1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * DIAG 0x320 support and certificate store handling |
4 | * |
5 | * Copyright IBM Corp. 2023 |
6 | * Author(s): Anastasia Eskova <anastasia.eskova@ibm.com> |
7 | */ |
8 | |
9 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
10 | |
11 | #include <linux/delay.h> |
12 | #include <linux/device.h> |
13 | #include <linux/fs.h> |
14 | #include <linux/init.h> |
15 | #include <linux/kernel.h> |
16 | #include <linux/key-type.h> |
17 | #include <linux/key.h> |
18 | #include <linux/keyctl.h> |
19 | #include <linux/kobject.h> |
20 | #include <linux/module.h> |
21 | #include <linux/seq_file.h> |
22 | #include <linux/slab.h> |
23 | #include <linux/sysfs.h> |
24 | #include <crypto/sha2.h> |
25 | #include <keys/user-type.h> |
26 | #include <asm/debug.h> |
27 | #include <asm/diag.h> |
28 | #include <asm/ebcdic.h> |
29 | #include <asm/sclp.h> |
30 | |
31 | #define DIAG_MAX_RETRIES 10 |
32 | |
33 | #define VCE_FLAGS_VALID_MASK 0x80 |
34 | |
35 | #define ISM_LEN_DWORDS 4 |
36 | #define VCSSB_LEN_BYTES 128 |
37 | #define VCSSB_LEN_NO_CERTS 4 |
38 | #define VCB_LEN_NO_CERTS 64 |
39 | #define VC_NAME_LEN_BYTES 64 |
40 | |
41 | #define CERT_STORE_KEY_TYPE_NAME "cert_store_key" |
42 | #define CERT_STORE_KEYRING_NAME "cert_store" |
43 | |
44 | static debug_info_t *cert_store_dbf; |
45 | static debug_info_t *cert_store_hexdump; |
46 | |
47 | #define pr_dbf_msg(fmt, ...) \ |
48 | debug_sprintf_event(cert_store_dbf, 3, fmt "\n", ## __VA_ARGS__) |
49 | |
50 | enum diag320_subcode { |
51 | DIAG320_SUBCODES = 0, |
52 | DIAG320_STORAGE = 1, |
53 | DIAG320_CERT_BLOCK = 2, |
54 | }; |
55 | |
56 | enum diag320_rc { |
57 | DIAG320_RC_OK = 0x0001, |
58 | DIAG320_RC_CS_NOMATCH = 0x0306, |
59 | }; |
60 | |
61 | /* Verification Certificates Store Support Block (VCSSB). */ |
62 | struct vcssb { |
63 | u32 vcssb_length; |
64 | u8 pad_0x04[3]; |
65 | u8 version; |
66 | u8 pad_0x08[8]; |
67 | u32 cs_token; |
68 | u8 pad_0x14[12]; |
69 | u16 total_vc_index_count; |
70 | u16 max_vc_index_count; |
71 | u8 pad_0x24[28]; |
72 | u32 max_vce_length; |
73 | u32 max_vcxe_length; |
74 | u8 pad_0x48[8]; |
75 | u32 max_single_vcb_length; |
76 | u32 total_vcb_length; |
77 | u32 max_single_vcxb_length; |
78 | u32 total_vcxb_length; |
79 | u8 pad_0x60[32]; |
80 | } __packed __aligned(8); |
81 | |
82 | /* Verification Certificate Entry (VCE) Header. */ |
83 | struct { |
84 | u32 ; |
85 | u8 ; |
86 | u8 ; |
87 | u16 ; |
88 | u8 [VC_NAME_LEN_BYTES]; /* EBCDIC */ |
89 | u8 ; |
90 | u8 ; |
91 | u16 ; |
92 | u8 ; |
93 | u8 ; |
94 | u16 ; |
95 | u8 [4]; |
96 | u32 ; |
97 | u8 [8]; |
98 | u16 ; |
99 | u16 ; |
100 | u8 [28]; |
101 | } __packed __aligned(4); |
102 | |
103 | /* Verification Certificate Block (VCB) Header. */ |
104 | struct { |
105 | u32 ; |
106 | u8 [4]; |
107 | u16 ; |
108 | u16 ; |
109 | u32 ; |
110 | u32 ; |
111 | u8 [12]; |
112 | u32 ; |
113 | u8 [3]; |
114 | u8 ; |
115 | u16 ; |
116 | u16 remaining_vc_count; |
117 | u8 [20]; |
118 | } __packed __aligned(4); |
119 | |
120 | /* Verification Certificate Block (VCB). */ |
121 | struct vcb { |
122 | struct vcb_header vcb_hdr; |
123 | u8 vcb_buf[]; |
124 | } __packed __aligned(4); |
125 | |
126 | /* Verification Certificate Entry (VCE). */ |
127 | struct vce { |
128 | struct vce_header vce_hdr; |
129 | u8 cert_data_buf[]; |
130 | } __packed __aligned(4); |
131 | |
132 | static void cert_store_key_describe(const struct key *key, struct seq_file *m) |
133 | { |
134 | char ascii[VC_NAME_LEN_BYTES + 1]; |
135 | |
136 | /* |
137 | * First 64 bytes of the key description is key name in EBCDIC CP 500. |
138 | * Convert it to ASCII for displaying in /proc/keys. |
139 | */ |
140 | strscpy(p: ascii, q: key->description, size: sizeof(ascii)); |
141 | EBCASC_500(ascii, VC_NAME_LEN_BYTES); |
142 | seq_puts(m, s: ascii); |
143 | |
144 | seq_puts(m, s: &key->description[VC_NAME_LEN_BYTES]); |
145 | if (key_is_positive(key)) |
146 | seq_printf(m, fmt: ": %u" , key->datalen); |
147 | } |
148 | |
149 | /* |
150 | * Certificate store key type takes over properties of |
151 | * user key but cannot be updated. |
152 | */ |
153 | static struct key_type key_type_cert_store_key = { |
154 | .name = CERT_STORE_KEY_TYPE_NAME, |
155 | .preparse = user_preparse, |
156 | .free_preparse = user_free_preparse, |
157 | .instantiate = generic_key_instantiate, |
158 | .revoke = user_revoke, |
159 | .destroy = user_destroy, |
160 | .describe = cert_store_key_describe, |
161 | .read = user_read, |
162 | }; |
163 | |
164 | /* Logging functions. */ |
165 | static void pr_dbf_vcb(const struct vcb *b) |
166 | { |
167 | pr_dbf_msg("VCB Header:" ); |
168 | pr_dbf_msg("vcb_input_length: %d" , b->vcb_hdr.vcb_input_length); |
169 | pr_dbf_msg("first_vc_index: %d" , b->vcb_hdr.first_vc_index); |
170 | pr_dbf_msg("last_vc_index: %d" , b->vcb_hdr.last_vc_index); |
171 | pr_dbf_msg("cs_token: %d" , b->vcb_hdr.cs_token); |
172 | pr_dbf_msg("vcb_output_length: %d" , b->vcb_hdr.vcb_output_length); |
173 | pr_dbf_msg("version: %d" , b->vcb_hdr.version); |
174 | pr_dbf_msg("stored_vc_count: %d" , b->vcb_hdr.stored_vc_count); |
175 | pr_dbf_msg("remaining_vc_count: %d" , b->vcb_hdr.remaining_vc_count); |
176 | } |
177 | |
178 | static void pr_dbf_vce(const struct vce *e) |
179 | { |
180 | unsigned char vc_name[VC_NAME_LEN_BYTES + 1]; |
181 | char log_string[VC_NAME_LEN_BYTES + 40]; |
182 | |
183 | pr_dbf_msg("VCE Header:" ); |
184 | pr_dbf_msg("vce_hdr.vce_length: %d" , e->vce_hdr.vce_length); |
185 | pr_dbf_msg("vce_hdr.flags: %d" , e->vce_hdr.flags); |
186 | pr_dbf_msg("vce_hdr.key_type: %d" , e->vce_hdr.key_type); |
187 | pr_dbf_msg("vce_hdr.vc_index: %d" , e->vce_hdr.vc_index); |
188 | pr_dbf_msg("vce_hdr.vc_format: %d" , e->vce_hdr.vc_format); |
189 | pr_dbf_msg("vce_hdr.key_id_length: %d" , e->vce_hdr.key_id_length); |
190 | pr_dbf_msg("vce_hdr.vc_hash_type: %d" , e->vce_hdr.vc_hash_type); |
191 | pr_dbf_msg("vce_hdr.vc_hash_length: %d" , e->vce_hdr.vc_hash_length); |
192 | pr_dbf_msg("vce_hdr.vc_hash_offset: %d" , e->vce_hdr.vc_hash_offset); |
193 | pr_dbf_msg("vce_hdr.vc_length: %d" , e->vce_hdr.vc_length); |
194 | pr_dbf_msg("vce_hdr.vc_offset: %d" , e->vce_hdr.vc_offset); |
195 | |
196 | /* Certificate name in ASCII. */ |
197 | memcpy(vc_name, e->vce_hdr.vc_name, VC_NAME_LEN_BYTES); |
198 | EBCASC_500(vc_name, VC_NAME_LEN_BYTES); |
199 | vc_name[VC_NAME_LEN_BYTES] = '\0'; |
200 | |
201 | snprintf(buf: log_string, size: sizeof(log_string), |
202 | fmt: "index: %d vce_hdr.vc_name (ASCII): %s" , |
203 | e->vce_hdr.vc_index, vc_name); |
204 | debug_text_event(cert_store_hexdump, 3, log_string); |
205 | |
206 | /* Certificate data. */ |
207 | debug_text_event(cert_store_hexdump, 3, "VCE: Certificate data start" ); |
208 | debug_event(cert_store_hexdump, 3, (u8 *)e->cert_data_buf, 128); |
209 | debug_text_event(cert_store_hexdump, 3, "VCE: Certificate data end" ); |
210 | debug_event(cert_store_hexdump, 3, |
211 | (u8 *)e->cert_data_buf + e->vce_hdr.vce_length - 128, 128); |
212 | } |
213 | |
214 | static void pr_dbf_vcssb(const struct vcssb *s) |
215 | { |
216 | debug_text_event(cert_store_hexdump, 3, "DIAG320 Subcode1" ); |
217 | debug_event(cert_store_hexdump, 3, (u8 *)s, VCSSB_LEN_BYTES); |
218 | |
219 | pr_dbf_msg("VCSSB:" ); |
220 | pr_dbf_msg("vcssb_length: %u" , s->vcssb_length); |
221 | pr_dbf_msg("version: %u" , s->version); |
222 | pr_dbf_msg("cs_token: %u" , s->cs_token); |
223 | pr_dbf_msg("total_vc_index_count: %u" , s->total_vc_index_count); |
224 | pr_dbf_msg("max_vc_index_count: %u" , s->max_vc_index_count); |
225 | pr_dbf_msg("max_vce_length: %u" , s->max_vce_length); |
226 | pr_dbf_msg("max_vcxe_length: %u" , s->max_vce_length); |
227 | pr_dbf_msg("max_single_vcb_length: %u" , s->max_single_vcb_length); |
228 | pr_dbf_msg("total_vcb_length: %u" , s->total_vcb_length); |
229 | pr_dbf_msg("max_single_vcxb_length: %u" , s->max_single_vcxb_length); |
230 | pr_dbf_msg("total_vcxb_length: %u" , s->total_vcxb_length); |
231 | } |
232 | |
233 | static int __diag320(unsigned long subcode, void *addr) |
234 | { |
235 | union register_pair rp = { .even = (unsigned long)addr, }; |
236 | |
237 | asm volatile( |
238 | " diag %[rp],%[subcode],0x320\n" |
239 | "0: nopr %%r7\n" |
240 | EX_TABLE(0b, 0b) |
241 | : [rp] "+d" (rp.pair) |
242 | : [subcode] "d" (subcode) |
243 | : "cc" , "memory" ); |
244 | |
245 | return rp.odd; |
246 | } |
247 | |
248 | static int diag320(unsigned long subcode, void *addr) |
249 | { |
250 | diag_stat_inc(DIAG_STAT_X320); |
251 | |
252 | return __diag320(subcode, addr); |
253 | } |
254 | |
255 | /* |
256 | * Calculate SHA256 hash of the VCE certificate and compare it to hash stored in |
257 | * VCE. Return -EINVAL if hashes don't match. |
258 | */ |
259 | static int check_certificate_hash(const struct vce *vce) |
260 | { |
261 | u8 hash[SHA256_DIGEST_SIZE]; |
262 | u16 vc_hash_length; |
263 | u8 *vce_hash; |
264 | |
265 | vce_hash = (u8 *)vce + vce->vce_hdr.vc_hash_offset; |
266 | vc_hash_length = vce->vce_hdr.vc_hash_length; |
267 | sha256(data: (u8 *)vce + vce->vce_hdr.vc_offset, len: vce->vce_hdr.vc_length, out: hash); |
268 | if (memcmp(p: vce_hash, q: hash, size: vc_hash_length) == 0) |
269 | return 0; |
270 | |
271 | pr_dbf_msg("SHA256 hash of received certificate does not match" ); |
272 | debug_text_event(cert_store_hexdump, 3, "VCE hash:" ); |
273 | debug_event(cert_store_hexdump, 3, vce_hash, SHA256_DIGEST_SIZE); |
274 | debug_text_event(cert_store_hexdump, 3, "Calculated hash:" ); |
275 | debug_event(cert_store_hexdump, 3, hash, SHA256_DIGEST_SIZE); |
276 | |
277 | return -EINVAL; |
278 | } |
279 | |
280 | static int check_certificate_valid(const struct vce *vce) |
281 | { |
282 | if (!(vce->vce_hdr.flags & VCE_FLAGS_VALID_MASK)) { |
283 | pr_dbf_msg("Certificate entry is invalid" ); |
284 | return -EINVAL; |
285 | } |
286 | if (vce->vce_hdr.vc_format != 1) { |
287 | pr_dbf_msg("Certificate format is not supported" ); |
288 | return -EINVAL; |
289 | } |
290 | if (vce->vce_hdr.vc_hash_type != 1) { |
291 | pr_dbf_msg("Hash type is not supported" ); |
292 | return -EINVAL; |
293 | } |
294 | |
295 | return check_certificate_hash(vce); |
296 | } |
297 | |
298 | static struct key *get_user_session_keyring(void) |
299 | { |
300 | key_ref_t us_keyring_ref; |
301 | |
302 | us_keyring_ref = lookup_user_key(KEY_SPEC_USER_SESSION_KEYRING, |
303 | flags: KEY_LOOKUP_CREATE, need_perm: KEY_NEED_LINK); |
304 | if (IS_ERR(ptr: us_keyring_ref)) { |
305 | pr_dbf_msg("Couldn't get user session keyring: %ld" , |
306 | PTR_ERR(us_keyring_ref)); |
307 | return ERR_PTR(error: -ENOKEY); |
308 | } |
309 | key_ref_put(key_ref: us_keyring_ref); |
310 | return key_ref_to_ptr(key_ref: us_keyring_ref); |
311 | } |
312 | |
313 | /* Invalidate all keys from cert_store keyring. */ |
314 | static int invalidate_keyring_keys(struct key *keyring) |
315 | { |
316 | unsigned long num_keys, key_index; |
317 | size_t keyring_payload_len; |
318 | key_serial_t *key_array; |
319 | struct key *current_key; |
320 | int rc; |
321 | |
322 | keyring_payload_len = key_type_keyring.read(keyring, NULL, 0); |
323 | num_keys = keyring_payload_len / sizeof(key_serial_t); |
324 | key_array = kcalloc(n: num_keys, size: sizeof(key_serial_t), GFP_KERNEL); |
325 | if (!key_array) |
326 | return -ENOMEM; |
327 | |
328 | rc = key_type_keyring.read(keyring, (char *)key_array, keyring_payload_len); |
329 | if (rc != keyring_payload_len) { |
330 | pr_dbf_msg("Couldn't read keyring payload" ); |
331 | goto out; |
332 | } |
333 | |
334 | for (key_index = 0; key_index < num_keys; key_index++) { |
335 | current_key = key_lookup(id: key_array[key_index]); |
336 | pr_dbf_msg("Invalidating key %08x" , current_key->serial); |
337 | |
338 | key_invalidate(key: current_key); |
339 | key_put(key: current_key); |
340 | rc = key_unlink(keyring, key: current_key); |
341 | if (rc) { |
342 | pr_dbf_msg("Couldn't unlink key %08x: %d" , current_key->serial, rc); |
343 | break; |
344 | } |
345 | } |
346 | out: |
347 | kfree(objp: key_array); |
348 | return rc; |
349 | } |
350 | |
351 | static struct key *find_cs_keyring(void) |
352 | { |
353 | key_ref_t cs_keyring_ref; |
354 | struct key *cs_keyring; |
355 | |
356 | cs_keyring_ref = keyring_search(keyring: make_key_ref(key: get_user_session_keyring(), possession: true), |
357 | type: &key_type_keyring, CERT_STORE_KEYRING_NAME, |
358 | recurse: false); |
359 | if (!IS_ERR(ptr: cs_keyring_ref)) { |
360 | cs_keyring = key_ref_to_ptr(key_ref: cs_keyring_ref); |
361 | key_ref_put(key_ref: cs_keyring_ref); |
362 | goto found; |
363 | } |
364 | /* Search default locations: thread, process, session keyrings */ |
365 | cs_keyring = request_key(type: &key_type_keyring, CERT_STORE_KEYRING_NAME, NULL); |
366 | if (IS_ERR(ptr: cs_keyring)) |
367 | return NULL; |
368 | key_put(key: cs_keyring); |
369 | found: |
370 | return cs_keyring; |
371 | } |
372 | |
373 | static void cleanup_cs_keys(void) |
374 | { |
375 | struct key *cs_keyring; |
376 | |
377 | cs_keyring = find_cs_keyring(); |
378 | if (!cs_keyring) |
379 | return; |
380 | |
381 | pr_dbf_msg("Found cert_store keyring. Purging..." ); |
382 | /* |
383 | * Remove cert_store_key_type in case invalidation |
384 | * of old cert_store keys failed (= severe error). |
385 | */ |
386 | if (invalidate_keyring_keys(keyring: cs_keyring)) |
387 | unregister_key_type(ktype: &key_type_cert_store_key); |
388 | |
389 | keyring_clear(keyring: cs_keyring); |
390 | key_invalidate(key: cs_keyring); |
391 | key_put(key: cs_keyring); |
392 | key_unlink(keyring: get_user_session_keyring(), key: cs_keyring); |
393 | } |
394 | |
395 | static struct key *create_cs_keyring(void) |
396 | { |
397 | static struct key *cs_keyring; |
398 | |
399 | /* Cleanup previous cs_keyring and all associated keys if any. */ |
400 | cleanup_cs_keys(); |
401 | cs_keyring = keyring_alloc(CERT_STORE_KEYRING_NAME, GLOBAL_ROOT_UID, |
402 | GLOBAL_ROOT_GID, current_cred(), |
403 | perm: (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ, |
404 | KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_SET_KEEP, |
405 | NULL, dest: get_user_session_keyring()); |
406 | if (IS_ERR(cs_keyring)) { |
407 | pr_dbf_msg("Can't allocate cert_store keyring" ); |
408 | return NULL; |
409 | } |
410 | |
411 | pr_dbf_msg("Successfully allocated cert_store keyring: %08x" , cs_keyring->serial); |
412 | |
413 | /* |
414 | * In case a previous clean-up ran into an |
415 | * error and unregistered key type. |
416 | */ |
417 | register_key_type(&key_type_cert_store_key); |
418 | |
419 | return cs_keyring; |
420 | } |
421 | |
422 | /* |
423 | * Allocate memory and create key description in format |
424 | * [key name in EBCDIC]:[VCE index]:[CS token]. |
425 | * Return a pointer to key description or NULL if memory |
426 | * allocation failed. Memory should be freed by caller. |
427 | */ |
428 | static char *get_key_description(struct vcssb *vcssb, const struct vce *vce) |
429 | { |
430 | size_t len, name_len; |
431 | u32 cs_token; |
432 | char *desc; |
433 | |
434 | cs_token = vcssb->cs_token; |
435 | /* Description string contains "%64s:%05u:%010u\0". */ |
436 | name_len = sizeof(vce->vce_hdr.vc_name); |
437 | len = name_len + 1 + 5 + 1 + 10 + 1; |
438 | desc = kmalloc(size: len, GFP_KERNEL); |
439 | if (!desc) |
440 | return NULL; |
441 | |
442 | memcpy(desc, vce->vce_hdr.vc_name, name_len); |
443 | snprintf(buf: desc + name_len, size: len - name_len, fmt: ":%05u:%010u" , |
444 | vce->vce_hdr.vc_index, cs_token); |
445 | |
446 | return desc; |
447 | } |
448 | |
449 | /* |
450 | * Create a key of type "cert_store_key" using the data from VCE for key |
451 | * payload and key description. Link the key to "cert_store" keyring. |
452 | */ |
453 | static int create_key_from_vce(struct vcssb *vcssb, struct vce *vce, |
454 | struct key *keyring) |
455 | { |
456 | key_ref_t newkey; |
457 | char *desc; |
458 | int rc; |
459 | |
460 | desc = get_key_description(vcssb, vce); |
461 | if (!desc) |
462 | return -ENOMEM; |
463 | |
464 | newkey = key_create_or_update( |
465 | keyring: make_key_ref(key: keyring, possession: true), CERT_STORE_KEY_TYPE_NAME, |
466 | description: desc, payload: (u8 *)vce + vce->vce_hdr.vc_offset, |
467 | plen: vce->vce_hdr.vc_length, |
468 | perm: (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ, |
469 | KEY_ALLOC_NOT_IN_QUOTA); |
470 | |
471 | rc = PTR_ERR_OR_ZERO(ptr: newkey); |
472 | if (rc) { |
473 | pr_dbf_msg("Couldn't create a key from Certificate Entry (%d)" , rc); |
474 | rc = -ENOKEY; |
475 | goto out; |
476 | } |
477 | |
478 | key_ref_put(key_ref: newkey); |
479 | out: |
480 | kfree(objp: desc); |
481 | return rc; |
482 | } |
483 | |
484 | /* Get Verification Certificate Storage Size block with DIAG320 subcode2. */ |
485 | static int get_vcssb(struct vcssb *vcssb) |
486 | { |
487 | int diag320_rc; |
488 | |
489 | memset(vcssb, 0, sizeof(*vcssb)); |
490 | vcssb->vcssb_length = VCSSB_LEN_BYTES; |
491 | diag320_rc = diag320(subcode: DIAG320_STORAGE, addr: vcssb); |
492 | pr_dbf_vcssb(s: vcssb); |
493 | |
494 | if (diag320_rc != DIAG320_RC_OK) { |
495 | pr_dbf_msg("Diag 320 Subcode 1 returned bad RC: %04x" , diag320_rc); |
496 | return -EIO; |
497 | } |
498 | if (vcssb->vcssb_length == VCSSB_LEN_NO_CERTS) { |
499 | pr_dbf_msg("No certificates available for current configuration" ); |
500 | return -ENOKEY; |
501 | } |
502 | |
503 | return 0; |
504 | } |
505 | |
506 | static u32 get_4k_mult_vcb_size(struct vcssb *vcssb) |
507 | { |
508 | return round_up(vcssb->max_single_vcb_length, PAGE_SIZE); |
509 | } |
510 | |
511 | /* Fill input fields of single-entry VCB that will be read by LPAR. */ |
512 | static void fill_vcb_input(struct vcssb *vcssb, struct vcb *vcb, u16 index) |
513 | { |
514 | memset(vcb, 0, sizeof(*vcb)); |
515 | vcb->vcb_hdr.vcb_input_length = get_4k_mult_vcb_size(vcssb); |
516 | vcb->vcb_hdr.cs_token = vcssb->cs_token; |
517 | |
518 | /* Request single entry. */ |
519 | vcb->vcb_hdr.first_vc_index = index; |
520 | vcb->vcb_hdr.last_vc_index = index; |
521 | } |
522 | |
523 | static void (struct vcb *vcb, struct vce *vce) |
524 | { |
525 | struct vce *; |
526 | |
527 | extracted_vce = (struct vce *)vcb->vcb_buf; |
528 | memcpy(vce, vcb->vcb_buf, extracted_vce->vce_hdr.vce_length); |
529 | pr_dbf_vce(e: vce); |
530 | } |
531 | |
532 | static int get_sevcb(struct vcssb *vcssb, u16 index, struct vcb *vcb) |
533 | { |
534 | int rc, diag320_rc; |
535 | |
536 | fill_vcb_input(vcssb, vcb, index); |
537 | |
538 | diag320_rc = diag320(subcode: DIAG320_CERT_BLOCK, addr: vcb); |
539 | pr_dbf_msg("Diag 320 Subcode2 RC %2x" , diag320_rc); |
540 | pr_dbf_vcb(b: vcb); |
541 | |
542 | switch (diag320_rc) { |
543 | case DIAG320_RC_OK: |
544 | rc = 0; |
545 | if (vcb->vcb_hdr.vcb_output_length == VCB_LEN_NO_CERTS) { |
546 | pr_dbf_msg("No certificate entry for index %u" , index); |
547 | rc = -ENOKEY; |
548 | } else if (vcb->vcb_hdr.remaining_vc_count != 0) { |
549 | /* Retry on insufficient space. */ |
550 | pr_dbf_msg("Couldn't get all requested certificates" ); |
551 | rc = -EAGAIN; |
552 | } |
553 | break; |
554 | case DIAG320_RC_CS_NOMATCH: |
555 | pr_dbf_msg("Certificate Store token mismatch" ); |
556 | rc = -EAGAIN; |
557 | break; |
558 | default: |
559 | pr_dbf_msg("Diag 320 Subcode2 returned bad rc (0x%4x)" , diag320_rc); |
560 | rc = -EINVAL; |
561 | break; |
562 | } |
563 | |
564 | return rc; |
565 | } |
566 | |
567 | /* |
568 | * Allocate memory for single-entry VCB, get VCB via DIAG320 subcode 2 call, |
569 | * extract VCE and create a key from its' certificate. |
570 | */ |
571 | static int create_key_from_sevcb(struct vcssb *vcssb, u16 index, |
572 | struct key *keyring) |
573 | { |
574 | struct vcb *vcb; |
575 | struct vce *vce; |
576 | int rc; |
577 | |
578 | rc = -ENOMEM; |
579 | vcb = vmalloc(get_4k_mult_vcb_size(vcssb)); |
580 | vce = vmalloc(vcssb->max_single_vcb_length - sizeof(vcb->vcb_hdr)); |
581 | if (!vcb || !vce) |
582 | goto out; |
583 | |
584 | rc = get_sevcb(vcssb, index, vcb); |
585 | if (rc) |
586 | goto out; |
587 | |
588 | extract_vce_from_sevcb(vcb, vce); |
589 | rc = check_certificate_valid(vce); |
590 | if (rc) |
591 | goto out; |
592 | |
593 | rc = create_key_from_vce(vcssb, vce, keyring); |
594 | if (rc) |
595 | goto out; |
596 | |
597 | pr_dbf_msg("Successfully created key from Certificate Entry %d" , index); |
598 | out: |
599 | vfree(vce); |
600 | vfree(vcb); |
601 | return rc; |
602 | } |
603 | |
604 | /* |
605 | * Request a single-entry VCB for each VCE available for the partition. |
606 | * Create a key from it and link it to cert_store keyring. If no keys |
607 | * could be created (i.e. VCEs were invalid) return -ENOKEY. |
608 | */ |
609 | static int add_certificates_to_keyring(struct vcssb *vcssb, struct key *keyring) |
610 | { |
611 | int rc, index, count, added; |
612 | |
613 | count = 0; |
614 | added = 0; |
615 | /* Certificate Store entries indices start with 1 and have no gaps. */ |
616 | for (index = 1; index < vcssb->total_vc_index_count + 1; index++) { |
617 | pr_dbf_msg("Creating key from VCE %u" , index); |
618 | rc = create_key_from_sevcb(vcssb, index, keyring); |
619 | count++; |
620 | |
621 | if (rc == -EAGAIN) |
622 | return rc; |
623 | |
624 | if (rc) |
625 | pr_dbf_msg("Creating key from VCE %u failed (%d)" , index, rc); |
626 | else |
627 | added++; |
628 | } |
629 | |
630 | if (added == 0) { |
631 | pr_dbf_msg("Processed %d entries. No keys created" , count); |
632 | return -ENOKEY; |
633 | } |
634 | |
635 | pr_info("Added %d of %d keys to cert_store keyring" , added, count); |
636 | |
637 | /* |
638 | * Do not allow to link more keys to certificate store keyring after all |
639 | * the VCEs were processed. |
640 | */ |
641 | rc = keyring_restrict(keyring: make_key_ref(key: keyring, possession: true), NULL, NULL); |
642 | if (rc) |
643 | pr_dbf_msg("Failed to set restriction to cert_store keyring (%d)" , rc); |
644 | |
645 | return 0; |
646 | } |
647 | |
648 | /* |
649 | * Check which DIAG320 subcodes are installed. |
650 | * Return -ENOENT if subcodes 1 or 2 are not available. |
651 | */ |
652 | static int query_diag320_subcodes(void) |
653 | { |
654 | unsigned long ism[ISM_LEN_DWORDS]; |
655 | int rc; |
656 | |
657 | rc = diag320(subcode: 0, addr: ism); |
658 | if (rc != DIAG320_RC_OK) { |
659 | pr_dbf_msg("DIAG320 subcode query returned %04x" , rc); |
660 | return -ENOENT; |
661 | } |
662 | |
663 | debug_text_event(cert_store_hexdump, 3, "DIAG320 Subcode 0" ); |
664 | debug_event(cert_store_hexdump, 3, ism, sizeof(ism)); |
665 | |
666 | if (!test_bit_inv(1, ism) || !test_bit_inv(2, ism)) { |
667 | pr_dbf_msg("Not all required DIAG320 subcodes are installed" ); |
668 | return -ENOENT; |
669 | } |
670 | |
671 | return 0; |
672 | } |
673 | |
674 | /* |
675 | * Check if Certificate Store is supported by the firmware and DIAG320 subcodes |
676 | * 1 and 2 are installed. Create cert_store keyring and link all certificates |
677 | * available for the current partition to it as "cert_store_key" type |
678 | * keys. On refresh or error invalidate cert_store keyring and destroy |
679 | * all keys of "cert_store_key" type. |
680 | */ |
681 | static int fill_cs_keyring(void) |
682 | { |
683 | struct key *cs_keyring; |
684 | struct vcssb *vcssb; |
685 | int rc; |
686 | |
687 | rc = -ENOMEM; |
688 | vcssb = kmalloc(VCSSB_LEN_BYTES, GFP_KERNEL); |
689 | if (!vcssb) |
690 | goto cleanup_keys; |
691 | |
692 | rc = -ENOENT; |
693 | if (!sclp.has_diag320) { |
694 | pr_dbf_msg("Certificate Store is not supported" ); |
695 | goto cleanup_keys; |
696 | } |
697 | |
698 | rc = query_diag320_subcodes(); |
699 | if (rc) |
700 | goto cleanup_keys; |
701 | |
702 | rc = get_vcssb(vcssb); |
703 | if (rc) |
704 | goto cleanup_keys; |
705 | |
706 | rc = -ENOMEM; |
707 | cs_keyring = create_cs_keyring(); |
708 | if (!cs_keyring) |
709 | goto cleanup_keys; |
710 | |
711 | rc = add_certificates_to_keyring(vcssb, keyring: cs_keyring); |
712 | if (rc) |
713 | goto cleanup_cs_keyring; |
714 | |
715 | goto out; |
716 | |
717 | cleanup_cs_keyring: |
718 | key_put(key: cs_keyring); |
719 | cleanup_keys: |
720 | cleanup_cs_keys(); |
721 | out: |
722 | kfree(objp: vcssb); |
723 | return rc; |
724 | } |
725 | |
726 | static DEFINE_MUTEX(cs_refresh_lock); |
727 | static int cs_status_val = -1; |
728 | |
729 | static ssize_t cs_status_show(struct kobject *kobj, |
730 | struct kobj_attribute *attr, char *buf) |
731 | { |
732 | if (cs_status_val == -1) |
733 | return sysfs_emit(buf, fmt: "uninitialized\n" ); |
734 | else if (cs_status_val == 0) |
735 | return sysfs_emit(buf, fmt: "ok\n" ); |
736 | |
737 | return sysfs_emit(buf, fmt: "failed (%d)\n" , cs_status_val); |
738 | } |
739 | |
740 | static struct kobj_attribute cs_status_attr = __ATTR_RO(cs_status); |
741 | |
742 | static ssize_t refresh_store(struct kobject *kobj, struct kobj_attribute *attr, |
743 | const char *buf, size_t count) |
744 | { |
745 | int rc, retries; |
746 | |
747 | pr_dbf_msg("Refresh certificate store information requested" ); |
748 | rc = mutex_lock_interruptible(&cs_refresh_lock); |
749 | if (rc) |
750 | return rc; |
751 | |
752 | for (retries = 0; retries < DIAG_MAX_RETRIES; retries++) { |
753 | /* Request certificates from certificate store. */ |
754 | rc = fill_cs_keyring(); |
755 | if (rc) |
756 | pr_dbf_msg("Failed to refresh certificate store information (%d)" , rc); |
757 | if (rc != -EAGAIN) |
758 | break; |
759 | } |
760 | cs_status_val = rc; |
761 | mutex_unlock(lock: &cs_refresh_lock); |
762 | |
763 | return rc ?: count; |
764 | } |
765 | |
766 | static struct kobj_attribute refresh_attr = __ATTR_WO(refresh); |
767 | |
768 | static const struct attribute *cert_store_attrs[] __initconst = { |
769 | &cs_status_attr.attr, |
770 | &refresh_attr.attr, |
771 | NULL, |
772 | }; |
773 | |
774 | static struct kobject *cert_store_kobj; |
775 | |
776 | static int __init cert_store_init(void) |
777 | { |
778 | int rc = -ENOMEM; |
779 | |
780 | cert_store_dbf = debug_register("cert_store_msg" , 10, 1, 64); |
781 | if (!cert_store_dbf) |
782 | goto cleanup_dbf; |
783 | |
784 | cert_store_hexdump = debug_register("cert_store_hexdump" , 3, 1, 128); |
785 | if (!cert_store_hexdump) |
786 | goto cleanup_dbf; |
787 | |
788 | debug_register_view(cert_store_hexdump, &debug_hex_ascii_view); |
789 | debug_register_view(cert_store_dbf, &debug_sprintf_view); |
790 | |
791 | /* Create directory /sys/firmware/cert_store. */ |
792 | cert_store_kobj = kobject_create_and_add(name: "cert_store" , parent: firmware_kobj); |
793 | if (!cert_store_kobj) |
794 | goto cleanup_dbf; |
795 | |
796 | rc = sysfs_create_files(kobj: cert_store_kobj, attr: cert_store_attrs); |
797 | if (rc) |
798 | goto cleanup_kobj; |
799 | |
800 | register_key_type(ktype: &key_type_cert_store_key); |
801 | |
802 | return rc; |
803 | |
804 | cleanup_kobj: |
805 | kobject_put(kobj: cert_store_kobj); |
806 | cleanup_dbf: |
807 | debug_unregister(cert_store_dbf); |
808 | debug_unregister(cert_store_hexdump); |
809 | |
810 | return rc; |
811 | } |
812 | device_initcall(cert_store_init); |
813 | |