summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/s390/crypto/pkey_api.c49
-rw-r--r--drivers/s390/crypto/pkey_base.h29
-rw-r--r--drivers/s390/crypto/pkey_cca.c4
-rw-r--r--drivers/s390/crypto/pkey_ep11.c13
-rw-r--r--drivers/s390/crypto/pkey_pckmo.c91
-rw-r--r--drivers/s390/crypto/pkey_sysfs.c125
6 files changed, 213 insertions, 98 deletions
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 732437bf3823..31382c23ec14 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -109,7 +109,7 @@ static int genseck2(const struct pkey_apqn *apqns, size_t nr_apqns,
rc = pkey_cca_gen_key(apqns[i].card,
apqns[i].domain,
u, keytype, keybitsize, flags,
- keybuf, keybuflen);
+ keybuf, keybuflen, NULL);
}
} else if (pkey_is_ep11_keytype(keytype)) {
/* As of now only EP11 AES key generation is supported */
@@ -123,7 +123,7 @@ static int genseck2(const struct pkey_apqn *apqns, size_t nr_apqns,
rc = pkey_ep11_gen_key(apqns[i].card,
apqns[i].domain,
u, keytype, keybitsize, flags,
- keybuf, keybuflen);
+ keybuf, keybuflen, NULL);
}
} else {
PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",
@@ -154,7 +154,7 @@ static int clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
apqns[i].domain,
u, keytype, kbitsize, flags,
clrkey, kbitsize / 8,
- keybuf, keybuflen);
+ keybuf, keybuflen, NULL);
}
} else if (pkey_is_ep11_keytype(keytype)) {
/* As of now only EP11 AES key generation is supported */
@@ -169,7 +169,7 @@ static int clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
apqns[i].domain,
u, keytype, kbitsize, flags,
clrkey, kbitsize / 8,
- keybuf, keybuflen);
+ keybuf, keybuflen, NULL);
}
} else {
PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",
@@ -308,6 +308,7 @@ static int pckmokey2protkey_fallback(const struct clearkeytoken *t,
nr_apqns = MAXAPQNSINLIST;
rc = pkey_cca_apqns4type(PKEY_TYPE_CCA_DATA,
NULL, NULL, 0, apqns, &nr_apqns);
+ pr_debug("pkey_cca_apqns4type(CCA_DATA)=%d\n", rc);
if (rc)
goto try_via_ep11;
for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
@@ -316,7 +317,8 @@ static int pckmokey2protkey_fallback(const struct clearkeytoken *t,
t->keytype, PKEY_TYPE_CCA_DATA,
8 * keysize, 0,
t->clearkey, t->len,
- tmpbuf, &tmplen);
+ tmpbuf, &tmplen, NULL);
+ pr_debug("pkey_cca_clr2key()=%d\n", rc);
}
if (rc)
goto try_via_ep11;
@@ -326,6 +328,7 @@ static int pckmokey2protkey_fallback(const struct clearkeytoken *t,
tmpbuf, tmplen,
protkey, protkeylen,
protkeytype);
+ pr_debug("pkey_cca_key2protkey()=%d\n", rc);
}
if (!rc)
break;
@@ -335,6 +338,7 @@ try_via_ep11:
nr_apqns = MAXAPQNSINLIST;
rc = pkey_ep11_apqns4type(PKEY_TYPE_EP11_AES,
NULL, NULL, 0, apqns, &nr_apqns);
+ pr_debug("pkey_ep11_apqns4type(EP11_AES)=%d\n", rc);
if (rc)
continue;
for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {
@@ -343,7 +347,8 @@ try_via_ep11:
t->keytype, PKEY_TYPE_EP11_AES,
8 * keysize, 0,
t->clearkey, t->len,
- tmpbuf, &tmplen);
+ tmpbuf, &tmplen, NULL);
+ pr_debug("pkey_ep11_clr2key()=%d\n", rc);
}
if (rc)
continue;
@@ -353,6 +358,7 @@ try_via_ep11:
tmpbuf, tmplen,
protkey, protkeylen,
protkeytype);
+ pr_debug("pkey_ep11_key2protkey()=%d\n", rc);
}
}
@@ -367,9 +373,8 @@ static int pckmokey2protkey(const u8 *key, size_t keylen,
{
int rc;
- rc = pkey_pckmo_key2protkey(key, keylen,
- protkey, protkeylen,
- protkeytype);
+ rc = pkey_pckmo_key2protkey(0, 0, key, keylen,
+ protkey, protkeylen, protkeytype);
if (rc == -ENODEV) {
struct keytoken_header *hdr = (struct keytoken_header *)key;
struct clearkeytoken *t = (struct clearkeytoken *)key;
@@ -456,7 +461,7 @@ static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs)
keybuflen = sizeof(kgs.seckey.seckey);
rc = pkey_cca_gen_key(kgs.cardnr, kgs.domain,
kgs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,
- kgs.seckey.seckey, &keybuflen);
+ kgs.seckey.seckey, &keybuflen, NULL);
pr_debug("pkey_cca_gen_key()=%d\n", rc);
if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs)))
rc = -EFAULT;
@@ -478,7 +483,7 @@ static int pkey_ioctl_clr2seck(struct pkey_clr2seck __user *ucs)
kcs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,
kcs.clrkey.clrkey,
pkey_keytype_aes_to_size(kcs.keytype),
- kcs.seckey.seckey, &keybuflen);
+ kcs.seckey.seckey, &keybuflen, NULL);
pr_debug("pkey_cca_clr2key()=%d\n", rc);
if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs)))
rc = -EFAULT;
@@ -515,10 +520,11 @@ static int pkey_ioctl_clr2protk(struct pkey_clr2protk __user *ucp)
if (copy_from_user(&kcp, ucp, sizeof(kcp)))
return -EFAULT;
kcp.protkey.len = sizeof(kcp.protkey.protkey);
- rc = pkey_pckmo_clr2protkey(kcp.keytype, kcp.clrkey.clrkey,
- kcp.protkey.protkey,
- &kcp.protkey.len, &kcp.protkey.type);
- pr_debug("pkey_pckmo_clr2protkey()=%d\n", rc);
+ rc = pkey_pckmo_clr2key(0, 0, kcp.keytype, 0, 0, 0,
+ kcp.clrkey.clrkey, 0,
+ kcp.protkey.protkey,
+ &kcp.protkey.len, &kcp.protkey.type);
+ pr_debug("pkey_pckmo_clr2key()=%d\n", rc);
if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp)))
rc = -EFAULT;
memzero_explicit(&kcp, sizeof(kcp));
@@ -643,9 +649,10 @@ static int pkey_ioctl_genprotk(struct pkey_genprotk __user *ugp)
if (copy_from_user(&kgp, ugp, sizeof(kgp)))
return -EFAULT;
kgp.protkey.len = sizeof(kgp.protkey.protkey);
- rc = pkey_pckmo_gen_protkey(kgp.keytype, kgp.protkey.protkey,
- &kgp.protkey.len, &kgp.protkey.type);
- pr_debug("pkey_gen_protkey()=%d\n", rc);
+ rc = pkey_pckmo_gen_key(0, 0, kgp.keytype, 0, 0, 0,
+ kgp.protkey.protkey,
+ &kgp.protkey.len, &kgp.protkey.type);
+ pr_debug("pkey_pckmo_gen_key()=%d\n", rc);
if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp)))
rc = -EFAULT;
memzero_explicit(&kgp, sizeof(kgp));
@@ -660,9 +667,9 @@ static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp)
if (copy_from_user(&kvp, uvp, sizeof(kvp)))
return -EFAULT;
- rc = pkey_pckmo_verify_protkey(kvp.protkey.protkey,
- kvp.protkey.len, kvp.protkey.type);
- pr_debug("pkey_verify_protkey()=%d\n", rc);
+ rc = pkey_pckmo_verifykey(kvp.protkey.protkey, kvp.protkey.len,
+ 0, 0, &kvp.protkey.type, 0, 0);
+ pr_debug("pkey_pckmo_verifykey()=%d\n", rc);
memzero_explicit(&kvp, sizeof(kvp));
return rc;
diff --git a/drivers/s390/crypto/pkey_base.h b/drivers/s390/crypto/pkey_base.h
index f714d42969b6..560106cbd450 100644
--- a/drivers/s390/crypto/pkey_base.h
+++ b/drivers/s390/crypto/pkey_base.h
@@ -97,12 +97,12 @@ int pkey_cca_key2protkey(u16 card, u16 dom,
int pkey_cca_gen_key(u16 card, u16 dom,
u32 keytype, u32 keysubtype,
u32 keybitsize, u32 flags,
- u8 *keybuf, u32 *keybuflen);
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);
int pkey_cca_clr2key(u16 card, u16 dom,
u32 keytype, u32 keysubtype,
u32 keybitsize, u32 flags,
const u8 *clrkey, u32 clrkeylen,
- u8 *keybuf, u32 *keybuflen);
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);
int pkey_cca_verifykey(const u8 *key, u32 keylen,
u16 *card, u16 *dom,
u32 *keytype, u32 *keybitsize, u32 *flags);
@@ -124,12 +124,12 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
int pkey_ep11_gen_key(u16 card, u16 dom,
u32 keytype, u32 keysubtype,
u32 keybitsize, u32 flags,
- u8 *keybuf, u32 *keybuflen);
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);
int pkey_ep11_clr2key(u16 card, u16 dom,
u32 keytype, u32 keysubtype,
u32 keybitsize, u32 flags,
const u8 *clrkey, u32 clrkeylen,
- u8 *keybuf, u32 *keybuflen);
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);
int pkey_ep11_verifykey(const u8 *key, u32 keylen,
u16 *card, u16 *dom,
u32 *keytype, u32 *keybitsize, u32 *flags);
@@ -144,14 +144,21 @@ int pkey_ep11_apqns4type(enum pkey_key_type ktype,
*/
bool pkey_is_pckmo_key(const u8 *key, u32 keylen);
-int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,
+int pkey_pckmo_key2protkey(u16 _card, u16 _dom,
+ const u8 *key, u32 keylen,
u8 *protkey, u32 *protkeylen, u32 *protkeytype);
-int pkey_pckmo_gen_protkey(u32 keytype,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype);
-int pkey_pckmo_clr2protkey(u32 keytype, const u8 *clrkey,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype);
-int pkey_pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
- u32 protkeytype);
+int pkey_pckmo_gen_key(u16 _card, u16 _dom,
+ u32 keytype, u32 _keysubtype,
+ u32 _keybitsize, u32 _flags,
+ u8 *keybuf, u32 *keybuflen, u32 *keyinfo);
+int pkey_pckmo_clr2key(u16 _card, u16 _dom,
+ u32 keytype, u32 _keysubtype,
+ u32 _keybitsize, u32 _flags,
+ const u8 *clrkey, u32 clrkeylen,
+ u8 *keybuf, u32 *keybuflen, u32 *keyinfo);
+int pkey_pckmo_verifykey(const u8 *key, u32 keylen,
+ u16 *_card, u16 *_dom,
+ u32 *keytype, u32 *_keybitsize, u32 *_flags);
/*
* pkey_sysfs.c:
diff --git a/drivers/s390/crypto/pkey_cca.c b/drivers/s390/crypto/pkey_cca.c
index 65e520d7a864..1bf9019ec561 100644
--- a/drivers/s390/crypto/pkey_cca.c
+++ b/drivers/s390/crypto/pkey_cca.c
@@ -112,7 +112,7 @@ int pkey_cca_key2protkey(u16 card, u16 dom,
int pkey_cca_gen_key(u16 card, u16 dom,
u32 keytype, u32 subtype,
u32 keybitsize, u32 flags,
- u8 *keybuf, u32 *keybuflen)
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)
{
int len, rc;
@@ -173,7 +173,7 @@ int pkey_cca_clr2key(u16 card, u16 dom,
u32 keytype, u32 subtype,
u32 keybitsize, u32 flags,
const u8 *clrkey, u32 clrkeylen,
- u8 *keybuf, u32 *keybuflen)
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)
{
int len, rc;
diff --git a/drivers/s390/crypto/pkey_ep11.c b/drivers/s390/crypto/pkey_ep11.c
index fdc9de43a6c1..4c49e07ece74 100644
--- a/drivers/s390/crypto/pkey_ep11.c
+++ b/drivers/s390/crypto/pkey_ep11.c
@@ -71,8 +71,7 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
3, key, keylen, 1))
return -EINVAL;
rc = ep11_kblob2protkey(card, dom, key, hdr->len,
- protkey, protkeylen,
- protkeytype);
+ protkey, protkeylen, protkeytype);
} else if (hdr->type == TOKTYPE_NON_CCA &&
hdr->version == TOKVER_EP11_ECC_WITH_HEADER &&
is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
@@ -81,8 +80,7 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
3, key, keylen, 1))
return -EINVAL;
rc = ep11_kblob2protkey(card, dom, key, hdr->len,
- protkey, protkeylen,
- protkeytype);
+ protkey, protkeylen, protkeytype);
} else if (hdr->type == TOKTYPE_NON_CCA &&
hdr->version == TOKVER_EP11_AES &&
is_ep11_keyblob(key)) {
@@ -90,8 +88,7 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
if (ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1))
return -EINVAL;
rc = ep11_kblob2protkey(card, dom, key, hdr->len,
- protkey, protkeylen,
- protkeytype);
+ protkey, protkeylen, protkeytype);
} else {
PKEY_DBF_ERR("%s unknown/unsupported blob type %d version %d\n",
__func__, hdr->type, hdr->version);
@@ -114,7 +111,7 @@ int pkey_ep11_key2protkey(u16 card, u16 dom,
int pkey_ep11_gen_key(u16 card, u16 dom,
u32 keytype, u32 subtype,
u32 keybitsize, u32 flags,
- u8 *keybuf, u32 *keybuflen)
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)
{
int len, rc;
@@ -171,7 +168,7 @@ int pkey_ep11_clr2key(u16 card, u16 dom,
u32 keytype, u32 subtype,
u32 keybitsize, u32 flags,
const u8 *clrkey, u32 clrkeylen,
- u8 *keybuf, u32 *keybuflen)
+ u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)
{
int len, rc;
diff --git a/drivers/s390/crypto/pkey_pckmo.c b/drivers/s390/crypto/pkey_pckmo.c
index 30a9d2f64853..d2c2c61f449b 100644
--- a/drivers/s390/crypto/pkey_pckmo.c
+++ b/drivers/s390/crypto/pkey_pckmo.c
@@ -18,10 +18,67 @@
#include "pkey_base.h"
/*
- * Check key blob for known and supported here.
+ * Prototypes
*/
+
+static bool is_pckmo_key(const u8 *key, u32 keylen);
+static int pckmo_key2protkey(const u8 *key, u32 keylen,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+static int pckmo_gen_protkey(u32 keytype,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+static int pckmo_clr2protkey(u32 keytype, const u8 *clrkey, u32 clrkeylen,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+static int pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
+ u32 protkeytype);
+
+/*
+ * Wrapper functions
+ */
+
bool pkey_is_pckmo_key(const u8 *key, u32 keylen)
{
+ return is_pckmo_key(key, keylen);
+}
+
+int pkey_pckmo_key2protkey(u16 _card, u16 _dom,
+ const u8 *key, u32 keylen,
+ u8 *protkey, u32 *protkeylen, u32 *keyinfo)
+{
+ return pckmo_key2protkey(key, keylen,
+ protkey, protkeylen, keyinfo);
+}
+
+int pkey_pckmo_gen_key(u16 _card, u16 _dom,
+ u32 keytype, u32 _keysubtype,
+ u32 _keybitsize, u32 _flags,
+ u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
+{
+ return pckmo_gen_protkey(keytype,
+ keybuf, keybuflen, keyinfo);
+}
+
+int pkey_pckmo_clr2key(u16 _card, u16 _dom,
+ u32 keytype, u32 _keysubtype,
+ u32 _keybitsize, u32 _flags,
+ const u8 *clrkey, u32 clrkeylen,
+ u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
+{
+ return pckmo_clr2protkey(keytype, clrkey, clrkeylen,
+ keybuf, keybuflen, keyinfo);
+}
+
+int pkey_pckmo_verifykey(const u8 *key, u32 keylen,
+ u16 *_card, u16 *_dom,
+ u32 *keytype, u32 *_keybitsize, u32 *_flags)
+{
+ return pckmo_verify_protkey(key, keylen, *keytype);
+}
+
+/*
+ * Check key blob for known and supported here.
+ */
+static bool is_pckmo_key(const u8 *key, u32 keylen)
+{
struct keytoken_header *hdr = (struct keytoken_header *)key;
struct clearkeytoken *t = (struct clearkeytoken *)key;
@@ -55,8 +112,8 @@ bool pkey_is_pckmo_key(const u8 *key, u32 keylen)
}
}
-int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype)
+static int pckmo_key2protkey(const u8 *key, u32 keylen,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype)
{
struct keytoken_header *hdr = (struct keytoken_header *)key;
int rc = -EINVAL;
@@ -73,8 +130,7 @@ int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,
if (keylen != sizeof(struct protaeskeytoken))
goto out;
t = (struct protaeskeytoken *)key;
- rc = pkey_pckmo_verify_protkey(t->protkey, t->len,
- t->keytype);
+ rc = pckmo_verify_protkey(t->protkey, t->len, t->keytype);
if (rc)
goto out;
memcpy(protkey, t->protkey, t->len);
@@ -123,8 +179,8 @@ int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,
__func__, t->len);
goto out;
}
- rc = pkey_pckmo_clr2protkey(t->keytype, t->clearkey,
- protkey, protkeylen, protkeytype);
+ rc = pckmo_clr2protkey(t->keytype, t->clearkey, t->len,
+ protkey, protkeylen, protkeytype);
break;
}
default:
@@ -143,8 +199,8 @@ out:
* Currently only the generation of AES protected keys
* is supported.
*/
-int pkey_pckmo_gen_protkey(u32 keytype, u8 *protkey,
- u32 *protkeylen, u32 *protkeytype)
+static int pckmo_gen_protkey(u32 keytype, u8 *protkey,
+ u32 *protkeylen, u32 *protkeytype)
{
u8 clrkey[32];
int keysize;
@@ -161,8 +217,8 @@ int pkey_pckmo_gen_protkey(u32 keytype, u8 *protkey,
get_random_bytes(clrkey, keysize);
/* convert it to a dummy protected key */
- rc = pkey_pckmo_clr2protkey(keytype, clrkey,
- protkey, protkeylen, protkeytype);
+ rc = pckmo_clr2protkey(keytype, clrkey, keysize,
+ protkey, protkeylen, protkeytype);
if (rc)
goto out;
@@ -177,8 +233,8 @@ out:
/*
* Create a protected key from a clear key value via PCKMO instruction.
*/
-int pkey_pckmo_clr2protkey(u32 keytype, const u8 *clrkey,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype)
+static int pckmo_clr2protkey(u32 keytype, const u8 *clrkey, u32 clrkeylen,
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype)
{
/* mask of available pckmo subfunctions */
static cpacf_mask_t pckmo_functions;
@@ -243,6 +299,11 @@ int pkey_pckmo_clr2protkey(u32 keytype, const u8 *clrkey,
goto out;
}
+ if (clrkeylen && clrkeylen < keysize) {
+ PKEY_DBF_ERR("%s clear key size too small: %u < %d\n",
+ __func__, clrkeylen, keysize);
+ goto out;
+ }
if (*protkeylen < keysize + AES_WK_VP_SIZE) {
PKEY_DBF_ERR("%s prot key buffer size too small: %u < %d\n",
__func__, *protkeylen, keysize + AES_WK_VP_SIZE);
@@ -288,8 +349,8 @@ out:
* Verify a protected key blob.
* Currently only AES protected keys are supported.
*/
-int pkey_pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
- u32 protkeytype)
+static int pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
+ u32 protkeytype)
{
struct {
u8 iv[AES_BLOCK_SIZE];
diff --git a/drivers/s390/crypto/pkey_sysfs.c b/drivers/s390/crypto/pkey_sysfs.c
index 727293fbf331..684f87d6e9f1 100644
--- a/drivers/s390/crypto/pkey_sysfs.c
+++ b/drivers/s390/crypto/pkey_sysfs.c
@@ -42,9 +42,10 @@ static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
protkeytoken.keytype = keytype;
protkey.len = sizeof(protkey.protkey);
- rc = pkey_pckmo_gen_protkey(protkeytoken.keytype,
- protkey.protkey, &protkey.len,
- &protkey.type);
+ rc = pkey_pckmo_gen_key(0, 0,
+ protkeytoken.keytype, 0, 0, 0,
+ protkey.protkey, &protkey.len,
+ &protkey.type);
if (rc)
return rc;
@@ -56,9 +57,10 @@ static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
if (is_xts) {
/* xts needs a second protected key, reuse protkey struct */
protkey.len = sizeof(protkey.protkey);
- rc = pkey_pckmo_gen_protkey(protkeytoken.keytype,
- protkey.protkey, &protkey.len,
- &protkey.type);
+ rc = pkey_pckmo_gen_key(0, 0,
+ protkeytoken.keytype, 0, 0, 0,
+ protkey.protkey, &protkey.len,
+ &protkey.type);
if (rc)
return rc;
@@ -154,6 +156,7 @@ static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
loff_t off, size_t count)
{
struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
+ u32 buflen;
int rc;
if (off != 0 || count < sizeof(struct secaeskeytoken))
@@ -162,13 +165,19 @@ static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
if (count < 2 * sizeof(struct secaeskeytoken))
return -EINVAL;
- rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
+ buflen = sizeof(seckey->seckey);
+ rc = pkey_cca_gen_key(-1, -1, keytype,
+ PKEY_TYPE_CCA_DATA, 0, 0,
+ seckey->seckey, &buflen, NULL);
if (rc)
return rc;
if (is_xts) {
seckey++;
- rc = cca_genseckey(-1, -1, keytype, seckey->seckey);
+ buflen = sizeof(seckey->seckey);
+ rc = pkey_cca_gen_key(-1, -1, keytype,
+ PKEY_TYPE_CCA_DATA, 0, 0,
+ seckey->seckey, &buflen, NULL);
if (rc)
return rc;
@@ -261,8 +270,9 @@ static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
size_t count)
{
u32 keysize = CCACIPHERTOKENSIZE;
- u32 nr_apqns, *apqns = NULL;
+ struct pkey_apqn *apqns = NULL;
int i, rc, card, dom;
+ size_t nr_apqns;
if (off != 0 || count < CCACIPHERTOKENSIZE)
return -EINVAL;
@@ -270,33 +280,51 @@ static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
if (count < 2 * CCACIPHERTOKENSIZE)
return -EINVAL;
+ nr_apqns = MAXAPQNSINLIST;
+ apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL);
+ if (!apqns)
+ return -ENOMEM;
+
/* build a list of apqns able to generate an cipher key */
- rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
- ZCRYPT_CEX6, 0, 0, 0, 0);
- if (rc)
+ rc = pkey_cca_apqns4type(PKEY_TYPE_CCA_CIPHER,
+ NULL, NULL, 0,
+ apqns, &nr_apqns);
+ if (rc) {
+ kfree(apqns);
return rc;
+ }
memset(buf, 0, is_xts ? 2 * keysize : keysize);
/* simple try all apqns from the list */
- for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
- card = apqns[i] >> 16;
- dom = apqns[i] & 0xFFFF;
- rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
- if (rc == 0)
- break;
+ for (i = 0, rc = -ENODEV; rc && i < nr_apqns; i++) {
+ card = apqns[i].card;
+ dom = apqns[i].domain;
+ rc = pkey_cca_gen_key(card, dom,
+ pkey_aes_bitsize_to_keytype(keybits),
+ PKEY_TYPE_CCA_CIPHER, keybits, 0,
+ buf, &keysize, NULL);
}
- if (rc)
+ if (rc) {
+ kfree(apqns);
return rc;
+ }
if (is_xts) {
keysize = CCACIPHERTOKENSIZE;
buf += CCACIPHERTOKENSIZE;
- rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);
- if (rc == 0)
- return 2 * CCACIPHERTOKENSIZE;
+ rc = pkey_cca_gen_key(card, dom,
+ pkey_aes_bitsize_to_keytype(keybits),
+ PKEY_TYPE_CCA_CIPHER, keybits, 0,
+ buf, &keysize, NULL);
+ kfree(apqns);
+ if (rc)
+ return rc;
+ return 2 * CCACIPHERTOKENSIZE;
}
+ kfree(apqns);
+
return CCACIPHERTOKENSIZE;
}
@@ -384,8 +412,9 @@ static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
size_t count)
{
u32 keysize = MAXEP11AESKEYBLOBSIZE;
- u32 nr_apqns, *apqns = NULL;
+ struct pkey_apqn *apqns = NULL;
int i, rc, card, dom;
+ size_t nr_apqns;
if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
return -EINVAL;
@@ -393,37 +422,51 @@ static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
if (count < 2 * MAXEP11AESKEYBLOBSIZE)
return -EINVAL;
- /* build a list of apqns able to generate an cipher key */
- rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,
- ZCRYPT_CEX7,
- ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4,
- NULL);
- if (rc)
+ nr_apqns = MAXAPQNSINLIST;
+ apqns = kmalloc_array(nr_apqns, sizeof(struct pkey_apqn), GFP_KERNEL);
+ if (!apqns)
+ return -ENOMEM;
+
+ /* build a list of apqns able to generate an EP11 AES key */
+ rc = pkey_ep11_apqns4type(PKEY_TYPE_EP11_AES,
+ NULL, NULL, 0,
+ apqns, &nr_apqns);
+ if (rc) {
+ kfree(apqns);
return rc;
+ }
memset(buf, 0, is_xts ? 2 * keysize : keysize);
/* simple try all apqns from the list */
- for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
- card = apqns[i] >> 16;
- dom = apqns[i] & 0xFFFF;
- rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize,
- PKEY_TYPE_EP11_AES);
- if (rc == 0)
- break;
+ for (i = 0, rc = -ENODEV; rc && i < nr_apqns; i++) {
+ card = apqns[i].card;
+ dom = apqns[i].domain;
+ rc = pkey_ep11_gen_key(card, dom,
+ pkey_aes_bitsize_to_keytype(keybits),
+ PKEY_TYPE_EP11_AES, keybits, 0,
+ buf, &keysize, NULL);
}
- if (rc)
+ if (rc) {
+ kfree(apqns);
return rc;
+ }
if (is_xts) {
keysize = MAXEP11AESKEYBLOBSIZE;
buf += MAXEP11AESKEYBLOBSIZE;
- rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize,
- PKEY_TYPE_EP11_AES);
- if (rc == 0)
- return 2 * MAXEP11AESKEYBLOBSIZE;
+ rc = pkey_ep11_gen_key(card, dom,
+ pkey_aes_bitsize_to_keytype(keybits),
+ PKEY_TYPE_EP11_AES, keybits, 0,
+ buf, &keysize, NULL);
+ kfree(apqns);
+ if (rc)
+ return rc;
+ return 2 * MAXEP11AESKEYBLOBSIZE;
}
+ kfree(apqns);
+
return MAXEP11AESKEYBLOBSIZE;
}
generated by cgit (git 2.34.1) at 2025-10-31 19:56:53 +0000