Commit 55d0a513 authored by Harald Freudenberger's avatar Harald Freudenberger Committed by Vasily Gorbik

s390/pkey/zcrypt: Support EP11 AES secure keys

Extend the low level ep11 misc functions implementation by
several functions to support EP11 key objects for paes and pkey:
- EP11 AES secure key generation
- EP11 AES secure key generation from given clear key value
- EP11 AES secure key blob check
- findcard function returns list of apqns based on given criterias
- EP11 AES secure key derive to CPACF protected key

Extend the pkey module to be able to generate and handle EP11
secure keys and also use them as base for deriving protected
keys for CPACF usage. These ioctls are extended to support
EP11 keys: PKEY_GENSECK2, PKEY_CLR2SECK2, PKEY_VERIFYKEY2,
PKEY_APQNS4K, PKEY_APQNS4KT, PKEY_KBLOB2PROTK2.

Additionally the 'clear key' token to protected key now uses
an EP11 card if the other ways (via PCKMO, via CCA) fail.

The PAES cipher implementation needed a new upper limit for
the max key size, but is now also working with EP11 keys.
Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
parent a17becc1
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
* and padding is also possible, the limits need to be generous. * and padding is also possible, the limits need to be generous.
*/ */
#define PAES_MIN_KEYSIZE 16 #define PAES_MIN_KEYSIZE 16
#define PAES_MAX_KEYSIZE 256 #define PAES_MAX_KEYSIZE 320
static u8 *ctrblk; static u8 *ctrblk;
static DEFINE_MUTEX(ctrblk_lock); static DEFINE_MUTEX(ctrblk_lock);
......
...@@ -25,10 +25,11 @@ ...@@ -25,10 +25,11 @@
#define MAXPROTKEYSIZE 64 /* a protected key blob may be up to 64 bytes */ #define MAXPROTKEYSIZE 64 /* a protected key blob may be up to 64 bytes */
#define MAXCLRKEYSIZE 32 /* a clear key value may be up to 32 bytes */ #define MAXCLRKEYSIZE 32 /* a clear key value may be up to 32 bytes */
#define MAXAESCIPHERKEYSIZE 136 /* our aes cipher keys have always 136 bytes */ #define MAXAESCIPHERKEYSIZE 136 /* our aes cipher keys have always 136 bytes */
#define MINEP11AESKEYBLOBSIZE 256 /* min EP11 AES key blob size */
#define MAXEP11AESKEYBLOBSIZE 320 /* max EP11 AES key blob size */
/* Minimum and maximum size of a key blob */ /* Minimum size of a key blob */
#define MINKEYBLOBSIZE SECKEYBLOBSIZE #define MINKEYBLOBSIZE SECKEYBLOBSIZE
#define MAXKEYBLOBSIZE MAXAESCIPHERKEYSIZE
/* defines for the type field within the pkey_protkey struct */ /* defines for the type field within the pkey_protkey struct */
#define PKEY_KEYTYPE_AES_128 1 #define PKEY_KEYTYPE_AES_128 1
...@@ -39,6 +40,7 @@ ...@@ -39,6 +40,7 @@
enum pkey_key_type { enum pkey_key_type {
PKEY_TYPE_CCA_DATA = (__u32) 1, PKEY_TYPE_CCA_DATA = (__u32) 1,
PKEY_TYPE_CCA_CIPHER = (__u32) 2, PKEY_TYPE_CCA_CIPHER = (__u32) 2,
PKEY_TYPE_EP11 = (__u32) 3,
}; };
/* the newer ioctls use a pkey_key_size enum for key size information */ /* the newer ioctls use a pkey_key_size enum for key size information */
...@@ -200,7 +202,7 @@ struct pkey_kblob2pkey { ...@@ -200,7 +202,7 @@ struct pkey_kblob2pkey {
/* /*
* Generate secure key, version 2. * Generate secure key, version 2.
* Generate either a CCA AES secure key or a CCA AES cipher key. * Generate CCA AES secure key, CCA AES cipher key or EP11 AES secure key.
* There needs to be a list of apqns given with at least one entry in there. * There needs to be a list of apqns given with at least one entry in there.
* All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain * All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain
* is not supported. The implementation walks through the list of apqns and * is not supported. The implementation walks through the list of apqns and
...@@ -210,10 +212,13 @@ struct pkey_kblob2pkey { ...@@ -210,10 +212,13 @@ struct pkey_kblob2pkey {
* (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to * (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to
* generate a list of apqns based on the key type to generate. * generate a list of apqns based on the key type to generate.
* The keygenflags argument is passed to the low level generation functions * The keygenflags argument is passed to the low level generation functions
* individual for the key type and has a key type specific meaning. Currently * individual for the key type and has a key type specific meaning. When
* only CCA AES cipher keys react to this parameter: Use one or more of the * generating CCA cipher keys you can use one or more of the PKEY_KEYGEN_*
* PKEY_KEYGEN_* flags to widen the export possibilities. By default a cipher * flags to widen the export possibilities. By default a cipher key is
* key is only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC). * only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC).
* The keygenflag argument for generating an EP11 AES key should either be 0
* to use the defaults which are XCP_BLOB_ENCRYPT, XCP_BLOB_DECRYPT and
* XCP_BLOB_PROTKEY_EXTRACTABLE or a valid combination of XCP_BLOB_* flags.
*/ */
struct pkey_genseck2 { struct pkey_genseck2 {
struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets*/ struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets*/
...@@ -229,8 +234,8 @@ struct pkey_genseck2 { ...@@ -229,8 +234,8 @@ struct pkey_genseck2 {
/* /*
* Generate secure key from clear key value, version 2. * Generate secure key from clear key value, version 2.
* Construct a CCA AES secure key or CCA AES cipher key from a given clear key * Construct an CCA AES secure key, CCA AES cipher key or EP11 AES secure
* value. * key from a given clear key value.
* There needs to be a list of apqns given with at least one entry in there. * There needs to be a list of apqns given with at least one entry in there.
* All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain * All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain
* is not supported. The implementation walks through the list of apqns and * is not supported. The implementation walks through the list of apqns and
...@@ -240,10 +245,13 @@ struct pkey_genseck2 { ...@@ -240,10 +245,13 @@ struct pkey_genseck2 {
* (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to * (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to
* generate a list of apqns based on the key type to generate. * generate a list of apqns based on the key type to generate.
* The keygenflags argument is passed to the low level generation functions * The keygenflags argument is passed to the low level generation functions
* individual for the key type and has a key type specific meaning. Currently * individual for the key type and has a key type specific meaning. When
* only CCA AES cipher keys react to this parameter: Use one or more of the * generating CCA cipher keys you can use one or more of the PKEY_KEYGEN_*
* PKEY_KEYGEN_* flags to widen the export possibilities. By default a cipher * flags to widen the export possibilities. By default a cipher key is
* key is only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC). * only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC).
* The keygenflag argument for generating an EP11 AES key should either be 0
* to use the defaults which are XCP_BLOB_ENCRYPT, XCP_BLOB_DECRYPT and
* XCP_BLOB_PROTKEY_EXTRACTABLE or a valid combination of XCP_BLOB_* flags.
*/ */
struct pkey_clr2seck2 { struct pkey_clr2seck2 {
struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets */ struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets */
...@@ -266,14 +274,19 @@ struct pkey_clr2seck2 { ...@@ -266,14 +274,19 @@ struct pkey_clr2seck2 {
* with one apqn able to handle this key. * with one apqn able to handle this key.
* The function also checks for the master key verification patterns * The function also checks for the master key verification patterns
* of the key matching to the current or alternate mkvp of the apqn. * of the key matching to the current or alternate mkvp of the apqn.
* Currently CCA AES secure keys and CCA AES cipher keys are supported. * For CCA AES secure keys and CCA AES cipher keys this means to check
* The flags field is updated with some additional info about the apqn mkvp * the key's mkvp against the current or old mkvp of the apqns. The flags
* field is updated with some additional info about the apqn mkvp
* match: If the current mkvp matches to the key's mkvp then the * match: If the current mkvp matches to the key's mkvp then the
* PKEY_FLAGS_MATCH_CUR_MKVP bit is set, if the alternate mkvp matches to * PKEY_FLAGS_MATCH_CUR_MKVP bit is set, if the alternate mkvp matches to
* the key's mkvp the PKEY_FLAGS_MATCH_ALT_MKVP is set. For CCA keys the * the key's mkvp the PKEY_FLAGS_MATCH_ALT_MKVP is set. For CCA keys the
* alternate mkvp is the old master key verification pattern. * alternate mkvp is the old master key verification pattern.
* CCA AES secure keys are also checked to have the CPACF export allowed * CCA AES secure keys are also checked to have the CPACF export allowed
* bit enabled (XPRTCPAC) in the kmf1 field. * bit enabled (XPRTCPAC) in the kmf1 field.
* EP11 keys are also supported and the wkvp of the key is checked against
* the current wkvp of the apqns. There is no alternate for this type of
* key and so on a match the flag PKEY_FLAGS_MATCH_CUR_MKVP always is set.
* EP11 keys are also checked to have XCP_BLOB_PROTKEY_EXTRACTABLE set.
* The ioctl returns 0 as long as the given or found apqn matches to * The ioctl returns 0 as long as the given or found apqn matches to
* matches with the current or alternate mkvp to the key's mkvp. If the given * matches with the current or alternate mkvp to the key's mkvp. If the given
* apqn does not match or there is no such apqn found, -1 with errno * apqn does not match or there is no such apqn found, -1 with errno
...@@ -313,16 +326,20 @@ struct pkey_kblob2pkey2 { ...@@ -313,16 +326,20 @@ struct pkey_kblob2pkey2 {
/* /*
* Build a list of APQNs based on a key blob given. * Build a list of APQNs based on a key blob given.
* Is able to find out which type of secure key is given (CCA AES secure * Is able to find out which type of secure key is given (CCA AES secure
* key or CCA AES cipher key) and tries to find all matching crypto cards * key, CCA AES cipher key or EP11 AES key) and tries to find all matching
* based on the MKVP and maybe other criterias (like CCA AES cipher keys * crypto cards based on the MKVP and maybe other criterias (like CCA AES
* need a CEX5C or higher). The list of APQNs is further filtered by the key's * cipher keys need a CEX5C or higher, EP11 keys with BLOB_PKEY_EXTRACTABLE
* mkvp which needs to match to either the current mkvp or the alternate mkvp * need a CEX7 and EP11 api version 4). The list of APQNs is further filtered
* (which is the old mkvp on CCA adapters) of the apqns. The flags argument may * by the key's mkvp which needs to match to either the current mkvp (CCA and
* be used to limit the matching apqns. If the PKEY_FLAGS_MATCH_CUR_MKVP is * EP11) or the alternate mkvp (old mkvp, CCA adapters only) of the apqns. The
* given, only the current mkvp of each apqn is compared. Likewise with the * flags argument may be used to limit the matching apqns. If the
* PKEY_FLAGS_MATCH_ALT_MKVP. If both are given, it is assumed to * PKEY_FLAGS_MATCH_CUR_MKVP is given, only the current mkvp of each apqn is
* return apqns where either the current or the alternate mkvp * compared. Likewise with the PKEY_FLAGS_MATCH_ALT_MKVP. If both are given, it
* is assumed to return apqns where either the current or the alternate mkvp
* matches. At least one of the matching flags needs to be given. * matches. At least one of the matching flags needs to be given.
* The flags argument for EP11 keys has no further action and is currently
* ignored (but needs to be given as PKEY_FLAGS_MATCH_CUR_MKVP) as there is only
* the wkvp from the key to match against the apqn's wkvp.
* The list of matching apqns is stored into the space given by the apqns * The list of matching apqns is stored into the space given by the apqns
* argument and the number of stored entries goes into apqn_entries. If the list * argument and the number of stored entries goes into apqn_entries. If the list
* is empty (apqn_entries is 0) the apqn_entries field is updated to the number * is empty (apqn_entries is 0) the apqn_entries field is updated to the number
...@@ -356,6 +373,10 @@ struct pkey_apqns4key { ...@@ -356,6 +373,10 @@ struct pkey_apqns4key {
* If both are given, it is assumed to return apqns where either the * If both are given, it is assumed to return apqns where either the
* current or the alternate mkvp matches. If no match flag is given * current or the alternate mkvp matches. If no match flag is given
* (flags is 0) the mkvp values are ignored for the match process. * (flags is 0) the mkvp values are ignored for the match process.
* For EP11 keys there is only the current wkvp. So if the apqns should also
* match to a given wkvp, then the PKEY_FLAGS_MATCH_CUR_MKVP flag should be
* set. The wkvp value is 32 bytes but only the leftmost 16 bytes are compared
* against the leftmost 16 byte of the wkvp of the apqn.
* The list of matching apqns is stored into the space given by the apqns * The list of matching apqns is stored into the space given by the apqns
* argument and the number of stored entries goes into apqn_entries. If the list * argument and the number of stored entries goes into apqn_entries. If the list
* is empty (apqn_entries is 0) the apqn_entries field is updated to the number * is empty (apqn_entries is 0) the apqn_entries field is updated to the number
......
This diff is collapsed.
This diff is collapsed.
...@@ -12,6 +12,46 @@ ...@@ -12,6 +12,46 @@
#include <asm/zcrypt.h> #include <asm/zcrypt.h>
#include <asm/pkey.h> #include <asm/pkey.h>
#define TOKVER_EP11_AES 0x03 /* EP11 AES key blob */
#define EP11_API_V 4 /* highest known and supported EP11 API version */
#define EP11_STRUCT_MAGIC 0x1234
#define EP11_BLOB_PKEY_EXTRACTABLE 0x200000
/* inside view of an EP11 secure key blob */
struct ep11keyblob {
union {
u8 session[32];
struct {
u8 type; /* 0x00 (TOKTYPE_NON_CCA) */
u8 res0; /* unused */
u16 len; /* total length in bytes of this blob */
u8 version; /* 0x06 (TOKVER_EP11_AES) */
u8 res1; /* unused */
u16 keybitlen; /* clear key bit len, 0 for unknown */
} head;
};
u8 wkvp[16]; /* wrapping key verification pattern */
u64 attr; /* boolean key attributes */
u64 mode; /* mode bits */
u16 version; /* 0x1234, EP11_STRUCT_MAGIC */
u8 iv[14];
u8 encrypted_key_data[144];
u8 mac[32];
} __packed;
/*
* Simple check if the key blob is a valid EP11 secure AES key.
* If keybitsize is given, the bitsize of the key is also checked.
* If checkcpacfexport is enabled, the key is also checked for the
* attributes needed to export this key for CPACF use.
* Returns 0 on success or errno value on failure.
*/
int ep11_check_aeskeyblob(debug_info_t *dbg, int dbflvl,
const u8 *key, int keybitsize,
int checkcpacfexport);
/* EP11 card info struct */ /* EP11 card info struct */
struct ep11_card_info { struct ep11_card_info {
u32 API_ord_nr; /* API ordinal number */ u32 API_ord_nr; /* API ordinal number */
...@@ -39,6 +79,46 @@ int ep11_get_card_info(u16 card, struct ep11_card_info *info, int verify); ...@@ -39,6 +79,46 @@ int ep11_get_card_info(u16 card, struct ep11_card_info *info, int verify);
*/ */
int ep11_get_domain_info(u16 card, u16 domain, struct ep11_domain_info *info); int ep11_get_domain_info(u16 card, u16 domain, struct ep11_domain_info *info);
/*
* Generate (random) EP11 AES secure key.
*/
int ep11_genaeskey(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
u8 *keybuf, size_t *keybufsize);
/*
* Generate EP11 AES secure key with given clear key value.
*/
int ep11_clr2keyblob(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
const u8 *clrkey, u8 *keybuf, size_t *keybufsize);
/*
* Derive proteced key from EP11 AES secure key blob.
*/
int ep11_key2protkey(u16 cardnr, u16 domain, const u8 *key, size_t keylen,
u8 *protkey, u32 *protkeylen, u32 *protkeytype);
/*
* Build a list of ep11 apqns meeting the following constrains:
* - apqn is online and is in fact an EP11 apqn
* - if cardnr is not FFFF only apqns with this cardnr
* - if domain is not FFFF only apqns with this domainnr
* - if minhwtype > 0 only apqns with hwtype >= minhwtype
* - if minapi > 0 only apqns with API_ord_nr >= minapi
* - if wkvp != NULL only apqns where the wkvp (EP11_WKVPLEN bytes) matches
* to the first EP11_WKVPLEN bytes of the wkvp of the current wrapping
* key for this domain. When a wkvp is given there will aways be a re-fetch
* of the domain info for the potential apqn - so this triggers an request
* reply to each apqn eligible.
* The array of apqn entries is allocated with kmalloc and returned in *apqns;
* the number of apqns stored into the list is returned in *nr_apqns. One apqn
* entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and
* may be casted to struct pkey_apqn. The return value is either 0 for success
* or a negative errno value. If no apqn meeting the criterias is found,
* -ENODEV is returned.
*/
int ep11_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
int minhwtype, int minapi, const u8 *wkvp);
void zcrypt_ep11misc_exit(void); void zcrypt_ep11misc_exit(void);
#endif /* _ZCRYPT_EP11MISC_H_ */ #endif /* _ZCRYPT_EP11MISC_H_ */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment