xref: /kernel/linux/linux-5.10/drivers/s390/crypto/zcrypt_ccamisc.c

49  * Simple check if the token is a valid CCA secure AES data key
50  * token. If keybitsize is given, the bitsize of the key is
86  * Simple check if the token is a valid CCA secure AES cipher key
87  * token. If keybitsize is given, the bitsize of the key is
88  * also checked. If checkcpacfexport is enabled, the key is also
177  * key token. Returns 0 on success or errno value on failure.
267  * clear key material in there).
295  * Generate (random) CCA AES DATA secure key.
396 		DEBUG_ERR("%s secure key generate failure, card response %d/%d\n",
409 	/* check length of the returned secure key token */
420 	/* check secure key token */
428 	/* copy the generated secure key token */
438  * Generate an CCA AES DATA secure key with given key value.
534 		DEBUG_ERR("%s clear key import failure, card response %d/%d\n",
547 	/* check length of the returned secure key token */
558 	/* check secure key token */
566 	/* copy the generated secure key token */
577  * Derive proteced key from an CCA AES DATA secure key.
599 			u8  token[0];	      /* cca secure key token */
616 				u8  key[64];  /* the key (len bytes) */
661 		DEBUG_ERR("%s unwrap secure key failure, card response %d/%d\n",
669 		DEBUG_WARN("%s unwrap secure key warning, card response %d/%d\n",
689 	/* copy the tanslated protected key */
692 		/* AES 128 protected key */
697 		/* AES 192 protected key */
702 		/* AES 256 protected key */
712 	memcpy(protkey, prepparm->lv3.ckb.key, prepparm->lv3.ckb.len);
723  * AES cipher key skeleton created with CSNBKTB2 with these flags:
739  * Generate (random) CCA AES CIPHER secure key.
867 	/* patch the skeleton key token export flags inside the kb block */
889 			"%s cipher key generate failure, card response %d/%d\n",
902 	/* do some plausibility checks on the key block */
905 		DEBUG_ERR("%s reply with invalid or unknown key block\n",
911 	/* and some checks on the generated key */
920 	/* copy the generated vlsc key token */
967 			u8  clr_key[0]; /* clear key value bytes */
975 			u8  key_token[0]; /* key skeleton */
989 				u8  key_token[0]; /* key token */
1032 	/* prepare key block */
1070 	/* do some plausibility checks on the key block */
1073 		DEBUG_ERR("%s reply with invalid or unknown key block\n",
1079 	/* do not check the key here, it may be incomplete */
1081 	/* copy the vlsc key token back */
1092  * Build CCA AES CIPHER secure key with a given clear key value.
1106 	/* allocate space for the key token to build */
1111 	/* prepare the token with the key skeleton */
1115 	/* patch the skeleton key token export flags */
1123 	 * Do the key import with the clear key value in 4 steps:
1125 	 * 2/4 EXOR the clear key
1127 	 * 4/4 COMPLETE the secure cipher key import
1133 			"%s clear key import 1/4 with CSNBKPI2 failed, rc=%d\n",
1141 			"%s clear key import 2/4 with CSNBKPI2 failed, rc=%d\n",
1149 			"%s clear key import 3/4 with CSNBKPI2 failed, rc=%d\n",
1157 			"%s clear key import 4/4 with CSNBKPI2 failed, rc=%d\n",
1162 	/* copy the generated key token */
1178  * Derive proteced key from CCA AES cipher secure key.
1218 				u8  key[64];  /* the key (keylen bytes) */
1274 			"%s unwrap secure key failure, card response %d/%d\n",
1283 			"%s unwrap secure key warning, card response %d/%d\n",
1310 	/* copy the translated protected key */
1313 		/* AES 128 protected key */
1318 		/* AES 192 protected key */
1323 		/* AES 256 protected key */
1333 	memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen);
1344  * Derive protected key from CCA ECC secure private key.
1346 int cca_ecc2protkey(u16 cardnr, u16 domain, const u8 *key,
1384 				u8  key[0];  /* the key (keylen bytes) */
1396 	int keylen = ((struct eccprivkeytoken *)key)->len;
1421 	memcpy(preqparm->kb.cca_key_token, key, keylen);
1440 			"%s unwrap secure key failure, card response %d/%d\n",
1449 			"%s unwrap secure key warning, card response %d/%d\n",
1475 	/* copy the translated protected key */
1482 	memcpy(protkey, prepparm->vud.ckb.key, prepparm->vud.ckb.keylen);
1553 		DEBUG_ERR("%s unwrap secure key failure, card response %d/%d\n",
1849  * Verification Pattern provided inside a secure key token.
1851 int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify)
1855 	const struct keytoken_header *hdr = (struct keytoken_header *) key;
1862 		mkvp = ((struct secaeskeytoken *)key)->mkvp;
1865 		mkvp = ((struct cipherkeytoken *)key)->mkvp0;
1919 		/* current master key needs to be valid */

Indexes created Thu Nov 07 10:32:03 CST 2024