s390/pkey: Unify pkey cca, ep11 and pckmo functions signatures

			rc = pkey_cca_gen_key(apqns[i].card,

					      apqns[i].domain,

					      u, keytype, keybitsize, flags,

					      keybuf, keybuflen);

					      keybuf, keybuflen, NULL);

		}

	} else if (pkey_is_ep11_keytype(keytype)) {

		/* As of now only EP11 AES key generation is supported */

			rc = pkey_ep11_gen_key(apqns[i].card,

					       apqns[i].domain,

					       u, keytype, keybitsize, flags,

					       keybuf, keybuflen);

					       keybuf, keybuflen, NULL);

		}

	} else {

		PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",

					      apqns[i].domain,

					      u, keytype, kbitsize, flags,

					      clrkey, kbitsize / 8,

					      keybuf, keybuflen);

					      keybuf, keybuflen, NULL);

		}

	} else if (pkey_is_ep11_keytype(keytype)) {

		/* As of now only EP11 AES key generation is supported */

					       apqns[i].domain,

					       u, keytype, kbitsize, flags,

					       clrkey, kbitsize / 8,

					       keybuf, keybuflen);

					       keybuf, keybuflen, NULL);

		}

	} else {

		PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n",

		nr_apqns = MAXAPQNSINLIST;

		rc = pkey_cca_apqns4type(PKEY_TYPE_CCA_DATA,

					 NULL, NULL, 0, apqns, &nr_apqns);

		pr_debug("pkey_cca_apqns4type(CCA_DATA)=%d\n", rc);

		if (rc)

			goto try_via_ep11;

		for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {

					      t->keytype, PKEY_TYPE_CCA_DATA,

					      8 * keysize, 0,

					      t->clearkey, t->len,

					      tmpbuf, &tmplen);

					      tmpbuf, &tmplen, NULL);

			pr_debug("pkey_cca_clr2key()=%d\n", rc);

		}

		if (rc)

			goto try_via_ep11;

						  tmpbuf, tmplen,

						  protkey, protkeylen,

						  protkeytype);

			pr_debug("pkey_cca_key2protkey()=%d\n", rc);

		}

		if (!rc)

			break;

		nr_apqns = MAXAPQNSINLIST;

		rc = pkey_ep11_apqns4type(PKEY_TYPE_EP11_AES,

					  NULL, NULL, 0, apqns, &nr_apqns);

		pr_debug("pkey_ep11_apqns4type(EP11_AES)=%d\n", rc);

		if (rc)

			continue;

		for (j = 0, rc = -ENODEV; j < nr_apqns && rc; j++) {

					       t->keytype, PKEY_TYPE_EP11_AES,

					       8 * keysize, 0,

					       t->clearkey, t->len,

					       tmpbuf, &tmplen);

					       tmpbuf, &tmplen, NULL);

			pr_debug("pkey_ep11_clr2key()=%d\n", rc);

		}

		if (rc)

			continue;

						   tmpbuf, tmplen,

						   protkey, protkeylen,

						   protkeytype);

			pr_debug("pkey_ep11_key2protkey()=%d\n", rc);

		}

	}

{

	int rc;

	rc = pkey_pckmo_key2protkey(key, keylen,

				    protkey, protkeylen,

				    protkeytype);

	rc = pkey_pckmo_key2protkey(0, 0, key, keylen,

				    protkey, protkeylen, protkeytype);

	if (rc == -ENODEV) {

		struct keytoken_header *hdr = (struct keytoken_header *)key;

		struct clearkeytoken *t = (struct clearkeytoken *)key;

	keybuflen = sizeof(kgs.seckey.seckey);

	rc = pkey_cca_gen_key(kgs.cardnr, kgs.domain,

			      kgs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,

			      kgs.seckey.seckey, &keybuflen);

			      kgs.seckey.seckey, &keybuflen, NULL);

	pr_debug("pkey_cca_gen_key()=%d\n", rc);

	if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs)))

		rc = -EFAULT;

			      kcs.keytype, PKEY_TYPE_CCA_DATA, 0, 0,

			      kcs.clrkey.clrkey,

			      pkey_keytype_aes_to_size(kcs.keytype),

			      kcs.seckey.seckey, &keybuflen);

			      kcs.seckey.seckey, &keybuflen, NULL);

	pr_debug("pkey_cca_clr2key()=%d\n", rc);

	if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs)))

		rc = -EFAULT;

	if (copy_from_user(&kcp, ucp, sizeof(kcp)))

		return -EFAULT;

	kcp.protkey.len = sizeof(kcp.protkey.protkey);

	rc = pkey_pckmo_clr2protkey(kcp.keytype, kcp.clrkey.clrkey,

	rc = pkey_pckmo_clr2key(0, 0, kcp.keytype, 0, 0, 0,

				kcp.clrkey.clrkey, 0,

				kcp.protkey.protkey,

				&kcp.protkey.len, &kcp.protkey.type);

	pr_debug("pkey_pckmo_clr2protkey()=%d\n", rc);

	pr_debug("pkey_pckmo_clr2key()=%d\n", rc);

	if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp)))

		rc = -EFAULT;

	memzero_explicit(&kcp, sizeof(kcp));

	if (copy_from_user(&kgp, ugp, sizeof(kgp)))

		return -EFAULT;

	kgp.protkey.len = sizeof(kgp.protkey.protkey);

	rc = pkey_pckmo_gen_protkey(kgp.keytype, kgp.protkey.protkey,

	rc = pkey_pckmo_gen_key(0, 0, kgp.keytype, 0, 0, 0,

				kgp.protkey.protkey,

				&kgp.protkey.len, &kgp.protkey.type);

	pr_debug("pkey_gen_protkey()=%d\n", rc);

	pr_debug("pkey_pckmo_gen_key()=%d\n", rc);

	if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp)))

		rc = -EFAULT;

	memzero_explicit(&kgp, sizeof(kgp));

	if (copy_from_user(&kvp, uvp, sizeof(kvp)))

		return -EFAULT;

	rc = pkey_pckmo_verify_protkey(kvp.protkey.protkey,

				       kvp.protkey.len, kvp.protkey.type);

	pr_debug("pkey_verify_protkey()=%d\n", rc);

	rc = pkey_pckmo_verifykey(kvp.protkey.protkey, kvp.protkey.len,

				  0, 0, &kvp.protkey.type, 0, 0);

	pr_debug("pkey_pckmo_verifykey()=%d\n", rc);

	memzero_explicit(&kvp, sizeof(kvp));

	return rc;

int pkey_cca_gen_key(u16 card, u16 dom,

		     u32 keytype, u32 keysubtype,

		     u32 keybitsize, u32 flags,

		     u8 *keybuf, u32 *keybuflen);

		     u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);

int pkey_cca_clr2key(u16 card, u16 dom,

		     u32 keytype, u32 keysubtype,

		     u32 keybitsize, u32 flags,

		     const u8 *clrkey, u32 clrkeylen,

		     u8 *keybuf, u32 *keybuflen);

		     u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);

int pkey_cca_verifykey(const u8 *key, u32 keylen,

		       u16 *card, u16 *dom,

		       u32 *keytype, u32 *keybitsize, u32 *flags);

int pkey_ep11_gen_key(u16 card, u16 dom,

		      u32 keytype, u32 keysubtype,

		      u32 keybitsize, u32 flags,

		      u8 *keybuf, u32 *keybuflen);

		      u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);

int pkey_ep11_clr2key(u16 card, u16 dom,

		      u32 keytype, u32 keysubtype,

		      u32 keybitsize, u32 flags,

		      const u8 *clrkey, u32 clrkeylen,

		      u8 *keybuf, u32 *keybuflen);

		      u8 *keybuf, u32 *keybuflen, u32 *_keyinfo);

int pkey_ep11_verifykey(const u8 *key, u32 keylen,

			u16 *card, u16 *dom,

			u32 *keytype, u32 *keybitsize, u32 *flags);

 */

bool pkey_is_pckmo_key(const u8 *key, u32 keylen);

int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,

			   u8 *protkey, u32 *protkeylen, u32 *protkeytype);

int pkey_pckmo_gen_protkey(u32 keytype,

			   u8 *protkey, u32 *protkeylen, u32 *protkeytype);

int pkey_pckmo_clr2protkey(u32 keytype, const u8 *clrkey,

int pkey_pckmo_key2protkey(u16 _card, u16 _dom,

			   const u8 *key, u32 keylen,

			   u8 *protkey, u32 *protkeylen, u32 *protkeytype);

int pkey_pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,

			      u32 protkeytype);

int pkey_pckmo_gen_key(u16 _card, u16 _dom,

		       u32 keytype, u32 _keysubtype,

		       u32 _keybitsize, u32 _flags,

		       u8 *keybuf, u32 *keybuflen, u32 *keyinfo);

int pkey_pckmo_clr2key(u16 _card, u16 _dom,

		       u32 keytype, u32 _keysubtype,

		       u32 _keybitsize, u32 _flags,

		       const u8 *clrkey, u32 clrkeylen,

		       u8 *keybuf, u32 *keybuflen, u32 *keyinfo);

int pkey_pckmo_verifykey(const u8 *key, u32 keylen,

			 u16 *_card, u16 *_dom,

			 u32 *keytype, u32 *_keybitsize, u32 *_flags);

/*

 * pkey_sysfs.c:

int pkey_cca_gen_key(u16 card, u16 dom,

		     u32 keytype, u32 subtype,

		     u32 keybitsize, u32 flags,

		     u8 *keybuf, u32 *keybuflen)

		     u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)

{

	int len, rc;

		     u32 keytype, u32 subtype,

		     u32 keybitsize, u32 flags,

		     const u8 *clrkey, u32 clrkeylen,

		     u8 *keybuf, u32 *keybuflen)

		     u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)

{

	int len, rc;

						3, key, keylen, 1))

			return -EINVAL;

		rc = ep11_kblob2protkey(card, dom, key, hdr->len,

					protkey, protkeylen,

					protkeytype);

					protkey, protkeylen, protkeytype);

	} else if (hdr->type == TOKTYPE_NON_CCA &&

		   hdr->version == TOKVER_EP11_ECC_WITH_HEADER &&

		   is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {

						3, key, keylen, 1))

			return -EINVAL;

		rc = ep11_kblob2protkey(card, dom, key, hdr->len,

					protkey, protkeylen,

					protkeytype);

					protkey, protkeylen, protkeytype);

	} else if (hdr->type == TOKTYPE_NON_CCA &&

		   hdr->version == TOKVER_EP11_AES &&

		   is_ep11_keyblob(key)) {

		if (ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1))

			return -EINVAL;

		rc = ep11_kblob2protkey(card, dom, key, hdr->len,

					protkey, protkeylen,

					protkeytype);

					protkey, protkeylen, protkeytype);

	} else {

		PKEY_DBF_ERR("%s unknown/unsupported blob type %d version %d\n",

			     __func__, hdr->type, hdr->version);

int pkey_ep11_gen_key(u16 card, u16 dom,

		      u32 keytype, u32 subtype,

		      u32 keybitsize, u32 flags,

		      u8 *keybuf, u32 *keybuflen)

		      u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)

{

	int len, rc;

		      u32 keytype, u32 subtype,

		      u32 keybitsize, u32 flags,

		      const u8 *clrkey, u32 clrkeylen,

		      u8 *keybuf, u32 *keybuflen)

		      u8 *keybuf, u32 *keybuflen, u32 *_keyinfo)

{

	int len, rc;

#include "pkey_base.h"

/*

 * Check key blob for known and supported here.

 * Prototypes

 */

static bool is_pckmo_key(const u8 *key, u32 keylen);

static int pckmo_key2protkey(const u8 *key, u32 keylen,

			     u8 *protkey, u32 *protkeylen, u32 *protkeytype);

static int pckmo_gen_protkey(u32 keytype,

			     u8 *protkey, u32 *protkeylen, u32 *protkeytype);

static int pckmo_clr2protkey(u32 keytype, const u8 *clrkey, u32 clrkeylen,

			     u8 *protkey, u32 *protkeylen, u32 *protkeytype);

static int pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,

				u32 protkeytype);

/*

 * Wrapper functions

 */

bool pkey_is_pckmo_key(const u8 *key, u32 keylen)

{

	return is_pckmo_key(key, keylen);

}

int pkey_pckmo_key2protkey(u16 _card, u16 _dom,

			   const u8 *key, u32 keylen,

			   u8 *protkey, u32 *protkeylen, u32 *keyinfo)

{

	return pckmo_key2protkey(key, keylen,

				 protkey, protkeylen, keyinfo);

}

int pkey_pckmo_gen_key(u16 _card, u16 _dom,

		       u32 keytype, u32 _keysubtype,

		       u32 _keybitsize, u32 _flags,

		       u8 *keybuf, u32 *keybuflen, u32 *keyinfo)

{

	return pckmo_gen_protkey(keytype,

				 keybuf, keybuflen, keyinfo);

}

int pkey_pckmo_clr2key(u16 _card, u16 _dom,

		       u32 keytype, u32 _keysubtype,

		       u32 _keybitsize, u32 _flags,

		       const u8 *clrkey, u32 clrkeylen,

		       u8 *keybuf, u32 *keybuflen, u32 *keyinfo)

{

	return pckmo_clr2protkey(keytype, clrkey, clrkeylen,

				 keybuf, keybuflen, keyinfo);

}

int pkey_pckmo_verifykey(const u8 *key, u32 keylen,

			 u16 *_card, u16 *_dom,

			 u32 *keytype, u32 *_keybitsize, u32 *_flags)

{

	return pckmo_verify_protkey(key, keylen, *keytype);

}

/*

 * Check key blob for known and supported here.

 */

static bool is_pckmo_key(const u8 *key, u32 keylen)

{

	struct keytoken_header *hdr = (struct keytoken_header *)key;

	struct clearkeytoken *t = (struct clearkeytoken *)key;

	}

}

int pkey_pckmo_key2protkey(const u8 *key, u32 keylen,

static int pckmo_key2protkey(const u8 *key, u32 keylen,

			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)

{

	struct keytoken_header *hdr = (struct keytoken_header *)key;

		if (keylen != sizeof(struct protaeskeytoken))

			goto out;

		t = (struct protaeskeytoken *)key;

		rc = pkey_pckmo_verify_protkey(t->protkey, t->len,

					       t->keytype);

		rc = pckmo_verify_protkey(t->protkey, t->len, t->keytype);

		if (rc)

			goto out;

		memcpy(protkey, t->protkey, t->len);

				     __func__, t->len);

			goto out;

		}

		rc = pkey_pckmo_clr2protkey(t->keytype, t->clearkey,

		rc = pckmo_clr2protkey(t->keytype, t->clearkey, t->len,

				       protkey, protkeylen, protkeytype);

		break;

	}

 * Currently only the generation of AES protected keys

 * is supported.

 */

int pkey_pckmo_gen_protkey(u32 keytype, u8 *protkey,

static int pckmo_gen_protkey(u32 keytype, u8 *protkey,

			     u32 *protkeylen, u32 *protkeytype)

{

	u8 clrkey[32];

	get_random_bytes(clrkey, keysize);

	/* convert it to a dummy protected key */

	rc = pkey_pckmo_clr2protkey(keytype, clrkey,

	rc = pckmo_clr2protkey(keytype, clrkey, keysize,

			       protkey, protkeylen, protkeytype);

	if (rc)

		goto out;

/*

 * Create a protected key from a clear key value via PCKMO instruction.

 */

int pkey_pckmo_clr2protkey(u32 keytype, const u8 *clrkey,

static int pckmo_clr2protkey(u32 keytype, const u8 *clrkey, u32 clrkeylen,

			     u8 *protkey, u32 *protkeylen, u32 *protkeytype)

{

	/* mask of available pckmo subfunctions */

		goto out;

	}

	if (clrkeylen && clrkeylen < keysize) {

		PKEY_DBF_ERR("%s clear key size too small: %u < %d\n",

			     __func__, clrkeylen, keysize);

		goto out;

	}

	if (*protkeylen < keysize + AES_WK_VP_SIZE) {

		PKEY_DBF_ERR("%s prot key buffer size too small: %u < %d\n",

			     __func__, *protkeylen, keysize + AES_WK_VP_SIZE);

 * Verify a protected key blob.

 * Currently only AES protected keys are supported.

 */

int pkey_pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,

static int pckmo_verify_protkey(const u8 *protkey, u32 protkeylen,

				u32 protkeytype)

{

	struct {