Root/target/linux/generic/files/crypto/ocf/ep80579/icp_asym.c

1/***************************************************************************
2 *
3 * This file is provided under a dual BSD/GPLv2 license. When using or
4 * redistributing this file, you may do so under either license.
5 *
6 * GPL LICENSE SUMMARY
7 *
8 * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of version 2 of the GNU General Public License as
12 * published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
22 * The full GNU General Public License is included in this distribution
23 * in the file called LICENSE.GPL.
24 *
25 * Contact Information:
26 * Intel Corporation
27 *
28 * BSD LICENSE
29 *
30 * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 *
37 * * Redistributions of source code must retain the above copyright
38 * notice, this list of conditions and the following disclaimer.
39 * * Redistributions in binary form must reproduce the above copyright
40 * notice, this list of conditions and the following disclaimer in
41 * the documentation and/or other materials provided with the
42 * distribution.
43 * * Neither the name of Intel Corporation nor the names of its
44 * contributors may be used to endorse or promote products derived
45 * from this software without specific prior written permission.
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
48 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
49 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
50 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
51 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
52 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
53 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
54 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
55 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
56 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
57 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
58 *
59 *
60 * version: Security.L.1.0.2-229
61 *
62 ***************************************************************************/
63
64#include "icp_ocf.h"
65
66/*The following define values (containing the word 'INDEX') are used to find
67the index of each input buffer of the crypto_kop struct (see OCF cryptodev.h).
68These values were found through analysis of the OCF OpenSSL patch. If the
69calling program uses different input buffer positions, these defines will have
70to be changed.*/
71
72/*DIFFIE HELLMAN buffer index values*/
73#define ICP_DH_KRP_PARAM_PRIME_INDEX (0)
74#define ICP_DH_KRP_PARAM_BASE_INDEX (1)
75#define ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX (2)
76#define ICP_DH_KRP_PARAM_RESULT_INDEX (3)
77
78/*MOD EXP buffer index values*/
79#define ICP_MOD_EXP_KRP_PARAM_BASE_INDEX (0)
80#define ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX (1)
81#define ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX (2)
82#define ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX (3)
83
84/*MOD EXP CRT buffer index values*/
85#define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX (0)
86#define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX (1)
87#define ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX (2)
88#define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX (3)
89#define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX (4)
90#define ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX (5)
91#define ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX (6)
92
93/*DSA sign buffer index values*/
94#define ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX (0)
95#define ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX (1)
96#define ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX (2)
97#define ICP_DSA_SIGN_KRP_PARAM_G_INDEX (3)
98#define ICP_DSA_SIGN_KRP_PARAM_X_INDEX (4)
99#define ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX (5)
100#define ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX (6)
101
102/*DSA verify buffer index values*/
103#define ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX (0)
104#define ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX (1)
105#define ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX (2)
106#define ICP_DSA_VERIFY_KRP_PARAM_G_INDEX (3)
107#define ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX (4)
108#define ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX (5)
109#define ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX (6)
110
111/*DSA sign prime Q vs random number K size check values*/
112#define DONT_RUN_LESS_THAN_CHECK (0)
113#define FAIL_A_IS_GREATER_THAN_B (1)
114#define FAIL_A_IS_EQUAL_TO_B (1)
115#define SUCCESS_A_IS_LESS_THAN_B (0)
116#define DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS (500)
117
118/* We need to set a cryptokp success value just in case it is set or allocated
119   and not set to zero outside of this module */
120#define CRYPTO_OP_SUCCESS (0)
121
122/*Function to compute Diffie Hellman (DH) phase 1 or phase 2 key values*/
123static int icp_ocfDrvDHComputeKey(struct cryptkop *krp);
124
125/*Function to compute a Modular Exponentiation (Mod Exp)*/
126static int icp_ocfDrvModExp(struct cryptkop *krp);
127
128/*Function to compute a Mod Exp using the Chinease Remainder Theorem*/
129static int icp_ocfDrvModExpCRT(struct cryptkop *krp);
130
131/*Helper function to compute whether the first big number argument is less than
132 the second big number argument */
133static int
134icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck);
135
136/*Function to sign an input with DSA R and S keys*/
137static int icp_ocfDrvDsaSign(struct cryptkop *krp);
138
139/*Function to Verify a DSA buffer signature*/
140static int icp_ocfDrvDsaVerify(struct cryptkop *krp);
141
142/*Callback function for DH operation*/
143static void
144icp_ocfDrvDhP1CallBack(void *callbackTag,
145               CpaStatus status,
146               void *pOpData, CpaFlatBuffer * pLocalOctetStringPV);
147
148/*Callback function for ME operation*/
149static void
150icp_ocfDrvModExpCallBack(void *callbackTag,
151             CpaStatus status,
152             void *pOpData, CpaFlatBuffer * pResult);
153
154/*Callback function for ME CRT operation*/
155static void
156icp_ocfDrvModExpCRTCallBack(void *callbackTag,
157                CpaStatus status,
158                void *pOpData, CpaFlatBuffer * pOutputData);
159
160/*Callback function for DSA sign operation*/
161static void
162icp_ocfDrvDsaRSSignCallBack(void *callbackTag,
163                CpaStatus status,
164                void *pOpData,
165                CpaBoolean protocolStatus,
166                CpaFlatBuffer * pR, CpaFlatBuffer * pS);
167
168/*Callback function for DSA Verify operation*/
169static void
170icp_ocfDrvDsaVerifyCallBack(void *callbackTag,
171                CpaStatus status,
172                void *pOpData, CpaBoolean verifyStatus);
173
174/* Name : icp_ocfDrvPkeProcess
175 *
176 * Description : This function will choose which PKE process to follow
177 * based on the input arguments
178 */
179int icp_ocfDrvPkeProcess(icp_device_t dev, struct cryptkop *krp, int hint)
180{
181    CpaStatus lacStatus = CPA_STATUS_SUCCESS;
182
183    if (NULL == krp) {
184        DPRINTK("%s(): Invalid input parameters, cryptkop = %p\n",
185            __FUNCTION__, krp);
186        return EINVAL;
187    }
188
189    if (CPA_TRUE == icp_atomic_read(&icp_ocfDrvIsExiting)) {
190        krp->krp_status = ECANCELED;
191        return ECANCELED;
192    }
193
194    switch (krp->krp_op) {
195    case CRK_DH_COMPUTE_KEY:
196        DPRINTK("%s() doing DH_COMPUTE_KEY\n", __FUNCTION__);
197        lacStatus = icp_ocfDrvDHComputeKey(krp);
198        if (CPA_STATUS_SUCCESS != lacStatus) {
199            EPRINTK("%s(): icp_ocfDrvDHComputeKey failed "
200                "(%d).\n", __FUNCTION__, lacStatus);
201            krp->krp_status = ECANCELED;
202            return ECANCELED;
203        }
204
205        break;
206
207    case CRK_MOD_EXP:
208        DPRINTK("%s() doing MOD_EXP \n", __FUNCTION__);
209        lacStatus = icp_ocfDrvModExp(krp);
210        if (CPA_STATUS_SUCCESS != lacStatus) {
211            EPRINTK("%s(): icp_ocfDrvModExp failed (%d).\n",
212                __FUNCTION__, lacStatus);
213            krp->krp_status = ECANCELED;
214            return ECANCELED;
215        }
216
217        break;
218
219    case CRK_MOD_EXP_CRT:
220        DPRINTK("%s() doing MOD_EXP_CRT \n", __FUNCTION__);
221        lacStatus = icp_ocfDrvModExpCRT(krp);
222        if (CPA_STATUS_SUCCESS != lacStatus) {
223            EPRINTK("%s(): icp_ocfDrvModExpCRT "
224                "failed (%d).\n", __FUNCTION__, lacStatus);
225            krp->krp_status = ECANCELED;
226            return ECANCELED;
227        }
228
229        break;
230
231    case CRK_DSA_SIGN:
232        DPRINTK("%s() doing DSA_SIGN \n", __FUNCTION__);
233        lacStatus = icp_ocfDrvDsaSign(krp);
234        if (CPA_STATUS_SUCCESS != lacStatus) {
235            EPRINTK("%s(): icp_ocfDrvDsaSign "
236                "failed (%d).\n", __FUNCTION__, lacStatus);
237            krp->krp_status = ECANCELED;
238            return ECANCELED;
239        }
240
241        break;
242
243    case CRK_DSA_VERIFY:
244        DPRINTK("%s() doing DSA_VERIFY \n", __FUNCTION__);
245        lacStatus = icp_ocfDrvDsaVerify(krp);
246        if (CPA_STATUS_SUCCESS != lacStatus) {
247            EPRINTK("%s(): icp_ocfDrvDsaVerify "
248                "failed (%d).\n", __FUNCTION__, lacStatus);
249            krp->krp_status = ECANCELED;
250            return ECANCELED;
251        }
252
253        break;
254
255    default:
256        EPRINTK("%s(): Asymettric function not "
257            "supported (%d).\n", __FUNCTION__, krp->krp_op);
258        krp->krp_status = EOPNOTSUPP;
259        return EOPNOTSUPP;
260    }
261
262    return ICP_OCF_DRV_STATUS_SUCCESS;
263}
264
265/* Name : icp_ocfDrvSwapBytes
266 *
267 * Description : This function is used to swap the byte order of a buffer.
268 * It has been seen that in general we are passed little endian byte order
269 * buffers, but LAC only accepts big endian byte order buffers.
270 */
271static void inline icp_ocfDrvSwapBytes(u_int8_t * num, u_int32_t buff_len_bytes)
272{
273
274    int i;
275    u_int8_t *end_ptr;
276    u_int8_t hold_val;
277
278    end_ptr = num + (buff_len_bytes - 1);
279    buff_len_bytes = buff_len_bytes >> 1;
280    for (i = 0; i < buff_len_bytes; i++) {
281        hold_val = *num;
282        *num = *end_ptr;
283        num++;
284        *end_ptr = hold_val;
285        end_ptr--;
286    }
287}
288
289/* Name : icp_ocfDrvDHComputeKey
290 *
291 * Description : This function will map Diffie Hellman calls from OCF
292 * to the LAC API. OCF uses this function for Diffie Hellman Phase1 and
293 * Phase2. LAC has a separate Diffie Hellman Phase2 call, however both phases
294 * break down to a modular exponentiation.
295 */
296static int icp_ocfDrvDHComputeKey(struct cryptkop *krp)
297{
298    CpaStatus lacStatus = CPA_STATUS_SUCCESS;
299    void *callbackTag = NULL;
300    CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL;
301    CpaFlatBuffer *pLocalOctetStringPV = NULL;
302    uint32_t dh_prime_len_bytes = 0, dh_prime_len_bits = 0;
303
304    /* Input checks - check prime is a multiple of 8 bits to allow for
305       allocation later */
306    dh_prime_len_bits =
307        (krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_nbits);
308
309    /* LAC can reject prime lengths based on prime key sizes, we just
310       need to make sure we can allocate space for the base and
311       exponent buffers correctly */
312    if ((dh_prime_len_bits % NUM_BITS_IN_BYTE) != 0) {
313        APRINTK("%s(): Warning Prime number buffer size is not a "
314            "multiple of 8 bits\n", __FUNCTION__);
315    }
316
317    /* Result storage space should be the same size as the prime as this
318       value can take up the same amount of storage space */
319    if (dh_prime_len_bits !=
320        krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits) {
321        DPRINTK("%s(): Return Buffer must be the same size "
322            "as the Prime buffer\n", __FUNCTION__);
323        krp->krp_status = EINVAL;
324        return EINVAL;
325    }
326    /* Switch to size in bytes */
327    BITS_TO_BYTES(dh_prime_len_bytes, dh_prime_len_bits);
328
329    callbackTag = krp;
330
331/*All allocations are set to ICP_M_NOWAIT due to the possibility of getting
332called in interrupt context*/
333    pPhase1OpData = icp_kmem_cache_zalloc(drvDH_zone, ICP_M_NOWAIT);
334    if (NULL == pPhase1OpData) {
335        APRINTK("%s():Failed to get memory for key gen data\n",
336            __FUNCTION__);
337        krp->krp_status = ENOMEM;
338        return ENOMEM;
339    }
340
341    pLocalOctetStringPV =
342        icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
343    if (NULL == pLocalOctetStringPV) {
344        APRINTK("%s():Failed to get memory for pLocalOctetStringPV\n",
345            __FUNCTION__);
346        ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
347        krp->krp_status = ENOMEM;
348        return ENOMEM;
349    }
350
351    /* Link parameters */
352    pPhase1OpData->primeP.pData =
353        krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_p;
354
355    pPhase1OpData->primeP.dataLenInBytes = dh_prime_len_bytes;
356
357    icp_ocfDrvSwapBytes(pPhase1OpData->primeP.pData, dh_prime_len_bytes);
358
359    pPhase1OpData->baseG.pData =
360        krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_p;
361
362    BITS_TO_BYTES(pPhase1OpData->baseG.dataLenInBytes,
363              krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_nbits);
364
365    icp_ocfDrvSwapBytes(pPhase1OpData->baseG.pData,
366                pPhase1OpData->baseG.dataLenInBytes);
367
368    pPhase1OpData->privateValueX.pData =
369        krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX].crp_p;
370
371    BITS_TO_BYTES(pPhase1OpData->privateValueX.dataLenInBytes,
372              krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX].
373              crp_nbits);
374
375    icp_ocfDrvSwapBytes(pPhase1OpData->privateValueX.pData,
376                pPhase1OpData->privateValueX.dataLenInBytes);
377
378    /* Output parameters */
379    pLocalOctetStringPV->pData =
380        krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_p;
381
382    BITS_TO_BYTES(pLocalOctetStringPV->dataLenInBytes,
383              krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits);
384
385    lacStatus = cpaCyDhKeyGenPhase1(CPA_INSTANCE_HANDLE_SINGLE,
386                    icp_ocfDrvDhP1CallBack,
387                    callbackTag, pPhase1OpData,
388                    pLocalOctetStringPV);
389
390    if (CPA_STATUS_SUCCESS != lacStatus) {
391        EPRINTK("%s(): DH Phase 1 Key Gen failed (%d).\n",
392            __FUNCTION__, lacStatus);
393        icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV);
394        ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
395    }
396
397    return lacStatus;
398}
399
400/* Name : icp_ocfDrvModExp
401 *
402 * Description : This function will map ordinary Modular Exponentiation calls
403 * from OCF to the LAC API.
404 *
405 */
406static int icp_ocfDrvModExp(struct cryptkop *krp)
407{
408    CpaStatus lacStatus = CPA_STATUS_SUCCESS;
409    void *callbackTag = NULL;
410    CpaCyLnModExpOpData *pModExpOpData = NULL;
411    CpaFlatBuffer *pResult = NULL;
412
413    if ((krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits %
414         NUM_BITS_IN_BYTE) != 0) {
415        DPRINTK("%s(): Warning - modulus buffer size (%d) is not a "
416            "multiple of 8 bits\n", __FUNCTION__,
417            krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].
418            crp_nbits);
419    }
420
421    /* Result storage space should be the same size as the prime as this
422       value can take up the same amount of storage space */
423    if (krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits >
424        krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_nbits) {
425        APRINTK("%s(): Return Buffer size must be the same or"
426            " greater than the Modulus buffer\n", __FUNCTION__);
427        krp->krp_status = EINVAL;
428        return EINVAL;
429    }
430
431    callbackTag = krp;
432
433    pModExpOpData = icp_kmem_cache_zalloc(drvLnModExp_zone, ICP_M_NOWAIT);
434    if (NULL == pModExpOpData) {
435        APRINTK("%s():Failed to get memory for key gen data\n",
436            __FUNCTION__);
437        krp->krp_status = ENOMEM;
438        return ENOMEM;
439    }
440
441    pResult = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
442    if (NULL == pResult) {
443        APRINTK("%s():Failed to get memory for ModExp result\n",
444            __FUNCTION__);
445        ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData);
446        krp->krp_status = ENOMEM;
447        return ENOMEM;
448    }
449
450    /* Link parameters */
451    pModExpOpData->modulus.pData =
452        krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_p;
453    BITS_TO_BYTES(pModExpOpData->modulus.dataLenInBytes,
454              krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].
455              crp_nbits);
456
457    icp_ocfDrvSwapBytes(pModExpOpData->modulus.pData,
458                pModExpOpData->modulus.dataLenInBytes);
459
460    DPRINTK("%s : base (%d)\n", __FUNCTION__, krp->
461        krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_nbits);
462    pModExpOpData->base.pData =
463        krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_p;
464    BITS_TO_BYTES(pModExpOpData->base.dataLenInBytes,
465              krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].
466              crp_nbits);
467    icp_ocfDrvSwapBytes(pModExpOpData->base.pData,
468                pModExpOpData->base.dataLenInBytes);
469
470    pModExpOpData->exponent.pData =
471        krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX].crp_p;
472    BITS_TO_BYTES(pModExpOpData->exponent.dataLenInBytes,
473              krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX].
474              crp_nbits);
475
476    icp_ocfDrvSwapBytes(pModExpOpData->exponent.pData,
477                pModExpOpData->exponent.dataLenInBytes);
478    /* Output parameters */
479    pResult->pData =
480        krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_p,
481        BITS_TO_BYTES(pResult->dataLenInBytes,
482              krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].
483              crp_nbits);
484
485    lacStatus = cpaCyLnModExp(CPA_INSTANCE_HANDLE_SINGLE,
486                  icp_ocfDrvModExpCallBack,
487                  callbackTag, pModExpOpData, pResult);
488
489    if (CPA_STATUS_SUCCESS != lacStatus) {
490        EPRINTK("%s(): Mod Exp Operation failed (%d).\n",
491            __FUNCTION__, lacStatus);
492        krp->krp_status = ECANCELED;
493        icp_ocfDrvFreeFlatBuffer(pResult);
494        ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData);
495    }
496
497    return lacStatus;
498}
499
500/* Name : icp_ocfDrvModExpCRT
501 *
502 * Description : This function will map ordinary Modular Exponentiation Chinese
503 * Remainder Theorem implementaion calls from OCF to the LAC API.
504 *
505 * Note : Mod Exp CRT for this driver is accelerated through LAC RSA type 2
506 * decrypt operation. Therefore P and Q input values must always be prime
507 * numbers. Although basic primality checks are done in LAC, it is up to the
508 * user to do any correct prime number checking before passing the inputs.
509 */
510static int icp_ocfDrvModExpCRT(struct cryptkop *krp)
511{
512    CpaStatus lacStatus = CPA_STATUS_SUCCESS;
513    CpaCyRsaDecryptOpData *rsaDecryptOpData = NULL;
514    void *callbackTag = NULL;
515    CpaFlatBuffer *pOutputData = NULL;
516
517    /*Parameter input checks are all done by LAC, no need to repeat
518       them here. */
519    callbackTag = krp;
520
521    rsaDecryptOpData =
522        icp_kmem_cache_zalloc(drvRSADecrypt_zone, ICP_M_NOWAIT);
523    if (NULL == rsaDecryptOpData) {
524        APRINTK("%s():Failed to get memory"
525            " for MOD EXP CRT Op data struct\n", __FUNCTION__);
526        krp->krp_status = ENOMEM;
527        return ENOMEM;
528    }
529
530    rsaDecryptOpData->pRecipientPrivateKey
531        = icp_kmem_cache_zalloc(drvRSAPrivateKey_zone, ICP_M_NOWAIT);
532    if (NULL == rsaDecryptOpData->pRecipientPrivateKey) {
533        APRINTK("%s():Failed to get memory for MOD EXP CRT"
534            " private key values struct\n", __FUNCTION__);
535        ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
536        krp->krp_status = ENOMEM;
537        return ENOMEM;
538    }
539
540    rsaDecryptOpData->pRecipientPrivateKey->
541        version = CPA_CY_RSA_VERSION_TWO_PRIME;
542    rsaDecryptOpData->pRecipientPrivateKey->
543        privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2;
544
545    pOutputData = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
546    if (NULL == pOutputData) {
547        APRINTK("%s():Failed to get memory"
548            " for MOD EXP CRT output data\n", __FUNCTION__);
549        ICP_CACHE_FREE(drvRSAPrivateKey_zone,
550                   rsaDecryptOpData->pRecipientPrivateKey);
551        ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
552        krp->krp_status = ENOMEM;
553        return ENOMEM;
554    }
555
556    rsaDecryptOpData->pRecipientPrivateKey->
557        version = CPA_CY_RSA_VERSION_TWO_PRIME;
558    rsaDecryptOpData->pRecipientPrivateKey->
559        privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2;
560
561    /* Link parameters */
562    rsaDecryptOpData->inputData.pData =
563        krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX].crp_p;
564    BITS_TO_BYTES(rsaDecryptOpData->inputData.dataLenInBytes,
565              krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX].
566              crp_nbits);
567
568    icp_ocfDrvSwapBytes(rsaDecryptOpData->inputData.pData,
569                rsaDecryptOpData->inputData.dataLenInBytes);
570
571    rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime1P.pData =
572        krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX].crp_p;
573    BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
574              prime1P.dataLenInBytes,
575              krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX].
576              crp_nbits);
577
578    icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
579                privateKeyRep2.prime1P.pData,
580                rsaDecryptOpData->pRecipientPrivateKey->
581                privateKeyRep2.prime1P.dataLenInBytes);
582
583    rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime2Q.pData =
584        krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX].crp_p;
585    BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
586              prime2Q.dataLenInBytes,
587              krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX].
588              crp_nbits);
589
590    icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
591                privateKeyRep2.prime2Q.pData,
592                rsaDecryptOpData->pRecipientPrivateKey->
593                privateKeyRep2.prime2Q.dataLenInBytes);
594
595    rsaDecryptOpData->pRecipientPrivateKey->
596        privateKeyRep2.exponent1Dp.pData =
597        krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX].crp_p;
598    BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.
599              exponent1Dp.dataLenInBytes,
600              krp->
601              krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX].
602              crp_nbits);
603
604    icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
605                privateKeyRep2.exponent1Dp.pData,
606                rsaDecryptOpData->pRecipientPrivateKey->
607                privateKeyRep2.exponent1Dp.dataLenInBytes);
608
609    rsaDecryptOpData->pRecipientPrivateKey->
610        privateKeyRep2.exponent2Dq.pData =
611        krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX].crp_p;
612    BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->
613              privateKeyRep2.exponent2Dq.dataLenInBytes,
614              krp->
615              krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX].
616              crp_nbits);
617
618    icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
619                privateKeyRep2.exponent2Dq.pData,
620                rsaDecryptOpData->pRecipientPrivateKey->
621                privateKeyRep2.exponent2Dq.dataLenInBytes);
622
623    rsaDecryptOpData->pRecipientPrivateKey->
624        privateKeyRep2.coefficientQInv.pData =
625        krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX].crp_p;
626    BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->
627              privateKeyRep2.coefficientQInv.dataLenInBytes,
628              krp->
629              krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX].
630              crp_nbits);
631
632    icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey->
633                privateKeyRep2.coefficientQInv.pData,
634                rsaDecryptOpData->pRecipientPrivateKey->
635                privateKeyRep2.coefficientQInv.dataLenInBytes);
636
637    /* Output Parameter */
638    pOutputData->pData =
639        krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX].crp_p;
640    BITS_TO_BYTES(pOutputData->dataLenInBytes,
641              krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX].
642              crp_nbits);
643
644    lacStatus = cpaCyRsaDecrypt(CPA_INSTANCE_HANDLE_SINGLE,
645                    icp_ocfDrvModExpCRTCallBack,
646                    callbackTag, rsaDecryptOpData, pOutputData);
647
648    if (CPA_STATUS_SUCCESS != lacStatus) {
649        EPRINTK("%s(): Mod Exp CRT Operation failed (%d).\n",
650            __FUNCTION__, lacStatus);
651        krp->krp_status = ECANCELED;
652        icp_ocfDrvFreeFlatBuffer(pOutputData);
653        ICP_CACHE_FREE(drvRSAPrivateKey_zone,
654                   rsaDecryptOpData->pRecipientPrivateKey);
655        ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData);
656    }
657
658    return lacStatus;
659}
660
661/* Name : icp_ocfDrvCheckALessThanB
662 *
663 * Description : This function will check whether the first argument is less
664 * than the second. It is used to check whether the DSA RS sign Random K
665 * value is less than the Prime Q value (as defined in the specification)
666 *
667 */
668static int
669icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck)
670{
671
672    uint8_t *MSB_K = pK->pData;
673    uint8_t *MSB_Q = pQ->pData;
674    uint32_t buffer_lengths_in_bytes = pQ->dataLenInBytes;
675
676    if (DONT_RUN_LESS_THAN_CHECK == *doCheck) {
677        return FAIL_A_IS_GREATER_THAN_B;
678    }
679
680/*Check MSBs
681if A == B, check next MSB
682if A > B, return A_IS_GREATER_THAN_B
683if A < B, return A_IS_LESS_THAN_B (success)
684*/
685    while (*MSB_K == *MSB_Q) {
686        MSB_K++;
687        MSB_Q++;
688
689        buffer_lengths_in_bytes--;
690        if (0 == buffer_lengths_in_bytes) {
691            DPRINTK("%s() Buffers have equal value!!\n",
692                __FUNCTION__);
693            return FAIL_A_IS_EQUAL_TO_B;
694        }
695
696    }
697
698    if (*MSB_K < *MSB_Q) {
699        return SUCCESS_A_IS_LESS_THAN_B;
700    } else {
701        return FAIL_A_IS_GREATER_THAN_B;
702    }
703
704}
705
706/* Name : icp_ocfDrvDsaSign
707 *
708 * Description : This function will map DSA RS Sign from OCF to the LAC API.
709 *
710 * NOTE: From looking at OCF patch to OpenSSL and even the number of input
711 * parameters, OCF expects us to generate the random seed value. This value
712 * is generated and passed to LAC, however the number is discared in the
713 * callback and not returned to the user.
714 */
715static int icp_ocfDrvDsaSign(struct cryptkop *krp)
716{
717    CpaStatus lacStatus = CPA_STATUS_SUCCESS;
718    CpaCyDsaRSSignOpData *dsaRsSignOpData = NULL;
719    void *callbackTag = NULL;
720    CpaCyRandGenOpData randGenOpData;
721    int primeQSizeInBytes = 0;
722    int doCheck = 0;
723    CpaFlatBuffer randData;
724    CpaBoolean protocolStatus = CPA_FALSE;
725    CpaFlatBuffer *pR = NULL;
726    CpaFlatBuffer *pS = NULL;
727
728    callbackTag = krp;
729
730    BITS_TO_BYTES(primeQSizeInBytes,
731              krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].
732              crp_nbits);
733
734    if (DSA_RS_SIGN_PRIMEQ_SIZE_IN_BYTES != primeQSizeInBytes) {
735        APRINTK("%s(): DSA PRIME Q size not equal to the "
736            "FIPS defined 20bytes, = %d\n",
737            __FUNCTION__, primeQSizeInBytes);
738        krp->krp_status = EDOM;
739        return EDOM;
740    }
741
742    dsaRsSignOpData =
743        icp_kmem_cache_zalloc(drvDSARSSign_zone, ICP_M_NOWAIT);
744    if (NULL == dsaRsSignOpData) {
745        APRINTK("%s():Failed to get memory"
746            " for DSA RS Sign Op data struct\n", __FUNCTION__);
747        krp->krp_status = ENOMEM;
748        return ENOMEM;
749    }
750
751    dsaRsSignOpData->K.pData =
752        icp_kmem_cache_alloc(drvDSARSSignKValue_zone, ICP_M_NOWAIT);
753
754    if (NULL == dsaRsSignOpData->K.pData) {
755        APRINTK("%s():Failed to get memory"
756            " for DSA RS Sign Op Random value\n", __FUNCTION__);
757        ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
758        krp->krp_status = ENOMEM;
759        return ENOMEM;
760    }
761
762    pR = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
763    if (NULL == pR) {
764        APRINTK("%s():Failed to get memory"
765            " for DSA signature R\n", __FUNCTION__);
766        ICP_CACHE_FREE(drvDSARSSignKValue_zone,
767                   dsaRsSignOpData->K.pData);
768        ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
769        krp->krp_status = ENOMEM;
770        return ENOMEM;
771    }
772
773    pS = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT);
774    if (NULL == pS) {
775        APRINTK("%s():Failed to get memory"
776            " for DSA signature S\n", __FUNCTION__);
777        icp_ocfDrvFreeFlatBuffer(pR);
778        ICP_CACHE_FREE(drvDSARSSignKValue_zone,
779                   dsaRsSignOpData->K.pData);
780        ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
781        krp->krp_status = ENOMEM;
782        return ENOMEM;
783    }
784
785    /*link prime number parameter for ease of processing */
786    dsaRsSignOpData->P.pData =
787        krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX].crp_p;
788    BITS_TO_BYTES(dsaRsSignOpData->P.dataLenInBytes,
789              krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX].
790              crp_nbits);
791
792    icp_ocfDrvSwapBytes(dsaRsSignOpData->P.pData,
793                dsaRsSignOpData->P.dataLenInBytes);
794
795    dsaRsSignOpData->Q.pData =
796        krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].crp_p;
797    BITS_TO_BYTES(dsaRsSignOpData->Q.dataLenInBytes,
798              krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].
799              crp_nbits);
800
801    icp_ocfDrvSwapBytes(dsaRsSignOpData->Q.pData,
802                dsaRsSignOpData->Q.dataLenInBytes);
803
804    /*generate random number with equal buffer size to Prime value Q,
805       but value less than Q */
806    dsaRsSignOpData->K.dataLenInBytes = dsaRsSignOpData->Q.dataLenInBytes;
807
808    randGenOpData.generateBits = CPA_TRUE;
809    randGenOpData.lenInBytes = dsaRsSignOpData->K.dataLenInBytes;
810
811    icp_ocfDrvPtrAndLenToFlatBuffer(dsaRsSignOpData->K.pData,
812                    dsaRsSignOpData->K.dataLenInBytes,
813                    &randData);
814
815    doCheck = 0;
816    while (icp_ocfDrvCheckALessThanB(&(dsaRsSignOpData->K),
817                     &(dsaRsSignOpData->Q), &doCheck)) {
818
819        if (CPA_STATUS_SUCCESS
820            != cpaCyRandGen(CPA_INSTANCE_HANDLE_SINGLE,
821                    NULL, NULL, &randGenOpData, &randData)) {
822            APRINTK("%s(): ERROR - Failed to generate DSA RS Sign K"
823                "value\n", __FUNCTION__);
824            icp_ocfDrvFreeFlatBuffer(pS);
825            icp_ocfDrvFreeFlatBuffer(pR);
826            ICP_CACHE_FREE(drvDSARSSignKValue_zone,
827                       dsaRsSignOpData->K.pData);
828            ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
829            krp->krp_status = EAGAIN;
830            return EAGAIN;
831        }
832
833        doCheck++;
834        if (DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS == doCheck) {
835            APRINTK("%s(): ERROR - Failed to find DSA RS Sign K "
836                "value less than Q value\n", __FUNCTION__);
837            icp_ocfDrvFreeFlatBuffer(pS);
838            icp_ocfDrvFreeFlatBuffer(pR);
839            ICP_CACHE_FREE(drvDSARSSignKValue_zone,
840                       dsaRsSignOpData->K.pData);
841            ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
842            krp->krp_status = EAGAIN;
843            return EAGAIN;
844        }
845
846    }
847    /*Rand Data - no need to swap bytes for pK */
848
849    /* Link parameters */
850    dsaRsSignOpData->G.pData =
851        krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_p;
852    BITS_TO_BYTES(dsaRsSignOpData->G.dataLenInBytes,
853              krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_nbits);
854
855    icp_ocfDrvSwapBytes(dsaRsSignOpData->G.pData,
856                dsaRsSignOpData->G.dataLenInBytes);
857
858    dsaRsSignOpData->X.pData =
859        krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_p;
860    BITS_TO_BYTES(dsaRsSignOpData->X.dataLenInBytes,
861              krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_nbits);
862    icp_ocfDrvSwapBytes(dsaRsSignOpData->X.pData,
863                dsaRsSignOpData->X.dataLenInBytes);
864
865    /*OpenSSL dgst parameter is left in big endian byte order,
866       therefore no byte swap is required */
867    dsaRsSignOpData->M.pData =
868        krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX].crp_p;
869    BITS_TO_BYTES(dsaRsSignOpData->M.dataLenInBytes,
870              krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX].
871              crp_nbits);
872
873    /* Output Parameters */
874    pS->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX].crp_p;
875    BITS_TO_BYTES(pS->dataLenInBytes,
876              krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX].
877              crp_nbits);
878
879    pR->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX].crp_p;
880    BITS_TO_BYTES(pR->dataLenInBytes,
881              krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX].
882              crp_nbits);
883
884    lacStatus = cpaCyDsaSignRS(CPA_INSTANCE_HANDLE_SINGLE,
885                   icp_ocfDrvDsaRSSignCallBack,
886                   callbackTag, dsaRsSignOpData,
887                   &protocolStatus, pR, pS);
888
889    if (CPA_STATUS_SUCCESS != lacStatus) {
890        EPRINTK("%s(): DSA RS Sign Operation failed (%d).\n",
891            __FUNCTION__, lacStatus);
892        krp->krp_status = ECANCELED;
893        icp_ocfDrvFreeFlatBuffer(pS);
894        icp_ocfDrvFreeFlatBuffer(pR);
895        ICP_CACHE_FREE(drvDSARSSignKValue_zone,
896                   dsaRsSignOpData->K.pData);
897        ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData);
898    }
899
900    return lacStatus;
901}
902
903/* Name : icp_ocfDrvDsaVerify
904 *
905 * Description : This function will map DSA RS Verify from OCF to the LAC API.
906 *
907 */
908static int icp_ocfDrvDsaVerify(struct cryptkop *krp)
909{
910    CpaStatus lacStatus = CPA_STATUS_SUCCESS;
911    CpaCyDsaVerifyOpData *dsaVerifyOpData = NULL;
912    void *callbackTag = NULL;
913    CpaBoolean verifyStatus = CPA_FALSE;
914
915    callbackTag = krp;
916
917    dsaVerifyOpData =
918        icp_kmem_cache_zalloc(drvDSAVerify_zone, ICP_M_NOWAIT);
919    if (NULL == dsaVerifyOpData) {
920        APRINTK("%s():Failed to get memory"
921            " for DSA Verify Op data struct\n", __FUNCTION__);
922        krp->krp_status = ENOMEM;
923        return ENOMEM;
924    }
925
926    /* Link parameters */
927    dsaVerifyOpData->P.pData =
928        krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX].crp_p;
929    BITS_TO_BYTES(dsaVerifyOpData->P.dataLenInBytes,
930              krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX].
931              crp_nbits);
932    icp_ocfDrvSwapBytes(dsaVerifyOpData->P.pData,
933                dsaVerifyOpData->P.dataLenInBytes);
934
935    dsaVerifyOpData->Q.pData =
936        krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX].crp_p;
937    BITS_TO_BYTES(dsaVerifyOpData->Q.dataLenInBytes,
938              krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX].
939              crp_nbits);
940    icp_ocfDrvSwapBytes(dsaVerifyOpData->Q.pData,
941                dsaVerifyOpData->Q.dataLenInBytes);
942
943    dsaVerifyOpData->G.pData =
944        krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX].crp_p;
945    BITS_TO_BYTES(dsaVerifyOpData->G.dataLenInBytes,
946              krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX].
947              crp_nbits);
948    icp_ocfDrvSwapBytes(dsaVerifyOpData->G.pData,
949                dsaVerifyOpData->G.dataLenInBytes);
950
951    dsaVerifyOpData->Y.pData =
952        krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX].crp_p;
953    BITS_TO_BYTES(dsaVerifyOpData->Y.dataLenInBytes,
954              krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX].
955              crp_nbits);
956    icp_ocfDrvSwapBytes(dsaVerifyOpData->Y.pData,
957                dsaVerifyOpData->Y.dataLenInBytes);
958
959    /*OpenSSL dgst parameter is left in big endian byte order,
960       therefore no byte swap is required */
961    dsaVerifyOpData->M.pData =
962        krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX].crp_p;
963    BITS_TO_BYTES(dsaVerifyOpData->M.dataLenInBytes,
964              krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX].
965              crp_nbits);
966
967    dsaVerifyOpData->R.pData =
968        krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX].crp_p;
969    BITS_TO_BYTES(dsaVerifyOpData->R.dataLenInBytes,
970              krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX].
971              crp_nbits);
972    icp_ocfDrvSwapBytes(dsaVerifyOpData->R.pData,
973                dsaVerifyOpData->R.dataLenInBytes);
974
975    dsaVerifyOpData->S.pData =
976        krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX].crp_p;
977    BITS_TO_BYTES(dsaVerifyOpData->S.dataLenInBytes,
978              krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX].
979              crp_nbits);
980    icp_ocfDrvSwapBytes(dsaVerifyOpData->S.pData,
981                dsaVerifyOpData->S.dataLenInBytes);
982
983    lacStatus = cpaCyDsaVerify(CPA_INSTANCE_HANDLE_SINGLE,
984                   icp_ocfDrvDsaVerifyCallBack,
985                   callbackTag, dsaVerifyOpData, &verifyStatus);
986
987    if (CPA_STATUS_SUCCESS != lacStatus) {
988        EPRINTK("%s(): DSA Verify Operation failed (%d).\n",
989            __FUNCTION__, lacStatus);
990        ICP_CACHE_FREE(drvDSAVerify_zone, dsaVerifyOpData);
991        krp->krp_status = ECANCELED;
992    }
993
994    return lacStatus;
995}
996
997/* Name : icp_ocfDrvDhP1Callback
998 *
999 * Description : When this function returns it signifies that the LAC
1000 * component has completed the DH operation.
1001 */
1002static void
1003icp_ocfDrvDhP1CallBack(void *callbackTag,
1004               CpaStatus status,
1005               void *pOpData, CpaFlatBuffer * pLocalOctetStringPV)
1006{
1007    struct cryptkop *krp = NULL;
1008    CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL;
1009
1010    if (NULL == callbackTag) {
1011        DPRINTK("%s(): Invalid input parameters - "
1012            "callbackTag data is NULL\n", __FUNCTION__);
1013        return;
1014    }
1015    krp = (struct cryptkop *)callbackTag;
1016
1017    if (NULL == pOpData) {
1018        DPRINTK("%s(): Invalid input parameters - "
1019            "Operation Data is NULL\n", __FUNCTION__);
1020        krp->krp_status = ECANCELED;
1021        crypto_kdone(krp);
1022        return;
1023    }
1024    pPhase1OpData = (CpaCyDhPhase1KeyGenOpData *) pOpData;
1025
1026    if (NULL == pLocalOctetStringPV) {
1027        DPRINTK("%s(): Invalid input parameters - "
1028            "pLocalOctetStringPV Data is NULL\n", __FUNCTION__);
1029        memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData));
1030        ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
1031        krp->krp_status = ECANCELED;
1032        crypto_kdone(krp);
1033        return;
1034    }
1035
1036    if (CPA_STATUS_SUCCESS == status) {
1037        krp->krp_status = CRYPTO_OP_SUCCESS;
1038    } else {
1039        APRINTK("%s(): Diffie Hellman Phase1 Key Gen failed - "
1040            "Operation Status = %d\n", __FUNCTION__, status);
1041        krp->krp_status = ECANCELED;
1042    }
1043
1044    icp_ocfDrvSwapBytes(pLocalOctetStringPV->pData,
1045                pLocalOctetStringPV->dataLenInBytes);
1046
1047    icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV);
1048    memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData));
1049    ICP_CACHE_FREE(drvDH_zone, pPhase1OpData);
1050
1051    crypto_kdone(krp);
1052
1053    return;
1054}
1055
1056/* Name : icp_ocfDrvModExpCallBack
1057 *
1058 * Description : When this function returns it signifies that the LAC
1059 * component has completed the Mod Exp operation.
1060 */
1061static void
1062icp_ocfDrvModExpCallBack(void *callbackTag,
1063             CpaStatus status,
1064             void *pOpdata, CpaFlatBuffer * pResult)
1065{
1066    struct cryptkop *krp = NULL;
1067    CpaCyLnModExpOpData *pLnModExpOpData = NULL;
1068
1069    if (NULL == callbackTag) {
1070        DPRINTK("%s(): Invalid input parameters - "
1071            "callbackTag data is NULL\n", __FUNCTION__);
1072        return;
1073    }
1074    krp = (struct cryptkop *)callbackTag;
1075
1076    if (NULL == pOpdata) {
1077        DPRINTK("%s(): Invalid Mod Exp input parameters - "
1078            "Operation Data is NULL\n", __FUNCTION__);
1079        krp->krp_status = ECANCELED;
1080        crypto_kdone(krp);
1081        return;
1082    }
1083    pLnModExpOpData = (CpaCyLnModExpOpData *) pOpdata;
1084
1085    if (NULL == pResult) {
1086        DPRINTK("%s(): Invalid input parameters - "
1087            "pResult data is NULL\n", __FUNCTION__);
1088        krp->krp_status = ECANCELED;
1089        memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData));
1090        ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData);
1091        crypto_kdone(krp);
1092        return;
1093    }
1094
1095    if (CPA_STATUS_SUCCESS == status) {
1096        krp->krp_status = CRYPTO_OP_SUCCESS;
1097    } else {
1098        APRINTK("%s(): LAC Mod Exp Operation failed - "
1099            "Operation Status = %d\n", __FUNCTION__, status);
1100        krp->krp_status = ECANCELED;
1101    }
1102
1103    icp_ocfDrvSwapBytes(pResult->pData, pResult->dataLenInBytes);
1104
1105    /*switch base size value back to original */
1106    if (pLnModExpOpData->base.pData ==
1107        (uint8_t *) & (krp->
1108               krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].
1109               crp_nbits)) {
1110        *((uint32_t *) pLnModExpOpData->base.pData) =
1111            ntohl(*((uint32_t *) pLnModExpOpData->base.pData));
1112    }
1113    icp_ocfDrvFreeFlatBuffer(pResult);
1114    memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData));
1115    ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData);
1116
1117    crypto_kdone(krp);
1118
1119    return;
1120
1121}
1122
1123/* Name : icp_ocfDrvModExpCRTCallBack
1124 *
1125 * Description : When this function returns it signifies that the LAC
1126 * component has completed the Mod Exp CRT operation.
1127 */
1128static void
1129icp_ocfDrvModExpCRTCallBack(void *callbackTag,
1130                CpaStatus status,
1131                void *pOpData, CpaFlatBuffer * pOutputData)
1132{
1133    struct cryptkop *krp = NULL;
1134    CpaCyRsaDecryptOpData *pDecryptData = NULL;
1135
1136    if (NULL == callbackTag) {
1137        DPRINTK("%s(): Invalid input parameters - "
1138            "callbackTag data is NULL\n", __FUNCTION__);
1139        return;
1140    }
1141
1142    krp = (struct cryptkop *)callbackTag;
1143
1144    if (NULL == pOpData) {
1145        DPRINTK("%s(): Invalid input parameters - "
1146            "Operation Data is NULL\n", __FUNCTION__);
1147        krp->krp_status = ECANCELED;
1148        crypto_kdone(krp);
1149        return;
1150    }
1151    pDecryptData = (CpaCyRsaDecryptOpData *) pOpData;
1152
1153    if (NULL == pOutputData) {
1154        DPRINTK("%s(): Invalid input parameter - "
1155            "pOutputData is NULL\n", __FUNCTION__);
1156        memset(pDecryptData->pRecipientPrivateKey, 0,
1157               sizeof(CpaCyRsaPrivateKey));
1158        ICP_CACHE_FREE(drvRSAPrivateKey_zone,
1159                   pDecryptData->pRecipientPrivateKey);
1160        memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData));
1161        ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData);
1162        krp->krp_status = ECANCELED;
1163        crypto_kdone(krp);
1164        return;
1165    }
1166
1167    if (CPA_STATUS_SUCCESS == status) {
1168        krp->krp_status = CRYPTO_OP_SUCCESS;
1169    } else {
1170        APRINTK("%s(): LAC Mod Exp CRT operation failed - "
1171            "Operation Status = %d\n", __FUNCTION__, status);
1172        krp->krp_status = ECANCELED;
1173    }
1174
1175    icp_ocfDrvSwapBytes(pOutputData->pData, pOutputData->dataLenInBytes);
1176
1177    icp_ocfDrvFreeFlatBuffer(pOutputData);
1178    memset(pDecryptData->pRecipientPrivateKey, 0,
1179           sizeof(CpaCyRsaPrivateKey));
1180    ICP_CACHE_FREE(drvRSAPrivateKey_zone,
1181               pDecryptData->pRecipientPrivateKey);
1182    memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData));
1183    ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData);
1184
1185    crypto_kdone(krp);
1186
1187    return;
1188}
1189
1190/* Name : icp_ocfDrvDsaRSSignCallBack
1191 *
1192 * Description : When this function returns it signifies that the LAC
1193 * component has completed the DSA RS sign operation.
1194 */
1195static void
1196icp_ocfDrvDsaRSSignCallBack(void *callbackTag,
1197                CpaStatus status,
1198                void *pOpData,
1199                CpaBoolean protocolStatus,
1200                CpaFlatBuffer * pR, CpaFlatBuffer * pS)
1201{
1202    struct cryptkop *krp = NULL;
1203    CpaCyDsaRSSignOpData *pSignData = NULL;
1204
1205    if (NULL == callbackTag) {
1206        DPRINTK("%s(): Invalid input parameters - "
1207            "callbackTag data is NULL\n", __FUNCTION__);
1208        return;
1209    }
1210
1211    krp = (struct cryptkop *)callbackTag;
1212
1213    if (NULL == pOpData) {
1214        DPRINTK("%s(): Invalid input parameters - "
1215            "Operation Data is NULL\n", __FUNCTION__);
1216        krp->krp_status = ECANCELED;
1217        crypto_kdone(krp);
1218        return;
1219    }
1220    pSignData = (CpaCyDsaRSSignOpData *) pOpData;
1221
1222    if (NULL == pR) {
1223        DPRINTK("%s(): Invalid input parameter - "
1224            "pR sign is NULL\n", __FUNCTION__);
1225        icp_ocfDrvFreeFlatBuffer(pS);
1226        ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1227        krp->krp_status = ECANCELED;
1228        crypto_kdone(krp);
1229        return;
1230    }
1231
1232    if (NULL == pS) {
1233        DPRINTK("%s(): Invalid input parameter - "
1234            "pS sign is NULL\n", __FUNCTION__);
1235        icp_ocfDrvFreeFlatBuffer(pR);
1236        ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1237        krp->krp_status = ECANCELED;
1238        crypto_kdone(krp);
1239        return;
1240    }
1241
1242    if (CPA_STATUS_SUCCESS != status) {
1243        APRINTK("%s(): LAC DSA RS Sign operation failed - "
1244            "Operation Status = %d\n", __FUNCTION__, status);
1245        krp->krp_status = ECANCELED;
1246    } else {
1247        krp->krp_status = CRYPTO_OP_SUCCESS;
1248
1249        if (CPA_TRUE != protocolStatus) {
1250            DPRINTK("%s(): LAC DSA RS Sign operation failed due "
1251                "to protocol error\n", __FUNCTION__);
1252            krp->krp_status = EIO;
1253        }
1254    }
1255
1256    /* Swap bytes only when the callback status is successful and
1257       protocolStatus is set to true */
1258    if (CPA_STATUS_SUCCESS == status && CPA_TRUE == protocolStatus) {
1259        icp_ocfDrvSwapBytes(pR->pData, pR->dataLenInBytes);
1260        icp_ocfDrvSwapBytes(pS->pData, pS->dataLenInBytes);
1261    }
1262
1263    icp_ocfDrvFreeFlatBuffer(pR);
1264    icp_ocfDrvFreeFlatBuffer(pS);
1265    memset(pSignData->K.pData, 0, pSignData->K.dataLenInBytes);
1266    ICP_CACHE_FREE(drvDSARSSignKValue_zone, pSignData->K.pData);
1267    memset(pSignData, 0, sizeof(CpaCyDsaRSSignOpData));
1268    ICP_CACHE_FREE(drvDSARSSign_zone, pSignData);
1269    crypto_kdone(krp);
1270
1271    return;
1272}
1273
1274/* Name : icp_ocfDrvDsaVerifyCallback
1275 *
1276 * Description : When this function returns it signifies that the LAC
1277 * component has completed the DSA Verify operation.
1278 */
1279static void
1280icp_ocfDrvDsaVerifyCallBack(void *callbackTag,
1281                CpaStatus status,
1282                void *pOpData, CpaBoolean verifyStatus)
1283{
1284
1285    struct cryptkop *krp = NULL;
1286    CpaCyDsaVerifyOpData *pVerData = NULL;
1287
1288    if (NULL == callbackTag) {
1289        DPRINTK("%s(): Invalid input parameters - "
1290            "callbackTag data is NULL\n", __FUNCTION__);
1291        return;
1292    }
1293
1294    krp = (struct cryptkop *)callbackTag;
1295
1296    if (NULL == pOpData) {
1297        DPRINTK("%s(): Invalid input parameters - "
1298            "Operation Data is NULL\n", __FUNCTION__);
1299        krp->krp_status = ECANCELED;
1300        crypto_kdone(krp);
1301        return;
1302    }
1303    pVerData = (CpaCyDsaVerifyOpData *) pOpData;
1304
1305    if (CPA_STATUS_SUCCESS != status) {
1306        APRINTK("%s(): LAC DSA Verify operation failed - "
1307            "Operation Status = %d\n", __FUNCTION__, status);
1308        krp->krp_status = ECANCELED;
1309    } else {
1310        krp->krp_status = CRYPTO_OP_SUCCESS;
1311
1312        if (CPA_TRUE != verifyStatus) {
1313            DPRINTK("%s(): DSA signature invalid\n", __FUNCTION__);
1314            krp->krp_status = EIO;
1315        }
1316    }
1317
1318    /* Swap bytes only when the callback status is successful and
1319       verifyStatus is set to true */
1320    /*Just swapping back the key values for now. Possibly all
1321       swapped buffers need to be reverted */
1322    if (CPA_STATUS_SUCCESS == status && CPA_TRUE == verifyStatus) {
1323        icp_ocfDrvSwapBytes(pVerData->R.pData,
1324                    pVerData->R.dataLenInBytes);
1325        icp_ocfDrvSwapBytes(pVerData->S.pData,
1326                    pVerData->S.dataLenInBytes);
1327    }
1328
1329    memset(pVerData, 0, sizeof(CpaCyDsaVerifyOpData));
1330    ICP_CACHE_FREE(drvDSAVerify_zone, pVerData);
1331    crypto_kdone(krp);
1332
1333    return;
1334}
1335

Archive Download this file



interactive