1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright IBM Corp. 2001, 2012
4 * Author(s): Robert Burroughs
13 #define KMSG_COMPONENT "zcrypt"
14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/err.h>
19 #include <linux/delay.h>
20 #include <linux/slab.h>
21 #include <linux/atomic.h>
22 #include <linux/uaccess.h>
25 #include "zcrypt_api.h"
26 #include "zcrypt_error.h"
27 #include "zcrypt_msgtype6.h"
28 #include "zcrypt_cca_key.h"
30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */
32 #define CEIL4(x) ((((x)+3)/4)*4)
34 struct response_type {
35 struct completion work;
38 #define CEXXC_RESPONSE_TYPE_ICA 0
39 #define CEXXC_RESPONSE_TYPE_XCRB 1
40 #define CEXXC_RESPONSE_TYPE_EP11 2
42 MODULE_AUTHOR("IBM Corporation");
43 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
44 "Copyright IBM Corp. 2001, 2012");
45 MODULE_LICENSE("GPL");
49 * Note that all shorts, ints and longs are little-endian.
50 * All pointer fields are 32-bits long, and mean nothing
52 * A request CPRB is followed by a request_parameter_block.
54 * The request (or reply) parameter block is organized thus:
60 unsigned short cprb_len; /* CPRB length */
61 unsigned char cprb_ver_id; /* CPRB version id. */
62 unsigned char pad_000; /* Alignment pad byte. */
63 unsigned char srpi_rtcode[4]; /* SRPI return code LELONG */
64 unsigned char srpi_verb; /* SRPI verb type */
65 unsigned char flags; /* flags */
66 unsigned char func_id[2]; /* function id */
67 unsigned char checkpoint_flag; /* */
68 unsigned char resv2; /* reserved */
69 unsigned short req_parml; /* request parameter buffer */
70 /* length 16-bit little endian */
71 unsigned char req_parmp[4]; /* request parameter buffer *
72 * pointer (means nothing: the *
73 * parameter buffer follows *
75 unsigned char req_datal[4]; /* request data buffer */
77 unsigned char req_datap[4]; /* request data buffer */
79 unsigned short rpl_parml; /* reply parameter buffer */
80 /* length 16-bit little endian */
81 unsigned char pad_001[2]; /* Alignment pad bytes. ULESHORT */
82 unsigned char rpl_parmp[4]; /* reply parameter buffer *
83 * pointer (means nothing: the *
84 * parameter buffer follows *
86 unsigned char rpl_datal[4]; /* reply data buffer len ULELONG */
87 unsigned char rpl_datap[4]; /* reply data buffer */
89 unsigned short ccp_rscode; /* server reason code ULESHORT */
90 unsigned short ccp_rtcode; /* server return code ULESHORT */
91 unsigned char repd_parml[2]; /* replied parameter len ULESHORT*/
92 unsigned char mac_data_len[2]; /* Mac Data Length ULESHORT */
93 unsigned char repd_datal[4]; /* replied data length ULELONG */
94 unsigned char req_pc[2]; /* PC identifier */
95 unsigned char res_origin[8]; /* resource origin */
96 unsigned char mac_value[8]; /* Mac Value */
97 unsigned char logon_id[8]; /* Logon Identifier */
98 unsigned char usage_domain[2]; /* cdx */
99 unsigned char resv3[18]; /* reserved for requestor */
100 unsigned short svr_namel; /* server name length ULESHORT */
101 unsigned char svr_name[8]; /* server name */
104 struct function_and_rules_block {
105 unsigned char function_code[2];
107 unsigned char only_rule[8];
111 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP
112 * card in a type6 message. The 3 fields that must be filled in at execution
113 * time are req_parml, rpl_parml and usage_domain.
114 * Everything about this interface is ascii/big-endian, since the
115 * device does *not* have 'Intel inside'.
117 * The CPRBX is followed immediately by the parm block.
118 * The parm block contains:
119 * - function code ('PD' 0x5044 or 'PK' 0x504B)
120 * - rule block (one of:)
121 * + 0x000A 'PKCS-1.2' (MCL2 'PD')
122 * + 0x000A 'ZERO-PAD' (MCL2 'PK')
123 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
124 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK')
127 static const struct CPRBX static_cprbx = {
130 .func_id = {0x54, 0x32},
133 int speed_idx_cca(int req_type)
208 int speed_idx_ep11(int req_type)
240 * Convert a ICAMEX message to a type6 MEX message.
242 * @zq: crypto device pointer
243 * @ap_msg: pointer to AP message
244 * @mex: pointer to user input data
246 * Returns 0 on success or negative errno value.
248 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq,
249 struct ap_message *ap_msg,
250 struct ica_rsa_modexpo *mex)
252 static struct type6_hdr static_type6_hdrX = {
254 .offset1 = 0x00000058,
255 .agent_id = {'C', 'A',},
256 .function_code = {'P', 'K'},
258 static struct function_and_rules_block static_pke_fnr = {
259 .function_code = {'P', 'K'},
261 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
264 struct type6_hdr hdr;
266 struct function_and_rules_block fr;
267 unsigned short length;
269 } __packed * msg = ap_msg->message;
273 * The inputdatalength was a selection criteria in the dispatching
274 * function zcrypt_rsa_modexpo(). However, make sure the following
275 * copy_from_user() never exceeds the allocated buffer space.
277 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
281 msg->length = mex->inputdatalength + 2;
282 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
285 /* Set up key which is located after the variable length text. */
286 size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength);
289 size += sizeof(*msg) + mex->inputdatalength;
291 /* message header, cprbx and f&r */
292 msg->hdr = static_type6_hdrX;
293 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
294 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
296 msg->cprbx = static_cprbx;
297 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
298 msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
300 msg->fr = static_pke_fnr;
302 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
304 ap_msg->length = size;
309 * Convert a ICACRT message to a type6 CRT message.
311 * @zq: crypto device pointer
312 * @ap_msg: pointer to AP message
313 * @crt: pointer to user input data
315 * Returns 0 on success or negative errno value.
317 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq,
318 struct ap_message *ap_msg,
319 struct ica_rsa_modexpo_crt *crt)
321 static struct type6_hdr static_type6_hdrX = {
323 .offset1 = 0x00000058,
324 .agent_id = {'C', 'A',},
325 .function_code = {'P', 'D'},
327 static struct function_and_rules_block static_pkd_fnr = {
328 .function_code = {'P', 'D'},
330 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
334 struct type6_hdr hdr;
336 struct function_and_rules_block fr;
337 unsigned short length;
339 } __packed * msg = ap_msg->message;
343 * The inputdatalength was a selection criteria in the dispatching
344 * function zcrypt_rsa_crt(). However, make sure the following
345 * copy_from_user() never exceeds the allocated buffer space.
347 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
351 msg->length = crt->inputdatalength + 2;
352 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
355 /* Set up key which is located after the variable length text. */
356 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
359 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */
361 /* message header, cprbx and f&r */
362 msg->hdr = static_type6_hdrX;
363 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
364 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
366 msg->cprbx = static_cprbx;
367 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
368 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
369 size - sizeof(msg->hdr) - sizeof(msg->cprbx);
371 msg->fr = static_pkd_fnr;
373 ap_msg->length = size;
378 * Convert a XCRB message to a type6 CPRB message.
380 * @zq: crypto device pointer
381 * @ap_msg: pointer to AP message
382 * @xcRB: pointer to user input data
384 * Returns 0 on success or -EFAULT, -EINVAL.
386 struct type86_fmt2_msg {
387 struct type86_hdr hdr;
388 struct type86_fmt2_ext fmt2;
391 static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg,
392 struct ica_xcRB *xcRB,
394 unsigned short **dom)
396 static struct type6_hdr static_type6_hdrX = {
398 .offset1 = 0x00000058,
401 struct type6_hdr hdr;
403 } __packed * msg = ap_msg->message;
405 int rcblen = CEIL4(xcRB->request_control_blk_length);
406 int replylen, req_sumlen, resp_sumlen;
407 char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen;
410 if (CEIL4(xcRB->request_control_blk_length) <
411 xcRB->request_control_blk_length)
412 return -EINVAL; /* overflow after alignment*/
415 ap_msg->length = sizeof(struct type6_hdr) +
416 CEIL4(xcRB->request_control_blk_length) +
417 xcRB->request_data_length;
418 if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE)
423 * sum must be greater (or equal) than the largest operand
425 req_sumlen = CEIL4(xcRB->request_control_blk_length) +
426 xcRB->request_data_length;
427 if ((CEIL4(xcRB->request_control_blk_length) <=
428 xcRB->request_data_length) ?
429 (req_sumlen < xcRB->request_data_length) :
430 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
434 if (CEIL4(xcRB->reply_control_blk_length) <
435 xcRB->reply_control_blk_length)
436 return -EINVAL; /* overflow after alignment*/
438 replylen = sizeof(struct type86_fmt2_msg) +
439 CEIL4(xcRB->reply_control_blk_length) +
440 xcRB->reply_data_length;
441 if (replylen > MSGTYPE06_MAX_MSG_SIZE)
446 * sum must be greater (or equal) than the largest operand
448 resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
449 xcRB->reply_data_length;
450 if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
451 (resp_sumlen < xcRB->reply_data_length) :
452 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
456 /* prepare type6 header */
457 msg->hdr = static_type6_hdrX;
458 memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
459 msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
460 if (xcRB->request_data_length) {
461 msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
462 msg->hdr.ToCardLen2 = xcRB->request_data_length;
464 msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
465 msg->hdr.FromCardLen2 = xcRB->reply_data_length;
468 if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr,
469 xcRB->request_control_blk_length))
471 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
472 xcRB->request_control_blk_length)
474 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
475 memcpy(msg->hdr.function_code, function_code,
476 sizeof(msg->hdr.function_code));
478 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
479 *dom = (unsigned short *)&msg->cprbx.domain;
481 if (memcmp(function_code, "US", 2) == 0
482 || memcmp(function_code, "AU", 2) == 0)
487 /* copy data block */
488 if (xcRB->request_data_length &&
489 copy_from_user(req_data, xcRB->request_data_address,
490 xcRB->request_data_length))
496 static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg,
497 struct ep11_urb *xcRB,
501 static struct type6_hdr static_type6_ep11_hdr = {
503 .rqid = {0x00, 0x01},
504 .function_code = {0x00, 0x00},
505 .agent_id[0] = 0x58, /* {'X'} */
506 .agent_id[1] = 0x43, /* {'C'} */
507 .offset1 = 0x00000058,
511 struct type6_hdr hdr;
512 struct ep11_cprb cprbx;
513 unsigned char pld_tag; /* fixed value 0x30 */
514 unsigned char pld_lenfmt; /* payload length format */
515 } __packed * msg = ap_msg->message;
518 unsigned char func_tag; /* fixed value 0x4 */
519 unsigned char func_len; /* fixed value 0x4 */
520 unsigned int func_val; /* function ID */
521 unsigned char dom_tag; /* fixed value 0x4 */
522 unsigned char dom_len; /* fixed value 0x4 */
523 unsigned int dom_val; /* domain id */
524 } __packed * payload_hdr = NULL;
526 if (CEIL4(xcRB->req_len) < xcRB->req_len)
527 return -EINVAL; /* overflow after alignment*/
530 ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len;
531 if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
532 (sizeof(struct type6_hdr)))
535 if (CEIL4(xcRB->resp_len) < xcRB->resp_len)
536 return -EINVAL; /* overflow after alignment*/
538 if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
539 (sizeof(struct type86_fmt2_msg)))
542 /* prepare type6 header */
543 msg->hdr = static_type6_ep11_hdr;
544 msg->hdr.ToCardLen1 = xcRB->req_len;
545 msg->hdr.FromCardLen1 = xcRB->resp_len;
547 /* Import CPRB data from the ioctl input parameter */
548 if (copy_from_user(&(msg->cprbx.cprb_len),
549 (char __force __user *)xcRB->req, xcRB->req_len)) {
553 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
554 switch (msg->pld_lenfmt & 0x03) {
565 lfmt = 1; /* length format #1 */
567 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
568 *fcode = payload_hdr->func_val & 0xFFFF;
570 /* enable special processing based on the cprbs flags special bit */
571 if (msg->cprbx.flags & 0x20)
578 * Copy results from a type 86 ICA reply message back to user space.
580 * @zq: crypto device pointer
581 * @reply: reply AP message.
582 * @data: pointer to user output data
583 * @length: size of user output data
585 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
587 struct type86x_reply {
588 struct type86_hdr hdr;
589 struct type86_fmt2_ext fmt2;
591 unsigned char pad[4]; /* 4 byte function code/rules block ? */
592 unsigned short length;
596 struct type86_ep11_reply {
597 struct type86_hdr hdr;
598 struct type86_fmt2_ext fmt2;
599 struct ep11_cprb cprbx;
602 static int convert_type86_ica(struct zcrypt_queue *zq,
603 struct ap_message *reply,
604 char __user *outputdata,
605 unsigned int outputdatalength)
607 static unsigned char static_pad[] = {
609 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
610 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
611 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
612 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
613 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
614 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
615 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
616 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
617 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
618 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
619 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
620 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
621 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
622 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
623 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
624 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
625 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
626 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
627 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
628 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
629 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
630 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
631 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
632 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
633 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
634 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
635 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
636 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
637 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
638 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
639 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
640 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
642 struct type86x_reply *msg = reply->message;
643 unsigned short service_rc, service_rs;
644 unsigned int reply_len, pad_len;
647 service_rc = msg->cprbx.ccp_rtcode;
648 if (unlikely(service_rc != 0)) {
649 service_rs = msg->cprbx.ccp_rscode;
650 if ((service_rc == 8 && service_rs == 66) ||
651 (service_rc == 8 && service_rs == 65) ||
652 (service_rc == 8 && service_rs == 72) ||
653 (service_rc == 8 && service_rs == 770) ||
654 (service_rc == 12 && service_rs == 769)) {
655 ZCRYPT_DBF(DBF_DEBUG,
656 "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
657 AP_QID_CARD(zq->queue->qid),
658 AP_QID_QUEUE(zq->queue->qid),
659 (int) service_rc, (int) service_rs);
663 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
664 AP_QID_CARD(zq->queue->qid),
665 AP_QID_QUEUE(zq->queue->qid));
667 "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
668 AP_QID_CARD(zq->queue->qid),
669 AP_QID_QUEUE(zq->queue->qid),
670 (int) service_rc, (int) service_rs);
671 return -EAGAIN; /* repeat the request on a different device. */
674 reply_len = msg->length - 2;
675 if (reply_len > outputdatalength)
678 * For all encipher requests, the length of the ciphertext (reply_len)
679 * will always equal the modulus length. For MEX decipher requests
680 * the output needs to get padded. Minimum pad size is 10.
682 * Currently, the cases where padding will be added is for:
683 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
684 * ZERO-PAD and CRT is only supported for PKD requests)
687 pad_len = outputdatalength - reply_len;
691 /* 'restore' padding left in the CEXXC card. */
692 if (copy_to_user(outputdata, static_pad, pad_len - 1))
694 if (put_user(0, outputdata + pad_len - 1))
697 /* Copy the crypto response to user space. */
698 if (copy_to_user(outputdata + pad_len, data, reply_len))
704 * Copy results from a type 86 XCRB reply message back to user space.
706 * @zq: crypto device pointer
707 * @reply: reply AP message.
708 * @xcRB: pointer to XCRB
710 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
712 static int convert_type86_xcrb(struct zcrypt_queue *zq,
713 struct ap_message *reply,
714 struct ica_xcRB *xcRB)
716 struct type86_fmt2_msg *msg = reply->message;
717 char *data = reply->message;
719 /* Copy CPRB to user */
720 if (copy_to_user(xcRB->reply_control_blk_addr,
721 data + msg->fmt2.offset1, msg->fmt2.count1))
723 xcRB->reply_control_blk_length = msg->fmt2.count1;
725 /* Copy data buffer to user */
726 if (msg->fmt2.count2)
727 if (copy_to_user(xcRB->reply_data_addr,
728 data + msg->fmt2.offset2, msg->fmt2.count2))
730 xcRB->reply_data_length = msg->fmt2.count2;
735 * Copy results from a type 86 EP11 XCRB reply message back to user space.
737 * @zq: crypto device pointer
738 * @reply: reply AP message.
739 * @xcRB: pointer to EP11 user request block
741 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
743 static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq,
744 struct ap_message *reply,
745 struct ep11_urb *xcRB)
747 struct type86_fmt2_msg *msg = reply->message;
748 char *data = reply->message;
750 if (xcRB->resp_len < msg->fmt2.count1)
753 /* Copy response CPRB to user */
754 if (copy_to_user((char __force __user *)xcRB->resp,
755 data + msg->fmt2.offset1, msg->fmt2.count1))
757 xcRB->resp_len = msg->fmt2.count1;
761 static int convert_type86_rng(struct zcrypt_queue *zq,
762 struct ap_message *reply,
766 struct type86_hdr hdr;
767 struct type86_fmt2_ext fmt2;
769 } __packed * msg = reply->message;
770 char *data = reply->message;
772 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
774 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
775 return msg->fmt2.count2;
778 static int convert_response_ica(struct zcrypt_queue *zq,
779 struct ap_message *reply,
780 char __user *outputdata,
781 unsigned int outputdatalength)
783 struct type86x_reply *msg = reply->message;
785 switch (msg->hdr.type) {
786 case TYPE82_RSP_CODE:
787 case TYPE88_RSP_CODE:
788 return convert_error(zq, reply);
789 case TYPE86_RSP_CODE:
790 if (msg->cprbx.ccp_rtcode &&
791 (msg->cprbx.ccp_rscode == 0x14f) &&
792 (outputdatalength > 256)) {
793 if (zq->zcard->max_exp_bit_length <= 17) {
794 zq->zcard->max_exp_bit_length = 17;
799 if (msg->hdr.reply_code)
800 return convert_error(zq, reply);
801 if (msg->cprbx.cprb_ver_id == 0x02)
802 return convert_type86_ica(zq, reply,
803 outputdata, outputdatalength);
804 /* fall through - wrong cprb version is an unknown response */
805 default: /* Unknown response type, this should NEVER EVER happen */
807 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
808 AP_QID_CARD(zq->queue->qid),
809 AP_QID_QUEUE(zq->queue->qid));
811 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
812 AP_QID_CARD(zq->queue->qid),
813 AP_QID_QUEUE(zq->queue->qid),
814 (int) msg->hdr.type);
815 return -EAGAIN; /* repeat the request on a different device. */
819 static int convert_response_xcrb(struct zcrypt_queue *zq,
820 struct ap_message *reply,
821 struct ica_xcRB *xcRB)
823 struct type86x_reply *msg = reply->message;
825 switch (msg->hdr.type) {
826 case TYPE82_RSP_CODE:
827 case TYPE88_RSP_CODE:
828 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
829 return convert_error(zq, reply);
830 case TYPE86_RSP_CODE:
831 if (msg->hdr.reply_code) {
832 memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
833 return convert_error(zq, reply);
835 if (msg->cprbx.cprb_ver_id == 0x02)
836 return convert_type86_xcrb(zq, reply, xcRB);
837 /* fall through - wrong cprb version is an unknown response */
838 default: /* Unknown response type, this should NEVER EVER happen */
839 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
841 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
842 AP_QID_CARD(zq->queue->qid),
843 AP_QID_QUEUE(zq->queue->qid));
845 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
846 AP_QID_CARD(zq->queue->qid),
847 AP_QID_QUEUE(zq->queue->qid),
848 (int) msg->hdr.type);
849 return -EAGAIN; /* repeat the request on a different device. */
853 static int convert_response_ep11_xcrb(struct zcrypt_queue *zq,
854 struct ap_message *reply, struct ep11_urb *xcRB)
856 struct type86_ep11_reply *msg = reply->message;
858 switch (msg->hdr.type) {
859 case TYPE82_RSP_CODE:
860 case TYPE87_RSP_CODE:
861 return convert_error(zq, reply);
862 case TYPE86_RSP_CODE:
863 if (msg->hdr.reply_code)
864 return convert_error(zq, reply);
865 if (msg->cprbx.cprb_ver_id == 0x04)
866 return convert_type86_ep11_xcrb(zq, reply, xcRB);
867 /* fall through - wrong cprb version is an unknown resp */
868 default: /* Unknown response type, this should NEVER EVER happen */
870 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
871 AP_QID_CARD(zq->queue->qid),
872 AP_QID_QUEUE(zq->queue->qid));
874 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
875 AP_QID_CARD(zq->queue->qid),
876 AP_QID_QUEUE(zq->queue->qid),
877 (int) msg->hdr.type);
878 return -EAGAIN; /* repeat the request on a different device. */
882 static int convert_response_rng(struct zcrypt_queue *zq,
883 struct ap_message *reply,
886 struct type86x_reply *msg = reply->message;
888 switch (msg->hdr.type) {
889 case TYPE82_RSP_CODE:
890 case TYPE88_RSP_CODE:
892 case TYPE86_RSP_CODE:
893 if (msg->hdr.reply_code)
895 if (msg->cprbx.cprb_ver_id == 0x02)
896 return convert_type86_rng(zq, reply, data);
897 /* fall through - wrong cprb version is an unknown response */
898 default: /* Unknown response type, this should NEVER EVER happen */
900 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
901 AP_QID_CARD(zq->queue->qid),
902 AP_QID_QUEUE(zq->queue->qid));
904 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
905 AP_QID_CARD(zq->queue->qid),
906 AP_QID_QUEUE(zq->queue->qid),
907 (int) msg->hdr.type);
908 return -EAGAIN; /* repeat the request on a different device. */
913 * This function is called from the AP bus code after a crypto request
914 * "msg" has finished with the reply message "reply".
915 * It is called from tasklet context.
916 * @aq: pointer to the AP queue
917 * @msg: pointer to the AP message
918 * @reply: pointer to the AP reply message
920 static void zcrypt_msgtype6_receive(struct ap_queue *aq,
921 struct ap_message *msg,
922 struct ap_message *reply)
924 static struct error_hdr error_reply = {
925 .type = TYPE82_RSP_CODE,
926 .reply_code = REP82_ERROR_MACHINE_FAILURE,
928 struct response_type *resp_type =
929 (struct response_type *) msg->private;
930 struct type86x_reply *t86r;
933 /* Copy the reply message to the request message buffer. */
935 goto out; /* ap_msg->rc indicates the error */
936 t86r = reply->message;
937 if (t86r->hdr.type == TYPE86_RSP_CODE &&
938 t86r->cprbx.cprb_ver_id == 0x02) {
939 switch (resp_type->type) {
940 case CEXXC_RESPONSE_TYPE_ICA:
941 length = sizeof(struct type86x_reply)
943 length = min(CEXXC_MAX_ICA_RESPONSE_SIZE, length);
944 memcpy(msg->message, reply->message, length);
946 case CEXXC_RESPONSE_TYPE_XCRB:
947 length = t86r->fmt2.offset2 + t86r->fmt2.count2;
948 length = min(MSGTYPE06_MAX_MSG_SIZE, length);
949 memcpy(msg->message, reply->message, length);
952 memcpy(msg->message, &error_reply,
953 sizeof(error_reply));
956 memcpy(msg->message, reply->message, sizeof(error_reply));
958 complete(&(resp_type->work));
962 * This function is called from the AP bus code after a crypto request
963 * "msg" has finished with the reply message "reply".
964 * It is called from tasklet context.
965 * @aq: pointer to the AP queue
966 * @msg: pointer to the AP message
967 * @reply: pointer to the AP reply message
969 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
970 struct ap_message *msg,
971 struct ap_message *reply)
973 static struct error_hdr error_reply = {
974 .type = TYPE82_RSP_CODE,
975 .reply_code = REP82_ERROR_MACHINE_FAILURE,
977 struct response_type *resp_type =
978 (struct response_type *)msg->private;
979 struct type86_ep11_reply *t86r;
982 /* Copy the reply message to the request message buffer. */
984 goto out; /* ap_msg->rc indicates the error */
985 t86r = reply->message;
986 if (t86r->hdr.type == TYPE86_RSP_CODE &&
987 t86r->cprbx.cprb_ver_id == 0x04) {
988 switch (resp_type->type) {
989 case CEXXC_RESPONSE_TYPE_EP11:
990 length = t86r->fmt2.offset1 + t86r->fmt2.count1;
991 length = min(MSGTYPE06_MAX_MSG_SIZE, length);
992 memcpy(msg->message, reply->message, length);
995 memcpy(msg->message, &error_reply, sizeof(error_reply));
998 memcpy(msg->message, reply->message, sizeof(error_reply));
1001 complete(&(resp_type->work));
1004 static atomic_t zcrypt_step = ATOMIC_INIT(0);
1007 * The request distributor calls this function if it picked the CEXxC
1008 * device to handle a modexpo request.
1009 * @zq: pointer to zcrypt_queue structure that identifies the
1010 * CEXxC device to the request distributor
1011 * @mex: pointer to the modexpo request buffer
1013 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1014 struct ica_rsa_modexpo *mex)
1016 struct ap_message ap_msg;
1017 struct response_type resp_type = {
1018 .type = CEXXC_RESPONSE_TYPE_ICA,
1022 ap_init_message(&ap_msg);
1023 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1024 if (!ap_msg.message)
1026 ap_msg.receive = zcrypt_msgtype6_receive;
1027 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1028 atomic_inc_return(&zcrypt_step);
1029 ap_msg.private = &resp_type;
1030 rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex);
1033 init_completion(&resp_type.work);
1034 ap_queue_message(zq->queue, &ap_msg);
1035 rc = wait_for_completion_interruptible(&resp_type.work);
1039 rc = convert_response_ica(zq, &ap_msg,
1041 mex->outputdatalength);
1043 /* Signal pending. */
1044 ap_cancel_message(zq->queue, &ap_msg);
1046 free_page((unsigned long) ap_msg.message);
1051 * The request distributor calls this function if it picked the CEXxC
1052 * device to handle a modexpo_crt request.
1053 * @zq: pointer to zcrypt_queue structure that identifies the
1054 * CEXxC device to the request distributor
1055 * @crt: pointer to the modexpoc_crt request buffer
1057 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1058 struct ica_rsa_modexpo_crt *crt)
1060 struct ap_message ap_msg;
1061 struct response_type resp_type = {
1062 .type = CEXXC_RESPONSE_TYPE_ICA,
1066 ap_init_message(&ap_msg);
1067 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1068 if (!ap_msg.message)
1070 ap_msg.receive = zcrypt_msgtype6_receive;
1071 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1072 atomic_inc_return(&zcrypt_step);
1073 ap_msg.private = &resp_type;
1074 rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt);
1077 init_completion(&resp_type.work);
1078 ap_queue_message(zq->queue, &ap_msg);
1079 rc = wait_for_completion_interruptible(&resp_type.work);
1083 rc = convert_response_ica(zq, &ap_msg,
1085 crt->outputdatalength);
1087 /* Signal pending. */
1088 ap_cancel_message(zq->queue, &ap_msg);
1091 free_page((unsigned long) ap_msg.message);
1096 * Fetch function code from cprb.
1097 * Extracting the fc requires to copy the cprb from userspace.
1098 * So this function allocates memory and needs an ap_msg prepared
1099 * by the caller with ap_init_message(). Also the caller has to
1100 * make sure ap_release_message() is always called even on failure.
1102 unsigned int get_cprb_fc(struct ica_xcRB *xcRB,
1103 struct ap_message *ap_msg,
1104 unsigned int *func_code, unsigned short **dom)
1106 struct response_type resp_type = {
1107 .type = CEXXC_RESPONSE_TYPE_XCRB,
1110 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1111 if (!ap_msg->message)
1113 ap_msg->receive = zcrypt_msgtype6_receive;
1114 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1115 atomic_inc_return(&zcrypt_step);
1116 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1117 if (!ap_msg->private)
1119 return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom);
1123 * The request distributor calls this function if it picked the CEXxC
1124 * device to handle a send_cprb request.
1125 * @zq: pointer to zcrypt_queue structure that identifies the
1126 * CEXxC device to the request distributor
1127 * @xcRB: pointer to the send_cprb request buffer
1129 static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq,
1130 struct ica_xcRB *xcRB,
1131 struct ap_message *ap_msg)
1134 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1136 init_completion(&rtype->work);
1137 ap_queue_message(zq->queue, ap_msg);
1138 rc = wait_for_completion_interruptible(&rtype->work);
1142 rc = convert_response_xcrb(zq, ap_msg, xcRB);
1144 /* Signal pending. */
1145 ap_cancel_message(zq->queue, ap_msg);
1151 * Fetch function code from ep11 cprb.
1152 * Extracting the fc requires to copy the ep11 cprb from userspace.
1153 * So this function allocates memory and needs an ap_msg prepared
1154 * by the caller with ap_init_message(). Also the caller has to
1155 * make sure ap_release_message() is always called even on failure.
1157 unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb,
1158 struct ap_message *ap_msg,
1159 unsigned int *func_code)
1161 struct response_type resp_type = {
1162 .type = CEXXC_RESPONSE_TYPE_EP11,
1165 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1166 if (!ap_msg->message)
1168 ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1169 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1170 atomic_inc_return(&zcrypt_step);
1171 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1172 if (!ap_msg->private)
1174 return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code);
1178 * The request distributor calls this function if it picked the CEX4P
1179 * device to handle a send_ep11_cprb request.
1180 * @zq: pointer to zcrypt_queue structure that identifies the
1181 * CEX4P device to the request distributor
1182 * @xcRB: pointer to the ep11 user request block
1184 static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq,
1185 struct ep11_urb *xcrb,
1186 struct ap_message *ap_msg)
1190 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1192 struct type6_hdr hdr;
1193 struct ep11_cprb cprbx;
1194 unsigned char pld_tag; /* fixed value 0x30 */
1195 unsigned char pld_lenfmt; /* payload length format */
1196 } __packed * msg = ap_msg->message;
1198 unsigned char func_tag; /* fixed value 0x4 */
1199 unsigned char func_len; /* fixed value 0x4 */
1200 unsigned int func_val; /* function ID */
1201 unsigned char dom_tag; /* fixed value 0x4 */
1202 unsigned char dom_len; /* fixed value 0x4 */
1203 unsigned int dom_val; /* domain id */
1204 } __packed * payload_hdr = NULL;
1208 * The target domain field within the cprb body/payload block will be
1209 * replaced by the usage domain for non-management commands only.
1210 * Therefore we check the first bit of the 'flags' parameter for
1211 * management command indication.
1212 * 0 - non management command
1213 * 1 - management command
1215 if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1216 msg->cprbx.target_id = (unsigned int)
1217 AP_QID_QUEUE(zq->queue->qid);
1219 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1220 switch (msg->pld_lenfmt & 0x03) {
1231 lfmt = 1; /* length format #1 */
1233 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
1234 payload_hdr->dom_val = (unsigned int)
1235 AP_QID_QUEUE(zq->queue->qid);
1238 init_completion(&rtype->work);
1239 ap_queue_message(zq->queue, ap_msg);
1240 rc = wait_for_completion_interruptible(&rtype->work);
1244 rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb);
1246 /* Signal pending. */
1247 ap_cancel_message(zq->queue, ap_msg);
1252 unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code,
1253 unsigned int *domain)
1255 struct response_type resp_type = {
1256 .type = CEXXC_RESPONSE_TYPE_XCRB,
1259 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1260 if (!ap_msg->message)
1262 ap_msg->receive = zcrypt_msgtype6_receive;
1263 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1264 atomic_inc_return(&zcrypt_step);
1265 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1266 if (!ap_msg->private)
1269 rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1276 * The request distributor calls this function if it picked the CEXxC
1277 * device to generate random data.
1278 * @zq: pointer to zcrypt_queue structure that identifies the
1279 * CEXxC device to the request distributor
1280 * @buffer: pointer to a memory page to return random data
1282 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1283 char *buffer, struct ap_message *ap_msg)
1286 struct type6_hdr hdr;
1288 char function_code[2];
1289 short int rule_length;
1291 short int verb_length;
1292 short int key_length;
1293 } __packed * msg = ap_msg->message;
1294 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1297 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1299 init_completion(&rtype->work);
1300 ap_queue_message(zq->queue, ap_msg);
1301 rc = wait_for_completion_interruptible(&rtype->work);
1305 rc = convert_response_rng(zq, ap_msg, buffer);
1307 /* Signal pending. */
1308 ap_cancel_message(zq->queue, ap_msg);
1314 * The crypto operations for a CEXxC card.
1316 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1317 .owner = THIS_MODULE,
1318 .name = MSGTYPE06_NAME,
1319 .variant = MSGTYPE06_VARIANT_NORNG,
1320 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1321 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1322 .send_cprb = zcrypt_msgtype6_send_cprb,
1325 static struct zcrypt_ops zcrypt_msgtype6_ops = {
1326 .owner = THIS_MODULE,
1327 .name = MSGTYPE06_NAME,
1328 .variant = MSGTYPE06_VARIANT_DEFAULT,
1329 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1330 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1331 .send_cprb = zcrypt_msgtype6_send_cprb,
1332 .rng = zcrypt_msgtype6_rng,
1335 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1336 .owner = THIS_MODULE,
1337 .name = MSGTYPE06_NAME,
1338 .variant = MSGTYPE06_VARIANT_EP11,
1339 .rsa_modexpo = NULL,
1340 .rsa_modexpo_crt = NULL,
1341 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1344 void __init zcrypt_msgtype6_init(void)
1346 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1347 zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1348 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1351 void __exit zcrypt_msgtype6_exit(void)
1353 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1354 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1355 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
projects / linux.git / blob