s390/pkey: pkey cleanup: narrow in-kernel API, fix some variable types

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

There are a lot of pkey functions exported as in-kernel callable
API functions but not used at all. This patch narrows down the
pkey in-kernel API to what is currently only used and exploited.

Within the kernel just use u32 without any leading __u32. Also
functions declared in a header file in arch/s390/include/asm
don't need a comment 'In-kernel API', this is by definition,
otherwise the header file would be in arch/s390/include/uapi/asm.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

authored by

Harald Freudenberger and committed by

Vasily Gorbik 6 years ago 183cb469 22a33c7e

+18 -133

2 changed files

expand all

arch

s390

include

asm

pkey.h

drivers

s390

crypto

pkey_api.c

+2 -112

arch/s390/include/asm/pkey.h

··· 2 2 /* 3 3 * Kernelspace interface to the pkey device driver 4 4 * 5 - * Copyright IBM Corp. 2016 5 + * Copyright IBM Corp. 2016,2019 6 6 * 7 7 * Author: Harald Freudenberger <freude@de.ibm.com> 8 8 * ··· 16 16 #include <uapi/asm/pkey.h> 17 17 18 18 /* 19 - * Generate (AES) random secure key. 20 - * @param cardnr may be -1 (use default card) 21 - * @param domain may be -1 (use default domain) 22 - * @param keytype one of the PKEY_KEYTYPE values 23 - * @param seckey pointer to buffer receiving the secure key 24 - * @return 0 on success, negative errno value on failure 25 - */ 26 - int pkey_genseckey(__u16 cardnr, __u16 domain, 27 - __u32 keytype, struct pkey_seckey *seckey); 28 - 29 - /* 30 - * Generate (AES) secure key with given key value. 31 - * @param cardnr may be -1 (use default card) 32 - * @param domain may be -1 (use default domain) 33 - * @param keytype one of the PKEY_KEYTYPE values 34 - * @param clrkey pointer to buffer with clear key data 35 - * @param seckey pointer to buffer receiving the secure key 36 - * @return 0 on success, negative errno value on failure 37 - */ 38 - int pkey_clr2seckey(__u16 cardnr, __u16 domain, __u32 keytype, 39 - const struct pkey_clrkey *clrkey, 40 - struct pkey_seckey *seckey); 41 - 42 - /* 43 - * Derive (AES) proteced key from the (AES) secure key blob. 44 - * @param cardnr may be -1 (use default card) 45 - * @param domain may be -1 (use default domain) 46 - * @param seckey pointer to buffer with the input secure key 47 - * @param protkey pointer to buffer receiving the protected key and 48 - * additional info (type, length) 49 - * @return 0 on success, negative errno value on failure 50 - */ 51 - int pkey_sec2protkey(__u16 cardnr, __u16 domain, 52 - const struct pkey_seckey *seckey, 53 - struct pkey_protkey *protkey); 54 - 55 - /* 56 - * Derive (AES) protected key from a given clear key value. 57 - * @param keytype one of the PKEY_KEYTYPE values 58 - * @param clrkey pointer to buffer with clear key data 59 - * @param protkey pointer to buffer receiving the protected key and 60 - * additional info (type, length) 61 - * @return 0 on success, negative errno value on failure 62 - */ 63 - int pkey_clr2protkey(__u32 keytype, 64 - const struct pkey_clrkey *clrkey, 65 - struct pkey_protkey *protkey); 66 - 67 - /* 68 - * Search for a matching crypto card based on the Master Key 69 - * Verification Pattern provided inside a secure key. 70 - * @param seckey pointer to buffer with the input secure key 71 - * @param cardnr pointer to cardnr, receives the card number on success 72 - * @param domain pointer to domain, receives the domain number on success 73 - * @param verify if set, always verify by fetching verification pattern 74 - * from card 75 - * @return 0 on success, negative errno value on failure. If no card could be 76 - * found, -ENODEV is returned. 77 - */ 78 - int pkey_findcard(const struct pkey_seckey *seckey, 79 - __u16 *cardnr, __u16 *domain, int verify); 80 - 81 - /* 82 - * Find card and transform secure key to protected key. 83 - * @param seckey pointer to buffer with the input secure key 84 - * @param protkey pointer to buffer receiving the protected key and 85 - * additional info (type, length) 86 - * @return 0 on success, negative errno value on failure 87 - */ 88 - int pkey_skey2pkey(const struct pkey_seckey *seckey, 89 - struct pkey_protkey *protkey); 90 - 91 - /* 92 - * Verify the given secure key for being able to be useable with 93 - * the pkey module. Check for correct key type and check for having at 94 - * least one crypto card being able to handle this key (master key 95 - * or old master key verification pattern matches). 96 - * Return some info about the key: keysize in bits, keytype (currently 97 - * only AES), flag if key is wrapped with an old MKVP. 98 - * @param seckey pointer to buffer with the input secure key 99 - * @param pcardnr pointer to cardnr, receives the card number on success 100 - * @param pdomain pointer to domain, receives the domain number on success 101 - * @param pkeysize pointer to keysize, receives the bitsize of the key 102 - * @param pattributes pointer to attributes, receives additional info 103 - * PKEY_VERIFY_ATTR_AES if the key is an AES key 104 - * PKEY_VERIFY_ATTR_OLD_MKVP if key has old mkvp stored in 105 - * @return 0 on success, negative errno value on failure. If no card could 106 - * be found which is able to handle this key, -ENODEV is returned. 107 - */ 108 - int pkey_verifykey(const struct pkey_seckey *seckey, 109 - u16 *pcardnr, u16 *pdomain, 110 - u16 *pkeysize, u32 *pattributes); 111 - 112 - /* 113 - * In-kernel API: Generate (AES) random protected key. 114 - * @param keytype one of the PKEY_KEYTYPE values 115 - * @param protkey pointer to buffer receiving the protected key 116 - * @return 0 on success, negative errno value on failure 117 - */ 118 - int pkey_genprotkey(__u32 keytype, struct pkey_protkey *protkey); 119 - 120 - /* 121 - * In-kernel API: Verify an (AES) protected key. 122 - * @param protkey pointer to buffer containing the protected key to verify 123 - * @return 0 on success, negative errno value on failure. In case the protected 124 - * key is not valid -EKEYREJECTED is returned 125 - */ 126 - int pkey_verifyprotkey(const struct pkey_protkey *protkey); 127 - 128 - /* 129 19 * In-kernel API: Transform an key blob (of any type) into a protected key. 130 20 * @param key pointer to a buffer containing the key blob 131 21 * @param keylen size of the key blob in bytes 132 22 * @param protkey pointer to buffer receiving the protected key 133 23 * @return 0 on success, negative errno value on failure 134 24 */ 135 - int pkey_keyblob2pkey(const __u8 *key, __u32 keylen, 25 + int pkey_keyblob2pkey(const u8 *key, u32 keylen, 136 26 struct pkey_protkey *protkey); 137 27 138 28 #endif /* _KAPI_PKEY_H */

+16 -21

drivers/s390/crypto/pkey_api.c

··· 2 2 /* 3 3 * pkey device driver 4 4 * 5 - * Copyright IBM Corp. 2017 5 + * Copyright IBM Corp. 2017,2019 6 6 * Author(s): Harald Freudenberger 7 7 */ 8 8 ··· 71 71 /* 72 72 * Create a protected key from a clear key value. 73 73 */ 74 - int pkey_clr2protkey(u32 keytype, 75 - const struct pkey_clrkey *clrkey, 76 - struct pkey_protkey *protkey) 74 + static int pkey_clr2protkey(u32 keytype, 75 + const struct pkey_clrkey *clrkey, 76 + struct pkey_protkey *protkey) 77 77 { 78 78 long fc; 79 79 int keysize; ··· 122 122 123 123 return 0; 124 124 } 125 - EXPORT_SYMBOL(pkey_clr2protkey); 126 125 127 126 /* 128 127 * Find card and transform secure key into protected key. 129 128 */ 130 - int pkey_skey2pkey(const struct pkey_seckey *seckey, 131 - struct pkey_protkey *pkey) 129 + static int pkey_skey2pkey(const struct pkey_seckey *seckey, 130 + struct pkey_protkey *pkey) 132 131 { 133 132 u16 cardnr, domain; 134 133 int rc, verify; ··· 156 157 157 158 return rc; 158 159 } 159 - EXPORT_SYMBOL(pkey_skey2pkey); 160 160 161 161 /* 162 162 * Verify key and give back some info about the key. 163 163 */ 164 - int pkey_verifykey(const struct pkey_seckey *seckey, 165 - u16 *pcardnr, u16 *pdomain, 166 - u16 *pkeysize, u32 *pattributes) 164 + static int pkey_verifykey(const struct pkey_seckey *seckey, 165 + u16 *pcardnr, u16 *pdomain, 166 + u16 *pkeysize, u32 *pattributes) 167 167 { 168 168 struct secaeskeytoken *t = (struct secaeskeytoken *) seckey; 169 169 u16 cardnr, domain; ··· 199 201 DEBUG_DBG("%s rc=%d\n", __func__, rc); 200 202 return rc; 201 203 } 202 - EXPORT_SYMBOL(pkey_verifykey); 203 204 204 205 /* 205 206 * Generate a random protected key 206 207 */ 207 - int pkey_genprotkey(__u32 keytype, struct pkey_protkey *protkey) 208 + static int pkey_genprotkey(u32 keytype, struct pkey_protkey *protkey) 208 209 { 209 210 struct pkey_clrkey clrkey; 210 211 int keysize; ··· 238 241 239 242 return 0; 240 243 } 241 - EXPORT_SYMBOL(pkey_genprotkey); 242 244 243 245 /* 244 246 * Verify if a protected key is still valid 245 247 */ 246 - int pkey_verifyprotkey(const struct pkey_protkey *protkey) 248 + static int pkey_verifyprotkey(const struct pkey_protkey *protkey) 247 249 { 248 250 unsigned long fc; 249 251 struct { ··· 283 287 284 288 return 0; 285 289 } 286 - EXPORT_SYMBOL(pkey_verifyprotkey); 287 290 288 291 /* 289 292 * Transform a non-CCA key token into a protected key 290 293 */ 291 - static int pkey_nonccatok2pkey(const __u8 *key, __u32 keylen, 294 + static int pkey_nonccatok2pkey(const u8 *key, u32 keylen, 292 295 struct pkey_protkey *protkey) 293 296 { 294 297 struct keytoken_header *hdr = (struct keytoken_header *)key; ··· 315 320 /* 316 321 * Transform a CCA internal key token into a protected key 317 322 */ 318 - static int pkey_ccainttok2pkey(const __u8 *key, __u32 keylen, 323 + static int pkey_ccainttok2pkey(const u8 *key, u32 keylen, 319 324 struct pkey_protkey *protkey) 320 325 { 321 326 struct keytoken_header *hdr = (struct keytoken_header *)key; ··· 337 342 /* 338 343 * Transform a key blob (of any type) into a protected key 339 344 */ 340 - int pkey_keyblob2pkey(const __u8 *key, __u32 keylen, 345 + int pkey_keyblob2pkey(const u8 *key, u32 keylen, 341 346 struct pkey_protkey *protkey) 342 347 { 343 348 struct keytoken_header *hdr = (struct keytoken_header *)key; ··· 502 507 case PKEY_KBLOB2PROTK: { 503 508 struct pkey_kblob2pkey __user *utp = (void __user *) arg; 504 509 struct pkey_kblob2pkey ktp; 505 - __u8 __user *ukey; 506 - __u8 *kkey; 510 + u8 __user *ukey; 511 + u8 *kkey; 507 512 508 513 if (copy_from_user(&ktp, utp, sizeof(ktp))) 509 514 return -EFAULT;