commit 5b35047eb4 upstream.
When both the paes and the pkey kernel module are statically build
into the kernel, the paes cipher selftests run before the pkey
kernel module is initialized. So a static variable set in the pkey
init function and used in the pkey_clr2protkey function is not
initialized when the paes cipher's selftests request to call pckmo for
transforming a clear key value into a protected key.
This patch moves the initial setup of the static variable into
the function pck_clr2protkey. So it's possible, to use the function
for transforming a clear to a protected key even before the pkey
init function has been called and the paes selftests may run
successful.
Reported-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
Cc: <stable@vger.kernel.org> # 4.20
Fixes: f822ad2c2c ("s390/pkey: move pckmo subfunction available checks away from module init")
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit aab73d278d upstream.
The pkey ioctl call PKEY_SEC2PROTK updates a struct pkey_protkey
on return. The protected key is stored in, the protected key type
is stored in but the len information was not updated. This patch
now fixes this and so the len field gets an update to refrect
the actual size of the protected key value returned.
Fixes: efc598e6c8 ("s390/zcrypt: move cca misc functions to new code file")
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reported-by: Christian Rund <RUNDC@de.ibm.com>
Suggested-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Now that the pkey kernel module also supports CCA AES CIPHER keys:
Add binary read-only sysfs attributes for the pkey module
that can be used to read random CCA AES CIPHER secure keys from,
similar to the already existing sysfs attributes for AES DATA and
random protected keys. Keys are read from these attributes using
a cat-like interface.
A typical use case for those keys is to encrypt a swap device
using the paes cipher. During processing of /etc/crypttab, the
CCA random AES CIPHER secure key to encrypt the swap device is
read from one of the attributes.
The following attributes are added:
ccacipher/ccacipher_aes_128
ccacipher/ccacipher_aes_192
ccacipher/ccacipher_aes_256
ccacipher/ccacipher_aes_128_xts
ccacipher/ccacipher_aes_256_xts
Each attribute emits a secure key blob for the corresponding
key size and cipher mode.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Introduce new ioctls and structs to be used with these new ioctls
which are able to handle CCA AES secure keys and CCA AES cipher keys:
PKEY_GENSECK2: Generate secure key, version 2.
Generate either a CCA AES secure key or a CCA AES cipher key.
PKEY_CLR2SECK2: Generate secure key from clear key value, version 2.
Construct a CCA AES secure key or CCA AES cipher key from a given
clear key value.
PKEY_VERIFYKEY2: Verify the given secure key, version 2.
Check for correct key type. If cardnr and domain are given, also
check if this apqn is able to handle this type of key. If cardnr and
domain are 0xFFFF, on return these values are filled with an apqn
able to handle this key. The function also checks for the master key
verification patterns of the key matching to the current or
alternate mkvp of the apqn. CCA AES cipher keys are also checked
for CPACF export allowed (CPRTCPAC flag). Currently CCA AES secure
keys and CCA AES cipher keys are supported (may get extended in the
future).
PKEY_KBLOB2PROTK2: Transform a key blob (of any type) into
a protected key, version 2. Difference to version 1 is only that
this new ioctl has additional parameters to provide a list of
apqns to be used for the transformation.
PKEY_APQNS4K: Generate a list of APQNs based on the key blob given.
Is able to find out which type of secure key is given (CCA AES
secure key or CCA AES cipher key) and tries to find all matching
crypto cards based on the MKVP and maybe other criterias (like CCA
AES cipher keys need a CEX6C or higher). The list of APQNs is
further filtered by the key's mkvp which needs to match to either
the current mkvp or the alternate mkvp (which is the old mkvp on CCA
adapters) of the apqns. The flags argument may be used to limit the
matching apqns. If the PKEY_FLAGS_MATCH_CUR_MKVP is given, only the
current mkvp of each apqn is compared. Likewise with the
PKEY_FLAGS_MATCH_ALT_MKVP. If both are given it is assumed to return
apqns where either the current or the alternate mkvp matches. If no
matching APQN is found, the ioctl returns with 0 but the
apqn_entries value is 0.
PKEY_APQNS4KT: Generate a list of APQNs based on the key type given.
Build a list of APQNs based on the given key type and maybe further
restrict the list by given master key verification patterns.
For different key types there may be different ways to match the
master key verification patterns. For CCA keys (CCA data key and CCA
cipher key) the first 8 bytes of cur_mkvp refer to the current mkvp
value of the apqn and the first 8 bytes of the alt_mkvp refer to the
old mkvp. The flags argument controls if the apqns current and/or
alternate mkvp should match. If the PKEY_FLAGS_MATCH_CUR_MKVP is
given, only the current mkvp of each apqn is compared. Likewise with
the PKEY_FLAGS_MATCH_ALT_MKVP. If both are given, it is assumed to
return apqns where either the current or the alternate mkvp
matches. If no matching APQN is found, the ioctl returns with 0 but
the apqn_entries value is 0.
These new ioctls are now prepared for another new type of secure key
blob which may come in the future. They all use a pointer to the key
blob and a key blob length information instead of some hardcoded byte
array. They all use the new enums pkey_key_type, pkey_key_size and
pkey_key_info for getting/setting key type, key size and additional
info about the key. All but the PKEY_VERIFY2 ioctl now work based on a
list of apqns. This list is walked through trying to perform the
operation on exactly this apqn without any further checking (like card
type or online state). If the apqn fails, simple the next one in the
list is tried until success (return 0) or the end of the list is
reached (return -1 with errno ENODEV). All apqns in the list need to
be exact apqns (0xFFFF as any card or domain is not allowed). There
are two new ioctls which can be used to build a list of apqns based on
a key or key type and maybe restricted by match to a current or
alternate master key verifcation pattern.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
There are a lot of pkey functions exported as in-kernel callable
API functions but not used at all. This patch narrows down the
pkey in-kernel API to what is currently only used and exploited.
Within the kernel just use u32 without any leading __u32. Also
functions declared in a header file in arch/s390/include/asm
don't need a comment 'In-kernel API', this is by definition,
otherwise the header file would be in arch/s390/include/uapi/asm.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Rework of the pkey code. Moved all the cca generic code
away from pkey_api.c into a new file zcrypt_ccamisc.c.
This new file is now part of the zcrypt device driver
and exports a bunch of cca functions to pkey and may
be called from other kernel modules as well.
The pkey ioctl API is unchanged.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
systemd-modules-load.service automatically tries to load the pkey module
on systems that have MSA.
Pkey also requires the MSA3 facility and a bunch of subfunctions.
Failing with -EOPNOTSUPP makes "systemd-modules-load.service" fail on
any system that does not have all needed subfunctions. For example,
when running under QEMU TCG (but also on systems where protected keys
are disabled via the HMC).
Let's use -ENODEV, so systemd-modules-load.service properly ignores
failing to load the pkey module because of missing HW functionality.
While at it, also convert the -EOPNOTSUPP in pkey_clr2protkey() to -ENODEV.
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
The debug feature entries have been used with up to 5 arguents
(including the pointer to the format string) but there was only
space reserved for 4 arguemnts. So now the registration does
reserve space for 5 times a long value.
This fixes a sometime appearing weired value as the last
value of an debug feature entry like this:
... pkey_sec2protkey zcrypt_send_cprb (cardnr=10 domain=12)
failed with errno -2143346254
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reported-by: Christian Rund <Christian.Rund@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus the
verification patterns are the same, too. The check to report if a
secure key is currently wrapped by the old master key erroneously
reports old mkvp in this case.
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The init of the pkey module currently fails if the pckmo instruction
or the subfunctions are not available. However, customers may
restrict their LPAR to switch off exactly these functions and work
with secure key only. So it is a valid case to have the pkey module
active and use it for secure key to protected key transfer only.
This patch moves the pckmo subfunction check from the pkey module init
function into the internal function where the pckmo instruction is
called. So now only on invocation of the pckmo instruction the check
for the required subfunction is done. If not available EOPNOTSUPP is
returned to the caller.
The check for having the pckmo instruction available is still done
during module init. This instruction came in with MSA 3 together with
the basic set of kmc instructions needed to work with protected keys.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
With the recent enhancements of the pkey kernel module,
the pkey kernel module should be loaded automatically
during system startup, if MSA is available.
When used for swap device encryption with random protected
keys, pkey must be loaded before /etc/crypttab is processed,
otherwise the sysfs attributes to read the key from are
not available.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Introduce a new ioctl API and in-kernel API to transform
a variable length key blob of any supported type into a
protected key.
Transforming a secure key blob uses the already existing
function pkey_sec2protk().
Transforming a protected key blob also verifies if the
protected key is still valid. If not, -ENODEV is returned.
Both APIs are described in detail in the header files
arch/s390/include/asm/pkey.h and arch/s390/include/uapi/asm/pkey.h.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Introduce a new ioctl API and in-kernel API to verify if a
random protected key is still valid. A protected key is
invalid when its wrapping key verification pattern does not
match the verification pattern of the LPAR. Each time an LPAR
is activated, a new LPAR wrapping key is generated and the
wrapping key verification pattern is updated.
Both APIs are described in detail in the header files
arch/s390/include/asm/pkey.h and arch/s390/include/uapi/asm/pkey.h.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Add binary read-only sysfs attributes for the pkey module
that can be used to read random ccadata secure keys from.
Keys are read from these attributes using a cat-like interface.
A typical use case for those keys is to encrypt a swap device
using the paes cipher. During processing of /etc/crypttab, the
random random ccadata secure key to encrypt the swap device is
read from one of the attributes.
The following attributes are added:
ccadata/aes_128
ccadata/aes_192
ccadata/aes_256
ccadata/aes_128_xts
ccadata/aes_256_xts
Each attribute emits a secure key blob for the corresponding
key size and cipher mode.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Add binary read-only sysfs attributes for the pkey module
that can be used to read random protected keys from.
Keys are read from these attributes using a cat-like interface.
A typical use case for those keys is to encrypt a swap device
using the paes cipher. During processing of /etc/crypttab, the
random protected key to encrypt the swap device is read from
one of the attributes.
The following attributes are added:
protkey/aes_128
protkey/aes_192
protkey/aes_256
protkey/aes_128_xts
protkey/aes_256_xts
Each attribute emits a protected key blob for the corresponding
key size and cipher mode.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Define a new protected key blob format. Protected key
blobs use a type of 0x00, to be distinguished from other
CCA key blobs. CCA defines type 0x00 as NULL key blob,
but pkey will never use NULL keys anyway, so it is save
to reuse this type. Using another so far undefined type
value would introduce the risk that sometimes in the
future CCA defines this so far unassigned type for a
future key blob.
Also add defines for the key token types and versions,
and use them instead of hard coded hex values.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This patch introduces a new ioctl API and in-kernel API to
generate a random protected key. The protected key is generated
in a way that the effective clear key is never exposed in clear.
Both APIs are described in detail in the header files
arch/s390/include/asm/pkey.h and arch/s390/include/uapi/asm/pkey.h.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Code beautify by following most of the checkpatch suggestions:
- SPDX license identifier line complains by checkpatch
- missing space or newline complains by checkpatch
- octal numbers for permssions complains by checkpatch
- renaming of static sysfs functions complains by checkpatch
- fix of block comment complains by checkpatch
- fix printf like calls where function name instead of %s __func__
was used
- __packed instead of __attribute__((packed))
- init to zero for static variables removed
- use of DEVICE_ATTR_RO and DEVICE_ATTR_RW macros
No functional code changes or API changes!
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Replace strncpy which is used to deliberately avoid string NUL-termination
with memcpy. This allows to get rid of gcc 8 stringop-truncation warning:
inlined from 'query_crypto_facility.constprop' at
drivers/s390/crypto/pkey_api.c:702:2:
./include/linux/string.h:246:9: warning: '__builtin_strncpy' output
truncated before terminating nul copying 8 bytes from a string of the
same length [-Wstringop-truncation]
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
There was an artificial restriction on the card/adapter id
to only 6 bits but all the AP commands do support adapter
ids with 8 bit. This patch removes this restriction to 64
adapters and now up to 256 adapter can get addressed.
Some of the ioctl calls work on the max number of cards
possible (which was 64). These ioctls are now deprecated
but still supported. All the defines, structs and ioctl
interface declarations have been kept for compabibility.
There are now new ioctls (and defines for these) with an
additional '2' appended which provide the extended versions
with 256 cards supported.
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Now that the SPDX tag is in all drivers/s390/crypto/ files, that
identifies the license in a specific and legally-defined manner. So the
extra GPL text wording can be removed as it is no longer needed at all.
This is done on a quest to remove the 700+ different ways that files in
the kernel describe the GPL license text. And there's unneeded stuff
like the address (sometimes incorrect) for the FSF which is never
needed.
No copyright headers or other non-license-description text was removed.
Cc: Harald Freudenberger <freude@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
It's good to have SPDX identifiers in all files to make it easier to
audit the kernel tree for correct licenses.
Update the drivers/s390/crypto/ files with the correct SPDX license
identifier based on the license text in the file itself. The SPDX
identifier is a legally binding shorthand, which can be used instead of
the full boiler plate text.
This work is based on a script and data from Thomas Gleixner, Philippe
Ombredanne, and Kate Stewart.
Cc: Harald Freudenberger <freude@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
drivers/s390/crypto/pkey_api.c:128:11-18: WARNING:
kzalloc should be used for cprbmem, instead of kmalloc/memset
Use kzalloc rather than kmalloc followed by memset with 0
Signed-off-by: Vasyl Gomonovych <gomonovych@gmail.com>
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Add missing __user annotations to get rid of a couple of sparse
warnings. All callers actually pass kernel pointers instead of user
space pointers, however the pointers are being used within
KERNEL_DS. So everything is fine.
Corresponding sparse warnings:
drivers/s390/crypto/pkey_api.c:181:41:
warning: incorrect type in assignment (different address spaces)
expected char [noderef] <asn:1>*request_control_blk_addr
got void *<noident>
Cc: Harald Freudenberger <freude@linux.vnet.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
drivers/s390/crypto/pkey_api.c:1197:12:
warning: symbol 'pkey_init' was not declared. Should it be static?
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
User space needs some information about the secure key(s)
before actually invoking the pkey and/or paes funcionality.
This patch introduces a new ioctl API and in kernel API to
verify the the secure key blob and give back some
information about the key (type, bitsize, old MKVP).
Both APIs are described in detail in the header files
arch/s390/include/asm/pkey.h and arch/s390/include/uapi/asm/pkey.h.
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
When a secure key with an old Master Key Verification
Pattern was given to the pkey_findcard function, there was
no responsible card found because only the current MKVP of
each card was compared. With this fix also the old MKVP
values are considered and so a matching card able to handle
the key is reported back to the caller.
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This patch introcudes a new kernel module pkey which is providing
protected key handling and management functions. The pkey API is
available within the kernel for other s390 specific code to create
and manage protected keys. Additionally the functions are exported
to user space via IOCTL calls. The implementation makes extensive
use of functions provided by the zcrypt device driver. For
generating protected keys from secure keys there is also a CEX
coprocessor card needed.
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Harald Freudenberger