LXR linux/drivers/s390/crypto/zcrypt

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 *  Copyright IBM Corp. 2001, 2012
   4 *  Author(s): Robert Burroughs
   5 *             Eric Rossman (edrossma@us.ibm.com)
   6 *
   7 *  Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
   8 *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
   9 *                                Ralph Wuerthner <rwuerthn@de.ibm.com>
  10 *  MSGTYPE restruct:             Holger Dengler <hd@linux.vnet.ibm.com>
  11 */
  12
  13#define KMSG_COMPONENT "zcrypt"
  14#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
  15
  16#include <linux/module.h>
  17#include <linux/init.h>
  18#include <linux/err.h>
  19#include <linux/delay.h>
  20#include <linux/slab.h>
  21#include <linux/atomic.h>
  22#include <linux/uaccess.h>
  23
  24#include "ap_bus.h"
  25#include "zcrypt_api.h"
  26#include "zcrypt_error.h"
  27#include "zcrypt_msgtype6.h"
  28#include "zcrypt_cca_key.h"
  29
  30#define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply       */
  31
  32#define CEIL4(x) ((((x)+3)/4)*4)
  33
  34struct response_type {
  35        struct completion work;
  36        int type;
  37};
  38#define CEXXC_RESPONSE_TYPE_ICA  0
  39#define CEXXC_RESPONSE_TYPE_XCRB 1
  40#define CEXXC_RESPONSE_TYPE_EP11 2
  41
  42MODULE_AUTHOR("IBM Corporation");
  43MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
  44                   "Copyright IBM Corp. 2001, 2012");
  45MODULE_LICENSE("GPL");
  46
  47/**
  48 * CPRB
  49 *        Note that all shorts, ints and longs are little-endian.
  50 *        All pointer fields are 32-bits long, and mean nothing
  51 *
  52 *        A request CPRB is followed by a request_parameter_block.
  53 *
  54 *        The request (or reply) parameter block is organized thus:
  55 *          function code
  56 *          VUD block
  57 *          key block
  58 */
  59struct CPRB {
  60        unsigned short cprb_len;        /* CPRB length                   */
  61        unsigned char cprb_ver_id;      /* CPRB version id.              */
  62        unsigned char pad_000;          /* Alignment pad byte.           */
  63        unsigned char srpi_rtcode[4];   /* SRPI return code LELONG       */
  64        unsigned char srpi_verb;        /* SRPI verb type                */
  65        unsigned char flags;            /* flags                         */
  66        unsigned char func_id[2];       /* function id                   */
  67        unsigned char checkpoint_flag;  /*                               */
  68        unsigned char resv2;            /* reserved                      */
  69        unsigned short req_parml;       /* request parameter buffer      */
  70                                        /* length 16-bit little endian   */
  71        unsigned char req_parmp[4];     /* request parameter buffer      *
  72                                         * pointer (means nothing: the   *
  73                                         * parameter buffer follows      *
  74                                         * the CPRB).                    */
  75        unsigned char req_datal[4];     /* request data buffer           */
  76                                        /* length         ULELONG        */
  77        unsigned char req_datap[4];     /* request data buffer           */
  78                                        /* pointer                       */
  79        unsigned short rpl_parml;       /* reply  parameter buffer       */
  80                                        /* length 16-bit little endian   */
  81        unsigned char pad_001[2];       /* Alignment pad bytes. ULESHORT */
  82        unsigned char rpl_parmp[4];     /* reply parameter buffer        *
  83                                         * pointer (means nothing: the   *
  84                                         * parameter buffer follows      *
  85                                         * the CPRB).                    */
  86        unsigned char rpl_datal[4];     /* reply data buffer len ULELONG */
  87        unsigned char rpl_datap[4];     /* reply data buffer             */
  88                                        /* pointer                       */
  89        unsigned short ccp_rscode;      /* server reason code   ULESHORT */
  90        unsigned short ccp_rtcode;      /* server return code   ULESHORT */
  91        unsigned char repd_parml[2];    /* replied parameter len ULESHORT*/
  92        unsigned char mac_data_len[2];  /* Mac Data Length      ULESHORT */
  93        unsigned char repd_datal[4];    /* replied data length  ULELONG  */
  94        unsigned char req_pc[2];        /* PC identifier                 */
  95        unsigned char res_origin[8];    /* resource origin               */
  96        unsigned char mac_value[8];     /* Mac Value                     */
  97        unsigned char logon_id[8];      /* Logon Identifier              */
  98        unsigned char usage_domain[2];  /* cdx                           */
  99        unsigned char resv3[18];        /* reserved for requestor        */
 100        unsigned short svr_namel;       /* server name length  ULESHORT  */
 101        unsigned char svr_name[8];      /* server name                   */
 102} __packed;
 103
 104struct function_and_rules_block {
 105        unsigned char function_code[2];
 106        unsigned short ulen;
 107        unsigned char only_rule[8];
 108} __packed;
 109
 110/**
 111 * The following is used to initialize the CPRBX passed to the CEXxC/CEXxP
 112 * card in a type6 message. The 3 fields that must be filled in at execution
 113 * time are  req_parml, rpl_parml and usage_domain.
 114 * Everything about this interface is ascii/big-endian, since the
 115 * device does *not* have 'Intel inside'.
 116 *
 117 * The CPRBX is followed immediately by the parm block.
 118 * The parm block contains:
 119 * - function code ('PD' 0x5044 or 'PK' 0x504B)
 120 * - rule block (one of:)
 121 *   + 0x000A 'PKCS-1.2' (MCL2 'PD')
 122 *   + 0x000A 'ZERO-PAD' (MCL2 'PK')
 123 *   + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
 124 *   + 0x000A 'MRP     ' (MCL3 'PK' or CEX2C 'PK')
 125 * - VUD block
 126 */
 127static const struct CPRBX static_cprbx = {
 128        .cprb_len       =  0x00DC,
 129        .cprb_ver_id    =  0x02,
 130        .func_id        = {0x54, 0x32},
 131};
 132
 133int speed_idx_cca(int req_type)
 134{
 135        switch (req_type) {
 136        case 0x4142:
 137        case 0x4149:
 138        case 0x414D:
 139        case 0x4341:
 140        case 0x4344:
 141        case 0x4354:
 142        case 0x4358:
 143        case 0x444B:
 144        case 0x4558:
 145        case 0x4643:
 146        case 0x4651:
 147        case 0x4C47:
 148        case 0x4C4B:
 149        case 0x4C51:
 150        case 0x4F48:
 151        case 0x504F:
 152        case 0x5053:
 153        case 0x5058:
 154        case 0x5343:
 155        case 0x5344:
 156        case 0x5345:
 157        case 0x5350:
 158                return LOW;
 159        case 0x414B:
 160        case 0x4345:
 161        case 0x4349:
 162        case 0x434D:
 163        case 0x4847:
 164        case 0x4849:
 165        case 0x484D:
 166        case 0x4850:
 167        case 0x4851:
 168        case 0x4954:
 169        case 0x4958:
 170        case 0x4B43:
 171        case 0x4B44:
 172        case 0x4B45:
 173        case 0x4B47:
 174        case 0x4B48:
 175        case 0x4B49:
 176        case 0x4B4E:
 177        case 0x4B50:
 178        case 0x4B52:
 179        case 0x4B54:
 180        case 0x4B58:
 181        case 0x4D50:
 182        case 0x4D53:
 183        case 0x4D56:
 184        case 0x4D58:
 185        case 0x5044:
 186        case 0x5045:
 187        case 0x5046:
 188        case 0x5047:
 189        case 0x5049:
 190        case 0x504B:
 191        case 0x504D:
 192        case 0x5254:
 193        case 0x5347:
 194        case 0x5349:
 195        case 0x534B:
 196        case 0x534D:
 197        case 0x5356:
 198        case 0x5358:
 199        case 0x5443:
 200        case 0x544B:
 201        case 0x5647:
 202                return HIGH;
 203        default:
 204                return MEDIUM;
 205        }
 206}
 207
 208int speed_idx_ep11(int req_type)
 209{
 210        switch (req_type) {
 211        case  1:
 212        case  2:
 213        case 36:
 214        case 37:
 215        case 38:
 216        case 39:
 217        case 40:
 218                return LOW;
 219        case 17:
 220        case 18:
 221        case 19:
 222        case 20:
 223        case 21:
 224        case 22:
 225        case 26:
 226        case 30:
 227        case 31:
 228        case 32:
 229        case 33:
 230        case 34:
 231        case 35:
 232                return HIGH;
 233        default:
 234                return MEDIUM;
 235        }
 236}
 237
 238
 239/**
 240 * Convert a ICAMEX message to a type6 MEX message.
 241 *
 242 * @zq: crypto device pointer
 243 * @ap_msg: pointer to AP message
 244 * @mex: pointer to user input data
 245 *
 246 * Returns 0 on success or negative errno value.
 247 */
 248static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq,
 249                                       struct ap_message *ap_msg,
 250                                       struct ica_rsa_modexpo *mex)
 251{
 252        static struct type6_hdr static_type6_hdrX = {
 253                .type           =  0x06,
 254                .offset1        =  0x00000058,
 255                .agent_id       = {'C', 'A',},
 256                .function_code  = {'P', 'K'},
 257        };
 258        static struct function_and_rules_block static_pke_fnr = {
 259                .function_code  = {'P', 'K'},
 260                .ulen           = 10,
 261                .only_rule      = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
 262        };
 263        struct {
 264                struct type6_hdr hdr;
 265                struct CPRBX cprbx;
 266                struct function_and_rules_block fr;
 267                unsigned short length;
 268                char text[0];
 269        } __packed * msg = ap_msg->message;
 270        int size;
 271
 272        /*
 273         * The inputdatalength was a selection criteria in the dispatching
 274         * function zcrypt_rsa_modexpo(). However, make sure the following
 275         * copy_from_user() never exceeds the allocated buffer space.
 276         */
 277        if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
 278                return -EINVAL;
 279
 280        /* VUD.ciphertext */
 281        msg->length = mex->inputdatalength + 2;
 282        if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
 283                return -EFAULT;
 284
 285        /* Set up key which is located after the variable length text. */
 286        size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength);
 287        if (size < 0)
 288                return size;
 289        size += sizeof(*msg) + mex->inputdatalength;
 290
 291        /* message header, cprbx and f&r */
 292        msg->hdr = static_type6_hdrX;
 293        msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
 294        msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
 295
 296        msg->cprbx = static_cprbx;
 297        msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
 298        msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
 299
 300        msg->fr = static_pke_fnr;
 301
 302        msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
 303
 304        ap_msg->length = size;
 305        return 0;
 306}
 307
 308/**
 309 * Convert a ICACRT message to a type6 CRT message.
 310 *
 311 * @zq: crypto device pointer
 312 * @ap_msg: pointer to AP message
 313 * @crt: pointer to user input data
 314 *
 315 * Returns 0 on success or negative errno value.
 316 */
 317static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq,
 318                                       struct ap_message *ap_msg,
 319                                       struct ica_rsa_modexpo_crt *crt)
 320{
 321        static struct type6_hdr static_type6_hdrX = {
 322                .type           =  0x06,
 323                .offset1        =  0x00000058,
 324                .agent_id       = {'C', 'A',},
 325                .function_code  = {'P', 'D'},
 326        };
 327        static struct function_and_rules_block static_pkd_fnr = {
 328                .function_code  = {'P', 'D'},
 329                .ulen           = 10,
 330                .only_rule      = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
 331        };
 332
 333        struct {
 334                struct type6_hdr hdr;
 335                struct CPRBX cprbx;
 336                struct function_and_rules_block fr;
 337                unsigned short length;
 338                char text[0];
 339        } __packed * msg = ap_msg->message;
 340        int size;
 341
 342        /*
 343         * The inputdatalength was a selection criteria in the dispatching
 344         * function zcrypt_rsa_crt(). However, make sure the following
 345         * copy_from_user() never exceeds the allocated buffer space.
 346         */
 347        if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
 348                return -EINVAL;
 349
 350        /* VUD.ciphertext */
 351        msg->length = crt->inputdatalength + 2;
 352        if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
 353                return -EFAULT;
 354
 355        /* Set up key which is located after the variable length text. */
 356        size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
 357        if (size < 0)
 358                return size;
 359        size += sizeof(*msg) + crt->inputdatalength;    /* total size of msg */
 360
 361        /* message header, cprbx and f&r */
 362        msg->hdr = static_type6_hdrX;
 363        msg->hdr.ToCardLen1 = size -  sizeof(msg->hdr);
 364        msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
 365
 366        msg->cprbx = static_cprbx;
 367        msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
 368        msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
 369                size - sizeof(msg->hdr) - sizeof(msg->cprbx);
 370
 371        msg->fr = static_pkd_fnr;
 372
 373        ap_msg->length = size;
 374        return 0;
 375}
 376
 377/**
 378 * Convert a XCRB message to a type6 CPRB message.
 379 *
 380 * @zq: crypto device pointer
 381 * @ap_msg: pointer to AP message
 382 * @xcRB: pointer to user input data
 383 *
 384 * Returns 0 on success or -EFAULT, -EINVAL.
 385 */
 386struct type86_fmt2_msg {
 387        struct type86_hdr hdr;
 388        struct type86_fmt2_ext fmt2;
 389} __packed;
 390
 391static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg,
 392                                      struct ica_xcRB *xcRB,
 393                                      unsigned int *fcode,
 394                                      unsigned short **dom)
 395{
 396        static struct type6_hdr static_type6_hdrX = {
 397                .type           =  0x06,
 398                .offset1        =  0x00000058,
 399        };
 400        struct {
 401                struct type6_hdr hdr;
 402                struct CPRBX cprbx;
 403        } __packed * msg = ap_msg->message;
 404
 405        int rcblen = CEIL4(xcRB->request_control_blk_length);
 406        int replylen, req_sumlen, resp_sumlen;
 407        char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen;
 408        char *function_code;
 409
 410        if (CEIL4(xcRB->request_control_blk_length) <
 411                        xcRB->request_control_blk_length)
 412                return -EINVAL; /* overflow after alignment*/
 413
 414        /* length checks */
 415        ap_msg->length = sizeof(struct type6_hdr) +
 416                CEIL4(xcRB->request_control_blk_length) +
 417                xcRB->request_data_length;
 418        if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE)
 419                return -EINVAL;
 420
 421        /*
 422         * Overflow check
 423         * sum must be greater (or equal) than the largest operand
 424         */
 425        req_sumlen = CEIL4(xcRB->request_control_blk_length) +
 426                        xcRB->request_data_length;
 427        if ((CEIL4(xcRB->request_control_blk_length) <=
 428                                                xcRB->request_data_length) ?
 429                (req_sumlen < xcRB->request_data_length) :
 430                (req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
 431                return -EINVAL;
 432        }
 433
 434        if (CEIL4(xcRB->reply_control_blk_length) <
 435                        xcRB->reply_control_blk_length)
 436                return -EINVAL; /* overflow after alignment*/
 437
 438        replylen = sizeof(struct type86_fmt2_msg) +
 439                CEIL4(xcRB->reply_control_blk_length) +
 440                xcRB->reply_data_length;
 441        if (replylen > MSGTYPE06_MAX_MSG_SIZE)
 442                return -EINVAL;
 443
 444        /*
 445         * Overflow check
 446         * sum must be greater (or equal) than the largest operand
 447         */
 448        resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
 449                        xcRB->reply_data_length;
 450        if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
 451                (resp_sumlen < xcRB->reply_data_length) :
 452                (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
 453                return -EINVAL;
 454        }
 455
 456        /* prepare type6 header */
 457        msg->hdr = static_type6_hdrX;
 458        memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
 459        msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
 460        if (xcRB->request_data_length) {
 461                msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
 462                msg->hdr.ToCardLen2 = xcRB->request_data_length;
 463        }
 464        msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
 465        msg->hdr.FromCardLen2 = xcRB->reply_data_length;
 466
 467        /* prepare CPRB */
 468        if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr,
 469                    xcRB->request_control_blk_length))
 470                return -EFAULT;
 471        if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
 472            xcRB->request_control_blk_length)
 473                return -EINVAL;
 474        function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
 475        memcpy(msg->hdr.function_code, function_code,
 476               sizeof(msg->hdr.function_code));
 477
 478        *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
 479        *dom = (unsigned short *)&msg->cprbx.domain;
 480
 481        if (memcmp(function_code, "US", 2) == 0
 482            || memcmp(function_code, "AU", 2) == 0)
 483                ap_msg->special = 1;
 484        else
 485                ap_msg->special = 0;
 486
 487        /* copy data block */
 488        if (xcRB->request_data_length &&
 489            copy_from_user(req_data, xcRB->request_data_address,
 490                xcRB->request_data_length))
 491                return -EFAULT;
 492
 493        return 0;
 494}
 495
 496static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg,
 497                                       struct ep11_urb *xcRB,
 498                                       unsigned int *fcode)
 499{
 500        unsigned int lfmt;
 501        static struct type6_hdr static_type6_ep11_hdr = {
 502                .type           =  0x06,
 503                .rqid           = {0x00, 0x01},
 504                .function_code  = {0x00, 0x00},
 505                .agent_id[0]    =  0x58,        /* {'X'} */
 506                .agent_id[1]    =  0x43,        /* {'C'} */
 507                .offset1        =  0x00000058,
 508        };
 509
 510        struct {
 511                struct type6_hdr hdr;
 512                struct ep11_cprb cprbx;
 513                unsigned char   pld_tag;        /* fixed value 0x30 */
 514                unsigned char   pld_lenfmt;     /* payload length format */
 515        } __packed * msg = ap_msg->message;
 516
 517        struct pld_hdr {
 518                unsigned char   func_tag;       /* fixed value 0x4 */
 519                unsigned char   func_len;       /* fixed value 0x4 */
 520                unsigned int    func_val;       /* function ID     */
 521                unsigned char   dom_tag;        /* fixed value 0x4 */
 522                unsigned char   dom_len;        /* fixed value 0x4 */
 523                unsigned int    dom_val;        /* domain id       */
 524        } __packed * payload_hdr = NULL;
 525
 526        if (CEIL4(xcRB->req_len) < xcRB->req_len)
 527                return -EINVAL; /* overflow after alignment*/
 528
 529        /* length checks */
 530        ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len;
 531        if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
 532                                   (sizeof(struct type6_hdr)))
 533                return -EINVAL;
 534
 535        if (CEIL4(xcRB->resp_len) < xcRB->resp_len)
 536                return -EINVAL; /* overflow after alignment*/
 537
 538        if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
 539                                    (sizeof(struct type86_fmt2_msg)))
 540                return -EINVAL;
 541
 542        /* prepare type6 header */
 543        msg->hdr = static_type6_ep11_hdr;
 544        msg->hdr.ToCardLen1   = xcRB->req_len;
 545        msg->hdr.FromCardLen1 = xcRB->resp_len;
 546
 547        /* Import CPRB data from the ioctl input parameter */
 548        if (copy_from_user(&(msg->cprbx.cprb_len),
 549                           (char __force __user *)xcRB->req, xcRB->req_len)) {
 550                return -EFAULT;
 551        }
 552
 553        if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
 554                switch (msg->pld_lenfmt & 0x03) {
 555                case 1:
 556                        lfmt = 2;
 557                        break;
 558                case 2:
 559                        lfmt = 3;
 560                        break;
 561                default:
 562                        return -EINVAL;
 563                }
 564        } else {
 565                lfmt = 1; /* length format #1 */
 566        }
 567        payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
 568        *fcode = payload_hdr->func_val & 0xFFFF;
 569
 570        /* enable special processing based on the cprbs flags special bit */
 571        if (msg->cprbx.flags & 0x20)
 572                ap_msg->special = 1;
 573
 574        return 0;
 575}
 576
 577/**
 578 * Copy results from a type 86 ICA reply message back to user space.
 579 *
 580 * @zq: crypto device pointer
 581 * @reply: reply AP message.
 582 * @data: pointer to user output data
 583 * @length: size of user output data
 584 *
 585 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 586 */
 587struct type86x_reply {
 588        struct type86_hdr hdr;
 589        struct type86_fmt2_ext fmt2;
 590        struct CPRBX cprbx;
 591        unsigned char pad[4];   /* 4 byte function code/rules block ? */
 592        unsigned short length;
 593        char text[0];
 594} __packed;
 595
 596struct type86_ep11_reply {
 597        struct type86_hdr hdr;
 598        struct type86_fmt2_ext fmt2;
 599        struct ep11_cprb cprbx;
 600} __packed;
 601
 602static int convert_type86_ica(struct zcrypt_queue *zq,
 603                          struct ap_message *reply,
 604                          char __user *outputdata,
 605                          unsigned int outputdatalength)
 606{
 607        static unsigned char static_pad[] = {
 608                0x00, 0x02,
 609                0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
 610                0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
 611                0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
 612                0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
 613                0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
 614                0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
 615                0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
 616                0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
 617                0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
 618                0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
 619                0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
 620                0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
 621                0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
 622                0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
 623                0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
 624                0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
 625                0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
 626                0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
 627                0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
 628                0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
 629                0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
 630                0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
 631                0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
 632                0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
 633                0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
 634                0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
 635                0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
 636                0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
 637                0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
 638                0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
 639                0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
 640                0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
 641        };
 642        struct type86x_reply *msg = reply->message;
 643        unsigned short service_rc, service_rs;
 644        unsigned int reply_len, pad_len;
 645        char *data;
 646
 647        service_rc = msg->cprbx.ccp_rtcode;
 648        if (unlikely(service_rc != 0)) {
 649                service_rs = msg->cprbx.ccp_rscode;
 650                if ((service_rc == 8 && service_rs == 66) ||
 651                    (service_rc == 8 && service_rs == 65) ||
 652                    (service_rc == 8 && service_rs == 72) ||
 653                    (service_rc == 8 && service_rs == 770) ||
 654                    (service_rc == 12 && service_rs == 769)) {
 655                        ZCRYPT_DBF(DBF_DEBUG,
 656                                   "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
 657                                   AP_QID_CARD(zq->queue->qid),
 658                                   AP_QID_QUEUE(zq->queue->qid),
 659                                   (int) service_rc, (int) service_rs);
 660                        return -EINVAL;
 661                }
 662                zq->online = 0;
 663                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 664                       AP_QID_CARD(zq->queue->qid),
 665                       AP_QID_QUEUE(zq->queue->qid));
 666                ZCRYPT_DBF(DBF_ERR,
 667                           "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
 668                           AP_QID_CARD(zq->queue->qid),
 669                           AP_QID_QUEUE(zq->queue->qid),
 670                           (int) service_rc, (int) service_rs);
 671                return -EAGAIN; /* repeat the request on a different device. */
 672        }
 673        data = msg->text;
 674        reply_len = msg->length - 2;
 675        if (reply_len > outputdatalength)
 676                return -EINVAL;
 677        /*
 678         * For all encipher requests, the length of the ciphertext (reply_len)
 679         * will always equal the modulus length. For MEX decipher requests
 680         * the output needs to get padded. Minimum pad size is 10.
 681         *
 682         * Currently, the cases where padding will be added is for:
 683         * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
 684         *   ZERO-PAD and CRT is only supported for PKD requests)
 685         * - PCICC, always
 686         */
 687        pad_len = outputdatalength - reply_len;
 688        if (pad_len > 0) {
 689                if (pad_len < 10)
 690                        return -EINVAL;
 691                /* 'restore' padding left in the CEXXC card. */
 692                if (copy_to_user(outputdata, static_pad, pad_len - 1))
 693                        return -EFAULT;
 694                if (put_user(0, outputdata + pad_len - 1))
 695                        return -EFAULT;
 696        }
 697        /* Copy the crypto response to user space. */
 698        if (copy_to_user(outputdata + pad_len, data, reply_len))
 699                return -EFAULT;
 700        return 0;
 701}
 702
 703/**
 704 * Copy results from a type 86 XCRB reply message back to user space.
 705 *
 706 * @zq: crypto device pointer
 707 * @reply: reply AP message.
 708 * @xcRB: pointer to XCRB
 709 *
 710 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 711 */
 712static int convert_type86_xcrb(struct zcrypt_queue *zq,
 713                               struct ap_message *reply,
 714                               struct ica_xcRB *xcRB)
 715{
 716        struct type86_fmt2_msg *msg = reply->message;
 717        char *data = reply->message;
 718
 719        /* Copy CPRB to user */
 720        if (copy_to_user(xcRB->reply_control_blk_addr,
 721                data + msg->fmt2.offset1, msg->fmt2.count1))
 722                return -EFAULT;
 723        xcRB->reply_control_blk_length = msg->fmt2.count1;
 724
 725        /* Copy data buffer to user */
 726        if (msg->fmt2.count2)
 727                if (copy_to_user(xcRB->reply_data_addr,
 728                        data + msg->fmt2.offset2, msg->fmt2.count2))
 729                        return -EFAULT;
 730        xcRB->reply_data_length = msg->fmt2.count2;
 731        return 0;
 732}
 733
 734/**
 735 * Copy results from a type 86 EP11 XCRB reply message back to user space.
 736 *
 737 * @zq: crypto device pointer
 738 * @reply: reply AP message.
 739 * @xcRB: pointer to EP11 user request block
 740 *
 741 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
 742 */
 743static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq,
 744                                    struct ap_message *reply,
 745                                    struct ep11_urb *xcRB)
 746{
 747        struct type86_fmt2_msg *msg = reply->message;
 748        char *data = reply->message;
 749
 750        if (xcRB->resp_len < msg->fmt2.count1)
 751                return -EINVAL;
 752
 753        /* Copy response CPRB to user */
 754        if (copy_to_user((char __force __user *)xcRB->resp,
 755                         data + msg->fmt2.offset1, msg->fmt2.count1))
 756                return -EFAULT;
 757        xcRB->resp_len = msg->fmt2.count1;
 758        return 0;
 759}
 760
 761static int convert_type86_rng(struct zcrypt_queue *zq,
 762                          struct ap_message *reply,
 763                          char *buffer)
 764{
 765        struct {
 766                struct type86_hdr hdr;
 767                struct type86_fmt2_ext fmt2;
 768                struct CPRBX cprbx;
 769        } __packed * msg = reply->message;
 770        char *data = reply->message;
 771
 772        if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
 773                return -EINVAL;
 774        memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
 775        return msg->fmt2.count2;
 776}
 777
 778static int convert_response_ica(struct zcrypt_queue *zq,
 779                            struct ap_message *reply,
 780                            char __user *outputdata,
 781                            unsigned int outputdatalength)
 782{
 783        struct type86x_reply *msg = reply->message;
 784
 785        switch (msg->hdr.type) {
 786        case TYPE82_RSP_CODE:
 787        case TYPE88_RSP_CODE:
 788                return convert_error(zq, reply);
 789        case TYPE86_RSP_CODE:
 790                if (msg->cprbx.ccp_rtcode &&
 791                   (msg->cprbx.ccp_rscode == 0x14f) &&
 792                   (outputdatalength > 256)) {
 793                        if (zq->zcard->max_exp_bit_length <= 17) {
 794                                zq->zcard->max_exp_bit_length = 17;
 795                                return -EAGAIN;
 796                        } else
 797                                return -EINVAL;
 798                }
 799                if (msg->hdr.reply_code)
 800                        return convert_error(zq, reply);
 801                if (msg->cprbx.cprb_ver_id == 0x02)
 802                        return convert_type86_ica(zq, reply,
 803                                                  outputdata, outputdatalength);
 804                /* fall through - wrong cprb version is an unknown response */
 805        default: /* Unknown response type, this should NEVER EVER happen */
 806                zq->online = 0;
 807                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 808                       AP_QID_CARD(zq->queue->qid),
 809                       AP_QID_QUEUE(zq->queue->qid));
 810                ZCRYPT_DBF(DBF_ERR,
 811                           "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 812                           AP_QID_CARD(zq->queue->qid),
 813                           AP_QID_QUEUE(zq->queue->qid),
 814                           (int) msg->hdr.type);
 815                return -EAGAIN; /* repeat the request on a different device. */
 816        }
 817}
 818
 819static int convert_response_xcrb(struct zcrypt_queue *zq,
 820                            struct ap_message *reply,
 821                            struct ica_xcRB *xcRB)
 822{
 823        struct type86x_reply *msg = reply->message;
 824
 825        switch (msg->hdr.type) {
 826        case TYPE82_RSP_CODE:
 827        case TYPE88_RSP_CODE:
 828                xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
 829                return convert_error(zq, reply);
 830        case TYPE86_RSP_CODE:
 831                if (msg->hdr.reply_code) {
 832                        memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
 833                        return convert_error(zq, reply);
 834                }
 835                if (msg->cprbx.cprb_ver_id == 0x02)
 836                        return convert_type86_xcrb(zq, reply, xcRB);
 837                /* fall through - wrong cprb version is an unknown response */
 838        default: /* Unknown response type, this should NEVER EVER happen */
 839                xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
 840                zq->online = 0;
 841                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 842                       AP_QID_CARD(zq->queue->qid),
 843                       AP_QID_QUEUE(zq->queue->qid));
 844                ZCRYPT_DBF(DBF_ERR,
 845                           "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 846                           AP_QID_CARD(zq->queue->qid),
 847                           AP_QID_QUEUE(zq->queue->qid),
 848                           (int) msg->hdr.type);
 849                return -EAGAIN; /* repeat the request on a different device. */
 850        }
 851}
 852
 853static int convert_response_ep11_xcrb(struct zcrypt_queue *zq,
 854        struct ap_message *reply, struct ep11_urb *xcRB)
 855{
 856        struct type86_ep11_reply *msg = reply->message;
 857
 858        switch (msg->hdr.type) {
 859        case TYPE82_RSP_CODE:
 860        case TYPE87_RSP_CODE:
 861                return convert_error(zq, reply);
 862        case TYPE86_RSP_CODE:
 863                if (msg->hdr.reply_code)
 864                        return convert_error(zq, reply);
 865                if (msg->cprbx.cprb_ver_id == 0x04)
 866                        return convert_type86_ep11_xcrb(zq, reply, xcRB);
 867                /* fall through - wrong cprb version is an unknown resp */
 868        default: /* Unknown response type, this should NEVER EVER happen */
 869                zq->online = 0;
 870                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 871                       AP_QID_CARD(zq->queue->qid),
 872                       AP_QID_QUEUE(zq->queue->qid));
 873                ZCRYPT_DBF(DBF_ERR,
 874                           "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 875                           AP_QID_CARD(zq->queue->qid),
 876                           AP_QID_QUEUE(zq->queue->qid),
 877                           (int) msg->hdr.type);
 878                return -EAGAIN; /* repeat the request on a different device. */
 879        }
 880}
 881
 882static int convert_response_rng(struct zcrypt_queue *zq,
 883                                 struct ap_message *reply,
 884                                 char *data)
 885{
 886        struct type86x_reply *msg = reply->message;
 887
 888        switch (msg->hdr.type) {
 889        case TYPE82_RSP_CODE:
 890        case TYPE88_RSP_CODE:
 891                return -EINVAL;
 892        case TYPE86_RSP_CODE:
 893                if (msg->hdr.reply_code)
 894                        return -EINVAL;
 895                if (msg->cprbx.cprb_ver_id == 0x02)
 896                        return convert_type86_rng(zq, reply, data);
 897                /* fall through - wrong cprb version is an unknown response */
 898        default: /* Unknown response type, this should NEVER EVER happen */
 899                zq->online = 0;
 900                pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
 901                       AP_QID_CARD(zq->queue->qid),
 902                       AP_QID_QUEUE(zq->queue->qid));
 903                ZCRYPT_DBF(DBF_ERR,
 904                           "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
 905                           AP_QID_CARD(zq->queue->qid),
 906                           AP_QID_QUEUE(zq->queue->qid),
 907                           (int) msg->hdr.type);
 908                return -EAGAIN; /* repeat the request on a different device. */
 909        }
 910}
 911
 912/**
 913 * This function is called from the AP bus code after a crypto request
 914 * "msg" has finished with the reply message "reply".
 915 * It is called from tasklet context.
 916 * @aq: pointer to the AP queue
 917 * @msg: pointer to the AP message
 918 * @reply: pointer to the AP reply message
 919 */
 920static void zcrypt_msgtype6_receive(struct ap_queue *aq,
 921                                  struct ap_message *msg,
 922                                  struct ap_message *reply)
 923{
 924        static struct error_hdr error_reply = {
 925                .type = TYPE82_RSP_CODE,
 926                .reply_code = REP82_ERROR_MACHINE_FAILURE,
 927        };
 928        struct response_type *resp_type =
 929                (struct response_type *) msg->private;
 930        struct type86x_reply *t86r;
 931        int length;
 932
 933        /* Copy the reply message to the request message buffer. */
 934        if (!reply)
 935                goto out;       /* ap_msg->rc indicates the error */
 936        t86r = reply->message;
 937        if (t86r->hdr.type == TYPE86_RSP_CODE &&
 938                 t86r->cprbx.cprb_ver_id == 0x02) {
 939                switch (resp_type->type) {
 940                case CEXXC_RESPONSE_TYPE_ICA:
 941                        length = sizeof(struct type86x_reply)
 942                                + t86r->length - 2;
 943                        length = min(CEXXC_MAX_ICA_RESPONSE_SIZE, length);
 944                        memcpy(msg->message, reply->message, length);
 945                        break;
 946                case CEXXC_RESPONSE_TYPE_XCRB:
 947                        length = t86r->fmt2.offset2 + t86r->fmt2.count2;
 948                        length = min(MSGTYPE06_MAX_MSG_SIZE, length);
 949                        memcpy(msg->message, reply->message, length);
 950                        break;
 951                default:
 952                        memcpy(msg->message, &error_reply,
 953                               sizeof(error_reply));
 954                }
 955        } else
 956                memcpy(msg->message, reply->message, sizeof(error_reply));
 957out:
 958        complete(&(resp_type->work));
 959}
 960
 961/**
 962 * This function is called from the AP bus code after a crypto request
 963 * "msg" has finished with the reply message "reply".
 964 * It is called from tasklet context.
 965 * @aq: pointer to the AP queue
 966 * @msg: pointer to the AP message
 967 * @reply: pointer to the AP reply message
 968 */
 969static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
 970                                         struct ap_message *msg,
 971                                         struct ap_message *reply)
 972{
 973        static struct error_hdr error_reply = {
 974                .type = TYPE82_RSP_CODE,
 975                .reply_code = REP82_ERROR_MACHINE_FAILURE,
 976        };
 977        struct response_type *resp_type =
 978                (struct response_type *)msg->private;
 979        struct type86_ep11_reply *t86r;
 980        int length;
 981
 982        /* Copy the reply message to the request message buffer. */
 983        if (!reply)
 984                goto out;       /* ap_msg->rc indicates the error */
 985        t86r = reply->message;
 986        if (t86r->hdr.type == TYPE86_RSP_CODE &&
 987            t86r->cprbx.cprb_ver_id == 0x04) {
 988                switch (resp_type->type) {
 989                case CEXXC_RESPONSE_TYPE_EP11:
 990                        length = t86r->fmt2.offset1 + t86r->fmt2.count1;
 991                        length = min(MSGTYPE06_MAX_MSG_SIZE, length);
 992                        memcpy(msg->message, reply->message, length);
 993                        break;
 994                default:
 995                        memcpy(msg->message, &error_reply, sizeof(error_reply));
 996                }
 997        } else {
 998                memcpy(msg->message, reply->message, sizeof(error_reply));
 999        }
1000out:

1001        complete(&(resp_type->work));
1002}
1003
1004static atomic_t zcrypt_step = ATOMIC_INIT(0);
1005
1006/**
1007 * The request distributor calls this function if it picked the CEXxC
1008 * device to handle a modexpo request.
1009 * @zq: pointer to zcrypt_queue structure that identifies the
1010 *      CEXxC device to the request distributor
1011 * @mex: pointer to the modexpo request buffer
1012 */
1013static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1014                                  struct ica_rsa_modexpo *mex)
1015{
1016        struct ap_message ap_msg;
1017        struct response_type resp_type = {
1018                .type = CEXXC_RESPONSE_TYPE_ICA,
1019        };
1020        int rc;
1021
1022        ap_init_message(&ap_msg);
1023        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1024        if (!ap_msg.message)
1025                return -ENOMEM;
1026        ap_msg.receive = zcrypt_msgtype6_receive;
1027        ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1028                                atomic_inc_return(&zcrypt_step);
1029        ap_msg.private = &resp_type;
1030        rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex);
1031        if (rc)
1032                goto out_free;
1033        init_completion(&resp_type.work);
1034        ap_queue_message(zq->queue, &ap_msg);
1035        rc = wait_for_completion_interruptible(&resp_type.work);
1036        if (rc == 0) {
1037                rc = ap_msg.rc;
1038                if (rc == 0)
1039                        rc = convert_response_ica(zq, &ap_msg,
1040                                                  mex->outputdata,
1041                                                  mex->outputdatalength);
1042        } else
1043                /* Signal pending. */
1044                ap_cancel_message(zq->queue, &ap_msg);
1045out_free:
1046        free_page((unsigned long) ap_msg.message);
1047        return rc;
1048}
1049
1050/**
1051 * The request distributor calls this function if it picked the CEXxC
1052 * device to handle a modexpo_crt request.
1053 * @zq: pointer to zcrypt_queue structure that identifies the
1054 *      CEXxC device to the request distributor
1055 * @crt: pointer to the modexpoc_crt request buffer
1056 */
1057static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1058                                      struct ica_rsa_modexpo_crt *crt)
1059{
1060        struct ap_message ap_msg;
1061        struct response_type resp_type = {
1062                .type = CEXXC_RESPONSE_TYPE_ICA,
1063        };
1064        int rc;
1065
1066        ap_init_message(&ap_msg);
1067        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1068        if (!ap_msg.message)
1069                return -ENOMEM;
1070        ap_msg.receive = zcrypt_msgtype6_receive;
1071        ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1072                                atomic_inc_return(&zcrypt_step);
1073        ap_msg.private = &resp_type;
1074        rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt);
1075        if (rc)
1076                goto out_free;
1077        init_completion(&resp_type.work);
1078        ap_queue_message(zq->queue, &ap_msg);
1079        rc = wait_for_completion_interruptible(&resp_type.work);
1080        if (rc == 0) {
1081                rc = ap_msg.rc;
1082                if (rc == 0)
1083                        rc = convert_response_ica(zq, &ap_msg,
1084                                                  crt->outputdata,
1085                                                  crt->outputdatalength);
1086        } else {
1087                /* Signal pending. */
1088                ap_cancel_message(zq->queue, &ap_msg);
1089        }
1090out_free:
1091        free_page((unsigned long) ap_msg.message);
1092        return rc;
1093}
1094
1095/**
1096 * Fetch function code from cprb.
1097 * Extracting the fc requires to copy the cprb from userspace.
1098 * So this function allocates memory and needs an ap_msg prepared
1099 * by the caller with ap_init_message(). Also the caller has to
1100 * make sure ap_release_message() is always called even on failure.
1101 */
1102unsigned int get_cprb_fc(struct ica_xcRB *xcRB,
1103                                struct ap_message *ap_msg,
1104                                unsigned int *func_code, unsigned short **dom)
1105{
1106        struct response_type resp_type = {
1107                .type = CEXXC_RESPONSE_TYPE_XCRB,
1108        };
1109
1110        ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1111        if (!ap_msg->message)
1112                return -ENOMEM;
1113        ap_msg->receive = zcrypt_msgtype6_receive;
1114        ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1115                                atomic_inc_return(&zcrypt_step);
1116        ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1117        if (!ap_msg->private)
1118                return -ENOMEM;
1119        return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom);
1120}
1121
1122/**
1123 * The request distributor calls this function if it picked the CEXxC
1124 * device to handle a send_cprb request.
1125 * @zq: pointer to zcrypt_queue structure that identifies the
1126 *      CEXxC device to the request distributor
1127 * @xcRB: pointer to the send_cprb request buffer
1128 */
1129static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq,
1130                                    struct ica_xcRB *xcRB,
1131                                    struct ap_message *ap_msg)
1132{
1133        int rc;
1134        struct response_type *rtype = (struct response_type *)(ap_msg->private);
1135
1136        init_completion(&rtype->work);
1137        ap_queue_message(zq->queue, ap_msg);
1138        rc = wait_for_completion_interruptible(&rtype->work);
1139        if (rc == 0) {
1140                rc = ap_msg->rc;
1141                if (rc == 0)
1142                        rc = convert_response_xcrb(zq, ap_msg, xcRB);
1143        } else
1144                /* Signal pending. */
1145                ap_cancel_message(zq->queue, ap_msg);
1146
1147        return rc;
1148}
1149
1150/**
1151 * Fetch function code from ep11 cprb.
1152 * Extracting the fc requires to copy the ep11 cprb from userspace.
1153 * So this function allocates memory and needs an ap_msg prepared
1154 * by the caller with ap_init_message(). Also the caller has to
1155 * make sure ap_release_message() is always called even on failure.
1156 */
1157unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb,
1158                                    struct ap_message *ap_msg,
1159                                    unsigned int *func_code)
1160{
1161        struct response_type resp_type = {
1162                .type = CEXXC_RESPONSE_TYPE_EP11,
1163        };
1164
1165        ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1166        if (!ap_msg->message)
1167                return -ENOMEM;
1168        ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1169        ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1170                                atomic_inc_return(&zcrypt_step);
1171        ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1172        if (!ap_msg->private)
1173                return -ENOMEM;
1174        return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code);
1175}
1176
1177/**
1178 * The request distributor calls this function if it picked the CEX4P
1179 * device to handle a send_ep11_cprb request.
1180 * @zq: pointer to zcrypt_queue structure that identifies the
1181 *        CEX4P device to the request distributor
1182 * @xcRB: pointer to the ep11 user request block
1183 */
1184static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq,
1185                                           struct ep11_urb *xcrb,
1186                                           struct ap_message *ap_msg)
1187{
1188        int rc;
1189        unsigned int lfmt;
1190        struct response_type *rtype = (struct response_type *)(ap_msg->private);
1191        struct {
1192                struct type6_hdr hdr;
1193                struct ep11_cprb cprbx;
1194                unsigned char   pld_tag;        /* fixed value 0x30 */
1195                unsigned char   pld_lenfmt;     /* payload length format */
1196        } __packed * msg = ap_msg->message;
1197        struct pld_hdr {
1198                unsigned char   func_tag;       /* fixed value 0x4 */
1199                unsigned char   func_len;       /* fixed value 0x4 */
1200                unsigned int    func_val;       /* function ID     */
1201                unsigned char   dom_tag;        /* fixed value 0x4 */
1202                unsigned char   dom_len;        /* fixed value 0x4 */
1203                unsigned int    dom_val;        /* domain id       */
1204        } __packed * payload_hdr = NULL;
1205
1206
1207        /**
1208         * The target domain field within the cprb body/payload block will be
1209         * replaced by the usage domain for non-management commands only.
1210         * Therefore we check the first bit of the 'flags' parameter for
1211         * management command indication.
1212         *   0 - non management command
1213         *   1 - management command
1214         */
1215        if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1216                msg->cprbx.target_id = (unsigned int)
1217                                        AP_QID_QUEUE(zq->queue->qid);
1218
1219                if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1220                        switch (msg->pld_lenfmt & 0x03) {
1221                        case 1:
1222                                lfmt = 2;
1223                                break;
1224                        case 2:
1225                                lfmt = 3;
1226                                break;
1227                        default:
1228                                return -EINVAL;
1229                        }
1230                } else {
1231                        lfmt = 1; /* length format #1 */
1232                }
1233                payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
1234                payload_hdr->dom_val = (unsigned int)
1235                                        AP_QID_QUEUE(zq->queue->qid);
1236        }
1237
1238        init_completion(&rtype->work);
1239        ap_queue_message(zq->queue, ap_msg);
1240        rc = wait_for_completion_interruptible(&rtype->work);
1241        if (rc == 0) {
1242                rc = ap_msg->rc;
1243                if (rc == 0)
1244                        rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb);
1245        } else
1246                /* Signal pending. */
1247                ap_cancel_message(zq->queue, ap_msg);
1248
1249        return rc;
1250}
1251
1252unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code,
1253                                                   unsigned int *domain)
1254{
1255        struct response_type resp_type = {
1256                .type = CEXXC_RESPONSE_TYPE_XCRB,
1257        };
1258
1259        ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1260        if (!ap_msg->message)
1261                return -ENOMEM;
1262        ap_msg->receive = zcrypt_msgtype6_receive;
1263        ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1264                                atomic_inc_return(&zcrypt_step);
1265        ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1266        if (!ap_msg->private)
1267                return -ENOMEM;
1268
1269        rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1270
1271        *func_code = HWRNG;
1272        return 0;
1273}
1274
1275/**
1276 * The request distributor calls this function if it picked the CEXxC
1277 * device to generate random data.
1278 * @zq: pointer to zcrypt_queue structure that identifies the
1279 *      CEXxC device to the request distributor
1280 * @buffer: pointer to a memory page to return random data
1281 */
1282static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1283                                char *buffer, struct ap_message *ap_msg)
1284{
1285        struct {
1286                struct type6_hdr hdr;
1287                struct CPRBX cprbx;
1288                char function_code[2];
1289                short int rule_length;
1290                char rule[8];
1291                short int verb_length;
1292                short int key_length;
1293        } __packed * msg = ap_msg->message;
1294        struct response_type *rtype = (struct response_type *)(ap_msg->private);
1295        int rc;
1296
1297        msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1298
1299        init_completion(&rtype->work);
1300        ap_queue_message(zq->queue, ap_msg);
1301        rc = wait_for_completion_interruptible(&rtype->work);
1302        if (rc == 0) {
1303                rc = ap_msg->rc;
1304                if (rc == 0)
1305                        rc = convert_response_rng(zq, ap_msg, buffer);
1306        } else
1307                /* Signal pending. */
1308                ap_cancel_message(zq->queue, ap_msg);
1309
1310        return rc;
1311}
1312
1313/**
1314 * The crypto operations for a CEXxC card.
1315 */
1316static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1317        .owner = THIS_MODULE,
1318        .name = MSGTYPE06_NAME,
1319        .variant = MSGTYPE06_VARIANT_NORNG,
1320        .rsa_modexpo = zcrypt_msgtype6_modexpo,
1321        .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1322        .send_cprb = zcrypt_msgtype6_send_cprb,
1323};
1324
1325static struct zcrypt_ops zcrypt_msgtype6_ops = {
1326        .owner = THIS_MODULE,
1327        .name = MSGTYPE06_NAME,
1328        .variant = MSGTYPE06_VARIANT_DEFAULT,
1329        .rsa_modexpo = zcrypt_msgtype6_modexpo,
1330        .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1331        .send_cprb = zcrypt_msgtype6_send_cprb,
1332        .rng = zcrypt_msgtype6_rng,
1333};
1334
1335static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1336        .owner = THIS_MODULE,
1337        .name = MSGTYPE06_NAME,
1338        .variant = MSGTYPE06_VARIANT_EP11,
1339        .rsa_modexpo = NULL,
1340        .rsa_modexpo_crt = NULL,
1341        .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1342};
1343
1344void __init zcrypt_msgtype6_init(void)
1345{
1346        zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1347        zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1348        zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1349}
1350
1351void __exit zcrypt_msgtype6_exit(void)
1352{
1353        zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1354        zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1355        zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
1356}
1357