summaryrefslogtreecommitdiffstats
path: root/drivers/s390
diff options
context:
space:
mode:
authorHarald Freudenberger <freude@linux.ibm.com>2024-08-22 11:32:18 +0200
committerVasily Gorbik <gor@linux.ibm.com>2024-08-29 22:56:33 +0200
commitea88e1710a9f19345c94c195f9cd7365e50343b0 (patch)
tree2f08dd4a5cbc6c67783f4a0ca3aba614cb686aa2 /drivers/s390
parents390/pkey: Rework and split PKEY kernel module code (diff)
downloadlinux-ea88e1710a9f19345c94c195f9cd7365e50343b0.tar.xz
linux-ea88e1710a9f19345c94c195f9cd7365e50343b0.zip
s390/pkey: Unify pkey cca, ep11 and pckmo functions signatures
As a preparation step for introducing a common function API between the pkey API module and the handlers (that is the cca, ep11 and pckmo code) this patch unifies the functions signatures exposed by the handlers and reworks all the invocation code of these functions. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Holger Dengler <dengler@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Diffstat (limited to 'drivers/s390')
-rw-r--r--drivers/s390/crypto/pkey_api.c49
-rw-r--r--drivers/s390/crypto/pkey_base.h29
-rw-r--r--drivers/s390/crypto/pkey_cca.c4
-rw-r--r--drivers/s390/crypto/pkey_ep11.c13
-rw-r--r--drivers/s390/crypto/pkey_pckmo.c91
-rw-r--r--drivers/s390/crypto/pkey_sysfs.c125
6 files changed, 213 insertions, 98 deletions
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 732437bf3823..31382c23ec14 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -109,7 +109,7 @@ static int genseck2(const struct pkey_apqn *apqns, size_t nr_apqns,
rc = pkey_cca_gen_key(apqns[i].card,
apqns[i].domain,
u, keytype, keybitsize, flags,
- keybuf, keybuflen);
+ keybuf, keybuflen, NULL);
}
} else if (pkey_is_ep11_keytype(keytype)) {
/* As of now only EP11 AES key generation is supported */
@@ -123,7 +123,7 @@ static int genseck2(const struct pkey_apqn *apqns, size_t nr_apqns,
rc = pkey_ep11_gen_key(apqns[i].card,
apqns[i].domain,
u, keytype, keybitsize, flags,
- keybuf, keybuflen);
+ keybuf, keybuflen, NULL);
}
} else {
PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",
@@ -154,7 +154,7 @@ static int clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
apqns[i].domain,
u, keytype, kbitsize, flags,
clrkey, kbitsize / 8,
- keybuf, keybuflen);
+ keybuf, keybuflen, NULL);
}
} else if (pkey_is_ep11_keytype(keytype)) {
/* As of now only EP11 AES key generation is supported */
@@ -169,7 +169,7 @@ static int clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
apqns[i].domain,
u, keytype, kbitsize, flags,
clrkey, kbitsize / 8,
- keybuf, keybuflen);
+ keybuf, keybuflen, NULL);
}
} else {
PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",
@@ -308,6 +308,7 @@ static int pckmokey2protkey_fallback(const struct clearkeytoken *t,
nr_apqns = MAXAPQNSINLIST;
rc = pkey_cca_apqns4type(PKEY_TYPE_CCA_DATA,
NULL, NULL, 0, apqns, &nr_apqns);
+ pr_debug("pkey_cca_apqns4type(CCA_DATA)=%d\n", rc);
if (rc)
goto try_via_ep11;
for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
@@ -316,7 +317,8 @@ static int pckmokey2protkey_fallback(const struct clearkeytoken *t,
t->keytype, PKEY_TYPE_CCA_DATA,
8 * keysize, 0,
t->clearkey, t->len,
- tmpbuf, &tmplen);
+ tmpbuf, &tmplen, NULL);
+ pr_debug("pkey_cca_clr2key()=%d\n", rc);
}
if (rc)
goto try_via_ep11;
@@ -326,6 +328,7 @@ static int pckmokey2protkey_fallback(const struct clearkeytoken *t,
tmpbuf, tmplen,
protkey, protkeylen,
protkeytype);
+ pr_debug("pkey_cca_key2protkey()=%d\n", rc);
}
if (!rc)
break;
@@ -335,6 +338,7 @@ try_via_ep11:
nr_apqns = MAXAPQNSINLIST;
rc = pkey_ep11_apqns4type(PKEY_TYPE_EP11_AES,
NULL, NULL, 0, apqns, &nr_apqns);
+ pr_debug("pkey_ep11_apqns4type(EP11_AES)=%d\n", rc);
if (rc)
continue;
for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
@@ -343,7 +347,8 @@ try_via_ep11:
t->keytype, PKEY_TYPE_EP11_AES,
8 * keysize, 0,
t->clearkey, t->len,
- tmpbuf, &tmplen);
+ tmpbuf, &tmplen, NULL);
+ pr_debug("pkey_ep11_clr2key()=%d\n", rc);
}
if (rc)
continue;
@@ -353,6 +358,7 @@ try_via_ep11:
tmpbuf, tmplen,
protkey, protkeylen,
protkeytype);
+ pr_debug("pkey_ep11_key2protkey()=%d\n", rc);
}
}
@@ -367,9 +373,8 @@ static int pckmokey2protkey(const u8 *key, size_t keylen,
{
int rc;
- rc = pkey_pckmo_key2protkey(key, keylen,
- protkey, protkeylen,
- protkeytype);
+ rc = pkey_pckmo_key2protkey(0, 0, key, keylen,
+ protkey, protkeylen, protkeytype);
if (rc == -ENODEV) {
struct keytoken_header *hdr = (struct keytoken_header *)key;
struct clearkeytoken *t = (struct clearkeytoken *)key;
@@ -456,7 +461,7 @@ static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs)
keybuflen = sizeof(kgs.seckey.seckey);
rc = pkey_cca_gen_key(kgs.cardnr, kgs.domain,
kgs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,
- kgs.seckey.seckey, &keybuflen);
+ kgs.seckey.seckey, &keybuflen, NULL);
pr_debug("pkey_cca_gen_key()=%d\n", rc);
if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs)))
rc = -EFAULT;
@@ -478,7 +483,7 @@ static int pkey_ioctl_clr2seck(struct pkey_clr2seck __user *ucs)
kcs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,
kcs.clrkey.clrkey,
pkey_keytype_aes_to_size(kcs.keytype),
- kcs.seckey.seckey, &keybuflen);
+ kcs.seckey.seckey, &keybuflen, NULL);
pr_debug("pkey_cca_clr2key()=%d\n", rc);
if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs)))
rc = -EFAULT;
@@ -515,10 +520,11 @@ static int pkey_ioctl_clr2protk(struct pkey_clr2protk __user *ucp)
if (copy_from_user(&kcp, ucp, sizeof(kcp)))
return -EFAULT;
kcp.protkey.len = sizeof(kcp.protkey.protkey);
- rc = pkey_pckmo_clr2protkey(kcp.keytype, kcp.clrkey.clrkey,
- kcp.protkey.protkey,
- &kcp.protkey.len, &kcp.protkey.type);
- pr_debug("pkey_pckmo_clr2protkey()=%d\n", rc);
+ rc = pkey_pckmo_clr2key(0, 0, kcp.keytype, 0, 0, 0,
+ kcp.clrkey.clrkey, 0,
+ kcp.protkey.protkey,
+ &kcp.protkey.len, &kcp.protkey.type);
+ pr_debug("pkey_pckmo_clr2key()=%d\n", rc);
if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp)))
rc = -EFAULT;
memzero_explicit(&kcp, sizeof(kcp));
@@ -643,9 +649,10 @@ static int pkey_ioctl_genprotk(struct pkey_genprotk __user *ugp)
if (copy_from_user(&kgp, ugp, sizeof(kgp)))
return -EFAULT;
kgp.protkey.len = sizeof(kgp.protkey.protkey);
- rc = pkey_pckmo_gen_protkey(kgp.keytype, kgp.protkey.protkey,
- &kgp.protkey.len, &kgp.protkey.type);
- pr_debug("pkey_gen_protkey()=%d\n", rc);
+ rc = pkey_pckmo_gen_key(0, 0, kgp.keytype, 0, 0, 0,
+ kgp.protkey.protkey,
+ &kgp.protkey.len, &kgp.protkey.type);
+ pr_debug("pkey_pckmo_gen_key()=%d\n", rc);
if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp)))
rc = -EFAULT;
memzero_explicit(&kgp, sizeof(kgp));
@@ -660,9 +667,9 @@ static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp)
if (copy_from_user(&kvp, uvp, sizeof(kvp)))
return -EFAULT;
- rc = pkey_pckmo_verify_protkey(kvp.protkey.protkey,
- kvp.protkey.len, kvp.protkey.type);
- pr_debug("pkey_verify_protkey()=%d\n", rc);
+ rc = pkey_pckmo_verifykey(kvp.protkey.protkey, kvp.protkey.len,
+ 0, 0, &kvp.protkey.type, 0, 0);
+ pr_debug("pkey_pckmo_verifykey()=%d\n", rc);
memzero_explicit(&kvp, sizeof(kvp));
return rc;
diff --git a/drivers/s390/crypto/pkey_base.h b/drivers/s390/crypto/pkey_base.h
index f714d42969b6..560106cbd450 100644
--- a/drivers/s390/crypto/pkey_base.h
+++ b/drivers/s390/crypto/pkey_base.h
@@ -97,12 +97,12 @@ int pkey_cca_key2protkey(u16 card, u16 dom,
int pkey_cca_gen_key(u16 card, u16 dom,
u32 keytype, u32 keysubtype,
u32 keybitsize, u32 flags,
- u8 *keybuf, u32 *keybuflen);
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);
int pkey_cca_clr2key(u16 card, u16 dom,
u32 keytype, u32 keysubtype,
u32 keybitsize, u32 flags,
const u8 *clrkey, u32 clrkeylen,
- u8 *keybuf, u32 *keybuflen);
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);
int pkey_cca_verifykey(const u8 *key, u32 keylen,
u16 *card, u16 *dom,
u32 *keytype, u32 *keybitsize, u32 *flags);
@@ -124,12 +124,12 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
int pkey_ep11_gen_key(u16 card, u16 dom,
u32 keytype, u32 keysubtype,
u32 keybitsize, u32 flags,
- u8 *keybuf, u32 *keybuflen);
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);
int pkey_ep11_clr2key(u16 card, u16 dom,
u32 keytype, u32 keysubtype,
u32 keybitsize, u32 flags,
const u8 *clrkey, u32 clrkeylen,
- u8 *keybuf, u32 *keybuflen);
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);
int pkey_ep11_verifykey(const u8 *key, u32 keylen,
u16 *card, u16 *dom,
u32 *keytype, u32 *keybitsize, u32 *flags);
@@ -144,14 +144,21 @@ int pkey_ep11_apqns4type(enum pkey_key_type ktype,
*/
bool pkey_is_pckmo_key(const u8 *key, u32 keylen);
-int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,
+int pkey_pckmo_key2protkey(u16 _card, u16 _dom,
+ const u8 *key, u32 keylen,
u8 *protkey, u32 *protkeylen, u32 *protkeytype);
-int pkey_pckmo_gen_protkey(u32 keytype,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype);
-int pkey_pckmo_clr2protkey(u32 keytype, const u8 *clrkey,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype);
-int pkey_pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
- u32 protkeytype);
+int pkey_pckmo_gen_key(u16 _card, u16 _dom,
+ u32 keytype, u32 _keysubtype,
+ u32 _keybitsize, u32 _flags,
+ u8 *keybuf, u32 *keybuflen, u32 *keyinfo);
+int pkey_pckmo_clr2key(u16 _card, u16 _dom,
+ u32 keytype, u32 _keysubtype,
+ u32 _keybitsize, u32 _flags,
+ const u8 *clrkey, u32 clrkeylen,
+ u8 *keybuf, u32 *keybuflen, u32 *keyinfo);
+int pkey_pckmo_verifykey(const u8 *key, u32 keylen,
+ u16 *_card, u16 *_dom,
+ u32 *keytype, u32 *_keybitsize, u32 *_flags);
/*
* pkey_sysfs.c:
diff --git a/drivers/s390/crypto/pkey_cca.c b/drivers/s390/crypto/pkey_cca.c
index 65e520d7a864..1bf9019ec561 100644
--- a/drivers/s390/crypto/pkey_cca.c
+++ b/drivers/s390/crypto/pkey_cca.c
@@ -112,7 +112,7 @@ int pkey_cca_key2protkey(u16 card, u16 dom,
int pkey_cca_gen_key(u16 card, u16 dom,
u32 keytype, u32 subtype,
u32 keybitsize, u32 flags,
- u8 *keybuf, u32 *keybuflen)
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)
{
int len, rc;
@@ -173,7 +173,7 @@ int pkey_cca_clr2key(u16 card, u16 dom,
u32 keytype, u32 subtype,
u32 keybitsize, u32 flags,
const u8 *clrkey, u32 clrkeylen,
- u8 *keybuf, u32 *keybuflen)
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)
{
int len, rc;
diff --git a/drivers/s390/crypto/pkey_ep11.c b/drivers/s390/crypto/pkey_ep11.c
index fdc9de43a6c1..4c49e07ece74 100644
--- a/drivers/s390/crypto/pkey_ep11.c
+++ b/drivers/s390/crypto/pkey_ep11.c
@@ -71,8 +71,7 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
3, key, keylen, 1))
return -EINVAL;
rc = ep11_kblob2protkey(card, dom, key, hdr->len,
- protkey, protkeylen,
- protkeytype);
+ protkey, protkeylen, protkeytype);
} else if (hdr->type == TOKTYPE_NON_CCA &&
hdr->version == TOKVER_EP11_ECC_WITH_HEADER &&
is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
@@ -81,8 +80,7 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
3, key, keylen, 1))
return -EINVAL;
rc = ep11_kblob2protkey(card, dom, key, hdr->len,
- protkey, protkeylen,
- protkeytype);
+ protkey, protkeylen, protkeytype);
} else if (hdr->type == TOKTYPE_NON_CCA &&
hdr->version == TOKVER_EP11_AES &&
is_ep11_keyblob(key)) {
@@ -90,8 +88,7 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
if (ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1))
return -EINVAL;
rc = ep11_kblob2protkey(card, dom, key, hdr->len,
- protkey, protkeylen,
- protkeytype);
+ protkey, protkeylen, protkeytype);
} else {
PKEY_DBF_ERR("%s unknown/unsupported blob type %d version %d\n",
__func__, hdr->type, hdr->version);
@@ -114,7 +111,7 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
int pkey_ep11_gen_key(u16 card, u16 dom,
u32 keytype, u32 subtype,
u32 keybitsize, u32 flags,
- u8 *keybuf, u32 *keybuflen)
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)
{
int len, rc;
@@ -171,7 +168,7 @@ int pkey_ep11_clr2key(u16 card, u16 dom,
u32 keytype, u32 subtype,
u32 keybitsize, u32 flags,
const u8 *clrkey, u32 clrkeylen,
- u8 *keybuf, u32 *keybuflen)
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)
{
int len, rc;
diff --git a/drivers/s390/crypto/pkey_pckmo.c b/drivers/s390/crypto/pkey_pckmo.c
index 30a9d2f64853..d2c2c61f449b 100644
--- a/drivers/s390/crypto/pkey_pckmo.c
+++ b/drivers/s390/crypto/pkey_pckmo.c
@@ -18,10 +18,67 @@
#include "pkey_base.h"
/*
- * Check key blob for known and supported here.
+ * Prototypes
*/
+
+static bool is_pckmo_key(const u8 *key, u32 keylen);
+static int pckmo_key2protkey(const u8 *key, u32 keylen,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+static int pckmo_gen_protkey(u32 keytype,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+static int pckmo_clr2protkey(u32 keytype, const u8 *clrkey, u32 clrkeylen,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+static int pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
+ u32 protkeytype);
+
+/*
+ * Wrapper functions
+ */
+
bool pkey_is_pckmo_key(const u8 *key, u32 keylen)
{
+ return is_pckmo_key(key, keylen);
+}
+
+int pkey_pckmo_key2protkey(u16 _card, u16 _dom,
+ const u8 *key, u32 keylen,
+ u8 *protkey, u32 *protkeylen, u32 *keyinfo)
+{
+ return pckmo_key2protkey(key, keylen,
+ protkey, protkeylen, keyinfo);
+}
+
+int pkey_pckmo_gen_key(u16 _card, u16 _dom,
+ u32 keytype, u32 _keysubtype,
+ u32 _keybitsize, u32 _flags,
+ u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
+{
+ return pckmo_gen_protkey(keytype,
+ keybuf, keybuflen, keyinfo);
+}
+
+int pkey_pckmo_clr2key(u16 _card, u16 _dom,
+ u32 keytype, u32 _keysubtype,
+ u32 _keybitsize, u32 _flags,
+ const u8 *clrkey, u32 clrkeylen,
+ u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
+{
+ return pckmo_clr2protkey(keytype, clrkey, clrkeylen,
+ keybuf, keybuflen, keyinfo);
+}
+
+int pkey_pckmo_verifykey(const u8 *key, u32 keylen,
+ u16 *_card, u16 *_dom,
+ u32 *keytype, u32 *_keybitsize, u32 *_flags)
+{
+ return pckmo_verify_protkey(key, keylen, *keytype);
+}
+
+/*
+ * Check key blob for known and supported here.
+ */
+static bool is_pckmo_key(const u8 *key, u32 keylen)
+{
struct keytoken_header *hdr = (struct keytoken_header *)key;
struct clearkeytoken *t = (struct clearkeytoken *)key;
@@ -55,8 +112,8 @@ bool pkey_is_pckmo_key(const u8 *key, u32 keylen)
}
}
-int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype)
+static int pckmo_key2protkey(const u8 *key, u32 keylen,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype)
{
struct keytoken_header *hdr = (struct keytoken_header *)key;
int rc = -EINVAL;
@@ -73,8 +130,7 @@ int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,
if (keylen != sizeof(struct protaeskeytoken))
goto out;
t = (struct protaeskeytoken *)key;
- rc = pkey_pckmo_verify_protkey(t->protkey, t->len,
- t->keytype);
+ rc = pckmo_verify_protkey(t->protkey, t->len, t->keytype);
if (rc)
goto out;
memcpy(protkey, t->protkey, t->len);
@@ -123,8 +179,8 @@ int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,
__func__, t->len);
goto out;
}
- rc = pkey_pckmo_clr2protkey(t->keytype, t->clearkey,
- protkey, protkeylen, protkeytype);
+ rc = pckmo_clr2protkey(t->keytype, t->clearkey, t->len,
+ protkey, protkeylen, protkeytype);
break;
}
default:
@@ -143,8 +199,8 @@ out:
* Currently only the generation of AES protected keys
* is supported.
*/
-int pkey_pckmo_gen_protkey(u32 keytype, u8 *protkey,
- u32 *protkeylen, u32 *protkeytype)
+static int pckmo_gen_protkey(u32 keytype, u8 *protkey,
+ u32 *protkeylen, u32 *protkeytype)
{
u8 clrkey[32];
int keysize;
@@ -161,8 +217,8 @@ int pkey_pckmo_gen_protkey(u32 keytype, u8 *protkey,
get_random_bytes(clrkey, keysize);
/* convert it to a dummy protected key */
- rc = pkey_pckmo_clr2protkey(keytype, clrkey,
- protkey, protkeylen, protkeytype);
+ rc = pckmo_clr2protkey(keytype, clrkey, keysize,
+ protkey, protkeylen, protkeytype);
if (rc)
goto out;
@@ -177,8 +233,8 @@ out:
/*
* Create a protected key from a clear key value via PCKMO instruction.
*/
-int pkey_pckmo_clr2protkey(u32 keytype, const u8 *clrkey,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype)
+static int pckmo_clr2protkey(u32 keytype, const u8 *clrkey, u32 clrkeylen,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype)
{
/* mask of available pckmo subfunctions */
static cpacf_mask_t pckmo_functions;
@@ -243,6 +299,11 @@ int pkey_pckmo_clr2protkey(u32 keytype, const u8 *clrkey,
goto out;
}
+ if (clrkeylen && clrkeylen < keysize) {
+ PKEY_DBF_ERR("%s clear key size too small: %u < %d\n",
+ __func__, clrkeylen, keysize);
+ goto out;
+ }
if (*protkeylen < keysize + AES_WK_VP_SIZE) {
PKEY_DBF_ERR("%s prot key buffer size too small: %u < %d\n",
__func__, *protkeylen, keysize + AES_WK_VP_SIZE);
@@ -288,8 +349,8 @@ out:
* Verify a protected key blob.
* Currently only AES protected keys are supported.
*/
-int pkey_pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
- u32 protkeytype)
+static int pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
+ u32 protkeytype)
{
struct {
u8 iv[AES_BLOCK_SIZE];
diff --git a/drivers/s390/crypto/pkey_sysfs.c b/drivers/s390/crypto/pkey_sysfs.c
index 727293fbf331..684f87d6e9f1 100644
--- a/drivers/s390/crypto/pkey_sysfs.c
+++ b/drivers/s390/crypto/pkey_sysfs.c
@@ -42,9 +42,10 @@ static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
protkeytoken.keytype = keytype;
protkey.len = sizeof(protkey.protkey);
- rc = pkey_pckmo_gen_protkey(protkeytoken.keytype,
- protkey.protkey, &protkey.len,
- &protkey.type);
+ rc = pkey_pckmo_gen_key(0, 0,
+ protkeytoken.keytype, 0, 0, 0,
+ protkey.protkey, &protkey.len,
+ &protkey.type);
if (rc)
return rc;
@@ -56,9 +57,10 @@ static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
if (is_xts) {
/* xts needs a second protected key, reuse protkey struct */
protkey.len = sizeof(protkey.protkey);
- rc = pkey_pckmo_gen_protkey(protkeytoken.keytype,
- protkey.protkey, &protkey.len,
- &protkey.type);
+ rc = pkey_pckmo_gen_key(0, 0,
+ protkeytoken.keytype, 0, 0, 0,
+ protkey.protkey, &protkey.len,
+ &protkey.type);
if (rc)
return rc;
@@ -154,6 +156,7 @@ static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
loff_t off, size_t count)
{
struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
+ u32 buflen;
int rc;
if (off != 0 || count < sizeof(struct secaeskeytoken))
@@ -162,13 +165,19 @@ static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
if (count < 2 * sizeof(struct secaeskeytoken))
return -EINVAL;
- rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
+ buflen = sizeof(seckey->seckey);
+ rc = pkey_cca_gen_key(-1, -1, keytype,
+ PKEY_TYPE_CCA_DATA, 0, 0,
+ seckey->seckey, &buflen, NULL);
if (rc)
return rc;
if (is_xts) {
seckey++;
- rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
+ buflen = sizeof(seckey->seckey);
+ rc = pkey_cca_gen_key(-1, -1, keytype,
+ PKEY_TYPE_CCA_DATA, 0, 0,
+ seckey->seckey, &buflen, NULL);
if (rc)
return rc;
@@ -261,8 +270,9 @@ static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
size_t count)
{
u32 keysize = CCACIPHERTOKENSIZE;
- u32 nr_apqns, *apqns = NULL;
+ struct pkey_apqn *apqns = NULL;
int i, rc, card, dom;
+ size_t nr_apqns;
if (off != 0 || count < CCACIPHERTOKENSIZE)
return -EINVAL;
@@ -270,33 +280,51 @@ static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
if (count < 2 * CCACIPHERTOKENSIZE)
return -EINVAL;
+ nr_apqns = MAXAPQNSINLIST;
+ apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL);
+ if (!apqns)
+ return -ENOMEM;
+
/* build a list of apqns able to generate an cipher key */
- rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
- ZCRYPT_CEX6, 0, 0, 0, 0);
- if (rc)
+ rc = pkey_cca_apqns4type(PKEY_TYPE_CCA_CIPHER,
+ NULL, NULL, 0,
+ apqns, &nr_apqns);
+ if (rc) {
+ kfree(apqns);
return rc;
+ }
memset(buf, 0, is_xts ? 2 * keysize : keysize);
/* simple try all apqns from the list */
- for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
- card = apqns[i] >> 16;
- dom = apqns[i] & 0xFFFF;
- rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
- if (rc == 0)
- break;
+ for (i = 0, rc = -ENODEV; rc && i < nr_apqns; i++) {
+ card = apqns[i].card;
+ dom = apqns[i].domain;
+ rc = pkey_cca_gen_key(card, dom,
+ pkey_aes_bitsize_to_keytype(keybits),
+ PKEY_TYPE_CCA_CIPHER, keybits, 0,
+ buf, &keysize, NULL);
}
- if (rc)
+ if (rc) {
+ kfree(apqns);
return rc;
+ }
if (is_xts) {
keysize = CCACIPHERTOKENSIZE;
buf += CCACIPHERTOKENSIZE;
- rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
- if (rc == 0)
- return 2 * CCACIPHERTOKENSIZE;
+ rc = pkey_cca_gen_key(card, dom,
+ pkey_aes_bitsize_to_keytype(keybits),
+ PKEY_TYPE_CCA_CIPHER, keybits, 0,
+ buf, &keysize, NULL);
+ kfree(apqns);
+ if (rc)
+ return rc;
+ return 2 * CCACIPHERTOKENSIZE;
}
+ kfree(apqns);
+
return CCACIPHERTOKENSIZE;
}
@@ -384,8 +412,9 @@ static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
size_t count)
{
u32 keysize = MAXEP11AESKEYBLOBSIZE;
- u32 nr_apqns, *apqns = NULL;
+ struct pkey_apqn *apqns = NULL;
int i, rc, card, dom;
+ size_t nr_apqns;
if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
return -EINVAL;
@@ -393,37 +422,51 @@ static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
if (count < 2 * MAXEP11AESKEYBLOBSIZE)
return -EINVAL;
- /* build a list of apqns able to generate an cipher key */
- rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
- ZCRYPT_CEX7,
- ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
- NULL);
- if (rc)
+ nr_apqns = MAXAPQNSINLIST;
+ apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL);
+ if (!apqns)
+ return -ENOMEM;
+
+ /* build a list of apqns able to generate an EP11 AES key */
+ rc = pkey_ep11_apqns4type(PKEY_TYPE_EP11_AES,
+ NULL, NULL, 0,
+ apqns, &nr_apqns);
+ if (rc) {
+ kfree(apqns);
return rc;
+ }
memset(buf, 0, is_xts ? 2 * keysize : keysize);
/* simple try all apqns from the list */
- for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
- card = apqns[i] >> 16;
- dom = apqns[i] & 0xFFFF;
- rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize,
- PKEY_TYPE_EP11_AES);
- if (rc == 0)
- break;
+ for (i = 0, rc = -ENODEV; rc && i < nr_apqns; i++) {
+ card = apqns[i].card;
+ dom = apqns[i].domain;
+ rc = pkey_ep11_gen_key(card, dom,
+ pkey_aes_bitsize_to_keytype(keybits),
+ PKEY_TYPE_EP11_AES, keybits, 0,
+ buf, &keysize, NULL);
}
- if (rc)
+ if (rc) {
+ kfree(apqns);
return rc;
+ }
if (is_xts) {
keysize = MAXEP11AESKEYBLOBSIZE;
buf += MAXEP11AESKEYBLOBSIZE;
- rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize,
- PKEY_TYPE_EP11_AES);
- if (rc == 0)
- return 2 * MAXEP11AESKEYBLOBSIZE;
+ rc = pkey_ep11_gen_key(card, dom,
+ pkey_aes_bitsize_to_keytype(keybits),
+ PKEY_TYPE_EP11_AES, keybits, 0,
+ buf, &keysize, NULL);
+ kfree(apqns);
+ if (rc)
+ return rc;
+ return 2 * MAXEP11AESKEYBLOBSIZE;
}
+ kfree(apqns);
+
return MAXEP11AESKEYBLOBSIZE;
}