1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  Copyright IBM Corp. 2019
4  *  Author(s): Harald Freudenberger <freude@linux.ibm.com>
5  *
6  *  Collection of EP11 misc functions used by zcrypt and pkey
7  */
8 
9 #define KMSG_COMPONENT "zcrypt"
10 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
11 
12 #include <linux/init.h>
13 #include <linux/module.h>
14 #include <linux/slab.h>
15 #include <linux/random.h>
16 #include <asm/zcrypt.h>
17 #include <asm/pkey.h>
18 
19 #include "ap_bus.h"
20 #include "zcrypt_api.h"
21 #include "zcrypt_debug.h"
22 #include "zcrypt_msgtype6.h"
23 #include "zcrypt_ep11misc.h"
24 #include "zcrypt_ccamisc.h"
25 
26 #define DEBUG_DBG(...)	ZCRYPT_DBF(DBF_DEBUG, ##__VA_ARGS__)
27 #define DEBUG_INFO(...) ZCRYPT_DBF(DBF_INFO, ##__VA_ARGS__)
28 #define DEBUG_WARN(...) ZCRYPT_DBF(DBF_WARN, ##__VA_ARGS__)
29 #define DEBUG_ERR(...)	ZCRYPT_DBF(DBF_ERR, ##__VA_ARGS__)
30 
31 /* default iv used here */
32 static const u8 def_iv[16] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
33 			       0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
34 
35 /* ep11 card info cache */
36 struct card_list_entry {
37 	struct list_head list;
38 	u16 cardnr;
39 	struct ep11_card_info info;
40 };
41 static LIST_HEAD(card_list);
42 static DEFINE_SPINLOCK(card_list_lock);
43 
44 static int card_cache_fetch(u16 cardnr, struct ep11_card_info *ci)
45 {
46 	int rc = -ENOENT;
47 	struct card_list_entry *ptr;
48 
49 	spin_lock_bh(&card_list_lock);
50 	list_for_each_entry(ptr, &card_list, list) {
51 		if (ptr->cardnr == cardnr) {
52 			memcpy(ci, &ptr->info, sizeof(*ci));
53 			rc = 0;
54 			break;
55 		}
56 	}
57 	spin_unlock_bh(&card_list_lock);
58 
59 	return rc;
60 }
61 
62 static void card_cache_update(u16 cardnr, const struct ep11_card_info *ci)
63 {
64 	int found = 0;
65 	struct card_list_entry *ptr;
66 
67 	spin_lock_bh(&card_list_lock);
68 	list_for_each_entry(ptr, &card_list, list) {
69 		if (ptr->cardnr == cardnr) {
70 			memcpy(&ptr->info, ci, sizeof(*ci));
71 			found = 1;
72 			break;
73 		}
74 	}
75 	if (!found) {
76 		ptr = kmalloc(sizeof(*ptr), GFP_ATOMIC);
77 		if (!ptr) {
78 			spin_unlock_bh(&card_list_lock);
79 			return;
80 		}
81 		ptr->cardnr = cardnr;
82 		memcpy(&ptr->info, ci, sizeof(*ci));
83 		list_add(&ptr->list, &card_list);
84 	}
85 	spin_unlock_bh(&card_list_lock);
86 }
87 
88 static void card_cache_scrub(u16 cardnr)
89 {
90 	struct card_list_entry *ptr;
91 
92 	spin_lock_bh(&card_list_lock);
93 	list_for_each_entry(ptr, &card_list, list) {
94 		if (ptr->cardnr == cardnr) {
95 			list_del(&ptr->list);
96 			kfree(ptr);
97 			break;
98 		}
99 	}
100 	spin_unlock_bh(&card_list_lock);
101 }
102 
103 static void __exit card_cache_free(void)
104 {
105 	struct card_list_entry *ptr, *pnext;
106 
107 	spin_lock_bh(&card_list_lock);
108 	list_for_each_entry_safe(ptr, pnext, &card_list, list) {
109 		list_del(&ptr->list);
110 		kfree(ptr);
111 	}
112 	spin_unlock_bh(&card_list_lock);
113 }
114 
115 /*
116  * Simple check if the key blob is a valid EP11 secure AES key.
117  */
118 int ep11_check_aeskeyblob(debug_info_t *dbg, int dbflvl,
119 			  const u8 *key, int keybitsize,
120 			  int checkcpacfexport)
121 {
122 	struct ep11keyblob *kb = (struct ep11keyblob *) key;
123 
124 #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
125 
126 	if (kb->head.type != TOKTYPE_NON_CCA) {
127 		if (dbg)
128 			DBF("%s key check failed, type 0x%02x != 0x%02x\n",
129 			    __func__, (int) kb->head.type, TOKTYPE_NON_CCA);
130 		return -EINVAL;
131 	}
132 	if (kb->head.version != TOKVER_EP11_AES) {
133 		if (dbg)
134 			DBF("%s key check failed, version 0x%02x != 0x%02x\n",
135 			    __func__, (int) kb->head.version, TOKVER_EP11_AES);
136 		return -EINVAL;
137 	}
138 	if (kb->version != EP11_STRUCT_MAGIC) {
139 		if (dbg)
140 			DBF("%s key check failed, magic 0x%04x != 0x%04x\n",
141 			    __func__, (int) kb->version, EP11_STRUCT_MAGIC);
142 		return -EINVAL;
143 	}
144 	switch (kb->head.keybitlen) {
145 	case 128:
146 	case 192:
147 	case 256:
148 		break;
149 	default:
150 		if (dbg)
151 			DBF("%s key check failed, keybitlen %d invalid\n",
152 			    __func__, (int) kb->head.keybitlen);
153 		return -EINVAL;
154 	}
155 	if (keybitsize > 0 && keybitsize != (int) kb->head.keybitlen) {
156 		DBF("%s key check failed, keybitsize %d\n",
157 		    __func__, keybitsize);
158 		return -EINVAL;
159 	}
160 	if (checkcpacfexport && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
161 		if (dbg)
162 			DBF("%s key check failed, PKEY_EXTRACTABLE is 0\n",
163 			    __func__);
164 		return -EINVAL;
165 	}
166 #undef DBF
167 
168 	return 0;
169 }
170 EXPORT_SYMBOL(ep11_check_aeskeyblob);
171 
172 /*
173  * Helper function which calls zcrypt_send_ep11_cprb with
174  * memory management segment adjusted to kernel space
175  * so that the copy_from_user called within this
176  * function do in fact copy from kernel space.
177  */
178 static inline int _zcrypt_send_ep11_cprb(struct ep11_urb *urb)
179 {
180 	int rc;
181 	mm_segment_t old_fs = get_fs();
182 
183 	set_fs(KERNEL_DS);
184 	rc = zcrypt_send_ep11_cprb(urb);
185 	set_fs(old_fs);
186 
187 	return rc;
188 }
189 
190 /*
191  * Allocate and prepare ep11 cprb plus additional payload.
192  */
193 static inline struct ep11_cprb *alloc_cprb(size_t payload_len)
194 {
195 	size_t len = sizeof(struct ep11_cprb) + payload_len;
196 	struct ep11_cprb *cprb;
197 
198 	cprb = kmalloc(len, GFP_KERNEL);
199 	if (!cprb)
200 		return NULL;
201 
202 	memset(cprb, 0, len);
203 	cprb->cprb_len = sizeof(struct ep11_cprb);
204 	cprb->cprb_ver_id = 0x04;
205 	memcpy(cprb->func_id, "T4", 2);
206 	cprb->ret_code = 0xFFFFFFFF;
207 	cprb->payload_len = payload_len;
208 
209 	return cprb;
210 }
211 
212 /*
213  * Some helper functions related to ASN1 encoding.
214  * Limited to length info <= 2 byte.
215  */
216 
217 #define ASN1TAGLEN(x) (2 + (x) + ((x) > 127 ? 1 : 0) + ((x) > 255 ? 1 : 0))
218 
219 static int asn1tag_write(u8 *ptr, u8 tag, const u8 *pvalue, u16 valuelen)
220 {
221 	ptr[0] = tag;
222 	if (valuelen > 255) {
223 		ptr[1] = 0x82;
224 		*((u16 *)(ptr + 2)) = valuelen;
225 		memcpy(ptr + 4, pvalue, valuelen);
226 		return 4 + valuelen;
227 	}
228 	if (valuelen > 127) {
229 		ptr[1] = 0x81;
230 		ptr[2] = (u8) valuelen;
231 		memcpy(ptr + 3, pvalue, valuelen);
232 		return 3 + valuelen;
233 	}
234 	ptr[1] = (u8) valuelen;
235 	memcpy(ptr + 2, pvalue, valuelen);
236 	return 2 + valuelen;
237 }
238 
239 /* EP11 payload > 127 bytes starts with this struct */
240 struct pl_head {
241 	u8  tag;
242 	u8  lenfmt;
243 	u16 len;
244 	u8  func_tag;
245 	u8  func_len;
246 	u32 func;
247 	u8  dom_tag;
248 	u8  dom_len;
249 	u32 dom;
250 } __packed;
251 
252 /* prep ep11 payload head helper function */
253 static inline void prep_head(struct pl_head *h,
254 			     size_t pl_size, int api, int func)
255 {
256 	h->tag = 0x30;
257 	h->lenfmt = 0x82;
258 	h->len = pl_size - 4;
259 	h->func_tag = 0x04;
260 	h->func_len = sizeof(u32);
261 	h->func = (api << 16) + func;
262 	h->dom_tag = 0x04;
263 	h->dom_len = sizeof(u32);
264 }
265 
266 /* prep urb helper function */
267 static inline void prep_urb(struct ep11_urb *u,
268 			    struct ep11_target_dev *t, int nt,
269 			    struct ep11_cprb *req, size_t req_len,
270 			    struct ep11_cprb *rep, size_t rep_len)
271 {
272 	u->targets = (u8 __user *) t;
273 	u->targets_num = nt;
274 	u->req = (u8 __user *) req;
275 	u->req_len = req_len;
276 	u->resp = (u8 __user *) rep;
277 	u->resp_len = rep_len;
278 }
279 
280 /* Check ep11 reply payload, return 0 or suggested errno value. */
281 static int check_reply_pl(const u8 *pl, const char *func)
282 {
283 	int len;
284 	u32 ret;
285 
286 	/* start tag */
287 	if (*pl++ != 0x30) {
288 		DEBUG_ERR("%s reply start tag mismatch\n", func);
289 		return -EIO;
290 	}
291 
292 	/* payload length format */
293 	if (*pl < 127) {
294 		len = *pl;
295 		pl++;
296 	} else if (*pl == 0x81) {
297 		pl++;
298 		len = *pl;
299 		pl++;
300 	} else if (*pl == 0x82) {
301 		pl++;
302 		len = *((u16 *)pl);
303 		pl += 2;
304 	} else {
305 		DEBUG_ERR("%s reply start tag lenfmt mismatch 0x%02hhx\n",
306 			  func, *pl);
307 		return -EIO;
308 	}
309 
310 	/* len should cover at least 3 fields with 32 bit value each */
311 	if (len < 3 * 6) {
312 		DEBUG_ERR("%s reply length %d too small\n", func, len);
313 		return -EIO;
314 	}
315 
316 	/* function tag, length and value */
317 	if (pl[0] != 0x04 || pl[1] != 0x04) {
318 		DEBUG_ERR("%s function tag or length mismatch\n", func);
319 		return -EIO;
320 	}
321 	pl += 6;
322 
323 	/* dom tag, length and value */
324 	if (pl[0] != 0x04 || pl[1] != 0x04) {
325 		DEBUG_ERR("%s dom tag or length mismatch\n", func);
326 		return -EIO;
327 	}
328 	pl += 6;
329 
330 	/* return value tag, length and value */
331 	if (pl[0] != 0x04 || pl[1] != 0x04) {
332 		DEBUG_ERR("%s return value tag or length mismatch\n", func);
333 		return -EIO;
334 	}
335 	pl += 2;
336 	ret = *((u32 *)pl);
337 	if (ret != 0) {
338 		DEBUG_ERR("%s return value 0x%04x != 0\n", func, ret);
339 		return -EIO;
340 	}
341 
342 	return 0;
343 }
344 
345 
346 /*
347  * Helper function which does an ep11 query with given query type.
348  */
349 static int ep11_query_info(u16 cardnr, u16 domain, u32 query_type,
350 			   size_t buflen, u8 *buf)
351 {
352 	struct ep11_info_req_pl {
353 		struct pl_head head;
354 		u8  query_type_tag;
355 		u8  query_type_len;
356 		u32 query_type;
357 		u8  query_subtype_tag;
358 		u8  query_subtype_len;
359 		u32 query_subtype;
360 	} __packed * req_pl;
361 	struct ep11_info_rep_pl {
362 		struct pl_head head;
363 		u8  rc_tag;
364 		u8  rc_len;
365 		u32 rc;
366 		u8  data_tag;
367 		u8  data_lenfmt;
368 		u16 data_len;
369 	} __packed * rep_pl;
370 	struct ep11_cprb *req = NULL, *rep = NULL;
371 	struct ep11_target_dev target;
372 	struct ep11_urb *urb = NULL;
373 	int api = 1, rc = -ENOMEM;
374 
375 	/* request cprb and payload */
376 	req = alloc_cprb(sizeof(struct ep11_info_req_pl));
377 	if (!req)
378 		goto out;
379 	req_pl = (struct ep11_info_req_pl *) (((u8 *) req) + sizeof(*req));
380 	prep_head(&req_pl->head, sizeof(*req_pl), api, 38); /* get xcp info */
381 	req_pl->query_type_tag = 0x04;
382 	req_pl->query_type_len = sizeof(u32);
383 	req_pl->query_type = query_type;
384 	req_pl->query_subtype_tag = 0x04;
385 	req_pl->query_subtype_len = sizeof(u32);
386 
387 	/* reply cprb and payload */
388 	rep = alloc_cprb(sizeof(struct ep11_info_rep_pl) + buflen);
389 	if (!rep)
390 		goto out;
391 	rep_pl = (struct ep11_info_rep_pl *) (((u8 *) rep) + sizeof(*rep));
392 
393 	/* urb and target */
394 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
395 	if (!urb)
396 		goto out;
397 	target.ap_id = cardnr;
398 	target.dom_id = domain;
399 	prep_urb(urb, &target, 1,
400 		 req, sizeof(*req) + sizeof(*req_pl),
401 		 rep, sizeof(*rep) + sizeof(*rep_pl) + buflen);
402 
403 	rc = _zcrypt_send_ep11_cprb(urb);
404 	if (rc) {
405 		DEBUG_ERR(
406 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
407 			__func__, (int) cardnr, (int) domain, rc);
408 		goto out;
409 	}
410 
411 	rc = check_reply_pl((u8 *)rep_pl, __func__);
412 	if (rc)
413 		goto out;
414 	if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
415 		DEBUG_ERR("%s unknown reply data format\n", __func__);
416 		rc = -EIO;
417 		goto out;
418 	}
419 	if (rep_pl->data_len > buflen) {
420 		DEBUG_ERR("%s mismatch between reply data len and buffer len\n",
421 			  __func__);
422 		rc = -ENOSPC;
423 		goto out;
424 	}
425 
426 	memcpy(buf, ((u8 *) rep_pl) + sizeof(*rep_pl), rep_pl->data_len);
427 
428 out:
429 	kfree(req);
430 	kfree(rep);
431 	kfree(urb);
432 	return rc;
433 }
434 
435 /*
436  * Provide information about an EP11 card.
437  */
438 int ep11_get_card_info(u16 card, struct ep11_card_info *info, int verify)
439 {
440 	int rc;
441 	struct ep11_module_query_info {
442 		u32 API_ord_nr;
443 		u32 firmware_id;
444 		u8  FW_major_vers;
445 		u8  FW_minor_vers;
446 		u8  CSP_major_vers;
447 		u8  CSP_minor_vers;
448 		u8  fwid[32];
449 		u8  xcp_config_hash[32];
450 		u8  CSP_config_hash[32];
451 		u8  serial[16];
452 		u8  module_date_time[16];
453 		u64 op_mode;
454 		u32 PKCS11_flags;
455 		u32 ext_flags;
456 		u32 domains;
457 		u32 sym_state_bytes;
458 		u32 digest_state_bytes;
459 		u32 pin_blob_bytes;
460 		u32 SPKI_bytes;
461 		u32 priv_key_blob_bytes;
462 		u32 sym_blob_bytes;
463 		u32 max_payload_bytes;
464 		u32 CP_profile_bytes;
465 		u32 max_CP_index;
466 	} __packed * pmqi = NULL;
467 
468 	rc = card_cache_fetch(card, info);
469 	if (rc || verify) {
470 		pmqi = kmalloc(sizeof(*pmqi), GFP_KERNEL);
471 		if (!pmqi)
472 			return -ENOMEM;
473 		rc = ep11_query_info(card, AUTOSEL_DOM,
474 				     0x01 /* module info query */,
475 				     sizeof(*pmqi), (u8 *) pmqi);
476 		if (rc) {
477 			if (rc == -ENODEV)
478 				card_cache_scrub(card);
479 			goto out;
480 		}
481 		memset(info, 0, sizeof(*info));
482 		info->API_ord_nr = pmqi->API_ord_nr;
483 		info->FW_version =
484 			(pmqi->FW_major_vers << 8) + pmqi->FW_minor_vers;
485 		memcpy(info->serial, pmqi->serial, sizeof(info->serial));
486 		info->op_mode = pmqi->op_mode;
487 		card_cache_update(card, info);
488 	}
489 
490 out:
491 	kfree(pmqi);
492 	return rc;
493 }
494 EXPORT_SYMBOL(ep11_get_card_info);
495 
496 /*
497  * Provide information about a domain within an EP11 card.
498  */
499 int ep11_get_domain_info(u16 card, u16 domain, struct ep11_domain_info *info)
500 {
501 	int rc;
502 	struct ep11_domain_query_info {
503 		u32 dom_index;
504 		u8  cur_WK_VP[32];
505 		u8  new_WK_VP[32];
506 		u32 dom_flags;
507 		u64 op_mode;
508 	} __packed * p_dom_info;
509 
510 	p_dom_info = kmalloc(sizeof(*p_dom_info), GFP_KERNEL);
511 	if (!p_dom_info)
512 		return -ENOMEM;
513 
514 	rc = ep11_query_info(card, domain, 0x03 /* domain info query */,
515 			     sizeof(*p_dom_info), (u8 *) p_dom_info);
516 	if (rc)
517 		goto out;
518 
519 	memset(info, 0, sizeof(*info));
520 	info->cur_wk_state = '0';
521 	info->new_wk_state = '0';
522 	if (p_dom_info->dom_flags & 0x10 /* left imprint mode */) {
523 		if (p_dom_info->dom_flags & 0x02 /* cur wk valid */) {
524 			info->cur_wk_state = '1';
525 			memcpy(info->cur_wkvp, p_dom_info->cur_WK_VP, 32);
526 		}
527 		if (p_dom_info->dom_flags & 0x04 /* new wk present */
528 		    || p_dom_info->dom_flags & 0x08 /* new wk committed */) {
529 			info->new_wk_state =
530 				p_dom_info->dom_flags & 0x08 ? '2' : '1';
531 			memcpy(info->new_wkvp, p_dom_info->new_WK_VP, 32);
532 		}
533 	}
534 	info->op_mode = p_dom_info->op_mode;
535 
536 out:
537 	kfree(p_dom_info);
538 	return rc;
539 }
540 EXPORT_SYMBOL(ep11_get_domain_info);
541 
542 /*
543  * Default EP11 AES key generate attributes, used when no keygenflags given:
544  * XCP_BLOB_ENCRYPT | XCP_BLOB_DECRYPT | XCP_BLOB_PROTKEY_EXTRACTABLE
545  */
546 #define KEY_ATTR_DEFAULTS 0x00200c00
547 
548 int ep11_genaeskey(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
549 		   u8 *keybuf, size_t *keybufsize)
550 {
551 	struct keygen_req_pl {
552 		struct pl_head head;
553 		u8  var_tag;
554 		u8  var_len;
555 		u32 var;
556 		u8  keybytes_tag;
557 		u8  keybytes_len;
558 		u32 keybytes;
559 		u8  mech_tag;
560 		u8  mech_len;
561 		u32 mech;
562 		u8  attr_tag;
563 		u8  attr_len;
564 		u32 attr_header;
565 		u32 attr_bool_mask;
566 		u32 attr_bool_bits;
567 		u32 attr_val_len_type;
568 		u32 attr_val_len_value;
569 		u8  pin_tag;
570 		u8  pin_len;
571 	} __packed * req_pl;
572 	struct keygen_rep_pl {
573 		struct pl_head head;
574 		u8  rc_tag;
575 		u8  rc_len;
576 		u32 rc;
577 		u8  data_tag;
578 		u8  data_lenfmt;
579 		u16 data_len;
580 		u8  data[512];
581 	} __packed * rep_pl;
582 	struct ep11_cprb *req = NULL, *rep = NULL;
583 	struct ep11_target_dev target;
584 	struct ep11_urb *urb = NULL;
585 	struct ep11keyblob *kb;
586 	int api, rc = -ENOMEM;
587 
588 	switch (keybitsize) {
589 	case 128:
590 	case 192:
591 	case 256:
592 		break;
593 	default:
594 		DEBUG_ERR(
595 			"%s unknown/unsupported keybitsize %d\n",
596 			__func__, keybitsize);
597 		rc = -EINVAL;
598 		goto out;
599 	}
600 
601 	/* request cprb and payload */
602 	req = alloc_cprb(sizeof(struct keygen_req_pl));
603 	if (!req)
604 		goto out;
605 	req_pl = (struct keygen_req_pl *) (((u8 *) req) + sizeof(*req));
606 	api = (!keygenflags || keygenflags & 0x00200000) ? 4 : 1;
607 	prep_head(&req_pl->head, sizeof(*req_pl), api, 21); /* GenerateKey */
608 	req_pl->var_tag = 0x04;
609 	req_pl->var_len = sizeof(u32);
610 	req_pl->keybytes_tag = 0x04;
611 	req_pl->keybytes_len = sizeof(u32);
612 	req_pl->keybytes = keybitsize / 8;
613 	req_pl->mech_tag = 0x04;
614 	req_pl->mech_len = sizeof(u32);
615 	req_pl->mech = 0x00001080; /* CKM_AES_KEY_GEN */
616 	req_pl->attr_tag = 0x04;
617 	req_pl->attr_len = 5 * sizeof(u32);
618 	req_pl->attr_header = 0x10010000;
619 	req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
620 	req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
621 	req_pl->attr_val_len_type = 0x00000161; /* CKA_VALUE_LEN */
622 	req_pl->attr_val_len_value = keybitsize / 8;
623 	req_pl->pin_tag = 0x04;
624 
625 	/* reply cprb and payload */
626 	rep = alloc_cprb(sizeof(struct keygen_rep_pl));
627 	if (!rep)
628 		goto out;
629 	rep_pl = (struct keygen_rep_pl *) (((u8 *) rep) + sizeof(*rep));
630 
631 	/* urb and target */
632 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
633 	if (!urb)
634 		goto out;
635 	target.ap_id = card;
636 	target.dom_id = domain;
637 	prep_urb(urb, &target, 1,
638 		 req, sizeof(*req) + sizeof(*req_pl),
639 		 rep, sizeof(*rep) + sizeof(*rep_pl));
640 
641 	rc = _zcrypt_send_ep11_cprb(urb);
642 	if (rc) {
643 		DEBUG_ERR(
644 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
645 			__func__, (int) card, (int) domain, rc);
646 		goto out;
647 	}
648 
649 	rc = check_reply_pl((u8 *)rep_pl, __func__);
650 	if (rc)
651 		goto out;
652 	if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
653 		DEBUG_ERR("%s unknown reply data format\n", __func__);
654 		rc = -EIO;
655 		goto out;
656 	}
657 	if (rep_pl->data_len > *keybufsize) {
658 		DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
659 			  __func__);
660 		rc = -ENOSPC;
661 		goto out;
662 	}
663 
664 	/* copy key blob and set header values */
665 	memcpy(keybuf, rep_pl->data, rep_pl->data_len);
666 	*keybufsize = rep_pl->data_len;
667 	kb = (struct ep11keyblob *) keybuf;
668 	kb->head.type = TOKTYPE_NON_CCA;
669 	kb->head.len = rep_pl->data_len;
670 	kb->head.version = TOKVER_EP11_AES;
671 	kb->head.keybitlen = keybitsize;
672 
673 out:
674 	kfree(req);
675 	kfree(rep);
676 	kfree(urb);
677 	return rc;
678 }
679 EXPORT_SYMBOL(ep11_genaeskey);
680 
681 static int ep11_cryptsingle(u16 card, u16 domain,
682 			    u16 mode, u32 mech, const u8 *iv,
683 			    const u8 *key, size_t keysize,
684 			    const u8 *inbuf, size_t inbufsize,
685 			    u8 *outbuf, size_t *outbufsize)
686 {
687 	struct crypt_req_pl {
688 		struct pl_head head;
689 		u8  var_tag;
690 		u8  var_len;
691 		u32 var;
692 		u8  mech_tag;
693 		u8  mech_len;
694 		u32 mech;
695 		/*
696 		 * maybe followed by iv data
697 		 * followed by key tag + key blob
698 		 * followed by plaintext tag + plaintext
699 		 */
700 	} __packed * req_pl;
701 	struct crypt_rep_pl {
702 		struct pl_head head;
703 		u8  rc_tag;
704 		u8  rc_len;
705 		u32 rc;
706 		u8  data_tag;
707 		u8  data_lenfmt;
708 		/* data follows */
709 	} __packed * rep_pl;
710 	struct ep11_cprb *req = NULL, *rep = NULL;
711 	struct ep11_target_dev target;
712 	struct ep11_urb *urb = NULL;
713 	size_t req_pl_size, rep_pl_size;
714 	int n, api = 1, rc = -ENOMEM;
715 	u8 *p;
716 
717 	/* the simple asn1 coding used has length limits */
718 	if (keysize > 0xFFFF || inbufsize > 0xFFFF)
719 		return -EINVAL;
720 
721 	/* request cprb and payload */
722 	req_pl_size = sizeof(struct crypt_req_pl) + (iv ? 16 : 0)
723 		+ ASN1TAGLEN(keysize) + ASN1TAGLEN(inbufsize);
724 	req = alloc_cprb(req_pl_size);
725 	if (!req)
726 		goto out;
727 	req_pl = (struct crypt_req_pl *) (((u8 *) req) + sizeof(*req));
728 	prep_head(&req_pl->head, req_pl_size, api, (mode ? 20 : 19));
729 	req_pl->var_tag = 0x04;
730 	req_pl->var_len = sizeof(u32);
731 	/* mech is mech + mech params (iv here) */
732 	req_pl->mech_tag = 0x04;
733 	req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
734 	req_pl->mech = (mech ? mech : 0x00001085); /* CKM_AES_CBC_PAD */
735 	p = ((u8 *) req_pl) + sizeof(*req_pl);
736 	if (iv) {
737 		memcpy(p, iv, 16);
738 		p += 16;
739 	}
740 	/* key and input data */
741 	p += asn1tag_write(p, 0x04, key, keysize);
742 	p += asn1tag_write(p, 0x04, inbuf, inbufsize);
743 
744 	/* reply cprb and payload, assume out data size <= in data size + 32 */
745 	rep_pl_size = sizeof(struct crypt_rep_pl) + ASN1TAGLEN(inbufsize + 32);
746 	rep = alloc_cprb(rep_pl_size);
747 	if (!rep)
748 		goto out;
749 	rep_pl = (struct crypt_rep_pl *) (((u8 *) rep) + sizeof(*rep));
750 
751 	/* urb and target */
752 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
753 	if (!urb)
754 		goto out;
755 	target.ap_id = card;
756 	target.dom_id = domain;
757 	prep_urb(urb, &target, 1,
758 		 req, sizeof(*req) + req_pl_size,
759 		 rep, sizeof(*rep) + rep_pl_size);
760 
761 	rc = _zcrypt_send_ep11_cprb(urb);
762 	if (rc) {
763 		DEBUG_ERR(
764 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
765 			__func__, (int) card, (int) domain, rc);
766 		goto out;
767 	}
768 
769 	rc = check_reply_pl((u8 *)rep_pl, __func__);
770 	if (rc)
771 		goto out;
772 	if (rep_pl->data_tag != 0x04) {
773 		DEBUG_ERR("%s unknown reply data format\n", __func__);
774 		rc = -EIO;
775 		goto out;
776 	}
777 	p = ((u8 *) rep_pl) + sizeof(*rep_pl);
778 	if (rep_pl->data_lenfmt <= 127)
779 		n = rep_pl->data_lenfmt;
780 	else if (rep_pl->data_lenfmt == 0x81)
781 		n = *p++;
782 	else if (rep_pl->data_lenfmt == 0x82) {
783 		n = *((u16 *) p);
784 		p += 2;
785 	} else {
786 		DEBUG_ERR("%s unknown reply data length format 0x%02hhx\n",
787 			  __func__, rep_pl->data_lenfmt);
788 		rc = -EIO;
789 		goto out;
790 	}
791 	if (n > *outbufsize) {
792 		DEBUG_ERR("%s mismatch reply data len %d / output buffer %zu\n",
793 			  __func__, n, *outbufsize);
794 		rc = -ENOSPC;
795 		goto out;
796 	}
797 
798 	memcpy(outbuf, p, n);
799 	*outbufsize = n;
800 
801 out:
802 	kfree(req);
803 	kfree(rep);
804 	kfree(urb);
805 	return rc;
806 }
807 
808 static int ep11_unwrapkey(u16 card, u16 domain,
809 			  const u8 *kek, size_t keksize,
810 			  const u8 *enckey, size_t enckeysize,
811 			  u32 mech, const u8 *iv,
812 			  u32 keybitsize, u32 keygenflags,
813 			  u8 *keybuf, size_t *keybufsize)
814 {
815 	struct uw_req_pl {
816 		struct pl_head head;
817 		u8  attr_tag;
818 		u8  attr_len;
819 		u32 attr_header;
820 		u32 attr_bool_mask;
821 		u32 attr_bool_bits;
822 		u32 attr_key_type;
823 		u32 attr_key_type_value;
824 		u32 attr_val_len;
825 		u32 attr_val_len_value;
826 		u8  mech_tag;
827 		u8  mech_len;
828 		u32 mech;
829 		/*
830 		 * maybe followed by iv data
831 		 * followed by kek tag + kek blob
832 		 * followed by empty mac tag
833 		 * followed by empty pin tag
834 		 * followed by encryted key tag + bytes
835 		 */
836 	} __packed * req_pl;
837 	struct uw_rep_pl {
838 		struct pl_head head;
839 		u8  rc_tag;
840 		u8  rc_len;
841 		u32 rc;
842 		u8  data_tag;
843 		u8  data_lenfmt;
844 		u16 data_len;
845 		u8  data[512];
846 	} __packed * rep_pl;
847 	struct ep11_cprb *req = NULL, *rep = NULL;
848 	struct ep11_target_dev target;
849 	struct ep11_urb *urb = NULL;
850 	struct ep11keyblob *kb;
851 	size_t req_pl_size;
852 	int api, rc = -ENOMEM;
853 	u8 *p;
854 
855 	/* request cprb and payload */
856 	req_pl_size = sizeof(struct uw_req_pl) + (iv ? 16 : 0)
857 		+ ASN1TAGLEN(keksize) + 4 + ASN1TAGLEN(enckeysize);
858 	req = alloc_cprb(req_pl_size);
859 	if (!req)
860 		goto out;
861 	req_pl = (struct uw_req_pl *) (((u8 *) req) + sizeof(*req));
862 	api = (!keygenflags || keygenflags & 0x00200000) ? 4 : 1;
863 	prep_head(&req_pl->head, req_pl_size, api, 34); /* UnwrapKey */
864 	req_pl->attr_tag = 0x04;
865 	req_pl->attr_len = 7 * sizeof(u32);
866 	req_pl->attr_header = 0x10020000;
867 	req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
868 	req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
869 	req_pl->attr_key_type = 0x00000100; /* CKA_KEY_TYPE */
870 	req_pl->attr_key_type_value = 0x0000001f; /* CKK_AES */
871 	req_pl->attr_val_len = 0x00000161; /* CKA_VALUE_LEN */
872 	req_pl->attr_val_len_value = keybitsize / 8;
873 	/* mech is mech + mech params (iv here) */
874 	req_pl->mech_tag = 0x04;
875 	req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
876 	req_pl->mech = (mech ? mech : 0x00001085); /* CKM_AES_CBC_PAD */
877 	p = ((u8 *) req_pl) + sizeof(*req_pl);
878 	if (iv) {
879 		memcpy(p, iv, 16);
880 		p += 16;
881 	}
882 	/* kek */
883 	p += asn1tag_write(p, 0x04, kek, keksize);
884 	/* empty mac key tag */
885 	*p++ = 0x04;
886 	*p++ = 0;
887 	/* empty pin tag */
888 	*p++ = 0x04;
889 	*p++ = 0;
890 	/* encrypted key value tag and bytes */
891 	p += asn1tag_write(p, 0x04, enckey, enckeysize);
892 
893 	/* reply cprb and payload */
894 	rep = alloc_cprb(sizeof(struct uw_rep_pl));
895 	if (!rep)
896 		goto out;
897 	rep_pl = (struct uw_rep_pl *) (((u8 *) rep) + sizeof(*rep));
898 
899 	/* urb and target */
900 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
901 	if (!urb)
902 		goto out;
903 	target.ap_id = card;
904 	target.dom_id = domain;
905 	prep_urb(urb, &target, 1,
906 		 req, sizeof(*req) + req_pl_size,
907 		 rep, sizeof(*rep) + sizeof(*rep_pl));
908 
909 	rc = _zcrypt_send_ep11_cprb(urb);
910 	if (rc) {
911 		DEBUG_ERR(
912 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
913 			__func__, (int) card, (int) domain, rc);
914 		goto out;
915 	}
916 
917 	rc = check_reply_pl((u8 *)rep_pl, __func__);
918 	if (rc)
919 		goto out;
920 	if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
921 		DEBUG_ERR("%s unknown reply data format\n", __func__);
922 		rc = -EIO;
923 		goto out;
924 	}
925 	if (rep_pl->data_len > *keybufsize) {
926 		DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
927 			  __func__);
928 		rc = -ENOSPC;
929 		goto out;
930 	}
931 
932 	/* copy key blob and set header values */
933 	memcpy(keybuf, rep_pl->data, rep_pl->data_len);
934 	*keybufsize = rep_pl->data_len;
935 	kb = (struct ep11keyblob *) keybuf;
936 	kb->head.type = TOKTYPE_NON_CCA;
937 	kb->head.len = rep_pl->data_len;
938 	kb->head.version = TOKVER_EP11_AES;
939 	kb->head.keybitlen = keybitsize;
940 
941 out:
942 	kfree(req);
943 	kfree(rep);
944 	kfree(urb);
945 	return rc;
946 }
947 
948 static int ep11_wrapkey(u16 card, u16 domain,
949 			const u8 *key, size_t keysize,
950 			u32 mech, const u8 *iv,
951 			u8 *databuf, size_t *datasize)
952 {
953 	struct wk_req_pl {
954 		struct pl_head head;
955 		u8  var_tag;
956 		u8  var_len;
957 		u32 var;
958 		u8  mech_tag;
959 		u8  mech_len;
960 		u32 mech;
961 		/*
962 		 * followed by iv data
963 		 * followed by key tag + key blob
964 		 * followed by dummy kek param
965 		 * followed by dummy mac param
966 		 */
967 	} __packed * req_pl;
968 	struct wk_rep_pl {
969 		struct pl_head head;
970 		u8  rc_tag;
971 		u8  rc_len;
972 		u32 rc;
973 		u8  data_tag;
974 		u8  data_lenfmt;
975 		u16 data_len;
976 		u8  data[512];
977 	} __packed * rep_pl;
978 	struct ep11_cprb *req = NULL, *rep = NULL;
979 	struct ep11_target_dev target;
980 	struct ep11_urb *urb = NULL;
981 	struct ep11keyblob *kb;
982 	size_t req_pl_size;
983 	int api, rc = -ENOMEM;
984 	u8 *p;
985 
986 	/* request cprb and payload */
987 	req_pl_size = sizeof(struct wk_req_pl) + (iv ? 16 : 0)
988 		+ ASN1TAGLEN(keysize) + 4;
989 	req = alloc_cprb(req_pl_size);
990 	if (!req)
991 		goto out;
992 	if (!mech || mech == 0x80060001)
993 		req->flags |= 0x20; /* CPACF_WRAP needs special bit */
994 	req_pl = (struct wk_req_pl *) (((u8 *) req) + sizeof(*req));
995 	api = (!mech || mech == 0x80060001) ? 4 : 1; /* CKM_IBM_CPACF_WRAP */
996 	prep_head(&req_pl->head, req_pl_size, api, 33); /* WrapKey */
997 	req_pl->var_tag = 0x04;
998 	req_pl->var_len = sizeof(u32);
999 	/* mech is mech + mech params (iv here) */
1000 	req_pl->mech_tag = 0x04;
1001 	req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
1002 	req_pl->mech = (mech ? mech : 0x80060001); /* CKM_IBM_CPACF_WRAP */
1003 	p = ((u8 *) req_pl) + sizeof(*req_pl);
1004 	if (iv) {
1005 		memcpy(p, iv, 16);
1006 		p += 16;
1007 	}
1008 	/* key blob */
1009 	p += asn1tag_write(p, 0x04, key, keysize);
1010 	/* maybe the key argument needs the head data cleaned out */
1011 	kb = (struct ep11keyblob *)(p - keysize);
1012 	if (kb->head.version == TOKVER_EP11_AES)
1013 		memset(&kb->head, 0, sizeof(kb->head));
1014 	/* empty kek tag */
1015 	*p++ = 0x04;
1016 	*p++ = 0;
1017 	/* empty mac tag */
1018 	*p++ = 0x04;
1019 	*p++ = 0;
1020 
1021 	/* reply cprb and payload */
1022 	rep = alloc_cprb(sizeof(struct wk_rep_pl));
1023 	if (!rep)
1024 		goto out;
1025 	rep_pl = (struct wk_rep_pl *) (((u8 *) rep) + sizeof(*rep));
1026 
1027 	/* urb and target */
1028 	urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
1029 	if (!urb)
1030 		goto out;
1031 	target.ap_id = card;
1032 	target.dom_id = domain;
1033 	prep_urb(urb, &target, 1,
1034 		 req, sizeof(*req) + req_pl_size,
1035 		 rep, sizeof(*rep) + sizeof(*rep_pl));
1036 
1037 	rc = _zcrypt_send_ep11_cprb(urb);
1038 	if (rc) {
1039 		DEBUG_ERR(
1040 			"%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
1041 			__func__, (int) card, (int) domain, rc);
1042 		goto out;
1043 	}
1044 
1045 	rc = check_reply_pl((u8 *)rep_pl, __func__);
1046 	if (rc)
1047 		goto out;
1048 	if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
1049 		DEBUG_ERR("%s unknown reply data format\n", __func__);
1050 		rc = -EIO;
1051 		goto out;
1052 	}
1053 	if (rep_pl->data_len > *datasize) {
1054 		DEBUG_ERR("%s mismatch reply data len / data buffer len\n",
1055 			  __func__);
1056 		rc = -ENOSPC;
1057 		goto out;
1058 	}
1059 
1060 	/* copy the data from the cprb to the data buffer */
1061 	memcpy(databuf, rep_pl->data, rep_pl->data_len);
1062 	*datasize = rep_pl->data_len;
1063 
1064 out:
1065 	kfree(req);
1066 	kfree(rep);
1067 	kfree(urb);
1068 	return rc;
1069 }
1070 
1071 int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
1072 		     const u8 *clrkey, u8 *keybuf, size_t *keybufsize)
1073 {
1074 	int rc;
1075 	struct ep11keyblob *kb;
1076 	u8 encbuf[64], *kek = NULL;
1077 	size_t clrkeylen, keklen, encbuflen = sizeof(encbuf);
1078 
1079 	if (keybitsize == 128 || keybitsize == 192 || keybitsize == 256)
1080 		clrkeylen = keybitsize / 8;
1081 	else {
1082 		DEBUG_ERR(
1083 			"%s unknown/unsupported keybitsize %d\n",
1084 			__func__, keybitsize);
1085 		return -EINVAL;
1086 	}
1087 
1088 	/* allocate memory for the temp kek */
1089 	keklen = MAXEP11AESKEYBLOBSIZE;
1090 	kek = kmalloc(keklen, GFP_ATOMIC);
1091 	if (!kek) {
1092 		rc = -ENOMEM;
1093 		goto out;
1094 	}
1095 
1096 	/* Step 1: generate AES 256 bit random kek key */
1097 	rc = ep11_genaeskey(card, domain, 256,
1098 			    0x00006c00, /* EN/DECRYPT, WRAP/UNWRAP */
1099 			    kek, &keklen);
1100 	if (rc) {
1101 		DEBUG_ERR(
1102 			"%s generate kek key failed, rc=%d\n",
1103 			__func__, rc);
1104 		goto out;
1105 	}
1106 	kb = (struct ep11keyblob *) kek;
1107 	memset(&kb->head, 0, sizeof(kb->head));
1108 
1109 	/* Step 2: encrypt clear key value with the kek key */
1110 	rc = ep11_cryptsingle(card, domain, 0, 0, def_iv, kek, keklen,
1111 			      clrkey, clrkeylen, encbuf, &encbuflen);
1112 	if (rc) {
1113 		DEBUG_ERR(
1114 			"%s encrypting key value with kek key failed, rc=%d\n",
1115 			__func__, rc);
1116 		goto out;
1117 	}
1118 
1119 	/* Step 3: import the encrypted key value as a new key */
1120 	rc = ep11_unwrapkey(card, domain, kek, keklen,
1121 			    encbuf, encbuflen, 0, def_iv,
1122 			    keybitsize, 0, keybuf, keybufsize);
1123 	if (rc) {
1124 		DEBUG_ERR(
1125 			"%s importing key value as new key failed,, rc=%d\n",
1126 			__func__, rc);
1127 		goto out;
1128 	}
1129 
1130 out:
1131 	kfree(kek);
1132 	return rc;
1133 }
1134 EXPORT_SYMBOL(ep11_clr2keyblob);
1135 
1136 int ep11_key2protkey(u16 card, u16 dom, const u8 *key, size_t keylen,
1137 		     u8 *protkey, u32 *protkeylen, u32 *protkeytype)
1138 {
1139 	int rc = -EIO;
1140 	u8 *wkbuf = NULL;
1141 	size_t wkbuflen = 256;
1142 	struct wk_info {
1143 		u16 version;
1144 		u8  res1[16];
1145 		u32 pkeytype;
1146 		u32 pkeybitsize;
1147 		u64 pkeysize;
1148 		u8  res2[8];
1149 		u8  pkey[0];
1150 	} __packed * wki;
1151 
1152 	/* alloc temp working buffer */
1153 	wkbuf = kmalloc(wkbuflen, GFP_ATOMIC);
1154 	if (!wkbuf)
1155 		return -ENOMEM;
1156 
1157 	/* ep11 secure key -> protected key + info */
1158 	rc = ep11_wrapkey(card, dom, key, keylen,
1159 			  0, def_iv, wkbuf, &wkbuflen);
1160 	if (rc) {
1161 		DEBUG_ERR(
1162 			"%s rewrapping ep11 key to pkey failed, rc=%d\n",
1163 			__func__, rc);
1164 		goto out;
1165 	}
1166 	wki = (struct wk_info *) wkbuf;
1167 
1168 	/* check struct version and pkey type */
1169 	if (wki->version != 1 || wki->pkeytype != 1) {
1170 		DEBUG_ERR("%s wk info version %d or pkeytype %d mismatch.\n",
1171 			  __func__, (int) wki->version, (int) wki->pkeytype);
1172 		rc = -EIO;
1173 		goto out;
1174 	}
1175 
1176 	/* copy the tanslated protected key */
1177 	switch (wki->pkeysize) {
1178 	case 16+32:
1179 		/* AES 128 protected key */
1180 		if (protkeytype)
1181 			*protkeytype = PKEY_KEYTYPE_AES_128;
1182 		break;
1183 	case 24+32:
1184 		/* AES 192 protected key */
1185 		if (protkeytype)
1186 			*protkeytype = PKEY_KEYTYPE_AES_192;
1187 		break;
1188 	case 32+32:
1189 		/* AES 256 protected key */
1190 		if (protkeytype)
1191 			*protkeytype = PKEY_KEYTYPE_AES_256;
1192 		break;
1193 	default:
1194 		DEBUG_ERR("%s unknown/unsupported pkeysize %d\n",
1195 			  __func__, (int) wki->pkeysize);
1196 		rc = -EIO;
1197 		goto out;
1198 	}
1199 	memcpy(protkey, wki->pkey, wki->pkeysize);
1200 	if (protkeylen)
1201 		*protkeylen = (u32) wki->pkeysize;
1202 	rc = 0;
1203 
1204 out:
1205 	kfree(wkbuf);
1206 	return rc;
1207 }
1208 EXPORT_SYMBOL(ep11_key2protkey);
1209 
1210 int ep11_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
1211 		   int minhwtype, int minapi, const u8 *wkvp)
1212 {
1213 	struct zcrypt_device_status_ext *device_status;
1214 	u32 *_apqns = NULL, _nr_apqns = 0;
1215 	int i, card, dom, rc = -ENOMEM;
1216 	struct ep11_domain_info edi;
1217 	struct ep11_card_info eci;
1218 
1219 	/* fetch status of all crypto cards */
1220 	device_status = kvmalloc_array(MAX_ZDEV_ENTRIES_EXT,
1221 				       sizeof(struct zcrypt_device_status_ext),
1222 				       GFP_KERNEL);
1223 	if (!device_status)
1224 		return -ENOMEM;
1225 	zcrypt_device_status_mask_ext(device_status);
1226 
1227 	/* allocate 1k space for up to 256 apqns */
1228 	_apqns = kmalloc_array(256, sizeof(u32), GFP_KERNEL);
1229 	if (!_apqns) {
1230 		kvfree(device_status);
1231 		return -ENOMEM;
1232 	}
1233 
1234 	/* walk through all the crypto apqnss */
1235 	for (i = 0; i < MAX_ZDEV_ENTRIES_EXT; i++) {
1236 		card = AP_QID_CARD(device_status[i].qid);
1237 		dom = AP_QID_QUEUE(device_status[i].qid);
1238 		/* check online state */
1239 		if (!device_status[i].online)
1240 			continue;
1241 		/* check for ep11 functions */
1242 		if (!(device_status[i].functions & 0x01))
1243 			continue;
1244 		/* check cardnr */
1245 		if (cardnr != 0xFFFF && card != cardnr)
1246 			continue;
1247 		/* check domain */
1248 		if (domain != 0xFFFF && dom != domain)
1249 			continue;
1250 		/* check min hardware type */
1251 		if (minhwtype && device_status[i].hwtype < minhwtype)
1252 			continue;
1253 		/* check min api version if given */
1254 		if (minapi > 0) {
1255 			if (ep11_get_card_info(card, &eci, 0))
1256 				continue;
1257 			if (minapi > eci.API_ord_nr)
1258 				continue;
1259 		}
1260 		/* check wkvp if given */
1261 		if (wkvp) {
1262 			if (ep11_get_domain_info(card, dom, &edi))
1263 				continue;
1264 			if (edi.cur_wk_state != '1')
1265 				continue;
1266 			if (memcmp(wkvp, edi.cur_wkvp, 16))
1267 				continue;
1268 		}
1269 		/* apqn passed all filtering criterons, add to the array */
1270 		if (_nr_apqns < 256)
1271 			_apqns[_nr_apqns++] = (((u16)card) << 16) | ((u16) dom);
1272 	}
1273 
1274 	/* nothing found ? */
1275 	if (!_nr_apqns) {
1276 		kfree(_apqns);
1277 		rc = -ENODEV;
1278 	} else {
1279 		/* no re-allocation, simple return the _apqns array */
1280 		*apqns = _apqns;
1281 		*nr_apqns = _nr_apqns;
1282 		rc = 0;
1283 	}
1284 
1285 	kvfree(device_status);
1286 	return rc;
1287 }
1288 EXPORT_SYMBOL(ep11_findcard2);
1289 
1290 void __exit zcrypt_ep11misc_exit(void)
1291 {
1292 	card_cache_free();
1293 }
1294