Commit | Line | Data |
---|---|---|
6684af1a MS |
1 | /* |
2 | * linux/drivers/s390/crypto/zcrypt_pcicc.c | |
3 | * | |
5432114b | 4 | * zcrypt 2.1.0 |
6684af1a MS |
5 | * |
6 | * Copyright (C) 2001, 2006 IBM Corporation | |
7 | * Author(s): Robert Burroughs | |
8 | * Eric Rossman (edrossma@us.ibm.com) | |
9 | * | |
10 | * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) | |
11 | * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> | |
12 | * Ralph Wuerthner <rwuerthn@de.ibm.com> | |
13 | * | |
14 | * This program is free software; you can redistribute it and/or modify | |
15 | * it under the terms of the GNU General Public License as published by | |
16 | * the Free Software Foundation; either version 2, or (at your option) | |
17 | * any later version. | |
18 | * | |
19 | * This program is distributed in the hope that it will be useful, | |
20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
22 | * GNU General Public License for more details. | |
23 | * | |
24 | * You should have received a copy of the GNU General Public License | |
25 | * along with this program; if not, write to the Free Software | |
26 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
27 | */ | |
28 | ||
29 | #include <linux/module.h> | |
30 | #include <linux/init.h> | |
31 | #include <linux/err.h> | |
32 | #include <asm/atomic.h> | |
33 | #include <asm/uaccess.h> | |
34 | ||
35 | #include "ap_bus.h" | |
36 | #include "zcrypt_api.h" | |
37 | #include "zcrypt_error.h" | |
38 | #include "zcrypt_pcicc.h" | |
39 | #include "zcrypt_cca_key.h" | |
40 | ||
41 | #define PCICC_MIN_MOD_SIZE 64 /* 512 bits */ | |
42 | #define PCICC_MAX_MOD_SIZE_OLD 128 /* 1024 bits */ | |
43 | #define PCICC_MAX_MOD_SIZE 256 /* 2048 bits */ | |
44 | ||
1749a81d | 45 | /* |
6684af1a MS |
46 | * PCICC cards need a speed rating of 0. This keeps them at the end of |
47 | * the zcrypt device list (see zcrypt_api.c). PCICC cards are only | |
48 | * used if no other cards are present because they are slow and can only | |
49 | * cope with PKCS12 padded requests. The logic is queer. PKCS11 padded | |
50 | * requests are rejected. The modexpo function encrypts PKCS12 padded data | |
51 | * and decrypts any non-PKCS12 padded data (except PKCS11) in the assumption | |
52 | * that it's encrypted PKCS12 data. The modexpo_crt function always decrypts | |
53 | * the data in the assumption that its PKCS12 encrypted data. | |
54 | */ | |
55 | #define PCICC_SPEED_RATING 0 | |
56 | ||
57 | #define PCICC_MAX_MESSAGE_SIZE 0x710 /* max size type6 v1 crt message */ | |
58 | #define PCICC_MAX_RESPONSE_SIZE 0x710 /* max size type86 v1 reply */ | |
59 | ||
60 | #define PCICC_CLEANUP_TIME (15*HZ) | |
61 | ||
62 | static struct ap_device_id zcrypt_pcicc_ids[] = { | |
63 | { AP_DEVICE(AP_DEVICE_TYPE_PCICC) }, | |
64 | { /* end of list */ }, | |
65 | }; | |
66 | ||
67 | #ifndef CONFIG_ZCRYPT_MONOLITHIC | |
68 | MODULE_DEVICE_TABLE(ap, zcrypt_pcicc_ids); | |
69 | MODULE_AUTHOR("IBM Corporation"); | |
70 | MODULE_DESCRIPTION("PCICC Cryptographic Coprocessor device driver, " | |
71 | "Copyright 2001, 2006 IBM Corporation"); | |
72 | MODULE_LICENSE("GPL"); | |
73 | #endif | |
74 | ||
75 | static int zcrypt_pcicc_probe(struct ap_device *ap_dev); | |
76 | static void zcrypt_pcicc_remove(struct ap_device *ap_dev); | |
77 | static void zcrypt_pcicc_receive(struct ap_device *, struct ap_message *, | |
78 | struct ap_message *); | |
79 | ||
80 | static struct ap_driver zcrypt_pcicc_driver = { | |
81 | .probe = zcrypt_pcicc_probe, | |
82 | .remove = zcrypt_pcicc_remove, | |
83 | .receive = zcrypt_pcicc_receive, | |
84 | .ids = zcrypt_pcicc_ids, | |
af512ed0 | 85 | .request_timeout = PCICC_CLEANUP_TIME, |
6684af1a MS |
86 | }; |
87 | ||
88 | /** | |
89 | * The following is used to initialize the CPRB passed to the PCICC card | |
90 | * in a type6 message. The 3 fields that must be filled in at execution | |
91 | * time are req_parml, rpl_parml and usage_domain. Note that all three | |
92 | * fields are *little*-endian. Actually, everything about this interface | |
93 | * is ascii/little-endian, since the device has 'Intel inside'. | |
94 | * | |
95 | * The CPRB is followed immediately by the parm block. | |
96 | * The parm block contains: | |
97 | * - function code ('PD' 0x5044 or 'PK' 0x504B) | |
98 | * - rule block (0x0A00 'PKCS-1.2' or 0x0A00 'ZERO-PAD') | |
99 | * - VUD block | |
100 | */ | |
101 | static struct CPRB static_cprb = { | |
102 | .cprb_len = __constant_cpu_to_le16(0x0070), | |
103 | .cprb_ver_id = 0x41, | |
104 | .func_id = {0x54,0x32}, | |
105 | .checkpoint_flag= 0x01, | |
106 | .svr_namel = __constant_cpu_to_le16(0x0008), | |
107 | .svr_name = {'I','C','S','F',' ',' ',' ',' '} | |
108 | }; | |
109 | ||
110 | /** | |
111 | * Check the message for PKCS11 padding. | |
112 | */ | |
113 | static inline int is_PKCS11_padded(unsigned char *buffer, int length) | |
114 | { | |
115 | int i; | |
116 | if ((buffer[0] != 0x00) || (buffer[1] != 0x01)) | |
117 | return 0; | |
118 | for (i = 2; i < length; i++) | |
119 | if (buffer[i] != 0xFF) | |
120 | break; | |
121 | if (i < 10 || i == length) | |
122 | return 0; | |
123 | if (buffer[i] != 0x00) | |
124 | return 0; | |
125 | return 1; | |
126 | } | |
127 | ||
128 | /** | |
129 | * Check the message for PKCS12 padding. | |
130 | */ | |
131 | static inline int is_PKCS12_padded(unsigned char *buffer, int length) | |
132 | { | |
133 | int i; | |
134 | if ((buffer[0] != 0x00) || (buffer[1] != 0x02)) | |
135 | return 0; | |
136 | for (i = 2; i < length; i++) | |
137 | if (buffer[i] == 0x00) | |
138 | break; | |
139 | if ((i < 10) || (i == length)) | |
140 | return 0; | |
141 | if (buffer[i] != 0x00) | |
142 | return 0; | |
143 | return 1; | |
144 | } | |
145 | ||
146 | /** | |
147 | * Convert a ICAMEX message to a type6 MEX message. | |
148 | * | |
149 | * @zdev: crypto device pointer | |
150 | * @zreq: crypto request pointer | |
151 | * @mex: pointer to user input data | |
152 | * | |
153 | * Returns 0 on success or -EFAULT. | |
154 | */ | |
155 | static int ICAMEX_msg_to_type6MEX_msg(struct zcrypt_device *zdev, | |
156 | struct ap_message *ap_msg, | |
157 | struct ica_rsa_modexpo *mex) | |
158 | { | |
159 | static struct type6_hdr static_type6_hdr = { | |
160 | .type = 0x06, | |
161 | .offset1 = 0x00000058, | |
162 | .agent_id = {0x01,0x00,0x43,0x43,0x41,0x2D,0x41,0x50, | |
163 | 0x50,0x4C,0x20,0x20,0x20,0x01,0x01,0x01}, | |
164 | .function_code = {'P','K'}, | |
165 | }; | |
166 | static struct function_and_rules_block static_pke_function_and_rules ={ | |
167 | .function_code = {'P','K'}, | |
168 | .ulen = __constant_cpu_to_le16(10), | |
169 | .only_rule = {'P','K','C','S','-','1','.','2'} | |
170 | }; | |
171 | struct { | |
172 | struct type6_hdr hdr; | |
173 | struct CPRB cprb; | |
174 | struct function_and_rules_block fr; | |
175 | unsigned short length; | |
176 | char text[0]; | |
177 | } __attribute__((packed)) *msg = ap_msg->message; | |
178 | int vud_len, pad_len, size; | |
179 | ||
180 | /* VUD.ciphertext */ | |
181 | if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength)) | |
182 | return -EFAULT; | |
183 | ||
184 | if (is_PKCS11_padded(msg->text, mex->inputdatalength)) | |
185 | return -EINVAL; | |
186 | ||
187 | /* static message header and f&r */ | |
188 | msg->hdr = static_type6_hdr; | |
189 | msg->fr = static_pke_function_and_rules; | |
190 | ||
191 | if (is_PKCS12_padded(msg->text, mex->inputdatalength)) { | |
192 | /* strip the padding and adjust the data length */ | |
193 | pad_len = strnlen(msg->text + 2, mex->inputdatalength - 2) + 3; | |
194 | if (pad_len <= 9 || pad_len >= mex->inputdatalength) | |
195 | return -ENODEV; | |
196 | vud_len = mex->inputdatalength - pad_len; | |
197 | memmove(msg->text, msg->text + pad_len, vud_len); | |
198 | msg->length = cpu_to_le16(vud_len + 2); | |
199 | ||
200 | /* Set up key after the variable length text. */ | |
201 | size = zcrypt_type6_mex_key_en(mex, msg->text + vud_len, 0); | |
202 | if (size < 0) | |
203 | return size; | |
204 | size += sizeof(*msg) + vud_len; /* total size of msg */ | |
205 | } else { | |
206 | vud_len = mex->inputdatalength; | |
207 | msg->length = cpu_to_le16(2 + vud_len); | |
208 | ||
209 | msg->hdr.function_code[1] = 'D'; | |
210 | msg->fr.function_code[1] = 'D'; | |
211 | ||
212 | /* Set up key after the variable length text. */ | |
213 | size = zcrypt_type6_mex_key_de(mex, msg->text + vud_len, 0); | |
214 | if (size < 0) | |
215 | return size; | |
216 | size += sizeof(*msg) + vud_len; /* total size of msg */ | |
217 | } | |
218 | ||
219 | /* message header, cprb and f&r */ | |
220 | msg->hdr.ToCardLen1 = (size - sizeof(msg->hdr) + 3) & -4; | |
221 | msg->hdr.FromCardLen1 = PCICC_MAX_RESPONSE_SIZE - sizeof(msg->hdr); | |
222 | ||
223 | msg->cprb = static_cprb; | |
224 | msg->cprb.usage_domain[0]= AP_QID_QUEUE(zdev->ap_dev->qid); | |
225 | msg->cprb.req_parml = cpu_to_le16(size - sizeof(msg->hdr) - | |
226 | sizeof(msg->cprb)); | |
227 | msg->cprb.rpl_parml = cpu_to_le16(msg->hdr.FromCardLen1); | |
228 | ||
229 | ap_msg->length = (size + 3) & -4; | |
230 | return 0; | |
231 | } | |
232 | ||
233 | /** | |
234 | * Convert a ICACRT message to a type6 CRT message. | |
235 | * | |
236 | * @zdev: crypto device pointer | |
237 | * @zreq: crypto request pointer | |
238 | * @crt: pointer to user input data | |
239 | * | |
240 | * Returns 0 on success or -EFAULT. | |
241 | */ | |
242 | static int ICACRT_msg_to_type6CRT_msg(struct zcrypt_device *zdev, | |
243 | struct ap_message *ap_msg, | |
244 | struct ica_rsa_modexpo_crt *crt) | |
245 | { | |
246 | static struct type6_hdr static_type6_hdr = { | |
247 | .type = 0x06, | |
248 | .offset1 = 0x00000058, | |
249 | .agent_id = {0x01,0x00,0x43,0x43,0x41,0x2D,0x41,0x50, | |
250 | 0x50,0x4C,0x20,0x20,0x20,0x01,0x01,0x01}, | |
251 | .function_code = {'P','D'}, | |
252 | }; | |
253 | static struct function_and_rules_block static_pkd_function_and_rules ={ | |
254 | .function_code = {'P','D'}, | |
255 | .ulen = __constant_cpu_to_le16(10), | |
256 | .only_rule = {'P','K','C','S','-','1','.','2'} | |
257 | }; | |
258 | struct { | |
259 | struct type6_hdr hdr; | |
260 | struct CPRB cprb; | |
261 | struct function_and_rules_block fr; | |
262 | unsigned short length; | |
263 | char text[0]; | |
264 | } __attribute__((packed)) *msg = ap_msg->message; | |
265 | int size; | |
266 | ||
267 | /* VUD.ciphertext */ | |
268 | msg->length = cpu_to_le16(2 + crt->inputdatalength); | |
269 | if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength)) | |
270 | return -EFAULT; | |
271 | ||
272 | if (is_PKCS11_padded(msg->text, crt->inputdatalength)) | |
273 | return -EINVAL; | |
274 | ||
275 | /* Set up key after the variable length text. */ | |
276 | size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength, 0); | |
277 | if (size < 0) | |
278 | return size; | |
279 | size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */ | |
280 | ||
281 | /* message header, cprb and f&r */ | |
282 | msg->hdr = static_type6_hdr; | |
283 | msg->hdr.ToCardLen1 = (size - sizeof(msg->hdr) + 3) & -4; | |
284 | msg->hdr.FromCardLen1 = PCICC_MAX_RESPONSE_SIZE - sizeof(msg->hdr); | |
285 | ||
286 | msg->cprb = static_cprb; | |
287 | msg->cprb.usage_domain[0] = AP_QID_QUEUE(zdev->ap_dev->qid); | |
288 | msg->cprb.req_parml = msg->cprb.rpl_parml = | |
289 | cpu_to_le16(size - sizeof(msg->hdr) - sizeof(msg->cprb)); | |
290 | ||
291 | msg->fr = static_pkd_function_and_rules; | |
292 | ||
293 | ap_msg->length = (size + 3) & -4; | |
294 | return 0; | |
295 | } | |
296 | ||
297 | /** | |
298 | * Copy results from a type 86 reply message back to user space. | |
299 | * | |
300 | * @zdev: crypto device pointer | |
301 | * @reply: reply AP message. | |
302 | * @data: pointer to user output data | |
303 | * @length: size of user output data | |
304 | * | |
305 | * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error. | |
306 | */ | |
307 | struct type86_reply { | |
308 | struct type86_hdr hdr; | |
309 | struct type86_fmt2_ext fmt2; | |
310 | struct CPRB cprb; | |
311 | unsigned char pad[4]; /* 4 byte function code/rules block ? */ | |
312 | unsigned short length; | |
313 | char text[0]; | |
314 | } __attribute__((packed)); | |
315 | ||
316 | static int convert_type86(struct zcrypt_device *zdev, | |
317 | struct ap_message *reply, | |
318 | char __user *outputdata, | |
319 | unsigned int outputdatalength) | |
320 | { | |
321 | static unsigned char static_pad[] = { | |
322 | 0x00,0x02, | |
323 | 0x1B,0x7B,0x5D,0xB5,0x75,0x01,0x3D,0xFD, | |
324 | 0x8D,0xD1,0xC7,0x03,0x2D,0x09,0x23,0x57, | |
325 | 0x89,0x49,0xB9,0x3F,0xBB,0x99,0x41,0x5B, | |
326 | 0x75,0x21,0x7B,0x9D,0x3B,0x6B,0x51,0x39, | |
327 | 0xBB,0x0D,0x35,0xB9,0x89,0x0F,0x93,0xA5, | |
328 | 0x0B,0x47,0xF1,0xD3,0xBB,0xCB,0xF1,0x9D, | |
329 | 0x23,0x73,0x71,0xFF,0xF3,0xF5,0x45,0xFB, | |
330 | 0x61,0x29,0x23,0xFD,0xF1,0x29,0x3F,0x7F, | |
331 | 0x17,0xB7,0x1B,0xA9,0x19,0xBD,0x57,0xA9, | |
332 | 0xD7,0x95,0xA3,0xCB,0xED,0x1D,0xDB,0x45, | |
333 | 0x7D,0x11,0xD1,0x51,0x1B,0xED,0x71,0xE9, | |
334 | 0xB1,0xD1,0xAB,0xAB,0x21,0x2B,0x1B,0x9F, | |
335 | 0x3B,0x9F,0xF7,0xF7,0xBD,0x63,0xEB,0xAD, | |
336 | 0xDF,0xB3,0x6F,0x5B,0xDB,0x8D,0xA9,0x5D, | |
337 | 0xE3,0x7D,0x77,0x49,0x47,0xF5,0xA7,0xFD, | |
338 | 0xAB,0x2F,0x27,0x35,0x77,0xD3,0x49,0xC9, | |
339 | 0x09,0xEB,0xB1,0xF9,0xBF,0x4B,0xCB,0x2B, | |
340 | 0xEB,0xEB,0x05,0xFF,0x7D,0xC7,0x91,0x8B, | |
341 | 0x09,0x83,0xB9,0xB9,0x69,0x33,0x39,0x6B, | |
342 | 0x79,0x75,0x19,0xBF,0xBB,0x07,0x1D,0xBD, | |
343 | 0x29,0xBF,0x39,0x95,0x93,0x1D,0x35,0xC7, | |
344 | 0xC9,0x4D,0xE5,0x97,0x0B,0x43,0x9B,0xF1, | |
345 | 0x16,0x93,0x03,0x1F,0xA5,0xFB,0xDB,0xF3, | |
346 | 0x27,0x4F,0x27,0x61,0x05,0x1F,0xB9,0x23, | |
347 | 0x2F,0xC3,0x81,0xA9,0x23,0x71,0x55,0x55, | |
348 | 0xEB,0xED,0x41,0xE5,0xF3,0x11,0xF1,0x43, | |
349 | 0x69,0x03,0xBD,0x0B,0x37,0x0F,0x51,0x8F, | |
350 | 0x0B,0xB5,0x89,0x5B,0x67,0xA9,0xD9,0x4F, | |
351 | 0x01,0xF9,0x21,0x77,0x37,0x73,0x79,0xC5, | |
352 | 0x7F,0x51,0xC1,0xCF,0x97,0xA1,0x75,0xAD, | |
353 | 0x35,0x9D,0xD3,0xD3,0xA7,0x9D,0x5D,0x41, | |
354 | 0x6F,0x65,0x1B,0xCF,0xA9,0x87,0x91,0x09 | |
355 | }; | |
356 | struct type86_reply *msg = reply->message; | |
357 | unsigned short service_rc, service_rs; | |
358 | unsigned int reply_len, pad_len; | |
359 | char *data; | |
360 | ||
361 | service_rc = le16_to_cpu(msg->cprb.ccp_rtcode); | |
362 | if (unlikely(service_rc != 0)) { | |
363 | service_rs = le16_to_cpu(msg->cprb.ccp_rscode); | |
1a89dd8f | 364 | if (service_rc == 8 && service_rs == 66) |
6684af1a | 365 | return -EINVAL; |
1a89dd8f | 366 | if (service_rc == 8 && service_rs == 65) |
6684af1a | 367 | return -EINVAL; |
6684af1a | 368 | if (service_rc == 8 && service_rs == 770) { |
6684af1a MS |
369 | zdev->max_mod_size = PCICC_MAX_MOD_SIZE_OLD; |
370 | return -EAGAIN; | |
371 | } | |
372 | if (service_rc == 8 && service_rs == 783) { | |
6684af1a MS |
373 | zdev->max_mod_size = PCICC_MAX_MOD_SIZE_OLD; |
374 | return -EAGAIN; | |
375 | } | |
6684af1a MS |
376 | zdev->online = 0; |
377 | return -EAGAIN; /* repeat the request on a different device. */ | |
378 | } | |
379 | data = msg->text; | |
380 | reply_len = le16_to_cpu(msg->length) - 2; | |
381 | if (reply_len > outputdatalength) | |
382 | return -EINVAL; | |
1749a81d | 383 | /* |
6684af1a MS |
384 | * For all encipher requests, the length of the ciphertext (reply_len) |
385 | * will always equal the modulus length. For MEX decipher requests | |
386 | * the output needs to get padded. Minimum pad size is 10. | |
387 | * | |
388 | * Currently, the cases where padding will be added is for: | |
389 | * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support | |
390 | * ZERO-PAD and CRT is only supported for PKD requests) | |
391 | * - PCICC, always | |
392 | */ | |
393 | pad_len = outputdatalength - reply_len; | |
394 | if (pad_len > 0) { | |
395 | if (pad_len < 10) | |
396 | return -EINVAL; | |
397 | /* 'restore' padding left in the PCICC/PCIXCC card. */ | |
398 | if (copy_to_user(outputdata, static_pad, pad_len - 1)) | |
399 | return -EFAULT; | |
400 | if (put_user(0, outputdata + pad_len - 1)) | |
401 | return -EFAULT; | |
402 | } | |
403 | /* Copy the crypto response to user space. */ | |
404 | if (copy_to_user(outputdata + pad_len, data, reply_len)) | |
405 | return -EFAULT; | |
406 | return 0; | |
407 | } | |
408 | ||
409 | static int convert_response(struct zcrypt_device *zdev, | |
410 | struct ap_message *reply, | |
411 | char __user *outputdata, | |
412 | unsigned int outputdatalength) | |
413 | { | |
414 | struct type86_reply *msg = reply->message; | |
415 | ||
416 | /* Response type byte is the second byte in the response. */ | |
417 | switch (msg->hdr.type) { | |
418 | case TYPE82_RSP_CODE: | |
419 | case TYPE88_RSP_CODE: | |
420 | return convert_error(zdev, reply); | |
421 | case TYPE86_RSP_CODE: | |
422 | if (msg->hdr.reply_code) | |
423 | return convert_error(zdev, reply); | |
424 | if (msg->cprb.cprb_ver_id == 0x01) | |
425 | return convert_type86(zdev, reply, | |
426 | outputdata, outputdatalength); | |
427 | /* no break, incorrect cprb version is an unknown response */ | |
428 | default: /* Unknown response type, this should NEVER EVER happen */ | |
6684af1a MS |
429 | zdev->online = 0; |
430 | return -EAGAIN; /* repeat the request on a different device. */ | |
431 | } | |
432 | } | |
433 | ||
434 | /** | |
435 | * This function is called from the AP bus code after a crypto request | |
436 | * "msg" has finished with the reply message "reply". | |
437 | * It is called from tasklet context. | |
438 | * @ap_dev: pointer to the AP device | |
439 | * @msg: pointer to the AP message | |
440 | * @reply: pointer to the AP reply message | |
441 | */ | |
442 | static void zcrypt_pcicc_receive(struct ap_device *ap_dev, | |
443 | struct ap_message *msg, | |
444 | struct ap_message *reply) | |
445 | { | |
446 | static struct error_hdr error_reply = { | |
447 | .type = TYPE82_RSP_CODE, | |
448 | .reply_code = REP82_ERROR_MACHINE_FAILURE, | |
449 | }; | |
450 | struct type86_reply *t86r = reply->message; | |
451 | int length; | |
452 | ||
453 | /* Copy the reply message to the request message buffer. */ | |
454 | if (IS_ERR(reply)) | |
455 | memcpy(msg->message, &error_reply, sizeof(error_reply)); | |
456 | else if (t86r->hdr.type == TYPE86_RSP_CODE && | |
457 | t86r->cprb.cprb_ver_id == 0x01) { | |
458 | length = sizeof(struct type86_reply) + t86r->length - 2; | |
459 | length = min(PCICC_MAX_RESPONSE_SIZE, length); | |
460 | memcpy(msg->message, reply->message, length); | |
461 | } else | |
462 | memcpy(msg->message, reply->message, sizeof error_reply); | |
463 | complete((struct completion *) msg->private); | |
464 | } | |
465 | ||
466 | static atomic_t zcrypt_step = ATOMIC_INIT(0); | |
467 | ||
468 | /** | |
469 | * The request distributor calls this function if it picked the PCICC | |
470 | * device to handle a modexpo request. | |
471 | * @zdev: pointer to zcrypt_device structure that identifies the | |
472 | * PCICC device to the request distributor | |
473 | * @mex: pointer to the modexpo request buffer | |
474 | */ | |
475 | static long zcrypt_pcicc_modexpo(struct zcrypt_device *zdev, | |
476 | struct ica_rsa_modexpo *mex) | |
477 | { | |
478 | struct ap_message ap_msg; | |
479 | struct completion work; | |
480 | int rc; | |
481 | ||
482 | ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); | |
483 | if (!ap_msg.message) | |
484 | return -ENOMEM; | |
485 | ap_msg.length = PAGE_SIZE; | |
486 | ap_msg.psmid = (((unsigned long long) current->pid) << 32) + | |
487 | atomic_inc_return(&zcrypt_step); | |
488 | ap_msg.private = &work; | |
489 | rc = ICAMEX_msg_to_type6MEX_msg(zdev, &ap_msg, mex); | |
490 | if (rc) | |
491 | goto out_free; | |
492 | init_completion(&work); | |
493 | ap_queue_message(zdev->ap_dev, &ap_msg); | |
af512ed0 RW |
494 | rc = wait_for_completion_interruptible(&work); |
495 | if (rc == 0) | |
6684af1a MS |
496 | rc = convert_response(zdev, &ap_msg, mex->outputdata, |
497 | mex->outputdatalength); | |
af512ed0 RW |
498 | else |
499 | /* Signal pending. */ | |
6684af1a | 500 | ap_cancel_message(zdev->ap_dev, &ap_msg); |
6684af1a MS |
501 | out_free: |
502 | free_page((unsigned long) ap_msg.message); | |
503 | return rc; | |
504 | } | |
505 | ||
506 | /** | |
507 | * The request distributor calls this function if it picked the PCICC | |
508 | * device to handle a modexpo_crt request. | |
509 | * @zdev: pointer to zcrypt_device structure that identifies the | |
510 | * PCICC device to the request distributor | |
511 | * @crt: pointer to the modexpoc_crt request buffer | |
512 | */ | |
513 | static long zcrypt_pcicc_modexpo_crt(struct zcrypt_device *zdev, | |
514 | struct ica_rsa_modexpo_crt *crt) | |
515 | { | |
516 | struct ap_message ap_msg; | |
517 | struct completion work; | |
518 | int rc; | |
519 | ||
520 | ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); | |
521 | if (!ap_msg.message) | |
522 | return -ENOMEM; | |
523 | ap_msg.length = PAGE_SIZE; | |
524 | ap_msg.psmid = (((unsigned long long) current->pid) << 32) + | |
525 | atomic_inc_return(&zcrypt_step); | |
526 | ap_msg.private = &work; | |
527 | rc = ICACRT_msg_to_type6CRT_msg(zdev, &ap_msg, crt); | |
528 | if (rc) | |
529 | goto out_free; | |
530 | init_completion(&work); | |
531 | ap_queue_message(zdev->ap_dev, &ap_msg); | |
af512ed0 RW |
532 | rc = wait_for_completion_interruptible(&work); |
533 | if (rc == 0) | |
6684af1a MS |
534 | rc = convert_response(zdev, &ap_msg, crt->outputdata, |
535 | crt->outputdatalength); | |
af512ed0 RW |
536 | else |
537 | /* Signal pending. */ | |
6684af1a | 538 | ap_cancel_message(zdev->ap_dev, &ap_msg); |
6684af1a MS |
539 | out_free: |
540 | free_page((unsigned long) ap_msg.message); | |
541 | return rc; | |
542 | } | |
543 | ||
544 | /** | |
545 | * The crypto operations for a PCICC card. | |
546 | */ | |
547 | static struct zcrypt_ops zcrypt_pcicc_ops = { | |
548 | .rsa_modexpo = zcrypt_pcicc_modexpo, | |
549 | .rsa_modexpo_crt = zcrypt_pcicc_modexpo_crt, | |
550 | }; | |
551 | ||
552 | /** | |
553 | * Probe function for PCICC cards. It always accepts the AP device | |
554 | * since the bus_match already checked the hardware type. | |
555 | * @ap_dev: pointer to the AP device. | |
556 | */ | |
557 | static int zcrypt_pcicc_probe(struct ap_device *ap_dev) | |
558 | { | |
559 | struct zcrypt_device *zdev; | |
560 | int rc; | |
561 | ||
562 | zdev = zcrypt_device_alloc(PCICC_MAX_RESPONSE_SIZE); | |
563 | if (!zdev) | |
564 | return -ENOMEM; | |
565 | zdev->ap_dev = ap_dev; | |
566 | zdev->ops = &zcrypt_pcicc_ops; | |
567 | zdev->online = 1; | |
568 | zdev->user_space_type = ZCRYPT_PCICC; | |
569 | zdev->type_string = "PCICC"; | |
570 | zdev->min_mod_size = PCICC_MIN_MOD_SIZE; | |
571 | zdev->max_mod_size = PCICC_MAX_MOD_SIZE; | |
572 | zdev->speed_rating = PCICC_SPEED_RATING; | |
573 | ap_dev->reply = &zdev->reply; | |
574 | ap_dev->private = zdev; | |
575 | rc = zcrypt_device_register(zdev); | |
576 | if (rc) | |
577 | goto out_free; | |
578 | return 0; | |
579 | ||
580 | out_free: | |
581 | ap_dev->private = NULL; | |
582 | zcrypt_device_free(zdev); | |
583 | return rc; | |
584 | } | |
585 | ||
586 | /** | |
587 | * This is called to remove the extended PCICC driver information | |
588 | * if an AP device is removed. | |
589 | */ | |
590 | static void zcrypt_pcicc_remove(struct ap_device *ap_dev) | |
591 | { | |
592 | struct zcrypt_device *zdev = ap_dev->private; | |
593 | ||
594 | zcrypt_device_unregister(zdev); | |
595 | } | |
596 | ||
597 | int __init zcrypt_pcicc_init(void) | |
598 | { | |
599 | return ap_driver_register(&zcrypt_pcicc_driver, THIS_MODULE, "pcicc"); | |
600 | } | |
601 | ||
602 | void zcrypt_pcicc_exit(void) | |
603 | { | |
604 | ap_driver_unregister(&zcrypt_pcicc_driver); | |
605 | } | |
606 | ||
607 | #ifndef CONFIG_ZCRYPT_MONOLITHIC | |
608 | module_init(zcrypt_pcicc_init); | |
609 | module_exit(zcrypt_pcicc_exit); | |
610 | #endif |