2
0

bn_s390x.c 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. /*
  2. * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "crypto/bn.h"
  10. #include "crypto/s390x_arch.h"
  11. #ifdef S390X_MOD_EXP
  12. # include <sys/types.h>
  13. # include <sys/stat.h>
  14. # include <fcntl.h>
  15. # include <asm/zcrypt.h>
  16. # include <sys/ioctl.h>
  17. # include <unistd.h>
  18. # include <errno.h>
  19. static int s390x_mod_exp_hw(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  20. const BIGNUM *m)
  21. {
  22. struct ica_rsa_modexpo me;
  23. unsigned char *buffer;
  24. size_t size;
  25. int res = 0;
  26. if (OPENSSL_s390xcex == -1)
  27. return 0;
  28. size = BN_num_bytes(m);
  29. buffer = OPENSSL_zalloc(4 * size);
  30. if (buffer == NULL)
  31. return 0;
  32. me.inputdata = buffer;
  33. me.inputdatalength = size;
  34. me.outputdata = buffer + size;
  35. me.outputdatalength = size;
  36. me.b_key = buffer + 2 * size;
  37. me.n_modulus = buffer + 3 * size;
  38. if (BN_bn2binpad(a, me.inputdata, size) == -1
  39. || BN_bn2binpad(p, me.b_key, size) == -1
  40. || BN_bn2binpad(m, me.n_modulus, size) == -1)
  41. goto dealloc;
  42. if (ioctl(OPENSSL_s390xcex, ICARSAMODEXPO, &me) != -1) {
  43. if (BN_bin2bn(me.outputdata, size, r) != NULL)
  44. res = 1;
  45. } else if (errno == EBADF) {
  46. /*-
  47. * In this cases, someone (e.g. a sandbox) closed the fd.
  48. * Make sure to not further use this hardware acceleration.
  49. */
  50. OPENSSL_s390xcex = -1;
  51. }
  52. dealloc:
  53. OPENSSL_clear_free(buffer, 4 * size);
  54. return res;
  55. }
  56. int s390x_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  57. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  58. {
  59. if (s390x_mod_exp_hw(r, a, p, m) == 1)
  60. return 1;
  61. return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
  62. }
  63. int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q,
  64. const BIGNUM *dmp, const BIGNUM *dmq, const BIGNUM *iqmp)
  65. {
  66. struct ica_rsa_modexpo_crt crt;
  67. unsigned char *buffer, *part;
  68. size_t size, plen, qlen;
  69. int res = 0;
  70. if (OPENSSL_s390xcex == -1)
  71. return 0;
  72. /*-
  73. * Hardware-accelerated CRT can only deal with p>q. Fall back to
  74. * software in the (hopefully rare) other cases.
  75. */
  76. if (BN_ucmp(p, q) != 1)
  77. return 0;
  78. plen = BN_num_bytes(p);
  79. qlen = BN_num_bytes(q);
  80. size = (plen > qlen ? plen : qlen);
  81. buffer = OPENSSL_zalloc(9 * size + 24);
  82. if (buffer == NULL)
  83. return 0;
  84. part = buffer;
  85. crt.inputdata = part;
  86. crt.inputdatalength = 2 * size;
  87. part += 2 * size;
  88. crt.outputdata = part;
  89. crt.outputdatalength = 2 * size;
  90. part += 2 * size;
  91. crt.bp_key = part;
  92. part += size + 8;
  93. crt.bq_key = part;
  94. part += size;
  95. crt.np_prime = part;
  96. part += size + 8;
  97. crt.nq_prime = part;
  98. part += size;
  99. crt.u_mult_inv = part;
  100. if (BN_bn2binpad(i, crt.inputdata, crt.inputdatalength) == -1
  101. || BN_bn2binpad(p, crt.np_prime, size + 8) == -1
  102. || BN_bn2binpad(q, crt.nq_prime, size) == -1
  103. || BN_bn2binpad(dmp, crt.bp_key, size + 8) == -1
  104. || BN_bn2binpad(dmq, crt.bq_key, size) == -1
  105. || BN_bn2binpad(iqmp, crt.u_mult_inv, size + 8) == -1)
  106. goto dealloc;
  107. if (ioctl(OPENSSL_s390xcex, ICARSACRT, &crt) != -1) {
  108. if (BN_bin2bn(crt.outputdata, crt.outputdatalength, r) != NULL)
  109. res = 1;
  110. } else if (errno == EBADF) {
  111. /*-
  112. * In this cases, someone (e.g. a sandbox) closed the fd.
  113. * Make sure to not further use this hardware acceleration.
  114. */
  115. OPENSSL_s390xcex = -1;
  116. }
  117. dealloc:
  118. OPENSSL_clear_free(buffer, 9 * size + 24);
  119. return res;
  120. }
  121. #else
  122. int s390x_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  123. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  124. {
  125. return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
  126. }
  127. int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q,
  128. const BIGNUM *dmp, const BIGNUM *dmq, const BIGNUM *iqmp)
  129. {
  130. return 0;
  131. }
  132. #endif