Merge tag 'v5.15.57' into rpi-5.15.y

[platform/kernel/linux-rpi.git] / drivers / usb / host / dwc_common_port / dwc_dh.c

/* =========================================================================
 * $File: //dwh/usb_iip/dev/software/dwc_common_port_2/dwc_dh.c $
 * $Revision: #3 $
 * $Date: 2010/09/28 $
 * $Change: 1596182 $
 *
 * Synopsys Portability Library Software and documentation
 * (hereinafter, "Software") is an Unsupported proprietary work of
 * Synopsys, Inc. unless otherwise expressly agreed to in writing
 * between Synopsys and you.
 *
 * The Software IS NOT an item of Licensed Software or Licensed Product
 * under any End User Software License Agreement or Agreement for
 * Licensed Product with Synopsys or any supplement thereto. You are
 * permitted to use and redistribute this Software in source and binary
 * forms, with or without modification, provided that redistributions
 * of source code must retain this notice. You may not view, use,
 * disclose, copy or distribute this file or any information contained
 * herein except pursuant to this license grant from Synopsys. If you
 * do not agree with this notice, including the disclaimer below, then
 * you are not authorized to use the Software.
 *
 * THIS SOFTWARE IS BEING DISTRIBUTED BY SYNOPSYS SOLELY ON AN "AS IS"
 * BASIS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE HEREBY DISCLAIMED. IN NO EVENT SHALL
 * SYNOPSYS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
 * DAMAGE.
 * ========================================================================= */
#ifdef DWC_CRYPTOLIB

#ifndef CONFIG_MACH_IPMATE

#include "dwc_dh.h"
#include "dwc_modpow.h"

#ifdef DEBUG
/* This function prints out a buffer in the format described in the Association
 * Model specification. */
static void dh_dump(char *str, void *_num, int len)
{
        uint8_t *num = _num;
        int i;
        DWC_PRINTF("%s\n", str);
        for (i = 0; i < len; i ++) {
                DWC_PRINTF("%02x", num[i]);
                if (((i + 1) % 2) == 0) DWC_PRINTF(" ");
                if (((i + 1) % 26) == 0) DWC_PRINTF("\n");
        }

        DWC_PRINTF("\n");
}
#else
#define dh_dump(_x...) do {; } while(0)
#endif

/* Constant g value */
static __u32 dh_g[] = {
        0x02000000,
};

/* Constant p value */
static __u32 dh_p[] = {
        0xFFFFFFFF, 0xFFFFFFFF, 0xA2DA0FC9, 0x34C26821, 0x8B62C6C4, 0xD11CDC80, 0x084E0229, 0x74CC678A,
        0xA6BE0B02, 0x229B133B, 0x79084A51, 0xDD04348E, 0xB31995EF, 0x1B433ACD, 0x6D0A2B30, 0x37145FF2,
        0x6D35E14F, 0x45C2516D, 0x76B585E4, 0xC67E5E62, 0xE9424CF4, 0x6BED37A6, 0xB65CFF0B, 0xEDB706F4,
        0xFB6B38EE, 0xA59F895A, 0x11249FAE, 0xE61F4B7C, 0x51662849, 0x3D5BE4EC, 0xB87C00C2, 0x05BF63A1,
        0x3648DA98, 0x9AD3551C, 0xA83F1669, 0x5FCF24FD, 0x235D6583, 0x96ADA3DC, 0x56F3621C, 0xBB528520,
        0x0729D59E, 0x6D969670, 0x4E350C67, 0x0498BC4A, 0x086C74F1, 0x7C2118CA, 0x465E9032, 0x3BCE362E,
        0x2C779EE3, 0x03860E18, 0xA283279B, 0x8FA207EC, 0xF05DC5B5, 0xC9524C6F, 0xF6CB2BDE, 0x18175895,
        0x7C499539, 0xE56A95EA, 0x1826D215, 0x1005FA98, 0x5A8E7215, 0x2DC4AA8A, 0x0D1733AD, 0x337A5004,
        0xAB2155A8, 0x64BA1CDF, 0x0485FBEC, 0x0AEFDB58, 0x5771EA8A, 0x7D0C065D, 0x850F97B3, 0xC7E4E1A6,
        0x8CAEF5AB, 0xD73309DB, 0xE0948C1E, 0x9D61254A, 0x26D2E3CE, 0x6BEED21A, 0x06FA2FF1, 0x64088AD9,
        0x730276D8, 0x646AC83E, 0x182B1F52, 0x0C207B17, 0x5717E1BB, 0x6C5D617A, 0xC0880977, 0xE246D9BA,
        0xA04FE208, 0x31ABE574, 0xFC5BDB43, 0x8E10FDE0, 0x20D1824B, 0xCAD23AA9, 0xFFFFFFFF, 0xFFFFFFFF,
};

static void dh_swap_bytes(void *_in, void *_out, uint32_t len)
{
        uint8_t *in = _in;
        uint8_t *out = _out;
        int i;
        for (i=0; i<len; i++) {
                out[i] = in[len-1-i];
        }
}

/* Computes the modular exponentiation (num^exp % mod).  num, exp, and mod are
 * big endian numbers of size len, in bytes.  Each len value must be a multiple
 * of 4. */
int dwc_dh_modpow(void *mem_ctx, void *num, uint32_t num_len,
                  void *exp, uint32_t exp_len,
                  void *mod, uint32_t mod_len,
                  void *out)
{
        /* modpow() takes little endian numbers.  AM uses big-endian.  This
         * function swaps bytes of numbers before passing onto modpow. */

        int retval = 0;
        uint32_t *result;

        uint32_t *bignum_num = dwc_alloc(mem_ctx, num_len + 4);
        uint32_t *bignum_exp = dwc_alloc(mem_ctx, exp_len + 4);
        uint32_t *bignum_mod = dwc_alloc(mem_ctx, mod_len + 4);

        dh_swap_bytes(num, &bignum_num[1], num_len);
        bignum_num[0] = num_len / 4;

        dh_swap_bytes(exp, &bignum_exp[1], exp_len);
        bignum_exp[0] = exp_len / 4;

        dh_swap_bytes(mod, &bignum_mod[1], mod_len);
        bignum_mod[0] = mod_len / 4;

        result = dwc_modpow(mem_ctx, bignum_num, bignum_exp, bignum_mod);
        if (!result) {
                retval = -1;
                goto dh_modpow_nomem;
        }

        dh_swap_bytes(&result[1], out, result[0] * 4);
        dwc_free(mem_ctx, result);

 dh_modpow_nomem:
        dwc_free(mem_ctx, bignum_num);
        dwc_free(mem_ctx, bignum_exp);
        dwc_free(mem_ctx, bignum_mod);
        return retval;
}


int dwc_dh_pk(void *mem_ctx, uint8_t nd, uint8_t *exp, uint8_t *pk, uint8_t *hash)
{
        int retval;
        uint8_t m3[385];

#ifndef DH_TEST_VECTORS
        DWC_RANDOM_BYTES(exp, 32);
#endif

        /* Compute the pkd */
        if ((retval = dwc_dh_modpow(mem_ctx, dh_g, 4,
                                    exp, 32,
                                    dh_p, 384, pk))) {
                return retval;
        }

        m3[384] = nd;
        DWC_MEMCPY(&m3[0], pk, 384);
        DWC_SHA256(m3, 385, hash);

        dh_dump("PK", pk, 384);
        dh_dump("SHA-256(M3)", hash, 32);
        return 0;
}

int dwc_dh_derive_keys(void *mem_ctx, uint8_t nd, uint8_t *pkh, uint8_t *pkd,
                       uint8_t *exp, int is_host,
                       char *dd, uint8_t *ck, uint8_t *kdk)
{
        int retval;
        uint8_t mv[784];
        uint8_t sha_result[32];
        uint8_t dhkey[384];
        uint8_t shared_secret[384];
        char *message;
        uint32_t vd;

        uint8_t *pk;

        if (is_host) {
                pk = pkd;
        }
        else {
                pk = pkh;
        }

        if ((retval = dwc_dh_modpow(mem_ctx, pk, 384,
                                    exp, 32,
                                    dh_p, 384, shared_secret))) {
                return retval;
        }
        dh_dump("Shared Secret", shared_secret, 384);

        DWC_SHA256(shared_secret, 384, dhkey);
        dh_dump("DHKEY", dhkey, 384);

        DWC_MEMCPY(&mv[0], pkd, 384);
        DWC_MEMCPY(&mv[384], pkh, 384);
        DWC_MEMCPY(&mv[768], "displayed digest", 16);
        dh_dump("MV", mv, 784);

        DWC_SHA256(mv, 784, sha_result);
        dh_dump("SHA-256(MV)", sha_result, 32);
        dh_dump("First 32-bits of SHA-256(MV)", sha_result, 4);

        dh_swap_bytes(sha_result, &vd, 4);
#ifdef DEBUG
        DWC_PRINTF("Vd (decimal) = %d\n", vd);
#endif

        switch (nd) {
        case 2:
                vd = vd % 100;
                DWC_SPRINTF(dd, "%02d", vd);
                break;
        case 3:
                vd = vd % 1000;
                DWC_SPRINTF(dd, "%03d", vd);
                break;
        case 4:
                vd = vd % 10000;
                DWC_SPRINTF(dd, "%04d", vd);
                break;
        }
#ifdef DEBUG
        DWC_PRINTF("Display Digits: %s\n", dd);
#endif

        message = "connection key";
        DWC_HMAC_SHA256(message, DWC_STRLEN(message), dhkey, 32, sha_result);
        dh_dump("HMAC(SHA-256, DHKey, connection key)", sha_result, 32);
        DWC_MEMCPY(ck, sha_result, 16);

        message = "key derivation key";
        DWC_HMAC_SHA256(message, DWC_STRLEN(message), dhkey, 32, sha_result);
        dh_dump("HMAC(SHA-256, DHKey, key derivation key)", sha_result, 32);
        DWC_MEMCPY(kdk, sha_result, 32);

        return 0;
}


#ifdef DH_TEST_VECTORS

static __u8 dh_a[] = {
        0x44, 0x00, 0x51, 0xd6,
        0xf0, 0xb5, 0x5e, 0xa9,
        0x67, 0xab, 0x31, 0xc6,
        0x8a, 0x8b, 0x5e, 0x37,
        0xd9, 0x10, 0xda, 0xe0,
        0xe2, 0xd4, 0x59, 0xa4,
        0x86, 0x45, 0x9c, 0xaa,
        0xdf, 0x36, 0x75, 0x16,
};

static __u8 dh_b[] = {
        0x5d, 0xae, 0xc7, 0x86,
        0x79, 0x80, 0xa3, 0x24,
        0x8c, 0xe3, 0x57, 0x8f,
        0xc7, 0x5f, 0x1b, 0x0f,
        0x2d, 0xf8, 0x9d, 0x30,
        0x6f, 0xa4, 0x52, 0xcd,
        0xe0, 0x7a, 0x04, 0x8a,
        0xde, 0xd9, 0x26, 0x56,
};

void dwc_run_dh_test_vectors(void *mem_ctx)
{
        uint8_t pkd[384];
        uint8_t pkh[384];
        uint8_t hashd[32];
        uint8_t hashh[32];
        uint8_t ck[16];
        uint8_t kdk[32];
        char dd[5];

        DWC_PRINTF("\n\n\nDH_TEST_VECTORS\n\n");

        /* compute the PKd and SHA-256(PKd || Nd) */
        DWC_PRINTF("Computing PKd\n");
        dwc_dh_pk(mem_ctx, 2, dh_a, pkd, hashd);

        /* compute the PKd and SHA-256(PKh || Nd) */
        DWC_PRINTF("Computing PKh\n");
        dwc_dh_pk(mem_ctx, 2, dh_b, pkh, hashh);

        /* compute the dhkey */
        dwc_dh_derive_keys(mem_ctx, 2, pkh, pkd, dh_a, 0, dd, ck, kdk);
}
#endif /* DH_TEST_VECTORS */

#endif /* !CONFIG_MACH_IPMATE */

#endif /* DWC_CRYPTOLIB */