1
2
3
4
5
6
7
8
9
10
11
12
13#define KMSG_COMPONENT "zcrypt"
14#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
15
16#include <linux/module.h>
17#include <linux/init.h>
18#include <linux/err.h>
19#include <linux/delay.h>
20#include <linux/slab.h>
21#include <linux/atomic.h>
22#include <linux/uaccess.h>
23
24#include "ap_bus.h"
25#include "zcrypt_api.h"
26#include "zcrypt_error.h"
27#include "zcrypt_msgtype6.h"
28#include "zcrypt_cca_key.h"
29
30#define CEXXC_MAX_ICA_RESPONSE_SIZE 0x77c
31
32#define CEIL4(x) ((((x)+3)/4)*4)
33
34struct response_type {
35 struct completion work;
36 int type;
37};
38#define CEXXC_RESPONSE_TYPE_ICA 0
39#define CEXXC_RESPONSE_TYPE_XCRB 1
40#define CEXXC_RESPONSE_TYPE_EP11 2
41
42MODULE_AUTHOR("IBM Corporation");
43MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
44 "Copyright IBM Corp. 2001, 2012");
45MODULE_LICENSE("GPL");
46
47
48
49
50
51
52
53
54
55
56
57
58
59struct CPRB {
60 unsigned short cprb_len;
61 unsigned char cprb_ver_id;
62 unsigned char pad_000;
63 unsigned char srpi_rtcode[4];
64 unsigned char srpi_verb;
65 unsigned char flags;
66 unsigned char func_id[2];
67 unsigned char checkpoint_flag;
68 unsigned char resv2;
69 unsigned short req_parml;
70
71 unsigned char req_parmp[4];
72
73
74
75 unsigned char req_datal[4];
76
77 unsigned char req_datap[4];
78
79 unsigned short rpl_parml;
80
81 unsigned char pad_001[2];
82 unsigned char rpl_parmp[4];
83
84
85
86 unsigned char rpl_datal[4];
87 unsigned char rpl_datap[4];
88
89 unsigned short ccp_rscode;
90 unsigned short ccp_rtcode;
91 unsigned char repd_parml[2];
92 unsigned char mac_data_len[2];
93 unsigned char repd_datal[4];
94 unsigned char req_pc[2];
95 unsigned char res_origin[8];
96 unsigned char mac_value[8];
97 unsigned char logon_id[8];
98 unsigned char usage_domain[2];
99 unsigned char resv3[18];
100 unsigned short svr_namel;
101 unsigned char svr_name[8];
102} __packed;
103
104struct function_and_rules_block {
105 unsigned char function_code[2];
106 unsigned short ulen;
107 unsigned char only_rule[8];
108} __packed;
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127static const struct CPRBX static_cprbx = {
128 .cprb_len = 0x00DC,
129 .cprb_ver_id = 0x02,
130 .func_id = {0x54, 0x32},
131};
132
133int speed_idx_cca(int req_type)
134{
135 switch (req_type) {
136 case 0x4142:
137 case 0x4149:
138 case 0x414D:
139 case 0x4341:
140 case 0x4344:
141 case 0x4354:
142 case 0x4358:
143 case 0x444B:
144 case 0x4558:
145 case 0x4643:
146 case 0x4651:
147 case 0x4C47:
148 case 0x4C4B:
149 case 0x4C51:
150 case 0x4F48:
151 case 0x504F:
152 case 0x5053:
153 case 0x5058:
154 case 0x5343:
155 case 0x5344:
156 case 0x5345:
157 case 0x5350:
158 return LOW;
159 case 0x414B:
160 case 0x4345:
161 case 0x4349:
162 case 0x434D:
163 case 0x4847:
164 case 0x4849:
165 case 0x484D:
166 case 0x4850:
167 case 0x4851:
168 case 0x4954:
169 case 0x4958:
170 case 0x4B43:
171 case 0x4B44:
172 case 0x4B45:
173 case 0x4B47:
174 case 0x4B48:
175 case 0x4B49:
176 case 0x4B4E:
177 case 0x4B50:
178 case 0x4B52:
179 case 0x4B54:
180 case 0x4B58:
181 case 0x4D50:
182 case 0x4D53:
183 case 0x4D56:
184 case 0x4D58:
185 case 0x5044:
186 case 0x5045:
187 case 0x5046:
188 case 0x5047:
189 case 0x5049:
190 case 0x504B:
191 case 0x504D:
192 case 0x5254:
193 case 0x5347:
194 case 0x5349:
195 case 0x534B:
196 case 0x534D:
197 case 0x5356:
198 case 0x5358:
199 case 0x5443:
200 case 0x544B:
201 case 0x5647:
202 return HIGH;
203 default:
204 return MEDIUM;
205 }
206}
207
208int speed_idx_ep11(int req_type)
209{
210 switch (req_type) {
211 case 1:
212 case 2:
213 case 36:
214 case 37:
215 case 38:
216 case 39:
217 case 40:
218 return LOW;
219 case 17:
220 case 18:
221 case 19:
222 case 20:
223 case 21:
224 case 22:
225 case 26:
226 case 30:
227 case 31:
228 case 32:
229 case 33:
230 case 34:
231 case 35:
232 return HIGH;
233 default:
234 return MEDIUM;
235 }
236}
237
238
239
240
241
242
243
244
245
246
247
248static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq,
249 struct ap_message *ap_msg,
250 struct ica_rsa_modexpo *mex)
251{
252 static struct type6_hdr static_type6_hdrX = {
253 .type = 0x06,
254 .offset1 = 0x00000058,
255 .agent_id = {'C', 'A',},
256 .function_code = {'P', 'K'},
257 };
258 static struct function_and_rules_block static_pke_fnr = {
259 .function_code = {'P', 'K'},
260 .ulen = 10,
261 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
262 };
263 struct {
264 struct type6_hdr hdr;
265 struct CPRBX cprbx;
266 struct function_and_rules_block fr;
267 unsigned short length;
268 char text[0];
269 } __packed * msg = ap_msg->msg;
270 int size;
271
272
273
274
275
276
277 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
278 return -EINVAL;
279
280
281 msg->length = mex->inputdatalength + 2;
282 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
283 return -EFAULT;
284
285
286 size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength);
287 if (size < 0)
288 return size;
289 size += sizeof(*msg) + mex->inputdatalength;
290
291
292 msg->hdr = static_type6_hdrX;
293 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
294 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
295
296 msg->cprbx = static_cprbx;
297 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
298 msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
299
300 msg->fr = static_pke_fnr;
301
302 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
303
304 ap_msg->len = size;
305 return 0;
306}
307
308
309
310
311
312
313
314
315
316
317static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq,
318 struct ap_message *ap_msg,
319 struct ica_rsa_modexpo_crt *crt)
320{
321 static struct type6_hdr static_type6_hdrX = {
322 .type = 0x06,
323 .offset1 = 0x00000058,
324 .agent_id = {'C', 'A',},
325 .function_code = {'P', 'D'},
326 };
327 static struct function_and_rules_block static_pkd_fnr = {
328 .function_code = {'P', 'D'},
329 .ulen = 10,
330 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
331 };
332
333 struct {
334 struct type6_hdr hdr;
335 struct CPRBX cprbx;
336 struct function_and_rules_block fr;
337 unsigned short length;
338 char text[0];
339 } __packed * msg = ap_msg->msg;
340 int size;
341
342
343
344
345
346
347 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
348 return -EINVAL;
349
350
351 msg->length = crt->inputdatalength + 2;
352 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
353 return -EFAULT;
354
355
356 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
357 if (size < 0)
358 return size;
359 size += sizeof(*msg) + crt->inputdatalength;
360
361
362 msg->hdr = static_type6_hdrX;
363 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
364 msg->hdr.FromCardLen1 = CEXXC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
365
366 msg->cprbx = static_cprbx;
367 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
368 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
369 size - sizeof(msg->hdr) - sizeof(msg->cprbx);
370
371 msg->fr = static_pkd_fnr;
372
373 ap_msg->len = size;
374 return 0;
375}
376
377
378
379
380
381
382
383
384
385
386struct type86_fmt2_msg {
387 struct type86_hdr hdr;
388 struct type86_fmt2_ext fmt2;
389} __packed;
390
391static int XCRB_msg_to_type6CPRB_msgX(bool userspace, struct ap_message *ap_msg,
392 struct ica_xcRB *xcRB,
393 unsigned int *fcode,
394 unsigned short **dom)
395{
396 static struct type6_hdr static_type6_hdrX = {
397 .type = 0x06,
398 .offset1 = 0x00000058,
399 };
400 struct {
401 struct type6_hdr hdr;
402 struct CPRBX cprbx;
403 } __packed * msg = ap_msg->msg;
404
405 int rcblen = CEIL4(xcRB->request_control_blk_length);
406 int replylen, req_sumlen, resp_sumlen;
407 char *req_data = ap_msg->msg + sizeof(struct type6_hdr) + rcblen;
408 char *function_code;
409
410 if (CEIL4(xcRB->request_control_blk_length) <
411 xcRB->request_control_blk_length)
412 return -EINVAL;
413
414
415 ap_msg->len = sizeof(struct type6_hdr) +
416 CEIL4(xcRB->request_control_blk_length) +
417 xcRB->request_data_length;
418 if (ap_msg->len > MSGTYPE06_MAX_MSG_SIZE)
419 return -EINVAL;
420
421
422
423
424
425 req_sumlen = CEIL4(xcRB->request_control_blk_length) +
426 xcRB->request_data_length;
427 if ((CEIL4(xcRB->request_control_blk_length) <=
428 xcRB->request_data_length) ?
429 (req_sumlen < xcRB->request_data_length) :
430 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
431 return -EINVAL;
432 }
433
434 if (CEIL4(xcRB->reply_control_blk_length) <
435 xcRB->reply_control_blk_length)
436 return -EINVAL;
437
438 replylen = sizeof(struct type86_fmt2_msg) +
439 CEIL4(xcRB->reply_control_blk_length) +
440 xcRB->reply_data_length;
441 if (replylen > MSGTYPE06_MAX_MSG_SIZE)
442 return -EINVAL;
443
444
445
446
447
448 resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
449 xcRB->reply_data_length;
450 if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
451 (resp_sumlen < xcRB->reply_data_length) :
452 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
453 return -EINVAL;
454 }
455
456
457 msg->hdr = static_type6_hdrX;
458 memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
459 msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
460 if (xcRB->request_data_length) {
461 msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
462 msg->hdr.ToCardLen2 = xcRB->request_data_length;
463 }
464 msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
465 msg->hdr.FromCardLen2 = xcRB->reply_data_length;
466
467
468 if (z_copy_from_user(userspace, &(msg->cprbx), xcRB->request_control_blk_addr,
469 xcRB->request_control_blk_length))
470 return -EFAULT;
471 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
472 xcRB->request_control_blk_length)
473 return -EINVAL;
474 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
475 memcpy(msg->hdr.function_code, function_code,
476 sizeof(msg->hdr.function_code));
477
478 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
479 *dom = (unsigned short *)&msg->cprbx.domain;
480
481 if (memcmp(function_code, "US", 2) == 0
482 || memcmp(function_code, "AU", 2) == 0)
483 ap_msg->flags |= AP_MSG_FLAG_SPECIAL;
484
485#ifdef CONFIG_ZCRYPT_DEBUG
486 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL)
487 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL;
488#endif
489
490
491 if (xcRB->request_data_length &&
492 z_copy_from_user(userspace, req_data, xcRB->request_data_address,
493 xcRB->request_data_length))
494 return -EFAULT;
495
496 return 0;
497}
498
499static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap_msg,
500 struct ep11_urb *xcRB,
501 unsigned int *fcode)
502{
503 unsigned int lfmt;
504 static struct type6_hdr static_type6_ep11_hdr = {
505 .type = 0x06,
506 .rqid = {0x00, 0x01},
507 .function_code = {0x00, 0x00},
508 .agent_id[0] = 0x58,
509 .agent_id[1] = 0x43,
510 .offset1 = 0x00000058,
511 };
512
513 struct {
514 struct type6_hdr hdr;
515 struct ep11_cprb cprbx;
516 unsigned char pld_tag;
517 unsigned char pld_lenfmt;
518 } __packed * msg = ap_msg->msg;
519
520 struct pld_hdr {
521 unsigned char func_tag;
522 unsigned char func_len;
523 unsigned int func_val;
524 unsigned char dom_tag;
525 unsigned char dom_len;
526 unsigned int dom_val;
527 } __packed * payload_hdr = NULL;
528
529 if (CEIL4(xcRB->req_len) < xcRB->req_len)
530 return -EINVAL;
531
532
533 ap_msg->len = sizeof(struct type6_hdr) + xcRB->req_len;
534 if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
535 (sizeof(struct type6_hdr)))
536 return -EINVAL;
537
538 if (CEIL4(xcRB->resp_len) < xcRB->resp_len)
539 return -EINVAL;
540
541 if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
542 (sizeof(struct type86_fmt2_msg)))
543 return -EINVAL;
544
545
546 msg->hdr = static_type6_ep11_hdr;
547 msg->hdr.ToCardLen1 = xcRB->req_len;
548 msg->hdr.FromCardLen1 = xcRB->resp_len;
549
550
551 if (z_copy_from_user(userspace, &(msg->cprbx.cprb_len),
552 (char __force __user *)xcRB->req, xcRB->req_len)) {
553 return -EFAULT;
554 }
555
556 if ((msg->pld_lenfmt & 0x80) == 0x80) {
557 switch (msg->pld_lenfmt & 0x03) {
558 case 1:
559 lfmt = 2;
560 break;
561 case 2:
562 lfmt = 3;
563 break;
564 default:
565 return -EINVAL;
566 }
567 } else {
568 lfmt = 1;
569 }
570 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
571 *fcode = payload_hdr->func_val & 0xFFFF;
572
573
574 if (msg->cprbx.flags & 0x20)
575 ap_msg->flags |= AP_MSG_FLAG_SPECIAL;
576
577#ifdef CONFIG_ZCRYPT_DEBUG
578 if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL)
579 ap_msg->flags ^= AP_MSG_FLAG_SPECIAL;
580#endif
581
582 return 0;
583}
584
585
586
587
588
589
590
591
592
593
594
595struct type86x_reply {
596 struct type86_hdr hdr;
597 struct type86_fmt2_ext fmt2;
598 struct CPRBX cprbx;
599 unsigned char pad[4];
600 unsigned short length;
601 char text[];
602} __packed;
603
604struct type86_ep11_reply {
605 struct type86_hdr hdr;
606 struct type86_fmt2_ext fmt2;
607 struct ep11_cprb cprbx;
608} __packed;
609
610static int convert_type86_ica(struct zcrypt_queue *zq,
611 struct ap_message *reply,
612 char __user *outputdata,
613 unsigned int outputdatalength)
614{
615 static unsigned char static_pad[] = {
616 0x00, 0x02,
617 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
618 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
619 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
620 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
621 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
622 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
623 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
624 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
625 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
626 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
627 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
628 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
629 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
630 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
631 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
632 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
633 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
634 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
635 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
636 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
637 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
638 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
639 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
640 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
641 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
642 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
643 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
644 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
645 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
646 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
647 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
648 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
649 };
650 struct type86x_reply *msg = reply->msg;
651 unsigned short service_rc, service_rs;
652 unsigned int reply_len, pad_len;
653 char *data;
654
655 service_rc = msg->cprbx.ccp_rtcode;
656 if (unlikely(service_rc != 0)) {
657 service_rs = msg->cprbx.ccp_rscode;
658 if ((service_rc == 8 && service_rs == 66) ||
659 (service_rc == 8 && service_rs == 65) ||
660 (service_rc == 8 && service_rs == 72) ||
661 (service_rc == 8 && service_rs == 770) ||
662 (service_rc == 12 && service_rs == 769)) {
663 ZCRYPT_DBF_WARN("dev=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
664 AP_QID_CARD(zq->queue->qid),
665 AP_QID_QUEUE(zq->queue->qid),
666 (int) service_rc, (int) service_rs);
667 return -EINVAL;
668 }
669 zq->online = 0;
670 pr_err("Crypto dev=%02x.%04x rc/rs=%d/%d online=0 rc=EAGAIN\n",
671 AP_QID_CARD(zq->queue->qid),
672 AP_QID_QUEUE(zq->queue->qid),
673 (int) service_rc, (int) service_rs);
674 ZCRYPT_DBF_ERR("dev=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
675 AP_QID_CARD(zq->queue->qid),
676 AP_QID_QUEUE(zq->queue->qid),
677 (int) service_rc, (int) service_rs);
678 return -EAGAIN;
679 }
680 data = msg->text;
681 reply_len = msg->length - 2;
682 if (reply_len > outputdatalength)
683 return -EINVAL;
684
685
686
687
688
689
690
691
692
693
694 pad_len = outputdatalength - reply_len;
695 if (pad_len > 0) {
696 if (pad_len < 10)
697 return -EINVAL;
698
699 if (copy_to_user(outputdata, static_pad, pad_len - 1))
700 return -EFAULT;
701 if (put_user(0, outputdata + pad_len - 1))
702 return -EFAULT;
703 }
704
705 if (copy_to_user(outputdata + pad_len, data, reply_len))
706 return -EFAULT;
707 return 0;
708}
709
710
711
712
713
714
715
716
717
718
719static int convert_type86_xcrb(bool userspace, struct zcrypt_queue *zq,
720 struct ap_message *reply,
721 struct ica_xcRB *xcRB)
722{
723 struct type86_fmt2_msg *msg = reply->msg;
724 char *data = reply->msg;
725
726
727 if (z_copy_to_user(userspace, xcRB->reply_control_blk_addr,
728 data + msg->fmt2.offset1, msg->fmt2.count1))
729 return -EFAULT;
730 xcRB->reply_control_blk_length = msg->fmt2.count1;
731
732
733 if (msg->fmt2.count2)
734 if (z_copy_to_user(userspace, xcRB->reply_data_addr,
735 data + msg->fmt2.offset2, msg->fmt2.count2))
736 return -EFAULT;
737 xcRB->reply_data_length = msg->fmt2.count2;
738 return 0;
739}
740
741
742
743
744
745
746
747
748
749
750static int convert_type86_ep11_xcrb(bool userspace, struct zcrypt_queue *zq,
751 struct ap_message *reply,
752 struct ep11_urb *xcRB)
753{
754 struct type86_fmt2_msg *msg = reply->msg;
755 char *data = reply->msg;
756
757 if (xcRB->resp_len < msg->fmt2.count1)
758 return -EINVAL;
759
760
761 if (z_copy_to_user(userspace, (char __force __user *)xcRB->resp,
762 data + msg->fmt2.offset1, msg->fmt2.count1))
763 return -EFAULT;
764 xcRB->resp_len = msg->fmt2.count1;
765 return 0;
766}
767
768static int convert_type86_rng(struct zcrypt_queue *zq,
769 struct ap_message *reply,
770 char *buffer)
771{
772 struct {
773 struct type86_hdr hdr;
774 struct type86_fmt2_ext fmt2;
775 struct CPRBX cprbx;
776 } __packed * msg = reply->msg;
777 char *data = reply->msg;
778
779 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
780 return -EINVAL;
781 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
782 return msg->fmt2.count2;
783}
784
785static int convert_response_ica(struct zcrypt_queue *zq,
786 struct ap_message *reply,
787 char __user *outputdata,
788 unsigned int outputdatalength)
789{
790 struct type86x_reply *msg = reply->msg;
791
792 switch (msg->hdr.type) {
793 case TYPE82_RSP_CODE:
794 case TYPE88_RSP_CODE:
795 return convert_error(zq, reply);
796 case TYPE86_RSP_CODE:
797 if (msg->cprbx.ccp_rtcode &&
798 (msg->cprbx.ccp_rscode == 0x14f) &&
799 (outputdatalength > 256)) {
800 if (zq->zcard->max_exp_bit_length <= 17) {
801 zq->zcard->max_exp_bit_length = 17;
802 return -EAGAIN;
803 } else
804 return -EINVAL;
805 }
806 if (msg->hdr.reply_code)
807 return convert_error(zq, reply);
808 if (msg->cprbx.cprb_ver_id == 0x02)
809 return convert_type86_ica(zq, reply,
810 outputdata, outputdatalength);
811 fallthrough;
812 default:
813
814 zq->online = 0;
815 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
816 AP_QID_CARD(zq->queue->qid),
817 AP_QID_QUEUE(zq->queue->qid),
818 (int) msg->hdr.type);
819 ZCRYPT_DBF_ERR("dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
820 AP_QID_CARD(zq->queue->qid),
821 AP_QID_QUEUE(zq->queue->qid),
822 (int) msg->hdr.type);
823 return -EAGAIN;
824 }
825}
826
827static int convert_response_xcrb(bool userspace, struct zcrypt_queue *zq,
828 struct ap_message *reply,
829 struct ica_xcRB *xcRB)
830{
831 struct type86x_reply *msg = reply->msg;
832
833 switch (msg->hdr.type) {
834 case TYPE82_RSP_CODE:
835 case TYPE88_RSP_CODE:
836 xcRB->status = 0x0008044DL;
837 return convert_error(zq, reply);
838 case TYPE86_RSP_CODE:
839 if (msg->hdr.reply_code) {
840 memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
841 return convert_error(zq, reply);
842 }
843 if (msg->cprbx.cprb_ver_id == 0x02)
844 return convert_type86_xcrb(userspace, zq, reply, xcRB);
845 fallthrough;
846 default:
847 xcRB->status = 0x0008044DL;
848 zq->online = 0;
849 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
850 AP_QID_CARD(zq->queue->qid),
851 AP_QID_QUEUE(zq->queue->qid),
852 (int) msg->hdr.type);
853 ZCRYPT_DBF_ERR("dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
854 AP_QID_CARD(zq->queue->qid),
855 AP_QID_QUEUE(zq->queue->qid),
856 (int) msg->hdr.type);
857 return -EAGAIN;
858 }
859}
860
861static int convert_response_ep11_xcrb(bool userspace, struct zcrypt_queue *zq,
862 struct ap_message *reply, struct ep11_urb *xcRB)
863{
864 struct type86_ep11_reply *msg = reply->msg;
865
866 switch (msg->hdr.type) {
867 case TYPE82_RSP_CODE:
868 case TYPE87_RSP_CODE:
869 return convert_error(zq, reply);
870 case TYPE86_RSP_CODE:
871 if (msg->hdr.reply_code)
872 return convert_error(zq, reply);
873 if (msg->cprbx.cprb_ver_id == 0x04)
874 return convert_type86_ep11_xcrb(userspace, zq, reply, xcRB);
875 fallthrough;
876 default:
877 zq->online = 0;
878 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
879 AP_QID_CARD(zq->queue->qid),
880 AP_QID_QUEUE(zq->queue->qid),
881 (int) msg->hdr.type);
882 ZCRYPT_DBF_ERR("dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
883 AP_QID_CARD(zq->queue->qid),
884 AP_QID_QUEUE(zq->queue->qid),
885 (int) msg->hdr.type);
886 return -EAGAIN;
887 }
888}
889
890static int convert_response_rng(struct zcrypt_queue *zq,
891 struct ap_message *reply,
892 char *data)
893{
894 struct type86x_reply *msg = reply->msg;
895
896 switch (msg->hdr.type) {
897 case TYPE82_RSP_CODE:
898 case TYPE88_RSP_CODE:
899 return -EINVAL;
900 case TYPE86_RSP_CODE:
901 if (msg->hdr.reply_code)
902 return -EINVAL;
903 if (msg->cprbx.cprb_ver_id == 0x02)
904 return convert_type86_rng(zq, reply, data);
905 fallthrough;
906 default:
907 zq->online = 0;
908 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
909 AP_QID_CARD(zq->queue->qid),
910 AP_QID_QUEUE(zq->queue->qid),
911 (int) msg->hdr.type);
912 ZCRYPT_DBF_ERR("dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
913 AP_QID_CARD(zq->queue->qid),
914 AP_QID_QUEUE(zq->queue->qid),
915 (int) msg->hdr.type);
916 return -EAGAIN;
917 }
918}
919
920
921
922
923
924
925
926
927
928static void zcrypt_msgtype6_receive(struct ap_queue *aq,
929 struct ap_message *msg,
930 struct ap_message *reply)
931{
932 static struct error_hdr error_reply = {
933 .type = TYPE82_RSP_CODE,
934 .reply_code = REP82_ERROR_MACHINE_FAILURE,
935 };
936 struct response_type *resp_type =
937 (struct response_type *) msg->private;
938 struct type86x_reply *t86r;
939 int len;
940
941
942 if (!reply)
943 goto out;
944 t86r = reply->msg;
945 if (t86r->hdr.type == TYPE86_RSP_CODE &&
946 t86r->cprbx.cprb_ver_id == 0x02) {
947 switch (resp_type->type) {
948 case CEXXC_RESPONSE_TYPE_ICA:
949 len = sizeof(struct type86x_reply) + t86r->length - 2;
950 len = min_t(int, CEXXC_MAX_ICA_RESPONSE_SIZE, len);
951 memcpy(msg->msg, reply->msg, len);
952 break;
953 case CEXXC_RESPONSE_TYPE_XCRB:
954 len = t86r->fmt2.offset2 + t86r->fmt2.count2;
955 len = min_t(int, MSGTYPE06_MAX_MSG_SIZE, len);
956 memcpy(msg->msg, reply->msg, len);
957 break;
958 default:
959 memcpy(msg->msg, &error_reply, sizeof(error_reply));
960 }
961 } else
962 memcpy(msg->msg, reply->msg, sizeof(error_reply));
963out:
964 complete(&(resp_type->work));
965}
966
967
968
969
970
971
972
973
974
975static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
976 struct ap_message *msg,
977 struct ap_message *reply)
978{
979 static struct error_hdr error_reply = {
980 .type = TYPE82_RSP_CODE,
981 .reply_code = REP82_ERROR_MACHINE_FAILURE,
982 };
983 struct response_type *resp_type =
984 (struct response_type *)msg->private;
985 struct type86_ep11_reply *t86r;
986 int len;
987
988
989 if (!reply)
990 goto out;
991 t86r = reply->msg;
992 if (t86r->hdr.type == TYPE86_RSP_CODE &&
993 t86r->cprbx.cprb_ver_id == 0x04) {
994 switch (resp_type->type) {
995 case CEXXC_RESPONSE_TYPE_EP11:
996 len = t86r->fmt2.offset1 + t86r->fmt2.count1;
997 len = min_t(int, MSGTYPE06_MAX_MSG_SIZE, len);
998 memcpy(msg->msg, reply->msg, len);
999 break;
1000 default:
1001 memcpy(msg->msg, &error_reply, sizeof(error_reply));
1002 }
1003 } else {
1004 memcpy(msg->msg, reply->msg, sizeof(error_reply));
1005 }
1006out:
1007 complete(&(resp_type->work));
1008}
1009
1010static atomic_t zcrypt_step = ATOMIC_INIT(0);
1011
1012
1013
1014
1015
1016
1017
1018
1019static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1020 struct ica_rsa_modexpo *mex,
1021 struct ap_message *ap_msg)
1022{
1023 struct response_type resp_type = {
1024 .type = CEXXC_RESPONSE_TYPE_ICA,
1025 };
1026 int rc;
1027
1028 ap_msg->msg = (void *) get_zeroed_page(GFP_KERNEL);
1029 if (!ap_msg->msg)
1030 return -ENOMEM;
1031 ap_msg->receive = zcrypt_msgtype6_receive;
1032 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1033 atomic_inc_return(&zcrypt_step);
1034 ap_msg->private = &resp_type;
1035 rc = ICAMEX_msg_to_type6MEX_msgX(zq, ap_msg, mex);
1036 if (rc)
1037 goto out_free;
1038 init_completion(&resp_type.work);
1039 rc = ap_queue_message(zq->queue, ap_msg);
1040 if (rc)
1041 goto out_free;
1042 rc = wait_for_completion_interruptible(&resp_type.work);
1043 if (rc == 0) {
1044 rc = ap_msg->rc;
1045 if (rc == 0)
1046 rc = convert_response_ica(zq, ap_msg,
1047 mex->outputdata,
1048 mex->outputdatalength);
1049 } else
1050
1051 ap_cancel_message(zq->queue, ap_msg);
1052out_free:
1053 free_page((unsigned long) ap_msg->msg);
1054 ap_msg->private = NULL;
1055 ap_msg->msg = NULL;
1056 return rc;
1057}
1058
1059
1060
1061
1062
1063
1064
1065
1066static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1067 struct ica_rsa_modexpo_crt *crt,
1068 struct ap_message *ap_msg)
1069{
1070 struct response_type resp_type = {
1071 .type = CEXXC_RESPONSE_TYPE_ICA,
1072 };
1073 int rc;
1074
1075 ap_msg->msg = (void *) get_zeroed_page(GFP_KERNEL);
1076 if (!ap_msg->msg)
1077 return -ENOMEM;
1078 ap_msg->receive = zcrypt_msgtype6_receive;
1079 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1080 atomic_inc_return(&zcrypt_step);
1081 ap_msg->private = &resp_type;
1082 rc = ICACRT_msg_to_type6CRT_msgX(zq, ap_msg, crt);
1083 if (rc)
1084 goto out_free;
1085 init_completion(&resp_type.work);
1086 rc = ap_queue_message(zq->queue, ap_msg);
1087 if (rc)
1088 goto out_free;
1089 rc = wait_for_completion_interruptible(&resp_type.work);
1090 if (rc == 0) {
1091 rc = ap_msg->rc;
1092 if (rc == 0)
1093 rc = convert_response_ica(zq, ap_msg,
1094 crt->outputdata,
1095 crt->outputdatalength);
1096 } else {
1097
1098 ap_cancel_message(zq->queue, ap_msg);
1099 }
1100out_free:
1101 free_page((unsigned long) ap_msg->msg);
1102 ap_msg->private = NULL;
1103 ap_msg->msg = NULL;
1104 return rc;
1105}
1106
1107
1108
1109
1110
1111
1112
1113
1114unsigned int get_cprb_fc(bool userspace, struct ica_xcRB *xcRB,
1115 struct ap_message *ap_msg,
1116 unsigned int *func_code, unsigned short **dom)
1117{
1118 struct response_type resp_type = {
1119 .type = CEXXC_RESPONSE_TYPE_XCRB,
1120 };
1121
1122 ap_msg->msg = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1123 if (!ap_msg->msg)
1124 return -ENOMEM;
1125 ap_msg->receive = zcrypt_msgtype6_receive;
1126 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1127 atomic_inc_return(&zcrypt_step);
1128 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1129 if (!ap_msg->private)
1130 return -ENOMEM;
1131 return XCRB_msg_to_type6CPRB_msgX(userspace, ap_msg, xcRB, func_code, dom);
1132}
1133
1134
1135
1136
1137
1138
1139
1140
1141static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq,
1142 struct ica_xcRB *xcRB,
1143 struct ap_message *ap_msg)
1144{
1145 int rc;
1146 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1147
1148 init_completion(&rtype->work);
1149 rc = ap_queue_message(zq->queue, ap_msg);
1150 if (rc)
1151 goto out;
1152 rc = wait_for_completion_interruptible(&rtype->work);
1153 if (rc == 0) {
1154 rc = ap_msg->rc;
1155 if (rc == 0)
1156 rc = convert_response_xcrb(userspace, zq, ap_msg, xcRB);
1157 } else
1158
1159 ap_cancel_message(zq->queue, ap_msg);
1160out:
1161 return rc;
1162}
1163
1164
1165
1166
1167
1168
1169
1170
1171unsigned int get_ep11cprb_fc(bool userspace, struct ep11_urb *xcrb,
1172 struct ap_message *ap_msg,
1173 unsigned int *func_code)
1174{
1175 struct response_type resp_type = {
1176 .type = CEXXC_RESPONSE_TYPE_EP11,
1177 };
1178
1179 ap_msg->msg = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1180 if (!ap_msg->msg)
1181 return -ENOMEM;
1182 ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1183 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1184 atomic_inc_return(&zcrypt_step);
1185 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1186 if (!ap_msg->private)
1187 return -ENOMEM;
1188 return xcrb_msg_to_type6_ep11cprb_msgx(userspace, ap_msg, xcrb, func_code);
1189}
1190
1191
1192
1193
1194
1195
1196
1197
1198static long zcrypt_msgtype6_send_ep11_cprb(bool userspace, struct zcrypt_queue *zq,
1199 struct ep11_urb *xcrb,
1200 struct ap_message *ap_msg)
1201{
1202 int rc;
1203 unsigned int lfmt;
1204 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1205 struct {
1206 struct type6_hdr hdr;
1207 struct ep11_cprb cprbx;
1208 unsigned char pld_tag;
1209 unsigned char pld_lenfmt;
1210 } __packed * msg = ap_msg->msg;
1211 struct pld_hdr {
1212 unsigned char func_tag;
1213 unsigned char func_len;
1214 unsigned int func_val;
1215 unsigned char dom_tag;
1216 unsigned char dom_len;
1217 unsigned int dom_val;
1218 } __packed * payload_hdr = NULL;
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229 if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1230 msg->cprbx.target_id = (unsigned int)
1231 AP_QID_QUEUE(zq->queue->qid);
1232
1233 if ((msg->pld_lenfmt & 0x80) == 0x80) {
1234 switch (msg->pld_lenfmt & 0x03) {
1235 case 1:
1236 lfmt = 2;
1237 break;
1238 case 2:
1239 lfmt = 3;
1240 break;
1241 default:
1242 return -EINVAL;
1243 }
1244 } else {
1245 lfmt = 1;
1246 }
1247 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
1248 payload_hdr->dom_val = (unsigned int)
1249 AP_QID_QUEUE(zq->queue->qid);
1250 }
1251
1252 init_completion(&rtype->work);
1253 rc = ap_queue_message(zq->queue, ap_msg);
1254 if (rc)
1255 goto out;
1256 rc = wait_for_completion_interruptible(&rtype->work);
1257 if (rc == 0) {
1258 rc = ap_msg->rc;
1259 if (rc == 0)
1260 rc = convert_response_ep11_xcrb(userspace, zq, ap_msg, xcrb);
1261 } else
1262
1263 ap_cancel_message(zq->queue, ap_msg);
1264out:
1265 return rc;
1266}
1267
1268unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code,
1269 unsigned int *domain)
1270{
1271 struct response_type resp_type = {
1272 .type = CEXXC_RESPONSE_TYPE_XCRB,
1273 };
1274
1275 ap_msg->msg = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1276 if (!ap_msg->msg)
1277 return -ENOMEM;
1278 ap_msg->receive = zcrypt_msgtype6_receive;
1279 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1280 atomic_inc_return(&zcrypt_step);
1281 ap_msg->private = kmemdup(&resp_type, sizeof(resp_type), GFP_KERNEL);
1282 if (!ap_msg->private)
1283 return -ENOMEM;
1284
1285 rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1286
1287 *func_code = HWRNG;
1288 return 0;
1289}
1290
1291
1292
1293
1294
1295
1296
1297
1298static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1299 char *buffer, struct ap_message *ap_msg)
1300{
1301 struct {
1302 struct type6_hdr hdr;
1303 struct CPRBX cprbx;
1304 char function_code[2];
1305 short int rule_length;
1306 char rule[8];
1307 short int verb_length;
1308 short int key_length;
1309 } __packed * msg = ap_msg->msg;
1310 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1311 int rc;
1312
1313 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1314
1315 init_completion(&rtype->work);
1316 rc = ap_queue_message(zq->queue, ap_msg);
1317 if (rc)
1318 goto out;
1319 rc = wait_for_completion_interruptible(&rtype->work);
1320 if (rc == 0) {
1321 rc = ap_msg->rc;
1322 if (rc == 0)
1323 rc = convert_response_rng(zq, ap_msg, buffer);
1324 } else
1325
1326 ap_cancel_message(zq->queue, ap_msg);
1327out:
1328 return rc;
1329}
1330
1331
1332
1333
1334static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1335 .owner = THIS_MODULE,
1336 .name = MSGTYPE06_NAME,
1337 .variant = MSGTYPE06_VARIANT_NORNG,
1338 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1339 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1340 .send_cprb = zcrypt_msgtype6_send_cprb,
1341};
1342
1343static struct zcrypt_ops zcrypt_msgtype6_ops = {
1344 .owner = THIS_MODULE,
1345 .name = MSGTYPE06_NAME,
1346 .variant = MSGTYPE06_VARIANT_DEFAULT,
1347 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1348 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1349 .send_cprb = zcrypt_msgtype6_send_cprb,
1350 .rng = zcrypt_msgtype6_rng,
1351};
1352
1353static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1354 .owner = THIS_MODULE,
1355 .name = MSGTYPE06_NAME,
1356 .variant = MSGTYPE06_VARIANT_EP11,
1357 .rsa_modexpo = NULL,
1358 .rsa_modexpo_crt = NULL,
1359 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1360};
1361
1362void __init zcrypt_msgtype6_init(void)
1363{
1364 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1365 zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1366 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1367}
1368
1369void __exit zcrypt_msgtype6_exit(void)
1370{
1371 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1372 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1373 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
1374}
1375
