OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/target/linux/generic/files/crypto/ocf/ep80579/icp_asym.c

1	/***************************************************************************
2	*
3	* This file is provided under a dual BSD/GPLv2 license. When using or
4	* redistributing this file, you may do so under either license.
5	*
6	* GPL LICENSE SUMMARY
7	*
8	* Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved.
9	*
10	* This program is free software; you can redistribute it and/or modify
11	* it under the terms of version 2 of the GNU General Public License as
12	* published by the Free Software Foundation.
13	*
14	* This program is distributed in the hope that it will be useful, but
15	* WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17	* General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program; if not, write to the Free Software
21	* Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
22	* The full GNU General Public License is included in this distribution
23	* in the file called LICENSE.GPL.
24	*
25	* Contact Information:
26	* Intel Corporation
27	*
28	* BSD LICENSE
29	*
30	* Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved.
31	* All rights reserved.
32	*
33	* Redistribution and use in source and binary forms, with or without
34	* modification, are permitted provided that the following conditions
35	* are met:
36	*
37	* * Redistributions of source code must retain the above copyright
38	* notice, this list of conditions and the following disclaimer.
39	* * Redistributions in binary form must reproduce the above copyright
40	* notice, this list of conditions and the following disclaimer in
41	* the documentation and/or other materials provided with the
42	* distribution.
43	* * Neither the name of Intel Corporation nor the names of its
44	* contributors may be used to endorse or promote products derived
45	* from this software without specific prior written permission.
46	*
47	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
48	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
49	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
50	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
51	* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
52	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
53	* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
54	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
55	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
56	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
57	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
58	*
59	*
60	* version: Security.L.1.0.2-229
61	*
62	***************************************************************************/
63
64	#include "icp_ocf.h"
65
66	/*The following define values (containing the word 'INDEX') are used to find
67	the index of each input buffer of the crypto_kop struct (see OCF cryptodev.h).
68	These values were found through analysis of the OCF OpenSSL patch. If the
69	calling program uses different input buffer positions, these defines will have
70	to be changed.*/
71
72	/DIFFIE HELLMAN buffer index values/
73	#define ICP_DH_KRP_PARAM_PRIME_INDEX (0)
74	#define ICP_DH_KRP_PARAM_BASE_INDEX (1)
75	#define ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX (2)
76	#define ICP_DH_KRP_PARAM_RESULT_INDEX (3)
77
78	/MOD EXP buffer index values/
79	#define ICP_MOD_EXP_KRP_PARAM_BASE_INDEX (0)
80	#define ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX (1)
81	#define ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX (2)
82	#define ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX (3)
83
84	/MOD EXP CRT buffer index values/
85	#define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX (0)
86	#define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX (1)
87	#define ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX (2)
88	#define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX (3)
89	#define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX (4)
90	#define ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX (5)
91	#define ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX (6)
92
93	/DSA sign buffer index values/
94	#define ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX (0)
95	#define ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX (1)
96	#define ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX (2)
97	#define ICP_DSA_SIGN_KRP_PARAM_G_INDEX (3)
98	#define ICP_DSA_SIGN_KRP_PARAM_X_INDEX (4)
99	#define ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX (5)
100	#define ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX (6)
101
102	/DSA verify buffer index values/
103	#define ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX (0)
104	#define ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX (1)
105	#define ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX (2)
106	#define ICP_DSA_VERIFY_KRP_PARAM_G_INDEX (3)
107	#define ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX (4)
108	#define ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX (5)
109	#define ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX (6)
110
111	/DSA sign prime Q vs random number K size check values/
112	#define DONT_RUN_LESS_THAN_CHECK (0)
113	#define FAIL_A_IS_GREATER_THAN_B (1)
114	#define FAIL_A_IS_EQUAL_TO_B (1)
115	#define SUCCESS_A_IS_LESS_THAN_B (0)
116	#define DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS (500)
117
118	/* We need to set a cryptokp success value just in case it is set or allocated
119	and not set to zero outside of this module */
120	#define CRYPTO_OP_SUCCESS (0)
121
122	/Function to compute Diffie Hellman (DH) phase 1 or phase 2 key values/
123	static int icp_ocfDrvDHComputeKey(struct cryptkop *krp);
124
125	/Function to compute a Modular Exponentiation (Mod Exp)/
126	static int icp_ocfDrvModExp(struct cryptkop *krp);
127
128	/Function to compute a Mod Exp using the Chinease Remainder Theorem/
129	static int icp_ocfDrvModExpCRT(struct cryptkop *krp);
130
131	/*Helper function to compute whether the first big number argument is less than
132	the second big number argument */
133	static int
134	icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck);
135
136	/Function to sign an input with DSA R and S keys/
137	static int icp_ocfDrvDsaSign(struct cryptkop *krp);
138
139	/Function to Verify a DSA buffer signature/
140	static int icp_ocfDrvDsaVerify(struct cryptkop *krp);
141
142	/Callback function for DH operation/
143	static void
144	icp_ocfDrvDhP1CallBack(void *callbackTag,
145	CpaStatus status,
146	void pOpData, CpaFlatBuffer pLocalOctetStringPV);
147
148	/Callback function for ME operation/
149	static void
150	icp_ocfDrvModExpCallBack(void *callbackTag,
151	CpaStatus status,
152	void pOpData, CpaFlatBuffer pResult);
153
154	/Callback function for ME CRT operation/
155	static void
156	icp_ocfDrvModExpCRTCallBack(void *callbackTag,
157	CpaStatus status,
158	void pOpData, CpaFlatBuffer pOutputData);
159
160	/Callback function for DSA sign operation/
161	static void
162	icp_ocfDrvDsaRSSignCallBack(void *callbackTag,
163	CpaStatus status,
164	void *pOpData,
165	CpaBoolean protocolStatus,
166	CpaFlatBuffer * pR, CpaFlatBuffer * pS);
167
168	/Callback function for DSA Verify operation/
169	static void
170	icp_ocfDrvDsaVerifyCallBack(void *callbackTag,
171	CpaStatus status,
172	void *pOpData, CpaBoolean verifyStatus);
173
174	/* Name : icp_ocfDrvPkeProcess
175	*
176	* Description : This function will choose which PKE process to follow
177	* based on the input arguments
178	*/
179	int icp_ocfDrvPkeProcess(icp_device_t dev, struct cryptkop *krp, int hint)
180	{
181	CpaStatus lacStatus = CPA_STATUS_SUCCESS;
182
183	if (NULL == krp) {
184	DPRINTK("%s(): Invalid input parameters, cryptkop = %p\n",
185	__FUNCTION__, krp);
186	return EINVAL;
187	}
188
189	if (CPA_TRUE == icp_atomic_read(&icp_ocfDrvIsExiting)) {
190	krp->krp_status = ECANCELED;
191	return ECANCELED;
192	}
193
194	switch (krp->krp_op) {
195	case CRK_DH_COMPUTE_KEY:
196	DPRINTK("%s() doing DH_COMPUTE_KEY\n", __FUNCTION__);
197	lacStatus = icp_ocfDrvDHComputeKey(krp);
198	if (CPA_STATUS_SUCCESS != lacStatus) {
199	EPRINTK("%s(): icp_ocfDrvDHComputeKey failed "
200	"(%d).\n", __FUNCTION__, lacStatus);
201	krp->krp_status = ECANCELED;
202	return ECANCELED;
203	}
204
205	break;
206
207	case CRK_MOD_EXP:
208	DPRINTK("%s() doing MOD_EXP \n", __FUNCTION__);
209	lacStatus = icp_ocfDrvModExp(krp);
210	if (CPA_STATUS_SUCCESS != lacStatus) {
211	EPRINTK("%s(): icp_ocfDrvModExp failed (%d).\n",
212	__FUNCTION__, lacStatus);
213	krp->krp_status = ECANCELED;
214	return ECANCELED;
215	}
216
217	break;
218
219	case CRK_MOD_EXP_CRT:
220	DPRINTK("%s() doing MOD_EXP_CRT \n", __FUNCTION__);
221	lacStatus = icp_ocfDrvModExpCRT(krp);
222	if (CPA_STATUS_SUCCESS != lacStatus) {
223	EPRINTK("%s(): icp_ocfDrvModExpCRT "
224	"failed (%d).\n", __FUNCTION__, lacStatus);
225	krp->krp_status = ECANCELED;
226	return ECANCELED;
227	}
228
229	break;
230
231	case CRK_DSA_SIGN:
232	DPRINTK("%s() doing DSA_SIGN \n", __FUNCTION__);
233	lacStatus = icp_ocfDrvDsaSign(krp);
234	if (CPA_STATUS_SUCCESS != lacStatus) {
235	EPRINTK("%s(): icp_ocfDrvDsaSign "
236	"failed (%d).\n", __FUNCTION__, lacStatus);
237	krp->krp_status = ECANCELED;
238	return ECANCELED;
239	}
240
241	break;
242
243	case CRK_DSA_VERIFY:
244	DPRINTK("%s() doing DSA_VERIFY \n", __FUNCTION__);
245	lacStatus = icp_ocfDrvDsaVerify(krp);
246	if (CPA_STATUS_SUCCESS != lacStatus) {
247	EPRINTK("%s(): icp_ocfDrvDsaVerify "
248	"failed (%d).\n", __FUNCTION__, lacStatus);
249	krp->krp_status = ECANCELED;
250	return ECANCELED;
251	}
252
253	break;
254
255	default:
256	EPRINTK("%s(): Asymettric function not "
257	"supported (%d).\n", __FUNCTION__, krp->krp_op);
258	krp->krp_status = EOPNOTSUPP;
259	return EOPNOTSUPP;
260	}
261
262	return ICP_OCF_DRV_STATUS_SUCCESS;
263	}
264
265	/* Name : icp_ocfDrvSwapBytes
266	*
267	* Description : This function is used to swap the byte order of a buffer.
268	* It has been seen that in general we are passed little endian byte order
269	* buffers, but LAC only accepts big endian byte order buffers.
270	*/
271	static void inline icp_ocfDrvSwapBytes(u_int8_t * num, u_int32_t buff_len_bytes)
272	{
273
274	int i;
275	u_int8_t *end_ptr;
276	u_int8_t hold_val;
277
278	end_ptr = num + (buff_len_bytes - 1);
279	buff_len_bytes = buff_len_bytes >> 1;
280	for (i = 0; i < buff_len_bytes; i++) {
281	hold_val = *num;
282	num = end_ptr;
283	num++;
284	*end_ptr = hold_val;
285	end_ptr--;
286	}
287	}
288
289	/* Name : icp_ocfDrvDHComputeKey
290	*
291	* Description : This function will map Diffie Hellman calls from OCF
292	* to the LAC API. OCF uses this function for Diffie Hellman Phase1 and
293	* Phase2. LAC has a separate Diffie Hellman Phase2 call, however both phases
294	* break down to a modular exponentiation.
295	*/
296	static int icp_ocfDrvDHComputeKey(struct cryptkop *krp)
297	{
298	CpaStatus lacStatus = CPA_STATUS_SUCCESS;
299	void *callbackTag = NULL;
300	CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL;
301	CpaFlatBuffer *pLocalOctetStringPV = NULL;
302	uint32_t dh_prime_len_bytes = 0, dh_prime_len_bits = 0;
303
304	/* Input checks - check prime is a multiple of 8 bits to allow for
305	allocation later */
306	dh_prime_len_bits =
307	(krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_nbits);
308
309	/* LAC can reject prime lengths based on prime key sizes, we just
310	need to make sure we can allocate space for the base and
311	exponent buffers correctly */
312	if ((dh_prime_len_bits % NUM_BITS_IN_BYTE) != 0) {
313	APRINTK("%s(): Warning Prime number buffer size is not a "
314	"multiple of 8 bits\n", __FUNCTION__);
315	}
316
317	/* Result storage space should be the same size as the prime as this
318	value can take up the same amount of storage space */
319	if (dh_prime_len_bits !=
320	krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits) {
321	DPRINTK("%s(): Return Buffer must be the same size "
322	"as the Prime buffer\n", __FUNCTION__);
323	krp->krp_status = EINVAL;
324	return EINVAL;
325	}
326	/* Switch to size in bytes */
327	BITS_TO_BYTES(dh_prime_len_bytes, dh_prime_len_bits);
328
329	callbackTag = krp;
330
331	/*All allocations are set to ICP_M_NOWAIT due to the possibility of getting
332	called in interrupt context*/
333	pPhase1OpData = icp_kmem_cache_zalloc(drvDH_zone, ICP_M_NOWAIT);
334	if (NULL == pPhase1OpData) {
335	APRINTK("%s():Failed to get memory for key gen data\n",
336	__FUNCTION__);
337	krp->krp_status = ENOMEM;
338	return ENOMEM;
339	}
340
341	pLocalOctetStringPV =
342	icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
343	if (NULL == pLocalOctetStringPV) {
344	APRINTK("%s():Failed to get memory for pLocalOctetStringPV\n",
345	__FUNCTION__);
346	ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
347	krp->krp_status = ENOMEM;
348	return ENOMEM;
349	}
350
351	/* Link parameters */
352	pPhase1OpData->primeP.pData =
353	krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_p;
354
355	pPhase1OpData->primeP.dataLenInBytes = dh_prime_len_bytes;
356
357	icp_ocfDrvSwapBytes(pPhase1OpData->primeP.pData, dh_prime_len_bytes);
358
359	pPhase1OpData->baseG.pData =
360	krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_p;
361
362	BITS_TO_BYTES(pPhase1OpData->baseG.dataLenInBytes,
363	krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_nbits);
364
365	icp_ocfDrvSwapBytes(pPhase1OpData->baseG.pData,
366	pPhase1OpData->baseG.dataLenInBytes);
367
368	pPhase1OpData->privateValueX.pData =
369	krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX].crp_p;
370
371	BITS_TO_BYTES(pPhase1OpData->privateValueX.dataLenInBytes,
372	krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX].
373	crp_nbits);
374
375	icp_ocfDrvSwapBytes(pPhase1OpData->privateValueX.pData,
376	pPhase1OpData->privateValueX.dataLenInBytes);
377
378	/* Output parameters */
379	pLocalOctetStringPV->pData =
380	krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_p;
381
382	BITS_TO_BYTES(pLocalOctetStringPV->dataLenInBytes,
383	krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits);
384
385	lacStatus = cpaCyDhKeyGenPhase1(CPA_INSTANCE_HANDLE_SINGLE,
386	icp_ocfDrvDhP1CallBack,
387	callbackTag, pPhase1OpData,
388	pLocalOctetStringPV);
389
390	if (CPA_STATUS_SUCCESS != lacStatus) {
391	EPRINTK("%s(): DH Phase 1 Key Gen failed (%d).\n",
392	__FUNCTION__, lacStatus);
393	icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV);
394	ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
395	}
396
397	return lacStatus;
398	}
399
400	/* Name : icp_ocfDrvModExp
401	*
402	* Description : This function will map ordinary Modular Exponentiation calls
403	* from OCF to the LAC API.
404	*
405	*/
406	static int icp_ocfDrvModExp(struct cryptkop *krp)
407	{
408	CpaStatus lacStatus = CPA_STATUS_SUCCESS;
409	void *callbackTag = NULL;
410	CpaCyLnModExpOpData *pModExpOpData = NULL;
411	CpaFlatBuffer *pResult = NULL;
412
413	if ((krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits %
414	NUM_BITS_IN_BYTE) != 0) {
415	DPRINTK("%s(): Warning - modulus buffer size (%d) is not a "
416	"multiple of 8 bits\n", __FUNCTION__,
417	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].
418	crp_nbits);
419	}
420
421	/* Result storage space should be the same size as the prime as this
422	value can take up the same amount of storage space */
423	if (krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits >
424	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_nbits) {
425	APRINTK("%s(): Return Buffer size must be the same or"
426	" greater than the Modulus buffer\n", __FUNCTION__);
427	krp->krp_status = EINVAL;
428	return EINVAL;
429	}
430
431	callbackTag = krp;
432
433	pModExpOpData = icp_kmem_cache_zalloc(drvLnModExp_zone, ICP_M_NOWAIT);
434	if (NULL == pModExpOpData) {
435	APRINTK("%s():Failed to get memory for key gen data\n",
436	__FUNCTION__);
437	krp->krp_status = ENOMEM;
438	return ENOMEM;
439	}
440
441	pResult = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
442	if (NULL == pResult) {
443	APRINTK("%s():Failed to get memory for ModExp result\n",
444	__FUNCTION__);
445	ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData);
446	krp->krp_status = ENOMEM;
447	return ENOMEM;
448	}
449
450	/* Link parameters */
451	pModExpOpData->modulus.pData =
452	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_p;
453	BITS_TO_BYTES(pModExpOpData->modulus.dataLenInBytes,
454	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].
455	crp_nbits);
456
457	icp_ocfDrvSwapBytes(pModExpOpData->modulus.pData,
458	pModExpOpData->modulus.dataLenInBytes);
459
460	DPRINTK("%s : base (%d)\n", __FUNCTION__, krp->
461	krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_nbits);
462	pModExpOpData->base.pData =
463	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_p;
464	BITS_TO_BYTES(pModExpOpData->base.dataLenInBytes,
465	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].
466	crp_nbits);
467	icp_ocfDrvSwapBytes(pModExpOpData->base.pData,
468	pModExpOpData->base.dataLenInBytes);
469
470	pModExpOpData->exponent.pData =
471	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX].crp_p;
472	BITS_TO_BYTES(pModExpOpData->exponent.dataLenInBytes,
473	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX].
474	crp_nbits);
475
476	icp_ocfDrvSwapBytes(pModExpOpData->exponent.pData,
477	pModExpOpData->exponent.dataLenInBytes);
478	/* Output parameters */
479	pResult->pData =
480	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_p,
481	BITS_TO_BYTES(pResult->dataLenInBytes,
482	krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].
483	crp_nbits);
484
485	lacStatus = cpaCyLnModExp(CPA_INSTANCE_HANDLE_SINGLE,
486	icp_ocfDrvModExpCallBack,
487	callbackTag, pModExpOpData, pResult);
488
489	if (CPA_STATUS_SUCCESS != lacStatus) {
490	EPRINTK("%s(): Mod Exp Operation failed (%d).\n",
491	__FUNCTION__, lacStatus);
492	krp->krp_status = ECANCELED;
493	icp_ocfDrvFreeFlatBuffer(pResult);
494	ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData);
495	}
496
497	return lacStatus;
498	}
499
500	/* Name : icp_ocfDrvModExpCRT
501	*
502	* Description : This function will map ordinary Modular Exponentiation Chinese
503	* Remainder Theorem implementaion calls from OCF to the LAC API.
504	*
505	* Note : Mod Exp CRT for this driver is accelerated through LAC RSA type 2
506	* decrypt operation. Therefore P and Q input values must always be prime
507	* numbers. Although basic primality checks are done in LAC, it is up to the
508	* user to do any correct prime number checking before passing the inputs.
509	*/
510	static int icp_ocfDrvModExpCRT(struct cryptkop *krp)
511	{
512	CpaStatus lacStatus = CPA_STATUS_SUCCESS;
513	CpaCyRsaDecryptOpData *rsaDecryptOpData = NULL;
514	void *callbackTag = NULL;
515	CpaFlatBuffer *pOutputData = NULL;
516
517	/*Parameter input checks are all done by LAC, no need to repeat
518	them here. */
519	callbackTag = krp;
520
521	rsaDecryptOpData =
522	icp_kmem_cache_zalloc(drvRSADecrypt_zone, ICP_M_NOWAIT);
523	if (NULL == rsaDecryptOpData) {
524	APRINTK("%s():Failed to get memory"
525	" for MOD EXP CRT Op data struct\n", __FUNCTION__);
526	krp->krp_status = ENOMEM;
527	return ENOMEM;
528	}
529
530	rsaDecryptOpData->pRecipientPrivateKey
531	= icp_kmem_cache_zalloc(drvRSAPrivateKey_zone, ICP_M_NOWAIT);
532	if (NULL == rsaDecryptOpData->pRecipientPrivateKey) {
533	APRINTK("%s():Failed to get memory for MOD EXP CRT"
534	" private key values struct\n", __FUNCTION__);
535	ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
536	krp->krp_status = ENOMEM;
537	return ENOMEM;
538	}
539
540	rsaDecryptOpData->pRecipientPrivateKey->
541	version = CPA_CY_RSA_VERSION_TWO_PRIME;
542	rsaDecryptOpData->pRecipientPrivateKey->
543	privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2;
544
545	pOutputData = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
546	if (NULL == pOutputData) {
547	APRINTK("%s():Failed to get memory"
548	" for MOD EXP CRT output data\n", __FUNCTION__);
549	ICP_CACHE_FREE(drvRSAPrivateKey_zone,
550	rsaDecryptOpData->pRecipientPrivateKey);
551	ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
552	krp->krp_status = ENOMEM;
553	return ENOMEM;
554	}
555
556	rsaDecryptOpData->pRecipientPrivateKey->
557	version = CPA_CY_RSA_VERSION_TWO_PRIME;
558	rsaDecryptOpData->pRecipientPrivateKey->
559	privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2;
560
561	/* Link parameters */
562	rsaDecryptOpData->inputData.pData =
563	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX].crp_p;
564	BITS_TO_BYTES(rsaDecryptOpData->inputData.dataLenInBytes,
565	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX].
566	crp_nbits);
567
568	icp_ocfDrvSwapBytes(rsaDecryptOpData->inputData.pData,
569	rsaDecryptOpData->inputData.dataLenInBytes);
570
571	rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime1P.pData =
572	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX].crp_p;
573	BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
574	prime1P.dataLenInBytes,
575	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX].
576	crp_nbits);
577
578	icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
579	privateKeyRep2.prime1P.pData,
580	rsaDecryptOpData->pRecipientPrivateKey->
581	privateKeyRep2.prime1P.dataLenInBytes);
582
583	rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime2Q.pData =
584	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX].crp_p;
585	BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
586	prime2Q.dataLenInBytes,
587	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX].
588	crp_nbits);
589
590	icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
591	privateKeyRep2.prime2Q.pData,
592	rsaDecryptOpData->pRecipientPrivateKey->
593	privateKeyRep2.prime2Q.dataLenInBytes);
594
595	rsaDecryptOpData->pRecipientPrivateKey->
596	privateKeyRep2.exponent1Dp.pData =
597	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX].crp_p;
598	BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
599	exponent1Dp.dataLenInBytes,
600	krp->
601	krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX].
602	crp_nbits);
603
604	icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
605	privateKeyRep2.exponent1Dp.pData,
606	rsaDecryptOpData->pRecipientPrivateKey->
607	privateKeyRep2.exponent1Dp.dataLenInBytes);
608
609	rsaDecryptOpData->pRecipientPrivateKey->
610	privateKeyRep2.exponent2Dq.pData =
611	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX].crp_p;
612	BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->
613	privateKeyRep2.exponent2Dq.dataLenInBytes,
614	krp->
615	krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX].
616	crp_nbits);
617
618	icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
619	privateKeyRep2.exponent2Dq.pData,
620	rsaDecryptOpData->pRecipientPrivateKey->
621	privateKeyRep2.exponent2Dq.dataLenInBytes);
622
623	rsaDecryptOpData->pRecipientPrivateKey->
624	privateKeyRep2.coefficientQInv.pData =
625	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX].crp_p;
626	BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->
627	privateKeyRep2.coefficientQInv.dataLenInBytes,
628	krp->
629	krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX].
630	crp_nbits);
631
632	icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
633	privateKeyRep2.coefficientQInv.pData,
634	rsaDecryptOpData->pRecipientPrivateKey->
635	privateKeyRep2.coefficientQInv.dataLenInBytes);
636
637	/* Output Parameter */
638	pOutputData->pData =
639	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX].crp_p;
640	BITS_TO_BYTES(pOutputData->dataLenInBytes,
641	krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX].
642	crp_nbits);
643
644	lacStatus = cpaCyRsaDecrypt(CPA_INSTANCE_HANDLE_SINGLE,
645	icp_ocfDrvModExpCRTCallBack,
646	callbackTag, rsaDecryptOpData, pOutputData);
647
648	if (CPA_STATUS_SUCCESS != lacStatus) {
649	EPRINTK("%s(): Mod Exp CRT Operation failed (%d).\n",
650	__FUNCTION__, lacStatus);
651	krp->krp_status = ECANCELED;
652	icp_ocfDrvFreeFlatBuffer(pOutputData);
653	ICP_CACHE_FREE(drvRSAPrivateKey_zone,
654	rsaDecryptOpData->pRecipientPrivateKey);
655	ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
656	}
657
658	return lacStatus;
659	}
660
661	/* Name : icp_ocfDrvCheckALessThanB
662	*
663	* Description : This function will check whether the first argument is less
664	* than the second. It is used to check whether the DSA RS sign Random K
665	* value is less than the Prime Q value (as defined in the specification)
666	*
667	*/
668	static int
669	icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck)
670	{
671
672	uint8_t *MSB_K = pK->pData;
673	uint8_t *MSB_Q = pQ->pData;
674	uint32_t buffer_lengths_in_bytes = pQ->dataLenInBytes;
675
676	if (DONT_RUN_LESS_THAN_CHECK == *doCheck) {
677	return FAIL_A_IS_GREATER_THAN_B;
678	}
679
680	/*Check MSBs
681	if A == B, check next MSB
682	if A > B, return A_IS_GREATER_THAN_B
683	if A < B, return A_IS_LESS_THAN_B (success)
684	*/
685	while (MSB_K == MSB_Q) {
686	MSB_K++;
687	MSB_Q++;
688
689	buffer_lengths_in_bytes--;
690	if (0 == buffer_lengths_in_bytes) {
691	DPRINTK("%s() Buffers have equal value!!\n",
692	__FUNCTION__);
693	return FAIL_A_IS_EQUAL_TO_B;
694	}
695
696	}
697
698	if (MSB_K < MSB_Q) {
699	return SUCCESS_A_IS_LESS_THAN_B;
700	} else {
701	return FAIL_A_IS_GREATER_THAN_B;
702	}
703
704	}
705
706	/* Name : icp_ocfDrvDsaSign
707	*
708	* Description : This function will map DSA RS Sign from OCF to the LAC API.
709	*
710	* NOTE: From looking at OCF patch to OpenSSL and even the number of input
711	* parameters, OCF expects us to generate the random seed value. This value
712	* is generated and passed to LAC, however the number is discared in the
713	* callback and not returned to the user.
714	*/
715	static int icp_ocfDrvDsaSign(struct cryptkop *krp)
716	{
717	CpaStatus lacStatus = CPA_STATUS_SUCCESS;
718	CpaCyDsaRSSignOpData *dsaRsSignOpData = NULL;
719	void *callbackTag = NULL;
720	CpaCyRandGenOpData randGenOpData;
721	int primeQSizeInBytes = 0;
722	int doCheck = 0;
723	CpaFlatBuffer randData;
724	CpaBoolean protocolStatus = CPA_FALSE;
725	CpaFlatBuffer *pR = NULL;
726	CpaFlatBuffer *pS = NULL;
727
728	callbackTag = krp;
729
730	BITS_TO_BYTES(primeQSizeInBytes,
731	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].
732	crp_nbits);
733
734	if (DSA_RS_SIGN_PRIMEQ_SIZE_IN_BYTES != primeQSizeInBytes) {
735	APRINTK("%s(): DSA PRIME Q size not equal to the "
736	"FIPS defined 20bytes, = %d\n",
737	__FUNCTION__, primeQSizeInBytes);
738	krp->krp_status = EDOM;
739	return EDOM;
740	}
741
742	dsaRsSignOpData =
743	icp_kmem_cache_zalloc(drvDSARSSign_zone, ICP_M_NOWAIT);
744	if (NULL == dsaRsSignOpData) {
745	APRINTK("%s():Failed to get memory"
746	" for DSA RS Sign Op data struct\n", __FUNCTION__);
747	krp->krp_status = ENOMEM;
748	return ENOMEM;
749	}
750
751	dsaRsSignOpData->K.pData =
752	icp_kmem_cache_alloc(drvDSARSSignKValue_zone, ICP_M_NOWAIT);
753
754	if (NULL == dsaRsSignOpData->K.pData) {
755	APRINTK("%s():Failed to get memory"
756	" for DSA RS Sign Op Random value\n", __FUNCTION__);
757	ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
758	krp->krp_status = ENOMEM;
759	return ENOMEM;
760	}
761
762	pR = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
763	if (NULL == pR) {
764	APRINTK("%s():Failed to get memory"
765	" for DSA signature R\n", __FUNCTION__);
766	ICP_CACHE_FREE(drvDSARSSignKValue_zone,
767	dsaRsSignOpData->K.pData);
768	ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
769	krp->krp_status = ENOMEM;
770	return ENOMEM;
771	}
772
773	pS = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
774	if (NULL == pS) {
775	APRINTK("%s():Failed to get memory"
776	" for DSA signature S\n", __FUNCTION__);
777	icp_ocfDrvFreeFlatBuffer(pR);
778	ICP_CACHE_FREE(drvDSARSSignKValue_zone,
779	dsaRsSignOpData->K.pData);
780	ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
781	krp->krp_status = ENOMEM;
782	return ENOMEM;
783	}
784
785	/link prime number parameter for ease of processing /
786	dsaRsSignOpData->P.pData =
787	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX].crp_p;
788	BITS_TO_BYTES(dsaRsSignOpData->P.dataLenInBytes,
789	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX].
790	crp_nbits);
791
792	icp_ocfDrvSwapBytes(dsaRsSignOpData->P.pData,
793	dsaRsSignOpData->P.dataLenInBytes);
794
795	dsaRsSignOpData->Q.pData =
796	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].crp_p;
797	BITS_TO_BYTES(dsaRsSignOpData->Q.dataLenInBytes,
798	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].
799	crp_nbits);
800
801	icp_ocfDrvSwapBytes(dsaRsSignOpData->Q.pData,
802	dsaRsSignOpData->Q.dataLenInBytes);
803
804	/*generate random number with equal buffer size to Prime value Q,
805	but value less than Q */
806	dsaRsSignOpData->K.dataLenInBytes = dsaRsSignOpData->Q.dataLenInBytes;
807
808	randGenOpData.generateBits = CPA_TRUE;
809	randGenOpData.lenInBytes = dsaRsSignOpData->K.dataLenInBytes;
810
811	icp_ocfDrvPtrAndLenToFlatBuffer(dsaRsSignOpData->K.pData,
812	dsaRsSignOpData->K.dataLenInBytes,
813	&randData);
814
815	doCheck = 0;
816	while (icp_ocfDrvCheckALessThanB(&(dsaRsSignOpData->K),
817	&(dsaRsSignOpData->Q), &doCheck)) {
818
819	if (CPA_STATUS_SUCCESS
820	!= cpaCyRandGen(CPA_INSTANCE_HANDLE_SINGLE,
821	NULL, NULL, &randGenOpData, &randData)) {
822	APRINTK("%s(): ERROR - Failed to generate DSA RS Sign K"
823	"value\n", __FUNCTION__);
824	icp_ocfDrvFreeFlatBuffer(pS);
825	icp_ocfDrvFreeFlatBuffer(pR);
826	ICP_CACHE_FREE(drvDSARSSignKValue_zone,
827	dsaRsSignOpData->K.pData);
828	ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
829	krp->krp_status = EAGAIN;
830	return EAGAIN;
831	}
832
833	doCheck++;
834	if (DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS == doCheck) {
835	APRINTK("%s(): ERROR - Failed to find DSA RS Sign K "
836	"value less than Q value\n", __FUNCTION__);
837	icp_ocfDrvFreeFlatBuffer(pS);
838	icp_ocfDrvFreeFlatBuffer(pR);
839	ICP_CACHE_FREE(drvDSARSSignKValue_zone,
840	dsaRsSignOpData->K.pData);
841	ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
842	krp->krp_status = EAGAIN;
843	return EAGAIN;
844	}
845
846	}
847	/Rand Data - no need to swap bytes for pK /
848
849	/* Link parameters */
850	dsaRsSignOpData->G.pData =
851	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_p;
852	BITS_TO_BYTES(dsaRsSignOpData->G.dataLenInBytes,
853	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_nbits);
854
855	icp_ocfDrvSwapBytes(dsaRsSignOpData->G.pData,
856	dsaRsSignOpData->G.dataLenInBytes);
857
858	dsaRsSignOpData->X.pData =
859	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_p;
860	BITS_TO_BYTES(dsaRsSignOpData->X.dataLenInBytes,
861	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_nbits);
862	icp_ocfDrvSwapBytes(dsaRsSignOpData->X.pData,
863	dsaRsSignOpData->X.dataLenInBytes);
864
865	/*OpenSSL dgst parameter is left in big endian byte order,
866	therefore no byte swap is required */
867	dsaRsSignOpData->M.pData =
868	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX].crp_p;
869	BITS_TO_BYTES(dsaRsSignOpData->M.dataLenInBytes,
870	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX].
871	crp_nbits);
872
873	/* Output Parameters */
874	pS->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX].crp_p;
875	BITS_TO_BYTES(pS->dataLenInBytes,
876	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX].
877	crp_nbits);
878
879	pR->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX].crp_p;
880	BITS_TO_BYTES(pR->dataLenInBytes,
881	krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX].
882	crp_nbits);
883
884	lacStatus = cpaCyDsaSignRS(CPA_INSTANCE_HANDLE_SINGLE,
885	icp_ocfDrvDsaRSSignCallBack,
886	callbackTag, dsaRsSignOpData,
887	&protocolStatus, pR, pS);
888
889	if (CPA_STATUS_SUCCESS != lacStatus) {
890	EPRINTK("%s(): DSA RS Sign Operation failed (%d).\n",
891	__FUNCTION__, lacStatus);
892	krp->krp_status = ECANCELED;
893	icp_ocfDrvFreeFlatBuffer(pS);
894	icp_ocfDrvFreeFlatBuffer(pR);
895	ICP_CACHE_FREE(drvDSARSSignKValue_zone,
896	dsaRsSignOpData->K.pData);
897	ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
898	}
899
900	return lacStatus;
901	}
902
903	/* Name : icp_ocfDrvDsaVerify
904	*
905	* Description : This function will map DSA RS Verify from OCF to the LAC API.
906	*
907	*/
908	static int icp_ocfDrvDsaVerify(struct cryptkop *krp)
909	{
910	CpaStatus lacStatus = CPA_STATUS_SUCCESS;
911	CpaCyDsaVerifyOpData *dsaVerifyOpData = NULL;
912	void *callbackTag = NULL;
913	CpaBoolean verifyStatus = CPA_FALSE;
914
915	callbackTag = krp;
916
917	dsaVerifyOpData =
918	icp_kmem_cache_zalloc(drvDSAVerify_zone, ICP_M_NOWAIT);
919	if (NULL == dsaVerifyOpData) {
920	APRINTK("%s():Failed to get memory"
921	" for DSA Verify Op data struct\n", __FUNCTION__);
922	krp->krp_status = ENOMEM;
923	return ENOMEM;
924	}
925
926	/* Link parameters */
927	dsaVerifyOpData->P.pData =
928	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX].crp_p;
929	BITS_TO_BYTES(dsaVerifyOpData->P.dataLenInBytes,
930	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX].
931	crp_nbits);
932	icp_ocfDrvSwapBytes(dsaVerifyOpData->P.pData,
933	dsaVerifyOpData->P.dataLenInBytes);
934
935	dsaVerifyOpData->Q.pData =
936	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX].crp_p;
937	BITS_TO_BYTES(dsaVerifyOpData->Q.dataLenInBytes,
938	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX].
939	crp_nbits);
940	icp_ocfDrvSwapBytes(dsaVerifyOpData->Q.pData,
941	dsaVerifyOpData->Q.dataLenInBytes);
942
943	dsaVerifyOpData->G.pData =
944	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX].crp_p;
945	BITS_TO_BYTES(dsaVerifyOpData->G.dataLenInBytes,
946	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX].
947	crp_nbits);
948	icp_ocfDrvSwapBytes(dsaVerifyOpData->G.pData,
949	dsaVerifyOpData->G.dataLenInBytes);
950
951	dsaVerifyOpData->Y.pData =
952	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX].crp_p;
953	BITS_TO_BYTES(dsaVerifyOpData->Y.dataLenInBytes,
954	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX].
955	crp_nbits);
956	icp_ocfDrvSwapBytes(dsaVerifyOpData->Y.pData,
957	dsaVerifyOpData->Y.dataLenInBytes);
958
959	/*OpenSSL dgst parameter is left in big endian byte order,
960	therefore no byte swap is required */
961	dsaVerifyOpData->M.pData =
962	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX].crp_p;
963	BITS_TO_BYTES(dsaVerifyOpData->M.dataLenInBytes,
964	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX].
965	crp_nbits);
966
967	dsaVerifyOpData->R.pData =
968	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX].crp_p;
969	BITS_TO_BYTES(dsaVerifyOpData->R.dataLenInBytes,
970	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX].
971	crp_nbits);
972	icp_ocfDrvSwapBytes(dsaVerifyOpData->R.pData,
973	dsaVerifyOpData->R.dataLenInBytes);
974
975	dsaVerifyOpData->S.pData =
976	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX].crp_p;
977	BITS_TO_BYTES(dsaVerifyOpData->S.dataLenInBytes,
978	krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX].
979	crp_nbits);
980	icp_ocfDrvSwapBytes(dsaVerifyOpData->S.pData,
981	dsaVerifyOpData->S.dataLenInBytes);
982
983	lacStatus = cpaCyDsaVerify(CPA_INSTANCE_HANDLE_SINGLE,
984	icp_ocfDrvDsaVerifyCallBack,
985	callbackTag, dsaVerifyOpData, &verifyStatus);
986
987	if (CPA_STATUS_SUCCESS != lacStatus) {
988	EPRINTK("%s(): DSA Verify Operation failed (%d).\n",
989	__FUNCTION__, lacStatus);
990	ICP_CACHE_FREE(drvDSAVerify_zone, dsaVerifyOpData);
991	krp->krp_status = ECANCELED;
992	}
993
994	return lacStatus;
995	}
996
997	/* Name : icp_ocfDrvDhP1Callback
998	*
999	* Description : When this function returns it signifies that the LAC
1000	* component has completed the DH operation.
1001	*/
1002	static void
1003	icp_ocfDrvDhP1CallBack(void *callbackTag,
1004	CpaStatus status,
1005	void pOpData, CpaFlatBuffer pLocalOctetStringPV)
1006	{
1007	struct cryptkop *krp = NULL;
1008	CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL;
1009
1010	if (NULL == callbackTag) {
1011	DPRINTK("%s(): Invalid input parameters - "
1012	"callbackTag data is NULL\n", __FUNCTION__);
1013	return;
1014	}
1015	krp = (struct cryptkop *)callbackTag;
1016
1017	if (NULL == pOpData) {
1018	DPRINTK("%s(): Invalid input parameters - "
1019	"Operation Data is NULL\n", __FUNCTION__);
1020	krp->krp_status = ECANCELED;
1021	crypto_kdone(krp);
1022	return;
1023	}
1024	pPhase1OpData = (CpaCyDhPhase1KeyGenOpData *) pOpData;
1025
1026	if (NULL == pLocalOctetStringPV) {
1027	DPRINTK("%s(): Invalid input parameters - "
1028	"pLocalOctetStringPV Data is NULL\n", __FUNCTION__);
1029	memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData));
1030	ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
1031	krp->krp_status = ECANCELED;
1032	crypto_kdone(krp);
1033	return;
1034	}
1035
1036	if (CPA_STATUS_SUCCESS == status) {
1037	krp->krp_status = CRYPTO_OP_SUCCESS;
1038	} else {
1039	APRINTK("%s(): Diffie Hellman Phase1 Key Gen failed - "
1040	"Operation Status = %d\n", __FUNCTION__, status);
1041	krp->krp_status = ECANCELED;
1042	}
1043
1044	icp_ocfDrvSwapBytes(pLocalOctetStringPV->pData,
1045	pLocalOctetStringPV->dataLenInBytes);
1046
1047	icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV);
1048	memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData));
1049	ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
1050
1051	crypto_kdone(krp);
1052
1053	return;
1054	}
1055
1056	/* Name : icp_ocfDrvModExpCallBack
1057	*
1058	* Description : When this function returns it signifies that the LAC
1059	* component has completed the Mod Exp operation.
1060	*/
1061	static void
1062	icp_ocfDrvModExpCallBack(void *callbackTag,
1063	CpaStatus status,
1064	void pOpdata, CpaFlatBuffer pResult)
1065	{
1066	struct cryptkop *krp = NULL;
1067	CpaCyLnModExpOpData *pLnModExpOpData = NULL;
1068
1069	if (NULL == callbackTag) {
1070	DPRINTK("%s(): Invalid input parameters - "
1071	"callbackTag data is NULL\n", __FUNCTION__);
1072	return;
1073	}
1074	krp = (struct cryptkop *)callbackTag;
1075
1076	if (NULL == pOpdata) {
1077	DPRINTK("%s(): Invalid Mod Exp input parameters - "
1078	"Operation Data is NULL\n", __FUNCTION__);
1079	krp->krp_status = ECANCELED;
1080	crypto_kdone(krp);
1081	return;
1082	}
1083	pLnModExpOpData = (CpaCyLnModExpOpData *) pOpdata;
1084
1085	if (NULL == pResult) {
1086	DPRINTK("%s(): Invalid input parameters - "
1087	"pResult data is NULL\n", __FUNCTION__);
1088	krp->krp_status = ECANCELED;
1089	memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData));
1090	ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData);
1091	crypto_kdone(krp);
1092	return;
1093	}
1094
1095	if (CPA_STATUS_SUCCESS == status) {
1096	krp->krp_status = CRYPTO_OP_SUCCESS;
1097	} else {
1098	APRINTK("%s(): LAC Mod Exp Operation failed - "
1099	"Operation Status = %d\n", __FUNCTION__, status);
1100	krp->krp_status = ECANCELED;
1101	}
1102
1103	icp_ocfDrvSwapBytes(pResult->pData, pResult->dataLenInBytes);
1104
1105	/switch base size value back to original /
1106	if (pLnModExpOpData->base.pData ==
1107	(uint8_t *) & (krp->
1108	krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].
1109	crp_nbits)) {
1110	((uint32_t ) pLnModExpOpData->base.pData) =
1111	ntohl(((uint32_t ) pLnModExpOpData->base.pData));
1112	}
1113	icp_ocfDrvFreeFlatBuffer(pResult);
1114	memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData));
1115	ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData);
1116
1117	crypto_kdone(krp);
1118
1119	return;
1120
1121	}
1122
1123	/* Name : icp_ocfDrvModExpCRTCallBack
1124	*
1125	* Description : When this function returns it signifies that the LAC
1126	* component has completed the Mod Exp CRT operation.
1127	*/
1128	static void
1129	icp_ocfDrvModExpCRTCallBack(void *callbackTag,
1130	CpaStatus status,
1131	void pOpData, CpaFlatBuffer pOutputData)
1132	{
1133	struct cryptkop *krp = NULL;
1134	CpaCyRsaDecryptOpData *pDecryptData = NULL;
1135
1136	if (NULL == callbackTag) {
1137	DPRINTK("%s(): Invalid input parameters - "
1138	"callbackTag data is NULL\n", __FUNCTION__);
1139	return;
1140	}
1141
1142	krp = (struct cryptkop *)callbackTag;
1143
1144	if (NULL == pOpData) {
1145	DPRINTK("%s(): Invalid input parameters - "
1146	"Operation Data is NULL\n", __FUNCTION__);
1147	krp->krp_status = ECANCELED;
1148	crypto_kdone(krp);
1149	return;
1150	}
1151	pDecryptData = (CpaCyRsaDecryptOpData *) pOpData;
1152
1153	if (NULL == pOutputData) {
1154	DPRINTK("%s(): Invalid input parameter - "
1155	"pOutputData is NULL\n", __FUNCTION__);
1156	memset(pDecryptData->pRecipientPrivateKey, 0,
1157	sizeof(CpaCyRsaPrivateKey));
1158	ICP_CACHE_FREE(drvRSAPrivateKey_zone,
1159	pDecryptData->pRecipientPrivateKey);
1160	memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData));
1161	ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData);
1162	krp->krp_status = ECANCELED;
1163	crypto_kdone(krp);
1164	return;
1165	}
1166
1167	if (CPA_STATUS_SUCCESS == status) {
1168	krp->krp_status = CRYPTO_OP_SUCCESS;
1169	} else {
1170	APRINTK("%s(): LAC Mod Exp CRT operation failed - "
1171	"Operation Status = %d\n", __FUNCTION__, status);
1172	krp->krp_status = ECANCELED;
1173	}
1174
1175	icp_ocfDrvSwapBytes(pOutputData->pData, pOutputData->dataLenInBytes);
1176
1177	icp_ocfDrvFreeFlatBuffer(pOutputData);
1178	memset(pDecryptData->pRecipientPrivateKey, 0,
1179	sizeof(CpaCyRsaPrivateKey));
1180	ICP_CACHE_FREE(drvRSAPrivateKey_zone,
1181	pDecryptData->pRecipientPrivateKey);
1182	memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData));
1183	ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData);
1184
1185	crypto_kdone(krp);
1186
1187	return;
1188	}
1189
1190	/* Name : icp_ocfDrvDsaRSSignCallBack
1191	*
1192	* Description : When this function returns it signifies that the LAC
1193	* component has completed the DSA RS sign operation.
1194	*/
1195	static void
1196	icp_ocfDrvDsaRSSignCallBack(void *callbackTag,
1197	CpaStatus status,
1198	void *pOpData,
1199	CpaBoolean protocolStatus,
1200	CpaFlatBuffer * pR, CpaFlatBuffer * pS)
1201	{
1202	struct cryptkop *krp = NULL;
1203	CpaCyDsaRSSignOpData *pSignData = NULL;
1204
1205	if (NULL == callbackTag) {
1206	DPRINTK("%s(): Invalid input parameters - "
1207	"callbackTag data is NULL\n", __FUNCTION__);
1208	return;
1209	}
1210
1211	krp = (struct cryptkop *)callbackTag;
1212
1213	if (NULL == pOpData) {
1214	DPRINTK("%s(): Invalid input parameters - "
1215	"Operation Data is NULL\n", __FUNCTION__);
1216	krp->krp_status = ECANCELED;
1217	crypto_kdone(krp);
1218	return;
1219	}
1220	pSignData = (CpaCyDsaRSSignOpData *) pOpData;
1221
1222	if (NULL == pR) {
1223	DPRINTK("%s(): Invalid input parameter - "
1224	"pR sign is NULL\n", __FUNCTION__);
1225	icp_ocfDrvFreeFlatBuffer(pS);
1226	ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1227	krp->krp_status = ECANCELED;
1228	crypto_kdone(krp);
1229	return;
1230	}
1231
1232	if (NULL == pS) {
1233	DPRINTK("%s(): Invalid input parameter - "
1234	"pS sign is NULL\n", __FUNCTION__);
1235	icp_ocfDrvFreeFlatBuffer(pR);
1236	ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1237	krp->krp_status = ECANCELED;
1238	crypto_kdone(krp);
1239	return;
1240	}
1241
1242	if (CPA_STATUS_SUCCESS != status) {
1243	APRINTK("%s(): LAC DSA RS Sign operation failed - "
1244	"Operation Status = %d\n", __FUNCTION__, status);
1245	krp->krp_status = ECANCELED;
1246	} else {
1247	krp->krp_status = CRYPTO_OP_SUCCESS;
1248
1249	if (CPA_TRUE != protocolStatus) {
1250	DPRINTK("%s(): LAC DSA RS Sign operation failed due "
1251	"to protocol error\n", __FUNCTION__);
1252	krp->krp_status = EIO;
1253	}
1254	}
1255
1256	/* Swap bytes only when the callback status is successful and
1257	protocolStatus is set to true */
1258	if (CPA_STATUS_SUCCESS == status && CPA_TRUE == protocolStatus) {
1259	icp_ocfDrvSwapBytes(pR->pData, pR->dataLenInBytes);
1260	icp_ocfDrvSwapBytes(pS->pData, pS->dataLenInBytes);
1261	}
1262
1263	icp_ocfDrvFreeFlatBuffer(pR);
1264	icp_ocfDrvFreeFlatBuffer(pS);
1265	memset(pSignData->K.pData, 0, pSignData->K.dataLenInBytes);
1266	ICP_CACHE_FREE(drvDSARSSignKValue_zone, pSignData->K.pData);
1267	memset(pSignData, 0, sizeof(CpaCyDsaRSSignOpData));
1268	ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1269	crypto_kdone(krp);
1270
1271	return;
1272	}
1273
1274	/* Name : icp_ocfDrvDsaVerifyCallback
1275	*
1276	* Description : When this function returns it signifies that the LAC
1277	* component has completed the DSA Verify operation.
1278	*/
1279	static void
1280	icp_ocfDrvDsaVerifyCallBack(void *callbackTag,
1281	CpaStatus status,
1282	void *pOpData, CpaBoolean verifyStatus)
1283	{
1284
1285	struct cryptkop *krp = NULL;
1286	CpaCyDsaVerifyOpData *pVerData = NULL;
1287
1288	if (NULL == callbackTag) {
1289	DPRINTK("%s(): Invalid input parameters - "
1290	"callbackTag data is NULL\n", __FUNCTION__);
1291	return;
1292	}
1293
1294	krp = (struct cryptkop *)callbackTag;
1295
1296	if (NULL == pOpData) {
1297	DPRINTK("%s(): Invalid input parameters - "
1298	"Operation Data is NULL\n", __FUNCTION__);
1299	krp->krp_status = ECANCELED;
1300	crypto_kdone(krp);
1301	return;
1302	}
1303	pVerData = (CpaCyDsaVerifyOpData *) pOpData;
1304
1305	if (CPA_STATUS_SUCCESS != status) {
1306	APRINTK("%s(): LAC DSA Verify operation failed - "
1307	"Operation Status = %d\n", __FUNCTION__, status);
1308	krp->krp_status = ECANCELED;
1309	} else {
1310	krp->krp_status = CRYPTO_OP_SUCCESS;
1311
1312	if (CPA_TRUE != verifyStatus) {
1313	DPRINTK("%s(): DSA signature invalid\n", __FUNCTION__);
1314	krp->krp_status = EIO;
1315	}
1316	}
1317
1318	/* Swap bytes only when the callback status is successful and
1319	verifyStatus is set to true */
1320	/*Just swapping back the key values for now. Possibly all
1321	swapped buffers need to be reverted */
1322	if (CPA_STATUS_SUCCESS == status && CPA_TRUE == verifyStatus) {
1323	icp_ocfDrvSwapBytes(pVerData->R.pData,
1324	pVerData->R.dataLenInBytes);
1325	icp_ocfDrvSwapBytes(pVerData->S.pData,
1326	pVerData->S.dataLenInBytes);
1327	}
1328
1329	memset(pVerData, 0, sizeof(CpaCyDsaVerifyOpData));
1330	ICP_CACHE_FREE(drvDSAVerify_zone, pVerData);
1331	crypto_kdone(krp);
1332
1333	return;
1334	}
1335

Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl

OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/target/linux/generic/files/crypto/ocf/ep80579/icp_asym.c

interactive