1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * pkey ep11 specific code 4 * 5 * Copyright IBM Corp. 2024 6 */ 7 8 #define KMSG_COMPONENT "pkey" 9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 10 11 #include <linux/init.h> 12 #include <linux/module.h> 13 #include <linux/cpufeature.h> 14 15 #include "zcrypt_ccamisc.h" 16 #include "zcrypt_ep11misc.h" 17 #include "pkey_base.h" 18 19 MODULE_LICENSE("GPL"); 20 MODULE_AUTHOR("IBM Corporation"); 21 MODULE_DESCRIPTION("s390 protected key EP11 handler"); 22 23 #if IS_MODULE(CONFIG_PKEY_EP11) 24 static struct ap_device_id pkey_ep11_card_ids[] = { 25 { .dev_type = AP_DEVICE_TYPE_CEX4 }, 26 { .dev_type = AP_DEVICE_TYPE_CEX5 }, 27 { .dev_type = AP_DEVICE_TYPE_CEX6 }, 28 { .dev_type = AP_DEVICE_TYPE_CEX7 }, 29 { .dev_type = AP_DEVICE_TYPE_CEX8 }, 30 { /* end of list */ }, 31 }; 32 MODULE_DEVICE_TABLE(ap, pkey_ep11_card_ids); 33 #endif 34 35 /* 36 * Check key blob for known and supported EP11 key. 37 */ 38 static bool is_ep11_key(const u8 *key, u32 keylen) 39 { 40 struct keytoken_header *hdr = (struct keytoken_header *)key; 41 42 if (keylen < sizeof(*hdr)) 43 return false; 44 45 switch (hdr->type) { 46 case TOKTYPE_NON_CCA: 47 switch (hdr->version) { 48 case TOKVER_EP11_AES: 49 case TOKVER_EP11_AES_WITH_HEADER: 50 case TOKVER_EP11_ECC_WITH_HEADER: 51 return true; 52 default: 53 return false; 54 } 55 default: 56 return false; 57 } 58 } 59 60 static bool is_ep11_keytype(enum pkey_key_type key_type) 61 { 62 switch (key_type) { 63 case PKEY_TYPE_EP11: 64 case PKEY_TYPE_EP11_AES: 65 case PKEY_TYPE_EP11_ECC: 66 return true; 67 default: 68 return false; 69 } 70 } 71 72 static int ep11_apqns4key(const u8 *key, u32 keylen, u32 flags, 73 struct pkey_apqn *apqns, size_t *nr_apqns, u32 pflags) 74 { 75 struct keytoken_header *hdr = (struct keytoken_header *)key; 76 u32 _apqns[MAXAPQNSINLIST], _nr_apqns = ARRAY_SIZE(_apqns); 77 u32 xflags; 78 int rc; 79 80 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 81 82 if (!flags) 83 flags = PKEY_FLAGS_MATCH_CUR_MKVP; 84 85 if (keylen < sizeof(struct keytoken_header) || flags == 0) 86 return -EINVAL; 87 88 zcrypt_wait_api_operational(); 89 90 if (hdr->type == TOKTYPE_NON_CCA && 91 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || 92 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && 93 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 94 struct ep11keyblob *kb = (struct ep11keyblob *) 95 (key + sizeof(struct ep11kblob_header)); 96 int minhwtype = 0, api = 0; 97 98 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 99 return -EINVAL; 100 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 101 minhwtype = ZCRYPT_CEX7; 102 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 103 } 104 rc = ep11_findcard2(_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 105 minhwtype, api, kb->wkvp, xflags); 106 if (rc) 107 goto out; 108 109 } else if (hdr->type == TOKTYPE_NON_CCA && 110 hdr->version == TOKVER_EP11_AES && 111 is_ep11_keyblob(key)) { 112 struct ep11keyblob *kb = (struct ep11keyblob *)key; 113 int minhwtype = 0, api = 0; 114 115 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 116 return -EINVAL; 117 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 118 minhwtype = ZCRYPT_CEX7; 119 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 120 } 121 rc = ep11_findcard2(_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 122 minhwtype, api, kb->wkvp, xflags); 123 if (rc) 124 goto out; 125 126 } else { 127 PKEY_DBF_ERR("%s unknown/unsupported blob type %d version %d\n", 128 __func__, hdr->type, hdr->version); 129 return -EINVAL; 130 } 131 132 if (apqns) { 133 if (*nr_apqns < _nr_apqns) 134 rc = -ENOSPC; 135 else 136 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 137 } 138 *nr_apqns = _nr_apqns; 139 140 out: 141 pr_debug("rc=%d\n", rc); 142 return rc; 143 } 144 145 static int ep11_apqns4type(enum pkey_key_type ktype, 146 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 147 struct pkey_apqn *apqns, size_t *nr_apqns, u32 pflags) 148 { 149 u32 _apqns[MAXAPQNSINLIST], _nr_apqns = ARRAY_SIZE(_apqns); 150 u32 xflags; 151 int rc; 152 153 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 154 155 zcrypt_wait_api_operational(); 156 157 if (ktype == PKEY_TYPE_EP11 || 158 ktype == PKEY_TYPE_EP11_AES || 159 ktype == PKEY_TYPE_EP11_ECC) { 160 u8 *wkvp = NULL; 161 int api; 162 163 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 164 wkvp = cur_mkvp; 165 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 166 rc = ep11_findcard2(_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 167 ZCRYPT_CEX7, api, wkvp, xflags); 168 if (rc) 169 goto out; 170 171 } else { 172 PKEY_DBF_ERR("%s unknown/unsupported key type %d\n", 173 __func__, (int)ktype); 174 return -EINVAL; 175 } 176 177 if (apqns) { 178 if (*nr_apqns < _nr_apqns) 179 rc = -ENOSPC; 180 else 181 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 182 } 183 *nr_apqns = _nr_apqns; 184 185 out: 186 pr_debug("rc=%d\n", rc); 187 return rc; 188 } 189 190 static int ep11_key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns, 191 const u8 *key, u32 keylen, 192 u8 *protkey, u32 *protkeylen, u32 *protkeytype, 193 u32 pflags) 194 { 195 struct keytoken_header *hdr = (struct keytoken_header *)key; 196 struct pkey_apqn _apqns[MAXAPQNSINLIST]; 197 u32 xflags; 198 int i, rc; 199 200 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 201 202 if (keylen < sizeof(*hdr)) 203 return -EINVAL; 204 205 if (hdr->type == TOKTYPE_NON_CCA && 206 hdr->version == TOKVER_EP11_AES_WITH_HEADER && 207 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 208 /* EP11 AES key blob with header */ 209 if (ep11_check_aes_key_with_hdr(pkey_dbf_info, 210 3, key, keylen, 1)) 211 return -EINVAL; 212 } else if (hdr->type == TOKTYPE_NON_CCA && 213 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && 214 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 215 /* EP11 ECC key blob with header */ 216 if (ep11_check_ecc_key_with_hdr(pkey_dbf_info, 217 3, key, keylen, 1)) 218 return -EINVAL; 219 } else if (hdr->type == TOKTYPE_NON_CCA && 220 hdr->version == TOKVER_EP11_AES && 221 is_ep11_keyblob(key)) { 222 /* EP11 AES key blob with header in session field */ 223 if (ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1)) 224 return -EINVAL; 225 } else { 226 PKEY_DBF_ERR("%s unknown/unsupported blob type %d version %d\n", 227 __func__, hdr->type, hdr->version); 228 return -EINVAL; 229 } 230 231 zcrypt_wait_api_operational(); 232 233 if (!apqns || (nr_apqns == 1 && 234 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) { 235 nr_apqns = MAXAPQNSINLIST; 236 rc = ep11_apqns4key(key, keylen, 0, _apqns, &nr_apqns, pflags); 237 if (rc) 238 goto out; 239 apqns = _apqns; 240 } 241 242 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 243 if (hdr->type == TOKTYPE_NON_CCA && 244 hdr->version == TOKVER_EP11_AES_WITH_HEADER && 245 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 246 rc = ep11_kblob2protkey(apqns[i].card, apqns[i].domain, 247 key, hdr->len, protkey, 248 protkeylen, protkeytype, xflags); 249 } else if (hdr->type == TOKTYPE_NON_CCA && 250 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && 251 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 252 rc = ep11_kblob2protkey(apqns[i].card, apqns[i].domain, 253 key, hdr->len, protkey, 254 protkeylen, protkeytype, xflags); 255 } else if (hdr->type == TOKTYPE_NON_CCA && 256 hdr->version == TOKVER_EP11_AES && 257 is_ep11_keyblob(key)) { 258 rc = ep11_kblob2protkey(apqns[i].card, apqns[i].domain, 259 key, hdr->len, protkey, 260 protkeylen, protkeytype, xflags); 261 } else { 262 rc = -EINVAL; 263 break; 264 } 265 } 266 267 out: 268 pr_debug("rc=%d\n", rc); 269 return rc; 270 } 271 272 /* 273 * Generate EP11 secure key. 274 * As of now only EP11 AES secure keys are supported. 275 * keytype is one of the PKEY_KEYTYPE_* constants, 276 * subtype may be PKEY_TYPE_EP11 or PKEY_TYPE_EP11_AES 277 * or 0 (results in subtype PKEY_TYPE_EP11_AES), 278 * keybitsize is the bit size of the key (may be 0 for 279 * keytype PKEY_KEYTYPE_AES_*). 280 */ 281 static int ep11_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns, 282 u32 keytype, u32 subtype, 283 u32 keybitsize, u32 flags, 284 u8 *keybuf, u32 *keybuflen, u32 *_keyinfo, u32 pflags) 285 { 286 struct pkey_apqn _apqns[MAXAPQNSINLIST]; 287 int i, len, rc; 288 u32 xflags; 289 290 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 291 292 /* check keytype, subtype, keybitsize */ 293 switch (keytype) { 294 case PKEY_KEYTYPE_AES_128: 295 case PKEY_KEYTYPE_AES_192: 296 case PKEY_KEYTYPE_AES_256: 297 len = pkey_keytype_aes_to_size(keytype); 298 if (keybitsize && keybitsize != 8 * len) { 299 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 300 __func__, keybitsize); 301 return -EINVAL; 302 } 303 keybitsize = 8 * len; 304 switch (subtype) { 305 case PKEY_TYPE_EP11: 306 case PKEY_TYPE_EP11_AES: 307 break; 308 default: 309 PKEY_DBF_ERR("%s unknown/unsupported subtype %d\n", 310 __func__, subtype); 311 return -EINVAL; 312 } 313 break; 314 default: 315 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n", 316 __func__, keytype); 317 return -EINVAL; 318 } 319 320 zcrypt_wait_api_operational(); 321 322 if (!apqns || (nr_apqns == 1 && 323 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) { 324 nr_apqns = MAXAPQNSINLIST; 325 rc = ep11_apqns4type(subtype, NULL, NULL, 0, 326 _apqns, &nr_apqns, pflags); 327 if (rc) 328 goto out; 329 apqns = _apqns; 330 } 331 332 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 333 rc = ep11_genaeskey(apqns[i].card, apqns[i].domain, 334 keybitsize, flags, 335 keybuf, keybuflen, subtype, xflags); 336 } 337 338 out: 339 pr_debug("rc=%d\n", rc); 340 return rc; 341 } 342 343 /* 344 * Generate EP11 secure key with given clear key value. 345 * As of now only EP11 AES secure keys are supported. 346 * keytype is one of the PKEY_KEYTYPE_* constants, 347 * subtype may be PKEY_TYPE_EP11 or PKEY_TYPE_EP11_AES 348 * or 0 (assumes PKEY_TYPE_EP11_AES then). 349 * keybitsize is the bit size of the key (may be 0 for 350 * keytype PKEY_KEYTYPE_AES_*). 351 */ 352 static int ep11_clr2key(const struct pkey_apqn *apqns, size_t nr_apqns, 353 u32 keytype, u32 subtype, 354 u32 keybitsize, u32 flags, 355 const u8 *clrkey, u32 clrkeylen, 356 u8 *keybuf, u32 *keybuflen, u32 *_keyinfo, u32 pflags) 357 { 358 struct pkey_apqn _apqns[MAXAPQNSINLIST]; 359 int i, len, rc; 360 u32 xflags; 361 362 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 363 364 /* check keytype, subtype, clrkeylen, keybitsize */ 365 switch (keytype) { 366 case PKEY_KEYTYPE_AES_128: 367 case PKEY_KEYTYPE_AES_192: 368 case PKEY_KEYTYPE_AES_256: 369 len = pkey_keytype_aes_to_size(keytype); 370 if (keybitsize && keybitsize != 8 * len) { 371 PKEY_DBF_ERR("%s unknown/unsupported keybitsize %d\n", 372 __func__, keybitsize); 373 return -EINVAL; 374 } 375 keybitsize = 8 * len; 376 if (clrkeylen != len) { 377 PKEY_DBF_ERR("%s invalid clear key len %d != %d\n", 378 __func__, clrkeylen, len); 379 return -EINVAL; 380 } 381 switch (subtype) { 382 case PKEY_TYPE_EP11: 383 case PKEY_TYPE_EP11_AES: 384 break; 385 default: 386 PKEY_DBF_ERR("%s unknown/unsupported subtype %d\n", 387 __func__, subtype); 388 return -EINVAL; 389 } 390 break; 391 default: 392 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n", 393 __func__, keytype); 394 return -EINVAL; 395 } 396 397 zcrypt_wait_api_operational(); 398 399 if (!apqns || (nr_apqns == 1 && 400 apqns[0].card == 0xFFFF && apqns[0].domain == 0xFFFF)) { 401 nr_apqns = MAXAPQNSINLIST; 402 rc = ep11_apqns4type(subtype, NULL, NULL, 0, 403 _apqns, &nr_apqns, pflags); 404 if (rc) 405 goto out; 406 apqns = _apqns; 407 } 408 409 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 410 rc = ep11_clr2keyblob(apqns[i].card, apqns[i].domain, 411 keybitsize, flags, clrkey, 412 keybuf, keybuflen, subtype, xflags); 413 } 414 415 out: 416 pr_debug("rc=%d\n", rc); 417 return rc; 418 } 419 420 static int ep11_verifykey(const u8 *key, u32 keylen, 421 u16 *card, u16 *dom, 422 u32 *keytype, u32 *keybitsize, u32 *flags, u32 pflags) 423 { 424 struct keytoken_header *hdr = (struct keytoken_header *)key; 425 u32 apqns[MAXAPQNSINLIST], nr_apqns = ARRAY_SIZE(apqns); 426 u32 xflags; 427 int rc; 428 429 xflags = pflags & PKEY_XFLAG_NOMEMALLOC ? ZCRYPT_XFLAG_NOMEMALLOC : 0; 430 431 if (keylen < sizeof(*hdr)) 432 return -EINVAL; 433 434 zcrypt_wait_api_operational(); 435 436 if (hdr->type == TOKTYPE_NON_CCA && 437 hdr->version == TOKVER_EP11_AES) { 438 struct ep11keyblob *kb = (struct ep11keyblob *)key; 439 int api; 440 441 rc = ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1); 442 if (rc) 443 goto out; 444 *keytype = PKEY_TYPE_EP11; 445 *keybitsize = kb->head.bitlen; 446 447 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 448 rc = ep11_findcard2(apqns, &nr_apqns, *card, *dom, 449 ZCRYPT_CEX7, api, 450 ep11_kb_wkvp(key, keylen), xflags); 451 if (rc) 452 goto out; 453 454 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 455 456 *card = ((struct pkey_apqn *)apqns)->card; 457 *dom = ((struct pkey_apqn *)apqns)->domain; 458 459 } else if (hdr->type == TOKTYPE_NON_CCA && 460 hdr->version == TOKVER_EP11_AES_WITH_HEADER) { 461 struct ep11kblob_header *kh = (struct ep11kblob_header *)key; 462 int api; 463 464 rc = ep11_check_aes_key_with_hdr(pkey_dbf_info, 465 3, key, keylen, 1); 466 if (rc) 467 goto out; 468 *keytype = PKEY_TYPE_EP11_AES; 469 *keybitsize = kh->bitlen; 470 471 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 472 rc = ep11_findcard2(apqns, &nr_apqns, *card, *dom, 473 ZCRYPT_CEX7, api, 474 ep11_kb_wkvp(key, keylen), xflags); 475 if (rc) 476 goto out; 477 478 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 479 480 *card = ((struct pkey_apqn *)apqns)->card; 481 *dom = ((struct pkey_apqn *)apqns)->domain; 482 483 } else { 484 /* unknown/unsupported key blob */ 485 rc = -EINVAL; 486 } 487 488 out: 489 pr_debug("rc=%d\n", rc); 490 return rc; 491 } 492 493 /* 494 * This function provides an alternate but usually slow way 495 * to convert a 'clear key token' with AES key material into 496 * a protected key. That is done via an intermediate step 497 * which creates an EP11 AES secure key first and then derives 498 * the protected key from this secure key. 499 */ 500 static int ep11_slowpath_key2protkey(const struct pkey_apqn *apqns, 501 size_t nr_apqns, 502 const u8 *key, u32 keylen, 503 u8 *protkey, u32 *protkeylen, 504 u32 *protkeytype, u32 pflags) 505 { 506 const struct keytoken_header *hdr = (const struct keytoken_header *)key; 507 const struct clearkeytoken *t = (const struct clearkeytoken *)key; 508 u8 tmpbuf[MAXEP11AESKEYBLOBSIZE]; /* 336 bytes */ 509 u32 tmplen, keysize = 0; 510 int i, rc; 511 512 if (keylen < sizeof(*hdr)) 513 return -EINVAL; 514 515 if (hdr->type == TOKTYPE_NON_CCA && 516 hdr->version == TOKVER_CLEAR_KEY) 517 keysize = pkey_keytype_aes_to_size(t->keytype); 518 if (!keysize || t->len != keysize) 519 return -EINVAL; 520 521 /* try two times in case of failure */ 522 for (i = 0, rc = -ENODEV; i < 2 && rc; i++) { 523 tmplen = MAXEP11AESKEYBLOBSIZE; 524 rc = ep11_clr2key(NULL, 0, t->keytype, PKEY_TYPE_EP11, 525 8 * keysize, 0, t->clearkey, t->len, 526 tmpbuf, &tmplen, NULL, pflags); 527 pr_debug("ep11_clr2key()=%d\n", rc); 528 if (rc) 529 continue; 530 rc = ep11_key2protkey(NULL, 0, tmpbuf, tmplen, 531 protkey, protkeylen, protkeytype, pflags); 532 pr_debug("ep11_key2protkey()=%d\n", rc); 533 } 534 535 pr_debug("rc=%d\n", rc); 536 return rc; 537 } 538 539 static struct pkey_handler ep11_handler = { 540 .module = THIS_MODULE, 541 .name = "PKEY EP11 handler", 542 .is_supported_key = is_ep11_key, 543 .is_supported_keytype = is_ep11_keytype, 544 .key_to_protkey = ep11_key2protkey, 545 .slowpath_key_to_protkey = ep11_slowpath_key2protkey, 546 .gen_key = ep11_gen_key, 547 .clr_to_key = ep11_clr2key, 548 .verify_key = ep11_verifykey, 549 .apqns_for_key = ep11_apqns4key, 550 .apqns_for_keytype = ep11_apqns4type, 551 }; 552 553 /* 554 * Module init 555 */ 556 static int __init pkey_ep11_init(void) 557 { 558 /* register this module as pkey handler for all the ep11 stuff */ 559 return pkey_handler_register(&ep11_handler); 560 } 561 562 /* 563 * Module exit 564 */ 565 static void __exit pkey_ep11_exit(void) 566 { 567 /* unregister this module as pkey handler */ 568 pkey_handler_unregister(&ep11_handler); 569 } 570 571 module_init(pkey_ep11_init); 572 module_exit(pkey_ep11_exit); 573