Commit 6889621f authored by Salvatore Benedetto's avatar Salvatore Benedetto Committed by Herbert Xu

crypto: qat - Switch to new rsa_helper functions

Drop all asn1 related code and use the new rsa_helper
functions rsa_parse_[pub|priv]_key for parsing the key
Signed-off-by: default avatarSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 6dd7a82c
...@@ -5,11 +5,11 @@ config CRYPTO_DEV_QAT ...@@ -5,11 +5,11 @@ config CRYPTO_DEV_QAT
select CRYPTO_BLKCIPHER select CRYPTO_BLKCIPHER
select CRYPTO_AKCIPHER select CRYPTO_AKCIPHER
select CRYPTO_HMAC select CRYPTO_HMAC
select CRYPTO_RSA
select CRYPTO_SHA1 select CRYPTO_SHA1
select CRYPTO_SHA256 select CRYPTO_SHA256
select CRYPTO_SHA512 select CRYPTO_SHA512
select FW_LOADER select FW_LOADER
select ASN1
config CRYPTO_DEV_QAT_DH895xCC config CRYPTO_DEV_QAT_DH895xCC
tristate "Support for Intel(R) DH895xCC" tristate "Support for Intel(R) DH895xCC"
......
$(obj)/qat_rsapubkey-asn1.o: $(obj)/qat_rsapubkey-asn1.c \
$(obj)/qat_rsapubkey-asn1.h
$(obj)/qat_rsaprivkey-asn1.o: $(obj)/qat_rsaprivkey-asn1.c \
$(obj)/qat_rsaprivkey-asn1.h
clean-files += qat_rsapubkey-asn1.c qat_rsapubkey-asn1.h
clean-files += qat_rsaprivkey-asn1.c qat_rsaprivkey-asn1.h
obj-$(CONFIG_CRYPTO_DEV_QAT) += intel_qat.o obj-$(CONFIG_CRYPTO_DEV_QAT) += intel_qat.o
intel_qat-objs := adf_cfg.o \ intel_qat-objs := adf_cfg.o \
adf_isr.o \ adf_isr.o \
...@@ -19,8 +11,6 @@ intel_qat-objs := adf_cfg.o \ ...@@ -19,8 +11,6 @@ intel_qat-objs := adf_cfg.o \
adf_hw_arbiter.o \ adf_hw_arbiter.o \
qat_crypto.o \ qat_crypto.o \
qat_algs.o \ qat_algs.o \
qat_rsapubkey-asn1.o \
qat_rsaprivkey-asn1.o \
qat_asym_algs.o \ qat_asym_algs.o \
qat_uclo.o \ qat_uclo.o \
qat_hal.o qat_hal.o
......
...@@ -52,8 +52,6 @@ ...@@ -52,8 +52,6 @@
#include <linux/dma-mapping.h> #include <linux/dma-mapping.h>
#include <linux/fips.h> #include <linux/fips.h>
#include <crypto/scatterwalk.h> #include <crypto/scatterwalk.h>
#include "qat_rsapubkey-asn1.h"
#include "qat_rsaprivkey-asn1.h"
#include "icp_qat_fw_pke.h" #include "icp_qat_fw_pke.h"
#include "adf_accel_devices.h" #include "adf_accel_devices.h"
#include "adf_transport.h" #include "adf_transport.h"
...@@ -502,10 +500,8 @@ static int qat_rsa_dec(struct akcipher_request *req) ...@@ -502,10 +500,8 @@ static int qat_rsa_dec(struct akcipher_request *req)
return ret; return ret;
} }
int qat_rsa_get_n(void *context, size_t hdrlen, unsigned char tag, int qat_rsa_set_n(struct qat_rsa_ctx *ctx, const char *value, size_t vlen)
const void *value, size_t vlen)
{ {
struct qat_rsa_ctx *ctx = context;
struct qat_crypto_instance *inst = ctx->inst; struct qat_crypto_instance *inst = ctx->inst;
struct device *dev = &GET_DEV(inst->accel_dev); struct device *dev = &GET_DEV(inst->accel_dev);
const char *ptr = value; const char *ptr = value;
...@@ -518,11 +514,6 @@ int qat_rsa_get_n(void *context, size_t hdrlen, unsigned char tag, ...@@ -518,11 +514,6 @@ int qat_rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
ctx->key_sz = vlen; ctx->key_sz = vlen;
ret = -EINVAL; ret = -EINVAL;
/* In FIPS mode only allow key size 2K & 3K */
if (fips_enabled && (ctx->key_sz != 256 && ctx->key_sz != 384)) {
pr_err("QAT: RSA: key size not allowed in FIPS mode\n");
goto err;
}
/* invalid key size provided */ /* invalid key size provided */
if (!qat_rsa_enc_fn_id(ctx->key_sz)) if (!qat_rsa_enc_fn_id(ctx->key_sz))
goto err; goto err;
...@@ -540,10 +531,8 @@ int qat_rsa_get_n(void *context, size_t hdrlen, unsigned char tag, ...@@ -540,10 +531,8 @@ int qat_rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
return ret; return ret;
} }
int qat_rsa_get_e(void *context, size_t hdrlen, unsigned char tag, int qat_rsa_set_e(struct qat_rsa_ctx *ctx, const char *value, size_t vlen)
const void *value, size_t vlen)
{ {
struct qat_rsa_ctx *ctx = context;
struct qat_crypto_instance *inst = ctx->inst; struct qat_crypto_instance *inst = ctx->inst;
struct device *dev = &GET_DEV(inst->accel_dev); struct device *dev = &GET_DEV(inst->accel_dev);
const char *ptr = value; const char *ptr = value;
...@@ -559,18 +548,15 @@ int qat_rsa_get_e(void *context, size_t hdrlen, unsigned char tag, ...@@ -559,18 +548,15 @@ int qat_rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
} }
ctx->e = dma_zalloc_coherent(dev, ctx->key_sz, &ctx->dma_e, GFP_KERNEL); ctx->e = dma_zalloc_coherent(dev, ctx->key_sz, &ctx->dma_e, GFP_KERNEL);
if (!ctx->e) { if (!ctx->e)
ctx->e = NULL;
return -ENOMEM; return -ENOMEM;
}
memcpy(ctx->e + (ctx->key_sz - vlen), ptr, vlen); memcpy(ctx->e + (ctx->key_sz - vlen), ptr, vlen);
return 0; return 0;
} }
int qat_rsa_get_d(void *context, size_t hdrlen, unsigned char tag, int qat_rsa_set_d(struct qat_rsa_ctx *ctx, const char *value, size_t vlen)
const void *value, size_t vlen)
{ {
struct qat_rsa_ctx *ctx = context;
struct qat_crypto_instance *inst = ctx->inst; struct qat_crypto_instance *inst = ctx->inst;
struct device *dev = &GET_DEV(inst->accel_dev); struct device *dev = &GET_DEV(inst->accel_dev);
const char *ptr = value; const char *ptr = value;
...@@ -585,12 +571,6 @@ int qat_rsa_get_d(void *context, size_t hdrlen, unsigned char tag, ...@@ -585,12 +571,6 @@ int qat_rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
if (!ctx->key_sz || !vlen || vlen > ctx->key_sz) if (!ctx->key_sz || !vlen || vlen > ctx->key_sz)
goto err; goto err;
/* In FIPS mode only allow key size 2K & 3K */
if (fips_enabled && (vlen != 256 && vlen != 384)) {
pr_err("QAT: RSA: key size not allowed in FIPS mode\n");
goto err;
}
ret = -ENOMEM; ret = -ENOMEM;
ctx->d = dma_zalloc_coherent(dev, ctx->key_sz, &ctx->dma_d, GFP_KERNEL); ctx->d = dma_zalloc_coherent(dev, ctx->key_sz, &ctx->dma_d, GFP_KERNEL);
if (!ctx->d) if (!ctx->d)
...@@ -608,6 +588,7 @@ static int qat_rsa_setkey(struct crypto_akcipher *tfm, const void *key, ...@@ -608,6 +588,7 @@ static int qat_rsa_setkey(struct crypto_akcipher *tfm, const void *key,
{ {
struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm); struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
struct device *dev = &GET_DEV(ctx->inst->accel_dev); struct device *dev = &GET_DEV(ctx->inst->accel_dev);
struct rsa_key rsa_key;
int ret; int ret;
/* Free the old key if any */ /* Free the old key if any */
...@@ -625,14 +606,24 @@ static int qat_rsa_setkey(struct crypto_akcipher *tfm, const void *key, ...@@ -625,14 +606,24 @@ static int qat_rsa_setkey(struct crypto_akcipher *tfm, const void *key,
ctx->d = NULL; ctx->d = NULL;
if (private) if (private)
ret = asn1_ber_decoder(&qat_rsaprivkey_decoder, ctx, key, ret = rsa_parse_priv_key(&rsa_key, key, keylen);
keylen);
else else
ret = asn1_ber_decoder(&qat_rsapubkey_decoder, ctx, key, ret = rsa_parse_pub_key(&rsa_key, key, keylen);
keylen);
if (ret < 0) if (ret < 0)
goto free; goto free;
ret = qat_rsa_set_n(ctx, rsa_key.n, rsa_key.n_sz);
if (ret < 0)
goto free;
ret = qat_rsa_set_e(ctx, rsa_key.e, rsa_key.e_sz);
if (ret < 0)
goto free;
if (private) {
ret = qat_rsa_set_d(ctx, rsa_key.d, rsa_key.d_sz);
if (ret < 0)
goto free;
}
if (!ctx->n || !ctx->e) { if (!ctx->n || !ctx->e) {
/* invalid key provided */ /* invalid key provided */
ret = -EINVAL; ret = -EINVAL;
......
RsaPrivKey ::= SEQUENCE {
version INTEGER,
n INTEGER ({ qat_rsa_get_n }),
e INTEGER ({ qat_rsa_get_e }),
d INTEGER ({ qat_rsa_get_d }),
prime1 INTEGER,
prime2 INTEGER,
exponent1 INTEGER,
exponent2 INTEGER,
coefficient INTEGER
}
RsaPubKey ::= SEQUENCE {
n INTEGER ({ qat_rsa_get_n }),
e INTEGER ({ qat_rsa_get_e })
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment