linux/drivers/s390/crypto/pkey_base.h

/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * Copyright IBM Corp. 2024
 *
 * Pkey base: debug feature, defines and structs
 * common to all pkey code.
 */

#ifndef _PKEY_BASE_H_
#define _PKEY_BASE_H_

#include <linux/types.h>
#include <asm/debug.h>
#include <asm/pkey.h>

/*
 * pkey debug feature
 */

extern debug_info_t *pkey_dbf_info;

#define PKEY_DBF_INFO(...) debug_sprintf_event(pkey_dbf_info, 5, ##__VA_ARGS__)
#define PKEY_DBF_WARN(...) debug_sprintf_event(pkey_dbf_info, 4, ##__VA_ARGS__)
#define PKEY_DBF_ERR(...)  debug_sprintf_event(pkey_dbf_info, 3, ##__VA_ARGS__)

/*
 * common defines and common structs
 */

#define KEYBLOBBUFSIZE 8192	/* key buffer size used for internal processing */
#define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header))
#define PROTKEYBLOBBUFSIZE 256	/* protected key buffer size used internal */
#define MAXAPQNSINLIST 64	/* max 64 apqns within a apqn list */
#define AES_WK_VP_SIZE 32	/* Size of WK VP block appended to a prot key */

/* inside view of a generic protected key token */
struct protkeytoken {
	u8  type;     /* 0x00 for PAES specific key tokens */
	u8  res0[3];
	u8  version;  /* should be 0x01 for protected key token */
	u8  res1[3];
	u32 keytype;  /* key type, one of the PKEY_KEYTYPE values */
	u32 len;      /* bytes actually stored in protkey[] */
	u8  protkey[]; /* the protected key blob */
} __packed;

/* inside view of a protected AES key token */
struct protaeskeytoken {
	u8  type;     /* 0x00 for PAES specific key tokens */
	u8  res0[3];
	u8  version;  /* should be 0x01 for protected key token */
	u8  res1[3];
	u32 keytype;  /* key type, one of the PKEY_KEYTYPE values */
	u32 len;      /* bytes actually stored in protkey[] */
	u8  protkey[MAXPROTKEYSIZE]; /* the protected key blob */
} __packed;

/* inside view of a clear key token (type 0x00 version 0x02) */
struct clearkeytoken {
	u8  type;	/* 0x00 for PAES specific key tokens */
	u8  res0[3];
	u8  version;	/* 0x02 for clear key token */
	u8  res1[3];
	u32 keytype;	/* key type, one of the PKEY_KEYTYPE_* values */
	u32 len;	/* bytes actually stored in clearkey[] */
	u8  clearkey[]; /* clear key value */
} __packed;

/* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */
static inline u32 pkey_keytype_aes_to_size(u32 keytype)
{
	switch (keytype) {
	case PKEY_KEYTYPE_AES_128:
		return 16;
	case PKEY_KEYTYPE_AES_192:
		return 24;
	case PKEY_KEYTYPE_AES_256:
		return 32;
	default:
		return 0;
	}
}

/* helper function which translates AES key bit size into PKEY_KEYTYPE_AES_* */
static inline u32 pkey_aes_bitsize_to_keytype(u32 keybitsize)
{
	switch (keybitsize) {
	case 128:
		return PKEY_KEYTYPE_AES_128;
	case 192:
		return PKEY_KEYTYPE_AES_192;
	case 256:
		return PKEY_KEYTYPE_AES_256;
	default:
		return 0;
	}
}

/*
 * helper function which translates the PKEY_KEYTYPE_*
 * to the protected key size minus the WK VP length
 */
static inline u32 pkey_keytype_to_size(u32 keytype)
{
	switch (keytype) {
	case PKEY_KEYTYPE_AES_128:
		return 16;
	case PKEY_KEYTYPE_AES_192:
		return 24;
	case PKEY_KEYTYPE_AES_256:
		return 32;
	case PKEY_KEYTYPE_ECC_P256:
		return 32;
	case PKEY_KEYTYPE_ECC_P384:
		return 48;
	case PKEY_KEYTYPE_ECC_P521:
		return 80;
	case PKEY_KEYTYPE_ECC_ED25519:
		return 32;
	case PKEY_KEYTYPE_ECC_ED448:
		return 54;
	case PKEY_KEYTYPE_AES_XTS_128:
		return 32;
	case PKEY_KEYTYPE_AES_XTS_256:
		return 64;
	case PKEY_KEYTYPE_HMAC_512:
		return 64;
	case PKEY_KEYTYPE_HMAC_1024:
		return 128;
	default:
		return 0;
	}
}

/*
 * pkey_api.c:
 */
int __init pkey_api_init(void);
void __exit pkey_api_exit(void);

/*
 * pkey_sysfs.c:
 */

extern const struct attribute_group *pkey_attr_groups[];

/*
 * pkey handler registry
 */

struct pkey_handler {
	struct module *module;
	const char *name;
	/*
	 * is_supported_key() and is_supported_keytype() are called
	 * within an rcu_read_lock() scope and thus must not sleep!
	 */
	bool (*is_supported_key)(const u8 *key, u32 keylen);
	bool (*is_supported_keytype)(enum pkey_key_type);
	int (*key_to_protkey)(const struct pkey_apqn *apqns, size_t nr_apqns,
			      const u8 *key, u32 keylen,
			      u8 *protkey, u32 *protkeylen, u32 *protkeytype,
			      u32 xflags);
	int (*slowpath_key_to_protkey)(const struct pkey_apqn *apqns,
				       size_t nr_apqns,
				       const u8 *key, u32 keylen,
				       u8 *protkey, u32 *protkeylen,
				       u32 *protkeytype, u32 xflags);
	int (*gen_key)(const struct pkey_apqn *apqns, size_t nr_apqns,
		       u32 keytype, u32 keysubtype,
		       u32 keybitsize, u32 flags,
		       u8 *keybuf, u32 *keybuflen, u32 *keyinfo, u32 xflags);
	int (*clr_to_key)(const struct pkey_apqn *apqns, size_t nr_apqns,
			  u32 keytype, u32 keysubtype,
			  u32 keybitsize, u32 flags,
			  const u8 *clrkey, u32 clrkeylen,
			  u8 *keybuf, u32 *keybuflen, u32 *keyinfo, u32 xflags);
	int (*verify_key)(const u8 *key, u32 keylen,
			  u16 *card, u16 *dom,
			  u32 *keytype, u32 *keybitsize, u32 *flags,
			  u32 xflags);
	int (*apqns_for_key)(const u8 *key, u32 keylen, u32 flags,
			     struct pkey_apqn *apqns, size_t *nr_apqns,
			     u32 xflags);
	int (*apqns_for_keytype)(enum pkey_key_type ktype,
				 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
				 struct pkey_apqn *apqns, size_t *nr_apqns,
				 u32 xflags);
	/* used internal by pkey base */
	struct list_head list;
};

int pkey_handler_register(struct pkey_handler *handler);
int pkey_handler_unregister(struct pkey_handler *handler);

/*
 * invocation function for the registered pkey handlers
 */

const struct pkey_handler *pkey_handler_get_keybased(const u8 *key, u32 keylen);
const struct pkey_handler *pkey_handler_get_keytypebased(enum pkey_key_type kt);
void pkey_handler_put(const struct pkey_handler *handler);

int pkey_handler_key_to_protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
				const u8 *key, u32 keylen,
				u8 *protkey, u32 *protkeylen, u32 *protkeytype,
				u32 xflags);
int pkey_handler_slowpath_key_to_protkey(const struct pkey_apqn *apqns,
					 size_t nr_apqns,
					 const u8 *key, u32 keylen,
					 u8 *protkey, u32 *protkeylen,
					 u32 *protkeytype, u32 xflags);
int pkey_handler_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns,
			 u32 keytype, u32 keysubtype,
			 u32 keybitsize, u32 flags,
			 u8 *keybuf, u32 *keybuflen, u32 *keyinfo, u32 xflags);
int pkey_handler_clr_to_key(const struct pkey_apqn *apqns, size_t nr_apqns,
			    u32 keytype, u32 keysubtype,
			    u32 keybitsize, u32 flags,
			    const u8 *clrkey, u32 clrkeylen,
			    u8 *keybuf, u32 *keybuflen, u32 *keyinfo,
			    u32 xflags);
int pkey_handler_verify_key(const u8 *key, u32 keylen,
			    u16 *card, u16 *dom,
			    u32 *keytype, u32 *keybitsize, u32 *flags,
			    u32 xflags);
int pkey_handler_apqns_for_key(const u8 *key, u32 keylen, u32 flags,
			       struct pkey_apqn *apqns, size_t *nr_apqns,
			       u32 xflags);
int pkey_handler_apqns_for_keytype(enum pkey_key_type ktype,
				   u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
				   struct pkey_apqn *apqns, size_t *nr_apqns,
				   u32 xflags);

/*
 * Unconditional try to load all handler modules
 */
void pkey_handler_request_modules(void);

#endif /* _PKEY_BASE_H_ */