Lines Matching +full:inside +full:- +full:secure
1 // SPDX-License-Identifier: GPL-2.0+
49 * Simple check if the token is a valid CCA secure AES data key
60 if (t->type != TOKTYPE_CCA_INTERNAL) { in cca_check_secaeskeytoken()
63 __func__, (int) t->type, TOKTYPE_CCA_INTERNAL); in cca_check_secaeskeytoken()
64 return -EINVAL; in cca_check_secaeskeytoken()
66 if (t->version != TOKVER_CCA_AES) { in cca_check_secaeskeytoken()
69 __func__, (int) t->version, TOKVER_CCA_AES); in cca_check_secaeskeytoken()
70 return -EINVAL; in cca_check_secaeskeytoken()
72 if (keybitsize > 0 && t->bitsize != keybitsize) { in cca_check_secaeskeytoken()
75 __func__, (int) t->bitsize, keybitsize); in cca_check_secaeskeytoken()
76 return -EINVAL; in cca_check_secaeskeytoken()
86 * Simple check if the token is a valid CCA secure AES cipher key
101 if (t->type != TOKTYPE_CCA_INTERNAL) { in cca_check_secaescipherkey()
104 __func__, (int) t->type, TOKTYPE_CCA_INTERNAL); in cca_check_secaescipherkey()
105 return -EINVAL; in cca_check_secaescipherkey()
107 if (t->version != TOKVER_CCA_VLSC) { in cca_check_secaescipherkey()
110 __func__, (int) t->version, TOKVER_CCA_VLSC); in cca_check_secaescipherkey()
111 return -EINVAL; in cca_check_secaescipherkey()
113 if (t->algtype != 0x02) { in cca_check_secaescipherkey()
116 __func__, (int) t->algtype); in cca_check_secaescipherkey()
117 return -EINVAL; in cca_check_secaescipherkey()
119 if (t->keytype != 0x0001) { in cca_check_secaescipherkey()
122 __func__, (int) t->keytype); in cca_check_secaescipherkey()
123 return -EINVAL; in cca_check_secaescipherkey()
125 if (t->plfver != 0x00 && t->plfver != 0x01) { in cca_check_secaescipherkey()
128 __func__, (int) t->plfver); in cca_check_secaescipherkey()
129 return -EINVAL; in cca_check_secaescipherkey()
131 if (t->wpllen != 512 && t->wpllen != 576 && t->wpllen != 640) { in cca_check_secaescipherkey()
134 __func__, (int) t->wpllen); in cca_check_secaescipherkey()
135 return -EINVAL; in cca_check_secaescipherkey()
140 if (t->wpllen != (t->plfver ? 640 : 512)) in cca_check_secaescipherkey()
144 if (t->wpllen != (t->plfver ? 640 : 576)) in cca_check_secaescipherkey()
148 if (t->wpllen != 640) in cca_check_secaescipherkey()
159 return -EINVAL; in cca_check_secaescipherkey()
162 if (checkcpacfexport && !(t->kmf1 & KMF1_XPRT_CPAC)) { in cca_check_secaescipherkey()
166 return -EINVAL; in cca_check_secaescipherkey()
176 * Simple check if the token is a valid CCA secure ECC private
187 if (t->type != TOKTYPE_CCA_INTERNAL_PKA) { in cca_check_sececckeytoken()
190 __func__, (int) t->type, TOKTYPE_CCA_INTERNAL_PKA); in cca_check_sececckeytoken()
191 return -EINVAL; in cca_check_sececckeytoken()
193 if (t->len > keysize) { in cca_check_sececckeytoken()
196 __func__, (int) t->len, keysize); in cca_check_sececckeytoken()
197 return -EINVAL; in cca_check_sececckeytoken()
199 if (t->secid != 0x20) { in cca_check_sececckeytoken()
202 __func__, (int) t->secid); in cca_check_sececckeytoken()
203 return -EINVAL; in cca_check_sececckeytoken()
205 if (checkcpacfexport && !(t->kutc & 0x01)) { in cca_check_sececckeytoken()
209 return -EINVAL; in cca_check_sececckeytoken()
239 return -ENOMEM; in alloc_and_prep_cprbmem()
245 preqcblk->cprb_len = sizeof(struct CPRBX); in alloc_and_prep_cprbmem()
246 preqcblk->cprb_ver_id = 0x02; in alloc_and_prep_cprbmem()
247 memcpy(preqcblk->func_id, "T2", 2); in alloc_and_prep_cprbmem()
248 preqcblk->rpl_msgbl = cprbplusparamblen; in alloc_and_prep_cprbmem()
250 preqcblk->req_parmb = in alloc_and_prep_cprbmem()
252 preqcblk->rpl_parmb = in alloc_and_prep_cprbmem()
285 pxcrb->agent_ID = 0x4341; /* 'CA' */ in prep_xcrb()
286 pxcrb->user_defined = (cardnr == 0xFFFF ? AUTOSELECT : cardnr); in prep_xcrb()
287 pxcrb->request_control_blk_length = in prep_xcrb()
288 preqcblk->cprb_len + preqcblk->req_parml; in prep_xcrb()
289 pxcrb->request_control_blk_addr = (void __user *) preqcblk; in prep_xcrb()
290 pxcrb->reply_control_blk_length = preqcblk->rpl_msgbl; in prep_xcrb()
291 pxcrb->reply_control_blk_addr = (void __user *) prepcblk; in prep_xcrb()
295 * Generate (random) CCA AES DATA secure key.
345 preqcblk->domain = domain; in cca_genseckey()
348 preqparm = (struct kgreqparm __force *) preqcblk->req_parmb; in cca_genseckey()
349 memcpy(preqparm->subfunc_code, "KG", 2); in cca_genseckey()
350 preqparm->rule_array_len = sizeof(preqparm->rule_array_len); in cca_genseckey()
351 preqparm->lv1.len = sizeof(struct lv1); in cca_genseckey()
352 memcpy(preqparm->lv1.key_form, "OP ", 8); in cca_genseckey()
357 memcpy(preqparm->lv1.key_length, "KEYLN16 ", 8); in cca_genseckey()
362 memcpy(preqparm->lv1.key_length, "KEYLN24 ", 8); in cca_genseckey()
367 memcpy(preqparm->lv1.key_length, "KEYLN32 ", 8); in cca_genseckey()
372 rc = -EINVAL; in cca_genseckey()
375 memcpy(preqparm->lv1.key_type1, "AESDATA ", 8); in cca_genseckey()
376 preqparm->lv2.len = sizeof(struct lv2); in cca_genseckey()
378 preqparm->lv2.keyid[i].len = sizeof(struct keyid); in cca_genseckey()
379 preqparm->lv2.keyid[i].attr = (i == 2 ? 0x30 : 0x10); in cca_genseckey()
381 preqcblk->req_parml = sizeof(struct kgreqparm); in cca_genseckey()
395 if (prepcblk->ccp_rtcode != 0) { in cca_genseckey()
396 DEBUG_ERR("%s secure key generate failure, card response %d/%d\n", in cca_genseckey()
398 (int) prepcblk->ccp_rtcode, in cca_genseckey()
399 (int) prepcblk->ccp_rscode); in cca_genseckey()
400 rc = -EIO; in cca_genseckey()
406 prepcblk->rpl_parmb = (u8 __user *) ptr; in cca_genseckey()
409 /* check length of the returned secure key token */ in cca_genseckey()
410 seckeysize = prepparm->lv3.keyblock.toklen in cca_genseckey()
411 - sizeof(prepparm->lv3.keyblock.toklen) in cca_genseckey()
412 - sizeof(prepparm->lv3.keyblock.tokattr); in cca_genseckey()
414 DEBUG_ERR("%s secure token size mismatch %d != %d bytes\n", in cca_genseckey()
416 rc = -EIO; in cca_genseckey()
420 /* check secure key token */ in cca_genseckey()
422 prepparm->lv3.keyblock.tok, 8*keysize); in cca_genseckey()
424 rc = -EIO; in cca_genseckey()
428 /* copy the generated secure key token */ in cca_genseckey()
429 memcpy(seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE); in cca_genseckey()
438 * Generate an CCA AES DATA secure key with given key value.
486 preqcblk->domain = domain; in cca_clr2seckey()
489 preqparm = (struct cmreqparm __force *) preqcblk->req_parmb; in cca_clr2seckey()
490 memcpy(preqparm->subfunc_code, "CM", 2); in cca_clr2seckey()
491 memcpy(preqparm->rule_array, "AES ", 8); in cca_clr2seckey()
492 preqparm->rule_array_len = in cca_clr2seckey()
493 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array); in cca_clr2seckey()
510 rc = -EINVAL; in cca_clr2seckey()
513 preqparm->lv1.len = sizeof(struct lv1) + keysize; in cca_clr2seckey()
514 memcpy(preqparm->lv1.clrkey, clrkey, keysize); in cca_clr2seckey()
515 plv2 = (struct lv2 *) (((u8 *) &preqparm->lv2) + keysize); in cca_clr2seckey()
516 plv2->len = sizeof(struct lv2); in cca_clr2seckey()
517 plv2->keyid.len = sizeof(struct keyid); in cca_clr2seckey()
518 plv2->keyid.attr = 0x30; in cca_clr2seckey()
519 preqcblk->req_parml = sizeof(struct cmreqparm) + keysize; in cca_clr2seckey()
533 if (prepcblk->ccp_rtcode != 0) { in cca_clr2seckey()
536 (int) prepcblk->ccp_rtcode, in cca_clr2seckey()
537 (int) prepcblk->ccp_rscode); in cca_clr2seckey()
538 rc = -EIO; in cca_clr2seckey()
544 prepcblk->rpl_parmb = (u8 __user *) ptr; in cca_clr2seckey()
547 /* check length of the returned secure key token */ in cca_clr2seckey()
548 seckeysize = prepparm->lv3.keyblock.toklen in cca_clr2seckey()
549 - sizeof(prepparm->lv3.keyblock.toklen) in cca_clr2seckey()
550 - sizeof(prepparm->lv3.keyblock.tokattr); in cca_clr2seckey()
552 DEBUG_ERR("%s secure token size mismatch %d != %d bytes\n", in cca_clr2seckey()
554 rc = -EIO; in cca_clr2seckey()
558 /* check secure key token */ in cca_clr2seckey()
560 prepparm->lv3.keyblock.tok, 8*keysize); in cca_clr2seckey()
562 rc = -EIO; in cca_clr2seckey()
566 /* copy the generated secure key token */ in cca_clr2seckey()
568 memcpy(seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE); in cca_clr2seckey()
577 * Derive proteced key from an CCA AES DATA secure key.
599 u8 token[0]; /* cca secure key token */ in cca_sec2protkey()
632 preqcblk->domain = domain; in cca_sec2protkey()
635 preqparm = (struct uskreqparm __force *) preqcblk->req_parmb; in cca_sec2protkey()
636 memcpy(preqparm->subfunc_code, "US", 2); in cca_sec2protkey()
637 preqparm->rule_array_len = sizeof(preqparm->rule_array_len); in cca_sec2protkey()
638 preqparm->lv1.len = sizeof(struct lv1); in cca_sec2protkey()
639 preqparm->lv1.attr_len = sizeof(struct lv1) - sizeof(preqparm->lv1.len); in cca_sec2protkey()
640 preqparm->lv1.attr_flags = 0x0001; in cca_sec2protkey()
641 preqparm->lv2.len = sizeof(struct lv2) + SECKEYBLOBSIZE; in cca_sec2protkey()
642 preqparm->lv2.attr_len = sizeof(struct lv2) in cca_sec2protkey()
643 - sizeof(preqparm->lv2.len) + SECKEYBLOBSIZE; in cca_sec2protkey()
644 preqparm->lv2.attr_flags = 0x0000; in cca_sec2protkey()
645 memcpy(preqparm->lv2.token, seckey, SECKEYBLOBSIZE); in cca_sec2protkey()
646 preqcblk->req_parml = sizeof(struct uskreqparm) + SECKEYBLOBSIZE; in cca_sec2protkey()
660 if (prepcblk->ccp_rtcode != 0) { in cca_sec2protkey()
661 DEBUG_ERR("%s unwrap secure key failure, card response %d/%d\n", in cca_sec2protkey()
663 (int) prepcblk->ccp_rtcode, in cca_sec2protkey()
664 (int) prepcblk->ccp_rscode); in cca_sec2protkey()
665 rc = -EIO; in cca_sec2protkey()
668 if (prepcblk->ccp_rscode != 0) { in cca_sec2protkey()
669 DEBUG_WARN("%s unwrap secure key warning, card response %d/%d\n", in cca_sec2protkey()
671 (int) prepcblk->ccp_rtcode, in cca_sec2protkey()
672 (int) prepcblk->ccp_rscode); in cca_sec2protkey()
677 prepcblk->rpl_parmb = (u8 __user *) ptr; in cca_sec2protkey()
681 if (prepparm->lv3.ckb.version != 0x01 && in cca_sec2protkey()
682 prepparm->lv3.ckb.version != 0x02) { in cca_sec2protkey()
684 __func__, (int) prepparm->lv3.ckb.version); in cca_sec2protkey()
685 rc = -EIO; in cca_sec2protkey()
690 switch (prepparm->lv3.ckb.len) { in cca_sec2protkey()
708 __func__, prepparm->lv3.ckb.len); in cca_sec2protkey()
709 rc = -EIO; in cca_sec2protkey()
712 memcpy(protkey, prepparm->lv3.ckb.key, prepparm->lv3.ckb.len); in cca_sec2protkey()
714 *protkeylen = prepparm->lv3.ckb.len; in cca_sec2protkey()
724 * INTERNAL, NO-KEY, AES, CIPHER, ANY-MODE, NOEX-SYM, NOEXAASY,
725 * NOEXUASY, XPRTCPAC, NOEX-RAW, NOEX-DES, NOEX-AES, NOEX-RSA
739 * Generate (random) CCA AES CIPHER secure key.
811 u8 gen_key[0]; /* 120-136 bytes */ in cca_gencipherkey()
823 preqcblk->domain = domain; in cca_gencipherkey()
824 preqcblk->req_parml = sizeof(struct gkreqparm); in cca_gencipherkey()
827 preqparm = (struct gkreqparm __force *) preqcblk->req_parmb; in cca_gencipherkey()
828 memcpy(preqparm->subfunc_code, "GK", 2); in cca_gencipherkey()
829 preqparm->rule_array_len = sizeof(uint16_t) + 2 * 8; in cca_gencipherkey()
830 memcpy(preqparm->rule_array, "AES OP ", 2*8); in cca_gencipherkey()
833 preqparm->vud.len = sizeof(preqparm->vud); in cca_gencipherkey()
843 rc = -EINVAL; in cca_gencipherkey()
846 preqparm->vud.clear_key_bit_len = keybitsize; in cca_gencipherkey()
847 memcpy(preqparm->vud.key_type_1, "TOKEN ", 8); in cca_gencipherkey()
848 memset(preqparm->vud.key_type_2, ' ', sizeof(preqparm->vud.key_type_2)); in cca_gencipherkey()
851 preqparm->kb.len = sizeof(preqparm->kb); in cca_gencipherkey()
852 preqparm->kb.tlv1.len = sizeof(preqparm->kb.tlv1); in cca_gencipherkey()
853 preqparm->kb.tlv1.flag = 0x0030; in cca_gencipherkey()
854 preqparm->kb.tlv2.len = sizeof(preqparm->kb.tlv2); in cca_gencipherkey()
855 preqparm->kb.tlv2.flag = 0x0030; in cca_gencipherkey()
856 preqparm->kb.tlv3.len = sizeof(preqparm->kb.tlv3); in cca_gencipherkey()
857 preqparm->kb.tlv3.flag = 0x0030; in cca_gencipherkey()
858 memcpy(preqparm->kb.tlv3.gen_key_id_1, in cca_gencipherkey()
860 preqparm->kb.tlv4.len = sizeof(preqparm->kb.tlv4); in cca_gencipherkey()
861 preqparm->kb.tlv4.flag = 0x0030; in cca_gencipherkey()
862 preqparm->kb.tlv5.len = sizeof(preqparm->kb.tlv5); in cca_gencipherkey()
863 preqparm->kb.tlv5.flag = 0x0030; in cca_gencipherkey()
864 preqparm->kb.tlv6.len = sizeof(preqparm->kb.tlv6); in cca_gencipherkey()
865 preqparm->kb.tlv6.flag = 0x0030; in cca_gencipherkey()
867 /* patch the skeleton key token export flags inside the kb block */ in cca_gencipherkey()
869 t = (struct cipherkeytoken *) preqparm->kb.tlv3.gen_key_id_1; in cca_gencipherkey()
870 t->kmf1 |= (u16) (keygenflags & 0x0000FF00); in cca_gencipherkey()
871 t->kmf1 &= (u16) ~(keygenflags & 0x000000FF); in cca_gencipherkey()
887 if (prepcblk->ccp_rtcode != 0) { in cca_gencipherkey()
891 (int) prepcblk->ccp_rtcode, in cca_gencipherkey()
892 (int) prepcblk->ccp_rscode); in cca_gencipherkey()
893 rc = -EIO; in cca_gencipherkey()
899 prepcblk->rpl_parmb = (u8 __user *) ptr; in cca_gencipherkey()
903 if (prepparm->kb.len < 120 + 5 * sizeof(uint16_t) || in cca_gencipherkey()
904 prepparm->kb.len > 136 + 5 * sizeof(uint16_t)) { in cca_gencipherkey()
907 rc = -EIO; in cca_gencipherkey()
913 prepparm->kb.tlv1.gen_key, in cca_gencipherkey()
916 rc = -EIO; in cca_gencipherkey()
921 t = (struct cipherkeytoken *) prepparm->kb.tlv1.gen_key; in cca_gencipherkey()
923 if (*keybufsize >= t->len) in cca_gencipherkey()
924 memcpy(keybuf, t, t->len); in cca_gencipherkey()
926 rc = -EINVAL; in cca_gencipherkey()
928 *keybufsize = t->len; in cca_gencipherkey()
1002 preqcblk->domain = domain; in _ip_cprb_helper()
1003 preqcblk->req_parml = 0; in _ip_cprb_helper()
1006 preq_ra_block = (struct rule_array_block __force *) preqcblk->req_parmb; in _ip_cprb_helper()
1007 memcpy(preq_ra_block->subfunc_code, "IP", 2); in _ip_cprb_helper()
1008 preq_ra_block->rule_array_len = sizeof(uint16_t) + 2 * 8; in _ip_cprb_helper()
1009 memcpy(preq_ra_block->rule_array, rule_array_1, 8); in _ip_cprb_helper()
1010 memcpy(preq_ra_block->rule_array + 8, rule_array_2, 8); in _ip_cprb_helper()
1011 preqcblk->req_parml = sizeof(struct rule_array_block) + 2 * 8; in _ip_cprb_helper()
1013 preq_ra_block->rule_array_len += 8; in _ip_cprb_helper()
1014 memcpy(preq_ra_block->rule_array + 16, rule_array_3, 8); in _ip_cprb_helper()
1015 preqcblk->req_parml += 8; in _ip_cprb_helper()
1020 (preqcblk->req_parmb + preqcblk->req_parml); in _ip_cprb_helper()
1022 preq_vud_block->len = sizeof(struct vud_block) + n; in _ip_cprb_helper()
1023 preq_vud_block->tlv1.len = sizeof(preq_vud_block->tlv1); in _ip_cprb_helper()
1024 preq_vud_block->tlv1.flag = 0x0064; in _ip_cprb_helper()
1025 preq_vud_block->tlv1.clr_key_bit_len = complete ? 0 : clr_key_bit_size; in _ip_cprb_helper()
1026 preq_vud_block->tlv2.len = sizeof(preq_vud_block->tlv2) + n; in _ip_cprb_helper()
1027 preq_vud_block->tlv2.flag = 0x0063; in _ip_cprb_helper()
1029 memcpy(preq_vud_block->tlv2.clr_key, clr_key_value, n); in _ip_cprb_helper()
1030 preqcblk->req_parml += preq_vud_block->len; in _ip_cprb_helper()
1034 (preqcblk->req_parmb + preqcblk->req_parml); in _ip_cprb_helper()
1036 preq_key_block->len = sizeof(struct key_block) + n; in _ip_cprb_helper()
1037 preq_key_block->tlv1.len = sizeof(preq_key_block->tlv1) + n; in _ip_cprb_helper()
1038 preq_key_block->tlv1.flag = 0x0030; in _ip_cprb_helper()
1039 memcpy(preq_key_block->tlv1.key_token, key_token, *key_token_size); in _ip_cprb_helper()
1040 preqcblk->req_parml += preq_key_block->len; in _ip_cprb_helper()
1055 if (prepcblk->ccp_rtcode != 0) { in _ip_cprb_helper()
1059 (int) prepcblk->ccp_rtcode, in _ip_cprb_helper()
1060 (int) prepcblk->ccp_rscode); in _ip_cprb_helper()
1061 rc = -EIO; in _ip_cprb_helper()
1067 prepcblk->rpl_parmb = (u8 __user *) ptr; in _ip_cprb_helper()
1071 if (prepparm->kb.len < 120 + 3 * sizeof(uint16_t) || in _ip_cprb_helper()
1072 prepparm->kb.len > 136 + 3 * sizeof(uint16_t)) { in _ip_cprb_helper()
1075 rc = -EIO; in _ip_cprb_helper()
1082 t = (struct cipherkeytoken *) prepparm->kb.tlv1.key_token; in _ip_cprb_helper()
1083 memcpy(key_token, t, t->len); in _ip_cprb_helper()
1084 *key_token_size = t->len; in _ip_cprb_helper()
1092 * Build CCA AES CIPHER secure key with a given clear key value.
1109 return -ENOMEM; in cca_clr2cipherkey()
1118 t->kmf1 |= (u16) (keygenflags & 0x0000FF00); in cca_clr2cipherkey()
1119 t->kmf1 &= (u16) ~(keygenflags & 0x000000FF); in cca_clr2cipherkey()
1127 * 4/4 COMPLETE the secure cipher key import in cca_clr2cipherkey()
1137 rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL, in cca_clr2cipherkey()
1145 rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL, in cca_clr2cipherkey()
1165 rc = -EINVAL; in cca_clr2cipherkey()
1178 * Derive proteced key from CCA AES cipher secure key.
1230 int keytoklen = ((struct cipherkeytoken *)ckey)->len; in cca_cipher2protkey()
1238 preqcblk->domain = domain; in cca_cipher2protkey()
1241 preqparm = (struct aureqparm __force *) preqcblk->req_parmb; in cca_cipher2protkey()
1242 memcpy(preqparm->subfunc_code, "AU", 2); in cca_cipher2protkey()
1243 preqparm->rule_array_len = in cca_cipher2protkey()
1244 sizeof(preqparm->rule_array_len) in cca_cipher2protkey()
1245 + sizeof(preqparm->rule_array); in cca_cipher2protkey()
1246 memcpy(preqparm->rule_array, "EXPT-SK ", 8); in cca_cipher2protkey()
1248 preqparm->vud.len = sizeof(preqparm->vud); in cca_cipher2protkey()
1249 preqparm->vud.tk_blob_len = sizeof(preqparm->vud.tk_blob) in cca_cipher2protkey()
1251 preqparm->vud.tk_blob_tag = 0x00C2; in cca_cipher2protkey()
1253 preqparm->kb.len = keytoklen + 3 * sizeof(uint16_t); in cca_cipher2protkey()
1254 preqparm->kb.cca_key_token_len = keytoklen + 2 * sizeof(uint16_t); in cca_cipher2protkey()
1255 memcpy(preqparm->kb.cca_key_token, ckey, keytoklen); in cca_cipher2protkey()
1257 preqcblk->req_parml = sizeof(struct aureqparm) + keytoklen; in cca_cipher2protkey()
1272 if (prepcblk->ccp_rtcode != 0) { in cca_cipher2protkey()
1274 "%s unwrap secure key failure, card response %d/%d\n", in cca_cipher2protkey()
1276 (int) prepcblk->ccp_rtcode, in cca_cipher2protkey()
1277 (int) prepcblk->ccp_rscode); in cca_cipher2protkey()
1278 rc = -EIO; in cca_cipher2protkey()
1281 if (prepcblk->ccp_rscode != 0) { in cca_cipher2protkey()
1283 "%s unwrap secure key warning, card response %d/%d\n", in cca_cipher2protkey()
1285 (int) prepcblk->ccp_rtcode, in cca_cipher2protkey()
1286 (int) prepcblk->ccp_rscode); in cca_cipher2protkey()
1291 prepcblk->rpl_parmb = (u8 __user *) ptr; in cca_cipher2protkey()
1295 if (prepparm->vud.ckb.version != 0x01 && in cca_cipher2protkey()
1296 prepparm->vud.ckb.version != 0x02) { in cca_cipher2protkey()
1298 __func__, (int) prepparm->vud.ckb.version); in cca_cipher2protkey()
1299 rc = -EIO; in cca_cipher2protkey()
1302 if (prepparm->vud.ckb.algo != 0x02) { in cca_cipher2protkey()
1305 __func__, (int) prepparm->vud.ckb.algo); in cca_cipher2protkey()
1306 rc = -EIO; in cca_cipher2protkey()
1311 switch (prepparm->vud.ckb.keylen) { in cca_cipher2protkey()
1329 __func__, prepparm->vud.ckb.keylen); in cca_cipher2protkey()
1330 rc = -EIO; in cca_cipher2protkey()
1333 memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen); in cca_cipher2protkey()
1335 *protkeylen = prepparm->vud.ckb.keylen; in cca_cipher2protkey()
1344 * Derive protected key from CCA ECC secure private key.
1396 int keylen = ((struct eccprivkeytoken *)key)->len; in cca_ecc2protkey()
1404 preqcblk->domain = domain; in cca_ecc2protkey()
1407 preqparm = (struct aureqparm __force *) preqcblk->req_parmb; in cca_ecc2protkey()
1408 memcpy(preqparm->subfunc_code, "AU", 2); in cca_ecc2protkey()
1409 preqparm->rule_array_len = in cca_ecc2protkey()
1410 sizeof(preqparm->rule_array_len) in cca_ecc2protkey()
1411 + sizeof(preqparm->rule_array); in cca_ecc2protkey()
1412 memcpy(preqparm->rule_array, "EXPT-SK ", 8); in cca_ecc2protkey()
1414 preqparm->vud.len = sizeof(preqparm->vud); in cca_ecc2protkey()
1415 preqparm->vud.tk_blob_len = sizeof(preqparm->vud.tk_blob) in cca_ecc2protkey()
1417 preqparm->vud.tk_blob_tag = 0x00C2; in cca_ecc2protkey()
1419 preqparm->kb.len = keylen + 3 * sizeof(uint16_t); in cca_ecc2protkey()
1420 preqparm->kb.cca_key_token_len = keylen + 2 * sizeof(uint16_t); in cca_ecc2protkey()
1421 memcpy(preqparm->kb.cca_key_token, key, keylen); in cca_ecc2protkey()
1423 preqcblk->req_parml = sizeof(struct aureqparm) + keylen; in cca_ecc2protkey()
1438 if (prepcblk->ccp_rtcode != 0) { in cca_ecc2protkey()
1440 "%s unwrap secure key failure, card response %d/%d\n", in cca_ecc2protkey()
1442 (int) prepcblk->ccp_rtcode, in cca_ecc2protkey()
1443 (int) prepcblk->ccp_rscode); in cca_ecc2protkey()
1444 rc = -EIO; in cca_ecc2protkey()
1447 if (prepcblk->ccp_rscode != 0) { in cca_ecc2protkey()
1449 "%s unwrap secure key warning, card response %d/%d\n", in cca_ecc2protkey()
1451 (int) prepcblk->ccp_rtcode, in cca_ecc2protkey()
1452 (int) prepcblk->ccp_rscode); in cca_ecc2protkey()
1457 prepcblk->rpl_parmb = (u8 __user *) ptr; in cca_ecc2protkey()
1461 if (prepparm->vud.ckb.version != 0x02) { in cca_ecc2protkey()
1463 __func__, (int) prepparm->vud.ckb.version); in cca_ecc2protkey()
1464 rc = -EIO; in cca_ecc2protkey()
1467 if (prepparm->vud.ckb.algo != 0x81) { in cca_ecc2protkey()
1470 __func__, (int) prepparm->vud.ckb.algo); in cca_ecc2protkey()
1471 rc = -EIO; in cca_ecc2protkey()
1476 if (prepparm->vud.ckb.keylen > *protkeylen) { in cca_ecc2protkey()
1478 __func__, prepparm->vud.ckb.keylen, *protkeylen); in cca_ecc2protkey()
1479 rc = -EIO; in cca_ecc2protkey()
1482 memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen); in cca_ecc2protkey()
1483 *protkeylen = prepparm->vud.ckb.keylen; in cca_ecc2protkey()
1528 preqcblk->domain = domain; in cca_query_crypto_facility()
1531 preqparm = (struct fqreqparm __force *) preqcblk->req_parmb; in cca_query_crypto_facility()
1532 memcpy(preqparm->subfunc_code, "FQ", 2); in cca_query_crypto_facility()
1533 memcpy(preqparm->rule_array, keyword, sizeof(preqparm->rule_array)); in cca_query_crypto_facility()
1534 preqparm->rule_array_len = in cca_query_crypto_facility()
1535 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array); in cca_query_crypto_facility()
1536 preqparm->lv1.len = sizeof(preqparm->lv1); in cca_query_crypto_facility()
1537 preqparm->dummylen = sizeof(preqparm->dummylen); in cca_query_crypto_facility()
1538 preqcblk->req_parml = parmbsize; in cca_query_crypto_facility()
1552 if (prepcblk->ccp_rtcode != 0) { in cca_query_crypto_facility()
1553 DEBUG_ERR("%s unwrap secure key failure, card response %d/%d\n", in cca_query_crypto_facility()
1555 (int) prepcblk->ccp_rtcode, in cca_query_crypto_facility()
1556 (int) prepcblk->ccp_rscode); in cca_query_crypto_facility()
1557 rc = -EIO; in cca_query_crypto_facility()
1563 prepcblk->rpl_parmb = (u8 __user *) ptr; in cca_query_crypto_facility()
1565 ptr = prepparm->lvdata; in cca_query_crypto_facility()
1571 len -= sizeof(u16); in cca_query_crypto_facility()
1582 len -= sizeof(u16); in cca_query_crypto_facility()
1598 int rc = -ENOENT; in cca_info_cache_fetch()
1603 if (ptr->cardnr == cardnr && ptr->domain == domain) { in cca_info_cache_fetch()
1604 memcpy(ci, &ptr->info, sizeof(*ci)); in cca_info_cache_fetch()
1622 if (ptr->cardnr == cardnr && in cca_info_cache_update()
1623 ptr->domain == domain) { in cca_info_cache_update()
1624 memcpy(&ptr->info, ci, sizeof(*ci)); in cca_info_cache_update()
1635 ptr->cardnr = cardnr; in cca_info_cache_update()
1636 ptr->domain = domain; in cca_info_cache_update()
1637 memcpy(&ptr->info, ci, sizeof(*ci)); in cca_info_cache_update()
1638 list_add(&ptr->list, &cca_info_list); in cca_info_cache_update()
1649 if (ptr->cardnr == cardnr && in cca_info_cache_scrub()
1650 ptr->domain == domain) { in cca_info_cache_scrub()
1651 list_del(&ptr->list); in cca_info_cache_scrub()
1665 list_del(&ptr->list); in mkvp_cache_free()
1687 ci->hwtype = devstat.hwtype; in fetch_cca_info()
1692 return -ENOMEM; in fetch_cca_info()
1701 memcpy(ci->serial, rarray, 8); in fetch_cca_info()
1702 ci->new_aes_mk_state = (char) rarray[7*8]; in fetch_cca_info()
1703 ci->cur_aes_mk_state = (char) rarray[8*8]; in fetch_cca_info()
1704 ci->old_aes_mk_state = (char) rarray[9*8]; in fetch_cca_info()
1705 if (ci->old_aes_mk_state == '2') in fetch_cca_info()
1706 memcpy(&ci->old_aes_mkvp, varray + 172, 8); in fetch_cca_info()
1707 if (ci->cur_aes_mk_state == '2') in fetch_cca_info()
1708 memcpy(&ci->cur_aes_mkvp, varray + 184, 8); in fetch_cca_info()
1709 if (ci->new_aes_mk_state == '3') in fetch_cca_info()
1710 memcpy(&ci->new_aes_mkvp, varray + 196, 8); in fetch_cca_info()
1719 ci->new_apka_mk_state = (char) rarray[10*8]; in fetch_cca_info()
1720 ci->cur_apka_mk_state = (char) rarray[11*8]; in fetch_cca_info()
1721 ci->old_apka_mk_state = (char) rarray[12*8]; in fetch_cca_info()
1722 if (ci->old_apka_mk_state == '2') in fetch_cca_info()
1723 memcpy(&ci->old_apka_mkvp, varray + 208, 8); in fetch_cca_info()
1724 if (ci->cur_apka_mk_state == '2') in fetch_cca_info()
1725 memcpy(&ci->cur_apka_mkvp, varray + 220, 8); in fetch_cca_info()
1726 if (ci->new_apka_mk_state == '3') in fetch_cca_info()
1727 memcpy(&ci->new_apka_mkvp, varray + 232, 8); in fetch_cca_info()
1733 return found == 2 ? 0 : -ENOENT; in fetch_cca_info()
1764 int i, rc, oi = -1; in findcard()
1768 return -EINVAL; in findcard()
1775 return -ENOMEM; in findcard()
1841 rc = -ENODEV; in findcard()
1849 * Verification Pattern provided inside a secure key token.
1857 if (hdr->type != TOKTYPE_CCA_INTERNAL) in cca_findcard()
1858 return -EINVAL; in cca_findcard()
1860 switch (hdr->version) { in cca_findcard()
1862 mkvp = ((struct secaeskeytoken *)key)->mkvp; in cca_findcard()
1865 mkvp = ((struct cipherkeytoken *)key)->mkvp0; in cca_findcard()
1869 return -EINVAL; in cca_findcard()
1890 return -ENOMEM; in cca_findcard2()
1897 return -ENOMEM; in cca_findcard2()
1954 rc = -ENODEV; in cca_findcard2()
1956 /* no re-allocation, simple return the _apqns array */ in cca_findcard2()