pkey_api.c (ea88e1710a9f19345c94c195f9cd7365e50343b0) | pkey_api.c (8fcc231ce3bea12b78bb94b280cdc03cff342435) |
---|---|
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * pkey device driver 4 * 5 * Copyright IBM Corp. 2017, 2023 6 * 7 * Author(s): Harald Freudenberger 8 */ 9 10#define KMSG_COMPONENT "pkey" 11#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 12 | 1// SPDX-License-Identifier: GPL-2.0 2/* 3 * pkey device driver 4 * 5 * Copyright IBM Corp. 2017, 2023 6 * 7 * Author(s): Harald Freudenberger 8 */ 9 10#define KMSG_COMPONENT "pkey" 11#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 12 |
13#include <linux/fs.h> | |
14#include <linux/init.h> 15#include <linux/miscdevice.h> | 13#include <linux/init.h> 14#include <linux/miscdevice.h> |
16#include <linux/module.h> | |
17#include <linux/slab.h> | 15#include <linux/slab.h> |
18#include <linux/kallsyms.h> 19#include <linux/debugfs.h> 20#include <linux/cpufeature.h> 21#include <asm/zcrypt.h> 22#include <asm/cpacf.h> 23#include <asm/pkey.h> | |
24 25#include "zcrypt_api.h" 26#include "zcrypt_ccamisc.h" | 16 17#include "zcrypt_api.h" 18#include "zcrypt_ccamisc.h" |
27#include "zcrypt_ep11misc.h" | |
28 29#include "pkey_base.h" 30 | 19 20#include "pkey_base.h" 21 |
31MODULE_LICENSE("GPL"); 32MODULE_AUTHOR("IBM Corporation"); 33MODULE_DESCRIPTION("s390 protected key interface"); 34 | |
35/* | 22/* |
36 * Debug feature data and functions 37 */ 38 39debug_info_t *pkey_dbf_info; 40 41static void __init pkey_debug_init(void) 42{ 43 /* 5 arguments per dbf entry (including the format string ptr) */ 44 pkey_dbf_info = debug_register("pkey", 1, 1, 5 * sizeof(long)); 45 debug_register_view(pkey_dbf_info, &debug_sprintf_view); 46 debug_set_level(pkey_dbf_info, 3); 47} 48 49static void __exit pkey_debug_exit(void) 50{ 51 debug_unregister(pkey_dbf_info); 52} 53 54/* | |
55 * Helper functions 56 */ 57 | 23 * Helper functions 24 */ 25 |
58static int apqns4key(const u8 *key, size_t keylen, u32 flags, 59 struct pkey_apqn *apqns, size_t *nr_apqns) | 26static int key2protkey_fallback(const struct clearkeytoken *t, 27 u8 *protkey, u32 *protkeylen, u32 *protkeytype) |
60{ | 28{ |
61 if (pkey_is_cca_key(key, keylen)) { 62 return pkey_cca_apqns4key(key, keylen, flags, 63 apqns, nr_apqns); 64 } else if (pkey_is_ep11_key(key, keylen)) { 65 return pkey_ep11_apqns4key(key, keylen, flags, 66 apqns, nr_apqns); 67 } else { 68 struct keytoken_header *hdr = (struct keytoken_header *)key; 69 70 PKEY_DBF_ERR("%s unknown/unsupported key type %d version %d\n", 71 __func__, hdr->type, hdr->version); 72 return -EINVAL; 73 } 74} 75 76static int apqns4keytype(enum pkey_key_type ktype, 77 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 78 struct pkey_apqn *apqns, size_t *nr_apqns) 79{ 80 if (pkey_is_cca_keytype(ktype)) { 81 return pkey_cca_apqns4type(ktype, cur_mkvp, alt_mkvp, flags, 82 apqns, nr_apqns); 83 } else if (pkey_is_ep11_keytype(ktype)) { 84 return pkey_ep11_apqns4type(ktype, cur_mkvp, alt_mkvp, flags, 85 apqns, nr_apqns); 86 } else { 87 PKEY_DBF_ERR("%s unknown/unsupported key type %d\n", 88 __func__, ktype); 89 return -EINVAL; 90 } 91} 92 93static int genseck2(const struct pkey_apqn *apqns, size_t nr_apqns, 94 enum pkey_key_type keytype, enum pkey_key_size keybitsize, 95 u32 flags, u8 *keybuf, u32 *keybuflen) 96{ 97 int i, rc; 98 u32 u; 99 100 if (pkey_is_cca_keytype(keytype)) { 101 /* As of now only CCA AES key generation is supported */ 102 u = pkey_aes_bitsize_to_keytype(keybitsize); 103 if (!u) { 104 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 105 __func__, keybitsize); 106 return -EINVAL; 107 } 108 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 109 rc = pkey_cca_gen_key(apqns[i].card, 110 apqns[i].domain, 111 u, keytype, keybitsize, flags, 112 keybuf, keybuflen, NULL); 113 } 114 } else if (pkey_is_ep11_keytype(keytype)) { 115 /* As of now only EP11 AES key generation is supported */ 116 u = pkey_aes_bitsize_to_keytype(keybitsize); 117 if (!u) { 118 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 119 __func__, keybitsize); 120 return -EINVAL; 121 } 122 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 123 rc = pkey_ep11_gen_key(apqns[i].card, 124 apqns[i].domain, 125 u, keytype, keybitsize, flags, 126 keybuf, keybuflen, NULL); 127 } 128 } else { 129 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n", 130 __func__, keytype); 131 return -EINVAL; 132 } 133 134 return rc; 135} 136 137static int clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns, 138 enum pkey_key_type keytype, enum pkey_key_size kbitsize, 139 u32 flags, const u8 *clrkey, u8 *keybuf, u32 *keybuflen) 140{ 141 int i, rc; 142 u32 u; 143 144 if (pkey_is_cca_keytype(keytype)) { 145 /* As of now only CCA AES key generation is supported */ 146 u = pkey_aes_bitsize_to_keytype(kbitsize); 147 if (!u) { 148 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 149 __func__, kbitsize); 150 return -EINVAL; 151 } 152 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 153 rc = pkey_cca_clr2key(apqns[i].card, 154 apqns[i].domain, 155 u, keytype, kbitsize, flags, 156 clrkey, kbitsize / 8, 157 keybuf, keybuflen, NULL); 158 } 159 } else if (pkey_is_ep11_keytype(keytype)) { 160 /* As of now only EP11 AES key generation is supported */ 161 u = pkey_aes_bitsize_to_keytype(kbitsize); 162 if (!u) { 163 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 164 __func__, kbitsize); 165 return -EINVAL; 166 } 167 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 168 rc = pkey_ep11_clr2key(apqns[i].card, 169 apqns[i].domain, 170 u, keytype, kbitsize, flags, 171 clrkey, kbitsize / 8, 172 keybuf, keybuflen, NULL); 173 } 174 } else { 175 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n", 176 __func__, keytype); 177 return -EINVAL; 178 } 179 180 return rc; 181} 182 183static int ccakey2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 184 const u8 *key, size_t keylen, 185 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 186{ 187 struct pkey_apqn *local_apqns = NULL; 188 int i, j, rc; 189 190 /* alloc space for list of apqns if no list given */ 191 if (!apqns || (nr_apqns == 1 && 192 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) { 193 nr_apqns = MAXAPQNSINLIST; 194 local_apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), 195 GFP_KERNEL); 196 if (!local_apqns) 197 return -ENOMEM; 198 apqns = local_apqns; 199 } 200 201 /* try two times in case of failure */ 202 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) { 203 if (local_apqns) { 204 /* gather list of apqns able to deal with this key */ 205 nr_apqns = MAXAPQNSINLIST; 206 rc = pkey_cca_apqns4key(key, keylen, 0, 207 local_apqns, &nr_apqns); 208 if (rc) 209 continue; 210 } 211 /* go through the list of apqns until success or end */ 212 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) { 213 rc = pkey_cca_key2protkey(apqns[j].card, 214 apqns[j].domain, 215 key, keylen, 216 protkey, protkeylen, 217 protkeytype); 218 } 219 } 220 221 kfree(local_apqns); 222 223 return rc; 224} 225 226static int ep11key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 227 const u8 *key, size_t keylen, 228 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 229{ 230 struct pkey_apqn *local_apqns = NULL; 231 int i, j, rc; 232 233 /* alloc space for list of apqns if no list given */ 234 if (!apqns || (nr_apqns == 1 && 235 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) { 236 nr_apqns = MAXAPQNSINLIST; 237 local_apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), 238 GFP_KERNEL); 239 if (!local_apqns) 240 return -ENOMEM; 241 apqns = local_apqns; 242 } 243 244 /* try two times in case of failure */ 245 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) { 246 if (local_apqns) { 247 /* gather list of apqns able to deal with this key */ 248 nr_apqns = MAXAPQNSINLIST; 249 rc = pkey_ep11_apqns4key(key, keylen, 0, 250 local_apqns, &nr_apqns); 251 if (rc) 252 continue; 253 } 254 /* go through the list of apqns until success or end */ 255 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) { 256 rc = pkey_ep11_key2protkey(apqns[j].card, 257 apqns[j].domain, 258 key, keylen, 259 protkey, protkeylen, 260 protkeytype); 261 } 262 } 263 264 kfree(local_apqns); 265 266 return rc; 267} 268 269static int pckmokey2protkey_fallback(const struct clearkeytoken *t, 270 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 271{ | |
272 size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE); | 29 size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE); |
273 struct pkey_apqn *apqns = NULL; 274 u32 keysize, tmplen; | 30 u32 keysize, keybitsize, tmplen; |
275 u8 *tmpbuf = NULL; | 31 u8 *tmpbuf = NULL; |
276 size_t nr_apqns; 277 int i, j, rc; | 32 int i, rc; |
278 279 /* As of now only for AES keys a fallback is available */ 280 281 keysize = pkey_keytype_aes_to_size(t->keytype); 282 if (!keysize) { 283 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 284 __func__, t->keytype); 285 return -EINVAL; 286 } 287 if (t->len != keysize) { 288 PKEY_DBF_ERR("%s clear key AES token: invalid key len %u\n", 289 __func__, t->len); 290 return -EINVAL; 291 } | 33 34 /* As of now only for AES keys a fallback is available */ 35 36 keysize = pkey_keytype_aes_to_size(t->keytype); 37 if (!keysize) { 38 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 39 __func__, t->keytype); 40 return -EINVAL; 41 } 42 if (t->len != keysize) { 43 PKEY_DBF_ERR("%s clear key AES token: invalid key len %u\n", 44 __func__, t->len); 45 return -EINVAL; 46 } |
47 keybitsize = 8 * keysize; |
|
292 | 48 |
293 /* alloc tmp buffer and space for apqns */ | 49 /* alloc tmp key buffer */ |
294 tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC); 295 if (!tmpbuf) 296 return -ENOMEM; | 50 tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC); 51 if (!tmpbuf) 52 return -ENOMEM; |
297 nr_apqns = MAXAPQNSINLIST; 298 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL); 299 if (!apqns) { 300 kfree(tmpbuf); 301 return -ENOMEM; 302 } | |
303 304 /* try two times in case of failure */ 305 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) { 306 307 /* CCA secure key way */ | 53 54 /* try two times in case of failure */ 55 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) { 56 57 /* CCA secure key way */ |
308 nr_apqns = MAXAPQNSINLIST; 309 rc = pkey_cca_apqns4type(PKEY_TYPE_CCA_DATA, 310 NULL, NULL, 0, apqns, &nr_apqns); 311 pr_debug("pkey_cca_apqns4type(CCA_DATA)=%d\n", rc); | 58 tmplen = tmpbuflen; 59 rc = pkey_handler_clr_to_key(NULL, 0, 60 t->keytype, PKEY_TYPE_CCA_DATA, 61 keybitsize, 0, 62 t->clearkey, t->len, 63 tmpbuf, &tmplen, NULL); 64 pr_debug("clr_to_key()=%d\n", rc); |
312 if (rc) 313 goto try_via_ep11; | 65 if (rc) 66 goto try_via_ep11; |
314 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) { 315 tmplen = tmpbuflen; 316 rc = pkey_cca_clr2key(apqns[j].card, apqns[j].domain, 317 t->keytype, PKEY_TYPE_CCA_DATA, 318 8 * keysize, 0, 319 t->clearkey, t->len, 320 tmpbuf, &tmplen, NULL); 321 pr_debug("pkey_cca_clr2key()=%d\n", rc); 322 } 323 if (rc) 324 goto try_via_ep11; 325 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) { 326 rc = pkey_cca_key2protkey(apqns[j].card, 327 apqns[j].domain, 328 tmpbuf, tmplen, 329 protkey, protkeylen, 330 protkeytype); 331 pr_debug("pkey_cca_key2protkey()=%d\n", rc); 332 } | 67 rc = pkey_handler_key_to_protkey(NULL, 0, 68 tmpbuf, tmplen, 69 protkey, protkeylen, 70 protkeytype); 71 pr_debug("key_to_protkey()=%d\n", rc); |
333 if (!rc) 334 break; 335 336try_via_ep11: 337 /* the CCA way failed, try via EP11 */ | 72 if (!rc) 73 break; 74 75try_via_ep11: 76 /* the CCA way failed, try via EP11 */ |
338 nr_apqns = MAXAPQNSINLIST; 339 rc = pkey_ep11_apqns4type(PKEY_TYPE_EP11_AES, 340 NULL, NULL, 0, apqns, &nr_apqns); 341 pr_debug("pkey_ep11_apqns4type(EP11_AES)=%d\n", rc); | 77 tmplen = tmpbuflen; 78 rc = pkey_handler_clr_to_key(NULL, 0, 79 t->keytype, PKEY_TYPE_EP11_AES, 80 keybitsize, 0, 81 t->clearkey, t->len, 82 tmpbuf, &tmplen, NULL); 83 pr_debug("clr_to_key()=%d\n", rc); |
342 if (rc) 343 continue; | 84 if (rc) 85 continue; |
344 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) { 345 tmplen = tmpbuflen; 346 rc = pkey_ep11_clr2key(apqns[j].card, apqns[j].domain, 347 t->keytype, PKEY_TYPE_EP11_AES, 348 8 * keysize, 0, 349 t->clearkey, t->len, 350 tmpbuf, &tmplen, NULL); 351 pr_debug("pkey_ep11_clr2key()=%d\n", rc); 352 } 353 if (rc) 354 continue; 355 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) { 356 rc = pkey_ep11_key2protkey(apqns[j].card, 357 apqns[j].domain, 358 tmpbuf, tmplen, 359 protkey, protkeylen, 360 protkeytype); 361 pr_debug("pkey_ep11_key2protkey()=%d\n", rc); 362 } | 86 rc = pkey_handler_key_to_protkey(NULL, 0, 87 tmpbuf, tmplen, 88 protkey, protkeylen, 89 protkeytype); 90 pr_debug("key_to_protkey()=%d\n", rc); |
363 } 364 365 kfree(tmpbuf); | 91 } 92 93 kfree(tmpbuf); |
366 kfree(apqns); | |
367 368 return rc; 369} 370 | 94 95 return rc; 96} 97 |
371static int pckmokey2protkey(const u8 *key, size_t keylen, 372 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 373{ 374 int rc; 375 376 rc = pkey_pckmo_key2protkey(0, 0, key, keylen, 377 protkey, protkeylen, protkeytype); 378 if (rc == -ENODEV) { 379 struct keytoken_header *hdr = (struct keytoken_header *)key; 380 struct clearkeytoken *t = (struct clearkeytoken *)key; 381 382 /* maybe a fallback is possible */ 383 if (hdr->type == TOKTYPE_NON_CCA && 384 hdr->version == TOKVER_CLEAR_KEY) { 385 rc = pckmokey2protkey_fallback(t, protkey, 386 protkeylen, 387 protkeytype); 388 if (rc) 389 rc = -ENODEV; 390 } 391 } 392 393 if (rc) 394 PKEY_DBF_ERR("%s unable to build protected key from clear, rc=%d", 395 __func__, rc); 396 397 return rc; 398} 399 | |
400static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 401 const u8 *key, size_t keylen, 402 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 403{ | 98static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 99 const u8 *key, size_t keylen, 100 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 101{ |
404 if (pkey_is_cca_key(key, keylen)) { 405 return ccakey2protkey(apqns, nr_apqns, key, keylen, 406 protkey, protkeylen, protkeytype); 407 } else if (pkey_is_ep11_key(key, keylen)) { 408 return ep11key2protkey(apqns, nr_apqns, key, keylen, 409 protkey, protkeylen, protkeytype); 410 } else if (pkey_is_pckmo_key(key, keylen)) { 411 return pckmokey2protkey(key, keylen, 412 protkey, protkeylen, protkeytype); 413 } else { 414 struct keytoken_header *hdr = (struct keytoken_header *)key; | 102 struct keytoken_header *hdr = (struct keytoken_header *)key; 103 int i, rc; |
415 | 104 |
416 PKEY_DBF_ERR("%s unknown/unsupported key type %d version %d\n", 417 __func__, hdr->type, hdr->version); 418 return -EINVAL; | 105 /* retry two times */ 106 for (rc = -ENODEV, i = 0; rc && i < 2; i++) { 107 /* First try the direct way */ 108 rc = pkey_handler_key_to_protkey(apqns, nr_apqns, 109 key, keylen, 110 protkey, protkeylen, 111 protkeytype); 112 /* For some clear key tokens there exists a fallback way */ 113 if (rc && 114 hdr->type == TOKTYPE_NON_CCA && 115 hdr->version == TOKVER_CLEAR_KEY) 116 rc = key2protkey_fallback((struct clearkeytoken *)key, 117 protkey, protkeylen, 118 protkeytype); |
419 } | 119 } |
120 121 return rc; |
|
420} 421 422/* 423 * In-Kernel function: Transform a key blob (of any type) into a protected key 424 */ 425int pkey_key2protkey(const u8 *key, u32 keylen, 426 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 427{ --- 20 unchanged lines hidden (view full) --- 448 return NULL; 449 450 return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn)); 451} 452 453static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs) 454{ 455 struct pkey_genseck kgs; | 122} 123 124/* 125 * In-Kernel function: Transform a key blob (of any type) into a protected key 126 */ 127int pkey_key2protkey(const u8 *key, u32 keylen, 128 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 129{ --- 20 unchanged lines hidden (view full) --- 150 return NULL; 151 152 return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn)); 153} 154 155static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs) 156{ 157 struct pkey_genseck kgs; |
158 struct pkey_apqn apqn; |
|
456 u32 keybuflen; 457 int rc; 458 459 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 460 return -EFAULT; | 159 u32 keybuflen; 160 int rc; 161 162 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 163 return -EFAULT; |
164 165 apqn.card = kgs.cardnr; 166 apqn.domain = kgs.domain; |
|
461 keybuflen = sizeof(kgs.seckey.seckey); | 167 keybuflen = sizeof(kgs.seckey.seckey); |
462 rc = pkey_cca_gen_key(kgs.cardnr, kgs.domain, 463 kgs.keytype, PKEY_TYPE_CCA_DATA, 0, 0, 464 kgs.seckey.seckey, &keybuflen, NULL); 465 pr_debug("pkey_cca_gen_key()=%d\n", rc); | 168 rc = pkey_handler_gen_key(&apqn, 1, 169 kgs.keytype, PKEY_TYPE_CCA_DATA, 0, 0, 170 kgs.seckey.seckey, &keybuflen, NULL); 171 pr_debug("gen_key()=%d\n", rc); |
466 if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs))) 467 rc = -EFAULT; 468 memzero_explicit(&kgs, sizeof(kgs)); 469 470 return rc; 471} 472 473static int pkey_ioctl_clr2seck(struct pkey_clr2seck __user *ucs) 474{ 475 struct pkey_clr2seck kcs; | 172 if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs))) 173 rc = -EFAULT; 174 memzero_explicit(&kgs, sizeof(kgs)); 175 176 return rc; 177} 178 179static int pkey_ioctl_clr2seck(struct pkey_clr2seck __user *ucs) 180{ 181 struct pkey_clr2seck kcs; |
182 struct pkey_apqn apqn; |
|
476 u32 keybuflen; 477 int rc; 478 479 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 480 return -EFAULT; | 183 u32 keybuflen; 184 int rc; 185 186 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 187 return -EFAULT; |
188 189 apqn.card = kcs.cardnr; 190 apqn.domain = kcs.domain; |
|
481 keybuflen = sizeof(kcs.seckey.seckey); | 191 keybuflen = sizeof(kcs.seckey.seckey); |
482 rc = pkey_cca_clr2key(kcs.cardnr, kcs.domain, 483 kcs.keytype, PKEY_TYPE_CCA_DATA, 0, 0, 484 kcs.clrkey.clrkey, 485 pkey_keytype_aes_to_size(kcs.keytype), 486 kcs.seckey.seckey, &keybuflen, NULL); 487 pr_debug("pkey_cca_clr2key()=%d\n", rc); | 192 rc = pkey_handler_clr_to_key(&apqn, 1, 193 kcs.keytype, PKEY_TYPE_CCA_DATA, 0, 0, 194 kcs.clrkey.clrkey, 195 pkey_keytype_aes_to_size(kcs.keytype), 196 kcs.seckey.seckey, &keybuflen, NULL); 197 pr_debug("clr_to_key()=%d\n", rc); |
488 if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs))) 489 rc = -EFAULT; 490 memzero_explicit(&kcs, sizeof(kcs)); 491 492 return rc; 493} 494 495static int pkey_ioctl_sec2protk(struct pkey_sec2protk __user *usp) 496{ 497 struct pkey_sec2protk ksp; | 198 if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs))) 199 rc = -EFAULT; 200 memzero_explicit(&kcs, sizeof(kcs)); 201 202 return rc; 203} 204 205static int pkey_ioctl_sec2protk(struct pkey_sec2protk __user *usp) 206{ 207 struct pkey_sec2protk ksp; |
208 struct pkey_apqn apqn; |
|
498 int rc; 499 500 if (copy_from_user(&ksp, usp, sizeof(ksp))) 501 return -EFAULT; | 209 int rc; 210 211 if (copy_from_user(&ksp, usp, sizeof(ksp))) 212 return -EFAULT; |
213 214 apqn.card = ksp.cardnr; 215 apqn.domain = ksp.domain; |
|
502 ksp.protkey.len = sizeof(ksp.protkey.protkey); | 216 ksp.protkey.len = sizeof(ksp.protkey.protkey); |
503 rc = pkey_cca_key2protkey(ksp.cardnr, ksp.domain, 504 ksp.seckey.seckey, sizeof(ksp.seckey.seckey), 505 ksp.protkey.protkey, 506 &ksp.protkey.len, &ksp.protkey.type); 507 pr_debug("pkey_cca_key2protkey()=%d\n", rc); | 217 rc = pkey_handler_key_to_protkey(&apqn, 1, 218 ksp.seckey.seckey, 219 sizeof(ksp.seckey.seckey), 220 ksp.protkey.protkey, 221 &ksp.protkey.len, &ksp.protkey.type); 222 pr_debug("key_to_protkey()=%d\n", rc); |
508 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp))) 509 rc = -EFAULT; 510 memzero_explicit(&ksp, sizeof(ksp)); 511 512 return rc; 513} 514 515static int pkey_ioctl_clr2protk(struct pkey_clr2protk __user *ucp) 516{ 517 struct pkey_clr2protk kcp; | 223 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp))) 224 rc = -EFAULT; 225 memzero_explicit(&ksp, sizeof(ksp)); 226 227 return rc; 228} 229 230static int pkey_ioctl_clr2protk(struct pkey_clr2protk __user *ucp) 231{ 232 struct pkey_clr2protk kcp; |
233 struct clearkeytoken *t; 234 u32 keylen; 235 u8 *tmpbuf; |
|
518 int rc; 519 520 if (copy_from_user(&kcp, ucp, sizeof(kcp))) 521 return -EFAULT; | 236 int rc; 237 238 if (copy_from_user(&kcp, ucp, sizeof(kcp))) 239 return -EFAULT; |
240 241 /* build a 'clear key token' from the clear key value */ 242 keylen = pkey_keytype_aes_to_size(kcp.keytype); 243 if (!keylen) { 244 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 245 __func__, kcp.keytype); 246 memzero_explicit(&kcp, sizeof(kcp)); 247 return -EINVAL; 248 } 249 tmpbuf = kzalloc(sizeof(*t) + keylen, GFP_KERNEL); 250 if (!tmpbuf) { 251 memzero_explicit(&kcp, sizeof(kcp)); 252 return -ENOMEM; 253 } 254 t = (struct clearkeytoken *)tmpbuf; 255 t->type = TOKTYPE_NON_CCA; 256 t->version = TOKVER_CLEAR_KEY; 257 t->keytype = (keylen - 8) >> 3; 258 t->len = keylen; 259 memcpy(t->clearkey, kcp.clrkey.clrkey, keylen); |
|
522 kcp.protkey.len = sizeof(kcp.protkey.protkey); | 260 kcp.protkey.len = sizeof(kcp.protkey.protkey); |
523 rc = pkey_pckmo_clr2key(0, 0, kcp.keytype, 0, 0, 0, 524 kcp.clrkey.clrkey, 0, 525 kcp.protkey.protkey, 526 &kcp.protkey.len, &kcp.protkey.type); 527 pr_debug("pkey_pckmo_clr2key()=%d\n", rc); | 261 262 rc = key2protkey(NULL, 0, 263 tmpbuf, sizeof(*t) + keylen, 264 kcp.protkey.protkey, 265 &kcp.protkey.len, &kcp.protkey.type); 266 pr_debug("key2protkey()=%d\n", rc); 267 268 kfree_sensitive(tmpbuf); 269 |
528 if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp))) 529 rc = -EFAULT; 530 memzero_explicit(&kcp, sizeof(kcp)); 531 532 return rc; 533} 534 535static int pkey_ioctl_findcard(struct pkey_findcard __user *ufc) 536{ 537 struct pkey_findcard kfc; 538 struct pkey_apqn *apqns; 539 size_t nr_apqns; 540 int rc; 541 542 if (copy_from_user(&kfc, ufc, sizeof(kfc))) 543 return -EFAULT; 544 | 270 if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp))) 271 rc = -EFAULT; 272 memzero_explicit(&kcp, sizeof(kcp)); 273 274 return rc; 275} 276 277static int pkey_ioctl_findcard(struct pkey_findcard __user *ufc) 278{ 279 struct pkey_findcard kfc; 280 struct pkey_apqn *apqns; 281 size_t nr_apqns; 282 int rc; 283 284 if (copy_from_user(&kfc, ufc, sizeof(kfc))) 285 return -EFAULT; 286 |
545 if (!pkey_is_cca_key(kfc.seckey.seckey, sizeof(kfc.seckey.seckey))) 546 return -EINVAL; 547 | |
548 nr_apqns = MAXAPQNSINLIST; 549 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL); 550 if (!apqns) 551 return -ENOMEM; | 287 nr_apqns = MAXAPQNSINLIST; 288 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL); 289 if (!apqns) 290 return -ENOMEM; |
552 rc = pkey_cca_apqns4key(kfc.seckey.seckey, 553 sizeof(kfc.seckey.seckey), 554 PKEY_FLAGS_MATCH_CUR_MKVP, 555 apqns, &nr_apqns); 556 if (rc == -ENODEV) 557 rc = pkey_cca_apqns4key(kfc.seckey.seckey, | 291 292 rc = pkey_handler_apqns_for_key(kfc.seckey.seckey, |
558 sizeof(kfc.seckey.seckey), | 293 sizeof(kfc.seckey.seckey), |
559 PKEY_FLAGS_MATCH_ALT_MKVP, | 294 PKEY_FLAGS_MATCH_CUR_MKVP, |
560 apqns, &nr_apqns); | 295 apqns, &nr_apqns); |
561 pr_debug("pkey_cca_apqns4key()=%d\n", rc); | 296 if (rc == -ENODEV) 297 rc = pkey_handler_apqns_for_key(kfc.seckey.seckey, 298 sizeof(kfc.seckey.seckey), 299 PKEY_FLAGS_MATCH_ALT_MKVP, 300 apqns, &nr_apqns); 301 pr_debug("apqns_for_key()=%d\n", rc); |
562 if (rc) { 563 kfree(apqns); 564 return rc; 565 } 566 kfc.cardnr = apqns[0].card; 567 kfc.domain = apqns[0].domain; 568 kfree(apqns); 569 if (copy_to_user(ufc, &kfc, sizeof(kfc))) 570 return -EFAULT; 571 572 return 0; 573} 574 575static int pkey_ioctl_skey2pkey(struct pkey_skey2pkey __user *usp) 576{ 577 struct pkey_skey2pkey ksp; | 302 if (rc) { 303 kfree(apqns); 304 return rc; 305 } 306 kfc.cardnr = apqns[0].card; 307 kfc.domain = apqns[0].domain; 308 kfree(apqns); 309 if (copy_to_user(ufc, &kfc, sizeof(kfc))) 310 return -EFAULT; 311 312 return 0; 313} 314 315static int pkey_ioctl_skey2pkey(struct pkey_skey2pkey __user *usp) 316{ 317 struct pkey_skey2pkey ksp; |
578 struct pkey_apqn *apqns; 579 size_t nr_apqns; 580 int i, rc; | 318 int rc; |
581 582 if (copy_from_user(&ksp, usp, sizeof(ksp))) 583 return -EFAULT; 584 | 319 320 if (copy_from_user(&ksp, usp, sizeof(ksp))) 321 return -EFAULT; 322 |
585 if (!pkey_is_cca_key(ksp.seckey.seckey, sizeof(ksp.seckey.seckey))) 586 return -EINVAL; 587 588 nr_apqns = MAXAPQNSINLIST; 589 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL); 590 if (!apqns) 591 return -ENOMEM; 592 rc = pkey_cca_apqns4key(ksp.seckey.seckey, sizeof(ksp.seckey.seckey), 593 0, apqns, &nr_apqns); 594 pr_debug("pkey_cca_apqns4key()=%d\n", rc); 595 if (rc) { 596 kfree(apqns); 597 return rc; 598 } | |
599 ksp.protkey.len = sizeof(ksp.protkey.protkey); | 323 ksp.protkey.len = sizeof(ksp.protkey.protkey); |
600 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 601 rc = pkey_cca_key2protkey(apqns[i].card, apqns[i].domain, 602 ksp.seckey.seckey, 603 sizeof(ksp.seckey.seckey), 604 ksp.protkey.protkey, 605 &ksp.protkey.len, 606 &ksp.protkey.type); 607 pr_debug("pkey_cca_key2protkey()=%d\n", rc); 608 } 609 kfree(apqns); | 324 rc = pkey_handler_key_to_protkey(NULL, 0, 325 ksp.seckey.seckey, 326 sizeof(ksp.seckey.seckey), 327 ksp.protkey.protkey, 328 &ksp.protkey.len, 329 &ksp.protkey.type); 330 pr_debug("key_to_protkey()=%d\n", rc); |
610 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp))) 611 rc = -EFAULT; 612 memzero_explicit(&ksp, sizeof(ksp)); 613 614 return rc; 615} 616 617static int pkey_ioctl_verifykey(struct pkey_verifykey __user *uvk) 618{ 619 u32 keytype, keybitsize, flags; 620 struct pkey_verifykey kvk; 621 int rc; 622 623 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 624 return -EFAULT; | 331 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp))) 332 rc = -EFAULT; 333 memzero_explicit(&ksp, sizeof(ksp)); 334 335 return rc; 336} 337 338static int pkey_ioctl_verifykey(struct pkey_verifykey __user *uvk) 339{ 340 u32 keytype, keybitsize, flags; 341 struct pkey_verifykey kvk; 342 int rc; 343 344 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 345 return -EFAULT; |
346 |
|
625 kvk.cardnr = 0xFFFF; 626 kvk.domain = 0xFFFF; | 347 kvk.cardnr = 0xFFFF; 348 kvk.domain = 0xFFFF; |
627 rc = pkey_cca_verifykey(kvk.seckey.seckey, sizeof(kvk.seckey.seckey), 628 &kvk.cardnr, &kvk.domain, 629 &keytype, &keybitsize, &flags); 630 pr_debug("pkey_cca_verifykey()=%d\n", rc); | 349 rc = pkey_handler_verify_key(kvk.seckey.seckey, 350 sizeof(kvk.seckey.seckey), 351 &kvk.cardnr, &kvk.domain, 352 &keytype, &keybitsize, &flags); 353 pr_debug("verify_key()=%d\n", rc); |
631 if (!rc && keytype != PKEY_TYPE_CCA_DATA) 632 rc = -EINVAL; 633 kvk.attributes = PKEY_VERIFY_ATTR_AES; 634 kvk.keysize = (u16)keybitsize; 635 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 636 kvk.attributes |= PKEY_VERIFY_ATTR_OLD_MKVP; 637 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk))) 638 rc = -EFAULT; --- 4 unchanged lines hidden (view full) --- 643 644static int pkey_ioctl_genprotk(struct pkey_genprotk __user *ugp) 645{ 646 struct pkey_genprotk kgp; 647 int rc; 648 649 if (copy_from_user(&kgp, ugp, sizeof(kgp))) 650 return -EFAULT; | 354 if (!rc && keytype != PKEY_TYPE_CCA_DATA) 355 rc = -EINVAL; 356 kvk.attributes = PKEY_VERIFY_ATTR_AES; 357 kvk.keysize = (u16)keybitsize; 358 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 359 kvk.attributes |= PKEY_VERIFY_ATTR_OLD_MKVP; 360 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk))) 361 rc = -EFAULT; --- 4 unchanged lines hidden (view full) --- 366 367static int pkey_ioctl_genprotk(struct pkey_genprotk __user *ugp) 368{ 369 struct pkey_genprotk kgp; 370 int rc; 371 372 if (copy_from_user(&kgp, ugp, sizeof(kgp))) 373 return -EFAULT; |
374 |
|
651 kgp.protkey.len = sizeof(kgp.protkey.protkey); | 375 kgp.protkey.len = sizeof(kgp.protkey.protkey); |
652 rc = pkey_pckmo_gen_key(0, 0, kgp.keytype, 0, 0, 0, 653 kgp.protkey.protkey, 654 &kgp.protkey.len, &kgp.protkey.type); 655 pr_debug("pkey_pckmo_gen_key()=%d\n", rc); | 376 rc = pkey_handler_gen_key(NULL, 0, kgp.keytype, 377 PKEY_TYPE_PROTKEY, 0, 0, 378 kgp.protkey.protkey, &kgp.protkey.len, 379 &kgp.protkey.type); 380 pr_debug("gen_key()=%d\n", rc); |
656 if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp))) 657 rc = -EFAULT; 658 memzero_explicit(&kgp, sizeof(kgp)); 659 660 return rc; 661} 662 663static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp) 664{ 665 struct pkey_verifyprotk kvp; | 381 if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp))) 382 rc = -EFAULT; 383 memzero_explicit(&kgp, sizeof(kgp)); 384 385 return rc; 386} 387 388static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp) 389{ 390 struct pkey_verifyprotk kvp; |
391 struct protaeskeytoken *t; 392 u32 keytype; 393 u8 *tmpbuf; |
|
666 int rc; 667 668 if (copy_from_user(&kvp, uvp, sizeof(kvp))) 669 return -EFAULT; | 394 int rc; 395 396 if (copy_from_user(&kvp, uvp, sizeof(kvp))) 397 return -EFAULT; |
670 rc = pkey_pckmo_verifykey(kvp.protkey.protkey, kvp.protkey.len, 671 0, 0, &kvp.protkey.type, 0, 0); 672 pr_debug("pkey_pckmo_verifykey()=%d\n", rc); | 398 399 keytype = pkey_aes_bitsize_to_keytype(8 * kvp.protkey.len); 400 if (!keytype) { 401 PKEY_DBF_ERR("%s unknown/unsupported protkey length %u\n", 402 __func__, kvp.protkey.len); 403 memzero_explicit(&kvp, sizeof(kvp)); 404 return -EINVAL; 405 } 406 407 /* build a 'protected key token' from the raw protected key */ 408 tmpbuf = kzalloc(sizeof(*t), GFP_KERNEL); 409 if (!tmpbuf) { 410 memzero_explicit(&kvp, sizeof(kvp)); 411 return -ENOMEM; 412 } 413 t = (struct protaeskeytoken *)tmpbuf; 414 t->type = TOKTYPE_NON_CCA; 415 t->version = TOKVER_PROTECTED_KEY; 416 t->keytype = keytype; 417 t->len = kvp.protkey.len; 418 memcpy(t->protkey, kvp.protkey.protkey, kvp.protkey.len); 419 420 rc = pkey_handler_verify_key(tmpbuf, sizeof(*t), 421 NULL, NULL, NULL, NULL, NULL); 422 pr_debug("verify_key()=%d\n", rc); 423 424 kfree_sensitive(tmpbuf); |
673 memzero_explicit(&kvp, sizeof(kvp)); 674 675 return rc; 676} 677 678static int pkey_ioctl_kblob2protk(struct pkey_kblob2pkey __user *utp) 679{ 680 struct pkey_kblob2pkey ktp; --- 20 unchanged lines hidden (view full) --- 701 702static int pkey_ioctl_genseck2(struct pkey_genseck2 __user *ugs) 703{ 704 u32 klen = KEYBLOBBUFSIZE; 705 struct pkey_genseck2 kgs; 706 struct pkey_apqn *apqns; 707 u8 *kkey; 708 int rc; | 425 memzero_explicit(&kvp, sizeof(kvp)); 426 427 return rc; 428} 429 430static int pkey_ioctl_kblob2protk(struct pkey_kblob2pkey __user *utp) 431{ 432 struct pkey_kblob2pkey ktp; --- 20 unchanged lines hidden (view full) --- 453 454static int pkey_ioctl_genseck2(struct pkey_genseck2 __user *ugs) 455{ 456 u32 klen = KEYBLOBBUFSIZE; 457 struct pkey_genseck2 kgs; 458 struct pkey_apqn *apqns; 459 u8 *kkey; 460 int rc; |
461 u32 u; |
|
709 710 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 711 return -EFAULT; | 462 463 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 464 return -EFAULT; |
465 u = pkey_aes_bitsize_to_keytype(kgs.size); 466 if (!u) { 467 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 468 __func__, kgs.size); 469 return -EINVAL; 470 } |
|
712 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries); 713 if (IS_ERR(apqns)) 714 return PTR_ERR(apqns); 715 kkey = kzalloc(klen, GFP_KERNEL); 716 if (!kkey) { 717 kfree(apqns); 718 return -ENOMEM; 719 } | 471 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries); 472 if (IS_ERR(apqns)) 473 return PTR_ERR(apqns); 474 kkey = kzalloc(klen, GFP_KERNEL); 475 if (!kkey) { 476 kfree(apqns); 477 return -ENOMEM; 478 } |
720 rc = genseck2(apqns, kgs.apqn_entries, 721 kgs.type, kgs.size, kgs.keygenflags, 722 kkey, &klen); 723 pr_debug("genseckey2()=%d\n", rc); | 479 rc = pkey_handler_gen_key(apqns, kgs.apqn_entries, 480 u, kgs.type, kgs.size, kgs.keygenflags, 481 kkey, &klen, NULL); 482 pr_debug("gen_key()=%d\n", rc); |
724 kfree(apqns); 725 if (rc) { 726 kfree_sensitive(kkey); 727 return rc; 728 } 729 if (kgs.key) { 730 if (kgs.keylen < klen) { 731 kfree_sensitive(kkey); --- 14 unchanged lines hidden (view full) --- 746 747static int pkey_ioctl_clr2seck2(struct pkey_clr2seck2 __user *ucs) 748{ 749 u32 klen = KEYBLOBBUFSIZE; 750 struct pkey_clr2seck2 kcs; 751 struct pkey_apqn *apqns; 752 u8 *kkey; 753 int rc; | 483 kfree(apqns); 484 if (rc) { 485 kfree_sensitive(kkey); 486 return rc; 487 } 488 if (kgs.key) { 489 if (kgs.keylen < klen) { 490 kfree_sensitive(kkey); --- 14 unchanged lines hidden (view full) --- 505 506static int pkey_ioctl_clr2seck2(struct pkey_clr2seck2 __user *ucs) 507{ 508 u32 klen = KEYBLOBBUFSIZE; 509 struct pkey_clr2seck2 kcs; 510 struct pkey_apqn *apqns; 511 u8 *kkey; 512 int rc; |
513 u32 u; |
|
754 755 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 756 return -EFAULT; | 514 515 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 516 return -EFAULT; |
517 u = pkey_aes_bitsize_to_keytype(kcs.size); 518 if (!u) { 519 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 520 __func__, kcs.size); 521 memzero_explicit(&kcs, sizeof(kcs)); 522 return -EINVAL; 523 } |
|
757 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); 758 if (IS_ERR(apqns)) { 759 memzero_explicit(&kcs, sizeof(kcs)); 760 return PTR_ERR(apqns); 761 } 762 kkey = kzalloc(klen, GFP_KERNEL); 763 if (!kkey) { 764 kfree(apqns); 765 memzero_explicit(&kcs, sizeof(kcs)); 766 return -ENOMEM; 767 } | 524 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); 525 if (IS_ERR(apqns)) { 526 memzero_explicit(&kcs, sizeof(kcs)); 527 return PTR_ERR(apqns); 528 } 529 kkey = kzalloc(klen, GFP_KERNEL); 530 if (!kkey) { 531 kfree(apqns); 532 memzero_explicit(&kcs, sizeof(kcs)); 533 return -ENOMEM; 534 } |
768 rc = clr2seckey2(apqns, kcs.apqn_entries, 769 kcs.type, kcs.size, kcs.keygenflags, 770 kcs.clrkey.clrkey, kkey, &klen); 771 pr_debug("clr2seckey2()=%d\n", rc); | 535 rc = pkey_handler_clr_to_key(apqns, kcs.apqn_entries, 536 u, kcs.type, kcs.size, kcs.keygenflags, 537 kcs.clrkey.clrkey, kcs.size / 8, 538 kkey, &klen, NULL); 539 pr_debug("clr_to_key()=%d\n", rc); |
772 kfree(apqns); 773 if (rc) { 774 kfree_sensitive(kkey); 775 memzero_explicit(&kcs, sizeof(kcs)); 776 return rc; 777 } 778 if (kcs.key) { 779 if (kcs.keylen < klen) { --- 22 unchanged lines hidden (view full) --- 802 u8 *kkey; 803 int rc; 804 805 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 806 return -EFAULT; 807 kkey = _copy_key_from_user(kvk.key, kvk.keylen); 808 if (IS_ERR(kkey)) 809 return PTR_ERR(kkey); | 540 kfree(apqns); 541 if (rc) { 542 kfree_sensitive(kkey); 543 memzero_explicit(&kcs, sizeof(kcs)); 544 return rc; 545 } 546 if (kcs.key) { 547 if (kcs.keylen < klen) { --- 22 unchanged lines hidden (view full) --- 570 u8 *kkey; 571 int rc; 572 573 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 574 return -EFAULT; 575 kkey = _copy_key_from_user(kvk.key, kvk.keylen); 576 if (IS_ERR(kkey)) 577 return PTR_ERR(kkey); |
810 if (pkey_is_cca_key(kkey, kvk.keylen)) { 811 rc = pkey_cca_verifykey(kkey, kvk.keylen, 812 &kvk.cardnr, &kvk.domain, 813 &kvk.type, &kvk.size, &kvk.flags); 814 pr_debug("pkey_cca_verifykey()=%d\n", rc); 815 } else if (pkey_is_ep11_key(kkey, kvk.keylen)) { 816 rc = pkey_ep11_verifykey(kkey, kvk.keylen, 817 &kvk.cardnr, &kvk.domain, 818 &kvk.type, &kvk.size, &kvk.flags); 819 pr_debug("pkey_ep11_verifykey()=%d\n", rc); 820 } else { 821 rc = -EINVAL; 822 } | 578 579 rc = pkey_handler_verify_key(kkey, kvk.keylen, 580 &kvk.cardnr, &kvk.domain, 581 &kvk.type, &kvk.size, &kvk.flags); 582 pr_debug("verify_key()=%d\n", rc); 583 |
823 kfree_sensitive(kkey); | 584 kfree_sensitive(kkey); |
824 if (rc) 825 return rc; 826 if (copy_to_user(uvk, &kvk, sizeof(kvk))) | 585 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk))) |
827 return -EFAULT; 828 | 586 return -EFAULT; 587 |
829 return 0; | 588 return rc; |
830} 831 832static int pkey_ioctl_kblob2protk2(struct pkey_kblob2pkey2 __user *utp) 833{ 834 struct pkey_apqn *apqns = NULL; 835 struct pkey_kblob2pkey2 ktp; 836 u8 *kkey; 837 int rc; --- 40 unchanged lines hidden (view full) --- 878 if (!apqns) 879 return -ENOMEM; 880 } 881 kkey = _copy_key_from_user(kak.key, kak.keylen); 882 if (IS_ERR(kkey)) { 883 kfree(apqns); 884 return PTR_ERR(kkey); 885 } | 589} 590 591static int pkey_ioctl_kblob2protk2(struct pkey_kblob2pkey2 __user *utp) 592{ 593 struct pkey_apqn *apqns = NULL; 594 struct pkey_kblob2pkey2 ktp; 595 u8 *kkey; 596 int rc; --- 40 unchanged lines hidden (view full) --- 637 if (!apqns) 638 return -ENOMEM; 639 } 640 kkey = _copy_key_from_user(kak.key, kak.keylen); 641 if (IS_ERR(kkey)) { 642 kfree(apqns); 643 return PTR_ERR(kkey); 644 } |
886 rc = apqns4key(kkey, kak.keylen, kak.flags, 887 apqns, &nr_apqns); 888 pr_debug("apqns4key()=%d\n", rc); | 645 rc = pkey_handler_apqns_for_key(kkey, kak.keylen, kak.flags, 646 apqns, &nr_apqns); 647 pr_debug("apqns_for_key()=%d\n", rc); |
889 kfree_sensitive(kkey); 890 if (rc && rc != -ENOSPC) { 891 kfree(apqns); 892 return rc; 893 } 894 if (!rc && kak.apqns) { 895 if (nr_apqns > kak.apqn_entries) { 896 kfree(apqns); --- 27 unchanged lines hidden (view full) --- 924 nr_apqns = kat.apqn_entries; 925 if (nr_apqns) { 926 apqns = kmalloc_array(nr_apqns, 927 sizeof(struct pkey_apqn), 928 GFP_KERNEL); 929 if (!apqns) 930 return -ENOMEM; 931 } | 648 kfree_sensitive(kkey); 649 if (rc && rc != -ENOSPC) { 650 kfree(apqns); 651 return rc; 652 } 653 if (!rc && kak.apqns) { 654 if (nr_apqns > kak.apqn_entries) { 655 kfree(apqns); --- 27 unchanged lines hidden (view full) --- 683 nr_apqns = kat.apqn_entries; 684 if (nr_apqns) { 685 apqns = kmalloc_array(nr_apqns, 686 sizeof(struct pkey_apqn), 687 GFP_KERNEL); 688 if (!apqns) 689 return -ENOMEM; 690 } |
932 rc = apqns4keytype(kat.type, kat.cur_mkvp, kat.alt_mkvp, 933 kat.flags, apqns, &nr_apqns); 934 pr_debug("apqns4keytype()=%d\n", rc); | 691 rc = pkey_handler_apqns_for_keytype(kat.type, 692 kat.cur_mkvp, kat.alt_mkvp, 693 kat.flags, apqns, &nr_apqns); 694 pr_debug("apqns_for_keytype()=%d\n", rc); |
935 if (rc && rc != -ENOSPC) { 936 kfree(apqns); 937 return rc; 938 } 939 if (!rc && kat.apqns) { 940 if (nr_apqns > kat.apqn_entries) { 941 kfree(apqns); 942 return -EINVAL; --- 144 unchanged lines hidden (view full) --- 1087static struct miscdevice pkey_dev = { 1088 .name = "pkey", 1089 .minor = MISC_DYNAMIC_MINOR, 1090 .mode = 0666, 1091 .fops = &pkey_fops, 1092 .groups = pkey_attr_groups, 1093}; 1094 | 695 if (rc && rc != -ENOSPC) { 696 kfree(apqns); 697 return rc; 698 } 699 if (!rc && kat.apqns) { 700 if (nr_apqns > kat.apqn_entries) { 701 kfree(apqns); 702 return -EINVAL; --- 144 unchanged lines hidden (view full) --- 847static struct miscdevice pkey_dev = { 848 .name = "pkey", 849 .minor = MISC_DYNAMIC_MINOR, 850 .mode = 0666, 851 .fops = &pkey_fops, 852 .groups = pkey_attr_groups, 853}; 854 |
1095/* 1096 * Module init 1097 */ 1098static int __init pkey_init(void) | 855int __init pkey_api_init(void) |
1099{ | 856{ |
1100 cpacf_mask_t func_mask; 1101 1102 /* 1103 * The pckmo instruction should be available - even if we don't 1104 * actually invoke it. This instruction comes with MSA 3 which 1105 * is also the minimum level for the kmc instructions which 1106 * are able to work with protected keys. 1107 */ 1108 if (!cpacf_query(CPACF_PCKMO, &func_mask)) 1109 return -ENODEV; 1110 1111 /* check for kmc instructions available */ 1112 if (!cpacf_query(CPACF_KMC, &func_mask)) 1113 return -ENODEV; 1114 if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) || 1115 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) || 1116 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256)) 1117 return -ENODEV; 1118 1119 pkey_debug_init(); 1120 | 857 /* register as a misc device */ |
1121 return misc_register(&pkey_dev); 1122} 1123 | 858 return misc_register(&pkey_dev); 859} 860 |
1124/* 1125 * Module exit 1126 */ 1127static void __exit pkey_exit(void) | 861void __exit pkey_api_exit(void) |
1128{ 1129 misc_deregister(&pkey_dev); | 862{ 863 misc_deregister(&pkey_dev); |
1130 pkey_debug_exit(); | |
1131} | 864} |
1132 1133module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init); 1134module_exit(pkey_exit); | |