1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * Copyright IBM Corp. 2019
4 * Author(s): Harald Freudenberger <freude@linux.ibm.com>
5 * Ingo Franzki <ifranzki@linux.ibm.com>
7 * Collection of CCA misc functions used by zcrypt and pkey
10 #ifndef _ZCRYPT_CCAMISC_H_
11 #define _ZCRYPT_CCAMISC_H_
13 #include <asm/zcrypt.h>
15 #include "zcrypt_api.h"
18 #define TOKTYPE_NON_CCA 0x00 /* Non-CCA key token */
19 #define TOKTYPE_CCA_INTERNAL 0x01 /* CCA internal sym key token */
20 #define TOKTYPE_CCA_INTERNAL_PKA 0x1f /* CCA internal asym key token */
22 /* For TOKTYPE_NON_CCA: */
23 #define TOKVER_PROTECTED_KEY 0x01 /* Protected key token */
24 #define TOKVER_CLEAR_KEY 0x02 /* Clear key token */
26 /* For TOKTYPE_CCA_INTERNAL: */
27 #define TOKVER_CCA_AES 0x04 /* CCA AES key token */
28 #define TOKVER_CCA_VLSC 0x05 /* var length sym cipher key token */
30 /* Max size of a cca variable length cipher key token */
31 #define MAXCCAVLSCTOKENSIZE 725
33 /* header part of a CCA key token */
34 struct keytoken_header
{
35 u8 type
; /* one of the TOKTYPE values */
37 u16 len
; /* vlsc token: total length in bytes */
38 u8 version
; /* one of the TOKVER values */
42 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
43 struct secaeskeytoken
{
44 u8 type
; /* 0x01 for internal key token */
46 u8 version
; /* should be 0x04 */
48 u8 flag
; /* key flags */
50 u64 mkvp
; /* master key verification pattern */
51 u8 key
[32]; /* key value (encrypted) */
52 u8 cv
[8]; /* control vector */
53 u16 bitsize
; /* key bit size */
54 u16 keysize
; /* key byte size */
55 u8 tvv
[4]; /* token validation value */
58 /* inside view of a variable length symmetric cipher AES key token */
59 struct cipherkeytoken
{
60 u8 type
; /* 0x01 for internal key token */
62 u16 len
; /* total key token length in bytes */
63 u8 version
; /* should be 0x05 */
65 u8 kms
; /* key material state, 0x03 means wrapped with MK */
66 u8 kvpt
; /* key verification pattern type, should be 0x01 */
67 u64 mkvp0
; /* master key verification pattern, lo part */
68 u64 mkvp1
; /* master key verification pattern, hi part (unused) */
69 u8 eskwm
; /* encrypted section key wrapping method */
70 u8 hashalg
; /* hash algorithmus used for wrapping key */
71 u8 plfver
; /* pay load format version */
73 u8 adsver
; /* associated data section version */
75 u16 adslen
; /* associated data section length */
76 u8 kllen
; /* optional key label length */
77 u8 ieaslen
; /* optional extended associated data length */
78 u8 uadlen
; /* optional user definable associated data length */
80 u16 wpllen
; /* wrapped payload length in bits: */
81 /* plfver 0x00 0x01 */
86 u8 algtype
; /* 0x02 for AES cipher */
87 u16 keytype
; /* 0x0001 for 'cipher' */
88 u8 kufc
; /* key usage field count */
89 u16 kuf1
; /* key usage field 1 */
90 u16 kuf2
; /* key usage field 2 */
91 u8 kmfc
; /* key management field count */
92 u16 kmf1
; /* key management field 1 */
93 u16 kmf2
; /* key management field 2 */
94 u16 kmf3
; /* key management field 3 */
95 u8 vdata
[]; /* variable part data follows */
98 /* inside view of an CCA secure ECC private key */
99 struct eccprivkeytoken
{
100 u8 type
; /* 0x1f for internal asym key token */
101 u8 version
; /* should be 0x00 */
102 u16 len
; /* total key token length in bytes */
104 u8 secid
; /* 0x20 for ECC priv key section marker */
105 u8 secver
; /* section version */
106 u16 seclen
; /* section length */
107 u8 wtype
; /* wrapping method, 0x00 clear, 0x01 AES */
108 u8 htype
; /* hash method, 0x02 for SHA-256 */
110 u8 kutc
; /* key usage and translation control */
111 u8 ctype
; /* curve type */
112 u8 kfs
; /* key format and security */
113 u8 ksrc
; /* key source */
114 u16 pbitlen
; /* length of prime p in bits */
115 u16 ibmadlen
; /* IBM associated data length in bytes */
116 u64 mkvp
; /* master key verification pattern */
117 u8 opk
[48]; /* encrypted object protection key data */
118 u16 adatalen
; /* associated data length in bytes */
119 u16 fseclen
; /* formatted section length in bytes */
120 u8 more_data
[]; /* more data follows */
123 /* Some defines for the CCA AES cipherkeytoken kmf1 field */
124 #define KMF1_XPRT_SYM 0x8000
125 #define KMF1_XPRT_UASY 0x4000
126 #define KMF1_XPRT_AASY 0x2000
127 #define KMF1_XPRT_RAW 0x1000
128 #define KMF1_XPRT_CPAC 0x0800
129 #define KMF1_XPRT_DES 0x0080
130 #define KMF1_XPRT_AES 0x0040
131 #define KMF1_XPRT_RSA 0x0008
134 * Simple check if the token is a valid CCA secure AES data key
135 * token. If keybitsize is given, the bitsize of the key is
136 * also checked. Returns 0 on success or errno value on failure.
138 int cca_check_secaeskeytoken(debug_info_t
*dbg
, int dbflvl
,
139 const u8
*token
, int keybitsize
);
142 * Simple check if the token is a valid CCA secure AES cipher key
143 * token. If keybitsize is given, the bitsize of the key is
144 * also checked. If checkcpacfexport is enabled, the key is also
145 * checked for the export flag to allow CPACF export.
146 * Returns 0 on success or errno value on failure.
148 int cca_check_secaescipherkey(debug_info_t
*dbg
, int dbflvl
,
149 const u8
*token
, int keybitsize
,
150 int checkcpacfexport
);
153 * Simple check if the token is a valid CCA secure ECC private
154 * key token. Returns 0 on success or errno value on failure.
156 int cca_check_sececckeytoken(debug_info_t
*dbg
, int dbflvl
,
157 const u8
*token
, u32 keysize
,
158 int checkcpacfexport
);
161 * Generate (random) CCA AES DATA secure key.
163 int cca_genseckey(u16 cardnr
, u16 domain
, u32 keybitsize
, u8
*seckey
);
166 * Generate CCA AES DATA secure key with given clear key value.
168 int cca_clr2seckey(u16 cardnr
, u16 domain
, u32 keybitsize
,
169 const u8
*clrkey
, u8
*seckey
);
172 * Derive proteced key from an CCA AES DATA secure key.
174 int cca_sec2protkey(u16 cardnr
, u16 domain
,
175 const u8
*seckey
, u8
*protkey
, u32
*protkeylen
,
179 * Generate (random) CCA AES CIPHER secure key.
181 int cca_gencipherkey(u16 cardnr
, u16 domain
, u32 keybitsize
, u32 keygenflags
,
182 u8
*keybuf
, u32
*keybufsize
);
185 * Derive proteced key from CCA AES cipher secure key.
187 int cca_cipher2protkey(u16 cardnr
, u16 domain
, const u8
*ckey
,
188 u8
*protkey
, u32
*protkeylen
, u32
*protkeytype
);
191 * Build CCA AES CIPHER secure key with a given clear key value.
193 int cca_clr2cipherkey(u16 cardnr
, u16 domain
, u32 keybitsize
, u32 keygenflags
,
194 const u8
*clrkey
, u8
*keybuf
, u32
*keybufsize
);
197 * Derive proteced key from CCA ECC secure private key.
199 int cca_ecc2protkey(u16 cardnr
, u16 domain
, const u8
*key
,
200 u8
*protkey
, u32
*protkeylen
, u32
*protkeytype
);
203 * Query cryptographic facility from CCA adapter
205 int cca_query_crypto_facility(u16 cardnr
, u16 domain
,
207 u8
*rarray
, size_t *rarraylen
,
208 u8
*varray
, size_t *varraylen
);
211 * Search for a matching crypto card based on the Master Key
212 * Verification Pattern provided inside a secure key.
213 * Works with CCA AES data and cipher keys.
214 * Returns < 0 on failure, 0 if CURRENT MKVP matches and
215 * 1 if OLD MKVP matches.
217 int cca_findcard(const u8
*key
, u16
*pcardnr
, u16
*pdomain
, int verify
);
220 * Build a list of cca apqns meeting the following constrains:
221 * - apqn is online and is in fact a CCA apqn
222 * - if cardnr is not FFFF only apqns with this cardnr
223 * - if domain is not FFFF only apqns with this domainnr
224 * - if minhwtype > 0 only apqns with hwtype >= minhwtype
225 * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp
226 * - if old_mkvp != 0 only apqns where old_mkvp == mkvp
227 * - if verify is enabled and a cur_mkvp and/or old_mkvp
228 * value is given, then refetch the cca_info and make sure the current
229 * cur_mkvp or old_mkvp values of the apqn are used.
230 * The mktype determines which set of master keys to use:
231 * 0 = AES_MK_SET - AES MK set, 1 = APKA MK_SET - APKA MK set
232 * The array of apqn entries is allocated with kmalloc and returned in *apqns;
233 * the number of apqns stored into the list is returned in *nr_apqns. One apqn
234 * entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and
235 * may be casted to struct pkey_apqn. The return value is either 0 for success
236 * or a negative errno value. If no apqn meeting the criteria is found,
237 * -ENODEV is returned.
239 int cca_findcard2(u32
**apqns
, u32
*nr_apqns
, u16 cardnr
, u16 domain
,
240 int minhwtype
, int mktype
, u64 cur_mkvp
, u64 old_mkvp
,
244 #define APKA_MK_SET 1
246 /* struct to hold info for each CCA queue */
248 int hwtype
; /* one of the defined AP_DEVICE_TYPE_* */
249 char new_aes_mk_state
; /* '1' empty, '2' partially full, '3' full */
250 char cur_aes_mk_state
; /* '1' invalid, '2' valid */
251 char old_aes_mk_state
; /* '1' invalid, '2' valid */
252 char new_apka_mk_state
; /* '1' empty, '2' partially full, '3' full */
253 char cur_apka_mk_state
; /* '1' invalid, '2' valid */
254 char old_apka_mk_state
; /* '1' invalid, '2' valid */
255 char new_asym_mk_state
; /* '1' empty, '2' partially full, '3' full */
256 char cur_asym_mk_state
; /* '1' invalid, '2' valid */
257 char old_asym_mk_state
; /* '1' invalid, '2' valid */
258 u64 new_aes_mkvp
; /* truncated sha256 of new aes master key */
259 u64 cur_aes_mkvp
; /* truncated sha256 of current aes master key */
260 u64 old_aes_mkvp
; /* truncated sha256 of old aes master key */
261 u64 new_apka_mkvp
; /* truncated sha256 of new apka master key */
262 u64 cur_apka_mkvp
; /* truncated sha256 of current apka mk */
263 u64 old_apka_mkvp
; /* truncated sha256 of old apka mk */
264 u8 new_asym_mkvp
[16]; /* verify pattern of new asym master key */
265 u8 cur_asym_mkvp
[16]; /* verify pattern of current asym master key */
266 u8 old_asym_mkvp
[16]; /* verify pattern of old asym master key */
267 char serial
[9]; /* serial number (8 ascii numbers + 0x00) */
271 * Fetch cca information about an CCA queue.
273 int cca_get_info(u16 card
, u16 dom
, struct cca_info
*ci
, int verify
);
275 void zcrypt_ccamisc_exit(void);
277 #endif /* _ZCRYPT_CCAMISC_H_ */
