1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * pkey module sysfs related functions
4 *
5 * Copyright IBM Corp. 2024
6 */
7
8 #define KMSG_COMPONENT "pkey"
9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
10
11 #include <linux/sysfs.h>
12
13 #include "zcrypt_api.h"
14 #include "zcrypt_ccamisc.h"
15 #include "zcrypt_ep11misc.h"
16
17 #include "pkey_base.h"
18
19 /*
20 * Wrapper around pkey_handler_gen_key() which deals with the
21 * ENODEV return code and then tries to enforce a pkey handler
22 * module load.
23 */
sys_pkey_handler_gen_key(u32 keytype,u32 keysubtype,u32 keybitsize,u32 flags,u8 * keybuf,u32 * keybuflen,u32 * keyinfo)24 static int sys_pkey_handler_gen_key(u32 keytype, u32 keysubtype,
25 u32 keybitsize, u32 flags,
26 u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
27 {
28 int rc;
29
30 rc = pkey_handler_gen_key(NULL, 0,
31 keytype, keysubtype,
32 keybitsize, flags,
33 keybuf, keybuflen, keyinfo);
34 if (rc == -ENODEV) {
35 pkey_handler_request_modules();
36 rc = pkey_handler_gen_key(NULL, 0,
37 keytype, keysubtype,
38 keybitsize, flags,
39 keybuf, keybuflen, keyinfo);
40 }
41
42 return rc;
43 }
44
45 /*
46 * Sysfs attribute read function for all protected key binary attributes.
47 * The implementation can not deal with partial reads, because a new random
48 * protected key blob is generated with each read. In case of partial reads
49 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
50 */
pkey_protkey_aes_attr_read(u32 keytype,bool is_xts,char * buf,loff_t off,size_t count)51 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
52 loff_t off, size_t count)
53 {
54 struct protaeskeytoken protkeytoken;
55 struct pkey_protkey protkey;
56 int rc;
57
58 if (off != 0 || count < sizeof(protkeytoken))
59 return -EINVAL;
60 if (is_xts)
61 if (count < 2 * sizeof(protkeytoken))
62 return -EINVAL;
63
64 memset(&protkeytoken, 0, sizeof(protkeytoken));
65 protkeytoken.type = TOKTYPE_NON_CCA;
66 protkeytoken.version = TOKVER_PROTECTED_KEY;
67 protkeytoken.keytype = keytype;
68
69 protkey.len = sizeof(protkey.protkey);
70 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
71 protkey.protkey, &protkey.len,
72 &protkey.type);
73 if (rc)
74 return rc;
75
76 protkeytoken.len = protkey.len;
77 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
78
79 memcpy(buf, &protkeytoken, sizeof(protkeytoken));
80
81 if (is_xts) {
82 /* xts needs a second protected key, reuse protkey struct */
83 protkey.len = sizeof(protkey.protkey);
84 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
85 protkey.protkey, &protkey.len,
86 &protkey.type);
87 if (rc)
88 return rc;
89
90 protkeytoken.len = protkey.len;
91 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
92
93 memcpy(buf + sizeof(protkeytoken), &protkeytoken,
94 sizeof(protkeytoken));
95
96 return 2 * sizeof(protkeytoken);
97 }
98
99 return sizeof(protkeytoken);
100 }
101
102 /*
103 * Sysfs attribute read function for the AES XTS prot key binary attributes.
104 * The implementation can not deal with partial reads, because a new random
105 * protected key blob is generated with each read. In case of partial reads
106 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
107 */
pkey_protkey_aes_xts_attr_read(u32 keytype,char * buf,loff_t off,size_t count)108 static ssize_t pkey_protkey_aes_xts_attr_read(u32 keytype, char *buf,
109 loff_t off, size_t count)
110 {
111 struct protkeytoken *t = (struct protkeytoken *)buf;
112 u32 protlen, prottype;
113 int rc;
114
115 switch (keytype) {
116 case PKEY_KEYTYPE_AES_XTS_128:
117 protlen = 64;
118 break;
119 case PKEY_KEYTYPE_AES_XTS_256:
120 protlen = 96;
121 break;
122 default:
123 return -EINVAL;
124 }
125
126 if (off != 0 || count < sizeof(*t) + protlen)
127 return -EINVAL;
128
129 memset(t, 0, sizeof(*t) + protlen);
130 t->type = TOKTYPE_NON_CCA;
131 t->version = TOKVER_PROTECTED_KEY;
132 t->keytype = keytype;
133
134 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
135 t->protkey, &protlen, &prottype);
136 if (rc)
137 return rc;
138
139 t->len = protlen;
140
141 return sizeof(*t) + protlen;
142 }
143
144 /*
145 * Sysfs attribute read function for the HMAC prot key binary attributes.
146 * The implementation can not deal with partial reads, because a new random
147 * protected key blob is generated with each read. In case of partial reads
148 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
149 */
pkey_protkey_hmac_attr_read(u32 keytype,char * buf,loff_t off,size_t count)150 static ssize_t pkey_protkey_hmac_attr_read(u32 keytype, char *buf,
151 loff_t off, size_t count)
152 {
153 struct protkeytoken *t = (struct protkeytoken *)buf;
154 u32 protlen, prottype;
155 int rc;
156
157 switch (keytype) {
158 case PKEY_KEYTYPE_HMAC_512:
159 protlen = 96;
160 break;
161 case PKEY_KEYTYPE_HMAC_1024:
162 protlen = 160;
163 break;
164 default:
165 return -EINVAL;
166 }
167
168 if (off != 0 || count < sizeof(*t) + protlen)
169 return -EINVAL;
170
171 memset(t, 0, sizeof(*t) + protlen);
172 t->type = TOKTYPE_NON_CCA;
173 t->version = TOKVER_PROTECTED_KEY;
174 t->keytype = keytype;
175
176 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
177 t->protkey, &protlen, &prottype);
178 if (rc)
179 return rc;
180
181 t->len = protlen;
182
183 return sizeof(*t) + protlen;
184 }
185
protkey_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)186 static ssize_t protkey_aes_128_read(struct file *filp,
187 struct kobject *kobj,
188 struct bin_attribute *attr,
189 char *buf, loff_t off,
190 size_t count)
191 {
192 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
193 off, count);
194 }
195
protkey_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)196 static ssize_t protkey_aes_192_read(struct file *filp,
197 struct kobject *kobj,
198 struct bin_attribute *attr,
199 char *buf, loff_t off,
200 size_t count)
201 {
202 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
203 off, count);
204 }
205
protkey_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)206 static ssize_t protkey_aes_256_read(struct file *filp,
207 struct kobject *kobj,
208 struct bin_attribute *attr,
209 char *buf, loff_t off,
210 size_t count)
211 {
212 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
213 off, count);
214 }
215
protkey_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)216 static ssize_t protkey_aes_128_xts_read(struct file *filp,
217 struct kobject *kobj,
218 struct bin_attribute *attr,
219 char *buf, loff_t off,
220 size_t count)
221 {
222 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
223 off, count);
224 }
225
protkey_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)226 static ssize_t protkey_aes_256_xts_read(struct file *filp,
227 struct kobject *kobj,
228 struct bin_attribute *attr,
229 char *buf, loff_t off,
230 size_t count)
231 {
232 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
233 off, count);
234 }
235
protkey_aes_xts_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)236 static ssize_t protkey_aes_xts_128_read(struct file *filp,
237 struct kobject *kobj,
238 struct bin_attribute *attr,
239 char *buf, loff_t off,
240 size_t count)
241 {
242 return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_128,
243 buf, off, count);
244 }
245
protkey_aes_xts_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)246 static ssize_t protkey_aes_xts_256_read(struct file *filp,
247 struct kobject *kobj,
248 struct bin_attribute *attr,
249 char *buf, loff_t off,
250 size_t count)
251 {
252 return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_256,
253 buf, off, count);
254 }
255
protkey_hmac_512_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)256 static ssize_t protkey_hmac_512_read(struct file *filp,
257 struct kobject *kobj,
258 struct bin_attribute *attr,
259 char *buf, loff_t off,
260 size_t count)
261 {
262 return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_512,
263 buf, off, count);
264 }
265
protkey_hmac_1024_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)266 static ssize_t protkey_hmac_1024_read(struct file *filp,
267 struct kobject *kobj,
268 struct bin_attribute *attr,
269 char *buf, loff_t off,
270 size_t count)
271 {
272 return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_1024,
273 buf, off, count);
274 }
275
276 static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
277 static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
278 static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
279 static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
280 static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
281 static BIN_ATTR_RO(protkey_aes_xts_128, sizeof(struct protkeytoken) + 64);
282 static BIN_ATTR_RO(protkey_aes_xts_256, sizeof(struct protkeytoken) + 96);
283 static BIN_ATTR_RO(protkey_hmac_512, sizeof(struct protkeytoken) + 96);
284 static BIN_ATTR_RO(protkey_hmac_1024, sizeof(struct protkeytoken) + 160);
285
286 static struct bin_attribute *protkey_attrs[] = {
287 &bin_attr_protkey_aes_128,
288 &bin_attr_protkey_aes_192,
289 &bin_attr_protkey_aes_256,
290 &bin_attr_protkey_aes_128_xts,
291 &bin_attr_protkey_aes_256_xts,
292 &bin_attr_protkey_aes_xts_128,
293 &bin_attr_protkey_aes_xts_256,
294 &bin_attr_protkey_hmac_512,
295 &bin_attr_protkey_hmac_1024,
296 NULL
297 };
298
299 static struct attribute_group protkey_attr_group = {
300 .name = "protkey",
301 .bin_attrs = protkey_attrs,
302 };
303
304 /*
305 * Sysfs attribute read function for all secure key ccadata binary attributes.
306 * The implementation can not deal with partial reads, because a new random
307 * protected key blob is generated with each read. In case of partial reads
308 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
309 */
pkey_ccadata_aes_attr_read(u32 keytype,bool is_xts,char * buf,loff_t off,size_t count)310 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
311 loff_t off, size_t count)
312 {
313 struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
314 u32 buflen;
315 int rc;
316
317 if (off != 0 || count < sizeof(struct secaeskeytoken))
318 return -EINVAL;
319 if (is_xts)
320 if (count < 2 * sizeof(struct secaeskeytoken))
321 return -EINVAL;
322
323 buflen = sizeof(seckey->seckey);
324 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
325 seckey->seckey, &buflen, NULL);
326 if (rc)
327 return rc;
328
329 if (is_xts) {
330 seckey++;
331 buflen = sizeof(seckey->seckey);
332 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
333 seckey->seckey, &buflen, NULL);
334 if (rc)
335 return rc;
336
337 return 2 * sizeof(struct secaeskeytoken);
338 }
339
340 return sizeof(struct secaeskeytoken);
341 }
342
ccadata_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)343 static ssize_t ccadata_aes_128_read(struct file *filp,
344 struct kobject *kobj,
345 struct bin_attribute *attr,
346 char *buf, loff_t off,
347 size_t count)
348 {
349 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
350 off, count);
351 }
352
ccadata_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)353 static ssize_t ccadata_aes_192_read(struct file *filp,
354 struct kobject *kobj,
355 struct bin_attribute *attr,
356 char *buf, loff_t off,
357 size_t count)
358 {
359 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
360 off, count);
361 }
362
ccadata_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)363 static ssize_t ccadata_aes_256_read(struct file *filp,
364 struct kobject *kobj,
365 struct bin_attribute *attr,
366 char *buf, loff_t off,
367 size_t count)
368 {
369 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
370 off, count);
371 }
372
ccadata_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)373 static ssize_t ccadata_aes_128_xts_read(struct file *filp,
374 struct kobject *kobj,
375 struct bin_attribute *attr,
376 char *buf, loff_t off,
377 size_t count)
378 {
379 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
380 off, count);
381 }
382
ccadata_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)383 static ssize_t ccadata_aes_256_xts_read(struct file *filp,
384 struct kobject *kobj,
385 struct bin_attribute *attr,
386 char *buf, loff_t off,
387 size_t count)
388 {
389 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
390 off, count);
391 }
392
393 static BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken));
394 static BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken));
395 static BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken));
396 static BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken));
397 static BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken));
398
399 static struct bin_attribute *ccadata_attrs[] = {
400 &bin_attr_ccadata_aes_128,
401 &bin_attr_ccadata_aes_192,
402 &bin_attr_ccadata_aes_256,
403 &bin_attr_ccadata_aes_128_xts,
404 &bin_attr_ccadata_aes_256_xts,
405 NULL
406 };
407
408 static struct attribute_group ccadata_attr_group = {
409 .name = "ccadata",
410 .bin_attrs = ccadata_attrs,
411 };
412
413 #define CCACIPHERTOKENSIZE (sizeof(struct cipherkeytoken) + 80)
414
415 /*
416 * Sysfs attribute read function for all secure key ccacipher binary attributes.
417 * The implementation can not deal with partial reads, because a new random
418 * secure key blob is generated with each read. In case of partial reads
419 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
420 */
pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,bool is_xts,char * buf,loff_t off,size_t count)421 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
422 bool is_xts, char *buf, loff_t off,
423 size_t count)
424 {
425 u32 keysize = CCACIPHERTOKENSIZE;
426 int rc;
427
428 if (off != 0 || count < CCACIPHERTOKENSIZE)
429 return -EINVAL;
430 if (is_xts)
431 if (count < 2 * CCACIPHERTOKENSIZE)
432 return -EINVAL;
433
434 memset(buf, 0, is_xts ? 2 * keysize : keysize);
435
436 rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
437 PKEY_TYPE_CCA_CIPHER, keybits, 0,
438 buf, &keysize, NULL);
439 if (rc)
440 return rc;
441
442 if (is_xts) {
443 keysize = CCACIPHERTOKENSIZE;
444 buf += CCACIPHERTOKENSIZE;
445 rc = sys_pkey_handler_gen_key(
446 pkey_aes_bitsize_to_keytype(keybits),
447 PKEY_TYPE_CCA_CIPHER, keybits, 0,
448 buf, &keysize, NULL);
449 if (rc)
450 return rc;
451 return 2 * CCACIPHERTOKENSIZE;
452 }
453
454 return CCACIPHERTOKENSIZE;
455 }
456
ccacipher_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)457 static ssize_t ccacipher_aes_128_read(struct file *filp,
458 struct kobject *kobj,
459 struct bin_attribute *attr,
460 char *buf, loff_t off,
461 size_t count)
462 {
463 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
464 off, count);
465 }
466
ccacipher_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)467 static ssize_t ccacipher_aes_192_read(struct file *filp,
468 struct kobject *kobj,
469 struct bin_attribute *attr,
470 char *buf, loff_t off,
471 size_t count)
472 {
473 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
474 off, count);
475 }
476
ccacipher_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)477 static ssize_t ccacipher_aes_256_read(struct file *filp,
478 struct kobject *kobj,
479 struct bin_attribute *attr,
480 char *buf, loff_t off,
481 size_t count)
482 {
483 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
484 off, count);
485 }
486
ccacipher_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)487 static ssize_t ccacipher_aes_128_xts_read(struct file *filp,
488 struct kobject *kobj,
489 struct bin_attribute *attr,
490 char *buf, loff_t off,
491 size_t count)
492 {
493 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
494 off, count);
495 }
496
ccacipher_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)497 static ssize_t ccacipher_aes_256_xts_read(struct file *filp,
498 struct kobject *kobj,
499 struct bin_attribute *attr,
500 char *buf, loff_t off,
501 size_t count)
502 {
503 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
504 off, count);
505 }
506
507 static BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE);
508 static BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE);
509 static BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE);
510 static BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE);
511 static BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE);
512
513 static struct bin_attribute *ccacipher_attrs[] = {
514 &bin_attr_ccacipher_aes_128,
515 &bin_attr_ccacipher_aes_192,
516 &bin_attr_ccacipher_aes_256,
517 &bin_attr_ccacipher_aes_128_xts,
518 &bin_attr_ccacipher_aes_256_xts,
519 NULL
520 };
521
522 static struct attribute_group ccacipher_attr_group = {
523 .name = "ccacipher",
524 .bin_attrs = ccacipher_attrs,
525 };
526
527 /*
528 * Sysfs attribute read function for all ep11 aes key binary attributes.
529 * The implementation can not deal with partial reads, because a new random
530 * secure key blob is generated with each read. In case of partial reads
531 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
532 * This function and the sysfs attributes using it provide EP11 key blobs
533 * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently
534 * 336 bytes.
535 */
pkey_ep11_aes_attr_read(enum pkey_key_size keybits,bool is_xts,char * buf,loff_t off,size_t count)536 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
537 bool is_xts, char *buf, loff_t off,
538 size_t count)
539 {
540 u32 keysize = MAXEP11AESKEYBLOBSIZE;
541 int rc;
542
543 if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
544 return -EINVAL;
545 if (is_xts)
546 if (count < 2 * MAXEP11AESKEYBLOBSIZE)
547 return -EINVAL;
548
549 memset(buf, 0, is_xts ? 2 * keysize : keysize);
550
551 rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
552 PKEY_TYPE_EP11_AES, keybits, 0,
553 buf, &keysize, NULL);
554 if (rc)
555 return rc;
556
557 if (is_xts) {
558 keysize = MAXEP11AESKEYBLOBSIZE;
559 buf += MAXEP11AESKEYBLOBSIZE;
560 rc = sys_pkey_handler_gen_key(
561 pkey_aes_bitsize_to_keytype(keybits),
562 PKEY_TYPE_EP11_AES, keybits, 0,
563 buf, &keysize, NULL);
564 if (rc)
565 return rc;
566 return 2 * MAXEP11AESKEYBLOBSIZE;
567 }
568
569 return MAXEP11AESKEYBLOBSIZE;
570 }
571
ep11_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)572 static ssize_t ep11_aes_128_read(struct file *filp,
573 struct kobject *kobj,
574 struct bin_attribute *attr,
575 char *buf, loff_t off,
576 size_t count)
577 {
578 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
579 off, count);
580 }
581
ep11_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)582 static ssize_t ep11_aes_192_read(struct file *filp,
583 struct kobject *kobj,
584 struct bin_attribute *attr,
585 char *buf, loff_t off,
586 size_t count)
587 {
588 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
589 off, count);
590 }
591
ep11_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)592 static ssize_t ep11_aes_256_read(struct file *filp,
593 struct kobject *kobj,
594 struct bin_attribute *attr,
595 char *buf, loff_t off,
596 size_t count)
597 {
598 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
599 off, count);
600 }
601
ep11_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)602 static ssize_t ep11_aes_128_xts_read(struct file *filp,
603 struct kobject *kobj,
604 struct bin_attribute *attr,
605 char *buf, loff_t off,
606 size_t count)
607 {
608 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
609 off, count);
610 }
611
ep11_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)612 static ssize_t ep11_aes_256_xts_read(struct file *filp,
613 struct kobject *kobj,
614 struct bin_attribute *attr,
615 char *buf, loff_t off,
616 size_t count)
617 {
618 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
619 off, count);
620 }
621
622 static BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE);
623 static BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE);
624 static BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE);
625 static BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE);
626 static BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE);
627
628 static struct bin_attribute *ep11_attrs[] = {
629 &bin_attr_ep11_aes_128,
630 &bin_attr_ep11_aes_192,
631 &bin_attr_ep11_aes_256,
632 &bin_attr_ep11_aes_128_xts,
633 &bin_attr_ep11_aes_256_xts,
634 NULL
635 };
636
637 static struct attribute_group ep11_attr_group = {
638 .name = "ep11",
639 .bin_attrs = ep11_attrs,
640 };
641
642 const struct attribute_group *pkey_attr_groups[] = {
643 &protkey_attr_group,
644 &ccadata_attr_group,
645 &ccacipher_attr_group,
646 &ep11_attr_group,
647 NULL,
648 };
649