1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * pkey device driver 4 * 5 * Copyright IBM Corp. 2017, 2023 6 * 7 * Author(s): Harald Freudenberger 8 */ 9 10 #define KMSG_COMPONENT "pkey" 11 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 12 13 #include <linux/init.h> 14 #include <linux/miscdevice.h> 15 #include <linux/export.h> 16 #include <linux/slab.h> 17 18 #include "zcrypt_api.h" 19 #include "zcrypt_ccamisc.h" 20 21 #include "pkey_base.h" 22 23 /* 24 * Helper functions 25 */ 26 static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 27 const u8 *key, size_t keylen, 28 u8 *protkey, u32 *protkeylen, u32 *protkeytype, 29 u32 xflags) 30 { 31 int rc; 32 33 /* try the direct way */ 34 rc = pkey_handler_key_to_protkey(apqns, nr_apqns, 35 key, keylen, 36 protkey, protkeylen, 37 protkeytype, xflags); 38 39 /* if this did not work, try the slowpath way */ 40 if (rc == -ENODEV) { 41 rc = pkey_handler_slowpath_key_to_protkey(apqns, nr_apqns, 42 key, keylen, 43 protkey, protkeylen, 44 protkeytype, xflags); 45 if (rc) 46 rc = -ENODEV; 47 } 48 49 pr_debug("rc=%d\n", rc); 50 return rc; 51 } 52 53 /* 54 * In-Kernel function: Transform a key blob (of any type) into a protected key 55 */ 56 int pkey_key2protkey(const u8 *key, u32 keylen, 57 u8 *protkey, u32 *protkeylen, u32 *protkeytype, u32 xflags) 58 { 59 int rc; 60 61 rc = key2protkey(NULL, 0, key, keylen, 62 protkey, protkeylen, protkeytype, xflags); 63 if (rc == -ENODEV) { 64 pkey_handler_request_modules(); 65 rc = key2protkey(NULL, 0, key, keylen, 66 protkey, protkeylen, protkeytype, xflags); 67 } 68 69 return rc; 70 } 71 EXPORT_SYMBOL(pkey_key2protkey); 72 73 /* 74 * Ioctl functions 75 */ 76 77 static void *_copy_key_from_user(void __user *ukey, size_t keylen) 78 { 79 if (!ukey || keylen < MINKEYBLOBBUFSIZE || keylen > KEYBLOBBUFSIZE) 80 return ERR_PTR(-EINVAL); 81 82 return memdup_user(ukey, keylen); 83 } 84 85 static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns) 86 { 87 if (!uapqns || nr_apqns == 0) 88 return NULL; 89 90 return memdup_array_user(uapqns, nr_apqns, sizeof(struct pkey_apqn)); 91 } 92 93 static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs) 94 { 95 struct pkey_genseck kgs; 96 struct pkey_apqn apqn; 97 u32 keybuflen; 98 int rc; 99 100 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 101 return -EFAULT; 102 103 apqn.card = kgs.cardnr; 104 apqn.domain = kgs.domain; 105 keybuflen = sizeof(kgs.seckey.seckey); 106 rc = pkey_handler_gen_key(&apqn, 1, 107 kgs.keytype, PKEY_TYPE_CCA_DATA, 0, 0, 108 kgs.seckey.seckey, &keybuflen, NULL, 0); 109 pr_debug("gen_key()=%d\n", rc); 110 if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs))) 111 rc = -EFAULT; 112 memzero_explicit(&kgs, sizeof(kgs)); 113 114 return rc; 115 } 116 117 static int pkey_ioctl_clr2seck(struct pkey_clr2seck __user *ucs) 118 { 119 struct pkey_clr2seck kcs; 120 struct pkey_apqn apqn; 121 u32 keybuflen; 122 int rc; 123 124 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 125 return -EFAULT; 126 127 apqn.card = kcs.cardnr; 128 apqn.domain = kcs.domain; 129 keybuflen = sizeof(kcs.seckey.seckey); 130 rc = pkey_handler_clr_to_key(&apqn, 1, 131 kcs.keytype, PKEY_TYPE_CCA_DATA, 0, 0, 132 kcs.clrkey.clrkey, 133 pkey_keytype_aes_to_size(kcs.keytype), 134 kcs.seckey.seckey, &keybuflen, NULL, 0); 135 pr_debug("clr_to_key()=%d\n", rc); 136 if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs))) 137 rc = -EFAULT; 138 memzero_explicit(&kcs, sizeof(kcs)); 139 140 return rc; 141 } 142 143 static int pkey_ioctl_sec2protk(struct pkey_sec2protk __user *usp) 144 { 145 struct pkey_sec2protk ksp; 146 struct pkey_apqn apqn; 147 int rc; 148 149 if (copy_from_user(&ksp, usp, sizeof(ksp))) 150 return -EFAULT; 151 152 apqn.card = ksp.cardnr; 153 apqn.domain = ksp.domain; 154 ksp.protkey.len = sizeof(ksp.protkey.protkey); 155 rc = pkey_handler_key_to_protkey(&apqn, 1, 156 ksp.seckey.seckey, 157 sizeof(ksp.seckey.seckey), 158 ksp.protkey.protkey, 159 &ksp.protkey.len, &ksp.protkey.type, 160 0); 161 pr_debug("key_to_protkey()=%d\n", rc); 162 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp))) 163 rc = -EFAULT; 164 memzero_explicit(&ksp, sizeof(ksp)); 165 166 return rc; 167 } 168 169 static int pkey_ioctl_clr2protk(struct pkey_clr2protk __user *ucp) 170 { 171 struct pkey_clr2protk kcp; 172 struct clearkeytoken *t; 173 u32 keylen; 174 u8 *tmpbuf; 175 int rc; 176 177 if (copy_from_user(&kcp, ucp, sizeof(kcp))) 178 return -EFAULT; 179 180 /* build a 'clear key token' from the clear key value */ 181 keylen = pkey_keytype_aes_to_size(kcp.keytype); 182 if (!keylen) { 183 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 184 __func__, kcp.keytype); 185 memzero_explicit(&kcp, sizeof(kcp)); 186 return -EINVAL; 187 } 188 tmpbuf = kzalloc(sizeof(*t) + keylen, GFP_KERNEL); 189 if (!tmpbuf) { 190 memzero_explicit(&kcp, sizeof(kcp)); 191 return -ENOMEM; 192 } 193 t = (struct clearkeytoken *)tmpbuf; 194 t->type = TOKTYPE_NON_CCA; 195 t->version = TOKVER_CLEAR_KEY; 196 t->keytype = (keylen - 8) >> 3; 197 t->len = keylen; 198 memcpy(t->clearkey, kcp.clrkey.clrkey, keylen); 199 kcp.protkey.len = sizeof(kcp.protkey.protkey); 200 201 rc = key2protkey(NULL, 0, 202 tmpbuf, sizeof(*t) + keylen, 203 kcp.protkey.protkey, 204 &kcp.protkey.len, &kcp.protkey.type, 0); 205 pr_debug("key2protkey()=%d\n", rc); 206 207 kfree_sensitive(tmpbuf); 208 209 if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp))) 210 rc = -EFAULT; 211 memzero_explicit(&kcp, sizeof(kcp)); 212 213 return rc; 214 } 215 216 static int pkey_ioctl_findcard(struct pkey_findcard __user *ufc) 217 { 218 struct pkey_findcard kfc; 219 struct pkey_apqn *apqns; 220 size_t nr_apqns; 221 int rc; 222 223 if (copy_from_user(&kfc, ufc, sizeof(kfc))) 224 return -EFAULT; 225 226 nr_apqns = MAXAPQNSINLIST; 227 apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL); 228 if (!apqns) 229 return -ENOMEM; 230 231 rc = pkey_handler_apqns_for_key(kfc.seckey.seckey, 232 sizeof(kfc.seckey.seckey), 233 PKEY_FLAGS_MATCH_CUR_MKVP, 234 apqns, &nr_apqns, 0); 235 if (rc == -ENODEV) 236 rc = pkey_handler_apqns_for_key(kfc.seckey.seckey, 237 sizeof(kfc.seckey.seckey), 238 PKEY_FLAGS_MATCH_ALT_MKVP, 239 apqns, &nr_apqns, 0); 240 pr_debug("apqns_for_key()=%d\n", rc); 241 if (rc) { 242 kfree(apqns); 243 return rc; 244 } 245 kfc.cardnr = apqns[0].card; 246 kfc.domain = apqns[0].domain; 247 kfree(apqns); 248 if (copy_to_user(ufc, &kfc, sizeof(kfc))) 249 return -EFAULT; 250 251 return 0; 252 } 253 254 static int pkey_ioctl_skey2pkey(struct pkey_skey2pkey __user *usp) 255 { 256 struct pkey_skey2pkey ksp; 257 int rc; 258 259 if (copy_from_user(&ksp, usp, sizeof(ksp))) 260 return -EFAULT; 261 262 ksp.protkey.len = sizeof(ksp.protkey.protkey); 263 rc = pkey_handler_key_to_protkey(NULL, 0, 264 ksp.seckey.seckey, 265 sizeof(ksp.seckey.seckey), 266 ksp.protkey.protkey, 267 &ksp.protkey.len, 268 &ksp.protkey.type, 0); 269 pr_debug("key_to_protkey()=%d\n", rc); 270 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp))) 271 rc = -EFAULT; 272 memzero_explicit(&ksp, sizeof(ksp)); 273 274 return rc; 275 } 276 277 static int pkey_ioctl_verifykey(struct pkey_verifykey __user *uvk) 278 { 279 u32 keytype, keybitsize, flags; 280 struct pkey_verifykey kvk; 281 int rc; 282 283 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 284 return -EFAULT; 285 286 kvk.cardnr = 0xFFFF; 287 kvk.domain = 0xFFFF; 288 rc = pkey_handler_verify_key(kvk.seckey.seckey, 289 sizeof(kvk.seckey.seckey), 290 &kvk.cardnr, &kvk.domain, 291 &keytype, &keybitsize, &flags, 0); 292 pr_debug("verify_key()=%d\n", rc); 293 if (!rc && keytype != PKEY_TYPE_CCA_DATA) 294 rc = -EINVAL; 295 kvk.attributes = PKEY_VERIFY_ATTR_AES; 296 kvk.keysize = (u16)keybitsize; 297 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 298 kvk.attributes |= PKEY_VERIFY_ATTR_OLD_MKVP; 299 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk))) 300 rc = -EFAULT; 301 memzero_explicit(&kvk, sizeof(kvk)); 302 303 return rc; 304 } 305 306 static int pkey_ioctl_genprotk(struct pkey_genprotk __user *ugp) 307 { 308 struct pkey_genprotk kgp; 309 int rc; 310 311 if (copy_from_user(&kgp, ugp, sizeof(kgp))) 312 return -EFAULT; 313 314 kgp.protkey.len = sizeof(kgp.protkey.protkey); 315 rc = pkey_handler_gen_key(NULL, 0, kgp.keytype, 316 PKEY_TYPE_PROTKEY, 0, 0, 317 kgp.protkey.protkey, &kgp.protkey.len, 318 &kgp.protkey.type, 0); 319 pr_debug("gen_key()=%d\n", rc); 320 if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp))) 321 rc = -EFAULT; 322 memzero_explicit(&kgp, sizeof(kgp)); 323 324 return rc; 325 } 326 327 static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp) 328 { 329 struct pkey_verifyprotk kvp; 330 struct protaeskeytoken *t; 331 u32 keytype; 332 u8 *tmpbuf; 333 int rc; 334 335 if (copy_from_user(&kvp, uvp, sizeof(kvp))) 336 return -EFAULT; 337 338 keytype = pkey_aes_bitsize_to_keytype(8 * kvp.protkey.len); 339 if (!keytype) { 340 PKEY_DBF_ERR("%s unknown/unsupported protkey length %u\n", 341 __func__, kvp.protkey.len); 342 memzero_explicit(&kvp, sizeof(kvp)); 343 return -EINVAL; 344 } 345 346 /* build a 'protected key token' from the raw protected key */ 347 tmpbuf = kzalloc(sizeof(*t), GFP_KERNEL); 348 if (!tmpbuf) { 349 memzero_explicit(&kvp, sizeof(kvp)); 350 return -ENOMEM; 351 } 352 t = (struct protaeskeytoken *)tmpbuf; 353 t->type = TOKTYPE_NON_CCA; 354 t->version = TOKVER_PROTECTED_KEY; 355 t->keytype = keytype; 356 t->len = kvp.protkey.len; 357 memcpy(t->protkey, kvp.protkey.protkey, kvp.protkey.len); 358 359 rc = pkey_handler_verify_key(tmpbuf, sizeof(*t), 360 NULL, NULL, NULL, NULL, NULL, 0); 361 pr_debug("verify_key()=%d\n", rc); 362 363 kfree_sensitive(tmpbuf); 364 memzero_explicit(&kvp, sizeof(kvp)); 365 366 return rc; 367 } 368 369 static int pkey_ioctl_kblob2protk(struct pkey_kblob2pkey __user *utp) 370 { 371 struct pkey_kblob2pkey ktp; 372 u8 *kkey; 373 int rc; 374 375 if (copy_from_user(&ktp, utp, sizeof(ktp))) 376 return -EFAULT; 377 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 378 if (IS_ERR(kkey)) 379 return PTR_ERR(kkey); 380 ktp.protkey.len = sizeof(ktp.protkey.protkey); 381 rc = key2protkey(NULL, 0, kkey, ktp.keylen, 382 ktp.protkey.protkey, &ktp.protkey.len, 383 &ktp.protkey.type, 0); 384 pr_debug("key2protkey()=%d\n", rc); 385 kfree_sensitive(kkey); 386 if (!rc && copy_to_user(utp, &ktp, sizeof(ktp))) 387 rc = -EFAULT; 388 memzero_explicit(&ktp, sizeof(ktp)); 389 390 return rc; 391 } 392 393 static int pkey_ioctl_genseck2(struct pkey_genseck2 __user *ugs) 394 { 395 u32 klen = KEYBLOBBUFSIZE; 396 struct pkey_genseck2 kgs; 397 struct pkey_apqn *apqns; 398 u8 *kkey; 399 int rc; 400 u32 u; 401 402 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 403 return -EFAULT; 404 u = pkey_aes_bitsize_to_keytype(kgs.size); 405 if (!u) { 406 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 407 __func__, kgs.size); 408 return -EINVAL; 409 } 410 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries); 411 if (IS_ERR(apqns)) 412 return PTR_ERR(apqns); 413 kkey = kzalloc(klen, GFP_KERNEL); 414 if (!kkey) { 415 kfree(apqns); 416 return -ENOMEM; 417 } 418 rc = pkey_handler_gen_key(apqns, kgs.apqn_entries, 419 u, kgs.type, kgs.size, kgs.keygenflags, 420 kkey, &klen, NULL, 0); 421 pr_debug("gen_key()=%d\n", rc); 422 kfree(apqns); 423 if (rc) { 424 kfree_sensitive(kkey); 425 return rc; 426 } 427 if (kgs.key) { 428 if (kgs.keylen < klen) { 429 kfree_sensitive(kkey); 430 return -EINVAL; 431 } 432 if (copy_to_user(kgs.key, kkey, klen)) { 433 kfree_sensitive(kkey); 434 return -EFAULT; 435 } 436 } 437 kgs.keylen = klen; 438 if (copy_to_user(ugs, &kgs, sizeof(kgs))) 439 rc = -EFAULT; 440 kfree_sensitive(kkey); 441 442 return rc; 443 } 444 445 static int pkey_ioctl_clr2seck2(struct pkey_clr2seck2 __user *ucs) 446 { 447 u32 klen = KEYBLOBBUFSIZE; 448 struct pkey_clr2seck2 kcs; 449 struct pkey_apqn *apqns; 450 u8 *kkey; 451 int rc; 452 u32 u; 453 454 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 455 return -EFAULT; 456 u = pkey_aes_bitsize_to_keytype(kcs.size); 457 if (!u) { 458 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 459 __func__, kcs.size); 460 memzero_explicit(&kcs, sizeof(kcs)); 461 return -EINVAL; 462 } 463 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); 464 if (IS_ERR(apqns)) { 465 memzero_explicit(&kcs, sizeof(kcs)); 466 return PTR_ERR(apqns); 467 } 468 kkey = kzalloc(klen, GFP_KERNEL); 469 if (!kkey) { 470 kfree(apqns); 471 memzero_explicit(&kcs, sizeof(kcs)); 472 return -ENOMEM; 473 } 474 rc = pkey_handler_clr_to_key(apqns, kcs.apqn_entries, 475 u, kcs.type, kcs.size, kcs.keygenflags, 476 kcs.clrkey.clrkey, kcs.size / 8, 477 kkey, &klen, NULL, 0); 478 pr_debug("clr_to_key()=%d\n", rc); 479 kfree(apqns); 480 if (rc) { 481 kfree_sensitive(kkey); 482 memzero_explicit(&kcs, sizeof(kcs)); 483 return rc; 484 } 485 if (kcs.key) { 486 if (kcs.keylen < klen) { 487 kfree_sensitive(kkey); 488 memzero_explicit(&kcs, sizeof(kcs)); 489 return -EINVAL; 490 } 491 if (copy_to_user(kcs.key, kkey, klen)) { 492 kfree_sensitive(kkey); 493 memzero_explicit(&kcs, sizeof(kcs)); 494 return -EFAULT; 495 } 496 } 497 kcs.keylen = klen; 498 if (copy_to_user(ucs, &kcs, sizeof(kcs))) 499 rc = -EFAULT; 500 memzero_explicit(&kcs, sizeof(kcs)); 501 kfree_sensitive(kkey); 502 503 return rc; 504 } 505 506 static int pkey_ioctl_verifykey2(struct pkey_verifykey2 __user *uvk) 507 { 508 struct pkey_verifykey2 kvk; 509 u8 *kkey; 510 int rc; 511 512 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 513 return -EFAULT; 514 kkey = _copy_key_from_user(kvk.key, kvk.keylen); 515 if (IS_ERR(kkey)) 516 return PTR_ERR(kkey); 517 518 rc = pkey_handler_verify_key(kkey, kvk.keylen, 519 &kvk.cardnr, &kvk.domain, 520 &kvk.type, &kvk.size, &kvk.flags, 0); 521 pr_debug("verify_key()=%d\n", rc); 522 523 kfree_sensitive(kkey); 524 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk))) 525 return -EFAULT; 526 527 return rc; 528 } 529 530 static int pkey_ioctl_kblob2protk2(struct pkey_kblob2pkey2 __user *utp) 531 { 532 struct pkey_apqn *apqns = NULL; 533 struct pkey_kblob2pkey2 ktp; 534 u8 *kkey; 535 int rc; 536 537 if (copy_from_user(&ktp, utp, sizeof(ktp))) 538 return -EFAULT; 539 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries); 540 if (IS_ERR(apqns)) 541 return PTR_ERR(apqns); 542 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 543 if (IS_ERR(kkey)) { 544 kfree(apqns); 545 return PTR_ERR(kkey); 546 } 547 ktp.protkey.len = sizeof(ktp.protkey.protkey); 548 rc = key2protkey(apqns, ktp.apqn_entries, kkey, ktp.keylen, 549 ktp.protkey.protkey, &ktp.protkey.len, 550 &ktp.protkey.type, 0); 551 pr_debug("key2protkey()=%d\n", rc); 552 kfree(apqns); 553 kfree_sensitive(kkey); 554 if (!rc && copy_to_user(utp, &ktp, sizeof(ktp))) 555 rc = -EFAULT; 556 memzero_explicit(&ktp, sizeof(ktp)); 557 558 return rc; 559 } 560 561 static int pkey_ioctl_apqns4k(struct pkey_apqns4key __user *uak) 562 { 563 struct pkey_apqn *apqns = NULL; 564 struct pkey_apqns4key kak; 565 size_t nr_apqns, len; 566 u8 *kkey; 567 int rc; 568 569 if (copy_from_user(&kak, uak, sizeof(kak))) 570 return -EFAULT; 571 nr_apqns = kak.apqn_entries; 572 if (nr_apqns) { 573 apqns = kmalloc_array(nr_apqns, 574 sizeof(struct pkey_apqn), 575 GFP_KERNEL); 576 if (!apqns) 577 return -ENOMEM; 578 } 579 kkey = _copy_key_from_user(kak.key, kak.keylen); 580 if (IS_ERR(kkey)) { 581 kfree(apqns); 582 return PTR_ERR(kkey); 583 } 584 rc = pkey_handler_apqns_for_key(kkey, kak.keylen, kak.flags, 585 apqns, &nr_apqns, 0); 586 pr_debug("apqns_for_key()=%d\n", rc); 587 kfree_sensitive(kkey); 588 if (rc && rc != -ENOSPC) { 589 kfree(apqns); 590 return rc; 591 } 592 if (!rc && kak.apqns) { 593 if (nr_apqns > kak.apqn_entries) { 594 kfree(apqns); 595 return -EINVAL; 596 } 597 len = nr_apqns * sizeof(struct pkey_apqn); 598 if (len) { 599 if (copy_to_user(kak.apqns, apqns, len)) { 600 kfree(apqns); 601 return -EFAULT; 602 } 603 } 604 } 605 kak.apqn_entries = nr_apqns; 606 if (copy_to_user(uak, &kak, sizeof(kak))) 607 rc = -EFAULT; 608 kfree(apqns); 609 610 return rc; 611 } 612 613 static int pkey_ioctl_apqns4kt(struct pkey_apqns4keytype __user *uat) 614 { 615 struct pkey_apqn *apqns = NULL; 616 struct pkey_apqns4keytype kat; 617 size_t nr_apqns, len; 618 int rc; 619 620 if (copy_from_user(&kat, uat, sizeof(kat))) 621 return -EFAULT; 622 nr_apqns = kat.apqn_entries; 623 if (nr_apqns) { 624 apqns = kmalloc_array(nr_apqns, 625 sizeof(struct pkey_apqn), 626 GFP_KERNEL); 627 if (!apqns) 628 return -ENOMEM; 629 } 630 rc = pkey_handler_apqns_for_keytype(kat.type, 631 kat.cur_mkvp, kat.alt_mkvp, 632 kat.flags, apqns, &nr_apqns, 0); 633 pr_debug("apqns_for_keytype()=%d\n", rc); 634 if (rc && rc != -ENOSPC) { 635 kfree(apqns); 636 return rc; 637 } 638 if (!rc && kat.apqns) { 639 if (nr_apqns > kat.apqn_entries) { 640 kfree(apqns); 641 return -EINVAL; 642 } 643 len = nr_apqns * sizeof(struct pkey_apqn); 644 if (len) { 645 if (copy_to_user(kat.apqns, apqns, len)) { 646 kfree(apqns); 647 return -EFAULT; 648 } 649 } 650 } 651 kat.apqn_entries = nr_apqns; 652 if (copy_to_user(uat, &kat, sizeof(kat))) 653 rc = -EFAULT; 654 kfree(apqns); 655 656 return rc; 657 } 658 659 static int pkey_ioctl_kblob2protk3(struct pkey_kblob2pkey3 __user *utp) 660 { 661 u32 protkeylen = PROTKEYBLOBBUFSIZE; 662 struct pkey_apqn *apqns = NULL; 663 struct pkey_kblob2pkey3 ktp; 664 u8 *kkey, *protkey; 665 int rc; 666 667 if (copy_from_user(&ktp, utp, sizeof(ktp))) 668 return -EFAULT; 669 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries); 670 if (IS_ERR(apqns)) 671 return PTR_ERR(apqns); 672 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 673 if (IS_ERR(kkey)) { 674 kfree(apqns); 675 return PTR_ERR(kkey); 676 } 677 protkey = kmalloc(protkeylen, GFP_KERNEL); 678 if (!protkey) { 679 kfree(apqns); 680 kfree_sensitive(kkey); 681 return -ENOMEM; 682 } 683 rc = key2protkey(apqns, ktp.apqn_entries, kkey, ktp.keylen, 684 protkey, &protkeylen, &ktp.pkeytype, 0); 685 pr_debug("key2protkey()=%d\n", rc); 686 kfree(apqns); 687 kfree_sensitive(kkey); 688 if (rc) { 689 kfree_sensitive(protkey); 690 return rc; 691 } 692 if (ktp.pkey && ktp.pkeylen) { 693 if (protkeylen > ktp.pkeylen) { 694 kfree_sensitive(protkey); 695 return -EINVAL; 696 } 697 if (copy_to_user(ktp.pkey, protkey, protkeylen)) { 698 kfree_sensitive(protkey); 699 return -EFAULT; 700 } 701 } 702 kfree_sensitive(protkey); 703 ktp.pkeylen = protkeylen; 704 if (copy_to_user(utp, &ktp, sizeof(ktp))) 705 return -EFAULT; 706 707 return 0; 708 } 709 710 static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, 711 unsigned long arg) 712 { 713 int rc; 714 715 switch (cmd) { 716 case PKEY_GENSECK: 717 rc = pkey_ioctl_genseck((struct pkey_genseck __user *)arg); 718 break; 719 case PKEY_CLR2SECK: 720 rc = pkey_ioctl_clr2seck((struct pkey_clr2seck __user *)arg); 721 break; 722 case PKEY_SEC2PROTK: 723 rc = pkey_ioctl_sec2protk((struct pkey_sec2protk __user *)arg); 724 break; 725 case PKEY_CLR2PROTK: 726 rc = pkey_ioctl_clr2protk((struct pkey_clr2protk __user *)arg); 727 break; 728 case PKEY_FINDCARD: 729 rc = pkey_ioctl_findcard((struct pkey_findcard __user *)arg); 730 break; 731 case PKEY_SKEY2PKEY: 732 rc = pkey_ioctl_skey2pkey((struct pkey_skey2pkey __user *)arg); 733 break; 734 case PKEY_VERIFYKEY: 735 rc = pkey_ioctl_verifykey((struct pkey_verifykey __user *)arg); 736 break; 737 case PKEY_GENPROTK: 738 rc = pkey_ioctl_genprotk((struct pkey_genprotk __user *)arg); 739 break; 740 case PKEY_VERIFYPROTK: 741 rc = pkey_ioctl_verifyprotk((struct pkey_verifyprotk __user *)arg); 742 break; 743 case PKEY_KBLOB2PROTK: 744 rc = pkey_ioctl_kblob2protk((struct pkey_kblob2pkey __user *)arg); 745 break; 746 case PKEY_GENSECK2: 747 rc = pkey_ioctl_genseck2((struct pkey_genseck2 __user *)arg); 748 break; 749 case PKEY_CLR2SECK2: 750 rc = pkey_ioctl_clr2seck2((struct pkey_clr2seck2 __user *)arg); 751 break; 752 case PKEY_VERIFYKEY2: 753 rc = pkey_ioctl_verifykey2((struct pkey_verifykey2 __user *)arg); 754 break; 755 case PKEY_KBLOB2PROTK2: 756 rc = pkey_ioctl_kblob2protk2((struct pkey_kblob2pkey2 __user *)arg); 757 break; 758 case PKEY_APQNS4K: 759 rc = pkey_ioctl_apqns4k((struct pkey_apqns4key __user *)arg); 760 break; 761 case PKEY_APQNS4KT: 762 rc = pkey_ioctl_apqns4kt((struct pkey_apqns4keytype __user *)arg); 763 break; 764 case PKEY_KBLOB2PROTK3: 765 rc = pkey_ioctl_kblob2protk3((struct pkey_kblob2pkey3 __user *)arg); 766 break; 767 default: 768 /* unknown/unsupported ioctl cmd */ 769 return -ENOTTY; 770 } 771 772 return rc; 773 } 774 775 /* 776 * File io operations 777 */ 778 779 static const struct file_operations pkey_fops = { 780 .owner = THIS_MODULE, 781 .open = nonseekable_open, 782 .unlocked_ioctl = pkey_unlocked_ioctl, 783 }; 784 785 static struct miscdevice pkey_dev = { 786 .name = "pkey", 787 .minor = MISC_DYNAMIC_MINOR, 788 .mode = 0666, 789 .fops = &pkey_fops, 790 .groups = pkey_attr_groups, 791 }; 792 793 int __init pkey_api_init(void) 794 { 795 /* register as a misc device */ 796 return misc_register(&pkey_dev); 797 } 798 799 void __exit pkey_api_exit(void) 800 { 801 misc_deregister(&pkey_dev); 802 } 803