Lines Matching +full:inside +full:- +full:secure
1 // SPDX-License-Identifier: GPL-2.0
59 /* inside view of a secure key token (only type 0x01 version 0x04) */
76 * Simple check if the token is a valid CCA secure AES key
84 if (t->type != 0x01) { in check_secaeskeytoken()
86 "%s secure token check failed, type mismatch 0x%02x != 0x01\n", in check_secaeskeytoken()
87 __func__, (int) t->type); in check_secaeskeytoken()
88 return -EINVAL; in check_secaeskeytoken()
90 if (t->version != 0x04) { in check_secaeskeytoken()
92 "%s secure token check failed, version mismatch 0x%02x != 0x04\n", in check_secaeskeytoken()
93 __func__, (int) t->version); in check_secaeskeytoken()
94 return -EINVAL; in check_secaeskeytoken()
96 if (keybitsize > 0 && t->bitsize != keybitsize) { in check_secaeskeytoken()
98 "%s secure token check failed, bitsize mismatch %d != %d\n", in check_secaeskeytoken()
99 __func__, (int) t->bitsize, keybitsize); in check_secaeskeytoken()
100 return -EINVAL; in check_secaeskeytoken()
127 return -ENOMEM; in alloc_and_prep_cprbmem()
133 preqcblk->cprb_len = sizeof(struct CPRBX); in alloc_and_prep_cprbmem()
134 preqcblk->cprb_ver_id = 0x02; in alloc_and_prep_cprbmem()
135 memcpy(preqcblk->func_id, "T2", 2); in alloc_and_prep_cprbmem()
136 preqcblk->rpl_msgbl = cprbplusparamblen; in alloc_and_prep_cprbmem()
138 preqcblk->req_parmb = in alloc_and_prep_cprbmem()
140 preqcblk->rpl_parmb = in alloc_and_prep_cprbmem()
173 pxcrb->agent_ID = 0x4341; /* 'CA' */ in prep_xcrb()
174 pxcrb->user_defined = (cardnr == 0xFFFF ? AUTOSELECT : cardnr); in prep_xcrb()
175 pxcrb->request_control_blk_length = in prep_xcrb()
176 preqcblk->cprb_len + preqcblk->req_parml; in prep_xcrb()
177 pxcrb->request_control_blk_addr = (void __user *) preqcblk; in prep_xcrb()
178 pxcrb->reply_control_blk_length = preqcblk->rpl_msgbl; in prep_xcrb()
179 pxcrb->reply_control_blk_addr = (void __user *) prepcblk; in prep_xcrb()
201 * Generate (random) AES secure key.
251 preqcblk->domain = domain; in pkey_genseckey()
254 preqparm = (struct kgreqparm *) preqcblk->req_parmb; in pkey_genseckey()
255 memcpy(preqparm->subfunc_code, "KG", 2); in pkey_genseckey()
256 preqparm->rule_array_len = sizeof(preqparm->rule_array_len); in pkey_genseckey()
257 preqparm->lv1.len = sizeof(struct lv1); in pkey_genseckey()
258 memcpy(preqparm->lv1.key_form, "OP ", 8); in pkey_genseckey()
262 memcpy(preqparm->lv1.key_length, "KEYLN16 ", 8); in pkey_genseckey()
266 memcpy(preqparm->lv1.key_length, "KEYLN24 ", 8); in pkey_genseckey()
270 memcpy(preqparm->lv1.key_length, "KEYLN32 ", 8); in pkey_genseckey()
276 rc = -EINVAL; in pkey_genseckey()
279 memcpy(preqparm->lv1.key_type1, "AESDATA ", 8); in pkey_genseckey()
280 preqparm->lv2.len = sizeof(struct lv2); in pkey_genseckey()
282 preqparm->lv2.keyid[i].len = sizeof(struct keyid); in pkey_genseckey()
283 preqparm->lv2.keyid[i].attr = (i == 2 ? 0x30 : 0x10); in pkey_genseckey()
285 preqcblk->req_parml = sizeof(struct kgreqparm); in pkey_genseckey()
300 if (prepcblk->ccp_rtcode != 0) { in pkey_genseckey()
302 "%s secure key generate failure, card response %d/%d\n", in pkey_genseckey()
304 (int) prepcblk->ccp_rtcode, in pkey_genseckey()
305 (int) prepcblk->ccp_rscode); in pkey_genseckey()
306 rc = -EIO; in pkey_genseckey()
311 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX); in pkey_genseckey()
312 prepparm = (struct kgrepparm *) prepcblk->rpl_parmb; in pkey_genseckey()
314 /* check length of the returned secure key token */ in pkey_genseckey()
315 seckeysize = prepparm->lv3.keyblock.toklen in pkey_genseckey()
316 - sizeof(prepparm->lv3.keyblock.toklen) in pkey_genseckey()
317 - sizeof(prepparm->lv3.keyblock.tokattr); in pkey_genseckey()
320 "%s secure token size mismatch %d != %d bytes\n", in pkey_genseckey()
322 rc = -EIO; in pkey_genseckey()
326 /* check secure key token */ in pkey_genseckey()
327 rc = check_secaeskeytoken(prepparm->lv3.keyblock.tok, 8*keysize); in pkey_genseckey()
329 rc = -EIO; in pkey_genseckey()
333 /* copy the generated secure key token */ in pkey_genseckey()
334 memcpy(seckey->seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE); in pkey_genseckey()
343 * Generate an AES secure key with given key value.
392 preqcblk->domain = domain; in pkey_clr2seckey()
395 preqparm = (struct cmreqparm *) preqcblk->req_parmb; in pkey_clr2seckey()
396 memcpy(preqparm->subfunc_code, "CM", 2); in pkey_clr2seckey()
397 memcpy(preqparm->rule_array, "AES ", 8); in pkey_clr2seckey()
398 preqparm->rule_array_len = in pkey_clr2seckey()
399 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array); in pkey_clr2seckey()
414 rc = -EINVAL; in pkey_clr2seckey()
417 preqparm->lv1.len = sizeof(struct lv1) + keysize; in pkey_clr2seckey()
418 memcpy(preqparm->lv1.clrkey, clrkey->clrkey, keysize); in pkey_clr2seckey()
419 plv2 = (struct lv2 *) (((u8 *) &preqparm->lv2) + keysize); in pkey_clr2seckey()
420 plv2->len = sizeof(struct lv2); in pkey_clr2seckey()
421 plv2->keyid.len = sizeof(struct keyid); in pkey_clr2seckey()
422 plv2->keyid.attr = 0x30; in pkey_clr2seckey()
423 preqcblk->req_parml = sizeof(struct cmreqparm) + keysize; in pkey_clr2seckey()
438 if (prepcblk->ccp_rtcode != 0) { in pkey_clr2seckey()
442 (int) prepcblk->ccp_rtcode, in pkey_clr2seckey()
443 (int) prepcblk->ccp_rscode); in pkey_clr2seckey()
444 rc = -EIO; in pkey_clr2seckey()
449 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX); in pkey_clr2seckey()
450 prepparm = (struct cmrepparm *) prepcblk->rpl_parmb; in pkey_clr2seckey()
452 /* check length of the returned secure key token */ in pkey_clr2seckey()
453 seckeysize = prepparm->lv3.keyblock.toklen in pkey_clr2seckey()
454 - sizeof(prepparm->lv3.keyblock.toklen) in pkey_clr2seckey()
455 - sizeof(prepparm->lv3.keyblock.tokattr); in pkey_clr2seckey()
458 "%s secure token size mismatch %d != %d bytes\n", in pkey_clr2seckey()
460 rc = -EIO; in pkey_clr2seckey()
464 /* check secure key token */ in pkey_clr2seckey()
465 rc = check_secaeskeytoken(prepparm->lv3.keyblock.tok, 8*keysize); in pkey_clr2seckey()
467 rc = -EIO; in pkey_clr2seckey()
471 /* copy the generated secure key token */ in pkey_clr2seckey()
472 memcpy(seckey->seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE); in pkey_clr2seckey()
481 * Derive a proteced key from the secure key blob.
503 u8 token[0]; /* cca secure key token */ in pkey_sec2protkey()
536 preqcblk->domain = domain; in pkey_sec2protkey()
539 preqparm = (struct uskreqparm *) preqcblk->req_parmb; in pkey_sec2protkey()
540 memcpy(preqparm->subfunc_code, "US", 2); in pkey_sec2protkey()
541 preqparm->rule_array_len = sizeof(preqparm->rule_array_len); in pkey_sec2protkey()
542 preqparm->lv1.len = sizeof(struct lv1); in pkey_sec2protkey()
543 preqparm->lv1.attr_len = sizeof(struct lv1) - sizeof(preqparm->lv1.len); in pkey_sec2protkey()
544 preqparm->lv1.attr_flags = 0x0001; in pkey_sec2protkey()
545 preqparm->lv2.len = sizeof(struct lv2) + SECKEYBLOBSIZE; in pkey_sec2protkey()
546 preqparm->lv2.attr_len = sizeof(struct lv2) in pkey_sec2protkey()
547 - sizeof(preqparm->lv2.len) + SECKEYBLOBSIZE; in pkey_sec2protkey()
548 preqparm->lv2.attr_flags = 0x0000; in pkey_sec2protkey()
549 memcpy(preqparm->lv2.token, seckey->seckey, SECKEYBLOBSIZE); in pkey_sec2protkey()
550 preqcblk->req_parml = sizeof(struct uskreqparm) + SECKEYBLOBSIZE; in pkey_sec2protkey()
565 if (prepcblk->ccp_rtcode != 0) { in pkey_sec2protkey()
567 "%s unwrap secure key failure, card response %d/%d\n", in pkey_sec2protkey()
569 (int) prepcblk->ccp_rtcode, in pkey_sec2protkey()
570 (int) prepcblk->ccp_rscode); in pkey_sec2protkey()
571 rc = -EIO; in pkey_sec2protkey()
574 if (prepcblk->ccp_rscode != 0) { in pkey_sec2protkey()
576 "%s unwrap secure key warning, card response %d/%d\n", in pkey_sec2protkey()
578 (int) prepcblk->ccp_rtcode, in pkey_sec2protkey()
579 (int) prepcblk->ccp_rscode); in pkey_sec2protkey()
583 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX); in pkey_sec2protkey()
584 prepparm = (struct uskrepparm *) prepcblk->rpl_parmb; in pkey_sec2protkey()
587 if (prepparm->lv3.keyblock.version != 0x01) { in pkey_sec2protkey()
590 __func__, (int) prepparm->lv3.keyblock.version); in pkey_sec2protkey()
591 rc = -EIO; in pkey_sec2protkey()
596 switch (prepparm->lv3.keyblock.keylen) { in pkey_sec2protkey()
598 protkey->type = PKEY_KEYTYPE_AES_128; in pkey_sec2protkey()
601 protkey->type = PKEY_KEYTYPE_AES_192; in pkey_sec2protkey()
604 protkey->type = PKEY_KEYTYPE_AES_256; in pkey_sec2protkey()
608 __func__, prepparm->lv3.keyblock.keylen); in pkey_sec2protkey()
609 rc = -EIO; in pkey_sec2protkey()
612 protkey->len = prepparm->lv3.keyblock.keylen; in pkey_sec2protkey()
613 memcpy(protkey->protkey, prepparm->lv3.keyblock.key, protkey->len); in pkey_sec2protkey()
648 return -EINVAL; in pkey_clr2protkey()
653 memcpy(paramblock, clrkey->clrkey, keysize); in pkey_clr2protkey()
659 protkey->type = keytype; in pkey_clr2protkey()
660 protkey->len = keysize + 32; in pkey_clr2protkey()
661 memcpy(protkey->protkey, paramblock, keysize + 32); in pkey_clr2protkey()
702 preqcblk->domain = domain; in query_crypto_facility()
705 preqparm = (struct fqreqparm *) preqcblk->req_parmb; in query_crypto_facility()
706 memcpy(preqparm->subfunc_code, "FQ", 2); in query_crypto_facility()
707 memcpy(preqparm->rule_array, keyword, sizeof(preqparm->rule_array)); in query_crypto_facility()
708 preqparm->rule_array_len = in query_crypto_facility()
709 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array); in query_crypto_facility()
710 preqparm->lv1.len = sizeof(preqparm->lv1); in query_crypto_facility()
711 preqparm->dummylen = sizeof(preqparm->dummylen); in query_crypto_facility()
712 preqcblk->req_parml = parmbsize; in query_crypto_facility()
727 if (prepcblk->ccp_rtcode != 0) { in query_crypto_facility()
729 "%s unwrap secure key failure, card response %d/%d\n", in query_crypto_facility()
731 (int) prepcblk->ccp_rtcode, in query_crypto_facility()
732 (int) prepcblk->ccp_rscode); in query_crypto_facility()
733 rc = -EIO; in query_crypto_facility()
738 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX); in query_crypto_facility()
739 prepparm = (struct fqrepparm *) prepcblk->rpl_parmb; in query_crypto_facility()
740 ptr = prepparm->lvdata; in query_crypto_facility()
746 len -= sizeof(u16); in query_crypto_facility()
757 len -= sizeof(u16); in query_crypto_facility()
782 return -ENOMEM; in fetch_mkvp()
800 return found ? 0 : -ENOENT; in fetch_mkvp()
817 int rc = -ENOENT; in mkvp_cache_fetch()
822 if (ptr->cardnr == cardnr && in mkvp_cache_fetch()
823 ptr->domain == domain) { in mkvp_cache_fetch()
824 memcpy(mkvp, ptr->mkvp, 2 * sizeof(u64)); in mkvp_cache_fetch()
841 if (ptr->cardnr == cardnr && in mkvp_cache_update()
842 ptr->domain == domain) { in mkvp_cache_update()
843 memcpy(ptr->mkvp, mkvp, 2 * sizeof(u64)); in mkvp_cache_update()
854 ptr->cardnr = cardnr; in mkvp_cache_update()
855 ptr->domain = domain; in mkvp_cache_update()
856 memcpy(ptr->mkvp, mkvp, 2 * sizeof(u64)); in mkvp_cache_update()
857 list_add(&ptr->list, &mkvp_list); in mkvp_cache_update()
868 if (ptr->cardnr == cardnr && in mkvp_cache_scrub()
869 ptr->domain == domain) { in mkvp_cache_scrub()
870 list_del(&ptr->list); in mkvp_cache_scrub()
884 list_del(&ptr->list); in mkvp_cache_free()
892 * Verification Pattern provided inside a secure key.
901 int i, rc, oi = -1; in pkey_findcard()
904 if (t->mkvp == 0) in pkey_findcard()
905 return -EINVAL; in pkey_findcard()
912 return -ENOMEM; in pkey_findcard()
924 t->mkvp == mkvp[0]) { in pkey_findcard()
930 if (t->mkvp == mkvp[0]) in pkey_findcard()
951 if (t->mkvp == mkvp[0]) in pkey_findcard()
953 if (t->mkvp == mkvp[1] && oi < 0) in pkey_findcard()
970 rc = -ENODEV; in pkey_findcard()
978 * Find card and transform secure key into protected key.
1020 /* check the secure key for valid AES secure key */ in pkey_verifykey()
1027 *pkeysize = t->bitsize; in pkey_verifykey()
1038 if (t->mkvp == mkvp[1]) { in pkey_verifykey()
1039 DEBUG_DBG("%s secure key has old mkvp\n", __func__); in pkey_verifykey()
1070 return -EFAULT; in pkey_unlocked_ioctl()
1077 return -EFAULT; in pkey_unlocked_ioctl()
1085 return -EFAULT; in pkey_unlocked_ioctl()
1092 return -EFAULT; in pkey_unlocked_ioctl()
1101 return -EFAULT; in pkey_unlocked_ioctl()
1108 return -EFAULT; in pkey_unlocked_ioctl()
1116 return -EFAULT; in pkey_unlocked_ioctl()
1123 return -EFAULT; in pkey_unlocked_ioctl()
1132 return -EFAULT; in pkey_unlocked_ioctl()
1139 return -EFAULT; in pkey_unlocked_ioctl()
1147 return -EFAULT; in pkey_unlocked_ioctl()
1153 return -EFAULT; in pkey_unlocked_ioctl()
1161 return -EFAULT; in pkey_unlocked_ioctl()
1168 return -EFAULT; in pkey_unlocked_ioctl()
1173 return -ENOTTY; in pkey_unlocked_ioctl()
1205 return -EOPNOTSUPP; in pkey_init()
1209 return -EOPNOTSUPP; in pkey_init()