/*************************************************************************** * * This file is provided under a dual BSD/GPLv2 license. When using or * redistributing this file, you may do so under either license. * * GPL LICENSE SUMMARY * * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of version 2 of the GNU General Public License as * published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. * The full GNU General Public License is included in this distribution * in the file called LICENSE.GPL. * * Contact Information: * Intel Corporation * * BSD LICENSE * * Copyright(c) 2007,2008,2009 Intel Corporation. All rights reserved. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Intel Corporation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * * version: Security.L.1.0.2-229 * ***************************************************************************/ #include "icp_ocf.h" /*The following define values (containing the word 'INDEX') are used to find the index of each input buffer of the crypto_kop struct (see OCF cryptodev.h). These values were found through analysis of the OCF OpenSSL patch. If the calling program uses different input buffer positions, these defines will have to be changed.*/ /*DIFFIE HELLMAN buffer index values*/ #define ICP_DH_KRP_PARAM_PRIME_INDEX (0) #define ICP_DH_KRP_PARAM_BASE_INDEX (1) #define ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX (2) #define ICP_DH_KRP_PARAM_RESULT_INDEX (3) /*MOD EXP buffer index values*/ #define ICP_MOD_EXP_KRP_PARAM_BASE_INDEX (0) #define ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX (1) #define ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX (2) #define ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX (3) /*MOD EXP CRT buffer index values*/ #define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX (0) #define ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX (1) #define ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX (2) #define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX (3) #define ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX (4) #define ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX (5) #define ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX (6) /*DSA sign buffer index values*/ #define ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX (0) #define ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX (1) #define ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX (2) #define ICP_DSA_SIGN_KRP_PARAM_G_INDEX (3) #define ICP_DSA_SIGN_KRP_PARAM_X_INDEX (4) #define ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX (5) #define ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX (6) /*DSA verify buffer index values*/ #define ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX (0) #define ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX (1) #define ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX (2) #define ICP_DSA_VERIFY_KRP_PARAM_G_INDEX (3) #define ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX (4) #define ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX (5) #define ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX (6) /*DSA sign prime Q vs random number K size check values*/ #define DONT_RUN_LESS_THAN_CHECK (0) #define FAIL_A_IS_GREATER_THAN_B (1) #define FAIL_A_IS_EQUAL_TO_B (1) #define SUCCESS_A_IS_LESS_THAN_B (0) #define DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS (500) /* We need to set a cryptokp success value just in case it is set or allocated and not set to zero outside of this module */ #define CRYPTO_OP_SUCCESS (0) /*Function to compute Diffie Hellman (DH) phase 1 or phase 2 key values*/ static int icp_ocfDrvDHComputeKey(struct cryptkop *krp); /*Function to compute a Modular Exponentiation (Mod Exp)*/ static int icp_ocfDrvModExp(struct cryptkop *krp); /*Function to compute a Mod Exp using the Chinease Remainder Theorem*/ static int icp_ocfDrvModExpCRT(struct cryptkop *krp); /*Helper function to compute whether the first big number argument is less than the second big number argument */ static int icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck); /*Function to sign an input with DSA R and S keys*/ static int icp_ocfDrvDsaSign(struct cryptkop *krp); /*Function to Verify a DSA buffer signature*/ static int icp_ocfDrvDsaVerify(struct cryptkop *krp); /*Callback function for DH operation*/ static void icp_ocfDrvDhP1CallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaFlatBuffer * pLocalOctetStringPV); /*Callback function for ME operation*/ static void icp_ocfDrvModExpCallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaFlatBuffer * pResult); /*Callback function for ME CRT operation*/ static void icp_ocfDrvModExpCRTCallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaFlatBuffer * pOutputData); /*Callback function for DSA sign operation*/ static void icp_ocfDrvDsaRSSignCallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaBoolean protocolStatus, CpaFlatBuffer * pR, CpaFlatBuffer * pS); /*Callback function for DSA Verify operation*/ static void icp_ocfDrvDsaVerifyCallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaBoolean verifyStatus); /* Name : icp_ocfDrvPkeProcess * * Description : This function will choose which PKE process to follow * based on the input arguments */ int icp_ocfDrvPkeProcess(icp_device_t dev, struct cryptkop *krp, int hint) { CpaStatus lacStatus = CPA_STATUS_SUCCESS; if (NULL == krp) { DPRINTK("%s(): Invalid input parameters, cryptkop = %p\n", __FUNCTION__, krp); return EINVAL; } if (CPA_TRUE == icp_atomic_read(&icp_ocfDrvIsExiting)) { krp->krp_status = ECANCELED; return ECANCELED; } switch (krp->krp_op) { case CRK_DH_COMPUTE_KEY: DPRINTK("%s() doing DH_COMPUTE_KEY\n", __FUNCTION__); lacStatus = icp_ocfDrvDHComputeKey(krp); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): icp_ocfDrvDHComputeKey failed " "(%d).\n", __FUNCTION__, lacStatus); krp->krp_status = ECANCELED; return ECANCELED; } break; case CRK_MOD_EXP: DPRINTK("%s() doing MOD_EXP \n", __FUNCTION__); lacStatus = icp_ocfDrvModExp(krp); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): icp_ocfDrvModExp failed (%d).\n", __FUNCTION__, lacStatus); krp->krp_status = ECANCELED; return ECANCELED; } break; case CRK_MOD_EXP_CRT: DPRINTK("%s() doing MOD_EXP_CRT \n", __FUNCTION__); lacStatus = icp_ocfDrvModExpCRT(krp); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): icp_ocfDrvModExpCRT " "failed (%d).\n", __FUNCTION__, lacStatus); krp->krp_status = ECANCELED; return ECANCELED; } break; case CRK_DSA_SIGN: DPRINTK("%s() doing DSA_SIGN \n", __FUNCTION__); lacStatus = icp_ocfDrvDsaSign(krp); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): icp_ocfDrvDsaSign " "failed (%d).\n", __FUNCTION__, lacStatus); krp->krp_status = ECANCELED; return ECANCELED; } break; case CRK_DSA_VERIFY: DPRINTK("%s() doing DSA_VERIFY \n", __FUNCTION__); lacStatus = icp_ocfDrvDsaVerify(krp); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): icp_ocfDrvDsaVerify " "failed (%d).\n", __FUNCTION__, lacStatus); krp->krp_status = ECANCELED; return ECANCELED; } break; default: EPRINTK("%s(): Asymettric function not " "supported (%d).\n", __FUNCTION__, krp->krp_op); krp->krp_status = EOPNOTSUPP; return EOPNOTSUPP; } return ICP_OCF_DRV_STATUS_SUCCESS; } /* Name : icp_ocfDrvSwapBytes * * Description : This function is used to swap the byte order of a buffer. * It has been seen that in general we are passed little endian byte order * buffers, but LAC only accepts big endian byte order buffers. */ static void inline icp_ocfDrvSwapBytes(u_int8_t * num, u_int32_t buff_len_bytes) { int i; u_int8_t *end_ptr; u_int8_t hold_val; end_ptr = num + (buff_len_bytes - 1); buff_len_bytes = buff_len_bytes >> 1; for (i = 0; i < buff_len_bytes; i++) { hold_val = *num; *num = *end_ptr; num++; *end_ptr = hold_val; end_ptr--; } } /* Name : icp_ocfDrvDHComputeKey * * Description : This function will map Diffie Hellman calls from OCF * to the LAC API. OCF uses this function for Diffie Hellman Phase1 and * Phase2. LAC has a separate Diffie Hellman Phase2 call, however both phases * break down to a modular exponentiation. */ static int icp_ocfDrvDHComputeKey(struct cryptkop *krp) { CpaStatus lacStatus = CPA_STATUS_SUCCESS; void *callbackTag = NULL; CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL; CpaFlatBuffer *pLocalOctetStringPV = NULL; uint32_t dh_prime_len_bytes = 0, dh_prime_len_bits = 0; /* Input checks - check prime is a multiple of 8 bits to allow for allocation later */ dh_prime_len_bits = (krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_nbits); /* LAC can reject prime lengths based on prime key sizes, we just need to make sure we can allocate space for the base and exponent buffers correctly */ if ((dh_prime_len_bits % NUM_BITS_IN_BYTE) != 0) { APRINTK("%s(): Warning Prime number buffer size is not a " "multiple of 8 bits\n", __FUNCTION__); } /* Result storage space should be the same size as the prime as this value can take up the same amount of storage space */ if (dh_prime_len_bits != krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits) { DPRINTK("%s(): Return Buffer must be the same size " "as the Prime buffer\n", __FUNCTION__); krp->krp_status = EINVAL; return EINVAL; } /* Switch to size in bytes */ BITS_TO_BYTES(dh_prime_len_bytes, dh_prime_len_bits); callbackTag = krp; /*All allocations are set to ICP_M_NOWAIT due to the possibility of getting called in interrupt context*/ pPhase1OpData = icp_kmem_cache_zalloc(drvDH_zone, ICP_M_NOWAIT); if (NULL == pPhase1OpData) { APRINTK("%s():Failed to get memory for key gen data\n", __FUNCTION__); krp->krp_status = ENOMEM; return ENOMEM; } pLocalOctetStringPV = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); if (NULL == pLocalOctetStringPV) { APRINTK("%s():Failed to get memory for pLocalOctetStringPV\n", __FUNCTION__); ICP_CACHE_FREE(drvDH_zone, pPhase1OpData); krp->krp_status = ENOMEM; return ENOMEM; } /* Link parameters */ pPhase1OpData->primeP.pData = krp->krp_param[ICP_DH_KRP_PARAM_PRIME_INDEX].crp_p; pPhase1OpData->primeP.dataLenInBytes = dh_prime_len_bytes; icp_ocfDrvSwapBytes(pPhase1OpData->primeP.pData, dh_prime_len_bytes); pPhase1OpData->baseG.pData = krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_p; BITS_TO_BYTES(pPhase1OpData->baseG.dataLenInBytes, krp->krp_param[ICP_DH_KRP_PARAM_BASE_INDEX].crp_nbits); icp_ocfDrvSwapBytes(pPhase1OpData->baseG.pData, pPhase1OpData->baseG.dataLenInBytes); pPhase1OpData->privateValueX.pData = krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX].crp_p; BITS_TO_BYTES(pPhase1OpData->privateValueX.dataLenInBytes, krp->krp_param[ICP_DH_KRP_PARAM_PRIVATE_VALUE_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(pPhase1OpData->privateValueX.pData, pPhase1OpData->privateValueX.dataLenInBytes); /* Output parameters */ pLocalOctetStringPV->pData = krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_p; BITS_TO_BYTES(pLocalOctetStringPV->dataLenInBytes, krp->krp_param[ICP_DH_KRP_PARAM_RESULT_INDEX].crp_nbits); lacStatus = cpaCyDhKeyGenPhase1(CPA_INSTANCE_HANDLE_SINGLE, icp_ocfDrvDhP1CallBack, callbackTag, pPhase1OpData, pLocalOctetStringPV); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): DH Phase 1 Key Gen failed (%d).\n", __FUNCTION__, lacStatus); icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV); ICP_CACHE_FREE(drvDH_zone, pPhase1OpData); } return lacStatus; } /* Name : icp_ocfDrvModExp * * Description : This function will map ordinary Modular Exponentiation calls * from OCF to the LAC API. * */ static int icp_ocfDrvModExp(struct cryptkop *krp) { CpaStatus lacStatus = CPA_STATUS_SUCCESS; void *callbackTag = NULL; CpaCyLnModExpOpData *pModExpOpData = NULL; CpaFlatBuffer *pResult = NULL; if ((krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits % NUM_BITS_IN_BYTE) != 0) { DPRINTK("%s(): Warning - modulus buffer size (%d) is not a " "multiple of 8 bits\n", __FUNCTION__, krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX]. crp_nbits); } /* Result storage space should be the same size as the prime as this value can take up the same amount of storage space */ if (krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_nbits > krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_nbits) { APRINTK("%s(): Return Buffer size must be the same or" " greater than the Modulus buffer\n", __FUNCTION__); krp->krp_status = EINVAL; return EINVAL; } callbackTag = krp; pModExpOpData = icp_kmem_cache_zalloc(drvLnModExp_zone, ICP_M_NOWAIT); if (NULL == pModExpOpData) { APRINTK("%s():Failed to get memory for key gen data\n", __FUNCTION__); krp->krp_status = ENOMEM; return ENOMEM; } pResult = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); if (NULL == pResult) { APRINTK("%s():Failed to get memory for ModExp result\n", __FUNCTION__); ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData); krp->krp_status = ENOMEM; return ENOMEM; } /* Link parameters */ pModExpOpData->modulus.pData = krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX].crp_p; BITS_TO_BYTES(pModExpOpData->modulus.dataLenInBytes, krp->krp_param[ICP_MOD_EXP_KRP_PARAM_MODULUS_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(pModExpOpData->modulus.pData, pModExpOpData->modulus.dataLenInBytes); DPRINTK("%s : base (%d)\n", __FUNCTION__, krp-> krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_nbits); pModExpOpData->base.pData = krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX].crp_p; BITS_TO_BYTES(pModExpOpData->base.dataLenInBytes, krp->krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(pModExpOpData->base.pData, pModExpOpData->base.dataLenInBytes); pModExpOpData->exponent.pData = krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX].crp_p; BITS_TO_BYTES(pModExpOpData->exponent.dataLenInBytes, krp->krp_param[ICP_MOD_EXP_KRP_PARAM_EXPONENT_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(pModExpOpData->exponent.pData, pModExpOpData->exponent.dataLenInBytes); /* Output parameters */ pResult->pData = krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX].crp_p, BITS_TO_BYTES(pResult->dataLenInBytes, krp->krp_param[ICP_MOD_EXP_KRP_PARAM_RESULT_INDEX]. crp_nbits); lacStatus = cpaCyLnModExp(CPA_INSTANCE_HANDLE_SINGLE, icp_ocfDrvModExpCallBack, callbackTag, pModExpOpData, pResult); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): Mod Exp Operation failed (%d).\n", __FUNCTION__, lacStatus); krp->krp_status = ECANCELED; icp_ocfDrvFreeFlatBuffer(pResult); ICP_CACHE_FREE(drvLnModExp_zone, pModExpOpData); } return lacStatus; } /* Name : icp_ocfDrvModExpCRT * * Description : This function will map ordinary Modular Exponentiation Chinese * Remainder Theorem implementaion calls from OCF to the LAC API. * * Note : Mod Exp CRT for this driver is accelerated through LAC RSA type 2 * decrypt operation. Therefore P and Q input values must always be prime * numbers. Although basic primality checks are done in LAC, it is up to the * user to do any correct prime number checking before passing the inputs. */ static int icp_ocfDrvModExpCRT(struct cryptkop *krp) { CpaStatus lacStatus = CPA_STATUS_SUCCESS; CpaCyRsaDecryptOpData *rsaDecryptOpData = NULL; void *callbackTag = NULL; CpaFlatBuffer *pOutputData = NULL; /*Parameter input checks are all done by LAC, no need to repeat them here. */ callbackTag = krp; rsaDecryptOpData = icp_kmem_cache_zalloc(drvRSADecrypt_zone, ICP_M_NOWAIT); if (NULL == rsaDecryptOpData) { APRINTK("%s():Failed to get memory" " for MOD EXP CRT Op data struct\n", __FUNCTION__); krp->krp_status = ENOMEM; return ENOMEM; } rsaDecryptOpData->pRecipientPrivateKey = icp_kmem_cache_zalloc(drvRSAPrivateKey_zone, ICP_M_NOWAIT); if (NULL == rsaDecryptOpData->pRecipientPrivateKey) { APRINTK("%s():Failed to get memory for MOD EXP CRT" " private key values struct\n", __FUNCTION__); ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData); krp->krp_status = ENOMEM; return ENOMEM; } rsaDecryptOpData->pRecipientPrivateKey-> version = CPA_CY_RSA_VERSION_TWO_PRIME; rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2; pOutputData = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); if (NULL == pOutputData) { APRINTK("%s():Failed to get memory" " for MOD EXP CRT output data\n", __FUNCTION__); ICP_CACHE_FREE(drvRSAPrivateKey_zone, rsaDecryptOpData->pRecipientPrivateKey); ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData); krp->krp_status = ENOMEM; return ENOMEM; } rsaDecryptOpData->pRecipientPrivateKey-> version = CPA_CY_RSA_VERSION_TWO_PRIME; rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2; /* Link parameters */ rsaDecryptOpData->inputData.pData = krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX].crp_p; BITS_TO_BYTES(rsaDecryptOpData->inputData.dataLenInBytes, krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_I_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(rsaDecryptOpData->inputData.pData, rsaDecryptOpData->inputData.dataLenInBytes); rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime1P.pData = krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX].crp_p; BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2. prime1P.dataLenInBytes, krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_P_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.prime1P.pData, rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.prime1P.dataLenInBytes); rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2.prime2Q.pData = krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX].crp_p; BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2. prime2Q.dataLenInBytes, krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_PRIME_Q_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.prime2Q.pData, rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.prime2Q.dataLenInBytes); rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.exponent1Dp.pData = krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX].crp_p; BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey->privateKeyRep2. exponent1Dp.dataLenInBytes, krp-> krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DP_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.exponent1Dp.pData, rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.exponent1Dp.dataLenInBytes); rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.exponent2Dq.pData = krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX].crp_p; BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.exponent2Dq.dataLenInBytes, krp-> krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_EXPONENT_DQ_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.exponent2Dq.pData, rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.exponent2Dq.dataLenInBytes); rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.coefficientQInv.pData = krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX].crp_p; BITS_TO_BYTES(rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.coefficientQInv.dataLenInBytes, krp-> krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_COEFF_QINV_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.coefficientQInv.pData, rsaDecryptOpData->pRecipientPrivateKey-> privateKeyRep2.coefficientQInv.dataLenInBytes); /* Output Parameter */ pOutputData->pData = krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX].crp_p; BITS_TO_BYTES(pOutputData->dataLenInBytes, krp->krp_param[ICP_MOD_EXP_CRT_KRP_PARAM_RESULT_INDEX]. crp_nbits); lacStatus = cpaCyRsaDecrypt(CPA_INSTANCE_HANDLE_SINGLE, icp_ocfDrvModExpCRTCallBack, callbackTag, rsaDecryptOpData, pOutputData); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): Mod Exp CRT Operation failed (%d).\n", __FUNCTION__, lacStatus); krp->krp_status = ECANCELED; icp_ocfDrvFreeFlatBuffer(pOutputData); ICP_CACHE_FREE(drvRSAPrivateKey_zone, rsaDecryptOpData->pRecipientPrivateKey); ICP_CACHE_FREE(drvRSADecrypt_zone, rsaDecryptOpData); } return lacStatus; } /* Name : icp_ocfDrvCheckALessThanB * * Description : This function will check whether the first argument is less * than the second. It is used to check whether the DSA RS sign Random K * value is less than the Prime Q value (as defined in the specification) * */ static int icp_ocfDrvCheckALessThanB(CpaFlatBuffer * pK, CpaFlatBuffer * pQ, int *doCheck) { uint8_t *MSB_K = pK->pData; uint8_t *MSB_Q = pQ->pData; uint32_t buffer_lengths_in_bytes = pQ->dataLenInBytes; if (DONT_RUN_LESS_THAN_CHECK == *doCheck) { return FAIL_A_IS_GREATER_THAN_B; } /*Check MSBs if A == B, check next MSB if A > B, return A_IS_GREATER_THAN_B if A < B, return A_IS_LESS_THAN_B (success) */ while (*MSB_K == *MSB_Q) { MSB_K++; MSB_Q++; buffer_lengths_in_bytes--; if (0 == buffer_lengths_in_bytes) { DPRINTK("%s() Buffers have equal value!!\n", __FUNCTION__); return FAIL_A_IS_EQUAL_TO_B; } } if (*MSB_K < *MSB_Q) { return SUCCESS_A_IS_LESS_THAN_B; } else { return FAIL_A_IS_GREATER_THAN_B; } } /* Name : icp_ocfDrvDsaSign * * Description : This function will map DSA RS Sign from OCF to the LAC API. * * NOTE: From looking at OCF patch to OpenSSL and even the number of input * parameters, OCF expects us to generate the random seed value. This value * is generated and passed to LAC, however the number is discared in the * callback and not returned to the user. */ static int icp_ocfDrvDsaSign(struct cryptkop *krp) { CpaStatus lacStatus = CPA_STATUS_SUCCESS; CpaCyDsaRSSignOpData *dsaRsSignOpData = NULL; void *callbackTag = NULL; CpaCyRandGenOpData randGenOpData; int primeQSizeInBytes = 0; int doCheck = 0; CpaFlatBuffer randData; CpaBoolean protocolStatus = CPA_FALSE; CpaFlatBuffer *pR = NULL; CpaFlatBuffer *pS = NULL; callbackTag = krp; BITS_TO_BYTES(primeQSizeInBytes, krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX]. crp_nbits); if (DSA_RS_SIGN_PRIMEQ_SIZE_IN_BYTES != primeQSizeInBytes) { APRINTK("%s(): DSA PRIME Q size not equal to the " "FIPS defined 20bytes, = %d\n", __FUNCTION__, primeQSizeInBytes); krp->krp_status = EDOM; return EDOM; } dsaRsSignOpData = icp_kmem_cache_zalloc(drvDSARSSign_zone, ICP_M_NOWAIT); if (NULL == dsaRsSignOpData) { APRINTK("%s():Failed to get memory" " for DSA RS Sign Op data struct\n", __FUNCTION__); krp->krp_status = ENOMEM; return ENOMEM; } dsaRsSignOpData->K.pData = icp_kmem_cache_alloc(drvDSARSSignKValue_zone, ICP_M_NOWAIT); if (NULL == dsaRsSignOpData->K.pData) { APRINTK("%s():Failed to get memory" " for DSA RS Sign Op Random value\n", __FUNCTION__); ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); krp->krp_status = ENOMEM; return ENOMEM; } pR = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); if (NULL == pR) { APRINTK("%s():Failed to get memory" " for DSA signature R\n", __FUNCTION__); ICP_CACHE_FREE(drvDSARSSignKValue_zone, dsaRsSignOpData->K.pData); ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); krp->krp_status = ENOMEM; return ENOMEM; } pS = icp_kmem_cache_zalloc(drvFlatBuffer_zone, ICP_M_NOWAIT); if (NULL == pS) { APRINTK("%s():Failed to get memory" " for DSA signature S\n", __FUNCTION__); icp_ocfDrvFreeFlatBuffer(pR); ICP_CACHE_FREE(drvDSARSSignKValue_zone, dsaRsSignOpData->K.pData); ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); krp->krp_status = ENOMEM; return ENOMEM; } /*link prime number parameter for ease of processing */ dsaRsSignOpData->P.pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX].crp_p; BITS_TO_BYTES(dsaRsSignOpData->P.dataLenInBytes, krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_P_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(dsaRsSignOpData->P.pData, dsaRsSignOpData->P.dataLenInBytes); dsaRsSignOpData->Q.pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX].crp_p; BITS_TO_BYTES(dsaRsSignOpData->Q.dataLenInBytes, krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_PRIME_Q_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(dsaRsSignOpData->Q.pData, dsaRsSignOpData->Q.dataLenInBytes); /*generate random number with equal buffer size to Prime value Q, but value less than Q */ dsaRsSignOpData->K.dataLenInBytes = dsaRsSignOpData->Q.dataLenInBytes; randGenOpData.generateBits = CPA_TRUE; randGenOpData.lenInBytes = dsaRsSignOpData->K.dataLenInBytes; icp_ocfDrvPtrAndLenToFlatBuffer(dsaRsSignOpData->K.pData, dsaRsSignOpData->K.dataLenInBytes, &randData); doCheck = 0; while (icp_ocfDrvCheckALessThanB(&(dsaRsSignOpData->K), &(dsaRsSignOpData->Q), &doCheck)) { if (CPA_STATUS_SUCCESS != cpaCyRandGen(CPA_INSTANCE_HANDLE_SINGLE, NULL, NULL, &randGenOpData, &randData)) { APRINTK("%s(): ERROR - Failed to generate DSA RS Sign K" "value\n", __FUNCTION__); icp_ocfDrvFreeFlatBuffer(pS); icp_ocfDrvFreeFlatBuffer(pR); ICP_CACHE_FREE(drvDSARSSignKValue_zone, dsaRsSignOpData->K.pData); ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); krp->krp_status = EAGAIN; return EAGAIN; } doCheck++; if (DSA_SIGN_RAND_GEN_VAL_CHECK_MAX_ITERATIONS == doCheck) { APRINTK("%s(): ERROR - Failed to find DSA RS Sign K " "value less than Q value\n", __FUNCTION__); icp_ocfDrvFreeFlatBuffer(pS); icp_ocfDrvFreeFlatBuffer(pR); ICP_CACHE_FREE(drvDSARSSignKValue_zone, dsaRsSignOpData->K.pData); ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); krp->krp_status = EAGAIN; return EAGAIN; } } /*Rand Data - no need to swap bytes for pK */ /* Link parameters */ dsaRsSignOpData->G.pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_p; BITS_TO_BYTES(dsaRsSignOpData->G.dataLenInBytes, krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_G_INDEX].crp_nbits); icp_ocfDrvSwapBytes(dsaRsSignOpData->G.pData, dsaRsSignOpData->G.dataLenInBytes); dsaRsSignOpData->X.pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_p; BITS_TO_BYTES(dsaRsSignOpData->X.dataLenInBytes, krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_X_INDEX].crp_nbits); icp_ocfDrvSwapBytes(dsaRsSignOpData->X.pData, dsaRsSignOpData->X.dataLenInBytes); /*OpenSSL dgst parameter is left in big endian byte order, therefore no byte swap is required */ dsaRsSignOpData->M.pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX].crp_p; BITS_TO_BYTES(dsaRsSignOpData->M.dataLenInBytes, krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_DGST_INDEX]. crp_nbits); /* Output Parameters */ pS->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX].crp_p; BITS_TO_BYTES(pS->dataLenInBytes, krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_S_RESULT_INDEX]. crp_nbits); pR->pData = krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX].crp_p; BITS_TO_BYTES(pR->dataLenInBytes, krp->krp_param[ICP_DSA_SIGN_KRP_PARAM_R_RESULT_INDEX]. crp_nbits); lacStatus = cpaCyDsaSignRS(CPA_INSTANCE_HANDLE_SINGLE, icp_ocfDrvDsaRSSignCallBack, callbackTag, dsaRsSignOpData, &protocolStatus, pR, pS); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): DSA RS Sign Operation failed (%d).\n", __FUNCTION__, lacStatus); krp->krp_status = ECANCELED; icp_ocfDrvFreeFlatBuffer(pS); icp_ocfDrvFreeFlatBuffer(pR); ICP_CACHE_FREE(drvDSARSSignKValue_zone, dsaRsSignOpData->K.pData); ICP_CACHE_FREE(drvDSARSSign_zone, dsaRsSignOpData); } return lacStatus; } /* Name : icp_ocfDrvDsaVerify * * Description : This function will map DSA RS Verify from OCF to the LAC API. * */ static int icp_ocfDrvDsaVerify(struct cryptkop *krp) { CpaStatus lacStatus = CPA_STATUS_SUCCESS; CpaCyDsaVerifyOpData *dsaVerifyOpData = NULL; void *callbackTag = NULL; CpaBoolean verifyStatus = CPA_FALSE; callbackTag = krp; dsaVerifyOpData = icp_kmem_cache_zalloc(drvDSAVerify_zone, ICP_M_NOWAIT); if (NULL == dsaVerifyOpData) { APRINTK("%s():Failed to get memory" " for DSA Verify Op data struct\n", __FUNCTION__); krp->krp_status = ENOMEM; return ENOMEM; } /* Link parameters */ dsaVerifyOpData->P.pData = krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX].crp_p; BITS_TO_BYTES(dsaVerifyOpData->P.dataLenInBytes, krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_P_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(dsaVerifyOpData->P.pData, dsaVerifyOpData->P.dataLenInBytes); dsaVerifyOpData->Q.pData = krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX].crp_p; BITS_TO_BYTES(dsaVerifyOpData->Q.dataLenInBytes, krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PRIME_Q_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(dsaVerifyOpData->Q.pData, dsaVerifyOpData->Q.dataLenInBytes); dsaVerifyOpData->G.pData = krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX].crp_p; BITS_TO_BYTES(dsaVerifyOpData->G.dataLenInBytes, krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_G_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(dsaVerifyOpData->G.pData, dsaVerifyOpData->G.dataLenInBytes); dsaVerifyOpData->Y.pData = krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX].crp_p; BITS_TO_BYTES(dsaVerifyOpData->Y.dataLenInBytes, krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_PUBKEY_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(dsaVerifyOpData->Y.pData, dsaVerifyOpData->Y.dataLenInBytes); /*OpenSSL dgst parameter is left in big endian byte order, therefore no byte swap is required */ dsaVerifyOpData->M.pData = krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX].crp_p; BITS_TO_BYTES(dsaVerifyOpData->M.dataLenInBytes, krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_DGST_INDEX]. crp_nbits); dsaVerifyOpData->R.pData = krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX].crp_p; BITS_TO_BYTES(dsaVerifyOpData->R.dataLenInBytes, krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_R_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(dsaVerifyOpData->R.pData, dsaVerifyOpData->R.dataLenInBytes); dsaVerifyOpData->S.pData = krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX].crp_p; BITS_TO_BYTES(dsaVerifyOpData->S.dataLenInBytes, krp->krp_param[ICP_DSA_VERIFY_KRP_PARAM_SIG_S_INDEX]. crp_nbits); icp_ocfDrvSwapBytes(dsaVerifyOpData->S.pData, dsaVerifyOpData->S.dataLenInBytes); lacStatus = cpaCyDsaVerify(CPA_INSTANCE_HANDLE_SINGLE, icp_ocfDrvDsaVerifyCallBack, callbackTag, dsaVerifyOpData, &verifyStatus); if (CPA_STATUS_SUCCESS != lacStatus) { EPRINTK("%s(): DSA Verify Operation failed (%d).\n", __FUNCTION__, lacStatus); ICP_CACHE_FREE(drvDSAVerify_zone, dsaVerifyOpData); krp->krp_status = ECANCELED; } return lacStatus; } /* Name : icp_ocfDrvDhP1Callback * * Description : When this function returns it signifies that the LAC * component has completed the DH operation. */ static void icp_ocfDrvDhP1CallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaFlatBuffer * pLocalOctetStringPV) { struct cryptkop *krp = NULL; CpaCyDhPhase1KeyGenOpData *pPhase1OpData = NULL; if (NULL == callbackTag) { DPRINTK("%s(): Invalid input parameters - " "callbackTag data is NULL\n", __FUNCTION__); return; } krp = (struct cryptkop *)callbackTag; if (NULL == pOpData) { DPRINTK("%s(): Invalid input parameters - " "Operation Data is NULL\n", __FUNCTION__); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } pPhase1OpData = (CpaCyDhPhase1KeyGenOpData *) pOpData; if (NULL == pLocalOctetStringPV) { DPRINTK("%s(): Invalid input parameters - " "pLocalOctetStringPV Data is NULL\n", __FUNCTION__); memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData)); ICP_CACHE_FREE(drvDH_zone, pPhase1OpData); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } if (CPA_STATUS_SUCCESS == status) { krp->krp_status = CRYPTO_OP_SUCCESS; } else { APRINTK("%s(): Diffie Hellman Phase1 Key Gen failed - " "Operation Status = %d\n", __FUNCTION__, status); krp->krp_status = ECANCELED; } icp_ocfDrvSwapBytes(pLocalOctetStringPV->pData, pLocalOctetStringPV->dataLenInBytes); icp_ocfDrvFreeFlatBuffer(pLocalOctetStringPV); memset(pPhase1OpData, 0, sizeof(CpaCyDhPhase1KeyGenOpData)); ICP_CACHE_FREE(drvDH_zone, pPhase1OpData); crypto_kdone(krp); return; } /* Name : icp_ocfDrvModExpCallBack * * Description : When this function returns it signifies that the LAC * component has completed the Mod Exp operation. */ static void icp_ocfDrvModExpCallBack(void *callbackTag, CpaStatus status, void *pOpdata, CpaFlatBuffer * pResult) { struct cryptkop *krp = NULL; CpaCyLnModExpOpData *pLnModExpOpData = NULL; if (NULL == callbackTag) { DPRINTK("%s(): Invalid input parameters - " "callbackTag data is NULL\n", __FUNCTION__); return; } krp = (struct cryptkop *)callbackTag; if (NULL == pOpdata) { DPRINTK("%s(): Invalid Mod Exp input parameters - " "Operation Data is NULL\n", __FUNCTION__); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } pLnModExpOpData = (CpaCyLnModExpOpData *) pOpdata; if (NULL == pResult) { DPRINTK("%s(): Invalid input parameters - " "pResult data is NULL\n", __FUNCTION__); krp->krp_status = ECANCELED; memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData)); ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData); crypto_kdone(krp); return; } if (CPA_STATUS_SUCCESS == status) { krp->krp_status = CRYPTO_OP_SUCCESS; } else { APRINTK("%s(): LAC Mod Exp Operation failed - " "Operation Status = %d\n", __FUNCTION__, status); krp->krp_status = ECANCELED; } icp_ocfDrvSwapBytes(pResult->pData, pResult->dataLenInBytes); /*switch base size value back to original */ if (pLnModExpOpData->base.pData == (uint8_t *) & (krp-> krp_param[ICP_MOD_EXP_KRP_PARAM_BASE_INDEX]. crp_nbits)) { *((uint32_t *) pLnModExpOpData->base.pData) = ntohl(*((uint32_t *) pLnModExpOpData->base.pData)); } icp_ocfDrvFreeFlatBuffer(pResult); memset(pLnModExpOpData, 0, sizeof(CpaCyLnModExpOpData)); ICP_CACHE_FREE(drvLnModExp_zone, pLnModExpOpData); crypto_kdone(krp); return; } /* Name : icp_ocfDrvModExpCRTCallBack * * Description : When this function returns it signifies that the LAC * component has completed the Mod Exp CRT operation. */ static void icp_ocfDrvModExpCRTCallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaFlatBuffer * pOutputData) { struct cryptkop *krp = NULL; CpaCyRsaDecryptOpData *pDecryptData = NULL; if (NULL == callbackTag) { DPRINTK("%s(): Invalid input parameters - " "callbackTag data is NULL\n", __FUNCTION__); return; } krp = (struct cryptkop *)callbackTag; if (NULL == pOpData) { DPRINTK("%s(): Invalid input parameters - " "Operation Data is NULL\n", __FUNCTION__); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } pDecryptData = (CpaCyRsaDecryptOpData *) pOpData; if (NULL == pOutputData) { DPRINTK("%s(): Invalid input parameter - " "pOutputData is NULL\n", __FUNCTION__); memset(pDecryptData->pRecipientPrivateKey, 0, sizeof(CpaCyRsaPrivateKey)); ICP_CACHE_FREE(drvRSAPrivateKey_zone, pDecryptData->pRecipientPrivateKey); memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData)); ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } if (CPA_STATUS_SUCCESS == status) { krp->krp_status = CRYPTO_OP_SUCCESS; } else { APRINTK("%s(): LAC Mod Exp CRT operation failed - " "Operation Status = %d\n", __FUNCTION__, status); krp->krp_status = ECANCELED; } icp_ocfDrvSwapBytes(pOutputData->pData, pOutputData->dataLenInBytes); icp_ocfDrvFreeFlatBuffer(pOutputData); memset(pDecryptData->pRecipientPrivateKey, 0, sizeof(CpaCyRsaPrivateKey)); ICP_CACHE_FREE(drvRSAPrivateKey_zone, pDecryptData->pRecipientPrivateKey); memset(pDecryptData, 0, sizeof(CpaCyRsaDecryptOpData)); ICP_CACHE_FREE(drvRSADecrypt_zone, pDecryptData); crypto_kdone(krp); return; } /* Name : icp_ocfDrvDsaRSSignCallBack * * Description : When this function returns it signifies that the LAC * component has completed the DSA RS sign operation. */ static void icp_ocfDrvDsaRSSignCallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaBoolean protocolStatus, CpaFlatBuffer * pR, CpaFlatBuffer * pS) { struct cryptkop *krp = NULL; CpaCyDsaRSSignOpData *pSignData = NULL; if (NULL == callbackTag) { DPRINTK("%s(): Invalid input parameters - " "callbackTag data is NULL\n", __FUNCTION__); return; } krp = (struct cryptkop *)callbackTag; if (NULL == pOpData) { DPRINTK("%s(): Invalid input parameters - " "Operation Data is NULL\n", __FUNCTION__); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } pSignData = (CpaCyDsaRSSignOpData *) pOpData; if (NULL == pR) { DPRINTK("%s(): Invalid input parameter - " "pR sign is NULL\n", __FUNCTION__); icp_ocfDrvFreeFlatBuffer(pS); ICP_CACHE_FREE(drvDSARSSign_zone, pSignData); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } if (NULL == pS) { DPRINTK("%s(): Invalid input parameter - " "pS sign is NULL\n", __FUNCTION__); icp_ocfDrvFreeFlatBuffer(pR); ICP_CACHE_FREE(drvDSARSSign_zone, pSignData); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } if (CPA_STATUS_SUCCESS != status) { APRINTK("%s(): LAC DSA RS Sign operation failed - " "Operation Status = %d\n", __FUNCTION__, status); krp->krp_status = ECANCELED; } else { krp->krp_status = CRYPTO_OP_SUCCESS; if (CPA_TRUE != protocolStatus) { DPRINTK("%s(): LAC DSA RS Sign operation failed due " "to protocol error\n", __FUNCTION__); krp->krp_status = EIO; } } /* Swap bytes only when the callback status is successful and protocolStatus is set to true */ if (CPA_STATUS_SUCCESS == status && CPA_TRUE == protocolStatus) { icp_ocfDrvSwapBytes(pR->pData, pR->dataLenInBytes); icp_ocfDrvSwapBytes(pS->pData, pS->dataLenInBytes); } icp_ocfDrvFreeFlatBuffer(pR); icp_ocfDrvFreeFlatBuffer(pS); memset(pSignData->K.pData, 0, pSignData->K.dataLenInBytes); ICP_CACHE_FREE(drvDSARSSignKValue_zone, pSignData->K.pData); memset(pSignData, 0, sizeof(CpaCyDsaRSSignOpData)); ICP_CACHE_FREE(drvDSARSSign_zone, pSignData); crypto_kdone(krp); return; } /* Name : icp_ocfDrvDsaVerifyCallback * * Description : When this function returns it signifies that the LAC * component has completed the DSA Verify operation. */ static void icp_ocfDrvDsaVerifyCallBack(void *callbackTag, CpaStatus status, void *pOpData, CpaBoolean verifyStatus) { struct cryptkop *krp = NULL; CpaCyDsaVerifyOpData *pVerData = NULL; if (NULL == callbackTag) { DPRINTK("%s(): Invalid input parameters - " "callbackTag data is NULL\n", __FUNCTION__); return; } krp = (struct cryptkop *)callbackTag; if (NULL == pOpData) { DPRINTK("%s(): Invalid input parameters - " "Operation Data is NULL\n", __FUNCTION__); krp->krp_status = ECANCELED; crypto_kdone(krp); return; } pVerData = (CpaCyDsaVerifyOpData *) pOpData; if (CPA_STATUS_SUCCESS != status) { APRINTK("%s(): LAC DSA Verify operation failed - " "Operation Status = %d\n", __FUNCTION__, status); krp->krp_status = ECANCELED; } else { krp->krp_status = CRYPTO_OP_SUCCESS; if (CPA_TRUE != verifyStatus) { DPRINTK("%s(): DSA signature invalid\n", __FUNCTION__); krp->krp_status = EIO; } } /* Swap bytes only when the callback status is successful and verifyStatus is set to true */ /*Just swapping back the key values for now. Possibly all swapped buffers need to be reverted */ if (CPA_STATUS_SUCCESS == status && CPA_TRUE == verifyStatus) { icp_ocfDrvSwapBytes(pVerData->R.pData, pVerData->R.dataLenInBytes); icp_ocfDrvSwapBytes(pVerData->S.pData, pVerData->S.dataLenInBytes); } memset(pVerData, 0, sizeof(CpaCyDsaVerifyOpData)); ICP_CACHE_FREE(drvDSAVerify_zone, pVerData); crypto_kdone(krp); return; }