aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/s390/crypto/zcrypt_cex2a.c78
-rw-r--r--drivers/s390/crypto/zcrypt_cex2a.h25
2 files changed, 87 insertions, 16 deletions
diff --git a/drivers/s390/crypto/zcrypt_cex2a.c b/drivers/s390/crypto/zcrypt_cex2a.c
index 9c409efa1ec..def0901767d 100644
--- a/drivers/s390/crypto/zcrypt_cex2a.c
+++ b/drivers/s390/crypto/zcrypt_cex2a.c
@@ -41,7 +41,7 @@
41#define CEX2A_MIN_MOD_SIZE 1 /* 8 bits */ 41#define CEX2A_MIN_MOD_SIZE 1 /* 8 bits */
42#define CEX2A_MAX_MOD_SIZE 256 /* 2048 bits */ 42#define CEX2A_MAX_MOD_SIZE 256 /* 2048 bits */
43#define CEX3A_MIN_MOD_SIZE CEX2A_MIN_MOD_SIZE 43#define CEX3A_MIN_MOD_SIZE CEX2A_MIN_MOD_SIZE
44#define CEX3A_MAX_MOD_SIZE CEX2A_MAX_MOD_SIZE 44#define CEX3A_MAX_MOD_SIZE 512 /* 4096 bits */
45 45
46#define CEX2A_SPEED_RATING 970 46#define CEX2A_SPEED_RATING 970
47#define CEX3A_SPEED_RATING 900 /* Fixme: Needs finetuning */ 47#define CEX3A_SPEED_RATING 900 /* Fixme: Needs finetuning */
@@ -49,8 +49,10 @@
49#define CEX2A_MAX_MESSAGE_SIZE 0x390 /* sizeof(struct type50_crb2_msg) */ 49#define CEX2A_MAX_MESSAGE_SIZE 0x390 /* sizeof(struct type50_crb2_msg) */
50#define CEX2A_MAX_RESPONSE_SIZE 0x110 /* max outputdatalength + type80_hdr */ 50#define CEX2A_MAX_RESPONSE_SIZE 0x110 /* max outputdatalength + type80_hdr */
51 51
52#define CEX3A_MAX_MESSAGE_SIZE CEX2A_MAX_MESSAGE_SIZE 52#define CEX3A_MAX_RESPONSE_SIZE 0x210 /* 512 bit modulus
53#define CEX3A_MAX_RESPONSE_SIZE CEX2A_MAX_RESPONSE_SIZE 53 * (max outputdatalength) +
54 * type80_hdr*/
55#define CEX3A_MAX_MESSAGE_SIZE sizeof(struct type50_crb3_msg)
54 56
55#define CEX2A_CLEANUP_TIME (15*HZ) 57#define CEX2A_CLEANUP_TIME (15*HZ)
56#define CEX3A_CLEANUP_TIME CEX2A_CLEANUP_TIME 58#define CEX3A_CLEANUP_TIME CEX2A_CLEANUP_TIME
@@ -110,7 +112,7 @@ static int ICAMEX_msg_to_type50MEX_msg(struct zcrypt_device *zdev,
110 mod = meb1->modulus + sizeof(meb1->modulus) - mod_len; 112 mod = meb1->modulus + sizeof(meb1->modulus) - mod_len;
111 exp = meb1->exponent + sizeof(meb1->exponent) - mod_len; 113 exp = meb1->exponent + sizeof(meb1->exponent) - mod_len;
112 inp = meb1->message + sizeof(meb1->message) - mod_len; 114 inp = meb1->message + sizeof(meb1->message) - mod_len;
113 } else { 115 } else if (mod_len <= 256) {
114 struct type50_meb2_msg *meb2 = ap_msg->message; 116 struct type50_meb2_msg *meb2 = ap_msg->message;
115 memset(meb2, 0, sizeof(*meb2)); 117 memset(meb2, 0, sizeof(*meb2));
116 ap_msg->length = sizeof(*meb2); 118 ap_msg->length = sizeof(*meb2);
@@ -120,6 +122,17 @@ static int ICAMEX_msg_to_type50MEX_msg(struct zcrypt_device *zdev,
120 mod = meb2->modulus + sizeof(meb2->modulus) - mod_len; 122 mod = meb2->modulus + sizeof(meb2->modulus) - mod_len;
121 exp = meb2->exponent + sizeof(meb2->exponent) - mod_len; 123 exp = meb2->exponent + sizeof(meb2->exponent) - mod_len;
122 inp = meb2->message + sizeof(meb2->message) - mod_len; 124 inp = meb2->message + sizeof(meb2->message) - mod_len;
125 } else {
126 /* mod_len > 256 = 4096 bit RSA Key */
127 struct type50_meb3_msg *meb3 = ap_msg->message;
128 memset(meb3, 0, sizeof(*meb3));
129 ap_msg->length = sizeof(*meb3);
130 meb3->header.msg_type_code = TYPE50_TYPE_CODE;
131 meb3->header.msg_len = sizeof(*meb3);
132 meb3->keyblock_type = TYPE50_MEB3_FMT;
133 mod = meb3->modulus + sizeof(meb3->modulus) - mod_len;
134 exp = meb3->exponent + sizeof(meb3->exponent) - mod_len;
135 inp = meb3->message + sizeof(meb3->message) - mod_len;
123 } 136 }
124 137
125 if (copy_from_user(mod, mex->n_modulus, mod_len) || 138 if (copy_from_user(mod, mex->n_modulus, mod_len) ||
@@ -142,7 +155,7 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
142 struct ap_message *ap_msg, 155 struct ap_message *ap_msg,
143 struct ica_rsa_modexpo_crt *crt) 156 struct ica_rsa_modexpo_crt *crt)
144{ 157{
145 int mod_len, short_len, long_len, long_offset; 158 int mod_len, short_len, long_len, long_offset, limit;
146 unsigned char *p, *q, *dp, *dq, *u, *inp; 159 unsigned char *p, *q, *dp, *dq, *u, *inp;
147 160
148 mod_len = crt->inputdatalength; 161 mod_len = crt->inputdatalength;
@@ -152,14 +165,20 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
152 /* 165 /*
153 * CEX2A cannot handle p, dp, or U > 128 bytes. 166 * CEX2A cannot handle p, dp, or U > 128 bytes.
154 * If we have one of these, we need to do extra checking. 167 * If we have one of these, we need to do extra checking.
168 * For CEX3A the limit is 256 bytes.
155 */ 169 */
156 if (long_len > 128) { 170 if (zdev->max_mod_size == CEX3A_MAX_MOD_SIZE)
171 limit = 256;
172 else
173 limit = 128;
174
175 if (long_len > limit) {
157 /* 176 /*
158 * zcrypt_rsa_crt already checked for the leading 177 * zcrypt_rsa_crt already checked for the leading
159 * zeroes of np_prime, bp_key and u_mult_inc. 178 * zeroes of np_prime, bp_key and u_mult_inc.
160 */ 179 */
161 long_offset = long_len - 128; 180 long_offset = long_len - limit;
162 long_len = 128; 181 long_len = limit;
163 } else 182 } else
164 long_offset = 0; 183 long_offset = 0;
165 184
@@ -180,7 +199,7 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
180 dq = crb1->dq + sizeof(crb1->dq) - short_len; 199 dq = crb1->dq + sizeof(crb1->dq) - short_len;
181 u = crb1->u + sizeof(crb1->u) - long_len; 200 u = crb1->u + sizeof(crb1->u) - long_len;
182 inp = crb1->message + sizeof(crb1->message) - mod_len; 201 inp = crb1->message + sizeof(crb1->message) - mod_len;
183 } else { 202 } else if (long_len <= 128) {
184 struct type50_crb2_msg *crb2 = ap_msg->message; 203 struct type50_crb2_msg *crb2 = ap_msg->message;
185 memset(crb2, 0, sizeof(*crb2)); 204 memset(crb2, 0, sizeof(*crb2));
186 ap_msg->length = sizeof(*crb2); 205 ap_msg->length = sizeof(*crb2);
@@ -193,6 +212,20 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
193 dq = crb2->dq + sizeof(crb2->dq) - short_len; 212 dq = crb2->dq + sizeof(crb2->dq) - short_len;
194 u = crb2->u + sizeof(crb2->u) - long_len; 213 u = crb2->u + sizeof(crb2->u) - long_len;
195 inp = crb2->message + sizeof(crb2->message) - mod_len; 214 inp = crb2->message + sizeof(crb2->message) - mod_len;
215 } else {
216 /* long_len >= 256 */
217 struct type50_crb3_msg *crb3 = ap_msg->message;
218 memset(crb3, 0, sizeof(*crb3));
219 ap_msg->length = sizeof(*crb3);
220 crb3->header.msg_type_code = TYPE50_TYPE_CODE;
221 crb3->header.msg_len = sizeof(*crb3);
222 crb3->keyblock_type = TYPE50_CRB3_FMT;
223 p = crb3->p + sizeof(crb3->p) - long_len;
224 q = crb3->q + sizeof(crb3->q) - short_len;
225 dp = crb3->dp + sizeof(crb3->dp) - long_len;
226 dq = crb3->dq + sizeof(crb3->dq) - short_len;
227 u = crb3->u + sizeof(crb3->u) - long_len;
228 inp = crb3->message + sizeof(crb3->message) - mod_len;
196 } 229 }
197 230
198 if (copy_from_user(p, crt->np_prime + long_offset, long_len) || 231 if (copy_from_user(p, crt->np_prime + long_offset, long_len) ||
@@ -203,7 +236,6 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_device *zdev,
203 copy_from_user(inp, crt->inputdata, mod_len)) 236 copy_from_user(inp, crt->inputdata, mod_len))
204 return -EFAULT; 237 return -EFAULT;
205 238
206
207 return 0; 239 return 0;
208} 240}
209 241
@@ -230,7 +262,10 @@ static int convert_type80(struct zcrypt_device *zdev,
230 zdev->online = 0; 262 zdev->online = 0;
231 return -EAGAIN; /* repeat the request on a different device. */ 263 return -EAGAIN; /* repeat the request on a different device. */
232 } 264 }
233 BUG_ON(t80h->len > CEX2A_MAX_RESPONSE_SIZE); 265 if (zdev->user_space_type == ZCRYPT_CEX2A)
266 BUG_ON(t80h->len > CEX2A_MAX_RESPONSE_SIZE);
267 else
268 BUG_ON(t80h->len > CEX3A_MAX_RESPONSE_SIZE);
234 data = reply->message + t80h->len - outputdatalength; 269 data = reply->message + t80h->len - outputdatalength;
235 if (copy_to_user(outputdata, data, outputdatalength)) 270 if (copy_to_user(outputdata, data, outputdatalength))
236 return -EFAULT; 271 return -EFAULT;
@@ -282,7 +317,10 @@ static void zcrypt_cex2a_receive(struct ap_device *ap_dev,
282 } 317 }
283 t80h = reply->message; 318 t80h = reply->message;
284 if (t80h->type == TYPE80_RSP_CODE) { 319 if (t80h->type == TYPE80_RSP_CODE) {
285 length = min(CEX2A_MAX_RESPONSE_SIZE, (int) t80h->len); 320 if (ap_dev->device_type == AP_DEVICE_TYPE_CEX2A)
321 length = min(CEX2A_MAX_RESPONSE_SIZE, (int) t80h->len);
322 else
323 length = min(CEX3A_MAX_RESPONSE_SIZE, (int) t80h->len);
286 memcpy(msg->message, reply->message, length); 324 memcpy(msg->message, reply->message, length);
287 } else 325 } else
288 memcpy(msg->message, reply->message, sizeof error_reply); 326 memcpy(msg->message, reply->message, sizeof error_reply);
@@ -307,7 +345,10 @@ static long zcrypt_cex2a_modexpo(struct zcrypt_device *zdev,
307 int rc; 345 int rc;
308 346
309 ap_init_message(&ap_msg); 347 ap_init_message(&ap_msg);
310 ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL); 348 if (zdev->user_space_type == ZCRYPT_CEX2A)
349 ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL);
350 else
351 ap_msg.message = kmalloc(CEX3A_MAX_MESSAGE_SIZE, GFP_KERNEL);
311 if (!ap_msg.message) 352 if (!ap_msg.message)
312 return -ENOMEM; 353 return -ENOMEM;
313 ap_msg.psmid = (((unsigned long long) current->pid) << 32) + 354 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
@@ -345,7 +386,10 @@ static long zcrypt_cex2a_modexpo_crt(struct zcrypt_device *zdev,
345 int rc; 386 int rc;
346 387
347 ap_init_message(&ap_msg); 388 ap_init_message(&ap_msg);
348 ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL); 389 if (zdev->user_space_type == ZCRYPT_CEX2A)
390 ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL);
391 else
392 ap_msg.message = kmalloc(CEX3A_MAX_MESSAGE_SIZE, GFP_KERNEL);
349 if (!ap_msg.message) 393 if (!ap_msg.message)
350 return -ENOMEM; 394 return -ENOMEM;
351 ap_msg.psmid = (((unsigned long long) current->pid) << 32) + 395 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
@@ -404,8 +448,10 @@ static int zcrypt_cex2a_probe(struct ap_device *ap_dev)
404 return -ENOMEM; 448 return -ENOMEM;
405 zdev->user_space_type = ZCRYPT_CEX3A; 449 zdev->user_space_type = ZCRYPT_CEX3A;
406 zdev->type_string = "CEX3A"; 450 zdev->type_string = "CEX3A";
407 zdev->min_mod_size = CEX3A_MIN_MOD_SIZE; 451 zdev->min_mod_size = CEX2A_MIN_MOD_SIZE;
408 zdev->max_mod_size = CEX3A_MAX_MOD_SIZE; 452 zdev->max_mod_size = CEX2A_MAX_MOD_SIZE;
453 if (ap_4096_commands_available(ap_dev->qid))
454 zdev->max_mod_size = CEX3A_MAX_MOD_SIZE;
409 zdev->short_crt = 1; 455 zdev->short_crt = 1;
410 zdev->speed_rating = CEX3A_SPEED_RATING; 456 zdev->speed_rating = CEX3A_SPEED_RATING;
411 break; 457 break;
diff --git a/drivers/s390/crypto/zcrypt_cex2a.h b/drivers/s390/crypto/zcrypt_cex2a.h
index 8f69d1dacab..0350665810c 100644
--- a/drivers/s390/crypto/zcrypt_cex2a.h
+++ b/drivers/s390/crypto/zcrypt_cex2a.h
@@ -51,8 +51,10 @@ struct type50_hdr {
51 51
52#define TYPE50_MEB1_FMT 0x0001 52#define TYPE50_MEB1_FMT 0x0001
53#define TYPE50_MEB2_FMT 0x0002 53#define TYPE50_MEB2_FMT 0x0002
54#define TYPE50_MEB3_FMT 0x0003
54#define TYPE50_CRB1_FMT 0x0011 55#define TYPE50_CRB1_FMT 0x0011
55#define TYPE50_CRB2_FMT 0x0012 56#define TYPE50_CRB2_FMT 0x0012
57#define TYPE50_CRB3_FMT 0x0013
56 58
57/* Mod-Exp, with a small modulus */ 59/* Mod-Exp, with a small modulus */
58struct type50_meb1_msg { 60struct type50_meb1_msg {
@@ -74,6 +76,16 @@ struct type50_meb2_msg {
74 unsigned char message[256]; 76 unsigned char message[256];
75} __attribute__((packed)); 77} __attribute__((packed));
76 78
79/* Mod-Exp, with a larger modulus */
80struct type50_meb3_msg {
81 struct type50_hdr header;
82 unsigned short keyblock_type; /* 0x0003 */
83 unsigned char reserved[6];
84 unsigned char exponent[512];
85 unsigned char modulus[512];
86 unsigned char message[512];
87} __attribute__((packed));
88
77/* CRT, with a small modulus */ 89/* CRT, with a small modulus */
78struct type50_crb1_msg { 90struct type50_crb1_msg {
79 struct type50_hdr header; 91 struct type50_hdr header;
@@ -100,6 +112,19 @@ struct type50_crb2_msg {
100 unsigned char message[256]; 112 unsigned char message[256];
101} __attribute__((packed)); 113} __attribute__((packed));
102 114
115/* CRT, with a larger modulus */
116struct type50_crb3_msg {
117 struct type50_hdr header;
118 unsigned short keyblock_type; /* 0x0013 */
119 unsigned char reserved[6];
120 unsigned char p[256];
121 unsigned char q[256];
122 unsigned char dp[256];
123 unsigned char dq[256];
124 unsigned char u[256];
125 unsigned char message[512];
126} __attribute__((packed));
127
103/** 128/**
104 * The type 80 response family is associated with a CEX2A card. 129 * The type 80 response family is associated with a CEX2A card.
105 * 130 *