1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright IBM Corp. 2001, 2022
4 * Author(s): Robert Burroughs
13 #define KMSG_COMPONENT "zcrypt"
14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/err.h>
19 #include <linux/delay.h>
20 #include <linux/slab.h>
21 #include <linux/atomic.h>
22 #include <linux/uaccess.h>
25 #include "zcrypt_api.h"
26 #include "zcrypt_error.h"
27 #include "zcrypt_msgtype6.h"
28 #include "zcrypt_cca_key.h"
30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */
32 #define CEIL4(x) ((((x) + 3) / 4) * 4)
34 struct response_type {
35 struct completion work;
39 #define CEXXC_RESPONSE_TYPE_ICA 0
40 #define CEXXC_RESPONSE_TYPE_XCRB 1
41 #define CEXXC_RESPONSE_TYPE_EP11 2
43 MODULE_AUTHOR("IBM Corporation");
44 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
45 "Copyright IBM Corp. 2001, 2012");
46 MODULE_LICENSE("GPL");
48 struct function_and_rules_block {
49 unsigned char function_code[2];
51 unsigned char only_rule[8];
55 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP
56 * card in a type6 message. The 3 fields that must be filled in at execution
57 * time are req_parml, rpl_parml and usage_domain.
58 * Everything about this interface is ascii/big-endian, since the
59 * device does *not* have 'Intel inside'.
61 * The CPRBX is followed immediately by the parm block.
62 * The parm block contains:
63 * - function code ('PD' 0x5044 or 'PK' 0x504B)
64 * - rule block (one of:)
65 * + 0x000A 'PKCS-1.2' (MCL2 'PD')
66 * + 0x000A 'ZERO-PAD' (MCL2 'PK')
67 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
68 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK')
71 static const struct CPRBX static_cprbx = {
74 .func_id = {0x54, 0x32},
77 int speed_idx_cca(int req_type)
152 int speed_idx_ep11(int req_type)
183 * Convert a ICAMEX message to a type6 MEX message.
185 * @zq: crypto device pointer
186 * @ap_msg: pointer to AP message
187 * @mex: pointer to user input data
189 * Returns 0 on success or negative errno value.
191 static int icamex_msg_to_type6mex_msgx(struct zcrypt_queue *zq,
192 struct ap_message *ap_msg,
193 struct ica_rsa_modexpo *mex)
195 static struct type6_hdr static_type6_hdrX = {
197 .offset1 = 0x00000058,
198 .agent_id = {'C', 'A',},
199 .function_code = {'P', 'K'},
201 static struct function_and_rules_block static_pke_fnr = {
202 .function_code = {'P', 'K'},
204 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
207 struct type6_hdr hdr;
209 struct function_and_rules_block fr;
210 unsigned short length;
212 } __packed * msg = ap_msg->msg;
216 * The inputdatalength was a selection criteria in the dispatching
217 * function zcrypt_rsa_modexpo(). However, make sure the following
218 * copy_from_user() never exceeds the allocated buffer space.
220 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
224 msg->length = mex->inputdatalength + 2;
225 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
228 /* Set up key which is located after the variable length text. */
229 size = zcrypt_type6_mex_key_en(mex, msg->text + mex->inputdatalength);
232 size += sizeof(*msg) + mex->inputdatalength;
234 /* message header, cprbx and f&r */
235 msg->hdr = static_type6_hdrX;
236 msg->hdr.tocardlen1 = size - sizeof(msg->hdr);
237 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
239 msg->cprbx = static_cprbx;
240 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
241 msg->cprbx.rpl_msgbl = msg->hdr.fromcardlen1;
243 msg->fr = static_pke_fnr;
245 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
252 * Convert a ICACRT message to a type6 CRT message.
254 * @zq: crypto device pointer
255 * @ap_msg: pointer to AP message
256 * @crt: pointer to user input data
258 * Returns 0 on success or negative errno value.
260 static int icacrt_msg_to_type6crt_msgx(struct zcrypt_queue *zq,
261 struct ap_message *ap_msg,
262 struct ica_rsa_modexpo_crt *crt)
264 static struct type6_hdr static_type6_hdrX = {
266 .offset1 = 0x00000058,
267 .agent_id = {'C', 'A',},
268 .function_code = {'P', 'D'},
270 static struct function_and_rules_block static_pkd_fnr = {
271 .function_code = {'P', 'D'},
273 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
277 struct type6_hdr hdr;
279 struct function_and_rules_block fr;
280 unsigned short length;
282 } __packed * msg = ap_msg->msg;
286 * The inputdatalength was a selection criteria in the dispatching
287 * function zcrypt_rsa_crt(). However, make sure the following
288 * copy_from_user() never exceeds the allocated buffer space.
290 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
294 msg->length = crt->inputdatalength + 2;
295 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
298 /* Set up key which is located after the variable length text. */
299 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
302 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */
304 /* message header, cprbx and f&r */
305 msg->hdr = static_type6_hdrX;
306 msg->hdr.tocardlen1 = size - sizeof(msg->hdr);
307 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
309 msg->cprbx = static_cprbx;
310 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
311 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
312 size - sizeof(msg->hdr) - sizeof(msg->cprbx);
314 msg->fr = static_pkd_fnr;
321 * Convert a XCRB message to a type6 CPRB message.
323 * @zq: crypto device pointer
324 * @ap_msg: pointer to AP message
325 * @xcRB: pointer to user input data
327 * Returns 0 on success or -EFAULT, -EINVAL.
329 struct type86_fmt2_msg {
330 struct type86_hdr hdr;
331 struct type86_fmt2_ext fmt2;
334 static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg,
335 struct ica_xcRB *xcrb,
337 unsigned short **dom)
339 static struct type6_hdr static_type6_hdrX = {
341 .offset1 = 0x00000058,
344 struct type6_hdr hdr;
347 DECLARE_FLEX_ARRAY(u8, userdata);
349 } __packed * msg = ap_msg->msg;
351 int rcblen = CEIL4(xcrb->request_control_blk_length);
352 int req_sumlen, resp_sumlen;
353 char *req_data = ap_msg->msg + sizeof(struct type6_hdr) + rcblen;
356 if (CEIL4(xcrb->request_control_blk_length) <
357 xcrb->request_control_blk_length)
358 return -EINVAL; /* overflow after alignment*/
361 ap_msg->len = sizeof(struct type6_hdr) +
362 CEIL4(xcrb->request_control_blk_length) +
363 xcrb->request_data_length;
364 if (ap_msg->len > ap_msg->bufsize)
369 * sum must be greater (or equal) than the largest operand
371 req_sumlen = CEIL4(xcrb->request_control_blk_length) +
372 xcrb->request_data_length;
373 if ((CEIL4(xcrb->request_control_blk_length) <=
374 xcrb->request_data_length) ?
375 req_sumlen < xcrb->request_data_length :
376 req_sumlen < CEIL4(xcrb->request_control_blk_length)) {
380 if (CEIL4(xcrb->reply_control_blk_length) <
381 xcrb->reply_control_blk_length)
382 return -EINVAL; /* overflow after alignment*/
386 * sum must be greater (or equal) than the largest operand
388 resp_sumlen = CEIL4(xcrb->reply_control_blk_length) +
389 xcrb->reply_data_length;
390 if ((CEIL4(xcrb->reply_control_blk_length) <=
391 xcrb->reply_data_length) ?
392 resp_sumlen < xcrb->reply_data_length :
393 resp_sumlen < CEIL4(xcrb->reply_control_blk_length)) {
397 /* prepare type6 header */
398 msg->hdr = static_type6_hdrX;
399 memcpy(msg->hdr.agent_id, &xcrb->agent_ID, sizeof(xcrb->agent_ID));
400 msg->hdr.tocardlen1 = xcrb->request_control_blk_length;
401 if (xcrb->request_data_length) {
402 msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
403 msg->hdr.tocardlen2 = xcrb->request_data_length;
405 msg->hdr.fromcardlen1 = xcrb->reply_control_blk_length;
406 msg->hdr.fromcardlen2 = xcrb->reply_data_length;
409 if (z_copy_from_user(userspace, msg->userdata,
410 xcrb->request_control_blk_addr,
411 xcrb->request_control_blk_length))
413 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
414 xcrb->request_control_blk_length)
416 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
417 memcpy(msg->hdr.function_code, function_code,
418 sizeof(msg->hdr.function_code));
420 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
421 *dom = (unsigned short *)&msg->cprbx.domain;
423 /* check subfunction, US and AU need special flag with NQAP */
424 if (memcmp(function_code, "US", 2) == 0 ||
425 memcmp(function_code, "AU", 2) == 0)
426 ap_msg->flags |= AP_MSG_FLAG_SPECIAL;
428 #ifdef CONFIG_ZCRYPT_DEBUG
429 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL)
430 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL;
433 /* check CPRB minor version, set info bits in ap_message flag field */
434 switch (*(unsigned short *)(&msg->cprbx.func_id[0])) {
435 case 0x5432: /* "T2" */
436 ap_msg->flags |= AP_MSG_FLAG_USAGE;
438 case 0x5433: /* "T3" */
439 case 0x5435: /* "T5" */
440 case 0x5436: /* "T6" */
441 case 0x5437: /* "T7" */
442 ap_msg->flags |= AP_MSG_FLAG_ADMIN;
445 ZCRYPT_DBF_DBG("%s unknown CPRB minor version '%c%c'\n",
446 __func__, msg->cprbx.func_id[0],
447 msg->cprbx.func_id[1]);
450 /* copy data block */
451 if (xcrb->request_data_length &&
452 z_copy_from_user(userspace, req_data, xcrb->request_data_address,
453 xcrb->request_data_length))
459 static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap_msg,
460 struct ep11_urb *xcrb,
462 unsigned int *domain)
465 static struct type6_hdr static_type6_ep11_hdr = {
467 .rqid = {0x00, 0x01},
468 .function_code = {0x00, 0x00},
469 .agent_id[0] = 0x58, /* {'X'} */
470 .agent_id[1] = 0x43, /* {'C'} */
471 .offset1 = 0x00000058,
475 struct type6_hdr hdr;
478 struct ep11_cprb cprbx;
479 unsigned char pld_tag; /* fixed value 0x30 */
480 unsigned char pld_lenfmt; /* length format */
482 DECLARE_FLEX_ARRAY(u8, userdata);
484 } __packed * msg = ap_msg->msg;
487 unsigned char func_tag; /* fixed value 0x4 */
488 unsigned char func_len; /* fixed value 0x4 */
489 unsigned int func_val; /* function ID */
490 unsigned char dom_tag; /* fixed value 0x4 */
491 unsigned char dom_len; /* fixed value 0x4 */
492 unsigned int dom_val; /* domain id */
493 } __packed * payload_hdr = NULL;
495 if (CEIL4(xcrb->req_len) < xcrb->req_len)
496 return -EINVAL; /* overflow after alignment*/
499 ap_msg->len = sizeof(struct type6_hdr) + CEIL4(xcrb->req_len);
500 if (ap_msg->len > ap_msg->bufsize)
503 if (CEIL4(xcrb->resp_len) < xcrb->resp_len)
504 return -EINVAL; /* overflow after alignment*/
506 /* prepare type6 header */
507 msg->hdr = static_type6_ep11_hdr;
508 msg->hdr.tocardlen1 = xcrb->req_len;
509 msg->hdr.fromcardlen1 = xcrb->resp_len;
511 /* Import CPRB data from the ioctl input parameter */
512 if (z_copy_from_user(userspace, msg->userdata,
513 (char __force __user *)xcrb->req, xcrb->req_len)) {
517 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
518 switch (msg->pld_lenfmt & 0x03) {
529 lfmt = 1; /* length format #1 */
531 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt);
532 *fcode = payload_hdr->func_val & 0xFFFF;
534 /* enable special processing based on the cprbs flags special bit */
535 if (msg->cprbx.flags & 0x20)
536 ap_msg->flags |= AP_MSG_FLAG_SPECIAL;
538 #ifdef CONFIG_ZCRYPT_DEBUG
539 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL)
540 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL;
543 /* set info bits in ap_message flag field */
544 if (msg->cprbx.flags & 0x80)
545 ap_msg->flags |= AP_MSG_FLAG_ADMIN;
547 ap_msg->flags |= AP_MSG_FLAG_USAGE;
549 *domain = msg->cprbx.target_id;
555 * Copy results from a type 86 ICA reply message back to user space.
557 * @zq: crypto device pointer
558 * @reply: reply AP message.
559 * @data: pointer to user output data
560 * @length: size of user output data
562 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
564 struct type86x_reply {
565 struct type86_hdr hdr;
566 struct type86_fmt2_ext fmt2;
568 unsigned char pad[4]; /* 4 byte function code/rules block ? */
569 unsigned short length;
573 struct type86_ep11_reply {
574 struct type86_hdr hdr;
575 struct type86_fmt2_ext fmt2;
576 struct ep11_cprb cprbx;
579 static int convert_type86_ica(struct zcrypt_queue *zq,
580 struct ap_message *reply,
581 char __user *outputdata,
582 unsigned int outputdatalength)
584 static unsigned char static_pad[] = {
586 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
587 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
588 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
589 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
590 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
591 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
592 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
593 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
594 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
595 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
596 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
597 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
598 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
599 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
600 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
601 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
602 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
603 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
604 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
605 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
606 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
607 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
608 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
609 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
610 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
611 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
612 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
613 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
614 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
615 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
616 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
617 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
619 struct type86x_reply *msg = reply->msg;
620 unsigned short service_rc, service_rs;
621 unsigned int reply_len, pad_len;
624 service_rc = msg->cprbx.ccp_rtcode;
625 if (unlikely(service_rc != 0)) {
626 service_rs = msg->cprbx.ccp_rscode;
627 if ((service_rc == 8 && service_rs == 66) ||
628 (service_rc == 8 && service_rs == 65) ||
629 (service_rc == 8 && service_rs == 72) ||
630 (service_rc == 8 && service_rs == 770) ||
631 (service_rc == 12 && service_rs == 769)) {
632 ZCRYPT_DBF_WARN("%s dev=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
633 __func__, AP_QID_CARD(zq->queue->qid),
634 AP_QID_QUEUE(zq->queue->qid),
635 (int)service_rc, (int)service_rs);
639 pr_err("Crypto dev=%02x.%04x rc/rs=%d/%d online=0 rc=EAGAIN\n",
640 AP_QID_CARD(zq->queue->qid),
641 AP_QID_QUEUE(zq->queue->qid),
642 (int)service_rc, (int)service_rs);
643 ZCRYPT_DBF_ERR("%s dev=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
644 __func__, AP_QID_CARD(zq->queue->qid),
645 AP_QID_QUEUE(zq->queue->qid),
646 (int)service_rc, (int)service_rs);
647 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
651 reply_len = msg->length - 2;
652 if (reply_len > outputdatalength)
655 * For all encipher requests, the length of the ciphertext (reply_len)
656 * will always equal the modulus length. For MEX decipher requests
657 * the output needs to get padded. Minimum pad size is 10.
659 * Currently, the cases where padding will be added is for:
660 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
661 * ZERO-PAD and CRT is only supported for PKD requests)
664 pad_len = outputdatalength - reply_len;
668 /* 'restore' padding left in the CEXXC card. */
669 if (copy_to_user(outputdata, static_pad, pad_len - 1))
671 if (put_user(0, outputdata + pad_len - 1))
674 /* Copy the crypto response to user space. */
675 if (copy_to_user(outputdata + pad_len, data, reply_len))
681 * Copy results from a type 86 XCRB reply message back to user space.
683 * @zq: crypto device pointer
684 * @reply: reply AP message.
685 * @xcrb: pointer to XCRB
687 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
689 static int convert_type86_xcrb(bool userspace, struct zcrypt_queue *zq,
690 struct ap_message *reply,
691 struct ica_xcRB *xcrb)
693 struct type86_fmt2_msg *msg = reply->msg;
694 char *data = reply->msg;
696 /* Copy CPRB to user */
697 if (xcrb->reply_control_blk_length < msg->fmt2.count1) {
698 ZCRYPT_DBF_DBG("%s reply_control_blk_length %u < required %u => EMSGSIZE\n",
699 __func__, xcrb->reply_control_blk_length,
703 if (z_copy_to_user(userspace, xcrb->reply_control_blk_addr,
704 data + msg->fmt2.offset1, msg->fmt2.count1))
706 xcrb->reply_control_blk_length = msg->fmt2.count1;
708 /* Copy data buffer to user */
709 if (msg->fmt2.count2) {
710 if (xcrb->reply_data_length < msg->fmt2.count2) {
711 ZCRYPT_DBF_DBG("%s reply_data_length %u < required %u => EMSGSIZE\n",
712 __func__, xcrb->reply_data_length,
716 if (z_copy_to_user(userspace, xcrb->reply_data_addr,
717 data + msg->fmt2.offset2, msg->fmt2.count2))
720 xcrb->reply_data_length = msg->fmt2.count2;
726 * Copy results from a type 86 EP11 XCRB reply message back to user space.
728 * @zq: crypto device pointer
729 * @reply: reply AP message.
730 * @xcrb: pointer to EP11 user request block
732 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
734 static int convert_type86_ep11_xcrb(bool userspace, struct zcrypt_queue *zq,
735 struct ap_message *reply,
736 struct ep11_urb *xcrb)
738 struct type86_fmt2_msg *msg = reply->msg;
739 char *data = reply->msg;
741 if (xcrb->resp_len < msg->fmt2.count1) {
742 ZCRYPT_DBF_DBG("%s resp_len %u < required %u => EMSGSIZE\n",
743 __func__, (unsigned int)xcrb->resp_len,
748 /* Copy response CPRB to user */
749 if (z_copy_to_user(userspace, (char __force __user *)xcrb->resp,
750 data + msg->fmt2.offset1, msg->fmt2.count1))
752 xcrb->resp_len = msg->fmt2.count1;
756 static int convert_type86_rng(struct zcrypt_queue *zq,
757 struct ap_message *reply,
761 struct type86_hdr hdr;
762 struct type86_fmt2_ext fmt2;
764 } __packed * msg = reply->msg;
765 char *data = reply->msg;
767 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
769 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
770 return msg->fmt2.count2;
773 static int convert_response_ica(struct zcrypt_queue *zq,
774 struct ap_message *reply,
775 char __user *outputdata,
776 unsigned int outputdatalength)
778 struct type86x_reply *msg = reply->msg;
780 switch (msg->hdr.type) {
781 case TYPE82_RSP_CODE:
782 case TYPE88_RSP_CODE:
783 return convert_error(zq, reply);
784 case TYPE86_RSP_CODE:
785 if (msg->cprbx.ccp_rtcode &&
786 msg->cprbx.ccp_rscode == 0x14f &&
787 outputdatalength > 256) {
788 if (zq->zcard->max_exp_bit_length <= 17) {
789 zq->zcard->max_exp_bit_length = 17;
795 if (msg->hdr.reply_code)
796 return convert_error(zq, reply);
797 if (msg->cprbx.cprb_ver_id == 0x02)
798 return convert_type86_ica(zq, reply,
799 outputdata, outputdatalength);
800 fallthrough; /* wrong cprb version is an unknown response */
802 /* Unknown response type, this should NEVER EVER happen */
804 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
805 AP_QID_CARD(zq->queue->qid),
806 AP_QID_QUEUE(zq->queue->qid),
809 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
810 __func__, AP_QID_CARD(zq->queue->qid),
811 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type);
812 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
817 static int convert_response_xcrb(bool userspace, struct zcrypt_queue *zq,
818 struct ap_message *reply,
819 struct ica_xcRB *xcrb)
821 struct type86x_reply *msg = reply->msg;
823 switch (msg->hdr.type) {
824 case TYPE82_RSP_CODE:
825 case TYPE88_RSP_CODE:
826 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */
827 return convert_error(zq, reply);
828 case TYPE86_RSP_CODE:
829 if (msg->hdr.reply_code) {
830 memcpy(&xcrb->status, msg->fmt2.apfs, sizeof(u32));
831 return convert_error(zq, reply);
833 if (msg->cprbx.cprb_ver_id == 0x02)
834 return convert_type86_xcrb(userspace, zq, reply, xcrb);
835 fallthrough; /* wrong cprb version is an unknown response */
836 default: /* Unknown response type, this should NEVER EVER happen */
837 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */
839 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
840 AP_QID_CARD(zq->queue->qid),
841 AP_QID_QUEUE(zq->queue->qid),
844 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
845 __func__, AP_QID_CARD(zq->queue->qid),
846 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type);
847 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
852 static int convert_response_ep11_xcrb(bool userspace, struct zcrypt_queue *zq,
853 struct ap_message *reply, struct ep11_urb *xcrb)
855 struct type86_ep11_reply *msg = reply->msg;
857 switch (msg->hdr.type) {
858 case TYPE82_RSP_CODE:
859 case TYPE87_RSP_CODE:
860 return convert_error(zq, reply);
861 case TYPE86_RSP_CODE:
862 if (msg->hdr.reply_code)
863 return convert_error(zq, reply);
864 if (msg->cprbx.cprb_ver_id == 0x04)
865 return convert_type86_ep11_xcrb(userspace, zq, reply, xcrb);
866 fallthrough; /* wrong cprb version is an unknown resp */
867 default: /* Unknown response type, this should NEVER EVER happen */
869 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
870 AP_QID_CARD(zq->queue->qid),
871 AP_QID_QUEUE(zq->queue->qid),
874 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
875 __func__, AP_QID_CARD(zq->queue->qid),
876 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type);
877 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
882 static int convert_response_rng(struct zcrypt_queue *zq,
883 struct ap_message *reply,
886 struct type86x_reply *msg = reply->msg;
888 switch (msg->hdr.type) {
889 case TYPE82_RSP_CODE:
890 case TYPE88_RSP_CODE:
892 case TYPE86_RSP_CODE:
893 if (msg->hdr.reply_code)
895 if (msg->cprbx.cprb_ver_id == 0x02)
896 return convert_type86_rng(zq, reply, data);
897 fallthrough; /* wrong cprb version is an unknown response */
898 default: /* Unknown response type, this should NEVER EVER happen */
900 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
901 AP_QID_CARD(zq->queue->qid),
902 AP_QID_QUEUE(zq->queue->qid),
905 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
906 __func__, AP_QID_CARD(zq->queue->qid),
907 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type);
908 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
914 * This function is called from the AP bus code after a crypto request
915 * "msg" has finished with the reply message "reply".
916 * It is called from tasklet context.
917 * @aq: pointer to the AP queue
918 * @msg: pointer to the AP message
919 * @reply: pointer to the AP reply message
921 static void zcrypt_msgtype6_receive(struct ap_queue *aq,
922 struct ap_message *msg,
923 struct ap_message *reply)
925 static struct error_hdr error_reply = {
926 .type = TYPE82_RSP_CODE,
927 .reply_code = REP82_ERROR_MACHINE_FAILURE,
929 struct response_type *resp_type =
930 (struct response_type *)msg->private;
931 struct type86x_reply *t86r;
934 /* Copy the reply message to the request message buffer. */
936 goto out; /* ap_msg->rc indicates the error */
938 if (t86r->hdr.type == TYPE86_RSP_CODE &&
939 t86r->cprbx.cprb_ver_id == 0x02) {
940 switch (resp_type->type) {
941 case CEXXC_RESPONSE_TYPE_ICA:
942 len = sizeof(struct type86x_reply) + t86r->length - 2;
943 if (len > reply->bufsize || len > msg->bufsize) {
946 memcpy(msg->msg, reply->msg, len);
950 case CEXXC_RESPONSE_TYPE_XCRB:
951 len = t86r->fmt2.offset2 + t86r->fmt2.count2;
952 if (len > reply->bufsize || len > msg->bufsize) {
955 memcpy(msg->msg, reply->msg, len);
960 memcpy(msg->msg, &error_reply, sizeof(error_reply));
963 memcpy(msg->msg, reply->msg, sizeof(error_reply));
966 complete(&resp_type->work);
970 * This function is called from the AP bus code after a crypto request
971 * "msg" has finished with the reply message "reply".
972 * It is called from tasklet context.
973 * @aq: pointer to the AP queue
974 * @msg: pointer to the AP message
975 * @reply: pointer to the AP reply message
977 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
978 struct ap_message *msg,
979 struct ap_message *reply)
981 static struct error_hdr error_reply = {
982 .type = TYPE82_RSP_CODE,
983 .reply_code = REP82_ERROR_MACHINE_FAILURE,
985 struct response_type *resp_type =
986 (struct response_type *)msg->private;
987 struct type86_ep11_reply *t86r;
990 /* Copy the reply message to the request message buffer. */
992 goto out; /* ap_msg->rc indicates the error */
994 if (t86r->hdr.type == TYPE86_RSP_CODE &&
995 t86r->cprbx.cprb_ver_id == 0x04) {
996 switch (resp_type->type) {
997 case CEXXC_RESPONSE_TYPE_EP11:
998 len = t86r->fmt2.offset1 + t86r->fmt2.count1;
999 if (len > reply->bufsize || len > msg->bufsize) {
1000 msg->rc = -EMSGSIZE;
1002 memcpy(msg->msg, reply->msg, len);
1007 memcpy(msg->msg, &error_reply, sizeof(error_reply));
1010 memcpy(msg->msg, reply->msg, sizeof(error_reply));
1013 complete(&resp_type->work);
1016 static atomic_t zcrypt_step = ATOMIC_INIT(0);
1019 * The request distributor calls this function if it picked the CEXxC
1020 * device to handle a modexpo request.
1021 * @zq: pointer to zcrypt_queue structure that identifies the
1022 * CEXxC device to the request distributor
1023 * @mex: pointer to the modexpo request buffer
1025 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1026 struct ica_rsa_modexpo *mex,
1027 struct ap_message *ap_msg)
1029 struct response_type resp_type = {
1030 .type = CEXXC_RESPONSE_TYPE_ICA,
1034 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL);
1037 ap_msg->bufsize = PAGE_SIZE;
1038 ap_msg->receive = zcrypt_msgtype6_receive;
1039 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1040 atomic_inc_return(&zcrypt_step);
1041 ap_msg->private = &resp_type;
1042 rc = icamex_msg_to_type6mex_msgx(zq, ap_msg, mex);
1045 init_completion(&resp_type.work);
1046 rc = ap_queue_message(zq->queue, ap_msg);
1049 rc = wait_for_completion_interruptible(&resp_type.work);
1053 rc = convert_response_ica(zq, ap_msg,
1055 mex->outputdatalength);
1057 /* Signal pending. */
1058 ap_cancel_message(zq->queue, ap_msg);
1062 free_page((unsigned long)ap_msg->msg);
1063 ap_msg->private = NULL;
1069 * The request distributor calls this function if it picked the CEXxC
1070 * device to handle a modexpo_crt request.
1071 * @zq: pointer to zcrypt_queue structure that identifies the
1072 * CEXxC device to the request distributor
1073 * @crt: pointer to the modexpoc_crt request buffer
1075 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1076 struct ica_rsa_modexpo_crt *crt,
1077 struct ap_message *ap_msg)
1079 struct response_type resp_type = {
1080 .type = CEXXC_RESPONSE_TYPE_ICA,
1084 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL);
1087 ap_msg->bufsize = PAGE_SIZE;
1088 ap_msg->receive = zcrypt_msgtype6_receive;
1089 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1090 atomic_inc_return(&zcrypt_step);
1091 ap_msg->private = &resp_type;
1092 rc = icacrt_msg_to_type6crt_msgx(zq, ap_msg, crt);
1095 init_completion(&resp_type.work);
1096 rc = ap_queue_message(zq->queue, ap_msg);
1099 rc = wait_for_completion_interruptible(&resp_type.work);
1103 rc = convert_response_ica(zq, ap_msg,
1105 crt->outputdatalength);
1107 /* Signal pending. */
1108 ap_cancel_message(zq->queue, ap_msg);
1112 free_page((unsigned long)ap_msg->msg);
1113 ap_msg->private = NULL;
1119 * Prepare a CCA AP msg request.
1120 * Prepare a CCA AP msg: fetch the required data from userspace,
1121 * prepare the AP msg, fill some info into the ap_message struct,
1122 * extract some data from the CPRB and give back to the caller.
1123 * This function allocates memory and needs an ap_msg prepared
1124 * by the caller with ap_init_message(). Also the caller has to
1125 * make sure ap_release_message() is always called even on failure.
1127 int prep_cca_ap_msg(bool userspace, struct ica_xcRB *xcrb,
1128 struct ap_message *ap_msg,
1129 unsigned int *func_code, unsigned short **dom)
1131 struct response_type resp_type = {
1132 .type = CEXXC_RESPONSE_TYPE_XCRB,
1135 ap_msg->bufsize = atomic_read(&ap_max_msg_size);
1136 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL);
1139 ap_msg->receive = zcrypt_msgtype6_receive;
1140 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1141 atomic_inc_return(&zcrypt_step);
1142 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1143 if (!ap_msg->private)
1145 return xcrb_msg_to_type6cprb_msgx(userspace, ap_msg, xcrb, func_code, dom);
1149 * The request distributor calls this function if it picked the CEXxC
1150 * device to handle a send_cprb request.
1151 * @zq: pointer to zcrypt_queue structure that identifies the
1152 * CEXxC device to the request distributor
1153 * @xcrb: pointer to the send_cprb request buffer
1155 static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq,
1156 struct ica_xcRB *xcrb,
1157 struct ap_message *ap_msg)
1160 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1162 struct type6_hdr hdr;
1164 /* ... more data blocks ... */
1165 } __packed * msg = ap_msg->msg;
1168 * Set the queue's reply buffer length minus 128 byte padding
1169 * as reply limit for the card firmware.
1171 msg->hdr.fromcardlen1 = min_t(unsigned int, msg->hdr.fromcardlen1,
1172 zq->reply.bufsize - 128);
1173 if (msg->hdr.fromcardlen2)
1174 msg->hdr.fromcardlen2 =
1175 zq->reply.bufsize - msg->hdr.fromcardlen1 - 128;
1177 init_completion(&rtype->work);
1178 rc = ap_queue_message(zq->queue, ap_msg);
1181 rc = wait_for_completion_interruptible(&rtype->work);
1185 rc = convert_response_xcrb(userspace, zq, ap_msg, xcrb);
1187 /* Signal pending. */
1188 ap_cancel_message(zq->queue, ap_msg);
1193 ZCRYPT_DBF_DBG("%s send cprb at dev=%02x.%04x rc=%d\n",
1194 __func__, AP_QID_CARD(zq->queue->qid),
1195 AP_QID_QUEUE(zq->queue->qid), rc);
1200 * Prepare an EP11 AP msg request.
1201 * Prepare an EP11 AP msg: fetch the required data from userspace,
1202 * prepare the AP msg, fill some info into the ap_message struct,
1203 * extract some data from the CPRB and give back to the caller.
1204 * This function allocates memory and needs an ap_msg prepared
1205 * by the caller with ap_init_message(). Also the caller has to
1206 * make sure ap_release_message() is always called even on failure.
1208 int prep_ep11_ap_msg(bool userspace, struct ep11_urb *xcrb,
1209 struct ap_message *ap_msg,
1210 unsigned int *func_code, unsigned int *domain)
1212 struct response_type resp_type = {
1213 .type = CEXXC_RESPONSE_TYPE_EP11,
1216 ap_msg->bufsize = atomic_read(&ap_max_msg_size);
1217 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL);
1220 ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1221 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1222 atomic_inc_return(&zcrypt_step);
1223 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1224 if (!ap_msg->private)
1226 return xcrb_msg_to_type6_ep11cprb_msgx(userspace, ap_msg, xcrb,
1231 * The request distributor calls this function if it picked the CEX4P
1232 * device to handle a send_ep11_cprb request.
1233 * @zq: pointer to zcrypt_queue structure that identifies the
1234 * CEX4P device to the request distributor
1235 * @xcrb: pointer to the ep11 user request block
1237 static long zcrypt_msgtype6_send_ep11_cprb(bool userspace, struct zcrypt_queue *zq,
1238 struct ep11_urb *xcrb,
1239 struct ap_message *ap_msg)
1243 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1245 struct type6_hdr hdr;
1246 struct ep11_cprb cprbx;
1247 unsigned char pld_tag; /* fixed value 0x30 */
1248 unsigned char pld_lenfmt; /* payload length format */
1249 } __packed * msg = ap_msg->msg;
1251 unsigned char func_tag; /* fixed value 0x4 */
1252 unsigned char func_len; /* fixed value 0x4 */
1253 unsigned int func_val; /* function ID */
1254 unsigned char dom_tag; /* fixed value 0x4 */
1255 unsigned char dom_len; /* fixed value 0x4 */
1256 unsigned int dom_val; /* domain id */
1257 } __packed * payload_hdr = NULL;
1260 * The target domain field within the cprb body/payload block will be
1261 * replaced by the usage domain for non-management commands only.
1262 * Therefore we check the first bit of the 'flags' parameter for
1263 * management command indication.
1264 * 0 - non management command
1265 * 1 - management command
1267 if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1268 msg->cprbx.target_id = (unsigned int)
1269 AP_QID_QUEUE(zq->queue->qid);
1271 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1272 switch (msg->pld_lenfmt & 0x03) {
1283 lfmt = 1; /* length format #1 */
1285 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt);
1286 payload_hdr->dom_val = (unsigned int)
1287 AP_QID_QUEUE(zq->queue->qid);
1291 * Set the queue's reply buffer length minus the two prepend headers
1292 * as reply limit for the card firmware.
1294 msg->hdr.fromcardlen1 = zq->reply.bufsize -
1295 sizeof(struct type86_hdr) - sizeof(struct type86_fmt2_ext);
1297 init_completion(&rtype->work);
1298 rc = ap_queue_message(zq->queue, ap_msg);
1301 rc = wait_for_completion_interruptible(&rtype->work);
1305 rc = convert_response_ep11_xcrb(userspace, zq, ap_msg, xcrb);
1307 /* Signal pending. */
1308 ap_cancel_message(zq->queue, ap_msg);
1313 ZCRYPT_DBF_DBG("%s send cprb at dev=%02x.%04x rc=%d\n",
1314 __func__, AP_QID_CARD(zq->queue->qid),
1315 AP_QID_QUEUE(zq->queue->qid), rc);
1319 int prep_rng_ap_msg(struct ap_message *ap_msg, int *func_code,
1320 unsigned int *domain)
1322 struct response_type resp_type = {
1323 .type = CEXXC_RESPONSE_TYPE_XCRB,
1326 ap_msg->bufsize = AP_DEFAULT_MAX_MSG_SIZE;
1327 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL);
1330 ap_msg->receive = zcrypt_msgtype6_receive;
1331 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1332 atomic_inc_return(&zcrypt_step);
1333 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1334 if (!ap_msg->private)
1337 rng_type6cprb_msgx(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1344 * The request distributor calls this function if it picked the CEXxC
1345 * device to generate random data.
1346 * @zq: pointer to zcrypt_queue structure that identifies the
1347 * CEXxC device to the request distributor
1348 * @buffer: pointer to a memory page to return random data
1350 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1351 char *buffer, struct ap_message *ap_msg)
1354 struct type6_hdr hdr;
1356 char function_code[2];
1357 short int rule_length;
1359 short int verb_length;
1360 short int key_length;
1361 } __packed * msg = ap_msg->msg;
1362 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1365 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1367 init_completion(&rtype->work);
1368 rc = ap_queue_message(zq->queue, ap_msg);
1371 rc = wait_for_completion_interruptible(&rtype->work);
1375 rc = convert_response_rng(zq, ap_msg, buffer);
1377 /* Signal pending. */
1378 ap_cancel_message(zq->queue, ap_msg);
1385 * The crypto operations for a CEXxC card.
1387 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1388 .owner = THIS_MODULE,
1389 .name = MSGTYPE06_NAME,
1390 .variant = MSGTYPE06_VARIANT_NORNG,
1391 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1392 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1393 .send_cprb = zcrypt_msgtype6_send_cprb,
1396 static struct zcrypt_ops zcrypt_msgtype6_ops = {
1397 .owner = THIS_MODULE,
1398 .name = MSGTYPE06_NAME,
1399 .variant = MSGTYPE06_VARIANT_DEFAULT,
1400 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1401 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1402 .send_cprb = zcrypt_msgtype6_send_cprb,
1403 .rng = zcrypt_msgtype6_rng,
1406 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1407 .owner = THIS_MODULE,
1408 .name = MSGTYPE06_NAME,
1409 .variant = MSGTYPE06_VARIANT_EP11,
1410 .rsa_modexpo = NULL,
1411 .rsa_modexpo_crt = NULL,
1412 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1415 void __init zcrypt_msgtype6_init(void)
1417 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1418 zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1419 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1422 void __exit zcrypt_msgtype6_exit(void)
1424 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1425 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1426 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
projects / linux.git / blob