1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /* Copyright(c) 2007-2025 Intel Corporation */
3
4 /**
5 *****************************************************************************
6 * @file lac_sym_key.c
7 *
8 * @ingroup LacSymKey
9 *
10 * This file contains the implementation of all keygen functionality
11 *
12 *****************************************************************************/
13
14 /*
15 *******************************************************************************
16 * Include public/global header files
17 *******************************************************************************
18 */
19 #include "cpa.h"
20 #include "cpa_cy_key.h"
21 #include "cpa_cy_im.h"
22
23 /*
24 *******************************************************************************
25 * Include private header files
26 *******************************************************************************
27 */
28 #include "icp_accel_devices.h"
29 #include "icp_adf_debug.h"
30 #include "icp_adf_init.h"
31 #include "icp_adf_transport.h"
32
33 #include "qat_utils.h"
34
35 #include "lac_log.h"
36 #include "lac_hooks.h"
37 #include "lac_sym.h"
38 #include "lac_sym_qat_hash_defs_lookup.h"
39 #include "lac_sym_qat.h"
40 #include "lac_sal.h"
41 #include "lac_sym_key.h"
42 #include "lac_sal_types_crypto.h"
43 #include "sal_service_state.h"
44 #include "lac_sym_qat_key.h"
45 #include "lac_sym_hash_defs.h"
46 #include "sal_statistics.h"
47
48 /* Number of statistics */
49 #define LAC_KEY_NUM_STATS (sizeof(CpaCyKeyGenStats64) / sizeof(Cpa64U))
50
51 #define LAC_KEY_STAT_INC(statistic, instanceHandle) \
52 do { \
53 sal_crypto_service_t *pService = NULL; \
54 pService = (sal_crypto_service_t *)instanceHandle; \
55 if (CPA_TRUE == \
56 pService->generic_service_info.stats \
57 ->bKeyGenStatsEnabled) { \
58 qatUtilsAtomicInc( \
59 &pService \
60 ->pLacKeyStats[offsetof(CpaCyKeyGenStats64, \
61 statistic) / \
62 sizeof(Cpa64U)]); \
63 } \
64 } while (0)
65 /**< Macro to increment a Key stat (derives offset into array of atomics) */
66
67 #define LAC_KEY_STATS32_GET(keyStats, instanceHandle) \
68 do { \
69 int i; \
70 sal_crypto_service_t *pService = \
71 (sal_crypto_service_t *)instanceHandle; \
72 for (i = 0; i < LAC_KEY_NUM_STATS; i++) { \
73 ((Cpa32U *)&(keyStats))[i] = \
74 (Cpa32U)qatUtilsAtomicGet( \
75 &pService->pLacKeyStats[i]); \
76 } \
77 } while (0)
78 /**< Macro to get all 32bit Key stats (from internal array of atomics) */
79
80 #define LAC_KEY_STATS64_GET(keyStats, instanceHandle) \
81 do { \
82 int i; \
83 sal_crypto_service_t *pService = \
84 (sal_crypto_service_t *)instanceHandle; \
85 for (i = 0; i < LAC_KEY_NUM_STATS; i++) { \
86 ((Cpa64U *)&(keyStats))[i] = \
87 qatUtilsAtomicGet(&pService->pLacKeyStats[i]); \
88 } \
89 } while (0)
90 /**< Macro to get all 64bit Key stats (from internal array of atomics) */
91
92 #define IS_HKDF_UNSUPPORTED(cmdId, hkdfSupported) \
93 ((ICP_QAT_FW_LA_CMD_HKDF_EXTRACT <= cmdId && \
94 ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND_LABEL >= cmdId) && \
95 !hkdfSupported) /**< macro to check whether the HKDF algorithm can be \
96 supported on the device */
97
98 /* Sublabel for HKDF TLS Key Generation, as defined in RFC8446. */
99 const static Cpa8U key256[HKDF_SUB_LABEL_KEY_LENGTH] = { 0, 16, 9, 't',
100 'l', 's', '1', '3',
101 ' ', 'k', 'e', 'y',
102 0 };
103 const static Cpa8U key384[HKDF_SUB_LABEL_KEY_LENGTH] = { 0, 32, 9, 't',
104 'l', 's', '1', '3',
105 ' ', 'k', 'e', 'y',
106 0 };
107 const static Cpa8U keyChaChaPoly[HKDF_SUB_LABEL_KEY_LENGTH] = { 0, 32, 9,
108 't', 'l', 's',
109 '1', '3', ' ',
110 'k', 'e', 'y',
111 0 };
112 /* Sublabel for HKDF TLS IV key Generation, as defined in RFC8446. */
113 const static Cpa8U iv256[HKDF_SUB_LABEL_IV_LENGTH] = { 0, 12, 8, 't',
114 'l', 's', '1', '3',
115 ' ', 'i', 'v', 0 };
116 const static Cpa8U iv384[HKDF_SUB_LABEL_IV_LENGTH] = { 0, 12, 8, 't',
117 'l', 's', '1', '3',
118 ' ', 'i', 'v', 0 };
119 /* Sublabel for HKDF TLS RESUMPTION key Generation, as defined in RFC8446. */
120 const static Cpa8U resumption256[HKDF_SUB_LABEL_RESUMPTION_LENGTH] =
121 { 0, 32, 16, 't', 'l', 's', '1', '3', ' ', 'r',
122 'e', 's', 'u', 'm', 'p', 't', 'i', 'o', 'n', 0 };
123 const static Cpa8U resumption384[HKDF_SUB_LABEL_RESUMPTION_LENGTH] =
124 { 0, 48, 16, 't', 'l', 's', '1', '3', ' ', 'r',
125 'e', 's', 'u', 'm', 'p', 't', 'i', 'o', 'n', 0 };
126 /* Sublabel for HKDF TLS FINISHED key Generation, as defined in RFC8446. */
127 const static Cpa8U finished256[HKDF_SUB_LABEL_FINISHED_LENGTH] =
128 { 0, 32, 14, 't', 'l', 's', '1', '3', ' ',
129 'f', 'i', 'n', 'i', 's', 'h', 'e', 'd', 0 };
130 const static Cpa8U finished384[HKDF_SUB_LABEL_FINISHED_LENGTH] =
131 { 0, 48, 14, 't', 'l', 's', '1', '3', ' ',
132 'f', 'i', 'n', 'i', 's', 'h', 'e', 'd', 0 };
133
134 /**
135 ******************************************************************************
136 * @ingroup LacSymKey
137 * SSL/TLS stat type
138 *
139 * @description
140 * This enum determines which stat should be incremented
141 *****************************************************************************/
142 typedef enum {
143 LAC_KEY_REQUESTS = 0,
144 /**< Key requests sent */
145 LAC_KEY_REQUEST_ERRORS,
146 /**< Key requests errors */
147 LAC_KEY_COMPLETED,
148 /**< Key requests which received responses */
149 LAC_KEY_COMPLETED_ERRORS
150 /**< Key requests which received responses with errors */
151 } lac_key_stat_type_t;
152
153 /*** Local functions prototypes ***/
154 static void
155 LacSymKey_MgfHandleResponse(icp_qat_fw_la_cmd_id_t lacCmdId,
156 void *pOpaqueData,
157 icp_qat_fw_comn_flags cmnRespFlags);
158
159 static CpaStatus
160 LacSymKey_MgfSync(const CpaInstanceHandle instanceHandle,
161 const CpaCyGenFlatBufCbFunc pKeyGenCb,
162 void *pCallbackTag,
163 const void *pKeyGenMgfOpData,
164 CpaFlatBuffer *pGeneratedMaskBuffer,
165 CpaBoolean bIsExtRequest);
166
167 static void
168 LacSymKey_SslTlsHandleResponse(icp_qat_fw_la_cmd_id_t lacCmdId,
169 void *pOpaqueData,
170 icp_qat_fw_comn_flags cmnRespFlags);
171
172 static CpaStatus
173 LacSymKey_SslTlsSync(CpaInstanceHandle instanceHandle,
174 const CpaCyGenFlatBufCbFunc pKeyGenCb,
175 void *pCallbackTag,
176 icp_qat_fw_la_cmd_id_t lacCmdId,
177 void *pKeyGenSslTlsOpData,
178 Cpa8U hashAlgorithm,
179 CpaFlatBuffer *pKeyGenOutpuData);
180
181 /*** Implementation ***/
182
183 /**
184 ******************************************************************************
185 * @ingroup LacSymKey
186 * Get the instance handle. Support single handle.
187 * @param[in] instanceHandle_in user supplied handle.
188 * @retval CpaInstanceHandle the instance handle
189 */
190 static CpaInstanceHandle
LacKey_GetHandle(CpaInstanceHandle instanceHandle_in)191 LacKey_GetHandle(CpaInstanceHandle instanceHandle_in)
192 {
193 CpaInstanceHandle instanceHandle = NULL;
194 if (CPA_INSTANCE_HANDLE_SINGLE == instanceHandle_in) {
195 instanceHandle =
196 Lac_GetFirstHandle(SAL_SERVICE_TYPE_CRYPTO_SYM);
197 } else {
198 instanceHandle = instanceHandle_in;
199 }
200 return instanceHandle;
201 }
202
203 /**
204 *******************************************************************************
205 * @ingroup LacSymKey
206 * Perform SSL/TLS key gen operation
207 *
208 * @description
209 * Perform SSL/TLS key gen operation
210 *
211 * @param[in] instanceHandle QAT device handle.
212 * @param[in] pKeyGenCb Pointer to callback function to be invoked
213 * when the operation is complete.
214 * @param[in] pCallbackTag Opaque User Data for this specific call.
215 * @param[in] lacCmdId Lac command ID (identify SSL & TLS ops)
216 * @param[in] pKeyGenSslTlsOpData Structure containing all the data needed to
217 * perform the SSL/TLS key generation
218 * operation.
219 * @param[in] hashAlgorithm Specifies the hash algorithm to use.
220 * According to RFC5246, this should be
221 * "SHA-256 or a stronger standard hash
222 * function."
223 * @param[out] pKeyGenOutputData pointer to where output result should be
224 * written
225 *
226 * @retval CPA_STATUS_SUCCESS Function executed successfully.
227 * @retval CPA_STATUS_FAIL Function failed.
228 * @retval CPA_STATUS_RETRY Function should be retried.
229 * @retval CPA_STATUS_INVALID_PARAM Invalid parameter passed in.
230 * @retval CPA_STATUS_RESOURCE Error related to system resources.
231 *
232 *****************************************************************************/
233 static CpaStatus
234 LacSymKey_KeyGenSslTls_GenCommon(CpaInstanceHandle instanceHandle,
235 const CpaCyGenFlatBufCbFunc pKeyGenCb,
236 void *pCallbackTag,
237 icp_qat_fw_la_cmd_id_t lacCmdId,
238 void *pKeyGenSslTlsOpData,
239 Cpa8U hashAlgorithm,
240 CpaFlatBuffer *pKeyGenOutputData);
241
242 /**
243 ******************************************************************************
244 * @ingroup LacSymKey
245 * Increment stat for TLS or SSL operation
246 *
247 * @description
248 * This is a generic function to update the stats for either a TLS or SSL
249 * operation.
250 *
251 * @param[in] lacCmdId Indicate SSL or TLS operations
252 * @param[in] statType Statistics Type
253 * @param[in] instanceHandle Instance Handle
254 *
255 * @return None
256 *
257 *****************************************************************************/
258 static void
LacKey_StatsInc(icp_qat_fw_la_cmd_id_t lacCmdId,lac_key_stat_type_t statType,CpaInstanceHandle instanceHandle)259 LacKey_StatsInc(icp_qat_fw_la_cmd_id_t lacCmdId,
260 lac_key_stat_type_t statType,
261 CpaInstanceHandle instanceHandle)
262 {
263 if (ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE == lacCmdId) {
264 switch (statType) {
265 case LAC_KEY_REQUESTS:
266 LAC_KEY_STAT_INC(numSslKeyGenRequests, instanceHandle);
267 break;
268 case LAC_KEY_REQUEST_ERRORS:
269 LAC_KEY_STAT_INC(numSslKeyGenRequestErrors,
270 instanceHandle);
271 break;
272 case LAC_KEY_COMPLETED:
273 LAC_KEY_STAT_INC(numSslKeyGenCompleted, instanceHandle);
274 break;
275 case LAC_KEY_COMPLETED_ERRORS:
276 LAC_KEY_STAT_INC(numSslKeyGenCompletedErrors,
277 instanceHandle);
278 break;
279 default:
280 QAT_UTILS_LOG("Invalid statistics type\n");
281 break;
282 }
283 } else /* TLS v1.0/1.1 and 1.2 */
284 {
285 switch (statType) {
286 case LAC_KEY_REQUESTS:
287 LAC_KEY_STAT_INC(numTlsKeyGenRequests, instanceHandle);
288 break;
289 case LAC_KEY_REQUEST_ERRORS:
290 LAC_KEY_STAT_INC(numTlsKeyGenRequestErrors,
291 instanceHandle);
292 break;
293 case LAC_KEY_COMPLETED:
294 LAC_KEY_STAT_INC(numTlsKeyGenCompleted, instanceHandle);
295 break;
296 case LAC_KEY_COMPLETED_ERRORS:
297 LAC_KEY_STAT_INC(numTlsKeyGenCompletedErrors,
298 instanceHandle);
299 break;
300 default:
301 QAT_UTILS_LOG("Invalid statistics type\n");
302 break;
303 }
304 }
305 }
306
307 void
LacKeygen_StatsShow(CpaInstanceHandle instanceHandle)308 LacKeygen_StatsShow(CpaInstanceHandle instanceHandle)
309 {
310 CpaCyKeyGenStats64 keyStats = { 0 };
311
312 LAC_KEY_STATS64_GET(keyStats, instanceHandle);
313
314 QAT_UTILS_LOG(SEPARATOR BORDER
315 " Key Stats: " BORDER
316 "\n" SEPARATOR);
317
318 QAT_UTILS_LOG(BORDER " SSL Key Requests: %16llu " BORDER
319 "\n" BORDER
320 " SSL Key Request Errors: %16llu " BORDER
321 "\n" BORDER
322 " SSL Key Completed %16llu " BORDER
323 "\n" BORDER
324 " SSL Key Complete Errors: %16llu " BORDER
325 "\n" SEPARATOR,
326 (unsigned long long)keyStats.numSslKeyGenRequests,
327 (unsigned long long)keyStats.numSslKeyGenRequestErrors,
328 (unsigned long long)keyStats.numSslKeyGenCompleted,
329 (unsigned long long)keyStats.numSslKeyGenCompletedErrors);
330
331 QAT_UTILS_LOG(BORDER " TLS Key Requests: %16llu " BORDER
332 "\n" BORDER
333 " TLS Key Request Errors: %16llu " BORDER
334 "\n" BORDER
335 " TLS Key Completed %16llu " BORDER
336 "\n" BORDER
337 " TLS Key Complete Errors: %16llu " BORDER
338 "\n" SEPARATOR,
339 (unsigned long long)keyStats.numTlsKeyGenRequests,
340 (unsigned long long)keyStats.numTlsKeyGenRequestErrors,
341 (unsigned long long)keyStats.numTlsKeyGenCompleted,
342 (unsigned long long)keyStats.numTlsKeyGenCompletedErrors);
343
344 QAT_UTILS_LOG(BORDER " MGF Key Requests: %16llu " BORDER
345 "\n" BORDER
346 " MGF Key Request Errors: %16llu " BORDER
347 "\n" BORDER
348 " MGF Key Completed %16llu " BORDER
349 "\n" BORDER
350 " MGF Key Complete Errors: %16llu " BORDER
351 "\n" SEPARATOR,
352 (unsigned long long)keyStats.numMgfKeyGenRequests,
353 (unsigned long long)keyStats.numMgfKeyGenRequestErrors,
354 (unsigned long long)keyStats.numMgfKeyGenCompleted,
355 (unsigned long long)keyStats.numMgfKeyGenCompletedErrors);
356 }
357
358 /** @ingroup LacSymKey */
359 CpaStatus
cpaCyKeyGenQueryStats(CpaInstanceHandle instanceHandle_in,struct _CpaCyKeyGenStats * pSymKeyStats)360 cpaCyKeyGenQueryStats(CpaInstanceHandle instanceHandle_in,
361 struct _CpaCyKeyGenStats *pSymKeyStats)
362 {
363 CpaInstanceHandle instanceHandle = NULL;
364
365 if (CPA_INSTANCE_HANDLE_SINGLE == instanceHandle_in) {
366 instanceHandle =
367 Lac_GetFirstHandle(SAL_SERVICE_TYPE_CRYPTO_SYM);
368 } else {
369 instanceHandle = instanceHandle_in;
370 }
371
372 LAC_CHECK_INSTANCE_HANDLE(instanceHandle);
373 SAL_CHECK_INSTANCE_TYPE(instanceHandle,
374 (SAL_SERVICE_TYPE_CRYPTO |
375 SAL_SERVICE_TYPE_CRYPTO_SYM));
376 LAC_CHECK_NULL_PARAM(pSymKeyStats);
377
378 SAL_RUNNING_CHECK(instanceHandle);
379
380 LAC_KEY_STATS32_GET(*pSymKeyStats, instanceHandle);
381
382 return CPA_STATUS_SUCCESS;
383 }
384
385 /** @ingroup LacSymKey */
386 CpaStatus
cpaCyKeyGenQueryStats64(CpaInstanceHandle instanceHandle_in,CpaCyKeyGenStats64 * pSymKeyStats)387 cpaCyKeyGenQueryStats64(CpaInstanceHandle instanceHandle_in,
388 CpaCyKeyGenStats64 *pSymKeyStats)
389 {
390 CpaInstanceHandle instanceHandle = NULL;
391
392 if (CPA_INSTANCE_HANDLE_SINGLE == instanceHandle_in) {
393 instanceHandle =
394 Lac_GetFirstHandle(SAL_SERVICE_TYPE_CRYPTO_SYM);
395 } else {
396 instanceHandle = instanceHandle_in;
397 }
398
399 LAC_CHECK_INSTANCE_HANDLE(instanceHandle);
400 SAL_CHECK_INSTANCE_TYPE(instanceHandle,
401 (SAL_SERVICE_TYPE_CRYPTO |
402 SAL_SERVICE_TYPE_CRYPTO_SYM));
403 LAC_CHECK_NULL_PARAM(pSymKeyStats);
404
405 SAL_RUNNING_CHECK(instanceHandle);
406
407 LAC_KEY_STATS64_GET(*pSymKeyStats, instanceHandle);
408
409 return CPA_STATUS_SUCCESS;
410 }
411
412 /**
413 ******************************************************************************
414 * @ingroup LacSymKey
415 * Return the size of the digest for a specific hash algorithm.
416 * @description
417 * Return the expected digest size based on the sha algorithm submitted.
418 * The only supported value are sha256, sha384 and sha512.
419 *
420 * @param[in] hashAlgorithm either sha256, sha384 or sha512.
421 * @return the expected size or 0 for an invalid hash.
422 *
423 *****************************************************************************/
424 static Cpa32U
getDigestSizeFromHashAlgo(CpaCySymHashAlgorithm hashAlgorithm)425 getDigestSizeFromHashAlgo(CpaCySymHashAlgorithm hashAlgorithm)
426 {
427 switch (hashAlgorithm) {
428 case CPA_CY_SYM_HASH_SHA256:
429 return LAC_HASH_SHA256_DIGEST_SIZE;
430 case CPA_CY_SYM_HASH_SHA384:
431 return LAC_HASH_SHA384_DIGEST_SIZE;
432 case CPA_CY_SYM_HASH_SHA512:
433 return LAC_HASH_SHA512_DIGEST_SIZE;
434 case CPA_CY_SYM_HASH_SM3:
435 return LAC_HASH_SM3_DIGEST_SIZE;
436 default:
437 return 0;
438 }
439 }
440
441 /**
442 ******************************************************************************
443 * @ingroup LacSymKey
444 * Return the hash algorithm for a specific cipher.
445 * @description
446 * Return the hash algorithm related to the cipher suite.
447 * Supported hash's are SHA256, and SHA384.
448 *
449 * @param[in] cipherSuite AES_128_GCM, AES_256_GCM, AES_128_CCM,
450 * and CHACHA20_POLY1305.
451 * @return the expected hash algorithm or 0 for an invalid cipher.
452 *
453 *****************************************************************************/
454 static CpaCySymHashAlgorithm
getHashAlgorithmFromCipherSuiteHKDF(CpaCyKeyHKDFCipherSuite cipherSuite)455 getHashAlgorithmFromCipherSuiteHKDF(CpaCyKeyHKDFCipherSuite cipherSuite)
456 {
457 switch (cipherSuite) {
458 case CPA_CY_HKDF_TLS_AES_128_GCM_SHA256: /* Fall through */
459 case CPA_CY_HKDF_TLS_CHACHA20_POLY1305_SHA256:
460 case CPA_CY_HKDF_TLS_AES_128_CCM_SHA256:
461 case CPA_CY_HKDF_TLS_AES_128_CCM_8_SHA256:
462 return CPA_CY_SYM_HASH_SHA256;
463 case CPA_CY_HKDF_TLS_AES_256_GCM_SHA384:
464 return CPA_CY_SYM_HASH_SHA384;
465 default:
466 return 0;
467 }
468 }
469
470 /**
471 ******************************************************************************
472 * @ingroup LacSymKey
473 * Return the digest size of cipher.
474 * @description
475 * Return the output key size of specific cipher, for specified sub label
476 *
477 * @param[in] cipherSuite = AES_128_GCM, AES_256_GCM, AES_128_CCM,
478 * and CHACHA20_POLY1305.
479 * subLabels = KEY, IV, RESUMPTION, and FINISHED.
480 * @return the expected digest size of the cipher.
481 *
482 *****************************************************************************/
483 static const Cpa32U cipherSuiteHKDFHashSizes
484 [LAC_KEY_HKDF_CIPHERS_MAX][LAC_KEY_HKDF_SUBLABELS_MAX] = {
485 {}, /* Not used */
486 { 32, 16, 12, 32, 32 }, /* AES_128_GCM_SHA256 */
487 { 48, 32, 12, 48, 48 }, /* AES_256_GCM_SHA384 */
488 { 32, 32, 12, 32, 32 }, /* CHACHA20_POLY1305_SHA256 */
489 { 32, 16, 12, 32, 32 }, /* AES_128_CCM_SHA256 */
490 { 32, 16, 12, 32, 32 } /* AES_128_CCM_8_SHA256 */
491 };
492
493 /**
494 ******************************************************************************
495 * @ingroup LacSymKey
496 * Key Generation MGF response handler
497 *
498 * @description
499 * Handles Key Generation MGF response messages from the QAT.
500 *
501 * @param[in] lacCmdId Command id of the original request
502 * @param[in] pOpaqueData Pointer to opaque data that was in request
503 * @param[in] cmnRespFlags Indicates whether request succeeded
504 *
505 * @return void
506 *
507 *****************************************************************************/
508 static void
LacSymKey_MgfHandleResponse(icp_qat_fw_la_cmd_id_t lacCmdId,void * pOpaqueData,icp_qat_fw_comn_flags cmnRespFlags)509 LacSymKey_MgfHandleResponse(icp_qat_fw_la_cmd_id_t lacCmdId,
510 void *pOpaqueData,
511 icp_qat_fw_comn_flags cmnRespFlags)
512 {
513 CpaCyKeyGenMgfOpData *pMgfOpData = NULL;
514 lac_sym_key_cookie_t *pCookie = NULL;
515 CpaCyGenFlatBufCbFunc pKeyGenMgfCb = NULL;
516 void *pCallbackTag = NULL;
517 CpaFlatBuffer *pGeneratedKeyBuffer = NULL;
518 CpaStatus status = CPA_STATUS_SUCCESS;
519 CpaBoolean respStatusOk =
520 (ICP_QAT_FW_COMN_STATUS_FLAG_OK ==
521 ICP_QAT_FW_COMN_RESP_CRYPTO_STAT_GET(cmnRespFlags)) ?
522 CPA_TRUE :
523 CPA_FALSE;
524
525 pCookie = (lac_sym_key_cookie_t *)pOpaqueData;
526
527 if (CPA_TRUE == respStatusOk) {
528 status = CPA_STATUS_SUCCESS;
529 LAC_KEY_STAT_INC(numMgfKeyGenCompleted,
530 pCookie->instanceHandle);
531 } else {
532 status = CPA_STATUS_FAIL;
533 LAC_KEY_STAT_INC(numMgfKeyGenCompletedErrors,
534 pCookie->instanceHandle);
535 }
536
537 pKeyGenMgfCb = (CpaCyGenFlatBufCbFunc)(pCookie->pKeyGenCb);
538
539 pMgfOpData = pCookie->pKeyGenOpData;
540 pCallbackTag = pCookie->pCallbackTag;
541 pGeneratedKeyBuffer = pCookie->pKeyGenOutputData;
542
543 Lac_MemPoolEntryFree(pCookie);
544
545 (*pKeyGenMgfCb)(pCallbackTag, status, pMgfOpData, pGeneratedKeyBuffer);
546 }
547
548 /**
549 ******************************************************************************
550 * @ingroup LacSymKey
551 * Synchronous mode of operation wrapper function
552 *
553 * @description
554 * Wrapper function to implement synchronous mode of operation for
555 * cpaCyKeyGenMgf and cpaCyKeyGenMgfExt function.
556 *
557 * @param[in] instanceHandle Instance handle
558 * @param[in] pKeyGenCb Internal callback function pointer
559 * @param[in] pCallbackTag Callback tag
560 * @param[in] pKeyGenMgfOpData Pointer to user provided Op Data structure
561 * @param[in] pGeneratedMaskBuffer Pointer to a buffer where generated mask
562 * will be stored
563 * @param[in] bIsExtRequest Indicates origin of function call;
564 * if CPA_TRUE then the call comes from
565 * cpaCyKeyGenMgfExt function, otherwise
566 * from cpaCyKeyGenMgf
567 *
568 * @retval CPA_STATUS_SUCCESS Function executed successfully.
569 * @retval CPA_STATUS_FAIL Function failed.
570 * @retval CPA_STATUS_RETRY Function should be retried.
571 * @retval CPA_STATUS_INVALID_PARAM Invalid parameter passed in.
572 * @retval CPA_STATUS_RESOURCE Error related to system resources.
573 *
574 *****************************************************************************/
575 static CpaStatus
LacSymKey_MgfSync(const CpaInstanceHandle instanceHandle,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const void * pKeyGenMgfOpData,CpaFlatBuffer * pGeneratedMaskBuffer,CpaBoolean bIsExtRequest)576 LacSymKey_MgfSync(const CpaInstanceHandle instanceHandle,
577 const CpaCyGenFlatBufCbFunc pKeyGenCb,
578 void *pCallbackTag,
579 const void *pKeyGenMgfOpData,
580 CpaFlatBuffer *pGeneratedMaskBuffer,
581 CpaBoolean bIsExtRequest)
582 {
583 CpaStatus status = CPA_STATUS_SUCCESS;
584
585 lac_sync_op_data_t *pSyncCallbackData = NULL;
586
587 status = LacSync_CreateSyncCookie(&pSyncCallbackData);
588
589 if (CPA_STATUS_SUCCESS == status) {
590 if (CPA_TRUE == bIsExtRequest) {
591 status = cpaCyKeyGenMgfExt(
592 instanceHandle,
593 LacSync_GenFlatBufCb,
594 pSyncCallbackData,
595 (const CpaCyKeyGenMgfOpDataExt *)pKeyGenMgfOpData,
596 pGeneratedMaskBuffer);
597 } else {
598 status = cpaCyKeyGenMgf(instanceHandle,
599 LacSync_GenFlatBufCb,
600 pSyncCallbackData,
601 (const CpaCyKeyGenMgfOpData *)
602 pKeyGenMgfOpData,
603 pGeneratedMaskBuffer);
604 }
605 } else {
606 /* Failure allocating sync cookie */
607 LAC_KEY_STAT_INC(numMgfKeyGenRequestErrors, instanceHandle);
608 return status;
609 }
610
611 if (CPA_STATUS_SUCCESS == status) {
612 CpaStatus syncStatus = CPA_STATUS_SUCCESS;
613
614 syncStatus =
615 LacSync_WaitForCallback(pSyncCallbackData,
616 LAC_SYM_SYNC_CALLBACK_TIMEOUT,
617 &status,
618 NULL);
619
620 /* If callback doesn't come back */
621 if (CPA_STATUS_SUCCESS != syncStatus) {
622 LAC_KEY_STAT_INC(numMgfKeyGenCompletedErrors,
623 instanceHandle);
624 LAC_LOG_ERROR("Callback timed out");
625 status = syncStatus;
626 }
627 } else {
628 /* As the Request was not sent the Callback will never
629 * be called, so need to indicate that we're finished
630 * with cookie so it can be destroyed.
631 */
632 LacSync_SetSyncCookieComplete(pSyncCallbackData);
633 }
634
635 LacSync_DestroySyncCookie(&pSyncCallbackData);
636
637 return status;
638 }
639
640 /**
641 ******************************************************************************
642 * @ingroup LacSymKey
643 * Perform MGF key gen operation
644 *
645 * @description
646 * This function performs MGF key gen operation. It is common for requests
647 * coming from both cpaCyKeyGenMgf and cpaCyKeyGenMgfExt QAT API
648 * functions.
649 *
650 * @param[in] instanceHandle Instance handle
651 * @param[in] pKeyGenCb Pointer to callback function to be invoked
652 * when the operation is complete.
653 * @param[in] pCallbackTag Opaque User Data for this specific call.
654 * @param[in] pOpData Pointer to the Op Data structure provided by
655 * the user in API function call. For calls
656 * originating from cpaCyKeyGenMgfExt it will
657 * point to CpaCyKeyGenMgfOpDataExt type of
658 * structure while for calls originating from
659 * cpaCyKeyGenMgf it will point to
660 * CpaCyKeyGenMgfOpData type of structure.
661 * @param[in] pKeyGenMgfOpData Pointer to the user provided
662 * CpaCyKeyGenMgfOpData structure. For calls
663 * originating from cpaCyKeyGenMgf it will
664 * point to the same structure as pOpData
665 * parameter; for calls originating from
666 * cpaCyKeyGenMgfExt it will point to the
667 * baseOpData member of the
668 * CpaCyKeyGenMgfOpDataExt structure passed in
669 * as a parameter to the API function call.
670 * @param[in] pGeneratedMaskBuffer Pointer to a buffer where generated mask
671 * will be stored
672 * @param[in] hashAlgorithm Indicates which hash algorithm is to be used
673 * to perform MGF key gen operation. For calls
674 * originating from cpaCyKeyGenMgf it will
675 * always be CPA_CY_SYM_HASH_SHA1.
676 *
677 * @retval CPA_STATUS_SUCCESS Function executed successfully.
678 * @retval CPA_STATUS_FAIL Function failed.
679 * @retval CPA_STATUS_RETRY Function should be retried.
680 * @retval CPA_STATUS_INVALID_PARAM Invalid parameter passed in.
681 * @retval CPA_STATUS_RESOURCE Error related to system resources.
682 *
683 *****************************************************************************/
684 static CpaStatus
LacSymKey_MgfCommon(const CpaInstanceHandle instanceHandle,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const void * pOpData,const CpaCyKeyGenMgfOpData * pKeyGenMgfOpData,CpaFlatBuffer * pGeneratedMaskBuffer,CpaCySymHashAlgorithm hashAlgorithm)685 LacSymKey_MgfCommon(const CpaInstanceHandle instanceHandle,
686 const CpaCyGenFlatBufCbFunc pKeyGenCb,
687 void *pCallbackTag,
688 const void *pOpData,
689 const CpaCyKeyGenMgfOpData *pKeyGenMgfOpData,
690 CpaFlatBuffer *pGeneratedMaskBuffer,
691 CpaCySymHashAlgorithm hashAlgorithm)
692 {
693 CpaStatus status = CPA_STATUS_SUCCESS;
694
695 icp_qat_fw_la_bulk_req_t keyGenReq = { { 0 } };
696 icp_qat_la_bulk_req_hdr_t keyGenReqHdr = { { 0 } };
697 icp_qat_fw_la_key_gen_common_t keyGenReqMid = { { 0 } };
698 icp_qat_la_bulk_req_ftr_t keyGenReqFtr = { { { 0 } } };
699 Cpa8U *pMsgDummy = NULL;
700 Cpa8U *pCacheDummyHdr = NULL;
701 Cpa8U *pCacheDummyMid = NULL;
702 Cpa8U *pCacheDummyFtr = NULL;
703 sal_qat_content_desc_info_t contentDescInfo = { 0 };
704 lac_sym_key_cookie_t *pCookie = NULL;
705 lac_sym_cookie_t *pSymCookie = NULL;
706 sal_crypto_service_t *pService = NULL;
707 Cpa64U inputPhysAddr = 0;
708 Cpa64U outputPhysAddr = 0;
709 /* Structure initializer is supported by C99, but it is
710 * not supported by some former Intel compiler.
711 */
712 CpaCySymHashSetupData hashSetupData = { 0 };
713 Cpa32U hashBlkSizeInBytes = 0;
714 lac_sym_qat_hash_alg_info_t *pHashAlgInfo = NULL;
715 icp_qat_fw_serv_specif_flags laCmdFlags = 0;
716 icp_qat_fw_comn_flags cmnRequestFlags =
717 ICP_QAT_FW_COMN_FLAGS_BUILD(QAT_COMN_PTR_TYPE_FLAT,
718 QAT_COMN_CD_FLD_TYPE_64BIT_ADR);
719
720 pService = (sal_crypto_service_t *)instanceHandle;
721 LAC_CHECK_INSTANCE_HANDLE(instanceHandle);
722 SAL_CHECK_INSTANCE_TYPE(instanceHandle,
723 (SAL_SERVICE_TYPE_CRYPTO |
724 SAL_SERVICE_TYPE_CRYPTO_SYM));
725
726 SAL_RUNNING_CHECK(instanceHandle);
727 LAC_CHECK_NULL_PARAM(pOpData);
728 LAC_CHECK_NULL_PARAM(pKeyGenMgfOpData);
729 LAC_CHECK_NULL_PARAM(pGeneratedMaskBuffer);
730 LAC_CHECK_NULL_PARAM(pGeneratedMaskBuffer->pData);
731 LAC_CHECK_NULL_PARAM(pKeyGenMgfOpData->seedBuffer.pData);
732
733 /* Maximum seed length for MGF1 request */
734 if (pKeyGenMgfOpData->seedBuffer.dataLenInBytes >
735 ICP_QAT_FW_LA_MGF_SEED_LEN_MAX) {
736 LAC_INVALID_PARAM_LOG("seedBuffer.dataLenInBytes");
737 return CPA_STATUS_INVALID_PARAM;
738 }
739
740 /* Maximum mask length for MGF1 request */
741 if (pKeyGenMgfOpData->maskLenInBytes > ICP_QAT_FW_LA_MGF_MASK_LEN_MAX) {
742 LAC_INVALID_PARAM_LOG("maskLenInBytes");
743 return CPA_STATUS_INVALID_PARAM;
744 }
745
746 /* check for enough space in the flat buffer */
747 if (pKeyGenMgfOpData->maskLenInBytes >
748 pGeneratedMaskBuffer->dataLenInBytes) {
749 LAC_INVALID_PARAM_LOG("pGeneratedMaskBuffer.dataLenInBytes");
750 return CPA_STATUS_INVALID_PARAM;
751 }
752
753 /* Get hash alg info */
754 LacSymQat_HashAlgLookupGet(instanceHandle,
755 hashAlgorithm,
756 &pHashAlgInfo);
757
758 /* Allocate the cookie */
759 pCookie = (lac_sym_key_cookie_t *)Lac_MemPoolEntryAlloc(
760 pService->lac_sym_cookie_pool);
761 if (NULL == pCookie) {
762 LAC_LOG_ERROR("Cannot get mem pool entry");
763 status = CPA_STATUS_RESOURCE;
764 } else if ((void *)CPA_STATUS_RETRY == pCookie) {
765 pCookie = NULL;
766 status = CPA_STATUS_RETRY;
767 } else {
768 pSymCookie = (lac_sym_cookie_t *)pCookie;
769 }
770
771 if (CPA_STATUS_SUCCESS == status) {
772 /* populate the cookie */
773 pCookie->instanceHandle = instanceHandle;
774 pCookie->pCallbackTag = pCallbackTag;
775 pCookie->pKeyGenOpData = (void *)LAC_CONST_PTR_CAST(pOpData);
776 pCookie->pKeyGenCb = pKeyGenCb;
777 pCookie->pKeyGenOutputData = pGeneratedMaskBuffer;
778 hashSetupData.hashAlgorithm = hashAlgorithm;
779 hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN;
780 hashSetupData.digestResultLenInBytes =
781 pHashAlgInfo->digestLength;
782
783 /* Populate the CD ctrl Block (LW 27 - LW 31)
784 * and the CD Hash HW setup block
785 */
786 LacSymQat_HashContentDescInit(
787 &(keyGenReqFtr),
788 instanceHandle,
789 &hashSetupData,
790 /* point to base of hw setup block */
791 (Cpa8U *)pCookie->contentDesc,
792 LAC_SYM_KEY_NO_HASH_BLK_OFFSET_QW,
793 ICP_QAT_FW_SLICE_DRAM_WR,
794 ICP_QAT_HW_AUTH_MODE0, /* just a plain hash */
795 CPA_FALSE, /* Not using sym Constants Table in Shared SRAM
796 */
797 CPA_FALSE, /* not using the optimised Content Desc */
798 CPA_FALSE, /* Not using the stateful SHA3 Content Desc */
799 NULL,
800 &hashBlkSizeInBytes);
801
802 /* Populate the Req param LW 14-26 */
803 LacSymQat_KeyMgfRequestPopulate(
804 &keyGenReqHdr,
805 &keyGenReqMid,
806 pKeyGenMgfOpData->seedBuffer.dataLenInBytes,
807 pKeyGenMgfOpData->maskLenInBytes,
808 (Cpa8U)pHashAlgInfo->digestLength);
809
810 contentDescInfo.pData = pCookie->contentDesc;
811 contentDescInfo.hardwareSetupBlockPhys =
812 LAC_MEM_CAST_PTR_TO_UINT64(
813 pSymCookie->keyContentDescPhyAddr);
814 contentDescInfo.hwBlkSzQuadWords =
815 LAC_BYTES_TO_QUADWORDS(hashBlkSizeInBytes);
816
817 /* Populate common request fields */
818 inputPhysAddr =
819 LAC_MEM_CAST_PTR_TO_UINT64(LAC_OS_VIRT_TO_PHYS_EXTERNAL(
820 pService->generic_service_info,
821 pKeyGenMgfOpData->seedBuffer.pData));
822
823 if (inputPhysAddr == 0) {
824 LAC_LOG_ERROR(
825 "Unable to get the seed buffer physical address");
826 status = CPA_STATUS_FAIL;
827 }
828 outputPhysAddr = LAC_MEM_CAST_PTR_TO_UINT64(
829 LAC_OS_VIRT_TO_PHYS_EXTERNAL(pService->generic_service_info,
830 pGeneratedMaskBuffer->pData));
831 if (outputPhysAddr == 0) {
832 LAC_LOG_ERROR(
833 "Unable to get the physical address of the mask");
834 status = CPA_STATUS_FAIL;
835 }
836 }
837
838 if (CPA_STATUS_SUCCESS == status) {
839 /* Make up the full keyGenReq struct from its constituents */
840 pMsgDummy = (Cpa8U *)&(keyGenReq);
841 pCacheDummyHdr = (Cpa8U *)&(keyGenReqHdr);
842 pCacheDummyMid = (Cpa8U *)&(keyGenReqMid);
843 pCacheDummyFtr = (Cpa8U *)&(keyGenReqFtr);
844
845 memcpy(pMsgDummy,
846 pCacheDummyHdr,
847 (LAC_LONG_WORD_IN_BYTES * LAC_SIZE_OF_CACHE_HDR_IN_LW));
848 memset((pMsgDummy +
849 (LAC_LONG_WORD_IN_BYTES * LAC_SIZE_OF_CACHE_HDR_IN_LW)),
850 0,
851 (LAC_LONG_WORD_IN_BYTES *
852 LAC_SIZE_OF_CACHE_TO_CLEAR_IN_LW));
853 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
854 LAC_START_OF_CACHE_MID_IN_LW),
855 pCacheDummyMid,
856 (LAC_LONG_WORD_IN_BYTES * LAC_SIZE_OF_CACHE_MID_IN_LW));
857 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
858 LAC_START_OF_CACHE_FTR_IN_LW),
859 pCacheDummyFtr,
860 (LAC_LONG_WORD_IN_BYTES * LAC_SIZE_OF_CACHE_FTR_IN_LW));
861
862 SalQatMsg_ContentDescHdrWrite((icp_qat_fw_comn_req_t *)&(
863 keyGenReq),
864 &(contentDescInfo));
865
866 SalQatMsg_CmnHdrWrite((icp_qat_fw_comn_req_t *)&keyGenReq,
867 ICP_QAT_FW_COMN_REQ_CPM_FW_LA,
868 ICP_QAT_FW_LA_CMD_MGF1,
869 cmnRequestFlags,
870 laCmdFlags);
871
872 /*
873 * MGF uses a flat buffer but we can use zero for source and
874 * dest length because the firmware will use the seed length,
875 * hash length and mask length to find source length.
876 */
877 SalQatMsg_CmnMidWrite((icp_qat_fw_la_bulk_req_t *)&(keyGenReq),
878 pCookie,
879 LAC_SYM_KEY_QAT_PTR_TYPE,
880 inputPhysAddr,
881 outputPhysAddr,
882 0,
883 0);
884
885 /* Send to QAT */
886 status = icp_adf_transPutMsg(pService->trans_handle_sym_tx,
887 (void *)&(keyGenReq),
888 LAC_QAT_SYM_REQ_SZ_LW);
889 }
890 if (CPA_STATUS_SUCCESS == status) {
891 /* Update stats */
892 LAC_KEY_STAT_INC(numMgfKeyGenRequests, instanceHandle);
893 } else {
894 LAC_KEY_STAT_INC(numMgfKeyGenRequestErrors, instanceHandle);
895 /* clean up memory */
896 if (NULL != pCookie) {
897 Lac_MemPoolEntryFree(pCookie);
898 }
899 }
900 return status;
901 }
902
903 /**
904 * cpaCyKeyGenMgf
905 */
906 CpaStatus
cpaCyKeyGenMgf(const CpaInstanceHandle instanceHandle_in,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const CpaCyKeyGenMgfOpData * pKeyGenMgfOpData,CpaFlatBuffer * pGeneratedMaskBuffer)907 cpaCyKeyGenMgf(const CpaInstanceHandle instanceHandle_in,
908 const CpaCyGenFlatBufCbFunc pKeyGenCb,
909 void *pCallbackTag,
910 const CpaCyKeyGenMgfOpData *pKeyGenMgfOpData,
911 CpaFlatBuffer *pGeneratedMaskBuffer)
912 {
913 CpaInstanceHandle instanceHandle = NULL;
914
915 if (CPA_INSTANCE_HANDLE_SINGLE == instanceHandle_in) {
916 instanceHandle =
917 Lac_GetFirstHandle(SAL_SERVICE_TYPE_CRYPTO_SYM);
918 } else {
919 instanceHandle = instanceHandle_in;
920 }
921
922 /* If synchronous Operation */
923 if (NULL == pKeyGenCb) {
924 return LacSymKey_MgfSync(instanceHandle,
925 pKeyGenCb,
926 pCallbackTag,
927 (const void *)pKeyGenMgfOpData,
928 pGeneratedMaskBuffer,
929 CPA_FALSE);
930 }
931 /* Asynchronous Operation */
932 return LacSymKey_MgfCommon(instanceHandle,
933 pKeyGenCb,
934 pCallbackTag,
935 (const void *)pKeyGenMgfOpData,
936 pKeyGenMgfOpData,
937 pGeneratedMaskBuffer,
938 CPA_CY_SYM_HASH_SHA1);
939 }
940
941 /**
942 * cpaCyKeyGenMgfExt
943 */
944 CpaStatus
cpaCyKeyGenMgfExt(const CpaInstanceHandle instanceHandle_in,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const CpaCyKeyGenMgfOpDataExt * pKeyGenMgfOpDataExt,CpaFlatBuffer * pGeneratedMaskBuffer)945 cpaCyKeyGenMgfExt(const CpaInstanceHandle instanceHandle_in,
946 const CpaCyGenFlatBufCbFunc pKeyGenCb,
947 void *pCallbackTag,
948 const CpaCyKeyGenMgfOpDataExt *pKeyGenMgfOpDataExt,
949 CpaFlatBuffer *pGeneratedMaskBuffer)
950 {
951 CpaInstanceHandle instanceHandle = NULL;
952
953 if (CPA_INSTANCE_HANDLE_SINGLE == instanceHandle_in) {
954 instanceHandle =
955 Lac_GetFirstHandle(SAL_SERVICE_TYPE_CRYPTO_SYM);
956 } else {
957 instanceHandle = instanceHandle_in;
958 }
959
960 /* If synchronous Operation */
961 if (NULL == pKeyGenCb) {
962 return LacSymKey_MgfSync(instanceHandle,
963 pKeyGenCb,
964 pCallbackTag,
965 (const void *)pKeyGenMgfOpDataExt,
966 pGeneratedMaskBuffer,
967 CPA_TRUE);
968 }
969
970 /* Param check specific for Ext function, rest of parameters validated
971 * in LacSymKey_MgfCommon
972 */
973 LAC_CHECK_NULL_PARAM(pKeyGenMgfOpDataExt);
974 if (CPA_CY_SYM_HASH_MD5 > pKeyGenMgfOpDataExt->hashAlgorithm ||
975 CPA_CY_SYM_HASH_SHA512 < pKeyGenMgfOpDataExt->hashAlgorithm) {
976 LAC_INVALID_PARAM_LOG("hashAlgorithm");
977 return CPA_STATUS_INVALID_PARAM;
978 }
979
980 /* Asynchronous Operation */
981 return LacSymKey_MgfCommon(instanceHandle,
982 pKeyGenCb,
983 pCallbackTag,
984 (const void *)pKeyGenMgfOpDataExt,
985 &pKeyGenMgfOpDataExt->baseOpData,
986 pGeneratedMaskBuffer,
987 pKeyGenMgfOpDataExt->hashAlgorithm);
988 }
989
990 /**
991 ******************************************************************************
992 * @ingroup LacSymKey
993 * Key Generation SSL & TLS response handler
994 *
995 * @description
996 * Handles Key Generation SSL & TLS response messages from the QAT.
997 *
998 * @param[in] lacCmdId Command id of the original request
999 * @param[in] pOpaqueData Pointer to opaque data that was in request
1000 * @param[in] cmnRespFlags LA response flags
1001 *
1002 * @return void
1003 *
1004 *****************************************************************************/
1005 static void
LacSymKey_SslTlsHandleResponse(icp_qat_fw_la_cmd_id_t lacCmdId,void * pOpaqueData,icp_qat_fw_comn_flags cmnRespFlags)1006 LacSymKey_SslTlsHandleResponse(icp_qat_fw_la_cmd_id_t lacCmdId,
1007 void *pOpaqueData,
1008 icp_qat_fw_comn_flags cmnRespFlags)
1009 {
1010 void *pSslTlsOpData = NULL;
1011 CpaCyGenFlatBufCbFunc pKeyGenSslTlsCb = NULL;
1012 lac_sym_key_cookie_t *pCookie = NULL;
1013 void *pCallbackTag = NULL;
1014 CpaFlatBuffer *pGeneratedKeyBuffer = NULL;
1015 CpaStatus status = CPA_STATUS_SUCCESS;
1016
1017 CpaBoolean respStatusOk =
1018 (ICP_QAT_FW_COMN_STATUS_FLAG_OK ==
1019 ICP_QAT_FW_COMN_RESP_CRYPTO_STAT_GET(cmnRespFlags)) ?
1020 CPA_TRUE :
1021 CPA_FALSE;
1022
1023 pCookie = (lac_sym_key_cookie_t *)pOpaqueData;
1024
1025 pSslTlsOpData = pCookie->pKeyGenOpData;
1026
1027 if (CPA_TRUE == respStatusOk) {
1028 LacKey_StatsInc(lacCmdId,
1029 LAC_KEY_COMPLETED,
1030 pCookie->instanceHandle);
1031 } else {
1032 status = CPA_STATUS_FAIL;
1033 LacKey_StatsInc(lacCmdId,
1034 LAC_KEY_COMPLETED_ERRORS,
1035 pCookie->instanceHandle);
1036 }
1037
1038 pKeyGenSslTlsCb = (CpaCyGenFlatBufCbFunc)(pCookie->pKeyGenCb);
1039
1040 pCallbackTag = pCookie->pCallbackTag;
1041 pGeneratedKeyBuffer = pCookie->pKeyGenOutputData;
1042
1043 Lac_MemPoolEntryFree(pCookie);
1044
1045 (*pKeyGenSslTlsCb)(pCallbackTag,
1046 status,
1047 pSslTlsOpData,
1048 pGeneratedKeyBuffer);
1049 }
1050
1051 /**
1052 *******************************************************************************
1053 * @ingroup LacSymKey
1054 * Synchronous mode of operation function wrapper for performing SSL/TLS
1055 * key gen operation
1056 *
1057 * @description
1058 * Synchronous mode of operation function wrapper for performing SSL/TLS
1059 * key gen operation
1060 *
1061 * @param[in] instanceHandle QAT device handle.
1062 * @param[in] pKeyGenCb Pointer to callback function to be invoked
1063 * when the operation is complete.
1064 * @param[in] pCallbackTag Opaque User Data for this specific call.
1065 * @param[in] lacCmdId Lac command ID (identify SSL & TLS ops)
1066 * @param[in] pKeyGenSslTlsOpData Structure containing all the data needed to
1067 * perform the SSL/TLS key generation
1068 * operation.
1069 * @param[in] hashAlgorithm Specifies the hash algorithm to use.
1070 * According to RFC5246, this should be
1071 * "SHA-256 or a stronger standard hash
1072 * function."
1073 * @param[out] pKeyGenOutputData pointer to where output result should be
1074 * written
1075 *
1076 * @retval CPA_STATUS_SUCCESS Function executed successfully.
1077 * @retval CPA_STATUS_FAIL Function failed.
1078 * @retval CPA_STATUS_RETRY Function should be retried.
1079 * @retval CPA_STATUS_INVALID_PARAM Invalid parameter passed in.
1080 * @retval CPA_STATUS_RESOURCE Error related to system resources.
1081 *
1082 *****************************************************************************/
1083 static CpaStatus
LacSymKey_SslTlsSync(CpaInstanceHandle instanceHandle,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,icp_qat_fw_la_cmd_id_t lacCmdId,void * pKeyGenSslTlsOpData,Cpa8U hashAlgorithm,CpaFlatBuffer * pKeyGenOutpuData)1084 LacSymKey_SslTlsSync(CpaInstanceHandle instanceHandle,
1085 const CpaCyGenFlatBufCbFunc pKeyGenCb,
1086 void *pCallbackTag,
1087 icp_qat_fw_la_cmd_id_t lacCmdId,
1088 void *pKeyGenSslTlsOpData,
1089 Cpa8U hashAlgorithm,
1090 CpaFlatBuffer *pKeyGenOutpuData)
1091 {
1092 lac_sync_op_data_t *pSyncCallbackData = NULL;
1093 CpaStatus status = CPA_STATUS_SUCCESS;
1094
1095 status = LacSync_CreateSyncCookie(&pSyncCallbackData);
1096 if (CPA_STATUS_SUCCESS == status) {
1097 status = LacSymKey_KeyGenSslTls_GenCommon(instanceHandle,
1098 pKeyGenCb,
1099 pSyncCallbackData,
1100 lacCmdId,
1101 pKeyGenSslTlsOpData,
1102 hashAlgorithm,
1103 pKeyGenOutpuData);
1104 } else {
1105 /* Failure allocating sync cookie */
1106 LacKey_StatsInc(lacCmdId,
1107 LAC_KEY_REQUEST_ERRORS,
1108 instanceHandle);
1109 return status;
1110 }
1111
1112 if (CPA_STATUS_SUCCESS == status) {
1113 CpaStatus syncStatus = CPA_STATUS_SUCCESS;
1114
1115 syncStatus =
1116 LacSync_WaitForCallback(pSyncCallbackData,
1117 LAC_SYM_SYNC_CALLBACK_TIMEOUT,
1118 &status,
1119 NULL);
1120
1121 /* If callback doesn't come back */
1122 if (CPA_STATUS_SUCCESS != syncStatus) {
1123 LacKey_StatsInc(lacCmdId,
1124 LAC_KEY_COMPLETED_ERRORS,
1125 instanceHandle);
1126 LAC_LOG_ERROR("Callback timed out");
1127 status = syncStatus;
1128 }
1129 } else {
1130 /* As the Request was not sent the Callback will never
1131 * be called, so need to indicate that we're finished
1132 * with cookie so it can be destroyed.
1133 */
1134 LacSync_SetSyncCookieComplete(pSyncCallbackData);
1135 }
1136
1137 LacSync_DestroySyncCookie(&pSyncCallbackData);
1138
1139 return status;
1140 }
1141
1142 static CpaStatus
computeHashKey(CpaFlatBuffer * secret,CpaFlatBuffer * hash,CpaCySymHashAlgorithm * hashAlgorithm)1143 computeHashKey(CpaFlatBuffer *secret,
1144 CpaFlatBuffer *hash,
1145 CpaCySymHashAlgorithm *hashAlgorithm)
1146 {
1147 CpaStatus status = CPA_STATUS_SUCCESS;
1148
1149 switch (*hashAlgorithm) {
1150 case CPA_CY_SYM_HASH_MD5:
1151 status = qatUtilsHashMD5Full(secret->pData,
1152 hash->pData,
1153 secret->dataLenInBytes);
1154 break;
1155 case CPA_CY_SYM_HASH_SHA1:
1156 status = qatUtilsHashSHA1Full(secret->pData,
1157 hash->pData,
1158 secret->dataLenInBytes);
1159 break;
1160 case CPA_CY_SYM_HASH_SHA256:
1161 status = qatUtilsHashSHA256Full(secret->pData,
1162 hash->pData,
1163 secret->dataLenInBytes);
1164 break;
1165 case CPA_CY_SYM_HASH_SHA384:
1166 status = qatUtilsHashSHA384Full(secret->pData,
1167 hash->pData,
1168 secret->dataLenInBytes);
1169 break;
1170 case CPA_CY_SYM_HASH_SHA512:
1171 status = qatUtilsHashSHA512Full(secret->pData,
1172 hash->pData,
1173 secret->dataLenInBytes);
1174 break;
1175 default:
1176 status = CPA_STATUS_FAIL;
1177 }
1178 return status;
1179 }
1180
1181 static CpaStatus
LacSymKey_KeyGenSslTls_GenCommon(CpaInstanceHandle instanceHandle,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,icp_qat_fw_la_cmd_id_t lacCmdId,void * pKeyGenSslTlsOpData,Cpa8U hashAlgCipher,CpaFlatBuffer * pKeyGenOutputData)1182 LacSymKey_KeyGenSslTls_GenCommon(CpaInstanceHandle instanceHandle,
1183 const CpaCyGenFlatBufCbFunc pKeyGenCb,
1184 void *pCallbackTag,
1185 icp_qat_fw_la_cmd_id_t lacCmdId,
1186 void *pKeyGenSslTlsOpData,
1187 Cpa8U hashAlgCipher,
1188 CpaFlatBuffer *pKeyGenOutputData)
1189 {
1190 CpaStatus status = CPA_STATUS_SUCCESS;
1191 CpaBoolean precompute = CPA_FALSE;
1192 icp_qat_fw_la_bulk_req_t keyGenReq = { { 0 } };
1193 icp_qat_la_bulk_req_hdr_t keyGenReqHdr = { { 0 } };
1194 icp_qat_fw_la_key_gen_common_t keyGenReqMid = { { 0 } };
1195 icp_qat_la_bulk_req_ftr_t keyGenReqFtr = { { { 0 } } };
1196 Cpa8U *pMsgDummy = NULL;
1197 Cpa8U *pCacheDummyHdr = NULL;
1198 Cpa8U *pCacheDummyMid = NULL;
1199 Cpa8U *pCacheDummyFtr = NULL;
1200 lac_sym_key_cookie_t *pCookie = NULL;
1201 lac_sym_cookie_t *pSymCookie = NULL;
1202 Cpa64U inputPhysAddr = 0;
1203 Cpa64U outputPhysAddr = 0;
1204 /* Structure initializer is supported by C99, but it is
1205 * not supported by some former Intel compiler.
1206 */
1207 CpaCySymHashSetupData hashSetupData = { 0 };
1208 sal_qat_content_desc_info_t contentDescInfo = { 0 };
1209 Cpa32U hashBlkSizeInBytes = 0;
1210 Cpa32U tlsPrefixLen = 0;
1211
1212 CpaFlatBuffer inputSecret = { 0 };
1213 CpaFlatBuffer hashKeyOutput = { 0 };
1214 Cpa32U uSecretLen = 0;
1215 CpaCySymHashNestedModeSetupData *pNestedModeSetupData =
1216 &(hashSetupData.nestedModeSetupData);
1217 icp_qat_fw_serv_specif_flags laCmdFlags = 0;
1218 icp_qat_fw_comn_flags cmnRequestFlags =
1219 ICP_QAT_FW_COMN_FLAGS_BUILD(QAT_COMN_PTR_TYPE_FLAT,
1220 QAT_COMN_CD_FLD_TYPE_64BIT_ADR);
1221
1222 sal_crypto_service_t *pService = (sal_crypto_service_t *)instanceHandle;
1223
1224 /* If synchronous Operation */
1225 if (NULL == pKeyGenCb) {
1226 return LacSymKey_SslTlsSync(instanceHandle,
1227 LacSync_GenFlatBufCb,
1228 pCallbackTag,
1229 lacCmdId,
1230 pKeyGenSslTlsOpData,
1231 hashAlgCipher,
1232 pKeyGenOutputData);
1233 }
1234 /* Allocate the cookie */
1235 pCookie = (lac_sym_key_cookie_t *)Lac_MemPoolEntryAlloc(
1236 pService->lac_sym_cookie_pool);
1237 if (NULL == pCookie) {
1238 LAC_LOG_ERROR("Cannot get mem pool entry");
1239 status = CPA_STATUS_RESOURCE;
1240 } else if ((void *)CPA_STATUS_RETRY == pCookie) {
1241 pCookie = NULL;
1242 status = CPA_STATUS_RETRY;
1243 } else {
1244 pSymCookie = (lac_sym_cookie_t *)pCookie;
1245 }
1246
1247 if (CPA_STATUS_SUCCESS == status) {
1248 icp_qat_hw_auth_mode_t qatHashMode = 0;
1249
1250 if (ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE == lacCmdId) {
1251 qatHashMode = ICP_QAT_HW_AUTH_MODE0;
1252 } else /* TLS v1.1, v1.2, v1.3 */
1253 {
1254 qatHashMode = ICP_QAT_HW_AUTH_MODE2;
1255 }
1256
1257 pCookie->instanceHandle = pService;
1258 pCookie->pCallbackTag = pCallbackTag;
1259 pCookie->pKeyGenCb = pKeyGenCb;
1260 pCookie->pKeyGenOpData = pKeyGenSslTlsOpData;
1261 pCookie->pKeyGenOutputData = pKeyGenOutputData;
1262 hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_NESTED;
1263
1264 /* SSL3 */
1265 if (ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE == lacCmdId) {
1266 hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_SHA1;
1267 hashSetupData.digestResultLenInBytes =
1268 LAC_HASH_MD5_DIGEST_SIZE;
1269 pNestedModeSetupData->outerHashAlgorithm =
1270 CPA_CY_SYM_HASH_MD5;
1271
1272 pNestedModeSetupData->pInnerPrefixData = NULL;
1273 pNestedModeSetupData->innerPrefixLenInBytes = 0;
1274 pNestedModeSetupData->pOuterPrefixData = NULL;
1275 pNestedModeSetupData->outerPrefixLenInBytes = 0;
1276 }
1277 /* TLS v1.1 */
1278 else if (ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE == lacCmdId) {
1279 CpaCyKeyGenTlsOpData *pKeyGenTlsOpData =
1280 (CpaCyKeyGenTlsOpData *)pKeyGenSslTlsOpData;
1281
1282 hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_SHA1;
1283 hashSetupData.digestResultLenInBytes =
1284 LAC_HASH_MD5_DIGEST_SIZE;
1285 pNestedModeSetupData->outerHashAlgorithm =
1286 CPA_CY_SYM_HASH_MD5;
1287
1288 uSecretLen = pKeyGenTlsOpData->secret.dataLenInBytes;
1289
1290 /* We want to handle pre_master_secret > 128 bytes
1291 * therefore we
1292 * only verify if the current operation is Master Secret
1293 * Derive.
1294 * The other operations remain unchanged.
1295 */
1296 if ((uSecretLen >
1297 ICP_QAT_FW_LA_TLS_V1_1_SECRET_LEN_MAX) &&
1298 (CPA_CY_KEY_TLS_OP_MASTER_SECRET_DERIVE ==
1299 pKeyGenTlsOpData->tlsOp ||
1300 CPA_CY_KEY_TLS_OP_USER_DEFINED ==
1301 pKeyGenTlsOpData->tlsOp)) {
1302 CpaCySymHashAlgorithm hashAlgorithm =
1303 (CpaCySymHashAlgorithm)hashAlgCipher;
1304 /* secret = [s1 | s2 ]
1305 * s1 = outer prefix, s2 = inner prefix
1306 * length of s1 and s2 = ceil(secret_length / 2)
1307 * (secret length + 1)/2 will always give the
1308 * ceil as
1309 * division by 2
1310 * (>>1) will give the smallest integral value
1311 * not less than
1312 * arg
1313 */
1314 tlsPrefixLen =
1315 (pKeyGenTlsOpData->secret.dataLenInBytes +
1316 1) >>
1317 1;
1318 inputSecret.dataLenInBytes = tlsPrefixLen;
1319 inputSecret.pData =
1320 pKeyGenTlsOpData->secret.pData;
1321
1322 /* Since the pre_master_secret is > 128, we
1323 * split the input
1324 * pre_master_secret in 2 halves and compute the
1325 * MD5 of the
1326 * first half and the SHA1 on the second half.
1327 */
1328 hashAlgorithm = CPA_CY_SYM_HASH_MD5;
1329
1330 /* Initialize pointer where MD5 key will go. */
1331 hashKeyOutput.pData =
1332 &pCookie->hashKeyBuffer[0];
1333 hashKeyOutput.dataLenInBytes =
1334 LAC_HASH_MD5_DIGEST_SIZE;
1335 computeHashKey(&inputSecret,
1336 &hashKeyOutput,
1337 &hashAlgorithm);
1338
1339 pNestedModeSetupData->pOuterPrefixData =
1340 &pCookie->hashKeyBuffer[0];
1341 pNestedModeSetupData->outerPrefixLenInBytes =
1342 LAC_HASH_MD5_DIGEST_SIZE;
1343
1344 /* Point to the second half of the
1345 * pre_master_secret */
1346 inputSecret.pData =
1347 pKeyGenTlsOpData->secret.pData +
1348 (pKeyGenTlsOpData->secret.dataLenInBytes -
1349 tlsPrefixLen);
1350
1351 /* Compute SHA1 on the second half of the
1352 * pre_master_secret
1353 */
1354 hashAlgorithm = CPA_CY_SYM_HASH_SHA1;
1355 /* Initialize pointer where SHA1 key will go. */
1356 hashKeyOutput.pData =
1357 &pCookie->hashKeyBuffer
1358 [LAC_HASH_MD5_DIGEST_SIZE];
1359 hashKeyOutput.dataLenInBytes =
1360 LAC_HASH_SHA1_DIGEST_SIZE;
1361 computeHashKey(&inputSecret,
1362 &hashKeyOutput,
1363 &hashAlgorithm);
1364
1365 pNestedModeSetupData->pInnerPrefixData =
1366 &pCookie->hashKeyBuffer
1367 [LAC_HASH_MD5_DIGEST_SIZE];
1368 pNestedModeSetupData->innerPrefixLenInBytes =
1369 LAC_HASH_SHA1_DIGEST_SIZE;
1370 } else {
1371 /* secret = [s1 | s2 ]
1372 * s1 = outer prefix, s2 = inner prefix
1373 * length of s1 and s2 = ceil(secret_length / 2)
1374 * (secret length + 1)/2 will always give the
1375 * ceil as
1376 * division by 2
1377 * (>>1) will give the smallest integral value
1378 * not less than
1379 * arg
1380 */
1381 tlsPrefixLen =
1382 (pKeyGenTlsOpData->secret.dataLenInBytes +
1383 1) >>
1384 1;
1385 /* last byte of s1 will be first byte of s2 if
1386 * Length is odd
1387 */
1388 pNestedModeSetupData->pInnerPrefixData =
1389 pKeyGenTlsOpData->secret.pData +
1390 (pKeyGenTlsOpData->secret.dataLenInBytes -
1391 tlsPrefixLen);
1392
1393 pNestedModeSetupData->pOuterPrefixData =
1394 pKeyGenTlsOpData->secret.pData;
1395
1396 pNestedModeSetupData->innerPrefixLenInBytes =
1397 pNestedModeSetupData
1398 ->outerPrefixLenInBytes = tlsPrefixLen;
1399 }
1400 }
1401 /* TLS v1.2 */
1402 else if (ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE == lacCmdId) {
1403 CpaCyKeyGenTlsOpData *pKeyGenTlsOpData =
1404 (CpaCyKeyGenTlsOpData *)pKeyGenSslTlsOpData;
1405 CpaCySymHashAlgorithm hashAlgorithm =
1406 (CpaCySymHashAlgorithm)hashAlgCipher;
1407
1408 uSecretLen = pKeyGenTlsOpData->secret.dataLenInBytes;
1409
1410 hashSetupData.hashAlgorithm =
1411 (CpaCySymHashAlgorithm)hashAlgorithm;
1412 hashSetupData.digestResultLenInBytes =
1413 (Cpa32U)getDigestSizeFromHashAlgo(hashAlgorithm);
1414 pNestedModeSetupData->outerHashAlgorithm =
1415 (CpaCySymHashAlgorithm)hashAlgorithm;
1416 if (CPA_CY_KEY_TLS_OP_MASTER_SECRET_DERIVE ==
1417 pKeyGenTlsOpData->tlsOp ||
1418 CPA_CY_KEY_TLS_OP_USER_DEFINED ==
1419 pKeyGenTlsOpData->tlsOp) {
1420 switch (hashAlgorithm) {
1421 case CPA_CY_SYM_HASH_SM3:
1422 precompute = CPA_FALSE;
1423 break;
1424 case CPA_CY_SYM_HASH_SHA256:
1425 if (uSecretLen >
1426 ICP_QAT_FW_LA_TLS_V1_2_SECRET_LEN_MAX) {
1427 precompute = CPA_TRUE;
1428 }
1429 break;
1430 case CPA_CY_SYM_HASH_SHA384:
1431 case CPA_CY_SYM_HASH_SHA512:
1432 if (uSecretLen >
1433 ICP_QAT_FW_LA_TLS_SECRET_LEN_MAX) {
1434 precompute = CPA_TRUE;
1435 }
1436 break;
1437 default:
1438 break;
1439 }
1440 }
1441 if (CPA_TRUE == precompute) {
1442 /* Case when secret > algorithm block size
1443 * RFC 4868: For SHA-256 Block size is 512 bits,
1444 * for SHA-384
1445 * and SHA-512 Block size is 1024 bits
1446 * Initialize pointer
1447 * where SHAxxx key will go.
1448 */
1449 hashKeyOutput.pData =
1450 &pCookie->hashKeyBuffer[0];
1451 hashKeyOutput.dataLenInBytes =
1452 hashSetupData.digestResultLenInBytes;
1453 computeHashKey(&pKeyGenTlsOpData->secret,
1454 &hashKeyOutput,
1455 &hashSetupData.hashAlgorithm);
1456
1457 /* Outer prefix = secret , inner prefix = secret
1458 * secret < 64 bytes
1459 */
1460 pNestedModeSetupData->pInnerPrefixData =
1461 hashKeyOutput.pData;
1462 pNestedModeSetupData->pOuterPrefixData =
1463 hashKeyOutput.pData;
1464 pNestedModeSetupData->innerPrefixLenInBytes =
1465 hashKeyOutput.dataLenInBytes;
1466 pNestedModeSetupData->outerPrefixLenInBytes =
1467 hashKeyOutput.dataLenInBytes;
1468 } else {
1469 /* Outer prefix = secret , inner prefix = secret
1470 * secret <= 64 bytes
1471 */
1472 pNestedModeSetupData->pInnerPrefixData =
1473 pKeyGenTlsOpData->secret.pData;
1474
1475 pNestedModeSetupData->pOuterPrefixData =
1476 pKeyGenTlsOpData->secret.pData;
1477
1478 pNestedModeSetupData->innerPrefixLenInBytes =
1479 pKeyGenTlsOpData->secret.dataLenInBytes;
1480 pNestedModeSetupData->outerPrefixLenInBytes =
1481 pKeyGenTlsOpData->secret.dataLenInBytes;
1482 }
1483 }
1484 /* TLS v1.3 */
1485 else if ((ICP_QAT_FW_LA_CMD_HKDF_EXTRACT <= lacCmdId) &&
1486 (ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND_LABEL >=
1487 lacCmdId)) {
1488 CpaCyKeyGenHKDFOpData *pKeyGenTlsOpData =
1489 (CpaCyKeyGenHKDFOpData *)pKeyGenSslTlsOpData;
1490 CpaCySymHashAlgorithm hashAlgorithm =
1491 getHashAlgorithmFromCipherSuiteHKDF(hashAlgCipher);
1492
1493 /* Set HASH data */
1494 hashSetupData.hashAlgorithm = hashAlgorithm;
1495 /* Calculate digest length from the HASH type */
1496 hashSetupData.digestResultLenInBytes =
1497 cipherSuiteHKDFHashSizes[hashAlgCipher]
1498 [LAC_KEY_HKDF_DIGESTS];
1499 /* Outer Hash type is the same as inner hash type */
1500 pNestedModeSetupData->outerHashAlgorithm =
1501 hashAlgorithm;
1502
1503 /* EXPAND (PRK):
1504 * Outer prefix = secret, inner prefix = secret
1505 * EXTRACT (SEED/SALT):
1506 * Outer prefix = seed, inner prefix = seed
1507 * Secret <= 64 Bytes
1508 * We do not pre compute as secret can't be larger than
1509 * 64 bytes
1510 */
1511
1512 if ((ICP_QAT_FW_LA_CMD_HKDF_EXPAND == lacCmdId) ||
1513 (ICP_QAT_FW_LA_CMD_HKDF_EXPAND_LABEL == lacCmdId)) {
1514 pNestedModeSetupData->pInnerPrefixData =
1515 pKeyGenTlsOpData->secret;
1516 pNestedModeSetupData->pOuterPrefixData =
1517 pKeyGenTlsOpData->secret;
1518 pNestedModeSetupData->innerPrefixLenInBytes =
1519 pKeyGenTlsOpData->secretLen;
1520 pNestedModeSetupData->outerPrefixLenInBytes =
1521 pKeyGenTlsOpData->secretLen;
1522 } else {
1523 pNestedModeSetupData->pInnerPrefixData =
1524 pKeyGenTlsOpData->seed;
1525 pNestedModeSetupData->pOuterPrefixData =
1526 pKeyGenTlsOpData->seed;
1527 pNestedModeSetupData->innerPrefixLenInBytes =
1528 pKeyGenTlsOpData->seedLen;
1529 pNestedModeSetupData->outerPrefixLenInBytes =
1530 pKeyGenTlsOpData->seedLen;
1531 }
1532 }
1533
1534 /* Set the footer Data.
1535 * Note that following function doesn't look at inner/outer
1536 * prefix pointers in nested digest ctx
1537 */
1538 LacSymQat_HashContentDescInit(
1539 &keyGenReqFtr,
1540 instanceHandle,
1541 &hashSetupData,
1542 pCookie
1543 ->contentDesc, /* Pointer to base of hw setup block */
1544 LAC_SYM_KEY_NO_HASH_BLK_OFFSET_QW,
1545 ICP_QAT_FW_SLICE_DRAM_WR,
1546 qatHashMode,
1547 CPA_FALSE, /* Not using sym Constants Table in Shared SRAM
1548 */
1549 CPA_FALSE, /* not using the optimised content Desc */
1550 CPA_FALSE, /* Not using the stateful SHA3 Content Desc */
1551 NULL, /* precompute data */
1552 &hashBlkSizeInBytes);
1553
1554 /* SSL3 */
1555 if (ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE == lacCmdId) {
1556 CpaCyKeyGenSslOpData *pKeyGenSslOpData =
1557 (CpaCyKeyGenSslOpData *)pKeyGenSslTlsOpData;
1558 Cpa8U *pLabel = NULL;
1559 Cpa32U labelLen = 0;
1560 Cpa8U iterations = 0;
1561 Cpa64U labelPhysAddr = 0;
1562
1563 /* Iterations = ceiling of output required / output per
1564 * iteration Ceiling of a / b = (a + (b-1)) / b
1565 */
1566 iterations =
1567 (pKeyGenSslOpData->generatedKeyLenInBytes +
1568 (LAC_SYM_QAT_KEY_SSL_BYTES_PER_ITERATION - 1)) >>
1569 LAC_SYM_QAT_KEY_SSL_ITERATIONS_SHIFT;
1570
1571 if (CPA_CY_KEY_SSL_OP_USER_DEFINED ==
1572 pKeyGenSslOpData->sslOp) {
1573 pLabel = pKeyGenSslOpData->userLabel.pData;
1574 labelLen =
1575 pKeyGenSslOpData->userLabel.dataLenInBytes;
1576 labelPhysAddr = LAC_OS_VIRT_TO_PHYS_EXTERNAL(
1577 pService->generic_service_info, pLabel);
1578
1579 if (labelPhysAddr == 0) {
1580 LAC_LOG_ERROR(
1581 "Unable to get the physical address of the"
1582 " label");
1583 status = CPA_STATUS_FAIL;
1584 }
1585 } else {
1586 pLabel = pService->pSslLabel;
1587
1588 /* Calculate label length.
1589 * eg. 3 iterations is ABBCCC so length is 6
1590 */
1591 labelLen =
1592 ((iterations * iterations) + iterations) >>
1593 1;
1594 labelPhysAddr =
1595 LAC_OS_VIRT_TO_PHYS_INTERNAL(pLabel);
1596 }
1597
1598 LacSymQat_KeySslRequestPopulate(
1599 &keyGenReqHdr,
1600 &keyGenReqMid,
1601 pKeyGenSslOpData->generatedKeyLenInBytes,
1602 labelLen,
1603 pKeyGenSslOpData->secret.dataLenInBytes,
1604 iterations);
1605
1606 LacSymQat_KeySslKeyMaterialInputPopulate(
1607 &(pService->generic_service_info),
1608 &(pCookie->u.sslKeyInput),
1609 pKeyGenSslOpData->seed.pData,
1610 labelPhysAddr,
1611 pKeyGenSslOpData->secret.pData);
1612
1613 inputPhysAddr = LAC_MEM_CAST_PTR_TO_UINT64(
1614 pSymCookie->keySslKeyInputPhyAddr);
1615 }
1616 /* TLS v1.1, v1.2 */
1617 else if (ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE == lacCmdId ||
1618 ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE == lacCmdId) {
1619 CpaCyKeyGenTlsOpData *pKeyGenTlsOpData =
1620 (CpaCyKeyGenTlsOpData *)pKeyGenSslTlsOpData;
1621 lac_sym_qat_hash_state_buffer_info_t
1622 hashStateBufferInfo = { 0 };
1623 CpaBoolean hashStateBuffer = CPA_FALSE;
1624 icp_qat_fw_auth_cd_ctrl_hdr_t *pHashControlBlock =
1625 (icp_qat_fw_auth_cd_ctrl_hdr_t *)&(
1626 keyGenReqFtr.cd_ctrl);
1627 icp_qat_la_auth_req_params_t *pHashReqParams = NULL;
1628 Cpa8U *pLabel = NULL;
1629 Cpa32U labelLen = 0;
1630 Cpa64U labelPhysAddr = 0;
1631 hashStateBufferInfo.pData = pCookie->hashStateBuffer;
1632 hashStateBufferInfo.pDataPhys =
1633 LAC_MEM_CAST_PTR_TO_UINT64(
1634 pSymCookie->keyHashStateBufferPhyAddr);
1635 hashStateBufferInfo.stateStorageSzQuadWords = 0;
1636
1637 LacSymQat_HashSetupReqParamsMetaData(&(keyGenReqFtr),
1638 instanceHandle,
1639 &(hashSetupData),
1640 hashStateBuffer,
1641 qatHashMode,
1642 CPA_FALSE);
1643
1644 pHashReqParams = (icp_qat_la_auth_req_params_t *)&(
1645 keyGenReqFtr.serv_specif_rqpars);
1646
1647 hashStateBufferInfo.prefixAadSzQuadWords =
1648 LAC_BYTES_TO_QUADWORDS(
1649 pHashReqParams->u2.inner_prefix_sz +
1650 pHashControlBlock->outer_prefix_sz);
1651
1652 /* Copy prefix data into hash state buffer */
1653 pMsgDummy = (Cpa8U *)&(keyGenReq);
1654 pCacheDummyHdr = (Cpa8U *)&(keyGenReqHdr);
1655 pCacheDummyMid = (Cpa8U *)&(keyGenReqMid);
1656 pCacheDummyFtr = (Cpa8U *)&(keyGenReqFtr);
1657 memcpy(pMsgDummy,
1658 pCacheDummyHdr,
1659 (LAC_LONG_WORD_IN_BYTES *
1660 LAC_SIZE_OF_CACHE_HDR_IN_LW));
1661 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
1662 LAC_START_OF_CACHE_MID_IN_LW),
1663 pCacheDummyMid,
1664 (LAC_LONG_WORD_IN_BYTES *
1665 LAC_SIZE_OF_CACHE_MID_IN_LW));
1666 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
1667 LAC_START_OF_CACHE_FTR_IN_LW),
1668 pCacheDummyFtr,
1669 (LAC_LONG_WORD_IN_BYTES *
1670 LAC_SIZE_OF_CACHE_FTR_IN_LW));
1671
1672 LacSymQat_HashStatePrefixAadBufferPopulate(
1673 &hashStateBufferInfo,
1674 &keyGenReqFtr,
1675 pNestedModeSetupData->pInnerPrefixData,
1676 pNestedModeSetupData->innerPrefixLenInBytes,
1677 pNestedModeSetupData->pOuterPrefixData,
1678 pNestedModeSetupData->outerPrefixLenInBytes);
1679
1680 /* Firmware only looks at hash state buffer pointer and
1681 * the
1682 * hash state buffer size so all other fields are set to
1683 * 0
1684 */
1685 LacSymQat_HashRequestParamsPopulate(
1686 &(keyGenReq),
1687 0, /* Auth offset */
1688 0, /* Auth length */
1689 &(pService->generic_service_info),
1690 &hashStateBufferInfo, /* Hash state prefix buffer */
1691 ICP_QAT_FW_LA_PARTIAL_NONE,
1692 0, /* Hash result size */
1693 CPA_FALSE,
1694 NULL,
1695 CPA_CY_SYM_HASH_NONE, /* Hash algorithm */
1696 NULL); /* HKDF only */
1697
1698 /* Set up the labels and their length */
1699 if (CPA_CY_KEY_TLS_OP_USER_DEFINED ==
1700 pKeyGenTlsOpData->tlsOp) {
1701 pLabel = pKeyGenTlsOpData->userLabel.pData;
1702 labelLen =
1703 pKeyGenTlsOpData->userLabel.dataLenInBytes;
1704 labelPhysAddr = LAC_OS_VIRT_TO_PHYS_EXTERNAL(
1705 pService->generic_service_info, pLabel);
1706
1707 if (labelPhysAddr == 0) {
1708 LAC_LOG_ERROR(
1709 "Unable to get the physical address of the"
1710 " label");
1711 status = CPA_STATUS_FAIL;
1712 }
1713 } else if (CPA_CY_KEY_TLS_OP_MASTER_SECRET_DERIVE ==
1714 pKeyGenTlsOpData->tlsOp) {
1715 pLabel = pService->pTlsLabel->masterSecret;
1716 labelLen =
1717 sizeof(
1718 LAC_SYM_KEY_TLS_MASTER_SECRET_LABEL) -
1719 1;
1720 labelPhysAddr =
1721 LAC_OS_VIRT_TO_PHYS_INTERNAL(pLabel);
1722 } else if (CPA_CY_KEY_TLS_OP_KEY_MATERIAL_DERIVE ==
1723 pKeyGenTlsOpData->tlsOp) {
1724 pLabel = pService->pTlsLabel->keyMaterial;
1725 labelLen =
1726 sizeof(LAC_SYM_KEY_TLS_KEY_MATERIAL_LABEL) -
1727 1;
1728 labelPhysAddr =
1729 LAC_OS_VIRT_TO_PHYS_INTERNAL(pLabel);
1730 } else if (CPA_CY_KEY_TLS_OP_CLIENT_FINISHED_DERIVE ==
1731 pKeyGenTlsOpData->tlsOp) {
1732 pLabel = pService->pTlsLabel->clientFinished;
1733 labelLen =
1734 sizeof(LAC_SYM_KEY_TLS_CLIENT_FIN_LABEL) -
1735 1;
1736 labelPhysAddr =
1737 LAC_OS_VIRT_TO_PHYS_INTERNAL(pLabel);
1738 } else {
1739 pLabel = pService->pTlsLabel->serverFinished;
1740 labelLen =
1741 sizeof(LAC_SYM_KEY_TLS_SERVER_FIN_LABEL) -
1742 1;
1743 labelPhysAddr =
1744 LAC_OS_VIRT_TO_PHYS_INTERNAL(pLabel);
1745 }
1746 LacSymQat_KeyTlsRequestPopulate(
1747 &keyGenReqMid,
1748 pKeyGenTlsOpData->generatedKeyLenInBytes,
1749 labelLen,
1750 pKeyGenTlsOpData->secret.dataLenInBytes,
1751 pKeyGenTlsOpData->seed.dataLenInBytes,
1752 lacCmdId);
1753
1754 LacSymQat_KeyTlsKeyMaterialInputPopulate(
1755 &(pService->generic_service_info),
1756 &(pCookie->u.tlsKeyInput),
1757 pKeyGenTlsOpData->seed.pData,
1758 labelPhysAddr);
1759
1760 inputPhysAddr = LAC_MEM_CAST_PTR_TO_UINT64(
1761 pSymCookie->keyTlsKeyInputPhyAddr);
1762 }
1763 /* TLS v1.3 */
1764 else if (ICP_QAT_FW_LA_CMD_HKDF_EXTRACT <= lacCmdId &&
1765 ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND >=
1766 lacCmdId) {
1767 CpaCyKeyGenHKDFOpData *pKeyGenTlsOpData =
1768 (CpaCyKeyGenHKDFOpData *)pKeyGenSslTlsOpData;
1769 lac_sym_qat_hash_state_buffer_info_t
1770 hashStateBufferInfo = { 0 };
1771 CpaBoolean hashStateBuffer = CPA_FALSE;
1772 icp_qat_fw_auth_cd_ctrl_hdr_t *pHashControlBlock =
1773 (icp_qat_fw_auth_cd_ctrl_hdr_t *)&(
1774 keyGenReqFtr.cd_ctrl);
1775 icp_qat_la_auth_req_params_t *pHashReqParams = NULL;
1776 hashStateBufferInfo.pData = pCookie->hashStateBuffer;
1777 hashStateBufferInfo.pDataPhys =
1778 LAC_MEM_CAST_PTR_TO_UINT64(
1779 pSymCookie->keyHashStateBufferPhyAddr);
1780 hashStateBufferInfo.stateStorageSzQuadWords = 0;
1781
1782 LacSymQat_HashSetupReqParamsMetaData(&(keyGenReqFtr),
1783 instanceHandle,
1784 &(hashSetupData),
1785 hashStateBuffer,
1786 qatHashMode,
1787 CPA_FALSE);
1788
1789 pHashReqParams = (icp_qat_la_auth_req_params_t *)&(
1790 keyGenReqFtr.serv_specif_rqpars);
1791
1792 hashStateBufferInfo.prefixAadSzQuadWords =
1793 LAC_BYTES_TO_QUADWORDS(
1794 pHashReqParams->u2.inner_prefix_sz +
1795 pHashControlBlock->outer_prefix_sz);
1796
1797 /* Copy prefix data into hash state buffer */
1798 pMsgDummy = (Cpa8U *)&(keyGenReq);
1799 pCacheDummyHdr = (Cpa8U *)&(keyGenReqHdr);
1800 pCacheDummyMid = (Cpa8U *)&(keyGenReqMid);
1801 pCacheDummyFtr = (Cpa8U *)&(keyGenReqFtr);
1802 memcpy(pMsgDummy,
1803 pCacheDummyHdr,
1804 (LAC_LONG_WORD_IN_BYTES *
1805 LAC_SIZE_OF_CACHE_HDR_IN_LW));
1806 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
1807 LAC_START_OF_CACHE_MID_IN_LW),
1808 pCacheDummyMid,
1809 (LAC_LONG_WORD_IN_BYTES *
1810 LAC_SIZE_OF_CACHE_MID_IN_LW));
1811 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
1812 LAC_START_OF_CACHE_FTR_IN_LW),
1813 pCacheDummyFtr,
1814 (LAC_LONG_WORD_IN_BYTES *
1815 LAC_SIZE_OF_CACHE_FTR_IN_LW));
1816
1817 LacSymQat_HashStatePrefixAadBufferPopulate(
1818 &hashStateBufferInfo,
1819 &keyGenReqFtr,
1820 pNestedModeSetupData->pInnerPrefixData,
1821 pNestedModeSetupData->innerPrefixLenInBytes,
1822 pNestedModeSetupData->pOuterPrefixData,
1823 pNestedModeSetupData->outerPrefixLenInBytes);
1824
1825 /* Firmware only looks at hash state buffer pointer and
1826 * the
1827 * hash state buffer size so all other fields are set to
1828 * 0
1829 */
1830 LacSymQat_HashRequestParamsPopulate(
1831 &(keyGenReq),
1832 0, /* Auth offset */
1833 0, /* Auth length */
1834 &(pService->generic_service_info),
1835 &hashStateBufferInfo, /* Hash state prefix buffer */
1836 ICP_QAT_FW_LA_PARTIAL_NONE,
1837 0, /* Hash result size */
1838 CPA_FALSE,
1839 NULL,
1840 CPA_CY_SYM_HASH_NONE, /* Hash algorithm */
1841 pKeyGenTlsOpData->secret); /* IKM or PRK */
1842
1843 LacSymQat_KeyTlsRequestPopulate(
1844 &keyGenReqMid,
1845 cipherSuiteHKDFHashSizes[hashAlgCipher]
1846 [LAC_KEY_HKDF_DIGESTS],
1847 /* For EXTRACT, EXPAND, FW expects info to be passed
1848 as label */
1849 pKeyGenTlsOpData->infoLen,
1850 pKeyGenTlsOpData->secretLen,
1851 pKeyGenTlsOpData->seedLen,
1852 lacCmdId);
1853
1854 LacSymQat_KeyTlsHKDFKeyMaterialInputPopulate(
1855 &(pService->generic_service_info),
1856 &(pCookie->u.tlsHKDFKeyInput),
1857 pKeyGenTlsOpData,
1858 0, /* No subLabels used */
1859 lacCmdId); /* Pass op being performed */
1860
1861 inputPhysAddr = LAC_MEM_CAST_PTR_TO_UINT64(
1862 pSymCookie->keyTlsKeyInputPhyAddr);
1863 }
1864 /* TLS v1.3 LABEL */
1865 else if (ICP_QAT_FW_LA_CMD_HKDF_EXPAND_LABEL == lacCmdId ||
1866 ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND_LABEL ==
1867 lacCmdId) {
1868 CpaCyKeyGenHKDFOpData *pKeyGenTlsOpData =
1869 (CpaCyKeyGenHKDFOpData *)pKeyGenSslTlsOpData;
1870 Cpa64U subLabelsPhysAddr = 0;
1871 lac_sym_qat_hash_state_buffer_info_t
1872 hashStateBufferInfo = { 0 };
1873 CpaBoolean hashStateBuffer = CPA_FALSE;
1874 icp_qat_fw_auth_cd_ctrl_hdr_t *pHashControlBlock =
1875 (icp_qat_fw_auth_cd_ctrl_hdr_t *)&(
1876 keyGenReqFtr.cd_ctrl);
1877 icp_qat_la_auth_req_params_t *pHashReqParams = NULL;
1878 hashStateBufferInfo.pData = pCookie->hashStateBuffer;
1879 hashStateBufferInfo.pDataPhys =
1880 LAC_MEM_CAST_PTR_TO_UINT64(
1881 pSymCookie->keyHashStateBufferPhyAddr);
1882 hashStateBufferInfo.stateStorageSzQuadWords = 0;
1883
1884 LacSymQat_HashSetupReqParamsMetaData(&(keyGenReqFtr),
1885 instanceHandle,
1886 &(hashSetupData),
1887 hashStateBuffer,
1888 qatHashMode,
1889 CPA_FALSE);
1890
1891 pHashReqParams = (icp_qat_la_auth_req_params_t *)&(
1892 keyGenReqFtr.serv_specif_rqpars);
1893
1894 hashStateBufferInfo.prefixAadSzQuadWords =
1895 LAC_BYTES_TO_QUADWORDS(
1896 pHashReqParams->u2.inner_prefix_sz +
1897 pHashControlBlock->outer_prefix_sz);
1898
1899 /* Copy prefix data into hash state buffer */
1900 pMsgDummy = (Cpa8U *)&(keyGenReq);
1901 pCacheDummyHdr = (Cpa8U *)&(keyGenReqHdr);
1902 pCacheDummyMid = (Cpa8U *)&(keyGenReqMid);
1903 pCacheDummyFtr = (Cpa8U *)&(keyGenReqFtr);
1904 memcpy(pMsgDummy,
1905 pCacheDummyHdr,
1906 (LAC_LONG_WORD_IN_BYTES *
1907 LAC_SIZE_OF_CACHE_HDR_IN_LW));
1908 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
1909 LAC_START_OF_CACHE_MID_IN_LW),
1910 pCacheDummyMid,
1911 (LAC_LONG_WORD_IN_BYTES *
1912 LAC_SIZE_OF_CACHE_MID_IN_LW));
1913 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
1914 LAC_START_OF_CACHE_FTR_IN_LW),
1915 pCacheDummyFtr,
1916 (LAC_LONG_WORD_IN_BYTES *
1917 LAC_SIZE_OF_CACHE_FTR_IN_LW));
1918
1919 LacSymQat_HashStatePrefixAadBufferPopulate(
1920 &hashStateBufferInfo,
1921 &keyGenReqFtr,
1922 pNestedModeSetupData->pInnerPrefixData,
1923 pNestedModeSetupData->innerPrefixLenInBytes,
1924 pNestedModeSetupData->pOuterPrefixData,
1925 pNestedModeSetupData->outerPrefixLenInBytes);
1926
1927 /* Firmware only looks at hash state buffer pointer and
1928 * the
1929 * hash state buffer size so all other fields are set to
1930 * 0
1931 */
1932 LacSymQat_HashRequestParamsPopulate(
1933 &(keyGenReq),
1934 0, /* Auth offset */
1935 0, /* Auth length */
1936 &(pService->generic_service_info),
1937 &hashStateBufferInfo, /* Hash state prefix buffer */
1938 ICP_QAT_FW_LA_PARTIAL_NONE,
1939 0, /* Hash result size */
1940 CPA_FALSE,
1941 NULL,
1942 CPA_CY_SYM_HASH_NONE, /* Hash algorithm */
1943 pKeyGenTlsOpData->secret); /* IKM or PRK */
1944
1945 LacSymQat_KeyTlsRequestPopulate(
1946 &keyGenReqMid,
1947 cipherSuiteHKDFHashSizes[hashAlgCipher]
1948 [LAC_KEY_HKDF_DIGESTS],
1949 pKeyGenTlsOpData->numLabels, /* Number of Labels */
1950 pKeyGenTlsOpData->secretLen,
1951 pKeyGenTlsOpData->seedLen,
1952 lacCmdId);
1953
1954 /* Get physical address of subLabels */
1955 switch (hashAlgCipher) {
1956 case CPA_CY_HKDF_TLS_AES_128_GCM_SHA256: /* Fall Through
1957 */
1958 case CPA_CY_HKDF_TLS_AES_128_CCM_SHA256:
1959 case CPA_CY_HKDF_TLS_AES_128_CCM_8_SHA256:
1960 subLabelsPhysAddr = pService->pTlsHKDFSubLabel
1961 ->sublabelPhysAddr256;
1962 break;
1963 case CPA_CY_HKDF_TLS_CHACHA20_POLY1305_SHA256:
1964 subLabelsPhysAddr =
1965 pService->pTlsHKDFSubLabel
1966 ->sublabelPhysAddrChaChaPoly;
1967 break;
1968 case CPA_CY_HKDF_TLS_AES_256_GCM_SHA384:
1969 subLabelsPhysAddr = pService->pTlsHKDFSubLabel
1970 ->sublabelPhysAddr384;
1971 break;
1972 default:
1973 break;
1974 }
1975
1976 LacSymQat_KeyTlsHKDFKeyMaterialInputPopulate(
1977 &(pService->generic_service_info),
1978 &(pCookie->u.tlsHKDFKeyInput),
1979 pKeyGenTlsOpData,
1980 subLabelsPhysAddr,
1981 lacCmdId); /* Pass op being performed */
1982
1983 inputPhysAddr = LAC_MEM_CAST_PTR_TO_UINT64(
1984 pSymCookie->keyTlsKeyInputPhyAddr);
1985 }
1986
1987 outputPhysAddr = LAC_MEM_CAST_PTR_TO_UINT64(
1988 LAC_OS_VIRT_TO_PHYS_EXTERNAL(pService->generic_service_info,
1989 pKeyGenOutputData->pData));
1990
1991 if (outputPhysAddr == 0) {
1992 LAC_LOG_ERROR(
1993 "Unable to get the physical address of the"
1994 " output buffer");
1995 status = CPA_STATUS_FAIL;
1996 }
1997 }
1998 if (CPA_STATUS_SUCCESS == status) {
1999 Cpa8U lw26[4];
2000 char *tmp = NULL;
2001 unsigned char a;
2002 int n = 0;
2003 /* Make up the full keyGenReq struct from its constituents
2004 * before calling the SalQatMsg functions below.
2005 * Note: The full cache struct has been reduced to a
2006 * header, mid and footer for memory size reduction
2007 */
2008 pMsgDummy = (Cpa8U *)&(keyGenReq);
2009 pCacheDummyHdr = (Cpa8U *)&(keyGenReqHdr);
2010 pCacheDummyMid = (Cpa8U *)&(keyGenReqMid);
2011 pCacheDummyFtr = (Cpa8U *)&(keyGenReqFtr);
2012
2013 memcpy(pMsgDummy,
2014 pCacheDummyHdr,
2015 (LAC_LONG_WORD_IN_BYTES * LAC_SIZE_OF_CACHE_HDR_IN_LW));
2016 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
2017 LAC_START_OF_CACHE_MID_IN_LW),
2018 pCacheDummyMid,
2019 (LAC_LONG_WORD_IN_BYTES * LAC_SIZE_OF_CACHE_MID_IN_LW));
2020 memcpy(&lw26,
2021 pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
2022 LAC_START_OF_CACHE_FTR_IN_LW),
2023 LAC_LONG_WORD_IN_BYTES);
2024 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
2025 LAC_START_OF_CACHE_FTR_IN_LW),
2026 pCacheDummyFtr,
2027 (LAC_LONG_WORD_IN_BYTES * LAC_SIZE_OF_CACHE_FTR_IN_LW));
2028 tmp = (char *)(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
2029 LAC_START_OF_CACHE_FTR_IN_LW));
2030
2031 /* Copy LW26, or'd with what's already there, into the Msg, for
2032 * TLS */
2033 for (n = 0; n < LAC_LONG_WORD_IN_BYTES; n++) {
2034 a = (unsigned char)*(tmp + n);
2035 lw26[n] = lw26[n] | a;
2036 }
2037 memcpy(pMsgDummy + (LAC_LONG_WORD_IN_BYTES *
2038 LAC_START_OF_CACHE_FTR_IN_LW),
2039 &lw26,
2040 LAC_LONG_WORD_IN_BYTES);
2041
2042 contentDescInfo.pData = pCookie->contentDesc;
2043 contentDescInfo.hardwareSetupBlockPhys =
2044 LAC_MEM_CAST_PTR_TO_UINT64(
2045 pSymCookie->keyContentDescPhyAddr);
2046 contentDescInfo.hwBlkSzQuadWords =
2047 LAC_BYTES_TO_QUADWORDS(hashBlkSizeInBytes);
2048
2049 /* Populate common request fields */
2050 SalQatMsg_ContentDescHdrWrite((icp_qat_fw_comn_req_t *)&(
2051 keyGenReq),
2052 &(contentDescInfo));
2053
2054 SalQatMsg_CmnHdrWrite((icp_qat_fw_comn_req_t *)&keyGenReq,
2055 ICP_QAT_FW_COMN_REQ_CPM_FW_LA,
2056 lacCmdId,
2057 cmnRequestFlags,
2058 laCmdFlags);
2059
2060 SalQatMsg_CmnMidWrite((icp_qat_fw_la_bulk_req_t *)&(keyGenReq),
2061 pCookie,
2062 LAC_SYM_KEY_QAT_PTR_TYPE,
2063 inputPhysAddr,
2064 outputPhysAddr,
2065 0,
2066 0);
2067
2068 /* Send to QAT */
2069 status = icp_adf_transPutMsg(pService->trans_handle_sym_tx,
2070 (void *)&(keyGenReq),
2071 LAC_QAT_SYM_REQ_SZ_LW);
2072 }
2073 if (CPA_STATUS_SUCCESS == status) {
2074 /* Update stats */
2075 LacKey_StatsInc(lacCmdId,
2076 LAC_KEY_REQUESTS,
2077 pCookie->instanceHandle);
2078 } else {
2079 /* Clean up cookie memory */
2080 if (NULL != pCookie) {
2081 LacKey_StatsInc(lacCmdId,
2082 LAC_KEY_REQUEST_ERRORS,
2083 pCookie->instanceHandle);
2084 Lac_MemPoolEntryFree(pCookie);
2085 }
2086 }
2087 return status;
2088 }
2089
2090 /**
2091 * @ingroup LacSymKey
2092 * Parameters check for TLS v1.0/1.1, v1.2, v1.3 and SSL3
2093 * @description
2094 * Check user parameters against the firmware/spec requirements.
2095 *
2096 * @param[in] pKeyGenOpData Pointer to a structure containing all
2097 * the data needed to perform the key
2098 * generation operation.
2099 * @param[in] hashAlgCipher Specifies the hash algorithm,
2100 * or cipher we are using.
2101 * According to RFC5246, this should be
2102 * "SHA-256 or a stronger standard hash
2103 * function."
2104 * @param[in] pGeneratedKeyBuffer User output buffers.
2105 * @param[in] cmdId Keygen operation to perform.
2106 */
2107 static CpaStatus
LacSymKey_CheckParamSslTls(const void * pKeyGenOpData,Cpa8U hashAlgCipher,const CpaFlatBuffer * pGeneratedKeyBuffer,icp_qat_fw_la_cmd_id_t cmdId)2108 LacSymKey_CheckParamSslTls(const void *pKeyGenOpData,
2109 Cpa8U hashAlgCipher,
2110 const CpaFlatBuffer *pGeneratedKeyBuffer,
2111 icp_qat_fw_la_cmd_id_t cmdId)
2112 {
2113 /* Api max value */
2114 Cpa32U maxSecretLen = 0;
2115 Cpa32U maxSeedLen = 0;
2116 Cpa32U maxOutputLen = 0;
2117 Cpa32U maxInfoLen = 0;
2118 Cpa32U maxLabelLen = 0;
2119
2120 /* User info */
2121 Cpa32U uSecretLen = 0;
2122 Cpa32U uSeedLen = 0;
2123 Cpa32U uOutputLen = 0;
2124
2125 LAC_CHECK_NULL_PARAM(pKeyGenOpData);
2126 LAC_CHECK_NULL_PARAM(pGeneratedKeyBuffer);
2127 LAC_CHECK_NULL_PARAM(pGeneratedKeyBuffer->pData);
2128
2129 if (ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE == cmdId) {
2130 CpaCyKeyGenSslOpData *opData =
2131 (CpaCyKeyGenSslOpData *)pKeyGenOpData;
2132
2133 /* User info */
2134 uSecretLen = opData->secret.dataLenInBytes;
2135 uSeedLen = opData->seed.dataLenInBytes;
2136 uOutputLen = opData->generatedKeyLenInBytes;
2137
2138 /* Api max value */
2139 maxSecretLen = ICP_QAT_FW_LA_SSL_SECRET_LEN_MAX;
2140 maxSeedLen = ICP_QAT_FW_LA_SSL_SEED_LEN_MAX;
2141 maxOutputLen = ICP_QAT_FW_LA_SSL_OUTPUT_LEN_MAX;
2142
2143 /* Check user buffers */
2144 LAC_CHECK_NULL_PARAM(opData->secret.pData);
2145 LAC_CHECK_NULL_PARAM(opData->seed.pData);
2146
2147 /* Check operation */
2148 if ((Cpa32U)opData->sslOp > CPA_CY_KEY_SSL_OP_USER_DEFINED) {
2149 LAC_INVALID_PARAM_LOG("opData->sslOp");
2150 return CPA_STATUS_INVALID_PARAM;
2151 }
2152 if ((Cpa32U)opData->sslOp == CPA_CY_KEY_SSL_OP_USER_DEFINED) {
2153 LAC_CHECK_NULL_PARAM(opData->userLabel.pData);
2154 /* Maximum label length for SSL Key Gen request */
2155 if (opData->userLabel.dataLenInBytes >
2156 ICP_QAT_FW_LA_SSL_LABEL_LEN_MAX) {
2157 LAC_INVALID_PARAM_LOG(
2158 "userLabel.dataLenInBytes");
2159 return CPA_STATUS_INVALID_PARAM;
2160 }
2161 }
2162
2163 /* check 0 secret length as it is not valid for SSL3 Key Gen
2164 * request */
2165 if (0 == uSecretLen) {
2166 LAC_INVALID_PARAM_LOG1("%u secret.dataLenInBytes",
2167 uSecretLen);
2168 return CPA_STATUS_INVALID_PARAM;
2169 }
2170
2171 /* Only seed length for SSL3 Key Gen request */
2172 if (maxSeedLen != uSeedLen) {
2173 LAC_INVALID_PARAM_LOG("seed.dataLenInBytes");
2174 return CPA_STATUS_INVALID_PARAM;
2175 }
2176
2177 /* Maximum output length for SSL3 Key Gen request */
2178 if (uOutputLen > maxOutputLen) {
2179 LAC_INVALID_PARAM_LOG("generatedKeyLenInBytes");
2180 return CPA_STATUS_INVALID_PARAM;
2181 }
2182 }
2183 /* TLS v1.1 or TLS v.12 */
2184 else if (ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE == cmdId ||
2185 ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE == cmdId) {
2186 CpaCyKeyGenTlsOpData *opData =
2187 (CpaCyKeyGenTlsOpData *)pKeyGenOpData;
2188
2189 /* User info */
2190 uSecretLen = opData->secret.dataLenInBytes;
2191 uSeedLen = opData->seed.dataLenInBytes;
2192 uOutputLen = opData->generatedKeyLenInBytes;
2193
2194 if (ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE == cmdId) {
2195 /* Api max value */
2196 /* ICP_QAT_FW_LA_TLS_V1_1_SECRET_LEN_MAX needs to be
2197 * multiplied
2198 * by 4 in order to verify the 512 conditions. We did
2199 * not change
2200 * ICP_QAT_FW_LA_TLS_V1_1_SECRET_LEN_MAX as it
2201 * represents
2202 * the max value that firmware can handle.
2203 */
2204 maxSecretLen =
2205 ICP_QAT_FW_LA_TLS_V1_1_SECRET_LEN_MAX * 4;
2206 } else {
2207 /* Api max value */
2208 /* ICP_QAT_FW_LA_TLS_V1_2_SECRET_LEN_MAX needs to be
2209 * multiplied
2210 * by 8 in order to verify the 512 conditions. We did
2211 * not change
2212 * ICP_QAT_FW_LA_TLS_V1_2_SECRET_LEN_MAX as it
2213 * represents
2214 * the max value that firmware can handle.
2215 */
2216 maxSecretLen =
2217 ICP_QAT_FW_LA_TLS_V1_2_SECRET_LEN_MAX * 8;
2218
2219 /* Check Hash algorithm */
2220 if (0 == getDigestSizeFromHashAlgo(hashAlgCipher)) {
2221 LAC_INVALID_PARAM_LOG("hashAlgorithm");
2222 return CPA_STATUS_INVALID_PARAM;
2223 }
2224 }
2225 maxSeedLen = ICP_QAT_FW_LA_TLS_SEED_LEN_MAX;
2226 maxOutputLen = ICP_QAT_FW_LA_TLS_OUTPUT_LEN_MAX;
2227 /* Check user buffers */
2228 LAC_CHECK_NULL_PARAM(opData->secret.pData);
2229 LAC_CHECK_NULL_PARAM(opData->seed.pData);
2230
2231 /* Check operation */
2232 if ((Cpa32U)opData->tlsOp > CPA_CY_KEY_TLS_OP_USER_DEFINED) {
2233 LAC_INVALID_PARAM_LOG("opData->tlsOp");
2234 return CPA_STATUS_INVALID_PARAM;
2235 } else if ((Cpa32U)opData->tlsOp ==
2236 CPA_CY_KEY_TLS_OP_USER_DEFINED) {
2237 LAC_CHECK_NULL_PARAM(opData->userLabel.pData);
2238 /* Maximum label length for TLS Key Gen request */
2239 if (opData->userLabel.dataLenInBytes >
2240 ICP_QAT_FW_LA_TLS_LABEL_LEN_MAX) {
2241 LAC_INVALID_PARAM_LOG(
2242 "userLabel.dataLenInBytes");
2243 return CPA_STATUS_INVALID_PARAM;
2244 }
2245 }
2246
2247 /* Maximum/only seed length for TLS Key Gen request */
2248 if (((Cpa32U)opData->tlsOp !=
2249 CPA_CY_KEY_TLS_OP_MASTER_SECRET_DERIVE) &&
2250 ((Cpa32U)opData->tlsOp !=
2251 CPA_CY_KEY_TLS_OP_KEY_MATERIAL_DERIVE)) {
2252 if (uSeedLen > maxSeedLen) {
2253 LAC_INVALID_PARAM_LOG("seed.dataLenInBytes");
2254 return CPA_STATUS_INVALID_PARAM;
2255 }
2256 } else {
2257 if (maxSeedLen != uSeedLen) {
2258 LAC_INVALID_PARAM_LOG("seed.dataLenInBytes");
2259 return CPA_STATUS_INVALID_PARAM;
2260 }
2261 }
2262
2263 /* Maximum output length for TLS Key Gen request */
2264 if (uOutputLen > maxOutputLen) {
2265 LAC_INVALID_PARAM_LOG("generatedKeyLenInBytes");
2266 return CPA_STATUS_INVALID_PARAM;
2267 }
2268 }
2269 /* TLS v1.3 */
2270 else if (cmdId >= ICP_QAT_FW_LA_CMD_HKDF_EXTRACT &&
2271 cmdId <= ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND_LABEL) {
2272 CpaCyKeyGenHKDFOpData *HKDF_Data =
2273 (CpaCyKeyGenHKDFOpData *)pKeyGenOpData;
2274 CpaCyKeyHKDFCipherSuite cipherSuite = hashAlgCipher;
2275 CpaCySymHashAlgorithm hashAlgorithm =
2276 getHashAlgorithmFromCipherSuiteHKDF(cipherSuite);
2277 maxSeedLen =
2278 cipherSuiteHKDFHashSizes[cipherSuite][LAC_KEY_HKDF_DIGESTS];
2279 maxSecretLen = CPA_CY_HKDF_KEY_MAX_SECRET_SZ;
2280 maxInfoLen = CPA_CY_HKDF_KEY_MAX_INFO_SZ;
2281 maxLabelLen = CPA_CY_HKDF_KEY_MAX_LABEL_SZ;
2282
2283 uSecretLen = HKDF_Data->secretLen;
2284
2285 /* Check using supported hash function */
2286 if (0 ==
2287 (uOutputLen = getDigestSizeFromHashAlgo(hashAlgorithm))) {
2288 LAC_INVALID_PARAM_LOG("Hash function not supported");
2289 return CPA_STATUS_INVALID_PARAM;
2290 }
2291
2292 /* Number of labels does not exceed the MAX */
2293 if (HKDF_Data->numLabels > CPA_CY_HKDF_KEY_MAX_LABEL_COUNT) {
2294 LAC_INVALID_PARAM_LOG(
2295 "CpaCyKeyGenHKDFOpData.numLabels");
2296 return CPA_STATUS_INVALID_PARAM;
2297 }
2298
2299 switch (cmdId) {
2300 case ICP_QAT_FW_LA_CMD_HKDF_EXTRACT:
2301 if (maxSeedLen < HKDF_Data->seedLen) {
2302 LAC_INVALID_PARAM_LOG(
2303 "CpaCyKeyGenHKDFOpData.seedLen");
2304 return CPA_STATUS_INVALID_PARAM;
2305 }
2306 break;
2307 case ICP_QAT_FW_LA_CMD_HKDF_EXPAND:
2308 maxSecretLen =
2309 cipherSuiteHKDFHashSizes[cipherSuite]
2310 [LAC_KEY_HKDF_DIGESTS];
2311
2312 if (maxInfoLen < HKDF_Data->infoLen) {
2313 LAC_INVALID_PARAM_LOG(
2314 "CpaCyKeyGenHKDFOpData.infoLen");
2315 return CPA_STATUS_INVALID_PARAM;
2316 }
2317 break;
2318 case ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND:
2319 uOutputLen *= 2;
2320 if (maxSeedLen < HKDF_Data->seedLen) {
2321 LAC_INVALID_PARAM_LOG(
2322 "CpaCyKeyGenHKDFOpData.seedLen");
2323 return CPA_STATUS_INVALID_PARAM;
2324 }
2325 if (maxInfoLen < HKDF_Data->infoLen) {
2326 LAC_INVALID_PARAM_LOG(
2327 "CpaCyKeyGenHKDFOpData.infoLen");
2328 return CPA_STATUS_INVALID_PARAM;
2329 }
2330 break;
2331 case ICP_QAT_FW_LA_CMD_HKDF_EXPAND_LABEL: /* Fall through */
2332 case ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND_LABEL: {
2333 Cpa8U subl_mask = 0, subl_number = 1;
2334 Cpa8U i = 0;
2335
2336 if (maxSeedLen < HKDF_Data->seedLen) {
2337 LAC_INVALID_PARAM_LOG(
2338 "CpaCyKeyGenHKDFOpData.seedLen");
2339 return CPA_STATUS_INVALID_PARAM;
2340 }
2341
2342 /* If EXPAND set uOutputLen to zero */
2343 if (ICP_QAT_FW_LA_CMD_HKDF_EXPAND_LABEL == cmdId) {
2344 uOutputLen = 0;
2345 maxSecretLen = cipherSuiteHKDFHashSizes
2346 [cipherSuite][LAC_KEY_HKDF_DIGESTS];
2347 }
2348
2349 for (i = 0; i < HKDF_Data->numLabels; i++) {
2350 /* Check that the labelLen does not overflow */
2351 if (maxLabelLen <
2352 HKDF_Data->label[i].labelLen) {
2353 LAC_INVALID_PARAM_LOG1(
2354 "CpaCyKeyGenHKDFOpData.label[%d].labelLen",
2355 i);
2356 return CPA_STATUS_INVALID_PARAM;
2357 }
2358
2359 if (HKDF_Data->label[i].sublabelFlag &
2360 ~HKDF_SUB_LABELS_ALL) {
2361 LAC_INVALID_PARAM_LOG1(
2362 "CpaCyKeyGenHKDFOpData.label[%d]."
2363 "subLabelFlag",
2364 i);
2365 return CPA_STATUS_INVALID_PARAM;
2366 }
2367
2368 /* Calculate the appended subLabel output
2369 * lengths and
2370 * check that the output buffer that the user
2371 * has
2372 * supplied is the correct length.
2373 */
2374 uOutputLen += cipherSuiteHKDFHashSizes
2375 [cipherSuite][LAC_KEY_HKDF_DIGESTS];
2376 /* Get mask of subLabel */
2377 subl_mask = HKDF_Data->label[i].sublabelFlag;
2378
2379 for (subl_number = 1;
2380 subl_number <= LAC_KEY_HKDF_SUBLABELS_NUM;
2381 subl_number++) {
2382 /* Add the used subLabel key lengths */
2383 if (subl_mask & 1) {
2384 uOutputLen +=
2385 cipherSuiteHKDFHashSizes
2386 [cipherSuite]
2387 [subl_number];
2388 }
2389 subl_mask >>= 1;
2390 }
2391 }
2392 } break;
2393 default:
2394 break;
2395 }
2396 } else {
2397 LAC_INVALID_PARAM_LOG("TLS/SSL operation");
2398 return CPA_STATUS_INVALID_PARAM;
2399 }
2400
2401 /* Maximum secret length for TLS/SSL Key Gen request */
2402 if (uSecretLen > maxSecretLen) {
2403 LAC_INVALID_PARAM_LOG("HKFD.secretLen/secret.dataLenInBytes");
2404 return CPA_STATUS_INVALID_PARAM;
2405 }
2406
2407 /* Check for enough space in the flat buffer */
2408 if (uOutputLen > pGeneratedKeyBuffer->dataLenInBytes) {
2409 LAC_INVALID_PARAM_LOG("pGeneratedKeyBuffer->dataLenInBytes");
2410 return CPA_STATUS_INVALID_PARAM;
2411 }
2412 return CPA_STATUS_SUCCESS;
2413 }
2414
2415 /**
2416 *
2417 */
2418 /**
2419 * @ingroup LacSymKey
2420 * Common Keygen Code for TLS v1.0/1.1, v1.2 and SSL3.
2421 * @description
2422 * Check user parameters and perform the required operation.
2423 *
2424 * @param[in] instanceHandle_in Instance handle.
2425 * @param[in] pKeyGenCb Pointer to callback function to be
2426 * invoked when the operation is complete.
2427 * If this is set to a NULL value the
2428 * function will operate synchronously.
2429 * @param[in] pCallbackTag Opaque User Data for this specific
2430 * call. Will be returned unchanged in the
2431 * callback.
2432 * @param[in] pKeyGenOpData Pointer to a structure containing all
2433 * the data needed to perform the key
2434 * generation operation.
2435 * @param[in] hashAlgorithm Specifies the hash algorithm to use.
2436 * According to RFC5246, this should be
2437 * "SHA-256 or a stronger standard hash
2438 * function."
2439 * @param[out] pGeneratedKeyBuffer User output buffer.
2440 * @param[in] cmdId Keygen operation to perform.
2441 */
2442 static CpaStatus
LacSymKey_KeyGenSslTls(const CpaInstanceHandle instanceHandle_in,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const void * pKeyGenOpData,Cpa8U hashAlgorithm,CpaFlatBuffer * pGeneratedKeyBuffer,icp_qat_fw_la_cmd_id_t cmdId)2443 LacSymKey_KeyGenSslTls(const CpaInstanceHandle instanceHandle_in,
2444 const CpaCyGenFlatBufCbFunc pKeyGenCb,
2445 void *pCallbackTag,
2446 const void *pKeyGenOpData,
2447 Cpa8U hashAlgorithm,
2448 CpaFlatBuffer *pGeneratedKeyBuffer,
2449 icp_qat_fw_la_cmd_id_t cmdId)
2450 {
2451 CpaStatus status = CPA_STATUS_FAIL;
2452 CpaInstanceHandle instanceHandle = LacKey_GetHandle(instanceHandle_in);
2453
2454 LAC_CHECK_INSTANCE_HANDLE(instanceHandle);
2455 SAL_CHECK_INSTANCE_TYPE(instanceHandle,
2456 (SAL_SERVICE_TYPE_CRYPTO |
2457 SAL_SERVICE_TYPE_CRYPTO_SYM));
2458 SAL_RUNNING_CHECK(instanceHandle);
2459
2460 status = LacSymKey_CheckParamSslTls(pKeyGenOpData,
2461 hashAlgorithm,
2462 pGeneratedKeyBuffer,
2463 cmdId);
2464 if (CPA_STATUS_SUCCESS != status)
2465 return status;
2466 return LacSymKey_KeyGenSslTls_GenCommon(instanceHandle,
2467 pKeyGenCb,
2468 pCallbackTag,
2469 cmdId,
2470 LAC_CONST_PTR_CAST(
2471 pKeyGenOpData),
2472 hashAlgorithm,
2473 pGeneratedKeyBuffer);
2474 }
2475
2476 /**
2477 * @ingroup LacSymKey
2478 * SSL Key Generation Function.
2479 * @description
2480 * This function is used for SSL key generation. It implements the key
2481 * generation function defined in section 6.2.2 of the SSL 3.0
2482 * specification as described in
2483 * http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt.
2484 *
2485 * The input seed is taken as a flat buffer and the generated key is
2486 * returned to caller in a flat destination data buffer.
2487 *
2488 * @param[in] instanceHandle_in Instance handle.
2489 * @param[in] pKeyGenCb Pointer to callback function to be
2490 * invoked when the operation is complete.
2491 * If this is set to a NULL value the
2492 * function will operate synchronously.
2493 * @param[in] pCallbackTag Opaque User Data for this specific
2494 * call. Will be returned unchanged in the
2495 * callback.
2496 * @param[in] pKeyGenSslOpData Pointer to a structure containing all
2497 * the data needed to perform the SSL key
2498 * generation operation. The client code
2499 * allocates the memory for this
2500 * structure. This component takes
2501 * ownership of the memory until it is
2502 * returned in the callback.
2503 * @param[out] pGeneratedKeyBuffer Caller MUST allocate a sufficient
2504 * buffer to hold the key generation
2505 * output. The data pointer SHOULD be
2506 * aligned on an 8-byte boundary. The
2507 * length field passed in represents the
2508 * size of the buffer in bytes. The value
2509 * that is returned is the size of the
2510 * result key in bytes.
2511 * On invocation the callback function
2512 * will contain this parameter in the
2513 * pOut parameter.
2514 *
2515 * @retval CPA_STATUS_SUCCESS Function executed successfully.
2516 * @retval CPA_STATUS_FAIL Function failed.
2517 * @retval CPA_STATUS_RETRY Resubmit the request.
2518 * @retval CPA_STATUS_INVALID_PARAM Invalid parameter passed in.
2519 * @retval CPA_STATUS_RESOURCE Error related to system resources.
2520 */
2521 CpaStatus
cpaCyKeyGenSsl(const CpaInstanceHandle instanceHandle_in,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const CpaCyKeyGenSslOpData * pKeyGenSslOpData,CpaFlatBuffer * pGeneratedKeyBuffer)2522 cpaCyKeyGenSsl(const CpaInstanceHandle instanceHandle_in,
2523 const CpaCyGenFlatBufCbFunc pKeyGenCb,
2524 void *pCallbackTag,
2525 const CpaCyKeyGenSslOpData *pKeyGenSslOpData,
2526 CpaFlatBuffer *pGeneratedKeyBuffer)
2527 {
2528 CpaInstanceHandle instanceHandle = NULL;
2529
2530 if (CPA_INSTANCE_HANDLE_SINGLE == instanceHandle_in) {
2531 instanceHandle =
2532 Lac_GetFirstHandle(SAL_SERVICE_TYPE_CRYPTO_SYM);
2533 } else {
2534 instanceHandle = instanceHandle_in;
2535 }
2536
2537 return LacSymKey_KeyGenSslTls(instanceHandle,
2538 pKeyGenCb,
2539 pCallbackTag,
2540 LAC_CONST_PTR_CAST(pKeyGenSslOpData),
2541 CPA_CY_SYM_HASH_NONE, /* Hash algorithm */
2542 pGeneratedKeyBuffer,
2543 ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE);
2544 }
2545
2546 /**
2547 * @ingroup LacSymKey
2548 * TLS Key Generation Function.
2549 * @description
2550 * This function is used for TLS key generation. It implements the
2551 * TLS PRF (Pseudo Random Function) as defined by RFC2246 (TLS v1.0)
2552 * and RFC4346 (TLS v1.1).
2553 *
2554 * The input seed is taken as a flat buffer and the generated key is
2555 * returned to caller in a flat destination data buffer.
2556 *
2557 * @param[in] instanceHandle_in Instance handle.
2558 * @param[in] pKeyGenCb Pointer to callback function to be
2559 * invoked when the operation is complete.
2560 * If this is set to a NULL value the
2561 * function will operate synchronously.
2562 * @param[in] pCallbackTag Opaque User Data for this specific
2563 * call. Will be returned unchanged in the
2564 * callback.
2565 * @param[in] pKeyGenTlsOpData Pointer to a structure containing all
2566 * the data needed to perform the TLS key
2567 * generation operation. The client code
2568 * allocates the memory for this
2569 * structure. This component takes
2570 * ownership of the memory until it is
2571 * returned in the callback.
2572 * @param[out] pGeneratedKeyBuffer Caller MUST allocate a sufficient
2573 * buffer to hold the key generation
2574 * output. The data pointer SHOULD be
2575 * aligned on an 8-byte boundary. The
2576 * length field passed in represents the
2577 * size of the buffer in bytes. The value
2578 * that is returned is the size of the
2579 * result key in bytes.
2580 * On invocation the callback function
2581 * will contain this parameter in the
2582 * pOut parameter.
2583 *
2584 * @retval CPA_STATUS_SUCCESS Function executed successfully.
2585 * @retval CPA_STATUS_FAIL Function failed.
2586 * @retval CPA_STATUS_RETRY Resubmit the request.
2587 * @retval CPA_STATUS_INVALID_PARAM Invalid parameter passed in.
2588 * @retval CPA_STATUS_RESOURCE Error related to system resources.
2589 *
2590 */
2591 CpaStatus
cpaCyKeyGenTls(const CpaInstanceHandle instanceHandle_in,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const CpaCyKeyGenTlsOpData * pKeyGenTlsOpData,CpaFlatBuffer * pGeneratedKeyBuffer)2592 cpaCyKeyGenTls(const CpaInstanceHandle instanceHandle_in,
2593 const CpaCyGenFlatBufCbFunc pKeyGenCb,
2594 void *pCallbackTag,
2595 const CpaCyKeyGenTlsOpData *pKeyGenTlsOpData,
2596 CpaFlatBuffer *pGeneratedKeyBuffer)
2597 {
2598 CpaInstanceHandle instanceHandle = NULL;
2599
2600 if (CPA_INSTANCE_HANDLE_SINGLE == instanceHandle_in) {
2601 instanceHandle =
2602 Lac_GetFirstHandle(SAL_SERVICE_TYPE_CRYPTO_SYM);
2603 } else {
2604 instanceHandle = instanceHandle_in;
2605 }
2606
2607 return LacSymKey_KeyGenSslTls(instanceHandle,
2608 pKeyGenCb,
2609 pCallbackTag,
2610 LAC_CONST_PTR_CAST(pKeyGenTlsOpData),
2611 CPA_CY_SYM_HASH_NONE, /* Hash algorithm */
2612 pGeneratedKeyBuffer,
2613 ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE);
2614 }
2615
2616 /**
2617 * @ingroup LacSymKey
2618 * @description
2619 * This function is used for TLS key generation. It implements the
2620 * TLS PRF (Pseudo Random Function) as defined by RFC5246 (TLS v1.2).
2621 *
2622 * The input seed is taken as a flat buffer and the generated key is
2623 * returned to caller in a flat destination data buffer.
2624 *
2625 * @param[in] instanceHandle_in Instance handle.
2626 * @param[in] pKeyGenCb Pointer to callback function to be
2627 * invoked when the operation is complete.
2628 * If this is set to a NULL value the
2629 * function will operate synchronously.
2630 * @param[in] pCallbackTag Opaque User Data for this specific
2631 * call. Will be returned unchanged in the
2632 * callback.
2633 * @param[in] pKeyGenTlsOpData Pointer to a structure containing all
2634 * the data needed to perform the TLS key
2635 * generation operation. The client code
2636 * allocates the memory for this
2637 * structure. This component takes
2638 * ownership of the memory until it is
2639 * returned in the callback.
2640 * @param[in] hashAlgorithm Specifies the hash algorithm to use.
2641 * According to RFC5246, this should be
2642 * "SHA-256 or a stronger standard hash
2643 * function."
2644 * @param[out] pGeneratedKeyBuffer Caller MUST allocate a sufficient
2645 * buffer to hold the key generation
2646 * output. The data pointer SHOULD be
2647 * aligned on an 8-byte boundary. The
2648 * length field passed in represents the
2649 * size of the buffer in bytes. The value
2650 * that is returned is the size of the
2651 * result key in bytes.
2652 * On invocation the callback function
2653 * will contain this parameter in the
2654 * pOut parameter.
2655 *
2656 * @retval CPA_STATUS_SUCCESS Function executed successfully.
2657 * @retval CPA_STATUS_FAIL Function failed.
2658 * @retval CPA_STATUS_RETRY Resubmit the request.
2659 * @retval CPA_STATUS_INVALID_PARAM Invalid parameter passed in.
2660 * @retval CPA_STATUS_RESOURCE Error related to system resources.
2661 */
2662 CpaStatus
cpaCyKeyGenTls2(const CpaInstanceHandle instanceHandle_in,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const CpaCyKeyGenTlsOpData * pKeyGenTlsOpData,CpaCySymHashAlgorithm hashAlgorithm,CpaFlatBuffer * pGeneratedKeyBuffer)2663 cpaCyKeyGenTls2(const CpaInstanceHandle instanceHandle_in,
2664 const CpaCyGenFlatBufCbFunc pKeyGenCb,
2665 void *pCallbackTag,
2666 const CpaCyKeyGenTlsOpData *pKeyGenTlsOpData,
2667 CpaCySymHashAlgorithm hashAlgorithm,
2668 CpaFlatBuffer *pGeneratedKeyBuffer)
2669 {
2670 CpaInstanceHandle instanceHandle = NULL;
2671
2672 if (CPA_INSTANCE_HANDLE_SINGLE == instanceHandle_in) {
2673 instanceHandle =
2674 Lac_GetFirstHandle(SAL_SERVICE_TYPE_CRYPTO_SYM);
2675 } else {
2676 instanceHandle = instanceHandle_in;
2677 }
2678
2679 return LacSymKey_KeyGenSslTls(instanceHandle,
2680 pKeyGenCb,
2681 pCallbackTag,
2682 LAC_CONST_PTR_CAST(pKeyGenTlsOpData),
2683 hashAlgorithm,
2684 pGeneratedKeyBuffer,
2685 ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE);
2686 }
2687
2688 /**
2689 * @ingroup LacSymKey
2690 * @description
2691 * This function is used for TLS1.3 HKDF key generation. It implements
2692 * the "extract-then-expand" paradigm as defined by RFC 5869.
2693 *
2694 * The input seed/secret/info is taken as a flat buffer and the generated
2695 * key(s)/labels are returned to caller in a flat data buffer.
2696 *
2697 * @param[in] instanceHandle_in Instance handle.
2698 * @param[in] pKeyGenCb Pointer to callback function to be
2699 * invoked when the operation is complete.
2700 * If this is set to a NULL value the
2701 * function will operate synchronously.
2702 * @param[in] pCallbackTag Opaque User Data for this specific
2703 * call. Will be returned unchanged in the
2704 * callback.
2705 * @param[in] pKeyGenTlsOpData Pointer to a structure containing
2706 * the data needed to perform the HKDF key
2707 * generation operation.
2708 * The client code allocates the memory
2709 * for this structure as contiguous
2710 * pinned memory.
2711 * This component takes ownership of the
2712 * memory until it is returned in the
2713 * callback.
2714 * @param[in] hashAlgorithm Specifies the hash algorithm to use.
2715 * According to RFC5246, this should be
2716 * "SHA-256 or a stronger standard hash
2717 * function."
2718 * @param[out] pGeneratedKeyBuffer Caller MUST allocate a sufficient
2719 * buffer to hold the key generation
2720 * output. The data pointer SHOULD be
2721 * aligned on an 8-byte boundary. The
2722 * length field passed in represents the
2723 * size of the buffer in bytes. The value
2724 * that is returned is the size of the
2725 * result key in bytes.
2726 * On invocation the callback function
2727 * will contain this parameter in the
2728 * pOut parameter.
2729 *
2730 * @retval CPA_STATUS_SUCCESS Function executed successfully.
2731 * @retval CPA_STATUS_FAIL Function failed.
2732 * @retval CPA_STATUS_RETRY Resubmit the request.
2733 * @retval CPA_STATUS_INVALID_PARAM Invalid parameter passed in.
2734 * @retval CPA_STATUS_RESOURCE Error related to system resources.
2735 */
2736 CpaStatus
cpaCyKeyGenTls3(const CpaInstanceHandle instanceHandle_in,const CpaCyGenFlatBufCbFunc pKeyGenCb,void * pCallbackTag,const CpaCyKeyGenHKDFOpData * pKeyGenTlsOpData,CpaCyKeyHKDFCipherSuite cipherSuite,CpaFlatBuffer * pGeneratedKeyBuffer)2737 cpaCyKeyGenTls3(const CpaInstanceHandle instanceHandle_in,
2738 const CpaCyGenFlatBufCbFunc pKeyGenCb,
2739 void *pCallbackTag,
2740 const CpaCyKeyGenHKDFOpData *pKeyGenTlsOpData,
2741 CpaCyKeyHKDFCipherSuite cipherSuite,
2742 CpaFlatBuffer *pGeneratedKeyBuffer)
2743 {
2744
2745 LAC_CHECK_NULL_PARAM(pKeyGenTlsOpData);
2746 switch (pKeyGenTlsOpData->hkdfKeyOp) {
2747 case CPA_CY_HKDF_KEY_EXTRACT: /* Fall through */
2748 case CPA_CY_HKDF_KEY_EXPAND:
2749 case CPA_CY_HKDF_KEY_EXTRACT_EXPAND:
2750 case CPA_CY_HKDF_KEY_EXPAND_LABEL:
2751 case CPA_CY_HKDF_KEY_EXTRACT_EXPAND_LABEL:
2752 break;
2753 default:
2754 LAC_INVALID_PARAM_LOG("HKDF operation not supported");
2755 return CPA_STATUS_INVALID_PARAM;
2756 }
2757
2758 return LacSymKey_KeyGenSslTls(instanceHandle_in,
2759 pKeyGenCb,
2760 pCallbackTag,
2761 LAC_CONST_PTR_CAST(pKeyGenTlsOpData),
2762 cipherSuite,
2763 pGeneratedKeyBuffer,
2764 (icp_qat_fw_la_cmd_id_t)
2765 pKeyGenTlsOpData->hkdfKeyOp);
2766 }
2767
2768 /*
2769 * LacSymKey_Init
2770 */
2771 CpaStatus
LacSymKey_Init(CpaInstanceHandle instanceHandle_in)2772 LacSymKey_Init(CpaInstanceHandle instanceHandle_in)
2773 {
2774 CpaStatus status = CPA_STATUS_SUCCESS;
2775 CpaInstanceHandle instanceHandle = LacKey_GetHandle(instanceHandle_in);
2776 sal_crypto_service_t *pService = NULL;
2777
2778 LAC_CHECK_INSTANCE_HANDLE(instanceHandle);
2779
2780 pService = (sal_crypto_service_t *)instanceHandle;
2781
2782 pService->pLacKeyStats =
2783 LAC_OS_MALLOC(LAC_KEY_NUM_STATS * sizeof(QatUtilsAtomic));
2784
2785 if (NULL != pService->pLacKeyStats) {
2786 LAC_OS_BZERO((void *)pService->pLacKeyStats,
2787 LAC_KEY_NUM_STATS * sizeof(QatUtilsAtomic));
2788
2789 status = LAC_OS_CAMALLOC(&pService->pSslLabel,
2790 ICP_QAT_FW_LA_SSL_LABEL_LEN_MAX,
2791 LAC_8BYTE_ALIGNMENT,
2792 pService->nodeAffinity);
2793 } else {
2794 status = CPA_STATUS_RESOURCE;
2795 }
2796
2797 if (CPA_STATUS_SUCCESS == status) {
2798 Cpa32U i = 0;
2799 Cpa32U offset = 0;
2800
2801 /* Initialise SSL label ABBCCC..... */
2802 for (i = 0; i < ICP_QAT_FW_LA_SSL_ITERATES_LEN_MAX; i++) {
2803 memset(pService->pSslLabel + offset, 'A' + i, i + 1);
2804 offset += (i + 1);
2805 }
2806
2807 /* Allocate memory for TLS labels */
2808 status = LAC_OS_CAMALLOC(&pService->pTlsLabel,
2809 sizeof(lac_sym_key_tls_labels_t),
2810 LAC_8BYTE_ALIGNMENT,
2811 pService->nodeAffinity);
2812 }
2813
2814 if (CPA_STATUS_SUCCESS == status) {
2815 /* Allocate memory for HKDF sub_labels */
2816 status =
2817 LAC_OS_CAMALLOC(&pService->pTlsHKDFSubLabel,
2818 sizeof(lac_sym_key_tls_hkdf_sub_labels_t),
2819 LAC_8BYTE_ALIGNMENT,
2820 pService->nodeAffinity);
2821 }
2822
2823 if (CPA_STATUS_SUCCESS == status) {
2824 LAC_OS_BZERO(pService->pTlsLabel,
2825 sizeof(lac_sym_key_tls_labels_t));
2826
2827 /* Copy the TLS v1.2 labels into the dynamically allocated
2828 * structure */
2829 memcpy(pService->pTlsLabel->masterSecret,
2830 LAC_SYM_KEY_TLS_MASTER_SECRET_LABEL,
2831 sizeof(LAC_SYM_KEY_TLS_MASTER_SECRET_LABEL) - 1);
2832
2833 memcpy(pService->pTlsLabel->keyMaterial,
2834 LAC_SYM_KEY_TLS_KEY_MATERIAL_LABEL,
2835 sizeof(LAC_SYM_KEY_TLS_KEY_MATERIAL_LABEL) - 1);
2836
2837 memcpy(pService->pTlsLabel->clientFinished,
2838 LAC_SYM_KEY_TLS_CLIENT_FIN_LABEL,
2839 sizeof(LAC_SYM_KEY_TLS_CLIENT_FIN_LABEL) - 1);
2840
2841 memcpy(pService->pTlsLabel->serverFinished,
2842 LAC_SYM_KEY_TLS_SERVER_FIN_LABEL,
2843 sizeof(LAC_SYM_KEY_TLS_SERVER_FIN_LABEL) - 1);
2844
2845 LAC_OS_BZERO(pService->pTlsHKDFSubLabel,
2846 sizeof(lac_sym_key_tls_hkdf_sub_labels_t));
2847
2848 /* Copy the TLS v1.3 subLabels into the dynamically allocated
2849 * struct */
2850 /* KEY SHA-256 */
2851 memcpy(&pService->pTlsHKDFSubLabel->keySublabel256,
2852 &key256,
2853 HKDF_SUB_LABEL_KEY_LENGTH);
2854 pService->pTlsHKDFSubLabel->keySublabel256.labelLen =
2855 HKDF_SUB_LABEL_KEY_LENGTH;
2856 pService->pTlsHKDFSubLabel->keySublabel256.sublabelFlag = 1
2857 << QAT_FW_HKDF_INNER_SUBLABEL_16_BYTE_OKM_BITPOS;
2858 /* KEY SHA-384 */
2859 memcpy(&pService->pTlsHKDFSubLabel->keySublabel384,
2860 &key384,
2861 HKDF_SUB_LABEL_KEY_LENGTH);
2862 pService->pTlsHKDFSubLabel->keySublabel384.labelLen =
2863 HKDF_SUB_LABEL_KEY_LENGTH;
2864 pService->pTlsHKDFSubLabel->keySublabel384.sublabelFlag = 1
2865 << QAT_FW_HKDF_INNER_SUBLABEL_32_BYTE_OKM_BITPOS;
2866 /* KEY CHACHAPOLY */
2867 memcpy(&pService->pTlsHKDFSubLabel->keySublabelChaChaPoly,
2868 &keyChaChaPoly,
2869 HKDF_SUB_LABEL_KEY_LENGTH);
2870 pService->pTlsHKDFSubLabel->keySublabelChaChaPoly.labelLen =
2871 HKDF_SUB_LABEL_KEY_LENGTH;
2872 pService->pTlsHKDFSubLabel->keySublabelChaChaPoly.sublabelFlag =
2873 1 << QAT_FW_HKDF_INNER_SUBLABEL_32_BYTE_OKM_BITPOS;
2874 /* IV SHA-256 */
2875 memcpy(&pService->pTlsHKDFSubLabel->ivSublabel256,
2876 &iv256,
2877 HKDF_SUB_LABEL_IV_LENGTH);
2878 pService->pTlsHKDFSubLabel->ivSublabel256.labelLen =
2879 HKDF_SUB_LABEL_IV_LENGTH;
2880 pService->pTlsHKDFSubLabel->ivSublabel256.sublabelFlag = 1
2881 << QAT_FW_HKDF_INNER_SUBLABEL_12_BYTE_OKM_BITPOS;
2882 /* IV SHA-384 */
2883 memcpy(&pService->pTlsHKDFSubLabel->ivSublabel384,
2884 &iv384,
2885 HKDF_SUB_LABEL_IV_LENGTH);
2886 pService->pTlsHKDFSubLabel->ivSublabel384.labelLen =
2887 HKDF_SUB_LABEL_IV_LENGTH;
2888 pService->pTlsHKDFSubLabel->ivSublabel384.sublabelFlag = 1
2889 << QAT_FW_HKDF_INNER_SUBLABEL_12_BYTE_OKM_BITPOS;
2890 /* IV CHACHAPOLY */
2891 memcpy(&pService->pTlsHKDFSubLabel->ivSublabelChaChaPoly,
2892 &iv256,
2893 HKDF_SUB_LABEL_IV_LENGTH);
2894 pService->pTlsHKDFSubLabel->ivSublabelChaChaPoly.labelLen =
2895 HKDF_SUB_LABEL_IV_LENGTH;
2896 pService->pTlsHKDFSubLabel->ivSublabelChaChaPoly.sublabelFlag =
2897 1 << QAT_FW_HKDF_INNER_SUBLABEL_12_BYTE_OKM_BITPOS;
2898 /* RESUMPTION SHA-256 */
2899 memcpy(&pService->pTlsHKDFSubLabel->resumptionSublabel256,
2900 &resumption256,
2901 HKDF_SUB_LABEL_RESUMPTION_LENGTH);
2902 pService->pTlsHKDFSubLabel->resumptionSublabel256.labelLen =
2903 HKDF_SUB_LABEL_RESUMPTION_LENGTH;
2904 /* RESUMPTION SHA-384 */
2905 memcpy(&pService->pTlsHKDFSubLabel->resumptionSublabel384,
2906 &resumption384,
2907 HKDF_SUB_LABEL_RESUMPTION_LENGTH);
2908 pService->pTlsHKDFSubLabel->resumptionSublabel384.labelLen =
2909 HKDF_SUB_LABEL_RESUMPTION_LENGTH;
2910 /* RESUMPTION CHACHAPOLY */
2911 memcpy(
2912 &pService->pTlsHKDFSubLabel->resumptionSublabelChaChaPoly,
2913 &resumption256,
2914 HKDF_SUB_LABEL_RESUMPTION_LENGTH);
2915 pService->pTlsHKDFSubLabel->resumptionSublabelChaChaPoly
2916 .labelLen = HKDF_SUB_LABEL_RESUMPTION_LENGTH;
2917 /* FINISHED SHA-256 */
2918 memcpy(&pService->pTlsHKDFSubLabel->finishedSublabel256,
2919 &finished256,
2920 HKDF_SUB_LABEL_FINISHED_LENGTH);
2921 pService->pTlsHKDFSubLabel->finishedSublabel256.labelLen =
2922 HKDF_SUB_LABEL_FINISHED_LENGTH;
2923 /* FINISHED SHA-384 */
2924 memcpy(&pService->pTlsHKDFSubLabel->finishedSublabel384,
2925 &finished384,
2926 HKDF_SUB_LABEL_FINISHED_LENGTH);
2927 pService->pTlsHKDFSubLabel->finishedSublabel384.labelLen =
2928 HKDF_SUB_LABEL_FINISHED_LENGTH;
2929 /* FINISHED CHACHAPOLY */
2930 memcpy(&pService->pTlsHKDFSubLabel->finishedSublabelChaChaPoly,
2931 &finished256,
2932 HKDF_SUB_LABEL_FINISHED_LENGTH);
2933 pService->pTlsHKDFSubLabel->finishedSublabelChaChaPoly
2934 .labelLen = HKDF_SUB_LABEL_FINISHED_LENGTH;
2935
2936 /* Set physical address of sublabels */
2937 pService->pTlsHKDFSubLabel->sublabelPhysAddr256 =
2938 LAC_OS_VIRT_TO_PHYS_INTERNAL(
2939 &pService->pTlsHKDFSubLabel->keySublabel256);
2940 pService->pTlsHKDFSubLabel->sublabelPhysAddr384 =
2941 LAC_OS_VIRT_TO_PHYS_INTERNAL(
2942 &pService->pTlsHKDFSubLabel->keySublabel384);
2943 pService->pTlsHKDFSubLabel->sublabelPhysAddrChaChaPoly =
2944 LAC_OS_VIRT_TO_PHYS_INTERNAL(
2945 &pService->pTlsHKDFSubLabel->keySublabelChaChaPoly);
2946
2947 /* Register request handlers */
2948 LacSymQat_RespHandlerRegister(ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE,
2949 LacSymKey_SslTlsHandleResponse);
2950
2951 LacSymQat_RespHandlerRegister(
2952 ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE,
2953 LacSymKey_SslTlsHandleResponse);
2954
2955 LacSymQat_RespHandlerRegister(
2956 ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE,
2957 LacSymKey_SslTlsHandleResponse);
2958
2959 LacSymQat_RespHandlerRegister(ICP_QAT_FW_LA_CMD_HKDF_EXTRACT,
2960 LacSymKey_SslTlsHandleResponse);
2961
2962 LacSymQat_RespHandlerRegister(ICP_QAT_FW_LA_CMD_HKDF_EXPAND,
2963 LacSymKey_SslTlsHandleResponse);
2964
2965 LacSymQat_RespHandlerRegister(
2966 ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND,
2967 LacSymKey_SslTlsHandleResponse);
2968
2969 LacSymQat_RespHandlerRegister(
2970 ICP_QAT_FW_LA_CMD_HKDF_EXPAND_LABEL,
2971 LacSymKey_SslTlsHandleResponse);
2972
2973 LacSymQat_RespHandlerRegister(
2974 ICP_QAT_FW_LA_CMD_HKDF_EXTRACT_AND_EXPAND_LABEL,
2975 LacSymKey_SslTlsHandleResponse);
2976
2977 LacSymQat_RespHandlerRegister(ICP_QAT_FW_LA_CMD_MGF1,
2978 LacSymKey_MgfHandleResponse);
2979 }
2980
2981 if (CPA_STATUS_SUCCESS != status) {
2982 LAC_OS_FREE(pService->pLacKeyStats);
2983 LAC_OS_CAFREE(pService->pSslLabel);
2984 LAC_OS_CAFREE(pService->pTlsLabel);
2985 LAC_OS_CAFREE(pService->pTlsHKDFSubLabel);
2986 }
2987
2988 return status;
2989 }
2990
2991 /*
2992 * LacSymKey_Shutdown
2993 */
2994 CpaStatus
LacSymKey_Shutdown(CpaInstanceHandle instanceHandle_in)2995 LacSymKey_Shutdown(CpaInstanceHandle instanceHandle_in)
2996 {
2997 CpaStatus status = CPA_STATUS_SUCCESS;
2998 CpaInstanceHandle instanceHandle = LacKey_GetHandle(instanceHandle_in);
2999 sal_crypto_service_t *pService = NULL;
3000
3001 LAC_CHECK_INSTANCE_HANDLE(instanceHandle);
3002
3003 pService = (sal_crypto_service_t *)instanceHandle;
3004
3005 if (NULL != pService->pLacKeyStats) {
3006 LAC_OS_FREE(pService->pLacKeyStats);
3007 }
3008
3009 LAC_OS_CAFREE(pService->pSslLabel);
3010 LAC_OS_CAFREE(pService->pTlsLabel);
3011 LAC_OS_CAFREE(pService->pTlsHKDFSubLabel);
3012
3013 return status;
3014 }
3015