1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  zcrypt 2.1.0
4  *
5  *  Copyright IBM Corp. 2001, 2012
6  *  Author(s): Robert Burroughs
7  *	       Eric Rossman (edrossma@us.ibm.com)
8  *
9  *  Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
10  *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
11  *				  Ralph Wuerthner <rwuerthn@de.ibm.com>
12  *  MSGTYPE restruct:		  Holger Dengler <hd@linux.vnet.ibm.com>
13  */
14 
15 #define KMSG_COMPONENT "zcrypt"
16 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
17 
18 #include <linux/module.h>
19 #include <linux/init.h>
20 #include <linux/err.h>
21 #include <linux/delay.h>
22 #include <linux/slab.h>
23 #include <linux/atomic.h>
24 #include <linux/uaccess.h>
25 
26 #include "ap_bus.h"
27 #include "zcrypt_api.h"
28 #include "zcrypt_error.h"
29 #include "zcrypt_msgtype6.h"
30 #include "zcrypt_cca_key.h"
31 
32 #define PCIXCC_MIN_MOD_SIZE_OLD	 64	/*  512 bits	*/
33 #define PCIXCC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply	    */
34 
35 #define CEIL4(x) ((((x)+3)/4)*4)
36 
37 struct response_type {
38 	struct completion work;
39 	int type;
40 };
41 #define PCIXCC_RESPONSE_TYPE_ICA  0
42 #define PCIXCC_RESPONSE_TYPE_XCRB 1
43 #define PCIXCC_RESPONSE_TYPE_EP11 2
44 
45 MODULE_AUTHOR("IBM Corporation");
46 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
47 		   "Copyright IBM Corp. 2001, 2012");
48 MODULE_LICENSE("GPL");
49 
50 /**
51  * CPRB
52  *	  Note that all shorts, ints and longs are little-endian.
53  *	  All pointer fields are 32-bits long, and mean nothing
54  *
55  *	  A request CPRB is followed by a request_parameter_block.
56  *
57  *	  The request (or reply) parameter block is organized thus:
58  *	    function code
59  *	    VUD block
60  *	    key block
61  */
62 struct CPRB {
63 	unsigned short cprb_len;	/* CPRB length			 */
64 	unsigned char cprb_ver_id;	/* CPRB version id.		 */
65 	unsigned char pad_000;		/* Alignment pad byte.		 */
66 	unsigned char srpi_rtcode[4];	/* SRPI return code LELONG	 */
67 	unsigned char srpi_verb;	/* SRPI verb type		 */
68 	unsigned char flags;		/* flags			 */
69 	unsigned char func_id[2];	/* function id			 */
70 	unsigned char checkpoint_flag;	/*				 */
71 	unsigned char resv2;		/* reserved			 */
72 	unsigned short req_parml;	/* request parameter buffer	 */
73 					/* length 16-bit little endian	 */
74 	unsigned char req_parmp[4];	/* request parameter buffer	 *
75 					 * pointer (means nothing: the	 *
76 					 * parameter buffer follows	 *
77 					 * the CPRB).			 */
78 	unsigned char req_datal[4];	/* request data buffer		 */
79 					/* length	  ULELONG	 */
80 	unsigned char req_datap[4];	/* request data buffer		 */
81 					/* pointer			 */
82 	unsigned short rpl_parml;	/* reply  parameter buffer	 */
83 					/* length 16-bit little endian	 */
84 	unsigned char pad_001[2];	/* Alignment pad bytes. ULESHORT */
85 	unsigned char rpl_parmp[4];	/* reply parameter buffer	 *
86 					 * pointer (means nothing: the	 *
87 					 * parameter buffer follows	 *
88 					 * the CPRB).			 */
89 	unsigned char rpl_datal[4];	/* reply data buffer len ULELONG */
90 	unsigned char rpl_datap[4];	/* reply data buffer		 */
91 					/* pointer			 */
92 	unsigned short ccp_rscode;	/* server reason code	ULESHORT */
93 	unsigned short ccp_rtcode;	/* server return code	ULESHORT */
94 	unsigned char repd_parml[2];	/* replied parameter len ULESHORT*/
95 	unsigned char mac_data_len[2];	/* Mac Data Length	ULESHORT */
96 	unsigned char repd_datal[4];	/* replied data length	ULELONG	 */
97 	unsigned char req_pc[2];	/* PC identifier		 */
98 	unsigned char res_origin[8];	/* resource origin		 */
99 	unsigned char mac_value[8];	/* Mac Value			 */
100 	unsigned char logon_id[8];	/* Logon Identifier		 */
101 	unsigned char usage_domain[2];	/* cdx				 */
102 	unsigned char resv3[18];	/* reserved for requestor	 */
103 	unsigned short svr_namel;	/* server name length  ULESHORT	 */
104 	unsigned char svr_name[8];	/* server name			 */
105 } __packed;
106 
107 struct function_and_rules_block {
108 	unsigned char function_code[2];
109 	unsigned short ulen;
110 	unsigned char only_rule[8];
111 } __packed;
112 
113 /**
114  * The following is used to initialize the CPRBX passed to the PCIXCC/CEX2C
115  * card in a type6 message. The 3 fields that must be filled in at execution
116  * time are  req_parml, rpl_parml and usage_domain.
117  * Everything about this interface is ascii/big-endian, since the
118  * device does *not* have 'Intel inside'.
119  *
120  * The CPRBX is followed immediately by the parm block.
121  * The parm block contains:
122  * - function code ('PD' 0x5044 or 'PK' 0x504B)
123  * - rule block (one of:)
124  *   + 0x000A 'PKCS-1.2' (MCL2 'PD')
125  *   + 0x000A 'ZERO-PAD' (MCL2 'PK')
126  *   + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
127  *   + 0x000A 'MRP     ' (MCL3 'PK' or CEX2C 'PK')
128  * - VUD block
129  */
130 static const struct CPRBX static_cprbx = {
131 	.cprb_len	=  0x00DC,
132 	.cprb_ver_id	=  0x02,
133 	.func_id	= {0x54, 0x32},
134 };
135 
speed_idx_cca(int req_type)136 int speed_idx_cca(int req_type)
137 {
138 	switch (req_type) {
139 	case 0x4142:
140 	case 0x4149:
141 	case 0x414D:
142 	case 0x4341:
143 	case 0x4344:
144 	case 0x4354:
145 	case 0x4358:
146 	case 0x444B:
147 	case 0x4558:
148 	case 0x4643:
149 	case 0x4651:
150 	case 0x4C47:
151 	case 0x4C4B:
152 	case 0x4C51:
153 	case 0x4F48:
154 	case 0x504F:
155 	case 0x5053:
156 	case 0x5058:
157 	case 0x5343:
158 	case 0x5344:
159 	case 0x5345:
160 	case 0x5350:
161 		return LOW;
162 	case 0x414B:
163 	case 0x4345:
164 	case 0x4349:
165 	case 0x434D:
166 	case 0x4847:
167 	case 0x4849:
168 	case 0x484D:
169 	case 0x4850:
170 	case 0x4851:
171 	case 0x4954:
172 	case 0x4958:
173 	case 0x4B43:
174 	case 0x4B44:
175 	case 0x4B45:
176 	case 0x4B47:
177 	case 0x4B48:
178 	case 0x4B49:
179 	case 0x4B4E:
180 	case 0x4B50:
181 	case 0x4B52:
182 	case 0x4B54:
183 	case 0x4B58:
184 	case 0x4D50:
185 	case 0x4D53:
186 	case 0x4D56:
187 	case 0x4D58:
188 	case 0x5044:
189 	case 0x5045:
190 	case 0x5046:
191 	case 0x5047:
192 	case 0x5049:
193 	case 0x504B:
194 	case 0x504D:
195 	case 0x5254:
196 	case 0x5347:
197 	case 0x5349:
198 	case 0x534B:
199 	case 0x534D:
200 	case 0x5356:
201 	case 0x5358:
202 	case 0x5443:
203 	case 0x544B:
204 	case 0x5647:
205 		return HIGH;
206 	default:
207 		return MEDIUM;
208 	}
209 }
210 
speed_idx_ep11(int req_type)211 int speed_idx_ep11(int req_type)
212 {
213 	switch (req_type) {
214 	case  1:
215 	case  2:
216 	case 36:
217 	case 37:
218 	case 38:
219 	case 39:
220 	case 40:
221 		return LOW;
222 	case 17:
223 	case 18:
224 	case 19:
225 	case 20:
226 	case 21:
227 	case 22:
228 	case 26:
229 	case 30:
230 	case 31:
231 	case 32:
232 	case 33:
233 	case 34:
234 	case 35:
235 		return HIGH;
236 	default:
237 		return MEDIUM;
238 	}
239 }
240 
241 
242 /**
243  * Convert a ICAMEX message to a type6 MEX message.
244  *
245  * @zq: crypto device pointer
246  * @ap_msg: pointer to AP message
247  * @mex: pointer to user input data
248  *
249  * Returns 0 on success or negative errno value.
250  */
ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue * zq,struct ap_message * ap_msg,struct ica_rsa_modexpo * mex)251 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq,
252 				       struct ap_message *ap_msg,
253 				       struct ica_rsa_modexpo *mex)
254 {
255 	static struct type6_hdr static_type6_hdrX = {
256 		.type		=  0x06,
257 		.offset1	=  0x00000058,
258 		.agent_id	= {'C', 'A',},
259 		.function_code	= {'P', 'K'},
260 	};
261 	static struct function_and_rules_block static_pke_fnr = {
262 		.function_code	= {'P', 'K'},
263 		.ulen		= 10,
264 		.only_rule	= {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
265 	};
266 	struct {
267 		struct type6_hdr hdr;
268 		struct CPRBX cprbx;
269 		struct function_and_rules_block fr;
270 		unsigned short length;
271 		char text[0];
272 	} __packed * msg = ap_msg->message;
273 	int size;
274 
275 	/*
276 	 * The inputdatalength was a selection criteria in the dispatching
277 	 * function zcrypt_rsa_modexpo(). However, make sure the following
278 	 * copy_from_user() never exceeds the allocated buffer space.
279 	 */
280 	if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
281 		return -EINVAL;
282 
283 	/* VUD.ciphertext */
284 	msg->length = mex->inputdatalength + 2;
285 	if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
286 		return -EFAULT;
287 
288 	/* Set up key which is located after the variable length text. */
289 	size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength);
290 	if (size < 0)
291 		return size;
292 	size += sizeof(*msg) + mex->inputdatalength;
293 
294 	/* message header, cprbx and f&r */
295 	msg->hdr = static_type6_hdrX;
296 	msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
297 	msg->hdr.FromCardLen1 = PCIXCC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
298 
299 	msg->cprbx = static_cprbx;
300 	msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
301 	msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
302 
303 	msg->fr = static_pke_fnr;
304 
305 	msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
306 
307 	ap_msg->length = size;
308 	return 0;
309 }
310 
311 /**
312  * Convert a ICACRT message to a type6 CRT message.
313  *
314  * @zq: crypto device pointer
315  * @ap_msg: pointer to AP message
316  * @crt: pointer to user input data
317  *
318  * Returns 0 on success or negative errno value.
319  */
ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue * zq,struct ap_message * ap_msg,struct ica_rsa_modexpo_crt * crt)320 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq,
321 				       struct ap_message *ap_msg,
322 				       struct ica_rsa_modexpo_crt *crt)
323 {
324 	static struct type6_hdr static_type6_hdrX = {
325 		.type		=  0x06,
326 		.offset1	=  0x00000058,
327 		.agent_id	= {'C', 'A',},
328 		.function_code	= {'P', 'D'},
329 	};
330 	static struct function_and_rules_block static_pkd_fnr = {
331 		.function_code	= {'P', 'D'},
332 		.ulen		= 10,
333 		.only_rule	= {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
334 	};
335 
336 	struct {
337 		struct type6_hdr hdr;
338 		struct CPRBX cprbx;
339 		struct function_and_rules_block fr;
340 		unsigned short length;
341 		char text[0];
342 	} __packed * msg = ap_msg->message;
343 	int size;
344 
345 	/*
346 	 * The inputdatalength was a selection criteria in the dispatching
347 	 * function zcrypt_rsa_crt(). However, make sure the following
348 	 * copy_from_user() never exceeds the allocated buffer space.
349 	 */
350 	if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
351 		return -EINVAL;
352 
353 	/* VUD.ciphertext */
354 	msg->length = crt->inputdatalength + 2;
355 	if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
356 		return -EFAULT;
357 
358 	/* Set up key which is located after the variable length text. */
359 	size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
360 	if (size < 0)
361 		return size;
362 	size += sizeof(*msg) + crt->inputdatalength;	/* total size of msg */
363 
364 	/* message header, cprbx and f&r */
365 	msg->hdr = static_type6_hdrX;
366 	msg->hdr.ToCardLen1 = size -  sizeof(msg->hdr);
367 	msg->hdr.FromCardLen1 = PCIXCC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
368 
369 	msg->cprbx = static_cprbx;
370 	msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
371 	msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
372 		size - sizeof(msg->hdr) - sizeof(msg->cprbx);
373 
374 	msg->fr = static_pkd_fnr;
375 
376 	ap_msg->length = size;
377 	return 0;
378 }
379 
380 /**
381  * Convert a XCRB message to a type6 CPRB message.
382  *
383  * @zq: crypto device pointer
384  * @ap_msg: pointer to AP message
385  * @xcRB: pointer to user input data
386  *
387  * Returns 0 on success or -EFAULT, -EINVAL.
388  */
389 struct type86_fmt2_msg {
390 	struct type86_hdr hdr;
391 	struct type86_fmt2_ext fmt2;
392 } __packed;
393 
XCRB_msg_to_type6CPRB_msgX(struct ap_message * ap_msg,struct ica_xcRB * xcRB,unsigned int * fcode,unsigned short ** dom)394 static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg,
395 				      struct ica_xcRB *xcRB,
396 				      unsigned int *fcode,
397 				      unsigned short **dom)
398 {
399 	static struct type6_hdr static_type6_hdrX = {
400 		.type		=  0x06,
401 		.offset1	=  0x00000058,
402 	};
403 	struct {
404 		struct type6_hdr hdr;
405 		struct CPRBX cprbx;
406 	} __packed * msg = ap_msg->message;
407 
408 	int rcblen = CEIL4(xcRB->request_control_blk_length);
409 	int replylen, req_sumlen, resp_sumlen;
410 	char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen;
411 	char *function_code;
412 
413 	if (CEIL4(xcRB->request_control_blk_length) <
414 			xcRB->request_control_blk_length)
415 		return -EINVAL; /* overflow after alignment*/
416 
417 	/* length checks */
418 	ap_msg->length = sizeof(struct type6_hdr) +
419 		CEIL4(xcRB->request_control_blk_length) +
420 		xcRB->request_data_length;
421 	if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE)
422 		return -EINVAL;
423 
424 	/*
425 	 * Overflow check
426 	 * sum must be greater (or equal) than the largest operand
427 	 */
428 	req_sumlen = CEIL4(xcRB->request_control_blk_length) +
429 			xcRB->request_data_length;
430 	if ((CEIL4(xcRB->request_control_blk_length) <=
431 						xcRB->request_data_length) ?
432 		(req_sumlen < xcRB->request_data_length) :
433 		(req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
434 		return -EINVAL;
435 	}
436 
437 	if (CEIL4(xcRB->reply_control_blk_length) <
438 			xcRB->reply_control_blk_length)
439 		return -EINVAL; /* overflow after alignment*/
440 
441 	replylen = sizeof(struct type86_fmt2_msg) +
442 		CEIL4(xcRB->reply_control_blk_length) +
443 		xcRB->reply_data_length;
444 	if (replylen > MSGTYPE06_MAX_MSG_SIZE)
445 		return -EINVAL;
446 
447 	/*
448 	 * Overflow check
449 	 * sum must be greater (or equal) than the largest operand
450 	 */
451 	resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
452 			xcRB->reply_data_length;
453 	if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
454 		(resp_sumlen < xcRB->reply_data_length) :
455 		(resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
456 		return -EINVAL;
457 	}
458 
459 	/* prepare type6 header */
460 	msg->hdr = static_type6_hdrX;
461 	memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
462 	msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
463 	if (xcRB->request_data_length) {
464 		msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
465 		msg->hdr.ToCardLen2 = xcRB->request_data_length;
466 	}
467 	msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
468 	msg->hdr.FromCardLen2 = xcRB->reply_data_length;
469 
470 	/* prepare CPRB */
471 	if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr,
472 		    xcRB->request_control_blk_length))
473 		return -EFAULT;
474 	if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
475 	    xcRB->request_control_blk_length)
476 		return -EINVAL;
477 	function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
478 	memcpy(msg->hdr.function_code, function_code,
479 	       sizeof(msg->hdr.function_code));
480 
481 	*fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
482 	*dom = (unsigned short *)&msg->cprbx.domain;
483 
484 	if (memcmp(function_code, "US", 2) == 0
485 	    || memcmp(function_code, "AU", 2) == 0)
486 		ap_msg->special = 1;
487 	else
488 		ap_msg->special = 0;
489 
490 	/* copy data block */
491 	if (xcRB->request_data_length &&
492 	    copy_from_user(req_data, xcRB->request_data_address,
493 		xcRB->request_data_length))
494 		return -EFAULT;
495 
496 	return 0;
497 }
498 
xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message * ap_msg,struct ep11_urb * xcRB,unsigned int * fcode)499 static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg,
500 				       struct ep11_urb *xcRB,
501 				       unsigned int *fcode)
502 {
503 	unsigned int lfmt;
504 	static struct type6_hdr static_type6_ep11_hdr = {
505 		.type		=  0x06,
506 		.rqid		= {0x00, 0x01},
507 		.function_code	= {0x00, 0x00},
508 		.agent_id[0]	=  0x58,	/* {'X'} */
509 		.agent_id[1]	=  0x43,	/* {'C'} */
510 		.offset1	=  0x00000058,
511 	};
512 
513 	struct {
514 		struct type6_hdr hdr;
515 		struct ep11_cprb cprbx;
516 		unsigned char	pld_tag;	/* fixed value 0x30 */
517 		unsigned char	pld_lenfmt;	/* payload length format */
518 	} __packed * msg = ap_msg->message;
519 
520 	struct pld_hdr {
521 		unsigned char	func_tag;	/* fixed value 0x4 */
522 		unsigned char	func_len;	/* fixed value 0x4 */
523 		unsigned int	func_val;	/* function ID	   */
524 		unsigned char	dom_tag;	/* fixed value 0x4 */
525 		unsigned char	dom_len;	/* fixed value 0x4 */
526 		unsigned int	dom_val;	/* domain id	   */
527 	} __packed * payload_hdr = NULL;
528 
529 	if (CEIL4(xcRB->req_len) < xcRB->req_len)
530 		return -EINVAL; /* overflow after alignment*/
531 
532 	/* length checks */
533 	ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len;
534 	if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
535 				   (sizeof(struct type6_hdr)))
536 		return -EINVAL;
537 
538 	if (CEIL4(xcRB->resp_len) < xcRB->resp_len)
539 		return -EINVAL; /* overflow after alignment*/
540 
541 	if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
542 				    (sizeof(struct type86_fmt2_msg)))
543 		return -EINVAL;
544 
545 	/* prepare type6 header */
546 	msg->hdr = static_type6_ep11_hdr;
547 	msg->hdr.ToCardLen1   = xcRB->req_len;
548 	msg->hdr.FromCardLen1 = xcRB->resp_len;
549 
550 	/* Import CPRB data from the ioctl input parameter */
551 	if (copy_from_user(&(msg->cprbx.cprb_len),
552 			   (char __force __user *)xcRB->req, xcRB->req_len)) {
553 		return -EFAULT;
554 	}
555 
556 	if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
557 		switch (msg->pld_lenfmt & 0x03) {
558 		case 1:
559 			lfmt = 2;
560 			break;
561 		case 2:
562 			lfmt = 3;
563 			break;
564 		default:
565 			return -EINVAL;
566 		}
567 	} else {
568 		lfmt = 1; /* length format #1 */
569 	}
570 	payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
571 	*fcode = payload_hdr->func_val & 0xFFFF;
572 
573 	return 0;
574 }
575 
576 /**
577  * Copy results from a type 86 ICA reply message back to user space.
578  *
579  * @zq: crypto device pointer
580  * @reply: reply AP message.
581  * @data: pointer to user output data
582  * @length: size of user output data
583  *
584  * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
585  */
586 struct type86x_reply {
587 	struct type86_hdr hdr;
588 	struct type86_fmt2_ext fmt2;
589 	struct CPRBX cprbx;
590 	unsigned char pad[4];	/* 4 byte function code/rules block ? */
591 	unsigned short length;
592 	char text[0];
593 } __packed;
594 
595 struct type86_ep11_reply {
596 	struct type86_hdr hdr;
597 	struct type86_fmt2_ext fmt2;
598 	struct ep11_cprb cprbx;
599 } __packed;
600 
convert_type86_ica(struct zcrypt_queue * zq,struct ap_message * reply,char __user * outputdata,unsigned int outputdatalength)601 static int convert_type86_ica(struct zcrypt_queue *zq,
602 			  struct ap_message *reply,
603 			  char __user *outputdata,
604 			  unsigned int outputdatalength)
605 {
606 	static unsigned char static_pad[] = {
607 		0x00, 0x02,
608 		0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
609 		0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
610 		0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
611 		0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
612 		0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
613 		0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
614 		0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
615 		0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
616 		0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
617 		0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
618 		0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
619 		0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
620 		0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
621 		0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
622 		0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
623 		0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
624 		0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
625 		0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
626 		0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
627 		0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
628 		0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
629 		0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
630 		0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
631 		0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
632 		0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
633 		0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
634 		0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
635 		0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
636 		0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
637 		0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
638 		0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
639 		0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
640 	};
641 	struct type86x_reply *msg = reply->message;
642 	unsigned short service_rc, service_rs;
643 	unsigned int reply_len, pad_len;
644 	char *data;
645 
646 	service_rc = msg->cprbx.ccp_rtcode;
647 	if (unlikely(service_rc != 0)) {
648 		service_rs = msg->cprbx.ccp_rscode;
649 		if ((service_rc == 8 && service_rs == 66) ||
650 		    (service_rc == 8 && service_rs == 65) ||
651 		    (service_rc == 8 && service_rs == 72) ||
652 		    (service_rc == 8 && service_rs == 770) ||
653 		    (service_rc == 12 && service_rs == 769)) {
654 			ZCRYPT_DBF(DBF_DEBUG,
655 				   "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
656 				   AP_QID_CARD(zq->queue->qid),
657 				   AP_QID_QUEUE(zq->queue->qid),
658 				   (int) service_rc, (int) service_rs);
659 			return -EINVAL;
660 		}
661 		if (service_rc == 8 && service_rs == 783) {
662 			zq->zcard->min_mod_size =
663 				PCIXCC_MIN_MOD_SIZE_OLD;
664 			ZCRYPT_DBF(DBF_DEBUG,
665 				   "device=%02x.%04x rc/rs=%d/%d => rc=EAGAIN\n",
666 				   AP_QID_CARD(zq->queue->qid),
667 				   AP_QID_QUEUE(zq->queue->qid),
668 				   (int) service_rc, (int) service_rs);
669 			return -EAGAIN;
670 		}
671 		zq->online = 0;
672 		pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
673 		       AP_QID_CARD(zq->queue->qid),
674 		       AP_QID_QUEUE(zq->queue->qid));
675 		ZCRYPT_DBF(DBF_ERR,
676 			   "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
677 			   AP_QID_CARD(zq->queue->qid),
678 			   AP_QID_QUEUE(zq->queue->qid),
679 			   (int) service_rc, (int) service_rs);
680 		return -EAGAIN;	/* repeat the request on a different device. */
681 	}
682 	data = msg->text;
683 	reply_len = msg->length - 2;
684 	if (reply_len > outputdatalength)
685 		return -EINVAL;
686 	/*
687 	 * For all encipher requests, the length of the ciphertext (reply_len)
688 	 * will always equal the modulus length. For MEX decipher requests
689 	 * the output needs to get padded. Minimum pad size is 10.
690 	 *
691 	 * Currently, the cases where padding will be added is for:
692 	 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
693 	 *   ZERO-PAD and CRT is only supported for PKD requests)
694 	 * - PCICC, always
695 	 */
696 	pad_len = outputdatalength - reply_len;
697 	if (pad_len > 0) {
698 		if (pad_len < 10)
699 			return -EINVAL;
700 		/* 'restore' padding left in the PCICC/PCIXCC card. */
701 		if (copy_to_user(outputdata, static_pad, pad_len - 1))
702 			return -EFAULT;
703 		if (put_user(0, outputdata + pad_len - 1))
704 			return -EFAULT;
705 	}
706 	/* Copy the crypto response to user space. */
707 	if (copy_to_user(outputdata + pad_len, data, reply_len))
708 		return -EFAULT;
709 	return 0;
710 }
711 
712 /**
713  * Copy results from a type 86 XCRB reply message back to user space.
714  *
715  * @zq: crypto device pointer
716  * @reply: reply AP message.
717  * @xcRB: pointer to XCRB
718  *
719  * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
720  */
convert_type86_xcrb(struct zcrypt_queue * zq,struct ap_message * reply,struct ica_xcRB * xcRB)721 static int convert_type86_xcrb(struct zcrypt_queue *zq,
722 			       struct ap_message *reply,
723 			       struct ica_xcRB *xcRB)
724 {
725 	struct type86_fmt2_msg *msg = reply->message;
726 	char *data = reply->message;
727 
728 	/* Copy CPRB to user */
729 	if (copy_to_user(xcRB->reply_control_blk_addr,
730 		data + msg->fmt2.offset1, msg->fmt2.count1))
731 		return -EFAULT;
732 	xcRB->reply_control_blk_length = msg->fmt2.count1;
733 
734 	/* Copy data buffer to user */
735 	if (msg->fmt2.count2)
736 		if (copy_to_user(xcRB->reply_data_addr,
737 			data + msg->fmt2.offset2, msg->fmt2.count2))
738 			return -EFAULT;
739 	xcRB->reply_data_length = msg->fmt2.count2;
740 	return 0;
741 }
742 
743 /**
744  * Copy results from a type 86 EP11 XCRB reply message back to user space.
745  *
746  * @zq: crypto device pointer
747  * @reply: reply AP message.
748  * @xcRB: pointer to EP11 user request block
749  *
750  * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
751  */
convert_type86_ep11_xcrb(struct zcrypt_queue * zq,struct ap_message * reply,struct ep11_urb * xcRB)752 static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq,
753 				    struct ap_message *reply,
754 				    struct ep11_urb *xcRB)
755 {
756 	struct type86_fmt2_msg *msg = reply->message;
757 	char *data = reply->message;
758 
759 	if (xcRB->resp_len < msg->fmt2.count1)
760 		return -EINVAL;
761 
762 	/* Copy response CPRB to user */
763 	if (copy_to_user((char __force __user *)xcRB->resp,
764 			 data + msg->fmt2.offset1, msg->fmt2.count1))
765 		return -EFAULT;
766 	xcRB->resp_len = msg->fmt2.count1;
767 	return 0;
768 }
769 
convert_type86_rng(struct zcrypt_queue * zq,struct ap_message * reply,char * buffer)770 static int convert_type86_rng(struct zcrypt_queue *zq,
771 			  struct ap_message *reply,
772 			  char *buffer)
773 {
774 	struct {
775 		struct type86_hdr hdr;
776 		struct type86_fmt2_ext fmt2;
777 		struct CPRBX cprbx;
778 	} __packed * msg = reply->message;
779 	char *data = reply->message;
780 
781 	if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
782 		return -EINVAL;
783 	memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
784 	return msg->fmt2.count2;
785 }
786 
convert_response_ica(struct zcrypt_queue * zq,struct ap_message * reply,char __user * outputdata,unsigned int outputdatalength)787 static int convert_response_ica(struct zcrypt_queue *zq,
788 			    struct ap_message *reply,
789 			    char __user *outputdata,
790 			    unsigned int outputdatalength)
791 {
792 	struct type86x_reply *msg = reply->message;
793 
794 	switch (msg->hdr.type) {
795 	case TYPE82_RSP_CODE:
796 	case TYPE88_RSP_CODE:
797 		return convert_error(zq, reply);
798 	case TYPE86_RSP_CODE:
799 		if (msg->cprbx.ccp_rtcode &&
800 		   (msg->cprbx.ccp_rscode == 0x14f) &&
801 		   (outputdatalength > 256)) {
802 			if (zq->zcard->max_exp_bit_length <= 17) {
803 				zq->zcard->max_exp_bit_length = 17;
804 				return -EAGAIN;
805 			} else
806 				return -EINVAL;
807 		}
808 		if (msg->hdr.reply_code)
809 			return convert_error(zq, reply);
810 		if (msg->cprbx.cprb_ver_id == 0x02)
811 			return convert_type86_ica(zq, reply,
812 						  outputdata, outputdatalength);
813 		/*
814 		 * Fall through, no break, incorrect cprb version is an unknown
815 		 * response
816 		 */
817 	default: /* Unknown response type, this should NEVER EVER happen */
818 		zq->online = 0;
819 		pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
820 		       AP_QID_CARD(zq->queue->qid),
821 		       AP_QID_QUEUE(zq->queue->qid));
822 		ZCRYPT_DBF(DBF_ERR,
823 			   "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
824 			   AP_QID_CARD(zq->queue->qid),
825 			   AP_QID_QUEUE(zq->queue->qid),
826 			   (int) msg->hdr.type);
827 		return -EAGAIN;	/* repeat the request on a different device. */
828 	}
829 }
830 
convert_response_xcrb(struct zcrypt_queue * zq,struct ap_message * reply,struct ica_xcRB * xcRB)831 static int convert_response_xcrb(struct zcrypt_queue *zq,
832 			    struct ap_message *reply,
833 			    struct ica_xcRB *xcRB)
834 {
835 	struct type86x_reply *msg = reply->message;
836 
837 	switch (msg->hdr.type) {
838 	case TYPE82_RSP_CODE:
839 	case TYPE88_RSP_CODE:
840 		xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
841 		return convert_error(zq, reply);
842 	case TYPE86_RSP_CODE:
843 		if (msg->hdr.reply_code) {
844 			memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
845 			return convert_error(zq, reply);
846 		}
847 		if (msg->cprbx.cprb_ver_id == 0x02)
848 			return convert_type86_xcrb(zq, reply, xcRB);
849 		/*
850 		 * Fall through, no break, incorrect cprb version is an unknown
851 		 * response
852 		 */
853 	default: /* Unknown response type, this should NEVER EVER happen */
854 		xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
855 		zq->online = 0;
856 		pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
857 		       AP_QID_CARD(zq->queue->qid),
858 		       AP_QID_QUEUE(zq->queue->qid));
859 		ZCRYPT_DBF(DBF_ERR,
860 			   "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
861 			   AP_QID_CARD(zq->queue->qid),
862 			   AP_QID_QUEUE(zq->queue->qid),
863 			   (int) msg->hdr.type);
864 		return -EAGAIN;	/* repeat the request on a different device. */
865 	}
866 }
867 
convert_response_ep11_xcrb(struct zcrypt_queue * zq,struct ap_message * reply,struct ep11_urb * xcRB)868 static int convert_response_ep11_xcrb(struct zcrypt_queue *zq,
869 	struct ap_message *reply, struct ep11_urb *xcRB)
870 {
871 	struct type86_ep11_reply *msg = reply->message;
872 
873 	switch (msg->hdr.type) {
874 	case TYPE82_RSP_CODE:
875 	case TYPE87_RSP_CODE:
876 		return convert_error(zq, reply);
877 	case TYPE86_RSP_CODE:
878 		if (msg->hdr.reply_code)
879 			return convert_error(zq, reply);
880 		if (msg->cprbx.cprb_ver_id == 0x04)
881 			return convert_type86_ep11_xcrb(zq, reply, xcRB);
882 	/* Fall through, no break, incorrect cprb version is an unknown resp.*/
883 	default: /* Unknown response type, this should NEVER EVER happen */
884 		zq->online = 0;
885 		pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
886 		       AP_QID_CARD(zq->queue->qid),
887 		       AP_QID_QUEUE(zq->queue->qid));
888 		ZCRYPT_DBF(DBF_ERR,
889 			   "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
890 			   AP_QID_CARD(zq->queue->qid),
891 			   AP_QID_QUEUE(zq->queue->qid),
892 			   (int) msg->hdr.type);
893 		return -EAGAIN; /* repeat the request on a different device. */
894 	}
895 }
896 
convert_response_rng(struct zcrypt_queue * zq,struct ap_message * reply,char * data)897 static int convert_response_rng(struct zcrypt_queue *zq,
898 				 struct ap_message *reply,
899 				 char *data)
900 {
901 	struct type86x_reply *msg = reply->message;
902 
903 	switch (msg->hdr.type) {
904 	case TYPE82_RSP_CODE:
905 	case TYPE88_RSP_CODE:
906 		return -EINVAL;
907 	case TYPE86_RSP_CODE:
908 		if (msg->hdr.reply_code)
909 			return -EINVAL;
910 		if (msg->cprbx.cprb_ver_id == 0x02)
911 			return convert_type86_rng(zq, reply, data);
912 		/*
913 		 * Fall through, no break, incorrect cprb version is an unknown
914 		 * response
915 		 */
916 	default: /* Unknown response type, this should NEVER EVER happen */
917 		zq->online = 0;
918 		pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
919 		       AP_QID_CARD(zq->queue->qid),
920 		       AP_QID_QUEUE(zq->queue->qid));
921 		ZCRYPT_DBF(DBF_ERR,
922 			   "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
923 			   AP_QID_CARD(zq->queue->qid),
924 			   AP_QID_QUEUE(zq->queue->qid),
925 			   (int) msg->hdr.type);
926 		return -EAGAIN;	/* repeat the request on a different device. */
927 	}
928 }
929 
930 /**
931  * This function is called from the AP bus code after a crypto request
932  * "msg" has finished with the reply message "reply".
933  * It is called from tasklet context.
934  * @aq: pointer to the AP queue
935  * @msg: pointer to the AP message
936  * @reply: pointer to the AP reply message
937  */
zcrypt_msgtype6_receive(struct ap_queue * aq,struct ap_message * msg,struct ap_message * reply)938 static void zcrypt_msgtype6_receive(struct ap_queue *aq,
939 				  struct ap_message *msg,
940 				  struct ap_message *reply)
941 {
942 	static struct error_hdr error_reply = {
943 		.type = TYPE82_RSP_CODE,
944 		.reply_code = REP82_ERROR_MACHINE_FAILURE,
945 	};
946 	struct response_type *resp_type =
947 		(struct response_type *) msg->private;
948 	struct type86x_reply *t86r;
949 	int length;
950 
951 	/* Copy the reply message to the request message buffer. */
952 	if (!reply)
953 		goto out;	/* ap_msg->rc indicates the error */
954 	t86r = reply->message;
955 	if (t86r->hdr.type == TYPE86_RSP_CODE &&
956 		 t86r->cprbx.cprb_ver_id == 0x02) {
957 		switch (resp_type->type) {
958 		case PCIXCC_RESPONSE_TYPE_ICA:
959 			length = sizeof(struct type86x_reply)
960 				+ t86r->length - 2;
961 			length = min(PCIXCC_MAX_ICA_RESPONSE_SIZE, length);
962 			memcpy(msg->message, reply->message, length);
963 			break;
964 		case PCIXCC_RESPONSE_TYPE_XCRB:
965 			length = t86r->fmt2.offset2 + t86r->fmt2.count2;
966 			length = min(MSGTYPE06_MAX_MSG_SIZE, length);
967 			memcpy(msg->message, reply->message, length);
968 			break;
969 		default:
970 			memcpy(msg->message, &error_reply,
971 			       sizeof(error_reply));
972 		}
973 	} else
974 		memcpy(msg->message, reply->message, sizeof(error_reply));
975 out:
976 	complete(&(resp_type->work));
977 }
978 
979 /**
980  * This function is called from the AP bus code after a crypto request
981  * "msg" has finished with the reply message "reply".
982  * It is called from tasklet context.
983  * @aq: pointer to the AP queue
984  * @msg: pointer to the AP message
985  * @reply: pointer to the AP reply message
986  */
zcrypt_msgtype6_receive_ep11(struct ap_queue * aq,struct ap_message * msg,struct ap_message * reply)987 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
988 					 struct ap_message *msg,
989 					 struct ap_message *reply)
990 {
991 	static struct error_hdr error_reply = {
992 		.type = TYPE82_RSP_CODE,
993 		.reply_code = REP82_ERROR_MACHINE_FAILURE,
994 	};
995 	struct response_type *resp_type =
996 		(struct response_type *)msg->private;
997 	struct type86_ep11_reply *t86r;
998 	int length;
999 
1000 	/* Copy the reply message to the request message buffer. */
1001 	if (!reply)
1002 		goto out;	/* ap_msg->rc indicates the error */
1003 	t86r = reply->message;
1004 	if (t86r->hdr.type == TYPE86_RSP_CODE &&
1005 	    t86r->cprbx.cprb_ver_id == 0x04) {
1006 		switch (resp_type->type) {
1007 		case PCIXCC_RESPONSE_TYPE_EP11:
1008 			length = t86r->fmt2.offset1 + t86r->fmt2.count1;
1009 			length = min(MSGTYPE06_MAX_MSG_SIZE, length);
1010 			memcpy(msg->message, reply->message, length);
1011 			break;
1012 		default:
1013 			memcpy(msg->message, &error_reply, sizeof(error_reply));
1014 		}
1015 	} else {
1016 		memcpy(msg->message, reply->message, sizeof(error_reply));
1017 	}
1018 out:
1019 	complete(&(resp_type->work));
1020 }
1021 
1022 static atomic_t zcrypt_step = ATOMIC_INIT(0);
1023 
1024 /**
1025  * The request distributor calls this function if it picked the PCIXCC/CEX2C
1026  * device to handle a modexpo request.
1027  * @zq: pointer to zcrypt_queue structure that identifies the
1028  *	  PCIXCC/CEX2C device to the request distributor
1029  * @mex: pointer to the modexpo request buffer
1030  */
zcrypt_msgtype6_modexpo(struct zcrypt_queue * zq,struct ica_rsa_modexpo * mex)1031 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1032 				  struct ica_rsa_modexpo *mex)
1033 {
1034 	struct ap_message ap_msg;
1035 	struct response_type resp_type = {
1036 		.type = PCIXCC_RESPONSE_TYPE_ICA,
1037 	};
1038 	int rc;
1039 
1040 	ap_init_message(&ap_msg);
1041 	ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1042 	if (!ap_msg.message)
1043 		return -ENOMEM;
1044 	ap_msg.receive = zcrypt_msgtype6_receive;
1045 	ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1046 				atomic_inc_return(&zcrypt_step);
1047 	ap_msg.private = &resp_type;
1048 	rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex);
1049 	if (rc)
1050 		goto out_free;
1051 	init_completion(&resp_type.work);
1052 	ap_queue_message(zq->queue, &ap_msg);
1053 	rc = wait_for_completion_interruptible(&resp_type.work);
1054 	if (rc == 0) {
1055 		rc = ap_msg.rc;
1056 		if (rc == 0)
1057 			rc = convert_response_ica(zq, &ap_msg,
1058 						  mex->outputdata,
1059 						  mex->outputdatalength);
1060 	} else
1061 		/* Signal pending. */
1062 		ap_cancel_message(zq->queue, &ap_msg);
1063 out_free:
1064 	free_page((unsigned long) ap_msg.message);
1065 	return rc;
1066 }
1067 
1068 /**
1069  * The request distributor calls this function if it picked the PCIXCC/CEX2C
1070  * device to handle a modexpo_crt request.
1071  * @zq: pointer to zcrypt_queue structure that identifies the
1072  *	  PCIXCC/CEX2C device to the request distributor
1073  * @crt: pointer to the modexpoc_crt request buffer
1074  */
zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue * zq,struct ica_rsa_modexpo_crt * crt)1075 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1076 				      struct ica_rsa_modexpo_crt *crt)
1077 {
1078 	struct ap_message ap_msg;
1079 	struct response_type resp_type = {
1080 		.type = PCIXCC_RESPONSE_TYPE_ICA,
1081 	};
1082 	int rc;
1083 
1084 	ap_init_message(&ap_msg);
1085 	ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1086 	if (!ap_msg.message)
1087 		return -ENOMEM;
1088 	ap_msg.receive = zcrypt_msgtype6_receive;
1089 	ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1090 				atomic_inc_return(&zcrypt_step);
1091 	ap_msg.private = &resp_type;
1092 	rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt);
1093 	if (rc)
1094 		goto out_free;
1095 	init_completion(&resp_type.work);
1096 	ap_queue_message(zq->queue, &ap_msg);
1097 	rc = wait_for_completion_interruptible(&resp_type.work);
1098 	if (rc == 0) {
1099 		rc = ap_msg.rc;
1100 		if (rc == 0)
1101 			rc = convert_response_ica(zq, &ap_msg,
1102 						  crt->outputdata,
1103 						  crt->outputdatalength);
1104 	} else {
1105 		/* Signal pending. */
1106 		ap_cancel_message(zq->queue, &ap_msg);
1107 	}
1108 out_free:
1109 	free_page((unsigned long) ap_msg.message);
1110 	return rc;
1111 }
1112 
1113 /**
1114  * Fetch function code from cprb.
1115  * Extracting the fc requires to copy the cprb from userspace.
1116  * So this function allocates memory and needs an ap_msg prepared
1117  * by the caller with ap_init_message(). Also the caller has to
1118  * make sure ap_release_message() is always called even on failure.
1119  */
get_cprb_fc(struct ica_xcRB * xcRB,struct ap_message * ap_msg,unsigned int * func_code,unsigned short ** dom)1120 unsigned int get_cprb_fc(struct ica_xcRB *xcRB,
1121 				struct ap_message *ap_msg,
1122 				unsigned int *func_code, unsigned short **dom)
1123 {
1124 	struct response_type resp_type = {
1125 		.type = PCIXCC_RESPONSE_TYPE_XCRB,
1126 	};
1127 
1128 	ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1129 	if (!ap_msg->message)
1130 		return -ENOMEM;
1131 	ap_msg->receive = zcrypt_msgtype6_receive;
1132 	ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1133 				atomic_inc_return(&zcrypt_step);
1134 	ap_msg->private = kmalloc(sizeof(resp_type), GFP_KERNEL);
1135 	if (!ap_msg->private)
1136 		return -ENOMEM;
1137 	memcpy(ap_msg->private, &resp_type, sizeof(resp_type));
1138 	return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom);
1139 }
1140 
1141 /**
1142  * The request distributor calls this function if it picked the PCIXCC/CEX2C
1143  * device to handle a send_cprb request.
1144  * @zq: pointer to zcrypt_queue structure that identifies the
1145  *	  PCIXCC/CEX2C device to the request distributor
1146  * @xcRB: pointer to the send_cprb request buffer
1147  */
zcrypt_msgtype6_send_cprb(struct zcrypt_queue * zq,struct ica_xcRB * xcRB,struct ap_message * ap_msg)1148 static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq,
1149 				    struct ica_xcRB *xcRB,
1150 				    struct ap_message *ap_msg)
1151 {
1152 	int rc;
1153 	struct response_type *rtype = (struct response_type *)(ap_msg->private);
1154 
1155 	init_completion(&rtype->work);
1156 	ap_queue_message(zq->queue, ap_msg);
1157 	rc = wait_for_completion_interruptible(&rtype->work);
1158 	if (rc == 0) {
1159 		rc = ap_msg->rc;
1160 		if (rc == 0)
1161 			rc = convert_response_xcrb(zq, ap_msg, xcRB);
1162 	} else
1163 		/* Signal pending. */
1164 		ap_cancel_message(zq->queue, ap_msg);
1165 
1166 	return rc;
1167 }
1168 
1169 /**
1170  * Fetch function code from ep11 cprb.
1171  * Extracting the fc requires to copy the ep11 cprb from userspace.
1172  * So this function allocates memory and needs an ap_msg prepared
1173  * by the caller with ap_init_message(). Also the caller has to
1174  * make sure ap_release_message() is always called even on failure.
1175  */
get_ep11cprb_fc(struct ep11_urb * xcrb,struct ap_message * ap_msg,unsigned int * func_code)1176 unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb,
1177 				    struct ap_message *ap_msg,
1178 				    unsigned int *func_code)
1179 {
1180 	struct response_type resp_type = {
1181 		.type = PCIXCC_RESPONSE_TYPE_EP11,
1182 	};
1183 
1184 	ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1185 	if (!ap_msg->message)
1186 		return -ENOMEM;
1187 	ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1188 	ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1189 				atomic_inc_return(&zcrypt_step);
1190 	ap_msg->private = kmalloc(sizeof(resp_type), GFP_KERNEL);
1191 	if (!ap_msg->private)
1192 		return -ENOMEM;
1193 	memcpy(ap_msg->private, &resp_type, sizeof(resp_type));
1194 	return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code);
1195 }
1196 
1197 /**
1198  * The request distributor calls this function if it picked the CEX4P
1199  * device to handle a send_ep11_cprb request.
1200  * @zq: pointer to zcrypt_queue structure that identifies the
1201  *	  CEX4P device to the request distributor
1202  * @xcRB: pointer to the ep11 user request block
1203  */
zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue * zq,struct ep11_urb * xcrb,struct ap_message * ap_msg)1204 static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq,
1205 					   struct ep11_urb *xcrb,
1206 					   struct ap_message *ap_msg)
1207 {
1208 	int rc;
1209 	unsigned int lfmt;
1210 	struct response_type *rtype = (struct response_type *)(ap_msg->private);
1211 	struct {
1212 		struct type6_hdr hdr;
1213 		struct ep11_cprb cprbx;
1214 		unsigned char	pld_tag;	/* fixed value 0x30 */
1215 		unsigned char	pld_lenfmt;	/* payload length format */
1216 	} __packed * msg = ap_msg->message;
1217 	struct pld_hdr {
1218 		unsigned char	func_tag;	/* fixed value 0x4 */
1219 		unsigned char	func_len;	/* fixed value 0x4 */
1220 		unsigned int	func_val;	/* function ID	   */
1221 		unsigned char	dom_tag;	/* fixed value 0x4 */
1222 		unsigned char	dom_len;	/* fixed value 0x4 */
1223 		unsigned int	dom_val;	/* domain id	   */
1224 	} __packed * payload_hdr = NULL;
1225 
1226 
1227 	/**
1228 	 * The target domain field within the cprb body/payload block will be
1229 	 * replaced by the usage domain for non-management commands only.
1230 	 * Therefore we check the first bit of the 'flags' parameter for
1231 	 * management command indication.
1232 	 *   0 - non management command
1233 	 *   1 - management command
1234 	 */
1235 	if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1236 		msg->cprbx.target_id = (unsigned int)
1237 					AP_QID_QUEUE(zq->queue->qid);
1238 
1239 		if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1240 			switch (msg->pld_lenfmt & 0x03) {
1241 			case 1:
1242 				lfmt = 2;
1243 				break;
1244 			case 2:
1245 				lfmt = 3;
1246 				break;
1247 			default:
1248 				return -EINVAL;
1249 			}
1250 		} else {
1251 			lfmt = 1; /* length format #1 */
1252 		}
1253 		payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
1254 		payload_hdr->dom_val = (unsigned int)
1255 					AP_QID_QUEUE(zq->queue->qid);
1256 	}
1257 
1258 	init_completion(&rtype->work);
1259 	ap_queue_message(zq->queue, ap_msg);
1260 	rc = wait_for_completion_interruptible(&rtype->work);
1261 	if (rc == 0) {
1262 		rc = ap_msg->rc;
1263 		if (rc == 0)
1264 			rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb);
1265 	} else
1266 		/* Signal pending. */
1267 		ap_cancel_message(zq->queue, ap_msg);
1268 
1269 	return rc;
1270 }
1271 
get_rng_fc(struct ap_message * ap_msg,int * func_code,unsigned int * domain)1272 unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code,
1273 						   unsigned int *domain)
1274 {
1275 	struct response_type resp_type = {
1276 		.type = PCIXCC_RESPONSE_TYPE_XCRB,
1277 	};
1278 
1279 	ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1280 	if (!ap_msg->message)
1281 		return -ENOMEM;
1282 	ap_msg->receive = zcrypt_msgtype6_receive;
1283 	ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1284 				atomic_inc_return(&zcrypt_step);
1285 	ap_msg->private = kmalloc(sizeof(resp_type), GFP_KERNEL);
1286 	if (!ap_msg->private)
1287 		return -ENOMEM;
1288 	memcpy(ap_msg->private, &resp_type, sizeof(resp_type));
1289 
1290 	rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1291 
1292 	*func_code = HWRNG;
1293 	return 0;
1294 }
1295 
1296 /**
1297  * The request distributor calls this function if it picked the PCIXCC/CEX2C
1298  * device to generate random data.
1299  * @zq: pointer to zcrypt_queue structure that identifies the
1300  *	  PCIXCC/CEX2C device to the request distributor
1301  * @buffer: pointer to a memory page to return random data
1302  */
zcrypt_msgtype6_rng(struct zcrypt_queue * zq,char * buffer,struct ap_message * ap_msg)1303 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1304 				char *buffer, struct ap_message *ap_msg)
1305 {
1306 	struct {
1307 		struct type6_hdr hdr;
1308 		struct CPRBX cprbx;
1309 		char function_code[2];
1310 		short int rule_length;
1311 		char rule[8];
1312 		short int verb_length;
1313 		short int key_length;
1314 	} __packed * msg = ap_msg->message;
1315 	struct response_type *rtype = (struct response_type *)(ap_msg->private);
1316 	int rc;
1317 
1318 	msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1319 
1320 	init_completion(&rtype->work);
1321 	ap_queue_message(zq->queue, ap_msg);
1322 	rc = wait_for_completion_interruptible(&rtype->work);
1323 	if (rc == 0) {
1324 		rc = ap_msg->rc;
1325 		if (rc == 0)
1326 			rc = convert_response_rng(zq, ap_msg, buffer);
1327 	} else
1328 		/* Signal pending. */
1329 		ap_cancel_message(zq->queue, ap_msg);
1330 
1331 	return rc;
1332 }
1333 
1334 /**
1335  * The crypto operations for a PCIXCC/CEX2C card.
1336  */
1337 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1338 	.owner = THIS_MODULE,
1339 	.name = MSGTYPE06_NAME,
1340 	.variant = MSGTYPE06_VARIANT_NORNG,
1341 	.rsa_modexpo = zcrypt_msgtype6_modexpo,
1342 	.rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1343 	.send_cprb = zcrypt_msgtype6_send_cprb,
1344 };
1345 
1346 static struct zcrypt_ops zcrypt_msgtype6_ops = {
1347 	.owner = THIS_MODULE,
1348 	.name = MSGTYPE06_NAME,
1349 	.variant = MSGTYPE06_VARIANT_DEFAULT,
1350 	.rsa_modexpo = zcrypt_msgtype6_modexpo,
1351 	.rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1352 	.send_cprb = zcrypt_msgtype6_send_cprb,
1353 	.rng = zcrypt_msgtype6_rng,
1354 };
1355 
1356 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1357 	.owner = THIS_MODULE,
1358 	.name = MSGTYPE06_NAME,
1359 	.variant = MSGTYPE06_VARIANT_EP11,
1360 	.rsa_modexpo = NULL,
1361 	.rsa_modexpo_crt = NULL,
1362 	.send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1363 };
1364 
zcrypt_msgtype6_init(void)1365 void __init zcrypt_msgtype6_init(void)
1366 {
1367 	zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1368 	zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1369 	zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1370 }
1371 
zcrypt_msgtype6_exit(void)1372 void __exit zcrypt_msgtype6_exit(void)
1373 {
1374 	zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1375 	zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1376 	zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
1377 }
1378