1
2
3
4
5
6
7
8
9
10#define KMSG_COMPONENT "zcrypt"
11#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
12
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/slab.h>
16#include <linux/random.h>
17#include <asm/zcrypt.h>
18#include <asm/pkey.h>
19
20#include "ap_bus.h"
21#include "zcrypt_api.h"
22#include "zcrypt_debug.h"
23#include "zcrypt_msgtype6.h"
24#include "zcrypt_ccamisc.h"
25
26#define DEBUG_DBG(...) ZCRYPT_DBF(DBF_DEBUG, ##__VA_ARGS__)
27#define DEBUG_INFO(...) ZCRYPT_DBF(DBF_INFO, ##__VA_ARGS__)
28#define DEBUG_WARN(...) ZCRYPT_DBF(DBF_WARN, ##__VA_ARGS__)
29#define DEBUG_ERR(...) ZCRYPT_DBF(DBF_ERR, ##__VA_ARGS__)
30
31
32#define PARMBSIZE 512
33
34
35#define VARDATASIZE 4096
36
37struct cca_info_list_entry {
38 struct list_head list;
39 u16 cardnr;
40 u16 domain;
41 struct cca_info info;
42};
43
44
45static LIST_HEAD(cca_info_list);
46static DEFINE_SPINLOCK(cca_info_list_lock);
47
48
49
50
51
52
53int cca_check_secaeskeytoken(debug_info_t *dbg, int dbflvl,
54 const u8 *token, int keybitsize)
55{
56 struct secaeskeytoken *t = (struct secaeskeytoken *) token;
57
58#define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
59
60 if (t->type != TOKTYPE_CCA_INTERNAL) {
61 if (dbg)
62 DBF("%s token check failed, type 0x%02x != 0x%02x\n",
63 __func__, (int) t->type, TOKTYPE_CCA_INTERNAL);
64 return -EINVAL;
65 }
66 if (t->version != TOKVER_CCA_AES) {
67 if (dbg)
68 DBF("%s token check failed, version 0x%02x != 0x%02x\n",
69 __func__, (int) t->version, TOKVER_CCA_AES);
70 return -EINVAL;
71 }
72 if (keybitsize > 0 && t->bitsize != keybitsize) {
73 if (dbg)
74 DBF("%s token check failed, bitsize %d != %d\n",
75 __func__, (int) t->bitsize, keybitsize);
76 return -EINVAL;
77 }
78
79#undef DBF
80
81 return 0;
82}
83EXPORT_SYMBOL(cca_check_secaeskeytoken);
84
85
86
87
88
89
90
91
92int cca_check_secaescipherkey(debug_info_t *dbg, int dbflvl,
93 const u8 *token, int keybitsize,
94 int checkcpacfexport)
95{
96 struct cipherkeytoken *t = (struct cipherkeytoken *) token;
97 bool keybitsizeok = true;
98
99#define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
100
101 if (t->type != TOKTYPE_CCA_INTERNAL) {
102 if (dbg)
103 DBF("%s token check failed, type 0x%02x != 0x%02x\n",
104 __func__, (int) t->type, TOKTYPE_CCA_INTERNAL);
105 return -EINVAL;
106 }
107 if (t->version != TOKVER_CCA_VLSC) {
108 if (dbg)
109 DBF("%s token check failed, version 0x%02x != 0x%02x\n",
110 __func__, (int) t->version, TOKVER_CCA_VLSC);
111 return -EINVAL;
112 }
113 if (t->algtype != 0x02) {
114 if (dbg)
115 DBF("%s token check failed, algtype 0x%02x != 0x02\n",
116 __func__, (int) t->algtype);
117 return -EINVAL;
118 }
119 if (t->keytype != 0x0001) {
120 if (dbg)
121 DBF("%s token check failed, keytype 0x%04x != 0x0001\n",
122 __func__, (int) t->keytype);
123 return -EINVAL;
124 }
125 if (t->plfver != 0x00 && t->plfver != 0x01) {
126 if (dbg)
127 DBF("%s token check failed, unknown plfver 0x%02x\n",
128 __func__, (int) t->plfver);
129 return -EINVAL;
130 }
131 if (t->wpllen != 512 && t->wpllen != 576 && t->wpllen != 640) {
132 if (dbg)
133 DBF("%s token check failed, unknown wpllen %d\n",
134 __func__, (int) t->wpllen);
135 return -EINVAL;
136 }
137 if (keybitsize > 0) {
138 switch (keybitsize) {
139 case 128:
140 if (t->wpllen != (t->plfver ? 640 : 512))
141 keybitsizeok = false;
142 break;
143 case 192:
144 if (t->wpllen != (t->plfver ? 640 : 576))
145 keybitsizeok = false;
146 break;
147 case 256:
148 if (t->wpllen != 640)
149 keybitsizeok = false;
150 break;
151 default:
152 keybitsizeok = false;
153 break;
154 }
155 if (!keybitsizeok) {
156 if (dbg)
157 DBF("%s token check failed, bitsize %d\n",
158 __func__, keybitsize);
159 return -EINVAL;
160 }
161 }
162 if (checkcpacfexport && !(t->kmf1 & KMF1_XPRT_CPAC)) {
163 if (dbg)
164 DBF("%s token check failed, XPRT_CPAC bit is 0\n",
165 __func__);
166 return -EINVAL;
167 }
168
169#undef DBF
170
171 return 0;
172}
173EXPORT_SYMBOL(cca_check_secaescipherkey);
174
175
176
177
178
179
180
181static int alloc_and_prep_cprbmem(size_t paramblen,
182 u8 **pcprbmem,
183 struct CPRBX **preqCPRB,
184 struct CPRBX **prepCPRB)
185{
186 u8 *cprbmem;
187 size_t cprbplusparamblen = sizeof(struct CPRBX) + paramblen;
188 struct CPRBX *preqcblk, *prepcblk;
189
190
191
192
193
194 cprbmem = kcalloc(2, cprbplusparamblen, GFP_KERNEL);
195 if (!cprbmem)
196 return -ENOMEM;
197
198 preqcblk = (struct CPRBX *) cprbmem;
199 prepcblk = (struct CPRBX *) (cprbmem + cprbplusparamblen);
200
201
202 preqcblk->cprb_len = sizeof(struct CPRBX);
203 preqcblk->cprb_ver_id = 0x02;
204 memcpy(preqcblk->func_id, "T2", 2);
205 preqcblk->rpl_msgbl = cprbplusparamblen;
206 if (paramblen) {
207 preqcblk->req_parmb =
208 ((u8 *) preqcblk) + sizeof(struct CPRBX);
209 preqcblk->rpl_parmb =
210 ((u8 *) prepcblk) + sizeof(struct CPRBX);
211 }
212
213 *pcprbmem = cprbmem;
214 *preqCPRB = preqcblk;
215 *prepCPRB = prepcblk;
216
217 return 0;
218}
219
220
221
222
223
224
225
226static void free_cprbmem(void *mem, size_t paramblen, int scrub)
227{
228 if (scrub)
229 memzero_explicit(mem, 2 * (sizeof(struct CPRBX) + paramblen));
230 kfree(mem);
231}
232
233
234
235
236static inline void prep_xcrb(struct ica_xcRB *pxcrb,
237 u16 cardnr,
238 struct CPRBX *preqcblk,
239 struct CPRBX *prepcblk)
240{
241 memset(pxcrb, 0, sizeof(*pxcrb));
242 pxcrb->agent_ID = 0x4341;
243 pxcrb->user_defined = (cardnr == 0xFFFF ? AUTOSELECT : cardnr);
244 pxcrb->request_control_blk_length =
245 preqcblk->cprb_len + preqcblk->req_parml;
246 pxcrb->request_control_blk_addr = (void __user *) preqcblk;
247 pxcrb->reply_control_blk_length = preqcblk->rpl_msgbl;
248 pxcrb->reply_control_blk_addr = (void __user *) prepcblk;
249}
250
251
252
253
254
255
256
257static inline int _zcrypt_send_cprb(struct ica_xcRB *xcrb)
258{
259 int rc;
260 mm_segment_t old_fs = get_fs();
261
262 set_fs(KERNEL_DS);
263 rc = zcrypt_send_cprb(xcrb);
264 set_fs(old_fs);
265
266 return rc;
267}
268
269
270
271
272int cca_genseckey(u16 cardnr, u16 domain,
273 u32 keybitsize, u8 seckey[SECKEYBLOBSIZE])
274{
275 int i, rc, keysize;
276 int seckeysize;
277 u8 *mem;
278 struct CPRBX *preqcblk, *prepcblk;
279 struct ica_xcRB xcrb;
280 struct kgreqparm {
281 u8 subfunc_code[2];
282 u16 rule_array_len;
283 struct lv1 {
284 u16 len;
285 char key_form[8];
286 char key_length[8];
287 char key_type1[8];
288 char key_type2[8];
289 } lv1;
290 struct lv2 {
291 u16 len;
292 struct keyid {
293 u16 len;
294 u16 attr;
295 u8 data[SECKEYBLOBSIZE];
296 } keyid[6];
297 } lv2;
298 } __packed * preqparm;
299 struct kgrepparm {
300 u8 subfunc_code[2];
301 u16 rule_array_len;
302 struct lv3 {
303 u16 len;
304 u16 keyblocklen;
305 struct {
306 u16 toklen;
307 u16 tokattr;
308 u8 tok[0];
309
310 } keyblock;
311 } lv3;
312 } __packed * prepparm;
313
314
315 rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
316 if (rc)
317 return rc;
318
319
320 preqcblk->domain = domain;
321
322
323 preqparm = (struct kgreqparm *) preqcblk->req_parmb;
324 memcpy(preqparm->subfunc_code, "KG", 2);
325 preqparm->rule_array_len = sizeof(preqparm->rule_array_len);
326 preqparm->lv1.len = sizeof(struct lv1);
327 memcpy(preqparm->lv1.key_form, "OP ", 8);
328 switch (keybitsize) {
329 case PKEY_SIZE_AES_128:
330 case PKEY_KEYTYPE_AES_128:
331 keysize = 16;
332 memcpy(preqparm->lv1.key_length, "KEYLN16 ", 8);
333 break;
334 case PKEY_SIZE_AES_192:
335 case PKEY_KEYTYPE_AES_192:
336 keysize = 24;
337 memcpy(preqparm->lv1.key_length, "KEYLN24 ", 8);
338 break;
339 case PKEY_SIZE_AES_256:
340 case PKEY_KEYTYPE_AES_256:
341 keysize = 32;
342 memcpy(preqparm->lv1.key_length, "KEYLN32 ", 8);
343 break;
344 default:
345 DEBUG_ERR("%s unknown/unsupported keybitsize %d\n",
346 __func__, keybitsize);
347 rc = -EINVAL;
348 goto out;
349 }
350 memcpy(preqparm->lv1.key_type1, "AESDATA ", 8);
351 preqparm->lv2.len = sizeof(struct lv2);
352 for (i = 0; i < 6; i++) {
353 preqparm->lv2.keyid[i].len = sizeof(struct keyid);
354 preqparm->lv2.keyid[i].attr = (i == 2 ? 0x30 : 0x10);
355 }
356 preqcblk->req_parml = sizeof(struct kgreqparm);
357
358
359 prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
360
361
362 rc = _zcrypt_send_cprb(&xcrb);
363 if (rc) {
364 DEBUG_ERR("%s zcrypt_send_cprb (cardnr=%d domain=%d) failed, errno %d\n",
365 __func__, (int) cardnr, (int) domain, rc);
366 goto out;
367 }
368
369
370 if (prepcblk->ccp_rtcode != 0) {
371 DEBUG_ERR("%s secure key generate failure, card response %d/%d\n",
372 __func__,
373 (int) prepcblk->ccp_rtcode,
374 (int) prepcblk->ccp_rscode);
375 rc = -EIO;
376 goto out;
377 }
378
379
380 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
381 prepparm = (struct kgrepparm *) prepcblk->rpl_parmb;
382
383
384 seckeysize = prepparm->lv3.keyblock.toklen
385 - sizeof(prepparm->lv3.keyblock.toklen)
386 - sizeof(prepparm->lv3.keyblock.tokattr);
387 if (seckeysize != SECKEYBLOBSIZE) {
388 DEBUG_ERR("%s secure token size mismatch %d != %d bytes\n",
389 __func__, seckeysize, SECKEYBLOBSIZE);
390 rc = -EIO;
391 goto out;
392 }
393
394
395 rc = cca_check_secaeskeytoken(zcrypt_dbf_info, DBF_ERR,
396 prepparm->lv3.keyblock.tok, 8*keysize);
397 if (rc) {
398 rc = -EIO;
399 goto out;
400 }
401
402
403 memcpy(seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE);
404
405out:
406 free_cprbmem(mem, PARMBSIZE, 0);
407 return rc;
408}
409EXPORT_SYMBOL(cca_genseckey);
410
411
412
413
414int cca_clr2seckey(u16 cardnr, u16 domain, u32 keybitsize,
415 const u8 *clrkey, u8 seckey[SECKEYBLOBSIZE])
416{
417 int rc, keysize, seckeysize;
418 u8 *mem;
419 struct CPRBX *preqcblk, *prepcblk;
420 struct ica_xcRB xcrb;
421 struct cmreqparm {
422 u8 subfunc_code[2];
423 u16 rule_array_len;
424 char rule_array[8];
425 struct lv1 {
426 u16 len;
427 u8 clrkey[0];
428 } lv1;
429 struct lv2 {
430 u16 len;
431 struct keyid {
432 u16 len;
433 u16 attr;
434 u8 data[SECKEYBLOBSIZE];
435 } keyid;
436 } lv2;
437 } __packed * preqparm;
438 struct lv2 *plv2;
439 struct cmrepparm {
440 u8 subfunc_code[2];
441 u16 rule_array_len;
442 struct lv3 {
443 u16 len;
444 u16 keyblocklen;
445 struct {
446 u16 toklen;
447 u16 tokattr;
448 u8 tok[0];
449
450 } keyblock;
451 } lv3;
452 } __packed * prepparm;
453
454
455 rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
456 if (rc)
457 return rc;
458
459
460 preqcblk->domain = domain;
461
462
463 preqparm = (struct cmreqparm *) preqcblk->req_parmb;
464 memcpy(preqparm->subfunc_code, "CM", 2);
465 memcpy(preqparm->rule_array, "AES ", 8);
466 preqparm->rule_array_len =
467 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array);
468 switch (keybitsize) {
469 case PKEY_SIZE_AES_128:
470 case PKEY_KEYTYPE_AES_128:
471 keysize = 16;
472 break;
473 case PKEY_SIZE_AES_192:
474 case PKEY_KEYTYPE_AES_192:
475 keysize = 24;
476 break;
477 case PKEY_SIZE_AES_256:
478 case PKEY_KEYTYPE_AES_256:
479 keysize = 32;
480 break;
481 default:
482 DEBUG_ERR("%s unknown/unsupported keybitsize %d\n",
483 __func__, keybitsize);
484 rc = -EINVAL;
485 goto out;
486 }
487 preqparm->lv1.len = sizeof(struct lv1) + keysize;
488 memcpy(preqparm->lv1.clrkey, clrkey, keysize);
489 plv2 = (struct lv2 *) (((u8 *) &preqparm->lv2) + keysize);
490 plv2->len = sizeof(struct lv2);
491 plv2->keyid.len = sizeof(struct keyid);
492 plv2->keyid.attr = 0x30;
493 preqcblk->req_parml = sizeof(struct cmreqparm) + keysize;
494
495
496 prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
497
498
499 rc = _zcrypt_send_cprb(&xcrb);
500 if (rc) {
501 DEBUG_ERR("%s zcrypt_send_cprb (cardnr=%d domain=%d) failed, rc=%d\n",
502 __func__, (int) cardnr, (int) domain, rc);
503 goto out;
504 }
505
506
507 if (prepcblk->ccp_rtcode != 0) {
508 DEBUG_ERR("%s clear key import failure, card response %d/%d\n",
509 __func__,
510 (int) prepcblk->ccp_rtcode,
511 (int) prepcblk->ccp_rscode);
512 rc = -EIO;
513 goto out;
514 }
515
516
517 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
518 prepparm = (struct cmrepparm *) prepcblk->rpl_parmb;
519
520
521 seckeysize = prepparm->lv3.keyblock.toklen
522 - sizeof(prepparm->lv3.keyblock.toklen)
523 - sizeof(prepparm->lv3.keyblock.tokattr);
524 if (seckeysize != SECKEYBLOBSIZE) {
525 DEBUG_ERR("%s secure token size mismatch %d != %d bytes\n",
526 __func__, seckeysize, SECKEYBLOBSIZE);
527 rc = -EIO;
528 goto out;
529 }
530
531
532 rc = cca_check_secaeskeytoken(zcrypt_dbf_info, DBF_ERR,
533 prepparm->lv3.keyblock.tok, 8*keysize);
534 if (rc) {
535 rc = -EIO;
536 goto out;
537 }
538
539
540 if (seckey)
541 memcpy(seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE);
542
543out:
544 free_cprbmem(mem, PARMBSIZE, 1);
545 return rc;
546}
547EXPORT_SYMBOL(cca_clr2seckey);
548
549
550
551
552int cca_sec2protkey(u16 cardnr, u16 domain,
553 const u8 seckey[SECKEYBLOBSIZE],
554 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
555{
556 int rc;
557 u8 *mem;
558 struct CPRBX *preqcblk, *prepcblk;
559 struct ica_xcRB xcrb;
560 struct uskreqparm {
561 u8 subfunc_code[2];
562 u16 rule_array_len;
563 struct lv1 {
564 u16 len;
565 u16 attr_len;
566 u16 attr_flags;
567 } lv1;
568 struct lv2 {
569 u16 len;
570 u16 attr_len;
571 u16 attr_flags;
572 u8 token[0];
573 } lv2;
574 } __packed * preqparm;
575 struct uskrepparm {
576 u8 subfunc_code[2];
577 u16 rule_array_len;
578 struct lv3 {
579 u16 len;
580 u16 attr_len;
581 u16 attr_flags;
582 struct cpacfkeyblock {
583 u8 version;
584 u8 flags[2];
585 u8 algo;
586 u8 form;
587 u8 pad1[3];
588 u16 len;
589 u8 key[64];
590 u16 keyattrlen;
591 u8 keyattr[32];
592 u8 pad2[1];
593 u8 vptype;
594 u8 vp[32];
595 } keyblock;
596 } lv3;
597 } __packed * prepparm;
598
599
600 rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
601 if (rc)
602 return rc;
603
604
605 preqcblk->domain = domain;
606
607
608 preqparm = (struct uskreqparm *) preqcblk->req_parmb;
609 memcpy(preqparm->subfunc_code, "US", 2);
610 preqparm->rule_array_len = sizeof(preqparm->rule_array_len);
611 preqparm->lv1.len = sizeof(struct lv1);
612 preqparm->lv1.attr_len = sizeof(struct lv1) - sizeof(preqparm->lv1.len);
613 preqparm->lv1.attr_flags = 0x0001;
614 preqparm->lv2.len = sizeof(struct lv2) + SECKEYBLOBSIZE;
615 preqparm->lv2.attr_len = sizeof(struct lv2)
616 - sizeof(preqparm->lv2.len) + SECKEYBLOBSIZE;
617 preqparm->lv2.attr_flags = 0x0000;
618 memcpy(preqparm->lv2.token, seckey, SECKEYBLOBSIZE);
619 preqcblk->req_parml = sizeof(struct uskreqparm) + SECKEYBLOBSIZE;
620
621
622 prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
623
624
625 rc = _zcrypt_send_cprb(&xcrb);
626 if (rc) {
627 DEBUG_ERR("%s zcrypt_send_cprb (cardnr=%d domain=%d) failed, rc=%d\n",
628 __func__, (int) cardnr, (int) domain, rc);
629 goto out;
630 }
631
632
633 if (prepcblk->ccp_rtcode != 0) {
634 DEBUG_ERR("%s unwrap secure key failure, card response %d/%d\n",
635 __func__,
636 (int) prepcblk->ccp_rtcode,
637 (int) prepcblk->ccp_rscode);
638 rc = -EIO;
639 goto out;
640 }
641 if (prepcblk->ccp_rscode != 0) {
642 DEBUG_WARN("%s unwrap secure key warning, card response %d/%d\n",
643 __func__,
644 (int) prepcblk->ccp_rtcode,
645 (int) prepcblk->ccp_rscode);
646 }
647
648
649 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
650 prepparm = (struct uskrepparm *) prepcblk->rpl_parmb;
651
652
653 if (prepparm->lv3.keyblock.version != 0x01) {
654 DEBUG_ERR("%s reply param keyblock version mismatch 0x%02x != 0x01\n",
655 __func__, (int) prepparm->lv3.keyblock.version);
656 rc = -EIO;
657 goto out;
658 }
659
660
661 switch (prepparm->lv3.keyblock.len) {
662 case 16+32:
663
664 if (protkeytype)
665 *protkeytype = PKEY_KEYTYPE_AES_128;
666 break;
667 case 24+32:
668
669 if (protkeytype)
670 *protkeytype = PKEY_KEYTYPE_AES_192;
671 break;
672 case 32+32:
673
674 if (protkeytype)
675 *protkeytype = PKEY_KEYTYPE_AES_256;
676 break;
677 default:
678 DEBUG_ERR("%s unknown/unsupported keylen %d\n",
679 __func__, prepparm->lv3.keyblock.len);
680 rc = -EIO;
681 goto out;
682 }
683 memcpy(protkey, prepparm->lv3.keyblock.key, prepparm->lv3.keyblock.len);
684 if (protkeylen)
685 *protkeylen = prepparm->lv3.keyblock.len;
686
687out:
688 free_cprbmem(mem, PARMBSIZE, 0);
689 return rc;
690}
691EXPORT_SYMBOL(cca_sec2protkey);
692
693
694
695
696
697
698
699static const u8 aes_cipher_key_skeleton[] = {
700 0x01, 0x00, 0x00, 0x38, 0x05, 0x00, 0x00, 0x00,
701 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
702 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
703 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
704 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
705 0x00, 0x02, 0x00, 0x01, 0x02, 0xc0, 0x00, 0xff,
706 0x00, 0x03, 0x08, 0xc8, 0x00, 0x00, 0x00, 0x00 };
707#define SIZEOF_SKELETON (sizeof(aes_cipher_key_skeleton))
708
709
710
711
712int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
713 u8 *keybuf, size_t *keybufsize)
714{
715 int rc;
716 u8 *mem;
717 struct CPRBX *preqcblk, *prepcblk;
718 struct ica_xcRB xcrb;
719 struct gkreqparm {
720 u8 subfunc_code[2];
721 u16 rule_array_len;
722 char rule_array[2*8];
723 struct {
724 u16 len;
725 u8 key_type_1[8];
726 u8 key_type_2[8];
727 u16 clear_key_bit_len;
728 u16 key_name_1_len;
729 u16 key_name_2_len;
730 u16 user_data_1_len;
731 u16 user_data_2_len;
732 u8 key_name_1[0];
733 u8 key_name_2[0];
734 u8 user_data_1[0];
735 u8 user_data_2[0];
736 } vud;
737 struct {
738 u16 len;
739 struct {
740 u16 len;
741 u16 flag;
742 u8 kek_id_1[0];
743 } tlv1;
744 struct {
745 u16 len;
746 u16 flag;
747 u8 kek_id_2[0];
748 } tlv2;
749 struct {
750 u16 len;
751 u16 flag;
752 u8 gen_key_id_1[SIZEOF_SKELETON];
753 } tlv3;
754 struct {
755 u16 len;
756 u16 flag;
757 u8 gen_key_id_1_label[0];
758 } tlv4;
759 struct {
760 u16 len;
761 u16 flag;
762 u8 gen_key_id_2[0];
763 } tlv5;
764 struct {
765 u16 len;
766 u16 flag;
767 u8 gen_key_id_2_label[0];
768 } tlv6;
769 } kb;
770 } __packed * preqparm;
771 struct gkrepparm {
772 u8 subfunc_code[2];
773 u16 rule_array_len;
774 struct {
775 u16 len;
776 } vud;
777 struct {
778 u16 len;
779 struct {
780 u16 len;
781 u16 flag;
782 u8 gen_key[0];
783 } tlv1;
784 } kb;
785 } __packed * prepparm;
786 struct cipherkeytoken *t;
787
788
789 rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
790 if (rc)
791 return rc;
792
793
794 preqcblk->domain = domain;
795 preqcblk->req_parml = sizeof(struct gkreqparm);
796
797
798 preqparm = (struct gkreqparm *) preqcblk->req_parmb;
799 memcpy(preqparm->subfunc_code, "GK", 2);
800 preqparm->rule_array_len = sizeof(uint16_t) + 2 * 8;
801 memcpy(preqparm->rule_array, "AES OP ", 2*8);
802
803
804 preqparm->vud.len = sizeof(preqparm->vud);
805 switch (keybitsize) {
806 case 128:
807 case 192:
808 case 256:
809 break;
810 default:
811 DEBUG_ERR(
812 "%s unknown/unsupported keybitsize %d\n",
813 __func__, keybitsize);
814 rc = -EINVAL;
815 goto out;
816 }
817 preqparm->vud.clear_key_bit_len = keybitsize;
818 memcpy(preqparm->vud.key_type_1, "TOKEN ", 8);
819 memset(preqparm->vud.key_type_2, ' ', sizeof(preqparm->vud.key_type_2));
820
821
822 preqparm->kb.len = sizeof(preqparm->kb);
823 preqparm->kb.tlv1.len = sizeof(preqparm->kb.tlv1);
824 preqparm->kb.tlv1.flag = 0x0030;
825 preqparm->kb.tlv2.len = sizeof(preqparm->kb.tlv2);
826 preqparm->kb.tlv2.flag = 0x0030;
827 preqparm->kb.tlv3.len = sizeof(preqparm->kb.tlv3);
828 preqparm->kb.tlv3.flag = 0x0030;
829 memcpy(preqparm->kb.tlv3.gen_key_id_1,
830 aes_cipher_key_skeleton, SIZEOF_SKELETON);
831 preqparm->kb.tlv4.len = sizeof(preqparm->kb.tlv4);
832 preqparm->kb.tlv4.flag = 0x0030;
833 preqparm->kb.tlv5.len = sizeof(preqparm->kb.tlv5);
834 preqparm->kb.tlv5.flag = 0x0030;
835 preqparm->kb.tlv6.len = sizeof(preqparm->kb.tlv6);
836 preqparm->kb.tlv6.flag = 0x0030;
837
838
839 if (keygenflags) {
840 t = (struct cipherkeytoken *) preqparm->kb.tlv3.gen_key_id_1;
841 t->kmf1 |= (u16) (keygenflags & 0x0000FF00);
842 t->kmf1 &= (u16) ~(keygenflags & 0x000000FF);
843 }
844
845
846 prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
847
848
849 rc = _zcrypt_send_cprb(&xcrb);
850 if (rc) {
851 DEBUG_ERR(
852 "%s zcrypt_send_cprb (cardnr=%d domain=%d) failed, rc=%d\n",
853 __func__, (int) cardnr, (int) domain, rc);
854 goto out;
855 }
856
857
858 if (prepcblk->ccp_rtcode != 0) {
859 DEBUG_ERR(
860 "%s cipher key generate failure, card response %d/%d\n",
861 __func__,
862 (int) prepcblk->ccp_rtcode,
863 (int) prepcblk->ccp_rscode);
864 rc = -EIO;
865 goto out;
866 }
867
868
869 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
870 prepparm = (struct gkrepparm *) prepcblk->rpl_parmb;
871
872
873 if (prepparm->kb.len < 120 + 5 * sizeof(uint16_t) ||
874 prepparm->kb.len > 136 + 5 * sizeof(uint16_t)) {
875 DEBUG_ERR("%s reply with invalid or unknown key block\n",
876 __func__);
877 rc = -EIO;
878 goto out;
879 }
880
881
882 rc = cca_check_secaescipherkey(zcrypt_dbf_info, DBF_ERR,
883 prepparm->kb.tlv1.gen_key,
884 keybitsize, 1);
885 if (rc) {
886 rc = -EIO;
887 goto out;
888 }
889
890
891 t = (struct cipherkeytoken *) prepparm->kb.tlv1.gen_key;
892 if (keybuf) {
893 if (*keybufsize >= t->len)
894 memcpy(keybuf, t, t->len);
895 else
896 rc = -EINVAL;
897 }
898 *keybufsize = t->len;
899
900out:
901 free_cprbmem(mem, PARMBSIZE, 0);
902 return rc;
903}
904EXPORT_SYMBOL(cca_gencipherkey);
905
906
907
908
909static int _ip_cprb_helper(u16 cardnr, u16 domain,
910 const char *rule_array_1,
911 const char *rule_array_2,
912 const char *rule_array_3,
913 const u8 *clr_key_value,
914 int clr_key_bit_size,
915 u8 *key_token,
916 int *key_token_size)
917{
918 int rc, n;
919 u8 *mem;
920 struct CPRBX *preqcblk, *prepcblk;
921 struct ica_xcRB xcrb;
922 struct rule_array_block {
923 u8 subfunc_code[2];
924 u16 rule_array_len;
925 char rule_array[0];
926 } __packed * preq_ra_block;
927 struct vud_block {
928 u16 len;
929 struct {
930 u16 len;
931 u16 flag;
932 u16 clr_key_bit_len;
933 } tlv1;
934 struct {
935 u16 len;
936 u16 flag;
937 u8 clr_key[0];
938 } tlv2;
939 } __packed * preq_vud_block;
940 struct key_block {
941 u16 len;
942 struct {
943 u16 len;
944 u16 flag;
945 u8 key_token[0];
946 } tlv1;
947 } __packed * preq_key_block;
948 struct iprepparm {
949 u8 subfunc_code[2];
950 u16 rule_array_len;
951 struct {
952 u16 len;
953 } vud;
954 struct {
955 u16 len;
956 struct {
957 u16 len;
958 u16 flag;
959 u8 key_token[0];
960 } tlv1;
961 } kb;
962 } __packed * prepparm;
963 struct cipherkeytoken *t;
964 int complete = strncmp(rule_array_2, "COMPLETE", 8) ? 0 : 1;
965
966
967 rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
968 if (rc)
969 return rc;
970
971
972 preqcblk->domain = domain;
973 preqcblk->req_parml = 0;
974
975
976 preq_ra_block = (struct rule_array_block *) preqcblk->req_parmb;
977 memcpy(preq_ra_block->subfunc_code, "IP", 2);
978 preq_ra_block->rule_array_len = sizeof(uint16_t) + 2 * 8;
979 memcpy(preq_ra_block->rule_array, rule_array_1, 8);
980 memcpy(preq_ra_block->rule_array + 8, rule_array_2, 8);
981 preqcblk->req_parml = sizeof(struct rule_array_block) + 2 * 8;
982 if (rule_array_3) {
983 preq_ra_block->rule_array_len += 8;
984 memcpy(preq_ra_block->rule_array + 16, rule_array_3, 8);
985 preqcblk->req_parml += 8;
986 }
987
988
989 preq_vud_block = (struct vud_block *)
990 (preqcblk->req_parmb + preqcblk->req_parml);
991 n = complete ? 0 : (clr_key_bit_size + 7) / 8;
992 preq_vud_block->len = sizeof(struct vud_block) + n;
993 preq_vud_block->tlv1.len = sizeof(preq_vud_block->tlv1);
994 preq_vud_block->tlv1.flag = 0x0064;
995 preq_vud_block->tlv1.clr_key_bit_len = complete ? 0 : clr_key_bit_size;
996 preq_vud_block->tlv2.len = sizeof(preq_vud_block->tlv2) + n;
997 preq_vud_block->tlv2.flag = 0x0063;
998 if (!complete)
999 memcpy(preq_vud_block->tlv2.clr_key, clr_key_value, n);
1000 preqcblk->req_parml += preq_vud_block->len;
1001
1002
1003 preq_key_block = (struct key_block *)
1004 (preqcblk->req_parmb + preqcblk->req_parml);
1005 n = *key_token_size;
1006 preq_key_block->len = sizeof(struct key_block) + n;
1007 preq_key_block->tlv1.len = sizeof(preq_key_block->tlv1) + n;
1008 preq_key_block->tlv1.flag = 0x0030;
1009 memcpy(preq_key_block->tlv1.key_token, key_token, *key_token_size);
1010 preqcblk->req_parml += preq_key_block->len;
1011
1012
1013 prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
1014
1015
1016 rc = _zcrypt_send_cprb(&xcrb);
1017 if (rc) {
1018 DEBUG_ERR(
1019 "%s zcrypt_send_cprb (cardnr=%d domain=%d) failed, rc=%d\n",
1020 __func__, (int) cardnr, (int) domain, rc);
1021 goto out;
1022 }
1023
1024
1025 if (prepcblk->ccp_rtcode != 0) {
1026 DEBUG_ERR(
1027 "%s CSNBKPI2 failure, card response %d/%d\n",
1028 __func__,
1029 (int) prepcblk->ccp_rtcode,
1030 (int) prepcblk->ccp_rscode);
1031 rc = -EIO;
1032 goto out;
1033 }
1034
1035
1036 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
1037 prepparm = (struct iprepparm *) prepcblk->rpl_parmb;
1038
1039
1040 if (prepparm->kb.len < 120 + 5 * sizeof(uint16_t) ||
1041 prepparm->kb.len > 136 + 5 * sizeof(uint16_t)) {
1042 DEBUG_ERR("%s reply with invalid or unknown key block\n",
1043 __func__);
1044 rc = -EIO;
1045 goto out;
1046 }
1047
1048
1049
1050
1051 t = (struct cipherkeytoken *) prepparm->kb.tlv1.key_token;
1052 memcpy(key_token, t, t->len);
1053 *key_token_size = t->len;
1054
1055out:
1056 free_cprbmem(mem, PARMBSIZE, 0);
1057 return rc;
1058}
1059
1060
1061
1062
1063int cca_clr2cipherkey(u16 card, u16 dom, u32 keybitsize, u32 keygenflags,
1064 const u8 *clrkey, u8 *keybuf, size_t *keybufsize)
1065{
1066 int rc;
1067 u8 *token;
1068 int tokensize;
1069 u8 exorbuf[32];
1070 struct cipherkeytoken *t;
1071
1072
1073 get_random_bytes(exorbuf, sizeof(exorbuf));
1074
1075
1076 token = kmalloc(MAXCCAVLSCTOKENSIZE, GFP_KERNEL);
1077 if (!token)
1078 return -ENOMEM;
1079
1080
1081 tokensize = SIZEOF_SKELETON;
1082 memcpy(token, aes_cipher_key_skeleton, tokensize);
1083
1084
1085 if (keygenflags) {
1086 t = (struct cipherkeytoken *) token;
1087 t->kmf1 |= (u16) (keygenflags & 0x0000FF00);
1088 t->kmf1 &= (u16) ~(keygenflags & 0x000000FF);
1089 }
1090
1091
1092
1093
1094
1095
1096
1097
1098 rc = _ip_cprb_helper(card, dom, "AES ", "FIRST ", "MIN3PART",
1099 exorbuf, keybitsize, token, &tokensize);
1100 if (rc) {
1101 DEBUG_ERR(
1102 "%s clear key import 1/4 with CSNBKPI2 failed, rc=%d\n",
1103 __func__, rc);
1104 goto out;
1105 }
1106 rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL,
1107 clrkey, keybitsize, token, &tokensize);
1108 if (rc) {
1109 DEBUG_ERR(
1110 "%s clear key import 2/4 with CSNBKPI2 failed, rc=%d\n",
1111 __func__, rc);
1112 goto out;
1113 }
1114 rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL,
1115 exorbuf, keybitsize, token, &tokensize);
1116 if (rc) {
1117 DEBUG_ERR(
1118 "%s clear key import 3/4 with CSNBKPI2 failed, rc=%d\n",
1119 __func__, rc);
1120 goto out;
1121 }
1122 rc = _ip_cprb_helper(card, dom, "AES ", "COMPLETE", NULL,
1123 NULL, keybitsize, token, &tokensize);
1124 if (rc) {
1125 DEBUG_ERR(
1126 "%s clear key import 4/4 with CSNBKPI2 failed, rc=%d\n",
1127 __func__, rc);
1128 goto out;
1129 }
1130
1131
1132 if (keybuf) {
1133 if (tokensize > *keybufsize)
1134 rc = -EINVAL;
1135 else
1136 memcpy(keybuf, token, tokensize);
1137 }
1138 *keybufsize = tokensize;
1139
1140out:
1141 kfree(token);
1142 return rc;
1143}
1144EXPORT_SYMBOL(cca_clr2cipherkey);
1145
1146
1147
1148
1149int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey,
1150 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
1151{
1152 int rc;
1153 u8 *mem;
1154 struct CPRBX *preqcblk, *prepcblk;
1155 struct ica_xcRB xcrb;
1156 struct aureqparm {
1157 u8 subfunc_code[2];
1158 u16 rule_array_len;
1159 u8 rule_array[8];
1160 struct {
1161 u16 len;
1162 u16 tk_blob_len;
1163 u16 tk_blob_tag;
1164 u8 tk_blob[66];
1165 } vud;
1166 struct {
1167 u16 len;
1168 u16 cca_key_token_len;
1169 u16 cca_key_token_flags;
1170 u8 cca_key_token[0];
1171 } kb;
1172 } __packed * preqparm;
1173 struct aurepparm {
1174 u8 subfunc_code[2];
1175 u16 rule_array_len;
1176 struct {
1177 u16 len;
1178 u16 sublen;
1179 u16 tag;
1180 struct cpacfkeyblock {
1181 u8 version;
1182 u8 flags[2];
1183 u8 algo;
1184 u8 form;
1185 u8 pad1[3];
1186 u16 keylen;
1187 u8 key[64];
1188 u16 keyattrlen;
1189 u8 keyattr[32];
1190 u8 pad2[1];
1191 u8 vptype;
1192 u8 vp[32];
1193 } ckb;
1194 } vud;
1195 struct {
1196 u16 len;
1197 } kb;
1198 } __packed * prepparm;
1199 int keytoklen = ((struct cipherkeytoken *)ckey)->len;
1200
1201
1202 rc = alloc_and_prep_cprbmem(PARMBSIZE, &mem, &preqcblk, &prepcblk);
1203 if (rc)
1204 return rc;
1205
1206
1207 preqcblk->domain = domain;
1208
1209
1210 preqparm = (struct aureqparm *) preqcblk->req_parmb;
1211 memcpy(preqparm->subfunc_code, "AU", 2);
1212 preqparm->rule_array_len =
1213 sizeof(preqparm->rule_array_len)
1214 + sizeof(preqparm->rule_array);
1215 memcpy(preqparm->rule_array, "EXPT-SK ", 8);
1216
1217 preqparm->vud.len = sizeof(preqparm->vud);
1218 preqparm->vud.tk_blob_len = sizeof(preqparm->vud.tk_blob)
1219 + 2 * sizeof(uint16_t);
1220 preqparm->vud.tk_blob_tag = 0x00C2;
1221
1222 preqparm->kb.len = keytoklen + 3 * sizeof(uint16_t);
1223 preqparm->kb.cca_key_token_len = keytoklen + 2 * sizeof(uint16_t);
1224 memcpy(preqparm->kb.cca_key_token, ckey, keytoklen);
1225
1226 preqcblk->req_parml = sizeof(struct aureqparm) + keytoklen;
1227
1228
1229 prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
1230
1231
1232 rc = _zcrypt_send_cprb(&xcrb);
1233 if (rc) {
1234 DEBUG_ERR(
1235 "%s zcrypt_send_cprb (cardnr=%d domain=%d) failed, rc=%d\n",
1236 __func__, (int) cardnr, (int) domain, rc);
1237 goto out;
1238 }
1239
1240
1241 if (prepcblk->ccp_rtcode != 0) {
1242 DEBUG_ERR(
1243 "%s unwrap secure key failure, card response %d/%d\n",
1244 __func__,
1245 (int) prepcblk->ccp_rtcode,
1246 (int) prepcblk->ccp_rscode);
1247 rc = -EIO;
1248 goto out;
1249 }
1250 if (prepcblk->ccp_rscode != 0) {
1251 DEBUG_WARN(
1252 "%s unwrap secure key warning, card response %d/%d\n",
1253 __func__,
1254 (int) prepcblk->ccp_rtcode,
1255 (int) prepcblk->ccp_rscode);
1256 }
1257
1258
1259 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
1260 prepparm = (struct aurepparm *) prepcblk->rpl_parmb;
1261
1262
1263 if (prepparm->vud.ckb.version != 0x01) {
1264 DEBUG_ERR(
1265 "%s reply param keyblock version mismatch 0x%02x != 0x01\n",
1266 __func__, (int) prepparm->vud.ckb.version);
1267 rc = -EIO;
1268 goto out;
1269 }
1270 if (prepparm->vud.ckb.algo != 0x02) {
1271 DEBUG_ERR(
1272 "%s reply param keyblock algo mismatch 0x%02x != 0x02\n",
1273 __func__, (int) prepparm->vud.ckb.algo);
1274 rc = -EIO;
1275 goto out;
1276 }
1277
1278
1279 switch (prepparm->vud.ckb.keylen) {
1280 case 16+32:
1281
1282 if (protkeytype)
1283 *protkeytype = PKEY_KEYTYPE_AES_128;
1284 break;
1285 case 24+32:
1286
1287 if (protkeytype)
1288 *protkeytype = PKEY_KEYTYPE_AES_192;
1289 break;
1290 case 32+32:
1291
1292 if (protkeytype)
1293 *protkeytype = PKEY_KEYTYPE_AES_256;
1294 break;
1295 default:
1296 DEBUG_ERR("%s unknown/unsupported keylen %d\n",
1297 __func__, prepparm->vud.ckb.keylen);
1298 rc = -EIO;
1299 goto out;
1300 }
1301 memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen);
1302 if (protkeylen)
1303 *protkeylen = prepparm->vud.ckb.keylen;
1304
1305out:
1306 free_cprbmem(mem, PARMBSIZE, 0);
1307 return rc;
1308}
1309EXPORT_SYMBOL(cca_cipher2protkey);
1310
1311
1312
1313
1314int cca_query_crypto_facility(u16 cardnr, u16 domain,
1315 const char *keyword,
1316 u8 *rarray, size_t *rarraylen,
1317 u8 *varray, size_t *varraylen)
1318{
1319 int rc;
1320 u16 len;
1321 u8 *mem, *ptr;
1322 struct CPRBX *preqcblk, *prepcblk;
1323 struct ica_xcRB xcrb;
1324 struct fqreqparm {
1325 u8 subfunc_code[2];
1326 u16 rule_array_len;
1327 char rule_array[8];
1328 struct lv1 {
1329 u16 len;
1330 u8 data[VARDATASIZE];
1331 } lv1;
1332 u16 dummylen;
1333 } __packed * preqparm;
1334 size_t parmbsize = sizeof(struct fqreqparm);
1335 struct fqrepparm {
1336 u8 subfunc_code[2];
1337 u8 lvdata[0];
1338 } __packed * prepparm;
1339
1340
1341 rc = alloc_and_prep_cprbmem(parmbsize, &mem, &preqcblk, &prepcblk);
1342 if (rc)
1343 return rc;
1344
1345
1346 preqcblk->domain = domain;
1347
1348
1349 preqparm = (struct fqreqparm *) preqcblk->req_parmb;
1350 memcpy(preqparm->subfunc_code, "FQ", 2);
1351 memcpy(preqparm->rule_array, keyword, sizeof(preqparm->rule_array));
1352 preqparm->rule_array_len =
1353 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array);
1354 preqparm->lv1.len = sizeof(preqparm->lv1);
1355 preqparm->dummylen = sizeof(preqparm->dummylen);
1356 preqcblk->req_parml = parmbsize;
1357
1358
1359 prep_xcrb(&xcrb, cardnr, preqcblk, prepcblk);
1360
1361
1362 rc = _zcrypt_send_cprb(&xcrb);
1363 if (rc) {
1364 DEBUG_ERR("%s zcrypt_send_cprb (cardnr=%d domain=%d) failed, rc=%d\n",
1365 __func__, (int) cardnr, (int) domain, rc);
1366 goto out;
1367 }
1368
1369
1370 if (prepcblk->ccp_rtcode != 0) {
1371 DEBUG_ERR("%s unwrap secure key failure, card response %d/%d\n",
1372 __func__,
1373 (int) prepcblk->ccp_rtcode,
1374 (int) prepcblk->ccp_rscode);
1375 rc = -EIO;
1376 goto out;
1377 }
1378
1379
1380 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX);
1381 prepparm = (struct fqrepparm *) prepcblk->rpl_parmb;
1382 ptr = prepparm->lvdata;
1383
1384
1385 len = *((u16 *) ptr);
1386 if (len > sizeof(u16)) {
1387 ptr += sizeof(u16);
1388 len -= sizeof(u16);
1389 if (rarray && rarraylen && *rarraylen > 0) {
1390 *rarraylen = (len > *rarraylen ? *rarraylen : len);
1391 memcpy(rarray, ptr, *rarraylen);
1392 }
1393 ptr += len;
1394 }
1395
1396 len = *((u16 *) ptr);
1397 if (len > sizeof(u16)) {
1398 ptr += sizeof(u16);
1399 len -= sizeof(u16);
1400 if (varray && varraylen && *varraylen > 0) {
1401 *varraylen = (len > *varraylen ? *varraylen : len);
1402 memcpy(varray, ptr, *varraylen);
1403 }
1404 ptr += len;
1405 }
1406
1407out:
1408 free_cprbmem(mem, parmbsize, 0);
1409 return rc;
1410}
1411EXPORT_SYMBOL(cca_query_crypto_facility);
1412
1413static int cca_info_cache_fetch(u16 cardnr, u16 domain, struct cca_info *ci)
1414{
1415 int rc = -ENOENT;
1416 struct cca_info_list_entry *ptr;
1417
1418 spin_lock_bh(&cca_info_list_lock);
1419 list_for_each_entry(ptr, &cca_info_list, list) {
1420 if (ptr->cardnr == cardnr && ptr->domain == domain) {
1421 memcpy(ci, &ptr->info, sizeof(*ci));
1422 rc = 0;
1423 break;
1424 }
1425 }
1426 spin_unlock_bh(&cca_info_list_lock);
1427
1428 return rc;
1429}
1430
1431static void cca_info_cache_update(u16 cardnr, u16 domain,
1432 const struct cca_info *ci)
1433{
1434 int found = 0;
1435 struct cca_info_list_entry *ptr;
1436
1437 spin_lock_bh(&cca_info_list_lock);
1438 list_for_each_entry(ptr, &cca_info_list, list) {
1439 if (ptr->cardnr == cardnr &&
1440 ptr->domain == domain) {
1441 memcpy(&ptr->info, ci, sizeof(*ci));
1442 found = 1;
1443 break;
1444 }
1445 }
1446 if (!found) {
1447 ptr = kmalloc(sizeof(*ptr), GFP_ATOMIC);
1448 if (!ptr) {
1449 spin_unlock_bh(&cca_info_list_lock);
1450 return;
1451 }
1452 ptr->cardnr = cardnr;
1453 ptr->domain = domain;
1454 memcpy(&ptr->info, ci, sizeof(*ci));
1455 list_add(&ptr->list, &cca_info_list);
1456 }
1457 spin_unlock_bh(&cca_info_list_lock);
1458}
1459
1460static void cca_info_cache_scrub(u16 cardnr, u16 domain)
1461{
1462 struct cca_info_list_entry *ptr;
1463
1464 spin_lock_bh(&cca_info_list_lock);
1465 list_for_each_entry(ptr, &cca_info_list, list) {
1466 if (ptr->cardnr == cardnr &&
1467 ptr->domain == domain) {
1468 list_del(&ptr->list);
1469 kfree(ptr);
1470 break;
1471 }
1472 }
1473 spin_unlock_bh(&cca_info_list_lock);
1474}
1475
1476static void __exit mkvp_cache_free(void)
1477{
1478 struct cca_info_list_entry *ptr, *pnext;
1479
1480 spin_lock_bh(&cca_info_list_lock);
1481 list_for_each_entry_safe(ptr, pnext, &cca_info_list, list) {
1482 list_del(&ptr->list);
1483 kfree(ptr);
1484 }
1485 spin_unlock_bh(&cca_info_list_lock);
1486}
1487
1488
1489
1490
1491static int fetch_cca_info(u16 cardnr, u16 domain, struct cca_info *ci)
1492{
1493 int rc, found = 0;
1494 size_t rlen, vlen;
1495 u8 *rarray, *varray, *pg;
1496 struct zcrypt_device_status_ext devstat;
1497
1498 memset(ci, 0, sizeof(*ci));
1499
1500
1501 rc = zcrypt_device_status_ext(cardnr, domain, &devstat);
1502 if (rc)
1503 return rc;
1504 ci->hwtype = devstat.hwtype;
1505
1506
1507 pg = (u8 *) __get_free_page(GFP_KERNEL);
1508 if (!pg)
1509 return -ENOMEM;
1510 rarray = pg;
1511 varray = pg + PAGE_SIZE/2;
1512 rlen = vlen = PAGE_SIZE/2;
1513
1514
1515 rc = cca_query_crypto_facility(cardnr, domain, "STATICSA",
1516 rarray, &rlen, varray, &vlen);
1517 if (rc == 0 && rlen >= 10*8 && vlen >= 204) {
1518 memcpy(ci->serial, rarray, 8);
1519 ci->new_mk_state = (char) rarray[7*8];
1520 ci->cur_mk_state = (char) rarray[8*8];
1521 ci->old_mk_state = (char) rarray[9*8];
1522 if (ci->old_mk_state == '2')
1523 memcpy(&ci->old_mkvp, varray + 172, 8);
1524 if (ci->cur_mk_state == '2')
1525 memcpy(&ci->cur_mkvp, varray + 184, 8);
1526 if (ci->new_mk_state == '3')
1527 memcpy(&ci->new_mkvp, varray + 196, 8);
1528 found = 1;
1529 }
1530
1531 free_page((unsigned long) pg);
1532
1533 return found ? 0 : -ENOENT;
1534}
1535
1536
1537
1538
1539int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify)
1540{
1541 int rc;
1542
1543 rc = cca_info_cache_fetch(card, dom, ci);
1544 if (rc || verify) {
1545 rc = fetch_cca_info(card, dom, ci);
1546 if (rc == 0)
1547 cca_info_cache_update(card, dom, ci);
1548 }
1549
1550 return rc;
1551}
1552EXPORT_SYMBOL(cca_get_info);
1553
1554
1555
1556
1557
1558static int findcard(u64 mkvp, u16 *pcardnr, u16 *pdomain,
1559 int verify, int minhwtype)
1560{
1561 struct zcrypt_device_status_ext *device_status;
1562 u16 card, dom;
1563 struct cca_info ci;
1564 int i, rc, oi = -1;
1565
1566
1567 if (mkvp == 0 || minhwtype < 0)
1568 return -EINVAL;
1569
1570
1571 device_status = kvmalloc_array(MAX_ZDEV_ENTRIES_EXT,
1572 sizeof(struct zcrypt_device_status_ext),
1573 GFP_KERNEL);
1574 if (!device_status)
1575 return -ENOMEM;
1576 zcrypt_device_status_mask_ext(device_status);
1577
1578
1579 for (i = 0; i < MAX_ZDEV_ENTRIES_EXT; i++) {
1580 card = AP_QID_CARD(device_status[i].qid);
1581 dom = AP_QID_QUEUE(device_status[i].qid);
1582 if (device_status[i].online &&
1583 device_status[i].functions & 0x04) {
1584
1585 if (cca_info_cache_fetch(card, dom, &ci) == 0 &&
1586 ci.hwtype >= minhwtype &&
1587 ci.cur_mk_state == '2' &&
1588 ci.cur_mkvp == mkvp) {
1589 if (!verify)
1590 break;
1591
1592 if (fetch_cca_info(card, dom, &ci) == 0) {
1593 cca_info_cache_update(card, dom, &ci);
1594 if (ci.hwtype >= minhwtype &&
1595 ci.cur_mk_state == '2' &&
1596 ci.cur_mkvp == mkvp)
1597 break;
1598 }
1599 }
1600 } else {
1601
1602
1603 cca_info_cache_scrub(card, dom);
1604 }
1605 }
1606 if (i >= MAX_ZDEV_ENTRIES_EXT) {
1607
1608 for (i = 0; i < MAX_ZDEV_ENTRIES_EXT; i++) {
1609 if (!(device_status[i].online &&
1610 device_status[i].functions & 0x04))
1611 continue;
1612 card = AP_QID_CARD(device_status[i].qid);
1613 dom = AP_QID_QUEUE(device_status[i].qid);
1614
1615 if (fetch_cca_info(card, dom, &ci) == 0) {
1616 cca_info_cache_update(card, dom, &ci);
1617 if (ci.hwtype >= minhwtype &&
1618 ci.cur_mk_state == '2' &&
1619 ci.cur_mkvp == mkvp)
1620 break;
1621 if (ci.hwtype >= minhwtype &&
1622 ci.old_mk_state == '2' &&
1623 ci.old_mkvp == mkvp &&
1624 oi < 0)
1625 oi = i;
1626 }
1627 }
1628 if (i >= MAX_ZDEV_ENTRIES_EXT && oi >= 0) {
1629
1630 card = AP_QID_CARD(device_status[oi].qid);
1631 dom = AP_QID_QUEUE(device_status[oi].qid);
1632 }
1633 }
1634 if (i < MAX_ZDEV_ENTRIES_EXT || oi >= 0) {
1635 if (pcardnr)
1636 *pcardnr = card;
1637 if (pdomain)
1638 *pdomain = dom;
1639 rc = (i < MAX_ZDEV_ENTRIES_EXT ? 0 : 1);
1640 } else
1641 rc = -ENODEV;
1642
1643 kvfree(device_status);
1644 return rc;
1645}
1646
1647
1648
1649
1650
1651int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify)
1652{
1653 u64 mkvp;
1654 int minhwtype = 0;
1655 const struct keytoken_header *hdr = (struct keytoken_header *) key;
1656
1657 if (hdr->type != TOKTYPE_CCA_INTERNAL)
1658 return -EINVAL;
1659
1660 switch (hdr->version) {
1661 case TOKVER_CCA_AES:
1662 mkvp = ((struct secaeskeytoken *)key)->mkvp;
1663 break;
1664 case TOKVER_CCA_VLSC:
1665 mkvp = ((struct cipherkeytoken *)key)->mkvp0;
1666 minhwtype = AP_DEVICE_TYPE_CEX6;
1667 break;
1668 default:
1669 return -EINVAL;
1670 }
1671
1672 return findcard(mkvp, pcardnr, pdomain, verify, minhwtype);
1673}
1674EXPORT_SYMBOL(cca_findcard);
1675
1676int cca_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
1677 int minhwtype, u64 cur_mkvp, u64 old_mkvp, int verify)
1678{
1679 struct zcrypt_device_status_ext *device_status;
1680 int i, n, card, dom, curmatch, oldmatch, rc = 0;
1681 struct cca_info ci;
1682
1683 *apqns = NULL;
1684 *nr_apqns = 0;
1685
1686
1687 device_status = kmalloc_array(MAX_ZDEV_ENTRIES_EXT,
1688 sizeof(struct zcrypt_device_status_ext),
1689 GFP_KERNEL);
1690 if (!device_status)
1691 return -ENOMEM;
1692 zcrypt_device_status_mask_ext(device_status);
1693
1694
1695 while (1) {
1696 n = 0;
1697
1698 for (i = 0; i < MAX_ZDEV_ENTRIES_EXT; i++) {
1699 card = AP_QID_CARD(device_status[i].qid);
1700 dom = AP_QID_QUEUE(device_status[i].qid);
1701
1702 if (!device_status[i].online)
1703 continue;
1704
1705 if (!(device_status[i].functions & 0x04))
1706 continue;
1707
1708 if (cardnr != 0xFFFF && card != cardnr)
1709 continue;
1710
1711 if (domain != 0xFFFF && dom != domain)
1712 continue;
1713
1714 if (cca_get_info(card, dom, &ci, verify))
1715 continue;
1716
1717 if (ci.cur_mk_state != '2')
1718 continue;
1719
1720 if (minhwtype > 0 && minhwtype > ci.hwtype)
1721 continue;
1722 if (cur_mkvp || old_mkvp) {
1723
1724 curmatch = oldmatch = 0;
1725 if (cur_mkvp && cur_mkvp == ci.cur_mkvp)
1726 curmatch = 1;
1727 if (old_mkvp && ci.old_mk_state == '2' &&
1728 old_mkvp == ci.old_mkvp)
1729 oldmatch = 1;
1730 if ((cur_mkvp || old_mkvp) &&
1731 (curmatch + oldmatch < 1))
1732 continue;
1733 }
1734
1735 if (*apqns && n < *nr_apqns)
1736 (*apqns)[n] = (((u16)card) << 16) | ((u16) dom);
1737 n++;
1738 }
1739
1740 if (*apqns)
1741 break;
1742
1743 if (!n) {
1744 rc = -ENODEV;
1745 break;
1746 }
1747 *nr_apqns = n;
1748
1749 *apqns = kmalloc_array(n, sizeof(u32), GFP_KERNEL);
1750 if (!*apqns) {
1751 rc = -ENOMEM;
1752 break;
1753 }
1754 verify = 0;
1755 }
1756
1757 kfree(device_status);
1758 return rc;
1759}
1760EXPORT_SYMBOL(cca_findcard2);
1761
1762void __exit zcrypt_ccamisc_exit(void)
1763{
1764 mkvp_cache_free();
1765}
1766
