xref: /kernel/linux/linux-6.6/drivers/s390/crypto/zcrypt_ep11misc.c

222  * Simple check if the key blob is a valid EP11 AES key blob with header.
225 				const u8 *key, size_t keylen, int checkcpacfexp)
227 	struct ep11kblob_header *hdr = (struct ep11kblob_header *)key;
228 	struct ep11keyblob *kb = (struct ep11keyblob *)(key + sizeof(*hdr));
233 		DBF("%s key check failed, keylen %zu < %zu\n",
240 			DBF("%s key check failed, type 0x%02x != 0x%02x\n",
246 			DBF("%s key check failed, header version 0x%02x != 0x00\n",
252 			DBF("%s key check failed, version 0x%02x != 0x%02x\n",
258 			DBF("%s key check failed, header len %d keylen %zu mismatch\n",
264 			DBF("%s key check failed, header len %d < %zu\n",
271 			DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
277 			DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
289  * Simple check if the key blob is a valid EP11 ECC key blob with header.
292 				const u8 *key, size_t keylen, int checkcpacfexp)
294 	struct ep11kblob_header *hdr = (struct ep11kblob_header *)key;
295 	struct ep11keyblob *kb = (struct ep11keyblob *)(key + sizeof(*hdr));
300 		DBF("%s key check failed, keylen %zu < %zu\n",
307 			DBF("%s key check failed, type 0x%02x != 0x%02x\n",
313 			DBF("%s key check failed, header version 0x%02x != 0x00\n",
319 			DBF("%s key check failed, version 0x%02x != 0x%02x\n",
325 			DBF("%s key check failed, header len %d keylen %zu mismatch\n",
331 			DBF("%s key check failed, header len %d < %zu\n",
338 			DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
344 			DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
356  * Simple check if the key blob is a valid EP11 AES key blob with
357  * the header in the session field (old style EP11 AES key).
360 		       const u8 *key, size_t keylen, int checkcpacfexp)
362 	struct ep11keyblob *kb = (struct ep11keyblob *)key;
367 		DBF("%s key check failed, keylen %zu < %zu\n",
374 			DBF("%s key check failed, type 0x%02x != 0x%02x\n",
380 			DBF("%s key check failed, version 0x%02x != 0x%02x\n",
386 			DBF("%s key check failed, header len %d keylen %zu mismatch\n",
392 			DBF("%s key check failed, header len %d < %zu\n",
399 			DBF("%s key check failed, blob magic 0x%04x != 0x%04x\n",
405 			DBF("%s key check failed, PKEY_EXTRACTABLE is off\n",
767  * Default EP11 AES key generate attributes, used when no keygenflags given:
896 		DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
902 	/* copy key blob */
953 			    const u8 *key, size_t keysize,
967 		 * followed by key tag + key blob
1010 	/* key and input data */
1011 	p += asn1tag_write(p, 0x04, key, keysize);
1104 		 * followed by encryted key tag + bytes
1163 	/* empty mac key tag */
1170 	/* encrypted key value tag and bytes */
1206 		DEBUG_ERR("%s mismatch reply data len / key buffer len\n",
1212 	/* copy key blob */
1260 			 const u8 *key, size_t keysize,
1274 		 * followed by key tag + key blob
1319 	/* key blob */
1320 	p += asn1tag_write(p, 0x04, key, keysize);
1403 	/* Step 1: generate AES 256 bit random kek key */
1409 			"%s generate kek key failed, rc=%d\n",
1414 	/* Step 2: encrypt clear key value with the kek key */
1419 			"%s encrypting key value with kek key failed, rc=%d\n",
1424 	/* Step 3: import the encrypted key value as a new key */
1430 			"%s importing key value as new key failed,, rc=%d\n",
1446 	struct ep11keyblob *key;
1460 	if (ep11_kb_decode((u8 *)keyblob, keybloblen, &hdr, NULL, &key, &keylen))
1475 	/* ep11 secure key -> protected key + info */
1476 	rc = _ep11_wrapkey(card, dom, (u8 *)key, keylen,
1480 			"%s rewrapping ep11 key to pkey failed, rc=%d\n",
1494 	/* check protected key type field */
1499 			/* AES 128 protected key */
1504 			/* AES 192 protected key */
1509 			/* AES 256 protected key */
1528 		DEBUG_ERR("%s unknown/unsupported key type %d\n",
1534 	/* copy the translated protected key */

Indexes created Thu Nov 07 10:32:03 CST 2024