1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AMD Cryptographic Coprocessor (CCP) RSA crypto API support 4 * 5 * Copyright (C) 2017 Advanced Micro Devices, Inc. 6 * 7 * Author: Gary R Hook <gary.hook@amd.com> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/sched.h> 12 #include <linux/scatterlist.h> 13 #include <linux/string.h> 14 #include <linux/crypto.h> 15 #include <crypto/algapi.h> 16 #include <crypto/internal/rsa.h> 17 #include <crypto/internal/akcipher.h> 18 #include <crypto/akcipher.h> 19 #include <crypto/scatterwalk.h> 20 21 #include "ccp-crypto.h" 22 23 static inline struct akcipher_request *akcipher_request_cast( 24 struct crypto_async_request *req) 25 { 26 return container_of(req, struct akcipher_request, base); 27 } 28 29 static inline int ccp_copy_and_save_keypart(u8 **kpbuf, unsigned int *kplen, 30 const u8 *buf, size_t sz) 31 { 32 int nskip; 33 34 for (nskip = 0; nskip < sz; nskip++) 35 if (buf[nskip]) 36 break; 37 *kplen = sz - nskip; 38 *kpbuf = kmemdup(buf + nskip, *kplen, GFP_KERNEL); 39 if (!*kpbuf) 40 return -ENOMEM; 41 42 return 0; 43 } 44 45 static int ccp_rsa_complete(struct crypto_async_request *async_req, int ret) 46 { 47 struct akcipher_request *req = akcipher_request_cast(async_req); 48 struct ccp_rsa_req_ctx *rctx = akcipher_request_ctx_dma(req); 49 50 if (ret) 51 return ret; 52 53 req->dst_len = rctx->cmd.u.rsa.key_size >> 3; 54 55 return 0; 56 } 57 58 static unsigned int ccp_rsa_maxsize(struct crypto_akcipher *tfm) 59 { 60 struct ccp_ctx *ctx = akcipher_tfm_ctx_dma(tfm); 61 62 return ctx->u.rsa.n_len; 63 } 64 65 static int ccp_rsa_crypt(struct akcipher_request *req, bool encrypt) 66 { 67 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 68 struct ccp_ctx *ctx = akcipher_tfm_ctx_dma(tfm); 69 struct ccp_rsa_req_ctx *rctx = akcipher_request_ctx_dma(req); 70 int ret = 0; 71 72 memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 73 INIT_LIST_HEAD(&rctx->cmd.entry); 74 rctx->cmd.engine = CCP_ENGINE_RSA; 75 76 rctx->cmd.u.rsa.key_size = ctx->u.rsa.key_len; /* in bits */ 77 if (encrypt) { 78 rctx->cmd.u.rsa.exp = &ctx->u.rsa.e_sg; 79 rctx->cmd.u.rsa.exp_len = ctx->u.rsa.e_len; 80 } else { 81 rctx->cmd.u.rsa.exp = &ctx->u.rsa.d_sg; 82 rctx->cmd.u.rsa.exp_len = ctx->u.rsa.d_len; 83 } 84 rctx->cmd.u.rsa.mod = &ctx->u.rsa.n_sg; 85 rctx->cmd.u.rsa.mod_len = ctx->u.rsa.n_len; 86 rctx->cmd.u.rsa.src = req->src; 87 rctx->cmd.u.rsa.src_len = req->src_len; 88 rctx->cmd.u.rsa.dst = req->dst; 89 90 ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd); 91 92 return ret; 93 } 94 95 static int ccp_rsa_encrypt(struct akcipher_request *req) 96 { 97 return ccp_rsa_crypt(req, true); 98 } 99 100 static int ccp_rsa_decrypt(struct akcipher_request *req) 101 { 102 return ccp_rsa_crypt(req, false); 103 } 104 105 static int ccp_check_key_length(unsigned int len) 106 { 107 /* In bits */ 108 if (len < 8 || len > 4096) 109 return -EINVAL; 110 return 0; 111 } 112 113 static void ccp_rsa_free_key_bufs(struct ccp_ctx *ctx) 114 { 115 /* Clean up old key data */ 116 kfree_sensitive(ctx->u.rsa.e_buf); 117 ctx->u.rsa.e_buf = NULL; 118 ctx->u.rsa.e_len = 0; 119 kfree_sensitive(ctx->u.rsa.n_buf); 120 ctx->u.rsa.n_buf = NULL; 121 ctx->u.rsa.n_len = 0; 122 kfree_sensitive(ctx->u.rsa.d_buf); 123 ctx->u.rsa.d_buf = NULL; 124 ctx->u.rsa.d_len = 0; 125 } 126 127 static int ccp_rsa_setkey(struct crypto_akcipher *tfm, const void *key, 128 unsigned int keylen, bool private) 129 { 130 struct ccp_ctx *ctx = akcipher_tfm_ctx_dma(tfm); 131 struct rsa_key raw_key; 132 int ret; 133 134 ccp_rsa_free_key_bufs(ctx); 135 memset(&raw_key, 0, sizeof(raw_key)); 136 137 /* Code borrowed from crypto/rsa.c */ 138 if (private) 139 ret = rsa_parse_priv_key(&raw_key, key, keylen); 140 else 141 ret = rsa_parse_pub_key(&raw_key, key, keylen); 142 if (ret) 143 goto n_key; 144 145 ret = ccp_copy_and_save_keypart(&ctx->u.rsa.n_buf, &ctx->u.rsa.n_len, 146 raw_key.n, raw_key.n_sz); 147 if (ret) 148 goto key_err; 149 sg_init_one(&ctx->u.rsa.n_sg, ctx->u.rsa.n_buf, ctx->u.rsa.n_len); 150 151 ctx->u.rsa.key_len = ctx->u.rsa.n_len << 3; /* convert to bits */ 152 if (ccp_check_key_length(ctx->u.rsa.key_len)) { 153 ret = -EINVAL; 154 goto key_err; 155 } 156 157 ret = ccp_copy_and_save_keypart(&ctx->u.rsa.e_buf, &ctx->u.rsa.e_len, 158 raw_key.e, raw_key.e_sz); 159 if (ret) 160 goto key_err; 161 sg_init_one(&ctx->u.rsa.e_sg, ctx->u.rsa.e_buf, ctx->u.rsa.e_len); 162 163 if (private) { 164 ret = ccp_copy_and_save_keypart(&ctx->u.rsa.d_buf, 165 &ctx->u.rsa.d_len, 166 raw_key.d, raw_key.d_sz); 167 if (ret) 168 goto key_err; 169 sg_init_one(&ctx->u.rsa.d_sg, 170 ctx->u.rsa.d_buf, ctx->u.rsa.d_len); 171 } 172 173 return 0; 174 175 key_err: 176 ccp_rsa_free_key_bufs(ctx); 177 178 n_key: 179 return ret; 180 } 181 182 static int ccp_rsa_setprivkey(struct crypto_akcipher *tfm, const void *key, 183 unsigned int keylen) 184 { 185 return ccp_rsa_setkey(tfm, key, keylen, true); 186 } 187 188 static int ccp_rsa_setpubkey(struct crypto_akcipher *tfm, const void *key, 189 unsigned int keylen) 190 { 191 return ccp_rsa_setkey(tfm, key, keylen, false); 192 } 193 194 static int ccp_rsa_init_tfm(struct crypto_akcipher *tfm) 195 { 196 struct ccp_ctx *ctx = akcipher_tfm_ctx_dma(tfm); 197 198 akcipher_set_reqsize_dma(tfm, sizeof(struct ccp_rsa_req_ctx)); 199 ctx->complete = ccp_rsa_complete; 200 201 return 0; 202 } 203 204 static void ccp_rsa_exit_tfm(struct crypto_akcipher *tfm) 205 { 206 struct ccp_ctx *ctx = akcipher_tfm_ctx_dma(tfm); 207 208 ccp_rsa_free_key_bufs(ctx); 209 } 210 211 static struct akcipher_alg ccp_rsa_defaults = { 212 .encrypt = ccp_rsa_encrypt, 213 .decrypt = ccp_rsa_decrypt, 214 .set_pub_key = ccp_rsa_setpubkey, 215 .set_priv_key = ccp_rsa_setprivkey, 216 .max_size = ccp_rsa_maxsize, 217 .init = ccp_rsa_init_tfm, 218 .exit = ccp_rsa_exit_tfm, 219 .base = { 220 .cra_name = "rsa", 221 .cra_driver_name = "rsa-ccp", 222 .cra_priority = CCP_CRA_PRIORITY, 223 .cra_module = THIS_MODULE, 224 .cra_ctxsize = 2 * sizeof(struct ccp_ctx) + CRYPTO_DMA_PADDING, 225 }, 226 }; 227 228 struct ccp_rsa_def { 229 unsigned int version; 230 const char *name; 231 const char *driver_name; 232 unsigned int reqsize; 233 struct akcipher_alg *alg_defaults; 234 }; 235 236 static struct ccp_rsa_def rsa_algs[] = { 237 { 238 .version = CCP_VERSION(3, 0), 239 .name = "rsa", 240 .driver_name = "rsa-ccp", 241 .reqsize = sizeof(struct ccp_rsa_req_ctx), 242 .alg_defaults = &ccp_rsa_defaults, 243 } 244 }; 245 246 static int ccp_register_rsa_alg(struct list_head *head, 247 const struct ccp_rsa_def *def) 248 { 249 struct ccp_crypto_akcipher_alg *ccp_alg; 250 struct akcipher_alg *alg; 251 int ret; 252 253 ccp_alg = kzalloc_obj(*ccp_alg); 254 if (!ccp_alg) 255 return -ENOMEM; 256 257 INIT_LIST_HEAD(&ccp_alg->entry); 258 259 alg = &ccp_alg->alg; 260 *alg = *def->alg_defaults; 261 strscpy(alg->base.cra_name, def->name); 262 strscpy(alg->base.cra_driver_name, def->driver_name); 263 ret = crypto_register_akcipher(alg); 264 if (ret) { 265 pr_err("%s akcipher algorithm registration error (%d)\n", 266 alg->base.cra_name, ret); 267 kfree(ccp_alg); 268 return ret; 269 } 270 271 list_add(&ccp_alg->entry, head); 272 273 return 0; 274 } 275 276 int ccp_register_rsa_algs(struct list_head *head) 277 { 278 int i, ret; 279 unsigned int ccpversion = ccp_version(); 280 281 /* Register the RSA algorithm in standard mode 282 * This works for CCP v3 and later 283 */ 284 for (i = 0; i < ARRAY_SIZE(rsa_algs); i++) { 285 if (rsa_algs[i].version > ccpversion) 286 continue; 287 ret = ccp_register_rsa_alg(head, &rsa_algs[i]); 288 if (ret) 289 return ret; 290 } 291 292 return 0; 293 } 294