xref: /illumos-gate/usr/src/uts/common/crypto/io/dca_dsa.c (revision 2d6eb4a5e0a47d30189497241345dc5466bb68ab) 
188f8b78aSgm89044 /*
288f8b78aSgm89044  * CDDL HEADER START
388f8b78aSgm89044  *
488f8b78aSgm89044  * The contents of this file are subject to the terms of the
588f8b78aSgm89044  * Common Development and Distribution License (the "License").
688f8b78aSgm89044  * You may not use this file except in compliance with the License.
788f8b78aSgm89044  *
888f8b78aSgm89044  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
988f8b78aSgm89044  * or http://www.opensolaris.org/os/licensing.
1088f8b78aSgm89044  * See the License for the specific language governing permissions
1188f8b78aSgm89044  * and limitations under the License.
1288f8b78aSgm89044  *
1388f8b78aSgm89044  * When distributing Covered Code, include this CDDL HEADER in each
1488f8b78aSgm89044  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1588f8b78aSgm89044  * If applicable, add the following below this CDDL HEADER, with the
1688f8b78aSgm89044  * fields enclosed by brackets "[]" replaced with your own identifying
1788f8b78aSgm89044  * information: Portions Copyright [yyyy] [name of copyright owner]
1888f8b78aSgm89044  *
1988f8b78aSgm89044  * CDDL HEADER END
2088f8b78aSgm89044  */
2188f8b78aSgm89044 
2288f8b78aSgm89044 /*
23*f317a3a3Skrishna  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
2488f8b78aSgm89044  * Use is subject to license terms.
2588f8b78aSgm89044  */
2688f8b78aSgm89044 
2788f8b78aSgm89044 /*
2888f8b78aSgm89044  * Deimos - cryptographic acceleration based upon Broadcom 582x.
2988f8b78aSgm89044  */
3088f8b78aSgm89044 
3188f8b78aSgm89044 #include <sys/types.h>
3288f8b78aSgm89044 #include <sys/ddi.h>
3388f8b78aSgm89044 #include <sys/sunddi.h>
3488f8b78aSgm89044 #include <sys/kmem.h>
3588f8b78aSgm89044 #include <sys/crypto/spi.h>
3688f8b78aSgm89044 #include <sys/crypto/dca.h>
3788f8b78aSgm89044 
3888f8b78aSgm89044 /*
3988f8b78aSgm89044  * DSA implementation.
4088f8b78aSgm89044  */
4188f8b78aSgm89044 
4288f8b78aSgm89044 static void dca_dsa_sign_done(dca_request_t *, int);
4388f8b78aSgm89044 static void dca_dsa_verify_done(dca_request_t *, int);
4488f8b78aSgm89044 
4588f8b78aSgm89044 
4688f8b78aSgm89044 int dca_dsa_sign(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *sig,
4788f8b78aSgm89044     crypto_req_handle_t req);
4888f8b78aSgm89044 int dca_dsa_verify(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *sig,
4988f8b78aSgm89044     crypto_req_handle_t req);
5088f8b78aSgm89044 int dca_dsainit(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
5188f8b78aSgm89044     crypto_key_t *key, int kmflag, int mode);
5288f8b78aSgm89044 
5388f8b78aSgm89044 
5488f8b78aSgm89044 int
dca_dsa_sign(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * sig,crypto_req_handle_t req)5588f8b78aSgm89044 dca_dsa_sign(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *sig,
5688f8b78aSgm89044     crypto_req_handle_t req)
5788f8b78aSgm89044 {
5888f8b78aSgm89044 	dca_request_t	*reqp = ctx->cc_provider_private;
5988f8b78aSgm89044 	dca_t		*dca = ctx->cc_provider;
6088f8b78aSgm89044 	int		err;
6188f8b78aSgm89044 	int		rv = CRYPTO_QUEUED;
6288f8b78aSgm89044 	caddr_t		kaddr;
6388f8b78aSgm89044 	size_t		buflen;
6488f8b78aSgm89044 
6588f8b78aSgm89044 	buflen = dca_length(data);
6688f8b78aSgm89044 	if (buflen != SHA1LEN) {
6788f8b78aSgm89044 		DBG(dca, DWARN, "dca_dsa_sign: data length != %d", SHA1LEN);
6888f8b78aSgm89044 		rv = CRYPTO_DATA_LEN_RANGE;
6988f8b78aSgm89044 		goto errout;
7088f8b78aSgm89044 	}
7188f8b78aSgm89044 
7288f8b78aSgm89044 	/* Return length needed to store the output. */
7388f8b78aSgm89044 	if (dca_length(sig) < DSASIGLEN) {
7488f8b78aSgm89044 		DBG(dca, DWARN,
7588f8b78aSgm89044 		    "dca_dsa_sign: output buffer too short (%d < %d)",
7688f8b78aSgm89044 		    dca_length(sig), DSASIGLEN);
7788f8b78aSgm89044 		sig->cd_length = DSASIGLEN;
7888f8b78aSgm89044 		rv = CRYPTO_BUFFER_TOO_SMALL;
7988f8b78aSgm89044 		goto errout;
8088f8b78aSgm89044 	}
8188f8b78aSgm89044 
8288f8b78aSgm89044 	/*
8388f8b78aSgm89044 	 * Don't change the data values of the data crypto_data_t structure
8488f8b78aSgm89044 	 * yet. Only reset the sig cd_length to zero before writing to it.
8588f8b78aSgm89044 	 */
8688f8b78aSgm89044 
8788f8b78aSgm89044 	reqp->dr_job_stat = DS_DSASIGN;
8888f8b78aSgm89044 	reqp->dr_byte_stat = -1;
8988f8b78aSgm89044 	reqp->dr_in = data;
9088f8b78aSgm89044 	reqp->dr_out = sig;
9188f8b78aSgm89044 	reqp->dr_callback = dca_dsa_sign_done;
9288f8b78aSgm89044 
9388f8b78aSgm89044 	reqp->dr_kcf_req = req;
9488f8b78aSgm89044 	/* dca_gather() increments cd_offset & dec. cd_length by SHA1LEN. */
9588f8b78aSgm89044 	err = dca_gather(data, reqp->dr_ibuf_kaddr, SHA1LEN, 1);
9688f8b78aSgm89044 	if (err != CRYPTO_SUCCESS) {
9788f8b78aSgm89044 		DBG(dca, DWARN, "dca_dsa_sign: dca_gather() failed");
9888f8b78aSgm89044 		rv = err;
9988f8b78aSgm89044 		goto errout;
10088f8b78aSgm89044 	}
10188f8b78aSgm89044 
10288f8b78aSgm89044 
10388f8b78aSgm89044 	/* sync the input buffer */
10488f8b78aSgm89044 	(void) ddi_dma_sync(reqp->dr_ibuf_dmah, 0, SHA1LEN,
10588f8b78aSgm89044 		DDI_DMA_SYNC_FORDEV);
10688f8b78aSgm89044 	if (dca_check_dma_handle(dca, reqp->dr_ibuf_dmah,
10788f8b78aSgm89044 	    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
10888f8b78aSgm89044 		reqp->destroy = TRUE;
10988f8b78aSgm89044 		rv = CRYPTO_DEVICE_ERROR;
11088f8b78aSgm89044 		goto errout;
11188f8b78aSgm89044 	}
11288f8b78aSgm89044 
11388f8b78aSgm89044 	reqp->dr_in_paddr = reqp->dr_ibuf_paddr;
11488f8b78aSgm89044 	reqp->dr_in_next = 0;
11588f8b78aSgm89044 	reqp->dr_in_len = SHA1LEN;
11688f8b78aSgm89044 	reqp->dr_pkt_length = buflen;
11788f8b78aSgm89044 
11888f8b78aSgm89044 	/*
11988f8b78aSgm89044 	 * The output requires *two* buffers, r followed by s.
12088f8b78aSgm89044 	 */
12188f8b78aSgm89044 	kaddr = reqp->dr_ctx_kaddr + reqp->dr_offset;
12288f8b78aSgm89044 
12388f8b78aSgm89044 	/* r */
12488f8b78aSgm89044 	reqp->dr_out_paddr = reqp->dr_obuf_paddr;
12588f8b78aSgm89044 	reqp->dr_out_len = DSAPARTLEN;
12688f8b78aSgm89044 	reqp->dr_out_next = reqp->dr_ctx_paddr + reqp->dr_offset;
12788f8b78aSgm89044 
12888f8b78aSgm89044 	/* s */
12988f8b78aSgm89044 	PUTDESC32(reqp, kaddr, DESC_BUFADDR,
13088f8b78aSgm89044 	    reqp->dr_obuf_paddr + DSAPARTLEN);
13188f8b78aSgm89044 	PUTDESC32(reqp, kaddr, DESC_NEXT, 0);
13288f8b78aSgm89044 	PUTDESC16(reqp, kaddr, DESC_RSVD, 0);
13388f8b78aSgm89044 	PUTDESC16(reqp, kaddr, DESC_LENGTH, DSAPARTLEN);
13488f8b78aSgm89044 
13588f8b78aSgm89044 	/* schedule the work by doing a submit */
13688f8b78aSgm89044 	rv = dca_start(dca, reqp, MCR2, 1);
13788f8b78aSgm89044 
13888f8b78aSgm89044 errout:
13988f8b78aSgm89044 
14088f8b78aSgm89044 	if (rv != CRYPTO_QUEUED && rv != CRYPTO_BUFFER_TOO_SMALL)
14188f8b78aSgm89044 		(void) dca_free_context(ctx);
14288f8b78aSgm89044 
14388f8b78aSgm89044 	return (rv);
14488f8b78aSgm89044 }
14588f8b78aSgm89044 
14688f8b78aSgm89044 static void
dca_dsa_sign_done(dca_request_t * reqp,int errno)14788f8b78aSgm89044 dca_dsa_sign_done(dca_request_t *reqp, int errno)
14888f8b78aSgm89044 {
14988f8b78aSgm89044 	if (errno == CRYPTO_SUCCESS) {
15088f8b78aSgm89044 		(void) ddi_dma_sync(reqp->dr_obuf_dmah, 0, DSASIGLEN,
15188f8b78aSgm89044 		    DDI_DMA_SYNC_FORKERNEL);
15288f8b78aSgm89044 		if (dca_check_dma_handle(reqp->dr_dca, reqp->dr_obuf_dmah,
15388f8b78aSgm89044 		    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
15488f8b78aSgm89044 			reqp->destroy = TRUE;
15588f8b78aSgm89044 			errno = CRYPTO_DEVICE_ERROR;
15688f8b78aSgm89044 			goto errout;
15788f8b78aSgm89044 		}
15888f8b78aSgm89044 		/*
15988f8b78aSgm89044 		 * Set the sig cd_length to zero so it's ready to take the
16088f8b78aSgm89044 		 * signature. Have already confirmed its size is adequate.
16188f8b78aSgm89044 		 */
16288f8b78aSgm89044 		reqp->dr_out->cd_length = 0;
16388f8b78aSgm89044 		errno = dca_scatter(reqp->dr_obuf_kaddr,
16488f8b78aSgm89044 		    reqp->dr_out, DSAPARTLEN, 1);
16588f8b78aSgm89044 		if (errno != CRYPTO_SUCCESS) {
16688f8b78aSgm89044 			DBG(reqp->dr_dca, DWARN,
16788f8b78aSgm89044 			    "dca_dsa_sign_done: dca_scatter() failed");
16888f8b78aSgm89044 			goto errout;
16988f8b78aSgm89044 		}
17088f8b78aSgm89044 		errno = dca_scatter(reqp->dr_obuf_kaddr+DSAPARTLEN,
17188f8b78aSgm89044 		    reqp->dr_out, DSAPARTLEN, 1);
17288f8b78aSgm89044 		if (errno != CRYPTO_SUCCESS) {
17388f8b78aSgm89044 			DBG(reqp->dr_dca, DWARN,
17488f8b78aSgm89044 			    "dca_dsa_sign_done: dca_scatter() failed");
17588f8b78aSgm89044 		}
17688f8b78aSgm89044 	}
17788f8b78aSgm89044 errout:
17888f8b78aSgm89044 	ASSERT(reqp->dr_kcf_req != NULL);
17988f8b78aSgm89044 
18088f8b78aSgm89044 	/* notify framework that request is completed */
18188f8b78aSgm89044 	crypto_op_notification(reqp->dr_kcf_req, errno);
18288f8b78aSgm89044 	DBG(reqp->dr_dca, DINTR,
18388f8b78aSgm89044 	    "dca_dsa_sign_done: rtn 0x%x to kef via crypto_op_notification",
18488f8b78aSgm89044 	    errno);
18588f8b78aSgm89044 
18688f8b78aSgm89044 	/*
18788f8b78aSgm89044 	 * For non-atomic operations, reqp will be freed in the kCF
18888f8b78aSgm89044 	 * callback function since it may be needed again if
18988f8b78aSgm89044 	 * CRYPTO_BUFFER_TOO_SMALL is returned to kCF
19088f8b78aSgm89044 	 */
19188f8b78aSgm89044 	if (reqp->dr_ctx.atomic) {
19288f8b78aSgm89044 		crypto_ctx_t ctx;
19388f8b78aSgm89044 		ctx.cc_provider_private = reqp;
19488f8b78aSgm89044 		dca_dsactxfree(&ctx);
19588f8b78aSgm89044 	}
19688f8b78aSgm89044 }
19788f8b78aSgm89044 
19888f8b78aSgm89044 int
dca_dsa_verify(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * sig,crypto_req_handle_t req)19988f8b78aSgm89044 dca_dsa_verify(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *sig,
20088f8b78aSgm89044     crypto_req_handle_t req)
20188f8b78aSgm89044 {
20288f8b78aSgm89044 	dca_request_t	*reqp = ctx->cc_provider_private;
20388f8b78aSgm89044 	dca_t		*dca = ctx->cc_provider;
20488f8b78aSgm89044 	int		err;
20588f8b78aSgm89044 	int		rv = CRYPTO_QUEUED;
20688f8b78aSgm89044 	caddr_t		kaddr;
20788f8b78aSgm89044 
20888f8b78aSgm89044 	/* Impossible for verify to be an in-place operation. */
20988f8b78aSgm89044 	if (sig == NULL) {
21088f8b78aSgm89044 		rv = CRYPTO_ARGUMENTS_BAD;
21188f8b78aSgm89044 		goto errout;
21288f8b78aSgm89044 	}
21388f8b78aSgm89044 
21488f8b78aSgm89044 	if (dca_length(data) != SHA1LEN) {
21588f8b78aSgm89044 		DBG(dca, DWARN, "dca_dsa_verify: input length != %d", SHA1LEN);
21688f8b78aSgm89044 		rv = CRYPTO_DATA_LEN_RANGE;
21788f8b78aSgm89044 		goto errout;
21888f8b78aSgm89044 	}
21988f8b78aSgm89044 
22088f8b78aSgm89044 	if (dca_length(sig) != DSASIGLEN) {
22188f8b78aSgm89044 		DBG(dca, DWARN, "dca_dsa_verify: signature length != %d",
22288f8b78aSgm89044 		    DSASIGLEN);
22388f8b78aSgm89044 		rv = CRYPTO_SIGNATURE_LEN_RANGE;
22488f8b78aSgm89044 		goto errout;
22588f8b78aSgm89044 	}
22688f8b78aSgm89044 
22788f8b78aSgm89044 	/* Don't change the data & sig values for verify. */
22888f8b78aSgm89044 
22988f8b78aSgm89044 	reqp->dr_job_stat = DS_DSAVERIFY;
23088f8b78aSgm89044 	reqp->dr_byte_stat = -1;
23188f8b78aSgm89044 
23288f8b78aSgm89044 	/*
23388f8b78aSgm89044 	 * Grab h, r and s.
23488f8b78aSgm89044 	 */
23588f8b78aSgm89044 	err = dca_gather(data, reqp->dr_ibuf_kaddr, SHA1LEN, 1);
23688f8b78aSgm89044 	if (err != CRYPTO_SUCCESS) {
23788f8b78aSgm89044 		DBG(dca, DWARN,
23888f8b78aSgm89044 		    "dca_dsa_vrfy: dca_gather() failed for h");
23988f8b78aSgm89044 		rv = err;
24088f8b78aSgm89044 		goto errout;
24188f8b78aSgm89044 	}
24288f8b78aSgm89044 	err = dca_gather(sig, reqp->dr_ibuf_kaddr+SHA1LEN, DSAPARTLEN, 1);
24388f8b78aSgm89044 	if (err != CRYPTO_SUCCESS) {
24488f8b78aSgm89044 		DBG(dca, DWARN,
24588f8b78aSgm89044 		    "dca_dsa_vrfy: dca_gather() failed for r");
24688f8b78aSgm89044 		rv = err;
24788f8b78aSgm89044 		goto errout;
24888f8b78aSgm89044 	}
24988f8b78aSgm89044 	err = dca_gather(sig, reqp->dr_ibuf_kaddr+SHA1LEN+DSAPARTLEN,
25088f8b78aSgm89044 	    DSAPARTLEN, 1);
25188f8b78aSgm89044 	if (err != CRYPTO_SUCCESS) {
25288f8b78aSgm89044 		DBG(dca, DWARN,
25388f8b78aSgm89044 		    "dca_dsa_vrfy: dca_gather() failed for s");
25488f8b78aSgm89044 		rv = err;
25588f8b78aSgm89044 		goto errout;
25688f8b78aSgm89044 	}
25788f8b78aSgm89044 	/*
25888f8b78aSgm89044 	 * As dca_gather() increments the cd_offset and decrements
25988f8b78aSgm89044 	 * the cd_length as it copies the data rewind the values ready for
26088f8b78aSgm89044 	 * the final compare.
26188f8b78aSgm89044 	 */
26288f8b78aSgm89044 	sig->cd_offset -= (DSAPARTLEN * 2);
26388f8b78aSgm89044 	sig->cd_length += (DSAPARTLEN * 2);
26488f8b78aSgm89044 	/* sync the input buffer */
26588f8b78aSgm89044 	(void) ddi_dma_sync(reqp->dr_ibuf_dmah, 0, SHA1LEN + DSAPARTLEN,
26688f8b78aSgm89044 	    DDI_DMA_SYNC_FORDEV);
26788f8b78aSgm89044 
26888f8b78aSgm89044 	if (dca_check_dma_handle(dca, reqp->dr_ibuf_dmah,
26988f8b78aSgm89044 	    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
27088f8b78aSgm89044 		reqp->destroy = TRUE;
27188f8b78aSgm89044 		rv = CRYPTO_DEVICE_ERROR;
27288f8b78aSgm89044 		goto errout;
27388f8b78aSgm89044 	}
27488f8b78aSgm89044 
27588f8b78aSgm89044 	reqp->dr_in = data;
27688f8b78aSgm89044 	reqp->dr_out = sig;
27788f8b78aSgm89044 	reqp->dr_kcf_req = req;
27888f8b78aSgm89044 	reqp->dr_flags |= DR_SCATTER | DR_GATHER;
27988f8b78aSgm89044 	reqp->dr_callback = dca_dsa_verify_done;
28088f8b78aSgm89044 
28188f8b78aSgm89044 	/*
28288f8b78aSgm89044 	 * Input requires three buffers.  m, followed by r, followed by s.
28388f8b78aSgm89044 	 * In order to deal with things cleanly, we reverse the signature
28488f8b78aSgm89044 	 * into the buffer and then fix up the pointers.
28588f8b78aSgm89044 	 */
28688f8b78aSgm89044 	reqp->dr_pkt_length = SHA1LEN;
28788f8b78aSgm89044 
28888f8b78aSgm89044 	reqp->dr_in_paddr = reqp->dr_ibuf_paddr;
28988f8b78aSgm89044 	reqp->dr_in_len = SHA1LEN;
29088f8b78aSgm89044 	reqp->dr_in_next = reqp->dr_ctx_paddr + reqp->dr_offset;
29188f8b78aSgm89044 
29288f8b78aSgm89044 	reqp->dr_out_paddr = reqp->dr_obuf_paddr;
29388f8b78aSgm89044 	reqp->dr_out_len = DSAPARTLEN;
29488f8b78aSgm89044 	reqp->dr_out_next = 0;
29588f8b78aSgm89044 
29688f8b78aSgm89044 	/* setup 1st chain for r */
29788f8b78aSgm89044 	kaddr = reqp->dr_ctx_kaddr + reqp->dr_offset;
29888f8b78aSgm89044 	PUTDESC32(reqp, kaddr, DESC_BUFADDR, reqp->dr_ibuf_paddr + SHA1LEN);
29988f8b78aSgm89044 	PUTDESC32(reqp, kaddr, DESC_NEXT,
30088f8b78aSgm89044 	    reqp->dr_ctx_paddr + reqp->dr_offset + DESC_SIZE);
30188f8b78aSgm89044 	PUTDESC16(reqp, kaddr, DESC_RSVD, 0);
30288f8b78aSgm89044 	PUTDESC16(reqp, kaddr, DESC_LENGTH, DSAPARTLEN);
30388f8b78aSgm89044 
30488f8b78aSgm89044 	/* and 2nd chain for s */
30588f8b78aSgm89044 	kaddr = reqp->dr_ctx_kaddr + reqp->dr_offset + DESC_SIZE;
30688f8b78aSgm89044 	PUTDESC32(reqp, kaddr, DESC_BUFADDR, reqp->dr_ibuf_paddr +
30788f8b78aSgm89044 	    SHA1LEN + DSAPARTLEN);
30888f8b78aSgm89044 	PUTDESC32(reqp, kaddr, DESC_NEXT, 0);
30988f8b78aSgm89044 	PUTDESC16(reqp, kaddr, DESC_RSVD, 0);
31088f8b78aSgm89044 	PUTDESC16(reqp, kaddr, DESC_LENGTH, DSAPARTLEN);
31188f8b78aSgm89044 
31288f8b78aSgm89044 	/* schedule the work by doing a submit */
31388f8b78aSgm89044 	rv = dca_start(dca, reqp, MCR2, 1);
31488f8b78aSgm89044 
31588f8b78aSgm89044 errout:
31688f8b78aSgm89044 	if (rv != CRYPTO_QUEUED && rv != CRYPTO_BUFFER_TOO_SMALL) {
31788f8b78aSgm89044 		(void) dca_free_context(ctx);
31888f8b78aSgm89044 	}
31988f8b78aSgm89044 	return (rv);
32088f8b78aSgm89044 }
32188f8b78aSgm89044 
32288f8b78aSgm89044 static void
dca_dsa_verify_done(dca_request_t * reqp,int errno)32388f8b78aSgm89044 dca_dsa_verify_done(dca_request_t *reqp, int errno)
32488f8b78aSgm89044 {
32588f8b78aSgm89044 	if (errno == CRYPTO_SUCCESS) {
32688f8b78aSgm89044 		int		count = DSAPARTLEN;
32788f8b78aSgm89044 		crypto_data_t	*sig = reqp->dr_out;
32888f8b78aSgm89044 		caddr_t		daddr;
32988f8b78aSgm89044 
33088f8b78aSgm89044 		(void) ddi_dma_sync(reqp->dr_obuf_dmah, 0, count,
33188f8b78aSgm89044 		    DDI_DMA_SYNC_FORKERNEL);
33288f8b78aSgm89044 		if (dca_check_dma_handle(reqp->dr_dca, reqp->dr_obuf_dmah,
33388f8b78aSgm89044 		    DCA_FM_ECLASS_NONE) != DDI_SUCCESS) {
33488f8b78aSgm89044 			reqp->destroy = TRUE;
33588f8b78aSgm89044 			errno = CRYPTO_DEVICE_ERROR;
33688f8b78aSgm89044 			goto errout;
33788f8b78aSgm89044 		}
33888f8b78aSgm89044 
33988f8b78aSgm89044 		/* Can only handle a contiguous data buffer currently. */
34088f8b78aSgm89044 		if (dca_sgcheck(reqp->dr_dca, sig, DCA_SG_CONTIG)) {
34188f8b78aSgm89044 			errno = CRYPTO_SIGNATURE_INVALID;
34288f8b78aSgm89044 			goto errout;
34388f8b78aSgm89044 		}
34488f8b78aSgm89044 
34588f8b78aSgm89044 		if ((daddr = dca_bufdaddr(sig)) == NULL) {
34688f8b78aSgm89044 			errno = CRYPTO_ARGUMENTS_BAD;
34788f8b78aSgm89044 			goto errout;
34888f8b78aSgm89044 		}
34988f8b78aSgm89044 
35088f8b78aSgm89044 		if (dca_bcmp_reverse(daddr, reqp->dr_obuf_kaddr,
35188f8b78aSgm89044 		    DSAPARTLEN) != 0) {
35288f8b78aSgm89044 			/* VERIFY FAILED */
35388f8b78aSgm89044 			errno = CRYPTO_SIGNATURE_INVALID;
35488f8b78aSgm89044 		}
35588f8b78aSgm89044 	}
35688f8b78aSgm89044 errout:
35788f8b78aSgm89044 	ASSERT(reqp->dr_kcf_req != NULL);
35888f8b78aSgm89044 
35988f8b78aSgm89044 	/* notify framework that request is completed */
36088f8b78aSgm89044 
36188f8b78aSgm89044 	crypto_op_notification(reqp->dr_kcf_req, errno);
36288f8b78aSgm89044 	DBG(reqp->dr_dca, DINTR,
36388f8b78aSgm89044 	    "dca_dsa_verify_done: rtn 0x%x to kef via crypto_op_notification",
36488f8b78aSgm89044 	    errno);
36588f8b78aSgm89044 
36688f8b78aSgm89044 	/*
36788f8b78aSgm89044 	 * For non-atomic operations, reqp will be freed in the kCF
36888f8b78aSgm89044 	 * callback function since it may be needed again if
36988f8b78aSgm89044 	 * CRYPTO_BUFFER_TOO_SMALL is returned to kCF
37088f8b78aSgm89044 	 */
37188f8b78aSgm89044 	if (reqp->dr_ctx.atomic) {
37288f8b78aSgm89044 		crypto_ctx_t ctx;
37388f8b78aSgm89044 		ctx.cc_provider_private = reqp;
37488f8b78aSgm89044 		dca_dsactxfree(&ctx);
37588f8b78aSgm89044 	}
37688f8b78aSgm89044 }
37788f8b78aSgm89044 
37888f8b78aSgm89044 /* ARGSUSED */
37988f8b78aSgm89044 int
dca_dsainit(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,int kmflag,int mode)38088f8b78aSgm89044 dca_dsainit(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
38188f8b78aSgm89044     crypto_key_t *key, int kmflag, int mode)
38288f8b78aSgm89044 {
38388f8b78aSgm89044 	crypto_object_attribute_t	*attr;
38488f8b78aSgm89044 	unsigned			plen = 0, qlen = 0, glen = 0, xlen = 0;
38588f8b78aSgm89044 	uchar_t				*p, *q, *g, *x;
38688f8b78aSgm89044 	dca_request_t			*reqp = NULL;
38788f8b78aSgm89044 	dca_t				*dca = (dca_t *)ctx->cc_provider;
38888f8b78aSgm89044 	int				rv = CRYPTO_SUCCESS;
38988f8b78aSgm89044 	unsigned			pbits, padjlen;
39088f8b78aSgm89044 	uint16_t			ctxlen;
39188f8b78aSgm89044 	caddr_t				kaddr;
39288f8b78aSgm89044 
39388f8b78aSgm89044 	if ((reqp = dca_getreq(dca, MCR2, 1)) == NULL) {
39488f8b78aSgm89044 		dca_error(dca,
39588f8b78aSgm89044 		    "dca_dsainit: unable to allocate request for DSA");
39688f8b78aSgm89044 		rv = CRYPTO_HOST_MEMORY;
39788f8b78aSgm89044 		goto errout;
39888f8b78aSgm89044 	}
39988f8b78aSgm89044 
40088f8b78aSgm89044 	ctx->cc_provider_private = reqp;
40188f8b78aSgm89044 	reqp->dr_ctx.ctx_cm_type = mechanism->cm_type;
40288f8b78aSgm89044 
40388f8b78aSgm89044 	if ((attr = dca_get_key_attr(key)) == NULL) {
40488f8b78aSgm89044 		DBG(NULL, DWARN, "dca_dsainit: key attributes missing");
40588f8b78aSgm89044 		rv = CRYPTO_KEY_TYPE_INCONSISTENT;
40688f8b78aSgm89044 		goto errout;
40788f8b78aSgm89044 	}
40888f8b78aSgm89044 
40988f8b78aSgm89044 	/* Prime */
41088f8b78aSgm89044 	if (dca_attr_lookup_uint8_array(attr, key->ck_count, CKA_PRIME,
41188f8b78aSgm89044 	    (void *) &p, &plen)) {
41288f8b78aSgm89044 		DBG(NULL, DWARN, "dca_dsainit: prime key value not present");
41388f8b78aSgm89044 		rv = CRYPTO_ARGUMENTS_BAD;
41488f8b78aSgm89044 		goto errout;
41588f8b78aSgm89044 	}
41688f8b78aSgm89044 
41788f8b78aSgm89044 	/* Subprime */
41888f8b78aSgm89044 	if (dca_attr_lookup_uint8_array(attr, key->ck_count, CKA_SUBPRIME,
41988f8b78aSgm89044 	    (void *) &q, &qlen)) {
42088f8b78aSgm89044 		DBG(NULL, DWARN, "dca_dsainit: subprime key value not present");
42188f8b78aSgm89044 		rv = CRYPTO_ARGUMENTS_BAD;
42288f8b78aSgm89044 		goto errout;
42388f8b78aSgm89044 	}
42488f8b78aSgm89044 
42588f8b78aSgm89044 	/* Base */
42688f8b78aSgm89044 	if (dca_attr_lookup_uint8_array(attr, key->ck_count, CKA_BASE,
42788f8b78aSgm89044 	    (void *) &g, &glen)) {
42888f8b78aSgm89044 		DBG(NULL, DWARN, "dca_dsainit: base key value not present");
42988f8b78aSgm89044 		rv = CRYPTO_ARGUMENTS_BAD;
43088f8b78aSgm89044 		goto errout;
43188f8b78aSgm89044 	}
43288f8b78aSgm89044 
43388f8b78aSgm89044 	/* Value */
43488f8b78aSgm89044 	if (dca_attr_lookup_uint8_array(attr, key->ck_count, CKA_VALUE,
43588f8b78aSgm89044 	    (void *) &x, &xlen)) {
43688f8b78aSgm89044 		DBG(NULL, DWARN, "dca_dsainit: value key not present");
43788f8b78aSgm89044 		rv = CRYPTO_ARGUMENTS_BAD;
43888f8b78aSgm89044 		goto errout;
43988f8b78aSgm89044 	}
44088f8b78aSgm89044 
44188f8b78aSgm89044 	if (plen == 0 || qlen == 0 || glen == 0 || xlen == 0) {
44288f8b78aSgm89044 		rv = CRYPTO_ARGUMENTS_BAD;
44388f8b78aSgm89044 		goto errout;
44488f8b78aSgm89044 	}
44588f8b78aSgm89044 
44688f8b78aSgm89044 	if (plen > DSA_MAX_KEY_LEN) {
44788f8b78aSgm89044 		/* maximum 1Kbit key */
44888f8b78aSgm89044 		DBG(NULL, DWARN, "dca_dsainit: maximum 1Kbit key (%d)", plen);
44988f8b78aSgm89044 		rv = CRYPTO_KEY_SIZE_RANGE;
45088f8b78aSgm89044 		goto errout;
45188f8b78aSgm89044 	}
45288f8b78aSgm89044 
45388f8b78aSgm89044 	if (qlen > DSAPARTLEN) {
45488f8b78aSgm89044 		DBG(NULL, DWARN, "dca_dsainit: q is too long (%d)", qlen);
45588f8b78aSgm89044 		rv = CRYPTO_KEY_SIZE_RANGE;
45688f8b78aSgm89044 		goto errout;
45788f8b78aSgm89044 	}
45888f8b78aSgm89044 
45988f8b78aSgm89044 	if (mode == DCA_DSA_SIGN && xlen > DSAPARTLEN) {
46088f8b78aSgm89044 		DBG(NULL, DWARN,
46188f8b78aSgm89044 		    "dca_dsainit: private key is too long (%d)", xlen);
46288f8b78aSgm89044 		rv = CRYPTO_KEY_SIZE_RANGE;
46388f8b78aSgm89044 		goto errout;
46488f8b78aSgm89044 	}
46588f8b78aSgm89044 
46688f8b78aSgm89044 	/*
46788f8b78aSgm89044 	 * Setup the key partion of the request.
46888f8b78aSgm89044 	 */
46988f8b78aSgm89044 
47088f8b78aSgm89044 	pbits = dca_bitlen(p, plen);
47188f8b78aSgm89044 	padjlen = dca_padfull(pbits);
47288f8b78aSgm89044 
47388f8b78aSgm89044 	/* accounts for leading context words */
47488f8b78aSgm89044 	if (mode == DCA_DSA_SIGN) {
47588f8b78aSgm89044 		ctxlen = CTX_DSABIGNUMS + DSAPARTLEN + (padjlen * 2) +
47688f8b78aSgm89044 		    DSAPARTLEN;
47788f8b78aSgm89044 		PUTCTX16(reqp, CTX_CMD, CMD_DSASIGN);
47888f8b78aSgm89044 	} else {
47988f8b78aSgm89044 		ctxlen = CTX_DSABIGNUMS + DSAPARTLEN + (padjlen * 3);
48088f8b78aSgm89044 		PUTCTX16(reqp, CTX_CMD, CMD_DSAVERIFY);
48188f8b78aSgm89044 	}
48288f8b78aSgm89044 
48388f8b78aSgm89044 	PUTCTX16(reqp, CTX_LENGTH, ctxlen);
48488f8b78aSgm89044 	PUTCTX16(reqp, CTX_DSAMSGTYPE, CTX_DSAMSGTYPE_SHA1);
48588f8b78aSgm89044 	PUTCTX16(reqp, CTX_DSARSVD, 0);
48688f8b78aSgm89044 	if (mode == DCA_DSA_SIGN)
48788f8b78aSgm89044 		PUTCTX16(reqp, CTX_DSARNG, CTX_DSARNG_GEN);
48888f8b78aSgm89044 	else
48988f8b78aSgm89044 		PUTCTX16(reqp, CTX_DSARNG, 0);
49088f8b78aSgm89044 	PUTCTX16(reqp, CTX_DSAPLEN, pbits);
49188f8b78aSgm89044 
49288f8b78aSgm89044 	kaddr = reqp->dr_ctx_kaddr + CTX_DSABIGNUMS;
49388f8b78aSgm89044 
49488f8b78aSgm89044 	/* store the bignums */
49588f8b78aSgm89044 	dca_reverse(q, kaddr, qlen, DSAPARTLEN);
49688f8b78aSgm89044 	kaddr += DSAPARTLEN;
49788f8b78aSgm89044 
49888f8b78aSgm89044 	dca_reverse(p, kaddr, plen, padjlen);
49988f8b78aSgm89044 	kaddr += padjlen;
50088f8b78aSgm89044 
50188f8b78aSgm89044 	dca_reverse(g, kaddr, glen, padjlen);
50288f8b78aSgm89044 	kaddr += padjlen;
50388f8b78aSgm89044 
50488f8b78aSgm89044 	if (mode == DCA_DSA_SIGN) {
50588f8b78aSgm89044 		dca_reverse(x, kaddr, xlen, DSAPARTLEN);
50688f8b78aSgm89044 		kaddr += DSAPARTLEN;
50788f8b78aSgm89044 	} else {
50888f8b78aSgm89044 		dca_reverse(x, kaddr, xlen, padjlen);
50988f8b78aSgm89044 		kaddr += padjlen;
51088f8b78aSgm89044 	}
51188f8b78aSgm89044 
51288f8b78aSgm89044 	return (CRYPTO_SUCCESS);
51388f8b78aSgm89044 
51488f8b78aSgm89044 errout:
51588f8b78aSgm89044 
51688f8b78aSgm89044 	dca_dsactxfree(ctx);
51788f8b78aSgm89044 	return (rv);
51888f8b78aSgm89044 }
51988f8b78aSgm89044 
52088f8b78aSgm89044 void
dca_dsactxfree(void * arg)52188f8b78aSgm89044 dca_dsactxfree(void *arg)
52288f8b78aSgm89044 {
52388f8b78aSgm89044 	crypto_ctx_t	*ctx = (crypto_ctx_t *)arg;
52488f8b78aSgm89044 	dca_request_t	*reqp = ctx->cc_provider_private;
52588f8b78aSgm89044 
52688f8b78aSgm89044 	if (reqp == NULL)
52788f8b78aSgm89044 		return;
52888f8b78aSgm89044 
52988f8b78aSgm89044 	reqp->dr_ctx.ctx_cm_type = 0;
53088f8b78aSgm89044 	reqp->dr_ctx.atomic = 0;
53188f8b78aSgm89044 	if (reqp->destroy)
53288f8b78aSgm89044 		dca_destroyreq(reqp);
53388f8b78aSgm89044 	else
53488f8b78aSgm89044 		dca_freereq(reqp);
53588f8b78aSgm89044 
53688f8b78aSgm89044 	ctx->cc_provider_private = NULL;
53788f8b78aSgm89044 }
53888f8b78aSgm89044 
53988f8b78aSgm89044 int
dca_dsaatomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * sig,int kmflag,crypto_req_handle_t req,int mode)54088f8b78aSgm89044 dca_dsaatomic(crypto_provider_handle_t provider,
54188f8b78aSgm89044     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
54288f8b78aSgm89044     crypto_key_t *key, crypto_data_t *data, crypto_data_t *sig,
54388f8b78aSgm89044     int kmflag, crypto_req_handle_t req, int mode)
54488f8b78aSgm89044 {
54588f8b78aSgm89044 	crypto_ctx_t	ctx;	/* on the stack */
54688f8b78aSgm89044 	int		rv;
54788f8b78aSgm89044 
54888f8b78aSgm89044 	ctx.cc_provider = provider;
54988f8b78aSgm89044 	ctx.cc_session = session_id;
55088f8b78aSgm89044 
55188f8b78aSgm89044 	rv = dca_dsainit(&ctx, mechanism, key, kmflag, mode);
55288f8b78aSgm89044 	if (rv != CRYPTO_SUCCESS) {
55388f8b78aSgm89044 		DBG(NULL, DWARN, "dca_dsaatomic: dca_dsainit() failed");
55488f8b78aSgm89044 		return (rv);
55588f8b78aSgm89044 	}
55688f8b78aSgm89044 
55788f8b78aSgm89044 	/*
55888f8b78aSgm89044 	 * Set the atomic flag so that the hardware callback function
55988f8b78aSgm89044 	 * will free the context.
56088f8b78aSgm89044 	 */
56188f8b78aSgm89044 	((dca_request_t *)ctx.cc_provider_private)->dr_ctx.atomic = 1;
56288f8b78aSgm89044 
56388f8b78aSgm89044 	if (mode == DCA_DSA_SIGN) {
56488f8b78aSgm89044 		rv = dca_dsa_sign(&ctx, data, sig, req);
56588f8b78aSgm89044 	} else {
56688f8b78aSgm89044 		ASSERT(mode == DCA_DSA_VRFY);
56788f8b78aSgm89044 		rv = dca_dsa_verify(&ctx, data, sig, req);
56888f8b78aSgm89044 	}
56988f8b78aSgm89044 
57088f8b78aSgm89044 	/*
57188f8b78aSgm89044 	 * The context will be freed in the hardware callback function if it
57288f8b78aSgm89044 	 * is queued
57388f8b78aSgm89044 	 */
57488f8b78aSgm89044 	if (rv != CRYPTO_QUEUED)
57588f8b78aSgm89044 		dca_dsactxfree(&ctx);
57688f8b78aSgm89044 
57788f8b78aSgm89044 	return (rv);
57888f8b78aSgm89044 }
579