root/drivers/s390/crypto/zcrypt_msgtype6.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. speed_idx_cca
  2. speed_idx_ep11
  3. ICAMEX_msg_to_type6MEX_msgX
  4. ICACRT_msg_to_type6CRT_msgX
  5. XCRB_msg_to_type6CPRB_msgX
  6. xcrb_msg_to_type6_ep11cprb_msgx
  7. convert_type86_ica
  8. convert_type86_xcrb
  9. convert_type86_ep11_xcrb
  10. convert_type86_rng
  11. convert_response_ica
  12. convert_response_xcrb
  13. convert_response_ep11_xcrb
  14. convert_response_rng
  15. zcrypt_msgtype6_receive
  16. zcrypt_msgtype6_receive_ep11
  17. zcrypt_msgtype6_modexpo
  18. zcrypt_msgtype6_modexpo_crt
  19. get_cprb_fc
  20. zcrypt_msgtype6_send_cprb
  21. get_ep11cprb_fc
  22. zcrypt_msgtype6_send_ep11_cprb
  23. get_rng_fc
  24. zcrypt_msgtype6_rng
  25. zcrypt_msgtype6_init
  26. zcrypt_msgtype6_exit

   1 // SPDX-License-Identifier: GPL-2.0+
   2 /*
   3  *  Copyright IBM Corp. 2001, 2012
   4  *  Author(s): Robert Burroughs
   5  *             Eric Rossman (edrossma@us.ibm.com)
   6  *
   7  *  Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
   8  *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
   9  *                                Ralph Wuerthner <rwuerthn@de.ibm.com>
  10  *  MSGTYPE restruct:             Holger Dengler <hd@linux.vnet.ibm.com>
  11  */
  12 
  13 #define KMSG_COMPONENT "zcrypt"
  14 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
  15 
  16 #include <linux/module.h>
  17 #include <linux/init.h>
  18 #include <linux/err.h>
  19 #include <linux/delay.h>
  20 #include <linux/slab.h>
  21 #include <linux/atomic.h>
  22 #include <linux/uaccess.h>
  23 
  24 #include "ap_bus.h"
  25 #include "zcrypt_api.h"
  26 #include "zcrypt_error.h"
  27 #include "zcrypt_msgtype6.h"
  28 #include "zcrypt_cca_key.h"
  29 
  30 #define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply       */
  31 
  32 #define CEIL4(x) ((((x)+3)/4)*4)
  33 
  34 struct response_type {
  35         struct completion work;
  36         int type;
  37 };
  38 #define CEXXC_RESPONSE_TYPE_ICA  0
  39 #define CEXXC_RESPONSE_TYPE_XCRB 1
  40 #define CEXXC_RESPONSE_TYPE_EP11 2
  41 
  42 MODULE_AUTHOR("IBM Corporation");
  43 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
  44                    "Copyright IBM Corp. 2001, 2012");
  45 MODULE_LICENSE("GPL");
  46 
  47 /**
  48  * CPRB
  49  *        Note that all shorts, ints and longs are little-endian.
  50  *        All pointer fields are 32-bits long, and mean nothing
  51  *
  52  *        A request CPRB is followed by a request_parameter_block.
  53  *
  54  *        The request (or reply) parameter block is organized thus:
  55  *          function code
  56  *          VUD block
  57  *          key block
  58  */
  59 struct CPRB {
  60         unsigned short cprb_len;        /* CPRB length                   */
  61         unsigned char cprb_ver_id;      /* CPRB version id.              */
  62         unsigned char pad_000;          /* Alignment pad byte.           */
  63         unsigned char srpi_rtcode[4];   /* SRPI return code LELONG       */
  64         unsigned char srpi_verb;        /* SRPI verb type                */
  65         unsigned char flags;            /* flags                         */
  66         unsigned char func_id[2];       /* function id                   */
  67         unsigned char checkpoint_flag;  /*                               */
  68         unsigned char resv2;            /* reserved                      */
  69         unsigned short req_parml;       /* request parameter buffer      */
  70                                         /* length 16-bit little endian   */
  71         unsigned char req_parmp[4];     /* request parameter buffer      *
  72                                          * pointer (means nothing: the   *
  73                                          * parameter buffer follows      *
  74                                          * the CPRB).                    */
  75         unsigned char req_datal[4];     /* request data buffer           */
  76                                         /* length         ULELONG        */
  77         unsigned char req_datap[4];     /* request data buffer           */
  78                                         /* pointer                       */
  79         unsigned short rpl_parml;       /* reply  parameter buffer       */
  80                                         /* length 16-bit little endian   */
  81         unsigned char pad_001[2];       /* Alignment pad bytes. ULESHORT */
  82         unsigned char rpl_parmp[4];     /* reply parameter buffer        *
  83                                          * pointer (means nothing: the   *
  84                                          * parameter buffer follows      *
  85                                          * the CPRB).                    */
  86         unsigned char rpl_datal[4];     /* reply data buffer len ULELONG */
  87         unsigned char rpl_datap[4];     /* reply data buffer             */
  88                                         /* pointer                       */
  89         unsigned short ccp_rscode;      /* server reason code   ULESHORT */
  90         unsigned short ccp_rtcode;      /* server return code   ULESHORT */
  91         unsigned char repd_parml[2];    /* replied parameter len ULESHORT*/
  92         unsigned char mac_data_len[2];  /* Mac Data Length      ULESHORT */
  93         unsigned char repd_datal[4];    /* replied data length  ULELONG  */
  94         unsigned char req_pc[2];        /* PC identifier                 */
  95         unsigned char res_origin[8];    /* resource origin               */
  96         unsigned char mac_value[8];     /* Mac Value                     */
  97         unsigned char logon_id[8];      /* Logon Identifier              */
  98         unsigned char usage_domain[2];  /* cdx                           */
  99         unsigned char resv3[18];        /* reserved for requestor        */
 100         unsigned short svr_namel;       /* server name length  ULESHORT  */
 101         unsigned char svr_name[8];      /* server name                   */
 102 } __packed;
 103 
 104 struct function_and_rules_block {
 105         unsigned char function_code[2];
 106         unsigned short ulen;
 107         unsigned char only_rule[8];
 108 } __packed;
 109 
 110 /**
 111  * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP
 112  * card in a type6 message. The 3 fields that must be filled in at execution
 113  * time are  req_parml, rpl_parml and usage_domain.
 114  * Everything about this interface is ascii/big-endian, since the
 115  * device does *not* have 'Intel inside'.
 116  *
 117  * The CPRBX is followed immediately by the parm block.
 118  * The parm block contains:
 119  * - function code ('PD' 0x5044 or 'PK' 0x504B)
 120  * - rule block (one of:)
 121  *   + 0x000A 'PKCS-1.2' (MCL2 'PD')
 122  *   + 0x000A 'ZERO-PAD' (MCL2 'PK')
 123  *   + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
 124  *   + 0x000A 'MRP     ' (MCL3 'PK' or CEX2C 'PK')
 125  * - VUD block
 126  */
 127 static const struct CPRBX static_cprbx = {
 128         .cprb_len       =  0x00DC,
 129         .cprb_ver_id    =  0x02,
 130         .func_id        = {0x54, 0x32},
 131 };
 132 
 133 int speed_idx_cca(int req_type)
 134 {
 135         switch (req_type) {
 136         case 0x4142:
 137         case 0x4149:
 138         case 0x414D:
 139         case 0x4341:
 140         case 0x4344:
 141         case 0x4354:
 142         case 0x4358:
 143         case 0x444B:
 144         case 0x4558:
 145         case 0x4643:
 146         case 0x4651:
 147         case 0x4C47:
 148         case 0x4C4B:
 149         case 0x4C51:
 150         case 0x4F48:
 151         case 0x504F:
 152         case 0x5053:
 153         case 0x5058:
 154         case 0x5343:
 155         case 0x5344:
 156         case 0x5345:
 157         case 0x5350:
 158                 return LOW;
 159         case 0x414B:
 160         case 0x4345:
 161         case 0x4349:
 162         case 0x434D:
 163         case 0x4847:
 164         case 0x4849:
 165         case 0x484D:
 166         case 0x4850:
 167         case 0x4851:
 168         case 0x4954:
 169         case 0x4958:
 170         case 0x4B43:
 171         case 0x4B44:
 172         case 0x4B45:
 173         case 0x4B47:
 174         case 0x4B48:
 175         case 0x4B49:
 176         case 0x4B4E:
 177         case 0x4B50:
 178         case 0x4B52:
 179         case 0x4B54:
 180         case 0x4B58:
 181         case 0x4D50:
 182         case 0x4D53:
 183         case 0x4D56:
 184         case 0x4D58:
 185         case 0x5044:
 186         case 0x5045:
 187         case 0x5046:
 188         case 0x5047:
 189         case 0x5049:
 190         case 0x504B:
 191         case 0x504D:
 192         case 0x5254:
 193         case 0x5347:
 194         case 0x5349:
 195         case 0x534B:
 196         case 0x534D:
 197         case 0x5356:
 198         case 0x5358:
 199         case 0x5443:
 200         case 0x544B:
 201         case 0x5647:
 202                 return HIGH;
 203         default:
 204                 return MEDIUM;
 205         }
 206 }
 207 
 208 int speed_idx_ep11(int req_type)
 209 {
 210         switch (req_type) {
 211         case  1:
 212         case  2:
 213         case 36:
 214         case 37:
 215         case 38:
 216         case 39:
 217         case 40:
 218                 return LOW;
 219         case 17:
 220         case 18:
 221         case 19:
 222         case 20:
 223         case 21:
 224         case 22:
 225         case 26:
 226         case 30:
 227         case 31:
 228         case 32:
 229         case 33:
 230         case 34:
 231         case 35:
 232                 return HIGH;
 233         default:
 234                 return MEDIUM;
 235         }
 236 }
 237 
 238 
 239 /**
 240  * Convert a ICAMEX message to a type6 MEX message.
 241  *
 242  * @zq: crypto device pointer
 243  * @ap_msg: pointer to AP message
 244  * @mex: pointer to user input data
 245  *
 246  * Returns 0 on success or negative errno value.
 247  */
 248 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq,
 249                                        struct ap_message *ap_msg,
 250                                        struct ica_rsa_modexpo *mex)
 251 {
 252         static struct type6_hdr static_type6_hdrX = {
 253                 .type           =  0x06,
 254                 .offset1        =  0x00000058,
 255                 .agent_id       = {'C', 'A',},
 256                 .function_code  = {'P', 'K'},
 257         };
 258         static struct function_and_rules_block static_pke_fnr = {
 259                 .function_code  = {'P', 'K'},
 260                 .ulen           = 10,
 261                 .only_rule      = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
 262         };
 263         struct {
 264                 struct type6_hdr hdr;
 265                 struct CPRBX cprbx;
 266                 struct function_and_rules_block fr;
 267                 unsigned short length;
 268                 char text[0];
 269         } __packed * msg = ap_msg->message;
 270         int size;
 271 
 272         /*
 273          * The inputdatalength was a selection criteria in the dispatching
 274          * function zcrypt_rsa_modexpo(). However, make sure the following
 275          * copy_from_user() never exceeds the allocated buffer space.
 276          */
 277         if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
 278                 return -EINVAL;
 279 
 280         /* VUD.ciphertext */
 281         msg->length = mex->inputdatalength + 2;
 282         if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
 283                 return -EFAULT;
 284 
 285         /* Set up key which is located after the variable length text. */
 286         size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength);
 287         if (size < 0)
 288                 return size;
 289         size += sizeof(*msg) + mex->inputdatalength;
 290 
 291         /* message header, cprbx and f&r */
 292         msg->hdr = static_type6_hdrX;
 293         msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
 294         msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
 295 
 296         msg->cprbx = static_cprbx;
 297         msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
 298         msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
 299 
 300         msg->fr = static_pke_fnr;
 301 
 302         msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
 303 
 304         ap_msg->length = size;
 305         return 0;
 306 }
 307 
 308 /**
 309  * Convert a ICACRT message to a type6 CRT message.
 310  *
 311  * @zq: crypto device pointer
 312  * @ap_msg: pointer to AP message
 313  * @crt: pointer to user input data
 314  *
 315  * Returns 0 on success or negative errno value.
 316  */
 317 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq,
 318                                        struct ap_message *ap_msg,
 319                                        struct ica_rsa_modexpo_crt *crt)
 320 {
 321         static struct type6_hdr static_type6_hdrX = {
 322                 .type           =  0x06,
 323                 .offset1        =  0x00000058,
 324                 .agent_id       = {'C', 'A',},
 325                 .function_code  = {'P', 'D'},
 326         };
 327         static struct function_and_rules_block static_pkd_fnr = {
 328                 .function_code  = {'P', 'D'},
 329                 .ulen           = 10,
 330                 .only_rule      = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
 331         };
 332 
 333         struct {
 334                 struct type6_hdr hdr;
 335                 struct CPRBX cprbx;
 336                 struct function_and_rules_block fr;
 337                 unsigned short length;
 338                 char text[0];
 339         } __packed * msg = ap_msg->message;
 340         int size;
 341 
 342         /*
 343          * The inputdatalength was a selection criteria in the dispatching
 344          * function zcrypt_rsa_crt(). However, make sure the following
 345          * copy_from_user() never exceeds the allocated buffer space.
 346          */
 347         if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
 348                 return -EINVAL;
 349 
 350         /* VUD.ciphertext */
 351         msg->length = crt->inputdatalength + 2;
 352         if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
 353                 return -EFAULT;
 354 
 355         /* Set up key which is located after the variable length text. */
 356         size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
 357         if (size < 0)
 358                 return size;
 359         size += sizeof(*msg) + crt->inputdatalength;    /* total size of msg */
 360 
 361         /* message header, cprbx and f&r */
 362         msg->hdr = static_type6_hdrX;
 363         msg->hdr.ToCardLen1 = size -  sizeof(msg->hdr);
 364         msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
 365 
 366         msg->cprbx = static_cprbx;
 367         msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
 368         msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
 369                 size - sizeof(msg->hdr) - sizeof(msg->cprbx);
 370 
 371         msg->fr = static_pkd_fnr;
 372 
 373         ap_msg->length = size;
 374         return 0;
 375 }
 376 
 377 /**
 378  * Convert a XCRB message to a type6 CPRB message.
 379  *
 380  * @zq: crypto device pointer
 381  * @ap_msg: pointer to AP message
 382  * @xcRB: pointer to user input data
 383  *
 384  * Returns 0 on success or -EFAULT, -EINVAL.
 385  */
 386 struct type86_fmt2_msg {
 387         struct type86_hdr hdr;
 388         struct type86_fmt2_ext fmt2;
 389 } __packed;
 390 
 391 static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg,
 392                                       struct ica_xcRB *xcRB,
 393                                       unsigned int *fcode,
 394                                       unsigned short **dom)
 395 {
 396         static struct type6_hdr static_type6_hdrX = {
 397                 .type           =  0x06,
 398                 .offset1        =  0x00000058,
 399         };
 400         struct {
 401                 struct type6_hdr hdr;
 402                 struct CPRBX cprbx;
 403         } __packed * msg = ap_msg->message;
 404 
 405         int rcblen = CEIL4(xcRB->request_control_blk_length);
 406         int replylen, req_sumlen, resp_sumlen;
 407         char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen;
 408         char *function_code;
 409 
 410         if (CEIL4(xcRB->request_control_blk_length) <
 411                         xcRB->request_control_blk_length)
 412                 return -EINVAL; /* overflow after alignment*/
 413 
 414         /* length checks */
 415         ap_msg->length = sizeof(struct type6_hdr) +
 416                 CEIL4(xcRB->request_control_blk_length) +
 417                 xcRB->request_data_length;
 418         if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE)
 419                 return -EINVAL;
 420 
 421         /*
 422          * Overflow check
 423          * sum must be greater (or equal) than the largest operand
 424          */
 425         req_sumlen = CEIL4(xcRB->request_control_blk_length) +
 426                         xcRB->request_data_length;
 427         if ((CEIL4(xcRB->request_control_blk_length) <=
 428                                                 xcRB->request_data_length) ?
 429                 (req_sumlen < xcRB->request_data_length) :
 430                 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
 431                 return -EINVAL;
 432         }
 433 
 434         if (CEIL4(xcRB->reply_control_blk_length) <
 435                         xcRB->reply_control_blk_length)
 436                 return -EINVAL; /* overflow after alignment*/
 437 
 438         replylen = sizeof(struct type86_fmt2_msg) +
 439                 CEIL4(xcRB->reply_control_blk_length) +
 440                 xcRB->reply_data_length;
 441         if (replylen > MSGTYPE06_MAX_MSG_SIZE)
 442                 return -EINVAL;
 443 
 444         /*
 445          * Overflow check
 446          * sum must be greater (or equal) than the largest operand
 447          */
 448         resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
 449                         xcRB->reply_data_length;
 450         if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
 451                 (resp_sumlen < xcRB->reply_data_length) :
 452                 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
 453                 return -EINVAL;
 454         }
 455 
 456         /* prepare type6 header */
 457         msg->hdr = static_type6_hdrX;
 458         memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
 459         msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
 460         if (xcRB->request_data_length) {
 461                 msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
 462                 msg->hdr.ToCardLen2 = xcRB->request_data_length;
 463         }
 464         msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
 465         msg->hdr.FromCardLen2 = xcRB->reply_data_length;
 466 
 467         /* prepare CPRB */
 468         if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr,
 469                     xcRB->request_control_blk_length))
 470                 return -EFAULT;
 471         if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
 472             xcRB->request_control_blk_length)
 473                 return -EINVAL;
 474         function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
 475         memcpy(msg->hdr.function_code, function_code,
 476                sizeof(msg->hdr.function_code));
 477 
 478         *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
 479         *dom = (unsigned short *)&msg->cprbx.domain;
 480 
 481         if (memcmp(function_code, "US", 2) == 0
 482             || memcmp(function_code, "AU", 2) == 0)
 483                 ap_msg->special = 1;
 484         else
 485                 ap_msg->special = 0;
 486 
 487         /* copy data block */
 488         if (xcRB->request_data_length &&
 489             copy_from_user(req_data, xcRB->request_data_address,
 490                 xcRB->request_data_length))
 491                 return -EFAULT;
 492 
 493         return 0;
 494 }
 495 
 496 static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg,
 497                                        struct ep11_urb *xcRB,
 498                                        unsigned int *fcode)
 499 {
 500         unsigned int lfmt;
 501         static struct type6_hdr static_type6_ep11_hdr = {
 502                 .type           =  0x06,
 503                 .rqid           = {0x00, 0x01},
 504                 .function_code  = {0x00, 0x00},
 505                 .agent_id[0]    =  0x58,        /* {'X'} */
 506                 .agent_id[1]    =  0x43,        /* {'C'} */
 507                 .offset1        =  0x00000058,
 508         };
 509 
 510         struct {
 511                 struct type6_hdr hdr;
 512                 struct ep11_cprb cprbx;
 513                 unsigned char   pld_tag;        /* fixed value 0x30 */
 514                 unsigned char   pld_lenfmt;     /* payload length format */
 515         } __packed * msg = ap_msg->message;
 516 
 517         struct pld_hdr {
 518                 unsigned char   func_tag;       /* fixed value 0x4 */
 519                 unsigned char   func_len;       /* fixed value 0x4 */
 520                 unsigned int    func_val;       /* function ID     */
 521                 unsigned char   dom_tag;        /* fixed value 0x4 */
 522                 unsigned char   dom_len;        /* fixed value 0x4 */
 523                 unsigned int    dom_val;        /* domain id       */
 524         } __packed * payload_hdr = NULL;
 525 
 526         if (CEIL4(xcRB->req_len) < xcRB->req_len)
 527                 return -EINVAL; /* overflow after alignment*/
 528 
 529         /* length checks */
 530         ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len;
 531         if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
 532                                    (sizeof(struct type6_hdr)))
 533                 return -EINVAL;
 534 
 535         if (CEIL4(xcRB->resp_len) < xcRB->resp_len)
 536                 return -EINVAL; /* overflow after alignment*/
 537 
 538         if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
 539                                     (sizeof(struct type86_fmt2_msg)))
 540                 return -EINVAL;
 541 
 542         /* prepare type6 header */
 543         msg->hdr = static_type6_ep11_hdr;
 544         msg->hdr.ToCardLen1   = xcRB->req_len;
 545         msg->hdr.FromCardLen1 = xcRB->resp_len;
 546 
 547         /* Import CPRB data from the ioctl input parameter */
 548         if (copy_from_user(&(msg->cprbx.cprb_len),
 549                            (char __force __user *)xcRB->req, xcRB->req_len)) {
 550                 return -EFAULT;
 551         }
 552 
 553         if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
 554                 switch (msg->pld_lenfmt & 0x03) {
 555                 case 1:
 556                         lfmt = 2;
 557                         break;
 558                 case 2:
 559                         lfmt = 3;
 560                         break;
 561                 default:
 562                         return -EINVAL;
 563                 }
 564         } else {
 565                 lfmt = 1; /* length format #1 */
 566         }
 567         payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
 568         *fcode = payload_hdr->func_val & 0xFFFF;
 569 
 570         /* enable special processing based on the cprbs flags special bit */
 571         if (msg->cprbx.flags & 0x20)
 572                 ap_msg->special = 1;
 573 
 574         return 0;
 575 }
 576 
 577 /**
 578  * Copy results from a type 86 ICA reply message back to user space.
 579  *
 580  * @zq: crypto device pointer
 581  * @reply: reply AP message.
 582  * @data: pointer to user output data
 583  * @length: size of user output data
 584  *
 585  * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 586  */
 587 struct type86x_reply {
 588         struct type86_hdr hdr;
 589         struct type86_fmt2_ext fmt2;
 590         struct CPRBX cprbx;
 591         unsigned char pad[4];   /* 4 byte function code/rules block ? */
 592         unsigned short length;
 593         char text[0];
 594 } __packed;
 595 
 596 struct type86_ep11_reply {
 597         struct type86_hdr hdr;
 598         struct type86_fmt2_ext fmt2;
 599         struct ep11_cprb cprbx;
 600 } __packed;
 601 
 602 static int convert_type86_ica(struct zcrypt_queue *zq,
 603                           struct ap_message *reply,
 604                           char __user *outputdata,
 605                           unsigned int outputdatalength)
 606 {
 607         static unsigned char static_pad[] = {
 608                 0x00, 0x02,
 609                 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
 610                 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
 611                 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
 612                 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
 613                 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
 614                 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
 615                 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
 616                 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
 617                 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
 618                 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
 619                 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
 620                 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
 621                 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
 622                 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
 623                 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
 624                 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
 625                 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
 626                 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
 627                 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
 628                 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
 629                 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
 630                 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
 631                 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
 632                 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
 633                 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
 634                 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
 635                 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
 636                 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
 637                 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
 638                 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
 639                 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
 640                 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
 641         };
 642         struct type86x_reply *msg = reply->message;
 643         unsigned short service_rc, service_rs;
 644         unsigned int reply_len, pad_len;
 645         char *data;
 646 
 647         service_rc = msg->cprbx.ccp_rtcode;
 648         if (unlikely(service_rc != 0)) {
 649                 service_rs = msg->cprbx.ccp_rscode;
 650                 if ((service_rc == 8 && service_rs == 66) ||
 651                     (service_rc == 8 && service_rs == 65) ||
 652                     (service_rc == 8 && service_rs == 72) ||
 653                     (service_rc == 8 && service_rs == 770) ||
 654                     (service_rc == 12 && service_rs == 769)) {
 655                         ZCRYPT_DBF(DBF_DEBUG,
 656                                    "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
 657                                    AP_QID_CARD(zq->queue->qid),
 658                                    AP_QID_QUEUE(zq->queue->qid),
 659                                    (int) service_rc, (int) service_rs);
 660                         return -EINVAL;
 661                 }
 662                 zq->online = 0;
 663                 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 664                        AP_QID_CARD(zq->queue->qid),
 665                        AP_QID_QUEUE(zq->queue->qid));
 666                 ZCRYPT_DBF(DBF_ERR,
 667                            "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
 668                            AP_QID_CARD(zq->queue->qid),
 669                            AP_QID_QUEUE(zq->queue->qid),
 670                            (int) service_rc, (int) service_rs);
 671                 return -EAGAIN; /* repeat the request on a different device. */
 672         }
 673         data = msg->text;
 674         reply_len = msg->length - 2;
 675         if (reply_len > outputdatalength)
 676                 return -EINVAL;
 677         /*
 678          * For all encipher requests, the length of the ciphertext (reply_len)
 679          * will always equal the modulus length. For MEX decipher requests
 680          * the output needs to get padded. Minimum pad size is 10.
 681          *
 682          * Currently, the cases where padding will be added is for:
 683          * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
 684          *   ZERO-PAD and CRT is only supported for PKD requests)
 685          * - PCICC, always
 686          */
 687         pad_len = outputdatalength - reply_len;
 688         if (pad_len > 0) {
 689                 if (pad_len < 10)
 690                         return -EINVAL;
 691                 /* 'restore' padding left in the CEXXC card. */
 692                 if (copy_to_user(outputdata, static_pad, pad_len - 1))
 693                         return -EFAULT;
 694                 if (put_user(0, outputdata + pad_len - 1))
 695                         return -EFAULT;
 696         }
 697         /* Copy the crypto response to user space. */
 698         if (copy_to_user(outputdata + pad_len, data, reply_len))
 699                 return -EFAULT;
 700         return 0;
 701 }
 702 
 703 /**
 704  * Copy results from a type 86 XCRB reply message back to user space.
 705  *
 706  * @zq: crypto device pointer
 707  * @reply: reply AP message.
 708  * @xcRB: pointer to XCRB
 709  *
 710  * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 711  */
 712 static int convert_type86_xcrb(struct zcrypt_queue *zq,
 713                                struct ap_message *reply,
 714                                struct ica_xcRB *xcRB)
 715 {
 716         struct type86_fmt2_msg *msg = reply->message;
 717         char *data = reply->message;
 718 
 719         /* Copy CPRB to user */
 720         if (copy_to_user(xcRB->reply_control_blk_addr,
 721                 data + msg->fmt2.offset1, msg->fmt2.count1))
 722                 return -EFAULT;
 723         xcRB->reply_control_blk_length = msg->fmt2.count1;
 724 
 725         /* Copy data buffer to user */
 726         if (msg->fmt2.count2)
 727                 if (copy_to_user(xcRB->reply_data_addr,
 728                         data + msg->fmt2.offset2, msg->fmt2.count2))
 729                         return -EFAULT;
 730         xcRB->reply_data_length = msg->fmt2.count2;
 731         return 0;
 732 }
 733 
 734 /**
 735  * Copy results from a type 86 EP11 XCRB reply message back to user space.
 736  *
 737  * @zq: crypto device pointer
 738  * @reply: reply AP message.
 739  * @xcRB: pointer to EP11 user request block
 740  *
 741  * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 742  */
 743 static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq,
 744                                     struct ap_message *reply,
 745                                     struct ep11_urb *xcRB)
 746 {
 747         struct type86_fmt2_msg *msg = reply->message;
 748         char *data = reply->message;
 749 
 750         if (xcRB->resp_len < msg->fmt2.count1)
 751                 return -EINVAL;
 752 
 753         /* Copy response CPRB to user */
 754         if (copy_to_user((char __force __user *)xcRB->resp,
 755                          data + msg->fmt2.offset1, msg->fmt2.count1))
 756                 return -EFAULT;
 757         xcRB->resp_len = msg->fmt2.count1;
 758         return 0;
 759 }
 760 
 761 static int convert_type86_rng(struct zcrypt_queue *zq,
 762                           struct ap_message *reply,
 763                           char *buffer)
 764 {
 765         struct {
 766                 struct type86_hdr hdr;
 767                 struct type86_fmt2_ext fmt2;
 768                 struct CPRBX cprbx;
 769         } __packed * msg = reply->message;
 770         char *data = reply->message;
 771 
 772         if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
 773                 return -EINVAL;
 774         memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
 775         return msg->fmt2.count2;
 776 }
 777 
 778 static int convert_response_ica(struct zcrypt_queue *zq,
 779                             struct ap_message *reply,
 780                             char __user *outputdata,
 781                             unsigned int outputdatalength)
 782 {
 783         struct type86x_reply *msg = reply->message;
 784 
 785         switch (msg->hdr.type) {
 786         case TYPE82_RSP_CODE:
 787         case TYPE88_RSP_CODE:
 788                 return convert_error(zq, reply);
 789         case TYPE86_RSP_CODE:
 790                 if (msg->cprbx.ccp_rtcode &&
 791                    (msg->cprbx.ccp_rscode == 0x14f) &&
 792                    (outputdatalength > 256)) {
 793                         if (zq->zcard->max_exp_bit_length <= 17) {
 794                                 zq->zcard->max_exp_bit_length = 17;
 795                                 return -EAGAIN;
 796                         } else
 797                                 return -EINVAL;
 798                 }
 799                 if (msg->hdr.reply_code)
 800                         return convert_error(zq, reply);
 801                 if (msg->cprbx.cprb_ver_id == 0x02)
 802                         return convert_type86_ica(zq, reply,
 803                                                   outputdata, outputdatalength);
 804                 /* fall through - wrong cprb version is an unknown response */
 805         default: /* Unknown response type, this should NEVER EVER happen */
 806                 zq->online = 0;
 807                 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 808                        AP_QID_CARD(zq->queue->qid),
 809                        AP_QID_QUEUE(zq->queue->qid));
 810                 ZCRYPT_DBF(DBF_ERR,
 811                            "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 812                            AP_QID_CARD(zq->queue->qid),
 813                            AP_QID_QUEUE(zq->queue->qid),
 814                            (int) msg->hdr.type);
 815                 return -EAGAIN; /* repeat the request on a different device. */
 816         }
 817 }
 818 
 819 static int convert_response_xcrb(struct zcrypt_queue *zq,
 820                             struct ap_message *reply,
 821                             struct ica_xcRB *xcRB)
 822 {
 823         struct type86x_reply *msg = reply->message;
 824 
 825         switch (msg->hdr.type) {
 826         case TYPE82_RSP_CODE:
 827         case TYPE88_RSP_CODE:
 828                 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
 829                 return convert_error(zq, reply);
 830         case TYPE86_RSP_CODE:
 831                 if (msg->hdr.reply_code) {
 832                         memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
 833                         return convert_error(zq, reply);
 834                 }
 835                 if (msg->cprbx.cprb_ver_id == 0x02)
 836                         return convert_type86_xcrb(zq, reply, xcRB);
 837                 /* fall through - wrong cprb version is an unknown response */
 838         default: /* Unknown response type, this should NEVER EVER happen */
 839                 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
 840                 zq->online = 0;
 841                 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 842                        AP_QID_CARD(zq->queue->qid),
 843                        AP_QID_QUEUE(zq->queue->qid));
 844                 ZCRYPT_DBF(DBF_ERR,
 845                            "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 846                            AP_QID_CARD(zq->queue->qid),
 847                            AP_QID_QUEUE(zq->queue->qid),
 848                            (int) msg->hdr.type);
 849                 return -EAGAIN; /* repeat the request on a different device. */
 850         }
 851 }
 852 
 853 static int convert_response_ep11_xcrb(struct zcrypt_queue *zq,
 854         struct ap_message *reply, struct ep11_urb *xcRB)
 855 {
 856         struct type86_ep11_reply *msg = reply->message;
 857 
 858         switch (msg->hdr.type) {
 859         case TYPE82_RSP_CODE:
 860         case TYPE87_RSP_CODE:
 861                 return convert_error(zq, reply);
 862         case TYPE86_RSP_CODE:
 863                 if (msg->hdr.reply_code)
 864                         return convert_error(zq, reply);
 865                 if (msg->cprbx.cprb_ver_id == 0x04)
 866                         return convert_type86_ep11_xcrb(zq, reply, xcRB);
 867                 /* fall through - wrong cprb version is an unknown resp */
 868         default: /* Unknown response type, this should NEVER EVER happen */
 869                 zq->online = 0;
 870                 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 871                        AP_QID_CARD(zq->queue->qid),
 872                        AP_QID_QUEUE(zq->queue->qid));
 873                 ZCRYPT_DBF(DBF_ERR,
 874                            "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 875                            AP_QID_CARD(zq->queue->qid),
 876                            AP_QID_QUEUE(zq->queue->qid),
 877                            (int) msg->hdr.type);
 878                 return -EAGAIN; /* repeat the request on a different device. */
 879         }
 880 }
 881 
 882 static int convert_response_rng(struct zcrypt_queue *zq,
 883                                  struct ap_message *reply,
 884                                  char *data)
 885 {
 886         struct type86x_reply *msg = reply->message;
 887 
 888         switch (msg->hdr.type) {
 889         case TYPE82_RSP_CODE:
 890         case TYPE88_RSP_CODE:
 891                 return -EINVAL;
 892         case TYPE86_RSP_CODE:
 893                 if (msg->hdr.reply_code)
 894                         return -EINVAL;
 895                 if (msg->cprbx.cprb_ver_id == 0x02)
 896                         return convert_type86_rng(zq, reply, data);
 897                 /* fall through - wrong cprb version is an unknown response */
 898         default: /* Unknown response type, this should NEVER EVER happen */
 899                 zq->online = 0;
 900                 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 901                        AP_QID_CARD(zq->queue->qid),
 902                        AP_QID_QUEUE(zq->queue->qid));
 903                 ZCRYPT_DBF(DBF_ERR,
 904                            "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 905                            AP_QID_CARD(zq->queue->qid),
 906                            AP_QID_QUEUE(zq->queue->qid),
 907                            (int) msg->hdr.type);
 908                 return -EAGAIN; /* repeat the request on a different device. */
 909         }
 910 }
 911 
 912 /**
 913  * This function is called from the AP bus code after a crypto request
 914  * "msg" has finished with the reply message "reply".
 915  * It is called from tasklet context.
 916  * @aq: pointer to the AP queue
 917  * @msg: pointer to the AP message
 918  * @reply: pointer to the AP reply message
 919  */
 920 static void zcrypt_msgtype6_receive(struct ap_queue *aq,
 921                                   struct ap_message *msg,
 922                                   struct ap_message *reply)
 923 {
 924         static struct error_hdr error_reply = {
 925                 .type = TYPE82_RSP_CODE,
 926                 .reply_code = REP82_ERROR_MACHINE_FAILURE,
 927         };
 928         struct response_type *resp_type =
 929                 (struct response_type *) msg->private;
 930         struct type86x_reply *t86r;
 931         int length;
 932 
 933         /* Copy the reply message to the request message buffer. */
 934         if (!reply)
 935                 goto out;       /* ap_msg->rc indicates the error */
 936         t86r = reply->message;
 937         if (t86r->hdr.type == TYPE86_RSP_CODE &&
 938                  t86r->cprbx.cprb_ver_id == 0x02) {
 939                 switch (resp_type->type) {
 940                 case CEXXC_RESPONSE_TYPE_ICA:
 941                         length = sizeof(struct type86x_reply)
 942                                 + t86r->length - 2;
 943                         length = min(CEXXC_MAX_ICA_RESPONSE_SIZE, length);
 944                         memcpy(msg->message, reply->message, length);
 945                         break;
 946                 case CEXXC_RESPONSE_TYPE_XCRB:
 947                         length = t86r->fmt2.offset2 + t86r->fmt2.count2;
 948                         length = min(MSGTYPE06_MAX_MSG_SIZE, length);
 949                         memcpy(msg->message, reply->message, length);
 950                         break;
 951                 default:
 952                         memcpy(msg->message, &error_reply,
 953                                sizeof(error_reply));
 954                 }
 955         } else
 956                 memcpy(msg->message, reply->message, sizeof(error_reply));
 957 out:
 958         complete(&(resp_type->work));
 959 }
 960 
 961 /**
 962  * This function is called from the AP bus code after a crypto request
 963  * "msg" has finished with the reply message "reply".
 964  * It is called from tasklet context.
 965  * @aq: pointer to the AP queue
 966  * @msg: pointer to the AP message
 967  * @reply: pointer to the AP reply message
 968  */
 969 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
 970                                          struct ap_message *msg,
 971                                          struct ap_message *reply)
 972 {
 973         static struct error_hdr error_reply = {
 974                 .type = TYPE82_RSP_CODE,
 975                 .reply_code = REP82_ERROR_MACHINE_FAILURE,
 976         };
 977         struct response_type *resp_type =
 978                 (struct response_type *)msg->private;
 979         struct type86_ep11_reply *t86r;
 980         int length;
 981 
 982         /* Copy the reply message to the request message buffer. */
 983         if (!reply)
 984                 goto out;       /* ap_msg->rc indicates the error */
 985         t86r = reply->message;
 986         if (t86r->hdr.type == TYPE86_RSP_CODE &&
 987             t86r->cprbx.cprb_ver_id == 0x04) {
 988                 switch (resp_type->type) {
 989                 case CEXXC_RESPONSE_TYPE_EP11:
 990                         length = t86r->fmt2.offset1 + t86r->fmt2.count1;
 991                         length = min(MSGTYPE06_MAX_MSG_SIZE, length);
 992                         memcpy(msg->message, reply->message, length);
 993                         break;
 994                 default:
 995                         memcpy(msg->message, &error_reply, sizeof(error_reply));
 996                 }
 997         } else {
 998                 memcpy(msg->message, reply->message, sizeof(error_reply));
 999         }
1000 out:
1001         complete(&(resp_type->work));
1002 }
1003 
1004 static atomic_t zcrypt_step = ATOMIC_INIT(0);
1005 
1006 /**
1007  * The request distributor calls this function if it picked the CEXxC
1008  * device to handle a modexpo request.
1009  * @zq: pointer to zcrypt_queue structure that identifies the
1010  *      CEXxC device to the request distributor
1011  * @mex: pointer to the modexpo request buffer
1012  */
1013 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1014                                   struct ica_rsa_modexpo *mex)
1015 {
1016         struct ap_message ap_msg;
1017         struct response_type resp_type = {
1018                 .type = CEXXC_RESPONSE_TYPE_ICA,
1019         };
1020         int rc;
1021 
1022         ap_init_message(&ap_msg);
1023         ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1024         if (!ap_msg.message)
1025                 return -ENOMEM;
1026         ap_msg.receive = zcrypt_msgtype6_receive;
1027         ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1028                                 atomic_inc_return(&zcrypt_step);
1029         ap_msg.private = &resp_type;
1030         rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex);
1031         if (rc)
1032                 goto out_free;
1033         init_completion(&resp_type.work);
1034         ap_queue_message(zq->queue, &ap_msg);
1035         rc = wait_for_completion_interruptible(&resp_type.work);
1036         if (rc == 0) {
1037                 rc = ap_msg.rc;
1038                 if (rc == 0)
1039                         rc = convert_response_ica(zq, &ap_msg,
1040                                                   mex->outputdata,
1041                                                   mex->outputdatalength);
1042         } else
1043                 /* Signal pending. */
1044                 ap_cancel_message(zq->queue, &ap_msg);
1045 out_free:
1046         free_page((unsigned long) ap_msg.message);
1047         return rc;
1048 }
1049 
1050 /**
1051  * The request distributor calls this function if it picked the CEXxC
1052  * device to handle a modexpo_crt request.
1053  * @zq: pointer to zcrypt_queue structure that identifies the
1054  *      CEXxC device to the request distributor
1055  * @crt: pointer to the modexpoc_crt request buffer
1056  */
1057 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1058                                       struct ica_rsa_modexpo_crt *crt)
1059 {
1060         struct ap_message ap_msg;
1061         struct response_type resp_type = {
1062                 .type = CEXXC_RESPONSE_TYPE_ICA,
1063         };
1064         int rc;
1065 
1066         ap_init_message(&ap_msg);
1067         ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1068         if (!ap_msg.message)
1069                 return -ENOMEM;
1070         ap_msg.receive = zcrypt_msgtype6_receive;
1071         ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1072                                 atomic_inc_return(&zcrypt_step);
1073         ap_msg.private = &resp_type;
1074         rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt);
1075         if (rc)
1076                 goto out_free;
1077         init_completion(&resp_type.work);
1078         ap_queue_message(zq->queue, &ap_msg);
1079         rc = wait_for_completion_interruptible(&resp_type.work);
1080         if (rc == 0) {
1081                 rc = ap_msg.rc;
1082                 if (rc == 0)
1083                         rc = convert_response_ica(zq, &ap_msg,
1084                                                   crt->outputdata,
1085                                                   crt->outputdatalength);
1086         } else {
1087                 /* Signal pending. */
1088                 ap_cancel_message(zq->queue, &ap_msg);
1089         }
1090 out_free:
1091         free_page((unsigned long) ap_msg.message);
1092         return rc;
1093 }
1094 
1095 /**
1096  * Fetch function code from cprb.
1097  * Extracting the fc requires to copy the cprb from userspace.
1098  * So this function allocates memory and needs an ap_msg prepared
1099  * by the caller with ap_init_message(). Also the caller has to
1100  * make sure ap_release_message() is always called even on failure.
1101  */
1102 unsigned int get_cprb_fc(struct ica_xcRB *xcRB,
1103                                 struct ap_message *ap_msg,
1104                                 unsigned int *func_code, unsigned short **dom)
1105 {
1106         struct response_type resp_type = {
1107                 .type = CEXXC_RESPONSE_TYPE_XCRB,
1108         };
1109 
1110         ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1111         if (!ap_msg->message)
1112                 return -ENOMEM;
1113         ap_msg->receive = zcrypt_msgtype6_receive;
1114         ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1115                                 atomic_inc_return(&zcrypt_step);
1116         ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1117         if (!ap_msg->private)
1118                 return -ENOMEM;
1119         return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom);
1120 }
1121 
1122 /**
1123  * The request distributor calls this function if it picked the CEXxC
1124  * device to handle a send_cprb request.
1125  * @zq: pointer to zcrypt_queue structure that identifies the
1126  *      CEXxC device to the request distributor
1127  * @xcRB: pointer to the send_cprb request buffer
1128  */
1129 static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq,
1130                                     struct ica_xcRB *xcRB,
1131                                     struct ap_message *ap_msg)
1132 {
1133         int rc;
1134         struct response_type *rtype = (struct response_type *)(ap_msg->private);
1135 
1136         init_completion(&rtype->work);
1137         ap_queue_message(zq->queue, ap_msg);
1138         rc = wait_for_completion_interruptible(&rtype->work);
1139         if (rc == 0) {
1140                 rc = ap_msg->rc;
1141                 if (rc == 0)
1142                         rc = convert_response_xcrb(zq, ap_msg, xcRB);
1143         } else
1144                 /* Signal pending. */
1145                 ap_cancel_message(zq->queue, ap_msg);
1146 
1147         return rc;
1148 }
1149 
1150 /**
1151  * Fetch function code from ep11 cprb.
1152  * Extracting the fc requires to copy the ep11 cprb from userspace.
1153  * So this function allocates memory and needs an ap_msg prepared
1154  * by the caller with ap_init_message(). Also the caller has to
1155  * make sure ap_release_message() is always called even on failure.
1156  */
1157 unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb,
1158                                     struct ap_message *ap_msg,
1159                                     unsigned int *func_code)
1160 {
1161         struct response_type resp_type = {
1162                 .type = CEXXC_RESPONSE_TYPE_EP11,
1163         };
1164 
1165         ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1166         if (!ap_msg->message)
1167                 return -ENOMEM;
1168         ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1169         ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1170                                 atomic_inc_return(&zcrypt_step);
1171         ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1172         if (!ap_msg->private)
1173                 return -ENOMEM;
1174         return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code);
1175 }
1176 
1177 /**
1178  * The request distributor calls this function if it picked the CEX4P
1179  * device to handle a send_ep11_cprb request.
1180  * @zq: pointer to zcrypt_queue structure that identifies the
1181  *        CEX4P device to the request distributor
1182  * @xcRB: pointer to the ep11 user request block
1183  */
1184 static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq,
1185                                            struct ep11_urb *xcrb,
1186                                            struct ap_message *ap_msg)
1187 {
1188         int rc;
1189         unsigned int lfmt;
1190         struct response_type *rtype = (struct response_type *)(ap_msg->private);
1191         struct {
1192                 struct type6_hdr hdr;
1193                 struct ep11_cprb cprbx;
1194                 unsigned char   pld_tag;        /* fixed value 0x30 */
1195                 unsigned char   pld_lenfmt;     /* payload length format */
1196         } __packed * msg = ap_msg->message;
1197         struct pld_hdr {
1198                 unsigned char   func_tag;       /* fixed value 0x4 */
1199                 unsigned char   func_len;       /* fixed value 0x4 */
1200                 unsigned int    func_val;       /* function ID     */
1201                 unsigned char   dom_tag;        /* fixed value 0x4 */
1202                 unsigned char   dom_len;        /* fixed value 0x4 */
1203                 unsigned int    dom_val;        /* domain id       */
1204         } __packed * payload_hdr = NULL;
1205 
1206 
1207         /**
1208          * The target domain field within the cprb body/payload block will be
1209          * replaced by the usage domain for non-management commands only.
1210          * Therefore we check the first bit of the 'flags' parameter for
1211          * management command indication.
1212          *   0 - non management command
1213          *   1 - management command
1214          */
1215         if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1216                 msg->cprbx.target_id = (unsigned int)
1217                                         AP_QID_QUEUE(zq->queue->qid);
1218 
1219                 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1220                         switch (msg->pld_lenfmt & 0x03) {
1221                         case 1:
1222                                 lfmt = 2;
1223                                 break;
1224                         case 2:
1225                                 lfmt = 3;
1226                                 break;
1227                         default:
1228                                 return -EINVAL;
1229                         }
1230                 } else {
1231                         lfmt = 1; /* length format #1 */
1232                 }
1233                 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
1234                 payload_hdr->dom_val = (unsigned int)
1235                                         AP_QID_QUEUE(zq->queue->qid);
1236         }
1237 
1238         init_completion(&rtype->work);
1239         ap_queue_message(zq->queue, ap_msg);
1240         rc = wait_for_completion_interruptible(&rtype->work);
1241         if (rc == 0) {
1242                 rc = ap_msg->rc;
1243                 if (rc == 0)
1244                         rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb);
1245         } else
1246                 /* Signal pending. */
1247                 ap_cancel_message(zq->queue, ap_msg);
1248 
1249         return rc;
1250 }
1251 
1252 unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code,
1253                                                    unsigned int *domain)
1254 {
1255         struct response_type resp_type = {
1256                 .type = CEXXC_RESPONSE_TYPE_XCRB,
1257         };
1258 
1259         ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1260         if (!ap_msg->message)
1261                 return -ENOMEM;
1262         ap_msg->receive = zcrypt_msgtype6_receive;
1263         ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1264                                 atomic_inc_return(&zcrypt_step);
1265         ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1266         if (!ap_msg->private)
1267                 return -ENOMEM;
1268 
1269         rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1270 
1271         *func_code = HWRNG;
1272         return 0;
1273 }
1274 
1275 /**
1276  * The request distributor calls this function if it picked the CEXxC
1277  * device to generate random data.
1278  * @zq: pointer to zcrypt_queue structure that identifies the
1279  *      CEXxC device to the request distributor
1280  * @buffer: pointer to a memory page to return random data
1281  */
1282 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1283                                 char *buffer, struct ap_message *ap_msg)
1284 {
1285         struct {
1286                 struct type6_hdr hdr;
1287                 struct CPRBX cprbx;
1288                 char function_code[2];
1289                 short int rule_length;
1290                 char rule[8];
1291                 short int verb_length;
1292                 short int key_length;
1293         } __packed * msg = ap_msg->message;
1294         struct response_type *rtype = (struct response_type *)(ap_msg->private);
1295         int rc;
1296 
1297         msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1298 
1299         init_completion(&rtype->work);
1300         ap_queue_message(zq->queue, ap_msg);
1301         rc = wait_for_completion_interruptible(&rtype->work);
1302         if (rc == 0) {
1303                 rc = ap_msg->rc;
1304                 if (rc == 0)
1305                         rc = convert_response_rng(zq, ap_msg, buffer);
1306         } else
1307                 /* Signal pending. */
1308                 ap_cancel_message(zq->queue, ap_msg);
1309 
1310         return rc;
1311 }
1312 
1313 /**
1314  * The crypto operations for a CEXxC card.
1315  */
1316 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1317         .owner = THIS_MODULE,
1318         .name = MSGTYPE06_NAME,
1319         .variant = MSGTYPE06_VARIANT_NORNG,
1320         .rsa_modexpo = zcrypt_msgtype6_modexpo,
1321         .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1322         .send_cprb = zcrypt_msgtype6_send_cprb,
1323 };
1324 
1325 static struct zcrypt_ops zcrypt_msgtype6_ops = {
1326         .owner = THIS_MODULE,
1327         .name = MSGTYPE06_NAME,
1328         .variant = MSGTYPE06_VARIANT_DEFAULT,
1329         .rsa_modexpo = zcrypt_msgtype6_modexpo,
1330         .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1331         .send_cprb = zcrypt_msgtype6_send_cprb,
1332         .rng = zcrypt_msgtype6_rng,
1333 };
1334 
1335 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1336         .owner = THIS_MODULE,
1337         .name = MSGTYPE06_NAME,
1338         .variant = MSGTYPE06_VARIANT_EP11,
1339         .rsa_modexpo = NULL,
1340         .rsa_modexpo_crt = NULL,
1341         .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1342 };
1343 
1344 void __init zcrypt_msgtype6_init(void)
1345 {
1346         zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1347         zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1348         zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1349 }
1350 
1351 void __exit zcrypt_msgtype6_exit(void)
1352 {
1353         zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1354         zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1355         zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
1356 }

/* [<][>][^][v][top][bottom][index][help] */