1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0+ */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * Copyright IBM Corp. 2019 4*4882a593Smuzhiyun * Author(s): Harald Freudenberger <freude@linux.ibm.com> 5*4882a593Smuzhiyun * Ingo Franzki <ifranzki@linux.ibm.com> 6*4882a593Smuzhiyun * 7*4882a593Smuzhiyun * Collection of CCA misc functions used by zcrypt and pkey 8*4882a593Smuzhiyun */ 9*4882a593Smuzhiyun 10*4882a593Smuzhiyun #ifndef _ZCRYPT_CCAMISC_H_ 11*4882a593Smuzhiyun #define _ZCRYPT_CCAMISC_H_ 12*4882a593Smuzhiyun 13*4882a593Smuzhiyun #include <asm/zcrypt.h> 14*4882a593Smuzhiyun #include <asm/pkey.h> 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun /* Key token types */ 17*4882a593Smuzhiyun #define TOKTYPE_NON_CCA 0x00 /* Non-CCA key token */ 18*4882a593Smuzhiyun #define TOKTYPE_CCA_INTERNAL 0x01 /* CCA internal sym key token */ 19*4882a593Smuzhiyun #define TOKTYPE_CCA_INTERNAL_PKA 0x1f /* CCA internal asym key token */ 20*4882a593Smuzhiyun 21*4882a593Smuzhiyun /* For TOKTYPE_NON_CCA: */ 22*4882a593Smuzhiyun #define TOKVER_PROTECTED_KEY 0x01 /* Protected key token */ 23*4882a593Smuzhiyun #define TOKVER_CLEAR_KEY 0x02 /* Clear key token */ 24*4882a593Smuzhiyun 25*4882a593Smuzhiyun /* For TOKTYPE_CCA_INTERNAL: */ 26*4882a593Smuzhiyun #define TOKVER_CCA_AES 0x04 /* CCA AES key token */ 27*4882a593Smuzhiyun #define TOKVER_CCA_VLSC 0x05 /* var length sym cipher key token */ 28*4882a593Smuzhiyun 29*4882a593Smuzhiyun /* Max size of a cca variable length cipher key token */ 30*4882a593Smuzhiyun #define MAXCCAVLSCTOKENSIZE 725 31*4882a593Smuzhiyun 32*4882a593Smuzhiyun /* header part of a CCA key token */ 33*4882a593Smuzhiyun struct keytoken_header { 34*4882a593Smuzhiyun u8 type; /* one of the TOKTYPE values */ 35*4882a593Smuzhiyun u8 res0[1]; 36*4882a593Smuzhiyun u16 len; /* vlsc token: total length in bytes */ 37*4882a593Smuzhiyun u8 version; /* one of the TOKVER values */ 38*4882a593Smuzhiyun u8 res1[3]; 39*4882a593Smuzhiyun } __packed; 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun /* inside view of a CCA secure key token (only type 0x01 version 0x04) */ 42*4882a593Smuzhiyun struct secaeskeytoken { 43*4882a593Smuzhiyun u8 type; /* 0x01 for internal key token */ 44*4882a593Smuzhiyun u8 res0[3]; 45*4882a593Smuzhiyun u8 version; /* should be 0x04 */ 46*4882a593Smuzhiyun u8 res1[1]; 47*4882a593Smuzhiyun u8 flag; /* key flags */ 48*4882a593Smuzhiyun u8 res2[1]; 49*4882a593Smuzhiyun u64 mkvp; /* master key verification pattern */ 50*4882a593Smuzhiyun u8 key[32]; /* key value (encrypted) */ 51*4882a593Smuzhiyun u8 cv[8]; /* control vector */ 52*4882a593Smuzhiyun u16 bitsize; /* key bit size */ 53*4882a593Smuzhiyun u16 keysize; /* key byte size */ 54*4882a593Smuzhiyun u8 tvv[4]; /* token validation value */ 55*4882a593Smuzhiyun } __packed; 56*4882a593Smuzhiyun 57*4882a593Smuzhiyun /* inside view of a variable length symmetric cipher AES key token */ 58*4882a593Smuzhiyun struct cipherkeytoken { 59*4882a593Smuzhiyun u8 type; /* 0x01 for internal key token */ 60*4882a593Smuzhiyun u8 res0[1]; 61*4882a593Smuzhiyun u16 len; /* total key token length in bytes */ 62*4882a593Smuzhiyun u8 version; /* should be 0x05 */ 63*4882a593Smuzhiyun u8 res1[3]; 64*4882a593Smuzhiyun u8 kms; /* key material state, 0x03 means wrapped with MK */ 65*4882a593Smuzhiyun u8 kvpt; /* key verification pattern type, should be 0x01 */ 66*4882a593Smuzhiyun u64 mkvp0; /* master key verification pattern, lo part */ 67*4882a593Smuzhiyun u64 mkvp1; /* master key verification pattern, hi part (unused) */ 68*4882a593Smuzhiyun u8 eskwm; /* encrypted section key wrapping method */ 69*4882a593Smuzhiyun u8 hashalg; /* hash algorithmus used for wrapping key */ 70*4882a593Smuzhiyun u8 plfver; /* pay load format version */ 71*4882a593Smuzhiyun u8 res2[1]; 72*4882a593Smuzhiyun u8 adsver; /* associated data section version */ 73*4882a593Smuzhiyun u8 res3[1]; 74*4882a593Smuzhiyun u16 adslen; /* associated data section length */ 75*4882a593Smuzhiyun u8 kllen; /* optional key label length */ 76*4882a593Smuzhiyun u8 ieaslen; /* optional extended associated data length */ 77*4882a593Smuzhiyun u8 uadlen; /* optional user definable associated data length */ 78*4882a593Smuzhiyun u8 res4[1]; 79*4882a593Smuzhiyun u16 wpllen; /* wrapped payload length in bits: */ 80*4882a593Smuzhiyun /* plfver 0x00 0x01 */ 81*4882a593Smuzhiyun /* AES-128 512 640 */ 82*4882a593Smuzhiyun /* AES-192 576 640 */ 83*4882a593Smuzhiyun /* AES-256 640 640 */ 84*4882a593Smuzhiyun u8 res5[1]; 85*4882a593Smuzhiyun u8 algtype; /* 0x02 for AES cipher */ 86*4882a593Smuzhiyun u16 keytype; /* 0x0001 for 'cipher' */ 87*4882a593Smuzhiyun u8 kufc; /* key usage field count */ 88*4882a593Smuzhiyun u16 kuf1; /* key usage field 1 */ 89*4882a593Smuzhiyun u16 kuf2; /* key usage field 2 */ 90*4882a593Smuzhiyun u8 kmfc; /* key management field count */ 91*4882a593Smuzhiyun u16 kmf1; /* key management field 1 */ 92*4882a593Smuzhiyun u16 kmf2; /* key management field 2 */ 93*4882a593Smuzhiyun u16 kmf3; /* key management field 3 */ 94*4882a593Smuzhiyun u8 vdata[]; /* variable part data follows */ 95*4882a593Smuzhiyun } __packed; 96*4882a593Smuzhiyun 97*4882a593Smuzhiyun /* inside view of an CCA secure ECC private key */ 98*4882a593Smuzhiyun struct eccprivkeytoken { 99*4882a593Smuzhiyun u8 type; /* 0x1f for internal asym key token */ 100*4882a593Smuzhiyun u8 version; /* should be 0x00 */ 101*4882a593Smuzhiyun u16 len; /* total key token length in bytes */ 102*4882a593Smuzhiyun u8 res1[4]; 103*4882a593Smuzhiyun u8 secid; /* 0x20 for ECC priv key section marker */ 104*4882a593Smuzhiyun u8 secver; /* section version */ 105*4882a593Smuzhiyun u16 seclen; /* section length */ 106*4882a593Smuzhiyun u8 wtype; /* wrapping method, 0x00 clear, 0x01 AES */ 107*4882a593Smuzhiyun u8 htype; /* hash method, 0x02 for SHA-256 */ 108*4882a593Smuzhiyun u8 res2[2]; 109*4882a593Smuzhiyun u8 kutc; /* key usage and translation control */ 110*4882a593Smuzhiyun u8 ctype; /* curve type */ 111*4882a593Smuzhiyun u8 kfs; /* key format and security */ 112*4882a593Smuzhiyun u8 ksrc; /* key source */ 113*4882a593Smuzhiyun u16 pbitlen; /* length of prime p in bits */ 114*4882a593Smuzhiyun u16 ibmadlen; /* IBM associated data length in bytes */ 115*4882a593Smuzhiyun u64 mkvp; /* master key verification pattern */ 116*4882a593Smuzhiyun u8 opk[48]; /* encrypted object protection key data */ 117*4882a593Smuzhiyun u16 adatalen; /* associated data length in bytes */ 118*4882a593Smuzhiyun u16 fseclen; /* formated section length in bytes */ 119*4882a593Smuzhiyun u8 more_data[]; /* more data follows */ 120*4882a593Smuzhiyun } __packed; 121*4882a593Smuzhiyun 122*4882a593Smuzhiyun /* Some defines for the CCA AES cipherkeytoken kmf1 field */ 123*4882a593Smuzhiyun #define KMF1_XPRT_SYM 0x8000 124*4882a593Smuzhiyun #define KMF1_XPRT_UASY 0x4000 125*4882a593Smuzhiyun #define KMF1_XPRT_AASY 0x2000 126*4882a593Smuzhiyun #define KMF1_XPRT_RAW 0x1000 127*4882a593Smuzhiyun #define KMF1_XPRT_CPAC 0x0800 128*4882a593Smuzhiyun #define KMF1_XPRT_DES 0x0080 129*4882a593Smuzhiyun #define KMF1_XPRT_AES 0x0040 130*4882a593Smuzhiyun #define KMF1_XPRT_RSA 0x0008 131*4882a593Smuzhiyun 132*4882a593Smuzhiyun /* 133*4882a593Smuzhiyun * Simple check if the token is a valid CCA secure AES data key 134*4882a593Smuzhiyun * token. If keybitsize is given, the bitsize of the key is 135*4882a593Smuzhiyun * also checked. Returns 0 on success or errno value on failure. 136*4882a593Smuzhiyun */ 137*4882a593Smuzhiyun int cca_check_secaeskeytoken(debug_info_t *dbg, int dbflvl, 138*4882a593Smuzhiyun const u8 *token, int keybitsize); 139*4882a593Smuzhiyun 140*4882a593Smuzhiyun /* 141*4882a593Smuzhiyun * Simple check if the token is a valid CCA secure AES cipher key 142*4882a593Smuzhiyun * token. If keybitsize is given, the bitsize of the key is 143*4882a593Smuzhiyun * also checked. If checkcpacfexport is enabled, the key is also 144*4882a593Smuzhiyun * checked for the export flag to allow CPACF export. 145*4882a593Smuzhiyun * Returns 0 on success or errno value on failure. 146*4882a593Smuzhiyun */ 147*4882a593Smuzhiyun int cca_check_secaescipherkey(debug_info_t *dbg, int dbflvl, 148*4882a593Smuzhiyun const u8 *token, int keybitsize, 149*4882a593Smuzhiyun int checkcpacfexport); 150*4882a593Smuzhiyun 151*4882a593Smuzhiyun /* 152*4882a593Smuzhiyun * Simple check if the token is a valid CCA secure ECC private 153*4882a593Smuzhiyun * key token. Returns 0 on success or errno value on failure. 154*4882a593Smuzhiyun */ 155*4882a593Smuzhiyun int cca_check_sececckeytoken(debug_info_t *dbg, int dbflvl, 156*4882a593Smuzhiyun const u8 *token, size_t keysize, 157*4882a593Smuzhiyun int checkcpacfexport); 158*4882a593Smuzhiyun 159*4882a593Smuzhiyun /* 160*4882a593Smuzhiyun * Generate (random) CCA AES DATA secure key. 161*4882a593Smuzhiyun */ 162*4882a593Smuzhiyun int cca_genseckey(u16 cardnr, u16 domain, u32 keybitsize, u8 *seckey); 163*4882a593Smuzhiyun 164*4882a593Smuzhiyun /* 165*4882a593Smuzhiyun * Generate CCA AES DATA secure key with given clear key value. 166*4882a593Smuzhiyun */ 167*4882a593Smuzhiyun int cca_clr2seckey(u16 cardnr, u16 domain, u32 keybitsize, 168*4882a593Smuzhiyun const u8 *clrkey, u8 *seckey); 169*4882a593Smuzhiyun 170*4882a593Smuzhiyun /* 171*4882a593Smuzhiyun * Derive proteced key from an CCA AES DATA secure key. 172*4882a593Smuzhiyun */ 173*4882a593Smuzhiyun int cca_sec2protkey(u16 cardnr, u16 domain, 174*4882a593Smuzhiyun const u8 seckey[SECKEYBLOBSIZE], 175*4882a593Smuzhiyun u8 *protkey, u32 *protkeylen, u32 *protkeytype); 176*4882a593Smuzhiyun 177*4882a593Smuzhiyun /* 178*4882a593Smuzhiyun * Generate (random) CCA AES CIPHER secure key. 179*4882a593Smuzhiyun */ 180*4882a593Smuzhiyun int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags, 181*4882a593Smuzhiyun u8 *keybuf, size_t *keybufsize); 182*4882a593Smuzhiyun 183*4882a593Smuzhiyun /* 184*4882a593Smuzhiyun * Derive proteced key from CCA AES cipher secure key. 185*4882a593Smuzhiyun */ 186*4882a593Smuzhiyun int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey, 187*4882a593Smuzhiyun u8 *protkey, u32 *protkeylen, u32 *protkeytype); 188*4882a593Smuzhiyun 189*4882a593Smuzhiyun /* 190*4882a593Smuzhiyun * Build CCA AES CIPHER secure key with a given clear key value. 191*4882a593Smuzhiyun */ 192*4882a593Smuzhiyun int cca_clr2cipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags, 193*4882a593Smuzhiyun const u8 *clrkey, u8 *keybuf, size_t *keybufsize); 194*4882a593Smuzhiyun 195*4882a593Smuzhiyun /* 196*4882a593Smuzhiyun * Derive proteced key from CCA ECC secure private key. 197*4882a593Smuzhiyun */ 198*4882a593Smuzhiyun int cca_ecc2protkey(u16 cardnr, u16 domain, const u8 *key, 199*4882a593Smuzhiyun u8 *protkey, u32 *protkeylen, u32 *protkeytype); 200*4882a593Smuzhiyun 201*4882a593Smuzhiyun /* 202*4882a593Smuzhiyun * Query cryptographic facility from CCA adapter 203*4882a593Smuzhiyun */ 204*4882a593Smuzhiyun int cca_query_crypto_facility(u16 cardnr, u16 domain, 205*4882a593Smuzhiyun const char *keyword, 206*4882a593Smuzhiyun u8 *rarray, size_t *rarraylen, 207*4882a593Smuzhiyun u8 *varray, size_t *varraylen); 208*4882a593Smuzhiyun 209*4882a593Smuzhiyun /* 210*4882a593Smuzhiyun * Search for a matching crypto card based on the Master Key 211*4882a593Smuzhiyun * Verification Pattern provided inside a secure key. 212*4882a593Smuzhiyun * Works with CCA AES data and cipher keys. 213*4882a593Smuzhiyun * Returns < 0 on failure, 0 if CURRENT MKVP matches and 214*4882a593Smuzhiyun * 1 if OLD MKVP matches. 215*4882a593Smuzhiyun */ 216*4882a593Smuzhiyun int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify); 217*4882a593Smuzhiyun 218*4882a593Smuzhiyun /* 219*4882a593Smuzhiyun * Build a list of cca apqns meeting the following constrains: 220*4882a593Smuzhiyun * - apqn is online and is in fact a CCA apqn 221*4882a593Smuzhiyun * - if cardnr is not FFFF only apqns with this cardnr 222*4882a593Smuzhiyun * - if domain is not FFFF only apqns with this domainnr 223*4882a593Smuzhiyun * - if minhwtype > 0 only apqns with hwtype >= minhwtype 224*4882a593Smuzhiyun * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp 225*4882a593Smuzhiyun * - if old_mkvp != 0 only apqns where old_mkvp == mkvp 226*4882a593Smuzhiyun * - if verify is enabled and a cur_mkvp and/or old_mkvp 227*4882a593Smuzhiyun * value is given, then refetch the cca_info and make sure the current 228*4882a593Smuzhiyun * cur_mkvp or old_mkvp values of the apqn are used. 229*4882a593Smuzhiyun * The mktype determines which set of master keys to use: 230*4882a593Smuzhiyun * 0 = AES_MK_SET - AES MK set, 1 = APKA MK_SET - APKA MK set 231*4882a593Smuzhiyun * The array of apqn entries is allocated with kmalloc and returned in *apqns; 232*4882a593Smuzhiyun * the number of apqns stored into the list is returned in *nr_apqns. One apqn 233*4882a593Smuzhiyun * entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and 234*4882a593Smuzhiyun * may be casted to struct pkey_apqn. The return value is either 0 for success 235*4882a593Smuzhiyun * or a negative errno value. If no apqn meeting the criterias is found, 236*4882a593Smuzhiyun * -ENODEV is returned. 237*4882a593Smuzhiyun */ 238*4882a593Smuzhiyun int cca_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain, 239*4882a593Smuzhiyun int minhwtype, int mktype, u64 cur_mkvp, u64 old_mkvp, 240*4882a593Smuzhiyun int verify); 241*4882a593Smuzhiyun 242*4882a593Smuzhiyun #define AES_MK_SET 0 243*4882a593Smuzhiyun #define APKA_MK_SET 1 244*4882a593Smuzhiyun 245*4882a593Smuzhiyun /* struct to hold info for each CCA queue */ 246*4882a593Smuzhiyun struct cca_info { 247*4882a593Smuzhiyun int hwtype; /* one of the defined AP_DEVICE_TYPE_* */ 248*4882a593Smuzhiyun char new_aes_mk_state; /* '1' empty, '2' partially full, '3' full */ 249*4882a593Smuzhiyun char cur_aes_mk_state; /* '1' invalid, '2' valid */ 250*4882a593Smuzhiyun char old_aes_mk_state; /* '1' invalid, '2' valid */ 251*4882a593Smuzhiyun char new_apka_mk_state; /* '1' empty, '2' partially full, '3' full */ 252*4882a593Smuzhiyun char cur_apka_mk_state; /* '1' invalid, '2' valid */ 253*4882a593Smuzhiyun char old_apka_mk_state; /* '1' invalid, '2' valid */ 254*4882a593Smuzhiyun u64 new_aes_mkvp; /* truncated sha256 of new aes master key */ 255*4882a593Smuzhiyun u64 cur_aes_mkvp; /* truncated sha256 of current aes master key */ 256*4882a593Smuzhiyun u64 old_aes_mkvp; /* truncated sha256 of old aes master key */ 257*4882a593Smuzhiyun u64 new_apka_mkvp; /* truncated sha256 of new apka master key */ 258*4882a593Smuzhiyun u64 cur_apka_mkvp; /* truncated sha256 of current apka mk */ 259*4882a593Smuzhiyun u64 old_apka_mkvp; /* truncated sha256 of old apka mk */ 260*4882a593Smuzhiyun char serial[9]; /* serial number (8 ascii numbers + 0x00) */ 261*4882a593Smuzhiyun }; 262*4882a593Smuzhiyun 263*4882a593Smuzhiyun /* 264*4882a593Smuzhiyun * Fetch cca information about an CCA queue. 265*4882a593Smuzhiyun */ 266*4882a593Smuzhiyun int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify); 267*4882a593Smuzhiyun 268*4882a593Smuzhiyun void zcrypt_ccamisc_exit(void); 269*4882a593Smuzhiyun 270*4882a593Smuzhiyun #endif /* _ZCRYPT_CCAMISC_H_ */ 271