1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * Copyright IBM Corp. 2024 4 * 5 * Pkey base: debug feature, defines and structs 6 * common to all pkey code. 7 */ 8 9 #ifndef _PKEY_BASE_H_ 10 #define _PKEY_BASE_H_ 11 12 #include <linux/types.h> 13 #include <asm/debug.h> 14 #include <asm/pkey.h> 15 16 /* 17 * pkey debug feature 18 */ 19 20 extern debug_info_t *pkey_dbf_info; 21 22 #define PKEY_DBF_INFO(...) debug_sprintf_event(pkey_dbf_info, 5, ##__VA_ARGS__) 23 #define PKEY_DBF_WARN(...) debug_sprintf_event(pkey_dbf_info, 4, ##__VA_ARGS__) 24 #define PKEY_DBF_ERR(...) debug_sprintf_event(pkey_dbf_info, 3, ##__VA_ARGS__) 25 26 /* 27 * common defines and common structs 28 */ 29 30 #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */ 31 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header)) 32 #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */ 33 #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */ 34 #define AES_WK_VP_SIZE 32 /* Size of WK VP block appended to a prot key */ 35 36 /* inside view of a generic protected key token */ 37 struct protkeytoken { 38 u8 type; /* 0x00 for PAES specific key tokens */ 39 u8 res0[3]; 40 u8 version; /* should be 0x01 for protected key token */ 41 u8 res1[3]; 42 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */ 43 u32 len; /* bytes actually stored in protkey[] */ 44 u8 protkey[]; /* the protected key blob */ 45 } __packed; 46 47 /* inside view of a protected AES key token */ 48 struct protaeskeytoken { 49 u8 type; /* 0x00 for PAES specific key tokens */ 50 u8 res0[3]; 51 u8 version; /* should be 0x01 for protected key token */ 52 u8 res1[3]; 53 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */ 54 u32 len; /* bytes actually stored in protkey[] */ 55 u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */ 56 } __packed; 57 58 /* inside view of a clear key token (type 0x00 version 0x02) */ 59 struct clearkeytoken { 60 u8 type; /* 0x00 for PAES specific key tokens */ 61 u8 res0[3]; 62 u8 version; /* 0x02 for clear key token */ 63 u8 res1[3]; 64 u32 keytype; /* key type, one of the PKEY_KEYTYPE_* values */ 65 u32 len; /* bytes actually stored in clearkey[] */ 66 u8 clearkey[]; /* clear key value */ 67 } __packed; 68 69 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */ 70 static inline u32 pkey_keytype_aes_to_size(u32 keytype) 71 { 72 switch (keytype) { 73 case PKEY_KEYTYPE_AES_128: 74 return 16; 75 case PKEY_KEYTYPE_AES_192: 76 return 24; 77 case PKEY_KEYTYPE_AES_256: 78 return 32; 79 default: 80 return 0; 81 } 82 } 83 84 /* helper function which translates AES key bit size into PKEY_KEYTYPE_AES_* */ 85 static inline u32 pkey_aes_bitsize_to_keytype(u32 keybitsize) 86 { 87 switch (keybitsize) { 88 case 128: 89 return PKEY_KEYTYPE_AES_128; 90 case 192: 91 return PKEY_KEYTYPE_AES_192; 92 case 256: 93 return PKEY_KEYTYPE_AES_256; 94 default: 95 return 0; 96 } 97 } 98 99 /* 100 * helper function which translates the PKEY_KEYTYPE_* 101 * to the protected key size minus the WK VP length 102 */ 103 static inline u32 pkey_keytype_to_size(u32 keytype) 104 { 105 switch (keytype) { 106 case PKEY_KEYTYPE_AES_128: 107 return 16; 108 case PKEY_KEYTYPE_AES_192: 109 return 24; 110 case PKEY_KEYTYPE_AES_256: 111 return 32; 112 case PKEY_KEYTYPE_ECC_P256: 113 return 32; 114 case PKEY_KEYTYPE_ECC_P384: 115 return 48; 116 case PKEY_KEYTYPE_ECC_P521: 117 return 80; 118 case PKEY_KEYTYPE_ECC_ED25519: 119 return 32; 120 case PKEY_KEYTYPE_ECC_ED448: 121 return 54; 122 case PKEY_KEYTYPE_AES_XTS_128: 123 return 32; 124 case PKEY_KEYTYPE_AES_XTS_256: 125 return 64; 126 case PKEY_KEYTYPE_HMAC_512: 127 return 64; 128 case PKEY_KEYTYPE_HMAC_1024: 129 return 128; 130 default: 131 return 0; 132 } 133 } 134 135 /* 136 * pkey_api.c: 137 */ 138 int __init pkey_api_init(void); 139 void __exit pkey_api_exit(void); 140 141 /* 142 * pkey_sysfs.c: 143 */ 144 145 extern const struct attribute_group *pkey_attr_groups[]; 146 147 /* 148 * pkey handler registry 149 */ 150 151 struct pkey_handler { 152 struct module *module; 153 const char *name; 154 /* 155 * is_supported_key() and is_supported_keytype() are called 156 * within an rcu_read_lock() scope and thus must not sleep! 157 */ 158 bool (*is_supported_key)(const u8 *key, u32 keylen); 159 bool (*is_supported_keytype)(enum pkey_key_type); 160 int (*key_to_protkey)(const struct pkey_apqn *apqns, size_t nr_apqns, 161 const u8 *key, u32 keylen, 162 u8 *protkey, u32 *protkeylen, u32 *protkeytype); 163 int (*slowpath_key_to_protkey)(const struct pkey_apqn *apqns, 164 size_t nr_apqns, 165 const u8 *key, u32 keylen, 166 u8 *protkey, u32 *protkeylen, 167 u32 *protkeytype); 168 int (*gen_key)(const struct pkey_apqn *apqns, size_t nr_apqns, 169 u32 keytype, u32 keysubtype, 170 u32 keybitsize, u32 flags, 171 u8 *keybuf, u32 *keybuflen, u32 *keyinfo); 172 int (*clr_to_key)(const struct pkey_apqn *apqns, size_t nr_apqns, 173 u32 keytype, u32 keysubtype, 174 u32 keybitsize, u32 flags, 175 const u8 *clrkey, u32 clrkeylen, 176 u8 *keybuf, u32 *keybuflen, u32 *keyinfo); 177 int (*verify_key)(const u8 *key, u32 keylen, 178 u16 *card, u16 *dom, 179 u32 *keytype, u32 *keybitsize, u32 *flags); 180 int (*apqns_for_key)(const u8 *key, u32 keylen, u32 flags, 181 struct pkey_apqn *apqns, size_t *nr_apqns); 182 int (*apqns_for_keytype)(enum pkey_key_type ktype, 183 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 184 struct pkey_apqn *apqns, size_t *nr_apqns); 185 /* used internal by pkey base */ 186 struct list_head list; 187 }; 188 189 int pkey_handler_register(struct pkey_handler *handler); 190 int pkey_handler_unregister(struct pkey_handler *handler); 191 192 /* 193 * invocation function for the registered pkey handlers 194 */ 195 196 const struct pkey_handler *pkey_handler_get_keybased(const u8 *key, u32 keylen); 197 const struct pkey_handler *pkey_handler_get_keytypebased(enum pkey_key_type kt); 198 void pkey_handler_put(const struct pkey_handler *handler); 199 200 int pkey_handler_key_to_protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 201 const u8 *key, u32 keylen, 202 u8 *protkey, u32 *protkeylen, u32 *protkeytype); 203 int pkey_handler_slowpath_key_to_protkey(const struct pkey_apqn *apqns, 204 size_t nr_apqns, 205 const u8 *key, u32 keylen, 206 u8 *protkey, u32 *protkeylen, 207 u32 *protkeytype); 208 int pkey_handler_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns, 209 u32 keytype, u32 keysubtype, 210 u32 keybitsize, u32 flags, 211 u8 *keybuf, u32 *keybuflen, u32 *keyinfo); 212 int pkey_handler_clr_to_key(const struct pkey_apqn *apqns, size_t nr_apqns, 213 u32 keytype, u32 keysubtype, 214 u32 keybitsize, u32 flags, 215 const u8 *clrkey, u32 clrkeylen, 216 u8 *keybuf, u32 *keybuflen, u32 *keyinfo); 217 int pkey_handler_verify_key(const u8 *key, u32 keylen, 218 u16 *card, u16 *dom, 219 u32 *keytype, u32 *keybitsize, u32 *flags); 220 int pkey_handler_apqns_for_key(const u8 *key, u32 keylen, u32 flags, 221 struct pkey_apqn *apqns, size_t *nr_apqns); 222 int pkey_handler_apqns_for_keytype(enum pkey_key_type ktype, 223 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 224 struct pkey_apqn *apqns, size_t *nr_apqns); 225 226 /* 227 * Unconditional try to load all handler modules 228 */ 229 void pkey_handler_request_modules(void); 230 231 #endif /* _PKEY_BASE_H_ */ 232