s390/crypto/zcrypt_ccamisc.h

0001 /* SPDX-License-Identifier: GPL-2.0+ */
0002 /*
0003  *  Copyright IBM Corp. 2019
0004  *  Author(s): Harald Freudenberger <freude@linux.ibm.com>
0005  *         Ingo Franzki <ifranzki@linux.ibm.com>
0006  *
0007  *  Collection of CCA misc functions used by zcrypt and pkey
0008  */
0009
0010 #ifndef _ZCRYPT_CCAMISC_H_
0011 #define _ZCRYPT_CCAMISC_H_
0012
0013 #include <asm/zcrypt.h>
0014 #include <asm/pkey.h>
0015
0016 /* Key token types */
0017 #define TOKTYPE_NON_CCA      0x00 /* Non-CCA key token */
0018 #define TOKTYPE_CCA_INTERNAL     0x01 /* CCA internal sym key token */
0019 #define TOKTYPE_CCA_INTERNAL_PKA 0x1f /* CCA internal asym key token */
0020
0021 /* For TOKTYPE_NON_CCA: */
0022 #define TOKVER_PROTECTED_KEY    0x01 /* Protected key token */
0023 #define TOKVER_CLEAR_KEY    0x02 /* Clear key token */
0024
0025 /* For TOKTYPE_CCA_INTERNAL: */
0026 #define TOKVER_CCA_AES      0x04 /* CCA AES key token */
0027 #define TOKVER_CCA_VLSC     0x05 /* var length sym cipher key token */
0028
0029 /* Max size of a cca variable length cipher key token */
0030 #define MAXCCAVLSCTOKENSIZE 725
0031
0032 /* header part of a CCA key token */
0033 struct keytoken_header {
0034     u8  type;     /* one of the TOKTYPE values */
0035     u8  res0[1];
0036     u16 len;      /* vlsc token: total length in bytes */
0037     u8  version;  /* one of the TOKVER values */
0038     u8  res1[3];
0039 } __packed;
0040
0041 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
0042 struct secaeskeytoken {
0043     u8  type;     /* 0x01 for internal key token */
0044     u8  res0[3];
0045     u8  version;  /* should be 0x04 */
0046     u8  res1[1];
0047     u8  flag;     /* key flags */
0048     u8  res2[1];
0049     u64 mkvp;     /* master key verification pattern */
0050     u8  key[32];  /* key value (encrypted) */
0051     u8  cv[8];    /* control vector */
0052     u16 bitsize;  /* key bit size */
0053     u16 keysize;  /* key byte size */
0054     u8  tvv[4];   /* token validation value */
0055 } __packed;
0056
0057 /* inside view of a variable length symmetric cipher AES key token */
0058 struct cipherkeytoken {
0059     u8  type;     /* 0x01 for internal key token */
0060     u8  res0[1];
0061     u16 len;      /* total key token length in bytes */
0062     u8  version;  /* should be 0x05 */
0063     u8  res1[3];
0064     u8  kms;      /* key material state, 0x03 means wrapped with MK */
0065     u8  kvpt;     /* key verification pattern type, should be 0x01 */
0066     u64 mkvp0;    /* master key verification pattern, lo part */
0067     u64 mkvp1;    /* master key verification pattern, hi part (unused) */
0068     u8  eskwm;    /* encrypted section key wrapping method */
0069     u8  hashalg;  /* hash algorithmus used for wrapping key */
0070     u8  plfver;   /* pay load format version */
0071     u8  res2[1];
0072     u8  adsver;   /* associated data section version */
0073     u8  res3[1];
0074     u16 adslen;   /* associated data section length */
0075     u8  kllen;    /* optional key label length */
0076     u8  ieaslen;  /* optional extended associated data length */
0077     u8  uadlen;   /* optional user definable associated data length */
0078     u8  res4[1];
0079     u16 wpllen;   /* wrapped payload length in bits: */
0080               /*   plfver  0x00 0x01         */
0081               /*   AES-128  512  640         */
0082               /*   AES-192  576  640         */
0083               /*   AES-256  640  640         */
0084     u8  res5[1];
0085     u8  algtype;  /* 0x02 for AES cipher */
0086     u16 keytype;  /* 0x0001 for 'cipher' */
0087     u8  kufc;     /* key usage field count */
0088     u16 kuf1;     /* key usage field 1 */
0089     u16 kuf2;     /* key usage field 2 */
0090     u8  kmfc;     /* key management field count */
0091     u16 kmf1;     /* key management field 1 */
0092     u16 kmf2;     /* key management field 2 */
0093     u16 kmf3;     /* key management field 3 */
0094     u8  vdata[]; /* variable part data follows */
0095 } __packed;
0096
0097 /* inside view of an CCA secure ECC private key */
0098 struct eccprivkeytoken {
0099     u8  type;     /* 0x1f for internal asym key token */
0100     u8  version;  /* should be 0x00 */
0101     u16 len;      /* total key token length in bytes */
0102     u8  res1[4];
0103     u8  secid;    /* 0x20 for ECC priv key section marker */
0104     u8  secver;   /* section version */
0105     u16 seclen;   /* section length */
0106     u8  wtype;    /* wrapping method, 0x00 clear, 0x01 AES */
0107     u8  htype;    /* hash method, 0x02 for SHA-256 */
0108     u8  res2[2];
0109     u8  kutc;     /* key usage and translation control */
0110     u8  ctype;    /* curve type */
0111     u8  kfs;      /* key format and security */
0112     u8  ksrc;     /* key source */
0113     u16 pbitlen;  /* length of prime p in bits */
0114     u16 ibmadlen; /* IBM associated data length in bytes */
0115     u64 mkvp;     /* master key verification pattern */
0116     u8  opk[48];  /* encrypted object protection key data */
0117     u16 adatalen; /* associated data length in bytes */
0118     u16 fseclen;  /* formated section length in bytes */
0119     u8  more_data[]; /* more data follows */
0120 } __packed;
0121
0122 /* Some defines for the CCA AES cipherkeytoken kmf1 field */
0123 #define KMF1_XPRT_SYM  0x8000
0124 #define KMF1_XPRT_UASY 0x4000
0125 #define KMF1_XPRT_AASY 0x2000
0126 #define KMF1_XPRT_RAW  0x1000
0127 #define KMF1_XPRT_CPAC 0x0800
0128 #define KMF1_XPRT_DES  0x0080
0129 #define KMF1_XPRT_AES  0x0040
0130 #define KMF1_XPRT_RSA  0x0008
0131
0132 /*
0133  * Simple check if the token is a valid CCA secure AES data key
0134  * token. If keybitsize is given, the bitsize of the key is
0135  * also checked. Returns 0 on success or errno value on failure.
0136  */
0137 int cca_check_secaeskeytoken(debug_info_t *dbg, int dbflvl,
0138                  const u8 *token, int keybitsize);
0139
0140 /*
0141  * Simple check if the token is a valid CCA secure AES cipher key
0142  * token. If keybitsize is given, the bitsize of the key is
0143  * also checked. If checkcpacfexport is enabled, the key is also
0144  * checked for the export flag to allow CPACF export.
0145  * Returns 0 on success or errno value on failure.
0146  */
0147 int cca_check_secaescipherkey(debug_info_t *dbg, int dbflvl,
0148                   const u8 *token, int keybitsize,
0149                   int checkcpacfexport);
0150
0151 /*
0152  * Simple check if the token is a valid CCA secure ECC private
0153  * key token. Returns 0 on success or errno value on failure.
0154  */
0155 int cca_check_sececckeytoken(debug_info_t *dbg, int dbflvl,
0156                  const u8 *token, size_t keysize,
0157                  int checkcpacfexport);
0158
0159 /*
0160  * Generate (random) CCA AES DATA secure key.
0161  */
0162 int cca_genseckey(u16 cardnr, u16 domain, u32 keybitsize, u8 *seckey);
0163
0164 /*
0165  * Generate CCA AES DATA secure key with given clear key value.
0166  */
0167 int cca_clr2seckey(u16 cardnr, u16 domain, u32 keybitsize,
0168            const u8 *clrkey, u8 *seckey);
0169
0170 /*
0171  * Derive proteced key from an CCA AES DATA secure key.
0172  */
0173 int cca_sec2protkey(u16 cardnr, u16 domain,
0174             const u8 *seckey, u8 *protkey, u32 *protkeylen,
0175             u32 *protkeytype);
0176
0177 /*
0178  * Generate (random) CCA AES CIPHER secure key.
0179  */
0180 int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
0181              u8 *keybuf, size_t *keybufsize);
0182
0183 /*
0184  * Derive proteced key from CCA AES cipher secure key.
0185  */
0186 int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey,
0187                u8 *protkey, u32 *protkeylen, u32 *protkeytype);
0188
0189 /*
0190  * Build CCA AES CIPHER secure key with a given clear key value.
0191  */
0192 int cca_clr2cipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
0193               const u8 *clrkey, u8 *keybuf, size_t *keybufsize);
0194
0195 /*
0196  * Derive proteced key from CCA ECC secure private key.
0197  */
0198 int cca_ecc2protkey(u16 cardnr, u16 domain, const u8 *key,
0199             u8 *protkey, u32 *protkeylen, u32 *protkeytype);
0200
0201 /*
0202  * Query cryptographic facility from CCA adapter
0203  */
0204 int cca_query_crypto_facility(u16 cardnr, u16 domain,
0205                   const char *keyword,
0206                   u8 *rarray, size_t *rarraylen,
0207                   u8 *varray, size_t *varraylen);
0208
0209 /*
0210  * Search for a matching crypto card based on the Master Key
0211  * Verification Pattern provided inside a secure key.
0212  * Works with CCA AES data and cipher keys.
0213  * Returns < 0 on failure, 0 if CURRENT MKVP matches and
0214  * 1 if OLD MKVP matches.
0215  */
0216 int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify);
0217
0218 /*
0219  * Build a list of cca apqns meeting the following constrains:
0220  * - apqn is online and is in fact a CCA apqn
0221  * - if cardnr is not FFFF only apqns with this cardnr
0222  * - if domain is not FFFF only apqns with this domainnr
0223  * - if minhwtype > 0 only apqns with hwtype >= minhwtype
0224  * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp
0225  * - if old_mkvp != 0 only apqns where old_mkvp == mkvp
0226  * - if verify is enabled and a cur_mkvp and/or old_mkvp
0227  *   value is given, then refetch the cca_info and make sure the current
0228  *   cur_mkvp or old_mkvp values of the apqn are used.
0229  * The mktype determines which set of master keys to use:
0230  *   0 = AES_MK_SET - AES MK set, 1 = APKA MK_SET - APKA MK set
0231  * The array of apqn entries is allocated with kmalloc and returned in *apqns;
0232  * the number of apqns stored into the list is returned in *nr_apqns. One apqn
0233  * entry is simple a 32 bit value with 16 bit cardnr and 16 bit domain nr and
0234  * may be casted to struct pkey_apqn. The return value is either 0 for success
0235  * or a negative errno value. If no apqn meeting the criterias is found,
0236  * -ENODEV is returned.
0237  */
0238 int cca_findcard2(u32 **apqns, u32 *nr_apqns, u16 cardnr, u16 domain,
0239           int minhwtype, int mktype, u64 cur_mkvp, u64 old_mkvp,
0240           int verify);
0241
0242 #define AES_MK_SET  0
0243 #define APKA_MK_SET 1
0244
0245 /* struct to hold info for each CCA queue */
0246 struct cca_info {
0247     int  hwtype;        /* one of the defined AP_DEVICE_TYPE_* */
0248     char new_aes_mk_state;  /* '1' empty, '2' partially full, '3' full */
0249     char cur_aes_mk_state;  /* '1' invalid, '2' valid */
0250     char old_aes_mk_state;  /* '1' invalid, '2' valid */
0251     char new_apka_mk_state; /* '1' empty, '2' partially full, '3' full */
0252     char cur_apka_mk_state; /* '1' invalid, '2' valid */
0253     char old_apka_mk_state; /* '1' invalid, '2' valid */
0254     char new_asym_mk_state; /* '1' empty, '2' partially full, '3' full */
0255     char cur_asym_mk_state; /* '1' invalid, '2' valid */
0256     char old_asym_mk_state; /* '1' invalid, '2' valid */
0257     u64  new_aes_mkvp;  /* truncated sha256 of new aes master key */
0258     u64  cur_aes_mkvp;  /* truncated sha256 of current aes master key */
0259     u64  old_aes_mkvp;  /* truncated sha256 of old aes master key */
0260     u64  new_apka_mkvp; /* truncated sha256 of new apka master key */
0261     u64  cur_apka_mkvp; /* truncated sha256 of current apka mk */
0262     u64  old_apka_mkvp; /* truncated sha256 of old apka mk */
0263     u8   new_asym_mkvp[16]; /* verify pattern of new asym master key */
0264     u8   cur_asym_mkvp[16]; /* verify pattern of current asym master key */
0265     u8   old_asym_mkvp[16]; /* verify pattern of old asym master key */
0266     char serial[9];     /* serial number (8 ascii numbers + 0x00) */
0267 };
0268
0269 /*
0270  * Fetch cca information about an CCA queue.
0271  */
0272 int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify);
0273
0274 void zcrypt_ccamisc_exit(void);
0275
0276 #endif /* _ZCRYPT_CCAMISC_H_ */