1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  *  Copyright IBM Corp. 2019
4  *  Author(s): Harald Freudenberger <freude@linux.ibm.com>
5  *	       Ingo Franzki <ifranzki@linux.ibm.com>
6  *
7  *  Collection of CCA misc functions used by zcrypt and pkey
8  */
9 
10 #ifndef _ZCRYPT_CCAMISC_H_
11 #define _ZCRYPT_CCAMISC_H_
12 
13 #include <asm/zcrypt.h>
14 #include <asm/pkey.h>
15 
16 /* Key token types */
17 #define TOKTYPE_NON_CCA		 0x00 /* Non-CCA key token */
18 #define TOKTYPE_CCA_INTERNAL	 0x01 /* CCA internal sym key token */
19 #define TOKTYPE_CCA_INTERNAL_PKA 0x1f /* CCA internal asym key token */
20 
21 /* For TOKTYPE_NON_CCA: */
22 #define TOKVER_PROTECTED_KEY	0x01 /* Protected key token */
23 #define TOKVER_CLEAR_KEY	0x02 /* Clear key token */
24 
25 /* For TOKTYPE_CCA_INTERNAL: */
26 #define TOKVER_CCA_AES		0x04 /* CCA AES key token */
27 #define TOKVER_CCA_VLSC		0x05 /* var length sym cipher key token */
28 
29 /* Max size of a cca variable length cipher key token */
30 #define MAXCCAVLSCTOKENSIZE 725
31 
32 /* header part of a CCA key token */
33 struct keytoken_header {
34 	u8  type;     /* one of the TOKTYPE values */
35 	u8  res0[1];
36 	u16 len;      /* vlsc token: total length in bytes */
37 	u8  version;  /* one of the TOKVER values */
38 	u8  res1[3];
39 } __packed;
40 
41 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
42 struct secaeskeytoken {
43 	u8  type;     /* 0x01 for internal key token */
44 	u8  res0[3];
45 	u8  version;  /* should be 0x04 */
46 	u8  res1[1];
47 	u8  flag;     /* key flags */
48 	u8  res2[1];
49 	u64 mkvp;     /* master key verification pattern */
50 	u8  key[32];  /* key value (encrypted) */
51 	u8  cv[8];    /* control vector */
52 	u16 bitsize;  /* key bit size */
53 	u16 keysize;  /* key byte size */
54 	u8  tvv[4];   /* token validation value */
55 } __packed;
56 
57 /* inside view of a variable length symmetric cipher AES key token */
58 struct cipherkeytoken {
59 	u8  type;     /* 0x01 for internal key token */
60 	u8  res0[1];
61 	u16 len;      /* total key token length in bytes */
62 	u8  version;  /* should be 0x05 */
63 	u8  res1[3];
64 	u8  kms;      /* key material state, 0x03 means wrapped with MK */
65 	u8  kvpt;     /* key verification pattern type, should be 0x01 */
66 	u64 mkvp0;    /* master key verification pattern, lo part */
67 	u64 mkvp1;    /* master key verification pattern, hi part (unused) */
68 	u8  eskwm;    /* encrypted section key wrapping method */
69 	u8  hashalg;  /* hash algorithmus used for wrapping key */
70 	u8  plfver;   /* pay load format version */
71 	u8  res2[1];
72 	u8  adsver;   /* associated data section version */
73 	u8  res3[1];
74 	u16 adslen;   /* associated data section length */
75 	u8  kllen;    /* optional key label length */
76 	u8  ieaslen;  /* optional extended associated data length */
77 	u8  uadlen;   /* optional user definable associated data length */
78 	u8  res4[1];
79 	u16 wpllen;   /* wrapped payload length in bits: */
80 		      /*   plfver  0x00 0x01		 */
81 		      /*   AES-128  512  640		 */
82 		      /*   AES-192  576  640		 */
83 		      /*   AES-256  640  640		 */
84 	u8  res5[1];
85 	u8  algtype;  /* 0x02 for AES cipher */
86 	u16 keytype;  /* 0x0001 for 'cipher' */
87 	u8  kufc;     /* key usage field count */
88 	u16 kuf1;     /* key usage field 1 */
89 	u16 kuf2;     /* key usage field 2 */
90 	u8  kmfc;     /* key management field count */
91 	u16 kmf1;     /* key management field 1 */
92 	u16 kmf2;     /* key management field 2 */
93 	u16 kmf3;     /* key management field 3 */
94 	u8  vdata[]; /* variable part data follows */
95 } __packed;
96 
97 /* inside view of an CCA secure ECC private key */
98 struct eccprivkeytoken {
99 	u8  type;     /* 0x1f for internal asym key token */
100 	u8  version;  /* should be 0x00 */
101 	u16 len;      /* total key token length in bytes */
102 	u8  res1[4];
103 	u8  secid;    /* 0x20 for ECC priv key section marker */
104 	u8  secver;   /* section version */
105 	u16 seclen;   /* section length */
106 	u8  wtype;    /* wrapping method, 0x00 clear, 0x01 AES */
107 	u8  htype;    /* hash method, 0x02 for SHA-256 */
108 	u8  res2[2];
109 	u8  kutc;     /* key usage and translation control */
110 	u8  ctype;    /* curve type */
111 	u8  kfs;      /* key format and security */
112 	u8  ksrc;     /* key source */
113 	u16 pbitlen;  /* length of prime p in bits */
114 	u16 ibmadlen; /* IBM associated data length in bytes */
115 	u64 mkvp;     /* master key verification pattern */
116 	u8  opk[48];  /* encrypted object protection key data */
117 	u16 adatalen; /* associated data length in bytes */
118 	u16 fseclen;  /* formated section length in bytes */
119 	u8  more_data[]; /* more data follows */
120 } __packed;
121 
122 /* Some defines for the CCA AES cipherkeytoken kmf1 field */
123 #define KMF1_XPRT_SYM  0x8000
124 #define KMF1_XPRT_UASY 0x4000
125 #define KMF1_XPRT_AASY 0x2000
126 #define KMF1_XPRT_RAW  0x1000
127 #define KMF1_XPRT_CPAC 0x0800
128 #define KMF1_XPRT_DES  0x0080
129 #define KMF1_XPRT_AES  0x0040
130 #define KMF1_XPRT_RSA  0x0008
131 
132 /*
133  * Simple check if the token is a valid CCA secure AES data key
134  * token. If keybitsize is given, the bitsize of the key is
135  * also checked. Returns 0 on success or errno value on failure.
136  */
137 int cca_check_secaeskeytoken(debug_info_t *dbg, int dbflvl,
138 			     const u8 *token, int keybitsize);
139 
140 /*
141  * Simple check if the token is a valid CCA secure AES cipher key
142  * token. If keybitsize is given, the bitsize of the key is
143  * also checked. If checkcpacfexport is enabled, the key is also
144  * checked for the export flag to allow CPACF export.
145  * Returns 0 on success or errno value on failure.
146  */
147 int cca_check_secaescipherkey(debug_info_t *dbg, int dbflvl,
148 			      const u8 *token, int keybitsize,
149 			      int checkcpacfexport);
150 
151 /*
152  * Simple check if the token is a valid CCA secure ECC private
153  * key token. Returns 0 on success or errno value on failure.
154  */
155 int cca_check_sececckeytoken(debug_info_t *dbg, int dbflvl,
156 			     const u8 *token, size_t keysize,
157 			     int checkcpacfexport);
158 
159 /*
160  * Generate (random) CCA AES DATA secure key.
161  */
162 int cca_genseckey(u16 cardnr, u16 domain, u32 keybitsize, u8 *seckey);
163 
164 /*
165  * Generate CCA AES DATA secure key with given clear key value.
166  */
167 int cca_clr2seckey(u16 cardnr, u16 domain, u32 keybitsize,
168 		   const u8 *clrkey, u8 *seckey);
169 
170 /*
171  * Derive proteced key from an CCA AES DATA secure key.
172  */
173 int cca_sec2protkey(u16 cardnr, u16 domain,
174 		    const u8 seckey[SECKEYBLOBSIZE],
175 		    u8 *protkey, u32 *protkeylen, u32 *protkeytype);
176 
177 /*
178  * Generate (random) CCA AES CIPHER secure key.
179  */
180 int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
181 		     u8 *keybuf, size_t *keybufsize);
182 
183 /*
184  * Derive proteced key from CCA AES cipher secure key.
185  */
186 int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey,
187 		       u8 *protkey, u32 *protkeylen, u32 *protkeytype);
188 
189 /*
190  * Build CCA AES CIPHER secure key with a given clear key value.
191  */
192 int cca_clr2cipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
193 		      const u8 *clrkey, u8 *keybuf, size_t *keybufsize);
194 
195 /*
196  * Derive proteced key from CCA ECC secure private key.
197  */
198 int cca_ecc2protkey(u16 cardnr, u16 domain, const u8 *key,
199 		    u8 *protkey, u32 *protkeylen, u32 *protkeytype);
200 
201 /*
202  * Query cryptographic facility from CCA adapter
203  */
204 int cca_query_crypto_facility(u16 cardnr, u16 domain,
205 			      const char *keyword,
206 			      u8 *rarray, size_t *rarraylen,
207 			      u8 *varray, size_t *varraylen);
208 
209 /*
210  * Search for a matching crypto card based on the Master Key
211  * Verification Pattern provided inside a secure key.
212  * Works with CCA AES data and cipher keys.
213  * Returns < 0 on failure, 0 if CURRENT MKVP matches and
214  * 1 if OLD MKVP matches.
215  */
216 int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify);
217 
218 /*
219  * Build a list of cca apqns meeting the following constrains:
220  * - apqn is online and is in fact a CCA apqn
221  * - if cardnr is not FFFF only apqns with this cardnr
222  * - if domain is not FFFF only apqns with this domainnr
223  * - if minhwtype > 0 only apqns with hwtype >= minhwtype
224  * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp
225  * - if old_mkvp != 0 only apqns where old_mkvp == mkvp
226  * - if verify is enabled and a cur_mkvp and/or old_mkvp
227  *   value is given, then refetch the cca_info and make sure the current
228  *   cur_mkvp or old_mkvp values of the apqn are used.
229  * The mktype determines which set of master keys to use:
230  *   0 = AES_MK_SET - AES MK set, 1 = APKA MK_SET - APKA MK set
231  * The array of apqn entries is allocated with kmalloc and returned in *apqns;
232  * the number of apqns stored into the list is returned in *nr_apqns. One apqn
233  * entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and
234  * may be casted to struct pkey_apqn. The return value is either 0 for success
235  * or a negative errno value. If no apqn meeting the criterias is found,
236  * -ENODEV is returned.
237  */
238 int cca_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
239 		  int minhwtype, int mktype, u64 cur_mkvp, u64 old_mkvp,
240 		  int verify);
241 
242 #define AES_MK_SET  0
243 #define APKA_MK_SET 1
244 
245 /* struct to hold info for each CCA queue */
246 struct cca_info {
247 	int  hwtype;		/* one of the defined AP_DEVICE_TYPE_* */
248 	char new_aes_mk_state;	/* '1' empty, '2' partially full, '3' full */
249 	char cur_aes_mk_state;	/* '1' invalid, '2' valid */
250 	char old_aes_mk_state;	/* '1' invalid, '2' valid */
251 	char new_apka_mk_state; /* '1' empty, '2' partially full, '3' full */
252 	char cur_apka_mk_state; /* '1' invalid, '2' valid */
253 	char old_apka_mk_state; /* '1' invalid, '2' valid */
254 	u64  new_aes_mkvp;	/* truncated sha256 of new aes master key */
255 	u64  cur_aes_mkvp;	/* truncated sha256 of current aes master key */
256 	u64  old_aes_mkvp;	/* truncated sha256 of old aes master key */
257 	u64  new_apka_mkvp;	/* truncated sha256 of new apka master key */
258 	u64  cur_apka_mkvp;	/* truncated sha256 of current apka mk */
259 	u64  old_apka_mkvp;	/* truncated sha256 of old apka mk */
260 	char serial[9];		/* serial number (8 ascii numbers + 0x00) */
261 };
262 
263 /*
264  * Fetch cca information about an CCA queue.
265  */
266 int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify);
267 
268 void zcrypt_ccamisc_exit(void);
269 
270 #endif /* _ZCRYPT_CCAMISC_H_ */
271