zcrypt_ep11misc.c 41 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636
  1. // SPDX-License-Identifier: GPL-2.0+
  2. /*
  3. * Copyright IBM Corp. 2019
  4. * Author(s): Harald Freudenberger <freude@linux.ibm.com>
  5. *
  6. * Collection of EP11 misc functions used by zcrypt and pkey
  7. */
  8. #define pr_fmt(fmt) "zcrypt: " fmt
  9. #include <linux/export.h>
  10. #include <linux/init.h>
  11. #include <linux/mempool.h>
  12. #include <linux/module.h>
  13. #include <linux/random.h>
  14. #include <linux/slab.h>
  15. #include <asm/zcrypt.h>
  16. #include <asm/pkey.h>
  17. #include <crypto/aes.h>
  18. #include "ap_bus.h"
  19. #include "zcrypt_api.h"
  20. #include "zcrypt_debug.h"
  21. #include "zcrypt_msgtype6.h"
  22. #include "zcrypt_ep11misc.h"
  23. #include "zcrypt_ccamisc.h"
  24. #define EP11_PINBLOB_V1_BYTES 56
  25. /* default iv used here */
  26. static const u8 def_iv[16] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  27. 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
  28. /*
  29. * Cprb memory pool held for urgent cases where no memory
  30. * can be allocated via kmalloc. This pool is only used when
  31. * alloc_cprbmem() is called with the xflag ZCRYPT_XFLAG_NOMEMALLOC.
  32. */
  33. #define CPRB_MEMPOOL_ITEM_SIZE (8 * 1024)
  34. static mempool_t *cprb_mempool;
  35. /*
  36. * This is a pre-allocated memory for the device status array
  37. * used within the ep11_findcard2() function. It is currently
  38. * 128 * 128 * 4 bytes = 64 KB big. Usage of this memory is
  39. * controlled via dev_status_mem_mutex. Needs adaption if more
  40. * than 128 cards or domains to be are supported.
  41. */
  42. #define ZCRYPT_DEV_STATUS_CARD_MAX 128
  43. #define ZCRYPT_DEV_STATUS_QUEUE_MAX 128
  44. #define ZCRYPT_DEV_STATUS_ENTRIES (ZCRYPT_DEV_STATUS_CARD_MAX * \
  45. ZCRYPT_DEV_STATUS_QUEUE_MAX)
  46. #define ZCRYPT_DEV_STATUS_EXT_SIZE (ZCRYPT_DEV_STATUS_ENTRIES * \
  47. sizeof(struct zcrypt_device_status_ext))
  48. static void *dev_status_mem;
  49. static DEFINE_MUTEX(dev_status_mem_mutex);
  50. static int ep11_kb_split(const u8 *kb, size_t kblen, u32 kbver,
  51. struct ep11kblob_header **kbhdr, size_t *kbhdrsize,
  52. u8 **kbpl, size_t *kbplsize)
  53. {
  54. struct ep11kblob_header *hdr = NULL;
  55. size_t hdrsize, plsize = 0;
  56. int rc = -EINVAL;
  57. u8 *pl = NULL;
  58. if (kblen < sizeof(struct ep11kblob_header))
  59. goto out;
  60. hdr = (struct ep11kblob_header *)kb;
  61. switch (kbver) {
  62. case TOKVER_EP11_AES:
  63. /* header overlays the payload */
  64. hdrsize = 0;
  65. break;
  66. case TOKVER_EP11_ECC_WITH_HEADER:
  67. case TOKVER_EP11_AES_WITH_HEADER:
  68. /* payload starts after the header */
  69. hdrsize = sizeof(struct ep11kblob_header);
  70. break;
  71. default:
  72. goto out;
  73. }
  74. plsize = kblen - hdrsize;
  75. pl = (u8 *)kb + hdrsize;
  76. if (kbhdr)
  77. *kbhdr = hdr;
  78. if (kbhdrsize)
  79. *kbhdrsize = hdrsize;
  80. if (kbpl)
  81. *kbpl = pl;
  82. if (kbplsize)
  83. *kbplsize = plsize;
  84. rc = 0;
  85. out:
  86. return rc;
  87. }
  88. static int ep11_kb_decode(const u8 *kb, size_t kblen,
  89. struct ep11kblob_header **kbhdr, size_t *kbhdrsize,
  90. struct ep11keyblob **kbpl, size_t *kbplsize)
  91. {
  92. struct ep11kblob_header *tmph, *hdr = NULL;
  93. size_t hdrsize = 0, plsize = 0;
  94. struct ep11keyblob *pl = NULL;
  95. int rc = -EINVAL;
  96. u8 *tmpp;
  97. if (kblen < sizeof(struct ep11kblob_header))
  98. goto out;
  99. tmph = (struct ep11kblob_header *)kb;
  100. if (tmph->type != TOKTYPE_NON_CCA &&
  101. tmph->len > kblen)
  102. goto out;
  103. if (ep11_kb_split(kb, kblen, tmph->version,
  104. &hdr, &hdrsize, &tmpp, &plsize))
  105. goto out;
  106. if (plsize < sizeof(struct ep11keyblob))
  107. goto out;
  108. if (!is_ep11_keyblob(tmpp))
  109. goto out;
  110. pl = (struct ep11keyblob *)tmpp;
  111. plsize = hdr->len - hdrsize;
  112. if (kbhdr)
  113. *kbhdr = hdr;
  114. if (kbhdrsize)
  115. *kbhdrsize = hdrsize;
  116. if (kbpl)
  117. *kbpl = pl;
  118. if (kbplsize)
  119. *kbplsize = plsize;
  120. rc = 0;
  121. out:
  122. return rc;
  123. }
  124. /*
  125. * For valid ep11 keyblobs, returns a reference to the wrappingkey verification
  126. * pattern. Otherwise NULL.
  127. */
  128. const u8 *ep11_kb_wkvp(const u8 *keyblob, u32 keybloblen)
  129. {
  130. struct ep11keyblob *kb;
  131. if (ep11_kb_decode(keyblob, keybloblen, NULL, NULL, &kb, NULL))
  132. return NULL;
  133. return kb->wkvp;
  134. }
  135. EXPORT_SYMBOL(ep11_kb_wkvp);
  136. /*
  137. * Simple check if the key blob is a valid EP11 AES key blob with header.
  138. */
  139. int ep11_check_aes_key_with_hdr(debug_info_t *dbg, int dbflvl,
  140. const u8 *key, u32 keylen, int checkcpacfexp)
  141. {
  142. struct ep11kblob_header *hdr = (struct ep11kblob_header *)key;
  143. struct ep11keyblob *kb = (struct ep11keyblob *)(key + sizeof(*hdr));
  144. #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
  145. if (keylen < sizeof(*hdr) + sizeof(*kb)) {
  146. DBF("%s key check failed, keylen %u < %zu\n",
  147. __func__, keylen, sizeof(*hdr) + sizeof(*kb));
  148. return -EINVAL;
  149. }
  150. if (hdr->type != TOKTYPE_NON_CCA) {
  151. if (dbg)
  152. DBF("%s key check failed, type 0x%02x != 0x%02x\n",
  153. __func__, (int)hdr->type, TOKTYPE_NON_CCA);
  154. return -EINVAL;
  155. }
  156. if (hdr->hver != 0x00) {
  157. if (dbg)
  158. DBF("%s key check failed, header version 0x%02x != 0x00\n",
  159. __func__, (int)hdr->hver);
  160. return -EINVAL;
  161. }
  162. if (hdr->version != TOKVER_EP11_AES_WITH_HEADER) {
  163. if (dbg)
  164. DBF("%s key check failed, version 0x%02x != 0x%02x\n",
  165. __func__, (int)hdr->version, TOKVER_EP11_AES_WITH_HEADER);
  166. return -EINVAL;
  167. }
  168. if (hdr->len > keylen) {
  169. if (dbg)
  170. DBF("%s key check failed, header len %d keylen %u mismatch\n",
  171. __func__, (int)hdr->len, keylen);
  172. return -EINVAL;
  173. }
  174. if (hdr->len < sizeof(*hdr) + sizeof(*kb)) {
  175. if (dbg)
  176. DBF("%s key check failed, header len %d < %zu\n",
  177. __func__, (int)hdr->len, sizeof(*hdr) + sizeof(*kb));
  178. return -EINVAL;
  179. }
  180. if (kb->version != EP11_STRUCT_MAGIC) {
  181. if (dbg)
  182. DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
  183. __func__, (int)kb->version, EP11_STRUCT_MAGIC);
  184. return -EINVAL;
  185. }
  186. if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
  187. if (dbg)
  188. DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
  189. __func__);
  190. return -EINVAL;
  191. }
  192. #undef DBF
  193. return 0;
  194. }
  195. EXPORT_SYMBOL(ep11_check_aes_key_with_hdr);
  196. /*
  197. * Simple check if the key blob is a valid EP11 ECC key blob with header.
  198. */
  199. int ep11_check_ecc_key_with_hdr(debug_info_t *dbg, int dbflvl,
  200. const u8 *key, u32 keylen, int checkcpacfexp)
  201. {
  202. struct ep11kblob_header *hdr = (struct ep11kblob_header *)key;
  203. struct ep11keyblob *kb = (struct ep11keyblob *)(key + sizeof(*hdr));
  204. #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
  205. if (keylen < sizeof(*hdr) + sizeof(*kb)) {
  206. DBF("%s key check failed, keylen %u < %zu\n",
  207. __func__, keylen, sizeof(*hdr) + sizeof(*kb));
  208. return -EINVAL;
  209. }
  210. if (hdr->type != TOKTYPE_NON_CCA) {
  211. if (dbg)
  212. DBF("%s key check failed, type 0x%02x != 0x%02x\n",
  213. __func__, (int)hdr->type, TOKTYPE_NON_CCA);
  214. return -EINVAL;
  215. }
  216. if (hdr->hver != 0x00) {
  217. if (dbg)
  218. DBF("%s key check failed, header version 0x%02x != 0x00\n",
  219. __func__, (int)hdr->hver);
  220. return -EINVAL;
  221. }
  222. if (hdr->version != TOKVER_EP11_ECC_WITH_HEADER) {
  223. if (dbg)
  224. DBF("%s key check failed, version 0x%02x != 0x%02x\n",
  225. __func__, (int)hdr->version, TOKVER_EP11_ECC_WITH_HEADER);
  226. return -EINVAL;
  227. }
  228. if (hdr->len > keylen) {
  229. if (dbg)
  230. DBF("%s key check failed, header len %d keylen %u mismatch\n",
  231. __func__, (int)hdr->len, keylen);
  232. return -EINVAL;
  233. }
  234. if (hdr->len < sizeof(*hdr) + sizeof(*kb)) {
  235. if (dbg)
  236. DBF("%s key check failed, header len %d < %zu\n",
  237. __func__, (int)hdr->len, sizeof(*hdr) + sizeof(*kb));
  238. return -EINVAL;
  239. }
  240. if (kb->version != EP11_STRUCT_MAGIC) {
  241. if (dbg)
  242. DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
  243. __func__, (int)kb->version, EP11_STRUCT_MAGIC);
  244. return -EINVAL;
  245. }
  246. if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
  247. if (dbg)
  248. DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
  249. __func__);
  250. return -EINVAL;
  251. }
  252. #undef DBF
  253. return 0;
  254. }
  255. EXPORT_SYMBOL(ep11_check_ecc_key_with_hdr);
  256. /*
  257. * Simple check if the key blob is a valid EP11 AES key blob with
  258. * the header in the session field (old style EP11 AES key).
  259. */
  260. int ep11_check_aes_key(debug_info_t *dbg, int dbflvl,
  261. const u8 *key, u32 keylen, int checkcpacfexp)
  262. {
  263. struct ep11keyblob *kb = (struct ep11keyblob *)key;
  264. #define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
  265. if (keylen < sizeof(*kb)) {
  266. DBF("%s key check failed, keylen %u < %zu\n",
  267. __func__, keylen, sizeof(*kb));
  268. return -EINVAL;
  269. }
  270. if (kb->head.type != TOKTYPE_NON_CCA) {
  271. if (dbg)
  272. DBF("%s key check failed, type 0x%02x != 0x%02x\n",
  273. __func__, (int)kb->head.type, TOKTYPE_NON_CCA);
  274. return -EINVAL;
  275. }
  276. if (kb->head.version != TOKVER_EP11_AES) {
  277. if (dbg)
  278. DBF("%s key check failed, version 0x%02x != 0x%02x\n",
  279. __func__, (int)kb->head.version, TOKVER_EP11_AES);
  280. return -EINVAL;
  281. }
  282. if (kb->head.len > keylen) {
  283. if (dbg)
  284. DBF("%s key check failed, header len %d keylen %u mismatch\n",
  285. __func__, (int)kb->head.len, keylen);
  286. return -EINVAL;
  287. }
  288. if (kb->head.len < sizeof(*kb)) {
  289. if (dbg)
  290. DBF("%s key check failed, header len %d < %zu\n",
  291. __func__, (int)kb->head.len, sizeof(*kb));
  292. return -EINVAL;
  293. }
  294. if (kb->version != EP11_STRUCT_MAGIC) {
  295. if (dbg)
  296. DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
  297. __func__, (int)kb->version, EP11_STRUCT_MAGIC);
  298. return -EINVAL;
  299. }
  300. if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
  301. if (dbg)
  302. DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
  303. __func__);
  304. return -EINVAL;
  305. }
  306. #undef DBF
  307. return 0;
  308. }
  309. EXPORT_SYMBOL(ep11_check_aes_key);
  310. /*
  311. * Allocate and prepare ep11 cprb plus additional payload.
  312. */
  313. static void *alloc_cprbmem(size_t payload_len, u32 xflags)
  314. {
  315. size_t len = sizeof(struct ep11_cprb) + payload_len;
  316. struct ep11_cprb *cprb = NULL;
  317. if (xflags & ZCRYPT_XFLAG_NOMEMALLOC) {
  318. if (len <= CPRB_MEMPOOL_ITEM_SIZE)
  319. cprb = mempool_alloc_preallocated(cprb_mempool);
  320. } else {
  321. cprb = kmalloc(len, GFP_KERNEL);
  322. }
  323. if (!cprb)
  324. return NULL;
  325. memset(cprb, 0, len);
  326. cprb->cprb_len = sizeof(struct ep11_cprb);
  327. cprb->cprb_ver_id = 0x04;
  328. memcpy(cprb->func_id, "T4", 2);
  329. cprb->ret_code = 0xFFFFFFFF;
  330. cprb->payload_len = payload_len;
  331. return cprb;
  332. }
  333. /*
  334. * Free ep11 cprb buffer space.
  335. */
  336. static void free_cprbmem(void *mem, size_t payload_len, bool scrub, u32 xflags)
  337. {
  338. if (mem && scrub)
  339. memzero_explicit(mem, sizeof(struct ep11_cprb) + payload_len);
  340. if (xflags & ZCRYPT_XFLAG_NOMEMALLOC)
  341. mempool_free(mem, cprb_mempool);
  342. else
  343. kfree(mem);
  344. }
  345. /*
  346. * Some helper functions related to ASN1 encoding.
  347. * Limited to length info <= 2 byte.
  348. */
  349. #define ASN1TAGLEN(x) (2 + (x) + ((x) > 127 ? 1 : 0) + ((x) > 255 ? 1 : 0))
  350. static int asn1tag_write(u8 *ptr, u8 tag, const u8 *pvalue, u16 valuelen)
  351. {
  352. ptr[0] = tag;
  353. if (valuelen > 255) {
  354. ptr[1] = 0x82;
  355. *((u16 *)(ptr + 2)) = valuelen;
  356. memcpy(ptr + 4, pvalue, valuelen);
  357. return 4 + valuelen;
  358. }
  359. if (valuelen > 127) {
  360. ptr[1] = 0x81;
  361. ptr[2] = (u8)valuelen;
  362. memcpy(ptr + 3, pvalue, valuelen);
  363. return 3 + valuelen;
  364. }
  365. ptr[1] = (u8)valuelen;
  366. memcpy(ptr + 2, pvalue, valuelen);
  367. return 2 + valuelen;
  368. }
  369. /* EP11 payload > 127 bytes starts with this struct */
  370. struct pl_head {
  371. u8 tag;
  372. u8 lenfmt;
  373. u16 len;
  374. u8 func_tag;
  375. u8 func_len;
  376. u32 func;
  377. u8 dom_tag;
  378. u8 dom_len;
  379. u32 dom;
  380. } __packed;
  381. /* prep ep11 payload head helper function */
  382. static inline void prep_head(struct pl_head *h,
  383. size_t pl_size, int api, int func)
  384. {
  385. h->tag = 0x30;
  386. h->lenfmt = 0x82;
  387. h->len = pl_size - 4;
  388. h->func_tag = 0x04;
  389. h->func_len = sizeof(u32);
  390. h->func = (api << 16) + func;
  391. h->dom_tag = 0x04;
  392. h->dom_len = sizeof(u32);
  393. }
  394. /* prep urb helper function */
  395. static inline void prep_urb(struct ep11_urb *u,
  396. struct ep11_target_dev *t, int nt,
  397. struct ep11_cprb *req, size_t req_len,
  398. struct ep11_cprb *rep, size_t rep_len)
  399. {
  400. memset(u, 0, sizeof(*u));
  401. u->targets = (u8 __user *)t;
  402. u->targets_num = nt;
  403. u->req = (u8 __user *)req;
  404. u->req_len = req_len;
  405. u->resp = (u8 __user *)rep;
  406. u->resp_len = rep_len;
  407. }
  408. /* Check ep11 reply payload, return 0 or suggested errno value. */
  409. static int check_reply_pl(const u8 *pl, const char *func)
  410. {
  411. int len;
  412. u32 ret;
  413. /* start tag */
  414. if (*pl++ != 0x30) {
  415. ZCRYPT_DBF_ERR("%s reply start tag mismatch\n", func);
  416. return -EIO;
  417. }
  418. /* payload length format */
  419. if (*pl < 127) {
  420. len = *pl;
  421. pl++;
  422. } else if (*pl == 0x81) {
  423. pl++;
  424. len = *pl;
  425. pl++;
  426. } else if (*pl == 0x82) {
  427. pl++;
  428. len = *((u16 *)pl);
  429. pl += 2;
  430. } else {
  431. ZCRYPT_DBF_ERR("%s reply start tag lenfmt mismatch 0x%02hhx\n",
  432. func, *pl);
  433. return -EIO;
  434. }
  435. /* len should cover at least 3 fields with 32 bit value each */
  436. if (len < 3 * 6) {
  437. ZCRYPT_DBF_ERR("%s reply length %d too small\n", func, len);
  438. return -EIO;
  439. }
  440. /* function tag, length and value */
  441. if (pl[0] != 0x04 || pl[1] != 0x04) {
  442. ZCRYPT_DBF_ERR("%s function tag or length mismatch\n", func);
  443. return -EIO;
  444. }
  445. pl += 6;
  446. /* dom tag, length and value */
  447. if (pl[0] != 0x04 || pl[1] != 0x04) {
  448. ZCRYPT_DBF_ERR("%s dom tag or length mismatch\n", func);
  449. return -EIO;
  450. }
  451. pl += 6;
  452. /* return value tag, length and value */
  453. if (pl[0] != 0x04 || pl[1] != 0x04) {
  454. ZCRYPT_DBF_ERR("%s return value tag or length mismatch\n",
  455. func);
  456. return -EIO;
  457. }
  458. pl += 2;
  459. ret = *((u32 *)pl);
  460. if (ret != 0) {
  461. ZCRYPT_DBF_ERR("%s return value 0x%08x != 0\n", func, ret);
  462. return -EIO;
  463. }
  464. return 0;
  465. }
  466. /* Check ep11 reply cprb, return 0 or suggested errno value. */
  467. static int check_reply_cprb(const struct ep11_cprb *rep, const char *func)
  468. {
  469. /* check ep11 reply return code field */
  470. if (rep->ret_code) {
  471. ZCRYPT_DBF_ERR("%s ep11 reply ret_code=0x%08x\n", __func__,
  472. rep->ret_code);
  473. if (rep->ret_code == 0x000c0003)
  474. return -EBUSY;
  475. else
  476. return -EIO;
  477. }
  478. return 0;
  479. }
  480. /*
  481. * Helper function which does an ep11 query with given query type.
  482. */
  483. static int ep11_query_info(u16 cardnr, u16 domain, u32 query_type,
  484. size_t buflen, u8 *buf, u32 xflags)
  485. {
  486. struct ep11_info_req_pl {
  487. struct pl_head head;
  488. u8 query_type_tag;
  489. u8 query_type_len;
  490. u32 query_type;
  491. u8 query_subtype_tag;
  492. u8 query_subtype_len;
  493. u32 query_subtype;
  494. } __packed * req_pl;
  495. struct ep11_info_rep_pl {
  496. struct pl_head head;
  497. u8 rc_tag;
  498. u8 rc_len;
  499. u32 rc;
  500. u8 data_tag;
  501. u8 data_lenfmt;
  502. u16 data_len;
  503. } __packed * rep_pl;
  504. struct ep11_cprb *req = NULL, *rep = NULL;
  505. struct ep11_target_dev target;
  506. struct ep11_urb urb;
  507. int api = EP11_API_V1, rc = -ENOMEM;
  508. /* request cprb and payload */
  509. req = alloc_cprbmem(sizeof(struct ep11_info_req_pl), xflags);
  510. if (!req)
  511. goto out;
  512. req_pl = (struct ep11_info_req_pl *)(((u8 *)req) + sizeof(*req));
  513. prep_head(&req_pl->head, sizeof(*req_pl), api, 38); /* get xcp info */
  514. req_pl->query_type_tag = 0x04;
  515. req_pl->query_type_len = sizeof(u32);
  516. req_pl->query_type = query_type;
  517. req_pl->query_subtype_tag = 0x04;
  518. req_pl->query_subtype_len = sizeof(u32);
  519. /* reply cprb and payload */
  520. rep = alloc_cprbmem(sizeof(struct ep11_info_rep_pl) + buflen, xflags);
  521. if (!rep)
  522. goto out;
  523. rep_pl = (struct ep11_info_rep_pl *)(((u8 *)rep) + sizeof(*rep));
  524. /* urb and target */
  525. target.ap_id = cardnr;
  526. target.dom_id = domain;
  527. prep_urb(&urb, &target, 1,
  528. req, sizeof(*req) + sizeof(*req_pl),
  529. rep, sizeof(*rep) + sizeof(*rep_pl) + buflen);
  530. rc = zcrypt_send_ep11_cprb(&urb, xflags);
  531. if (rc) {
  532. ZCRYPT_DBF_ERR("%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
  533. __func__, (int)cardnr, (int)domain, rc);
  534. goto out;
  535. }
  536. /* check ep11 reply cprb */
  537. rc = check_reply_cprb(rep, __func__);
  538. if (rc)
  539. goto out;
  540. /* check payload */
  541. rc = check_reply_pl((u8 *)rep_pl, __func__);
  542. if (rc)
  543. goto out;
  544. if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
  545. ZCRYPT_DBF_ERR("%s unknown reply data format\n", __func__);
  546. rc = -EIO;
  547. goto out;
  548. }
  549. if (rep_pl->data_len > buflen) {
  550. ZCRYPT_DBF_ERR("%s mismatch between reply data len and buffer len\n",
  551. __func__);
  552. rc = -ENOSPC;
  553. goto out;
  554. }
  555. memcpy(buf, ((u8 *)rep_pl) + sizeof(*rep_pl), rep_pl->data_len);
  556. out:
  557. free_cprbmem(req, 0, false, xflags);
  558. free_cprbmem(rep, 0, false, xflags);
  559. return rc;
  560. }
  561. /*
  562. * Provide information about an EP11 card.
  563. */
  564. int ep11_get_card_info(u16 card, struct ep11_card_info *info, u32 xflags)
  565. {
  566. int rc;
  567. struct ep11_module_query_info {
  568. u32 API_ord_nr;
  569. u32 firmware_id;
  570. u8 FW_major_vers;
  571. u8 FW_minor_vers;
  572. u8 CSP_major_vers;
  573. u8 CSP_minor_vers;
  574. u8 fwid[32];
  575. u8 xcp_config_hash[32];
  576. u8 CSP_config_hash[32];
  577. u8 serial[16];
  578. u8 module_date_time[16];
  579. u64 op_mode;
  580. u32 PKCS11_flags;
  581. u32 ext_flags;
  582. u32 domains;
  583. u32 sym_state_bytes;
  584. u32 digest_state_bytes;
  585. u32 pin_blob_bytes;
  586. u32 SPKI_bytes;
  587. u32 priv_key_blob_bytes;
  588. u32 sym_blob_bytes;
  589. u32 max_payload_bytes;
  590. u32 CP_profile_bytes;
  591. u32 max_CP_index;
  592. } __packed * pmqi = NULL;
  593. /* use the cprb mempool to satisfy this short term mem alloc */
  594. pmqi = (xflags & ZCRYPT_XFLAG_NOMEMALLOC) ?
  595. mempool_alloc_preallocated(cprb_mempool) :
  596. mempool_alloc(cprb_mempool, GFP_KERNEL);
  597. if (!pmqi)
  598. return -ENOMEM;
  599. rc = ep11_query_info(card, AUTOSEL_DOM,
  600. 0x01 /* module info query */,
  601. sizeof(*pmqi), (u8 *)pmqi, xflags);
  602. if (rc)
  603. goto out;
  604. memset(info, 0, sizeof(*info));
  605. info->API_ord_nr = pmqi->API_ord_nr;
  606. info->FW_version = (pmqi->FW_major_vers << 8) + pmqi->FW_minor_vers;
  607. memcpy(info->serial, pmqi->serial, sizeof(info->serial));
  608. info->op_mode = pmqi->op_mode;
  609. out:
  610. mempool_free(pmqi, cprb_mempool);
  611. return rc;
  612. }
  613. EXPORT_SYMBOL(ep11_get_card_info);
  614. /*
  615. * Provide information about a domain within an EP11 card.
  616. */
  617. int ep11_get_domain_info(u16 card, u16 domain,
  618. struct ep11_domain_info *info, u32 xflags)
  619. {
  620. int rc;
  621. struct ep11_domain_query_info {
  622. u32 dom_index;
  623. u8 cur_WK_VP[32];
  624. u8 new_WK_VP[32];
  625. u32 dom_flags;
  626. u64 op_mode;
  627. } __packed dom_query_info;
  628. rc = ep11_query_info(card, domain, 0x03 /* domain info query */,
  629. sizeof(dom_query_info), (u8 *)&dom_query_info,
  630. xflags);
  631. if (rc)
  632. goto out;
  633. memset(info, 0, sizeof(*info));
  634. info->cur_wk_state = '0';
  635. info->new_wk_state = '0';
  636. if (dom_query_info.dom_flags & 0x10 /* left imprint mode */) {
  637. if (dom_query_info.dom_flags & 0x02 /* cur wk valid */) {
  638. info->cur_wk_state = '1';
  639. memcpy(info->cur_wkvp, dom_query_info.cur_WK_VP, 32);
  640. }
  641. if (dom_query_info.dom_flags & 0x04 || /* new wk present */
  642. dom_query_info.dom_flags & 0x08 /* new wk committed */) {
  643. info->new_wk_state =
  644. dom_query_info.dom_flags & 0x08 ? '2' : '1';
  645. memcpy(info->new_wkvp, dom_query_info.new_WK_VP, 32);
  646. }
  647. }
  648. info->op_mode = dom_query_info.op_mode;
  649. out:
  650. return rc;
  651. }
  652. EXPORT_SYMBOL(ep11_get_domain_info);
  653. /*
  654. * Default EP11 AES key generate attributes, used when no keygenflags given:
  655. * XCP_BLOB_ENCRYPT | XCP_BLOB_DECRYPT | XCP_BLOB_PROTKEY_EXTRACTABLE
  656. */
  657. #define KEY_ATTR_DEFAULTS 0x00200c00
  658. static int _ep11_genaeskey(u16 card, u16 domain,
  659. u32 keybitsize, u32 keygenflags,
  660. u8 *keybuf, size_t *keybufsize, u32 xflags)
  661. {
  662. struct keygen_req_pl {
  663. struct pl_head head;
  664. u8 var_tag;
  665. u8 var_len;
  666. u32 var;
  667. u8 keybytes_tag;
  668. u8 keybytes_len;
  669. u32 keybytes;
  670. u8 mech_tag;
  671. u8 mech_len;
  672. u32 mech;
  673. u8 attr_tag;
  674. u8 attr_len;
  675. u32 attr_header;
  676. u32 attr_bool_mask;
  677. u32 attr_bool_bits;
  678. u32 attr_val_len_type;
  679. u32 attr_val_len_value;
  680. /* followed by empty pin tag or empty pinblob tag */
  681. } __packed * req_pl;
  682. struct keygen_rep_pl {
  683. struct pl_head head;
  684. u8 rc_tag;
  685. u8 rc_len;
  686. u32 rc;
  687. u8 data_tag;
  688. u8 data_lenfmt;
  689. u16 data_len;
  690. u8 data[512];
  691. } __packed * rep_pl;
  692. struct ep11_cprb *req = NULL, *rep = NULL;
  693. size_t req_pl_size, pinblob_size = 0;
  694. struct ep11_target_dev target;
  695. struct ep11_urb urb;
  696. int api, rc = -ENOMEM;
  697. u8 *p;
  698. switch (keybitsize) {
  699. case 128:
  700. case 192:
  701. case 256:
  702. break;
  703. default:
  704. ZCRYPT_DBF_ERR("%s unknown/unsupported keybitsize %d\n",
  705. __func__, keybitsize);
  706. rc = -EINVAL;
  707. goto out;
  708. }
  709. /* request cprb and payload */
  710. api = (!keygenflags || keygenflags & 0x00200000) ?
  711. EP11_API_V4 : EP11_API_V1;
  712. if (ap_is_se_guest()) {
  713. /*
  714. * genkey within SE environment requires API ordinal 6
  715. * with empty pinblob
  716. */
  717. api = EP11_API_V6;
  718. pinblob_size = EP11_PINBLOB_V1_BYTES;
  719. }
  720. req_pl_size = sizeof(struct keygen_req_pl) + ASN1TAGLEN(pinblob_size);
  721. req = alloc_cprbmem(req_pl_size, xflags);
  722. if (!req)
  723. goto out;
  724. req_pl = (struct keygen_req_pl *)(((u8 *)req) + sizeof(*req));
  725. prep_head(&req_pl->head, req_pl_size, api, 21); /* GenerateKey */
  726. req_pl->var_tag = 0x04;
  727. req_pl->var_len = sizeof(u32);
  728. req_pl->keybytes_tag = 0x04;
  729. req_pl->keybytes_len = sizeof(u32);
  730. req_pl->keybytes = keybitsize / 8;
  731. req_pl->mech_tag = 0x04;
  732. req_pl->mech_len = sizeof(u32);
  733. req_pl->mech = 0x00001080; /* CKM_AES_KEY_GEN */
  734. req_pl->attr_tag = 0x04;
  735. req_pl->attr_len = 5 * sizeof(u32);
  736. req_pl->attr_header = 0x10010000;
  737. req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
  738. req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
  739. req_pl->attr_val_len_type = 0x00000161; /* CKA_VALUE_LEN */
  740. req_pl->attr_val_len_value = keybitsize / 8;
  741. p = ((u8 *)req_pl) + sizeof(*req_pl);
  742. /* pin tag */
  743. *p++ = 0x04;
  744. *p++ = pinblob_size;
  745. /* reply cprb and payload */
  746. rep = alloc_cprbmem(sizeof(struct keygen_rep_pl), xflags);
  747. if (!rep)
  748. goto out;
  749. rep_pl = (struct keygen_rep_pl *)(((u8 *)rep) + sizeof(*rep));
  750. /* urb and target */
  751. target.ap_id = card;
  752. target.dom_id = domain;
  753. prep_urb(&urb, &target, 1,
  754. req, sizeof(*req) + req_pl_size,
  755. rep, sizeof(*rep) + sizeof(*rep_pl));
  756. rc = zcrypt_send_ep11_cprb(&urb, xflags);
  757. if (rc) {
  758. ZCRYPT_DBF_ERR("%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
  759. __func__, (int)card, (int)domain, rc);
  760. goto out;
  761. }
  762. /* check ep11 reply cprb */
  763. rc = check_reply_cprb(rep, __func__);
  764. if (rc)
  765. goto out;
  766. /* check payload */
  767. rc = check_reply_pl((u8 *)rep_pl, __func__);
  768. if (rc)
  769. goto out;
  770. if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
  771. ZCRYPT_DBF_ERR("%s unknown reply data format\n", __func__);
  772. rc = -EIO;
  773. goto out;
  774. }
  775. if (rep_pl->data_len > *keybufsize) {
  776. ZCRYPT_DBF_ERR("%s mismatch reply data len / key buffer len\n",
  777. __func__);
  778. rc = -ENOSPC;
  779. goto out;
  780. }
  781. /* copy key blob */
  782. memcpy(keybuf, rep_pl->data, rep_pl->data_len);
  783. *keybufsize = rep_pl->data_len;
  784. out:
  785. free_cprbmem(req, 0, false, xflags);
  786. free_cprbmem(rep, sizeof(struct keygen_rep_pl), true, xflags);
  787. return rc;
  788. }
  789. int ep11_genaeskey(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
  790. u8 *keybuf, u32 *keybufsize, u32 keybufver, u32 xflags)
  791. {
  792. struct ep11kblob_header *hdr;
  793. size_t hdr_size, pl_size;
  794. u8 *pl;
  795. int rc;
  796. switch (keybufver) {
  797. case TOKVER_EP11_AES:
  798. case TOKVER_EP11_AES_WITH_HEADER:
  799. break;
  800. default:
  801. return -EINVAL;
  802. }
  803. rc = ep11_kb_split(keybuf, *keybufsize, keybufver,
  804. &hdr, &hdr_size, &pl, &pl_size);
  805. if (rc)
  806. return rc;
  807. rc = _ep11_genaeskey(card, domain, keybitsize, keygenflags,
  808. pl, &pl_size, xflags);
  809. if (rc)
  810. return rc;
  811. *keybufsize = hdr_size + pl_size;
  812. /* update header information */
  813. hdr->type = TOKTYPE_NON_CCA;
  814. hdr->len = *keybufsize;
  815. hdr->version = keybufver;
  816. hdr->bitlen = keybitsize;
  817. return 0;
  818. }
  819. EXPORT_SYMBOL(ep11_genaeskey);
  820. static int ep11_cryptsingle(u16 card, u16 domain,
  821. u16 mode, u32 mech, const u8 *iv,
  822. const u8 *key, size_t keysize,
  823. const u8 *inbuf, size_t inbufsize,
  824. u8 *outbuf, size_t *outbufsize,
  825. u32 xflags)
  826. {
  827. struct crypt_req_pl {
  828. struct pl_head head;
  829. u8 var_tag;
  830. u8 var_len;
  831. u32 var;
  832. u8 mech_tag;
  833. u8 mech_len;
  834. u32 mech;
  835. /*
  836. * maybe followed by iv data
  837. * followed by key tag + key blob
  838. * followed by plaintext tag + plaintext
  839. */
  840. } __packed * req_pl;
  841. struct crypt_rep_pl {
  842. struct pl_head head;
  843. u8 rc_tag;
  844. u8 rc_len;
  845. u32 rc;
  846. u8 data_tag;
  847. u8 data_lenfmt;
  848. /* data follows */
  849. } __packed * rep_pl;
  850. struct ep11_cprb *req = NULL, *rep = NULL;
  851. struct ep11_target_dev target;
  852. struct ep11_urb urb;
  853. size_t req_pl_size, rep_pl_size = 0;
  854. int n, api = EP11_API_V1, rc = -ENOMEM;
  855. u8 *p;
  856. /* the simple asn1 coding used has length limits */
  857. if (keysize > 0xFFFF || inbufsize > 0xFFFF)
  858. return -EINVAL;
  859. /* request cprb and payload */
  860. req_pl_size = sizeof(struct crypt_req_pl) + (iv ? 16 : 0)
  861. + ASN1TAGLEN(keysize) + ASN1TAGLEN(inbufsize);
  862. req = alloc_cprbmem(req_pl_size, xflags);
  863. if (!req)
  864. goto out;
  865. req_pl = (struct crypt_req_pl *)(((u8 *)req) + sizeof(*req));
  866. prep_head(&req_pl->head, req_pl_size, api, (mode ? 20 : 19));
  867. req_pl->var_tag = 0x04;
  868. req_pl->var_len = sizeof(u32);
  869. /* mech is mech + mech params (iv here) */
  870. req_pl->mech_tag = 0x04;
  871. req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
  872. req_pl->mech = (mech ? mech : 0x00001085); /* CKM_AES_CBC_PAD */
  873. p = ((u8 *)req_pl) + sizeof(*req_pl);
  874. if (iv) {
  875. memcpy(p, iv, 16);
  876. p += 16;
  877. }
  878. /* key and input data */
  879. p += asn1tag_write(p, 0x04, key, keysize);
  880. p += asn1tag_write(p, 0x04, inbuf, inbufsize);
  881. /* reply cprb and payload, assume out data size <= in data size + 32 */
  882. rep_pl_size = sizeof(struct crypt_rep_pl) + ASN1TAGLEN(inbufsize + 32);
  883. rep = alloc_cprbmem(rep_pl_size, xflags);
  884. if (!rep)
  885. goto out;
  886. rep_pl = (struct crypt_rep_pl *)(((u8 *)rep) + sizeof(*rep));
  887. /* urb and target */
  888. target.ap_id = card;
  889. target.dom_id = domain;
  890. prep_urb(&urb, &target, 1,
  891. req, sizeof(*req) + req_pl_size,
  892. rep, sizeof(*rep) + rep_pl_size);
  893. rc = zcrypt_send_ep11_cprb(&urb, xflags);
  894. if (rc) {
  895. ZCRYPT_DBF_ERR("%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
  896. __func__, (int)card, (int)domain, rc);
  897. goto out;
  898. }
  899. /* check ep11 reply cprb */
  900. rc = check_reply_cprb(rep, __func__);
  901. if (rc)
  902. goto out;
  903. /* check payload */
  904. rc = check_reply_pl((u8 *)rep_pl, __func__);
  905. if (rc)
  906. goto out;
  907. if (rep_pl->data_tag != 0x04) {
  908. ZCRYPT_DBF_ERR("%s unknown reply data format\n", __func__);
  909. rc = -EIO;
  910. goto out;
  911. }
  912. p = ((u8 *)rep_pl) + sizeof(*rep_pl);
  913. if (rep_pl->data_lenfmt <= 127) {
  914. n = rep_pl->data_lenfmt;
  915. } else if (rep_pl->data_lenfmt == 0x81) {
  916. n = *p++;
  917. } else if (rep_pl->data_lenfmt == 0x82) {
  918. n = *((u16 *)p);
  919. p += 2;
  920. } else {
  921. ZCRYPT_DBF_ERR("%s unknown reply data length format 0x%02hhx\n",
  922. __func__, rep_pl->data_lenfmt);
  923. rc = -EIO;
  924. goto out;
  925. }
  926. if (n > *outbufsize) {
  927. ZCRYPT_DBF_ERR("%s mismatch reply data len %d / output buffer %zu\n",
  928. __func__, n, *outbufsize);
  929. rc = -ENOSPC;
  930. goto out;
  931. }
  932. memcpy(outbuf, p, n);
  933. *outbufsize = n;
  934. out:
  935. free_cprbmem(req, req_pl_size, true, xflags);
  936. free_cprbmem(rep, rep_pl_size, true, xflags);
  937. return rc;
  938. }
  939. static int _ep11_unwrapkey(u16 card, u16 domain,
  940. const u8 *kek, size_t keksize,
  941. const u8 *enckey, size_t enckeysize,
  942. u32 mech, const u8 *iv,
  943. u32 keybitsize, u32 keygenflags,
  944. u8 *keybuf, size_t *keybufsize, u32 xflags)
  945. {
  946. struct uw_req_pl {
  947. struct pl_head head;
  948. u8 attr_tag;
  949. u8 attr_len;
  950. u32 attr_header;
  951. u32 attr_bool_mask;
  952. u32 attr_bool_bits;
  953. u32 attr_key_type;
  954. u32 attr_key_type_value;
  955. u32 attr_val_len;
  956. u32 attr_val_len_value;
  957. u8 mech_tag;
  958. u8 mech_len;
  959. u32 mech;
  960. /*
  961. * maybe followed by iv data
  962. * followed by kek tag + kek blob
  963. * followed by empty mac tag
  964. * followed by empty pin tag or empty pinblob tag
  965. * followed by encryted key tag + bytes
  966. */
  967. } __packed * req_pl;
  968. struct uw_rep_pl {
  969. struct pl_head head;
  970. u8 rc_tag;
  971. u8 rc_len;
  972. u32 rc;
  973. u8 data_tag;
  974. u8 data_lenfmt;
  975. u16 data_len;
  976. u8 data[512];
  977. } __packed * rep_pl;
  978. struct ep11_cprb *req = NULL, *rep = NULL;
  979. size_t req_pl_size, pinblob_size = 0;
  980. struct ep11_target_dev target;
  981. struct ep11_urb urb;
  982. int api, rc = -ENOMEM;
  983. u8 *p;
  984. /* request cprb and payload */
  985. api = (!keygenflags || keygenflags & 0x00200000) ?
  986. EP11_API_V4 : EP11_API_V1;
  987. if (ap_is_se_guest()) {
  988. /*
  989. * unwrap within SE environment requires API ordinal 6
  990. * with empty pinblob
  991. */
  992. api = EP11_API_V6;
  993. pinblob_size = EP11_PINBLOB_V1_BYTES;
  994. }
  995. req_pl_size = sizeof(struct uw_req_pl) + (iv ? 16 : 0)
  996. + ASN1TAGLEN(keksize) + ASN1TAGLEN(0)
  997. + ASN1TAGLEN(pinblob_size) + ASN1TAGLEN(enckeysize);
  998. req = alloc_cprbmem(req_pl_size, xflags);
  999. if (!req)
  1000. goto out;
  1001. req_pl = (struct uw_req_pl *)(((u8 *)req) + sizeof(*req));
  1002. prep_head(&req_pl->head, req_pl_size, api, 34); /* UnwrapKey */
  1003. req_pl->attr_tag = 0x04;
  1004. req_pl->attr_len = 7 * sizeof(u32);
  1005. req_pl->attr_header = 0x10020000;
  1006. req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
  1007. req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
  1008. req_pl->attr_key_type = 0x00000100; /* CKA_KEY_TYPE */
  1009. req_pl->attr_key_type_value = 0x0000001f; /* CKK_AES */
  1010. req_pl->attr_val_len = 0x00000161; /* CKA_VALUE_LEN */
  1011. req_pl->attr_val_len_value = keybitsize / 8;
  1012. /* mech is mech + mech params (iv here) */
  1013. req_pl->mech_tag = 0x04;
  1014. req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
  1015. req_pl->mech = (mech ? mech : 0x00001085); /* CKM_AES_CBC_PAD */
  1016. p = ((u8 *)req_pl) + sizeof(*req_pl);
  1017. if (iv) {
  1018. memcpy(p, iv, 16);
  1019. p += 16;
  1020. }
  1021. /* kek */
  1022. p += asn1tag_write(p, 0x04, kek, keksize);
  1023. /* empty mac key tag */
  1024. *p++ = 0x04;
  1025. *p++ = 0;
  1026. /* pin tag */
  1027. *p++ = 0x04;
  1028. *p++ = pinblob_size;
  1029. p += pinblob_size;
  1030. /* encrypted key value tag and bytes */
  1031. p += asn1tag_write(p, 0x04, enckey, enckeysize);
  1032. /* reply cprb and payload */
  1033. rep = alloc_cprbmem(sizeof(struct uw_rep_pl), xflags);
  1034. if (!rep)
  1035. goto out;
  1036. rep_pl = (struct uw_rep_pl *)(((u8 *)rep) + sizeof(*rep));
  1037. /* urb and target */
  1038. target.ap_id = card;
  1039. target.dom_id = domain;
  1040. prep_urb(&urb, &target, 1,
  1041. req, sizeof(*req) + req_pl_size,
  1042. rep, sizeof(*rep) + sizeof(*rep_pl));
  1043. rc = zcrypt_send_ep11_cprb(&urb, xflags);
  1044. if (rc) {
  1045. ZCRYPT_DBF_ERR("%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
  1046. __func__, (int)card, (int)domain, rc);
  1047. goto out;
  1048. }
  1049. /* check ep11 reply cprb */
  1050. rc = check_reply_cprb(rep, __func__);
  1051. if (rc)
  1052. goto out;
  1053. /* check payload */
  1054. rc = check_reply_pl((u8 *)rep_pl, __func__);
  1055. if (rc)
  1056. goto out;
  1057. if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
  1058. ZCRYPT_DBF_ERR("%s unknown reply data format\n", __func__);
  1059. rc = -EIO;
  1060. goto out;
  1061. }
  1062. if (rep_pl->data_len > *keybufsize) {
  1063. ZCRYPT_DBF_ERR("%s mismatch reply data len / key buffer len\n",
  1064. __func__);
  1065. rc = -ENOSPC;
  1066. goto out;
  1067. }
  1068. /* copy key blob */
  1069. memcpy(keybuf, rep_pl->data, rep_pl->data_len);
  1070. *keybufsize = rep_pl->data_len;
  1071. out:
  1072. free_cprbmem(req, req_pl_size, true, xflags);
  1073. free_cprbmem(rep, sizeof(struct uw_rep_pl), true, xflags);
  1074. return rc;
  1075. }
  1076. static int ep11_unwrapkey(u16 card, u16 domain,
  1077. const u8 *kek, size_t keksize,
  1078. const u8 *enckey, size_t enckeysize,
  1079. u32 mech, const u8 *iv,
  1080. u32 keybitsize, u32 keygenflags,
  1081. u8 *keybuf, u32 *keybufsize,
  1082. u8 keybufver, u32 xflags)
  1083. {
  1084. struct ep11kblob_header *hdr;
  1085. size_t hdr_size, pl_size;
  1086. u8 *pl;
  1087. int rc;
  1088. rc = ep11_kb_split(keybuf, *keybufsize, keybufver,
  1089. &hdr, &hdr_size, &pl, &pl_size);
  1090. if (rc)
  1091. return rc;
  1092. rc = _ep11_unwrapkey(card, domain, kek, keksize, enckey, enckeysize,
  1093. mech, iv, keybitsize, keygenflags,
  1094. pl, &pl_size, xflags);
  1095. if (rc)
  1096. return rc;
  1097. *keybufsize = hdr_size + pl_size;
  1098. /* update header information */
  1099. hdr = (struct ep11kblob_header *)keybuf;
  1100. hdr->type = TOKTYPE_NON_CCA;
  1101. hdr->len = *keybufsize;
  1102. hdr->version = keybufver;
  1103. hdr->bitlen = keybitsize;
  1104. return 0;
  1105. }
  1106. static int _ep11_wrapkey(u16 card, u16 domain,
  1107. const u8 *key, size_t keysize,
  1108. u32 mech, const u8 *iv,
  1109. u8 *databuf, size_t *datasize, u32 xflags)
  1110. {
  1111. struct wk_req_pl {
  1112. struct pl_head head;
  1113. u8 var_tag;
  1114. u8 var_len;
  1115. u32 var;
  1116. u8 mech_tag;
  1117. u8 mech_len;
  1118. u32 mech;
  1119. /*
  1120. * followed by iv data
  1121. * followed by key tag + key blob
  1122. * followed by dummy kek param
  1123. * followed by dummy mac param
  1124. */
  1125. } __packed * req_pl;
  1126. struct wk_rep_pl {
  1127. struct pl_head head;
  1128. u8 rc_tag;
  1129. u8 rc_len;
  1130. u32 rc;
  1131. u8 data_tag;
  1132. u8 data_lenfmt;
  1133. u16 data_len;
  1134. u8 data[1024];
  1135. } __packed * rep_pl;
  1136. struct ep11_cprb *req = NULL, *rep = NULL;
  1137. struct ep11_target_dev target;
  1138. struct ep11_urb urb;
  1139. size_t req_pl_size;
  1140. int api, rc = -ENOMEM;
  1141. u8 *p;
  1142. /* request cprb and payload */
  1143. req_pl_size = sizeof(struct wk_req_pl) + (iv ? 16 : 0)
  1144. + ASN1TAGLEN(keysize) + 4;
  1145. req = alloc_cprbmem(req_pl_size, xflags);
  1146. if (!req)
  1147. goto out;
  1148. if (!mech || mech == 0x80060001)
  1149. req->flags |= 0x20; /* CPACF_WRAP needs special bit */
  1150. req_pl = (struct wk_req_pl *)(((u8 *)req) + sizeof(*req));
  1151. api = (!mech || mech == 0x80060001) ? /* CKM_IBM_CPACF_WRAP */
  1152. EP11_API_V4 : EP11_API_V1;
  1153. prep_head(&req_pl->head, req_pl_size, api, 33); /* WrapKey */
  1154. req_pl->var_tag = 0x04;
  1155. req_pl->var_len = sizeof(u32);
  1156. /* mech is mech + mech params (iv here) */
  1157. req_pl->mech_tag = 0x04;
  1158. req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
  1159. req_pl->mech = (mech ? mech : 0x80060001); /* CKM_IBM_CPACF_WRAP */
  1160. p = ((u8 *)req_pl) + sizeof(*req_pl);
  1161. if (iv) {
  1162. memcpy(p, iv, 16);
  1163. p += 16;
  1164. }
  1165. /* key blob */
  1166. p += asn1tag_write(p, 0x04, key, keysize);
  1167. /* empty kek tag */
  1168. *p++ = 0x04;
  1169. *p++ = 0;
  1170. /* empty mac tag */
  1171. *p++ = 0x04;
  1172. *p++ = 0;
  1173. /* reply cprb and payload */
  1174. rep = alloc_cprbmem(sizeof(struct wk_rep_pl), xflags);
  1175. if (!rep)
  1176. goto out;
  1177. rep_pl = (struct wk_rep_pl *)(((u8 *)rep) + sizeof(*rep));
  1178. /* urb and target */
  1179. target.ap_id = card;
  1180. target.dom_id = domain;
  1181. prep_urb(&urb, &target, 1,
  1182. req, sizeof(*req) + req_pl_size,
  1183. rep, sizeof(*rep) + sizeof(*rep_pl));
  1184. rc = zcrypt_send_ep11_cprb(&urb, xflags);
  1185. if (rc) {
  1186. ZCRYPT_DBF_ERR("%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
  1187. __func__, (int)card, (int)domain, rc);
  1188. goto out;
  1189. }
  1190. /* check ep11 reply cprb */
  1191. rc = check_reply_cprb(rep, __func__);
  1192. if (rc)
  1193. goto out;
  1194. /* check payload */
  1195. rc = check_reply_pl((u8 *)rep_pl, __func__);
  1196. if (rc)
  1197. goto out;
  1198. if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
  1199. ZCRYPT_DBF_ERR("%s unknown reply data format\n", __func__);
  1200. rc = -EIO;
  1201. goto out;
  1202. }
  1203. if (rep_pl->data_len > *datasize) {
  1204. ZCRYPT_DBF_ERR("%s mismatch reply data len / data buffer len\n",
  1205. __func__);
  1206. rc = -ENOSPC;
  1207. goto out;
  1208. }
  1209. /* copy the data from the cprb to the data buffer */
  1210. memcpy(databuf, rep_pl->data, rep_pl->data_len);
  1211. *datasize = rep_pl->data_len;
  1212. out:
  1213. free_cprbmem(req, req_pl_size, true, xflags);
  1214. free_cprbmem(rep, sizeof(struct wk_rep_pl), true, xflags);
  1215. return rc;
  1216. }
  1217. int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
  1218. const u8 *clrkey, u8 *keybuf, u32 *keybufsize,
  1219. u32 keytype, u32 xflags)
  1220. {
  1221. int rc;
  1222. void *mem;
  1223. u8 encbuf[64], *kek;
  1224. size_t clrkeylen, keklen, encbuflen = sizeof(encbuf);
  1225. if (keybitsize == 128 || keybitsize == 192 || keybitsize == 256) {
  1226. clrkeylen = keybitsize / 8;
  1227. } else {
  1228. ZCRYPT_DBF_ERR("%s unknown/unsupported keybitsize %d\n",
  1229. __func__, keybitsize);
  1230. return -EINVAL;
  1231. }
  1232. /*
  1233. * Allocate space for the temp kek.
  1234. * Also we only need up to MAXEP11AESKEYBLOBSIZE bytes for this
  1235. * we use the already existing cprb mempool to solve this
  1236. * short term memory requirement.
  1237. */
  1238. mem = (xflags & ZCRYPT_XFLAG_NOMEMALLOC) ?
  1239. mempool_alloc_preallocated(cprb_mempool) :
  1240. mempool_alloc(cprb_mempool, GFP_KERNEL);
  1241. if (!mem)
  1242. return -ENOMEM;
  1243. kek = (u8 *)mem;
  1244. keklen = MAXEP11AESKEYBLOBSIZE;
  1245. /* Step 1: generate AES 256 bit random kek key */
  1246. rc = _ep11_genaeskey(card, domain, 256,
  1247. 0x00006c00, /* EN/DECRYPT, WRAP/UNWRAP */
  1248. kek, &keklen, xflags);
  1249. if (rc) {
  1250. ZCRYPT_DBF_ERR("%s generate kek key failed, rc=%d\n",
  1251. __func__, rc);
  1252. goto out;
  1253. }
  1254. /* Step 2: encrypt clear key value with the kek key */
  1255. rc = ep11_cryptsingle(card, domain, 0, 0, def_iv, kek, keklen,
  1256. clrkey, clrkeylen, encbuf, &encbuflen, xflags);
  1257. if (rc) {
  1258. ZCRYPT_DBF_ERR("%s encrypting key value with kek key failed, rc=%d\n",
  1259. __func__, rc);
  1260. goto out;
  1261. }
  1262. /* Step 3: import the encrypted key value as a new key */
  1263. rc = ep11_unwrapkey(card, domain, kek, keklen,
  1264. encbuf, encbuflen, 0, def_iv,
  1265. keybitsize, keygenflags,
  1266. keybuf, keybufsize,
  1267. keytype, xflags);
  1268. if (rc) {
  1269. ZCRYPT_DBF_ERR("%s importing key value as new key failed, rc=%d\n",
  1270. __func__, rc);
  1271. goto out;
  1272. }
  1273. out:
  1274. mempool_free(mem, cprb_mempool);
  1275. return rc;
  1276. }
  1277. EXPORT_SYMBOL(ep11_clr2keyblob);
  1278. int ep11_kblob2protkey(u16 card, u16 dom,
  1279. const u8 *keyblob, u32 keybloblen,
  1280. u8 *protkey, u32 *protkeylen, u32 *protkeytype,
  1281. u32 xflags)
  1282. {
  1283. struct ep11kblob_header *hdr;
  1284. struct ep11keyblob *key;
  1285. size_t wkbuflen, keylen;
  1286. struct wk_info {
  1287. u16 version;
  1288. u8 res1[16];
  1289. u32 pkeytype;
  1290. u32 pkeybitsize;
  1291. u64 pkeysize;
  1292. u8 res2[8];
  1293. u8 pkey[];
  1294. } __packed * wki;
  1295. u8 *wkbuf = NULL;
  1296. int rc = -EIO;
  1297. if (ep11_kb_decode((u8 *)keyblob, keybloblen, &hdr, NULL, &key, &keylen))
  1298. return -EINVAL;
  1299. if (hdr->version == TOKVER_EP11_AES) {
  1300. /* wipe overlayed header */
  1301. memset(hdr, 0, sizeof(*hdr));
  1302. }
  1303. /* !!! hdr is no longer a valid header !!! */
  1304. /* need a temp working buffer */
  1305. wkbuflen = (keylen + AES_BLOCK_SIZE) & (~(AES_BLOCK_SIZE - 1));
  1306. if (wkbuflen > CPRB_MEMPOOL_ITEM_SIZE) {
  1307. /* this should never happen */
  1308. rc = -ENOMEM;
  1309. ZCRYPT_DBF_WARN("%s wkbuflen %d > cprb mempool item size %d, rc=%d\n",
  1310. __func__, (int)wkbuflen, CPRB_MEMPOOL_ITEM_SIZE, rc);
  1311. return rc;
  1312. }
  1313. /* use the cprb mempool to satisfy this short term mem allocation */
  1314. wkbuf = (xflags & ZCRYPT_XFLAG_NOMEMALLOC) ?
  1315. mempool_alloc_preallocated(cprb_mempool) :
  1316. mempool_alloc(cprb_mempool, GFP_ATOMIC);
  1317. if (!wkbuf) {
  1318. rc = -ENOMEM;
  1319. ZCRYPT_DBF_WARN("%s allocating tmp buffer via cprb mempool failed, rc=%d\n",
  1320. __func__, rc);
  1321. return rc;
  1322. }
  1323. /* ep11 secure key -> protected key + info */
  1324. rc = _ep11_wrapkey(card, dom, (u8 *)key, keylen,
  1325. 0, def_iv, wkbuf, &wkbuflen, xflags);
  1326. if (rc) {
  1327. ZCRYPT_DBF_ERR("%s rewrapping ep11 key to pkey failed, rc=%d\n",
  1328. __func__, rc);
  1329. goto out;
  1330. }
  1331. wki = (struct wk_info *)wkbuf;
  1332. /* check struct version and pkey type */
  1333. if (wki->version != 1 || wki->pkeytype < 1 || wki->pkeytype > 5) {
  1334. ZCRYPT_DBF_ERR("%s wk info version %d or pkeytype %d mismatch.\n",
  1335. __func__, (int)wki->version, (int)wki->pkeytype);
  1336. rc = -EIO;
  1337. goto out;
  1338. }
  1339. /* check protected key type field */
  1340. switch (wki->pkeytype) {
  1341. case 1: /* AES */
  1342. switch (wki->pkeysize) {
  1343. case 16 + 32:
  1344. /* AES 128 protected key */
  1345. if (protkeytype)
  1346. *protkeytype = PKEY_KEYTYPE_AES_128;
  1347. break;
  1348. case 24 + 32:
  1349. /* AES 192 protected key */
  1350. if (protkeytype)
  1351. *protkeytype = PKEY_KEYTYPE_AES_192;
  1352. break;
  1353. case 32 + 32:
  1354. /* AES 256 protected key */
  1355. if (protkeytype)
  1356. *protkeytype = PKEY_KEYTYPE_AES_256;
  1357. break;
  1358. default:
  1359. ZCRYPT_DBF_ERR("%s unknown/unsupported AES pkeysize %d\n",
  1360. __func__, (int)wki->pkeysize);
  1361. rc = -EIO;
  1362. goto out;
  1363. }
  1364. break;
  1365. case 3: /* EC-P */
  1366. case 4: /* EC-ED */
  1367. case 5: /* EC-BP */
  1368. if (protkeytype)
  1369. *protkeytype = PKEY_KEYTYPE_ECC;
  1370. break;
  1371. case 2: /* TDES */
  1372. default:
  1373. ZCRYPT_DBF_ERR("%s unknown/unsupported key type %d\n",
  1374. __func__, (int)wki->pkeytype);
  1375. rc = -EIO;
  1376. goto out;
  1377. }
  1378. /* copy the translated protected key */
  1379. if (wki->pkeysize > *protkeylen) {
  1380. ZCRYPT_DBF_ERR("%s wk info pkeysize %llu > protkeysize %u\n",
  1381. __func__, wki->pkeysize, *protkeylen);
  1382. rc = -EINVAL;
  1383. goto out;
  1384. }
  1385. memcpy(protkey, wki->pkey, wki->pkeysize);
  1386. *protkeylen = wki->pkeysize;
  1387. out:
  1388. mempool_free(wkbuf, cprb_mempool);
  1389. return rc;
  1390. }
  1391. EXPORT_SYMBOL(ep11_kblob2protkey);
  1392. int ep11_findcard2(u32 *apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
  1393. int minhwtype, int minapi, const u8 *wkvp, u32 xflags)
  1394. {
  1395. struct zcrypt_device_status_ext *device_status;
  1396. struct ep11_domain_info edi;
  1397. struct ep11_card_info eci;
  1398. u32 _nr_apqns = 0;
  1399. int i, card, dom;
  1400. /* occupy the device status memory */
  1401. mutex_lock(&dev_status_mem_mutex);
  1402. memset(dev_status_mem, 0, ZCRYPT_DEV_STATUS_EXT_SIZE);
  1403. device_status = (struct zcrypt_device_status_ext *)dev_status_mem;
  1404. /* fetch crypto device status into this struct */
  1405. zcrypt_device_status_mask_ext(device_status,
  1406. ZCRYPT_DEV_STATUS_CARD_MAX,
  1407. ZCRYPT_DEV_STATUS_QUEUE_MAX);
  1408. /* walk through all the crypto apqnss */
  1409. for (i = 0; i < ZCRYPT_DEV_STATUS_ENTRIES; i++) {
  1410. card = AP_QID_CARD(device_status[i].qid);
  1411. dom = AP_QID_QUEUE(device_status[i].qid);
  1412. /* check online state */
  1413. if (!device_status[i].online)
  1414. continue;
  1415. /* check for ep11 functions */
  1416. if (!(device_status[i].functions & 0x01))
  1417. continue;
  1418. /* check cardnr */
  1419. if (cardnr != 0xFFFF && card != cardnr)
  1420. continue;
  1421. /* check domain */
  1422. if (domain != 0xFFFF && dom != domain)
  1423. continue;
  1424. /* check min hardware type */
  1425. if (minhwtype && device_status[i].hwtype < minhwtype)
  1426. continue;
  1427. /* check min api version if given */
  1428. if (minapi > 0) {
  1429. if (ep11_get_card_info(card, &eci, xflags))
  1430. continue;
  1431. if (minapi > eci.API_ord_nr)
  1432. continue;
  1433. }
  1434. /* check wkvp if given */
  1435. if (wkvp) {
  1436. if (ep11_get_domain_info(card, dom, &edi, xflags))
  1437. continue;
  1438. if (edi.cur_wk_state != '1')
  1439. continue;
  1440. if (memcmp(wkvp, edi.cur_wkvp, 16))
  1441. continue;
  1442. }
  1443. /* apqn passed all filtering criterons, add to the array */
  1444. if (_nr_apqns < *nr_apqns)
  1445. apqns[_nr_apqns++] = (((u16)card) << 16) | ((u16)dom);
  1446. }
  1447. *nr_apqns = _nr_apqns;
  1448. mutex_unlock(&dev_status_mem_mutex);
  1449. return _nr_apqns ? 0 : -ENODEV;
  1450. }
  1451. EXPORT_SYMBOL(ep11_findcard2);
  1452. int __init zcrypt_ep11misc_init(void)
  1453. {
  1454. /* Pre-allocate a small memory pool for ep11 cprbs. */
  1455. cprb_mempool = mempool_create_kmalloc_pool(2 * zcrypt_mempool_threshold,
  1456. CPRB_MEMPOOL_ITEM_SIZE);
  1457. if (!cprb_mempool)
  1458. return -ENOMEM;
  1459. /* Pre-allocate one crypto status card struct used in ep11_findcard2() */
  1460. dev_status_mem = kvmalloc(ZCRYPT_DEV_STATUS_EXT_SIZE, GFP_KERNEL);
  1461. if (!dev_status_mem) {
  1462. mempool_destroy(cprb_mempool);
  1463. return -ENOMEM;
  1464. }
  1465. return 0;
  1466. }
  1467. void zcrypt_ep11misc_exit(void)
  1468. {
  1469. mutex_lock(&dev_status_mem_mutex);
  1470. kvfree(dev_status_mem);
  1471. mutex_unlock(&dev_status_mem_mutex);
  1472. mempool_destroy(cprb_mempool);
  1473. }