1/*
2 *  zcrypt 2.1.0
3 *
4 *  Copyright IBM Corp. 2001, 2006
5 *  Author(s): Robert Burroughs
6 *	       Eric Rossman (edrossma@us.ibm.com)
7 *
8 *  Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
9 *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
10 *				  Ralph Wuerthner <rwuerthn@de.ibm.com>
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2, or (at your option)
15 * any later version.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 */
26
27#define KMSG_COMPONENT "zcrypt"
28#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
29
30#include <linux/module.h>
31#include <linux/init.h>
32#include <linux/gfp.h>
33#include <linux/err.h>
34#include <linux/atomic.h>
35#include <asm/uaccess.h>
36
37#include "ap_bus.h"
38#include "zcrypt_api.h"
39#include "zcrypt_error.h"
40#include "zcrypt_pcicc.h"
41#include "zcrypt_cca_key.h"
42
43#define PCICC_MIN_MOD_SIZE	 64	/*  512 bits */
44#define PCICC_MAX_MOD_SIZE_OLD	128	/* 1024 bits */
45#define PCICC_MAX_MOD_SIZE	256	/* 2048 bits */
46
47/*
48 * PCICC cards need a speed rating of 0. This keeps them at the end of
49 * the zcrypt device list (see zcrypt_api.c). PCICC cards are only
50 * used if no other cards are present because they are slow and can only
51 * cope with PKCS12 padded requests. The logic is queer. PKCS11 padded
52 * requests are rejected. The modexpo function encrypts PKCS12 padded data
53 * and decrypts any non-PKCS12 padded data (except PKCS11) in the assumption
54 * that it's encrypted PKCS12 data. The modexpo_crt function always decrypts
55 * the data in the assumption that its PKCS12 encrypted data.
56 */
57#define PCICC_SPEED_RATING	0
58
59#define PCICC_MAX_MESSAGE_SIZE 0x710	/* max size type6 v1 crt message */
60#define PCICC_MAX_RESPONSE_SIZE 0x710	/* max size type86 v1 reply	 */
61
62#define PCICC_CLEANUP_TIME	(15*HZ)
63
64static struct ap_device_id zcrypt_pcicc_ids[] = {
65	{ AP_DEVICE(AP_DEVICE_TYPE_PCICC) },
66	{ /* end of list */ },
67};
68
69MODULE_DEVICE_TABLE(ap, zcrypt_pcicc_ids);
70MODULE_AUTHOR("IBM Corporation");
71MODULE_DESCRIPTION("PCICC Cryptographic Coprocessor device driver, "
72		   "Copyright IBM Corp. 2001, 2006");
73MODULE_LICENSE("GPL");
74
75static int zcrypt_pcicc_probe(struct ap_device *ap_dev);
76static void zcrypt_pcicc_remove(struct ap_device *ap_dev);
77static void zcrypt_pcicc_receive(struct ap_device *, struct ap_message *,
78				 struct ap_message *);
79
80static struct ap_driver zcrypt_pcicc_driver = {
81	.probe = zcrypt_pcicc_probe,
82	.remove = zcrypt_pcicc_remove,
83	.ids = zcrypt_pcicc_ids,
84	.request_timeout = PCICC_CLEANUP_TIME,
85};
86
87/**
88 * The following is used to initialize the CPRB passed to the PCICC card
89 * in a type6 message. The 3 fields that must be filled in at execution
90 * time are  req_parml, rpl_parml and usage_domain. Note that all three
91 * fields are *little*-endian. Actually, everything about this interface
92 * is ascii/little-endian, since the device has 'Intel inside'.
93 *
94 * The CPRB is followed immediately by the parm block.
95 * The parm block contains:
96 * - function code ('PD' 0x5044 or 'PK' 0x504B)
97 * - rule block (0x0A00 'PKCS-1.2' or 0x0A00 'ZERO-PAD')
98 * - VUD block
99 */
100static struct CPRB static_cprb = {
101	.cprb_len	= __constant_cpu_to_le16(0x0070),
102	.cprb_ver_id	=  0x41,
103	.func_id	= {0x54,0x32},
104	.checkpoint_flag=  0x01,
105	.svr_namel	= __constant_cpu_to_le16(0x0008),
106	.svr_name	= {'I','C','S','F',' ',' ',' ',' '}
107};
108
109/**
110 * Check the message for PKCS11 padding.
111 */
112static inline int is_PKCS11_padded(unsigned char *buffer, int length)
113{
114	int i;
115	if ((buffer[0] != 0x00) || (buffer[1] != 0x01))
116		return 0;
117	for (i = 2; i < length; i++)
118		if (buffer[i] != 0xFF)
119			break;
120	if (i < 10 || i == length)
121		return 0;
122	if (buffer[i] != 0x00)
123		return 0;
124	return 1;
125}
126
127/**
128 * Check the message for PKCS12 padding.
129 */
130static inline int is_PKCS12_padded(unsigned char *buffer, int length)
131{
132	int i;
133	if ((buffer[0] != 0x00) || (buffer[1] != 0x02))
134		return 0;
135	for (i = 2; i < length; i++)
136		if (buffer[i] == 0x00)
137			break;
138	if ((i < 10) || (i == length))
139		return 0;
140	if (buffer[i] != 0x00)
141		return 0;
142	return 1;
143}
144
145/**
146 * Convert a ICAMEX message to a type6 MEX message.
147 *
148 * @zdev: crypto device pointer
149 * @zreq: crypto request pointer
150 * @mex: pointer to user input data
151 *
152 * Returns 0 on success or -EFAULT.
153 */
154static int ICAMEX_msg_to_type6MEX_msg(struct zcrypt_device *zdev,
155				      struct ap_message *ap_msg,
156				      struct ica_rsa_modexpo *mex)
157{
158	static struct type6_hdr static_type6_hdr = {
159		.type		=  0x06,
160		.offset1	=  0x00000058,
161		.agent_id	= {0x01,0x00,0x43,0x43,0x41,0x2D,0x41,0x50,
162				   0x50,0x4C,0x20,0x20,0x20,0x01,0x01,0x01},
163		.function_code	= {'P','K'},
164	};
165	static struct function_and_rules_block static_pke_function_and_rules ={
166		.function_code	= {'P','K'},
167		.ulen		= __constant_cpu_to_le16(10),
168		.only_rule	= {'P','K','C','S','-','1','.','2'}
169	};
170	struct {
171		struct type6_hdr hdr;
172		struct CPRB cprb;
173		struct function_and_rules_block fr;
174		unsigned short length;
175		char text[0];
176	} __attribute__((packed)) *msg = ap_msg->message;
177	int vud_len, pad_len, size;
178
179	/* VUD.ciphertext */
180	if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
181		return -EFAULT;
182
183	if (is_PKCS11_padded(msg->text, mex->inputdatalength))
184		return -EINVAL;
185
186	/* static message header and f&r */
187	msg->hdr = static_type6_hdr;
188	msg->fr = static_pke_function_and_rules;
189
190	if (is_PKCS12_padded(msg->text, mex->inputdatalength)) {
191		/* strip the padding and adjust the data length */
192		pad_len = strnlen(msg->text + 2, mex->inputdatalength - 2) + 3;
193		if (pad_len <= 9 || pad_len >= mex->inputdatalength)
194			return -ENODEV;
195		vud_len = mex->inputdatalength - pad_len;
196		memmove(msg->text, msg->text + pad_len, vud_len);
197		msg->length = cpu_to_le16(vud_len + 2);
198
199		/* Set up key after the variable length text. */
200		size = zcrypt_type6_mex_key_en(mex, msg->text + vud_len, 0);
201		if (size < 0)
202			return size;
203		size += sizeof(*msg) + vud_len;	/* total size of msg */
204	} else {
205		vud_len = mex->inputdatalength;
206		msg->length = cpu_to_le16(2 + vud_len);
207
208		msg->hdr.function_code[1] = 'D';
209		msg->fr.function_code[1] = 'D';
210
211		/* Set up key after the variable length text. */
212		size = zcrypt_type6_mex_key_de(mex, msg->text + vud_len, 0);
213		if (size < 0)
214			return size;
215		size += sizeof(*msg) + vud_len;	/* total size of msg */
216	}
217
218	/* message header, cprb and f&r */
219	msg->hdr.ToCardLen1 = (size - sizeof(msg->hdr) + 3) & -4;
220	msg->hdr.FromCardLen1 = PCICC_MAX_RESPONSE_SIZE - sizeof(msg->hdr);
221
222	msg->cprb = static_cprb;
223	msg->cprb.usage_domain[0]= AP_QID_QUEUE(zdev->ap_dev->qid);
224	msg->cprb.req_parml = cpu_to_le16(size - sizeof(msg->hdr) -
225					   sizeof(msg->cprb));
226	msg->cprb.rpl_parml = cpu_to_le16(msg->hdr.FromCardLen1);
227
228	ap_msg->length = (size + 3) & -4;
229	return 0;
230}
231
232/**
233 * Convert a ICACRT message to a type6 CRT message.
234 *
235 * @zdev: crypto device pointer
236 * @zreq: crypto request pointer
237 * @crt: pointer to user input data
238 *
239 * Returns 0 on success or -EFAULT.
240 */
241static int ICACRT_msg_to_type6CRT_msg(struct zcrypt_device *zdev,
242				      struct ap_message *ap_msg,
243				      struct ica_rsa_modexpo_crt *crt)
244{
245	static struct type6_hdr static_type6_hdr = {
246		.type		=  0x06,
247		.offset1	=  0x00000058,
248		.agent_id	= {0x01,0x00,0x43,0x43,0x41,0x2D,0x41,0x50,
249				   0x50,0x4C,0x20,0x20,0x20,0x01,0x01,0x01},
250		.function_code	= {'P','D'},
251	};
252	static struct function_and_rules_block static_pkd_function_and_rules ={
253		.function_code	= {'P','D'},
254		.ulen		= __constant_cpu_to_le16(10),
255		.only_rule	= {'P','K','C','S','-','1','.','2'}
256	};
257	struct {
258		struct type6_hdr hdr;
259		struct CPRB cprb;
260		struct function_and_rules_block fr;
261		unsigned short length;
262		char text[0];
263	} __attribute__((packed)) *msg = ap_msg->message;
264	int size;
265
266	/* VUD.ciphertext */
267	msg->length = cpu_to_le16(2 + crt->inputdatalength);
268	if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
269		return -EFAULT;
270
271	if (is_PKCS11_padded(msg->text, crt->inputdatalength))
272		return -EINVAL;
273
274	/* Set up key after the variable length text. */
275	size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength, 0);
276	if (size < 0)
277		return size;
278	size += sizeof(*msg) + crt->inputdatalength;	/* total size of msg */
279
280	/* message header, cprb and f&r */
281	msg->hdr = static_type6_hdr;
282	msg->hdr.ToCardLen1 = (size -  sizeof(msg->hdr) + 3) & -4;
283	msg->hdr.FromCardLen1 = PCICC_MAX_RESPONSE_SIZE - sizeof(msg->hdr);
284
285	msg->cprb = static_cprb;
286	msg->cprb.usage_domain[0] = AP_QID_QUEUE(zdev->ap_dev->qid);
287	msg->cprb.req_parml = msg->cprb.rpl_parml =
288		cpu_to_le16(size - sizeof(msg->hdr) - sizeof(msg->cprb));
289
290	msg->fr = static_pkd_function_and_rules;
291
292	ap_msg->length = (size + 3) & -4;
293	return 0;
294}
295
296/**
297 * Copy results from a type 86 reply message back to user space.
298 *
299 * @zdev: crypto device pointer
300 * @reply: reply AP message.
301 * @data: pointer to user output data
302 * @length: size of user output data
303 *
304 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
305 */
306struct type86_reply {
307	struct type86_hdr hdr;
308	struct type86_fmt2_ext fmt2;
309	struct CPRB cprb;
310	unsigned char pad[4];	/* 4 byte function code/rules block ? */
311	unsigned short length;
312	char text[0];
313} __attribute__((packed));
314
315static int convert_type86(struct zcrypt_device *zdev,
316			  struct ap_message *reply,
317			  char __user *outputdata,
318			  unsigned int outputdatalength)
319{
320	static unsigned char static_pad[] = {
321		0x00,0x02,
322		0x1B,0x7B,0x5D,0xB5,0x75,0x01,0x3D,0xFD,
323		0x8D,0xD1,0xC7,0x03,0x2D,0x09,0x23,0x57,
324		0x89,0x49,0xB9,0x3F,0xBB,0x99,0x41,0x5B,
325		0x75,0x21,0x7B,0x9D,0x3B,0x6B,0x51,0x39,
326		0xBB,0x0D,0x35,0xB9,0x89,0x0F,0x93,0xA5,
327		0x0B,0x47,0xF1,0xD3,0xBB,0xCB,0xF1,0x9D,
328		0x23,0x73,0x71,0xFF,0xF3,0xF5,0x45,0xFB,
329		0x61,0x29,0x23,0xFD,0xF1,0x29,0x3F,0x7F,
330		0x17,0xB7,0x1B,0xA9,0x19,0xBD,0x57,0xA9,
331		0xD7,0x95,0xA3,0xCB,0xED,0x1D,0xDB,0x45,
332		0x7D,0x11,0xD1,0x51,0x1B,0xED,0x71,0xE9,
333		0xB1,0xD1,0xAB,0xAB,0x21,0x2B,0x1B,0x9F,
334		0x3B,0x9F,0xF7,0xF7,0xBD,0x63,0xEB,0xAD,
335		0xDF,0xB3,0x6F,0x5B,0xDB,0x8D,0xA9,0x5D,
336		0xE3,0x7D,0x77,0x49,0x47,0xF5,0xA7,0xFD,
337		0xAB,0x2F,0x27,0x35,0x77,0xD3,0x49,0xC9,
338		0x09,0xEB,0xB1,0xF9,0xBF,0x4B,0xCB,0x2B,
339		0xEB,0xEB,0x05,0xFF,0x7D,0xC7,0x91,0x8B,
340		0x09,0x83,0xB9,0xB9,0x69,0x33,0x39,0x6B,
341		0x79,0x75,0x19,0xBF,0xBB,0x07,0x1D,0xBD,
342		0x29,0xBF,0x39,0x95,0x93,0x1D,0x35,0xC7,
343		0xC9,0x4D,0xE5,0x97,0x0B,0x43,0x9B,0xF1,
344		0x16,0x93,0x03,0x1F,0xA5,0xFB,0xDB,0xF3,
345		0x27,0x4F,0x27,0x61,0x05,0x1F,0xB9,0x23,
346		0x2F,0xC3,0x81,0xA9,0x23,0x71,0x55,0x55,
347		0xEB,0xED,0x41,0xE5,0xF3,0x11,0xF1,0x43,
348		0x69,0x03,0xBD,0x0B,0x37,0x0F,0x51,0x8F,
349		0x0B,0xB5,0x89,0x5B,0x67,0xA9,0xD9,0x4F,
350		0x01,0xF9,0x21,0x77,0x37,0x73,0x79,0xC5,
351		0x7F,0x51,0xC1,0xCF,0x97,0xA1,0x75,0xAD,
352		0x35,0x9D,0xD3,0xD3,0xA7,0x9D,0x5D,0x41,
353		0x6F,0x65,0x1B,0xCF,0xA9,0x87,0x91,0x09
354	};
355	struct type86_reply *msg = reply->message;
356	unsigned short service_rc, service_rs;
357	unsigned int reply_len, pad_len;
358	char *data;
359
360	service_rc = le16_to_cpu(msg->cprb.ccp_rtcode);
361	if (unlikely(service_rc != 0)) {
362		service_rs = le16_to_cpu(msg->cprb.ccp_rscode);
363		if (service_rc == 8 && service_rs == 66)
364			return -EINVAL;
365		if (service_rc == 8 && service_rs == 65)
366			return -EINVAL;
367		if (service_rc == 8 && service_rs == 770) {
368			zdev->max_mod_size = PCICC_MAX_MOD_SIZE_OLD;
369			return -EAGAIN;
370		}
371		if (service_rc == 8 && service_rs == 783) {
372			zdev->max_mod_size = PCICC_MAX_MOD_SIZE_OLD;
373			return -EAGAIN;
374		}
375		if (service_rc == 8 && service_rs == 72)
376			return -EINVAL;
377		zdev->online = 0;
378		pr_err("Cryptographic device %x failed and was set offline\n",
379		       zdev->ap_dev->qid);
380		ZCRYPT_DBF_DEV(DBF_ERR, zdev, "dev%04xo%drc%d",
381			       zdev->ap_dev->qid, zdev->online,
382			       msg->hdr.reply_code);
383		return -EAGAIN;	/* repeat the request on a different device. */
384	}
385	data = msg->text;
386	reply_len = le16_to_cpu(msg->length) - 2;
387	if (reply_len > outputdatalength)
388		return -EINVAL;
389	/*
390	 * For all encipher requests, the length of the ciphertext (reply_len)
391	 * will always equal the modulus length. For MEX decipher requests
392	 * the output needs to get padded. Minimum pad size is 10.
393	 *
394	 * Currently, the cases where padding will be added is for:
395	 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
396	 *   ZERO-PAD and CRT is only supported for PKD requests)
397	 * - PCICC, always
398	 */
399	pad_len = outputdatalength - reply_len;
400	if (pad_len > 0) {
401		if (pad_len < 10)
402			return -EINVAL;
403		/* 'restore' padding left in the PCICC/PCIXCC card. */
404		if (copy_to_user(outputdata, static_pad, pad_len - 1))
405			return -EFAULT;
406		if (put_user(0, outputdata + pad_len - 1))
407			return -EFAULT;
408	}
409	/* Copy the crypto response to user space. */
410	if (copy_to_user(outputdata + pad_len, data, reply_len))
411		return -EFAULT;
412	return 0;
413}
414
415static int convert_response(struct zcrypt_device *zdev,
416			    struct ap_message *reply,
417			    char __user *outputdata,
418			    unsigned int outputdatalength)
419{
420	struct type86_reply *msg = reply->message;
421
422	/* Response type byte is the second byte in the response. */
423	switch (msg->hdr.type) {
424	case TYPE82_RSP_CODE:
425	case TYPE88_RSP_CODE:
426		return convert_error(zdev, reply);
427	case TYPE86_RSP_CODE:
428		if (msg->hdr.reply_code)
429			return convert_error(zdev, reply);
430		if (msg->cprb.cprb_ver_id == 0x01)
431			return convert_type86(zdev, reply,
432					      outputdata, outputdatalength);
433		/* no break, incorrect cprb version is an unknown response */
434	default: /* Unknown response type, this should NEVER EVER happen */
435		zdev->online = 0;
436		pr_err("Cryptographic device %x failed and was set offline\n",
437		       zdev->ap_dev->qid);
438		ZCRYPT_DBF_DEV(DBF_ERR, zdev, "dev%04xo%dfail",
439			       zdev->ap_dev->qid, zdev->online);
440		return -EAGAIN;	/* repeat the request on a different device. */
441	}
442}
443
444/**
445 * This function is called from the AP bus code after a crypto request
446 * "msg" has finished with the reply message "reply".
447 * It is called from tasklet context.
448 * @ap_dev: pointer to the AP device
449 * @msg: pointer to the AP message
450 * @reply: pointer to the AP reply message
451 */
452static void zcrypt_pcicc_receive(struct ap_device *ap_dev,
453				 struct ap_message *msg,
454				 struct ap_message *reply)
455{
456	static struct error_hdr error_reply = {
457		.type = TYPE82_RSP_CODE,
458		.reply_code = REP82_ERROR_MACHINE_FAILURE,
459	};
460	struct type86_reply *t86r;
461	int length;
462
463	/* Copy the reply message to the request message buffer. */
464	if (IS_ERR(reply)) {
465		memcpy(msg->message, &error_reply, sizeof(error_reply));
466		goto out;
467	}
468	t86r = reply->message;
469	if (t86r->hdr.type == TYPE86_RSP_CODE &&
470		 t86r->cprb.cprb_ver_id == 0x01) {
471		length = sizeof(struct type86_reply) + t86r->length - 2;
472		length = min(PCICC_MAX_RESPONSE_SIZE, length);
473		memcpy(msg->message, reply->message, length);
474	} else
475		memcpy(msg->message, reply->message, sizeof error_reply);
476out:
477	complete((struct completion *) msg->private);
478}
479
480static atomic_t zcrypt_step = ATOMIC_INIT(0);
481
482/**
483 * The request distributor calls this function if it picked the PCICC
484 * device to handle a modexpo request.
485 * @zdev: pointer to zcrypt_device structure that identifies the
486 *	  PCICC device to the request distributor
487 * @mex: pointer to the modexpo request buffer
488 */
489static long zcrypt_pcicc_modexpo(struct zcrypt_device *zdev,
490				 struct ica_rsa_modexpo *mex)
491{
492	struct ap_message ap_msg;
493	struct completion work;
494	int rc;
495
496	ap_init_message(&ap_msg);
497	ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
498	if (!ap_msg.message)
499		return -ENOMEM;
500	ap_msg.receive = zcrypt_pcicc_receive;
501	ap_msg.length = PAGE_SIZE;
502	ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
503				atomic_inc_return(&zcrypt_step);
504	ap_msg.private = &work;
505	rc = ICAMEX_msg_to_type6MEX_msg(zdev, &ap_msg, mex);
506	if (rc)
507		goto out_free;
508	init_completion(&work);
509	ap_queue_message(zdev->ap_dev, &ap_msg);
510	rc = wait_for_completion_interruptible(&work);
511	if (rc == 0)
512		rc = convert_response(zdev, &ap_msg, mex->outputdata,
513				      mex->outputdatalength);
514	else
515		/* Signal pending. */
516		ap_cancel_message(zdev->ap_dev, &ap_msg);
517out_free:
518	free_page((unsigned long) ap_msg.message);
519	return rc;
520}
521
522/**
523 * The request distributor calls this function if it picked the PCICC
524 * device to handle a modexpo_crt request.
525 * @zdev: pointer to zcrypt_device structure that identifies the
526 *	  PCICC device to the request distributor
527 * @crt: pointer to the modexpoc_crt request buffer
528 */
529static long zcrypt_pcicc_modexpo_crt(struct zcrypt_device *zdev,
530				     struct ica_rsa_modexpo_crt *crt)
531{
532	struct ap_message ap_msg;
533	struct completion work;
534	int rc;
535
536	ap_init_message(&ap_msg);
537	ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
538	if (!ap_msg.message)
539		return -ENOMEM;
540	ap_msg.receive = zcrypt_pcicc_receive;
541	ap_msg.length = PAGE_SIZE;
542	ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
543				atomic_inc_return(&zcrypt_step);
544	ap_msg.private = &work;
545	rc = ICACRT_msg_to_type6CRT_msg(zdev, &ap_msg, crt);
546	if (rc)
547		goto out_free;
548	init_completion(&work);
549	ap_queue_message(zdev->ap_dev, &ap_msg);
550	rc = wait_for_completion_interruptible(&work);
551	if (rc == 0)
552		rc = convert_response(zdev, &ap_msg, crt->outputdata,
553				      crt->outputdatalength);
554	else
555		/* Signal pending. */
556		ap_cancel_message(zdev->ap_dev, &ap_msg);
557out_free:
558	free_page((unsigned long) ap_msg.message);
559	return rc;
560}
561
562/**
563 * The crypto operations for a PCICC card.
564 */
565static struct zcrypt_ops zcrypt_pcicc_ops = {
566	.rsa_modexpo = zcrypt_pcicc_modexpo,
567	.rsa_modexpo_crt = zcrypt_pcicc_modexpo_crt,
568};
569
570/**
571 * Probe function for PCICC cards. It always accepts the AP device
572 * since the bus_match already checked the hardware type.
573 * @ap_dev: pointer to the AP device.
574 */
575static int zcrypt_pcicc_probe(struct ap_device *ap_dev)
576{
577	struct zcrypt_device *zdev;
578	int rc;
579
580	zdev = zcrypt_device_alloc(PCICC_MAX_RESPONSE_SIZE);
581	if (!zdev)
582		return -ENOMEM;
583	zdev->ap_dev = ap_dev;
584	zdev->ops = &zcrypt_pcicc_ops;
585	zdev->online = 1;
586	zdev->user_space_type = ZCRYPT_PCICC;
587	zdev->type_string = "PCICC";
588	zdev->min_mod_size = PCICC_MIN_MOD_SIZE;
589	zdev->max_mod_size = PCICC_MAX_MOD_SIZE;
590	zdev->speed_rating = PCICC_SPEED_RATING;
591	zdev->max_exp_bit_length = PCICC_MAX_MOD_SIZE;
592	ap_dev->reply = &zdev->reply;
593	ap_dev->private = zdev;
594	rc = zcrypt_device_register(zdev);
595	if (rc)
596		goto out_free;
597	return 0;
598
599 out_free:
600	ap_dev->private = NULL;
601	zcrypt_device_free(zdev);
602	return rc;
603}
604
605/**
606 * This is called to remove the extended PCICC driver information
607 * if an AP device is removed.
608 */
609static void zcrypt_pcicc_remove(struct ap_device *ap_dev)
610{
611	struct zcrypt_device *zdev = ap_dev->private;
612
613	zcrypt_device_unregister(zdev);
614}
615
616int __init zcrypt_pcicc_init(void)
617{
618	return ap_driver_register(&zcrypt_pcicc_driver, THIS_MODULE, "pcicc");
619}
620
621void zcrypt_pcicc_exit(void)
622{
623	ap_driver_unregister(&zcrypt_pcicc_driver);
624}
625
626module_init(zcrypt_pcicc_init);
627module_exit(zcrypt_pcicc_exit);
628