1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright IBM Corp. 2001, 2023
4 * Author(s): Robert Burroughs
5 * Eric Rossman (edrossma@us.ibm.com)
6 *
7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
9 * Ralph Wuerthner <rwuerthn@de.ibm.com>
10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com>
11 */
12
13#define KMSG_COMPONENT "zcrypt"
14#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
15
16#include <linux/module.h>
17#include <linux/slab.h>
18#include <linux/init.h>
19#include <linux/err.h>
20#include <linux/atomic.h>
21#include <linux/uaccess.h>
22
23#include "ap_bus.h"
24#include "zcrypt_api.h"
25#include "zcrypt_error.h"
26#include "zcrypt_msgtype50.h"
27
28/* >= CEX3A: 4096 bits */
29#define CEX3A_MAX_MOD_SIZE 512
30
31/* >= CEX3A: 512 bit modulus, (max outputdatalength) + type80_hdr */
32#define CEX3A_MAX_RESPONSE_SIZE 0x210
33
34MODULE_AUTHOR("IBM Corporation");
35MODULE_DESCRIPTION("Cryptographic Accelerator (message type 50), " \
36 "Copyright IBM Corp. 2001, 2023");
37MODULE_LICENSE("GPL");
38
39/*
40 * The type 50 message family is associated with a CEXxA cards.
41 *
42 * The four members of the family are described below.
43 *
44 * Note that all unsigned char arrays are right-justified and left-padded
45 * with zeroes.
46 *
47 * Note that all reserved fields must be zeroes.
48 */
49struct type50_hdr {
50 unsigned char reserved1;
51 unsigned char msg_type_code; /* 0x50 */
52 unsigned short msg_len;
53 unsigned char reserved2;
54 unsigned char ignored;
55 unsigned short reserved3;
56} __packed;
57
58#define TYPE50_TYPE_CODE 0x50
59
60#define TYPE50_MEB1_FMT 0x0001
61#define TYPE50_MEB2_FMT 0x0002
62#define TYPE50_MEB3_FMT 0x0003
63#define TYPE50_CRB1_FMT 0x0011
64#define TYPE50_CRB2_FMT 0x0012
65#define TYPE50_CRB3_FMT 0x0013
66
67/* Mod-Exp, with a small modulus */
68struct type50_meb1_msg {
69 struct type50_hdr header;
70 unsigned short keyblock_type; /* 0x0001 */
71 unsigned char reserved[6];
72 unsigned char exponent[128];
73 unsigned char modulus[128];
74 unsigned char message[128];
75} __packed;
76
77/* Mod-Exp, with a large modulus */
78struct type50_meb2_msg {
79 struct type50_hdr header;
80 unsigned short keyblock_type; /* 0x0002 */
81 unsigned char reserved[6];
82 unsigned char exponent[256];
83 unsigned char modulus[256];
84 unsigned char message[256];
85} __packed;
86
87/* Mod-Exp, with a larger modulus */
88struct type50_meb3_msg {
89 struct type50_hdr header;
90 unsigned short keyblock_type; /* 0x0003 */
91 unsigned char reserved[6];
92 unsigned char exponent[512];
93 unsigned char modulus[512];
94 unsigned char message[512];
95} __packed;
96
97/* CRT, with a small modulus */
98struct type50_crb1_msg {
99 struct type50_hdr header;
100 unsigned short keyblock_type; /* 0x0011 */
101 unsigned char reserved[6];
102 unsigned char p[64];
103 unsigned char q[64];
104 unsigned char dp[64];
105 unsigned char dq[64];
106 unsigned char u[64];
107 unsigned char message[128];
108} __packed;
109
110/* CRT, with a large modulus */
111struct type50_crb2_msg {
112 struct type50_hdr header;
113 unsigned short keyblock_type; /* 0x0012 */
114 unsigned char reserved[6];
115 unsigned char p[128];
116 unsigned char q[128];
117 unsigned char dp[128];
118 unsigned char dq[128];
119 unsigned char u[128];
120 unsigned char message[256];
121} __packed;
122
123/* CRT, with a larger modulus */
124struct type50_crb3_msg {
125 struct type50_hdr header;
126 unsigned short keyblock_type; /* 0x0013 */
127 unsigned char reserved[6];
128 unsigned char p[256];
129 unsigned char q[256];
130 unsigned char dp[256];
131 unsigned char dq[256];
132 unsigned char u[256];
133 unsigned char message[512];
134} __packed;
135
136/*
137 * The type 80 response family is associated with a CEXxA cards.
138 *
139 * Note that all unsigned char arrays are right-justified and left-padded
140 * with zeroes.
141 *
142 * Note that all reserved fields must be zeroes.
143 */
144
145#define TYPE80_RSP_CODE 0x80
146
147struct type80_hdr {
148 unsigned char reserved1;
149 unsigned char type; /* 0x80 */
150 unsigned short len;
151 unsigned char code; /* 0x00 */
152 unsigned char reserved2[3];
153 unsigned char reserved3[8];
154} __packed;
155
156int get_rsa_modex_fc(struct ica_rsa_modexpo *mex, int *fcode)
157{
158 if (!mex->inputdatalength)
159 return -EINVAL;
160
161 if (mex->inputdatalength <= 128) /* 1024 bit */
162 *fcode = MEX_1K;
163 else if (mex->inputdatalength <= 256) /* 2048 bit */
164 *fcode = MEX_2K;
165 else /* 4096 bit */
166 *fcode = MEX_4K;
167
168 return 0;
169}
170
171int get_rsa_crt_fc(struct ica_rsa_modexpo_crt *crt, int *fcode)
172{
173 if (!crt->inputdatalength)
174 return -EINVAL;
175
176 if (crt->inputdatalength <= 128) /* 1024 bit */
177 *fcode = CRT_1K;
178 else if (crt->inputdatalength <= 256) /* 2048 bit */
179 *fcode = CRT_2K;
180 else /* 4096 bit */
181 *fcode = CRT_4K;
182
183 return 0;
184}
185
186/*
187 * Convert a ICAMEX message to a type50 MEX message.
188 *
189 * @zq: crypto queue pointer
190 * @ap_msg: crypto request pointer
191 * @mex: pointer to user input data
192 *
193 * Returns 0 on success or -EFAULT.
194 */
195static int ICAMEX_msg_to_type50MEX_msg(struct zcrypt_queue *zq,
196 struct ap_message *ap_msg,
197 struct ica_rsa_modexpo *mex)
198{
199 unsigned char *mod, *exp, *inp;
200 int mod_len;
201
202 mod_len = mex->inputdatalength;
203
204 if (mod_len <= 128) {
205 struct type50_meb1_msg *meb1 = ap_msg->msg;
206
207 memset(meb1, 0, sizeof(*meb1));
208 ap_msg->len = sizeof(*meb1);
209 meb1->header.msg_type_code = TYPE50_TYPE_CODE;
210 meb1->header.msg_len = sizeof(*meb1);
211 meb1->keyblock_type = TYPE50_MEB1_FMT;
212 mod = meb1->modulus + sizeof(meb1->modulus) - mod_len;
213 exp = meb1->exponent + sizeof(meb1->exponent) - mod_len;
214 inp = meb1->message + sizeof(meb1->message) - mod_len;
215 } else if (mod_len <= 256) {
216 struct type50_meb2_msg *meb2 = ap_msg->msg;
217
218 memset(meb2, 0, sizeof(*meb2));
219 ap_msg->len = sizeof(*meb2);
220 meb2->header.msg_type_code = TYPE50_TYPE_CODE;
221 meb2->header.msg_len = sizeof(*meb2);
222 meb2->keyblock_type = TYPE50_MEB2_FMT;
223 mod = meb2->modulus + sizeof(meb2->modulus) - mod_len;
224 exp = meb2->exponent + sizeof(meb2->exponent) - mod_len;
225 inp = meb2->message + sizeof(meb2->message) - mod_len;
226 } else if (mod_len <= 512) {
227 struct type50_meb3_msg *meb3 = ap_msg->msg;
228
229 memset(meb3, 0, sizeof(*meb3));
230 ap_msg->len = sizeof(*meb3);
231 meb3->header.msg_type_code = TYPE50_TYPE_CODE;
232 meb3->header.msg_len = sizeof(*meb3);
233 meb3->keyblock_type = TYPE50_MEB3_FMT;
234 mod = meb3->modulus + sizeof(meb3->modulus) - mod_len;
235 exp = meb3->exponent + sizeof(meb3->exponent) - mod_len;
236 inp = meb3->message + sizeof(meb3->message) - mod_len;
237 } else {
238 return -EINVAL;
239 }
240
241 if (copy_from_user(to: mod, from: mex->n_modulus, n: mod_len) ||
242 copy_from_user(to: exp, from: mex->b_key, n: mod_len) ||
243 copy_from_user(to: inp, from: mex->inputdata, n: mod_len))
244 return -EFAULT;
245
246 return 0;
247}
248
249/*
250 * Convert a ICACRT message to a type50 CRT message.
251 *
252 * @zq: crypto queue pointer
253 * @ap_msg: crypto request pointer
254 * @crt: pointer to user input data
255 *
256 * Returns 0 on success or -EFAULT.
257 */
258static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_queue *zq,
259 struct ap_message *ap_msg,
260 struct ica_rsa_modexpo_crt *crt)
261{
262 int mod_len, short_len;
263 unsigned char *p, *q, *dp, *dq, *u, *inp;
264
265 mod_len = crt->inputdatalength;
266 short_len = (mod_len + 1) / 2;
267
268 /*
269 * CEX2A and CEX3A w/o FW update can handle requests up to
270 * 256 byte modulus (2k keys).
271 * CEX3A with FW update and newer CEXxA cards are able to handle
272 * 512 byte modulus (4k keys).
273 */
274 if (mod_len <= 128) { /* up to 1024 bit key size */
275 struct type50_crb1_msg *crb1 = ap_msg->msg;
276
277 memset(crb1, 0, sizeof(*crb1));
278 ap_msg->len = sizeof(*crb1);
279 crb1->header.msg_type_code = TYPE50_TYPE_CODE;
280 crb1->header.msg_len = sizeof(*crb1);
281 crb1->keyblock_type = TYPE50_CRB1_FMT;
282 p = crb1->p + sizeof(crb1->p) - short_len;
283 q = crb1->q + sizeof(crb1->q) - short_len;
284 dp = crb1->dp + sizeof(crb1->dp) - short_len;
285 dq = crb1->dq + sizeof(crb1->dq) - short_len;
286 u = crb1->u + sizeof(crb1->u) - short_len;
287 inp = crb1->message + sizeof(crb1->message) - mod_len;
288 } else if (mod_len <= 256) { /* up to 2048 bit key size */
289 struct type50_crb2_msg *crb2 = ap_msg->msg;
290
291 memset(crb2, 0, sizeof(*crb2));
292 ap_msg->len = sizeof(*crb2);
293 crb2->header.msg_type_code = TYPE50_TYPE_CODE;
294 crb2->header.msg_len = sizeof(*crb2);
295 crb2->keyblock_type = TYPE50_CRB2_FMT;
296 p = crb2->p + sizeof(crb2->p) - short_len;
297 q = crb2->q + sizeof(crb2->q) - short_len;
298 dp = crb2->dp + sizeof(crb2->dp) - short_len;
299 dq = crb2->dq + sizeof(crb2->dq) - short_len;
300 u = crb2->u + sizeof(crb2->u) - short_len;
301 inp = crb2->message + sizeof(crb2->message) - mod_len;
302 } else if ((mod_len <= 512) && /* up to 4096 bit key size */
303 (zq->zcard->max_mod_size == CEX3A_MAX_MOD_SIZE)) {
304 struct type50_crb3_msg *crb3 = ap_msg->msg;
305
306 memset(crb3, 0, sizeof(*crb3));
307 ap_msg->len = sizeof(*crb3);
308 crb3->header.msg_type_code = TYPE50_TYPE_CODE;
309 crb3->header.msg_len = sizeof(*crb3);
310 crb3->keyblock_type = TYPE50_CRB3_FMT;
311 p = crb3->p + sizeof(crb3->p) - short_len;
312 q = crb3->q + sizeof(crb3->q) - short_len;
313 dp = crb3->dp + sizeof(crb3->dp) - short_len;
314 dq = crb3->dq + sizeof(crb3->dq) - short_len;
315 u = crb3->u + sizeof(crb3->u) - short_len;
316 inp = crb3->message + sizeof(crb3->message) - mod_len;
317 } else {
318 return -EINVAL;
319 }
320
321 /*
322 * correct the offset of p, bp and mult_inv according zcrypt.h
323 * block size right aligned (skip the first byte)
324 */
325 if (copy_from_user(to: p, from: crt->np_prime + MSGTYPE_ADJUSTMENT, n: short_len) ||
326 copy_from_user(to: q, from: crt->nq_prime, n: short_len) ||
327 copy_from_user(to: dp, from: crt->bp_key + MSGTYPE_ADJUSTMENT, n: short_len) ||
328 copy_from_user(to: dq, from: crt->bq_key, n: short_len) ||
329 copy_from_user(to: u, from: crt->u_mult_inv + MSGTYPE_ADJUSTMENT, n: short_len) ||
330 copy_from_user(to: inp, from: crt->inputdata, n: mod_len))
331 return -EFAULT;
332
333 return 0;
334}
335
336/*
337 * Copy results from a type 80 reply message back to user space.
338 *
339 * @zq: crypto device pointer
340 * @reply: reply AP message.
341 * @data: pointer to user output data
342 * @length: size of user output data
343 *
344 * Returns 0 on success or -EFAULT.
345 */
346static int convert_type80(struct zcrypt_queue *zq,
347 struct ap_message *reply,
348 char __user *outputdata,
349 unsigned int outputdatalength)
350{
351 struct type80_hdr *t80h = reply->msg;
352 unsigned char *data;
353
354 if (t80h->len < sizeof(*t80h) + outputdatalength) {
355 /* The result is too short, the CEXxA card may not do that.. */
356 zq->online = 0;
357 pr_err("Crypto dev=%02x.%04x code=0x%02x => online=0 rc=EAGAIN\n",
358 AP_QID_CARD(zq->queue->qid),
359 AP_QID_QUEUE(zq->queue->qid), t80h->code);
360 ZCRYPT_DBF_ERR("%s dev=%02x.%04x code=0x%02x => online=0 rc=EAGAIN\n",
361 __func__, AP_QID_CARD(zq->queue->qid),
362 AP_QID_QUEUE(zq->queue->qid), t80h->code);
363 ap_send_online_uevent(ap_dev: &zq->queue->ap_dev, online: zq->online);
364 return -EAGAIN;
365 }
366 BUG_ON(t80h->len > CEX3A_MAX_RESPONSE_SIZE);
367 data = reply->msg + t80h->len - outputdatalength;
368 if (copy_to_user(to: outputdata, from: data, n: outputdatalength))
369 return -EFAULT;
370 return 0;
371}
372
373static int convert_response(struct zcrypt_queue *zq,
374 struct ap_message *reply,
375 char __user *outputdata,
376 unsigned int outputdatalength)
377{
378 /* Response type byte is the second byte in the response. */
379 unsigned char rtype = ((unsigned char *)reply->msg)[1];
380
381 switch (rtype) {
382 case TYPE82_RSP_CODE:
383 case TYPE88_RSP_CODE:
384 return convert_error(zq, reply);
385 case TYPE80_RSP_CODE:
386 return convert_type80(zq, reply,
387 outputdata, outputdatalength);
388 default: /* Unknown response type, this should NEVER EVER happen */
389 zq->online = 0;
390 pr_err("Crypto dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
391 AP_QID_CARD(zq->queue->qid),
392 AP_QID_QUEUE(zq->queue->qid),
393 (int)rtype);
394 ZCRYPT_DBF_ERR(
395 "%s dev=%02x.%04x unknown response type 0x%02x => online=0 rc=EAGAIN\n",
396 __func__, AP_QID_CARD(zq->queue->qid),
397 AP_QID_QUEUE(zq->queue->qid), (int)rtype);
398 ap_send_online_uevent(ap_dev: &zq->queue->ap_dev, online: zq->online);
399 return -EAGAIN;
400 }
401}
402
403/*
404 * This function is called from the AP bus code after a crypto request
405 * "msg" has finished with the reply message "reply".
406 * It is called from tasklet context.
407 * @aq: pointer to the AP device
408 * @msg: pointer to the AP message
409 * @reply: pointer to the AP reply message
410 */
411static void zcrypt_msgtype50_receive(struct ap_queue *aq,
412 struct ap_message *msg,
413 struct ap_message *reply)
414{
415 static struct error_hdr error_reply = {
416 .type = TYPE82_RSP_CODE,
417 .reply_code = REP82_ERROR_MACHINE_FAILURE,
418 };
419 struct type80_hdr *t80h;
420 int len;
421
422 /* Copy the reply message to the request message buffer. */
423 if (!reply)
424 goto out; /* ap_msg->rc indicates the error */
425 t80h = reply->msg;
426 if (t80h->type == TYPE80_RSP_CODE) {
427 len = t80h->len;
428 if (len > reply->bufsize || len > msg->bufsize ||
429 len != reply->len) {
430 ZCRYPT_DBF_DBG("%s len mismatch => EMSGSIZE\n", __func__);
431 msg->rc = -EMSGSIZE;
432 goto out;
433 }
434 memcpy(msg->msg, reply->msg, len);
435 msg->len = len;
436 } else {
437 memcpy(msg->msg, reply->msg, sizeof(error_reply));
438 msg->len = sizeof(error_reply);
439 }
440out:
441 complete((struct completion *)msg->private);
442}
443
444static atomic_t zcrypt_step = ATOMIC_INIT(0);
445
446/*
447 * The request distributor calls this function if it picked the CEXxA
448 * device to handle a modexpo request.
449 * @zq: pointer to zcrypt_queue structure that identifies the
450 * CEXxA device to the request distributor
451 * @mex: pointer to the modexpo request buffer
452 */
453static long zcrypt_msgtype50_modexpo(struct zcrypt_queue *zq,
454 struct ica_rsa_modexpo *mex,
455 struct ap_message *ap_msg)
456{
457 struct completion work;
458 int rc;
459
460 ap_msg->bufsize = MSGTYPE50_CRB3_MAX_MSG_SIZE;
461 ap_msg->msg = kmalloc(size: ap_msg->bufsize, GFP_KERNEL);
462 if (!ap_msg->msg)
463 return -ENOMEM;
464 ap_msg->receive = zcrypt_msgtype50_receive;
465 ap_msg->psmid = (((unsigned long)current->pid) << 32) +
466 atomic_inc_return(v: &zcrypt_step);
467 ap_msg->private = &work;
468 rc = ICAMEX_msg_to_type50MEX_msg(zq, ap_msg, mex);
469 if (rc)
470 goto out;
471 init_completion(x: &work);
472 rc = ap_queue_message(aq: zq->queue, ap_msg);
473 if (rc)
474 goto out;
475 rc = wait_for_completion_interruptible(x: &work);
476 if (rc == 0) {
477 rc = ap_msg->rc;
478 if (rc == 0)
479 rc = convert_response(zq, reply: ap_msg,
480 outputdata: mex->outputdata,
481 outputdatalength: mex->outputdatalength);
482 } else {
483 /* Signal pending. */
484 ap_cancel_message(aq: zq->queue, ap_msg);
485 }
486
487out:
488 ap_msg->private = NULL;
489 if (rc)
490 ZCRYPT_DBF_DBG("%s send me cprb at dev=%02x.%04x rc=%d\n",
491 __func__, AP_QID_CARD(zq->queue->qid),
492 AP_QID_QUEUE(zq->queue->qid), rc);
493 return rc;
494}
495
496/*
497 * The request distributor calls this function if it picked the CEXxA
498 * device to handle a modexpo_crt request.
499 * @zq: pointer to zcrypt_queue structure that identifies the
500 * CEXxA device to the request distributor
501 * @crt: pointer to the modexpoc_crt request buffer
502 */
503static long zcrypt_msgtype50_modexpo_crt(struct zcrypt_queue *zq,
504 struct ica_rsa_modexpo_crt *crt,
505 struct ap_message *ap_msg)
506{
507 struct completion work;
508 int rc;
509
510 ap_msg->bufsize = MSGTYPE50_CRB3_MAX_MSG_SIZE;
511 ap_msg->msg = kmalloc(size: ap_msg->bufsize, GFP_KERNEL);
512 if (!ap_msg->msg)
513 return -ENOMEM;
514 ap_msg->receive = zcrypt_msgtype50_receive;
515 ap_msg->psmid = (((unsigned long)current->pid) << 32) +
516 atomic_inc_return(v: &zcrypt_step);
517 ap_msg->private = &work;
518 rc = ICACRT_msg_to_type50CRT_msg(zq, ap_msg, crt);
519 if (rc)
520 goto out;
521 init_completion(x: &work);
522 rc = ap_queue_message(aq: zq->queue, ap_msg);
523 if (rc)
524 goto out;
525 rc = wait_for_completion_interruptible(x: &work);
526 if (rc == 0) {
527 rc = ap_msg->rc;
528 if (rc == 0)
529 rc = convert_response(zq, reply: ap_msg,
530 outputdata: crt->outputdata,
531 outputdatalength: crt->outputdatalength);
532 } else {
533 /* Signal pending. */
534 ap_cancel_message(aq: zq->queue, ap_msg);
535 }
536
537out:
538 ap_msg->private = NULL;
539 if (rc)
540 ZCRYPT_DBF_DBG("%s send crt cprb at dev=%02x.%04x rc=%d\n",
541 __func__, AP_QID_CARD(zq->queue->qid),
542 AP_QID_QUEUE(zq->queue->qid), rc);
543 return rc;
544}
545
546/*
547 * The crypto operations for message type 50.
548 */
549static struct zcrypt_ops zcrypt_msgtype50_ops = {
550 .rsa_modexpo = zcrypt_msgtype50_modexpo,
551 .rsa_modexpo_crt = zcrypt_msgtype50_modexpo_crt,
552 .owner = THIS_MODULE,
553 .name = MSGTYPE50_NAME,
554 .variant = MSGTYPE50_VARIANT_DEFAULT,
555};
556
557void __init zcrypt_msgtype50_init(void)
558{
559 zcrypt_msgtype_register(&zcrypt_msgtype50_ops);
560}
561
562void __exit zcrypt_msgtype50_exit(void)
563{
564 zcrypt_msgtype_unregister(&zcrypt_msgtype50_ops);
565}
566

source code of linux/drivers/s390/crypto/zcrypt_msgtype50.c