1 /* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
2 /*
3 * include/asm-s390/zcrypt.h
4 *
5 * zcrypt 2.2.1 (user-visible header)
6 *
7 * Copyright IBM Corp. 2001, 2022
8 * Author(s): Robert Burroughs
9 * Eric Rossman (edrossma@us.ibm.com)
10 *
11 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
12 */
13
14 #ifndef __ASM_S390_ZCRYPT_H
15 #define __ASM_S390_ZCRYPT_H
16
17 #define ZCRYPT_VERSION 2
18 #define ZCRYPT_RELEASE 2
19 #define ZCRYPT_VARIANT 1
20
21 #include <linux/ioctl.h>
22 #include <linux/compiler.h>
23 #include <linux/types.h>
24
25 /* Name of the zcrypt device driver. */
26 #define ZCRYPT_NAME "zcrypt"
27
28 /**
29 * struct ica_rsa_modexpo
30 *
31 * Requirements:
32 * - outputdatalength is at least as large as inputdatalength.
33 * - All key parts are right justified in their fields, padded on
34 * the left with zeroes.
35 * - length(b_key) = inputdatalength
36 * - length(n_modulus) = inputdatalength
37 */
38 struct ica_rsa_modexpo {
39 __u8 __user *inputdata;
40 __u32 inputdatalength;
41 __u8 __user *outputdata;
42 __u32 outputdatalength;
43 __u8 __user *b_key;
44 __u8 __user *n_modulus;
45 };
46
47 /**
48 * struct ica_rsa_modexpo_crt
49 *
50 * Requirements:
51 * - inputdatalength is even.
52 * - outputdatalength is at least as large as inputdatalength.
53 * - All key parts are right justified in their fields, padded on
54 * the left with zeroes.
55 * - length(bp_key) = inputdatalength/2 + 8
56 * - length(bq_key) = inputdatalength/2
57 * - length(np_key) = inputdatalength/2 + 8
58 * - length(nq_key) = inputdatalength/2
59 * - length(u_mult_inv) = inputdatalength/2 + 8
60 */
61 struct ica_rsa_modexpo_crt {
62 __u8 __user *inputdata;
63 __u32 inputdatalength;
64 __u8 __user *outputdata;
65 __u32 outputdatalength;
66 __u8 __user *bp_key;
67 __u8 __user *bq_key;
68 __u8 __user *np_prime;
69 __u8 __user *nq_prime;
70 __u8 __user *u_mult_inv;
71 };
72
73 /**
74 * CPRBX
75 * Note that all shorts and ints are big-endian.
76 * All pointer fields are 16 bytes long, and mean nothing.
77 *
78 * A request CPRB is followed by a request_parameter_block.
79 *
80 * The request (or reply) parameter block is organized thus:
81 * function code
82 * VUD block
83 * key block
84 */
85 struct CPRBX {
86 __u16 cprb_len; /* CPRB length 220 */
87 __u8 cprb_ver_id; /* CPRB version id. 0x02 */
88 __u8 ctfm; /* Command Type Filtering Mask */
89 __u8 pad_000[2]; /* Alignment pad bytes */
90 __u8 func_id[2]; /* function id 0x5432 */
91 __u8 cprb_flags[4]; /* Flags */
92 __u32 req_parml; /* request parameter buffer len */
93 __u32 req_datal; /* request data buffer */
94 __u32 rpl_msgbl; /* reply message block length */
95 __u32 rpld_parml; /* replied parameter block len */
96 __u32 rpl_datal; /* reply data block len */
97 __u32 rpld_datal; /* replied data block len */
98 __u32 req_extbl; /* request extension block len */
99 __u8 _pad_001[4]; /* reserved */
100 __u32 rpld_extbl; /* replied extension block len */
101 __u8 _pad_002[16 - sizeof(__u8 *)];
102 __u8 __user *req_parmb; /* request parm block 'address' */
103 __u8 _pad_003[16 - sizeof(__u8 *)];
104 __u8 __user *req_datab; /* request data block 'address' */
105 __u8 _pad_004[16 - sizeof(__u8 *)];
106 __u8 __user *rpl_parmb; /* reply parm block 'address' */
107 __u8 _pad_005[16 - sizeof(__u8 *)];
108 __u8 __user *rpl_datab; /* reply data block 'address' */
109 __u8 _pad_006[16 - sizeof(__u8 *)];
110 __u8 __user *req_extb; /* request extension block 'addr'*/
111 __u8 _pad_007[16 - sizeof(__u8 *)];
112 __u8 __user *rpl_extb; /* reply extension block 'address'*/
113 __u16 ccp_rtcode; /* server return code */
114 __u16 ccp_rscode; /* server reason code */
115 __u32 mac_data_len; /* Mac Data Length */
116 __u8 logon_id[8]; /* Logon Identifier */
117 __u8 mac_value[8]; /* Mac Value */
118 __u8 mac_content_flgs; /* Mac content flag byte */
119 __u8 _pad_008; /* Alignment */
120 __u16 domain; /* Domain */
121 __u8 _pad_009[12]; /* reserved, checked for zeros */
122 __u8 _pad_010[36]; /* reserved */
123 } __attribute__((packed));
124
125 /**
126 * xcRB
127 */
128 struct ica_xcRB {
129 __u16 agent_ID;
130 __u32 user_defined;
131 __u16 request_ID;
132 __u32 request_control_blk_length;
133 __u8 _padding1[16 - sizeof(__u8 *)];
134 __u8 __user *request_control_blk_addr;
135 __u32 request_data_length;
136 __u8 _padding2[16 - sizeof(__u8 *)];
137 __u8 __user *request_data_address;
138 __u32 reply_control_blk_length;
139 __u8 _padding3[16 - sizeof(__u8 *)];
140 __u8 __user *reply_control_blk_addr;
141 __u32 reply_data_length;
142 __u8 __padding4[16 - sizeof(__u8 *)];
143 __u8 __user *reply_data_addr;
144 __u16 priority_window;
145 __u32 status;
146 } __attribute__((packed));
147
148 /**
149 * struct ep11_cprb - EP11 connectivity programming request block
150 * @cprb_len: CPRB header length [0x0020]
151 * @cprb_ver_id: CPRB version id. [0x04]
152 * @pad_000: Alignment pad bytes
153 * @flags: Admin bit [0x80], Special bit [0x20]
154 * @func_id: Function id / subtype [0x5434] "T4"
155 * @source_id: Source id [originator id]
156 * @target_id: Target id [usage/ctrl domain id]
157 * @ret_code: Return code
158 * @reserved1: Reserved
159 * @reserved2: Reserved
160 * @payload_len: Payload length
161 */
162 struct ep11_cprb {
163 __u16 cprb_len;
164 __u8 cprb_ver_id;
165 __u8 pad_000[2];
166 __u8 flags;
167 __u8 func_id[2];
168 __u32 source_id;
169 __u32 target_id;
170 __u32 ret_code;
171 __u32 reserved1;
172 __u32 reserved2;
173 __u32 payload_len;
174 } __attribute__((packed));
175
176 /**
177 * struct ep11_target_dev - EP11 target device list
178 * @ap_id: AP device id
179 * @dom_id: Usage domain id
180 */
181 struct ep11_target_dev {
182 __u16 ap_id;
183 __u16 dom_id;
184 };
185
186 /**
187 * struct ep11_urb - EP11 user request block
188 * @targets_num: Number of target adapters
189 * @targets: Addr to target adapter list
190 * @weight: Level of request priority
191 * @req_no: Request id/number
192 * @req_len: Request length
193 * @req: Addr to request block
194 * @resp_len: Response length
195 * @resp: Addr to response block
196 */
197 struct ep11_urb {
198 __u16 targets_num;
199 __u8 __user *targets;
200 __u64 weight;
201 __u64 req_no;
202 __u64 req_len;
203 __u8 __user *req;
204 __u64 resp_len;
205 __u8 __user *resp;
206 } __attribute__((packed));
207
208 /**
209 * struct zcrypt_device_status_ext
210 * @hwtype: raw hardware type
211 * @qid: 8 bit device index, 8 bit domain
212 * @functions: AP device function bit field 'abcdef'
213 * a, b, c = reserved
214 * d = CCA coprocessor
215 * e = Accelerator
216 * f = EP11 coprocessor
217 * @online online status
218 * @reserved reserved
219 */
220 struct zcrypt_device_status_ext {
221 unsigned int hwtype:8;
222 unsigned int qid:16;
223 unsigned int online:1;
224 unsigned int functions:6;
225 unsigned int reserved:1;
226 };
227
228 #define MAX_ZDEV_CARDIDS_EXT 256
229 #define MAX_ZDEV_DOMAINS_EXT 256
230
231 /* Maximum number of zcrypt devices */
232 #define MAX_ZDEV_ENTRIES_EXT (MAX_ZDEV_CARDIDS_EXT * MAX_ZDEV_DOMAINS_EXT)
233
234 /* Device matrix of all zcrypt devices */
235 struct zcrypt_device_matrix_ext {
236 struct zcrypt_device_status_ext device[MAX_ZDEV_ENTRIES_EXT];
237 };
238
239 #define AUTOSELECT 0xFFFFFFFF
240 #define AUTOSEL_AP ((__u16)0xFFFF)
241 #define AUTOSEL_DOM ((__u16)0xFFFF)
242
243 #define ZCRYPT_IOCTL_MAGIC 'z'
244
245 /**
246 * Interface notes:
247 *
248 * The ioctl()s which are implemented (along with relevant details)
249 * are:
250 *
251 * ICARSAMODEXPO
252 * Perform an RSA operation using a Modulus-Exponent pair
253 * This takes an ica_rsa_modexpo struct as its arg.
254 *
255 * NOTE: please refer to the comments preceding this structure
256 * for the implementation details for the contents of the
257 * block
258 *
259 * ICARSACRT
260 * Perform an RSA operation using a Chinese-Remainder Theorem key
261 * This takes an ica_rsa_modexpo_crt struct as its arg.
262 *
263 * NOTE: please refer to the comments preceding this structure
264 * for the implementation details for the contents of the
265 * block
266 *
267 * ZSECSENDCPRB
268 * Send an arbitrary CPRB to a crypto card.
269 *
270 * ZSENDEP11CPRB
271 * Send an arbitrary EP11 CPRB to an EP11 coprocessor crypto card.
272 *
273 * ZCRYPT_DEVICE_STATUS
274 * The given struct zcrypt_device_matrix_ext is updated with
275 * status information for each currently known apqn.
276 *
277 * ZCRYPT_STATUS_MASK
278 * Return an MAX_ZDEV_CARDIDS_EXT element array of unsigned chars for the
279 * status of all devices.
280 * 0x01: PCICA
281 * 0x02: PCICC
282 * 0x03: PCIXCC_MCL2
283 * 0x04: PCIXCC_MCL3
284 * 0x05: CEX2C
285 * 0x06: CEX2A
286 * 0x07: CEX3C
287 * 0x08: CEX3A
288 * 0x0a: CEX4
289 * 0x0b: CEX5
290 * 0x0c: CEX6, CEX7 or CEX8
291 * 0x0d: device is disabled
292 *
293 * ZCRYPT_QDEPTH_MASK
294 * Return an MAX_ZDEV_CARDIDS_EXT element array of unsigned chars for the
295 * queue depth of all devices.
296 *
297 * ZCRYPT_PERDEV_REQCNT
298 * Return an MAX_ZDEV_CARDIDS_EXT element array of unsigned integers for
299 * the number of successfully completed requests per device since the
300 * device was detected and made available.
301 *
302 */
303
304 /**
305 * Supported ioctl calls
306 */
307 #define ICARSAMODEXPO _IOC(_IOC_READ | _IOC_WRITE, ZCRYPT_IOCTL_MAGIC, 0x05, 0)
308 #define ICARSACRT _IOC(_IOC_READ | _IOC_WRITE, ZCRYPT_IOCTL_MAGIC, 0x06, 0)
309 #define ZSECSENDCPRB _IOC(_IOC_READ | _IOC_WRITE, ZCRYPT_IOCTL_MAGIC, 0x81, 0)
310 #define ZSENDEP11CPRB _IOC(_IOC_READ | _IOC_WRITE, ZCRYPT_IOCTL_MAGIC, 0x04, 0)
311
312 #define ZCRYPT_DEVICE_STATUS _IOC(_IOC_READ | _IOC_WRITE, ZCRYPT_IOCTL_MAGIC, 0x5f, 0)
313 #define ZCRYPT_STATUS_MASK _IOR(ZCRYPT_IOCTL_MAGIC, 0x58, char[MAX_ZDEV_CARDIDS_EXT])
314 #define ZCRYPT_QDEPTH_MASK _IOR(ZCRYPT_IOCTL_MAGIC, 0x59, char[MAX_ZDEV_CARDIDS_EXT])
315 #define ZCRYPT_PERDEV_REQCNT _IOR(ZCRYPT_IOCTL_MAGIC, 0x5a, int[MAX_ZDEV_CARDIDS_EXT])
316
317 /*
318 * Support for multiple zcrypt device nodes.
319 */
320
321 /* Nr of minor device node numbers to allocate. */
322 #define ZCRYPT_MAX_MINOR_NODES 256
323
324 /* Max amount of possible ioctls */
325 #define MAX_ZDEV_IOCTLS (1 << _IOC_NRBITS)
326
327 /*
328 * Only deprecated defines, structs and ioctls below this line.
329 */
330
331 /* Deprecated: use MAX_ZDEV_CARDIDS_EXT */
332 #define MAX_ZDEV_CARDIDS 64
333 /* Deprecated: use MAX_ZDEV_DOMAINS_EXT */
334 #define MAX_ZDEV_DOMAINS 256
335
336 /* Deprecated: use MAX_ZDEV_ENTRIES_EXT */
337 #define MAX_ZDEV_ENTRIES (MAX_ZDEV_CARDIDS * MAX_ZDEV_DOMAINS)
338
339 /* Deprecated: use struct zcrypt_device_status_ext */
340 struct zcrypt_device_status {
341 unsigned int hwtype:8;
342 unsigned int qid:14;
343 unsigned int online:1;
344 unsigned int functions:6;
345 unsigned int reserved:3;
346 };
347
348 /* Deprecated: use struct zcrypt_device_matrix_ext */
349 struct zcrypt_device_matrix {
350 struct zcrypt_device_status device[MAX_ZDEV_ENTRIES];
351 };
352
353 /* Deprecated: use ZCRYPT_DEVICE_STATUS */
354 #define ZDEVICESTATUS _IOC(_IOC_READ | _IOC_WRITE, ZCRYPT_IOCTL_MAGIC, 0x4f, 0)
355 /* Deprecated: use ZCRYPT_STATUS_MASK */
356 #define Z90STAT_STATUS_MASK _IOR(ZCRYPT_IOCTL_MAGIC, 0x48, char[64])
357 /* Deprecated: use ZCRYPT_QDEPTH_MASK */
358 #define Z90STAT_QDEPTH_MASK _IOR(ZCRYPT_IOCTL_MAGIC, 0x49, char[64])
359 /* Deprecated: use ZCRYPT_PERDEV_REQCNT */
360 #define Z90STAT_PERDEV_REQCNT _IOR(ZCRYPT_IOCTL_MAGIC, 0x4a, int[64])
361
362 /* Deprecated: use sysfs to query these values */
363 #define Z90STAT_REQUESTQ_COUNT _IOR(ZCRYPT_IOCTL_MAGIC, 0x44, int)
364 #define Z90STAT_PENDINGQ_COUNT _IOR(ZCRYPT_IOCTL_MAGIC, 0x45, int)
365 #define Z90STAT_TOTALOPEN_COUNT _IOR(ZCRYPT_IOCTL_MAGIC, 0x46, int)
366 #define Z90STAT_DOMAIN_INDEX _IOR(ZCRYPT_IOCTL_MAGIC, 0x47, int)
367
368 /*
369 * The ioctl number ranges 0x40 - 0x42 and 0x4b - 0x4e had been used in the
370 * past, don't assign new ioctls for these.
371 */
372
373 #endif /* __ASM_S390_ZCRYPT_H */
374
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.