1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * Copyright IBM Corp. 2001, 2023 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * 7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 9 * Ralph Wuerthner <rwuerthn@de.ibm.com> 10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 11 */ 12 13#define KMSG_COMPONENT "zcrypt" 14#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 15 16#include <linux/module.h> 17#include <linux/init.h> 18#include <linux/err.h> 19#include <linux/delay.h> 20#include <linux/slab.h> 21#include <linux/atomic.h> 22#include <linux/uaccess.h> 23 24#include "ap_bus.h" 25#include "zcrypt_api.h" 26#include "zcrypt_error.h" 27#include "zcrypt_msgtype6.h" 28#include "zcrypt_cca_key.h" 29 30#define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */ 31 32#define CEIL4(x) ((((x) + 3) / 4) * 4) 33 34struct response_type { 35 struct completion work; 36 int type; 37}; 38 39#define CEXXC_RESPONSE_TYPE_ICA 0 40#define CEXXC_RESPONSE_TYPE_XCRB 1 41#define CEXXC_RESPONSE_TYPE_EP11 2 42 43MODULE_AUTHOR("IBM Corporation"); 44MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \ 45 "Copyright IBM Corp. 2001, 2023"); 46MODULE_LICENSE("GPL"); 47 48struct function_and_rules_block { 49 unsigned char function_code[2]; 50 unsigned short ulen; 51 unsigned char only_rule[8]; 52} __packed; 53 54/* 55 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP 56 * card in a type6 message. The 3 fields that must be filled in at execution 57 * time are req_parml, rpl_parml and usage_domain. 58 * Everything about this interface is ascii/big-endian, since the 59 * device does *not* have 'Intel inside'. 60 * 61 * The CPRBX is followed immediately by the parm block. 62 * The parm block contains: 63 * - function code ('PD' 0x5044 or 'PK' 0x504B) 64 * - rule block (one of:) 65 * + 0x000A 'PKCS-1.2' (MCL2 'PD') 66 * + 0x000A 'ZERO-PAD' (MCL2 'PK') 67 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD') 68 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK') 69 * - VUD block 70 */ 71static const struct CPRBX static_cprbx = { 72 .cprb_len = 0x00DC, 73 .cprb_ver_id = 0x02, 74 .func_id = {0x54, 0x32}, 75}; 76 77int speed_idx_cca(int req_type) 78{ 79 switch (req_type) { 80 case 0x4142: 81 case 0x4149: 82 case 0x414D: 83 case 0x4341: 84 case 0x4344: 85 case 0x4354: 86 case 0x4358: 87 case 0x444B: 88 case 0x4558: 89 case 0x4643: 90 case 0x4651: 91 case 0x4C47: 92 case 0x4C4B: 93 case 0x4C51: 94 case 0x4F48: 95 case 0x504F: 96 case 0x5053: 97 case 0x5058: 98 case 0x5343: 99 case 0x5344: 100 case 0x5345: 101 case 0x5350: 102 return LOW; 103 case 0x414B: 104 case 0x4345: 105 case 0x4349: 106 case 0x434D: 107 case 0x4847: 108 case 0x4849: 109 case 0x484D: 110 case 0x4850: 111 case 0x4851: 112 case 0x4954: 113 case 0x4958: 114 case 0x4B43: 115 case 0x4B44: 116 case 0x4B45: 117 case 0x4B47: 118 case 0x4B48: 119 case 0x4B49: 120 case 0x4B4E: 121 case 0x4B50: 122 case 0x4B52: 123 case 0x4B54: 124 case 0x4B58: 125 case 0x4D50: 126 case 0x4D53: 127 case 0x4D56: 128 case 0x4D58: 129 case 0x5044: 130 case 0x5045: 131 case 0x5046: 132 case 0x5047: 133 case 0x5049: 134 case 0x504B: 135 case 0x504D: 136 case 0x5254: 137 case 0x5347: 138 case 0x5349: 139 case 0x534B: 140 case 0x534D: 141 case 0x5356: 142 case 0x5358: 143 case 0x5443: 144 case 0x544B: 145 case 0x5647: 146 return HIGH; 147 default: 148 return MEDIUM; 149 } 150} 151 152int speed_idx_ep11(int req_type) 153{ 154 switch (req_type) { 155 case 1: 156 case 2: 157 case 36: 158 case 37: 159 case 38: 160 case 39: 161 case 40: 162 return LOW; 163 case 17: 164 case 18: 165 case 19: 166 case 20: 167 case 21: 168 case 22: 169 case 26: 170 case 30: 171 case 31: 172 case 32: 173 case 33: 174 case 34: 175 case 35: 176 return HIGH; 177 default: 178 return MEDIUM; 179 } 180} 181 182/* 183 * Convert a ICAMEX message to a type6 MEX message. 184 * 185 * @zq: crypto device pointer 186 * @ap_msg: pointer to AP message 187 * @mex: pointer to user input data 188 * 189 * Returns 0 on success or negative errno value. 190 */ 191static int icamex_msg_to_type6mex_msgx(struct zcrypt_queue *zq, 192 struct ap_message *ap_msg, 193 struct ica_rsa_modexpo *mex) 194{ 195 static struct type6_hdr static_type6_hdrX = { 196 .type = 0x06, 197 .offset1 = 0x00000058, 198 .agent_id = {'C', 'A',}, 199 .function_code = {'P', 'K'}, 200 }; 201 static struct function_and_rules_block static_pke_fnr = { 202 .function_code = {'P', 'K'}, 203 .ulen = 10, 204 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '} 205 }; 206 struct { 207 struct type6_hdr hdr; 208 struct CPRBX cprbx; 209 struct function_and_rules_block fr; 210 unsigned short length; 211 char text[]; 212 } __packed * msg = ap_msg->msg; 213 int size; 214 215 /* 216 * The inputdatalength was a selection criteria in the dispatching 217 * function zcrypt_rsa_modexpo(). However, make sure the following 218 * copy_from_user() never exceeds the allocated buffer space. 219 */ 220 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE)) 221 return -EINVAL; 222 223 /* VUD.ciphertext */ 224 msg->length = mex->inputdatalength + 2; 225 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength)) 226 return -EFAULT; 227 228 /* Set up key which is located after the variable length text. */ 229 size = zcrypt_type6_mex_key_en(mex, msg->text + mex->inputdatalength); 230 if (size < 0) 231 return size; 232 size += sizeof(*msg) + mex->inputdatalength; 233 234 /* message header, cprbx and f&r */ 235 msg->hdr = static_type6_hdrX; 236 msg->hdr.tocardlen1 = size - sizeof(msg->hdr); 237 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 238 239 msg->cprbx = static_cprbx; 240 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 241 msg->cprbx.rpl_msgbl = msg->hdr.fromcardlen1; 242 243 msg->fr = static_pke_fnr; 244 245 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx); 246 247 ap_msg->len = size; 248 return 0; 249} 250 251/* 252 * Convert a ICACRT message to a type6 CRT message. 253 * 254 * @zq: crypto device pointer 255 * @ap_msg: pointer to AP message 256 * @crt: pointer to user input data 257 * 258 * Returns 0 on success or negative errno value. 259 */ 260static int icacrt_msg_to_type6crt_msgx(struct zcrypt_queue *zq, 261 struct ap_message *ap_msg, 262 struct ica_rsa_modexpo_crt *crt) 263{ 264 static struct type6_hdr static_type6_hdrX = { 265 .type = 0x06, 266 .offset1 = 0x00000058, 267 .agent_id = {'C', 'A',}, 268 .function_code = {'P', 'D'}, 269 }; 270 static struct function_and_rules_block static_pkd_fnr = { 271 .function_code = {'P', 'D'}, 272 .ulen = 10, 273 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'} 274 }; 275 276 struct { 277 struct type6_hdr hdr; 278 struct CPRBX cprbx; 279 struct function_and_rules_block fr; 280 unsigned short length; 281 char text[]; 282 } __packed * msg = ap_msg->msg; 283 int size; 284 285 /* 286 * The inputdatalength was a selection criteria in the dispatching 287 * function zcrypt_rsa_crt(). However, make sure the following 288 * copy_from_user() never exceeds the allocated buffer space. 289 */ 290 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE)) 291 return -EINVAL; 292 293 /* VUD.ciphertext */ 294 msg->length = crt->inputdatalength + 2; 295 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength)) 296 return -EFAULT; 297 298 /* Set up key which is located after the variable length text. */ 299 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength); 300 if (size < 0) 301 return size; 302 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */ 303 304 /* message header, cprbx and f&r */ 305 msg->hdr = static_type6_hdrX; 306 msg->hdr.tocardlen1 = size - sizeof(msg->hdr); 307 msg->hdr.fromcardlen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr); 308 309 msg->cprbx = static_cprbx; 310 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 311 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl = 312 size - sizeof(msg->hdr) - sizeof(msg->cprbx); 313 314 msg->fr = static_pkd_fnr; 315 316 ap_msg->len = size; 317 return 0; 318} 319 320/* 321 * Convert a XCRB message to a type6 CPRB message. 322 * 323 * @zq: crypto device pointer 324 * @ap_msg: pointer to AP message 325 * @xcRB: pointer to user input data 326 * 327 * Returns 0 on success or -EFAULT, -EINVAL. 328 */ 329struct type86_fmt2_msg { 330 struct type86_hdr hdr; 331 struct type86_fmt2_ext fmt2; 332} __packed; 333 334static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg, 335 struct ica_xcRB *xcrb, 336 unsigned int *fcode, 337 unsigned short **dom) 338{ 339 static struct type6_hdr static_type6_hdrX = { 340 .type = 0x06, 341 .offset1 = 0x00000058, 342 }; 343 struct { 344 struct type6_hdr hdr; 345 union { 346 struct CPRBX cprbx; 347 DECLARE_FLEX_ARRAY(u8, userdata); 348 }; 349 } __packed * msg = ap_msg->msg; 350 351 int rcblen = CEIL4(xcrb->request_control_blk_length); 352 int req_sumlen, resp_sumlen; 353 char *req_data = ap_msg->msg + sizeof(struct type6_hdr) + rcblen; 354 char *function_code; 355 356 if (CEIL4(xcrb->request_control_blk_length) < 357 xcrb->request_control_blk_length) 358 return -EINVAL; /* overflow after alignment*/ 359 360 /* length checks */ 361 ap_msg->len = sizeof(struct type6_hdr) + 362 CEIL4(xcrb->request_control_blk_length) + 363 xcrb->request_data_length; 364 if (ap_msg->len > ap_msg->bufsize) 365 return -EINVAL; 366 367 /* 368 * Overflow check 369 * sum must be greater (or equal) than the largest operand 370 */ 371 req_sumlen = CEIL4(xcrb->request_control_blk_length) + 372 xcrb->request_data_length; 373 if ((CEIL4(xcrb->request_control_blk_length) <= 374 xcrb->request_data_length) ? 375 req_sumlen < xcrb->request_data_length : 376 req_sumlen < CEIL4(xcrb->request_control_blk_length)) { 377 return -EINVAL; 378 } 379 380 if (CEIL4(xcrb->reply_control_blk_length) < 381 xcrb->reply_control_blk_length) 382 return -EINVAL; /* overflow after alignment*/ 383 384 /* 385 * Overflow check 386 * sum must be greater (or equal) than the largest operand 387 */ 388 resp_sumlen = CEIL4(xcrb->reply_control_blk_length) + 389 xcrb->reply_data_length; 390 if ((CEIL4(xcrb->reply_control_blk_length) <= 391 xcrb->reply_data_length) ? 392 resp_sumlen < xcrb->reply_data_length : 393 resp_sumlen < CEIL4(xcrb->reply_control_blk_length)) { 394 return -EINVAL; 395 } 396 397 /* prepare type6 header */ 398 msg->hdr = static_type6_hdrX; 399 memcpy(msg->hdr.agent_id, &xcrb->agent_ID, sizeof(xcrb->agent_ID)); 400 msg->hdr.tocardlen1 = xcrb->request_control_blk_length; 401 if (xcrb->request_data_length) { 402 msg->hdr.offset2 = msg->hdr.offset1 + rcblen; 403 msg->hdr.tocardlen2 = xcrb->request_data_length; 404 } 405 msg->hdr.fromcardlen1 = xcrb->reply_control_blk_length; 406 msg->hdr.fromcardlen2 = xcrb->reply_data_length; 407 408 /* prepare CPRB */ 409 if (z_copy_from_user(userspace, msg->userdata, 410 xcrb->request_control_blk_addr, 411 xcrb->request_control_blk_length)) 412 return -EFAULT; 413 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) > 414 xcrb->request_control_blk_length) 415 return -EINVAL; 416 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len; 417 memcpy(msg->hdr.function_code, function_code, 418 sizeof(msg->hdr.function_code)); 419 420 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1]; 421 *dom = (unsigned short *)&msg->cprbx.domain; 422 423 /* check subfunction, US and AU need special flag with NQAP */ 424 if (memcmp(function_code, "US", 2) == 0 || 425 memcmp(function_code, "AU", 2) == 0) 426 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 427 428 /* check CPRB minor version, set info bits in ap_message flag field */ 429 switch (*(unsigned short *)(&msg->cprbx.func_id[0])) { 430 case 0x5432: /* "T2" */ 431 ap_msg->flags |= AP_MSG_FLAG_USAGE; 432 break; 433 case 0x5433: /* "T3" */ 434 case 0x5435: /* "T5" */ 435 case 0x5436: /* "T6" */ 436 case 0x5437: /* "T7" */ 437 ap_msg->flags |= AP_MSG_FLAG_ADMIN; 438 break; 439 default: 440 pr_debug("%s unknown CPRB minor version '%c%c'\n", 441 __func__, msg->cprbx.func_id[0], 442 msg->cprbx.func_id[1]); 443 } 444 445 /* copy data block */ 446 if (xcrb->request_data_length && 447 z_copy_from_user(userspace, req_data, xcrb->request_data_address, 448 xcrb->request_data_length)) 449 return -EFAULT; 450 451 return 0; 452} 453 454static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap_msg, 455 struct ep11_urb *xcrb, 456 unsigned int *fcode, 457 unsigned int *domain) 458{ 459 unsigned int lfmt; 460 static struct type6_hdr static_type6_ep11_hdr = { 461 .type = 0x06, 462 .rqid = {0x00, 0x01}, 463 .function_code = {0x00, 0x00}, 464 .agent_id[0] = 0x58, /* {'X'} */ 465 .agent_id[1] = 0x43, /* {'C'} */ 466 .offset1 = 0x00000058, 467 }; 468 469 struct { 470 struct type6_hdr hdr; 471 union { 472 struct { 473 struct ep11_cprb cprbx; 474 unsigned char pld_tag; /* fixed value 0x30 */ 475 unsigned char pld_lenfmt; /* length format */ 476 } __packed; 477 DECLARE_FLEX_ARRAY(u8, userdata); 478 }; 479 } __packed * msg = ap_msg->msg; 480 481 struct pld_hdr { 482 unsigned char func_tag; /* fixed value 0x4 */ 483 unsigned char func_len; /* fixed value 0x4 */ 484 unsigned int func_val; /* function ID */ 485 unsigned char dom_tag; /* fixed value 0x4 */ 486 unsigned char dom_len; /* fixed value 0x4 */ 487 unsigned int dom_val; /* domain id */ 488 } __packed * payload_hdr = NULL; 489 490 if (CEIL4(xcrb->req_len) < xcrb->req_len) 491 return -EINVAL; /* overflow after alignment*/ 492 493 /* length checks */ 494 ap_msg->len = sizeof(struct type6_hdr) + CEIL4(xcrb->req_len); 495 if (ap_msg->len > ap_msg->bufsize) 496 return -EINVAL; 497 498 if (CEIL4(xcrb->resp_len) < xcrb->resp_len) 499 return -EINVAL; /* overflow after alignment*/ 500 501 /* prepare type6 header */ 502 msg->hdr = static_type6_ep11_hdr; 503 msg->hdr.tocardlen1 = xcrb->req_len; 504 msg->hdr.fromcardlen1 = xcrb->resp_len; 505 506 /* Import CPRB data from the ioctl input parameter */ 507 if (z_copy_from_user(userspace, msg->userdata, 508 (char __force __user *)xcrb->req, xcrb->req_len)) { 509 return -EFAULT; 510 } 511 512 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 513 switch (msg->pld_lenfmt & 0x03) { 514 case 1: 515 lfmt = 2; 516 break; 517 case 2: 518 lfmt = 3; 519 break; 520 default: 521 return -EINVAL; 522 } 523 } else { 524 lfmt = 1; /* length format #1 */ 525 } 526 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt); 527 *fcode = payload_hdr->func_val & 0xFFFF; 528 529 /* enable special processing based on the cprbs flags special bit */ 530 if (msg->cprbx.flags & 0x20) 531 ap_msg->flags |= AP_MSG_FLAG_SPECIAL; 532 533 /* set info bits in ap_message flag field */ 534 if (msg->cprbx.flags & 0x80) 535 ap_msg->flags |= AP_MSG_FLAG_ADMIN; 536 else 537 ap_msg->flags |= AP_MSG_FLAG_USAGE; 538 539 *domain = msg->cprbx.target_id; 540 541 return 0; 542} 543 544/* 545 * Copy results from a type 86 ICA reply message back to user space. 546 * 547 * @zq: crypto device pointer 548 * @reply: reply AP message. 549 * @data: pointer to user output data 550 * @length: size of user output data 551 * 552 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 553 */ 554struct type86x_reply { 555 struct type86_hdr hdr; 556 struct type86_fmt2_ext fmt2; 557 struct CPRBX cprbx; 558 unsigned char pad[4]; /* 4 byte function code/rules block ? */ 559 unsigned short length; /* length of data including length field size */ 560 char data[]; 561} __packed; 562 563struct type86_ep11_reply { 564 struct type86_hdr hdr; 565 struct type86_fmt2_ext fmt2; 566 struct ep11_cprb cprbx; 567} __packed; 568 569static int convert_type86_ica(struct zcrypt_queue *zq, 570 struct ap_message *reply, 571 char __user *outputdata, 572 unsigned int outputdatalength) 573{ 574 struct type86x_reply *msg = reply->msg; 575 unsigned short service_rc, service_rs; 576 unsigned int data_len; 577 578 service_rc = msg->cprbx.ccp_rtcode; 579 if (unlikely(service_rc != 0)) { 580 service_rs = msg->cprbx.ccp_rscode; 581 if ((service_rc == 8 && service_rs == 66) || 582 (service_rc == 8 && service_rs == 65) || 583 (service_rc == 8 && service_rs == 72) || 584 (service_rc == 8 && service_rs == 770) || 585 (service_rc == 12 && service_rs == 769)) { 586 ZCRYPT_DBF_WARN("%s dev=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n", 587 __func__, AP_QID_CARD(zq->queue->qid), 588 AP_QID_QUEUE(zq->queue->qid), 589 (int)service_rc, (int)service_rs); 590 return -EINVAL; 591 } 592 zq->online = 0; 593 pr_err("Crypto dev=%02x.%04x rc/rs=%d/%d online=0 rc=EAGAIN\n", 594 AP_QID_CARD(zq->queue->qid), 595 AP_QID_QUEUE(zq->queue->qid), 596 (int)service_rc, (int)service_rs); 597 ZCRYPT_DBF_ERR("%s dev=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n", 598 __func__, AP_QID_CARD(zq->queue->qid), 599 AP_QID_QUEUE(zq->queue->qid), 600 (int)service_rc, (int)service_rs); 601 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 602 return -EAGAIN; 603 } 604 data_len = msg->length - sizeof(msg->length); 605 if (data_len > outputdatalength) 606 return -EMSGSIZE; 607 608 /* Copy the crypto response to user space. */ 609 if (copy_to_user(outputdata, msg->data, data_len)) 610 return -EFAULT; 611 return 0; 612} 613 614/* 615 * Copy results from a type 86 XCRB reply message back to user space. 616 * 617 * @zq: crypto device pointer 618 * @reply: reply AP message. 619 * @xcrb: pointer to XCRB 620 * 621 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 622 */ 623static int convert_type86_xcrb(bool userspace, struct zcrypt_queue *zq, 624 struct ap_message *reply, 625 struct ica_xcRB *xcrb) 626{ 627 struct type86_fmt2_msg *msg = reply->msg; 628 char *data = reply->msg; 629 630 /* Copy CPRB to user */ 631 if (xcrb->reply_control_blk_length < msg->fmt2.count1) { 632 pr_debug("%s reply_control_blk_length %u < required %u => EMSGSIZE\n", 633 __func__, xcrb->reply_control_blk_length, 634 msg->fmt2.count1); 635 return -EMSGSIZE; 636 } 637 if (z_copy_to_user(userspace, xcrb->reply_control_blk_addr, 638 data + msg->fmt2.offset1, msg->fmt2.count1)) 639 return -EFAULT; 640 xcrb->reply_control_blk_length = msg->fmt2.count1; 641 642 /* Copy data buffer to user */ 643 if (msg->fmt2.count2) { 644 if (xcrb->reply_data_length < msg->fmt2.count2) { 645 pr_debug("%s reply_data_length %u < required %u => EMSGSIZE\n", 646 __func__, xcrb->reply_data_length, 647 msg->fmt2.count2); 648 return -EMSGSIZE; 649 } 650 if (z_copy_to_user(userspace, xcrb->reply_data_addr, 651 data + msg->fmt2.offset2, msg->fmt2.count2)) 652 return -EFAULT; 653 } 654 xcrb->reply_data_length = msg->fmt2.count2; 655 656 return 0; 657} 658 659/* 660 * Copy results from a type 86 EP11 XCRB reply message back to user space. 661 * 662 * @zq: crypto device pointer 663 * @reply: reply AP message. 664 * @xcrb: pointer to EP11 user request block 665 * 666 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. 667 */ 668static int convert_type86_ep11_xcrb(bool userspace, struct zcrypt_queue *zq, 669 struct ap_message *reply, 670 struct ep11_urb *xcrb) 671{ 672 struct type86_fmt2_msg *msg = reply->msg; 673 char *data = reply->msg; 674 675 if (xcrb->resp_len < msg->fmt2.count1) { 676 pr_debug("%s resp_len %u < required %u => EMSGSIZE\n", 677 __func__, (unsigned int)xcrb->resp_len, 678 msg->fmt2.count1); 679 return -EMSGSIZE; 680 } 681 682 /* Copy response CPRB to user */ 683 if (z_copy_to_user(userspace, (char __force __user *)xcrb->resp, 684 data + msg->fmt2.offset1, msg->fmt2.count1)) 685 return -EFAULT; 686 xcrb->resp_len = msg->fmt2.count1; 687 return 0; 688} 689 690static int convert_type86_rng(struct zcrypt_queue *zq, 691 struct ap_message *reply, 692 char *buffer) 693{ 694 struct { 695 struct type86_hdr hdr; 696 struct type86_fmt2_ext fmt2; 697 struct CPRBX cprbx; 698 } __packed * msg = reply->msg; 699 char *data = reply->msg; 700 701 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0) 702 return -EINVAL; 703 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2); 704 return msg->fmt2.count2; 705} 706 707static int convert_response_ica(struct zcrypt_queue *zq, 708 struct ap_message *reply, 709 char __user *outputdata, 710 unsigned int outputdatalength) 711{ 712 struct type86x_reply *msg = reply->msg; 713 714 switch (msg->hdr.type) { 715 case TYPE82_RSP_CODE: 716 case TYPE88_RSP_CODE: 717 return convert_error(zq, reply); 718 case TYPE86_RSP_CODE: 719 if (msg->cprbx.ccp_rtcode && 720 msg->cprbx.ccp_rscode == 0x14f && 721 outputdatalength > 256) { 722 if (zq->zcard->max_exp_bit_length <= 17) { 723 zq->zcard->max_exp_bit_length = 17; 724 return -EAGAIN; 725 } else { 726 return -EINVAL; 727 } 728 } 729 if (msg->hdr.reply_code) 730 return convert_error(zq, reply); 731 if (msg->cprbx.cprb_ver_id == 0x02) 732 return convert_type86_ica(zq, reply, 733 outputdata, outputdatalength); 734 fallthrough; /* wrong cprb version is an unknown response */ 735 default: 736 /* Unknown response type, this should NEVER EVER happen */ 737 zq->online = 0; 738 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 739 AP_QID_CARD(zq->queue->qid), 740 AP_QID_QUEUE(zq->queue->qid), 741 (int)msg->hdr.type); 742 ZCRYPT_DBF_ERR( 743 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 744 __func__, AP_QID_CARD(zq->queue->qid), 745 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 746 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 747 return -EAGAIN; 748 } 749} 750 751static int convert_response_xcrb(bool userspace, struct zcrypt_queue *zq, 752 struct ap_message *reply, 753 struct ica_xcRB *xcrb) 754{ 755 struct type86x_reply *msg = reply->msg; 756 757 switch (msg->hdr.type) { 758 case TYPE82_RSP_CODE: 759 case TYPE88_RSP_CODE: 760 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */ 761 return convert_error(zq, reply); 762 case TYPE86_RSP_CODE: 763 if (msg->hdr.reply_code) { 764 memcpy(&xcrb->status, msg->fmt2.apfs, sizeof(u32)); 765 return convert_error(zq, reply); 766 } 767 if (msg->cprbx.cprb_ver_id == 0x02) 768 return convert_type86_xcrb(userspace, zq, reply, xcrb); 769 fallthrough; /* wrong cprb version is an unknown response */ 770 default: /* Unknown response type, this should NEVER EVER happen */ 771 xcrb->status = 0x0008044DL; /* HDD_InvalidParm */ 772 zq->online = 0; 773 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 774 AP_QID_CARD(zq->queue->qid), 775 AP_QID_QUEUE(zq->queue->qid), 776 (int)msg->hdr.type); 777 ZCRYPT_DBF_ERR( 778 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 779 __func__, AP_QID_CARD(zq->queue->qid), 780 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 781 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 782 return -EAGAIN; 783 } 784} 785 786static int convert_response_ep11_xcrb(bool userspace, struct zcrypt_queue *zq, 787 struct ap_message *reply, struct ep11_urb *xcrb) 788{ 789 struct type86_ep11_reply *msg = reply->msg; 790 791 switch (msg->hdr.type) { 792 case TYPE82_RSP_CODE: 793 case TYPE87_RSP_CODE: 794 return convert_error(zq, reply); 795 case TYPE86_RSP_CODE: 796 if (msg->hdr.reply_code) 797 return convert_error(zq, reply); 798 if (msg->cprbx.cprb_ver_id == 0x04) 799 return convert_type86_ep11_xcrb(userspace, zq, reply, xcrb); 800 fallthrough; /* wrong cprb version is an unknown resp */ 801 default: /* Unknown response type, this should NEVER EVER happen */ 802 zq->online = 0; 803 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 804 AP_QID_CARD(zq->queue->qid), 805 AP_QID_QUEUE(zq->queue->qid), 806 (int)msg->hdr.type); 807 ZCRYPT_DBF_ERR( 808 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 809 __func__, AP_QID_CARD(zq->queue->qid), 810 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 811 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 812 return -EAGAIN; 813 } 814} 815 816static int convert_response_rng(struct zcrypt_queue *zq, 817 struct ap_message *reply, 818 char *data) 819{ 820 struct type86x_reply *msg = reply->msg; 821 822 switch (msg->hdr.type) { 823 case TYPE82_RSP_CODE: 824 case TYPE88_RSP_CODE: 825 return -EINVAL; 826 case TYPE86_RSP_CODE: 827 if (msg->hdr.reply_code) 828 return -EINVAL; 829 if (msg->cprbx.cprb_ver_id == 0x02) 830 return convert_type86_rng(zq, reply, data); 831 fallthrough; /* wrong cprb version is an unknown response */ 832 default: /* Unknown response type, this should NEVER EVER happen */ 833 zq->online = 0; 834 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 835 AP_QID_CARD(zq->queue->qid), 836 AP_QID_QUEUE(zq->queue->qid), 837 (int)msg->hdr.type); 838 ZCRYPT_DBF_ERR( 839 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n", 840 __func__, AP_QID_CARD(zq->queue->qid), 841 AP_QID_QUEUE(zq->queue->qid), (int)msg->hdr.type); 842 ap_send_online_uevent(&zq->queue->ap_dev, zq->online); 843 return -EAGAIN; 844 } 845} 846 847/* 848 * This function is called from the AP bus code after a crypto request 849 * "msg" has finished with the reply message "reply". 850 * It is called from tasklet context. 851 * @aq: pointer to the AP queue 852 * @msg: pointer to the AP message 853 * @reply: pointer to the AP reply message 854 */ 855static void zcrypt_msgtype6_receive(struct ap_queue *aq, 856 struct ap_message *msg, 857 struct ap_message *reply) 858{ 859 static struct error_hdr error_reply = { 860 .type = TYPE82_RSP_CODE, 861 .reply_code = REP82_ERROR_MACHINE_FAILURE, 862 }; 863 struct response_type *resp_type = msg->private; 864 struct type86x_reply *t86r; 865 int len; 866 867 /* Copy the reply message to the request message buffer. */ 868 if (!reply) 869 goto out; /* ap_msg->rc indicates the error */ 870 t86r = reply->msg; 871 if (t86r->hdr.type == TYPE86_RSP_CODE && 872 t86r->cprbx.cprb_ver_id == 0x02) { 873 switch (resp_type->type) { 874 case CEXXC_RESPONSE_TYPE_ICA: 875 len = sizeof(struct type86x_reply) + t86r->length; 876 if (len > reply->bufsize || len > msg->bufsize || 877 len != reply->len) { 878 pr_debug("%s len mismatch => EMSGSIZE\n", 879 __func__); 880 msg->rc = -EMSGSIZE; 881 goto out; 882 } 883 memcpy(msg->msg, reply->msg, len); 884 msg->len = len; 885 break; 886 case CEXXC_RESPONSE_TYPE_XCRB: 887 if (t86r->fmt2.count2) 888 len = t86r->fmt2.offset2 + t86r->fmt2.count2; 889 else 890 len = t86r->fmt2.offset1 + t86r->fmt2.count1; 891 if (len > reply->bufsize || len > msg->bufsize || 892 len != reply->len) { 893 pr_debug("%s len mismatch => EMSGSIZE\n", 894 __func__); 895 msg->rc = -EMSGSIZE; 896 goto out; 897 } 898 memcpy(msg->msg, reply->msg, len); 899 msg->len = len; 900 break; 901 default: 902 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 903 msg->len = sizeof(error_reply); 904 } 905 } else { 906 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 907 msg->len = sizeof(error_reply); 908 } 909out: 910 complete(&resp_type->work); 911} 912 913/* 914 * This function is called from the AP bus code after a crypto request 915 * "msg" has finished with the reply message "reply". 916 * It is called from tasklet context. 917 * @aq: pointer to the AP queue 918 * @msg: pointer to the AP message 919 * @reply: pointer to the AP reply message 920 */ 921static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq, 922 struct ap_message *msg, 923 struct ap_message *reply) 924{ 925 static struct error_hdr error_reply = { 926 .type = TYPE82_RSP_CODE, 927 .reply_code = REP82_ERROR_MACHINE_FAILURE, 928 }; 929 struct response_type *resp_type = msg->private; 930 struct type86_ep11_reply *t86r; 931 int len; 932 933 /* Copy the reply message to the request message buffer. */ 934 if (!reply) 935 goto out; /* ap_msg->rc indicates the error */ 936 t86r = reply->msg; 937 if (t86r->hdr.type == TYPE86_RSP_CODE && 938 t86r->cprbx.cprb_ver_id == 0x04) { 939 switch (resp_type->type) { 940 case CEXXC_RESPONSE_TYPE_EP11: 941 len = t86r->fmt2.offset1 + t86r->fmt2.count1; 942 if (len > reply->bufsize || len > msg->bufsize || 943 len != reply->len) { 944 pr_debug("%s len mismatch => EMSGSIZE\n", 945 __func__); 946 msg->rc = -EMSGSIZE; 947 goto out; 948 } 949 memcpy(msg->msg, reply->msg, len); 950 msg->len = len; 951 break; 952 default: 953 memcpy(msg->msg, &error_reply, sizeof(error_reply)); 954 msg->len = sizeof(error_reply); 955 } 956 } else { 957 memcpy(msg->msg, reply->msg, sizeof(error_reply)); 958 msg->len = sizeof(error_reply); 959 } 960out: 961 complete(&resp_type->work); 962} 963 964static atomic_t zcrypt_step = ATOMIC_INIT(0); 965 966/* 967 * The request distributor calls this function if it picked the CEXxC 968 * device to handle a modexpo request. 969 * @zq: pointer to zcrypt_queue structure that identifies the 970 * CEXxC device to the request distributor 971 * @mex: pointer to the modexpo request buffer 972 */ 973static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq, 974 struct ica_rsa_modexpo *mex, 975 struct ap_message *ap_msg) 976{ 977 struct response_type resp_type = { 978 .type = CEXXC_RESPONSE_TYPE_ICA, 979 }; 980 int rc; 981 982 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL); 983 if (!ap_msg->msg) 984 return -ENOMEM; 985 ap_msg->bufsize = PAGE_SIZE; 986 ap_msg->receive = zcrypt_msgtype6_receive; 987 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 988 atomic_inc_return(&zcrypt_step); 989 ap_msg->private = &resp_type; 990 rc = icamex_msg_to_type6mex_msgx(zq, ap_msg, mex); 991 if (rc) 992 goto out_free; 993 init_completion(&resp_type.work); 994 rc = ap_queue_message(zq->queue, ap_msg); 995 if (rc) 996 goto out_free; 997 rc = wait_for_completion_interruptible(&resp_type.work); 998 if (rc == 0) { 999 rc = ap_msg->rc; 1000 if (rc == 0) 1001 rc = convert_response_ica(zq, ap_msg, 1002 mex->outputdata, 1003 mex->outputdatalength); 1004 } else { 1005 /* Signal pending. */ 1006 ap_cancel_message(zq->queue, ap_msg); 1007 } 1008 1009out_free: 1010 free_page((unsigned long)ap_msg->msg); 1011 ap_msg->private = NULL; 1012 ap_msg->msg = NULL; 1013 return rc; 1014} 1015 1016/* 1017 * The request distributor calls this function if it picked the CEXxC 1018 * device to handle a modexpo_crt request. 1019 * @zq: pointer to zcrypt_queue structure that identifies the 1020 * CEXxC device to the request distributor 1021 * @crt: pointer to the modexpoc_crt request buffer 1022 */ 1023static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq, 1024 struct ica_rsa_modexpo_crt *crt, 1025 struct ap_message *ap_msg) 1026{ 1027 struct response_type resp_type = { 1028 .type = CEXXC_RESPONSE_TYPE_ICA, 1029 }; 1030 int rc; 1031 1032 ap_msg->msg = (void *)get_zeroed_page(GFP_KERNEL); 1033 if (!ap_msg->msg) 1034 return -ENOMEM; 1035 ap_msg->bufsize = PAGE_SIZE; 1036 ap_msg->receive = zcrypt_msgtype6_receive; 1037 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1038 atomic_inc_return(&zcrypt_step); 1039 ap_msg->private = &resp_type; 1040 rc = icacrt_msg_to_type6crt_msgx(zq, ap_msg, crt); 1041 if (rc) 1042 goto out_free; 1043 init_completion(&resp_type.work); 1044 rc = ap_queue_message(zq->queue, ap_msg); 1045 if (rc) 1046 goto out_free; 1047 rc = wait_for_completion_interruptible(&resp_type.work); 1048 if (rc == 0) { 1049 rc = ap_msg->rc; 1050 if (rc == 0) 1051 rc = convert_response_ica(zq, ap_msg, 1052 crt->outputdata, 1053 crt->outputdatalength); 1054 } else { 1055 /* Signal pending. */ 1056 ap_cancel_message(zq->queue, ap_msg); 1057 } 1058 1059out_free: 1060 free_page((unsigned long)ap_msg->msg); 1061 ap_msg->private = NULL; 1062 ap_msg->msg = NULL; 1063 return rc; 1064} 1065 1066/* 1067 * Prepare a CCA AP msg request. 1068 * Prepare a CCA AP msg: fetch the required data from userspace, 1069 * prepare the AP msg, fill some info into the ap_message struct, 1070 * extract some data from the CPRB and give back to the caller. 1071 * This function allocates memory and needs an ap_msg prepared 1072 * by the caller with ap_init_message(). Also the caller has to 1073 * make sure ap_release_message() is always called even on failure. 1074 */ 1075int prep_cca_ap_msg(bool userspace, struct ica_xcRB *xcrb, 1076 struct ap_message *ap_msg, 1077 unsigned int *func_code, unsigned short **dom) 1078{ 1079 struct response_type resp_type = { 1080 .type = CEXXC_RESPONSE_TYPE_XCRB, 1081 }; 1082 1083 ap_msg->bufsize = atomic_read(&ap_max_msg_size); 1084 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1085 if (!ap_msg->msg) 1086 return -ENOMEM; 1087 ap_msg->receive = zcrypt_msgtype6_receive; 1088 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1089 atomic_inc_return(&zcrypt_step); 1090 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1091 if (!ap_msg->private) 1092 return -ENOMEM; 1093 return xcrb_msg_to_type6cprb_msgx(userspace, ap_msg, xcrb, func_code, dom); 1094} 1095 1096/* 1097 * The request distributor calls this function if it picked the CEXxC 1098 * device to handle a send_cprb request. 1099 * @zq: pointer to zcrypt_queue structure that identifies the 1100 * CEXxC device to the request distributor 1101 * @xcrb: pointer to the send_cprb request buffer 1102 */ 1103static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq, 1104 struct ica_xcRB *xcrb, 1105 struct ap_message *ap_msg) 1106{ 1107 struct response_type *rtype = ap_msg->private; 1108 struct { 1109 struct type6_hdr hdr; 1110 struct CPRBX cprbx; 1111 /* ... more data blocks ... */ 1112 } __packed * msg = ap_msg->msg; 1113 unsigned int max_payload_size; 1114 int rc, delta; 1115 1116 /* calculate maximum payload for this card and msg type */ 1117 max_payload_size = zq->reply.bufsize - sizeof(struct type86_fmt2_msg); 1118 1119 /* limit each of the two from fields to the maximum payload size */ 1120 msg->hdr.fromcardlen1 = min(msg->hdr.fromcardlen1, max_payload_size); 1121 msg->hdr.fromcardlen2 = min(msg->hdr.fromcardlen2, max_payload_size); 1122 1123 /* calculate delta if the sum of both exceeds max payload size */ 1124 delta = msg->hdr.fromcardlen1 + msg->hdr.fromcardlen2 1125 - max_payload_size; 1126 if (delta > 0) { 1127 /* 1128 * Sum exceeds maximum payload size, prune fromcardlen1 1129 * (always trust fromcardlen2) 1130 */ 1131 if (delta > msg->hdr.fromcardlen1) { 1132 rc = -EINVAL; 1133 goto out; 1134 } 1135 msg->hdr.fromcardlen1 -= delta; 1136 } 1137 1138 init_completion(&rtype->work); 1139 rc = ap_queue_message(zq->queue, ap_msg); 1140 if (rc) 1141 goto out; 1142 rc = wait_for_completion_interruptible(&rtype->work); 1143 if (rc == 0) { 1144 rc = ap_msg->rc; 1145 if (rc == 0) 1146 rc = convert_response_xcrb(userspace, zq, ap_msg, xcrb); 1147 } else { 1148 /* Signal pending. */ 1149 ap_cancel_message(zq->queue, ap_msg); 1150 } 1151 1152 if (rc == -EAGAIN && ap_msg->flags & AP_MSG_FLAG_ADMIN) 1153 rc = -EIO; /* do not retry administrative requests */ 1154 1155out: 1156 if (rc) 1157 pr_debug("%s send cprb at dev=%02x.%04x rc=%d\n", 1158 __func__, AP_QID_CARD(zq->queue->qid), 1159 AP_QID_QUEUE(zq->queue->qid), rc); 1160 return rc; 1161} 1162 1163/* 1164 * Prepare an EP11 AP msg request. 1165 * Prepare an EP11 AP msg: fetch the required data from userspace, 1166 * prepare the AP msg, fill some info into the ap_message struct, 1167 * extract some data from the CPRB and give back to the caller. 1168 * This function allocates memory and needs an ap_msg prepared 1169 * by the caller with ap_init_message(). Also the caller has to 1170 * make sure ap_release_message() is always called even on failure. 1171 */ 1172int prep_ep11_ap_msg(bool userspace, struct ep11_urb *xcrb, 1173 struct ap_message *ap_msg, 1174 unsigned int *func_code, unsigned int *domain) 1175{ 1176 struct response_type resp_type = { 1177 .type = CEXXC_RESPONSE_TYPE_EP11, 1178 }; 1179 1180 ap_msg->bufsize = atomic_read(&ap_max_msg_size); 1181 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1182 if (!ap_msg->msg) 1183 return -ENOMEM; 1184 ap_msg->receive = zcrypt_msgtype6_receive_ep11; 1185 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1186 atomic_inc_return(&zcrypt_step); 1187 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1188 if (!ap_msg->private) 1189 return -ENOMEM; 1190 return xcrb_msg_to_type6_ep11cprb_msgx(userspace, ap_msg, xcrb, 1191 func_code, domain); 1192} 1193 1194/* 1195 * The request distributor calls this function if it picked the CEX4P 1196 * device to handle a send_ep11_cprb request. 1197 * @zq: pointer to zcrypt_queue structure that identifies the 1198 * CEX4P device to the request distributor 1199 * @xcrb: pointer to the ep11 user request block 1200 */ 1201static long zcrypt_msgtype6_send_ep11_cprb(bool userspace, struct zcrypt_queue *zq, 1202 struct ep11_urb *xcrb, 1203 struct ap_message *ap_msg) 1204{ 1205 int rc; 1206 unsigned int lfmt; 1207 struct response_type *rtype = ap_msg->private; 1208 struct { 1209 struct type6_hdr hdr; 1210 struct ep11_cprb cprbx; 1211 unsigned char pld_tag; /* fixed value 0x30 */ 1212 unsigned char pld_lenfmt; /* payload length format */ 1213 } __packed * msg = ap_msg->msg; 1214 struct pld_hdr { 1215 unsigned char func_tag; /* fixed value 0x4 */ 1216 unsigned char func_len; /* fixed value 0x4 */ 1217 unsigned int func_val; /* function ID */ 1218 unsigned char dom_tag; /* fixed value 0x4 */ 1219 unsigned char dom_len; /* fixed value 0x4 */ 1220 unsigned int dom_val; /* domain id */ 1221 } __packed * payload_hdr = NULL; 1222 1223 /* 1224 * The target domain field within the cprb body/payload block will be 1225 * replaced by the usage domain for non-management commands only. 1226 * Therefore we check the first bit of the 'flags' parameter for 1227 * management command indication. 1228 * 0 - non management command 1229 * 1 - management command 1230 */ 1231 if (!((msg->cprbx.flags & 0x80) == 0x80)) { 1232 msg->cprbx.target_id = (unsigned int) 1233 AP_QID_QUEUE(zq->queue->qid); 1234 1235 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/ 1236 switch (msg->pld_lenfmt & 0x03) { 1237 case 1: 1238 lfmt = 2; 1239 break; 1240 case 2: 1241 lfmt = 3; 1242 break; 1243 default: 1244 return -EINVAL; 1245 } 1246 } else { 1247 lfmt = 1; /* length format #1 */ 1248 } 1249 payload_hdr = (struct pld_hdr *)((&msg->pld_lenfmt) + lfmt); 1250 payload_hdr->dom_val = (unsigned int) 1251 AP_QID_QUEUE(zq->queue->qid); 1252 } 1253 1254 /* 1255 * Set the queue's reply buffer length minus the two prepend headers 1256 * as reply limit for the card firmware. 1257 */ 1258 msg->hdr.fromcardlen1 = zq->reply.bufsize - 1259 sizeof(struct type86_hdr) - sizeof(struct type86_fmt2_ext); 1260 1261 init_completion(&rtype->work); 1262 rc = ap_queue_message(zq->queue, ap_msg); 1263 if (rc) 1264 goto out; 1265 rc = wait_for_completion_interruptible(&rtype->work); 1266 if (rc == 0) { 1267 rc = ap_msg->rc; 1268 if (rc == 0) 1269 rc = convert_response_ep11_xcrb(userspace, zq, ap_msg, xcrb); 1270 } else { 1271 /* Signal pending. */ 1272 ap_cancel_message(zq->queue, ap_msg); 1273 } 1274 1275 if (rc == -EAGAIN && ap_msg->flags & AP_MSG_FLAG_ADMIN) 1276 rc = -EIO; /* do not retry administrative requests */ 1277 1278out: 1279 if (rc) 1280 pr_debug("%s send cprb at dev=%02x.%04x rc=%d\n", 1281 __func__, AP_QID_CARD(zq->queue->qid), 1282 AP_QID_QUEUE(zq->queue->qid), rc); 1283 return rc; 1284} 1285 1286int prep_rng_ap_msg(struct ap_message *ap_msg, int *func_code, 1287 unsigned int *domain) 1288{ 1289 struct response_type resp_type = { 1290 .type = CEXXC_RESPONSE_TYPE_XCRB, 1291 }; 1292 1293 ap_msg->bufsize = AP_DEFAULT_MAX_MSG_SIZE; 1294 ap_msg->msg = kmalloc(ap_msg->bufsize, GFP_KERNEL); 1295 if (!ap_msg->msg) 1296 return -ENOMEM; 1297 ap_msg->receive = zcrypt_msgtype6_receive; 1298 ap_msg->psmid = (((unsigned long)current->pid) << 32) + 1299 atomic_inc_return(&zcrypt_step); 1300 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL); 1301 if (!ap_msg->private) 1302 return -ENOMEM; 1303 1304 rng_type6cprb_msgx(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain); 1305 1306 *func_code = HWRNG; 1307 return 0; 1308} 1309 1310/* 1311 * The request distributor calls this function if it picked the CEXxC 1312 * device to generate random data. 1313 * @zq: pointer to zcrypt_queue structure that identifies the 1314 * CEXxC device to the request distributor 1315 * @buffer: pointer to a memory page to return random data 1316 */ 1317static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq, 1318 char *buffer, struct ap_message *ap_msg) 1319{ 1320 struct { 1321 struct type6_hdr hdr; 1322 struct CPRBX cprbx; 1323 char function_code[2]; 1324 short int rule_length; 1325 char rule[8]; 1326 short int verb_length; 1327 short int key_length; 1328 } __packed * msg = ap_msg->msg; 1329 struct response_type *rtype = ap_msg->private; 1330 int rc; 1331 1332 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid); 1333 1334 init_completion(&rtype->work); 1335 rc = ap_queue_message(zq->queue, ap_msg); 1336 if (rc) 1337 goto out; 1338 rc = wait_for_completion_interruptible(&rtype->work); 1339 if (rc == 0) { 1340 rc = ap_msg->rc; 1341 if (rc == 0) 1342 rc = convert_response_rng(zq, ap_msg, buffer); 1343 } else { 1344 /* Signal pending. */ 1345 ap_cancel_message(zq->queue, ap_msg); 1346 } 1347out: 1348 return rc; 1349} 1350 1351/* 1352 * The crypto operations for a CEXxC card. 1353 */ 1354 1355static struct zcrypt_ops zcrypt_msgtype6_ops = { 1356 .owner = THIS_MODULE, 1357 .name = MSGTYPE06_NAME, 1358 .variant = MSGTYPE06_VARIANT_DEFAULT, 1359 .rsa_modexpo = zcrypt_msgtype6_modexpo, 1360 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt, 1361 .send_cprb = zcrypt_msgtype6_send_cprb, 1362 .rng = zcrypt_msgtype6_rng, 1363}; 1364 1365static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = { 1366 .owner = THIS_MODULE, 1367 .name = MSGTYPE06_NAME, 1368 .variant = MSGTYPE06_VARIANT_EP11, 1369 .rsa_modexpo = NULL, 1370 .rsa_modexpo_crt = NULL, 1371 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb, 1372}; 1373 1374void __init zcrypt_msgtype6_init(void) 1375{ 1376 zcrypt_msgtype_register(&zcrypt_msgtype6_ops); 1377 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops); 1378} 1379 1380void __exit zcrypt_msgtype6_exit(void) 1381{ 1382 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops); 1383 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops); 1384} 1385