drivers/s390/crypto/pkey_sysfs.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  *  pkey module sysfs related functions
   4  *
   5  *  Copyright IBM Corp. 2024
   6  */
   7
   8 #define KMSG_COMPONENT "pkey"
   9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
  10
  11 #include <linux/sysfs.h>
  12
  13 #include "zcrypt_ccamisc.h"
  14 #include "zcrypt_ep11misc.h"
  15
  16 #include "pkey_base.h"
  17
  18 /*
  19  * Wrapper around pkey_handler_gen_key() which deals with the
  20  * ENODEV return code and then tries to enforce a pkey handler
  21  * module load.
  22  */
  23 static int sys_pkey_handler_gen_key(u32 keytype, u32 keysubtype,
  24                                     u32 keybitsize, u32 flags,
  25                                     u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
  26 {
  27         int rc;
  28
  29         rc = pkey_handler_gen_key(NULL, 0,
  30                                   keytype, keysubtype,
  31                                   keybitsize, flags,
  32                                   keybuf, keybuflen, keyinfo);
  33         if (rc == -ENODEV) {
  34                 pkey_handler_request_modules();
  35                 rc = pkey_handler_gen_key(NULL, 0,
  36                                           keytype, keysubtype,
  37                                           keybitsize, flags,
  38                                           keybuf, keybuflen, keyinfo);
  39         }
  40
  41         return rc;
  42 }
  43
  44 /*
  45  * Sysfs attribute read function for all protected key binary attributes.
  46  * The implementation can not deal with partial reads, because a new random
  47  * protected key blob is generated with each read. In case of partial reads
  48  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
  49  */
  50 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
  51                                           loff_t off, size_t count)
  52 {
  53         struct protaeskeytoken protkeytoken;
  54         struct pkey_protkey protkey;
  55         int rc;
  56
  57         if (off != 0 || count < sizeof(protkeytoken))
  58                 return -EINVAL;
  59         if (is_xts)
  60                 if (count < 2 * sizeof(protkeytoken))
  61                         return -EINVAL;
  62
  63         memset(&protkeytoken, 0, sizeof(protkeytoken));
  64         protkeytoken.type = TOKTYPE_NON_CCA;
  65         protkeytoken.version = TOKVER_PROTECTED_KEY;
  66         protkeytoken.keytype = keytype;
  67
  68         protkey.len = sizeof(protkey.protkey);
  69         rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
  70                                       protkey.protkey, &protkey.len,
  71                                       &protkey.type);
  72         if (rc)
  73                 return rc;
  74
  75         protkeytoken.len = protkey.len;
  76         memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
  77
  78         memcpy(buf, &protkeytoken, sizeof(protkeytoken));
  79
  80         if (is_xts) {
  81                 /* xts needs a second protected key, reuse protkey struct */
  82                 protkey.len = sizeof(protkey.protkey);
  83                 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
  84                                               protkey.protkey, &protkey.len,
  85                                               &protkey.type);
  86                 if (rc)
  87                         return rc;
  88
  89                 protkeytoken.len = protkey.len;
  90                 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
  91
  92                 memcpy(buf + sizeof(protkeytoken), &protkeytoken,
  93                        sizeof(protkeytoken));
  94
  95                 return 2 * sizeof(protkeytoken);
  96         }
  97
  98         return sizeof(protkeytoken);
  99 }
 100
 101 /*
 102  * Sysfs attribute read function for the AES XTS prot key binary attributes.
 103  * The implementation can not deal with partial reads, because a new random
 104  * protected key blob is generated with each read. In case of partial reads
 105  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
 106  */
 107 static ssize_t pkey_protkey_aes_xts_attr_read(u32 keytype, char *buf,
 108                                               loff_t off, size_t count)
 109 {
 110         struct protkeytoken *t = (struct protkeytoken *)buf;
 111         u32 protlen, prottype;
 112         int rc;
 113
 114         switch (keytype) {
 115         case PKEY_KEYTYPE_AES_XTS_128:
 116                 protlen = 64;
 117                 break;
 118         case PKEY_KEYTYPE_AES_XTS_256:
 119                 protlen = 96;
 120                 break;
 121         default:
 122                 return -EINVAL;
 123         }
 124
 125         if (off != 0 || count < sizeof(*t) + protlen)
 126                 return -EINVAL;
 127
 128         memset(t, 0, sizeof(*t) + protlen);
 129         t->type = TOKTYPE_NON_CCA;
 130         t->version = TOKVER_PROTECTED_KEY;
 131         t->keytype = keytype;
 132
 133         rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
 134                                       t->protkey, &protlen, &prottype);
 135         if (rc)
 136                 return rc;
 137
 138         t->len = protlen;
 139
 140         return sizeof(*t) + protlen;
 141 }
 142
 143 /*
 144  * Sysfs attribute read function for the HMAC prot key binary attributes.
 145  * The implementation can not deal with partial reads, because a new random
 146  * protected key blob is generated with each read. In case of partial reads
 147  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
 148  */
 149 static ssize_t pkey_protkey_hmac_attr_read(u32 keytype, char *buf,
 150                                            loff_t off, size_t count)
 151 {
 152         struct protkeytoken *t = (struct protkeytoken *)buf;
 153         u32 protlen, prottype;
 154         int rc;
 155
 156         switch (keytype) {
 157         case PKEY_KEYTYPE_HMAC_512:
 158                 protlen = 96;
 159                 break;
 160         case PKEY_KEYTYPE_HMAC_1024:
 161                 protlen = 160;
 162                 break;
 163         default:
 164                 return -EINVAL;
 165         }
 166
 167         if (off != 0 || count < sizeof(*t) + protlen)
 168                 return -EINVAL;
 169
 170         memset(t, 0, sizeof(*t) + protlen);
 171         t->type = TOKTYPE_NON_CCA;
 172         t->version = TOKVER_PROTECTED_KEY;
 173         t->keytype = keytype;
 174
 175         rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
 176                                       t->protkey, &protlen, &prottype);
 177         if (rc)
 178                 return rc;
 179
 180         t->len = protlen;
 181
 182         return sizeof(*t) + protlen;
 183 }
 184
 185 static ssize_t protkey_aes_128_read(struct file *filp,
 186                                     struct kobject *kobj,
 187                                     const struct bin_attribute *attr,
 188                                     char *buf, loff_t off,
 189                                     size_t count)
 190 {
 191         return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
 192                                           off, count);
 193 }
 194
 195 static ssize_t protkey_aes_192_read(struct file *filp,
 196                                     struct kobject *kobj,
 197                                     const struct bin_attribute *attr,
 198                                     char *buf, loff_t off,
 199                                     size_t count)
 200 {
 201         return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
 202                                           off, count);
 203 }
 204
 205 static ssize_t protkey_aes_256_read(struct file *filp,
 206                                     struct kobject *kobj,
 207                                     const struct bin_attribute *attr,
 208                                     char *buf, loff_t off,
 209                                     size_t count)
 210 {
 211         return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
 212                                           off, count);
 213 }
 214
 215 static ssize_t protkey_aes_128_xts_read(struct file *filp,
 216                                         struct kobject *kobj,
 217                                         const struct bin_attribute *attr,
 218                                         char *buf, loff_t off,
 219                                         size_t count)
 220 {
 221         return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
 222                                           off, count);
 223 }
 224
 225 static ssize_t protkey_aes_256_xts_read(struct file *filp,
 226                                         struct kobject *kobj,
 227                                         const struct bin_attribute *attr,
 228                                         char *buf, loff_t off,
 229                                         size_t count)
 230 {
 231         return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
 232                                           off, count);
 233 }
 234
 235 static ssize_t protkey_aes_xts_128_read(struct file *filp,
 236                                         struct kobject *kobj,
 237                                         const struct bin_attribute *attr,
 238                                         char *buf, loff_t off,
 239                                         size_t count)
 240 {
 241         return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_128,
 242                                               buf, off, count);
 243 }
 244
 245 static ssize_t protkey_aes_xts_256_read(struct file *filp,
 246                                         struct kobject *kobj,
 247                                         const struct bin_attribute *attr,
 248                                         char *buf, loff_t off,
 249                                         size_t count)
 250 {
 251         return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_256,
 252                                               buf, off, count);
 253 }
 254
 255 static ssize_t protkey_hmac_512_read(struct file *filp,
 256                                      struct kobject *kobj,
 257                                      const struct bin_attribute *attr,
 258                                      char *buf, loff_t off,
 259                                      size_t count)
 260 {
 261         return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_512,
 262                                            buf, off, count);
 263 }
 264
 265 static ssize_t protkey_hmac_1024_read(struct file *filp,
 266                                       struct kobject *kobj,
 267                                       const struct bin_attribute *attr,
 268                                       char *buf, loff_t off,
 269                                       size_t count)
 270 {
 271         return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_1024,
 272                                            buf, off, count);
 273 }
 274
 275 static const BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
 276 static const BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
 277 static const BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
 278 static const BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
 279 static const BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
 280 static const BIN_ATTR_RO(protkey_aes_xts_128, sizeof(struct protkeytoken) + 64);
 281 static const BIN_ATTR_RO(protkey_aes_xts_256, sizeof(struct protkeytoken) + 96);
 282 static const BIN_ATTR_RO(protkey_hmac_512, sizeof(struct protkeytoken) + 96);
 283 static const BIN_ATTR_RO(protkey_hmac_1024, sizeof(struct protkeytoken) + 160);
 284
 285 static const struct bin_attribute *const protkey_attrs[] = {
 286         &bin_attr_protkey_aes_128,
 287         &bin_attr_protkey_aes_192,
 288         &bin_attr_protkey_aes_256,
 289         &bin_attr_protkey_aes_128_xts,
 290         &bin_attr_protkey_aes_256_xts,
 291         &bin_attr_protkey_aes_xts_128,
 292         &bin_attr_protkey_aes_xts_256,
 293         &bin_attr_protkey_hmac_512,
 294         &bin_attr_protkey_hmac_1024,
 295         NULL
 296 };
 297
 298 static const struct attribute_group protkey_attr_group = {
 299         .name          = "protkey",
 300         .bin_attrs_new = protkey_attrs,
 301 };
 302
 303 /*
 304  * Sysfs attribute read function for all secure key ccadata binary attributes.
 305  * The implementation can not deal with partial reads, because a new random
 306  * protected key blob is generated with each read. In case of partial reads
 307  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
 308  */
 309 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
 310                                           loff_t off, size_t count)
 311 {
 312         struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
 313         u32 buflen;
 314         int rc;
 315
 316         if (off != 0 || count < sizeof(struct secaeskeytoken))
 317                 return -EINVAL;
 318         if (is_xts)
 319                 if (count < 2 * sizeof(struct secaeskeytoken))
 320                         return -EINVAL;
 321
 322         buflen = sizeof(seckey->seckey);
 323         rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
 324                                       seckey->seckey, &buflen, NULL);
 325         if (rc)
 326                 return rc;
 327
 328         if (is_xts) {
 329                 seckey++;
 330                 buflen = sizeof(seckey->seckey);
 331                 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
 332                                               seckey->seckey, &buflen, NULL);
 333                 if (rc)
 334                         return rc;
 335
 336                 return 2 * sizeof(struct secaeskeytoken);
 337         }
 338
 339         return sizeof(struct secaeskeytoken);
 340 }
 341
 342 static ssize_t ccadata_aes_128_read(struct file *filp,
 343                                     struct kobject *kobj,
 344                                     const struct bin_attribute *attr,
 345                                     char *buf, loff_t off,
 346                                     size_t count)
 347 {
 348         return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
 349                                           off, count);
 350 }
 351
 352 static ssize_t ccadata_aes_192_read(struct file *filp,
 353                                     struct kobject *kobj,
 354                                     const struct bin_attribute *attr,
 355                                     char *buf, loff_t off,
 356                                     size_t count)
 357 {
 358         return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
 359                                           off, count);
 360 }
 361
 362 static ssize_t ccadata_aes_256_read(struct file *filp,
 363                                     struct kobject *kobj,
 364                                     const struct bin_attribute *attr,
 365                                     char *buf, loff_t off,
 366                                     size_t count)
 367 {
 368         return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
 369                                           off, count);
 370 }
 371
 372 static ssize_t ccadata_aes_128_xts_read(struct file *filp,
 373                                         struct kobject *kobj,
 374                                         const struct bin_attribute *attr,
 375                                         char *buf, loff_t off,
 376                                         size_t count)
 377 {
 378         return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
 379                                           off, count);
 380 }
 381
 382 static ssize_t ccadata_aes_256_xts_read(struct file *filp,
 383                                         struct kobject *kobj,
 384                                         const struct bin_attribute *attr,
 385                                         char *buf, loff_t off,
 386                                         size_t count)
 387 {
 388         return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
 389                                           off, count);
 390 }
 391
 392 static const BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken));
 393 static const BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken));
 394 static const BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken));
 395 static const BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken));
 396 static const BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken));
 397
 398 static const struct bin_attribute *const ccadata_attrs[] = {
 399         &bin_attr_ccadata_aes_128,
 400         &bin_attr_ccadata_aes_192,
 401         &bin_attr_ccadata_aes_256,
 402         &bin_attr_ccadata_aes_128_xts,
 403         &bin_attr_ccadata_aes_256_xts,
 404         NULL
 405 };
 406
 407 static const struct attribute_group ccadata_attr_group = {
 408         .name          = "ccadata",
 409         .bin_attrs_new = ccadata_attrs,
 410 };
 411
 412 #define CCACIPHERTOKENSIZE      (sizeof(struct cipherkeytoken) + 80)
 413
 414 /*
 415  * Sysfs attribute read function for all secure key ccacipher binary attributes.
 416  * The implementation can not deal with partial reads, because a new random
 417  * secure key blob is generated with each read. In case of partial reads
 418  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
 419  */
 420 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
 421                                             bool is_xts, char *buf, loff_t off,
 422                                             size_t count)
 423 {
 424         u32 keysize = CCACIPHERTOKENSIZE;
 425         int rc;
 426
 427         if (off != 0 || count < CCACIPHERTOKENSIZE)
 428                 return -EINVAL;
 429         if (is_xts)
 430                 if (count < 2 * CCACIPHERTOKENSIZE)
 431                         return -EINVAL;
 432
 433         memset(buf, 0, is_xts ? 2 * keysize : keysize);
 434
 435         rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
 436                                       PKEY_TYPE_CCA_CIPHER, keybits, 0,
 437                                       buf, &keysize, NULL);
 438         if (rc)
 439                 return rc;
 440
 441         if (is_xts) {
 442                 keysize = CCACIPHERTOKENSIZE;
 443                 buf += CCACIPHERTOKENSIZE;
 444                 rc = sys_pkey_handler_gen_key(
 445                         pkey_aes_bitsize_to_keytype(keybits),
 446                         PKEY_TYPE_CCA_CIPHER, keybits, 0,
 447                         buf, &keysize, NULL);
 448                 if (rc)
 449                         return rc;
 450                 return 2 * CCACIPHERTOKENSIZE;
 451         }
 452
 453         return CCACIPHERTOKENSIZE;
 454 }
 455
 456 static ssize_t ccacipher_aes_128_read(struct file *filp,
 457                                       struct kobject *kobj,
 458                                       const struct bin_attribute *attr,
 459                                       char *buf, loff_t off,
 460                                       size_t count)
 461 {
 462         return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
 463                                             off, count);
 464 }
 465
 466 static ssize_t ccacipher_aes_192_read(struct file *filp,
 467                                       struct kobject *kobj,
 468                                       const struct bin_attribute *attr,
 469                                       char *buf, loff_t off,
 470                                       size_t count)
 471 {
 472         return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
 473                                             off, count);
 474 }
 475
 476 static ssize_t ccacipher_aes_256_read(struct file *filp,
 477                                       struct kobject *kobj,
 478                                       const struct bin_attribute *attr,
 479                                       char *buf, loff_t off,
 480                                       size_t count)
 481 {
 482         return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
 483                                             off, count);
 484 }
 485
 486 static ssize_t ccacipher_aes_128_xts_read(struct file *filp,
 487                                           struct kobject *kobj,
 488                                           const struct bin_attribute *attr,
 489                                           char *buf, loff_t off,
 490                                           size_t count)
 491 {
 492         return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
 493                                             off, count);
 494 }
 495
 496 static ssize_t ccacipher_aes_256_xts_read(struct file *filp,
 497                                           struct kobject *kobj,
 498                                           const struct bin_attribute *attr,
 499                                           char *buf, loff_t off,
 500                                           size_t count)
 501 {
 502         return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
 503                                             off, count);
 504 }
 505
 506 static const BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE);
 507 static const BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE);
 508 static const BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE);
 509 static const BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE);
 510 static const BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE);
 511
 512 static const struct bin_attribute *const ccacipher_attrs[] = {
 513         &bin_attr_ccacipher_aes_128,
 514         &bin_attr_ccacipher_aes_192,
 515         &bin_attr_ccacipher_aes_256,
 516         &bin_attr_ccacipher_aes_128_xts,
 517         &bin_attr_ccacipher_aes_256_xts,
 518         NULL
 519 };
 520
 521 static const struct attribute_group ccacipher_attr_group = {
 522         .name          = "ccacipher",
 523         .bin_attrs_new = ccacipher_attrs,
 524 };
 525
 526 /*
 527  * Sysfs attribute read function for all ep11 aes key binary attributes.
 528  * The implementation can not deal with partial reads, because a new random
 529  * secure key blob is generated with each read. In case of partial reads
 530  * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
 531  * This function and the sysfs attributes using it provide EP11 key blobs
 532  * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently
 533  * 336 bytes.
 534  */
 535 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
 536                                        bool is_xts, char *buf, loff_t off,
 537                                        size_t count)
 538 {
 539         u32 keysize = MAXEP11AESKEYBLOBSIZE;
 540         int rc;
 541
 542         if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
 543                 return -EINVAL;
 544         if (is_xts)
 545                 if (count < 2 * MAXEP11AESKEYBLOBSIZE)
 546                         return -EINVAL;
 547
 548         memset(buf, 0, is_xts ? 2 * keysize : keysize);
 549
 550         rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
 551                                       PKEY_TYPE_EP11_AES, keybits, 0,
 552                                       buf, &keysize, NULL);
 553         if (rc)
 554                 return rc;
 555
 556         if (is_xts) {
 557                 keysize = MAXEP11AESKEYBLOBSIZE;
 558                 buf += MAXEP11AESKEYBLOBSIZE;
 559                 rc = sys_pkey_handler_gen_key(
 560                         pkey_aes_bitsize_to_keytype(keybits),
 561                         PKEY_TYPE_EP11_AES, keybits, 0,
 562                         buf, &keysize, NULL);
 563                 if (rc)
 564                         return rc;
 565                 return 2 * MAXEP11AESKEYBLOBSIZE;
 566         }
 567
 568         return MAXEP11AESKEYBLOBSIZE;
 569 }
 570
 571 static ssize_t ep11_aes_128_read(struct file *filp,
 572                                  struct kobject *kobj,
 573                                  const struct bin_attribute *attr,
 574                                  char *buf, loff_t off,
 575                                  size_t count)
 576 {
 577         return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
 578                                        off, count);
 579 }
 580
 581 static ssize_t ep11_aes_192_read(struct file *filp,
 582                                  struct kobject *kobj,
 583                                  const struct bin_attribute *attr,
 584                                  char *buf, loff_t off,
 585                                  size_t count)
 586 {
 587         return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
 588                                        off, count);
 589 }
 590
 591 static ssize_t ep11_aes_256_read(struct file *filp,
 592                                  struct kobject *kobj,
 593                                  const struct bin_attribute *attr,
 594                                  char *buf, loff_t off,
 595                                  size_t count)
 596 {
 597         return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
 598                                        off, count);
 599 }
 600
 601 static ssize_t ep11_aes_128_xts_read(struct file *filp,
 602                                      struct kobject *kobj,
 603                                      const struct bin_attribute *attr,
 604                                      char *buf, loff_t off,
 605                                      size_t count)
 606 {
 607         return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
 608                                        off, count);
 609 }
 610
 611 static ssize_t ep11_aes_256_xts_read(struct file *filp,
 612                                      struct kobject *kobj,
 613                                      const struct bin_attribute *attr,
 614                                      char *buf, loff_t off,
 615                                      size_t count)
 616 {
 617         return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
 618                                        off, count);
 619 }
 620
 621 static const BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE);
 622 static const BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE);
 623 static const BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE);
 624 static const BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE);
 625 static const BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE);
 626
 627 static const struct bin_attribute *const ep11_attrs[] = {
 628         &bin_attr_ep11_aes_128,
 629         &bin_attr_ep11_aes_192,
 630         &bin_attr_ep11_aes_256,
 631         &bin_attr_ep11_aes_128_xts,
 632         &bin_attr_ep11_aes_256_xts,
 633         NULL
 634 };
 635
 636 static const struct attribute_group ep11_attr_group = {
 637         .name      = "ep11",
 638         .bin_attrs_new = ep11_attrs,
 639 };
 640
 641 const struct attribute_group *pkey_attr_groups[] = {
 642         &protkey_attr_group,
 643         &ccadata_attr_group,
 644         &ccacipher_attr_group,
 645         &ep11_attr_group,
 646         NULL,
 647 };