mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-16 07:35:21 +02:00
25a958e9bf
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13288 3c298f89-4303-0410-b956-a3cf2f4a3e73
1383 lines
43 KiB
C
1383 lines
43 KiB
C
/***************************************************************************
|
|
*
|
|
* This file is provided under a dual BSD/GPLv2 license. When using or
|
|
* redistributing this file, you may do so under either license.
|
|
*
|
|
* GPL LICENSE SUMMARY
|
|
*
|
|
* Copyright(c) 2007,2008 Intel Corporation. All rights reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of version 2 of the GNU General Public License as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
|
|
* The full GNU General Public License is included in this distribution
|
|
* in the file called LICENSE.GPL.
|
|
*
|
|
* Contact Information:
|
|
* Intel Corporation
|
|
*
|
|
* BSD LICENSE
|
|
*
|
|
* Copyright(c) 2007,2008 Intel Corporation. All rights reserved.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
* * Neither the name of Intel Corporation nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
*
|
|
* version: Security.L.1.0.130
|
|
*
|
|
***************************************************************************/
|
|
/*
|
|
* An OCF module that uses the API for Intel® QuickAssist Technology to do the
|
|
* cryptography.
|
|
*
|
|
* This driver requires the ICP Access Library that is available from Intel in
|
|
* order to operate.
|
|
*/
|
|
|
|
#include "icp_ocf.h"
|
|
|
|
/*This is the call back function for all symmetric cryptographic processes.
|
|
Its main functionality is to free driver crypto operation structure and to
|
|
call back to OCF*/
|
|
static void
|
|
icp_ocfDrvSymCallBack(void *callbackTag,
|
|
CpaStatus status,
|
|
const CpaCySymOp operationType,
|
|
void *pOpData,
|
|
CpaBufferList * pDstBuffer, CpaBoolean verifyResult);
|
|
|
|
/*This function is used to extract crypto processing information from the OCF
|
|
inputs, so as that it may be passed onto LAC*/
|
|
static int
|
|
icp_ocfDrvProcessDataSetup(struct icp_drvOpData *drvOpData,
|
|
struct cryptodesc *crp_desc);
|
|
|
|
/*This function checks whether the crp_desc argument pertains to a digest or a
|
|
cipher operation*/
|
|
static int icp_ocfDrvAlgCheck(struct cryptodesc *crp_desc);
|
|
|
|
/*This function copies all the passed in session context information and stores
|
|
it in a LAC context structure*/
|
|
static int
|
|
icp_ocfDrvAlgorithmSetup(struct cryptoini *cri,
|
|
CpaCySymSessionSetupData * lacSessCtx);
|
|
|
|
/*This top level function is used to find a pointer to where a digest is
|
|
stored/needs to be inserted. */
|
|
static uint8_t *icp_ocfDrvDigestPointerFind(struct icp_drvOpData *drvOpData,
|
|
struct cryptodesc *crp_desc);
|
|
|
|
/*This function is called when a digest pointer has to be found within a
|
|
SKBUFF.*/
|
|
static inline uint8_t *icp_ocfDrvSkbuffDigestPointerFind(struct icp_drvOpData
|
|
*drvOpData,
|
|
int offsetInBytes,
|
|
uint32_t
|
|
digestSizeInBytes);
|
|
|
|
/*The following two functions are called if the SKBUFF digest pointer is not
|
|
positioned in the linear portion of the buffer (i.e. it is in a linked SKBUFF
|
|
or page fragment).*/
|
|
/*This function takes care of the page fragment case.*/
|
|
static inline uint8_t *icp_ocfDrvDigestSkbNRFragsCheck(struct sk_buff *skb,
|
|
struct skb_shared_info
|
|
*skb_shared,
|
|
int offsetInBytes,
|
|
uint32_t
|
|
digestSizeInBytes);
|
|
|
|
/*This function takes care of the linked list case.*/
|
|
static inline uint8_t *icp_ocfDrvDigestSkbFragListCheck(struct sk_buff *skb,
|
|
struct skb_shared_info
|
|
*skb_shared,
|
|
int offsetInBytes,
|
|
uint32_t
|
|
digestSizeInBytes);
|
|
|
|
/*This function is used to free an OCF->OCF_DRV session object*/
|
|
static void icp_ocfDrvFreeOCFSession(struct icp_drvSessionData *sessionData);
|
|
|
|
/*max IOV buffs supported in a UIO structure*/
|
|
#define NUM_IOV_SUPPORTED (1)
|
|
|
|
/* Name : icp_ocfDrvSymCallBack
|
|
*
|
|
* Description : When this function returns it signifies that the LAC
|
|
* component has completed the relevant symmetric operation.
|
|
*
|
|
* Notes : The callbackTag is a pointer to an icp_drvOpData. This memory
|
|
* object was passed to LAC for the cryptographic processing and contains all
|
|
* the relevant information for cleaning up buffer handles etc. so that the
|
|
* OCF Tolapai Driver portion of this crypto operation can be fully completed.
|
|
*/
|
|
static void
|
|
icp_ocfDrvSymCallBack(void *callbackTag,
|
|
CpaStatus status,
|
|
const CpaCySymOp operationType,
|
|
void *pOpData,
|
|
CpaBufferList * pDstBuffer, CpaBoolean verifyResult)
|
|
{
|
|
struct cryptop *crp = NULL;
|
|
struct icp_drvOpData *temp_drvOpData =
|
|
(struct icp_drvOpData *)callbackTag;
|
|
uint64_t *tempBasePtr = NULL;
|
|
uint32_t tempLen = 0;
|
|
|
|
if (NULL == temp_drvOpData) {
|
|
DPRINTK("%s(): The callback from the LAC component"
|
|
" has failed due to Null userOpaque data"
|
|
"(status == %d).\n", __FUNCTION__, status);
|
|
DPRINTK("%s(): Unable to call OCF back! \n", __FUNCTION__);
|
|
return;
|
|
}
|
|
|
|
crp = temp_drvOpData->crp;
|
|
crp->crp_etype = ICP_OCF_DRV_NO_CRYPTO_PROCESS_ERROR;
|
|
|
|
if (NULL == pOpData) {
|
|
DPRINTK("%s(): The callback from the LAC component"
|
|
" has failed due to Null Symmetric Op data"
|
|
"(status == %d).\n", __FUNCTION__, status);
|
|
crp->crp_etype = ECANCELED;
|
|
crypto_done(crp);
|
|
return;
|
|
}
|
|
|
|
if (NULL == pDstBuffer) {
|
|
DPRINTK("%s(): The callback from the LAC component"
|
|
" has failed due to Null Dst Bufferlist data"
|
|
"(status == %d).\n", __FUNCTION__, status);
|
|
crp->crp_etype = ECANCELED;
|
|
crypto_done(crp);
|
|
return;
|
|
}
|
|
|
|
if (CPA_STATUS_SUCCESS == status) {
|
|
|
|
if (temp_drvOpData->bufferType == CRYPTO_F_SKBUF) {
|
|
if (ICP_OCF_DRV_STATUS_SUCCESS !=
|
|
icp_ocfDrvBufferListToSkBuff(pDstBuffer,
|
|
(struct sk_buff **)
|
|
&(crp->crp_buf))) {
|
|
EPRINTK("%s(): BufferList to SkBuff "
|
|
"conversion error.\n", __FUNCTION__);
|
|
crp->crp_etype = EPERM;
|
|
}
|
|
} else {
|
|
icp_ocfDrvBufferListToPtrAndLen(pDstBuffer,
|
|
(void **)&tempBasePtr,
|
|
&tempLen);
|
|
crp->crp_olen = (int)tempLen;
|
|
}
|
|
|
|
} else {
|
|
DPRINTK("%s(): The callback from the LAC component has failed"
|
|
"(status == %d).\n", __FUNCTION__, status);
|
|
|
|
crp->crp_etype = ECANCELED;
|
|
}
|
|
|
|
if (temp_drvOpData->numBufferListArray >
|
|
ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS) {
|
|
kfree(pDstBuffer->pBuffers);
|
|
}
|
|
icp_ocfDrvFreeMetaData(pDstBuffer);
|
|
kmem_cache_free(drvOpData_zone, temp_drvOpData);
|
|
|
|
/* Invoke the OCF callback function */
|
|
crypto_done(crp);
|
|
|
|
return;
|
|
}
|
|
|
|
/* Name : icp_ocfDrvNewSession
|
|
*
|
|
* Description : This function will create a new Driver<->OCF session
|
|
*
|
|
* Notes : LAC session registration happens during the first perform call.
|
|
* That is the first time we know all information about a given session.
|
|
*/
|
|
int icp_ocfDrvNewSession(device_t dev, uint32_t * sid, struct cryptoini *cri)
|
|
{
|
|
struct icp_drvSessionData *sessionData = NULL;
|
|
uint32_t delete_session = 0;
|
|
|
|
/* The SID passed in should be our driver ID. We can return the */
|
|
/* local ID (LID) which is a unique identifier which we can use */
|
|
/* to differentiate between the encrypt/decrypt LAC session handles */
|
|
if (NULL == sid) {
|
|
EPRINTK("%s(): Invalid input parameters - NULL sid.\n",
|
|
__FUNCTION__);
|
|
return EINVAL;
|
|
}
|
|
|
|
if (NULL == cri) {
|
|
EPRINTK("%s(): Invalid input parameters - NULL cryptoini.\n",
|
|
__FUNCTION__);
|
|
return EINVAL;
|
|
}
|
|
|
|
if (icp_ocfDrvDriverId != *sid) {
|
|
EPRINTK("%s(): Invalid input parameters - bad driver ID\n",
|
|
__FUNCTION__);
|
|
EPRINTK("\t sid = 0x08%p \n \t cri = 0x08%p \n", sid, cri);
|
|
return EINVAL;
|
|
}
|
|
|
|
sessionData = kmem_cache_zalloc(drvSessionData_zone, GFP_ATOMIC);
|
|
if (NULL == sessionData) {
|
|
DPRINTK("%s():No memory for Session Data\n", __FUNCTION__);
|
|
return ENOMEM;
|
|
}
|
|
|
|
/*ENTER CRITICAL SECTION */
|
|
spin_lock_bh(&icp_ocfDrvSymSessInfoListSpinlock);
|
|
/*put this check in the spinlock so no new sessions can be added to the
|
|
linked list when we are exiting */
|
|
if (CPA_TRUE == atomic_read(&icp_ocfDrvIsExiting)) {
|
|
delete_session++;
|
|
|
|
} else if (NO_OCF_TO_DRV_MAX_SESSIONS != max_sessions) {
|
|
if (atomic_read(&num_ocf_to_drv_registered_sessions) >=
|
|
(max_sessions -
|
|
atomic_read(&lac_session_failed_dereg_count))) {
|
|
delete_session++;
|
|
} else {
|
|
atomic_inc(&num_ocf_to_drv_registered_sessions);
|
|
/* Add to session data linked list */
|
|
list_add(&(sessionData->listNode),
|
|
&icp_ocfDrvGlobalSymListHead);
|
|
}
|
|
|
|
} else if (NO_OCF_TO_DRV_MAX_SESSIONS == max_sessions) {
|
|
list_add(&(sessionData->listNode),
|
|
&icp_ocfDrvGlobalSymListHead);
|
|
}
|
|
|
|
sessionData->inUse = ICP_SESSION_INITIALISED;
|
|
|
|
/*EXIT CRITICAL SECTION */
|
|
spin_unlock_bh(&icp_ocfDrvSymSessInfoListSpinlock);
|
|
|
|
if (delete_session) {
|
|
DPRINTK("%s():No Session handles available\n", __FUNCTION__);
|
|
kmem_cache_free(drvSessionData_zone, sessionData);
|
|
return EPERM;
|
|
}
|
|
|
|
if (ICP_OCF_DRV_STATUS_SUCCESS !=
|
|
icp_ocfDrvAlgorithmSetup(cri, &(sessionData->lacSessCtx))) {
|
|
DPRINTK("%s():algorithm not supported\n", __FUNCTION__);
|
|
icp_ocfDrvFreeOCFSession(sessionData);
|
|
return EINVAL;
|
|
}
|
|
|
|
if (cri->cri_next) {
|
|
if (cri->cri_next->cri_next != NULL) {
|
|
DPRINTK("%s():only two chained algorithms supported\n",
|
|
__FUNCTION__);
|
|
icp_ocfDrvFreeOCFSession(sessionData);
|
|
return EPERM;
|
|
}
|
|
|
|
if (ICP_OCF_DRV_STATUS_SUCCESS !=
|
|
icp_ocfDrvAlgorithmSetup(cri->cri_next,
|
|
&(sessionData->lacSessCtx))) {
|
|
DPRINTK("%s():second algorithm not supported\n",
|
|
__FUNCTION__);
|
|
icp_ocfDrvFreeOCFSession(sessionData);
|
|
return EINVAL;
|
|
}
|
|
|
|
sessionData->lacSessCtx.symOperation =
|
|
CPA_CY_SYM_OP_ALGORITHM_CHAINING;
|
|
}
|
|
|
|
*sid = (uint32_t) sessionData;
|
|
|
|
return ICP_OCF_DRV_STATUS_SUCCESS;
|
|
}
|
|
|
|
/* Name : icp_ocfDrvAlgorithmSetup
|
|
*
|
|
* Description : This function builds the session context data from the
|
|
* information supplied through OCF. Algorithm chain order and whether the
|
|
* session is Encrypt/Decrypt can only be found out at perform time however, so
|
|
* the session is registered with LAC at that time.
|
|
*/
|
|
static int
|
|
icp_ocfDrvAlgorithmSetup(struct cryptoini *cri,
|
|
CpaCySymSessionSetupData * lacSessCtx)
|
|
{
|
|
|
|
lacSessCtx->sessionPriority = CPA_CY_PRIORITY_NORMAL;
|
|
|
|
switch (cri->cri_alg) {
|
|
|
|
case CRYPTO_NULL_CBC:
|
|
DPRINTK("%s(): NULL CBC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER;
|
|
lacSessCtx->cipherSetupData.cipherAlgorithm =
|
|
CPA_CY_SYM_CIPHER_NULL;
|
|
lacSessCtx->cipherSetupData.cipherKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key;
|
|
break;
|
|
|
|
case CRYPTO_DES_CBC:
|
|
DPRINTK("%s(): DES CBC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER;
|
|
lacSessCtx->cipherSetupData.cipherAlgorithm =
|
|
CPA_CY_SYM_CIPHER_DES_CBC;
|
|
lacSessCtx->cipherSetupData.cipherKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key;
|
|
break;
|
|
|
|
case CRYPTO_3DES_CBC:
|
|
DPRINTK("%s(): 3DES CBC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER;
|
|
lacSessCtx->cipherSetupData.cipherAlgorithm =
|
|
CPA_CY_SYM_CIPHER_3DES_CBC;
|
|
lacSessCtx->cipherSetupData.cipherKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key;
|
|
break;
|
|
|
|
case CRYPTO_AES_CBC:
|
|
DPRINTK("%s(): AES CBC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER;
|
|
lacSessCtx->cipherSetupData.cipherAlgorithm =
|
|
CPA_CY_SYM_CIPHER_AES_CBC;
|
|
lacSessCtx->cipherSetupData.cipherKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key;
|
|
break;
|
|
|
|
case CRYPTO_ARC4:
|
|
DPRINTK("%s(): ARC4\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_CIPHER;
|
|
lacSessCtx->cipherSetupData.cipherAlgorithm =
|
|
CPA_CY_SYM_CIPHER_ARC4;
|
|
lacSessCtx->cipherSetupData.cipherKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->cipherSetupData.pCipherKey = cri->cri_key;
|
|
break;
|
|
|
|
case CRYPTO_SHA1:
|
|
DPRINTK("%s(): SHA1\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_SHA1;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_SHA1_DIGEST_SIZE_IN_BYTES);
|
|
|
|
break;
|
|
|
|
case CRYPTO_SHA1_HMAC:
|
|
DPRINTK("%s(): SHA1_HMAC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_SHA1;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_SHA1_DIGEST_SIZE_IN_BYTES);
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKey =
|
|
cri->cri_key;
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0;
|
|
|
|
break;
|
|
|
|
case CRYPTO_SHA2_256:
|
|
DPRINTK("%s(): SHA256\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm =
|
|
CPA_CY_SYM_HASH_SHA256;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_SHA256_DIGEST_SIZE_IN_BYTES);
|
|
|
|
break;
|
|
|
|
case CRYPTO_SHA2_256_HMAC:
|
|
DPRINTK("%s(): SHA256_HMAC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm =
|
|
CPA_CY_SYM_HASH_SHA256;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_SHA256_DIGEST_SIZE_IN_BYTES);
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKey =
|
|
cri->cri_key;
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0;
|
|
|
|
break;
|
|
|
|
case CRYPTO_SHA2_384:
|
|
DPRINTK("%s(): SHA384\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm =
|
|
CPA_CY_SYM_HASH_SHA384;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_SHA384_DIGEST_SIZE_IN_BYTES);
|
|
|
|
break;
|
|
|
|
case CRYPTO_SHA2_384_HMAC:
|
|
DPRINTK("%s(): SHA384_HMAC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm =
|
|
CPA_CY_SYM_HASH_SHA384;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_SHA384_DIGEST_SIZE_IN_BYTES);
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKey =
|
|
cri->cri_key;
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0;
|
|
|
|
break;
|
|
|
|
case CRYPTO_SHA2_512:
|
|
DPRINTK("%s(): SHA512\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm =
|
|
CPA_CY_SYM_HASH_SHA512;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_SHA512_DIGEST_SIZE_IN_BYTES);
|
|
|
|
break;
|
|
|
|
case CRYPTO_SHA2_512_HMAC:
|
|
DPRINTK("%s(): SHA512_HMAC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm =
|
|
CPA_CY_SYM_HASH_SHA512;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_SHA512_DIGEST_SIZE_IN_BYTES);
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKey =
|
|
cri->cri_key;
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0;
|
|
|
|
break;
|
|
|
|
case CRYPTO_MD5:
|
|
DPRINTK("%s(): MD5\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_MD5;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_PLAIN;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_MD5_DIGEST_SIZE_IN_BYTES);
|
|
|
|
break;
|
|
|
|
case CRYPTO_MD5_HMAC:
|
|
DPRINTK("%s(): MD5_HMAC\n", __FUNCTION__);
|
|
lacSessCtx->symOperation = CPA_CY_SYM_OP_HASH;
|
|
lacSessCtx->hashSetupData.hashAlgorithm = CPA_CY_SYM_HASH_MD5;
|
|
lacSessCtx->hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH;
|
|
lacSessCtx->hashSetupData.digestResultLenInBytes =
|
|
(cri->cri_mlen ?
|
|
cri->cri_mlen : ICP_MD5_DIGEST_SIZE_IN_BYTES);
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKey =
|
|
cri->cri_key;
|
|
lacSessCtx->hashSetupData.authModeSetupData.authKeyLenInBytes =
|
|
cri->cri_klen / NUM_BITS_IN_BYTE;
|
|
lacSessCtx->hashSetupData.authModeSetupData.aadLenInBytes = 0;
|
|
|
|
break;
|
|
|
|
default:
|
|
DPRINTK("%s(): ALG Setup FAIL\n", __FUNCTION__);
|
|
return ICP_OCF_DRV_STATUS_FAIL;
|
|
}
|
|
|
|
return ICP_OCF_DRV_STATUS_SUCCESS;
|
|
}
|
|
|
|
/* Name : icp_ocfDrvFreeOCFSession
|
|
*
|
|
* Description : This function deletes all existing Session data representing
|
|
* the Cryptographic session established between OCF and this driver. This
|
|
* also includes freeing the memory allocated for the session context. The
|
|
* session object is also removed from the session linked list.
|
|
*/
|
|
static void icp_ocfDrvFreeOCFSession(struct icp_drvSessionData *sessionData)
|
|
{
|
|
|
|
sessionData->inUse = ICP_SESSION_DEREGISTERED;
|
|
|
|
/*ENTER CRITICAL SECTION */
|
|
spin_lock_bh(&icp_ocfDrvSymSessInfoListSpinlock);
|
|
|
|
if (CPA_TRUE == atomic_read(&icp_ocfDrvIsExiting)) {
|
|
/*If the Driver is exiting, allow that process to
|
|
handle any deletions */
|
|
/*EXIT CRITICAL SECTION */
|
|
spin_unlock_bh(&icp_ocfDrvSymSessInfoListSpinlock);
|
|
return;
|
|
}
|
|
|
|
atomic_dec(&num_ocf_to_drv_registered_sessions);
|
|
|
|
list_del(&(sessionData->listNode));
|
|
|
|
/*EXIT CRITICAL SECTION */
|
|
spin_unlock_bh(&icp_ocfDrvSymSessInfoListSpinlock);
|
|
|
|
if (NULL != sessionData->sessHandle) {
|
|
kfree(sessionData->sessHandle);
|
|
}
|
|
kmem_cache_free(drvSessionData_zone, sessionData);
|
|
}
|
|
|
|
/* Name : icp_ocfDrvFreeLACSession
|
|
*
|
|
* Description : This attempts to deregister a LAC session. If it fails, the
|
|
* deregistation retry function is called.
|
|
*/
|
|
int icp_ocfDrvFreeLACSession(device_t dev, uint64_t sid)
|
|
{
|
|
CpaCySymSessionCtx sessionToDeregister = NULL;
|
|
struct icp_drvSessionData *sessionData = NULL;
|
|
CpaStatus lacStatus = CPA_STATUS_SUCCESS;
|
|
int retval = 0;
|
|
|
|
sessionData = (struct icp_drvSessionData *)CRYPTO_SESID2LID(sid);
|
|
if (NULL == sessionData) {
|
|
EPRINTK("%s(): OCF Free session called with Null Session ID.\n",
|
|
__FUNCTION__);
|
|
return EINVAL;
|
|
}
|
|
|
|
sessionToDeregister = sessionData->sessHandle;
|
|
|
|
if (ICP_SESSION_INITIALISED == sessionData->inUse) {
|
|
DPRINTK("%s() Session not registered with LAC\n", __FUNCTION__);
|
|
} else if (NULL == sessionData->sessHandle) {
|
|
EPRINTK
|
|
("%s(): OCF Free session called with Null Session Handle.\n",
|
|
__FUNCTION__);
|
|
return EINVAL;
|
|
} else {
|
|
lacStatus = cpaCySymRemoveSession(CPA_INSTANCE_HANDLE_SINGLE,
|
|
sessionToDeregister);
|
|
if (CPA_STATUS_RETRY == lacStatus) {
|
|
if (ICP_OCF_DRV_STATUS_SUCCESS !=
|
|
icp_ocfDrvDeregRetry(&sessionToDeregister)) {
|
|
/* the retry function increments the
|
|
dereg failed count */
|
|
DPRINTK("%s(): LAC failed to deregister the "
|
|
"session. (localSessionId= %p)\n",
|
|
__FUNCTION__, sessionToDeregister);
|
|
retval = EPERM;
|
|
}
|
|
|
|
} else if (CPA_STATUS_SUCCESS != lacStatus) {
|
|
DPRINTK("%s(): LAC failed to deregister the session. "
|
|
"localSessionId= %p, lacStatus = %d\n",
|
|
__FUNCTION__, sessionToDeregister, lacStatus);
|
|
atomic_inc(&lac_session_failed_dereg_count);
|
|
retval = EPERM;
|
|
}
|
|
}
|
|
|
|
icp_ocfDrvFreeOCFSession(sessionData);
|
|
return retval;
|
|
|
|
}
|
|
|
|
/* Name : icp_ocfDrvAlgCheck
|
|
*
|
|
* Description : This function checks whether the cryptodesc argument pertains
|
|
* to a sym or hash function
|
|
*/
|
|
static int icp_ocfDrvAlgCheck(struct cryptodesc *crp_desc)
|
|
{
|
|
|
|
if (crp_desc->crd_alg == CRYPTO_3DES_CBC ||
|
|
crp_desc->crd_alg == CRYPTO_AES_CBC ||
|
|
crp_desc->crd_alg == CRYPTO_DES_CBC ||
|
|
crp_desc->crd_alg == CRYPTO_NULL_CBC ||
|
|
crp_desc->crd_alg == CRYPTO_ARC4) {
|
|
return ICP_OCF_DRV_ALG_CIPHER;
|
|
}
|
|
|
|
return ICP_OCF_DRV_ALG_HASH;
|
|
}
|
|
|
|
/* Name : icp_ocfDrvSymProcess
|
|
*
|
|
* Description : This function will map symmetric functionality calls from OCF
|
|
* to the LAC API. It will also allocate memory to store the session context.
|
|
*
|
|
* Notes: If it is the first perform call for a given session, then a LAC
|
|
* session is registered. After the session is registered, no checks as
|
|
* to whether session paramaters have changed (e.g. alg chain order) are
|
|
* done.
|
|
*/
|
|
int icp_ocfDrvSymProcess(device_t dev, struct cryptop *crp, int hint)
|
|
{
|
|
struct icp_drvSessionData *sessionData = NULL;
|
|
struct icp_drvOpData *drvOpData = NULL;
|
|
CpaStatus lacStatus = CPA_STATUS_SUCCESS;
|
|
Cpa32U sessionCtxSizeInBytes = 0;
|
|
uint16_t numBufferListArray = 0;
|
|
|
|
if (NULL == crp) {
|
|
DPRINTK("%s(): Invalid input parameters, cryptop is NULL\n",
|
|
__FUNCTION__);
|
|
return EINVAL;
|
|
}
|
|
|
|
if (NULL == crp->crp_desc) {
|
|
DPRINTK("%s(): Invalid input parameters, no crp_desc attached "
|
|
"to crp\n", __FUNCTION__);
|
|
crp->crp_etype = EINVAL;
|
|
return EINVAL;
|
|
}
|
|
|
|
if (NULL == crp->crp_buf) {
|
|
DPRINTK("%s(): Invalid input parameters, no buffer attached "
|
|
"to crp\n", __FUNCTION__);
|
|
crp->crp_etype = EINVAL;
|
|
return EINVAL;
|
|
}
|
|
|
|
if (CPA_TRUE == atomic_read(&icp_ocfDrvIsExiting)) {
|
|
crp->crp_etype = EFAULT;
|
|
return EFAULT;
|
|
}
|
|
|
|
sessionData = (struct icp_drvSessionData *)
|
|
(CRYPTO_SESID2LID(crp->crp_sid));
|
|
if (NULL == sessionData) {
|
|
DPRINTK("%s(): Invalid input parameters, Null Session ID \n",
|
|
__FUNCTION__);
|
|
crp->crp_etype = EINVAL;
|
|
return EINVAL;
|
|
}
|
|
|
|
/*If we get a request against a deregisted session, cancel operation*/
|
|
if (ICP_SESSION_DEREGISTERED == sessionData->inUse) {
|
|
DPRINTK("%s(): Session ID %d was deregistered \n",
|
|
__FUNCTION__, (int)(CRYPTO_SESID2LID(crp->crp_sid)));
|
|
crp->crp_etype = EFAULT;
|
|
return EFAULT;
|
|
}
|
|
|
|
/*If none of the session states are set, then the session structure was either
|
|
not initialised properly or we are reading from a freed memory area (possible
|
|
due to OCF batch mode not removing queued requests against deregistered
|
|
sessions*/
|
|
if (ICP_SESSION_INITIALISED != sessionData->inUse &&
|
|
ICP_SESSION_RUNNING != sessionData->inUse) {
|
|
DPRINTK("%s(): Session - ID %d - not properly initialised or "
|
|
"memory freed back to the kernel \n",
|
|
__FUNCTION__, (int)(CRYPTO_SESID2LID(crp->crp_sid)));
|
|
crp->crp_etype = EINVAL;
|
|
return EINVAL;
|
|
}
|
|
|
|
/*For the below checks, remember error checking is already done in LAC.
|
|
We're not validating inputs subsequent to registration */
|
|
if (sessionData->inUse == ICP_SESSION_INITIALISED) {
|
|
DPRINTK("%s(): Initialising session\n", __FUNCTION__);
|
|
|
|
if (NULL != crp->crp_desc->crd_next) {
|
|
if (ICP_OCF_DRV_ALG_CIPHER ==
|
|
icp_ocfDrvAlgCheck(crp->crp_desc)) {
|
|
|
|
sessionData->lacSessCtx.algChainOrder =
|
|
CPA_CY_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH;
|
|
|
|
if (crp->crp_desc->crd_flags & CRD_F_ENCRYPT) {
|
|
sessionData->lacSessCtx.cipherSetupData.
|
|
cipherDirection =
|
|
CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT;
|
|
} else {
|
|
sessionData->lacSessCtx.cipherSetupData.
|
|
cipherDirection =
|
|
CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT;
|
|
}
|
|
} else {
|
|
sessionData->lacSessCtx.algChainOrder =
|
|
CPA_CY_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER;
|
|
|
|
if (crp->crp_desc->crd_next->crd_flags &
|
|
CRD_F_ENCRYPT) {
|
|
sessionData->lacSessCtx.cipherSetupData.
|
|
cipherDirection =
|
|
CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT;
|
|
} else {
|
|
sessionData->lacSessCtx.cipherSetupData.
|
|
cipherDirection =
|
|
CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT;
|
|
}
|
|
|
|
}
|
|
|
|
} else if (ICP_OCF_DRV_ALG_CIPHER ==
|
|
icp_ocfDrvAlgCheck(crp->crp_desc)) {
|
|
if (crp->crp_desc->crd_flags & CRD_F_ENCRYPT) {
|
|
sessionData->lacSessCtx.cipherSetupData.
|
|
cipherDirection =
|
|
CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT;
|
|
} else {
|
|
sessionData->lacSessCtx.cipherSetupData.
|
|
cipherDirection =
|
|
CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT;
|
|
}
|
|
|
|
}
|
|
|
|
/*No action required for standalone Auth here */
|
|
|
|
/* Allocate memory for SymSessionCtx before the Session Registration */
|
|
lacStatus =
|
|
cpaCySymSessionCtxGetSize(CPA_INSTANCE_HANDLE_SINGLE,
|
|
&(sessionData->lacSessCtx),
|
|
&sessionCtxSizeInBytes);
|
|
if (CPA_STATUS_SUCCESS != lacStatus) {
|
|
EPRINTK("%s(): cpaCySymSessionCtxGetSize failed - %d\n",
|
|
__FUNCTION__, lacStatus);
|
|
return EINVAL;
|
|
}
|
|
sessionData->sessHandle =
|
|
kmalloc(sessionCtxSizeInBytes, GFP_ATOMIC);
|
|
if (NULL == sessionData->sessHandle) {
|
|
EPRINTK
|
|
("%s(): Failed to get memory for SymSessionCtx\n",
|
|
__FUNCTION__);
|
|
return ENOMEM;
|
|
}
|
|
|
|
lacStatus = cpaCySymInitSession(CPA_INSTANCE_HANDLE_SINGLE,
|
|
icp_ocfDrvSymCallBack,
|
|
&(sessionData->lacSessCtx),
|
|
sessionData->sessHandle);
|
|
|
|
if (CPA_STATUS_SUCCESS != lacStatus) {
|
|
EPRINTK("%s(): cpaCySymInitSession failed -%d \n",
|
|
__FUNCTION__, lacStatus);
|
|
return EFAULT;
|
|
}
|
|
|
|
sessionData->inUse = ICP_SESSION_RUNNING;
|
|
}
|
|
|
|
drvOpData = kmem_cache_zalloc(drvOpData_zone, GFP_ATOMIC);
|
|
if (NULL == drvOpData) {
|
|
EPRINTK("%s():Failed to get memory for drvOpData\n",
|
|
__FUNCTION__);
|
|
crp->crp_etype = ENOMEM;
|
|
return ENOMEM;
|
|
}
|
|
|
|
drvOpData->lacOpData.pSessionCtx = sessionData->sessHandle;
|
|
drvOpData->digestSizeInBytes = sessionData->lacSessCtx.hashSetupData.
|
|
digestResultLenInBytes;
|
|
drvOpData->crp = crp;
|
|
|
|
/* Set the default buffer list array memory allocation */
|
|
drvOpData->srcBuffer.pBuffers = drvOpData->bufferListArray;
|
|
drvOpData->numBufferListArray = ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS;
|
|
|
|
/*
|
|
* Allocate buffer list array memory allocation if the
|
|
* data fragment is more than the default allocation
|
|
*/
|
|
if (crp->crp_flags & CRYPTO_F_SKBUF) {
|
|
numBufferListArray = icp_ocfDrvGetSkBuffFrags((struct sk_buff *)
|
|
crp->crp_buf);
|
|
if (ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS < numBufferListArray) {
|
|
DPRINTK("%s() numBufferListArray more than default\n",
|
|
__FUNCTION__);
|
|
drvOpData->srcBuffer.pBuffers = NULL;
|
|
drvOpData->srcBuffer.pBuffers =
|
|
kmalloc(numBufferListArray *
|
|
sizeof(CpaFlatBuffer), GFP_ATOMIC);
|
|
if (NULL == drvOpData->srcBuffer.pBuffers) {
|
|
EPRINTK("%s() Failed to get memory for "
|
|
"pBuffers\n", __FUNCTION__);
|
|
kmem_cache_free(drvOpData_zone, drvOpData);
|
|
crp->crp_etype = ENOMEM;
|
|
return ENOMEM;
|
|
}
|
|
drvOpData->numBufferListArray = numBufferListArray;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Check the type of buffer structure we got and convert it into
|
|
* CpaBufferList format.
|
|
*/
|
|
if (crp->crp_flags & CRYPTO_F_SKBUF) {
|
|
if (ICP_OCF_DRV_STATUS_SUCCESS !=
|
|
icp_ocfDrvSkBuffToBufferList((struct sk_buff *)crp->crp_buf,
|
|
&(drvOpData->srcBuffer))) {
|
|
EPRINTK("%s():Failed to translate from SK_BUF "
|
|
"to bufferlist\n", __FUNCTION__);
|
|
crp->crp_etype = EINVAL;
|
|
goto err;
|
|
}
|
|
|
|
drvOpData->bufferType = CRYPTO_F_SKBUF;
|
|
} else if (crp->crp_flags & CRYPTO_F_IOV) {
|
|
/* OCF only supports IOV of one entry. */
|
|
if (NUM_IOV_SUPPORTED ==
|
|
((struct uio *)(crp->crp_buf))->uio_iovcnt) {
|
|
|
|
icp_ocfDrvPtrAndLenToBufferList(((struct uio *)(crp->
|
|
crp_buf))->
|
|
uio_iov[0].iov_base,
|
|
((struct uio *)(crp->
|
|
crp_buf))->
|
|
uio_iov[0].iov_len,
|
|
&(drvOpData->
|
|
srcBuffer));
|
|
|
|
drvOpData->bufferType = CRYPTO_F_IOV;
|
|
|
|
} else {
|
|
DPRINTK("%s():Unable to handle IOVs with lengths of "
|
|
"greater than one!\n", __FUNCTION__);
|
|
crp->crp_etype = EINVAL;
|
|
goto err;
|
|
}
|
|
|
|
} else {
|
|
icp_ocfDrvPtrAndLenToBufferList(crp->crp_buf,
|
|
crp->crp_ilen,
|
|
&(drvOpData->srcBuffer));
|
|
|
|
drvOpData->bufferType = CRYPTO_BUF_CONTIG;
|
|
}
|
|
|
|
if (ICP_OCF_DRV_STATUS_SUCCESS !=
|
|
icp_ocfDrvProcessDataSetup(drvOpData, drvOpData->crp->crp_desc)) {
|
|
crp->crp_etype = EINVAL;
|
|
goto err;
|
|
}
|
|
|
|
if (drvOpData->crp->crp_desc->crd_next != NULL) {
|
|
if (icp_ocfDrvProcessDataSetup(drvOpData, drvOpData->crp->
|
|
crp_desc->crd_next)) {
|
|
crp->crp_etype = EINVAL;
|
|
goto err;
|
|
}
|
|
|
|
}
|
|
|
|
/* Allocate srcBuffer's private meta data */
|
|
if (ICP_OCF_DRV_STATUS_SUCCESS !=
|
|
icp_ocfDrvAllocMetaData(&(drvOpData->srcBuffer), drvOpData)) {
|
|
EPRINTK("%s() icp_ocfDrvAllocMetaData failed\n", __FUNCTION__);
|
|
memset(&(drvOpData->lacOpData), 0, sizeof(CpaCySymOpData));
|
|
crp->crp_etype = EINVAL;
|
|
goto err;
|
|
}
|
|
|
|
/* Perform "in-place" crypto operation */
|
|
lacStatus = cpaCySymPerformOp(CPA_INSTANCE_HANDLE_SINGLE,
|
|
(void *)drvOpData,
|
|
&(drvOpData->lacOpData),
|
|
&(drvOpData->srcBuffer),
|
|
&(drvOpData->srcBuffer),
|
|
&(drvOpData->verifyResult));
|
|
if (CPA_STATUS_RETRY == lacStatus) {
|
|
DPRINTK("%s(): cpaCySymPerformOp retry, lacStatus = %d\n",
|
|
__FUNCTION__, lacStatus);
|
|
memset(&(drvOpData->lacOpData), 0, sizeof(CpaCySymOpData));
|
|
crp->crp_etype = EINVAL;
|
|
goto err;
|
|
}
|
|
if (CPA_STATUS_SUCCESS != lacStatus) {
|
|
EPRINTK("%s(): cpaCySymPerformOp failed, lacStatus = %d\n",
|
|
__FUNCTION__, lacStatus);
|
|
memset(&(drvOpData->lacOpData), 0, sizeof(CpaCySymOpData));
|
|
crp->crp_etype = EINVAL;
|
|
goto err;
|
|
}
|
|
|
|
return 0; //OCF success status value
|
|
|
|
err:
|
|
if (drvOpData->numBufferListArray > ICP_OCF_DRV_DEFAULT_BUFFLIST_ARRAYS) {
|
|
kfree(drvOpData->srcBuffer.pBuffers);
|
|
}
|
|
icp_ocfDrvFreeMetaData(&(drvOpData->srcBuffer));
|
|
kmem_cache_free(drvOpData_zone, drvOpData);
|
|
|
|
return crp->crp_etype;
|
|
}
|
|
|
|
/* Name : icp_ocfDrvProcessDataSetup
|
|
*
|
|
* Description : This function will setup all the cryptographic operation data
|
|
* that is required by LAC to execute the operation.
|
|
*/
|
|
static int icp_ocfDrvProcessDataSetup(struct icp_drvOpData *drvOpData,
|
|
struct cryptodesc *crp_desc)
|
|
{
|
|
CpaCyRandGenOpData randGenOpData;
|
|
CpaFlatBuffer randData;
|
|
|
|
drvOpData->lacOpData.packetType = CPA_CY_SYM_PACKET_TYPE_FULL;
|
|
|
|
/* Convert from the cryptop to the ICP LAC crypto parameters */
|
|
switch (crp_desc->crd_alg) {
|
|
case CRYPTO_NULL_CBC:
|
|
drvOpData->lacOpData.
|
|
cryptoStartSrcOffsetInBytes = crp_desc->crd_skip;
|
|
drvOpData->lacOpData.
|
|
messageLenToCipherInBytes = crp_desc->crd_len;
|
|
drvOpData->verifyResult = CPA_FALSE;
|
|
drvOpData->lacOpData.ivLenInBytes = NULL_BLOCK_LEN;
|
|
break;
|
|
case CRYPTO_DES_CBC:
|
|
drvOpData->lacOpData.
|
|
cryptoStartSrcOffsetInBytes = crp_desc->crd_skip;
|
|
drvOpData->lacOpData.
|
|
messageLenToCipherInBytes = crp_desc->crd_len;
|
|
drvOpData->verifyResult = CPA_FALSE;
|
|
drvOpData->lacOpData.ivLenInBytes = DES_BLOCK_LEN;
|
|
break;
|
|
case CRYPTO_3DES_CBC:
|
|
drvOpData->lacOpData.
|
|
cryptoStartSrcOffsetInBytes = crp_desc->crd_skip;
|
|
drvOpData->lacOpData.
|
|
messageLenToCipherInBytes = crp_desc->crd_len;
|
|
drvOpData->verifyResult = CPA_FALSE;
|
|
drvOpData->lacOpData.ivLenInBytes = DES3_BLOCK_LEN;
|
|
break;
|
|
case CRYPTO_ARC4:
|
|
drvOpData->lacOpData.
|
|
cryptoStartSrcOffsetInBytes = crp_desc->crd_skip;
|
|
drvOpData->lacOpData.
|
|
messageLenToCipherInBytes = crp_desc->crd_len;
|
|
drvOpData->verifyResult = CPA_FALSE;
|
|
drvOpData->lacOpData.ivLenInBytes = ARC4_COUNTER_LEN;
|
|
break;
|
|
case CRYPTO_AES_CBC:
|
|
drvOpData->lacOpData.
|
|
cryptoStartSrcOffsetInBytes = crp_desc->crd_skip;
|
|
drvOpData->lacOpData.
|
|
messageLenToCipherInBytes = crp_desc->crd_len;
|
|
drvOpData->verifyResult = CPA_FALSE;
|
|
drvOpData->lacOpData.ivLenInBytes = RIJNDAEL128_BLOCK_LEN;
|
|
break;
|
|
case CRYPTO_SHA1:
|
|
case CRYPTO_SHA1_HMAC:
|
|
case CRYPTO_SHA2_256:
|
|
case CRYPTO_SHA2_256_HMAC:
|
|
case CRYPTO_SHA2_384:
|
|
case CRYPTO_SHA2_384_HMAC:
|
|
case CRYPTO_SHA2_512:
|
|
case CRYPTO_SHA2_512_HMAC:
|
|
case CRYPTO_MD5:
|
|
case CRYPTO_MD5_HMAC:
|
|
drvOpData->lacOpData.
|
|
hashStartSrcOffsetInBytes = crp_desc->crd_skip;
|
|
drvOpData->lacOpData.
|
|
messageLenToHashInBytes = crp_desc->crd_len;
|
|
drvOpData->lacOpData.
|
|
pDigestResult =
|
|
icp_ocfDrvDigestPointerFind(drvOpData, crp_desc);
|
|
|
|
if (NULL == drvOpData->lacOpData.pDigestResult) {
|
|
DPRINTK("%s(): ERROR - could not calculate "
|
|
"Digest Result memory address\n", __FUNCTION__);
|
|
return ICP_OCF_DRV_STATUS_FAIL;
|
|
}
|
|
|
|
drvOpData->lacOpData.digestVerify = CPA_FALSE;
|
|
break;
|
|
default:
|
|
DPRINTK("%s(): Crypto process error - algorithm not "
|
|
"found \n", __FUNCTION__);
|
|
return ICP_OCF_DRV_STATUS_FAIL;
|
|
}
|
|
|
|
/* Figure out what the IV is supposed to be */
|
|
if ((crp_desc->crd_alg == CRYPTO_DES_CBC) ||
|
|
(crp_desc->crd_alg == CRYPTO_3DES_CBC) ||
|
|
(crp_desc->crd_alg == CRYPTO_AES_CBC)) {
|
|
/*ARC4 doesn't use an IV */
|
|
if (crp_desc->crd_flags & CRD_F_IV_EXPLICIT) {
|
|
/* Explicit IV provided to OCF */
|
|
drvOpData->lacOpData.pIv = crp_desc->crd_iv;
|
|
} else {
|
|
/* IV is not explicitly provided to OCF */
|
|
|
|
/* Point the LAC OP Data IV pointer to our allocated
|
|
storage location for this session. */
|
|
drvOpData->lacOpData.pIv = drvOpData->ivData;
|
|
|
|
if ((crp_desc->crd_flags & CRD_F_ENCRYPT) &&
|
|
((crp_desc->crd_flags & CRD_F_IV_PRESENT) == 0)) {
|
|
|
|
/* Encrypting - need to create IV */
|
|
randGenOpData.generateBits = CPA_TRUE;
|
|
randGenOpData.lenInBytes = MAX_IV_LEN_IN_BYTES;
|
|
|
|
icp_ocfDrvPtrAndLenToFlatBuffer((Cpa8U *)
|
|
drvOpData->
|
|
ivData,
|
|
MAX_IV_LEN_IN_BYTES,
|
|
&randData);
|
|
|
|
if (CPA_STATUS_SUCCESS !=
|
|
cpaCyRandGen(CPA_INSTANCE_HANDLE_SINGLE,
|
|
NULL, NULL,
|
|
&randGenOpData, &randData)) {
|
|
DPRINTK("%s(): ERROR - Failed to"
|
|
" generate"
|
|
" Initialisation Vector\n",
|
|
__FUNCTION__);
|
|
return ICP_OCF_DRV_STATUS_FAIL;
|
|
}
|
|
|
|
crypto_copyback(drvOpData->crp->
|
|
crp_flags,
|
|
drvOpData->crp->crp_buf,
|
|
crp_desc->crd_inject,
|
|
drvOpData->lacOpData.
|
|
ivLenInBytes,
|
|
(caddr_t) (drvOpData->lacOpData.
|
|
pIv));
|
|
} else {
|
|
/* Reading IV from buffer */
|
|
crypto_copydata(drvOpData->crp->
|
|
crp_flags,
|
|
drvOpData->crp->crp_buf,
|
|
crp_desc->crd_inject,
|
|
drvOpData->lacOpData.
|
|
ivLenInBytes,
|
|
(caddr_t) (drvOpData->lacOpData.
|
|
pIv));
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ICP_OCF_DRV_STATUS_SUCCESS;
|
|
}
|
|
|
|
/* Name : icp_ocfDrvDigestPointerFind
|
|
*
|
|
* Description : This function is used to find the memory address of where the
|
|
* digest information shall be stored in. Input buffer types are an skbuff, iov
|
|
* or flat buffer. The address is found using the buffer data start address and
|
|
* an offset.
|
|
*
|
|
* Note: In the case of a linux skbuff, the digest address may exist within
|
|
* a memory space linked to from the start buffer. These linked memory spaces
|
|
* must be traversed by the data length offset in order to find the digest start
|
|
* address. Whether there is enough space for the digest must also be checked.
|
|
*/
|
|
|
|
static uint8_t *icp_ocfDrvDigestPointerFind(struct icp_drvOpData *drvOpData,
|
|
struct cryptodesc *crp_desc)
|
|
{
|
|
|
|
int offsetInBytes = crp_desc->crd_inject;
|
|
uint32_t digestSizeInBytes = drvOpData->digestSizeInBytes;
|
|
uint8_t *flat_buffer_base = NULL;
|
|
int flat_buffer_length = 0;
|
|
struct sk_buff *skb;
|
|
|
|
if (drvOpData->crp->crp_flags & CRYPTO_F_SKBUF) {
|
|
/*check if enough overall space to store hash */
|
|
skb = (struct sk_buff *)(drvOpData->crp->crp_buf);
|
|
|
|
if (skb->len < (offsetInBytes + digestSizeInBytes)) {
|
|
DPRINTK("%s() Not enough space for Digest"
|
|
" payload after the offset (%d), "
|
|
"digest size (%d) \n", __FUNCTION__,
|
|
offsetInBytes, digestSizeInBytes);
|
|
return NULL;
|
|
}
|
|
|
|
return icp_ocfDrvSkbuffDigestPointerFind(drvOpData,
|
|
offsetInBytes,
|
|
digestSizeInBytes);
|
|
|
|
} else {
|
|
/* IOV or flat buffer */
|
|
if (drvOpData->crp->crp_flags & CRYPTO_F_IOV) {
|
|
/*single IOV check has already been done */
|
|
flat_buffer_base = ((struct uio *)
|
|
(drvOpData->crp->crp_buf))->
|
|
uio_iov[0].iov_base;
|
|
flat_buffer_length = ((struct uio *)
|
|
(drvOpData->crp->crp_buf))->
|
|
uio_iov[0].iov_len;
|
|
} else {
|
|
flat_buffer_base = (uint8_t *) drvOpData->crp->crp_buf;
|
|
flat_buffer_length = drvOpData->crp->crp_ilen;
|
|
}
|
|
|
|
if (flat_buffer_length < (offsetInBytes + digestSizeInBytes)) {
|
|
DPRINTK("%s() Not enough space for Digest "
|
|
"(IOV/Flat Buffer) \n", __FUNCTION__);
|
|
return NULL;
|
|
} else {
|
|
return (uint8_t *) (flat_buffer_base + offsetInBytes);
|
|
}
|
|
}
|
|
DPRINTK("%s() Should not reach this point\n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
|
|
/* Name : icp_ocfDrvSkbuffDigestPointerFind
|
|
*
|
|
* Description : This function is used by icp_ocfDrvDigestPointerFind to process
|
|
* the non-linear portion of the skbuff if the fragmentation type is a linked
|
|
* list (frag_list is not NULL in the skb_shared_info structure)
|
|
*/
|
|
static inline uint8_t *icp_ocfDrvSkbuffDigestPointerFind(struct icp_drvOpData
|
|
*drvOpData,
|
|
int offsetInBytes,
|
|
uint32_t
|
|
digestSizeInBytes)
|
|
{
|
|
|
|
struct sk_buff *skb = NULL;
|
|
struct skb_shared_info *skb_shared = NULL;
|
|
|
|
uint32_t skbuffisnonlinear = 0;
|
|
|
|
uint32_t skbheadlen = 0;
|
|
|
|
skb = (struct sk_buff *)(drvOpData->crp->crp_buf);
|
|
skbuffisnonlinear = skb_is_nonlinear(skb);
|
|
|
|
skbheadlen = skb_headlen(skb);
|
|
|
|
/*Linear skb checks */
|
|
if (skbheadlen > offsetInBytes) {
|
|
|
|
if (skbheadlen >= (offsetInBytes + digestSizeInBytes)) {
|
|
return (uint8_t *) (skb->data + offsetInBytes);
|
|
} else {
|
|
DPRINTK("%s() Auth payload stretches "
|
|
"accross contiguous memory\n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
} else {
|
|
if (skbuffisnonlinear) {
|
|
offsetInBytes -= skbheadlen;
|
|
} else {
|
|
DPRINTK("%s() Offset outside of buffer boundaries\n",
|
|
__FUNCTION__);
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
/*Non Linear checks */
|
|
skb_shared = (struct skb_shared_info *)(skb->end);
|
|
if (unlikely(NULL == skb_shared)) {
|
|
DPRINTK("%s() skbuff shared info stucture is NULL! \n",
|
|
__FUNCTION__);
|
|
return NULL;
|
|
} else if ((0 != skb_shared->nr_frags) &&
|
|
(skb_shared->frag_list != NULL)) {
|
|
DPRINTK("%s() skbuff nr_frags AND "
|
|
"frag_list not supported \n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
|
|
/*TCP segmentation more likely than IP fragmentation */
|
|
if (likely(0 != skb_shared->nr_frags)) {
|
|
return icp_ocfDrvDigestSkbNRFragsCheck(skb, skb_shared,
|
|
offsetInBytes,
|
|
digestSizeInBytes);
|
|
} else if (skb_shared->frag_list != NULL) {
|
|
return icp_ocfDrvDigestSkbFragListCheck(skb, skb_shared,
|
|
offsetInBytes,
|
|
digestSizeInBytes);
|
|
} else {
|
|
DPRINTK("%s() skbuff is non-linear but does not show any "
|
|
"linked data\n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
|
|
}
|
|
|
|
/* Name : icp_ocfDrvDigestSkbNRFragsCheck
|
|
*
|
|
* Description : This function is used by icp_ocfDrvSkbuffDigestPointerFind to
|
|
* process the non-linear portion of the skbuff, if the fragmentation type is
|
|
* page fragments
|
|
*/
|
|
static inline uint8_t *icp_ocfDrvDigestSkbNRFragsCheck(struct sk_buff *skb,
|
|
struct skb_shared_info
|
|
*skb_shared,
|
|
int offsetInBytes,
|
|
uint32_t
|
|
digestSizeInBytes)
|
|
{
|
|
int i = 0;
|
|
/*nr_frags starts from 1 */
|
|
if (MAX_SKB_FRAGS < skb_shared->nr_frags) {
|
|
DPRINTK("%s error processing skbuff "
|
|
"page frame -- MAX FRAGS exceeded \n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
|
|
for (i = 0; i < skb_shared->nr_frags; i++) {
|
|
|
|
if (offsetInBytes >= skb_shared->frags[i].size) {
|
|
/*offset still greater than data position */
|
|
offsetInBytes -= skb_shared->frags[i].size;
|
|
} else {
|
|
/* found the page containing start of hash */
|
|
|
|
if (NULL == skb_shared->frags[i].page) {
|
|
DPRINTK("%s() Linked page is NULL!\n",
|
|
__FUNCTION__);
|
|
return NULL;
|
|
}
|
|
|
|
if (offsetInBytes + digestSizeInBytes >
|
|
skb_shared->frags[i].size) {
|
|
DPRINTK("%s() Auth payload stretches accross "
|
|
"contiguous memory\n", __FUNCTION__);
|
|
return NULL;
|
|
} else {
|
|
return (uint8_t *) (skb_shared->frags[i].page +
|
|
skb_shared->frags[i].
|
|
page_offset +
|
|
offsetInBytes);
|
|
}
|
|
}
|
|
/*only possible if internal page sizes are set wrong */
|
|
if (offsetInBytes < 0) {
|
|
DPRINTK("%s error processing skbuff page frame "
|
|
"-- offset calculation \n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
}
|
|
/*only possible if internal page sizes are set wrong */
|
|
DPRINTK("%s error processing skbuff page frame "
|
|
"-- ran out of page fragments, remaining offset = %d \n",
|
|
__FUNCTION__, offsetInBytes);
|
|
return NULL;
|
|
|
|
}
|
|
|
|
/* Name : icp_ocfDrvDigestSkbFragListCheck
|
|
*
|
|
* Description : This function is used by icp_ocfDrvSkbuffDigestPointerFind to
|
|
* process the non-linear portion of the skbuff, if the fragmentation type is
|
|
* a linked list
|
|
*
|
|
*/
|
|
static inline uint8_t *icp_ocfDrvDigestSkbFragListCheck(struct sk_buff *skb,
|
|
struct skb_shared_info
|
|
*skb_shared,
|
|
int offsetInBytes,
|
|
uint32_t
|
|
digestSizeInBytes)
|
|
{
|
|
|
|
struct sk_buff *skb_list = skb_shared->frag_list;
|
|
/*check added for readability */
|
|
if (NULL == skb_list) {
|
|
DPRINTK("%s error processing skbuff "
|
|
"-- no more list! \n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
|
|
for (; skb_list; skb_list = skb_list->next) {
|
|
if (NULL == skb_list) {
|
|
DPRINTK("%s error processing skbuff "
|
|
"-- no more list! \n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
|
|
if (offsetInBytes >= skb_list->len) {
|
|
offsetInBytes -= skb_list->len;
|
|
|
|
} else {
|
|
if (offsetInBytes + digestSizeInBytes > skb_list->len) {
|
|
DPRINTK("%s() Auth payload stretches accross "
|
|
"contiguous memory\n", __FUNCTION__);
|
|
return NULL;
|
|
} else {
|
|
return (uint8_t *)
|
|
(skb_list->data + offsetInBytes);
|
|
}
|
|
|
|
}
|
|
|
|
/*This check is only needed if internal skb_list length values
|
|
are set wrong. */
|
|
if (0 > offsetInBytes) {
|
|
DPRINTK("%s() error processing skbuff object -- offset "
|
|
"calculation \n", __FUNCTION__);
|
|
return NULL;
|
|
}
|
|
|
|
}
|
|
|
|
/*catch all for unusual for-loop exit.
|
|
This code should never be reached */
|
|
DPRINTK("%s() Catch-All hit! Process error.\n", __FUNCTION__);
|
|
return NULL;
|
|
}
|