s390/crypto/zcrypt_cex2c.c

0001 // SPDX-License-Identifier: GPL-2.0+
0002 /*
0003  *  Copyright IBM Corp. 2001, 2018
0004  *  Author(s): Robert Burroughs
0005  *         Eric Rossman (edrossma@us.ibm.com)
0006  *
0007  *  Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
0008  *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
0009  *                Ralph Wuerthner <rwuerthn@de.ibm.com>
0010  *  MSGTYPE restruct:         Holger Dengler <hd@linux.vnet.ibm.com>
0011  */
0012
0013 #include <linux/module.h>
0014 #include <linux/init.h>
0015 #include <linux/err.h>
0016 #include <linux/delay.h>
0017 #include <linux/slab.h>
0018 #include <linux/atomic.h>
0019 #include <linux/uaccess.h>
0020 #include <linux/mod_devicetable.h>
0021
0022 #include "ap_bus.h"
0023 #include "zcrypt_api.h"
0024 #include "zcrypt_error.h"
0025 #include "zcrypt_msgtype6.h"
0026 #include "zcrypt_cex2c.h"
0027 #include "zcrypt_cca_key.h"
0028 #include "zcrypt_ccamisc.h"
0029
0030 #define CEX2C_MIN_MOD_SIZE   16 /*  128 bits    */
0031 #define CEX2C_MAX_MOD_SIZE  256 /* 2048 bits    */
0032 #define CEX3C_MIN_MOD_SIZE   16 /*  128 bits    */
0033 #define CEX3C_MAX_MOD_SIZE  512 /* 4096 bits    */
0034 #define CEX2C_MAX_XCRB_MESSAGE_SIZE (12 * 1024)
0035 #define CEX2C_CLEANUP_TIME  (15 * HZ)
0036
0037 MODULE_AUTHOR("IBM Corporation");
0038 MODULE_DESCRIPTION("CEX2C/CEX3C Cryptographic Coprocessor device driver, " \
0039            "Copyright IBM Corp. 2001, 2018");
0040 MODULE_LICENSE("GPL");
0041
0042 static struct ap_device_id zcrypt_cex2c_card_ids[] = {
0043     { .dev_type = AP_DEVICE_TYPE_CEX2C,
0044       .match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
0045     { .dev_type = AP_DEVICE_TYPE_CEX3C,
0046       .match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
0047     { /* end of list */ },
0048 };
0049
0050 MODULE_DEVICE_TABLE(ap, zcrypt_cex2c_card_ids);
0051
0052 static struct ap_device_id zcrypt_cex2c_queue_ids[] = {
0053     { .dev_type = AP_DEVICE_TYPE_CEX2C,
0054       .match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
0055     { .dev_type = AP_DEVICE_TYPE_CEX3C,
0056       .match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
0057     { /* end of list */ },
0058 };
0059
0060 MODULE_DEVICE_TABLE(ap, zcrypt_cex2c_queue_ids);
0061
0062 /*
0063  * CCA card additional device attributes
0064  */
0065 static ssize_t cca_serialnr_show(struct device *dev,
0066                  struct device_attribute *attr,
0067                  char *buf)
0068 {
0069     struct zcrypt_card *zc = dev_get_drvdata(dev);
0070     struct cca_info ci;
0071     struct ap_card *ac = to_ap_card(dev);
0072
0073     memset(&ci, 0, sizeof(ci));
0074
0075     if (ap_domain_index >= 0)
0076         cca_get_info(ac->id, ap_domain_index, &ci, zc->online);
0077
0078     return scnprintf(buf, PAGE_SIZE, "%s\n", ci.serial);
0079 }
0080
0081 static struct device_attribute dev_attr_cca_serialnr =
0082     __ATTR(serialnr, 0444, cca_serialnr_show, NULL);
0083
0084 static struct attribute *cca_card_attrs[] = {
0085     &dev_attr_cca_serialnr.attr,
0086     NULL,
0087 };
0088
0089 static const struct attribute_group cca_card_attr_grp = {
0090     .attrs = cca_card_attrs,
0091 };
0092
0093  /*
0094   * CCA queue additional device attributes
0095   */
0096 static ssize_t cca_mkvps_show(struct device *dev,
0097                   struct device_attribute *attr,
0098                   char *buf)
0099 {
0100     struct zcrypt_queue *zq = dev_get_drvdata(dev);
0101     int n = 0;
0102     struct cca_info ci;
0103     static const char * const cao_state[] = { "invalid", "valid" };
0104     static const char * const new_state[] = { "empty", "partial", "full" };
0105
0106     memset(&ci, 0, sizeof(ci));
0107
0108     cca_get_info(AP_QID_CARD(zq->queue->qid),
0109              AP_QID_QUEUE(zq->queue->qid),
0110              &ci, zq->online);
0111
0112     if (ci.new_aes_mk_state >= '1' && ci.new_aes_mk_state <= '3')
0113         n = scnprintf(buf, PAGE_SIZE, "AES NEW: %s 0x%016llx\n",
0114                   new_state[ci.new_aes_mk_state - '1'],
0115                   ci.new_aes_mkvp);
0116     else
0117         n = scnprintf(buf, PAGE_SIZE, "AES NEW: - -\n");
0118
0119     if (ci.cur_aes_mk_state >= '1' && ci.cur_aes_mk_state <= '2')
0120         n += scnprintf(buf + n, PAGE_SIZE - n,
0121                    "AES CUR: %s 0x%016llx\n",
0122                    cao_state[ci.cur_aes_mk_state - '1'],
0123                    ci.cur_aes_mkvp);
0124     else
0125         n += scnprintf(buf + n, PAGE_SIZE - n, "AES CUR: - -\n");
0126
0127     if (ci.old_aes_mk_state >= '1' && ci.old_aes_mk_state <= '2')
0128         n += scnprintf(buf + n, PAGE_SIZE - n,
0129                    "AES OLD: %s 0x%016llx\n",
0130                    cao_state[ci.old_aes_mk_state - '1'],
0131                    ci.old_aes_mkvp);
0132     else
0133         n += scnprintf(buf + n, PAGE_SIZE - n, "AES OLD: - -\n");
0134
0135     if (ci.new_apka_mk_state >= '1' && ci.new_apka_mk_state <= '3')
0136         n += scnprintf(buf + n, PAGE_SIZE - n,
0137                    "APKA NEW: %s 0x%016llx\n",
0138                    new_state[ci.new_apka_mk_state - '1'],
0139                    ci.new_apka_mkvp);
0140     else
0141         n += scnprintf(buf + n, PAGE_SIZE - n, "APKA NEW: - -\n");
0142
0143     if (ci.cur_apka_mk_state >= '1' && ci.cur_apka_mk_state <= '2')
0144         n += scnprintf(buf + n, PAGE_SIZE - n,
0145                    "APKA CUR: %s 0x%016llx\n",
0146                    cao_state[ci.cur_apka_mk_state - '1'],
0147                    ci.cur_apka_mkvp);
0148     else
0149         n += scnprintf(buf + n, PAGE_SIZE - n, "APKA CUR: - -\n");
0150
0151     if (ci.old_apka_mk_state >= '1' && ci.old_apka_mk_state <= '2')
0152         n += scnprintf(buf + n, PAGE_SIZE - n,
0153                    "APKA OLD: %s 0x%016llx\n",
0154                    cao_state[ci.old_apka_mk_state - '1'],
0155                    ci.old_apka_mkvp);
0156     else
0157         n += scnprintf(buf + n, PAGE_SIZE - n, "APKA OLD: - -\n");
0158
0159     return n;
0160 }
0161
0162 static struct device_attribute dev_attr_cca_mkvps =
0163     __ATTR(mkvps, 0444, cca_mkvps_show, NULL);
0164
0165 static struct attribute *cca_queue_attrs[] = {
0166     &dev_attr_cca_mkvps.attr,
0167     NULL,
0168 };
0169
0170 static const struct attribute_group cca_queue_attr_grp = {
0171     .attrs = cca_queue_attrs,
0172 };
0173
0174 /*
0175  * Large random number detection function. Its sends a message to a CEX2C/CEX3C
0176  * card to find out if large random numbers are supported.
0177  * @ap_dev: pointer to the AP device.
0178  *
0179  * Returns 1 if large random numbers are supported, 0 if not and < 0 on error.
0180  */
0181 static int zcrypt_cex2c_rng_supported(struct ap_queue *aq)
0182 {
0183     struct ap_message ap_msg;
0184     unsigned long long psmid;
0185     unsigned int domain;
0186     struct {
0187         struct type86_hdr hdr;
0188         struct type86_fmt2_ext fmt2;
0189         struct CPRBX cprbx;
0190     } __packed *reply;
0191     struct {
0192         struct type6_hdr hdr;
0193         struct CPRBX cprbx;
0194         char function_code[2];
0195         short int rule_length;
0196         char rule[8];
0197         short int verb_length;
0198         short int key_length;
0199     } __packed *msg;
0200     int rc, i;
0201
0202     ap_init_message(&ap_msg);
0203     ap_msg.msg = (void *)get_zeroed_page(GFP_KERNEL);
0204     if (!ap_msg.msg)
0205         return -ENOMEM;
0206
0207     rng_type6cprb_msgx(&ap_msg, 4, &domain);
0208
0209     msg = ap_msg.msg;
0210     msg->cprbx.domain = AP_QID_QUEUE(aq->qid);
0211
0212     rc = ap_send(aq->qid, 0x0102030405060708ULL, ap_msg.msg, ap_msg.len);
0213     if (rc)
0214         goto out_free;
0215
0216     /* Wait for the test message to complete. */
0217     for (i = 0; i < 2 * HZ; i++) {
0218         msleep(1000 / HZ);
0219         rc = ap_recv(aq->qid, &psmid, ap_msg.msg, 4096);
0220         if (rc == 0 && psmid == 0x0102030405060708ULL)
0221             break;
0222     }
0223
0224     if (i >= 2 * HZ) {
0225         /* Got no answer. */
0226         rc = -ENODEV;
0227         goto out_free;
0228     }
0229
0230     reply = ap_msg.msg;
0231     if (reply->cprbx.ccp_rtcode == 0 && reply->cprbx.ccp_rscode == 0)
0232         rc = 1;
0233     else
0234         rc = 0;
0235 out_free:
0236     free_page((unsigned long)ap_msg.msg);
0237     return rc;
0238 }
0239
0240 /*
0241  * Probe function for CEX2C/CEX3C card devices. It always accepts the
0242  * AP device since the bus_match already checked the hardware type.
0243  * @ap_dev: pointer to the AP card device.
0244  */
0245 static int zcrypt_cex2c_card_probe(struct ap_device *ap_dev)
0246 {
0247     /*
0248      * Normalized speed ratings per crypto adapter
0249      * MEX_1k, MEX_2k, MEX_4k, CRT_1k, CRT_2k, CRT_4k, RNG, SECKEY
0250      */
0251     static const int CEX2C_SPEED_IDX[] = {
0252         1000, 1400, 2400, 1100, 1500, 2600, 100, 12};
0253     static const int CEX3C_SPEED_IDX[] = {
0254         500,  700, 1400,  550,  800, 1500,  80, 10};
0255
0256     struct ap_card *ac = to_ap_card(&ap_dev->device);
0257     struct zcrypt_card *zc;
0258     int rc = 0;
0259
0260     zc = zcrypt_card_alloc();
0261     if (!zc)
0262         return -ENOMEM;
0263     zc->card = ac;
0264     dev_set_drvdata(&ap_dev->device, zc);
0265     switch (ac->ap_dev.device_type) {
0266     case AP_DEVICE_TYPE_CEX2C:
0267         zc->user_space_type = ZCRYPT_CEX2C;
0268         zc->type_string = "CEX2C";
0269         zc->speed_rating = CEX2C_SPEED_IDX;
0270         zc->min_mod_size = CEX2C_MIN_MOD_SIZE;
0271         zc->max_mod_size = CEX2C_MAX_MOD_SIZE;
0272         zc->max_exp_bit_length = CEX2C_MAX_MOD_SIZE;
0273         break;
0274     case AP_DEVICE_TYPE_CEX3C:
0275         zc->user_space_type = ZCRYPT_CEX3C;
0276         zc->type_string = "CEX3C";
0277         zc->speed_rating = CEX3C_SPEED_IDX;
0278         zc->min_mod_size = CEX3C_MIN_MOD_SIZE;
0279         zc->max_mod_size = CEX3C_MAX_MOD_SIZE;
0280         zc->max_exp_bit_length = CEX3C_MAX_MOD_SIZE;
0281         break;
0282     default:
0283         zcrypt_card_free(zc);
0284         return -ENODEV;
0285     }
0286     zc->online = 1;
0287
0288     rc = zcrypt_card_register(zc);
0289     if (rc) {
0290         zcrypt_card_free(zc);
0291         return rc;
0292     }
0293
0294     if (ap_test_bit(&ac->functions, AP_FUNC_COPRO)) {
0295         rc = sysfs_create_group(&ap_dev->device.kobj,
0296                     &cca_card_attr_grp);
0297         if (rc) {
0298             zcrypt_card_unregister(zc);
0299             zcrypt_card_free(zc);
0300         }
0301     }
0302
0303     return rc;
0304 }
0305
0306 /*
0307  * This is called to remove the CEX2C/CEX3C card driver information
0308  * if an AP card device is removed.
0309  */
0310 static void zcrypt_cex2c_card_remove(struct ap_device *ap_dev)
0311 {
0312     struct zcrypt_card *zc = dev_get_drvdata(&ap_dev->device);
0313     struct ap_card *ac = to_ap_card(&ap_dev->device);
0314
0315     if (ap_test_bit(&ac->functions, AP_FUNC_COPRO))
0316         sysfs_remove_group(&ap_dev->device.kobj, &cca_card_attr_grp);
0317
0318     zcrypt_card_unregister(zc);
0319 }
0320
0321 static struct ap_driver zcrypt_cex2c_card_driver = {
0322     .probe = zcrypt_cex2c_card_probe,
0323     .remove = zcrypt_cex2c_card_remove,
0324     .ids = zcrypt_cex2c_card_ids,
0325     .flags = AP_DRIVER_FLAG_DEFAULT,
0326 };
0327
0328 /*
0329  * Probe function for CEX2C/CEX3C queue devices. It always accepts the
0330  * AP device since the bus_match already checked the hardware type.
0331  * @ap_dev: pointer to the AP card device.
0332  */
0333 static int zcrypt_cex2c_queue_probe(struct ap_device *ap_dev)
0334 {
0335     struct ap_queue *aq = to_ap_queue(&ap_dev->device);
0336     struct zcrypt_queue *zq;
0337     int rc;
0338
0339     zq = zcrypt_queue_alloc(CEX2C_MAX_XCRB_MESSAGE_SIZE);
0340     if (!zq)
0341         return -ENOMEM;
0342     zq->queue = aq;
0343     zq->online = 1;
0344     atomic_set(&zq->load, 0);
0345     ap_rapq(aq->qid);
0346     rc = zcrypt_cex2c_rng_supported(aq);
0347     if (rc < 0) {
0348         zcrypt_queue_free(zq);
0349         return rc;
0350     }
0351     if (rc)
0352         zq->ops = zcrypt_msgtype(MSGTYPE06_NAME,
0353                      MSGTYPE06_VARIANT_DEFAULT);
0354     else
0355         zq->ops = zcrypt_msgtype(MSGTYPE06_NAME,
0356                      MSGTYPE06_VARIANT_NORNG);
0357     ap_queue_init_state(aq);
0358     ap_queue_init_reply(aq, &zq->reply);
0359     aq->request_timeout = CEX2C_CLEANUP_TIME;
0360     dev_set_drvdata(&ap_dev->device, zq);
0361     rc = zcrypt_queue_register(zq);
0362     if (rc) {
0363         zcrypt_queue_free(zq);
0364         return rc;
0365     }
0366
0367     if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO)) {
0368         rc = sysfs_create_group(&ap_dev->device.kobj,
0369                     &cca_queue_attr_grp);
0370         if (rc) {
0371             zcrypt_queue_unregister(zq);
0372             zcrypt_queue_free(zq);
0373         }
0374     }
0375
0376     return rc;
0377 }
0378
0379 /*
0380  * This is called to remove the CEX2C/CEX3C queue driver information
0381  * if an AP queue device is removed.
0382  */
0383 static void zcrypt_cex2c_queue_remove(struct ap_device *ap_dev)
0384 {
0385     struct zcrypt_queue *zq = dev_get_drvdata(&ap_dev->device);
0386     struct ap_queue *aq = to_ap_queue(&ap_dev->device);
0387
0388     if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO))
0389         sysfs_remove_group(&ap_dev->device.kobj, &cca_queue_attr_grp);
0390
0391     zcrypt_queue_unregister(zq);
0392 }
0393
0394 static struct ap_driver zcrypt_cex2c_queue_driver = {
0395     .probe = zcrypt_cex2c_queue_probe,
0396     .remove = zcrypt_cex2c_queue_remove,
0397     .ids = zcrypt_cex2c_queue_ids,
0398     .flags = AP_DRIVER_FLAG_DEFAULT,
0399 };
0400
0401 int __init zcrypt_cex2c_init(void)
0402 {
0403     int rc;
0404
0405     rc = ap_driver_register(&zcrypt_cex2c_card_driver,
0406                 THIS_MODULE, "cex2card");
0407     if (rc)
0408         return rc;
0409
0410     rc = ap_driver_register(&zcrypt_cex2c_queue_driver,
0411                 THIS_MODULE, "cex2cqueue");
0412     if (rc)
0413         ap_driver_unregister(&zcrypt_cex2c_card_driver);
0414
0415     return rc;
0416 }
0417
0418 void zcrypt_cex2c_exit(void)
0419 {
0420     ap_driver_unregister(&zcrypt_cex2c_queue_driver);
0421     ap_driver_unregister(&zcrypt_cex2c_card_driver);
0422 }
0423
0424 module_init(zcrypt_cex2c_init);
0425 module_exit(zcrypt_cex2c_exit);