1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright IBM Corp. 2017, 2023
7 * Author(s): Harald Freudenberger
10 #define KMSG_COMPONENT "pkey"
11 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
14 #include <linux/init.h>
15 #include <linux/miscdevice.h>
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/kallsyms.h>
19 #include <linux/debugfs.h>
20 #include <linux/random.h>
21 #include <linux/cpufeature.h>
22 #include <asm/zcrypt.h>
23 #include <asm/cpacf.h>
25 #include <crypto/aes.h>
27 #include "zcrypt_api.h"
28 #include "zcrypt_ccamisc.h"
29 #include "zcrypt_ep11misc.h"
31 MODULE_LICENSE("GPL");
32 MODULE_AUTHOR("IBM Corporation");
33 MODULE_DESCRIPTION("s390 protected key interface");
35 #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */
36 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header))
37 #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */
38 #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */
39 #define AES_WK_VP_SIZE 32 /* Size of WK VP block appended to a prot key */
42 * debug feature data and functions
45 static debug_info_t *debug_info;
47 #define DEBUG_DBG(...) debug_sprintf_event(debug_info, 6, ##__VA_ARGS__)
48 #define DEBUG_INFO(...) debug_sprintf_event(debug_info, 5, ##__VA_ARGS__)
49 #define DEBUG_WARN(...) debug_sprintf_event(debug_info, 4, ##__VA_ARGS__)
50 #define DEBUG_ERR(...) debug_sprintf_event(debug_info, 3, ##__VA_ARGS__)
52 static void __init pkey_debug_init(void)
54 /* 5 arguments per dbf entry (including the format string ptr) */
55 debug_info = debug_register("pkey", 1, 1, 5 * sizeof(long));
56 debug_register_view(debug_info, &debug_sprintf_view);
57 debug_set_level(debug_info, 3);
60 static void __exit pkey_debug_exit(void)
62 debug_unregister(debug_info);
65 /* inside view of a protected key token (only type 0x00 version 0x01) */
66 struct protaeskeytoken {
67 u8 type; /* 0x00 for PAES specific key tokens */
69 u8 version; /* should be 0x01 for protected AES key token */
71 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */
72 u32 len; /* bytes actually stored in protkey[] */
73 u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */
76 /* inside view of a clear key token (type 0x00 version 0x02) */
77 struct clearkeytoken {
78 u8 type; /* 0x00 for PAES specific key tokens */
80 u8 version; /* 0x02 for clear key token */
82 u32 keytype; /* key type, one of the PKEY_KEYTYPE_* values */
83 u32 len; /* bytes actually stored in clearkey[] */
84 u8 clearkey[]; /* clear key value */
87 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */
88 static inline u32 pkey_keytype_aes_to_size(u32 keytype)
91 case PKEY_KEYTYPE_AES_128:
93 case PKEY_KEYTYPE_AES_192:
95 case PKEY_KEYTYPE_AES_256:
103 * Create a protected key from a clear key value via PCKMO instruction.
105 static int pkey_clr2protkey(u32 keytype, const u8 *clrkey,
106 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
108 /* mask of available pckmo subfunctions */
109 static cpacf_mask_t pckmo_functions;
117 case PKEY_KEYTYPE_AES_128:
118 /* 16 byte key, 32 byte aes wkvp, total 48 bytes */
121 fc = CPACF_PCKMO_ENC_AES_128_KEY;
123 case PKEY_KEYTYPE_AES_192:
124 /* 24 byte key, 32 byte aes wkvp, total 56 bytes */
127 fc = CPACF_PCKMO_ENC_AES_192_KEY;
129 case PKEY_KEYTYPE_AES_256:
130 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */
133 fc = CPACF_PCKMO_ENC_AES_256_KEY;
135 case PKEY_KEYTYPE_ECC_P256:
136 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */
138 pkeytype = PKEY_KEYTYPE_ECC;
139 fc = CPACF_PCKMO_ENC_ECC_P256_KEY;
141 case PKEY_KEYTYPE_ECC_P384:
142 /* 48 byte key, 32 byte aes wkvp, total 80 bytes */
144 pkeytype = PKEY_KEYTYPE_ECC;
145 fc = CPACF_PCKMO_ENC_ECC_P384_KEY;
147 case PKEY_KEYTYPE_ECC_P521:
148 /* 80 byte key, 32 byte aes wkvp, total 112 bytes */
150 pkeytype = PKEY_KEYTYPE_ECC;
151 fc = CPACF_PCKMO_ENC_ECC_P521_KEY;
153 case PKEY_KEYTYPE_ECC_ED25519:
154 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */
156 pkeytype = PKEY_KEYTYPE_ECC;
157 fc = CPACF_PCKMO_ENC_ECC_ED25519_KEY;
159 case PKEY_KEYTYPE_ECC_ED448:
160 /* 64 byte key, 32 byte aes wkvp, total 96 bytes */
162 pkeytype = PKEY_KEYTYPE_ECC;
163 fc = CPACF_PCKMO_ENC_ECC_ED448_KEY;
166 DEBUG_ERR("%s unknown/unsupported keytype %u\n",
171 if (*protkeylen < keysize + AES_WK_VP_SIZE) {
172 DEBUG_ERR("%s prot key buffer size too small: %u < %d\n",
173 __func__, *protkeylen, keysize + AES_WK_VP_SIZE);
177 /* Did we already check for PCKMO ? */
178 if (!pckmo_functions.bytes[0]) {
179 /* no, so check now */
180 if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
183 /* check for the pckmo subfunction we need now */
184 if (!cpacf_test_func(&pckmo_functions, fc)) {
185 DEBUG_ERR("%s pckmo functions not available\n", __func__);
189 /* prepare param block */
190 memset(paramblock, 0, sizeof(paramblock));
191 memcpy(paramblock, clrkey, keysize);
193 /* call the pckmo instruction */
194 cpacf_pckmo(fc, paramblock);
196 /* copy created protected key to key buffer including the wkvp block */
197 *protkeylen = keysize + AES_WK_VP_SIZE;
198 memcpy(protkey, paramblock, *protkeylen);
199 *protkeytype = pkeytype;
205 * Find card and transform secure key into protected key.
207 static int pkey_skey2pkey(const u8 *key, u8 *protkey,
208 u32 *protkeylen, u32 *protkeytype)
210 struct keytoken_header *hdr = (struct keytoken_header *)key;
214 zcrypt_wait_api_operational();
217 * The cca_xxx2protkey call may fail when a card has been
218 * addressed where the master key was changed after last fetch
219 * of the mkvp into the cache. Try 3 times: First without verify
220 * then with verify and last round with verify and old master
221 * key verification pattern match not ignored.
223 for (verify = 0; verify < 3; verify++) {
224 rc = cca_findcard(key, &cardnr, &domain, verify);
227 if (rc > 0 && verify < 2)
229 switch (hdr->version) {
231 rc = cca_sec2protkey(cardnr, domain, key,
232 protkey, protkeylen, protkeytype);
234 case TOKVER_CCA_VLSC:
235 rc = cca_cipher2protkey(cardnr, domain, key,
247 DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
253 * Construct EP11 key with given clear key value.
255 static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen,
256 u8 *keybuf, size_t *keybuflen)
258 u32 nr_apqns, *apqns = NULL;
262 zcrypt_wait_api_operational();
264 /* build a list of apqns suitable for ep11 keys with cpacf support */
265 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
267 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
272 /* go through the list of apqns and try to bild an ep11 key */
273 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {
274 card = apqns[i] >> 16;
275 dom = apqns[i] & 0xFFFF;
276 rc = ep11_clr2keyblob(card, dom, clrkeylen * 8,
277 0, clrkey, keybuf, keybuflen,
286 DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
291 * Find card and transform EP11 secure key into protected key.
293 static int pkey_ep11key2pkey(const u8 *key, size_t keylen,
294 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
296 u32 nr_apqns, *apqns = NULL;
300 zcrypt_wait_api_operational();
302 /* build a list of apqns suitable for this key */
303 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
305 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
306 ep11_kb_wkvp(key, keylen));
310 /* go through the list of apqns and try to derive an pkey */
311 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {
312 card = apqns[i] >> 16;
313 dom = apqns[i] & 0xFFFF;
314 rc = ep11_kblob2protkey(card, dom, key, keylen,
315 protkey, protkeylen, protkeytype);
323 DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
328 * Verify key and give back some info about the key.
330 static int pkey_verifykey(const struct pkey_seckey *seckey,
331 u16 *pcardnr, u16 *pdomain,
332 u16 *pkeysize, u32 *pattributes)
334 struct secaeskeytoken *t = (struct secaeskeytoken *)seckey;
338 /* check the secure key for valid AES secure key */
339 rc = cca_check_secaeskeytoken(debug_info, 3, (u8 *)seckey, 0);
343 *pattributes = PKEY_VERIFY_ATTR_AES;
345 *pkeysize = t->bitsize;
347 /* try to find a card which can handle this key */
348 rc = cca_findcard(seckey->seckey, &cardnr, &domain, 1);
353 /* key mkvp matches to old master key mkvp */
354 DEBUG_DBG("%s secure key has old mkvp\n", __func__);
356 *pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
366 DEBUG_DBG("%s rc=%d\n", __func__, rc);
371 * Generate a random protected key
373 static int pkey_genprotkey(u32 keytype, u8 *protkey,
374 u32 *protkeylen, u32 *protkeytype)
380 keysize = pkey_keytype_aes_to_size(keytype);
382 DEBUG_ERR("%s unknown/unsupported keytype %d\n", __func__,
387 /* generate a dummy random clear key */
388 get_random_bytes(clrkey, keysize);
390 /* convert it to a dummy protected key */
391 rc = pkey_clr2protkey(keytype, clrkey,
392 protkey, protkeylen, protkeytype);
396 /* replace the key part of the protected key with random bytes */
397 get_random_bytes(protkey, keysize);
403 * Verify if a protected key is still valid
405 static int pkey_verifyprotkey(const u8 *protkey, u32 protkeylen,
409 u8 iv[AES_BLOCK_SIZE];
410 u8 key[MAXPROTKEYSIZE];
412 u8 null_msg[AES_BLOCK_SIZE];
413 u8 dest_buf[AES_BLOCK_SIZE];
414 unsigned int k, pkeylen;
417 switch (protkeytype) {
418 case PKEY_KEYTYPE_AES_128:
419 pkeylen = 16 + AES_WK_VP_SIZE;
420 fc = CPACF_KMC_PAES_128;
422 case PKEY_KEYTYPE_AES_192:
423 pkeylen = 24 + AES_WK_VP_SIZE;
424 fc = CPACF_KMC_PAES_192;
426 case PKEY_KEYTYPE_AES_256:
427 pkeylen = 32 + AES_WK_VP_SIZE;
428 fc = CPACF_KMC_PAES_256;
431 DEBUG_ERR("%s unknown/unsupported keytype %u\n", __func__,
435 if (protkeylen != pkeylen) {
436 DEBUG_ERR("%s invalid protected key size %u for keytype %u\n",
437 __func__, protkeylen, protkeytype);
441 memset(null_msg, 0, sizeof(null_msg));
443 memset(param.iv, 0, sizeof(param.iv));
444 memcpy(param.key, protkey, protkeylen);
446 k = cpacf_kmc(fc | CPACF_ENCRYPT, ¶m, null_msg, dest_buf,
448 if (k != sizeof(null_msg)) {
449 DEBUG_ERR("%s protected key is not valid\n", __func__);
450 return -EKEYREJECTED;
456 /* Helper for pkey_nonccatok2pkey, handles aes clear key token */
457 static int nonccatokaes2pkey(const struct clearkeytoken *t,
458 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
460 size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE);
465 keysize = pkey_keytype_aes_to_size(t->keytype);
467 DEBUG_ERR("%s unknown/unsupported keytype %u\n",
468 __func__, t->keytype);
471 if (t->len != keysize) {
472 DEBUG_ERR("%s non clear key aes token: invalid key len %u\n",
477 /* try direct way with the PCKMO instruction */
478 rc = pkey_clr2protkey(t->keytype, t->clearkey,
479 protkey, protkeylen, protkeytype);
483 /* PCKMO failed, so try the CCA secure key way */
484 tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC);
487 zcrypt_wait_api_operational();
488 rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype, t->clearkey, tmpbuf);
491 rc = pkey_skey2pkey(tmpbuf,
492 protkey, protkeylen, protkeytype);
497 /* if the CCA way also failed, let's try via EP11 */
498 rc = pkey_clr2ep11key(t->clearkey, t->len,
502 rc = pkey_ep11key2pkey(tmpbuf, tmpbuflen,
503 protkey, protkeylen, protkeytype);
508 DEBUG_ERR("%s unable to build protected key from clear", __func__);
515 /* Helper for pkey_nonccatok2pkey, handles ecc clear key token */
516 static int nonccatokecc2pkey(const struct clearkeytoken *t,
517 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
522 switch (t->keytype) {
523 case PKEY_KEYTYPE_ECC_P256:
526 case PKEY_KEYTYPE_ECC_P384:
529 case PKEY_KEYTYPE_ECC_P521:
532 case PKEY_KEYTYPE_ECC_ED25519:
535 case PKEY_KEYTYPE_ECC_ED448:
539 DEBUG_ERR("%s unknown/unsupported keytype %u\n",
540 __func__, t->keytype);
544 if (t->len != keylen) {
545 DEBUG_ERR("%s non clear key ecc token: invalid key len %u\n",
550 /* only one path possible: via PCKMO instruction */
551 rc = pkey_clr2protkey(t->keytype, t->clearkey,
552 protkey, protkeylen, protkeytype);
554 DEBUG_ERR("%s unable to build protected key from clear",
562 * Transform a non-CCA key token into a protected key
564 static int pkey_nonccatok2pkey(const u8 *key, u32 keylen,
565 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
567 struct keytoken_header *hdr = (struct keytoken_header *)key;
570 switch (hdr->version) {
571 case TOKVER_PROTECTED_KEY: {
572 struct protaeskeytoken *t;
574 if (keylen != sizeof(struct protaeskeytoken))
576 t = (struct protaeskeytoken *)key;
577 rc = pkey_verifyprotkey(t->protkey, t->len, t->keytype);
580 memcpy(protkey, t->protkey, t->len);
581 *protkeylen = t->len;
582 *protkeytype = t->keytype;
585 case TOKVER_CLEAR_KEY: {
586 struct clearkeytoken *t = (struct clearkeytoken *)key;
588 if (keylen < sizeof(struct clearkeytoken) ||
589 keylen != sizeof(*t) + t->len)
591 switch (t->keytype) {
592 case PKEY_KEYTYPE_AES_128:
593 case PKEY_KEYTYPE_AES_192:
594 case PKEY_KEYTYPE_AES_256:
595 rc = nonccatokaes2pkey(t, protkey,
596 protkeylen, protkeytype);
598 case PKEY_KEYTYPE_ECC_P256:
599 case PKEY_KEYTYPE_ECC_P384:
600 case PKEY_KEYTYPE_ECC_P521:
601 case PKEY_KEYTYPE_ECC_ED25519:
602 case PKEY_KEYTYPE_ECC_ED448:
603 rc = nonccatokecc2pkey(t, protkey,
604 protkeylen, protkeytype);
607 DEBUG_ERR("%s unknown/unsupported non cca clear key type %u\n",
608 __func__, t->keytype);
613 case TOKVER_EP11_AES: {
614 /* check ep11 key for exportable as protected key */
615 rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
618 rc = pkey_ep11key2pkey(key, keylen,
619 protkey, protkeylen, protkeytype);
622 case TOKVER_EP11_AES_WITH_HEADER:
623 /* check ep11 key with header for exportable as protected key */
624 rc = ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1);
627 rc = pkey_ep11key2pkey(key, keylen,
628 protkey, protkeylen, protkeytype);
631 DEBUG_ERR("%s unknown/unsupported non-CCA token version %d\n",
632 __func__, hdr->version);
640 * Transform a CCA internal key token into a protected key
642 static int pkey_ccainttok2pkey(const u8 *key, u32 keylen,
643 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
645 struct keytoken_header *hdr = (struct keytoken_header *)key;
647 switch (hdr->version) {
649 if (keylen != sizeof(struct secaeskeytoken))
652 case TOKVER_CCA_VLSC:
653 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
657 DEBUG_ERR("%s unknown/unsupported CCA internal token version %d\n",
658 __func__, hdr->version);
662 return pkey_skey2pkey(key, protkey, protkeylen, protkeytype);
666 * Transform a key blob (of any type) into a protected key
668 int pkey_keyblob2pkey(const u8 *key, u32 keylen,
669 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
671 struct keytoken_header *hdr = (struct keytoken_header *)key;
674 if (keylen < sizeof(struct keytoken_header)) {
675 DEBUG_ERR("%s invalid keylen %d\n", __func__, keylen);
680 case TOKTYPE_NON_CCA:
681 rc = pkey_nonccatok2pkey(key, keylen,
682 protkey, protkeylen, protkeytype);
684 case TOKTYPE_CCA_INTERNAL:
685 rc = pkey_ccainttok2pkey(key, keylen,
686 protkey, protkeylen, protkeytype);
689 DEBUG_ERR("%s unknown/unsupported blob type %d\n",
690 __func__, hdr->type);
694 DEBUG_DBG("%s rc=%d\n", __func__, rc);
697 EXPORT_SYMBOL(pkey_keyblob2pkey);
699 static int pkey_genseckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
700 enum pkey_key_type ktype, enum pkey_key_size ksize,
701 u32 kflags, u8 *keybuf, size_t *keybufsize)
703 int i, card, dom, rc;
705 /* check for at least one apqn given */
706 if (!apqns || !nr_apqns)
709 /* check key type and size */
711 case PKEY_TYPE_CCA_DATA:
712 case PKEY_TYPE_CCA_CIPHER:
713 if (*keybufsize < SECKEYBLOBSIZE)
717 if (*keybufsize < MINEP11AESKEYBLOBSIZE)
720 case PKEY_TYPE_EP11_AES:
721 if (*keybufsize < (sizeof(struct ep11kblob_header) +
722 MINEP11AESKEYBLOBSIZE))
729 case PKEY_SIZE_AES_128:
730 case PKEY_SIZE_AES_192:
731 case PKEY_SIZE_AES_256:
737 /* simple try all apqns from the list */
738 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
739 card = apqns[i].card;
740 dom = apqns[i].domain;
741 if (ktype == PKEY_TYPE_EP11 ||
742 ktype == PKEY_TYPE_EP11_AES) {
743 rc = ep11_genaeskey(card, dom, ksize, kflags,
744 keybuf, keybufsize, ktype);
745 } else if (ktype == PKEY_TYPE_CCA_DATA) {
746 rc = cca_genseckey(card, dom, ksize, keybuf);
747 *keybufsize = (rc ? 0 : SECKEYBLOBSIZE);
749 /* TOKVER_CCA_VLSC */
750 rc = cca_gencipherkey(card, dom, ksize, kflags,
760 static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
761 enum pkey_key_type ktype, enum pkey_key_size ksize,
762 u32 kflags, const u8 *clrkey,
763 u8 *keybuf, size_t *keybufsize)
765 int i, card, dom, rc;
767 /* check for at least one apqn given */
768 if (!apqns || !nr_apqns)
771 /* check key type and size */
773 case PKEY_TYPE_CCA_DATA:
774 case PKEY_TYPE_CCA_CIPHER:
775 if (*keybufsize < SECKEYBLOBSIZE)
779 if (*keybufsize < MINEP11AESKEYBLOBSIZE)
782 case PKEY_TYPE_EP11_AES:
783 if (*keybufsize < (sizeof(struct ep11kblob_header) +
784 MINEP11AESKEYBLOBSIZE))
791 case PKEY_SIZE_AES_128:
792 case PKEY_SIZE_AES_192:
793 case PKEY_SIZE_AES_256:
799 zcrypt_wait_api_operational();
801 /* simple try all apqns from the list */
802 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
803 card = apqns[i].card;
804 dom = apqns[i].domain;
805 if (ktype == PKEY_TYPE_EP11 ||
806 ktype == PKEY_TYPE_EP11_AES) {
807 rc = ep11_clr2keyblob(card, dom, ksize, kflags,
808 clrkey, keybuf, keybufsize,
810 } else if (ktype == PKEY_TYPE_CCA_DATA) {
811 rc = cca_clr2seckey(card, dom, ksize,
813 *keybufsize = (rc ? 0 : SECKEYBLOBSIZE);
815 /* TOKVER_CCA_VLSC */
816 rc = cca_clr2cipherkey(card, dom, ksize, kflags,
817 clrkey, keybuf, keybufsize);
826 static int pkey_verifykey2(const u8 *key, size_t keylen,
827 u16 *cardnr, u16 *domain,
828 enum pkey_key_type *ktype,
829 enum pkey_key_size *ksize, u32 *flags)
831 struct keytoken_header *hdr = (struct keytoken_header *)key;
832 u32 _nr_apqns, *_apqns = NULL;
835 if (keylen < sizeof(struct keytoken_header))
838 if (hdr->type == TOKTYPE_CCA_INTERNAL &&
839 hdr->version == TOKVER_CCA_AES) {
840 struct secaeskeytoken *t = (struct secaeskeytoken *)key;
842 rc = cca_check_secaeskeytoken(debug_info, 3, key, 0);
846 *ktype = PKEY_TYPE_CCA_DATA;
848 *ksize = (enum pkey_key_size)t->bitsize;
850 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
851 ZCRYPT_CEX3C, AES_MK_SET, t->mkvp, 0, 1);
852 if (rc == 0 && flags)
853 *flags = PKEY_FLAGS_MATCH_CUR_MKVP;
855 rc = cca_findcard2(&_apqns, &_nr_apqns,
857 ZCRYPT_CEX3C, AES_MK_SET,
859 if (rc == 0 && flags)
860 *flags = PKEY_FLAGS_MATCH_ALT_MKVP;
865 *cardnr = ((struct pkey_apqn *)_apqns)->card;
866 *domain = ((struct pkey_apqn *)_apqns)->domain;
868 } else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
869 hdr->version == TOKVER_CCA_VLSC) {
870 struct cipherkeytoken *t = (struct cipherkeytoken *)key;
872 rc = cca_check_secaescipherkey(debug_info, 3, key, 0, 1);
876 *ktype = PKEY_TYPE_CCA_CIPHER;
878 *ksize = PKEY_SIZE_UNKNOWN;
879 if (!t->plfver && t->wpllen == 512)
880 *ksize = PKEY_SIZE_AES_128;
881 else if (!t->plfver && t->wpllen == 576)
882 *ksize = PKEY_SIZE_AES_192;
883 else if (!t->plfver && t->wpllen == 640)
884 *ksize = PKEY_SIZE_AES_256;
887 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
888 ZCRYPT_CEX6, AES_MK_SET, t->mkvp0, 0, 1);
889 if (rc == 0 && flags)
890 *flags = PKEY_FLAGS_MATCH_CUR_MKVP;
892 rc = cca_findcard2(&_apqns, &_nr_apqns,
894 ZCRYPT_CEX6, AES_MK_SET,
896 if (rc == 0 && flags)
897 *flags = PKEY_FLAGS_MATCH_ALT_MKVP;
902 *cardnr = ((struct pkey_apqn *)_apqns)->card;
903 *domain = ((struct pkey_apqn *)_apqns)->domain;
905 } else if (hdr->type == TOKTYPE_NON_CCA &&
906 hdr->version == TOKVER_EP11_AES) {
907 struct ep11keyblob *kb = (struct ep11keyblob *)key;
910 rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
914 *ktype = PKEY_TYPE_EP11;
916 *ksize = kb->head.bitlen;
918 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
919 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
921 ep11_kb_wkvp(key, keylen));
926 *flags = PKEY_FLAGS_MATCH_CUR_MKVP;
928 *cardnr = ((struct pkey_apqn *)_apqns)->card;
929 *domain = ((struct pkey_apqn *)_apqns)->domain;
931 } else if (hdr->type == TOKTYPE_NON_CCA &&
932 hdr->version == TOKVER_EP11_AES_WITH_HEADER) {
933 struct ep11kblob_header *kh = (struct ep11kblob_header *)key;
936 rc = ep11_check_aes_key_with_hdr(debug_info, 3,
941 *ktype = PKEY_TYPE_EP11_AES;
945 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
946 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
948 ep11_kb_wkvp(key, keylen));
953 *flags = PKEY_FLAGS_MATCH_CUR_MKVP;
955 *cardnr = ((struct pkey_apqn *)_apqns)->card;
956 *domain = ((struct pkey_apqn *)_apqns)->domain;
966 static int pkey_keyblob2pkey2(const struct pkey_apqn *apqns, size_t nr_apqns,
967 const u8 *key, size_t keylen,
968 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
970 struct keytoken_header *hdr = (struct keytoken_header *)key;
971 int i, card, dom, rc;
973 /* check for at least one apqn given */
974 if (!apqns || !nr_apqns)
977 if (keylen < sizeof(struct keytoken_header))
980 if (hdr->type == TOKTYPE_CCA_INTERNAL) {
981 if (hdr->version == TOKVER_CCA_AES) {
982 if (keylen != sizeof(struct secaeskeytoken))
984 if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
986 } else if (hdr->version == TOKVER_CCA_VLSC) {
987 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
989 if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
992 DEBUG_ERR("%s unknown CCA internal token version %d\n",
993 __func__, hdr->version);
996 } else if (hdr->type == TOKTYPE_NON_CCA) {
997 if (hdr->version == TOKVER_EP11_AES) {
998 if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
1000 } else if (hdr->version == TOKVER_EP11_AES_WITH_HEADER) {
1001 if (ep11_check_aes_key_with_hdr(debug_info, 3,
1005 return pkey_nonccatok2pkey(key, keylen,
1006 protkey, protkeylen,
1010 DEBUG_ERR("%s unknown/unsupported blob type %d\n",
1011 __func__, hdr->type);
1015 zcrypt_wait_api_operational();
1017 /* simple try all apqns from the list */
1018 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
1019 card = apqns[i].card;
1020 dom = apqns[i].domain;
1021 if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1022 hdr->version == TOKVER_CCA_AES) {
1023 rc = cca_sec2protkey(card, dom, key,
1024 protkey, protkeylen, protkeytype);
1025 } else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1026 hdr->version == TOKVER_CCA_VLSC) {
1027 rc = cca_cipher2protkey(card, dom, key,
1028 protkey, protkeylen,
1031 rc = ep11_kblob2protkey(card, dom, key, keylen,
1032 protkey, protkeylen,
1042 static int pkey_apqns4key(const u8 *key, size_t keylen, u32 flags,
1043 struct pkey_apqn *apqns, size_t *nr_apqns)
1045 struct keytoken_header *hdr = (struct keytoken_header *)key;
1046 u32 _nr_apqns, *_apqns = NULL;
1049 if (keylen < sizeof(struct keytoken_header) || flags == 0)
1052 zcrypt_wait_api_operational();
1054 if (hdr->type == TOKTYPE_NON_CCA &&
1055 (hdr->version == TOKVER_EP11_AES_WITH_HEADER ||
1056 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) &&
1057 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1058 struct ep11keyblob *kb = (struct ep11keyblob *)
1059 (key + sizeof(struct ep11kblob_header));
1060 int minhwtype = 0, api = 0;
1062 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP)
1064 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) {
1065 minhwtype = ZCRYPT_CEX7;
1066 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
1068 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1069 minhwtype, api, kb->wkvp);
1072 } else if (hdr->type == TOKTYPE_NON_CCA &&
1073 hdr->version == TOKVER_EP11_AES &&
1074 is_ep11_keyblob(key)) {
1075 struct ep11keyblob *kb = (struct ep11keyblob *)key;
1076 int minhwtype = 0, api = 0;
1078 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP)
1080 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) {
1081 minhwtype = ZCRYPT_CEX7;
1082 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
1084 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1085 minhwtype, api, kb->wkvp);
1088 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) {
1089 u64 cur_mkvp = 0, old_mkvp = 0;
1090 int minhwtype = ZCRYPT_CEX3C;
1092 if (hdr->version == TOKVER_CCA_AES) {
1093 struct secaeskeytoken *t = (struct secaeskeytoken *)key;
1095 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1097 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1099 } else if (hdr->version == TOKVER_CCA_VLSC) {
1100 struct cipherkeytoken *t = (struct cipherkeytoken *)key;
1102 minhwtype = ZCRYPT_CEX6;
1103 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1104 cur_mkvp = t->mkvp0;
1105 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1106 old_mkvp = t->mkvp0;
1108 /* unknown cca internal token type */
1111 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1112 minhwtype, AES_MK_SET,
1113 cur_mkvp, old_mkvp, 1);
1116 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) {
1117 struct eccprivkeytoken *t = (struct eccprivkeytoken *)key;
1118 u64 cur_mkvp = 0, old_mkvp = 0;
1120 if (t->secid == 0x20) {
1121 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1123 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1126 /* unknown cca internal 2 token type */
1129 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1130 ZCRYPT_CEX7, APKA_MK_SET,
1131 cur_mkvp, old_mkvp, 1);
1139 if (*nr_apqns < _nr_apqns)
1142 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32));
1144 *nr_apqns = _nr_apqns;
1151 static int pkey_apqns4keytype(enum pkey_key_type ktype,
1152 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
1153 struct pkey_apqn *apqns, size_t *nr_apqns)
1155 u32 _nr_apqns, *_apqns = NULL;
1158 zcrypt_wait_api_operational();
1160 if (ktype == PKEY_TYPE_CCA_DATA || ktype == PKEY_TYPE_CCA_CIPHER) {
1161 u64 cur_mkvp = 0, old_mkvp = 0;
1162 int minhwtype = ZCRYPT_CEX3C;
1164 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1165 cur_mkvp = *((u64 *)cur_mkvp);
1166 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1167 old_mkvp = *((u64 *)alt_mkvp);
1168 if (ktype == PKEY_TYPE_CCA_CIPHER)
1169 minhwtype = ZCRYPT_CEX6;
1170 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1171 minhwtype, AES_MK_SET,
1172 cur_mkvp, old_mkvp, 1);
1175 } else if (ktype == PKEY_TYPE_CCA_ECC) {
1176 u64 cur_mkvp = 0, old_mkvp = 0;
1178 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1179 cur_mkvp = *((u64 *)cur_mkvp);
1180 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1181 old_mkvp = *((u64 *)alt_mkvp);
1182 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1183 ZCRYPT_CEX7, APKA_MK_SET,
1184 cur_mkvp, old_mkvp, 1);
1188 } else if (ktype == PKEY_TYPE_EP11 ||
1189 ktype == PKEY_TYPE_EP11_AES ||
1190 ktype == PKEY_TYPE_EP11_ECC) {
1194 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1196 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
1197 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1198 ZCRYPT_CEX7, api, wkvp);
1207 if (*nr_apqns < _nr_apqns)
1210 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32));
1212 *nr_apqns = _nr_apqns;
1219 static int pkey_keyblob2pkey3(const struct pkey_apqn *apqns, size_t nr_apqns,
1220 const u8 *key, size_t keylen,
1221 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
1223 struct keytoken_header *hdr = (struct keytoken_header *)key;
1224 int i, card, dom, rc;
1226 /* check for at least one apqn given */
1227 if (!apqns || !nr_apqns)
1230 if (keylen < sizeof(struct keytoken_header))
1233 if (hdr->type == TOKTYPE_NON_CCA &&
1234 hdr->version == TOKVER_EP11_AES_WITH_HEADER &&
1235 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1236 /* EP11 AES key blob with header */
1237 if (ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1))
1239 } else if (hdr->type == TOKTYPE_NON_CCA &&
1240 hdr->version == TOKVER_EP11_ECC_WITH_HEADER &&
1241 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1242 /* EP11 ECC key blob with header */
1243 if (ep11_check_ecc_key_with_hdr(debug_info, 3, key, keylen, 1))
1245 } else if (hdr->type == TOKTYPE_NON_CCA &&
1246 hdr->version == TOKVER_EP11_AES &&
1247 is_ep11_keyblob(key)) {
1248 /* EP11 AES key blob with header in session field */
1249 if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
1251 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) {
1252 if (hdr->version == TOKVER_CCA_AES) {
1253 /* CCA AES data key */
1254 if (keylen != sizeof(struct secaeskeytoken))
1256 if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
1258 } else if (hdr->version == TOKVER_CCA_VLSC) {
1259 /* CCA AES cipher key */
1260 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
1262 if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
1265 DEBUG_ERR("%s unknown CCA internal token version %d\n",
1266 __func__, hdr->version);
1269 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) {
1270 /* CCA ECC (private) key */
1271 if (keylen < sizeof(struct eccprivkeytoken))
1273 if (cca_check_sececckeytoken(debug_info, 3, key, keylen, 1))
1275 } else if (hdr->type == TOKTYPE_NON_CCA) {
1276 return pkey_nonccatok2pkey(key, keylen,
1277 protkey, protkeylen, protkeytype);
1279 DEBUG_ERR("%s unknown/unsupported blob type %d\n",
1280 __func__, hdr->type);
1284 /* simple try all apqns from the list */
1285 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) {
1286 card = apqns[i].card;
1287 dom = apqns[i].domain;
1288 if (hdr->type == TOKTYPE_NON_CCA &&
1289 (hdr->version == TOKVER_EP11_AES_WITH_HEADER ||
1290 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) &&
1291 is_ep11_keyblob(key + sizeof(struct ep11kblob_header)))
1292 rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1293 protkey, protkeylen,
1295 else if (hdr->type == TOKTYPE_NON_CCA &&
1296 hdr->version == TOKVER_EP11_AES &&
1297 is_ep11_keyblob(key))
1298 rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1299 protkey, protkeylen,
1301 else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1302 hdr->version == TOKVER_CCA_AES)
1303 rc = cca_sec2protkey(card, dom, key, protkey,
1304 protkeylen, protkeytype);
1305 else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1306 hdr->version == TOKVER_CCA_VLSC)
1307 rc = cca_cipher2protkey(card, dom, key, protkey,
1308 protkeylen, protkeytype);
1309 else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA)
1310 rc = cca_ecc2protkey(card, dom, key, protkey,
1311 protkeylen, protkeytype);
1323 static void *_copy_key_from_user(void __user *ukey, size_t keylen)
1325 if (!ukey || keylen < MINKEYBLOBBUFSIZE || keylen > KEYBLOBBUFSIZE)
1326 return ERR_PTR(-EINVAL);
1328 return memdup_user(ukey, keylen);
1331 static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns)
1333 if (!uapqns || nr_apqns == 0)
1336 return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
1339 static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
1345 case PKEY_GENSECK: {
1346 struct pkey_genseck __user *ugs = (void __user *)arg;
1347 struct pkey_genseck kgs;
1349 if (copy_from_user(&kgs, ugs, sizeof(kgs)))
1351 rc = cca_genseckey(kgs.cardnr, kgs.domain,
1352 kgs.keytype, kgs.seckey.seckey);
1353 DEBUG_DBG("%s cca_genseckey()=%d\n", __func__, rc);
1356 if (copy_to_user(ugs, &kgs, sizeof(kgs)))
1360 case PKEY_CLR2SECK: {
1361 struct pkey_clr2seck __user *ucs = (void __user *)arg;
1362 struct pkey_clr2seck kcs;
1364 if (copy_from_user(&kcs, ucs, sizeof(kcs)))
1366 rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype,
1367 kcs.clrkey.clrkey, kcs.seckey.seckey);
1368 DEBUG_DBG("%s cca_clr2seckey()=%d\n", __func__, rc);
1371 if (copy_to_user(ucs, &kcs, sizeof(kcs)))
1373 memzero_explicit(&kcs, sizeof(kcs));
1376 case PKEY_SEC2PROTK: {
1377 struct pkey_sec2protk __user *usp = (void __user *)arg;
1378 struct pkey_sec2protk ksp;
1380 if (copy_from_user(&ksp, usp, sizeof(ksp)))
1382 ksp.protkey.len = sizeof(ksp.protkey.protkey);
1383 rc = cca_sec2protkey(ksp.cardnr, ksp.domain,
1384 ksp.seckey.seckey, ksp.protkey.protkey,
1385 &ksp.protkey.len, &ksp.protkey.type);
1386 DEBUG_DBG("%s cca_sec2protkey()=%d\n", __func__, rc);
1389 if (copy_to_user(usp, &ksp, sizeof(ksp)))
1393 case PKEY_CLR2PROTK: {
1394 struct pkey_clr2protk __user *ucp = (void __user *)arg;
1395 struct pkey_clr2protk kcp;
1397 if (copy_from_user(&kcp, ucp, sizeof(kcp)))
1399 kcp.protkey.len = sizeof(kcp.protkey.protkey);
1400 rc = pkey_clr2protkey(kcp.keytype, kcp.clrkey.clrkey,
1401 kcp.protkey.protkey,
1402 &kcp.protkey.len, &kcp.protkey.type);
1403 DEBUG_DBG("%s pkey_clr2protkey()=%d\n", __func__, rc);
1406 if (copy_to_user(ucp, &kcp, sizeof(kcp)))
1408 memzero_explicit(&kcp, sizeof(kcp));
1411 case PKEY_FINDCARD: {
1412 struct pkey_findcard __user *ufc = (void __user *)arg;
1413 struct pkey_findcard kfc;
1415 if (copy_from_user(&kfc, ufc, sizeof(kfc)))
1417 rc = cca_findcard(kfc.seckey.seckey,
1418 &kfc.cardnr, &kfc.domain, 1);
1419 DEBUG_DBG("%s cca_findcard()=%d\n", __func__, rc);
1422 if (copy_to_user(ufc, &kfc, sizeof(kfc)))
1426 case PKEY_SKEY2PKEY: {
1427 struct pkey_skey2pkey __user *usp = (void __user *)arg;
1428 struct pkey_skey2pkey ksp;
1430 if (copy_from_user(&ksp, usp, sizeof(ksp)))
1432 ksp.protkey.len = sizeof(ksp.protkey.protkey);
1433 rc = pkey_skey2pkey(ksp.seckey.seckey, ksp.protkey.protkey,
1434 &ksp.protkey.len, &ksp.protkey.type);
1435 DEBUG_DBG("%s pkey_skey2pkey()=%d\n", __func__, rc);
1438 if (copy_to_user(usp, &ksp, sizeof(ksp)))
1442 case PKEY_VERIFYKEY: {
1443 struct pkey_verifykey __user *uvk = (void __user *)arg;
1444 struct pkey_verifykey kvk;
1446 if (copy_from_user(&kvk, uvk, sizeof(kvk)))
1448 rc = pkey_verifykey(&kvk.seckey, &kvk.cardnr, &kvk.domain,
1449 &kvk.keysize, &kvk.attributes);
1450 DEBUG_DBG("%s pkey_verifykey()=%d\n", __func__, rc);
1453 if (copy_to_user(uvk, &kvk, sizeof(kvk)))
1457 case PKEY_GENPROTK: {
1458 struct pkey_genprotk __user *ugp = (void __user *)arg;
1459 struct pkey_genprotk kgp;
1461 if (copy_from_user(&kgp, ugp, sizeof(kgp)))
1463 kgp.protkey.len = sizeof(kgp.protkey.protkey);
1464 rc = pkey_genprotkey(kgp.keytype, kgp.protkey.protkey,
1465 &kgp.protkey.len, &kgp.protkey.type);
1466 DEBUG_DBG("%s pkey_genprotkey()=%d\n", __func__, rc);
1469 if (copy_to_user(ugp, &kgp, sizeof(kgp)))
1473 case PKEY_VERIFYPROTK: {
1474 struct pkey_verifyprotk __user *uvp = (void __user *)arg;
1475 struct pkey_verifyprotk kvp;
1477 if (copy_from_user(&kvp, uvp, sizeof(kvp)))
1479 rc = pkey_verifyprotkey(kvp.protkey.protkey,
1480 kvp.protkey.len, kvp.protkey.type);
1481 DEBUG_DBG("%s pkey_verifyprotkey()=%d\n", __func__, rc);
1484 case PKEY_KBLOB2PROTK: {
1485 struct pkey_kblob2pkey __user *utp = (void __user *)arg;
1486 struct pkey_kblob2pkey ktp;
1489 if (copy_from_user(&ktp, utp, sizeof(ktp)))
1491 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1493 return PTR_ERR(kkey);
1494 ktp.protkey.len = sizeof(ktp.protkey.protkey);
1495 rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey,
1496 &ktp.protkey.len, &ktp.protkey.type);
1497 DEBUG_DBG("%s pkey_keyblob2pkey()=%d\n", __func__, rc);
1498 memzero_explicit(kkey, ktp.keylen);
1502 if (copy_to_user(utp, &ktp, sizeof(ktp)))
1506 case PKEY_GENSECK2: {
1507 struct pkey_genseck2 __user *ugs = (void __user *)arg;
1508 size_t klen = KEYBLOBBUFSIZE;
1509 struct pkey_genseck2 kgs;
1510 struct pkey_apqn *apqns;
1513 if (copy_from_user(&kgs, ugs, sizeof(kgs)))
1515 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries);
1517 return PTR_ERR(apqns);
1518 kkey = kzalloc(klen, GFP_KERNEL);
1523 rc = pkey_genseckey2(apqns, kgs.apqn_entries,
1524 kgs.type, kgs.size, kgs.keygenflags,
1526 DEBUG_DBG("%s pkey_genseckey2()=%d\n", __func__, rc);
1533 if (kgs.keylen < klen) {
1537 if (copy_to_user(kgs.key, kkey, klen)) {
1543 if (copy_to_user(ugs, &kgs, sizeof(kgs)))
1548 case PKEY_CLR2SECK2: {
1549 struct pkey_clr2seck2 __user *ucs = (void __user *)arg;
1550 size_t klen = KEYBLOBBUFSIZE;
1551 struct pkey_clr2seck2 kcs;
1552 struct pkey_apqn *apqns;
1555 if (copy_from_user(&kcs, ucs, sizeof(kcs)))
1557 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
1559 return PTR_ERR(apqns);
1560 kkey = kzalloc(klen, GFP_KERNEL);
1565 rc = pkey_clr2seckey2(apqns, kcs.apqn_entries,
1566 kcs.type, kcs.size, kcs.keygenflags,
1567 kcs.clrkey.clrkey, kkey, &klen);
1568 DEBUG_DBG("%s pkey_clr2seckey2()=%d\n", __func__, rc);
1575 if (kcs.keylen < klen) {
1579 if (copy_to_user(kcs.key, kkey, klen)) {
1585 if (copy_to_user(ucs, &kcs, sizeof(kcs)))
1587 memzero_explicit(&kcs, sizeof(kcs));
1591 case PKEY_VERIFYKEY2: {
1592 struct pkey_verifykey2 __user *uvk = (void __user *)arg;
1593 struct pkey_verifykey2 kvk;
1596 if (copy_from_user(&kvk, uvk, sizeof(kvk)))
1598 kkey = _copy_key_from_user(kvk.key, kvk.keylen);
1600 return PTR_ERR(kkey);
1601 rc = pkey_verifykey2(kkey, kvk.keylen,
1602 &kvk.cardnr, &kvk.domain,
1603 &kvk.type, &kvk.size, &kvk.flags);
1604 DEBUG_DBG("%s pkey_verifykey2()=%d\n", __func__, rc);
1608 if (copy_to_user(uvk, &kvk, sizeof(kvk)))
1612 case PKEY_KBLOB2PROTK2: {
1613 struct pkey_kblob2pkey2 __user *utp = (void __user *)arg;
1614 struct pkey_apqn *apqns = NULL;
1615 struct pkey_kblob2pkey2 ktp;
1618 if (copy_from_user(&ktp, utp, sizeof(ktp)))
1620 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries);
1622 return PTR_ERR(apqns);
1623 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1626 return PTR_ERR(kkey);
1628 ktp.protkey.len = sizeof(ktp.protkey.protkey);
1629 rc = pkey_keyblob2pkey2(apqns, ktp.apqn_entries,
1631 ktp.protkey.protkey, &ktp.protkey.len,
1633 DEBUG_DBG("%s pkey_keyblob2pkey2()=%d\n", __func__, rc);
1635 memzero_explicit(kkey, ktp.keylen);
1639 if (copy_to_user(utp, &ktp, sizeof(ktp)))
1643 case PKEY_APQNS4K: {
1644 struct pkey_apqns4key __user *uak = (void __user *)arg;
1645 struct pkey_apqn *apqns = NULL;
1646 struct pkey_apqns4key kak;
1647 size_t nr_apqns, len;
1650 if (copy_from_user(&kak, uak, sizeof(kak)))
1652 nr_apqns = kak.apqn_entries;
1654 apqns = kmalloc_array(nr_apqns,
1655 sizeof(struct pkey_apqn),
1660 kkey = _copy_key_from_user(kak.key, kak.keylen);
1663 return PTR_ERR(kkey);
1665 rc = pkey_apqns4key(kkey, kak.keylen, kak.flags,
1667 DEBUG_DBG("%s pkey_apqns4key()=%d\n", __func__, rc);
1669 if (rc && rc != -ENOSPC) {
1673 if (!rc && kak.apqns) {
1674 if (nr_apqns > kak.apqn_entries) {
1678 len = nr_apqns * sizeof(struct pkey_apqn);
1680 if (copy_to_user(kak.apqns, apqns, len)) {
1686 kak.apqn_entries = nr_apqns;
1687 if (copy_to_user(uak, &kak, sizeof(kak)))
1692 case PKEY_APQNS4KT: {
1693 struct pkey_apqns4keytype __user *uat = (void __user *)arg;
1694 struct pkey_apqn *apqns = NULL;
1695 struct pkey_apqns4keytype kat;
1696 size_t nr_apqns, len;
1698 if (copy_from_user(&kat, uat, sizeof(kat)))
1700 nr_apqns = kat.apqn_entries;
1702 apqns = kmalloc_array(nr_apqns,
1703 sizeof(struct pkey_apqn),
1708 rc = pkey_apqns4keytype(kat.type, kat.cur_mkvp, kat.alt_mkvp,
1709 kat.flags, apqns, &nr_apqns);
1710 DEBUG_DBG("%s pkey_apqns4keytype()=%d\n", __func__, rc);
1711 if (rc && rc != -ENOSPC) {
1715 if (!rc && kat.apqns) {
1716 if (nr_apqns > kat.apqn_entries) {
1720 len = nr_apqns * sizeof(struct pkey_apqn);
1722 if (copy_to_user(kat.apqns, apqns, len)) {
1728 kat.apqn_entries = nr_apqns;
1729 if (copy_to_user(uat, &kat, sizeof(kat)))
1734 case PKEY_KBLOB2PROTK3: {
1735 struct pkey_kblob2pkey3 __user *utp = (void __user *)arg;
1736 u32 protkeylen = PROTKEYBLOBBUFSIZE;
1737 struct pkey_apqn *apqns = NULL;
1738 struct pkey_kblob2pkey3 ktp;
1741 if (copy_from_user(&ktp, utp, sizeof(ktp)))
1743 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries);
1745 return PTR_ERR(apqns);
1746 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1749 return PTR_ERR(kkey);
1751 protkey = kmalloc(protkeylen, GFP_KERNEL);
1757 rc = pkey_keyblob2pkey3(apqns, ktp.apqn_entries,
1759 protkey, &protkeylen, &ktp.pkeytype);
1760 DEBUG_DBG("%s pkey_keyblob2pkey3()=%d\n", __func__, rc);
1762 memzero_explicit(kkey, ktp.keylen);
1768 if (ktp.pkey && ktp.pkeylen) {
1769 if (protkeylen > ktp.pkeylen) {
1773 if (copy_to_user(ktp.pkey, protkey, protkeylen)) {
1779 ktp.pkeylen = protkeylen;
1780 if (copy_to_user(utp, &ktp, sizeof(ktp)))
1785 /* unknown/unsupported ioctl cmd */
1793 * Sysfs and file io operations
1797 * Sysfs attribute read function for all protected key binary attributes.
1798 * The implementation can not deal with partial reads, because a new random
1799 * protected key blob is generated with each read. In case of partial reads
1800 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1802 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
1803 loff_t off, size_t count)
1805 struct protaeskeytoken protkeytoken;
1806 struct pkey_protkey protkey;
1809 if (off != 0 || count < sizeof(protkeytoken))
1812 if (count < 2 * sizeof(protkeytoken))
1815 memset(&protkeytoken, 0, sizeof(protkeytoken));
1816 protkeytoken.type = TOKTYPE_NON_CCA;
1817 protkeytoken.version = TOKVER_PROTECTED_KEY;
1818 protkeytoken.keytype = keytype;
1820 protkey.len = sizeof(protkey.protkey);
1821 rc = pkey_genprotkey(protkeytoken.keytype,
1822 protkey.protkey, &protkey.len, &protkey.type);
1826 protkeytoken.len = protkey.len;
1827 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
1829 memcpy(buf, &protkeytoken, sizeof(protkeytoken));
1832 /* xts needs a second protected key, reuse protkey struct */
1833 protkey.len = sizeof(protkey.protkey);
1834 rc = pkey_genprotkey(protkeytoken.keytype,
1835 protkey.protkey, &protkey.len, &protkey.type);
1839 protkeytoken.len = protkey.len;
1840 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
1842 memcpy(buf + sizeof(protkeytoken), &protkeytoken,
1843 sizeof(protkeytoken));
1845 return 2 * sizeof(protkeytoken);
1848 return sizeof(protkeytoken);
1851 static ssize_t protkey_aes_128_read(struct file *filp,
1852 struct kobject *kobj,
1853 struct bin_attribute *attr,
1854 char *buf, loff_t off,
1857 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
1861 static ssize_t protkey_aes_192_read(struct file *filp,
1862 struct kobject *kobj,
1863 struct bin_attribute *attr,
1864 char *buf, loff_t off,
1867 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
1871 static ssize_t protkey_aes_256_read(struct file *filp,
1872 struct kobject *kobj,
1873 struct bin_attribute *attr,
1874 char *buf, loff_t off,
1877 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
1881 static ssize_t protkey_aes_128_xts_read(struct file *filp,
1882 struct kobject *kobj,
1883 struct bin_attribute *attr,
1884 char *buf, loff_t off,
1887 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
1891 static ssize_t protkey_aes_256_xts_read(struct file *filp,
1892 struct kobject *kobj,
1893 struct bin_attribute *attr,
1894 char *buf, loff_t off,
1897 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
1901 static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
1902 static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
1903 static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
1904 static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
1905 static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
1907 static struct bin_attribute *protkey_attrs[] = {
1908 &bin_attr_protkey_aes_128,
1909 &bin_attr_protkey_aes_192,
1910 &bin_attr_protkey_aes_256,
1911 &bin_attr_protkey_aes_128_xts,
1912 &bin_attr_protkey_aes_256_xts,
1916 static struct attribute_group protkey_attr_group = {
1918 .bin_attrs = protkey_attrs,
1922 * Sysfs attribute read function for all secure key ccadata binary attributes.
1923 * The implementation can not deal with partial reads, because a new random
1924 * protected key blob is generated with each read. In case of partial reads
1925 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1927 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
1928 loff_t off, size_t count)
1930 struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
1933 if (off != 0 || count < sizeof(struct secaeskeytoken))
1936 if (count < 2 * sizeof(struct secaeskeytoken))
1939 rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
1945 rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
1949 return 2 * sizeof(struct secaeskeytoken);
1952 return sizeof(struct secaeskeytoken);
1955 static ssize_t ccadata_aes_128_read(struct file *filp,
1956 struct kobject *kobj,
1957 struct bin_attribute *attr,
1958 char *buf, loff_t off,
1961 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
1965 static ssize_t ccadata_aes_192_read(struct file *filp,
1966 struct kobject *kobj,
1967 struct bin_attribute *attr,
1968 char *buf, loff_t off,
1971 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
1975 static ssize_t ccadata_aes_256_read(struct file *filp,
1976 struct kobject *kobj,
1977 struct bin_attribute *attr,
1978 char *buf, loff_t off,
1981 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
1985 static ssize_t ccadata_aes_128_xts_read(struct file *filp,
1986 struct kobject *kobj,
1987 struct bin_attribute *attr,
1988 char *buf, loff_t off,
1991 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
1995 static ssize_t ccadata_aes_256_xts_read(struct file *filp,
1996 struct kobject *kobj,
1997 struct bin_attribute *attr,
1998 char *buf, loff_t off,
2001 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
2005 static BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken));
2006 static BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken));
2007 static BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken));
2008 static BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken));
2009 static BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken));
2011 static struct bin_attribute *ccadata_attrs[] = {
2012 &bin_attr_ccadata_aes_128,
2013 &bin_attr_ccadata_aes_192,
2014 &bin_attr_ccadata_aes_256,
2015 &bin_attr_ccadata_aes_128_xts,
2016 &bin_attr_ccadata_aes_256_xts,
2020 static struct attribute_group ccadata_attr_group = {
2022 .bin_attrs = ccadata_attrs,
2025 #define CCACIPHERTOKENSIZE (sizeof(struct cipherkeytoken) + 80)
2028 * Sysfs attribute read function for all secure key ccacipher binary attributes.
2029 * The implementation can not deal with partial reads, because a new random
2030 * secure key blob is generated with each read. In case of partial reads
2031 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2033 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
2034 bool is_xts, char *buf, loff_t off,
2037 size_t keysize = CCACIPHERTOKENSIZE;
2038 u32 nr_apqns, *apqns = NULL;
2039 int i, rc, card, dom;
2041 if (off != 0 || count < CCACIPHERTOKENSIZE)
2044 if (count < 2 * CCACIPHERTOKENSIZE)
2047 /* build a list of apqns able to generate an cipher key */
2048 rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
2049 ZCRYPT_CEX6, 0, 0, 0, 0);
2053 memset(buf, 0, is_xts ? 2 * keysize : keysize);
2055 /* simple try all apqns from the list */
2056 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
2057 card = apqns[i] >> 16;
2058 dom = apqns[i] & 0xFFFF;
2059 rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
2067 keysize = CCACIPHERTOKENSIZE;
2068 buf += CCACIPHERTOKENSIZE;
2069 rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
2071 return 2 * CCACIPHERTOKENSIZE;
2074 return CCACIPHERTOKENSIZE;
2077 static ssize_t ccacipher_aes_128_read(struct file *filp,
2078 struct kobject *kobj,
2079 struct bin_attribute *attr,
2080 char *buf, loff_t off,
2083 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
2087 static ssize_t ccacipher_aes_192_read(struct file *filp,
2088 struct kobject *kobj,
2089 struct bin_attribute *attr,
2090 char *buf, loff_t off,
2093 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
2097 static ssize_t ccacipher_aes_256_read(struct file *filp,
2098 struct kobject *kobj,
2099 struct bin_attribute *attr,
2100 char *buf, loff_t off,
2103 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
2107 static ssize_t ccacipher_aes_128_xts_read(struct file *filp,
2108 struct kobject *kobj,
2109 struct bin_attribute *attr,
2110 char *buf, loff_t off,
2113 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
2117 static ssize_t ccacipher_aes_256_xts_read(struct file *filp,
2118 struct kobject *kobj,
2119 struct bin_attribute *attr,
2120 char *buf, loff_t off,
2123 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
2127 static BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE);
2128 static BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE);
2129 static BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE);
2130 static BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE);
2131 static BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE);
2133 static struct bin_attribute *ccacipher_attrs[] = {
2134 &bin_attr_ccacipher_aes_128,
2135 &bin_attr_ccacipher_aes_192,
2136 &bin_attr_ccacipher_aes_256,
2137 &bin_attr_ccacipher_aes_128_xts,
2138 &bin_attr_ccacipher_aes_256_xts,
2142 static struct attribute_group ccacipher_attr_group = {
2143 .name = "ccacipher",
2144 .bin_attrs = ccacipher_attrs,
2148 * Sysfs attribute read function for all ep11 aes key binary attributes.
2149 * The implementation can not deal with partial reads, because a new random
2150 * secure key blob is generated with each read. In case of partial reads
2151 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2152 * This function and the sysfs attributes using it provide EP11 key blobs
2153 * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently
2156 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
2157 bool is_xts, char *buf, loff_t off,
2160 size_t keysize = MAXEP11AESKEYBLOBSIZE;
2161 u32 nr_apqns, *apqns = NULL;
2162 int i, rc, card, dom;
2164 if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
2167 if (count < 2 * MAXEP11AESKEYBLOBSIZE)
2170 /* build a list of apqns able to generate an cipher key */
2171 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
2173 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
2178 memset(buf, 0, is_xts ? 2 * keysize : keysize);
2180 /* simple try all apqns from the list */
2181 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
2182 card = apqns[i] >> 16;
2183 dom = apqns[i] & 0xFFFF;
2184 rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize,
2185 PKEY_TYPE_EP11_AES);
2193 keysize = MAXEP11AESKEYBLOBSIZE;
2194 buf += MAXEP11AESKEYBLOBSIZE;
2195 rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize,
2196 PKEY_TYPE_EP11_AES);
2198 return 2 * MAXEP11AESKEYBLOBSIZE;
2201 return MAXEP11AESKEYBLOBSIZE;
2204 static ssize_t ep11_aes_128_read(struct file *filp,
2205 struct kobject *kobj,
2206 struct bin_attribute *attr,
2207 char *buf, loff_t off,
2210 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
2214 static ssize_t ep11_aes_192_read(struct file *filp,
2215 struct kobject *kobj,
2216 struct bin_attribute *attr,
2217 char *buf, loff_t off,
2220 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
2224 static ssize_t ep11_aes_256_read(struct file *filp,
2225 struct kobject *kobj,
2226 struct bin_attribute *attr,
2227 char *buf, loff_t off,
2230 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
2234 static ssize_t ep11_aes_128_xts_read(struct file *filp,
2235 struct kobject *kobj,
2236 struct bin_attribute *attr,
2237 char *buf, loff_t off,
2240 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
2244 static ssize_t ep11_aes_256_xts_read(struct file *filp,
2245 struct kobject *kobj,
2246 struct bin_attribute *attr,
2247 char *buf, loff_t off,
2250 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
2254 static BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE);
2255 static BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE);
2256 static BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE);
2257 static BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE);
2258 static BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE);
2260 static struct bin_attribute *ep11_attrs[] = {
2261 &bin_attr_ep11_aes_128,
2262 &bin_attr_ep11_aes_192,
2263 &bin_attr_ep11_aes_256,
2264 &bin_attr_ep11_aes_128_xts,
2265 &bin_attr_ep11_aes_256_xts,
2269 static struct attribute_group ep11_attr_group = {
2271 .bin_attrs = ep11_attrs,
2274 static const struct attribute_group *pkey_attr_groups[] = {
2275 &protkey_attr_group,
2276 &ccadata_attr_group,
2277 &ccacipher_attr_group,
2282 static const struct file_operations pkey_fops = {
2283 .owner = THIS_MODULE,
2284 .open = nonseekable_open,
2285 .llseek = no_llseek,
2286 .unlocked_ioctl = pkey_unlocked_ioctl,
2289 static struct miscdevice pkey_dev = {
2291 .minor = MISC_DYNAMIC_MINOR,
2294 .groups = pkey_attr_groups,
2300 static int __init pkey_init(void)
2302 cpacf_mask_t func_mask;
2305 * The pckmo instruction should be available - even if we don't
2306 * actually invoke it. This instruction comes with MSA 3 which
2307 * is also the minimum level for the kmc instructions which
2308 * are able to work with protected keys.
2310 if (!cpacf_query(CPACF_PCKMO, &func_mask))
2313 /* check for kmc instructions available */
2314 if (!cpacf_query(CPACF_KMC, &func_mask))
2316 if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
2317 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||
2318 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))
2323 return misc_register(&pkey_dev);
2329 static void __exit pkey_exit(void)
2331 misc_deregister(&pkey_dev);
2335 module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init);
2336 module_exit(pkey_exit);