xref: /linux/drivers/s390/crypto/pkey_base.h (revision 55d0969c451159cff86949b38c39171cab962069) 
1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  * Copyright IBM Corp. 2024
4  *
5  * Pkey base: debug feature, defines and structs
6  * common to all pkey code.
7  */
8 
9 #ifndef _PKEY_BASE_H_
10 #define _PKEY_BASE_H_
11 
12 #include <linux/types.h>
13 #include <asm/debug.h>
14 #include <asm/pkey.h>
15 
16 /*
17  * pkey debug feature
18  */
19 
20 extern debug_info_t *pkey_dbf_info;
21 
22 #define PKEY_DBF_INFO(...) debug_sprintf_event(pkey_dbf_info, 5, ##__VA_ARGS__)
23 #define PKEY_DBF_WARN(...) debug_sprintf_event(pkey_dbf_info, 4, ##__VA_ARGS__)
24 #define PKEY_DBF_ERR(...)  debug_sprintf_event(pkey_dbf_info, 3, ##__VA_ARGS__)
25 
26 /*
27  * common defines and common structs
28  */
29 
30 #define KEYBLOBBUFSIZE 8192	/* key buffer size used for internal processing */
31 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header))
32 #define PROTKEYBLOBBUFSIZE 256	/* protected key buffer size used internal */
33 #define MAXAPQNSINLIST 64	/* max 64 apqns within a apqn list */
34 #define AES_WK_VP_SIZE 32	/* Size of WK VP block appended to a prot key */
35 
36 /* inside view of a generic protected key token */
37 struct protkeytoken {
38 	u8  type;     /* 0x00 for PAES specific key tokens */
39 	u8  res0[3];
40 	u8  version;  /* should be 0x01 for protected key token */
41 	u8  res1[3];
42 	u32 keytype;  /* key type, one of the PKEY_KEYTYPE values */
43 	u32 len;      /* bytes actually stored in protkey[] */
44 	u8  protkey[]; /* the protected key blob */
45 } __packed;
46 
47 /* inside view of a protected AES key token */
48 struct protaeskeytoken {
49 	u8  type;     /* 0x00 for PAES specific key tokens */
50 	u8  res0[3];
51 	u8  version;  /* should be 0x01 for protected key token */
52 	u8  res1[3];
53 	u32 keytype;  /* key type, one of the PKEY_KEYTYPE values */
54 	u32 len;      /* bytes actually stored in protkey[] */
55 	u8  protkey[MAXPROTKEYSIZE]; /* the protected key blob */
56 } __packed;
57 
58 /* inside view of a clear key token (type 0x00 version 0x02) */
59 struct clearkeytoken {
60 	u8  type;	/* 0x00 for PAES specific key tokens */
61 	u8  res0[3];
62 	u8  version;	/* 0x02 for clear key token */
63 	u8  res1[3];
64 	u32 keytype;	/* key type, one of the PKEY_KEYTYPE_* values */
65 	u32 len;	/* bytes actually stored in clearkey[] */
66 	u8  clearkey[]; /* clear key value */
67 } __packed;
68 
69 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */
70 static inline u32 pkey_keytype_aes_to_size(u32 keytype)
71 {
72 	switch (keytype) {
73 	case PKEY_KEYTYPE_AES_128:
74 		return 16;
75 	case PKEY_KEYTYPE_AES_192:
76 		return 24;
77 	case PKEY_KEYTYPE_AES_256:
78 		return 32;
79 	default:
80 		return 0;
81 	}
82 }
83 
84 /* helper function which translates AES key bit size into PKEY_KEYTYPE_AES_* */
85 static inline u32 pkey_aes_bitsize_to_keytype(u32 keybitsize)
86 {
87 	switch (keybitsize) {
88 	case 128:
89 		return PKEY_KEYTYPE_AES_128;
90 	case 192:
91 		return PKEY_KEYTYPE_AES_192;
92 	case 256:
93 		return PKEY_KEYTYPE_AES_256;
94 	default:
95 		return 0;
96 	}
97 }
98 
99 /*
100  * pkey_api.c:
101  */
102 int __init pkey_api_init(void);
103 void __exit pkey_api_exit(void);
104 
105 /*
106  * pkey_sysfs.c:
107  */
108 
109 extern const struct attribute_group *pkey_attr_groups[];
110 
111 /*
112  * pkey handler registry
113  */
114 
115 struct pkey_handler {
116 	struct module *module;
117 	const char *name;
118 	/*
119 	 * is_supported_key() and is_supported_keytype() are called
120 	 * within an rcu_read_lock() scope and thus must not sleep!
121 	 */
122 	bool (*is_supported_key)(const u8 *key, u32 keylen);
123 	bool (*is_supported_keytype)(enum pkey_key_type);
124 	int (*key_to_protkey)(const struct pkey_apqn *apqns, size_t nr_apqns,
125 			      const u8 *key, u32 keylen,
126 			      u8 *protkey, u32 *protkeylen, u32 *protkeytype);
127 	int (*slowpath_key_to_protkey)(const struct pkey_apqn *apqns,
128 				       size_t nr_apqns,
129 				       const u8 *key, u32 keylen,
130 				       u8 *protkey, u32 *protkeylen,
131 				       u32 *protkeytype);
132 	int (*gen_key)(const struct pkey_apqn *apqns, size_t nr_apqns,
133 		       u32 keytype, u32 keysubtype,
134 		       u32 keybitsize, u32 flags,
135 		       u8 *keybuf, u32 *keybuflen, u32 *keyinfo);
136 	int (*clr_to_key)(const struct pkey_apqn *apqns, size_t nr_apqns,
137 			  u32 keytype, u32 keysubtype,
138 			  u32 keybitsize, u32 flags,
139 			  const u8 *clrkey, u32 clrkeylen,
140 			  u8 *keybuf, u32 *keybuflen, u32 *keyinfo);
141 	int (*verify_key)(const u8 *key, u32 keylen,
142 			  u16 *card, u16 *dom,
143 			  u32 *keytype, u32 *keybitsize, u32 *flags);
144 	int (*apqns_for_key)(const u8 *key, u32 keylen, u32 flags,
145 			     struct pkey_apqn *apqns, size_t *nr_apqns);
146 	int (*apqns_for_keytype)(enum pkey_key_type ktype,
147 				 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
148 				 struct pkey_apqn *apqns, size_t *nr_apqns);
149 	/* used internal by pkey base */
150 	struct list_head list;
151 };
152 
153 int pkey_handler_register(struct pkey_handler *handler);
154 int pkey_handler_unregister(struct pkey_handler *handler);
155 
156 /*
157  * invocation function for the registered pkey handlers
158  */
159 
160 const struct pkey_handler *pkey_handler_get_keybased(const u8 *key, u32 keylen);
161 const struct pkey_handler *pkey_handler_get_keytypebased(enum pkey_key_type kt);
162 void pkey_handler_put(const struct pkey_handler *handler);
163 
164 int pkey_handler_key_to_protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
165 				const u8 *key, u32 keylen,
166 				u8 *protkey, u32 *protkeylen, u32 *protkeytype);
167 int pkey_handler_slowpath_key_to_protkey(const struct pkey_apqn *apqns,
168 					 size_t nr_apqns,
169 					 const u8 *key, u32 keylen,
170 					 u8 *protkey, u32 *protkeylen,
171 					 u32 *protkeytype);
172 int pkey_handler_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns,
173 			 u32 keytype, u32 keysubtype,
174 			 u32 keybitsize, u32 flags,
175 			 u8 *keybuf, u32 *keybuflen, u32 *keyinfo);
176 int pkey_handler_clr_to_key(const struct pkey_apqn *apqns, size_t nr_apqns,
177 			    u32 keytype, u32 keysubtype,
178 			    u32 keybitsize, u32 flags,
179 			    const u8 *clrkey, u32 clrkeylen,
180 			    u8 *keybuf, u32 *keybuflen, u32 *keyinfo);
181 int pkey_handler_verify_key(const u8 *key, u32 keylen,
182 			    u16 *card, u16 *dom,
183 			    u32 *keytype, u32 *keybitsize, u32 *flags);
184 int pkey_handler_apqns_for_key(const u8 *key, u32 keylen, u32 flags,
185 			       struct pkey_apqn *apqns, size_t *nr_apqns);
186 int pkey_handler_apqns_for_keytype(enum pkey_key_type ktype,
187 				   u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
188 				   struct pkey_apqn *apqns, size_t *nr_apqns);
189 
190 /*
191  * Unconditional try to load all handler modules
192  */
193 void pkey_handler_request_modules(void);
194 
195 #endif /* _PKEY_BASE_H_ */
196