18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * AMD Cryptographic Coprocessor (CCP) RSA crypto API support 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Copyright (C) 2017 Advanced Micro Devices, Inc. 68c2ecf20Sopenharmony_ci * 78c2ecf20Sopenharmony_ci * Author: Gary R Hook <gary.hook@amd.com> 88c2ecf20Sopenharmony_ci */ 98c2ecf20Sopenharmony_ci 108c2ecf20Sopenharmony_ci#include <linux/module.h> 118c2ecf20Sopenharmony_ci#include <linux/sched.h> 128c2ecf20Sopenharmony_ci#include <linux/scatterlist.h> 138c2ecf20Sopenharmony_ci#include <linux/crypto.h> 148c2ecf20Sopenharmony_ci#include <crypto/algapi.h> 158c2ecf20Sopenharmony_ci#include <crypto/internal/rsa.h> 168c2ecf20Sopenharmony_ci#include <crypto/internal/akcipher.h> 178c2ecf20Sopenharmony_ci#include <crypto/akcipher.h> 188c2ecf20Sopenharmony_ci#include <crypto/scatterwalk.h> 198c2ecf20Sopenharmony_ci 208c2ecf20Sopenharmony_ci#include "ccp-crypto.h" 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_cistatic inline struct akcipher_request *akcipher_request_cast( 238c2ecf20Sopenharmony_ci struct crypto_async_request *req) 248c2ecf20Sopenharmony_ci{ 258c2ecf20Sopenharmony_ci return container_of(req, struct akcipher_request, base); 268c2ecf20Sopenharmony_ci} 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_cistatic inline int ccp_copy_and_save_keypart(u8 **kpbuf, unsigned int *kplen, 298c2ecf20Sopenharmony_ci const u8 *buf, size_t sz) 308c2ecf20Sopenharmony_ci{ 318c2ecf20Sopenharmony_ci int nskip; 328c2ecf20Sopenharmony_ci 338c2ecf20Sopenharmony_ci for (nskip = 0; nskip < sz; nskip++) 348c2ecf20Sopenharmony_ci if (buf[nskip]) 358c2ecf20Sopenharmony_ci break; 368c2ecf20Sopenharmony_ci *kplen = sz - nskip; 378c2ecf20Sopenharmony_ci *kpbuf = kmemdup(buf + nskip, *kplen, GFP_KERNEL); 388c2ecf20Sopenharmony_ci if (!*kpbuf) 398c2ecf20Sopenharmony_ci return -ENOMEM; 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ci return 0; 428c2ecf20Sopenharmony_ci} 438c2ecf20Sopenharmony_ci 448c2ecf20Sopenharmony_cistatic int ccp_rsa_complete(struct crypto_async_request *async_req, int ret) 458c2ecf20Sopenharmony_ci{ 468c2ecf20Sopenharmony_ci struct akcipher_request *req = akcipher_request_cast(async_req); 478c2ecf20Sopenharmony_ci struct ccp_rsa_req_ctx *rctx = akcipher_request_ctx(req); 488c2ecf20Sopenharmony_ci 498c2ecf20Sopenharmony_ci if (ret) 508c2ecf20Sopenharmony_ci return ret; 518c2ecf20Sopenharmony_ci 528c2ecf20Sopenharmony_ci req->dst_len = rctx->cmd.u.rsa.key_size >> 3; 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci return 0; 558c2ecf20Sopenharmony_ci} 568c2ecf20Sopenharmony_ci 578c2ecf20Sopenharmony_cistatic unsigned int ccp_rsa_maxsize(struct crypto_akcipher *tfm) 588c2ecf20Sopenharmony_ci{ 598c2ecf20Sopenharmony_ci struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm); 608c2ecf20Sopenharmony_ci 618c2ecf20Sopenharmony_ci return ctx->u.rsa.n_len; 628c2ecf20Sopenharmony_ci} 638c2ecf20Sopenharmony_ci 648c2ecf20Sopenharmony_cistatic int ccp_rsa_crypt(struct akcipher_request *req, bool encrypt) 658c2ecf20Sopenharmony_ci{ 668c2ecf20Sopenharmony_ci struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 678c2ecf20Sopenharmony_ci struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm); 688c2ecf20Sopenharmony_ci struct ccp_rsa_req_ctx *rctx = akcipher_request_ctx(req); 698c2ecf20Sopenharmony_ci int ret = 0; 708c2ecf20Sopenharmony_ci 718c2ecf20Sopenharmony_ci memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 728c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&rctx->cmd.entry); 738c2ecf20Sopenharmony_ci rctx->cmd.engine = CCP_ENGINE_RSA; 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.key_size = ctx->u.rsa.key_len; /* in bits */ 768c2ecf20Sopenharmony_ci if (encrypt) { 778c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.exp = &ctx->u.rsa.e_sg; 788c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.exp_len = ctx->u.rsa.e_len; 798c2ecf20Sopenharmony_ci } else { 808c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.exp = &ctx->u.rsa.d_sg; 818c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.exp_len = ctx->u.rsa.d_len; 828c2ecf20Sopenharmony_ci } 838c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.mod = &ctx->u.rsa.n_sg; 848c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.mod_len = ctx->u.rsa.n_len; 858c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.src = req->src; 868c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.src_len = req->src_len; 878c2ecf20Sopenharmony_ci rctx->cmd.u.rsa.dst = req->dst; 888c2ecf20Sopenharmony_ci 898c2ecf20Sopenharmony_ci ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd); 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_ci return ret; 928c2ecf20Sopenharmony_ci} 938c2ecf20Sopenharmony_ci 948c2ecf20Sopenharmony_cistatic int ccp_rsa_encrypt(struct akcipher_request *req) 958c2ecf20Sopenharmony_ci{ 968c2ecf20Sopenharmony_ci return ccp_rsa_crypt(req, true); 978c2ecf20Sopenharmony_ci} 988c2ecf20Sopenharmony_ci 998c2ecf20Sopenharmony_cistatic int ccp_rsa_decrypt(struct akcipher_request *req) 1008c2ecf20Sopenharmony_ci{ 1018c2ecf20Sopenharmony_ci return ccp_rsa_crypt(req, false); 1028c2ecf20Sopenharmony_ci} 1038c2ecf20Sopenharmony_ci 1048c2ecf20Sopenharmony_cistatic int ccp_check_key_length(unsigned int len) 1058c2ecf20Sopenharmony_ci{ 1068c2ecf20Sopenharmony_ci /* In bits */ 1078c2ecf20Sopenharmony_ci if (len < 8 || len > 4096) 1088c2ecf20Sopenharmony_ci return -EINVAL; 1098c2ecf20Sopenharmony_ci return 0; 1108c2ecf20Sopenharmony_ci} 1118c2ecf20Sopenharmony_ci 1128c2ecf20Sopenharmony_cistatic void ccp_rsa_free_key_bufs(struct ccp_ctx *ctx) 1138c2ecf20Sopenharmony_ci{ 1148c2ecf20Sopenharmony_ci /* Clean up old key data */ 1158c2ecf20Sopenharmony_ci kfree_sensitive(ctx->u.rsa.e_buf); 1168c2ecf20Sopenharmony_ci ctx->u.rsa.e_buf = NULL; 1178c2ecf20Sopenharmony_ci ctx->u.rsa.e_len = 0; 1188c2ecf20Sopenharmony_ci kfree_sensitive(ctx->u.rsa.n_buf); 1198c2ecf20Sopenharmony_ci ctx->u.rsa.n_buf = NULL; 1208c2ecf20Sopenharmony_ci ctx->u.rsa.n_len = 0; 1218c2ecf20Sopenharmony_ci kfree_sensitive(ctx->u.rsa.d_buf); 1228c2ecf20Sopenharmony_ci ctx->u.rsa.d_buf = NULL; 1238c2ecf20Sopenharmony_ci ctx->u.rsa.d_len = 0; 1248c2ecf20Sopenharmony_ci} 1258c2ecf20Sopenharmony_ci 1268c2ecf20Sopenharmony_cistatic int ccp_rsa_setkey(struct crypto_akcipher *tfm, const void *key, 1278c2ecf20Sopenharmony_ci unsigned int keylen, bool private) 1288c2ecf20Sopenharmony_ci{ 1298c2ecf20Sopenharmony_ci struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm); 1308c2ecf20Sopenharmony_ci struct rsa_key raw_key; 1318c2ecf20Sopenharmony_ci int ret; 1328c2ecf20Sopenharmony_ci 1338c2ecf20Sopenharmony_ci ccp_rsa_free_key_bufs(ctx); 1348c2ecf20Sopenharmony_ci memset(&raw_key, 0, sizeof(raw_key)); 1358c2ecf20Sopenharmony_ci 1368c2ecf20Sopenharmony_ci /* Code borrowed from crypto/rsa.c */ 1378c2ecf20Sopenharmony_ci if (private) 1388c2ecf20Sopenharmony_ci ret = rsa_parse_priv_key(&raw_key, key, keylen); 1398c2ecf20Sopenharmony_ci else 1408c2ecf20Sopenharmony_ci ret = rsa_parse_pub_key(&raw_key, key, keylen); 1418c2ecf20Sopenharmony_ci if (ret) 1428c2ecf20Sopenharmony_ci goto n_key; 1438c2ecf20Sopenharmony_ci 1448c2ecf20Sopenharmony_ci ret = ccp_copy_and_save_keypart(&ctx->u.rsa.n_buf, &ctx->u.rsa.n_len, 1458c2ecf20Sopenharmony_ci raw_key.n, raw_key.n_sz); 1468c2ecf20Sopenharmony_ci if (ret) 1478c2ecf20Sopenharmony_ci goto key_err; 1488c2ecf20Sopenharmony_ci sg_init_one(&ctx->u.rsa.n_sg, ctx->u.rsa.n_buf, ctx->u.rsa.n_len); 1498c2ecf20Sopenharmony_ci 1508c2ecf20Sopenharmony_ci ctx->u.rsa.key_len = ctx->u.rsa.n_len << 3; /* convert to bits */ 1518c2ecf20Sopenharmony_ci if (ccp_check_key_length(ctx->u.rsa.key_len)) { 1528c2ecf20Sopenharmony_ci ret = -EINVAL; 1538c2ecf20Sopenharmony_ci goto key_err; 1548c2ecf20Sopenharmony_ci } 1558c2ecf20Sopenharmony_ci 1568c2ecf20Sopenharmony_ci ret = ccp_copy_and_save_keypart(&ctx->u.rsa.e_buf, &ctx->u.rsa.e_len, 1578c2ecf20Sopenharmony_ci raw_key.e, raw_key.e_sz); 1588c2ecf20Sopenharmony_ci if (ret) 1598c2ecf20Sopenharmony_ci goto key_err; 1608c2ecf20Sopenharmony_ci sg_init_one(&ctx->u.rsa.e_sg, ctx->u.rsa.e_buf, ctx->u.rsa.e_len); 1618c2ecf20Sopenharmony_ci 1628c2ecf20Sopenharmony_ci if (private) { 1638c2ecf20Sopenharmony_ci ret = ccp_copy_and_save_keypart(&ctx->u.rsa.d_buf, 1648c2ecf20Sopenharmony_ci &ctx->u.rsa.d_len, 1658c2ecf20Sopenharmony_ci raw_key.d, raw_key.d_sz); 1668c2ecf20Sopenharmony_ci if (ret) 1678c2ecf20Sopenharmony_ci goto key_err; 1688c2ecf20Sopenharmony_ci sg_init_one(&ctx->u.rsa.d_sg, 1698c2ecf20Sopenharmony_ci ctx->u.rsa.d_buf, ctx->u.rsa.d_len); 1708c2ecf20Sopenharmony_ci } 1718c2ecf20Sopenharmony_ci 1728c2ecf20Sopenharmony_ci return 0; 1738c2ecf20Sopenharmony_ci 1748c2ecf20Sopenharmony_cikey_err: 1758c2ecf20Sopenharmony_ci ccp_rsa_free_key_bufs(ctx); 1768c2ecf20Sopenharmony_ci 1778c2ecf20Sopenharmony_cin_key: 1788c2ecf20Sopenharmony_ci return ret; 1798c2ecf20Sopenharmony_ci} 1808c2ecf20Sopenharmony_ci 1818c2ecf20Sopenharmony_cistatic int ccp_rsa_setprivkey(struct crypto_akcipher *tfm, const void *key, 1828c2ecf20Sopenharmony_ci unsigned int keylen) 1838c2ecf20Sopenharmony_ci{ 1848c2ecf20Sopenharmony_ci return ccp_rsa_setkey(tfm, key, keylen, true); 1858c2ecf20Sopenharmony_ci} 1868c2ecf20Sopenharmony_ci 1878c2ecf20Sopenharmony_cistatic int ccp_rsa_setpubkey(struct crypto_akcipher *tfm, const void *key, 1888c2ecf20Sopenharmony_ci unsigned int keylen) 1898c2ecf20Sopenharmony_ci{ 1908c2ecf20Sopenharmony_ci return ccp_rsa_setkey(tfm, key, keylen, false); 1918c2ecf20Sopenharmony_ci} 1928c2ecf20Sopenharmony_ci 1938c2ecf20Sopenharmony_cistatic int ccp_rsa_init_tfm(struct crypto_akcipher *tfm) 1948c2ecf20Sopenharmony_ci{ 1958c2ecf20Sopenharmony_ci struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm); 1968c2ecf20Sopenharmony_ci 1978c2ecf20Sopenharmony_ci akcipher_set_reqsize(tfm, sizeof(struct ccp_rsa_req_ctx)); 1988c2ecf20Sopenharmony_ci ctx->complete = ccp_rsa_complete; 1998c2ecf20Sopenharmony_ci 2008c2ecf20Sopenharmony_ci return 0; 2018c2ecf20Sopenharmony_ci} 2028c2ecf20Sopenharmony_ci 2038c2ecf20Sopenharmony_cistatic void ccp_rsa_exit_tfm(struct crypto_akcipher *tfm) 2048c2ecf20Sopenharmony_ci{ 2058c2ecf20Sopenharmony_ci struct ccp_ctx *ctx = crypto_tfm_ctx(&tfm->base); 2068c2ecf20Sopenharmony_ci 2078c2ecf20Sopenharmony_ci ccp_rsa_free_key_bufs(ctx); 2088c2ecf20Sopenharmony_ci} 2098c2ecf20Sopenharmony_ci 2108c2ecf20Sopenharmony_cistatic struct akcipher_alg ccp_rsa_defaults = { 2118c2ecf20Sopenharmony_ci .encrypt = ccp_rsa_encrypt, 2128c2ecf20Sopenharmony_ci .decrypt = ccp_rsa_decrypt, 2138c2ecf20Sopenharmony_ci .set_pub_key = ccp_rsa_setpubkey, 2148c2ecf20Sopenharmony_ci .set_priv_key = ccp_rsa_setprivkey, 2158c2ecf20Sopenharmony_ci .max_size = ccp_rsa_maxsize, 2168c2ecf20Sopenharmony_ci .init = ccp_rsa_init_tfm, 2178c2ecf20Sopenharmony_ci .exit = ccp_rsa_exit_tfm, 2188c2ecf20Sopenharmony_ci .base = { 2198c2ecf20Sopenharmony_ci .cra_name = "rsa", 2208c2ecf20Sopenharmony_ci .cra_driver_name = "rsa-ccp", 2218c2ecf20Sopenharmony_ci .cra_priority = CCP_CRA_PRIORITY, 2228c2ecf20Sopenharmony_ci .cra_module = THIS_MODULE, 2238c2ecf20Sopenharmony_ci .cra_ctxsize = 2 * sizeof(struct ccp_ctx), 2248c2ecf20Sopenharmony_ci }, 2258c2ecf20Sopenharmony_ci}; 2268c2ecf20Sopenharmony_ci 2278c2ecf20Sopenharmony_cistruct ccp_rsa_def { 2288c2ecf20Sopenharmony_ci unsigned int version; 2298c2ecf20Sopenharmony_ci const char *name; 2308c2ecf20Sopenharmony_ci const char *driver_name; 2318c2ecf20Sopenharmony_ci unsigned int reqsize; 2328c2ecf20Sopenharmony_ci struct akcipher_alg *alg_defaults; 2338c2ecf20Sopenharmony_ci}; 2348c2ecf20Sopenharmony_ci 2358c2ecf20Sopenharmony_cistatic struct ccp_rsa_def rsa_algs[] = { 2368c2ecf20Sopenharmony_ci { 2378c2ecf20Sopenharmony_ci .version = CCP_VERSION(3, 0), 2388c2ecf20Sopenharmony_ci .name = "rsa", 2398c2ecf20Sopenharmony_ci .driver_name = "rsa-ccp", 2408c2ecf20Sopenharmony_ci .reqsize = sizeof(struct ccp_rsa_req_ctx), 2418c2ecf20Sopenharmony_ci .alg_defaults = &ccp_rsa_defaults, 2428c2ecf20Sopenharmony_ci } 2438c2ecf20Sopenharmony_ci}; 2448c2ecf20Sopenharmony_ci 2458c2ecf20Sopenharmony_cistatic int ccp_register_rsa_alg(struct list_head *head, 2468c2ecf20Sopenharmony_ci const struct ccp_rsa_def *def) 2478c2ecf20Sopenharmony_ci{ 2488c2ecf20Sopenharmony_ci struct ccp_crypto_akcipher_alg *ccp_alg; 2498c2ecf20Sopenharmony_ci struct akcipher_alg *alg; 2508c2ecf20Sopenharmony_ci int ret; 2518c2ecf20Sopenharmony_ci 2528c2ecf20Sopenharmony_ci ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL); 2538c2ecf20Sopenharmony_ci if (!ccp_alg) 2548c2ecf20Sopenharmony_ci return -ENOMEM; 2558c2ecf20Sopenharmony_ci 2568c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&ccp_alg->entry); 2578c2ecf20Sopenharmony_ci 2588c2ecf20Sopenharmony_ci alg = &ccp_alg->alg; 2598c2ecf20Sopenharmony_ci *alg = *def->alg_defaults; 2608c2ecf20Sopenharmony_ci snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name); 2618c2ecf20Sopenharmony_ci snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", 2628c2ecf20Sopenharmony_ci def->driver_name); 2638c2ecf20Sopenharmony_ci ret = crypto_register_akcipher(alg); 2648c2ecf20Sopenharmony_ci if (ret) { 2658c2ecf20Sopenharmony_ci pr_err("%s akcipher algorithm registration error (%d)\n", 2668c2ecf20Sopenharmony_ci alg->base.cra_name, ret); 2678c2ecf20Sopenharmony_ci kfree(ccp_alg); 2688c2ecf20Sopenharmony_ci return ret; 2698c2ecf20Sopenharmony_ci } 2708c2ecf20Sopenharmony_ci 2718c2ecf20Sopenharmony_ci list_add(&ccp_alg->entry, head); 2728c2ecf20Sopenharmony_ci 2738c2ecf20Sopenharmony_ci return 0; 2748c2ecf20Sopenharmony_ci} 2758c2ecf20Sopenharmony_ci 2768c2ecf20Sopenharmony_ciint ccp_register_rsa_algs(struct list_head *head) 2778c2ecf20Sopenharmony_ci{ 2788c2ecf20Sopenharmony_ci int i, ret; 2798c2ecf20Sopenharmony_ci unsigned int ccpversion = ccp_version(); 2808c2ecf20Sopenharmony_ci 2818c2ecf20Sopenharmony_ci /* Register the RSA algorithm in standard mode 2828c2ecf20Sopenharmony_ci * This works for CCP v3 and later 2838c2ecf20Sopenharmony_ci */ 2848c2ecf20Sopenharmony_ci for (i = 0; i < ARRAY_SIZE(rsa_algs); i++) { 2858c2ecf20Sopenharmony_ci if (rsa_algs[i].version > ccpversion) 2868c2ecf20Sopenharmony_ci continue; 2878c2ecf20Sopenharmony_ci ret = ccp_register_rsa_alg(head, &rsa_algs[i]); 2888c2ecf20Sopenharmony_ci if (ret) 2898c2ecf20Sopenharmony_ci return ret; 2908c2ecf20Sopenharmony_ci } 2918c2ecf20Sopenharmony_ci 2928c2ecf20Sopenharmony_ci return 0; 2938c2ecf20Sopenharmony_ci} 294