1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  pkey device driver
4  *
5  *  Copyright IBM Corp. 2017, 2023
6  *
7  *  Author(s): Harald Freudenberger
8  */
9 
10 #define KMSG_COMPONENT "pkey"
11 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
12 
13 #include <linux/fs.h>
14 #include <linux/init.h>
15 #include <linux/miscdevice.h>
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/kallsyms.h>
19 #include <linux/debugfs.h>
20 #include <linux/random.h>
21 #include <linux/cpufeature.h>
22 #include <asm/zcrypt.h>
23 #include <asm/cpacf.h>
24 #include <asm/pkey.h>
25 #include <crypto/aes.h>
26 
27 #include "zcrypt_api.h"
28 #include "zcrypt_ccamisc.h"
29 #include "zcrypt_ep11misc.h"
30 
31 MODULE_LICENSE("GPL");
32 MODULE_AUTHOR("IBM Corporation");
33 MODULE_DESCRIPTION("s390 protected key interface");
34 
35 #define KEYBLOBBUFSIZE 8192	/* key buffer size used for internal processing */
36 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header))
37 #define PROTKEYBLOBBUFSIZE 256	/* protected key buffer size used internal */
38 #define MAXAPQNSINLIST 64	/* max 64 apqns within a apqn list */
39 #define AES_WK_VP_SIZE 32	/* Size of WK VP block appended to a prot key */
40 
41 /*
42  * debug feature data and functions
43  */
44 
45 static debug_info_t *debug_info;
46 
47 #define DEBUG_DBG(...)	debug_sprintf_event(debug_info, 6, ##__VA_ARGS__)
48 #define DEBUG_INFO(...) debug_sprintf_event(debug_info, 5, ##__VA_ARGS__)
49 #define DEBUG_WARN(...) debug_sprintf_event(debug_info, 4, ##__VA_ARGS__)
50 #define DEBUG_ERR(...)	debug_sprintf_event(debug_info, 3, ##__VA_ARGS__)
51 
pkey_debug_init(void)52 static void __init pkey_debug_init(void)
53 {
54 	/* 5 arguments per dbf entry (including the format string ptr) */
55 	debug_info = debug_register("pkey", 1, 1, 5 * sizeof(long));
56 	debug_register_view(debug_info, &debug_sprintf_view);
57 	debug_set_level(debug_info, 3);
58 }
59 
pkey_debug_exit(void)60 static void __exit pkey_debug_exit(void)
61 {
62 	debug_unregister(debug_info);
63 }
64 
65 /* inside view of a protected key token (only type 0x00 version 0x01) */
66 struct protaeskeytoken {
67 	u8  type;     /* 0x00 for PAES specific key tokens */
68 	u8  res0[3];
69 	u8  version;  /* should be 0x01 for protected AES key token */
70 	u8  res1[3];
71 	u32 keytype;  /* key type, one of the PKEY_KEYTYPE values */
72 	u32 len;      /* bytes actually stored in protkey[] */
73 	u8  protkey[MAXPROTKEYSIZE]; /* the protected key blob */
74 } __packed;
75 
76 /* inside view of a clear key token (type 0x00 version 0x02) */
77 struct clearkeytoken {
78 	u8  type;	/* 0x00 for PAES specific key tokens */
79 	u8  res0[3];
80 	u8  version;	/* 0x02 for clear key token */
81 	u8  res1[3];
82 	u32 keytype;	/* key type, one of the PKEY_KEYTYPE_* values */
83 	u32 len;	/* bytes actually stored in clearkey[] */
84 	u8  clearkey[]; /* clear key value */
85 } __packed;
86 
87 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */
pkey_keytype_aes_to_size(u32 keytype)88 static inline u32 pkey_keytype_aes_to_size(u32 keytype)
89 {
90 	switch (keytype) {
91 	case PKEY_KEYTYPE_AES_128:
92 		return 16;
93 	case PKEY_KEYTYPE_AES_192:
94 		return 24;
95 	case PKEY_KEYTYPE_AES_256:
96 		return 32;
97 	default:
98 		return 0;
99 	}
100 }
101 
102 /*
103  * Create a protected key from a clear key value via PCKMO instruction.
104  */
pkey_clr2protkey(u32 keytype,const u8 * clrkey,u8 * protkey,u32 * protkeylen,u32 * protkeytype)105 static int pkey_clr2protkey(u32 keytype, const u8 *clrkey,
106 			    u8 *protkey, u32 *protkeylen, u32 *protkeytype)
107 {
108 	/* mask of available pckmo subfunctions */
109 	static cpacf_mask_t pckmo_functions;
110 
111 	u8 paramblock[112];
112 	u32 pkeytype;
113 	int keysize;
114 	long fc;
115 
116 	switch (keytype) {
117 	case PKEY_KEYTYPE_AES_128:
118 		/* 16 byte key, 32 byte aes wkvp, total 48 bytes */
119 		keysize = 16;
120 		pkeytype = keytype;
121 		fc = CPACF_PCKMO_ENC_AES_128_KEY;
122 		break;
123 	case PKEY_KEYTYPE_AES_192:
124 		/* 24 byte key, 32 byte aes wkvp, total 56 bytes */
125 		keysize = 24;
126 		pkeytype = keytype;
127 		fc = CPACF_PCKMO_ENC_AES_192_KEY;
128 		break;
129 	case PKEY_KEYTYPE_AES_256:
130 		/* 32 byte key, 32 byte aes wkvp, total 64 bytes */
131 		keysize = 32;
132 		pkeytype = keytype;
133 		fc = CPACF_PCKMO_ENC_AES_256_KEY;
134 		break;
135 	case PKEY_KEYTYPE_ECC_P256:
136 		/* 32 byte key, 32 byte aes wkvp, total 64 bytes */
137 		keysize = 32;
138 		pkeytype = PKEY_KEYTYPE_ECC;
139 		fc = CPACF_PCKMO_ENC_ECC_P256_KEY;
140 		break;
141 	case PKEY_KEYTYPE_ECC_P384:
142 		/* 48 byte key, 32 byte aes wkvp, total 80 bytes */
143 		keysize = 48;
144 		pkeytype = PKEY_KEYTYPE_ECC;
145 		fc = CPACF_PCKMO_ENC_ECC_P384_KEY;
146 		break;
147 	case PKEY_KEYTYPE_ECC_P521:
148 		/* 80 byte key, 32 byte aes wkvp, total 112 bytes */
149 		keysize = 80;
150 		pkeytype = PKEY_KEYTYPE_ECC;
151 		fc = CPACF_PCKMO_ENC_ECC_P521_KEY;
152 		break;
153 	case PKEY_KEYTYPE_ECC_ED25519:
154 		/* 32 byte key, 32 byte aes wkvp, total 64 bytes */
155 		keysize = 32;
156 		pkeytype = PKEY_KEYTYPE_ECC;
157 		fc = CPACF_PCKMO_ENC_ECC_ED25519_KEY;
158 		break;
159 	case PKEY_KEYTYPE_ECC_ED448:
160 		/* 64 byte key, 32 byte aes wkvp, total 96 bytes */
161 		keysize = 64;
162 		pkeytype = PKEY_KEYTYPE_ECC;
163 		fc = CPACF_PCKMO_ENC_ECC_ED448_KEY;
164 		break;
165 	default:
166 		DEBUG_ERR("%s unknown/unsupported keytype %u\n",
167 			  __func__, keytype);
168 		return -EINVAL;
169 	}
170 
171 	if (*protkeylen < keysize + AES_WK_VP_SIZE) {
172 		DEBUG_ERR("%s prot key buffer size too small: %u < %d\n",
173 			  __func__, *protkeylen, keysize + AES_WK_VP_SIZE);
174 		return -EINVAL;
175 	}
176 
177 	/* Did we already check for PCKMO ? */
178 	if (!pckmo_functions.bytes[0]) {
179 		/* no, so check now */
180 		if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
181 			return -ENODEV;
182 	}
183 	/* check for the pckmo subfunction we need now */
184 	if (!cpacf_test_func(&pckmo_functions, fc)) {
185 		DEBUG_ERR("%s pckmo functions not available\n", __func__);
186 		return -ENODEV;
187 	}
188 
189 	/* prepare param block */
190 	memset(paramblock, 0, sizeof(paramblock));
191 	memcpy(paramblock, clrkey, keysize);
192 
193 	/* call the pckmo instruction */
194 	cpacf_pckmo(fc, paramblock);
195 
196 	/* copy created protected key to key buffer including the wkvp block */
197 	*protkeylen = keysize + AES_WK_VP_SIZE;
198 	memcpy(protkey, paramblock, *protkeylen);
199 	*protkeytype = pkeytype;
200 
201 	return 0;
202 }
203 
204 /*
205  * Find card and transform secure key into protected key.
206  */
pkey_skey2pkey(const u8 * key,u8 * protkey,u32 * protkeylen,u32 * protkeytype)207 static int pkey_skey2pkey(const u8 *key, u8 *protkey,
208 			  u32 *protkeylen, u32 *protkeytype)
209 {
210 	struct keytoken_header *hdr = (struct keytoken_header *)key;
211 	u16 cardnr, domain;
212 	int rc, verify;
213 
214 	zcrypt_wait_api_operational();
215 
216 	/*
217 	 * The cca_xxx2protkey call may fail when a card has been
218 	 * addressed where the master key was changed after last fetch
219 	 * of the mkvp into the cache. Try 3 times: First without verify
220 	 * then with verify and last round with verify and old master
221 	 * key verification pattern match not ignored.
222 	 */
223 	for (verify = 0; verify < 3; verify++) {
224 		rc = cca_findcard(key, &cardnr, &domain, verify);
225 		if (rc < 0)
226 			continue;
227 		if (rc > 0 && verify < 2)
228 			continue;
229 		switch (hdr->version) {
230 		case TOKVER_CCA_AES:
231 			rc = cca_sec2protkey(cardnr, domain, key,
232 					     protkey, protkeylen, protkeytype);
233 			break;
234 		case TOKVER_CCA_VLSC:
235 			rc = cca_cipher2protkey(cardnr, domain, key,
236 						protkey, protkeylen,
237 						protkeytype);
238 			break;
239 		default:
240 			return -EINVAL;
241 		}
242 		if (rc == 0)
243 			break;
244 	}
245 
246 	if (rc)
247 		DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
248 
249 	return rc;
250 }
251 
252 /*
253  * Construct EP11 key with given clear key value.
254  */
pkey_clr2ep11key(const u8 * clrkey,size_t clrkeylen,u8 * keybuf,size_t * keybuflen)255 static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen,
256 			    u8 *keybuf, size_t *keybuflen)
257 {
258 	u32 nr_apqns, *apqns = NULL;
259 	u16 card, dom;
260 	int i, rc;
261 
262 	zcrypt_wait_api_operational();
263 
264 	/* build a list of apqns suitable for ep11 keys with cpacf support */
265 	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
266 			    ZCRYPT_CEX7,
267 			    ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
268 			    NULL);
269 	if (rc)
270 		goto out;
271 
272 	/* go through the list of apqns and try to bild an ep11 key */
273 	for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {
274 		card = apqns[i] >> 16;
275 		dom = apqns[i] & 0xFFFF;
276 		rc = ep11_clr2keyblob(card, dom, clrkeylen * 8,
277 				      0, clrkey, keybuf, keybuflen,
278 				      PKEY_TYPE_EP11);
279 		if (rc == 0)
280 			break;
281 	}
282 
283 out:
284 	kfree(apqns);
285 	if (rc)
286 		DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
287 	return rc;
288 }
289 
290 /*
291  * Find card and transform EP11 secure key into protected key.
292  */
pkey_ep11key2pkey(const u8 * key,size_t keylen,u8 * protkey,u32 * protkeylen,u32 * protkeytype)293 static int pkey_ep11key2pkey(const u8 *key, size_t keylen,
294 			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)
295 {
296 	u32 nr_apqns, *apqns = NULL;
297 	u16 card, dom;
298 	int i, rc;
299 
300 	zcrypt_wait_api_operational();
301 
302 	/* build a list of apqns suitable for this key */
303 	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
304 			    ZCRYPT_CEX7,
305 			    ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
306 			    ep11_kb_wkvp(key, keylen));
307 	if (rc)
308 		goto out;
309 
310 	/* go through the list of apqns and try to derive an pkey */
311 	for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {
312 		card = apqns[i] >> 16;
313 		dom = apqns[i] & 0xFFFF;
314 		rc = ep11_kblob2protkey(card, dom, key, keylen,
315 					protkey, protkeylen, protkeytype);
316 		if (rc == 0)
317 			break;
318 	}
319 
320 out:
321 	kfree(apqns);
322 	if (rc)
323 		DEBUG_DBG("%s failed rc=%d\n", __func__, rc);
324 	return rc;
325 }
326 
327 /*
328  * Verify key and give back some info about the key.
329  */
pkey_verifykey(const struct pkey_seckey * seckey,u16 * pcardnr,u16 * pdomain,u16 * pkeysize,u32 * pattributes)330 static int pkey_verifykey(const struct pkey_seckey *seckey,
331 			  u16 *pcardnr, u16 *pdomain,
332 			  u16 *pkeysize, u32 *pattributes)
333 {
334 	struct secaeskeytoken *t = (struct secaeskeytoken *)seckey;
335 	u16 cardnr, domain;
336 	int rc;
337 
338 	/* check the secure key for valid AES secure key */
339 	rc = cca_check_secaeskeytoken(debug_info, 3, (u8 *)seckey, 0);
340 	if (rc)
341 		goto out;
342 	if (pattributes)
343 		*pattributes = PKEY_VERIFY_ATTR_AES;
344 	if (pkeysize)
345 		*pkeysize = t->bitsize;
346 
347 	/* try to find a card which can handle this key */
348 	rc = cca_findcard(seckey->seckey, &cardnr, &domain, 1);
349 	if (rc < 0)
350 		goto out;
351 
352 	if (rc > 0) {
353 		/* key mkvp matches to old master key mkvp */
354 		DEBUG_DBG("%s secure key has old mkvp\n", __func__);
355 		if (pattributes)
356 			*pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
357 		rc = 0;
358 	}
359 
360 	if (pcardnr)
361 		*pcardnr = cardnr;
362 	if (pdomain)
363 		*pdomain = domain;
364 
365 out:
366 	DEBUG_DBG("%s rc=%d\n", __func__, rc);
367 	return rc;
368 }
369 
370 /*
371  * Generate a random protected key
372  */
pkey_genprotkey(u32 keytype,u8 * protkey,u32 * protkeylen,u32 * protkeytype)373 static int pkey_genprotkey(u32 keytype, u8 *protkey,
374 			   u32 *protkeylen, u32 *protkeytype)
375 {
376 	u8 clrkey[32];
377 	int keysize;
378 	int rc;
379 
380 	keysize = pkey_keytype_aes_to_size(keytype);
381 	if (!keysize) {
382 		DEBUG_ERR("%s unknown/unsupported keytype %d\n", __func__,
383 			  keytype);
384 		return -EINVAL;
385 	}
386 
387 	/* generate a dummy random clear key */
388 	get_random_bytes(clrkey, keysize);
389 
390 	/* convert it to a dummy protected key */
391 	rc = pkey_clr2protkey(keytype, clrkey,
392 			      protkey, protkeylen, protkeytype);
393 	if (rc)
394 		return rc;
395 
396 	/* replace the key part of the protected key with random bytes */
397 	get_random_bytes(protkey, keysize);
398 
399 	return 0;
400 }
401 
402 /*
403  * Verify if a protected key is still valid
404  */
pkey_verifyprotkey(const u8 * protkey,u32 protkeylen,u32 protkeytype)405 static int pkey_verifyprotkey(const u8 *protkey, u32 protkeylen,
406 			      u32 protkeytype)
407 {
408 	struct {
409 		u8 iv[AES_BLOCK_SIZE];
410 		u8 key[MAXPROTKEYSIZE];
411 	} param;
412 	u8 null_msg[AES_BLOCK_SIZE];
413 	u8 dest_buf[AES_BLOCK_SIZE];
414 	unsigned int k, pkeylen;
415 	unsigned long fc;
416 
417 	switch (protkeytype) {
418 	case PKEY_KEYTYPE_AES_128:
419 		pkeylen = 16 + AES_WK_VP_SIZE;
420 		fc = CPACF_KMC_PAES_128;
421 		break;
422 	case PKEY_KEYTYPE_AES_192:
423 		pkeylen = 24 + AES_WK_VP_SIZE;
424 		fc = CPACF_KMC_PAES_192;
425 		break;
426 	case PKEY_KEYTYPE_AES_256:
427 		pkeylen = 32 + AES_WK_VP_SIZE;
428 		fc = CPACF_KMC_PAES_256;
429 		break;
430 	default:
431 		DEBUG_ERR("%s unknown/unsupported keytype %u\n", __func__,
432 			  protkeytype);
433 		return -EINVAL;
434 	}
435 	if (protkeylen != pkeylen) {
436 		DEBUG_ERR("%s invalid protected key size %u for keytype %u\n",
437 			  __func__, protkeylen, protkeytype);
438 		return -EINVAL;
439 	}
440 
441 	memset(null_msg, 0, sizeof(null_msg));
442 
443 	memset(param.iv, 0, sizeof(param.iv));
444 	memcpy(param.key, protkey, protkeylen);
445 
446 	k = cpacf_kmc(fc | CPACF_ENCRYPT, &param, null_msg, dest_buf,
447 		      sizeof(null_msg));
448 	if (k != sizeof(null_msg)) {
449 		DEBUG_ERR("%s protected key is not valid\n", __func__);
450 		return -EKEYREJECTED;
451 	}
452 
453 	return 0;
454 }
455 
456 /* Helper for pkey_nonccatok2pkey, handles aes clear key token */
nonccatokaes2pkey(const struct clearkeytoken * t,u8 * protkey,u32 * protkeylen,u32 * protkeytype)457 static int nonccatokaes2pkey(const struct clearkeytoken *t,
458 			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)
459 {
460 	size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE);
461 	u8 *tmpbuf = NULL;
462 	u32 keysize;
463 	int rc;
464 
465 	keysize = pkey_keytype_aes_to_size(t->keytype);
466 	if (!keysize) {
467 		DEBUG_ERR("%s unknown/unsupported keytype %u\n",
468 			  __func__, t->keytype);
469 		return -EINVAL;
470 	}
471 	if (t->len != keysize) {
472 		DEBUG_ERR("%s non clear key aes token: invalid key len %u\n",
473 			  __func__, t->len);
474 		return -EINVAL;
475 	}
476 
477 	/* try direct way with the PCKMO instruction */
478 	rc = pkey_clr2protkey(t->keytype, t->clearkey,
479 			      protkey, protkeylen, protkeytype);
480 	if (!rc)
481 		goto out;
482 
483 	/* PCKMO failed, so try the CCA secure key way */
484 	tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC);
485 	if (!tmpbuf)
486 		return -ENOMEM;
487 	zcrypt_wait_api_operational();
488 	rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype, t->clearkey, tmpbuf);
489 	if (rc)
490 		goto try_via_ep11;
491 	rc = pkey_skey2pkey(tmpbuf,
492 			    protkey, protkeylen, protkeytype);
493 	if (!rc)
494 		goto out;
495 
496 try_via_ep11:
497 	/* if the CCA way also failed, let's try via EP11 */
498 	rc = pkey_clr2ep11key(t->clearkey, t->len,
499 			      tmpbuf, &tmpbuflen);
500 	if (rc)
501 		goto failure;
502 	rc = pkey_ep11key2pkey(tmpbuf, tmpbuflen,
503 			       protkey, protkeylen, protkeytype);
504 	if (!rc)
505 		goto out;
506 
507 failure:
508 	DEBUG_ERR("%s unable to build protected key from clear", __func__);
509 
510 out:
511 	kfree(tmpbuf);
512 	return rc;
513 }
514 
515 /* Helper for pkey_nonccatok2pkey, handles ecc clear key token */
nonccatokecc2pkey(const struct clearkeytoken * t,u8 * protkey,u32 * protkeylen,u32 * protkeytype)516 static int nonccatokecc2pkey(const struct clearkeytoken *t,
517 			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)
518 {
519 	u32 keylen;
520 	int rc;
521 
522 	switch (t->keytype) {
523 	case PKEY_KEYTYPE_ECC_P256:
524 		keylen = 32;
525 		break;
526 	case PKEY_KEYTYPE_ECC_P384:
527 		keylen = 48;
528 		break;
529 	case PKEY_KEYTYPE_ECC_P521:
530 		keylen = 80;
531 		break;
532 	case PKEY_KEYTYPE_ECC_ED25519:
533 		keylen = 32;
534 		break;
535 	case PKEY_KEYTYPE_ECC_ED448:
536 		keylen = 64;
537 		break;
538 	default:
539 		DEBUG_ERR("%s unknown/unsupported keytype %u\n",
540 			  __func__, t->keytype);
541 		return -EINVAL;
542 	}
543 
544 	if (t->len != keylen) {
545 		DEBUG_ERR("%s non clear key ecc token: invalid key len %u\n",
546 			  __func__, t->len);
547 		return -EINVAL;
548 	}
549 
550 	/* only one path possible: via PCKMO instruction */
551 	rc = pkey_clr2protkey(t->keytype, t->clearkey,
552 			      protkey, protkeylen, protkeytype);
553 	if (rc) {
554 		DEBUG_ERR("%s unable to build protected key from clear",
555 			  __func__);
556 	}
557 
558 	return rc;
559 }
560 
561 /*
562  * Transform a non-CCA key token into a protected key
563  */
pkey_nonccatok2pkey(const u8 * key,u32 keylen,u8 * protkey,u32 * protkeylen,u32 * protkeytype)564 static int pkey_nonccatok2pkey(const u8 *key, u32 keylen,
565 			       u8 *protkey, u32 *protkeylen, u32 *protkeytype)
566 {
567 	struct keytoken_header *hdr = (struct keytoken_header *)key;
568 	int rc = -EINVAL;
569 
570 	switch (hdr->version) {
571 	case TOKVER_PROTECTED_KEY: {
572 		struct protaeskeytoken *t;
573 
574 		if (keylen != sizeof(struct protaeskeytoken))
575 			goto out;
576 		t = (struct protaeskeytoken *)key;
577 		rc = pkey_verifyprotkey(t->protkey, t->len, t->keytype);
578 		if (rc)
579 			goto out;
580 		memcpy(protkey, t->protkey, t->len);
581 		*protkeylen = t->len;
582 		*protkeytype = t->keytype;
583 		break;
584 	}
585 	case TOKVER_CLEAR_KEY: {
586 		struct clearkeytoken *t = (struct clearkeytoken *)key;
587 
588 		if (keylen < sizeof(struct clearkeytoken) ||
589 		    keylen != sizeof(*t) + t->len)
590 			goto out;
591 		switch (t->keytype) {
592 		case PKEY_KEYTYPE_AES_128:
593 		case PKEY_KEYTYPE_AES_192:
594 		case PKEY_KEYTYPE_AES_256:
595 			rc = nonccatokaes2pkey(t, protkey,
596 					       protkeylen, protkeytype);
597 			break;
598 		case PKEY_KEYTYPE_ECC_P256:
599 		case PKEY_KEYTYPE_ECC_P384:
600 		case PKEY_KEYTYPE_ECC_P521:
601 		case PKEY_KEYTYPE_ECC_ED25519:
602 		case PKEY_KEYTYPE_ECC_ED448:
603 			rc = nonccatokecc2pkey(t, protkey,
604 					       protkeylen, protkeytype);
605 			break;
606 		default:
607 			DEBUG_ERR("%s unknown/unsupported non cca clear key type %u\n",
608 				  __func__, t->keytype);
609 			return -EINVAL;
610 		}
611 		break;
612 	}
613 	case TOKVER_EP11_AES: {
614 		/* check ep11 key for exportable as protected key */
615 		rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
616 		if (rc)
617 			goto out;
618 		rc = pkey_ep11key2pkey(key, keylen,
619 				       protkey, protkeylen, protkeytype);
620 		break;
621 	}
622 	case TOKVER_EP11_AES_WITH_HEADER:
623 		/* check ep11 key with header for exportable as protected key */
624 		rc = ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1);
625 		if (rc)
626 			goto out;
627 		rc = pkey_ep11key2pkey(key, keylen,
628 				       protkey, protkeylen, protkeytype);
629 		break;
630 	default:
631 		DEBUG_ERR("%s unknown/unsupported non-CCA token version %d\n",
632 			  __func__, hdr->version);
633 	}
634 
635 out:
636 	return rc;
637 }
638 
639 /*
640  * Transform a CCA internal key token into a protected key
641  */
pkey_ccainttok2pkey(const u8 * key,u32 keylen,u8 * protkey,u32 * protkeylen,u32 * protkeytype)642 static int pkey_ccainttok2pkey(const u8 *key, u32 keylen,
643 			       u8 *protkey, u32 *protkeylen, u32 *protkeytype)
644 {
645 	struct keytoken_header *hdr = (struct keytoken_header *)key;
646 
647 	switch (hdr->version) {
648 	case TOKVER_CCA_AES:
649 		if (keylen != sizeof(struct secaeskeytoken))
650 			return -EINVAL;
651 		break;
652 	case TOKVER_CCA_VLSC:
653 		if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
654 			return -EINVAL;
655 		break;
656 	default:
657 		DEBUG_ERR("%s unknown/unsupported CCA internal token version %d\n",
658 			  __func__, hdr->version);
659 		return -EINVAL;
660 	}
661 
662 	return pkey_skey2pkey(key, protkey, protkeylen, protkeytype);
663 }
664 
665 /*
666  * Transform a key blob (of any type) into a protected key
667  */
pkey_keyblob2pkey(const u8 * key,u32 keylen,u8 * protkey,u32 * protkeylen,u32 * protkeytype)668 int pkey_keyblob2pkey(const u8 *key, u32 keylen,
669 		      u8 *protkey, u32 *protkeylen, u32 *protkeytype)
670 {
671 	struct keytoken_header *hdr = (struct keytoken_header *)key;
672 	int rc;
673 
674 	if (keylen < sizeof(struct keytoken_header)) {
675 		DEBUG_ERR("%s invalid keylen %d\n", __func__, keylen);
676 		return -EINVAL;
677 	}
678 
679 	switch (hdr->type) {
680 	case TOKTYPE_NON_CCA:
681 		rc = pkey_nonccatok2pkey(key, keylen,
682 					 protkey, protkeylen, protkeytype);
683 		break;
684 	case TOKTYPE_CCA_INTERNAL:
685 		rc = pkey_ccainttok2pkey(key, keylen,
686 					 protkey, protkeylen, protkeytype);
687 		break;
688 	default:
689 		DEBUG_ERR("%s unknown/unsupported blob type %d\n",
690 			  __func__, hdr->type);
691 		return -EINVAL;
692 	}
693 
694 	DEBUG_DBG("%s rc=%d\n", __func__, rc);
695 	return rc;
696 }
697 EXPORT_SYMBOL(pkey_keyblob2pkey);
698 
pkey_genseckey2(const struct pkey_apqn * apqns,size_t nr_apqns,enum pkey_key_type ktype,enum pkey_key_size ksize,u32 kflags,u8 * keybuf,size_t * keybufsize)699 static int pkey_genseckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
700 			   enum pkey_key_type ktype, enum pkey_key_size ksize,
701 			   u32 kflags, u8 *keybuf, size_t *keybufsize)
702 {
703 	int i, card, dom, rc;
704 
705 	/* check for at least one apqn given */
706 	if (!apqns || !nr_apqns)
707 		return -EINVAL;
708 
709 	/* check key type and size */
710 	switch (ktype) {
711 	case PKEY_TYPE_CCA_DATA:
712 	case PKEY_TYPE_CCA_CIPHER:
713 		if (*keybufsize < SECKEYBLOBSIZE)
714 			return -EINVAL;
715 		break;
716 	case PKEY_TYPE_EP11:
717 		if (*keybufsize < MINEP11AESKEYBLOBSIZE)
718 			return -EINVAL;
719 		break;
720 	case PKEY_TYPE_EP11_AES:
721 		if (*keybufsize < (sizeof(struct ep11kblob_header) +
722 				   MINEP11AESKEYBLOBSIZE))
723 			return -EINVAL;
724 		break;
725 	default:
726 		return -EINVAL;
727 	}
728 	switch (ksize) {
729 	case PKEY_SIZE_AES_128:
730 	case PKEY_SIZE_AES_192:
731 	case PKEY_SIZE_AES_256:
732 		break;
733 	default:
734 		return -EINVAL;
735 	}
736 
737 	/* simple try all apqns from the list */
738 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
739 		card = apqns[i].card;
740 		dom = apqns[i].domain;
741 		if (ktype == PKEY_TYPE_EP11 ||
742 		    ktype == PKEY_TYPE_EP11_AES) {
743 			rc = ep11_genaeskey(card, dom, ksize, kflags,
744 					    keybuf, keybufsize, ktype);
745 		} else if (ktype == PKEY_TYPE_CCA_DATA) {
746 			rc = cca_genseckey(card, dom, ksize, keybuf);
747 			*keybufsize = (rc ? 0 : SECKEYBLOBSIZE);
748 		} else {
749 			/* TOKVER_CCA_VLSC */
750 			rc = cca_gencipherkey(card, dom, ksize, kflags,
751 					      keybuf, keybufsize);
752 		}
753 		if (rc == 0)
754 			break;
755 	}
756 
757 	return rc;
758 }
759 
pkey_clr2seckey2(const struct pkey_apqn * apqns,size_t nr_apqns,enum pkey_key_type ktype,enum pkey_key_size ksize,u32 kflags,const u8 * clrkey,u8 * keybuf,size_t * keybufsize)760 static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
761 			    enum pkey_key_type ktype, enum pkey_key_size ksize,
762 			    u32 kflags, const u8 *clrkey,
763 			    u8 *keybuf, size_t *keybufsize)
764 {
765 	int i, card, dom, rc;
766 
767 	/* check for at least one apqn given */
768 	if (!apqns || !nr_apqns)
769 		return -EINVAL;
770 
771 	/* check key type and size */
772 	switch (ktype) {
773 	case PKEY_TYPE_CCA_DATA:
774 	case PKEY_TYPE_CCA_CIPHER:
775 		if (*keybufsize < SECKEYBLOBSIZE)
776 			return -EINVAL;
777 		break;
778 	case PKEY_TYPE_EP11:
779 		if (*keybufsize < MINEP11AESKEYBLOBSIZE)
780 			return -EINVAL;
781 		break;
782 	case PKEY_TYPE_EP11_AES:
783 		if (*keybufsize < (sizeof(struct ep11kblob_header) +
784 				   MINEP11AESKEYBLOBSIZE))
785 			return -EINVAL;
786 		break;
787 	default:
788 		return -EINVAL;
789 	}
790 	switch (ksize) {
791 	case PKEY_SIZE_AES_128:
792 	case PKEY_SIZE_AES_192:
793 	case PKEY_SIZE_AES_256:
794 		break;
795 	default:
796 		return -EINVAL;
797 	}
798 
799 	zcrypt_wait_api_operational();
800 
801 	/* simple try all apqns from the list */
802 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
803 		card = apqns[i].card;
804 		dom = apqns[i].domain;
805 		if (ktype == PKEY_TYPE_EP11 ||
806 		    ktype == PKEY_TYPE_EP11_AES) {
807 			rc = ep11_clr2keyblob(card, dom, ksize, kflags,
808 					      clrkey, keybuf, keybufsize,
809 					      ktype);
810 		} else if (ktype == PKEY_TYPE_CCA_DATA) {
811 			rc = cca_clr2seckey(card, dom, ksize,
812 					    clrkey, keybuf);
813 			*keybufsize = (rc ? 0 : SECKEYBLOBSIZE);
814 		} else {
815 			/* TOKVER_CCA_VLSC */
816 			rc = cca_clr2cipherkey(card, dom, ksize, kflags,
817 					       clrkey, keybuf, keybufsize);
818 		}
819 		if (rc == 0)
820 			break;
821 	}
822 
823 	return rc;
824 }
825 
pkey_verifykey2(const u8 * key,size_t keylen,u16 * cardnr,u16 * domain,enum pkey_key_type * ktype,enum pkey_key_size * ksize,u32 * flags)826 static int pkey_verifykey2(const u8 *key, size_t keylen,
827 			   u16 *cardnr, u16 *domain,
828 			   enum pkey_key_type *ktype,
829 			   enum pkey_key_size *ksize, u32 *flags)
830 {
831 	struct keytoken_header *hdr = (struct keytoken_header *)key;
832 	u32 _nr_apqns, *_apqns = NULL;
833 	int rc;
834 
835 	if (keylen < sizeof(struct keytoken_header))
836 		return -EINVAL;
837 
838 	if (hdr->type == TOKTYPE_CCA_INTERNAL &&
839 	    hdr->version == TOKVER_CCA_AES) {
840 		struct secaeskeytoken *t = (struct secaeskeytoken *)key;
841 
842 		rc = cca_check_secaeskeytoken(debug_info, 3, key, 0);
843 		if (rc)
844 			goto out;
845 		if (ktype)
846 			*ktype = PKEY_TYPE_CCA_DATA;
847 		if (ksize)
848 			*ksize = (enum pkey_key_size)t->bitsize;
849 
850 		rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
851 				   ZCRYPT_CEX3C, AES_MK_SET, t->mkvp, 0, 1);
852 		if (rc == 0 && flags)
853 			*flags = PKEY_FLAGS_MATCH_CUR_MKVP;
854 		if (rc == -ENODEV) {
855 			rc = cca_findcard2(&_apqns, &_nr_apqns,
856 					   *cardnr, *domain,
857 					   ZCRYPT_CEX3C, AES_MK_SET,
858 					   0, t->mkvp, 1);
859 			if (rc == 0 && flags)
860 				*flags = PKEY_FLAGS_MATCH_ALT_MKVP;
861 		}
862 		if (rc)
863 			goto out;
864 
865 		*cardnr = ((struct pkey_apqn *)_apqns)->card;
866 		*domain = ((struct pkey_apqn *)_apqns)->domain;
867 
868 	} else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
869 		   hdr->version == TOKVER_CCA_VLSC) {
870 		struct cipherkeytoken *t = (struct cipherkeytoken *)key;
871 
872 		rc = cca_check_secaescipherkey(debug_info, 3, key, 0, 1);
873 		if (rc)
874 			goto out;
875 		if (ktype)
876 			*ktype = PKEY_TYPE_CCA_CIPHER;
877 		if (ksize) {
878 			*ksize = PKEY_SIZE_UNKNOWN;
879 			if (!t->plfver && t->wpllen == 512)
880 				*ksize = PKEY_SIZE_AES_128;
881 			else if (!t->plfver && t->wpllen == 576)
882 				*ksize = PKEY_SIZE_AES_192;
883 			else if (!t->plfver && t->wpllen == 640)
884 				*ksize = PKEY_SIZE_AES_256;
885 		}
886 
887 		rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
888 				   ZCRYPT_CEX6, AES_MK_SET, t->mkvp0, 0, 1);
889 		if (rc == 0 && flags)
890 			*flags = PKEY_FLAGS_MATCH_CUR_MKVP;
891 		if (rc == -ENODEV) {
892 			rc = cca_findcard2(&_apqns, &_nr_apqns,
893 					   *cardnr, *domain,
894 					   ZCRYPT_CEX6, AES_MK_SET,
895 					   0, t->mkvp0, 1);
896 			if (rc == 0 && flags)
897 				*flags = PKEY_FLAGS_MATCH_ALT_MKVP;
898 		}
899 		if (rc)
900 			goto out;
901 
902 		*cardnr = ((struct pkey_apqn *)_apqns)->card;
903 		*domain = ((struct pkey_apqn *)_apqns)->domain;
904 
905 	} else if (hdr->type == TOKTYPE_NON_CCA &&
906 		   hdr->version == TOKVER_EP11_AES) {
907 		struct ep11keyblob *kb = (struct ep11keyblob *)key;
908 		int api;
909 
910 		rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
911 		if (rc)
912 			goto out;
913 		if (ktype)
914 			*ktype = PKEY_TYPE_EP11;
915 		if (ksize)
916 			*ksize = kb->head.bitlen;
917 
918 		api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
919 		rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
920 				    ZCRYPT_CEX7, api,
921 				    ep11_kb_wkvp(key, keylen));
922 		if (rc)
923 			goto out;
924 
925 		if (flags)
926 			*flags = PKEY_FLAGS_MATCH_CUR_MKVP;
927 
928 		*cardnr = ((struct pkey_apqn *)_apqns)->card;
929 		*domain = ((struct pkey_apqn *)_apqns)->domain;
930 
931 	} else if (hdr->type == TOKTYPE_NON_CCA &&
932 		   hdr->version == TOKVER_EP11_AES_WITH_HEADER) {
933 		struct ep11kblob_header *kh = (struct ep11kblob_header *)key;
934 		int api;
935 
936 		rc = ep11_check_aes_key_with_hdr(debug_info, 3,
937 						 key, keylen, 1);
938 		if (rc)
939 			goto out;
940 		if (ktype)
941 			*ktype = PKEY_TYPE_EP11_AES;
942 		if (ksize)
943 			*ksize = kh->bitlen;
944 
945 		api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
946 		rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
947 				    ZCRYPT_CEX7, api,
948 				    ep11_kb_wkvp(key, keylen));
949 		if (rc)
950 			goto out;
951 
952 		if (flags)
953 			*flags = PKEY_FLAGS_MATCH_CUR_MKVP;
954 
955 		*cardnr = ((struct pkey_apqn *)_apqns)->card;
956 		*domain = ((struct pkey_apqn *)_apqns)->domain;
957 	} else {
958 		rc = -EINVAL;
959 	}
960 
961 out:
962 	kfree(_apqns);
963 	return rc;
964 }
965 
pkey_keyblob2pkey2(const struct pkey_apqn * apqns,size_t nr_apqns,const u8 * key,size_t keylen,u8 * protkey,u32 * protkeylen,u32 * protkeytype)966 static int pkey_keyblob2pkey2(const struct pkey_apqn *apqns, size_t nr_apqns,
967 			      const u8 *key, size_t keylen,
968 			      u8 *protkey, u32 *protkeylen, u32 *protkeytype)
969 {
970 	struct keytoken_header *hdr = (struct keytoken_header *)key;
971 	int i, card, dom, rc;
972 
973 	/* check for at least one apqn given */
974 	if (!apqns || !nr_apqns)
975 		return -EINVAL;
976 
977 	if (keylen < sizeof(struct keytoken_header))
978 		return -EINVAL;
979 
980 	if (hdr->type == TOKTYPE_CCA_INTERNAL) {
981 		if (hdr->version == TOKVER_CCA_AES) {
982 			if (keylen != sizeof(struct secaeskeytoken))
983 				return -EINVAL;
984 			if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
985 				return -EINVAL;
986 		} else if (hdr->version == TOKVER_CCA_VLSC) {
987 			if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
988 				return -EINVAL;
989 			if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
990 				return -EINVAL;
991 		} else {
992 			DEBUG_ERR("%s unknown CCA internal token version %d\n",
993 				  __func__, hdr->version);
994 			return -EINVAL;
995 		}
996 	} else if (hdr->type == TOKTYPE_NON_CCA) {
997 		if (hdr->version == TOKVER_EP11_AES) {
998 			if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
999 				return -EINVAL;
1000 		} else if (hdr->version == TOKVER_EP11_AES_WITH_HEADER) {
1001 			if (ep11_check_aes_key_with_hdr(debug_info, 3,
1002 							key, keylen, 1))
1003 				return -EINVAL;
1004 		} else {
1005 			return pkey_nonccatok2pkey(key, keylen,
1006 						   protkey, protkeylen,
1007 						   protkeytype);
1008 		}
1009 	} else {
1010 		DEBUG_ERR("%s unknown/unsupported blob type %d\n",
1011 			  __func__, hdr->type);
1012 		return -EINVAL;
1013 	}
1014 
1015 	zcrypt_wait_api_operational();
1016 
1017 	/* simple try all apqns from the list */
1018 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
1019 		card = apqns[i].card;
1020 		dom = apqns[i].domain;
1021 		if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1022 		    hdr->version == TOKVER_CCA_AES) {
1023 			rc = cca_sec2protkey(card, dom, key,
1024 					     protkey, protkeylen, protkeytype);
1025 		} else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1026 			   hdr->version == TOKVER_CCA_VLSC) {
1027 			rc = cca_cipher2protkey(card, dom, key,
1028 						protkey, protkeylen,
1029 						protkeytype);
1030 		} else {
1031 			rc = ep11_kblob2protkey(card, dom, key, keylen,
1032 						protkey, protkeylen,
1033 						protkeytype);
1034 		}
1035 		if (rc == 0)
1036 			break;
1037 	}
1038 
1039 	return rc;
1040 }
1041 
pkey_apqns4key(const u8 * key,size_t keylen,u32 flags,struct pkey_apqn * apqns,size_t * nr_apqns)1042 static int pkey_apqns4key(const u8 *key, size_t keylen, u32 flags,
1043 			  struct pkey_apqn *apqns, size_t *nr_apqns)
1044 {
1045 	struct keytoken_header *hdr = (struct keytoken_header *)key;
1046 	u32 _nr_apqns, *_apqns = NULL;
1047 	int rc;
1048 
1049 	if (keylen < sizeof(struct keytoken_header) || flags == 0)
1050 		return -EINVAL;
1051 
1052 	zcrypt_wait_api_operational();
1053 
1054 	if (hdr->type == TOKTYPE_NON_CCA &&
1055 	    (hdr->version == TOKVER_EP11_AES_WITH_HEADER ||
1056 	     hdr->version == TOKVER_EP11_ECC_WITH_HEADER) &&
1057 	    is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1058 		struct ep11keyblob *kb = (struct ep11keyblob *)
1059 			(key + sizeof(struct ep11kblob_header));
1060 		int minhwtype = 0, api = 0;
1061 
1062 		if (flags != PKEY_FLAGS_MATCH_CUR_MKVP)
1063 			return -EINVAL;
1064 		if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) {
1065 			minhwtype = ZCRYPT_CEX7;
1066 			api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
1067 		}
1068 		rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1069 				    minhwtype, api, kb->wkvp);
1070 		if (rc)
1071 			goto out;
1072 	} else if (hdr->type == TOKTYPE_NON_CCA &&
1073 		   hdr->version == TOKVER_EP11_AES &&
1074 		   is_ep11_keyblob(key)) {
1075 		struct ep11keyblob *kb = (struct ep11keyblob *)key;
1076 		int minhwtype = 0, api = 0;
1077 
1078 		if (flags != PKEY_FLAGS_MATCH_CUR_MKVP)
1079 			return -EINVAL;
1080 		if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) {
1081 			minhwtype = ZCRYPT_CEX7;
1082 			api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
1083 		}
1084 		rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1085 				    minhwtype, api, kb->wkvp);
1086 		if (rc)
1087 			goto out;
1088 	} else if (hdr->type == TOKTYPE_CCA_INTERNAL) {
1089 		u64 cur_mkvp = 0, old_mkvp = 0;
1090 		int minhwtype = ZCRYPT_CEX3C;
1091 
1092 		if (hdr->version == TOKVER_CCA_AES) {
1093 			struct secaeskeytoken *t = (struct secaeskeytoken *)key;
1094 
1095 			if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1096 				cur_mkvp = t->mkvp;
1097 			if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1098 				old_mkvp = t->mkvp;
1099 		} else if (hdr->version == TOKVER_CCA_VLSC) {
1100 			struct cipherkeytoken *t = (struct cipherkeytoken *)key;
1101 
1102 			minhwtype = ZCRYPT_CEX6;
1103 			if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1104 				cur_mkvp = t->mkvp0;
1105 			if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1106 				old_mkvp = t->mkvp0;
1107 		} else {
1108 			/* unknown cca internal token type */
1109 			return -EINVAL;
1110 		}
1111 		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1112 				   minhwtype, AES_MK_SET,
1113 				   cur_mkvp, old_mkvp, 1);
1114 		if (rc)
1115 			goto out;
1116 	} else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) {
1117 		struct eccprivkeytoken *t = (struct eccprivkeytoken *)key;
1118 		u64 cur_mkvp = 0, old_mkvp = 0;
1119 
1120 		if (t->secid == 0x20) {
1121 			if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1122 				cur_mkvp = t->mkvp;
1123 			if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1124 				old_mkvp = t->mkvp;
1125 		} else {
1126 			/* unknown cca internal 2 token type */
1127 			return -EINVAL;
1128 		}
1129 		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1130 				   ZCRYPT_CEX7, APKA_MK_SET,
1131 				   cur_mkvp, old_mkvp, 1);
1132 		if (rc)
1133 			goto out;
1134 	} else {
1135 		return -EINVAL;
1136 	}
1137 
1138 	if (apqns) {
1139 		if (*nr_apqns < _nr_apqns)
1140 			rc = -ENOSPC;
1141 		else
1142 			memcpy(apqns, _apqns, _nr_apqns * sizeof(u32));
1143 	}
1144 	*nr_apqns = _nr_apqns;
1145 
1146 out:
1147 	kfree(_apqns);
1148 	return rc;
1149 }
1150 
pkey_apqns4keytype(enum pkey_key_type ktype,u8 cur_mkvp[32],u8 alt_mkvp[32],u32 flags,struct pkey_apqn * apqns,size_t * nr_apqns)1151 static int pkey_apqns4keytype(enum pkey_key_type ktype,
1152 			      u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
1153 			      struct pkey_apqn *apqns, size_t *nr_apqns)
1154 {
1155 	u32 _nr_apqns, *_apqns = NULL;
1156 	int rc;
1157 
1158 	zcrypt_wait_api_operational();
1159 
1160 	if (ktype == PKEY_TYPE_CCA_DATA || ktype == PKEY_TYPE_CCA_CIPHER) {
1161 		u64 cur_mkvp = 0, old_mkvp = 0;
1162 		int minhwtype = ZCRYPT_CEX3C;
1163 
1164 		if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1165 			cur_mkvp = *((u64 *)cur_mkvp);
1166 		if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1167 			old_mkvp = *((u64 *)alt_mkvp);
1168 		if (ktype == PKEY_TYPE_CCA_CIPHER)
1169 			minhwtype = ZCRYPT_CEX6;
1170 		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1171 				   minhwtype, AES_MK_SET,
1172 				   cur_mkvp, old_mkvp, 1);
1173 		if (rc)
1174 			goto out;
1175 	} else if (ktype == PKEY_TYPE_CCA_ECC) {
1176 		u64 cur_mkvp = 0, old_mkvp = 0;
1177 
1178 		if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1179 			cur_mkvp = *((u64 *)cur_mkvp);
1180 		if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)
1181 			old_mkvp = *((u64 *)alt_mkvp);
1182 		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1183 				   ZCRYPT_CEX7, APKA_MK_SET,
1184 				   cur_mkvp, old_mkvp, 1);
1185 		if (rc)
1186 			goto out;
1187 
1188 	} else if (ktype == PKEY_TYPE_EP11 ||
1189 		   ktype == PKEY_TYPE_EP11_AES ||
1190 		   ktype == PKEY_TYPE_EP11_ECC) {
1191 		u8 *wkvp = NULL;
1192 		int api;
1193 
1194 		if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)
1195 			wkvp = cur_mkvp;
1196 		api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4;
1197 		rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,
1198 				    ZCRYPT_CEX7, api, wkvp);
1199 		if (rc)
1200 			goto out;
1201 
1202 	} else {
1203 		return -EINVAL;
1204 	}
1205 
1206 	if (apqns) {
1207 		if (*nr_apqns < _nr_apqns)
1208 			rc = -ENOSPC;
1209 		else
1210 			memcpy(apqns, _apqns, _nr_apqns * sizeof(u32));
1211 	}
1212 	*nr_apqns = _nr_apqns;
1213 
1214 out:
1215 	kfree(_apqns);
1216 	return rc;
1217 }
1218 
pkey_keyblob2pkey3(const struct pkey_apqn * apqns,size_t nr_apqns,const u8 * key,size_t keylen,u8 * protkey,u32 * protkeylen,u32 * protkeytype)1219 static int pkey_keyblob2pkey3(const struct pkey_apqn *apqns, size_t nr_apqns,
1220 			      const u8 *key, size_t keylen,
1221 			      u8 *protkey, u32 *protkeylen, u32 *protkeytype)
1222 {
1223 	struct keytoken_header *hdr = (struct keytoken_header *)key;
1224 	int i, card, dom, rc;
1225 
1226 	/* check for at least one apqn given */
1227 	if (!apqns || !nr_apqns)
1228 		return -EINVAL;
1229 
1230 	if (keylen < sizeof(struct keytoken_header))
1231 		return -EINVAL;
1232 
1233 	if (hdr->type == TOKTYPE_NON_CCA &&
1234 	    hdr->version == TOKVER_EP11_AES_WITH_HEADER &&
1235 	    is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1236 		/* EP11 AES key blob with header */
1237 		if (ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1))
1238 			return -EINVAL;
1239 	} else if (hdr->type == TOKTYPE_NON_CCA &&
1240 		   hdr->version == TOKVER_EP11_ECC_WITH_HEADER &&
1241 		   is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1242 		/* EP11 ECC key blob with header */
1243 		if (ep11_check_ecc_key_with_hdr(debug_info, 3, key, keylen, 1))
1244 			return -EINVAL;
1245 	} else if (hdr->type == TOKTYPE_NON_CCA &&
1246 		   hdr->version == TOKVER_EP11_AES &&
1247 		   is_ep11_keyblob(key)) {
1248 		/* EP11 AES key blob with header in session field */
1249 		if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
1250 			return -EINVAL;
1251 	} else	if (hdr->type == TOKTYPE_CCA_INTERNAL) {
1252 		if (hdr->version == TOKVER_CCA_AES) {
1253 			/* CCA AES data key */
1254 			if (keylen != sizeof(struct secaeskeytoken))
1255 				return -EINVAL;
1256 			if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
1257 				return -EINVAL;
1258 		} else if (hdr->version == TOKVER_CCA_VLSC) {
1259 			/* CCA AES cipher key */
1260 			if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)
1261 				return -EINVAL;
1262 			if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
1263 				return -EINVAL;
1264 		} else {
1265 			DEBUG_ERR("%s unknown CCA internal token version %d\n",
1266 				  __func__, hdr->version);
1267 			return -EINVAL;
1268 		}
1269 	} else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) {
1270 		/* CCA ECC (private) key */
1271 		if (keylen < sizeof(struct eccprivkeytoken))
1272 			return -EINVAL;
1273 		if (cca_check_sececckeytoken(debug_info, 3, key, keylen, 1))
1274 			return -EINVAL;
1275 	} else if (hdr->type == TOKTYPE_NON_CCA) {
1276 		return pkey_nonccatok2pkey(key, keylen,
1277 					   protkey, protkeylen, protkeytype);
1278 	} else {
1279 		DEBUG_ERR("%s unknown/unsupported blob type %d\n",
1280 			  __func__, hdr->type);
1281 		return -EINVAL;
1282 	}
1283 
1284 	/* simple try all apqns from the list */
1285 	for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) {
1286 		card = apqns[i].card;
1287 		dom = apqns[i].domain;
1288 		if (hdr->type == TOKTYPE_NON_CCA &&
1289 		    (hdr->version == TOKVER_EP11_AES_WITH_HEADER ||
1290 		     hdr->version == TOKVER_EP11_ECC_WITH_HEADER) &&
1291 		    is_ep11_keyblob(key + sizeof(struct ep11kblob_header)))
1292 			rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1293 						protkey, protkeylen,
1294 						protkeytype);
1295 		else if (hdr->type == TOKTYPE_NON_CCA &&
1296 			 hdr->version == TOKVER_EP11_AES &&
1297 			 is_ep11_keyblob(key))
1298 			rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1299 						protkey, protkeylen,
1300 						protkeytype);
1301 		else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1302 			 hdr->version == TOKVER_CCA_AES)
1303 			rc = cca_sec2protkey(card, dom, key, protkey,
1304 					     protkeylen, protkeytype);
1305 		else if (hdr->type == TOKTYPE_CCA_INTERNAL &&
1306 			 hdr->version == TOKVER_CCA_VLSC)
1307 			rc = cca_cipher2protkey(card, dom, key, protkey,
1308 						protkeylen, protkeytype);
1309 		else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA)
1310 			rc = cca_ecc2protkey(card, dom, key, protkey,
1311 					     protkeylen, protkeytype);
1312 		else
1313 			return -EINVAL;
1314 	}
1315 
1316 	return rc;
1317 }
1318 
1319 /*
1320  * File io functions
1321  */
1322 
_copy_key_from_user(void __user * ukey,size_t keylen)1323 static void *_copy_key_from_user(void __user *ukey, size_t keylen)
1324 {
1325 	if (!ukey || keylen < MINKEYBLOBBUFSIZE || keylen > KEYBLOBBUFSIZE)
1326 		return ERR_PTR(-EINVAL);
1327 
1328 	return memdup_user(ukey, keylen);
1329 }
1330 
_copy_apqns_from_user(void __user * uapqns,size_t nr_apqns)1331 static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns)
1332 {
1333 	if (!uapqns || nr_apqns == 0)
1334 		return NULL;
1335 
1336 	return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
1337 }
1338 
pkey_unlocked_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1339 static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
1340 				unsigned long arg)
1341 {
1342 	int rc;
1343 
1344 	switch (cmd) {
1345 	case PKEY_GENSECK: {
1346 		struct pkey_genseck __user *ugs = (void __user *)arg;
1347 		struct pkey_genseck kgs;
1348 
1349 		if (copy_from_user(&kgs, ugs, sizeof(kgs)))
1350 			return -EFAULT;
1351 		rc = cca_genseckey(kgs.cardnr, kgs.domain,
1352 				   kgs.keytype, kgs.seckey.seckey);
1353 		DEBUG_DBG("%s cca_genseckey()=%d\n", __func__, rc);
1354 		if (rc)
1355 			break;
1356 		if (copy_to_user(ugs, &kgs, sizeof(kgs)))
1357 			return -EFAULT;
1358 		break;
1359 	}
1360 	case PKEY_CLR2SECK: {
1361 		struct pkey_clr2seck __user *ucs = (void __user *)arg;
1362 		struct pkey_clr2seck kcs;
1363 
1364 		if (copy_from_user(&kcs, ucs, sizeof(kcs)))
1365 			return -EFAULT;
1366 		rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype,
1367 				    kcs.clrkey.clrkey, kcs.seckey.seckey);
1368 		DEBUG_DBG("%s cca_clr2seckey()=%d\n", __func__, rc);
1369 		if (rc)
1370 			break;
1371 		if (copy_to_user(ucs, &kcs, sizeof(kcs)))
1372 			return -EFAULT;
1373 		memzero_explicit(&kcs, sizeof(kcs));
1374 		break;
1375 	}
1376 	case PKEY_SEC2PROTK: {
1377 		struct pkey_sec2protk __user *usp = (void __user *)arg;
1378 		struct pkey_sec2protk ksp;
1379 
1380 		if (copy_from_user(&ksp, usp, sizeof(ksp)))
1381 			return -EFAULT;
1382 		ksp.protkey.len = sizeof(ksp.protkey.protkey);
1383 		rc = cca_sec2protkey(ksp.cardnr, ksp.domain,
1384 				     ksp.seckey.seckey, ksp.protkey.protkey,
1385 				     &ksp.protkey.len, &ksp.protkey.type);
1386 		DEBUG_DBG("%s cca_sec2protkey()=%d\n", __func__, rc);
1387 		if (rc)
1388 			break;
1389 		if (copy_to_user(usp, &ksp, sizeof(ksp)))
1390 			return -EFAULT;
1391 		break;
1392 	}
1393 	case PKEY_CLR2PROTK: {
1394 		struct pkey_clr2protk __user *ucp = (void __user *)arg;
1395 		struct pkey_clr2protk kcp;
1396 
1397 		if (copy_from_user(&kcp, ucp, sizeof(kcp)))
1398 			return -EFAULT;
1399 		kcp.protkey.len = sizeof(kcp.protkey.protkey);
1400 		rc = pkey_clr2protkey(kcp.keytype, kcp.clrkey.clrkey,
1401 				      kcp.protkey.protkey,
1402 				      &kcp.protkey.len, &kcp.protkey.type);
1403 		DEBUG_DBG("%s pkey_clr2protkey()=%d\n", __func__, rc);
1404 		if (rc)
1405 			break;
1406 		if (copy_to_user(ucp, &kcp, sizeof(kcp)))
1407 			return -EFAULT;
1408 		memzero_explicit(&kcp, sizeof(kcp));
1409 		break;
1410 	}
1411 	case PKEY_FINDCARD: {
1412 		struct pkey_findcard __user *ufc = (void __user *)arg;
1413 		struct pkey_findcard kfc;
1414 
1415 		if (copy_from_user(&kfc, ufc, sizeof(kfc)))
1416 			return -EFAULT;
1417 		rc = cca_findcard(kfc.seckey.seckey,
1418 				  &kfc.cardnr, &kfc.domain, 1);
1419 		DEBUG_DBG("%s cca_findcard()=%d\n", __func__, rc);
1420 		if (rc < 0)
1421 			break;
1422 		if (copy_to_user(ufc, &kfc, sizeof(kfc)))
1423 			return -EFAULT;
1424 		break;
1425 	}
1426 	case PKEY_SKEY2PKEY: {
1427 		struct pkey_skey2pkey __user *usp = (void __user *)arg;
1428 		struct pkey_skey2pkey ksp;
1429 
1430 		if (copy_from_user(&ksp, usp, sizeof(ksp)))
1431 			return -EFAULT;
1432 		ksp.protkey.len = sizeof(ksp.protkey.protkey);
1433 		rc = pkey_skey2pkey(ksp.seckey.seckey, ksp.protkey.protkey,
1434 				    &ksp.protkey.len, &ksp.protkey.type);
1435 		DEBUG_DBG("%s pkey_skey2pkey()=%d\n", __func__, rc);
1436 		if (rc)
1437 			break;
1438 		if (copy_to_user(usp, &ksp, sizeof(ksp)))
1439 			return -EFAULT;
1440 		break;
1441 	}
1442 	case PKEY_VERIFYKEY: {
1443 		struct pkey_verifykey __user *uvk = (void __user *)arg;
1444 		struct pkey_verifykey kvk;
1445 
1446 		if (copy_from_user(&kvk, uvk, sizeof(kvk)))
1447 			return -EFAULT;
1448 		rc = pkey_verifykey(&kvk.seckey, &kvk.cardnr, &kvk.domain,
1449 				    &kvk.keysize, &kvk.attributes);
1450 		DEBUG_DBG("%s pkey_verifykey()=%d\n", __func__, rc);
1451 		if (rc)
1452 			break;
1453 		if (copy_to_user(uvk, &kvk, sizeof(kvk)))
1454 			return -EFAULT;
1455 		break;
1456 	}
1457 	case PKEY_GENPROTK: {
1458 		struct pkey_genprotk __user *ugp = (void __user *)arg;
1459 		struct pkey_genprotk kgp;
1460 
1461 		if (copy_from_user(&kgp, ugp, sizeof(kgp)))
1462 			return -EFAULT;
1463 		kgp.protkey.len = sizeof(kgp.protkey.protkey);
1464 		rc = pkey_genprotkey(kgp.keytype, kgp.protkey.protkey,
1465 				     &kgp.protkey.len, &kgp.protkey.type);
1466 		DEBUG_DBG("%s pkey_genprotkey()=%d\n", __func__, rc);
1467 		if (rc)
1468 			break;
1469 		if (copy_to_user(ugp, &kgp, sizeof(kgp)))
1470 			return -EFAULT;
1471 		break;
1472 	}
1473 	case PKEY_VERIFYPROTK: {
1474 		struct pkey_verifyprotk __user *uvp = (void __user *)arg;
1475 		struct pkey_verifyprotk kvp;
1476 
1477 		if (copy_from_user(&kvp, uvp, sizeof(kvp)))
1478 			return -EFAULT;
1479 		rc = pkey_verifyprotkey(kvp.protkey.protkey,
1480 					kvp.protkey.len, kvp.protkey.type);
1481 		DEBUG_DBG("%s pkey_verifyprotkey()=%d\n", __func__, rc);
1482 		break;
1483 	}
1484 	case PKEY_KBLOB2PROTK: {
1485 		struct pkey_kblob2pkey __user *utp = (void __user *)arg;
1486 		struct pkey_kblob2pkey ktp;
1487 		u8 *kkey;
1488 
1489 		if (copy_from_user(&ktp, utp, sizeof(ktp)))
1490 			return -EFAULT;
1491 		kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1492 		if (IS_ERR(kkey))
1493 			return PTR_ERR(kkey);
1494 		ktp.protkey.len = sizeof(ktp.protkey.protkey);
1495 		rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey,
1496 				       &ktp.protkey.len, &ktp.protkey.type);
1497 		DEBUG_DBG("%s pkey_keyblob2pkey()=%d\n", __func__, rc);
1498 		memzero_explicit(kkey, ktp.keylen);
1499 		kfree(kkey);
1500 		if (rc)
1501 			break;
1502 		if (copy_to_user(utp, &ktp, sizeof(ktp)))
1503 			return -EFAULT;
1504 		break;
1505 	}
1506 	case PKEY_GENSECK2: {
1507 		struct pkey_genseck2 __user *ugs = (void __user *)arg;
1508 		size_t klen = KEYBLOBBUFSIZE;
1509 		struct pkey_genseck2 kgs;
1510 		struct pkey_apqn *apqns;
1511 		u8 *kkey;
1512 
1513 		if (copy_from_user(&kgs, ugs, sizeof(kgs)))
1514 			return -EFAULT;
1515 		apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries);
1516 		if (IS_ERR(apqns))
1517 			return PTR_ERR(apqns);
1518 		kkey = kzalloc(klen, GFP_KERNEL);
1519 		if (!kkey) {
1520 			kfree(apqns);
1521 			return -ENOMEM;
1522 		}
1523 		rc = pkey_genseckey2(apqns, kgs.apqn_entries,
1524 				     kgs.type, kgs.size, kgs.keygenflags,
1525 				     kkey, &klen);
1526 		DEBUG_DBG("%s pkey_genseckey2()=%d\n", __func__, rc);
1527 		kfree(apqns);
1528 		if (rc) {
1529 			kfree(kkey);
1530 			break;
1531 		}
1532 		if (kgs.key) {
1533 			if (kgs.keylen < klen) {
1534 				kfree(kkey);
1535 				return -EINVAL;
1536 			}
1537 			if (copy_to_user(kgs.key, kkey, klen)) {
1538 				kfree(kkey);
1539 				return -EFAULT;
1540 			}
1541 		}
1542 		kgs.keylen = klen;
1543 		if (copy_to_user(ugs, &kgs, sizeof(kgs)))
1544 			rc = -EFAULT;
1545 		kfree(kkey);
1546 		break;
1547 	}
1548 	case PKEY_CLR2SECK2: {
1549 		struct pkey_clr2seck2 __user *ucs = (void __user *)arg;
1550 		size_t klen = KEYBLOBBUFSIZE;
1551 		struct pkey_clr2seck2 kcs;
1552 		struct pkey_apqn *apqns;
1553 		u8 *kkey;
1554 
1555 		if (copy_from_user(&kcs, ucs, sizeof(kcs)))
1556 			return -EFAULT;
1557 		apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
1558 		if (IS_ERR(apqns))
1559 			return PTR_ERR(apqns);
1560 		kkey = kzalloc(klen, GFP_KERNEL);
1561 		if (!kkey) {
1562 			kfree(apqns);
1563 			return -ENOMEM;
1564 		}
1565 		rc = pkey_clr2seckey2(apqns, kcs.apqn_entries,
1566 				      kcs.type, kcs.size, kcs.keygenflags,
1567 				      kcs.clrkey.clrkey, kkey, &klen);
1568 		DEBUG_DBG("%s pkey_clr2seckey2()=%d\n", __func__, rc);
1569 		kfree(apqns);
1570 		if (rc) {
1571 			kfree(kkey);
1572 			break;
1573 		}
1574 		if (kcs.key) {
1575 			if (kcs.keylen < klen) {
1576 				kfree(kkey);
1577 				return -EINVAL;
1578 			}
1579 			if (copy_to_user(kcs.key, kkey, klen)) {
1580 				kfree(kkey);
1581 				return -EFAULT;
1582 			}
1583 		}
1584 		kcs.keylen = klen;
1585 		if (copy_to_user(ucs, &kcs, sizeof(kcs)))
1586 			rc = -EFAULT;
1587 		memzero_explicit(&kcs, sizeof(kcs));
1588 		kfree(kkey);
1589 		break;
1590 	}
1591 	case PKEY_VERIFYKEY2: {
1592 		struct pkey_verifykey2 __user *uvk = (void __user *)arg;
1593 		struct pkey_verifykey2 kvk;
1594 		u8 *kkey;
1595 
1596 		if (copy_from_user(&kvk, uvk, sizeof(kvk)))
1597 			return -EFAULT;
1598 		kkey = _copy_key_from_user(kvk.key, kvk.keylen);
1599 		if (IS_ERR(kkey))
1600 			return PTR_ERR(kkey);
1601 		rc = pkey_verifykey2(kkey, kvk.keylen,
1602 				     &kvk.cardnr, &kvk.domain,
1603 				     &kvk.type, &kvk.size, &kvk.flags);
1604 		DEBUG_DBG("%s pkey_verifykey2()=%d\n", __func__, rc);
1605 		kfree(kkey);
1606 		if (rc)
1607 			break;
1608 		if (copy_to_user(uvk, &kvk, sizeof(kvk)))
1609 			return -EFAULT;
1610 		break;
1611 	}
1612 	case PKEY_KBLOB2PROTK2: {
1613 		struct pkey_kblob2pkey2 __user *utp = (void __user *)arg;
1614 		struct pkey_apqn *apqns = NULL;
1615 		struct pkey_kblob2pkey2 ktp;
1616 		u8 *kkey;
1617 
1618 		if (copy_from_user(&ktp, utp, sizeof(ktp)))
1619 			return -EFAULT;
1620 		apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries);
1621 		if (IS_ERR(apqns))
1622 			return PTR_ERR(apqns);
1623 		kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1624 		if (IS_ERR(kkey)) {
1625 			kfree(apqns);
1626 			return PTR_ERR(kkey);
1627 		}
1628 		ktp.protkey.len = sizeof(ktp.protkey.protkey);
1629 		rc = pkey_keyblob2pkey2(apqns, ktp.apqn_entries,
1630 					kkey, ktp.keylen,
1631 					ktp.protkey.protkey, &ktp.protkey.len,
1632 					&ktp.protkey.type);
1633 		DEBUG_DBG("%s pkey_keyblob2pkey2()=%d\n", __func__, rc);
1634 		kfree(apqns);
1635 		memzero_explicit(kkey, ktp.keylen);
1636 		kfree(kkey);
1637 		if (rc)
1638 			break;
1639 		if (copy_to_user(utp, &ktp, sizeof(ktp)))
1640 			return -EFAULT;
1641 		break;
1642 	}
1643 	case PKEY_APQNS4K: {
1644 		struct pkey_apqns4key __user *uak = (void __user *)arg;
1645 		struct pkey_apqn *apqns = NULL;
1646 		struct pkey_apqns4key kak;
1647 		size_t nr_apqns, len;
1648 		u8 *kkey;
1649 
1650 		if (copy_from_user(&kak, uak, sizeof(kak)))
1651 			return -EFAULT;
1652 		nr_apqns = kak.apqn_entries;
1653 		if (nr_apqns) {
1654 			apqns = kmalloc_array(nr_apqns,
1655 					      sizeof(struct pkey_apqn),
1656 					      GFP_KERNEL);
1657 			if (!apqns)
1658 				return -ENOMEM;
1659 		}
1660 		kkey = _copy_key_from_user(kak.key, kak.keylen);
1661 		if (IS_ERR(kkey)) {
1662 			kfree(apqns);
1663 			return PTR_ERR(kkey);
1664 		}
1665 		rc = pkey_apqns4key(kkey, kak.keylen, kak.flags,
1666 				    apqns, &nr_apqns);
1667 		DEBUG_DBG("%s pkey_apqns4key()=%d\n", __func__, rc);
1668 		kfree(kkey);
1669 		if (rc && rc != -ENOSPC) {
1670 			kfree(apqns);
1671 			break;
1672 		}
1673 		if (!rc && kak.apqns) {
1674 			if (nr_apqns > kak.apqn_entries) {
1675 				kfree(apqns);
1676 				return -EINVAL;
1677 			}
1678 			len = nr_apqns * sizeof(struct pkey_apqn);
1679 			if (len) {
1680 				if (copy_to_user(kak.apqns, apqns, len)) {
1681 					kfree(apqns);
1682 					return -EFAULT;
1683 				}
1684 			}
1685 		}
1686 		kak.apqn_entries = nr_apqns;
1687 		if (copy_to_user(uak, &kak, sizeof(kak)))
1688 			rc = -EFAULT;
1689 		kfree(apqns);
1690 		break;
1691 	}
1692 	case PKEY_APQNS4KT: {
1693 		struct pkey_apqns4keytype __user *uat = (void __user *)arg;
1694 		struct pkey_apqn *apqns = NULL;
1695 		struct pkey_apqns4keytype kat;
1696 		size_t nr_apqns, len;
1697 
1698 		if (copy_from_user(&kat, uat, sizeof(kat)))
1699 			return -EFAULT;
1700 		nr_apqns = kat.apqn_entries;
1701 		if (nr_apqns) {
1702 			apqns = kmalloc_array(nr_apqns,
1703 					      sizeof(struct pkey_apqn),
1704 					      GFP_KERNEL);
1705 			if (!apqns)
1706 				return -ENOMEM;
1707 		}
1708 		rc = pkey_apqns4keytype(kat.type, kat.cur_mkvp, kat.alt_mkvp,
1709 					kat.flags, apqns, &nr_apqns);
1710 		DEBUG_DBG("%s pkey_apqns4keytype()=%d\n", __func__, rc);
1711 		if (rc && rc != -ENOSPC) {
1712 			kfree(apqns);
1713 			break;
1714 		}
1715 		if (!rc && kat.apqns) {
1716 			if (nr_apqns > kat.apqn_entries) {
1717 				kfree(apqns);
1718 				return -EINVAL;
1719 			}
1720 			len = nr_apqns * sizeof(struct pkey_apqn);
1721 			if (len) {
1722 				if (copy_to_user(kat.apqns, apqns, len)) {
1723 					kfree(apqns);
1724 					return -EFAULT;
1725 				}
1726 			}
1727 		}
1728 		kat.apqn_entries = nr_apqns;
1729 		if (copy_to_user(uat, &kat, sizeof(kat)))
1730 			rc = -EFAULT;
1731 		kfree(apqns);
1732 		break;
1733 	}
1734 	case PKEY_KBLOB2PROTK3: {
1735 		struct pkey_kblob2pkey3 __user *utp = (void __user *)arg;
1736 		u32 protkeylen = PROTKEYBLOBBUFSIZE;
1737 		struct pkey_apqn *apqns = NULL;
1738 		struct pkey_kblob2pkey3 ktp;
1739 		u8 *kkey, *protkey;
1740 
1741 		if (copy_from_user(&ktp, utp, sizeof(ktp)))
1742 			return -EFAULT;
1743 		apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries);
1744 		if (IS_ERR(apqns))
1745 			return PTR_ERR(apqns);
1746 		kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1747 		if (IS_ERR(kkey)) {
1748 			kfree(apqns);
1749 			return PTR_ERR(kkey);
1750 		}
1751 		protkey = kmalloc(protkeylen, GFP_KERNEL);
1752 		if (!protkey) {
1753 			kfree(apqns);
1754 			kfree(kkey);
1755 			return -ENOMEM;
1756 		}
1757 		rc = pkey_keyblob2pkey3(apqns, ktp.apqn_entries,
1758 					kkey, ktp.keylen,
1759 					protkey, &protkeylen, &ktp.pkeytype);
1760 		DEBUG_DBG("%s pkey_keyblob2pkey3()=%d\n", __func__, rc);
1761 		kfree(apqns);
1762 		memzero_explicit(kkey, ktp.keylen);
1763 		kfree(kkey);
1764 		if (rc) {
1765 			kfree(protkey);
1766 			break;
1767 		}
1768 		if (ktp.pkey && ktp.pkeylen) {
1769 			if (protkeylen > ktp.pkeylen) {
1770 				kfree(protkey);
1771 				return -EINVAL;
1772 			}
1773 			if (copy_to_user(ktp.pkey, protkey, protkeylen)) {
1774 				kfree(protkey);
1775 				return -EFAULT;
1776 			}
1777 		}
1778 		kfree(protkey);
1779 		ktp.pkeylen = protkeylen;
1780 		if (copy_to_user(utp, &ktp, sizeof(ktp)))
1781 			return -EFAULT;
1782 		break;
1783 	}
1784 	default:
1785 		/* unknown/unsupported ioctl cmd */
1786 		return -ENOTTY;
1787 	}
1788 
1789 	return rc;
1790 }
1791 
1792 /*
1793  * Sysfs and file io operations
1794  */
1795 
1796 /*
1797  * Sysfs attribute read function for all protected key binary attributes.
1798  * The implementation can not deal with partial reads, because a new random
1799  * protected key blob is generated with each read. In case of partial reads
1800  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1801  */
pkey_protkey_aes_attr_read(u32 keytype,bool is_xts,char * buf,loff_t off,size_t count)1802 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
1803 					  loff_t off, size_t count)
1804 {
1805 	struct protaeskeytoken protkeytoken;
1806 	struct pkey_protkey protkey;
1807 	int rc;
1808 
1809 	if (off != 0 || count < sizeof(protkeytoken))
1810 		return -EINVAL;
1811 	if (is_xts)
1812 		if (count < 2 * sizeof(protkeytoken))
1813 			return -EINVAL;
1814 
1815 	memset(&protkeytoken, 0, sizeof(protkeytoken));
1816 	protkeytoken.type = TOKTYPE_NON_CCA;
1817 	protkeytoken.version = TOKVER_PROTECTED_KEY;
1818 	protkeytoken.keytype = keytype;
1819 
1820 	protkey.len = sizeof(protkey.protkey);
1821 	rc = pkey_genprotkey(protkeytoken.keytype,
1822 			     protkey.protkey, &protkey.len, &protkey.type);
1823 	if (rc)
1824 		return rc;
1825 
1826 	protkeytoken.len = protkey.len;
1827 	memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
1828 
1829 	memcpy(buf, &protkeytoken, sizeof(protkeytoken));
1830 
1831 	if (is_xts) {
1832 		/* xts needs a second protected key, reuse protkey struct */
1833 		protkey.len = sizeof(protkey.protkey);
1834 		rc = pkey_genprotkey(protkeytoken.keytype,
1835 				     protkey.protkey, &protkey.len, &protkey.type);
1836 		if (rc)
1837 			return rc;
1838 
1839 		protkeytoken.len = protkey.len;
1840 		memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
1841 
1842 		memcpy(buf + sizeof(protkeytoken), &protkeytoken,
1843 		       sizeof(protkeytoken));
1844 
1845 		return 2 * sizeof(protkeytoken);
1846 	}
1847 
1848 	return sizeof(protkeytoken);
1849 }
1850 
protkey_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1851 static ssize_t protkey_aes_128_read(struct file *filp,
1852 				    struct kobject *kobj,
1853 				    struct bin_attribute *attr,
1854 				    char *buf, loff_t off,
1855 				    size_t count)
1856 {
1857 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
1858 					  off, count);
1859 }
1860 
protkey_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1861 static ssize_t protkey_aes_192_read(struct file *filp,
1862 				    struct kobject *kobj,
1863 				    struct bin_attribute *attr,
1864 				    char *buf, loff_t off,
1865 				    size_t count)
1866 {
1867 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
1868 					  off, count);
1869 }
1870 
protkey_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1871 static ssize_t protkey_aes_256_read(struct file *filp,
1872 				    struct kobject *kobj,
1873 				    struct bin_attribute *attr,
1874 				    char *buf, loff_t off,
1875 				    size_t count)
1876 {
1877 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
1878 					  off, count);
1879 }
1880 
protkey_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1881 static ssize_t protkey_aes_128_xts_read(struct file *filp,
1882 					struct kobject *kobj,
1883 					struct bin_attribute *attr,
1884 					char *buf, loff_t off,
1885 					size_t count)
1886 {
1887 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
1888 					  off, count);
1889 }
1890 
protkey_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1891 static ssize_t protkey_aes_256_xts_read(struct file *filp,
1892 					struct kobject *kobj,
1893 					struct bin_attribute *attr,
1894 					char *buf, loff_t off,
1895 					size_t count)
1896 {
1897 	return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
1898 					  off, count);
1899 }
1900 
1901 static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
1902 static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
1903 static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
1904 static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
1905 static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
1906 
1907 static struct bin_attribute *protkey_attrs[] = {
1908 	&bin_attr_protkey_aes_128,
1909 	&bin_attr_protkey_aes_192,
1910 	&bin_attr_protkey_aes_256,
1911 	&bin_attr_protkey_aes_128_xts,
1912 	&bin_attr_protkey_aes_256_xts,
1913 	NULL
1914 };
1915 
1916 static struct attribute_group protkey_attr_group = {
1917 	.name	   = "protkey",
1918 	.bin_attrs = protkey_attrs,
1919 };
1920 
1921 /*
1922  * Sysfs attribute read function for all secure key ccadata binary attributes.
1923  * The implementation can not deal with partial reads, because a new random
1924  * protected key blob is generated with each read. In case of partial reads
1925  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1926  */
pkey_ccadata_aes_attr_read(u32 keytype,bool is_xts,char * buf,loff_t off,size_t count)1927 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
1928 					  loff_t off, size_t count)
1929 {
1930 	struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
1931 	int rc;
1932 
1933 	if (off != 0 || count < sizeof(struct secaeskeytoken))
1934 		return -EINVAL;
1935 	if (is_xts)
1936 		if (count < 2 * sizeof(struct secaeskeytoken))
1937 			return -EINVAL;
1938 
1939 	rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
1940 	if (rc)
1941 		return rc;
1942 
1943 	if (is_xts) {
1944 		seckey++;
1945 		rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
1946 		if (rc)
1947 			return rc;
1948 
1949 		return 2 * sizeof(struct secaeskeytoken);
1950 	}
1951 
1952 	return sizeof(struct secaeskeytoken);
1953 }
1954 
ccadata_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1955 static ssize_t ccadata_aes_128_read(struct file *filp,
1956 				    struct kobject *kobj,
1957 				    struct bin_attribute *attr,
1958 				    char *buf, loff_t off,
1959 				    size_t count)
1960 {
1961 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
1962 					  off, count);
1963 }
1964 
ccadata_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1965 static ssize_t ccadata_aes_192_read(struct file *filp,
1966 				    struct kobject *kobj,
1967 				    struct bin_attribute *attr,
1968 				    char *buf, loff_t off,
1969 				    size_t count)
1970 {
1971 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
1972 					  off, count);
1973 }
1974 
ccadata_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1975 static ssize_t ccadata_aes_256_read(struct file *filp,
1976 				    struct kobject *kobj,
1977 				    struct bin_attribute *attr,
1978 				    char *buf, loff_t off,
1979 				    size_t count)
1980 {
1981 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
1982 					  off, count);
1983 }
1984 
ccadata_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1985 static ssize_t ccadata_aes_128_xts_read(struct file *filp,
1986 					struct kobject *kobj,
1987 					struct bin_attribute *attr,
1988 					char *buf, loff_t off,
1989 					size_t count)
1990 {
1991 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
1992 					  off, count);
1993 }
1994 
ccadata_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1995 static ssize_t ccadata_aes_256_xts_read(struct file *filp,
1996 					struct kobject *kobj,
1997 					struct bin_attribute *attr,
1998 					char *buf, loff_t off,
1999 					size_t count)
2000 {
2001 	return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
2002 					  off, count);
2003 }
2004 
2005 static BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken));
2006 static BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken));
2007 static BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken));
2008 static BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken));
2009 static BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken));
2010 
2011 static struct bin_attribute *ccadata_attrs[] = {
2012 	&bin_attr_ccadata_aes_128,
2013 	&bin_attr_ccadata_aes_192,
2014 	&bin_attr_ccadata_aes_256,
2015 	&bin_attr_ccadata_aes_128_xts,
2016 	&bin_attr_ccadata_aes_256_xts,
2017 	NULL
2018 };
2019 
2020 static struct attribute_group ccadata_attr_group = {
2021 	.name	   = "ccadata",
2022 	.bin_attrs = ccadata_attrs,
2023 };
2024 
2025 #define CCACIPHERTOKENSIZE	(sizeof(struct cipherkeytoken) + 80)
2026 
2027 /*
2028  * Sysfs attribute read function for all secure key ccacipher binary attributes.
2029  * The implementation can not deal with partial reads, because a new random
2030  * secure key blob is generated with each read. In case of partial reads
2031  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2032  */
pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,bool is_xts,char * buf,loff_t off,size_t count)2033 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
2034 					    bool is_xts, char *buf, loff_t off,
2035 					    size_t count)
2036 {
2037 	size_t keysize = CCACIPHERTOKENSIZE;
2038 	u32 nr_apqns, *apqns = NULL;
2039 	int i, rc, card, dom;
2040 
2041 	if (off != 0 || count < CCACIPHERTOKENSIZE)
2042 		return -EINVAL;
2043 	if (is_xts)
2044 		if (count < 2 * CCACIPHERTOKENSIZE)
2045 			return -EINVAL;
2046 
2047 	/* build a list of apqns able to generate an cipher key */
2048 	rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
2049 			   ZCRYPT_CEX6, 0, 0, 0, 0);
2050 	if (rc)
2051 		return rc;
2052 
2053 	memset(buf, 0, is_xts ? 2 * keysize : keysize);
2054 
2055 	/* simple try all apqns from the list */
2056 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
2057 		card = apqns[i] >> 16;
2058 		dom = apqns[i] & 0xFFFF;
2059 		rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
2060 		if (rc == 0)
2061 			break;
2062 	}
2063 	if (rc)
2064 		return rc;
2065 
2066 	if (is_xts) {
2067 		keysize = CCACIPHERTOKENSIZE;
2068 		buf += CCACIPHERTOKENSIZE;
2069 		rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
2070 		if (rc == 0)
2071 			return 2 * CCACIPHERTOKENSIZE;
2072 	}
2073 
2074 	return CCACIPHERTOKENSIZE;
2075 }
2076 
ccacipher_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2077 static ssize_t ccacipher_aes_128_read(struct file *filp,
2078 				      struct kobject *kobj,
2079 				      struct bin_attribute *attr,
2080 				      char *buf, loff_t off,
2081 				      size_t count)
2082 {
2083 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
2084 					    off, count);
2085 }
2086 
ccacipher_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2087 static ssize_t ccacipher_aes_192_read(struct file *filp,
2088 				      struct kobject *kobj,
2089 				      struct bin_attribute *attr,
2090 				      char *buf, loff_t off,
2091 				      size_t count)
2092 {
2093 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
2094 					    off, count);
2095 }
2096 
ccacipher_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2097 static ssize_t ccacipher_aes_256_read(struct file *filp,
2098 				      struct kobject *kobj,
2099 				      struct bin_attribute *attr,
2100 				      char *buf, loff_t off,
2101 				      size_t count)
2102 {
2103 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
2104 					    off, count);
2105 }
2106 
ccacipher_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2107 static ssize_t ccacipher_aes_128_xts_read(struct file *filp,
2108 					  struct kobject *kobj,
2109 					  struct bin_attribute *attr,
2110 					  char *buf, loff_t off,
2111 					  size_t count)
2112 {
2113 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
2114 					    off, count);
2115 }
2116 
ccacipher_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2117 static ssize_t ccacipher_aes_256_xts_read(struct file *filp,
2118 					  struct kobject *kobj,
2119 					  struct bin_attribute *attr,
2120 					  char *buf, loff_t off,
2121 					  size_t count)
2122 {
2123 	return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
2124 					    off, count);
2125 }
2126 
2127 static BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE);
2128 static BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE);
2129 static BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE);
2130 static BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE);
2131 static BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE);
2132 
2133 static struct bin_attribute *ccacipher_attrs[] = {
2134 	&bin_attr_ccacipher_aes_128,
2135 	&bin_attr_ccacipher_aes_192,
2136 	&bin_attr_ccacipher_aes_256,
2137 	&bin_attr_ccacipher_aes_128_xts,
2138 	&bin_attr_ccacipher_aes_256_xts,
2139 	NULL
2140 };
2141 
2142 static struct attribute_group ccacipher_attr_group = {
2143 	.name	   = "ccacipher",
2144 	.bin_attrs = ccacipher_attrs,
2145 };
2146 
2147 /*
2148  * Sysfs attribute read function for all ep11 aes key binary attributes.
2149  * The implementation can not deal with partial reads, because a new random
2150  * secure key blob is generated with each read. In case of partial reads
2151  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2152  * This function and the sysfs attributes using it provide EP11 key blobs
2153  * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently
2154  * 336 bytes.
2155  */
pkey_ep11_aes_attr_read(enum pkey_key_size keybits,bool is_xts,char * buf,loff_t off,size_t count)2156 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
2157 				       bool is_xts, char *buf, loff_t off,
2158 				       size_t count)
2159 {
2160 	size_t keysize = MAXEP11AESKEYBLOBSIZE;
2161 	u32 nr_apqns, *apqns = NULL;
2162 	int i, rc, card, dom;
2163 
2164 	if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
2165 		return -EINVAL;
2166 	if (is_xts)
2167 		if (count < 2 * MAXEP11AESKEYBLOBSIZE)
2168 			return -EINVAL;
2169 
2170 	/* build a list of apqns able to generate an cipher key */
2171 	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
2172 			    ZCRYPT_CEX7,
2173 			    ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
2174 			    NULL);
2175 	if (rc)
2176 		return rc;
2177 
2178 	memset(buf, 0, is_xts ? 2 * keysize : keysize);
2179 
2180 	/* simple try all apqns from the list */
2181 	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
2182 		card = apqns[i] >> 16;
2183 		dom = apqns[i] & 0xFFFF;
2184 		rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize,
2185 				    PKEY_TYPE_EP11_AES);
2186 		if (rc == 0)
2187 			break;
2188 	}
2189 	if (rc)
2190 		return rc;
2191 
2192 	if (is_xts) {
2193 		keysize = MAXEP11AESKEYBLOBSIZE;
2194 		buf += MAXEP11AESKEYBLOBSIZE;
2195 		rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize,
2196 				    PKEY_TYPE_EP11_AES);
2197 		if (rc == 0)
2198 			return 2 * MAXEP11AESKEYBLOBSIZE;
2199 	}
2200 
2201 	return MAXEP11AESKEYBLOBSIZE;
2202 }
2203 
ep11_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2204 static ssize_t ep11_aes_128_read(struct file *filp,
2205 				 struct kobject *kobj,
2206 				 struct bin_attribute *attr,
2207 				 char *buf, loff_t off,
2208 				 size_t count)
2209 {
2210 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
2211 				       off, count);
2212 }
2213 
ep11_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2214 static ssize_t ep11_aes_192_read(struct file *filp,
2215 				 struct kobject *kobj,
2216 				 struct bin_attribute *attr,
2217 				 char *buf, loff_t off,
2218 				 size_t count)
2219 {
2220 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
2221 				       off, count);
2222 }
2223 
ep11_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2224 static ssize_t ep11_aes_256_read(struct file *filp,
2225 				 struct kobject *kobj,
2226 				 struct bin_attribute *attr,
2227 				 char *buf, loff_t off,
2228 				 size_t count)
2229 {
2230 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
2231 				       off, count);
2232 }
2233 
ep11_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2234 static ssize_t ep11_aes_128_xts_read(struct file *filp,
2235 				     struct kobject *kobj,
2236 				     struct bin_attribute *attr,
2237 				     char *buf, loff_t off,
2238 				     size_t count)
2239 {
2240 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
2241 				       off, count);
2242 }
2243 
ep11_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2244 static ssize_t ep11_aes_256_xts_read(struct file *filp,
2245 				     struct kobject *kobj,
2246 				     struct bin_attribute *attr,
2247 				     char *buf, loff_t off,
2248 				     size_t count)
2249 {
2250 	return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
2251 				       off, count);
2252 }
2253 
2254 static BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE);
2255 static BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE);
2256 static BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE);
2257 static BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE);
2258 static BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE);
2259 
2260 static struct bin_attribute *ep11_attrs[] = {
2261 	&bin_attr_ep11_aes_128,
2262 	&bin_attr_ep11_aes_192,
2263 	&bin_attr_ep11_aes_256,
2264 	&bin_attr_ep11_aes_128_xts,
2265 	&bin_attr_ep11_aes_256_xts,
2266 	NULL
2267 };
2268 
2269 static struct attribute_group ep11_attr_group = {
2270 	.name	   = "ep11",
2271 	.bin_attrs = ep11_attrs,
2272 };
2273 
2274 static const struct attribute_group *pkey_attr_groups[] = {
2275 	&protkey_attr_group,
2276 	&ccadata_attr_group,
2277 	&ccacipher_attr_group,
2278 	&ep11_attr_group,
2279 	NULL,
2280 };
2281 
2282 static const struct file_operations pkey_fops = {
2283 	.owner		= THIS_MODULE,
2284 	.open		= nonseekable_open,
2285 	.llseek		= no_llseek,
2286 	.unlocked_ioctl = pkey_unlocked_ioctl,
2287 };
2288 
2289 static struct miscdevice pkey_dev = {
2290 	.name	= "pkey",
2291 	.minor	= MISC_DYNAMIC_MINOR,
2292 	.mode	= 0666,
2293 	.fops	= &pkey_fops,
2294 	.groups = pkey_attr_groups,
2295 };
2296 
2297 /*
2298  * Module init
2299  */
pkey_init(void)2300 static int __init pkey_init(void)
2301 {
2302 	cpacf_mask_t func_mask;
2303 
2304 	/*
2305 	 * The pckmo instruction should be available - even if we don't
2306 	 * actually invoke it. This instruction comes with MSA 3 which
2307 	 * is also the minimum level for the kmc instructions which
2308 	 * are able to work with protected keys.
2309 	 */
2310 	if (!cpacf_query(CPACF_PCKMO, &func_mask))
2311 		return -ENODEV;
2312 
2313 	/* check for kmc instructions available */
2314 	if (!cpacf_query(CPACF_KMC, &func_mask))
2315 		return -ENODEV;
2316 	if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) ||
2317 	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) ||
2318 	    !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256))
2319 		return -ENODEV;
2320 
2321 	pkey_debug_init();
2322 
2323 	return misc_register(&pkey_dev);
2324 }
2325 
2326 /*
2327  * Module exit
2328  */
pkey_exit(void)2329 static void __exit pkey_exit(void)
2330 {
2331 	misc_deregister(&pkey_dev);
2332 	pkey_debug_exit();
2333 }
2334 
2335 module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init);
2336 module_exit(pkey_exit);
2337