1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2012 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * 7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 9 * Ralph Wuerthner <rwuerthn@de.ibm.com> 10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 11 */ 12 13 #define KMSG_COMPONENT "zcrypt" 14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 15 16 #include <linux/module.h> 17 #include <linux/init.h> 18 #include <linux/err.h> 19 #include <linux/delay.h> 20 #include <linux/slab.h> 21 #include <linux/atomic.h> 22 #include <linux/uaccess.h> 23 24 #include "ap_bus.h" 25 #include "zcrypt_api.h" 26 #include "zcrypt_error.h" 27 #include "zcrypt_msgtype6.h" 28 #include "zcrypt_cca_key.h" 29 30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */ 31 32 #define CEIL4(x) ((((x)+3)/4)*4) 33 34 struct response_type { 35 struct completion work; 36 int type; 37 }; 38 #define CEXXC_RESPONSE_TYPE_ICA 0 39 #define CEXXC_RESPONSE_TYPE_XCRB 1 40 #define CEXXC_RESPONSE_TYPE_EP11 2 41 42 MODULE_AUTHOR("IBM Corporation"); 43 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \ 44 "Copyright IBM Corp. 2001, 2012"); 45 MODULE_LICENSE("GPL"); 46 47 /** 48 * CPRB 49 * Note that all shorts, ints and longs are little-endian. 50 * All pointer fields are 32-bits long, and mean nothing 51 * 52 * A request CPRB is followed by a request_parameter_block. 53 * 54 * The request (or reply) parameter block is organized thus: 55 * function code 56 * VUD block 57 * key block 58 */ 59 struct CPRB { 60 unsigned short cprb_len; /* CPRB length */ 61 unsigned char cprb_ver_id; /* CPRB version id. */ 62 unsigned char pad_000; /* Alignment pad byte. */ 63 unsigned char srpi_rtcode[4]; /* SRPI return code LELONG */ 64 unsigned char srpi_verb; /* SRPI verb type */ 65 unsigned char flags; /* flags */ 66 unsigned char func_id[2]; /* function id */ 67 unsigned char checkpoint_flag; /* */ 68 unsigned char resv2; /* reserved */ 69 unsigned short req_parml; /* request parameter buffer */ 70 /* length 16-bit little endian */ 71 unsigned char req_parmp[4]; /* request parameter buffer * 72 * pointer (means nothing: the * 73 * parameter buffer follows * 74 * the CPRB). */ 75 unsigned char req_datal[4]; /* request data buffer */ 76 /* length ULELONG */ 77 unsigned char req_datap[4]; /* request data buffer */ 78 /* pointer */ 79 unsigned short rpl_parml; /* reply parameter buffer */ 80 /* length 16-bit little endian */ 81 unsigned char pad_001[2]; /* Alignment pad bytes. ULESHORT */ 82 unsigned char rpl_parmp[4]; /* reply parameter buffer * 83 * pointer (means nothing: the * 84 * parameter buffer follows * 85 * the CPRB). */ 86 unsigned char rpl_datal[4]; /* reply data buffer len ULELONG */ 87 unsigned char rpl_datap[4]; /* reply data buffer */ 88 /* pointer */ 89 unsigned short ccp_rscode; /* server reason code ULESHORT */ 90 unsigned short ccp_rtcode; /* server return code ULESHORT */ 91 unsigned char repd_parml[2]; /* replied parameter len ULESHORT*/ 92 unsigned char mac_data_len[2]; /* Mac Data Length ULESHORT */ 93 unsigned char repd_datal[4]; /* replied data length ULELONG */ 94 unsigned char req_pc[2]; /* PC identifier */ 95 unsigned char res_origin[8]; /* resource origin */ 96 unsigned char mac_value[8]; /* Mac Value */ 97 unsigned char logon_id[8]; /* Logon Identifier */ 98 unsigned char usage_domain[2]; /* cdx */ 99 unsigned char resv3[18]; /* reserved for requestor */ 100 unsigned short svr_namel; /* server name length ULESHORT */ 101 unsigned char svr_name[8]; /* server name */ 102 } __packed; 103 104 struct function_and_rules_block { 105 unsigned char function_code[2]; 106 unsigned short ulen; 107 unsigned char only_rule[8]; 108 } __packed; 109 110 /** 111 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP 112 * card in a type6 message. The 3 fields that must be filled in at execution 113 * time are req_parml, rpl_parml and usage_domain. 114 * Everything about this interface is ascii/big-endian, since the 115 * device does *not* have 'Intel inside'. 116 * 117 * The CPRBX is followed immediately by the parm block. 118 * The parm block contains: 119 * - function code ('PD' 0x5044 or 'PK' 0x504B) 120 * - rule block (one of:) 121 * + 0x000A 'PKCS-1.2' (MCL2 'PD') 122 * + 0x000A 'ZERO-PAD' (MCL2 'PK') 123 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD') 124 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK') 125 * - VUD block 126 */ 127 static const struct CPRBX static_cprbx = { 128 .cprb_len = 0x00DC, 129 .cprb_ver_id = 0x02, 130 .func_id = {0x54, 0x32}, 131 }; 132 133 int speed_idx_cca(int req_type) 134 { 135 switch (req_type) { 136 case 0x4142: 137 case 0x4149: 138 case 0x414D: 139 case 0x4341: 140 case 0x4344: 141 case 0x4354: 142 case 0x4358: 143 case 0x444B: 144 case 0x4558: 145 case 0x4643: 146 case 0x4651: 147 case 0x4C47: 148 case 0x4C4B: 149 case 0x4C51: 150 case 0x4F48: 151 case 0x504F: 152 case 0x5053: 153 case 0x5058: 154 case 0x5343: 155 case 0x5344: 156 case 0x5345: 157 case 0x5350: 158 return LOW; 159 case 0x414B: 160 case 0x4345: 161 case 0x4349: 162 case 0x434D: 163 case 0x4847: 164 case 0x4849: 165 case 0x484D: 166 case 0x4850: 167 case 0x4851: 168 case 0x4954: 169 case 0x4958: 170 case 0x4B43: 171 case 0x4B44: 172 case 0x4B45: 173 case 0x4B47: 174 case 0x4B48: 175 case 0x4B49: 176 case 0x4B4E: 177 case 0x4B50: 178 case 0x4B52: 179 case 0x4B54: 180 case 0x4B58: 181 case 0x4D50: 182 case 0x4D53: 183 case 0x4D56: 184 case 0x4D58: 185 case 0x5044: 186 case 0x5045: 187 case 0x5046: 188 case 0x5047: 189 case 0x5049: 190 case 0x504B: 191 case 0x504D: 192 case 0x5254: 193 case 0x5347: 194 case 0x5349: 195 case 0x534B: 196 case 0x534D: 197 case 0x5356: 198 case 0x5358: 199 case 0x5443: 200 case 0x544B: 201 case 0x5647: 202 return HIGH; 203 default: 204 return MEDIUM; 205 } 206 } 207 208 int speed_idx_ep11(int req_type) 209 { 210 switch (req_type) { 211 case 1: 212 case 2: 213 case 36: 214 case 37: 215 case 38: 216 case 39: 217 case 40: 218 return LOW; 219 case 17: 220 case 18: 221 case 19: 222 case 20: 223 case 21: 224 case 22: 225 case 26: 226 case 30: 227 case 31: 228 case 32: 229 case 33: 230 case 34: 231 case 35: 232 return HIGH; 233 default: 234 return MEDIUM; 235 } 236 } 237 238 239 /** 240 * Convert a ICAMEX message to a type6 MEX message. 241 * 242 * @zq: crypto device pointer 243 * @ap_msg: pointer to AP message 244 * @mex: pointer to user input data 245 * 246 * Returns 0 on success or negative errno value. 247 */ 248 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq, 249 struct ap_message *ap_msg, 250 struct ica_rsa_modexpo *mex) 251 { 252 static struct type6_hdr static_type6_hdrX = { 253 .type = 0x06, 254 .offset1 = 0x00000058, 255 .agent_id = {'C', 'A',}, 256 .function_code = {'P', 'K'}, 257 }; 258 static struct function_and_rules_block static_pke_fnr = { 259 .function_code = {'P', 'K'}, 260 .ulen = 10, 261 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '} 262 }; 263 struct { 264 struct type6_hdr hdr; 265 struct CPRBX cprbx; 266 struct function_and_rules_block fr; 267 unsigned short length; 268 char text[0]; 269 } __packed * msg = ap_msg->msg; 270 int size; 271 272 /* 273 * The inputdatalength was a selection criteria in the dispatching 274 * function zcrypt_rsa_modexpo(). However, make sure the following 275 * copy_from_user() never exceeds the allocated buffer space. 276 */ 277 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE)) 278 return -EINVAL; 279 280 /* VUD.ciphertext */ 281 msg->length = mex->inputdatalength + 2; 282 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength)) 283 return -EFAULT; 284 285 /* Set up key which is located after the variable length text. */ 286 size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength); 287 if (size < 0) 288 return size; 289 size += sizeof(*msg) + mex->inputdatalength; 290 291 /* message header, cprbx and f&r */ 292 msg->hdr = static_type6_hdrX; 293 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr); 294 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 295 296 msg->cprbx = static_cprbx; 297 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 298 msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1; 299 300 msg->fr = static_pke_fnr; 301 302 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx); 303 304 ap_msg->len = size; 305 return 0; 306 } 307 308 /** 309 * Convert a ICACRT message to a type6 CRT message. 310 * 311 * @zq: crypto device pointer 312 * @ap_msg: pointer to AP message 313 * @crt: pointer to user input data 314 * 315 * Returns 0 on success or negative errno value. 316 */ 317 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq, 318 struct ap_message *ap_msg, 319 struct ica_rsa_modexpo_crt *crt) 320 { 321 static struct type6_hdr static_type6_hdrX = { 322 .type = 0x06, 323 .offset1 = 0x00000058, 324 .agent_id = {'C', 'A',}, 325 .function_code = {'P', 'D'}, 326 }; 327 static struct function_and_rules_block static_pkd_fnr = { 328 .function_code = {'P', 'D'}, 329 .ulen = 10, 330 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'} 331 }; 332 333 struct { 334 struct type6_hdr hdr; 335 struct CPRBX cprbx; 336 struct function_and_rules_block fr; 337 unsigned short length; 338 char text[0]; 339 } __packed * msg = ap_msg->msg; 340 int size; 341 342 /* 343 * The inputdatalength was a selection criteria in the dispatching 344 * function zcrypt_rsa_crt(). However, make sure the following 345 * copy_from_user() never exceeds the allocated buffer space. 346 */ 347 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE)) 348 return -EINVAL; 349 350 /* VUD.ciphertext */ 351 msg->length = crt->inputdatalength + 2; 352 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength)) 353 return -EFAULT; 354 355 /* Set up key which is located after the variable length text. */ 356 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength); 357 if (size < 0) 358 return size; 359 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */ 360 361 /* message header, cprbx and f&r */ 362 msg->hdr = static_type6_hdrX; 363 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr); 364 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 365 366 msg->cprbx = static_cprbx; 367 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 368 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl = 369 size - sizeof(msg->hdr) - sizeof(msg->cprbx); 370 371 msg->fr = static_pkd_fnr; 372 373 ap_msg->len = size; 374 return 0; 375 } 376 377 /** 378 * Convert a XCRB message to a type6 CPRB message. 379 * 380 * @zq: crypto device pointer 381 * @ap_msg: pointer to AP message 382 * @xcRB: pointer to user input data 383 * 384 * Returns 0 on success or -EFAULT, -EINVAL. 385 */ 386 struct type86_fmt2_msg { 387 struct type86_hdr hdr; 388 struct type86_fmt2_ext fmt2; 389 } __packed; 390 391 static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg, 392 struct ica_xcRB *xcRB, 393 unsigned int *fcode, 394 unsigned short **dom) 395 { 396 static struct type6_hdr static_type6_hdrX = { 397 .type = 0x06, 398 .offset1 = 0x00000058, 399 }; 400 struct { 401 struct type6_hdr hdr; 402 struct CPRBX cprbx; 403 } __packed * msg = ap_msg->msg; 404 405 int rcblen = CEIL4(xcRB->request_control_blk_length); 406 int replylen, req_sumlen, resp_sumlen; 407 char *req_data = ap_msg->msg + sizeof(struct type6_hdr) + rcblen; 408 char *function_code; 409 410 if (CEIL4(xcRB->request_control_blk_length) < 411 xcRB->request_control_blk_length) 412 return -EINVAL; /* overflow after alignment*/ 413 414 /* length checks */ 415 ap_msg->len = sizeof(struct type6_hdr) + 416 CEIL4(xcRB->request_control_blk_length) + 417 xcRB->request_data_length; 418 if (ap_msg->len > MSGTYPE06_MAX_MSG_SIZE) 419 return -EINVAL; 420 421 /* 422 * Overflow check 423 * sum must be greater (or equal) than the largest operand 424 */ 425 req_sumlen = CEIL4(xcRB->request_control_blk_length) + 426 xcRB->request_data_length; 427 if ((CEIL4(xcRB->request_control_blk_length) <= 428 xcRB->request_data_length) ? 429 (req_sumlen < xcRB->request_data_length) : 430 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) { 431 return -EINVAL; 432 } 433 434 if (CEIL4(xcRB->reply_control_blk_length) < 435 xcRB->reply_control_blk_length) 436 return -EINVAL; /* overflow after alignment*/ 437 438 replylen = sizeof(struct type86_fmt2_msg) + 439 CEIL4(xcRB->reply_control_blk_length) + 440 xcRB->reply_data_length; 441 if (replylen > MSGTYPE06_MAX_MSG_SIZE) 442 return -EINVAL; 443 444 /* 445 * Overflow check 446 * sum must be greater (or equal) than the largest operand 447 */ 448 resp_sumlen = CEIL4(xcRB->reply_control_blk_length) + 449 xcRB->reply_data_length; 450 if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ? 451 (resp_sumlen < xcRB->reply_data_length) : 452 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) { 453 return -EINVAL; 454 } 455 456 /* prepare type6 header */ 457 msg->hdr = static_type6_hdrX; 458 memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID)); 459 msg->hdr.ToCardLen1 = xcRB->request_control_blk_length; 460 if (xcRB->request_data_length) { 461 msg->hdr.offset2 = msg->hdr.offset1 + rcblen; 462 msg->hdr.ToCardLen2 = xcRB->request_data_length; 463 } 464 msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length; 465 msg->hdr.FromCardLen2 = xcRB->reply_data_length; 466 467 /* prepare CPRB */ 468 if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr, 469 xcRB->request_control_blk_length)) 470 return -EFAULT; 471 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) > 472 xcRB->request_control_blk_length) 473 return -EINVAL; 474 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len; 475 memcpy(msg->hdr.function_code, function_code, 476 sizeof(msg->hdr.function_code)); 477 478 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1]; 479 *dom = (unsigned short *)&msg->cprbx.domain; 480 481 if (memcmp(function_code, "US", 2) == 0 482 || memcmp(function_code, "AU", 2) == 0) 483 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 484 485 /* copy data block */ 486 if (xcRB->request_data_length && 487 copy_from_user(req_data, xcRB->request_data_address, 488 xcRB->request_data_length)) 489 return -EFAULT; 490 491 return 0; 492 } 493 494 static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg, 495 struct ep11_urb *xcRB, 496 unsigned int *fcode) 497 { 498 unsigned int lfmt; 499 static struct type6_hdr static_type6_ep11_hdr = { 500 .type = 0x06, 501 .rqid = {0x00, 0x01}, 502 .function_code = {0x00, 0x00}, 503 .agent_id[0] = 0x58, /* {'X'} */ 504 .agent_id[1] = 0x43, /* {'C'} */ 505 .offset1 = 0x00000058, 506 }; 507 508 struct { 509 struct type6_hdr hdr; 510 struct ep11_cprb cprbx; 511 unsigned char pld_tag; /* fixed value 0x30 */ 512 unsigned char pld_lenfmt; /* payload length format */ 513 } __packed * msg = ap_msg->msg; 514 515 struct pld_hdr { 516 unsigned char func_tag; /* fixed value 0x4 */ 517 unsigned char func_len; /* fixed value 0x4 */ 518 unsigned int func_val; /* function ID */ 519 unsigned char dom_tag; /* fixed value 0x4 */ 520 unsigned char dom_len; /* fixed value 0x4 */ 521 unsigned int dom_val; /* domain id */ 522 } __packed * payload_hdr = NULL; 523 524 if (CEIL4(xcRB->req_len) < xcRB->req_len) 525 return -EINVAL; /* overflow after alignment*/ 526 527 /* length checks */ 528 ap_msg->len = sizeof(struct type6_hdr) + xcRB->req_len; 529 if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE - 530 (sizeof(struct type6_hdr))) 531 return -EINVAL; 532 533 if (CEIL4(xcRB->resp_len) < xcRB->resp_len) 534 return -EINVAL; /* overflow after alignment*/ 535 536 if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE - 537 (sizeof(struct type86_fmt2_msg))) 538 return -EINVAL; 539 540 /* prepare type6 header */ 541 msg->hdr = static_type6_ep11_hdr; 542 msg->hdr.ToCardLen1 = xcRB->req_len; 543 msg->hdr.FromCardLen1 = xcRB->resp_len; 544 545 /* Import CPRB data from the ioctl input parameter */ 546 if (copy_from_user(&(msg->cprbx.cprb_len), 547 (char __force __user *)xcRB->req, xcRB->req_len)) { 548 return -EFAULT; 549 } 550 551 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 552 switch (msg->pld_lenfmt & 0x03) { 553 case 1: 554 lfmt = 2; 555 break; 556 case 2: 557 lfmt = 3; 558 break; 559 default: 560 return -EINVAL; 561 } 562 } else { 563 lfmt = 1; /* length format #1 */ 564 } 565 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt); 566 *fcode = payload_hdr->func_val & 0xFFFF; 567 568 /* enable special processing based on the cprbs flags special bit */ 569 if (msg->cprbx.flags & 0x20) 570 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 571 572 return 0; 573 } 574 575 /** 576 * Copy results from a type 86 ICA reply message back to user space. 577 * 578 * @zq: crypto device pointer 579 * @reply: reply AP message. 580 * @data: pointer to user output data 581 * @length: size of user output data 582 * 583 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 584 */ 585 struct type86x_reply { 586 struct type86_hdr hdr; 587 struct type86_fmt2_ext fmt2; 588 struct CPRBX cprbx; 589 unsigned char pad[4]; /* 4 byte function code/rules block ? */ 590 unsigned short length; 591 char text[]; 592 } __packed; 593 594 struct type86_ep11_reply { 595 struct type86_hdr hdr; 596 struct type86_fmt2_ext fmt2; 597 struct ep11_cprb cprbx; 598 } __packed; 599 600 static int convert_type86_ica(struct zcrypt_queue *zq, 601 struct ap_message *reply, 602 char __user *outputdata, 603 unsigned int outputdatalength) 604 { 605 static unsigned char static_pad[] = { 606 0x00, 0x02, 607 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD, 608 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57, 609 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B, 610 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39, 611 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5, 612 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D, 613 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB, 614 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F, 615 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9, 616 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45, 617 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9, 618 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F, 619 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD, 620 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D, 621 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD, 622 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9, 623 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B, 624 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B, 625 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B, 626 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD, 627 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7, 628 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1, 629 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3, 630 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23, 631 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55, 632 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43, 633 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F, 634 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F, 635 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5, 636 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD, 637 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41, 638 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09 639 }; 640 struct type86x_reply *msg = reply->msg; 641 unsigned short service_rc, service_rs; 642 unsigned int reply_len, pad_len; 643 char *data; 644 645 service_rc = msg->cprbx.ccp_rtcode; 646 if (unlikely(service_rc != 0)) { 647 service_rs = msg->cprbx.ccp_rscode; 648 if ((service_rc == 8 && service_rs == 66) || 649 (service_rc == 8 && service_rs == 65) || 650 (service_rc == 8 && service_rs == 72) || 651 (service_rc == 8 && service_rs == 770) || 652 (service_rc == 12 && service_rs == 769)) { 653 ZCRYPT_DBF(DBF_DEBUG, 654 "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n", 655 AP_QID_CARD(zq->queue->qid), 656 AP_QID_QUEUE(zq->queue->qid), 657 (int) service_rc, (int) service_rs); 658 return -EINVAL; 659 } 660 zq->online = 0; 661 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 662 AP_QID_CARD(zq->queue->qid), 663 AP_QID_QUEUE(zq->queue->qid)); 664 ZCRYPT_DBF(DBF_ERR, 665 "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n", 666 AP_QID_CARD(zq->queue->qid), 667 AP_QID_QUEUE(zq->queue->qid), 668 (int) service_rc, (int) service_rs); 669 return -EAGAIN; /* repeat the request on a different device. */ 670 } 671 data = msg->text; 672 reply_len = msg->length - 2; 673 if (reply_len > outputdatalength) 674 return -EINVAL; 675 /* 676 * For all encipher requests, the length of the ciphertext (reply_len) 677 * will always equal the modulus length. For MEX decipher requests 678 * the output needs to get padded. Minimum pad size is 10. 679 * 680 * Currently, the cases where padding will be added is for: 681 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support 682 * ZERO-PAD and CRT is only supported for PKD requests) 683 * - PCICC, always 684 */ 685 pad_len = outputdatalength - reply_len; 686 if (pad_len > 0) { 687 if (pad_len < 10) 688 return -EINVAL; 689 /* 'restore' padding left in the CEXXC card. */ 690 if (copy_to_user(outputdata, static_pad, pad_len - 1)) 691 return -EFAULT; 692 if (put_user(0, outputdata + pad_len - 1)) 693 return -EFAULT; 694 } 695 /* Copy the crypto response to user space. */ 696 if (copy_to_user(outputdata + pad_len, data, reply_len)) 697 return -EFAULT; 698 return 0; 699 } 700 701 /** 702 * Copy results from a type 86 XCRB reply message back to user space. 703 * 704 * @zq: crypto device pointer 705 * @reply: reply AP message. 706 * @xcRB: pointer to XCRB 707 * 708 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 709 */ 710 static int convert_type86_xcrb(struct zcrypt_queue *zq, 711 struct ap_message *reply, 712 struct ica_xcRB *xcRB) 713 { 714 struct type86_fmt2_msg *msg = reply->msg; 715 char *data = reply->msg; 716 717 /* Copy CPRB to user */ 718 if (copy_to_user(xcRB->reply_control_blk_addr, 719 data + msg->fmt2.offset1, msg->fmt2.count1)) 720 return -EFAULT; 721 xcRB->reply_control_blk_length = msg->fmt2.count1; 722 723 /* Copy data buffer to user */ 724 if (msg->fmt2.count2) 725 if (copy_to_user(xcRB->reply_data_addr, 726 data + msg->fmt2.offset2, msg->fmt2.count2)) 727 return -EFAULT; 728 xcRB->reply_data_length = msg->fmt2.count2; 729 return 0; 730 } 731 732 /** 733 * Copy results from a type 86 EP11 XCRB reply message back to user space. 734 * 735 * @zq: crypto device pointer 736 * @reply: reply AP message. 737 * @xcRB: pointer to EP11 user request block 738 * 739 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 740 */ 741 static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq, 742 struct ap_message *reply, 743 struct ep11_urb *xcRB) 744 { 745 struct type86_fmt2_msg *msg = reply->msg; 746 char *data = reply->msg; 747 748 if (xcRB->resp_len < msg->fmt2.count1) 749 return -EINVAL; 750 751 /* Copy response CPRB to user */ 752 if (copy_to_user((char __force __user *)xcRB->resp, 753 data + msg->fmt2.offset1, msg->fmt2.count1)) 754 return -EFAULT; 755 xcRB->resp_len = msg->fmt2.count1; 756 return 0; 757 } 758 759 static int convert_type86_rng(struct zcrypt_queue *zq, 760 struct ap_message *reply, 761 char *buffer) 762 { 763 struct { 764 struct type86_hdr hdr; 765 struct type86_fmt2_ext fmt2; 766 struct CPRBX cprbx; 767 } __packed * msg = reply->msg; 768 char *data = reply->msg; 769 770 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0) 771 return -EINVAL; 772 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2); 773 return msg->fmt2.count2; 774 } 775 776 static int convert_response_ica(struct zcrypt_queue *zq, 777 struct ap_message *reply, 778 char __user *outputdata, 779 unsigned int outputdatalength) 780 { 781 struct type86x_reply *msg = reply->msg; 782 783 switch (msg->hdr.type) { 784 case TYPE82_RSP_CODE: 785 case TYPE88_RSP_CODE: 786 return convert_error(zq, reply); 787 case TYPE86_RSP_CODE: 788 if (msg->cprbx.ccp_rtcode && 789 (msg->cprbx.ccp_rscode == 0x14f) && 790 (outputdatalength > 256)) { 791 if (zq->zcard->max_exp_bit_length <= 17) { 792 zq->zcard->max_exp_bit_length = 17; 793 return -EAGAIN; 794 } else 795 return -EINVAL; 796 } 797 if (msg->hdr.reply_code) 798 return convert_error(zq, reply); 799 if (msg->cprbx.cprb_ver_id == 0x02) 800 return convert_type86_ica(zq, reply, 801 outputdata, outputdatalength); 802 fallthrough; /* wrong cprb version is an unknown response */ 803 default: /* Unknown response type, this should NEVER EVER happen */ 804 zq->online = 0; 805 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 806 AP_QID_CARD(zq->queue->qid), 807 AP_QID_QUEUE(zq->queue->qid)); 808 ZCRYPT_DBF(DBF_ERR, 809 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n", 810 AP_QID_CARD(zq->queue->qid), 811 AP_QID_QUEUE(zq->queue->qid), 812 (int) msg->hdr.type); 813 return -EAGAIN; /* repeat the request on a different device. */ 814 } 815 } 816 817 static int convert_response_xcrb(struct zcrypt_queue *zq, 818 struct ap_message *reply, 819 struct ica_xcRB *xcRB) 820 { 821 struct type86x_reply *msg = reply->msg; 822 823 switch (msg->hdr.type) { 824 case TYPE82_RSP_CODE: 825 case TYPE88_RSP_CODE: 826 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */ 827 return convert_error(zq, reply); 828 case TYPE86_RSP_CODE: 829 if (msg->hdr.reply_code) { 830 memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32)); 831 return convert_error(zq, reply); 832 } 833 if (msg->cprbx.cprb_ver_id == 0x02) 834 return convert_type86_xcrb(zq, reply, xcRB); 835 fallthrough; /* wrong cprb version is an unknown response */ 836 default: /* Unknown response type, this should NEVER EVER happen */ 837 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */ 838 zq->online = 0; 839 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 840 AP_QID_CARD(zq->queue->qid), 841 AP_QID_QUEUE(zq->queue->qid)); 842 ZCRYPT_DBF(DBF_ERR, 843 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n", 844 AP_QID_CARD(zq->queue->qid), 845 AP_QID_QUEUE(zq->queue->qid), 846 (int) msg->hdr.type); 847 return -EAGAIN; /* repeat the request on a different device. */ 848 } 849 } 850 851 static int convert_response_ep11_xcrb(struct zcrypt_queue *zq, 852 struct ap_message *reply, struct ep11_urb *xcRB) 853 { 854 struct type86_ep11_reply *msg = reply->msg; 855 856 switch (msg->hdr.type) { 857 case TYPE82_RSP_CODE: 858 case TYPE87_RSP_CODE: 859 return convert_error(zq, reply); 860 case TYPE86_RSP_CODE: 861 if (msg->hdr.reply_code) 862 return convert_error(zq, reply); 863 if (msg->cprbx.cprb_ver_id == 0x04) 864 return convert_type86_ep11_xcrb(zq, reply, xcRB); 865 fallthrough; /* wrong cprb version is an unknown resp */ 866 default: /* Unknown response type, this should NEVER EVER happen */ 867 zq->online = 0; 868 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 869 AP_QID_CARD(zq->queue->qid), 870 AP_QID_QUEUE(zq->queue->qid)); 871 ZCRYPT_DBF(DBF_ERR, 872 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n", 873 AP_QID_CARD(zq->queue->qid), 874 AP_QID_QUEUE(zq->queue->qid), 875 (int) msg->hdr.type); 876 return -EAGAIN; /* repeat the request on a different device. */ 877 } 878 } 879 880 static int convert_response_rng(struct zcrypt_queue *zq, 881 struct ap_message *reply, 882 char *data) 883 { 884 struct type86x_reply *msg = reply->msg; 885 886 switch (msg->hdr.type) { 887 case TYPE82_RSP_CODE: 888 case TYPE88_RSP_CODE: 889 return -EINVAL; 890 case TYPE86_RSP_CODE: 891 if (msg->hdr.reply_code) 892 return -EINVAL; 893 if (msg->cprbx.cprb_ver_id == 0x02) 894 return convert_type86_rng(zq, reply, data); 895 fallthrough; /* wrong cprb version is an unknown response */ 896 default: /* Unknown response type, this should NEVER EVER happen */ 897 zq->online = 0; 898 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 899 AP_QID_CARD(zq->queue->qid), 900 AP_QID_QUEUE(zq->queue->qid)); 901 ZCRYPT_DBF(DBF_ERR, 902 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n", 903 AP_QID_CARD(zq->queue->qid), 904 AP_QID_QUEUE(zq->queue->qid), 905 (int) msg->hdr.type); 906 return -EAGAIN; /* repeat the request on a different device. */ 907 } 908 } 909 910 /** 911 * This function is called from the AP bus code after a crypto request 912 * "msg" has finished with the reply message "reply". 913 * It is called from tasklet context. 914 * @aq: pointer to the AP queue 915 * @msg: pointer to the AP message 916 * @reply: pointer to the AP reply message 917 */ 918 static void zcrypt_msgtype6_receive(struct ap_queue *aq, 919 struct ap_message *msg, 920 struct ap_message *reply) 921 { 922 static struct error_hdr error_reply = { 923 .type = TYPE82_RSP_CODE, 924 .reply_code = REP82_ERROR_MACHINE_FAILURE, 925 }; 926 struct response_type *resp_type = 927 (struct response_type *) msg->private; 928 struct type86x_reply *t86r; 929 int len; 930 931 /* Copy the reply message to the request message buffer. */ 932 if (!reply) 933 goto out; /* ap_msg->rc indicates the error */ 934 t86r = reply->msg; 935 if (t86r->hdr.type == TYPE86_RSP_CODE && 936 t86r->cprbx.cprb_ver_id == 0x02) { 937 switch (resp_type->type) { 938 case CEXXC_RESPONSE_TYPE_ICA: 939 len = sizeof(struct type86x_reply) + t86r->length - 2; 940 len = min_t(int, CEXXC_MAX_ICA_RESPONSE_SIZE, len); 941 memcpy(msg->msg, reply->msg, len); 942 break; 943 case CEXXC_RESPONSE_TYPE_XCRB: 944 len = t86r->fmt2.offset2 + t86r->fmt2.count2; 945 len = min_t(int, MSGTYPE06_MAX_MSG_SIZE, len); 946 memcpy(msg->msg, reply->msg, len); 947 break; 948 default: 949 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 950 } 951 } else 952 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 953 out: 954 complete(&(resp_type->work)); 955 } 956 957 /** 958 * This function is called from the AP bus code after a crypto request 959 * "msg" has finished with the reply message "reply". 960 * It is called from tasklet context. 961 * @aq: pointer to the AP queue 962 * @msg: pointer to the AP message 963 * @reply: pointer to the AP reply message 964 */ 965 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq, 966 struct ap_message *msg, 967 struct ap_message *reply) 968 { 969 static struct error_hdr error_reply = { 970 .type = TYPE82_RSP_CODE, 971 .reply_code = REP82_ERROR_MACHINE_FAILURE, 972 }; 973 struct response_type *resp_type = 974 (struct response_type *)msg->private; 975 struct type86_ep11_reply *t86r; 976 int len; 977 978 /* Copy the reply message to the request message buffer. */ 979 if (!reply) 980 goto out; /* ap_msg->rc indicates the error */ 981 t86r = reply->msg; 982 if (t86r->hdr.type == TYPE86_RSP_CODE && 983 t86r->cprbx.cprb_ver_id == 0x04) { 984 switch (resp_type->type) { 985 case CEXXC_RESPONSE_TYPE_EP11: 986 len = t86r->fmt2.offset1 + t86r->fmt2.count1; 987 len = min_t(int, MSGTYPE06_MAX_MSG_SIZE, len); 988 memcpy(msg->msg, reply->msg, len); 989 break; 990 default: 991 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 992 } 993 } else { 994 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 995 } 996 out: 997 complete(&(resp_type->work)); 998 } 999 1000 static atomic_t zcrypt_step = ATOMIC_INIT(0); 1001 1002 /** 1003 * The request distributor calls this function if it picked the CEXxC 1004 * device to handle a modexpo request. 1005 * @zq: pointer to zcrypt_queue structure that identifies the 1006 * CEXxC device to the request distributor 1007 * @mex: pointer to the modexpo request buffer 1008 */ 1009 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq, 1010 struct ica_rsa_modexpo *mex) 1011 { 1012 struct ap_message ap_msg; 1013 struct response_type resp_type = { 1014 .type = CEXXC_RESPONSE_TYPE_ICA, 1015 }; 1016 int rc; 1017 1018 ap_init_message(&ap_msg); 1019 ap_msg.msg = (void *) get_zeroed_page(GFP_KERNEL); 1020 if (!ap_msg.msg) 1021 return -ENOMEM; 1022 ap_msg.receive = zcrypt_msgtype6_receive; 1023 ap_msg.psmid = (((unsigned long long) current->pid) << 32) + 1024 atomic_inc_return(&zcrypt_step); 1025 ap_msg.private = &resp_type; 1026 rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex); 1027 if (rc) 1028 goto out_free; 1029 init_completion(&resp_type.work); 1030 ap_queue_message(zq->queue, &ap_msg); 1031 rc = wait_for_completion_interruptible(&resp_type.work); 1032 if (rc == 0) { 1033 rc = ap_msg.rc; 1034 if (rc == 0) 1035 rc = convert_response_ica(zq, &ap_msg, 1036 mex->outputdata, 1037 mex->outputdatalength); 1038 } else 1039 /* Signal pending. */ 1040 ap_cancel_message(zq->queue, &ap_msg); 1041 out_free: 1042 free_page((unsigned long) ap_msg.msg); 1043 return rc; 1044 } 1045 1046 /** 1047 * The request distributor calls this function if it picked the CEXxC 1048 * device to handle a modexpo_crt request. 1049 * @zq: pointer to zcrypt_queue structure that identifies the 1050 * CEXxC device to the request distributor 1051 * @crt: pointer to the modexpoc_crt request buffer 1052 */ 1053 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq, 1054 struct ica_rsa_modexpo_crt *crt) 1055 { 1056 struct ap_message ap_msg; 1057 struct response_type resp_type = { 1058 .type = CEXXC_RESPONSE_TYPE_ICA, 1059 }; 1060 int rc; 1061 1062 ap_init_message(&ap_msg); 1063 ap_msg.msg = (void *) get_zeroed_page(GFP_KERNEL); 1064 if (!ap_msg.msg) 1065 return -ENOMEM; 1066 ap_msg.receive = zcrypt_msgtype6_receive; 1067 ap_msg.psmid = (((unsigned long long) current->pid) << 32) + 1068 atomic_inc_return(&zcrypt_step); 1069 ap_msg.private = &resp_type; 1070 rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt); 1071 if (rc) 1072 goto out_free; 1073 init_completion(&resp_type.work); 1074 ap_queue_message(zq->queue, &ap_msg); 1075 rc = wait_for_completion_interruptible(&resp_type.work); 1076 if (rc == 0) { 1077 rc = ap_msg.rc; 1078 if (rc == 0) 1079 rc = convert_response_ica(zq, &ap_msg, 1080 crt->outputdata, 1081 crt->outputdatalength); 1082 } else { 1083 /* Signal pending. */ 1084 ap_cancel_message(zq->queue, &ap_msg); 1085 } 1086 out_free: 1087 free_page((unsigned long) ap_msg.msg); 1088 return rc; 1089 } 1090 1091 /** 1092 * Fetch function code from cprb. 1093 * Extracting the fc requires to copy the cprb from userspace. 1094 * So this function allocates memory and needs an ap_msg prepared 1095 * by the caller with ap_init_message(). Also the caller has to 1096 * make sure ap_release_message() is always called even on failure. 1097 */ 1098 unsigned int get_cprb_fc(struct ica_xcRB *xcRB, 1099 struct ap_message *ap_msg, 1100 unsigned int *func_code, unsigned short **dom) 1101 { 1102 struct response_type resp_type = { 1103 .type = CEXXC_RESPONSE_TYPE_XCRB, 1104 }; 1105 1106 ap_msg->msg = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL); 1107 if (!ap_msg->msg) 1108 return -ENOMEM; 1109 ap_msg->receive = zcrypt_msgtype6_receive; 1110 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1111 atomic_inc_return(&zcrypt_step); 1112 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1113 if (!ap_msg->private) 1114 return -ENOMEM; 1115 return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom); 1116 } 1117 1118 /** 1119 * The request distributor calls this function if it picked the CEXxC 1120 * device to handle a send_cprb request. 1121 * @zq: pointer to zcrypt_queue structure that identifies the 1122 * CEXxC device to the request distributor 1123 * @xcRB: pointer to the send_cprb request buffer 1124 */ 1125 static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq, 1126 struct ica_xcRB *xcRB, 1127 struct ap_message *ap_msg) 1128 { 1129 int rc; 1130 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1131 1132 init_completion(&rtype->work); 1133 ap_queue_message(zq->queue, ap_msg); 1134 rc = wait_for_completion_interruptible(&rtype->work); 1135 if (rc == 0) { 1136 rc = ap_msg->rc; 1137 if (rc == 0) 1138 rc = convert_response_xcrb(zq, ap_msg, xcRB); 1139 } else 1140 /* Signal pending. */ 1141 ap_cancel_message(zq->queue, ap_msg); 1142 1143 return rc; 1144 } 1145 1146 /** 1147 * Fetch function code from ep11 cprb. 1148 * Extracting the fc requires to copy the ep11 cprb from userspace. 1149 * So this function allocates memory and needs an ap_msg prepared 1150 * by the caller with ap_init_message(). Also the caller has to 1151 * make sure ap_release_message() is always called even on failure. 1152 */ 1153 unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb, 1154 struct ap_message *ap_msg, 1155 unsigned int *func_code) 1156 { 1157 struct response_type resp_type = { 1158 .type = CEXXC_RESPONSE_TYPE_EP11, 1159 }; 1160 1161 ap_msg->msg = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL); 1162 if (!ap_msg->msg) 1163 return -ENOMEM; 1164 ap_msg->receive = zcrypt_msgtype6_receive_ep11; 1165 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1166 atomic_inc_return(&zcrypt_step); 1167 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1168 if (!ap_msg->private) 1169 return -ENOMEM; 1170 return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code); 1171 } 1172 1173 /** 1174 * The request distributor calls this function if it picked the CEX4P 1175 * device to handle a send_ep11_cprb request. 1176 * @zq: pointer to zcrypt_queue structure that identifies the 1177 * CEX4P device to the request distributor 1178 * @xcRB: pointer to the ep11 user request block 1179 */ 1180 static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq, 1181 struct ep11_urb *xcrb, 1182 struct ap_message *ap_msg) 1183 { 1184 int rc; 1185 unsigned int lfmt; 1186 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1187 struct { 1188 struct type6_hdr hdr; 1189 struct ep11_cprb cprbx; 1190 unsigned char pld_tag; /* fixed value 0x30 */ 1191 unsigned char pld_lenfmt; /* payload length format */ 1192 } __packed * msg = ap_msg->msg; 1193 struct pld_hdr { 1194 unsigned char func_tag; /* fixed value 0x4 */ 1195 unsigned char func_len; /* fixed value 0x4 */ 1196 unsigned int func_val; /* function ID */ 1197 unsigned char dom_tag; /* fixed value 0x4 */ 1198 unsigned char dom_len; /* fixed value 0x4 */ 1199 unsigned int dom_val; /* domain id */ 1200 } __packed * payload_hdr = NULL; 1201 1202 1203 /** 1204 * The target domain field within the cprb body/payload block will be 1205 * replaced by the usage domain for non-management commands only. 1206 * Therefore we check the first bit of the 'flags' parameter for 1207 * management command indication. 1208 * 0 - non management command 1209 * 1 - management command 1210 */ 1211 if (!((msg->cprbx.flags & 0x80) == 0x80)) { 1212 msg->cprbx.target_id = (unsigned int) 1213 AP_QID_QUEUE(zq->queue->qid); 1214 1215 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 1216 switch (msg->pld_lenfmt & 0x03) { 1217 case 1: 1218 lfmt = 2; 1219 break; 1220 case 2: 1221 lfmt = 3; 1222 break; 1223 default: 1224 return -EINVAL; 1225 } 1226 } else { 1227 lfmt = 1; /* length format #1 */ 1228 } 1229 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt); 1230 payload_hdr->dom_val = (unsigned int) 1231 AP_QID_QUEUE(zq->queue->qid); 1232 } 1233 1234 init_completion(&rtype->work); 1235 ap_queue_message(zq->queue, ap_msg); 1236 rc = wait_for_completion_interruptible(&rtype->work); 1237 if (rc == 0) { 1238 rc = ap_msg->rc; 1239 if (rc == 0) 1240 rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb); 1241 } else 1242 /* Signal pending. */ 1243 ap_cancel_message(zq->queue, ap_msg); 1244 1245 return rc; 1246 } 1247 1248 unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code, 1249 unsigned int *domain) 1250 { 1251 struct response_type resp_type = { 1252 .type = CEXXC_RESPONSE_TYPE_XCRB, 1253 }; 1254 1255 ap_msg->msg = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL); 1256 if (!ap_msg->msg) 1257 return -ENOMEM; 1258 ap_msg->receive = zcrypt_msgtype6_receive; 1259 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1260 atomic_inc_return(&zcrypt_step); 1261 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1262 if (!ap_msg->private) 1263 return -ENOMEM; 1264 1265 rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain); 1266 1267 *func_code = HWRNG; 1268 return 0; 1269 } 1270 1271 /** 1272 * The request distributor calls this function if it picked the CEXxC 1273 * device to generate random data. 1274 * @zq: pointer to zcrypt_queue structure that identifies the 1275 * CEXxC device to the request distributor 1276 * @buffer: pointer to a memory page to return random data 1277 */ 1278 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq, 1279 char *buffer, struct ap_message *ap_msg) 1280 { 1281 struct { 1282 struct type6_hdr hdr; 1283 struct CPRBX cprbx; 1284 char function_code[2]; 1285 short int rule_length; 1286 char rule[8]; 1287 short int verb_length; 1288 short int key_length; 1289 } __packed * msg = ap_msg->msg; 1290 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1291 int rc; 1292 1293 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 1294 1295 init_completion(&rtype->work); 1296 ap_queue_message(zq->queue, ap_msg); 1297 rc = wait_for_completion_interruptible(&rtype->work); 1298 if (rc == 0) { 1299 rc = ap_msg->rc; 1300 if (rc == 0) 1301 rc = convert_response_rng(zq, ap_msg, buffer); 1302 } else 1303 /* Signal pending. */ 1304 ap_cancel_message(zq->queue, ap_msg); 1305 1306 return rc; 1307 } 1308 1309 /** 1310 * The crypto operations for a CEXxC card. 1311 */ 1312 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = { 1313 .owner = THIS_MODULE, 1314 .name = MSGTYPE06_NAME, 1315 .variant = MSGTYPE06_VARIANT_NORNG, 1316 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1317 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1318 .send_cprb = zcrypt_msgtype6_send_cprb, 1319 }; 1320 1321 static struct zcrypt_ops zcrypt_msgtype6_ops = { 1322 .owner = THIS_MODULE, 1323 .name = MSGTYPE06_NAME, 1324 .variant = MSGTYPE06_VARIANT_DEFAULT, 1325 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1326 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1327 .send_cprb = zcrypt_msgtype6_send_cprb, 1328 .rng = zcrypt_msgtype6_rng, 1329 }; 1330 1331 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = { 1332 .owner = THIS_MODULE, 1333 .name = MSGTYPE06_NAME, 1334 .variant = MSGTYPE06_VARIANT_EP11, 1335 .rsa_modexpo = NULL, 1336 .rsa_modexpo_crt = NULL, 1337 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb, 1338 }; 1339 1340 void __init zcrypt_msgtype6_init(void) 1341 { 1342 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops); 1343 zcrypt_msgtype_register(&zcrypt_msgtype6_ops); 1344 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops); 1345 } 1346 1347 void __exit zcrypt_msgtype6_exit(void) 1348 { 1349 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops); 1350 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops); 1351 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops); 1352 } 1353