// SPDX-License-Identifier: GPL-2.0 /* Copyright (c) 2019 HiSilicon Limited. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "hpre.h" struct hpre_ctx; #define HPRE_CRYPTO_ALG_PRI 1000 #define HPRE_ALIGN_SZ 64 #define HPRE_BITS_2_BYTES_SHIFT 3 #define HPRE_RSA_512BITS_KSZ 64 #define HPRE_RSA_1536BITS_KSZ 192 #define HPRE_CRT_PRMS 5 #define HPRE_CRT_Q 2 #define HPRE_CRT_P 3 #define HPRE_CRT_INV 4 #define HPRE_DH_G_FLAG 0x02 #define HPRE_TRY_SEND_TIMES 100 #define HPRE_INVLD_REQ_ID (-1) #define HPRE_SQE_ALG_BITS 5 #define HPRE_SQE_DONE_SHIFT 30 #define HPRE_DH_MAX_P_SZ 512 #define HPRE_DFX_SEC_TO_US 1000000 #define HPRE_DFX_US_TO_NS 1000 /* due to nist p521 */ #define HPRE_ECC_MAX_KSZ 66 /* size in bytes of the n prime */ #define HPRE_ECC_NIST_P192_N_SIZE 24 #define HPRE_ECC_NIST_P256_N_SIZE 32 #define HPRE_ECC_NIST_P384_N_SIZE 48 /* size in bytes */ #define HPRE_ECC_HW256_KSZ_B 32 #define HPRE_ECC_HW384_KSZ_B 48 typedef void (*hpre_cb)(struct hpre_ctx *ctx, void *sqe); struct hpre_rsa_ctx { /* low address: e--->n */ char *pubkey; dma_addr_t dma_pubkey; /* low address: d--->n */ char *prikey; dma_addr_t dma_prikey; /* low address: dq->dp->q->p->qinv */ char *crt_prikey; dma_addr_t dma_crt_prikey; struct crypto_akcipher *soft_tfm; }; struct hpre_dh_ctx { /* * If base is g we compute the public key * ya = g^xa mod p; [RFC2631 sec 2.1.1] * else if base if the counterpart public key we * compute the shared secret * ZZ = yb^xa mod p; [RFC2631 sec 2.1.1] * low address: d--->n, please refer to Hisilicon HPRE UM */ char *xa_p; dma_addr_t dma_xa_p; char *g; /* m */ dma_addr_t dma_g; }; struct hpre_ecdh_ctx { /* low address: p->a->k->b */ unsigned char *p; dma_addr_t dma_p; /* low address: x->y */ unsigned char *g; dma_addr_t dma_g; }; struct hpre_curve25519_ctx { /* low address: p->a->k */ unsigned char *p; dma_addr_t dma_p; /* gx coordinate */ unsigned char *g; dma_addr_t dma_g; }; struct hpre_ctx { struct hisi_qp *qp; struct device *dev; struct hpre_asym_request **req_list; struct hpre *hpre; spinlock_t req_lock; unsigned int key_sz; bool crt_g2_mode; struct idr req_idr; union { struct hpre_rsa_ctx rsa; struct hpre_dh_ctx dh; struct hpre_ecdh_ctx ecdh; struct hpre_curve25519_ctx curve25519; }; /* for ecc algorithms */ unsigned int curve_id; }; struct hpre_asym_request { char *src; char *dst; struct hpre_sqe req; struct hpre_ctx *ctx; union { struct akcipher_request *rsa; struct kpp_request *dh; struct kpp_request *ecdh; struct kpp_request *curve25519; } areq; int err; int req_id; hpre_cb cb; struct timespec64 req_time; }; static int hpre_alloc_req_id(struct hpre_ctx *ctx) { unsigned long flags; int id; spin_lock_irqsave(&ctx->req_lock, flags); id = idr_alloc(&ctx->req_idr, NULL, 0, QM_Q_DEPTH, GFP_ATOMIC); spin_unlock_irqrestore(&ctx->req_lock, flags); return id; } static void hpre_free_req_id(struct hpre_ctx *ctx, int req_id) { unsigned long flags; spin_lock_irqsave(&ctx->req_lock, flags); idr_remove(&ctx->req_idr, req_id); spin_unlock_irqrestore(&ctx->req_lock, flags); } static int hpre_add_req_to_ctx(struct hpre_asym_request *hpre_req) { struct hpre_ctx *ctx; struct hpre_dfx *dfx; int id; ctx = hpre_req->ctx; id = hpre_alloc_req_id(ctx); if (unlikely(id < 0)) return -EINVAL; ctx->req_list[id] = hpre_req; hpre_req->req_id = id; dfx = ctx->hpre->debug.dfx; if (atomic64_read(&dfx[HPRE_OVERTIME_THRHLD].value)) ktime_get_ts64(&hpre_req->req_time); return id; } static void hpre_rm_req_from_ctx(struct hpre_asym_request *hpre_req) { struct hpre_ctx *ctx = hpre_req->ctx; int id = hpre_req->req_id; if (hpre_req->req_id >= 0) { hpre_req->req_id = HPRE_INVLD_REQ_ID; ctx->req_list[id] = NULL; hpre_free_req_id(ctx, id); } } static struct hisi_qp *hpre_get_qp_and_start(u8 type) { struct hisi_qp *qp; int ret; qp = hpre_create_qp(type); if (!qp) { pr_err("Can not create hpre qp!\n"); return ERR_PTR(-ENODEV); } ret = hisi_qm_start_qp(qp, 0); if (ret < 0) { hisi_qm_free_qps(&qp, 1); pci_err(qp->qm->pdev, "Can not start qp!\n"); return ERR_PTR(-EINVAL); } return qp; } static int hpre_get_data_dma_addr(struct hpre_asym_request *hpre_req, struct scatterlist *data, unsigned int len, int is_src, dma_addr_t *tmp) { struct device *dev = hpre_req->ctx->dev; enum dma_data_direction dma_dir; if (is_src) { hpre_req->src = NULL; dma_dir = DMA_TO_DEVICE; } else { hpre_req->dst = NULL; dma_dir = DMA_FROM_DEVICE; } *tmp = dma_map_single(dev, sg_virt(data), len, dma_dir); if (unlikely(dma_mapping_error(dev, *tmp))) { dev_err(dev, "dma map data err!\n"); return -ENOMEM; } return 0; } static int hpre_prepare_dma_buf(struct hpre_asym_request *hpre_req, struct scatterlist *data, unsigned int len, int is_src, dma_addr_t *tmp) { struct hpre_ctx *ctx = hpre_req->ctx; struct device *dev = ctx->dev; void *ptr; int shift; shift = ctx->key_sz - len; if (unlikely(shift < 0)) return -EINVAL; ptr = dma_alloc_coherent(dev, ctx->key_sz, tmp, GFP_ATOMIC); if (unlikely(!ptr)) return -ENOMEM; if (is_src) { scatterwalk_map_and_copy(ptr + shift, data, 0, len, 0); hpre_req->src = ptr; } else { hpre_req->dst = ptr; } return 0; } static int hpre_hw_data_init(struct hpre_asym_request *hpre_req, struct scatterlist *data, unsigned int len, int is_src, int is_dh) { struct hpre_sqe *msg = &hpre_req->req; struct hpre_ctx *ctx = hpre_req->ctx; dma_addr_t tmp = 0; int ret; /* when the data is dh's source, we should format it */ if ((sg_is_last(data) && len == ctx->key_sz) && ((is_dh && !is_src) || !is_dh)) ret = hpre_get_data_dma_addr(hpre_req, data, len, is_src, &tmp); else ret = hpre_prepare_dma_buf(hpre_req, data, len, is_src, &tmp); if (unlikely(ret)) return ret; if (is_src) msg->in = cpu_to_le64(tmp); else msg->out = cpu_to_le64(tmp); return 0; } static void hpre_hw_data_clr_all(struct hpre_ctx *ctx, struct hpre_asym_request *req, struct scatterlist *dst, struct scatterlist *src) { struct device *dev = ctx->dev; struct hpre_sqe *sqe = &req->req; dma_addr_t tmp; tmp = le64_to_cpu(sqe->in); if (unlikely(dma_mapping_error(dev, tmp))) return; if (src) { if (req->src) dma_free_coherent(dev, ctx->key_sz, req->src, tmp); else dma_unmap_single(dev, tmp, ctx->key_sz, DMA_TO_DEVICE); } tmp = le64_to_cpu(sqe->out); if (unlikely(dma_mapping_error(dev, tmp))) return; if (req->dst) { if (dst) scatterwalk_map_and_copy(req->dst, dst, 0, ctx->key_sz, 1); dma_free_coherent(dev, ctx->key_sz, req->dst, tmp); } else { dma_unmap_single(dev, tmp, ctx->key_sz, DMA_FROM_DEVICE); } } static int hpre_alg_res_post_hf(struct hpre_ctx *ctx, struct hpre_sqe *sqe, void **kreq) { struct hpre_asym_request *req; unsigned int err, done, alg; int id; #define HPRE_NO_HW_ERR 0 #define HPRE_HW_TASK_DONE 3 #define HREE_HW_ERR_MASK GENMASK(10, 0) #define HREE_SQE_DONE_MASK GENMASK(1, 0) #define HREE_ALG_TYPE_MASK GENMASK(4, 0) id = (int)le16_to_cpu(sqe->tag); req = ctx->req_list[id]; hpre_rm_req_from_ctx(req); *kreq = req; err = (le32_to_cpu(sqe->dw0) >> HPRE_SQE_ALG_BITS) & HREE_HW_ERR_MASK; done = (le32_to_cpu(sqe->dw0) >> HPRE_SQE_DONE_SHIFT) & HREE_SQE_DONE_MASK; if (likely(err == HPRE_NO_HW_ERR && done == HPRE_HW_TASK_DONE)) return 0; alg = le32_to_cpu(sqe->dw0) & HREE_ALG_TYPE_MASK; dev_err_ratelimited(ctx->dev, "alg[0x%x] error: done[0x%x], etype[0x%x]\n", alg, done, err); return -EINVAL; } static int hpre_ctx_set(struct hpre_ctx *ctx, struct hisi_qp *qp, int qlen) { struct hpre *hpre; if (!ctx || !qp || qlen < 0) return -EINVAL; spin_lock_init(&ctx->req_lock); ctx->qp = qp; ctx->dev = &qp->qm->pdev->dev; hpre = container_of(ctx->qp->qm, struct hpre, qm); ctx->hpre = hpre; ctx->req_list = kcalloc(qlen, sizeof(void *), GFP_KERNEL); if (!ctx->req_list) return -ENOMEM; ctx->key_sz = 0; ctx->crt_g2_mode = false; idr_init(&ctx->req_idr); return 0; } static void hpre_ctx_clear(struct hpre_ctx *ctx, bool is_clear_all) { if (is_clear_all) { idr_destroy(&ctx->req_idr); kfree(ctx->req_list); hisi_qm_free_qps(&ctx->qp, 1); } ctx->crt_g2_mode = false; ctx->key_sz = 0; } static bool hpre_is_bd_timeout(struct hpre_asym_request *req, u64 overtime_thrhld) { struct timespec64 reply_time; u64 time_use_us; ktime_get_ts64(&reply_time); time_use_us = (reply_time.tv_sec - req->req_time.tv_sec) * HPRE_DFX_SEC_TO_US + (reply_time.tv_nsec - req->req_time.tv_nsec) / HPRE_DFX_US_TO_NS; if (time_use_us <= overtime_thrhld) return false; return true; } static void hpre_dh_cb(struct hpre_ctx *ctx, void *resp) { struct hpre_dfx *dfx = ctx->hpre->debug.dfx; struct hpre_asym_request *req; struct kpp_request *areq; u64 overtime_thrhld; int ret; ret = hpre_alg_res_post_hf(ctx, resp, (void **)&req); areq = req->areq.dh; areq->dst_len = ctx->key_sz; overtime_thrhld = atomic64_read(&dfx[HPRE_OVERTIME_THRHLD].value); if (overtime_thrhld && hpre_is_bd_timeout(req, overtime_thrhld)) atomic64_inc(&dfx[HPRE_OVER_THRHLD_CNT].value); hpre_hw_data_clr_all(ctx, req, areq->dst, areq->src); kpp_request_complete(areq, ret); atomic64_inc(&dfx[HPRE_RECV_CNT].value); } static void hpre_rsa_cb(struct hpre_ctx *ctx, void *resp) { struct hpre_dfx *dfx = ctx->hpre->debug.dfx; struct hpre_asym_request *req; struct akcipher_request *areq; u64 overtime_thrhld; int ret; ret = hpre_alg_res_post_hf(ctx, resp, (void **)&req); overtime_thrhld = atomic64_read(&dfx[HPRE_OVERTIME_THRHLD].value); if (overtime_thrhld && hpre_is_bd_timeout(req, overtime_thrhld)) atomic64_inc(&dfx[HPRE_OVER_THRHLD_CNT].value); areq = req->areq.rsa; areq->dst_len = ctx->key_sz; hpre_hw_data_clr_all(ctx, req, areq->dst, areq->src); akcipher_request_complete(areq, ret); atomic64_inc(&dfx[HPRE_RECV_CNT].value); } static void hpre_alg_cb(struct hisi_qp *qp, void *resp) { struct hpre_ctx *ctx = qp->qp_ctx; struct hpre_dfx *dfx = ctx->hpre->debug.dfx; struct hpre_sqe *sqe = resp; struct hpre_asym_request *req = ctx->req_list[le16_to_cpu(sqe->tag)]; if (unlikely(!req)) { atomic64_inc(&dfx[HPRE_INVALID_REQ_CNT].value); return; } req->cb(ctx, resp); } static void hpre_stop_qp_and_put(struct hisi_qp *qp) { hisi_qm_stop_qp(qp); hisi_qm_free_qps(&qp, 1); } static int hpre_ctx_init(struct hpre_ctx *ctx, u8 type) { struct hisi_qp *qp; int ret; qp = hpre_get_qp_and_start(type); if (IS_ERR(qp)) return PTR_ERR(qp); qp->qp_ctx = ctx; qp->req_cb = hpre_alg_cb; ret = hpre_ctx_set(ctx, qp, QM_Q_DEPTH); if (ret) hpre_stop_qp_and_put(qp); return ret; } static int hpre_msg_request_set(struct hpre_ctx *ctx, void *req, bool is_rsa) { struct hpre_asym_request *h_req; struct hpre_sqe *msg; int req_id; void *tmp; if (is_rsa) { struct akcipher_request *akreq = req; if (akreq->dst_len < ctx->key_sz) { akreq->dst_len = ctx->key_sz; return -EOVERFLOW; } tmp = akcipher_request_ctx(akreq); h_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); h_req->cb = hpre_rsa_cb; h_req->areq.rsa = akreq; msg = &h_req->req; memset(msg, 0, sizeof(*msg)); } else { struct kpp_request *kreq = req; if (kreq->dst_len < ctx->key_sz) { kreq->dst_len = ctx->key_sz; return -EOVERFLOW; } tmp = kpp_request_ctx(kreq); h_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); h_req->cb = hpre_dh_cb; h_req->areq.dh = kreq; msg = &h_req->req; memset(msg, 0, sizeof(*msg)); msg->key = cpu_to_le64(ctx->dh.dma_xa_p); } msg->in = cpu_to_le64(DMA_MAPPING_ERROR); msg->out = cpu_to_le64(DMA_MAPPING_ERROR); msg->dw0 |= cpu_to_le32(0x1 << HPRE_SQE_DONE_SHIFT); msg->task_len1 = (ctx->key_sz >> HPRE_BITS_2_BYTES_SHIFT) - 1; h_req->ctx = ctx; req_id = hpre_add_req_to_ctx(h_req); if (req_id < 0) return -EBUSY; msg->tag = cpu_to_le16((u16)req_id); return 0; } static int hpre_send(struct hpre_ctx *ctx, struct hpre_sqe *msg) { struct hpre_dfx *dfx = ctx->hpre->debug.dfx; int ctr = 0; int ret; do { atomic64_inc(&dfx[HPRE_SEND_CNT].value); ret = hisi_qp_send(ctx->qp, msg); if (ret != -EBUSY) break; atomic64_inc(&dfx[HPRE_SEND_BUSY_CNT].value); } while (ctr++ < HPRE_TRY_SEND_TIMES); if (likely(!ret)) return ret; if (ret != -EBUSY) atomic64_inc(&dfx[HPRE_SEND_FAIL_CNT].value); return ret; } static int hpre_dh_compute_value(struct kpp_request *req) { struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); void *tmp = kpp_request_ctx(req); struct hpre_asym_request *hpre_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); struct hpre_sqe *msg = &hpre_req->req; int ret; ret = hpre_msg_request_set(ctx, req, false); if (unlikely(ret)) return ret; if (req->src) { ret = hpre_hw_data_init(hpre_req, req->src, req->src_len, 1, 1); if (unlikely(ret)) goto clear_all; } else { msg->in = cpu_to_le64(ctx->dh.dma_g); } ret = hpre_hw_data_init(hpre_req, req->dst, req->dst_len, 0, 1); if (unlikely(ret)) goto clear_all; if (ctx->crt_g2_mode && !req->src) msg->dw0 = cpu_to_le32(le32_to_cpu(msg->dw0) | HPRE_ALG_DH_G2); else msg->dw0 = cpu_to_le32(le32_to_cpu(msg->dw0) | HPRE_ALG_DH); /* success */ ret = hpre_send(ctx, msg); if (likely(!ret)) return -EINPROGRESS; clear_all: hpre_rm_req_from_ctx(hpre_req); hpre_hw_data_clr_all(ctx, hpre_req, req->dst, req->src); return ret; } static int hpre_is_dh_params_length_valid(unsigned int key_sz) { #define _HPRE_DH_GRP1 768 #define _HPRE_DH_GRP2 1024 #define _HPRE_DH_GRP5 1536 #define _HPRE_DH_GRP14 2048 #define _HPRE_DH_GRP15 3072 #define _HPRE_DH_GRP16 4096 switch (key_sz) { case _HPRE_DH_GRP1: case _HPRE_DH_GRP2: case _HPRE_DH_GRP5: case _HPRE_DH_GRP14: case _HPRE_DH_GRP15: case _HPRE_DH_GRP16: return 0; default: return -EINVAL; } } static int hpre_dh_set_params(struct hpre_ctx *ctx, struct dh *params) { struct device *dev = ctx->dev; unsigned int sz; if (params->p_size > HPRE_DH_MAX_P_SZ) return -EINVAL; if (hpre_is_dh_params_length_valid(params->p_size << HPRE_BITS_2_BYTES_SHIFT)) return -EINVAL; sz = ctx->key_sz = params->p_size; ctx->dh.xa_p = dma_alloc_coherent(dev, sz << 1, &ctx->dh.dma_xa_p, GFP_KERNEL); if (!ctx->dh.xa_p) return -ENOMEM; memcpy(ctx->dh.xa_p + sz, params->p, sz); /* If g equals 2 don't copy it */ if (params->g_size == 1 && *(char *)params->g == HPRE_DH_G_FLAG) { ctx->crt_g2_mode = true; return 0; } ctx->dh.g = dma_alloc_coherent(dev, sz, &ctx->dh.dma_g, GFP_KERNEL); if (!ctx->dh.g) { dma_free_coherent(dev, sz << 1, ctx->dh.xa_p, ctx->dh.dma_xa_p); ctx->dh.xa_p = NULL; return -ENOMEM; } memcpy(ctx->dh.g + (sz - params->g_size), params->g, params->g_size); return 0; } static void hpre_dh_clear_ctx(struct hpre_ctx *ctx, bool is_clear_all) { struct device *dev = ctx->dev; unsigned int sz = ctx->key_sz; if (is_clear_all) hisi_qm_stop_qp(ctx->qp); if (ctx->dh.g) { dma_free_coherent(dev, sz, ctx->dh.g, ctx->dh.dma_g); ctx->dh.g = NULL; } if (ctx->dh.xa_p) { memzero_explicit(ctx->dh.xa_p, sz); dma_free_coherent(dev, sz << 1, ctx->dh.xa_p, ctx->dh.dma_xa_p); ctx->dh.xa_p = NULL; } hpre_ctx_clear(ctx, is_clear_all); } static int hpre_dh_set_secret(struct crypto_kpp *tfm, const void *buf, unsigned int len) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); struct dh params; int ret; if (crypto_dh_decode_key(buf, len, ¶ms) < 0) return -EINVAL; /* Free old secret if any */ hpre_dh_clear_ctx(ctx, false); ret = hpre_dh_set_params(ctx, ¶ms); if (ret < 0) goto err_clear_ctx; memcpy(ctx->dh.xa_p + (ctx->key_sz - params.key_size), params.key, params.key_size); return 0; err_clear_ctx: hpre_dh_clear_ctx(ctx, false); return ret; } static unsigned int hpre_dh_max_size(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); return ctx->key_sz; } static int hpre_dh_init_tfm(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); return hpre_ctx_init(ctx, HPRE_V2_ALG_TYPE); } static void hpre_dh_exit_tfm(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); hpre_dh_clear_ctx(ctx, true); } static void hpre_rsa_drop_leading_zeros(const char **ptr, size_t *len) { while (!**ptr && *len) { (*ptr)++; (*len)--; } } static bool hpre_rsa_key_size_is_support(unsigned int len) { unsigned int bits = len << HPRE_BITS_2_BYTES_SHIFT; #define _RSA_1024BITS_KEY_WDTH 1024 #define _RSA_2048BITS_KEY_WDTH 2048 #define _RSA_3072BITS_KEY_WDTH 3072 #define _RSA_4096BITS_KEY_WDTH 4096 switch (bits) { case _RSA_1024BITS_KEY_WDTH: case _RSA_2048BITS_KEY_WDTH: case _RSA_3072BITS_KEY_WDTH: case _RSA_4096BITS_KEY_WDTH: return true; default: return false; } } static int hpre_rsa_enc(struct akcipher_request *req) { struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); struct hpre_ctx *ctx = akcipher_tfm_ctx(tfm); void *tmp = akcipher_request_ctx(req); struct hpre_asym_request *hpre_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); struct hpre_sqe *msg = &hpre_req->req; int ret; /* For 512 and 1536 bits key size, use soft tfm instead */ if (ctx->key_sz == HPRE_RSA_512BITS_KSZ || ctx->key_sz == HPRE_RSA_1536BITS_KSZ) { akcipher_request_set_tfm(req, ctx->rsa.soft_tfm); ret = crypto_akcipher_encrypt(req); akcipher_request_set_tfm(req, tfm); return ret; } if (unlikely(!ctx->rsa.pubkey)) return -EINVAL; ret = hpre_msg_request_set(ctx, req, true); if (unlikely(ret)) return ret; msg->dw0 |= cpu_to_le32(HPRE_ALG_NC_NCRT); msg->key = cpu_to_le64(ctx->rsa.dma_pubkey); ret = hpre_hw_data_init(hpre_req, req->src, req->src_len, 1, 0); if (unlikely(ret)) goto clear_all; ret = hpre_hw_data_init(hpre_req, req->dst, req->dst_len, 0, 0); if (unlikely(ret)) goto clear_all; /* success */ ret = hpre_send(ctx, msg); if (likely(!ret)) return -EINPROGRESS; clear_all: hpre_rm_req_from_ctx(hpre_req); hpre_hw_data_clr_all(ctx, hpre_req, req->dst, req->src); return ret; } static int hpre_rsa_dec(struct akcipher_request *req) { struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); struct hpre_ctx *ctx = akcipher_tfm_ctx(tfm); void *tmp = akcipher_request_ctx(req); struct hpre_asym_request *hpre_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); struct hpre_sqe *msg = &hpre_req->req; int ret; /* For 512 and 1536 bits key size, use soft tfm instead */ if (ctx->key_sz == HPRE_RSA_512BITS_KSZ || ctx->key_sz == HPRE_RSA_1536BITS_KSZ) { akcipher_request_set_tfm(req, ctx->rsa.soft_tfm); ret = crypto_akcipher_decrypt(req); akcipher_request_set_tfm(req, tfm); return ret; } if (unlikely(!ctx->rsa.prikey)) return -EINVAL; ret = hpre_msg_request_set(ctx, req, true); if (unlikely(ret)) return ret; if (ctx->crt_g2_mode) { msg->key = cpu_to_le64(ctx->rsa.dma_crt_prikey); msg->dw0 = cpu_to_le32(le32_to_cpu(msg->dw0) | HPRE_ALG_NC_CRT); } else { msg->key = cpu_to_le64(ctx->rsa.dma_prikey); msg->dw0 = cpu_to_le32(le32_to_cpu(msg->dw0) | HPRE_ALG_NC_NCRT); } ret = hpre_hw_data_init(hpre_req, req->src, req->src_len, 1, 0); if (unlikely(ret)) goto clear_all; ret = hpre_hw_data_init(hpre_req, req->dst, req->dst_len, 0, 0); if (unlikely(ret)) goto clear_all; /* success */ ret = hpre_send(ctx, msg); if (likely(!ret)) return -EINPROGRESS; clear_all: hpre_rm_req_from_ctx(hpre_req); hpre_hw_data_clr_all(ctx, hpre_req, req->dst, req->src); return ret; } static int hpre_rsa_set_n(struct hpre_ctx *ctx, const char *value, size_t vlen, bool private) { const char *ptr = value; hpre_rsa_drop_leading_zeros(&ptr, &vlen); ctx->key_sz = vlen; /* if invalid key size provided, we use software tfm */ if (!hpre_rsa_key_size_is_support(ctx->key_sz)) return 0; ctx->rsa.pubkey = dma_alloc_coherent(ctx->dev, vlen << 1, &ctx->rsa.dma_pubkey, GFP_KERNEL); if (!ctx->rsa.pubkey) return -ENOMEM; if (private) { ctx->rsa.prikey = dma_alloc_coherent(ctx->dev, vlen << 1, &ctx->rsa.dma_prikey, GFP_KERNEL); if (!ctx->rsa.prikey) { dma_free_coherent(ctx->dev, vlen << 1, ctx->rsa.pubkey, ctx->rsa.dma_pubkey); ctx->rsa.pubkey = NULL; return -ENOMEM; } memcpy(ctx->rsa.prikey + vlen, ptr, vlen); } memcpy(ctx->rsa.pubkey + vlen, ptr, vlen); /* Using hardware HPRE to do RSA */ return 1; } static int hpre_rsa_set_e(struct hpre_ctx *ctx, const char *value, size_t vlen) { const char *ptr = value; hpre_rsa_drop_leading_zeros(&ptr, &vlen); if (!ctx->key_sz || !vlen || vlen > ctx->key_sz) return -EINVAL; memcpy(ctx->rsa.pubkey + ctx->key_sz - vlen, ptr, vlen); return 0; } static int hpre_rsa_set_d(struct hpre_ctx *ctx, const char *value, size_t vlen) { const char *ptr = value; hpre_rsa_drop_leading_zeros(&ptr, &vlen); if (!ctx->key_sz || !vlen || vlen > ctx->key_sz) return -EINVAL; memcpy(ctx->rsa.prikey + ctx->key_sz - vlen, ptr, vlen); return 0; } static int hpre_crt_para_get(char *para, size_t para_sz, const char *raw, size_t raw_sz) { const char *ptr = raw; size_t len = raw_sz; hpre_rsa_drop_leading_zeros(&ptr, &len); if (!len || len > para_sz) return -EINVAL; memcpy(para + para_sz - len, ptr, len); return 0; } static int hpre_rsa_setkey_crt(struct hpre_ctx *ctx, struct rsa_key *rsa_key) { unsigned int hlf_ksz = ctx->key_sz >> 1; struct device *dev = ctx->dev; u64 offset; int ret; ctx->rsa.crt_prikey = dma_alloc_coherent(dev, hlf_ksz * HPRE_CRT_PRMS, &ctx->rsa.dma_crt_prikey, GFP_KERNEL); if (!ctx->rsa.crt_prikey) return -ENOMEM; ret = hpre_crt_para_get(ctx->rsa.crt_prikey, hlf_ksz, rsa_key->dq, rsa_key->dq_sz); if (ret) goto free_key; offset = hlf_ksz; ret = hpre_crt_para_get(ctx->rsa.crt_prikey + offset, hlf_ksz, rsa_key->dp, rsa_key->dp_sz); if (ret) goto free_key; offset = hlf_ksz * HPRE_CRT_Q; ret = hpre_crt_para_get(ctx->rsa.crt_prikey + offset, hlf_ksz, rsa_key->q, rsa_key->q_sz); if (ret) goto free_key; offset = hlf_ksz * HPRE_CRT_P; ret = hpre_crt_para_get(ctx->rsa.crt_prikey + offset, hlf_ksz, rsa_key->p, rsa_key->p_sz); if (ret) goto free_key; offset = hlf_ksz * HPRE_CRT_INV; ret = hpre_crt_para_get(ctx->rsa.crt_prikey + offset, hlf_ksz, rsa_key->qinv, rsa_key->qinv_sz); if (ret) goto free_key; ctx->crt_g2_mode = true; return 0; free_key: offset = hlf_ksz * HPRE_CRT_PRMS; memzero_explicit(ctx->rsa.crt_prikey, offset); dma_free_coherent(dev, hlf_ksz * HPRE_CRT_PRMS, ctx->rsa.crt_prikey, ctx->rsa.dma_crt_prikey); ctx->rsa.crt_prikey = NULL; ctx->crt_g2_mode = false; return ret; } /* If it is clear all, all the resources of the QP will be cleaned. */ static void hpre_rsa_clear_ctx(struct hpre_ctx *ctx, bool is_clear_all) { unsigned int half_key_sz = ctx->key_sz >> 1; struct device *dev = ctx->dev; if (is_clear_all) hisi_qm_stop_qp(ctx->qp); if (ctx->rsa.pubkey) { dma_free_coherent(dev, ctx->key_sz << 1, ctx->rsa.pubkey, ctx->rsa.dma_pubkey); ctx->rsa.pubkey = NULL; } if (ctx->rsa.crt_prikey) { memzero_explicit(ctx->rsa.crt_prikey, half_key_sz * HPRE_CRT_PRMS); dma_free_coherent(dev, half_key_sz * HPRE_CRT_PRMS, ctx->rsa.crt_prikey, ctx->rsa.dma_crt_prikey); ctx->rsa.crt_prikey = NULL; } if (ctx->rsa.prikey) { memzero_explicit(ctx->rsa.prikey, ctx->key_sz); dma_free_coherent(dev, ctx->key_sz << 1, ctx->rsa.prikey, ctx->rsa.dma_prikey); ctx->rsa.prikey = NULL; } hpre_ctx_clear(ctx, is_clear_all); } /* * we should judge if it is CRT or not, * CRT: return true, N-CRT: return false . */ static bool hpre_is_crt_key(struct rsa_key *key) { u16 len = key->p_sz + key->q_sz + key->dp_sz + key->dq_sz + key->qinv_sz; #define LEN_OF_NCRT_PARA 5 /* N-CRT less than 5 parameters */ return len > LEN_OF_NCRT_PARA; } static int hpre_rsa_setkey(struct hpre_ctx *ctx, const void *key, unsigned int keylen, bool private) { struct rsa_key rsa_key; int ret; hpre_rsa_clear_ctx(ctx, false); if (private) ret = rsa_parse_priv_key(&rsa_key, key, keylen); else ret = rsa_parse_pub_key(&rsa_key, key, keylen); if (ret < 0) return ret; ret = hpre_rsa_set_n(ctx, rsa_key.n, rsa_key.n_sz, private); if (ret <= 0) return ret; if (private) { ret = hpre_rsa_set_d(ctx, rsa_key.d, rsa_key.d_sz); if (ret < 0) goto free; if (hpre_is_crt_key(&rsa_key)) { ret = hpre_rsa_setkey_crt(ctx, &rsa_key); if (ret < 0) goto free; } } ret = hpre_rsa_set_e(ctx, rsa_key.e, rsa_key.e_sz); if (ret < 0) goto free; if ((private && !ctx->rsa.prikey) || !ctx->rsa.pubkey) { ret = -EINVAL; goto free; } return 0; free: hpre_rsa_clear_ctx(ctx, false); return ret; } static int hpre_rsa_setpubkey(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { struct hpre_ctx *ctx = akcipher_tfm_ctx(tfm); int ret; ret = crypto_akcipher_set_pub_key(ctx->rsa.soft_tfm, key, keylen); if (ret) return ret; return hpre_rsa_setkey(ctx, key, keylen, false); } static int hpre_rsa_setprivkey(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { struct hpre_ctx *ctx = akcipher_tfm_ctx(tfm); int ret; ret = crypto_akcipher_set_priv_key(ctx->rsa.soft_tfm, key, keylen); if (ret) return ret; return hpre_rsa_setkey(ctx, key, keylen, true); } static unsigned int hpre_rsa_max_size(struct crypto_akcipher *tfm) { struct hpre_ctx *ctx = akcipher_tfm_ctx(tfm); /* For 512 and 1536 bits key size, use soft tfm instead */ if (ctx->key_sz == HPRE_RSA_512BITS_KSZ || ctx->key_sz == HPRE_RSA_1536BITS_KSZ) return crypto_akcipher_maxsize(ctx->rsa.soft_tfm); return ctx->key_sz; } static int hpre_rsa_init_tfm(struct crypto_akcipher *tfm) { struct hpre_ctx *ctx = akcipher_tfm_ctx(tfm); int ret; ctx->rsa.soft_tfm = crypto_alloc_akcipher("rsa-generic", 0, 0); if (IS_ERR(ctx->rsa.soft_tfm)) { pr_err("Can not alloc_akcipher!\n"); return PTR_ERR(ctx->rsa.soft_tfm); } ret = hpre_ctx_init(ctx, HPRE_V2_ALG_TYPE); if (ret) crypto_free_akcipher(ctx->rsa.soft_tfm); return ret; } static void hpre_rsa_exit_tfm(struct crypto_akcipher *tfm) { struct hpre_ctx *ctx = akcipher_tfm_ctx(tfm); hpre_rsa_clear_ctx(ctx, true); crypto_free_akcipher(ctx->rsa.soft_tfm); } static void hpre_key_to_big_end(u8 *data, int len) { int i, j; u8 tmp; for (i = 0; i < len / 2; i++) { j = len - i - 1; tmp = data[j]; data[j] = data[i]; data[i] = tmp; } } static void hpre_ecc_clear_ctx(struct hpre_ctx *ctx, bool is_clear_all, bool is_ecdh) { struct device *dev = ctx->dev; unsigned int sz = ctx->key_sz; unsigned int shift = sz << 1; if (is_clear_all) hisi_qm_stop_qp(ctx->qp); if (is_ecdh && ctx->ecdh.p) { /* ecdh: p->a->k->b */ memzero_explicit(ctx->ecdh.p + shift, sz); dma_free_coherent(dev, sz << 3, ctx->ecdh.p, ctx->ecdh.dma_p); ctx->ecdh.p = NULL; } else if (!is_ecdh && ctx->curve25519.p) { /* curve25519: p->a->k */ memzero_explicit(ctx->curve25519.p + shift, sz); dma_free_coherent(dev, sz << 2, ctx->curve25519.p, ctx->curve25519.dma_p); ctx->curve25519.p = NULL; } hpre_ctx_clear(ctx, is_clear_all); } /* * The bits of 192/224/256/384/521 are supported by HPRE, * and convert the bits like: * bits<=256, bits=256; 256key_sz << 1; unsigned int shiftb = ctx->key_sz << 2; void *p = ctx->ecdh.p + ctx->key_sz - cur_sz; void *a = ctx->ecdh.p + shifta - cur_sz; void *b = ctx->ecdh.p + shiftb - cur_sz; void *x = ctx->ecdh.g + ctx->key_sz - cur_sz; void *y = ctx->ecdh.g + shifta - cur_sz; const struct ecc_curve *curve = ecc_get_curve(ctx->curve_id); char *n; if (unlikely(!curve)) return -EINVAL; n = kzalloc(ctx->key_sz, GFP_KERNEL); if (!n) return -ENOMEM; fill_curve_param(p, curve->p, cur_sz, curve->g.ndigits); fill_curve_param(a, curve->a, cur_sz, curve->g.ndigits); fill_curve_param(b, curve->b, cur_sz, curve->g.ndigits); fill_curve_param(x, curve->g.x, cur_sz, curve->g.ndigits); fill_curve_param(y, curve->g.y, cur_sz, curve->g.ndigits); fill_curve_param(n, curve->n, cur_sz, curve->g.ndigits); if (params->key_size == cur_sz && memcmp(params->key, n, cur_sz) >= 0) { kfree(n); return -EINVAL; } kfree(n); return 0; } static unsigned int hpre_ecdh_get_curvesz(unsigned short id) { switch (id) { case ECC_CURVE_NIST_P192: return HPRE_ECC_NIST_P192_N_SIZE; case ECC_CURVE_NIST_P256: return HPRE_ECC_NIST_P256_N_SIZE; case ECC_CURVE_NIST_P384: return HPRE_ECC_NIST_P384_N_SIZE; default: break; } return 0; } static int hpre_ecdh_set_param(struct hpre_ctx *ctx, struct ecdh *params) { struct device *dev = ctx->dev; unsigned int sz, shift, curve_sz; int ret; ctx->key_sz = hpre_ecdh_supported_curve(ctx->curve_id); if (!ctx->key_sz) return -EINVAL; curve_sz = hpre_ecdh_get_curvesz(ctx->curve_id); if (!curve_sz || params->key_size > curve_sz) return -EINVAL; sz = ctx->key_sz; if (!ctx->ecdh.p) { ctx->ecdh.p = dma_alloc_coherent(dev, sz << 3, &ctx->ecdh.dma_p, GFP_KERNEL); if (!ctx->ecdh.p) return -ENOMEM; } shift = sz << 2; ctx->ecdh.g = ctx->ecdh.p + shift; ctx->ecdh.dma_g = ctx->ecdh.dma_p + shift; ret = hpre_ecdh_fill_curve(ctx, params, curve_sz); if (ret) { dev_err(dev, "failed to fill curve_param, ret = %d!\n", ret); dma_free_coherent(dev, sz << 3, ctx->ecdh.p, ctx->ecdh.dma_p); ctx->ecdh.p = NULL; return ret; } return 0; } static bool hpre_key_is_zero(char *key, unsigned short key_sz) { int i; for (i = 0; i < key_sz; i++) if (key[i]) return false; return true; } static int ecdh_gen_privkey(struct hpre_ctx *ctx, struct ecdh *params) { struct device *dev = ctx->dev; int ret; ret = crypto_get_default_rng(); if (ret) { dev_err(dev, "failed to get default rng, ret = %d!\n", ret); return ret; } ret = crypto_rng_get_bytes(crypto_default_rng, (u8 *)params->key, params->key_size); crypto_put_default_rng(); if (ret) dev_err(dev, "failed to get rng, ret = %d!\n", ret); return ret; } static int hpre_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, unsigned int len) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); struct device *dev = ctx->dev; char key[HPRE_ECC_MAX_KSZ]; unsigned int sz, sz_shift; struct ecdh params; int ret; if (crypto_ecdh_decode_key(buf, len, ¶ms) < 0) { dev_err(dev, "failed to decode ecdh key!\n"); return -EINVAL; } /* Use stdrng to generate private key */ if (!params.key || !params.key_size) { params.key = key; params.key_size = hpre_ecdh_get_curvesz(ctx->curve_id); ret = ecdh_gen_privkey(ctx, ¶ms); if (ret) return ret; } if (hpre_key_is_zero(params.key, params.key_size)) { dev_err(dev, "Invalid hpre key!\n"); return -EINVAL; } hpre_ecc_clear_ctx(ctx, false, true); ret = hpre_ecdh_set_param(ctx, ¶ms); if (ret < 0) { dev_err(dev, "failed to set hpre param, ret = %d!\n", ret); return ret; } sz = ctx->key_sz; sz_shift = (sz << 1) + sz - params.key_size; memcpy(ctx->ecdh.p + sz_shift, params.key, params.key_size); return 0; } static void hpre_ecdh_hw_data_clr_all(struct hpre_ctx *ctx, struct hpre_asym_request *req, struct scatterlist *dst, struct scatterlist *src) { struct device *dev = ctx->dev; struct hpre_sqe *sqe = &req->req; dma_addr_t dma; dma = le64_to_cpu(sqe->in); if (unlikely(dma_mapping_error(dev, dma))) return; if (src && req->src) dma_free_coherent(dev, ctx->key_sz << 2, req->src, dma); dma = le64_to_cpu(sqe->out); if (unlikely(dma_mapping_error(dev, dma))) return; if (req->dst) dma_free_coherent(dev, ctx->key_sz << 1, req->dst, dma); if (dst) dma_unmap_single(dev, dma, ctx->key_sz << 1, DMA_FROM_DEVICE); } static void hpre_ecdh_cb(struct hpre_ctx *ctx, void *resp) { unsigned int curve_sz = hpre_ecdh_get_curvesz(ctx->curve_id); struct hpre_dfx *dfx = ctx->hpre->debug.dfx; struct hpre_asym_request *req = NULL; struct kpp_request *areq; u64 overtime_thrhld; char *p; int ret; ret = hpre_alg_res_post_hf(ctx, resp, (void **)&req); areq = req->areq.ecdh; areq->dst_len = ctx->key_sz << 1; overtime_thrhld = atomic64_read(&dfx[HPRE_OVERTIME_THRHLD].value); if (overtime_thrhld && hpre_is_bd_timeout(req, overtime_thrhld)) atomic64_inc(&dfx[HPRE_OVER_THRHLD_CNT].value); p = sg_virt(areq->dst); memmove(p, p + ctx->key_sz - curve_sz, curve_sz); memmove(p + curve_sz, p + areq->dst_len - curve_sz, curve_sz); hpre_ecdh_hw_data_clr_all(ctx, req, areq->dst, areq->src); kpp_request_complete(areq, ret); atomic64_inc(&dfx[HPRE_RECV_CNT].value); } static int hpre_ecdh_msg_request_set(struct hpre_ctx *ctx, struct kpp_request *req) { struct hpre_asym_request *h_req; struct hpre_sqe *msg; int req_id; void *tmp; if (req->dst_len < ctx->key_sz << 1) { req->dst_len = ctx->key_sz << 1; return -EINVAL; } tmp = kpp_request_ctx(req); h_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); h_req->cb = hpre_ecdh_cb; h_req->areq.ecdh = req; msg = &h_req->req; memset(msg, 0, sizeof(*msg)); msg->in = cpu_to_le64(DMA_MAPPING_ERROR); msg->out = cpu_to_le64(DMA_MAPPING_ERROR); msg->key = cpu_to_le64(ctx->ecdh.dma_p); msg->dw0 |= cpu_to_le32(0x1U << HPRE_SQE_DONE_SHIFT); msg->task_len1 = (ctx->key_sz >> HPRE_BITS_2_BYTES_SHIFT) - 1; h_req->ctx = ctx; req_id = hpre_add_req_to_ctx(h_req); if (req_id < 0) return -EBUSY; msg->tag = cpu_to_le16((u16)req_id); return 0; } static int hpre_ecdh_src_data_init(struct hpre_asym_request *hpre_req, struct scatterlist *data, unsigned int len) { struct hpre_sqe *msg = &hpre_req->req; struct hpre_ctx *ctx = hpre_req->ctx; struct device *dev = ctx->dev; unsigned int tmpshift; dma_addr_t dma = 0; void *ptr; int shift; /* Src_data include gx and gy. */ shift = ctx->key_sz - (len >> 1); if (unlikely(shift < 0)) return -EINVAL; ptr = dma_alloc_coherent(dev, ctx->key_sz << 2, &dma, GFP_KERNEL); if (unlikely(!ptr)) return -ENOMEM; tmpshift = ctx->key_sz << 1; scatterwalk_map_and_copy(ptr + tmpshift, data, 0, len, 0); memcpy(ptr + shift, ptr + tmpshift, len >> 1); memcpy(ptr + ctx->key_sz + shift, ptr + tmpshift + (len >> 1), len >> 1); hpre_req->src = ptr; msg->in = cpu_to_le64(dma); return 0; } static int hpre_ecdh_dst_data_init(struct hpre_asym_request *hpre_req, struct scatterlist *data, unsigned int len) { struct hpre_sqe *msg = &hpre_req->req; struct hpre_ctx *ctx = hpre_req->ctx; struct device *dev = ctx->dev; dma_addr_t dma; if (unlikely(!data || !sg_is_last(data) || len != ctx->key_sz << 1)) { dev_err(dev, "data or data length is illegal!\n"); return -EINVAL; } hpre_req->dst = NULL; dma = dma_map_single(dev, sg_virt(data), len, DMA_FROM_DEVICE); if (unlikely(dma_mapping_error(dev, dma))) { dev_err(dev, "dma map data err!\n"); return -ENOMEM; } msg->out = cpu_to_le64(dma); return 0; } static int hpre_ecdh_compute_value(struct kpp_request *req) { struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); struct device *dev = ctx->dev; void *tmp = kpp_request_ctx(req); struct hpre_asym_request *hpre_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); struct hpre_sqe *msg = &hpre_req->req; int ret; ret = hpre_ecdh_msg_request_set(ctx, req); if (unlikely(ret)) { dev_err(dev, "failed to set ecdh request, ret = %d!\n", ret); return ret; } if (req->src) { ret = hpre_ecdh_src_data_init(hpre_req, req->src, req->src_len); if (unlikely(ret)) { dev_err(dev, "failed to init src data, ret = %d!\n", ret); goto clear_all; } } else { msg->in = cpu_to_le64(ctx->ecdh.dma_g); } ret = hpre_ecdh_dst_data_init(hpre_req, req->dst, req->dst_len); if (unlikely(ret)) { dev_err(dev, "failed to init dst data, ret = %d!\n", ret); goto clear_all; } msg->dw0 = cpu_to_le32(le32_to_cpu(msg->dw0) | HPRE_ALG_ECC_MUL); ret = hpre_send(ctx, msg); if (likely(!ret)) return -EINPROGRESS; clear_all: hpre_rm_req_from_ctx(hpre_req); hpre_ecdh_hw_data_clr_all(ctx, hpre_req, req->dst, req->src); return ret; } static unsigned int hpre_ecdh_max_size(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); /* max size is the pub_key_size, include x and y */ return ctx->key_sz << 1; } static int hpre_ecdh_nist_p192_init_tfm(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); ctx->curve_id = ECC_CURVE_NIST_P192; return hpre_ctx_init(ctx, HPRE_V3_ECC_ALG_TYPE); } static int hpre_ecdh_nist_p256_init_tfm(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); ctx->curve_id = ECC_CURVE_NIST_P256; return hpre_ctx_init(ctx, HPRE_V3_ECC_ALG_TYPE); } static int hpre_ecdh_nist_p384_init_tfm(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); ctx->curve_id = ECC_CURVE_NIST_P384; return hpre_ctx_init(ctx, HPRE_V3_ECC_ALG_TYPE); } static void hpre_ecdh_exit_tfm(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); hpre_ecc_clear_ctx(ctx, true, true); } static void hpre_curve25519_fill_curve(struct hpre_ctx *ctx, const void *buf, unsigned int len) { u8 secret[CURVE25519_KEY_SIZE] = { 0 }; unsigned int sz = ctx->key_sz; const struct ecc_curve *curve; unsigned int shift = sz << 1; void *p; /* * The key from 'buf' is in little-endian, we should preprocess it as * the description in rfc7748: "k[0] &= 248, k[31] &= 127, k[31] |= 64", * then convert it to big endian. Only in this way, the result can be * the same as the software curve-25519 that exists in crypto. */ memcpy(secret, buf, len); curve25519_clamp_secret(secret); hpre_key_to_big_end(secret, CURVE25519_KEY_SIZE); p = ctx->curve25519.p + sz - len; curve = ecc_get_curve25519(); /* fill curve parameters */ fill_curve_param(p, curve->p, len, curve->g.ndigits); fill_curve_param(p + sz, curve->a, len, curve->g.ndigits); memcpy(p + shift, secret, len); fill_curve_param(p + shift + sz, curve->g.x, len, curve->g.ndigits); memzero_explicit(secret, CURVE25519_KEY_SIZE); } static int hpre_curve25519_set_param(struct hpre_ctx *ctx, const void *buf, unsigned int len) { struct device *dev = ctx->dev; unsigned int sz = ctx->key_sz; unsigned int shift = sz << 1; /* p->a->k->gx */ if (!ctx->curve25519.p) { ctx->curve25519.p = dma_alloc_coherent(dev, sz << 2, &ctx->curve25519.dma_p, GFP_KERNEL); if (!ctx->curve25519.p) return -ENOMEM; } ctx->curve25519.g = ctx->curve25519.p + shift + sz; ctx->curve25519.dma_g = ctx->curve25519.dma_p + shift + sz; hpre_curve25519_fill_curve(ctx, buf, len); return 0; } static int hpre_curve25519_set_secret(struct crypto_kpp *tfm, const void *buf, unsigned int len) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); struct device *dev = ctx->dev; int ret = -EINVAL; if (len != CURVE25519_KEY_SIZE || !crypto_memneq(buf, curve25519_null_point, CURVE25519_KEY_SIZE)) { dev_err(dev, "key is null or key len is not 32bytes!\n"); return ret; } /* Free old secret if any */ hpre_ecc_clear_ctx(ctx, false, false); ctx->key_sz = CURVE25519_KEY_SIZE; ret = hpre_curve25519_set_param(ctx, buf, CURVE25519_KEY_SIZE); if (ret) { dev_err(dev, "failed to set curve25519 param, ret = %d!\n", ret); hpre_ecc_clear_ctx(ctx, false, false); return ret; } return 0; } static void hpre_curve25519_hw_data_clr_all(struct hpre_ctx *ctx, struct hpre_asym_request *req, struct scatterlist *dst, struct scatterlist *src) { struct device *dev = ctx->dev; struct hpre_sqe *sqe = &req->req; dma_addr_t dma; dma = le64_to_cpu(sqe->in); if (unlikely(dma_mapping_error(dev, dma))) return; if (src && req->src) dma_free_coherent(dev, ctx->key_sz, req->src, dma); dma = le64_to_cpu(sqe->out); if (unlikely(dma_mapping_error(dev, dma))) return; if (req->dst) dma_free_coherent(dev, ctx->key_sz, req->dst, dma); if (dst) dma_unmap_single(dev, dma, ctx->key_sz, DMA_FROM_DEVICE); } static void hpre_curve25519_cb(struct hpre_ctx *ctx, void *resp) { struct hpre_dfx *dfx = ctx->hpre->debug.dfx; struct hpre_asym_request *req = NULL; struct kpp_request *areq; u64 overtime_thrhld; int ret; ret = hpre_alg_res_post_hf(ctx, resp, (void **)&req); areq = req->areq.curve25519; areq->dst_len = ctx->key_sz; overtime_thrhld = atomic64_read(&dfx[HPRE_OVERTIME_THRHLD].value); if (overtime_thrhld && hpre_is_bd_timeout(req, overtime_thrhld)) atomic64_inc(&dfx[HPRE_OVER_THRHLD_CNT].value); hpre_key_to_big_end(sg_virt(areq->dst), CURVE25519_KEY_SIZE); hpre_curve25519_hw_data_clr_all(ctx, req, areq->dst, areq->src); kpp_request_complete(areq, ret); atomic64_inc(&dfx[HPRE_RECV_CNT].value); } static int hpre_curve25519_msg_request_set(struct hpre_ctx *ctx, struct kpp_request *req) { struct hpre_asym_request *h_req; struct hpre_sqe *msg; int req_id; void *tmp; if (unlikely(req->dst_len < ctx->key_sz)) { req->dst_len = ctx->key_sz; return -EINVAL; } tmp = kpp_request_ctx(req); h_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); h_req->cb = hpre_curve25519_cb; h_req->areq.curve25519 = req; msg = &h_req->req; memset(msg, 0, sizeof(*msg)); msg->in = cpu_to_le64(DMA_MAPPING_ERROR); msg->out = cpu_to_le64(DMA_MAPPING_ERROR); msg->key = cpu_to_le64(ctx->curve25519.dma_p); msg->dw0 |= cpu_to_le32(0x1U << HPRE_SQE_DONE_SHIFT); msg->task_len1 = (ctx->key_sz >> HPRE_BITS_2_BYTES_SHIFT) - 1; h_req->ctx = ctx; req_id = hpre_add_req_to_ctx(h_req); if (req_id < 0) return -EBUSY; msg->tag = cpu_to_le16((u16)req_id); return 0; } static void hpre_curve25519_src_modulo_p(u8 *ptr) { int i; for (i = 0; i < CURVE25519_KEY_SIZE - 1; i++) ptr[i] = 0; /* The modulus is ptr's last byte minus '0xed'(last byte of p) */ ptr[i] -= 0xed; } static int hpre_curve25519_src_init(struct hpre_asym_request *hpre_req, struct scatterlist *data, unsigned int len) { struct hpre_sqe *msg = &hpre_req->req; struct hpre_ctx *ctx = hpre_req->ctx; struct device *dev = ctx->dev; u8 p[CURVE25519_KEY_SIZE] = { 0 }; const struct ecc_curve *curve; dma_addr_t dma = 0; u8 *ptr; if (len != CURVE25519_KEY_SIZE) { dev_err(dev, "sourc_data len is not 32bytes, len = %u!\n", len); return -EINVAL; } ptr = dma_alloc_coherent(dev, ctx->key_sz, &dma, GFP_KERNEL); if (unlikely(!ptr)) return -ENOMEM; scatterwalk_map_and_copy(ptr, data, 0, len, 0); if (!crypto_memneq(ptr, curve25519_null_point, CURVE25519_KEY_SIZE)) { dev_err(dev, "gx is null!\n"); goto err; } /* * Src_data(gx) is in little-endian order, MSB in the final byte should * be masked as described in RFC7748, then transform it to big-endian * form, then hisi_hpre can use the data. */ ptr[31] &= 0x7f; hpre_key_to_big_end(ptr, CURVE25519_KEY_SIZE); curve = ecc_get_curve25519(); fill_curve_param(p, curve->p, CURVE25519_KEY_SIZE, curve->g.ndigits); /* * When src_data equals (2^255 - 19) ~ (2^255 - 1), it is out of p, * we get its modulus to p, and then use it. */ if (memcmp(ptr, p, ctx->key_sz) == 0) { dev_err(dev, "gx is p!\n"); goto err; } else if (memcmp(ptr, p, ctx->key_sz) > 0) { hpre_curve25519_src_modulo_p(ptr); } hpre_req->src = ptr; msg->in = cpu_to_le64(dma); return 0; err: dma_free_coherent(dev, ctx->key_sz, ptr, dma); return -EINVAL; } static int hpre_curve25519_dst_init(struct hpre_asym_request *hpre_req, struct scatterlist *data, unsigned int len) { struct hpre_sqe *msg = &hpre_req->req; struct hpre_ctx *ctx = hpre_req->ctx; struct device *dev = ctx->dev; dma_addr_t dma; if (!data || !sg_is_last(data) || len != ctx->key_sz) { dev_err(dev, "data or data length is illegal!\n"); return -EINVAL; } hpre_req->dst = NULL; dma = dma_map_single(dev, sg_virt(data), len, DMA_FROM_DEVICE); if (unlikely(dma_mapping_error(dev, dma))) { dev_err(dev, "dma map data err!\n"); return -ENOMEM; } msg->out = cpu_to_le64(dma); return 0; } static int hpre_curve25519_compute_value(struct kpp_request *req) { struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); struct device *dev = ctx->dev; void *tmp = kpp_request_ctx(req); struct hpre_asym_request *hpre_req = PTR_ALIGN(tmp, HPRE_ALIGN_SZ); struct hpre_sqe *msg = &hpre_req->req; int ret; ret = hpre_curve25519_msg_request_set(ctx, req); if (unlikely(ret)) { dev_err(dev, "failed to set curve25519 request, ret = %d!\n", ret); return ret; } if (req->src) { ret = hpre_curve25519_src_init(hpre_req, req->src, req->src_len); if (unlikely(ret)) { dev_err(dev, "failed to init src data, ret = %d!\n", ret); goto clear_all; } } else { msg->in = cpu_to_le64(ctx->curve25519.dma_g); } ret = hpre_curve25519_dst_init(hpre_req, req->dst, req->dst_len); if (unlikely(ret)) { dev_err(dev, "failed to init dst data, ret = %d!\n", ret); goto clear_all; } msg->dw0 = cpu_to_le32(le32_to_cpu(msg->dw0) | HPRE_ALG_CURVE25519_MUL); ret = hpre_send(ctx, msg); if (likely(!ret)) return -EINPROGRESS; clear_all: hpre_rm_req_from_ctx(hpre_req); hpre_curve25519_hw_data_clr_all(ctx, hpre_req, req->dst, req->src); return ret; } static unsigned int hpre_curve25519_max_size(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); return ctx->key_sz; } static int hpre_curve25519_init_tfm(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); return hpre_ctx_init(ctx, HPRE_V3_ECC_ALG_TYPE); } static void hpre_curve25519_exit_tfm(struct crypto_kpp *tfm) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); hpre_ecc_clear_ctx(ctx, true, false); } static struct akcipher_alg rsa = { .sign = hpre_rsa_dec, .verify = hpre_rsa_enc, .encrypt = hpre_rsa_enc, .decrypt = hpre_rsa_dec, .set_pub_key = hpre_rsa_setpubkey, .set_priv_key = hpre_rsa_setprivkey, .max_size = hpre_rsa_max_size, .init = hpre_rsa_init_tfm, .exit = hpre_rsa_exit_tfm, .reqsize = sizeof(struct hpre_asym_request) + HPRE_ALIGN_SZ, .base = { .cra_ctxsize = sizeof(struct hpre_ctx), .cra_priority = HPRE_CRYPTO_ALG_PRI, .cra_name = "rsa", .cra_driver_name = "hpre-rsa", .cra_module = THIS_MODULE, }, }; static struct kpp_alg dh = { .set_secret = hpre_dh_set_secret, .generate_public_key = hpre_dh_compute_value, .compute_shared_secret = hpre_dh_compute_value, .max_size = hpre_dh_max_size, .init = hpre_dh_init_tfm, .exit = hpre_dh_exit_tfm, .reqsize = sizeof(struct hpre_asym_request) + HPRE_ALIGN_SZ, .base = { .cra_ctxsize = sizeof(struct hpre_ctx), .cra_priority = HPRE_CRYPTO_ALG_PRI, .cra_name = "dh", .cra_driver_name = "hpre-dh", .cra_module = THIS_MODULE, }, }; static struct kpp_alg ecdh_nist_p192 = { .set_secret = hpre_ecdh_set_secret, .generate_public_key = hpre_ecdh_compute_value, .compute_shared_secret = hpre_ecdh_compute_value, .max_size = hpre_ecdh_max_size, .init = hpre_ecdh_nist_p192_init_tfm, .exit = hpre_ecdh_exit_tfm, .reqsize = sizeof(struct hpre_asym_request) + HPRE_ALIGN_SZ, .base = { .cra_ctxsize = sizeof(struct hpre_ctx), .cra_priority = HPRE_CRYPTO_ALG_PRI, .cra_name = "ecdh-nist-p192", .cra_driver_name = "hpre-ecdh-nist-p192", .cra_module = THIS_MODULE, }, }; static struct kpp_alg ecdh_nist_p256 = { .set_secret = hpre_ecdh_set_secret, .generate_public_key = hpre_ecdh_compute_value, .compute_shared_secret = hpre_ecdh_compute_value, .max_size = hpre_ecdh_max_size, .init = hpre_ecdh_nist_p256_init_tfm, .exit = hpre_ecdh_exit_tfm, .reqsize = sizeof(struct hpre_asym_request) + HPRE_ALIGN_SZ, .base = { .cra_ctxsize = sizeof(struct hpre_ctx), .cra_priority = HPRE_CRYPTO_ALG_PRI, .cra_name = "ecdh-nist-p256", .cra_driver_name = "hpre-ecdh-nist-p256", .cra_module = THIS_MODULE, }, }; static struct kpp_alg ecdh_nist_p384 = { .set_secret = hpre_ecdh_set_secret, .generate_public_key = hpre_ecdh_compute_value, .compute_shared_secret = hpre_ecdh_compute_value, .max_size = hpre_ecdh_max_size, .init = hpre_ecdh_nist_p384_init_tfm, .exit = hpre_ecdh_exit_tfm, .reqsize = sizeof(struct hpre_asym_request) + HPRE_ALIGN_SZ, .base = { .cra_ctxsize = sizeof(struct hpre_ctx), .cra_priority = HPRE_CRYPTO_ALG_PRI, .cra_name = "ecdh-nist-p384", .cra_driver_name = "hpre-ecdh-nist-p384", .cra_module = THIS_MODULE, }, }; static struct kpp_alg curve25519_alg = { .set_secret = hpre_curve25519_set_secret, .generate_public_key = hpre_curve25519_compute_value, .compute_shared_secret = hpre_curve25519_compute_value, .max_size = hpre_curve25519_max_size, .init = hpre_curve25519_init_tfm, .exit = hpre_curve25519_exit_tfm, .reqsize = sizeof(struct hpre_asym_request) + HPRE_ALIGN_SZ, .base = { .cra_ctxsize = sizeof(struct hpre_ctx), .cra_priority = HPRE_CRYPTO_ALG_PRI, .cra_name = "curve25519", .cra_driver_name = "hpre-curve25519", .cra_module = THIS_MODULE, }, }; static int hpre_register_ecdh(void) { int ret; ret = crypto_register_kpp(&ecdh_nist_p192); if (ret) return ret; ret = crypto_register_kpp(&ecdh_nist_p256); if (ret) goto unregister_ecdh_p192; ret = crypto_register_kpp(&ecdh_nist_p384); if (ret) goto unregister_ecdh_p256; return 0; unregister_ecdh_p256: crypto_unregister_kpp(&ecdh_nist_p256); unregister_ecdh_p192: crypto_unregister_kpp(&ecdh_nist_p192); return ret; } static void hpre_unregister_ecdh(void) { crypto_unregister_kpp(&ecdh_nist_p384); crypto_unregister_kpp(&ecdh_nist_p256); crypto_unregister_kpp(&ecdh_nist_p192); } int hpre_algs_register(struct hisi_qm *qm) { int ret; rsa.base.cra_flags = 0; ret = crypto_register_akcipher(&rsa); if (ret) return ret; ret = crypto_register_kpp(&dh); if (ret) goto unreg_rsa; if (qm->ver >= QM_HW_V3) { ret = hpre_register_ecdh(); if (ret) goto unreg_dh; ret = crypto_register_kpp(&curve25519_alg); if (ret) goto unreg_ecdh; } return 0; unreg_ecdh: hpre_unregister_ecdh(); unreg_dh: crypto_unregister_kpp(&dh); unreg_rsa: crypto_unregister_akcipher(&rsa); return ret; } void hpre_algs_unregister(struct hisi_qm *qm) { if (qm->ver >= QM_HW_V3) { crypto_unregister_kpp(&curve25519_alg); hpre_unregister_ecdh(); } crypto_unregister_kpp(&dh); crypto_unregister_akcipher(&rsa); }