LXR linux/drivers/s390/crypto/zcrypt

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 *  Copyright IBM Corp. 2001, 2012
   4 *  Author(s): Robert Burroughs
   5 *             Eric Rossman (edrossma@us.ibm.com)
   6 *
   7 *  Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
   8 *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
   9 *                                Ralph Wuerthner <rwuerthn@de.ibm.com>
  10 *  MSGTYPE restruct:             Holger Dengler <hd@linux.vnet.ibm.com>
  11 */
  12
  13#define KMSG_COMPONENT "zcrypt"
  14#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
  15
  16#include <linux/module.h>
  17#include <linux/init.h>
  18#include <linux/err.h>
  19#include <linux/delay.h>
  20#include <linux/slab.h>
  21#include <linux/atomic.h>
  22#include <linux/uaccess.h>
  23
  24#include "ap_bus.h"
  25#include "zcrypt_api.h"
  26#include "zcrypt_error.h"
  27#include "zcrypt_msgtype6.h"
  28#include "zcrypt_cca_key.h"
  29
  30#define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply       */
  31
  32#define CEIL4(x) ((((x)+3)/4)*4)
  33
  34struct response_type {
  35        struct completion work;
  36        int type;
  37};
  38#define CEXXC_RESPONSE_TYPE_ICA  0
  39#define CEXXC_RESPONSE_TYPE_XCRB 1
  40#define CEXXC_RESPONSE_TYPE_EP11 2
  41
  42MODULE_AUTHOR("IBM Corporation");
  43MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
  44                   "Copyright IBM Corp. 2001, 2012");
  45MODULE_LICENSE("GPL");
  46
  47/**
  48 * CPRB
  49 *        Note that all shorts, ints and longs are little-endian.
  50 *        All pointer fields are 32-bits long, and mean nothing
  51 *
  52 *        A request CPRB is followed by a request_parameter_block.
  53 *
  54 *        The request (or reply) parameter block is organized thus:
  55 *          function code
  56 *          VUD block
  57 *          key block
  58 */
  59struct CPRB {
  60        unsigned short cprb_len;        /* CPRB length                   */
  61        unsigned char cprb_ver_id;      /* CPRB version id.              */
  62        unsigned char pad_000;          /* Alignment pad byte.           */
  63        unsigned char srpi_rtcode[4];   /* SRPI return code LELONG       */
  64        unsigned char srpi_verb;        /* SRPI verb type                */
  65        unsigned char flags;            /* flags                         */
  66        unsigned char func_id[2];       /* function id                   */
  67        unsigned char checkpoint_flag;  /*                               */
  68        unsigned char resv2;            /* reserved                      */
  69        unsigned short req_parml;       /* request parameter buffer      */
  70                                        /* length 16-bit little endian   */
  71        unsigned char req_parmp[4];     /* request parameter buffer      *
  72                                         * pointer (means nothing: the   *
  73                                         * parameter buffer follows      *
  74                                         * the CPRB).                    */
  75        unsigned char req_datal[4];     /* request data buffer           */
  76                                        /* length         ULELONG        */
  77        unsigned char req_datap[4];     /* request data buffer           */
  78                                        /* pointer                       */
  79        unsigned short rpl_parml;       /* reply  parameter buffer       */
  80                                        /* length 16-bit little endian   */
  81        unsigned char pad_001[2];       /* Alignment pad bytes. ULESHORT */
  82        unsigned char rpl_parmp[4];     /* reply parameter buffer        *
  83                                         * pointer (means nothing: the   *
  84                                         * parameter buffer follows      *
  85                                         * the CPRB).                    */
  86        unsigned char rpl_datal[4];     /* reply data buffer len ULELONG */
  87        unsigned char rpl_datap[4];     /* reply data buffer             */
  88                                        /* pointer                       */
  89        unsigned short ccp_rscode;      /* server reason code   ULESHORT */
  90        unsigned short ccp_rtcode;      /* server return code   ULESHORT */
  91        unsigned char repd_parml[2];    /* replied parameter len ULESHORT*/
  92        unsigned char mac_data_len[2];  /* Mac Data Length      ULESHORT */
  93        unsigned char repd_datal[4];    /* replied data length  ULELONG  */
  94        unsigned char req_pc[2];        /* PC identifier                 */
  95        unsigned char res_origin[8];    /* resource origin               */
  96        unsigned char mac_value[8];     /* Mac Value                     */
  97        unsigned char logon_id[8];      /* Logon Identifier              */
  98        unsigned char usage_domain[2];  /* cdx                           */
  99        unsigned char resv3[18];        /* reserved for requestor        */
 100        unsigned short svr_namel;       /* server name length  ULESHORT  */
 101        unsigned char svr_name[8];      /* server name                   */
 102} __packed;
 103
 104struct function_and_rules_block {
 105        unsigned char function_code[2];
 106        unsigned short ulen;
 107        unsigned char only_rule[8];
 108} __packed;
 109
 110/**
 111 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP
 112 * card in a type6 message. The 3 fields that must be filled in at execution
 113 * time are  req_parml, rpl_parml and usage_domain.
 114 * Everything about this interface is ascii/big-endian, since the
 115 * device does *not* have 'Intel inside'.
 116 *
 117 * The CPRBX is followed immediately by the parm block.
 118 * The parm block contains:
 119 * - function code ('PD' 0x5044 or 'PK' 0x504B)
 120 * - rule block (one of:)
 121 *   + 0x000A 'PKCS-1.2' (MCL2 'PD')
 122 *   + 0x000A 'ZERO-PAD' (MCL2 'PK')
 123 *   + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
 124 *   + 0x000A 'MRP     ' (MCL3 'PK' or CEX2C 'PK')
 125 * - VUD block
 126 */
 127static const struct CPRBX static_cprbx = {
 128        .cprb_len       =  0x00DC,
 129        .cprb_ver_id    =  0x02,
 130        .func_id        = {0x54, 0x32},
 131};
 132
 133int speed_idx_cca(int req_type)
 134{
 135        switch (req_type) {
 136        case 0x4142:
 137        case 0x4149:
 138        case 0x414D:
 139        case 0x4341:
 140        case 0x4344:
 141        case 0x4354:
 142        case 0x4358:
 143        case 0x444B:
 144        case 0x4558:
 145        case 0x4643:
 146        case 0x4651:
 147        case 0x4C47:
 148        case 0x4C4B:
 149        case 0x4C51:
 150        case 0x4F48:
 151        case 0x504F:
 152        case 0x5053:
 153        case 0x5058:
 154        case 0x5343:
 155        case 0x5344:
 156        case 0x5345:
 157        case 0x5350:
 158                return LOW;
 159        case 0x414B:
 160        case 0x4345:
 161        case 0x4349:
 162        case 0x434D:
 163        case 0x4847:
 164        case 0x4849:
 165        case 0x484D:
 166        case 0x4850:
 167        case 0x4851:
 168        case 0x4954:
 169        case 0x4958:
 170        case 0x4B43:
 171        case 0x4B44:
 172        case 0x4B45:
 173        case 0x4B47:
 174        case 0x4B48:
 175        case 0x4B49:
 176        case 0x4B4E:
 177        case 0x4B50:
 178        case 0x4B52:
 179        case 0x4B54:
 180        case 0x4B58:
 181        case 0x4D50:
 182        case 0x4D53:
 183        case 0x4D56:
 184        case 0x4D58:
 185        case 0x5044:
 186        case 0x5045:
 187        case 0x5046:
 188        case 0x5047:
 189        case 0x5049:
 190        case 0x504B:
 191        case 0x504D:
 192        case 0x5254:
 193        case 0x5347:
 194        case 0x5349:
 195        case 0x534B:
 196        case 0x534D:
 197        case 0x5356:
 198        case 0x5358:
 199        case 0x5443:
 200        case 0x544B:
 201        case 0x5647:
 202                return HIGH;
 203        default:
 204                return MEDIUM;
 205        }
 206}
 207
 208int speed_idx_ep11(int req_type)
 209{
 210        switch (req_type) {
 211        case  1:
 212        case  2:
 213        case 36:
 214        case 37:
 215        case 38:
 216        case 39:
 217        case 40:
 218                return LOW;
 219        case 17:
 220        case 18:
 221        case 19:
 222        case 20:
 223        case 21:
 224        case 22:
 225        case 26:
 226        case 30:
 227        case 31:
 228        case 32:
 229        case 33:
 230        case 34:
 231        case 35:
 232                return HIGH;
 233        default:
 234                return MEDIUM;
 235        }
 236}
 237
 238
 239/**
 240 * Convert a ICAMEX message to a type6 MEX message.
 241 *
 242 * @zq: crypto device pointer
 243 * @ap_msg: pointer to AP message
 244 * @mex: pointer to user input data
 245 *
 246 * Returns 0 on success or negative errno value.
 247 */
 248static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq,
 249                                       struct ap_message *ap_msg,
 250                                       struct ica_rsa_modexpo *mex)
 251{
 252        static struct type6_hdr static_type6_hdrX = {
 253                .type           =  0x06,
 254                .offset1        =  0x00000058,
 255                .agent_id       = {'C', 'A',},
 256                .function_code  = {'P', 'K'},
 257        };
 258        static struct function_and_rules_block static_pke_fnr = {
 259                .function_code  = {'P', 'K'},
 260                .ulen           = 10,
 261                .only_rule      = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
 262        };
 263        struct {
 264                struct type6_hdr hdr;
 265                struct CPRBX cprbx;
 266                struct function_and_rules_block fr;
 267                unsigned short length;
 268                char text[0];
 269        } __packed * msg = ap_msg->message;
 270        int size;
 271
 272        /*
 273         * The inputdatalength was a selection criteria in the dispatching
 274         * function zcrypt_rsa_modexpo(). However, make sure the following
 275         * copy_from_user() never exceeds the allocated buffer space.
 276         */
 277        if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
 278                return -EINVAL;
 279
 280        /* VUD.ciphertext */
 281        msg->length = mex->inputdatalength + 2;
 282        if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
 283                return -EFAULT;
 284
 285        /* Set up key which is located after the variable length text. */
 286        size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength);
 287        if (size < 0)
 288                return size;
 289        size += sizeof(*msg) + mex->inputdatalength;
 290
 291        /* message header, cprbx and f&r */
 292        msg->hdr = static_type6_hdrX;
 293        msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
 294        msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
 295
 296        msg->cprbx = static_cprbx;
 297        msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
 298        msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
 299
 300        msg->fr = static_pke_fnr;
 301
 302        msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
 303
 304        ap_msg->length = size;
 305        return 0;
 306}
 307
 308/**
 309 * Convert a ICACRT message to a type6 CRT message.
 310 *
 311 * @zq: crypto device pointer
 312 * @ap_msg: pointer to AP message
 313 * @crt: pointer to user input data
 314 *
 315 * Returns 0 on success or negative errno value.
 316 */
 317static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq,
 318                                       struct ap_message *ap_msg,
 319                                       struct ica_rsa_modexpo_crt *crt)
 320{
 321        static struct type6_hdr static_type6_hdrX = {
 322                .type           =  0x06,
 323                .offset1        =  0x00000058,
 324                .agent_id       = {'C', 'A',},
 325                .function_code  = {'P', 'D'},
 326        };
 327        static struct function_and_rules_block static_pkd_fnr = {
 328                .function_code  = {'P', 'D'},
 329                .ulen           = 10,
 330                .only_rule      = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
 331        };
 332
 333        struct {
 334                struct type6_hdr hdr;
 335                struct CPRBX cprbx;
 336                struct function_and_rules_block fr;
 337                unsigned short length;
 338                char text[0];
 339        } __packed * msg = ap_msg->message;
 340        int size;
 341
 342        /*
 343         * The inputdatalength was a selection criteria in the dispatching
 344         * function zcrypt_rsa_crt(). However, make sure the following
 345         * copy_from_user() never exceeds the allocated buffer space.
 346         */
 347        if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
 348                return -EINVAL;
 349
 350        /* VUD.ciphertext */
 351        msg->length = crt->inputdatalength + 2;
 352        if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
 353                return -EFAULT;
 354
 355        /* Set up key which is located after the variable length text. */
 356        size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
 357        if (size < 0)
 358                return size;
 359        size += sizeof(*msg) + crt->inputdatalength;    /* total size of msg */
 360
 361        /* message header, cprbx and f&r */
 362        msg->hdr = static_type6_hdrX;
 363        msg->hdr.ToCardLen1 = size -  sizeof(msg->hdr);
 364        msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
 365
 366        msg->cprbx = static_cprbx;
 367        msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
 368        msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
 369                size - sizeof(msg->hdr) - sizeof(msg->cprbx);
 370
 371        msg->fr = static_pkd_fnr;
 372
 373        ap_msg->length = size;
 374        return 0;
 375}
 376
 377/**
 378 * Convert a XCRB message to a type6 CPRB message.
 379 *
 380 * @zq: crypto device pointer
 381 * @ap_msg: pointer to AP message
 382 * @xcRB: pointer to user input data
 383 *
 384 * Returns 0 on success or -EFAULT, -EINVAL.
 385 */
 386struct type86_fmt2_msg {
 387        struct type86_hdr hdr;
 388        struct type86_fmt2_ext fmt2;
 389} __packed;
 390
 391static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg,
 392                                      struct ica_xcRB *xcRB,
 393                                      unsigned int *fcode,
 394                                      unsigned short **dom)
 395{
 396        static struct type6_hdr static_type6_hdrX = {
 397                .type           =  0x06,
 398                .offset1        =  0x00000058,
 399        };
 400        struct {
 401                struct type6_hdr hdr;
 402                struct CPRBX cprbx;
 403        } __packed * msg = ap_msg->message;
 404
 405        int rcblen = CEIL4(xcRB->request_control_blk_length);
 406        int replylen, req_sumlen, resp_sumlen;
 407        char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen;
 408        char *function_code;
 409
 410        if (CEIL4(xcRB->request_control_blk_length) <
 411                        xcRB->request_control_blk_length)
 412                return -EINVAL; /* overflow after alignment*/
 413
 414        /* length checks */
 415        ap_msg->length = sizeof(struct type6_hdr) +
 416                CEIL4(xcRB->request_control_blk_length) +
 417                xcRB->request_data_length;
 418        if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE)
 419                return -EINVAL;
 420
 421        /*
 422         * Overflow check
 423         * sum must be greater (or equal) than the largest operand
 424         */
 425        req_sumlen = CEIL4(xcRB->request_control_blk_length) +
 426                        xcRB->request_data_length;
 427        if ((CEIL4(xcRB->request_control_blk_length) <=
 428                                                xcRB->request_data_length) ?
 429                (req_sumlen < xcRB->request_data_length) :
 430                (req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
 431                return -EINVAL;
 432        }
 433
 434        if (CEIL4(xcRB->reply_control_blk_length) <
 435                        xcRB->reply_control_blk_length)
 436                return -EINVAL; /* overflow after alignment*/
 437
 438        replylen = sizeof(struct type86_fmt2_msg) +
 439                CEIL4(xcRB->reply_control_blk_length) +
 440                xcRB->reply_data_length;
 441        if (replylen > MSGTYPE06_MAX_MSG_SIZE)
 442                return -EINVAL;
 443
 444        /*
 445         * Overflow check
 446         * sum must be greater (or equal) than the largest operand
 447         */
 448        resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
 449                        xcRB->reply_data_length;
 450        if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
 451                (resp_sumlen < xcRB->reply_data_length) :
 452                (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
 453                return -EINVAL;
 454        }
 455
 456        /* prepare type6 header */
 457        msg->hdr = static_type6_hdrX;
 458        memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
 459        msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
 460        if (xcRB->request_data_length) {
 461                msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
 462                msg->hdr.ToCardLen2 = xcRB->request_data_length;
 463        }
 464        msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
 465        msg->hdr.FromCardLen2 = xcRB->reply_data_length;
 466
 467        /* prepare CPRB */
 468        if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr,
 469                    xcRB->request_control_blk_length))
 470                return -EFAULT;
 471        if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
 472            xcRB->request_control_blk_length)
 473                return -EINVAL;
 474        function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
 475        memcpy(msg->hdr.function_code, function_code,
 476               sizeof(msg->hdr.function_code));
 477
 478        *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
 479        *dom = (unsigned short *)&msg->cprbx.domain;
 480
 481        if (memcmp(function_code, "US", 2) == 0
 482            || memcmp(function_code, "AU", 2) == 0)
 483                ap_msg->special = 1;
 484        else
 485                ap_msg->special = 0;
 486
 487        /* copy data block */
 488        if (xcRB->request_data_length &&
 489            copy_from_user(req_data, xcRB->request_data_address,
 490                xcRB->request_data_length))
 491                return -EFAULT;
 492
 493        return 0;
 494}
 495
 496static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg,
 497                                       struct ep11_urb *xcRB,
 498                                       unsigned int *fcode)
 499{
 500        unsigned int lfmt;
 501        static struct type6_hdr static_type6_ep11_hdr = {
 502                .type           =  0x06,
 503                .rqid           = {0x00, 0x01},
 504                .function_code  = {0x00, 0x00},
 505                .agent_id[0]    =  0x58,        /* {'X'} */
 506                .agent_id[1]    =  0x43,        /* {'C'} */
 507                .offset1        =  0x00000058,
 508        };
 509
 510        struct {
 511                struct type6_hdr hdr;
 512                struct ep11_cprb cprbx;
 513                unsigned char   pld_tag;        /* fixed value 0x30 */
 514                unsigned char   pld_lenfmt;     /* payload length format */
 515        } __packed * msg = ap_msg->message;
 516
 517        struct pld_hdr {
 518                unsigned char   func_tag;       /* fixed value 0x4 */
 519                unsigned char   func_len;       /* fixed value 0x4 */
 520                unsigned int    func_val;       /* function ID     */
 521                unsigned char   dom_tag;        /* fixed value 0x4 */
 522                unsigned char   dom_len;        /* fixed value 0x4 */
 523                unsigned int    dom_val;        /* domain id       */
 524        } __packed * payload_hdr = NULL;
 525
 526        if (CEIL4(xcRB->req_len) < xcRB->req_len)
 527                return -EINVAL; /* overflow after alignment*/
 528
 529        /* length checks */
 530        ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len;
 531        if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
 532                                   (sizeof(struct type6_hdr)))
 533                return -EINVAL;
 534
 535        if (CEIL4(xcRB->resp_len) < xcRB->resp_len)
 536                return -EINVAL; /* overflow after alignment*/
 537
 538        if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
 539                                    (sizeof(struct type86_fmt2_msg)))
 540                return -EINVAL;
 541
 542        /* prepare type6 header */
 543        msg->hdr = static_type6_ep11_hdr;
 544        msg->hdr.ToCardLen1   = xcRB->req_len;
 545        msg->hdr.FromCardLen1 = xcRB->resp_len;
 546
 547        /* Import CPRB data from the ioctl input parameter */
 548        if (copy_from_user(&(msg->cprbx.cprb_len),
 549                           (char __force __user *)xcRB->req, xcRB->req_len)) {
 550                return -EFAULT;
 551        }
 552
 553        if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
 554                switch (msg->pld_lenfmt & 0x03) {
 555                case 1:
 556                        lfmt = 2;
 557                        break;
 558                case 2:
 559                        lfmt = 3;
 560                        break;
 561                default:
 562                        return -EINVAL;
 563                }
 564        } else {
 565                lfmt = 1; /* length format #1 */
 566        }
 567        payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
 568        *fcode = payload_hdr->func_val & 0xFFFF;
 569
 570        return 0;
 571}
 572
 573/**
 574 * Copy results from a type 86 ICA reply message back to user space.
 575 *
 576 * @zq: crypto device pointer
 577 * @reply: reply AP message.
 578 * @data: pointer to user output data
 579 * @length: size of user output data
 580 *
 581 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 582 */
 583struct type86x_reply {
 584        struct type86_hdr hdr;
 585        struct type86_fmt2_ext fmt2;
 586        struct CPRBX cprbx;
 587        unsigned char pad[4];   /* 4 byte function code/rules block ? */
 588        unsigned short length;
 589        char text[0];
 590} __packed;
 591
 592struct type86_ep11_reply {
 593        struct type86_hdr hdr;
 594        struct type86_fmt2_ext fmt2;
 595        struct ep11_cprb cprbx;
 596} __packed;
 597
 598static int convert_type86_ica(struct zcrypt_queue *zq,
 599                          struct ap_message *reply,
 600                          char __user *outputdata,
 601                          unsigned int outputdatalength)
 602{
 603        static unsigned char static_pad[] = {
 604                0x00, 0x02,
 605                0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
 606                0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
 607                0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
 608                0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
 609                0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
 610                0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
 611                0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
 612                0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
 613                0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
 614                0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
 615                0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
 616                0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
 617                0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
 618                0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
 619                0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
 620                0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
 621                0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
 622                0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
 623                0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
 624                0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
 625                0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
 626                0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
 627                0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
 628                0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
 629                0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
 630                0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
 631                0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
 632                0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
 633                0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
 634                0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
 635                0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
 636                0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
 637        };
 638        struct type86x_reply *msg = reply->message;
 639        unsigned short service_rc, service_rs;
 640        unsigned int reply_len, pad_len;
 641        char *data;
 642
 643        service_rc = msg->cprbx.ccp_rtcode;
 644        if (unlikely(service_rc != 0)) {
 645                service_rs = msg->cprbx.ccp_rscode;
 646                if ((service_rc == 8 && service_rs == 66) ||
 647                    (service_rc == 8 && service_rs == 65) ||
 648                    (service_rc == 8 && service_rs == 72) ||
 649                    (service_rc == 8 && service_rs == 770) ||
 650                    (service_rc == 12 && service_rs == 769)) {
 651                        ZCRYPT_DBF(DBF_DEBUG,
 652                                   "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
 653                                   AP_QID_CARD(zq->queue->qid),
 654                                   AP_QID_QUEUE(zq->queue->qid),
 655                                   (int) service_rc, (int) service_rs);
 656                        return -EINVAL;
 657                }
 658                zq->online = 0;
 659                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 660                       AP_QID_CARD(zq->queue->qid),
 661                       AP_QID_QUEUE(zq->queue->qid));
 662                ZCRYPT_DBF(DBF_ERR,
 663                           "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
 664                           AP_QID_CARD(zq->queue->qid),
 665                           AP_QID_QUEUE(zq->queue->qid),
 666                           (int) service_rc, (int) service_rs);
 667                return -EAGAIN; /* repeat the request on a different device. */
 668        }
 669        data = msg->text;
 670        reply_len = msg->length - 2;
 671        if (reply_len > outputdatalength)
 672                return -EINVAL;
 673        /*
 674         * For all encipher requests, the length of the ciphertext (reply_len)
 675         * will always equal the modulus length. For MEX decipher requests
 676         * the output needs to get padded. Minimum pad size is 10.
 677         *
 678         * Currently, the cases where padding will be added is for:
 679         * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
 680         *   ZERO-PAD and CRT is only supported for PKD requests)
 681         * - PCICC, always
 682         */
 683        pad_len = outputdatalength - reply_len;
 684        if (pad_len > 0) {
 685                if (pad_len < 10)
 686                        return -EINVAL;
 687                /* 'restore' padding left in the CEXXC card. */
 688                if (copy_to_user(outputdata, static_pad, pad_len - 1))
 689                        return -EFAULT;
 690                if (put_user(0, outputdata + pad_len - 1))
 691                        return -EFAULT;
 692        }
 693        /* Copy the crypto response to user space. */
 694        if (copy_to_user(outputdata + pad_len, data, reply_len))
 695                return -EFAULT;
 696        return 0;
 697}
 698
 699/**
 700 * Copy results from a type 86 XCRB reply message back to user space.
 701 *
 702 * @zq: crypto device pointer
 703 * @reply: reply AP message.
 704 * @xcRB: pointer to XCRB
 705 *
 706 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 707 */
 708static int convert_type86_xcrb(struct zcrypt_queue *zq,
 709                               struct ap_message *reply,
 710                               struct ica_xcRB *xcRB)
 711{
 712        struct type86_fmt2_msg *msg = reply->message;
 713        char *data = reply->message;
 714
 715        /* Copy CPRB to user */
 716        if (copy_to_user(xcRB->reply_control_blk_addr,
 717                data + msg->fmt2.offset1, msg->fmt2.count1))
 718                return -EFAULT;
 719        xcRB->reply_control_blk_length = msg->fmt2.count1;
 720
 721        /* Copy data buffer to user */
 722        if (msg->fmt2.count2)
 723                if (copy_to_user(xcRB->reply_data_addr,
 724                        data + msg->fmt2.offset2, msg->fmt2.count2))
 725                        return -EFAULT;
 726        xcRB->reply_data_length = msg->fmt2.count2;
 727        return 0;
 728}
 729
 730/**
 731 * Copy results from a type 86 EP11 XCRB reply message back to user space.
 732 *
 733 * @zq: crypto device pointer
 734 * @reply: reply AP message.
 735 * @xcRB: pointer to EP11 user request block
 736 *
 737 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 738 */
 739static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq,
 740                                    struct ap_message *reply,
 741                                    struct ep11_urb *xcRB)
 742{
 743        struct type86_fmt2_msg *msg = reply->message;
 744        char *data = reply->message;
 745
 746        if (xcRB->resp_len < msg->fmt2.count1)
 747                return -EINVAL;
 748
 749        /* Copy response CPRB to user */
 750        if (copy_to_user((char __force __user *)xcRB->resp,
 751                         data + msg->fmt2.offset1, msg->fmt2.count1))
 752                return -EFAULT;
 753        xcRB->resp_len = msg->fmt2.count1;
 754        return 0;
 755}
 756
 757static int convert_type86_rng(struct zcrypt_queue *zq,
 758                          struct ap_message *reply,
 759                          char *buffer)
 760{
 761        struct {
 762                struct type86_hdr hdr;
 763                struct type86_fmt2_ext fmt2;
 764                struct CPRBX cprbx;
 765        } __packed * msg = reply->message;
 766        char *data = reply->message;
 767
 768        if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
 769                return -EINVAL;
 770        memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
 771        return msg->fmt2.count2;
 772}
 773
 774static int convert_response_ica(struct zcrypt_queue *zq,
 775                            struct ap_message *reply,
 776                            char __user *outputdata,
 777                            unsigned int outputdatalength)
 778{
 779        struct type86x_reply *msg = reply->message;
 780
 781        switch (msg->hdr.type) {
 782        case TYPE82_RSP_CODE:
 783        case TYPE88_RSP_CODE:
 784                return convert_error(zq, reply);
 785        case TYPE86_RSP_CODE:
 786                if (msg->cprbx.ccp_rtcode &&
 787                   (msg->cprbx.ccp_rscode == 0x14f) &&
 788                   (outputdatalength > 256)) {
 789                        if (zq->zcard->max_exp_bit_length <= 17) {
 790                                zq->zcard->max_exp_bit_length = 17;
 791                                return -EAGAIN;
 792                        } else
 793                                return -EINVAL;
 794                }
 795                if (msg->hdr.reply_code)
 796                        return convert_error(zq, reply);
 797                if (msg->cprbx.cprb_ver_id == 0x02)
 798                        return convert_type86_ica(zq, reply,
 799                                                  outputdata, outputdatalength);
 800                /*
 801                 * Fall through, no break, incorrect cprb version is an unknown
 802                 * response
 803                 */
 804        default: /* Unknown response type, this should NEVER EVER happen */
 805                zq->online = 0;
 806                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 807                       AP_QID_CARD(zq->queue->qid),
 808                       AP_QID_QUEUE(zq->queue->qid));
 809                ZCRYPT_DBF(DBF_ERR,
 810                           "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 811                           AP_QID_CARD(zq->queue->qid),
 812                           AP_QID_QUEUE(zq->queue->qid),
 813                           (int) msg->hdr.type);
 814                return -EAGAIN; /* repeat the request on a different device. */
 815        }
 816}
 817
 818static int convert_response_xcrb(struct zcrypt_queue *zq,
 819                            struct ap_message *reply,
 820                            struct ica_xcRB *xcRB)
 821{
 822        struct type86x_reply *msg = reply->message;
 823
 824        switch (msg->hdr.type) {
 825        case TYPE82_RSP_CODE:
 826        case TYPE88_RSP_CODE:
 827                xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
 828                return convert_error(zq, reply);
 829        case TYPE86_RSP_CODE:
 830                if (msg->hdr.reply_code) {
 831                        memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
 832                        return convert_error(zq, reply);
 833                }
 834                if (msg->cprbx.cprb_ver_id == 0x02)
 835                        return convert_type86_xcrb(zq, reply, xcRB);
 836                /*
 837                 * Fall through, no break, incorrect cprb version is an unknown
 838                 * response
 839                 */
 840        default: /* Unknown response type, this should NEVER EVER happen */
 841                xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
 842                zq->online = 0;
 843                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 844                       AP_QID_CARD(zq->queue->qid),
 845                       AP_QID_QUEUE(zq->queue->qid));
 846                ZCRYPT_DBF(DBF_ERR,
 847                           "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 848                           AP_QID_CARD(zq->queue->qid),
 849                           AP_QID_QUEUE(zq->queue->qid),
 850                           (int) msg->hdr.type);
 851                return -EAGAIN; /* repeat the request on a different device. */
 852        }
 853}
 854
 855static int convert_response_ep11_xcrb(struct zcrypt_queue *zq,
 856        struct ap_message *reply, struct ep11_urb *xcRB)
 857{
 858        struct type86_ep11_reply *msg = reply->message;
 859
 860        switch (msg->hdr.type) {
 861        case TYPE82_RSP_CODE:
 862        case TYPE87_RSP_CODE:
 863                return convert_error(zq, reply);
 864        case TYPE86_RSP_CODE:
 865                if (msg->hdr.reply_code)
 866                        return convert_error(zq, reply);
 867                if (msg->cprbx.cprb_ver_id == 0x04)
 868                        return convert_type86_ep11_xcrb(zq, reply, xcRB);
 869        /* Fall through, no break, incorrect cprb version is an unknown resp.*/
 870        default: /* Unknown response type, this should NEVER EVER happen */
 871                zq->online = 0;
 872                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 873                       AP_QID_CARD(zq->queue->qid),
 874                       AP_QID_QUEUE(zq->queue->qid));
 875                ZCRYPT_DBF(DBF_ERR,
 876                           "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 877                           AP_QID_CARD(zq->queue->qid),
 878                           AP_QID_QUEUE(zq->queue->qid),
 879                           (int) msg->hdr.type);
 880                return -EAGAIN; /* repeat the request on a different device. */
 881        }
 882}
 883
 884static int convert_response_rng(struct zcrypt_queue *zq,
 885                                 struct ap_message *reply,
 886                                 char *data)
 887{
 888        struct type86x_reply *msg = reply->message;
 889
 890        switch (msg->hdr.type) {
 891        case TYPE82_RSP_CODE:
 892        case TYPE88_RSP_CODE:
 893                return -EINVAL;
 894        case TYPE86_RSP_CODE:
 895                if (msg->hdr.reply_code)
 896                        return -EINVAL;
 897                if (msg->cprbx.cprb_ver_id == 0x02)
 898                        return convert_type86_rng(zq, reply, data);
 899                /*
 900                 * Fall through, no break, incorrect cprb version is an unknown
 901                 * response
 902                 */
 903        default: /* Unknown response type, this should NEVER EVER happen */
 904                zq->online = 0;
 905                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 906                       AP_QID_CARD(zq->queue->qid),
 907                       AP_QID_QUEUE(zq->queue->qid));
 908                ZCRYPT_DBF(DBF_ERR,
 909                           "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 910                           AP_QID_CARD(zq->queue->qid),
 911                           AP_QID_QUEUE(zq->queue->qid),
 912                           (int) msg->hdr.type);
 913                return -EAGAIN; /* repeat the request on a different device. */
 914        }
 915}
 916
 917/**
 918 * This function is called from the AP bus code after a crypto request
 919 * "msg" has finished with the reply message "reply".
 920 * It is called from tasklet context.
 921 * @aq: pointer to the AP queue
 922 * @msg: pointer to the AP message
 923 * @reply: pointer to the AP reply message
 924 */
 925static void zcrypt_msgtype6_receive(struct ap_queue *aq,
 926                                  struct ap_message *msg,
 927                                  struct ap_message *reply)
 928{
 929        static struct error_hdr error_reply = {
 930                .type = TYPE82_RSP_CODE,
 931                .reply_code = REP82_ERROR_MACHINE_FAILURE,
 932        };
 933        struct response_type *resp_type =
 934                (struct response_type *) msg->private;
 935        struct type86x_reply *t86r;
 936        int length;
 937
 938        /* Copy the reply message to the request message buffer. */
 939        if (!reply)
 940                goto out;       /* ap_msg->rc indicates the error */
 941        t86r = reply->message;
 942        if (t86r->hdr.type == TYPE86_RSP_CODE &&
 943                 t86r->cprbx.cprb_ver_id == 0x02) {
 944                switch (resp_type->type) {
 945                case CEXXC_RESPONSE_TYPE_ICA:
 946                        length = sizeof(struct type86x_reply)
 947                                + t86r->length - 2;
 948                        length = min(CEXXC_MAX_ICA_RESPONSE_SIZE, length);
 949                        memcpy(msg->message, reply->message, length);
 950                        break;
 951                case CEXXC_RESPONSE_TYPE_XCRB:
 952                        length = t86r->fmt2.offset2 + t86r->fmt2.count2;
 953                        length = min(MSGTYPE06_MAX_MSG_SIZE, length);
 954                        memcpy(msg->message, reply->message, length);
 955                        break;
 956                default:
 957                        memcpy(msg->message, &error_reply,
 958                               sizeof(error_reply));
 959                }
 960        } else
 961                memcpy(msg->message, reply->message, sizeof(error_reply));
 962out:
 963        complete(&(resp_type->work));
 964}
 965
 966/**
 967 * This function is called from the AP bus code after a crypto request
 968 * "msg" has finished with the reply message "reply".
 969 * It is called from tasklet context.
 970 * @aq: pointer to the AP queue
 971 * @msg: pointer to the AP message
 972 * @reply: pointer to the AP reply message
 973 */
 974static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
 975                                         struct ap_message *msg,
 976                                         struct ap_message *reply)
 977{
 978        static struct error_hdr error_reply = {
 979                .type = TYPE82_RSP_CODE,
 980                .reply_code = REP82_ERROR_MACHINE_FAILURE,
 981        };
 982        struct response_type *resp_type =
 983                (struct response_type *)msg->private;
 984        struct type86_ep11_reply *t86r;
 985        int length;
 986
 987        /* Copy the reply message to the request message buffer. */
 988        if (!reply)
 989                goto out;       /* ap_msg->rc indicates the error */
 990        t86r = reply->message;
 991        if (t86r->hdr.type == TYPE86_RSP_CODE &&
 992            t86r->cprbx.cprb_ver_id == 0x04) {
 993                switch (resp_type->type) {
 994                case CEXXC_RESPONSE_TYPE_EP11:
 995                        length = t86r->fmt2.offset1 + t86r->fmt2.count1;
 996                        length = min(MSGTYPE06_MAX_MSG_SIZE, length);
 997                        memcpy(msg->message, reply->message, length);
 998                        break;
 999                default:
1000                        memcpy(msg->message, &error_reply, sizeof(error_reply));

1001                }
1002        } else {
1003                memcpy(msg->message, reply->message, sizeof(error_reply));
1004        }
1005out:
1006        complete(&(resp_type->work));
1007}
1008
1009static atomic_t zcrypt_step = ATOMIC_INIT(0);
1010
1011/**
1012 * The request distributor calls this function if it picked the CEXxC
1013 * device to handle a modexpo request.
1014 * @zq: pointer to zcrypt_queue structure that identifies the
1015 *      CEXxC device to the request distributor
1016 * @mex: pointer to the modexpo request buffer
1017 */
1018static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1019                                  struct ica_rsa_modexpo *mex)
1020{
1021        struct ap_message ap_msg;
1022        struct response_type resp_type = {
1023                .type = CEXXC_RESPONSE_TYPE_ICA,
1024        };
1025        int rc;
1026
1027        ap_init_message(&ap_msg);
1028        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1029        if (!ap_msg.message)
1030                return -ENOMEM;
1031        ap_msg.receive = zcrypt_msgtype6_receive;
1032        ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1033                                atomic_inc_return(&zcrypt_step);
1034        ap_msg.private = &resp_type;
1035        rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex);
1036        if (rc)
1037                goto out_free;
1038        init_completion(&resp_type.work);
1039        ap_queue_message(zq->queue, &ap_msg);
1040        rc = wait_for_completion_interruptible(&resp_type.work);
1041        if (rc == 0) {
1042                rc = ap_msg.rc;
1043                if (rc == 0)
1044                        rc = convert_response_ica(zq, &ap_msg,
1045                                                  mex->outputdata,
1046                                                  mex->outputdatalength);
1047        } else
1048                /* Signal pending. */
1049                ap_cancel_message(zq->queue, &ap_msg);
1050out_free:
1051        free_page((unsigned long) ap_msg.message);
1052        return rc;
1053}
1054
1055/**
1056 * The request distributor calls this function if it picked the CEXxC
1057 * device to handle a modexpo_crt request.
1058 * @zq: pointer to zcrypt_queue structure that identifies the
1059 *      CEXxC device to the request distributor
1060 * @crt: pointer to the modexpoc_crt request buffer
1061 */
1062static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1063                                      struct ica_rsa_modexpo_crt *crt)
1064{
1065        struct ap_message ap_msg;
1066        struct response_type resp_type = {
1067                .type = CEXXC_RESPONSE_TYPE_ICA,
1068        };
1069        int rc;
1070
1071        ap_init_message(&ap_msg);
1072        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1073        if (!ap_msg.message)
1074                return -ENOMEM;
1075        ap_msg.receive = zcrypt_msgtype6_receive;
1076        ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1077                                atomic_inc_return(&zcrypt_step);
1078        ap_msg.private = &resp_type;
1079        rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt);
1080        if (rc)
1081                goto out_free;
1082        init_completion(&resp_type.work);
1083        ap_queue_message(zq->queue, &ap_msg);
1084        rc = wait_for_completion_interruptible(&resp_type.work);
1085        if (rc == 0) {
1086                rc = ap_msg.rc;
1087                if (rc == 0)
1088                        rc = convert_response_ica(zq, &ap_msg,
1089                                                  crt->outputdata,
1090                                                  crt->outputdatalength);
1091        } else {
1092                /* Signal pending. */
1093                ap_cancel_message(zq->queue, &ap_msg);
1094        }
1095out_free:
1096        free_page((unsigned long) ap_msg.message);
1097        return rc;
1098}
1099
1100/**
1101 * Fetch function code from cprb.
1102 * Extracting the fc requires to copy the cprb from userspace.
1103 * So this function allocates memory and needs an ap_msg prepared
1104 * by the caller with ap_init_message(). Also the caller has to
1105 * make sure ap_release_message() is always called even on failure.
1106 */
1107unsigned int get_cprb_fc(struct ica_xcRB *xcRB,
1108                                struct ap_message *ap_msg,
1109                                unsigned int *func_code, unsigned short **dom)
1110{
1111        struct response_type resp_type = {
1112                .type = CEXXC_RESPONSE_TYPE_XCRB,
1113        };
1114
1115        ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1116        if (!ap_msg->message)
1117                return -ENOMEM;
1118        ap_msg->receive = zcrypt_msgtype6_receive;
1119        ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1120                                atomic_inc_return(&zcrypt_step);
1121        ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1122        if (!ap_msg->private)
1123                return -ENOMEM;
1124        return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom);
1125}
1126
1127/**
1128 * The request distributor calls this function if it picked the CEXxC
1129 * device to handle a send_cprb request.
1130 * @zq: pointer to zcrypt_queue structure that identifies the
1131 *      CEXxC device to the request distributor
1132 * @xcRB: pointer to the send_cprb request buffer
1133 */
1134static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq,
1135                                    struct ica_xcRB *xcRB,
1136                                    struct ap_message *ap_msg)
1137{
1138        int rc;
1139        struct response_type *rtype = (struct response_type *)(ap_msg->private);
1140
1141        init_completion(&rtype->work);
1142        ap_queue_message(zq->queue, ap_msg);
1143        rc = wait_for_completion_interruptible(&rtype->work);
1144        if (rc == 0) {
1145                rc = ap_msg->rc;
1146                if (rc == 0)
1147                        rc = convert_response_xcrb(zq, ap_msg, xcRB);
1148        } else
1149                /* Signal pending. */
1150                ap_cancel_message(zq->queue, ap_msg);
1151
1152        return rc;
1153}
1154
1155/**
1156 * Fetch function code from ep11 cprb.
1157 * Extracting the fc requires to copy the ep11 cprb from userspace.
1158 * So this function allocates memory and needs an ap_msg prepared
1159 * by the caller with ap_init_message(). Also the caller has to
1160 * make sure ap_release_message() is always called even on failure.
1161 */
1162unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb,
1163                                    struct ap_message *ap_msg,
1164                                    unsigned int *func_code)
1165{
1166        struct response_type resp_type = {
1167                .type = CEXXC_RESPONSE_TYPE_EP11,
1168        };
1169
1170        ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1171        if (!ap_msg->message)
1172                return -ENOMEM;
1173        ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1174        ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1175                                atomic_inc_return(&zcrypt_step);
1176        ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1177        if (!ap_msg->private)
1178                return -ENOMEM;
1179        return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code);
1180}
1181
1182/**
1183 * The request distributor calls this function if it picked the CEX4P
1184 * device to handle a send_ep11_cprb request.
1185 * @zq: pointer to zcrypt_queue structure that identifies the
1186 *        CEX4P device to the request distributor
1187 * @xcRB: pointer to the ep11 user request block
1188 */
1189static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq,
1190                                           struct ep11_urb *xcrb,
1191                                           struct ap_message *ap_msg)
1192{
1193        int rc;
1194        unsigned int lfmt;
1195        struct response_type *rtype = (struct response_type *)(ap_msg->private);
1196        struct {
1197                struct type6_hdr hdr;
1198                struct ep11_cprb cprbx;
1199                unsigned char   pld_tag;        /* fixed value 0x30 */
1200                unsigned char   pld_lenfmt;     /* payload length format */
1201        } __packed * msg = ap_msg->message;
1202        struct pld_hdr {
1203                unsigned char   func_tag;       /* fixed value 0x4 */
1204                unsigned char   func_len;       /* fixed value 0x4 */
1205                unsigned int    func_val;       /* function ID     */
1206                unsigned char   dom_tag;        /* fixed value 0x4 */
1207                unsigned char   dom_len;        /* fixed value 0x4 */
1208                unsigned int    dom_val;        /* domain id       */
1209        } __packed * payload_hdr = NULL;
1210
1211
1212        /**
1213         * The target domain field within the cprb body/payload block will be
1214         * replaced by the usage domain for non-management commands only.
1215         * Therefore we check the first bit of the 'flags' parameter for
1216         * management command indication.
1217         *   0 - non management command
1218         *   1 - management command
1219         */
1220        if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1221                msg->cprbx.target_id = (unsigned int)
1222                                        AP_QID_QUEUE(zq->queue->qid);
1223
1224                if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1225                        switch (msg->pld_lenfmt & 0x03) {
1226                        case 1:
1227                                lfmt = 2;
1228                                break;
1229                        case 2:
1230                                lfmt = 3;
1231                                break;
1232                        default:
1233                                return -EINVAL;
1234                        }
1235                } else {
1236                        lfmt = 1; /* length format #1 */
1237                }
1238                payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
1239                payload_hdr->dom_val = (unsigned int)
1240                                        AP_QID_QUEUE(zq->queue->qid);
1241        }
1242
1243        init_completion(&rtype->work);
1244        ap_queue_message(zq->queue, ap_msg);
1245        rc = wait_for_completion_interruptible(&rtype->work);
1246        if (rc == 0) {
1247                rc = ap_msg->rc;
1248                if (rc == 0)
1249                        rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb);
1250        } else
1251                /* Signal pending. */
1252                ap_cancel_message(zq->queue, ap_msg);
1253
1254        return rc;
1255}
1256
1257unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code,
1258                                                   unsigned int *domain)
1259{
1260        struct response_type resp_type = {
1261                .type = CEXXC_RESPONSE_TYPE_XCRB,
1262        };
1263
1264        ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1265        if (!ap_msg->message)
1266                return -ENOMEM;
1267        ap_msg->receive = zcrypt_msgtype6_receive;
1268        ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1269                                atomic_inc_return(&zcrypt_step);
1270        ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1271        if (!ap_msg->private)
1272                return -ENOMEM;
1273
1274        rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1275
1276        *func_code = HWRNG;
1277        return 0;
1278}
1279
1280/**
1281 * The request distributor calls this function if it picked the CEXxC
1282 * device to generate random data.
1283 * @zq: pointer to zcrypt_queue structure that identifies the
1284 *      CEXxC device to the request distributor
1285 * @buffer: pointer to a memory page to return random data
1286 */
1287static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1288                                char *buffer, struct ap_message *ap_msg)
1289{
1290        struct {
1291                struct type6_hdr hdr;
1292                struct CPRBX cprbx;
1293                char function_code[2];
1294                short int rule_length;
1295                char rule[8];
1296                short int verb_length;
1297                short int key_length;
1298        } __packed * msg = ap_msg->message;
1299        struct response_type *rtype = (struct response_type *)(ap_msg->private);
1300        int rc;
1301
1302        msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1303
1304        init_completion(&rtype->work);
1305        ap_queue_message(zq->queue, ap_msg);
1306        rc = wait_for_completion_interruptible(&rtype->work);
1307        if (rc == 0) {
1308                rc = ap_msg->rc;
1309                if (rc == 0)
1310                        rc = convert_response_rng(zq, ap_msg, buffer);
1311        } else
1312                /* Signal pending. */
1313                ap_cancel_message(zq->queue, ap_msg);
1314
1315        return rc;
1316}
1317
1318/**
1319 * The crypto operations for a CEXxC card.
1320 */
1321static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1322        .owner = THIS_MODULE,
1323        .name = MSGTYPE06_NAME,
1324        .variant = MSGTYPE06_VARIANT_NORNG,
1325        .rsa_modexpo = zcrypt_msgtype6_modexpo,
1326        .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1327        .send_cprb = zcrypt_msgtype6_send_cprb,
1328};
1329
1330static struct zcrypt_ops zcrypt_msgtype6_ops = {
1331        .owner = THIS_MODULE,
1332        .name = MSGTYPE06_NAME,
1333        .variant = MSGTYPE06_VARIANT_DEFAULT,
1334        .rsa_modexpo = zcrypt_msgtype6_modexpo,
1335        .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1336        .send_cprb = zcrypt_msgtype6_send_cprb,
1337        .rng = zcrypt_msgtype6_rng,
1338};
1339
1340static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1341        .owner = THIS_MODULE,
1342        .name = MSGTYPE06_NAME,
1343        .variant = MSGTYPE06_VARIANT_EP11,
1344        .rsa_modexpo = NULL,
1345        .rsa_modexpo_crt = NULL,
1346        .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1347};
1348
1349void __init zcrypt_msgtype6_init(void)
1350{
1351        zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1352        zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1353        zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1354}
1355
1356void __exit zcrypt_msgtype6_exit(void)
1357{
1358        zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1359        zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1360        zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
1361}
1362