pkey_base.h 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240
  1. /* SPDX-License-Identifier: GPL-2.0+ */
  2. /*
  3. * Copyright IBM Corp. 2024
  4. *
  5. * Pkey base: debug feature, defines and structs
  6. * common to all pkey code.
  7. */
  8. #ifndef _PKEY_BASE_H_
  9. #define _PKEY_BASE_H_
  10. #include <linux/types.h>
  11. #include <asm/debug.h>
  12. #include <asm/pkey.h>
  13. /*
  14. * pkey debug feature
  15. */
  16. extern debug_info_t *pkey_dbf_info;
  17. #define PKEY_DBF_INFO(...) debug_sprintf_event(pkey_dbf_info, 5, ##__VA_ARGS__)
  18. #define PKEY_DBF_WARN(...) debug_sprintf_event(pkey_dbf_info, 4, ##__VA_ARGS__)
  19. #define PKEY_DBF_ERR(...) debug_sprintf_event(pkey_dbf_info, 3, ##__VA_ARGS__)
  20. /*
  21. * common defines and common structs
  22. */
  23. #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */
  24. #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header))
  25. #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */
  26. #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */
  27. #define AES_WK_VP_SIZE 32 /* Size of WK VP block appended to a prot key */
  28. /* inside view of a generic protected key token */
  29. struct protkeytoken {
  30. u8 type; /* 0x00 for PAES specific key tokens */
  31. u8 res0[3];
  32. u8 version; /* should be 0x01 for protected key token */
  33. u8 res1[3];
  34. u32 keytype; /* key type, one of the PKEY_KEYTYPE values */
  35. u32 len; /* bytes actually stored in protkey[] */
  36. u8 protkey[]; /* the protected key blob */
  37. } __packed;
  38. /* inside view of a protected AES key token */
  39. struct protaeskeytoken {
  40. u8 type; /* 0x00 for PAES specific key tokens */
  41. u8 res0[3];
  42. u8 version; /* should be 0x01 for protected key token */
  43. u8 res1[3];
  44. u32 keytype; /* key type, one of the PKEY_KEYTYPE values */
  45. u32 len; /* bytes actually stored in protkey[] */
  46. u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */
  47. } __packed;
  48. /* inside view of a clear key token (type 0x00 version 0x02) */
  49. struct clearkeytoken {
  50. u8 type; /* 0x00 for PAES specific key tokens */
  51. u8 res0[3];
  52. u8 version; /* 0x02 for clear key token */
  53. u8 res1[3];
  54. u32 keytype; /* key type, one of the PKEY_KEYTYPE_* values */
  55. u32 len; /* bytes actually stored in clearkey[] */
  56. u8 clearkey[]; /* clear key value */
  57. } __packed;
  58. /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */
  59. static inline u32 pkey_keytype_aes_to_size(u32 keytype)
  60. {
  61. switch (keytype) {
  62. case PKEY_KEYTYPE_AES_128:
  63. return 16;
  64. case PKEY_KEYTYPE_AES_192:
  65. return 24;
  66. case PKEY_KEYTYPE_AES_256:
  67. return 32;
  68. default:
  69. return 0;
  70. }
  71. }
  72. /* helper function which translates AES key bit size into PKEY_KEYTYPE_AES_* */
  73. static inline u32 pkey_aes_bitsize_to_keytype(u32 keybitsize)
  74. {
  75. switch (keybitsize) {
  76. case 128:
  77. return PKEY_KEYTYPE_AES_128;
  78. case 192:
  79. return PKEY_KEYTYPE_AES_192;
  80. case 256:
  81. return PKEY_KEYTYPE_AES_256;
  82. default:
  83. return 0;
  84. }
  85. }
  86. /*
  87. * helper function which translates the PKEY_KEYTYPE_*
  88. * to the protected key size minus the WK VP length
  89. */
  90. static inline u32 pkey_keytype_to_size(u32 keytype)
  91. {
  92. switch (keytype) {
  93. case PKEY_KEYTYPE_AES_128:
  94. return 16;
  95. case PKEY_KEYTYPE_AES_192:
  96. return 24;
  97. case PKEY_KEYTYPE_AES_256:
  98. return 32;
  99. case PKEY_KEYTYPE_ECC_P256:
  100. return 32;
  101. case PKEY_KEYTYPE_ECC_P384:
  102. return 48;
  103. case PKEY_KEYTYPE_ECC_P521:
  104. return 80;
  105. case PKEY_KEYTYPE_ECC_ED25519:
  106. return 32;
  107. case PKEY_KEYTYPE_ECC_ED448:
  108. return 54;
  109. case PKEY_KEYTYPE_AES_XTS_128:
  110. return 32;
  111. case PKEY_KEYTYPE_AES_XTS_256:
  112. return 64;
  113. case PKEY_KEYTYPE_HMAC_512:
  114. return 64;
  115. case PKEY_KEYTYPE_HMAC_1024:
  116. return 128;
  117. default:
  118. return 0;
  119. }
  120. }
  121. /*
  122. * pkey_api.c:
  123. */
  124. int __init pkey_api_init(void);
  125. void __exit pkey_api_exit(void);
  126. /*
  127. * pkey_sysfs.c:
  128. */
  129. extern const struct attribute_group *pkey_attr_groups[];
  130. /*
  131. * pkey handler registry
  132. */
  133. struct pkey_handler {
  134. struct module *module;
  135. const char *name;
  136. /*
  137. * is_supported_key() and is_supported_keytype() are called
  138. * within an rcu_read_lock() scope and thus must not sleep!
  139. */
  140. bool (*is_supported_key)(const u8 *key, u32 keylen);
  141. bool (*is_supported_keytype)(enum pkey_key_type);
  142. int (*key_to_protkey)(const struct pkey_apqn *apqns, size_t nr_apqns,
  143. const u8 *key, u32 keylen,
  144. u8 *protkey, u32 *protkeylen, u32 *protkeytype,
  145. u32 xflags);
  146. int (*slowpath_key_to_protkey)(const struct pkey_apqn *apqns,
  147. size_t nr_apqns,
  148. const u8 *key, u32 keylen,
  149. u8 *protkey, u32 *protkeylen,
  150. u32 *protkeytype, u32 xflags);
  151. int (*gen_key)(const struct pkey_apqn *apqns, size_t nr_apqns,
  152. u32 keytype, u32 keysubtype,
  153. u32 keybitsize, u32 flags,
  154. u8 *keybuf, u32 *keybuflen, u32 *keyinfo, u32 xflags);
  155. int (*clr_to_key)(const struct pkey_apqn *apqns, size_t nr_apqns,
  156. u32 keytype, u32 keysubtype,
  157. u32 keybitsize, u32 flags,
  158. const u8 *clrkey, u32 clrkeylen,
  159. u8 *keybuf, u32 *keybuflen, u32 *keyinfo, u32 xflags);
  160. int (*verify_key)(const u8 *key, u32 keylen,
  161. u16 *card, u16 *dom,
  162. u32 *keytype, u32 *keybitsize, u32 *flags,
  163. u32 xflags);
  164. int (*apqns_for_key)(const u8 *key, u32 keylen, u32 flags,
  165. struct pkey_apqn *apqns, size_t *nr_apqns,
  166. u32 xflags);
  167. int (*apqns_for_keytype)(enum pkey_key_type ktype,
  168. u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
  169. struct pkey_apqn *apqns, size_t *nr_apqns,
  170. u32 xflags);
  171. /* used internal by pkey base */
  172. struct list_head list;
  173. };
  174. int pkey_handler_register(struct pkey_handler *handler);
  175. int pkey_handler_unregister(struct pkey_handler *handler);
  176. /*
  177. * invocation function for the registered pkey handlers
  178. */
  179. const struct pkey_handler *pkey_handler_get_keybased(const u8 *key, u32 keylen);
  180. const struct pkey_handler *pkey_handler_get_keytypebased(enum pkey_key_type kt);
  181. void pkey_handler_put(const struct pkey_handler *handler);
  182. int pkey_handler_key_to_protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
  183. const u8 *key, u32 keylen,
  184. u8 *protkey, u32 *protkeylen, u32 *protkeytype,
  185. u32 xflags);
  186. int pkey_handler_slowpath_key_to_protkey(const struct pkey_apqn *apqns,
  187. size_t nr_apqns,
  188. const u8 *key, u32 keylen,
  189. u8 *protkey, u32 *protkeylen,
  190. u32 *protkeytype, u32 xflags);
  191. int pkey_handler_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns,
  192. u32 keytype, u32 keysubtype,
  193. u32 keybitsize, u32 flags,
  194. u8 *keybuf, u32 *keybuflen, u32 *keyinfo, u32 xflags);
  195. int pkey_handler_clr_to_key(const struct pkey_apqn *apqns, size_t nr_apqns,
  196. u32 keytype, u32 keysubtype,
  197. u32 keybitsize, u32 flags,
  198. const u8 *clrkey, u32 clrkeylen,
  199. u8 *keybuf, u32 *keybuflen, u32 *keyinfo,
  200. u32 xflags);
  201. int pkey_handler_verify_key(const u8 *key, u32 keylen,
  202. u16 *card, u16 *dom,
  203. u32 *keytype, u32 *keybitsize, u32 *flags,
  204. u32 xflags);
  205. int pkey_handler_apqns_for_key(const u8 *key, u32 keylen, u32 flags,
  206. struct pkey_apqn *apqns, size_t *nr_apqns,
  207. u32 xflags);
  208. int pkey_handler_apqns_for_keytype(enum pkey_key_type ktype,
  209. u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
  210. struct pkey_apqn *apqns, size_t *nr_apqns,
  211. u32 xflags);
  212. /*
  213. * Unconditional try to load all handler modules
  214. */
  215. void pkey_handler_request_modules(void);
  216. #endif /* _PKEY_BASE_H_ */