1 // SPDX-License-Identifier: GPL-2.0
3 * pkey pckmo specific code
5 * Copyright IBM Corp. 2024
8 #define KMSG_COMPONENT "pkey"
9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/cpufeature.h>
14 #include <asm/cpacf.h>
15 #include <crypto/aes.h>
16 #include <linux/random.h>
18 #include "zcrypt_ccamisc.h"
19 #include "pkey_base.h"
21 MODULE_LICENSE("GPL");
22 MODULE_AUTHOR("IBM Corporation");
23 MODULE_DESCRIPTION("s390 protected key PCKMO handler");
26 * Check key blob for known and supported here.
28 static bool is_pckmo_key(const u8 *key, u32 keylen)
30 struct keytoken_header *hdr = (struct keytoken_header *)key;
31 struct clearkeytoken *t = (struct clearkeytoken *)key;
33 if (keylen < sizeof(*hdr))
38 switch (hdr->version) {
39 case TOKVER_CLEAR_KEY:
40 if (pkey_keytype_to_size(t->keytype))
43 case TOKVER_PROTECTED_KEY:
53 static bool is_pckmo_keytype(enum pkey_key_type keytype)
56 case PKEY_TYPE_PROTKEY:
64 * Create a protected key from a clear key value via PCKMO instruction.
66 static int pckmo_clr2protkey(u32 keytype, const u8 *clrkey, u32 clrkeylen,
67 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
69 /* mask of available pckmo subfunctions */
70 static cpacf_mask_t pckmo_functions;
72 int keysize, rc = -EINVAL;
78 case PKEY_KEYTYPE_AES_128:
79 fc = CPACF_PCKMO_ENC_AES_128_KEY;
81 case PKEY_KEYTYPE_AES_192:
82 fc = CPACF_PCKMO_ENC_AES_192_KEY;
84 case PKEY_KEYTYPE_AES_256:
85 fc = CPACF_PCKMO_ENC_AES_256_KEY;
87 case PKEY_KEYTYPE_ECC_P256:
88 pkeytype = PKEY_KEYTYPE_ECC;
89 fc = CPACF_PCKMO_ENC_ECC_P256_KEY;
91 case PKEY_KEYTYPE_ECC_P384:
92 pkeytype = PKEY_KEYTYPE_ECC;
93 fc = CPACF_PCKMO_ENC_ECC_P384_KEY;
95 case PKEY_KEYTYPE_ECC_P521:
96 pkeytype = PKEY_KEYTYPE_ECC;
97 fc = CPACF_PCKMO_ENC_ECC_P521_KEY;
99 case PKEY_KEYTYPE_ECC_ED25519:
100 pkeytype = PKEY_KEYTYPE_ECC;
101 fc = CPACF_PCKMO_ENC_ECC_ED25519_KEY;
103 case PKEY_KEYTYPE_ECC_ED448:
104 pkeytype = PKEY_KEYTYPE_ECC;
105 fc = CPACF_PCKMO_ENC_ECC_ED448_KEY;
107 case PKEY_KEYTYPE_AES_XTS_128:
108 fc = CPACF_PCKMO_ENC_AES_XTS_128_DOUBLE_KEY;
110 case PKEY_KEYTYPE_AES_XTS_256:
111 fc = CPACF_PCKMO_ENC_AES_XTS_256_DOUBLE_KEY;
113 case PKEY_KEYTYPE_HMAC_512:
114 fc = CPACF_PCKMO_ENC_HMAC_512_KEY;
116 case PKEY_KEYTYPE_HMAC_1024:
117 fc = CPACF_PCKMO_ENC_HMAC_1024_KEY;
120 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n",
125 keysize = pkey_keytype_to_size(keytype);
126 pkeytype = pkeytype ?: keytype;
128 if (clrkeylen && clrkeylen < keysize) {
129 PKEY_DBF_ERR("%s clear key size too small: %u < %d\n",
130 __func__, clrkeylen, keysize);
133 if (*protkeylen < keysize + AES_WK_VP_SIZE) {
134 PKEY_DBF_ERR("%s prot key buffer size too small: %u < %d\n",
135 __func__, *protkeylen, keysize + AES_WK_VP_SIZE);
139 /* Did we already check for PCKMO ? */
140 if (!pckmo_functions.bytes[0]) {
141 /* no, so check now */
142 if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) {
143 PKEY_DBF_ERR("%s cpacf_query() failed\n", __func__);
148 /* check for the pckmo subfunction we need now */
149 if (!cpacf_test_func(&pckmo_functions, fc)) {
150 PKEY_DBF_ERR("%s pckmo fc 0x%02x not available\n",
156 /* prepare param block */
157 memset(paramblock, 0, sizeof(paramblock));
158 memcpy(paramblock, clrkey, keysize);
160 /* call the pckmo instruction */
161 cpacf_pckmo(fc, paramblock);
163 /* copy created protected key to key buffer including the wkvp block */
164 *protkeylen = keysize + AES_WK_VP_SIZE;
165 memcpy(protkey, paramblock, *protkeylen);
166 *protkeytype = pkeytype;
171 pr_debug("rc=%d\n", rc);
176 * Verify a raw protected key blob.
178 static int pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,
181 u8 clrkey[16] = { 0 }, tmpkeybuf[16 + AES_WK_VP_SIZE];
182 u32 tmpkeybuflen, tmpkeytype;
183 int keysize, rc = -EINVAL;
186 /* check protkey type and size */
187 keysize = pkey_keytype_to_size(protkeytype);
189 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", __func__,
193 if (protkeylen < keysize + AES_WK_VP_SIZE)
196 /* generate a dummy AES 128 protected key */
197 tmpkeybuflen = sizeof(tmpkeybuf);
198 rc = pckmo_clr2protkey(PKEY_KEYTYPE_AES_128,
199 clrkey, sizeof(clrkey),
200 tmpkeybuf, &tmpkeybuflen, &tmpkeytype);
203 memzero_explicit(tmpkeybuf, 16);
204 wkvp = tmpkeybuf + 16;
206 /* compare WK VP from the temp key with that of the given prot key */
207 if (memcmp(wkvp, protkey + keysize, AES_WK_VP_SIZE)) {
208 PKEY_DBF_ERR("%s protected key WK VP mismatch\n", __func__);
214 pr_debug("rc=%d\n", rc);
218 static int pckmo_key2protkey(const u8 *key, u32 keylen,
219 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
221 struct keytoken_header *hdr = (struct keytoken_header *)key;
224 if (keylen < sizeof(*hdr))
226 if (hdr->type != TOKTYPE_NON_CCA)
229 switch (hdr->version) {
230 case TOKVER_PROTECTED_KEY: {
231 struct protkeytoken *t = (struct protkeytoken *)key;
234 if (keylen < sizeof(*t))
236 keysize = pkey_keytype_to_size(t->keytype);
238 PKEY_DBF_ERR("%s protected key token: unknown keytype %u\n",
239 __func__, t->keytype);
242 switch (t->keytype) {
243 case PKEY_KEYTYPE_AES_128:
244 case PKEY_KEYTYPE_AES_192:
245 case PKEY_KEYTYPE_AES_256:
246 if (t->len != keysize + AES_WK_VP_SIZE ||
247 keylen < sizeof(struct protaeskeytoken))
249 rc = pckmo_verify_protkey(t->protkey, t->len,
255 if (t->len != keysize + AES_WK_VP_SIZE ||
256 keylen < sizeof(*t) + keysize + AES_WK_VP_SIZE)
260 memcpy(protkey, t->protkey, t->len);
261 *protkeylen = t->len;
262 *protkeytype = t->keytype;
266 case TOKVER_CLEAR_KEY: {
267 struct clearkeytoken *t = (struct clearkeytoken *)key;
270 if (keylen < sizeof(*t) ||
271 keylen < sizeof(*t) + t->len)
273 keysize = pkey_keytype_to_size(t->keytype);
275 PKEY_DBF_ERR("%s clear key token: unknown keytype %u\n",
276 __func__, t->keytype);
279 if (t->len != keysize) {
280 PKEY_DBF_ERR("%s clear key token: invalid key len %u\n",
284 rc = pckmo_clr2protkey(t->keytype, t->clearkey, t->len,
285 protkey, protkeylen, protkeytype);
289 PKEY_DBF_ERR("%s unknown non-CCA token version %d\n",
290 __func__, hdr->version);
295 pr_debug("rc=%d\n", rc);
300 * Generate a random protected key.
302 static int pckmo_gen_protkey(u32 keytype, u32 subtype,
303 u8 *protkey, u32 *protkeylen, u32 *protkeytype)
309 keysize = pkey_keytype_to_size(keytype);
311 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",
315 if (subtype != PKEY_TYPE_PROTKEY) {
316 PKEY_DBF_ERR("%s unknown/unsupported subtype %d\n",
322 case PKEY_KEYTYPE_AES_128:
323 case PKEY_KEYTYPE_AES_192:
324 case PKEY_KEYTYPE_AES_256:
325 case PKEY_KEYTYPE_AES_XTS_128:
326 case PKEY_KEYTYPE_AES_XTS_256:
327 case PKEY_KEYTYPE_HMAC_512:
328 case PKEY_KEYTYPE_HMAC_1024:
331 PKEY_DBF_ERR("%s unsupported keytype %d\n",
336 /* generate a dummy random clear key */
337 get_random_bytes(clrkey, keysize);
339 /* convert it to a dummy protected key */
340 rc = pckmo_clr2protkey(keytype, clrkey, keysize,
341 protkey, protkeylen, protkeytype);
345 /* replace the key part of the protected key with random bytes */
346 get_random_bytes(protkey, keysize);
349 pr_debug("rc=%d\n", rc);
354 * Verify a protected key token blob.
356 static int pckmo_verify_key(const u8 *key, u32 keylen)
358 struct keytoken_header *hdr = (struct keytoken_header *)key;
361 if (keylen < sizeof(*hdr))
363 if (hdr->type != TOKTYPE_NON_CCA)
366 switch (hdr->version) {
367 case TOKVER_PROTECTED_KEY: {
368 struct protkeytoken *t = (struct protkeytoken *)key;
371 if (keylen < sizeof(*t))
373 keysize = pkey_keytype_to_size(t->keytype);
374 if (!keysize || t->len != keysize + AES_WK_VP_SIZE)
376 switch (t->keytype) {
377 case PKEY_KEYTYPE_AES_128:
378 case PKEY_KEYTYPE_AES_192:
379 case PKEY_KEYTYPE_AES_256:
380 if (keylen < sizeof(struct protaeskeytoken))
384 if (keylen < sizeof(*t) + keysize + AES_WK_VP_SIZE)
388 rc = pckmo_verify_protkey(t->protkey, t->len, t->keytype);
392 PKEY_DBF_ERR("%s unknown non-CCA token version %d\n",
393 __func__, hdr->version);
398 pr_debug("rc=%d\n", rc);
403 * Wrapper functions used for the pkey handler struct
406 static int pkey_pckmo_key2protkey(const struct pkey_apqn *_apqns,
408 const u8 *key, u32 keylen,
409 u8 *protkey, u32 *protkeylen, u32 *keyinfo)
411 return pckmo_key2protkey(key, keylen,
412 protkey, protkeylen, keyinfo);
415 static int pkey_pckmo_gen_key(const struct pkey_apqn *_apqns, size_t _nr_apqns,
416 u32 keytype, u32 keysubtype,
417 u32 _keybitsize, u32 _flags,
418 u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
420 return pckmo_gen_protkey(keytype, keysubtype,
421 keybuf, keybuflen, keyinfo);
424 static int pkey_pckmo_verifykey(const u8 *key, u32 keylen,
425 u16 *_card, u16 *_dom,
426 u32 *_keytype, u32 *_keybitsize, u32 *_flags)
428 return pckmo_verify_key(key, keylen);
431 static struct pkey_handler pckmo_handler = {
432 .module = THIS_MODULE,
433 .name = "PKEY PCKMO handler",
434 .is_supported_key = is_pckmo_key,
435 .is_supported_keytype = is_pckmo_keytype,
436 .key_to_protkey = pkey_pckmo_key2protkey,
437 .gen_key = pkey_pckmo_gen_key,
438 .verify_key = pkey_pckmo_verifykey,
444 static int __init pkey_pckmo_init(void)
446 cpacf_mask_t func_mask;
449 * The pckmo instruction should be available - even if we don't
450 * actually invoke it. This instruction comes with MSA 3 which
451 * is also the minimum level for the kmc instructions which
452 * are able to work with protected keys.
454 if (!cpacf_query(CPACF_PCKMO, &func_mask))
457 /* register this module as pkey handler for all the pckmo stuff */
458 return pkey_handler_register(&pckmo_handler);
464 static void __exit pkey_pckmo_exit(void)
466 /* unregister this module as pkey handler */
467 pkey_handler_unregister(&pckmo_handler);
470 module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_pckmo_init);
471 module_exit(pkey_pckmo_exit);
projects / J-linux.git / blob