2 * linux/drivers/s390/crypto/zcrypt_pcicc.c
6 * Copyright (C) 2001, 2006 IBM Corporation
7 * Author(s): Robert Burroughs
8 * Eric Rossman (edrossma@us.ibm.com)
10 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
11 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
12 * Ralph Wuerthner <rwuerthn@de.ibm.com>
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2, or (at your option)
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #include <linux/module.h>
30 #include <linux/init.h>
31 #include <linux/gfp.h>
32 #include <linux/err.h>
33 #include <linux/atomic.h>
34 #include <asm/uaccess.h>
37 #include "zcrypt_api.h"
38 #include "zcrypt_error.h"
39 #include "zcrypt_pcicc.h"
40 #include "zcrypt_cca_key.h"
42 #define PCICC_MIN_MOD_SIZE 64 /* 512 bits */
43 #define PCICC_MAX_MOD_SIZE_OLD 128 /* 1024 bits */
44 #define PCICC_MAX_MOD_SIZE 256 /* 2048 bits */
47 * PCICC cards need a speed rating of 0. This keeps them at the end of
48 * the zcrypt device list (see zcrypt_api.c). PCICC cards are only
49 * used if no other cards are present because they are slow and can only
50 * cope with PKCS12 padded requests. The logic is queer. PKCS11 padded
51 * requests are rejected. The modexpo function encrypts PKCS12 padded data
52 * and decrypts any non-PKCS12 padded data (except PKCS11) in the assumption
53 * that it's encrypted PKCS12 data. The modexpo_crt function always decrypts
54 * the data in the assumption that its PKCS12 encrypted data.
56 #define PCICC_SPEED_RATING 0
58 #define PCICC_MAX_MESSAGE_SIZE 0x710 /* max size type6 v1 crt message */
59 #define PCICC_MAX_RESPONSE_SIZE 0x710 /* max size type86 v1 reply */
61 #define PCICC_CLEANUP_TIME (15*HZ)
63 static struct ap_device_id zcrypt_pcicc_ids[] = {
64 { AP_DEVICE(AP_DEVICE_TYPE_PCICC) },
65 { /* end of list */ },
68 MODULE_DEVICE_TABLE(ap, zcrypt_pcicc_ids);
69 MODULE_AUTHOR("IBM Corporation");
70 MODULE_DESCRIPTION("PCICC Cryptographic Coprocessor device driver, "
71 "Copyright 2001, 2006 IBM Corporation");
72 MODULE_LICENSE("GPL");
74 static int zcrypt_pcicc_probe(struct ap_device *ap_dev);
75 static void zcrypt_pcicc_remove(struct ap_device *ap_dev);
76 static void zcrypt_pcicc_receive(struct ap_device *, struct ap_message *,
79 static struct ap_driver zcrypt_pcicc_driver = {
80 .probe = zcrypt_pcicc_probe,
81 .remove = zcrypt_pcicc_remove,
82 .receive = zcrypt_pcicc_receive,
83 .ids = zcrypt_pcicc_ids,
84 .request_timeout = PCICC_CLEANUP_TIME,
88 * The following is used to initialize the CPRB passed to the PCICC card
89 * in a type6 message. The 3 fields that must be filled in at execution
90 * time are req_parml, rpl_parml and usage_domain. Note that all three
91 * fields are *little*-endian. Actually, everything about this interface
92 * is ascii/little-endian, since the device has 'Intel inside'.
94 * The CPRB is followed immediately by the parm block.
95 * The parm block contains:
96 * - function code ('PD' 0x5044 or 'PK' 0x504B)
97 * - rule block (0x0A00 'PKCS-1.2' or 0x0A00 'ZERO-PAD')
100 static struct CPRB static_cprb = {
101 .cprb_len = __constant_cpu_to_le16(0x0070),
103 .func_id = {0x54,0x32},
104 .checkpoint_flag= 0x01,
105 .svr_namel = __constant_cpu_to_le16(0x0008),
106 .svr_name = {'I','C','S','F',' ',' ',' ',' '}
110 * Check the message for PKCS11 padding.
112 static inline int is_PKCS11_padded(unsigned char *buffer, int length)
115 if ((buffer[0] != 0x00) || (buffer[1] != 0x01))
117 for (i = 2; i < length; i++)
118 if (buffer[i] != 0xFF)
120 if (i < 10 || i == length)
122 if (buffer[i] != 0x00)
128 * Check the message for PKCS12 padding.
130 static inline int is_PKCS12_padded(unsigned char *buffer, int length)
133 if ((buffer[0] != 0x00) || (buffer[1] != 0x02))
135 for (i = 2; i < length; i++)
136 if (buffer[i] == 0x00)
138 if ((i < 10) || (i == length))
140 if (buffer[i] != 0x00)
146 * Convert a ICAMEX message to a type6 MEX message.
148 * @zdev: crypto device pointer
149 * @zreq: crypto request pointer
150 * @mex: pointer to user input data
152 * Returns 0 on success or -EFAULT.
154 static int ICAMEX_msg_to_type6MEX_msg(struct zcrypt_device *zdev,
155 struct ap_message *ap_msg,
156 struct ica_rsa_modexpo *mex)
158 static struct type6_hdr static_type6_hdr = {
160 .offset1 = 0x00000058,
161 .agent_id = {0x01,0x00,0x43,0x43,0x41,0x2D,0x41,0x50,
162 0x50,0x4C,0x20,0x20,0x20,0x01,0x01,0x01},
163 .function_code = {'P','K'},
165 static struct function_and_rules_block static_pke_function_and_rules ={
166 .function_code = {'P','K'},
167 .ulen = __constant_cpu_to_le16(10),
168 .only_rule = {'P','K','C','S','-','1','.','2'}
171 struct type6_hdr hdr;
173 struct function_and_rules_block fr;
174 unsigned short length;
176 } __attribute__((packed)) *msg = ap_msg->message;
177 int vud_len, pad_len, size;
180 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
183 if (is_PKCS11_padded(msg->text, mex->inputdatalength))
186 /* static message header and f&r */
187 msg->hdr = static_type6_hdr;
188 msg->fr = static_pke_function_and_rules;
190 if (is_PKCS12_padded(msg->text, mex->inputdatalength)) {
191 /* strip the padding and adjust the data length */
192 pad_len = strnlen(msg->text + 2, mex->inputdatalength - 2) + 3;
193 if (pad_len <= 9 || pad_len >= mex->inputdatalength)
195 vud_len = mex->inputdatalength - pad_len;
196 memmove(msg->text, msg->text + pad_len, vud_len);
197 msg->length = cpu_to_le16(vud_len + 2);
199 /* Set up key after the variable length text. */
200 size = zcrypt_type6_mex_key_en(mex, msg->text + vud_len, 0);
203 size += sizeof(*msg) + vud_len; /* total size of msg */
205 vud_len = mex->inputdatalength;
206 msg->length = cpu_to_le16(2 + vud_len);
208 msg->hdr.function_code[1] = 'D';
209 msg->fr.function_code[1] = 'D';
211 /* Set up key after the variable length text. */
212 size = zcrypt_type6_mex_key_de(mex, msg->text + vud_len, 0);
215 size += sizeof(*msg) + vud_len; /* total size of msg */
218 /* message header, cprb and f&r */
219 msg->hdr.ToCardLen1 = (size - sizeof(msg->hdr) + 3) & -4;
220 msg->hdr.FromCardLen1 = PCICC_MAX_RESPONSE_SIZE - sizeof(msg->hdr);
222 msg->cprb = static_cprb;
223 msg->cprb.usage_domain[0]= AP_QID_QUEUE(zdev->ap_dev->qid);
224 msg->cprb.req_parml = cpu_to_le16(size - sizeof(msg->hdr) -
226 msg->cprb.rpl_parml = cpu_to_le16(msg->hdr.FromCardLen1);
228 ap_msg->length = (size + 3) & -4;
233 * Convert a ICACRT message to a type6 CRT message.
235 * @zdev: crypto device pointer
236 * @zreq: crypto request pointer
237 * @crt: pointer to user input data
239 * Returns 0 on success or -EFAULT.
241 static int ICACRT_msg_to_type6CRT_msg(struct zcrypt_device *zdev,
242 struct ap_message *ap_msg,
243 struct ica_rsa_modexpo_crt *crt)
245 static struct type6_hdr static_type6_hdr = {
247 .offset1 = 0x00000058,
248 .agent_id = {0x01,0x00,0x43,0x43,0x41,0x2D,0x41,0x50,
249 0x50,0x4C,0x20,0x20,0x20,0x01,0x01,0x01},
250 .function_code = {'P','D'},
252 static struct function_and_rules_block static_pkd_function_and_rules ={
253 .function_code = {'P','D'},
254 .ulen = __constant_cpu_to_le16(10),
255 .only_rule = {'P','K','C','S','-','1','.','2'}
258 struct type6_hdr hdr;
260 struct function_and_rules_block fr;
261 unsigned short length;
263 } __attribute__((packed)) *msg = ap_msg->message;
267 msg->length = cpu_to_le16(2 + crt->inputdatalength);
268 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
271 if (is_PKCS11_padded(msg->text, crt->inputdatalength))
274 /* Set up key after the variable length text. */
275 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength, 0);
278 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */
280 /* message header, cprb and f&r */
281 msg->hdr = static_type6_hdr;
282 msg->hdr.ToCardLen1 = (size - sizeof(msg->hdr) + 3) & -4;
283 msg->hdr.FromCardLen1 = PCICC_MAX_RESPONSE_SIZE - sizeof(msg->hdr);
285 msg->cprb = static_cprb;
286 msg->cprb.usage_domain[0] = AP_QID_QUEUE(zdev->ap_dev->qid);
287 msg->cprb.req_parml = msg->cprb.rpl_parml =
288 cpu_to_le16(size - sizeof(msg->hdr) - sizeof(msg->cprb));
290 msg->fr = static_pkd_function_and_rules;
292 ap_msg->length = (size + 3) & -4;
297 * Copy results from a type 86 reply message back to user space.
299 * @zdev: crypto device pointer
300 * @reply: reply AP message.
301 * @data: pointer to user output data
302 * @length: size of user output data
304 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
306 struct type86_reply {
307 struct type86_hdr hdr;
308 struct type86_fmt2_ext fmt2;
310 unsigned char pad[4]; /* 4 byte function code/rules block ? */
311 unsigned short length;
313 } __attribute__((packed));
315 static int convert_type86(struct zcrypt_device *zdev,
316 struct ap_message *reply,
317 char __user *outputdata,
318 unsigned int outputdatalength)
320 static unsigned char static_pad[] = {
322 0x1B,0x7B,0x5D,0xB5,0x75,0x01,0x3D,0xFD,
323 0x8D,0xD1,0xC7,0x03,0x2D,0x09,0x23,0x57,
324 0x89,0x49,0xB9,0x3F,0xBB,0x99,0x41,0x5B,
325 0x75,0x21,0x7B,0x9D,0x3B,0x6B,0x51,0x39,
326 0xBB,0x0D,0x35,0xB9,0x89,0x0F,0x93,0xA5,
327 0x0B,0x47,0xF1,0xD3,0xBB,0xCB,0xF1,0x9D,
328 0x23,0x73,0x71,0xFF,0xF3,0xF5,0x45,0xFB,
329 0x61,0x29,0x23,0xFD,0xF1,0x29,0x3F,0x7F,
330 0x17,0xB7,0x1B,0xA9,0x19,0xBD,0x57,0xA9,
331 0xD7,0x95,0xA3,0xCB,0xED,0x1D,0xDB,0x45,
332 0x7D,0x11,0xD1,0x51,0x1B,0xED,0x71,0xE9,
333 0xB1,0xD1,0xAB,0xAB,0x21,0x2B,0x1B,0x9F,
334 0x3B,0x9F,0xF7,0xF7,0xBD,0x63,0xEB,0xAD,
335 0xDF,0xB3,0x6F,0x5B,0xDB,0x8D,0xA9,0x5D,
336 0xE3,0x7D,0x77,0x49,0x47,0xF5,0xA7,0xFD,
337 0xAB,0x2F,0x27,0x35,0x77,0xD3,0x49,0xC9,
338 0x09,0xEB,0xB1,0xF9,0xBF,0x4B,0xCB,0x2B,
339 0xEB,0xEB,0x05,0xFF,0x7D,0xC7,0x91,0x8B,
340 0x09,0x83,0xB9,0xB9,0x69,0x33,0x39,0x6B,
341 0x79,0x75,0x19,0xBF,0xBB,0x07,0x1D,0xBD,
342 0x29,0xBF,0x39,0x95,0x93,0x1D,0x35,0xC7,
343 0xC9,0x4D,0xE5,0x97,0x0B,0x43,0x9B,0xF1,
344 0x16,0x93,0x03,0x1F,0xA5,0xFB,0xDB,0xF3,
345 0x27,0x4F,0x27,0x61,0x05,0x1F,0xB9,0x23,
346 0x2F,0xC3,0x81,0xA9,0x23,0x71,0x55,0x55,
347 0xEB,0xED,0x41,0xE5,0xF3,0x11,0xF1,0x43,
348 0x69,0x03,0xBD,0x0B,0x37,0x0F,0x51,0x8F,
349 0x0B,0xB5,0x89,0x5B,0x67,0xA9,0xD9,0x4F,
350 0x01,0xF9,0x21,0x77,0x37,0x73,0x79,0xC5,
351 0x7F,0x51,0xC1,0xCF,0x97,0xA1,0x75,0xAD,
352 0x35,0x9D,0xD3,0xD3,0xA7,0x9D,0x5D,0x41,
353 0x6F,0x65,0x1B,0xCF,0xA9,0x87,0x91,0x09
355 struct type86_reply *msg = reply->message;
356 unsigned short service_rc, service_rs;
357 unsigned int reply_len, pad_len;
360 service_rc = le16_to_cpu(msg->cprb.ccp_rtcode);
361 if (unlikely(service_rc != 0)) {
362 service_rs = le16_to_cpu(msg->cprb.ccp_rscode);
363 if (service_rc == 8 && service_rs == 66)
365 if (service_rc == 8 && service_rs == 65)
367 if (service_rc == 8 && service_rs == 770) {
368 zdev->max_mod_size = PCICC_MAX_MOD_SIZE_OLD;
371 if (service_rc == 8 && service_rs == 783) {
372 zdev->max_mod_size = PCICC_MAX_MOD_SIZE_OLD;
375 if (service_rc == 8 && service_rs == 72)
378 return -EAGAIN; /* repeat the request on a different device. */
381 reply_len = le16_to_cpu(msg->length) - 2;
382 if (reply_len > outputdatalength)
385 * For all encipher requests, the length of the ciphertext (reply_len)
386 * will always equal the modulus length. For MEX decipher requests
387 * the output needs to get padded. Minimum pad size is 10.
389 * Currently, the cases where padding will be added is for:
390 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
391 * ZERO-PAD and CRT is only supported for PKD requests)
394 pad_len = outputdatalength - reply_len;
398 /* 'restore' padding left in the PCICC/PCIXCC card. */
399 if (copy_to_user(outputdata, static_pad, pad_len - 1))
401 if (put_user(0, outputdata + pad_len - 1))
404 /* Copy the crypto response to user space. */
405 if (copy_to_user(outputdata + pad_len, data, reply_len))
410 static int convert_response(struct zcrypt_device *zdev,
411 struct ap_message *reply,
412 char __user *outputdata,
413 unsigned int outputdatalength)
415 struct type86_reply *msg = reply->message;
417 /* Response type byte is the second byte in the response. */
418 switch (msg->hdr.type) {
419 case TYPE82_RSP_CODE:
420 case TYPE88_RSP_CODE:
421 return convert_error(zdev, reply);
422 case TYPE86_RSP_CODE:
423 if (msg->hdr.reply_code)
424 return convert_error(zdev, reply);
425 if (msg->cprb.cprb_ver_id == 0x01)
426 return convert_type86(zdev, reply,
427 outputdata, outputdatalength);
428 /* no break, incorrect cprb version is an unknown response */
429 default: /* Unknown response type, this should NEVER EVER happen */
431 return -EAGAIN; /* repeat the request on a different device. */
436 * This function is called from the AP bus code after a crypto request
437 * "msg" has finished with the reply message "reply".
438 * It is called from tasklet context.
439 * @ap_dev: pointer to the AP device
440 * @msg: pointer to the AP message
441 * @reply: pointer to the AP reply message
443 static void zcrypt_pcicc_receive(struct ap_device *ap_dev,
444 struct ap_message *msg,
445 struct ap_message *reply)
447 static struct error_hdr error_reply = {
448 .type = TYPE82_RSP_CODE,
449 .reply_code = REP82_ERROR_MACHINE_FAILURE,
451 struct type86_reply *t86r;
454 /* Copy the reply message to the request message buffer. */
456 memcpy(msg->message, &error_reply, sizeof(error_reply));
459 t86r = reply->message;
460 if (t86r->hdr.type == TYPE86_RSP_CODE &&
461 t86r->cprb.cprb_ver_id == 0x01) {
462 length = sizeof(struct type86_reply) + t86r->length - 2;
463 length = min(PCICC_MAX_RESPONSE_SIZE, length);
464 memcpy(msg->message, reply->message, length);
466 memcpy(msg->message, reply->message, sizeof error_reply);
468 complete((struct completion *) msg->private);
471 static atomic_t zcrypt_step = ATOMIC_INIT(0);
474 * The request distributor calls this function if it picked the PCICC
475 * device to handle a modexpo request.
476 * @zdev: pointer to zcrypt_device structure that identifies the
477 * PCICC device to the request distributor
478 * @mex: pointer to the modexpo request buffer
480 static long zcrypt_pcicc_modexpo(struct zcrypt_device *zdev,
481 struct ica_rsa_modexpo *mex)
483 struct ap_message ap_msg;
484 struct completion work;
487 ap_init_message(&ap_msg);
488 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
491 ap_msg.length = PAGE_SIZE;
492 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
493 atomic_inc_return(&zcrypt_step);
494 ap_msg.private = &work;
495 rc = ICAMEX_msg_to_type6MEX_msg(zdev, &ap_msg, mex);
498 init_completion(&work);
499 ap_queue_message(zdev->ap_dev, &ap_msg);
500 rc = wait_for_completion_interruptible(&work);
502 rc = convert_response(zdev, &ap_msg, mex->outputdata,
503 mex->outputdatalength);
505 /* Signal pending. */
506 ap_cancel_message(zdev->ap_dev, &ap_msg);
508 free_page((unsigned long) ap_msg.message);
513 * The request distributor calls this function if it picked the PCICC
514 * device to handle a modexpo_crt request.
515 * @zdev: pointer to zcrypt_device structure that identifies the
516 * PCICC device to the request distributor
517 * @crt: pointer to the modexpoc_crt request buffer
519 static long zcrypt_pcicc_modexpo_crt(struct zcrypt_device *zdev,
520 struct ica_rsa_modexpo_crt *crt)
522 struct ap_message ap_msg;
523 struct completion work;
526 ap_init_message(&ap_msg);
527 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
530 ap_msg.length = PAGE_SIZE;
531 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
532 atomic_inc_return(&zcrypt_step);
533 ap_msg.private = &work;
534 rc = ICACRT_msg_to_type6CRT_msg(zdev, &ap_msg, crt);
537 init_completion(&work);
538 ap_queue_message(zdev->ap_dev, &ap_msg);
539 rc = wait_for_completion_interruptible(&work);
541 rc = convert_response(zdev, &ap_msg, crt->outputdata,
542 crt->outputdatalength);
544 /* Signal pending. */
545 ap_cancel_message(zdev->ap_dev, &ap_msg);
547 free_page((unsigned long) ap_msg.message);
552 * The crypto operations for a PCICC card.
554 static struct zcrypt_ops zcrypt_pcicc_ops = {
555 .rsa_modexpo = zcrypt_pcicc_modexpo,
556 .rsa_modexpo_crt = zcrypt_pcicc_modexpo_crt,
560 * Probe function for PCICC cards. It always accepts the AP device
561 * since the bus_match already checked the hardware type.
562 * @ap_dev: pointer to the AP device.
564 static int zcrypt_pcicc_probe(struct ap_device *ap_dev)
566 struct zcrypt_device *zdev;
569 zdev = zcrypt_device_alloc(PCICC_MAX_RESPONSE_SIZE);
572 zdev->ap_dev = ap_dev;
573 zdev->ops = &zcrypt_pcicc_ops;
575 zdev->user_space_type = ZCRYPT_PCICC;
576 zdev->type_string = "PCICC";
577 zdev->min_mod_size = PCICC_MIN_MOD_SIZE;
578 zdev->max_mod_size = PCICC_MAX_MOD_SIZE;
579 zdev->speed_rating = PCICC_SPEED_RATING;
580 zdev->max_exp_bit_length = PCICC_MAX_MOD_SIZE;
581 ap_dev->reply = &zdev->reply;
582 ap_dev->private = zdev;
583 rc = zcrypt_device_register(zdev);
589 ap_dev->private = NULL;
590 zcrypt_device_free(zdev);
595 * This is called to remove the extended PCICC driver information
596 * if an AP device is removed.
598 static void zcrypt_pcicc_remove(struct ap_device *ap_dev)
600 struct zcrypt_device *zdev = ap_dev->private;
602 zcrypt_device_unregister(zdev);
605 int __init zcrypt_pcicc_init(void)
607 return ap_driver_register(&zcrypt_pcicc_driver, THIS_MODULE, "pcicc");
610 void zcrypt_pcicc_exit(void)
612 ap_driver_unregister(&zcrypt_pcicc_driver);
615 module_init(zcrypt_pcicc_init);
616 module_exit(zcrypt_pcicc_exit);