Lines Matching +full:inside +full:- +full:secure
1 // SPDX-License-Identifier: GPL-2.0+
49 * Simple check if the token is a valid CCA secure AES data key
60 if (t->type != TOKTYPE_CCA_INTERNAL) { in cca_check_secaeskeytoken()
63 __func__, (int)t->type, TOKTYPE_CCA_INTERNAL); in cca_check_secaeskeytoken()
64 return -EINVAL; in cca_check_secaeskeytoken()
66 if (t->version != TOKVER_CCA_AES) { in cca_check_secaeskeytoken()
69 __func__, (int)t->version, TOKVER_CCA_AES); in cca_check_secaeskeytoken()
70 return -EINVAL; in cca_check_secaeskeytoken()
72 if (keybitsize > 0 && t->bitsize != keybitsize) { in cca_check_secaeskeytoken()
75 __func__, (int)t->bitsize, keybitsize); in cca_check_secaeskeytoken()
76 return -EINVAL; in cca_check_secaeskeytoken()
86 * Simple check if the token is a valid CCA secure AES cipher key
101 if (t->type != TOKTYPE_CCA_INTERNAL) { in cca_check_secaescipherkey()
104 __func__, (int)t->type, TOKTYPE_CCA_INTERNAL); in cca_check_secaescipherkey()
105 return -EINVAL; in cca_check_secaescipherkey()
107 if (t->version != TOKVER_CCA_VLSC) { in cca_check_secaescipherkey()
110 __func__, (int)t->version, TOKVER_CCA_VLSC); in cca_check_secaescipherkey()
111 return -EINVAL; in cca_check_secaescipherkey()
113 if (t->algtype != 0x02) { in cca_check_secaescipherkey()
116 __func__, (int)t->algtype); in cca_check_secaescipherkey()
117 return -EINVAL; in cca_check_secaescipherkey()
119 if (t->keytype != 0x0001) { in cca_check_secaescipherkey()
122 __func__, (int)t->keytype); in cca_check_secaescipherkey()
123 return -EINVAL; in cca_check_secaescipherkey()
125 if (t->plfver != 0x00 && t->plfver != 0x01) { in cca_check_secaescipherkey()
128 __func__, (int)t->plfver); in cca_check_secaescipherkey()
129 return -EINVAL; in cca_check_secaescipherkey()
131 if (t->wpllen != 512 && t->wpllen != 576 && t->wpllen != 640) { in cca_check_secaescipherkey()
134 __func__, (int)t->wpllen); in cca_check_secaescipherkey()
135 return -EINVAL; in cca_check_secaescipherkey()
140 if (t->wpllen != (t->plfver ? 640 : 512)) in cca_check_secaescipherkey()
144 if (t->wpllen != (t->plfver ? 640 : 576)) in cca_check_secaescipherkey()
148 if (t->wpllen != 640) in cca_check_secaescipherkey()
159 return -EINVAL; in cca_check_secaescipherkey()
162 if (checkcpacfexport && !(t->kmf1 & KMF1_XPRT_CPAC)) { in cca_check_secaescipherkey()
166 return -EINVAL; in cca_check_secaescipherkey()
176 * Simple check if the token is a valid CCA secure ECC private
187 if (t->type != TOKTYPE_CCA_INTERNAL_PKA) { in cca_check_sececckeytoken()
190 __func__, (int)t->type, TOKTYPE_CCA_INTERNAL_PKA); in cca_check_sececckeytoken()
191 return -EINVAL; in cca_check_sececckeytoken()
193 if (t->len > keysize) { in cca_check_sececckeytoken()
196 __func__, (int)t->len, keysize); in cca_check_sececckeytoken()
197 return -EINVAL; in cca_check_sececckeytoken()
199 if (t->secid != 0x20) { in cca_check_sececckeytoken()
202 __func__, (int)t->secid); in cca_check_sececckeytoken()
203 return -EINVAL; in cca_check_sececckeytoken()
205 if (checkcpacfexport && !(t->kutc & 0x01)) { in cca_check_sececckeytoken()
209 return -EINVAL; in cca_check_sececckeytoken()
239 return -ENOMEM; in alloc_and_prep_cprbmem()
245 preqcblk->cprb_len = sizeof(struct CPRBX); in alloc_and_prep_cprbmem()
246 preqcblk->cprb_ver_id = 0x02; in alloc_and_prep_cprbmem()
247 memcpy(preqcblk->func_id, "T2", 2); in alloc_and_prep_cprbmem()
248 preqcblk->rpl_msgbl = cprbplusparamblen; in alloc_and_prep_cprbmem()
250 preqcblk->req_parmb = in alloc_and_prep_cprbmem()
252 preqcblk->rpl_parmb = in alloc_and_prep_cprbmem()
285 pxcrb->agent_ID = 0x4341; /* 'CA' */ in prep_xcrb()
286 pxcrb->user_defined = (cardnr == 0xFFFF ? AUTOSELECT : cardnr); in prep_xcrb()
287 pxcrb->request_control_blk_length = in prep_xcrb()
288 preqcblk->cprb_len + preqcblk->req_parml; in prep_xcrb()
289 pxcrb->request_control_blk_addr = (void __user *)preqcblk; in prep_xcrb()
290 pxcrb->reply_control_blk_length = preqcblk->rpl_msgbl; in prep_xcrb()
291 pxcrb->reply_control_blk_addr = (void __user *)prepcblk; in prep_xcrb()
295 * Generate (random) CCA AES DATA secure key.
345 preqcblk->domain = domain; in cca_genseckey()
348 preqparm = (struct kgreqparm __force *)preqcblk->req_parmb; in cca_genseckey()
349 memcpy(preqparm->subfunc_code, "KG", 2); in cca_genseckey()
350 preqparm->rule_array_len = sizeof(preqparm->rule_array_len); in cca_genseckey()
351 preqparm->lv1.len = sizeof(struct lv1); in cca_genseckey()
352 memcpy(preqparm->lv1.key_form, "OP ", 8); in cca_genseckey()
357 memcpy(preqparm->lv1.key_length, "KEYLN16 ", 8); in cca_genseckey()
362 memcpy(preqparm->lv1.key_length, "KEYLN24 ", 8); in cca_genseckey()
367 memcpy(preqparm->lv1.key_length, "KEYLN32 ", 8); in cca_genseckey()
372 rc = -EINVAL; in cca_genseckey()
375 memcpy(preqparm->lv1.key_type1, "AESDATA ", 8); in cca_genseckey()
376 preqparm->lv2.len = sizeof(struct lv2); in cca_genseckey()
378 preqparm->lv2.keyid[i].len = sizeof(struct keyid); in cca_genseckey()
379 preqparm->lv2.keyid[i].attr = (i == 2 ? 0x30 : 0x10); in cca_genseckey()
381 preqcblk->req_parml = sizeof(struct kgreqparm); in cca_genseckey()
395 if (prepcblk->ccp_rtcode != 0) { in cca_genseckey()
396 DEBUG_ERR("%s secure key generate failure, card response %d/%d\n", in cca_genseckey()
398 (int)prepcblk->ccp_rtcode, in cca_genseckey()
399 (int)prepcblk->ccp_rscode); in cca_genseckey()
400 rc = -EIO; in cca_genseckey()
406 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_genseckey()
409 /* check length of the returned secure key token */ in cca_genseckey()
410 seckeysize = prepparm->lv3.keyblock.toklen in cca_genseckey()
411 - sizeof(prepparm->lv3.keyblock.toklen) in cca_genseckey()
412 - sizeof(prepparm->lv3.keyblock.tokattr); in cca_genseckey()
414 DEBUG_ERR("%s secure token size mismatch %d != %d bytes\n", in cca_genseckey()
416 rc = -EIO; in cca_genseckey()
420 /* check secure key token */ in cca_genseckey()
422 prepparm->lv3.keyblock.tok, 8 * keysize); in cca_genseckey()
424 rc = -EIO; in cca_genseckey()
428 /* copy the generated secure key token */ in cca_genseckey()
429 memcpy(seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE); in cca_genseckey()
438 * Generate an CCA AES DATA secure key with given key value.
486 preqcblk->domain = domain; in cca_clr2seckey()
489 preqparm = (struct cmreqparm __force *)preqcblk->req_parmb; in cca_clr2seckey()
490 memcpy(preqparm->subfunc_code, "CM", 2); in cca_clr2seckey()
491 memcpy(preqparm->rule_array, "AES ", 8); in cca_clr2seckey()
492 preqparm->rule_array_len = in cca_clr2seckey()
493 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array); in cca_clr2seckey()
510 rc = -EINVAL; in cca_clr2seckey()
513 preqparm->lv1.len = sizeof(struct lv1) + keysize; in cca_clr2seckey()
514 memcpy(preqparm->lv1.clrkey, clrkey, keysize); in cca_clr2seckey()
515 plv2 = (struct lv2 *)(((u8 *)&preqparm->lv2) + keysize); in cca_clr2seckey()
516 plv2->len = sizeof(struct lv2); in cca_clr2seckey()
517 plv2->keyid.len = sizeof(struct keyid); in cca_clr2seckey()
518 plv2->keyid.attr = 0x30; in cca_clr2seckey()
519 preqcblk->req_parml = sizeof(struct cmreqparm) + keysize; in cca_clr2seckey()
533 if (prepcblk->ccp_rtcode != 0) { in cca_clr2seckey()
536 (int)prepcblk->ccp_rtcode, in cca_clr2seckey()
537 (int)prepcblk->ccp_rscode); in cca_clr2seckey()
538 rc = -EIO; in cca_clr2seckey()
544 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_clr2seckey()
547 /* check length of the returned secure key token */ in cca_clr2seckey()
548 seckeysize = prepparm->lv3.keyblock.toklen in cca_clr2seckey()
549 - sizeof(prepparm->lv3.keyblock.toklen) in cca_clr2seckey()
550 - sizeof(prepparm->lv3.keyblock.tokattr); in cca_clr2seckey()
552 DEBUG_ERR("%s secure token size mismatch %d != %d bytes\n", in cca_clr2seckey()
554 rc = -EIO; in cca_clr2seckey()
558 /* check secure key token */ in cca_clr2seckey()
560 prepparm->lv3.keyblock.tok, 8 * keysize); in cca_clr2seckey()
562 rc = -EIO; in cca_clr2seckey()
566 /* copy the generated secure key token */ in cca_clr2seckey()
568 memcpy(seckey, prepparm->lv3.keyblock.tok, SECKEYBLOBSIZE); in cca_clr2seckey()
577 * Derive proteced key from an CCA AES DATA secure key.
599 u8 token[]; /* cca secure key token */ in cca_sec2protkey()
632 preqcblk->domain = domain; in cca_sec2protkey()
635 preqparm = (struct uskreqparm __force *)preqcblk->req_parmb; in cca_sec2protkey()
636 memcpy(preqparm->subfunc_code, "US", 2); in cca_sec2protkey()
637 preqparm->rule_array_len = sizeof(preqparm->rule_array_len); in cca_sec2protkey()
638 preqparm->lv1.len = sizeof(struct lv1); in cca_sec2protkey()
639 preqparm->lv1.attr_len = sizeof(struct lv1) - sizeof(preqparm->lv1.len); in cca_sec2protkey()
640 preqparm->lv1.attr_flags = 0x0001; in cca_sec2protkey()
641 preqparm->lv2.len = sizeof(struct lv2) + SECKEYBLOBSIZE; in cca_sec2protkey()
642 preqparm->lv2.attr_len = sizeof(struct lv2) in cca_sec2protkey()
643 - sizeof(preqparm->lv2.len) + SECKEYBLOBSIZE; in cca_sec2protkey()
644 preqparm->lv2.attr_flags = 0x0000; in cca_sec2protkey()
645 memcpy(preqparm->lv2.token, seckey, SECKEYBLOBSIZE); in cca_sec2protkey()
646 preqcblk->req_parml = sizeof(struct uskreqparm) + SECKEYBLOBSIZE; in cca_sec2protkey()
660 if (prepcblk->ccp_rtcode != 0) { in cca_sec2protkey()
661 DEBUG_ERR("%s unwrap secure key failure, card response %d/%d\n", in cca_sec2protkey()
663 (int)prepcblk->ccp_rtcode, in cca_sec2protkey()
664 (int)prepcblk->ccp_rscode); in cca_sec2protkey()
665 if (prepcblk->ccp_rtcode == 8 && prepcblk->ccp_rscode == 2290) in cca_sec2protkey()
666 rc = -EAGAIN; in cca_sec2protkey()
668 rc = -EIO; in cca_sec2protkey()
671 if (prepcblk->ccp_rscode != 0) { in cca_sec2protkey()
672 DEBUG_WARN("%s unwrap secure key warning, card response %d/%d\n", in cca_sec2protkey()
674 (int)prepcblk->ccp_rtcode, in cca_sec2protkey()
675 (int)prepcblk->ccp_rscode); in cca_sec2protkey()
680 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_sec2protkey()
684 if (prepparm->lv3.ckb.version != 0x01 && in cca_sec2protkey()
685 prepparm->lv3.ckb.version != 0x02) { in cca_sec2protkey()
687 __func__, (int)prepparm->lv3.ckb.version); in cca_sec2protkey()
688 rc = -EIO; in cca_sec2protkey()
693 switch (prepparm->lv3.ckb.len) { in cca_sec2protkey()
711 __func__, prepparm->lv3.ckb.len); in cca_sec2protkey()
712 rc = -EIO; in cca_sec2protkey()
715 memcpy(protkey, prepparm->lv3.ckb.key, prepparm->lv3.ckb.len); in cca_sec2protkey()
717 *protkeylen = prepparm->lv3.ckb.len; in cca_sec2protkey()
727 * INTERNAL, NO-KEY, AES, CIPHER, ANY-MODE, NOEX-SYM, NOEXAASY,
728 * NOEXUASY, XPRTCPAC, NOEX-RAW, NOEX-DES, NOEX-AES, NOEX-RSA
742 * Generate (random) CCA AES CIPHER secure key.
814 u8 gen_key[0]; /* 120-136 bytes */ in cca_gencipherkey()
826 preqcblk->domain = domain; in cca_gencipherkey()
827 preqcblk->req_parml = sizeof(struct gkreqparm); in cca_gencipherkey()
830 preqparm = (struct gkreqparm __force *)preqcblk->req_parmb; in cca_gencipherkey()
831 memcpy(preqparm->subfunc_code, "GK", 2); in cca_gencipherkey()
832 preqparm->rule_array_len = sizeof(uint16_t) + 2 * 8; in cca_gencipherkey()
833 memcpy(preqparm->rule_array, "AES OP ", 2 * 8); in cca_gencipherkey()
836 preqparm->vud.len = sizeof(preqparm->vud); in cca_gencipherkey()
846 rc = -EINVAL; in cca_gencipherkey()
849 preqparm->vud.clear_key_bit_len = keybitsize; in cca_gencipherkey()
850 memcpy(preqparm->vud.key_type_1, "TOKEN ", 8); in cca_gencipherkey()
851 memset(preqparm->vud.key_type_2, ' ', sizeof(preqparm->vud.key_type_2)); in cca_gencipherkey()
854 preqparm->kb.len = sizeof(preqparm->kb); in cca_gencipherkey()
855 preqparm->kb.tlv1.len = sizeof(preqparm->kb.tlv1); in cca_gencipherkey()
856 preqparm->kb.tlv1.flag = 0x0030; in cca_gencipherkey()
857 preqparm->kb.tlv2.len = sizeof(preqparm->kb.tlv2); in cca_gencipherkey()
858 preqparm->kb.tlv2.flag = 0x0030; in cca_gencipherkey()
859 preqparm->kb.tlv3.len = sizeof(preqparm->kb.tlv3); in cca_gencipherkey()
860 preqparm->kb.tlv3.flag = 0x0030; in cca_gencipherkey()
861 memcpy(preqparm->kb.tlv3.gen_key_id_1, in cca_gencipherkey()
863 preqparm->kb.tlv4.len = sizeof(preqparm->kb.tlv4); in cca_gencipherkey()
864 preqparm->kb.tlv4.flag = 0x0030; in cca_gencipherkey()
865 preqparm->kb.tlv5.len = sizeof(preqparm->kb.tlv5); in cca_gencipherkey()
866 preqparm->kb.tlv5.flag = 0x0030; in cca_gencipherkey()
867 preqparm->kb.tlv6.len = sizeof(preqparm->kb.tlv6); in cca_gencipherkey()
868 preqparm->kb.tlv6.flag = 0x0030; in cca_gencipherkey()
870 /* patch the skeleton key token export flags inside the kb block */ in cca_gencipherkey()
872 t = (struct cipherkeytoken *)preqparm->kb.tlv3.gen_key_id_1; in cca_gencipherkey()
873 t->kmf1 |= (u16)(keygenflags & 0x0000FF00); in cca_gencipherkey()
874 t->kmf1 &= (u16)~(keygenflags & 0x000000FF); in cca_gencipherkey()
890 if (prepcblk->ccp_rtcode != 0) { in cca_gencipherkey()
894 (int)prepcblk->ccp_rtcode, in cca_gencipherkey()
895 (int)prepcblk->ccp_rscode); in cca_gencipherkey()
896 rc = -EIO; in cca_gencipherkey()
902 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_gencipherkey()
906 if (prepparm->kb.len < 120 + 5 * sizeof(uint16_t) || in cca_gencipherkey()
907 prepparm->kb.len > 136 + 5 * sizeof(uint16_t)) { in cca_gencipherkey()
910 rc = -EIO; in cca_gencipherkey()
916 prepparm->kb.tlv1.gen_key, in cca_gencipherkey()
919 rc = -EIO; in cca_gencipherkey()
924 t = (struct cipherkeytoken *)prepparm->kb.tlv1.gen_key; in cca_gencipherkey()
926 if (*keybufsize >= t->len) in cca_gencipherkey()
927 memcpy(keybuf, t, t->len); in cca_gencipherkey()
929 rc = -EINVAL; in cca_gencipherkey()
931 *keybufsize = t->len; in cca_gencipherkey()
1005 preqcblk->domain = domain; in _ip_cprb_helper()
1006 preqcblk->req_parml = 0; in _ip_cprb_helper()
1009 preq_ra_block = (struct rule_array_block __force *)preqcblk->req_parmb; in _ip_cprb_helper()
1010 memcpy(preq_ra_block->subfunc_code, "IP", 2); in _ip_cprb_helper()
1011 preq_ra_block->rule_array_len = sizeof(uint16_t) + 2 * 8; in _ip_cprb_helper()
1012 memcpy(preq_ra_block->rule_array, rule_array_1, 8); in _ip_cprb_helper()
1013 memcpy(preq_ra_block->rule_array + 8, rule_array_2, 8); in _ip_cprb_helper()
1014 preqcblk->req_parml = sizeof(struct rule_array_block) + 2 * 8; in _ip_cprb_helper()
1016 preq_ra_block->rule_array_len += 8; in _ip_cprb_helper()
1017 memcpy(preq_ra_block->rule_array + 16, rule_array_3, 8); in _ip_cprb_helper()
1018 preqcblk->req_parml += 8; in _ip_cprb_helper()
1023 (preqcblk->req_parmb + preqcblk->req_parml); in _ip_cprb_helper()
1025 preq_vud_block->len = sizeof(struct vud_block) + n; in _ip_cprb_helper()
1026 preq_vud_block->tlv1.len = sizeof(preq_vud_block->tlv1); in _ip_cprb_helper()
1027 preq_vud_block->tlv1.flag = 0x0064; in _ip_cprb_helper()
1028 preq_vud_block->tlv1.clr_key_bit_len = complete ? 0 : clr_key_bit_size; in _ip_cprb_helper()
1029 preq_vud_block->tlv2.len = sizeof(preq_vud_block->tlv2) + n; in _ip_cprb_helper()
1030 preq_vud_block->tlv2.flag = 0x0063; in _ip_cprb_helper()
1032 memcpy(preq_vud_block->tlv2.clr_key, clr_key_value, n); in _ip_cprb_helper()
1033 preqcblk->req_parml += preq_vud_block->len; in _ip_cprb_helper()
1037 (preqcblk->req_parmb + preqcblk->req_parml); in _ip_cprb_helper()
1039 preq_key_block->len = sizeof(struct key_block) + n; in _ip_cprb_helper()
1040 preq_key_block->tlv1.len = sizeof(preq_key_block->tlv1) + n; in _ip_cprb_helper()
1041 preq_key_block->tlv1.flag = 0x0030; in _ip_cprb_helper()
1042 memcpy(preq_key_block->tlv1.key_token, key_token, *key_token_size); in _ip_cprb_helper()
1043 preqcblk->req_parml += preq_key_block->len; in _ip_cprb_helper()
1058 if (prepcblk->ccp_rtcode != 0) { in _ip_cprb_helper()
1062 (int)prepcblk->ccp_rtcode, in _ip_cprb_helper()
1063 (int)prepcblk->ccp_rscode); in _ip_cprb_helper()
1064 rc = -EIO; in _ip_cprb_helper()
1070 prepcblk->rpl_parmb = (u8 __user *)ptr; in _ip_cprb_helper()
1074 if (prepparm->kb.len < 120 + 3 * sizeof(uint16_t) || in _ip_cprb_helper()
1075 prepparm->kb.len > 136 + 3 * sizeof(uint16_t)) { in _ip_cprb_helper()
1078 rc = -EIO; in _ip_cprb_helper()
1085 t = (struct cipherkeytoken *)prepparm->kb.tlv1.key_token; in _ip_cprb_helper()
1086 memcpy(key_token, t, t->len); in _ip_cprb_helper()
1087 *key_token_size = t->len; in _ip_cprb_helper()
1095 * Build CCA AES CIPHER secure key with a given clear key value.
1112 return -ENOMEM; in cca_clr2cipherkey()
1121 t->kmf1 |= (u16)(keygenflags & 0x0000FF00); in cca_clr2cipherkey()
1122 t->kmf1 &= (u16)~(keygenflags & 0x000000FF); in cca_clr2cipherkey()
1130 * 4/4 COMPLETE the secure cipher key import in cca_clr2cipherkey()
1140 rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL, in cca_clr2cipherkey()
1148 rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL, in cca_clr2cipherkey()
1168 rc = -EINVAL; in cca_clr2cipherkey()
1181 * Derive proteced key from CCA AES cipher secure key.
1233 int keytoklen = ((struct cipherkeytoken *)ckey)->len; in cca_cipher2protkey()
1241 preqcblk->domain = domain; in cca_cipher2protkey()
1244 preqparm = (struct aureqparm __force *)preqcblk->req_parmb; in cca_cipher2protkey()
1245 memcpy(preqparm->subfunc_code, "AU", 2); in cca_cipher2protkey()
1246 preqparm->rule_array_len = in cca_cipher2protkey()
1247 sizeof(preqparm->rule_array_len) in cca_cipher2protkey()
1248 + sizeof(preqparm->rule_array); in cca_cipher2protkey()
1249 memcpy(preqparm->rule_array, "EXPT-SK ", 8); in cca_cipher2protkey()
1251 preqparm->vud.len = sizeof(preqparm->vud); in cca_cipher2protkey()
1252 preqparm->vud.tk_blob_len = sizeof(preqparm->vud.tk_blob) in cca_cipher2protkey()
1254 preqparm->vud.tk_blob_tag = 0x00C2; in cca_cipher2protkey()
1256 preqparm->kb.len = keytoklen + 3 * sizeof(uint16_t); in cca_cipher2protkey()
1257 preqparm->kb.cca_key_token_len = keytoklen + 2 * sizeof(uint16_t); in cca_cipher2protkey()
1258 memcpy(preqparm->kb.cca_key_token, ckey, keytoklen); in cca_cipher2protkey()
1260 preqcblk->req_parml = sizeof(struct aureqparm) + keytoklen; in cca_cipher2protkey()
1275 if (prepcblk->ccp_rtcode != 0) { in cca_cipher2protkey()
1277 "%s unwrap secure key failure, card response %d/%d\n", in cca_cipher2protkey()
1279 (int)prepcblk->ccp_rtcode, in cca_cipher2protkey()
1280 (int)prepcblk->ccp_rscode); in cca_cipher2protkey()
1281 if (prepcblk->ccp_rtcode == 8 && prepcblk->ccp_rscode == 2290) in cca_cipher2protkey()
1282 rc = -EAGAIN; in cca_cipher2protkey()
1284 rc = -EIO; in cca_cipher2protkey()
1287 if (prepcblk->ccp_rscode != 0) { in cca_cipher2protkey()
1289 "%s unwrap secure key warning, card response %d/%d\n", in cca_cipher2protkey()
1291 (int)prepcblk->ccp_rtcode, in cca_cipher2protkey()
1292 (int)prepcblk->ccp_rscode); in cca_cipher2protkey()
1297 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_cipher2protkey()
1301 if (prepparm->vud.ckb.version != 0x01 && in cca_cipher2protkey()
1302 prepparm->vud.ckb.version != 0x02) { in cca_cipher2protkey()
1304 __func__, (int)prepparm->vud.ckb.version); in cca_cipher2protkey()
1305 rc = -EIO; in cca_cipher2protkey()
1308 if (prepparm->vud.ckb.algo != 0x02) { in cca_cipher2protkey()
1311 __func__, (int)prepparm->vud.ckb.algo); in cca_cipher2protkey()
1312 rc = -EIO; in cca_cipher2protkey()
1317 switch (prepparm->vud.ckb.keylen) { in cca_cipher2protkey()
1335 __func__, prepparm->vud.ckb.keylen); in cca_cipher2protkey()
1336 rc = -EIO; in cca_cipher2protkey()
1339 memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen); in cca_cipher2protkey()
1341 *protkeylen = prepparm->vud.ckb.keylen; in cca_cipher2protkey()
1350 * Derive protected key from CCA ECC secure private key.
1402 int keylen = ((struct eccprivkeytoken *)key)->len; in cca_ecc2protkey()
1410 preqcblk->domain = domain; in cca_ecc2protkey()
1413 preqparm = (struct aureqparm __force *)preqcblk->req_parmb; in cca_ecc2protkey()
1414 memcpy(preqparm->subfunc_code, "AU", 2); in cca_ecc2protkey()
1415 preqparm->rule_array_len = in cca_ecc2protkey()
1416 sizeof(preqparm->rule_array_len) in cca_ecc2protkey()
1417 + sizeof(preqparm->rule_array); in cca_ecc2protkey()
1418 memcpy(preqparm->rule_array, "EXPT-SK ", 8); in cca_ecc2protkey()
1420 preqparm->vud.len = sizeof(preqparm->vud); in cca_ecc2protkey()
1421 preqparm->vud.tk_blob_len = sizeof(preqparm->vud.tk_blob) in cca_ecc2protkey()
1423 preqparm->vud.tk_blob_tag = 0x00C2; in cca_ecc2protkey()
1425 preqparm->kb.len = keylen + 3 * sizeof(uint16_t); in cca_ecc2protkey()
1426 preqparm->kb.cca_key_token_len = keylen + 2 * sizeof(uint16_t); in cca_ecc2protkey()
1427 memcpy(preqparm->kb.cca_key_token, key, keylen); in cca_ecc2protkey()
1429 preqcblk->req_parml = sizeof(struct aureqparm) + keylen; in cca_ecc2protkey()
1444 if (prepcblk->ccp_rtcode != 0) { in cca_ecc2protkey()
1446 "%s unwrap secure key failure, card response %d/%d\n", in cca_ecc2protkey()
1448 (int)prepcblk->ccp_rtcode, in cca_ecc2protkey()
1449 (int)prepcblk->ccp_rscode); in cca_ecc2protkey()
1450 if (prepcblk->ccp_rtcode == 8 && prepcblk->ccp_rscode == 2290) in cca_ecc2protkey()
1451 rc = -EAGAIN; in cca_ecc2protkey()
1453 rc = -EIO; in cca_ecc2protkey()
1456 if (prepcblk->ccp_rscode != 0) { in cca_ecc2protkey()
1458 "%s unwrap secure key warning, card response %d/%d\n", in cca_ecc2protkey()
1460 (int)prepcblk->ccp_rtcode, in cca_ecc2protkey()
1461 (int)prepcblk->ccp_rscode); in cca_ecc2protkey()
1466 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_ecc2protkey()
1470 if (prepparm->vud.ckb.version != 0x02) { in cca_ecc2protkey()
1472 __func__, (int)prepparm->vud.ckb.version); in cca_ecc2protkey()
1473 rc = -EIO; in cca_ecc2protkey()
1476 if (prepparm->vud.ckb.algo != 0x81) { in cca_ecc2protkey()
1479 __func__, (int)prepparm->vud.ckb.algo); in cca_ecc2protkey()
1480 rc = -EIO; in cca_ecc2protkey()
1485 if (prepparm->vud.ckb.keylen > *protkeylen) { in cca_ecc2protkey()
1487 __func__, prepparm->vud.ckb.keylen, *protkeylen); in cca_ecc2protkey()
1488 rc = -EIO; in cca_ecc2protkey()
1491 memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen); in cca_ecc2protkey()
1492 *protkeylen = prepparm->vud.ckb.keylen; in cca_ecc2protkey()
1537 preqcblk->domain = domain; in cca_query_crypto_facility()
1540 preqparm = (struct fqreqparm __force *)preqcblk->req_parmb; in cca_query_crypto_facility()
1541 memcpy(preqparm->subfunc_code, "FQ", 2); in cca_query_crypto_facility()
1542 memcpy(preqparm->rule_array, keyword, sizeof(preqparm->rule_array)); in cca_query_crypto_facility()
1543 preqparm->rule_array_len = in cca_query_crypto_facility()
1544 sizeof(preqparm->rule_array_len) + sizeof(preqparm->rule_array); in cca_query_crypto_facility()
1545 preqparm->lv1.len = sizeof(preqparm->lv1); in cca_query_crypto_facility()
1546 preqparm->dummylen = sizeof(preqparm->dummylen); in cca_query_crypto_facility()
1547 preqcblk->req_parml = parmbsize; in cca_query_crypto_facility()
1561 if (prepcblk->ccp_rtcode != 0) { in cca_query_crypto_facility()
1562 DEBUG_ERR("%s unwrap secure key failure, card response %d/%d\n", in cca_query_crypto_facility()
1564 (int)prepcblk->ccp_rtcode, in cca_query_crypto_facility()
1565 (int)prepcblk->ccp_rscode); in cca_query_crypto_facility()
1566 rc = -EIO; in cca_query_crypto_facility()
1572 prepcblk->rpl_parmb = (u8 __user *)ptr; in cca_query_crypto_facility()
1574 ptr = prepparm->lvdata; in cca_query_crypto_facility()
1580 len -= sizeof(u16); in cca_query_crypto_facility()
1591 len -= sizeof(u16); in cca_query_crypto_facility()
1607 int rc = -ENOENT; in cca_info_cache_fetch()
1612 if (ptr->cardnr == cardnr && ptr->domain == domain) { in cca_info_cache_fetch()
1613 memcpy(ci, &ptr->info, sizeof(*ci)); in cca_info_cache_fetch()
1631 if (ptr->cardnr == cardnr && in cca_info_cache_update()
1632 ptr->domain == domain) { in cca_info_cache_update()
1633 memcpy(&ptr->info, ci, sizeof(*ci)); in cca_info_cache_update()
1644 ptr->cardnr = cardnr; in cca_info_cache_update()
1645 ptr->domain = domain; in cca_info_cache_update()
1646 memcpy(&ptr->info, ci, sizeof(*ci)); in cca_info_cache_update()
1647 list_add(&ptr->list, &cca_info_list); in cca_info_cache_update()
1658 if (ptr->cardnr == cardnr && in cca_info_cache_scrub()
1659 ptr->domain == domain) { in cca_info_cache_scrub()
1660 list_del(&ptr->list); in cca_info_cache_scrub()
1674 list_del(&ptr->list); in mkvp_cache_free()
1696 ci->hwtype = devstat.hwtype; in fetch_cca_info()
1701 return -ENOMEM; in fetch_cca_info()
1710 memcpy(ci->serial, rarray, 8); in fetch_cca_info()
1711 ci->new_asym_mk_state = (char)rarray[4 * 8]; in fetch_cca_info()
1712 ci->cur_asym_mk_state = (char)rarray[5 * 8]; in fetch_cca_info()
1713 ci->old_asym_mk_state = (char)rarray[6 * 8]; in fetch_cca_info()
1714 if (ci->old_asym_mk_state == '2') in fetch_cca_info()
1715 memcpy(ci->old_asym_mkvp, varray + 64, 16); in fetch_cca_info()
1716 if (ci->cur_asym_mk_state == '2') in fetch_cca_info()
1717 memcpy(ci->cur_asym_mkvp, varray + 84, 16); in fetch_cca_info()
1718 if (ci->new_asym_mk_state == '3') in fetch_cca_info()
1719 memcpy(ci->new_asym_mkvp, varray + 104, 16); in fetch_cca_info()
1720 ci->new_aes_mk_state = (char)rarray[7 * 8]; in fetch_cca_info()
1721 ci->cur_aes_mk_state = (char)rarray[8 * 8]; in fetch_cca_info()
1722 ci->old_aes_mk_state = (char)rarray[9 * 8]; in fetch_cca_info()
1723 if (ci->old_aes_mk_state == '2') in fetch_cca_info()
1724 memcpy(&ci->old_aes_mkvp, varray + 172, 8); in fetch_cca_info()
1725 if (ci->cur_aes_mk_state == '2') in fetch_cca_info()
1726 memcpy(&ci->cur_aes_mkvp, varray + 184, 8); in fetch_cca_info()
1727 if (ci->new_aes_mk_state == '3') in fetch_cca_info()
1728 memcpy(&ci->new_aes_mkvp, varray + 196, 8); in fetch_cca_info()
1737 ci->new_apka_mk_state = (char)rarray[10 * 8]; in fetch_cca_info()
1738 ci->cur_apka_mk_state = (char)rarray[11 * 8]; in fetch_cca_info()
1739 ci->old_apka_mk_state = (char)rarray[12 * 8]; in fetch_cca_info()
1740 if (ci->old_apka_mk_state == '2') in fetch_cca_info()
1741 memcpy(&ci->old_apka_mkvp, varray + 208, 8); in fetch_cca_info()
1742 if (ci->cur_apka_mk_state == '2') in fetch_cca_info()
1743 memcpy(&ci->cur_apka_mkvp, varray + 220, 8); in fetch_cca_info()
1744 if (ci->new_apka_mk_state == '3') in fetch_cca_info()
1745 memcpy(&ci->new_apka_mkvp, varray + 232, 8); in fetch_cca_info()
1751 return found == 2 ? 0 : -ENOENT; in fetch_cca_info()
1782 int i, rc, oi = -1; in findcard()
1786 return -EINVAL; in findcard()
1793 return -ENOMEM; in findcard()
1859 rc = -ENODEV; in findcard()
1868 * Verification Pattern provided inside a secure key token.
1876 if (hdr->type != TOKTYPE_CCA_INTERNAL) in cca_findcard()
1877 return -EINVAL; in cca_findcard()
1879 switch (hdr->version) { in cca_findcard()
1881 mkvp = ((struct secaeskeytoken *)key)->mkvp; in cca_findcard()
1884 mkvp = ((struct cipherkeytoken *)key)->mkvp0; in cca_findcard()
1888 return -EINVAL; in cca_findcard()
1909 return -ENOMEM; in cca_findcard2()
1916 return -ENOMEM; in cca_findcard2()
1973 rc = -ENODEV; in cca_findcard2()
1975 /* no re-allocation, simple return the _apqns array */ in cca_findcard2()