88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * CDDL HEADER START
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * The contents of this file are subject to the terms of the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Common Development and Distribution License (the "License").
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * You may not use this file except in compliance with the License.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * See the License for the specific language governing permissions
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * and limitations under the License.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * When distributing Covered Code, include this CDDL HEADER in each
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * If applicable, add the following below this CDDL HEADER, with the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * fields enclosed by brackets "[]" replaced with your own identifying
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * information: Portions Copyright [yyyy] [name of copyright owner]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * CDDL HEADER END
f317a3a3712d9b82387b437ac621db3733d8c804krishna * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Use is subject to license terms.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm#pragma ident "%Z%%M% %I% %E% SMI"
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Deimos - cryptographic acceleration based upon Broadcom 582x.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * DSA implementation.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmint dca_dsa_sign(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *sig,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmint dca_dsa_verify(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *sig,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmint dca_dsainit(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmdca_dsa_sign(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *sig,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DBG(dca, DWARN, "dca_dsa_sign: data length != %d", SHA1LEN);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* Return length needed to store the output. */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsa_sign: output buffer too short (%d < %d)",
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Don't change the data values of the data crypto_data_t structure
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * yet. Only reset the sig cd_length to zero before writing to it.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* dca_gather() increments cd_offset & dec. cd_length by SHA1LEN. */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* sync the input buffer */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * The output requires *two* buffers, r followed by s.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm reqp->dr_out_next = reqp->dr_ctx_paddr + reqp->dr_offset;
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* schedule the work by doing a submit */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if (rv != CRYPTO_QUEUED && rv != CRYPTO_BUFFER_TOO_SMALL)
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm return (rv);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmstatic void
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if (dca_check_dma_handle(reqp->dr_dca, reqp->dr_obuf_dmah,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Set the sig cd_length to zero so it's ready to take the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * signature. Have already confirmed its size is adequate.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsa_sign_done: dca_scatter() failed");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsa_sign_done: dca_scatter() failed");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* notify framework that request is completed */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsa_sign_done: rtn 0x%x to kef via crypto_op_notification",
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * For non-atomic operations, reqp will be freed in the kCF
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * callback function since it may be needed again if
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * CRYPTO_BUFFER_TOO_SMALL is returned to kCF
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmdca_dsa_verify(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *sig,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* Impossible for verify to be an in-place operation. */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DBG(dca, DWARN, "dca_dsa_verify: input length != %d", SHA1LEN);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DBG(dca, DWARN, "dca_dsa_verify: signature length != %d",
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* Don't change the data & sig values for verify. */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Grab h, r and s.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsa_vrfy: dca_gather() failed for h");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm err = dca_gather(sig, reqp->dr_ibuf_kaddr+SHA1LEN, DSAPARTLEN, 1);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsa_vrfy: dca_gather() failed for r");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm err = dca_gather(sig, reqp->dr_ibuf_kaddr+SHA1LEN+DSAPARTLEN,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsa_vrfy: dca_gather() failed for s");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * As dca_gather() increments the cd_offset and decrements
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * the cd_length as it copies the data rewind the values ready for
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * the final compare.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* sync the input buffer */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm (void) ddi_dma_sync(reqp->dr_ibuf_dmah, 0, SHA1LEN + DSAPARTLEN,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Input requires three buffers. m, followed by r, followed by s.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * In order to deal with things cleanly, we reverse the signature
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * into the buffer and then fix up the pointers.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* setup 1st chain for r */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PUTDESC32(reqp, kaddr, DESC_BUFADDR, reqp->dr_ibuf_paddr + SHA1LEN);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* and 2nd chain for s */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm kaddr = reqp->dr_ctx_kaddr + reqp->dr_offset + DESC_SIZE;
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PUTDESC32(reqp, kaddr, DESC_BUFADDR, reqp->dr_ibuf_paddr +
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* schedule the work by doing a submit */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if (rv != CRYPTO_QUEUED && rv != CRYPTO_BUFFER_TOO_SMALL) {
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm return (rv);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmstatic void
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if (dca_check_dma_handle(reqp->dr_dca, reqp->dr_obuf_dmah,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* Can only handle a contiguous data buffer currently. */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* VERIFY FAILED */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* notify framework that request is completed */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsa_verify_done: rtn 0x%x to kef via crypto_op_notification",
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * For non-atomic operations, reqp will be freed in the kCF
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * callback function since it may be needed again if
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * CRYPTO_BUFFER_TOO_SMALL is returned to kCF
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm/* ARGSUSED */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmdca_dsainit(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm uchar_t *p, *q, *g, *x;
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "dca_dsainit: unable to allocate request for DSA");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* Prime */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if (dca_attr_lookup_uint8_array(attr, key->ck_count, CKA_PRIME,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm (void *) &p, &plen)) {
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DBG(NULL, DWARN, "dca_dsainit: prime key value not present");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* Subprime */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if (dca_attr_lookup_uint8_array(attr, key->ck_count, CKA_SUBPRIME,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm (void *) &q, &qlen)) {
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DBG(NULL, DWARN, "dca_dsainit: subprime key value not present");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* Base */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if (dca_attr_lookup_uint8_array(attr, key->ck_count, CKA_BASE,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm (void *) &g, &glen)) {
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DBG(NULL, DWARN, "dca_dsainit: base key value not present");
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* Value */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if (dca_attr_lookup_uint8_array(attr, key->ck_count, CKA_VALUE,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm (void *) &x, &xlen)) {
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* maximum 1Kbit key */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DBG(NULL, DWARN, "dca_dsainit: maximum 1Kbit key (%d)", plen);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DBG(NULL, DWARN, "dca_dsainit: q is too long (%d)", qlen);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Setup the key partion of the request.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* accounts for leading context words */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm /* store the bignums */
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm return (rv);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm crypto_key_t *key, crypto_data_t *data, crypto_data_t *sig,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm return (rv);
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * Set the atomic flag so that the hardware callback function
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * will free the context.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm ((dca_request_t *)ctx.cc_provider_private)->dr_ctx.atomic = 1;
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * The context will be freed in the hardware callback function if it
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm * is queued
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm return (rv);