1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * pkey ep11 specific code 4 * 5 * Copyright IBM Corp. 2024 6 */ 7 8 #define pr_fmt(fmt) "pkey: " fmt 9 10 #include <linux/init.h> 11 #include <linux/module.h> 12 #include <linux/cpufeature.h> 13 14 #include "zcrypt_ccamisc.h" 15 #include "zcrypt_ep11misc.h" 16 #include "pkey_base.h" 17 18 MODULE_LICENSE("GPL"); 19 MODULE_AUTHOR("IBM Corporation"); 20 MODULE_DESCRIPTION("s390 protected key EP11 handler"); 21 22 #if IS_MODULE(CONFIG_PKEY_EP11) 23 static struct ap_device_id pkey_ep11_card_ids[] = { 24 { .dev_type = AP_DEVICE_TYPE_CEX4 }, 25 { .dev_type = AP_DEVICE_TYPE_CEX5 }, 26 { .dev_type = AP_DEVICE_TYPE_CEX6 }, 27 { .dev_type = AP_DEVICE_TYPE_CEX7 }, 28 { .dev_type = AP_DEVICE_TYPE_CEX8 }, 29 { /* end of list */ }, 30 }; 31 MODULE_DEVICE_TABLE(ap, pkey_ep11_card_ids); 32 #endif 33 34 /* 35 * Check key blob for known and supported EP11 key. 36 */ 37 static bool is_ep11_key(const u8 *key, u32 keylen) 38 { 39 struct keytoken_header *hdr = (struct keytoken_header *)key; 40 41 if (keylen < sizeof(*hdr)) 42 return false; 43 44 switch (hdr->type) { 45 case TOKTYPE_NON_CCA: 46 switch (hdr->version) { 47 case TOKVER_EP11_AES: 48 case TOKVER_EP11_AES_WITH_HEADER: 49 case TOKVER_EP11_ECC_WITH_HEADER: 50 return true; 51 default: 52 return false; 53 } 54 default: 55 return false; 56 } 57 } 58 59 static bool is_ep11_keytype(enum pkey_key_type key_type) 60 { 61 switch (key_type) { 62 case PKEY_TYPE_EP11: 63 case PKEY_TYPE_EP11_AES: 64 case PKEY_TYPE_EP11_ECC: 65 return true; 66 default: 67 return false; 68 } 69 } 70 71 static int ep11_apqns4key(const u8 *key, u32 keylen, u32 flags, 72 struct pkey_apqn *apqns, size_t *nr_apqns, u32 pflags) 73 { 74 struct keytoken_header *hdr = (struct keytoken_header *)key; 75 u32 _apqns[MAXAPQNSINLIST], _nr_apqns = ARRAY_SIZE(_apqns); 76 u32 xflags; 77 int rc; 78 79 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 80 81 if (!flags) 82 flags = PKEY_FLAGS_MATCH_CUR_MKVP; 83 84 if (keylen < sizeof(struct keytoken_header) || flags == 0) 85 return -EINVAL; 86 87 zcrypt_wait_api_operational(); 88 89 if (hdr->type == TOKTYPE_NON_CCA && 90 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || 91 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && 92 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 93 struct ep11keyblob *kb = (struct ep11keyblob *) 94 (key + sizeof(struct ep11kblob_header)); 95 int minhwtype = 0, api = 0; 96 97 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 98 return -EINVAL; 99 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 100 minhwtype = ZCRYPT_CEX7; 101 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 102 } 103 rc = ep11_findcard2(_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 104 minhwtype, api, kb->wkvp, xflags); 105 if (rc) 106 goto out; 107 108 } else if (hdr->type == TOKTYPE_NON_CCA && 109 hdr->version == TOKVER_EP11_AES && 110 is_ep11_keyblob(key)) { 111 struct ep11keyblob *kb = (struct ep11keyblob *)key; 112 int minhwtype = 0, api = 0; 113 114 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 115 return -EINVAL; 116 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 117 minhwtype = ZCRYPT_CEX7; 118 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 119 } 120 rc = ep11_findcard2(_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 121 minhwtype, api, kb->wkvp, xflags); 122 if (rc) 123 goto out; 124 125 } else { 126 PKEY_DBF_ERR("%s unknown/unsupported blob type %d version %d\n", 127 __func__, hdr->type, hdr->version); 128 return -EINVAL; 129 } 130 131 if (apqns) { 132 if (*nr_apqns < _nr_apqns) 133 rc = -ENOSPC; 134 else 135 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 136 } 137 *nr_apqns = _nr_apqns; 138 139 out: 140 pr_debug("rc=%d\n", rc); 141 return rc; 142 } 143 144 static int ep11_apqns4type(enum pkey_key_type ktype, 145 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 146 struct pkey_apqn *apqns, size_t *nr_apqns, u32 pflags) 147 { 148 u32 _apqns[MAXAPQNSINLIST], _nr_apqns = ARRAY_SIZE(_apqns); 149 u32 xflags; 150 int rc; 151 152 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 153 154 zcrypt_wait_api_operational(); 155 156 if (ktype == PKEY_TYPE_EP11 || 157 ktype == PKEY_TYPE_EP11_AES || 158 ktype == PKEY_TYPE_EP11_ECC) { 159 u8 *wkvp = NULL; 160 int api; 161 162 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 163 wkvp = cur_mkvp; 164 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 165 rc = ep11_findcard2(_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 166 ZCRYPT_CEX7, api, wkvp, xflags); 167 if (rc) 168 goto out; 169 170 } else { 171 PKEY_DBF_ERR("%s unknown/unsupported key type %d\n", 172 __func__, (int)ktype); 173 return -EINVAL; 174 } 175 176 if (apqns) { 177 if (*nr_apqns < _nr_apqns) 178 rc = -ENOSPC; 179 else 180 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 181 } 182 *nr_apqns = _nr_apqns; 183 184 out: 185 pr_debug("rc=%d\n", rc); 186 return rc; 187 } 188 189 static int ep11_key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 190 const u8 *key, u32 keylen, 191 u8 *protkey, u32 *protkeylen, u32 *protkeytype, 192 u32 pflags) 193 { 194 struct keytoken_header *hdr = (struct keytoken_header *)key; 195 struct pkey_apqn _apqns[MAXAPQNSINLIST]; 196 u32 xflags; 197 int i, rc; 198 199 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 200 201 if (keylen < sizeof(*hdr)) 202 return -EINVAL; 203 204 if (hdr->type == TOKTYPE_NON_CCA && 205 hdr->version == TOKVER_EP11_AES_WITH_HEADER && 206 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 207 /* EP11 AES key blob with header */ 208 if (ep11_check_aes_key_with_hdr(pkey_dbf_info, 209 3, key, keylen, 1)) 210 return -EINVAL; 211 } else if (hdr->type == TOKTYPE_NON_CCA && 212 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && 213 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 214 /* EP11 ECC key blob with header */ 215 if (ep11_check_ecc_key_with_hdr(pkey_dbf_info, 216 3, key, keylen, 1)) 217 return -EINVAL; 218 } else if (hdr->type == TOKTYPE_NON_CCA && 219 hdr->version == TOKVER_EP11_AES && 220 is_ep11_keyblob(key)) { 221 /* EP11 AES key blob with header in session field */ 222 if (ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1)) 223 return -EINVAL; 224 } else { 225 PKEY_DBF_ERR("%s unknown/unsupported blob type %d version %d\n", 226 __func__, hdr->type, hdr->version); 227 return -EINVAL; 228 } 229 230 zcrypt_wait_api_operational(); 231 232 if (!apqns || (nr_apqns == 1 && 233 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) { 234 nr_apqns = MAXAPQNSINLIST; 235 rc = ep11_apqns4key(key, keylen, 0, _apqns, &nr_apqns, pflags); 236 if (rc) 237 goto out; 238 apqns = _apqns; 239 } 240 241 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 242 if (hdr->type == TOKTYPE_NON_CCA && 243 hdr->version == TOKVER_EP11_AES_WITH_HEADER && 244 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 245 rc = ep11_kblob2protkey(apqns[i].card, apqns[i].domain, 246 key, hdr->len, protkey, 247 protkeylen, protkeytype, xflags); 248 } else if (hdr->type == TOKTYPE_NON_CCA && 249 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && 250 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 251 rc = ep11_kblob2protkey(apqns[i].card, apqns[i].domain, 252 key, hdr->len, protkey, 253 protkeylen, protkeytype, xflags); 254 } else if (hdr->type == TOKTYPE_NON_CCA && 255 hdr->version == TOKVER_EP11_AES && 256 is_ep11_keyblob(key)) { 257 rc = ep11_kblob2protkey(apqns[i].card, apqns[i].domain, 258 key, hdr->len, protkey, 259 protkeylen, protkeytype, xflags); 260 } else { 261 rc = -EINVAL; 262 break; 263 } 264 } 265 266 out: 267 pr_debug("rc=%d\n", rc); 268 return rc; 269 } 270 271 /* 272 * Generate EP11 secure key. 273 * As of now only EP11 AES secure keys are supported. 274 * keytype is one of the PKEY_KEYTYPE_* constants, 275 * subtype may be PKEY_TYPE_EP11 or PKEY_TYPE_EP11_AES 276 * or 0 (results in subtype PKEY_TYPE_EP11_AES), 277 * keybitsize is the bit size of the key (may be 0 for 278 * keytype PKEY_KEYTYPE_AES_*). 279 */ 280 static int ep11_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns, 281 u32 keytype, u32 subtype, 282 u32 keybitsize, u32 flags, 283 u8 *keybuf, u32 *keybuflen, u32 *_keyinfo, u32 pflags) 284 { 285 struct pkey_apqn _apqns[MAXAPQNSINLIST]; 286 int i, len, rc; 287 u32 xflags; 288 289 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 290 291 /* check keytype, subtype, keybitsize */ 292 switch (keytype) { 293 case PKEY_KEYTYPE_AES_128: 294 case PKEY_KEYTYPE_AES_192: 295 case PKEY_KEYTYPE_AES_256: 296 len = pkey_keytype_aes_to_size(keytype); 297 if (keybitsize && keybitsize != 8 * len) { 298 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 299 __func__, keybitsize); 300 return -EINVAL; 301 } 302 keybitsize = 8 * len; 303 switch (subtype) { 304 case PKEY_TYPE_EP11: 305 case PKEY_TYPE_EP11_AES: 306 break; 307 default: 308 PKEY_DBF_ERR("%s unknown/unsupported subtype %d\n", 309 __func__, subtype); 310 return -EINVAL; 311 } 312 break; 313 default: 314 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n", 315 __func__, keytype); 316 return -EINVAL; 317 } 318 319 zcrypt_wait_api_operational(); 320 321 if (!apqns || (nr_apqns == 1 && 322 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) { 323 nr_apqns = MAXAPQNSINLIST; 324 rc = ep11_apqns4type(subtype, NULL, NULL, 0, 325 _apqns, &nr_apqns, pflags); 326 if (rc) 327 goto out; 328 apqns = _apqns; 329 } 330 331 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 332 rc = ep11_genaeskey(apqns[i].card, apqns[i].domain, 333 keybitsize, flags, 334 keybuf, keybuflen, subtype, xflags); 335 } 336 337 out: 338 pr_debug("rc=%d\n", rc); 339 return rc; 340 } 341 342 /* 343 * Generate EP11 secure key with given clear key value. 344 * As of now only EP11 AES secure keys are supported. 345 * keytype is one of the PKEY_KEYTYPE_* constants, 346 * subtype may be PKEY_TYPE_EP11 or PKEY_TYPE_EP11_AES 347 * or 0 (assumes PKEY_TYPE_EP11_AES then). 348 * keybitsize is the bit size of the key (may be 0 for 349 * keytype PKEY_KEYTYPE_AES_*). 350 */ 351 static int ep11_clr2key(const struct pkey_apqn *apqns, size_t nr_apqns, 352 u32 keytype, u32 subtype, 353 u32 keybitsize, u32 flags, 354 const u8 *clrkey, u32 clrkeylen, 355 u8 *keybuf, u32 *keybuflen, u32 *_keyinfo, u32 pflags) 356 { 357 struct pkey_apqn _apqns[MAXAPQNSINLIST]; 358 int i, len, rc; 359 u32 xflags; 360 361 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 362 363 /* check keytype, subtype, clrkeylen, keybitsize */ 364 switch (keytype) { 365 case PKEY_KEYTYPE_AES_128: 366 case PKEY_KEYTYPE_AES_192: 367 case PKEY_KEYTYPE_AES_256: 368 len = pkey_keytype_aes_to_size(keytype); 369 if (keybitsize && keybitsize != 8 * len) { 370 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 371 __func__, keybitsize); 372 return -EINVAL; 373 } 374 keybitsize = 8 * len; 375 if (clrkeylen != len) { 376 PKEY_DBF_ERR("%s invalid clear key len %d != %d\n", 377 __func__, clrkeylen, len); 378 return -EINVAL; 379 } 380 switch (subtype) { 381 case PKEY_TYPE_EP11: 382 case PKEY_TYPE_EP11_AES: 383 break; 384 default: 385 PKEY_DBF_ERR("%s unknown/unsupported subtype %d\n", 386 __func__, subtype); 387 return -EINVAL; 388 } 389 break; 390 default: 391 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n", 392 __func__, keytype); 393 return -EINVAL; 394 } 395 396 zcrypt_wait_api_operational(); 397 398 if (!apqns || (nr_apqns == 1 && 399 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) { 400 nr_apqns = MAXAPQNSINLIST; 401 rc = ep11_apqns4type(subtype, NULL, NULL, 0, 402 _apqns, &nr_apqns, pflags); 403 if (rc) 404 goto out; 405 apqns = _apqns; 406 } 407 408 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 409 rc = ep11_clr2keyblob(apqns[i].card, apqns[i].domain, 410 keybitsize, flags, clrkey, 411 keybuf, keybuflen, subtype, xflags); 412 } 413 414 out: 415 pr_debug("rc=%d\n", rc); 416 return rc; 417 } 418 419 static int ep11_verifykey(const u8 *key, u32 keylen, 420 u16 *card, u16 *dom, 421 u32 *keytype, u32 *keybitsize, u32 *flags, u32 pflags) 422 { 423 struct keytoken_header *hdr = (struct keytoken_header *)key; 424 u32 apqns[MAXAPQNSINLIST], nr_apqns = ARRAY_SIZE(apqns); 425 u32 xflags; 426 int rc; 427 428 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 429 430 if (keylen < sizeof(*hdr)) 431 return -EINVAL; 432 433 zcrypt_wait_api_operational(); 434 435 if (hdr->type == TOKTYPE_NON_CCA && 436 hdr->version == TOKVER_EP11_AES) { 437 struct ep11keyblob *kb = (struct ep11keyblob *)key; 438 int api; 439 440 rc = ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1); 441 if (rc) 442 goto out; 443 *keytype = PKEY_TYPE_EP11; 444 *keybitsize = kb->head.bitlen; 445 446 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 447 rc = ep11_findcard2(apqns, &nr_apqns, *card, *dom, 448 ZCRYPT_CEX7, api, 449 ep11_kb_wkvp(key, keylen), xflags); 450 if (rc) 451 goto out; 452 453 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 454 455 *card = ((struct pkey_apqn *)apqns)->card; 456 *dom = ((struct pkey_apqn *)apqns)->domain; 457 458 } else if (hdr->type == TOKTYPE_NON_CCA && 459 hdr->version == TOKVER_EP11_AES_WITH_HEADER) { 460 struct ep11kblob_header *kh = (struct ep11kblob_header *)key; 461 int api; 462 463 rc = ep11_check_aes_key_with_hdr(pkey_dbf_info, 464 3, key, keylen, 1); 465 if (rc) 466 goto out; 467 *keytype = PKEY_TYPE_EP11_AES; 468 *keybitsize = kh->bitlen; 469 470 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 471 rc = ep11_findcard2(apqns, &nr_apqns, *card, *dom, 472 ZCRYPT_CEX7, api, 473 ep11_kb_wkvp(key, keylen), xflags); 474 if (rc) 475 goto out; 476 477 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 478 479 *card = ((struct pkey_apqn *)apqns)->card; 480 *dom = ((struct pkey_apqn *)apqns)->domain; 481 482 } else { 483 /* unknown/unsupported key blob */ 484 rc = -EINVAL; 485 } 486 487 out: 488 pr_debug("rc=%d\n", rc); 489 return rc; 490 } 491 492 /* 493 * This function provides an alternate but usually slow way 494 * to convert a 'clear key token' with AES key material into 495 * a protected key. That is done via an intermediate step 496 * which creates an EP11 AES secure key first and then derives 497 * the protected key from this secure key. 498 */ 499 static int ep11_slowpath_key2protkey(const struct pkey_apqn *apqns, 500 size_t nr_apqns, 501 const u8 *key, u32 keylen, 502 u8 *protkey, u32 *protkeylen, 503 u32 *protkeytype, u32 pflags) 504 { 505 const struct keytoken_header *hdr = (const struct keytoken_header *)key; 506 const struct clearkeytoken *t = (const struct clearkeytoken *)key; 507 u8 tmpbuf[MAXEP11AESKEYBLOBSIZE]; /* 336 bytes */ 508 u32 tmplen, keysize = 0; 509 int i, rc; 510 511 if (keylen < sizeof(*hdr)) 512 return -EINVAL; 513 514 if (hdr->type == TOKTYPE_NON_CCA && 515 hdr->version == TOKVER_CLEAR_KEY) 516 keysize = pkey_keytype_aes_to_size(t->keytype); 517 if (!keysize || t->len != keysize) 518 return -EINVAL; 519 520 /* try two times in case of failure */ 521 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) { 522 tmplen = MAXEP11AESKEYBLOBSIZE; 523 rc = ep11_clr2key(NULL, 0, t->keytype, PKEY_TYPE_EP11, 524 8 * keysize, 0, t->clearkey, t->len, 525 tmpbuf, &tmplen, NULL, pflags); 526 pr_debug("ep11_clr2key()=%d\n", rc); 527 if (rc) 528 continue; 529 rc = ep11_key2protkey(NULL, 0, tmpbuf, tmplen, 530 protkey, protkeylen, protkeytype, pflags); 531 pr_debug("ep11_key2protkey()=%d\n", rc); 532 } 533 534 pr_debug("rc=%d\n", rc); 535 return rc; 536 } 537 538 static struct pkey_handler ep11_handler = { 539 .module = THIS_MODULE, 540 .name = "PKEY EP11 handler", 541 .is_supported_key = is_ep11_key, 542 .is_supported_keytype = is_ep11_keytype, 543 .key_to_protkey = ep11_key2protkey, 544 .slowpath_key_to_protkey = ep11_slowpath_key2protkey, 545 .gen_key = ep11_gen_key, 546 .clr_to_key = ep11_clr2key, 547 .verify_key = ep11_verifykey, 548 .apqns_for_key = ep11_apqns4key, 549 .apqns_for_keytype = ep11_apqns4type, 550 }; 551 552 /* 553 * Module init 554 */ 555 static int __init pkey_ep11_init(void) 556 { 557 /* register this module as pkey handler for all the ep11 stuff */ 558 return pkey_handler_register(&ep11_handler); 559 } 560 561 /* 562 * Module exit 563 */ 564 static void __exit pkey_ep11_exit(void) 565 { 566 /* unregister this module as pkey handler */ 567 pkey_handler_unregister(&ep11_handler); 568 } 569 570 module_init(pkey_ep11_init); 571 module_exit(pkey_ep11_exit); 572