| 1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
|---|
| 2 | /* |
|---|
| 3 | * Copyright IBM Corp. 2019 |
|---|
| 4 | * Author(s): Harald Freudenberger <freude@linux.ibm.com> |
|---|
| 5 | * Ingo Franzki <ifranzki@linux.ibm.com> |
|---|
| 6 | * |
|---|
| 7 | * Collection of CCA misc functions used by zcrypt and pkey |
|---|
| 8 | */ |
|---|
| 9 | |
|---|
| 10 | #ifndef _ZCRYPT_CCAMISC_H_ |
|---|
| 11 | #define _ZCRYPT_CCAMISC_H_ |
|---|
| 12 | |
|---|
| 13 | #include <asm/zcrypt.h> |
|---|
| 14 | #include <asm/pkey.h> |
|---|
| 15 | |
|---|
| 16 | /* Key token types */ |
|---|
| 17 | #define TOKTYPE_NON_CCA 0x00 /* Non-CCA key token */ |
|---|
| 18 | #define TOKTYPE_CCA_INTERNAL 0x01 /* CCA internal sym key token */ |
|---|
| 19 | #define TOKTYPE_CCA_INTERNAL_PKA 0x1f /* CCA internal asym key token */ |
|---|
| 20 | |
|---|
| 21 | /* For TOKTYPE_NON_CCA: */ |
|---|
| 22 | #define TOKVER_PROTECTED_KEY 0x01 /* Protected key token */ |
|---|
| 23 | #define TOKVER_CLEAR_KEY 0x02 /* Clear key token */ |
|---|
| 24 | |
|---|
| 25 | /* For TOKTYPE_CCA_INTERNAL: */ |
|---|
| 26 | #define TOKVER_CCA_AES 0x04 /* CCA AES key token */ |
|---|
| 27 | #define TOKVER_CCA_VLSC 0x05 /* var length sym cipher key token */ |
|---|
| 28 | |
|---|
| 29 | /* Max size of a cca variable length cipher key token */ |
|---|
| 30 | #define MAXCCAVLSCTOKENSIZE 725 |
|---|
| 31 | |
|---|
| 32 | /* header part of a CCA key token */ |
|---|
| 33 | struct { |
|---|
| 34 | u8 ; /* one of the TOKTYPE values */ |
|---|
| 35 | u8 [1]; |
|---|
| 36 | u16 ; /* vlsc token: total length in bytes */ |
|---|
| 37 | u8 ; /* one of the TOKVER values */ |
|---|
| 38 | u8 [3]; |
|---|
| 39 | } __packed; |
|---|
| 40 | |
|---|
| 41 | /* inside view of a CCA secure key token (only type 0x01 version 0x04) */ |
|---|
| 42 | struct secaeskeytoken { |
|---|
| 43 | u8 type; /* 0x01 for internal key token */ |
|---|
| 44 | u8 res0[3]; |
|---|
| 45 | u8 version; /* should be 0x04 */ |
|---|
| 46 | u8 res1[1]; |
|---|
| 47 | u8 flag; /* key flags */ |
|---|
| 48 | u8 res2[1]; |
|---|
| 49 | u64 mkvp; /* master key verification pattern */ |
|---|
| 50 | u8 key[32]; /* key value (encrypted) */ |
|---|
| 51 | u8 cv[8]; /* control vector */ |
|---|
| 52 | u16 bitsize; /* key bit size */ |
|---|
| 53 | u16 keysize; /* key byte size */ |
|---|
| 54 | u8 tvv[4]; /* token validation value */ |
|---|
| 55 | } __packed; |
|---|
| 56 | |
|---|
| 57 | /* inside view of a variable length symmetric cipher AES key token */ |
|---|
| 58 | struct cipherkeytoken { |
|---|
| 59 | u8 type; /* 0x01 for internal key token */ |
|---|
| 60 | u8 res0[1]; |
|---|
| 61 | u16 len; /* total key token length in bytes */ |
|---|
| 62 | u8 version; /* should be 0x05 */ |
|---|
| 63 | u8 res1[3]; |
|---|
| 64 | u8 kms; /* key material state, 0x03 means wrapped with MK */ |
|---|
| 65 | u8 kvpt; /* key verification pattern type, should be 0x01 */ |
|---|
| 66 | u64 mkvp0; /* master key verification pattern, lo part */ |
|---|
| 67 | u64 mkvp1; /* master key verification pattern, hi part (unused) */ |
|---|
| 68 | u8 eskwm; /* encrypted section key wrapping method */ |
|---|
| 69 | u8 hashalg; /* hash algorithmus used for wrapping key */ |
|---|
| 70 | u8 plfver; /* pay load format version */ |
|---|
| 71 | u8 res2[1]; |
|---|
| 72 | u8 adsver; /* associated data section version */ |
|---|
| 73 | u8 res3[1]; |
|---|
| 74 | u16 adslen; /* associated data section length */ |
|---|
| 75 | u8 kllen; /* optional key label length */ |
|---|
| 76 | u8 ieaslen; /* optional extended associated data length */ |
|---|
| 77 | u8 uadlen; /* optional user definable associated data length */ |
|---|
| 78 | u8 res4[1]; |
|---|
| 79 | u16 wpllen; /* wrapped payload length in bits: */ |
|---|
| 80 | /* plfver 0x00 0x01 */ |
|---|
| 81 | /* AES-128 512 640 */ |
|---|
| 82 | /* AES-192 576 640 */ |
|---|
| 83 | /* AES-256 640 640 */ |
|---|
| 84 | u8 res5[1]; |
|---|
| 85 | u8 algtype; /* 0x02 for AES cipher */ |
|---|
| 86 | u16 keytype; /* 0x0001 for 'cipher' */ |
|---|
| 87 | u8 kufc; /* key usage field count */ |
|---|
| 88 | u16 kuf1; /* key usage field 1 */ |
|---|
| 89 | u16 kuf2; /* key usage field 2 */ |
|---|
| 90 | u8 kmfc; /* key management field count */ |
|---|
| 91 | u16 kmf1; /* key management field 1 */ |
|---|
| 92 | u16 kmf2; /* key management field 2 */ |
|---|
| 93 | u16 kmf3; /* key management field 3 */ |
|---|
| 94 | u8 vdata[]; /* variable part data follows */ |
|---|
| 95 | } __packed; |
|---|
| 96 | |
|---|
| 97 | /* inside view of an CCA secure ECC private key */ |
|---|
| 98 | struct eccprivkeytoken { |
|---|
| 99 | u8 type; /* 0x1f for internal asym key token */ |
|---|
| 100 | u8 version; /* should be 0x00 */ |
|---|
| 101 | u16 len; /* total key token length in bytes */ |
|---|
| 102 | u8 res1[4]; |
|---|
| 103 | u8 secid; /* 0x20 for ECC priv key section marker */ |
|---|
| 104 | u8 secver; /* section version */ |
|---|
| 105 | u16 seclen; /* section length */ |
|---|
| 106 | u8 wtype; /* wrapping method, 0x00 clear, 0x01 AES */ |
|---|
| 107 | u8 htype; /* hash method, 0x02 for SHA-256 */ |
|---|
| 108 | u8 res2[2]; |
|---|
| 109 | u8 kutc; /* key usage and translation control */ |
|---|
| 110 | u8 ctype; /* curve type */ |
|---|
| 111 | u8 kfs; /* key format and security */ |
|---|
| 112 | u8 ksrc; /* key source */ |
|---|
| 113 | u16 pbitlen; /* length of prime p in bits */ |
|---|
| 114 | u16 ibmadlen; /* IBM associated data length in bytes */ |
|---|
| 115 | u64 mkvp; /* master key verification pattern */ |
|---|
| 116 | u8 opk[48]; /* encrypted object protection key data */ |
|---|
| 117 | u16 adatalen; /* associated data length in bytes */ |
|---|
| 118 | u16 fseclen; /* formatted section length in bytes */ |
|---|
| 119 | u8 more_data[]; /* more data follows */ |
|---|
| 120 | } __packed; |
|---|
| 121 | |
|---|
| 122 | /* Some defines for the CCA AES cipherkeytoken kmf1 field */ |
|---|
| 123 | #define KMF1_XPRT_SYM 0x8000 |
|---|
| 124 | #define KMF1_XPRT_UASY 0x4000 |
|---|
| 125 | #define KMF1_XPRT_AASY 0x2000 |
|---|
| 126 | #define KMF1_XPRT_RAW 0x1000 |
|---|
| 127 | #define KMF1_XPRT_CPAC 0x0800 |
|---|
| 128 | #define KMF1_XPRT_DES 0x0080 |
|---|
| 129 | #define KMF1_XPRT_AES 0x0040 |
|---|
| 130 | #define KMF1_XPRT_RSA 0x0008 |
|---|
| 131 | |
|---|
| 132 | /* |
|---|
| 133 | * Simple check if the token is a valid CCA secure AES data key |
|---|
| 134 | * token. If keybitsize is given, the bitsize of the key is |
|---|
| 135 | * also checked. Returns 0 on success or errno value on failure. |
|---|
| 136 | */ |
|---|
| 137 | int cca_check_secaeskeytoken(debug_info_t *dbg, int dbflvl, |
|---|
| 138 | const u8 *token, int keybitsize); |
|---|
| 139 | |
|---|
| 140 | /* |
|---|
| 141 | * Simple check if the token is a valid CCA secure AES cipher key |
|---|
| 142 | * token. If keybitsize is given, the bitsize of the key is |
|---|
| 143 | * also checked. If checkcpacfexport is enabled, the key is also |
|---|
| 144 | * checked for the export flag to allow CPACF export. |
|---|
| 145 | * Returns 0 on success or errno value on failure. |
|---|
| 146 | */ |
|---|
| 147 | int cca_check_secaescipherkey(debug_info_t *dbg, int dbflvl, |
|---|
| 148 | const u8 *token, int keybitsize, |
|---|
| 149 | int checkcpacfexport); |
|---|
| 150 | |
|---|
| 151 | /* |
|---|
| 152 | * Simple check if the token is a valid CCA secure ECC private |
|---|
| 153 | * key token. Returns 0 on success or errno value on failure. |
|---|
| 154 | */ |
|---|
| 155 | int cca_check_sececckeytoken(debug_info_t *dbg, int dbflvl, |
|---|
| 156 | const u8 *token, size_t keysize, |
|---|
| 157 | int checkcpacfexport); |
|---|
| 158 | |
|---|
| 159 | /* |
|---|
| 160 | * Generate (random) CCA AES DATA secure key. |
|---|
| 161 | */ |
|---|
| 162 | int cca_genseckey(u16 cardnr, u16 domain, u32 keybitsize, u8 *seckey); |
|---|
| 163 | |
|---|
| 164 | /* |
|---|
| 165 | * Generate CCA AES DATA secure key with given clear key value. |
|---|
| 166 | */ |
|---|
| 167 | int cca_clr2seckey(u16 cardnr, u16 domain, u32 keybitsize, |
|---|
| 168 | const u8 *clrkey, u8 *seckey); |
|---|
| 169 | |
|---|
| 170 | /* |
|---|
| 171 | * Derive proteced key from an CCA AES DATA secure key. |
|---|
| 172 | */ |
|---|
| 173 | int cca_sec2protkey(u16 cardnr, u16 domain, |
|---|
| 174 | const u8 *seckey, u8 *protkey, u32 *protkeylen, |
|---|
| 175 | u32 *protkeytype); |
|---|
| 176 | |
|---|
| 177 | /* |
|---|
| 178 | * Generate (random) CCA AES CIPHER secure key. |
|---|
| 179 | */ |
|---|
| 180 | int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags, |
|---|
| 181 | u8 *keybuf, size_t *keybufsize); |
|---|
| 182 | |
|---|
| 183 | /* |
|---|
| 184 | * Derive proteced key from CCA AES cipher secure key. |
|---|
| 185 | */ |
|---|
| 186 | int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey, |
|---|
| 187 | u8 *protkey, u32 *protkeylen, u32 *protkeytype); |
|---|
| 188 | |
|---|
| 189 | /* |
|---|
| 190 | * Build CCA AES CIPHER secure key with a given clear key value. |
|---|
| 191 | */ |
|---|
| 192 | int cca_clr2cipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags, |
|---|
| 193 | const u8 *clrkey, u8 *keybuf, size_t *keybufsize); |
|---|
| 194 | |
|---|
| 195 | /* |
|---|
| 196 | * Derive proteced key from CCA ECC secure private key. |
|---|
| 197 | */ |
|---|
| 198 | int cca_ecc2protkey(u16 cardnr, u16 domain, const u8 *key, |
|---|
| 199 | u8 *protkey, u32 *protkeylen, u32 *protkeytype); |
|---|
| 200 | |
|---|
| 201 | /* |
|---|
| 202 | * Query cryptographic facility from CCA adapter |
|---|
| 203 | */ |
|---|
| 204 | int cca_query_crypto_facility(u16 cardnr, u16 domain, |
|---|
| 205 | const char *keyword, |
|---|
| 206 | u8 *rarray, size_t *rarraylen, |
|---|
| 207 | u8 *varray, size_t *varraylen); |
|---|
| 208 | |
|---|
| 209 | /* |
|---|
| 210 | * Search for a matching crypto card based on the Master Key |
|---|
| 211 | * Verification Pattern provided inside a secure key. |
|---|
| 212 | * Works with CCA AES data and cipher keys. |
|---|
| 213 | * Returns < 0 on failure, 0 if CURRENT MKVP matches and |
|---|
| 214 | * 1 if OLD MKVP matches. |
|---|
| 215 | */ |
|---|
| 216 | int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify); |
|---|
| 217 | |
|---|
| 218 | /* |
|---|
| 219 | * Build a list of cca apqns meeting the following constrains: |
|---|
| 220 | * - apqn is online and is in fact a CCA apqn |
|---|
| 221 | * - if cardnr is not FFFF only apqns with this cardnr |
|---|
| 222 | * - if domain is not FFFF only apqns with this domainnr |
|---|
| 223 | * - if minhwtype > 0 only apqns with hwtype >= minhwtype |
|---|
| 224 | * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp |
|---|
| 225 | * - if old_mkvp != 0 only apqns where old_mkvp == mkvp |
|---|
| 226 | * - if verify is enabled and a cur_mkvp and/or old_mkvp |
|---|
| 227 | * value is given, then refetch the cca_info and make sure the current |
|---|
| 228 | * cur_mkvp or old_mkvp values of the apqn are used. |
|---|
| 229 | * The mktype determines which set of master keys to use: |
|---|
| 230 | * 0 = AES_MK_SET - AES MK set, 1 = APKA MK_SET - APKA MK set |
|---|
| 231 | * The array of apqn entries is allocated with kmalloc and returned in *apqns; |
|---|
| 232 | * the number of apqns stored into the list is returned in *nr_apqns. One apqn |
|---|
| 233 | * entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and |
|---|
| 234 | * may be casted to struct pkey_apqn. The return value is either 0 for success |
|---|
| 235 | * or a negative errno value. If no apqn meeting the criteria is found, |
|---|
| 236 | * -ENODEV is returned. |
|---|
| 237 | */ |
|---|
| 238 | int cca_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain, |
|---|
| 239 | int minhwtype, int mktype, u64 cur_mkvp, u64 old_mkvp, |
|---|
| 240 | int verify); |
|---|
| 241 | |
|---|
| 242 | #define AES_MK_SET 0 |
|---|
| 243 | #define APKA_MK_SET 1 |
|---|
| 244 | |
|---|
| 245 | /* struct to hold info for each CCA queue */ |
|---|
| 246 | struct cca_info { |
|---|
| 247 | int hwtype; /* one of the defined AP_DEVICE_TYPE_* */ |
|---|
| 248 | char new_aes_mk_state; /* '1' empty, '2' partially full, '3' full */ |
|---|
| 249 | char cur_aes_mk_state; /* '1' invalid, '2' valid */ |
|---|
| 250 | char old_aes_mk_state; /* '1' invalid, '2' valid */ |
|---|
| 251 | char new_apka_mk_state; /* '1' empty, '2' partially full, '3' full */ |
|---|
| 252 | char cur_apka_mk_state; /* '1' invalid, '2' valid */ |
|---|
| 253 | char old_apka_mk_state; /* '1' invalid, '2' valid */ |
|---|
| 254 | char new_asym_mk_state; /* '1' empty, '2' partially full, '3' full */ |
|---|
| 255 | char cur_asym_mk_state; /* '1' invalid, '2' valid */ |
|---|
| 256 | char old_asym_mk_state; /* '1' invalid, '2' valid */ |
|---|
| 257 | u64 new_aes_mkvp; /* truncated sha256 of new aes master key */ |
|---|
| 258 | u64 cur_aes_mkvp; /* truncated sha256 of current aes master key */ |
|---|
| 259 | u64 old_aes_mkvp; /* truncated sha256 of old aes master key */ |
|---|
| 260 | u64 new_apka_mkvp; /* truncated sha256 of new apka master key */ |
|---|
| 261 | u64 cur_apka_mkvp; /* truncated sha256 of current apka mk */ |
|---|
| 262 | u64 old_apka_mkvp; /* truncated sha256 of old apka mk */ |
|---|
| 263 | u8 new_asym_mkvp[16]; /* verify pattern of new asym master key */ |
|---|
| 264 | u8 cur_asym_mkvp[16]; /* verify pattern of current asym master key */ |
|---|
| 265 | u8 old_asym_mkvp[16]; /* verify pattern of old asym master key */ |
|---|
| 266 | char serial[9]; /* serial number (8 ascii numbers + 0x00) */ |
|---|
| 267 | }; |
|---|
| 268 | |
|---|
| 269 | /* |
|---|
| 270 | * Fetch cca information about an CCA queue. |
|---|
| 271 | */ |
|---|
| 272 | int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify); |
|---|
| 273 | |
|---|
| 274 | void zcrypt_ccamisc_exit(void); |
|---|
| 275 | |
|---|
| 276 | #endif /* _ZCRYPT_CCAMISC_H_ */ |
|---|
| 277 | |
|---|
