s390/pkey/zcrypt: Support EP11 AES secure keys

 * and padding is also possible, the limits need to be generous.

 */

#define PAES_MIN_KEYSIZE 16

#define PAES_MAX_KEYSIZE 256

#define PAES_MAX_KEYSIZE 320

static u8 *ctrblk;

static DEFINE_MUTEX(ctrblk_lock);

#define MAXPROTKEYSIZE	64	/* a protected key blob may be up to 64 bytes */

#define MAXCLRKEYSIZE	32	   /* a clear key value may be up to 32 bytes */

#define MAXAESCIPHERKEYSIZE 136  /* our aes cipher keys have always 136 bytes */

#define MINEP11AESKEYBLOBSIZE 256  /* min EP11 AES key blob size  */

#define MAXEP11AESKEYBLOBSIZE 320  /* max EP11 AES key blob size */

/* Minimum and maximum size of a key blob */

/* Minimum size of a key blob */

#define MINKEYBLOBSIZE	SECKEYBLOBSIZE

#define MAXKEYBLOBSIZE	MAXAESCIPHERKEYSIZE

/* defines for the type field within the pkey_protkey struct */

#define PKEY_KEYTYPE_AES_128		      1

enum pkey_key_type {

	PKEY_TYPE_CCA_DATA   = (__u32) 1,

	PKEY_TYPE_CCA_CIPHER = (__u32) 2,

	PKEY_TYPE_EP11	     = (__u32) 3,

};

/* the newer ioctls use a pkey_key_size enum for key size information */

/*

 * Generate secure key, version 2.

 * Generate either a CCA AES secure key or a CCA AES cipher key.

 * Generate CCA AES secure key, CCA AES cipher key or EP11 AES secure key.

 * There needs to be a list of apqns given with at least one entry in there.

 * All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain

 * is not supported. The implementation walks through the list of apqns and

 * (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to

 * generate a list of apqns based on the key type to generate.

 * The keygenflags argument is passed to the low level generation functions

 * individual for the key type and has a key type specific meaning. Currently

 * only CCA AES cipher keys react to this parameter: Use one or more of the

 * PKEY_KEYGEN_* flags to widen the export possibilities. By default a cipher

 * key is only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC).

 * individual for the key type and has a key type specific meaning. When

 * generating CCA cipher keys you can use one or more of the PKEY_KEYGEN_*

 * flags to widen the export possibilities. By default a cipher key is

 * only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC).

 * The keygenflag argument for generating an EP11 AES key should either be 0

 * to use the defaults which are XCP_BLOB_ENCRYPT, XCP_BLOB_DECRYPT and

 * XCP_BLOB_PROTKEY_EXTRACTABLE or a valid combination of XCP_BLOB_* flags.

 */

struct pkey_genseck2 {

	struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets*/

/*

 * Generate secure key from clear key value, version 2.

 * Construct a CCA AES secure key or CCA AES cipher key from a given clear key

 * value.

 * Construct an CCA AES secure key, CCA AES cipher key or EP11 AES secure

 * key from a given clear key value.

 * There needs to be a list of apqns given with at least one entry in there.

 * All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain

 * is not supported. The implementation walks through the list of apqns and

 * (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to

 * generate a list of apqns based on the key type to generate.

 * The keygenflags argument is passed to the low level generation functions

 * individual for the key type and has a key type specific meaning. Currently

 * only CCA AES cipher keys react to this parameter: Use one or more of the

 * PKEY_KEYGEN_* flags to widen the export possibilities. By default a cipher

 * key is only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC).

 * individual for the key type and has a key type specific meaning. When

 * generating CCA cipher keys you can use one or more of the PKEY_KEYGEN_*

 * flags to widen the export possibilities. By default a cipher key is

 * only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC).

 * The keygenflag argument for generating an EP11 AES key should either be 0

 * to use the defaults which are XCP_BLOB_ENCRYPT, XCP_BLOB_DECRYPT and

 * XCP_BLOB_PROTKEY_EXTRACTABLE or a valid combination of XCP_BLOB_* flags.

 */

struct pkey_clr2seck2 {

	struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets */

 * with one apqn able to handle this key.

 * The function also checks for the master key verification patterns

 * of the key matching to the current or alternate mkvp of the apqn.

 * Currently CCA AES secure keys and CCA AES cipher keys are supported.

 * The flags field is updated with some additional info about the apqn mkvp

 * For CCA AES secure keys and CCA AES cipher keys this means to check

 * the key's mkvp against the current or old mkvp of the apqns. The flags

 * field is updated with some additional info about the apqn mkvp

 * match: If the current mkvp matches to the key's mkvp then the

 * PKEY_FLAGS_MATCH_CUR_MKVP bit is set, if the alternate mkvp matches to

 * the key's mkvp the PKEY_FLAGS_MATCH_ALT_MKVP is set. For CCA keys the

 * alternate mkvp is the old master key verification pattern.

 * CCA AES secure keys are also checked to have the CPACF export allowed

 * bit enabled (XPRTCPAC) in the kmf1 field.

 * EP11 keys are also supported and the wkvp of the key is checked against

 * the current wkvp of the apqns. There is no alternate for this type of

 * key and so on a match the flag PKEY_FLAGS_MATCH_CUR_MKVP always is set.

 * EP11 keys are also checked to have XCP_BLOB_PROTKEY_EXTRACTABLE set.

 * The ioctl returns 0 as long as the given or found apqn matches to

 * matches with the current or alternate mkvp to the key's mkvp. If the given

 * apqn does not match or there is no such apqn found, -1 with errno

/*

 * Build a list of APQNs based on a key blob given.

 * Is able to find out which type of secure key is given (CCA AES secure

 * key or CCA AES cipher key) and tries to find all matching crypto cards

 * based on the MKVP and maybe other criterias (like CCA AES cipher keys

 * need a CEX5C or higher). The list of APQNs is further filtered by the key's

 * mkvp which needs to match to either the current mkvp or the alternate mkvp

 * (which is the old mkvp on CCA adapters) of the apqns. The flags argument may

 * be used to limit the matching apqns. If the PKEY_FLAGS_MATCH_CUR_MKVP is

 * given, only the current mkvp of each apqn is compared. Likewise with the

 * PKEY_FLAGS_MATCH_ALT_MKVP. If both are given, it is assumed to

 * return apqns where either the current or the alternate mkvp

 * key, CCA AES cipher key or EP11 AES key) and tries to find all matching

 * crypto cards based on the MKVP and maybe other criterias (like CCA AES

 * cipher keys need a CEX5C or higher, EP11 keys with BLOB_PKEY_EXTRACTABLE

 * need a CEX7 and EP11 api version 4). The list of APQNs is further filtered

 * by the key's mkvp which needs to match to either the current mkvp (CCA and

 * EP11) or the alternate mkvp (old mkvp, CCA adapters only) of the apqns. The

 * flags argument may be used to limit the matching apqns. If the

 * PKEY_FLAGS_MATCH_CUR_MKVP is given, only the current mkvp of each apqn is

 * compared. Likewise with the PKEY_FLAGS_MATCH_ALT_MKVP. If both are given, it

 * is assumed to return apqns where either the current or the alternate mkvp

 * matches. At least one of the matching flags needs to be given.

 * The flags argument for EP11 keys has no further action and is currently

 * ignored (but needs to be given as PKEY_FLAGS_MATCH_CUR_MKVP) as there is only

 * the wkvp from the key to match against the apqn's wkvp.

 * The list of matching apqns is stored into the space given by the apqns

 * argument and the number of stored entries goes into apqn_entries. If the list

 * is empty (apqn_entries is 0) the apqn_entries field is updated to the number

 * If both are given, it is assumed to return apqns where either the

 * current or the alternate mkvp matches. If no match flag is given

 * (flags is 0) the mkvp values are ignored for the match process.

 * For EP11 keys there is only the current wkvp. So if the apqns should also

 * match to a given wkvp, then the PKEY_FLAGS_MATCH_CUR_MKVP flag should be

 * set. The wkvp value is 32 bytes but only the leftmost 16 bytes are compared

 * against the leftmost 16 byte of the wkvp of the apqn.

 * The list of matching apqns is stored into the space given by the apqns

 * argument and the number of stored entries goes into apqn_entries. If the list

 * is empty (apqn_entries is 0) the apqn_entries field is updated to the number

#include "zcrypt_api.h"

#include "zcrypt_ccamisc.h"

#include "zcrypt_ep11misc.h"

MODULE_LICENSE("GPL");

MODULE_AUTHOR("IBM Corporation");

	return rc;

}

/*

 * Construct EP11 key with given clear key value.

 */

static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen,

			    u8 *keybuf, size_t *keybuflen)

{

	int i, rc;

	u16 card, dom;

	u32 nr_apqns, *apqns = NULL;

	/* build a list of apqns suitable for ep11 keys with cpacf support */

	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,

			    ZCRYPT_CEX7, EP11_API_V, NULL);

	if (rc)

		goto out;

	/* go through the list of apqns and try to bild an ep11 key */

	for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {

		card = apqns[i] >> 16;

		dom = apqns[i] & 0xFFFF;

		rc = ep11_clr2keyblob(card, dom, clrkeylen * 8,

				      0, clrkey, keybuf, keybuflen);

		if (rc == 0)

			break;

	}

out:

	kfree(apqns);

	if (rc)

		DEBUG_DBG("%s failed rc=%d\n", __func__, rc);

	return rc;

}

/*

 * Find card and transform EP11 secure key into protected key.

 */

static int pkey_ep11key2pkey(const u8 *key, struct pkey_protkey *pkey)

{

	int i, rc;

	u16 card, dom;

	u32 nr_apqns, *apqns = NULL;

	struct ep11keyblob *kb = (struct ep11keyblob *) key;

	/* build a list of apqns suitable for this key */

	rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,

			    ZCRYPT_CEX7, EP11_API_V, kb->wkvp);

	if (rc)

		goto out;

	/* go through the list of apqns and try to derive an pkey */

	for (rc = -ENODEV, i = 0; i < nr_apqns; i++) {

		card = apqns[i] >> 16;

		dom = apqns[i] & 0xFFFF;

		rc = ep11_key2protkey(card, dom, key, kb->head.len,

				      pkey->protkey, &pkey->len, &pkey->type);

		if (rc == 0)

			break;

	}

out:

	kfree(apqns);

	if (rc)

		DEBUG_DBG("%s failed rc=%d\n", __func__, rc);

	return rc;

}

/*

 * Verify key and give back some info about the key.

 */

			       struct pkey_protkey *protkey)

{

	int rc = -EINVAL;

	u8 *tmpbuf = NULL;

	struct keytoken_header *hdr = (struct keytoken_header *)key;

	switch (hdr->version) {

	case TOKVER_CLEAR_KEY: {

		struct clearaeskeytoken *t;

		struct pkey_clrkey ckey;

		struct pkey_seckey skey;

		union u_tmpbuf {

			u8 skey[SECKEYBLOBSIZE];

			u8 ep11key[MAXEP11AESKEYBLOBSIZE];

		};

		size_t tmpbuflen = sizeof(union u_tmpbuf);

		if (keylen < sizeof(struct clearaeskeytoken))

			goto out;

			memcpy(ckey.clrkey, t->clearkey, t->len);

		else

			goto out;

		/* alloc temp key buffer space */

		tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC);

		if (!tmpbuf) {

			rc = -ENOMEM;

			goto out;

		}

		/* try direct way with the PCKMO instruction */

		rc = pkey_clr2protkey(t->keytype, &ckey, protkey);

		if (rc == 0)

			break;

		/* PCKMO failed, so try the CCA secure key way */

		rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype,

				    ckey.clrkey, skey.seckey);

				    ckey.clrkey, tmpbuf);

		if (rc == 0)

			rc = pkey_skey2pkey(skey.seckey, protkey);

		/* now we should really have an protected key */

			rc = pkey_skey2pkey(tmpbuf, protkey);

		if (rc == 0)

			break;

		/* if the CCA way also failed, let's try via EP11 */

		rc = pkey_clr2ep11key(ckey.clrkey, t->len,

				      tmpbuf, &tmpbuflen);

		if (rc == 0)

			rc = pkey_ep11key2pkey(tmpbuf, protkey);

		/* now we should really have an protected key */

		DEBUG_ERR("%s unable to build protected key from clear",

			  __func__);

		break;

	}

	case TOKVER_EP11_AES: {

		if (keylen < MINEP11AESKEYBLOBSIZE)

			goto out;

		/* check ep11 key for exportable as protected key */

		rc = ep11_check_aeskeyblob(debug_info, 3, key, 0, 1);

		if (rc)

			goto out;

		rc = pkey_ep11key2pkey(key, protkey);

		break;

	}

	default:

		DEBUG_ERR("%s unknown/unsupported non-CCA token version %d\n",

			  __func__, hdr->version);

	}

out:

	kfree(tmpbuf);

	return rc;

}

		if (*keybufsize < SECKEYBLOBSIZE)

			return -EINVAL;

		break;

	case PKEY_TYPE_EP11:

		if (*keybufsize < MINEP11AESKEYBLOBSIZE)

			return -EINVAL;

		break;

	default:

		return -EINVAL;

	}

	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {

		card = apqns[i].card;

		dom = apqns[i].domain;

		if (ktype == PKEY_TYPE_CCA_DATA) {

		if (ktype == PKEY_TYPE_EP11) {

			rc = ep11_genaeskey(card, dom, ksize, kflags,

					    keybuf, keybufsize);

		} else if (ktype == PKEY_TYPE_CCA_DATA) {

			rc = cca_genseckey(card, dom, ksize, keybuf);

			*keybufsize = (rc ? 0 : SECKEYBLOBSIZE);

		} else /* TOKVER_CCA_VLSC */

		if (*keybufsize < SECKEYBLOBSIZE)

			return -EINVAL;

		break;

	case PKEY_TYPE_EP11:

		if (*keybufsize < MINEP11AESKEYBLOBSIZE)

			return -EINVAL;

		break;

	default:

		return -EINVAL;

	}

	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {

		card = apqns[i].card;

		dom = apqns[i].domain;

		if (ktype == PKEY_TYPE_CCA_DATA) {

		if (ktype == PKEY_TYPE_EP11) {

			rc = ep11_clr2keyblob(card, dom, ksize, kflags,

					      clrkey, keybuf, keybufsize);

		} else if (ktype == PKEY_TYPE_CCA_DATA) {

			rc = cca_clr2seckey(card, dom, ksize,

					    clrkey, keybuf);

			*keybufsize = (rc ? 0 : SECKEYBLOBSIZE);

	u32 _nr_apqns, *_apqns = NULL;

	struct keytoken_header *hdr = (struct keytoken_header *)key;

	if (keylen < sizeof(struct keytoken_header) ||

	    hdr->type != TOKTYPE_CCA_INTERNAL)

	if (keylen < sizeof(struct keytoken_header))

		return -EINVAL;

	if (hdr->version == TOKVER_CCA_AES) {

	if (hdr->type == TOKTYPE_CCA_INTERNAL

	    && hdr->version == TOKVER_CCA_AES) {

		struct secaeskeytoken *t = (struct secaeskeytoken *)key;

		rc = cca_check_secaeskeytoken(debug_info, 3, key, 0);

		*cardnr = ((struct pkey_apqn *)_apqns)->card;

		*domain = ((struct pkey_apqn *)_apqns)->domain;

	} else if (hdr->version == TOKVER_CCA_VLSC) {

	} else if (hdr->type == TOKTYPE_CCA_INTERNAL

		   && hdr->version == TOKVER_CCA_VLSC) {

		struct cipherkeytoken *t = (struct cipherkeytoken *)key;

		rc = cca_check_secaescipherkey(debug_info, 3, key, 0, 1);

		*cardnr = ((struct pkey_apqn *)_apqns)->card;

		*domain = ((struct pkey_apqn *)_apqns)->domain;

	} else if (hdr->type == TOKTYPE_NON_CCA

		   && hdr->version == TOKVER_EP11_AES) {

		struct ep11keyblob *kb = (struct ep11keyblob *)key;

		rc = ep11_check_aeskeyblob(debug_info, 3, key, 0, 1);

		if (rc)

			goto out;

		if (ktype)

			*ktype = PKEY_TYPE_EP11;

		if (ksize)

			*ksize = kb->head.keybitlen;

		rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,

				    ZCRYPT_CEX7, EP11_API_V, kb->wkvp);

		if (rc)

			goto out;

		if (flags)

			*flags = PKEY_FLAGS_MATCH_CUR_MKVP;

		*cardnr = ((struct pkey_apqn *)_apqns)->card;

		*domain = ((struct pkey_apqn *)_apqns)->domain;

	} else

		rc = -EINVAL;

	if (keylen < sizeof(struct keytoken_header))

		return -EINVAL;

	switch (hdr->type) {

	case TOKTYPE_NON_CCA:

		return pkey_nonccatok2pkey(key, keylen, pkey);

	case TOKTYPE_CCA_INTERNAL:

		switch (hdr->version) {

		case TOKVER_CCA_AES:

	if (hdr->type == TOKTYPE_CCA_INTERNAL) {

		if (hdr->version == TOKVER_CCA_AES) {

			if (keylen != sizeof(struct secaeskeytoken))

				return -EINVAL;

			if (cca_check_secaeskeytoken(debug_info, 3, key, 0))

				return -EINVAL;

			break;

		case TOKVER_CCA_VLSC:

		} else if (hdr->version == TOKVER_CCA_VLSC) {

			if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE)

				return -EINVAL;

			if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))

				return -EINVAL;

			break;

		default:

		} else {

			DEBUG_ERR("%s unknown CCA internal token version %d\n",

				  __func__, hdr->version);

			return -EINVAL;

		}

		break;

	default:

	} else if (hdr->type == TOKTYPE_NON_CCA) {

		if (hdr->version == TOKVER_EP11_AES) {

			if (keylen < sizeof(struct ep11keyblob))

				return -EINVAL;

			if (ep11_check_aeskeyblob(debug_info, 3, key, 0, 1))

				return -EINVAL;

		} else {

			return pkey_nonccatok2pkey(key, keylen, pkey);

		}

	} else {

		DEBUG_ERR("%s unknown/unsupported blob type %d\n",

			  __func__, hdr->type);

		return -EINVAL;

	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {

		card = apqns[i].card;

		dom = apqns[i].domain;

		if (hdr->version == TOKVER_CCA_AES)

		if (hdr->type == TOKTYPE_CCA_INTERNAL

		    && hdr->version == TOKVER_CCA_AES)

			rc = cca_sec2protkey(card, dom, key, pkey->protkey,

					     &pkey->len, &pkey->type);

		else /* TOKVER_CCA_VLSC */

		else if (hdr->type == TOKTYPE_CCA_INTERNAL

			 && hdr->version == TOKVER_CCA_VLSC)

			rc = cca_cipher2protkey(card, dom, key, pkey->protkey,

						&pkey->len, &pkey->type);

		else { /* EP11 AES secure key blob */

			struct ep11keyblob *kb = (struct ep11keyblob *) key;

			rc = ep11_key2protkey(card, dom, key, kb->head.len,

					      pkey->protkey, &pkey->len,

					      &pkey->type);

		}

		if (rc == 0)

			break;

	}

	u32 _nr_apqns, *_apqns = NULL;

	struct keytoken_header *hdr = (struct keytoken_header *)key;

	if (keylen < sizeof(struct keytoken_header) ||

	    hdr->type != TOKTYPE_CCA_INTERNAL ||

	    flags == 0)

	if (keylen < sizeof(struct keytoken_header) || flags == 0)

		return -EINVAL;

	if (hdr->version == TOKVER_CCA_AES || hdr->version == TOKVER_CCA_VLSC) {

	if (hdr->type == TOKTYPE_NON_CCA && hdr->version == TOKVER_EP11_AES) {

		int minhwtype = 0, api = 0;

		struct ep11keyblob *kb = (struct ep11keyblob *) key;

		if (flags != PKEY_FLAGS_MATCH_CUR_MKVP)

			return -EINVAL;

		if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) {

			minhwtype = ZCRYPT_CEX7;

			api = EP11_API_V;

		}

		rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,

				    minhwtype, api, kb->wkvp);

		if (rc)

			goto out;

	} else if (hdr->type == TOKTYPE_CCA_INTERNAL) {

		int minhwtype = ZCRYPT_CEX3C;

		u64 cur_mkvp = 0, old_mkvp = 0;

				cur_mkvp = t->mkvp;

			if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)

				old_mkvp = t->mkvp;

		} else {

		} else if (hdr->version == TOKVER_CCA_VLSC) {

			struct cipherkeytoken *t = (struct cipherkeytoken *)key;

			minhwtype = ZCRYPT_CEX6;

				cur_mkvp = t->mkvp0;

			if (flags & PKEY_FLAGS_MATCH_ALT_MKVP)

				old_mkvp = t->mkvp0;

		} else {

			/* unknown cca internal token type */

			return -EINVAL;

		}

		rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,

				   minhwtype, cur_mkvp, old_mkvp, 1);

		if (rc)

			goto out;

	} else

		return -EINVAL;

	if (apqns) {

		if (*nr_apqns < _nr_apqns)

			rc = -ENOSPC;

			memcpy(apqns, _apqns, _nr_apqns * sizeof(u32));

	}

	*nr_apqns = _nr_apqns;

	}

out:

	kfree(_apqns);

				   minhwtype, cur_mkvp, old_mkvp, 1);

		if (rc)

			goto out;

	} else if (ktype == PKEY_TYPE_EP11) {

		u8 *wkvp = NULL;

		if (flags & PKEY_FLAGS_MATCH_CUR_MKVP)

			wkvp = cur_mkvp;

		rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF,

				    ZCRYPT_CEX7, EP11_API_V, wkvp);

		if (rc)

			goto out;

	} else

		return -EINVAL;

	if (apqns) {

		if (*nr_apqns < _nr_apqns)

			rc = -ENOSPC;

			memcpy(apqns, _apqns, _nr_apqns * sizeof(u32));

	}

	*nr_apqns = _nr_apqns;

	}

out:

	kfree(_apqns);

					    bool is_xts, char *buf, loff_t off,

					    size_t count)

{

	size_t keysize;

	int rc;

	int i, rc, card, dom;

	u32 nr_apqns, *apqns = NULL;

	size_t keysize = CCACIPHERTOKENSIZE;

	if (off != 0 || count < CCACIPHERTOKENSIZE)

		return -EINVAL;

		if (count < 2 * CCACIPHERTOKENSIZE)

			return -EINVAL;

	keysize = CCACIPHERTOKENSIZE;

	rc = cca_gencipherkey(-1, -1, keybits, 0, buf, &keysize);

	/* build a list of apqns able to generate an cipher key */

	rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF,

			   ZCRYPT_CEX6, 0, 0, 0);

	if (rc)

		return rc;

	memset(buf + keysize, 0, CCACIPHERTOKENSIZE - keysize);

	if (is_xts) {

		keysize = CCACIPHERTOKENSIZE;

		rc = cca_gencipherkey(-1, -1, keybits, 0,

				      buf + CCACIPHERTOKENSIZE, &keysize);

	memset(buf, 0, is_xts ? 2 * keysize : keysize);

	/* simple try all apqns from the list */

	for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {

		card = apqns[i] >> 16;

		dom = apqns[i] & 0xFFFF;

		rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);

		if (rc == 0)

			break;

	}

		if (rc)

			return rc;

		memset(buf + CCACIPHERTOKENSIZE + keysize, 0,

		       CCACIPHERTOKENSIZE - keysize);

	if (is_xts) {

		keysize = CCACIPHERTOKENSIZE;

		buf += CCACIPHERTOKENSIZE;

		rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize);

		if (rc == 0)

			return 2 * CCACIPHERTOKENSIZE;

	}

	.bin_attrs = ccacipher_attrs,

};

/*

 * Sysfs attribute read function for all ep11 aes key binary attributes.

 * The implementation can not deal with partial reads, because a new random

 * secure key blob is generated with each read. In case of partial reads

 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.

 * This function and the sysfs attributes using it provide EP11 key blobs

 * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently

 * 320 bytes.

 */

static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,

				       bool is_xts, char *buf, loff_t off,

				       size_t count)

{

	int i, rc, card, dom;

	u32 nr_apqns, *apqns = NULL;

	size_t keysize = MAXEP11AESKEYBLOBSIZE;

	if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)

		return -EINVAL;