1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2018 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * 7 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 8 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 9 * Ralph Wuerthner <rwuerthn@de.ibm.com> 10 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 11 */ 12 13 #include <linux/module.h> 14 #include <linux/init.h> 15 #include <linux/err.h> 16 #include <linux/delay.h> 17 #include <linux/slab.h> 18 #include <linux/atomic.h> 19 #include <linux/uaccess.h> 20 #include <linux/mod_devicetable.h> 21 22 #include "ap_bus.h" 23 #include "zcrypt_api.h" 24 #include "zcrypt_error.h" 25 #include "zcrypt_msgtype6.h" 26 #include "zcrypt_cex2c.h" 27 #include "zcrypt_cca_key.h" 28 #include "zcrypt_ccamisc.h" 29 30 #define CEX2C_MIN_MOD_SIZE 16 /* 128 bits */ 31 #define CEX2C_MAX_MOD_SIZE 256 /* 2048 bits */ 32 #define CEX3C_MIN_MOD_SIZE 16 /* 128 bits */ 33 #define CEX3C_MAX_MOD_SIZE 512 /* 4096 bits */ 34 #define CEX2C_MAX_XCRB_MESSAGE_SIZE (12 * 1024) 35 #define CEX2C_CLEANUP_TIME (15 * HZ) 36 37 MODULE_AUTHOR("IBM Corporation"); 38 MODULE_DESCRIPTION("CEX2C/CEX3C Cryptographic Coprocessor device driver, " \ 39 "Copyright IBM Corp. 2001, 2018"); 40 MODULE_LICENSE("GPL"); 41 42 static struct ap_device_id zcrypt_cex2c_card_ids[] = { 43 { .dev_type = AP_DEVICE_TYPE_CEX2C, 44 .match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE }, 45 { .dev_type = AP_DEVICE_TYPE_CEX3C, 46 .match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE }, 47 { /* end of list */ }, 48 }; 49 50 MODULE_DEVICE_TABLE(ap, zcrypt_cex2c_card_ids); 51 52 static struct ap_device_id zcrypt_cex2c_queue_ids[] = { 53 { .dev_type = AP_DEVICE_TYPE_CEX2C, 54 .match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE }, 55 { .dev_type = AP_DEVICE_TYPE_CEX3C, 56 .match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE }, 57 { /* end of list */ }, 58 }; 59 60 MODULE_DEVICE_TABLE(ap, zcrypt_cex2c_queue_ids); 61 62 /* 63 * CCA card additional device attributes 64 */ 65 static ssize_t cca_serialnr_show(struct device *dev, 66 struct device_attribute *attr, 67 char *buf) 68 { 69 struct zcrypt_card *zc = dev_get_drvdata(dev); 70 struct cca_info ci; 71 struct ap_card *ac = to_ap_card(dev); 72 73 memset(&ci, 0, sizeof(ci)); 74 75 if (ap_domain_index >= 0) 76 cca_get_info(ac->id, ap_domain_index, &ci, zc->online); 77 78 return sysfs_emit(buf, "%s\n", ci.serial); 79 } 80 81 static struct device_attribute dev_attr_cca_serialnr = 82 __ATTR(serialnr, 0444, cca_serialnr_show, NULL); 83 84 static struct attribute *cca_card_attrs[] = { 85 &dev_attr_cca_serialnr.attr, 86 NULL, 87 }; 88 89 static const struct attribute_group cca_card_attr_grp = { 90 .attrs = cca_card_attrs, 91 }; 92 93 /* 94 * CCA queue additional device attributes 95 */ 96 static ssize_t cca_mkvps_show(struct device *dev, 97 struct device_attribute *attr, 98 char *buf) 99 { 100 struct zcrypt_queue *zq = dev_get_drvdata(dev); 101 int n = 0; 102 struct cca_info ci; 103 static const char * const cao_state[] = { "invalid", "valid" }; 104 static const char * const new_state[] = { "empty", "partial", "full" }; 105 106 memset(&ci, 0, sizeof(ci)); 107 108 cca_get_info(AP_QID_CARD(zq->queue->qid), 109 AP_QID_QUEUE(zq->queue->qid), 110 &ci, zq->online); 111 112 if (ci.new_aes_mk_state >= '1' && ci.new_aes_mk_state <= '3') 113 n = sysfs_emit(buf, "AES NEW: %s 0x%016llx\n", 114 new_state[ci.new_aes_mk_state - '1'], 115 ci.new_aes_mkvp); 116 else 117 n = sysfs_emit(buf, "AES NEW: - -\n"); 118 119 if (ci.cur_aes_mk_state >= '1' && ci.cur_aes_mk_state <= '2') 120 n += sysfs_emit_at(buf, n, "AES CUR: %s 0x%016llx\n", 121 cao_state[ci.cur_aes_mk_state - '1'], 122 ci.cur_aes_mkvp); 123 else 124 n += sysfs_emit_at(buf, n, "AES CUR: - -\n"); 125 126 if (ci.old_aes_mk_state >= '1' && ci.old_aes_mk_state <= '2') 127 n += sysfs_emit_at(buf, n, "AES OLD: %s 0x%016llx\n", 128 cao_state[ci.old_aes_mk_state - '1'], 129 ci.old_aes_mkvp); 130 else 131 n += sysfs_emit_at(buf, n, "AES OLD: - -\n"); 132 133 if (ci.new_apka_mk_state >= '1' && ci.new_apka_mk_state <= '3') 134 n += sysfs_emit_at(buf, n, "APKA NEW: %s 0x%016llx\n", 135 new_state[ci.new_apka_mk_state - '1'], 136 ci.new_apka_mkvp); 137 else 138 n += sysfs_emit_at(buf, n, "APKA NEW: - -\n"); 139 140 if (ci.cur_apka_mk_state >= '1' && ci.cur_apka_mk_state <= '2') 141 n += sysfs_emit_at(buf, n, "APKA CUR: %s 0x%016llx\n", 142 cao_state[ci.cur_apka_mk_state - '1'], 143 ci.cur_apka_mkvp); 144 else 145 n += sysfs_emit_at(buf, n, "APKA CUR: - -\n"); 146 147 if (ci.old_apka_mk_state >= '1' && ci.old_apka_mk_state <= '2') 148 n += sysfs_emit_at(buf, n, "APKA OLD: %s 0x%016llx\n", 149 cao_state[ci.old_apka_mk_state - '1'], 150 ci.old_apka_mkvp); 151 else 152 n += sysfs_emit_at(buf, n, "APKA OLD: - -\n"); 153 154 return n; 155 } 156 157 static struct device_attribute dev_attr_cca_mkvps = 158 __ATTR(mkvps, 0444, cca_mkvps_show, NULL); 159 160 static struct attribute *cca_queue_attrs[] = { 161 &dev_attr_cca_mkvps.attr, 162 NULL, 163 }; 164 165 static const struct attribute_group cca_queue_attr_grp = { 166 .attrs = cca_queue_attrs, 167 }; 168 169 /* 170 * Large random number detection function. Its sends a message to a CEX2C/CEX3C 171 * card to find out if large random numbers are supported. 172 * @ap_dev: pointer to the AP device. 173 * 174 * Returns 1 if large random numbers are supported, 0 if not and < 0 on error. 175 */ 176 static int zcrypt_cex2c_rng_supported(struct ap_queue *aq) 177 { 178 struct ap_message ap_msg; 179 unsigned long psmid; 180 unsigned int domain; 181 struct { 182 struct type86_hdr hdr; 183 struct type86_fmt2_ext fmt2; 184 struct CPRBX cprbx; 185 } __packed *reply; 186 struct { 187 struct type6_hdr hdr; 188 struct CPRBX cprbx; 189 char function_code[2]; 190 short int rule_length; 191 char rule[8]; 192 short int verb_length; 193 short int key_length; 194 } __packed *msg; 195 int rc, i; 196 197 ap_init_message(&ap_msg); 198 ap_msg.msg = (void *)get_zeroed_page(GFP_KERNEL); 199 if (!ap_msg.msg) 200 return -ENOMEM; 201 ap_msg.bufsize = PAGE_SIZE; 202 203 rng_type6cprb_msgx(&ap_msg, 4, &domain); 204 205 msg = ap_msg.msg; 206 msg->cprbx.domain = AP_QID_QUEUE(aq->qid); 207 208 rc = ap_send(aq->qid, 0x0102030405060708UL, ap_msg.msg, ap_msg.len); 209 if (rc) 210 goto out_free; 211 212 /* Wait for the test message to complete. */ 213 for (i = 0; i < 2 * HZ; i++) { 214 msleep(1000 / HZ); 215 rc = ap_recv(aq->qid, &psmid, ap_msg.msg, ap_msg.bufsize); 216 if (rc == 0 && psmid == 0x0102030405060708UL) 217 break; 218 } 219 220 if (i >= 2 * HZ) { 221 /* Got no answer. */ 222 rc = -ENODEV; 223 goto out_free; 224 } 225 226 reply = ap_msg.msg; 227 if (reply->cprbx.ccp_rtcode == 0 && reply->cprbx.ccp_rscode == 0) 228 rc = 1; 229 else 230 rc = 0; 231 out_free: 232 free_page((unsigned long)ap_msg.msg); 233 return rc; 234 } 235 236 /* 237 * Probe function for CEX2C/CEX3C card devices. It always accepts the 238 * AP device since the bus_match already checked the hardware type. 239 * @ap_dev: pointer to the AP card device. 240 */ 241 static int zcrypt_cex2c_card_probe(struct ap_device *ap_dev) 242 { 243 /* 244 * Normalized speed ratings per crypto adapter 245 * MEX_1k, MEX_2k, MEX_4k, CRT_1k, CRT_2k, CRT_4k, RNG, SECKEY 246 */ 247 static const int CEX2C_SPEED_IDX[] = { 248 1000, 1400, 2400, 1100, 1500, 2600, 100, 12}; 249 static const int CEX3C_SPEED_IDX[] = { 250 500, 700, 1400, 550, 800, 1500, 80, 10}; 251 252 struct ap_card *ac = to_ap_card(&ap_dev->device); 253 struct zcrypt_card *zc; 254 int rc = 0; 255 256 zc = zcrypt_card_alloc(); 257 if (!zc) 258 return -ENOMEM; 259 zc->card = ac; 260 dev_set_drvdata(&ap_dev->device, zc); 261 switch (ac->ap_dev.device_type) { 262 case AP_DEVICE_TYPE_CEX2C: 263 zc->user_space_type = ZCRYPT_CEX2C; 264 zc->type_string = "CEX2C"; 265 zc->speed_rating = CEX2C_SPEED_IDX; 266 zc->min_mod_size = CEX2C_MIN_MOD_SIZE; 267 zc->max_mod_size = CEX2C_MAX_MOD_SIZE; 268 zc->max_exp_bit_length = CEX2C_MAX_MOD_SIZE; 269 break; 270 case AP_DEVICE_TYPE_CEX3C: 271 zc->user_space_type = ZCRYPT_CEX3C; 272 zc->type_string = "CEX3C"; 273 zc->speed_rating = CEX3C_SPEED_IDX; 274 zc->min_mod_size = CEX3C_MIN_MOD_SIZE; 275 zc->max_mod_size = CEX3C_MAX_MOD_SIZE; 276 zc->max_exp_bit_length = CEX3C_MAX_MOD_SIZE; 277 break; 278 default: 279 zcrypt_card_free(zc); 280 return -ENODEV; 281 } 282 zc->online = 1; 283 284 rc = zcrypt_card_register(zc); 285 if (rc) { 286 zcrypt_card_free(zc); 287 return rc; 288 } 289 290 if (ap_test_bit(&ac->functions, AP_FUNC_COPRO)) { 291 rc = sysfs_create_group(&ap_dev->device.kobj, 292 &cca_card_attr_grp); 293 if (rc) { 294 zcrypt_card_unregister(zc); 295 zcrypt_card_free(zc); 296 } 297 } 298 299 return rc; 300 } 301 302 /* 303 * This is called to remove the CEX2C/CEX3C card driver information 304 * if an AP card device is removed. 305 */ 306 static void zcrypt_cex2c_card_remove(struct ap_device *ap_dev) 307 { 308 struct zcrypt_card *zc = dev_get_drvdata(&ap_dev->device); 309 struct ap_card *ac = to_ap_card(&ap_dev->device); 310 311 if (ap_test_bit(&ac->functions, AP_FUNC_COPRO)) 312 sysfs_remove_group(&ap_dev->device.kobj, &cca_card_attr_grp); 313 314 zcrypt_card_unregister(zc); 315 } 316 317 static struct ap_driver zcrypt_cex2c_card_driver = { 318 .probe = zcrypt_cex2c_card_probe, 319 .remove = zcrypt_cex2c_card_remove, 320 .ids = zcrypt_cex2c_card_ids, 321 .flags = AP_DRIVER_FLAG_DEFAULT, 322 }; 323 324 /* 325 * Probe function for CEX2C/CEX3C queue devices. It always accepts the 326 * AP device since the bus_match already checked the hardware type. 327 * @ap_dev: pointer to the AP card device. 328 */ 329 static int zcrypt_cex2c_queue_probe(struct ap_device *ap_dev) 330 { 331 struct ap_queue *aq = to_ap_queue(&ap_dev->device); 332 struct zcrypt_queue *zq; 333 int rc; 334 335 zq = zcrypt_queue_alloc(CEX2C_MAX_XCRB_MESSAGE_SIZE); 336 if (!zq) 337 return -ENOMEM; 338 zq->queue = aq; 339 zq->online = 1; 340 atomic_set(&zq->load, 0); 341 ap_rapq(aq->qid, 0); 342 rc = zcrypt_cex2c_rng_supported(aq); 343 if (rc < 0) { 344 zcrypt_queue_free(zq); 345 return rc; 346 } 347 if (rc) 348 zq->ops = zcrypt_msgtype(MSGTYPE06_NAME, 349 MSGTYPE06_VARIANT_DEFAULT); 350 else 351 zq->ops = zcrypt_msgtype(MSGTYPE06_NAME, 352 MSGTYPE06_VARIANT_NORNG); 353 ap_queue_init_state(aq); 354 ap_queue_init_reply(aq, &zq->reply); 355 aq->request_timeout = CEX2C_CLEANUP_TIME; 356 dev_set_drvdata(&ap_dev->device, zq); 357 rc = zcrypt_queue_register(zq); 358 if (rc) { 359 zcrypt_queue_free(zq); 360 return rc; 361 } 362 363 if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO)) { 364 rc = sysfs_create_group(&ap_dev->device.kobj, 365 &cca_queue_attr_grp); 366 if (rc) { 367 zcrypt_queue_unregister(zq); 368 zcrypt_queue_free(zq); 369 } 370 } 371 372 return rc; 373 } 374 375 /* 376 * This is called to remove the CEX2C/CEX3C queue driver information 377 * if an AP queue device is removed. 378 */ 379 static void zcrypt_cex2c_queue_remove(struct ap_device *ap_dev) 380 { 381 struct zcrypt_queue *zq = dev_get_drvdata(&ap_dev->device); 382 struct ap_queue *aq = to_ap_queue(&ap_dev->device); 383 384 if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO)) 385 sysfs_remove_group(&ap_dev->device.kobj, &cca_queue_attr_grp); 386 387 zcrypt_queue_unregister(zq); 388 } 389 390 static struct ap_driver zcrypt_cex2c_queue_driver = { 391 .probe = zcrypt_cex2c_queue_probe, 392 .remove = zcrypt_cex2c_queue_remove, 393 .ids = zcrypt_cex2c_queue_ids, 394 .flags = AP_DRIVER_FLAG_DEFAULT, 395 }; 396 397 int __init zcrypt_cex2c_init(void) 398 { 399 int rc; 400 401 rc = ap_driver_register(&zcrypt_cex2c_card_driver, 402 THIS_MODULE, "cex2card"); 403 if (rc) 404 return rc; 405 406 rc = ap_driver_register(&zcrypt_cex2c_queue_driver, 407 THIS_MODULE, "cex2cqueue"); 408 if (rc) 409 ap_driver_unregister(&zcrypt_cex2c_card_driver); 410 411 return rc; 412 } 413 414 void zcrypt_cex2c_exit(void) 415 { 416 ap_driver_unregister(&zcrypt_cex2c_queue_driver); 417 ap_driver_unregister(&zcrypt_cex2c_card_driver); 418 } 419 420 module_init(zcrypt_cex2c_init); 421 module_exit(zcrypt_cex2c_exit); 422