1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * pkey device driver 4 * 5 * Copyright IBM Corp. 2017, 2023 6 * 7 * Author(s): Harald Freudenberger 8 */ 9 10 #define KMSG_COMPONENT "pkey" 11 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 12 13 #include <linux/fs.h> 14 #include <linux/init.h> 15 #include <linux/miscdevice.h> 16 #include <linux/module.h> 17 #include <linux/slab.h> 18 #include <linux/kallsyms.h> 19 #include <linux/debugfs.h> 20 #include <linux/random.h> 21 #include <linux/cpufeature.h> 22 #include <asm/zcrypt.h> 23 #include <asm/cpacf.h> 24 #include <asm/pkey.h> 25 #include <crypto/aes.h> 26 27 #include "zcrypt_api.h" 28 #include "zcrypt_ccamisc.h" 29 #include "zcrypt_ep11misc.h" 30 31 MODULE_LICENSE("GPL"); 32 MODULE_AUTHOR("IBM Corporation"); 33 MODULE_DESCRIPTION("s390 protected key interface"); 34 35 #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */ 36 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header)) 37 #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */ 38 #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */ 39 #define AES_WK_VP_SIZE 32 /* Size of WK VP block appended to a prot key */ 40 41 /* 42 * debug feature data and functions 43 */ 44 45 static debug_info_t *pkey_dbf_info; 46 47 #define PKEY_DBF_INFO(...) debug_sprintf_event(pkey_dbf_info, 5, ##__VA_ARGS__) 48 #define PKEY_DBF_WARN(...) debug_sprintf_event(pkey_dbf_info, 4, ##__VA_ARGS__) 49 #define PKEY_DBF_ERR(...) debug_sprintf_event(pkey_dbf_info, 3, ##__VA_ARGS__) 50 51 static void __init pkey_debug_init(void) 52 { 53 /* 5 arguments per dbf entry (including the format string ptr) */ 54 pkey_dbf_info = debug_register("pkey", 1, 1, 5 * sizeof(long)); 55 debug_register_view(pkey_dbf_info, &debug_sprintf_view); 56 debug_set_level(pkey_dbf_info, 3); 57 } 58 59 static void __exit pkey_debug_exit(void) 60 { 61 debug_unregister(pkey_dbf_info); 62 } 63 64 /* inside view of a protected key token (only type 0x00 version 0x01) */ 65 struct protaeskeytoken { 66 u8 type; /* 0x00 for PAES specific key tokens */ 67 u8 res0[3]; 68 u8 version; /* should be 0x01 for protected AES key token */ 69 u8 res1[3]; 70 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */ 71 u32 len; /* bytes actually stored in protkey[] */ 72 u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */ 73 } __packed; 74 75 /* inside view of a clear key token (type 0x00 version 0x02) */ 76 struct clearkeytoken { 77 u8 type; /* 0x00 for PAES specific key tokens */ 78 u8 res0[3]; 79 u8 version; /* 0x02 for clear key token */ 80 u8 res1[3]; 81 u32 keytype; /* key type, one of the PKEY_KEYTYPE_* values */ 82 u32 len; /* bytes actually stored in clearkey[] */ 83 u8 clearkey[]; /* clear key value */ 84 } __packed; 85 86 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */ 87 static inline u32 pkey_keytype_aes_to_size(u32 keytype) 88 { 89 switch (keytype) { 90 case PKEY_KEYTYPE_AES_128: 91 return 16; 92 case PKEY_KEYTYPE_AES_192: 93 return 24; 94 case PKEY_KEYTYPE_AES_256: 95 return 32; 96 default: 97 return 0; 98 } 99 } 100 101 /* 102 * Create a protected key from a clear key value via PCKMO instruction. 103 */ 104 static int pkey_clr2protkey(u32 keytype, const u8 *clrkey, 105 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 106 { 107 /* mask of available pckmo subfunctions */ 108 static cpacf_mask_t pckmo_functions; 109 110 u8 paramblock[112]; 111 u32 pkeytype; 112 int keysize; 113 long fc; 114 115 switch (keytype) { 116 case PKEY_KEYTYPE_AES_128: 117 /* 16 byte key, 32 byte aes wkvp, total 48 bytes */ 118 keysize = 16; 119 pkeytype = keytype; 120 fc = CPACF_PCKMO_ENC_AES_128_KEY; 121 break; 122 case PKEY_KEYTYPE_AES_192: 123 /* 24 byte key, 32 byte aes wkvp, total 56 bytes */ 124 keysize = 24; 125 pkeytype = keytype; 126 fc = CPACF_PCKMO_ENC_AES_192_KEY; 127 break; 128 case PKEY_KEYTYPE_AES_256: 129 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 130 keysize = 32; 131 pkeytype = keytype; 132 fc = CPACF_PCKMO_ENC_AES_256_KEY; 133 break; 134 case PKEY_KEYTYPE_ECC_P256: 135 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 136 keysize = 32; 137 pkeytype = PKEY_KEYTYPE_ECC; 138 fc = CPACF_PCKMO_ENC_ECC_P256_KEY; 139 break; 140 case PKEY_KEYTYPE_ECC_P384: 141 /* 48 byte key, 32 byte aes wkvp, total 80 bytes */ 142 keysize = 48; 143 pkeytype = PKEY_KEYTYPE_ECC; 144 fc = CPACF_PCKMO_ENC_ECC_P384_KEY; 145 break; 146 case PKEY_KEYTYPE_ECC_P521: 147 /* 80 byte key, 32 byte aes wkvp, total 112 bytes */ 148 keysize = 80; 149 pkeytype = PKEY_KEYTYPE_ECC; 150 fc = CPACF_PCKMO_ENC_ECC_P521_KEY; 151 break; 152 case PKEY_KEYTYPE_ECC_ED25519: 153 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 154 keysize = 32; 155 pkeytype = PKEY_KEYTYPE_ECC; 156 fc = CPACF_PCKMO_ENC_ECC_ED25519_KEY; 157 break; 158 case PKEY_KEYTYPE_ECC_ED448: 159 /* 64 byte key, 32 byte aes wkvp, total 96 bytes */ 160 keysize = 64; 161 pkeytype = PKEY_KEYTYPE_ECC; 162 fc = CPACF_PCKMO_ENC_ECC_ED448_KEY; 163 break; 164 default: 165 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 166 __func__, keytype); 167 return -EINVAL; 168 } 169 170 if (*protkeylen < keysize + AES_WK_VP_SIZE) { 171 PKEY_DBF_ERR("%s prot key buffer size too small: %u < %d\n", 172 __func__, *protkeylen, keysize + AES_WK_VP_SIZE); 173 return -EINVAL; 174 } 175 176 /* Did we already check for PCKMO ? */ 177 if (!pckmo_functions.bytes[0]) { 178 /* no, so check now */ 179 if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) 180 return -ENODEV; 181 } 182 /* check for the pckmo subfunction we need now */ 183 if (!cpacf_test_func(&pckmo_functions, fc)) { 184 PKEY_DBF_ERR("%s pckmo functions not available\n", __func__); 185 return -ENODEV; 186 } 187 188 /* prepare param block */ 189 memset(paramblock, 0, sizeof(paramblock)); 190 memcpy(paramblock, clrkey, keysize); 191 192 /* call the pckmo instruction */ 193 cpacf_pckmo(fc, paramblock); 194 195 /* copy created protected key to key buffer including the wkvp block */ 196 *protkeylen = keysize + AES_WK_VP_SIZE; 197 memcpy(protkey, paramblock, *protkeylen); 198 *protkeytype = pkeytype; 199 200 return 0; 201 } 202 203 /* 204 * Find card and transform secure key into protected key. 205 */ 206 static int pkey_skey2pkey(const u8 *key, u8 *protkey, 207 u32 *protkeylen, u32 *protkeytype) 208 { 209 struct keytoken_header *hdr = (struct keytoken_header *)key; 210 u16 cardnr, domain; 211 int rc, verify; 212 213 zcrypt_wait_api_operational(); 214 215 /* 216 * The cca_xxx2protkey call may fail when a card has been 217 * addressed where the master key was changed after last fetch 218 * of the mkvp into the cache. Try 3 times: First without verify 219 * then with verify and last round with verify and old master 220 * key verification pattern match not ignored. 221 */ 222 for (verify = 0; verify < 3; verify++) { 223 rc = cca_findcard(key, &cardnr, &domain, verify); 224 if (rc < 0) 225 continue; 226 if (rc > 0 && verify < 2) 227 continue; 228 switch (hdr->version) { 229 case TOKVER_CCA_AES: 230 rc = cca_sec2protkey(cardnr, domain, key, 231 protkey, protkeylen, protkeytype); 232 break; 233 case TOKVER_CCA_VLSC: 234 rc = cca_cipher2protkey(cardnr, domain, key, 235 protkey, protkeylen, 236 protkeytype); 237 break; 238 default: 239 return -EINVAL; 240 } 241 if (rc == 0) 242 break; 243 } 244 245 if (rc) 246 pr_debug("%s failed rc=%d\n", __func__, rc); 247 248 return rc; 249 } 250 251 /* 252 * Construct EP11 key with given clear key value. 253 */ 254 static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen, 255 u8 *keybuf, size_t *keybuflen) 256 { 257 u32 nr_apqns, *apqns = NULL; 258 u16 card, dom; 259 int i, rc; 260 261 zcrypt_wait_api_operational(); 262 263 /* build a list of apqns suitable for ep11 keys with cpacf support */ 264 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 265 ZCRYPT_CEX7, 266 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 267 NULL); 268 if (rc) 269 goto out; 270 271 /* go through the list of apqns and try to bild an ep11 key */ 272 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) { 273 card = apqns[i] >> 16; 274 dom = apqns[i] & 0xFFFF; 275 rc = ep11_clr2keyblob(card, dom, clrkeylen * 8, 276 0, clrkey, keybuf, keybuflen, 277 PKEY_TYPE_EP11); 278 if (rc == 0) 279 break; 280 } 281 282 out: 283 kfree(apqns); 284 if (rc) 285 pr_debug("%s failed rc=%d\n", __func__, rc); 286 return rc; 287 } 288 289 /* 290 * Find card and transform EP11 secure key into protected key. 291 */ 292 static int pkey_ep11key2pkey(const u8 *key, size_t keylen, 293 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 294 { 295 u32 nr_apqns, *apqns = NULL; 296 int i, j, rc = -ENODEV; 297 u16 card, dom; 298 299 zcrypt_wait_api_operational(); 300 301 /* try two times in case of failure */ 302 for (i = 0; i < 2 && rc; i++) { 303 304 /* build a list of apqns suitable for this key */ 305 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 306 ZCRYPT_CEX7, 307 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 308 ep11_kb_wkvp(key, keylen)); 309 if (rc) 310 continue; /* retry findcard on failure */ 311 312 /* go through the list of apqns and try to derive an pkey */ 313 for (rc = -ENODEV, j = 0; j < nr_apqns && rc; j++) { 314 card = apqns[j] >> 16; 315 dom = apqns[j] & 0xFFFF; 316 rc = ep11_kblob2protkey(card, dom, key, keylen, 317 protkey, protkeylen, protkeytype); 318 } 319 320 kfree(apqns); 321 } 322 323 if (rc) 324 pr_debug("%s failed rc=%d\n", __func__, rc); 325 326 return rc; 327 } 328 329 /* 330 * Verify key and give back some info about the key. 331 */ 332 static int pkey_verifykey(const struct pkey_seckey *seckey, 333 u16 *pcardnr, u16 *pdomain, 334 u16 *pkeysize, u32 *pattributes) 335 { 336 struct secaeskeytoken *t = (struct secaeskeytoken *)seckey; 337 u16 cardnr, domain; 338 int rc; 339 340 /* check the secure key for valid AES secure key */ 341 rc = cca_check_secaeskeytoken(pkey_dbf_info, 3, (u8 *)seckey, 0); 342 if (rc) 343 goto out; 344 if (pattributes) 345 *pattributes = PKEY_VERIFY_ATTR_AES; 346 if (pkeysize) 347 *pkeysize = t->bitsize; 348 349 /* try to find a card which can handle this key */ 350 rc = cca_findcard(seckey->seckey, &cardnr, &domain, 1); 351 if (rc < 0) 352 goto out; 353 354 if (rc > 0) { 355 /* key mkvp matches to old master key mkvp */ 356 pr_debug("%s secure key has old mkvp\n", __func__); 357 if (pattributes) 358 *pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP; 359 rc = 0; 360 } 361 362 if (pcardnr) 363 *pcardnr = cardnr; 364 if (pdomain) 365 *pdomain = domain; 366 367 out: 368 pr_debug("%s rc=%d\n", __func__, rc); 369 return rc; 370 } 371 372 /* 373 * Generate a random protected key 374 */ 375 static int pkey_genprotkey(u32 keytype, u8 *protkey, 376 u32 *protkeylen, u32 *protkeytype) 377 { 378 u8 clrkey[32]; 379 int keysize; 380 int rc; 381 382 keysize = pkey_keytype_aes_to_size(keytype); 383 if (!keysize) { 384 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n", __func__, 385 keytype); 386 return -EINVAL; 387 } 388 389 /* generate a dummy random clear key */ 390 get_random_bytes(clrkey, keysize); 391 392 /* convert it to a dummy protected key */ 393 rc = pkey_clr2protkey(keytype, clrkey, 394 protkey, protkeylen, protkeytype); 395 if (rc) 396 return rc; 397 398 /* replace the key part of the protected key with random bytes */ 399 get_random_bytes(protkey, keysize); 400 401 return 0; 402 } 403 404 /* 405 * Verify if a protected key is still valid 406 */ 407 static int pkey_verifyprotkey(const u8 *protkey, u32 protkeylen, 408 u32 protkeytype) 409 { 410 struct { 411 u8 iv[AES_BLOCK_SIZE]; 412 u8 key[MAXPROTKEYSIZE]; 413 } param; 414 u8 null_msg[AES_BLOCK_SIZE]; 415 u8 dest_buf[AES_BLOCK_SIZE]; 416 unsigned int k, pkeylen; 417 unsigned long fc; 418 419 switch (protkeytype) { 420 case PKEY_KEYTYPE_AES_128: 421 pkeylen = 16 + AES_WK_VP_SIZE; 422 fc = CPACF_KMC_PAES_128; 423 break; 424 case PKEY_KEYTYPE_AES_192: 425 pkeylen = 24 + AES_WK_VP_SIZE; 426 fc = CPACF_KMC_PAES_192; 427 break; 428 case PKEY_KEYTYPE_AES_256: 429 pkeylen = 32 + AES_WK_VP_SIZE; 430 fc = CPACF_KMC_PAES_256; 431 break; 432 default: 433 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", __func__, 434 protkeytype); 435 return -EINVAL; 436 } 437 if (protkeylen != pkeylen) { 438 PKEY_DBF_ERR("%s invalid protected key size %u for keytype %u\n", 439 __func__, protkeylen, protkeytype); 440 return -EINVAL; 441 } 442 443 memset(null_msg, 0, sizeof(null_msg)); 444 445 memset(param.iv, 0, sizeof(param.iv)); 446 memcpy(param.key, protkey, protkeylen); 447 448 k = cpacf_kmc(fc | CPACF_ENCRYPT, ¶m, null_msg, dest_buf, 449 sizeof(null_msg)); 450 if (k != sizeof(null_msg)) { 451 PKEY_DBF_ERR("%s protected key is not valid\n", __func__); 452 return -EKEYREJECTED; 453 } 454 455 return 0; 456 } 457 458 /* Helper for pkey_nonccatok2pkey, handles aes clear key token */ 459 static int nonccatokaes2pkey(const struct clearkeytoken *t, 460 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 461 { 462 size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE); 463 u8 *tmpbuf = NULL; 464 u32 keysize; 465 int rc; 466 467 keysize = pkey_keytype_aes_to_size(t->keytype); 468 if (!keysize) { 469 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 470 __func__, t->keytype); 471 return -EINVAL; 472 } 473 if (t->len != keysize) { 474 PKEY_DBF_ERR("%s non clear key aes token: invalid key len %u\n", 475 __func__, t->len); 476 return -EINVAL; 477 } 478 479 /* try direct way with the PCKMO instruction */ 480 rc = pkey_clr2protkey(t->keytype, t->clearkey, 481 protkey, protkeylen, protkeytype); 482 if (!rc) 483 goto out; 484 485 /* PCKMO failed, so try the CCA secure key way */ 486 tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC); 487 if (!tmpbuf) 488 return -ENOMEM; 489 zcrypt_wait_api_operational(); 490 rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype, t->clearkey, tmpbuf); 491 if (rc) 492 goto try_via_ep11; 493 rc = pkey_skey2pkey(tmpbuf, 494 protkey, protkeylen, protkeytype); 495 if (!rc) 496 goto out; 497 498 try_via_ep11: 499 /* if the CCA way also failed, let's try via EP11 */ 500 rc = pkey_clr2ep11key(t->clearkey, t->len, 501 tmpbuf, &tmpbuflen); 502 if (rc) 503 goto failure; 504 rc = pkey_ep11key2pkey(tmpbuf, tmpbuflen, 505 protkey, protkeylen, protkeytype); 506 if (!rc) 507 goto out; 508 509 failure: 510 PKEY_DBF_ERR("%s unable to build protected key from clear", __func__); 511 512 out: 513 kfree(tmpbuf); 514 return rc; 515 } 516 517 /* Helper for pkey_nonccatok2pkey, handles ecc clear key token */ 518 static int nonccatokecc2pkey(const struct clearkeytoken *t, 519 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 520 { 521 u32 keylen; 522 int rc; 523 524 switch (t->keytype) { 525 case PKEY_KEYTYPE_ECC_P256: 526 keylen = 32; 527 break; 528 case PKEY_KEYTYPE_ECC_P384: 529 keylen = 48; 530 break; 531 case PKEY_KEYTYPE_ECC_P521: 532 keylen = 80; 533 break; 534 case PKEY_KEYTYPE_ECC_ED25519: 535 keylen = 32; 536 break; 537 case PKEY_KEYTYPE_ECC_ED448: 538 keylen = 64; 539 break; 540 default: 541 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 542 __func__, t->keytype); 543 return -EINVAL; 544 } 545 546 if (t->len != keylen) { 547 PKEY_DBF_ERR("%s non clear key ecc token: invalid key len %u\n", 548 __func__, t->len); 549 return -EINVAL; 550 } 551 552 /* only one path possible: via PCKMO instruction */ 553 rc = pkey_clr2protkey(t->keytype, t->clearkey, 554 protkey, protkeylen, protkeytype); 555 if (rc) { 556 PKEY_DBF_ERR("%s unable to build protected key from clear", 557 __func__); 558 } 559 560 return rc; 561 } 562 563 /* 564 * Transform a non-CCA key token into a protected key 565 */ 566 static int pkey_nonccatok2pkey(const u8 *key, u32 keylen, 567 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 568 { 569 struct keytoken_header *hdr = (struct keytoken_header *)key; 570 int rc = -EINVAL; 571 572 switch (hdr->version) { 573 case TOKVER_PROTECTED_KEY: { 574 struct protaeskeytoken *t; 575 576 if (keylen != sizeof(struct protaeskeytoken)) 577 goto out; 578 t = (struct protaeskeytoken *)key; 579 rc = pkey_verifyprotkey(t->protkey, t->len, t->keytype); 580 if (rc) 581 goto out; 582 memcpy(protkey, t->protkey, t->len); 583 *protkeylen = t->len; 584 *protkeytype = t->keytype; 585 break; 586 } 587 case TOKVER_CLEAR_KEY: { 588 struct clearkeytoken *t = (struct clearkeytoken *)key; 589 590 if (keylen < sizeof(struct clearkeytoken) || 591 keylen != sizeof(*t) + t->len) 592 goto out; 593 switch (t->keytype) { 594 case PKEY_KEYTYPE_AES_128: 595 case PKEY_KEYTYPE_AES_192: 596 case PKEY_KEYTYPE_AES_256: 597 rc = nonccatokaes2pkey(t, protkey, 598 protkeylen, protkeytype); 599 break; 600 case PKEY_KEYTYPE_ECC_P256: 601 case PKEY_KEYTYPE_ECC_P384: 602 case PKEY_KEYTYPE_ECC_P521: 603 case PKEY_KEYTYPE_ECC_ED25519: 604 case PKEY_KEYTYPE_ECC_ED448: 605 rc = nonccatokecc2pkey(t, protkey, 606 protkeylen, protkeytype); 607 break; 608 default: 609 PKEY_DBF_ERR("%s unknown/unsupported non cca clear key type %u\n", 610 __func__, t->keytype); 611 return -EINVAL; 612 } 613 break; 614 } 615 case TOKVER_EP11_AES: { 616 /* check ep11 key for exportable as protected key */ 617 rc = ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1); 618 if (rc) 619 goto out; 620 rc = pkey_ep11key2pkey(key, keylen, 621 protkey, protkeylen, protkeytype); 622 break; 623 } 624 case TOKVER_EP11_AES_WITH_HEADER: 625 /* check ep11 key with header for exportable as protected key */ 626 rc = ep11_check_aes_key_with_hdr(pkey_dbf_info, 627 3, key, keylen, 1); 628 if (rc) 629 goto out; 630 rc = pkey_ep11key2pkey(key, keylen, 631 protkey, protkeylen, protkeytype); 632 break; 633 default: 634 PKEY_DBF_ERR("%s unknown/unsupported non-CCA token version %d\n", 635 __func__, hdr->version); 636 } 637 638 out: 639 return rc; 640 } 641 642 /* 643 * Transform a CCA internal key token into a protected key 644 */ 645 static int pkey_ccainttok2pkey(const u8 *key, u32 keylen, 646 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 647 { 648 struct keytoken_header *hdr = (struct keytoken_header *)key; 649 650 switch (hdr->version) { 651 case TOKVER_CCA_AES: 652 if (keylen != sizeof(struct secaeskeytoken)) 653 return -EINVAL; 654 break; 655 case TOKVER_CCA_VLSC: 656 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 657 return -EINVAL; 658 break; 659 default: 660 PKEY_DBF_ERR("%s unknown/unsupported CCA internal token version %d\n", 661 __func__, hdr->version); 662 return -EINVAL; 663 } 664 665 return pkey_skey2pkey(key, protkey, protkeylen, protkeytype); 666 } 667 668 /* 669 * Transform a key blob (of any type) into a protected key 670 */ 671 int pkey_keyblob2pkey(const u8 *key, u32 keylen, 672 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 673 { 674 struct keytoken_header *hdr = (struct keytoken_header *)key; 675 int rc; 676 677 if (keylen < sizeof(struct keytoken_header)) { 678 PKEY_DBF_ERR("%s invalid keylen %d\n", __func__, keylen); 679 return -EINVAL; 680 } 681 682 switch (hdr->type) { 683 case TOKTYPE_NON_CCA: 684 rc = pkey_nonccatok2pkey(key, keylen, 685 protkey, protkeylen, protkeytype); 686 break; 687 case TOKTYPE_CCA_INTERNAL: 688 rc = pkey_ccainttok2pkey(key, keylen, 689 protkey, protkeylen, protkeytype); 690 break; 691 default: 692 PKEY_DBF_ERR("%s unknown/unsupported blob type %d\n", 693 __func__, hdr->type); 694 return -EINVAL; 695 } 696 697 pr_debug("%s rc=%d\n", __func__, rc); 698 return rc; 699 } 700 EXPORT_SYMBOL(pkey_keyblob2pkey); 701 702 static int pkey_genseckey2(const struct pkey_apqn *apqns, size_t nr_apqns, 703 enum pkey_key_type ktype, enum pkey_key_size ksize, 704 u32 kflags, u8 *keybuf, size_t *keybufsize) 705 { 706 int i, card, dom, rc; 707 708 /* check for at least one apqn given */ 709 if (!apqns || !nr_apqns) 710 return -EINVAL; 711 712 /* check key type and size */ 713 switch (ktype) { 714 case PKEY_TYPE_CCA_DATA: 715 case PKEY_TYPE_CCA_CIPHER: 716 if (*keybufsize < SECKEYBLOBSIZE) 717 return -EINVAL; 718 break; 719 case PKEY_TYPE_EP11: 720 if (*keybufsize < MINEP11AESKEYBLOBSIZE) 721 return -EINVAL; 722 break; 723 case PKEY_TYPE_EP11_AES: 724 if (*keybufsize < (sizeof(struct ep11kblob_header) + 725 MINEP11AESKEYBLOBSIZE)) 726 return -EINVAL; 727 break; 728 default: 729 return -EINVAL; 730 } 731 switch (ksize) { 732 case PKEY_SIZE_AES_128: 733 case PKEY_SIZE_AES_192: 734 case PKEY_SIZE_AES_256: 735 break; 736 default: 737 return -EINVAL; 738 } 739 740 /* simple try all apqns from the list */ 741 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 742 card = apqns[i].card; 743 dom = apqns[i].domain; 744 if (ktype == PKEY_TYPE_EP11 || 745 ktype == PKEY_TYPE_EP11_AES) { 746 rc = ep11_genaeskey(card, dom, ksize, kflags, 747 keybuf, keybufsize, ktype); 748 } else if (ktype == PKEY_TYPE_CCA_DATA) { 749 rc = cca_genseckey(card, dom, ksize, keybuf); 750 *keybufsize = (rc ? 0 : SECKEYBLOBSIZE); 751 } else { 752 /* TOKVER_CCA_VLSC */ 753 rc = cca_gencipherkey(card, dom, ksize, kflags, 754 keybuf, keybufsize); 755 } 756 if (rc == 0) 757 break; 758 } 759 760 return rc; 761 } 762 763 static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns, 764 enum pkey_key_type ktype, enum pkey_key_size ksize, 765 u32 kflags, const u8 *clrkey, 766 u8 *keybuf, size_t *keybufsize) 767 { 768 int i, card, dom, rc; 769 770 /* check for at least one apqn given */ 771 if (!apqns || !nr_apqns) 772 return -EINVAL; 773 774 /* check key type and size */ 775 switch (ktype) { 776 case PKEY_TYPE_CCA_DATA: 777 case PKEY_TYPE_CCA_CIPHER: 778 if (*keybufsize < SECKEYBLOBSIZE) 779 return -EINVAL; 780 break; 781 case PKEY_TYPE_EP11: 782 if (*keybufsize < MINEP11AESKEYBLOBSIZE) 783 return -EINVAL; 784 break; 785 case PKEY_TYPE_EP11_AES: 786 if (*keybufsize < (sizeof(struct ep11kblob_header) + 787 MINEP11AESKEYBLOBSIZE)) 788 return -EINVAL; 789 break; 790 default: 791 return -EINVAL; 792 } 793 switch (ksize) { 794 case PKEY_SIZE_AES_128: 795 case PKEY_SIZE_AES_192: 796 case PKEY_SIZE_AES_256: 797 break; 798 default: 799 return -EINVAL; 800 } 801 802 zcrypt_wait_api_operational(); 803 804 /* simple try all apqns from the list */ 805 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 806 card = apqns[i].card; 807 dom = apqns[i].domain; 808 if (ktype == PKEY_TYPE_EP11 || 809 ktype == PKEY_TYPE_EP11_AES) { 810 rc = ep11_clr2keyblob(card, dom, ksize, kflags, 811 clrkey, keybuf, keybufsize, 812 ktype); 813 } else if (ktype == PKEY_TYPE_CCA_DATA) { 814 rc = cca_clr2seckey(card, dom, ksize, 815 clrkey, keybuf); 816 *keybufsize = (rc ? 0 : SECKEYBLOBSIZE); 817 } else { 818 /* TOKVER_CCA_VLSC */ 819 rc = cca_clr2cipherkey(card, dom, ksize, kflags, 820 clrkey, keybuf, keybufsize); 821 } 822 if (rc == 0) 823 break; 824 } 825 826 return rc; 827 } 828 829 static int pkey_verifykey2(const u8 *key, size_t keylen, 830 u16 *cardnr, u16 *domain, 831 enum pkey_key_type *ktype, 832 enum pkey_key_size *ksize, u32 *flags) 833 { 834 struct keytoken_header *hdr = (struct keytoken_header *)key; 835 u32 _nr_apqns, *_apqns = NULL; 836 int rc; 837 838 if (keylen < sizeof(struct keytoken_header)) 839 return -EINVAL; 840 841 if (hdr->type == TOKTYPE_CCA_INTERNAL && 842 hdr->version == TOKVER_CCA_AES) { 843 struct secaeskeytoken *t = (struct secaeskeytoken *)key; 844 845 rc = cca_check_secaeskeytoken(pkey_dbf_info, 3, key, 0); 846 if (rc) 847 goto out; 848 if (ktype) 849 *ktype = PKEY_TYPE_CCA_DATA; 850 if (ksize) 851 *ksize = (enum pkey_key_size)t->bitsize; 852 853 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 854 ZCRYPT_CEX3C, AES_MK_SET, t->mkvp, 0, 1); 855 if (rc == 0 && flags) 856 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 857 if (rc == -ENODEV) { 858 rc = cca_findcard2(&_apqns, &_nr_apqns, 859 *cardnr, *domain, 860 ZCRYPT_CEX3C, AES_MK_SET, 861 0, t->mkvp, 1); 862 if (rc == 0 && flags) 863 *flags = PKEY_FLAGS_MATCH_ALT_MKVP; 864 } 865 if (rc) 866 goto out; 867 868 *cardnr = ((struct pkey_apqn *)_apqns)->card; 869 *domain = ((struct pkey_apqn *)_apqns)->domain; 870 871 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && 872 hdr->version == TOKVER_CCA_VLSC) { 873 struct cipherkeytoken *t = (struct cipherkeytoken *)key; 874 875 rc = cca_check_secaescipherkey(pkey_dbf_info, 3, key, 0, 1); 876 if (rc) 877 goto out; 878 if (ktype) 879 *ktype = PKEY_TYPE_CCA_CIPHER; 880 if (ksize) { 881 *ksize = PKEY_SIZE_UNKNOWN; 882 if (!t->plfver && t->wpllen == 512) 883 *ksize = PKEY_SIZE_AES_128; 884 else if (!t->plfver && t->wpllen == 576) 885 *ksize = PKEY_SIZE_AES_192; 886 else if (!t->plfver && t->wpllen == 640) 887 *ksize = PKEY_SIZE_AES_256; 888 } 889 890 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 891 ZCRYPT_CEX6, AES_MK_SET, t->mkvp0, 0, 1); 892 if (rc == 0 && flags) 893 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 894 if (rc == -ENODEV) { 895 rc = cca_findcard2(&_apqns, &_nr_apqns, 896 *cardnr, *domain, 897 ZCRYPT_CEX6, AES_MK_SET, 898 0, t->mkvp0, 1); 899 if (rc == 0 && flags) 900 *flags = PKEY_FLAGS_MATCH_ALT_MKVP; 901 } 902 if (rc) 903 goto out; 904 905 *cardnr = ((struct pkey_apqn *)_apqns)->card; 906 *domain = ((struct pkey_apqn *)_apqns)->domain; 907 908 } else if (hdr->type == TOKTYPE_NON_CCA && 909 hdr->version == TOKVER_EP11_AES) { 910 struct ep11keyblob *kb = (struct ep11keyblob *)key; 911 int api; 912 913 rc = ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1); 914 if (rc) 915 goto out; 916 if (ktype) 917 *ktype = PKEY_TYPE_EP11; 918 if (ksize) 919 *ksize = kb->head.bitlen; 920 921 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 922 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 923 ZCRYPT_CEX7, api, 924 ep11_kb_wkvp(key, keylen)); 925 if (rc) 926 goto out; 927 928 if (flags) 929 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 930 931 *cardnr = ((struct pkey_apqn *)_apqns)->card; 932 *domain = ((struct pkey_apqn *)_apqns)->domain; 933 934 } else if (hdr->type == TOKTYPE_NON_CCA && 935 hdr->version == TOKVER_EP11_AES_WITH_HEADER) { 936 struct ep11kblob_header *kh = (struct ep11kblob_header *)key; 937 int api; 938 939 rc = ep11_check_aes_key_with_hdr(pkey_dbf_info, 940 3, key, keylen, 1); 941 if (rc) 942 goto out; 943 if (ktype) 944 *ktype = PKEY_TYPE_EP11_AES; 945 if (ksize) 946 *ksize = kh->bitlen; 947 948 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 949 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 950 ZCRYPT_CEX7, api, 951 ep11_kb_wkvp(key, keylen)); 952 if (rc) 953 goto out; 954 955 if (flags) 956 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 957 958 *cardnr = ((struct pkey_apqn *)_apqns)->card; 959 *domain = ((struct pkey_apqn *)_apqns)->domain; 960 } else { 961 rc = -EINVAL; 962 } 963 964 out: 965 kfree(_apqns); 966 return rc; 967 } 968 969 static int pkey_keyblob2pkey2(const struct pkey_apqn *apqns, size_t nr_apqns, 970 const u8 *key, size_t keylen, 971 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 972 { 973 struct keytoken_header *hdr = (struct keytoken_header *)key; 974 int i, card, dom, rc; 975 976 /* check for at least one apqn given */ 977 if (!apqns || !nr_apqns) 978 return -EINVAL; 979 980 if (keylen < sizeof(struct keytoken_header)) 981 return -EINVAL; 982 983 if (hdr->type == TOKTYPE_CCA_INTERNAL) { 984 if (hdr->version == TOKVER_CCA_AES) { 985 if (keylen != sizeof(struct secaeskeytoken)) 986 return -EINVAL; 987 if (cca_check_secaeskeytoken(pkey_dbf_info, 3, key, 0)) 988 return -EINVAL; 989 } else if (hdr->version == TOKVER_CCA_VLSC) { 990 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 991 return -EINVAL; 992 if (cca_check_secaescipherkey(pkey_dbf_info, 993 3, key, 0, 1)) 994 return -EINVAL; 995 } else { 996 PKEY_DBF_ERR("%s unknown CCA internal token version %d\n", 997 __func__, hdr->version); 998 return -EINVAL; 999 } 1000 } else if (hdr->type == TOKTYPE_NON_CCA) { 1001 if (hdr->version == TOKVER_EP11_AES) { 1002 if (ep11_check_aes_key(pkey_dbf_info, 1003 3, key, keylen, 1)) 1004 return -EINVAL; 1005 } else if (hdr->version == TOKVER_EP11_AES_WITH_HEADER) { 1006 if (ep11_check_aes_key_with_hdr(pkey_dbf_info, 1007 3, key, keylen, 1)) 1008 return -EINVAL; 1009 } else { 1010 return pkey_nonccatok2pkey(key, keylen, 1011 protkey, protkeylen, 1012 protkeytype); 1013 } 1014 } else { 1015 PKEY_DBF_ERR("%s unknown/unsupported blob type %d\n", 1016 __func__, hdr->type); 1017 return -EINVAL; 1018 } 1019 1020 zcrypt_wait_api_operational(); 1021 1022 /* simple try all apqns from the list */ 1023 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 1024 card = apqns[i].card; 1025 dom = apqns[i].domain; 1026 if (hdr->type == TOKTYPE_CCA_INTERNAL && 1027 hdr->version == TOKVER_CCA_AES) { 1028 rc = cca_sec2protkey(card, dom, key, 1029 protkey, protkeylen, protkeytype); 1030 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1031 hdr->version == TOKVER_CCA_VLSC) { 1032 rc = cca_cipher2protkey(card, dom, key, 1033 protkey, protkeylen, 1034 protkeytype); 1035 } else { 1036 rc = ep11_kblob2protkey(card, dom, key, keylen, 1037 protkey, protkeylen, 1038 protkeytype); 1039 } 1040 if (rc == 0) 1041 break; 1042 } 1043 1044 return rc; 1045 } 1046 1047 static int pkey_apqns4key(const u8 *key, size_t keylen, u32 flags, 1048 struct pkey_apqn *apqns, size_t *nr_apqns) 1049 { 1050 struct keytoken_header *hdr = (struct keytoken_header *)key; 1051 u32 _nr_apqns, *_apqns = NULL; 1052 int rc; 1053 1054 if (keylen < sizeof(struct keytoken_header) || flags == 0) 1055 return -EINVAL; 1056 1057 zcrypt_wait_api_operational(); 1058 1059 if (hdr->type == TOKTYPE_NON_CCA && 1060 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || 1061 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && 1062 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1063 struct ep11keyblob *kb = (struct ep11keyblob *) 1064 (key + sizeof(struct ep11kblob_header)); 1065 int minhwtype = 0, api = 0; 1066 1067 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 1068 return -EINVAL; 1069 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 1070 minhwtype = ZCRYPT_CEX7; 1071 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1072 } 1073 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1074 minhwtype, api, kb->wkvp); 1075 if (rc) 1076 goto out; 1077 } else if (hdr->type == TOKTYPE_NON_CCA && 1078 hdr->version == TOKVER_EP11_AES && 1079 is_ep11_keyblob(key)) { 1080 struct ep11keyblob *kb = (struct ep11keyblob *)key; 1081 int minhwtype = 0, api = 0; 1082 1083 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 1084 return -EINVAL; 1085 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 1086 minhwtype = ZCRYPT_CEX7; 1087 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1088 } 1089 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1090 minhwtype, api, kb->wkvp); 1091 if (rc) 1092 goto out; 1093 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { 1094 u64 cur_mkvp = 0, old_mkvp = 0; 1095 int minhwtype = ZCRYPT_CEX3C; 1096 1097 if (hdr->version == TOKVER_CCA_AES) { 1098 struct secaeskeytoken *t = (struct secaeskeytoken *)key; 1099 1100 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1101 cur_mkvp = t->mkvp; 1102 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1103 old_mkvp = t->mkvp; 1104 } else if (hdr->version == TOKVER_CCA_VLSC) { 1105 struct cipherkeytoken *t = (struct cipherkeytoken *)key; 1106 1107 minhwtype = ZCRYPT_CEX6; 1108 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1109 cur_mkvp = t->mkvp0; 1110 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1111 old_mkvp = t->mkvp0; 1112 } else { 1113 /* unknown cca internal token type */ 1114 return -EINVAL; 1115 } 1116 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1117 minhwtype, AES_MK_SET, 1118 cur_mkvp, old_mkvp, 1); 1119 if (rc) 1120 goto out; 1121 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { 1122 struct eccprivkeytoken *t = (struct eccprivkeytoken *)key; 1123 u64 cur_mkvp = 0, old_mkvp = 0; 1124 1125 if (t->secid == 0x20) { 1126 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1127 cur_mkvp = t->mkvp; 1128 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1129 old_mkvp = t->mkvp; 1130 } else { 1131 /* unknown cca internal 2 token type */ 1132 return -EINVAL; 1133 } 1134 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1135 ZCRYPT_CEX7, APKA_MK_SET, 1136 cur_mkvp, old_mkvp, 1); 1137 if (rc) 1138 goto out; 1139 } else { 1140 return -EINVAL; 1141 } 1142 1143 if (apqns) { 1144 if (*nr_apqns < _nr_apqns) 1145 rc = -ENOSPC; 1146 else 1147 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 1148 } 1149 *nr_apqns = _nr_apqns; 1150 1151 out: 1152 kfree(_apqns); 1153 return rc; 1154 } 1155 1156 static int pkey_apqns4keytype(enum pkey_key_type ktype, 1157 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 1158 struct pkey_apqn *apqns, size_t *nr_apqns) 1159 { 1160 u32 _nr_apqns, *_apqns = NULL; 1161 int rc; 1162 1163 zcrypt_wait_api_operational(); 1164 1165 if (ktype == PKEY_TYPE_CCA_DATA || ktype == PKEY_TYPE_CCA_CIPHER) { 1166 u64 cur_mkvp = 0, old_mkvp = 0; 1167 int minhwtype = ZCRYPT_CEX3C; 1168 1169 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1170 cur_mkvp = *((u64 *)cur_mkvp); 1171 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1172 old_mkvp = *((u64 *)alt_mkvp); 1173 if (ktype == PKEY_TYPE_CCA_CIPHER) 1174 minhwtype = ZCRYPT_CEX6; 1175 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1176 minhwtype, AES_MK_SET, 1177 cur_mkvp, old_mkvp, 1); 1178 if (rc) 1179 goto out; 1180 } else if (ktype == PKEY_TYPE_CCA_ECC) { 1181 u64 cur_mkvp = 0, old_mkvp = 0; 1182 1183 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1184 cur_mkvp = *((u64 *)cur_mkvp); 1185 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1186 old_mkvp = *((u64 *)alt_mkvp); 1187 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1188 ZCRYPT_CEX7, APKA_MK_SET, 1189 cur_mkvp, old_mkvp, 1); 1190 if (rc) 1191 goto out; 1192 1193 } else if (ktype == PKEY_TYPE_EP11 || 1194 ktype == PKEY_TYPE_EP11_AES || 1195 ktype == PKEY_TYPE_EP11_ECC) { 1196 u8 *wkvp = NULL; 1197 int api; 1198 1199 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1200 wkvp = cur_mkvp; 1201 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1202 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1203 ZCRYPT_CEX7, api, wkvp); 1204 if (rc) 1205 goto out; 1206 1207 } else { 1208 return -EINVAL; 1209 } 1210 1211 if (apqns) { 1212 if (*nr_apqns < _nr_apqns) 1213 rc = -ENOSPC; 1214 else 1215 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 1216 } 1217 *nr_apqns = _nr_apqns; 1218 1219 out: 1220 kfree(_apqns); 1221 return rc; 1222 } 1223 1224 static int pkey_keyblob2pkey3(const struct pkey_apqn *apqns, size_t nr_apqns, 1225 const u8 *key, size_t keylen, 1226 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 1227 { 1228 struct keytoken_header *hdr = (struct keytoken_header *)key; 1229 int i, card, dom, rc; 1230 1231 /* check for at least one apqn given */ 1232 if (!apqns || !nr_apqns) 1233 return -EINVAL; 1234 1235 if (keylen < sizeof(struct keytoken_header)) 1236 return -EINVAL; 1237 1238 if (hdr->type == TOKTYPE_NON_CCA && 1239 hdr->version == TOKVER_EP11_AES_WITH_HEADER && 1240 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1241 /* EP11 AES key blob with header */ 1242 if (ep11_check_aes_key_with_hdr(pkey_dbf_info, 1243 3, key, keylen, 1)) 1244 return -EINVAL; 1245 } else if (hdr->type == TOKTYPE_NON_CCA && 1246 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && 1247 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1248 /* EP11 ECC key blob with header */ 1249 if (ep11_check_ecc_key_with_hdr(pkey_dbf_info, 1250 3, key, keylen, 1)) 1251 return -EINVAL; 1252 } else if (hdr->type == TOKTYPE_NON_CCA && 1253 hdr->version == TOKVER_EP11_AES && 1254 is_ep11_keyblob(key)) { 1255 /* EP11 AES key blob with header in session field */ 1256 if (ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1)) 1257 return -EINVAL; 1258 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { 1259 if (hdr->version == TOKVER_CCA_AES) { 1260 /* CCA AES data key */ 1261 if (keylen != sizeof(struct secaeskeytoken)) 1262 return -EINVAL; 1263 if (cca_check_secaeskeytoken(pkey_dbf_info, 3, key, 0)) 1264 return -EINVAL; 1265 } else if (hdr->version == TOKVER_CCA_VLSC) { 1266 /* CCA AES cipher key */ 1267 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 1268 return -EINVAL; 1269 if (cca_check_secaescipherkey(pkey_dbf_info, 1270 3, key, 0, 1)) 1271 return -EINVAL; 1272 } else { 1273 PKEY_DBF_ERR("%s unknown CCA internal token version %d\n", 1274 __func__, hdr->version); 1275 return -EINVAL; 1276 } 1277 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { 1278 /* CCA ECC (private) key */ 1279 if (keylen < sizeof(struct eccprivkeytoken)) 1280 return -EINVAL; 1281 if (cca_check_sececckeytoken(pkey_dbf_info, 3, key, keylen, 1)) 1282 return -EINVAL; 1283 } else if (hdr->type == TOKTYPE_NON_CCA) { 1284 return pkey_nonccatok2pkey(key, keylen, 1285 protkey, protkeylen, protkeytype); 1286 } else { 1287 PKEY_DBF_ERR("%s unknown/unsupported blob type %d\n", 1288 __func__, hdr->type); 1289 return -EINVAL; 1290 } 1291 1292 /* simple try all apqns from the list */ 1293 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 1294 card = apqns[i].card; 1295 dom = apqns[i].domain; 1296 if (hdr->type == TOKTYPE_NON_CCA && 1297 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || 1298 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && 1299 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) 1300 rc = ep11_kblob2protkey(card, dom, key, hdr->len, 1301 protkey, protkeylen, 1302 protkeytype); 1303 else if (hdr->type == TOKTYPE_NON_CCA && 1304 hdr->version == TOKVER_EP11_AES && 1305 is_ep11_keyblob(key)) 1306 rc = ep11_kblob2protkey(card, dom, key, hdr->len, 1307 protkey, protkeylen, 1308 protkeytype); 1309 else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1310 hdr->version == TOKVER_CCA_AES) 1311 rc = cca_sec2protkey(card, dom, key, protkey, 1312 protkeylen, protkeytype); 1313 else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1314 hdr->version == TOKVER_CCA_VLSC) 1315 rc = cca_cipher2protkey(card, dom, key, protkey, 1316 protkeylen, protkeytype); 1317 else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) 1318 rc = cca_ecc2protkey(card, dom, key, protkey, 1319 protkeylen, protkeytype); 1320 else 1321 return -EINVAL; 1322 } 1323 1324 return rc; 1325 } 1326 1327 /* 1328 * File io functions 1329 */ 1330 1331 static void *_copy_key_from_user(void __user *ukey, size_t keylen) 1332 { 1333 if (!ukey || keylen < MINKEYBLOBBUFSIZE || keylen > KEYBLOBBUFSIZE) 1334 return ERR_PTR(-EINVAL); 1335 1336 return memdup_user(ukey, keylen); 1337 } 1338 1339 static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns) 1340 { 1341 if (!uapqns || nr_apqns == 0) 1342 return NULL; 1343 1344 return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn)); 1345 } 1346 1347 static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, 1348 unsigned long arg) 1349 { 1350 int rc; 1351 1352 switch (cmd) { 1353 case PKEY_GENSECK: { 1354 struct pkey_genseck __user *ugs = (void __user *)arg; 1355 struct pkey_genseck kgs; 1356 1357 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 1358 return -EFAULT; 1359 rc = cca_genseckey(kgs.cardnr, kgs.domain, 1360 kgs.keytype, kgs.seckey.seckey); 1361 pr_debug("%s cca_genseckey()=%d\n", __func__, rc); 1362 if (rc) 1363 break; 1364 if (copy_to_user(ugs, &kgs, sizeof(kgs))) 1365 return -EFAULT; 1366 break; 1367 } 1368 case PKEY_CLR2SECK: { 1369 struct pkey_clr2seck __user *ucs = (void __user *)arg; 1370 struct pkey_clr2seck kcs; 1371 1372 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 1373 return -EFAULT; 1374 rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype, 1375 kcs.clrkey.clrkey, kcs.seckey.seckey); 1376 pr_debug("%s cca_clr2seckey()=%d\n", __func__, rc); 1377 if (rc) 1378 break; 1379 if (copy_to_user(ucs, &kcs, sizeof(kcs))) 1380 return -EFAULT; 1381 memzero_explicit(&kcs, sizeof(kcs)); 1382 break; 1383 } 1384 case PKEY_SEC2PROTK: { 1385 struct pkey_sec2protk __user *usp = (void __user *)arg; 1386 struct pkey_sec2protk ksp; 1387 1388 if (copy_from_user(&ksp, usp, sizeof(ksp))) 1389 return -EFAULT; 1390 ksp.protkey.len = sizeof(ksp.protkey.protkey); 1391 rc = cca_sec2protkey(ksp.cardnr, ksp.domain, 1392 ksp.seckey.seckey, ksp.protkey.protkey, 1393 &ksp.protkey.len, &ksp.protkey.type); 1394 pr_debug("%s cca_sec2protkey()=%d\n", __func__, rc); 1395 if (rc) 1396 break; 1397 if (copy_to_user(usp, &ksp, sizeof(ksp))) 1398 return -EFAULT; 1399 break; 1400 } 1401 case PKEY_CLR2PROTK: { 1402 struct pkey_clr2protk __user *ucp = (void __user *)arg; 1403 struct pkey_clr2protk kcp; 1404 1405 if (copy_from_user(&kcp, ucp, sizeof(kcp))) 1406 return -EFAULT; 1407 kcp.protkey.len = sizeof(kcp.protkey.protkey); 1408 rc = pkey_clr2protkey(kcp.keytype, kcp.clrkey.clrkey, 1409 kcp.protkey.protkey, 1410 &kcp.protkey.len, &kcp.protkey.type); 1411 pr_debug("%s pkey_clr2protkey()=%d\n", __func__, rc); 1412 if (rc) 1413 break; 1414 if (copy_to_user(ucp, &kcp, sizeof(kcp))) 1415 return -EFAULT; 1416 memzero_explicit(&kcp, sizeof(kcp)); 1417 break; 1418 } 1419 case PKEY_FINDCARD: { 1420 struct pkey_findcard __user *ufc = (void __user *)arg; 1421 struct pkey_findcard kfc; 1422 1423 if (copy_from_user(&kfc, ufc, sizeof(kfc))) 1424 return -EFAULT; 1425 rc = cca_findcard(kfc.seckey.seckey, 1426 &kfc.cardnr, &kfc.domain, 1); 1427 pr_debug("%s cca_findcard()=%d\n", __func__, rc); 1428 if (rc < 0) 1429 break; 1430 if (copy_to_user(ufc, &kfc, sizeof(kfc))) 1431 return -EFAULT; 1432 break; 1433 } 1434 case PKEY_SKEY2PKEY: { 1435 struct pkey_skey2pkey __user *usp = (void __user *)arg; 1436 struct pkey_skey2pkey ksp; 1437 1438 if (copy_from_user(&ksp, usp, sizeof(ksp))) 1439 return -EFAULT; 1440 ksp.protkey.len = sizeof(ksp.protkey.protkey); 1441 rc = pkey_skey2pkey(ksp.seckey.seckey, ksp.protkey.protkey, 1442 &ksp.protkey.len, &ksp.protkey.type); 1443 pr_debug("%s pkey_skey2pkey()=%d\n", __func__, rc); 1444 if (rc) 1445 break; 1446 if (copy_to_user(usp, &ksp, sizeof(ksp))) 1447 return -EFAULT; 1448 break; 1449 } 1450 case PKEY_VERIFYKEY: { 1451 struct pkey_verifykey __user *uvk = (void __user *)arg; 1452 struct pkey_verifykey kvk; 1453 1454 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 1455 return -EFAULT; 1456 rc = pkey_verifykey(&kvk.seckey, &kvk.cardnr, &kvk.domain, 1457 &kvk.keysize, &kvk.attributes); 1458 pr_debug("%s pkey_verifykey()=%d\n", __func__, rc); 1459 if (rc) 1460 break; 1461 if (copy_to_user(uvk, &kvk, sizeof(kvk))) 1462 return -EFAULT; 1463 break; 1464 } 1465 case PKEY_GENPROTK: { 1466 struct pkey_genprotk __user *ugp = (void __user *)arg; 1467 struct pkey_genprotk kgp; 1468 1469 if (copy_from_user(&kgp, ugp, sizeof(kgp))) 1470 return -EFAULT; 1471 kgp.protkey.len = sizeof(kgp.protkey.protkey); 1472 rc = pkey_genprotkey(kgp.keytype, kgp.protkey.protkey, 1473 &kgp.protkey.len, &kgp.protkey.type); 1474 pr_debug("%s pkey_genprotkey()=%d\n", __func__, rc); 1475 if (rc) 1476 break; 1477 if (copy_to_user(ugp, &kgp, sizeof(kgp))) 1478 return -EFAULT; 1479 break; 1480 } 1481 case PKEY_VERIFYPROTK: { 1482 struct pkey_verifyprotk __user *uvp = (void __user *)arg; 1483 struct pkey_verifyprotk kvp; 1484 1485 if (copy_from_user(&kvp, uvp, sizeof(kvp))) 1486 return -EFAULT; 1487 rc = pkey_verifyprotkey(kvp.protkey.protkey, 1488 kvp.protkey.len, kvp.protkey.type); 1489 pr_debug("%s pkey_verifyprotkey()=%d\n", __func__, rc); 1490 break; 1491 } 1492 case PKEY_KBLOB2PROTK: { 1493 struct pkey_kblob2pkey __user *utp = (void __user *)arg; 1494 struct pkey_kblob2pkey ktp; 1495 u8 *kkey; 1496 1497 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1498 return -EFAULT; 1499 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1500 if (IS_ERR(kkey)) 1501 return PTR_ERR(kkey); 1502 ktp.protkey.len = sizeof(ktp.protkey.protkey); 1503 rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey, 1504 &ktp.protkey.len, &ktp.protkey.type); 1505 pr_debug("%s pkey_keyblob2pkey()=%d\n", __func__, rc); 1506 memzero_explicit(kkey, ktp.keylen); 1507 kfree(kkey); 1508 if (rc) 1509 break; 1510 if (copy_to_user(utp, &ktp, sizeof(ktp))) 1511 return -EFAULT; 1512 break; 1513 } 1514 case PKEY_GENSECK2: { 1515 struct pkey_genseck2 __user *ugs = (void __user *)arg; 1516 size_t klen = KEYBLOBBUFSIZE; 1517 struct pkey_genseck2 kgs; 1518 struct pkey_apqn *apqns; 1519 u8 *kkey; 1520 1521 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 1522 return -EFAULT; 1523 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries); 1524 if (IS_ERR(apqns)) 1525 return PTR_ERR(apqns); 1526 kkey = kzalloc(klen, GFP_KERNEL); 1527 if (!kkey) { 1528 kfree(apqns); 1529 return -ENOMEM; 1530 } 1531 rc = pkey_genseckey2(apqns, kgs.apqn_entries, 1532 kgs.type, kgs.size, kgs.keygenflags, 1533 kkey, &klen); 1534 pr_debug("%s pkey_genseckey2()=%d\n", __func__, rc); 1535 kfree(apqns); 1536 if (rc) { 1537 kfree(kkey); 1538 break; 1539 } 1540 if (kgs.key) { 1541 if (kgs.keylen < klen) { 1542 kfree(kkey); 1543 return -EINVAL; 1544 } 1545 if (copy_to_user(kgs.key, kkey, klen)) { 1546 kfree(kkey); 1547 return -EFAULT; 1548 } 1549 } 1550 kgs.keylen = klen; 1551 if (copy_to_user(ugs, &kgs, sizeof(kgs))) 1552 rc = -EFAULT; 1553 kfree(kkey); 1554 break; 1555 } 1556 case PKEY_CLR2SECK2: { 1557 struct pkey_clr2seck2 __user *ucs = (void __user *)arg; 1558 size_t klen = KEYBLOBBUFSIZE; 1559 struct pkey_clr2seck2 kcs; 1560 struct pkey_apqn *apqns; 1561 u8 *kkey; 1562 1563 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 1564 return -EFAULT; 1565 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); 1566 if (IS_ERR(apqns)) 1567 return PTR_ERR(apqns); 1568 kkey = kzalloc(klen, GFP_KERNEL); 1569 if (!kkey) { 1570 kfree(apqns); 1571 return -ENOMEM; 1572 } 1573 rc = pkey_clr2seckey2(apqns, kcs.apqn_entries, 1574 kcs.type, kcs.size, kcs.keygenflags, 1575 kcs.clrkey.clrkey, kkey, &klen); 1576 pr_debug("%s pkey_clr2seckey2()=%d\n", __func__, rc); 1577 kfree(apqns); 1578 if (rc) { 1579 kfree(kkey); 1580 break; 1581 } 1582 if (kcs.key) { 1583 if (kcs.keylen < klen) { 1584 kfree(kkey); 1585 return -EINVAL; 1586 } 1587 if (copy_to_user(kcs.key, kkey, klen)) { 1588 kfree(kkey); 1589 return -EFAULT; 1590 } 1591 } 1592 kcs.keylen = klen; 1593 if (copy_to_user(ucs, &kcs, sizeof(kcs))) 1594 rc = -EFAULT; 1595 memzero_explicit(&kcs, sizeof(kcs)); 1596 kfree(kkey); 1597 break; 1598 } 1599 case PKEY_VERIFYKEY2: { 1600 struct pkey_verifykey2 __user *uvk = (void __user *)arg; 1601 struct pkey_verifykey2 kvk; 1602 u8 *kkey; 1603 1604 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 1605 return -EFAULT; 1606 kkey = _copy_key_from_user(kvk.key, kvk.keylen); 1607 if (IS_ERR(kkey)) 1608 return PTR_ERR(kkey); 1609 rc = pkey_verifykey2(kkey, kvk.keylen, 1610 &kvk.cardnr, &kvk.domain, 1611 &kvk.type, &kvk.size, &kvk.flags); 1612 pr_debug("%s pkey_verifykey2()=%d\n", __func__, rc); 1613 kfree(kkey); 1614 if (rc) 1615 break; 1616 if (copy_to_user(uvk, &kvk, sizeof(kvk))) 1617 return -EFAULT; 1618 break; 1619 } 1620 case PKEY_KBLOB2PROTK2: { 1621 struct pkey_kblob2pkey2 __user *utp = (void __user *)arg; 1622 struct pkey_apqn *apqns = NULL; 1623 struct pkey_kblob2pkey2 ktp; 1624 u8 *kkey; 1625 1626 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1627 return -EFAULT; 1628 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries); 1629 if (IS_ERR(apqns)) 1630 return PTR_ERR(apqns); 1631 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1632 if (IS_ERR(kkey)) { 1633 kfree(apqns); 1634 return PTR_ERR(kkey); 1635 } 1636 ktp.protkey.len = sizeof(ktp.protkey.protkey); 1637 rc = pkey_keyblob2pkey2(apqns, ktp.apqn_entries, 1638 kkey, ktp.keylen, 1639 ktp.protkey.protkey, &ktp.protkey.len, 1640 &ktp.protkey.type); 1641 pr_debug("%s pkey_keyblob2pkey2()=%d\n", __func__, rc); 1642 kfree(apqns); 1643 memzero_explicit(kkey, ktp.keylen); 1644 kfree(kkey); 1645 if (rc) 1646 break; 1647 if (copy_to_user(utp, &ktp, sizeof(ktp))) 1648 return -EFAULT; 1649 break; 1650 } 1651 case PKEY_APQNS4K: { 1652 struct pkey_apqns4key __user *uak = (void __user *)arg; 1653 struct pkey_apqn *apqns = NULL; 1654 struct pkey_apqns4key kak; 1655 size_t nr_apqns, len; 1656 u8 *kkey; 1657 1658 if (copy_from_user(&kak, uak, sizeof(kak))) 1659 return -EFAULT; 1660 nr_apqns = kak.apqn_entries; 1661 if (nr_apqns) { 1662 apqns = kmalloc_array(nr_apqns, 1663 sizeof(struct pkey_apqn), 1664 GFP_KERNEL); 1665 if (!apqns) 1666 return -ENOMEM; 1667 } 1668 kkey = _copy_key_from_user(kak.key, kak.keylen); 1669 if (IS_ERR(kkey)) { 1670 kfree(apqns); 1671 return PTR_ERR(kkey); 1672 } 1673 rc = pkey_apqns4key(kkey, kak.keylen, kak.flags, 1674 apqns, &nr_apqns); 1675 pr_debug("%s pkey_apqns4key()=%d\n", __func__, rc); 1676 kfree(kkey); 1677 if (rc && rc != -ENOSPC) { 1678 kfree(apqns); 1679 break; 1680 } 1681 if (!rc && kak.apqns) { 1682 if (nr_apqns > kak.apqn_entries) { 1683 kfree(apqns); 1684 return -EINVAL; 1685 } 1686 len = nr_apqns * sizeof(struct pkey_apqn); 1687 if (len) { 1688 if (copy_to_user(kak.apqns, apqns, len)) { 1689 kfree(apqns); 1690 return -EFAULT; 1691 } 1692 } 1693 } 1694 kak.apqn_entries = nr_apqns; 1695 if (copy_to_user(uak, &kak, sizeof(kak))) 1696 rc = -EFAULT; 1697 kfree(apqns); 1698 break; 1699 } 1700 case PKEY_APQNS4KT: { 1701 struct pkey_apqns4keytype __user *uat = (void __user *)arg; 1702 struct pkey_apqn *apqns = NULL; 1703 struct pkey_apqns4keytype kat; 1704 size_t nr_apqns, len; 1705 1706 if (copy_from_user(&kat, uat, sizeof(kat))) 1707 return -EFAULT; 1708 nr_apqns = kat.apqn_entries; 1709 if (nr_apqns) { 1710 apqns = kmalloc_array(nr_apqns, 1711 sizeof(struct pkey_apqn), 1712 GFP_KERNEL); 1713 if (!apqns) 1714 return -ENOMEM; 1715 } 1716 rc = pkey_apqns4keytype(kat.type, kat.cur_mkvp, kat.alt_mkvp, 1717 kat.flags, apqns, &nr_apqns); 1718 pr_debug("%s pkey_apqns4keytype()=%d\n", __func__, rc); 1719 if (rc && rc != -ENOSPC) { 1720 kfree(apqns); 1721 break; 1722 } 1723 if (!rc && kat.apqns) { 1724 if (nr_apqns > kat.apqn_entries) { 1725 kfree(apqns); 1726 return -EINVAL; 1727 } 1728 len = nr_apqns * sizeof(struct pkey_apqn); 1729 if (len) { 1730 if (copy_to_user(kat.apqns, apqns, len)) { 1731 kfree(apqns); 1732 return -EFAULT; 1733 } 1734 } 1735 } 1736 kat.apqn_entries = nr_apqns; 1737 if (copy_to_user(uat, &kat, sizeof(kat))) 1738 rc = -EFAULT; 1739 kfree(apqns); 1740 break; 1741 } 1742 case PKEY_KBLOB2PROTK3: { 1743 struct pkey_kblob2pkey3 __user *utp = (void __user *)arg; 1744 u32 protkeylen = PROTKEYBLOBBUFSIZE; 1745 struct pkey_apqn *apqns = NULL; 1746 struct pkey_kblob2pkey3 ktp; 1747 u8 *kkey, *protkey; 1748 1749 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1750 return -EFAULT; 1751 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries); 1752 if (IS_ERR(apqns)) 1753 return PTR_ERR(apqns); 1754 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1755 if (IS_ERR(kkey)) { 1756 kfree(apqns); 1757 return PTR_ERR(kkey); 1758 } 1759 protkey = kmalloc(protkeylen, GFP_KERNEL); 1760 if (!protkey) { 1761 kfree(apqns); 1762 kfree(kkey); 1763 return -ENOMEM; 1764 } 1765 rc = pkey_keyblob2pkey3(apqns, ktp.apqn_entries, 1766 kkey, ktp.keylen, 1767 protkey, &protkeylen, &ktp.pkeytype); 1768 pr_debug("%s pkey_keyblob2pkey3()=%d\n", __func__, rc); 1769 kfree(apqns); 1770 memzero_explicit(kkey, ktp.keylen); 1771 kfree(kkey); 1772 if (rc) { 1773 kfree(protkey); 1774 break; 1775 } 1776 if (ktp.pkey && ktp.pkeylen) { 1777 if (protkeylen > ktp.pkeylen) { 1778 kfree(protkey); 1779 return -EINVAL; 1780 } 1781 if (copy_to_user(ktp.pkey, protkey, protkeylen)) { 1782 kfree(protkey); 1783 return -EFAULT; 1784 } 1785 } 1786 kfree(protkey); 1787 ktp.pkeylen = protkeylen; 1788 if (copy_to_user(utp, &ktp, sizeof(ktp))) 1789 return -EFAULT; 1790 break; 1791 } 1792 default: 1793 /* unknown/unsupported ioctl cmd */ 1794 return -ENOTTY; 1795 } 1796 1797 return rc; 1798 } 1799 1800 /* 1801 * Sysfs and file io operations 1802 */ 1803 1804 /* 1805 * Sysfs attribute read function for all protected key binary attributes. 1806 * The implementation can not deal with partial reads, because a new random 1807 * protected key blob is generated with each read. In case of partial reads 1808 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 1809 */ 1810 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf, 1811 loff_t off, size_t count) 1812 { 1813 struct protaeskeytoken protkeytoken; 1814 struct pkey_protkey protkey; 1815 int rc; 1816 1817 if (off != 0 || count < sizeof(protkeytoken)) 1818 return -EINVAL; 1819 if (is_xts) 1820 if (count < 2 * sizeof(protkeytoken)) 1821 return -EINVAL; 1822 1823 memset(&protkeytoken, 0, sizeof(protkeytoken)); 1824 protkeytoken.type = TOKTYPE_NON_CCA; 1825 protkeytoken.version = TOKVER_PROTECTED_KEY; 1826 protkeytoken.keytype = keytype; 1827 1828 protkey.len = sizeof(protkey.protkey); 1829 rc = pkey_genprotkey(protkeytoken.keytype, 1830 protkey.protkey, &protkey.len, &protkey.type); 1831 if (rc) 1832 return rc; 1833 1834 protkeytoken.len = protkey.len; 1835 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len); 1836 1837 memcpy(buf, &protkeytoken, sizeof(protkeytoken)); 1838 1839 if (is_xts) { 1840 /* xts needs a second protected key, reuse protkey struct */ 1841 protkey.len = sizeof(protkey.protkey); 1842 rc = pkey_genprotkey(protkeytoken.keytype, 1843 protkey.protkey, &protkey.len, &protkey.type); 1844 if (rc) 1845 return rc; 1846 1847 protkeytoken.len = protkey.len; 1848 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len); 1849 1850 memcpy(buf + sizeof(protkeytoken), &protkeytoken, 1851 sizeof(protkeytoken)); 1852 1853 return 2 * sizeof(protkeytoken); 1854 } 1855 1856 return sizeof(protkeytoken); 1857 } 1858 1859 static ssize_t protkey_aes_128_read(struct file *filp, 1860 struct kobject *kobj, 1861 struct bin_attribute *attr, 1862 char *buf, loff_t off, 1863 size_t count) 1864 { 1865 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf, 1866 off, count); 1867 } 1868 1869 static ssize_t protkey_aes_192_read(struct file *filp, 1870 struct kobject *kobj, 1871 struct bin_attribute *attr, 1872 char *buf, loff_t off, 1873 size_t count) 1874 { 1875 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf, 1876 off, count); 1877 } 1878 1879 static ssize_t protkey_aes_256_read(struct file *filp, 1880 struct kobject *kobj, 1881 struct bin_attribute *attr, 1882 char *buf, loff_t off, 1883 size_t count) 1884 { 1885 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf, 1886 off, count); 1887 } 1888 1889 static ssize_t protkey_aes_128_xts_read(struct file *filp, 1890 struct kobject *kobj, 1891 struct bin_attribute *attr, 1892 char *buf, loff_t off, 1893 size_t count) 1894 { 1895 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf, 1896 off, count); 1897 } 1898 1899 static ssize_t protkey_aes_256_xts_read(struct file *filp, 1900 struct kobject *kobj, 1901 struct bin_attribute *attr, 1902 char *buf, loff_t off, 1903 size_t count) 1904 { 1905 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf, 1906 off, count); 1907 } 1908 1909 static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken)); 1910 static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken)); 1911 static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken)); 1912 static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken)); 1913 static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken)); 1914 1915 static struct bin_attribute *protkey_attrs[] = { 1916 &bin_attr_protkey_aes_128, 1917 &bin_attr_protkey_aes_192, 1918 &bin_attr_protkey_aes_256, 1919 &bin_attr_protkey_aes_128_xts, 1920 &bin_attr_protkey_aes_256_xts, 1921 NULL 1922 }; 1923 1924 static struct attribute_group protkey_attr_group = { 1925 .name = "protkey", 1926 .bin_attrs = protkey_attrs, 1927 }; 1928 1929 /* 1930 * Sysfs attribute read function for all secure key ccadata binary attributes. 1931 * The implementation can not deal with partial reads, because a new random 1932 * protected key blob is generated with each read. In case of partial reads 1933 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 1934 */ 1935 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf, 1936 loff_t off, size_t count) 1937 { 1938 struct pkey_seckey *seckey = (struct pkey_seckey *)buf; 1939 int rc; 1940 1941 if (off != 0 || count < sizeof(struct secaeskeytoken)) 1942 return -EINVAL; 1943 if (is_xts) 1944 if (count < 2 * sizeof(struct secaeskeytoken)) 1945 return -EINVAL; 1946 1947 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); 1948 if (rc) 1949 return rc; 1950 1951 if (is_xts) { 1952 seckey++; 1953 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); 1954 if (rc) 1955 return rc; 1956 1957 return 2 * sizeof(struct secaeskeytoken); 1958 } 1959 1960 return sizeof(struct secaeskeytoken); 1961 } 1962 1963 static ssize_t ccadata_aes_128_read(struct file *filp, 1964 struct kobject *kobj, 1965 struct bin_attribute *attr, 1966 char *buf, loff_t off, 1967 size_t count) 1968 { 1969 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf, 1970 off, count); 1971 } 1972 1973 static ssize_t ccadata_aes_192_read(struct file *filp, 1974 struct kobject *kobj, 1975 struct bin_attribute *attr, 1976 char *buf, loff_t off, 1977 size_t count) 1978 { 1979 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf, 1980 off, count); 1981 } 1982 1983 static ssize_t ccadata_aes_256_read(struct file *filp, 1984 struct kobject *kobj, 1985 struct bin_attribute *attr, 1986 char *buf, loff_t off, 1987 size_t count) 1988 { 1989 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf, 1990 off, count); 1991 } 1992 1993 static ssize_t ccadata_aes_128_xts_read(struct file *filp, 1994 struct kobject *kobj, 1995 struct bin_attribute *attr, 1996 char *buf, loff_t off, 1997 size_t count) 1998 { 1999 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf, 2000 off, count); 2001 } 2002 2003 static ssize_t ccadata_aes_256_xts_read(struct file *filp, 2004 struct kobject *kobj, 2005 struct bin_attribute *attr, 2006 char *buf, loff_t off, 2007 size_t count) 2008 { 2009 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf, 2010 off, count); 2011 } 2012 2013 static BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken)); 2014 static BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken)); 2015 static BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken)); 2016 static BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken)); 2017 static BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken)); 2018 2019 static struct bin_attribute *ccadata_attrs[] = { 2020 &bin_attr_ccadata_aes_128, 2021 &bin_attr_ccadata_aes_192, 2022 &bin_attr_ccadata_aes_256, 2023 &bin_attr_ccadata_aes_128_xts, 2024 &bin_attr_ccadata_aes_256_xts, 2025 NULL 2026 }; 2027 2028 static struct attribute_group ccadata_attr_group = { 2029 .name = "ccadata", 2030 .bin_attrs = ccadata_attrs, 2031 }; 2032 2033 #define CCACIPHERTOKENSIZE (sizeof(struct cipherkeytoken) + 80) 2034 2035 /* 2036 * Sysfs attribute read function for all secure key ccacipher binary attributes. 2037 * The implementation can not deal with partial reads, because a new random 2038 * secure key blob is generated with each read. In case of partial reads 2039 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 2040 */ 2041 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits, 2042 bool is_xts, char *buf, loff_t off, 2043 size_t count) 2044 { 2045 size_t keysize = CCACIPHERTOKENSIZE; 2046 u32 nr_apqns, *apqns = NULL; 2047 int i, rc, card, dom; 2048 2049 if (off != 0 || count < CCACIPHERTOKENSIZE) 2050 return -EINVAL; 2051 if (is_xts) 2052 if (count < 2 * CCACIPHERTOKENSIZE) 2053 return -EINVAL; 2054 2055 /* build a list of apqns able to generate an cipher key */ 2056 rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 2057 ZCRYPT_CEX6, 0, 0, 0, 0); 2058 if (rc) 2059 return rc; 2060 2061 memset(buf, 0, is_xts ? 2 * keysize : keysize); 2062 2063 /* simple try all apqns from the list */ 2064 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 2065 card = apqns[i] >> 16; 2066 dom = apqns[i] & 0xFFFF; 2067 rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize); 2068 if (rc == 0) 2069 break; 2070 } 2071 if (rc) 2072 return rc; 2073 2074 if (is_xts) { 2075 keysize = CCACIPHERTOKENSIZE; 2076 buf += CCACIPHERTOKENSIZE; 2077 rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize); 2078 if (rc == 0) 2079 return 2 * CCACIPHERTOKENSIZE; 2080 } 2081 2082 return CCACIPHERTOKENSIZE; 2083 } 2084 2085 static ssize_t ccacipher_aes_128_read(struct file *filp, 2086 struct kobject *kobj, 2087 struct bin_attribute *attr, 2088 char *buf, loff_t off, 2089 size_t count) 2090 { 2091 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf, 2092 off, count); 2093 } 2094 2095 static ssize_t ccacipher_aes_192_read(struct file *filp, 2096 struct kobject *kobj, 2097 struct bin_attribute *attr, 2098 char *buf, loff_t off, 2099 size_t count) 2100 { 2101 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf, 2102 off, count); 2103 } 2104 2105 static ssize_t ccacipher_aes_256_read(struct file *filp, 2106 struct kobject *kobj, 2107 struct bin_attribute *attr, 2108 char *buf, loff_t off, 2109 size_t count) 2110 { 2111 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf, 2112 off, count); 2113 } 2114 2115 static ssize_t ccacipher_aes_128_xts_read(struct file *filp, 2116 struct kobject *kobj, 2117 struct bin_attribute *attr, 2118 char *buf, loff_t off, 2119 size_t count) 2120 { 2121 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf, 2122 off, count); 2123 } 2124 2125 static ssize_t ccacipher_aes_256_xts_read(struct file *filp, 2126 struct kobject *kobj, 2127 struct bin_attribute *attr, 2128 char *buf, loff_t off, 2129 size_t count) 2130 { 2131 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf, 2132 off, count); 2133 } 2134 2135 static BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE); 2136 static BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE); 2137 static BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE); 2138 static BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE); 2139 static BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE); 2140 2141 static struct bin_attribute *ccacipher_attrs[] = { 2142 &bin_attr_ccacipher_aes_128, 2143 &bin_attr_ccacipher_aes_192, 2144 &bin_attr_ccacipher_aes_256, 2145 &bin_attr_ccacipher_aes_128_xts, 2146 &bin_attr_ccacipher_aes_256_xts, 2147 NULL 2148 }; 2149 2150 static struct attribute_group ccacipher_attr_group = { 2151 .name = "ccacipher", 2152 .bin_attrs = ccacipher_attrs, 2153 }; 2154 2155 /* 2156 * Sysfs attribute read function for all ep11 aes key binary attributes. 2157 * The implementation can not deal with partial reads, because a new random 2158 * secure key blob is generated with each read. In case of partial reads 2159 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 2160 * This function and the sysfs attributes using it provide EP11 key blobs 2161 * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently 2162 * 336 bytes. 2163 */ 2164 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits, 2165 bool is_xts, char *buf, loff_t off, 2166 size_t count) 2167 { 2168 size_t keysize = MAXEP11AESKEYBLOBSIZE; 2169 u32 nr_apqns, *apqns = NULL; 2170 int i, rc, card, dom; 2171 2172 if (off != 0 || count < MAXEP11AESKEYBLOBSIZE) 2173 return -EINVAL; 2174 if (is_xts) 2175 if (count < 2 * MAXEP11AESKEYBLOBSIZE) 2176 return -EINVAL; 2177 2178 /* build a list of apqns able to generate an cipher key */ 2179 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 2180 ZCRYPT_CEX7, 2181 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 2182 NULL); 2183 if (rc) 2184 return rc; 2185 2186 memset(buf, 0, is_xts ? 2 * keysize : keysize); 2187 2188 /* simple try all apqns from the list */ 2189 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 2190 card = apqns[i] >> 16; 2191 dom = apqns[i] & 0xFFFF; 2192 rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize, 2193 PKEY_TYPE_EP11_AES); 2194 if (rc == 0) 2195 break; 2196 } 2197 if (rc) 2198 return rc; 2199 2200 if (is_xts) { 2201 keysize = MAXEP11AESKEYBLOBSIZE; 2202 buf += MAXEP11AESKEYBLOBSIZE; 2203 rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize, 2204 PKEY_TYPE_EP11_AES); 2205 if (rc == 0) 2206 return 2 * MAXEP11AESKEYBLOBSIZE; 2207 } 2208 2209 return MAXEP11AESKEYBLOBSIZE; 2210 } 2211 2212 static ssize_t ep11_aes_128_read(struct file *filp, 2213 struct kobject *kobj, 2214 struct bin_attribute *attr, 2215 char *buf, loff_t off, 2216 size_t count) 2217 { 2218 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf, 2219 off, count); 2220 } 2221 2222 static ssize_t ep11_aes_192_read(struct file *filp, 2223 struct kobject *kobj, 2224 struct bin_attribute *attr, 2225 char *buf, loff_t off, 2226 size_t count) 2227 { 2228 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf, 2229 off, count); 2230 } 2231 2232 static ssize_t ep11_aes_256_read(struct file *filp, 2233 struct kobject *kobj, 2234 struct bin_attribute *attr, 2235 char *buf, loff_t off, 2236 size_t count) 2237 { 2238 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf, 2239 off, count); 2240 } 2241 2242 static ssize_t ep11_aes_128_xts_read(struct file *filp, 2243 struct kobject *kobj, 2244 struct bin_attribute *attr, 2245 char *buf, loff_t off, 2246 size_t count) 2247 { 2248 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf, 2249 off, count); 2250 } 2251 2252 static ssize_t ep11_aes_256_xts_read(struct file *filp, 2253 struct kobject *kobj, 2254 struct bin_attribute *attr, 2255 char *buf, loff_t off, 2256 size_t count) 2257 { 2258 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf, 2259 off, count); 2260 } 2261 2262 static BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE); 2263 static BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE); 2264 static BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE); 2265 static BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE); 2266 static BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE); 2267 2268 static struct bin_attribute *ep11_attrs[] = { 2269 &bin_attr_ep11_aes_128, 2270 &bin_attr_ep11_aes_192, 2271 &bin_attr_ep11_aes_256, 2272 &bin_attr_ep11_aes_128_xts, 2273 &bin_attr_ep11_aes_256_xts, 2274 NULL 2275 }; 2276 2277 static struct attribute_group ep11_attr_group = { 2278 .name = "ep11", 2279 .bin_attrs = ep11_attrs, 2280 }; 2281 2282 static const struct attribute_group *pkey_attr_groups[] = { 2283 &protkey_attr_group, 2284 &ccadata_attr_group, 2285 &ccacipher_attr_group, 2286 &ep11_attr_group, 2287 NULL, 2288 }; 2289 2290 static const struct file_operations pkey_fops = { 2291 .owner = THIS_MODULE, 2292 .open = nonseekable_open, 2293 .llseek = no_llseek, 2294 .unlocked_ioctl = pkey_unlocked_ioctl, 2295 }; 2296 2297 static struct miscdevice pkey_dev = { 2298 .name = "pkey", 2299 .minor = MISC_DYNAMIC_MINOR, 2300 .mode = 0666, 2301 .fops = &pkey_fops, 2302 .groups = pkey_attr_groups, 2303 }; 2304 2305 /* 2306 * Module init 2307 */ 2308 static int __init pkey_init(void) 2309 { 2310 cpacf_mask_t func_mask; 2311 2312 /* 2313 * The pckmo instruction should be available - even if we don't 2314 * actually invoke it. This instruction comes with MSA 3 which 2315 * is also the minimum level for the kmc instructions which 2316 * are able to work with protected keys. 2317 */ 2318 if (!cpacf_query(CPACF_PCKMO, &func_mask)) 2319 return -ENODEV; 2320 2321 /* check for kmc instructions available */ 2322 if (!cpacf_query(CPACF_KMC, &func_mask)) 2323 return -ENODEV; 2324 if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) || 2325 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) || 2326 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256)) 2327 return -ENODEV; 2328 2329 pkey_debug_init(); 2330 2331 return misc_register(&pkey_dev); 2332 } 2333 2334 /* 2335 * Module exit 2336 */ 2337 static void __exit pkey_exit(void) 2338 { 2339 misc_deregister(&pkey_dev); 2340 pkey_debug_exit(); 2341 } 2342 2343 module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init); 2344 module_exit(pkey_exit); 2345