1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
4 #include <linux/kernel.h>
5 #include <linux/module.h>
6 #include <crypto/algapi.h>
7 #include <crypto/internal/skcipher.h>
8 #include <crypto/des.h>
9 #include <crypto/xts.h>
10 #include <crypto/scatterwalk.h>
12 #include "cc_driver.h"
13 #include "cc_lli_defs.h"
14 #include "cc_buffer_mgr.h"
15 #include "cc_cipher.h"
16 #include "cc_request_mgr.h"
18 #define MAX_ABLKCIPHER_SEQ_LEN 6
20 #define template_skcipher template_u.skcipher
22 #define CC_MIN_AES_XTS_SIZE 0x10
23 #define CC_MAX_AES_XTS_SIZE 0x2000
24 struct cc_cipher_handle
{
25 struct list_head alg_list
;
28 struct cc_user_key_info
{
30 dma_addr_t key_dma_addr
;
33 struct cc_hw_key_info
{
34 enum cc_hw_crypto_key key1_slot
;
35 enum cc_hw_crypto_key key2_slot
;
38 struct cc_cipher_ctx
{
39 struct cc_drvdata
*drvdata
;
45 struct cc_user_key_info user
;
46 struct cc_hw_key_info hw
;
47 struct crypto_shash
*shash_tfm
;
50 static void cc_cipher_complete(struct device
*dev
, void *cc_req
, int err
);
52 static int validate_keys_sizes(struct cc_cipher_ctx
*ctx_p
, u32 size
)
54 switch (ctx_p
->flow_mode
) {
57 case CC_AES_128_BIT_KEY_SIZE
:
58 case CC_AES_192_BIT_KEY_SIZE
:
59 if (ctx_p
->cipher_mode
!= DRV_CIPHER_XTS
&&
60 ctx_p
->cipher_mode
!= DRV_CIPHER_ESSIV
&&
61 ctx_p
->cipher_mode
!= DRV_CIPHER_BITLOCKER
)
64 case CC_AES_256_BIT_KEY_SIZE
:
66 case (CC_AES_192_BIT_KEY_SIZE
* 2):
67 case (CC_AES_256_BIT_KEY_SIZE
* 2):
68 if (ctx_p
->cipher_mode
== DRV_CIPHER_XTS
||
69 ctx_p
->cipher_mode
== DRV_CIPHER_ESSIV
||
70 ctx_p
->cipher_mode
== DRV_CIPHER_BITLOCKER
)
77 if (size
== DES3_EDE_KEY_SIZE
|| size
== DES_KEY_SIZE
)
86 static int validate_data_size(struct cc_cipher_ctx
*ctx_p
,
89 switch (ctx_p
->flow_mode
) {
91 switch (ctx_p
->cipher_mode
) {
93 if (size
>= CC_MIN_AES_XTS_SIZE
&&
94 size
<= CC_MAX_AES_XTS_SIZE
&&
95 IS_ALIGNED(size
, AES_BLOCK_SIZE
))
98 case DRV_CIPHER_CBC_CTS
:
99 if (size
>= AES_BLOCK_SIZE
)
107 case DRV_CIPHER_ESSIV
:
108 case DRV_CIPHER_BITLOCKER
:
109 if (IS_ALIGNED(size
, AES_BLOCK_SIZE
))
117 if (IS_ALIGNED(size
, DES_BLOCK_SIZE
))
126 static int cc_cipher_init(struct crypto_tfm
*tfm
)
128 struct cc_cipher_ctx
*ctx_p
= crypto_tfm_ctx(tfm
);
129 struct cc_crypto_alg
*cc_alg
=
130 container_of(tfm
->__crt_alg
, struct cc_crypto_alg
,
132 struct device
*dev
= drvdata_to_dev(cc_alg
->drvdata
);
133 unsigned int max_key_buf_size
= cc_alg
->skcipher_alg
.max_keysize
;
136 dev_dbg(dev
, "Initializing context @%p for %s\n", ctx_p
,
137 crypto_tfm_alg_name(tfm
));
139 crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm
),
140 sizeof(struct cipher_req_ctx
));
142 ctx_p
->cipher_mode
= cc_alg
->cipher_mode
;
143 ctx_p
->flow_mode
= cc_alg
->flow_mode
;
144 ctx_p
->drvdata
= cc_alg
->drvdata
;
146 /* Allocate key buffer, cache line aligned */
147 ctx_p
->user
.key
= kmalloc(max_key_buf_size
, GFP_KERNEL
);
148 if (!ctx_p
->user
.key
)
151 dev_dbg(dev
, "Allocated key buffer in context. key=@%p\n",
155 ctx_p
->user
.key_dma_addr
= dma_map_single(dev
, (void *)ctx_p
->user
.key
,
158 if (dma_mapping_error(dev
, ctx_p
->user
.key_dma_addr
)) {
159 dev_err(dev
, "Mapping Key %u B at va=%pK for DMA failed\n",
160 max_key_buf_size
, ctx_p
->user
.key
);
163 dev_dbg(dev
, "Mapped key %u B at va=%pK to dma=%pad\n",
164 max_key_buf_size
, ctx_p
->user
.key
, &ctx_p
->user
.key_dma_addr
);
166 if (ctx_p
->cipher_mode
== DRV_CIPHER_ESSIV
) {
167 /* Alloc hash tfm for essiv */
168 ctx_p
->shash_tfm
= crypto_alloc_shash("sha256-generic", 0, 0);
169 if (IS_ERR(ctx_p
->shash_tfm
)) {
170 dev_err(dev
, "Error allocating hash tfm for ESSIV.\n");
171 return PTR_ERR(ctx_p
->shash_tfm
);
178 static void cc_cipher_exit(struct crypto_tfm
*tfm
)
180 struct crypto_alg
*alg
= tfm
->__crt_alg
;
181 struct cc_crypto_alg
*cc_alg
=
182 container_of(alg
, struct cc_crypto_alg
,
184 unsigned int max_key_buf_size
= cc_alg
->skcipher_alg
.max_keysize
;
185 struct cc_cipher_ctx
*ctx_p
= crypto_tfm_ctx(tfm
);
186 struct device
*dev
= drvdata_to_dev(ctx_p
->drvdata
);
188 dev_dbg(dev
, "Clearing context @%p for %s\n",
189 crypto_tfm_ctx(tfm
), crypto_tfm_alg_name(tfm
));
191 if (ctx_p
->cipher_mode
== DRV_CIPHER_ESSIV
) {
192 /* Free hash tfm for essiv */
193 crypto_free_shash(ctx_p
->shash_tfm
);
194 ctx_p
->shash_tfm
= NULL
;
197 /* Unmap key buffer */
198 dma_unmap_single(dev
, ctx_p
->user
.key_dma_addr
, max_key_buf_size
,
200 dev_dbg(dev
, "Unmapped key buffer key_dma_addr=%pad\n",
201 &ctx_p
->user
.key_dma_addr
);
203 /* Free key buffer in context */
204 kzfree(ctx_p
->user
.key
);
205 dev_dbg(dev
, "Free key buffer in context. key=@%p\n", ctx_p
->user
.key
);
209 u8 key1
[DES_KEY_SIZE
];
210 u8 key2
[DES_KEY_SIZE
];
211 u8 key3
[DES_KEY_SIZE
];
214 static enum cc_hw_crypto_key
hw_key_to_cc_hw_key(int slot_num
)
229 static int cc_cipher_setkey(struct crypto_skcipher
*sktfm
, const u8
*key
,
232 struct crypto_tfm
*tfm
= crypto_skcipher_tfm(sktfm
);
233 struct cc_cipher_ctx
*ctx_p
= crypto_tfm_ctx(tfm
);
234 struct device
*dev
= drvdata_to_dev(ctx_p
->drvdata
);
235 u32 tmp
[DES3_EDE_EXPKEY_WORDS
];
236 struct cc_crypto_alg
*cc_alg
=
237 container_of(tfm
->__crt_alg
, struct cc_crypto_alg
,
239 unsigned int max_key_buf_size
= cc_alg
->skcipher_alg
.max_keysize
;
241 dev_dbg(dev
, "Setting key in context @%p for %s. keylen=%u\n",
242 ctx_p
, crypto_tfm_alg_name(tfm
), keylen
);
243 dump_byte_array("key", (u8
*)key
, keylen
);
245 /* STAT_PHASE_0: Init and sanity checks */
247 if (validate_keys_sizes(ctx_p
, keylen
)) {
248 dev_err(dev
, "Unsupported key size %d.\n", keylen
);
249 crypto_tfm_set_flags(tfm
, CRYPTO_TFM_RES_BAD_KEY_LEN
);
253 if (cc_is_hw_key(tfm
)) {
254 /* setting HW key slots */
255 struct arm_hw_key_info
*hki
= (struct arm_hw_key_info
*)key
;
257 if (ctx_p
->flow_mode
!= S_DIN_to_AES
) {
258 dev_err(dev
, "HW key not supported for non-AES flows\n");
262 ctx_p
->hw
.key1_slot
= hw_key_to_cc_hw_key(hki
->hw_key1
);
263 if (ctx_p
->hw
.key1_slot
== END_OF_KEYS
) {
264 dev_err(dev
, "Unsupported hw key1 number (%d)\n",
269 if (ctx_p
->cipher_mode
== DRV_CIPHER_XTS
||
270 ctx_p
->cipher_mode
== DRV_CIPHER_ESSIV
||
271 ctx_p
->cipher_mode
== DRV_CIPHER_BITLOCKER
) {
272 if (hki
->hw_key1
== hki
->hw_key2
) {
273 dev_err(dev
, "Illegal hw key numbers (%d,%d)\n",
274 hki
->hw_key1
, hki
->hw_key2
);
277 ctx_p
->hw
.key2_slot
=
278 hw_key_to_cc_hw_key(hki
->hw_key2
);
279 if (ctx_p
->hw
.key2_slot
== END_OF_KEYS
) {
280 dev_err(dev
, "Unsupported hw key2 number (%d)\n",
286 ctx_p
->keylen
= keylen
;
287 dev_dbg(dev
, "cc_is_hw_key ret 0");
293 * Verify DES weak keys
294 * Note that we're dropping the expanded key since the
295 * HW does the expansion on its own.
297 if (ctx_p
->flow_mode
== S_DIN_to_DES
) {
298 if (keylen
== DES3_EDE_KEY_SIZE
&&
299 __des3_ede_setkey(tmp
, &tfm
->crt_flags
, key
,
300 DES3_EDE_KEY_SIZE
)) {
301 dev_dbg(dev
, "weak 3DES key");
303 } else if (!des_ekey(tmp
, key
) &&
304 (crypto_tfm_get_flags(tfm
) & CRYPTO_TFM_REQ_WEAK_KEY
)) {
305 tfm
->crt_flags
|= CRYPTO_TFM_RES_WEAK_KEY
;
306 dev_dbg(dev
, "weak DES key");
311 if (ctx_p
->cipher_mode
== DRV_CIPHER_XTS
&&
312 xts_check_key(tfm
, key
, keylen
)) {
313 dev_dbg(dev
, "weak XTS key");
317 /* STAT_PHASE_1: Copy key to ctx */
318 dma_sync_single_for_cpu(dev
, ctx_p
->user
.key_dma_addr
,
319 max_key_buf_size
, DMA_TO_DEVICE
);
321 memcpy(ctx_p
->user
.key
, key
, keylen
);
323 memset(ctx_p
->user
.key
+ 24, 0, CC_AES_KEY_SIZE_MAX
- 24);
325 if (ctx_p
->cipher_mode
== DRV_CIPHER_ESSIV
) {
326 /* sha256 for key2 - use sw implementation */
327 int key_len
= keylen
>> 1;
330 SHASH_DESC_ON_STACK(desc
, ctx_p
->shash_tfm
);
332 desc
->tfm
= ctx_p
->shash_tfm
;
334 err
= crypto_shash_digest(desc
, ctx_p
->user
.key
, key_len
,
335 ctx_p
->user
.key
+ key_len
);
337 dev_err(dev
, "Failed to hash ESSIV key.\n");
341 dma_sync_single_for_device(dev
, ctx_p
->user
.key_dma_addr
,
342 max_key_buf_size
, DMA_TO_DEVICE
);
343 ctx_p
->keylen
= keylen
;
345 dev_dbg(dev
, "return safely");
349 static void cc_setup_cipher_desc(struct crypto_tfm
*tfm
,
350 struct cipher_req_ctx
*req_ctx
,
351 unsigned int ivsize
, unsigned int nbytes
,
352 struct cc_hw_desc desc
[],
353 unsigned int *seq_size
)
355 struct cc_cipher_ctx
*ctx_p
= crypto_tfm_ctx(tfm
);
356 struct device
*dev
= drvdata_to_dev(ctx_p
->drvdata
);
357 int cipher_mode
= ctx_p
->cipher_mode
;
358 int flow_mode
= ctx_p
->flow_mode
;
359 int direction
= req_ctx
->gen_ctx
.op_type
;
360 dma_addr_t key_dma_addr
= ctx_p
->user
.key_dma_addr
;
361 unsigned int key_len
= ctx_p
->keylen
;
362 dma_addr_t iv_dma_addr
= req_ctx
->gen_ctx
.iv_dma_addr
;
363 unsigned int du_size
= nbytes
;
365 struct cc_crypto_alg
*cc_alg
=
366 container_of(tfm
->__crt_alg
, struct cc_crypto_alg
,
369 if (cc_alg
->data_unit
)
370 du_size
= cc_alg
->data_unit
;
372 switch (cipher_mode
) {
374 case DRV_CIPHER_CBC_CTS
:
377 /* Load cipher state */
378 hw_desc_init(&desc
[*seq_size
]);
379 set_din_type(&desc
[*seq_size
], DMA_DLLI
, iv_dma_addr
, ivsize
,
381 set_cipher_config0(&desc
[*seq_size
], direction
);
382 set_flow_mode(&desc
[*seq_size
], flow_mode
);
383 set_cipher_mode(&desc
[*seq_size
], cipher_mode
);
384 if (cipher_mode
== DRV_CIPHER_CTR
||
385 cipher_mode
== DRV_CIPHER_OFB
) {
386 set_setup_mode(&desc
[*seq_size
], SETUP_LOAD_STATE1
);
388 set_setup_mode(&desc
[*seq_size
], SETUP_LOAD_STATE0
);
394 hw_desc_init(&desc
[*seq_size
]);
395 set_cipher_mode(&desc
[*seq_size
], cipher_mode
);
396 set_cipher_config0(&desc
[*seq_size
], direction
);
397 if (flow_mode
== S_DIN_to_AES
) {
398 if (cc_is_hw_key(tfm
)) {
399 set_hw_crypto_key(&desc
[*seq_size
],
400 ctx_p
->hw
.key1_slot
);
402 set_din_type(&desc
[*seq_size
], DMA_DLLI
,
403 key_dma_addr
, ((key_len
== 24) ?
407 set_key_size_aes(&desc
[*seq_size
], key_len
);
410 set_din_type(&desc
[*seq_size
], DMA_DLLI
, key_dma_addr
,
412 set_key_size_des(&desc
[*seq_size
], key_len
);
414 set_flow_mode(&desc
[*seq_size
], flow_mode
);
415 set_setup_mode(&desc
[*seq_size
], SETUP_LOAD_KEY0
);
419 case DRV_CIPHER_ESSIV
:
420 case DRV_CIPHER_BITLOCKER
:
422 hw_desc_init(&desc
[*seq_size
]);
423 set_cipher_mode(&desc
[*seq_size
], cipher_mode
);
424 set_cipher_config0(&desc
[*seq_size
], direction
);
425 if (cc_is_hw_key(tfm
)) {
426 set_hw_crypto_key(&desc
[*seq_size
],
427 ctx_p
->hw
.key1_slot
);
429 set_din_type(&desc
[*seq_size
], DMA_DLLI
, key_dma_addr
,
430 (key_len
/ 2), NS_BIT
);
432 set_key_size_aes(&desc
[*seq_size
], (key_len
/ 2));
433 set_flow_mode(&desc
[*seq_size
], flow_mode
);
434 set_setup_mode(&desc
[*seq_size
], SETUP_LOAD_KEY0
);
438 hw_desc_init(&desc
[*seq_size
]);
439 set_cipher_mode(&desc
[*seq_size
], cipher_mode
);
440 set_cipher_config0(&desc
[*seq_size
], direction
);
441 if (cc_is_hw_key(tfm
)) {
442 set_hw_crypto_key(&desc
[*seq_size
],
443 ctx_p
->hw
.key2_slot
);
445 set_din_type(&desc
[*seq_size
], DMA_DLLI
,
446 (key_dma_addr
+ (key_len
/ 2)),
447 (key_len
/ 2), NS_BIT
);
449 set_xex_data_unit_size(&desc
[*seq_size
], du_size
);
450 set_flow_mode(&desc
[*seq_size
], S_DIN_to_AES2
);
451 set_key_size_aes(&desc
[*seq_size
], (key_len
/ 2));
452 set_setup_mode(&desc
[*seq_size
], SETUP_LOAD_XEX_KEY
);
456 hw_desc_init(&desc
[*seq_size
]);
457 set_setup_mode(&desc
[*seq_size
], SETUP_LOAD_STATE1
);
458 set_cipher_mode(&desc
[*seq_size
], cipher_mode
);
459 set_cipher_config0(&desc
[*seq_size
], direction
);
460 set_key_size_aes(&desc
[*seq_size
], (key_len
/ 2));
461 set_flow_mode(&desc
[*seq_size
], flow_mode
);
462 set_din_type(&desc
[*seq_size
], DMA_DLLI
, iv_dma_addr
,
463 CC_AES_BLOCK_SIZE
, NS_BIT
);
467 dev_err(dev
, "Unsupported cipher mode (%d)\n", cipher_mode
);
471 static void cc_setup_cipher_data(struct crypto_tfm
*tfm
,
472 struct cipher_req_ctx
*req_ctx
,
473 struct scatterlist
*dst
,
474 struct scatterlist
*src
, unsigned int nbytes
,
475 void *areq
, struct cc_hw_desc desc
[],
476 unsigned int *seq_size
)
478 struct cc_cipher_ctx
*ctx_p
= crypto_tfm_ctx(tfm
);
479 struct device
*dev
= drvdata_to_dev(ctx_p
->drvdata
);
480 unsigned int flow_mode
= ctx_p
->flow_mode
;
482 switch (ctx_p
->flow_mode
) {
484 flow_mode
= DIN_AES_DOUT
;
487 flow_mode
= DIN_DES_DOUT
;
490 dev_err(dev
, "invalid flow mode, flow_mode = %d\n", flow_mode
);
494 if (req_ctx
->dma_buf_type
== CC_DMA_BUF_DLLI
) {
495 dev_dbg(dev
, " data params addr %pad length 0x%X\n",
496 &sg_dma_address(src
), nbytes
);
497 dev_dbg(dev
, " data params addr %pad length 0x%X\n",
498 &sg_dma_address(dst
), nbytes
);
499 hw_desc_init(&desc
[*seq_size
]);
500 set_din_type(&desc
[*seq_size
], DMA_DLLI
, sg_dma_address(src
),
502 set_dout_dlli(&desc
[*seq_size
], sg_dma_address(dst
),
503 nbytes
, NS_BIT
, (!areq
? 0 : 1));
505 set_queue_last_ind(ctx_p
->drvdata
, &desc
[*seq_size
]);
507 set_flow_mode(&desc
[*seq_size
], flow_mode
);
511 dev_dbg(dev
, " bypass params addr %pad length 0x%X addr 0x%08X\n",
512 &req_ctx
->mlli_params
.mlli_dma_addr
,
513 req_ctx
->mlli_params
.mlli_len
,
514 (unsigned int)ctx_p
->drvdata
->mlli_sram_addr
);
515 hw_desc_init(&desc
[*seq_size
]);
516 set_din_type(&desc
[*seq_size
], DMA_DLLI
,
517 req_ctx
->mlli_params
.mlli_dma_addr
,
518 req_ctx
->mlli_params
.mlli_len
, NS_BIT
);
519 set_dout_sram(&desc
[*seq_size
],
520 ctx_p
->drvdata
->mlli_sram_addr
,
521 req_ctx
->mlli_params
.mlli_len
);
522 set_flow_mode(&desc
[*seq_size
], BYPASS
);
525 hw_desc_init(&desc
[*seq_size
]);
526 set_din_type(&desc
[*seq_size
], DMA_MLLI
,
527 ctx_p
->drvdata
->mlli_sram_addr
,
528 req_ctx
->in_mlli_nents
, NS_BIT
);
529 if (req_ctx
->out_nents
== 0) {
530 dev_dbg(dev
, " din/dout params addr 0x%08X addr 0x%08X\n",
531 (unsigned int)ctx_p
->drvdata
->mlli_sram_addr
,
532 (unsigned int)ctx_p
->drvdata
->mlli_sram_addr
);
533 set_dout_mlli(&desc
[*seq_size
],
534 ctx_p
->drvdata
->mlli_sram_addr
,
535 req_ctx
->in_mlli_nents
, NS_BIT
,
538 dev_dbg(dev
, " din/dout params addr 0x%08X addr 0x%08X\n",
539 (unsigned int)ctx_p
->drvdata
->mlli_sram_addr
,
540 (unsigned int)ctx_p
->drvdata
->mlli_sram_addr
+
541 (u32
)LLI_ENTRY_BYTE_SIZE
* req_ctx
->in_nents
);
542 set_dout_mlli(&desc
[*seq_size
],
543 (ctx_p
->drvdata
->mlli_sram_addr
+
544 (LLI_ENTRY_BYTE_SIZE
*
545 req_ctx
->in_mlli_nents
)),
546 req_ctx
->out_mlli_nents
, NS_BIT
,
550 set_queue_last_ind(ctx_p
->drvdata
, &desc
[*seq_size
]);
552 set_flow_mode(&desc
[*seq_size
], flow_mode
);
557 static void cc_cipher_complete(struct device
*dev
, void *cc_req
, int err
)
559 struct skcipher_request
*req
= (struct skcipher_request
*)cc_req
;
560 struct scatterlist
*dst
= req
->dst
;
561 struct scatterlist
*src
= req
->src
;
562 struct cipher_req_ctx
*req_ctx
= skcipher_request_ctx(req
);
563 struct crypto_skcipher
*tfm
= crypto_skcipher_reqtfm(req
);
564 unsigned int ivsize
= crypto_skcipher_ivsize(tfm
);
566 cc_unmap_cipher_request(dev
, req_ctx
, ivsize
, src
, dst
);
570 * The crypto API expects us to set the req->iv to the last
571 * ciphertext block. For encrypt, simply copy from the result.
572 * For decrypt, we must copy from a saved buffer since this
573 * could be an in-place decryption operation and the src is
574 * lost by this point.
576 if (req_ctx
->gen_ctx
.op_type
== DRV_CRYPTO_DIRECTION_DECRYPT
) {
577 memcpy(req
->iv
, req_ctx
->backup_info
, ivsize
);
578 kzfree(req_ctx
->backup_info
);
580 scatterwalk_map_and_copy(req
->iv
, req
->dst
,
581 (req
->cryptlen
- ivsize
),
585 skcipher_request_complete(req
, err
);
588 static int cc_cipher_process(struct skcipher_request
*req
,
589 enum drv_crypto_direction direction
)
591 struct crypto_skcipher
*sk_tfm
= crypto_skcipher_reqtfm(req
);
592 struct crypto_tfm
*tfm
= crypto_skcipher_tfm(sk_tfm
);
593 struct cipher_req_ctx
*req_ctx
= skcipher_request_ctx(req
);
594 unsigned int ivsize
= crypto_skcipher_ivsize(sk_tfm
);
595 struct scatterlist
*dst
= req
->dst
;
596 struct scatterlist
*src
= req
->src
;
597 unsigned int nbytes
= req
->cryptlen
;
599 struct cc_cipher_ctx
*ctx_p
= crypto_tfm_ctx(tfm
);
600 struct device
*dev
= drvdata_to_dev(ctx_p
->drvdata
);
601 struct cc_hw_desc desc
[MAX_ABLKCIPHER_SEQ_LEN
];
602 struct cc_crypto_req cc_req
= {};
603 int rc
, cts_restore_flag
= 0;
604 unsigned int seq_len
= 0;
605 gfp_t flags
= cc_gfp_flags(&req
->base
);
607 dev_dbg(dev
, "%s req=%p iv=%p nbytes=%d\n",
608 ((direction
== DRV_CRYPTO_DIRECTION_ENCRYPT
) ?
609 "Encrypt" : "Decrypt"), req
, iv
, nbytes
);
611 /* STAT_PHASE_0: Init and sanity checks */
613 /* TODO: check data length according to mode */
614 if (validate_data_size(ctx_p
, nbytes
)) {
615 dev_err(dev
, "Unsupported data size %d.\n", nbytes
);
616 crypto_tfm_set_flags(tfm
, CRYPTO_TFM_RES_BAD_BLOCK_LEN
);
621 /* No data to process is valid */
626 /* The IV we are handed may be allocted from the stack so
627 * we must copy it to a DMAable buffer before use.
629 req_ctx
->iv
= kmemdup(iv
, ivsize
, flags
);
635 /*For CTS in case of data size aligned to 16 use CBC mode*/
636 if (((nbytes
% AES_BLOCK_SIZE
) == 0) &&
637 ctx_p
->cipher_mode
== DRV_CIPHER_CBC_CTS
) {
638 ctx_p
->cipher_mode
= DRV_CIPHER_CBC
;
639 cts_restore_flag
= 1;
642 /* Setup request structure */
643 cc_req
.user_cb
= (void *)cc_cipher_complete
;
644 cc_req
.user_arg
= (void *)req
;
646 #ifdef ENABLE_CYCLE_COUNT
647 cc_req
.op_type
= (direction
== DRV_CRYPTO_DIRECTION_DECRYPT
) ?
648 STAT_OP_TYPE_DECODE
: STAT_OP_TYPE_ENCODE
;
652 /* Setup request context */
653 req_ctx
->gen_ctx
.op_type
= direction
;
655 /* STAT_PHASE_1: Map buffers */
657 rc
= cc_map_cipher_request(ctx_p
->drvdata
, req_ctx
, ivsize
, nbytes
,
658 req_ctx
->iv
, src
, dst
, flags
);
660 dev_err(dev
, "map_request() failed\n");
664 /* STAT_PHASE_2: Create sequence */
666 /* Setup processing */
667 cc_setup_cipher_desc(tfm
, req_ctx
, ivsize
, nbytes
, desc
, &seq_len
);
668 /* Data processing */
669 cc_setup_cipher_data(tfm
, req_ctx
, dst
, src
, nbytes
, req
, desc
,
672 /* do we need to generate IV? */
673 if (req_ctx
->is_giv
) {
674 cc_req
.ivgen_dma_addr
[0] = req_ctx
->gen_ctx
.iv_dma_addr
;
675 cc_req
.ivgen_dma_addr_len
= 1;
676 /* set the IV size (8/16 B long)*/
677 cc_req
.ivgen_size
= ivsize
;
680 /* STAT_PHASE_3: Lock HW and push sequence */
682 rc
= cc_send_request(ctx_p
->drvdata
, &cc_req
, desc
, seq_len
,
684 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
) {
685 /* Failed to send the request or request completed
688 cc_unmap_cipher_request(dev
, req_ctx
, ivsize
, src
, dst
);
692 if (cts_restore_flag
)
693 ctx_p
->cipher_mode
= DRV_CIPHER_CBC_CTS
;
695 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
) {
696 kzfree(req_ctx
->backup_info
);
703 static int cc_cipher_encrypt(struct skcipher_request
*req
)
705 struct cipher_req_ctx
*req_ctx
= skcipher_request_ctx(req
);
707 req_ctx
->is_giv
= false;
708 req_ctx
->backup_info
= NULL
;
710 return cc_cipher_process(req
, DRV_CRYPTO_DIRECTION_ENCRYPT
);
713 static int cc_cipher_decrypt(struct skcipher_request
*req
)
715 struct crypto_skcipher
*sk_tfm
= crypto_skcipher_reqtfm(req
);
716 struct cipher_req_ctx
*req_ctx
= skcipher_request_ctx(req
);
717 unsigned int ivsize
= crypto_skcipher_ivsize(sk_tfm
);
718 gfp_t flags
= cc_gfp_flags(&req
->base
);
721 * Allocate and save the last IV sized bytes of the source, which will
722 * be lost in case of in-place decryption and might be needed for CTS.
724 req_ctx
->backup_info
= kmalloc(ivsize
, flags
);
725 if (!req_ctx
->backup_info
)
728 scatterwalk_map_and_copy(req_ctx
->backup_info
, req
->src
,
729 (req
->cryptlen
- ivsize
), ivsize
, 0);
730 req_ctx
->is_giv
= false;
732 return cc_cipher_process(req
, DRV_CRYPTO_DIRECTION_DECRYPT
);
735 /* Block cipher alg */
736 static const struct cc_alg_template skcipher_algs
[] = {
739 .driver_name
= "xts-aes-ccree",
740 .blocksize
= AES_BLOCK_SIZE
,
741 .template_skcipher
= {
742 .setkey
= cc_cipher_setkey
,
743 .encrypt
= cc_cipher_encrypt
,
744 .decrypt
= cc_cipher_decrypt
,
745 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
746 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
747 .ivsize
= AES_BLOCK_SIZE
,
749 .cipher_mode
= DRV_CIPHER_XTS
,
750 .flow_mode
= S_DIN_to_AES
,
751 .min_hw_rev
= CC_HW_REV_630
,
754 .name
= "xts512(aes)",
755 .driver_name
= "xts-aes-du512-ccree",
756 .blocksize
= AES_BLOCK_SIZE
,
757 .template_skcipher
= {
758 .setkey
= cc_cipher_setkey
,
759 .encrypt
= cc_cipher_encrypt
,
760 .decrypt
= cc_cipher_decrypt
,
761 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
762 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
763 .ivsize
= AES_BLOCK_SIZE
,
765 .cipher_mode
= DRV_CIPHER_XTS
,
766 .flow_mode
= S_DIN_to_AES
,
768 .min_hw_rev
= CC_HW_REV_712
,
771 .name
= "xts4096(aes)",
772 .driver_name
= "xts-aes-du4096-ccree",
773 .blocksize
= AES_BLOCK_SIZE
,
774 .template_skcipher
= {
775 .setkey
= cc_cipher_setkey
,
776 .encrypt
= cc_cipher_encrypt
,
777 .decrypt
= cc_cipher_decrypt
,
778 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
779 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
780 .ivsize
= AES_BLOCK_SIZE
,
782 .cipher_mode
= DRV_CIPHER_XTS
,
783 .flow_mode
= S_DIN_to_AES
,
785 .min_hw_rev
= CC_HW_REV_712
,
788 .name
= "essiv(aes)",
789 .driver_name
= "essiv-aes-ccree",
790 .blocksize
= AES_BLOCK_SIZE
,
791 .template_skcipher
= {
792 .setkey
= cc_cipher_setkey
,
793 .encrypt
= cc_cipher_encrypt
,
794 .decrypt
= cc_cipher_decrypt
,
795 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
796 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
797 .ivsize
= AES_BLOCK_SIZE
,
799 .cipher_mode
= DRV_CIPHER_ESSIV
,
800 .flow_mode
= S_DIN_to_AES
,
801 .min_hw_rev
= CC_HW_REV_712
,
804 .name
= "essiv512(aes)",
805 .driver_name
= "essiv-aes-du512-ccree",
806 .blocksize
= AES_BLOCK_SIZE
,
807 .template_skcipher
= {
808 .setkey
= cc_cipher_setkey
,
809 .encrypt
= cc_cipher_encrypt
,
810 .decrypt
= cc_cipher_decrypt
,
811 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
812 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
813 .ivsize
= AES_BLOCK_SIZE
,
815 .cipher_mode
= DRV_CIPHER_ESSIV
,
816 .flow_mode
= S_DIN_to_AES
,
818 .min_hw_rev
= CC_HW_REV_712
,
821 .name
= "essiv4096(aes)",
822 .driver_name
= "essiv-aes-du4096-ccree",
823 .blocksize
= AES_BLOCK_SIZE
,
824 .template_skcipher
= {
825 .setkey
= cc_cipher_setkey
,
826 .encrypt
= cc_cipher_encrypt
,
827 .decrypt
= cc_cipher_decrypt
,
828 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
829 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
830 .ivsize
= AES_BLOCK_SIZE
,
832 .cipher_mode
= DRV_CIPHER_ESSIV
,
833 .flow_mode
= S_DIN_to_AES
,
835 .min_hw_rev
= CC_HW_REV_712
,
838 .name
= "bitlocker(aes)",
839 .driver_name
= "bitlocker-aes-ccree",
840 .blocksize
= AES_BLOCK_SIZE
,
841 .template_skcipher
= {
842 .setkey
= cc_cipher_setkey
,
843 .encrypt
= cc_cipher_encrypt
,
844 .decrypt
= cc_cipher_decrypt
,
845 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
846 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
847 .ivsize
= AES_BLOCK_SIZE
,
849 .cipher_mode
= DRV_CIPHER_BITLOCKER
,
850 .flow_mode
= S_DIN_to_AES
,
851 .min_hw_rev
= CC_HW_REV_712
,
854 .name
= "bitlocker512(aes)",
855 .driver_name
= "bitlocker-aes-du512-ccree",
856 .blocksize
= AES_BLOCK_SIZE
,
857 .template_skcipher
= {
858 .setkey
= cc_cipher_setkey
,
859 .encrypt
= cc_cipher_encrypt
,
860 .decrypt
= cc_cipher_decrypt
,
861 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
862 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
863 .ivsize
= AES_BLOCK_SIZE
,
865 .cipher_mode
= DRV_CIPHER_BITLOCKER
,
866 .flow_mode
= S_DIN_to_AES
,
868 .min_hw_rev
= CC_HW_REV_712
,
871 .name
= "bitlocker4096(aes)",
872 .driver_name
= "bitlocker-aes-du4096-ccree",
873 .blocksize
= AES_BLOCK_SIZE
,
874 .template_skcipher
= {
875 .setkey
= cc_cipher_setkey
,
876 .encrypt
= cc_cipher_encrypt
,
877 .decrypt
= cc_cipher_decrypt
,
878 .min_keysize
= AES_MIN_KEY_SIZE
* 2,
879 .max_keysize
= AES_MAX_KEY_SIZE
* 2,
880 .ivsize
= AES_BLOCK_SIZE
,
882 .cipher_mode
= DRV_CIPHER_BITLOCKER
,
883 .flow_mode
= S_DIN_to_AES
,
885 .min_hw_rev
= CC_HW_REV_712
,
889 .driver_name
= "ecb-aes-ccree",
890 .blocksize
= AES_BLOCK_SIZE
,
891 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
892 .template_skcipher
= {
893 .setkey
= cc_cipher_setkey
,
894 .encrypt
= cc_cipher_encrypt
,
895 .decrypt
= cc_cipher_decrypt
,
896 .min_keysize
= AES_MIN_KEY_SIZE
,
897 .max_keysize
= AES_MAX_KEY_SIZE
,
900 .cipher_mode
= DRV_CIPHER_ECB
,
901 .flow_mode
= S_DIN_to_AES
,
902 .min_hw_rev
= CC_HW_REV_630
,
906 .driver_name
= "cbc-aes-ccree",
907 .blocksize
= AES_BLOCK_SIZE
,
908 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
909 .template_skcipher
= {
910 .setkey
= cc_cipher_setkey
,
911 .encrypt
= cc_cipher_encrypt
,
912 .decrypt
= cc_cipher_decrypt
,
913 .min_keysize
= AES_MIN_KEY_SIZE
,
914 .max_keysize
= AES_MAX_KEY_SIZE
,
915 .ivsize
= AES_BLOCK_SIZE
,
917 .cipher_mode
= DRV_CIPHER_CBC
,
918 .flow_mode
= S_DIN_to_AES
,
919 .min_hw_rev
= CC_HW_REV_630
,
923 .driver_name
= "ofb-aes-ccree",
924 .blocksize
= AES_BLOCK_SIZE
,
925 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
926 .template_skcipher
= {
927 .setkey
= cc_cipher_setkey
,
928 .encrypt
= cc_cipher_encrypt
,
929 .decrypt
= cc_cipher_decrypt
,
930 .min_keysize
= AES_MIN_KEY_SIZE
,
931 .max_keysize
= AES_MAX_KEY_SIZE
,
932 .ivsize
= AES_BLOCK_SIZE
,
934 .cipher_mode
= DRV_CIPHER_OFB
,
935 .flow_mode
= S_DIN_to_AES
,
936 .min_hw_rev
= CC_HW_REV_630
,
939 .name
= "cts1(cbc(aes))",
940 .driver_name
= "cts1-cbc-aes-ccree",
941 .blocksize
= AES_BLOCK_SIZE
,
942 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
943 .template_skcipher
= {
944 .setkey
= cc_cipher_setkey
,
945 .encrypt
= cc_cipher_encrypt
,
946 .decrypt
= cc_cipher_decrypt
,
947 .min_keysize
= AES_MIN_KEY_SIZE
,
948 .max_keysize
= AES_MAX_KEY_SIZE
,
949 .ivsize
= AES_BLOCK_SIZE
,
951 .cipher_mode
= DRV_CIPHER_CBC_CTS
,
952 .flow_mode
= S_DIN_to_AES
,
953 .min_hw_rev
= CC_HW_REV_630
,
957 .driver_name
= "ctr-aes-ccree",
959 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
960 .template_skcipher
= {
961 .setkey
= cc_cipher_setkey
,
962 .encrypt
= cc_cipher_encrypt
,
963 .decrypt
= cc_cipher_decrypt
,
964 .min_keysize
= AES_MIN_KEY_SIZE
,
965 .max_keysize
= AES_MAX_KEY_SIZE
,
966 .ivsize
= AES_BLOCK_SIZE
,
968 .cipher_mode
= DRV_CIPHER_CTR
,
969 .flow_mode
= S_DIN_to_AES
,
970 .min_hw_rev
= CC_HW_REV_630
,
973 .name
= "cbc(des3_ede)",
974 .driver_name
= "cbc-3des-ccree",
975 .blocksize
= DES3_EDE_BLOCK_SIZE
,
976 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
977 .template_skcipher
= {
978 .setkey
= cc_cipher_setkey
,
979 .encrypt
= cc_cipher_encrypt
,
980 .decrypt
= cc_cipher_decrypt
,
981 .min_keysize
= DES3_EDE_KEY_SIZE
,
982 .max_keysize
= DES3_EDE_KEY_SIZE
,
983 .ivsize
= DES3_EDE_BLOCK_SIZE
,
985 .cipher_mode
= DRV_CIPHER_CBC
,
986 .flow_mode
= S_DIN_to_DES
,
987 .min_hw_rev
= CC_HW_REV_630
,
990 .name
= "ecb(des3_ede)",
991 .driver_name
= "ecb-3des-ccree",
992 .blocksize
= DES3_EDE_BLOCK_SIZE
,
993 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
994 .template_skcipher
= {
995 .setkey
= cc_cipher_setkey
,
996 .encrypt
= cc_cipher_encrypt
,
997 .decrypt
= cc_cipher_decrypt
,
998 .min_keysize
= DES3_EDE_KEY_SIZE
,
999 .max_keysize
= DES3_EDE_KEY_SIZE
,
1002 .cipher_mode
= DRV_CIPHER_ECB
,
1003 .flow_mode
= S_DIN_to_DES
,
1004 .min_hw_rev
= CC_HW_REV_630
,
1008 .driver_name
= "cbc-des-ccree",
1009 .blocksize
= DES_BLOCK_SIZE
,
1010 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
1011 .template_skcipher
= {
1012 .setkey
= cc_cipher_setkey
,
1013 .encrypt
= cc_cipher_encrypt
,
1014 .decrypt
= cc_cipher_decrypt
,
1015 .min_keysize
= DES_KEY_SIZE
,
1016 .max_keysize
= DES_KEY_SIZE
,
1017 .ivsize
= DES_BLOCK_SIZE
,
1019 .cipher_mode
= DRV_CIPHER_CBC
,
1020 .flow_mode
= S_DIN_to_DES
,
1021 .min_hw_rev
= CC_HW_REV_630
,
1025 .driver_name
= "ecb-des-ccree",
1026 .blocksize
= DES_BLOCK_SIZE
,
1027 .type
= CRYPTO_ALG_TYPE_ABLKCIPHER
,
1028 .template_skcipher
= {
1029 .setkey
= cc_cipher_setkey
,
1030 .encrypt
= cc_cipher_encrypt
,
1031 .decrypt
= cc_cipher_decrypt
,
1032 .min_keysize
= DES_KEY_SIZE
,
1033 .max_keysize
= DES_KEY_SIZE
,
1036 .cipher_mode
= DRV_CIPHER_ECB
,
1037 .flow_mode
= S_DIN_to_DES
,
1038 .min_hw_rev
= CC_HW_REV_630
,
1042 static struct cc_crypto_alg
*cc_create_alg(const struct cc_alg_template
*tmpl
,
1045 struct cc_crypto_alg
*t_alg
;
1046 struct skcipher_alg
*alg
;
1048 t_alg
= kzalloc(sizeof(*t_alg
), GFP_KERNEL
);
1050 return ERR_PTR(-ENOMEM
);
1052 alg
= &t_alg
->skcipher_alg
;
1054 memcpy(alg
, &tmpl
->template_skcipher
, sizeof(*alg
));
1056 snprintf(alg
->base
.cra_name
, CRYPTO_MAX_ALG_NAME
, "%s", tmpl
->name
);
1057 snprintf(alg
->base
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
, "%s",
1059 alg
->base
.cra_module
= THIS_MODULE
;
1060 alg
->base
.cra_priority
= CC_CRA_PRIO
;
1061 alg
->base
.cra_blocksize
= tmpl
->blocksize
;
1062 alg
->base
.cra_alignmask
= 0;
1063 alg
->base
.cra_ctxsize
= sizeof(struct cc_cipher_ctx
);
1065 alg
->base
.cra_init
= cc_cipher_init
;
1066 alg
->base
.cra_exit
= cc_cipher_exit
;
1067 alg
->base
.cra_flags
= CRYPTO_ALG_ASYNC
| CRYPTO_ALG_KERN_DRIVER_ONLY
|
1068 CRYPTO_ALG_TYPE_SKCIPHER
;
1070 t_alg
->cipher_mode
= tmpl
->cipher_mode
;
1071 t_alg
->flow_mode
= tmpl
->flow_mode
;
1072 t_alg
->data_unit
= tmpl
->data_unit
;
1077 int cc_cipher_free(struct cc_drvdata
*drvdata
)
1079 struct cc_crypto_alg
*t_alg
, *n
;
1080 struct cc_cipher_handle
*cipher_handle
= drvdata
->cipher_handle
;
1082 if (cipher_handle
) {
1083 /* Remove registered algs */
1084 list_for_each_entry_safe(t_alg
, n
, &cipher_handle
->alg_list
,
1086 crypto_unregister_skcipher(&t_alg
->skcipher_alg
);
1087 list_del(&t_alg
->entry
);
1090 kfree(cipher_handle
);
1091 drvdata
->cipher_handle
= NULL
;
1096 int cc_cipher_alloc(struct cc_drvdata
*drvdata
)
1098 struct cc_cipher_handle
*cipher_handle
;
1099 struct cc_crypto_alg
*t_alg
;
1100 struct device
*dev
= drvdata_to_dev(drvdata
);
1104 cipher_handle
= kmalloc(sizeof(*cipher_handle
), GFP_KERNEL
);
1108 INIT_LIST_HEAD(&cipher_handle
->alg_list
);
1109 drvdata
->cipher_handle
= cipher_handle
;
1112 dev_dbg(dev
, "Number of algorithms = %zu\n",
1113 ARRAY_SIZE(skcipher_algs
));
1114 for (alg
= 0; alg
< ARRAY_SIZE(skcipher_algs
); alg
++) {
1115 if (skcipher_algs
[alg
].min_hw_rev
> drvdata
->hw_rev
)
1118 dev_dbg(dev
, "creating %s\n", skcipher_algs
[alg
].driver_name
);
1119 t_alg
= cc_create_alg(&skcipher_algs
[alg
], dev
);
1120 if (IS_ERR(t_alg
)) {
1121 rc
= PTR_ERR(t_alg
);
1122 dev_err(dev
, "%s alg allocation failed\n",
1123 skcipher_algs
[alg
].driver_name
);
1126 t_alg
->drvdata
= drvdata
;
1128 dev_dbg(dev
, "registering %s\n",
1129 skcipher_algs
[alg
].driver_name
);
1130 rc
= crypto_register_skcipher(&t_alg
->skcipher_alg
);
1131 dev_dbg(dev
, "%s alg registration rc = %x\n",
1132 t_alg
->skcipher_alg
.base
.cra_driver_name
, rc
);
1134 dev_err(dev
, "%s alg registration failed\n",
1135 t_alg
->skcipher_alg
.base
.cra_driver_name
);
1139 list_add_tail(&t_alg
->entry
,
1140 &cipher_handle
->alg_list
);
1141 dev_dbg(dev
, "Registered %s\n",
1142 t_alg
->skcipher_alg
.base
.cra_driver_name
);
1148 cc_cipher_free(drvdata
);
