1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2023 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * 7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 9 * Ralph Wuerthner <rwuerthn@de.ibm.com> 10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 11 */ 12 13 #define KMSG_COMPONENT "zcrypt" 14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 15 16 #include <linux/module.h> 17 #include <linux/init.h> 18 #include <linux/err.h> 19 #include <linux/delay.h> 20 #include <linux/slab.h> 21 #include <linux/atomic.h> 22 #include <linux/uaccess.h> 23 24 #include "ap_bus.h" 25 #include "zcrypt_api.h" 26 #include "zcrypt_error.h" 27 #include "zcrypt_msgtype6.h" 28 #include "zcrypt_cca_key.h" 29 30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */ 31 32 #define CEIL4(x) ((((x) + 3) / 4) * 4) 33 34 #define CEXXC_RESPONSE_TYPE_ICA 0 35 #define CEXXC_RESPONSE_TYPE_XCRB 1 36 #define CEXXC_RESPONSE_TYPE_EP11 2 37 38 MODULE_AUTHOR("IBM Corporation"); 39 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \ 40 "Copyright IBM Corp. 2001, 2023"); 41 MODULE_LICENSE("GPL"); 42 43 struct function_and_rules_block { 44 unsigned char function_code[2]; 45 unsigned short ulen; 46 unsigned char only_rule[8]; 47 } __packed; 48 49 /* 50 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP 51 * card in a type6 message. The 3 fields that must be filled in at execution 52 * time are req_parml, rpl_parml and usage_domain. 53 * Everything about this interface is ascii/big-endian, since the 54 * device does *not* have 'Intel inside'. 55 * 56 * The CPRBX is followed immediately by the parm block. 57 * The parm block contains: 58 * - function code ('PD' 0x5044 or 'PK' 0x504B) 59 * - rule block (one of:) 60 * + 0x000A 'PKCS-1.2' (MCL2 'PD') 61 * + 0x000A 'ZERO-PAD' (MCL2 'PK') 62 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD') 63 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK') 64 * - VUD block 65 */ 66 static const struct CPRBX static_cprbx = { 67 .cprb_len = 0x00DC, 68 .cprb_ver_id = 0x02, 69 .func_id = {0x54, 0x32}, 70 }; 71 speed_idx_cca(int req_type)72 int speed_idx_cca(int req_type) 73 { 74 switch (req_type) { 75 case 0x4142: 76 case 0x4149: 77 case 0x414D: 78 case 0x4341: 79 case 0x4344: 80 case 0x4354: 81 case 0x4358: 82 case 0x444B: 83 case 0x4558: 84 case 0x4643: 85 case 0x4651: 86 case 0x4C47: 87 case 0x4C4B: 88 case 0x4C51: 89 case 0x4F48: 90 case 0x504F: 91 case 0x5053: 92 case 0x5058: 93 case 0x5343: 94 case 0x5344: 95 case 0x5345: 96 case 0x5350: 97 return LOW; 98 case 0x414B: 99 case 0x4345: 100 case 0x4349: 101 case 0x434D: 102 case 0x4847: 103 case 0x4849: 104 case 0x484D: 105 case 0x4850: 106 case 0x4851: 107 case 0x4954: 108 case 0x4958: 109 case 0x4B43: 110 case 0x4B44: 111 case 0x4B45: 112 case 0x4B47: 113 case 0x4B48: 114 case 0x4B49: 115 case 0x4B4E: 116 case 0x4B50: 117 case 0x4B52: 118 case 0x4B54: 119 case 0x4B58: 120 case 0x4D50: 121 case 0x4D53: 122 case 0x4D56: 123 case 0x4D58: 124 case 0x5044: 125 case 0x5045: 126 case 0x5046: 127 case 0x5047: 128 case 0x5049: 129 case 0x504B: 130 case 0x504D: 131 case 0x5254: 132 case 0x5347: 133 case 0x5349: 134 case 0x534B: 135 case 0x534D: 136 case 0x5356: 137 case 0x5358: 138 case 0x5443: 139 case 0x544B: 140 case 0x5647: 141 return HIGH; 142 default: 143 return MEDIUM; 144 } 145 } 146 speed_idx_ep11(int req_type)147 int speed_idx_ep11(int req_type) 148 { 149 switch (req_type) { 150 case 1: 151 case 2: 152 case 36: 153 case 37: 154 case 38: 155 case 39: 156 case 40: 157 return LOW; 158 case 17: 159 case 18: 160 case 19: 161 case 20: 162 case 21: 163 case 22: 164 case 26: 165 case 30: 166 case 31: 167 case 32: 168 case 33: 169 case 34: 170 case 35: 171 return HIGH; 172 default: 173 return MEDIUM; 174 } 175 } 176 177 /* 178 * Convert a ICAMEX message to a type6 MEX message. 179 * 180 * @zq: crypto device pointer 181 * @ap_msg: pointer to AP message 182 * @mex: pointer to user input data 183 * 184 * Returns 0 on success or negative errno value. 185 */ icamex_msg_to_type6mex_msgx(struct zcrypt_queue * zq,struct ap_message * ap_msg,struct ica_rsa_modexpo * mex)186 static int icamex_msg_to_type6mex_msgx(struct zcrypt_queue *zq, 187 struct ap_message *ap_msg, 188 struct ica_rsa_modexpo *mex) 189 { 190 static struct type6_hdr static_type6_hdrX = { 191 .type = 0x06, 192 .offset1 = 0x00000058, 193 .agent_id = {'C', 'A',}, 194 .function_code = {'P', 'K'}, 195 }; 196 static struct function_and_rules_block static_pke_fnr = { 197 .function_code = {'P', 'K'}, 198 .ulen = 10, 199 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '} 200 }; 201 struct { 202 struct type6_hdr hdr; 203 struct CPRBX cprbx; 204 struct function_and_rules_block fr; 205 unsigned short length; 206 char text[]; 207 } __packed * msg = ap_msg->msg; 208 int size; 209 210 /* 211 * The inputdatalength was a selection criteria in the dispatching 212 * function zcrypt_rsa_modexpo(). However, make sure the following 213 * copy_from_user() never exceeds the allocated buffer space. 214 */ 215 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE)) 216 return -EINVAL; 217 218 /* VUD.ciphertext */ 219 msg->length = mex->inputdatalength + 2; 220 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength)) 221 return -EFAULT; 222 223 /* Set up key which is located after the variable length text. */ 224 size = zcrypt_type6_mex_key_en(mex, msg->text + mex->inputdatalength); 225 if (size < 0) 226 return size; 227 size += sizeof(*msg) + mex->inputdatalength; 228 229 /* message header, cprbx and f&r */ 230 msg->hdr = static_type6_hdrX; 231 msg->hdr.tocardlen1 = size - sizeof(msg->hdr); 232 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 233 234 msg->cprbx = static_cprbx; 235 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 236 msg->cprbx.rpl_msgbl = msg->hdr.fromcardlen1; 237 238 msg->fr = static_pke_fnr; 239 240 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx); 241 242 ap_msg->len = size; 243 return 0; 244 } 245 246 /* 247 * Convert a ICACRT message to a type6 CRT message. 248 * 249 * @zq: crypto device pointer 250 * @ap_msg: pointer to AP message 251 * @crt: pointer to user input data 252 * 253 * Returns 0 on success or negative errno value. 254 */ icacrt_msg_to_type6crt_msgx(struct zcrypt_queue * zq,struct ap_message * ap_msg,struct ica_rsa_modexpo_crt * crt)255 static int icacrt_msg_to_type6crt_msgx(struct zcrypt_queue *zq, 256 struct ap_message *ap_msg, 257 struct ica_rsa_modexpo_crt *crt) 258 { 259 static struct type6_hdr static_type6_hdrX = { 260 .type = 0x06, 261 .offset1 = 0x00000058, 262 .agent_id = {'C', 'A',}, 263 .function_code = {'P', 'D'}, 264 }; 265 static struct function_and_rules_block static_pkd_fnr = { 266 .function_code = {'P', 'D'}, 267 .ulen = 10, 268 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'} 269 }; 270 271 struct { 272 struct type6_hdr hdr; 273 struct CPRBX cprbx; 274 struct function_and_rules_block fr; 275 unsigned short length; 276 char text[]; 277 } __packed * msg = ap_msg->msg; 278 int size; 279 280 /* 281 * The inputdatalength was a selection criteria in the dispatching 282 * function zcrypt_rsa_crt(). However, make sure the following 283 * copy_from_user() never exceeds the allocated buffer space. 284 */ 285 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE)) 286 return -EINVAL; 287 288 /* VUD.ciphertext */ 289 msg->length = crt->inputdatalength + 2; 290 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength)) 291 return -EFAULT; 292 293 /* Set up key which is located after the variable length text. */ 294 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength); 295 if (size < 0) 296 return size; 297 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */ 298 299 /* message header, cprbx and f&r */ 300 msg->hdr = static_type6_hdrX; 301 msg->hdr.tocardlen1 = size - sizeof(msg->hdr); 302 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 303 304 msg->cprbx = static_cprbx; 305 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 306 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl = 307 size - sizeof(msg->hdr) - sizeof(msg->cprbx); 308 309 msg->fr = static_pkd_fnr; 310 311 ap_msg->len = size; 312 return 0; 313 } 314 315 /* 316 * Convert a XCRB message to a type6 CPRB message. 317 * 318 * @zq: crypto device pointer 319 * @ap_msg: pointer to AP message 320 * @xcRB: pointer to user input data 321 * 322 * Returns 0 on success or -EFAULT, -EINVAL. 323 */ 324 struct type86_fmt2_msg { 325 struct type86_hdr hdr; 326 struct type86_fmt2_ext fmt2; 327 } __packed; 328 xcrb_msg_to_type6cprb_msgx(bool userspace,struct ap_message * ap_msg,struct ica_xcRB * xcrb,unsigned int * fcode,unsigned short ** dom)329 static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg, 330 struct ica_xcRB *xcrb, 331 unsigned int *fcode, 332 unsigned short **dom) 333 { 334 static struct type6_hdr static_type6_hdrX = { 335 .type = 0x06, 336 .offset1 = 0x00000058, 337 }; 338 struct { 339 struct type6_hdr hdr; 340 union { 341 struct CPRBX cprbx; 342 DECLARE_FLEX_ARRAY(u8, userdata); 343 }; 344 } __packed * msg = ap_msg->msg; 345 346 int rcblen = CEIL4(xcrb->request_control_blk_length); 347 int req_sumlen, resp_sumlen; 348 char *req_data = ap_msg->msg + sizeof(struct type6_hdr) + rcblen; 349 char *function_code; 350 351 if (CEIL4(xcrb->request_control_blk_length) < 352 xcrb->request_control_blk_length) 353 return -EINVAL; /* overflow after alignment*/ 354 355 /* length checks */ 356 ap_msg->len = sizeof(struct type6_hdr) + 357 CEIL4(xcrb->request_control_blk_length) + 358 xcrb->request_data_length; 359 if (ap_msg->len > ap_msg->bufsize) 360 return -EINVAL; 361 362 /* 363 * Overflow check 364 * sum must be greater (or equal) than the largest operand 365 */ 366 req_sumlen = CEIL4(xcrb->request_control_blk_length) + 367 xcrb->request_data_length; 368 if ((CEIL4(xcrb->request_control_blk_length) <= 369 xcrb->request_data_length) ? 370 req_sumlen < xcrb->request_data_length : 371 req_sumlen < CEIL4(xcrb->request_control_blk_length)) { 372 return -EINVAL; 373 } 374 375 if (CEIL4(xcrb->reply_control_blk_length) < 376 xcrb->reply_control_blk_length) 377 return -EINVAL; /* overflow after alignment*/ 378 379 /* 380 * Overflow check 381 * sum must be greater (or equal) than the largest operand 382 */ 383 resp_sumlen = CEIL4(xcrb->reply_control_blk_length) + 384 xcrb->reply_data_length; 385 if ((CEIL4(xcrb->reply_control_blk_length) <= 386 xcrb->reply_data_length) ? 387 resp_sumlen < xcrb->reply_data_length : 388 resp_sumlen < CEIL4(xcrb->reply_control_blk_length)) { 389 return -EINVAL; 390 } 391 392 /* prepare type6 header */ 393 msg->hdr = static_type6_hdrX; 394 memcpy(msg->hdr.agent_id, &xcrb->agent_ID, sizeof(xcrb->agent_ID)); 395 msg->hdr.tocardlen1 = xcrb->request_control_blk_length; 396 if (xcrb->request_data_length) { 397 msg->hdr.offset2 = msg->hdr.offset1 + rcblen; 398 msg->hdr.tocardlen2 = xcrb->request_data_length; 399 } 400 msg->hdr.fromcardlen1 = xcrb->reply_control_blk_length; 401 msg->hdr.fromcardlen2 = xcrb->reply_data_length; 402 403 /* prepare CPRB */ 404 if (z_copy_from_user(userspace, msg->userdata, 405 xcrb->request_control_blk_addr, 406 xcrb->request_control_blk_length)) 407 return -EFAULT; 408 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) > 409 xcrb->request_control_blk_length) 410 return -EINVAL; 411 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len; 412 memcpy(msg->hdr.function_code, function_code, 413 sizeof(msg->hdr.function_code)); 414 415 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1]; 416 *dom = (unsigned short *)&msg->cprbx.domain; 417 418 /* check subfunction, US and AU need special flag with NQAP */ 419 if (memcmp(function_code, "US", 2) == 0 || 420 memcmp(function_code, "AU", 2) == 0) 421 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 422 423 /* check CPRB minor version, set info bits in ap_message flag field */ 424 switch (*(unsigned short *)(&msg->cprbx.func_id[0])) { 425 case 0x5432: /* "T2" */ 426 ap_msg->flags |= AP_MSG_FLAG_USAGE; 427 break; 428 case 0x5433: /* "T3" */ 429 case 0x5435: /* "T5" */ 430 case 0x5436: /* "T6" */ 431 case 0x5437: /* "T7" */ 432 ap_msg->flags |= AP_MSG_FLAG_ADMIN; 433 break; 434 default: 435 pr_debug("unknown CPRB minor version '%c%c'\n", 436 msg->cprbx.func_id[0], msg->cprbx.func_id[1]); 437 } 438 439 /* copy data block */ 440 if (xcrb->request_data_length && 441 z_copy_from_user(userspace, req_data, xcrb->request_data_address, 442 xcrb->request_data_length)) 443 return -EFAULT; 444 445 return 0; 446 } 447 xcrb_msg_to_type6_ep11cprb_msgx(bool userspace,struct ap_message * ap_msg,struct ep11_urb * xcrb,unsigned int * fcode,unsigned int * domain)448 static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap_msg, 449 struct ep11_urb *xcrb, 450 unsigned int *fcode, 451 unsigned int *domain) 452 { 453 unsigned int lfmt; 454 static struct type6_hdr static_type6_ep11_hdr = { 455 .type = 0x06, 456 .rqid = {0x00, 0x01}, 457 .function_code = {0x00, 0x00}, 458 .agent_id[0] = 0x58, /* {'X'} */ 459 .agent_id[1] = 0x43, /* {'C'} */ 460 .offset1 = 0x00000058, 461 }; 462 463 struct { 464 struct type6_hdr hdr; 465 union { 466 struct { 467 struct ep11_cprb cprbx; 468 unsigned char pld_tag; /* fixed value 0x30 */ 469 unsigned char pld_lenfmt; /* length format */ 470 } __packed; 471 DECLARE_FLEX_ARRAY(u8, userdata); 472 }; 473 } __packed * msg = ap_msg->msg; 474 475 struct pld_hdr { 476 unsigned char func_tag; /* fixed value 0x4 */ 477 unsigned char func_len; /* fixed value 0x4 */ 478 unsigned int func_val; /* function ID */ 479 unsigned char dom_tag; /* fixed value 0x4 */ 480 unsigned char dom_len; /* fixed value 0x4 */ 481 unsigned int dom_val; /* domain id */ 482 } __packed * payload_hdr = NULL; 483 484 if (CEIL4(xcrb->req_len) < xcrb->req_len) 485 return -EINVAL; /* overflow after alignment*/ 486 487 /* length checks */ 488 ap_msg->len = sizeof(struct type6_hdr) + CEIL4(xcrb->req_len); 489 if (ap_msg->len > ap_msg->bufsize) 490 return -EINVAL; 491 492 if (CEIL4(xcrb->resp_len) < xcrb->resp_len) 493 return -EINVAL; /* overflow after alignment*/ 494 495 /* prepare type6 header */ 496 msg->hdr = static_type6_ep11_hdr; 497 msg->hdr.tocardlen1 = xcrb->req_len; 498 msg->hdr.fromcardlen1 = xcrb->resp_len; 499 500 /* Import CPRB data from the ioctl input parameter */ 501 if (z_copy_from_user(userspace, msg->userdata, 502 (char __force __user *)xcrb->req, xcrb->req_len)) { 503 return -EFAULT; 504 } 505 506 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 507 switch (msg->pld_lenfmt & 0x03) { 508 case 1: 509 lfmt = 2; 510 break; 511 case 2: 512 lfmt = 3; 513 break; 514 default: 515 return -EINVAL; 516 } 517 } else { 518 lfmt = 1; /* length format #1 */ 519 } 520 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt); 521 *fcode = payload_hdr->func_val & 0xFFFF; 522 523 /* enable special processing based on the cprbs flags special bit */ 524 if (msg->cprbx.flags & 0x20) 525 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 526 527 /* set info bits in ap_message flag field */ 528 if (msg->cprbx.flags & 0x80) 529 ap_msg->flags |= AP_MSG_FLAG_ADMIN; 530 else 531 ap_msg->flags |= AP_MSG_FLAG_USAGE; 532 533 *domain = msg->cprbx.target_id; 534 535 return 0; 536 } 537 538 /* 539 * Copy results from a type 86 ICA reply message back to user space. 540 * 541 * @zq: crypto device pointer 542 * @reply: reply AP message. 543 * @data: pointer to user output data 544 * @length: size of user output data 545 * 546 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 547 */ 548 struct type86x_reply { 549 struct type86_hdr hdr; 550 struct type86_fmt2_ext fmt2; 551 struct CPRBX cprbx; 552 unsigned char pad[4]; /* 4 byte function code/rules block ? */ 553 unsigned short length; /* length of data including length field size */ 554 char data[]; 555 } __packed; 556 557 struct type86_ep11_reply { 558 struct type86_hdr hdr; 559 struct type86_fmt2_ext fmt2; 560 struct ep11_cprb cprbx; 561 } __packed; 562 convert_type86_ica(struct zcrypt_queue * zq,struct ap_message * reply,char __user * outputdata,unsigned int outputdatalength)563 static int convert_type86_ica(struct zcrypt_queue *zq, 564 struct ap_message *reply, 565 char __user *outputdata, 566 unsigned int outputdatalength) 567 { 568 struct type86x_reply *msg = reply->msg; 569 unsigned short service_rc, service_rs; 570 unsigned int data_len; 571 572 service_rc = msg->cprbx.ccp_rtcode; 573 if (unlikely(service_rc != 0)) { 574 service_rs = msg->cprbx.ccp_rscode; 575 if ((service_rc == 8 && service_rs == 66) || 576 (service_rc == 8 && service_rs == 65) || 577 (service_rc == 8 && service_rs == 72) || 578 (service_rc == 8 && service_rs == 770) || 579 (service_rc == 12 && service_rs == 769)) { 580 ZCRYPT_DBF_WARN("%s dev=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n", 581 __func__, AP_QID_CARD(zq->queue->qid), 582 AP_QID_QUEUE(zq->queue->qid), 583 (int)service_rc, (int)service_rs); 584 return -EINVAL; 585 } 586 zq->online = 0; 587 pr_err("Crypto dev=%02x.%04x rc/rs=%d/%d online=0 rc=EAGAIN\n", 588 AP_QID_CARD(zq->queue->qid), 589 AP_QID_QUEUE(zq->queue->qid), 590 (int)service_rc, (int)service_rs); 591 ZCRYPT_DBF_ERR("%s dev=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n", 592 __func__, AP_QID_CARD(zq->queue->qid), 593 AP_QID_QUEUE(zq->queue->qid), 594 (int)service_rc, (int)service_rs); 595 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 596 return -EAGAIN; 597 } 598 data_len = msg->length - sizeof(msg->length); 599 if (data_len > outputdatalength) 600 return -EMSGSIZE; 601 602 /* Copy the crypto response to user space. */ 603 if (copy_to_user(outputdata, msg->data, data_len)) 604 return -EFAULT; 605 return 0; 606 } 607 608 /* 609 * Copy results from a type 86 XCRB reply message back to user space. 610 * 611 * @zq: crypto device pointer 612 * @reply: reply AP message. 613 * @xcrb: pointer to XCRB 614 * 615 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 616 */ convert_type86_xcrb(bool userspace,struct zcrypt_queue * zq,struct ap_message * reply,struct ica_xcRB * xcrb)617 static int convert_type86_xcrb(bool userspace, struct zcrypt_queue *zq, 618 struct ap_message *reply, 619 struct ica_xcRB *xcrb) 620 { 621 struct type86_fmt2_msg *msg = reply->msg; 622 char *data = reply->msg; 623 624 /* Copy CPRB to user */ 625 if (xcrb->reply_control_blk_length < msg->fmt2.count1) { 626 pr_debug("reply_control_blk_length %u < required %u => EMSGSIZE\n", 627 xcrb->reply_control_blk_length, msg->fmt2.count1); 628 return -EMSGSIZE; 629 } 630 if (z_copy_to_user(userspace, xcrb->reply_control_blk_addr, 631 data + msg->fmt2.offset1, msg->fmt2.count1)) 632 return -EFAULT; 633 xcrb->reply_control_blk_length = msg->fmt2.count1; 634 635 /* Copy data buffer to user */ 636 if (msg->fmt2.count2) { 637 if (xcrb->reply_data_length < msg->fmt2.count2) { 638 pr_debug("reply_data_length %u < required %u => EMSGSIZE\n", 639 xcrb->reply_data_length, msg->fmt2.count2); 640 return -EMSGSIZE; 641 } 642 if (z_copy_to_user(userspace, xcrb->reply_data_addr, 643 data + msg->fmt2.offset2, msg->fmt2.count2)) 644 return -EFAULT; 645 } 646 xcrb->reply_data_length = msg->fmt2.count2; 647 648 return 0; 649 } 650 651 /* 652 * Copy results from a type 86 EP11 XCRB reply message back to user space. 653 * 654 * @zq: crypto device pointer 655 * @reply: reply AP message. 656 * @xcrb: pointer to EP11 user request block 657 * 658 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 659 */ convert_type86_ep11_xcrb(bool userspace,struct zcrypt_queue * zq,struct ap_message * reply,struct ep11_urb * xcrb)660 static int convert_type86_ep11_xcrb(bool userspace, struct zcrypt_queue *zq, 661 struct ap_message *reply, 662 struct ep11_urb *xcrb) 663 { 664 struct type86_fmt2_msg *msg = reply->msg; 665 char *data = reply->msg; 666 667 if (xcrb->resp_len < msg->fmt2.count1) { 668 pr_debug("resp_len %u < required %u => EMSGSIZE\n", 669 (unsigned int)xcrb->resp_len, msg->fmt2.count1); 670 return -EMSGSIZE; 671 } 672 673 /* Copy response CPRB to user */ 674 if (z_copy_to_user(userspace, (char __force __user *)xcrb->resp, 675 data + msg->fmt2.offset1, msg->fmt2.count1)) 676 return -EFAULT; 677 xcrb->resp_len = msg->fmt2.count1; 678 return 0; 679 } 680 convert_type86_rng(struct zcrypt_queue * zq,struct ap_message * reply,char * buffer)681 static int convert_type86_rng(struct zcrypt_queue *zq, 682 struct ap_message *reply, 683 char *buffer) 684 { 685 struct { 686 struct type86_hdr hdr; 687 struct type86_fmt2_ext fmt2; 688 struct CPRBX cprbx; 689 } __packed * msg = reply->msg; 690 char *data = reply->msg; 691 692 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0) 693 return -EINVAL; 694 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2); 695 return msg->fmt2.count2; 696 } 697 convert_response_ica(struct zcrypt_queue * zq,struct ap_message * reply,char __user * outputdata,unsigned int outputdatalength)698 static int convert_response_ica(struct zcrypt_queue *zq, 699 struct ap_message *reply, 700 char __user *outputdata, 701 unsigned int outputdatalength) 702 { 703 struct type86x_reply *msg = reply->msg; 704 705 switch (msg->hdr.type) { 706 case TYPE82_RSP_CODE: 707 case TYPE88_RSP_CODE: 708 return convert_error(zq, reply); 709 case TYPE86_RSP_CODE: 710 if (msg->cprbx.ccp_rtcode && 711 msg->cprbx.ccp_rscode == 0x14f && 712 outputdatalength > 256) { 713 if (zq->zcard->max_exp_bit_length <= 17) { 714 zq->zcard->max_exp_bit_length = 17; 715 return -EAGAIN; 716 } else { 717 return -EINVAL; 718 } 719 } 720 if (msg->hdr.reply_code) 721 return convert_error(zq, reply); 722 if (msg->cprbx.cprb_ver_id == 0x02) 723 return convert_type86_ica(zq, reply, 724 outputdata, outputdatalength); 725 fallthrough; /* wrong cprb version is an unknown response */ 726 default: 727 /* Unknown response type, this should NEVER EVER happen */ 728 zq->online = 0; 729 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 730 AP_QID_CARD(zq->queue->qid), 731 AP_QID_QUEUE(zq->queue->qid), 732 (int)msg->hdr.type); 733 ZCRYPT_DBF_ERR( 734 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 735 __func__, AP_QID_CARD(zq->queue->qid), 736 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 737 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 738 return -EAGAIN; 739 } 740 } 741 convert_response_xcrb(bool userspace,struct zcrypt_queue * zq,struct ap_message * reply,struct ica_xcRB * xcrb)742 static int convert_response_xcrb(bool userspace, struct zcrypt_queue *zq, 743 struct ap_message *reply, 744 struct ica_xcRB *xcrb) 745 { 746 struct type86x_reply *msg = reply->msg; 747 748 switch (msg->hdr.type) { 749 case TYPE82_RSP_CODE: 750 case TYPE88_RSP_CODE: 751 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */ 752 return convert_error(zq, reply); 753 case TYPE86_RSP_CODE: 754 if (msg->hdr.reply_code) { 755 memcpy(&xcrb->status, msg->fmt2.apfs, sizeof(u32)); 756 return convert_error(zq, reply); 757 } 758 if (msg->cprbx.cprb_ver_id == 0x02) 759 return convert_type86_xcrb(userspace, zq, reply, xcrb); 760 fallthrough; /* wrong cprb version is an unknown response */ 761 default: /* Unknown response type, this should NEVER EVER happen */ 762 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */ 763 zq->online = 0; 764 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 765 AP_QID_CARD(zq->queue->qid), 766 AP_QID_QUEUE(zq->queue->qid), 767 (int)msg->hdr.type); 768 ZCRYPT_DBF_ERR( 769 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 770 __func__, AP_QID_CARD(zq->queue->qid), 771 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 772 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 773 return -EAGAIN; 774 } 775 } 776 convert_response_ep11_xcrb(bool userspace,struct zcrypt_queue * zq,struct ap_message * reply,struct ep11_urb * xcrb)777 static int convert_response_ep11_xcrb(bool userspace, struct zcrypt_queue *zq, 778 struct ap_message *reply, struct ep11_urb *xcrb) 779 { 780 struct type86_ep11_reply *msg = reply->msg; 781 782 switch (msg->hdr.type) { 783 case TYPE82_RSP_CODE: 784 case TYPE87_RSP_CODE: 785 return convert_error(zq, reply); 786 case TYPE86_RSP_CODE: 787 if (msg->hdr.reply_code) 788 return convert_error(zq, reply); 789 if (msg->cprbx.cprb_ver_id == 0x04) 790 return convert_type86_ep11_xcrb(userspace, zq, reply, xcrb); 791 fallthrough; /* wrong cprb version is an unknown resp */ 792 default: /* Unknown response type, this should NEVER EVER happen */ 793 zq->online = 0; 794 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 795 AP_QID_CARD(zq->queue->qid), 796 AP_QID_QUEUE(zq->queue->qid), 797 (int)msg->hdr.type); 798 ZCRYPT_DBF_ERR( 799 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 800 __func__, AP_QID_CARD(zq->queue->qid), 801 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 802 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 803 return -EAGAIN; 804 } 805 } 806 convert_response_rng(struct zcrypt_queue * zq,struct ap_message * reply,char * data)807 static int convert_response_rng(struct zcrypt_queue *zq, 808 struct ap_message *reply, 809 char *data) 810 { 811 struct type86x_reply *msg = reply->msg; 812 813 switch (msg->hdr.type) { 814 case TYPE82_RSP_CODE: 815 case TYPE88_RSP_CODE: 816 return -EINVAL; 817 case TYPE86_RSP_CODE: 818 if (msg->hdr.reply_code) 819 return -EINVAL; 820 if (msg->cprbx.cprb_ver_id == 0x02) 821 return convert_type86_rng(zq, reply, data); 822 fallthrough; /* wrong cprb version is an unknown response */ 823 default: /* Unknown response type, this should NEVER EVER happen */ 824 zq->online = 0; 825 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 826 AP_QID_CARD(zq->queue->qid), 827 AP_QID_QUEUE(zq->queue->qid), 828 (int)msg->hdr.type); 829 ZCRYPT_DBF_ERR( 830 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 831 __func__, AP_QID_CARD(zq->queue->qid), 832 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 833 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 834 return -EAGAIN; 835 } 836 } 837 838 /* 839 * This function is called from the AP bus code after a crypto request 840 * "msg" has finished with the reply message "reply". 841 * It is called from tasklet context. 842 * @aq: pointer to the AP queue 843 * @msg: pointer to the AP message 844 * @reply: pointer to the AP reply message 845 */ zcrypt_msgtype6_receive(struct ap_queue * aq,struct ap_message * msg,struct ap_message * reply)846 static void zcrypt_msgtype6_receive(struct ap_queue *aq, 847 struct ap_message *msg, 848 struct ap_message *reply) 849 { 850 static struct error_hdr error_reply = { 851 .type = TYPE82_RSP_CODE, 852 .reply_code = REP82_ERROR_MACHINE_FAILURE, 853 }; 854 struct ap_response_type *resp_type = &msg->response; 855 struct type86x_reply *t86r; 856 int len; 857 858 /* Copy the reply message to the request message buffer. */ 859 if (!reply) 860 goto out; /* ap_msg->rc indicates the error */ 861 t86r = reply->msg; 862 if (t86r->hdr.type == TYPE86_RSP_CODE && 863 t86r->cprbx.cprb_ver_id == 0x02) { 864 switch (resp_type->type) { 865 case CEXXC_RESPONSE_TYPE_ICA: 866 len = sizeof(struct type86x_reply) + t86r->length; 867 if (len > reply->bufsize || len > msg->bufsize || 868 len != reply->len) { 869 pr_debug("len mismatch => EMSGSIZE\n"); 870 msg->rc = -EMSGSIZE; 871 goto out; 872 } 873 memcpy(msg->msg, reply->msg, len); 874 msg->len = len; 875 break; 876 case CEXXC_RESPONSE_TYPE_XCRB: 877 if (t86r->fmt2.count2) 878 len = t86r->fmt2.offset2 + t86r->fmt2.count2; 879 else 880 len = t86r->fmt2.offset1 + t86r->fmt2.count1; 881 if (len > reply->bufsize || len > msg->bufsize || 882 len != reply->len) { 883 pr_debug("len mismatch => EMSGSIZE\n"); 884 msg->rc = -EMSGSIZE; 885 goto out; 886 } 887 memcpy(msg->msg, reply->msg, len); 888 msg->len = len; 889 break; 890 default: 891 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 892 msg->len = sizeof(error_reply); 893 } 894 } else { 895 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 896 msg->len = sizeof(error_reply); 897 } 898 out: 899 complete(&resp_type->work); 900 } 901 902 /* 903 * This function is called from the AP bus code after a crypto request 904 * "msg" has finished with the reply message "reply". 905 * It is called from tasklet context. 906 * @aq: pointer to the AP queue 907 * @msg: pointer to the AP message 908 * @reply: pointer to the AP reply message 909 */ zcrypt_msgtype6_receive_ep11(struct ap_queue * aq,struct ap_message * msg,struct ap_message * reply)910 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq, 911 struct ap_message *msg, 912 struct ap_message *reply) 913 { 914 static struct error_hdr error_reply = { 915 .type = TYPE82_RSP_CODE, 916 .reply_code = REP82_ERROR_MACHINE_FAILURE, 917 }; 918 struct ap_response_type *resp_type = &msg->response; 919 struct type86_ep11_reply *t86r; 920 int len; 921 922 /* Copy the reply message to the request message buffer. */ 923 if (!reply) 924 goto out; /* ap_msg->rc indicates the error */ 925 t86r = reply->msg; 926 if (t86r->hdr.type == TYPE86_RSP_CODE && 927 t86r->cprbx.cprb_ver_id == 0x04) { 928 switch (resp_type->type) { 929 case CEXXC_RESPONSE_TYPE_EP11: 930 len = t86r->fmt2.offset1 + t86r->fmt2.count1; 931 if (len > reply->bufsize || len > msg->bufsize || 932 len != reply->len) { 933 pr_debug("len mismatch => EMSGSIZE\n"); 934 msg->rc = -EMSGSIZE; 935 goto out; 936 } 937 memcpy(msg->msg, reply->msg, len); 938 msg->len = len; 939 break; 940 default: 941 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 942 msg->len = sizeof(error_reply); 943 } 944 } else { 945 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 946 msg->len = sizeof(error_reply); 947 } 948 out: 949 complete(&resp_type->work); 950 } 951 952 static atomic_t zcrypt_step = ATOMIC_INIT(0); 953 954 /* 955 * The request distributor calls this function if it picked the CEXxC 956 * device to handle a modexpo request. 957 * @zq: pointer to zcrypt_queue structure that identifies the 958 * CEXxC device to the request distributor 959 * @mex: pointer to the modexpo request buffer 960 */ zcrypt_msgtype6_modexpo(struct zcrypt_queue * zq,struct ica_rsa_modexpo * mex,struct ap_message * ap_msg)961 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq, 962 struct ica_rsa_modexpo *mex, 963 struct ap_message *ap_msg) 964 { 965 struct ap_response_type *resp_type = &ap_msg->response; 966 int rc; 967 968 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL); 969 if (!ap_msg->msg) 970 return -ENOMEM; 971 ap_msg->bufsize = PAGE_SIZE; 972 ap_msg->receive = zcrypt_msgtype6_receive; 973 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 974 atomic_inc_return(&zcrypt_step); 975 rc = icamex_msg_to_type6mex_msgx(zq, ap_msg, mex); 976 if (rc) 977 goto out_free; 978 resp_type->type = CEXXC_RESPONSE_TYPE_ICA; 979 init_completion(&resp_type->work); 980 rc = ap_queue_message(zq->queue, ap_msg); 981 if (rc) 982 goto out_free; 983 rc = wait_for_completion_interruptible(&resp_type->work); 984 if (rc == 0) { 985 rc = ap_msg->rc; 986 if (rc == 0) 987 rc = convert_response_ica(zq, ap_msg, 988 mex->outputdata, 989 mex->outputdatalength); 990 } else { 991 /* Signal pending. */ 992 ap_cancel_message(zq->queue, ap_msg); 993 } 994 995 out_free: 996 free_page((unsigned long)ap_msg->msg); 997 ap_msg->msg = NULL; 998 return rc; 999 } 1000 1001 /* 1002 * The request distributor calls this function if it picked the CEXxC 1003 * device to handle a modexpo_crt request. 1004 * @zq: pointer to zcrypt_queue structure that identifies the 1005 * CEXxC device to the request distributor 1006 * @crt: pointer to the modexpoc_crt request buffer 1007 */ zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue * zq,struct ica_rsa_modexpo_crt * crt,struct ap_message * ap_msg)1008 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq, 1009 struct ica_rsa_modexpo_crt *crt, 1010 struct ap_message *ap_msg) 1011 { 1012 struct ap_response_type *resp_type = &ap_msg->response; 1013 int rc; 1014 1015 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL); 1016 if (!ap_msg->msg) 1017 return -ENOMEM; 1018 ap_msg->bufsize = PAGE_SIZE; 1019 ap_msg->receive = zcrypt_msgtype6_receive; 1020 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1021 atomic_inc_return(&zcrypt_step); 1022 rc = icacrt_msg_to_type6crt_msgx(zq, ap_msg, crt); 1023 if (rc) 1024 goto out_free; 1025 resp_type->type = CEXXC_RESPONSE_TYPE_ICA; 1026 init_completion(&resp_type->work); 1027 rc = ap_queue_message(zq->queue, ap_msg); 1028 if (rc) 1029 goto out_free; 1030 rc = wait_for_completion_interruptible(&resp_type->work); 1031 if (rc == 0) { 1032 rc = ap_msg->rc; 1033 if (rc == 0) 1034 rc = convert_response_ica(zq, ap_msg, 1035 crt->outputdata, 1036 crt->outputdatalength); 1037 } else { 1038 /* Signal pending. */ 1039 ap_cancel_message(zq->queue, ap_msg); 1040 } 1041 1042 out_free: 1043 free_page((unsigned long)ap_msg->msg); 1044 ap_msg->msg = NULL; 1045 return rc; 1046 } 1047 1048 /* 1049 * Prepare a CCA AP msg request. 1050 * Prepare a CCA AP msg: fetch the required data from userspace, 1051 * prepare the AP msg, fill some info into the ap_message struct, 1052 * extract some data from the CPRB and give back to the caller. 1053 * This function assumes that ap_msg has been initialized with 1054 * ap_init_apmsg() and thus a valid buffer with the size of 1055 * ap_msg->bufsize is available within ap_msg. Also the caller has 1056 * to make sure ap_release_apmsg() is always called even on failure. 1057 */ prep_cca_ap_msg(bool userspace,struct ica_xcRB * xcrb,struct ap_message * ap_msg,unsigned int * func_code,unsigned short ** dom)1058 int prep_cca_ap_msg(bool userspace, struct ica_xcRB *xcrb, 1059 struct ap_message *ap_msg, 1060 unsigned int *func_code, unsigned short **dom) 1061 { 1062 struct ap_response_type *resp_type = &ap_msg->response; 1063 1064 ap_msg->receive = zcrypt_msgtype6_receive; 1065 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1066 atomic_inc_return(&zcrypt_step); 1067 resp_type->type = CEXXC_RESPONSE_TYPE_XCRB; 1068 return xcrb_msg_to_type6cprb_msgx(userspace, ap_msg, xcrb, func_code, dom); 1069 } 1070 1071 /* 1072 * The request distributor calls this function if it picked the CEXxC 1073 * device to handle a send_cprb request. 1074 * @zq: pointer to zcrypt_queue structure that identifies the 1075 * CEXxC device to the request distributor 1076 * @xcrb: pointer to the send_cprb request buffer 1077 */ zcrypt_msgtype6_send_cprb(bool userspace,struct zcrypt_queue * zq,struct ica_xcRB * xcrb,struct ap_message * ap_msg)1078 static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq, 1079 struct ica_xcRB *xcrb, 1080 struct ap_message *ap_msg) 1081 { 1082 struct ap_response_type *resp_type = &ap_msg->response; 1083 struct { 1084 struct type6_hdr hdr; 1085 struct CPRBX cprbx; 1086 /* ... more data blocks ... */ 1087 } __packed * msg = ap_msg->msg; 1088 unsigned int max_payload_size; 1089 int rc, delta; 1090 1091 /* calculate maximum payload for this card and msg type */ 1092 max_payload_size = zq->reply.bufsize - sizeof(struct type86_fmt2_msg); 1093 1094 /* limit each of the two from fields to the maximum payload size */ 1095 msg->hdr.fromcardlen1 = min(msg->hdr.fromcardlen1, max_payload_size); 1096 msg->hdr.fromcardlen2 = min(msg->hdr.fromcardlen2, max_payload_size); 1097 1098 /* calculate delta if the sum of both exceeds max payload size */ 1099 delta = msg->hdr.fromcardlen1 + msg->hdr.fromcardlen2 1100 - max_payload_size; 1101 if (delta > 0) { 1102 /* 1103 * Sum exceeds maximum payload size, prune fromcardlen1 1104 * (always trust fromcardlen2) 1105 */ 1106 if (delta > msg->hdr.fromcardlen1) { 1107 rc = -EINVAL; 1108 goto out; 1109 } 1110 msg->hdr.fromcardlen1 -= delta; 1111 } 1112 1113 init_completion(&resp_type->work); 1114 rc = ap_queue_message(zq->queue, ap_msg); 1115 if (rc) 1116 goto out; 1117 rc = wait_for_completion_interruptible(&resp_type->work); 1118 if (rc == 0) { 1119 rc = ap_msg->rc; 1120 if (rc == 0) 1121 rc = convert_response_xcrb(userspace, zq, ap_msg, xcrb); 1122 } else { 1123 /* Signal pending. */ 1124 ap_cancel_message(zq->queue, ap_msg); 1125 } 1126 1127 if (rc == -EAGAIN && ap_msg->flags & AP_MSG_FLAG_ADMIN) 1128 rc = -EIO; /* do not retry administrative requests */ 1129 1130 out: 1131 if (rc) 1132 pr_debug("send cprb at dev=%02x.%04x rc=%d\n", 1133 AP_QID_CARD(zq->queue->qid), 1134 AP_QID_QUEUE(zq->queue->qid), rc); 1135 return rc; 1136 } 1137 1138 /* 1139 * Prepare an EP11 AP msg request. 1140 * Prepare an EP11 AP msg: fetch the required data from userspace, 1141 * prepare the AP msg, fill some info into the ap_message struct, 1142 * extract some data from the CPRB and give back to the caller. 1143 * This function assumes that ap_msg has been initialized with 1144 * ap_init_apmsg() and thus a valid buffer with the size of 1145 * ap_msg->bufsize is available within ap_msg. Also the caller has 1146 * to make sure ap_release_apmsg() is always called even on failure. 1147 */ prep_ep11_ap_msg(bool userspace,struct ep11_urb * xcrb,struct ap_message * ap_msg,unsigned int * func_code,unsigned int * domain)1148 int prep_ep11_ap_msg(bool userspace, struct ep11_urb *xcrb, 1149 struct ap_message *ap_msg, 1150 unsigned int *func_code, unsigned int *domain) 1151 { 1152 struct ap_response_type *resp_type = &ap_msg->response; 1153 1154 ap_msg->receive = zcrypt_msgtype6_receive_ep11; 1155 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1156 atomic_inc_return(&zcrypt_step); 1157 resp_type->type = CEXXC_RESPONSE_TYPE_EP11; 1158 return xcrb_msg_to_type6_ep11cprb_msgx(userspace, ap_msg, xcrb, 1159 func_code, domain); 1160 } 1161 1162 /* 1163 * The request distributor calls this function if it picked the CEX4P 1164 * device to handle a send_ep11_cprb request. 1165 * @zq: pointer to zcrypt_queue structure that identifies the 1166 * CEX4P device to the request distributor 1167 * @xcrb: pointer to the ep11 user request block 1168 */ zcrypt_msgtype6_send_ep11_cprb(bool userspace,struct zcrypt_queue * zq,struct ep11_urb * xcrb,struct ap_message * ap_msg)1169 static long zcrypt_msgtype6_send_ep11_cprb(bool userspace, struct zcrypt_queue *zq, 1170 struct ep11_urb *xcrb, 1171 struct ap_message *ap_msg) 1172 { 1173 int rc; 1174 unsigned int lfmt; 1175 struct ap_response_type *resp_type = &ap_msg->response; 1176 struct { 1177 struct type6_hdr hdr; 1178 struct ep11_cprb cprbx; 1179 unsigned char pld_tag; /* fixed value 0x30 */ 1180 unsigned char pld_lenfmt; /* payload length format */ 1181 } __packed * msg = ap_msg->msg; 1182 struct pld_hdr { 1183 unsigned char func_tag; /* fixed value 0x4 */ 1184 unsigned char func_len; /* fixed value 0x4 */ 1185 unsigned int func_val; /* function ID */ 1186 unsigned char dom_tag; /* fixed value 0x4 */ 1187 unsigned char dom_len; /* fixed value 0x4 */ 1188 unsigned int dom_val; /* domain id */ 1189 } __packed * payload_hdr = NULL; 1190 1191 /* 1192 * The target domain field within the cprb body/payload block will be 1193 * replaced by the usage domain for non-management commands only. 1194 * Therefore we check the first bit of the 'flags' parameter for 1195 * management command indication. 1196 * 0 - non management command 1197 * 1 - management command 1198 */ 1199 if (!((msg->cprbx.flags & 0x80) == 0x80)) { 1200 msg->cprbx.target_id = (unsigned int) 1201 AP_QID_QUEUE(zq->queue->qid); 1202 1203 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 1204 switch (msg->pld_lenfmt & 0x03) { 1205 case 1: 1206 lfmt = 2; 1207 break; 1208 case 2: 1209 lfmt = 3; 1210 break; 1211 default: 1212 return -EINVAL; 1213 } 1214 } else { 1215 lfmt = 1; /* length format #1 */ 1216 } 1217 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt); 1218 payload_hdr->dom_val = (unsigned int) 1219 AP_QID_QUEUE(zq->queue->qid); 1220 } 1221 1222 /* 1223 * Set the queue's reply buffer length minus the two prepend headers 1224 * as reply limit for the card firmware. 1225 */ 1226 msg->hdr.fromcardlen1 = zq->reply.bufsize - 1227 sizeof(struct type86_hdr) - sizeof(struct type86_fmt2_ext); 1228 1229 init_completion(&resp_type->work); 1230 rc = ap_queue_message(zq->queue, ap_msg); 1231 if (rc) 1232 goto out; 1233 rc = wait_for_completion_interruptible(&resp_type->work); 1234 if (rc == 0) { 1235 rc = ap_msg->rc; 1236 if (rc == 0) 1237 rc = convert_response_ep11_xcrb(userspace, zq, ap_msg, xcrb); 1238 } else { 1239 /* Signal pending. */ 1240 ap_cancel_message(zq->queue, ap_msg); 1241 } 1242 1243 if (rc == -EAGAIN && ap_msg->flags & AP_MSG_FLAG_ADMIN) 1244 rc = -EIO; /* do not retry administrative requests */ 1245 1246 out: 1247 if (rc) 1248 pr_debug("send cprb at dev=%02x.%04x rc=%d\n", 1249 AP_QID_CARD(zq->queue->qid), 1250 AP_QID_QUEUE(zq->queue->qid), rc); 1251 return rc; 1252 } 1253 1254 /* 1255 * Prepare a CEXXC get random request ap message. 1256 * This function assumes that ap_msg has been initialized with 1257 * ap_init_apmsg() and thus a valid buffer with the size of 1258 * ap_max_msg_size is available within ap_msg. Also the caller has 1259 * to make sure ap_release_apmsg() is always called even on failure. 1260 */ prep_rng_ap_msg(struct ap_message * ap_msg,int * func_code,unsigned int * domain)1261 int prep_rng_ap_msg(struct ap_message *ap_msg, int *func_code, 1262 unsigned int *domain) 1263 { 1264 struct ap_response_type *resp_type = &ap_msg->response; 1265 1266 if (ap_msg->bufsize < AP_DEFAULT_MAX_MSG_SIZE) 1267 return -EMSGSIZE; 1268 ap_msg->receive = zcrypt_msgtype6_receive; 1269 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1270 atomic_inc_return(&zcrypt_step); 1271 1272 resp_type->type = CEXXC_RESPONSE_TYPE_XCRB; 1273 1274 rng_type6cprb_msgx(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain); 1275 1276 *func_code = HWRNG; 1277 return 0; 1278 } 1279 1280 /* 1281 * The request distributor calls this function if it picked the CEXxC 1282 * device to generate random data. 1283 * @zq: pointer to zcrypt_queue structure that identifies the 1284 * CEXxC device to the request distributor 1285 * @buffer: pointer to a memory page to return random data 1286 */ zcrypt_msgtype6_rng(struct zcrypt_queue * zq,char * buffer,struct ap_message * ap_msg)1287 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq, 1288 char *buffer, struct ap_message *ap_msg) 1289 { 1290 struct { 1291 struct type6_hdr hdr; 1292 struct CPRBX cprbx; 1293 char function_code[2]; 1294 short int rule_length; 1295 char rule[8]; 1296 short int verb_length; 1297 short int key_length; 1298 } __packed * msg = ap_msg->msg; 1299 struct ap_response_type *resp_type = &ap_msg->response; 1300 int rc; 1301 1302 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 1303 1304 init_completion(&resp_type->work); 1305 rc = ap_queue_message(zq->queue, ap_msg); 1306 if (rc) 1307 goto out; 1308 rc = wait_for_completion_interruptible(&resp_type->work); 1309 if (rc == 0) { 1310 rc = ap_msg->rc; 1311 if (rc == 0) 1312 rc = convert_response_rng(zq, ap_msg, buffer); 1313 } else { 1314 /* Signal pending. */ 1315 ap_cancel_message(zq->queue, ap_msg); 1316 } 1317 out: 1318 return rc; 1319 } 1320 1321 /* 1322 * The crypto operations for a CEXxC card. 1323 */ 1324 1325 static struct zcrypt_ops zcrypt_msgtype6_ops = { 1326 .owner = THIS_MODULE, 1327 .name = MSGTYPE06_NAME, 1328 .variant = MSGTYPE06_VARIANT_DEFAULT, 1329 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1330 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1331 .send_cprb = zcrypt_msgtype6_send_cprb, 1332 .rng = zcrypt_msgtype6_rng, 1333 }; 1334 1335 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = { 1336 .owner = THIS_MODULE, 1337 .name = MSGTYPE06_NAME, 1338 .variant = MSGTYPE06_VARIANT_EP11, 1339 .rsa_modexpo = NULL, 1340 .rsa_modexpo_crt = NULL, 1341 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb, 1342 }; 1343 zcrypt_msgtype6_init(void)1344 void __init zcrypt_msgtype6_init(void) 1345 { 1346 zcrypt_msgtype_register(&zcrypt_msgtype6_ops); 1347 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops); 1348 } 1349 zcrypt_msgtype6_exit(void)1350 void __exit zcrypt_msgtype6_exit(void) 1351 { 1352 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops); 1353 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops); 1354 } 1355