Lines Matching +full:non +full:- +full:secure +full:- +full:domain
1 // SPDX-License-Identifier: GPL-2.0
114 return -EINVAL; in pkey_clr2protkey()
121 return -ENODEV; in pkey_clr2protkey()
126 return -ENODEV; in pkey_clr2protkey()
131 memcpy(paramblock, clrkey->clrkey, keysize); in pkey_clr2protkey()
137 protkey->type = keytype; in pkey_clr2protkey()
138 protkey->len = keysize + 32; in pkey_clr2protkey()
139 memcpy(protkey->protkey, paramblock, keysize + 32); in pkey_clr2protkey()
145 * Find card and transform secure key into protected key.
150 u16 cardnr, domain; in pkey_skey2pkey() local
163 rc = cca_findcard(key, &cardnr, &domain, verify); in pkey_skey2pkey()
168 switch (hdr->version) { in pkey_skey2pkey()
170 rc = cca_sec2protkey(cardnr, domain, in pkey_skey2pkey()
171 key, pkey->protkey, in pkey_skey2pkey()
172 &pkey->len, &pkey->type); in pkey_skey2pkey()
175 rc = cca_cipher2protkey(cardnr, domain, in pkey_skey2pkey()
176 key, pkey->protkey, in pkey_skey2pkey()
177 &pkey->len, &pkey->type); in pkey_skey2pkey()
180 return -EINVAL; in pkey_skey2pkey()
211 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) { in pkey_clr2ep11key()
228 * Find card and transform EP11 secure key into protected key.
241 ZCRYPT_CEX7, EP11_API_V, kb->wkvp); in pkey_ep11key2pkey()
246 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) { in pkey_ep11key2pkey()
249 pkey->len = sizeof(pkey->protkey); in pkey_ep11key2pkey()
250 rc = ep11_kblob2protkey(card, dom, key, kb->head.len, in pkey_ep11key2pkey()
251 pkey->protkey, &pkey->len, &pkey->type); in pkey_ep11key2pkey()
271 u16 cardnr, domain; in pkey_verifykey() local
274 /* check the secure key for valid AES secure key */ in pkey_verifykey()
281 *pkeysize = t->bitsize; in pkey_verifykey()
284 rc = cca_findcard(seckey->seckey, &cardnr, &domain, 1); in pkey_verifykey()
290 DEBUG_DBG("%s secure key has old mkvp\n", __func__); in pkey_verifykey()
299 *pdomain = domain; in pkey_verifykey()
328 return -EINVAL; in pkey_genprotkey()
340 get_random_bytes(protkey->protkey, keysize); in pkey_genprotkey()
359 switch (protkey->type) { in pkey_verifyprotkey()
371 protkey->type); in pkey_verifyprotkey()
372 return -EINVAL; in pkey_verifyprotkey()
378 memcpy(param.key, protkey->protkey, sizeof(param.key)); in pkey_verifyprotkey()
384 return -EKEYREJECTED; in pkey_verifyprotkey()
391 * Transform a non-CCA key token into a protected key
396 int rc = -EINVAL; in pkey_nonccatok2pkey()
400 switch (hdr->version) { in pkey_nonccatok2pkey()
407 protkey->len = t->len; in pkey_nonccatok2pkey()
408 protkey->type = t->keytype; in pkey_nonccatok2pkey()
409 memcpy(protkey->protkey, t->protkey, in pkey_nonccatok2pkey()
410 sizeof(protkey->protkey)); in pkey_nonccatok2pkey()
426 if (keylen != sizeof(*t) + t->len) in pkey_nonccatok2pkey()
428 if ((t->keytype == PKEY_KEYTYPE_AES_128 && t->len == 16) || in pkey_nonccatok2pkey()
429 (t->keytype == PKEY_KEYTYPE_AES_192 && t->len == 24) || in pkey_nonccatok2pkey()
430 (t->keytype == PKEY_KEYTYPE_AES_256 && t->len == 32)) in pkey_nonccatok2pkey()
431 memcpy(ckey.clrkey, t->clearkey, t->len); in pkey_nonccatok2pkey()
437 rc = -ENOMEM; in pkey_nonccatok2pkey()
441 rc = pkey_clr2protkey(t->keytype, &ckey, protkey); in pkey_nonccatok2pkey()
444 /* PCKMO failed, so try the CCA secure key way */ in pkey_nonccatok2pkey()
446 rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype, in pkey_nonccatok2pkey()
453 rc = pkey_clr2ep11key(ckey.clrkey, t->len, in pkey_nonccatok2pkey()
479 DEBUG_ERR("%s unknown/unsupported non-CCA token version %d\n", in pkey_nonccatok2pkey()
480 __func__, hdr->version); in pkey_nonccatok2pkey()
481 rc = -EINVAL; in pkey_nonccatok2pkey()
497 switch (hdr->version) { in pkey_ccainttok2pkey()
500 return -EINVAL; in pkey_ccainttok2pkey()
503 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) in pkey_ccainttok2pkey()
504 return -EINVAL; in pkey_ccainttok2pkey()
508 __func__, hdr->version); in pkey_ccainttok2pkey()
509 return -EINVAL; in pkey_ccainttok2pkey()
526 return -EINVAL; in pkey_keyblob2pkey()
529 switch (hdr->type) { in pkey_keyblob2pkey()
538 __func__, hdr->type); in pkey_keyblob2pkey()
539 return -EINVAL; in pkey_keyblob2pkey()
555 return -EINVAL; in pkey_genseckey2()
562 return -EINVAL; in pkey_genseckey2()
566 return -EINVAL; in pkey_genseckey2()
569 return -EINVAL; in pkey_genseckey2()
577 return -EINVAL; in pkey_genseckey2()
581 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_genseckey2()
583 dom = apqns[i].domain; in pkey_genseckey2()
611 return -EINVAL; in pkey_clr2seckey2()
618 return -EINVAL; in pkey_clr2seckey2()
622 return -EINVAL; in pkey_clr2seckey2()
625 return -EINVAL; in pkey_clr2seckey2()
633 return -EINVAL; in pkey_clr2seckey2()
639 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_clr2seckey2()
641 dom = apqns[i].domain; in pkey_clr2seckey2()
662 u16 *cardnr, u16 *domain, in pkey_verifykey2() argument
671 return -EINVAL; in pkey_verifykey2()
673 if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_verifykey2()
674 hdr->version == TOKVER_CCA_AES) { in pkey_verifykey2()
683 *ksize = (enum pkey_key_size)t->bitsize; in pkey_verifykey2()
685 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, in pkey_verifykey2()
686 ZCRYPT_CEX3C, AES_MK_SET, t->mkvp, 0, 1); in pkey_verifykey2()
689 if (rc == -ENODEV) { in pkey_verifykey2()
691 *cardnr, *domain, in pkey_verifykey2()
693 0, t->mkvp, 1); in pkey_verifykey2()
700 *cardnr = ((struct pkey_apqn *)_apqns)->card; in pkey_verifykey2()
701 *domain = ((struct pkey_apqn *)_apqns)->domain; in pkey_verifykey2()
703 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_verifykey2()
704 hdr->version == TOKVER_CCA_VLSC) { in pkey_verifykey2()
714 if (!t->plfver && t->wpllen == 512) in pkey_verifykey2()
716 else if (!t->plfver && t->wpllen == 576) in pkey_verifykey2()
718 else if (!t->plfver && t->wpllen == 640) in pkey_verifykey2()
722 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, in pkey_verifykey2()
723 ZCRYPT_CEX6, AES_MK_SET, t->mkvp0, 0, 1); in pkey_verifykey2()
726 if (rc == -ENODEV) { in pkey_verifykey2()
728 *cardnr, *domain, in pkey_verifykey2()
730 0, t->mkvp0, 1); in pkey_verifykey2()
737 *cardnr = ((struct pkey_apqn *)_apqns)->card; in pkey_verifykey2()
738 *domain = ((struct pkey_apqn *)_apqns)->domain; in pkey_verifykey2()
740 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_verifykey2()
741 hdr->version == TOKVER_EP11_AES) { in pkey_verifykey2()
750 *ksize = kb->head.keybitlen; in pkey_verifykey2()
752 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, in pkey_verifykey2()
753 ZCRYPT_CEX7, EP11_API_V, kb->wkvp); in pkey_verifykey2()
760 *cardnr = ((struct pkey_apqn *)_apqns)->card; in pkey_verifykey2()
761 *domain = ((struct pkey_apqn *)_apqns)->domain; in pkey_verifykey2()
764 rc = -EINVAL; in pkey_verifykey2()
781 return -EINVAL; in pkey_keyblob2pkey2()
784 return -EINVAL; in pkey_keyblob2pkey2()
786 if (hdr->type == TOKTYPE_CCA_INTERNAL) { in pkey_keyblob2pkey2()
787 if (hdr->version == TOKVER_CCA_AES) { in pkey_keyblob2pkey2()
789 return -EINVAL; in pkey_keyblob2pkey2()
791 return -EINVAL; in pkey_keyblob2pkey2()
792 } else if (hdr->version == TOKVER_CCA_VLSC) { in pkey_keyblob2pkey2()
793 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) in pkey_keyblob2pkey2()
794 return -EINVAL; in pkey_keyblob2pkey2()
796 return -EINVAL; in pkey_keyblob2pkey2()
799 __func__, hdr->version); in pkey_keyblob2pkey2()
800 return -EINVAL; in pkey_keyblob2pkey2()
802 } else if (hdr->type == TOKTYPE_NON_CCA) { in pkey_keyblob2pkey2()
803 if (hdr->version == TOKVER_EP11_AES) { in pkey_keyblob2pkey2()
805 return -EINVAL; in pkey_keyblob2pkey2()
807 return -EINVAL; in pkey_keyblob2pkey2()
813 __func__, hdr->type); in pkey_keyblob2pkey2()
814 return -EINVAL; in pkey_keyblob2pkey2()
820 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_keyblob2pkey2()
822 dom = apqns[i].domain; in pkey_keyblob2pkey2()
823 if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_keyblob2pkey2()
824 hdr->version == TOKVER_CCA_AES) { in pkey_keyblob2pkey2()
825 rc = cca_sec2protkey(card, dom, key, pkey->protkey, in pkey_keyblob2pkey2()
826 &pkey->len, &pkey->type); in pkey_keyblob2pkey2()
827 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_keyblob2pkey2()
828 hdr->version == TOKVER_CCA_VLSC) { in pkey_keyblob2pkey2()
829 rc = cca_cipher2protkey(card, dom, key, pkey->protkey, in pkey_keyblob2pkey2()
830 &pkey->len, &pkey->type); in pkey_keyblob2pkey2()
832 /* EP11 AES secure key blob */ in pkey_keyblob2pkey2()
835 pkey->len = sizeof(pkey->protkey); in pkey_keyblob2pkey2()
836 rc = ep11_kblob2protkey(card, dom, key, kb->head.len, in pkey_keyblob2pkey2()
837 pkey->protkey, &pkey->len, in pkey_keyblob2pkey2()
838 &pkey->type); in pkey_keyblob2pkey2()
855 return -EINVAL; in pkey_apqns4key()
859 if (hdr->type == TOKTYPE_NON_CCA && in pkey_apqns4key()
860 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || in pkey_apqns4key()
861 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && in pkey_apqns4key()
868 return -EINVAL; in pkey_apqns4key()
869 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { in pkey_apqns4key()
874 minhwtype, api, kb->wkvp); in pkey_apqns4key()
877 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_apqns4key()
878 hdr->version == TOKVER_EP11_AES && in pkey_apqns4key()
884 return -EINVAL; in pkey_apqns4key()
885 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { in pkey_apqns4key()
890 minhwtype, api, kb->wkvp); in pkey_apqns4key()
893 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { in pkey_apqns4key()
897 if (hdr->version == TOKVER_CCA_AES) { in pkey_apqns4key()
901 cur_mkvp = t->mkvp; in pkey_apqns4key()
903 old_mkvp = t->mkvp; in pkey_apqns4key()
904 } else if (hdr->version == TOKVER_CCA_VLSC) { in pkey_apqns4key()
909 cur_mkvp = t->mkvp0; in pkey_apqns4key()
911 old_mkvp = t->mkvp0; in pkey_apqns4key()
914 return -EINVAL; in pkey_apqns4key()
921 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { in pkey_apqns4key()
925 if (t->secid == 0x20) { in pkey_apqns4key()
927 cur_mkvp = t->mkvp; in pkey_apqns4key()
929 old_mkvp = t->mkvp; in pkey_apqns4key()
932 return -EINVAL; in pkey_apqns4key()
940 return -EINVAL; in pkey_apqns4key()
945 rc = -ENOSPC; in pkey_apqns4key()
1006 return -EINVAL; in pkey_apqns4keytype()
1011 rc = -ENOSPC; in pkey_apqns4keytype()
1031 return -EINVAL; in pkey_keyblob2pkey3()
1034 return -EINVAL; in pkey_keyblob2pkey3()
1036 if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1037 hdr->version == TOKVER_EP11_AES_WITH_HEADER && in pkey_keyblob2pkey3()
1041 return -EINVAL; in pkey_keyblob2pkey3()
1042 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1043 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && in pkey_keyblob2pkey3()
1047 return -EINVAL; in pkey_keyblob2pkey3()
1048 } else if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1049 hdr->version == TOKVER_EP11_AES && in pkey_keyblob2pkey3()
1053 return -EINVAL; in pkey_keyblob2pkey3()
1054 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { in pkey_keyblob2pkey3()
1055 if (hdr->version == TOKVER_CCA_AES) { in pkey_keyblob2pkey3()
1058 return -EINVAL; in pkey_keyblob2pkey3()
1060 return -EINVAL; in pkey_keyblob2pkey3()
1061 } else if (hdr->version == TOKVER_CCA_VLSC) { in pkey_keyblob2pkey3()
1063 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) in pkey_keyblob2pkey3()
1064 return -EINVAL; in pkey_keyblob2pkey3()
1066 return -EINVAL; in pkey_keyblob2pkey3()
1069 __func__, hdr->version); in pkey_keyblob2pkey3()
1070 return -EINVAL; in pkey_keyblob2pkey3()
1072 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { in pkey_keyblob2pkey3()
1075 return -EINVAL; in pkey_keyblob2pkey3()
1077 return -EINVAL; in pkey_keyblob2pkey3()
1078 } else if (hdr->type == TOKTYPE_NON_CCA) { in pkey_keyblob2pkey3()
1090 __func__, hdr->type); in pkey_keyblob2pkey3()
1091 return -EINVAL; in pkey_keyblob2pkey3()
1095 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { in pkey_keyblob2pkey3()
1097 dom = apqns[i].domain; in pkey_keyblob2pkey3()
1098 if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1099 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || in pkey_keyblob2pkey3()
1100 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && in pkey_keyblob2pkey3()
1102 rc = ep11_kblob2protkey(card, dom, key, hdr->len, in pkey_keyblob2pkey3()
1104 else if (hdr->type == TOKTYPE_NON_CCA && in pkey_keyblob2pkey3()
1105 hdr->version == TOKVER_EP11_AES && in pkey_keyblob2pkey3()
1107 rc = ep11_kblob2protkey(card, dom, key, hdr->len, in pkey_keyblob2pkey3()
1109 else if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_keyblob2pkey3()
1110 hdr->version == TOKVER_CCA_AES) in pkey_keyblob2pkey3()
1113 else if (hdr->type == TOKTYPE_CCA_INTERNAL && in pkey_keyblob2pkey3()
1114 hdr->version == TOKVER_CCA_VLSC) in pkey_keyblob2pkey3()
1117 else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) in pkey_keyblob2pkey3()
1121 return -EINVAL; in pkey_keyblob2pkey3()
1134 return ERR_PTR(-EINVAL); in _copy_key_from_user()
1158 return -EFAULT; in pkey_unlocked_ioctl()
1159 rc = cca_genseckey(kgs.cardnr, kgs.domain, in pkey_unlocked_ioctl()
1165 return -EFAULT; in pkey_unlocked_ioctl()
1173 return -EFAULT; in pkey_unlocked_ioctl()
1174 rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype, in pkey_unlocked_ioctl()
1180 return -EFAULT; in pkey_unlocked_ioctl()
1189 return -EFAULT; in pkey_unlocked_ioctl()
1190 rc = cca_sec2protkey(ksp.cardnr, ksp.domain, in pkey_unlocked_ioctl()
1197 return -EFAULT; in pkey_unlocked_ioctl()
1205 return -EFAULT; in pkey_unlocked_ioctl()
1212 return -EFAULT; in pkey_unlocked_ioctl()
1221 return -EFAULT; in pkey_unlocked_ioctl()
1223 &kfc.cardnr, &kfc.domain, 1); in pkey_unlocked_ioctl()
1228 return -EFAULT; in pkey_unlocked_ioctl()
1236 return -EFAULT; in pkey_unlocked_ioctl()
1242 return -EFAULT; in pkey_unlocked_ioctl()
1250 return -EFAULT; in pkey_unlocked_ioctl()
1251 rc = pkey_verifykey(&kvk.seckey, &kvk.cardnr, &kvk.domain, in pkey_unlocked_ioctl()
1257 return -EFAULT; in pkey_unlocked_ioctl()
1265 return -EFAULT; in pkey_unlocked_ioctl()
1271 return -EFAULT; in pkey_unlocked_ioctl()
1279 return -EFAULT; in pkey_unlocked_ioctl()
1290 return -EFAULT; in pkey_unlocked_ioctl()
1300 return -EFAULT; in pkey_unlocked_ioctl()
1311 return -EFAULT; in pkey_unlocked_ioctl()
1318 return -ENOMEM; in pkey_unlocked_ioctl()
1332 return -EINVAL; in pkey_unlocked_ioctl()
1336 return -EFAULT; in pkey_unlocked_ioctl()
1341 rc = -EFAULT; in pkey_unlocked_ioctl()
1353 return -EFAULT; in pkey_unlocked_ioctl()
1360 return -ENOMEM; in pkey_unlocked_ioctl()
1374 return -EINVAL; in pkey_unlocked_ioctl()
1378 return -EFAULT; in pkey_unlocked_ioctl()
1383 rc = -EFAULT; in pkey_unlocked_ioctl()
1394 return -EFAULT; in pkey_unlocked_ioctl()
1399 &kvk.cardnr, &kvk.domain, in pkey_unlocked_ioctl()
1406 return -EFAULT; in pkey_unlocked_ioctl()
1416 return -EFAULT; in pkey_unlocked_ioctl()
1433 return -EFAULT; in pkey_unlocked_ioctl()
1444 return -EFAULT; in pkey_unlocked_ioctl()
1451 return -ENOMEM; in pkey_unlocked_ioctl()
1462 if (rc && rc != -ENOSPC) { in pkey_unlocked_ioctl()
1469 return -EINVAL; in pkey_unlocked_ioctl()
1475 return -EFAULT; in pkey_unlocked_ioctl()
1481 rc = -EFAULT; in pkey_unlocked_ioctl()
1492 return -EFAULT; in pkey_unlocked_ioctl()
1499 return -ENOMEM; in pkey_unlocked_ioctl()
1504 if (rc && rc != -ENOSPC) { in pkey_unlocked_ioctl()
1511 return -EINVAL; in pkey_unlocked_ioctl()
1517 return -EFAULT; in pkey_unlocked_ioctl()
1523 rc = -EFAULT; in pkey_unlocked_ioctl()
1535 return -EFAULT; in pkey_unlocked_ioctl()
1548 return -ENOMEM; in pkey_unlocked_ioctl()
1563 return -EINVAL; in pkey_unlocked_ioctl()
1567 return -EFAULT; in pkey_unlocked_ioctl()
1573 return -EFAULT; in pkey_unlocked_ioctl()
1578 return -ENOTTY; in pkey_unlocked_ioctl()
1592 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1602 return -EINVAL; in pkey_protkey_aes_attr_read()
1605 return -EINVAL; in pkey_protkey_aes_attr_read()
1709 * Sysfs attribute read function for all secure key ccadata binary attributes.
1712 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1721 return -EINVAL; in pkey_ccadata_aes_attr_read()
1724 return -EINVAL; in pkey_ccadata_aes_attr_read()
1726 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); in pkey_ccadata_aes_attr_read()
1732 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); in pkey_ccadata_aes_attr_read()
1815 * Sysfs attribute read function for all secure key ccacipher binary attributes.
1817 * secure key blob is generated with each read. In case of partial reads
1818 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1829 return -EINVAL; in pkey_ccacipher_aes_attr_read()
1832 return -EINVAL; in pkey_ccacipher_aes_attr_read()
1843 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_ccacipher_aes_attr_read()
1937 * secure key blob is generated with each read. In case of partial reads
1938 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1952 return -EINVAL; in pkey_ep11_aes_attr_read()
1955 return -EINVAL; in pkey_ep11_aes_attr_read()
1966 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { in pkey_ep11_aes_attr_read()
2088 * The pckmo instruction should be available - even if we don't in pkey_init()
2094 return -ENODEV; in pkey_init()
2098 return -ENODEV; in pkey_init()
2102 return -ENODEV; in pkey_init()