4 * Copyright IBM Corp. 2001, 2012
5 * Author(s): Robert Burroughs
6 * Eric Rossman (edrossma@us.ibm.com)
8 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
9 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
10 * Ralph Wuerthner <rwuerthn@de.ibm.com>
11 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com>
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2, or (at your option)
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define KMSG_COMPONENT "zcrypt"
29 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
31 #include <linux/module.h>
32 #include <linux/init.h>
33 #include <linux/err.h>
34 #include <linux/delay.h>
35 #include <linux/slab.h>
36 #include <linux/atomic.h>
37 #include <linux/uaccess.h>
40 #include "zcrypt_api.h"
41 #include "zcrypt_error.h"
42 #include "zcrypt_msgtype6.h"
43 #include "zcrypt_cca_key.h"
45 #define PCIXCC_MIN_MOD_SIZE_OLD 64 /* 512 bits */
46 #define PCIXCC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */
48 #define CEIL4(x) ((((x)+3)/4)*4)
50 struct response_type {
51 struct completion work;
54 #define PCIXCC_RESPONSE_TYPE_ICA 0
55 #define PCIXCC_RESPONSE_TYPE_XCRB 1
56 #define PCIXCC_RESPONSE_TYPE_EP11 2
58 MODULE_AUTHOR("IBM Corporation");
59 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
60 "Copyright IBM Corp. 2001, 2012");
61 MODULE_LICENSE("GPL");
63 static void zcrypt_msgtype6_receive(struct ap_device *, struct ap_message *,
68 * Note that all shorts, ints and longs are little-endian.
69 * All pointer fields are 32-bits long, and mean nothing
71 * A request CPRB is followed by a request_parameter_block.
73 * The request (or reply) parameter block is organized thus:
79 unsigned short cprb_len; /* CPRB length */
80 unsigned char cprb_ver_id; /* CPRB version id. */
81 unsigned char pad_000; /* Alignment pad byte. */
82 unsigned char srpi_rtcode[4]; /* SRPI return code LELONG */
83 unsigned char srpi_verb; /* SRPI verb type */
84 unsigned char flags; /* flags */
85 unsigned char func_id[2]; /* function id */
86 unsigned char checkpoint_flag; /* */
87 unsigned char resv2; /* reserved */
88 unsigned short req_parml; /* request parameter buffer */
89 /* length 16-bit little endian */
90 unsigned char req_parmp[4]; /* request parameter buffer *
91 * pointer (means nothing: the *
92 * parameter buffer follows *
94 unsigned char req_datal[4]; /* request data buffer */
96 unsigned char req_datap[4]; /* request data buffer */
98 unsigned short rpl_parml; /* reply parameter buffer */
99 /* length 16-bit little endian */
100 unsigned char pad_001[2]; /* Alignment pad bytes. ULESHORT */
101 unsigned char rpl_parmp[4]; /* reply parameter buffer *
102 * pointer (means nothing: the *
103 * parameter buffer follows *
105 unsigned char rpl_datal[4]; /* reply data buffer len ULELONG */
106 unsigned char rpl_datap[4]; /* reply data buffer */
108 unsigned short ccp_rscode; /* server reason code ULESHORT */
109 unsigned short ccp_rtcode; /* server return code ULESHORT */
110 unsigned char repd_parml[2]; /* replied parameter len ULESHORT*/
111 unsigned char mac_data_len[2]; /* Mac Data Length ULESHORT */
112 unsigned char repd_datal[4]; /* replied data length ULELONG */
113 unsigned char req_pc[2]; /* PC identifier */
114 unsigned char res_origin[8]; /* resource origin */
115 unsigned char mac_value[8]; /* Mac Value */
116 unsigned char logon_id[8]; /* Logon Identifier */
117 unsigned char usage_domain[2]; /* cdx */
118 unsigned char resv3[18]; /* reserved for requestor */
119 unsigned short svr_namel; /* server name length ULESHORT */
120 unsigned char svr_name[8]; /* server name */
123 struct function_and_rules_block {
124 unsigned char function_code[2];
126 unsigned char only_rule[8];
130 * The following is used to initialize the CPRBX passed to the PCIXCC/CEX2C
131 * card in a type6 message. The 3 fields that must be filled in at execution
132 * time are req_parml, rpl_parml and usage_domain.
133 * Everything about this interface is ascii/big-endian, since the
134 * device does *not* have 'Intel inside'.
136 * The CPRBX is followed immediately by the parm block.
137 * The parm block contains:
138 * - function code ('PD' 0x5044 or 'PK' 0x504B)
139 * - rule block (one of:)
140 * + 0x000A 'PKCS-1.2' (MCL2 'PD')
141 * + 0x000A 'ZERO-PAD' (MCL2 'PK')
142 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
143 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK')
146 static struct CPRBX static_cprbx = {
149 .func_id = {0x54, 0x32},
153 * Convert a ICAMEX message to a type6 MEX message.
155 * @zdev: crypto device pointer
156 * @ap_msg: pointer to AP message
157 * @mex: pointer to user input data
159 * Returns 0 on success or -EFAULT.
161 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_device *zdev,
162 struct ap_message *ap_msg,
163 struct ica_rsa_modexpo *mex)
165 static struct type6_hdr static_type6_hdrX = {
167 .offset1 = 0x00000058,
168 .agent_id = {'C', 'A',},
169 .function_code = {'P', 'K'},
171 static struct function_and_rules_block static_pke_fnr = {
172 .function_code = {'P', 'K'},
174 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
176 static struct function_and_rules_block static_pke_fnr_MCL2 = {
177 .function_code = {'P', 'K'},
179 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
182 struct type6_hdr hdr;
184 struct function_and_rules_block fr;
185 unsigned short length;
187 } __packed * msg = ap_msg->message;
191 msg->length = mex->inputdatalength + 2;
192 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
195 /* Set up key which is located after the variable length text. */
196 size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength, 1);
199 size += sizeof(*msg) + mex->inputdatalength;
201 /* message header, cprbx and f&r */
202 msg->hdr = static_type6_hdrX;
203 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
204 msg->hdr.FromCardLen1 = PCIXCC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
206 msg->cprbx = static_cprbx;
207 msg->cprbx.domain = AP_QID_QUEUE(zdev->ap_dev->qid);
208 msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
210 msg->fr = (zdev->user_space_type == ZCRYPT_PCIXCC_MCL2) ?
211 static_pke_fnr_MCL2 : static_pke_fnr;
213 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
215 ap_msg->length = size;
220 * Convert a ICACRT message to a type6 CRT message.
222 * @zdev: crypto device pointer
223 * @ap_msg: pointer to AP message
224 * @crt: pointer to user input data
226 * Returns 0 on success or -EFAULT.
228 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_device *zdev,
229 struct ap_message *ap_msg,
230 struct ica_rsa_modexpo_crt *crt)
232 static struct type6_hdr static_type6_hdrX = {
234 .offset1 = 0x00000058,
235 .agent_id = {'C', 'A',},
236 .function_code = {'P', 'D'},
238 static struct function_and_rules_block static_pkd_fnr = {
239 .function_code = {'P', 'D'},
241 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
244 static struct function_and_rules_block static_pkd_fnr_MCL2 = {
245 .function_code = {'P', 'D'},
247 .only_rule = {'P', 'K', 'C', 'S', '-', '1', '.', '2'}
250 struct type6_hdr hdr;
252 struct function_and_rules_block fr;
253 unsigned short length;
255 } __packed * msg = ap_msg->message;
259 msg->length = crt->inputdatalength + 2;
260 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
263 /* Set up key which is located after the variable length text. */
264 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength, 1);
267 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */
269 /* message header, cprbx and f&r */
270 msg->hdr = static_type6_hdrX;
271 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
272 msg->hdr.FromCardLen1 = PCIXCC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
274 msg->cprbx = static_cprbx;
275 msg->cprbx.domain = AP_QID_QUEUE(zdev->ap_dev->qid);
276 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
277 size - sizeof(msg->hdr) - sizeof(msg->cprbx);
279 msg->fr = (zdev->user_space_type == ZCRYPT_PCIXCC_MCL2) ?
280 static_pkd_fnr_MCL2 : static_pkd_fnr;
282 ap_msg->length = size;
287 * Convert a XCRB message to a type6 CPRB message.
289 * @zdev: crypto device pointer
290 * @ap_msg: pointer to AP message
291 * @xcRB: pointer to user input data
293 * Returns 0 on success or -EFAULT, -EINVAL.
295 struct type86_fmt2_msg {
296 struct type86_hdr hdr;
297 struct type86_fmt2_ext fmt2;
300 static int XCRB_msg_to_type6CPRB_msgX(struct zcrypt_device *zdev,
301 struct ap_message *ap_msg,
302 struct ica_xcRB *xcRB)
304 static struct type6_hdr static_type6_hdrX = {
306 .offset1 = 0x00000058,
309 struct type6_hdr hdr;
311 } __packed * msg = ap_msg->message;
313 int rcblen = CEIL4(xcRB->request_control_blk_length);
314 int replylen, req_sumlen, resp_sumlen;
315 char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen;
319 ap_msg->length = sizeof(struct type6_hdr) +
320 CEIL4(xcRB->request_control_blk_length) +
321 xcRB->request_data_length;
322 if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE)
326 sum must be greater (or equal) than the largest operand */
327 req_sumlen = CEIL4(xcRB->request_control_blk_length) +
328 xcRB->request_data_length;
329 if ((CEIL4(xcRB->request_control_blk_length) <=
330 xcRB->request_data_length) ?
331 (req_sumlen < xcRB->request_data_length) :
332 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
336 replylen = sizeof(struct type86_fmt2_msg) +
337 CEIL4(xcRB->reply_control_blk_length) +
338 xcRB->reply_data_length;
339 if (replylen > MSGTYPE06_MAX_MSG_SIZE)
343 sum must be greater (or equal) than the largest operand */
344 resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
345 xcRB->reply_data_length;
346 if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
347 (resp_sumlen < xcRB->reply_data_length) :
348 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
352 /* prepare type6 header */
353 msg->hdr = static_type6_hdrX;
354 memcpy(msg->hdr.agent_id , &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
355 msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
356 if (xcRB->request_data_length) {
357 msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
358 msg->hdr.ToCardLen2 = xcRB->request_data_length;
360 msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
361 msg->hdr.FromCardLen2 = xcRB->reply_data_length;
364 if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr,
365 xcRB->request_control_blk_length))
367 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
368 xcRB->request_control_blk_length)
370 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
371 memcpy(msg->hdr.function_code, function_code,
372 sizeof(msg->hdr.function_code));
374 if (memcmp(function_code, "US", 2) == 0)
379 /* copy data block */
380 if (xcRB->request_data_length &&
381 copy_from_user(req_data, xcRB->request_data_address,
382 xcRB->request_data_length))
387 static int xcrb_msg_to_type6_ep11cprb_msgx(struct zcrypt_device *zdev,
388 struct ap_message *ap_msg,
389 struct ep11_urb *xcRB)
393 static struct type6_hdr static_type6_ep11_hdr = {
395 .rqid = {0x00, 0x01},
396 .function_code = {0x00, 0x00},
397 .agent_id[0] = 0x58, /* {'X'} */
398 .agent_id[1] = 0x43, /* {'C'} */
399 .offset1 = 0x00000058,
403 struct type6_hdr hdr;
404 struct ep11_cprb cprbx;
405 unsigned char pld_tag; /* fixed value 0x30 */
406 unsigned char pld_lenfmt; /* payload length format */
407 } __packed * msg = ap_msg->message;
410 unsigned char func_tag; /* fixed value 0x4 */
411 unsigned char func_len; /* fixed value 0x4 */
412 unsigned int func_val; /* function ID */
413 unsigned char dom_tag; /* fixed value 0x4 */
414 unsigned char dom_len; /* fixed value 0x4 */
415 unsigned int dom_val; /* domain id */
416 } __packed * payload_hdr;
419 ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len;
420 if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
421 (sizeof(struct type6_hdr)))
424 if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
425 (sizeof(struct type86_fmt2_msg)))
428 /* prepare type6 header */
429 msg->hdr = static_type6_ep11_hdr;
430 msg->hdr.ToCardLen1 = xcRB->req_len;
431 msg->hdr.FromCardLen1 = xcRB->resp_len;
433 /* Import CPRB data from the ioctl input parameter */
434 if (copy_from_user(&(msg->cprbx.cprb_len),
435 (char *)xcRB->req, xcRB->req_len)) {
440 The target domain field within the cprb body/payload block will be
441 replaced by the usage domain for non-management commands only.
442 Therefore we check the first bit of the 'flags' parameter for
443 management command indication.
444 0 - non management command
445 1 - management command
447 if (!((msg->cprbx.flags & 0x80) == 0x80)) {
448 msg->cprbx.target_id = (unsigned int)
449 AP_QID_QUEUE(zdev->ap_dev->qid);
451 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
452 switch (msg->pld_lenfmt & 0x03) {
463 lfmt = 1; /* length format #1 */
465 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
466 payload_hdr->dom_val = (unsigned int)
467 AP_QID_QUEUE(zdev->ap_dev->qid);
473 * Copy results from a type 86 ICA reply message back to user space.
475 * @zdev: crypto device pointer
476 * @reply: reply AP message.
477 * @data: pointer to user output data
478 * @length: size of user output data
480 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
482 struct type86x_reply {
483 struct type86_hdr hdr;
484 struct type86_fmt2_ext fmt2;
486 unsigned char pad[4]; /* 4 byte function code/rules block ? */
487 unsigned short length;
491 struct type86_ep11_reply {
492 struct type86_hdr hdr;
493 struct type86_fmt2_ext fmt2;
494 struct ep11_cprb cprbx;
497 static int convert_type86_ica(struct zcrypt_device *zdev,
498 struct ap_message *reply,
499 char __user *outputdata,
500 unsigned int outputdatalength)
502 static unsigned char static_pad[] = {
504 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
505 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
506 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
507 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
508 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
509 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
510 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
511 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
512 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
513 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
514 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
515 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
516 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
517 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
518 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
519 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
520 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
521 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
522 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
523 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
524 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
525 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
526 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
527 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
528 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
529 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
530 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
531 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
532 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
533 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
534 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
535 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
537 struct type86x_reply *msg = reply->message;
538 unsigned short service_rc, service_rs;
539 unsigned int reply_len, pad_len;
542 service_rc = msg->cprbx.ccp_rtcode;
543 if (unlikely(service_rc != 0)) {
544 service_rs = msg->cprbx.ccp_rscode;
545 if (service_rc == 8 && service_rs == 66)
547 if (service_rc == 8 && service_rs == 65)
549 if (service_rc == 8 && service_rs == 770)
551 if (service_rc == 8 && service_rs == 783) {
552 zdev->min_mod_size = PCIXCC_MIN_MOD_SIZE_OLD;
555 if (service_rc == 12 && service_rs == 769)
557 if (service_rc == 8 && service_rs == 72)
560 pr_err("Cryptographic device %x failed and was set offline\n",
562 ZCRYPT_DBF_DEV(DBF_ERR, zdev, "dev%04xo%drc%d",
563 zdev->ap_dev->qid, zdev->online,
564 msg->hdr.reply_code);
565 return -EAGAIN; /* repeat the request on a different device. */
568 reply_len = msg->length - 2;
569 if (reply_len > outputdatalength)
572 * For all encipher requests, the length of the ciphertext (reply_len)
573 * will always equal the modulus length. For MEX decipher requests
574 * the output needs to get padded. Minimum pad size is 10.
576 * Currently, the cases where padding will be added is for:
577 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
578 * ZERO-PAD and CRT is only supported for PKD requests)
581 pad_len = outputdatalength - reply_len;
585 /* 'restore' padding left in the PCICC/PCIXCC card. */
586 if (copy_to_user(outputdata, static_pad, pad_len - 1))
588 if (put_user(0, outputdata + pad_len - 1))
591 /* Copy the crypto response to user space. */
592 if (copy_to_user(outputdata + pad_len, data, reply_len))
598 * Copy results from a type 86 XCRB reply message back to user space.
600 * @zdev: crypto device pointer
601 * @reply: reply AP message.
602 * @xcRB: pointer to XCRB
604 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
606 static int convert_type86_xcrb(struct zcrypt_device *zdev,
607 struct ap_message *reply,
608 struct ica_xcRB *xcRB)
610 struct type86_fmt2_msg *msg = reply->message;
611 char *data = reply->message;
613 /* Copy CPRB to user */
614 if (copy_to_user(xcRB->reply_control_blk_addr,
615 data + msg->fmt2.offset1, msg->fmt2.count1))
617 xcRB->reply_control_blk_length = msg->fmt2.count1;
619 /* Copy data buffer to user */
620 if (msg->fmt2.count2)
621 if (copy_to_user(xcRB->reply_data_addr,
622 data + msg->fmt2.offset2, msg->fmt2.count2))
624 xcRB->reply_data_length = msg->fmt2.count2;
629 * Copy results from a type 86 EP11 XCRB reply message back to user space.
631 * @zdev: crypto device pointer
632 * @reply: reply AP message.
633 * @xcRB: pointer to EP11 user request block
635 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
637 static int convert_type86_ep11_xcrb(struct zcrypt_device *zdev,
638 struct ap_message *reply,
639 struct ep11_urb *xcRB)
641 struct type86_fmt2_msg *msg = reply->message;
642 char *data = reply->message;
644 if (xcRB->resp_len < msg->fmt2.count1)
647 /* Copy response CPRB to user */
648 if (copy_to_user((char *)xcRB->resp,
649 data + msg->fmt2.offset1, msg->fmt2.count1))
651 xcRB->resp_len = msg->fmt2.count1;
655 static int convert_type86_rng(struct zcrypt_device *zdev,
656 struct ap_message *reply,
660 struct type86_hdr hdr;
661 struct type86_fmt2_ext fmt2;
663 } __packed * msg = reply->message;
664 char *data = reply->message;
666 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
668 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
669 return msg->fmt2.count2;
672 static int convert_response_ica(struct zcrypt_device *zdev,
673 struct ap_message *reply,
674 char __user *outputdata,
675 unsigned int outputdatalength)
677 struct type86x_reply *msg = reply->message;
679 /* Response type byte is the second byte in the response. */
680 switch (((unsigned char *) reply->message)[1]) {
681 case TYPE82_RSP_CODE:
682 case TYPE88_RSP_CODE:
683 return convert_error(zdev, reply);
684 case TYPE86_RSP_CODE:
685 if (msg->cprbx.ccp_rtcode &&
686 (msg->cprbx.ccp_rscode == 0x14f) &&
687 (outputdatalength > 256)) {
688 if (zdev->max_exp_bit_length <= 17) {
689 zdev->max_exp_bit_length = 17;
694 if (msg->hdr.reply_code)
695 return convert_error(zdev, reply);
696 if (msg->cprbx.cprb_ver_id == 0x02)
697 return convert_type86_ica(zdev, reply,
698 outputdata, outputdatalength);
699 /* Fall through, no break, incorrect cprb version is an unknown
701 default: /* Unknown response type, this should NEVER EVER happen */
703 pr_err("Cryptographic device %x failed and was set offline\n",
705 ZCRYPT_DBF_DEV(DBF_ERR, zdev, "dev%04xo%dfail",
706 zdev->ap_dev->qid, zdev->online);
707 return -EAGAIN; /* repeat the request on a different device. */
711 static int convert_response_xcrb(struct zcrypt_device *zdev,
712 struct ap_message *reply,
713 struct ica_xcRB *xcRB)
715 struct type86x_reply *msg = reply->message;
717 /* Response type byte is the second byte in the response. */
718 switch (((unsigned char *) reply->message)[1]) {
719 case TYPE82_RSP_CODE:
720 case TYPE88_RSP_CODE:
721 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
722 return convert_error(zdev, reply);
723 case TYPE86_RSP_CODE:
724 if (msg->hdr.reply_code) {
725 memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
726 return convert_error(zdev, reply);
728 if (msg->cprbx.cprb_ver_id == 0x02)
729 return convert_type86_xcrb(zdev, reply, xcRB);
730 /* Fall through, no break, incorrect cprb version is an unknown
732 default: /* Unknown response type, this should NEVER EVER happen */
733 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
735 pr_err("Cryptographic device %x failed and was set offline\n",
737 ZCRYPT_DBF_DEV(DBF_ERR, zdev, "dev%04xo%dfail",
738 zdev->ap_dev->qid, zdev->online);
739 return -EAGAIN; /* repeat the request on a different device. */
743 static int convert_response_ep11_xcrb(struct zcrypt_device *zdev,
744 struct ap_message *reply, struct ep11_urb *xcRB)
746 struct type86_ep11_reply *msg = reply->message;
748 /* Response type byte is the second byte in the response. */
749 switch (((unsigned char *)reply->message)[1]) {
750 case TYPE82_RSP_CODE:
751 case TYPE87_RSP_CODE:
752 return convert_error(zdev, reply);
753 case TYPE86_RSP_CODE:
754 if (msg->hdr.reply_code)
755 return convert_error(zdev, reply);
756 if (msg->cprbx.cprb_ver_id == 0x04)
757 return convert_type86_ep11_xcrb(zdev, reply, xcRB);
758 /* Fall through, no break, incorrect cprb version is an unknown resp.*/
759 default: /* Unknown response type, this should NEVER EVER happen */
761 pr_err("Cryptographic device %x failed and was set offline\n",
763 ZCRYPT_DBF_DEV(DBF_ERR, zdev, "dev%04xo%dfail",
764 zdev->ap_dev->qid, zdev->online);
765 return -EAGAIN; /* repeat the request on a different device. */
769 static int convert_response_rng(struct zcrypt_device *zdev,
770 struct ap_message *reply,
773 struct type86x_reply *msg = reply->message;
775 switch (msg->hdr.type) {
776 case TYPE82_RSP_CODE:
777 case TYPE88_RSP_CODE:
779 case TYPE86_RSP_CODE:
780 if (msg->hdr.reply_code)
782 if (msg->cprbx.cprb_ver_id == 0x02)
783 return convert_type86_rng(zdev, reply, data);
784 /* Fall through, no break, incorrect cprb version is an unknown
786 default: /* Unknown response type, this should NEVER EVER happen */
788 pr_err("Cryptographic device %x failed and was set offline\n",
790 ZCRYPT_DBF_DEV(DBF_ERR, zdev, "dev%04xo%dfail",
791 zdev->ap_dev->qid, zdev->online);
792 return -EAGAIN; /* repeat the request on a different device. */
797 * This function is called from the AP bus code after a crypto request
798 * "msg" has finished with the reply message "reply".
799 * It is called from tasklet context.
800 * @ap_dev: pointer to the AP device
801 * @msg: pointer to the AP message
802 * @reply: pointer to the AP reply message
804 static void zcrypt_msgtype6_receive(struct ap_device *ap_dev,
805 struct ap_message *msg,
806 struct ap_message *reply)
808 static struct error_hdr error_reply = {
809 .type = TYPE82_RSP_CODE,
810 .reply_code = REP82_ERROR_MACHINE_FAILURE,
812 struct response_type *resp_type =
813 (struct response_type *) msg->private;
814 struct type86x_reply *t86r;
817 /* Copy the reply message to the request message buffer. */
819 memcpy(msg->message, &error_reply, sizeof(error_reply));
822 t86r = reply->message;
823 if (t86r->hdr.type == TYPE86_RSP_CODE &&
824 t86r->cprbx.cprb_ver_id == 0x02) {
825 switch (resp_type->type) {
826 case PCIXCC_RESPONSE_TYPE_ICA:
827 length = sizeof(struct type86x_reply)
829 length = min(PCIXCC_MAX_ICA_RESPONSE_SIZE, length);
830 memcpy(msg->message, reply->message, length);
832 case PCIXCC_RESPONSE_TYPE_XCRB:
833 length = t86r->fmt2.offset2 + t86r->fmt2.count2;
834 length = min(MSGTYPE06_MAX_MSG_SIZE, length);
835 memcpy(msg->message, reply->message, length);
838 memcpy(msg->message, &error_reply,
839 sizeof(error_reply));
842 memcpy(msg->message, reply->message, sizeof(error_reply));
844 complete(&(resp_type->work));
848 * This function is called from the AP bus code after a crypto request
849 * "msg" has finished with the reply message "reply".
850 * It is called from tasklet context.
851 * @ap_dev: pointer to the AP device
852 * @msg: pointer to the AP message
853 * @reply: pointer to the AP reply message
855 static void zcrypt_msgtype6_receive_ep11(struct ap_device *ap_dev,
856 struct ap_message *msg,
857 struct ap_message *reply)
859 static struct error_hdr error_reply = {
860 .type = TYPE82_RSP_CODE,
861 .reply_code = REP82_ERROR_MACHINE_FAILURE,
863 struct response_type *resp_type =
864 (struct response_type *)msg->private;
865 struct type86_ep11_reply *t86r;
868 /* Copy the reply message to the request message buffer. */
870 memcpy(msg->message, &error_reply, sizeof(error_reply));
873 t86r = reply->message;
874 if (t86r->hdr.type == TYPE86_RSP_CODE &&
875 t86r->cprbx.cprb_ver_id == 0x04) {
876 switch (resp_type->type) {
877 case PCIXCC_RESPONSE_TYPE_EP11:
878 length = t86r->fmt2.offset1 + t86r->fmt2.count1;
879 length = min(MSGTYPE06_MAX_MSG_SIZE, length);
880 memcpy(msg->message, reply->message, length);
883 memcpy(msg->message, &error_reply, sizeof(error_reply));
886 memcpy(msg->message, reply->message, sizeof(error_reply));
889 complete(&(resp_type->work));
892 static atomic_t zcrypt_step = ATOMIC_INIT(0);
895 * The request distributor calls this function if it picked the PCIXCC/CEX2C
896 * device to handle a modexpo request.
897 * @zdev: pointer to zcrypt_device structure that identifies the
898 * PCIXCC/CEX2C device to the request distributor
899 * @mex: pointer to the modexpo request buffer
901 static long zcrypt_msgtype6_modexpo(struct zcrypt_device *zdev,
902 struct ica_rsa_modexpo *mex)
904 struct ap_message ap_msg;
905 struct response_type resp_type = {
906 .type = PCIXCC_RESPONSE_TYPE_ICA,
910 ap_init_message(&ap_msg);
911 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
914 ap_msg.receive = zcrypt_msgtype6_receive;
915 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
916 atomic_inc_return(&zcrypt_step);
917 ap_msg.private = &resp_type;
918 rc = ICAMEX_msg_to_type6MEX_msgX(zdev, &ap_msg, mex);
921 init_completion(&resp_type.work);
922 ap_queue_message(zdev->ap_dev, &ap_msg);
923 rc = wait_for_completion_interruptible(&resp_type.work);
925 rc = convert_response_ica(zdev, &ap_msg, mex->outputdata,
926 mex->outputdatalength);
928 /* Signal pending. */
929 ap_cancel_message(zdev->ap_dev, &ap_msg);
931 free_page((unsigned long) ap_msg.message);
936 * The request distributor calls this function if it picked the PCIXCC/CEX2C
937 * device to handle a modexpo_crt request.
938 * @zdev: pointer to zcrypt_device structure that identifies the
939 * PCIXCC/CEX2C device to the request distributor
940 * @crt: pointer to the modexpoc_crt request buffer
942 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_device *zdev,
943 struct ica_rsa_modexpo_crt *crt)
945 struct ap_message ap_msg;
946 struct response_type resp_type = {
947 .type = PCIXCC_RESPONSE_TYPE_ICA,
951 ap_init_message(&ap_msg);
952 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
955 ap_msg.receive = zcrypt_msgtype6_receive;
956 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
957 atomic_inc_return(&zcrypt_step);
958 ap_msg.private = &resp_type;
959 rc = ICACRT_msg_to_type6CRT_msgX(zdev, &ap_msg, crt);
962 init_completion(&resp_type.work);
963 ap_queue_message(zdev->ap_dev, &ap_msg);
964 rc = wait_for_completion_interruptible(&resp_type.work);
966 rc = convert_response_ica(zdev, &ap_msg, crt->outputdata,
967 crt->outputdatalength);
969 /* Signal pending. */
970 ap_cancel_message(zdev->ap_dev, &ap_msg);
972 free_page((unsigned long) ap_msg.message);
977 * The request distributor calls this function if it picked the PCIXCC/CEX2C
978 * device to handle a send_cprb request.
979 * @zdev: pointer to zcrypt_device structure that identifies the
980 * PCIXCC/CEX2C device to the request distributor
981 * @xcRB: pointer to the send_cprb request buffer
983 static long zcrypt_msgtype6_send_cprb(struct zcrypt_device *zdev,
984 struct ica_xcRB *xcRB)
986 struct ap_message ap_msg;
987 struct response_type resp_type = {
988 .type = PCIXCC_RESPONSE_TYPE_XCRB,
992 ap_init_message(&ap_msg);
993 ap_msg.message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
996 ap_msg.receive = zcrypt_msgtype6_receive;
997 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
998 atomic_inc_return(&zcrypt_step);
999 ap_msg.private = &resp_type;
1000 rc = XCRB_msg_to_type6CPRB_msgX(zdev, &ap_msg, xcRB);
1003 init_completion(&resp_type.work);
1004 ap_queue_message(zdev->ap_dev, &ap_msg);
1005 rc = wait_for_completion_interruptible(&resp_type.work);
1007 rc = convert_response_xcrb(zdev, &ap_msg, xcRB);
1009 /* Signal pending. */
1010 ap_cancel_message(zdev->ap_dev, &ap_msg);
1012 kzfree(ap_msg.message);
1017 * The request distributor calls this function if it picked the CEX4P
1018 * device to handle a send_ep11_cprb request.
1019 * @zdev: pointer to zcrypt_device structure that identifies the
1020 * CEX4P device to the request distributor
1021 * @xcRB: pointer to the ep11 user request block
1023 static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_device *zdev,
1024 struct ep11_urb *xcrb)
1026 struct ap_message ap_msg;
1027 struct response_type resp_type = {
1028 .type = PCIXCC_RESPONSE_TYPE_EP11,
1032 ap_init_message(&ap_msg);
1033 ap_msg.message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1034 if (!ap_msg.message)
1036 ap_msg.receive = zcrypt_msgtype6_receive_ep11;
1037 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1038 atomic_inc_return(&zcrypt_step);
1039 ap_msg.private = &resp_type;
1040 rc = xcrb_msg_to_type6_ep11cprb_msgx(zdev, &ap_msg, xcrb);
1043 init_completion(&resp_type.work);
1044 ap_queue_message(zdev->ap_dev, &ap_msg);
1045 rc = wait_for_completion_interruptible(&resp_type.work);
1047 rc = convert_response_ep11_xcrb(zdev, &ap_msg, xcrb);
1048 else /* Signal pending. */
1049 ap_cancel_message(zdev->ap_dev, &ap_msg);
1052 kzfree(ap_msg.message);
1057 * The request distributor calls this function if it picked the PCIXCC/CEX2C
1058 * device to generate random data.
1059 * @zdev: pointer to zcrypt_device structure that identifies the
1060 * PCIXCC/CEX2C device to the request distributor
1061 * @buffer: pointer to a memory page to return random data
1064 static long zcrypt_msgtype6_rng(struct zcrypt_device *zdev,
1067 struct ap_message ap_msg;
1068 struct response_type resp_type = {
1069 .type = PCIXCC_RESPONSE_TYPE_XCRB,
1073 ap_init_message(&ap_msg);
1074 ap_msg.message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1075 if (!ap_msg.message)
1077 ap_msg.receive = zcrypt_msgtype6_receive;
1078 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1079 atomic_inc_return(&zcrypt_step);
1080 ap_msg.private = &resp_type;
1081 rng_type6CPRB_msgX(zdev->ap_dev, &ap_msg, ZCRYPT_RNG_BUFFER_SIZE);
1082 init_completion(&resp_type.work);
1083 ap_queue_message(zdev->ap_dev, &ap_msg);
1084 rc = wait_for_completion_interruptible(&resp_type.work);
1086 rc = convert_response_rng(zdev, &ap_msg, buffer);
1088 /* Signal pending. */
1089 ap_cancel_message(zdev->ap_dev, &ap_msg);
1090 kfree(ap_msg.message);
1095 * The crypto operations for a PCIXCC/CEX2C card.
1097 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1098 .owner = THIS_MODULE,
1099 .variant = MSGTYPE06_VARIANT_NORNG,
1100 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1101 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1102 .send_cprb = zcrypt_msgtype6_send_cprb,
1105 static struct zcrypt_ops zcrypt_msgtype6_ops = {
1106 .owner = THIS_MODULE,
1107 .variant = MSGTYPE06_VARIANT_DEFAULT,
1108 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1109 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1110 .send_cprb = zcrypt_msgtype6_send_cprb,
1111 .rng = zcrypt_msgtype6_rng,
1114 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1115 .owner = THIS_MODULE,
1116 .variant = MSGTYPE06_VARIANT_EP11,
1117 .rsa_modexpo = NULL,
1118 .rsa_modexpo_crt = NULL,
1119 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1122 int __init zcrypt_msgtype6_init(void)
1124 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1125 zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1126 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1130 void __exit zcrypt_msgtype6_exit(void)
1132 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1133 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1134 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
1137 module_init(zcrypt_msgtype6_init);
1138 module_exit(zcrypt_msgtype6_exit);