Lines Matching +full:non +full:- +full:secure +full:- +full:domain
1 // SPDX-License-Identifier: GPL-2.0
168 return -EINVAL; in pkey_clr2protkey()
174 return -EINVAL; in pkey_clr2protkey()
181 return -ENODEV; in pkey_clr2protkey()
186 return -ENODEV; in pkey_clr2protkey()
205 * Find card and transform secure key into protected key.
211 u16 cardnr, domain; in pkey_skey2pkey() local
224 rc = cca_findcard(key, &cardnr, &domain, verify); in pkey_skey2pkey()
229 switch (hdr->version) { in pkey_skey2pkey()
231 rc = cca_sec2protkey(cardnr, domain, key, in pkey_skey2pkey()
235 rc = cca_cipher2protkey(cardnr, domain, key, in pkey_skey2pkey()
240 return -EINVAL; in pkey_skey2pkey()
273 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) { in pkey_clr2ep11key()
291 * Find card and transform EP11 secure key into protected key.
311 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) { in pkey_ep11key2pkey()
335 u16 cardnr, domain; in pkey_verifykey() local
338 /* check the secure key for valid AES secure key */ in pkey_verifykey()
345 *pkeysize = t->bitsize; in pkey_verifykey()
348 rc = cca_findcard(seckey->seckey, &cardnr, &domain, 1); in pkey_verifykey()
354 DEBUG_DBG("%s secure key has old mkvp\n", __func__); in pkey_verifykey()
363 *pdomain = domain; in pkey_verifykey()
384 return -EINVAL; in pkey_genprotkey()
433 return -EINVAL; in pkey_verifyprotkey()
438 return -EINVAL; in pkey_verifyprotkey()
450 return -EKEYREJECTED; in pkey_verifyprotkey()
465 keysize = pkey_keytype_aes_to_size(t->keytype); in nonccatokaes2pkey()
468 __func__, t->keytype); in nonccatokaes2pkey()
469 return -EINVAL; in nonccatokaes2pkey()
471 if (t->len != keysize) { in nonccatokaes2pkey()
472 DEBUG_ERR("%s non clear key aes token: invalid key len %u\n", in nonccatokaes2pkey()
473 __func__, t->len); in nonccatokaes2pkey()
474 return -EINVAL; in nonccatokaes2pkey()
478 rc = pkey_clr2protkey(t->keytype, t->clearkey, in nonccatokaes2pkey()
483 /* PCKMO failed, so try the CCA secure key way */ in nonccatokaes2pkey()
486 return -ENOMEM; in nonccatokaes2pkey()
488 rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype, t->clearkey, tmpbuf); in nonccatokaes2pkey()
498 rc = pkey_clr2ep11key(t->clearkey, t->len, in nonccatokaes2pkey()
522 switch (t->keytype) { in nonccatokecc2pkey()
540 __func__, t->keytype); in nonccatokecc2pkey()
541 return -EINVAL; in nonccatokecc2pkey()
544 if (t->len != keylen) { in nonccatokecc2pkey()
545 DEBUG_ERR("%s non clear key ecc token: invalid key len %u\n", in nonccatokecc2pkey()
546 __func__, t->len); in nonccatokecc2pkey()
547 return -EINVAL; in nonccatokecc2pkey()
551 rc = pkey_clr2protkey(t->keytype, t->clearkey, in nonccatokecc2pkey()
562 * Transform a non-CCA key token into a protected key
568 int rc = -EINVAL; in pkey_nonccatok2pkey()
570 switch (hdr->version) { in pkey_nonccatok2pkey()
577 rc = pkey_verifyprotkey(t->protkey, t->len, t->keytype); in pkey_nonccatok2pkey()
580 memcpy(protkey, t->protkey, t->len); in pkey_nonccatok2pkey()
581 *protkeylen = t->len; in pkey_nonccatok2pkey()
582 *protkeytype = t->keytype; in pkey_nonccatok2pkey()
589 keylen != sizeof(*t) + t->len) in pkey_nonccatok2pkey()
591 switch (t->keytype) { in pkey_nonccatok2pkey()
607 DEBUG_ERR("%s unknown/unsupported non cca clear key type %u\n", in pkey_nonccatok2pkey()
608 __func__, t->keytype); in pkey_nonccatok2pkey()
609 return -EINVAL; in pkey_nonccatok2pkey()
631 DEBUG_ERR("%s unknown/unsupported non-CCA token version %d\n", in pkey_nonccatok2pkey()
632 __func__, hdr->version); in pkey_nonccatok2pkey()
647 switch (hdr->version) { in pkey_ccainttok2pkey()
650 return -EINVAL; in pkey_ccainttok2pkey()
653 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) in pkey_ccainttok2pkey()
654 return -EINVAL; in pkey_ccainttok2pkey()
658 __func__, hdr->version); in pkey_ccainttok2pkey()
659 return -EINVAL; in pkey_ccainttok2pkey()
676 return -EINVAL; in pkey_keyblob2pkey()
679 switch (hdr->type) { in pkey_keyblob2pkey()
690 __func__, hdr->type); in pkey_keyblob2pkey()
691 return -EINVAL; in pkey_keyblob2pkey()
707 return -EINVAL; in pkey_genseckey2()
714 return -EINVAL; in pkey_genseckey2()
718 return -EINVAL; in pkey_genseckey2()
723 return -EINVAL; in pkey_genseckey2()
726 return -EINVAL; in pkey_genseckey2()
734 return -EINVAL; in pkey_genseckey2()
738 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_genseckey2()
740 dom = apqns[i].domain; in pkey_genseckey2()
769 return -EINVAL; in pkey_clr2seckey2()
776 return -EINVAL; in pkey_clr2seckey2()
780 return -EINVAL; in pkey_clr2seckey2()
785 return -EINVAL; in pkey_clr2seckey2()
788 return -EINVAL; in pkey_clr2seckey2()
796 return -EINVAL; in pkey_clr2seckey2()
802 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_clr2seckey2()
804 dom = apqns[i].domain; in pkey_clr2seckey2()
827 u16 *cardnr, u16 *domain, in pkey_verifykey2() argument
836 return -EINVAL; in pkey_verifykey2()
838 if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_verifykey2()
839 hdr->version == TOKVER_CCA_AES) { in pkey_verifykey2()
848 *ksize = (enum pkey_key_size)t->bitsize; in pkey_verifykey2()
850 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, in pkey_verifykey2()
851 ZCRYPT_CEX3C, AES_MK_SET, t->mkvp, 0, 1); in pkey_verifykey2()
854 if (rc == -ENODEV) { in pkey_verifykey2()
856 *cardnr, *domain, in pkey_verifykey2()
858 0, t->mkvp, 1); in pkey_verifykey2()
865 *cardnr = ((struct pkey_apqn *)_apqns)->card; in pkey_verifykey2()
866 *domain = ((struct pkey_apqn *)_apqns)->domain; in pkey_verifykey2()
868 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_verifykey2()
869 hdr->version == TOKVER_CCA_VLSC) { in pkey_verifykey2()
879 if (!t->plfver && t->wpllen == 512) in pkey_verifykey2()
881 else if (!t->plfver && t->wpllen == 576) in pkey_verifykey2()
883 else if (!t->plfver && t->wpllen == 640) in pkey_verifykey2()
887 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, in pkey_verifykey2()
888 ZCRYPT_CEX6, AES_MK_SET, t->mkvp0, 0, 1); in pkey_verifykey2()
891 if (rc == -ENODEV) { in pkey_verifykey2()
893 *cardnr, *domain, in pkey_verifykey2()
895 0, t->mkvp0, 1); in pkey_verifykey2()
902 *cardnr = ((struct pkey_apqn *)_apqns)->card; in pkey_verifykey2()
903 *domain = ((struct pkey_apqn *)_apqns)->domain; in pkey_verifykey2()
905 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_verifykey2()
906 hdr->version == TOKVER_EP11_AES) { in pkey_verifykey2()
916 *ksize = kb->head.bitlen; in pkey_verifykey2()
919 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, in pkey_verifykey2()
928 *cardnr = ((struct pkey_apqn *)_apqns)->card; in pkey_verifykey2()
929 *domain = ((struct pkey_apqn *)_apqns)->domain; in pkey_verifykey2()
931 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_verifykey2()
932 hdr->version == TOKVER_EP11_AES_WITH_HEADER) { in pkey_verifykey2()
943 *ksize = kh->bitlen; in pkey_verifykey2()
946 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, in pkey_verifykey2()
955 *cardnr = ((struct pkey_apqn *)_apqns)->card; in pkey_verifykey2()
956 *domain = ((struct pkey_apqn *)_apqns)->domain; in pkey_verifykey2()
958 rc = -EINVAL; in pkey_verifykey2()
975 return -EINVAL; in pkey_keyblob2pkey2()
978 return -EINVAL; in pkey_keyblob2pkey2()
980 if (hdr->type == TOKTYPE_CCA_INTERNAL) { in pkey_keyblob2pkey2()
981 if (hdr->version == TOKVER_CCA_AES) { in pkey_keyblob2pkey2()
983 return -EINVAL; in pkey_keyblob2pkey2()
985 return -EINVAL; in pkey_keyblob2pkey2()
986 } else if (hdr->version == TOKVER_CCA_VLSC) { in pkey_keyblob2pkey2()
987 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) in pkey_keyblob2pkey2()
988 return -EINVAL; in pkey_keyblob2pkey2()
990 return -EINVAL; in pkey_keyblob2pkey2()
993 __func__, hdr->version); in pkey_keyblob2pkey2()
994 return -EINVAL; in pkey_keyblob2pkey2()
996 } else if (hdr->type == TOKTYPE_NON_CCA) { in pkey_keyblob2pkey2()
997 if (hdr->version == TOKVER_EP11_AES) { in pkey_keyblob2pkey2()
999 return -EINVAL; in pkey_keyblob2pkey2()
1000 } else if (hdr->version == TOKVER_EP11_AES_WITH_HEADER) { in pkey_keyblob2pkey2()
1003 return -EINVAL; in pkey_keyblob2pkey2()
1011 __func__, hdr->type); in pkey_keyblob2pkey2()
1012 return -EINVAL; in pkey_keyblob2pkey2()
1018 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_keyblob2pkey2()
1020 dom = apqns[i].domain; in pkey_keyblob2pkey2()
1021 if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_keyblob2pkey2()
1022 hdr->version == TOKVER_CCA_AES) { in pkey_keyblob2pkey2()
1025 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_keyblob2pkey2()
1026 hdr->version == TOKVER_CCA_VLSC) { in pkey_keyblob2pkey2()
1050 return -EINVAL; in pkey_apqns4key()
1054 if (hdr->type == TOKTYPE_NON_CCA && in pkey_apqns4key()
1055 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || in pkey_apqns4key()
1056 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && in pkey_apqns4key()
1063 return -EINVAL; in pkey_apqns4key()
1064 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { in pkey_apqns4key()
1069 minhwtype, api, kb->wkvp); in pkey_apqns4key()
1072 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_apqns4key()
1073 hdr->version == TOKVER_EP11_AES && in pkey_apqns4key()
1079 return -EINVAL; in pkey_apqns4key()
1080 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { in pkey_apqns4key()
1085 minhwtype, api, kb->wkvp); in pkey_apqns4key()
1088 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { in pkey_apqns4key()
1092 if (hdr->version == TOKVER_CCA_AES) { in pkey_apqns4key()
1096 cur_mkvp = t->mkvp; in pkey_apqns4key()
1098 old_mkvp = t->mkvp; in pkey_apqns4key()
1099 } else if (hdr->version == TOKVER_CCA_VLSC) { in pkey_apqns4key()
1104 cur_mkvp = t->mkvp0; in pkey_apqns4key()
1106 old_mkvp = t->mkvp0; in pkey_apqns4key()
1109 return -EINVAL; in pkey_apqns4key()
1116 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { in pkey_apqns4key()
1120 if (t->secid == 0x20) { in pkey_apqns4key()
1122 cur_mkvp = t->mkvp; in pkey_apqns4key()
1124 old_mkvp = t->mkvp; in pkey_apqns4key()
1127 return -EINVAL; in pkey_apqns4key()
1135 return -EINVAL; in pkey_apqns4key()
1140 rc = -ENOSPC; in pkey_apqns4key()
1203 return -EINVAL; in pkey_apqns4keytype()
1208 rc = -ENOSPC; in pkey_apqns4keytype()
1228 return -EINVAL; in pkey_keyblob2pkey3()
1231 return -EINVAL; in pkey_keyblob2pkey3()
1233 if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1234 hdr->version == TOKVER_EP11_AES_WITH_HEADER && in pkey_keyblob2pkey3()
1238 return -EINVAL; in pkey_keyblob2pkey3()
1239 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1240 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && in pkey_keyblob2pkey3()
1244 return -EINVAL; in pkey_keyblob2pkey3()
1245 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1246 hdr->version == TOKVER_EP11_AES && in pkey_keyblob2pkey3()
1250 return -EINVAL; in pkey_keyblob2pkey3()
1251 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { in pkey_keyblob2pkey3()
1252 if (hdr->version == TOKVER_CCA_AES) { in pkey_keyblob2pkey3()
1255 return -EINVAL; in pkey_keyblob2pkey3()
1257 return -EINVAL; in pkey_keyblob2pkey3()
1258 } else if (hdr->version == TOKVER_CCA_VLSC) { in pkey_keyblob2pkey3()
1260 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) in pkey_keyblob2pkey3()
1261 return -EINVAL; in pkey_keyblob2pkey3()
1263 return -EINVAL; in pkey_keyblob2pkey3()
1266 __func__, hdr->version); in pkey_keyblob2pkey3()
1267 return -EINVAL; in pkey_keyblob2pkey3()
1269 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { in pkey_keyblob2pkey3()
1272 return -EINVAL; in pkey_keyblob2pkey3()
1274 return -EINVAL; in pkey_keyblob2pkey3()
1275 } else if (hdr->type == TOKTYPE_NON_CCA) { in pkey_keyblob2pkey3()
1280 __func__, hdr->type); in pkey_keyblob2pkey3()
1281 return -EINVAL; in pkey_keyblob2pkey3()
1285 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { in pkey_keyblob2pkey3()
1287 dom = apqns[i].domain; in pkey_keyblob2pkey3()
1288 if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1289 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || in pkey_keyblob2pkey3()
1290 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && in pkey_keyblob2pkey3()
1292 rc = ep11_kblob2protkey(card, dom, key, hdr->len, in pkey_keyblob2pkey3()
1295 else if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1296 hdr->version == TOKVER_EP11_AES && in pkey_keyblob2pkey3()
1298 rc = ep11_kblob2protkey(card, dom, key, hdr->len, in pkey_keyblob2pkey3()
1301 else if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_keyblob2pkey3()
1302 hdr->version == TOKVER_CCA_AES) in pkey_keyblob2pkey3()
1305 else if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_keyblob2pkey3()
1306 hdr->version == TOKVER_CCA_VLSC) in pkey_keyblob2pkey3()
1309 else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) in pkey_keyblob2pkey3()
1313 return -EINVAL; in pkey_keyblob2pkey3()
1326 return ERR_PTR(-EINVAL); in _copy_key_from_user()
1350 return -EFAULT; in pkey_unlocked_ioctl()
1351 rc = cca_genseckey(kgs.cardnr, kgs.domain, in pkey_unlocked_ioctl()
1357 return -EFAULT; in pkey_unlocked_ioctl()
1365 return -EFAULT; in pkey_unlocked_ioctl()
1366 rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype, in pkey_unlocked_ioctl()
1372 return -EFAULT; in pkey_unlocked_ioctl()
1381 return -EFAULT; in pkey_unlocked_ioctl()
1383 rc = cca_sec2protkey(ksp.cardnr, ksp.domain, in pkey_unlocked_ioctl()
1390 return -EFAULT; in pkey_unlocked_ioctl()
1398 return -EFAULT; in pkey_unlocked_ioctl()
1407 return -EFAULT; in pkey_unlocked_ioctl()
1416 return -EFAULT; in pkey_unlocked_ioctl()
1418 &kfc.cardnr, &kfc.domain, 1); in pkey_unlocked_ioctl()
1423 return -EFAULT; in pkey_unlocked_ioctl()
1431 return -EFAULT; in pkey_unlocked_ioctl()
1439 return -EFAULT; in pkey_unlocked_ioctl()
1447 return -EFAULT; in pkey_unlocked_ioctl()
1448 rc = pkey_verifykey(&kvk.seckey, &kvk.cardnr, &kvk.domain, in pkey_unlocked_ioctl()
1454 return -EFAULT; in pkey_unlocked_ioctl()
1462 return -EFAULT; in pkey_unlocked_ioctl()
1470 return -EFAULT; in pkey_unlocked_ioctl()
1478 return -EFAULT; in pkey_unlocked_ioctl()
1490 return -EFAULT; in pkey_unlocked_ioctl()
1503 return -EFAULT; in pkey_unlocked_ioctl()
1514 return -EFAULT; in pkey_unlocked_ioctl()
1521 return -ENOMEM; in pkey_unlocked_ioctl()
1535 return -EINVAL; in pkey_unlocked_ioctl()
1539 return -EFAULT; in pkey_unlocked_ioctl()
1544 rc = -EFAULT; in pkey_unlocked_ioctl()
1556 return -EFAULT; in pkey_unlocked_ioctl()
1563 return -ENOMEM; in pkey_unlocked_ioctl()
1577 return -EINVAL; in pkey_unlocked_ioctl()
1581 return -EFAULT; in pkey_unlocked_ioctl()
1586 rc = -EFAULT; in pkey_unlocked_ioctl()
1597 return -EFAULT; in pkey_unlocked_ioctl()
1602 &kvk.cardnr, &kvk.domain, in pkey_unlocked_ioctl()
1609 return -EFAULT; in pkey_unlocked_ioctl()
1619 return -EFAULT; in pkey_unlocked_ioctl()
1640 return -EFAULT; in pkey_unlocked_ioctl()
1651 return -EFAULT; in pkey_unlocked_ioctl()
1658 return -ENOMEM; in pkey_unlocked_ioctl()
1669 if (rc && rc != -ENOSPC) { in pkey_unlocked_ioctl()
1676 return -EINVAL; in pkey_unlocked_ioctl()
1682 return -EFAULT; in pkey_unlocked_ioctl()
1688 rc = -EFAULT; in pkey_unlocked_ioctl()
1699 return -EFAULT; in pkey_unlocked_ioctl()
1706 return -ENOMEM; in pkey_unlocked_ioctl()
1711 if (rc && rc != -ENOSPC) { in pkey_unlocked_ioctl()
1718 return -EINVAL; in pkey_unlocked_ioctl()
1724 return -EFAULT; in pkey_unlocked_ioctl()
1730 rc = -EFAULT; in pkey_unlocked_ioctl()
1742 return -EFAULT; in pkey_unlocked_ioctl()
1755 return -ENOMEM; in pkey_unlocked_ioctl()
1771 return -EINVAL; in pkey_unlocked_ioctl()
1775 return -EFAULT; in pkey_unlocked_ioctl()
1781 return -EFAULT; in pkey_unlocked_ioctl()
1786 return -ENOTTY; in pkey_unlocked_ioctl()
1800 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1810 return -EINVAL; in pkey_protkey_aes_attr_read()
1813 return -EINVAL; in pkey_protkey_aes_attr_read()
1922 * Sysfs attribute read function for all secure key ccadata binary attributes.
1925 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1934 return -EINVAL; in pkey_ccadata_aes_attr_read()
1937 return -EINVAL; in pkey_ccadata_aes_attr_read()
1939 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); in pkey_ccadata_aes_attr_read()
1945 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); in pkey_ccadata_aes_attr_read()
2028 * Sysfs attribute read function for all secure key ccacipher binary attributes.
2030 * secure key blob is generated with each read. In case of partial reads
2031 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2042 return -EINVAL; in pkey_ccacipher_aes_attr_read()
2045 return -EINVAL; in pkey_ccacipher_aes_attr_read()
2056 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_ccacipher_aes_attr_read()
2150 * secure key blob is generated with each read. In case of partial reads
2151 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2165 return -EINVAL; in pkey_ep11_aes_attr_read()
2168 return -EINVAL; in pkey_ep11_aes_attr_read()
2181 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_ep11_aes_attr_read()
2305 * The pckmo instruction should be available - even if we don't in pkey_init()
2311 return -ENODEV; in pkey_init()
2315 return -ENODEV; in pkey_init()
2319 return -ENODEV; in pkey_init()