]>
Commit | Line | Data |
---|---|---|
963ed931 MS |
1 | /* |
2 | * linux/drivers/s390/crypto/zcrypt_cex2a.c | |
3 | * | |
5432114b | 4 | * zcrypt 2.1.0 |
963ed931 MS |
5 | * |
6 | * Copyright (C) 2001, 2006 IBM Corporation | |
7 | * Author(s): Robert Burroughs | |
8 | * Eric Rossman (edrossma@us.ibm.com) | |
9 | * | |
10 | * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) | |
11 | * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> | |
12 | * Ralph Wuerthner <rwuerthn@de.ibm.com> | |
13 | * | |
14 | * This program is free software; you can redistribute it and/or modify | |
15 | * it under the terms of the GNU General Public License as published by | |
16 | * the Free Software Foundation; either version 2, or (at your option) | |
17 | * any later version. | |
18 | * | |
19 | * This program is distributed in the hope that it will be useful, | |
20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
22 | * GNU General Public License for more details. | |
23 | * | |
24 | * You should have received a copy of the GNU General Public License | |
25 | * along with this program; if not, write to the Free Software | |
26 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
27 | */ | |
28 | ||
29 | #include <linux/module.h> | |
5a0e3ad6 | 30 | #include <linux/slab.h> |
963ed931 MS |
31 | #include <linux/init.h> |
32 | #include <linux/err.h> | |
33 | #include <asm/atomic.h> | |
34 | #include <asm/uaccess.h> | |
35 | ||
36 | #include "ap_bus.h" | |
37 | #include "zcrypt_api.h" | |
38 | #include "zcrypt_error.h" | |
39 | #include "zcrypt_cex2a.h" | |
40 | ||
41 | #define CEX2A_MIN_MOD_SIZE 1 /* 8 bits */ | |
42 | #define CEX2A_MAX_MOD_SIZE 256 /* 2048 bits */ | |
8e89b6be FB |
43 | #define CEX3A_MIN_MOD_SIZE CEX2A_MIN_MOD_SIZE |
44 | #define CEX3A_MAX_MOD_SIZE CEX2A_MAX_MOD_SIZE | |
963ed931 MS |
45 | |
46 | #define CEX2A_SPEED_RATING 970 | |
7a6f5cd0 | 47 | #define CEX3A_SPEED_RATING 900 /* Fixme: Needs finetuning */ |
963ed931 MS |
48 | |
49 | #define CEX2A_MAX_MESSAGE_SIZE 0x390 /* sizeof(struct type50_crb2_msg) */ | |
50 | #define CEX2A_MAX_RESPONSE_SIZE 0x110 /* max outputdatalength + type80_hdr */ | |
51 | ||
8e89b6be FB |
52 | #define CEX3A_MAX_MESSAGE_SIZE CEX2A_MAX_MESSAGE_SIZE |
53 | #define CEX3A_MAX_RESPONSE_SIZE CEX2A_MAX_RESPONSE_SIZE | |
54 | ||
963ed931 | 55 | #define CEX2A_CLEANUP_TIME (15*HZ) |
8e89b6be | 56 | #define CEX3A_CLEANUP_TIME CEX2A_CLEANUP_TIME |
963ed931 MS |
57 | |
58 | static struct ap_device_id zcrypt_cex2a_ids[] = { | |
59 | { AP_DEVICE(AP_DEVICE_TYPE_CEX2A) }, | |
ffda4f71 | 60 | { AP_DEVICE(AP_DEVICE_TYPE_CEX3A) }, |
963ed931 MS |
61 | { /* end of list */ }, |
62 | }; | |
63 | ||
64 | #ifndef CONFIG_ZCRYPT_MONOLITHIC | |
65 | MODULE_DEVICE_TABLE(ap, zcrypt_cex2a_ids); | |
66 | MODULE_AUTHOR("IBM Corporation"); | |
67 | MODULE_DESCRIPTION("CEX2A Cryptographic Coprocessor device driver, " | |
68 | "Copyright 2001, 2006 IBM Corporation"); | |
69 | MODULE_LICENSE("GPL"); | |
70 | #endif | |
71 | ||
72 | static int zcrypt_cex2a_probe(struct ap_device *ap_dev); | |
73 | static void zcrypt_cex2a_remove(struct ap_device *ap_dev); | |
74 | static void zcrypt_cex2a_receive(struct ap_device *, struct ap_message *, | |
75 | struct ap_message *); | |
76 | ||
77 | static struct ap_driver zcrypt_cex2a_driver = { | |
78 | .probe = zcrypt_cex2a_probe, | |
79 | .remove = zcrypt_cex2a_remove, | |
80 | .receive = zcrypt_cex2a_receive, | |
81 | .ids = zcrypt_cex2a_ids, | |
af512ed0 | 82 | .request_timeout = CEX2A_CLEANUP_TIME, |
963ed931 MS |
83 | }; |
84 | ||
85 | /** | |
86 | * Convert a ICAMEX message to a type50 MEX message. | |
87 | * | |
88 | * @zdev: crypto device pointer | |
89 | * @zreq: crypto request pointer | |
90 | * @mex: pointer to user input data | |
91 | * | |
92 | * Returns 0 on success or -EFAULT. | |
93 | */ | |
94 | static int ICAMEX_msg_to_type50MEX_msg(struct zcrypt_device *zdev, | |
95 | struct ap_message *ap_msg, | |
96 | struct ica_rsa_modexpo *mex) | |
97 | { | |
98 | unsigned char *mod, *exp, *inp; | |
99 | int mod_len; | |
100 | ||
101 | mod_len = mex->inputdatalength; | |
102 | ||
103 | if (mod_len <= 128) { | |
104 | struct type50_meb1_msg *meb1 = ap_msg->message; | |
105 | memset(meb1, 0, sizeof(*meb1)); | |
106 | ap_msg->length = sizeof(*meb1); | |
107 | meb1->header.msg_type_code = TYPE50_TYPE_CODE; | |
108 | meb1->header.msg_len = sizeof(*meb1); | |
109 | meb1->keyblock_type = TYPE50_MEB1_FMT; | |
110 | mod = meb1->modulus + sizeof(meb1->modulus) - mod_len; | |
111 | exp = meb1->exponent + sizeof(meb1->exponent) - mod_len; | |
112 | inp = meb1->message + sizeof(meb1->message) - mod_len; | |
113 | } else { | |
114 | struct type50_meb2_msg *meb2 = ap_msg->message; | |
115 | memset(meb2, 0, sizeof(*meb2)); | |
116 | ap_msg->length = sizeof(*meb2); | |
117 | meb2->header.msg_type_code = TYPE50_TYPE_CODE; | |
118 | meb2->header.msg_len = sizeof(*meb2); | |
119 | meb2->keyblock_type = TYPE50_MEB2_FMT; | |
120 | mod = meb2->modulus + sizeof(meb2->modulus) - mod_len; | |
121 | exp = meb2->exponent + sizeof(meb2->exponent) - mod_len; | |
122 | inp = meb2->message + sizeof(meb2->message) - mod_len; | |
123 | } | |
124 | ||
125 | if (copy_from_user(mod, mex->n_modulus, mod_len) || | |
126 | copy_from_user(exp, mex->b_key, mod_len) || | |
127 | copy_from_user(inp, mex->inputdata, mod_len)) | |
128 | return -EFAULT; | |
129 | return 0; | |
130 | } | |
131 | ||
132 | /** | |
133 | * Convert a ICACRT message to a type50 CRT message. | |
134 | * | |
135 | * @zdev: crypto device pointer | |
136 | * @zreq: crypto request pointer | |
137 | * @crt: pointer to user input data | |
138 | * | |
139 | * Returns 0 on success or -EFAULT. | |
140 | */ | |
141 | static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev, | |
142 | struct ap_message *ap_msg, | |
143 | struct ica_rsa_modexpo_crt *crt) | |
144 | { | |
145 | int mod_len, short_len, long_len, long_offset; | |
146 | unsigned char *p, *q, *dp, *dq, *u, *inp; | |
147 | ||
148 | mod_len = crt->inputdatalength; | |
149 | short_len = mod_len / 2; | |
150 | long_len = mod_len / 2 + 8; | |
151 | ||
152 | /* | |
153 | * CEX2A cannot handle p, dp, or U > 128 bytes. | |
154 | * If we have one of these, we need to do extra checking. | |
155 | */ | |
156 | if (long_len > 128) { | |
157 | /* | |
158 | * zcrypt_rsa_crt already checked for the leading | |
159 | * zeroes of np_prime, bp_key and u_mult_inc. | |
160 | */ | |
161 | long_offset = long_len - 128; | |
162 | long_len = 128; | |
163 | } else | |
164 | long_offset = 0; | |
165 | ||
166 | /* | |
167 | * Instead of doing extra work for p, dp, U > 64 bytes, we'll just use | |
168 | * the larger message structure. | |
169 | */ | |
170 | if (long_len <= 64) { | |
171 | struct type50_crb1_msg *crb1 = ap_msg->message; | |
172 | memset(crb1, 0, sizeof(*crb1)); | |
173 | ap_msg->length = sizeof(*crb1); | |
174 | crb1->header.msg_type_code = TYPE50_TYPE_CODE; | |
175 | crb1->header.msg_len = sizeof(*crb1); | |
176 | crb1->keyblock_type = TYPE50_CRB1_FMT; | |
177 | p = crb1->p + sizeof(crb1->p) - long_len; | |
178 | q = crb1->q + sizeof(crb1->q) - short_len; | |
179 | dp = crb1->dp + sizeof(crb1->dp) - long_len; | |
180 | dq = crb1->dq + sizeof(crb1->dq) - short_len; | |
181 | u = crb1->u + sizeof(crb1->u) - long_len; | |
182 | inp = crb1->message + sizeof(crb1->message) - mod_len; | |
183 | } else { | |
184 | struct type50_crb2_msg *crb2 = ap_msg->message; | |
185 | memset(crb2, 0, sizeof(*crb2)); | |
186 | ap_msg->length = sizeof(*crb2); | |
187 | crb2->header.msg_type_code = TYPE50_TYPE_CODE; | |
188 | crb2->header.msg_len = sizeof(*crb2); | |
189 | crb2->keyblock_type = TYPE50_CRB2_FMT; | |
190 | p = crb2->p + sizeof(crb2->p) - long_len; | |
191 | q = crb2->q + sizeof(crb2->q) - short_len; | |
192 | dp = crb2->dp + sizeof(crb2->dp) - long_len; | |
193 | dq = crb2->dq + sizeof(crb2->dq) - short_len; | |
194 | u = crb2->u + sizeof(crb2->u) - long_len; | |
195 | inp = crb2->message + sizeof(crb2->message) - mod_len; | |
196 | } | |
197 | ||
198 | if (copy_from_user(p, crt->np_prime + long_offset, long_len) || | |
199 | copy_from_user(q, crt->nq_prime, short_len) || | |
200 | copy_from_user(dp, crt->bp_key + long_offset, long_len) || | |
201 | copy_from_user(dq, crt->bq_key, short_len) || | |
202 | copy_from_user(u, crt->u_mult_inv + long_offset, long_len) || | |
203 | copy_from_user(inp, crt->inputdata, mod_len)) | |
204 | return -EFAULT; | |
205 | ||
206 | ||
207 | return 0; | |
208 | } | |
209 | ||
210 | /** | |
211 | * Copy results from a type 80 reply message back to user space. | |
212 | * | |
213 | * @zdev: crypto device pointer | |
214 | * @reply: reply AP message. | |
215 | * @data: pointer to user output data | |
216 | * @length: size of user output data | |
217 | * | |
218 | * Returns 0 on success or -EFAULT. | |
219 | */ | |
220 | static int convert_type80(struct zcrypt_device *zdev, | |
221 | struct ap_message *reply, | |
222 | char __user *outputdata, | |
223 | unsigned int outputdatalength) | |
224 | { | |
225 | struct type80_hdr *t80h = reply->message; | |
226 | unsigned char *data; | |
227 | ||
228 | if (t80h->len < sizeof(*t80h) + outputdatalength) { | |
229 | /* The result is too short, the CEX2A card may not do that.. */ | |
230 | zdev->online = 0; | |
231 | return -EAGAIN; /* repeat the request on a different device. */ | |
232 | } | |
233 | BUG_ON(t80h->len > CEX2A_MAX_RESPONSE_SIZE); | |
234 | data = reply->message + t80h->len - outputdatalength; | |
235 | if (copy_to_user(outputdata, data, outputdatalength)) | |
236 | return -EFAULT; | |
237 | return 0; | |
238 | } | |
239 | ||
240 | static int convert_response(struct zcrypt_device *zdev, | |
241 | struct ap_message *reply, | |
242 | char __user *outputdata, | |
243 | unsigned int outputdatalength) | |
244 | { | |
245 | /* Response type byte is the second byte in the response. */ | |
246 | switch (((unsigned char *) reply->message)[1]) { | |
247 | case TYPE82_RSP_CODE: | |
248 | case TYPE88_RSP_CODE: | |
249 | return convert_error(zdev, reply); | |
250 | case TYPE80_RSP_CODE: | |
251 | return convert_type80(zdev, reply, | |
252 | outputdata, outputdatalength); | |
253 | default: /* Unknown response type, this should NEVER EVER happen */ | |
963ed931 MS |
254 | zdev->online = 0; |
255 | return -EAGAIN; /* repeat the request on a different device. */ | |
256 | } | |
257 | } | |
258 | ||
259 | /** | |
260 | * This function is called from the AP bus code after a crypto request | |
261 | * "msg" has finished with the reply message "reply". | |
262 | * It is called from tasklet context. | |
263 | * @ap_dev: pointer to the AP device | |
264 | * @msg: pointer to the AP message | |
265 | * @reply: pointer to the AP reply message | |
266 | */ | |
267 | static void zcrypt_cex2a_receive(struct ap_device *ap_dev, | |
268 | struct ap_message *msg, | |
269 | struct ap_message *reply) | |
270 | { | |
271 | static struct error_hdr error_reply = { | |
272 | .type = TYPE82_RSP_CODE, | |
273 | .reply_code = REP82_ERROR_MACHINE_FAILURE, | |
274 | }; | |
21e7b2c4 | 275 | struct type80_hdr *t80h; |
963ed931 MS |
276 | int length; |
277 | ||
278 | /* Copy the reply message to the request message buffer. */ | |
21e7b2c4 | 279 | if (IS_ERR(reply)) { |
963ed931 | 280 | memcpy(msg->message, &error_reply, sizeof(error_reply)); |
21e7b2c4 JL |
281 | goto out; |
282 | } | |
283 | t80h = reply->message; | |
284 | if (t80h->type == TYPE80_RSP_CODE) { | |
963ed931 MS |
285 | length = min(CEX2A_MAX_RESPONSE_SIZE, (int) t80h->len); |
286 | memcpy(msg->message, reply->message, length); | |
287 | } else | |
288 | memcpy(msg->message, reply->message, sizeof error_reply); | |
21e7b2c4 | 289 | out: |
963ed931 MS |
290 | complete((struct completion *) msg->private); |
291 | } | |
292 | ||
293 | static atomic_t zcrypt_step = ATOMIC_INIT(0); | |
294 | ||
295 | /** | |
296 | * The request distributor calls this function if it picked the CEX2A | |
297 | * device to handle a modexpo request. | |
298 | * @zdev: pointer to zcrypt_device structure that identifies the | |
299 | * CEX2A device to the request distributor | |
300 | * @mex: pointer to the modexpo request buffer | |
301 | */ | |
302 | static long zcrypt_cex2a_modexpo(struct zcrypt_device *zdev, | |
303 | struct ica_rsa_modexpo *mex) | |
304 | { | |
305 | struct ap_message ap_msg; | |
306 | struct completion work; | |
307 | int rc; | |
308 | ||
468ffddf | 309 | ap_init_message(&ap_msg); |
5cbded58 | 310 | ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL); |
963ed931 MS |
311 | if (!ap_msg.message) |
312 | return -ENOMEM; | |
313 | ap_msg.psmid = (((unsigned long long) current->pid) << 32) + | |
314 | atomic_inc_return(&zcrypt_step); | |
315 | ap_msg.private = &work; | |
316 | rc = ICAMEX_msg_to_type50MEX_msg(zdev, &ap_msg, mex); | |
317 | if (rc) | |
318 | goto out_free; | |
319 | init_completion(&work); | |
320 | ap_queue_message(zdev->ap_dev, &ap_msg); | |
af512ed0 RW |
321 | rc = wait_for_completion_interruptible(&work); |
322 | if (rc == 0) | |
963ed931 MS |
323 | rc = convert_response(zdev, &ap_msg, mex->outputdata, |
324 | mex->outputdatalength); | |
af512ed0 RW |
325 | else |
326 | /* Signal pending. */ | |
963ed931 | 327 | ap_cancel_message(zdev->ap_dev, &ap_msg); |
963ed931 MS |
328 | out_free: |
329 | kfree(ap_msg.message); | |
330 | return rc; | |
331 | } | |
332 | ||
333 | /** | |
334 | * The request distributor calls this function if it picked the CEX2A | |
335 | * device to handle a modexpo_crt request. | |
336 | * @zdev: pointer to zcrypt_device structure that identifies the | |
337 | * CEX2A device to the request distributor | |
338 | * @crt: pointer to the modexpoc_crt request buffer | |
339 | */ | |
340 | static long zcrypt_cex2a_modexpo_crt(struct zcrypt_device *zdev, | |
341 | struct ica_rsa_modexpo_crt *crt) | |
342 | { | |
343 | struct ap_message ap_msg; | |
344 | struct completion work; | |
345 | int rc; | |
346 | ||
468ffddf | 347 | ap_init_message(&ap_msg); |
5cbded58 | 348 | ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL); |
963ed931 MS |
349 | if (!ap_msg.message) |
350 | return -ENOMEM; | |
351 | ap_msg.psmid = (((unsigned long long) current->pid) << 32) + | |
352 | atomic_inc_return(&zcrypt_step); | |
353 | ap_msg.private = &work; | |
354 | rc = ICACRT_msg_to_type50CRT_msg(zdev, &ap_msg, crt); | |
355 | if (rc) | |
356 | goto out_free; | |
357 | init_completion(&work); | |
358 | ap_queue_message(zdev->ap_dev, &ap_msg); | |
af512ed0 RW |
359 | rc = wait_for_completion_interruptible(&work); |
360 | if (rc == 0) | |
963ed931 MS |
361 | rc = convert_response(zdev, &ap_msg, crt->outputdata, |
362 | crt->outputdatalength); | |
af512ed0 RW |
363 | else |
364 | /* Signal pending. */ | |
963ed931 | 365 | ap_cancel_message(zdev->ap_dev, &ap_msg); |
963ed931 MS |
366 | out_free: |
367 | kfree(ap_msg.message); | |
368 | return rc; | |
369 | } | |
370 | ||
371 | /** | |
372 | * The crypto operations for a CEX2A card. | |
373 | */ | |
374 | static struct zcrypt_ops zcrypt_cex2a_ops = { | |
375 | .rsa_modexpo = zcrypt_cex2a_modexpo, | |
376 | .rsa_modexpo_crt = zcrypt_cex2a_modexpo_crt, | |
377 | }; | |
378 | ||
379 | /** | |
380 | * Probe function for CEX2A cards. It always accepts the AP device | |
381 | * since the bus_match already checked the hardware type. | |
382 | * @ap_dev: pointer to the AP device. | |
383 | */ | |
384 | static int zcrypt_cex2a_probe(struct ap_device *ap_dev) | |
385 | { | |
8e89b6be FB |
386 | struct zcrypt_device *zdev = NULL; |
387 | int rc = 0; | |
388 | ||
389 | switch (ap_dev->device_type) { | |
390 | case AP_DEVICE_TYPE_CEX2A: | |
391 | zdev = zcrypt_device_alloc(CEX2A_MAX_RESPONSE_SIZE); | |
392 | if (!zdev) | |
393 | return -ENOMEM; | |
394 | zdev->user_space_type = ZCRYPT_CEX2A; | |
395 | zdev->type_string = "CEX2A"; | |
396 | zdev->min_mod_size = CEX2A_MIN_MOD_SIZE; | |
397 | zdev->max_mod_size = CEX2A_MAX_MOD_SIZE; | |
398 | zdev->short_crt = 1; | |
399 | zdev->speed_rating = CEX2A_SPEED_RATING; | |
400 | break; | |
401 | case AP_DEVICE_TYPE_CEX3A: | |
402 | zdev = zcrypt_device_alloc(CEX3A_MAX_RESPONSE_SIZE); | |
403 | if (!zdev) | |
404 | return -ENOMEM; | |
405 | zdev->user_space_type = ZCRYPT_CEX3A; | |
406 | zdev->type_string = "CEX3A"; | |
407 | zdev->min_mod_size = CEX3A_MIN_MOD_SIZE; | |
408 | zdev->max_mod_size = CEX3A_MAX_MOD_SIZE; | |
409 | zdev->short_crt = 1; | |
410 | zdev->speed_rating = CEX3A_SPEED_RATING; | |
411 | break; | |
412 | } | |
413 | if (zdev != NULL) { | |
414 | zdev->ap_dev = ap_dev; | |
415 | zdev->ops = &zcrypt_cex2a_ops; | |
416 | zdev->online = 1; | |
417 | ap_dev->reply = &zdev->reply; | |
418 | ap_dev->private = zdev; | |
419 | rc = zcrypt_device_register(zdev); | |
420 | } | |
421 | if (rc) { | |
422 | ap_dev->private = NULL; | |
423 | zcrypt_device_free(zdev); | |
424 | } | |
963ed931 MS |
425 | return rc; |
426 | } | |
427 | ||
428 | /** | |
429 | * This is called to remove the extended CEX2A driver information | |
430 | * if an AP device is removed. | |
431 | */ | |
432 | static void zcrypt_cex2a_remove(struct ap_device *ap_dev) | |
433 | { | |
434 | struct zcrypt_device *zdev = ap_dev->private; | |
435 | ||
436 | zcrypt_device_unregister(zdev); | |
437 | } | |
438 | ||
439 | int __init zcrypt_cex2a_init(void) | |
440 | { | |
441 | return ap_driver_register(&zcrypt_cex2a_driver, THIS_MODULE, "cex2a"); | |
442 | } | |
443 | ||
444 | void __exit zcrypt_cex2a_exit(void) | |
445 | { | |
446 | ap_driver_unregister(&zcrypt_cex2a_driver); | |
447 | } | |
448 | ||
449 | #ifndef CONFIG_ZCRYPT_MONOLITHIC | |
450 | module_init(zcrypt_cex2a_init); | |
451 | module_exit(zcrypt_cex2a_exit); | |
452 | #endif |