1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright IBM Corp. 2001, 2022
4 * Author(s): Robert Burroughs
5 * Eric Rossman (edrossma@us.ibm.com)
6 *
7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
9 * Ralph Wuerthner <rwuerthn@de.ibm.com>
10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com>
11 */
12
13 #define KMSG_COMPONENT "zcrypt"
14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
15
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/err.h>
19 #include <linux/delay.h>
20 #include <linux/slab.h>
21 #include <linux/atomic.h>
22 #include <linux/uaccess.h>
23
24 #include "ap_bus.h"
25 #include "zcrypt_api.h"
26 #include "zcrypt_error.h"
27 #include "zcrypt_msgtype6.h"
28 #include "zcrypt_cca_key.h"
29
30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */
31
32 #define CEIL4(x) ((((x) + 3) / 4) * 4)
33
34 struct response_type {
35 struct completion work;
36 int type;
37 };
38
39 #define CEXXC_RESPONSE_TYPE_ICA 0
40 #define CEXXC_RESPONSE_TYPE_XCRB 1
41 #define CEXXC_RESPONSE_TYPE_EP11 2
42
43 MODULE_AUTHOR("IBM Corporation");
44 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
45 "Copyright IBM Corp. 2001, 2012");
46 MODULE_LICENSE("GPL");
47
48 struct function_and_rules_block {
49 unsigned char function_code[2];
50 unsigned short ulen;
51 unsigned char only_rule[8];
52 } __packed;
53
54 /*
55 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP
56 * card in a type6 message. The 3 fields that must be filled in at execution
57 * time are req_parml, rpl_parml and usage_domain.
58 * Everything about this interface is ascii/big-endian, since the
59 * device does *not* have 'Intel inside'.
60 *
61 * The CPRBX is followed immediately by the parm block.
62 * The parm block contains:
63 * - function code ('PD' 0x5044 or 'PK' 0x504B)
64 * - rule block (one of:)
65 * + 0x000A 'PKCS-1.2' (MCL2 'PD')
66 * + 0x000A 'ZERO-PAD' (MCL2 'PK')
67 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
68 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK')
69 * - VUD block
70 */
71 static const struct CPRBX static_cprbx = {
72 .cprb_len = 0x00DC,
73 .cprb_ver_id = 0x02,
74 .func_id = {0x54, 0x32},
75 };
76
speed_idx_cca(int req_type)77 int speed_idx_cca(int req_type)
78 {
79 switch (req_type) {
80 case 0x4142:
81 case 0x4149:
82 case 0x414D:
83 case 0x4341:
84 case 0x4344:
85 case 0x4354:
86 case 0x4358:
87 case 0x444B:
88 case 0x4558:
89 case 0x4643:
90 case 0x4651:
91 case 0x4C47:
92 case 0x4C4B:
93 case 0x4C51:
94 case 0x4F48:
95 case 0x504F:
96 case 0x5053:
97 case 0x5058:
98 case 0x5343:
99 case 0x5344:
100 case 0x5345:
101 case 0x5350:
102 return LOW;
103 case 0x414B:
104 case 0x4345:
105 case 0x4349:
106 case 0x434D:
107 case 0x4847:
108 case 0x4849:
109 case 0x484D:
110 case 0x4850:
111 case 0x4851:
112 case 0x4954:
113 case 0x4958:
114 case 0x4B43:
115 case 0x4B44:
116 case 0x4B45:
117 case 0x4B47:
118 case 0x4B48:
119 case 0x4B49:
120 case 0x4B4E:
121 case 0x4B50:
122 case 0x4B52:
123 case 0x4B54:
124 case 0x4B58:
125 case 0x4D50:
126 case 0x4D53:
127 case 0x4D56:
128 case 0x4D58:
129 case 0x5044:
130 case 0x5045:
131 case 0x5046:
132 case 0x5047:
133 case 0x5049:
134 case 0x504B:
135 case 0x504D:
136 case 0x5254:
137 case 0x5347:
138 case 0x5349:
139 case 0x534B:
140 case 0x534D:
141 case 0x5356:
142 case 0x5358:
143 case 0x5443:
144 case 0x544B:
145 case 0x5647:
146 return HIGH;
147 default:
148 return MEDIUM;
149 }
150 }
151
speed_idx_ep11(int req_type)152 int speed_idx_ep11(int req_type)
153 {
154 switch (req_type) {
155 case 1:
156 case 2:
157 case 36:
158 case 37:
159 case 38:
160 case 39:
161 case 40:
162 return LOW;
163 case 17:
164 case 18:
165 case 19:
166 case 20:
167 case 21:
168 case 22:
169 case 26:
170 case 30:
171 case 31:
172 case 32:
173 case 33:
174 case 34:
175 case 35:
176 return HIGH;
177 default:
178 return MEDIUM;
179 }
180 }
181
182 /*
183 * Convert a ICAMEX message to a type6 MEX message.
184 *
185 * @zq: crypto device pointer
186 * @ap_msg: pointer to AP message
187 * @mex: pointer to user input data
188 *
189 * Returns 0 on success or negative errno value.
190 */
icamex_msg_to_type6mex_msgx(struct zcrypt_queue * zq,struct ap_message * ap_msg,struct ica_rsa_modexpo * mex)191 static int icamex_msg_to_type6mex_msgx(struct zcrypt_queue *zq,
192 struct ap_message *ap_msg,
193 struct ica_rsa_modexpo *mex)
194 {
195 static struct type6_hdr static_type6_hdrX = {
196 .type = 0x06,
197 .offset1 = 0x00000058,
198 .agent_id = {'C', 'A',},
199 .function_code = {'P', 'K'},
200 };
201 static struct function_and_rules_block static_pke_fnr = {
202 .function_code = {'P', 'K'},
203 .ulen = 10,
204 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
205 };
206 struct {
207 struct type6_hdr hdr;
208 struct CPRBX cprbx;
209 struct function_and_rules_block fr;
210 unsigned short length;
211 char text[0];
212 } __packed * msg = ap_msg->msg;
213 int size;
214
215 /*
216 * The inputdatalength was a selection criteria in the dispatching
217 * function zcrypt_rsa_modexpo(). However, make sure the following
218 * copy_from_user() never exceeds the allocated buffer space.
219 */
220 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
221 return -EINVAL;
222
223 /* VUD.ciphertext */
224 msg->length = mex->inputdatalength + 2;
225 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
226 return -EFAULT;
227
228 /* Set up key which is located after the variable length text. */
229 size = zcrypt_type6_mex_key_en(mex, msg->text + mex->inputdatalength);
230 if (size < 0)
231 return size;
232 size += sizeof(*msg) + mex->inputdatalength;
233
234 /* message header, cprbx and f&r */
235 msg->hdr = static_type6_hdrX;
236 msg->hdr.tocardlen1 = size - sizeof(msg->hdr);
237 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
238
239 msg->cprbx = static_cprbx;
240 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
241 msg->cprbx.rpl_msgbl = msg->hdr.fromcardlen1;
242
243 msg->fr = static_pke_fnr;
244
245 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
246
247 ap_msg->len = size;
248 return 0;
249 }
250
251 /*
252 * Convert a ICACRT message to a type6 CRT message.
253 *
254 * @zq: crypto device pointer
255 * @ap_msg: pointer to AP message
256 * @crt: pointer to user input data
257 *
258 * Returns 0 on success or negative errno value.
259 */
icacrt_msg_to_type6crt_msgx(struct zcrypt_queue * zq,struct ap_message * ap_msg,struct ica_rsa_modexpo_crt * crt)260 static int icacrt_msg_to_type6crt_msgx(struct zcrypt_queue *zq,
261 struct ap_message *ap_msg,
262 struct ica_rsa_modexpo_crt *crt)
263 {
264 static struct type6_hdr static_type6_hdrX = {
265 .type = 0x06,
266 .offset1 = 0x00000058,
267 .agent_id = {'C', 'A',},
268 .function_code = {'P', 'D'},
269 };
270 static struct function_and_rules_block static_pkd_fnr = {
271 .function_code = {'P', 'D'},
272 .ulen = 10,
273 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
274 };
275
276 struct {
277 struct type6_hdr hdr;
278 struct CPRBX cprbx;
279 struct function_and_rules_block fr;
280 unsigned short length;
281 char text[0];
282 } __packed * msg = ap_msg->msg;
283 int size;
284
285 /*
286 * The inputdatalength was a selection criteria in the dispatching
287 * function zcrypt_rsa_crt(). However, make sure the following
288 * copy_from_user() never exceeds the allocated buffer space.
289 */
290 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
291 return -EINVAL;
292
293 /* VUD.ciphertext */
294 msg->length = crt->inputdatalength + 2;
295 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
296 return -EFAULT;
297
298 /* Set up key which is located after the variable length text. */
299 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
300 if (size < 0)
301 return size;
302 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */
303
304 /* message header, cprbx and f&r */
305 msg->hdr = static_type6_hdrX;
306 msg->hdr.tocardlen1 = size - sizeof(msg->hdr);
307 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
308
309 msg->cprbx = static_cprbx;
310 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
311 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
312 size - sizeof(msg->hdr) - sizeof(msg->cprbx);
313
314 msg->fr = static_pkd_fnr;
315
316 ap_msg->len = size;
317 return 0;
318 }
319
320 /*
321 * Convert a XCRB message to a type6 CPRB message.
322 *
323 * @zq: crypto device pointer
324 * @ap_msg: pointer to AP message
325 * @xcRB: pointer to user input data
326 *
327 * Returns 0 on success or -EFAULT, -EINVAL.
328 */
329 struct type86_fmt2_msg {
330 struct type86_hdr hdr;
331 struct type86_fmt2_ext fmt2;
332 } __packed;
333
xcrb_msg_to_type6cprb_msgx(bool userspace,struct ap_message * ap_msg,struct ica_xcRB * xcrb,unsigned int * fcode,unsigned short ** dom)334 static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg,
335 struct ica_xcRB *xcrb,
336 unsigned int *fcode,
337 unsigned short **dom)
338 {
339 static struct type6_hdr static_type6_hdrX = {
340 .type = 0x06,
341 .offset1 = 0x00000058,
342 };
343 struct {
344 struct type6_hdr hdr;
345 struct CPRBX cprbx;
346 } __packed * msg = ap_msg->msg;
347
348 int rcblen = CEIL4(xcrb->request_control_blk_length);
349 int req_sumlen, resp_sumlen;
350 char *req_data = ap_msg->msg + sizeof(struct type6_hdr) + rcblen;
351 char *function_code;
352
353 if (CEIL4(xcrb->request_control_blk_length) <
354 xcrb->request_control_blk_length)
355 return -EINVAL; /* overflow after alignment*/
356
357 /* length checks */
358 ap_msg->len = sizeof(struct type6_hdr) +
359 CEIL4(xcrb->request_control_blk_length) +
360 xcrb->request_data_length;
361 if (ap_msg->len > ap_msg->bufsize)
362 return -EINVAL;
363
364 /*
365 * Overflow check
366 * sum must be greater (or equal) than the largest operand
367 */
368 req_sumlen = CEIL4(xcrb->request_control_blk_length) +
369 xcrb->request_data_length;
370 if ((CEIL4(xcrb->request_control_blk_length) <=
371 xcrb->request_data_length) ?
372 req_sumlen < xcrb->request_data_length :
373 req_sumlen < CEIL4(xcrb->request_control_blk_length)) {
374 return -EINVAL;
375 }
376
377 if (CEIL4(xcrb->reply_control_blk_length) <
378 xcrb->reply_control_blk_length)
379 return -EINVAL; /* overflow after alignment*/
380
381 /*
382 * Overflow check
383 * sum must be greater (or equal) than the largest operand
384 */
385 resp_sumlen = CEIL4(xcrb->reply_control_blk_length) +
386 xcrb->reply_data_length;
387 if ((CEIL4(xcrb->reply_control_blk_length) <=
388 xcrb->reply_data_length) ?
389 resp_sumlen < xcrb->reply_data_length :
390 resp_sumlen < CEIL4(xcrb->reply_control_blk_length)) {
391 return -EINVAL;
392 }
393
394 /* prepare type6 header */
395 msg->hdr = static_type6_hdrX;
396 memcpy(msg->hdr.agent_id, &xcrb->agent_ID, sizeof(xcrb->agent_ID));
397 msg->hdr.tocardlen1 = xcrb->request_control_blk_length;
398 if (xcrb->request_data_length) {
399 msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
400 msg->hdr.tocardlen2 = xcrb->request_data_length;
401 }
402 msg->hdr.fromcardlen1 = xcrb->reply_control_blk_length;
403 msg->hdr.fromcardlen2 = xcrb->reply_data_length;
404
405 /* prepare CPRB */
406 if (z_copy_from_user(userspace, &msg->cprbx, xcrb->request_control_blk_addr,
407 xcrb->request_control_blk_length))
408 return -EFAULT;
409 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
410 xcrb->request_control_blk_length)
411 return -EINVAL;
412 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
413 memcpy(msg->hdr.function_code, function_code,
414 sizeof(msg->hdr.function_code));
415
416 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
417 *dom = (unsigned short *)&msg->cprbx.domain;
418
419 /* check subfunction, US and AU need special flag with NQAP */
420 if (memcmp(function_code, "US", 2) == 0 ||
421 memcmp(function_code, "AU", 2) == 0)
422 ap_msg->flags |= AP_MSG_FLAG_SPECIAL;
423
424 #ifdef CONFIG_ZCRYPT_DEBUG
425 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL)
426 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL;
427 #endif
428
429 /* check CPRB minor version, set info bits in ap_message flag field */
430 switch (*(unsigned short *)(&msg->cprbx.func_id[0])) {
431 case 0x5432: /* "T2" */
432 ap_msg->flags |= AP_MSG_FLAG_USAGE;
433 break;
434 case 0x5433: /* "T3" */
435 case 0x5435: /* "T5" */
436 case 0x5436: /* "T6" */
437 case 0x5437: /* "T7" */
438 ap_msg->flags |= AP_MSG_FLAG_ADMIN;
439 break;
440 default:
441 ZCRYPT_DBF_DBG("%s unknown CPRB minor version '%c%c'\n",
442 __func__, msg->cprbx.func_id[0],
443 msg->cprbx.func_id[1]);
444 }
445
446 /* copy data block */
447 if (xcrb->request_data_length &&
448 z_copy_from_user(userspace, req_data, xcrb->request_data_address,
449 xcrb->request_data_length))
450 return -EFAULT;
451
452 return 0;
453 }
454
xcrb_msg_to_type6_ep11cprb_msgx(bool userspace,struct ap_message * ap_msg,struct ep11_urb * xcrb,unsigned int * fcode,unsigned int * domain)455 static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap_msg,
456 struct ep11_urb *xcrb,
457 unsigned int *fcode,
458 unsigned int *domain)
459 {
460 unsigned int lfmt;
461 static struct type6_hdr static_type6_ep11_hdr = {
462 .type = 0x06,
463 .rqid = {0x00, 0x01},
464 .function_code = {0x00, 0x00},
465 .agent_id[0] = 0x58, /* {'X'} */
466 .agent_id[1] = 0x43, /* {'C'} */
467 .offset1 = 0x00000058,
468 };
469
470 struct {
471 struct type6_hdr hdr;
472 struct ep11_cprb cprbx;
473 unsigned char pld_tag; /* fixed value 0x30 */
474 unsigned char pld_lenfmt; /* payload length format */
475 } __packed * msg = ap_msg->msg;
476
477 struct pld_hdr {
478 unsigned char func_tag; /* fixed value 0x4 */
479 unsigned char func_len; /* fixed value 0x4 */
480 unsigned int func_val; /* function ID */
481 unsigned char dom_tag; /* fixed value 0x4 */
482 unsigned char dom_len; /* fixed value 0x4 */
483 unsigned int dom_val; /* domain id */
484 } __packed * payload_hdr = NULL;
485
486 if (CEIL4(xcrb->req_len) < xcrb->req_len)
487 return -EINVAL; /* overflow after alignment*/
488
489 /* length checks */
490 ap_msg->len = sizeof(struct type6_hdr) + CEIL4(xcrb->req_len);
491 if (ap_msg->len > ap_msg->bufsize)
492 return -EINVAL;
493
494 if (CEIL4(xcrb->resp_len) < xcrb->resp_len)
495 return -EINVAL; /* overflow after alignment*/
496
497 /* prepare type6 header */
498 msg->hdr = static_type6_ep11_hdr;
499 msg->hdr.tocardlen1 = xcrb->req_len;
500 msg->hdr.fromcardlen1 = xcrb->resp_len;
501
502 /* Import CPRB data from the ioctl input parameter */
503 if (z_copy_from_user(userspace, &msg->cprbx.cprb_len,
504 (char __force __user *)xcrb->req, xcrb->req_len)) {
505 return -EFAULT;
506 }
507
508 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
509 switch (msg->pld_lenfmt & 0x03) {
510 case 1:
511 lfmt = 2;
512 break;
513 case 2:
514 lfmt = 3;
515 break;
516 default:
517 return -EINVAL;
518 }
519 } else {
520 lfmt = 1; /* length format #1 */
521 }
522 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt);
523 *fcode = payload_hdr->func_val & 0xFFFF;
524
525 /* enable special processing based on the cprbs flags special bit */
526 if (msg->cprbx.flags & 0x20)
527 ap_msg->flags |= AP_MSG_FLAG_SPECIAL;
528
529 #ifdef CONFIG_ZCRYPT_DEBUG
530 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL)
531 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL;
532 #endif
533
534 /* set info bits in ap_message flag field */
535 if (msg->cprbx.flags & 0x80)
536 ap_msg->flags |= AP_MSG_FLAG_ADMIN;
537 else
538 ap_msg->flags |= AP_MSG_FLAG_USAGE;
539
540 *domain = msg->cprbx.target_id;
541
542 return 0;
543 }
544
545 /*
546 * Copy results from a type 86 ICA reply message back to user space.
547 *
548 * @zq: crypto device pointer
549 * @reply: reply AP message.
550 * @data: pointer to user output data
551 * @length: size of user output data
552 *
553 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
554 */
555 struct type86x_reply {
556 struct type86_hdr hdr;
557 struct type86_fmt2_ext fmt2;
558 struct CPRBX cprbx;
559 unsigned char pad[4]; /* 4 byte function code/rules block ? */
560 unsigned short length;
561 char text[];
562 } __packed;
563
564 struct type86_ep11_reply {
565 struct type86_hdr hdr;
566 struct type86_fmt2_ext fmt2;
567 struct ep11_cprb cprbx;
568 } __packed;
569
convert_type86_ica(struct zcrypt_queue * zq,struct ap_message * reply,char __user * outputdata,unsigned int outputdatalength)570 static int convert_type86_ica(struct zcrypt_queue *zq,
571 struct ap_message *reply,
572 char __user *outputdata,
573 unsigned int outputdatalength)
574 {
575 static unsigned char static_pad[] = {
576 0x00, 0x02,
577 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
578 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
579 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
580 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
581 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
582 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
583 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
584 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
585 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
586 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
587 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
588 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
589 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
590 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
591 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
592 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
593 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
594 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
595 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
596 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
597 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
598 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
599 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
600 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
601 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
602 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
603 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
604 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
605 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
606 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
607 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
608 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
609 };
610 struct type86x_reply *msg = reply->msg;
611 unsigned short service_rc, service_rs;
612 unsigned int reply_len, pad_len;
613 char *data;
614
615 service_rc = msg->cprbx.ccp_rtcode;
616 if (unlikely(service_rc != 0)) {
617 service_rs = msg->cprbx.ccp_rscode;
618 if ((service_rc == 8 && service_rs == 66) ||
619 (service_rc == 8 && service_rs == 65) ||
620 (service_rc == 8 && service_rs == 72) ||
621 (service_rc == 8 && service_rs == 770) ||
622 (service_rc == 12 && service_rs == 769)) {
623 ZCRYPT_DBF_WARN("%s dev=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
624 __func__, AP_QID_CARD(zq->queue->qid),
625 AP_QID_QUEUE(zq->queue->qid),
626 (int)service_rc, (int)service_rs);
627 return -EINVAL;
628 }
629 zq->online = 0;
630 pr_err("Crypto dev=%02x.%04x rc/rs=%d/%d online=0 rc=EAGAIN\n",
631 AP_QID_CARD(zq->queue->qid),
632 AP_QID_QUEUE(zq->queue->qid),
633 (int)service_rc, (int)service_rs);
634 ZCRYPT_DBF_ERR("%s dev=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
635 __func__, AP_QID_CARD(zq->queue->qid),
636 AP_QID_QUEUE(zq->queue->qid),
637 (int)service_rc, (int)service_rs);
638 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
639 return -EAGAIN;
640 }
641 data = msg->text;
642 reply_len = msg->length - 2;
643 if (reply_len > outputdatalength)
644 return -EINVAL;
645 /*
646 * For all encipher requests, the length of the ciphertext (reply_len)
647 * will always equal the modulus length. For MEX decipher requests
648 * the output needs to get padded. Minimum pad size is 10.
649 *
650 * Currently, the cases where padding will be added is for:
651 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
652 * ZERO-PAD and CRT is only supported for PKD requests)
653 * - PCICC, always
654 */
655 pad_len = outputdatalength - reply_len;
656 if (pad_len > 0) {
657 if (pad_len < 10)
658 return -EINVAL;
659 /* 'restore' padding left in the CEXXC card. */
660 if (copy_to_user(outputdata, static_pad, pad_len - 1))
661 return -EFAULT;
662 if (put_user(0, outputdata + pad_len - 1))
663 return -EFAULT;
664 }
665 /* Copy the crypto response to user space. */
666 if (copy_to_user(outputdata + pad_len, data, reply_len))
667 return -EFAULT;
668 return 0;
669 }
670
671 /*
672 * Copy results from a type 86 XCRB reply message back to user space.
673 *
674 * @zq: crypto device pointer
675 * @reply: reply AP message.
676 * @xcrb: pointer to XCRB
677 *
678 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
679 */
convert_type86_xcrb(bool userspace,struct zcrypt_queue * zq,struct ap_message * reply,struct ica_xcRB * xcrb)680 static int convert_type86_xcrb(bool userspace, struct zcrypt_queue *zq,
681 struct ap_message *reply,
682 struct ica_xcRB *xcrb)
683 {
684 struct type86_fmt2_msg *msg = reply->msg;
685 char *data = reply->msg;
686
687 /* Copy CPRB to user */
688 if (xcrb->reply_control_blk_length < msg->fmt2.count1) {
689 ZCRYPT_DBF_DBG("%s reply_control_blk_length %u < required %u => EMSGSIZE\n",
690 __func__, xcrb->reply_control_blk_length,
691 msg->fmt2.count1);
692 return -EMSGSIZE;
693 }
694 if (z_copy_to_user(userspace, xcrb->reply_control_blk_addr,
695 data + msg->fmt2.offset1, msg->fmt2.count1))
696 return -EFAULT;
697 xcrb->reply_control_blk_length = msg->fmt2.count1;
698
699 /* Copy data buffer to user */
700 if (msg->fmt2.count2) {
701 if (xcrb->reply_data_length < msg->fmt2.count2) {
702 ZCRYPT_DBF_DBG("%s reply_data_length %u < required %u => EMSGSIZE\n",
703 __func__, xcrb->reply_data_length,
704 msg->fmt2.count2);
705 return -EMSGSIZE;
706 }
707 if (z_copy_to_user(userspace, xcrb->reply_data_addr,
708 data + msg->fmt2.offset2, msg->fmt2.count2))
709 return -EFAULT;
710 }
711 xcrb->reply_data_length = msg->fmt2.count2;
712
713 return 0;
714 }
715
716 /*
717 * Copy results from a type 86 EP11 XCRB reply message back to user space.
718 *
719 * @zq: crypto device pointer
720 * @reply: reply AP message.
721 * @xcrb: pointer to EP11 user request block
722 *
723 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
724 */
convert_type86_ep11_xcrb(bool userspace,struct zcrypt_queue * zq,struct ap_message * reply,struct ep11_urb * xcrb)725 static int convert_type86_ep11_xcrb(bool userspace, struct zcrypt_queue *zq,
726 struct ap_message *reply,
727 struct ep11_urb *xcrb)
728 {
729 struct type86_fmt2_msg *msg = reply->msg;
730 char *data = reply->msg;
731
732 if (xcrb->resp_len < msg->fmt2.count1) {
733 ZCRYPT_DBF_DBG("%s resp_len %u < required %u => EMSGSIZE\n",
734 __func__, (unsigned int)xcrb->resp_len,
735 msg->fmt2.count1);
736 return -EMSGSIZE;
737 }
738
739 /* Copy response CPRB to user */
740 if (z_copy_to_user(userspace, (char __force __user *)xcrb->resp,
741 data + msg->fmt2.offset1, msg->fmt2.count1))
742 return -EFAULT;
743 xcrb->resp_len = msg->fmt2.count1;
744 return 0;
745 }
746
convert_type86_rng(struct zcrypt_queue * zq,struct ap_message * reply,char * buffer)747 static int convert_type86_rng(struct zcrypt_queue *zq,
748 struct ap_message *reply,
749 char *buffer)
750 {
751 struct {
752 struct type86_hdr hdr;
753 struct type86_fmt2_ext fmt2;
754 struct CPRBX cprbx;
755 } __packed * msg = reply->msg;
756 char *data = reply->msg;
757
758 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
759 return -EINVAL;
760 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
761 return msg->fmt2.count2;
762 }
763
convert_response_ica(struct zcrypt_queue * zq,struct ap_message * reply,char __user * outputdata,unsigned int outputdatalength)764 static int convert_response_ica(struct zcrypt_queue *zq,
765 struct ap_message *reply,
766 char __user *outputdata,
767 unsigned int outputdatalength)
768 {
769 struct type86x_reply *msg = reply->msg;
770
771 switch (msg->hdr.type) {
772 case TYPE82_RSP_CODE:
773 case TYPE88_RSP_CODE:
774 return convert_error(zq, reply);
775 case TYPE86_RSP_CODE:
776 if (msg->cprbx.ccp_rtcode &&
777 msg->cprbx.ccp_rscode == 0x14f &&
778 outputdatalength > 256) {
779 if (zq->zcard->max_exp_bit_length <= 17) {
780 zq->zcard->max_exp_bit_length = 17;
781 return -EAGAIN;
782 } else {
783 return -EINVAL;
784 }
785 }
786 if (msg->hdr.reply_code)
787 return convert_error(zq, reply);
788 if (msg->cprbx.cprb_ver_id == 0x02)
789 return convert_type86_ica(zq, reply,
790 outputdata, outputdatalength);
791 fallthrough; /* wrong cprb version is an unknown response */
792 default:
793 /* Unknown response type, this should NEVER EVER happen */
794 zq->online = 0;
795 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
796 AP_QID_CARD(zq->queue->qid),
797 AP_QID_QUEUE(zq->queue->qid),
798 (int)msg->hdr.type);
799 ZCRYPT_DBF_ERR(
800 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
801 __func__, AP_QID_CARD(zq->queue->qid),
802 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type);
803 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
804 return -EAGAIN;
805 }
806 }
807
convert_response_xcrb(bool userspace,struct zcrypt_queue * zq,struct ap_message * reply,struct ica_xcRB * xcrb)808 static int convert_response_xcrb(bool userspace, struct zcrypt_queue *zq,
809 struct ap_message *reply,
810 struct ica_xcRB *xcrb)
811 {
812 struct type86x_reply *msg = reply->msg;
813
814 switch (msg->hdr.type) {
815 case TYPE82_RSP_CODE:
816 case TYPE88_RSP_CODE:
817 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */
818 return convert_error(zq, reply);
819 case TYPE86_RSP_CODE:
820 if (msg->hdr.reply_code) {
821 memcpy(&xcrb->status, msg->fmt2.apfs, sizeof(u32));
822 return convert_error(zq, reply);
823 }
824 if (msg->cprbx.cprb_ver_id == 0x02)
825 return convert_type86_xcrb(userspace, zq, reply, xcrb);
826 fallthrough; /* wrong cprb version is an unknown response */
827 default: /* Unknown response type, this should NEVER EVER happen */
828 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */
829 zq->online = 0;
830 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
831 AP_QID_CARD(zq->queue->qid),
832 AP_QID_QUEUE(zq->queue->qid),
833 (int)msg->hdr.type);
834 ZCRYPT_DBF_ERR(
835 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
836 __func__, AP_QID_CARD(zq->queue->qid),
837 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type);
838 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
839 return -EAGAIN;
840 }
841 }
842
convert_response_ep11_xcrb(bool userspace,struct zcrypt_queue * zq,struct ap_message * reply,struct ep11_urb * xcrb)843 static int convert_response_ep11_xcrb(bool userspace, struct zcrypt_queue *zq,
844 struct ap_message *reply, struct ep11_urb *xcrb)
845 {
846 struct type86_ep11_reply *msg = reply->msg;
847
848 switch (msg->hdr.type) {
849 case TYPE82_RSP_CODE:
850 case TYPE87_RSP_CODE:
851 return convert_error(zq, reply);
852 case TYPE86_RSP_CODE:
853 if (msg->hdr.reply_code)
854 return convert_error(zq, reply);
855 if (msg->cprbx.cprb_ver_id == 0x04)
856 return convert_type86_ep11_xcrb(userspace, zq, reply, xcrb);
857 fallthrough; /* wrong cprb version is an unknown resp */
858 default: /* Unknown response type, this should NEVER EVER happen */
859 zq->online = 0;
860 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
861 AP_QID_CARD(zq->queue->qid),
862 AP_QID_QUEUE(zq->queue->qid),
863 (int)msg->hdr.type);
864 ZCRYPT_DBF_ERR(
865 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
866 __func__, AP_QID_CARD(zq->queue->qid),
867 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type);
868 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
869 return -EAGAIN;
870 }
871 }
872
convert_response_rng(struct zcrypt_queue * zq,struct ap_message * reply,char * data)873 static int convert_response_rng(struct zcrypt_queue *zq,
874 struct ap_message *reply,
875 char *data)
876 {
877 struct type86x_reply *msg = reply->msg;
878
879 switch (msg->hdr.type) {
880 case TYPE82_RSP_CODE:
881 case TYPE88_RSP_CODE:
882 return -EINVAL;
883 case TYPE86_RSP_CODE:
884 if (msg->hdr.reply_code)
885 return -EINVAL;
886 if (msg->cprbx.cprb_ver_id == 0x02)
887 return convert_type86_rng(zq, reply, data);
888 fallthrough; /* wrong cprb version is an unknown response */
889 default: /* Unknown response type, this should NEVER EVER happen */
890 zq->online = 0;
891 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
892 AP_QID_CARD(zq->queue->qid),
893 AP_QID_QUEUE(zq->queue->qid),
894 (int)msg->hdr.type);
895 ZCRYPT_DBF_ERR(
896 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
897 __func__, AP_QID_CARD(zq->queue->qid),
898 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type);
899 ap_send_online_uevent(&zq->queue->ap_dev, zq->online);
900 return -EAGAIN;
901 }
902 }
903
904 /*
905 * This function is called from the AP bus code after a crypto request
906 * "msg" has finished with the reply message "reply".
907 * It is called from tasklet context.
908 * @aq: pointer to the AP queue
909 * @msg: pointer to the AP message
910 * @reply: pointer to the AP reply message
911 */
zcrypt_msgtype6_receive(struct ap_queue * aq,struct ap_message * msg,struct ap_message * reply)912 static void zcrypt_msgtype6_receive(struct ap_queue *aq,
913 struct ap_message *msg,
914 struct ap_message *reply)
915 {
916 static struct error_hdr error_reply = {
917 .type = TYPE82_RSP_CODE,
918 .reply_code = REP82_ERROR_MACHINE_FAILURE,
919 };
920 struct response_type *resp_type =
921 (struct response_type *)msg->private;
922 struct type86x_reply *t86r;
923 int len;
924
925 /* Copy the reply message to the request message buffer. */
926 if (!reply)
927 goto out; /* ap_msg->rc indicates the error */
928 t86r = reply->msg;
929 if (t86r->hdr.type == TYPE86_RSP_CODE &&
930 t86r->cprbx.cprb_ver_id == 0x02) {
931 switch (resp_type->type) {
932 case CEXXC_RESPONSE_TYPE_ICA:
933 len = sizeof(struct type86x_reply) + t86r->length - 2;
934 if (len > reply->bufsize || len > msg->bufsize) {
935 msg->rc = -EMSGSIZE;
936 } else {
937 memcpy(msg->msg, reply->msg, len);
938 msg->len = len;
939 }
940 break;
941 case CEXXC_RESPONSE_TYPE_XCRB:
942 len = t86r->fmt2.offset2 + t86r->fmt2.count2;
943 if (len > reply->bufsize || len > msg->bufsize) {
944 msg->rc = -EMSGSIZE;
945 } else {
946 memcpy(msg->msg, reply->msg, len);
947 msg->len = len;
948 }
949 break;
950 default:
951 memcpy(msg->msg, &error_reply, sizeof(error_reply));
952 }
953 } else {
954 memcpy(msg->msg, reply->msg, sizeof(error_reply));
955 }
956 out:
957 complete(&resp_type->work);
958 }
959
960 /*
961 * This function is called from the AP bus code after a crypto request
962 * "msg" has finished with the reply message "reply".
963 * It is called from tasklet context.
964 * @aq: pointer to the AP queue
965 * @msg: pointer to the AP message
966 * @reply: pointer to the AP reply message
967 */
zcrypt_msgtype6_receive_ep11(struct ap_queue * aq,struct ap_message * msg,struct ap_message * reply)968 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
969 struct ap_message *msg,
970 struct ap_message *reply)
971 {
972 static struct error_hdr error_reply = {
973 .type = TYPE82_RSP_CODE,
974 .reply_code = REP82_ERROR_MACHINE_FAILURE,
975 };
976 struct response_type *resp_type =
977 (struct response_type *)msg->private;
978 struct type86_ep11_reply *t86r;
979 int len;
980
981 /* Copy the reply message to the request message buffer. */
982 if (!reply)
983 goto out; /* ap_msg->rc indicates the error */
984 t86r = reply->msg;
985 if (t86r->hdr.type == TYPE86_RSP_CODE &&
986 t86r->cprbx.cprb_ver_id == 0x04) {
987 switch (resp_type->type) {
988 case CEXXC_RESPONSE_TYPE_EP11:
989 len = t86r->fmt2.offset1 + t86r->fmt2.count1;
990 if (len > reply->bufsize || len > msg->bufsize) {
991 msg->rc = -EMSGSIZE;
992 } else {
993 memcpy(msg->msg, reply->msg, len);
994 msg->len = len;
995 }
996 break;
997 default:
998 memcpy(msg->msg, &error_reply, sizeof(error_reply));
999 }
1000 } else {
1001 memcpy(msg->msg, reply->msg, sizeof(error_reply));
1002 }
1003 out:
1004 complete(&resp_type->work);
1005 }
1006
1007 static atomic_t zcrypt_step = ATOMIC_INIT(0);
1008
1009 /*
1010 * The request distributor calls this function if it picked the CEXxC
1011 * device to handle a modexpo request.
1012 * @zq: pointer to zcrypt_queue structure that identifies the
1013 * CEXxC device to the request distributor
1014 * @mex: pointer to the modexpo request buffer
1015 */
zcrypt_msgtype6_modexpo(struct zcrypt_queue * zq,struct ica_rsa_modexpo * mex,struct ap_message * ap_msg)1016 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1017 struct ica_rsa_modexpo *mex,
1018 struct ap_message *ap_msg)
1019 {
1020 struct response_type resp_type = {
1021 .type = CEXXC_RESPONSE_TYPE_ICA,
1022 };
1023 int rc;
1024
1025 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL);
1026 if (!ap_msg->msg)
1027 return -ENOMEM;
1028 ap_msg->bufsize = PAGE_SIZE;
1029 ap_msg->receive = zcrypt_msgtype6_receive;
1030 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1031 atomic_inc_return(&zcrypt_step);
1032 ap_msg->private = &resp_type;
1033 rc = icamex_msg_to_type6mex_msgx(zq, ap_msg, mex);
1034 if (rc)
1035 goto out_free;
1036 init_completion(&resp_type.work);
1037 rc = ap_queue_message(zq->queue, ap_msg);
1038 if (rc)
1039 goto out_free;
1040 rc = wait_for_completion_interruptible(&resp_type.work);
1041 if (rc == 0) {
1042 rc = ap_msg->rc;
1043 if (rc == 0)
1044 rc = convert_response_ica(zq, ap_msg,
1045 mex->outputdata,
1046 mex->outputdatalength);
1047 } else {
1048 /* Signal pending. */
1049 ap_cancel_message(zq->queue, ap_msg);
1050 }
1051
1052 out_free:
1053 free_page((unsigned long)ap_msg->msg);
1054 ap_msg->private = NULL;
1055 ap_msg->msg = NULL;
1056 return rc;
1057 }
1058
1059 /*
1060 * The request distributor calls this function if it picked the CEXxC
1061 * device to handle a modexpo_crt request.
1062 * @zq: pointer to zcrypt_queue structure that identifies the
1063 * CEXxC device to the request distributor
1064 * @crt: pointer to the modexpoc_crt request buffer
1065 */
zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue * zq,struct ica_rsa_modexpo_crt * crt,struct ap_message * ap_msg)1066 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1067 struct ica_rsa_modexpo_crt *crt,
1068 struct ap_message *ap_msg)
1069 {
1070 struct response_type resp_type = {
1071 .type = CEXXC_RESPONSE_TYPE_ICA,
1072 };
1073 int rc;
1074
1075 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL);
1076 if (!ap_msg->msg)
1077 return -ENOMEM;
1078 ap_msg->bufsize = PAGE_SIZE;
1079 ap_msg->receive = zcrypt_msgtype6_receive;
1080 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1081 atomic_inc_return(&zcrypt_step);
1082 ap_msg->private = &resp_type;
1083 rc = icacrt_msg_to_type6crt_msgx(zq, ap_msg, crt);
1084 if (rc)
1085 goto out_free;
1086 init_completion(&resp_type.work);
1087 rc = ap_queue_message(zq->queue, ap_msg);
1088 if (rc)
1089 goto out_free;
1090 rc = wait_for_completion_interruptible(&resp_type.work);
1091 if (rc == 0) {
1092 rc = ap_msg->rc;
1093 if (rc == 0)
1094 rc = convert_response_ica(zq, ap_msg,
1095 crt->outputdata,
1096 crt->outputdatalength);
1097 } else {
1098 /* Signal pending. */
1099 ap_cancel_message(zq->queue, ap_msg);
1100 }
1101
1102 out_free:
1103 free_page((unsigned long)ap_msg->msg);
1104 ap_msg->private = NULL;
1105 ap_msg->msg = NULL;
1106 return rc;
1107 }
1108
1109 /*
1110 * Prepare a CCA AP msg request.
1111 * Prepare a CCA AP msg: fetch the required data from userspace,
1112 * prepare the AP msg, fill some info into the ap_message struct,
1113 * extract some data from the CPRB and give back to the caller.
1114 * This function allocates memory and needs an ap_msg prepared
1115 * by the caller with ap_init_message(). Also the caller has to
1116 * make sure ap_release_message() is always called even on failure.
1117 */
prep_cca_ap_msg(bool userspace,struct ica_xcRB * xcrb,struct ap_message * ap_msg,unsigned int * func_code,unsigned short ** dom)1118 int prep_cca_ap_msg(bool userspace, struct ica_xcRB *xcrb,
1119 struct ap_message *ap_msg,
1120 unsigned int *func_code, unsigned short **dom)
1121 {
1122 struct response_type resp_type = {
1123 .type = CEXXC_RESPONSE_TYPE_XCRB,
1124 };
1125
1126 ap_msg->bufsize = atomic_read(&ap_max_msg_size);
1127 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL);
1128 if (!ap_msg->msg)
1129 return -ENOMEM;
1130 ap_msg->receive = zcrypt_msgtype6_receive;
1131 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1132 atomic_inc_return(&zcrypt_step);
1133 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1134 if (!ap_msg->private)
1135 return -ENOMEM;
1136 return xcrb_msg_to_type6cprb_msgx(userspace, ap_msg, xcrb, func_code, dom);
1137 }
1138
1139 /*
1140 * The request distributor calls this function if it picked the CEXxC
1141 * device to handle a send_cprb request.
1142 * @zq: pointer to zcrypt_queue structure that identifies the
1143 * CEXxC device to the request distributor
1144 * @xcrb: pointer to the send_cprb request buffer
1145 */
zcrypt_msgtype6_send_cprb(bool userspace,struct zcrypt_queue * zq,struct ica_xcRB * xcrb,struct ap_message * ap_msg)1146 static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq,
1147 struct ica_xcRB *xcrb,
1148 struct ap_message *ap_msg)
1149 {
1150 int rc;
1151 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1152 struct {
1153 struct type6_hdr hdr;
1154 struct CPRBX cprbx;
1155 /* ... more data blocks ... */
1156 } __packed * msg = ap_msg->msg;
1157
1158 /*
1159 * Set the queue's reply buffer length minus 128 byte padding
1160 * as reply limit for the card firmware.
1161 */
1162 msg->hdr.fromcardlen1 = min_t(unsigned int, msg->hdr.fromcardlen1,
1163 zq->reply.bufsize - 128);
1164 if (msg->hdr.fromcardlen2)
1165 msg->hdr.fromcardlen2 =
1166 zq->reply.bufsize - msg->hdr.fromcardlen1 - 128;
1167
1168 init_completion(&rtype->work);
1169 rc = ap_queue_message(zq->queue, ap_msg);
1170 if (rc)
1171 goto out;
1172 rc = wait_for_completion_interruptible(&rtype->work);
1173 if (rc == 0) {
1174 rc = ap_msg->rc;
1175 if (rc == 0)
1176 rc = convert_response_xcrb(userspace, zq, ap_msg, xcrb);
1177 } else {
1178 /* Signal pending. */
1179 ap_cancel_message(zq->queue, ap_msg);
1180 }
1181
1182 out:
1183 if (rc)
1184 ZCRYPT_DBF_DBG("%s send cprb at dev=%02x.%04x rc=%d\n",
1185 __func__, AP_QID_CARD(zq->queue->qid),
1186 AP_QID_QUEUE(zq->queue->qid), rc);
1187 return rc;
1188 }
1189
1190 /*
1191 * Prepare an EP11 AP msg request.
1192 * Prepare an EP11 AP msg: fetch the required data from userspace,
1193 * prepare the AP msg, fill some info into the ap_message struct,
1194 * extract some data from the CPRB and give back to the caller.
1195 * This function allocates memory and needs an ap_msg prepared
1196 * by the caller with ap_init_message(). Also the caller has to
1197 * make sure ap_release_message() is always called even on failure.
1198 */
prep_ep11_ap_msg(bool userspace,struct ep11_urb * xcrb,struct ap_message * ap_msg,unsigned int * func_code,unsigned int * domain)1199 int prep_ep11_ap_msg(bool userspace, struct ep11_urb *xcrb,
1200 struct ap_message *ap_msg,
1201 unsigned int *func_code, unsigned int *domain)
1202 {
1203 struct response_type resp_type = {
1204 .type = CEXXC_RESPONSE_TYPE_EP11,
1205 };
1206
1207 ap_msg->bufsize = atomic_read(&ap_max_msg_size);
1208 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL);
1209 if (!ap_msg->msg)
1210 return -ENOMEM;
1211 ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1212 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1213 atomic_inc_return(&zcrypt_step);
1214 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1215 if (!ap_msg->private)
1216 return -ENOMEM;
1217 return xcrb_msg_to_type6_ep11cprb_msgx(userspace, ap_msg, xcrb,
1218 func_code, domain);
1219 }
1220
1221 /*
1222 * The request distributor calls this function if it picked the CEX4P
1223 * device to handle a send_ep11_cprb request.
1224 * @zq: pointer to zcrypt_queue structure that identifies the
1225 * CEX4P device to the request distributor
1226 * @xcrb: pointer to the ep11 user request block
1227 */
zcrypt_msgtype6_send_ep11_cprb(bool userspace,struct zcrypt_queue * zq,struct ep11_urb * xcrb,struct ap_message * ap_msg)1228 static long zcrypt_msgtype6_send_ep11_cprb(bool userspace, struct zcrypt_queue *zq,
1229 struct ep11_urb *xcrb,
1230 struct ap_message *ap_msg)
1231 {
1232 int rc;
1233 unsigned int lfmt;
1234 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1235 struct {
1236 struct type6_hdr hdr;
1237 struct ep11_cprb cprbx;
1238 unsigned char pld_tag; /* fixed value 0x30 */
1239 unsigned char pld_lenfmt; /* payload length format */
1240 } __packed * msg = ap_msg->msg;
1241 struct pld_hdr {
1242 unsigned char func_tag; /* fixed value 0x4 */
1243 unsigned char func_len; /* fixed value 0x4 */
1244 unsigned int func_val; /* function ID */
1245 unsigned char dom_tag; /* fixed value 0x4 */
1246 unsigned char dom_len; /* fixed value 0x4 */
1247 unsigned int dom_val; /* domain id */
1248 } __packed * payload_hdr = NULL;
1249
1250 /*
1251 * The target domain field within the cprb body/payload block will be
1252 * replaced by the usage domain for non-management commands only.
1253 * Therefore we check the first bit of the 'flags' parameter for
1254 * management command indication.
1255 * 0 - non management command
1256 * 1 - management command
1257 */
1258 if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1259 msg->cprbx.target_id = (unsigned int)
1260 AP_QID_QUEUE(zq->queue->qid);
1261
1262 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1263 switch (msg->pld_lenfmt & 0x03) {
1264 case 1:
1265 lfmt = 2;
1266 break;
1267 case 2:
1268 lfmt = 3;
1269 break;
1270 default:
1271 return -EINVAL;
1272 }
1273 } else {
1274 lfmt = 1; /* length format #1 */
1275 }
1276 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt);
1277 payload_hdr->dom_val = (unsigned int)
1278 AP_QID_QUEUE(zq->queue->qid);
1279 }
1280
1281 /*
1282 * Set the queue's reply buffer length minus the two prepend headers
1283 * as reply limit for the card firmware.
1284 */
1285 msg->hdr.fromcardlen1 = zq->reply.bufsize -
1286 sizeof(struct type86_hdr) - sizeof(struct type86_fmt2_ext);
1287
1288 init_completion(&rtype->work);
1289 rc = ap_queue_message(zq->queue, ap_msg);
1290 if (rc)
1291 goto out;
1292 rc = wait_for_completion_interruptible(&rtype->work);
1293 if (rc == 0) {
1294 rc = ap_msg->rc;
1295 if (rc == 0)
1296 rc = convert_response_ep11_xcrb(userspace, zq, ap_msg, xcrb);
1297 } else {
1298 /* Signal pending. */
1299 ap_cancel_message(zq->queue, ap_msg);
1300 }
1301
1302 out:
1303 if (rc)
1304 ZCRYPT_DBF_DBG("%s send cprb at dev=%02x.%04x rc=%d\n",
1305 __func__, AP_QID_CARD(zq->queue->qid),
1306 AP_QID_QUEUE(zq->queue->qid), rc);
1307 return rc;
1308 }
1309
prep_rng_ap_msg(struct ap_message * ap_msg,int * func_code,unsigned int * domain)1310 int prep_rng_ap_msg(struct ap_message *ap_msg, int *func_code,
1311 unsigned int *domain)
1312 {
1313 struct response_type resp_type = {
1314 .type = CEXXC_RESPONSE_TYPE_XCRB,
1315 };
1316
1317 ap_msg->bufsize = AP_DEFAULT_MAX_MSG_SIZE;
1318 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL);
1319 if (!ap_msg->msg)
1320 return -ENOMEM;
1321 ap_msg->receive = zcrypt_msgtype6_receive;
1322 ap_msg->psmid = (((unsigned long long)current->pid) << 32) +
1323 atomic_inc_return(&zcrypt_step);
1324 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1325 if (!ap_msg->private)
1326 return -ENOMEM;
1327
1328 rng_type6cprb_msgx(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1329
1330 *func_code = HWRNG;
1331 return 0;
1332 }
1333
1334 /*
1335 * The request distributor calls this function if it picked the CEXxC
1336 * device to generate random data.
1337 * @zq: pointer to zcrypt_queue structure that identifies the
1338 * CEXxC device to the request distributor
1339 * @buffer: pointer to a memory page to return random data
1340 */
zcrypt_msgtype6_rng(struct zcrypt_queue * zq,char * buffer,struct ap_message * ap_msg)1341 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1342 char *buffer, struct ap_message *ap_msg)
1343 {
1344 struct {
1345 struct type6_hdr hdr;
1346 struct CPRBX cprbx;
1347 char function_code[2];
1348 short int rule_length;
1349 char rule[8];
1350 short int verb_length;
1351 short int key_length;
1352 } __packed * msg = ap_msg->msg;
1353 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1354 int rc;
1355
1356 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1357
1358 init_completion(&rtype->work);
1359 rc = ap_queue_message(zq->queue, ap_msg);
1360 if (rc)
1361 goto out;
1362 rc = wait_for_completion_interruptible(&rtype->work);
1363 if (rc == 0) {
1364 rc = ap_msg->rc;
1365 if (rc == 0)
1366 rc = convert_response_rng(zq, ap_msg, buffer);
1367 } else {
1368 /* Signal pending. */
1369 ap_cancel_message(zq->queue, ap_msg);
1370 }
1371 out:
1372 return rc;
1373 }
1374
1375 /*
1376 * The crypto operations for a CEXxC card.
1377 */
1378 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1379 .owner = THIS_MODULE,
1380 .name = MSGTYPE06_NAME,
1381 .variant = MSGTYPE06_VARIANT_NORNG,
1382 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1383 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1384 .send_cprb = zcrypt_msgtype6_send_cprb,
1385 };
1386
1387 static struct zcrypt_ops zcrypt_msgtype6_ops = {
1388 .owner = THIS_MODULE,
1389 .name = MSGTYPE06_NAME,
1390 .variant = MSGTYPE06_VARIANT_DEFAULT,
1391 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1392 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1393 .send_cprb = zcrypt_msgtype6_send_cprb,
1394 .rng = zcrypt_msgtype6_rng,
1395 };
1396
1397 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1398 .owner = THIS_MODULE,
1399 .name = MSGTYPE06_NAME,
1400 .variant = MSGTYPE06_VARIANT_EP11,
1401 .rsa_modexpo = NULL,
1402 .rsa_modexpo_crt = NULL,
1403 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1404 };
1405
zcrypt_msgtype6_init(void)1406 void __init zcrypt_msgtype6_init(void)
1407 {
1408 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1409 zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1410 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1411 }
1412
zcrypt_msgtype6_exit(void)1413 void __exit zcrypt_msgtype6_exit(void)
1414 {
1415 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1416 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1417 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
1418 }
1419