xref: /linux/drivers/s390/crypto/pkey_sysfs.c (revision 300a0cfe9f375b2843bcb331bcfa7503475ef5dd)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  pkey module sysfs related functions
4  *
5  *  Copyright IBM Corp. 2024
6  */
7 
8 #define KMSG_COMPONENT "pkey"
9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
10 
11 #include <linux/sysfs.h>
12 
13 #include "zcrypt_ccamisc.h"
14 #include "zcrypt_ep11misc.h"
15 
16 #include "pkey_base.h"
17 
18 /*
19  * Wrapper around pkey_handler_gen_key() which deals with the
20  * ENODEV return code and then tries to enforce a pkey handler
21  * module load.
22  */
23 static int sys_pkey_handler_gen_key(u32 keytype, u32 keysubtype,
24 				    u32 keybitsize, u32 flags,
25 				    u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
26 {
27 	int rc;
28 
29 	rc = pkey_handler_gen_key(NULL, 0,
30 				  keytype, keysubtype,
31 				  keybitsize, flags,
32 				  keybuf, keybuflen, keyinfo, 0);
33 	if (rc == -ENODEV) {
34 		pkey_handler_request_modules();
35 		rc = pkey_handler_gen_key(NULL, 0,
36 					  keytype, keysubtype,
37 					  keybitsize, flags,
38 					  keybuf, keybuflen, keyinfo, 0);
39 	}
40 
41 	return rc;
42 }
43 
44 /*
45  * Sysfs attribute read function for all protected key binary attributes.
46  * The implementation can not deal with partial reads, because a new random
47  * protected key blob is generated with each read. In case of partial reads
48  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
49  */
50 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
51 					  loff_t off, size_t count)
52 {
53 	struct protaeskeytoken protkeytoken;
54 	struct pkey_protkey protkey;
55 	int rc;
56 
57 	if (off != 0 || count < sizeof(protkeytoken))
58 		return -EINVAL;
59 	if (is_xts)
60 		if (count < 2 * sizeof(protkeytoken))
61 			return -EINVAL;
62 
63 	memset(&protkeytoken, 0, sizeof(protkeytoken));
64 	protkeytoken.type = TOKTYPE_NON_CCA;
65 	protkeytoken.version = TOKVER_PROTECTED_KEY;
66 	protkeytoken.keytype = keytype;
67 
68 	protkey.len = sizeof(protkey.protkey);
69 	rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
70 				      protkey.protkey, &protkey.len,
71 				      &protkey.type);
72 	if (rc)
73 		return rc;
74 
75 	protkeytoken.len = protkey.len;
76 	memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
77 
78 	memcpy(buf, &protkeytoken, sizeof(protkeytoken));
79 
80 	if (is_xts) {
81 		/* xts needs a second protected key, reuse protkey struct */
82 		protkey.len = sizeof(protkey.protkey);
83 		rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
84 					      protkey.protkey, &protkey.len,
85 					      &protkey.type);
86 		if (rc)
87 			return rc;
88 
89 		protkeytoken.len = protkey.len;
90 		memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
91 
92 		memcpy(buf + sizeof(protkeytoken), &protkeytoken,
93 		       sizeof(protkeytoken));
94 
95 		return 2 * sizeof(protkeytoken);
96 	}
97 
98 	return sizeof(protkeytoken);
99 }
100 
101 /*
102  * Sysfs attribute read function for the AES XTS prot key binary attributes.
103  * The implementation can not deal with partial reads, because a new random
104  * protected key blob is generated with each read. In case of partial reads
105  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
106  */
107 static ssize_t pkey_protkey_aes_xts_attr_read(u32 keytype, char *buf,
108 					      loff_t off, size_t count)
109 {
110 	struct protkeytoken *t = (struct protkeytoken *)buf;
111 	u32 protlen, prottype;
112 	int rc;
113 
114 	switch (keytype) {
115 	case PKEY_KEYTYPE_AES_XTS_128:
116 		protlen = 64;
117 		break;
118 	case PKEY_KEYTYPE_AES_XTS_256:
119 		protlen = 96;
120 		break;
121 	default:
122 		return -EINVAL;
123 	}
124 
125 	if (off != 0 || count < sizeof(*t) + protlen)
126 		return -EINVAL;
127 
128 	memset(t, 0, sizeof(*t) + protlen);
129 	t->type = TOKTYPE_NON_CCA;
130 	t->version = TOKVER_PROTECTED_KEY;
131 	t->keytype = keytype;
132 
133 	rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
134 				      t->protkey, &protlen, &prottype);
135 	if (rc)
136 		return rc;
137 
138 	t->len = protlen;
139 
140 	return sizeof(*t) + protlen;
141 }
142 
143 /*
144  * Sysfs attribute read function for the HMAC prot key binary attributes.
145  * The implementation can not deal with partial reads, because a new random
146  * protected key blob is generated with each read. In case of partial reads
147  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
148  */
149 static ssize_t pkey_protkey_hmac_attr_read(u32 keytype, char *buf,
150 					   loff_t off, size_t count)
151 {
152 	struct protkeytoken *t = (struct protkeytoken *)buf;
153 	u32 protlen, prottype;
154 	int rc;
155 
156 	switch (keytype) {
157 	case PKEY_KEYTYPE_HMAC_512:
158 		protlen = 96;
159 		break;
160 	case PKEY_KEYTYPE_HMAC_1024:
161 		protlen = 160;
162 		break;
163 	default:
164 		return -EINVAL;
165 	}
166 
167 	if (off != 0 || count < sizeof(*t) + protlen)
168 		return -EINVAL;
169 
170 	memset(t, 0, sizeof(*t) + protlen);
171 	t->type = TOKTYPE_NON_CCA;
172 	t->version = TOKVER_PROTECTED_KEY;
173 	t->keytype = keytype;
174 
175 	rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
176 				      t->protkey, &protlen, &prottype);
177 	if (rc)
178 		return rc;
179 
180 	t->len = protlen;
181 
182 	return sizeof(*t) + protlen;
183 }
184 
185 static ssize_t protkey_aes_128_read(struct file *filp,
186 				    struct kobject *kobj,
187 				    const struct bin_attribute *attr,
188 				    char *buf, loff_t off,
189 				    size_t count)
190 {
191 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
192 					  off, count);
193 }
194 
195 static ssize_t protkey_aes_192_read(struct file *filp,
196 				    struct kobject *kobj,
197 				    const struct bin_attribute *attr,
198 				    char *buf, loff_t off,
199 				    size_t count)
200 {
201 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
202 					  off, count);
203 }
204 
205 static ssize_t protkey_aes_256_read(struct file *filp,
206 				    struct kobject *kobj,
207 				    const struct bin_attribute *attr,
208 				    char *buf, loff_t off,
209 				    size_t count)
210 {
211 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
212 					  off, count);
213 }
214 
215 static ssize_t protkey_aes_128_xts_read(struct file *filp,
216 					struct kobject *kobj,
217 					const struct bin_attribute *attr,
218 					char *buf, loff_t off,
219 					size_t count)
220 {
221 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
222 					  off, count);
223 }
224 
225 static ssize_t protkey_aes_256_xts_read(struct file *filp,
226 					struct kobject *kobj,
227 					const struct bin_attribute *attr,
228 					char *buf, loff_t off,
229 					size_t count)
230 {
231 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
232 					  off, count);
233 }
234 
235 static ssize_t protkey_aes_xts_128_read(struct file *filp,
236 					struct kobject *kobj,
237 					const struct bin_attribute *attr,
238 					char *buf, loff_t off,
239 					size_t count)
240 {
241 	return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_128,
242 					      buf, off, count);
243 }
244 
245 static ssize_t protkey_aes_xts_256_read(struct file *filp,
246 					struct kobject *kobj,
247 					const struct bin_attribute *attr,
248 					char *buf, loff_t off,
249 					size_t count)
250 {
251 	return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_256,
252 					      buf, off, count);
253 }
254 
255 static ssize_t protkey_hmac_512_read(struct file *filp,
256 				     struct kobject *kobj,
257 				     const struct bin_attribute *attr,
258 				     char *buf, loff_t off,
259 				     size_t count)
260 {
261 	return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_512,
262 					   buf, off, count);
263 }
264 
265 static ssize_t protkey_hmac_1024_read(struct file *filp,
266 				      struct kobject *kobj,
267 				      const struct bin_attribute *attr,
268 				      char *buf, loff_t off,
269 				      size_t count)
270 {
271 	return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_1024,
272 					   buf, off, count);
273 }
274 
275 static const BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
276 static const BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
277 static const BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
278 static const BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
279 static const BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
280 static const BIN_ATTR_RO(protkey_aes_xts_128, sizeof(struct protkeytoken) + 64);
281 static const BIN_ATTR_RO(protkey_aes_xts_256, sizeof(struct protkeytoken) + 96);
282 static const BIN_ATTR_RO(protkey_hmac_512, sizeof(struct protkeytoken) + 96);
283 static const BIN_ATTR_RO(protkey_hmac_1024, sizeof(struct protkeytoken) + 160);
284 
285 static const struct bin_attribute *const protkey_attrs[] = {
286 	&bin_attr_protkey_aes_128,
287 	&bin_attr_protkey_aes_192,
288 	&bin_attr_protkey_aes_256,
289 	&bin_attr_protkey_aes_128_xts,
290 	&bin_attr_protkey_aes_256_xts,
291 	&bin_attr_protkey_aes_xts_128,
292 	&bin_attr_protkey_aes_xts_256,
293 	&bin_attr_protkey_hmac_512,
294 	&bin_attr_protkey_hmac_1024,
295 	NULL
296 };
297 
298 static const struct attribute_group protkey_attr_group = {
299 	.name	       = "protkey",
300 	.bin_attrs = protkey_attrs,
301 };
302 
303 /*
304  * Sysfs attribute read function for all secure key ccadata binary attributes.
305  * The implementation can not deal with partial reads, because a new random
306  * protected key blob is generated with each read. In case of partial reads
307  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
308  */
309 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
310 					  loff_t off, size_t count)
311 {
312 	struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
313 	u32 buflen;
314 	int rc;
315 
316 	if (off != 0 || count < sizeof(struct secaeskeytoken))
317 		return -EINVAL;
318 	if (is_xts)
319 		if (count < 2 * sizeof(struct secaeskeytoken))
320 			return -EINVAL;
321 
322 	buflen = sizeof(seckey->seckey);
323 	rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
324 				      seckey->seckey, &buflen, NULL);
325 	if (rc)
326 		return rc;
327 
328 	if (is_xts) {
329 		seckey++;
330 		buflen = sizeof(seckey->seckey);
331 		rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
332 					      seckey->seckey, &buflen, NULL);
333 		if (rc)
334 			return rc;
335 
336 		return 2 * sizeof(struct secaeskeytoken);
337 	}
338 
339 	return sizeof(struct secaeskeytoken);
340 }
341 
342 static ssize_t ccadata_aes_128_read(struct file *filp,
343 				    struct kobject *kobj,
344 				    const struct bin_attribute *attr,
345 				    char *buf, loff_t off,
346 				    size_t count)
347 {
348 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
349 					  off, count);
350 }
351 
352 static ssize_t ccadata_aes_192_read(struct file *filp,
353 				    struct kobject *kobj,
354 				    const struct bin_attribute *attr,
355 				    char *buf, loff_t off,
356 				    size_t count)
357 {
358 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
359 					  off, count);
360 }
361 
362 static ssize_t ccadata_aes_256_read(struct file *filp,
363 				    struct kobject *kobj,
364 				    const struct bin_attribute *attr,
365 				    char *buf, loff_t off,
366 				    size_t count)
367 {
368 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
369 					  off, count);
370 }
371 
372 static ssize_t ccadata_aes_128_xts_read(struct file *filp,
373 					struct kobject *kobj,
374 					const struct bin_attribute *attr,
375 					char *buf, loff_t off,
376 					size_t count)
377 {
378 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
379 					  off, count);
380 }
381 
382 static ssize_t ccadata_aes_256_xts_read(struct file *filp,
383 					struct kobject *kobj,
384 					const struct bin_attribute *attr,
385 					char *buf, loff_t off,
386 					size_t count)
387 {
388 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
389 					  off, count);
390 }
391 
392 static const BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken));
393 static const BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken));
394 static const BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken));
395 static const BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken));
396 static const BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken));
397 
398 static const struct bin_attribute *const ccadata_attrs[] = {
399 	&bin_attr_ccadata_aes_128,
400 	&bin_attr_ccadata_aes_192,
401 	&bin_attr_ccadata_aes_256,
402 	&bin_attr_ccadata_aes_128_xts,
403 	&bin_attr_ccadata_aes_256_xts,
404 	NULL
405 };
406 
407 static const struct attribute_group ccadata_attr_group = {
408 	.name	       = "ccadata",
409 	.bin_attrs = ccadata_attrs,
410 };
411 
412 #define CCACIPHERTOKENSIZE	(sizeof(struct cipherkeytoken) + 80)
413 
414 /*
415  * Sysfs attribute read function for all secure key ccacipher binary attributes.
416  * The implementation can not deal with partial reads, because a new random
417  * secure key blob is generated with each read. In case of partial reads
418  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
419  */
420 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
421 					    bool is_xts, char *buf, loff_t off,
422 					    size_t count)
423 {
424 	u32 keysize = CCACIPHERTOKENSIZE;
425 	int rc;
426 
427 	if (off != 0 || count < CCACIPHERTOKENSIZE)
428 		return -EINVAL;
429 	if (is_xts)
430 		if (count < 2 * CCACIPHERTOKENSIZE)
431 			return -EINVAL;
432 
433 	memset(buf, 0, is_xts ? 2 * keysize : keysize);
434 
435 	rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
436 				      PKEY_TYPE_CCA_CIPHER, keybits, 0,
437 				      buf, &keysize, NULL);
438 	if (rc)
439 		return rc;
440 
441 	if (is_xts) {
442 		keysize = CCACIPHERTOKENSIZE;
443 		buf += CCACIPHERTOKENSIZE;
444 		rc = sys_pkey_handler_gen_key(
445 			pkey_aes_bitsize_to_keytype(keybits),
446 			PKEY_TYPE_CCA_CIPHER, keybits, 0,
447 			buf, &keysize, NULL);
448 		if (rc)
449 			return rc;
450 		return 2 * CCACIPHERTOKENSIZE;
451 	}
452 
453 	return CCACIPHERTOKENSIZE;
454 }
455 
456 static ssize_t ccacipher_aes_128_read(struct file *filp,
457 				      struct kobject *kobj,
458 				      const struct bin_attribute *attr,
459 				      char *buf, loff_t off,
460 				      size_t count)
461 {
462 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
463 					    off, count);
464 }
465 
466 static ssize_t ccacipher_aes_192_read(struct file *filp,
467 				      struct kobject *kobj,
468 				      const struct bin_attribute *attr,
469 				      char *buf, loff_t off,
470 				      size_t count)
471 {
472 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
473 					    off, count);
474 }
475 
476 static ssize_t ccacipher_aes_256_read(struct file *filp,
477 				      struct kobject *kobj,
478 				      const struct bin_attribute *attr,
479 				      char *buf, loff_t off,
480 				      size_t count)
481 {
482 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
483 					    off, count);
484 }
485 
486 static ssize_t ccacipher_aes_128_xts_read(struct file *filp,
487 					  struct kobject *kobj,
488 					  const struct bin_attribute *attr,
489 					  char *buf, loff_t off,
490 					  size_t count)
491 {
492 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
493 					    off, count);
494 }
495 
496 static ssize_t ccacipher_aes_256_xts_read(struct file *filp,
497 					  struct kobject *kobj,
498 					  const struct bin_attribute *attr,
499 					  char *buf, loff_t off,
500 					  size_t count)
501 {
502 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
503 					    off, count);
504 }
505 
506 static const BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE);
507 static const BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE);
508 static const BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE);
509 static const BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE);
510 static const BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE);
511 
512 static const struct bin_attribute *const ccacipher_attrs[] = {
513 	&bin_attr_ccacipher_aes_128,
514 	&bin_attr_ccacipher_aes_192,
515 	&bin_attr_ccacipher_aes_256,
516 	&bin_attr_ccacipher_aes_128_xts,
517 	&bin_attr_ccacipher_aes_256_xts,
518 	NULL
519 };
520 
521 static const struct attribute_group ccacipher_attr_group = {
522 	.name	       = "ccacipher",
523 	.bin_attrs = ccacipher_attrs,
524 };
525 
526 /*
527  * Sysfs attribute read function for all ep11 aes key binary attributes.
528  * The implementation can not deal with partial reads, because a new random
529  * secure key blob is generated with each read. In case of partial reads
530  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
531  * This function and the sysfs attributes using it provide EP11 key blobs
532  * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently
533  * 336 bytes.
534  */
535 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
536 				       bool is_xts, char *buf, loff_t off,
537 				       size_t count)
538 {
539 	u32 keysize = MAXEP11AESKEYBLOBSIZE;
540 	int rc;
541 
542 	if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
543 		return -EINVAL;
544 	if (is_xts)
545 		if (count < 2 * MAXEP11AESKEYBLOBSIZE)
546 			return -EINVAL;
547 
548 	memset(buf, 0, is_xts ? 2 * keysize : keysize);
549 
550 	rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
551 				      PKEY_TYPE_EP11_AES, keybits, 0,
552 				      buf, &keysize, NULL);
553 	if (rc)
554 		return rc;
555 
556 	if (is_xts) {
557 		keysize = MAXEP11AESKEYBLOBSIZE;
558 		buf += MAXEP11AESKEYBLOBSIZE;
559 		rc = sys_pkey_handler_gen_key(
560 			pkey_aes_bitsize_to_keytype(keybits),
561 			PKEY_TYPE_EP11_AES, keybits, 0,
562 			buf, &keysize, NULL);
563 		if (rc)
564 			return rc;
565 		return 2 * MAXEP11AESKEYBLOBSIZE;
566 	}
567 
568 	return MAXEP11AESKEYBLOBSIZE;
569 }
570 
571 static ssize_t ep11_aes_128_read(struct file *filp,
572 				 struct kobject *kobj,
573 				 const struct bin_attribute *attr,
574 				 char *buf, loff_t off,
575 				 size_t count)
576 {
577 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
578 				       off, count);
579 }
580 
581 static ssize_t ep11_aes_192_read(struct file *filp,
582 				 struct kobject *kobj,
583 				 const struct bin_attribute *attr,
584 				 char *buf, loff_t off,
585 				 size_t count)
586 {
587 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
588 				       off, count);
589 }
590 
591 static ssize_t ep11_aes_256_read(struct file *filp,
592 				 struct kobject *kobj,
593 				 const struct bin_attribute *attr,
594 				 char *buf, loff_t off,
595 				 size_t count)
596 {
597 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
598 				       off, count);
599 }
600 
601 static ssize_t ep11_aes_128_xts_read(struct file *filp,
602 				     struct kobject *kobj,
603 				     const struct bin_attribute *attr,
604 				     char *buf, loff_t off,
605 				     size_t count)
606 {
607 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
608 				       off, count);
609 }
610 
611 static ssize_t ep11_aes_256_xts_read(struct file *filp,
612 				     struct kobject *kobj,
613 				     const struct bin_attribute *attr,
614 				     char *buf, loff_t off,
615 				     size_t count)
616 {
617 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
618 				       off, count);
619 }
620 
621 static const BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE);
622 static const BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE);
623 static const BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE);
624 static const BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE);
625 static const BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE);
626 
627 static const struct bin_attribute *const ep11_attrs[] = {
628 	&bin_attr_ep11_aes_128,
629 	&bin_attr_ep11_aes_192,
630 	&bin_attr_ep11_aes_256,
631 	&bin_attr_ep11_aes_128_xts,
632 	&bin_attr_ep11_aes_256_xts,
633 	NULL
634 };
635 
636 static const struct attribute_group ep11_attr_group = {
637 	.name	   = "ep11",
638 	.bin_attrs = ep11_attrs,
639 };
640 
641 const struct attribute_group *pkey_attr_groups[] = {
642 	&protkey_attr_group,
643 	&ccadata_attr_group,
644 	&ccacipher_attr_group,
645 	&ep11_attr_group,
646 	NULL,
647 };
648