1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
4 #include <linux/kernel.h>
5 #include <linux/module.h>
6 #include <crypto/algapi.h>
7 #include <crypto/internal/aead.h>
8 #include <crypto/authenc.h>
9 #include <crypto/des.h>
10 #include <linux/rtnetlink.h>
11 #include "cc_driver.h"
12 #include "cc_buffer_mgr.h"
14 #include "cc_request_mgr.h"
16 #include "cc_sram_mgr.h"
18 #define template_aead template_u.aead
20 #define MAX_AEAD_SETKEY_SEQ 12
21 #define MAX_AEAD_PROCESS_SEQ 23
23 #define MAX_HMAC_DIGEST_SIZE (SHA256_DIGEST_SIZE)
24 #define MAX_HMAC_BLOCK_SIZE (SHA256_BLOCK_SIZE)
26 #define AES_CCM_RFC4309_NONCE_SIZE 3
27 #define MAX_NONCE_SIZE CTR_RFC3686_NONCE_SIZE
29 /* Value of each ICV_CMP byte (of 8) in case of success */
30 #define ICV_VERIF_OK 0x01
32 struct cc_aead_handle
{
33 cc_sram_addr_t sram_workspace_addr
;
34 struct list_head aead_list
;
39 u8
*ipad_opad
; /* IPAD, OPAD*/
40 dma_addr_t padded_authkey_dma_addr
;
41 dma_addr_t ipad_opad_dma_addr
;
45 u8
*xcbc_keys
; /* K1,K2,K3 */
46 dma_addr_t xcbc_keys_dma_addr
;
50 struct cc_drvdata
*drvdata
;
51 u8 ctr_nonce
[MAX_NONCE_SIZE
]; /* used for ctr3686 iv and aes ccm */
53 dma_addr_t enckey_dma_addr
;
55 struct cc_hmac_s hmac
;
56 struct cc_xcbc_s xcbc
;
58 unsigned int enc_keylen
;
59 unsigned int auth_keylen
;
60 unsigned int authsize
; /* Actual (reduced?) size of the MAC/ICv */
61 enum drv_cipher_mode cipher_mode
;
62 enum cc_flow_mode flow_mode
;
63 enum drv_hash_mode auth_mode
;
66 static inline bool valid_assoclen(struct aead_request
*req
)
68 return ((req
->assoclen
== 16) || (req
->assoclen
== 20));
71 static void cc_aead_exit(struct crypto_aead
*tfm
)
73 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
74 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
76 dev_dbg(dev
, "Clearing context @%p for %s\n", crypto_aead_ctx(tfm
),
77 crypto_tfm_alg_name(&tfm
->base
));
79 /* Unmap enckey buffer */
81 dma_free_coherent(dev
, AES_MAX_KEY_SIZE
, ctx
->enckey
,
82 ctx
->enckey_dma_addr
);
83 dev_dbg(dev
, "Freed enckey DMA buffer enckey_dma_addr=%pad\n",
84 &ctx
->enckey_dma_addr
);
85 ctx
->enckey_dma_addr
= 0;
89 if (ctx
->auth_mode
== DRV_HASH_XCBC_MAC
) { /* XCBC authetication */
90 struct cc_xcbc_s
*xcbc
= &ctx
->auth_state
.xcbc
;
92 if (xcbc
->xcbc_keys
) {
93 dma_free_coherent(dev
, CC_AES_128_BIT_KEY_SIZE
* 3,
95 xcbc
->xcbc_keys_dma_addr
);
97 dev_dbg(dev
, "Freed xcbc_keys DMA buffer xcbc_keys_dma_addr=%pad\n",
98 &xcbc
->xcbc_keys_dma_addr
);
99 xcbc
->xcbc_keys_dma_addr
= 0;
100 xcbc
->xcbc_keys
= NULL
;
101 } else if (ctx
->auth_mode
!= DRV_HASH_NULL
) { /* HMAC auth. */
102 struct cc_hmac_s
*hmac
= &ctx
->auth_state
.hmac
;
104 if (hmac
->ipad_opad
) {
105 dma_free_coherent(dev
, 2 * MAX_HMAC_DIGEST_SIZE
,
107 hmac
->ipad_opad_dma_addr
);
108 dev_dbg(dev
, "Freed ipad_opad DMA buffer ipad_opad_dma_addr=%pad\n",
109 &hmac
->ipad_opad_dma_addr
);
110 hmac
->ipad_opad_dma_addr
= 0;
111 hmac
->ipad_opad
= NULL
;
113 if (hmac
->padded_authkey
) {
114 dma_free_coherent(dev
, MAX_HMAC_BLOCK_SIZE
,
115 hmac
->padded_authkey
,
116 hmac
->padded_authkey_dma_addr
);
117 dev_dbg(dev
, "Freed padded_authkey DMA buffer padded_authkey_dma_addr=%pad\n",
118 &hmac
->padded_authkey_dma_addr
);
119 hmac
->padded_authkey_dma_addr
= 0;
120 hmac
->padded_authkey
= NULL
;
125 static int cc_aead_init(struct crypto_aead
*tfm
)
127 struct aead_alg
*alg
= crypto_aead_alg(tfm
);
128 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
129 struct cc_crypto_alg
*cc_alg
=
130 container_of(alg
, struct cc_crypto_alg
, aead_alg
);
131 struct device
*dev
= drvdata_to_dev(cc_alg
->drvdata
);
133 dev_dbg(dev
, "Initializing context @%p for %s\n", ctx
,
134 crypto_tfm_alg_name(&tfm
->base
));
136 /* Initialize modes in instance */
137 ctx
->cipher_mode
= cc_alg
->cipher_mode
;
138 ctx
->flow_mode
= cc_alg
->flow_mode
;
139 ctx
->auth_mode
= cc_alg
->auth_mode
;
140 ctx
->drvdata
= cc_alg
->drvdata
;
141 crypto_aead_set_reqsize(tfm
, sizeof(struct aead_req_ctx
));
143 /* Allocate key buffer, cache line aligned */
144 ctx
->enckey
= dma_alloc_coherent(dev
, AES_MAX_KEY_SIZE
,
145 &ctx
->enckey_dma_addr
, GFP_KERNEL
);
147 dev_err(dev
, "Failed allocating key buffer\n");
150 dev_dbg(dev
, "Allocated enckey buffer in context ctx->enckey=@%p\n",
153 /* Set default authlen value */
155 if (ctx
->auth_mode
== DRV_HASH_XCBC_MAC
) { /* XCBC authetication */
156 struct cc_xcbc_s
*xcbc
= &ctx
->auth_state
.xcbc
;
157 const unsigned int key_size
= CC_AES_128_BIT_KEY_SIZE
* 3;
159 /* Allocate dma-coherent buffer for XCBC's K1+K2+K3 */
160 /* (and temporary for user key - up to 256b) */
161 xcbc
->xcbc_keys
= dma_alloc_coherent(dev
, key_size
,
162 &xcbc
->xcbc_keys_dma_addr
,
164 if (!xcbc
->xcbc_keys
) {
165 dev_err(dev
, "Failed allocating buffer for XCBC keys\n");
168 } else if (ctx
->auth_mode
!= DRV_HASH_NULL
) { /* HMAC authentication */
169 struct cc_hmac_s
*hmac
= &ctx
->auth_state
.hmac
;
170 const unsigned int digest_size
= 2 * MAX_HMAC_DIGEST_SIZE
;
171 dma_addr_t
*pkey_dma
= &hmac
->padded_authkey_dma_addr
;
173 /* Allocate dma-coherent buffer for IPAD + OPAD */
174 hmac
->ipad_opad
= dma_alloc_coherent(dev
, digest_size
,
175 &hmac
->ipad_opad_dma_addr
,
178 if (!hmac
->ipad_opad
) {
179 dev_err(dev
, "Failed allocating IPAD/OPAD buffer\n");
183 dev_dbg(dev
, "Allocated authkey buffer in context ctx->authkey=@%p\n",
186 hmac
->padded_authkey
= dma_alloc_coherent(dev
,
191 if (!hmac
->padded_authkey
) {
192 dev_err(dev
, "failed to allocate padded_authkey\n");
196 ctx
->auth_state
.hmac
.ipad_opad
= NULL
;
197 ctx
->auth_state
.hmac
.padded_authkey
= NULL
;
207 static void cc_aead_complete(struct device
*dev
, void *cc_req
, int err
)
209 struct aead_request
*areq
= (struct aead_request
*)cc_req
;
210 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(areq
);
211 struct crypto_aead
*tfm
= crypto_aead_reqtfm(cc_req
);
212 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
214 cc_unmap_aead_request(dev
, areq
);
216 /* Restore ordinary iv pointer */
217 areq
->iv
= areq_ctx
->backup_iv
;
222 if (areq_ctx
->gen_ctx
.op_type
== DRV_CRYPTO_DIRECTION_DECRYPT
) {
223 if (memcmp(areq_ctx
->mac_buf
, areq_ctx
->icv_virt_addr
,
224 ctx
->authsize
) != 0) {
225 dev_dbg(dev
, "Payload authentication failure, (auth-size=%d, cipher=%d)\n",
226 ctx
->authsize
, ctx
->cipher_mode
);
227 /* In case of payload authentication failure, MUST NOT
228 * revealed the decrypted message --> zero its memory.
230 cc_zero_sgl(areq
->dst
, areq
->cryptlen
);
234 if (areq_ctx
->is_icv_fragmented
) {
235 u32 skip
= areq
->cryptlen
+ areq_ctx
->dst_offset
;
237 cc_copy_sg_portion(dev
, areq_ctx
->mac_buf
,
238 areq_ctx
->dst_sgl
, skip
,
239 (skip
+ ctx
->authsize
),
243 /* If an IV was generated, copy it back to the user provided
246 if (areq_ctx
->backup_giv
) {
247 if (ctx
->cipher_mode
== DRV_CIPHER_CTR
)
248 memcpy(areq_ctx
->backup_giv
, areq_ctx
->ctr_iv
+
249 CTR_RFC3686_NONCE_SIZE
,
250 CTR_RFC3686_IV_SIZE
);
251 else if (ctx
->cipher_mode
== DRV_CIPHER_CCM
)
252 memcpy(areq_ctx
->backup_giv
, areq_ctx
->ctr_iv
+
253 CCM_BLOCK_IV_OFFSET
, CCM_BLOCK_IV_SIZE
);
257 aead_request_complete(areq
, err
);
260 static unsigned int xcbc_setkey(struct cc_hw_desc
*desc
,
261 struct cc_aead_ctx
*ctx
)
263 /* Load the AES key */
264 hw_desc_init(&desc
[0]);
265 /* We are using for the source/user key the same buffer
266 * as for the output keys, * because after this key loading it
267 * is not needed anymore
269 set_din_type(&desc
[0], DMA_DLLI
,
270 ctx
->auth_state
.xcbc
.xcbc_keys_dma_addr
, ctx
->auth_keylen
,
272 set_cipher_mode(&desc
[0], DRV_CIPHER_ECB
);
273 set_cipher_config0(&desc
[0], DRV_CRYPTO_DIRECTION_ENCRYPT
);
274 set_key_size_aes(&desc
[0], ctx
->auth_keylen
);
275 set_flow_mode(&desc
[0], S_DIN_to_AES
);
276 set_setup_mode(&desc
[0], SETUP_LOAD_KEY0
);
278 hw_desc_init(&desc
[1]);
279 set_din_const(&desc
[1], 0x01010101, CC_AES_128_BIT_KEY_SIZE
);
280 set_flow_mode(&desc
[1], DIN_AES_DOUT
);
281 set_dout_dlli(&desc
[1], ctx
->auth_state
.xcbc
.xcbc_keys_dma_addr
,
282 AES_KEYSIZE_128
, NS_BIT
, 0);
284 hw_desc_init(&desc
[2]);
285 set_din_const(&desc
[2], 0x02020202, CC_AES_128_BIT_KEY_SIZE
);
286 set_flow_mode(&desc
[2], DIN_AES_DOUT
);
287 set_dout_dlli(&desc
[2], (ctx
->auth_state
.xcbc
.xcbc_keys_dma_addr
289 AES_KEYSIZE_128
, NS_BIT
, 0);
291 hw_desc_init(&desc
[3]);
292 set_din_const(&desc
[3], 0x03030303, CC_AES_128_BIT_KEY_SIZE
);
293 set_flow_mode(&desc
[3], DIN_AES_DOUT
);
294 set_dout_dlli(&desc
[3], (ctx
->auth_state
.xcbc
.xcbc_keys_dma_addr
295 + 2 * AES_KEYSIZE_128
),
296 AES_KEYSIZE_128
, NS_BIT
, 0);
301 static int hmac_setkey(struct cc_hw_desc
*desc
, struct cc_aead_ctx
*ctx
)
303 unsigned int hmac_pad_const
[2] = { HMAC_IPAD_CONST
, HMAC_OPAD_CONST
};
304 unsigned int digest_ofs
= 0;
305 unsigned int hash_mode
= (ctx
->auth_mode
== DRV_HASH_SHA1
) ?
306 DRV_HASH_HW_SHA1
: DRV_HASH_HW_SHA256
;
307 unsigned int digest_size
= (ctx
->auth_mode
== DRV_HASH_SHA1
) ?
308 CC_SHA1_DIGEST_SIZE
: CC_SHA256_DIGEST_SIZE
;
309 struct cc_hmac_s
*hmac
= &ctx
->auth_state
.hmac
;
311 unsigned int idx
= 0;
314 /* calc derived HMAC key */
315 for (i
= 0; i
< 2; i
++) {
316 /* Load hash initial state */
317 hw_desc_init(&desc
[idx
]);
318 set_cipher_mode(&desc
[idx
], hash_mode
);
319 set_din_sram(&desc
[idx
],
320 cc_larval_digest_addr(ctx
->drvdata
,
323 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
324 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE0
);
327 /* Load the hash current length*/
328 hw_desc_init(&desc
[idx
]);
329 set_cipher_mode(&desc
[idx
], hash_mode
);
330 set_din_const(&desc
[idx
], 0, ctx
->drvdata
->hash_len_sz
);
331 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
332 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
335 /* Prepare ipad key */
336 hw_desc_init(&desc
[idx
]);
337 set_xor_val(&desc
[idx
], hmac_pad_const
[i
]);
338 set_cipher_mode(&desc
[idx
], hash_mode
);
339 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
340 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE1
);
343 /* Perform HASH update */
344 hw_desc_init(&desc
[idx
]);
345 set_din_type(&desc
[idx
], DMA_DLLI
,
346 hmac
->padded_authkey_dma_addr
,
347 SHA256_BLOCK_SIZE
, NS_BIT
);
348 set_cipher_mode(&desc
[idx
], hash_mode
);
349 set_xor_active(&desc
[idx
]);
350 set_flow_mode(&desc
[idx
], DIN_HASH
);
354 hw_desc_init(&desc
[idx
]);
355 set_cipher_mode(&desc
[idx
], hash_mode
);
356 set_dout_dlli(&desc
[idx
],
357 (hmac
->ipad_opad_dma_addr
+ digest_ofs
),
358 digest_size
, NS_BIT
, 0);
359 set_flow_mode(&desc
[idx
], S_HASH_to_DOUT
);
360 set_setup_mode(&desc
[idx
], SETUP_WRITE_STATE0
);
361 set_cipher_config1(&desc
[idx
], HASH_PADDING_DISABLED
);
364 digest_ofs
+= digest_size
;
370 static int validate_keys_sizes(struct cc_aead_ctx
*ctx
)
372 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
374 dev_dbg(dev
, "enc_keylen=%u authkeylen=%u\n",
375 ctx
->enc_keylen
, ctx
->auth_keylen
);
377 switch (ctx
->auth_mode
) {
379 case DRV_HASH_SHA256
:
381 case DRV_HASH_XCBC_MAC
:
382 if (ctx
->auth_keylen
!= AES_KEYSIZE_128
&&
383 ctx
->auth_keylen
!= AES_KEYSIZE_192
&&
384 ctx
->auth_keylen
!= AES_KEYSIZE_256
)
387 case DRV_HASH_NULL
: /* Not authenc (e.g., CCM) - no auth_key) */
388 if (ctx
->auth_keylen
> 0)
392 dev_err(dev
, "Invalid auth_mode=%d\n", ctx
->auth_mode
);
395 /* Check cipher key size */
396 if (ctx
->flow_mode
== S_DIN_to_DES
) {
397 if (ctx
->enc_keylen
!= DES3_EDE_KEY_SIZE
) {
398 dev_err(dev
, "Invalid cipher(3DES) key size: %u\n",
402 } else { /* Default assumed to be AES ciphers */
403 if (ctx
->enc_keylen
!= AES_KEYSIZE_128
&&
404 ctx
->enc_keylen
!= AES_KEYSIZE_192
&&
405 ctx
->enc_keylen
!= AES_KEYSIZE_256
) {
406 dev_err(dev
, "Invalid cipher(AES) key size: %u\n",
412 return 0; /* All tests of keys sizes passed */
415 /* This function prepers the user key so it can pass to the hmac processing
416 * (copy to intenral buffer or hash in case of key longer than block
418 static int cc_get_plain_hmac_key(struct crypto_aead
*tfm
, const u8
*authkey
,
421 dma_addr_t key_dma_addr
= 0;
422 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
423 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
424 u32 larval_addr
= cc_larval_digest_addr(ctx
->drvdata
, ctx
->auth_mode
);
425 struct cc_crypto_req cc_req
= {};
426 unsigned int blocksize
;
427 unsigned int digestsize
;
428 unsigned int hashmode
;
429 unsigned int idx
= 0;
432 struct cc_hw_desc desc
[MAX_AEAD_SETKEY_SEQ
];
433 dma_addr_t padded_authkey_dma_addr
=
434 ctx
->auth_state
.hmac
.padded_authkey_dma_addr
;
436 switch (ctx
->auth_mode
) { /* auth_key required and >0 */
438 blocksize
= SHA1_BLOCK_SIZE
;
439 digestsize
= SHA1_DIGEST_SIZE
;
440 hashmode
= DRV_HASH_HW_SHA1
;
442 case DRV_HASH_SHA256
:
444 blocksize
= SHA256_BLOCK_SIZE
;
445 digestsize
= SHA256_DIGEST_SIZE
;
446 hashmode
= DRV_HASH_HW_SHA256
;
451 key
= kmemdup(authkey
, keylen
, GFP_KERNEL
);
455 key_dma_addr
= dma_map_single(dev
, (void *)key
, keylen
,
457 if (dma_mapping_error(dev
, key_dma_addr
)) {
458 dev_err(dev
, "Mapping key va=0x%p len=%u for DMA failed\n",
463 if (keylen
> blocksize
) {
464 /* Load hash initial state */
465 hw_desc_init(&desc
[idx
]);
466 set_cipher_mode(&desc
[idx
], hashmode
);
467 set_din_sram(&desc
[idx
], larval_addr
, digestsize
);
468 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
469 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE0
);
472 /* Load the hash current length*/
473 hw_desc_init(&desc
[idx
]);
474 set_cipher_mode(&desc
[idx
], hashmode
);
475 set_din_const(&desc
[idx
], 0, ctx
->drvdata
->hash_len_sz
);
476 set_cipher_config1(&desc
[idx
], HASH_PADDING_ENABLED
);
477 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
478 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
481 hw_desc_init(&desc
[idx
]);
482 set_din_type(&desc
[idx
], DMA_DLLI
,
483 key_dma_addr
, keylen
, NS_BIT
);
484 set_flow_mode(&desc
[idx
], DIN_HASH
);
488 hw_desc_init(&desc
[idx
]);
489 set_cipher_mode(&desc
[idx
], hashmode
);
490 set_dout_dlli(&desc
[idx
], padded_authkey_dma_addr
,
491 digestsize
, NS_BIT
, 0);
492 set_flow_mode(&desc
[idx
], S_HASH_to_DOUT
);
493 set_setup_mode(&desc
[idx
], SETUP_WRITE_STATE0
);
494 set_cipher_config1(&desc
[idx
], HASH_PADDING_DISABLED
);
495 set_cipher_config0(&desc
[idx
],
496 HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
499 hw_desc_init(&desc
[idx
]);
500 set_din_const(&desc
[idx
], 0, (blocksize
- digestsize
));
501 set_flow_mode(&desc
[idx
], BYPASS
);
502 set_dout_dlli(&desc
[idx
], (padded_authkey_dma_addr
+
503 digestsize
), (blocksize
- digestsize
),
507 hw_desc_init(&desc
[idx
]);
508 set_din_type(&desc
[idx
], DMA_DLLI
, key_dma_addr
,
510 set_flow_mode(&desc
[idx
], BYPASS
);
511 set_dout_dlli(&desc
[idx
], padded_authkey_dma_addr
,
515 if ((blocksize
- keylen
) != 0) {
516 hw_desc_init(&desc
[idx
]);
517 set_din_const(&desc
[idx
], 0,
518 (blocksize
- keylen
));
519 set_flow_mode(&desc
[idx
], BYPASS
);
520 set_dout_dlli(&desc
[idx
],
521 (padded_authkey_dma_addr
+
523 (blocksize
- keylen
), NS_BIT
, 0);
528 hw_desc_init(&desc
[idx
]);
529 set_din_const(&desc
[idx
], 0, (blocksize
- keylen
));
530 set_flow_mode(&desc
[idx
], BYPASS
);
531 set_dout_dlli(&desc
[idx
], padded_authkey_dma_addr
,
532 blocksize
, NS_BIT
, 0);
536 rc
= cc_send_sync_request(ctx
->drvdata
, &cc_req
, desc
, idx
);
538 dev_err(dev
, "send_request() failed (rc=%d)\n", rc
);
541 dma_unmap_single(dev
, key_dma_addr
, keylen
, DMA_TO_DEVICE
);
548 static int cc_aead_setkey(struct crypto_aead
*tfm
, const u8
*key
,
551 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
552 struct cc_crypto_req cc_req
= {};
553 struct cc_hw_desc desc
[MAX_AEAD_SETKEY_SEQ
];
554 unsigned int seq_len
= 0;
555 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
556 const u8
*enckey
, *authkey
;
559 dev_dbg(dev
, "Setting key in context @%p for %s. key=%p keylen=%u\n",
560 ctx
, crypto_tfm_alg_name(crypto_aead_tfm(tfm
)), key
, keylen
);
562 /* STAT_PHASE_0: Init and sanity checks */
564 if (ctx
->auth_mode
!= DRV_HASH_NULL
) { /* authenc() alg. */
565 struct crypto_authenc_keys keys
;
567 rc
= crypto_authenc_extractkeys(&keys
, key
, keylen
);
570 enckey
= keys
.enckey
;
571 authkey
= keys
.authkey
;
572 ctx
->enc_keylen
= keys
.enckeylen
;
573 ctx
->auth_keylen
= keys
.authkeylen
;
575 if (ctx
->cipher_mode
== DRV_CIPHER_CTR
) {
576 /* the nonce is stored in bytes at end of key */
578 if (ctx
->enc_keylen
<
579 (AES_MIN_KEY_SIZE
+ CTR_RFC3686_NONCE_SIZE
))
581 /* Copy nonce from last 4 bytes in CTR key to
582 * first 4 bytes in CTR IV
584 memcpy(ctx
->ctr_nonce
, enckey
+ ctx
->enc_keylen
-
585 CTR_RFC3686_NONCE_SIZE
, CTR_RFC3686_NONCE_SIZE
);
586 /* Set CTR key size */
587 ctx
->enc_keylen
-= CTR_RFC3686_NONCE_SIZE
;
589 } else { /* non-authenc - has just one key */
592 ctx
->enc_keylen
= keylen
;
593 ctx
->auth_keylen
= 0;
596 rc
= validate_keys_sizes(ctx
);
600 /* STAT_PHASE_1: Copy key to ctx */
602 /* Get key material */
603 memcpy(ctx
->enckey
, enckey
, ctx
->enc_keylen
);
604 if (ctx
->enc_keylen
== 24)
605 memset(ctx
->enckey
+ 24, 0, CC_AES_KEY_SIZE_MAX
- 24);
606 if (ctx
->auth_mode
== DRV_HASH_XCBC_MAC
) {
607 memcpy(ctx
->auth_state
.xcbc
.xcbc_keys
, authkey
,
609 } else if (ctx
->auth_mode
!= DRV_HASH_NULL
) { /* HMAC */
610 rc
= cc_get_plain_hmac_key(tfm
, authkey
, ctx
->auth_keylen
);
615 /* STAT_PHASE_2: Create sequence */
617 switch (ctx
->auth_mode
) {
619 case DRV_HASH_SHA256
:
620 seq_len
= hmac_setkey(desc
, ctx
);
622 case DRV_HASH_XCBC_MAC
:
623 seq_len
= xcbc_setkey(desc
, ctx
);
625 case DRV_HASH_NULL
: /* non-authenc modes, e.g., CCM */
626 break; /* No auth. key setup */
628 dev_err(dev
, "Unsupported authenc (%d)\n", ctx
->auth_mode
);
633 /* STAT_PHASE_3: Submit sequence to HW */
635 if (seq_len
> 0) { /* For CCM there is no sequence to setup the key */
636 rc
= cc_send_sync_request(ctx
->drvdata
, &cc_req
, desc
, seq_len
);
638 dev_err(dev
, "send_request() failed (rc=%d)\n", rc
);
643 /* Update STAT_PHASE_3 */
647 crypto_aead_set_flags(tfm
, CRYPTO_TFM_RES_BAD_KEY_LEN
);
653 static int cc_rfc4309_ccm_setkey(struct crypto_aead
*tfm
, const u8
*key
,
656 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
662 memcpy(ctx
->ctr_nonce
, key
+ keylen
, 3);
664 return cc_aead_setkey(tfm
, key
, keylen
);
667 static int cc_aead_setauthsize(struct crypto_aead
*authenc
,
668 unsigned int authsize
)
670 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(authenc
);
671 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
673 /* Unsupported auth. sizes */
675 authsize
> crypto_aead_maxauthsize(authenc
)) {
679 ctx
->authsize
= authsize
;
680 dev_dbg(dev
, "authlen=%d\n", ctx
->authsize
);
685 static int cc_rfc4309_ccm_setauthsize(struct crypto_aead
*authenc
,
686 unsigned int authsize
)
697 return cc_aead_setauthsize(authenc
, authsize
);
700 static int cc_ccm_setauthsize(struct crypto_aead
*authenc
,
701 unsigned int authsize
)
716 return cc_aead_setauthsize(authenc
, authsize
);
719 static void cc_set_assoc_desc(struct aead_request
*areq
, unsigned int flow_mode
,
720 struct cc_hw_desc desc
[], unsigned int *seq_size
)
722 struct crypto_aead
*tfm
= crypto_aead_reqtfm(areq
);
723 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
724 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(areq
);
725 enum cc_req_dma_buf_type assoc_dma_type
= areq_ctx
->assoc_buff_type
;
726 unsigned int idx
= *seq_size
;
727 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
729 switch (assoc_dma_type
) {
730 case CC_DMA_BUF_DLLI
:
731 dev_dbg(dev
, "ASSOC buffer type DLLI\n");
732 hw_desc_init(&desc
[idx
]);
733 set_din_type(&desc
[idx
], DMA_DLLI
, sg_dma_address(areq
->src
),
734 areq_ctx
->assoclen
, NS_BIT
);
735 set_flow_mode(&desc
[idx
], flow_mode
);
736 if (ctx
->auth_mode
== DRV_HASH_XCBC_MAC
&&
737 areq_ctx
->cryptlen
> 0)
738 set_din_not_last_indication(&desc
[idx
]);
740 case CC_DMA_BUF_MLLI
:
741 dev_dbg(dev
, "ASSOC buffer type MLLI\n");
742 hw_desc_init(&desc
[idx
]);
743 set_din_type(&desc
[idx
], DMA_MLLI
, areq_ctx
->assoc
.sram_addr
,
744 areq_ctx
->assoc
.mlli_nents
, NS_BIT
);
745 set_flow_mode(&desc
[idx
], flow_mode
);
746 if (ctx
->auth_mode
== DRV_HASH_XCBC_MAC
&&
747 areq_ctx
->cryptlen
> 0)
748 set_din_not_last_indication(&desc
[idx
]);
750 case CC_DMA_BUF_NULL
:
752 dev_err(dev
, "Invalid ASSOC buffer type\n");
758 static void cc_proc_authen_desc(struct aead_request
*areq
,
759 unsigned int flow_mode
,
760 struct cc_hw_desc desc
[],
761 unsigned int *seq_size
, int direct
)
763 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(areq
);
764 enum cc_req_dma_buf_type data_dma_type
= areq_ctx
->data_buff_type
;
765 unsigned int idx
= *seq_size
;
766 struct crypto_aead
*tfm
= crypto_aead_reqtfm(areq
);
767 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
768 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
770 switch (data_dma_type
) {
771 case CC_DMA_BUF_DLLI
:
773 struct scatterlist
*cipher
=
774 (direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) ?
775 areq_ctx
->dst_sgl
: areq_ctx
->src_sgl
;
777 unsigned int offset
=
778 (direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) ?
779 areq_ctx
->dst_offset
: areq_ctx
->src_offset
;
780 dev_dbg(dev
, "AUTHENC: SRC/DST buffer type DLLI\n");
781 hw_desc_init(&desc
[idx
]);
782 set_din_type(&desc
[idx
], DMA_DLLI
,
783 (sg_dma_address(cipher
) + offset
),
784 areq_ctx
->cryptlen
, NS_BIT
);
785 set_flow_mode(&desc
[idx
], flow_mode
);
788 case CC_DMA_BUF_MLLI
:
790 /* DOUBLE-PASS flow (as default)
791 * assoc. + iv + data -compact in one table
792 * if assoclen is ZERO only IV perform
794 cc_sram_addr_t mlli_addr
= areq_ctx
->assoc
.sram_addr
;
795 u32 mlli_nents
= areq_ctx
->assoc
.mlli_nents
;
797 if (areq_ctx
->is_single_pass
) {
798 if (direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) {
799 mlli_addr
= areq_ctx
->dst
.sram_addr
;
800 mlli_nents
= areq_ctx
->dst
.mlli_nents
;
802 mlli_addr
= areq_ctx
->src
.sram_addr
;
803 mlli_nents
= areq_ctx
->src
.mlli_nents
;
807 dev_dbg(dev
, "AUTHENC: SRC/DST buffer type MLLI\n");
808 hw_desc_init(&desc
[idx
]);
809 set_din_type(&desc
[idx
], DMA_MLLI
, mlli_addr
, mlli_nents
,
811 set_flow_mode(&desc
[idx
], flow_mode
);
814 case CC_DMA_BUF_NULL
:
816 dev_err(dev
, "AUTHENC: Invalid SRC/DST buffer type\n");
822 static void cc_proc_cipher_desc(struct aead_request
*areq
,
823 unsigned int flow_mode
,
824 struct cc_hw_desc desc
[],
825 unsigned int *seq_size
)
827 unsigned int idx
= *seq_size
;
828 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(areq
);
829 enum cc_req_dma_buf_type data_dma_type
= areq_ctx
->data_buff_type
;
830 struct crypto_aead
*tfm
= crypto_aead_reqtfm(areq
);
831 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
832 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
834 if (areq_ctx
->cryptlen
== 0)
835 return; /*null processing*/
837 switch (data_dma_type
) {
838 case CC_DMA_BUF_DLLI
:
839 dev_dbg(dev
, "CIPHER: SRC/DST buffer type DLLI\n");
840 hw_desc_init(&desc
[idx
]);
841 set_din_type(&desc
[idx
], DMA_DLLI
,
842 (sg_dma_address(areq_ctx
->src_sgl
) +
843 areq_ctx
->src_offset
), areq_ctx
->cryptlen
,
845 set_dout_dlli(&desc
[idx
],
846 (sg_dma_address(areq_ctx
->dst_sgl
) +
847 areq_ctx
->dst_offset
),
848 areq_ctx
->cryptlen
, NS_BIT
, 0);
849 set_flow_mode(&desc
[idx
], flow_mode
);
851 case CC_DMA_BUF_MLLI
:
852 dev_dbg(dev
, "CIPHER: SRC/DST buffer type MLLI\n");
853 hw_desc_init(&desc
[idx
]);
854 set_din_type(&desc
[idx
], DMA_MLLI
, areq_ctx
->src
.sram_addr
,
855 areq_ctx
->src
.mlli_nents
, NS_BIT
);
856 set_dout_mlli(&desc
[idx
], areq_ctx
->dst
.sram_addr
,
857 areq_ctx
->dst
.mlli_nents
, NS_BIT
, 0);
858 set_flow_mode(&desc
[idx
], flow_mode
);
860 case CC_DMA_BUF_NULL
:
862 dev_err(dev
, "CIPHER: Invalid SRC/DST buffer type\n");
868 static void cc_proc_digest_desc(struct aead_request
*req
,
869 struct cc_hw_desc desc
[],
870 unsigned int *seq_size
)
872 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
873 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
874 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
875 unsigned int idx
= *seq_size
;
876 unsigned int hash_mode
= (ctx
->auth_mode
== DRV_HASH_SHA1
) ?
877 DRV_HASH_HW_SHA1
: DRV_HASH_HW_SHA256
;
878 int direct
= req_ctx
->gen_ctx
.op_type
;
880 /* Get final ICV result */
881 if (direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) {
882 hw_desc_init(&desc
[idx
]);
883 set_flow_mode(&desc
[idx
], S_HASH_to_DOUT
);
884 set_setup_mode(&desc
[idx
], SETUP_WRITE_STATE0
);
885 set_dout_dlli(&desc
[idx
], req_ctx
->icv_dma_addr
, ctx
->authsize
,
887 set_queue_last_ind(ctx
->drvdata
, &desc
[idx
]);
888 if (ctx
->auth_mode
== DRV_HASH_XCBC_MAC
) {
889 set_aes_not_hash_mode(&desc
[idx
]);
890 set_cipher_mode(&desc
[idx
], DRV_CIPHER_XCBC_MAC
);
892 set_cipher_config0(&desc
[idx
],
893 HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
894 set_cipher_mode(&desc
[idx
], hash_mode
);
897 /* Get ICV out from hardware */
898 hw_desc_init(&desc
[idx
]);
899 set_setup_mode(&desc
[idx
], SETUP_WRITE_STATE0
);
900 set_flow_mode(&desc
[idx
], S_HASH_to_DOUT
);
901 set_dout_dlli(&desc
[idx
], req_ctx
->mac_buf_dma_addr
,
902 ctx
->authsize
, NS_BIT
, 1);
903 set_queue_last_ind(ctx
->drvdata
, &desc
[idx
]);
904 set_cipher_config0(&desc
[idx
],
905 HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
906 set_cipher_config1(&desc
[idx
], HASH_PADDING_DISABLED
);
907 if (ctx
->auth_mode
== DRV_HASH_XCBC_MAC
) {
908 set_cipher_mode(&desc
[idx
], DRV_CIPHER_XCBC_MAC
);
909 set_aes_not_hash_mode(&desc
[idx
]);
911 set_cipher_mode(&desc
[idx
], hash_mode
);
918 static void cc_set_cipher_desc(struct aead_request
*req
,
919 struct cc_hw_desc desc
[],
920 unsigned int *seq_size
)
922 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
923 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
924 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
925 unsigned int hw_iv_size
= req_ctx
->hw_iv_size
;
926 unsigned int idx
= *seq_size
;
927 int direct
= req_ctx
->gen_ctx
.op_type
;
929 /* Setup cipher state */
930 hw_desc_init(&desc
[idx
]);
931 set_cipher_config0(&desc
[idx
], direct
);
932 set_flow_mode(&desc
[idx
], ctx
->flow_mode
);
933 set_din_type(&desc
[idx
], DMA_DLLI
, req_ctx
->gen_ctx
.iv_dma_addr
,
935 if (ctx
->cipher_mode
== DRV_CIPHER_CTR
)
936 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE1
);
938 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE0
);
939 set_cipher_mode(&desc
[idx
], ctx
->cipher_mode
);
943 hw_desc_init(&desc
[idx
]);
944 set_cipher_config0(&desc
[idx
], direct
);
945 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
946 set_flow_mode(&desc
[idx
], ctx
->flow_mode
);
947 if (ctx
->flow_mode
== S_DIN_to_AES
) {
948 set_din_type(&desc
[idx
], DMA_DLLI
, ctx
->enckey_dma_addr
,
949 ((ctx
->enc_keylen
== 24) ? CC_AES_KEY_SIZE_MAX
:
950 ctx
->enc_keylen
), NS_BIT
);
951 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
953 set_din_type(&desc
[idx
], DMA_DLLI
, ctx
->enckey_dma_addr
,
954 ctx
->enc_keylen
, NS_BIT
);
955 set_key_size_des(&desc
[idx
], ctx
->enc_keylen
);
957 set_cipher_mode(&desc
[idx
], ctx
->cipher_mode
);
963 static void cc_proc_cipher(struct aead_request
*req
, struct cc_hw_desc desc
[],
964 unsigned int *seq_size
, unsigned int data_flow_mode
)
966 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
967 int direct
= req_ctx
->gen_ctx
.op_type
;
968 unsigned int idx
= *seq_size
;
970 if (req_ctx
->cryptlen
== 0)
971 return; /*null processing*/
973 cc_set_cipher_desc(req
, desc
, &idx
);
974 cc_proc_cipher_desc(req
, data_flow_mode
, desc
, &idx
);
975 if (direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) {
976 /* We must wait for DMA to write all cipher */
977 hw_desc_init(&desc
[idx
]);
978 set_din_no_dma(&desc
[idx
], 0, 0xfffff0);
979 set_dout_no_dma(&desc
[idx
], 0, 0, 1);
986 static void cc_set_hmac_desc(struct aead_request
*req
, struct cc_hw_desc desc
[],
987 unsigned int *seq_size
)
989 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
990 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
991 unsigned int hash_mode
= (ctx
->auth_mode
== DRV_HASH_SHA1
) ?
992 DRV_HASH_HW_SHA1
: DRV_HASH_HW_SHA256
;
993 unsigned int digest_size
= (ctx
->auth_mode
== DRV_HASH_SHA1
) ?
994 CC_SHA1_DIGEST_SIZE
: CC_SHA256_DIGEST_SIZE
;
995 unsigned int idx
= *seq_size
;
997 /* Loading hash ipad xor key state */
998 hw_desc_init(&desc
[idx
]);
999 set_cipher_mode(&desc
[idx
], hash_mode
);
1000 set_din_type(&desc
[idx
], DMA_DLLI
,
1001 ctx
->auth_state
.hmac
.ipad_opad_dma_addr
, digest_size
,
1003 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1004 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE0
);
1007 /* Load init. digest len (64 bytes) */
1008 hw_desc_init(&desc
[idx
]);
1009 set_cipher_mode(&desc
[idx
], hash_mode
);
1010 set_din_sram(&desc
[idx
], cc_digest_len_addr(ctx
->drvdata
, hash_mode
),
1011 ctx
->drvdata
->hash_len_sz
);
1012 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1013 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1019 static void cc_set_xcbc_desc(struct aead_request
*req
, struct cc_hw_desc desc
[],
1020 unsigned int *seq_size
)
1022 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1023 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1024 unsigned int idx
= *seq_size
;
1026 /* Loading MAC state */
1027 hw_desc_init(&desc
[idx
]);
1028 set_din_const(&desc
[idx
], 0, CC_AES_BLOCK_SIZE
);
1029 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE0
);
1030 set_cipher_mode(&desc
[idx
], DRV_CIPHER_XCBC_MAC
);
1031 set_cipher_config0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1032 set_key_size_aes(&desc
[idx
], CC_AES_128_BIT_KEY_SIZE
);
1033 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1034 set_aes_not_hash_mode(&desc
[idx
]);
1037 /* Setup XCBC MAC K1 */
1038 hw_desc_init(&desc
[idx
]);
1039 set_din_type(&desc
[idx
], DMA_DLLI
,
1040 ctx
->auth_state
.xcbc
.xcbc_keys_dma_addr
,
1041 AES_KEYSIZE_128
, NS_BIT
);
1042 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1043 set_cipher_mode(&desc
[idx
], DRV_CIPHER_XCBC_MAC
);
1044 set_cipher_config0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1045 set_key_size_aes(&desc
[idx
], CC_AES_128_BIT_KEY_SIZE
);
1046 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1047 set_aes_not_hash_mode(&desc
[idx
]);
1050 /* Setup XCBC MAC K2 */
1051 hw_desc_init(&desc
[idx
]);
1052 set_din_type(&desc
[idx
], DMA_DLLI
,
1053 (ctx
->auth_state
.xcbc
.xcbc_keys_dma_addr
+
1054 AES_KEYSIZE_128
), AES_KEYSIZE_128
, NS_BIT
);
1055 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE1
);
1056 set_cipher_mode(&desc
[idx
], DRV_CIPHER_XCBC_MAC
);
1057 set_cipher_config0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1058 set_key_size_aes(&desc
[idx
], CC_AES_128_BIT_KEY_SIZE
);
1059 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1060 set_aes_not_hash_mode(&desc
[idx
]);
1063 /* Setup XCBC MAC K3 */
1064 hw_desc_init(&desc
[idx
]);
1065 set_din_type(&desc
[idx
], DMA_DLLI
,
1066 (ctx
->auth_state
.xcbc
.xcbc_keys_dma_addr
+
1067 2 * AES_KEYSIZE_128
), AES_KEYSIZE_128
, NS_BIT
);
1068 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE2
);
1069 set_cipher_mode(&desc
[idx
], DRV_CIPHER_XCBC_MAC
);
1070 set_cipher_config0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1071 set_key_size_aes(&desc
[idx
], CC_AES_128_BIT_KEY_SIZE
);
1072 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1073 set_aes_not_hash_mode(&desc
[idx
]);
1079 static void cc_proc_header_desc(struct aead_request
*req
,
1080 struct cc_hw_desc desc
[],
1081 unsigned int *seq_size
)
1083 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
1084 unsigned int idx
= *seq_size
;
1086 /* Hash associated data */
1087 if (areq_ctx
->assoclen
> 0)
1088 cc_set_assoc_desc(req
, DIN_HASH
, desc
, &idx
);
1094 static void cc_proc_scheme_desc(struct aead_request
*req
,
1095 struct cc_hw_desc desc
[],
1096 unsigned int *seq_size
)
1098 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1099 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1100 struct cc_aead_handle
*aead_handle
= ctx
->drvdata
->aead_handle
;
1101 unsigned int hash_mode
= (ctx
->auth_mode
== DRV_HASH_SHA1
) ?
1102 DRV_HASH_HW_SHA1
: DRV_HASH_HW_SHA256
;
1103 unsigned int digest_size
= (ctx
->auth_mode
== DRV_HASH_SHA1
) ?
1104 CC_SHA1_DIGEST_SIZE
: CC_SHA256_DIGEST_SIZE
;
1105 unsigned int idx
= *seq_size
;
1107 hw_desc_init(&desc
[idx
]);
1108 set_cipher_mode(&desc
[idx
], hash_mode
);
1109 set_dout_sram(&desc
[idx
], aead_handle
->sram_workspace_addr
,
1110 ctx
->drvdata
->hash_len_sz
);
1111 set_flow_mode(&desc
[idx
], S_HASH_to_DOUT
);
1112 set_setup_mode(&desc
[idx
], SETUP_WRITE_STATE1
);
1113 set_cipher_do(&desc
[idx
], DO_PAD
);
1116 /* Get final ICV result */
1117 hw_desc_init(&desc
[idx
]);
1118 set_dout_sram(&desc
[idx
], aead_handle
->sram_workspace_addr
,
1120 set_flow_mode(&desc
[idx
], S_HASH_to_DOUT
);
1121 set_setup_mode(&desc
[idx
], SETUP_WRITE_STATE0
);
1122 set_cipher_config0(&desc
[idx
], HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
1123 set_cipher_mode(&desc
[idx
], hash_mode
);
1126 /* Loading hash opad xor key state */
1127 hw_desc_init(&desc
[idx
]);
1128 set_cipher_mode(&desc
[idx
], hash_mode
);
1129 set_din_type(&desc
[idx
], DMA_DLLI
,
1130 (ctx
->auth_state
.hmac
.ipad_opad_dma_addr
+ digest_size
),
1131 digest_size
, NS_BIT
);
1132 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1133 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE0
);
1136 /* Load init. digest len (64 bytes) */
1137 hw_desc_init(&desc
[idx
]);
1138 set_cipher_mode(&desc
[idx
], hash_mode
);
1139 set_din_sram(&desc
[idx
], cc_digest_len_addr(ctx
->drvdata
, hash_mode
),
1140 ctx
->drvdata
->hash_len_sz
);
1141 set_cipher_config1(&desc
[idx
], HASH_PADDING_ENABLED
);
1142 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1143 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1146 /* Perform HASH update */
1147 hw_desc_init(&desc
[idx
]);
1148 set_din_sram(&desc
[idx
], aead_handle
->sram_workspace_addr
,
1150 set_flow_mode(&desc
[idx
], DIN_HASH
);
1156 static void cc_mlli_to_sram(struct aead_request
*req
,
1157 struct cc_hw_desc desc
[], unsigned int *seq_size
)
1159 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1160 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1161 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1162 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
1164 if (req_ctx
->assoc_buff_type
== CC_DMA_BUF_MLLI
||
1165 req_ctx
->data_buff_type
== CC_DMA_BUF_MLLI
||
1166 !req_ctx
->is_single_pass
) {
1167 dev_dbg(dev
, "Copy-to-sram: mlli_dma=%08x, mlli_size=%u\n",
1168 (unsigned int)ctx
->drvdata
->mlli_sram_addr
,
1169 req_ctx
->mlli_params
.mlli_len
);
1170 /* Copy MLLI table host-to-sram */
1171 hw_desc_init(&desc
[*seq_size
]);
1172 set_din_type(&desc
[*seq_size
], DMA_DLLI
,
1173 req_ctx
->mlli_params
.mlli_dma_addr
,
1174 req_ctx
->mlli_params
.mlli_len
, NS_BIT
);
1175 set_dout_sram(&desc
[*seq_size
],
1176 ctx
->drvdata
->mlli_sram_addr
,
1177 req_ctx
->mlli_params
.mlli_len
);
1178 set_flow_mode(&desc
[*seq_size
], BYPASS
);
1183 static enum cc_flow_mode
cc_get_data_flow(enum drv_crypto_direction direct
,
1184 enum cc_flow_mode setup_flow_mode
,
1185 bool is_single_pass
)
1187 enum cc_flow_mode data_flow_mode
;
1189 if (direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) {
1190 if (setup_flow_mode
== S_DIN_to_AES
)
1191 data_flow_mode
= is_single_pass
?
1192 AES_to_HASH_and_DOUT
: DIN_AES_DOUT
;
1194 data_flow_mode
= is_single_pass
?
1195 DES_to_HASH_and_DOUT
: DIN_DES_DOUT
;
1196 } else { /* Decrypt */
1197 if (setup_flow_mode
== S_DIN_to_AES
)
1198 data_flow_mode
= is_single_pass
?
1199 AES_and_HASH
: DIN_AES_DOUT
;
1201 data_flow_mode
= is_single_pass
?
1202 DES_and_HASH
: DIN_DES_DOUT
;
1205 return data_flow_mode
;
1208 static void cc_hmac_authenc(struct aead_request
*req
, struct cc_hw_desc desc
[],
1209 unsigned int *seq_size
)
1211 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1212 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1213 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1214 int direct
= req_ctx
->gen_ctx
.op_type
;
1215 unsigned int data_flow_mode
=
1216 cc_get_data_flow(direct
, ctx
->flow_mode
,
1217 req_ctx
->is_single_pass
);
1219 if (req_ctx
->is_single_pass
) {
1223 cc_set_hmac_desc(req
, desc
, seq_size
);
1224 cc_set_cipher_desc(req
, desc
, seq_size
);
1225 cc_proc_header_desc(req
, desc
, seq_size
);
1226 cc_proc_cipher_desc(req
, data_flow_mode
, desc
, seq_size
);
1227 cc_proc_scheme_desc(req
, desc
, seq_size
);
1228 cc_proc_digest_desc(req
, desc
, seq_size
);
1234 * Fallback for unsupported single-pass modes,
1235 * i.e. using assoc. data of non-word-multiple
1237 if (direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) {
1238 /* encrypt first.. */
1239 cc_proc_cipher(req
, desc
, seq_size
, data_flow_mode
);
1240 /* authenc after..*/
1241 cc_set_hmac_desc(req
, desc
, seq_size
);
1242 cc_proc_authen_desc(req
, DIN_HASH
, desc
, seq_size
, direct
);
1243 cc_proc_scheme_desc(req
, desc
, seq_size
);
1244 cc_proc_digest_desc(req
, desc
, seq_size
);
1246 } else { /*DECRYPT*/
1247 /* authenc first..*/
1248 cc_set_hmac_desc(req
, desc
, seq_size
);
1249 cc_proc_authen_desc(req
, DIN_HASH
, desc
, seq_size
, direct
);
1250 cc_proc_scheme_desc(req
, desc
, seq_size
);
1251 /* decrypt after.. */
1252 cc_proc_cipher(req
, desc
, seq_size
, data_flow_mode
);
1253 /* read the digest result with setting the completion bit
1254 * must be after the cipher operation
1256 cc_proc_digest_desc(req
, desc
, seq_size
);
1261 cc_xcbc_authenc(struct aead_request
*req
, struct cc_hw_desc desc
[],
1262 unsigned int *seq_size
)
1264 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1265 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1266 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1267 int direct
= req_ctx
->gen_ctx
.op_type
;
1268 unsigned int data_flow_mode
=
1269 cc_get_data_flow(direct
, ctx
->flow_mode
,
1270 req_ctx
->is_single_pass
);
1272 if (req_ctx
->is_single_pass
) {
1276 cc_set_xcbc_desc(req
, desc
, seq_size
);
1277 cc_set_cipher_desc(req
, desc
, seq_size
);
1278 cc_proc_header_desc(req
, desc
, seq_size
);
1279 cc_proc_cipher_desc(req
, data_flow_mode
, desc
, seq_size
);
1280 cc_proc_digest_desc(req
, desc
, seq_size
);
1286 * Fallback for unsupported single-pass modes,
1287 * i.e. using assoc. data of non-word-multiple
1289 if (direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) {
1290 /* encrypt first.. */
1291 cc_proc_cipher(req
, desc
, seq_size
, data_flow_mode
);
1292 /* authenc after.. */
1293 cc_set_xcbc_desc(req
, desc
, seq_size
);
1294 cc_proc_authen_desc(req
, DIN_HASH
, desc
, seq_size
, direct
);
1295 cc_proc_digest_desc(req
, desc
, seq_size
);
1296 } else { /*DECRYPT*/
1297 /* authenc first.. */
1298 cc_set_xcbc_desc(req
, desc
, seq_size
);
1299 cc_proc_authen_desc(req
, DIN_HASH
, desc
, seq_size
, direct
);
1300 /* decrypt after..*/
1301 cc_proc_cipher(req
, desc
, seq_size
, data_flow_mode
);
1302 /* read the digest result with setting the completion bit
1303 * must be after the cipher operation
1305 cc_proc_digest_desc(req
, desc
, seq_size
);
1309 static int validate_data_size(struct cc_aead_ctx
*ctx
,
1310 enum drv_crypto_direction direct
,
1311 struct aead_request
*req
)
1313 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
1314 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
1315 unsigned int assoclen
= areq_ctx
->assoclen
;
1316 unsigned int cipherlen
= (direct
== DRV_CRYPTO_DIRECTION_DECRYPT
) ?
1317 (req
->cryptlen
- ctx
->authsize
) : req
->cryptlen
;
1319 if (direct
== DRV_CRYPTO_DIRECTION_DECRYPT
&&
1320 req
->cryptlen
< ctx
->authsize
)
1323 areq_ctx
->is_single_pass
= true; /*defaulted to fast flow*/
1325 switch (ctx
->flow_mode
) {
1327 if (ctx
->cipher_mode
== DRV_CIPHER_CBC
&&
1328 !IS_ALIGNED(cipherlen
, AES_BLOCK_SIZE
))
1330 if (ctx
->cipher_mode
== DRV_CIPHER_CCM
)
1332 if (ctx
->cipher_mode
== DRV_CIPHER_GCTR
) {
1333 if (areq_ctx
->plaintext_authenticate_only
)
1334 areq_ctx
->is_single_pass
= false;
1338 if (!IS_ALIGNED(assoclen
, sizeof(u32
)))
1339 areq_ctx
->is_single_pass
= false;
1341 if (ctx
->cipher_mode
== DRV_CIPHER_CTR
&&
1342 !IS_ALIGNED(cipherlen
, sizeof(u32
)))
1343 areq_ctx
->is_single_pass
= false;
1347 if (!IS_ALIGNED(cipherlen
, DES_BLOCK_SIZE
))
1349 if (!IS_ALIGNED(assoclen
, DES_BLOCK_SIZE
))
1350 areq_ctx
->is_single_pass
= false;
1353 dev_err(dev
, "Unexpected flow mode (%d)\n", ctx
->flow_mode
);
1363 static unsigned int format_ccm_a0(u8
*pa0_buff
, u32 header_size
)
1365 unsigned int len
= 0;
1367 if (header_size
== 0)
1370 if (header_size
< ((1UL << 16) - (1UL << 8))) {
1373 pa0_buff
[0] = (header_size
>> 8) & 0xFF;
1374 pa0_buff
[1] = header_size
& 0xFF;
1380 pa0_buff
[2] = (header_size
>> 24) & 0xFF;
1381 pa0_buff
[3] = (header_size
>> 16) & 0xFF;
1382 pa0_buff
[4] = (header_size
>> 8) & 0xFF;
1383 pa0_buff
[5] = header_size
& 0xFF;
1389 static int set_msg_len(u8
*block
, unsigned int msglen
, unsigned int csize
)
1393 memset(block
, 0, csize
);
1398 else if (msglen
> (1 << (8 * csize
)))
1401 data
= cpu_to_be32(msglen
);
1402 memcpy(block
- csize
, (u8
*)&data
+ 4 - csize
, csize
);
1407 static int cc_ccm(struct aead_request
*req
, struct cc_hw_desc desc
[],
1408 unsigned int *seq_size
)
1410 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1411 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1412 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1413 unsigned int idx
= *seq_size
;
1414 unsigned int cipher_flow_mode
;
1415 dma_addr_t mac_result
;
1417 if (req_ctx
->gen_ctx
.op_type
== DRV_CRYPTO_DIRECTION_DECRYPT
) {
1418 cipher_flow_mode
= AES_to_HASH_and_DOUT
;
1419 mac_result
= req_ctx
->mac_buf_dma_addr
;
1420 } else { /* Encrypt */
1421 cipher_flow_mode
= AES_and_HASH
;
1422 mac_result
= req_ctx
->icv_dma_addr
;
1426 hw_desc_init(&desc
[idx
]);
1427 set_cipher_mode(&desc
[idx
], DRV_CIPHER_CTR
);
1428 set_din_type(&desc
[idx
], DMA_DLLI
, ctx
->enckey_dma_addr
,
1429 ((ctx
->enc_keylen
== 24) ? CC_AES_KEY_SIZE_MAX
:
1430 ctx
->enc_keylen
), NS_BIT
);
1431 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1432 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1433 set_cipher_config0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1434 set_flow_mode(&desc
[idx
], S_DIN_to_AES
);
1437 /* load ctr state */
1438 hw_desc_init(&desc
[idx
]);
1439 set_cipher_mode(&desc
[idx
], DRV_CIPHER_CTR
);
1440 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1441 set_din_type(&desc
[idx
], DMA_DLLI
,
1442 req_ctx
->gen_ctx
.iv_dma_addr
, AES_BLOCK_SIZE
, NS_BIT
);
1443 set_cipher_config0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1444 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE1
);
1445 set_flow_mode(&desc
[idx
], S_DIN_to_AES
);
1449 hw_desc_init(&desc
[idx
]);
1450 set_cipher_mode(&desc
[idx
], DRV_CIPHER_CBC_MAC
);
1451 set_din_type(&desc
[idx
], DMA_DLLI
, ctx
->enckey_dma_addr
,
1452 ((ctx
->enc_keylen
== 24) ? CC_AES_KEY_SIZE_MAX
:
1453 ctx
->enc_keylen
), NS_BIT
);
1454 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1455 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1456 set_cipher_config0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1457 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1458 set_aes_not_hash_mode(&desc
[idx
]);
1461 /* load MAC state */
1462 hw_desc_init(&desc
[idx
]);
1463 set_cipher_mode(&desc
[idx
], DRV_CIPHER_CBC_MAC
);
1464 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1465 set_din_type(&desc
[idx
], DMA_DLLI
, req_ctx
->mac_buf_dma_addr
,
1466 AES_BLOCK_SIZE
, NS_BIT
);
1467 set_cipher_config0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1468 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE0
);
1469 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1470 set_aes_not_hash_mode(&desc
[idx
]);
1473 /* process assoc data */
1474 if (req_ctx
->assoclen
> 0) {
1475 cc_set_assoc_desc(req
, DIN_HASH
, desc
, &idx
);
1477 hw_desc_init(&desc
[idx
]);
1478 set_din_type(&desc
[idx
], DMA_DLLI
,
1479 sg_dma_address(&req_ctx
->ccm_adata_sg
),
1480 AES_BLOCK_SIZE
+ req_ctx
->ccm_hdr_size
, NS_BIT
);
1481 set_flow_mode(&desc
[idx
], DIN_HASH
);
1485 /* process the cipher */
1486 if (req_ctx
->cryptlen
)
1487 cc_proc_cipher_desc(req
, cipher_flow_mode
, desc
, &idx
);
1489 /* Read temporal MAC */
1490 hw_desc_init(&desc
[idx
]);
1491 set_cipher_mode(&desc
[idx
], DRV_CIPHER_CBC_MAC
);
1492 set_dout_dlli(&desc
[idx
], req_ctx
->mac_buf_dma_addr
, ctx
->authsize
,
1494 set_setup_mode(&desc
[idx
], SETUP_WRITE_STATE0
);
1495 set_cipher_config0(&desc
[idx
], HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
1496 set_flow_mode(&desc
[idx
], S_HASH_to_DOUT
);
1497 set_aes_not_hash_mode(&desc
[idx
]);
1500 /* load AES-CTR state (for last MAC calculation)*/
1501 hw_desc_init(&desc
[idx
]);
1502 set_cipher_mode(&desc
[idx
], DRV_CIPHER_CTR
);
1503 set_cipher_config0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1504 set_din_type(&desc
[idx
], DMA_DLLI
, req_ctx
->ccm_iv0_dma_addr
,
1505 AES_BLOCK_SIZE
, NS_BIT
);
1506 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1507 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE1
);
1508 set_flow_mode(&desc
[idx
], S_DIN_to_AES
);
1511 hw_desc_init(&desc
[idx
]);
1512 set_din_no_dma(&desc
[idx
], 0, 0xfffff0);
1513 set_dout_no_dma(&desc
[idx
], 0, 0, 1);
1516 /* encrypt the "T" value and store MAC in mac_state */
1517 hw_desc_init(&desc
[idx
]);
1518 set_din_type(&desc
[idx
], DMA_DLLI
, req_ctx
->mac_buf_dma_addr
,
1519 ctx
->authsize
, NS_BIT
);
1520 set_dout_dlli(&desc
[idx
], mac_result
, ctx
->authsize
, NS_BIT
, 1);
1521 set_queue_last_ind(ctx
->drvdata
, &desc
[idx
]);
1522 set_flow_mode(&desc
[idx
], DIN_AES_DOUT
);
1529 static int config_ccm_adata(struct aead_request
*req
)
1531 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1532 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1533 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
1534 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1535 //unsigned int size_of_a = 0, rem_a_size = 0;
1536 unsigned int lp
= req
->iv
[0];
1537 /* Note: The code assume that req->iv[0] already contains the value
1540 unsigned int l
= lp
+ 1; /* This is L' of RFC 3610. */
1541 unsigned int m
= ctx
->authsize
; /* This is M' of RFC 3610. */
1542 u8
*b0
= req_ctx
->ccm_config
+ CCM_B0_OFFSET
;
1543 u8
*a0
= req_ctx
->ccm_config
+ CCM_A0_OFFSET
;
1544 u8
*ctr_count_0
= req_ctx
->ccm_config
+ CCM_CTR_COUNT_0_OFFSET
;
1545 unsigned int cryptlen
= (req_ctx
->gen_ctx
.op_type
==
1546 DRV_CRYPTO_DIRECTION_ENCRYPT
) ?
1548 (req
->cryptlen
- ctx
->authsize
);
1551 memset(req_ctx
->mac_buf
, 0, AES_BLOCK_SIZE
);
1552 memset(req_ctx
->ccm_config
, 0, AES_BLOCK_SIZE
* 3);
1554 /* taken from crypto/ccm.c */
1555 /* 2 <= L <= 8, so 1 <= L' <= 7. */
1556 if (l
< 2 || l
> 8) {
1557 dev_err(dev
, "illegal iv value %X\n", req
->iv
[0]);
1560 memcpy(b0
, req
->iv
, AES_BLOCK_SIZE
);
1562 /* format control info per RFC 3610 and
1563 * NIST Special Publication 800-38C
1565 *b0
|= (8 * ((m
- 2) / 2));
1566 if (req_ctx
->assoclen
> 0)
1567 *b0
|= 64; /* Enable bit 6 if Adata exists. */
1569 rc
= set_msg_len(b0
+ 16 - l
, cryptlen
, l
); /* Write L'. */
1571 dev_err(dev
, "message len overflow detected");
1574 /* END of "taken from crypto/ccm.c" */
1576 /* l(a) - size of associated data. */
1577 req_ctx
->ccm_hdr_size
= format_ccm_a0(a0
, req_ctx
->assoclen
);
1579 memset(req
->iv
+ 15 - req
->iv
[0], 0, req
->iv
[0] + 1);
1582 memcpy(ctr_count_0
, req
->iv
, AES_BLOCK_SIZE
);
1583 ctr_count_0
[15] = 0;
1588 static void cc_proc_rfc4309_ccm(struct aead_request
*req
)
1590 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1591 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1592 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
1595 memset(areq_ctx
->ctr_iv
, 0, AES_BLOCK_SIZE
);
1596 /* For RFC 4309, always use 4 bytes for message length
1597 * (at most 2^32-1 bytes).
1599 areq_ctx
->ctr_iv
[0] = 3;
1601 /* In RFC 4309 there is an 11-bytes nonce+IV part,
1602 * that we build here.
1604 memcpy(areq_ctx
->ctr_iv
+ CCM_BLOCK_NONCE_OFFSET
, ctx
->ctr_nonce
,
1605 CCM_BLOCK_NONCE_SIZE
);
1606 memcpy(areq_ctx
->ctr_iv
+ CCM_BLOCK_IV_OFFSET
, req
->iv
,
1608 req
->iv
= areq_ctx
->ctr_iv
;
1609 areq_ctx
->assoclen
-= CCM_BLOCK_IV_SIZE
;
1612 static void cc_set_ghash_desc(struct aead_request
*req
,
1613 struct cc_hw_desc desc
[], unsigned int *seq_size
)
1615 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1616 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1617 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1618 unsigned int idx
= *seq_size
;
1620 /* load key to AES*/
1621 hw_desc_init(&desc
[idx
]);
1622 set_cipher_mode(&desc
[idx
], DRV_CIPHER_ECB
);
1623 set_cipher_config0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1624 set_din_type(&desc
[idx
], DMA_DLLI
, ctx
->enckey_dma_addr
,
1625 ctx
->enc_keylen
, NS_BIT
);
1626 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1627 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1628 set_flow_mode(&desc
[idx
], S_DIN_to_AES
);
1631 /* process one zero block to generate hkey */
1632 hw_desc_init(&desc
[idx
]);
1633 set_din_const(&desc
[idx
], 0x0, AES_BLOCK_SIZE
);
1634 set_dout_dlli(&desc
[idx
], req_ctx
->hkey_dma_addr
, AES_BLOCK_SIZE
,
1636 set_flow_mode(&desc
[idx
], DIN_AES_DOUT
);
1639 /* Memory Barrier */
1640 hw_desc_init(&desc
[idx
]);
1641 set_din_no_dma(&desc
[idx
], 0, 0xfffff0);
1642 set_dout_no_dma(&desc
[idx
], 0, 0, 1);
1645 /* Load GHASH subkey */
1646 hw_desc_init(&desc
[idx
]);
1647 set_din_type(&desc
[idx
], DMA_DLLI
, req_ctx
->hkey_dma_addr
,
1648 AES_BLOCK_SIZE
, NS_BIT
);
1649 set_dout_no_dma(&desc
[idx
], 0, 0, 1);
1650 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1651 set_aes_not_hash_mode(&desc
[idx
]);
1652 set_cipher_mode(&desc
[idx
], DRV_HASH_HW_GHASH
);
1653 set_cipher_config1(&desc
[idx
], HASH_PADDING_ENABLED
);
1654 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1657 /* Configure Hash Engine to work with GHASH.
1658 * Since it was not possible to extend HASH submodes to add GHASH,
1659 * The following command is necessary in order to
1660 * select GHASH (according to HW designers)
1662 hw_desc_init(&desc
[idx
]);
1663 set_din_no_dma(&desc
[idx
], 0, 0xfffff0);
1664 set_dout_no_dma(&desc
[idx
], 0, 0, 1);
1665 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1666 set_aes_not_hash_mode(&desc
[idx
]);
1667 set_cipher_mode(&desc
[idx
], DRV_HASH_HW_GHASH
);
1668 set_cipher_do(&desc
[idx
], 1); //1=AES_SK RKEK
1669 set_cipher_config0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1670 set_cipher_config1(&desc
[idx
], HASH_PADDING_ENABLED
);
1671 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1674 /* Load GHASH initial STATE (which is 0). (for any hash there is an
1677 hw_desc_init(&desc
[idx
]);
1678 set_din_const(&desc
[idx
], 0x0, AES_BLOCK_SIZE
);
1679 set_dout_no_dma(&desc
[idx
], 0, 0, 1);
1680 set_flow_mode(&desc
[idx
], S_DIN_to_HASH
);
1681 set_aes_not_hash_mode(&desc
[idx
]);
1682 set_cipher_mode(&desc
[idx
], DRV_HASH_HW_GHASH
);
1683 set_cipher_config1(&desc
[idx
], HASH_PADDING_ENABLED
);
1684 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE0
);
1690 static void cc_set_gctr_desc(struct aead_request
*req
, struct cc_hw_desc desc
[],
1691 unsigned int *seq_size
)
1693 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1694 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1695 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1696 unsigned int idx
= *seq_size
;
1698 /* load key to AES*/
1699 hw_desc_init(&desc
[idx
]);
1700 set_cipher_mode(&desc
[idx
], DRV_CIPHER_GCTR
);
1701 set_cipher_config0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1702 set_din_type(&desc
[idx
], DMA_DLLI
, ctx
->enckey_dma_addr
,
1703 ctx
->enc_keylen
, NS_BIT
);
1704 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1705 set_setup_mode(&desc
[idx
], SETUP_LOAD_KEY0
);
1706 set_flow_mode(&desc
[idx
], S_DIN_to_AES
);
1709 if (req_ctx
->cryptlen
&& !req_ctx
->plaintext_authenticate_only
) {
1710 /* load AES/CTR initial CTR value inc by 2*/
1711 hw_desc_init(&desc
[idx
]);
1712 set_cipher_mode(&desc
[idx
], DRV_CIPHER_GCTR
);
1713 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1714 set_din_type(&desc
[idx
], DMA_DLLI
,
1715 req_ctx
->gcm_iv_inc2_dma_addr
, AES_BLOCK_SIZE
,
1717 set_cipher_config0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1718 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE1
);
1719 set_flow_mode(&desc
[idx
], S_DIN_to_AES
);
1726 static void cc_proc_gcm_result(struct aead_request
*req
,
1727 struct cc_hw_desc desc
[],
1728 unsigned int *seq_size
)
1730 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1731 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1732 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1733 dma_addr_t mac_result
;
1734 unsigned int idx
= *seq_size
;
1736 if (req_ctx
->gen_ctx
.op_type
== DRV_CRYPTO_DIRECTION_DECRYPT
) {
1737 mac_result
= req_ctx
->mac_buf_dma_addr
;
1738 } else { /* Encrypt */
1739 mac_result
= req_ctx
->icv_dma_addr
;
1742 /* process(ghash) gcm_block_len */
1743 hw_desc_init(&desc
[idx
]);
1744 set_din_type(&desc
[idx
], DMA_DLLI
, req_ctx
->gcm_block_len_dma_addr
,
1745 AES_BLOCK_SIZE
, NS_BIT
);
1746 set_flow_mode(&desc
[idx
], DIN_HASH
);
1749 /* Store GHASH state after GHASH(Associated Data + Cipher +LenBlock) */
1750 hw_desc_init(&desc
[idx
]);
1751 set_cipher_mode(&desc
[idx
], DRV_HASH_HW_GHASH
);
1752 set_din_no_dma(&desc
[idx
], 0, 0xfffff0);
1753 set_dout_dlli(&desc
[idx
], req_ctx
->mac_buf_dma_addr
, AES_BLOCK_SIZE
,
1755 set_setup_mode(&desc
[idx
], SETUP_WRITE_STATE0
);
1756 set_flow_mode(&desc
[idx
], S_HASH_to_DOUT
);
1757 set_aes_not_hash_mode(&desc
[idx
]);
1761 /* load AES/CTR initial CTR value inc by 1*/
1762 hw_desc_init(&desc
[idx
]);
1763 set_cipher_mode(&desc
[idx
], DRV_CIPHER_GCTR
);
1764 set_key_size_aes(&desc
[idx
], ctx
->enc_keylen
);
1765 set_din_type(&desc
[idx
], DMA_DLLI
, req_ctx
->gcm_iv_inc1_dma_addr
,
1766 AES_BLOCK_SIZE
, NS_BIT
);
1767 set_cipher_config0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1768 set_setup_mode(&desc
[idx
], SETUP_LOAD_STATE1
);
1769 set_flow_mode(&desc
[idx
], S_DIN_to_AES
);
1772 /* Memory Barrier */
1773 hw_desc_init(&desc
[idx
]);
1774 set_din_no_dma(&desc
[idx
], 0, 0xfffff0);
1775 set_dout_no_dma(&desc
[idx
], 0, 0, 1);
1778 /* process GCTR on stored GHASH and store MAC in mac_state*/
1779 hw_desc_init(&desc
[idx
]);
1780 set_cipher_mode(&desc
[idx
], DRV_CIPHER_GCTR
);
1781 set_din_type(&desc
[idx
], DMA_DLLI
, req_ctx
->mac_buf_dma_addr
,
1782 AES_BLOCK_SIZE
, NS_BIT
);
1783 set_dout_dlli(&desc
[idx
], mac_result
, ctx
->authsize
, NS_BIT
, 1);
1784 set_queue_last_ind(ctx
->drvdata
, &desc
[idx
]);
1785 set_flow_mode(&desc
[idx
], DIN_AES_DOUT
);
1791 static int cc_gcm(struct aead_request
*req
, struct cc_hw_desc desc
[],
1792 unsigned int *seq_size
)
1794 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1795 unsigned int cipher_flow_mode
;
1797 if (req_ctx
->gen_ctx
.op_type
== DRV_CRYPTO_DIRECTION_DECRYPT
) {
1798 cipher_flow_mode
= AES_and_HASH
;
1799 } else { /* Encrypt */
1800 cipher_flow_mode
= AES_to_HASH_and_DOUT
;
1803 //in RFC4543 no data to encrypt. just copy data from src to dest.
1804 if (req_ctx
->plaintext_authenticate_only
) {
1805 cc_proc_cipher_desc(req
, BYPASS
, desc
, seq_size
);
1806 cc_set_ghash_desc(req
, desc
, seq_size
);
1807 /* process(ghash) assoc data */
1808 cc_set_assoc_desc(req
, DIN_HASH
, desc
, seq_size
);
1809 cc_set_gctr_desc(req
, desc
, seq_size
);
1810 cc_proc_gcm_result(req
, desc
, seq_size
);
1814 // for gcm and rfc4106.
1815 cc_set_ghash_desc(req
, desc
, seq_size
);
1816 /* process(ghash) assoc data */
1817 if (req_ctx
->assoclen
> 0)
1818 cc_set_assoc_desc(req
, DIN_HASH
, desc
, seq_size
);
1819 cc_set_gctr_desc(req
, desc
, seq_size
);
1820 /* process(gctr+ghash) */
1821 if (req_ctx
->cryptlen
)
1822 cc_proc_cipher_desc(req
, cipher_flow_mode
, desc
, seq_size
);
1823 cc_proc_gcm_result(req
, desc
, seq_size
);
1828 static int config_gcm_context(struct aead_request
*req
)
1830 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1831 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1832 struct aead_req_ctx
*req_ctx
= aead_request_ctx(req
);
1833 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
1835 unsigned int cryptlen
= (req_ctx
->gen_ctx
.op_type
==
1836 DRV_CRYPTO_DIRECTION_ENCRYPT
) ?
1838 (req
->cryptlen
- ctx
->authsize
);
1839 __be32 counter
= cpu_to_be32(2);
1841 dev_dbg(dev
, "%s() cryptlen = %d, req_ctx->assoclen = %d ctx->authsize = %d\n",
1842 __func__
, cryptlen
, req_ctx
->assoclen
, ctx
->authsize
);
1844 memset(req_ctx
->hkey
, 0, AES_BLOCK_SIZE
);
1846 memset(req_ctx
->mac_buf
, 0, AES_BLOCK_SIZE
);
1848 memcpy(req
->iv
+ 12, &counter
, 4);
1849 memcpy(req_ctx
->gcm_iv_inc2
, req
->iv
, 16);
1851 counter
= cpu_to_be32(1);
1852 memcpy(req
->iv
+ 12, &counter
, 4);
1853 memcpy(req_ctx
->gcm_iv_inc1
, req
->iv
, 16);
1855 if (!req_ctx
->plaintext_authenticate_only
) {
1858 temp64
= cpu_to_be64(req_ctx
->assoclen
* 8);
1859 memcpy(&req_ctx
->gcm_len_block
.len_a
, &temp64
, sizeof(temp64
));
1860 temp64
= cpu_to_be64(cryptlen
* 8);
1861 memcpy(&req_ctx
->gcm_len_block
.len_c
, &temp64
, 8);
1863 /* rfc4543=> all data(AAD,IV,Plain) are considered additional
1864 * data that is nothing is encrypted.
1868 temp64
= cpu_to_be64((req_ctx
->assoclen
+
1869 GCM_BLOCK_RFC4_IV_SIZE
+ cryptlen
) * 8);
1870 memcpy(&req_ctx
->gcm_len_block
.len_a
, &temp64
, sizeof(temp64
));
1872 memcpy(&req_ctx
->gcm_len_block
.len_c
, &temp64
, 8);
1878 static void cc_proc_rfc4_gcm(struct aead_request
*req
)
1880 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1881 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1882 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
1884 memcpy(areq_ctx
->ctr_iv
+ GCM_BLOCK_RFC4_NONCE_OFFSET
,
1885 ctx
->ctr_nonce
, GCM_BLOCK_RFC4_NONCE_SIZE
);
1886 memcpy(areq_ctx
->ctr_iv
+ GCM_BLOCK_RFC4_IV_OFFSET
, req
->iv
,
1887 GCM_BLOCK_RFC4_IV_SIZE
);
1888 req
->iv
= areq_ctx
->ctr_iv
;
1889 areq_ctx
->assoclen
-= GCM_BLOCK_RFC4_IV_SIZE
;
1892 static int cc_proc_aead(struct aead_request
*req
,
1893 enum drv_crypto_direction direct
)
1897 struct cc_hw_desc desc
[MAX_AEAD_PROCESS_SEQ
];
1898 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
1899 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
1900 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
1901 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
1902 struct cc_crypto_req cc_req
= {};
1904 dev_dbg(dev
, "%s context=%p req=%p iv=%p src=%p src_ofs=%d dst=%p dst_ofs=%d cryptolen=%d\n",
1905 ((direct
== DRV_CRYPTO_DIRECTION_ENCRYPT
) ? "Enc" : "Dec"),
1906 ctx
, req
, req
->iv
, sg_virt(req
->src
), req
->src
->offset
,
1907 sg_virt(req
->dst
), req
->dst
->offset
, req
->cryptlen
);
1909 /* STAT_PHASE_0: Init and sanity checks */
1911 /* Check data length according to mode */
1912 if (validate_data_size(ctx
, direct
, req
)) {
1913 dev_err(dev
, "Unsupported crypt/assoc len %d/%d.\n",
1914 req
->cryptlen
, areq_ctx
->assoclen
);
1915 crypto_aead_set_flags(tfm
, CRYPTO_TFM_RES_BAD_BLOCK_LEN
);
1919 /* Setup request structure */
1920 cc_req
.user_cb
= (void *)cc_aead_complete
;
1921 cc_req
.user_arg
= (void *)req
;
1923 /* Setup request context */
1924 areq_ctx
->gen_ctx
.op_type
= direct
;
1925 areq_ctx
->req_authsize
= ctx
->authsize
;
1926 areq_ctx
->cipher_mode
= ctx
->cipher_mode
;
1928 /* STAT_PHASE_1: Map buffers */
1930 if (ctx
->cipher_mode
== DRV_CIPHER_CTR
) {
1931 /* Build CTR IV - Copy nonce from last 4 bytes in
1932 * CTR key to first 4 bytes in CTR IV
1934 memcpy(areq_ctx
->ctr_iv
, ctx
->ctr_nonce
,
1935 CTR_RFC3686_NONCE_SIZE
);
1936 if (!areq_ctx
->backup_giv
) /*User none-generated IV*/
1937 memcpy(areq_ctx
->ctr_iv
+ CTR_RFC3686_NONCE_SIZE
,
1938 req
->iv
, CTR_RFC3686_IV_SIZE
);
1939 /* Initialize counter portion of counter block */
1940 *(__be32
*)(areq_ctx
->ctr_iv
+ CTR_RFC3686_NONCE_SIZE
+
1941 CTR_RFC3686_IV_SIZE
) = cpu_to_be32(1);
1943 /* Replace with counter iv */
1944 req
->iv
= areq_ctx
->ctr_iv
;
1945 areq_ctx
->hw_iv_size
= CTR_RFC3686_BLOCK_SIZE
;
1946 } else if ((ctx
->cipher_mode
== DRV_CIPHER_CCM
) ||
1947 (ctx
->cipher_mode
== DRV_CIPHER_GCTR
)) {
1948 areq_ctx
->hw_iv_size
= AES_BLOCK_SIZE
;
1949 if (areq_ctx
->ctr_iv
!= req
->iv
) {
1950 memcpy(areq_ctx
->ctr_iv
, req
->iv
,
1951 crypto_aead_ivsize(tfm
));
1952 req
->iv
= areq_ctx
->ctr_iv
;
1955 areq_ctx
->hw_iv_size
= crypto_aead_ivsize(tfm
);
1958 if (ctx
->cipher_mode
== DRV_CIPHER_CCM
) {
1959 rc
= config_ccm_adata(req
);
1961 dev_dbg(dev
, "config_ccm_adata() returned with a failure %d!",
1966 areq_ctx
->ccm_hdr_size
= ccm_header_size_null
;
1969 if (ctx
->cipher_mode
== DRV_CIPHER_GCTR
) {
1970 rc
= config_gcm_context(req
);
1972 dev_dbg(dev
, "config_gcm_context() returned with a failure %d!",
1978 rc
= cc_map_aead_request(ctx
->drvdata
, req
);
1980 dev_err(dev
, "map_request() failed\n");
1984 /* do we need to generate IV? */
1985 if (areq_ctx
->backup_giv
) {
1986 /* set the DMA mapped IV address*/
1987 if (ctx
->cipher_mode
== DRV_CIPHER_CTR
) {
1988 cc_req
.ivgen_dma_addr
[0] =
1989 areq_ctx
->gen_ctx
.iv_dma_addr
+
1990 CTR_RFC3686_NONCE_SIZE
;
1991 cc_req
.ivgen_dma_addr_len
= 1;
1992 } else if (ctx
->cipher_mode
== DRV_CIPHER_CCM
) {
1993 /* In ccm, the IV needs to exist both inside B0 and
1994 * inside the counter.It is also copied to iv_dma_addr
1995 * for other reasons (like returning it to the user).
1996 * So, using 3 (identical) IV outputs.
1998 cc_req
.ivgen_dma_addr
[0] =
1999 areq_ctx
->gen_ctx
.iv_dma_addr
+
2000 CCM_BLOCK_IV_OFFSET
;
2001 cc_req
.ivgen_dma_addr
[1] =
2002 sg_dma_address(&areq_ctx
->ccm_adata_sg
) +
2003 CCM_B0_OFFSET
+ CCM_BLOCK_IV_OFFSET
;
2004 cc_req
.ivgen_dma_addr
[2] =
2005 sg_dma_address(&areq_ctx
->ccm_adata_sg
) +
2006 CCM_CTR_COUNT_0_OFFSET
+ CCM_BLOCK_IV_OFFSET
;
2007 cc_req
.ivgen_dma_addr_len
= 3;
2009 cc_req
.ivgen_dma_addr
[0] =
2010 areq_ctx
->gen_ctx
.iv_dma_addr
;
2011 cc_req
.ivgen_dma_addr_len
= 1;
2014 /* set the IV size (8/16 B long)*/
2015 cc_req
.ivgen_size
= crypto_aead_ivsize(tfm
);
2018 /* STAT_PHASE_2: Create sequence */
2020 /* Load MLLI tables to SRAM if necessary */
2021 cc_mlli_to_sram(req
, desc
, &seq_len
);
2023 /*TODO: move seq len by reference */
2024 switch (ctx
->auth_mode
) {
2026 case DRV_HASH_SHA256
:
2027 cc_hmac_authenc(req
, desc
, &seq_len
);
2029 case DRV_HASH_XCBC_MAC
:
2030 cc_xcbc_authenc(req
, desc
, &seq_len
);
2033 if (ctx
->cipher_mode
== DRV_CIPHER_CCM
)
2034 cc_ccm(req
, desc
, &seq_len
);
2035 if (ctx
->cipher_mode
== DRV_CIPHER_GCTR
)
2036 cc_gcm(req
, desc
, &seq_len
);
2039 dev_err(dev
, "Unsupported authenc (%d)\n", ctx
->auth_mode
);
2040 cc_unmap_aead_request(dev
, req
);
2045 /* STAT_PHASE_3: Lock HW and push sequence */
2047 rc
= cc_send_request(ctx
->drvdata
, &cc_req
, desc
, seq_len
, &req
->base
);
2049 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
) {
2050 dev_err(dev
, "send_request() failed (rc=%d)\n", rc
);
2051 cc_unmap_aead_request(dev
, req
);
2058 static int cc_aead_encrypt(struct aead_request
*req
)
2060 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
2063 memset(areq_ctx
, 0, sizeof(*areq_ctx
));
2065 /* No generated IV required */
2066 areq_ctx
->backup_iv
= req
->iv
;
2067 areq_ctx
->assoclen
= req
->assoclen
;
2068 areq_ctx
->backup_giv
= NULL
;
2069 areq_ctx
->is_gcm4543
= false;
2071 areq_ctx
->plaintext_authenticate_only
= false;
2073 rc
= cc_proc_aead(req
, DRV_CRYPTO_DIRECTION_ENCRYPT
);
2074 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
)
2075 req
->iv
= areq_ctx
->backup_iv
;
2080 static int cc_rfc4309_ccm_encrypt(struct aead_request
*req
)
2082 /* Very similar to cc_aead_encrypt() above. */
2084 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
2085 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
2086 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
2087 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
2090 if (!valid_assoclen(req
)) {
2091 dev_err(dev
, "invalid Assoclen:%u\n", req
->assoclen
);
2095 memset(areq_ctx
, 0, sizeof(*areq_ctx
));
2097 /* No generated IV required */
2098 areq_ctx
->backup_iv
= req
->iv
;
2099 areq_ctx
->assoclen
= req
->assoclen
;
2100 areq_ctx
->backup_giv
= NULL
;
2101 areq_ctx
->is_gcm4543
= true;
2103 cc_proc_rfc4309_ccm(req
);
2105 rc
= cc_proc_aead(req
, DRV_CRYPTO_DIRECTION_ENCRYPT
);
2106 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
)
2107 req
->iv
= areq_ctx
->backup_iv
;
2112 static int cc_aead_decrypt(struct aead_request
*req
)
2114 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
2117 memset(areq_ctx
, 0, sizeof(*areq_ctx
));
2119 /* No generated IV required */
2120 areq_ctx
->backup_iv
= req
->iv
;
2121 areq_ctx
->assoclen
= req
->assoclen
;
2122 areq_ctx
->backup_giv
= NULL
;
2123 areq_ctx
->is_gcm4543
= false;
2125 areq_ctx
->plaintext_authenticate_only
= false;
2127 rc
= cc_proc_aead(req
, DRV_CRYPTO_DIRECTION_DECRYPT
);
2128 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
)
2129 req
->iv
= areq_ctx
->backup_iv
;
2134 static int cc_rfc4309_ccm_decrypt(struct aead_request
*req
)
2136 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
2137 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
2138 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
2139 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
2142 if (!valid_assoclen(req
)) {
2143 dev_err(dev
, "invalid Assoclen:%u\n", req
->assoclen
);
2147 memset(areq_ctx
, 0, sizeof(*areq_ctx
));
2149 /* No generated IV required */
2150 areq_ctx
->backup_iv
= req
->iv
;
2151 areq_ctx
->assoclen
= req
->assoclen
;
2152 areq_ctx
->backup_giv
= NULL
;
2154 areq_ctx
->is_gcm4543
= true;
2155 cc_proc_rfc4309_ccm(req
);
2157 rc
= cc_proc_aead(req
, DRV_CRYPTO_DIRECTION_DECRYPT
);
2158 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
)
2159 req
->iv
= areq_ctx
->backup_iv
;
2165 static int cc_rfc4106_gcm_setkey(struct crypto_aead
*tfm
, const u8
*key
,
2166 unsigned int keylen
)
2168 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
2169 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
2171 dev_dbg(dev
, "%s() keylen %d, key %p\n", __func__
, keylen
, key
);
2177 memcpy(ctx
->ctr_nonce
, key
+ keylen
, 4);
2179 return cc_aead_setkey(tfm
, key
, keylen
);
2182 static int cc_rfc4543_gcm_setkey(struct crypto_aead
*tfm
, const u8
*key
,
2183 unsigned int keylen
)
2185 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
2186 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
2188 dev_dbg(dev
, "%s() keylen %d, key %p\n", __func__
, keylen
, key
);
2194 memcpy(ctx
->ctr_nonce
, key
+ keylen
, 4);
2196 return cc_aead_setkey(tfm
, key
, keylen
);
2199 static int cc_gcm_setauthsize(struct crypto_aead
*authenc
,
2200 unsigned int authsize
)
2215 return cc_aead_setauthsize(authenc
, authsize
);
2218 static int cc_rfc4106_gcm_setauthsize(struct crypto_aead
*authenc
,
2219 unsigned int authsize
)
2221 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(authenc
);
2222 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
2224 dev_dbg(dev
, "authsize %d\n", authsize
);
2235 return cc_aead_setauthsize(authenc
, authsize
);
2238 static int cc_rfc4543_gcm_setauthsize(struct crypto_aead
*authenc
,
2239 unsigned int authsize
)
2241 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(authenc
);
2242 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
2244 dev_dbg(dev
, "authsize %d\n", authsize
);
2249 return cc_aead_setauthsize(authenc
, authsize
);
2252 static int cc_rfc4106_gcm_encrypt(struct aead_request
*req
)
2254 /* Very similar to cc_aead_encrypt() above. */
2256 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
2257 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
2258 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
2259 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
2262 if (!valid_assoclen(req
)) {
2263 dev_err(dev
, "invalid Assoclen:%u\n", req
->assoclen
);
2267 memset(areq_ctx
, 0, sizeof(*areq_ctx
));
2269 /* No generated IV required */
2270 areq_ctx
->backup_iv
= req
->iv
;
2271 areq_ctx
->assoclen
= req
->assoclen
;
2272 areq_ctx
->backup_giv
= NULL
;
2274 areq_ctx
->plaintext_authenticate_only
= false;
2276 cc_proc_rfc4_gcm(req
);
2277 areq_ctx
->is_gcm4543
= true;
2279 rc
= cc_proc_aead(req
, DRV_CRYPTO_DIRECTION_ENCRYPT
);
2280 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
)
2281 req
->iv
= areq_ctx
->backup_iv
;
2286 static int cc_rfc4543_gcm_encrypt(struct aead_request
*req
)
2288 /* Very similar to cc_aead_encrypt() above. */
2290 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
2293 memset(areq_ctx
, 0, sizeof(*areq_ctx
));
2295 //plaintext is not encryped with rfc4543
2296 areq_ctx
->plaintext_authenticate_only
= true;
2298 /* No generated IV required */
2299 areq_ctx
->backup_iv
= req
->iv
;
2300 areq_ctx
->assoclen
= req
->assoclen
;
2301 areq_ctx
->backup_giv
= NULL
;
2303 cc_proc_rfc4_gcm(req
);
2304 areq_ctx
->is_gcm4543
= true;
2306 rc
= cc_proc_aead(req
, DRV_CRYPTO_DIRECTION_ENCRYPT
);
2307 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
)
2308 req
->iv
= areq_ctx
->backup_iv
;
2313 static int cc_rfc4106_gcm_decrypt(struct aead_request
*req
)
2315 /* Very similar to cc_aead_decrypt() above. */
2317 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
2318 struct cc_aead_ctx
*ctx
= crypto_aead_ctx(tfm
);
2319 struct device
*dev
= drvdata_to_dev(ctx
->drvdata
);
2320 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
2323 if (!valid_assoclen(req
)) {
2324 dev_err(dev
, "invalid Assoclen:%u\n", req
->assoclen
);
2328 memset(areq_ctx
, 0, sizeof(*areq_ctx
));
2330 /* No generated IV required */
2331 areq_ctx
->backup_iv
= req
->iv
;
2332 areq_ctx
->assoclen
= req
->assoclen
;
2333 areq_ctx
->backup_giv
= NULL
;
2335 areq_ctx
->plaintext_authenticate_only
= false;
2337 cc_proc_rfc4_gcm(req
);
2338 areq_ctx
->is_gcm4543
= true;
2340 rc
= cc_proc_aead(req
, DRV_CRYPTO_DIRECTION_DECRYPT
);
2341 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
)
2342 req
->iv
= areq_ctx
->backup_iv
;
2347 static int cc_rfc4543_gcm_decrypt(struct aead_request
*req
)
2349 /* Very similar to cc_aead_decrypt() above. */
2351 struct aead_req_ctx
*areq_ctx
= aead_request_ctx(req
);
2354 memset(areq_ctx
, 0, sizeof(*areq_ctx
));
2356 //plaintext is not decryped with rfc4543
2357 areq_ctx
->plaintext_authenticate_only
= true;
2359 /* No generated IV required */
2360 areq_ctx
->backup_iv
= req
->iv
;
2361 areq_ctx
->assoclen
= req
->assoclen
;
2362 areq_ctx
->backup_giv
= NULL
;
2364 cc_proc_rfc4_gcm(req
);
2365 areq_ctx
->is_gcm4543
= true;
2367 rc
= cc_proc_aead(req
, DRV_CRYPTO_DIRECTION_DECRYPT
);
2368 if (rc
!= -EINPROGRESS
&& rc
!= -EBUSY
)
2369 req
->iv
= areq_ctx
->backup_iv
;
2375 static struct cc_alg_template aead_algs
[] = {
2377 .name
= "authenc(hmac(sha1),cbc(aes))",
2378 .driver_name
= "authenc-hmac-sha1-cbc-aes-ccree",
2379 .blocksize
= AES_BLOCK_SIZE
,
2381 .setkey
= cc_aead_setkey
,
2382 .setauthsize
= cc_aead_setauthsize
,
2383 .encrypt
= cc_aead_encrypt
,
2384 .decrypt
= cc_aead_decrypt
,
2385 .init
= cc_aead_init
,
2386 .exit
= cc_aead_exit
,
2387 .ivsize
= AES_BLOCK_SIZE
,
2388 .maxauthsize
= SHA1_DIGEST_SIZE
,
2390 .cipher_mode
= DRV_CIPHER_CBC
,
2391 .flow_mode
= S_DIN_to_AES
,
2392 .auth_mode
= DRV_HASH_SHA1
,
2393 .min_hw_rev
= CC_HW_REV_630
,
2396 .name
= "authenc(hmac(sha1),cbc(des3_ede))",
2397 .driver_name
= "authenc-hmac-sha1-cbc-des3-ccree",
2398 .blocksize
= DES3_EDE_BLOCK_SIZE
,
2400 .setkey
= cc_aead_setkey
,
2401 .setauthsize
= cc_aead_setauthsize
,
2402 .encrypt
= cc_aead_encrypt
,
2403 .decrypt
= cc_aead_decrypt
,
2404 .init
= cc_aead_init
,
2405 .exit
= cc_aead_exit
,
2406 .ivsize
= DES3_EDE_BLOCK_SIZE
,
2407 .maxauthsize
= SHA1_DIGEST_SIZE
,
2409 .cipher_mode
= DRV_CIPHER_CBC
,
2410 .flow_mode
= S_DIN_to_DES
,
2411 .auth_mode
= DRV_HASH_SHA1
,
2412 .min_hw_rev
= CC_HW_REV_630
,
2415 .name
= "authenc(hmac(sha256),cbc(aes))",
2416 .driver_name
= "authenc-hmac-sha256-cbc-aes-ccree",
2417 .blocksize
= AES_BLOCK_SIZE
,
2419 .setkey
= cc_aead_setkey
,
2420 .setauthsize
= cc_aead_setauthsize
,
2421 .encrypt
= cc_aead_encrypt
,
2422 .decrypt
= cc_aead_decrypt
,
2423 .init
= cc_aead_init
,
2424 .exit
= cc_aead_exit
,
2425 .ivsize
= AES_BLOCK_SIZE
,
2426 .maxauthsize
= SHA256_DIGEST_SIZE
,
2428 .cipher_mode
= DRV_CIPHER_CBC
,
2429 .flow_mode
= S_DIN_to_AES
,
2430 .auth_mode
= DRV_HASH_SHA256
,
2431 .min_hw_rev
= CC_HW_REV_630
,
2434 .name
= "authenc(hmac(sha256),cbc(des3_ede))",
2435 .driver_name
= "authenc-hmac-sha256-cbc-des3-ccree",
2436 .blocksize
= DES3_EDE_BLOCK_SIZE
,
2438 .setkey
= cc_aead_setkey
,
2439 .setauthsize
= cc_aead_setauthsize
,
2440 .encrypt
= cc_aead_encrypt
,
2441 .decrypt
= cc_aead_decrypt
,
2442 .init
= cc_aead_init
,
2443 .exit
= cc_aead_exit
,
2444 .ivsize
= DES3_EDE_BLOCK_SIZE
,
2445 .maxauthsize
= SHA256_DIGEST_SIZE
,
2447 .cipher_mode
= DRV_CIPHER_CBC
,
2448 .flow_mode
= S_DIN_to_DES
,
2449 .auth_mode
= DRV_HASH_SHA256
,
2450 .min_hw_rev
= CC_HW_REV_630
,
2453 .name
= "authenc(xcbc(aes),cbc(aes))",
2454 .driver_name
= "authenc-xcbc-aes-cbc-aes-ccree",
2455 .blocksize
= AES_BLOCK_SIZE
,
2457 .setkey
= cc_aead_setkey
,
2458 .setauthsize
= cc_aead_setauthsize
,
2459 .encrypt
= cc_aead_encrypt
,
2460 .decrypt
= cc_aead_decrypt
,
2461 .init
= cc_aead_init
,
2462 .exit
= cc_aead_exit
,
2463 .ivsize
= AES_BLOCK_SIZE
,
2464 .maxauthsize
= AES_BLOCK_SIZE
,
2466 .cipher_mode
= DRV_CIPHER_CBC
,
2467 .flow_mode
= S_DIN_to_AES
,
2468 .auth_mode
= DRV_HASH_XCBC_MAC
,
2469 .min_hw_rev
= CC_HW_REV_630
,
2472 .name
= "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2473 .driver_name
= "authenc-hmac-sha1-rfc3686-ctr-aes-ccree",
2476 .setkey
= cc_aead_setkey
,
2477 .setauthsize
= cc_aead_setauthsize
,
2478 .encrypt
= cc_aead_encrypt
,
2479 .decrypt
= cc_aead_decrypt
,
2480 .init
= cc_aead_init
,
2481 .exit
= cc_aead_exit
,
2482 .ivsize
= CTR_RFC3686_IV_SIZE
,
2483 .maxauthsize
= SHA1_DIGEST_SIZE
,
2485 .cipher_mode
= DRV_CIPHER_CTR
,
2486 .flow_mode
= S_DIN_to_AES
,
2487 .auth_mode
= DRV_HASH_SHA1
,
2488 .min_hw_rev
= CC_HW_REV_630
,
2491 .name
= "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2492 .driver_name
= "authenc-hmac-sha256-rfc3686-ctr-aes-ccree",
2495 .setkey
= cc_aead_setkey
,
2496 .setauthsize
= cc_aead_setauthsize
,
2497 .encrypt
= cc_aead_encrypt
,
2498 .decrypt
= cc_aead_decrypt
,
2499 .init
= cc_aead_init
,
2500 .exit
= cc_aead_exit
,
2501 .ivsize
= CTR_RFC3686_IV_SIZE
,
2502 .maxauthsize
= SHA256_DIGEST_SIZE
,
2504 .cipher_mode
= DRV_CIPHER_CTR
,
2505 .flow_mode
= S_DIN_to_AES
,
2506 .auth_mode
= DRV_HASH_SHA256
,
2507 .min_hw_rev
= CC_HW_REV_630
,
2510 .name
= "authenc(xcbc(aes),rfc3686(ctr(aes)))",
2511 .driver_name
= "authenc-xcbc-aes-rfc3686-ctr-aes-ccree",
2514 .setkey
= cc_aead_setkey
,
2515 .setauthsize
= cc_aead_setauthsize
,
2516 .encrypt
= cc_aead_encrypt
,
2517 .decrypt
= cc_aead_decrypt
,
2518 .init
= cc_aead_init
,
2519 .exit
= cc_aead_exit
,
2520 .ivsize
= CTR_RFC3686_IV_SIZE
,
2521 .maxauthsize
= AES_BLOCK_SIZE
,
2523 .cipher_mode
= DRV_CIPHER_CTR
,
2524 .flow_mode
= S_DIN_to_AES
,
2525 .auth_mode
= DRV_HASH_XCBC_MAC
,
2526 .min_hw_rev
= CC_HW_REV_630
,
2530 .driver_name
= "ccm-aes-ccree",
2533 .setkey
= cc_aead_setkey
,
2534 .setauthsize
= cc_ccm_setauthsize
,
2535 .encrypt
= cc_aead_encrypt
,
2536 .decrypt
= cc_aead_decrypt
,
2537 .init
= cc_aead_init
,
2538 .exit
= cc_aead_exit
,
2539 .ivsize
= AES_BLOCK_SIZE
,
2540 .maxauthsize
= AES_BLOCK_SIZE
,
2542 .cipher_mode
= DRV_CIPHER_CCM
,
2543 .flow_mode
= S_DIN_to_AES
,
2544 .auth_mode
= DRV_HASH_NULL
,
2545 .min_hw_rev
= CC_HW_REV_630
,
2548 .name
= "rfc4309(ccm(aes))",
2549 .driver_name
= "rfc4309-ccm-aes-ccree",
2552 .setkey
= cc_rfc4309_ccm_setkey
,
2553 .setauthsize
= cc_rfc4309_ccm_setauthsize
,
2554 .encrypt
= cc_rfc4309_ccm_encrypt
,
2555 .decrypt
= cc_rfc4309_ccm_decrypt
,
2556 .init
= cc_aead_init
,
2557 .exit
= cc_aead_exit
,
2558 .ivsize
= CCM_BLOCK_IV_SIZE
,
2559 .maxauthsize
= AES_BLOCK_SIZE
,
2561 .cipher_mode
= DRV_CIPHER_CCM
,
2562 .flow_mode
= S_DIN_to_AES
,
2563 .auth_mode
= DRV_HASH_NULL
,
2564 .min_hw_rev
= CC_HW_REV_630
,
2568 .driver_name
= "gcm-aes-ccree",
2571 .setkey
= cc_aead_setkey
,
2572 .setauthsize
= cc_gcm_setauthsize
,
2573 .encrypt
= cc_aead_encrypt
,
2574 .decrypt
= cc_aead_decrypt
,
2575 .init
= cc_aead_init
,
2576 .exit
= cc_aead_exit
,
2578 .maxauthsize
= AES_BLOCK_SIZE
,
2580 .cipher_mode
= DRV_CIPHER_GCTR
,
2581 .flow_mode
= S_DIN_to_AES
,
2582 .auth_mode
= DRV_HASH_NULL
,
2583 .min_hw_rev
= CC_HW_REV_630
,
2586 .name
= "rfc4106(gcm(aes))",
2587 .driver_name
= "rfc4106-gcm-aes-ccree",
2590 .setkey
= cc_rfc4106_gcm_setkey
,
2591 .setauthsize
= cc_rfc4106_gcm_setauthsize
,
2592 .encrypt
= cc_rfc4106_gcm_encrypt
,
2593 .decrypt
= cc_rfc4106_gcm_decrypt
,
2594 .init
= cc_aead_init
,
2595 .exit
= cc_aead_exit
,
2596 .ivsize
= GCM_BLOCK_RFC4_IV_SIZE
,
2597 .maxauthsize
= AES_BLOCK_SIZE
,
2599 .cipher_mode
= DRV_CIPHER_GCTR
,
2600 .flow_mode
= S_DIN_to_AES
,
2601 .auth_mode
= DRV_HASH_NULL
,
2602 .min_hw_rev
= CC_HW_REV_630
,
2605 .name
= "rfc4543(gcm(aes))",
2606 .driver_name
= "rfc4543-gcm-aes-ccree",
2609 .setkey
= cc_rfc4543_gcm_setkey
,
2610 .setauthsize
= cc_rfc4543_gcm_setauthsize
,
2611 .encrypt
= cc_rfc4543_gcm_encrypt
,
2612 .decrypt
= cc_rfc4543_gcm_decrypt
,
2613 .init
= cc_aead_init
,
2614 .exit
= cc_aead_exit
,
2615 .ivsize
= GCM_BLOCK_RFC4_IV_SIZE
,
2616 .maxauthsize
= AES_BLOCK_SIZE
,
2618 .cipher_mode
= DRV_CIPHER_GCTR
,
2619 .flow_mode
= S_DIN_to_AES
,
2620 .auth_mode
= DRV_HASH_NULL
,
2621 .min_hw_rev
= CC_HW_REV_630
,
2625 static struct cc_crypto_alg
*cc_create_aead_alg(struct cc_alg_template
*tmpl
,
2628 struct cc_crypto_alg
*t_alg
;
2629 struct aead_alg
*alg
;
2631 t_alg
= kzalloc(sizeof(*t_alg
), GFP_KERNEL
);
2633 return ERR_PTR(-ENOMEM
);
2635 alg
= &tmpl
->template_aead
;
2637 snprintf(alg
->base
.cra_name
, CRYPTO_MAX_ALG_NAME
, "%s", tmpl
->name
);
2638 snprintf(alg
->base
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
, "%s",
2640 alg
->base
.cra_module
= THIS_MODULE
;
2641 alg
->base
.cra_priority
= CC_CRA_PRIO
;
2643 alg
->base
.cra_ctxsize
= sizeof(struct cc_aead_ctx
);
2644 alg
->base
.cra_flags
= CRYPTO_ALG_ASYNC
| CRYPTO_ALG_KERN_DRIVER_ONLY
;
2645 alg
->init
= cc_aead_init
;
2646 alg
->exit
= cc_aead_exit
;
2648 t_alg
->aead_alg
= *alg
;
2650 t_alg
->cipher_mode
= tmpl
->cipher_mode
;
2651 t_alg
->flow_mode
= tmpl
->flow_mode
;
2652 t_alg
->auth_mode
= tmpl
->auth_mode
;
2657 int cc_aead_free(struct cc_drvdata
*drvdata
)
2659 struct cc_crypto_alg
*t_alg
, *n
;
2660 struct cc_aead_handle
*aead_handle
=
2661 (struct cc_aead_handle
*)drvdata
->aead_handle
;
2664 /* Remove registered algs */
2665 list_for_each_entry_safe(t_alg
, n
, &aead_handle
->aead_list
,
2667 crypto_unregister_aead(&t_alg
->aead_alg
);
2668 list_del(&t_alg
->entry
);
2672 drvdata
->aead_handle
= NULL
;
2678 int cc_aead_alloc(struct cc_drvdata
*drvdata
)
2680 struct cc_aead_handle
*aead_handle
;
2681 struct cc_crypto_alg
*t_alg
;
2684 struct device
*dev
= drvdata_to_dev(drvdata
);
2686 aead_handle
= kmalloc(sizeof(*aead_handle
), GFP_KERNEL
);
2692 INIT_LIST_HEAD(&aead_handle
->aead_list
);
2693 drvdata
->aead_handle
= aead_handle
;
2695 aead_handle
->sram_workspace_addr
= cc_sram_alloc(drvdata
,
2696 MAX_HMAC_DIGEST_SIZE
);
2698 if (aead_handle
->sram_workspace_addr
== NULL_SRAM_ADDR
) {
2699 dev_err(dev
, "SRAM pool exhausted\n");
2705 for (alg
= 0; alg
< ARRAY_SIZE(aead_algs
); alg
++) {
2706 if (aead_algs
[alg
].min_hw_rev
> drvdata
->hw_rev
)
2709 t_alg
= cc_create_aead_alg(&aead_algs
[alg
], dev
);
2710 if (IS_ERR(t_alg
)) {
2711 rc
= PTR_ERR(t_alg
);
2712 dev_err(dev
, "%s alg allocation failed\n",
2713 aead_algs
[alg
].driver_name
);
2716 t_alg
->drvdata
= drvdata
;
2717 rc
= crypto_register_aead(&t_alg
->aead_alg
);
2719 dev_err(dev
, "%s alg registration failed\n",
2720 t_alg
->aead_alg
.base
.cra_driver_name
);
2723 list_add_tail(&t_alg
->entry
, &aead_handle
->aead_list
);
2724 dev_dbg(dev
, "Registered %s\n",
2725 t_alg
->aead_alg
.base
.cra_driver_name
);
2734 cc_aead_free(drvdata
);