1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright IBM Corp. 2001, 2012
4 * Author(s): Robert Burroughs
5 * Eric Rossman (edrossma@us.ibm.com)
7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
9 * Ralph Wuerthner <rwuerthn@de.ibm.com>
10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com>
13 #define KMSG_COMPONENT "zcrypt"
14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/err.h>
19 #include <linux/delay.h>
20 #include <linux/slab.h>
21 #include <linux/atomic.h>
22 #include <linux/uaccess.h>
25 #include "zcrypt_api.h"
26 #include "zcrypt_error.h"
27 #include "zcrypt_msgtype6.h"
28 #include "zcrypt_cca_key.h"
30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */
32 #define CEIL4(x) ((((x)+3)/4)*4)
34 struct response_type {
35 struct completion work;
38 #define CEXXC_RESPONSE_TYPE_ICA 0
39 #define CEXXC_RESPONSE_TYPE_XCRB 1
40 #define CEXXC_RESPONSE_TYPE_EP11 2
42 MODULE_AUTHOR("IBM Corporation");
43 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
44 "Copyright IBM Corp. 2001, 2012");
45 MODULE_LICENSE("GPL");
49 * Note that all shorts, ints and longs are little-endian.
50 * All pointer fields are 32-bits long, and mean nothing
52 * A request CPRB is followed by a request_parameter_block.
54 * The request (or reply) parameter block is organized thus:
60 unsigned short cprb_len; /* CPRB length */
61 unsigned char cprb_ver_id; /* CPRB version id. */
62 unsigned char pad_000; /* Alignment pad byte. */
63 unsigned char srpi_rtcode[4]; /* SRPI return code LELONG */
64 unsigned char srpi_verb; /* SRPI verb type */
65 unsigned char flags; /* flags */
66 unsigned char func_id[2]; /* function id */
67 unsigned char checkpoint_flag; /* */
68 unsigned char resv2; /* reserved */
69 unsigned short req_parml; /* request parameter buffer */
70 /* length 16-bit little endian */
71 unsigned char req_parmp[4]; /* request parameter buffer *
72 * pointer (means nothing: the *
73 * parameter buffer follows *
75 unsigned char req_datal[4]; /* request data buffer */
77 unsigned char req_datap[4]; /* request data buffer */
79 unsigned short rpl_parml; /* reply parameter buffer */
80 /* length 16-bit little endian */
81 unsigned char pad_001[2]; /* Alignment pad bytes. ULESHORT */
82 unsigned char rpl_parmp[4]; /* reply parameter buffer *
83 * pointer (means nothing: the *
84 * parameter buffer follows *
86 unsigned char rpl_datal[4]; /* reply data buffer len ULELONG */
87 unsigned char rpl_datap[4]; /* reply data buffer */
89 unsigned short ccp_rscode; /* server reason code ULESHORT */
90 unsigned short ccp_rtcode; /* server return code ULESHORT */
91 unsigned char repd_parml[2]; /* replied parameter len ULESHORT*/
92 unsigned char mac_data_len[2]; /* Mac Data Length ULESHORT */
93 unsigned char repd_datal[4]; /* replied data length ULELONG */
94 unsigned char req_pc[2]; /* PC identifier */
95 unsigned char res_origin[8]; /* resource origin */
96 unsigned char mac_value[8]; /* Mac Value */
97 unsigned char logon_id[8]; /* Logon Identifier */
98 unsigned char usage_domain[2]; /* cdx */
99 unsigned char resv3[18]; /* reserved for requestor */
100 unsigned short svr_namel; /* server name length ULESHORT */
101 unsigned char svr_name[8]; /* server name */
104 struct function_and_rules_block {
105 unsigned char function_code[2];
107 unsigned char only_rule[8];
111 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP
112 * card in a type6 message. The 3 fields that must be filled in at execution
113 * time are req_parml, rpl_parml and usage_domain.
114 * Everything about this interface is ascii/big-endian, since the
115 * device does *not* have 'Intel inside'.
117 * The CPRBX is followed immediately by the parm block.
118 * The parm block contains:
119 * - function code ('PD' 0x5044 or 'PK' 0x504B)
120 * - rule block (one of:)
121 * + 0x000A 'PKCS-1.2' (MCL2 'PD')
122 * + 0x000A 'ZERO-PAD' (MCL2 'PK')
123 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
124 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK')
127 static const struct CPRBX static_cprbx = {
130 .func_id = {0x54, 0x32},
133 int speed_idx_cca(int req_type)
208 int speed_idx_ep11(int req_type)
240 * Convert a ICAMEX message to a type6 MEX message.
242 * @zq: crypto device pointer
243 * @ap_msg: pointer to AP message
244 * @mex: pointer to user input data
246 * Returns 0 on success or negative errno value.
248 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq,
249 struct ap_message *ap_msg,
250 struct ica_rsa_modexpo *mex)
252 static struct type6_hdr static_type6_hdrX = {
254 .offset1 = 0x00000058,
255 .agent_id = {'C', 'A',},
256 .function_code = {'P', 'K'},
258 static struct function_and_rules_block static_pke_fnr = {
259 .function_code = {'P', 'K'},
261 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
264 struct type6_hdr hdr;
266 struct function_and_rules_block fr;
267 unsigned short length;
269 } __packed * msg = ap_msg->message;
273 * The inputdatalength was a selection criteria in the dispatching
274 * function zcrypt_rsa_modexpo(). However, make sure the following
275 * copy_from_user() never exceeds the allocated buffer space.
277 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
281 msg->length = mex->inputdatalength + 2;
282 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
285 /* Set up key which is located after the variable length text. */
286 size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength);
289 size += sizeof(*msg) + mex->inputdatalength;
291 /* message header, cprbx and f&r */
292 msg->hdr = static_type6_hdrX;
293 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
294 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
296 msg->cprbx = static_cprbx;
297 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
298 msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
300 msg->fr = static_pke_fnr;
302 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
304 ap_msg->length = size;
309 * Convert a ICACRT message to a type6 CRT message.
311 * @zq: crypto device pointer
312 * @ap_msg: pointer to AP message
313 * @crt: pointer to user input data
315 * Returns 0 on success or negative errno value.
317 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq,
318 struct ap_message *ap_msg,
319 struct ica_rsa_modexpo_crt *crt)
321 static struct type6_hdr static_type6_hdrX = {
323 .offset1 = 0x00000058,
324 .agent_id = {'C', 'A',},
325 .function_code = {'P', 'D'},
327 static struct function_and_rules_block static_pkd_fnr = {
328 .function_code = {'P', 'D'},
330 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
334 struct type6_hdr hdr;
336 struct function_and_rules_block fr;
337 unsigned short length;
339 } __packed * msg = ap_msg->message;
343 * The inputdatalength was a selection criteria in the dispatching
344 * function zcrypt_rsa_crt(). However, make sure the following
345 * copy_from_user() never exceeds the allocated buffer space.
347 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
351 msg->length = crt->inputdatalength + 2;
352 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
355 /* Set up key which is located after the variable length text. */
356 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
359 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */
361 /* message header, cprbx and f&r */
362 msg->hdr = static_type6_hdrX;
363 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
364 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
366 msg->cprbx = static_cprbx;
367 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
368 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
369 size - sizeof(msg->hdr) - sizeof(msg->cprbx);
371 msg->fr = static_pkd_fnr;
373 ap_msg->length = size;
378 * Convert a XCRB message to a type6 CPRB message.
380 * @zq: crypto device pointer
381 * @ap_msg: pointer to AP message
382 * @xcRB: pointer to user input data
384 * Returns 0 on success or -EFAULT, -EINVAL.
386 struct type86_fmt2_msg {
387 struct type86_hdr hdr;
388 struct type86_fmt2_ext fmt2;
391 static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg,
392 struct ica_xcRB *xcRB,
394 unsigned short **dom)
396 static struct type6_hdr static_type6_hdrX = {
398 .offset1 = 0x00000058,
401 struct type6_hdr hdr;
403 } __packed * msg = ap_msg->message;
405 int rcblen = CEIL4(xcRB->request_control_blk_length);
406 int replylen, req_sumlen, resp_sumlen;
407 char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen;
410 if (CEIL4(xcRB->request_control_blk_length) <
411 xcRB->request_control_blk_length)
412 return -EINVAL; /* overflow after alignment*/
415 ap_msg->length = sizeof(struct type6_hdr) +
416 CEIL4(xcRB->request_control_blk_length) +
417 xcRB->request_data_length;
418 if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE)
423 * sum must be greater (or equal) than the largest operand
425 req_sumlen = CEIL4(xcRB->request_control_blk_length) +
426 xcRB->request_data_length;
427 if ((CEIL4(xcRB->request_control_blk_length) <=
428 xcRB->request_data_length) ?
429 (req_sumlen < xcRB->request_data_length) :
430 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
434 if (CEIL4(xcRB->reply_control_blk_length) <
435 xcRB->reply_control_blk_length)
436 return -EINVAL; /* overflow after alignment*/
438 replylen = sizeof(struct type86_fmt2_msg) +
439 CEIL4(xcRB->reply_control_blk_length) +
440 xcRB->reply_data_length;
441 if (replylen > MSGTYPE06_MAX_MSG_SIZE)
446 * sum must be greater (or equal) than the largest operand
448 resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
449 xcRB->reply_data_length;
450 if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
451 (resp_sumlen < xcRB->reply_data_length) :
452 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
456 /* prepare type6 header */
457 msg->hdr = static_type6_hdrX;
458 memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
459 msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
460 if (xcRB->request_data_length) {
461 msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
462 msg->hdr.ToCardLen2 = xcRB->request_data_length;
464 msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
465 msg->hdr.FromCardLen2 = xcRB->reply_data_length;
468 if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr,
469 xcRB->request_control_blk_length))
471 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
472 xcRB->request_control_blk_length)
474 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
475 memcpy(msg->hdr.function_code, function_code,
476 sizeof(msg->hdr.function_code));
478 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
479 *dom = (unsigned short *)&msg->cprbx.domain;
481 if (memcmp(function_code, "US", 2) == 0
482 || memcmp(function_code, "AU", 2) == 0)
487 /* copy data block */
488 if (xcRB->request_data_length &&
489 copy_from_user(req_data, xcRB->request_data_address,
490 xcRB->request_data_length))
496 static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg,
497 struct ep11_urb *xcRB,
501 static struct type6_hdr static_type6_ep11_hdr = {
503 .rqid = {0x00, 0x01},
504 .function_code = {0x00, 0x00},
505 .agent_id[0] = 0x58, /* {'X'} */
506 .agent_id[1] = 0x43, /* {'C'} */
507 .offset1 = 0x00000058,
511 struct type6_hdr hdr;
512 struct ep11_cprb cprbx;
513 unsigned char pld_tag; /* fixed value 0x30 */
514 unsigned char pld_lenfmt; /* payload length format */
515 } __packed * msg = ap_msg->message;
518 unsigned char func_tag; /* fixed value 0x4 */
519 unsigned char func_len; /* fixed value 0x4 */
520 unsigned int func_val; /* function ID */
521 unsigned char dom_tag; /* fixed value 0x4 */
522 unsigned char dom_len; /* fixed value 0x4 */
523 unsigned int dom_val; /* domain id */
524 } __packed * payload_hdr = NULL;
526 if (CEIL4(xcRB->req_len) < xcRB->req_len)
527 return -EINVAL; /* overflow after alignment*/
530 ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len;
531 if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
532 (sizeof(struct type6_hdr)))
535 if (CEIL4(xcRB->resp_len) < xcRB->resp_len)
536 return -EINVAL; /* overflow after alignment*/
538 if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
539 (sizeof(struct type86_fmt2_msg)))
542 /* prepare type6 header */
543 msg->hdr = static_type6_ep11_hdr;
544 msg->hdr.ToCardLen1 = xcRB->req_len;
545 msg->hdr.FromCardLen1 = xcRB->resp_len;
547 /* Import CPRB data from the ioctl input parameter */
548 if (copy_from_user(&(msg->cprbx.cprb_len),
549 (char __force __user *)xcRB->req, xcRB->req_len)) {
553 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
554 switch (msg->pld_lenfmt & 0x03) {
565 lfmt = 1; /* length format #1 */
567 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
568 *fcode = payload_hdr->func_val & 0xFFFF;
574 * Copy results from a type 86 ICA reply message back to user space.
576 * @zq: crypto device pointer
577 * @reply: reply AP message.
578 * @data: pointer to user output data
579 * @length: size of user output data
581 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
583 struct type86x_reply {
584 struct type86_hdr hdr;
585 struct type86_fmt2_ext fmt2;
587 unsigned char pad[4]; /* 4 byte function code/rules block ? */
588 unsigned short length;
592 struct type86_ep11_reply {
593 struct type86_hdr hdr;
594 struct type86_fmt2_ext fmt2;
595 struct ep11_cprb cprbx;
598 static int convert_type86_ica(struct zcrypt_queue *zq,
599 struct ap_message *reply,
600 char __user *outputdata,
601 unsigned int outputdatalength)
603 static unsigned char static_pad[] = {
605 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
606 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
607 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
608 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
609 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
610 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
611 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
612 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
613 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
614 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
615 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
616 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
617 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
618 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
619 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
620 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
621 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
622 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
623 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
624 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
625 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
626 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
627 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
628 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
629 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
630 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
631 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
632 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
633 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
634 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
635 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
636 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
638 struct type86x_reply *msg = reply->message;
639 unsigned short service_rc, service_rs;
640 unsigned int reply_len, pad_len;
643 service_rc = msg->cprbx.ccp_rtcode;
644 if (unlikely(service_rc != 0)) {
645 service_rs = msg->cprbx.ccp_rscode;
646 if ((service_rc == 8 && service_rs == 66) ||
647 (service_rc == 8 && service_rs == 65) ||
648 (service_rc == 8 && service_rs == 72) ||
649 (service_rc == 8 && service_rs == 770) ||
650 (service_rc == 12 && service_rs == 769)) {
651 ZCRYPT_DBF(DBF_DEBUG,
652 "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
653 AP_QID_CARD(zq->queue->qid),
654 AP_QID_QUEUE(zq->queue->qid),
655 (int) service_rc, (int) service_rs);
659 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
660 AP_QID_CARD(zq->queue->qid),
661 AP_QID_QUEUE(zq->queue->qid));
663 "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
664 AP_QID_CARD(zq->queue->qid),
665 AP_QID_QUEUE(zq->queue->qid),
666 (int) service_rc, (int) service_rs);
667 return -EAGAIN; /* repeat the request on a different device. */
670 reply_len = msg->length - 2;
671 if (reply_len > outputdatalength)
674 * For all encipher requests, the length of the ciphertext (reply_len)
675 * will always equal the modulus length. For MEX decipher requests
676 * the output needs to get padded. Minimum pad size is 10.
678 * Currently, the cases where padding will be added is for:
679 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
680 * ZERO-PAD and CRT is only supported for PKD requests)
683 pad_len = outputdatalength - reply_len;
687 /* 'restore' padding left in the CEXXC card. */
688 if (copy_to_user(outputdata, static_pad, pad_len - 1))
690 if (put_user(0, outputdata + pad_len - 1))
693 /* Copy the crypto response to user space. */
694 if (copy_to_user(outputdata + pad_len, data, reply_len))
700 * Copy results from a type 86 XCRB reply message back to user space.
702 * @zq: crypto device pointer
703 * @reply: reply AP message.
704 * @xcRB: pointer to XCRB
706 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
708 static int convert_type86_xcrb(struct zcrypt_queue *zq,
709 struct ap_message *reply,
710 struct ica_xcRB *xcRB)
712 struct type86_fmt2_msg *msg = reply->message;
713 char *data = reply->message;
715 /* Copy CPRB to user */
716 if (copy_to_user(xcRB->reply_control_blk_addr,
717 data + msg->fmt2.offset1, msg->fmt2.count1))
719 xcRB->reply_control_blk_length = msg->fmt2.count1;
721 /* Copy data buffer to user */
722 if (msg->fmt2.count2)
723 if (copy_to_user(xcRB->reply_data_addr,
724 data + msg->fmt2.offset2, msg->fmt2.count2))
726 xcRB->reply_data_length = msg->fmt2.count2;
731 * Copy results from a type 86 EP11 XCRB reply message back to user space.
733 * @zq: crypto device pointer
734 * @reply: reply AP message.
735 * @xcRB: pointer to EP11 user request block
737 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
739 static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq,
740 struct ap_message *reply,
741 struct ep11_urb *xcRB)
743 struct type86_fmt2_msg *msg = reply->message;
744 char *data = reply->message;
746 if (xcRB->resp_len < msg->fmt2.count1)
749 /* Copy response CPRB to user */
750 if (copy_to_user((char __force __user *)xcRB->resp,
751 data + msg->fmt2.offset1, msg->fmt2.count1))
753 xcRB->resp_len = msg->fmt2.count1;
757 static int convert_type86_rng(struct zcrypt_queue *zq,
758 struct ap_message *reply,
762 struct type86_hdr hdr;
763 struct type86_fmt2_ext fmt2;
765 } __packed * msg = reply->message;
766 char *data = reply->message;
768 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
770 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
771 return msg->fmt2.count2;
774 static int convert_response_ica(struct zcrypt_queue *zq,
775 struct ap_message *reply,
776 char __user *outputdata,
777 unsigned int outputdatalength)
779 struct type86x_reply *msg = reply->message;
781 switch (msg->hdr.type) {
782 case TYPE82_RSP_CODE:
783 case TYPE88_RSP_CODE:
784 return convert_error(zq, reply);
785 case TYPE86_RSP_CODE:
786 if (msg->cprbx.ccp_rtcode &&
787 (msg->cprbx.ccp_rscode == 0x14f) &&
788 (outputdatalength > 256)) {
789 if (zq->zcard->max_exp_bit_length <= 17) {
790 zq->zcard->max_exp_bit_length = 17;
795 if (msg->hdr.reply_code)
796 return convert_error(zq, reply);
797 if (msg->cprbx.cprb_ver_id == 0x02)
798 return convert_type86_ica(zq, reply,
799 outputdata, outputdatalength);
801 * Fall through, no break, incorrect cprb version is an unknown
804 default: /* Unknown response type, this should NEVER EVER happen */
806 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
807 AP_QID_CARD(zq->queue->qid),
808 AP_QID_QUEUE(zq->queue->qid));
810 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
811 AP_QID_CARD(zq->queue->qid),
812 AP_QID_QUEUE(zq->queue->qid),
813 (int) msg->hdr.type);
814 return -EAGAIN; /* repeat the request on a different device. */
818 static int convert_response_xcrb(struct zcrypt_queue *zq,
819 struct ap_message *reply,
820 struct ica_xcRB *xcRB)
822 struct type86x_reply *msg = reply->message;
824 switch (msg->hdr.type) {
825 case TYPE82_RSP_CODE:
826 case TYPE88_RSP_CODE:
827 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
828 return convert_error(zq, reply);
829 case TYPE86_RSP_CODE:
830 if (msg->hdr.reply_code) {
831 memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
832 return convert_error(zq, reply);
834 if (msg->cprbx.cprb_ver_id == 0x02)
835 return convert_type86_xcrb(zq, reply, xcRB);
837 * Fall through, no break, incorrect cprb version is an unknown
840 default: /* Unknown response type, this should NEVER EVER happen */
841 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
843 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
844 AP_QID_CARD(zq->queue->qid),
845 AP_QID_QUEUE(zq->queue->qid));
847 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
848 AP_QID_CARD(zq->queue->qid),
849 AP_QID_QUEUE(zq->queue->qid),
850 (int) msg->hdr.type);
851 return -EAGAIN; /* repeat the request on a different device. */
855 static int convert_response_ep11_xcrb(struct zcrypt_queue *zq,
856 struct ap_message *reply, struct ep11_urb *xcRB)
858 struct type86_ep11_reply *msg = reply->message;
860 switch (msg->hdr.type) {
861 case TYPE82_RSP_CODE:
862 case TYPE87_RSP_CODE:
863 return convert_error(zq, reply);
864 case TYPE86_RSP_CODE:
865 if (msg->hdr.reply_code)
866 return convert_error(zq, reply);
867 if (msg->cprbx.cprb_ver_id == 0x04)
868 return convert_type86_ep11_xcrb(zq, reply, xcRB);
869 /* Fall through, no break, incorrect cprb version is an unknown resp.*/
870 default: /* Unknown response type, this should NEVER EVER happen */
872 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
873 AP_QID_CARD(zq->queue->qid),
874 AP_QID_QUEUE(zq->queue->qid));
876 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
877 AP_QID_CARD(zq->queue->qid),
878 AP_QID_QUEUE(zq->queue->qid),
879 (int) msg->hdr.type);
880 return -EAGAIN; /* repeat the request on a different device. */
884 static int convert_response_rng(struct zcrypt_queue *zq,
885 struct ap_message *reply,
888 struct type86x_reply *msg = reply->message;
890 switch (msg->hdr.type) {
891 case TYPE82_RSP_CODE:
892 case TYPE88_RSP_CODE:
894 case TYPE86_RSP_CODE:
895 if (msg->hdr.reply_code)
897 if (msg->cprbx.cprb_ver_id == 0x02)
898 return convert_type86_rng(zq, reply, data);
900 * Fall through, no break, incorrect cprb version is an unknown
903 default: /* Unknown response type, this should NEVER EVER happen */
905 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
906 AP_QID_CARD(zq->queue->qid),
907 AP_QID_QUEUE(zq->queue->qid));
909 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
910 AP_QID_CARD(zq->queue->qid),
911 AP_QID_QUEUE(zq->queue->qid),
912 (int) msg->hdr.type);
913 return -EAGAIN; /* repeat the request on a different device. */
918 * This function is called from the AP bus code after a crypto request
919 * "msg" has finished with the reply message "reply".
920 * It is called from tasklet context.
921 * @aq: pointer to the AP queue
922 * @msg: pointer to the AP message
923 * @reply: pointer to the AP reply message
925 static void zcrypt_msgtype6_receive(struct ap_queue *aq,
926 struct ap_message *msg,
927 struct ap_message *reply)
929 static struct error_hdr error_reply = {
930 .type = TYPE82_RSP_CODE,
931 .reply_code = REP82_ERROR_MACHINE_FAILURE,
933 struct response_type *resp_type =
934 (struct response_type *) msg->private;
935 struct type86x_reply *t86r;
938 /* Copy the reply message to the request message buffer. */
940 goto out; /* ap_msg->rc indicates the error */
941 t86r = reply->message;
942 if (t86r->hdr.type == TYPE86_RSP_CODE &&
943 t86r->cprbx.cprb_ver_id == 0x02) {
944 switch (resp_type->type) {
945 case CEXXC_RESPONSE_TYPE_ICA:
946 length = sizeof(struct type86x_reply)
948 length = min(CEXXC_MAX_ICA_RESPONSE_SIZE, length);
949 memcpy(msg->message, reply->message, length);
951 case CEXXC_RESPONSE_TYPE_XCRB:
952 length = t86r->fmt2.offset2 + t86r->fmt2.count2;
953 length = min(MSGTYPE06_MAX_MSG_SIZE, length);
954 memcpy(msg->message, reply->message, length);
957 memcpy(msg->message, &error_reply,
958 sizeof(error_reply));
961 memcpy(msg->message, reply->message, sizeof(error_reply));
963 complete(&(resp_type->work));
967 * This function is called from the AP bus code after a crypto request
968 * "msg" has finished with the reply message "reply".
969 * It is called from tasklet context.
970 * @aq: pointer to the AP queue
971 * @msg: pointer to the AP message
972 * @reply: pointer to the AP reply message
974 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
975 struct ap_message *msg,
976 struct ap_message *reply)
978 static struct error_hdr error_reply = {
979 .type = TYPE82_RSP_CODE,
980 .reply_code = REP82_ERROR_MACHINE_FAILURE,
982 struct response_type *resp_type =
983 (struct response_type *)msg->private;
984 struct type86_ep11_reply *t86r;
987 /* Copy the reply message to the request message buffer. */
989 goto out; /* ap_msg->rc indicates the error */
990 t86r = reply->message;
991 if (t86r->hdr.type == TYPE86_RSP_CODE &&
992 t86r->cprbx.cprb_ver_id == 0x04) {
993 switch (resp_type->type) {
994 case CEXXC_RESPONSE_TYPE_EP11:
995 length = t86r->fmt2.offset1 + t86r->fmt2.count1;
996 length = min(MSGTYPE06_MAX_MSG_SIZE, length);
997 memcpy(msg->message, reply->message, length);
1000 memcpy(msg->message, &error_reply, sizeof(error_reply));
1003 memcpy(msg->message, reply->message, sizeof(error_reply));
1006 complete(&(resp_type->work));
1009 static atomic_t zcrypt_step = ATOMIC_INIT(0);
1012 * The request distributor calls this function if it picked the CEXxC
1013 * device to handle a modexpo request.
1014 * @zq: pointer to zcrypt_queue structure that identifies the
1015 * CEXxC device to the request distributor
1016 * @mex: pointer to the modexpo request buffer
1018 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1019 struct ica_rsa_modexpo *mex)
1021 struct ap_message ap_msg;
1022 struct response_type resp_type = {
1023 .type = CEXXC_RESPONSE_TYPE_ICA,
1027 ap_init_message(&ap_msg);
1028 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1029 if (!ap_msg.message)
1031 ap_msg.receive = zcrypt_msgtype6_receive;
1032 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1033 atomic_inc_return(&zcrypt_step);
1034 ap_msg.private = &resp_type;
1035 rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex);
1038 init_completion(&resp_type.work);
1039 ap_queue_message(zq->queue, &ap_msg);
1040 rc = wait_for_completion_interruptible(&resp_type.work);
1044 rc = convert_response_ica(zq, &ap_msg,
1046 mex->outputdatalength);
1048 /* Signal pending. */
1049 ap_cancel_message(zq->queue, &ap_msg);
1051 free_page((unsigned long) ap_msg.message);
1056 * The request distributor calls this function if it picked the CEXxC
1057 * device to handle a modexpo_crt request.
1058 * @zq: pointer to zcrypt_queue structure that identifies the
1059 * CEXxC device to the request distributor
1060 * @crt: pointer to the modexpoc_crt request buffer
1062 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1063 struct ica_rsa_modexpo_crt *crt)
1065 struct ap_message ap_msg;
1066 struct response_type resp_type = {
1067 .type = CEXXC_RESPONSE_TYPE_ICA,
1071 ap_init_message(&ap_msg);
1072 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1073 if (!ap_msg.message)
1075 ap_msg.receive = zcrypt_msgtype6_receive;
1076 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1077 atomic_inc_return(&zcrypt_step);
1078 ap_msg.private = &resp_type;
1079 rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt);
1082 init_completion(&resp_type.work);
1083 ap_queue_message(zq->queue, &ap_msg);
1084 rc = wait_for_completion_interruptible(&resp_type.work);
1088 rc = convert_response_ica(zq, &ap_msg,
1090 crt->outputdatalength);
1092 /* Signal pending. */
1093 ap_cancel_message(zq->queue, &ap_msg);
1096 free_page((unsigned long) ap_msg.message);
1101 * Fetch function code from cprb.
1102 * Extracting the fc requires to copy the cprb from userspace.
1103 * So this function allocates memory and needs an ap_msg prepared
1104 * by the caller with ap_init_message(). Also the caller has to
1105 * make sure ap_release_message() is always called even on failure.
1107 unsigned int get_cprb_fc(struct ica_xcRB *xcRB,
1108 struct ap_message *ap_msg,
1109 unsigned int *func_code, unsigned short **dom)
1111 struct response_type resp_type = {
1112 .type = CEXXC_RESPONSE_TYPE_XCRB,
1115 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1116 if (!ap_msg->message)
1118 ap_msg->receive = zcrypt_msgtype6_receive;
1119 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1120 atomic_inc_return(&zcrypt_step);
1121 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1122 if (!ap_msg->private)
1124 return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom);
1128 * The request distributor calls this function if it picked the CEXxC
1129 * device to handle a send_cprb request.
1130 * @zq: pointer to zcrypt_queue structure that identifies the
1131 * CEXxC device to the request distributor
1132 * @xcRB: pointer to the send_cprb request buffer
1134 static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq,
1135 struct ica_xcRB *xcRB,
1136 struct ap_message *ap_msg)
1139 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1141 init_completion(&rtype->work);
1142 ap_queue_message(zq->queue, ap_msg);
1143 rc = wait_for_completion_interruptible(&rtype->work);
1147 rc = convert_response_xcrb(zq, ap_msg, xcRB);
1149 /* Signal pending. */
1150 ap_cancel_message(zq->queue, ap_msg);
1156 * Fetch function code from ep11 cprb.
1157 * Extracting the fc requires to copy the ep11 cprb from userspace.
1158 * So this function allocates memory and needs an ap_msg prepared
1159 * by the caller with ap_init_message(). Also the caller has to
1160 * make sure ap_release_message() is always called even on failure.
1162 unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb,
1163 struct ap_message *ap_msg,
1164 unsigned int *func_code)
1166 struct response_type resp_type = {
1167 .type = CEXXC_RESPONSE_TYPE_EP11,
1170 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1171 if (!ap_msg->message)
1173 ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1174 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1175 atomic_inc_return(&zcrypt_step);
1176 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1177 if (!ap_msg->private)
1179 return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code);
1183 * The request distributor calls this function if it picked the CEX4P
1184 * device to handle a send_ep11_cprb request.
1185 * @zq: pointer to zcrypt_queue structure that identifies the
1186 * CEX4P device to the request distributor
1187 * @xcRB: pointer to the ep11 user request block
1189 static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq,
1190 struct ep11_urb *xcrb,
1191 struct ap_message *ap_msg)
1195 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1197 struct type6_hdr hdr;
1198 struct ep11_cprb cprbx;
1199 unsigned char pld_tag; /* fixed value 0x30 */
1200 unsigned char pld_lenfmt; /* payload length format */
1201 } __packed * msg = ap_msg->message;
1203 unsigned char func_tag; /* fixed value 0x4 */
1204 unsigned char func_len; /* fixed value 0x4 */
1205 unsigned int func_val; /* function ID */
1206 unsigned char dom_tag; /* fixed value 0x4 */
1207 unsigned char dom_len; /* fixed value 0x4 */
1208 unsigned int dom_val; /* domain id */
1209 } __packed * payload_hdr = NULL;
1213 * The target domain field within the cprb body/payload block will be
1214 * replaced by the usage domain for non-management commands only.
1215 * Therefore we check the first bit of the 'flags' parameter for
1216 * management command indication.
1217 * 0 - non management command
1218 * 1 - management command
1220 if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1221 msg->cprbx.target_id = (unsigned int)
1222 AP_QID_QUEUE(zq->queue->qid);
1224 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1225 switch (msg->pld_lenfmt & 0x03) {
1236 lfmt = 1; /* length format #1 */
1238 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
1239 payload_hdr->dom_val = (unsigned int)
1240 AP_QID_QUEUE(zq->queue->qid);
1243 init_completion(&rtype->work);
1244 ap_queue_message(zq->queue, ap_msg);
1245 rc = wait_for_completion_interruptible(&rtype->work);
1249 rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb);
1251 /* Signal pending. */
1252 ap_cancel_message(zq->queue, ap_msg);
1257 unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code,
1258 unsigned int *domain)
1260 struct response_type resp_type = {
1261 .type = CEXXC_RESPONSE_TYPE_XCRB,
1264 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1265 if (!ap_msg->message)
1267 ap_msg->receive = zcrypt_msgtype6_receive;
1268 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1269 atomic_inc_return(&zcrypt_step);
1270 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1271 if (!ap_msg->private)
1274 rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1281 * The request distributor calls this function if it picked the CEXxC
1282 * device to generate random data.
1283 * @zq: pointer to zcrypt_queue structure that identifies the
1284 * CEXxC device to the request distributor
1285 * @buffer: pointer to a memory page to return random data
1287 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1288 char *buffer, struct ap_message *ap_msg)
1291 struct type6_hdr hdr;
1293 char function_code[2];
1294 short int rule_length;
1296 short int verb_length;
1297 short int key_length;
1298 } __packed * msg = ap_msg->message;
1299 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1302 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1304 init_completion(&rtype->work);
1305 ap_queue_message(zq->queue, ap_msg);
1306 rc = wait_for_completion_interruptible(&rtype->work);
1310 rc = convert_response_rng(zq, ap_msg, buffer);
1312 /* Signal pending. */
1313 ap_cancel_message(zq->queue, ap_msg);
1319 * The crypto operations for a CEXxC card.
1321 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1322 .owner = THIS_MODULE,
1323 .name = MSGTYPE06_NAME,
1324 .variant = MSGTYPE06_VARIANT_NORNG,
1325 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1326 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1327 .send_cprb = zcrypt_msgtype6_send_cprb,
1330 static struct zcrypt_ops zcrypt_msgtype6_ops = {
1331 .owner = THIS_MODULE,
1332 .name = MSGTYPE06_NAME,
1333 .variant = MSGTYPE06_VARIANT_DEFAULT,
1334 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1335 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1336 .send_cprb = zcrypt_msgtype6_send_cprb,
1337 .rng = zcrypt_msgtype6_rng,
1340 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1341 .owner = THIS_MODULE,
1342 .name = MSGTYPE06_NAME,
1343 .variant = MSGTYPE06_VARIANT_EP11,
1344 .rsa_modexpo = NULL,
1345 .rsa_modexpo_crt = NULL,
1346 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1349 void __init zcrypt_msgtype6_init(void)
1351 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1352 zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1353 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1356 void __exit zcrypt_msgtype6_exit(void)
1358 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1359 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1360 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);