1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2012 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * 7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 9 * Ralph Wuerthner <rwuerthn@de.ibm.com> 10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 11 */ 12 13 #define KMSG_COMPONENT "zcrypt" 14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 15 16 #include <linux/module.h> 17 #include <linux/init.h> 18 #include <linux/err.h> 19 #include <linux/delay.h> 20 #include <linux/slab.h> 21 #include <linux/atomic.h> 22 #include <linux/uaccess.h> 23 24 #include "ap_bus.h" 25 #include "zcrypt_api.h" 26 #include "zcrypt_error.h" 27 #include "zcrypt_msgtype6.h" 28 #include "zcrypt_cca_key.h" 29 30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */ 31 32 #define CEIL4(x) ((((x)+3)/4)*4) 33 34 struct response_type { 35 struct completion work; 36 int type; 37 }; 38 #define CEXXC_RESPONSE_TYPE_ICA 0 39 #define CEXXC_RESPONSE_TYPE_XCRB 1 40 #define CEXXC_RESPONSE_TYPE_EP11 2 41 42 MODULE_AUTHOR("IBM Corporation"); 43 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \ 44 "Copyright IBM Corp. 2001, 2012"); 45 MODULE_LICENSE("GPL"); 46 47 /** 48 * CPRB 49 * Note that all shorts, ints and longs are little-endian. 50 * All pointer fields are 32-bits long, and mean nothing 51 * 52 * A request CPRB is followed by a request_parameter_block. 53 * 54 * The request (or reply) parameter block is organized thus: 55 * function code 56 * VUD block 57 * key block 58 */ 59 struct CPRB { 60 unsigned short cprb_len; /* CPRB length */ 61 unsigned char cprb_ver_id; /* CPRB version id. */ 62 unsigned char pad_000; /* Alignment pad byte. */ 63 unsigned char srpi_rtcode[4]; /* SRPI return code LELONG */ 64 unsigned char srpi_verb; /* SRPI verb type */ 65 unsigned char flags; /* flags */ 66 unsigned char func_id[2]; /* function id */ 67 unsigned char checkpoint_flag; /* */ 68 unsigned char resv2; /* reserved */ 69 unsigned short req_parml; /* request parameter buffer */ 70 /* length 16-bit little endian */ 71 unsigned char req_parmp[4]; /* request parameter buffer * 72 * pointer (means nothing: the * 73 * parameter buffer follows * 74 * the CPRB). */ 75 unsigned char req_datal[4]; /* request data buffer */ 76 /* length ULELONG */ 77 unsigned char req_datap[4]; /* request data buffer */ 78 /* pointer */ 79 unsigned short rpl_parml; /* reply parameter buffer */ 80 /* length 16-bit little endian */ 81 unsigned char pad_001[2]; /* Alignment pad bytes. ULESHORT */ 82 unsigned char rpl_parmp[4]; /* reply parameter buffer * 83 * pointer (means nothing: the * 84 * parameter buffer follows * 85 * the CPRB). */ 86 unsigned char rpl_datal[4]; /* reply data buffer len ULELONG */ 87 unsigned char rpl_datap[4]; /* reply data buffer */ 88 /* pointer */ 89 unsigned short ccp_rscode; /* server reason code ULESHORT */ 90 unsigned short ccp_rtcode; /* server return code ULESHORT */ 91 unsigned char repd_parml[2]; /* replied parameter len ULESHORT*/ 92 unsigned char mac_data_len[2]; /* Mac Data Length ULESHORT */ 93 unsigned char repd_datal[4]; /* replied data length ULELONG */ 94 unsigned char req_pc[2]; /* PC identifier */ 95 unsigned char res_origin[8]; /* resource origin */ 96 unsigned char mac_value[8]; /* Mac Value */ 97 unsigned char logon_id[8]; /* Logon Identifier */ 98 unsigned char usage_domain[2]; /* cdx */ 99 unsigned char resv3[18]; /* reserved for requestor */ 100 unsigned short svr_namel; /* server name length ULESHORT */ 101 unsigned char svr_name[8]; /* server name */ 102 } __packed; 103 104 struct function_and_rules_block { 105 unsigned char function_code[2]; 106 unsigned short ulen; 107 unsigned char only_rule[8]; 108 } __packed; 109 110 /** 111 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP 112 * card in a type6 message. The 3 fields that must be filled in at execution 113 * time are req_parml, rpl_parml and usage_domain. 114 * Everything about this interface is ascii/big-endian, since the 115 * device does *not* have 'Intel inside'. 116 * 117 * The CPRBX is followed immediately by the parm block. 118 * The parm block contains: 119 * - function code ('PD' 0x5044 or 'PK' 0x504B) 120 * - rule block (one of:) 121 * + 0x000A 'PKCS-1.2' (MCL2 'PD') 122 * + 0x000A 'ZERO-PAD' (MCL2 'PK') 123 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD') 124 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK') 125 * - VUD block 126 */ 127 static const struct CPRBX static_cprbx = { 128 .cprb_len = 0x00DC, 129 .cprb_ver_id = 0x02, 130 .func_id = {0x54, 0x32}, 131 }; 132 133 int speed_idx_cca(int req_type) 134 { 135 switch (req_type) { 136 case 0x4142: 137 case 0x4149: 138 case 0x414D: 139 case 0x4341: 140 case 0x4344: 141 case 0x4354: 142 case 0x4358: 143 case 0x444B: 144 case 0x4558: 145 case 0x4643: 146 case 0x4651: 147 case 0x4C47: 148 case 0x4C4B: 149 case 0x4C51: 150 case 0x4F48: 151 case 0x504F: 152 case 0x5053: 153 case 0x5058: 154 case 0x5343: 155 case 0x5344: 156 case 0x5345: 157 case 0x5350: 158 return LOW; 159 case 0x414B: 160 case 0x4345: 161 case 0x4349: 162 case 0x434D: 163 case 0x4847: 164 case 0x4849: 165 case 0x484D: 166 case 0x4850: 167 case 0x4851: 168 case 0x4954: 169 case 0x4958: 170 case 0x4B43: 171 case 0x4B44: 172 case 0x4B45: 173 case 0x4B47: 174 case 0x4B48: 175 case 0x4B49: 176 case 0x4B4E: 177 case 0x4B50: 178 case 0x4B52: 179 case 0x4B54: 180 case 0x4B58: 181 case 0x4D50: 182 case 0x4D53: 183 case 0x4D56: 184 case 0x4D58: 185 case 0x5044: 186 case 0x5045: 187 case 0x5046: 188 case 0x5047: 189 case 0x5049: 190 case 0x504B: 191 case 0x504D: 192 case 0x5254: 193 case 0x5347: 194 case 0x5349: 195 case 0x534B: 196 case 0x534D: 197 case 0x5356: 198 case 0x5358: 199 case 0x5443: 200 case 0x544B: 201 case 0x5647: 202 return HIGH; 203 default: 204 return MEDIUM; 205 } 206 } 207 208 int speed_idx_ep11(int req_type) 209 { 210 switch (req_type) { 211 case 1: 212 case 2: 213 case 36: 214 case 37: 215 case 38: 216 case 39: 217 case 40: 218 return LOW; 219 case 17: 220 case 18: 221 case 19: 222 case 20: 223 case 21: 224 case 22: 225 case 26: 226 case 30: 227 case 31: 228 case 32: 229 case 33: 230 case 34: 231 case 35: 232 return HIGH; 233 default: 234 return MEDIUM; 235 } 236 } 237 238 239 /** 240 * Convert a ICAMEX message to a type6 MEX message. 241 * 242 * @zq: crypto device pointer 243 * @ap_msg: pointer to AP message 244 * @mex: pointer to user input data 245 * 246 * Returns 0 on success or negative errno value. 247 */ 248 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq, 249 struct ap_message *ap_msg, 250 struct ica_rsa_modexpo *mex) 251 { 252 static struct type6_hdr static_type6_hdrX = { 253 .type = 0x06, 254 .offset1 = 0x00000058, 255 .agent_id = {'C', 'A',}, 256 .function_code = {'P', 'K'}, 257 }; 258 static struct function_and_rules_block static_pke_fnr = { 259 .function_code = {'P', 'K'}, 260 .ulen = 10, 261 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '} 262 }; 263 struct { 264 struct type6_hdr hdr; 265 struct CPRBX cprbx; 266 struct function_and_rules_block fr; 267 unsigned short length; 268 char text[0]; 269 } __packed * msg = ap_msg->message; 270 int size; 271 272 /* 273 * The inputdatalength was a selection criteria in the dispatching 274 * function zcrypt_rsa_modexpo(). However, make sure the following 275 * copy_from_user() never exceeds the allocated buffer space. 276 */ 277 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE)) 278 return -EINVAL; 279 280 /* VUD.ciphertext */ 281 msg->length = mex->inputdatalength + 2; 282 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength)) 283 return -EFAULT; 284 285 /* Set up key which is located after the variable length text. */ 286 size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength); 287 if (size < 0) 288 return size; 289 size += sizeof(*msg) + mex->inputdatalength; 290 291 /* message header, cprbx and f&r */ 292 msg->hdr = static_type6_hdrX; 293 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr); 294 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 295 296 msg->cprbx = static_cprbx; 297 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 298 msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1; 299 300 msg->fr = static_pke_fnr; 301 302 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx); 303 304 ap_msg->length = size; 305 return 0; 306 } 307 308 /** 309 * Convert a ICACRT message to a type6 CRT message. 310 * 311 * @zq: crypto device pointer 312 * @ap_msg: pointer to AP message 313 * @crt: pointer to user input data 314 * 315 * Returns 0 on success or negative errno value. 316 */ 317 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq, 318 struct ap_message *ap_msg, 319 struct ica_rsa_modexpo_crt *crt) 320 { 321 static struct type6_hdr static_type6_hdrX = { 322 .type = 0x06, 323 .offset1 = 0x00000058, 324 .agent_id = {'C', 'A',}, 325 .function_code = {'P', 'D'}, 326 }; 327 static struct function_and_rules_block static_pkd_fnr = { 328 .function_code = {'P', 'D'}, 329 .ulen = 10, 330 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'} 331 }; 332 333 struct { 334 struct type6_hdr hdr; 335 struct CPRBX cprbx; 336 struct function_and_rules_block fr; 337 unsigned short length; 338 char text[0]; 339 } __packed * msg = ap_msg->message; 340 int size; 341 342 /* 343 * The inputdatalength was a selection criteria in the dispatching 344 * function zcrypt_rsa_crt(). However, make sure the following 345 * copy_from_user() never exceeds the allocated buffer space. 346 */ 347 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE)) 348 return -EINVAL; 349 350 /* VUD.ciphertext */ 351 msg->length = crt->inputdatalength + 2; 352 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength)) 353 return -EFAULT; 354 355 /* Set up key which is located after the variable length text. */ 356 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength); 357 if (size < 0) 358 return size; 359 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */ 360 361 /* message header, cprbx and f&r */ 362 msg->hdr = static_type6_hdrX; 363 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr); 364 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 365 366 msg->cprbx = static_cprbx; 367 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 368 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl = 369 size - sizeof(msg->hdr) - sizeof(msg->cprbx); 370 371 msg->fr = static_pkd_fnr; 372 373 ap_msg->length = size; 374 return 0; 375 } 376 377 /** 378 * Convert a XCRB message to a type6 CPRB message. 379 * 380 * @zq: crypto device pointer 381 * @ap_msg: pointer to AP message 382 * @xcRB: pointer to user input data 383 * 384 * Returns 0 on success or -EFAULT, -EINVAL. 385 */ 386 struct type86_fmt2_msg { 387 struct type86_hdr hdr; 388 struct type86_fmt2_ext fmt2; 389 } __packed; 390 391 static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg, 392 struct ica_xcRB *xcRB, 393 unsigned int *fcode, 394 unsigned short **dom) 395 { 396 static struct type6_hdr static_type6_hdrX = { 397 .type = 0x06, 398 .offset1 = 0x00000058, 399 }; 400 struct { 401 struct type6_hdr hdr; 402 struct CPRBX cprbx; 403 } __packed * msg = ap_msg->message; 404 405 int rcblen = CEIL4(xcRB->request_control_blk_length); 406 int replylen, req_sumlen, resp_sumlen; 407 char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen; 408 char *function_code; 409 410 if (CEIL4(xcRB->request_control_blk_length) < 411 xcRB->request_control_blk_length) 412 return -EINVAL; /* overflow after alignment*/ 413 414 /* length checks */ 415 ap_msg->length = sizeof(struct type6_hdr) + 416 CEIL4(xcRB->request_control_blk_length) + 417 xcRB->request_data_length; 418 if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE) 419 return -EINVAL; 420 421 /* 422 * Overflow check 423 * sum must be greater (or equal) than the largest operand 424 */ 425 req_sumlen = CEIL4(xcRB->request_control_blk_length) + 426 xcRB->request_data_length; 427 if ((CEIL4(xcRB->request_control_blk_length) <= 428 xcRB->request_data_length) ? 429 (req_sumlen < xcRB->request_data_length) : 430 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) { 431 return -EINVAL; 432 } 433 434 if (CEIL4(xcRB->reply_control_blk_length) < 435 xcRB->reply_control_blk_length) 436 return -EINVAL; /* overflow after alignment*/ 437 438 replylen = sizeof(struct type86_fmt2_msg) + 439 CEIL4(xcRB->reply_control_blk_length) + 440 xcRB->reply_data_length; 441 if (replylen > MSGTYPE06_MAX_MSG_SIZE) 442 return -EINVAL; 443 444 /* 445 * Overflow check 446 * sum must be greater (or equal) than the largest operand 447 */ 448 resp_sumlen = CEIL4(xcRB->reply_control_blk_length) + 449 xcRB->reply_data_length; 450 if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ? 451 (resp_sumlen < xcRB->reply_data_length) : 452 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) { 453 return -EINVAL; 454 } 455 456 /* prepare type6 header */ 457 msg->hdr = static_type6_hdrX; 458 memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID)); 459 msg->hdr.ToCardLen1 = xcRB->request_control_blk_length; 460 if (xcRB->request_data_length) { 461 msg->hdr.offset2 = msg->hdr.offset1 + rcblen; 462 msg->hdr.ToCardLen2 = xcRB->request_data_length; 463 } 464 msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length; 465 msg->hdr.FromCardLen2 = xcRB->reply_data_length; 466 467 /* prepare CPRB */ 468 if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr, 469 xcRB->request_control_blk_length)) 470 return -EFAULT; 471 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) > 472 xcRB->request_control_blk_length) 473 return -EINVAL; 474 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len; 475 memcpy(msg->hdr.function_code, function_code, 476 sizeof(msg->hdr.function_code)); 477 478 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1]; 479 *dom = (unsigned short *)&msg->cprbx.domain; 480 481 if (memcmp(function_code, "US", 2) == 0 482 || memcmp(function_code, "AU", 2) == 0) 483 ap_msg->special = 1; 484 else 485 ap_msg->special = 0; 486 487 /* copy data block */ 488 if (xcRB->request_data_length && 489 copy_from_user(req_data, xcRB->request_data_address, 490 xcRB->request_data_length)) 491 return -EFAULT; 492 493 return 0; 494 } 495 496 static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg, 497 struct ep11_urb *xcRB, 498 unsigned int *fcode) 499 { 500 unsigned int lfmt; 501 static struct type6_hdr static_type6_ep11_hdr = { 502 .type = 0x06, 503 .rqid = {0x00, 0x01}, 504 .function_code = {0x00, 0x00}, 505 .agent_id[0] = 0x58, /* {'X'} */ 506 .agent_id[1] = 0x43, /* {'C'} */ 507 .offset1 = 0x00000058, 508 }; 509 510 struct { 511 struct type6_hdr hdr; 512 struct ep11_cprb cprbx; 513 unsigned char pld_tag; /* fixed value 0x30 */ 514 unsigned char pld_lenfmt; /* payload length format */ 515 } __packed * msg = ap_msg->message; 516 517 struct pld_hdr { 518 unsigned char func_tag; /* fixed value 0x4 */ 519 unsigned char func_len; /* fixed value 0x4 */ 520 unsigned int func_val; /* function ID */ 521 unsigned char dom_tag; /* fixed value 0x4 */ 522 unsigned char dom_len; /* fixed value 0x4 */ 523 unsigned int dom_val; /* domain id */ 524 } __packed * payload_hdr = NULL; 525 526 if (CEIL4(xcRB->req_len) < xcRB->req_len) 527 return -EINVAL; /* overflow after alignment*/ 528 529 /* length checks */ 530 ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len; 531 if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE - 532 (sizeof(struct type6_hdr))) 533 return -EINVAL; 534 535 if (CEIL4(xcRB->resp_len) < xcRB->resp_len) 536 return -EINVAL; /* overflow after alignment*/ 537 538 if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE - 539 (sizeof(struct type86_fmt2_msg))) 540 return -EINVAL; 541 542 /* prepare type6 header */ 543 msg->hdr = static_type6_ep11_hdr; 544 msg->hdr.ToCardLen1 = xcRB->req_len; 545 msg->hdr.FromCardLen1 = xcRB->resp_len; 546 547 /* Import CPRB data from the ioctl input parameter */ 548 if (copy_from_user(&(msg->cprbx.cprb_len), 549 (char __force __user *)xcRB->req, xcRB->req_len)) { 550 return -EFAULT; 551 } 552 553 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 554 switch (msg->pld_lenfmt & 0x03) { 555 case 1: 556 lfmt = 2; 557 break; 558 case 2: 559 lfmt = 3; 560 break; 561 default: 562 return -EINVAL; 563 } 564 } else { 565 lfmt = 1; /* length format #1 */ 566 } 567 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt); 568 *fcode = payload_hdr->func_val & 0xFFFF; 569 570 /* enable special processing based on the cprbs flags special bit */ 571 if (msg->cprbx.flags & 0x20) 572 ap_msg->special = 1; 573 574 return 0; 575 } 576 577 /** 578 * Copy results from a type 86 ICA reply message back to user space. 579 * 580 * @zq: crypto device pointer 581 * @reply: reply AP message. 582 * @data: pointer to user output data 583 * @length: size of user output data 584 * 585 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 586 */ 587 struct type86x_reply { 588 struct type86_hdr hdr; 589 struct type86_fmt2_ext fmt2; 590 struct CPRBX cprbx; 591 unsigned char pad[4]; /* 4 byte function code/rules block ? */ 592 unsigned short length; 593 char text[0]; 594 } __packed; 595 596 struct type86_ep11_reply { 597 struct type86_hdr hdr; 598 struct type86_fmt2_ext fmt2; 599 struct ep11_cprb cprbx; 600 } __packed; 601 602 static int convert_type86_ica(struct zcrypt_queue *zq, 603 struct ap_message *reply, 604 char __user *outputdata, 605 unsigned int outputdatalength) 606 { 607 static unsigned char static_pad[] = { 608 0x00, 0x02, 609 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD, 610 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57, 611 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B, 612 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39, 613 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5, 614 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D, 615 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB, 616 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F, 617 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9, 618 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45, 619 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9, 620 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F, 621 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD, 622 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D, 623 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD, 624 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9, 625 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B, 626 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B, 627 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B, 628 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD, 629 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7, 630 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1, 631 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3, 632 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23, 633 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55, 634 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43, 635 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F, 636 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F, 637 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5, 638 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD, 639 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41, 640 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09 641 }; 642 struct type86x_reply *msg = reply->message; 643 unsigned short service_rc, service_rs; 644 unsigned int reply_len, pad_len; 645 char *data; 646 647 service_rc = msg->cprbx.ccp_rtcode; 648 if (unlikely(service_rc != 0)) { 649 service_rs = msg->cprbx.ccp_rscode; 650 if ((service_rc == 8 && service_rs == 66) || 651 (service_rc == 8 && service_rs == 65) || 652 (service_rc == 8 && service_rs == 72) || 653 (service_rc == 8 && service_rs == 770) || 654 (service_rc == 12 && service_rs == 769)) { 655 ZCRYPT_DBF(DBF_DEBUG, 656 "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n", 657 AP_QID_CARD(zq->queue->qid), 658 AP_QID_QUEUE(zq->queue->qid), 659 (int) service_rc, (int) service_rs); 660 return -EINVAL; 661 } 662 zq->online = 0; 663 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 664 AP_QID_CARD(zq->queue->qid), 665 AP_QID_QUEUE(zq->queue->qid)); 666 ZCRYPT_DBF(DBF_ERR, 667 "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n", 668 AP_QID_CARD(zq->queue->qid), 669 AP_QID_QUEUE(zq->queue->qid), 670 (int) service_rc, (int) service_rs); 671 return -EAGAIN; /* repeat the request on a different device. */ 672 } 673 data = msg->text; 674 reply_len = msg->length - 2; 675 if (reply_len > outputdatalength) 676 return -EINVAL; 677 /* 678 * For all encipher requests, the length of the ciphertext (reply_len) 679 * will always equal the modulus length. For MEX decipher requests 680 * the output needs to get padded. Minimum pad size is 10. 681 * 682 * Currently, the cases where padding will be added is for: 683 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support 684 * ZERO-PAD and CRT is only supported for PKD requests) 685 * - PCICC, always 686 */ 687 pad_len = outputdatalength - reply_len; 688 if (pad_len > 0) { 689 if (pad_len < 10) 690 return -EINVAL; 691 /* 'restore' padding left in the CEXXC card. */ 692 if (copy_to_user(outputdata, static_pad, pad_len - 1)) 693 return -EFAULT; 694 if (put_user(0, outputdata + pad_len - 1)) 695 return -EFAULT; 696 } 697 /* Copy the crypto response to user space. */ 698 if (copy_to_user(outputdata + pad_len, data, reply_len)) 699 return -EFAULT; 700 return 0; 701 } 702 703 /** 704 * Copy results from a type 86 XCRB reply message back to user space. 705 * 706 * @zq: crypto device pointer 707 * @reply: reply AP message. 708 * @xcRB: pointer to XCRB 709 * 710 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 711 */ 712 static int convert_type86_xcrb(struct zcrypt_queue *zq, 713 struct ap_message *reply, 714 struct ica_xcRB *xcRB) 715 { 716 struct type86_fmt2_msg *msg = reply->message; 717 char *data = reply->message; 718 719 /* Copy CPRB to user */ 720 if (copy_to_user(xcRB->reply_control_blk_addr, 721 data + msg->fmt2.offset1, msg->fmt2.count1)) 722 return -EFAULT; 723 xcRB->reply_control_blk_length = msg->fmt2.count1; 724 725 /* Copy data buffer to user */ 726 if (msg->fmt2.count2) 727 if (copy_to_user(xcRB->reply_data_addr, 728 data + msg->fmt2.offset2, msg->fmt2.count2)) 729 return -EFAULT; 730 xcRB->reply_data_length = msg->fmt2.count2; 731 return 0; 732 } 733 734 /** 735 * Copy results from a type 86 EP11 XCRB reply message back to user space. 736 * 737 * @zq: crypto device pointer 738 * @reply: reply AP message. 739 * @xcRB: pointer to EP11 user request block 740 * 741 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 742 */ 743 static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq, 744 struct ap_message *reply, 745 struct ep11_urb *xcRB) 746 { 747 struct type86_fmt2_msg *msg = reply->message; 748 char *data = reply->message; 749 750 if (xcRB->resp_len < msg->fmt2.count1) 751 return -EINVAL; 752 753 /* Copy response CPRB to user */ 754 if (copy_to_user((char __force __user *)xcRB->resp, 755 data + msg->fmt2.offset1, msg->fmt2.count1)) 756 return -EFAULT; 757 xcRB->resp_len = msg->fmt2.count1; 758 return 0; 759 } 760 761 static int convert_type86_rng(struct zcrypt_queue *zq, 762 struct ap_message *reply, 763 char *buffer) 764 { 765 struct { 766 struct type86_hdr hdr; 767 struct type86_fmt2_ext fmt2; 768 struct CPRBX cprbx; 769 } __packed * msg = reply->message; 770 char *data = reply->message; 771 772 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0) 773 return -EINVAL; 774 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2); 775 return msg->fmt2.count2; 776 } 777 778 static int convert_response_ica(struct zcrypt_queue *zq, 779 struct ap_message *reply, 780 char __user *outputdata, 781 unsigned int outputdatalength) 782 { 783 struct type86x_reply *msg = reply->message; 784 785 switch (msg->hdr.type) { 786 case TYPE82_RSP_CODE: 787 case TYPE88_RSP_CODE: 788 return convert_error(zq, reply); 789 case TYPE86_RSP_CODE: 790 if (msg->cprbx.ccp_rtcode && 791 (msg->cprbx.ccp_rscode == 0x14f) && 792 (outputdatalength > 256)) { 793 if (zq->zcard->max_exp_bit_length <= 17) { 794 zq->zcard->max_exp_bit_length = 17; 795 return -EAGAIN; 796 } else 797 return -EINVAL; 798 } 799 if (msg->hdr.reply_code) 800 return convert_error(zq, reply); 801 if (msg->cprbx.cprb_ver_id == 0x02) 802 return convert_type86_ica(zq, reply, 803 outputdata, outputdatalength); 804 /* fall through - wrong cprb version is an unknown response */ 805 default: /* Unknown response type, this should NEVER EVER happen */ 806 zq->online = 0; 807 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 808 AP_QID_CARD(zq->queue->qid), 809 AP_QID_QUEUE(zq->queue->qid)); 810 ZCRYPT_DBF(DBF_ERR, 811 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n", 812 AP_QID_CARD(zq->queue->qid), 813 AP_QID_QUEUE(zq->queue->qid), 814 (int) msg->hdr.type); 815 return -EAGAIN; /* repeat the request on a different device. */ 816 } 817 } 818 819 static int convert_response_xcrb(struct zcrypt_queue *zq, 820 struct ap_message *reply, 821 struct ica_xcRB *xcRB) 822 { 823 struct type86x_reply *msg = reply->message; 824 825 switch (msg->hdr.type) { 826 case TYPE82_RSP_CODE: 827 case TYPE88_RSP_CODE: 828 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */ 829 return convert_error(zq, reply); 830 case TYPE86_RSP_CODE: 831 if (msg->hdr.reply_code) { 832 memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32)); 833 return convert_error(zq, reply); 834 } 835 if (msg->cprbx.cprb_ver_id == 0x02) 836 return convert_type86_xcrb(zq, reply, xcRB); 837 /* fall through - wrong cprb version is an unknown response */ 838 default: /* Unknown response type, this should NEVER EVER happen */ 839 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */ 840 zq->online = 0; 841 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 842 AP_QID_CARD(zq->queue->qid), 843 AP_QID_QUEUE(zq->queue->qid)); 844 ZCRYPT_DBF(DBF_ERR, 845 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n", 846 AP_QID_CARD(zq->queue->qid), 847 AP_QID_QUEUE(zq->queue->qid), 848 (int) msg->hdr.type); 849 return -EAGAIN; /* repeat the request on a different device. */ 850 } 851 } 852 853 static int convert_response_ep11_xcrb(struct zcrypt_queue *zq, 854 struct ap_message *reply, struct ep11_urb *xcRB) 855 { 856 struct type86_ep11_reply *msg = reply->message; 857 858 switch (msg->hdr.type) { 859 case TYPE82_RSP_CODE: 860 case TYPE87_RSP_CODE: 861 return convert_error(zq, reply); 862 case TYPE86_RSP_CODE: 863 if (msg->hdr.reply_code) 864 return convert_error(zq, reply); 865 if (msg->cprbx.cprb_ver_id == 0x04) 866 return convert_type86_ep11_xcrb(zq, reply, xcRB); 867 /* fall through - wrong cprb version is an unknown resp */ 868 default: /* Unknown response type, this should NEVER EVER happen */ 869 zq->online = 0; 870 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 871 AP_QID_CARD(zq->queue->qid), 872 AP_QID_QUEUE(zq->queue->qid)); 873 ZCRYPT_DBF(DBF_ERR, 874 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n", 875 AP_QID_CARD(zq->queue->qid), 876 AP_QID_QUEUE(zq->queue->qid), 877 (int) msg->hdr.type); 878 return -EAGAIN; /* repeat the request on a different device. */ 879 } 880 } 881 882 static int convert_response_rng(struct zcrypt_queue *zq, 883 struct ap_message *reply, 884 char *data) 885 { 886 struct type86x_reply *msg = reply->message; 887 888 switch (msg->hdr.type) { 889 case TYPE82_RSP_CODE: 890 case TYPE88_RSP_CODE: 891 return -EINVAL; 892 case TYPE86_RSP_CODE: 893 if (msg->hdr.reply_code) 894 return -EINVAL; 895 if (msg->cprbx.cprb_ver_id == 0x02) 896 return convert_type86_rng(zq, reply, data); 897 /* fall through - wrong cprb version is an unknown response */ 898 default: /* Unknown response type, this should NEVER EVER happen */ 899 zq->online = 0; 900 pr_err("Cryptographic device %02x.%04x failed and was set offline\n", 901 AP_QID_CARD(zq->queue->qid), 902 AP_QID_QUEUE(zq->queue->qid)); 903 ZCRYPT_DBF(DBF_ERR, 904 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n", 905 AP_QID_CARD(zq->queue->qid), 906 AP_QID_QUEUE(zq->queue->qid), 907 (int) msg->hdr.type); 908 return -EAGAIN; /* repeat the request on a different device. */ 909 } 910 } 911 912 /** 913 * This function is called from the AP bus code after a crypto request 914 * "msg" has finished with the reply message "reply". 915 * It is called from tasklet context. 916 * @aq: pointer to the AP queue 917 * @msg: pointer to the AP message 918 * @reply: pointer to the AP reply message 919 */ 920 static void zcrypt_msgtype6_receive(struct ap_queue *aq, 921 struct ap_message *msg, 922 struct ap_message *reply) 923 { 924 static struct error_hdr error_reply = { 925 .type = TYPE82_RSP_CODE, 926 .reply_code = REP82_ERROR_MACHINE_FAILURE, 927 }; 928 struct response_type *resp_type = 929 (struct response_type *) msg->private; 930 struct type86x_reply *t86r; 931 int length; 932 933 /* Copy the reply message to the request message buffer. */ 934 if (!reply) 935 goto out; /* ap_msg->rc indicates the error */ 936 t86r = reply->message; 937 if (t86r->hdr.type == TYPE86_RSP_CODE && 938 t86r->cprbx.cprb_ver_id == 0x02) { 939 switch (resp_type->type) { 940 case CEXXC_RESPONSE_TYPE_ICA: 941 length = sizeof(struct type86x_reply) 942 + t86r->length - 2; 943 length = min(CEXXC_MAX_ICA_RESPONSE_SIZE, length); 944 memcpy(msg->message, reply->message, length); 945 break; 946 case CEXXC_RESPONSE_TYPE_XCRB: 947 length = t86r->fmt2.offset2 + t86r->fmt2.count2; 948 length = min(MSGTYPE06_MAX_MSG_SIZE, length); 949 memcpy(msg->message, reply->message, length); 950 break; 951 default: 952 memcpy(msg->message, &error_reply, 953 sizeof(error_reply)); 954 } 955 } else 956 memcpy(msg->message, reply->message, sizeof(error_reply)); 957 out: 958 complete(&(resp_type->work)); 959 } 960 961 /** 962 * This function is called from the AP bus code after a crypto request 963 * "msg" has finished with the reply message "reply". 964 * It is called from tasklet context. 965 * @aq: pointer to the AP queue 966 * @msg: pointer to the AP message 967 * @reply: pointer to the AP reply message 968 */ 969 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq, 970 struct ap_message *msg, 971 struct ap_message *reply) 972 { 973 static struct error_hdr error_reply = { 974 .type = TYPE82_RSP_CODE, 975 .reply_code = REP82_ERROR_MACHINE_FAILURE, 976 }; 977 struct response_type *resp_type = 978 (struct response_type *)msg->private; 979 struct type86_ep11_reply *t86r; 980 int length; 981 982 /* Copy the reply message to the request message buffer. */ 983 if (!reply) 984 goto out; /* ap_msg->rc indicates the error */ 985 t86r = reply->message; 986 if (t86r->hdr.type == TYPE86_RSP_CODE && 987 t86r->cprbx.cprb_ver_id == 0x04) { 988 switch (resp_type->type) { 989 case CEXXC_RESPONSE_TYPE_EP11: 990 length = t86r->fmt2.offset1 + t86r->fmt2.count1; 991 length = min(MSGTYPE06_MAX_MSG_SIZE, length); 992 memcpy(msg->message, reply->message, length); 993 break; 994 default: 995 memcpy(msg->message, &error_reply, sizeof(error_reply)); 996 } 997 } else { 998 memcpy(msg->message, reply->message, sizeof(error_reply)); 999 } 1000 out: 1001 complete(&(resp_type->work)); 1002 } 1003 1004 static atomic_t zcrypt_step = ATOMIC_INIT(0); 1005 1006 /** 1007 * The request distributor calls this function if it picked the CEXxC 1008 * device to handle a modexpo request. 1009 * @zq: pointer to zcrypt_queue structure that identifies the 1010 * CEXxC device to the request distributor 1011 * @mex: pointer to the modexpo request buffer 1012 */ 1013 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq, 1014 struct ica_rsa_modexpo *mex) 1015 { 1016 struct ap_message ap_msg; 1017 struct response_type resp_type = { 1018 .type = CEXXC_RESPONSE_TYPE_ICA, 1019 }; 1020 int rc; 1021 1022 ap_init_message(&ap_msg); 1023 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); 1024 if (!ap_msg.message) 1025 return -ENOMEM; 1026 ap_msg.receive = zcrypt_msgtype6_receive; 1027 ap_msg.psmid = (((unsigned long long) current->pid) << 32) + 1028 atomic_inc_return(&zcrypt_step); 1029 ap_msg.private = &resp_type; 1030 rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex); 1031 if (rc) 1032 goto out_free; 1033 init_completion(&resp_type.work); 1034 ap_queue_message(zq->queue, &ap_msg); 1035 rc = wait_for_completion_interruptible(&resp_type.work); 1036 if (rc == 0) { 1037 rc = ap_msg.rc; 1038 if (rc == 0) 1039 rc = convert_response_ica(zq, &ap_msg, 1040 mex->outputdata, 1041 mex->outputdatalength); 1042 } else 1043 /* Signal pending. */ 1044 ap_cancel_message(zq->queue, &ap_msg); 1045 out_free: 1046 free_page((unsigned long) ap_msg.message); 1047 return rc; 1048 } 1049 1050 /** 1051 * The request distributor calls this function if it picked the CEXxC 1052 * device to handle a modexpo_crt request. 1053 * @zq: pointer to zcrypt_queue structure that identifies the 1054 * CEXxC device to the request distributor 1055 * @crt: pointer to the modexpoc_crt request buffer 1056 */ 1057 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq, 1058 struct ica_rsa_modexpo_crt *crt) 1059 { 1060 struct ap_message ap_msg; 1061 struct response_type resp_type = { 1062 .type = CEXXC_RESPONSE_TYPE_ICA, 1063 }; 1064 int rc; 1065 1066 ap_init_message(&ap_msg); 1067 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); 1068 if (!ap_msg.message) 1069 return -ENOMEM; 1070 ap_msg.receive = zcrypt_msgtype6_receive; 1071 ap_msg.psmid = (((unsigned long long) current->pid) << 32) + 1072 atomic_inc_return(&zcrypt_step); 1073 ap_msg.private = &resp_type; 1074 rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt); 1075 if (rc) 1076 goto out_free; 1077 init_completion(&resp_type.work); 1078 ap_queue_message(zq->queue, &ap_msg); 1079 rc = wait_for_completion_interruptible(&resp_type.work); 1080 if (rc == 0) { 1081 rc = ap_msg.rc; 1082 if (rc == 0) 1083 rc = convert_response_ica(zq, &ap_msg, 1084 crt->outputdata, 1085 crt->outputdatalength); 1086 } else { 1087 /* Signal pending. */ 1088 ap_cancel_message(zq->queue, &ap_msg); 1089 } 1090 out_free: 1091 free_page((unsigned long) ap_msg.message); 1092 return rc; 1093 } 1094 1095 /** 1096 * Fetch function code from cprb. 1097 * Extracting the fc requires to copy the cprb from userspace. 1098 * So this function allocates memory and needs an ap_msg prepared 1099 * by the caller with ap_init_message(). Also the caller has to 1100 * make sure ap_release_message() is always called even on failure. 1101 */ 1102 unsigned int get_cprb_fc(struct ica_xcRB *xcRB, 1103 struct ap_message *ap_msg, 1104 unsigned int *func_code, unsigned short **dom) 1105 { 1106 struct response_type resp_type = { 1107 .type = CEXXC_RESPONSE_TYPE_XCRB, 1108 }; 1109 1110 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL); 1111 if (!ap_msg->message) 1112 return -ENOMEM; 1113 ap_msg->receive = zcrypt_msgtype6_receive; 1114 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1115 atomic_inc_return(&zcrypt_step); 1116 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1117 if (!ap_msg->private) 1118 return -ENOMEM; 1119 return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom); 1120 } 1121 1122 /** 1123 * The request distributor calls this function if it picked the CEXxC 1124 * device to handle a send_cprb request. 1125 * @zq: pointer to zcrypt_queue structure that identifies the 1126 * CEXxC device to the request distributor 1127 * @xcRB: pointer to the send_cprb request buffer 1128 */ 1129 static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq, 1130 struct ica_xcRB *xcRB, 1131 struct ap_message *ap_msg) 1132 { 1133 int rc; 1134 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1135 1136 init_completion(&rtype->work); 1137 ap_queue_message(zq->queue, ap_msg); 1138 rc = wait_for_completion_interruptible(&rtype->work); 1139 if (rc == 0) { 1140 rc = ap_msg->rc; 1141 if (rc == 0) 1142 rc = convert_response_xcrb(zq, ap_msg, xcRB); 1143 } else 1144 /* Signal pending. */ 1145 ap_cancel_message(zq->queue, ap_msg); 1146 1147 return rc; 1148 } 1149 1150 /** 1151 * Fetch function code from ep11 cprb. 1152 * Extracting the fc requires to copy the ep11 cprb from userspace. 1153 * So this function allocates memory and needs an ap_msg prepared 1154 * by the caller with ap_init_message(). Also the caller has to 1155 * make sure ap_release_message() is always called even on failure. 1156 */ 1157 unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb, 1158 struct ap_message *ap_msg, 1159 unsigned int *func_code) 1160 { 1161 struct response_type resp_type = { 1162 .type = CEXXC_RESPONSE_TYPE_EP11, 1163 }; 1164 1165 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL); 1166 if (!ap_msg->message) 1167 return -ENOMEM; 1168 ap_msg->receive = zcrypt_msgtype6_receive_ep11; 1169 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1170 atomic_inc_return(&zcrypt_step); 1171 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1172 if (!ap_msg->private) 1173 return -ENOMEM; 1174 return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code); 1175 } 1176 1177 /** 1178 * The request distributor calls this function if it picked the CEX4P 1179 * device to handle a send_ep11_cprb request. 1180 * @zq: pointer to zcrypt_queue structure that identifies the 1181 * CEX4P device to the request distributor 1182 * @xcRB: pointer to the ep11 user request block 1183 */ 1184 static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq, 1185 struct ep11_urb *xcrb, 1186 struct ap_message *ap_msg) 1187 { 1188 int rc; 1189 unsigned int lfmt; 1190 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1191 struct { 1192 struct type6_hdr hdr; 1193 struct ep11_cprb cprbx; 1194 unsigned char pld_tag; /* fixed value 0x30 */ 1195 unsigned char pld_lenfmt; /* payload length format */ 1196 } __packed * msg = ap_msg->message; 1197 struct pld_hdr { 1198 unsigned char func_tag; /* fixed value 0x4 */ 1199 unsigned char func_len; /* fixed value 0x4 */ 1200 unsigned int func_val; /* function ID */ 1201 unsigned char dom_tag; /* fixed value 0x4 */ 1202 unsigned char dom_len; /* fixed value 0x4 */ 1203 unsigned int dom_val; /* domain id */ 1204 } __packed * payload_hdr = NULL; 1205 1206 1207 /** 1208 * The target domain field within the cprb body/payload block will be 1209 * replaced by the usage domain for non-management commands only. 1210 * Therefore we check the first bit of the 'flags' parameter for 1211 * management command indication. 1212 * 0 - non management command 1213 * 1 - management command 1214 */ 1215 if (!((msg->cprbx.flags & 0x80) == 0x80)) { 1216 msg->cprbx.target_id = (unsigned int) 1217 AP_QID_QUEUE(zq->queue->qid); 1218 1219 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 1220 switch (msg->pld_lenfmt & 0x03) { 1221 case 1: 1222 lfmt = 2; 1223 break; 1224 case 2: 1225 lfmt = 3; 1226 break; 1227 default: 1228 return -EINVAL; 1229 } 1230 } else { 1231 lfmt = 1; /* length format #1 */ 1232 } 1233 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt); 1234 payload_hdr->dom_val = (unsigned int) 1235 AP_QID_QUEUE(zq->queue->qid); 1236 } 1237 1238 init_completion(&rtype->work); 1239 ap_queue_message(zq->queue, ap_msg); 1240 rc = wait_for_completion_interruptible(&rtype->work); 1241 if (rc == 0) { 1242 rc = ap_msg->rc; 1243 if (rc == 0) 1244 rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb); 1245 } else 1246 /* Signal pending. */ 1247 ap_cancel_message(zq->queue, ap_msg); 1248 1249 return rc; 1250 } 1251 1252 unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code, 1253 unsigned int *domain) 1254 { 1255 struct response_type resp_type = { 1256 .type = CEXXC_RESPONSE_TYPE_XCRB, 1257 }; 1258 1259 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL); 1260 if (!ap_msg->message) 1261 return -ENOMEM; 1262 ap_msg->receive = zcrypt_msgtype6_receive; 1263 ap_msg->psmid = (((unsigned long long) current->pid) << 32) + 1264 atomic_inc_return(&zcrypt_step); 1265 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1266 if (!ap_msg->private) 1267 return -ENOMEM; 1268 1269 rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain); 1270 1271 *func_code = HWRNG; 1272 return 0; 1273 } 1274 1275 /** 1276 * The request distributor calls this function if it picked the CEXxC 1277 * device to generate random data. 1278 * @zq: pointer to zcrypt_queue structure that identifies the 1279 * CEXxC device to the request distributor 1280 * @buffer: pointer to a memory page to return random data 1281 */ 1282 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq, 1283 char *buffer, struct ap_message *ap_msg) 1284 { 1285 struct { 1286 struct type6_hdr hdr; 1287 struct CPRBX cprbx; 1288 char function_code[2]; 1289 short int rule_length; 1290 char rule[8]; 1291 short int verb_length; 1292 short int key_length; 1293 } __packed * msg = ap_msg->message; 1294 struct response_type *rtype = (struct response_type *)(ap_msg->private); 1295 int rc; 1296 1297 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 1298 1299 init_completion(&rtype->work); 1300 ap_queue_message(zq->queue, ap_msg); 1301 rc = wait_for_completion_interruptible(&rtype->work); 1302 if (rc == 0) { 1303 rc = ap_msg->rc; 1304 if (rc == 0) 1305 rc = convert_response_rng(zq, ap_msg, buffer); 1306 } else 1307 /* Signal pending. */ 1308 ap_cancel_message(zq->queue, ap_msg); 1309 1310 return rc; 1311 } 1312 1313 /** 1314 * The crypto operations for a CEXxC card. 1315 */ 1316 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = { 1317 .owner = THIS_MODULE, 1318 .name = MSGTYPE06_NAME, 1319 .variant = MSGTYPE06_VARIANT_NORNG, 1320 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1321 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1322 .send_cprb = zcrypt_msgtype6_send_cprb, 1323 }; 1324 1325 static struct zcrypt_ops zcrypt_msgtype6_ops = { 1326 .owner = THIS_MODULE, 1327 .name = MSGTYPE06_NAME, 1328 .variant = MSGTYPE06_VARIANT_DEFAULT, 1329 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1330 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1331 .send_cprb = zcrypt_msgtype6_send_cprb, 1332 .rng = zcrypt_msgtype6_rng, 1333 }; 1334 1335 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = { 1336 .owner = THIS_MODULE, 1337 .name = MSGTYPE06_NAME, 1338 .variant = MSGTYPE06_VARIANT_EP11, 1339 .rsa_modexpo = NULL, 1340 .rsa_modexpo_crt = NULL, 1341 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb, 1342 }; 1343 1344 void __init zcrypt_msgtype6_init(void) 1345 { 1346 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops); 1347 zcrypt_msgtype_register(&zcrypt_msgtype6_ops); 1348 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops); 1349 } 1350 1351 void __exit zcrypt_msgtype6_exit(void) 1352 { 1353 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops); 1354 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops); 1355 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops); 1356 } 1357