1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2022 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * 7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 9 * Ralph Wuerthner <rwuerthn@de.ibm.com> 10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 11 */ 12 13 #define KMSG_COMPONENT "zcrypt" 14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 15 16 #include <linux/module.h> 17 #include <linux/init.h> 18 #include <linux/err.h> 19 #include <linux/delay.h> 20 #include <linux/slab.h> 21 #include <linux/atomic.h> 22 #include <linux/uaccess.h> 23 24 #include "ap_bus.h" 25 #include "zcrypt_api.h" 26 #include "zcrypt_error.h" 27 #include "zcrypt_msgtype6.h" 28 #include "zcrypt_cca_key.h" 29 30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */ 31 32 #define CEIL4(x) ((((x) + 3) / 4) * 4) 33 34 struct response_type { 35 struct completion work; 36 int type; 37 }; 38 39 #define CEXXC_RESPONSE_TYPE_ICA 0 40 #define CEXXC_RESPONSE_TYPE_XCRB 1 41 #define CEXXC_RESPONSE_TYPE_EP11 2 42 43 MODULE_AUTHOR("IBM Corporation"); 44 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \ 45 "Copyright IBM Corp. 2001, 2012"); 46 MODULE_LICENSE("GPL"); 47 48 struct function_and_rules_block { 49 unsigned char function_code[2]; 50 unsigned short ulen; 51 unsigned char only_rule[8]; 52 } __packed; 53 54 /* 55 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP 56 * card in a type6 message. The 3 fields that must be filled in at execution 57 * time are req_parml, rpl_parml and usage_domain. 58 * Everything about this interface is ascii/big-endian, since the 59 * device does *not* have 'Intel inside'. 60 * 61 * The CPRBX is followed immediately by the parm block. 62 * The parm block contains: 63 * - function code ('PD' 0x5044 or 'PK' 0x504B) 64 * - rule block (one of:) 65 * + 0x000A 'PKCS-1.2' (MCL2 'PD') 66 * + 0x000A 'ZERO-PAD' (MCL2 'PK') 67 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD') 68 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK') 69 * - VUD block 70 */ 71 static const struct CPRBX static_cprbx = { 72 .cprb_len = 0x00DC, 73 .cprb_ver_id = 0x02, 74 .func_id = {0x54, 0x32}, 75 }; 76 77 int speed_idx_cca(int req_type) 78 { 79 switch (req_type) { 80 case 0x4142: 81 case 0x4149: 82 case 0x414D: 83 case 0x4341: 84 case 0x4344: 85 case 0x4354: 86 case 0x4358: 87 case 0x444B: 88 case 0x4558: 89 case 0x4643: 90 case 0x4651: 91 case 0x4C47: 92 case 0x4C4B: 93 case 0x4C51: 94 case 0x4F48: 95 case 0x504F: 96 case 0x5053: 97 case 0x5058: 98 case 0x5343: 99 case 0x5344: 100 case 0x5345: 101 case 0x5350: 102 return LOW; 103 case 0x414B: 104 case 0x4345: 105 case 0x4349: 106 case 0x434D: 107 case 0x4847: 108 case 0x4849: 109 case 0x484D: 110 case 0x4850: 111 case 0x4851: 112 case 0x4954: 113 case 0x4958: 114 case 0x4B43: 115 case 0x4B44: 116 case 0x4B45: 117 case 0x4B47: 118 case 0x4B48: 119 case 0x4B49: 120 case 0x4B4E: 121 case 0x4B50: 122 case 0x4B52: 123 case 0x4B54: 124 case 0x4B58: 125 case 0x4D50: 126 case 0x4D53: 127 case 0x4D56: 128 case 0x4D58: 129 case 0x5044: 130 case 0x5045: 131 case 0x5046: 132 case 0x5047: 133 case 0x5049: 134 case 0x504B: 135 case 0x504D: 136 case 0x5254: 137 case 0x5347: 138 case 0x5349: 139 case 0x534B: 140 case 0x534D: 141 case 0x5356: 142 case 0x5358: 143 case 0x5443: 144 case 0x544B: 145 case 0x5647: 146 return HIGH; 147 default: 148 return MEDIUM; 149 } 150 } 151 152 int speed_idx_ep11(int req_type) 153 { 154 switch (req_type) { 155 case 1: 156 case 2: 157 case 36: 158 case 37: 159 case 38: 160 case 39: 161 case 40: 162 return LOW; 163 case 17: 164 case 18: 165 case 19: 166 case 20: 167 case 21: 168 case 22: 169 case 26: 170 case 30: 171 case 31: 172 case 32: 173 case 33: 174 case 34: 175 case 35: 176 return HIGH; 177 default: 178 return MEDIUM; 179 } 180 } 181 182 /* 183 * Convert a ICAMEX message to a type6 MEX message. 184 * 185 * @zq: crypto device pointer 186 * @ap_msg: pointer to AP message 187 * @mex: pointer to user input data 188 * 189 * Returns 0 on success or negative errno value. 190 */ 191 static int icamex_msg_to_type6mex_msgx(struct zcrypt_queue *zq, 192 struct ap_message *ap_msg, 193 struct ica_rsa_modexpo *mex) 194 { 195 static struct type6_hdr static_type6_hdrX = { 196 .type = 0x06, 197 .offset1 = 0x00000058, 198 .agent_id = {'C', 'A',}, 199 .function_code = {'P', 'K'}, 200 }; 201 static struct function_and_rules_block static_pke_fnr = { 202 .function_code = {'P', 'K'}, 203 .ulen = 10, 204 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '} 205 }; 206 struct { 207 struct type6_hdr hdr; 208 struct CPRBX cprbx; 209 struct function_and_rules_block fr; 210 unsigned short length; 211 char text[]; 212 } __packed * msg = ap_msg->msg; 213 int size; 214 215 /* 216 * The inputdatalength was a selection criteria in the dispatching 217 * function zcrypt_rsa_modexpo(). However, make sure the following 218 * copy_from_user() never exceeds the allocated buffer space. 219 */ 220 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE)) 221 return -EINVAL; 222 223 /* VUD.ciphertext */ 224 msg->length = mex->inputdatalength + 2; 225 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength)) 226 return -EFAULT; 227 228 /* Set up key which is located after the variable length text. */ 229 size = zcrypt_type6_mex_key_en(mex, msg->text + mex->inputdatalength); 230 if (size < 0) 231 return size; 232 size += sizeof(*msg) + mex->inputdatalength; 233 234 /* message header, cprbx and f&r */ 235 msg->hdr = static_type6_hdrX; 236 msg->hdr.tocardlen1 = size - sizeof(msg->hdr); 237 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 238 239 msg->cprbx = static_cprbx; 240 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 241 msg->cprbx.rpl_msgbl = msg->hdr.fromcardlen1; 242 243 msg->fr = static_pke_fnr; 244 245 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx); 246 247 ap_msg->len = size; 248 return 0; 249 } 250 251 /* 252 * Convert a ICACRT message to a type6 CRT message. 253 * 254 * @zq: crypto device pointer 255 * @ap_msg: pointer to AP message 256 * @crt: pointer to user input data 257 * 258 * Returns 0 on success or negative errno value. 259 */ 260 static int icacrt_msg_to_type6crt_msgx(struct zcrypt_queue *zq, 261 struct ap_message *ap_msg, 262 struct ica_rsa_modexpo_crt *crt) 263 { 264 static struct type6_hdr static_type6_hdrX = { 265 .type = 0x06, 266 .offset1 = 0x00000058, 267 .agent_id = {'C', 'A',}, 268 .function_code = {'P', 'D'}, 269 }; 270 static struct function_and_rules_block static_pkd_fnr = { 271 .function_code = {'P', 'D'}, 272 .ulen = 10, 273 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'} 274 }; 275 276 struct { 277 struct type6_hdr hdr; 278 struct CPRBX cprbx; 279 struct function_and_rules_block fr; 280 unsigned short length; 281 char text[]; 282 } __packed * msg = ap_msg->msg; 283 int size; 284 285 /* 286 * The inputdatalength was a selection criteria in the dispatching 287 * function zcrypt_rsa_crt(). However, make sure the following 288 * copy_from_user() never exceeds the allocated buffer space. 289 */ 290 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE)) 291 return -EINVAL; 292 293 /* VUD.ciphertext */ 294 msg->length = crt->inputdatalength + 2; 295 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength)) 296 return -EFAULT; 297 298 /* Set up key which is located after the variable length text. */ 299 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength); 300 if (size < 0) 301 return size; 302 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */ 303 304 /* message header, cprbx and f&r */ 305 msg->hdr = static_type6_hdrX; 306 msg->hdr.tocardlen1 = size - sizeof(msg->hdr); 307 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 308 309 msg->cprbx = static_cprbx; 310 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 311 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl = 312 size - sizeof(msg->hdr) - sizeof(msg->cprbx); 313 314 msg->fr = static_pkd_fnr; 315 316 ap_msg->len = size; 317 return 0; 318 } 319 320 /* 321 * Convert a XCRB message to a type6 CPRB message. 322 * 323 * @zq: crypto device pointer 324 * @ap_msg: pointer to AP message 325 * @xcRB: pointer to user input data 326 * 327 * Returns 0 on success or -EFAULT, -EINVAL. 328 */ 329 struct type86_fmt2_msg { 330 struct type86_hdr hdr; 331 struct type86_fmt2_ext fmt2; 332 } __packed; 333 334 static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg, 335 struct ica_xcRB *xcrb, 336 unsigned int *fcode, 337 unsigned short **dom) 338 { 339 static struct type6_hdr static_type6_hdrX = { 340 .type = 0x06, 341 .offset1 = 0x00000058, 342 }; 343 struct { 344 struct type6_hdr hdr; 345 union { 346 struct CPRBX cprbx; 347 DECLARE_FLEX_ARRAY(u8, userdata); 348 }; 349 } __packed * msg = ap_msg->msg; 350 351 int rcblen = CEIL4(xcrb->request_control_blk_length); 352 int req_sumlen, resp_sumlen; 353 char *req_data = ap_msg->msg + sizeof(struct type6_hdr) + rcblen; 354 char *function_code; 355 356 if (CEIL4(xcrb->request_control_blk_length) < 357 xcrb->request_control_blk_length) 358 return -EINVAL; /* overflow after alignment*/ 359 360 /* length checks */ 361 ap_msg->len = sizeof(struct type6_hdr) + 362 CEIL4(xcrb->request_control_blk_length) + 363 xcrb->request_data_length; 364 if (ap_msg->len > ap_msg->bufsize) 365 return -EINVAL; 366 367 /* 368 * Overflow check 369 * sum must be greater (or equal) than the largest operand 370 */ 371 req_sumlen = CEIL4(xcrb->request_control_blk_length) + 372 xcrb->request_data_length; 373 if ((CEIL4(xcrb->request_control_blk_length) <= 374 xcrb->request_data_length) ? 375 req_sumlen < xcrb->request_data_length : 376 req_sumlen < CEIL4(xcrb->request_control_blk_length)) { 377 return -EINVAL; 378 } 379 380 if (CEIL4(xcrb->reply_control_blk_length) < 381 xcrb->reply_control_blk_length) 382 return -EINVAL; /* overflow after alignment*/ 383 384 /* 385 * Overflow check 386 * sum must be greater (or equal) than the largest operand 387 */ 388 resp_sumlen = CEIL4(xcrb->reply_control_blk_length) + 389 xcrb->reply_data_length; 390 if ((CEIL4(xcrb->reply_control_blk_length) <= 391 xcrb->reply_data_length) ? 392 resp_sumlen < xcrb->reply_data_length : 393 resp_sumlen < CEIL4(xcrb->reply_control_blk_length)) { 394 return -EINVAL; 395 } 396 397 /* prepare type6 header */ 398 msg->hdr = static_type6_hdrX; 399 memcpy(msg->hdr.agent_id, &xcrb->agent_ID, sizeof(xcrb->agent_ID)); 400 msg->hdr.tocardlen1 = xcrb->request_control_blk_length; 401 if (xcrb->request_data_length) { 402 msg->hdr.offset2 = msg->hdr.offset1 + rcblen; 403 msg->hdr.tocardlen2 = xcrb->request_data_length; 404 } 405 msg->hdr.fromcardlen1 = xcrb->reply_control_blk_length; 406 msg->hdr.fromcardlen2 = xcrb->reply_data_length; 407 408 /* prepare CPRB */ 409 if (z_copy_from_user(userspace, msg->userdata, 410 xcrb->request_control_blk_addr, 411 xcrb->request_control_blk_length)) 412 return -EFAULT; 413 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) > 414 xcrb->request_control_blk_length) 415 return -EINVAL; 416 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len; 417 memcpy(msg->hdr.function_code, function_code, 418 sizeof(msg->hdr.function_code)); 419 420 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1]; 421 *dom = (unsigned short *)&msg->cprbx.domain; 422 423 /* check subfunction, US and AU need special flag with NQAP */ 424 if (memcmp(function_code, "US", 2) == 0 || 425 memcmp(function_code, "AU", 2) == 0) 426 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 427 428 #ifdef CONFIG_ZCRYPT_DEBUG 429 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL) 430 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL; 431 #endif 432 433 /* check CPRB minor version, set info bits in ap_message flag field */ 434 switch (*(unsigned short *)(&msg->cprbx.func_id[0])) { 435 case 0x5432: /* "T2" */ 436 ap_msg->flags |= AP_MSG_FLAG_USAGE; 437 break; 438 case 0x5433: /* "T3" */ 439 case 0x5435: /* "T5" */ 440 case 0x5436: /* "T6" */ 441 case 0x5437: /* "T7" */ 442 ap_msg->flags |= AP_MSG_FLAG_ADMIN; 443 break; 444 default: 445 ZCRYPT_DBF_DBG("%s unknown CPRB minor version '%c%c'\n", 446 __func__, msg->cprbx.func_id[0], 447 msg->cprbx.func_id[1]); 448 } 449 450 /* copy data block */ 451 if (xcrb->request_data_length && 452 z_copy_from_user(userspace, req_data, xcrb->request_data_address, 453 xcrb->request_data_length)) 454 return -EFAULT; 455 456 return 0; 457 } 458 459 static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap_msg, 460 struct ep11_urb *xcrb, 461 unsigned int *fcode, 462 unsigned int *domain) 463 { 464 unsigned int lfmt; 465 static struct type6_hdr static_type6_ep11_hdr = { 466 .type = 0x06, 467 .rqid = {0x00, 0x01}, 468 .function_code = {0x00, 0x00}, 469 .agent_id[0] = 0x58, /* {'X'} */ 470 .agent_id[1] = 0x43, /* {'C'} */ 471 .offset1 = 0x00000058, 472 }; 473 474 struct { 475 struct type6_hdr hdr; 476 union { 477 struct { 478 struct ep11_cprb cprbx; 479 unsigned char pld_tag; /* fixed value 0x30 */ 480 unsigned char pld_lenfmt; /* length format */ 481 } __packed; 482 DECLARE_FLEX_ARRAY(u8, userdata); 483 }; 484 } __packed * msg = ap_msg->msg; 485 486 struct pld_hdr { 487 unsigned char func_tag; /* fixed value 0x4 */ 488 unsigned char func_len; /* fixed value 0x4 */ 489 unsigned int func_val; /* function ID */ 490 unsigned char dom_tag; /* fixed value 0x4 */ 491 unsigned char dom_len; /* fixed value 0x4 */ 492 unsigned int dom_val; /* domain id */ 493 } __packed * payload_hdr = NULL; 494 495 if (CEIL4(xcrb->req_len) < xcrb->req_len) 496 return -EINVAL; /* overflow after alignment*/ 497 498 /* length checks */ 499 ap_msg->len = sizeof(struct type6_hdr) + CEIL4(xcrb->req_len); 500 if (ap_msg->len > ap_msg->bufsize) 501 return -EINVAL; 502 503 if (CEIL4(xcrb->resp_len) < xcrb->resp_len) 504 return -EINVAL; /* overflow after alignment*/ 505 506 /* prepare type6 header */ 507 msg->hdr = static_type6_ep11_hdr; 508 msg->hdr.tocardlen1 = xcrb->req_len; 509 msg->hdr.fromcardlen1 = xcrb->resp_len; 510 511 /* Import CPRB data from the ioctl input parameter */ 512 if (z_copy_from_user(userspace, msg->userdata, 513 (char __force __user *)xcrb->req, xcrb->req_len)) { 514 return -EFAULT; 515 } 516 517 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 518 switch (msg->pld_lenfmt & 0x03) { 519 case 1: 520 lfmt = 2; 521 break; 522 case 2: 523 lfmt = 3; 524 break; 525 default: 526 return -EINVAL; 527 } 528 } else { 529 lfmt = 1; /* length format #1 */ 530 } 531 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt); 532 *fcode = payload_hdr->func_val & 0xFFFF; 533 534 /* enable special processing based on the cprbs flags special bit */ 535 if (msg->cprbx.flags & 0x20) 536 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 537 538 #ifdef CONFIG_ZCRYPT_DEBUG 539 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL) 540 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL; 541 #endif 542 543 /* set info bits in ap_message flag field */ 544 if (msg->cprbx.flags & 0x80) 545 ap_msg->flags |= AP_MSG_FLAG_ADMIN; 546 else 547 ap_msg->flags |= AP_MSG_FLAG_USAGE; 548 549 *domain = msg->cprbx.target_id; 550 551 return 0; 552 } 553 554 /* 555 * Copy results from a type 86 ICA reply message back to user space. 556 * 557 * @zq: crypto device pointer 558 * @reply: reply AP message. 559 * @data: pointer to user output data 560 * @length: size of user output data 561 * 562 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 563 */ 564 struct type86x_reply { 565 struct type86_hdr hdr; 566 struct type86_fmt2_ext fmt2; 567 struct CPRBX cprbx; 568 unsigned char pad[4]; /* 4 byte function code/rules block ? */ 569 unsigned short length; /* length of data including length field size */ 570 char data[]; 571 } __packed; 572 573 struct type86_ep11_reply { 574 struct type86_hdr hdr; 575 struct type86_fmt2_ext fmt2; 576 struct ep11_cprb cprbx; 577 } __packed; 578 579 static int convert_type86_ica(struct zcrypt_queue *zq, 580 struct ap_message *reply, 581 char __user *outputdata, 582 unsigned int outputdatalength) 583 { 584 struct type86x_reply *msg = reply->msg; 585 unsigned short service_rc, service_rs; 586 unsigned int data_len; 587 588 service_rc = msg->cprbx.ccp_rtcode; 589 if (unlikely(service_rc != 0)) { 590 service_rs = msg->cprbx.ccp_rscode; 591 if ((service_rc == 8 && service_rs == 66) || 592 (service_rc == 8 && service_rs == 65) || 593 (service_rc == 8 && service_rs == 72) || 594 (service_rc == 8 && service_rs == 770) || 595 (service_rc == 12 && service_rs == 769)) { 596 ZCRYPT_DBF_WARN("%s dev=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n", 597 __func__, AP_QID_CARD(zq->queue->qid), 598 AP_QID_QUEUE(zq->queue->qid), 599 (int)service_rc, (int)service_rs); 600 return -EINVAL; 601 } 602 zq->online = 0; 603 pr_err("Crypto dev=%02x.%04x rc/rs=%d/%d online=0 rc=EAGAIN\n", 604 AP_QID_CARD(zq->queue->qid), 605 AP_QID_QUEUE(zq->queue->qid), 606 (int)service_rc, (int)service_rs); 607 ZCRYPT_DBF_ERR("%s dev=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n", 608 __func__, AP_QID_CARD(zq->queue->qid), 609 AP_QID_QUEUE(zq->queue->qid), 610 (int)service_rc, (int)service_rs); 611 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 612 return -EAGAIN; 613 } 614 data_len = msg->length - sizeof(msg->length); 615 if (data_len > outputdatalength) 616 return -EMSGSIZE; 617 618 /* Copy the crypto response to user space. */ 619 if (copy_to_user(outputdata, msg->data, data_len)) 620 return -EFAULT; 621 return 0; 622 } 623 624 /* 625 * Copy results from a type 86 XCRB reply message back to user space. 626 * 627 * @zq: crypto device pointer 628 * @reply: reply AP message. 629 * @xcrb: pointer to XCRB 630 * 631 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 632 */ 633 static int convert_type86_xcrb(bool userspace, struct zcrypt_queue *zq, 634 struct ap_message *reply, 635 struct ica_xcRB *xcrb) 636 { 637 struct type86_fmt2_msg *msg = reply->msg; 638 char *data = reply->msg; 639 640 /* Copy CPRB to user */ 641 if (xcrb->reply_control_blk_length < msg->fmt2.count1) { 642 ZCRYPT_DBF_DBG("%s reply_control_blk_length %u < required %u => EMSGSIZE\n", 643 __func__, xcrb->reply_control_blk_length, 644 msg->fmt2.count1); 645 return -EMSGSIZE; 646 } 647 if (z_copy_to_user(userspace, xcrb->reply_control_blk_addr, 648 data + msg->fmt2.offset1, msg->fmt2.count1)) 649 return -EFAULT; 650 xcrb->reply_control_blk_length = msg->fmt2.count1; 651 652 /* Copy data buffer to user */ 653 if (msg->fmt2.count2) { 654 if (xcrb->reply_data_length < msg->fmt2.count2) { 655 ZCRYPT_DBF_DBG("%s reply_data_length %u < required %u => EMSGSIZE\n", 656 __func__, xcrb->reply_data_length, 657 msg->fmt2.count2); 658 return -EMSGSIZE; 659 } 660 if (z_copy_to_user(userspace, xcrb->reply_data_addr, 661 data + msg->fmt2.offset2, msg->fmt2.count2)) 662 return -EFAULT; 663 } 664 xcrb->reply_data_length = msg->fmt2.count2; 665 666 return 0; 667 } 668 669 /* 670 * Copy results from a type 86 EP11 XCRB reply message back to user space. 671 * 672 * @zq: crypto device pointer 673 * @reply: reply AP message. 674 * @xcrb: pointer to EP11 user request block 675 * 676 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 677 */ 678 static int convert_type86_ep11_xcrb(bool userspace, struct zcrypt_queue *zq, 679 struct ap_message *reply, 680 struct ep11_urb *xcrb) 681 { 682 struct type86_fmt2_msg *msg = reply->msg; 683 char *data = reply->msg; 684 685 if (xcrb->resp_len < msg->fmt2.count1) { 686 ZCRYPT_DBF_DBG("%s resp_len %u < required %u => EMSGSIZE\n", 687 __func__, (unsigned int)xcrb->resp_len, 688 msg->fmt2.count1); 689 return -EMSGSIZE; 690 } 691 692 /* Copy response CPRB to user */ 693 if (z_copy_to_user(userspace, (char __force __user *)xcrb->resp, 694 data + msg->fmt2.offset1, msg->fmt2.count1)) 695 return -EFAULT; 696 xcrb->resp_len = msg->fmt2.count1; 697 return 0; 698 } 699 700 static int convert_type86_rng(struct zcrypt_queue *zq, 701 struct ap_message *reply, 702 char *buffer) 703 { 704 struct { 705 struct type86_hdr hdr; 706 struct type86_fmt2_ext fmt2; 707 struct CPRBX cprbx; 708 } __packed * msg = reply->msg; 709 char *data = reply->msg; 710 711 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0) 712 return -EINVAL; 713 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2); 714 return msg->fmt2.count2; 715 } 716 717 static int convert_response_ica(struct zcrypt_queue *zq, 718 struct ap_message *reply, 719 char __user *outputdata, 720 unsigned int outputdatalength) 721 { 722 struct type86x_reply *msg = reply->msg; 723 724 switch (msg->hdr.type) { 725 case TYPE82_RSP_CODE: 726 case TYPE88_RSP_CODE: 727 return convert_error(zq, reply); 728 case TYPE86_RSP_CODE: 729 if (msg->cprbx.ccp_rtcode && 730 msg->cprbx.ccp_rscode == 0x14f && 731 outputdatalength > 256) { 732 if (zq->zcard->max_exp_bit_length <= 17) { 733 zq->zcard->max_exp_bit_length = 17; 734 return -EAGAIN; 735 } else { 736 return -EINVAL; 737 } 738 } 739 if (msg->hdr.reply_code) 740 return convert_error(zq, reply); 741 if (msg->cprbx.cprb_ver_id == 0x02) 742 return convert_type86_ica(zq, reply, 743 outputdata, outputdatalength); 744 fallthrough; /* wrong cprb version is an unknown response */ 745 default: 746 /* Unknown response type, this should NEVER EVER happen */ 747 zq->online = 0; 748 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 749 AP_QID_CARD(zq->queue->qid), 750 AP_QID_QUEUE(zq->queue->qid), 751 (int)msg->hdr.type); 752 ZCRYPT_DBF_ERR( 753 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 754 __func__, AP_QID_CARD(zq->queue->qid), 755 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 756 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 757 return -EAGAIN; 758 } 759 } 760 761 static int convert_response_xcrb(bool userspace, struct zcrypt_queue *zq, 762 struct ap_message *reply, 763 struct ica_xcRB *xcrb) 764 { 765 struct type86x_reply *msg = reply->msg; 766 767 switch (msg->hdr.type) { 768 case TYPE82_RSP_CODE: 769 case TYPE88_RSP_CODE: 770 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */ 771 return convert_error(zq, reply); 772 case TYPE86_RSP_CODE: 773 if (msg->hdr.reply_code) { 774 memcpy(&xcrb->status, msg->fmt2.apfs, sizeof(u32)); 775 return convert_error(zq, reply); 776 } 777 if (msg->cprbx.cprb_ver_id == 0x02) 778 return convert_type86_xcrb(userspace, zq, reply, xcrb); 779 fallthrough; /* wrong cprb version is an unknown response */ 780 default: /* Unknown response type, this should NEVER EVER happen */ 781 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */ 782 zq->online = 0; 783 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 784 AP_QID_CARD(zq->queue->qid), 785 AP_QID_QUEUE(zq->queue->qid), 786 (int)msg->hdr.type); 787 ZCRYPT_DBF_ERR( 788 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 789 __func__, AP_QID_CARD(zq->queue->qid), 790 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 791 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 792 return -EAGAIN; 793 } 794 } 795 796 static int convert_response_ep11_xcrb(bool userspace, struct zcrypt_queue *zq, 797 struct ap_message *reply, struct ep11_urb *xcrb) 798 { 799 struct type86_ep11_reply *msg = reply->msg; 800 801 switch (msg->hdr.type) { 802 case TYPE82_RSP_CODE: 803 case TYPE87_RSP_CODE: 804 return convert_error(zq, reply); 805 case TYPE86_RSP_CODE: 806 if (msg->hdr.reply_code) 807 return convert_error(zq, reply); 808 if (msg->cprbx.cprb_ver_id == 0x04) 809 return convert_type86_ep11_xcrb(userspace, zq, reply, xcrb); 810 fallthrough; /* wrong cprb version is an unknown resp */ 811 default: /* Unknown response type, this should NEVER EVER happen */ 812 zq->online = 0; 813 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 814 AP_QID_CARD(zq->queue->qid), 815 AP_QID_QUEUE(zq->queue->qid), 816 (int)msg->hdr.type); 817 ZCRYPT_DBF_ERR( 818 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 819 __func__, AP_QID_CARD(zq->queue->qid), 820 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 821 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 822 return -EAGAIN; 823 } 824 } 825 826 static int convert_response_rng(struct zcrypt_queue *zq, 827 struct ap_message *reply, 828 char *data) 829 { 830 struct type86x_reply *msg = reply->msg; 831 832 switch (msg->hdr.type) { 833 case TYPE82_RSP_CODE: 834 case TYPE88_RSP_CODE: 835 return -EINVAL; 836 case TYPE86_RSP_CODE: 837 if (msg->hdr.reply_code) 838 return -EINVAL; 839 if (msg->cprbx.cprb_ver_id == 0x02) 840 return convert_type86_rng(zq, reply, data); 841 fallthrough; /* wrong cprb version is an unknown response */ 842 default: /* Unknown response type, this should NEVER EVER happen */ 843 zq->online = 0; 844 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 845 AP_QID_CARD(zq->queue->qid), 846 AP_QID_QUEUE(zq->queue->qid), 847 (int)msg->hdr.type); 848 ZCRYPT_DBF_ERR( 849 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 850 __func__, AP_QID_CARD(zq->queue->qid), 851 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 852 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 853 return -EAGAIN; 854 } 855 } 856 857 /* 858 * This function is called from the AP bus code after a crypto request 859 * "msg" has finished with the reply message "reply". 860 * It is called from tasklet context. 861 * @aq: pointer to the AP queue 862 * @msg: pointer to the AP message 863 * @reply: pointer to the AP reply message 864 */ 865 static void zcrypt_msgtype6_receive(struct ap_queue *aq, 866 struct ap_message *msg, 867 struct ap_message *reply) 868 { 869 static struct error_hdr error_reply = { 870 .type = TYPE82_RSP_CODE, 871 .reply_code = REP82_ERROR_MACHINE_FAILURE, 872 }; 873 struct response_type *resp_type = msg->private; 874 struct type86x_reply *t86r; 875 int len; 876 877 /* Copy the reply message to the request message buffer. */ 878 if (!reply) 879 goto out; /* ap_msg->rc indicates the error */ 880 t86r = reply->msg; 881 if (t86r->hdr.type == TYPE86_RSP_CODE && 882 t86r->cprbx.cprb_ver_id == 0x02) { 883 switch (resp_type->type) { 884 case CEXXC_RESPONSE_TYPE_ICA: 885 len = sizeof(struct type86x_reply) + t86r->length; 886 if (len > reply->bufsize || len > msg->bufsize || 887 len != reply->len) { 888 ZCRYPT_DBF_DBG("%s len mismatch => EMSGSIZE\n", __func__); 889 msg->rc = -EMSGSIZE; 890 goto out; 891 } 892 memcpy(msg->msg, reply->msg, len); 893 msg->len = len; 894 break; 895 case CEXXC_RESPONSE_TYPE_XCRB: 896 if (t86r->fmt2.count2) 897 len = t86r->fmt2.offset2 + t86r->fmt2.count2; 898 else 899 len = t86r->fmt2.offset1 + t86r->fmt2.count1; 900 if (len > reply->bufsize || len > msg->bufsize || 901 len != reply->len) { 902 ZCRYPT_DBF_DBG("%s len mismatch => EMSGSIZE\n", __func__); 903 msg->rc = -EMSGSIZE; 904 goto out; 905 } 906 memcpy(msg->msg, reply->msg, len); 907 msg->len = len; 908 break; 909 default: 910 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 911 msg->len = sizeof(error_reply); 912 } 913 } else { 914 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 915 msg->len = sizeof(error_reply); 916 } 917 out: 918 complete(&resp_type->work); 919 } 920 921 /* 922 * This function is called from the AP bus code after a crypto request 923 * "msg" has finished with the reply message "reply". 924 * It is called from tasklet context. 925 * @aq: pointer to the AP queue 926 * @msg: pointer to the AP message 927 * @reply: pointer to the AP reply message 928 */ 929 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq, 930 struct ap_message *msg, 931 struct ap_message *reply) 932 { 933 static struct error_hdr error_reply = { 934 .type = TYPE82_RSP_CODE, 935 .reply_code = REP82_ERROR_MACHINE_FAILURE, 936 }; 937 struct response_type *resp_type = msg->private; 938 struct type86_ep11_reply *t86r; 939 int len; 940 941 /* Copy the reply message to the request message buffer. */ 942 if (!reply) 943 goto out; /* ap_msg->rc indicates the error */ 944 t86r = reply->msg; 945 if (t86r->hdr.type == TYPE86_RSP_CODE && 946 t86r->cprbx.cprb_ver_id == 0x04) { 947 switch (resp_type->type) { 948 case CEXXC_RESPONSE_TYPE_EP11: 949 len = t86r->fmt2.offset1 + t86r->fmt2.count1; 950 if (len > reply->bufsize || len > msg->bufsize || 951 len != reply->len) { 952 ZCRYPT_DBF_DBG("%s len mismatch => EMSGSIZE\n", __func__); 953 msg->rc = -EMSGSIZE; 954 goto out; 955 } 956 memcpy(msg->msg, reply->msg, len); 957 msg->len = len; 958 break; 959 default: 960 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 961 msg->len = sizeof(error_reply); 962 } 963 } else { 964 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 965 msg->len = sizeof(error_reply); 966 } 967 out: 968 complete(&resp_type->work); 969 } 970 971 static atomic_t zcrypt_step = ATOMIC_INIT(0); 972 973 /* 974 * The request distributor calls this function if it picked the CEXxC 975 * device to handle a modexpo request. 976 * @zq: pointer to zcrypt_queue structure that identifies the 977 * CEXxC device to the request distributor 978 * @mex: pointer to the modexpo request buffer 979 */ 980 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq, 981 struct ica_rsa_modexpo *mex, 982 struct ap_message *ap_msg) 983 { 984 struct response_type resp_type = { 985 .type = CEXXC_RESPONSE_TYPE_ICA, 986 }; 987 int rc; 988 989 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL); 990 if (!ap_msg->msg) 991 return -ENOMEM; 992 ap_msg->bufsize = PAGE_SIZE; 993 ap_msg->receive = zcrypt_msgtype6_receive; 994 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 995 atomic_inc_return(&zcrypt_step); 996 ap_msg->private = &resp_type; 997 rc = icamex_msg_to_type6mex_msgx(zq, ap_msg, mex); 998 if (rc) 999 goto out_free; 1000 init_completion(&resp_type.work); 1001 rc = ap_queue_message(zq->queue, ap_msg); 1002 if (rc) 1003 goto out_free; 1004 rc = wait_for_completion_interruptible(&resp_type.work); 1005 if (rc == 0) { 1006 rc = ap_msg->rc; 1007 if (rc == 0) 1008 rc = convert_response_ica(zq, ap_msg, 1009 mex->outputdata, 1010 mex->outputdatalength); 1011 } else { 1012 /* Signal pending. */ 1013 ap_cancel_message(zq->queue, ap_msg); 1014 } 1015 1016 out_free: 1017 free_page((unsigned long)ap_msg->msg); 1018 ap_msg->private = NULL; 1019 ap_msg->msg = NULL; 1020 return rc; 1021 } 1022 1023 /* 1024 * The request distributor calls this function if it picked the CEXxC 1025 * device to handle a modexpo_crt request. 1026 * @zq: pointer to zcrypt_queue structure that identifies the 1027 * CEXxC device to the request distributor 1028 * @crt: pointer to the modexpoc_crt request buffer 1029 */ 1030 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq, 1031 struct ica_rsa_modexpo_crt *crt, 1032 struct ap_message *ap_msg) 1033 { 1034 struct response_type resp_type = { 1035 .type = CEXXC_RESPONSE_TYPE_ICA, 1036 }; 1037 int rc; 1038 1039 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL); 1040 if (!ap_msg->msg) 1041 return -ENOMEM; 1042 ap_msg->bufsize = PAGE_SIZE; 1043 ap_msg->receive = zcrypt_msgtype6_receive; 1044 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1045 atomic_inc_return(&zcrypt_step); 1046 ap_msg->private = &resp_type; 1047 rc = icacrt_msg_to_type6crt_msgx(zq, ap_msg, crt); 1048 if (rc) 1049 goto out_free; 1050 init_completion(&resp_type.work); 1051 rc = ap_queue_message(zq->queue, ap_msg); 1052 if (rc) 1053 goto out_free; 1054 rc = wait_for_completion_interruptible(&resp_type.work); 1055 if (rc == 0) { 1056 rc = ap_msg->rc; 1057 if (rc == 0) 1058 rc = convert_response_ica(zq, ap_msg, 1059 crt->outputdata, 1060 crt->outputdatalength); 1061 } else { 1062 /* Signal pending. */ 1063 ap_cancel_message(zq->queue, ap_msg); 1064 } 1065 1066 out_free: 1067 free_page((unsigned long)ap_msg->msg); 1068 ap_msg->private = NULL; 1069 ap_msg->msg = NULL; 1070 return rc; 1071 } 1072 1073 /* 1074 * Prepare a CCA AP msg request. 1075 * Prepare a CCA AP msg: fetch the required data from userspace, 1076 * prepare the AP msg, fill some info into the ap_message struct, 1077 * extract some data from the CPRB and give back to the caller. 1078 * This function allocates memory and needs an ap_msg prepared 1079 * by the caller with ap_init_message(). Also the caller has to 1080 * make sure ap_release_message() is always called even on failure. 1081 */ 1082 int prep_cca_ap_msg(bool userspace, struct ica_xcRB *xcrb, 1083 struct ap_message *ap_msg, 1084 unsigned int *func_code, unsigned short **dom) 1085 { 1086 struct response_type resp_type = { 1087 .type = CEXXC_RESPONSE_TYPE_XCRB, 1088 }; 1089 1090 ap_msg->bufsize = atomic_read(&ap_max_msg_size); 1091 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1092 if (!ap_msg->msg) 1093 return -ENOMEM; 1094 ap_msg->receive = zcrypt_msgtype6_receive; 1095 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1096 atomic_inc_return(&zcrypt_step); 1097 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1098 if (!ap_msg->private) 1099 return -ENOMEM; 1100 return xcrb_msg_to_type6cprb_msgx(userspace, ap_msg, xcrb, func_code, dom); 1101 } 1102 1103 /* 1104 * The request distributor calls this function if it picked the CEXxC 1105 * device to handle a send_cprb request. 1106 * @zq: pointer to zcrypt_queue structure that identifies the 1107 * CEXxC device to the request distributor 1108 * @xcrb: pointer to the send_cprb request buffer 1109 */ 1110 static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq, 1111 struct ica_xcRB *xcrb, 1112 struct ap_message *ap_msg) 1113 { 1114 int rc; 1115 struct response_type *rtype = ap_msg->private; 1116 struct { 1117 struct type6_hdr hdr; 1118 struct CPRBX cprbx; 1119 /* ... more data blocks ... */ 1120 } __packed * msg = ap_msg->msg; 1121 1122 /* 1123 * Set the queue's reply buffer length minus 128 byte padding 1124 * as reply limit for the card firmware. 1125 */ 1126 msg->hdr.fromcardlen1 = min_t(unsigned int, msg->hdr.fromcardlen1, 1127 zq->reply.bufsize - 128); 1128 if (msg->hdr.fromcardlen2) 1129 msg->hdr.fromcardlen2 = 1130 zq->reply.bufsize - msg->hdr.fromcardlen1 - 128; 1131 1132 init_completion(&rtype->work); 1133 rc = ap_queue_message(zq->queue, ap_msg); 1134 if (rc) 1135 goto out; 1136 rc = wait_for_completion_interruptible(&rtype->work); 1137 if (rc == 0) { 1138 rc = ap_msg->rc; 1139 if (rc == 0) 1140 rc = convert_response_xcrb(userspace, zq, ap_msg, xcrb); 1141 } else { 1142 /* Signal pending. */ 1143 ap_cancel_message(zq->queue, ap_msg); 1144 } 1145 1146 out: 1147 if (rc) 1148 ZCRYPT_DBF_DBG("%s send cprb at dev=%02x.%04x rc=%d\n", 1149 __func__, AP_QID_CARD(zq->queue->qid), 1150 AP_QID_QUEUE(zq->queue->qid), rc); 1151 return rc; 1152 } 1153 1154 /* 1155 * Prepare an EP11 AP msg request. 1156 * Prepare an EP11 AP msg: fetch the required data from userspace, 1157 * prepare the AP msg, fill some info into the ap_message struct, 1158 * extract some data from the CPRB and give back to the caller. 1159 * This function allocates memory and needs an ap_msg prepared 1160 * by the caller with ap_init_message(). Also the caller has to 1161 * make sure ap_release_message() is always called even on failure. 1162 */ 1163 int prep_ep11_ap_msg(bool userspace, struct ep11_urb *xcrb, 1164 struct ap_message *ap_msg, 1165 unsigned int *func_code, unsigned int *domain) 1166 { 1167 struct response_type resp_type = { 1168 .type = CEXXC_RESPONSE_TYPE_EP11, 1169 }; 1170 1171 ap_msg->bufsize = atomic_read(&ap_max_msg_size); 1172 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1173 if (!ap_msg->msg) 1174 return -ENOMEM; 1175 ap_msg->receive = zcrypt_msgtype6_receive_ep11; 1176 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1177 atomic_inc_return(&zcrypt_step); 1178 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1179 if (!ap_msg->private) 1180 return -ENOMEM; 1181 return xcrb_msg_to_type6_ep11cprb_msgx(userspace, ap_msg, xcrb, 1182 func_code, domain); 1183 } 1184 1185 /* 1186 * The request distributor calls this function if it picked the CEX4P 1187 * device to handle a send_ep11_cprb request. 1188 * @zq: pointer to zcrypt_queue structure that identifies the 1189 * CEX4P device to the request distributor 1190 * @xcrb: pointer to the ep11 user request block 1191 */ 1192 static long zcrypt_msgtype6_send_ep11_cprb(bool userspace, struct zcrypt_queue *zq, 1193 struct ep11_urb *xcrb, 1194 struct ap_message *ap_msg) 1195 { 1196 int rc; 1197 unsigned int lfmt; 1198 struct response_type *rtype = ap_msg->private; 1199 struct { 1200 struct type6_hdr hdr; 1201 struct ep11_cprb cprbx; 1202 unsigned char pld_tag; /* fixed value 0x30 */ 1203 unsigned char pld_lenfmt; /* payload length format */ 1204 } __packed * msg = ap_msg->msg; 1205 struct pld_hdr { 1206 unsigned char func_tag; /* fixed value 0x4 */ 1207 unsigned char func_len; /* fixed value 0x4 */ 1208 unsigned int func_val; /* function ID */ 1209 unsigned char dom_tag; /* fixed value 0x4 */ 1210 unsigned char dom_len; /* fixed value 0x4 */ 1211 unsigned int dom_val; /* domain id */ 1212 } __packed * payload_hdr = NULL; 1213 1214 /* 1215 * The target domain field within the cprb body/payload block will be 1216 * replaced by the usage domain for non-management commands only. 1217 * Therefore we check the first bit of the 'flags' parameter for 1218 * management command indication. 1219 * 0 - non management command 1220 * 1 - management command 1221 */ 1222 if (!((msg->cprbx.flags & 0x80) == 0x80)) { 1223 msg->cprbx.target_id = (unsigned int) 1224 AP_QID_QUEUE(zq->queue->qid); 1225 1226 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 1227 switch (msg->pld_lenfmt & 0x03) { 1228 case 1: 1229 lfmt = 2; 1230 break; 1231 case 2: 1232 lfmt = 3; 1233 break; 1234 default: 1235 return -EINVAL; 1236 } 1237 } else { 1238 lfmt = 1; /* length format #1 */ 1239 } 1240 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt); 1241 payload_hdr->dom_val = (unsigned int) 1242 AP_QID_QUEUE(zq->queue->qid); 1243 } 1244 1245 /* 1246 * Set the queue's reply buffer length minus the two prepend headers 1247 * as reply limit for the card firmware. 1248 */ 1249 msg->hdr.fromcardlen1 = zq->reply.bufsize - 1250 sizeof(struct type86_hdr) - sizeof(struct type86_fmt2_ext); 1251 1252 init_completion(&rtype->work); 1253 rc = ap_queue_message(zq->queue, ap_msg); 1254 if (rc) 1255 goto out; 1256 rc = wait_for_completion_interruptible(&rtype->work); 1257 if (rc == 0) { 1258 rc = ap_msg->rc; 1259 if (rc == 0) 1260 rc = convert_response_ep11_xcrb(userspace, zq, ap_msg, xcrb); 1261 } else { 1262 /* Signal pending. */ 1263 ap_cancel_message(zq->queue, ap_msg); 1264 } 1265 1266 out: 1267 if (rc) 1268 ZCRYPT_DBF_DBG("%s send cprb at dev=%02x.%04x rc=%d\n", 1269 __func__, AP_QID_CARD(zq->queue->qid), 1270 AP_QID_QUEUE(zq->queue->qid), rc); 1271 return rc; 1272 } 1273 1274 int prep_rng_ap_msg(struct ap_message *ap_msg, int *func_code, 1275 unsigned int *domain) 1276 { 1277 struct response_type resp_type = { 1278 .type = CEXXC_RESPONSE_TYPE_XCRB, 1279 }; 1280 1281 ap_msg->bufsize = AP_DEFAULT_MAX_MSG_SIZE; 1282 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1283 if (!ap_msg->msg) 1284 return -ENOMEM; 1285 ap_msg->receive = zcrypt_msgtype6_receive; 1286 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1287 atomic_inc_return(&zcrypt_step); 1288 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1289 if (!ap_msg->private) 1290 return -ENOMEM; 1291 1292 rng_type6cprb_msgx(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain); 1293 1294 *func_code = HWRNG; 1295 return 0; 1296 } 1297 1298 /* 1299 * The request distributor calls this function if it picked the CEXxC 1300 * device to generate random data. 1301 * @zq: pointer to zcrypt_queue structure that identifies the 1302 * CEXxC device to the request distributor 1303 * @buffer: pointer to a memory page to return random data 1304 */ 1305 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq, 1306 char *buffer, struct ap_message *ap_msg) 1307 { 1308 struct { 1309 struct type6_hdr hdr; 1310 struct CPRBX cprbx; 1311 char function_code[2]; 1312 short int rule_length; 1313 char rule[8]; 1314 short int verb_length; 1315 short int key_length; 1316 } __packed * msg = ap_msg->msg; 1317 struct response_type *rtype = ap_msg->private; 1318 int rc; 1319 1320 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 1321 1322 init_completion(&rtype->work); 1323 rc = ap_queue_message(zq->queue, ap_msg); 1324 if (rc) 1325 goto out; 1326 rc = wait_for_completion_interruptible(&rtype->work); 1327 if (rc == 0) { 1328 rc = ap_msg->rc; 1329 if (rc == 0) 1330 rc = convert_response_rng(zq, ap_msg, buffer); 1331 } else { 1332 /* Signal pending. */ 1333 ap_cancel_message(zq->queue, ap_msg); 1334 } 1335 out: 1336 return rc; 1337 } 1338 1339 /* 1340 * The crypto operations for a CEXxC card. 1341 */ 1342 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = { 1343 .owner = THIS_MODULE, 1344 .name = MSGTYPE06_NAME, 1345 .variant = MSGTYPE06_VARIANT_NORNG, 1346 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1347 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1348 .send_cprb = zcrypt_msgtype6_send_cprb, 1349 }; 1350 1351 static struct zcrypt_ops zcrypt_msgtype6_ops = { 1352 .owner = THIS_MODULE, 1353 .name = MSGTYPE06_NAME, 1354 .variant = MSGTYPE06_VARIANT_DEFAULT, 1355 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1356 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1357 .send_cprb = zcrypt_msgtype6_send_cprb, 1358 .rng = zcrypt_msgtype6_rng, 1359 }; 1360 1361 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = { 1362 .owner = THIS_MODULE, 1363 .name = MSGTYPE06_NAME, 1364 .variant = MSGTYPE06_VARIANT_EP11, 1365 .rsa_modexpo = NULL, 1366 .rsa_modexpo_crt = NULL, 1367 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb, 1368 }; 1369 1370 void __init zcrypt_msgtype6_init(void) 1371 { 1372 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops); 1373 zcrypt_msgtype_register(&zcrypt_msgtype6_ops); 1374 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops); 1375 } 1376 1377 void __exit zcrypt_msgtype6_exit(void) 1378 { 1379 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops); 1380 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops); 1381 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops); 1382 } 1383