projects / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ramips: remove 2.6.3[24] support
[openwrt.git] / target / linux / generic / files / crypto / ocf / ep80579 / icp_asym.c
1 /***************************************************************************
2 *
3 * This file is provided under a dual BSD/GPLv2 license. When using or
4 * redistributing this file, you may do so under either license.
5 *
6 * GPL LICENSE SUMMARY
7 *
8 * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of version 2 of the GNU General Public License as
12 * published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
22 * The full GNU General Public License is included in this distribution
23 * in the file called LICENSE.GPL.
24 *
25 * Contact Information:
26 * Intel Corporation
27 *
28 * BSD LICENSE
29 *
30 * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 *
37 * * Redistributions of source code must retain the above copyright
38 * notice, this list of conditions and the following disclaimer.
39 * * Redistributions in binary form must reproduce the above copyright
40 * notice, this list of conditions and the following disclaimer in
41 * the documentation and/or other materials provided with the
42 * distribution.
43 * * Neither the name of Intel Corporation nor the names of its
44 * contributors may be used to endorse or promote products derived
45 * from this software without specific prior written permission.
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
48 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
49 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
50 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
51 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
52 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
53 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
54 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
55 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
56 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
57 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
58 *
59 *
60 * version: Security.L.1.0.2-229
61 *
62 ***************************************************************************/
63
64 #include "icp_ocf.h"
65
66 /*The following define values (containing the word 'INDEX') are used to find
67 the index of each input buffer of the crypto_kop struct (see OCF cryptodev.h).
68 These values were found through analysis of the OCF OpenSSL patch. If the
69 calling program uses different input buffer positions, these defines will have
70 to be changed.*/
71
72 /*DIFFIE HELLMAN buffer index values*/
73 #define ICP_DH_KRP_PARAM_PRIME_INDEX (0)
74 #define ICP_DH_KRP_PARAM_BASE_INDEX (1)
75 #define ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX (2)
76 #define ICP_DH_KRP_PARAM_RESULT_INDEX (3)
77
78 /*MOD EXP buffer index values*/
79 #define ICP_MOD_EXP_KRP_PARAM_BASE_INDEX (0)
80 #define ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX (1)
81 #define ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX (2)
82 #define ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX (3)
83
84 /*MOD EXP CRT buffer index values*/
85 #define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX (0)
86 #define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX (1)
87 #define ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX (2)
88 #define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX (3)
89 #define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX (4)
90 #define ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX (5)
91 #define ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX (6)
92
93 /*DSA sign buffer index values*/
94 #define ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX (0)
95 #define ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX (1)
96 #define ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX (2)
97 #define ICP_DSA_SIGN_KRP_PARAM_G_INDEX (3)
98 #define ICP_DSA_SIGN_KRP_PARAM_X_INDEX (4)
99 #define ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX (5)
100 #define ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX (6)
101
102 /*DSA verify buffer index values*/
103 #define ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX (0)
104 #define ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX (1)
105 #define ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX (2)
106 #define ICP_DSA_VERIFY_KRP_PARAM_G_INDEX (3)
107 #define ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX (4)
108 #define ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX (5)
109 #define ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX (6)
110
111 /*DSA sign prime Q vs random number K size check values*/
112 #define DONT_RUN_LESS_THAN_CHECK (0)
113 #define FAIL_A_IS_GREATER_THAN_B (1)
114 #define FAIL_A_IS_EQUAL_TO_B (1)
115 #define SUCCESS_A_IS_LESS_THAN_B (0)
116 #define DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS (500)
117
118 /* We need to set a cryptokp success value just in case it is set or allocated
119 and not set to zero outside of this module */
120 #define CRYPTO_OP_SUCCESS (0)
121
122 /*Function to compute Diffie Hellman (DH) phase 1 or phase 2 key values*/
123 static int icp_ocfDrvDHComputeKey(struct cryptkop *krp);
124
125 /*Function to compute a Modular Exponentiation (Mod Exp)*/
126 static int icp_ocfDrvModExp(struct cryptkop *krp);
127
128 /*Function to compute a Mod Exp using the Chinease Remainder Theorem*/
129 static int icp_ocfDrvModExpCRT(struct cryptkop *krp);
130
131 /*Helper function to compute whether the first big number argument is less than
132 the second big number argument */
133 static int
134 icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck);
135
136 /*Function to sign an input with DSA R and S keys*/
137 static int icp_ocfDrvDsaSign(struct cryptkop *krp);
138
139 /*Function to Verify a DSA buffer signature*/
140 static int icp_ocfDrvDsaVerify(struct cryptkop *krp);
141
142 /*Callback function for DH operation*/
143 static void
144 icp_ocfDrvDhP1CallBack(void *callbackTag,
145 CpaStatus status,
146 void *pOpData, CpaFlatBuffer * pLocalOctetStringPV);
147
148 /*Callback function for ME operation*/
149 static void
150 icp_ocfDrvModExpCallBack(void *callbackTag,
151 CpaStatus status,
152 void *pOpData, CpaFlatBuffer * pResult);
153
154 /*Callback function for ME CRT operation*/
155 static void
156 icp_ocfDrvModExpCRTCallBack(void *callbackTag,
157 CpaStatus status,
158 void *pOpData, CpaFlatBuffer * pOutputData);
159
160 /*Callback function for DSA sign operation*/
161 static void
162 icp_ocfDrvDsaRSSignCallBack(void *callbackTag,
163 CpaStatus status,
164 void *pOpData,
165 CpaBoolean protocolStatus,
166 CpaFlatBuffer * pR, CpaFlatBuffer * pS);
167
168 /*Callback function for DSA Verify operation*/
169 static void
170 icp_ocfDrvDsaVerifyCallBack(void *callbackTag,
171 CpaStatus status,
172 void *pOpData, CpaBoolean verifyStatus);
173
174 /* Name : icp_ocfDrvPkeProcess
175 *
176 * Description : This function will choose which PKE process to follow
177 * based on the input arguments
178 */
179 int icp_ocfDrvPkeProcess(icp_device_t dev, struct cryptkop *krp, int hint)
180 {
181 CpaStatus lacStatus = CPA_STATUS_SUCCESS;
182
183 if (NULL == krp) {
184 DPRINTK("%s(): Invalid input parameters, cryptkop = %p\n",
185 __FUNCTION__, krp);
186 return EINVAL;
187 }
188
189 if (CPA_TRUE == icp_atomic_read(&icp_ocfDrvIsExiting)) {
190 krp->krp_status = ECANCELED;
191 return ECANCELED;
192 }
193
194 switch (krp->krp_op) {
195 case CRK_DH_COMPUTE_KEY:
196 DPRINTK("%s() doing DH_COMPUTE_KEY\n", __FUNCTION__);
197 lacStatus = icp_ocfDrvDHComputeKey(krp);
198 if (CPA_STATUS_SUCCESS != lacStatus) {
199 EPRINTK("%s(): icp_ocfDrvDHComputeKey failed "
200 "(%d).\n", __FUNCTION__, lacStatus);
201 krp->krp_status = ECANCELED;
202 return ECANCELED;
203 }
204
205 break;
206
207 case CRK_MOD_EXP:
208 DPRINTK("%s() doing MOD_EXP \n", __FUNCTION__);
209 lacStatus = icp_ocfDrvModExp(krp);
210 if (CPA_STATUS_SUCCESS != lacStatus) {
211 EPRINTK("%s(): icp_ocfDrvModExp failed (%d).\n",
212 __FUNCTION__, lacStatus);
213 krp->krp_status = ECANCELED;
214 return ECANCELED;
215 }
216
217 break;
218
219 case CRK_MOD_EXP_CRT:
220 DPRINTK("%s() doing MOD_EXP_CRT \n", __FUNCTION__);
221 lacStatus = icp_ocfDrvModExpCRT(krp);
222 if (CPA_STATUS_SUCCESS != lacStatus) {
223 EPRINTK("%s(): icp_ocfDrvModExpCRT "
224 "failed (%d).\n", __FUNCTION__, lacStatus);
225 krp->krp_status = ECANCELED;
226 return ECANCELED;
227 }
228
229 break;
230
231 case CRK_DSA_SIGN:
232 DPRINTK("%s() doing DSA_SIGN \n", __FUNCTION__);
233 lacStatus = icp_ocfDrvDsaSign(krp);
234 if (CPA_STATUS_SUCCESS != lacStatus) {
235 EPRINTK("%s(): icp_ocfDrvDsaSign "
236 "failed (%d).\n", __FUNCTION__, lacStatus);
237 krp->krp_status = ECANCELED;
238 return ECANCELED;
239 }
240
241 break;
242
243 case CRK_DSA_VERIFY:
244 DPRINTK("%s() doing DSA_VERIFY \n", __FUNCTION__);
245 lacStatus = icp_ocfDrvDsaVerify(krp);
246 if (CPA_STATUS_SUCCESS != lacStatus) {
247 EPRINTK("%s(): icp_ocfDrvDsaVerify "
248 "failed (%d).\n", __FUNCTION__, lacStatus);
249 krp->krp_status = ECANCELED;
250 return ECANCELED;
251 }
252
253 break;
254
255 default:
256 EPRINTK("%s(): Asymettric function not "
257 "supported (%d).\n", __FUNCTION__, krp->krp_op);
258 krp->krp_status = EOPNOTSUPP;
259 return EOPNOTSUPP;
260 }
261
262 return ICP_OCF_DRV_STATUS_SUCCESS;
263 }
264
265 /* Name : icp_ocfDrvSwapBytes
266 *
267 * Description : This function is used to swap the byte order of a buffer.
268 * It has been seen that in general we are passed little endian byte order
269 * buffers, but LAC only accepts big endian byte order buffers.
270 */
271 static void inline icp_ocfDrvSwapBytes(u_int8_t * num, u_int32_t buff_len_bytes)
272 {
273
274 int i;
275 u_int8_t *end_ptr;
276 u_int8_t hold_val;
277
278 end_ptr = num + (buff_len_bytes - 1);
279 buff_len_bytes = buff_len_bytes >> 1;
280 for (i = 0; i < buff_len_bytes; i++) {
281 hold_val = *num;
282 *num = *end_ptr;
283 num++;
284 *end_ptr = hold_val;
285 end_ptr--;
286 }
287 }
288
289 /* Name : icp_ocfDrvDHComputeKey
290 *
291 * Description : This function will map Diffie Hellman calls from OCF
292 * to the LAC API. OCF uses this function for Diffie Hellman Phase1 and
293 * Phase2. LAC has a separate Diffie Hellman Phase2 call, however both phases
294 * break down to a modular exponentiation.
295 */
296 static int icp_ocfDrvDHComputeKey(struct cryptkop *krp)
297 {
298 CpaStatus lacStatus = CPA_STATUS_SUCCESS;
299 void *callbackTag = NULL;
300 CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL;
301 CpaFlatBuffer *pLocalOctetStringPV = NULL;
302 uint32_t dh_prime_len_bytes = 0, dh_prime_len_bits = 0;
303
304 /* Input checks - check prime is a multiple of 8 bits to allow for
305 allocation later */
306 dh_prime_len_bits =
307 (krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_nbits);
308
309 /* LAC can reject prime lengths based on prime key sizes, we just
310 need to make sure we can allocate space for the base and
311 exponent buffers correctly */
312 if ((dh_prime_len_bits % NUM_BITS_IN_BYTE) != 0) {
313 APRINTK("%s(): Warning Prime number buffer size is not a "
314 "multiple of 8 bits\n", __FUNCTION__);
315 }
316
317 /* Result storage space should be the same size as the prime as this
318 value can take up the same amount of storage space */
319 if (dh_prime_len_bits !=
320 krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits) {
321 DPRINTK("%s(): Return Buffer must be the same size "
322 "as the Prime buffer\n", __FUNCTION__);
323 krp->krp_status = EINVAL;
324 return EINVAL;
325 }
326 /* Switch to size in bytes */
327 BITS_TO_BYTES(dh_prime_len_bytes, dh_prime_len_bits);
328
329 callbackTag = krp;
330
331 /*All allocations are set to ICP_M_NOWAIT due to the possibility of getting
332 called in interrupt context*/
333 pPhase1OpData = icp_kmem_cache_zalloc(drvDH_zone, ICP_M_NOWAIT);
334 if (NULL == pPhase1OpData) {
335 APRINTK("%s():Failed to get memory for key gen data\n",
336 __FUNCTION__);
337 krp->krp_status = ENOMEM;
338 return ENOMEM;
339 }
340
341 pLocalOctetStringPV =
342 icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
343 if (NULL == pLocalOctetStringPV) {
344 APRINTK("%s():Failed to get memory for pLocalOctetStringPV\n",
345 __FUNCTION__);
346 ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
347 krp->krp_status = ENOMEM;
348 return ENOMEM;
349 }
350
351 /* Link parameters */
352 pPhase1OpData->primeP.pData =
353 krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_p;
354
355 pPhase1OpData->primeP.dataLenInBytes = dh_prime_len_bytes;
356
357 icp_ocfDrvSwapBytes(pPhase1OpData->primeP.pData, dh_prime_len_bytes);
358
359 pPhase1OpData->baseG.pData =
360 krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_p;
361
362 BITS_TO_BYTES(pPhase1OpData->baseG.dataLenInBytes,
363 krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_nbits);
364
365 icp_ocfDrvSwapBytes(pPhase1OpData->baseG.pData,
366 pPhase1OpData->baseG.dataLenInBytes);
367
368 pPhase1OpData->privateValueX.pData =
369 krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX].crp_p;
370
371 BITS_TO_BYTES(pPhase1OpData->privateValueX.dataLenInBytes,
372 krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX].
373 crp_nbits);
374
375 icp_ocfDrvSwapBytes(pPhase1OpData->privateValueX.pData,
376 pPhase1OpData->privateValueX.dataLenInBytes);
377
378 /* Output parameters */
379 pLocalOctetStringPV->pData =
380 krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_p;
381
382 BITS_TO_BYTES(pLocalOctetStringPV->dataLenInBytes,
383 krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits);
384
385 lacStatus = cpaCyDhKeyGenPhase1(CPA_INSTANCE_HANDLE_SINGLE,
386 icp_ocfDrvDhP1CallBack,
387 callbackTag, pPhase1OpData,
388 pLocalOctetStringPV);
389
390 if (CPA_STATUS_SUCCESS != lacStatus) {
391 EPRINTK("%s(): DH Phase 1 Key Gen failed (%d).\n",
392 __FUNCTION__, lacStatus);
393 icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV);
394 ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
395 }
396
397 return lacStatus;
398 }
399
400 /* Name : icp_ocfDrvModExp
401 *
402 * Description : This function will map ordinary Modular Exponentiation calls
403 * from OCF to the LAC API.
404 *
405 */
406 static int icp_ocfDrvModExp(struct cryptkop *krp)
407 {
408 CpaStatus lacStatus = CPA_STATUS_SUCCESS;
409 void *callbackTag = NULL;
410 CpaCyLnModExpOpData *pModExpOpData = NULL;
411 CpaFlatBuffer *pResult = NULL;
412
413 if ((krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits %
414 NUM_BITS_IN_BYTE) != 0) {
415 DPRINTK("%s(): Warning - modulus buffer size (%d) is not a "
416 "multiple of 8 bits\n", __FUNCTION__,
417 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].
418 crp_nbits);
419 }
420
421 /* Result storage space should be the same size as the prime as this
422 value can take up the same amount of storage space */
423 if (krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits >
424 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_nbits) {
425 APRINTK("%s(): Return Buffer size must be the same or"
426 " greater than the Modulus buffer\n", __FUNCTION__);
427 krp->krp_status = EINVAL;
428 return EINVAL;
429 }
430
431 callbackTag = krp;
432
433 pModExpOpData = icp_kmem_cache_zalloc(drvLnModExp_zone, ICP_M_NOWAIT);
434 if (NULL == pModExpOpData) {
435 APRINTK("%s():Failed to get memory for key gen data\n",
436 __FUNCTION__);
437 krp->krp_status = ENOMEM;
438 return ENOMEM;
439 }
440
441 pResult = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
442 if (NULL == pResult) {
443 APRINTK("%s():Failed to get memory for ModExp result\n",
444 __FUNCTION__);
445 ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData);
446 krp->krp_status = ENOMEM;
447 return ENOMEM;
448 }
449
450 /* Link parameters */
451 pModExpOpData->modulus.pData =
452 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_p;
453 BITS_TO_BYTES(pModExpOpData->modulus.dataLenInBytes,
454 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].
455 crp_nbits);
456
457 icp_ocfDrvSwapBytes(pModExpOpData->modulus.pData,
458 pModExpOpData->modulus.dataLenInBytes);
459
460 DPRINTK("%s : base (%d)\n", __FUNCTION__, krp->
461 krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_nbits);
462 pModExpOpData->base.pData =
463 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_p;
464 BITS_TO_BYTES(pModExpOpData->base.dataLenInBytes,
465 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].
466 crp_nbits);
467 icp_ocfDrvSwapBytes(pModExpOpData->base.pData,
468 pModExpOpData->base.dataLenInBytes);
469
470 pModExpOpData->exponent.pData =
471 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX].crp_p;
472 BITS_TO_BYTES(pModExpOpData->exponent.dataLenInBytes,
473 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX].
474 crp_nbits);
475
476 icp_ocfDrvSwapBytes(pModExpOpData->exponent.pData,
477 pModExpOpData->exponent.dataLenInBytes);
478 /* Output parameters */
479 pResult->pData =
480 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_p,
481 BITS_TO_BYTES(pResult->dataLenInBytes,
482 krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].
483 crp_nbits);
484
485 lacStatus = cpaCyLnModExp(CPA_INSTANCE_HANDLE_SINGLE,
486 icp_ocfDrvModExpCallBack,
487 callbackTag, pModExpOpData, pResult);
488
489 if (CPA_STATUS_SUCCESS != lacStatus) {
490 EPRINTK("%s(): Mod Exp Operation failed (%d).\n",
491 __FUNCTION__, lacStatus);
492 krp->krp_status = ECANCELED;
493 icp_ocfDrvFreeFlatBuffer(pResult);
494 ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData);
495 }
496
497 return lacStatus;
498 }
499
500 /* Name : icp_ocfDrvModExpCRT
501 *
502 * Description : This function will map ordinary Modular Exponentiation Chinese
503 * Remainder Theorem implementaion calls from OCF to the LAC API.
504 *
505 * Note : Mod Exp CRT for this driver is accelerated through LAC RSA type 2
506 * decrypt operation. Therefore P and Q input values must always be prime
507 * numbers. Although basic primality checks are done in LAC, it is up to the
508 * user to do any correct prime number checking before passing the inputs.
509 */
510 static int icp_ocfDrvModExpCRT(struct cryptkop *krp)
511 {
512 CpaStatus lacStatus = CPA_STATUS_SUCCESS;
513 CpaCyRsaDecryptOpData *rsaDecryptOpData = NULL;
514 void *callbackTag = NULL;
515 CpaFlatBuffer *pOutputData = NULL;
516
517 /*Parameter input checks are all done by LAC, no need to repeat
518 them here. */
519 callbackTag = krp;
520
521 rsaDecryptOpData =
522 icp_kmem_cache_zalloc(drvRSADecrypt_zone, ICP_M_NOWAIT);
523 if (NULL == rsaDecryptOpData) {
524 APRINTK("%s():Failed to get memory"
525 " for MOD EXP CRT Op data struct\n", __FUNCTION__);
526 krp->krp_status = ENOMEM;
527 return ENOMEM;
528 }
529
530 rsaDecryptOpData->pRecipientPrivateKey
531 = icp_kmem_cache_zalloc(drvRSAPrivateKey_zone, ICP_M_NOWAIT);
532 if (NULL == rsaDecryptOpData->pRecipientPrivateKey) {
533 APRINTK("%s():Failed to get memory for MOD EXP CRT"
534 " private key values struct\n", __FUNCTION__);
535 ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
536 krp->krp_status = ENOMEM;
537 return ENOMEM;
538 }
539
540 rsaDecryptOpData->pRecipientPrivateKey->
541 version = CPA_CY_RSA_VERSION_TWO_PRIME;
542 rsaDecryptOpData->pRecipientPrivateKey->
543 privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2;
544
545 pOutputData = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
546 if (NULL == pOutputData) {
547 APRINTK("%s():Failed to get memory"
548 " for MOD EXP CRT output data\n", __FUNCTION__);
549 ICP_CACHE_FREE(drvRSAPrivateKey_zone,
550 rsaDecryptOpData->pRecipientPrivateKey);
551 ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
552 krp->krp_status = ENOMEM;
553 return ENOMEM;
554 }
555
556 rsaDecryptOpData->pRecipientPrivateKey->
557 version = CPA_CY_RSA_VERSION_TWO_PRIME;
558 rsaDecryptOpData->pRecipientPrivateKey->
559 privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2;
560
561 /* Link parameters */
562 rsaDecryptOpData->inputData.pData =
563 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX].crp_p;
564 BITS_TO_BYTES(rsaDecryptOpData->inputData.dataLenInBytes,
565 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX].
566 crp_nbits);
567
568 icp_ocfDrvSwapBytes(rsaDecryptOpData->inputData.pData,
569 rsaDecryptOpData->inputData.dataLenInBytes);
570
571 rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime1P.pData =
572 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX].crp_p;
573 BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
574 prime1P.dataLenInBytes,
575 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX].
576 crp_nbits);
577
578 icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
579 privateKeyRep2.prime1P.pData,
580 rsaDecryptOpData->pRecipientPrivateKey->
581 privateKeyRep2.prime1P.dataLenInBytes);
582
583 rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime2Q.pData =
584 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX].crp_p;
585 BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
586 prime2Q.dataLenInBytes,
587 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX].
588 crp_nbits);
589
590 icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
591 privateKeyRep2.prime2Q.pData,
592 rsaDecryptOpData->pRecipientPrivateKey->
593 privateKeyRep2.prime2Q.dataLenInBytes);
594
595 rsaDecryptOpData->pRecipientPrivateKey->
596 privateKeyRep2.exponent1Dp.pData =
597 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX].crp_p;
598 BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
599 exponent1Dp.dataLenInBytes,
600 krp->
601 krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX].
602 crp_nbits);
603
604 icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
605 privateKeyRep2.exponent1Dp.pData,
606 rsaDecryptOpData->pRecipientPrivateKey->
607 privateKeyRep2.exponent1Dp.dataLenInBytes);
608
609 rsaDecryptOpData->pRecipientPrivateKey->
610 privateKeyRep2.exponent2Dq.pData =
611 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX].crp_p;
612 BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->
613 privateKeyRep2.exponent2Dq.dataLenInBytes,
614 krp->
615 krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX].
616 crp_nbits);
617
618 icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
619 privateKeyRep2.exponent2Dq.pData,
620 rsaDecryptOpData->pRecipientPrivateKey->
621 privateKeyRep2.exponent2Dq.dataLenInBytes);
622
623 rsaDecryptOpData->pRecipientPrivateKey->
624 privateKeyRep2.coefficientQInv.pData =
625 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX].crp_p;
626 BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->
627 privateKeyRep2.coefficientQInv.dataLenInBytes,
628 krp->
629 krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX].
630 crp_nbits);
631
632 icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
633 privateKeyRep2.coefficientQInv.pData,
634 rsaDecryptOpData->pRecipientPrivateKey->
635 privateKeyRep2.coefficientQInv.dataLenInBytes);
636
637 /* Output Parameter */
638 pOutputData->pData =
639 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX].crp_p;
640 BITS_TO_BYTES(pOutputData->dataLenInBytes,
641 krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX].
642 crp_nbits);
643
644 lacStatus = cpaCyRsaDecrypt(CPA_INSTANCE_HANDLE_SINGLE,
645 icp_ocfDrvModExpCRTCallBack,
646 callbackTag, rsaDecryptOpData, pOutputData);
647
648 if (CPA_STATUS_SUCCESS != lacStatus) {
649 EPRINTK("%s(): Mod Exp CRT Operation failed (%d).\n",
650 __FUNCTION__, lacStatus);
651 krp->krp_status = ECANCELED;
652 icp_ocfDrvFreeFlatBuffer(pOutputData);
653 ICP_CACHE_FREE(drvRSAPrivateKey_zone,
654 rsaDecryptOpData->pRecipientPrivateKey);
655 ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
656 }
657
658 return lacStatus;
659 }
660
661 /* Name : icp_ocfDrvCheckALessThanB
662 *
663 * Description : This function will check whether the first argument is less
664 * than the second. It is used to check whether the DSA RS sign Random K
665 * value is less than the Prime Q value (as defined in the specification)
666 *
667 */
668 static int
669 icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck)
670 {
671
672 uint8_t *MSB_K = pK->pData;
673 uint8_t *MSB_Q = pQ->pData;
674 uint32_t buffer_lengths_in_bytes = pQ->dataLenInBytes;
675
676 if (DONT_RUN_LESS_THAN_CHECK == *doCheck) {
677 return FAIL_A_IS_GREATER_THAN_B;
678 }
679
680 /*Check MSBs
681 if A == B, check next MSB
682 if A > B, return A_IS_GREATER_THAN_B
683 if A < B, return A_IS_LESS_THAN_B (success)
684 */
685 while (*MSB_K == *MSB_Q) {
686 MSB_K++;
687 MSB_Q++;
688
689 buffer_lengths_in_bytes--;
690 if (0 == buffer_lengths_in_bytes) {
691 DPRINTK("%s() Buffers have equal value!!\n",
692 __FUNCTION__);
693 return FAIL_A_IS_EQUAL_TO_B;
694 }
695
696 }
697
698 if (*MSB_K < *MSB_Q) {
699 return SUCCESS_A_IS_LESS_THAN_B;
700 } else {
701 return FAIL_A_IS_GREATER_THAN_B;
702 }
703
704 }
705
706 /* Name : icp_ocfDrvDsaSign
707 *
708 * Description : This function will map DSA RS Sign from OCF to the LAC API.
709 *
710 * NOTE: From looking at OCF patch to OpenSSL and even the number of input
711 * parameters, OCF expects us to generate the random seed value. This value
712 * is generated and passed to LAC, however the number is discared in the
713 * callback and not returned to the user.
714 */
715 static int icp_ocfDrvDsaSign(struct cryptkop *krp)
716 {
717 CpaStatus lacStatus = CPA_STATUS_SUCCESS;
718 CpaCyDsaRSSignOpData *dsaRsSignOpData = NULL;
719 void *callbackTag = NULL;
720 CpaCyRandGenOpData randGenOpData;
721 int primeQSizeInBytes = 0;
722 int doCheck = 0;
723 CpaFlatBuffer randData;
724 CpaBoolean protocolStatus = CPA_FALSE;
725 CpaFlatBuffer *pR = NULL;
726 CpaFlatBuffer *pS = NULL;
727
728 callbackTag = krp;
729
730 BITS_TO_BYTES(primeQSizeInBytes,
731 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].
732 crp_nbits);
733
734 if (DSA_RS_SIGN_PRIMEQ_SIZE_IN_BYTES != primeQSizeInBytes) {
735 APRINTK("%s(): DSA PRIME Q size not equal to the "
736 "FIPS defined 20bytes, = %d\n",
737 __FUNCTION__, primeQSizeInBytes);
738 krp->krp_status = EDOM;
739 return EDOM;
740 }
741
742 dsaRsSignOpData =
743 icp_kmem_cache_zalloc(drvDSARSSign_zone, ICP_M_NOWAIT);
744 if (NULL == dsaRsSignOpData) {
745 APRINTK("%s():Failed to get memory"
746 " for DSA RS Sign Op data struct\n", __FUNCTION__);
747 krp->krp_status = ENOMEM;
748 return ENOMEM;
749 }
750
751 dsaRsSignOpData->K.pData =
752 icp_kmem_cache_alloc(drvDSARSSignKValue_zone, ICP_M_NOWAIT);
753
754 if (NULL == dsaRsSignOpData->K.pData) {
755 APRINTK("%s():Failed to get memory"
756 " for DSA RS Sign Op Random value\n", __FUNCTION__);
757 ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
758 krp->krp_status = ENOMEM;
759 return ENOMEM;
760 }
761
762 pR = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
763 if (NULL == pR) {
764 APRINTK("%s():Failed to get memory"
765 " for DSA signature R\n", __FUNCTION__);
766 ICP_CACHE_FREE(drvDSARSSignKValue_zone,
767 dsaRsSignOpData->K.pData);
768 ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
769 krp->krp_status = ENOMEM;
770 return ENOMEM;
771 }
772
773 pS = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
774 if (NULL == pS) {
775 APRINTK("%s():Failed to get memory"
776 " for DSA signature S\n", __FUNCTION__);
777 icp_ocfDrvFreeFlatBuffer(pR);
778 ICP_CACHE_FREE(drvDSARSSignKValue_zone,
779 dsaRsSignOpData->K.pData);
780 ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
781 krp->krp_status = ENOMEM;
782 return ENOMEM;
783 }
784
785 /*link prime number parameter for ease of processing */
786 dsaRsSignOpData->P.pData =
787 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX].crp_p;
788 BITS_TO_BYTES(dsaRsSignOpData->P.dataLenInBytes,
789 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX].
790 crp_nbits);
791
792 icp_ocfDrvSwapBytes(dsaRsSignOpData->P.pData,
793 dsaRsSignOpData->P.dataLenInBytes);
794
795 dsaRsSignOpData->Q.pData =
796 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].crp_p;
797 BITS_TO_BYTES(dsaRsSignOpData->Q.dataLenInBytes,
798 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].
799 crp_nbits);
800
801 icp_ocfDrvSwapBytes(dsaRsSignOpData->Q.pData,
802 dsaRsSignOpData->Q.dataLenInBytes);
803
804 /*generate random number with equal buffer size to Prime value Q,
805 but value less than Q */
806 dsaRsSignOpData->K.dataLenInBytes = dsaRsSignOpData->Q.dataLenInBytes;
807
808 randGenOpData.generateBits = CPA_TRUE;
809 randGenOpData.lenInBytes = dsaRsSignOpData->K.dataLenInBytes;
810
811 icp_ocfDrvPtrAndLenToFlatBuffer(dsaRsSignOpData->K.pData,
812 dsaRsSignOpData->K.dataLenInBytes,
813 &randData);
814
815 doCheck = 0;
816 while (icp_ocfDrvCheckALessThanB(&(dsaRsSignOpData->K),
817 &(dsaRsSignOpData->Q), &doCheck)) {
818
819 if (CPA_STATUS_SUCCESS
820 != cpaCyRandGen(CPA_INSTANCE_HANDLE_SINGLE,
821 NULL, NULL, &randGenOpData, &randData)) {
822 APRINTK("%s(): ERROR - Failed to generate DSA RS Sign K"
823 "value\n", __FUNCTION__);
824 icp_ocfDrvFreeFlatBuffer(pS);
825 icp_ocfDrvFreeFlatBuffer(pR);
826 ICP_CACHE_FREE(drvDSARSSignKValue_zone,
827 dsaRsSignOpData->K.pData);
828 ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
829 krp->krp_status = EAGAIN;
830 return EAGAIN;
831 }
832
833 doCheck++;
834 if (DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS == doCheck) {
835 APRINTK("%s(): ERROR - Failed to find DSA RS Sign K "
836 "value less than Q value\n", __FUNCTION__);
837 icp_ocfDrvFreeFlatBuffer(pS);
838 icp_ocfDrvFreeFlatBuffer(pR);
839 ICP_CACHE_FREE(drvDSARSSignKValue_zone,
840 dsaRsSignOpData->K.pData);
841 ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
842 krp->krp_status = EAGAIN;
843 return EAGAIN;
844 }
845
846 }
847 /*Rand Data - no need to swap bytes for pK */
848
849 /* Link parameters */
850 dsaRsSignOpData->G.pData =
851 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_p;
852 BITS_TO_BYTES(dsaRsSignOpData->G.dataLenInBytes,
853 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_nbits);
854
855 icp_ocfDrvSwapBytes(dsaRsSignOpData->G.pData,
856 dsaRsSignOpData->G.dataLenInBytes);
857
858 dsaRsSignOpData->X.pData =
859 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_p;
860 BITS_TO_BYTES(dsaRsSignOpData->X.dataLenInBytes,
861 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_nbits);
862 icp_ocfDrvSwapBytes(dsaRsSignOpData->X.pData,
863 dsaRsSignOpData->X.dataLenInBytes);
864
865 /*OpenSSL dgst parameter is left in big endian byte order,
866 therefore no byte swap is required */
867 dsaRsSignOpData->M.pData =
868 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX].crp_p;
869 BITS_TO_BYTES(dsaRsSignOpData->M.dataLenInBytes,
870 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX].
871 crp_nbits);
872
873 /* Output Parameters */
874 pS->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX].crp_p;
875 BITS_TO_BYTES(pS->dataLenInBytes,
876 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX].
877 crp_nbits);
878
879 pR->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX].crp_p;
880 BITS_TO_BYTES(pR->dataLenInBytes,
881 krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX].
882 crp_nbits);
883
884 lacStatus = cpaCyDsaSignRS(CPA_INSTANCE_HANDLE_SINGLE,
885 icp_ocfDrvDsaRSSignCallBack,
886 callbackTag, dsaRsSignOpData,
887 &protocolStatus, pR, pS);
888
889 if (CPA_STATUS_SUCCESS != lacStatus) {
890 EPRINTK("%s(): DSA RS Sign Operation failed (%d).\n",
891 __FUNCTION__, lacStatus);
892 krp->krp_status = ECANCELED;
893 icp_ocfDrvFreeFlatBuffer(pS);
894 icp_ocfDrvFreeFlatBuffer(pR);
895 ICP_CACHE_FREE(drvDSARSSignKValue_zone,
896 dsaRsSignOpData->K.pData);
897 ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
898 }
899
900 return lacStatus;
901 }
902
903 /* Name : icp_ocfDrvDsaVerify
904 *
905 * Description : This function will map DSA RS Verify from OCF to the LAC API.
906 *
907 */
908 static int icp_ocfDrvDsaVerify(struct cryptkop *krp)
909 {
910 CpaStatus lacStatus = CPA_STATUS_SUCCESS;
911 CpaCyDsaVerifyOpData *dsaVerifyOpData = NULL;
912 void *callbackTag = NULL;
913 CpaBoolean verifyStatus = CPA_FALSE;
914
915 callbackTag = krp;
916
917 dsaVerifyOpData =
918 icp_kmem_cache_zalloc(drvDSAVerify_zone, ICP_M_NOWAIT);
919 if (NULL == dsaVerifyOpData) {
920 APRINTK("%s():Failed to get memory"
921 " for DSA Verify Op data struct\n", __FUNCTION__);
922 krp->krp_status = ENOMEM;
923 return ENOMEM;
924 }
925
926 /* Link parameters */
927 dsaVerifyOpData->P.pData =
928 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX].crp_p;
929 BITS_TO_BYTES(dsaVerifyOpData->P.dataLenInBytes,
930 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX].
931 crp_nbits);
932 icp_ocfDrvSwapBytes(dsaVerifyOpData->P.pData,
933 dsaVerifyOpData->P.dataLenInBytes);
934
935 dsaVerifyOpData->Q.pData =
936 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX].crp_p;
937 BITS_TO_BYTES(dsaVerifyOpData->Q.dataLenInBytes,
938 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX].
939 crp_nbits);
940 icp_ocfDrvSwapBytes(dsaVerifyOpData->Q.pData,
941 dsaVerifyOpData->Q.dataLenInBytes);
942
943 dsaVerifyOpData->G.pData =
944 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX].crp_p;
945 BITS_TO_BYTES(dsaVerifyOpData->G.dataLenInBytes,
946 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX].
947 crp_nbits);
948 icp_ocfDrvSwapBytes(dsaVerifyOpData->G.pData,
949 dsaVerifyOpData->G.dataLenInBytes);
950
951 dsaVerifyOpData->Y.pData =
952 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX].crp_p;
953 BITS_TO_BYTES(dsaVerifyOpData->Y.dataLenInBytes,
954 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX].
955 crp_nbits);
956 icp_ocfDrvSwapBytes(dsaVerifyOpData->Y.pData,
957 dsaVerifyOpData->Y.dataLenInBytes);
958
959 /*OpenSSL dgst parameter is left in big endian byte order,
960 therefore no byte swap is required */
961 dsaVerifyOpData->M.pData =
962 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX].crp_p;
963 BITS_TO_BYTES(dsaVerifyOpData->M.dataLenInBytes,
964 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX].
965 crp_nbits);
966
967 dsaVerifyOpData->R.pData =
968 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX].crp_p;
969 BITS_TO_BYTES(dsaVerifyOpData->R.dataLenInBytes,
970 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX].
971 crp_nbits);
972 icp_ocfDrvSwapBytes(dsaVerifyOpData->R.pData,
973 dsaVerifyOpData->R.dataLenInBytes);
974
975 dsaVerifyOpData->S.pData =
976 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX].crp_p;
977 BITS_TO_BYTES(dsaVerifyOpData->S.dataLenInBytes,
978 krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX].
979 crp_nbits);
980 icp_ocfDrvSwapBytes(dsaVerifyOpData->S.pData,
981 dsaVerifyOpData->S.dataLenInBytes);
982
983 lacStatus = cpaCyDsaVerify(CPA_INSTANCE_HANDLE_SINGLE,
984 icp_ocfDrvDsaVerifyCallBack,
985 callbackTag, dsaVerifyOpData, &verifyStatus);
986
987 if (CPA_STATUS_SUCCESS != lacStatus) {
988 EPRINTK("%s(): DSA Verify Operation failed (%d).\n",
989 __FUNCTION__, lacStatus);
990 ICP_CACHE_FREE(drvDSAVerify_zone, dsaVerifyOpData);
991 krp->krp_status = ECANCELED;
992 }
993
994 return lacStatus;
995 }
996
997 /* Name : icp_ocfDrvDhP1Callback
998 *
999 * Description : When this function returns it signifies that the LAC
1000 * component has completed the DH operation.
1001 */
1002 static void
1003 icp_ocfDrvDhP1CallBack(void *callbackTag,
1004 CpaStatus status,
1005 void *pOpData, CpaFlatBuffer * pLocalOctetStringPV)
1006 {
1007 struct cryptkop *krp = NULL;
1008 CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL;
1009
1010 if (NULL == callbackTag) {
1011 DPRINTK("%s(): Invalid input parameters - "
1012 "callbackTag data is NULL\n", __FUNCTION__);
1013 return;
1014 }
1015 krp = (struct cryptkop *)callbackTag;
1016
1017 if (NULL == pOpData) {
1018 DPRINTK("%s(): Invalid input parameters - "
1019 "Operation Data is NULL\n", __FUNCTION__);
1020 krp->krp_status = ECANCELED;
1021 crypto_kdone(krp);
1022 return;
1023 }
1024 pPhase1OpData = (CpaCyDhPhase1KeyGenOpData *) pOpData;
1025
1026 if (NULL == pLocalOctetStringPV) {
1027 DPRINTK("%s(): Invalid input parameters - "
1028 "pLocalOctetStringPV Data is NULL\n", __FUNCTION__);
1029 memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData));
1030 ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
1031 krp->krp_status = ECANCELED;
1032 crypto_kdone(krp);
1033 return;
1034 }
1035
1036 if (CPA_STATUS_SUCCESS == status) {
1037 krp->krp_status = CRYPTO_OP_SUCCESS;
1038 } else {
1039 APRINTK("%s(): Diffie Hellman Phase1 Key Gen failed - "
1040 "Operation Status = %d\n", __FUNCTION__, status);
1041 krp->krp_status = ECANCELED;
1042 }
1043
1044 icp_ocfDrvSwapBytes(pLocalOctetStringPV->pData,
1045 pLocalOctetStringPV->dataLenInBytes);
1046
1047 icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV);
1048 memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData));
1049 ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
1050
1051 crypto_kdone(krp);
1052
1053 return;
1054 }
1055
1056 /* Name : icp_ocfDrvModExpCallBack
1057 *
1058 * Description : When this function returns it signifies that the LAC
1059 * component has completed the Mod Exp operation.
1060 */
1061 static void
1062 icp_ocfDrvModExpCallBack(void *callbackTag,
1063 CpaStatus status,
1064 void *pOpdata, CpaFlatBuffer * pResult)
1065 {
1066 struct cryptkop *krp = NULL;
1067 CpaCyLnModExpOpData *pLnModExpOpData = NULL;
1068
1069 if (NULL == callbackTag) {
1070 DPRINTK("%s(): Invalid input parameters - "
1071 "callbackTag data is NULL\n", __FUNCTION__);
1072 return;
1073 }
1074 krp = (struct cryptkop *)callbackTag;
1075
1076 if (NULL == pOpdata) {
1077 DPRINTK("%s(): Invalid Mod Exp input parameters - "
1078 "Operation Data is NULL\n", __FUNCTION__);
1079 krp->krp_status = ECANCELED;
1080 crypto_kdone(krp);
1081 return;
1082 }
1083 pLnModExpOpData = (CpaCyLnModExpOpData *) pOpdata;
1084
1085 if (NULL == pResult) {
1086 DPRINTK("%s(): Invalid input parameters - "
1087 "pResult data is NULL\n", __FUNCTION__);
1088 krp->krp_status = ECANCELED;
1089 memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData));
1090 ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData);
1091 crypto_kdone(krp);
1092 return;
1093 }
1094
1095 if (CPA_STATUS_SUCCESS == status) {
1096 krp->krp_status = CRYPTO_OP_SUCCESS;
1097 } else {
1098 APRINTK("%s(): LAC Mod Exp Operation failed - "
1099 "Operation Status = %d\n", __FUNCTION__, status);
1100 krp->krp_status = ECANCELED;
1101 }
1102
1103 icp_ocfDrvSwapBytes(pResult->pData, pResult->dataLenInBytes);
1104
1105 /*switch base size value back to original */
1106 if (pLnModExpOpData->base.pData ==
1107 (uint8_t *) & (krp->
1108 krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].
1109 crp_nbits)) {
1110 *((uint32_t *) pLnModExpOpData->base.pData) =
1111 ntohl(*((uint32_t *) pLnModExpOpData->base.pData));
1112 }
1113 icp_ocfDrvFreeFlatBuffer(pResult);
1114 memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData));
1115 ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData);
1116
1117 crypto_kdone(krp);
1118
1119 return;
1120
1121 }
1122
1123 /* Name : icp_ocfDrvModExpCRTCallBack
1124 *
1125 * Description : When this function returns it signifies that the LAC
1126 * component has completed the Mod Exp CRT operation.
1127 */
1128 static void
1129 icp_ocfDrvModExpCRTCallBack(void *callbackTag,
1130 CpaStatus status,
1131 void *pOpData, CpaFlatBuffer * pOutputData)
1132 {
1133 struct cryptkop *krp = NULL;
1134 CpaCyRsaDecryptOpData *pDecryptData = NULL;
1135
1136 if (NULL == callbackTag) {
1137 DPRINTK("%s(): Invalid input parameters - "
1138 "callbackTag data is NULL\n", __FUNCTION__);
1139 return;
1140 }
1141
1142 krp = (struct cryptkop *)callbackTag;
1143
1144 if (NULL == pOpData) {
1145 DPRINTK("%s(): Invalid input parameters - "
1146 "Operation Data is NULL\n", __FUNCTION__);
1147 krp->krp_status = ECANCELED;
1148 crypto_kdone(krp);
1149 return;
1150 }
1151 pDecryptData = (CpaCyRsaDecryptOpData *) pOpData;
1152
1153 if (NULL == pOutputData) {
1154 DPRINTK("%s(): Invalid input parameter - "
1155 "pOutputData is NULL\n", __FUNCTION__);
1156 memset(pDecryptData->pRecipientPrivateKey, 0,
1157 sizeof(CpaCyRsaPrivateKey));
1158 ICP_CACHE_FREE(drvRSAPrivateKey_zone,
1159 pDecryptData->pRecipientPrivateKey);
1160 memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData));
1161 ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData);
1162 krp->krp_status = ECANCELED;
1163 crypto_kdone(krp);
1164 return;
1165 }
1166
1167 if (CPA_STATUS_SUCCESS == status) {
1168 krp->krp_status = CRYPTO_OP_SUCCESS;
1169 } else {
1170 APRINTK("%s(): LAC Mod Exp CRT operation failed - "
1171 "Operation Status = %d\n", __FUNCTION__, status);
1172 krp->krp_status = ECANCELED;
1173 }
1174
1175 icp_ocfDrvSwapBytes(pOutputData->pData, pOutputData->dataLenInBytes);
1176
1177 icp_ocfDrvFreeFlatBuffer(pOutputData);
1178 memset(pDecryptData->pRecipientPrivateKey, 0,
1179 sizeof(CpaCyRsaPrivateKey));
1180 ICP_CACHE_FREE(drvRSAPrivateKey_zone,
1181 pDecryptData->pRecipientPrivateKey);
1182 memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData));
1183 ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData);
1184
1185 crypto_kdone(krp);
1186
1187 return;
1188 }
1189
1190 /* Name : icp_ocfDrvDsaRSSignCallBack
1191 *
1192 * Description : When this function returns it signifies that the LAC
1193 * component has completed the DSA RS sign operation.
1194 */
1195 static void
1196 icp_ocfDrvDsaRSSignCallBack(void *callbackTag,
1197 CpaStatus status,
1198 void *pOpData,
1199 CpaBoolean protocolStatus,
1200 CpaFlatBuffer * pR, CpaFlatBuffer * pS)
1201 {
1202 struct cryptkop *krp = NULL;
1203 CpaCyDsaRSSignOpData *pSignData = NULL;
1204
1205 if (NULL == callbackTag) {
1206 DPRINTK("%s(): Invalid input parameters - "
1207 "callbackTag data is NULL\n", __FUNCTION__);
1208 return;
1209 }
1210
1211 krp = (struct cryptkop *)callbackTag;
1212
1213 if (NULL == pOpData) {
1214 DPRINTK("%s(): Invalid input parameters - "
1215 "Operation Data is NULL\n", __FUNCTION__);
1216 krp->krp_status = ECANCELED;
1217 crypto_kdone(krp);
1218 return;
1219 }
1220 pSignData = (CpaCyDsaRSSignOpData *) pOpData;
1221
1222 if (NULL == pR) {
1223 DPRINTK("%s(): Invalid input parameter - "
1224 "pR sign is NULL\n", __FUNCTION__);
1225 icp_ocfDrvFreeFlatBuffer(pS);
1226 ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1227 krp->krp_status = ECANCELED;
1228 crypto_kdone(krp);
1229 return;
1230 }
1231
1232 if (NULL == pS) {
1233 DPRINTK("%s(): Invalid input parameter - "
1234 "pS sign is NULL\n", __FUNCTION__);
1235 icp_ocfDrvFreeFlatBuffer(pR);
1236 ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1237 krp->krp_status = ECANCELED;
1238 crypto_kdone(krp);
1239 return;
1240 }
1241
1242 if (CPA_STATUS_SUCCESS != status) {
1243 APRINTK("%s(): LAC DSA RS Sign operation failed - "
1244 "Operation Status = %d\n", __FUNCTION__, status);
1245 krp->krp_status = ECANCELED;
1246 } else {
1247 krp->krp_status = CRYPTO_OP_SUCCESS;
1248
1249 if (CPA_TRUE != protocolStatus) {
1250 DPRINTK("%s(): LAC DSA RS Sign operation failed due "
1251 "to protocol error\n", __FUNCTION__);
1252 krp->krp_status = EIO;
1253 }
1254 }
1255
1256 /* Swap bytes only when the callback status is successful and
1257 protocolStatus is set to true */
1258 if (CPA_STATUS_SUCCESS == status && CPA_TRUE == protocolStatus) {
1259 icp_ocfDrvSwapBytes(pR->pData, pR->dataLenInBytes);
1260 icp_ocfDrvSwapBytes(pS->pData, pS->dataLenInBytes);
1261 }
1262
1263 icp_ocfDrvFreeFlatBuffer(pR);
1264 icp_ocfDrvFreeFlatBuffer(pS);
1265 memset(pSignData->K.pData, 0, pSignData->K.dataLenInBytes);
1266 ICP_CACHE_FREE(drvDSARSSignKValue_zone, pSignData->K.pData);
1267 memset(pSignData, 0, sizeof(CpaCyDsaRSSignOpData));
1268 ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1269 crypto_kdone(krp);
1270
1271 return;
1272 }
1273
1274 /* Name : icp_ocfDrvDsaVerifyCallback
1275 *
1276 * Description : When this function returns it signifies that the LAC
1277 * component has completed the DSA Verify operation.
1278 */
1279 static void
1280 icp_ocfDrvDsaVerifyCallBack(void *callbackTag,
1281 CpaStatus status,
1282 void *pOpData, CpaBoolean verifyStatus)
1283 {
1284
1285 struct cryptkop *krp = NULL;
1286 CpaCyDsaVerifyOpData *pVerData = NULL;
1287
1288 if (NULL == callbackTag) {
1289 DPRINTK("%s(): Invalid input parameters - "
1290 "callbackTag data is NULL\n", __FUNCTION__);
1291 return;
1292 }
1293
1294 krp = (struct cryptkop *)callbackTag;
1295
1296 if (NULL == pOpData) {
1297 DPRINTK("%s(): Invalid input parameters - "
1298 "Operation Data is NULL\n", __FUNCTION__);
1299 krp->krp_status = ECANCELED;
1300 crypto_kdone(krp);
1301 return;
1302 }
1303 pVerData = (CpaCyDsaVerifyOpData *) pOpData;
1304
1305 if (CPA_STATUS_SUCCESS != status) {
1306 APRINTK("%s(): LAC DSA Verify operation failed - "
1307 "Operation Status = %d\n", __FUNCTION__, status);
1308 krp->krp_status = ECANCELED;
1309 } else {
1310 krp->krp_status = CRYPTO_OP_SUCCESS;
1311
1312 if (CPA_TRUE != verifyStatus) {
1313 DPRINTK("%s(): DSA signature invalid\n", __FUNCTION__);
1314 krp->krp_status = EIO;
1315 }
1316 }
1317
1318 /* Swap bytes only when the callback status is successful and
1319 verifyStatus is set to true */
1320 /*Just swapping back the key values for now. Possibly all
1321 swapped buffers need to be reverted */
1322 if (CPA_STATUS_SUCCESS == status && CPA_TRUE == verifyStatus) {
1323 icp_ocfDrvSwapBytes(pVerData->R.pData,
1324 pVerData->R.dataLenInBytes);
1325 icp_ocfDrvSwapBytes(pVerData->S.pData,
1326 pVerData->S.dataLenInBytes);
1327 }
1328
1329 memset(pVerData, 0, sizeof(CpaCyDsaVerifyOpData));
1330 ICP_CACHE_FREE(drvDSAVerify_zone, pVerData);
1331 crypto_kdone(krp);
1332
1333 return;
1334 }
Personal OpenWRT clone
This page took 0.108157 seconds and 5 git commands to generate.