pkey_api.c (ea88e1710a9f19345c94c195f9cd7365e50343b0) pkey_api.c (8fcc231ce3bea12b78bb94b280cdc03cff342435)
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * pkey device driver
4 *
5 * Copyright IBM Corp. 2017, 2023
6 *
7 * Author(s): Harald Freudenberger
8 */
9
10#define KMSG_COMPONENT "pkey"
11#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
12
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * pkey device driver
4 *
5 * Copyright IBM Corp. 2017, 2023
6 *
7 * Author(s): Harald Freudenberger
8 */
9
10#define KMSG_COMPONENT "pkey"
11#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
12
13#include <linux/fs.h>
14#include <linux/init.h>
15#include <linux/miscdevice.h>
13#include <linux/init.h>
14#include <linux/miscdevice.h>
16#include <linux/module.h>
17#include <linux/slab.h>
15#include <linux/slab.h>
18#include <linux/kallsyms.h>
19#include <linux/debugfs.h>
20#include <linux/cpufeature.h>
21#include <asm/zcrypt.h>
22#include <asm/cpacf.h>
23#include <asm/pkey.h>
24
25#include "zcrypt_api.h"
26#include "zcrypt_ccamisc.h"
16
17#include "zcrypt_api.h"
18#include "zcrypt_ccamisc.h"
27#include "zcrypt_ep11misc.h"
28
29#include "pkey_base.h"
30
19
20#include "pkey_base.h"
21
31MODULE_LICENSE("GPL");
32MODULE_AUTHOR("IBM Corporation");
33MODULE_DESCRIPTION("s390 protected key interface");
34
35/*
22/*
36 * Debug feature data and functions
37 */
38
39debug_info_t *pkey_dbf_info;
40
41static void __init pkey_debug_init(void)
42{
43 /* 5 arguments per dbf entry (including the format string ptr) */
44 pkey_dbf_info = debug_register("pkey", 1, 1, 5 * sizeof(long));
45 debug_register_view(pkey_dbf_info, &debug_sprintf_view);
46 debug_set_level(pkey_dbf_info, 3);
47}
48
49static void __exit pkey_debug_exit(void)
50{
51 debug_unregister(pkey_dbf_info);
52}
53
54/*
55 * Helper functions
56 */
57
23 * Helper functions
24 */
25
58static int apqns4key(const u8 *key, size_t keylen, u32 flags,
59 struct pkey_apqn *apqns, size_t *nr_apqns)
26static int key2protkey_fallback(const struct clearkeytoken *t,
27 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
60{
28{
61 if (pkey_is_cca_key(key, keylen)) {
62 return pkey_cca_apqns4key(key, keylen, flags,
63 apqns, nr_apqns);
64 } else if (pkey_is_ep11_key(key, keylen)) {
65 return pkey_ep11_apqns4key(key, keylen, flags,
66 apqns, nr_apqns);
67 } else {
68 struct keytoken_header *hdr = (struct keytoken_header *)key;
69
70 PKEY_DBF_ERR("%s unknown/unsupported key type %d version %d\n",
71 __func__, hdr->type, hdr->version);
72 return -EINVAL;
73 }
74}
75
76static int apqns4keytype(enum pkey_key_type ktype,
77 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
78 struct pkey_apqn *apqns, size_t *nr_apqns)
79{
80 if (pkey_is_cca_keytype(ktype)) {
81 return pkey_cca_apqns4type(ktype, cur_mkvp, alt_mkvp, flags,
82 apqns, nr_apqns);
83 } else if (pkey_is_ep11_keytype(ktype)) {
84 return pkey_ep11_apqns4type(ktype, cur_mkvp, alt_mkvp, flags,
85 apqns, nr_apqns);
86 } else {
87 PKEY_DBF_ERR("%s unknown/unsupported key type %d\n",
88 __func__, ktype);
89 return -EINVAL;
90 }
91}
92
93static int genseck2(const struct pkey_apqn *apqns, size_t nr_apqns,
94 enum pkey_key_type keytype, enum pkey_key_size keybitsize,
95 u32 flags, u8 *keybuf, u32 *keybuflen)
96{
97 int i, rc;
98 u32 u;
99
100 if (pkey_is_cca_keytype(keytype)) {
101 /* As of now only CCA AES key generation is supported */
102 u = pkey_aes_bitsize_to_keytype(keybitsize);
103 if (!u) {
104 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n",
105 __func__, keybitsize);
106 return -EINVAL;
107 }
108 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) {
109 rc = pkey_cca_gen_key(apqns[i].card,
110 apqns[i].domain,
111 u, keytype, keybitsize, flags,
112 keybuf, keybuflen, NULL);
113 }
114 } else if (pkey_is_ep11_keytype(keytype)) {
115 /* As of now only EP11 AES key generation is supported */
116 u = pkey_aes_bitsize_to_keytype(keybitsize);
117 if (!u) {
118 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n",
119 __func__, keybitsize);
120 return -EINVAL;
121 }
122 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) {
123 rc = pkey_ep11_gen_key(apqns[i].card,
124 apqns[i].domain,
125 u, keytype, keybitsize, flags,
126 keybuf, keybuflen, NULL);
127 }
128 } else {
129 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",
130 __func__, keytype);
131 return -EINVAL;
132 }
133
134 return rc;
135}
136
137static int clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
138 enum pkey_key_type keytype, enum pkey_key_size kbitsize,
139 u32 flags, const u8 *clrkey, u8 *keybuf, u32 *keybuflen)
140{
141 int i, rc;
142 u32 u;
143
144 if (pkey_is_cca_keytype(keytype)) {
145 /* As of now only CCA AES key generation is supported */
146 u = pkey_aes_bitsize_to_keytype(kbitsize);
147 if (!u) {
148 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n",
149 __func__, kbitsize);
150 return -EINVAL;
151 }
152 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) {
153 rc = pkey_cca_clr2key(apqns[i].card,
154 apqns[i].domain,
155 u, keytype, kbitsize, flags,
156 clrkey, kbitsize / 8,
157 keybuf, keybuflen, NULL);
158 }
159 } else if (pkey_is_ep11_keytype(keytype)) {
160 /* As of now only EP11 AES key generation is supported */
161 u = pkey_aes_bitsize_to_keytype(kbitsize);
162 if (!u) {
163 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n",
164 __func__, kbitsize);
165 return -EINVAL;
166 }
167 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) {
168 rc = pkey_ep11_clr2key(apqns[i].card,
169 apqns[i].domain,
170 u, keytype, kbitsize, flags,
171 clrkey, kbitsize / 8,
172 keybuf, keybuflen, NULL);
173 }
174 } else {
175 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",
176 __func__, keytype);
177 return -EINVAL;
178 }
179
180 return rc;
181}
182
183static int ccakey2protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
184 const u8 *key, size_t keylen,
185 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
186{
187 struct pkey_apqn *local_apqns = NULL;
188 int i, j, rc;
189
190 /* alloc space for list of apqns if no list given */
191 if (!apqns || (nr_apqns == 1 &&
192 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) {
193 nr_apqns = MAXAPQNSINLIST;
194 local_apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn),
195 GFP_KERNEL);
196 if (!local_apqns)
197 return -ENOMEM;
198 apqns = local_apqns;
199 }
200
201 /* try two times in case of failure */
202 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) {
203 if (local_apqns) {
204 /* gather list of apqns able to deal with this key */
205 nr_apqns = MAXAPQNSINLIST;
206 rc = pkey_cca_apqns4key(key, keylen, 0,
207 local_apqns, &nr_apqns);
208 if (rc)
209 continue;
210 }
211 /* go through the list of apqns until success or end */
212 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
213 rc = pkey_cca_key2protkey(apqns[j].card,
214 apqns[j].domain,
215 key, keylen,
216 protkey, protkeylen,
217 protkeytype);
218 }
219 }
220
221 kfree(local_apqns);
222
223 return rc;
224}
225
226static int ep11key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
227 const u8 *key, size_t keylen,
228 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
229{
230 struct pkey_apqn *local_apqns = NULL;
231 int i, j, rc;
232
233 /* alloc space for list of apqns if no list given */
234 if (!apqns || (nr_apqns == 1 &&
235 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) {
236 nr_apqns = MAXAPQNSINLIST;
237 local_apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn),
238 GFP_KERNEL);
239 if (!local_apqns)
240 return -ENOMEM;
241 apqns = local_apqns;
242 }
243
244 /* try two times in case of failure */
245 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) {
246 if (local_apqns) {
247 /* gather list of apqns able to deal with this key */
248 nr_apqns = MAXAPQNSINLIST;
249 rc = pkey_ep11_apqns4key(key, keylen, 0,
250 local_apqns, &nr_apqns);
251 if (rc)
252 continue;
253 }
254 /* go through the list of apqns until success or end */
255 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
256 rc = pkey_ep11_key2protkey(apqns[j].card,
257 apqns[j].domain,
258 key, keylen,
259 protkey, protkeylen,
260 protkeytype);
261 }
262 }
263
264 kfree(local_apqns);
265
266 return rc;
267}
268
269static int pckmokey2protkey_fallback(const struct clearkeytoken *t,
270 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
271{
272 size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE);
29 size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE);
273 struct pkey_apqn *apqns = NULL;
274 u32 keysize, tmplen;
30 u32 keysize, keybitsize, tmplen;
275 u8 *tmpbuf = NULL;
31 u8 *tmpbuf = NULL;
276 size_t nr_apqns;
277 int i, j, rc;
32 int i, rc;
278
279 /* As of now only for AES keys a fallback is available */
280
281 keysize = pkey_keytype_aes_to_size(t->keytype);
282 if (!keysize) {
283 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n",
284 __func__, t->keytype);
285 return -EINVAL;
286 }
287 if (t->len != keysize) {
288 PKEY_DBF_ERR("%s clear key AES token: invalid key len %u\n",
289 __func__, t->len);
290 return -EINVAL;
291 }
33
34 /* As of now only for AES keys a fallback is available */
35
36 keysize = pkey_keytype_aes_to_size(t->keytype);
37 if (!keysize) {
38 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n",
39 __func__, t->keytype);
40 return -EINVAL;
41 }
42 if (t->len != keysize) {
43 PKEY_DBF_ERR("%s clear key AES token: invalid key len %u\n",
44 __func__, t->len);
45 return -EINVAL;
46 }
47 keybitsize = 8 * keysize;
292
48
293 /* alloc tmp buffer and space for apqns */
49 /* alloc tmp key buffer */
294 tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC);
295 if (!tmpbuf)
296 return -ENOMEM;
50 tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC);
51 if (!tmpbuf)
52 return -ENOMEM;
297 nr_apqns = MAXAPQNSINLIST;
298 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL);
299 if (!apqns) {
300 kfree(tmpbuf);
301 return -ENOMEM;
302 }
303
304 /* try two times in case of failure */
305 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) {
306
307 /* CCA secure key way */
53
54 /* try two times in case of failure */
55 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) {
56
57 /* CCA secure key way */
308 nr_apqns = MAXAPQNSINLIST;
309 rc = pkey_cca_apqns4type(PKEY_TYPE_CCA_DATA,
310 NULL, NULL, 0, apqns, &nr_apqns);
311 pr_debug("pkey_cca_apqns4type(CCA_DATA)=%d\n", rc);
58 tmplen = tmpbuflen;
59 rc = pkey_handler_clr_to_key(NULL, 0,
60 t->keytype, PKEY_TYPE_CCA_DATA,
61 keybitsize, 0,
62 t->clearkey, t->len,
63 tmpbuf, &tmplen, NULL);
64 pr_debug("clr_to_key()=%d\n", rc);
312 if (rc)
313 goto try_via_ep11;
65 if (rc)
66 goto try_via_ep11;
314 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
315 tmplen = tmpbuflen;
316 rc = pkey_cca_clr2key(apqns[j].card, apqns[j].domain,
317 t->keytype, PKEY_TYPE_CCA_DATA,
318 8 * keysize, 0,
319 t->clearkey, t->len,
320 tmpbuf, &tmplen, NULL);
321 pr_debug("pkey_cca_clr2key()=%d\n", rc);
322 }
323 if (rc)
324 goto try_via_ep11;
325 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
326 rc = pkey_cca_key2protkey(apqns[j].card,
327 apqns[j].domain,
328 tmpbuf, tmplen,
329 protkey, protkeylen,
330 protkeytype);
331 pr_debug("pkey_cca_key2protkey()=%d\n", rc);
332 }
67 rc = pkey_handler_key_to_protkey(NULL, 0,
68 tmpbuf, tmplen,
69 protkey, protkeylen,
70 protkeytype);
71 pr_debug("key_to_protkey()=%d\n", rc);
333 if (!rc)
334 break;
335
336try_via_ep11:
337 /* the CCA way failed, try via EP11 */
72 if (!rc)
73 break;
74
75try_via_ep11:
76 /* the CCA way failed, try via EP11 */
338 nr_apqns = MAXAPQNSINLIST;
339 rc = pkey_ep11_apqns4type(PKEY_TYPE_EP11_AES,
340 NULL, NULL, 0, apqns, &nr_apqns);
341 pr_debug("pkey_ep11_apqns4type(EP11_AES)=%d\n", rc);
77 tmplen = tmpbuflen;
78 rc = pkey_handler_clr_to_key(NULL, 0,
79 t->keytype, PKEY_TYPE_EP11_AES,
80 keybitsize, 0,
81 t->clearkey, t->len,
82 tmpbuf, &tmplen, NULL);
83 pr_debug("clr_to_key()=%d\n", rc);
342 if (rc)
343 continue;
84 if (rc)
85 continue;
344 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
345 tmplen = tmpbuflen;
346 rc = pkey_ep11_clr2key(apqns[j].card, apqns[j].domain,
347 t->keytype, PKEY_TYPE_EP11_AES,
348 8 * keysize, 0,
349 t->clearkey, t->len,
350 tmpbuf, &tmplen, NULL);
351 pr_debug("pkey_ep11_clr2key()=%d\n", rc);
352 }
353 if (rc)
354 continue;
355 for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
356 rc = pkey_ep11_key2protkey(apqns[j].card,
357 apqns[j].domain,
358 tmpbuf, tmplen,
359 protkey, protkeylen,
360 protkeytype);
361 pr_debug("pkey_ep11_key2protkey()=%d\n", rc);
362 }
86 rc = pkey_handler_key_to_protkey(NULL, 0,
87 tmpbuf, tmplen,
88 protkey, protkeylen,
89 protkeytype);
90 pr_debug("key_to_protkey()=%d\n", rc);
363 }
364
365 kfree(tmpbuf);
91 }
92
93 kfree(tmpbuf);
366 kfree(apqns);
367
368 return rc;
369}
370
94
95 return rc;
96}
97
371static int pckmokey2protkey(const u8 *key, size_t keylen,
372 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
373{
374 int rc;
375
376 rc = pkey_pckmo_key2protkey(0, 0, key, keylen,
377 protkey, protkeylen, protkeytype);
378 if (rc == -ENODEV) {
379 struct keytoken_header *hdr = (struct keytoken_header *)key;
380 struct clearkeytoken *t = (struct clearkeytoken *)key;
381
382 /* maybe a fallback is possible */
383 if (hdr->type == TOKTYPE_NON_CCA &&
384 hdr->version == TOKVER_CLEAR_KEY) {
385 rc = pckmokey2protkey_fallback(t, protkey,
386 protkeylen,
387 protkeytype);
388 if (rc)
389 rc = -ENODEV;
390 }
391 }
392
393 if (rc)
394 PKEY_DBF_ERR("%s unable to build protected key from clear, rc=%d",
395 __func__, rc);
396
397 return rc;
398}
399
400static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
401 const u8 *key, size_t keylen,
402 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
403{
98static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
99 const u8 *key, size_t keylen,
100 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
101{
404 if (pkey_is_cca_key(key, keylen)) {
405 return ccakey2protkey(apqns, nr_apqns, key, keylen,
406 protkey, protkeylen, protkeytype);
407 } else if (pkey_is_ep11_key(key, keylen)) {
408 return ep11key2protkey(apqns, nr_apqns, key, keylen,
409 protkey, protkeylen, protkeytype);
410 } else if (pkey_is_pckmo_key(key, keylen)) {
411 return pckmokey2protkey(key, keylen,
412 protkey, protkeylen, protkeytype);
413 } else {
414 struct keytoken_header *hdr = (struct keytoken_header *)key;
102 struct keytoken_header *hdr = (struct keytoken_header *)key;
103 int i, rc;
415
104
416 PKEY_DBF_ERR("%s unknown/unsupported key type %d version %d\n",
417 __func__, hdr->type, hdr->version);
418 return -EINVAL;
105 /* retry two times */
106 for (rc = -ENODEV, i = 0; rc && i < 2; i++) {
107 /* First try the direct way */
108 rc = pkey_handler_key_to_protkey(apqns, nr_apqns,
109 key, keylen,
110 protkey, protkeylen,
111 protkeytype);
112 /* For some clear key tokens there exists a fallback way */
113 if (rc &&
114 hdr->type == TOKTYPE_NON_CCA &&
115 hdr->version == TOKVER_CLEAR_KEY)
116 rc = key2protkey_fallback((struct clearkeytoken *)key,
117 protkey, protkeylen,
118 protkeytype);
419 }
119 }
120
121 return rc;
420}
421
422/*
423 * In-Kernel function: Transform a key blob (of any type) into a protected key
424 */
425int pkey_key2protkey(const u8 *key, u32 keylen,
426 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
427{

--- 20 unchanged lines hidden (view full) ---

448 return NULL;
449
450 return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
451}
452
453static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs)
454{
455 struct pkey_genseck kgs;
122}
123
124/*
125 * In-Kernel function: Transform a key blob (of any type) into a protected key
126 */
127int pkey_key2protkey(const u8 *key, u32 keylen,
128 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
129{

--- 20 unchanged lines hidden (view full) ---

150 return NULL;
151
152 return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
153}
154
155static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs)
156{
157 struct pkey_genseck kgs;
158 struct pkey_apqn apqn;
456 u32 keybuflen;
457 int rc;
458
459 if (copy_from_user(&kgs, ugs, sizeof(kgs)))
460 return -EFAULT;
159 u32 keybuflen;
160 int rc;
161
162 if (copy_from_user(&kgs, ugs, sizeof(kgs)))
163 return -EFAULT;
164
165 apqn.card = kgs.cardnr;
166 apqn.domain = kgs.domain;
461 keybuflen = sizeof(kgs.seckey.seckey);
167 keybuflen = sizeof(kgs.seckey.seckey);
462 rc = pkey_cca_gen_key(kgs.cardnr, kgs.domain,
463 kgs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,
464 kgs.seckey.seckey, &keybuflen, NULL);
465 pr_debug("pkey_cca_gen_key()=%d\n", rc);
168 rc = pkey_handler_gen_key(&apqn, 1,
169 kgs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,
170 kgs.seckey.seckey, &keybuflen, NULL);
171 pr_debug("gen_key()=%d\n", rc);
466 if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs)))
467 rc = -EFAULT;
468 memzero_explicit(&kgs, sizeof(kgs));
469
470 return rc;
471}
472
473static int pkey_ioctl_clr2seck(struct pkey_clr2seck __user *ucs)
474{
475 struct pkey_clr2seck kcs;
172 if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs)))
173 rc = -EFAULT;
174 memzero_explicit(&kgs, sizeof(kgs));
175
176 return rc;
177}
178
179static int pkey_ioctl_clr2seck(struct pkey_clr2seck __user *ucs)
180{
181 struct pkey_clr2seck kcs;
182 struct pkey_apqn apqn;
476 u32 keybuflen;
477 int rc;
478
479 if (copy_from_user(&kcs, ucs, sizeof(kcs)))
480 return -EFAULT;
183 u32 keybuflen;
184 int rc;
185
186 if (copy_from_user(&kcs, ucs, sizeof(kcs)))
187 return -EFAULT;
188
189 apqn.card = kcs.cardnr;
190 apqn.domain = kcs.domain;
481 keybuflen = sizeof(kcs.seckey.seckey);
191 keybuflen = sizeof(kcs.seckey.seckey);
482 rc = pkey_cca_clr2key(kcs.cardnr, kcs.domain,
483 kcs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,
484 kcs.clrkey.clrkey,
485 pkey_keytype_aes_to_size(kcs.keytype),
486 kcs.seckey.seckey, &keybuflen, NULL);
487 pr_debug("pkey_cca_clr2key()=%d\n", rc);
192 rc = pkey_handler_clr_to_key(&apqn, 1,
193 kcs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,
194 kcs.clrkey.clrkey,
195 pkey_keytype_aes_to_size(kcs.keytype),
196 kcs.seckey.seckey, &keybuflen, NULL);
197 pr_debug("clr_to_key()=%d\n", rc);
488 if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs)))
489 rc = -EFAULT;
490 memzero_explicit(&kcs, sizeof(kcs));
491
492 return rc;
493}
494
495static int pkey_ioctl_sec2protk(struct pkey_sec2protk __user *usp)
496{
497 struct pkey_sec2protk ksp;
198 if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs)))
199 rc = -EFAULT;
200 memzero_explicit(&kcs, sizeof(kcs));
201
202 return rc;
203}
204
205static int pkey_ioctl_sec2protk(struct pkey_sec2protk __user *usp)
206{
207 struct pkey_sec2protk ksp;
208 struct pkey_apqn apqn;
498 int rc;
499
500 if (copy_from_user(&ksp, usp, sizeof(ksp)))
501 return -EFAULT;
209 int rc;
210
211 if (copy_from_user(&ksp, usp, sizeof(ksp)))
212 return -EFAULT;
213
214 apqn.card = ksp.cardnr;
215 apqn.domain = ksp.domain;
502 ksp.protkey.len = sizeof(ksp.protkey.protkey);
216 ksp.protkey.len = sizeof(ksp.protkey.protkey);
503 rc = pkey_cca_key2protkey(ksp.cardnr, ksp.domain,
504 ksp.seckey.seckey, sizeof(ksp.seckey.seckey),
505 ksp.protkey.protkey,
506 &ksp.protkey.len, &ksp.protkey.type);
507 pr_debug("pkey_cca_key2protkey()=%d\n", rc);
217 rc = pkey_handler_key_to_protkey(&apqn, 1,
218 ksp.seckey.seckey,
219 sizeof(ksp.seckey.seckey),
220 ksp.protkey.protkey,
221 &ksp.protkey.len, &ksp.protkey.type);
222 pr_debug("key_to_protkey()=%d\n", rc);
508 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp)))
509 rc = -EFAULT;
510 memzero_explicit(&ksp, sizeof(ksp));
511
512 return rc;
513}
514
515static int pkey_ioctl_clr2protk(struct pkey_clr2protk __user *ucp)
516{
517 struct pkey_clr2protk kcp;
223 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp)))
224 rc = -EFAULT;
225 memzero_explicit(&ksp, sizeof(ksp));
226
227 return rc;
228}
229
230static int pkey_ioctl_clr2protk(struct pkey_clr2protk __user *ucp)
231{
232 struct pkey_clr2protk kcp;
233 struct clearkeytoken *t;
234 u32 keylen;
235 u8 *tmpbuf;
518 int rc;
519
520 if (copy_from_user(&kcp, ucp, sizeof(kcp)))
521 return -EFAULT;
236 int rc;
237
238 if (copy_from_user(&kcp, ucp, sizeof(kcp)))
239 return -EFAULT;
240
241 /* build a 'clear key token' from the clear key value */
242 keylen = pkey_keytype_aes_to_size(kcp.keytype);
243 if (!keylen) {
244 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n",
245 __func__, kcp.keytype);
246 memzero_explicit(&kcp, sizeof(kcp));
247 return -EINVAL;
248 }
249 tmpbuf = kzalloc(sizeof(*t) + keylen, GFP_KERNEL);
250 if (!tmpbuf) {
251 memzero_explicit(&kcp, sizeof(kcp));
252 return -ENOMEM;
253 }
254 t = (struct clearkeytoken *)tmpbuf;
255 t->type = TOKTYPE_NON_CCA;
256 t->version = TOKVER_CLEAR_KEY;
257 t->keytype = (keylen - 8) >> 3;
258 t->len = keylen;
259 memcpy(t->clearkey, kcp.clrkey.clrkey, keylen);
522 kcp.protkey.len = sizeof(kcp.protkey.protkey);
260 kcp.protkey.len = sizeof(kcp.protkey.protkey);
523 rc = pkey_pckmo_clr2key(0, 0, kcp.keytype, 0, 0, 0,
524 kcp.clrkey.clrkey, 0,
525 kcp.protkey.protkey,
526 &kcp.protkey.len, &kcp.protkey.type);
527 pr_debug("pkey_pckmo_clr2key()=%d\n", rc);
261
262 rc = key2protkey(NULL, 0,
263 tmpbuf, sizeof(*t) + keylen,
264 kcp.protkey.protkey,
265 &kcp.protkey.len, &kcp.protkey.type);
266 pr_debug("key2protkey()=%d\n", rc);
267
268 kfree_sensitive(tmpbuf);
269
528 if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp)))
529 rc = -EFAULT;
530 memzero_explicit(&kcp, sizeof(kcp));
531
532 return rc;
533}
534
535static int pkey_ioctl_findcard(struct pkey_findcard __user *ufc)
536{
537 struct pkey_findcard kfc;
538 struct pkey_apqn *apqns;
539 size_t nr_apqns;
540 int rc;
541
542 if (copy_from_user(&kfc, ufc, sizeof(kfc)))
543 return -EFAULT;
544
270 if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp)))
271 rc = -EFAULT;
272 memzero_explicit(&kcp, sizeof(kcp));
273
274 return rc;
275}
276
277static int pkey_ioctl_findcard(struct pkey_findcard __user *ufc)
278{
279 struct pkey_findcard kfc;
280 struct pkey_apqn *apqns;
281 size_t nr_apqns;
282 int rc;
283
284 if (copy_from_user(&kfc, ufc, sizeof(kfc)))
285 return -EFAULT;
286
545 if (!pkey_is_cca_key(kfc.seckey.seckey, sizeof(kfc.seckey.seckey)))
546 return -EINVAL;
547
548 nr_apqns = MAXAPQNSINLIST;
549 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL);
550 if (!apqns)
551 return -ENOMEM;
287 nr_apqns = MAXAPQNSINLIST;
288 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL);
289 if (!apqns)
290 return -ENOMEM;
552 rc = pkey_cca_apqns4key(kfc.seckey.seckey,
553 sizeof(kfc.seckey.seckey),
554 PKEY_FLAGS_MATCH_CUR_MKVP,
555 apqns, &nr_apqns);
556 if (rc == -ENODEV)
557 rc = pkey_cca_apqns4key(kfc.seckey.seckey,
291
292 rc = pkey_handler_apqns_for_key(kfc.seckey.seckey,
558 sizeof(kfc.seckey.seckey),
293 sizeof(kfc.seckey.seckey),
559 PKEY_FLAGS_MATCH_ALT_MKVP,
294 PKEY_FLAGS_MATCH_CUR_MKVP,
560 apqns, &nr_apqns);
295 apqns, &nr_apqns);
561 pr_debug("pkey_cca_apqns4key()=%d\n", rc);
296 if (rc == -ENODEV)
297 rc = pkey_handler_apqns_for_key(kfc.seckey.seckey,
298 sizeof(kfc.seckey.seckey),
299 PKEY_FLAGS_MATCH_ALT_MKVP,
300 apqns, &nr_apqns);
301 pr_debug("apqns_for_key()=%d\n", rc);
562 if (rc) {
563 kfree(apqns);
564 return rc;
565 }
566 kfc.cardnr = apqns[0].card;
567 kfc.domain = apqns[0].domain;
568 kfree(apqns);
569 if (copy_to_user(ufc, &kfc, sizeof(kfc)))
570 return -EFAULT;
571
572 return 0;
573}
574
575static int pkey_ioctl_skey2pkey(struct pkey_skey2pkey __user *usp)
576{
577 struct pkey_skey2pkey ksp;
302 if (rc) {
303 kfree(apqns);
304 return rc;
305 }
306 kfc.cardnr = apqns[0].card;
307 kfc.domain = apqns[0].domain;
308 kfree(apqns);
309 if (copy_to_user(ufc, &kfc, sizeof(kfc)))
310 return -EFAULT;
311
312 return 0;
313}
314
315static int pkey_ioctl_skey2pkey(struct pkey_skey2pkey __user *usp)
316{
317 struct pkey_skey2pkey ksp;
578 struct pkey_apqn *apqns;
579 size_t nr_apqns;
580 int i, rc;
318 int rc;
581
582 if (copy_from_user(&ksp, usp, sizeof(ksp)))
583 return -EFAULT;
584
319
320 if (copy_from_user(&ksp, usp, sizeof(ksp)))
321 return -EFAULT;
322
585 if (!pkey_is_cca_key(ksp.seckey.seckey, sizeof(ksp.seckey.seckey)))
586 return -EINVAL;
587
588 nr_apqns = MAXAPQNSINLIST;
589 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL);
590 if (!apqns)
591 return -ENOMEM;
592 rc = pkey_cca_apqns4key(ksp.seckey.seckey, sizeof(ksp.seckey.seckey),
593 0, apqns, &nr_apqns);
594 pr_debug("pkey_cca_apqns4key()=%d\n", rc);
595 if (rc) {
596 kfree(apqns);
597 return rc;
598 }
599 ksp.protkey.len = sizeof(ksp.protkey.protkey);
323 ksp.protkey.len = sizeof(ksp.protkey.protkey);
600 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) {
601 rc = pkey_cca_key2protkey(apqns[i].card, apqns[i].domain,
602 ksp.seckey.seckey,
603 sizeof(ksp.seckey.seckey),
604 ksp.protkey.protkey,
605 &ksp.protkey.len,
606 &ksp.protkey.type);
607 pr_debug("pkey_cca_key2protkey()=%d\n", rc);
608 }
609 kfree(apqns);
324 rc = pkey_handler_key_to_protkey(NULL, 0,
325 ksp.seckey.seckey,
326 sizeof(ksp.seckey.seckey),
327 ksp.protkey.protkey,
328 &ksp.protkey.len,
329 &ksp.protkey.type);
330 pr_debug("key_to_protkey()=%d\n", rc);
610 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp)))
611 rc = -EFAULT;
612 memzero_explicit(&ksp, sizeof(ksp));
613
614 return rc;
615}
616
617static int pkey_ioctl_verifykey(struct pkey_verifykey __user *uvk)
618{
619 u32 keytype, keybitsize, flags;
620 struct pkey_verifykey kvk;
621 int rc;
622
623 if (copy_from_user(&kvk, uvk, sizeof(kvk)))
624 return -EFAULT;
331 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp)))
332 rc = -EFAULT;
333 memzero_explicit(&ksp, sizeof(ksp));
334
335 return rc;
336}
337
338static int pkey_ioctl_verifykey(struct pkey_verifykey __user *uvk)
339{
340 u32 keytype, keybitsize, flags;
341 struct pkey_verifykey kvk;
342 int rc;
343
344 if (copy_from_user(&kvk, uvk, sizeof(kvk)))
345 return -EFAULT;
346
625 kvk.cardnr = 0xFFFF;
626 kvk.domain = 0xFFFF;
347 kvk.cardnr = 0xFFFF;
348 kvk.domain = 0xFFFF;
627 rc = pkey_cca_verifykey(kvk.seckey.seckey, sizeof(kvk.seckey.seckey),
628 &kvk.cardnr, &kvk.domain,
629 &keytype, &keybitsize, &flags);
630 pr_debug("pkey_cca_verifykey()=%d\n", rc);
349 rc = pkey_handler_verify_key(kvk.seckey.seckey,
350 sizeof(kvk.seckey.seckey),
351 &kvk.cardnr, &kvk.domain,
352 &keytype, &keybitsize, &flags);
353 pr_debug("verify_key()=%d\n", rc);
631 if (!rc && keytype != PKEY_TYPE_CCA_DATA)
632 rc = -EINVAL;
633 kvk.attributes = PKEY_VERIFY_ATTR_AES;
634 kvk.keysize = (u16)keybitsize;
635 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
636 kvk.attributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
637 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk)))
638 rc = -EFAULT;

--- 4 unchanged lines hidden (view full) ---

643
644static int pkey_ioctl_genprotk(struct pkey_genprotk __user *ugp)
645{
646 struct pkey_genprotk kgp;
647 int rc;
648
649 if (copy_from_user(&kgp, ugp, sizeof(kgp)))
650 return -EFAULT;
354 if (!rc && keytype != PKEY_TYPE_CCA_DATA)
355 rc = -EINVAL;
356 kvk.attributes = PKEY_VERIFY_ATTR_AES;
357 kvk.keysize = (u16)keybitsize;
358 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
359 kvk.attributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
360 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk)))
361 rc = -EFAULT;

--- 4 unchanged lines hidden (view full) ---

366
367static int pkey_ioctl_genprotk(struct pkey_genprotk __user *ugp)
368{
369 struct pkey_genprotk kgp;
370 int rc;
371
372 if (copy_from_user(&kgp, ugp, sizeof(kgp)))
373 return -EFAULT;
374
651 kgp.protkey.len = sizeof(kgp.protkey.protkey);
375 kgp.protkey.len = sizeof(kgp.protkey.protkey);
652 rc = pkey_pckmo_gen_key(0, 0, kgp.keytype, 0, 0, 0,
653 kgp.protkey.protkey,
654 &kgp.protkey.len, &kgp.protkey.type);
655 pr_debug("pkey_pckmo_gen_key()=%d\n", rc);
376 rc = pkey_handler_gen_key(NULL, 0, kgp.keytype,
377 PKEY_TYPE_PROTKEY, 0, 0,
378 kgp.protkey.protkey, &kgp.protkey.len,
379 &kgp.protkey.type);
380 pr_debug("gen_key()=%d\n", rc);
656 if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp)))
657 rc = -EFAULT;
658 memzero_explicit(&kgp, sizeof(kgp));
659
660 return rc;
661}
662
663static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp)
664{
665 struct pkey_verifyprotk kvp;
381 if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp)))
382 rc = -EFAULT;
383 memzero_explicit(&kgp, sizeof(kgp));
384
385 return rc;
386}
387
388static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp)
389{
390 struct pkey_verifyprotk kvp;
391 struct protaeskeytoken *t;
392 u32 keytype;
393 u8 *tmpbuf;
666 int rc;
667
668 if (copy_from_user(&kvp, uvp, sizeof(kvp)))
669 return -EFAULT;
394 int rc;
395
396 if (copy_from_user(&kvp, uvp, sizeof(kvp)))
397 return -EFAULT;
670 rc = pkey_pckmo_verifykey(kvp.protkey.protkey, kvp.protkey.len,
671 0, 0, &kvp.protkey.type, 0, 0);
672 pr_debug("pkey_pckmo_verifykey()=%d\n", rc);
398
399 keytype = pkey_aes_bitsize_to_keytype(8 * kvp.protkey.len);
400 if (!keytype) {
401 PKEY_DBF_ERR("%s unknown/unsupported protkey length %u\n",
402 __func__, kvp.protkey.len);
403 memzero_explicit(&kvp, sizeof(kvp));
404 return -EINVAL;
405 }
406
407 /* build a 'protected key token' from the raw protected key */
408 tmpbuf = kzalloc(sizeof(*t), GFP_KERNEL);
409 if (!tmpbuf) {
410 memzero_explicit(&kvp, sizeof(kvp));
411 return -ENOMEM;
412 }
413 t = (struct protaeskeytoken *)tmpbuf;
414 t->type = TOKTYPE_NON_CCA;
415 t->version = TOKVER_PROTECTED_KEY;
416 t->keytype = keytype;
417 t->len = kvp.protkey.len;
418 memcpy(t->protkey, kvp.protkey.protkey, kvp.protkey.len);
419
420 rc = pkey_handler_verify_key(tmpbuf, sizeof(*t),
421 NULL, NULL, NULL, NULL, NULL);
422 pr_debug("verify_key()=%d\n", rc);
423
424 kfree_sensitive(tmpbuf);
673 memzero_explicit(&kvp, sizeof(kvp));
674
675 return rc;
676}
677
678static int pkey_ioctl_kblob2protk(struct pkey_kblob2pkey __user *utp)
679{
680 struct pkey_kblob2pkey ktp;

--- 20 unchanged lines hidden (view full) ---

701
702static int pkey_ioctl_genseck2(struct pkey_genseck2 __user *ugs)
703{
704 u32 klen = KEYBLOBBUFSIZE;
705 struct pkey_genseck2 kgs;
706 struct pkey_apqn *apqns;
707 u8 *kkey;
708 int rc;
425 memzero_explicit(&kvp, sizeof(kvp));
426
427 return rc;
428}
429
430static int pkey_ioctl_kblob2protk(struct pkey_kblob2pkey __user *utp)
431{
432 struct pkey_kblob2pkey ktp;

--- 20 unchanged lines hidden (view full) ---

453
454static int pkey_ioctl_genseck2(struct pkey_genseck2 __user *ugs)
455{
456 u32 klen = KEYBLOBBUFSIZE;
457 struct pkey_genseck2 kgs;
458 struct pkey_apqn *apqns;
459 u8 *kkey;
460 int rc;
461 u32 u;
709
710 if (copy_from_user(&kgs, ugs, sizeof(kgs)))
711 return -EFAULT;
462
463 if (copy_from_user(&kgs, ugs, sizeof(kgs)))
464 return -EFAULT;
465 u = pkey_aes_bitsize_to_keytype(kgs.size);
466 if (!u) {
467 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n",
468 __func__, kgs.size);
469 return -EINVAL;
470 }
712 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries);
713 if (IS_ERR(apqns))
714 return PTR_ERR(apqns);
715 kkey = kzalloc(klen, GFP_KERNEL);
716 if (!kkey) {
717 kfree(apqns);
718 return -ENOMEM;
719 }
471 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries);
472 if (IS_ERR(apqns))
473 return PTR_ERR(apqns);
474 kkey = kzalloc(klen, GFP_KERNEL);
475 if (!kkey) {
476 kfree(apqns);
477 return -ENOMEM;
478 }
720 rc = genseck2(apqns, kgs.apqn_entries,
721 kgs.type, kgs.size, kgs.keygenflags,
722 kkey, &klen);
723 pr_debug("genseckey2()=%d\n", rc);
479 rc = pkey_handler_gen_key(apqns, kgs.apqn_entries,
480 u, kgs.type, kgs.size, kgs.keygenflags,
481 kkey, &klen, NULL);
482 pr_debug("gen_key()=%d\n", rc);
724 kfree(apqns);
725 if (rc) {
726 kfree_sensitive(kkey);
727 return rc;
728 }
729 if (kgs.key) {
730 if (kgs.keylen < klen) {
731 kfree_sensitive(kkey);

--- 14 unchanged lines hidden (view full) ---

746
747static int pkey_ioctl_clr2seck2(struct pkey_clr2seck2 __user *ucs)
748{
749 u32 klen = KEYBLOBBUFSIZE;
750 struct pkey_clr2seck2 kcs;
751 struct pkey_apqn *apqns;
752 u8 *kkey;
753 int rc;
483 kfree(apqns);
484 if (rc) {
485 kfree_sensitive(kkey);
486 return rc;
487 }
488 if (kgs.key) {
489 if (kgs.keylen < klen) {
490 kfree_sensitive(kkey);

--- 14 unchanged lines hidden (view full) ---

505
506static int pkey_ioctl_clr2seck2(struct pkey_clr2seck2 __user *ucs)
507{
508 u32 klen = KEYBLOBBUFSIZE;
509 struct pkey_clr2seck2 kcs;
510 struct pkey_apqn *apqns;
511 u8 *kkey;
512 int rc;
513 u32 u;
754
755 if (copy_from_user(&kcs, ucs, sizeof(kcs)))
756 return -EFAULT;
514
515 if (copy_from_user(&kcs, ucs, sizeof(kcs)))
516 return -EFAULT;
517 u = pkey_aes_bitsize_to_keytype(kcs.size);
518 if (!u) {
519 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n",
520 __func__, kcs.size);
521 memzero_explicit(&kcs, sizeof(kcs));
522 return -EINVAL;
523 }
757 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
758 if (IS_ERR(apqns)) {
759 memzero_explicit(&kcs, sizeof(kcs));
760 return PTR_ERR(apqns);
761 }
762 kkey = kzalloc(klen, GFP_KERNEL);
763 if (!kkey) {
764 kfree(apqns);
765 memzero_explicit(&kcs, sizeof(kcs));
766 return -ENOMEM;
767 }
524 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
525 if (IS_ERR(apqns)) {
526 memzero_explicit(&kcs, sizeof(kcs));
527 return PTR_ERR(apqns);
528 }
529 kkey = kzalloc(klen, GFP_KERNEL);
530 if (!kkey) {
531 kfree(apqns);
532 memzero_explicit(&kcs, sizeof(kcs));
533 return -ENOMEM;
534 }
768 rc = clr2seckey2(apqns, kcs.apqn_entries,
769 kcs.type, kcs.size, kcs.keygenflags,
770 kcs.clrkey.clrkey, kkey, &klen);
771 pr_debug("clr2seckey2()=%d\n", rc);
535 rc = pkey_handler_clr_to_key(apqns, kcs.apqn_entries,
536 u, kcs.type, kcs.size, kcs.keygenflags,
537 kcs.clrkey.clrkey, kcs.size / 8,
538 kkey, &klen, NULL);
539 pr_debug("clr_to_key()=%d\n", rc);
772 kfree(apqns);
773 if (rc) {
774 kfree_sensitive(kkey);
775 memzero_explicit(&kcs, sizeof(kcs));
776 return rc;
777 }
778 if (kcs.key) {
779 if (kcs.keylen < klen) {

--- 22 unchanged lines hidden (view full) ---

802 u8 *kkey;
803 int rc;
804
805 if (copy_from_user(&kvk, uvk, sizeof(kvk)))
806 return -EFAULT;
807 kkey = _copy_key_from_user(kvk.key, kvk.keylen);
808 if (IS_ERR(kkey))
809 return PTR_ERR(kkey);
540 kfree(apqns);
541 if (rc) {
542 kfree_sensitive(kkey);
543 memzero_explicit(&kcs, sizeof(kcs));
544 return rc;
545 }
546 if (kcs.key) {
547 if (kcs.keylen < klen) {

--- 22 unchanged lines hidden (view full) ---

570 u8 *kkey;
571 int rc;
572
573 if (copy_from_user(&kvk, uvk, sizeof(kvk)))
574 return -EFAULT;
575 kkey = _copy_key_from_user(kvk.key, kvk.keylen);
576 if (IS_ERR(kkey))
577 return PTR_ERR(kkey);
810 if (pkey_is_cca_key(kkey, kvk.keylen)) {
811 rc = pkey_cca_verifykey(kkey, kvk.keylen,
812 &kvk.cardnr, &kvk.domain,
813 &kvk.type, &kvk.size, &kvk.flags);
814 pr_debug("pkey_cca_verifykey()=%d\n", rc);
815 } else if (pkey_is_ep11_key(kkey, kvk.keylen)) {
816 rc = pkey_ep11_verifykey(kkey, kvk.keylen,
817 &kvk.cardnr, &kvk.domain,
818 &kvk.type, &kvk.size, &kvk.flags);
819 pr_debug("pkey_ep11_verifykey()=%d\n", rc);
820 } else {
821 rc = -EINVAL;
822 }
578
579 rc = pkey_handler_verify_key(kkey, kvk.keylen,
580 &kvk.cardnr, &kvk.domain,
581 &kvk.type, &kvk.size, &kvk.flags);
582 pr_debug("verify_key()=%d\n", rc);
583
823 kfree_sensitive(kkey);
584 kfree_sensitive(kkey);
824 if (rc)
825 return rc;
826 if (copy_to_user(uvk, &kvk, sizeof(kvk)))
585 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk)))
827 return -EFAULT;
828
586 return -EFAULT;
587
829 return 0;
588 return rc;
830}
831
832static int pkey_ioctl_kblob2protk2(struct pkey_kblob2pkey2 __user *utp)
833{
834 struct pkey_apqn *apqns = NULL;
835 struct pkey_kblob2pkey2 ktp;
836 u8 *kkey;
837 int rc;

--- 40 unchanged lines hidden (view full) ---

878 if (!apqns)
879 return -ENOMEM;
880 }
881 kkey = _copy_key_from_user(kak.key, kak.keylen);
882 if (IS_ERR(kkey)) {
883 kfree(apqns);
884 return PTR_ERR(kkey);
885 }
589}
590
591static int pkey_ioctl_kblob2protk2(struct pkey_kblob2pkey2 __user *utp)
592{
593 struct pkey_apqn *apqns = NULL;
594 struct pkey_kblob2pkey2 ktp;
595 u8 *kkey;
596 int rc;

--- 40 unchanged lines hidden (view full) ---

637 if (!apqns)
638 return -ENOMEM;
639 }
640 kkey = _copy_key_from_user(kak.key, kak.keylen);
641 if (IS_ERR(kkey)) {
642 kfree(apqns);
643 return PTR_ERR(kkey);
644 }
886 rc = apqns4key(kkey, kak.keylen, kak.flags,
887 apqns, &nr_apqns);
888 pr_debug("apqns4key()=%d\n", rc);
645 rc = pkey_handler_apqns_for_key(kkey, kak.keylen, kak.flags,
646 apqns, &nr_apqns);
647 pr_debug("apqns_for_key()=%d\n", rc);
889 kfree_sensitive(kkey);
890 if (rc && rc != -ENOSPC) {
891 kfree(apqns);
892 return rc;
893 }
894 if (!rc && kak.apqns) {
895 if (nr_apqns > kak.apqn_entries) {
896 kfree(apqns);

--- 27 unchanged lines hidden (view full) ---

924 nr_apqns = kat.apqn_entries;
925 if (nr_apqns) {
926 apqns = kmalloc_array(nr_apqns,
927 sizeof(struct pkey_apqn),
928 GFP_KERNEL);
929 if (!apqns)
930 return -ENOMEM;
931 }
648 kfree_sensitive(kkey);
649 if (rc && rc != -ENOSPC) {
650 kfree(apqns);
651 return rc;
652 }
653 if (!rc && kak.apqns) {
654 if (nr_apqns > kak.apqn_entries) {
655 kfree(apqns);

--- 27 unchanged lines hidden (view full) ---

683 nr_apqns = kat.apqn_entries;
684 if (nr_apqns) {
685 apqns = kmalloc_array(nr_apqns,
686 sizeof(struct pkey_apqn),
687 GFP_KERNEL);
688 if (!apqns)
689 return -ENOMEM;
690 }
932 rc = apqns4keytype(kat.type, kat.cur_mkvp, kat.alt_mkvp,
933 kat.flags, apqns, &nr_apqns);
934 pr_debug("apqns4keytype()=%d\n", rc);
691 rc = pkey_handler_apqns_for_keytype(kat.type,
692 kat.cur_mkvp, kat.alt_mkvp,
693 kat.flags, apqns, &nr_apqns);
694 pr_debug("apqns_for_keytype()=%d\n", rc);
935 if (rc && rc != -ENOSPC) {
936 kfree(apqns);
937 return rc;
938 }
939 if (!rc && kat.apqns) {
940 if (nr_apqns > kat.apqn_entries) {
941 kfree(apqns);
942 return -EINVAL;

--- 144 unchanged lines hidden (view full) ---

1087static struct miscdevice pkey_dev = {
1088 .name = "pkey",
1089 .minor = MISC_DYNAMIC_MINOR,
1090 .mode = 0666,
1091 .fops = &pkey_fops,
1092 .groups = pkey_attr_groups,
1093};
1094
695 if (rc && rc != -ENOSPC) {
696 kfree(apqns);
697 return rc;
698 }
699 if (!rc && kat.apqns) {
700 if (nr_apqns > kat.apqn_entries) {
701 kfree(apqns);
702 return -EINVAL;

--- 144 unchanged lines hidden (view full) ---

847static struct miscdevice pkey_dev = {
848 .name = "pkey",
849 .minor = MISC_DYNAMIC_MINOR,
850 .mode = 0666,
851 .fops = &pkey_fops,
852 .groups = pkey_attr_groups,
853};
854
1095/*
1096 * Module init
1097 */
1098static int __init pkey_init(void)
855int __init pkey_api_init(void)
1099{
856{
1100 cpacf_mask_t func_mask;
1101
1102 /*
1103 * The pckmo instruction should be available - even if we don't
1104 * actually invoke it. This instruction comes with MSA 3 which
1105 * is also the minimum level for the kmc instructions which
1106 * are able to work with protected keys.
1107 */
1108 if (!cpacf_query(CPACF_PCKMO, &func_mask))
1109 return -ENODEV;
1110
1111 /* check for kmc instructions available */
1112 if (!cpacf_query(CPACF_KMC, &func_mask))
1113 return -ENODEV;
1114 if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
1115 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||
1116 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))
1117 return -ENODEV;
1118
1119 pkey_debug_init();
1120
857 /* register as a misc device */
1121 return misc_register(&pkey_dev);
1122}
1123
858 return misc_register(&pkey_dev);
859}
860
1124/*
1125 * Module exit
1126 */
1127static void __exit pkey_exit(void)
861void __exit pkey_api_exit(void)
1128{
1129 misc_deregister(&pkey_dev);
862{
863 misc_deregister(&pkey_dev);
1130 pkey_debug_exit();
1131}
864}
1132
1133module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init);
1134module_exit(pkey_exit);