flags;
575 		u32 ext_flags;
576 		u32 domains;
577 		u32 sym_state_bytes;
578 		u32 digest_state_bytes;
579 		u32 pin_blob_bytes;
580 		u32 SPKI_bytes;
581 		u32 priv_key_blob_bytes;
582 		u32 sym_blob_bytes;
583 		u32 max_payload_bytes;
584 		u32 CP_profile_bytes;
585 		u32 max_CP_index;
586 	} __packed * pmqi = NULL;
587 
588 	rc = card_cache_fetch(card, info);
589 	if (rc || verify) {
590 		pmqi = kmalloc(sizeof(*pmqi), GFP_KERNEL);
591 		if (!pmqi)
592 			return -ENOMEM;
593 		rc = ep11_query_info(card, AUTOSEL_DOM,
594 				     0x01 /* module info query */,
595 				     sizeof(*pmqi), (u8 *) pmqi);
596 		if (rc) {
597 			if (rc == -ENODEV)
598 				card_cache_scrub(card);
599 			goto out;
600 		}
601 		memset(info, 0, sizeof(*info));
602 		info->API_ord_nr = pmqi->API_ord_nr;
603 		info->FW_version =
604 			(pmqi->FW_major_vers << 8) + pmqi->FW_minor_vers;
605 		memcpy(info->serial, pmqi->serial, sizeof(info->serial));
606 		info->op_mode = pmqi->op_mode;
607 		card_cache_update(card, info);
608 	}
609 
610 out:
611 	kfree(pmqi);
612 	return rc;
613 }
614 EXPORT_SYMBOL(ep11_get_card_info);
615 
616 /*
617  * Provide information about a domain within an EP11 card.
618  */
619 int ep11_get_domain_info(u16 card, u16 domain, struct ep11_domain_info *info)
620 {
621 	int rc;
622 	struct ep11_domain_query_info {
623 		u32 dom_index;
624 		u8  cur_WK_VP[32];
625 		u8  new_WK_VP[32];
626 		u32 dom_flags;
627 		u64 op_mode;
628 	} __packed * p_dom_info;
629 
630 	p_dom_info = kmalloc(sizeof(*p_dom_info), GFP_KERNEL);
631 	if (!p_dom_info)
632 		return -ENOMEM;
633 
634 	rc = ep11_query_info(card, domain, 0x03 /* domain info query */,
635 			     sizeof(*p_dom_info), (u8 *) p_dom_info);
636 	if (rc)
637 		goto out;
638 
639 	memset(info, 0, sizeof(*info));
640 	info->cur_wk_state = '0';
641 	info->new_wk_state = '0';
642 	if (p_dom_info->dom_flags & 0x10 /* left imprint mode */) {
643 		if (p_dom_info->dom_flags & 0x02 /* cur wk valid */) {
644 			info->cur_wk_state = '1';
645 			memcpy(info->cur_wkvp, p_dom_info->cur_WK_VP, 32);
646 		}
647 		if (p_dom_info->dom_flags & 0x04 /* new wk present */
648 		    || p_dom_info->dom_flags & 0x08 /* new wk committed */) {
649 			info->new_wk_state =
650 				p_dom_info->dom_flags & 0x08 ? '2' : '1';
651 			memcpy(info->new_wkvp, p_dom_info->new_WK_VP, 32);
652 		}
653 	}
654 	info->op_mode = p_dom_info->op_mode;
655 
656 out:
657 	kfree(p_dom_info);
658 	return rc;
659 }
660 EXPORT_SYMBOL(ep11_get_domain_info);
661 
662 /*
663  * Default EP11 AES key generate attributes, used when no keygenflags given:
664  * XCP_BLOB_ENCRYPT | XCP_BLOB_DECRYPT | XCP_BLOB_PROTKEY_EXTRACTABLE
665  */
666 #define KEY_ATTR_DEFAULTS 0x00200c00
667 
668 int ep11_genaeskey(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
669 		   u8 *keybuf, size_t *keybufsize)
670 {
671 	struct keygen_req_pl {
672 		struct pl_head head;
673 		u8  var_tag;
674 		u8  var_len;
675 		u32 var;
676 		u8  keybytes_tag;
677 		u8  keybytes_len;
678 		u32 keybytes;
679 		u8  mech_tag;
680 		u8  mech_len;
681 		u32 mech;
682 		u8  attr_tag;
683 		u8  attr_len;
684 		u32 attr_header;
685 		u32 attr_bool_mask;
686 		u32 attr_bool_bits;
687 		u32 attr_val_len_type;
688 		u32 attr_val_len_value;
689 		u8  pin_tag;
690 		u8  pin_len;
691 	} __packed * req_pl;
692 	struct keygen_rep_pl {
693 		struct pl_head head;
694 		u8  rc_tag;
695 		u8  rc_len;
696 		u32 rc;
697 		u8  data_tag;
698 		u8  data_lenfmt;
699 		u16 data_len;
700 		u8  data[512];
701 	} __packed * rep_pl;
702 	struct ep11_cprb *req = NULL, *rep = NULL;
703 	struct ep11_target_dev target;
704 	struct ep11_urb *urb = NULL;
705 	struct ep11keyblob *kb;
706 	int api, rc = -ENOMEM;
707 
708 	switch (keybitsize) {
709 	case 128:
710 	case 192:
711 	case 256:
712 		break;
713 	default:
714 		DEBUG_ERR(
715 			"%s unknown/unsupported keybitsize %d\n",
716 			__func__, keybitsize);
717 		rc = -EINVAL;
718 		goto out;
719 	}
720 
721 	/* request cprb and payload */
722 	req = alloc_cprb(sizeof(struct keygen_req_pl));
723 	if (!req)
724 		goto out;
725 	req_pl = (struct keygen_req_pl *) (((u8 *) req) + sizeof(*req));
726 	api = (!keygenflags || keygenflags & 0x00200000) ? 4 : 1;
727 	prep_head(&req_pl->head, sizeof(*req_pl), api, 21); /* GenerateKey */
728 	req_pl->var_tag = 0x04;
729 	req_pl->var_len = sizeof(u32);
730 	req_pl->keybytes_tag = 0x04;
731 	req_pl->keybytes_len = sizeof(u32);
732 	req_pl->keybytes = keybitsize / 8;
733 	req_pl->mech_tag = 0x04;
734 	req_pl->mech_len = sizeof(u32);
735 	req_pl->mech = 0x00001080; /* CKM_AES_KEY_GEN */
736 	req_pl->attr_tag = 0x04;
737 	req_pl->attr_len = 5 * sizeof(u32);
738 	req_pl->attr_header = 0x10010000;
739 	req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
740 	req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
741 	req_pl->attr_val_len_type = 0x00000161; /* CKA_VALUE_LEN */
742 	req_pl->attr_val_len_value = keybitsize / 8;
743 	req_pl->pin_tag = 0x04;
744 
745 	/* reply cprb and payload */
746 	rep = alloc_cprb(sizeof(struct keygen_rep_pl));
747 	if (!rep)
748 		goto out;
749 	rep_pl = (struct keygen_rep_pl *) (((u8 *) rep) + sizeof(*rep));
750 
751 	/* urb and target */
752 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
753 	if (!urb)
754 		goto out;
755 	target.ap_id = card;
756 	target.dom_id = domain;
757 	prep_urb(urb, &target, 1,
758 		 req, sizeof(*req) + sizeof(*req_pl),
759 		 rep, sizeof(*rep) + sizeof(*rep_pl));
760 
761 	rc = zcrypt_send_ep11_cprb(urb);
762 	if (rc) {
763 		DEBUG_ERR(
764 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
765 			__func__, (int) card, (int) domain, rc);
766 		goto out;
767 	}
768 
769 	rc = check_reply_pl((u8 *)rep_pl, __func__);
770 	if (rc)
771 		goto out;
772 	if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
773 		DEBUG_ERR("%s unknown reply data format\n", __func__);
774 		rc = -EIO;
775 		goto out;
776 	}
777 	if (rep_pl->data_len > *keybufsize) {
778 		DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
779 			  __func__);
780 		rc = -ENOSPC;
781 		goto out;
782 	}
783 
784 	/* copy key blob and set header values */
785 	memcpy(keybuf, rep_pl->data, rep_pl->data_len);
786 	*keybufsize = rep_pl->data_len;
787 	kb = (struct ep11keyblob *) keybuf;
788 	kb->head.type = TOKTYPE_NON_CCA;
789 	kb->head.len = rep_pl->data_len;
790 	kb->head.version = TOKVER_EP11_AES;
791 	kb->head.keybitlen = keybitsize;
792 
793 out:
794 	kfree(req);
795 	kfree(rep);
796 	kfree(urb);
797 	return rc;
798 }
799 EXPORT_SYMBOL(ep11_genaeskey);
800 
801 static int ep11_cryptsingle(u16 card, u16 domain,
802 			    u16 mode, u32 mech, const u8 *iv,
803 			    const u8 *key, size_t keysize,
804 			    const u8 *inbuf, size_t inbufsize,
805 			    u8 *outbuf, size_t *outbufsize)
806 {
807 	struct crypt_req_pl {
808 		struct pl_head head;
809 		u8  var_tag;
810 		u8  var_len;
811 		u32 var;
812 		u8  mech_tag;
813 		u8  mech_len;
814 		u32 mech;
815 		/*
816 		 * maybe followed by iv data
817 		 * followed by key tag + key blob
818 		 * followed by plaintext tag + plaintext
819 		 */
820 	} __packed * req_pl;
821 	struct crypt_rep_pl {
822 		struct pl_head head;
823 		u8  rc_tag;
824 		u8  rc_len;
825 		u32 rc;
826 		u8  data_tag;
827 		u8  data_lenfmt;
828 		/* data follows */
829 	} __packed * rep_pl;
830 	struct ep11_cprb *req = NULL, *rep = NULL;
831 	struct ep11_target_dev target;
832 	struct ep11_urb *urb = NULL;
833 	size_t req_pl_size, rep_pl_size;
834 	int n, api = 1, rc = -ENOMEM;
835 	u8 *p;
836 
837 	/* the simple asn1 coding used has length limits */
838 	if (keysize > 0xFFFF || inbufsize > 0xFFFF)
839 		return -EINVAL;
840 
841 	/* request cprb and payload */
842 	req_pl_size = sizeof(struct crypt_req_pl) + (iv ? 16 : 0)
843 		+ ASN1TAGLEN(keysize) + ASN1TAGLEN(inbufsize);
844 	req = alloc_cprb(req_pl_size);
845 	if (!req)
846 		goto out;
847 	req_pl = (struct crypt_req_pl *) (((u8 *) req) + sizeof(*req));
848 	prep_head(&req_pl->head, req_pl_size, api, (mode ? 20 : 19));
849 	req_pl->var_tag = 0x04;
850 	req_pl->var_len = sizeof(u32);
851 	/* mech is mech + mech params (iv here) */
852 	req_pl->mech_tag = 0x04;
853 	req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
854 	req_pl->mech = (mech ? mech : 0x00001085); /* CKM_AES_CBC_PAD */
855 	p = ((u8 *) req_pl) + sizeof(*req_pl);
856 	if (iv) {
857 		memcpy(p, iv, 16);
858 		p += 16;
859 	}
860 	/* key and input data */
861 	p += asn1tag_write(p, 0x04, key, keysize);
862 	p += asn1tag_write(p, 0x04, inbuf, inbufsize);
863 
864 	/* reply cprb and payload, assume out data size <= in data size + 32 */
865 	rep_pl_size = sizeof(struct crypt_rep_pl) + ASN1TAGLEN(inbufsize + 32);
866 	rep = alloc_cprb(rep_pl_size);
867 	if (!rep)
868 		goto out;
869 	rep_pl = (struct crypt_rep_pl *) (((u8 *) rep) + sizeof(*rep));
870 
871 	/* urb and target */
872 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
873 	if (!urb)
874 		goto out;
875 	target.ap_id = card;
876 	target.dom_id = domain;
877 	prep_urb(urb, &target, 1,
878 		 req, sizeof(*req) + req_pl_size,
879 		 rep, sizeof(*rep) + rep_pl_size);
880 
881 	rc = zcrypt_send_ep11_cprb(urb);
882 	if (rc) {
883 		DEBUG_ERR(
884 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
885 			__func__, (int) card, (int) domain, rc);
886 		goto out;
887 	}
888 
889 	rc = check_reply_pl((u8 *)rep_pl, __func__);
890 	if (rc)
891 		goto out;
892 	if (rep_pl->data_tag != 0x04) {
893 		DEBUG_ERR("%s unknown reply data format\n", __func__);
894 		rc = -EIO;
895 		goto out;
896 	}
897 	p = ((u8 *) rep_pl) + sizeof(*rep_pl);
898 	if (rep_pl->data_lenfmt <= 127)
899 		n = rep_pl->data_lenfmt;
900 	else if (rep_pl->data_lenfmt == 0x81)
901 		n = *p++;
902 	else if (rep_pl->data_lenfmt == 0x82) {
903 		n = *((u16 *) p);
904 		p += 2;
905 	} else {
906 		DEBUG_ERR("%s unknown reply data length format 0x%02hhx\n",
907 			  __func__, rep_pl->data_lenfmt);
908 		rc = -EIO;
909 		goto out;
910 	}
911 	if (n > *outbufsize) {
912 		DEBUG_ERR("%s mismatch reply data len %d / output buffer %zu\n",
913 			  __func__, n, *outbufsize);
914 		rc = -ENOSPC;
915 		goto out;
916 	}
917 
918 	memcpy(outbuf, p, n);
919 	*outbufsize = n;
920 
921 out:
922 	kfree(req);
923 	kfree(rep);
924 	kfree(urb);
925 	return rc;
926 }
927 
928 static int ep11_unwrapkey(u16 card, u16 domain,
929 			  const u8 *kek, size_t keksize,
930 			  const u8 *enckey, size_t enckeysize,
931 			  u32 mech, const u8 *iv,
932 			  u32 keybitsize, u32 keygenflags,
933 			  u8 *keybuf, size_t *keybufsize)
934 {
935 	struct uw_req_pl {
936 		struct pl_head head;
937 		u8  attr_tag;
938 		u8  attr_len;
939 		u32 attr_header;
940 		u32 attr_bool_mask;
941 		u32 attr_bool_bits;
942 		u32 attr_key_type;
943 		u32 attr_key_type_value;
944 		u32 attr_val_len;
945 		u32 attr_val_len_value;
946 		u8  mech_tag;
947 		u8  mech_len;
948 		u32 mech;
949 		/*
950 		 * maybe followed by iv data
951 		 * followed by kek tag + kek blob
952 		 * followed by empty mac tag
953 		 * followed by empty pin tag
954 		 * followed by encryted key tag + bytes
955 		 */
956 	} __packed * req_pl;
957 	struct uw_rep_pl {
958 		struct pl_head head;
959 		u8  rc_tag;
960 		u8  rc_len;
961 		u32 rc;
962 		u8  data_tag;
963 		u8  data_lenfmt;
964 		u16 data_len;
965 		u8  data[512];
966 	} __packed * rep_pl;
967 	struct ep11_cprb *req = NULL, *rep = NULL;
968 	struct ep11_target_dev target;
969 	struct ep11_urb *urb = NULL;
970 	struct ep11keyblob *kb;
971 	size_t req_pl_size;
972 	int api, rc = -ENOMEM;
973 	u8 *p;
974 
975 	/* request cprb and payload */
976 	req_pl_size = sizeof(struct uw_req_pl) + (iv ? 16 : 0)
977 		+ ASN1TAGLEN(keksize) + 4 + ASN1TAGLEN(enckeysize);
978 	req = alloc_cprb(req_pl_size);
979 	if (!req)
980 		goto out;
981 	req_pl = (struct uw_req_pl *) (((u8 *) req) + sizeof(*req));
982 	api = (!keygenflags || keygenflags & 0x00200000) ? 4 : 1;
983 	prep_head(&req_pl->head, req_pl_size, api, 34); /* UnwrapKey */
984 	req_pl->attr_tag = 0x04;
985 	req_pl->attr_len = 7 * sizeof(u32);
986 	req_pl->attr_header = 0x10020000;
987 	req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
988 	req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
989 	req_pl->attr_key_type = 0x00000100; /* CKA_KEY_TYPE */
990 	req_pl->attr_key_type_value = 0x0000001f; /* CKK_AES */
991 	req_pl->attr_val_len = 0x00000161; /* CKA_VALUE_LEN */
992 	req_pl->attr_val_len_value = keybitsize / 8;
993 	/* mech is mech + mech params (iv here) */
994 	req_pl->mech_tag = 0x04;
995 	req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
996 	req_pl->mech = (mech ? mech : 0x00001085); /* CKM_AES_CBC_PAD */
997 	p = ((u8 *) req_pl) + sizeof(*req_pl);
998 	if (iv) {
999 		memcpy(p, iv, 16);
1000 		p += 16;
1001 	}
1002 	/* kek */
1003 	p += asn1tag_write(p, 0x04, kek, keksize);
1004 	/* empty mac key tag */
1005 	*p++ = 0x04;
1006 	*p++ = 0;
1007 	/* empty pin tag */
1008 	*p++ = 0x04;
1009 	*p++ = 0;
1010 	/* encrypted key value tag and bytes */
1011 	p += asn1tag_write(p, 0x04, enckey, enckeysize);
1012 
1013 	/* reply cprb and payload */
1014 	rep = alloc_cprb(sizeof(struct uw_rep_pl));
1015 	if (!rep)
1016 		goto out;
1017 	rep_pl = (struct uw_rep_pl *) (((u8 *) rep) + sizeof(*rep));
1018 
1019 	/* urb and target */
1020 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
1021 	if (!urb)
1022 		goto out;
1023 	target.ap_id = card;
1024 	target.dom_id = domain;
1025 	prep_urb(urb, &target, 1,
1026 		 req, sizeof(*req) + req_pl_size,
1027 		 rep, sizeof(*rep) + sizeof(*rep_pl));
1028 
1029 	rc = zcrypt_send_ep11_cprb(urb);
1030 	if (rc) {
1031 		DEBUG_ERR(
1032 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
1033 			__func__, (int) card, (int) domain, rc);
1034 		goto out;
1035 	}
1036 
1037 	rc = check_reply_pl((u8 *)rep_pl, __func__);
1038 	if (rc)
1039 		goto out;
1040 	if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
1041 		DEBUG_ERR("%s unknown reply data format\n", __func__);
1042 		rc = -EIO;
1043 		goto out;
1044 	}
1045 	if (rep_pl->data_len > *keybufsize) {
1046 		DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
1047 			  __func__);
1048 		rc = -ENOSPC;
1049 		goto out;
1050 	}
1051 
1052 	/* copy key blob and set header values */
1053 	memcpy(keybuf, rep_pl->data, rep_pl->data_len);
1054 	*keybufsize = rep_pl->data_len;
1055 	kb = (struct ep11keyblob *) keybuf;
1056 	kb->head.type = TOKTYPE_NON_CCA;
1057 	kb->head.len = rep_pl->data_len;
1058 	kb->head.version = TOKVER_EP11_AES;
1059 	kb->head.keybitlen = keybitsize;
1060 
1061 out:
1062 	kfree(req);
1063 	kfree(rep);
1064 	kfree(urb);
1065 	return rc;
1066 }
1067 
1068 static int ep11_wrapkey(u16 card, u16 domain,
1069 			const u8 *key, size_t keysize,
1070 			u32 mech, const u8 *iv,
1071 			u8 *databuf, size_t *datasize)
1072 {
1073 	struct wk_req_pl {
1074 		struct pl_head head;
1075 		u8  var_tag;
1076 		u8  var_len;
1077 		u32 var;
1078 		u8  mech_tag;
1079 		u8  mech_len;
1080 		u32 mech;
1081 		/*
1082 		 * followed by iv data
1083 		 * followed by key tag + key blob
1084 		 * followed by dummy kek param
1085 		 * followed by dummy mac param
1086 		 */
1087 	} __packed * req_pl;
1088 	struct wk_rep_pl {
1089 		struct pl_head head;
1090 		u8  rc_tag;
1091 		u8  rc_len;
1092 		u32 rc;
1093 		u8  data_tag;
1094 		u8  data_lenfmt;
1095 		u16 data_len;
1096 		u8  data[1024];
1097 	} __packed * rep_pl;
1098 	struct ep11_cprb *req = NULL, *rep = NULL;
1099 	struct ep11_target_dev target;
1100 	struct ep11_urb *urb = NULL;
1101 	struct ep11keyblob *kb;
1102 	size_t req_pl_size;
1103 	int api, rc = -ENOMEM;
1104 	bool has_header = false;
1105 	u8 *p;
1106 
1107 	/* maybe the session field holds a header with key info */
1108 	kb = (struct ep11keyblob *) key;
1109 	if (kb->head.type == TOKTYPE_NON_CCA &&
1110 	    kb->head.version == TOKVER_EP11_AES) {
1111 		has_header = true;
1112 		keysize = min_t(size_t, kb->head.len, keysize);
1113 	}
1114 
1115 	/* request cprb and payload */
1116 	req_pl_size = sizeof(struct wk_req_pl) + (iv ? 16 : 0)
1117 		+ ASN1TAGLEN(keysize) + 4;
1118 	req = alloc_cprb(req_pl_size);
1119 	if (!req)
1120 		goto out;
1121 	if (!mech || mech == 0x80060001)
1122 		req->flags |= 0x20; /* CPACF_WRAP needs special bit */
1123 	req_pl = (struct wk_req_pl *) (((u8 *) req) + sizeof(*req));
1124 	api = (!mech || mech == 0x80060001) ? 4 : 1; /* CKM_IBM_CPACF_WRAP */
1125 	prep_head(&req_pl->head, req_pl_size, api, 33); /* WrapKey */
1126 	req_pl->var_tag = 0x04;
1127 	req_pl->var_len = sizeof(u32);
1128 	/* mech is mech + mech params (iv here) */
1129 	req_pl->mech_tag = 0x04;
1130 	req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
1131 	req_pl->mech = (mech ? mech : 0x80060001); /* CKM_IBM_CPACF_WRAP */
1132 	p = ((u8 *) req_pl) + sizeof(*req_pl);
1133 	if (iv) {
1134 		memcpy(p, iv, 16);
1135 		p += 16;
1136 	}
1137 	/* key blob */
1138 	p += asn1tag_write(p, 0x04, key, keysize);
1139 	/* maybe the key argument needs the head data cleaned out */
1140 	if (has_header) {
1141 		kb = (struct ep11keyblob *)(p - keysize);
1142 		memset(&kb->head, 0, sizeof(kb->head));
1143 	}
1144 	/* empty kek tag */
1145 	*p++ = 0x04;
1146 	*p++ = 0;
1147 	/* empty mac tag */
1148 	*p++ = 0x04;
1149 	*p++ = 0;
1150 
1151 	/* reply cprb and payload */
1152 	rep = alloc_cprb(sizeof(struct wk_rep_pl));
1153 	if (!rep)
1154 		goto out;
1155 	rep_pl = (struct wk_rep_pl *) (((u8 *) rep) + sizeof(*rep));
1156 
1157 	/* urb and target */
1158 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
1159 	if (!urb)
1160 		goto out;
1161 	target.ap_id = card;
1162 	target.dom_id = domain;
1163 	prep_urb(urb, &target, 1,
1164 		 req, sizeof(*req) + req_pl_size,
1165 		 rep, sizeof(*rep) + sizeof(*rep_pl));
1166 
1167 	rc = zcrypt_send_ep11_cprb(urb);
1168 	if (rc) {
1169 		DEBUG_ERR(
1170 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
1171 			__func__, (int) card, (int) domain, rc);
1172 		goto out;
1173 	}
1174 
1175 	rc = check_reply_pl((u8 *)rep_pl, __func__);
1176 	if (rc)
1177 		goto out;
1178 	if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
1179 		DEBUG_ERR("%s unknown reply data format\n", __func__);
1180 		rc = -EIO;
1181 		goto out;
1182 	}
1183 	if (rep_pl->data_len > *datasize) {
1184 		DEBUG_ERR("%s mismatch reply data len / data buffer len\n",
1185 			  __func__);
1186 		rc = -ENOSPC;
1187 		goto out;
1188 	}
1189 
1190 	/* copy the data from the cprb to the data buffer */
1191 	memcpy(databuf, rep_pl->data, rep_pl->data_len);
1192 	*datasize = rep_pl->data_len;
1193 
1194 out:
1195 	kfree(req);
1196 	kfree(rep);
1197 	kfree(urb);
1198 	return rc;
1199 }
1200 
1201 int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
1202 		     const u8 *clrkey, u8 *keybuf, size_t *keybufsize)
1203 {
1204 	int rc;
1205 	struct ep11keyblob *kb;
1206 	u8 encbuf[64], *kek = NULL;
1207 	size_t clrkeylen, keklen, encbuflen = sizeof(encbuf);
1208 
1209 	if (keybitsize == 128 || keybitsize == 192 || keybitsize == 256)
1210 		clrkeylen = keybitsize / 8;
1211 	else {
1212 		DEBUG_ERR(
1213 			"%s unknown/unsupported keybitsize %d\n",
1214 			__func__, keybitsize);
1215 		return -EINVAL;
1216 	}
1217 
1218 	/* allocate memory for the temp kek */
1219 	keklen = MAXEP11AESKEYBLOBSIZE;
1220 	kek = kmalloc(keklen, GFP_ATOMIC);
1221 	if (!kek) {
1222 		rc = -ENOMEM;
1223 		goto out;
1224 	}
1225 
1226 	/* Step 1: generate AES 256 bit random kek key */
1227 	rc = ep11_genaeskey(card, domain, 256,
1228 			    0x00006c00, /* EN/DECRYPT, WRAP/UNWRAP */
1229 			    kek, &keklen);
1230 	if (rc) {
1231 		DEBUG_ERR(
1232 			"%s generate kek key failed, rc=%d\n",
1233 			__func__, rc);
1234 		goto out;
1235 	}
1236 	kb = (struct ep11keyblob *) kek;
1237 	memset(&kb->head, 0, sizeof(kb->head));
1238 
1239 	/* Step 2: encrypt clear key value with the kek key */
1240 	rc = ep11_cryptsingle(card, domain, 0, 0, def_iv, kek, keklen,
1241 			      clrkey, clrkeylen, encbuf, &encbuflen);
1242 	if (rc) {
1243 		DEBUG_ERR(
1244 			"%s encrypting key value with kek key failed, rc=%d\n",
1245 			__func__, rc);
1246 		goto out;
1247 	}
1248 
1249 	/* Step 3: import the encrypted key value as a new key */
1250 	rc = ep11_unwrapkey(card, domain, kek, keklen,
1251 			    encbuf, encbuflen, 0, def_iv,
1252 			    keybitsize, 0, keybuf, keybufsize);
1253 	if (rc) {
1254 		DEBUG_ERR(
1255 			"%s importing key value as new key failed,, rc=%d\n",
1256 			__func__, rc);
1257 		goto out;
1258 	}
1259 
1260 out:
1261 	kfree(kek);
1262 	return rc;
1263 }
1264 EXPORT_SYMBOL(ep11_clr2keyblob);
1265 
1266 int ep11_kblob2protkey(u16 card, u16 dom, const u8 *keyblob, size_t keybloblen,
1267 		       u8 *protkey, u32 *protkeylen, u32 *protkeytype)
1268 {
1269 	int rc = -EIO;
1270 	u8 *wkbuf = NULL;
1271 	size_t wkbuflen, keylen;
1272 	struct wk_info {
1273 		u16 version;
1274 		u8  res1[16];
1275 		u32 pkeytype;
1276 		u32 pkeybitsize;
1277 		u64 pkeysize;
1278 		u8  res2[8];
1279 		u8  pkey[0];
1280 	} __packed * wki;
1281 	const u8 *key;
1282 	struct ep11kblob_header *hdr;
1283 
1284 	/* key with or without header ? */
1285 	hdr = (struct ep11kblob_header *) keyblob;
1286 	if (hdr->type == TOKTYPE_NON_CCA
1287 	    && (hdr->version == TOKVER_EP11_AES_WITH_HEADER
1288 		|| hdr->version == TOKVER_EP11_ECC_WITH_HEADER)
1289 	    && is_ep11_keyblob(keyblob + sizeof(struct ep11kblob_header))) {
1290 		/* EP11 AES or ECC key with header */
1291 		key = keyblob + sizeof(struct ep11kblob_header);
1292 		keylen = hdr->len - sizeof(struct ep11kblob_header);
1293 	} else if (hdr->type == TOKTYPE_NON_CCA
1294 		   && hdr->version == TOKVER_EP11_AES
1295 		   && is_ep11_keyblob(keyblob)) {
1296 		/* EP11 AES key (old style) */
1297 		key = keyblob;
1298 		keylen = hdr->len;
1299 	} else if (is_ep11_keyblob(keyblob)) {
1300 		/* raw EP11 key blob */
1301 		key = keyblob;
1302 		keylen = keybloblen;
1303 	} else
1304 		return -EINVAL;
1305 
1306 	/* alloc temp working buffer */
1307 	wkbuflen = (keylen + AES_BLOCK_SIZE) & (~(AES_BLOCK_SIZE - 1));
1308 	wkbuf = kmalloc(wkbuflen, GFP_ATOMIC);
1309 	if (!wkbuf)
1310 		return -ENOMEM;
1311 
1312 	/* ep11 secure key -> protected key + info */
1313 	rc = ep11_wrapkey(card, dom, key, keylen,
1314 			  0, def_iv, wkbuf, &wkbuflen);
1315 	if (rc) {
1316 		DEBUG_ERR(
1317 			"%s rewrapping ep11 key to pkey failed, rc=%d\n",
1318 			__func__, rc);
1319 		goto out;
1320 	}
1321 	wki = (struct wk_info *) wkbuf;
1322 
1323 	/* check struct version and pkey type */
1324 	if (wki->version != 1 || wki->pkeytype < 1 || wki->pkeytype > 5) {
1325 		DEBUG_ERR("%s wk info version %d or pkeytype %d mismatch.\n",
1326 			  __func__, (int) wki->version, (int) wki->pkeytype);
1327 		rc = -EIO;
1328 		goto out;
1329 	}
1330 
1331 	/* check protected key type field */
1332 	switch (wki->pkeytype) {
1333 	case 1: /* AES */
1334 		switch (wki->pkeysize) {
1335 		case 16+32:
1336 			/* AES 128 protected key */
1337 			if (protkeytype)
1338 				*protkeytype = PKEY_KEYTYPE_AES_128;
1339 			break;
1340 		case 24+32:
1341 			/* AES 192 protected key */
1342 			if (protkeytype)
1343 				*protkeytype = PKEY_KEYTYPE_AES_192;
1344 			break;
1345 		case 32+32:
1346 			/* AES 256 protected key */
1347 			if (protkeytype)
1348 				*protkeytype = PKEY_KEYTYPE_AES_256;
1349 			break;
1350 		default:
1351 			DEBUG_ERR("%s unknown/unsupported AES pkeysize %d\n",
1352 				  __func__, (int) wki->pkeysize);
1353 			rc = -EIO;
1354 			goto out;
1355 		}
1356 		break;
1357 	case 3: /* EC-P */
1358 	case 4: /* EC-ED */
1359 	case 5: /* EC-BP */
1360 		if (protkeytype)
1361 			*protkeytype = PKEY_KEYTYPE_ECC;
1362 		break;
1363 	case 2: /* TDES */
1364 	default:
1365 		DEBUG_ERR("%s unknown/unsupported key type %d\n",
1366 			  __func__, (int) wki->pkeytype);
1367 		rc = -EIO;
1368 		goto out;
1369 	}
1370 
1371 	/* copy the tanslated protected key */
1372 	if (wki->pkeysize > *protkeylen) {
1373 		DEBUG_ERR("%s wk info pkeysize %llu > protkeysize %u\n",
1374 			  __func__, wki->pkeysize, *protkeylen);
1375 		rc = -EINVAL;
1376 		goto out;
1377 	}
1378 	memcpy(protkey, wki->pkey, wki->pkeysize);
1379 	*protkeylen = wki->pkeysize;
1380 
1381 out:
1382 	kfree(wkbuf);
1383 	return rc;
1384 }
1385 EXPORT_SYMBOL(ep11_kblob2protkey);
1386 
1387 int ep11_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
1388 		   int minhwtype, int minapi, const u8 *wkvp)
1389 {
1390 	struct zcrypt_device_status_ext *device_status;
1391 	u32 *_apqns = NULL, _nr_apqns = 0;
1392 	int i, card, dom, rc = -ENOMEM;
1393 	struct ep11_domain_info edi;
1394 	struct ep11_card_info eci;
1395 
1396 	/* fetch status of all crypto cards */
1397 	device_status = kvmalloc_array(MAX_ZDEV_ENTRIES_EXT,
1398 				       sizeof(struct zcrypt_device_status_ext),
1399 				       GFP_KERNEL);
1400 	if (!device_status)
1401 		return -ENOMEM;
1402 	zcrypt_device_status_mask_ext(device_status);
1403 
1404 	/* allocate 1k space for up to 256 apqns */
1405 	_apqns = kmalloc_array(256, sizeof(u32), GFP_KERNEL);
1406 	if (!_apqns) {
1407 		kvfree(device_status);
1408 		return -ENOMEM;
1409 	}
1410 
1411 	/* walk through all the crypto apqnss */
1412 	for (i = 0; i < MAX_ZDEV_ENTRIES_EXT; i++) {
1413 		card = AP_QID_CARD(device_status[i].qid);
1414 		dom = AP_QID_QUEUE(device_status[i].qid);
1415 		/* check online state */
1416 		if (!device_status[i].online)
1417 			continue;
1418 		/* check for ep11 functions */
1419 		if (!(device_status[i].functions & 0x01))
1420 			continue;
1421 		/* check cardnr */
1422 		if (cardnr != 0xFFFF && card != cardnr)
1423 			continue;
1424 		/* check domain */
1425 		if (domain != 0xFFFF && dom != domain)
1426 			continue;
1427 		/* check min hardware type */
1428 		if (minhwtype && device_status[i].hwtype < minhwtype)
1429 			continue;
1430 		/* check min api version if given */
1431 		if (minapi > 0) {
1432 			if (ep11_get_card_info(card, &eci, 0))
1433 				continue;
1434 			if (minapi > eci.API_ord_nr)
1435 				continue;
1436 		}
1437 		/* check wkvp if given */
1438 		if (wkvp) {
1439 			if (ep11_get_domain_info(card, dom, &edi))
1440 				continue;
1441 			if (edi.cur_wk_state != '1')
1442 				continue;
1443 			if (memcmp(wkvp, edi.cur_wkvp, 16))
1444 				continue;
1445 		}
1446 		/* apqn passed all filtering criterons, add to the array */
1447 		if (_nr_apqns < 256)
1448 			_apqns[_nr_apqns++] = (((u16)card) << 16) | ((u16) dom);
1449 	}
1450 
1451 	/* nothing found ? */
1452 	if (!_nr_apqns) {
1453 		kfree(_apqns);
1454 		rc = -ENODEV;
1455 	} else {
1456 		/* no re-allocation, simple return the _apqns array */
1457 		*apqns = _apqns;
1458 		*nr_apqns = _nr_apqns;
1459 		rc = 0;
1460 	}
1461 
1462 	kvfree(device_status);
1463 	return rc;
1464 }
1465 EXPORT_SYMBOL(ep11_findcard2);
1466 
1467 void __exit zcrypt_ep11misc_exit(void)
1468 {
1469 	card_cache_free();
1470 }
1471