1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright IBM Corp. 2019
4 * Author(s): Harald Freudenberger <freude@linux.ibm.com>
5 *
6 * Collection of EP11 misc functions used by zcrypt and pkey
7 */
8
9 #define KMSG_COMPONENT "zcrypt"
10 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
11
12 #include <linux/init.h>
13 #include <linux/module.h>
14 #include <linux/slab.h>
15 #include <linux/random.h>
16 #include <asm/zcrypt.h>
17 #include <asm/pkey.h>
18 #include <crypto/aes.h>
19
20 #include "ap_bus.h"
21 #include "zcrypt_api.h"
22 #include "zcrypt_debug.h"
23 #include "zcrypt_msgtype6.h"
24 #include "zcrypt_ep11misc.h"
25 #include "zcrypt_ccamisc.h"
26
27 #define DEBUG_DBG(...) ZCRYPT_DBF(DBF_DEBUG, ##__VA_ARGS__)
28 #define DEBUG_INFO(...) ZCRYPT_DBF(DBF_INFO, ##__VA_ARGS__)
29 #define DEBUG_WARN(...) ZCRYPT_DBF(DBF_WARN, ##__VA_ARGS__)
30 #define DEBUG_ERR(...) ZCRYPT_DBF(DBF_ERR, ##__VA_ARGS__)
31
32 /* default iv used here */
33 static const u8 def_iv[16] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
34 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
35
36 /* ep11 card info cache */
37 struct card_list_entry {
38 struct list_head list;
39 u16 cardnr;
40 struct ep11_card_info info;
41 };
42 static LIST_HEAD(card_list);
43 static DEFINE_SPINLOCK(card_list_lock);
44
card_cache_fetch(u16 cardnr,struct ep11_card_info * ci)45 static int card_cache_fetch(u16 cardnr, struct ep11_card_info *ci)
46 {
47 int rc = -ENOENT;
48 struct card_list_entry *ptr;
49
50 spin_lock_bh(&card_list_lock);
51 list_for_each_entry(ptr, &card_list, list) {
52 if (ptr->cardnr == cardnr) {
53 memcpy(ci, &ptr->info, sizeof(*ci));
54 rc = 0;
55 break;
56 }
57 }
58 spin_unlock_bh(&card_list_lock);
59
60 return rc;
61 }
62
card_cache_update(u16 cardnr,const struct ep11_card_info * ci)63 static void card_cache_update(u16 cardnr, const struct ep11_card_info *ci)
64 {
65 int found = 0;
66 struct card_list_entry *ptr;
67
68 spin_lock_bh(&card_list_lock);
69 list_for_each_entry(ptr, &card_list, list) {
70 if (ptr->cardnr == cardnr) {
71 memcpy(&ptr->info, ci, sizeof(*ci));
72 found = 1;
73 break;
74 }
75 }
76 if (!found) {
77 ptr = kmalloc(sizeof(*ptr), GFP_ATOMIC);
78 if (!ptr) {
79 spin_unlock_bh(&card_list_lock);
80 return;
81 }
82 ptr->cardnr = cardnr;
83 memcpy(&ptr->info, ci, sizeof(*ci));
84 list_add(&ptr->list, &card_list);
85 }
86 spin_unlock_bh(&card_list_lock);
87 }
88
card_cache_scrub(u16 cardnr)89 static void card_cache_scrub(u16 cardnr)
90 {
91 struct card_list_entry *ptr;
92
93 spin_lock_bh(&card_list_lock);
94 list_for_each_entry(ptr, &card_list, list) {
95 if (ptr->cardnr == cardnr) {
96 list_del(&ptr->list);
97 kfree(ptr);
98 break;
99 }
100 }
101 spin_unlock_bh(&card_list_lock);
102 }
103
card_cache_free(void)104 static void __exit card_cache_free(void)
105 {
106 struct card_list_entry *ptr, *pnext;
107
108 spin_lock_bh(&card_list_lock);
109 list_for_each_entry_safe(ptr, pnext, &card_list, list) {
110 list_del(&ptr->list);
111 kfree(ptr);
112 }
113 spin_unlock_bh(&card_list_lock);
114 }
115
ep11_kb_split(const u8 * kb,size_t kblen,u32 kbver,struct ep11kblob_header ** kbhdr,size_t * kbhdrsize,u8 ** kbpl,size_t * kbplsize)116 static int ep11_kb_split(const u8 *kb, size_t kblen, u32 kbver,
117 struct ep11kblob_header **kbhdr, size_t *kbhdrsize,
118 u8 **kbpl, size_t *kbplsize)
119 {
120 struct ep11kblob_header *hdr = NULL;
121 size_t hdrsize, plsize = 0;
122 int rc = -EINVAL;
123 u8 *pl = NULL;
124
125 if (kblen < sizeof(struct ep11kblob_header))
126 goto out;
127 hdr = (struct ep11kblob_header *)kb;
128
129 switch (kbver) {
130 case TOKVER_EP11_AES:
131 /* header overlays the payload */
132 hdrsize = 0;
133 break;
134 case TOKVER_EP11_ECC_WITH_HEADER:
135 case TOKVER_EP11_AES_WITH_HEADER:
136 /* payload starts after the header */
137 hdrsize = sizeof(struct ep11kblob_header);
138 break;
139 default:
140 goto out;
141 }
142
143 plsize = kblen - hdrsize;
144 pl = (u8 *)kb + hdrsize;
145
146 if (kbhdr)
147 *kbhdr = hdr;
148 if (kbhdrsize)
149 *kbhdrsize = hdrsize;
150 if (kbpl)
151 *kbpl = pl;
152 if (kbplsize)
153 *kbplsize = plsize;
154
155 rc = 0;
156 out:
157 return rc;
158 }
159
160 /*
161 * Simple check if the key blob is a valid EP11 AES key blob with header.
162 */
ep11_check_aes_key_with_hdr(debug_info_t * dbg,int dbflvl,const u8 * key,size_t keylen,int checkcpacfexp)163 int ep11_check_aes_key_with_hdr(debug_info_t *dbg, int dbflvl,
164 const u8 *key, size_t keylen, int checkcpacfexp)
165 {
166 struct ep11kblob_header *hdr = (struct ep11kblob_header *)key;
167 struct ep11keyblob *kb = (struct ep11keyblob *)(key + sizeof(*hdr));
168
169 #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
170
171 if (keylen < sizeof(*hdr) + sizeof(*kb)) {
172 DBF("%s key check failed, keylen %zu < %zu\n",
173 __func__, keylen, sizeof(*hdr) + sizeof(*kb));
174 return -EINVAL;
175 }
176
177 if (hdr->type != TOKTYPE_NON_CCA) {
178 if (dbg)
179 DBF("%s key check failed, type 0x%02x != 0x%02x\n",
180 __func__, (int)hdr->type, TOKTYPE_NON_CCA);
181 return -EINVAL;
182 }
183 if (hdr->hver != 0x00) {
184 if (dbg)
185 DBF("%s key check failed, header version 0x%02x != 0x00\n",
186 __func__, (int)hdr->hver);
187 return -EINVAL;
188 }
189 if (hdr->version != TOKVER_EP11_AES_WITH_HEADER) {
190 if (dbg)
191 DBF("%s key check failed, version 0x%02x != 0x%02x\n",
192 __func__, (int)hdr->version, TOKVER_EP11_AES_WITH_HEADER);
193 return -EINVAL;
194 }
195 if (hdr->len > keylen) {
196 if (dbg)
197 DBF("%s key check failed, header len %d keylen %zu mismatch\n",
198 __func__, (int)hdr->len, keylen);
199 return -EINVAL;
200 }
201 if (hdr->len < sizeof(*hdr) + sizeof(*kb)) {
202 if (dbg)
203 DBF("%s key check failed, header len %d < %zu\n",
204 __func__, (int)hdr->len, sizeof(*hdr) + sizeof(*kb));
205 return -EINVAL;
206 }
207
208 if (kb->version != EP11_STRUCT_MAGIC) {
209 if (dbg)
210 DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
211 __func__, (int)kb->version, EP11_STRUCT_MAGIC);
212 return -EINVAL;
213 }
214 if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
215 if (dbg)
216 DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
217 __func__);
218 return -EINVAL;
219 }
220
221 #undef DBF
222
223 return 0;
224 }
225 EXPORT_SYMBOL(ep11_check_aes_key_with_hdr);
226
227 /*
228 * Simple check if the key blob is a valid EP11 ECC key blob with header.
229 */
ep11_check_ecc_key_with_hdr(debug_info_t * dbg,int dbflvl,const u8 * key,size_t keylen,int checkcpacfexp)230 int ep11_check_ecc_key_with_hdr(debug_info_t *dbg, int dbflvl,
231 const u8 *key, size_t keylen, int checkcpacfexp)
232 {
233 struct ep11kblob_header *hdr = (struct ep11kblob_header *)key;
234 struct ep11keyblob *kb = (struct ep11keyblob *)(key + sizeof(*hdr));
235
236 #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
237
238 if (keylen < sizeof(*hdr) + sizeof(*kb)) {
239 DBF("%s key check failed, keylen %zu < %zu\n",
240 __func__, keylen, sizeof(*hdr) + sizeof(*kb));
241 return -EINVAL;
242 }
243
244 if (hdr->type != TOKTYPE_NON_CCA) {
245 if (dbg)
246 DBF("%s key check failed, type 0x%02x != 0x%02x\n",
247 __func__, (int)hdr->type, TOKTYPE_NON_CCA);
248 return -EINVAL;
249 }
250 if (hdr->hver != 0x00) {
251 if (dbg)
252 DBF("%s key check failed, header version 0x%02x != 0x00\n",
253 __func__, (int)hdr->hver);
254 return -EINVAL;
255 }
256 if (hdr->version != TOKVER_EP11_ECC_WITH_HEADER) {
257 if (dbg)
258 DBF("%s key check failed, version 0x%02x != 0x%02x\n",
259 __func__, (int)hdr->version, TOKVER_EP11_ECC_WITH_HEADER);
260 return -EINVAL;
261 }
262 if (hdr->len > keylen) {
263 if (dbg)
264 DBF("%s key check failed, header len %d keylen %zu mismatch\n",
265 __func__, (int)hdr->len, keylen);
266 return -EINVAL;
267 }
268 if (hdr->len < sizeof(*hdr) + sizeof(*kb)) {
269 if (dbg)
270 DBF("%s key check failed, header len %d < %zu\n",
271 __func__, (int)hdr->len, sizeof(*hdr) + sizeof(*kb));
272 return -EINVAL;
273 }
274
275 if (kb->version != EP11_STRUCT_MAGIC) {
276 if (dbg)
277 DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
278 __func__, (int)kb->version, EP11_STRUCT_MAGIC);
279 return -EINVAL;
280 }
281 if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
282 if (dbg)
283 DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
284 __func__);
285 return -EINVAL;
286 }
287
288 #undef DBF
289
290 return 0;
291 }
292 EXPORT_SYMBOL(ep11_check_ecc_key_with_hdr);
293
294 /*
295 * Simple check if the key blob is a valid EP11 AES key blob with
296 * the header in the session field (old style EP11 AES key).
297 */
ep11_check_aes_key(debug_info_t * dbg,int dbflvl,const u8 * key,size_t keylen,int checkcpacfexp)298 int ep11_check_aes_key(debug_info_t *dbg, int dbflvl,
299 const u8 *key, size_t keylen, int checkcpacfexp)
300 {
301 struct ep11keyblob *kb = (struct ep11keyblob *)key;
302
303 #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
304
305 if (keylen < sizeof(*kb)) {
306 DBF("%s key check failed, keylen %zu < %zu\n",
307 __func__, keylen, sizeof(*kb));
308 return -EINVAL;
309 }
310
311 if (kb->head.type != TOKTYPE_NON_CCA) {
312 if (dbg)
313 DBF("%s key check failed, type 0x%02x != 0x%02x\n",
314 __func__, (int)kb->head.type, TOKTYPE_NON_CCA);
315 return -EINVAL;
316 }
317 if (kb->head.version != TOKVER_EP11_AES) {
318 if (dbg)
319 DBF("%s key check failed, version 0x%02x != 0x%02x\n",
320 __func__, (int)kb->head.version, TOKVER_EP11_AES);
321 return -EINVAL;
322 }
323 if (kb->head.len > keylen) {
324 if (dbg)
325 DBF("%s key check failed, header len %d keylen %zu mismatch\n",
326 __func__, (int)kb->head.len, keylen);
327 return -EINVAL;
328 }
329 if (kb->head.len < sizeof(*kb)) {
330 if (dbg)
331 DBF("%s key check failed, header len %d < %zu\n",
332 __func__, (int)kb->head.len, sizeof(*kb));
333 return -EINVAL;
334 }
335
336 if (kb->version != EP11_STRUCT_MAGIC) {
337 if (dbg)
338 DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
339 __func__, (int)kb->version, EP11_STRUCT_MAGIC);
340 return -EINVAL;
341 }
342 if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
343 if (dbg)
344 DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
345 __func__);
346 return -EINVAL;
347 }
348
349 #undef DBF
350
351 return 0;
352 }
353 EXPORT_SYMBOL(ep11_check_aes_key);
354
355 /*
356 * Allocate and prepare ep11 cprb plus additional payload.
357 */
alloc_cprb(size_t payload_len)358 static inline struct ep11_cprb *alloc_cprb(size_t payload_len)
359 {
360 size_t len = sizeof(struct ep11_cprb) + payload_len;
361 struct ep11_cprb *cprb;
362
363 cprb = kzalloc(len, GFP_KERNEL);
364 if (!cprb)
365 return NULL;
366
367 cprb->cprb_len = sizeof(struct ep11_cprb);
368 cprb->cprb_ver_id = 0x04;
369 memcpy(cprb->func_id, "T4", 2);
370 cprb->ret_code = 0xFFFFFFFF;
371 cprb->payload_len = payload_len;
372
373 return cprb;
374 }
375
376 /*
377 * Some helper functions related to ASN1 encoding.
378 * Limited to length info <= 2 byte.
379 */
380
381 #define ASN1TAGLEN(x) (2 + (x) + ((x) > 127 ? 1 : 0) + ((x) > 255 ? 1 : 0))
382
asn1tag_write(u8 * ptr,u8 tag,const u8 * pvalue,u16 valuelen)383 static int asn1tag_write(u8 *ptr, u8 tag, const u8 *pvalue, u16 valuelen)
384 {
385 ptr[0] = tag;
386 if (valuelen > 255) {
387 ptr[1] = 0x82;
388 *((u16 *)(ptr + 2)) = valuelen;
389 memcpy(ptr + 4, pvalue, valuelen);
390 return 4 + valuelen;
391 }
392 if (valuelen > 127) {
393 ptr[1] = 0x81;
394 ptr[2] = (u8)valuelen;
395 memcpy(ptr + 3, pvalue, valuelen);
396 return 3 + valuelen;
397 }
398 ptr[1] = (u8)valuelen;
399 memcpy(ptr + 2, pvalue, valuelen);
400 return 2 + valuelen;
401 }
402
403 /* EP11 payload > 127 bytes starts with this struct */
404 struct pl_head {
405 u8 tag;
406 u8 lenfmt;
407 u16 len;
408 u8 func_tag;
409 u8 func_len;
410 u32 func;
411 u8 dom_tag;
412 u8 dom_len;
413 u32 dom;
414 } __packed;
415
416 /* prep ep11 payload head helper function */
prep_head(struct pl_head * h,size_t pl_size,int api,int func)417 static inline void prep_head(struct pl_head *h,
418 size_t pl_size, int api, int func)
419 {
420 h->tag = 0x30;
421 h->lenfmt = 0x82;
422 h->len = pl_size - 4;
423 h->func_tag = 0x04;
424 h->func_len = sizeof(u32);
425 h->func = (api << 16) + func;
426 h->dom_tag = 0x04;
427 h->dom_len = sizeof(u32);
428 }
429
430 /* prep urb helper function */
prep_urb(struct ep11_urb * u,struct ep11_target_dev * t,int nt,struct ep11_cprb * req,size_t req_len,struct ep11_cprb * rep,size_t rep_len)431 static inline void prep_urb(struct ep11_urb *u,
432 struct ep11_target_dev *t, int nt,
433 struct ep11_cprb *req, size_t req_len,
434 struct ep11_cprb *rep, size_t rep_len)
435 {
436 u->targets = (u8 __user *)t;
437 u->targets_num = nt;
438 u->req = (u8 __user *)req;
439 u->req_len = req_len;
440 u->resp = (u8 __user *)rep;
441 u->resp_len = rep_len;
442 }
443
444 /* Check ep11 reply payload, return 0 or suggested errno value. */
check_reply_pl(const u8 * pl,const char * func)445 static int check_reply_pl(const u8 *pl, const char *func)
446 {
447 int len;
448 u32 ret;
449
450 /* start tag */
451 if (*pl++ != 0x30) {
452 DEBUG_ERR("%s reply start tag mismatch\n", func);
453 return -EIO;
454 }
455
456 /* payload length format */
457 if (*pl < 127) {
458 len = *pl;
459 pl++;
460 } else if (*pl == 0x81) {
461 pl++;
462 len = *pl;
463 pl++;
464 } else if (*pl == 0x82) {
465 pl++;
466 len = *((u16 *)pl);
467 pl += 2;
468 } else {
469 DEBUG_ERR("%s reply start tag lenfmt mismatch 0x%02hhx\n",
470 func, *pl);
471 return -EIO;
472 }
473
474 /* len should cover at least 3 fields with 32 bit value each */
475 if (len < 3 * 6) {
476 DEBUG_ERR("%s reply length %d too small\n", func, len);
477 return -EIO;
478 }
479
480 /* function tag, length and value */
481 if (pl[0] != 0x04 || pl[1] != 0x04) {
482 DEBUG_ERR("%s function tag or length mismatch\n", func);
483 return -EIO;
484 }
485 pl += 6;
486
487 /* dom tag, length and value */
488 if (pl[0] != 0x04 || pl[1] != 0x04) {
489 DEBUG_ERR("%s dom tag or length mismatch\n", func);
490 return -EIO;
491 }
492 pl += 6;
493
494 /* return value tag, length and value */
495 if (pl[0] != 0x04 || pl[1] != 0x04) {
496 DEBUG_ERR("%s return value tag or length mismatch\n", func);
497 return -EIO;
498 }
499 pl += 2;
500 ret = *((u32 *)pl);
501 if (ret != 0) {
502 DEBUG_ERR("%s return value 0x%04x != 0\n", func, ret);
503 return -EIO;
504 }
505
506 return 0;
507 }
508
509 /*
510 * Helper function which does an ep11 query with given query type.
511 */
ep11_query_info(u16 cardnr,u16 domain,u32 query_type,size_t buflen,u8 * buf)512 static int ep11_query_info(u16 cardnr, u16 domain, u32 query_type,
513 size_t buflen, u8 *buf)
514 {
515 struct ep11_info_req_pl {
516 struct pl_head head;
517 u8 query_type_tag;
518 u8 query_type_len;
519 u32 query_type;
520 u8 query_subtype_tag;
521 u8 query_subtype_len;
522 u32 query_subtype;
523 } __packed * req_pl;
524 struct ep11_info_rep_pl {
525 struct pl_head head;
526 u8 rc_tag;
527 u8 rc_len;
528 u32 rc;
529 u8 data_tag;
530 u8 data_lenfmt;
531 u16 data_len;
532 } __packed * rep_pl;
533 struct ep11_cprb *req = NULL, *rep = NULL;
534 struct ep11_target_dev target;
535 struct ep11_urb *urb = NULL;
536 int api = 1, rc = -ENOMEM;
537
538 /* request cprb and payload */
539 req = alloc_cprb(sizeof(struct ep11_info_req_pl));
540 if (!req)
541 goto out;
542 req_pl = (struct ep11_info_req_pl *)(((u8 *)req) + sizeof(*req));
543 prep_head(&req_pl->head, sizeof(*req_pl), api, 38); /* get xcp info */
544 req_pl->query_type_tag = 0x04;
545 req_pl->query_type_len = sizeof(u32);
546 req_pl->query_type = query_type;
547 req_pl->query_subtype_tag = 0x04;
548 req_pl->query_subtype_len = sizeof(u32);
549
550 /* reply cprb and payload */
551 rep = alloc_cprb(sizeof(struct ep11_info_rep_pl) + buflen);
552 if (!rep)
553 goto out;
554 rep_pl = (struct ep11_info_rep_pl *)(((u8 *)rep) + sizeof(*rep));
555
556 /* urb and target */
557 urb = kmalloc(sizeof(*urb), GFP_KERNEL);
558 if (!urb)
559 goto out;
560 target.ap_id = cardnr;
561 target.dom_id = domain;
562 prep_urb(urb, &target, 1,
563 req, sizeof(*req) + sizeof(*req_pl),
564 rep, sizeof(*rep) + sizeof(*rep_pl) + buflen);
565
566 rc = zcrypt_send_ep11_cprb(urb);
567 if (rc) {
568 DEBUG_ERR(
569 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
570 __func__, (int)cardnr, (int)domain, rc);
571 goto out;
572 }
573
574 rc = check_reply_pl((u8 *)rep_pl, __func__);
575 if (rc)
576 goto out;
577 if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
578 DEBUG_ERR("%s unknown reply data format\n", __func__);
579 rc = -EIO;
580 goto out;
581 }
582 if (rep_pl->data_len > buflen) {
583 DEBUG_ERR("%s mismatch between reply data len and buffer len\n",
584 __func__);
585 rc = -ENOSPC;
586 goto out;
587 }
588
589 memcpy(buf, ((u8 *)rep_pl) + sizeof(*rep_pl), rep_pl->data_len);
590
591 out:
592 kfree(req);
593 kfree(rep);
594 kfree(urb);
595 return rc;
596 }
597
598 /*
599 * Provide information about an EP11 card.
600 */
ep11_get_card_info(u16 card,struct ep11_card_info * info,int verify)601 int ep11_get_card_info(u16 card, struct ep11_card_info *info, int verify)
602 {
603 int rc;
604 struct ep11_module_query_info {
605 u32 API_ord_nr;
606 u32 firmware_id;
607 u8 FW_major_vers;
608 u8 FW_minor_vers;
609 u8 CSP_major_vers;
610 u8 CSP_minor_vers;
611 u8 fwid[32];
612 u8 xcp_config_hash[32];
613 u8 CSP_config_hash[32];
614 u8 serial[16];
615 u8 module_date_time[16];
616 u64 op_mode;
617 u32 PKCS11_flags;
618 u32 ext_flags;
619 u32 domains;
620 u32 sym_state_bytes;
621 u32 digest_state_bytes;
622 u32 pin_blob_bytes;
623 u32 SPKI_bytes;
624 u32 priv_key_blob_bytes;
625 u32 sym_blob_bytes;
626 u32 max_payload_bytes;
627 u32 CP_profile_bytes;
628 u32 max_CP_index;
629 } __packed * pmqi = NULL;
630
631 rc = card_cache_fetch(card, info);
632 if (rc || verify) {
633 pmqi = kmalloc(sizeof(*pmqi), GFP_KERNEL);
634 if (!pmqi)
635 return -ENOMEM;
636 rc = ep11_query_info(card, AUTOSEL_DOM,
637 0x01 /* module info query */,
638 sizeof(*pmqi), (u8 *)pmqi);
639 if (rc) {
640 if (rc == -ENODEV)
641 card_cache_scrub(card);
642 goto out;
643 }
644 memset(info, 0, sizeof(*info));
645 info->API_ord_nr = pmqi->API_ord_nr;
646 info->FW_version =
647 (pmqi->FW_major_vers << 8) + pmqi->FW_minor_vers;
648 memcpy(info->serial, pmqi->serial, sizeof(info->serial));
649 info->op_mode = pmqi->op_mode;
650 card_cache_update(card, info);
651 }
652
653 out:
654 kfree(pmqi);
655 return rc;
656 }
657 EXPORT_SYMBOL(ep11_get_card_info);
658
659 /*
660 * Provide information about a domain within an EP11 card.
661 */
ep11_get_domain_info(u16 card,u16 domain,struct ep11_domain_info * info)662 int ep11_get_domain_info(u16 card, u16 domain, struct ep11_domain_info *info)
663 {
664 int rc;
665 struct ep11_domain_query_info {
666 u32 dom_index;
667 u8 cur_WK_VP[32];
668 u8 new_WK_VP[32];
669 u32 dom_flags;
670 u64 op_mode;
671 } __packed * p_dom_info;
672
673 p_dom_info = kmalloc(sizeof(*p_dom_info), GFP_KERNEL);
674 if (!p_dom_info)
675 return -ENOMEM;
676
677 rc = ep11_query_info(card, domain, 0x03 /* domain info query */,
678 sizeof(*p_dom_info), (u8 *)p_dom_info);
679 if (rc)
680 goto out;
681
682 memset(info, 0, sizeof(*info));
683 info->cur_wk_state = '0';
684 info->new_wk_state = '0';
685 if (p_dom_info->dom_flags & 0x10 /* left imprint mode */) {
686 if (p_dom_info->dom_flags & 0x02 /* cur wk valid */) {
687 info->cur_wk_state = '1';
688 memcpy(info->cur_wkvp, p_dom_info->cur_WK_VP, 32);
689 }
690 if (p_dom_info->dom_flags & 0x04 || /* new wk present */
691 p_dom_info->dom_flags & 0x08 /* new wk committed */) {
692 info->new_wk_state =
693 p_dom_info->dom_flags & 0x08 ? '2' : '1';
694 memcpy(info->new_wkvp, p_dom_info->new_WK_VP, 32);
695 }
696 }
697 info->op_mode = p_dom_info->op_mode;
698
699 out:
700 kfree(p_dom_info);
701 return rc;
702 }
703 EXPORT_SYMBOL(ep11_get_domain_info);
704
705 /*
706 * Default EP11 AES key generate attributes, used when no keygenflags given:
707 * XCP_BLOB_ENCRYPT | XCP_BLOB_DECRYPT | XCP_BLOB_PROTKEY_EXTRACTABLE
708 */
709 #define KEY_ATTR_DEFAULTS 0x00200c00
710
_ep11_genaeskey(u16 card,u16 domain,u32 keybitsize,u32 keygenflags,u8 * keybuf,size_t * keybufsize)711 static int _ep11_genaeskey(u16 card, u16 domain,
712 u32 keybitsize, u32 keygenflags,
713 u8 *keybuf, size_t *keybufsize)
714 {
715 struct keygen_req_pl {
716 struct pl_head head;
717 u8 var_tag;
718 u8 var_len;
719 u32 var;
720 u8 keybytes_tag;
721 u8 keybytes_len;
722 u32 keybytes;
723 u8 mech_tag;
724 u8 mech_len;
725 u32 mech;
726 u8 attr_tag;
727 u8 attr_len;
728 u32 attr_header;
729 u32 attr_bool_mask;
730 u32 attr_bool_bits;
731 u32 attr_val_len_type;
732 u32 attr_val_len_value;
733 u8 pin_tag;
734 u8 pin_len;
735 } __packed * req_pl;
736 struct keygen_rep_pl {
737 struct pl_head head;
738 u8 rc_tag;
739 u8 rc_len;
740 u32 rc;
741 u8 data_tag;
742 u8 data_lenfmt;
743 u16 data_len;
744 u8 data[512];
745 } __packed * rep_pl;
746 struct ep11_cprb *req = NULL, *rep = NULL;
747 struct ep11_target_dev target;
748 struct ep11_urb *urb = NULL;
749 int api, rc = -ENOMEM;
750
751 switch (keybitsize) {
752 case 128:
753 case 192:
754 case 256:
755 break;
756 default:
757 DEBUG_ERR(
758 "%s unknown/unsupported keybitsize %d\n",
759 __func__, keybitsize);
760 rc = -EINVAL;
761 goto out;
762 }
763
764 /* request cprb and payload */
765 req = alloc_cprb(sizeof(struct keygen_req_pl));
766 if (!req)
767 goto out;
768 req_pl = (struct keygen_req_pl *)(((u8 *)req) + sizeof(*req));
769 api = (!keygenflags || keygenflags & 0x00200000) ? 4 : 1;
770 prep_head(&req_pl->head, sizeof(*req_pl), api, 21); /* GenerateKey */
771 req_pl->var_tag = 0x04;
772 req_pl->var_len = sizeof(u32);
773 req_pl->keybytes_tag = 0x04;
774 req_pl->keybytes_len = sizeof(u32);
775 req_pl->keybytes = keybitsize / 8;
776 req_pl->mech_tag = 0x04;
777 req_pl->mech_len = sizeof(u32);
778 req_pl->mech = 0x00001080; /* CKM_AES_KEY_GEN */
779 req_pl->attr_tag = 0x04;
780 req_pl->attr_len = 5 * sizeof(u32);
781 req_pl->attr_header = 0x10010000;
782 req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
783 req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
784 req_pl->attr_val_len_type = 0x00000161; /* CKA_VALUE_LEN */
785 req_pl->attr_val_len_value = keybitsize / 8;
786 req_pl->pin_tag = 0x04;
787
788 /* reply cprb and payload */
789 rep = alloc_cprb(sizeof(struct keygen_rep_pl));
790 if (!rep)
791 goto out;
792 rep_pl = (struct keygen_rep_pl *)(((u8 *)rep) + sizeof(*rep));
793
794 /* urb and target */
795 urb = kmalloc(sizeof(*urb), GFP_KERNEL);
796 if (!urb)
797 goto out;
798 target.ap_id = card;
799 target.dom_id = domain;
800 prep_urb(urb, &target, 1,
801 req, sizeof(*req) + sizeof(*req_pl),
802 rep, sizeof(*rep) + sizeof(*rep_pl));
803
804 rc = zcrypt_send_ep11_cprb(urb);
805 if (rc) {
806 DEBUG_ERR(
807 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
808 __func__, (int)card, (int)domain, rc);
809 goto out;
810 }
811
812 rc = check_reply_pl((u8 *)rep_pl, __func__);
813 if (rc)
814 goto out;
815 if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
816 DEBUG_ERR("%s unknown reply data format\n", __func__);
817 rc = -EIO;
818 goto out;
819 }
820 if (rep_pl->data_len > *keybufsize) {
821 DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
822 __func__);
823 rc = -ENOSPC;
824 goto out;
825 }
826
827 /* copy key blob */
828 memcpy(keybuf, rep_pl->data, rep_pl->data_len);
829 *keybufsize = rep_pl->data_len;
830
831 out:
832 kfree(req);
833 kfree(rep);
834 kfree(urb);
835 return rc;
836 }
837
ep11_genaeskey(u16 card,u16 domain,u32 keybitsize,u32 keygenflags,u8 * keybuf,size_t * keybufsize,u32 keybufver)838 int ep11_genaeskey(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
839 u8 *keybuf, size_t *keybufsize, u32 keybufver)
840 {
841 struct ep11kblob_header *hdr;
842 size_t hdr_size, pl_size;
843 u8 *pl;
844 int rc;
845
846 switch (keybufver) {
847 case TOKVER_EP11_AES:
848 case TOKVER_EP11_AES_WITH_HEADER:
849 break;
850 default:
851 return -EINVAL;
852 }
853
854 rc = ep11_kb_split(keybuf, *keybufsize, keybufver,
855 &hdr, &hdr_size, &pl, &pl_size);
856 if (rc)
857 return rc;
858
859 rc = _ep11_genaeskey(card, domain, keybitsize, keygenflags,
860 pl, &pl_size);
861 if (rc)
862 return rc;
863
864 *keybufsize = hdr_size + pl_size;
865
866 /* update header information */
867 hdr->type = TOKTYPE_NON_CCA;
868 hdr->len = *keybufsize;
869 hdr->version = keybufver;
870 hdr->bitlen = keybitsize;
871
872 return 0;
873 }
874 EXPORT_SYMBOL(ep11_genaeskey);
875
ep11_cryptsingle(u16 card,u16 domain,u16 mode,u32 mech,const u8 * iv,const u8 * key,size_t keysize,const u8 * inbuf,size_t inbufsize,u8 * outbuf,size_t * outbufsize)876 static int ep11_cryptsingle(u16 card, u16 domain,
877 u16 mode, u32 mech, const u8 *iv,
878 const u8 *key, size_t keysize,
879 const u8 *inbuf, size_t inbufsize,
880 u8 *outbuf, size_t *outbufsize)
881 {
882 struct crypt_req_pl {
883 struct pl_head head;
884 u8 var_tag;
885 u8 var_len;
886 u32 var;
887 u8 mech_tag;
888 u8 mech_len;
889 u32 mech;
890 /*
891 * maybe followed by iv data
892 * followed by key tag + key blob
893 * followed by plaintext tag + plaintext
894 */
895 } __packed * req_pl;
896 struct crypt_rep_pl {
897 struct pl_head head;
898 u8 rc_tag;
899 u8 rc_len;
900 u32 rc;
901 u8 data_tag;
902 u8 data_lenfmt;
903 /* data follows */
904 } __packed * rep_pl;
905 struct ep11_cprb *req = NULL, *rep = NULL;
906 struct ep11_target_dev target;
907 struct ep11_urb *urb = NULL;
908 size_t req_pl_size, rep_pl_size;
909 int n, api = 1, rc = -ENOMEM;
910 u8 *p;
911
912 /* the simple asn1 coding used has length limits */
913 if (keysize > 0xFFFF || inbufsize > 0xFFFF)
914 return -EINVAL;
915
916 /* request cprb and payload */
917 req_pl_size = sizeof(struct crypt_req_pl) + (iv ? 16 : 0)
918 + ASN1TAGLEN(keysize) + ASN1TAGLEN(inbufsize);
919 req = alloc_cprb(req_pl_size);
920 if (!req)
921 goto out;
922 req_pl = (struct crypt_req_pl *)(((u8 *)req) + sizeof(*req));
923 prep_head(&req_pl->head, req_pl_size, api, (mode ? 20 : 19));
924 req_pl->var_tag = 0x04;
925 req_pl->var_len = sizeof(u32);
926 /* mech is mech + mech params (iv here) */
927 req_pl->mech_tag = 0x04;
928 req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
929 req_pl->mech = (mech ? mech : 0x00001085); /* CKM_AES_CBC_PAD */
930 p = ((u8 *)req_pl) + sizeof(*req_pl);
931 if (iv) {
932 memcpy(p, iv, 16);
933 p += 16;
934 }
935 /* key and input data */
936 p += asn1tag_write(p, 0x04, key, keysize);
937 p += asn1tag_write(p, 0x04, inbuf, inbufsize);
938
939 /* reply cprb and payload, assume out data size <= in data size + 32 */
940 rep_pl_size = sizeof(struct crypt_rep_pl) + ASN1TAGLEN(inbufsize + 32);
941 rep = alloc_cprb(rep_pl_size);
942 if (!rep)
943 goto out;
944 rep_pl = (struct crypt_rep_pl *)(((u8 *)rep) + sizeof(*rep));
945
946 /* urb and target */
947 urb = kmalloc(sizeof(*urb), GFP_KERNEL);
948 if (!urb)
949 goto out;
950 target.ap_id = card;
951 target.dom_id = domain;
952 prep_urb(urb, &target, 1,
953 req, sizeof(*req) + req_pl_size,
954 rep, sizeof(*rep) + rep_pl_size);
955
956 rc = zcrypt_send_ep11_cprb(urb);
957 if (rc) {
958 DEBUG_ERR(
959 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
960 __func__, (int)card, (int)domain, rc);
961 goto out;
962 }
963
964 rc = check_reply_pl((u8 *)rep_pl, __func__);
965 if (rc)
966 goto out;
967 if (rep_pl->data_tag != 0x04) {
968 DEBUG_ERR("%s unknown reply data format\n", __func__);
969 rc = -EIO;
970 goto out;
971 }
972 p = ((u8 *)rep_pl) + sizeof(*rep_pl);
973 if (rep_pl->data_lenfmt <= 127) {
974 n = rep_pl->data_lenfmt;
975 } else if (rep_pl->data_lenfmt == 0x81) {
976 n = *p++;
977 } else if (rep_pl->data_lenfmt == 0x82) {
978 n = *((u16 *)p);
979 p += 2;
980 } else {
981 DEBUG_ERR("%s unknown reply data length format 0x%02hhx\n",
982 __func__, rep_pl->data_lenfmt);
983 rc = -EIO;
984 goto out;
985 }
986 if (n > *outbufsize) {
987 DEBUG_ERR("%s mismatch reply data len %d / output buffer %zu\n",
988 __func__, n, *outbufsize);
989 rc = -ENOSPC;
990 goto out;
991 }
992
993 memcpy(outbuf, p, n);
994 *outbufsize = n;
995
996 out:
997 kfree(req);
998 kfree(rep);
999 kfree(urb);
1000 return rc;
1001 }
1002
_ep11_unwrapkey(u16 card,u16 domain,const u8 * kek,size_t keksize,const u8 * enckey,size_t enckeysize,u32 mech,const u8 * iv,u32 keybitsize,u32 keygenflags,u8 * keybuf,size_t * keybufsize)1003 static int _ep11_unwrapkey(u16 card, u16 domain,
1004 const u8 *kek, size_t keksize,
1005 const u8 *enckey, size_t enckeysize,
1006 u32 mech, const u8 *iv,
1007 u32 keybitsize, u32 keygenflags,
1008 u8 *keybuf, size_t *keybufsize)
1009 {
1010 struct uw_req_pl {
1011 struct pl_head head;
1012 u8 attr_tag;
1013 u8 attr_len;
1014 u32 attr_header;
1015 u32 attr_bool_mask;
1016 u32 attr_bool_bits;
1017 u32 attr_key_type;
1018 u32 attr_key_type_value;
1019 u32 attr_val_len;
1020 u32 attr_val_len_value;
1021 u8 mech_tag;
1022 u8 mech_len;
1023 u32 mech;
1024 /*
1025 * maybe followed by iv data
1026 * followed by kek tag + kek blob
1027 * followed by empty mac tag
1028 * followed by empty pin tag
1029 * followed by encryted key tag + bytes
1030 */
1031 } __packed * req_pl;
1032 struct uw_rep_pl {
1033 struct pl_head head;
1034 u8 rc_tag;
1035 u8 rc_len;
1036 u32 rc;
1037 u8 data_tag;
1038 u8 data_lenfmt;
1039 u16 data_len;
1040 u8 data[512];
1041 } __packed * rep_pl;
1042 struct ep11_cprb *req = NULL, *rep = NULL;
1043 struct ep11_target_dev target;
1044 struct ep11_urb *urb = NULL;
1045 size_t req_pl_size;
1046 int api, rc = -ENOMEM;
1047 u8 *p;
1048
1049 /* request cprb and payload */
1050 req_pl_size = sizeof(struct uw_req_pl) + (iv ? 16 : 0)
1051 + ASN1TAGLEN(keksize) + 4 + ASN1TAGLEN(enckeysize);
1052 req = alloc_cprb(req_pl_size);
1053 if (!req)
1054 goto out;
1055 req_pl = (struct uw_req_pl *)(((u8 *)req) + sizeof(*req));
1056 api = (!keygenflags || keygenflags & 0x00200000) ? 4 : 1;
1057 prep_head(&req_pl->head, req_pl_size, api, 34); /* UnwrapKey */
1058 req_pl->attr_tag = 0x04;
1059 req_pl->attr_len = 7 * sizeof(u32);
1060 req_pl->attr_header = 0x10020000;
1061 req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
1062 req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
1063 req_pl->attr_key_type = 0x00000100; /* CKA_KEY_TYPE */
1064 req_pl->attr_key_type_value = 0x0000001f; /* CKK_AES */
1065 req_pl->attr_val_len = 0x00000161; /* CKA_VALUE_LEN */
1066 req_pl->attr_val_len_value = keybitsize / 8;
1067 /* mech is mech + mech params (iv here) */
1068 req_pl->mech_tag = 0x04;
1069 req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
1070 req_pl->mech = (mech ? mech : 0x00001085); /* CKM_AES_CBC_PAD */
1071 p = ((u8 *)req_pl) + sizeof(*req_pl);
1072 if (iv) {
1073 memcpy(p, iv, 16);
1074 p += 16;
1075 }
1076 /* kek */
1077 p += asn1tag_write(p, 0x04, kek, keksize);
1078 /* empty mac key tag */
1079 *p++ = 0x04;
1080 *p++ = 0;
1081 /* empty pin tag */
1082 *p++ = 0x04;
1083 *p++ = 0;
1084 /* encrypted key value tag and bytes */
1085 p += asn1tag_write(p, 0x04, enckey, enckeysize);
1086
1087 /* reply cprb and payload */
1088 rep = alloc_cprb(sizeof(struct uw_rep_pl));
1089 if (!rep)
1090 goto out;
1091 rep_pl = (struct uw_rep_pl *)(((u8 *)rep) + sizeof(*rep));
1092
1093 /* urb and target */
1094 urb = kmalloc(sizeof(*urb), GFP_KERNEL);
1095 if (!urb)
1096 goto out;
1097 target.ap_id = card;
1098 target.dom_id = domain;
1099 prep_urb(urb, &target, 1,
1100 req, sizeof(*req) + req_pl_size,
1101 rep, sizeof(*rep) + sizeof(*rep_pl));
1102
1103 rc = zcrypt_send_ep11_cprb(urb);
1104 if (rc) {
1105 DEBUG_ERR(
1106 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
1107 __func__, (int)card, (int)domain, rc);
1108 goto out;
1109 }
1110
1111 rc = check_reply_pl((u8 *)rep_pl, __func__);
1112 if (rc)
1113 goto out;
1114 if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
1115 DEBUG_ERR("%s unknown reply data format\n", __func__);
1116 rc = -EIO;
1117 goto out;
1118 }
1119 if (rep_pl->data_len > *keybufsize) {
1120 DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
1121 __func__);
1122 rc = -ENOSPC;
1123 goto out;
1124 }
1125
1126 /* copy key blob */
1127 memcpy(keybuf, rep_pl->data, rep_pl->data_len);
1128 *keybufsize = rep_pl->data_len;
1129
1130 out:
1131 kfree(req);
1132 kfree(rep);
1133 kfree(urb);
1134 return rc;
1135 }
1136
ep11_unwrapkey(u16 card,u16 domain,const u8 * kek,size_t keksize,const u8 * enckey,size_t enckeysize,u32 mech,const u8 * iv,u32 keybitsize,u32 keygenflags,u8 * keybuf,size_t * keybufsize,u8 keybufver)1137 static int ep11_unwrapkey(u16 card, u16 domain,
1138 const u8 *kek, size_t keksize,
1139 const u8 *enckey, size_t enckeysize,
1140 u32 mech, const u8 *iv,
1141 u32 keybitsize, u32 keygenflags,
1142 u8 *keybuf, size_t *keybufsize,
1143 u8 keybufver)
1144 {
1145 struct ep11kblob_header *hdr;
1146 size_t hdr_size, pl_size;
1147 u8 *pl;
1148 int rc;
1149
1150 rc = ep11_kb_split(keybuf, *keybufsize, keybufver,
1151 &hdr, &hdr_size, &pl, &pl_size);
1152 if (rc)
1153 return rc;
1154
1155 rc = _ep11_unwrapkey(card, domain, kek, keksize, enckey, enckeysize,
1156 mech, iv, keybitsize, keygenflags,
1157 pl, &pl_size);
1158 if (rc)
1159 return rc;
1160
1161 *keybufsize = hdr_size + pl_size;
1162
1163 /* update header information */
1164 hdr = (struct ep11kblob_header *)keybuf;
1165 hdr->type = TOKTYPE_NON_CCA;
1166 hdr->len = *keybufsize;
1167 hdr->version = keybufver;
1168 hdr->bitlen = keybitsize;
1169
1170 return 0;
1171 }
1172
ep11_wrapkey(u16 card,u16 domain,const u8 * key,size_t keysize,u32 mech,const u8 * iv,u8 * databuf,size_t * datasize)1173 static int ep11_wrapkey(u16 card, u16 domain,
1174 const u8 *key, size_t keysize,
1175 u32 mech, const u8 *iv,
1176 u8 *databuf, size_t *datasize)
1177 {
1178 struct wk_req_pl {
1179 struct pl_head head;
1180 u8 var_tag;
1181 u8 var_len;
1182 u32 var;
1183 u8 mech_tag;
1184 u8 mech_len;
1185 u32 mech;
1186 /*
1187 * followed by iv data
1188 * followed by key tag + key blob
1189 * followed by dummy kek param
1190 * followed by dummy mac param
1191 */
1192 } __packed * req_pl;
1193 struct wk_rep_pl {
1194 struct pl_head head;
1195 u8 rc_tag;
1196 u8 rc_len;
1197 u32 rc;
1198 u8 data_tag;
1199 u8 data_lenfmt;
1200 u16 data_len;
1201 u8 data[1024];
1202 } __packed * rep_pl;
1203 struct ep11_cprb *req = NULL, *rep = NULL;
1204 struct ep11_target_dev target;
1205 struct ep11_urb *urb = NULL;
1206 struct ep11keyblob *kb;
1207 size_t req_pl_size;
1208 int api, rc = -ENOMEM;
1209 bool has_header = false;
1210 u8 *p;
1211
1212 /* maybe the session field holds a header with key info */
1213 kb = (struct ep11keyblob *)key;
1214 if (kb->head.type == TOKTYPE_NON_CCA &&
1215 kb->head.version == TOKVER_EP11_AES) {
1216 has_header = true;
1217 keysize = min_t(size_t, kb->head.len, keysize);
1218 }
1219
1220 /* request cprb and payload */
1221 req_pl_size = sizeof(struct wk_req_pl) + (iv ? 16 : 0)
1222 + ASN1TAGLEN(keysize) + 4;
1223 req = alloc_cprb(req_pl_size);
1224 if (!req)
1225 goto out;
1226 if (!mech || mech == 0x80060001)
1227 req->flags |= 0x20; /* CPACF_WRAP needs special bit */
1228 req_pl = (struct wk_req_pl *)(((u8 *)req) + sizeof(*req));
1229 api = (!mech || mech == 0x80060001) ? 4 : 1; /* CKM_IBM_CPACF_WRAP */
1230 prep_head(&req_pl->head, req_pl_size, api, 33); /* WrapKey */
1231 req_pl->var_tag = 0x04;
1232 req_pl->var_len = sizeof(u32);
1233 /* mech is mech + mech params (iv here) */
1234 req_pl->mech_tag = 0x04;
1235 req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
1236 req_pl->mech = (mech ? mech : 0x80060001); /* CKM_IBM_CPACF_WRAP */
1237 p = ((u8 *)req_pl) + sizeof(*req_pl);
1238 if (iv) {
1239 memcpy(p, iv, 16);
1240 p += 16;
1241 }
1242 /* key blob */
1243 p += asn1tag_write(p, 0x04, key, keysize);
1244 /* maybe the key argument needs the head data cleaned out */
1245 if (has_header) {
1246 kb = (struct ep11keyblob *)(p - keysize);
1247 memset(&kb->head, 0, sizeof(kb->head));
1248 }
1249 /* empty kek tag */
1250 *p++ = 0x04;
1251 *p++ = 0;
1252 /* empty mac tag */
1253 *p++ = 0x04;
1254 *p++ = 0;
1255
1256 /* reply cprb and payload */
1257 rep = alloc_cprb(sizeof(struct wk_rep_pl));
1258 if (!rep)
1259 goto out;
1260 rep_pl = (struct wk_rep_pl *)(((u8 *)rep) + sizeof(*rep));
1261
1262 /* urb and target */
1263 urb = kmalloc(sizeof(*urb), GFP_KERNEL);
1264 if (!urb)
1265 goto out;
1266 target.ap_id = card;
1267 target.dom_id = domain;
1268 prep_urb(urb, &target, 1,
1269 req, sizeof(*req) + req_pl_size,
1270 rep, sizeof(*rep) + sizeof(*rep_pl));
1271
1272 rc = zcrypt_send_ep11_cprb(urb);
1273 if (rc) {
1274 DEBUG_ERR(
1275 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
1276 __func__, (int)card, (int)domain, rc);
1277 goto out;
1278 }
1279
1280 rc = check_reply_pl((u8 *)rep_pl, __func__);
1281 if (rc)
1282 goto out;
1283 if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
1284 DEBUG_ERR("%s unknown reply data format\n", __func__);
1285 rc = -EIO;
1286 goto out;
1287 }
1288 if (rep_pl->data_len > *datasize) {
1289 DEBUG_ERR("%s mismatch reply data len / data buffer len\n",
1290 __func__);
1291 rc = -ENOSPC;
1292 goto out;
1293 }
1294
1295 /* copy the data from the cprb to the data buffer */
1296 memcpy(databuf, rep_pl->data, rep_pl->data_len);
1297 *datasize = rep_pl->data_len;
1298
1299 out:
1300 kfree(req);
1301 kfree(rep);
1302 kfree(urb);
1303 return rc;
1304 }
1305
ep11_clr2keyblob(u16 card,u16 domain,u32 keybitsize,u32 keygenflags,const u8 * clrkey,u8 * keybuf,size_t * keybufsize,u32 keytype)1306 int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
1307 const u8 *clrkey, u8 *keybuf, size_t *keybufsize,
1308 u32 keytype)
1309 {
1310 int rc;
1311 u8 encbuf[64], *kek = NULL;
1312 size_t clrkeylen, keklen, encbuflen = sizeof(encbuf);
1313
1314 if (keybitsize == 128 || keybitsize == 192 || keybitsize == 256) {
1315 clrkeylen = keybitsize / 8;
1316 } else {
1317 DEBUG_ERR(
1318 "%s unknown/unsupported keybitsize %d\n",
1319 __func__, keybitsize);
1320 return -EINVAL;
1321 }
1322
1323 /* allocate memory for the temp kek */
1324 keklen = MAXEP11AESKEYBLOBSIZE;
1325 kek = kmalloc(keklen, GFP_ATOMIC);
1326 if (!kek) {
1327 rc = -ENOMEM;
1328 goto out;
1329 }
1330
1331 /* Step 1: generate AES 256 bit random kek key */
1332 rc = _ep11_genaeskey(card, domain, 256,
1333 0x00006c00, /* EN/DECRYPT, WRAP/UNWRAP */
1334 kek, &keklen);
1335 if (rc) {
1336 DEBUG_ERR(
1337 "%s generate kek key failed, rc=%d\n",
1338 __func__, rc);
1339 goto out;
1340 }
1341
1342 /* Step 2: encrypt clear key value with the kek key */
1343 rc = ep11_cryptsingle(card, domain, 0, 0, def_iv, kek, keklen,
1344 clrkey, clrkeylen, encbuf, &encbuflen);
1345 if (rc) {
1346 DEBUG_ERR(
1347 "%s encrypting key value with kek key failed, rc=%d\n",
1348 __func__, rc);
1349 goto out;
1350 }
1351
1352 /* Step 3: import the encrypted key value as a new key */
1353 rc = ep11_unwrapkey(card, domain, kek, keklen,
1354 encbuf, encbuflen, 0, def_iv,
1355 keybitsize, 0, keybuf, keybufsize, keytype);
1356 if (rc) {
1357 DEBUG_ERR(
1358 "%s importing key value as new key failed,, rc=%d\n",
1359 __func__, rc);
1360 goto out;
1361 }
1362
1363 out:
1364 kfree(kek);
1365 return rc;
1366 }
1367 EXPORT_SYMBOL(ep11_clr2keyblob);
1368
ep11_kblob2protkey(u16 card,u16 dom,const u8 * keyblob,size_t keybloblen,u8 * protkey,u32 * protkeylen,u32 * protkeytype)1369 int ep11_kblob2protkey(u16 card, u16 dom, const u8 *keyblob, size_t keybloblen,
1370 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
1371 {
1372 int rc = -EIO;
1373 u8 *wkbuf = NULL;
1374 size_t wkbuflen, keylen;
1375 struct wk_info {
1376 u16 version;
1377 u8 res1[16];
1378 u32 pkeytype;
1379 u32 pkeybitsize;
1380 u64 pkeysize;
1381 u8 res2[8];
1382 u8 pkey[0];
1383 } __packed * wki;
1384 const u8 *key;
1385 struct ep11kblob_header *hdr;
1386
1387 /* key with or without header ? */
1388 hdr = (struct ep11kblob_header *)keyblob;
1389 if (hdr->type == TOKTYPE_NON_CCA &&
1390 (hdr->version == TOKVER_EP11_AES_WITH_HEADER ||
1391 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) &&
1392 is_ep11_keyblob(keyblob + sizeof(struct ep11kblob_header))) {
1393 /* EP11 AES or ECC key with header */
1394 key = keyblob + sizeof(struct ep11kblob_header);
1395 keylen = hdr->len - sizeof(struct ep11kblob_header);
1396 } else if (hdr->type == TOKTYPE_NON_CCA &&
1397 hdr->version == TOKVER_EP11_AES &&
1398 is_ep11_keyblob(keyblob)) {
1399 /* EP11 AES key (old style) */
1400 key = keyblob;
1401 keylen = hdr->len;
1402 } else if (is_ep11_keyblob(keyblob)) {
1403 /* raw EP11 key blob */
1404 key = keyblob;
1405 keylen = keybloblen;
1406 } else {
1407 return -EINVAL;
1408 }
1409
1410 /* alloc temp working buffer */
1411 wkbuflen = (keylen + AES_BLOCK_SIZE) & (~(AES_BLOCK_SIZE - 1));
1412 wkbuf = kmalloc(wkbuflen, GFP_ATOMIC);
1413 if (!wkbuf)
1414 return -ENOMEM;
1415
1416 /* ep11 secure key -> protected key + info */
1417 rc = ep11_wrapkey(card, dom, key, keylen,
1418 0, def_iv, wkbuf, &wkbuflen);
1419 if (rc) {
1420 DEBUG_ERR(
1421 "%s rewrapping ep11 key to pkey failed, rc=%d\n",
1422 __func__, rc);
1423 goto out;
1424 }
1425 wki = (struct wk_info *)wkbuf;
1426
1427 /* check struct version and pkey type */
1428 if (wki->version != 1 || wki->pkeytype < 1 || wki->pkeytype > 5) {
1429 DEBUG_ERR("%s wk info version %d or pkeytype %d mismatch.\n",
1430 __func__, (int)wki->version, (int)wki->pkeytype);
1431 rc = -EIO;
1432 goto out;
1433 }
1434
1435 /* check protected key type field */
1436 switch (wki->pkeytype) {
1437 case 1: /* AES */
1438 switch (wki->pkeysize) {
1439 case 16 + 32:
1440 /* AES 128 protected key */
1441 if (protkeytype)
1442 *protkeytype = PKEY_KEYTYPE_AES_128;
1443 break;
1444 case 24 + 32:
1445 /* AES 192 protected key */
1446 if (protkeytype)
1447 *protkeytype = PKEY_KEYTYPE_AES_192;
1448 break;
1449 case 32 + 32:
1450 /* AES 256 protected key */
1451 if (protkeytype)
1452 *protkeytype = PKEY_KEYTYPE_AES_256;
1453 break;
1454 default:
1455 DEBUG_ERR("%s unknown/unsupported AES pkeysize %d\n",
1456 __func__, (int)wki->pkeysize);
1457 rc = -EIO;
1458 goto out;
1459 }
1460 break;
1461 case 3: /* EC-P */
1462 case 4: /* EC-ED */
1463 case 5: /* EC-BP */
1464 if (protkeytype)
1465 *protkeytype = PKEY_KEYTYPE_ECC;
1466 break;
1467 case 2: /* TDES */
1468 default:
1469 DEBUG_ERR("%s unknown/unsupported key type %d\n",
1470 __func__, (int)wki->pkeytype);
1471 rc = -EIO;
1472 goto out;
1473 }
1474
1475 /* copy the tanslated protected key */
1476 if (wki->pkeysize > *protkeylen) {
1477 DEBUG_ERR("%s wk info pkeysize %llu > protkeysize %u\n",
1478 __func__, wki->pkeysize, *protkeylen);
1479 rc = -EINVAL;
1480 goto out;
1481 }
1482 memcpy(protkey, wki->pkey, wki->pkeysize);
1483 *protkeylen = wki->pkeysize;
1484
1485 out:
1486 kfree(wkbuf);
1487 return rc;
1488 }
1489 EXPORT_SYMBOL(ep11_kblob2protkey);
1490
ep11_findcard2(u32 ** apqns,u32 * nr_apqns,u16 cardnr,u16 domain,int minhwtype,int minapi,const u8 * wkvp)1491 int ep11_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
1492 int minhwtype, int minapi, const u8 *wkvp)
1493 {
1494 struct zcrypt_device_status_ext *device_status;
1495 u32 *_apqns = NULL, _nr_apqns = 0;
1496 int i, card, dom, rc = -ENOMEM;
1497 struct ep11_domain_info edi;
1498 struct ep11_card_info eci;
1499
1500 /* fetch status of all crypto cards */
1501 device_status = kvmalloc_array(MAX_ZDEV_ENTRIES_EXT,
1502 sizeof(struct zcrypt_device_status_ext),
1503 GFP_KERNEL);
1504 if (!device_status)
1505 return -ENOMEM;
1506 zcrypt_device_status_mask_ext(device_status);
1507
1508 /* allocate 1k space for up to 256 apqns */
1509 _apqns = kmalloc_array(256, sizeof(u32), GFP_KERNEL);
1510 if (!_apqns) {
1511 kvfree(device_status);
1512 return -ENOMEM;
1513 }
1514
1515 /* walk through all the crypto apqnss */
1516 for (i = 0; i < MAX_ZDEV_ENTRIES_EXT; i++) {
1517 card = AP_QID_CARD(device_status[i].qid);
1518 dom = AP_QID_QUEUE(device_status[i].qid);
1519 /* check online state */
1520 if (!device_status[i].online)
1521 continue;
1522 /* check for ep11 functions */
1523 if (!(device_status[i].functions & 0x01))
1524 continue;
1525 /* check cardnr */
1526 if (cardnr != 0xFFFF && card != cardnr)
1527 continue;
1528 /* check domain */
1529 if (domain != 0xFFFF && dom != domain)
1530 continue;
1531 /* check min hardware type */
1532 if (minhwtype && device_status[i].hwtype < minhwtype)
1533 continue;
1534 /* check min api version if given */
1535 if (minapi > 0) {
1536 if (ep11_get_card_info(card, &eci, 0))
1537 continue;
1538 if (minapi > eci.API_ord_nr)
1539 continue;
1540 }
1541 /* check wkvp if given */
1542 if (wkvp) {
1543 if (ep11_get_domain_info(card, dom, &edi))
1544 continue;
1545 if (edi.cur_wk_state != '1')
1546 continue;
1547 if (memcmp(wkvp, edi.cur_wkvp, 16))
1548 continue;
1549 }
1550 /* apqn passed all filtering criterons, add to the array */
1551 if (_nr_apqns < 256)
1552 _apqns[_nr_apqns++] = (((u16)card) << 16) | ((u16)dom);
1553 }
1554
1555 /* nothing found ? */
1556 if (!_nr_apqns) {
1557 kfree(_apqns);
1558 rc = -ENODEV;
1559 } else {
1560 /* no re-allocation, simple return the _apqns array */
1561 *apqns = _apqns;
1562 *nr_apqns = _nr_apqns;
1563 rc = 0;
1564 }
1565
1566 kvfree(device_status);
1567 return rc;
1568 }
1569 EXPORT_SYMBOL(ep11_findcard2);
1570
zcrypt_ep11misc_exit(void)1571 void __exit zcrypt_ep11misc_exit(void)
1572 {
1573 card_cache_free();
1574 }
1575