aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorFelix Beck <felix.beck@de.ibm.com>2011-01-05 06:47:45 -0500
committerMartin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com>2011-01-05 06:47:27 -0500
commit3e309a66f52e042881f76cbfb9b6c2aa70163e02 (patch)
tree50633ef9552e511be7ff113d6b2bc77f3f67d549 /drivers
parentb1f933da570576d1f290ea4dc9b896404cbd285d (diff)
[S390] zcrypt: support for 4096 bit keys for cex3a
Definitions for CEX3 card types are changed to support 4096 bit RSA keys. Also new structs for the accelerator mode are needed. Additionaly when checking the length of key parts, the case for bigger (4096 bit) keys is needed. Signed-off-by: Felix Beck <felix.beck@de.ibm.com> Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/s390/crypto/zcrypt_cex2a.c78
-rw-r--r--drivers/s390/crypto/zcrypt_cex2a.h25
2 files changed, 87 insertions, 16 deletions
diff --git a/drivers/s390/crypto/zcrypt_cex2a.c b/drivers/s390/crypto/zcrypt_cex2a.c
index 9c409efa1ec..def0901767d 100644
--- a/drivers/s390/crypto/zcrypt_cex2a.c
+++ b/drivers/s390/crypto/zcrypt_cex2a.c
@@ -41,7 +41,7 @@
41#define CEX2A_MIN_MOD_SIZE 1 /* 8 bits */ 41#define CEX2A_MIN_MOD_SIZE 1 /* 8 bits */
42#define CEX2A_MAX_MOD_SIZE 256 /* 2048 bits */ 42#define CEX2A_MAX_MOD_SIZE 256 /* 2048 bits */
43#define CEX3A_MIN_MOD_SIZE CEX2A_MIN_MOD_SIZE 43#define CEX3A_MIN_MOD_SIZE CEX2A_MIN_MOD_SIZE
44#define CEX3A_MAX_MOD_SIZE CEX2A_MAX_MOD_SIZE 44#define CEX3A_MAX_MOD_SIZE 512 /* 4096 bits */
45 45
46#define CEX2A_SPEED_RATING 970 46#define CEX2A_SPEED_RATING 970
47#define CEX3A_SPEED_RATING 900 /* Fixme: Needs finetuning */ 47#define CEX3A_SPEED_RATING 900 /* Fixme: Needs finetuning */
@@ -49,8 +49,10 @@
49#define CEX2A_MAX_MESSAGE_SIZE 0x390 /* sizeof(struct type50_crb2_msg) */ 49#define CEX2A_MAX_MESSAGE_SIZE 0x390 /* sizeof(struct type50_crb2_msg) */
50#define CEX2A_MAX_RESPONSE_SIZE 0x110 /* max outputdatalength + type80_hdr */ 50#define CEX2A_MAX_RESPONSE_SIZE 0x110 /* max outputdatalength + type80_hdr */
51 51
52#define CEX3A_MAX_MESSAGE_SIZE CEX2A_MAX_MESSAGE_SIZE 52#define CEX3A_MAX_RESPONSE_SIZE 0x210 /* 512 bit modulus
53#define CEX3A_MAX_RESPONSE_SIZE CEX2A_MAX_RESPONSE_SIZE 53 * (max outputdatalength) +
54 * type80_hdr*/
55#define CEX3A_MAX_MESSAGE_SIZE sizeof(struct type50_crb3_msg)
54 56
55#define CEX2A_CLEANUP_TIME (15*HZ) 57#define CEX2A_CLEANUP_TIME (15*HZ)
56#define CEX3A_CLEANUP_TIME CEX2A_CLEANUP_TIME 58#define CEX3A_CLEANUP_TIME CEX2A_CLEANUP_TIME
@@ -110,7 +112,7 @@ static int ICAMEX_msg_to_type50MEX_msg(struct zcrypt_device *zdev,
110 mod = meb1->modulus + sizeof(meb1->modulus) - mod_len; 112 mod = meb1->modulus + sizeof(meb1->modulus) - mod_len;
111 exp = meb1->exponent + sizeof(meb1->exponent) - mod_len; 113 exp = meb1->exponent + sizeof(meb1->exponent) - mod_len;
112 inp = meb1->message + sizeof(meb1->message) - mod_len; 114 inp = meb1->message + sizeof(meb1->message) - mod_len;
113 } else { 115 } else if (mod_len <= 256) {
114 struct type50_meb2_msg *meb2 = ap_msg->message; 116 struct type50_meb2_msg *meb2 = ap_msg->message;
115 memset(meb2, 0, sizeof(*meb2)); 117 memset(meb2, 0, sizeof(*meb2));
116 ap_msg->length = sizeof(*meb2); 118 ap_msg->length = sizeof(*meb2);
@@ -120,6 +122,17 @@ static int ICAMEX_msg_to_type50MEX_msg(struct zcrypt_device *zdev,
120 mod = meb2->modulus + sizeof(meb2->modulus) - mod_len; 122 mod = meb2->modulus + sizeof(meb2->modulus) - mod_len;
121 exp = meb2->exponent + sizeof(meb2->exponent) - mod_len; 123 exp = meb2->exponent + sizeof(meb2->exponent) - mod_len;
122 inp = meb2->message + sizeof(meb2->message) - mod_len; 124 inp = meb2->message + sizeof(meb2->message) - mod_len;
125 } else {
126 /* mod_len > 256 = 4096 bit RSA Key */
127 struct type50_meb3_msg *meb3 = ap_msg->message;
128 memset(meb3, 0, sizeof(*meb3));
129 ap_msg->length = sizeof(*meb3);
130 meb3->header.msg_type_code = TYPE50_TYPE_CODE;
131 meb3->header.msg_len = sizeof(*meb3);
132 meb3->keyblock_type = TYPE50_MEB3_FMT;
133 mod = meb3->modulus + sizeof(meb3->modulus) - mod_len;
134 exp = meb3->exponent + sizeof(meb3->exponent) - mod_len;
135 inp = meb3->message + sizeof(meb3->message) - mod_len;
123 } 136 }
124 137
125 if (copy_from_user(mod, mex->n_modulus, mod_len) || 138 if (copy_from_user(mod, mex->n_modulus, mod_len) ||
@@ -142,7 +155,7 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
142 struct ap_message *ap_msg, 155 struct ap_message *ap_msg,
143 struct ica_rsa_modexpo_crt *crt) 156 struct ica_rsa_modexpo_crt *crt)
144{ 157{
145 int mod_len, short_len, long_len, long_offset; 158 int mod_len, short_len, long_len, long_offset, limit;
146 unsigned char *p, *q, *dp, *dq, *u, *inp; 159 unsigned char *p, *q, *dp, *dq, *u, *inp;
147 160
148 mod_len = crt->inputdatalength; 161 mod_len = crt->inputdatalength;
@@ -152,14 +165,20 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
152 /* 165 /*
153 * CEX2A cannot handle p, dp, or U > 128 bytes. 166 * CEX2A cannot handle p, dp, or U > 128 bytes.
154 * If we have one of these, we need to do extra checking. 167 * If we have one of these, we need to do extra checking.
168 * For CEX3A the limit is 256 bytes.
155 */ 169 */
156 if (long_len > 128) { 170 if (zdev->max_mod_size == CEX3A_MAX_MOD_SIZE)
171 limit = 256;
172 else
173 limit = 128;
174
175 if (long_len > limit) {
157 /* 176 /*
158 * zcrypt_rsa_crt already checked for the leading 177 * zcrypt_rsa_crt already checked for the leading
159 * zeroes of np_prime, bp_key and u_mult_inc. 178 * zeroes of np_prime, bp_key and u_mult_inc.
160 */ 179 */
161 long_offset = long_len - 128; 180 long_offset = long_len - limit;
162 long_len = 128; 181 long_len = limit;
163 } else 182 } else
164 long_offset = 0; 183 long_offset = 0;
165 184
@@ -180,7 +199,7 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
180 dq = crb1->dq + sizeof(crb1->dq) - short_len; 199 dq = crb1->dq + sizeof(crb1->dq) - short_len;
181 u = crb1->u + sizeof(crb1->u) - long_len; 200 u = crb1->u + sizeof(crb1->u) - long_len;
182 inp = crb1->message + sizeof(crb1->message) - mod_len; 201 inp = crb1->message + sizeof(crb1->message) - mod_len;
183 } else { 202 } else if (long_len <= 128) {
184 struct type50_crb2_msg *crb2 = ap_msg->message; 203 struct type50_crb2_msg *crb2 = ap_msg->message;
185 memset(crb2, 0, sizeof(*crb2)); 204 memset(crb2, 0, sizeof(*crb2));
186 ap_msg->length = sizeof(*crb2); 205 ap_msg->length = sizeof(*crb2);
@@ -193,6 +212,20 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
193 dq = crb2->dq + sizeof(crb2->dq) - short_len; 212 dq = crb2->dq + sizeof(crb2->dq) - short_len;
194 u = crb2->u + sizeof(crb2->u) - long_len; 213 u = crb2->u + sizeof(crb2->u) - long_len;
195 inp = crb2->message + sizeof(crb2->message) - mod_len; 214 inp = crb2->message + sizeof(crb2->message) - mod_len;
215 } else {
216 /* long_len >= 256 */
217 struct type50_crb3_msg *crb3 = ap_msg->message;
218 memset(crb3, 0, sizeof(*crb3));
219 ap_msg->length = sizeof(*crb3);
220 crb3->header.msg_type_code = TYPE50_TYPE_CODE;
221 crb3->header.msg_len = sizeof(*crb3);
222 crb3->keyblock_type = TYPE50_CRB3_FMT;
223 p = crb3->p + sizeof(crb3->p) - long_len;
224 q = crb3->q + sizeof(crb3->q) - short_len;
225 dp = crb3->dp + sizeof(crb3->dp) - long_len;
226 dq = crb3->dq + sizeof(crb3->dq) - short_len;
227 u = crb3->u + sizeof(crb3->u) - long_len;
228 inp = crb3->message + sizeof(crb3->message) - mod_len;
196 } 229 }
197 230
198 if (copy_from_user(p, crt->np_prime + long_offset, long_len) || 231 if (copy_from_user(p, crt->np_prime + long_offset, long_len) ||
@@ -203,7 +236,6 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
203 copy_from_user(inp, crt->inputdata, mod_len)) 236 copy_from_user(inp, crt->inputdata, mod_len))
204 return -EFAULT; 237 return -EFAULT;
205 238
206
207 return 0; 239 return 0;
208} 240}
209 241
@@ -230,7 +262,10 @@ static int convert_type80(struct zcrypt_device *zdev,
230 zdev->online = 0; 262 zdev->online = 0;
231 return -EAGAIN; /* repeat the request on a different device. */ 263 return -EAGAIN; /* repeat the request on a different device. */
232 } 264 }
233 BUG_ON(t80h->len > CEX2A_MAX_RESPONSE_SIZE); 265 if (zdev->user_space_type == ZCRYPT_CEX2A)
266 BUG_ON(t80h->len > CEX2A_MAX_RESPONSE_SIZE);
267 else
268 BUG_ON(t80h->len > CEX3A_MAX_RESPONSE_SIZE);
234 data = reply->message + t80h->len - outputdatalength; 269 data = reply->message + t80h->len - outputdatalength;
235 if (copy_to_user(outputdata, data, outputdatalength)) 270 if (copy_to_user(outputdata, data, outputdatalength))
236 return -EFAULT; 271 return -EFAULT;
@@ -282,7 +317,10 @@ static void zcrypt_cex2a_receive(struct ap_device *ap_dev,
282 } 317 }
283 t80h = reply->message; 318 t80h = reply->message;
284 if (t80h->type == TYPE80_RSP_CODE) { 319 if (t80h->type == TYPE80_RSP_CODE) {
285 length = min(CEX2A_MAX_RESPONSE_SIZE, (int) t80h->len); 320 if (ap_dev->device_type == AP_DEVICE_TYPE_CEX2A)
321 length = min(CEX2A_MAX_RESPONSE_SIZE, (int) t80h->len);
322 else
323 length = min(CEX3A_MAX_RESPONSE_SIZE, (int) t80h->len);
286 memcpy(msg->message, reply->message, length); 324 memcpy(msg->message, reply->message, length);
287 } else 325 } else
288 memcpy(msg->message, reply->message, sizeof error_reply); 326 memcpy(msg->message, reply->message, sizeof error_reply);
@@ -307,7 +345,10 @@ static long zcrypt_cex2a_modexpo(struct zcrypt_device *zdev,
307 int rc; 345 int rc;
308 346
309 ap_init_message(&ap_msg); 347 ap_init_message(&ap_msg);
310 ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL); 348 if (zdev->user_space_type == ZCRYPT_CEX2A)
349 ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL);
350 else
351 ap_msg.message = kmalloc(CEX3A_MAX_MESSAGE_SIZE, GFP_KERNEL);
311 if (!ap_msg.message) 352 if (!ap_msg.message)
312 return -ENOMEM; 353 return -ENOMEM;
313 ap_msg.psmid = (((unsigned long long) current->pid) << 32) + 354 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
@@ -345,7 +386,10 @@ static long zcrypt_cex2a_modexpo_crt(struct zcrypt_device *zdev,
345 int rc; 386 int rc;
346 387
347 ap_init_message(&ap_msg); 388 ap_init_message(&ap_msg);
348 ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL); 389 if (zdev->user_space_type == ZCRYPT_CEX2A)
390 ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL);
391 else
392 ap_msg.message = kmalloc(CEX3A_MAX_MESSAGE_SIZE, GFP_KERNEL);
349 if (!ap_msg.message) 393 if (!ap_msg.message)
350 return -ENOMEM; 394 return -ENOMEM;
351 ap_msg.psmid = (((unsigned long long) current->pid) << 32) + 395 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
@@ -404,8 +448,10 @@ static int zcrypt_cex2a_probe(struct ap_device *ap_dev)
404 return -ENOMEM; 448 return -ENOMEM;
405 zdev->user_space_type = ZCRYPT_CEX3A; 449 zdev->user_space_type = ZCRYPT_CEX3A;
406 zdev->type_string = "CEX3A"; 450 zdev->type_string = "CEX3A";
407 zdev->min_mod_size = CEX3A_MIN_MOD_SIZE; 451 zdev->min_mod_size = CEX2A_MIN_MOD_SIZE;
408 zdev->max_mod_size = CEX3A_MAX_MOD_SIZE; 452 zdev->max_mod_size = CEX2A_MAX_MOD_SIZE;
453 if (ap_4096_commands_available(ap_dev->qid))
454 zdev->max_mod_size = CEX3A_MAX_MOD_SIZE;
409 zdev->short_crt = 1; 455 zdev->short_crt = 1;
410 zdev->speed_rating = CEX3A_SPEED_RATING; 456 zdev->speed_rating = CEX3A_SPEED_RATING;
411 break; 457 break;
diff --git a/drivers/s390/crypto/zcrypt_cex2a.h b/drivers/s390/crypto/zcrypt_cex2a.h
index 8f69d1dacab..0350665810c 100644
--- a/drivers/s390/crypto/zcrypt_cex2a.h
+++ b/drivers/s390/crypto/zcrypt_cex2a.h
@@ -51,8 +51,10 @@ struct type50_hdr {
51 51
52#define TYPE50_MEB1_FMT 0x0001 52#define TYPE50_MEB1_FMT 0x0001
53#define TYPE50_MEB2_FMT 0x0002 53#define TYPE50_MEB2_FMT 0x0002
54#define TYPE50_MEB3_FMT 0x0003
54#define TYPE50_CRB1_FMT 0x0011 55#define TYPE50_CRB1_FMT 0x0011
55#define TYPE50_CRB2_FMT 0x0012 56#define TYPE50_CRB2_FMT 0x0012
57#define TYPE50_CRB3_FMT 0x0013
56 58
57/* Mod-Exp, with a small modulus */ 59/* Mod-Exp, with a small modulus */
58struct type50_meb1_msg { 60struct type50_meb1_msg {
@@ -74,6 +76,16 @@ struct type50_meb2_msg {
74 unsigned char message[256]; 76 unsigned char message[256];
75} __attribute__((packed)); 77} __attribute__((packed));
76 78
79/* Mod-Exp, with a larger modulus */
80struct type50_meb3_msg {
81 struct type50_hdr header;
82 unsigned short keyblock_type; /* 0x0003 */
83 unsigned char reserved[6];
84 unsigned char exponent[512];
85 unsigned char modulus[512];
86 unsigned char message[512];
87} __attribute__((packed));
88
77/* CRT, with a small modulus */ 89/* CRT, with a small modulus */
78struct type50_crb1_msg { 90struct type50_crb1_msg {
79 struct type50_hdr header; 91 struct type50_hdr header;
@@ -100,6 +112,19 @@ struct type50_crb2_msg {
100 unsigned char message[256]; 112 unsigned char message[256];
101} __attribute__((packed)); 113} __attribute__((packed));
102 114
115/* CRT, with a larger modulus */
116struct type50_crb3_msg {
117 struct type50_hdr header;
118 unsigned short keyblock_type; /* 0x0013 */
119 unsigned char reserved[6];
120 unsigned char p[256];
121 unsigned char q[256];
122 unsigned char dp[256];
123 unsigned char dq[256];
124 unsigned char u[256];
125 unsigned char message[512];
126} __attribute__((packed));
127
103/** 128/**
104 * The type 80 response family is associated with a CEX2A card. 129 * The type 80 response family is associated with a CEX2A card.
105 * 130 *