pkey_sysfs.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * pkey module sysfs related functions
  4. *
  5. * Copyright IBM Corp. 2024
  6. */
  7. #define pr_fmt(fmt) "pkey: " fmt
  8. #include <linux/sysfs.h>
  9. #include "zcrypt_ccamisc.h"
  10. #include "zcrypt_ep11misc.h"
  11. #include "pkey_base.h"
  12. /*
  13. * Wrapper around pkey_handler_gen_key() which deals with the
  14. * ENODEV return code and then tries to enforce a pkey handler
  15. * module load.
  16. */
  17. static int sys_pkey_handler_gen_key(u32 keytype, u32 keysubtype,
  18. u32 keybitsize, u32 flags,
  19. u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
  20. {
  21. int rc;
  22. rc = pkey_handler_gen_key(NULL, 0,
  23. keytype, keysubtype,
  24. keybitsize, flags,
  25. keybuf, keybuflen, keyinfo, 0);
  26. if (rc == -ENODEV) {
  27. pkey_handler_request_modules();
  28. rc = pkey_handler_gen_key(NULL, 0,
  29. keytype, keysubtype,
  30. keybitsize, flags,
  31. keybuf, keybuflen, keyinfo, 0);
  32. }
  33. return rc;
  34. }
  35. /*
  36. * Sysfs attribute read function for all protected key binary attributes.
  37. * The implementation can not deal with partial reads, because a new random
  38. * protected key blob is generated with each read. In case of partial reads
  39. * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
  40. */
  41. static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
  42. loff_t off, size_t count)
  43. {
  44. struct protaeskeytoken protkeytoken;
  45. struct pkey_protkey protkey;
  46. int rc;
  47. if (off != 0 || count < sizeof(protkeytoken))
  48. return -EINVAL;
  49. if (is_xts)
  50. if (count < 2 * sizeof(protkeytoken))
  51. return -EINVAL;
  52. memset(&protkeytoken, 0, sizeof(protkeytoken));
  53. protkeytoken.type = TOKTYPE_NON_CCA;
  54. protkeytoken.version = TOKVER_PROTECTED_KEY;
  55. protkeytoken.keytype = keytype;
  56. protkey.len = sizeof(protkey.protkey);
  57. rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
  58. protkey.protkey, &protkey.len,
  59. &protkey.type);
  60. if (rc)
  61. return rc;
  62. protkeytoken.len = protkey.len;
  63. memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
  64. memcpy(buf, &protkeytoken, sizeof(protkeytoken));
  65. if (is_xts) {
  66. /* xts needs a second protected key, reuse protkey struct */
  67. protkey.len = sizeof(protkey.protkey);
  68. rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
  69. protkey.protkey, &protkey.len,
  70. &protkey.type);
  71. if (rc)
  72. return rc;
  73. protkeytoken.len = protkey.len;
  74. memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
  75. memcpy(buf + sizeof(protkeytoken), &protkeytoken,
  76. sizeof(protkeytoken));
  77. return 2 * sizeof(protkeytoken);
  78. }
  79. return sizeof(protkeytoken);
  80. }
  81. /*
  82. * Sysfs attribute read function for the AES XTS prot key binary attributes.
  83. * The implementation can not deal with partial reads, because a new random
  84. * protected key blob is generated with each read. In case of partial reads
  85. * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
  86. */
  87. static ssize_t pkey_protkey_aes_xts_attr_read(u32 keytype, char *buf,
  88. loff_t off, size_t count)
  89. {
  90. struct protkeytoken *t = (struct protkeytoken *)buf;
  91. u32 protlen, prottype;
  92. int rc;
  93. switch (keytype) {
  94. case PKEY_KEYTYPE_AES_XTS_128:
  95. protlen = 64;
  96. break;
  97. case PKEY_KEYTYPE_AES_XTS_256:
  98. protlen = 96;
  99. break;
  100. default:
  101. return -EINVAL;
  102. }
  103. if (off != 0 || count < sizeof(*t) + protlen)
  104. return -EINVAL;
  105. memset(t, 0, sizeof(*t) + protlen);
  106. t->type = TOKTYPE_NON_CCA;
  107. t->version = TOKVER_PROTECTED_KEY;
  108. t->keytype = keytype;
  109. rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
  110. t->protkey, &protlen, &prottype);
  111. if (rc)
  112. return rc;
  113. t->len = protlen;
  114. return sizeof(*t) + protlen;
  115. }
  116. /*
  117. * Sysfs attribute read function for the HMAC prot key binary attributes.
  118. * The implementation can not deal with partial reads, because a new random
  119. * protected key blob is generated with each read. In case of partial reads
  120. * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
  121. */
  122. static ssize_t pkey_protkey_hmac_attr_read(u32 keytype, char *buf,
  123. loff_t off, size_t count)
  124. {
  125. struct protkeytoken *t = (struct protkeytoken *)buf;
  126. u32 protlen, prottype;
  127. int rc;
  128. switch (keytype) {
  129. case PKEY_KEYTYPE_HMAC_512:
  130. protlen = 96;
  131. break;
  132. case PKEY_KEYTYPE_HMAC_1024:
  133. protlen = 160;
  134. break;
  135. default:
  136. return -EINVAL;
  137. }
  138. if (off != 0 || count < sizeof(*t) + protlen)
  139. return -EINVAL;
  140. memset(t, 0, sizeof(*t) + protlen);
  141. t->type = TOKTYPE_NON_CCA;
  142. t->version = TOKVER_PROTECTED_KEY;
  143. t->keytype = keytype;
  144. rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
  145. t->protkey, &protlen, &prottype);
  146. if (rc)
  147. return rc;
  148. t->len = protlen;
  149. return sizeof(*t) + protlen;
  150. }
  151. static ssize_t protkey_aes_128_read(struct file *filp,
  152. struct kobject *kobj,
  153. const struct bin_attribute *attr,
  154. char *buf, loff_t off,
  155. size_t count)
  156. {
  157. return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
  158. off, count);
  159. }
  160. static ssize_t protkey_aes_192_read(struct file *filp,
  161. struct kobject *kobj,
  162. const struct bin_attribute *attr,
  163. char *buf, loff_t off,
  164. size_t count)
  165. {
  166. return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
  167. off, count);
  168. }
  169. static ssize_t protkey_aes_256_read(struct file *filp,
  170. struct kobject *kobj,
  171. const struct bin_attribute *attr,
  172. char *buf, loff_t off,
  173. size_t count)
  174. {
  175. return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
  176. off, count);
  177. }
  178. static ssize_t protkey_aes_128_xts_read(struct file *filp,
  179. struct kobject *kobj,
  180. const struct bin_attribute *attr,
  181. char *buf, loff_t off,
  182. size_t count)
  183. {
  184. return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
  185. off, count);
  186. }
  187. static ssize_t protkey_aes_256_xts_read(struct file *filp,
  188. struct kobject *kobj,
  189. const struct bin_attribute *attr,
  190. char *buf, loff_t off,
  191. size_t count)
  192. {
  193. return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
  194. off, count);
  195. }
  196. static ssize_t protkey_aes_xts_128_read(struct file *filp,
  197. struct kobject *kobj,
  198. const struct bin_attribute *attr,
  199. char *buf, loff_t off,
  200. size_t count)
  201. {
  202. return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_128,
  203. buf, off, count);
  204. }
  205. static ssize_t protkey_aes_xts_256_read(struct file *filp,
  206. struct kobject *kobj,
  207. const struct bin_attribute *attr,
  208. char *buf, loff_t off,
  209. size_t count)
  210. {
  211. return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_256,
  212. buf, off, count);
  213. }
  214. static ssize_t protkey_hmac_512_read(struct file *filp,
  215. struct kobject *kobj,
  216. const struct bin_attribute *attr,
  217. char *buf, loff_t off,
  218. size_t count)
  219. {
  220. return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_512,
  221. buf, off, count);
  222. }
  223. static ssize_t protkey_hmac_1024_read(struct file *filp,
  224. struct kobject *kobj,
  225. const struct bin_attribute *attr,
  226. char *buf, loff_t off,
  227. size_t count)
  228. {
  229. return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_1024,
  230. buf, off, count);
  231. }
  232. static const BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
  233. static const BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
  234. static const BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
  235. static const BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
  236. static const BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
  237. static const BIN_ATTR_RO(protkey_aes_xts_128, sizeof(struct protkeytoken) + 64);
  238. static const BIN_ATTR_RO(protkey_aes_xts_256, sizeof(struct protkeytoken) + 96);
  239. static const BIN_ATTR_RO(protkey_hmac_512, sizeof(struct protkeytoken) + 96);
  240. static const BIN_ATTR_RO(protkey_hmac_1024, sizeof(struct protkeytoken) + 160);
  241. static const struct bin_attribute *const protkey_attrs[] = {
  242. &bin_attr_protkey_aes_128,
  243. &bin_attr_protkey_aes_192,
  244. &bin_attr_protkey_aes_256,
  245. &bin_attr_protkey_aes_128_xts,
  246. &bin_attr_protkey_aes_256_xts,
  247. &bin_attr_protkey_aes_xts_128,
  248. &bin_attr_protkey_aes_xts_256,
  249. &bin_attr_protkey_hmac_512,
  250. &bin_attr_protkey_hmac_1024,
  251. NULL
  252. };
  253. static const struct attribute_group protkey_attr_group = {
  254. .name = "protkey",
  255. .bin_attrs = protkey_attrs,
  256. };
  257. /*
  258. * Sysfs attribute read function for all secure key ccadata binary attributes.
  259. * The implementation can not deal with partial reads, because a new random
  260. * protected key blob is generated with each read. In case of partial reads
  261. * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
  262. */
  263. static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
  264. loff_t off, size_t count)
  265. {
  266. struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
  267. u32 buflen;
  268. int rc;
  269. if (off != 0 || count < sizeof(struct secaeskeytoken))
  270. return -EINVAL;
  271. if (is_xts)
  272. if (count < 2 * sizeof(struct secaeskeytoken))
  273. return -EINVAL;
  274. buflen = sizeof(seckey->seckey);
  275. rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
  276. seckey->seckey, &buflen, NULL);
  277. if (rc)
  278. return rc;
  279. if (is_xts) {
  280. seckey++;
  281. buflen = sizeof(seckey->seckey);
  282. rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
  283. seckey->seckey, &buflen, NULL);
  284. if (rc)
  285. return rc;
  286. return 2 * sizeof(struct secaeskeytoken);
  287. }
  288. return sizeof(struct secaeskeytoken);
  289. }
  290. static ssize_t ccadata_aes_128_read(struct file *filp,
  291. struct kobject *kobj,
  292. const struct bin_attribute *attr,
  293. char *buf, loff_t off,
  294. size_t count)
  295. {
  296. return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
  297. off, count);
  298. }
  299. static ssize_t ccadata_aes_192_read(struct file *filp,
  300. struct kobject *kobj,
  301. const struct bin_attribute *attr,
  302. char *buf, loff_t off,
  303. size_t count)
  304. {
  305. return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
  306. off, count);
  307. }
  308. static ssize_t ccadata_aes_256_read(struct file *filp,
  309. struct kobject *kobj,
  310. const struct bin_attribute *attr,
  311. char *buf, loff_t off,
  312. size_t count)
  313. {
  314. return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
  315. off, count);
  316. }
  317. static ssize_t ccadata_aes_128_xts_read(struct file *filp,
  318. struct kobject *kobj,
  319. const struct bin_attribute *attr,
  320. char *buf, loff_t off,
  321. size_t count)
  322. {
  323. return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
  324. off, count);
  325. }
  326. static ssize_t ccadata_aes_256_xts_read(struct file *filp,
  327. struct kobject *kobj,
  328. const struct bin_attribute *attr,
  329. char *buf, loff_t off,
  330. size_t count)
  331. {
  332. return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
  333. off, count);
  334. }
  335. static const BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken));
  336. static const BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken));
  337. static const BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken));
  338. static const BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken));
  339. static const BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken));
  340. static const struct bin_attribute *const ccadata_attrs[] = {
  341. &bin_attr_ccadata_aes_128,
  342. &bin_attr_ccadata_aes_192,
  343. &bin_attr_ccadata_aes_256,
  344. &bin_attr_ccadata_aes_128_xts,
  345. &bin_attr_ccadata_aes_256_xts,
  346. NULL
  347. };
  348. static const struct attribute_group ccadata_attr_group = {
  349. .name = "ccadata",
  350. .bin_attrs = ccadata_attrs,
  351. };
  352. #define CCACIPHERTOKENSIZE (sizeof(struct cipherkeytoken) + 80)
  353. /*
  354. * Sysfs attribute read function for all secure key ccacipher binary attributes.
  355. * The implementation can not deal with partial reads, because a new random
  356. * secure key blob is generated with each read. In case of partial reads
  357. * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
  358. */
  359. static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
  360. bool is_xts, char *buf, loff_t off,
  361. size_t count)
  362. {
  363. u32 keysize = CCACIPHERTOKENSIZE;
  364. int rc;
  365. if (off != 0 || count < CCACIPHERTOKENSIZE)
  366. return -EINVAL;
  367. if (is_xts)
  368. if (count < 2 * CCACIPHERTOKENSIZE)
  369. return -EINVAL;
  370. memset(buf, 0, is_xts ? 2 * keysize : keysize);
  371. rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
  372. PKEY_TYPE_CCA_CIPHER, keybits, 0,
  373. buf, &keysize, NULL);
  374. if (rc)
  375. return rc;
  376. if (is_xts) {
  377. keysize = CCACIPHERTOKENSIZE;
  378. buf += CCACIPHERTOKENSIZE;
  379. rc = sys_pkey_handler_gen_key(
  380. pkey_aes_bitsize_to_keytype(keybits),
  381. PKEY_TYPE_CCA_CIPHER, keybits, 0,
  382. buf, &keysize, NULL);
  383. if (rc)
  384. return rc;
  385. return 2 * CCACIPHERTOKENSIZE;
  386. }
  387. return CCACIPHERTOKENSIZE;
  388. }
  389. static ssize_t ccacipher_aes_128_read(struct file *filp,
  390. struct kobject *kobj,
  391. const struct bin_attribute *attr,
  392. char *buf, loff_t off,
  393. size_t count)
  394. {
  395. return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
  396. off, count);
  397. }
  398. static ssize_t ccacipher_aes_192_read(struct file *filp,
  399. struct kobject *kobj,
  400. const struct bin_attribute *attr,
  401. char *buf, loff_t off,
  402. size_t count)
  403. {
  404. return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
  405. off, count);
  406. }
  407. static ssize_t ccacipher_aes_256_read(struct file *filp,
  408. struct kobject *kobj,
  409. const struct bin_attribute *attr,
  410. char *buf, loff_t off,
  411. size_t count)
  412. {
  413. return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
  414. off, count);
  415. }
  416. static ssize_t ccacipher_aes_128_xts_read(struct file *filp,
  417. struct kobject *kobj,
  418. const struct bin_attribute *attr,
  419. char *buf, loff_t off,
  420. size_t count)
  421. {
  422. return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
  423. off, count);
  424. }
  425. static ssize_t ccacipher_aes_256_xts_read(struct file *filp,
  426. struct kobject *kobj,
  427. const struct bin_attribute *attr,
  428. char *buf, loff_t off,
  429. size_t count)
  430. {
  431. return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
  432. off, count);
  433. }
  434. static const BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE);
  435. static const BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE);
  436. static const BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE);
  437. static const BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE);
  438. static const BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE);
  439. static const struct bin_attribute *const ccacipher_attrs[] = {
  440. &bin_attr_ccacipher_aes_128,
  441. &bin_attr_ccacipher_aes_192,
  442. &bin_attr_ccacipher_aes_256,
  443. &bin_attr_ccacipher_aes_128_xts,
  444. &bin_attr_ccacipher_aes_256_xts,
  445. NULL
  446. };
  447. static const struct attribute_group ccacipher_attr_group = {
  448. .name = "ccacipher",
  449. .bin_attrs = ccacipher_attrs,
  450. };
  451. /*
  452. * Sysfs attribute read function for all ep11 aes key binary attributes.
  453. * The implementation can not deal with partial reads, because a new random
  454. * secure key blob is generated with each read. In case of partial reads
  455. * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
  456. * This function and the sysfs attributes using it provide EP11 key blobs
  457. * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently
  458. * 336 bytes.
  459. */
  460. static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
  461. bool is_xts, char *buf, loff_t off,
  462. size_t count)
  463. {
  464. u32 keysize = MAXEP11AESKEYBLOBSIZE;
  465. int rc;
  466. if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
  467. return -EINVAL;
  468. if (is_xts)
  469. if (count < 2 * MAXEP11AESKEYBLOBSIZE)
  470. return -EINVAL;
  471. memset(buf, 0, is_xts ? 2 * keysize : keysize);
  472. rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
  473. PKEY_TYPE_EP11_AES, keybits, 0,
  474. buf, &keysize, NULL);
  475. if (rc)
  476. return rc;
  477. if (is_xts) {
  478. keysize = MAXEP11AESKEYBLOBSIZE;
  479. buf += MAXEP11AESKEYBLOBSIZE;
  480. rc = sys_pkey_handler_gen_key(
  481. pkey_aes_bitsize_to_keytype(keybits),
  482. PKEY_TYPE_EP11_AES, keybits, 0,
  483. buf, &keysize, NULL);
  484. if (rc)
  485. return rc;
  486. return 2 * MAXEP11AESKEYBLOBSIZE;
  487. }
  488. return MAXEP11AESKEYBLOBSIZE;
  489. }
  490. static ssize_t ep11_aes_128_read(struct file *filp,
  491. struct kobject *kobj,
  492. const struct bin_attribute *attr,
  493. char *buf, loff_t off,
  494. size_t count)
  495. {
  496. return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
  497. off, count);
  498. }
  499. static ssize_t ep11_aes_192_read(struct file *filp,
  500. struct kobject *kobj,
  501. const struct bin_attribute *attr,
  502. char *buf, loff_t off,
  503. size_t count)
  504. {
  505. return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
  506. off, count);
  507. }
  508. static ssize_t ep11_aes_256_read(struct file *filp,
  509. struct kobject *kobj,
  510. const struct bin_attribute *attr,
  511. char *buf, loff_t off,
  512. size_t count)
  513. {
  514. return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
  515. off, count);
  516. }
  517. static ssize_t ep11_aes_128_xts_read(struct file *filp,
  518. struct kobject *kobj,
  519. const struct bin_attribute *attr,
  520. char *buf, loff_t off,
  521. size_t count)
  522. {
  523. return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
  524. off, count);
  525. }
  526. static ssize_t ep11_aes_256_xts_read(struct file *filp,
  527. struct kobject *kobj,
  528. const struct bin_attribute *attr,
  529. char *buf, loff_t off,
  530. size_t count)
  531. {
  532. return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
  533. off, count);
  534. }
  535. static const BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE);
  536. static const BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE);
  537. static const BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE);
  538. static const BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE);
  539. static const BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE);
  540. static const struct bin_attribute *const ep11_attrs[] = {
  541. &bin_attr_ep11_aes_128,
  542. &bin_attr_ep11_aes_192,
  543. &bin_attr_ep11_aes_256,
  544. &bin_attr_ep11_aes_128_xts,
  545. &bin_attr_ep11_aes_256_xts,
  546. NULL
  547. };
  548. static const struct attribute_group ep11_attr_group = {
  549. .name = "ep11",
  550. .bin_attrs = ep11_attrs,
  551. };
  552. const struct attribute_group *pkey_attr_groups[] = {
  553. &protkey_attr_group,
  554. &ccadata_attr_group,
  555. &ccacipher_attr_group,
  556. &ep11_attr_group,
  557. NULL,
  558. };