Lines Matching +full:inside +full:- +full:secure
1 // SPDX-License-Identifier: GPL-2.0+
44 * Simple check if the token is a valid CCA secure AES data key
55 if (t->type != TOKTYPE_CCA_INTERNAL) { in cca_check_secaeskeytoken()
58 __func__, (int)t->type, TOKTYPE_CCA_INTERNAL); in cca_check_secaeskeytoken()
59 return -EINVAL; in cca_check_secaeskeytoken()
61 if (t->version != TOKVER_CCA_AES) { in cca_check_secaeskeytoken()
64 __func__, (int)t->version, TOKVER_CCA_AES); in cca_check_secaeskeytoken()
65 return -EINVAL; in cca_check_secaeskeytoken()
67 if (keybitsize > 0 && t->bitsize != keybitsize) { in cca_check_secaeskeytoken()
70 __func__, (int)t->bitsize, keybitsize); in cca_check_secaeskeytoken()
71 return -EINVAL; in cca_check_secaeskeytoken()
81 * Simple check if the token is a valid CCA secure AES cipher key
96 if (t->type != TOKTYPE_CCA_INTERNAL) { in cca_check_secaescipherkey()
99 __func__, (int)t->type, TOKTYPE_CCA_INTERNAL); in cca_check_secaescipherkey()
100 return -EINVAL; in cca_check_secaescipherkey()
102 if (t->version != TOKVER_CCA_VLSC) { in cca_check_secaescipherkey()
105 __func__, (int)t->version, TOKVER_CCA_VLSC); in cca_check_secaescipherkey()
106 return -EINVAL; in cca_check_secaescipherkey()
108 if (t->algtype != 0x02) { in cca_check_secaescipherkey()
111 __func__, (int)t->algtype); in cca_check_secaescipherkey()
112 return -EINVAL; in cca_check_secaescipherkey()
114 if (t->keytype != 0x0001) { in cca_check_secaescipherkey()
117 __func__, (int)t->keytype); in cca_check_secaescipherkey()
118 return -EINVAL; in cca_check_secaescipherkey()
120 if (t->plfver != 0x00 && t->plfver != 0x01) { in cca_check_secaescipherkey()
123 __func__, (int)t->plfver); in cca_check_secaescipherkey()
124 return -EINVAL; in cca_check_secaescipherkey()
126 if (t->wpllen != 512 && t->wpllen != 576 && t->wpllen != 640) { in cca_check_secaescipherkey()
129 __func__, (int)t->wpllen); in cca_check_secaescipherkey()
130 return -EINVAL; in cca_check_secaescipherkey()
135 if (t->wpllen != (t->plfver ? 640 : 512)) in cca_check_secaescipherkey()
139 if (t->wpllen != (t->plfver ? 640 : 576)) in cca_check_secaescipherkey()
143 if (t->wpllen != 640) in cca_check_secaescipherkey()
154 return -EINVAL; in cca_check_secaescipherkey()
157 if (checkcpacfexport && !(t->kmf1 & KMF1_XPRT_CPAC)) { in cca_check_secaescipherkey()
161 return -EINVAL; in cca_check_secaescipherkey()
171 * Simple check if the token is a valid CCA secure ECC private
182 if (t->type != TOKTYPE_CCA_INTERNAL_PKA) { in cca_check_sececckeytoken()
185 __func__, (int)t->type, TOKTYPE_CCA_INTERNAL_PKA); in cca_check_sececckeytoken()
186 return -EINVAL; in cca_check_sececckeytoken()
188 if (t->len > keysize) { in cca_check_sececckeytoken()
191 __func__, (int)t->len, keysize); in cca_check_sececckeytoken()
192 return -EINVAL; in cca_check_sececckeytoken()
194 if (t->secid != 0x20) { in cca_check_sececckeytoken()
197 __func__, (int)t->secid); in cca_check_sececckeytoken()
198 return -EINVAL; in cca_check_sececckeytoken()
200 if (checkcpacfexport && !(t->kutc & 0x01)) { in cca_check_sececckeytoken()
204 return -EINVAL; in cca_check_sececckeytoken()
234 return -ENOMEM; in alloc_and_prep_cprbmem()
240 preqcblk->cprb_len = sizeof(struct CPRBX); in alloc_and_prep_cprbmem()
241 preqcblk->cprb_ver_id = 0x02; in alloc_and_prep_cprbmem()
242 memcpy(preqcblk->func_id, "T2", 2); in alloc_and_prep_cprbmem()
243 preqcblk->rpl_msgbl = cprbplusparamblen; in alloc_and_prep_cprbmem()
245 preqcblk->req_parmb = in alloc_and_prep_cprbmem()
247 preqcblk->rpl_parmb = in alloc_and_prep_cprbmem()
280 pxcrb->agent_ID = 0x4341; /* 'CA' */ in prep_xcrb()
281 pxcrb->user_defined = (cardnr == 0xFFFF ? AUTOSELECT : cardnr); in prep_xcrb()
282 pxcrb->request_control_blk_length = in prep_xcrb()
283 preqcblk->cprb_len + preqcblk->req_parml; in prep_xcrb()
284 pxcrb->request_control_blk_addr = (void __user *)preqcblk; in prep_xcrb()
285 pxcrb->reply_control_blk_length = preqcblk->rpl_msgbl; in prep_xcrb()
286 pxcrb->reply_control_blk_addr = (void __user *)prepcblk; in prep_xcrb()
290 * Generate (random) CCA AES DATA secure key.
340 preqcblk->domain = domain; in cca_genseckey()
343 preqparm = (struct kgreqparm __force *)preqcblk->req_parmb; in cca_genseckey()
344 memcpy(preqparm->subfunc_code, "KG", 2); in cca_genseckey()
345 preqparm->rule_array_len = sizeof(preqparm->rule_array_len); in cca_genseckey()
346 preqparm->lv1.len = sizeof(struct lv1); in cca_genseckey()
347 memcpy(preqparm->lv1.key_form, "OP ", 8); in cca_genseckey()
352 memcpy(preqparm->lv1.key_length, "KEYLN16 ", 8); in cca_genseckey()
357 memcpy(preqparm->lv1.key_length, "KEYLN24 ", 8); in cca_genseckey()
362 memcpy(preqparm->lv1.key_length, "KEYLN32 ", 8); in cca_genseckey()
367 rc = -EINVAL; in cca_genseckey()
370 memcpy(preqparm->lv1.key_type1, "AESDATA ", 8); in cca_genseckey()
371 preqparm->lv2.len = sizeof(struct lv2); in cca_genseckey()
373 preqparm->lv2.keyid[i].len = sizeof(struct keyid); in cca_genseckey()
374 preqparm->lv2.keyid[i].attr = (i == 2 ? 0x30 : 0x10); in cca_genseckey()
376 preqcblk->req_parml = sizeof(struct kgreqparm); in cca_genseckey()
390 if (prepcblk->ccp_rtcode != 0) { in cca_genseckey()
391 ZCRYPT_DBF_ERR("%s secure key generate failure, card response %d/%d\n", in cca_genseckey()
393 (int)prepcblk->ccp_rtcode, in cca_genseckey()
394 (int)prepcblk->ccp_rscode); in cca_genseckey()
395 rc = -EIO; in cca_genseckey()
401 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_genseckey()
404 /* check length of the returned secure key token */ in cca_genseckey()
405 seckeysize = prepparm->lv3.keyblock.toklen in cca_genseckey()
406 - sizeof(prepparm->lv3.keyblock.toklen) in cca_genseckey()
407 - sizeof(prepparm->lv3.keyblock.tokattr); in cca_genseckey()
409 ZCRYPT_DBF_ERR("%s secure token size mismatch %d != %d bytes\n", in cca_genseckey()
411 rc = -EIO; in cca_genseckey()
415 /* check secure key token */ in cca_genseckey()
417 prepparm->lv3.keyblock.tok, 8 * keysize); in cca_genseckey()
419 rc = -EIO; in cca_genseckey()
423 /* copy the generated secure key token */ in cca_genseckey()
424 memcpy(seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE); in cca_genseckey()
433 * Generate an CCA AES DATA secure key with given key value.
481 preqcblk->domain = domain; in cca_clr2seckey()
484 preqparm = (struct cmreqparm __force *)preqcblk->req_parmb; in cca_clr2seckey()
485 memcpy(preqparm->subfunc_code, "CM", 2); in cca_clr2seckey()
486 memcpy(preqparm->rule_array, "AES ", 8); in cca_clr2seckey()
487 preqparm->rule_array_len = in cca_clr2seckey()
488 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array); in cca_clr2seckey()
505 rc = -EINVAL; in cca_clr2seckey()
508 preqparm->lv1.len = sizeof(struct lv1) + keysize; in cca_clr2seckey()
509 memcpy(preqparm->lv1.clrkey, clrkey, keysize); in cca_clr2seckey()
511 plv2->len = sizeof(struct lv2); in cca_clr2seckey()
512 plv2->keyid.len = sizeof(struct keyid); in cca_clr2seckey()
513 plv2->keyid.attr = 0x30; in cca_clr2seckey()
514 preqcblk->req_parml = sizeof(*preqparm) + keysize + sizeof(*plv2); in cca_clr2seckey()
528 if (prepcblk->ccp_rtcode != 0) { in cca_clr2seckey()
531 (int)prepcblk->ccp_rtcode, in cca_clr2seckey()
532 (int)prepcblk->ccp_rscode); in cca_clr2seckey()
533 rc = -EIO; in cca_clr2seckey()
539 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_clr2seckey()
542 /* check length of the returned secure key token */ in cca_clr2seckey()
543 seckeysize = prepparm->lv3.keyblock.toklen in cca_clr2seckey()
544 - sizeof(prepparm->lv3.keyblock.toklen) in cca_clr2seckey()
545 - sizeof(prepparm->lv3.keyblock.tokattr); in cca_clr2seckey()
547 ZCRYPT_DBF_ERR("%s secure token size mismatch %d != %d bytes\n", in cca_clr2seckey()
549 rc = -EIO; in cca_clr2seckey()
553 /* check secure key token */ in cca_clr2seckey()
555 prepparm->lv3.keyblock.tok, 8 * keysize); in cca_clr2seckey()
557 rc = -EIO; in cca_clr2seckey()
561 /* copy the generated secure key token */ in cca_clr2seckey()
563 memcpy(seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE); in cca_clr2seckey()
572 * Derive proteced key from an CCA AES DATA secure key.
594 u8 token[]; /* cca secure key token */ in cca_sec2protkey()
627 preqcblk->domain = domain; in cca_sec2protkey()
630 preqparm = (struct uskreqparm __force *)preqcblk->req_parmb; in cca_sec2protkey()
631 memcpy(preqparm->subfunc_code, "US", 2); in cca_sec2protkey()
632 preqparm->rule_array_len = sizeof(preqparm->rule_array_len); in cca_sec2protkey()
633 preqparm->lv1.len = sizeof(struct lv1); in cca_sec2protkey()
634 preqparm->lv1.attr_len = sizeof(struct lv1) - sizeof(preqparm->lv1.len); in cca_sec2protkey()
635 preqparm->lv1.attr_flags = 0x0001; in cca_sec2protkey()
636 preqparm->lv2.len = sizeof(struct lv2) + SECKEYBLOBSIZE; in cca_sec2protkey()
637 preqparm->lv2.attr_len = sizeof(struct lv2) in cca_sec2protkey()
638 - sizeof(preqparm->lv2.len) + SECKEYBLOBSIZE; in cca_sec2protkey()
639 preqparm->lv2.attr_flags = 0x0000; in cca_sec2protkey()
640 memcpy(preqparm->lv2.token, seckey, SECKEYBLOBSIZE); in cca_sec2protkey()
641 preqcblk->req_parml = sizeof(struct uskreqparm) + SECKEYBLOBSIZE; in cca_sec2protkey()
655 if (prepcblk->ccp_rtcode != 0) { in cca_sec2protkey()
656 ZCRYPT_DBF_ERR("%s unwrap secure key failure, card response %d/%d\n", in cca_sec2protkey()
658 (int)prepcblk->ccp_rtcode, in cca_sec2protkey()
659 (int)prepcblk->ccp_rscode); in cca_sec2protkey()
660 if (prepcblk->ccp_rtcode == 8 && prepcblk->ccp_rscode == 2290) in cca_sec2protkey()
661 rc = -EBUSY; in cca_sec2protkey()
663 rc = -EIO; in cca_sec2protkey()
666 if (prepcblk->ccp_rscode != 0) { in cca_sec2protkey()
667 ZCRYPT_DBF_WARN("%s unwrap secure key warning, card response %d/%d\n", in cca_sec2protkey()
669 (int)prepcblk->ccp_rtcode, in cca_sec2protkey()
670 (int)prepcblk->ccp_rscode); in cca_sec2protkey()
675 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_sec2protkey()
679 if (prepparm->lv3.ckb.version != 0x01 && in cca_sec2protkey()
680 prepparm->lv3.ckb.version != 0x02) { in cca_sec2protkey()
682 __func__, (int)prepparm->lv3.ckb.version); in cca_sec2protkey()
683 rc = -EIO; in cca_sec2protkey()
688 switch (prepparm->lv3.ckb.len) { in cca_sec2protkey()
706 __func__, prepparm->lv3.ckb.len); in cca_sec2protkey()
707 rc = -EIO; in cca_sec2protkey()
710 memcpy(protkey, prepparm->lv3.ckb.key, prepparm->lv3.ckb.len); in cca_sec2protkey()
712 *protkeylen = prepparm->lv3.ckb.len; in cca_sec2protkey()
722 * INTERNAL, NO-KEY, AES, CIPHER, ANY-MODE, NOEX-SYM, NOEXAASY,
723 * NOEXUASY, XPRTCPAC, NOEX-RAW, NOEX-DES, NOEX-AES, NOEX-RSA
737 * Generate (random) CCA AES CIPHER secure key.
809 u8 gen_key[]; /* 120-136 bytes */ in cca_gencipherkey()
821 preqcblk->domain = domain; in cca_gencipherkey()
822 preqcblk->req_parml = sizeof(struct gkreqparm); in cca_gencipherkey()
825 preqparm = (struct gkreqparm __force *)preqcblk->req_parmb; in cca_gencipherkey()
826 memcpy(preqparm->subfunc_code, "GK", 2); in cca_gencipherkey()
827 preqparm->rule_array_len = sizeof(uint16_t) + 2 * 8; in cca_gencipherkey()
828 memcpy(preqparm->rule_array, "AES OP ", 2 * 8); in cca_gencipherkey()
831 preqparm->vud.len = sizeof(preqparm->vud); in cca_gencipherkey()
840 rc = -EINVAL; in cca_gencipherkey()
843 preqparm->vud.clear_key_bit_len = keybitsize; in cca_gencipherkey()
844 memcpy(preqparm->vud.key_type_1, "TOKEN ", 8); in cca_gencipherkey()
845 memset(preqparm->vud.key_type_2, ' ', sizeof(preqparm->vud.key_type_2)); in cca_gencipherkey()
848 preqparm->kb.len = sizeof(preqparm->kb); in cca_gencipherkey()
849 preqparm->kb.tlv1.len = sizeof(preqparm->kb.tlv1); in cca_gencipherkey()
850 preqparm->kb.tlv1.flag = 0x0030; in cca_gencipherkey()
851 preqparm->kb.tlv2.len = sizeof(preqparm->kb.tlv2); in cca_gencipherkey()
852 preqparm->kb.tlv2.flag = 0x0030; in cca_gencipherkey()
853 preqparm->kb.tlv3.len = sizeof(preqparm->kb.tlv3); in cca_gencipherkey()
854 preqparm->kb.tlv3.flag = 0x0030; in cca_gencipherkey()
855 memcpy(preqparm->kb.tlv3.gen_key_id_1, in cca_gencipherkey()
857 preqparm->kb.tlv4.len = sizeof(preqparm->kb.tlv4); in cca_gencipherkey()
858 preqparm->kb.tlv4.flag = 0x0030; in cca_gencipherkey()
859 preqparm->kb.tlv5.len = sizeof(preqparm->kb.tlv5); in cca_gencipherkey()
860 preqparm->kb.tlv5.flag = 0x0030; in cca_gencipherkey()
861 preqparm->kb.tlv6.len = sizeof(preqparm->kb.tlv6); in cca_gencipherkey()
862 preqparm->kb.tlv6.flag = 0x0030; in cca_gencipherkey()
864 /* patch the skeleton key token export flags inside the kb block */ in cca_gencipherkey()
866 t = (struct cipherkeytoken *)preqparm->kb.tlv3.gen_key_id_1; in cca_gencipherkey()
867 t->kmf1 |= (u16)(keygenflags & 0x0000FF00); in cca_gencipherkey()
868 t->kmf1 &= (u16)~(keygenflags & 0x000000FF); in cca_gencipherkey()
883 if (prepcblk->ccp_rtcode != 0) { in cca_gencipherkey()
886 (int)prepcblk->ccp_rtcode, in cca_gencipherkey()
887 (int)prepcblk->ccp_rscode); in cca_gencipherkey()
888 rc = -EIO; in cca_gencipherkey()
894 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_gencipherkey()
898 if (prepparm->kb.len < 120 + 5 * sizeof(uint16_t) || in cca_gencipherkey()
899 prepparm->kb.len > 136 + 5 * sizeof(uint16_t)) { in cca_gencipherkey()
902 rc = -EIO; in cca_gencipherkey()
908 prepparm->kb.tlv1.gen_key, in cca_gencipherkey()
911 rc = -EIO; in cca_gencipherkey()
916 t = (struct cipherkeytoken *)prepparm->kb.tlv1.gen_key; in cca_gencipherkey()
918 if (*keybufsize >= t->len) in cca_gencipherkey()
919 memcpy(keybuf, t, t->len); in cca_gencipherkey()
921 rc = -EINVAL; in cca_gencipherkey()
923 *keybufsize = t->len; in cca_gencipherkey()
997 preqcblk->domain = domain; in _ip_cprb_helper()
998 preqcblk->req_parml = 0; in _ip_cprb_helper()
1001 preq_ra_block = (struct rule_array_block __force *)preqcblk->req_parmb; in _ip_cprb_helper()
1002 memcpy(preq_ra_block->subfunc_code, "IP", 2); in _ip_cprb_helper()
1003 preq_ra_block->rule_array_len = sizeof(uint16_t) + 2 * 8; in _ip_cprb_helper()
1004 memcpy(preq_ra_block->rule_array, rule_array_1, 8); in _ip_cprb_helper()
1005 memcpy(preq_ra_block->rule_array + 8, rule_array_2, 8); in _ip_cprb_helper()
1006 preqcblk->req_parml = sizeof(struct rule_array_block) + 2 * 8; in _ip_cprb_helper()
1008 preq_ra_block->rule_array_len += 8; in _ip_cprb_helper()
1009 memcpy(preq_ra_block->rule_array + 16, rule_array_3, 8); in _ip_cprb_helper()
1010 preqcblk->req_parml += 8; in _ip_cprb_helper()
1015 (preqcblk->req_parmb + preqcblk->req_parml); in _ip_cprb_helper()
1017 preq_vud_block->len = sizeof(struct vud_block) + n; in _ip_cprb_helper()
1018 preq_vud_block->tlv1.len = sizeof(preq_vud_block->tlv1); in _ip_cprb_helper()
1019 preq_vud_block->tlv1.flag = 0x0064; in _ip_cprb_helper()
1020 preq_vud_block->tlv1.clr_key_bit_len = complete ? 0 : clr_key_bit_size; in _ip_cprb_helper()
1021 preq_vud_block->tlv2.len = sizeof(preq_vud_block->tlv2) + n; in _ip_cprb_helper()
1022 preq_vud_block->tlv2.flag = 0x0063; in _ip_cprb_helper()
1024 memcpy(preq_vud_block->tlv2.clr_key, clr_key_value, n); in _ip_cprb_helper()
1025 preqcblk->req_parml += preq_vud_block->len; in _ip_cprb_helper()
1029 (preqcblk->req_parmb + preqcblk->req_parml); in _ip_cprb_helper()
1031 preq_key_block->len = sizeof(struct key_block) + n; in _ip_cprb_helper()
1032 preq_key_block->tlv1.len = sizeof(preq_key_block->tlv1) + n; in _ip_cprb_helper()
1033 preq_key_block->tlv1.flag = 0x0030; in _ip_cprb_helper()
1034 memcpy(preq_key_block->tlv1.key_token, key_token, *key_token_size); in _ip_cprb_helper()
1035 preqcblk->req_parml += preq_key_block->len; in _ip_cprb_helper()
1049 if (prepcblk->ccp_rtcode != 0) { in _ip_cprb_helper()
1052 (int)prepcblk->ccp_rtcode, in _ip_cprb_helper()
1053 (int)prepcblk->ccp_rscode); in _ip_cprb_helper()
1054 rc = -EIO; in _ip_cprb_helper()
1060 prepcblk->rpl_parmb = (u8 __user *)ptr; in _ip_cprb_helper()
1064 if (prepparm->kb.len < 120 + 3 * sizeof(uint16_t) || in _ip_cprb_helper()
1065 prepparm->kb.len > 136 + 3 * sizeof(uint16_t)) { in _ip_cprb_helper()
1068 rc = -EIO; in _ip_cprb_helper()
1075 t = (struct cipherkeytoken *)prepparm->kb.tlv1.key_token; in _ip_cprb_helper()
1076 memcpy(key_token, t, t->len); in _ip_cprb_helper()
1077 *key_token_size = t->len; in _ip_cprb_helper()
1085 * Build CCA AES CIPHER secure key with a given clear key value.
1102 return -ENOMEM; in cca_clr2cipherkey()
1111 t->kmf1 |= (u16)(keygenflags & 0x0000FF00); in cca_clr2cipherkey()
1112 t->kmf1 &= (u16)~(keygenflags & 0x000000FF); in cca_clr2cipherkey()
1120 * 4/4 COMPLETE the secure cipher key import in cca_clr2cipherkey()
1129 rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL, in cca_clr2cipherkey()
1136 rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL, in cca_clr2cipherkey()
1154 rc = -EINVAL; in cca_clr2cipherkey()
1167 * Derive proteced key from CCA AES cipher secure key.
1219 int keytoklen = ((struct cipherkeytoken *)ckey)->len; in cca_cipher2protkey()
1227 preqcblk->domain = domain; in cca_cipher2protkey()
1230 preqparm = (struct aureqparm __force *)preqcblk->req_parmb; in cca_cipher2protkey()
1231 memcpy(preqparm->subfunc_code, "AU", 2); in cca_cipher2protkey()
1232 preqparm->rule_array_len = in cca_cipher2protkey()
1233 sizeof(preqparm->rule_array_len) in cca_cipher2protkey()
1234 + sizeof(preqparm->rule_array); in cca_cipher2protkey()
1235 memcpy(preqparm->rule_array, "EXPT-SK ", 8); in cca_cipher2protkey()
1237 preqparm->vud.len = sizeof(preqparm->vud); in cca_cipher2protkey()
1238 preqparm->vud.tk_blob_len = sizeof(preqparm->vud.tk_blob) in cca_cipher2protkey()
1240 preqparm->vud.tk_blob_tag = 0x00C2; in cca_cipher2protkey()
1242 preqparm->kb.len = keytoklen + 3 * sizeof(uint16_t); in cca_cipher2protkey()
1243 preqparm->kb.cca_key_token_len = keytoklen + 2 * sizeof(uint16_t); in cca_cipher2protkey()
1244 memcpy(preqparm->kb.cca_key_token, ckey, keytoklen); in cca_cipher2protkey()
1246 preqcblk->req_parml = sizeof(struct aureqparm) + keytoklen; in cca_cipher2protkey()
1260 if (prepcblk->ccp_rtcode != 0) { in cca_cipher2protkey()
1261 ZCRYPT_DBF_ERR("%s unwrap secure key failure, card response %d/%d\n", in cca_cipher2protkey()
1263 (int)prepcblk->ccp_rtcode, in cca_cipher2protkey()
1264 (int)prepcblk->ccp_rscode); in cca_cipher2protkey()
1265 if (prepcblk->ccp_rtcode == 8 && prepcblk->ccp_rscode == 2290) in cca_cipher2protkey()
1266 rc = -EBUSY; in cca_cipher2protkey()
1268 rc = -EIO; in cca_cipher2protkey()
1271 if (prepcblk->ccp_rscode != 0) { in cca_cipher2protkey()
1272 ZCRYPT_DBF_WARN("%s unwrap secure key warning, card response %d/%d\n", in cca_cipher2protkey()
1274 (int)prepcblk->ccp_rtcode, in cca_cipher2protkey()
1275 (int)prepcblk->ccp_rscode); in cca_cipher2protkey()
1280 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_cipher2protkey()
1284 if (prepparm->vud.ckb.version != 0x01 && in cca_cipher2protkey()
1285 prepparm->vud.ckb.version != 0x02) { in cca_cipher2protkey()
1287 __func__, (int)prepparm->vud.ckb.version); in cca_cipher2protkey()
1288 rc = -EIO; in cca_cipher2protkey()
1291 if (prepparm->vud.ckb.algo != 0x02) { in cca_cipher2protkey()
1293 __func__, (int)prepparm->vud.ckb.algo); in cca_cipher2protkey()
1294 rc = -EIO; in cca_cipher2protkey()
1299 switch (prepparm->vud.ckb.keylen) { in cca_cipher2protkey()
1317 __func__, prepparm->vud.ckb.keylen); in cca_cipher2protkey()
1318 rc = -EIO; in cca_cipher2protkey()
1321 memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen); in cca_cipher2protkey()
1323 *protkeylen = prepparm->vud.ckb.keylen; in cca_cipher2protkey()
1332 * Derive protected key from CCA ECC secure private key.
1382 int keylen = ((struct eccprivkeytoken *)key)->len; in cca_ecc2protkey()
1390 preqcblk->domain = domain; in cca_ecc2protkey()
1393 preqparm = (struct aureqparm __force *)preqcblk->req_parmb; in cca_ecc2protkey()
1394 memcpy(preqparm->subfunc_code, "AU", 2); in cca_ecc2protkey()
1395 preqparm->rule_array_len = in cca_ecc2protkey()
1396 sizeof(preqparm->rule_array_len) in cca_ecc2protkey()
1397 + sizeof(preqparm->rule_array); in cca_ecc2protkey()
1398 memcpy(preqparm->rule_array, "EXPT-SK ", 8); in cca_ecc2protkey()
1400 preqparm->vud.len = sizeof(preqparm->vud); in cca_ecc2protkey()
1401 preqparm->vud.tk_blob_len = sizeof(preqparm->vud.tk_blob) in cca_ecc2protkey()
1403 preqparm->vud.tk_blob_tag = 0x00C2; in cca_ecc2protkey()
1405 preqparm->kb.len = keylen + 3 * sizeof(uint16_t); in cca_ecc2protkey()
1406 preqparm->kb.cca_key_token_len = keylen + 2 * sizeof(uint16_t); in cca_ecc2protkey()
1407 memcpy(preqparm->kb.cca_key_token, key, keylen); in cca_ecc2protkey()
1409 preqcblk->req_parml = sizeof(struct aureqparm) + keylen; in cca_ecc2protkey()
1423 if (prepcblk->ccp_rtcode != 0) { in cca_ecc2protkey()
1424 ZCRYPT_DBF_ERR("%s unwrap secure key failure, card response %d/%d\n", in cca_ecc2protkey()
1426 (int)prepcblk->ccp_rtcode, in cca_ecc2protkey()
1427 (int)prepcblk->ccp_rscode); in cca_ecc2protkey()
1428 if (prepcblk->ccp_rtcode == 8 && prepcblk->ccp_rscode == 2290) in cca_ecc2protkey()
1429 rc = -EBUSY; in cca_ecc2protkey()
1431 rc = -EIO; in cca_ecc2protkey()
1434 if (prepcblk->ccp_rscode != 0) { in cca_ecc2protkey()
1435 ZCRYPT_DBF_WARN("%s unwrap secure key warning, card response %d/%d\n", in cca_ecc2protkey()
1437 (int)prepcblk->ccp_rtcode, in cca_ecc2protkey()
1438 (int)prepcblk->ccp_rscode); in cca_ecc2protkey()
1443 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_ecc2protkey()
1447 if (prepparm->vud.ckb.version != 0x02) { in cca_ecc2protkey()
1449 __func__, (int)prepparm->vud.ckb.version); in cca_ecc2protkey()
1450 rc = -EIO; in cca_ecc2protkey()
1453 if (prepparm->vud.ckb.algo != 0x81) { in cca_ecc2protkey()
1455 __func__, (int)prepparm->vud.ckb.algo); in cca_ecc2protkey()
1456 rc = -EIO; in cca_ecc2protkey()
1461 if (prepparm->vud.ckb.keylen > *protkeylen) { in cca_ecc2protkey()
1463 __func__, prepparm->vud.ckb.keylen, *protkeylen); in cca_ecc2protkey()
1464 rc = -EIO; in cca_ecc2protkey()
1467 memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen); in cca_ecc2protkey()
1468 *protkeylen = prepparm->vud.ckb.keylen; in cca_ecc2protkey()
1513 preqcblk->domain = domain; in cca_query_crypto_facility()
1516 preqparm = (struct fqreqparm __force *)preqcblk->req_parmb; in cca_query_crypto_facility()
1517 memcpy(preqparm->subfunc_code, "FQ", 2); in cca_query_crypto_facility()
1518 memcpy(preqparm->rule_array, keyword, sizeof(preqparm->rule_array)); in cca_query_crypto_facility()
1519 preqparm->rule_array_len = in cca_query_crypto_facility()
1520 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array); in cca_query_crypto_facility()
1521 preqparm->lv1.len = sizeof(preqparm->lv1); in cca_query_crypto_facility()
1522 preqparm->dummylen = sizeof(preqparm->dummylen); in cca_query_crypto_facility()
1523 preqcblk->req_parml = parmbsize; in cca_query_crypto_facility()
1537 if (prepcblk->ccp_rtcode != 0) { in cca_query_crypto_facility()
1538 ZCRYPT_DBF_ERR("%s unwrap secure key failure, card response %d/%d\n", in cca_query_crypto_facility()
1540 (int)prepcblk->ccp_rtcode, in cca_query_crypto_facility()
1541 (int)prepcblk->ccp_rscode); in cca_query_crypto_facility()
1542 rc = -EIO; in cca_query_crypto_facility()
1548 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_query_crypto_facility()
1550 ptr = prepparm->lvdata; in cca_query_crypto_facility()
1556 len -= sizeof(u16); in cca_query_crypto_facility()
1567 len -= sizeof(u16); in cca_query_crypto_facility()
1583 int rc = -ENOENT; in cca_info_cache_fetch()
1588 if (ptr->cardnr == cardnr && ptr->domain == domain) { in cca_info_cache_fetch()
1589 memcpy(ci, &ptr->info, sizeof(*ci)); in cca_info_cache_fetch()
1607 if (ptr->cardnr == cardnr && in cca_info_cache_update()
1608 ptr->domain == domain) { in cca_info_cache_update()
1609 memcpy(&ptr->info, ci, sizeof(*ci)); in cca_info_cache_update()
1620 ptr->cardnr = cardnr; in cca_info_cache_update()
1621 ptr->domain = domain; in cca_info_cache_update()
1622 memcpy(&ptr->info, ci, sizeof(*ci)); in cca_info_cache_update()
1623 list_add(&ptr->list, &cca_info_list); in cca_info_cache_update()
1634 if (ptr->cardnr == cardnr && in cca_info_cache_scrub()
1635 ptr->domain == domain) { in cca_info_cache_scrub()
1636 list_del(&ptr->list); in cca_info_cache_scrub()
1650 list_del(&ptr->list); in mkvp_cache_free()
1672 ci->hwtype = devstat.hwtype; in fetch_cca_info()
1677 return -ENOMEM; in fetch_cca_info()
1686 memcpy(ci->serial, rarray, 8); in fetch_cca_info()
1687 ci->new_asym_mk_state = (char)rarray[4 * 8]; in fetch_cca_info()
1688 ci->cur_asym_mk_state = (char)rarray[5 * 8]; in fetch_cca_info()
1689 ci->old_asym_mk_state = (char)rarray[6 * 8]; in fetch_cca_info()
1690 if (ci->old_asym_mk_state == '2') in fetch_cca_info()
1691 memcpy(ci->old_asym_mkvp, varray + 64, 16); in fetch_cca_info()
1692 if (ci->cur_asym_mk_state == '2') in fetch_cca_info()
1693 memcpy(ci->cur_asym_mkvp, varray + 84, 16); in fetch_cca_info()
1694 if (ci->new_asym_mk_state == '3') in fetch_cca_info()
1695 memcpy(ci->new_asym_mkvp, varray + 104, 16); in fetch_cca_info()
1696 ci->new_aes_mk_state = (char)rarray[7 * 8]; in fetch_cca_info()
1697 ci->cur_aes_mk_state = (char)rarray[8 * 8]; in fetch_cca_info()
1698 ci->old_aes_mk_state = (char)rarray[9 * 8]; in fetch_cca_info()
1699 if (ci->old_aes_mk_state == '2') in fetch_cca_info()
1700 memcpy(&ci->old_aes_mkvp, varray + 172, 8); in fetch_cca_info()
1701 if (ci->cur_aes_mk_state == '2') in fetch_cca_info()
1702 memcpy(&ci->cur_aes_mkvp, varray + 184, 8); in fetch_cca_info()
1703 if (ci->new_aes_mk_state == '3') in fetch_cca_info()
1704 memcpy(&ci->new_aes_mkvp, varray + 196, 8); in fetch_cca_info()
1713 ci->new_apka_mk_state = (char)rarray[10 * 8]; in fetch_cca_info()
1714 ci->cur_apka_mk_state = (char)rarray[11 * 8]; in fetch_cca_info()
1715 ci->old_apka_mk_state = (char)rarray[12 * 8]; in fetch_cca_info()
1716 if (ci->old_apka_mk_state == '2') in fetch_cca_info()
1717 memcpy(&ci->old_apka_mkvp, varray + 208, 8); in fetch_cca_info()
1718 if (ci->cur_apka_mk_state == '2') in fetch_cca_info()
1719 memcpy(&ci->cur_apka_mkvp, varray + 220, 8); in fetch_cca_info()
1720 if (ci->new_apka_mk_state == '3') in fetch_cca_info()
1721 memcpy(&ci->new_apka_mkvp, varray + 232, 8); in fetch_cca_info()
1727 return found == 2 ? 0 : -ENOENT; in fetch_cca_info()
1758 int i, rc, oi = -1; in findcard()
1762 return -EINVAL; in findcard()
1769 return -ENOMEM; in findcard()
1835 rc = -ENODEV; in findcard()
1844 * Verification Pattern provided inside a secure key token.
1852 if (hdr->type != TOKTYPE_CCA_INTERNAL) in cca_findcard()
1853 return -EINVAL; in cca_findcard()
1855 switch (hdr->version) { in cca_findcard()
1857 mkvp = ((struct secaeskeytoken *)key)->mkvp; in cca_findcard()
1860 mkvp = ((struct cipherkeytoken *)key)->mkvp0; in cca_findcard()
1864 return -EINVAL; in cca_findcard()
1885 return -ENOMEM; in cca_findcard2()
1892 return -ENOMEM; in cca_findcard2()
1949 rc = -ENODEV; in cca_findcard2()
1951 /* no re-allocation, simple return the _apqns array */ in cca_findcard2()