Startsida Utforska Hjälp
Logga in
GfA
/
linux_kernel
5
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: c0e681f5b0
Grenar Taggar
linux_kernel
/
drivers
/
s390
/
crypto
/
pkey_api.c

pkey_api.c 28 KB
Historik

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148 
  1. /*
    2. 

  2.  *  pkey device driver
    3. 

  3.  *
    4. 

  4.  *  Copyright IBM Corp. 2017
    5. 

  5.  *  Author(s): Harald Freudenberger
    6. 

  6.  *
    7. 

  7.  * This program is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License (version 2 only)
    9. 

  9.  * as published by the Free Software Foundation.
    10. 

  10.  *
    11. 

  11.  */
    12. 

  12. 

  13. #define KMSG_COMPONENT "pkey"
    14. 

  14. #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
    15. 

  15. 

  16. #include <linux/fs.h>
    17. 

  17. #include <linux/init.h>
    18. 

  18. #include <linux/miscdevice.h>
    19. 

  19. #include <linux/module.h>
    20. 

  20. #include <linux/slab.h>
    21. 

  21. #include <linux/kallsyms.h>
    22. 

  22. #include <linux/debugfs.h>
    23. 

  23. #include <asm/zcrypt.h>
    24. 

  24. #include <asm/cpacf.h>
    25. 

  25. #include <asm/pkey.h>
    26. 

  26. 

  27. #include "zcrypt_api.h"
    28. 

  28. 

  29. MODULE_LICENSE("GPL");
    30. 

  30. MODULE_AUTHOR("IBM Corporation");
    31. 

  31. MODULE_DESCRIPTION("s390 protected key interface");
    32. 

  32. 

  33. /* Size of parameter block used for all cca requests/replies */
    34. 

  34. #define PARMBSIZE 512
    35. 

  35. 

  36. /* Size of vardata block used for some of the cca requests/replies */
    37. 

  37. #define VARDATASIZE 4096
    38. 

  38. 

  39. /*
    40. 

  40.  * debug feature data and functions
    41. 

  41.  */
    42. 

  42. 

  43. static debug_info_t *debug_info;
    44. 

  44. 

  45. #define DEBUG_DBG(...)	debug_sprintf_event(debug_info, 6, ##__VA_ARGS__)
    46. 

  46. #define DEBUG_INFO(...) debug_sprintf_event(debug_info, 5, ##__VA_ARGS__)
    47. 

  47. #define DEBUG_WARN(...) debug_sprintf_event(debug_info, 4, ##__VA_ARGS__)
    48. 

  48. #define DEBUG_ERR(...)	debug_sprintf_event(debug_info, 3, ##__VA_ARGS__)
    49. 

  49. 

  50. static void __init pkey_debug_init(void)
    51. 

  51. {
    52. 

  52. 	debug_info = debug_register("pkey", 1, 1, 4 * sizeof(long));
    53. 

  53. 	debug_register_view(debug_info, &debug_sprintf_view);
    54. 

  54. 	debug_set_level(debug_info, 3);
    55. 

  55. }
    56. 

  56. 

  57. static void __exit pkey_debug_exit(void)
    58. 

  58. {
    59. 

  59. 	debug_unregister(debug_info);
    60. 

  60. }
    61. 

  61. 

  62. /* inside view of a secure key token (only type 0x01 version 0x04) */
    63. 

  63. struct secaeskeytoken {
    64. 

  64. 	u8  type;     /* 0x01 for internal key token */
    65. 

  65. 	u8  res0[3];
    66. 

  66. 	u8  version;  /* should be 0x04 */
    67. 

  67. 	u8  res1[1];
    68. 

  68. 	u8  flag;     /* key flags */
    69. 

  69. 	u8  res2[1];
    70. 

  70. 	u64 mkvp;     /* master key verification pattern */
    71. 

  71. 	u8  key[32];  /* key value (encrypted) */
    72. 

  72. 	u8  cv[8];    /* control vector */
    73. 

  73. 	u16 bitsize;  /* key bit size */
    74. 

  74. 	u16 keysize;  /* key byte size */
    75. 

  75. 	u8  tvv[4];   /* token validation value */
    76. 

  76. } __packed;
    77. 

  77. 

  78. /*
    79. 

  79.  * Simple check if the token is a valid CCA secure AES key
    80. 

  80.  * token. If keybitsize is given, the bitsize of the key is
    81. 

  81.  * also checked. Returns 0 on success or errno value on failure.
    82. 

  82.  */
    83. 

  83. static int check_secaeskeytoken(u8 *token, int keybitsize)
    84. 

  84. {
    85. 

  85. 	struct secaeskeytoken *t = (struct secaeskeytoken *) token;
    86. 

  86. 

  87. 	if (t->type != 0x01) {
    88. 

  88. 		DEBUG_ERR(
    89. 

  89. 			"check_secaeskeytoken secure token check failed, type mismatch 0x%02x != 0x01\n",
    90. 

  90. 			(int) t->type);
    91. 

  91. 		return -EINVAL;
    92. 

  92. 	}
    93. 

  93. 	if (t->version != 0x04) {
    94. 

  94. 		DEBUG_ERR(
    95. 

  95. 			"check_secaeskeytoken secure token check failed, version mismatch 0x%02x != 0x04\n",
    96. 

  96. 			(int) t->version);
    97. 

  97. 		return -EINVAL;
    98. 

  98. 	}
    99. 

  99. 	if (keybitsize > 0 && t->bitsize != keybitsize) {
    100. 

  100. 		DEBUG_ERR(
    101. 

  101. 			"check_secaeskeytoken secure token check failed, bitsize mismatch %d != %d\n",
    102. 

  102. 			(int) t->bitsize, keybitsize);
    103. 

  103. 		return -EINVAL;
    104. 

  104. 	}
    105. 

  105. 

  106. 	return 0;
    107. 

  107. }
    108. 

  108. 

  109. /*
    110. 

  110.  * Allocate consecutive memory for request CPRB, request param
    111. 

  111.  * block, reply CPRB and reply param block and fill in values
    112. 

  112.  * for the common fields. Returns 0 on success or errno value
    113. 

  113.  * on failure.
    114. 

  114.  */
    115. 

  115. static int alloc_and_prep_cprbmem(size_t paramblen,
    116. 

  116. 				  u8 **pcprbmem,
    117. 

  117. 				  struct CPRBX **preqCPRB,
    118. 

  118. 				  struct CPRBX **prepCPRB)
    119. 

  119. {
    120. 

  120. 	u8 *cprbmem;
    121. 

  121. 	size_t cprbplusparamblen = sizeof(struct CPRBX) + paramblen;
    122. 

  122. 	struct CPRBX *preqcblk, *prepcblk;
    123. 

  123. 

  124. 	/*
    125. 

  125. 	 * allocate consecutive memory for request CPRB, request param
    126. 

  126. 	 * block, reply CPRB and reply param block
    127. 

  127. 	 */
    128. 

  128. 	cprbmem = kmalloc(2 * cprbplusparamblen, GFP_KERNEL);
    129. 

  129. 	if (!cprbmem)
    130. 

  130. 		return -ENOMEM;
    131. 

  131. 	memset(cprbmem, 0, 2 * cprbplusparamblen);
    132. 

  132. 

  133. 	preqcblk = (struct CPRBX *) cprbmem;
    134. 

  134. 	prepcblk = (struct CPRBX *) (cprbmem + cprbplusparamblen);
    135. 

  135. 

  136. 	/* fill request cprb struct */
    137. 

  137. 	preqcblk->cprb_len = sizeof(struct CPRBX);
    138. 

  138. 	preqcblk->cprb_ver_id = 0x02;
    139. 

  139. 	memcpy(preqcblk->func_id, "T2", 2);
    140. 

  140. 	preqcblk->rpl_msgbl = cprbplusparamblen;
    141. 

  141. 	if (paramblen) {
    142. 

  142. 		preqcblk->req_parmb =
    143. 

  143. 			((u8 *) preqcblk) + sizeof(struct CPRBX);
    144. 

  144. 		preqcblk->rpl_parmb =
    145. 

  145. 			((u8 *) prepcblk) + sizeof(struct CPRBX);
    146. 

  146. 	}
    147. 

  147. 

  148. 	*pcprbmem = cprbmem;
    149. 

  149. 	*preqCPRB = preqcblk;
    150. 

  150. 	*prepCPRB = prepcblk;
    151. 

  151. 

  152. 	return 0;
    153. 

  153. }
    154. 

  154. 

  155. /*
    156. 

  156.  * Free the cprb memory allocated with the function above.
    157. 

  157.  * If the scrub value is not zero, the memory is filled
    158. 

  158.  * with zeros before freeing (useful if there was some
    159. 

  159.  * clear key material in there).
    160. 

  160.  */
    161. 

  161. static void free_cprbmem(void *mem, size_t paramblen, int scrub)
    162. 

  162. {
    163. 

  163. 	if (scrub)
    164. 

  164. 		memzero_explicit(mem, 2 * (sizeof(struct CPRBX) + paramblen));
    165. 

  165. 	kfree(mem);
    166. 

  166. }
    167. 

  167. 

  168. /*
    169. 

  169.  * Helper function to prepare the xcrb struct
    170. 

  170.  */
    171. 

  171. static inline void prep_xcrb(struct ica_xcRB *pxcrb,
    172. 

  172. 			     u16 cardnr,
    173. 

  173. 			     struct CPRBX *preqcblk,
    174. 

  174. 			     struct CPRBX *prepcblk)
    175. 

  175. {
    176. 

  176. 	memset(pxcrb, 0, sizeof(*pxcrb));
    177. 

  177. 	pxcrb->agent_ID = 0x4341; /* 'CA' */
    178. 

  178. 	pxcrb->user_defined = (cardnr == 0xFFFF ? AUTOSELECT : cardnr);
    179. 

  179. 	pxcrb->request_control_blk_length =
    180. 

  180. 		preqcblk->cprb_len + preqcblk->req_parml;
    181. 

  181. 	pxcrb->request_control_blk_addr = (void *) preqcblk;
    182. 

  182. 	pxcrb->reply_control_blk_length = preqcblk->rpl_msgbl;
    183. 

  183. 	pxcrb->reply_control_blk_addr = (void *) prepcblk;
    184. 

  184. }
    185. 

  185. 

  186. /*
    187. 

  187.  * Helper function which calls zcrypt_send_cprb with
    188. 

  188.  * memory management segment adjusted to kernel space
    189. 

  189.  * so that the copy_from_user called within this
    190. 

  190.  * function do in fact copy from kernel space.
    191. 

  191.  */
    192. 

  192. static inline int _zcrypt_send_cprb(struct ica_xcRB *xcrb)
    193. 

  193. {
    194. 

  194. 	int rc;
    195. 

  195. 	mm_segment_t old_fs = get_fs();
    196. 

  196. 

  197. 	set_fs(KERNEL_DS);
    198. 

  198. 	rc = zcrypt_send_cprb(xcrb);
    199. 

  199. 	set_fs(old_fs);
    200. 

  200. 

  201. 	return rc;
    202. 

  202. }
    203. 

  203. 

  204. /*
    205. 

  205.  * Generate (random) AES secure key.
    206. 

  206.  */
    207. 

  207. int pkey_genseckey(u16 cardnr, u16 domain,
    208. 

  208. 		   u32 keytype, struct pkey_seckey *seckey)
    209. 

  209. {
    210. 

  210. 	int i, rc, keysize;
    211. 

  211. 	int seckeysize;
    212. 

  212. 	u8 *mem;
    213. 

  213. 	struct CPRBX *preqcblk, *prepcblk;
    214. 

  214. 	struct ica_xcRB xcrb;
    215. 

  215. 	struct kgreqparm {
    216. 

  216. 		u8  subfunc_code[2];
    217. 

  217. 		u16 rule_array_len;
    218. 

  218. 		struct lv1 {
    219. 

  219. 			u16 len;
    220. 

  220. 			char  key_form[8];
    221. 

  221. 			char  key_length[8];
    222. 

  222. 			char  key_type1[8];
    223. 

  223. 			char  key_type2[8];
    224. 

  224. 		} lv1;
    225. 

  225. 		struct lv2 {
    226. 

  226. 			u16 len;
    227. 

  227. 			struct keyid {
    228. 

  228. 				u16 len;
    229. 

  229. 				u16 attr;
    230. 

  230. 				u8  data[SECKEYBLOBSIZE];
    231. 

  231. 			} keyid[6];
    232. 

  232. 		} lv2;
    233. 

  233. 	} *preqparm;
    234. 

  234. 	struct kgrepparm {
    235. 

  235. 		u8  subfunc_code[2];
    236. 

  236. 		u16 rule_array_len;
    237. 

  237. 		struct lv3 {
    238. 

  238. 			u16 len;
    239. 

  239. 			u16 keyblocklen;
    240. 

  240. 			struct {
    241. 

  241. 				u16 toklen;
    242. 

  242. 				u16 tokattr;
    243. 

  243. 				u8  tok[0];
    244. 

  244. 				/* ... some more data ... */
    245. 

  245. 			} keyblock;
    246. 

  246. 		} lv3;
    247. 

  247. 	} *prepparm;
    248. 

  248. 

  249. 	/* get already prepared memory for 2 cprbs with param block each */
    250. 

  250. 	rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
    251. 

  251. 	if (rc)
    252. 

  252. 		return rc;
    253. 

  253. 

  254. 	/* fill request cprb struct */
    255. 

  255. 	preqcblk->domain = domain;
    256. 

  256. 

  257. 	/* fill request cprb param block with KG request */
    258. 

  258. 	preqparm = (struct kgreqparm *) preqcblk->req_parmb;
    259. 

  259. 	memcpy(preqparm->subfunc_code, "KG", 2);
    260. 

  260. 	preqparm->rule_array_len = sizeof(preqparm->rule_array_len);
    261. 

  261. 	preqparm->lv1.len = sizeof(struct lv1);
    262. 

  262. 	memcpy(preqparm->lv1.key_form,	 "OP      ", 8);
    263. 

  263. 	switch (keytype) {
    264. 

  264. 	case PKEY_KEYTYPE_AES_128:
    265. 

  265. 		keysize = 16;
    266. 

  266. 		memcpy(preqparm->lv1.key_length, "KEYLN16 ", 8);
    267. 

  267. 		break;
    268. 

  268. 	case PKEY_KEYTYPE_AES_192:
    269. 

  269. 		keysize = 24;
    270. 

  270. 		memcpy(preqparm->lv1.key_length, "KEYLN24 ", 8);
    271. 

  271. 		break;
    272. 

  272. 	case PKEY_KEYTYPE_AES_256:
    273. 

  273. 		keysize = 32;
    274. 

  274. 		memcpy(preqparm->lv1.key_length, "KEYLN32 ", 8);
    275. 

  275. 		break;
    276. 

  276. 	default:
    277. 

  277. 		DEBUG_ERR(
    278. 

  278. 			"pkey_genseckey unknown/unsupported keytype %d\n",
    279. 

  279. 			keytype);
    280. 

  280. 		rc = -EINVAL;
    281. 

  281. 		goto out;
    282. 

  282. 	}
    283. 

  283. 	memcpy(preqparm->lv1.key_type1,  "AESDATA ", 8);
    284. 

  284. 	preqparm->lv2.len = sizeof(struct lv2);
    285. 

  285. 	for (i = 0; i < 6; i++) {
    286. 

  286. 		preqparm->lv2.keyid[i].len = sizeof(struct keyid);
    287. 

  287. 		preqparm->lv2.keyid[i].attr = (i == 2 ? 0x30 : 0x10);
    288. 

  288. 	}
    289. 

  289. 	preqcblk->req_parml = sizeof(struct kgreqparm);
    290. 

  290. 

  291. 	/* fill xcrb struct */
    292. 

  292. 	prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
    293. 

  293. 

  294. 	/* forward xcrb with request CPRB and reply CPRB to zcrypt dd */
    295. 

  295. 	rc = _zcrypt_send_cprb(&xcrb);
    296. 

  296. 	if (rc) {
    297. 

  297. 		DEBUG_ERR(
    298. 

  298. 			"pkey_genseckey zcrypt_send_cprb (cardnr=%d domain=%d) failed with errno %d\n",
    299. 

  299. 			(int) cardnr, (int) domain, rc);
    300. 

  300. 		goto out;
    301. 

  301. 	}
    302. 

  302. 

  303. 	/* check response returncode and reasoncode */
    304. 

  304. 	if (prepcblk->ccp_rtcode != 0) {
    305. 

  305. 		DEBUG_ERR(
    306. 

  306. 			"pkey_genseckey secure key generate failure, card response %d/%d\n",
    307. 

  307. 			(int) prepcblk->ccp_rtcode,
    308. 

  308. 			(int) prepcblk->ccp_rscode);
    309. 

  309. 		rc = -EIO;
    310. 

  310. 		goto out;
    311. 

  311. 	}
    312. 

  312. 

  313. 	/* process response cprb param block */
    314. 

  314. 	prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
    315. 

  315. 	prepparm = (struct kgrepparm *) prepcblk->rpl_parmb;
    316. 

  316. 

  317. 	/* check length of the returned secure key token */
    318. 

  318. 	seckeysize = prepparm->lv3.keyblock.toklen
    319. 

  319. 		- sizeof(prepparm->lv3.keyblock.toklen)
    320. 

  320. 		- sizeof(prepparm->lv3.keyblock.tokattr);
    321. 

  321. 	if (seckeysize != SECKEYBLOBSIZE) {
    322. 

  322. 		DEBUG_ERR(
    323. 

  323. 			"pkey_genseckey secure token size mismatch %d != %d bytes\n",
    324. 

  324. 			seckeysize, SECKEYBLOBSIZE);
    325. 

  325. 		rc = -EIO;
    326. 

  326. 		goto out;
    327. 

  327. 	}
    328. 

  328. 

  329. 	/* check secure key token */
    330. 

  330. 	rc = check_secaeskeytoken(prepparm->lv3.keyblock.tok, 8*keysize);
    331. 

  331. 	if (rc) {
    332. 

  332. 		rc = -EIO;
    333. 

  333. 		goto out;
    334. 

  334. 	}
    335. 

  335. 

  336. 	/* copy the generated secure key token */
    337. 

  337. 	memcpy(seckey->seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE);
    338. 

  338. 

  339. out:
    340. 

  340. 	free_cprbmem(mem, PARMBSIZE, 0);
    341. 

  341. 	return rc;
    342. 

  342. }
    343. 

  343. EXPORT_SYMBOL(pkey_genseckey);
    344. 

  344. 

  345. /*
    346. 

  346.  * Generate an AES secure key with given key value.
    347. 

  347.  */
    348. 

  348. int pkey_clr2seckey(u16 cardnr, u16 domain, u32 keytype,
    349. 

  349. 		    const struct pkey_clrkey *clrkey,
    350. 

  350. 		    struct pkey_seckey *seckey)
    351. 

  351. {
    352. 

  352. 	int rc, keysize, seckeysize;
    353. 

  353. 	u8 *mem;
    354. 

  354. 	struct CPRBX *preqcblk, *prepcblk;
    355. 

  355. 	struct ica_xcRB xcrb;
    356. 

  356. 	struct cmreqparm {
    357. 

  357. 		u8  subfunc_code[2];
    358. 

  358. 		u16 rule_array_len;
    359. 

  359. 		char  rule_array[8];
    360. 

  360. 		struct lv1 {
    361. 

  361. 			u16 len;
    362. 

  362. 			u8  clrkey[0];
    363. 

  363. 		} lv1;
    364. 

  364. 		struct lv2 {
    365. 

  365. 			u16 len;
    366. 

  366. 			struct keyid {
    367. 

  367. 				u16 len;
    368. 

  368. 				u16 attr;
    369. 

  369. 				u8  data[SECKEYBLOBSIZE];
    370. 

  370. 			} keyid;
    371. 

  371. 		} lv2;
    372. 

  372. 	} *preqparm;
    373. 

  373. 	struct lv2 *plv2;
    374. 

  374. 	struct cmrepparm {
    375. 

  375. 		u8  subfunc_code[2];
    376. 

  376. 		u16 rule_array_len;
    377. 

  377. 		struct lv3 {
    378. 

  378. 			u16 len;
    379. 

  379. 			u16 keyblocklen;
    380. 

  380. 			struct {
    381. 

  381. 				u16 toklen;
    382. 

  382. 				u16 tokattr;
    383. 

  383. 				u8  tok[0];
    384. 

  384. 				/* ... some more data ... */
    385. 

  385. 			} keyblock;
    386. 

  386. 		} lv3;
    387. 

  387. 	} *prepparm;
    388. 

  388. 

  389. 	/* get already prepared memory for 2 cprbs with param block each */
    390. 

  390. 	rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
    391. 

  391. 	if (rc)
    392. 

  392. 		return rc;
    393. 

  393. 

  394. 	/* fill request cprb struct */
    395. 

  395. 	preqcblk->domain = domain;
    396. 

  396. 

  397. 	/* fill request cprb param block with CM request */
    398. 

  398. 	preqparm = (struct cmreqparm *) preqcblk->req_parmb;
    399. 

  399. 	memcpy(preqparm->subfunc_code, "CM", 2);
    400. 

  400. 	memcpy(preqparm->rule_array, "AES     ", 8);
    401. 

  401. 	preqparm->rule_array_len =
    402. 

  402. 		sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array);
    403. 

  403. 	switch (keytype) {
    404. 

  404. 	case PKEY_KEYTYPE_AES_128:
    405. 

  405. 		keysize = 16;
    406. 

  406. 		break;
    407. 

  407. 	case PKEY_KEYTYPE_AES_192:
    408. 

  408. 		keysize = 24;
    409. 

  409. 		break;
    410. 

  410. 	case PKEY_KEYTYPE_AES_256:
    411. 

  411. 		keysize = 32;
    412. 

  412. 		break;
    413. 

  413. 	default:
    414. 

  414. 		DEBUG_ERR(
    415. 

  415. 			"pkey_clr2seckey unknown/unsupported keytype %d\n",
    416. 

  416. 			keytype);
    417. 

  417. 		rc = -EINVAL;
    418. 

  418. 		goto out;
    419. 

  419. 	}
    420. 

  420. 	preqparm->lv1.len = sizeof(struct lv1) + keysize;
    421. 

  421. 	memcpy(preqparm->lv1.clrkey, clrkey->clrkey, keysize);
    422. 

  422. 	plv2 = (struct lv2 *) (((u8 *) &preqparm->lv2) + keysize);
    423. 

  423. 	plv2->len = sizeof(struct lv2);
    424. 

  424. 	plv2->keyid.len = sizeof(struct keyid);
    425. 

  425. 	plv2->keyid.attr = 0x30;
    426. 

  426. 	preqcblk->req_parml = sizeof(struct cmreqparm) + keysize;
    427. 

  427. 

  428. 	/* fill xcrb struct */
    429. 

  429. 	prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
    430. 

  430. 

  431. 	/* forward xcrb with request CPRB and reply CPRB to zcrypt dd */
    432. 

  432. 	rc = _zcrypt_send_cprb(&xcrb);
    433. 

  433. 	if (rc) {
    434. 

  434. 		DEBUG_ERR(
    435. 

  435. 			"pkey_clr2seckey zcrypt_send_cprb (cardnr=%d domain=%d) failed with errno %d\n",
    436. 

  436. 			(int) cardnr, (int) domain, rc);
    437. 

  437. 		goto out;
    438. 

  438. 	}
    439. 

  439. 

  440. 	/* check response returncode and reasoncode */
    441. 

  441. 	if (prepcblk->ccp_rtcode != 0) {
    442. 

  442. 		DEBUG_ERR(
    443. 

  443. 			"pkey_clr2seckey clear key import failure, card response %d/%d\n",
    444. 

  444. 			(int) prepcblk->ccp_rtcode,
    445. 

  445. 			(int) prepcblk->ccp_rscode);
    446. 

  446. 		rc = -EIO;
    447. 

  447. 		goto out;
    448. 

  448. 	}
    449. 

  449. 

  450. 	/* process response cprb param block */
    451. 

  451. 	prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
    452. 

  452. 	prepparm = (struct cmrepparm *) prepcblk->rpl_parmb;
    453. 

  453. 

  454. 	/* check length of the returned secure key token */
    455. 

  455. 	seckeysize = prepparm->lv3.keyblock.toklen
    456. 

  456. 		- sizeof(prepparm->lv3.keyblock.toklen)
    457. 

  457. 		- sizeof(prepparm->lv3.keyblock.tokattr);
    458. 

  458. 	if (seckeysize != SECKEYBLOBSIZE) {
    459. 

  459. 		DEBUG_ERR(
    460. 

  460. 			"pkey_clr2seckey secure token size mismatch %d != %d bytes\n",
    461. 

  461. 			seckeysize, SECKEYBLOBSIZE);
    462. 

  462. 		rc = -EIO;
    463. 

  463. 		goto out;
    464. 

  464. 	}
    465. 

  465. 

  466. 	/* check secure key token */
    467. 

  467. 	rc = check_secaeskeytoken(prepparm->lv3.keyblock.tok, 8*keysize);
    468. 

  468. 	if (rc) {
    469. 

  469. 		rc = -EIO;
    470. 

  470. 		goto out;
    471. 

  471. 	}
    472. 

  472. 

  473. 	/* copy the generated secure key token */
    474. 

  474. 	memcpy(seckey->seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE);
    475. 

  475. 

  476. out:
    477. 

  477. 	free_cprbmem(mem, PARMBSIZE, 1);
    478. 

  478. 	return rc;
    479. 

  479. }
    480. 

  480. EXPORT_SYMBOL(pkey_clr2seckey);
    481. 

  481. 

  482. /*
    483. 

  483.  * Derive a proteced key from the secure key blob.
    484. 

  484.  */
    485. 

  485. int pkey_sec2protkey(u16 cardnr, u16 domain,
    486. 

  486. 		     const struct pkey_seckey *seckey,
    487. 

  487. 		     struct pkey_protkey *protkey)
    488. 

  488. {
    489. 

  489. 	int rc;
    490. 

  490. 	u8 *mem;
    491. 

  491. 	struct CPRBX *preqcblk, *prepcblk;
    492. 

  492. 	struct ica_xcRB xcrb;
    493. 

  493. 	struct uskreqparm {
    494. 

  494. 		u8  subfunc_code[2];
    495. 

  495. 		u16 rule_array_len;
    496. 

  496. 		struct lv1 {
    497. 

  497. 			u16 len;
    498. 

  498. 			u16 attr_len;
    499. 

  499. 			u16 attr_flags;
    500. 

  500. 		} lv1;
    501. 

  501. 		struct lv2 {
    502. 

  502. 			u16 len;
    503. 

  503. 			u16 attr_len;
    504. 

  504. 			u16 attr_flags;
    505. 

  505. 			u8  token[0];	      /* cca secure key token */
    506. 

  506. 		} lv2 __packed;
    507. 

  507. 	} *preqparm;
    508. 

  508. 	struct uskrepparm {
    509. 

  509. 		u8  subfunc_code[2];
    510. 

  510. 		u16 rule_array_len;
    511. 

  511. 		struct lv3 {
    512. 

  512. 			u16 len;
    513. 

  513. 			u16 attr_len;
    514. 

  514. 			u16 attr_flags;
    515. 

  515. 			struct cpacfkeyblock {
    516. 

  516. 				u8  version;  /* version of this struct */
    517. 

  517. 				u8  flags[2];
    518. 

  518. 				u8  algo;
    519. 

  519. 				u8  form;
    520. 

  520. 				u8  pad1[3];
    521. 

  521. 				u16 keylen;
    522. 

  522. 				u8  key[64];  /* the key (keylen bytes) */
    523. 

  523. 				u16 keyattrlen;
    524. 

  524. 				u8  keyattr[32];
    525. 

  525. 				u8  pad2[1];
    526. 

  526. 				u8  vptype;
    527. 

  527. 				u8  vp[32];  /* verification pattern */
    528. 

  528. 			} keyblock;
    529. 

  529. 		} lv3 __packed;
    530. 

  530. 	} *prepparm;
    531. 

  531. 

  532. 	/* get already prepared memory for 2 cprbs with param block each */
    533. 

  533. 	rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
    534. 

  534. 	if (rc)
    535. 

  535. 		return rc;
    536. 

  536. 

  537. 	/* fill request cprb struct */
    538. 

  538. 	preqcblk->domain = domain;
    539. 

  539. 

  540. 	/* fill request cprb param block with USK request */
    541. 

  541. 	preqparm = (struct uskreqparm *) preqcblk->req_parmb;
    542. 

  542. 	memcpy(preqparm->subfunc_code, "US", 2);
    543. 

  543. 	preqparm->rule_array_len = sizeof(preqparm->rule_array_len);
    544. 

  544. 	preqparm->lv1.len = sizeof(struct lv1);
    545. 

  545. 	preqparm->lv1.attr_len = sizeof(struct lv1) - sizeof(preqparm->lv1.len);
    546. 

  546. 	preqparm->lv1.attr_flags = 0x0001;
    547. 

  547. 	preqparm->lv2.len = sizeof(struct lv2) + SECKEYBLOBSIZE;
    548. 

  548. 	preqparm->lv2.attr_len = sizeof(struct lv2)
    549. 

  549. 		- sizeof(preqparm->lv2.len) + SECKEYBLOBSIZE;
    550. 

  550. 	preqparm->lv2.attr_flags = 0x0000;
    551. 

  551. 	memcpy(preqparm->lv2.token, seckey->seckey, SECKEYBLOBSIZE);
    552. 

  552. 	preqcblk->req_parml = sizeof(struct uskreqparm) + SECKEYBLOBSIZE;
    553. 

  553. 

  554. 	/* fill xcrb struct */
    555. 

  555. 	prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
    556. 

  556. 

  557. 	/* forward xcrb with request CPRB and reply CPRB to zcrypt dd */
    558. 

  558. 	rc = _zcrypt_send_cprb(&xcrb);
    559. 

  559. 	if (rc) {
    560. 

  560. 		DEBUG_ERR(
    561. 

  561. 			"pkey_sec2protkey zcrypt_send_cprb (cardnr=%d domain=%d) failed with errno %d\n",
    562. 

  562. 			(int) cardnr, (int) domain, rc);
    563. 

  563. 		goto out;
    564. 

  564. 	}
    565. 

  565. 

  566. 	/* check response returncode and reasoncode */
    567. 

  567. 	if (prepcblk->ccp_rtcode != 0) {
    568. 

  568. 		DEBUG_ERR(
    569. 

  569. 			"pkey_sec2protkey unwrap secure key failure, card response %d/%d\n",
    570. 

  570. 			(int) prepcblk->ccp_rtcode,
    571. 

  571. 			(int) prepcblk->ccp_rscode);
    572. 

  572. 		rc = -EIO;
    573. 

  573. 		goto out;
    574. 

  574. 	}
    575. 

  575. 

  576. 	/* process response cprb param block */
    577. 

  577. 	prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
    578. 

  578. 	prepparm = (struct uskrepparm *) prepcblk->rpl_parmb;
    579. 

  579. 

  580. 	/* check the returned keyblock */
    581. 

  581. 	if (prepparm->lv3.keyblock.version != 0x01) {
    582. 

  582. 		DEBUG_ERR(
    583. 

  583. 			"pkey_sec2protkey reply param keyblock version mismatch 0x%02x != 0x01\n",
    584. 

  584. 			(int) prepparm->lv3.keyblock.version);
    585. 

  585. 		rc = -EIO;
    586. 

  586. 		goto out;
    587. 

  587. 	}
    588. 

  588. 

  589. 	/* copy the tanslated protected key */
    590. 

  590. 	switch (prepparm->lv3.keyblock.keylen) {
    591. 

  591. 	case 16+32:
    592. 

  592. 		protkey->type = PKEY_KEYTYPE_AES_128;
    593. 

  593. 		break;
    594. 

  594. 	case 24+32:
    595. 

  595. 		protkey->type = PKEY_KEYTYPE_AES_192;
    596. 

  596. 		break;
    597. 

  597. 	case 32+32:
    598. 

  598. 		protkey->type = PKEY_KEYTYPE_AES_256;
    599. 

  599. 		break;
    600. 

  600. 	default:
    601. 

  601. 		DEBUG_ERR("pkey_sec2protkey unknown/unsupported keytype %d\n",
    602. 

  602. 			  prepparm->lv3.keyblock.keylen);
    603. 

  603. 		rc = -EIO;
    604. 

  604. 		goto out;
    605. 

  605. 	}
    606. 

  606. 	protkey->len = prepparm->lv3.keyblock.keylen;
    607. 

  607. 	memcpy(protkey->protkey, prepparm->lv3.keyblock.key, protkey->len);
    608. 

  608. 

  609. out:
    610. 

  610. 	free_cprbmem(mem, PARMBSIZE, 0);
    611. 

  611. 	return rc;
    612. 

  612. }
    613. 

  613. EXPORT_SYMBOL(pkey_sec2protkey);
    614. 

  614. 

  615. /*
    616. 

  616.  * Create a protected key from a clear key value.
    617. 

  617.  */
    618. 

  618. int pkey_clr2protkey(u32 keytype,
    619. 

  619. 		     const struct pkey_clrkey *clrkey,
    620. 

  620. 		     struct pkey_protkey *protkey)
    621. 

  621. {
    622. 

  622. 	long fc;
    623. 

  623. 	int keysize;
    624. 

  624. 	u8 paramblock[64];
    625. 

  625. 

  626. 	switch (keytype) {
    627. 

  627. 	case PKEY_KEYTYPE_AES_128:
    628. 

  628. 		keysize = 16;
    629. 

  629. 		fc = CPACF_PCKMO_ENC_AES_128_KEY;
    630. 

  630. 		break;
    631. 

  631. 	case PKEY_KEYTYPE_AES_192:
    632. 

  632. 		keysize = 24;
    633. 

  633. 		fc = CPACF_PCKMO_ENC_AES_192_KEY;
    634. 

  634. 		break;
    635. 

  635. 	case PKEY_KEYTYPE_AES_256:
    636. 

  636. 		keysize = 32;
    637. 

  637. 		fc = CPACF_PCKMO_ENC_AES_256_KEY;
    638. 

  638. 		break;
    639. 

  639. 	default:
    640. 

  640. 		DEBUG_ERR("pkey_clr2protkey unknown/unsupported keytype %d\n",
    641. 

  641. 			  keytype);
    642. 

  642. 		return -EINVAL;
    643. 

  643. 	}
    644. 

  644. 

  645. 	/* prepare param block */
    646. 

  646. 	memset(paramblock, 0, sizeof(paramblock));
    647. 

  647. 	memcpy(paramblock, clrkey->clrkey, keysize);
    648. 

  648. 

  649. 	/* call the pckmo instruction */
    650. 

  650. 	cpacf_pckmo(fc, paramblock);
    651. 

  651. 

  652. 	/* copy created protected key */
    653. 

  653. 	protkey->type = keytype;
    654. 

  654. 	protkey->len = keysize + 32;
    655. 

  655. 	memcpy(protkey->protkey, paramblock, keysize + 32);
    656. 

  656. 

  657. 	return 0;
    658. 

  658. }
    659. 

  659. EXPORT_SYMBOL(pkey_clr2protkey);
    660. 

  660. 

  661. /*
    662. 

  662.  * query cryptographic facility from adapter
    663. 

  663.  */
    664. 

  664. static int query_crypto_facility(u16 cardnr, u16 domain,
    665. 

  665. 				 const char *keyword,
    666. 

  666. 				 u8 *rarray, size_t *rarraylen,
    667. 

  667. 				 u8 *varray, size_t *varraylen)
    668. 

  668. {
    669. 

  669. 	int rc;
    670. 

  670. 	u16 len;
    671. 

  671. 	u8 *mem, *ptr;
    672. 

  672. 	struct CPRBX *preqcblk, *prepcblk;
    673. 

  673. 	struct ica_xcRB xcrb;
    674. 

  674. 	struct fqreqparm {
    675. 

  675. 		u8  subfunc_code[2];
    676. 

  676. 		u16 rule_array_len;
    677. 

  677. 		char  rule_array[8];
    678. 

  678. 		struct lv1 {
    679. 

  679. 			u16 len;
    680. 

  680. 			u8  data[VARDATASIZE];
    681. 

  681. 		} lv1;
    682. 

  682. 		u16 dummylen;
    683. 

  683. 	} *preqparm;
    684. 

  684. 	size_t parmbsize = sizeof(struct fqreqparm);
    685. 

  685. 	struct fqrepparm {
    686. 

  686. 		u8  subfunc_code[2];
    687. 

  687. 		u8  lvdata[0];
    688. 

  688. 	} *prepparm;
    689. 

  689. 

  690. 	/* get already prepared memory for 2 cprbs with param block each */
    691. 

  691. 	rc = alloc_and_prep_cprbmem(parmbsize, &mem, &preqcblk, &prepcblk);
    692. 

  692. 	if (rc)
    693. 

  693. 		return rc;
    694. 

  694. 

  695. 	/* fill request cprb struct */
    696. 

  696. 	preqcblk->domain = domain;
    697. 

  697. 

  698. 	/* fill request cprb param block with FQ request */
    699. 

  699. 	preqparm = (struct fqreqparm *) preqcblk->req_parmb;
    700. 

  700. 	memcpy(preqparm->subfunc_code, "FQ", 2);
    701. 

  701. 	strncpy(preqparm->rule_array, keyword, sizeof(preqparm->rule_array));
    702. 

  702. 	preqparm->rule_array_len =
    703. 

  703. 		sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array);
    704. 

  704. 	preqparm->lv1.len = sizeof(preqparm->lv1);
    705. 

  705. 	preqparm->dummylen = sizeof(preqparm->dummylen);
    706. 

  706. 	preqcblk->req_parml = parmbsize;
    707. 

  707. 

  708. 	/* fill xcrb struct */
    709. 

  709. 	prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
    710. 

  710. 

  711. 	/* forward xcrb with request CPRB and reply CPRB to zcrypt dd */
    712. 

  712. 	rc = _zcrypt_send_cprb(&xcrb);
    713. 

  713. 	if (rc) {
    714. 

  714. 		DEBUG_ERR(
    715. 

  715. 			"query_crypto_facility zcrypt_send_cprb (cardnr=%d domain=%d) failed with errno %d\n",
    716. 

  716. 			(int) cardnr, (int) domain, rc);
    717. 

  717. 		goto out;
    718. 

  718. 	}
    719. 

  719. 

  720. 	/* check response returncode and reasoncode */
    721. 

  721. 	if (prepcblk->ccp_rtcode != 0) {
    722. 

  722. 		DEBUG_ERR(
    723. 

  723. 			"query_crypto_facility unwrap secure key failure, card response %d/%d\n",
    724. 

  724. 			(int) prepcblk->ccp_rtcode,
    725. 

  725. 			(int) prepcblk->ccp_rscode);
    726. 

  726. 		rc = -EIO;
    727. 

  727. 		goto out;
    728. 

  728. 	}
    729. 

  729. 

  730. 	/* process response cprb param block */
    731. 

  731. 	prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
    732. 

  732. 	prepparm = (struct fqrepparm *) prepcblk->rpl_parmb;
    733. 

  733. 	ptr = prepparm->lvdata;
    734. 

  734. 

  735. 	/* check and possibly copy reply rule array */
    736. 

  736. 	len = *((u16 *) ptr);
    737. 

  737. 	if (len > sizeof(u16)) {
    738. 

  738. 		ptr += sizeof(u16);
    739. 

  739. 		len -= sizeof(u16);
    740. 

  740. 		if (rarray && rarraylen && *rarraylen > 0) {
    741. 

  741. 			*rarraylen = (len > *rarraylen ? *rarraylen : len);
    742. 

  742. 			memcpy(rarray, ptr, *rarraylen);
    743. 

  743. 		}
    744. 

  744. 		ptr += len;
    745. 

  745. 	}
    746. 

  746. 	/* check and possible copy reply var array */
    747. 

  747. 	len = *((u16 *) ptr);
    748. 

  748. 	if (len > sizeof(u16)) {
    749. 

  749. 		ptr += sizeof(u16);
    750. 

  750. 		len -= sizeof(u16);
    751. 

  751. 		if (varray && varraylen && *varraylen > 0) {
    752. 

  752. 			*varraylen = (len > *varraylen ? *varraylen : len);
    753. 

  753. 			memcpy(varray, ptr, *varraylen);
    754. 

  754. 		}
    755. 

  755. 		ptr += len;
    756. 

  756. 	}
    757. 

  757. 

  758. out:
    759. 

  759. 	free_cprbmem(mem, parmbsize, 0);
    760. 

  760. 	return rc;
    761. 

  761. }
    762. 

  762. 

  763. /*
    764. 

  764.  * Fetch just the mkvp value via query_crypto_facility from adapter.
    765. 

  765.  */
    766. 

  766. static int fetch_mkvp(u16 cardnr, u16 domain, u64 *mkvp)
    767. 

  767. {
    768. 

  768. 	int rc, found = 0;
    769. 

  769. 	size_t rlen, vlen;
    770. 

  770. 	u8 *rarray, *varray, *pg;
    771. 

  771. 

  772. 	pg = (u8 *) __get_free_page(GFP_KERNEL);
    773. 

  773. 	if (!pg)
    774. 

  774. 		return -ENOMEM;
    775. 

  775. 	rarray = pg;
    776. 

  776. 	varray = pg + PAGE_SIZE/2;
    777. 

  777. 	rlen = vlen = PAGE_SIZE/2;
    778. 

  778. 

  779. 	rc = query_crypto_facility(cardnr, domain, "STATICSA",
    780. 

  780. 				   rarray, &rlen, varray, &vlen);
    781. 

  781. 	if (rc == 0 && rlen > 8*8 && vlen > 184+8) {
    782. 

  782. 		if (rarray[64] == '2') {
    783. 

  783. 			/* current master key state is valid */
    784. 

  784. 			*mkvp = *((u64 *)(varray + 184));
    785. 

  785. 			found = 1;
    786. 

  786. 		}
    787. 

  787. 	}
    788. 

  788. 

  789. 	free_page((unsigned long) pg);
    790. 

  790. 

  791. 	return found ? 0 : -ENOENT;
    792. 

  792. }
    793. 

  793. 

  794. /* struct to hold cached mkvp info for each card/domain */
    795. 

  795. struct mkvp_info {
    796. 

  796. 	struct list_head list;
    797. 

  797. 	u16 cardnr;
    798. 

  798. 	u16 domain;
    799. 

  799. 	u64 mkvp;
    800. 

  800. };
    801. 

  801. 

  802. /* a list with mkvp_info entries */
    803. 

  803. static LIST_HEAD(mkvp_list);
    804. 

  804. static DEFINE_SPINLOCK(mkvp_list_lock);
    805. 

  805. 

  806. static int mkvp_cache_fetch(u16 cardnr, u16 domain, u64 *mkvp)
    807. 

  807. {
    808. 

  808. 	int rc = -ENOENT;
    809. 

  809. 	struct mkvp_info *ptr;
    810. 

  810. 

  811. 	spin_lock_bh(&mkvp_list_lock);
    812. 

  812. 	list_for_each_entry(ptr, &mkvp_list, list) {
    813. 

  813. 		if (ptr->cardnr == cardnr &&
    814. 

  814. 		    ptr->domain == domain) {
    815. 

  815. 			*mkvp = ptr->mkvp;
    816. 

  816. 			rc = 0;
    817. 

  817. 			break;
    818. 

  818. 		}
    819. 

  819. 	}
    820. 

  820. 	spin_unlock_bh(&mkvp_list_lock);
    821. 

  821. 

  822. 	return rc;
    823. 

  823. }
    824. 

  824. 

  825. static void mkvp_cache_update(u16 cardnr, u16 domain, u64 mkvp)
    826. 

  826. {
    827. 

  827. 	int found = 0;
    828. 

  828. 	struct mkvp_info *ptr;
    829. 

  829. 

  830. 	spin_lock_bh(&mkvp_list_lock);
    831. 

  831. 	list_for_each_entry(ptr, &mkvp_list, list) {
    832. 

  832. 		if (ptr->cardnr == cardnr &&
    833. 

  833. 		    ptr->domain == domain) {
    834. 

  834. 			ptr->mkvp = mkvp;
    835. 

  835. 			found = 1;
    836. 

  836. 			break;
    837. 

  837. 		}
    838. 

  838. 	}
    839. 

  839. 	if (!found) {
    840. 

  840. 		ptr = kmalloc(sizeof(*ptr), GFP_ATOMIC);
    841. 

  841. 		if (!ptr) {
    842. 

  842. 			spin_unlock_bh(&mkvp_list_lock);
    843. 

  843. 			return;
    844. 

  844. 		}
    845. 

  845. 		ptr->cardnr = cardnr;
    846. 

  846. 		ptr->domain = domain;
    847. 

  847. 		ptr->mkvp = mkvp;
    848. 

  848. 		list_add(&ptr->list, &mkvp_list);
    849. 

  849. 	}
    850. 

  850. 	spin_unlock_bh(&mkvp_list_lock);
    851. 

  851. }
    852. 

  852. 

  853. static void mkvp_cache_scrub(u16 cardnr, u16 domain)
    854. 

  854. {
    855. 

  855. 	struct mkvp_info *ptr;
    856. 

  856. 

  857. 	spin_lock_bh(&mkvp_list_lock);
    858. 

  858. 	list_for_each_entry(ptr, &mkvp_list, list) {
    859. 

  859. 		if (ptr->cardnr == cardnr &&
    860. 

  860. 		    ptr->domain == domain) {
    861. 

  861. 			list_del(&ptr->list);
    862. 

  862. 			kfree(ptr);
    863. 

  863. 			break;
    864. 

  864. 		}
    865. 

  865. 	}
    866. 

  866. 	spin_unlock_bh(&mkvp_list_lock);
    867. 

  867. }
    868. 

  868. 

  869. static void __exit mkvp_cache_free(void)
    870. 

  870. {
    871. 

  871. 	struct mkvp_info *ptr, *pnext;
    872. 

  872. 

  873. 	spin_lock_bh(&mkvp_list_lock);
    874. 

  874. 	list_for_each_entry_safe(ptr, pnext, &mkvp_list, list) {
    875. 

  875. 		list_del(&ptr->list);
    876. 

  876. 		kfree(ptr);
    877. 

  877. 	}
    878. 

  878. 	spin_unlock_bh(&mkvp_list_lock);
    879. 

  879. }
    880. 

  880. 

  881. /*
    882. 

  882.  * Search for a matching crypto card based on the Master Key
    883. 

  883.  * Verification Pattern provided inside a secure key.
    884. 

  884.  */
    885. 

  885. int pkey_findcard(const struct pkey_seckey *seckey,
    886. 

  886. 		  u16 *pcardnr, u16 *pdomain, int verify)
    887. 

  887. {
    888. 

  888. 	struct secaeskeytoken *t = (struct secaeskeytoken *) seckey;
    889. 

  889. 	struct zcrypt_device_matrix *device_matrix;
    890. 

  890. 	u16 card, dom;
    891. 

  891. 	u64 mkvp;
    892. 

  892. 	int i, rc;
    893. 

  893. 

  894. 	/* mkvp must not be zero */
    895. 

  895. 	if (t->mkvp == 0)
    896. 

  896. 		return -EINVAL;
    897. 

  897. 

  898. 	/* fetch status of all crypto cards */
    899. 

  899. 	device_matrix = kmalloc(sizeof(struct zcrypt_device_matrix),
    900. 

  900. 				GFP_KERNEL);
    901. 

  901. 	if (!device_matrix)
    902. 

  902. 		return -ENOMEM;
    903. 

  903. 	zcrypt_device_status_mask(device_matrix);
    904. 

  904. 

  905. 	/* walk through all crypto cards */
    906. 

  906. 	for (i = 0; i < MAX_ZDEV_ENTRIES; i++) {
    907. 

  907. 		card = AP_QID_CARD(device_matrix->device[i].qid);
    908. 

  908. 		dom = AP_QID_QUEUE(device_matrix->device[i].qid);
    909. 

  909. 		if (device_matrix->device[i].online &&
    910. 

  910. 		    device_matrix->device[i].functions & 0x04) {
    911. 

  911. 			/* an enabled CCA Coprocessor card */
    912. 

  912. 			/* try cached mkvp */
    913. 

  913. 			if (mkvp_cache_fetch(card, dom, &mkvp) == 0 &&
    914. 

  914. 			    t->mkvp == mkvp) {
    915. 

  915. 				if (!verify)
    916. 

  916. 					break;
    917. 

  917. 				/* verify: fetch mkvp from adapter */
    918. 

  918. 				if (fetch_mkvp(card, dom, &mkvp) == 0) {
    919. 

  919. 					mkvp_cache_update(card, dom, mkvp);
    920. 

  920. 					if (t->mkvp == mkvp)
    921. 

  921. 						break;
    922. 

  922. 				}
    923. 

  923. 			}
    924. 

  924. 		} else {
    925. 

  925. 			/* Card is offline and/or not a CCA card. */
    926. 

  926. 			/* del mkvp entry from cache if it exists */
    927. 

  927. 			mkvp_cache_scrub(card, dom);
    928. 

  928. 		}
    929. 

  929. 	}
    930. 

  930. 	if (i >= MAX_ZDEV_ENTRIES) {
    931. 

  931. 		/* nothing found, so this time without cache */
    932. 

  932. 		for (i = 0; i < MAX_ZDEV_ENTRIES; i++) {
    933. 

  933. 			if (!(device_matrix->device[i].online &&
    934. 

  934. 			      device_matrix->device[i].functions & 0x04))
    935. 

  935. 				continue;
    936. 

  936. 			card = AP_QID_CARD(device_matrix->device[i].qid);
    937. 

  937. 			dom = AP_QID_QUEUE(device_matrix->device[i].qid);
    938. 

  938. 			/* fresh fetch mkvp from adapter */
    939. 

  939. 			if (fetch_mkvp(card, dom, &mkvp) == 0) {
    940. 

  940. 				mkvp_cache_update(card, dom, mkvp);
    941. 

  941. 				if (t->mkvp == mkvp)
    942. 

  942. 					break;
    943. 

  943. 			}
    944. 

  944. 		}
    945. 

  945. 	}
    946. 

  946. 	if (i < MAX_ZDEV_ENTRIES) {
    947. 

  947. 		if (pcardnr)
    948. 

  948. 			*pcardnr = card;
    949. 

  949. 		if (pdomain)
    950. 

  950. 			*pdomain = dom;
    951. 

  951. 		rc = 0;
    952. 

  952. 	} else
    953. 

  953. 		rc = -ENODEV;
    954. 

  954. 

  955. 	kfree(device_matrix);
    956. 

  956. 	return rc;
    957. 

  957. }
    958. 

  958. EXPORT_SYMBOL(pkey_findcard);
    959. 

  959. 

  960. /*
    961. 

  961.  * Find card and transform secure key into protected key.
    962. 

  962.  */
    963. 

  963. int pkey_skey2pkey(const struct pkey_seckey *seckey,
    964. 

  964. 		   struct pkey_protkey *protkey)
    965. 

  965. {
    966. 

  966. 	u16 cardnr, domain;
    967. 

  967. 	int rc, verify;
    968. 

  968. 

  969. 	/*
    970. 

  970. 	 * The pkey_sec2protkey call may fail when a card has been
    971. 

  971. 	 * addressed where the master key was changed after last fetch
    972. 

  972. 	 * of the mkvp into the cache. So first try without verify then
    973. 

  973. 	 * with verify enabled (thus refreshing the mkvp for each card).
    974. 

  974. 	 */
    975. 

  975. 	for (verify = 0; verify < 2; verify++) {
    976. 

  976. 		rc = pkey_findcard(seckey, &cardnr, &domain, verify);
    977. 

  977. 		if (rc)
    978. 

  978. 			continue;
    979. 

  979. 		rc = pkey_sec2protkey(cardnr, domain, seckey, protkey);
    980. 

  980. 		if (rc == 0)
    981. 

  981. 			break;
    982. 

  982. 	}
    983. 

  983. 

  984. 	if (rc)
    985. 

  985. 		DEBUG_DBG("pkey_skey2pkey failed rc=%d\n", rc);
    986. 

  986. 

  987. 	return rc;
    988. 

  988. }
    989. 

  989. EXPORT_SYMBOL(pkey_skey2pkey);
    990. 

  990. 

  991. /*
    992. 

  992.  * File io functions
    993. 

  993.  */
    994. 

  994. 

  995. static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
    996. 

  996. 				unsigned long arg)
    997. 

  997. {
    998. 

  998. 	int rc;
    999. 

  999. 

  1000. 	switch (cmd) {
    1001. 

  1001. 	case PKEY_GENSECK: {
    1002. 

  1002. 		struct pkey_genseck __user *ugs = (void __user *) arg;
    1003. 

  1003. 		struct pkey_genseck kgs;
    1004. 

  1004. 

  1005. 		if (copy_from_user(&kgs, ugs, sizeof(kgs)))
    1006. 

  1006. 			return -EFAULT;
    1007. 

  1007. 		rc = pkey_genseckey(kgs.cardnr, kgs.domain,
    1008. 

  1008. 				    kgs.keytype, &kgs.seckey);
    1009. 

  1009. 		DEBUG_DBG("pkey_ioctl pkey_genseckey()=%d\n", rc);
    1010. 

  1010. 		if (rc)
    1011. 

  1011. 			break;
    1012. 

  1012. 		if (copy_to_user(ugs, &kgs, sizeof(kgs)))
    1013. 

  1013. 			return -EFAULT;
    1014. 

  1014. 		break;
    1015. 

  1015. 	}
    1016. 

  1016. 	case PKEY_CLR2SECK: {
    1017. 

  1017. 		struct pkey_clr2seck __user *ucs = (void __user *) arg;
    1018. 

  1018. 		struct pkey_clr2seck kcs;
    1019. 

  1019. 

  1020. 		if (copy_from_user(&kcs, ucs, sizeof(kcs)))
    1021. 

  1021. 			return -EFAULT;
    1022. 

  1022. 		rc = pkey_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype,
    1023. 

  1023. 				     &kcs.clrkey, &kcs.seckey);
    1024. 

  1024. 		DEBUG_DBG("pkey_ioctl pkey_clr2seckey()=%d\n", rc);
    1025. 

  1025. 		if (rc)
    1026. 

  1026. 			break;
    1027. 

  1027. 		if (copy_to_user(ucs, &kcs, sizeof(kcs)))
    1028. 

  1028. 			return -EFAULT;
    1029. 

  1029. 		memzero_explicit(&kcs, sizeof(kcs));
    1030. 

  1030. 		break;
    1031. 

  1031. 	}
    1032. 

  1032. 	case PKEY_SEC2PROTK: {
    1033. 

  1033. 		struct pkey_sec2protk __user *usp = (void __user *) arg;
    1034. 

  1034. 		struct pkey_sec2protk ksp;
    1035. 

  1035. 

  1036. 		if (copy_from_user(&ksp, usp, sizeof(ksp)))
    1037. 

  1037. 			return -EFAULT;
    1038. 

  1038. 		rc = pkey_sec2protkey(ksp.cardnr, ksp.domain,
    1039. 

  1039. 				      &ksp.seckey, &ksp.protkey);
    1040. 

  1040. 		DEBUG_DBG("pkey_ioctl pkey_sec2protkey()=%d\n", rc);
    1041. 

  1041. 		if (rc)
    1042. 

  1042. 			break;
    1043. 

  1043. 		if (copy_to_user(usp, &ksp, sizeof(ksp)))
    1044. 

  1044. 			return -EFAULT;
    1045. 

  1045. 		break;
    1046. 

  1046. 	}
    1047. 

  1047. 	case PKEY_CLR2PROTK: {
    1048. 

  1048. 		struct pkey_clr2protk __user *ucp = (void __user *) arg;
    1049. 

  1049. 		struct pkey_clr2protk kcp;
    1050. 

  1050. 

  1051. 		if (copy_from_user(&kcp, ucp, sizeof(kcp)))
    1052. 

  1052. 			return -EFAULT;
    1053. 

  1053. 		rc = pkey_clr2protkey(kcp.keytype,
    1054. 

  1054. 				      &kcp.clrkey, &kcp.protkey);
    1055. 

  1055. 		DEBUG_DBG("pkey_ioctl pkey_clr2protkey()=%d\n", rc);
    1056. 

  1056. 		if (rc)
    1057. 

  1057. 			break;
    1058. 

  1058. 		if (copy_to_user(ucp, &kcp, sizeof(kcp)))
    1059. 

  1059. 			return -EFAULT;
    1060. 

  1060. 		memzero_explicit(&kcp, sizeof(kcp));
    1061. 

  1061. 		break;
    1062. 

  1062. 	}
    1063. 

  1063. 	case PKEY_FINDCARD: {
    1064. 

  1064. 		struct pkey_findcard __user *ufc = (void __user *) arg;
    1065. 

  1065. 		struct pkey_findcard kfc;
    1066. 

  1066. 

  1067. 		if (copy_from_user(&kfc, ufc, sizeof(kfc)))
    1068. 

  1068. 			return -EFAULT;
    1069. 

  1069. 		rc = pkey_findcard(&kfc.seckey,
    1070. 

  1070. 				   &kfc.cardnr, &kfc.domain, 1);
    1071. 

  1071. 		DEBUG_DBG("pkey_ioctl pkey_findcard()=%d\n", rc);
    1072. 

  1072. 		if (rc)
    1073. 

  1073. 			break;
    1074. 

  1074. 		if (copy_to_user(ufc, &kfc, sizeof(kfc)))
    1075. 

  1075. 			return -EFAULT;
    1076. 

  1076. 		break;
    1077. 

  1077. 	}
    1078. 

  1078. 	case PKEY_SKEY2PKEY: {
    1079. 

  1079. 		struct pkey_skey2pkey __user *usp = (void __user *) arg;
    1080. 

  1080. 		struct pkey_skey2pkey ksp;
    1081. 

  1081. 

  1082. 		if (copy_from_user(&ksp, usp, sizeof(ksp)))
    1083. 

  1083. 			return -EFAULT;
    1084. 

  1084. 		rc = pkey_skey2pkey(&ksp.seckey, &ksp.protkey);
    1085. 

  1085. 		DEBUG_DBG("pkey_ioctl pkey_skey2pkey()=%d\n", rc);
    1086. 

  1086. 		if (rc)
    1087. 

  1087. 			break;
    1088. 

  1088. 		if (copy_to_user(usp, &ksp, sizeof(ksp)))
    1089. 

  1089. 			return -EFAULT;
    1090. 

  1090. 		break;
    1091. 

  1091. 	}
    1092. 

  1092. 	default:
    1093. 

  1093. 		/* unknown/unsupported ioctl cmd */
    1094. 

  1094. 		return -ENOTTY;
    1095. 

  1095. 	}
    1096. 

  1096. 

  1097. 	return rc;
    1098. 

  1098. }
    1099. 

  1099. 

  1100. /*
    1101. 

  1101.  * Sysfs and file io operations
    1102. 

  1102.  */
    1103. 

  1103. static const struct file_operations pkey_fops = {
    1104. 

  1104. 	.owner		= THIS_MODULE,
    1105. 

  1105. 	.open		= nonseekable_open,
    1106. 

  1106. 	.llseek		= no_llseek,
    1107. 

  1107. 	.unlocked_ioctl = pkey_unlocked_ioctl,
    1108. 

  1108. };
    1109. 

  1109. 

  1110. static struct miscdevice pkey_dev = {
    1111. 

  1111. 	.name	= "pkey",
    1112. 

  1112. 	.minor	= MISC_DYNAMIC_MINOR,
    1113. 

  1113. 	.mode	= 0666,
    1114. 

  1114. 	.fops	= &pkey_fops,
    1115. 

  1115. };
    1116. 

  1116. 

  1117. /*
    1118. 

  1118.  * Module init
    1119. 

  1119.  */
    1120. 

  1120. int __init pkey_init(void)
    1121. 

  1121. {
    1122. 

  1122. 	cpacf_mask_t pckmo_functions;
    1123. 

  1123. 

  1124. 	/* check for pckmo instructions available */
    1125. 

  1125. 	if (!cpacf_query(CPACF_PCKMO, &pckmo_functions))
    1126. 

  1126. 		return -EOPNOTSUPP;
    1127. 

  1127. 	if (!cpacf_test_func(&pckmo_functions, CPACF_PCKMO_ENC_AES_128_KEY) ||
    1128. 

  1128. 	    !cpacf_test_func(&pckmo_functions, CPACF_PCKMO_ENC_AES_192_KEY) ||
    1129. 

  1129. 	    !cpacf_test_func(&pckmo_functions, CPACF_PCKMO_ENC_AES_256_KEY))
    1130. 

  1130. 		return -EOPNOTSUPP;
    1131. 

  1131. 

  1132. 	pkey_debug_init();
    1133. 

  1133. 

  1134. 	return misc_register(&pkey_dev);
    1135. 

  1135. }
    1136. 

  1136. 

  1137. /*
    1138. 

  1138.  * Module exit
    1139. 

  1139.  */
    1140. 

  1140. static void __exit pkey_exit(void)
    1141. 

  1141. {
    1142. 

  1142. 	misc_deregister(&pkey_dev);
    1143. 

  1143. 	mkvp_cache_free();
    1144. 

  1144. 	pkey_debug_exit();
    1145. 

  1145. }
    1146. 

  1146. 

  1147. module_init(pkey_init);
    1148. 

  1148. module_exit(pkey_exit);
    1149.