xref: /linux/drivers/s390/crypto/zcrypt_ccamisc.h (revision 3fd6c59042dbba50391e30862beac979491145fe) 
1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  *  Copyright IBM Corp. 2019
4  *  Author(s): Harald Freudenberger <freude@linux.ibm.com>
5  *	       Ingo Franzki <ifranzki@linux.ibm.com>
6  *
7  *  Collection of CCA misc functions used by zcrypt and pkey
8  */
9 
10 #ifndef _ZCRYPT_CCAMISC_H_
11 #define _ZCRYPT_CCAMISC_H_
12 
13 #include <asm/zcrypt.h>
14 #include <asm/pkey.h>
15 #include "zcrypt_api.h"
16 
17 /* Key token types */
18 #define TOKTYPE_NON_CCA		 0x00 /* Non-CCA key token */
19 #define TOKTYPE_CCA_INTERNAL	 0x01 /* CCA internal sym key token */
20 #define TOKTYPE_CCA_INTERNAL_PKA 0x1f /* CCA internal asym key token */
21 
22 /* For TOKTYPE_NON_CCA: */
23 #define TOKVER_PROTECTED_KEY	0x01 /* Protected key token */
24 #define TOKVER_CLEAR_KEY	0x02 /* Clear key token */
25 
26 /* For TOKTYPE_CCA_INTERNAL: */
27 #define TOKVER_CCA_AES		0x04 /* CCA AES key token */
28 #define TOKVER_CCA_VLSC		0x05 /* var length sym cipher key token */
29 
30 /* Max size of a cca variable length cipher key token */
31 #define MAXCCAVLSCTOKENSIZE 725
32 
33 /* header part of a CCA key token */
34 struct keytoken_header {
35 	u8  type;     /* one of the TOKTYPE values */
36 	u8  res0[1];
37 	u16 len;      /* vlsc token: total length in bytes */
38 	u8  version;  /* one of the TOKVER values */
39 	u8  res1[3];
40 } __packed;
41 
42 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
43 struct secaeskeytoken {
44 	u8  type;     /* 0x01 for internal key token */
45 	u8  res0[3];
46 	u8  version;  /* should be 0x04 */
47 	u8  res1[1];
48 	u8  flag;     /* key flags */
49 	u8  res2[1];
50 	u64 mkvp;     /* master key verification pattern */
51 	u8  key[32];  /* key value (encrypted) */
52 	u8  cv[8];    /* control vector */
53 	u16 bitsize;  /* key bit size */
54 	u16 keysize;  /* key byte size */
55 	u8  tvv[4];   /* token validation value */
56 } __packed;
57 
58 /* inside view of a variable length symmetric cipher AES key token */
59 struct cipherkeytoken {
60 	u8  type;     /* 0x01 for internal key token */
61 	u8  res0[1];
62 	u16 len;      /* total key token length in bytes */
63 	u8  version;  /* should be 0x05 */
64 	u8  res1[3];
65 	u8  kms;      /* key material state, 0x03 means wrapped with MK */
66 	u8  kvpt;     /* key verification pattern type, should be 0x01 */
67 	u64 mkvp0;    /* master key verification pattern, lo part */
68 	u64 mkvp1;    /* master key verification pattern, hi part (unused) */
69 	u8  eskwm;    /* encrypted section key wrapping method */
70 	u8  hashalg;  /* hash algorithmus used for wrapping key */
71 	u8  plfver;   /* pay load format version */
72 	u8  res2[1];
73 	u8  adsver;   /* associated data section version */
74 	u8  res3[1];
75 	u16 adslen;   /* associated data section length */
76 	u8  kllen;    /* optional key label length */
77 	u8  ieaslen;  /* optional extended associated data length */
78 	u8  uadlen;   /* optional user definable associated data length */
79 	u8  res4[1];
80 	u16 wpllen;   /* wrapped payload length in bits: */
81 		      /*   plfver  0x00 0x01		 */
82 		      /*   AES-128  512  640		 */
83 		      /*   AES-192  576  640		 */
84 		      /*   AES-256  640  640		 */
85 	u8  res5[1];
86 	u8  algtype;  /* 0x02 for AES cipher */
87 	u16 keytype;  /* 0x0001 for 'cipher' */
88 	u8  kufc;     /* key usage field count */
89 	u16 kuf1;     /* key usage field 1 */
90 	u16 kuf2;     /* key usage field 2 */
91 	u8  kmfc;     /* key management field count */
92 	u16 kmf1;     /* key management field 1 */
93 	u16 kmf2;     /* key management field 2 */
94 	u16 kmf3;     /* key management field 3 */
95 	u8  vdata[]; /* variable part data follows */
96 } __packed;
97 
98 /* inside view of an CCA secure ECC private key */
99 struct eccprivkeytoken {
100 	u8  type;     /* 0x1f for internal asym key token */
101 	u8  version;  /* should be 0x00 */
102 	u16 len;      /* total key token length in bytes */
103 	u8  res1[4];
104 	u8  secid;    /* 0x20 for ECC priv key section marker */
105 	u8  secver;   /* section version */
106 	u16 seclen;   /* section length */
107 	u8  wtype;    /* wrapping method, 0x00 clear, 0x01 AES */
108 	u8  htype;    /* hash method, 0x02 for SHA-256 */
109 	u8  res2[2];
110 	u8  kutc;     /* key usage and translation control */
111 	u8  ctype;    /* curve type */
112 	u8  kfs;      /* key format and security */
113 	u8  ksrc;     /* key source */
114 	u16 pbitlen;  /* length of prime p in bits */
115 	u16 ibmadlen; /* IBM associated data length in bytes */
116 	u64 mkvp;     /* master key verification pattern */
117 	u8  opk[48];  /* encrypted object protection key data */
118 	u16 adatalen; /* associated data length in bytes */
119 	u16 fseclen;  /* formatted section length in bytes */
120 	u8  more_data[]; /* more data follows */
121 } __packed;
122 
123 /* Some defines for the CCA AES cipherkeytoken kmf1 field */
124 #define KMF1_XPRT_SYM  0x8000
125 #define KMF1_XPRT_UASY 0x4000
126 #define KMF1_XPRT_AASY 0x2000
127 #define KMF1_XPRT_RAW  0x1000
128 #define KMF1_XPRT_CPAC 0x0800
129 #define KMF1_XPRT_DES  0x0080
130 #define KMF1_XPRT_AES  0x0040
131 #define KMF1_XPRT_RSA  0x0008
132 
133 /*
134  * Simple check if the token is a valid CCA secure AES data key
135  * token. If keybitsize is given, the bitsize of the key is
136  * also checked. Returns 0 on success or errno value on failure.
137  */
138 int cca_check_secaeskeytoken(debug_info_t *dbg, int dbflvl,
139 			     const u8 *token, int keybitsize);
140 
141 /*
142  * Simple check if the token is a valid CCA secure AES cipher key
143  * token. If keybitsize is given, the bitsize of the key is
144  * also checked. If checkcpacfexport is enabled, the key is also
145  * checked for the export flag to allow CPACF export.
146  * Returns 0 on success or errno value on failure.
147  */
148 int cca_check_secaescipherkey(debug_info_t *dbg, int dbflvl,
149 			      const u8 *token, int keybitsize,
150 			      int checkcpacfexport);
151 
152 /*
153  * Simple check if the token is a valid CCA secure ECC private
154  * key token. Returns 0 on success or errno value on failure.
155  */
156 int cca_check_sececckeytoken(debug_info_t *dbg, int dbflvl,
157 			     const u8 *token, u32 keysize,
158 			     int checkcpacfexport);
159 
160 /*
161  * Generate (random) CCA AES DATA secure key.
162  */
163 int cca_genseckey(u16 cardnr, u16 domain, u32 keybitsize, u8 *seckey);
164 
165 /*
166  * Generate CCA AES DATA secure key with given clear key value.
167  */
168 int cca_clr2seckey(u16 cardnr, u16 domain, u32 keybitsize,
169 		   const u8 *clrkey, u8 *seckey);
170 
171 /*
172  * Derive proteced key from an CCA AES DATA secure key.
173  */
174 int cca_sec2protkey(u16 cardnr, u16 domain,
175 		    const u8 *seckey, u8 *protkey, u32 *protkeylen,
176 		    u32 *protkeytype);
177 
178 /*
179  * Generate (random) CCA AES CIPHER secure key.
180  */
181 int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
182 		     u8 *keybuf, u32 *keybufsize);
183 
184 /*
185  * Derive proteced key from CCA AES cipher secure key.
186  */
187 int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey,
188 		       u8 *protkey, u32 *protkeylen, u32 *protkeytype);
189 
190 /*
191  * Build CCA AES CIPHER secure key with a given clear key value.
192  */
193 int cca_clr2cipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
194 		      const u8 *clrkey, u8 *keybuf, u32 *keybufsize);
195 
196 /*
197  * Derive proteced key from CCA ECC secure private key.
198  */
199 int cca_ecc2protkey(u16 cardnr, u16 domain, const u8 *key,
200 		    u8 *protkey, u32 *protkeylen, u32 *protkeytype);
201 
202 /*
203  * Query cryptographic facility from CCA adapter
204  */
205 int cca_query_crypto_facility(u16 cardnr, u16 domain,
206 			      const char *keyword,
207 			      u8 *rarray, size_t *rarraylen,
208 			      u8 *varray, size_t *varraylen);
209 
210 /*
211  * Search for a matching crypto card based on the Master Key
212  * Verification Pattern provided inside a secure key.
213  * Works with CCA AES data and cipher keys.
214  * Returns < 0 on failure, 0 if CURRENT MKVP matches and
215  * 1 if OLD MKVP matches.
216  */
217 int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify);
218 
219 /*
220  * Build a list of cca apqns meeting the following constrains:
221  * - apqn is online and is in fact a CCA apqn
222  * - if cardnr is not FFFF only apqns with this cardnr
223  * - if domain is not FFFF only apqns with this domainnr
224  * - if minhwtype > 0 only apqns with hwtype >= minhwtype
225  * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp
226  * - if old_mkvp != 0 only apqns where old_mkvp == mkvp
227  * - if verify is enabled and a cur_mkvp and/or old_mkvp
228  *   value is given, then refetch the cca_info and make sure the current
229  *   cur_mkvp or old_mkvp values of the apqn are used.
230  * The mktype determines which set of master keys to use:
231  *   0 = AES_MK_SET - AES MK set, 1 = APKA MK_SET - APKA MK set
232  * The array of apqn entries is allocated with kmalloc and returned in *apqns;
233  * the number of apqns stored into the list is returned in *nr_apqns. One apqn
234  * entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and
235  * may be casted to struct pkey_apqn. The return value is either 0 for success
236  * or a negative errno value. If no apqn meeting the criteria is found,
237  * -ENODEV is returned.
238  */
239 int cca_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
240 		  int minhwtype, int mktype, u64 cur_mkvp, u64 old_mkvp,
241 		  int verify);
242 
243 #define AES_MK_SET  0
244 #define APKA_MK_SET 1
245 
246 /* struct to hold info for each CCA queue */
247 struct cca_info {
248 	int  hwtype;		/* one of the defined AP_DEVICE_TYPE_* */
249 	char new_aes_mk_state;	/* '1' empty, '2' partially full, '3' full */
250 	char cur_aes_mk_state;	/* '1' invalid, '2' valid */
251 	char old_aes_mk_state;	/* '1' invalid, '2' valid */
252 	char new_apka_mk_state; /* '1' empty, '2' partially full, '3' full */
253 	char cur_apka_mk_state; /* '1' invalid, '2' valid */
254 	char old_apka_mk_state; /* '1' invalid, '2' valid */
255 	char new_asym_mk_state;	/* '1' empty, '2' partially full, '3' full */
256 	char cur_asym_mk_state;	/* '1' invalid, '2' valid */
257 	char old_asym_mk_state;	/* '1' invalid, '2' valid */
258 	u64  new_aes_mkvp;	/* truncated sha256 of new aes master key */
259 	u64  cur_aes_mkvp;	/* truncated sha256 of current aes master key */
260 	u64  old_aes_mkvp;	/* truncated sha256 of old aes master key */
261 	u64  new_apka_mkvp;	/* truncated sha256 of new apka master key */
262 	u64  cur_apka_mkvp;	/* truncated sha256 of current apka mk */
263 	u64  old_apka_mkvp;	/* truncated sha256 of old apka mk */
264 	u8   new_asym_mkvp[16];	/* verify pattern of new asym master key */
265 	u8   cur_asym_mkvp[16];	/* verify pattern of current asym master key */
266 	u8   old_asym_mkvp[16];	/* verify pattern of old asym master key */
267 	char serial[9];		/* serial number (8 ascii numbers + 0x00) */
268 };
269 
270 /*
271  * Fetch cca information about an CCA queue.
272  */
273 int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify);
274 
275 void zcrypt_ccamisc_exit(void);
276 
277 #endif /* _ZCRYPT_CCAMISC_H_ */
278