1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * Copyright IBM Corp. 2024 4 * 5 * Pkey base: debug feature, defines and structs 6 * common to all pkey code. 7 */ 8 9 #ifndef _PKEY_BASE_H_ 10 #define _PKEY_BASE_H_ 11 12 #include <linux/types.h> 13 #include <asm/debug.h> 14 #include <asm/pkey.h> 15 16 /* 17 * pkey debug feature 18 */ 19 20 extern debug_info_t *pkey_dbf_info; 21 22 #define PKEY_DBF_INFO(...) debug_sprintf_event(pkey_dbf_info, 5, ##__VA_ARGS__) 23 #define PKEY_DBF_WARN(...) debug_sprintf_event(pkey_dbf_info, 4, ##__VA_ARGS__) 24 #define PKEY_DBF_ERR(...) debug_sprintf_event(pkey_dbf_info, 3, ##__VA_ARGS__) 25 26 /* 27 * common defines and common structs 28 */ 29 30 #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */ 31 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header)) 32 #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */ 33 #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */ 34 #define AES_WK_VP_SIZE 32 /* Size of WK VP block appended to a prot key */ 35 36 /* inside view of a protected key token (only type 0x00 version 0x01) */ 37 struct protaeskeytoken { 38 u8 type; /* 0x00 for PAES specific key tokens */ 39 u8 res0[3]; 40 u8 version; /* should be 0x01 for protected AES key token */ 41 u8 res1[3]; 42 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */ 43 u32 len; /* bytes actually stored in protkey[] */ 44 u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */ 45 } __packed; 46 47 /* inside view of a clear key token (type 0x00 version 0x02) */ 48 struct clearkeytoken { 49 u8 type; /* 0x00 for PAES specific key tokens */ 50 u8 res0[3]; 51 u8 version; /* 0x02 for clear key token */ 52 u8 res1[3]; 53 u32 keytype; /* key type, one of the PKEY_KEYTYPE_* values */ 54 u32 len; /* bytes actually stored in clearkey[] */ 55 u8 clearkey[]; /* clear key value */ 56 } __packed; 57 58 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */ 59 static inline u32 pkey_keytype_aes_to_size(u32 keytype) 60 { 61 switch (keytype) { 62 case PKEY_KEYTYPE_AES_128: 63 return 16; 64 case PKEY_KEYTYPE_AES_192: 65 return 24; 66 case PKEY_KEYTYPE_AES_256: 67 return 32; 68 default: 69 return 0; 70 } 71 } 72 73 /* helper function which translates AES key bit size into PKEY_KEYTYPE_AES_* */ 74 static inline u32 pkey_aes_bitsize_to_keytype(u32 keybitsize) 75 { 76 switch (keybitsize) { 77 case 128: 78 return PKEY_KEYTYPE_AES_128; 79 case 192: 80 return PKEY_KEYTYPE_AES_192; 81 case 256: 82 return PKEY_KEYTYPE_AES_256; 83 default: 84 return 0; 85 } 86 } 87 88 /* 89 * pkey_api.c: 90 */ 91 int __init pkey_api_init(void); 92 void __exit pkey_api_exit(void); 93 94 /* 95 * pkey_sysfs.c: 96 */ 97 98 extern const struct attribute_group *pkey_attr_groups[]; 99 100 /* 101 * pkey handler registry 102 */ 103 104 struct pkey_handler { 105 struct module *module; 106 const char *name; 107 /* 108 * is_supported_key() and is_supported_keytype() are called 109 * within an rcu_read_lock() scope and thus must not sleep! 110 */ 111 bool (*is_supported_key)(const u8 *key, u32 keylen); 112 bool (*is_supported_keytype)(enum pkey_key_type); 113 int (*key_to_protkey)(const struct pkey_apqn *apqns, size_t nr_apqns, 114 const u8 *key, u32 keylen, 115 u8 *protkey, u32 *protkeylen, u32 *protkeytype); 116 int (*slowpath_key_to_protkey)(const struct pkey_apqn *apqns, 117 size_t nr_apqns, 118 const u8 *key, u32 keylen, 119 u8 *protkey, u32 *protkeylen, 120 u32 *protkeytype); 121 int (*gen_key)(const struct pkey_apqn *apqns, size_t nr_apqns, 122 u32 keytype, u32 keysubtype, 123 u32 keybitsize, u32 flags, 124 u8 *keybuf, u32 *keybuflen, u32 *keyinfo); 125 int (*clr_to_key)(const struct pkey_apqn *apqns, size_t nr_apqns, 126 u32 keytype, u32 keysubtype, 127 u32 keybitsize, u32 flags, 128 const u8 *clrkey, u32 clrkeylen, 129 u8 *keybuf, u32 *keybuflen, u32 *keyinfo); 130 int (*verify_key)(const u8 *key, u32 keylen, 131 u16 *card, u16 *dom, 132 u32 *keytype, u32 *keybitsize, u32 *flags); 133 int (*apqns_for_key)(const u8 *key, u32 keylen, u32 flags, 134 struct pkey_apqn *apqns, size_t *nr_apqns); 135 int (*apqns_for_keytype)(enum pkey_key_type ktype, 136 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 137 struct pkey_apqn *apqns, size_t *nr_apqns); 138 /* used internal by pkey base */ 139 struct list_head list; 140 }; 141 142 int pkey_handler_register(struct pkey_handler *handler); 143 int pkey_handler_unregister(struct pkey_handler *handler); 144 145 /* 146 * invocation function for the registered pkey handlers 147 */ 148 149 const struct pkey_handler *pkey_handler_get_keybased(const u8 *key, u32 keylen); 150 const struct pkey_handler *pkey_handler_get_keytypebased(enum pkey_key_type kt); 151 void pkey_handler_put(const struct pkey_handler *handler); 152 153 int pkey_handler_key_to_protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 154 const u8 *key, u32 keylen, 155 u8 *protkey, u32 *protkeylen, u32 *protkeytype); 156 int pkey_handler_slowpath_key_to_protkey(const struct pkey_apqn *apqns, 157 size_t nr_apqns, 158 const u8 *key, u32 keylen, 159 u8 *protkey, u32 *protkeylen, 160 u32 *protkeytype); 161 int pkey_handler_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns, 162 u32 keytype, u32 keysubtype, 163 u32 keybitsize, u32 flags, 164 u8 *keybuf, u32 *keybuflen, u32 *keyinfo); 165 int pkey_handler_clr_to_key(const struct pkey_apqn *apqns, size_t nr_apqns, 166 u32 keytype, u32 keysubtype, 167 u32 keybitsize, u32 flags, 168 const u8 *clrkey, u32 clrkeylen, 169 u8 *keybuf, u32 *keybuflen, u32 *keyinfo); 170 int pkey_handler_verify_key(const u8 *key, u32 keylen, 171 u16 *card, u16 *dom, 172 u32 *keytype, u32 *keybitsize, u32 *flags); 173 int pkey_handler_apqns_for_key(const u8 *key, u32 keylen, u32 flags, 174 struct pkey_apqn *apqns, size_t *nr_apqns); 175 int pkey_handler_apqns_for_keytype(enum pkey_key_type ktype, 176 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 177 struct pkey_apqn *apqns, size_t *nr_apqns); 178 179 /* 180 * Unconditional try to load all handler modules 181 */ 182 void pkey_handler_request_modules(void); 183 184 #endif /* _PKEY_BASE_H_ */ 185