summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTadeusz Struk <tadeusz.struk@intel.com>2015-10-08 12:26:55 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2015-10-14 10:23:16 -0400
commit22287b0b5988b603b5f0daa282c89aaf2b877313 (patch)
treec8a1d714f4184feafc2885ab4a2968451397da03
parent2d4d1eea540b27c72488fd1914674c42473d53df (diff)
crypto: akcipher - Changes to asymmetric key API
Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat
-rw-r--r--crypto/Makefile9
-rw-r--r--crypto/rsa.c83
-rw-r--r--crypto/rsa_helper.c42
-rw-r--r--crypto/rsakey.asn15
-rw-r--r--crypto/rsaprivkey.asn111
-rw-r--r--crypto/rsapubkey.asn14
-rw-r--r--crypto/testmgr.c39
-rw-r--r--crypto/testmgr.h36
-rw-r--r--drivers/crypto/qat/qat_common/Makefile12
-rw-r--r--drivers/crypto/qat/qat_common/qat_asym_algs.c213
-rw-r--r--drivers/crypto/qat/qat_common/qat_rsakey.asn15
-rw-r--r--drivers/crypto/qat/qat_common/qat_rsaprivkey.asn111
-rw-r--r--drivers/crypto/qat/qat_common/qat_rsapubkey.asn14
-rw-r--r--include/crypto/akcipher.h90
-rw-r--r--include/crypto/internal/rsa.h7
15 files changed, 407 insertions, 164 deletions
diff --git a/crypto/Makefile b/crypto/Makefile
index e2c59819b236..d897e0b2be27 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -31,10 +31,13 @@ obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
31obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o 31obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o
32obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o 32obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o
33 33
34$(obj)/rsakey-asn1.o: $(obj)/rsakey-asn1.c $(obj)/rsakey-asn1.h 34$(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h
35clean-files += rsakey-asn1.c rsakey-asn1.h 35$(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h
36clean-files += rsapubkey-asn1.c rsapubkey-asn1.h
37clean-files += rsaprivkey-asn1.c rsaprivkey-asn1.h
36 38
37rsa_generic-y := rsakey-asn1.o 39rsa_generic-y := rsapubkey-asn1.o
40rsa_generic-y += rsaprivkey-asn1.o
38rsa_generic-y += rsa.o 41rsa_generic-y += rsa.o
39rsa_generic-y += rsa_helper.o 42rsa_generic-y += rsa_helper.o
40obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o 43obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 466003e1a8cf..1093e041db03 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -97,24 +97,21 @@ static int rsa_enc(struct akcipher_request *req)
97 goto err_free_c; 97 goto err_free_c;
98 } 98 }
99 99
100 m = mpi_read_raw_data(req->src, req->src_len); 100 ret = -ENOMEM;
101 if (!m) { 101 m = mpi_read_raw_from_sgl(req->src, req->src_len);
102 ret = -ENOMEM; 102 if (!m)
103 goto err_free_c; 103 goto err_free_c;
104 }
105 104
106 ret = _rsa_enc(pkey, c, m); 105 ret = _rsa_enc(pkey, c, m);
107 if (ret) 106 if (ret)
108 goto err_free_m; 107 goto err_free_m;
109 108
110 ret = mpi_read_buffer(c, req->dst, req->dst_len, &req->dst_len, &sign); 109 ret = mpi_write_to_sgl(c, req->dst, &req->dst_len, &sign);
111 if (ret) 110 if (ret)
112 goto err_free_m; 111 goto err_free_m;
113 112
114 if (sign < 0) { 113 if (sign < 0)
115 ret = -EBADMSG; 114 ret = -EBADMSG;
116 goto err_free_m;
117 }
118 115
119err_free_m: 116err_free_m:
120 mpi_free(m); 117 mpi_free(m);
@@ -145,25 +142,21 @@ static int rsa_dec(struct akcipher_request *req)
145 goto err_free_m; 142 goto err_free_m;
146 } 143 }
147 144
148 c = mpi_read_raw_data(req->src, req->src_len); 145 ret = -ENOMEM;
149 if (!c) { 146 c = mpi_read_raw_from_sgl(req->src, req->src_len);
150 ret = -ENOMEM; 147 if (!c)
151 goto err_free_m; 148 goto err_free_m;
152 }
153 149
154 ret = _rsa_dec(pkey, m, c); 150 ret = _rsa_dec(pkey, m, c);
155 if (ret) 151 if (ret)
156 goto err_free_c; 152 goto err_free_c;
157 153
158 ret = mpi_read_buffer(m, req->dst, req->dst_len, &req->dst_len, &sign); 154 ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
159 if (ret) 155 if (ret)
160 goto err_free_c; 156 goto err_free_c;
161 157
162 if (sign < 0) { 158 if (sign < 0)
163 ret = -EBADMSG; 159 ret = -EBADMSG;
164 goto err_free_c;
165 }
166
167err_free_c: 160err_free_c:
168 mpi_free(c); 161 mpi_free(c);
169err_free_m: 162err_free_m:
@@ -193,24 +186,21 @@ static int rsa_sign(struct akcipher_request *req)
193 goto err_free_s; 186 goto err_free_s;
194 } 187 }
195 188
196 m = mpi_read_raw_data(req->src, req->src_len); 189 ret = -ENOMEM;
197 if (!m) { 190 m = mpi_read_raw_from_sgl(req->src, req->src_len);
198 ret = -ENOMEM; 191 if (!m)
199 goto err_free_s; 192 goto err_free_s;
200 }
201 193
202 ret = _rsa_sign(pkey, s, m); 194 ret = _rsa_sign(pkey, s, m);
203 if (ret) 195 if (ret)
204 goto err_free_m; 196 goto err_free_m;
205 197
206 ret = mpi_read_buffer(s, req->dst, req->dst_len, &req->dst_len, &sign); 198 ret = mpi_write_to_sgl(s, req->dst, &req->dst_len, &sign);
207 if (ret) 199 if (ret)
208 goto err_free_m; 200 goto err_free_m;
209 201
210 if (sign < 0) { 202 if (sign < 0)
211 ret = -EBADMSG; 203 ret = -EBADMSG;
212 goto err_free_m;
213 }
214 204
215err_free_m: 205err_free_m:
216 mpi_free(m); 206 mpi_free(m);
@@ -241,7 +231,8 @@ static int rsa_verify(struct akcipher_request *req)
241 goto err_free_m; 231 goto err_free_m;
242 } 232 }
243 233
244 s = mpi_read_raw_data(req->src, req->src_len); 234 ret = -ENOMEM;
235 s = mpi_read_raw_from_sgl(req->src, req->src_len);
245 if (!s) { 236 if (!s) {
246 ret = -ENOMEM; 237 ret = -ENOMEM;
247 goto err_free_m; 238 goto err_free_m;
@@ -251,14 +242,12 @@ static int rsa_verify(struct akcipher_request *req)
251 if (ret) 242 if (ret)
252 goto err_free_s; 243 goto err_free_s;
253 244
254 ret = mpi_read_buffer(m, req->dst, req->dst_len, &req->dst_len, &sign); 245 ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
255 if (ret) 246 if (ret)
256 goto err_free_s; 247 goto err_free_s;
257 248
258 if (sign < 0) { 249 if (sign < 0)
259 ret = -EBADMSG; 250 ret = -EBADMSG;
260 goto err_free_s;
261 }
262 251
263err_free_s: 252err_free_s:
264 mpi_free(s); 253 mpi_free(s);
@@ -282,13 +271,13 @@ static int rsa_check_key_length(unsigned int len)
282 return -EINVAL; 271 return -EINVAL;
283} 272}
284 273
285static int rsa_setkey(struct crypto_akcipher *tfm, const void *key, 274static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
286 unsigned int keylen) 275 unsigned int keylen)
287{ 276{
288 struct rsa_key *pkey = akcipher_tfm_ctx(tfm); 277 struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
289 int ret; 278 int ret;
290 279
291 ret = rsa_parse_key(pkey, key, keylen); 280 ret = rsa_parse_pub_key(pkey, key, keylen);
292 if (ret) 281 if (ret)
293 return ret; 282 return ret;
294 283
@@ -299,6 +288,30 @@ static int rsa_setkey(struct crypto_akcipher *tfm, const void *key,
299 return ret; 288 return ret;
300} 289}
301 290
291static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
292 unsigned int keylen)
293{
294 struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
295 int ret;
296
297 ret = rsa_parse_priv_key(pkey, key, keylen);
298 if (ret)
299 return ret;
300
301 if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
302 rsa_free_key(pkey);
303 ret = -EINVAL;
304 }
305 return ret;
306}
307
308static int rsa_max_size(struct crypto_akcipher *tfm)
309{
310 struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
311
312 return pkey->n ? mpi_get_size(pkey->n) : -EINVAL;
313}
314
302static void rsa_exit_tfm(struct crypto_akcipher *tfm) 315static void rsa_exit_tfm(struct crypto_akcipher *tfm)
303{ 316{
304 struct rsa_key *pkey = akcipher_tfm_ctx(tfm); 317 struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
@@ -311,7 +324,9 @@ static struct akcipher_alg rsa = {
311 .decrypt = rsa_dec, 324 .decrypt = rsa_dec,
312 .sign = rsa_sign, 325 .sign = rsa_sign,
313 .verify = rsa_verify, 326 .verify = rsa_verify,
314 .setkey = rsa_setkey, 327 .set_priv_key = rsa_set_priv_key,
328 .set_pub_key = rsa_set_pub_key,
329 .max_size = rsa_max_size,
315 .exit = rsa_exit_tfm, 330 .exit = rsa_exit_tfm,
316 .base = { 331 .base = {
317 .cra_name = "rsa", 332 .cra_name = "rsa",
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 8d96ce969b44..d226f48d0907 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -15,7 +15,8 @@
15#include <linux/err.h> 15#include <linux/err.h>
16#include <linux/fips.h> 16#include <linux/fips.h>
17#include <crypto/internal/rsa.h> 17#include <crypto/internal/rsa.h>
18#include "rsakey-asn1.h" 18#include "rsapubkey-asn1.h"
19#include "rsaprivkey-asn1.h"
19 20
20int rsa_get_n(void *context, size_t hdrlen, unsigned char tag, 21int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
21 const void *value, size_t vlen) 22 const void *value, size_t vlen)
@@ -94,8 +95,8 @@ void rsa_free_key(struct rsa_key *key)
94EXPORT_SYMBOL_GPL(rsa_free_key); 95EXPORT_SYMBOL_GPL(rsa_free_key);
95 96
96/** 97/**
97 * rsa_parse_key() - extracts an rsa key from BER encoded buffer 98 * rsa_parse_pub_key() - extracts an rsa public key from BER encoded buffer
98 * and stores it in the provided struct rsa_key 99 * and stores it in the provided struct rsa_key
99 * 100 *
100 * @rsa_key: struct rsa_key key representation 101 * @rsa_key: struct rsa_key key representation
101 * @key: key in BER format 102 * @key: key in BER format
@@ -103,13 +104,13 @@ EXPORT_SYMBOL_GPL(rsa_free_key);
103 * 104 *
104 * Return: 0 on success or error code in case of error 105 * Return: 0 on success or error code in case of error
105 */ 106 */
106int rsa_parse_key(struct rsa_key *rsa_key, const void *key, 107int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
107 unsigned int key_len) 108 unsigned int key_len)
108{ 109{
109 int ret; 110 int ret;
110 111
111 free_mpis(rsa_key); 112 free_mpis(rsa_key);
112 ret = asn1_ber_decoder(&rsakey_decoder, rsa_key, key, key_len); 113 ret = asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
113 if (ret < 0) 114 if (ret < 0)
114 goto error; 115 goto error;
115 116
@@ -118,4 +119,31 @@ error:
118 free_mpis(rsa_key); 119 free_mpis(rsa_key);
119 return ret; 120 return ret;
120} 121}
121EXPORT_SYMBOL_GPL(rsa_parse_key); 122EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
123
124/**
125 * rsa_parse_pub_key() - extracts an rsa private key from BER encoded buffer
126 * and stores it in the provided struct rsa_key
127 *
128 * @rsa_key: struct rsa_key key representation
129 * @key: key in BER format
130 * @key_len: length of key
131 *
132 * Return: 0 on success or error code in case of error
133 */
134int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
135 unsigned int key_len)
136{
137 int ret;
138
139 free_mpis(rsa_key);
140 ret = asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
141 if (ret < 0)
142 goto error;
143
144 return 0;
145error:
146 free_mpis(rsa_key);
147 return ret;
148}
149EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
diff --git a/crypto/rsakey.asn1 b/crypto/rsakey.asn1
deleted file mode 100644
index 3c7b5df7b428..000000000000
--- a/crypto/rsakey.asn1
+++ /dev/null
@@ -1,5 +0,0 @@
1RsaKey ::= SEQUENCE {
2 n INTEGER ({ rsa_get_n }),
3 e INTEGER ({ rsa_get_e }),
4 d INTEGER ({ rsa_get_d })
5}
diff --git a/crypto/rsaprivkey.asn1 b/crypto/rsaprivkey.asn1
new file mode 100644
index 000000000000..731aea5edb0c
--- /dev/null
+++ b/crypto/rsaprivkey.asn1
@@ -0,0 +1,11 @@
1RsaPrivKey ::= SEQUENCE {
2 version INTEGER,
3 n INTEGER ({ rsa_get_n }),
4 e INTEGER ({ rsa_get_e }),
5 d INTEGER ({ rsa_get_d }),
6 prime1 INTEGER,
7 prime2 INTEGER,
8 exponent1 INTEGER,
9 exponent2 INTEGER,
10 coefficient INTEGER
11}
diff --git a/crypto/rsapubkey.asn1 b/crypto/rsapubkey.asn1
new file mode 100644
index 000000000000..725498e461d2
--- /dev/null
+++ b/crypto/rsapubkey.asn1
@@ -0,0 +1,4 @@
1RsaPubKey ::= SEQUENCE {
2 n INTEGER ({ rsa_get_n }),
3 e INTEGER ({ rsa_get_e })
4}
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 523c9b955057..25032b0fd9ed 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1845,34 +1845,34 @@ static int do_test_rsa(struct crypto_akcipher *tfm,
1845 struct tcrypt_result result; 1845 struct tcrypt_result result;
1846 unsigned int out_len_max, out_len = 0; 1846 unsigned int out_len_max, out_len = 0;
1847 int err = -ENOMEM; 1847 int err = -ENOMEM;
1848 struct scatterlist src, dst, src_tab[2];
1848 1849
1849 req = akcipher_request_alloc(tfm, GFP_KERNEL); 1850 req = akcipher_request_alloc(tfm, GFP_KERNEL);
1850 if (!req) 1851 if (!req)
1851 return err; 1852 return err;
1852 1853
1853 init_completion(&result.completion); 1854 init_completion(&result.completion);
1854 err = crypto_akcipher_setkey(tfm, vecs->key, vecs->key_len);
1855 if (err)
1856 goto free_req;
1857 1855
1858 akcipher_request_set_crypt(req, vecs->m, outbuf_enc, vecs->m_size, 1856 if (vecs->public_key_vec)
1859 out_len); 1857 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
1860 /* expect this to fail, and update the required buf len */ 1858 vecs->key_len);
1861 crypto_akcipher_encrypt(req); 1859 else
1862 out_len = req->dst_len; 1860 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
1863 if (!out_len) { 1861 vecs->key_len);
1864 err = -EINVAL; 1862 if (err)
1865 goto free_req; 1863 goto free_req;
1866 }
1867 1864
1868 out_len_max = out_len; 1865 out_len_max = crypto_akcipher_maxsize(tfm);
1869 err = -ENOMEM;
1870 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL); 1866 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
1871 if (!outbuf_enc) 1867 if (!outbuf_enc)
1872 goto free_req; 1868 goto free_req;
1873 1869
1874 akcipher_request_set_crypt(req, vecs->m, outbuf_enc, vecs->m_size, 1870 sg_init_table(src_tab, 2);
1875 out_len); 1871 sg_set_buf(&src_tab[0], vecs->m, 8);
1872 sg_set_buf(&src_tab[1], vecs->m + 8, vecs->m_size - 8);
1873 sg_init_one(&dst, outbuf_enc, out_len_max);
1874 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
1875 out_len_max);
1876 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 1876 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1877 tcrypt_complete, &result); 1877 tcrypt_complete, &result);
1878 1878
@@ -1882,13 +1882,13 @@ static int do_test_rsa(struct crypto_akcipher *tfm,
1882 pr_err("alg: rsa: encrypt test failed. err %d\n", err); 1882 pr_err("alg: rsa: encrypt test failed. err %d\n", err);
1883 goto free_all; 1883 goto free_all;
1884 } 1884 }
1885 if (out_len != vecs->c_size) { 1885 if (req->dst_len != vecs->c_size) {
1886 pr_err("alg: rsa: encrypt test failed. Invalid output len\n"); 1886 pr_err("alg: rsa: encrypt test failed. Invalid output len\n");
1887 err = -EINVAL; 1887 err = -EINVAL;
1888 goto free_all; 1888 goto free_all;
1889 } 1889 }
1890 /* verify that encrypted message is equal to expected */ 1890 /* verify that encrypted message is equal to expected */
1891 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) { 1891 if (memcmp(vecs->c, sg_virt(req->dst), vecs->c_size)) {
1892 pr_err("alg: rsa: encrypt test failed. Invalid output\n"); 1892 pr_err("alg: rsa: encrypt test failed. Invalid output\n");
1893 err = -EINVAL; 1893 err = -EINVAL;
1894 goto free_all; 1894 goto free_all;
@@ -1903,9 +1903,10 @@ static int do_test_rsa(struct crypto_akcipher *tfm,
1903 err = -ENOMEM; 1903 err = -ENOMEM;
1904 goto free_all; 1904 goto free_all;
1905 } 1905 }
1906 sg_init_one(&src, vecs->c, vecs->c_size);
1907 sg_init_one(&dst, outbuf_dec, out_len_max);
1906 init_completion(&result.completion); 1908 init_completion(&result.completion);
1907 akcipher_request_set_crypt(req, outbuf_enc, outbuf_dec, vecs->c_size, 1909 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
1908 out_len);
1909 1910
1910 /* Run RSA decrypt - m = c^d mod n;*/ 1911 /* Run RSA decrypt - m = c^d mod n;*/
1911 err = wait_async_op(&result, crypto_akcipher_decrypt(req)); 1912 err = wait_async_op(&result, crypto_akcipher_decrypt(req));
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 64b8a8082645..e10582d443dd 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -149,7 +149,8 @@ static struct akcipher_testvec rsa_tv_template[] = {
149 { 149 {
150#ifndef CONFIG_CRYPTO_FIPS 150#ifndef CONFIG_CRYPTO_FIPS
151 .key = 151 .key =
152 "\x30\x81\x88" /* sequence of 136 bytes */ 152 "\x30\x81\x9A" /* sequence of 154 bytes */
153 "\x02\x01\x01" /* version - integer of 1 byte */
153 "\x02\x41" /* modulus - integer of 65 bytes */ 154 "\x02\x41" /* modulus - integer of 65 bytes */
154 "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" 155 "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
155 "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" 156 "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
@@ -161,19 +162,25 @@ static struct akcipher_testvec rsa_tv_template[] = {
161 "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" 162 "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
162 "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" 163 "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
163 "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" 164 "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
164 "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51", 165 "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"
166 "\x02\x01\x00" /* prime1 - integer of 1 byte */
167 "\x02\x01\x00" /* prime2 - integer of 1 byte */
168 "\x02\x01\x00" /* exponent1 - integer of 1 byte */
169 "\x02\x01\x00" /* exponent2 - integer of 1 byte */
170 "\x02\x01\x00", /* coefficient - integer of 1 byte */
165 .m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a", 171 .m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
166 .c = 172 .c =
167 "\x63\x1c\xcd\x7b\xe1\x7e\xe4\xde\xc9\xa8\x89\xa1\x74\xcb\x3c\x63" 173 "\x63\x1c\xcd\x7b\xe1\x7e\xe4\xde\xc9\xa8\x89\xa1\x74\xcb\x3c\x63"
168 "\x7d\x24\xec\x83\xc3\x15\xe4\x7f\x73\x05\x34\xd1\xec\x22\xbb\x8a" 174 "\x7d\x24\xec\x83\xc3\x15\xe4\x7f\x73\x05\x34\xd1\xec\x22\xbb\x8a"
169 "\x5e\x32\x39\x6d\xc1\x1d\x7d\x50\x3b\x9f\x7a\xad\xf0\x2e\x25\x53" 175 "\x5e\x32\x39\x6d\xc1\x1d\x7d\x50\x3b\x9f\x7a\xad\xf0\x2e\x25\x53"
170 "\x9f\x6e\xbd\x4c\x55\x84\x0c\x9b\xcf\x1a\x4b\x51\x1e\x9e\x0c\x06", 176 "\x9f\x6e\xbd\x4c\x55\x84\x0c\x9b\xcf\x1a\x4b\x51\x1e\x9e\x0c\x06",
171 .key_len = 139, 177 .key_len = 157,
172 .m_size = 8, 178 .m_size = 8,
173 .c_size = 64, 179 .c_size = 64,
174 }, { 180 }, {
175 .key = 181 .key =
176 "\x30\x82\x01\x0B" /* sequence of 267 bytes */ 182 "\x30\x82\x01\x1D" /* sequence of 285 bytes */
183 "\x02\x01\x01" /* version - integer of 1 byte */
177 "\x02\x81\x81" /* modulus - integer of 129 bytes */ 184 "\x02\x81\x81" /* modulus - integer of 129 bytes */
178 "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" 185 "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
179 "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" 186 "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
@@ -194,8 +201,13 @@ static struct akcipher_testvec rsa_tv_template[] = {
194 "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" 201 "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
195 "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" 202 "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
196 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" 203 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
197 "\xC1", 204 "\xC1"
198 .key_len = 271, 205 "\x02\x01\x00" /* prime1 - integer of 1 byte */
206 "\x02\x01\x00" /* prime2 - integer of 1 byte */
207 "\x02\x01\x00" /* exponent1 - integer of 1 byte */
208 "\x02\x01\x00" /* exponent2 - integer of 1 byte */
209 "\x02\x01\x00", /* coefficient - integer of 1 byte */
210 .key_len = 289,
199 .m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a", 211 .m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
200 .c = 212 .c =
201 "\x74\x1b\x55\xac\x47\xb5\x08\x0a\x6e\x2b\x2d\xf7\x94\xb8\x8a\x95" 213 "\x74\x1b\x55\xac\x47\xb5\x08\x0a\x6e\x2b\x2d\xf7\x94\xb8\x8a\x95"
@@ -211,7 +223,8 @@ static struct akcipher_testvec rsa_tv_template[] = {
211 }, { 223 }, {
212#endif 224#endif
213 .key = 225 .key =
214 "\x30\x82\x02\x0D" /* sequence of 525 bytes */ 226 "\x30\x82\x02\x1F" /* sequence of 543 bytes */
227 "\x02\x01\x01" /* version - integer of 1 byte */
215 "\x02\x82\x01\x00" /* modulus - integer of 256 bytes */ 228 "\x02\x82\x01\x00" /* modulus - integer of 256 bytes */
216 "\xDB\x10\x1A\xC2\xA3\xF1\xDC\xFF\x13\x6B\xED\x44\xDF\xF0\x02\x6D" 229 "\xDB\x10\x1A\xC2\xA3\xF1\xDC\xFF\x13\x6B\xED\x44\xDF\xF0\x02\x6D"
217 "\x13\xC7\x88\xDA\x70\x6B\x54\xF1\xE8\x27\xDC\xC3\x0F\x99\x6A\xFA" 230 "\x13\xC7\x88\xDA\x70\x6B\x54\xF1\xE8\x27\xDC\xC3\x0F\x99\x6A\xFA"
@@ -246,8 +259,13 @@ static struct akcipher_testvec rsa_tv_template[] = {
246 "\x77\xAF\x51\x27\x5B\x5E\x69\xB8\x81\xE6\x11\xC5\x43\x23\x81\x04" 259 "\x77\xAF\x51\x27\x5B\x5E\x69\xB8\x81\xE6\x11\xC5\x43\x23\x81\x04"
247 "\x62\xFF\xE9\x46\xB8\xD8\x44\xDB\xA5\xCC\x31\x54\x34\xCE\x3E\x82" 260 "\x62\xFF\xE9\x46\xB8\xD8\x44\xDB\xA5\xCC\x31\x54\x34\xCE\x3E\x82"
248 "\xD6\xBF\x7A\x0B\x64\x21\x6D\x88\x7E\x5B\x45\x12\x1E\x63\x8D\x49" 261 "\xD6\xBF\x7A\x0B\x64\x21\x6D\x88\x7E\x5B\x45\x12\x1E\x63\x8D\x49"
249 "\xA7\x1D\xD9\x1E\x06\xCD\xE8\xBA\x2C\x8C\x69\x32\xEA\xBE\x60\x71", 262 "\xA7\x1D\xD9\x1E\x06\xCD\xE8\xBA\x2C\x8C\x69\x32\xEA\xBE\x60\x71"
250 .key_len = 529, 263 "\x02\x01\x00" /* prime1 - integer of 1 byte */
264 "\x02\x01\x00" /* prime2 - integer of 1 byte */
265 "\x02\x01\x00" /* exponent1 - integer of 1 byte */
266 "\x02\x01\x00" /* exponent2 - integer of 1 byte */
267 "\x02\x01\x00", /* coefficient - integer of 1 byte */
268 .key_len = 547,
251 .m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a", 269 .m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
252 .c = 270 .c =
253 "\xb2\x97\x76\xb4\xae\x3e\x38\x3c\x7e\x64\x1f\xcc\xa2\x7f\xf6\xbe" 271 "\xb2\x97\x76\xb4\xae\x3e\x38\x3c\x7e\x64\x1f\xcc\xa2\x7f\xf6\xbe"
diff --git a/drivers/crypto/qat/qat_common/Makefile b/drivers/crypto/qat/qat_common/Makefile
index df20a9de1c58..9e9e196c6d51 100644
--- a/drivers/crypto/qat/qat_common/Makefile
+++ b/drivers/crypto/qat/qat_common/Makefile
@@ -1,5 +1,10 @@
1$(obj)/qat_rsakey-asn1.o: $(obj)/qat_rsakey-asn1.c $(obj)/qat_rsakey-asn1.h 1$(obj)/qat_rsapubkey-asn1.o: $(obj)/qat_rsapubkey-asn1.c \
2clean-files += qat_rsakey-asn1.c qat_rsakey-asn1.h 2 $(obj)/qat_rsapubkey-asn1.h
3$(obj)/qat_rsaprivkey-asn1.o: $(obj)/qat_rsaprivkey-asn1.c \
4 $(obj)/qat_rsaprivkey-asn1.h
5
6clean-files += qat_rsapubkey-asn1.c qat_rsapubkey-asn1.h
7clean-files += qat_rsaprivkey-asn1.c qat_rsapvivkey-asn1.h
3 8
4obj-$(CONFIG_CRYPTO_DEV_QAT) += intel_qat.o 9obj-$(CONFIG_CRYPTO_DEV_QAT) += intel_qat.o
5intel_qat-objs := adf_cfg.o \ 10intel_qat-objs := adf_cfg.o \
@@ -13,7 +18,8 @@ intel_qat-objs := adf_cfg.o \
13 adf_hw_arbiter.o \ 18 adf_hw_arbiter.o \
14 qat_crypto.o \ 19 qat_crypto.o \
15 qat_algs.o \ 20 qat_algs.o \
16 qat_rsakey-asn1.o \ 21 qat_rsapubkey-asn1.o \
22 qat_rsaprivkey-asn1.o \
17 qat_asym_algs.o \ 23 qat_asym_algs.o \
18 qat_uclo.o \ 24 qat_uclo.o \
19 qat_hal.o 25 qat_hal.o
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index e87f51023ba4..51c594fdacdc 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -51,7 +51,9 @@
51#include <crypto/akcipher.h> 51#include <crypto/akcipher.h>
52#include <linux/dma-mapping.h> 52#include <linux/dma-mapping.h>
53#include <linux/fips.h> 53#include <linux/fips.h>
54#include "qat_rsakey-asn1.h" 54#include <crypto/scatterwalk.h>
55#include "qat_rsapubkey-asn1.h"
56#include "qat_rsaprivkey-asn1.h"
55#include "icp_qat_fw_pke.h" 57#include "icp_qat_fw_pke.h"
56#include "adf_accel_devices.h" 58#include "adf_accel_devices.h"
57#include "adf_transport.h" 59#include "adf_transport.h"
@@ -106,6 +108,7 @@ struct qat_rsa_request {
106 dma_addr_t phy_in; 108 dma_addr_t phy_in;
107 dma_addr_t phy_out; 109 dma_addr_t phy_out;
108 char *src_align; 110 char *src_align;
111 char *dst_align;
109 struct icp_qat_fw_pke_request req; 112 struct icp_qat_fw_pke_request req;
110 struct qat_rsa_ctx *ctx; 113 struct qat_rsa_ctx *ctx;
111 int err; 114 int err;
@@ -118,7 +121,6 @@ static void qat_rsa_cb(struct icp_qat_fw_pke_resp *resp)
118 struct device *dev = &GET_DEV(req->ctx->inst->accel_dev); 121 struct device *dev = &GET_DEV(req->ctx->inst->accel_dev);
119 int err = ICP_QAT_FW_PKE_RESP_PKE_STAT_GET( 122 int err = ICP_QAT_FW_PKE_RESP_PKE_STAT_GET(
120 resp->pke_resp_hdr.comn_resp_flags); 123 resp->pke_resp_hdr.comn_resp_flags);
121 char *ptr = areq->dst;
122 124
123 err = (err == ICP_QAT_FW_COMN_STATUS_FLAG_OK) ? 0 : -EINVAL; 125 err = (err == ICP_QAT_FW_COMN_STATUS_FLAG_OK) ? 0 : -EINVAL;
124 126
@@ -129,24 +131,44 @@ static void qat_rsa_cb(struct icp_qat_fw_pke_resp *resp)
129 dma_unmap_single(dev, req->in.enc.m, req->ctx->key_sz, 131 dma_unmap_single(dev, req->in.enc.m, req->ctx->key_sz,
130 DMA_TO_DEVICE); 132 DMA_TO_DEVICE);
131 133
132 dma_unmap_single(dev, req->out.enc.c, req->ctx->key_sz, 134 areq->dst_len = req->ctx->key_sz;
133 DMA_FROM_DEVICE); 135 if (req->dst_align) {
136 char *ptr = req->dst_align;
137
138 while (!(*ptr) && areq->dst_len) {
139 areq->dst_len--;
140 ptr++;
141 }
142
143 if (areq->dst_len != req->ctx->key_sz)
144 memmove(req->dst_align, ptr, areq->dst_len);
145
146 scatterwalk_map_and_copy(req->dst_align, areq->dst, 0,
147 areq->dst_len, 1);
148
149 dma_free_coherent(dev, req->ctx->key_sz, req->dst_align,
150 req->out.enc.c);
151 } else {
152 char *ptr = sg_virt(areq->dst);
153
154 while (!(*ptr) && areq->dst_len) {
155 areq->dst_len--;
156 ptr++;
157 }
158
159 if (sg_virt(areq->dst) != ptr && areq->dst_len)
160 memmove(sg_virt(areq->dst), ptr, areq->dst_len);
161
162 dma_unmap_single(dev, req->out.enc.c, req->ctx->key_sz,
163 DMA_FROM_DEVICE);
164 }
165
134 dma_unmap_single(dev, req->phy_in, sizeof(struct qat_rsa_input_params), 166 dma_unmap_single(dev, req->phy_in, sizeof(struct qat_rsa_input_params),
135 DMA_TO_DEVICE); 167 DMA_TO_DEVICE);
136 dma_unmap_single(dev, req->phy_out, 168 dma_unmap_single(dev, req->phy_out,
137 sizeof(struct qat_rsa_output_params), 169 sizeof(struct qat_rsa_output_params),
138 DMA_TO_DEVICE); 170 DMA_TO_DEVICE);
139 171
140 areq->dst_len = req->ctx->key_sz;
141 /* Need to set the corect length of the output */
142 while (!(*ptr) && areq->dst_len) {
143 areq->dst_len--;
144 ptr++;
145 }
146
147 if (areq->dst_len != req->ctx->key_sz)
148 memmove(areq->dst, ptr, areq->dst_len);
149
150 akcipher_request_complete(areq, err); 172 akcipher_request_complete(areq, err);
151} 173}
152 174
@@ -255,8 +277,16 @@ static int qat_rsa_enc(struct akcipher_request *req)
255 * same as modulo n so in case it is different we need to allocate a 277 * same as modulo n so in case it is different we need to allocate a
256 * new buf and copy src data. 278 * new buf and copy src data.
257 * In other case we just need to map the user provided buffer. 279 * In other case we just need to map the user provided buffer.
280 * Also need to make sure that it is in contiguous buffer.
258 */ 281 */
259 if (req->src_len < ctx->key_sz) { 282 if (sg_is_last(req->src) && req->src_len == ctx->key_sz) {
283 qat_req->src_align = NULL;
284 qat_req->in.enc.m = dma_map_single(dev, sg_virt(req->src),
285 req->src_len, DMA_TO_DEVICE);
286 if (unlikely(dma_mapping_error(dev, qat_req->in.enc.m)))
287 return ret;
288
289 } else {
260 int shift = ctx->key_sz - req->src_len; 290 int shift = ctx->key_sz - req->src_len;
261 291
262 qat_req->src_align = dma_zalloc_coherent(dev, ctx->key_sz, 292 qat_req->src_align = dma_zalloc_coherent(dev, ctx->key_sz,
@@ -265,29 +295,39 @@ static int qat_rsa_enc(struct akcipher_request *req)
265 if (unlikely(!qat_req->src_align)) 295 if (unlikely(!qat_req->src_align))
266 return ret; 296 return ret;
267 297
268 memcpy(qat_req->src_align + shift, req->src, req->src_len); 298 scatterwalk_map_and_copy(qat_req->src_align + shift, req->src,
299 0, req->src_len, 0);
300 }
301 if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) {
302 qat_req->dst_align = NULL;
303 qat_req->out.enc.c = dma_map_single(dev, sg_virt(req->dst),
304 req->dst_len,
305 DMA_FROM_DEVICE);
306
307 if (unlikely(dma_mapping_error(dev, qat_req->out.enc.c)))
308 goto unmap_src;
309
269 } else { 310 } else {
270 qat_req->src_align = NULL; 311 qat_req->dst_align = dma_zalloc_coherent(dev, ctx->key_sz,
271 qat_req->in.enc.m = dma_map_single(dev, req->src, req->src_len, 312 &qat_req->out.enc.c,
272 DMA_TO_DEVICE); 313 GFP_KERNEL);
314 if (unlikely(!qat_req->dst_align))
315 goto unmap_src;
316
273 } 317 }
274 qat_req->in.in_tab[3] = 0; 318 qat_req->in.in_tab[3] = 0;
275 qat_req->out.enc.c = dma_map_single(dev, req->dst, req->dst_len,
276 DMA_FROM_DEVICE);
277 qat_req->out.out_tab[1] = 0; 319 qat_req->out.out_tab[1] = 0;
278 qat_req->phy_in = dma_map_single(dev, &qat_req->in.enc.m, 320 qat_req->phy_in = dma_map_single(dev, &qat_req->in.enc.m,
279 sizeof(struct qat_rsa_input_params), 321 sizeof(struct qat_rsa_input_params),
280 DMA_TO_DEVICE); 322 DMA_TO_DEVICE);
323 if (unlikely(dma_mapping_error(dev, qat_req->phy_in)))
324 goto unmap_dst;
325
281 qat_req->phy_out = dma_map_single(dev, &qat_req->out.enc.c, 326 qat_req->phy_out = dma_map_single(dev, &qat_req->out.enc.c,
282 sizeof(struct qat_rsa_output_params), 327 sizeof(struct qat_rsa_output_params),
283 DMA_TO_DEVICE); 328 DMA_TO_DEVICE);
284 329 if (unlikely(dma_mapping_error(dev, qat_req->phy_out)))
285 if (unlikely((!qat_req->src_align && 330 goto unmap_in_params;
286 dma_mapping_error(dev, qat_req->in.enc.m)) ||
287 dma_mapping_error(dev, qat_req->out.enc.c) ||
288 dma_mapping_error(dev, qat_req->phy_in) ||
289 dma_mapping_error(dev, qat_req->phy_out)))
290 goto unmap;
291 331
292 msg->pke_mid.src_data_addr = qat_req->phy_in; 332 msg->pke_mid.src_data_addr = qat_req->phy_in;
293 msg->pke_mid.dest_data_addr = qat_req->phy_out; 333 msg->pke_mid.dest_data_addr = qat_req->phy_out;
@@ -300,7 +340,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
300 340
301 if (!ret) 341 if (!ret)
302 return -EINPROGRESS; 342 return -EINPROGRESS;
303unmap: 343unmap_src:
304 if (qat_req->src_align) 344 if (qat_req->src_align)
305 dma_free_coherent(dev, ctx->key_sz, qat_req->src_align, 345 dma_free_coherent(dev, ctx->key_sz, qat_req->src_align,
306 qat_req->in.enc.m); 346 qat_req->in.enc.m);
@@ -308,9 +348,15 @@ unmap:
308 if (!dma_mapping_error(dev, qat_req->in.enc.m)) 348 if (!dma_mapping_error(dev, qat_req->in.enc.m))
309 dma_unmap_single(dev, qat_req->in.enc.m, ctx->key_sz, 349 dma_unmap_single(dev, qat_req->in.enc.m, ctx->key_sz,
310 DMA_TO_DEVICE); 350 DMA_TO_DEVICE);
311 if (!dma_mapping_error(dev, qat_req->out.enc.c)) 351unmap_dst:
312 dma_unmap_single(dev, qat_req->out.enc.c, ctx->key_sz, 352 if (qat_req->dst_align)
313 DMA_FROM_DEVICE); 353 dma_free_coherent(dev, ctx->key_sz, qat_req->dst_align,
354 qat_req->out.enc.c);
355 else
356 if (!dma_mapping_error(dev, qat_req->out.enc.c))
357 dma_unmap_single(dev, qat_req->out.enc.c, ctx->key_sz,
358 DMA_FROM_DEVICE);
359unmap_in_params:
314 if (!dma_mapping_error(dev, qat_req->phy_in)) 360 if (!dma_mapping_error(dev, qat_req->phy_in))
315 dma_unmap_single(dev, qat_req->phy_in, 361 dma_unmap_single(dev, qat_req->phy_in,
316 sizeof(struct qat_rsa_input_params), 362 sizeof(struct qat_rsa_input_params),
@@ -362,8 +408,16 @@ static int qat_rsa_dec(struct akcipher_request *req)
362 * same as modulo n so in case it is different we need to allocate a 408 * same as modulo n so in case it is different we need to allocate a
363 * new buf and copy src data. 409 * new buf and copy src data.
364 * In other case we just need to map the user provided buffer. 410 * In other case we just need to map the user provided buffer.
411 * Also need to make sure that it is in contiguous buffer.
365 */ 412 */
366 if (req->src_len < ctx->key_sz) { 413 if (sg_is_last(req->src) && req->src_len == ctx->key_sz) {
414 qat_req->src_align = NULL;
415 qat_req->in.dec.c = dma_map_single(dev, sg_virt(req->src),
416 req->dst_len, DMA_TO_DEVICE);
417 if (unlikely(dma_mapping_error(dev, qat_req->in.dec.c)))
418 return ret;
419
420 } else {
367 int shift = ctx->key_sz - req->src_len; 421 int shift = ctx->key_sz - req->src_len;
368 422
369 qat_req->src_align = dma_zalloc_coherent(dev, ctx->key_sz, 423 qat_req->src_align = dma_zalloc_coherent(dev, ctx->key_sz,
@@ -372,29 +426,40 @@ static int qat_rsa_dec(struct akcipher_request *req)
372 if (unlikely(!qat_req->src_align)) 426 if (unlikely(!qat_req->src_align))
373 return ret; 427 return ret;
374 428
375 memcpy(qat_req->src_align + shift, req->src, req->src_len); 429 scatterwalk_map_and_copy(qat_req->src_align + shift, req->src,
430 0, req->src_len, 0);
431 }
432 if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) {
433 qat_req->dst_align = NULL;
434 qat_req->out.dec.m = dma_map_single(dev, sg_virt(req->dst),
435 req->dst_len,
436 DMA_FROM_DEVICE);
437
438 if (unlikely(dma_mapping_error(dev, qat_req->out.dec.m)))
439 goto unmap_src;
440
376 } else { 441 } else {
377 qat_req->src_align = NULL; 442 qat_req->dst_align = dma_zalloc_coherent(dev, ctx->key_sz,
378 qat_req->in.dec.c = dma_map_single(dev, req->src, req->src_len, 443 &qat_req->out.dec.m,
379 DMA_TO_DEVICE); 444 GFP_KERNEL);
445 if (unlikely(!qat_req->dst_align))
446 goto unmap_src;
447
380 } 448 }
449
381 qat_req->in.in_tab[3] = 0; 450 qat_req->in.in_tab[3] = 0;
382 qat_req->out.dec.m = dma_map_single(dev, req->dst, req->dst_len,
383 DMA_FROM_DEVICE);
384 qat_req->out.out_tab[1] = 0; 451 qat_req->out.out_tab[1] = 0;
385 qat_req->phy_in = dma_map_single(dev, &qat_req->in.dec.c, 452 qat_req->phy_in = dma_map_single(dev, &qat_req->in.dec.c,
386 sizeof(struct qat_rsa_input_params), 453 sizeof(struct qat_rsa_input_params),
387 DMA_TO_DEVICE); 454 DMA_TO_DEVICE);
455 if (unlikely(dma_mapping_error(dev, qat_req->phy_in)))
456 goto unmap_dst;
457
388 qat_req->phy_out = dma_map_single(dev, &qat_req->out.dec.m, 458 qat_req->phy_out = dma_map_single(dev, &qat_req->out.dec.m,
389 sizeof(struct qat_rsa_output_params), 459 sizeof(struct qat_rsa_output_params),
390 DMA_TO_DEVICE); 460 DMA_TO_DEVICE);
391 461 if (unlikely(dma_mapping_error(dev, qat_req->phy_out)))
392 if (unlikely((!qat_req->src_align && 462 goto unmap_in_params;
393 dma_mapping_error(dev, qat_req->in.dec.c)) ||
394 dma_mapping_error(dev, qat_req->out.dec.m) ||
395 dma_mapping_error(dev, qat_req->phy_in) ||
396 dma_mapping_error(dev, qat_req->phy_out)))
397 goto unmap;
398 463
399 msg->pke_mid.src_data_addr = qat_req->phy_in; 464 msg->pke_mid.src_data_addr = qat_req->phy_in;
400 msg->pke_mid.dest_data_addr = qat_req->phy_out; 465 msg->pke_mid.dest_data_addr = qat_req->phy_out;
@@ -407,7 +472,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
407 472
408 if (!ret) 473 if (!ret)
409 return -EINPROGRESS; 474 return -EINPROGRESS;
410unmap: 475unmap_src:
411 if (qat_req->src_align) 476 if (qat_req->src_align)
412 dma_free_coherent(dev, ctx->key_sz, qat_req->src_align, 477 dma_free_coherent(dev, ctx->key_sz, qat_req->src_align,
413 qat_req->in.dec.c); 478 qat_req->in.dec.c);
@@ -415,9 +480,15 @@ unmap:
415 if (!dma_mapping_error(dev, qat_req->in.dec.c)) 480 if (!dma_mapping_error(dev, qat_req->in.dec.c))
416 dma_unmap_single(dev, qat_req->in.dec.c, ctx->key_sz, 481 dma_unmap_single(dev, qat_req->in.dec.c, ctx->key_sz,
417 DMA_TO_DEVICE); 482 DMA_TO_DEVICE);
418 if (!dma_mapping_error(dev, qat_req->out.dec.m)) 483unmap_dst:
419 dma_unmap_single(dev, qat_req->out.dec.m, ctx->key_sz, 484 if (qat_req->dst_align)
420 DMA_FROM_DEVICE); 485 dma_free_coherent(dev, ctx->key_sz, qat_req->dst_align,
486 qat_req->out.dec.m);
487 else
488 if (!dma_mapping_error(dev, qat_req->out.dec.m))
489 dma_unmap_single(dev, qat_req->out.dec.m, ctx->key_sz,
490 DMA_FROM_DEVICE);
491unmap_in_params:
421 if (!dma_mapping_error(dev, qat_req->phy_in)) 492 if (!dma_mapping_error(dev, qat_req->phy_in))
422 dma_unmap_single(dev, qat_req->phy_in, 493 dma_unmap_single(dev, qat_req->phy_in,
423 sizeof(struct qat_rsa_input_params), 494 sizeof(struct qat_rsa_input_params),
@@ -531,7 +602,7 @@ err:
531} 602}
532 603
533static int qat_rsa_setkey(struct crypto_akcipher *tfm, const void *key, 604static int qat_rsa_setkey(struct crypto_akcipher *tfm, const void *key,
534 unsigned int keylen) 605 unsigned int keylen, bool private)
535{ 606{
536 struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm); 607 struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
537 struct device *dev = &GET_DEV(ctx->inst->accel_dev); 608 struct device *dev = &GET_DEV(ctx->inst->accel_dev);
@@ -550,7 +621,13 @@ static int qat_rsa_setkey(struct crypto_akcipher *tfm, const void *key,
550 ctx->n = NULL; 621 ctx->n = NULL;
551 ctx->e = NULL; 622 ctx->e = NULL;
552 ctx->d = NULL; 623 ctx->d = NULL;
553 ret = asn1_ber_decoder(&qat_rsakey_decoder, ctx, key, keylen); 624
625 if (private)
626 ret = asn1_ber_decoder(&qat_rsaprivkey_decoder, ctx, key,
627 keylen);
628 else
629 ret = asn1_ber_decoder(&qat_rsapubkey_decoder, ctx, key,
630 keylen);
554 if (ret < 0) 631 if (ret < 0)
555 goto free; 632 goto free;
556 633
@@ -559,6 +636,11 @@ static int qat_rsa_setkey(struct crypto_akcipher *tfm, const void *key,
559 ret = -EINVAL; 636 ret = -EINVAL;
560 goto free; 637 goto free;
561 } 638 }
639 if (private && !ctx->d) {
640 /* invalid private key provided */
641 ret = -EINVAL;
642 goto free;
643 }
562 644
563 return 0; 645 return 0;
564free: 646free:
@@ -579,6 +661,25 @@ free:
579 return ret; 661 return ret;
580} 662}
581 663
664static int qat_rsa_setpubkey(struct crypto_akcipher *tfm, const void *key,
665 unsigned int keylen)
666{
667 return qat_rsa_setkey(tfm, key, keylen, false);
668}
669
670static int qat_rsa_setprivkey(struct crypto_akcipher *tfm, const void *key,
671 unsigned int keylen)
672{
673 return qat_rsa_setkey(tfm, key, keylen, true);
674}
675
676static int qat_rsa_max_size(struct crypto_akcipher *tfm)
677{
678 struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
679
680 return (ctx->n) ? ctx->key_sz : -EINVAL;
681}
682
582static int qat_rsa_init_tfm(struct crypto_akcipher *tfm) 683static int qat_rsa_init_tfm(struct crypto_akcipher *tfm)
583{ 684{
584 struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm); 685 struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
@@ -617,7 +718,9 @@ static struct akcipher_alg rsa = {
617 .decrypt = qat_rsa_dec, 718 .decrypt = qat_rsa_dec,
618 .sign = qat_rsa_dec, 719 .sign = qat_rsa_dec,
619 .verify = qat_rsa_enc, 720 .verify = qat_rsa_enc,
620 .setkey = qat_rsa_setkey, 721 .set_pub_key = qat_rsa_setpubkey,
722 .set_priv_key = qat_rsa_setprivkey,
723 .max_size = qat_rsa_max_size,
621 .init = qat_rsa_init_tfm, 724 .init = qat_rsa_init_tfm,
622 .exit = qat_rsa_exit_tfm, 725 .exit = qat_rsa_exit_tfm,
623 .reqsize = sizeof(struct qat_rsa_request) + 64, 726 .reqsize = sizeof(struct qat_rsa_request) + 64,
diff --git a/drivers/crypto/qat/qat_common/qat_rsakey.asn1 b/drivers/crypto/qat/qat_common/qat_rsakey.asn1
deleted file mode 100644
index 97b0e02b600a..000000000000
--- a/drivers/crypto/qat/qat_common/qat_rsakey.asn1
+++ /dev/null
@@ -1,5 +0,0 @@
1RsaKey ::= SEQUENCE {
2 n INTEGER ({ qat_rsa_get_n }),
3 e INTEGER ({ qat_rsa_get_e }),
4 d INTEGER ({ qat_rsa_get_d })
5}
diff --git a/drivers/crypto/qat/qat_common/qat_rsaprivkey.asn1 b/drivers/crypto/qat/qat_common/qat_rsaprivkey.asn1
new file mode 100644
index 000000000000..f0066adb79b8
--- /dev/null
+++ b/drivers/crypto/qat/qat_common/qat_rsaprivkey.asn1
@@ -0,0 +1,11 @@
1RsaPrivKey ::= SEQUENCE {
2 version INTEGER,
3 n INTEGER ({ qat_rsa_get_n }),
4 e INTEGER ({ qat_rsa_get_e }),
5 d INTEGER ({ qat_rsa_get_d }),
6 prime1 INTEGER,
7 prime2 INTEGER,
8 exponent1 INTEGER,
9 exponent2 INTEGER,
10 coefficient INTEGER
11}
diff --git a/drivers/crypto/qat/qat_common/qat_rsapubkey.asn1 b/drivers/crypto/qat/qat_common/qat_rsapubkey.asn1
new file mode 100644
index 000000000000..bd667b31a21a
--- /dev/null
+++ b/drivers/crypto/qat/qat_common/qat_rsapubkey.asn1
@@ -0,0 +1,4 @@
1RsaPubKey ::= SEQUENCE {
2 n INTEGER ({ qat_rsa_get_n }),
3 e INTEGER ({ qat_rsa_get_e })
4}
diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 69d163e39101..45cd5b328040 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -18,21 +18,21 @@
18 * struct akcipher_request - public key request 18 * struct akcipher_request - public key request
19 * 19 *
20 * @base: Common attributes for async crypto requests 20 * @base: Common attributes for async crypto requests
21 * @src: Pointer to memory containing the input parameters 21 * @src: Source data
22 * The format of the parameter(s) is expeted to be Octet String 22 * @dst: Destination data
23 * @dst: Pointer to memory whare the result will be stored 23 * @src_len: Size of the input buffer
24 * @src_len: Size of the input parameter
25 * @dst_len: Size of the output buffer. It needs to be at leaset 24 * @dst_len: Size of the output buffer. It needs to be at leaset
26 * as big as the expected result depending on the operation 25 * as big as the expected result depending on the operation
27 * After operation it will be updated with the acctual size of the 26 * After operation it will be updated with the acctual size of the
28 * result. In case of error, where the dst_len was insufficient, 27 * result.
28 * In case of error where the dst sgl size was insufficient,
29 * it will be updated to the size required for the operation. 29 * it will be updated to the size required for the operation.
30 * @__ctx: Start of private context data 30 * @__ctx: Start of private context data
31 */ 31 */
32struct akcipher_request { 32struct akcipher_request {
33 struct crypto_async_request base; 33 struct crypto_async_request base;
34 void *src; 34 struct scatterlist *src;
35 void *dst; 35 struct scatterlist *dst;
36 unsigned int src_len; 36 unsigned int src_len;
37 unsigned int dst_len; 37 unsigned int dst_len;
38 void *__ctx[] CRYPTO_MINALIGN_ATTR; 38 void *__ctx[] CRYPTO_MINALIGN_ATTR;
@@ -67,8 +67,13 @@ struct crypto_akcipher {
67 * algorithm. In case of error, where the dst_len was insufficient, 67 * algorithm. In case of error, where the dst_len was insufficient,
68 * the req->dst_len will be updated to the size required for the 68 * the req->dst_len will be updated to the size required for the
69 * operation 69 * operation
70 * @setkey: Function invokes the algorithm specific set key function, which 70 * @set_pub_key: Function invokes the algorithm specific set public key
71 * knows how to decode and interpret the BER encoded key 71 * function, which knows how to decode and interpret
72 * the BER encoded public key
73 * @set_priv_key: Function invokes the algorithm specific set private key
74 * function, which knows how to decode and interpret
75 * the BER encoded private key
76 * @max_size: Function returns dest buffer size reqired for a given key.
72 * @init: Initialize the cryptographic transformation object. 77 * @init: Initialize the cryptographic transformation object.
73 * This function is used to initialize the cryptographic 78 * This function is used to initialize the cryptographic
74 * transformation object. This function is called only once at 79 * transformation object. This function is called only once at
@@ -89,8 +94,11 @@ struct akcipher_alg {
89 int (*verify)(struct akcipher_request *req); 94 int (*verify)(struct akcipher_request *req);
90 int (*encrypt)(struct akcipher_request *req); 95 int (*encrypt)(struct akcipher_request *req);
91 int (*decrypt)(struct akcipher_request *req); 96 int (*decrypt)(struct akcipher_request *req);
92 int (*setkey)(struct crypto_akcipher *tfm, const void *key, 97 int (*set_pub_key)(struct crypto_akcipher *tfm, const void *key,
93 unsigned int keylen); 98 unsigned int keylen);
99 int (*set_priv_key)(struct crypto_akcipher *tfm, const void *key,
100 unsigned int keylen);
101 int (*max_size)(struct crypto_akcipher *tfm);
94 int (*init)(struct crypto_akcipher *tfm); 102 int (*init)(struct crypto_akcipher *tfm);
95 void (*exit)(struct crypto_akcipher *tfm); 103 void (*exit)(struct crypto_akcipher *tfm);
96 104
@@ -229,14 +237,14 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
229 * Sets parameters required by crypto operation 237 * Sets parameters required by crypto operation
230 * 238 *
231 * @req: public key request 239 * @req: public key request
232 * @src: ptr to input parameter 240 * @src: ptr to input scatter list
233 * @dst: ptr of output parameter 241 * @dst: ptr to output scatter list
234 * @src_len: size of the input buffer 242 * @src_len: size of the src input scatter list to be processed
235 * @dst_len: size of the output buffer. It will be updated by the 243 * @dst_len: size of the dst output scatter list
236 * implementation to reflect the acctual size of the result
237 */ 244 */
238static inline void akcipher_request_set_crypt(struct akcipher_request *req, 245static inline void akcipher_request_set_crypt(struct akcipher_request *req,
239 void *src, void *dst, 246 struct scatterlist *src,
247 struct scatterlist *dst,
240 unsigned int src_len, 248 unsigned int src_len,
241 unsigned int dst_len) 249 unsigned int dst_len)
242{ 250{
@@ -247,6 +255,22 @@ static inline void akcipher_request_set_crypt(struct akcipher_request *req,
247} 255}
248 256
249/** 257/**
258 * crypto_akcipher_maxsize() -- Get len for output buffer
259 *
260 * Function returns the dest buffer size required for a given key
261 *
262 * @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
263 *
264 * Return: minimum len for output buffer or error code in key hasn't been set
265 */
266static inline int crypto_akcipher_maxsize(struct crypto_akcipher *tfm)
267{
268 struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
269
270 return alg->max_size(tfm);
271}
272
273/**
250 * crypto_akcipher_encrypt() -- Invoke public key encrypt operation 274 * crypto_akcipher_encrypt() -- Invoke public key encrypt operation
251 * 275 *
252 * Function invokes the specific public key encrypt operation for a given 276 * Function invokes the specific public key encrypt operation for a given
@@ -319,22 +343,44 @@ static inline int crypto_akcipher_verify(struct akcipher_request *req)
319} 343}
320 344
321/** 345/**
322 * crypto_akcipher_setkey() -- Invoke public key setkey operation 346 * crypto_akcipher_set_pub_key() -- Invoke set public key operation
347 *
348 * Function invokes the algorithm specific set key function, which knows
349 * how to decode and interpret the encoded key
350 *
351 * @tfm: tfm handle
352 * @key: BER encoded public key
353 * @keylen: length of the key
354 *
355 * Return: zero on success; error code in case of error
356 */
357static inline int crypto_akcipher_set_pub_key(struct crypto_akcipher *tfm,
358 const void *key,
359 unsigned int keylen)
360{
361 struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
362
363 return alg->set_pub_key(tfm, key, keylen);
364}
365
366/**
367 * crypto_akcipher_set_priv_key() -- Invoke set private key operation
323 * 368 *
324 * Function invokes the algorithm specific set key function, which knows 369 * Function invokes the algorithm specific set key function, which knows
325 * how to decode and interpret the encoded key 370 * how to decode and interpret the encoded key
326 * 371 *
327 * @tfm: tfm handle 372 * @tfm: tfm handle
328 * @key: BER encoded private or public key 373 * @key: BER encoded private key
329 * @keylen: length of the key 374 * @keylen: length of the key
330 * 375 *
331 * Return: zero on success; error code in case of error 376 * Return: zero on success; error code in case of error
332 */ 377 */
333static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm, void *key, 378static inline int crypto_akcipher_set_priv_key(struct crypto_akcipher *tfm,
334 unsigned int keylen) 379 const void *key,
380 unsigned int keylen)
335{ 381{
336 struct akcipher_alg *alg = crypto_akcipher_alg(tfm); 382 struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
337 383
338 return alg->setkey(tfm, key, keylen); 384 return alg->set_priv_key(tfm, key, keylen);
339} 385}
340#endif 386#endif
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
index a8c86365439f..f997e2d29b5a 100644
--- a/include/crypto/internal/rsa.h
+++ b/include/crypto/internal/rsa.h
@@ -20,8 +20,11 @@ struct rsa_key {
20 MPI d; 20 MPI d;
21}; 21};
22 22
23int rsa_parse_key(struct rsa_key *rsa_key, const void *key, 23int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
24 unsigned int key_len); 24 unsigned int key_len);
25
26int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
27 unsigned int key_len);
25 28
26void rsa_free_key(struct rsa_key *rsa_key); 29void rsa_free_key(struct rsa_key *rsa_key);
27#endif 30#endif
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-16 23:58:24 -0400