Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * DIAG 0x320 support and certificate store handling
4 *
5 * Copyright IBM Corp. 2023
6 * Author(s): Anastasia Eskova <anastasia.eskova@ibm.com>
7 */
8
9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10
11#include <linux/delay.h>
12#include <linux/device.h>
13#include <linux/fs.h>
14#include <linux/init.h>
15#include <linux/kernel.h>
16#include <linux/key-type.h>
17#include <linux/key.h>
18#include <linux/keyctl.h>
19#include <linux/kobject.h>
20#include <linux/module.h>
21#include <linux/seq_file.h>
22#include <linux/slab.h>
23#include <linux/sysfs.h>
24#include <crypto/sha2.h>
25#include <keys/user-type.h>
26#include <asm/debug.h>
27#include <asm/diag.h>
28#include <asm/ebcdic.h>
29#include <asm/sclp.h>
30
31#define DIAG_MAX_RETRIES 10
32
33#define VCE_FLAGS_VALID_MASK 0x80
34
35#define ISM_LEN_DWORDS 4
36#define VCSSB_LEN_BYTES 128
37#define VCSSB_LEN_NO_CERTS 4
38#define VCB_LEN_NO_CERTS 64
39#define VC_NAME_LEN_BYTES 64
40
41#define CERT_STORE_KEY_TYPE_NAME "cert_store_key"
42#define CERT_STORE_KEYRING_NAME "cert_store"
43
44static debug_info_t *cert_store_dbf;
45static debug_info_t *cert_store_hexdump;
46
47#define pr_dbf_msg(fmt, ...) \
48 debug_sprintf_event(cert_store_dbf, 3, fmt "\n", ## __VA_ARGS__)
49
50enum diag320_subcode {
51 DIAG320_SUBCODES = 0,
52 DIAG320_STORAGE = 1,
53 DIAG320_CERT_BLOCK = 2,
54};
55
56enum diag320_rc {
57 DIAG320_RC_OK = 0x0001,
58 DIAG320_RC_CS_NOMATCH = 0x0306,
59};
60
61/* Verification Certificates Store Support Block (VCSSB). */
62struct vcssb {
63 u32 vcssb_length;
64 u8 pad_0x04[3];
65 u8 version;
66 u8 pad_0x08[8];
67 u32 cs_token;
68 u8 pad_0x14[12];
69 u16 total_vc_index_count;
70 u16 max_vc_index_count;
71 u8 pad_0x24[28];
72 u32 max_vce_length;
73 u32 max_vcxe_length;
74 u8 pad_0x48[8];
75 u32 max_single_vcb_length;
76 u32 total_vcb_length;
77 u32 max_single_vcxb_length;
78 u32 total_vcxb_length;
79 u8 pad_0x60[32];
80} __packed __aligned(8);
81
82/* Verification Certificate Entry (VCE) Header. */
83struct vce_header {
84 u32 vce_length;
85 u8 flags;
86 u8 key_type;
87 u16 vc_index;
88 u8 vc_name[VC_NAME_LEN_BYTES]; /* EBCDIC */
89 u8 vc_format;
90 u8 pad_0x49;
91 u16 key_id_length;
92 u8 pad_0x4c;
93 u8 vc_hash_type;
94 u16 vc_hash_length;
95 u8 pad_0x50[4];
96 u32 vc_length;
97 u8 pad_0x58[8];
98 u16 vc_hash_offset;
99 u16 vc_offset;
100 u8 pad_0x64[28];
101} __packed __aligned(4);
102
103/* Verification Certificate Block (VCB) Header. */
104struct vcb_header {
105 u32 vcb_input_length;
106 u8 pad_0x04[4];
107 u16 first_vc_index;
108 u16 last_vc_index;
109 u32 pad_0x0c;
110 u32 cs_token;
111 u8 pad_0x14[12];
112 u32 vcb_output_length;
113 u8 pad_0x24[3];
114 u8 version;
115 u16 stored_vc_count;
116 u16 remaining_vc_count;
117 u8 pad_0x2c[20];
118} __packed __aligned(4);
119
120/* Verification Certificate Block (VCB). */
121struct vcb {
122 struct vcb_header vcb_hdr;
123 u8 vcb_buf[];
124} __packed __aligned(4);
125
126/* Verification Certificate Entry (VCE). */
127struct vce {
128 struct vce_header vce_hdr;
129 u8 cert_data_buf[];
130} __packed __aligned(4);
131
132static void cert_store_key_describe(const struct key *key, struct seq_file *m)
133{
134 char ascii[VC_NAME_LEN_BYTES + 1];
135
136 /*
137 * First 64 bytes of the key description is key name in EBCDIC CP 500.
138 * Convert it to ASCII for displaying in /proc/keys.
139 */
140 strscpy(ascii, key->description, sizeof(ascii));
141 EBCASC_500(ascii, VC_NAME_LEN_BYTES);
142 seq_puts(m, ascii);
143
144 seq_puts(m, &key->description[VC_NAME_LEN_BYTES]);
145 if (key_is_positive(key))
146 seq_printf(m, ": %u", key->datalen);
147}
148
149/*
150 * Certificate store key type takes over properties of
151 * user key but cannot be updated.
152 */
153static struct key_type key_type_cert_store_key = {
154 .name = CERT_STORE_KEY_TYPE_NAME,
155 .preparse = user_preparse,
156 .free_preparse = user_free_preparse,
157 .instantiate = generic_key_instantiate,
158 .revoke = user_revoke,
159 .destroy = user_destroy,
160 .describe = cert_store_key_describe,
161 .read = user_read,
162};
163
164/* Logging functions. */
165static void pr_dbf_vcb(const struct vcb *b)
166{
167 pr_dbf_msg("VCB Header:");
168 pr_dbf_msg("vcb_input_length: %d", b->vcb_hdr.vcb_input_length);
169 pr_dbf_msg("first_vc_index: %d", b->vcb_hdr.first_vc_index);
170 pr_dbf_msg("last_vc_index: %d", b->vcb_hdr.last_vc_index);
171 pr_dbf_msg("cs_token: %d", b->vcb_hdr.cs_token);
172 pr_dbf_msg("vcb_output_length: %d", b->vcb_hdr.vcb_output_length);
173 pr_dbf_msg("version: %d", b->vcb_hdr.version);
174 pr_dbf_msg("stored_vc_count: %d", b->vcb_hdr.stored_vc_count);
175 pr_dbf_msg("remaining_vc_count: %d", b->vcb_hdr.remaining_vc_count);
176}
177
178static void pr_dbf_vce(const struct vce *e)
179{
180 unsigned char vc_name[VC_NAME_LEN_BYTES + 1];
181 char log_string[VC_NAME_LEN_BYTES + 40];
182
183 pr_dbf_msg("VCE Header:");
184 pr_dbf_msg("vce_hdr.vce_length: %d", e->vce_hdr.vce_length);
185 pr_dbf_msg("vce_hdr.flags: %d", e->vce_hdr.flags);
186 pr_dbf_msg("vce_hdr.key_type: %d", e->vce_hdr.key_type);
187 pr_dbf_msg("vce_hdr.vc_index: %d", e->vce_hdr.vc_index);
188 pr_dbf_msg("vce_hdr.vc_format: %d", e->vce_hdr.vc_format);
189 pr_dbf_msg("vce_hdr.key_id_length: %d", e->vce_hdr.key_id_length);
190 pr_dbf_msg("vce_hdr.vc_hash_type: %d", e->vce_hdr.vc_hash_type);
191 pr_dbf_msg("vce_hdr.vc_hash_length: %d", e->vce_hdr.vc_hash_length);
192 pr_dbf_msg("vce_hdr.vc_hash_offset: %d", e->vce_hdr.vc_hash_offset);
193 pr_dbf_msg("vce_hdr.vc_length: %d", e->vce_hdr.vc_length);
194 pr_dbf_msg("vce_hdr.vc_offset: %d", e->vce_hdr.vc_offset);
195
196 /* Certificate name in ASCII. */
197 memcpy(vc_name, e->vce_hdr.vc_name, VC_NAME_LEN_BYTES);
198 EBCASC_500(vc_name, VC_NAME_LEN_BYTES);
199 vc_name[VC_NAME_LEN_BYTES] = '\0';
200
201 snprintf(log_string, sizeof(log_string),
202 "index: %d vce_hdr.vc_name (ASCII): %s",
203 e->vce_hdr.vc_index, vc_name);
204 debug_text_event(cert_store_hexdump, 3, log_string);
205
206 /* Certificate data. */
207 debug_text_event(cert_store_hexdump, 3, "VCE: Certificate data start");
208 debug_event(cert_store_hexdump, 3, (u8 *)e->cert_data_buf, 128);
209 debug_text_event(cert_store_hexdump, 3, "VCE: Certificate data end");
210 debug_event(cert_store_hexdump, 3,
211 (u8 *)e->cert_data_buf + e->vce_hdr.vce_length - 128, 128);
212}
213
214static void pr_dbf_vcssb(const struct vcssb *s)
215{
216 debug_text_event(cert_store_hexdump, 3, "DIAG320 Subcode1");
217 debug_event(cert_store_hexdump, 3, (u8 *)s, VCSSB_LEN_BYTES);
218
219 pr_dbf_msg("VCSSB:");
220 pr_dbf_msg("vcssb_length: %u", s->vcssb_length);
221 pr_dbf_msg("version: %u", s->version);
222 pr_dbf_msg("cs_token: %u", s->cs_token);
223 pr_dbf_msg("total_vc_index_count: %u", s->total_vc_index_count);
224 pr_dbf_msg("max_vc_index_count: %u", s->max_vc_index_count);
225 pr_dbf_msg("max_vce_length: %u", s->max_vce_length);
226 pr_dbf_msg("max_vcxe_length: %u", s->max_vce_length);
227 pr_dbf_msg("max_single_vcb_length: %u", s->max_single_vcb_length);
228 pr_dbf_msg("total_vcb_length: %u", s->total_vcb_length);
229 pr_dbf_msg("max_single_vcxb_length: %u", s->max_single_vcxb_length);
230 pr_dbf_msg("total_vcxb_length: %u", s->total_vcxb_length);
231}
232
233static int __diag320(unsigned long subcode, void *addr)
234{
235 union register_pair rp = { .even = (unsigned long)addr, };
236
237 asm volatile(
238 " diag %[rp],%[subcode],0x320\n"
239 "0: nopr %%r7\n"
240 EX_TABLE(0b, 0b)
241 : [rp] "+d" (rp.pair)
242 : [subcode] "d" (subcode)
243 : "cc", "memory");
244
245 return rp.odd;
246}
247
248static int diag320(unsigned long subcode, void *addr)
249{
250 diag_stat_inc(DIAG_STAT_X320);
251
252 return __diag320(subcode, addr);
253}
254
255/*
256 * Calculate SHA256 hash of the VCE certificate and compare it to hash stored in
257 * VCE. Return -EINVAL if hashes don't match.
258 */
259static int check_certificate_hash(const struct vce *vce)
260{
261 u8 hash[SHA256_DIGEST_SIZE];
262 u16 vc_hash_length;
263 u8 *vce_hash;
264
265 vce_hash = (u8 *)vce + vce->vce_hdr.vc_hash_offset;
266 vc_hash_length = vce->vce_hdr.vc_hash_length;
267 sha256((u8 *)vce + vce->vce_hdr.vc_offset, vce->vce_hdr.vc_length, hash);
268 if (memcmp(vce_hash, hash, vc_hash_length) == 0)
269 return 0;
270
271 pr_dbf_msg("SHA256 hash of received certificate does not match");
272 debug_text_event(cert_store_hexdump, 3, "VCE hash:");
273 debug_event(cert_store_hexdump, 3, vce_hash, SHA256_DIGEST_SIZE);
274 debug_text_event(cert_store_hexdump, 3, "Calculated hash:");
275 debug_event(cert_store_hexdump, 3, hash, SHA256_DIGEST_SIZE);
276
277 return -EINVAL;
278}
279
280static int check_certificate_valid(const struct vce *vce)
281{
282 if (!(vce->vce_hdr.flags & VCE_FLAGS_VALID_MASK)) {
283 pr_dbf_msg("Certificate entry is invalid");
284 return -EINVAL;
285 }
286 if (vce->vce_hdr.vc_format != 1) {
287 pr_dbf_msg("Certificate format is not supported");
288 return -EINVAL;
289 }
290 if (vce->vce_hdr.vc_hash_type != 1) {
291 pr_dbf_msg("Hash type is not supported");
292 return -EINVAL;
293 }
294
295 return check_certificate_hash(vce);
296}
297
298static struct key *get_user_session_keyring(void)
299{
300 key_ref_t us_keyring_ref;
301
302 us_keyring_ref = lookup_user_key(KEY_SPEC_USER_SESSION_KEYRING,
303 KEY_LOOKUP_CREATE, KEY_NEED_LINK);
304 if (IS_ERR(us_keyring_ref)) {
305 pr_dbf_msg("Couldn't get user session keyring: %ld",
306 PTR_ERR(us_keyring_ref));
307 return ERR_PTR(-ENOKEY);
308 }
309 key_ref_put(us_keyring_ref);
310 return key_ref_to_ptr(us_keyring_ref);
311}
312
313/* Invalidate all keys from cert_store keyring. */
314static int invalidate_keyring_keys(struct key *keyring)
315{
316 unsigned long num_keys, key_index;
317 size_t keyring_payload_len;
318 key_serial_t *key_array;
319 struct key *current_key;
320 int rc;
321
322 keyring_payload_len = key_type_keyring.read(keyring, NULL, 0);
323 num_keys = keyring_payload_len / sizeof(key_serial_t);
324 key_array = kcalloc(num_keys, sizeof(key_serial_t), GFP_KERNEL);
325 if (!key_array)
326 return -ENOMEM;
327
328 rc = key_type_keyring.read(keyring, (char *)key_array, keyring_payload_len);
329 if (rc != keyring_payload_len) {
330 pr_dbf_msg("Couldn't read keyring payload");
331 goto out;
332 }
333
334 for (key_index = 0; key_index < num_keys; key_index++) {
335 current_key = key_lookup(key_array[key_index]);
336 pr_dbf_msg("Invalidating key %08x", current_key->serial);
337
338 key_invalidate(current_key);
339 key_put(current_key);
340 rc = key_unlink(keyring, current_key);
341 if (rc) {
342 pr_dbf_msg("Couldn't unlink key %08x: %d", current_key->serial, rc);
343 break;
344 }
345 }
346out:
347 kfree(key_array);
348 return rc;
349}
350
351static struct key *find_cs_keyring(void)
352{
353 key_ref_t cs_keyring_ref;
354 struct key *cs_keyring;
355
356 cs_keyring_ref = keyring_search(make_key_ref(get_user_session_keyring(), true),
357 &key_type_keyring, CERT_STORE_KEYRING_NAME,
358 false);
359 if (!IS_ERR(cs_keyring_ref)) {
360 cs_keyring = key_ref_to_ptr(cs_keyring_ref);
361 key_ref_put(cs_keyring_ref);
362 goto found;
363 }
364 /* Search default locations: thread, process, session keyrings */
365 cs_keyring = request_key(&key_type_keyring, CERT_STORE_KEYRING_NAME, NULL);
366 if (IS_ERR(cs_keyring))
367 return NULL;
368 key_put(cs_keyring);
369found:
370 return cs_keyring;
371}
372
373static void cleanup_cs_keys(void)
374{
375 struct key *cs_keyring;
376
377 cs_keyring = find_cs_keyring();
378 if (!cs_keyring)
379 return;
380
381 pr_dbf_msg("Found cert_store keyring. Purging...");
382 /*
383 * Remove cert_store_key_type in case invalidation
384 * of old cert_store keys failed (= severe error).
385 */
386 if (invalidate_keyring_keys(cs_keyring))
387 unregister_key_type(&key_type_cert_store_key);
388
389 keyring_clear(cs_keyring);
390 key_invalidate(cs_keyring);
391 key_put(cs_keyring);
392 key_unlink(get_user_session_keyring(), cs_keyring);
393}
394
395static struct key *create_cs_keyring(void)
396{
397 static struct key *cs_keyring;
398
399 /* Cleanup previous cs_keyring and all associated keys if any. */
400 cleanup_cs_keys();
401 cs_keyring = keyring_alloc(CERT_STORE_KEYRING_NAME, GLOBAL_ROOT_UID,
402 GLOBAL_ROOT_GID, current_cred(),
403 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ,
404 KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_SET_KEEP,
405 NULL, get_user_session_keyring());
406 if (IS_ERR(cs_keyring)) {
407 pr_dbf_msg("Can't allocate cert_store keyring");
408 return NULL;
409 }
410
411 pr_dbf_msg("Successfully allocated cert_store keyring: %08x", cs_keyring->serial);
412
413 /*
414 * In case a previous clean-up ran into an
415 * error and unregistered key type.
416 */
417 register_key_type(&key_type_cert_store_key);
418
419 return cs_keyring;
420}
421
422/*
423 * Allocate memory and create key description in format
424 * [key name in EBCDIC]:[VCE index]:[CS token].
425 * Return a pointer to key description or NULL if memory
426 * allocation failed. Memory should be freed by caller.
427 */
428static char *get_key_description(struct vcssb *vcssb, const struct vce *vce)
429{
430 size_t len, name_len;
431 u32 cs_token;
432 char *desc;
433
434 cs_token = vcssb->cs_token;
435 /* Description string contains "%64s:%05u:%010u\0". */
436 name_len = sizeof(vce->vce_hdr.vc_name);
437 len = name_len + 1 + 5 + 1 + 10 + 1;
438 desc = kmalloc(len, GFP_KERNEL);
439 if (!desc)
440 return NULL;
441
442 memcpy(desc, vce->vce_hdr.vc_name, name_len);
443 snprintf(desc + name_len, len - name_len, ":%05u:%010u",
444 vce->vce_hdr.vc_index, cs_token);
445
446 return desc;
447}
448
449/*
450 * Create a key of type "cert_store_key" using the data from VCE for key
451 * payload and key description. Link the key to "cert_store" keyring.
452 */
453static int create_key_from_vce(struct vcssb *vcssb, struct vce *vce,
454 struct key *keyring)
455{
456 key_ref_t newkey;
457 char *desc;
458 int rc;
459
460 desc = get_key_description(vcssb, vce);
461 if (!desc)
462 return -ENOMEM;
463
464 newkey = key_create_or_update(
465 make_key_ref(keyring, true), CERT_STORE_KEY_TYPE_NAME,
466 desc, (u8 *)vce + vce->vce_hdr.vc_offset,
467 vce->vce_hdr.vc_length,
468 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ,
469 KEY_ALLOC_NOT_IN_QUOTA);
470
471 rc = PTR_ERR_OR_ZERO(newkey);
472 if (rc) {
473 pr_dbf_msg("Couldn't create a key from Certificate Entry (%d)", rc);
474 rc = -ENOKEY;
475 goto out;
476 }
477
478 key_ref_put(newkey);
479out:
480 kfree(desc);
481 return rc;
482}
483
484/* Get Verification Certificate Storage Size block with DIAG320 subcode2. */
485static int get_vcssb(struct vcssb *vcssb)
486{
487 int diag320_rc;
488
489 memset(vcssb, 0, sizeof(*vcssb));
490 vcssb->vcssb_length = VCSSB_LEN_BYTES;
491 diag320_rc = diag320(DIAG320_STORAGE, vcssb);
492 pr_dbf_vcssb(vcssb);
493
494 if (diag320_rc != DIAG320_RC_OK) {
495 pr_dbf_msg("Diag 320 Subcode 1 returned bad RC: %04x", diag320_rc);
496 return -EIO;
497 }
498 if (vcssb->vcssb_length == VCSSB_LEN_NO_CERTS) {
499 pr_dbf_msg("No certificates available for current configuration");
500 return -ENOKEY;
501 }
502
503 return 0;
504}
505
506static u32 get_4k_mult_vcb_size(struct vcssb *vcssb)
507{
508 return round_up(vcssb->max_single_vcb_length, PAGE_SIZE);
509}
510
511/* Fill input fields of single-entry VCB that will be read by LPAR. */
512static void fill_vcb_input(struct vcssb *vcssb, struct vcb *vcb, u16 index)
513{
514 memset(vcb, 0, sizeof(*vcb));
515 vcb->vcb_hdr.vcb_input_length = get_4k_mult_vcb_size(vcssb);
516 vcb->vcb_hdr.cs_token = vcssb->cs_token;
517
518 /* Request single entry. */
519 vcb->vcb_hdr.first_vc_index = index;
520 vcb->vcb_hdr.last_vc_index = index;
521}
522
523static void extract_vce_from_sevcb(struct vcb *vcb, struct vce *vce)
524{
525 struct vce *extracted_vce;
526
527 extracted_vce = (struct vce *)vcb->vcb_buf;
528 memcpy(vce, vcb->vcb_buf, extracted_vce->vce_hdr.vce_length);
529 pr_dbf_vce(vce);
530}
531
532static int get_sevcb(struct vcssb *vcssb, u16 index, struct vcb *vcb)
533{
534 int rc, diag320_rc;
535
536 fill_vcb_input(vcssb, vcb, index);
537
538 diag320_rc = diag320(DIAG320_CERT_BLOCK, vcb);
539 pr_dbf_msg("Diag 320 Subcode2 RC %2x", diag320_rc);
540 pr_dbf_vcb(vcb);
541
542 switch (diag320_rc) {
543 case DIAG320_RC_OK:
544 rc = 0;
545 if (vcb->vcb_hdr.vcb_output_length == VCB_LEN_NO_CERTS) {
546 pr_dbf_msg("No certificate entry for index %u", index);
547 rc = -ENOKEY;
548 } else if (vcb->vcb_hdr.remaining_vc_count != 0) {
549 /* Retry on insufficient space. */
550 pr_dbf_msg("Couldn't get all requested certificates");
551 rc = -EAGAIN;
552 }
553 break;
554 case DIAG320_RC_CS_NOMATCH:
555 pr_dbf_msg("Certificate Store token mismatch");
556 rc = -EAGAIN;
557 break;
558 default:
559 pr_dbf_msg("Diag 320 Subcode2 returned bad rc (0x%4x)", diag320_rc);
560 rc = -EINVAL;
561 break;
562 }
563
564 return rc;
565}
566
567/*
568 * Allocate memory for single-entry VCB, get VCB via DIAG320 subcode 2 call,
569 * extract VCE and create a key from its' certificate.
570 */
571static int create_key_from_sevcb(struct vcssb *vcssb, u16 index,
572 struct key *keyring)
573{
574 struct vcb *vcb;
575 struct vce *vce;
576 int rc;
577
578 rc = -ENOMEM;
579 vcb = vmalloc(get_4k_mult_vcb_size(vcssb));
580 vce = vmalloc(vcssb->max_single_vcb_length - sizeof(vcb->vcb_hdr));
581 if (!vcb || !vce)
582 goto out;
583
584 rc = get_sevcb(vcssb, index, vcb);
585 if (rc)
586 goto out;
587
588 extract_vce_from_sevcb(vcb, vce);
589 rc = check_certificate_valid(vce);
590 if (rc)
591 goto out;
592
593 rc = create_key_from_vce(vcssb, vce, keyring);
594 if (rc)
595 goto out;
596
597 pr_dbf_msg("Successfully created key from Certificate Entry %d", index);
598out:
599 vfree(vce);
600 vfree(vcb);
601 return rc;
602}
603
604/*
605 * Request a single-entry VCB for each VCE available for the partition.
606 * Create a key from it and link it to cert_store keyring. If no keys
607 * could be created (i.e. VCEs were invalid) return -ENOKEY.
608 */
609static int add_certificates_to_keyring(struct vcssb *vcssb, struct key *keyring)
610{
611 int rc, index, count, added;
612
613 count = 0;
614 added = 0;
615 /* Certificate Store entries indices start with 1 and have no gaps. */
616 for (index = 1; index < vcssb->total_vc_index_count + 1; index++) {
617 pr_dbf_msg("Creating key from VCE %u", index);
618 rc = create_key_from_sevcb(vcssb, index, keyring);
619 count++;
620
621 if (rc == -EAGAIN)
622 return rc;
623
624 if (rc)
625 pr_dbf_msg("Creating key from VCE %u failed (%d)", index, rc);
626 else
627 added++;
628 }
629
630 if (added == 0) {
631 pr_dbf_msg("Processed %d entries. No keys created", count);
632 return -ENOKEY;
633 }
634
635 pr_info("Added %d of %d keys to cert_store keyring", added, count);
636
637 /*
638 * Do not allow to link more keys to certificate store keyring after all
639 * the VCEs were processed.
640 */
641 rc = keyring_restrict(make_key_ref(keyring, true), NULL, NULL);
642 if (rc)
643 pr_dbf_msg("Failed to set restriction to cert_store keyring (%d)", rc);
644
645 return 0;
646}
647
648/*
649 * Check which DIAG320 subcodes are installed.
650 * Return -ENOENT if subcodes 1 or 2 are not available.
651 */
652static int query_diag320_subcodes(void)
653{
654 unsigned long ism[ISM_LEN_DWORDS];
655 int rc;
656
657 rc = diag320(0, ism);
658 if (rc != DIAG320_RC_OK) {
659 pr_dbf_msg("DIAG320 subcode query returned %04x", rc);
660 return -ENOENT;
661 }
662
663 debug_text_event(cert_store_hexdump, 3, "DIAG320 Subcode 0");
664 debug_event(cert_store_hexdump, 3, ism, sizeof(ism));
665
666 if (!test_bit_inv(1, ism) || !test_bit_inv(2, ism)) {
667 pr_dbf_msg("Not all required DIAG320 subcodes are installed");
668 return -ENOENT;
669 }
670
671 return 0;
672}
673
674/*
675 * Check if Certificate Store is supported by the firmware and DIAG320 subcodes
676 * 1 and 2 are installed. Create cert_store keyring and link all certificates
677 * available for the current partition to it as "cert_store_key" type
678 * keys. On refresh or error invalidate cert_store keyring and destroy
679 * all keys of "cert_store_key" type.
680 */
681static int fill_cs_keyring(void)
682{
683 struct key *cs_keyring;
684 struct vcssb *vcssb;
685 int rc;
686
687 rc = -ENOMEM;
688 vcssb = kmalloc(VCSSB_LEN_BYTES, GFP_KERNEL);
689 if (!vcssb)
690 goto cleanup_keys;
691
692 rc = -ENOENT;
693 if (!sclp.has_diag320) {
694 pr_dbf_msg("Certificate Store is not supported");
695 goto cleanup_keys;
696 }
697
698 rc = query_diag320_subcodes();
699 if (rc)
700 goto cleanup_keys;
701
702 rc = get_vcssb(vcssb);
703 if (rc)
704 goto cleanup_keys;
705
706 rc = -ENOMEM;
707 cs_keyring = create_cs_keyring();
708 if (!cs_keyring)
709 goto cleanup_keys;
710
711 rc = add_certificates_to_keyring(vcssb, cs_keyring);
712 if (rc)
713 goto cleanup_cs_keyring;
714
715 goto out;
716
717cleanup_cs_keyring:
718 key_put(cs_keyring);
719cleanup_keys:
720 cleanup_cs_keys();
721out:
722 kfree(vcssb);
723 return rc;
724}
725
726static DEFINE_MUTEX(cs_refresh_lock);
727static int cs_status_val = -1;
728
729static ssize_t cs_status_show(struct kobject *kobj,
730 struct kobj_attribute *attr, char *buf)
731{
732 if (cs_status_val == -1)
733 return sysfs_emit(buf, "uninitialized\n");
734 else if (cs_status_val == 0)
735 return sysfs_emit(buf, "ok\n");
736
737 return sysfs_emit(buf, "failed (%d)\n", cs_status_val);
738}
739
740static struct kobj_attribute cs_status_attr = __ATTR_RO(cs_status);
741
742static ssize_t refresh_store(struct kobject *kobj, struct kobj_attribute *attr,
743 const char *buf, size_t count)
744{
745 int rc, retries;
746
747 pr_dbf_msg("Refresh certificate store information requested");
748 rc = mutex_lock_interruptible(&cs_refresh_lock);
749 if (rc)
750 return rc;
751
752 for (retries = 0; retries < DIAG_MAX_RETRIES; retries++) {
753 /* Request certificates from certificate store. */
754 rc = fill_cs_keyring();
755 if (rc)
756 pr_dbf_msg("Failed to refresh certificate store information (%d)", rc);
757 if (rc != -EAGAIN)
758 break;
759 }
760 cs_status_val = rc;
761 mutex_unlock(&cs_refresh_lock);
762
763 return rc ?: count;
764}
765
766static struct kobj_attribute refresh_attr = __ATTR_WO(refresh);
767
768static const struct attribute *cert_store_attrs[] __initconst = {
769 &cs_status_attr.attr,
770 &refresh_attr.attr,
771 NULL,
772};
773
774static struct kobject *cert_store_kobj;
775
776static int __init cert_store_init(void)
777{
778 int rc = -ENOMEM;
779
780 cert_store_dbf = debug_register("cert_store_msg", 10, 1, 64);
781 if (!cert_store_dbf)
782 goto cleanup_dbf;
783
784 cert_store_hexdump = debug_register("cert_store_hexdump", 3, 1, 128);
785 if (!cert_store_hexdump)
786 goto cleanup_dbf;
787
788 debug_register_view(cert_store_hexdump, &debug_hex_ascii_view);
789 debug_register_view(cert_store_dbf, &debug_sprintf_view);
790
791 /* Create directory /sys/firmware/cert_store. */
792 cert_store_kobj = kobject_create_and_add("cert_store", firmware_kobj);
793 if (!cert_store_kobj)
794 goto cleanup_dbf;
795
796 rc = sysfs_create_files(cert_store_kobj, cert_store_attrs);
797 if (rc)
798 goto cleanup_kobj;
799
800 register_key_type(&key_type_cert_store_key);
801
802 return rc;
803
804cleanup_kobj:
805 kobject_put(cert_store_kobj);
806cleanup_dbf:
807 debug_unregister(cert_store_dbf);
808 debug_unregister(cert_store_hexdump);
809
810 return rc;
811}
812device_initcall(cert_store_init);
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * DIAG 0x320 support and certificate store handling
4 *
5 * Copyright IBM Corp. 2023
6 * Author(s): Anastasia Eskova <anastasia.eskova@ibm.com>
7 */
8
9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10
11#include <linux/delay.h>
12#include <linux/device.h>
13#include <linux/fs.h>
14#include <linux/init.h>
15#include <linux/kernel.h>
16#include <linux/key-type.h>
17#include <linux/key.h>
18#include <linux/keyctl.h>
19#include <linux/kobject.h>
20#include <linux/module.h>
21#include <linux/seq_file.h>
22#include <linux/slab.h>
23#include <linux/sysfs.h>
24#include <linux/vmalloc.h>
25#include <crypto/sha2.h>
26#include <keys/user-type.h>
27#include <asm/debug.h>
28#include <asm/diag.h>
29#include <asm/ebcdic.h>
30#include <asm/sclp.h>
31
32#define DIAG_MAX_RETRIES 10
33
34#define VCE_FLAGS_VALID_MASK 0x80
35
36#define ISM_LEN_DWORDS 4
37#define VCSSB_LEN_BYTES 128
38#define VCSSB_LEN_NO_CERTS 4
39#define VCB_LEN_NO_CERTS 64
40#define VC_NAME_LEN_BYTES 64
41
42#define CERT_STORE_KEY_TYPE_NAME "cert_store_key"
43#define CERT_STORE_KEYRING_NAME "cert_store"
44
45static debug_info_t *cert_store_dbf;
46static debug_info_t *cert_store_hexdump;
47
48#define pr_dbf_msg(fmt, ...) \
49 debug_sprintf_event(cert_store_dbf, 3, fmt "\n", ## __VA_ARGS__)
50
51enum diag320_subcode {
52 DIAG320_SUBCODES = 0,
53 DIAG320_STORAGE = 1,
54 DIAG320_CERT_BLOCK = 2,
55};
56
57enum diag320_rc {
58 DIAG320_RC_OK = 0x0001,
59 DIAG320_RC_CS_NOMATCH = 0x0306,
60};
61
62/* Verification Certificates Store Support Block (VCSSB). */
63struct vcssb {
64 u32 vcssb_length;
65 u8 pad_0x04[3];
66 u8 version;
67 u8 pad_0x08[8];
68 u32 cs_token;
69 u8 pad_0x14[12];
70 u16 total_vc_index_count;
71 u16 max_vc_index_count;
72 u8 pad_0x24[28];
73 u32 max_vce_length;
74 u32 max_vcxe_length;
75 u8 pad_0x48[8];
76 u32 max_single_vcb_length;
77 u32 total_vcb_length;
78 u32 max_single_vcxb_length;
79 u32 total_vcxb_length;
80 u8 pad_0x60[32];
81} __packed __aligned(8);
82
83/* Verification Certificate Entry (VCE) Header. */
84struct vce_header {
85 u32 vce_length;
86 u8 flags;
87 u8 key_type;
88 u16 vc_index;
89 u8 vc_name[VC_NAME_LEN_BYTES]; /* EBCDIC */
90 u8 vc_format;
91 u8 pad_0x49;
92 u16 key_id_length;
93 u8 pad_0x4c;
94 u8 vc_hash_type;
95 u16 vc_hash_length;
96 u8 pad_0x50[4];
97 u32 vc_length;
98 u8 pad_0x58[8];
99 u16 vc_hash_offset;
100 u16 vc_offset;
101 u8 pad_0x64[28];
102} __packed __aligned(4);
103
104/* Verification Certificate Block (VCB) Header. */
105struct vcb_header {
106 u32 vcb_input_length;
107 u8 pad_0x04[4];
108 u16 first_vc_index;
109 u16 last_vc_index;
110 u32 pad_0x0c;
111 u32 cs_token;
112 u8 pad_0x14[12];
113 u32 vcb_output_length;
114 u8 pad_0x24[3];
115 u8 version;
116 u16 stored_vc_count;
117 u16 remaining_vc_count;
118 u8 pad_0x2c[20];
119} __packed __aligned(4);
120
121/* Verification Certificate Block (VCB). */
122struct vcb {
123 struct vcb_header vcb_hdr;
124 u8 vcb_buf[];
125} __packed __aligned(4);
126
127/* Verification Certificate Entry (VCE). */
128struct vce {
129 struct vce_header vce_hdr;
130 u8 cert_data_buf[];
131} __packed __aligned(4);
132
133static void cert_store_key_describe(const struct key *key, struct seq_file *m)
134{
135 char ascii[VC_NAME_LEN_BYTES + 1];
136
137 /*
138 * First 64 bytes of the key description is key name in EBCDIC CP 500.
139 * Convert it to ASCII for displaying in /proc/keys.
140 */
141 strscpy(ascii, key->description, sizeof(ascii));
142 EBCASC_500(ascii, VC_NAME_LEN_BYTES);
143 seq_puts(m, ascii);
144
145 seq_puts(m, &key->description[VC_NAME_LEN_BYTES]);
146 if (key_is_positive(key))
147 seq_printf(m, ": %u", key->datalen);
148}
149
150/*
151 * Certificate store key type takes over properties of
152 * user key but cannot be updated.
153 */
154static struct key_type key_type_cert_store_key = {
155 .name = CERT_STORE_KEY_TYPE_NAME,
156 .preparse = user_preparse,
157 .free_preparse = user_free_preparse,
158 .instantiate = generic_key_instantiate,
159 .revoke = user_revoke,
160 .destroy = user_destroy,
161 .describe = cert_store_key_describe,
162 .read = user_read,
163};
164
165/* Logging functions. */
166static void pr_dbf_vcb(const struct vcb *b)
167{
168 pr_dbf_msg("VCB Header:");
169 pr_dbf_msg("vcb_input_length: %d", b->vcb_hdr.vcb_input_length);
170 pr_dbf_msg("first_vc_index: %d", b->vcb_hdr.first_vc_index);
171 pr_dbf_msg("last_vc_index: %d", b->vcb_hdr.last_vc_index);
172 pr_dbf_msg("cs_token: %d", b->vcb_hdr.cs_token);
173 pr_dbf_msg("vcb_output_length: %d", b->vcb_hdr.vcb_output_length);
174 pr_dbf_msg("version: %d", b->vcb_hdr.version);
175 pr_dbf_msg("stored_vc_count: %d", b->vcb_hdr.stored_vc_count);
176 pr_dbf_msg("remaining_vc_count: %d", b->vcb_hdr.remaining_vc_count);
177}
178
179static void pr_dbf_vce(const struct vce *e)
180{
181 unsigned char vc_name[VC_NAME_LEN_BYTES + 1];
182 char log_string[VC_NAME_LEN_BYTES + 40];
183
184 pr_dbf_msg("VCE Header:");
185 pr_dbf_msg("vce_hdr.vce_length: %d", e->vce_hdr.vce_length);
186 pr_dbf_msg("vce_hdr.flags: %d", e->vce_hdr.flags);
187 pr_dbf_msg("vce_hdr.key_type: %d", e->vce_hdr.key_type);
188 pr_dbf_msg("vce_hdr.vc_index: %d", e->vce_hdr.vc_index);
189 pr_dbf_msg("vce_hdr.vc_format: %d", e->vce_hdr.vc_format);
190 pr_dbf_msg("vce_hdr.key_id_length: %d", e->vce_hdr.key_id_length);
191 pr_dbf_msg("vce_hdr.vc_hash_type: %d", e->vce_hdr.vc_hash_type);
192 pr_dbf_msg("vce_hdr.vc_hash_length: %d", e->vce_hdr.vc_hash_length);
193 pr_dbf_msg("vce_hdr.vc_hash_offset: %d", e->vce_hdr.vc_hash_offset);
194 pr_dbf_msg("vce_hdr.vc_length: %d", e->vce_hdr.vc_length);
195 pr_dbf_msg("vce_hdr.vc_offset: %d", e->vce_hdr.vc_offset);
196
197 /* Certificate name in ASCII. */
198 memcpy(vc_name, e->vce_hdr.vc_name, VC_NAME_LEN_BYTES);
199 EBCASC_500(vc_name, VC_NAME_LEN_BYTES);
200 vc_name[VC_NAME_LEN_BYTES] = '\0';
201
202 snprintf(log_string, sizeof(log_string),
203 "index: %d vce_hdr.vc_name (ASCII): %s",
204 e->vce_hdr.vc_index, vc_name);
205 debug_text_event(cert_store_hexdump, 3, log_string);
206
207 /* Certificate data. */
208 debug_text_event(cert_store_hexdump, 3, "VCE: Certificate data start");
209 debug_event(cert_store_hexdump, 3, (u8 *)e->cert_data_buf, 128);
210 debug_text_event(cert_store_hexdump, 3, "VCE: Certificate data end");
211 debug_event(cert_store_hexdump, 3,
212 (u8 *)e->cert_data_buf + e->vce_hdr.vce_length - 128, 128);
213}
214
215static void pr_dbf_vcssb(const struct vcssb *s)
216{
217 debug_text_event(cert_store_hexdump, 3, "DIAG320 Subcode1");
218 debug_event(cert_store_hexdump, 3, (u8 *)s, VCSSB_LEN_BYTES);
219
220 pr_dbf_msg("VCSSB:");
221 pr_dbf_msg("vcssb_length: %u", s->vcssb_length);
222 pr_dbf_msg("version: %u", s->version);
223 pr_dbf_msg("cs_token: %u", s->cs_token);
224 pr_dbf_msg("total_vc_index_count: %u", s->total_vc_index_count);
225 pr_dbf_msg("max_vc_index_count: %u", s->max_vc_index_count);
226 pr_dbf_msg("max_vce_length: %u", s->max_vce_length);
227 pr_dbf_msg("max_vcxe_length: %u", s->max_vce_length);
228 pr_dbf_msg("max_single_vcb_length: %u", s->max_single_vcb_length);
229 pr_dbf_msg("total_vcb_length: %u", s->total_vcb_length);
230 pr_dbf_msg("max_single_vcxb_length: %u", s->max_single_vcxb_length);
231 pr_dbf_msg("total_vcxb_length: %u", s->total_vcxb_length);
232}
233
234static int __diag320(unsigned long subcode, void *addr)
235{
236 union register_pair rp = { .even = (unsigned long)addr, };
237
238 asm volatile(
239 " diag %[rp],%[subcode],0x320\n"
240 "0: nopr %%r7\n"
241 EX_TABLE(0b, 0b)
242 : [rp] "+d" (rp.pair)
243 : [subcode] "d" (subcode)
244 : "cc", "memory");
245
246 return rp.odd;
247}
248
249static int diag320(unsigned long subcode, void *addr)
250{
251 diag_stat_inc(DIAG_STAT_X320);
252
253 return __diag320(subcode, addr);
254}
255
256/*
257 * Calculate SHA256 hash of the VCE certificate and compare it to hash stored in
258 * VCE. Return -EINVAL if hashes don't match.
259 */
260static int check_certificate_hash(const struct vce *vce)
261{
262 u8 hash[SHA256_DIGEST_SIZE];
263 u16 vc_hash_length;
264 u8 *vce_hash;
265
266 vce_hash = (u8 *)vce + vce->vce_hdr.vc_hash_offset;
267 vc_hash_length = vce->vce_hdr.vc_hash_length;
268 sha256((u8 *)vce + vce->vce_hdr.vc_offset, vce->vce_hdr.vc_length, hash);
269 if (memcmp(vce_hash, hash, vc_hash_length) == 0)
270 return 0;
271
272 pr_dbf_msg("SHA256 hash of received certificate does not match");
273 debug_text_event(cert_store_hexdump, 3, "VCE hash:");
274 debug_event(cert_store_hexdump, 3, vce_hash, SHA256_DIGEST_SIZE);
275 debug_text_event(cert_store_hexdump, 3, "Calculated hash:");
276 debug_event(cert_store_hexdump, 3, hash, SHA256_DIGEST_SIZE);
277
278 return -EINVAL;
279}
280
281static int check_certificate_valid(const struct vce *vce)
282{
283 if (!(vce->vce_hdr.flags & VCE_FLAGS_VALID_MASK)) {
284 pr_dbf_msg("Certificate entry is invalid");
285 return -EINVAL;
286 }
287 if (vce->vce_hdr.vc_format != 1) {
288 pr_dbf_msg("Certificate format is not supported");
289 return -EINVAL;
290 }
291 if (vce->vce_hdr.vc_hash_type != 1) {
292 pr_dbf_msg("Hash type is not supported");
293 return -EINVAL;
294 }
295
296 return check_certificate_hash(vce);
297}
298
299static struct key *get_user_session_keyring(void)
300{
301 key_ref_t us_keyring_ref;
302
303 us_keyring_ref = lookup_user_key(KEY_SPEC_USER_SESSION_KEYRING,
304 KEY_LOOKUP_CREATE, KEY_NEED_LINK);
305 if (IS_ERR(us_keyring_ref)) {
306 pr_dbf_msg("Couldn't get user session keyring: %ld",
307 PTR_ERR(us_keyring_ref));
308 return ERR_PTR(-ENOKEY);
309 }
310 key_ref_put(us_keyring_ref);
311 return key_ref_to_ptr(us_keyring_ref);
312}
313
314/* Invalidate all keys from cert_store keyring. */
315static int invalidate_keyring_keys(struct key *keyring)
316{
317 unsigned long num_keys, key_index;
318 size_t keyring_payload_len;
319 key_serial_t *key_array;
320 struct key *current_key;
321 int rc;
322
323 keyring_payload_len = key_type_keyring.read(keyring, NULL, 0);
324 num_keys = keyring_payload_len / sizeof(key_serial_t);
325 key_array = kcalloc(num_keys, sizeof(key_serial_t), GFP_KERNEL);
326 if (!key_array)
327 return -ENOMEM;
328
329 rc = key_type_keyring.read(keyring, (char *)key_array, keyring_payload_len);
330 if (rc != keyring_payload_len) {
331 pr_dbf_msg("Couldn't read keyring payload");
332 goto out;
333 }
334
335 for (key_index = 0; key_index < num_keys; key_index++) {
336 current_key = key_lookup(key_array[key_index]);
337 pr_dbf_msg("Invalidating key %08x", current_key->serial);
338
339 key_invalidate(current_key);
340 key_put(current_key);
341 rc = key_unlink(keyring, current_key);
342 if (rc) {
343 pr_dbf_msg("Couldn't unlink key %08x: %d", current_key->serial, rc);
344 break;
345 }
346 }
347out:
348 kfree(key_array);
349 return rc;
350}
351
352static struct key *find_cs_keyring(void)
353{
354 key_ref_t cs_keyring_ref;
355 struct key *cs_keyring;
356
357 cs_keyring_ref = keyring_search(make_key_ref(get_user_session_keyring(), true),
358 &key_type_keyring, CERT_STORE_KEYRING_NAME,
359 false);
360 if (!IS_ERR(cs_keyring_ref)) {
361 cs_keyring = key_ref_to_ptr(cs_keyring_ref);
362 key_ref_put(cs_keyring_ref);
363 goto found;
364 }
365 /* Search default locations: thread, process, session keyrings */
366 cs_keyring = request_key(&key_type_keyring, CERT_STORE_KEYRING_NAME, NULL);
367 if (IS_ERR(cs_keyring))
368 return NULL;
369 key_put(cs_keyring);
370found:
371 return cs_keyring;
372}
373
374static void cleanup_cs_keys(void)
375{
376 struct key *cs_keyring;
377
378 cs_keyring = find_cs_keyring();
379 if (!cs_keyring)
380 return;
381
382 pr_dbf_msg("Found cert_store keyring. Purging...");
383 /*
384 * Remove cert_store_key_type in case invalidation
385 * of old cert_store keys failed (= severe error).
386 */
387 if (invalidate_keyring_keys(cs_keyring))
388 unregister_key_type(&key_type_cert_store_key);
389
390 keyring_clear(cs_keyring);
391 key_invalidate(cs_keyring);
392 key_put(cs_keyring);
393 key_unlink(get_user_session_keyring(), cs_keyring);
394}
395
396static struct key *create_cs_keyring(void)
397{
398 static struct key *cs_keyring;
399
400 /* Cleanup previous cs_keyring and all associated keys if any. */
401 cleanup_cs_keys();
402 cs_keyring = keyring_alloc(CERT_STORE_KEYRING_NAME, GLOBAL_ROOT_UID,
403 GLOBAL_ROOT_GID, current_cred(),
404 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ,
405 KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_SET_KEEP,
406 NULL, get_user_session_keyring());
407 if (IS_ERR(cs_keyring)) {
408 pr_dbf_msg("Can't allocate cert_store keyring");
409 return NULL;
410 }
411
412 pr_dbf_msg("Successfully allocated cert_store keyring: %08x", cs_keyring->serial);
413
414 /*
415 * In case a previous clean-up ran into an
416 * error and unregistered key type.
417 */
418 register_key_type(&key_type_cert_store_key);
419
420 return cs_keyring;
421}
422
423/*
424 * Allocate memory and create key description in format
425 * [key name in EBCDIC]:[VCE index]:[CS token].
426 * Return a pointer to key description or NULL if memory
427 * allocation failed. Memory should be freed by caller.
428 */
429static char *get_key_description(struct vcssb *vcssb, const struct vce *vce)
430{
431 size_t len, name_len;
432 u32 cs_token;
433 char *desc;
434
435 cs_token = vcssb->cs_token;
436 /* Description string contains "%64s:%05u:%010u\0". */
437 name_len = sizeof(vce->vce_hdr.vc_name);
438 len = name_len + 1 + 5 + 1 + 10 + 1;
439 desc = kmalloc(len, GFP_KERNEL);
440 if (!desc)
441 return NULL;
442
443 memcpy(desc, vce->vce_hdr.vc_name, name_len);
444 snprintf(desc + name_len, len - name_len, ":%05u:%010u",
445 vce->vce_hdr.vc_index, cs_token);
446
447 return desc;
448}
449
450/*
451 * Create a key of type "cert_store_key" using the data from VCE for key
452 * payload and key description. Link the key to "cert_store" keyring.
453 */
454static int create_key_from_vce(struct vcssb *vcssb, struct vce *vce,
455 struct key *keyring)
456{
457 key_ref_t newkey;
458 char *desc;
459 int rc;
460
461 desc = get_key_description(vcssb, vce);
462 if (!desc)
463 return -ENOMEM;
464
465 newkey = key_create_or_update(
466 make_key_ref(keyring, true), CERT_STORE_KEY_TYPE_NAME,
467 desc, (u8 *)vce + vce->vce_hdr.vc_offset,
468 vce->vce_hdr.vc_length,
469 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ,
470 KEY_ALLOC_NOT_IN_QUOTA);
471
472 rc = PTR_ERR_OR_ZERO(newkey);
473 if (rc) {
474 pr_dbf_msg("Couldn't create a key from Certificate Entry (%d)", rc);
475 rc = -ENOKEY;
476 goto out;
477 }
478
479 key_ref_put(newkey);
480out:
481 kfree(desc);
482 return rc;
483}
484
485/* Get Verification Certificate Storage Size block with DIAG320 subcode2. */
486static int get_vcssb(struct vcssb *vcssb)
487{
488 int diag320_rc;
489
490 memset(vcssb, 0, sizeof(*vcssb));
491 vcssb->vcssb_length = VCSSB_LEN_BYTES;
492 diag320_rc = diag320(DIAG320_STORAGE, vcssb);
493 pr_dbf_vcssb(vcssb);
494
495 if (diag320_rc != DIAG320_RC_OK) {
496 pr_dbf_msg("Diag 320 Subcode 1 returned bad RC: %04x", diag320_rc);
497 return -EIO;
498 }
499 if (vcssb->vcssb_length == VCSSB_LEN_NO_CERTS) {
500 pr_dbf_msg("No certificates available for current configuration");
501 return -ENOKEY;
502 }
503
504 return 0;
505}
506
507static u32 get_4k_mult_vcb_size(struct vcssb *vcssb)
508{
509 return round_up(vcssb->max_single_vcb_length, PAGE_SIZE);
510}
511
512/* Fill input fields of single-entry VCB that will be read by LPAR. */
513static void fill_vcb_input(struct vcssb *vcssb, struct vcb *vcb, u16 index)
514{
515 memset(vcb, 0, sizeof(*vcb));
516 vcb->vcb_hdr.vcb_input_length = get_4k_mult_vcb_size(vcssb);
517 vcb->vcb_hdr.cs_token = vcssb->cs_token;
518
519 /* Request single entry. */
520 vcb->vcb_hdr.first_vc_index = index;
521 vcb->vcb_hdr.last_vc_index = index;
522}
523
524static void extract_vce_from_sevcb(struct vcb *vcb, struct vce *vce)
525{
526 struct vce *extracted_vce;
527
528 extracted_vce = (struct vce *)vcb->vcb_buf;
529 memcpy(vce, vcb->vcb_buf, extracted_vce->vce_hdr.vce_length);
530 pr_dbf_vce(vce);
531}
532
533static int get_sevcb(struct vcssb *vcssb, u16 index, struct vcb *vcb)
534{
535 int rc, diag320_rc;
536
537 fill_vcb_input(vcssb, vcb, index);
538
539 diag320_rc = diag320(DIAG320_CERT_BLOCK, vcb);
540 pr_dbf_msg("Diag 320 Subcode2 RC %2x", diag320_rc);
541 pr_dbf_vcb(vcb);
542
543 switch (diag320_rc) {
544 case DIAG320_RC_OK:
545 rc = 0;
546 if (vcb->vcb_hdr.vcb_output_length == VCB_LEN_NO_CERTS) {
547 pr_dbf_msg("No certificate entry for index %u", index);
548 rc = -ENOKEY;
549 } else if (vcb->vcb_hdr.remaining_vc_count != 0) {
550 /* Retry on insufficient space. */
551 pr_dbf_msg("Couldn't get all requested certificates");
552 rc = -EAGAIN;
553 }
554 break;
555 case DIAG320_RC_CS_NOMATCH:
556 pr_dbf_msg("Certificate Store token mismatch");
557 rc = -EAGAIN;
558 break;
559 default:
560 pr_dbf_msg("Diag 320 Subcode2 returned bad rc (0x%4x)", diag320_rc);
561 rc = -EINVAL;
562 break;
563 }
564
565 return rc;
566}
567
568/*
569 * Allocate memory for single-entry VCB, get VCB via DIAG320 subcode 2 call,
570 * extract VCE and create a key from its' certificate.
571 */
572static int create_key_from_sevcb(struct vcssb *vcssb, u16 index,
573 struct key *keyring)
574{
575 struct vcb *vcb;
576 struct vce *vce;
577 int rc;
578
579 rc = -ENOMEM;
580 vcb = vmalloc(get_4k_mult_vcb_size(vcssb));
581 vce = vmalloc(vcssb->max_single_vcb_length - sizeof(vcb->vcb_hdr));
582 if (!vcb || !vce)
583 goto out;
584
585 rc = get_sevcb(vcssb, index, vcb);
586 if (rc)
587 goto out;
588
589 extract_vce_from_sevcb(vcb, vce);
590 rc = check_certificate_valid(vce);
591 if (rc)
592 goto out;
593
594 rc = create_key_from_vce(vcssb, vce, keyring);
595 if (rc)
596 goto out;
597
598 pr_dbf_msg("Successfully created key from Certificate Entry %d", index);
599out:
600 vfree(vce);
601 vfree(vcb);
602 return rc;
603}
604
605/*
606 * Request a single-entry VCB for each VCE available for the partition.
607 * Create a key from it and link it to cert_store keyring. If no keys
608 * could be created (i.e. VCEs were invalid) return -ENOKEY.
609 */
610static int add_certificates_to_keyring(struct vcssb *vcssb, struct key *keyring)
611{
612 int rc, index, count, added;
613
614 count = 0;
615 added = 0;
616 /* Certificate Store entries indices start with 1 and have no gaps. */
617 for (index = 1; index < vcssb->total_vc_index_count + 1; index++) {
618 pr_dbf_msg("Creating key from VCE %u", index);
619 rc = create_key_from_sevcb(vcssb, index, keyring);
620 count++;
621
622 if (rc == -EAGAIN)
623 return rc;
624
625 if (rc)
626 pr_dbf_msg("Creating key from VCE %u failed (%d)", index, rc);
627 else
628 added++;
629 }
630
631 if (added == 0) {
632 pr_dbf_msg("Processed %d entries. No keys created", count);
633 return -ENOKEY;
634 }
635
636 pr_info("Added %d of %d keys to cert_store keyring", added, count);
637
638 /*
639 * Do not allow to link more keys to certificate store keyring after all
640 * the VCEs were processed.
641 */
642 rc = keyring_restrict(make_key_ref(keyring, true), NULL, NULL);
643 if (rc)
644 pr_dbf_msg("Failed to set restriction to cert_store keyring (%d)", rc);
645
646 return 0;
647}
648
649/*
650 * Check which DIAG320 subcodes are installed.
651 * Return -ENOENT if subcodes 1 or 2 are not available.
652 */
653static int query_diag320_subcodes(void)
654{
655 unsigned long ism[ISM_LEN_DWORDS];
656 int rc;
657
658 rc = diag320(0, ism);
659 if (rc != DIAG320_RC_OK) {
660 pr_dbf_msg("DIAG320 subcode query returned %04x", rc);
661 return -ENOENT;
662 }
663
664 debug_text_event(cert_store_hexdump, 3, "DIAG320 Subcode 0");
665 debug_event(cert_store_hexdump, 3, ism, sizeof(ism));
666
667 if (!test_bit_inv(1, ism) || !test_bit_inv(2, ism)) {
668 pr_dbf_msg("Not all required DIAG320 subcodes are installed");
669 return -ENOENT;
670 }
671
672 return 0;
673}
674
675/*
676 * Check if Certificate Store is supported by the firmware and DIAG320 subcodes
677 * 1 and 2 are installed. Create cert_store keyring and link all certificates
678 * available for the current partition to it as "cert_store_key" type
679 * keys. On refresh or error invalidate cert_store keyring and destroy
680 * all keys of "cert_store_key" type.
681 */
682static int fill_cs_keyring(void)
683{
684 struct key *cs_keyring;
685 struct vcssb *vcssb;
686 int rc;
687
688 rc = -ENOMEM;
689 vcssb = kmalloc(VCSSB_LEN_BYTES, GFP_KERNEL);
690 if (!vcssb)
691 goto cleanup_keys;
692
693 rc = -ENOENT;
694 if (!sclp.has_diag320) {
695 pr_dbf_msg("Certificate Store is not supported");
696 goto cleanup_keys;
697 }
698
699 rc = query_diag320_subcodes();
700 if (rc)
701 goto cleanup_keys;
702
703 rc = get_vcssb(vcssb);
704 if (rc)
705 goto cleanup_keys;
706
707 rc = -ENOMEM;
708 cs_keyring = create_cs_keyring();
709 if (!cs_keyring)
710 goto cleanup_keys;
711
712 rc = add_certificates_to_keyring(vcssb, cs_keyring);
713 if (rc)
714 goto cleanup_cs_keyring;
715
716 goto out;
717
718cleanup_cs_keyring:
719 key_put(cs_keyring);
720cleanup_keys:
721 cleanup_cs_keys();
722out:
723 kfree(vcssb);
724 return rc;
725}
726
727static DEFINE_MUTEX(cs_refresh_lock);
728static int cs_status_val = -1;
729
730static ssize_t cs_status_show(struct kobject *kobj,
731 struct kobj_attribute *attr, char *buf)
732{
733 if (cs_status_val == -1)
734 return sysfs_emit(buf, "uninitialized\n");
735 else if (cs_status_val == 0)
736 return sysfs_emit(buf, "ok\n");
737
738 return sysfs_emit(buf, "failed (%d)\n", cs_status_val);
739}
740
741static struct kobj_attribute cs_status_attr = __ATTR_RO(cs_status);
742
743static ssize_t refresh_store(struct kobject *kobj, struct kobj_attribute *attr,
744 const char *buf, size_t count)
745{
746 int rc, retries;
747
748 pr_dbf_msg("Refresh certificate store information requested");
749 rc = mutex_lock_interruptible(&cs_refresh_lock);
750 if (rc)
751 return rc;
752
753 for (retries = 0; retries < DIAG_MAX_RETRIES; retries++) {
754 /* Request certificates from certificate store. */
755 rc = fill_cs_keyring();
756 if (rc)
757 pr_dbf_msg("Failed to refresh certificate store information (%d)", rc);
758 if (rc != -EAGAIN)
759 break;
760 }
761 cs_status_val = rc;
762 mutex_unlock(&cs_refresh_lock);
763
764 return rc ?: count;
765}
766
767static struct kobj_attribute refresh_attr = __ATTR_WO(refresh);
768
769static const struct attribute *cert_store_attrs[] __initconst = {
770 &cs_status_attr.attr,
771 &refresh_attr.attr,
772 NULL,
773};
774
775static struct kobject *cert_store_kobj;
776
777static int __init cert_store_init(void)
778{
779 int rc = -ENOMEM;
780
781 cert_store_dbf = debug_register("cert_store_msg", 10, 1, 64);
782 if (!cert_store_dbf)
783 goto cleanup_dbf;
784
785 cert_store_hexdump = debug_register("cert_store_hexdump", 3, 1, 128);
786 if (!cert_store_hexdump)
787 goto cleanup_dbf;
788
789 debug_register_view(cert_store_hexdump, &debug_hex_ascii_view);
790 debug_register_view(cert_store_dbf, &debug_sprintf_view);
791
792 /* Create directory /sys/firmware/cert_store. */
793 cert_store_kobj = kobject_create_and_add("cert_store", firmware_kobj);
794 if (!cert_store_kobj)
795 goto cleanup_dbf;
796
797 rc = sysfs_create_files(cert_store_kobj, cert_store_attrs);
798 if (rc)
799 goto cleanup_kobj;
800
801 register_key_type(&key_type_cert_store_key);
802
803 return rc;
804
805cleanup_kobj:
806 kobject_put(cert_store_kobj);
807cleanup_dbf:
808 debug_unregister(cert_store_dbf);
809 debug_unregister(cert_store_hexdump);
810
811 return rc;
812}
813device_initcall(cert_store_init);