1
2
3
4
5
6
7
8
9#define KMSG_COMPONENT "zcrypt"
10#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
11
12#include <linux/init.h>
13#include <linux/module.h>
14#include <linux/slab.h>
15#include <linux/random.h>
16#include <asm/zcrypt.h>
17#include <asm/pkey.h>
18#include <crypto/aes.h>
19
20#include "ap_bus.h"
21#include "zcrypt_api.h"
22#include "zcrypt_debug.h"
23#include "zcrypt_msgtype6.h"
24#include "zcrypt_ep11misc.h"
25#include "zcrypt_ccamisc.h"
26
27#define DEBUG_DBG(...) ZCRYPT_DBF(DBF_DEBUG, ##__VA_ARGS__)
28#define DEBUG_INFO(...) ZCRYPT_DBF(DBF_INFO, ##__VA_ARGS__)
29#define DEBUG_WARN(...) ZCRYPT_DBF(DBF_WARN, ##__VA_ARGS__)
30#define DEBUG_ERR(...) ZCRYPT_DBF(DBF_ERR, ##__VA_ARGS__)
31
32
33static const u8 def_iv[16] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
34 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
35
36
37struct card_list_entry {
38 struct list_head list;
39 u16 cardnr;
40 struct ep11_card_info info;
41};
42static LIST_HEAD(card_list);
43static DEFINE_SPINLOCK(card_list_lock);
44
45static int card_cache_fetch(u16 cardnr, struct ep11_card_info *ci)
46{
47 int rc = -ENOENT;
48 struct card_list_entry *ptr;
49
50 spin_lock_bh(&card_list_lock);
51 list_for_each_entry(ptr, &card_list, list) {
52 if (ptr->cardnr == cardnr) {
53 memcpy(ci, &ptr->info, sizeof(*ci));
54 rc = 0;
55 break;
56 }
57 }
58 spin_unlock_bh(&card_list_lock);
59
60 return rc;
61}
62
63static void card_cache_update(u16 cardnr, const struct ep11_card_info *ci)
64{
65 int found = 0;
66 struct card_list_entry *ptr;
67
68 spin_lock_bh(&card_list_lock);
69 list_for_each_entry(ptr, &card_list, list) {
70 if (ptr->cardnr == cardnr) {
71 memcpy(&ptr->info, ci, sizeof(*ci));
72 found = 1;
73 break;
74 }
75 }
76 if (!found) {
77 ptr = kmalloc(sizeof(*ptr), GFP_ATOMIC);
78 if (!ptr) {
79 spin_unlock_bh(&card_list_lock);
80 return;
81 }
82 ptr->cardnr = cardnr;
83 memcpy(&ptr->info, ci, sizeof(*ci));
84 list_add(&ptr->list, &card_list);
85 }
86 spin_unlock_bh(&card_list_lock);
87}
88
89static void card_cache_scrub(u16 cardnr)
90{
91 struct card_list_entry *ptr;
92
93 spin_lock_bh(&card_list_lock);
94 list_for_each_entry(ptr, &card_list, list) {
95 if (ptr->cardnr == cardnr) {
96 list_del(&ptr->list);
97 kfree(ptr);
98 break;
99 }
100 }
101 spin_unlock_bh(&card_list_lock);
102}
103
104static void __exit card_cache_free(void)
105{
106 struct card_list_entry *ptr, *pnext;
107
108 spin_lock_bh(&card_list_lock);
109 list_for_each_entry_safe(ptr, pnext, &card_list, list) {
110 list_del(&ptr->list);
111 kfree(ptr);
112 }
113 spin_unlock_bh(&card_list_lock);
114}
115
116
117
118
119int ep11_check_aes_key_with_hdr(debug_info_t *dbg, int dbflvl,
120 const u8 *key, size_t keylen, int checkcpacfexp)
121{
122 struct ep11kblob_header *hdr = (struct ep11kblob_header *) key;
123 struct ep11keyblob *kb = (struct ep11keyblob *) (key + sizeof(*hdr));
124
125#define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
126
127 if (keylen < sizeof(*hdr) + sizeof(*kb)) {
128 DBF("%s key check failed, keylen %zu < %zu\n",
129 __func__, keylen, sizeof(*hdr) + sizeof(*kb));
130 return -EINVAL;
131 }
132
133 if (hdr->type != TOKTYPE_NON_CCA) {
134 if (dbg)
135 DBF("%s key check failed, type 0x%02x != 0x%02x\n",
136 __func__, (int) hdr->type, TOKTYPE_NON_CCA);
137 return -EINVAL;
138 }
139 if (hdr->hver != 0x00) {
140 if (dbg)
141 DBF("%s key check failed, header version 0x%02x != 0x00\n",
142 __func__, (int) hdr->hver);
143 return -EINVAL;
144 }
145 if (hdr->version != TOKVER_EP11_AES_WITH_HEADER) {
146 if (dbg)
147 DBF("%s key check failed, version 0x%02x != 0x%02x\n",
148 __func__, (int) hdr->version, TOKVER_EP11_AES_WITH_HEADER);
149 return -EINVAL;
150 }
151 if (hdr->len > keylen) {
152 if (dbg)
153 DBF("%s key check failed, header len %d keylen %zu mismatch\n",
154 __func__, (int) hdr->len, keylen);
155 return -EINVAL;
156 }
157 if (hdr->len < sizeof(*hdr) + sizeof(*kb)) {
158 if (dbg)
159 DBF("%s key check failed, header len %d < %zu\n",
160 __func__, (int) hdr->len, sizeof(*hdr) + sizeof(*kb));
161 return -EINVAL;
162 }
163
164 if (kb->version != EP11_STRUCT_MAGIC) {
165 if (dbg)
166 DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
167 __func__, (int) kb->version, EP11_STRUCT_MAGIC);
168 return -EINVAL;
169 }
170 if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
171 if (dbg)
172 DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
173 __func__);
174 return -EINVAL;
175 }
176
177#undef DBF
178
179 return 0;
180}
181EXPORT_SYMBOL(ep11_check_aes_key_with_hdr);
182
183
184
185
186int ep11_check_ecc_key_with_hdr(debug_info_t *dbg, int dbflvl,
187 const u8 *key, size_t keylen, int checkcpacfexp)
188{
189 struct ep11kblob_header *hdr = (struct ep11kblob_header *) key;
190 struct ep11keyblob *kb = (struct ep11keyblob *) (key + sizeof(*hdr));
191
192#define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
193
194 if (keylen < sizeof(*hdr) + sizeof(*kb)) {
195 DBF("%s key check failed, keylen %zu < %zu\n",
196 __func__, keylen, sizeof(*hdr) + sizeof(*kb));
197 return -EINVAL;
198 }
199
200 if (hdr->type != TOKTYPE_NON_CCA) {
201 if (dbg)
202 DBF("%s key check failed, type 0x%02x != 0x%02x\n",
203 __func__, (int) hdr->type, TOKTYPE_NON_CCA);
204 return -EINVAL;
205 }
206 if (hdr->hver != 0x00) {
207 if (dbg)
208 DBF("%s key check failed, header version 0x%02x != 0x00\n",
209 __func__, (int) hdr->hver);
210 return -EINVAL;
211 }
212 if (hdr->version != TOKVER_EP11_ECC_WITH_HEADER) {
213 if (dbg)
214 DBF("%s key check failed, version 0x%02x != 0x%02x\n",
215 __func__, (int) hdr->version, TOKVER_EP11_ECC_WITH_HEADER);
216 return -EINVAL;
217 }
218 if (hdr->len > keylen) {
219 if (dbg)
220 DBF("%s key check failed, header len %d keylen %zu mismatch\n",
221 __func__, (int) hdr->len, keylen);
222 return -EINVAL;
223 }
224 if (hdr->len < sizeof(*hdr) + sizeof(*kb)) {
225 if (dbg)
226 DBF("%s key check failed, header len %d < %zu\n",
227 __func__, (int) hdr->len, sizeof(*hdr) + sizeof(*kb));
228 return -EINVAL;
229 }
230
231 if (kb->version != EP11_STRUCT_MAGIC) {
232 if (dbg)
233 DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
234 __func__, (int) kb->version, EP11_STRUCT_MAGIC);
235 return -EINVAL;
236 }
237 if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
238 if (dbg)
239 DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
240 __func__);
241 return -EINVAL;
242 }
243
244#undef DBF
245
246 return 0;
247}
248EXPORT_SYMBOL(ep11_check_ecc_key_with_hdr);
249
250
251
252
253
254int ep11_check_aes_key(debug_info_t *dbg, int dbflvl,
255 const u8 *key, size_t keylen, int checkcpacfexp)
256{
257 struct ep11keyblob *kb = (struct ep11keyblob *) key;
258
259#define DBF(...) debug_sprintf_event(dbg, dbflvl, ##__VA_ARGS__)
260
261 if (keylen < sizeof(*kb)) {
262 DBF("%s key check failed, keylen %zu < %zu\n",
263 __func__, keylen, sizeof(*kb));
264 return -EINVAL;
265 }
266
267 if (kb->head.type != TOKTYPE_NON_CCA) {
268 if (dbg)
269 DBF("%s key check failed, type 0x%02x != 0x%02x\n",
270 __func__, (int) kb->head.type, TOKTYPE_NON_CCA);
271 return -EINVAL;
272 }
273 if (kb->head.version != TOKVER_EP11_AES) {
274 if (dbg)
275 DBF("%s key check failed, version 0x%02x != 0x%02x\n",
276 __func__, (int) kb->head.version, TOKVER_EP11_AES);
277 return -EINVAL;
278 }
279 if (kb->head.len > keylen) {
280 if (dbg)
281 DBF("%s key check failed, header len %d keylen %zu mismatch\n",
282 __func__, (int) kb->head.len, keylen);
283 return -EINVAL;
284 }
285 if (kb->head.len < sizeof(*kb)) {
286 if (dbg)
287 DBF("%s key check failed, header len %d < %zu\n",
288 __func__, (int) kb->head.len, sizeof(*kb));
289 return -EINVAL;
290 }
291
292 if (kb->version != EP11_STRUCT_MAGIC) {
293 if (dbg)
294 DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
295 __func__, (int) kb->version, EP11_STRUCT_MAGIC);
296 return -EINVAL;
297 }
298 if (checkcpacfexp && !(kb->attr & EP11_BLOB_PKEY_EXTRACTABLE)) {
299 if (dbg)
300 DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
301 __func__);
302 return -EINVAL;
303 }
304
305#undef DBF
306
307 return 0;
308}
309EXPORT_SYMBOL(ep11_check_aes_key);
310
311
312
313
314static inline struct ep11_cprb *alloc_cprb(size_t payload_len)
315{
316 size_t len = sizeof(struct ep11_cprb) + payload_len;
317 struct ep11_cprb *cprb;
318
319 cprb = kmalloc(len, GFP_KERNEL);
320 if (!cprb)
321 return NULL;
322
323 memset(cprb, 0, len);
324 cprb->cprb_len = sizeof(struct ep11_cprb);
325 cprb->cprb_ver_id = 0x04;
326 memcpy(cprb->func_id, "T4", 2);
327 cprb->ret_code = 0xFFFFFFFF;
328 cprb->payload_len = payload_len;
329
330 return cprb;
331}
332
333
334
335
336
337
338#define ASN1TAGLEN(x) (2 + (x) + ((x) > 127 ? 1 : 0) + ((x) > 255 ? 1 : 0))
339
340static int asn1tag_write(u8 *ptr, u8 tag, const u8 *pvalue, u16 valuelen)
341{
342 ptr[0] = tag;
343 if (valuelen > 255) {
344 ptr[1] = 0x82;
345 *((u16 *)(ptr + 2)) = valuelen;
346 memcpy(ptr + 4, pvalue, valuelen);
347 return 4 + valuelen;
348 }
349 if (valuelen > 127) {
350 ptr[1] = 0x81;
351 ptr[2] = (u8) valuelen;
352 memcpy(ptr + 3, pvalue, valuelen);
353 return 3 + valuelen;
354 }
355 ptr[1] = (u8) valuelen;
356 memcpy(ptr + 2, pvalue, valuelen);
357 return 2 + valuelen;
358}
359
360
361struct pl_head {
362 u8 tag;
363 u8 lenfmt;
364 u16 len;
365 u8 func_tag;
366 u8 func_len;
367 u32 func;
368 u8 dom_tag;
369 u8 dom_len;
370 u32 dom;
371} __packed;
372
373
374static inline void prep_head(struct pl_head *h,
375 size_t pl_size, int api, int func)
376{
377 h->tag = 0x30;
378 h->lenfmt = 0x82;
379 h->len = pl_size - 4;
380 h->func_tag = 0x04;
381 h->func_len = sizeof(u32);
382 h->func = (api << 16) + func;
383 h->dom_tag = 0x04;
384 h->dom_len = sizeof(u32);
385}
386
387
388static inline void prep_urb(struct ep11_urb *u,
389 struct ep11_target_dev *t, int nt,
390 struct ep11_cprb *req, size_t req_len,
391 struct ep11_cprb *rep, size_t rep_len)
392{
393 u->targets = (u8 __user *) t;
394 u->targets_num = nt;
395 u->req = (u8 __user *) req;
396 u->req_len = req_len;
397 u->resp = (u8 __user *) rep;
398 u->resp_len = rep_len;
399}
400
401
402static int check_reply_pl(const u8 *pl, const char *func)
403{
404 int len;
405 u32 ret;
406
407
408 if (*pl++ != 0x30) {
409 DEBUG_ERR("%s reply start tag mismatch\n", func);
410 return -EIO;
411 }
412
413
414 if (*pl < 127) {
415 len = *pl;
416 pl++;
417 } else if (*pl == 0x81) {
418 pl++;
419 len = *pl;
420 pl++;
421 } else if (*pl == 0x82) {
422 pl++;
423 len = *((u16 *)pl);
424 pl += 2;
425 } else {
426 DEBUG_ERR("%s reply start tag lenfmt mismatch 0x%02hhx\n",
427 func, *pl);
428 return -EIO;
429 }
430
431
432 if (len < 3 * 6) {
433 DEBUG_ERR("%s reply length %d too small\n", func, len);
434 return -EIO;
435 }
436
437
438 if (pl[0] != 0x04 || pl[1] != 0x04) {
439 DEBUG_ERR("%s function tag or length mismatch\n", func);
440 return -EIO;
441 }
442 pl += 6;
443
444
445 if (pl[0] != 0x04 || pl[1] != 0x04) {
446 DEBUG_ERR("%s dom tag or length mismatch\n", func);
447 return -EIO;
448 }
449 pl += 6;
450
451
452 if (pl[0] != 0x04 || pl[1] != 0x04) {
453 DEBUG_ERR("%s return value tag or length mismatch\n", func);
454 return -EIO;
455 }
456 pl += 2;
457 ret = *((u32 *)pl);
458 if (ret != 0) {
459 DEBUG_ERR("%s return value 0x%04x != 0\n", func, ret);
460 return -EIO;
461 }
462
463 return 0;
464}
465
466
467
468
469
470static int ep11_query_info(u16 cardnr, u16 domain, u32 query_type,
471 size_t buflen, u8 *buf)
472{
473 struct ep11_info_req_pl {
474 struct pl_head head;
475 u8 query_type_tag;
476 u8 query_type_len;
477 u32 query_type;
478 u8 query_subtype_tag;
479 u8 query_subtype_len;
480 u32 query_subtype;
481 } __packed * req_pl;
482 struct ep11_info_rep_pl {
483 struct pl_head head;
484 u8 rc_tag;
485 u8 rc_len;
486 u32 rc;
487 u8 data_tag;
488 u8 data_lenfmt;
489 u16 data_len;
490 } __packed * rep_pl;
491 struct ep11_cprb *req = NULL, *rep = NULL;
492 struct ep11_target_dev target;
493 struct ep11_urb *urb = NULL;
494 int api = 1, rc = -ENOMEM;
495
496
497 req = alloc_cprb(sizeof(struct ep11_info_req_pl));
498 if (!req)
499 goto out;
500 req_pl = (struct ep11_info_req_pl *) (((u8 *) req) + sizeof(*req));
501 prep_head(&req_pl->head, sizeof(*req_pl), api, 38);
502 req_pl->query_type_tag = 0x04;
503 req_pl->query_type_len = sizeof(u32);
504 req_pl->query_type = query_type;
505 req_pl->query_subtype_tag = 0x04;
506 req_pl->query_subtype_len = sizeof(u32);
507
508
509 rep = alloc_cprb(sizeof(struct ep11_info_rep_pl) + buflen);
510 if (!rep)
511 goto out;
512 rep_pl = (struct ep11_info_rep_pl *) (((u8 *) rep) + sizeof(*rep));
513
514
515 urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
516 if (!urb)
517 goto out;
518 target.ap_id = cardnr;
519 target.dom_id = domain;
520 prep_urb(urb, &target, 1,
521 req, sizeof(*req) + sizeof(*req_pl),
522 rep, sizeof(*rep) + sizeof(*rep_pl) + buflen);
523
524 rc = zcrypt_send_ep11_cprb(urb);
525 if (rc) {
526 DEBUG_ERR(
527 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
528 __func__, (int) cardnr, (int) domain, rc);
529 goto out;
530 }
531
532 rc = check_reply_pl((u8 *)rep_pl, __func__);
533 if (rc)
534 goto out;
535 if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
536 DEBUG_ERR("%s unknown reply data format\n", __func__);
537 rc = -EIO;
538 goto out;
539 }
540 if (rep_pl->data_len > buflen) {
541 DEBUG_ERR("%s mismatch between reply data len and buffer len\n",
542 __func__);
543 rc = -ENOSPC;
544 goto out;
545 }
546
547 memcpy(buf, ((u8 *) rep_pl) + sizeof(*rep_pl), rep_pl->data_len);
548
549out:
550 kfree(req);
551 kfree(rep);
552 kfree(urb);
553 return rc;
554}
555
556
557
558
559int ep11_get_card_info(u16 card, struct ep11_card_info *info, int verify)
560{
561 int rc;
562 struct ep11_module_query_info {
563 u32 API_ord_nr;
564 u32 firmware_id;
565 u8 FW_major_vers;
566 u8 FW_minor_vers;
567 u8 CSP_major_vers;
568 u8 CSP_minor_vers;
569 u8 fwid[32];
570 u8 xcp_config_hash[32];
571 u8 CSP_config_hash[32];
572 u8 serial[16];
573 u8 module_date_time[16];
574 u64 op_mode;
575 u32 PKCS11_flags;
576 u32 ext_flags;
577 u32 domains;
578 u32 sym_state_bytes;
579 u32 digest_state_bytes;
580 u32 pin_blob_bytes;
581 u32 SPKI_bytes;
582 u32 priv_key_blob_bytes;
583 u32 sym_blob_bytes;
584 u32 max_payload_bytes;
585 u32 CP_profile_bytes;
586 u32 max_CP_index;
587 } __packed * pmqi = NULL;
588
589 rc = card_cache_fetch(card, info);
590 if (rc || verify) {
591 pmqi = kmalloc(sizeof(*pmqi), GFP_KERNEL);
592 if (!pmqi)
593 return -ENOMEM;
594 rc = ep11_query_info(card, AUTOSEL_DOM,
595 0x01 ,
596 sizeof(*pmqi), (u8 *) pmqi);
597 if (rc) {
598 if (rc == -ENODEV)
599 card_cache_scrub(card);
600 goto out;
601 }
602 memset(info, 0, sizeof(*info));
603 info->API_ord_nr = pmqi->API_ord_nr;
604 info->FW_version =
605 (pmqi->FW_major_vers << 8) + pmqi->FW_minor_vers;
606 memcpy(info->serial, pmqi->serial, sizeof(info->serial));
607 info->op_mode = pmqi->op_mode;
608 card_cache_update(card, info);
609 }
610
611out:
612 kfree(pmqi);
613 return rc;
614}
615EXPORT_SYMBOL(ep11_get_card_info);
616
617
618
619
620int ep11_get_domain_info(u16 card, u16 domain, struct ep11_domain_info *info)
621{
622 int rc;
623 struct ep11_domain_query_info {
624 u32 dom_index;
625 u8 cur_WK_VP[32];
626 u8 new_WK_VP[32];
627 u32 dom_flags;
628 u64 op_mode;
629 } __packed * p_dom_info;
630
631 p_dom_info = kmalloc(sizeof(*p_dom_info), GFP_KERNEL);
632 if (!p_dom_info)
633 return -ENOMEM;
634
635 rc = ep11_query_info(card, domain, 0x03 ,
636 sizeof(*p_dom_info), (u8 *) p_dom_info);
637 if (rc)
638 goto out;
639
640 memset(info, 0, sizeof(*info));
641 info->cur_wk_state = '0';
642 info->new_wk_state = '0';
643 if (p_dom_info->dom_flags & 0x10 ) {
644 if (p_dom_info->dom_flags & 0x02 ) {
645 info->cur_wk_state = '1';
646 memcpy(info->cur_wkvp, p_dom_info->cur_WK_VP, 32);
647 }
648 if (p_dom_info->dom_flags & 0x04
649 || p_dom_info->dom_flags & 0x08 ) {
650 info->new_wk_state =
651 p_dom_info->dom_flags & 0x08 ? '2' : '1';
652 memcpy(info->new_wkvp, p_dom_info->new_WK_VP, 32);
653 }
654 }
655 info->op_mode = p_dom_info->op_mode;
656
657out:
658 kfree(p_dom_info);
659 return rc;
660}
661EXPORT_SYMBOL(ep11_get_domain_info);
662
663
664
665
666
667#define KEY_ATTR_DEFAULTS 0x00200c00
668
669int ep11_genaeskey(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
670 u8 *keybuf, size_t *keybufsize)
671{
672 struct keygen_req_pl {
673 struct pl_head head;
674 u8 var_tag;
675 u8 var_len;
676 u32 var;
677 u8 keybytes_tag;
678 u8 keybytes_len;
679 u32 keybytes;
680 u8 mech_tag;
681 u8 mech_len;
682 u32 mech;
683 u8 attr_tag;
684 u8 attr_len;
685 u32 attr_header;
686 u32 attr_bool_mask;
687 u32 attr_bool_bits;
688 u32 attr_val_len_type;
689 u32 attr_val_len_value;
690 u8 pin_tag;
691 u8 pin_len;
692 } __packed * req_pl;
693 struct keygen_rep_pl {
694 struct pl_head head;
695 u8 rc_tag;
696 u8 rc_len;
697 u32 rc;
698 u8 data_tag;
699 u8 data_lenfmt;
700 u16 data_len;
701 u8 data[512];
702 } __packed * rep_pl;
703 struct ep11_cprb *req = NULL, *rep = NULL;
704 struct ep11_target_dev target;
705 struct ep11_urb *urb = NULL;
706 struct ep11keyblob *kb;
707 int api, rc = -ENOMEM;
708
709 switch (keybitsize) {
710 case 128:
711 case 192:
712 case 256:
713 break;
714 default:
715 DEBUG_ERR(
716 "%s unknown/unsupported keybitsize %d\n",
717 __func__, keybitsize);
718 rc = -EINVAL;
719 goto out;
720 }
721
722
723 req = alloc_cprb(sizeof(struct keygen_req_pl));
724 if (!req)
725 goto out;
726 req_pl = (struct keygen_req_pl *) (((u8 *) req) + sizeof(*req));
727 api = (!keygenflags || keygenflags & 0x00200000) ? 4 : 1;
728 prep_head(&req_pl->head, sizeof(*req_pl), api, 21);
729 req_pl->var_tag = 0x04;
730 req_pl->var_len = sizeof(u32);
731 req_pl->keybytes_tag = 0x04;
732 req_pl->keybytes_len = sizeof(u32);
733 req_pl->keybytes = keybitsize / 8;
734 req_pl->mech_tag = 0x04;
735 req_pl->mech_len = sizeof(u32);
736 req_pl->mech = 0x00001080;
737 req_pl->attr_tag = 0x04;
738 req_pl->attr_len = 5 * sizeof(u32);
739 req_pl->attr_header = 0x10010000;
740 req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
741 req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
742 req_pl->attr_val_len_type = 0x00000161;
743 req_pl->attr_val_len_value = keybitsize / 8;
744 req_pl->pin_tag = 0x04;
745
746
747 rep = alloc_cprb(sizeof(struct keygen_rep_pl));
748 if (!rep)
749 goto out;
750 rep_pl = (struct keygen_rep_pl *) (((u8 *) rep) + sizeof(*rep));
751
752
753 urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
754 if (!urb)
755 goto out;
756 target.ap_id = card;
757 target.dom_id = domain;
758 prep_urb(urb, &target, 1,
759 req, sizeof(*req) + sizeof(*req_pl),
760 rep, sizeof(*rep) + sizeof(*rep_pl));
761
762 rc = zcrypt_send_ep11_cprb(urb);
763 if (rc) {
764 DEBUG_ERR(
765 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
766 __func__, (int) card, (int) domain, rc);
767 goto out;
768 }
769
770 rc = check_reply_pl((u8 *)rep_pl, __func__);
771 if (rc)
772 goto out;
773 if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
774 DEBUG_ERR("%s unknown reply data format\n", __func__);
775 rc = -EIO;
776 goto out;
777 }
778 if (rep_pl->data_len > *keybufsize) {
779 DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
780 __func__);
781 rc = -ENOSPC;
782 goto out;
783 }
784
785
786 memcpy(keybuf, rep_pl->data, rep_pl->data_len);
787 *keybufsize = rep_pl->data_len;
788 kb = (struct ep11keyblob *) keybuf;
789 kb->head.type = TOKTYPE_NON_CCA;
790 kb->head.len = rep_pl->data_len;
791 kb->head.version = TOKVER_EP11_AES;
792 kb->head.keybitlen = keybitsize;
793
794out:
795 kfree(req);
796 kfree(rep);
797 kfree(urb);
798 return rc;
799}
800EXPORT_SYMBOL(ep11_genaeskey);
801
802static int ep11_cryptsingle(u16 card, u16 domain,
803 u16 mode, u32 mech, const u8 *iv,
804 const u8 *key, size_t keysize,
805 const u8 *inbuf, size_t inbufsize,
806 u8 *outbuf, size_t *outbufsize)
807{
808 struct crypt_req_pl {
809 struct pl_head head;
810 u8 var_tag;
811 u8 var_len;
812 u32 var;
813 u8 mech_tag;
814 u8 mech_len;
815 u32 mech;
816
817
818
819
820
821 } __packed * req_pl;
822 struct crypt_rep_pl {
823 struct pl_head head;
824 u8 rc_tag;
825 u8 rc_len;
826 u32 rc;
827 u8 data_tag;
828 u8 data_lenfmt;
829
830 } __packed * rep_pl;
831 struct ep11_cprb *req = NULL, *rep = NULL;
832 struct ep11_target_dev target;
833 struct ep11_urb *urb = NULL;
834 size_t req_pl_size, rep_pl_size;
835 int n, api = 1, rc = -ENOMEM;
836 u8 *p;
837
838
839 if (keysize > 0xFFFF || inbufsize > 0xFFFF)
840 return -EINVAL;
841
842
843 req_pl_size = sizeof(struct crypt_req_pl) + (iv ? 16 : 0)
844 + ASN1TAGLEN(keysize) + ASN1TAGLEN(inbufsize);
845 req = alloc_cprb(req_pl_size);
846 if (!req)
847 goto out;
848 req_pl = (struct crypt_req_pl *) (((u8 *) req) + sizeof(*req));
849 prep_head(&req_pl->head, req_pl_size, api, (mode ? 20 : 19));
850 req_pl->var_tag = 0x04;
851 req_pl->var_len = sizeof(u32);
852
853 req_pl->mech_tag = 0x04;
854 req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
855 req_pl->mech = (mech ? mech : 0x00001085);
856 p = ((u8 *) req_pl) + sizeof(*req_pl);
857 if (iv) {
858 memcpy(p, iv, 16);
859 p += 16;
860 }
861
862 p += asn1tag_write(p, 0x04, key, keysize);
863 p += asn1tag_write(p, 0x04, inbuf, inbufsize);
864
865
866 rep_pl_size = sizeof(struct crypt_rep_pl) + ASN1TAGLEN(inbufsize + 32);
867 rep = alloc_cprb(rep_pl_size);
868 if (!rep)
869 goto out;
870 rep_pl = (struct crypt_rep_pl *) (((u8 *) rep) + sizeof(*rep));
871
872
873 urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
874 if (!urb)
875 goto out;
876 target.ap_id = card;
877 target.dom_id = domain;
878 prep_urb(urb, &target, 1,
879 req, sizeof(*req) + req_pl_size,
880 rep, sizeof(*rep) + rep_pl_size);
881
882 rc = zcrypt_send_ep11_cprb(urb);
883 if (rc) {
884 DEBUG_ERR(
885 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
886 __func__, (int) card, (int) domain, rc);
887 goto out;
888 }
889
890 rc = check_reply_pl((u8 *)rep_pl, __func__);
891 if (rc)
892 goto out;
893 if (rep_pl->data_tag != 0x04) {
894 DEBUG_ERR("%s unknown reply data format\n", __func__);
895 rc = -EIO;
896 goto out;
897 }
898 p = ((u8 *) rep_pl) + sizeof(*rep_pl);
899 if (rep_pl->data_lenfmt <= 127)
900 n = rep_pl->data_lenfmt;
901 else if (rep_pl->data_lenfmt == 0x81)
902 n = *p++;
903 else if (rep_pl->data_lenfmt == 0x82) {
904 n = *((u16 *) p);
905 p += 2;
906 } else {
907 DEBUG_ERR("%s unknown reply data length format 0x%02hhx\n",
908 __func__, rep_pl->data_lenfmt);
909 rc = -EIO;
910 goto out;
911 }
912 if (n > *outbufsize) {
913 DEBUG_ERR("%s mismatch reply data len %d / output buffer %zu\n",
914 __func__, n, *outbufsize);
915 rc = -ENOSPC;
916 goto out;
917 }
918
919 memcpy(outbuf, p, n);
920 *outbufsize = n;
921
922out:
923 kfree(req);
924 kfree(rep);
925 kfree(urb);
926 return rc;
927}
928
929static int ep11_unwrapkey(u16 card, u16 domain,
930 const u8 *kek, size_t keksize,
931 const u8 *enckey, size_t enckeysize,
932 u32 mech, const u8 *iv,
933 u32 keybitsize, u32 keygenflags,
934 u8 *keybuf, size_t *keybufsize)
935{
936 struct uw_req_pl {
937 struct pl_head head;
938 u8 attr_tag;
939 u8 attr_len;
940 u32 attr_header;
941 u32 attr_bool_mask;
942 u32 attr_bool_bits;
943 u32 attr_key_type;
944 u32 attr_key_type_value;
945 u32 attr_val_len;
946 u32 attr_val_len_value;
947 u8 mech_tag;
948 u8 mech_len;
949 u32 mech;
950
951
952
953
954
955
956
957 } __packed * req_pl;
958 struct uw_rep_pl {
959 struct pl_head head;
960 u8 rc_tag;
961 u8 rc_len;
962 u32 rc;
963 u8 data_tag;
964 u8 data_lenfmt;
965 u16 data_len;
966 u8 data[512];
967 } __packed * rep_pl;
968 struct ep11_cprb *req = NULL, *rep = NULL;
969 struct ep11_target_dev target;
970 struct ep11_urb *urb = NULL;
971 struct ep11keyblob *kb;
972 size_t req_pl_size;
973 int api, rc = -ENOMEM;
974 u8 *p;
975
976
977 req_pl_size = sizeof(struct uw_req_pl) + (iv ? 16 : 0)
978 + ASN1TAGLEN(keksize) + 4 + ASN1TAGLEN(enckeysize);
979 req = alloc_cprb(req_pl_size);
980 if (!req)
981 goto out;
982 req_pl = (struct uw_req_pl *) (((u8 *) req) + sizeof(*req));
983 api = (!keygenflags || keygenflags & 0x00200000) ? 4 : 1;
984 prep_head(&req_pl->head, req_pl_size, api, 34);
985 req_pl->attr_tag = 0x04;
986 req_pl->attr_len = 7 * sizeof(u32);
987 req_pl->attr_header = 0x10020000;
988 req_pl->attr_bool_mask = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
989 req_pl->attr_bool_bits = keygenflags ? keygenflags : KEY_ATTR_DEFAULTS;
990 req_pl->attr_key_type = 0x00000100;
991 req_pl->attr_key_type_value = 0x0000001f;
992 req_pl->attr_val_len = 0x00000161;
993 req_pl->attr_val_len_value = keybitsize / 8;
994
995 req_pl->mech_tag = 0x04;
996 req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
997 req_pl->mech = (mech ? mech : 0x00001085);
998 p = ((u8 *) req_pl) + sizeof(*req_pl);
999 if (iv) {
1000 memcpy(p, iv, 16);
1001 p += 16;
1002 }
1003
1004 p += asn1tag_write(p, 0x04, kek, keksize);
1005
1006 *p++ = 0x04;
1007 *p++ = 0;
1008
1009 *p++ = 0x04;
1010 *p++ = 0;
1011
1012 p += asn1tag_write(p, 0x04, enckey, enckeysize);
1013
1014
1015 rep = alloc_cprb(sizeof(struct uw_rep_pl));
1016 if (!rep)
1017 goto out;
1018 rep_pl = (struct uw_rep_pl *) (((u8 *) rep) + sizeof(*rep));
1019
1020
1021 urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
1022 if (!urb)
1023 goto out;
1024 target.ap_id = card;
1025 target.dom_id = domain;
1026 prep_urb(urb, &target, 1,
1027 req, sizeof(*req) + req_pl_size,
1028 rep, sizeof(*rep) + sizeof(*rep_pl));
1029
1030 rc = zcrypt_send_ep11_cprb(urb);
1031 if (rc) {
1032 DEBUG_ERR(
1033 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
1034 __func__, (int) card, (int) domain, rc);
1035 goto out;
1036 }
1037
1038 rc = check_reply_pl((u8 *)rep_pl, __func__);
1039 if (rc)
1040 goto out;
1041 if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
1042 DEBUG_ERR("%s unknown reply data format\n", __func__);
1043 rc = -EIO;
1044 goto out;
1045 }
1046 if (rep_pl->data_len > *keybufsize) {
1047 DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
1048 __func__);
1049 rc = -ENOSPC;
1050 goto out;
1051 }
1052
1053
1054 memcpy(keybuf, rep_pl->data, rep_pl->data_len);
1055 *keybufsize = rep_pl->data_len;
1056 kb = (struct ep11keyblob *) keybuf;
1057 kb->head.type = TOKTYPE_NON_CCA;
1058 kb->head.len = rep_pl->data_len;
1059 kb->head.version = TOKVER_EP11_AES;
1060 kb->head.keybitlen = keybitsize;
1061
1062out:
1063 kfree(req);
1064 kfree(rep);
1065 kfree(urb);
1066 return rc;
1067}
1068
1069static int ep11_wrapkey(u16 card, u16 domain,
1070 const u8 *key, size_t keysize,
1071 u32 mech, const u8 *iv,
1072 u8 *databuf, size_t *datasize)
1073{
1074 struct wk_req_pl {
1075 struct pl_head head;
1076 u8 var_tag;
1077 u8 var_len;
1078 u32 var;
1079 u8 mech_tag;
1080 u8 mech_len;
1081 u32 mech;
1082
1083
1084
1085
1086
1087
1088 } __packed * req_pl;
1089 struct wk_rep_pl {
1090 struct pl_head head;
1091 u8 rc_tag;
1092 u8 rc_len;
1093 u32 rc;
1094 u8 data_tag;
1095 u8 data_lenfmt;
1096 u16 data_len;
1097 u8 data[1024];
1098 } __packed * rep_pl;
1099 struct ep11_cprb *req = NULL, *rep = NULL;
1100 struct ep11_target_dev target;
1101 struct ep11_urb *urb = NULL;
1102 struct ep11keyblob *kb;
1103 size_t req_pl_size;
1104 int api, rc = -ENOMEM;
1105 bool has_header = false;
1106 u8 *p;
1107
1108
1109 kb = (struct ep11keyblob *) key;
1110 if (kb->head.type == TOKTYPE_NON_CCA &&
1111 kb->head.version == TOKVER_EP11_AES) {
1112 has_header = true;
1113 keysize = kb->head.len < keysize ? kb->head.len : keysize;
1114 }
1115
1116
1117 req_pl_size = sizeof(struct wk_req_pl) + (iv ? 16 : 0)
1118 + ASN1TAGLEN(keysize) + 4;
1119 req = alloc_cprb(req_pl_size);
1120 if (!req)
1121 goto out;
1122 if (!mech || mech == 0x80060001)
1123 req->flags |= 0x20;
1124 req_pl = (struct wk_req_pl *) (((u8 *) req) + sizeof(*req));
1125 api = (!mech || mech == 0x80060001) ? 4 : 1;
1126 prep_head(&req_pl->head, req_pl_size, api, 33);
1127 req_pl->var_tag = 0x04;
1128 req_pl->var_len = sizeof(u32);
1129
1130 req_pl->mech_tag = 0x04;
1131 req_pl->mech_len = sizeof(u32) + (iv ? 16 : 0);
1132 req_pl->mech = (mech ? mech : 0x80060001);
1133 p = ((u8 *) req_pl) + sizeof(*req_pl);
1134 if (iv) {
1135 memcpy(p, iv, 16);
1136 p += 16;
1137 }
1138
1139 p += asn1tag_write(p, 0x04, key, keysize);
1140
1141 if (has_header) {
1142 kb = (struct ep11keyblob *)(p - keysize);
1143 memset(&kb->head, 0, sizeof(kb->head));
1144 }
1145
1146 *p++ = 0x04;
1147 *p++ = 0;
1148
1149 *p++ = 0x04;
1150 *p++ = 0;
1151
1152
1153 rep = alloc_cprb(sizeof(struct wk_rep_pl));
1154 if (!rep)
1155 goto out;
1156 rep_pl = (struct wk_rep_pl *) (((u8 *) rep) + sizeof(*rep));
1157
1158
1159 urb = kmalloc(sizeof(struct ep11_urb), GFP_KERNEL);
1160 if (!urb)
1161 goto out;
1162 target.ap_id = card;
1163 target.dom_id = domain;
1164 prep_urb(urb, &target, 1,
1165 req, sizeof(*req) + req_pl_size,
1166 rep, sizeof(*rep) + sizeof(*rep_pl));
1167
1168 rc = zcrypt_send_ep11_cprb(urb);
1169 if (rc) {
1170 DEBUG_ERR(
1171 "%s zcrypt_send_ep11_cprb(card=%d dom=%d) failed, rc=%d\n",
1172 __func__, (int) card, (int) domain, rc);
1173 goto out;
1174 }
1175
1176 rc = check_reply_pl((u8 *)rep_pl, __func__);
1177 if (rc)
1178 goto out;
1179 if (rep_pl->data_tag != 0x04 || rep_pl->data_lenfmt != 0x82) {
1180 DEBUG_ERR("%s unknown reply data format\n", __func__);
1181 rc = -EIO;
1182 goto out;
1183 }
1184 if (rep_pl->data_len > *datasize) {
1185 DEBUG_ERR("%s mismatch reply data len / data buffer len\n",
1186 __func__);
1187 rc = -ENOSPC;
1188 goto out;
1189 }
1190
1191
1192 memcpy(databuf, rep_pl->data, rep_pl->data_len);
1193 *datasize = rep_pl->data_len;
1194
1195out:
1196 kfree(req);
1197 kfree(rep);
1198 kfree(urb);
1199 return rc;
1200}
1201
1202int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
1203 const u8 *clrkey, u8 *keybuf, size_t *keybufsize)
1204{
1205 int rc;
1206 struct ep11keyblob *kb;
1207 u8 encbuf[64], *kek = NULL;
1208 size_t clrkeylen, keklen, encbuflen = sizeof(encbuf);
1209
1210 if (keybitsize == 128 || keybitsize == 192 || keybitsize == 256)
1211 clrkeylen = keybitsize / 8;
1212 else {
1213 DEBUG_ERR(
1214 "%s unknown/unsupported keybitsize %d\n",
1215 __func__, keybitsize);
1216 return -EINVAL;
1217 }
1218
1219
1220 keklen = MAXEP11AESKEYBLOBSIZE;
1221 kek = kmalloc(keklen, GFP_ATOMIC);
1222 if (!kek) {
1223 rc = -ENOMEM;
1224 goto out;
1225 }
1226
1227
1228 rc = ep11_genaeskey(card, domain, 256,
1229 0x00006c00,
1230 kek, &keklen);
1231 if (rc) {
1232 DEBUG_ERR(
1233 "%s generate kek key failed, rc=%d\n",
1234 __func__, rc);
1235 goto out;
1236 }
1237 kb = (struct ep11keyblob *) kek;
1238 memset(&kb->head, 0, sizeof(kb->head));
1239
1240
1241 rc = ep11_cryptsingle(card, domain, 0, 0, def_iv, kek, keklen,
1242 clrkey, clrkeylen, encbuf, &encbuflen);
1243 if (rc) {
1244 DEBUG_ERR(
1245 "%s encrypting key value with kek key failed, rc=%d\n",
1246 __func__, rc);
1247 goto out;
1248 }
1249
1250
1251 rc = ep11_unwrapkey(card, domain, kek, keklen,
1252 encbuf, encbuflen, 0, def_iv,
1253 keybitsize, 0, keybuf, keybufsize);
1254 if (rc) {
1255 DEBUG_ERR(
1256 "%s importing key value as new key failed,, rc=%d\n",
1257 __func__, rc);
1258 goto out;
1259 }
1260
1261out:
1262 kfree(kek);
1263 return rc;
1264}
1265EXPORT_SYMBOL(ep11_clr2keyblob);
1266
1267int ep11_kblob2protkey(u16 card, u16 dom, const u8 *keyblob, size_t keybloblen,
1268 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
1269{
1270 int rc = -EIO;
1271 u8 *wkbuf = NULL;
1272 size_t wkbuflen, keylen;
1273 struct wk_info {
1274 u16 version;
1275 u8 res1[16];
1276 u32 pkeytype;
1277 u32 pkeybitsize;
1278 u64 pkeysize;
1279 u8 res2[8];
1280 u8 pkey[0];
1281 } __packed * wki;
1282 const u8 *key;
1283 struct ep11kblob_header *hdr;
1284
1285
1286 hdr = (struct ep11kblob_header *) keyblob;
1287 if (hdr->type == TOKTYPE_NON_CCA
1288 && (hdr->version == TOKVER_EP11_AES_WITH_HEADER
1289 || hdr->version == TOKVER_EP11_ECC_WITH_HEADER)
1290 && is_ep11_keyblob(keyblob + sizeof(struct ep11kblob_header))) {
1291
1292 key = keyblob + sizeof(struct ep11kblob_header);
1293 keylen = hdr->len - sizeof(struct ep11kblob_header);
1294 } else if (hdr->type == TOKTYPE_NON_CCA
1295 && hdr->version == TOKVER_EP11_AES
1296 && is_ep11_keyblob(keyblob)) {
1297
1298 key = keyblob;
1299 keylen = hdr->len;
1300 } else if (is_ep11_keyblob(keyblob)) {
1301
1302 key = keyblob;
1303 keylen = keybloblen;
1304 } else
1305 return -EINVAL;
1306
1307
1308 wkbuflen = (keylen + AES_BLOCK_SIZE) & (~(AES_BLOCK_SIZE - 1));
1309 wkbuf = kmalloc(wkbuflen, GFP_ATOMIC);
1310 if (!wkbuf)
1311 return -ENOMEM;
1312
1313
1314 rc = ep11_wrapkey(card, dom, key, keylen,
1315 0, def_iv, wkbuf, &wkbuflen);
1316 if (rc) {
1317 DEBUG_ERR(
1318 "%s rewrapping ep11 key to pkey failed, rc=%d\n",
1319 __func__, rc);
1320 goto out;
1321 }
1322 wki = (struct wk_info *) wkbuf;
1323
1324
1325 if (wki->version != 1 || wki->pkeytype < 1 || wki->pkeytype > 5) {
1326 DEBUG_ERR("%s wk info version %d or pkeytype %d mismatch.\n",
1327 __func__, (int) wki->version, (int) wki->pkeytype);
1328 rc = -EIO;
1329 goto out;
1330 }
1331
1332
1333 switch (wki->pkeytype) {
1334 case 1:
1335 switch (wki->pkeysize) {
1336 case 16+32:
1337
1338 if (protkeytype)
1339 *protkeytype = PKEY_KEYTYPE_AES_128;
1340 break;
1341 case 24+32:
1342
1343 if (protkeytype)
1344 *protkeytype = PKEY_KEYTYPE_AES_192;
1345 break;
1346 case 32+32:
1347
1348 if (protkeytype)
1349 *protkeytype = PKEY_KEYTYPE_AES_256;
1350 break;
1351 default:
1352 DEBUG_ERR("%s unknown/unsupported AES pkeysize %d\n",
1353 __func__, (int) wki->pkeysize);
1354 rc = -EIO;
1355 goto out;
1356 }
1357 break;
1358 case 3:
1359 case 4:
1360 case 5:
1361 if (protkeytype)
1362 *protkeytype = PKEY_KEYTYPE_ECC;
1363 break;
1364 case 2:
1365 default:
1366 DEBUG_ERR("%s unknown/unsupported key type %d\n",
1367 __func__, (int) wki->pkeytype);
1368 rc = -EIO;
1369 goto out;
1370 }
1371
1372
1373 if (wki->pkeysize > *protkeylen) {
1374 DEBUG_ERR("%s wk info pkeysize %llu > protkeysize %u\n",
1375 __func__, wki->pkeysize, *protkeylen);
1376 rc = -EINVAL;
1377 goto out;
1378 }
1379 memcpy(protkey, wki->pkey, wki->pkeysize);
1380 *protkeylen = wki->pkeysize;
1381
1382out:
1383 kfree(wkbuf);
1384 return rc;
1385}
1386EXPORT_SYMBOL(ep11_kblob2protkey);
1387
1388int ep11_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
1389 int minhwtype, int minapi, const u8 *wkvp)
1390{
1391 struct zcrypt_device_status_ext *device_status;
1392 u32 *_apqns = NULL, _nr_apqns = 0;
1393 int i, card, dom, rc = -ENOMEM;
1394 struct ep11_domain_info edi;
1395 struct ep11_card_info eci;
1396
1397
1398 device_status = kvmalloc_array(MAX_ZDEV_ENTRIES_EXT,
1399 sizeof(struct zcrypt_device_status_ext),
1400 GFP_KERNEL);
1401 if (!device_status)
1402 return -ENOMEM;
1403 zcrypt_device_status_mask_ext(device_status);
1404
1405
1406 _apqns = kmalloc_array(256, sizeof(u32), GFP_KERNEL);
1407 if (!_apqns) {
1408 kvfree(device_status);
1409 return -ENOMEM;
1410 }
1411
1412
1413 for (i = 0; i < MAX_ZDEV_ENTRIES_EXT; i++) {
1414 card = AP_QID_CARD(device_status[i].qid);
1415 dom = AP_QID_QUEUE(device_status[i].qid);
1416
1417 if (!device_status[i].online)
1418 continue;
1419
1420 if (!(device_status[i].functions & 0x01))
1421 continue;
1422
1423 if (cardnr != 0xFFFF && card != cardnr)
1424 continue;
1425
1426 if (domain != 0xFFFF && dom != domain)
1427 continue;
1428
1429 if (minhwtype && device_status[i].hwtype < minhwtype)
1430 continue;
1431
1432 if (minapi > 0) {
1433 if (ep11_get_card_info(card, &eci, 0))
1434 continue;
1435 if (minapi > eci.API_ord_nr)
1436 continue;
1437 }
1438
1439 if (wkvp) {
1440 if (ep11_get_domain_info(card, dom, &edi))
1441 continue;
1442 if (edi.cur_wk_state != '1')
1443 continue;
1444 if (memcmp(wkvp, edi.cur_wkvp, 16))
1445 continue;
1446 }
1447
1448 if (_nr_apqns < 256)
1449 _apqns[_nr_apqns++] = (((u16)card) << 16) | ((u16) dom);
1450 }
1451
1452
1453 if (!_nr_apqns) {
1454 kfree(_apqns);
1455 rc = -ENODEV;
1456 } else {
1457
1458 *apqns = _apqns;
1459 *nr_apqns = _nr_apqns;
1460 rc = 0;
1461 }
1462
1463 kvfree(device_status);
1464 return rc;
1465}
1466EXPORT_SYMBOL(ep11_findcard2);
1467
1468void __exit zcrypt_ep11misc_exit(void)
1469{
1470 card_cache_free();
1471}
1472
