1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2012 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * 7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 9 * Ralph Wuerthner <rwuerthn@de.ibm.com> 10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 11 */ 12 13 #define KMSG_COMPONENT "zcrypt" 14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 15 16 #include <linux/module.h> 17 #include <linux/init.h> 18 #include <linux/err.h> 19 #include <linux/delay.h> 20 #include <linux/slab.h> 21 #include <linux/atomic.h> 22 #include <linux/uaccess.h> 23 24 #include "ap_bus.h" 25 #include "zcrypt_api.h" 26 #include "zcrypt_error.h" 27 #include "zcrypt_msgtype6.h" 28 #include "zcrypt_cca_key.h" 29 30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */ 31 32 #define CEIL4(x) ((((x)+3)/4)*4) 33 34 struct response_type { 35 struct completion work; 36 int type; 37 }; 38 #define CEXXC_RESPONSE_TYPE_ICA 0 39 #define CEXXC_RESPONSE_TYPE_XCRB 1 40 #define CEXXC_RESPONSE_TYPE_EP11 2 41 42 MODULE_AUTHOR("IBM Corporation"); 43 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \ 44 "Copyright IBM Corp. 2001, 2012"); 45 MODULE_LICENSE("GPL"); 46 47 /* 48 * CPRB 49 * Note that all shorts, ints and longs are little-endian. 50 * All pointer fields are 32-bits long, and mean nothing 51 * 52 * A request CPRB is followed by a request_parameter_block. 53 * 54 * The request (or reply) parameter block is organized thus: 55 * function code 56 * VUD block 57 * key block 58 */ 59 struct CPRB { 60 unsigned short cprb_len; /* CPRB length */ 61 unsigned char cprb_ver_id; /* CPRB version id. */ 62 unsigned char pad_000; /* Alignment pad byte. */ 63 unsigned char srpi_rtcode[4]; /* SRPI return code LELONG */ 64 unsigned char srpi_verb; /* SRPI verb type */ 65 unsigned char flags; /* flags */ 66 unsigned char func_id[2]; /* function id */ 67 unsigned char checkpoint_flag; /* */ 68 unsigned char resv2; /* reserved */ 69 unsigned short req_parml; /* request parameter buffer */ 70 /* length 16-bit little endian */ 71 unsigned char req_parmp[4]; /* request parameter buffer * 72 * pointer (means nothing: the * 73 * parameter buffer follows * 74 * the CPRB). */ 75 unsigned char req_datal[4]; /* request data buffer */ 76 /* length ULELONG */ 77 unsigned char req_datap[4]; /* request data buffer */ 78 /* pointer */ 79 unsigned short rpl_parml; /* reply parameter buffer */ 80 /* length 16-bit little endian */ 81 unsigned char pad_001[2]; /* Alignment pad bytes. ULESHORT */ 82 unsigned char rpl_parmp[4]; /* reply parameter buffer * 83 * pointer (means nothing: the * 84 * parameter buffer follows * 85 * the CPRB). */ 86 unsigned char rpl_datal[4]; /* reply data buffer len ULELONG */ 87 unsigned char rpl_datap[4]; /* reply data buffer */ 88 /* pointer */ 89 unsigned short ccp_rscode; /* server reason code ULESHORT */ 90 unsigned short ccp_rtcode; /* server return code ULESHORT */ 91 unsigned char repd_parml[2]; /* replied parameter len ULESHORT*/ 92 unsigned char mac_data_len[2]; /* Mac Data Length ULESHORT */ 93 unsigned char repd_datal[4]; /* replied data length ULELONG */ 94 unsigned char req_pc[2]; /* PC identifier */ 95 unsigned char res_origin[8]; /* resource origin */ 96 unsigned char mac_value[8]; /* Mac Value */ 97 unsigned char logon_id[8]; /* Logon Identifier */ 98 unsigned char usage_domain[2]; /* cdx */ 99 unsigned char resv3[18]; /* reserved for requestor */ 100 unsigned short svr_namel; /* server name length ULESHORT */ 101 unsigned char svr_name[8]; /* server name */ 102 } __packed; 103 104 struct function_and_rules_block { 105 unsigned char function_code[2]; 106 unsigned short ulen; 107 unsigned char only_rule[8]; 108 } __packed; 109 110 /* 111 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP 112 * card in a type6 message. The 3 fields that must be filled in at execution 113 * time are req_parml, rpl_parml and usage_domain. 114 * Everything about this interface is ascii/big-endian, since the 115 * device does *not* have 'Intel inside'. 116 * 117 * The CPRBX is followed immediately by the parm block. 118 * The parm block contains: 119 * - function code ('PD' 0x5044 or 'PK' 0x504B) 120 * - rule block (one of:) 121 * + 0x000A 'PKCS-1.2' (MCL2 'PD') 122 * + 0x000A 'ZERO-PAD' (MCL2 'PK') 123 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD') 124 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK') 125 * - VUD block 126 */ 127 static const struct CPRBX static_cprbx = { 128 .cprb_len = 0x00DC, 129 .cprb_ver_id = 0x02, 130 .func_id = {0x54, 0x32}, 131 }; 132 133 int speed_idx_cca(int req_type) 134 { 135 switch (req_type) { 136 case 0x4142: 137 case 0x4149: 138 case 0x414D: 139 case 0x4341: 140 case 0x4344: 141 case 0x4354: 142 case 0x4358: 143 case 0x444B: 144 case 0x4558: 145 case 0x4643: 146 case 0x4651: 147 case 0x4C47: 148 case 0x4C4B: 149 case 0x4C51: 150 case 0x4F48: 151 case 0x504F: 152 case 0x5053: 153 case 0x5058: 154 case 0x5343: 155 case 0x5344: 156 case 0x5345: 157 case 0x5350: 158 return LOW; 159 case 0x414B: 160 case 0x4345: 161 case 0x4349: 162 case 0x434D: 163 case 0x4847: 164 case 0x4849: 165 case 0x484D: 166 case 0x4850: 167 case 0x4851: 168 case 0x4954: 169 case 0x4958: 170 case 0x4B43: 171 case 0x4B44: 172 case 0x4B45: 173 case 0x4B47: 174 case 0x4B48: 175 case 0x4B49: 176 case 0x4B4E: 177 case 0x4B50: 178 case 0x4B52: 179 case 0x4B54: 180 case 0x4B58: 181 case 0x4D50: 182 case 0x4D53: 183 case 0x4D56: 184 case 0x4D58: 185 case 0x5044: 186 case 0x5045: 187 case 0x5046: 188 case 0x5047: 189 case 0x5049: 190 case 0x504B: 191 case 0x504D: 192 case 0x5254: 193 case 0x5347: 194 case 0x5349: 195 case 0x534B: 196 case 0x534D: 197 case 0x5356: 198 case 0x5358: 199 case 0x5443: 200 case 0x544B: 201 case 0x5647: 202 return HIGH; 203 default: 204 return MEDIUM; 205 } 206 } 207 208 int speed_idx_ep11(int req_type) 209 { 210 switch (req_type) { 211 case 1: 212 case 2: 213 case 36: 214 case 37: 215 case 38: 216 case 39: 217 case 40: 218 return LOW; 219 case 17: 220 case 18: 221 case 19: 222 case 20: 223 case 21: 224 case 22: 225 case 26: 226 case 30: 227 case 31: 228 case 32: 229 case 33: 230 case 34: 231 case 35: 232 return HIGH; 233 default: 234 return MEDIUM; 235 } 236 } 237 238 239 /* 240 * Convert a ICAMEX message to a type6 MEX message. 241 * 242 * @zq: crypto device pointer 243 * @ap_msg: pointer to AP message 244 * @mex: pointer to user input data 245 * 246 * Returns 0 on success or negative errno value. 247 */ 248 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq, 249 struct ap_message *ap_msg, 250 struct ica_rsa_modexpo *mex) 251 { 252 static struct type6_hdr static_type6_hdrX = { 253 .type = 0x06, 254 .offset1 = 0x00000058, 255 .agent_id = {'C', 'A',}, 256 .function_code = {'P', 'K'}, 257 }; 258 static struct function_and_rules_block static_pke_fnr = { 259 .function_code = {'P', 'K'}, 260 .ulen = 10, 261 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '} 262 }; 263 struct { 264 struct type6_hdr hdr; 265 struct CPRBX cprbx; 266 struct function_and_rules_block fr; 267 unsigned short length; 268 char text[0]; 269 } __packed * msg = ap_msg->msg; 270 int size; 271 272 /* 273 * The inputdatalength was a selection criteria in the dispatching 274 * function zcrypt_rsa_modexpo(). However, make sure the following 275 * copy_from_user() never exceeds the allocated buffer space. 276 */ 277 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE)) 278 return -EINVAL; 279 280 /* VUD.ciphertext */ 281 msg->length = mex->inputdatalength + 2; 282 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength)) 283 return -EFAULT; 284 285 /* Set up key which is located after the variable length text. */ 286 size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength); 287 if (size < 0) 288 return size; 289 size += sizeof(*msg) + mex->inputdatalength; 290 291 /* message header, cprbx and f&r */ 292 msg->hdr = static_type6_hdrX; 293 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr); 294 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 295 296 msg->cprbx = static_cprbx; 297 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 298 msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1; 299 300 msg->fr = static_pke_fnr; 301 302 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx); 303 304 ap_msg->len = size; 305 return 0; 306 } 307 308 /* 309 * Convert a ICACRT message to a type6 CRT message. 310 * 311 * @zq: crypto device pointer 312 * @ap_msg: pointer to AP message 313 * @crt: pointer to user input data 314 * 315 * Returns 0 on success or negative errno value. 316 */ 317 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq, 318 struct ap_message *ap_msg, 319 struct ica_rsa_modexpo_crt *crt) 320 { 321 static struct type6_hdr static_type6_hdrX = { 322 .type = 0x06, 323 .offset1 = 0x00000058, 324 .agent_id = {'C', 'A',}, 325 .function_code = {'P', 'D'}, 326 }; 327 static struct function_and_rules_block static_pkd_fnr = { 328 .function_code = {'P', 'D'}, 329 .ulen = 10, 330 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'} 331 }; 332 333 struct { 334 struct type6_hdr hdr; 335 struct CPRBX cprbx; 336 struct function_and_rules_block fr; 337 unsigned short length; 338 char text[0]; 339 } __packed * msg = ap_msg->msg; 340 int size; 341 342 /* 343 * The inputdatalength was a selection criteria in the dispatching 344 * function zcrypt_rsa_crt(). However, make sure the following 345 * copy_from_user() never exceeds the allocated buffer space. 346 */ 347 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE)) 348 return -EINVAL; 349 350 /* VUD.ciphertext */ 351 msg->length = crt->inputdatalength + 2; 352 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength)) 353 return -EFAULT; 354 355 /* Set up key which is located after the variable length text. */ 356 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength); 357 if (size < 0) 358 return size; 359 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */ 360 361 /* message header, cprbx and f&r */ 362 msg->hdr = static_type6_hdrX; 363 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr); 364 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 365 366 msg->cprbx = static_cprbx; 367 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 368 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl = 369 size - sizeof(msg->hdr) - sizeof(msg->cprbx); 370 371 msg->fr = static_pkd_fnr; 372 373 ap_msg->len = size; 374 return 0; 375 } 376 377 /* 378 * Convert a XCRB message to a type6 CPRB message. 379 * 380 * @zq: crypto device pointer 381 * @ap_msg: pointer to AP message 382 * @xcRB: pointer to user input data 383 * 384 * Returns 0 on success or -EFAULT, -EINVAL. 385 */ 386 struct type86_fmt2_msg { 387 struct type86_hdr hdr; 388 struct type86_fmt2_ext fmt2; 389 } __packed; 390 391 static int XCRB_msg_to_type6CPRB_msgX(bool userspace, struct ap_message *ap_msg, 392 struct ica_xcRB *xcRB, 393 unsigned int *fcode, 394 unsigned short **dom) 395 { 396 static struct type6_hdr static_type6_hdrX = { 397 .type = 0x06, 398 .offset1 = 0x00000058, 399 }; 400 struct { 401 struct type6_hdr hdr; 402 struct CPRBX cprbx; 403 } __packed * msg = ap_msg->msg; 404 405 int rcblen = CEIL4(xcRB->request_control_blk_length); 406 int req_sumlen, resp_sumlen; 407 char *req_data = ap_msg->msg + sizeof(struct type6_hdr) + rcblen; 408 char *function_code; 409 410 if (CEIL4(xcRB->request_control_blk_length) < 411 xcRB->request_control_blk_length) 412 return -EINVAL; /* overflow after alignment*/ 413 414 /* length checks */ 415 ap_msg->len = sizeof(struct type6_hdr) + 416 CEIL4(xcRB->request_control_blk_length) + 417 xcRB->request_data_length; 418 if (ap_msg->len > ap_msg->bufsize) 419 return -EINVAL; 420 421 /* 422 * Overflow check 423 * sum must be greater (or equal) than the largest operand 424 */ 425 req_sumlen = CEIL4(xcRB->request_control_blk_length) + 426 xcRB->request_data_length; 427 if ((CEIL4(xcRB->request_control_blk_length) <= 428 xcRB->request_data_length) ? 429 (req_sumlen < xcRB->request_data_length) : 430 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) { 431 return -EINVAL; 432 } 433 434 if (CEIL4(xcRB->reply_control_blk_length) < 435 xcRB->reply_control_blk_length) 436 return -EINVAL; /* overflow after alignment*/ 437 438 /* 439 * Overflow check 440 * sum must be greater (or equal) than the largest operand 441 */ 442 resp_sumlen = CEIL4(xcRB->reply_control_blk_length) + 443 xcRB->reply_data_length; 444 if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ? 445 (resp_sumlen < xcRB->reply_data_length) : 446 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) { 447 return -EINVAL; 448 } 449 450 /* prepare type6 header */ 451 msg->hdr = static_type6_hdrX; 452 memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID)); 453 msg->hdr.ToCardLen1 = xcRB->request_control_blk_length; 454 if (xcRB->request_data_length) { 455 msg->hdr.offset2 = msg->hdr.offset1 + rcblen; 456 msg->hdr.ToCardLen2 = xcRB->request_data_length; 457 } 458 msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length; 459 msg->hdr.FromCardLen2 = xcRB->reply_data_length; 460 461 /* prepare CPRB */ 462 if (z_copy_from_user(userspace, &(msg->cprbx), xcRB->request_control_blk_addr, 463 xcRB->request_control_blk_length)) 464 return -EFAULT; 465 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) > 466 xcRB->request_control_blk_length) 467 return -EINVAL; 468 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len; 469 memcpy(msg->hdr.function_code, function_code, 470 sizeof(msg->hdr.function_code)); 471 472 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1]; 473 *dom = (unsigned short *)&msg->cprbx.domain; 474 475 if (memcmp(function_code, "US", 2) == 0 476 || memcmp(function_code, "AU", 2) == 0) 477 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 478 479 #ifdef CONFIG_ZCRYPT_DEBUG 480 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL) 481 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL; 482 #endif 483 484 /* copy data block */ 485 if (xcRB->request_data_length && 486 z_copy_from_user(userspace, req_data, xcRB->request_data_address, 487 xcRB->request_data_length)) 488 return -EFAULT; 489 490 return 0; 491 } 492 493 static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap_msg, 494 struct ep11_urb *xcRB, 495 unsigned int *fcode) 496 { 497 unsigned int lfmt; 498 static struct type6_hdr static_type6_ep11_hdr = { 499 .type = 0x06, 500 .rqid = {0x00, 0x01}, 501 .function_code = {0x00, 0x00}, 502 .agent_id[0] = 0x58, /* {'X'} */ 503 .agent_id[1] = 0x43, /* {'C'} */ 504 .offset1 = 0x00000058, 505 }; 506 507 struct { 508 struct type6_hdr hdr; 509 struct ep11_cprb cprbx; 510 unsigned char pld_tag; /* fixed value 0x30 */ 511 unsigned char pld_lenfmt; /* payload length format */ 512 } __packed * msg = ap_msg->msg; 513 514 struct pld_hdr { 515 unsigned char func_tag; /* fixed value 0x4 */ 516 unsigned char func_len; /* fixed value 0x4 */ 517 unsigned int func_val; /* function ID */ 518 unsigned char dom_tag; /* fixed value 0x4 */ 519 unsigned char dom_len; /* fixed value 0x4 */ 520 unsigned int dom_val; /* domain id */ 521 } __packed * payload_hdr = NULL; 522 523 if (CEIL4(xcRB->req_len) < xcRB->req_len) 524 return -EINVAL; /* overflow after alignment*/ 525 526 /* length checks */ 527 ap_msg->len = sizeof(struct type6_hdr) + CEIL4(xcRB->req_len); 528 if (ap_msg->len > ap_msg->bufsize) 529 return -EINVAL; 530 531 if (CEIL4(xcRB->resp_len) < xcRB->resp_len) 532 return -EINVAL; /* overflow after alignment*/ 533 534 /* prepare type6 header */ 535 msg->hdr = static_type6_ep11_hdr; 536 msg->hdr.ToCardLen1 = xcRB->req_len; 537 msg->hdr.FromCardLen1 = xcRB->resp_len; 538 539 /* Import CPRB data from the ioctl input parameter */ 540 if (z_copy_from_user(userspace, &(msg->cprbx.cprb_len), 541 (char __force __user *)xcRB->req, xcRB->req_len)) { 542 return -EFAULT; 543 } 544 545 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 546 switch (msg->pld_lenfmt & 0x03) { 547 case 1: 548 lfmt = 2; 549 break; 550 case 2: 551 lfmt = 3; 552 break; 553 default: 554 return -EINVAL; 555 } 556 } else { 557 lfmt = 1; /* length format #1 */ 558 } 559 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt); 560 *fcode = payload_hdr->func_val & 0xFFFF; 561 562 /* enable special processing based on the cprbs flags special bit */ 563 if (msg->cprbx.flags & 0x20) 564 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 565 566 #ifdef CONFIG_ZCRYPT_DEBUG 567 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL) 568 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL; 569 #endif 570 571 return 0; 572 } 573 574 /* 575 * Copy results from a type 86 ICA reply message back to user space. 576 * 577 * @zq: crypto device pointer 578 * @reply: reply AP message. 579 * @data: pointer to user output data 580 * @length: size of user output data 581 * 582 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 583 */ 584 struct type86x_reply { 585 struct type86_hdr hdr; 586 struct type86_fmt2_ext fmt2; 587 struct CPRBX cprbx; 588 unsigned char pad[4]; /* 4 byte function code/rules block ? */ 589 unsigned short length; 590 char text[]; 591 } __packed; 592 593 struct type86_ep11_reply { 594 struct type86_hdr hdr; 595 struct type86_fmt2_ext fmt2; 596 struct ep11_cprb cprbx; 597 } __packed; 598 599 static int convert_type86_ica(struct zcrypt_queue *zq, 600 struct ap_message *reply, 601 char __user *outputdata, 602 unsigned int outputdatalength) 603 { 604 static unsigned char static_pad[] = { 605 0x00, 0x02, 606 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD, 607 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57, 608 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B, 609 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39, 610 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5, 611 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D, 612 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB, 613 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F, 614 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9, 615 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45, 616 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9, 617 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F, 618 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD, 619 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D, 620 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD, 621 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9, 622 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B, 623 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B, 624 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B, 625 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD, 626 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7, 627 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1, 628 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3, 629 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23, 630 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55, 631 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43, 632 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F, 633 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F, 634 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5, 635 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD, 636 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41, 637 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09 638 }; 639 struct type86x_reply *msg = reply->msg; 640 unsigned short service_rc, service_rs; 641 unsigned int reply_len, pad_len; 642 char *data; 643 644 service_rc = msg->cprbx.ccp_rtcode; 645 if (unlikely(service_rc != 0)) { 646 service_rs = msg->cprbx.ccp_rscode; 647 if ((service_rc == 8 && service_rs == 66) || 648 (service_rc == 8 && service_rs == 65) || 649 (service_rc == 8 && service_rs == 72) || 650 (service_rc == 8 && service_rs == 770) || 651 (service_rc == 12 && service_rs == 769)) { 652 ZCRYPT_DBF_WARN("%s dev=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n", 653 __func__, AP_QID_CARD(zq->queue->qid), 654 AP_QID_QUEUE(zq->queue->qid), 655 (int) service_rc, (int) service_rs); 656 return -EINVAL; 657 } 658 zq->online = 0; 659 pr_err("Crypto dev=%02x.%04x rc/rs=%d/%d online=0 rc=EAGAIN\n", 660 AP_QID_CARD(zq->queue->qid), 661 AP_QID_QUEUE(zq->queue->qid), 662 (int) service_rc, (int) service_rs); 663 ZCRYPT_DBF_ERR("%s dev=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n", 664 __func__, AP_QID_CARD(zq->queue->qid), 665 AP_QID_QUEUE(zq->queue->qid), 666 (int) service_rc, (int) service_rs); 667 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 668 return -EAGAIN; 669 } 670 data = msg->text; 671 reply_len = msg->length - 2; 672 if (reply_len > outputdatalength) 673 return -EINVAL; 674 /* 675 * For all encipher requests, the length of the ciphertext (reply_len) 676 * will always equal the modulus length. For MEX decipher requests 677 * the output needs to get padded. Minimum pad size is 10. 678 * 679 * Currently, the cases where padding will be added is for: 680 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support 681 * ZERO-PAD and CRT is only supported for PKD requests) 682 * - PCICC, always 683 */ 684 pad_len = outputdatalength - reply_len; 685 if (pad_len > 0) { 686 if (pad_len < 10) 687 return -EINVAL; 688 /* 'restore' padding left in the CEXXC card. */ 689 if (copy_to_user(outputdata, static_pad, pad_len - 1)) 690 return -EFAULT; 691 if (put_user(0, outputdata + pad_len - 1)) 692 return -EFAULT; 693 } 694 /* Copy the crypto response to user space. */ 695 if (copy_to_user(outputdata + pad_len, data, reply_len)) 696 return -EFAULT; 697 return 0; 698 } 699 700 /* 701 * Copy results from a type 86 XCRB reply message back to user space. 702 * 703 * @zq: crypto device pointer 704 * @reply: reply AP message. 705 * @xcRB: pointer to XCRB 706 * 707 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 708 */ 709 static int convert_type86_xcrb(bool userspace, struct zcrypt_queue *zq, 710 struct ap_message *reply, 711 struct ica_xcRB *xcRB) 712 { 713 struct type86_fmt2_msg *msg = reply->msg; 714 char *data = reply->msg; 715 716 /* Copy CPRB to user */ 717 if (z_copy_to_user(userspace, xcRB->reply_control_blk_addr, 718 data + msg->fmt2.offset1, msg->fmt2.count1)) 719 return -EFAULT; 720 xcRB->reply_control_blk_length = msg->fmt2.count1; 721 722 /* Copy data buffer to user */ 723 if (msg->fmt2.count2) 724 if (z_copy_to_user(userspace, xcRB->reply_data_addr, 725 data + msg->fmt2.offset2, msg->fmt2.count2)) 726 return -EFAULT; 727 xcRB->reply_data_length = msg->fmt2.count2; 728 return 0; 729 } 730 731 /* 732 * Copy results from a type 86 EP11 XCRB reply message back to user space. 733 * 734 * @zq: crypto device pointer 735 * @reply: reply AP message. 736 * @xcRB: pointer to EP11 user request block 737 * 738 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 739 */ 740 static int convert_type86_ep11_xcrb(bool userspace, struct zcrypt_queue *zq, 741 struct ap_message *reply, 742 struct ep11_urb *xcRB) 743 { 744 struct type86_fmt2_msg *msg = reply->msg; 745 char *data = reply->msg; 746 747 if (xcRB->resp_len < msg->fmt2.count1) 748 return -EINVAL; 749 750 /* Copy response CPRB to user */ 751 if (z_copy_to_user(userspace, (char __force __user *)xcRB->resp, 752 data + msg->fmt2.offset1, msg->fmt2.count1)) 753 return -EFAULT; 754 xcRB->resp_len = msg->fmt2.count1; 755 return 0; 756 } 757 758 static int convert_type86_rng(struct zcrypt_queue *zq, 759 struct ap_message *reply, 760 char *buffer) 761 { 762 struct { 763 struct type86_hdr hdr; 764 struct type86_fmt2_ext fmt2; 765 struct CPRBX cprbx; 766 } __packed * msg = reply->msg; 767 char *data = reply->msg; 768 769 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0) 770 return -EINVAL; 771 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2); 772 return msg->fmt2.count2; 773 } 774 775 static int convert_response_ica(struct zcrypt_queue *zq, 776 struct ap_message *reply, 777 char __user *outputdata, 778 unsigned int outputdatalength) 779 { 780 struct type86x_reply *msg = reply->msg; 781 782 switch (msg->hdr.type) { 783 case TYPE82_RSP_CODE: 784 case TYPE88_RSP_CODE: 785 return convert_error(zq, reply); 786 case TYPE86_RSP_CODE: 787 if (msg->cprbx.ccp_rtcode && 788 (msg->cprbx.ccp_rscode == 0x14f) && 789 (outputdatalength > 256)) { 790 if (zq->zcard->max_exp_bit_length <= 17) { 791 zq->zcard->max_exp_bit_length = 17; 792 return -EAGAIN; 793 } else 794 return -EINVAL; 795 } 796 if (msg->hdr.reply_code) 797 return convert_error(zq, reply); 798 if (msg->cprbx.cprb_ver_id == 0x02) 799 return convert_type86_ica(zq, reply, 800 outputdata, outputdatalength); 801 fallthrough; /* wrong cprb version is an unknown response */ 802 default: 803 /* Unknown response type, this should NEVER EVER happen */ 804 zq->online = 0; 805 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 806 AP_QID_CARD(zq->queue->qid), 807 AP_QID_QUEUE(zq->queue->qid), 808 (int) msg->hdr.type); 809 ZCRYPT_DBF_ERR( 810 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 811 __func__, AP_QID_CARD(zq->queue->qid), 812 AP_QID_QUEUE(zq->queue->qid), (int) msg->hdr.type); 813 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 814 return -EAGAIN; 815 } 816 } 817 818 static int convert_response_xcrb(bool userspace, struct zcrypt_queue *zq, 819 struct ap_message *reply, 820 struct ica_xcRB *xcRB) 821 { 822 struct type86x_reply *msg = reply->msg; 823 824 switch (msg->hdr.type) { 825 case TYPE82_RSP_CODE: 826 case TYPE88_RSP_CODE: 827 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */ 828 return convert_error(zq, reply); 829 case TYPE86_RSP_CODE: 830 if (msg->hdr.reply_code) { 831 memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32)); 832 return convert_error(zq, reply); 833 } 834 if (msg->cprbx.cprb_ver_id == 0x02) 835 return convert_type86_xcrb(userspace, zq, reply, xcRB); 836 fallthrough; /* wrong cprb version is an unknown response */ 837 default: /* Unknown response type, this should NEVER EVER happen */ 838 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */ 839 zq->online = 0; 840 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 841 AP_QID_CARD(zq->queue->qid), 842 AP_QID_QUEUE(zq->queue->qid), 843 (int) msg->hdr.type); 844 ZCRYPT_DBF_ERR( 845 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 846 __func__, AP_QID_CARD(zq->queue->qid), 847 AP_QID_QUEUE(zq->queue->qid), (int) msg->hdr.type); 848 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 849 return -EAGAIN; 850 } 851 } 852 853 static int convert_response_ep11_xcrb(bool userspace, struct zcrypt_queue *zq, 854 struct ap_message *reply, struct ep11_urb *xcRB) 855 { 856 struct type86_ep11_reply *msg = reply->msg; 857 858 switch (msg->hdr.type) { 859 case TYPE82_RSP_CODE: 860 case TYPE87_RSP_CODE: 861 return convert_error(zq, reply); 862 case TYPE86_RSP_CODE: 863 if (msg->hdr.reply_code) 864 return convert_error(zq, reply); 865 if (msg->cprbx.cprb_ver_id == 0x04) 866 return convert_type86_ep11_xcrb(userspace, zq, reply, xcRB); 867 fallthrough; /* wrong cprb version is an unknown resp */ 868 default: /* Unknown response type, this should NEVER EVER happen */ 869 zq->online = 0; 870 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 871 AP_QID_CARD(zq->queue->qid), 872 AP_QID_QUEUE(zq->queue->qid), 873 (int) msg->hdr.type); 874 ZCRYPT_DBF_ERR( 875 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 876 __func__, AP_QID_CARD(zq->queue->qid), 877 AP_QID_QUEUE(zq->queue->qid), (int) msg->hdr.type); 878 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 879 return -EAGAIN; 880 } 881 } 882 883 static int convert_response_rng(struct zcrypt_queue *zq, 884 struct ap_message *reply, 885 char *data) 886 { 887 struct type86x_reply *msg = reply->msg; 888 889 switch (msg->hdr.type) { 890 case TYPE82_RSP_CODE: 891 case TYPE88_RSP_CODE: 892 return -EINVAL; 893 case TYPE86_RSP_CODE: 894 if (msg->hdr.reply_code) 895 return -EINVAL; 896 if (msg->cprbx.cprb_ver_id == 0x02) 897 return convert_type86_rng(zq, reply, data); 898 fallthrough; /* wrong cprb version is an unknown response */ 899 default: /* Unknown response type, this should NEVER EVER happen */ 900 zq->online = 0; 901 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 902 AP_QID_CARD(zq->queue->qid), 903 AP_QID_QUEUE(zq->queue->qid), 904 (int) msg->hdr.type); 905 ZCRYPT_DBF_ERR( 906 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 907 __func__, AP_QID_CARD(zq->queue->qid), 908 AP_QID_QUEUE(zq->queue->qid), (int) msg->hdr.type); 909 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 910 return -EAGAIN; 911 } 912 } 913 914 /* 915 * This function is called from the AP bus code after a crypto request 916 * "msg" has finished with the reply message "reply". 917 * It is called from tasklet context. 918 * @aq: pointer to the AP queue 919 * @msg: pointer to the AP message 920 * @reply: pointer to the AP reply message 921 */ 922 static void zcrypt_msgtype6_receive(struct ap_queue *aq, 923 struct ap_message *msg, 924 struct ap_message *reply) 925 { 926 static struct error_hdr error_reply = { 927 .type = TYPE82_RSP_CODE, 928 .reply_code = REP82_ERROR_MACHINE_FAILURE, 929 }; 930 struct response_type *resp_type = 931 (struct response_type *) msg->private; 932 struct type86x_reply *t86r; 933 int len; 934 935 /* Copy the reply message to the request message buffer. */ 936 if (!reply) 937 goto out; /* ap_msg->rc indicates the error */ 938 t86r = reply->msg; 939 if (t86r->hdr.type == TYPE86_RSP_CODE && 940 t86r->cprbx.cprb_ver_id == 0x02) { 941 switch (resp_type->type) { 942 case CEXXC_RESPONSE_TYPE_ICA: 943 len = sizeof(struct type86x_reply) + t86r->length - 2; 944 if (len > reply->bufsize || len > msg->bufsize) { 945 msg->rc = -EMSGSIZE; 946 } else { 947 memcpy(msg->msg, reply->msg, len); 948 msg->len = len; 949 } 950 break; 951 case CEXXC_RESPONSE_TYPE_XCRB: 952 len = t86r->fmt2.offset2 + t86r->fmt2.count2; 953 if (len > reply->bufsize || len > msg->bufsize) { 954 msg->rc = -EMSGSIZE; 955 } else { 956 memcpy(msg->msg, reply->msg, len); 957 msg->len = len; 958 } 959 break; 960 default: 961 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 962 } 963 } else 964 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 965 out: 966 complete(&(resp_type->work)); 967 } 968 969 /* 970 * This function is called from the AP bus code after a crypto request 971 * "msg" has finished with the reply message "reply". 972 * It is called from tasklet context. 973 * @aq: pointer to the AP queue 974 * @msg: pointer to the AP message 975 * @reply: pointer to the AP reply message 976 */ 977 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq, 978 struct ap_message *msg, 979 struct ap_message *reply) 980 { 981 static struct error_hdr error_reply = { 982 .type = TYPE82_RSP_CODE, 983 .reply_code = REP82_ERROR_MACHINE_FAILURE, 984 }; 985 struct response_type *resp_type = 986 (struct response_type *)msg->private; 987 struct type86_ep11_reply *t86r; 988 int len; 989 990 /* Copy the reply message to the request message buffer. */ 991 if (!reply) 992 goto out; /* ap_msg->rc indicates the error */ 993 t86r = reply->msg; 994 if (t86r->hdr.type == TYPE86_RSP_CODE && 995 t86r->cprbx.cprb_ver_id == 0x04) { 996 switch (resp_type->type) { 997 case CEXXC_RESPONSE_TYPE_EP11: 998 len = t86r->fmt2.offset1 + t86r->fmt2.count1; 999 if (len > reply->bufsize || len > msg->bufsize) { 1000 msg->rc = -EMSGSIZE; 1001 } else { 1002 memcpy(msg->msg, reply->msg, len); 1003 msg->len = len; 1004 } 1005 break; 1006 default: 1007 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 1008 } 1009 } else { 1010 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 1011 } 1012 out: 1013 complete(&(resp_type->work)); 1014 } 1015 1016 static atomic_t zcrypt_step = ATOMIC_INIT(0); 1017 1018 /* 1019 * The request distributor calls this function if it picked the CEXxC 1020 * device to handle a modexpo request. 1021 * @zq: pointer to zcrypt_queue structure that identifies the 1022 * CEXxC device to the request distributor 1023 * @mex: pointer to the modexpo request buffer 1024 */ 1025 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq, 1026 struct ica_rsa_modexpo *mex, 1027 struct ap_message *ap_msg) 1028 { 1029 struct response_type resp_type = { 1030 .type = CEXXC_RESPONSE_TYPE_ICA, 1031 }; 1032 int rc; 1033 1034 ap_msg->msg = (void *) get_zeroed_page(GFP_KERNEL); 1035 if (!ap_msg->msg) 1036 return -ENOMEM; 1037 ap_msg->bufsize = PAGE_SIZE; 1038 ap_msg->receive = zcrypt_msgtype6_receive; 1039 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1040 atomic_inc_return(&zcrypt_step); 1041 ap_msg->private = &resp_type; 1042 rc = ICAMEX_msg_to_type6MEX_msgX(zq, ap_msg, mex); 1043 if (rc) 1044 goto out_free; 1045 init_completion(&resp_type.work); 1046 rc = ap_queue_message(zq->queue, ap_msg); 1047 if (rc) 1048 goto out_free; 1049 rc = wait_for_completion_interruptible(&resp_type.work); 1050 if (rc == 0) { 1051 rc = ap_msg->rc; 1052 if (rc == 0) 1053 rc = convert_response_ica(zq, ap_msg, 1054 mex->outputdata, 1055 mex->outputdatalength); 1056 } else 1057 /* Signal pending. */ 1058 ap_cancel_message(zq->queue, ap_msg); 1059 out_free: 1060 free_page((unsigned long) ap_msg->msg); 1061 ap_msg->private = NULL; 1062 ap_msg->msg = NULL; 1063 return rc; 1064 } 1065 1066 /* 1067 * The request distributor calls this function if it picked the CEXxC 1068 * device to handle a modexpo_crt request. 1069 * @zq: pointer to zcrypt_queue structure that identifies the 1070 * CEXxC device to the request distributor 1071 * @crt: pointer to the modexpoc_crt request buffer 1072 */ 1073 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq, 1074 struct ica_rsa_modexpo_crt *crt, 1075 struct ap_message *ap_msg) 1076 { 1077 struct response_type resp_type = { 1078 .type = CEXXC_RESPONSE_TYPE_ICA, 1079 }; 1080 int rc; 1081 1082 ap_msg->msg = (void *) get_zeroed_page(GFP_KERNEL); 1083 if (!ap_msg->msg) 1084 return -ENOMEM; 1085 ap_msg->bufsize = PAGE_SIZE; 1086 ap_msg->receive = zcrypt_msgtype6_receive; 1087 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1088 atomic_inc_return(&zcrypt_step); 1089 ap_msg->private = &resp_type; 1090 rc = ICACRT_msg_to_type6CRT_msgX(zq, ap_msg, crt); 1091 if (rc) 1092 goto out_free; 1093 init_completion(&resp_type.work); 1094 rc = ap_queue_message(zq->queue, ap_msg); 1095 if (rc) 1096 goto out_free; 1097 rc = wait_for_completion_interruptible(&resp_type.work); 1098 if (rc == 0) { 1099 rc = ap_msg->rc; 1100 if (rc == 0) 1101 rc = convert_response_ica(zq, ap_msg, 1102 crt->outputdata, 1103 crt->outputdatalength); 1104 } else { 1105 /* Signal pending. */ 1106 ap_cancel_message(zq->queue, ap_msg); 1107 } 1108 out_free: 1109 free_page((unsigned long) ap_msg->msg); 1110 ap_msg->private = NULL; 1111 ap_msg->msg = NULL; 1112 return rc; 1113 } 1114 1115 /* 1116 * Fetch function code from cprb. 1117 * Extracting the fc requires to copy the cprb from userspace. 1118 * So this function allocates memory and needs an ap_msg prepared 1119 * by the caller with ap_init_message(). Also the caller has to 1120 * make sure ap_release_message() is always called even on failure. 1121 */ 1122 unsigned int get_cprb_fc(bool userspace, struct ica_xcRB *xcRB, 1123 struct ap_message *ap_msg, 1124 unsigned int *func_code, unsigned short **dom) 1125 { 1126 struct response_type resp_type = { 1127 .type = CEXXC_RESPONSE_TYPE_XCRB, 1128 }; 1129 1130 ap_msg->bufsize = atomic_read(&ap_max_msg_size); 1131 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1132 if (!ap_msg->msg) 1133 return -ENOMEM; 1134 ap_msg->receive = zcrypt_msgtype6_receive; 1135 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1136 atomic_inc_return(&zcrypt_step); 1137 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1138 if (!ap_msg->private) 1139 return -ENOMEM; 1140 return XCRB_msg_to_type6CPRB_msgX(userspace, ap_msg, xcRB, func_code, dom); 1141 } 1142 1143 /* 1144 * The request distributor calls this function if it picked the CEXxC 1145 * device to handle a send_cprb request. 1146 * @zq: pointer to zcrypt_queue structure that identifies the 1147 * CEXxC device to the request distributor 1148 * @xcRB: pointer to the send_cprb request buffer 1149 */ 1150 static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq, 1151 struct ica_xcRB *xcRB, 1152 struct ap_message *ap_msg) 1153 { 1154 int rc; 1155 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1156 1157 init_completion(&rtype->work); 1158 rc = ap_queue_message(zq->queue, ap_msg); 1159 if (rc) 1160 goto out; 1161 rc = wait_for_completion_interruptible(&rtype->work); 1162 if (rc == 0) { 1163 rc = ap_msg->rc; 1164 if (rc == 0) 1165 rc = convert_response_xcrb(userspace, zq, ap_msg, xcRB); 1166 } else 1167 /* Signal pending. */ 1168 ap_cancel_message(zq->queue, ap_msg); 1169 out: 1170 return rc; 1171 } 1172 1173 /* 1174 * Fetch function code from ep11 cprb. 1175 * Extracting the fc requires to copy the ep11 cprb from userspace. 1176 * So this function allocates memory and needs an ap_msg prepared 1177 * by the caller with ap_init_message(). Also the caller has to 1178 * make sure ap_release_message() is always called even on failure. 1179 */ 1180 unsigned int get_ep11cprb_fc(bool userspace, struct ep11_urb *xcrb, 1181 struct ap_message *ap_msg, 1182 unsigned int *func_code) 1183 { 1184 struct response_type resp_type = { 1185 .type = CEXXC_RESPONSE_TYPE_EP11, 1186 }; 1187 1188 ap_msg->bufsize = atomic_read(&ap_max_msg_size); 1189 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1190 if (!ap_msg->msg) 1191 return -ENOMEM; 1192 ap_msg->receive = zcrypt_msgtype6_receive_ep11; 1193 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1194 atomic_inc_return(&zcrypt_step); 1195 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1196 if (!ap_msg->private) 1197 return -ENOMEM; 1198 return xcrb_msg_to_type6_ep11cprb_msgx(userspace, ap_msg, xcrb, func_code); 1199 } 1200 1201 /* 1202 * The request distributor calls this function if it picked the CEX4P 1203 * device to handle a send_ep11_cprb request. 1204 * @zq: pointer to zcrypt_queue structure that identifies the 1205 * CEX4P device to the request distributor 1206 * @xcRB: pointer to the ep11 user request block 1207 */ 1208 static long zcrypt_msgtype6_send_ep11_cprb(bool userspace, struct zcrypt_queue *zq, 1209 struct ep11_urb *xcrb, 1210 struct ap_message *ap_msg) 1211 { 1212 int rc; 1213 unsigned int lfmt; 1214 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1215 struct { 1216 struct type6_hdr hdr; 1217 struct ep11_cprb cprbx; 1218 unsigned char pld_tag; /* fixed value 0x30 */ 1219 unsigned char pld_lenfmt; /* payload length format */ 1220 } __packed * msg = ap_msg->msg; 1221 struct pld_hdr { 1222 unsigned char func_tag; /* fixed value 0x4 */ 1223 unsigned char func_len; /* fixed value 0x4 */ 1224 unsigned int func_val; /* function ID */ 1225 unsigned char dom_tag; /* fixed value 0x4 */ 1226 unsigned char dom_len; /* fixed value 0x4 */ 1227 unsigned int dom_val; /* domain id */ 1228 } __packed * payload_hdr = NULL; 1229 1230 1231 /* 1232 * The target domain field within the cprb body/payload block will be 1233 * replaced by the usage domain for non-management commands only. 1234 * Therefore we check the first bit of the 'flags' parameter for 1235 * management command indication. 1236 * 0 - non management command 1237 * 1 - management command 1238 */ 1239 if (!((msg->cprbx.flags & 0x80) == 0x80)) { 1240 msg->cprbx.target_id = (unsigned int) 1241 AP_QID_QUEUE(zq->queue->qid); 1242 1243 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 1244 switch (msg->pld_lenfmt & 0x03) { 1245 case 1: 1246 lfmt = 2; 1247 break; 1248 case 2: 1249 lfmt = 3; 1250 break; 1251 default: 1252 return -EINVAL; 1253 } 1254 } else { 1255 lfmt = 1; /* length format #1 */ 1256 } 1257 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt); 1258 payload_hdr->dom_val = (unsigned int) 1259 AP_QID_QUEUE(zq->queue->qid); 1260 } 1261 1262 init_completion(&rtype->work); 1263 rc = ap_queue_message(zq->queue, ap_msg); 1264 if (rc) 1265 goto out; 1266 rc = wait_for_completion_interruptible(&rtype->work); 1267 if (rc == 0) { 1268 rc = ap_msg->rc; 1269 if (rc == 0) 1270 rc = convert_response_ep11_xcrb(userspace, zq, ap_msg, xcrb); 1271 } else 1272 /* Signal pending. */ 1273 ap_cancel_message(zq->queue, ap_msg); 1274 out: 1275 return rc; 1276 } 1277 1278 unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code, 1279 unsigned int *domain) 1280 { 1281 struct response_type resp_type = { 1282 .type = CEXXC_RESPONSE_TYPE_XCRB, 1283 }; 1284 1285 ap_msg->bufsize = AP_DEFAULT_MAX_MSG_SIZE; 1286 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1287 if (!ap_msg->msg) 1288 return -ENOMEM; 1289 ap_msg->receive = zcrypt_msgtype6_receive; 1290 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1291 atomic_inc_return(&zcrypt_step); 1292 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1293 if (!ap_msg->private) 1294 return -ENOMEM; 1295 1296 rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain); 1297 1298 *func_code = HWRNG; 1299 return 0; 1300 } 1301 1302 /* 1303 * The request distributor calls this function if it picked the CEXxC 1304 * device to generate random data. 1305 * @zq: pointer to zcrypt_queue structure that identifies the 1306 * CEXxC device to the request distributor 1307 * @buffer: pointer to a memory page to return random data 1308 */ 1309 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq, 1310 char *buffer, struct ap_message *ap_msg) 1311 { 1312 struct { 1313 struct type6_hdr hdr; 1314 struct CPRBX cprbx; 1315 char function_code[2]; 1316 short int rule_length; 1317 char rule[8]; 1318 short int verb_length; 1319 short int key_length; 1320 } __packed * msg = ap_msg->msg; 1321 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1322 int rc; 1323 1324 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 1325 1326 init_completion(&rtype->work); 1327 rc = ap_queue_message(zq->queue, ap_msg); 1328 if (rc) 1329 goto out; 1330 rc = wait_for_completion_interruptible(&rtype->work); 1331 if (rc == 0) { 1332 rc = ap_msg->rc; 1333 if (rc == 0) 1334 rc = convert_response_rng(zq, ap_msg, buffer); 1335 } else 1336 /* Signal pending. */ 1337 ap_cancel_message(zq->queue, ap_msg); 1338 out: 1339 return rc; 1340 } 1341 1342 /* 1343 * The crypto operations for a CEXxC card. 1344 */ 1345 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = { 1346 .owner = THIS_MODULE, 1347 .name = MSGTYPE06_NAME, 1348 .variant = MSGTYPE06_VARIANT_NORNG, 1349 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1350 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1351 .send_cprb = zcrypt_msgtype6_send_cprb, 1352 }; 1353 1354 static struct zcrypt_ops zcrypt_msgtype6_ops = { 1355 .owner = THIS_MODULE, 1356 .name = MSGTYPE06_NAME, 1357 .variant = MSGTYPE06_VARIANT_DEFAULT, 1358 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1359 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1360 .send_cprb = zcrypt_msgtype6_send_cprb, 1361 .rng = zcrypt_msgtype6_rng, 1362 }; 1363 1364 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = { 1365 .owner = THIS_MODULE, 1366 .name = MSGTYPE06_NAME, 1367 .variant = MSGTYPE06_VARIANT_EP11, 1368 .rsa_modexpo = NULL, 1369 .rsa_modexpo_crt = NULL, 1370 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb, 1371 }; 1372 1373 void __init zcrypt_msgtype6_init(void) 1374 { 1375 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops); 1376 zcrypt_msgtype_register(&zcrypt_msgtype6_ops); 1377 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops); 1378 } 1379 1380 void __exit zcrypt_msgtype6_exit(void) 1381 { 1382 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops); 1383 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops); 1384 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops); 1385 } 1386