search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmaengine: imx-sdma: Let the core do the device node validation
[linux/fpc-iii.git] / drivers / crypto / ccree / cc_aead.c
blob7aa4cbe19a86f523ca390d0943b75a8c27e36876
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (C) 2012-2019 ARM Limited (or its affiliates). */
3
4 #include <linux/kernel.h>
5 #include <linux/module.h>
6 #include <crypto/algapi.h>
7 #include <crypto/internal/aead.h>
8 #include <crypto/authenc.h>
9 #include <crypto/des.h>
10 #include <linux/rtnetlink.h>
11 #include "cc_driver.h"
12 #include "cc_buffer_mgr.h"
13 #include "cc_aead.h"
14 #include "cc_request_mgr.h"
15 #include "cc_hash.h"
16 #include "cc_sram_mgr.h"
17
18 #define template_aead template_u.aead
19
20 #define MAX_AEAD_SETKEY_SEQ 12
21 #define MAX_AEAD_PROCESS_SEQ 23
22
23 #define MAX_HMAC_DIGEST_SIZE (SHA256_DIGEST_SIZE)
24 #define MAX_HMAC_BLOCK_SIZE (SHA256_BLOCK_SIZE)
25
26 #define MAX_NONCE_SIZE CTR_RFC3686_NONCE_SIZE
27
28 struct cc_aead_handle {
29 cc_sram_addr_t sram_workspace_addr;
30 struct list_head aead_list;
31 };
32
33 struct cc_hmac_s {
34 u8 *padded_authkey;
35 u8 *ipad_opad; /* IPAD, OPAD*/
36 dma_addr_t padded_authkey_dma_addr;
37 dma_addr_t ipad_opad_dma_addr;
38 };
39
40 struct cc_xcbc_s {
41 u8 *xcbc_keys; /* K1,K2,K3 */
42 dma_addr_t xcbc_keys_dma_addr;
43 };
44
45 struct cc_aead_ctx {
46 struct cc_drvdata *drvdata;
47 u8 ctr_nonce[MAX_NONCE_SIZE]; /* used for ctr3686 iv and aes ccm */
48 u8 *enckey;
49 dma_addr_t enckey_dma_addr;
50 union {
51 struct cc_hmac_s hmac;
52 struct cc_xcbc_s xcbc;
53 } auth_state;
54 unsigned int enc_keylen;
55 unsigned int auth_keylen;
56 unsigned int authsize; /* Actual (reduced?) size of the MAC/ICv */
57 unsigned int hash_len;
58 enum drv_cipher_mode cipher_mode;
59 enum cc_flow_mode flow_mode;
60 enum drv_hash_mode auth_mode;
61 };
62
63 static inline bool valid_assoclen(struct aead_request *req)
64 {
65 return ((req->assoclen == 16) || (req->assoclen == 20));
66 }
67
68 static void cc_aead_exit(struct crypto_aead *tfm)
69 {
70 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
71 struct device *dev = drvdata_to_dev(ctx->drvdata);
72
73 dev_dbg(dev, "Clearing context @%p for %s\n", crypto_aead_ctx(tfm),
74 crypto_tfm_alg_name(&tfm->base));
75
76 /* Unmap enckey buffer */
77 if (ctx->enckey) {
78 dma_free_coherent(dev, AES_MAX_KEY_SIZE, ctx->enckey,
79 ctx->enckey_dma_addr);
80 dev_dbg(dev, "Freed enckey DMA buffer enckey_dma_addr=%pad\n",
81 &ctx->enckey_dma_addr);
82 ctx->enckey_dma_addr = 0;
83 ctx->enckey = NULL;
84 }
85
86 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { /* XCBC authetication */
87 struct cc_xcbc_s *xcbc = &ctx->auth_state.xcbc;
88
89 if (xcbc->xcbc_keys) {
90 dma_free_coherent(dev, CC_AES_128_BIT_KEY_SIZE * 3,
91 xcbc->xcbc_keys,
92 xcbc->xcbc_keys_dma_addr);
93 }
94 dev_dbg(dev, "Freed xcbc_keys DMA buffer xcbc_keys_dma_addr=%pad\n",
95 &xcbc->xcbc_keys_dma_addr);
96 xcbc->xcbc_keys_dma_addr = 0;
97 xcbc->xcbc_keys = NULL;
98 } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC auth. */
99 struct cc_hmac_s *hmac = &ctx->auth_state.hmac;
100
101 if (hmac->ipad_opad) {
102 dma_free_coherent(dev, 2 * MAX_HMAC_DIGEST_SIZE,
103 hmac->ipad_opad,
104 hmac->ipad_opad_dma_addr);
105 dev_dbg(dev, "Freed ipad_opad DMA buffer ipad_opad_dma_addr=%pad\n",
106 &hmac->ipad_opad_dma_addr);
107 hmac->ipad_opad_dma_addr = 0;
108 hmac->ipad_opad = NULL;
109 }
110 if (hmac->padded_authkey) {
111 dma_free_coherent(dev, MAX_HMAC_BLOCK_SIZE,
112 hmac->padded_authkey,
113 hmac->padded_authkey_dma_addr);
114 dev_dbg(dev, "Freed padded_authkey DMA buffer padded_authkey_dma_addr=%pad\n",
115 &hmac->padded_authkey_dma_addr);
116 hmac->padded_authkey_dma_addr = 0;
117 hmac->padded_authkey = NULL;
118 }
119 }
120 }
121
122 static unsigned int cc_get_aead_hash_len(struct crypto_aead *tfm)
123 {
124 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
125
126 return cc_get_default_hash_len(ctx->drvdata);
127 }
128
129 static int cc_aead_init(struct crypto_aead *tfm)
130 {
131 struct aead_alg *alg = crypto_aead_alg(tfm);
132 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
133 struct cc_crypto_alg *cc_alg =
134 container_of(alg, struct cc_crypto_alg, aead_alg);
135 struct device *dev = drvdata_to_dev(cc_alg->drvdata);
136
137 dev_dbg(dev, "Initializing context @%p for %s\n", ctx,
138 crypto_tfm_alg_name(&tfm->base));
139
140 /* Initialize modes in instance */
141 ctx->cipher_mode = cc_alg->cipher_mode;
142 ctx->flow_mode = cc_alg->flow_mode;
143 ctx->auth_mode = cc_alg->auth_mode;
144 ctx->drvdata = cc_alg->drvdata;
145 crypto_aead_set_reqsize(tfm, sizeof(struct aead_req_ctx));
146
147 /* Allocate key buffer, cache line aligned */
148 ctx->enckey = dma_alloc_coherent(dev, AES_MAX_KEY_SIZE,
149 &ctx->enckey_dma_addr, GFP_KERNEL);
150 if (!ctx->enckey) {
151 dev_err(dev, "Failed allocating key buffer\n");
152 goto init_failed;
153 }
154 dev_dbg(dev, "Allocated enckey buffer in context ctx->enckey=@%p\n",
155 ctx->enckey);
156
157 /* Set default authlen value */
158
159 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { /* XCBC authetication */
160 struct cc_xcbc_s *xcbc = &ctx->auth_state.xcbc;
161 const unsigned int key_size = CC_AES_128_BIT_KEY_SIZE * 3;
162
163 /* Allocate dma-coherent buffer for XCBC's K1+K2+K3 */
164 /* (and temporary for user key - up to 256b) */
165 xcbc->xcbc_keys = dma_alloc_coherent(dev, key_size,
166 &xcbc->xcbc_keys_dma_addr,
167 GFP_KERNEL);
168 if (!xcbc->xcbc_keys) {
169 dev_err(dev, "Failed allocating buffer for XCBC keys\n");
170 goto init_failed;
171 }
172 } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC authentication */
173 struct cc_hmac_s *hmac = &ctx->auth_state.hmac;
174 const unsigned int digest_size = 2 * MAX_HMAC_DIGEST_SIZE;
175 dma_addr_t *pkey_dma = &hmac->padded_authkey_dma_addr;
176
177 /* Allocate dma-coherent buffer for IPAD + OPAD */
178 hmac->ipad_opad = dma_alloc_coherent(dev, digest_size,
179 &hmac->ipad_opad_dma_addr,
180 GFP_KERNEL);
181
182 if (!hmac->ipad_opad) {
183 dev_err(dev, "Failed allocating IPAD/OPAD buffer\n");
184 goto init_failed;
185 }
186
187 dev_dbg(dev, "Allocated authkey buffer in context ctx->authkey=@%p\n",
188 hmac->ipad_opad);
189
190 hmac->padded_authkey = dma_alloc_coherent(dev,
191 MAX_HMAC_BLOCK_SIZE,
192 pkey_dma,
193 GFP_KERNEL);
194
195 if (!hmac->padded_authkey) {
196 dev_err(dev, "failed to allocate padded_authkey\n");
197 goto init_failed;
198 }
199 } else {
200 ctx->auth_state.hmac.ipad_opad = NULL;
201 ctx->auth_state.hmac.padded_authkey = NULL;
202 }
203 ctx->hash_len = cc_get_aead_hash_len(tfm);
204
205 return 0;
206
207 init_failed:
208 cc_aead_exit(tfm);
209 return -ENOMEM;
210 }
211
212 static void cc_aead_complete(struct device *dev, void *cc_req, int err)
213 {
214 struct aead_request *areq = (struct aead_request *)cc_req;
215 struct aead_req_ctx *areq_ctx = aead_request_ctx(areq);
216 struct crypto_aead *tfm = crypto_aead_reqtfm(cc_req);
217 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
218
219 /* BACKLOG notification */
220 if (err == -EINPROGRESS)
221 goto done;
222
223 cc_unmap_aead_request(dev, areq);
224
225 /* Restore ordinary iv pointer */
226 areq->iv = areq_ctx->backup_iv;
227
228 if (err)
229 goto done;
230
231 if (areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) {
232 if (memcmp(areq_ctx->mac_buf, areq_ctx->icv_virt_addr,
233 ctx->authsize) != 0) {
234 dev_dbg(dev, "Payload authentication failure, (auth-size=%d, cipher=%d)\n",
235 ctx->authsize, ctx->cipher_mode);
236 /* In case of payload authentication failure, MUST NOT
237 * revealed the decrypted message --> zero its memory.
238 */
239 cc_zero_sgl(areq->dst, areq_ctx->cryptlen);
240 err = -EBADMSG;
241 }
242 } else { /*ENCRYPT*/
243 if (areq_ctx->is_icv_fragmented) {
244 u32 skip = areq->cryptlen + areq_ctx->dst_offset;
245
246 cc_copy_sg_portion(dev, areq_ctx->mac_buf,
247 areq_ctx->dst_sgl, skip,
248 (skip + ctx->authsize),
249 CC_SG_FROM_BUF);
250 }
251
252 /* If an IV was generated, copy it back to the user provided
253 * buffer.
254 */
255 if (areq_ctx->backup_giv) {
256 if (ctx->cipher_mode == DRV_CIPHER_CTR)
257 memcpy(areq_ctx->backup_giv, areq_ctx->ctr_iv +
258 CTR_RFC3686_NONCE_SIZE,
259 CTR_RFC3686_IV_SIZE);
260 else if (ctx->cipher_mode == DRV_CIPHER_CCM)
261 memcpy(areq_ctx->backup_giv, areq_ctx->ctr_iv +
262 CCM_BLOCK_IV_OFFSET, CCM_BLOCK_IV_SIZE);
263 }
264 }
265 done:
266 aead_request_complete(areq, err);
267 }
268
269 static unsigned int xcbc_setkey(struct cc_hw_desc *desc,
270 struct cc_aead_ctx *ctx)
271 {
272 /* Load the AES key */
273 hw_desc_init(&desc[0]);
274 /* We are using for the source/user key the same buffer
275 * as for the output keys, * because after this key loading it
276 * is not needed anymore
277 */
278 set_din_type(&desc[0], DMA_DLLI,
279 ctx->auth_state.xcbc.xcbc_keys_dma_addr, ctx->auth_keylen,
280 NS_BIT);
281 set_cipher_mode(&desc[0], DRV_CIPHER_ECB);
282 set_cipher_config0(&desc[0], DRV_CRYPTO_DIRECTION_ENCRYPT);
283 set_key_size_aes(&desc[0], ctx->auth_keylen);
284 set_flow_mode(&desc[0], S_DIN_to_AES);
285 set_setup_mode(&desc[0], SETUP_LOAD_KEY0);
286
287 hw_desc_init(&desc[1]);
288 set_din_const(&desc[1], 0x01010101, CC_AES_128_BIT_KEY_SIZE);
289 set_flow_mode(&desc[1], DIN_AES_DOUT);
290 set_dout_dlli(&desc[1], ctx->auth_state.xcbc.xcbc_keys_dma_addr,
291 AES_KEYSIZE_128, NS_BIT, 0);
292
293 hw_desc_init(&desc[2]);
294 set_din_const(&desc[2], 0x02020202, CC_AES_128_BIT_KEY_SIZE);
295 set_flow_mode(&desc[2], DIN_AES_DOUT);
296 set_dout_dlli(&desc[2], (ctx->auth_state.xcbc.xcbc_keys_dma_addr
297 + AES_KEYSIZE_128),
298 AES_KEYSIZE_128, NS_BIT, 0);
299
300 hw_desc_init(&desc[3]);
301 set_din_const(&desc[3], 0x03030303, CC_AES_128_BIT_KEY_SIZE);
302 set_flow_mode(&desc[3], DIN_AES_DOUT);
303 set_dout_dlli(&desc[3], (ctx->auth_state.xcbc.xcbc_keys_dma_addr
304 + 2 * AES_KEYSIZE_128),
305 AES_KEYSIZE_128, NS_BIT, 0);
306
307 return 4;
308 }
309
310 static int hmac_setkey(struct cc_hw_desc *desc, struct cc_aead_ctx *ctx)
311 {
312 unsigned int hmac_pad_const[2] = { HMAC_IPAD_CONST, HMAC_OPAD_CONST };
313 unsigned int digest_ofs = 0;
314 unsigned int hash_mode = (ctx->auth_mode == DRV_HASH_SHA1) ?
315 DRV_HASH_HW_SHA1 : DRV_HASH_HW_SHA256;
316 unsigned int digest_size = (ctx->auth_mode == DRV_HASH_SHA1) ?
317 CC_SHA1_DIGEST_SIZE : CC_SHA256_DIGEST_SIZE;
318 struct cc_hmac_s *hmac = &ctx->auth_state.hmac;
319
320 unsigned int idx = 0;
321 int i;
322
323 /* calc derived HMAC key */
324 for (i = 0; i < 2; i++) {
325 /* Load hash initial state */
326 hw_desc_init(&desc[idx]);
327 set_cipher_mode(&desc[idx], hash_mode);
328 set_din_sram(&desc[idx],
329 cc_larval_digest_addr(ctx->drvdata,
330 ctx->auth_mode),
331 digest_size);
332 set_flow_mode(&desc[idx], S_DIN_to_HASH);
333 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
334 idx++;
335
336 /* Load the hash current length*/
337 hw_desc_init(&desc[idx]);
338 set_cipher_mode(&desc[idx], hash_mode);
339 set_din_const(&desc[idx], 0, ctx->hash_len);
340 set_flow_mode(&desc[idx], S_DIN_to_HASH);
341 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
342 idx++;
343
344 /* Prepare ipad key */
345 hw_desc_init(&desc[idx]);
346 set_xor_val(&desc[idx], hmac_pad_const[i]);
347 set_cipher_mode(&desc[idx], hash_mode);
348 set_flow_mode(&desc[idx], S_DIN_to_HASH);
349 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1);
350 idx++;
351
352 /* Perform HASH update */
353 hw_desc_init(&desc[idx]);
354 set_din_type(&desc[idx], DMA_DLLI,
355 hmac->padded_authkey_dma_addr,
356 SHA256_BLOCK_SIZE, NS_BIT);
357 set_cipher_mode(&desc[idx], hash_mode);
358 set_xor_active(&desc[idx]);
359 set_flow_mode(&desc[idx], DIN_HASH);
360 idx++;
361
362 /* Get the digset */
363 hw_desc_init(&desc[idx]);
364 set_cipher_mode(&desc[idx], hash_mode);
365 set_dout_dlli(&desc[idx],
366 (hmac->ipad_opad_dma_addr + digest_ofs),
367 digest_size, NS_BIT, 0);
368 set_flow_mode(&desc[idx], S_HASH_to_DOUT);
369 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
370 set_cipher_config1(&desc[idx], HASH_PADDING_DISABLED);
371 idx++;
372
373 digest_ofs += digest_size;
374 }
375
376 return idx;
377 }
378
379 static int validate_keys_sizes(struct cc_aead_ctx *ctx)
380 {
381 struct device *dev = drvdata_to_dev(ctx->drvdata);
382
383 dev_dbg(dev, "enc_keylen=%u authkeylen=%u\n",
384 ctx->enc_keylen, ctx->auth_keylen);
385
386 switch (ctx->auth_mode) {
387 case DRV_HASH_SHA1:
388 case DRV_HASH_SHA256:
389 break;
390 case DRV_HASH_XCBC_MAC:
391 if (ctx->auth_keylen != AES_KEYSIZE_128 &&
392 ctx->auth_keylen != AES_KEYSIZE_192 &&
393 ctx->auth_keylen != AES_KEYSIZE_256)
394 return -ENOTSUPP;
395 break;
396 case DRV_HASH_NULL: /* Not authenc (e.g., CCM) - no auth_key) */
397 if (ctx->auth_keylen > 0)
398 return -EINVAL;
399 break;
400 default:
401 dev_err(dev, "Invalid auth_mode=%d\n", ctx->auth_mode);
402 return -EINVAL;
403 }
404 /* Check cipher key size */
405 if (ctx->flow_mode == S_DIN_to_DES) {
406 if (ctx->enc_keylen != DES3_EDE_KEY_SIZE) {
407 dev_err(dev, "Invalid cipher(3DES) key size: %u\n",
408 ctx->enc_keylen);
409 return -EINVAL;
410 }
411 } else { /* Default assumed to be AES ciphers */
412 if (ctx->enc_keylen != AES_KEYSIZE_128 &&
413 ctx->enc_keylen != AES_KEYSIZE_192 &&
414 ctx->enc_keylen != AES_KEYSIZE_256) {
415 dev_err(dev, "Invalid cipher(AES) key size: %u\n",
416 ctx->enc_keylen);
417 return -EINVAL;
418 }
419 }
420
421 return 0; /* All tests of keys sizes passed */
422 }
423
424 /* This function prepers the user key so it can pass to the hmac processing
425 * (copy to intenral buffer or hash in case of key longer than block
426 */
427 static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *authkey,
428 unsigned int keylen)
429 {
430 dma_addr_t key_dma_addr = 0;
431 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
432 struct device *dev = drvdata_to_dev(ctx->drvdata);
433 u32 larval_addr = cc_larval_digest_addr(ctx->drvdata, ctx->auth_mode);
434 struct cc_crypto_req cc_req = {};
435 unsigned int blocksize;
436 unsigned int digestsize;
437 unsigned int hashmode;
438 unsigned int idx = 0;
439 int rc = 0;
440 u8 *key = NULL;
441 struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ];
442 dma_addr_t padded_authkey_dma_addr =
443 ctx->auth_state.hmac.padded_authkey_dma_addr;
444
445 switch (ctx->auth_mode) { /* auth_key required and >0 */
446 case DRV_HASH_SHA1:
447 blocksize = SHA1_BLOCK_SIZE;
448 digestsize = SHA1_DIGEST_SIZE;
449 hashmode = DRV_HASH_HW_SHA1;
450 break;
451 case DRV_HASH_SHA256:
452 default:
453 blocksize = SHA256_BLOCK_SIZE;
454 digestsize = SHA256_DIGEST_SIZE;
455 hashmode = DRV_HASH_HW_SHA256;
456 }
457
458 if (keylen != 0) {
459
460 key = kmemdup(authkey, keylen, GFP_KERNEL);
461 if (!key)
462 return -ENOMEM;
463
464 key_dma_addr = dma_map_single(dev, (void *)key, keylen,
465 DMA_TO_DEVICE);
466 if (dma_mapping_error(dev, key_dma_addr)) {
467 dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
468 key, keylen);
469 kzfree(key);
470 return -ENOMEM;
471 }
472 if (keylen > blocksize) {
473 /* Load hash initial state */
474 hw_desc_init(&desc[idx]);
475 set_cipher_mode(&desc[idx], hashmode);
476 set_din_sram(&desc[idx], larval_addr, digestsize);
477 set_flow_mode(&desc[idx], S_DIN_to_HASH);
478 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
479 idx++;
480
481 /* Load the hash current length*/
482 hw_desc_init(&desc[idx]);
483 set_cipher_mode(&desc[idx], hashmode);
484 set_din_const(&desc[idx], 0, ctx->hash_len);
485 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED);
486 set_flow_mode(&desc[idx], S_DIN_to_HASH);
487 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
488 idx++;
489
490 hw_desc_init(&desc[idx]);
491 set_din_type(&desc[idx], DMA_DLLI,
492 key_dma_addr, keylen, NS_BIT);
493 set_flow_mode(&desc[idx], DIN_HASH);
494 idx++;
495
496 /* Get hashed key */
497 hw_desc_init(&desc[idx]);
498 set_cipher_mode(&desc[idx], hashmode);
499 set_dout_dlli(&desc[idx], padded_authkey_dma_addr,
500 digestsize, NS_BIT, 0);
501 set_flow_mode(&desc[idx], S_HASH_to_DOUT);
502 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
503 set_cipher_config1(&desc[idx], HASH_PADDING_DISABLED);
504 set_cipher_config0(&desc[idx],
505 HASH_DIGEST_RESULT_LITTLE_ENDIAN);
506 idx++;
507
508 hw_desc_init(&desc[idx]);
509 set_din_const(&desc[idx], 0, (blocksize - digestsize));
510 set_flow_mode(&desc[idx], BYPASS);
511 set_dout_dlli(&desc[idx], (padded_authkey_dma_addr +
512 digestsize), (blocksize - digestsize),
513 NS_BIT, 0);
514 idx++;
515 } else {
516 hw_desc_init(&desc[idx]);
517 set_din_type(&desc[idx], DMA_DLLI, key_dma_addr,
518 keylen, NS_BIT);
519 set_flow_mode(&desc[idx], BYPASS);
520 set_dout_dlli(&desc[idx], padded_authkey_dma_addr,
521 keylen, NS_BIT, 0);
522 idx++;
523
524 if ((blocksize - keylen) != 0) {
525 hw_desc_init(&desc[idx]);
526 set_din_const(&desc[idx], 0,
527 (blocksize - keylen));
528 set_flow_mode(&desc[idx], BYPASS);
529 set_dout_dlli(&desc[idx],
530 (padded_authkey_dma_addr +
531 keylen),
532 (blocksize - keylen), NS_BIT, 0);
533 idx++;
534 }
535 }
536 } else {
537 hw_desc_init(&desc[idx]);
538 set_din_const(&desc[idx], 0, (blocksize - keylen));
539 set_flow_mode(&desc[idx], BYPASS);
540 set_dout_dlli(&desc[idx], padded_authkey_dma_addr,
541 blocksize, NS_BIT, 0);
542 idx++;
543 }
544
545 rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, idx);
546 if (rc)
547 dev_err(dev, "send_request() failed (rc=%d)\n", rc);
548
549 if (key_dma_addr)
550 dma_unmap_single(dev, key_dma_addr, keylen, DMA_TO_DEVICE);
551
552 kzfree(key);
553
554 return rc;
555 }
556
557 static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key,
558 unsigned int keylen)
559 {
560 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
561 struct cc_crypto_req cc_req = {};
562 struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ];
563 unsigned int seq_len = 0;
564 struct device *dev = drvdata_to_dev(ctx->drvdata);
565 const u8 *enckey, *authkey;
566 int rc;
567
568 dev_dbg(dev, "Setting key in context @%p for %s. key=%p keylen=%u\n",
569 ctx, crypto_tfm_alg_name(crypto_aead_tfm(tfm)), key, keylen);
570
571 /* STAT_PHASE_0: Init and sanity checks */
572
573 if (ctx->auth_mode != DRV_HASH_NULL) { /* authenc() alg. */
574 struct crypto_authenc_keys keys;
575
576 rc = crypto_authenc_extractkeys(&keys, key, keylen);
577 if (rc)
578 goto badkey;
579 enckey = keys.enckey;
580 authkey = keys.authkey;
581 ctx->enc_keylen = keys.enckeylen;
582 ctx->auth_keylen = keys.authkeylen;
583
584 if (ctx->cipher_mode == DRV_CIPHER_CTR) {
585 /* the nonce is stored in bytes at end of key */
586 rc = -EINVAL;
587 if (ctx->enc_keylen <
588 (AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE))
589 goto badkey;
590 /* Copy nonce from last 4 bytes in CTR key to
591 * first 4 bytes in CTR IV
592 */
593 memcpy(ctx->ctr_nonce, enckey + ctx->enc_keylen -
594 CTR_RFC3686_NONCE_SIZE, CTR_RFC3686_NONCE_SIZE);
595 /* Set CTR key size */
596 ctx->enc_keylen -= CTR_RFC3686_NONCE_SIZE;
597 }
598 } else { /* non-authenc - has just one key */
599 enckey = key;
600 authkey = NULL;
601 ctx->enc_keylen = keylen;
602 ctx->auth_keylen = 0;
603 }
604
605 rc = validate_keys_sizes(ctx);
606 if (rc)
607 goto badkey;
608
609 /* STAT_PHASE_1: Copy key to ctx */
610
611 /* Get key material */
612 memcpy(ctx->enckey, enckey, ctx->enc_keylen);
613 if (ctx->enc_keylen == 24)
614 memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24);
615 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) {
616 memcpy(ctx->auth_state.xcbc.xcbc_keys, authkey,
617 ctx->auth_keylen);
618 } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC */
619 rc = cc_get_plain_hmac_key(tfm, authkey, ctx->auth_keylen);
620 if (rc)
621 goto badkey;
622 }
623
624 /* STAT_PHASE_2: Create sequence */
625
626 switch (ctx->auth_mode) {
627 case DRV_HASH_SHA1:
628 case DRV_HASH_SHA256:
629 seq_len = hmac_setkey(desc, ctx);
630 break;
631 case DRV_HASH_XCBC_MAC:
632 seq_len = xcbc_setkey(desc, ctx);
633 break;
634 case DRV_HASH_NULL: /* non-authenc modes, e.g., CCM */
635 break; /* No auth. key setup */
636 default:
637 dev_err(dev, "Unsupported authenc (%d)\n", ctx->auth_mode);
638 rc = -ENOTSUPP;
639 goto badkey;
640 }
641
642 /* STAT_PHASE_3: Submit sequence to HW */
643
644 if (seq_len > 0) { /* For CCM there is no sequence to setup the key */
645 rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, seq_len);
646 if (rc) {
647 dev_err(dev, "send_request() failed (rc=%d)\n", rc);
648 goto setkey_error;
649 }
650 }
651
652 /* Update STAT_PHASE_3 */
653 return rc;
654
655 badkey:
656 crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
657
658 setkey_error:
659 return rc;
660 }
661
662 static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
663 unsigned int keylen)
664 {
665 struct crypto_authenc_keys keys;
666 u32 flags;
667 int err;
668
669 err = crypto_authenc_extractkeys(&keys, key, keylen);
670 if (unlikely(err))
671 goto badkey;
672
673 err = -EINVAL;
674 if (keys.enckeylen != DES3_EDE_KEY_SIZE)
675 goto badkey;
676
677 flags = crypto_aead_get_flags(aead);
678 err = __des3_verify_key(&flags, keys.enckey);
679 if (unlikely(err)) {
680 crypto_aead_set_flags(aead, flags);
681 goto out;
682 }
683
684 err = cc_aead_setkey(aead, key, keylen);
685
686 out:
687 memzero_explicit(&keys, sizeof(keys));
688 return err;
689
690 badkey:
691 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
692 goto out;
693 }
694
695 static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key,
696 unsigned int keylen)
697 {
698 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
699
700 if (keylen < 3)
701 return -EINVAL;
702
703 keylen -= 3;
704 memcpy(ctx->ctr_nonce, key + keylen, 3);
705
706 return cc_aead_setkey(tfm, key, keylen);
707 }
708
709 static int cc_aead_setauthsize(struct crypto_aead *authenc,
710 unsigned int authsize)
711 {
712 struct cc_aead_ctx *ctx = crypto_aead_ctx(authenc);
713 struct device *dev = drvdata_to_dev(ctx->drvdata);
714
715 /* Unsupported auth. sizes */
716 if (authsize == 0 ||
717 authsize > crypto_aead_maxauthsize(authenc)) {
718 return -ENOTSUPP;
719 }
720
721 ctx->authsize = authsize;
722 dev_dbg(dev, "authlen=%d\n", ctx->authsize);
723
724 return 0;
725 }
726
727 static int cc_rfc4309_ccm_setauthsize(struct crypto_aead *authenc,
728 unsigned int authsize)
729 {
730 switch (authsize) {
731 case 8:
732 case 12:
733 case 16:
734 break;
735 default:
736 return -EINVAL;
737 }
738
739 return cc_aead_setauthsize(authenc, authsize);
740 }
741
742 static int cc_ccm_setauthsize(struct crypto_aead *authenc,
743 unsigned int authsize)
744 {
745 switch (authsize) {
746 case 4:
747 case 6:
748 case 8:
749 case 10:
750 case 12:
751 case 14:
752 case 16:
753 break;
754 default:
755 return -EINVAL;
756 }
757
758 return cc_aead_setauthsize(authenc, authsize);
759 }
760
761 static void cc_set_assoc_desc(struct aead_request *areq, unsigned int flow_mode,
762 struct cc_hw_desc desc[], unsigned int *seq_size)
763 {
764 struct crypto_aead *tfm = crypto_aead_reqtfm(areq);
765 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
766 struct aead_req_ctx *areq_ctx = aead_request_ctx(areq);
767 enum cc_req_dma_buf_type assoc_dma_type = areq_ctx->assoc_buff_type;
768 unsigned int idx = *seq_size;
769 struct device *dev = drvdata_to_dev(ctx->drvdata);
770
771 switch (assoc_dma_type) {
772 case CC_DMA_BUF_DLLI:
773 dev_dbg(dev, "ASSOC buffer type DLLI\n");
774 hw_desc_init(&desc[idx]);
775 set_din_type(&desc[idx], DMA_DLLI, sg_dma_address(areq->src),
776 areq_ctx->assoclen, NS_BIT);
777 set_flow_mode(&desc[idx], flow_mode);
778 if (ctx->auth_mode == DRV_HASH_XCBC_MAC &&
779 areq_ctx->cryptlen > 0)
780 set_din_not_last_indication(&desc[idx]);
781 break;
782 case CC_DMA_BUF_MLLI:
783 dev_dbg(dev, "ASSOC buffer type MLLI\n");
784 hw_desc_init(&desc[idx]);
785 set_din_type(&desc[idx], DMA_MLLI, areq_ctx->assoc.sram_addr,
786 areq_ctx->assoc.mlli_nents, NS_BIT);
787 set_flow_mode(&desc[idx], flow_mode);
788 if (ctx->auth_mode == DRV_HASH_XCBC_MAC &&
789 areq_ctx->cryptlen > 0)
790 set_din_not_last_indication(&desc[idx]);
791 break;
792 case CC_DMA_BUF_NULL:
793 default:
794 dev_err(dev, "Invalid ASSOC buffer type\n");
795 }
796
797 *seq_size = (++idx);
798 }
799
800 static void cc_proc_authen_desc(struct aead_request *areq,
801 unsigned int flow_mode,
802 struct cc_hw_desc desc[],
803 unsigned int *seq_size, int direct)
804 {
805 struct aead_req_ctx *areq_ctx = aead_request_ctx(areq);
806 enum cc_req_dma_buf_type data_dma_type = areq_ctx->data_buff_type;
807 unsigned int idx = *seq_size;
808 struct crypto_aead *tfm = crypto_aead_reqtfm(areq);
809 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
810 struct device *dev = drvdata_to_dev(ctx->drvdata);
811
812 switch (data_dma_type) {
813 case CC_DMA_BUF_DLLI:
814 {
815 struct scatterlist *cipher =
816 (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) ?
817 areq_ctx->dst_sgl : areq_ctx->src_sgl;
818
819 unsigned int offset =
820 (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) ?
821 areq_ctx->dst_offset : areq_ctx->src_offset;
822 dev_dbg(dev, "AUTHENC: SRC/DST buffer type DLLI\n");
823 hw_desc_init(&desc[idx]);
824 set_din_type(&desc[idx], DMA_DLLI,
825 (sg_dma_address(cipher) + offset),
826 areq_ctx->cryptlen, NS_BIT);
827 set_flow_mode(&desc[idx], flow_mode);
828 break;
829 }
830 case CC_DMA_BUF_MLLI:
831 {
832 /* DOUBLE-PASS flow (as default)
833 * assoc. + iv + data -compact in one table
834 * if assoclen is ZERO only IV perform
835 */
836 cc_sram_addr_t mlli_addr = areq_ctx->assoc.sram_addr;
837 u32 mlli_nents = areq_ctx->assoc.mlli_nents;
838
839 if (areq_ctx->is_single_pass) {
840 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) {
841 mlli_addr = areq_ctx->dst.sram_addr;
842 mlli_nents = areq_ctx->dst.mlli_nents;
843 } else {
844 mlli_addr = areq_ctx->src.sram_addr;
845 mlli_nents = areq_ctx->src.mlli_nents;
846 }
847 }
848
849 dev_dbg(dev, "AUTHENC: SRC/DST buffer type MLLI\n");
850 hw_desc_init(&desc[idx]);
851 set_din_type(&desc[idx], DMA_MLLI, mlli_addr, mlli_nents,
852 NS_BIT);
853 set_flow_mode(&desc[idx], flow_mode);
854 break;
855 }
856 case CC_DMA_BUF_NULL:
857 default:
858 dev_err(dev, "AUTHENC: Invalid SRC/DST buffer type\n");
859 }
860
861 *seq_size = (++idx);
862 }
863
864 static void cc_proc_cipher_desc(struct aead_request *areq,
865 unsigned int flow_mode,
866 struct cc_hw_desc desc[],
867 unsigned int *seq_size)
868 {
869 unsigned int idx = *seq_size;
870 struct aead_req_ctx *areq_ctx = aead_request_ctx(areq);
871 enum cc_req_dma_buf_type data_dma_type = areq_ctx->data_buff_type;
872 struct crypto_aead *tfm = crypto_aead_reqtfm(areq);
873 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
874 struct device *dev = drvdata_to_dev(ctx->drvdata);
875
876 if (areq_ctx->cryptlen == 0)
877 return; /*null processing*/
878
879 switch (data_dma_type) {
880 case CC_DMA_BUF_DLLI:
881 dev_dbg(dev, "CIPHER: SRC/DST buffer type DLLI\n");
882 hw_desc_init(&desc[idx]);
883 set_din_type(&desc[idx], DMA_DLLI,
884 (sg_dma_address(areq_ctx->src_sgl) +
885 areq_ctx->src_offset), areq_ctx->cryptlen,
886 NS_BIT);
887 set_dout_dlli(&desc[idx],
888 (sg_dma_address(areq_ctx->dst_sgl) +
889 areq_ctx->dst_offset),
890 areq_ctx->cryptlen, NS_BIT, 0);
891 set_flow_mode(&desc[idx], flow_mode);
892 break;
893 case CC_DMA_BUF_MLLI:
894 dev_dbg(dev, "CIPHER: SRC/DST buffer type MLLI\n");
895 hw_desc_init(&desc[idx]);
896 set_din_type(&desc[idx], DMA_MLLI, areq_ctx->src.sram_addr,
897 areq_ctx->src.mlli_nents, NS_BIT);
898 set_dout_mlli(&desc[idx], areq_ctx->dst.sram_addr,
899 areq_ctx->dst.mlli_nents, NS_BIT, 0);
900 set_flow_mode(&desc[idx], flow_mode);
901 break;
902 case CC_DMA_BUF_NULL:
903 default:
904 dev_err(dev, "CIPHER: Invalid SRC/DST buffer type\n");
905 }
906
907 *seq_size = (++idx);
908 }
909
910 static void cc_proc_digest_desc(struct aead_request *req,
911 struct cc_hw_desc desc[],
912 unsigned int *seq_size)
913 {
914 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
915 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
916 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
917 unsigned int idx = *seq_size;
918 unsigned int hash_mode = (ctx->auth_mode == DRV_HASH_SHA1) ?
919 DRV_HASH_HW_SHA1 : DRV_HASH_HW_SHA256;
920 int direct = req_ctx->gen_ctx.op_type;
921
922 /* Get final ICV result */
923 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) {
924 hw_desc_init(&desc[idx]);
925 set_flow_mode(&desc[idx], S_HASH_to_DOUT);
926 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
927 set_dout_dlli(&desc[idx], req_ctx->icv_dma_addr, ctx->authsize,
928 NS_BIT, 1);
929 set_queue_last_ind(ctx->drvdata, &desc[idx]);
930 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) {
931 set_aes_not_hash_mode(&desc[idx]);
932 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC);
933 } else {
934 set_cipher_config0(&desc[idx],
935 HASH_DIGEST_RESULT_LITTLE_ENDIAN);
936 set_cipher_mode(&desc[idx], hash_mode);
937 }
938 } else { /*Decrypt*/
939 /* Get ICV out from hardware */
940 hw_desc_init(&desc[idx]);
941 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
942 set_flow_mode(&desc[idx], S_HASH_to_DOUT);
943 set_dout_dlli(&desc[idx], req_ctx->mac_buf_dma_addr,
944 ctx->authsize, NS_BIT, 1);
945 set_queue_last_ind(ctx->drvdata, &desc[idx]);
946 set_cipher_config0(&desc[idx],
947 HASH_DIGEST_RESULT_LITTLE_ENDIAN);
948 set_cipher_config1(&desc[idx], HASH_PADDING_DISABLED);
949 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) {
950 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC);
951 set_aes_not_hash_mode(&desc[idx]);
952 } else {
953 set_cipher_mode(&desc[idx], hash_mode);
954 }
955 }
956
957 *seq_size = (++idx);
958 }
959
960 static void cc_set_cipher_desc(struct aead_request *req,
961 struct cc_hw_desc desc[],
962 unsigned int *seq_size)
963 {
964 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
965 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
966 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
967 unsigned int hw_iv_size = req_ctx->hw_iv_size;
968 unsigned int idx = *seq_size;
969 int direct = req_ctx->gen_ctx.op_type;
970
971 /* Setup cipher state */
972 hw_desc_init(&desc[idx]);
973 set_cipher_config0(&desc[idx], direct);
974 set_flow_mode(&desc[idx], ctx->flow_mode);
975 set_din_type(&desc[idx], DMA_DLLI, req_ctx->gen_ctx.iv_dma_addr,
976 hw_iv_size, NS_BIT);
977 if (ctx->cipher_mode == DRV_CIPHER_CTR)
978 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1);
979 else
980 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
981 set_cipher_mode(&desc[idx], ctx->cipher_mode);
982 idx++;
983
984 /* Setup enc. key */
985 hw_desc_init(&desc[idx]);
986 set_cipher_config0(&desc[idx], direct);
987 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
988 set_flow_mode(&desc[idx], ctx->flow_mode);
989 if (ctx->flow_mode == S_DIN_to_AES) {
990 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr,
991 ((ctx->enc_keylen == 24) ? CC_AES_KEY_SIZE_MAX :
992 ctx->enc_keylen), NS_BIT);
993 set_key_size_aes(&desc[idx], ctx->enc_keylen);
994 } else {
995 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr,
996 ctx->enc_keylen, NS_BIT);
997 set_key_size_des(&desc[idx], ctx->enc_keylen);
998 }
999 set_cipher_mode(&desc[idx], ctx->cipher_mode);
1000 idx++;
1001
1002 *seq_size = idx;
1003 }
1004
1005 static void cc_proc_cipher(struct aead_request *req, struct cc_hw_desc desc[],
1006 unsigned int *seq_size, unsigned int data_flow_mode)
1007 {
1008 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1009 int direct = req_ctx->gen_ctx.op_type;
1010 unsigned int idx = *seq_size;
1011
1012 if (req_ctx->cryptlen == 0)
1013 return; /*null processing*/
1014
1015 cc_set_cipher_desc(req, desc, &idx);
1016 cc_proc_cipher_desc(req, data_flow_mode, desc, &idx);
1017 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) {
1018 /* We must wait for DMA to write all cipher */
1019 hw_desc_init(&desc[idx]);
1020 set_din_no_dma(&desc[idx], 0, 0xfffff0);
1021 set_dout_no_dma(&desc[idx], 0, 0, 1);
1022 idx++;
1023 }
1024
1025 *seq_size = idx;
1026 }
1027
1028 static void cc_set_hmac_desc(struct aead_request *req, struct cc_hw_desc desc[],
1029 unsigned int *seq_size)
1030 {
1031 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1032 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1033 unsigned int hash_mode = (ctx->auth_mode == DRV_HASH_SHA1) ?
1034 DRV_HASH_HW_SHA1 : DRV_HASH_HW_SHA256;
1035 unsigned int digest_size = (ctx->auth_mode == DRV_HASH_SHA1) ?
1036 CC_SHA1_DIGEST_SIZE : CC_SHA256_DIGEST_SIZE;
1037 unsigned int idx = *seq_size;
1038
1039 /* Loading hash ipad xor key state */
1040 hw_desc_init(&desc[idx]);
1041 set_cipher_mode(&desc[idx], hash_mode);
1042 set_din_type(&desc[idx], DMA_DLLI,
1043 ctx->auth_state.hmac.ipad_opad_dma_addr, digest_size,
1044 NS_BIT);
1045 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1046 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
1047 idx++;
1048
1049 /* Load init. digest len (64 bytes) */
1050 hw_desc_init(&desc[idx]);
1051 set_cipher_mode(&desc[idx], hash_mode);
1052 set_din_sram(&desc[idx], cc_digest_len_addr(ctx->drvdata, hash_mode),
1053 ctx->hash_len);
1054 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1055 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1056 idx++;
1057
1058 *seq_size = idx;
1059 }
1060
1061 static void cc_set_xcbc_desc(struct aead_request *req, struct cc_hw_desc desc[],
1062 unsigned int *seq_size)
1063 {
1064 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1065 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1066 unsigned int idx = *seq_size;
1067
1068 /* Loading MAC state */
1069 hw_desc_init(&desc[idx]);
1070 set_din_const(&desc[idx], 0, CC_AES_BLOCK_SIZE);
1071 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
1072 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC);
1073 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1074 set_key_size_aes(&desc[idx], CC_AES_128_BIT_KEY_SIZE);
1075 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1076 set_aes_not_hash_mode(&desc[idx]);
1077 idx++;
1078
1079 /* Setup XCBC MAC K1 */
1080 hw_desc_init(&desc[idx]);
1081 set_din_type(&desc[idx], DMA_DLLI,
1082 ctx->auth_state.xcbc.xcbc_keys_dma_addr,
1083 AES_KEYSIZE_128, NS_BIT);
1084 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1085 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC);
1086 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1087 set_key_size_aes(&desc[idx], CC_AES_128_BIT_KEY_SIZE);
1088 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1089 set_aes_not_hash_mode(&desc[idx]);
1090 idx++;
1091
1092 /* Setup XCBC MAC K2 */
1093 hw_desc_init(&desc[idx]);
1094 set_din_type(&desc[idx], DMA_DLLI,
1095 (ctx->auth_state.xcbc.xcbc_keys_dma_addr +
1096 AES_KEYSIZE_128), AES_KEYSIZE_128, NS_BIT);
1097 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1);
1098 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC);
1099 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1100 set_key_size_aes(&desc[idx], CC_AES_128_BIT_KEY_SIZE);
1101 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1102 set_aes_not_hash_mode(&desc[idx]);
1103 idx++;
1104
1105 /* Setup XCBC MAC K3 */
1106 hw_desc_init(&desc[idx]);
1107 set_din_type(&desc[idx], DMA_DLLI,
1108 (ctx->auth_state.xcbc.xcbc_keys_dma_addr +
1109 2 * AES_KEYSIZE_128), AES_KEYSIZE_128, NS_BIT);
1110 set_setup_mode(&desc[idx], SETUP_LOAD_STATE2);
1111 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC);
1112 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1113 set_key_size_aes(&desc[idx], CC_AES_128_BIT_KEY_SIZE);
1114 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1115 set_aes_not_hash_mode(&desc[idx]);
1116 idx++;
1117
1118 *seq_size = idx;
1119 }
1120
1121 static void cc_proc_header_desc(struct aead_request *req,
1122 struct cc_hw_desc desc[],
1123 unsigned int *seq_size)
1124 {
1125 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
1126 unsigned int idx = *seq_size;
1127
1128 /* Hash associated data */
1129 if (areq_ctx->assoclen > 0)
1130 cc_set_assoc_desc(req, DIN_HASH, desc, &idx);
1131
1132 /* Hash IV */
1133 *seq_size = idx;
1134 }
1135
1136 static void cc_proc_scheme_desc(struct aead_request *req,
1137 struct cc_hw_desc desc[],
1138 unsigned int *seq_size)
1139 {
1140 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1141 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1142 struct cc_aead_handle *aead_handle = ctx->drvdata->aead_handle;
1143 unsigned int hash_mode = (ctx->auth_mode == DRV_HASH_SHA1) ?
1144 DRV_HASH_HW_SHA1 : DRV_HASH_HW_SHA256;
1145 unsigned int digest_size = (ctx->auth_mode == DRV_HASH_SHA1) ?
1146 CC_SHA1_DIGEST_SIZE : CC_SHA256_DIGEST_SIZE;
1147 unsigned int idx = *seq_size;
1148
1149 hw_desc_init(&desc[idx]);
1150 set_cipher_mode(&desc[idx], hash_mode);
1151 set_dout_sram(&desc[idx], aead_handle->sram_workspace_addr,
1152 ctx->hash_len);
1153 set_flow_mode(&desc[idx], S_HASH_to_DOUT);
1154 set_setup_mode(&desc[idx], SETUP_WRITE_STATE1);
1155 set_cipher_do(&desc[idx], DO_PAD);
1156 idx++;
1157
1158 /* Get final ICV result */
1159 hw_desc_init(&desc[idx]);
1160 set_dout_sram(&desc[idx], aead_handle->sram_workspace_addr,
1161 digest_size);
1162 set_flow_mode(&desc[idx], S_HASH_to_DOUT);
1163 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
1164 set_cipher_config0(&desc[idx], HASH_DIGEST_RESULT_LITTLE_ENDIAN);
1165 set_cipher_mode(&desc[idx], hash_mode);
1166 idx++;
1167
1168 /* Loading hash opad xor key state */
1169 hw_desc_init(&desc[idx]);
1170 set_cipher_mode(&desc[idx], hash_mode);
1171 set_din_type(&desc[idx], DMA_DLLI,
1172 (ctx->auth_state.hmac.ipad_opad_dma_addr + digest_size),
1173 digest_size, NS_BIT);
1174 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1175 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
1176 idx++;
1177
1178 /* Load init. digest len (64 bytes) */
1179 hw_desc_init(&desc[idx]);
1180 set_cipher_mode(&desc[idx], hash_mode);
1181 set_din_sram(&desc[idx], cc_digest_len_addr(ctx->drvdata, hash_mode),
1182 ctx->hash_len);
1183 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED);
1184 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1185 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1186 idx++;
1187
1188 /* Perform HASH update */
1189 hw_desc_init(&desc[idx]);
1190 set_din_sram(&desc[idx], aead_handle->sram_workspace_addr,
1191 digest_size);
1192 set_flow_mode(&desc[idx], DIN_HASH);
1193 idx++;
1194
1195 *seq_size = idx;
1196 }
1197
1198 static void cc_mlli_to_sram(struct aead_request *req,
1199 struct cc_hw_desc desc[], unsigned int *seq_size)
1200 {
1201 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1202 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1203 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1204 struct device *dev = drvdata_to_dev(ctx->drvdata);
1205
1206 if ((req_ctx->assoc_buff_type == CC_DMA_BUF_MLLI ||
1207 req_ctx->data_buff_type == CC_DMA_BUF_MLLI ||
1208 !req_ctx->is_single_pass) && req_ctx->mlli_params.mlli_len) {
1209 dev_dbg(dev, "Copy-to-sram: mlli_dma=%08x, mlli_size=%u\n",
1210 (unsigned int)ctx->drvdata->mlli_sram_addr,
1211 req_ctx->mlli_params.mlli_len);
1212 /* Copy MLLI table host-to-sram */
1213 hw_desc_init(&desc[*seq_size]);
1214 set_din_type(&desc[*seq_size], DMA_DLLI,
1215 req_ctx->mlli_params.mlli_dma_addr,
1216 req_ctx->mlli_params.mlli_len, NS_BIT);
1217 set_dout_sram(&desc[*seq_size],
1218 ctx->drvdata->mlli_sram_addr,
1219 req_ctx->mlli_params.mlli_len);
1220 set_flow_mode(&desc[*seq_size], BYPASS);
1221 (*seq_size)++;
1222 }
1223 }
1224
1225 static enum cc_flow_mode cc_get_data_flow(enum drv_crypto_direction direct,
1226 enum cc_flow_mode setup_flow_mode,
1227 bool is_single_pass)
1228 {
1229 enum cc_flow_mode data_flow_mode;
1230
1231 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) {
1232 if (setup_flow_mode == S_DIN_to_AES)
1233 data_flow_mode = is_single_pass ?
1234 AES_to_HASH_and_DOUT : DIN_AES_DOUT;
1235 else
1236 data_flow_mode = is_single_pass ?
1237 DES_to_HASH_and_DOUT : DIN_DES_DOUT;
1238 } else { /* Decrypt */
1239 if (setup_flow_mode == S_DIN_to_AES)
1240 data_flow_mode = is_single_pass ?
1241 AES_and_HASH : DIN_AES_DOUT;
1242 else
1243 data_flow_mode = is_single_pass ?
1244 DES_and_HASH : DIN_DES_DOUT;
1245 }
1246
1247 return data_flow_mode;
1248 }
1249
1250 static void cc_hmac_authenc(struct aead_request *req, struct cc_hw_desc desc[],
1251 unsigned int *seq_size)
1252 {
1253 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1254 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1255 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1256 int direct = req_ctx->gen_ctx.op_type;
1257 unsigned int data_flow_mode =
1258 cc_get_data_flow(direct, ctx->flow_mode,
1259 req_ctx->is_single_pass);
1260
1261 if (req_ctx->is_single_pass) {
1262 /**
1263 * Single-pass flow
1264 */
1265 cc_set_hmac_desc(req, desc, seq_size);
1266 cc_set_cipher_desc(req, desc, seq_size);
1267 cc_proc_header_desc(req, desc, seq_size);
1268 cc_proc_cipher_desc(req, data_flow_mode, desc, seq_size);
1269 cc_proc_scheme_desc(req, desc, seq_size);
1270 cc_proc_digest_desc(req, desc, seq_size);
1271 return;
1272 }
1273
1274 /**
1275 * Double-pass flow
1276 * Fallback for unsupported single-pass modes,
1277 * i.e. using assoc. data of non-word-multiple
1278 */
1279 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) {
1280 /* encrypt first.. */
1281 cc_proc_cipher(req, desc, seq_size, data_flow_mode);
1282 /* authenc after..*/
1283 cc_set_hmac_desc(req, desc, seq_size);
1284 cc_proc_authen_desc(req, DIN_HASH, desc, seq_size, direct);
1285 cc_proc_scheme_desc(req, desc, seq_size);
1286 cc_proc_digest_desc(req, desc, seq_size);
1287
1288 } else { /*DECRYPT*/
1289 /* authenc first..*/
1290 cc_set_hmac_desc(req, desc, seq_size);
1291 cc_proc_authen_desc(req, DIN_HASH, desc, seq_size, direct);
1292 cc_proc_scheme_desc(req, desc, seq_size);
1293 /* decrypt after.. */
1294 cc_proc_cipher(req, desc, seq_size, data_flow_mode);
1295 /* read the digest result with setting the completion bit
1296 * must be after the cipher operation
1297 */
1298 cc_proc_digest_desc(req, desc, seq_size);
1299 }
1300 }
1301
1302 static void
1303 cc_xcbc_authenc(struct aead_request *req, struct cc_hw_desc desc[],
1304 unsigned int *seq_size)
1305 {
1306 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1307 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1308 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1309 int direct = req_ctx->gen_ctx.op_type;
1310 unsigned int data_flow_mode =
1311 cc_get_data_flow(direct, ctx->flow_mode,
1312 req_ctx->is_single_pass);
1313
1314 if (req_ctx->is_single_pass) {
1315 /**
1316 * Single-pass flow
1317 */
1318 cc_set_xcbc_desc(req, desc, seq_size);
1319 cc_set_cipher_desc(req, desc, seq_size);
1320 cc_proc_header_desc(req, desc, seq_size);
1321 cc_proc_cipher_desc(req, data_flow_mode, desc, seq_size);
1322 cc_proc_digest_desc(req, desc, seq_size);
1323 return;
1324 }
1325
1326 /**
1327 * Double-pass flow
1328 * Fallback for unsupported single-pass modes,
1329 * i.e. using assoc. data of non-word-multiple
1330 */
1331 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) {
1332 /* encrypt first.. */
1333 cc_proc_cipher(req, desc, seq_size, data_flow_mode);
1334 /* authenc after.. */
1335 cc_set_xcbc_desc(req, desc, seq_size);
1336 cc_proc_authen_desc(req, DIN_HASH, desc, seq_size, direct);
1337 cc_proc_digest_desc(req, desc, seq_size);
1338 } else { /*DECRYPT*/
1339 /* authenc first.. */
1340 cc_set_xcbc_desc(req, desc, seq_size);
1341 cc_proc_authen_desc(req, DIN_HASH, desc, seq_size, direct);
1342 /* decrypt after..*/
1343 cc_proc_cipher(req, desc, seq_size, data_flow_mode);
1344 /* read the digest result with setting the completion bit
1345 * must be after the cipher operation
1346 */
1347 cc_proc_digest_desc(req, desc, seq_size);
1348 }
1349 }
1350
1351 static int validate_data_size(struct cc_aead_ctx *ctx,
1352 enum drv_crypto_direction direct,
1353 struct aead_request *req)
1354 {
1355 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
1356 struct device *dev = drvdata_to_dev(ctx->drvdata);
1357 unsigned int assoclen = areq_ctx->assoclen;
1358 unsigned int cipherlen = (direct == DRV_CRYPTO_DIRECTION_DECRYPT) ?
1359 (req->cryptlen - ctx->authsize) : req->cryptlen;
1360
1361 if (direct == DRV_CRYPTO_DIRECTION_DECRYPT &&
1362 req->cryptlen < ctx->authsize)
1363 goto data_size_err;
1364
1365 areq_ctx->is_single_pass = true; /*defaulted to fast flow*/
1366
1367 switch (ctx->flow_mode) {
1368 case S_DIN_to_AES:
1369 if (ctx->cipher_mode == DRV_CIPHER_CBC &&
1370 !IS_ALIGNED(cipherlen, AES_BLOCK_SIZE))
1371 goto data_size_err;
1372 if (ctx->cipher_mode == DRV_CIPHER_CCM)
1373 break;
1374 if (ctx->cipher_mode == DRV_CIPHER_GCTR) {
1375 if (areq_ctx->plaintext_authenticate_only)
1376 areq_ctx->is_single_pass = false;
1377 break;
1378 }
1379
1380 if (!IS_ALIGNED(assoclen, sizeof(u32)))
1381 areq_ctx->is_single_pass = false;
1382
1383 if (ctx->cipher_mode == DRV_CIPHER_CTR &&
1384 !IS_ALIGNED(cipherlen, sizeof(u32)))
1385 areq_ctx->is_single_pass = false;
1386
1387 break;
1388 case S_DIN_to_DES:
1389 if (!IS_ALIGNED(cipherlen, DES_BLOCK_SIZE))
1390 goto data_size_err;
1391 if (!IS_ALIGNED(assoclen, DES_BLOCK_SIZE))
1392 areq_ctx->is_single_pass = false;
1393 break;
1394 default:
1395 dev_err(dev, "Unexpected flow mode (%d)\n", ctx->flow_mode);
1396 goto data_size_err;
1397 }
1398
1399 return 0;
1400
1401 data_size_err:
1402 return -EINVAL;
1403 }
1404
1405 static unsigned int format_ccm_a0(u8 *pa0_buff, u32 header_size)
1406 {
1407 unsigned int len = 0;
1408
1409 if (header_size == 0)
1410 return 0;
1411
1412 if (header_size < ((1UL << 16) - (1UL << 8))) {
1413 len = 2;
1414
1415 pa0_buff[0] = (header_size >> 8) & 0xFF;
1416 pa0_buff[1] = header_size & 0xFF;
1417 } else {
1418 len = 6;
1419
1420 pa0_buff[0] = 0xFF;
1421 pa0_buff[1] = 0xFE;
1422 pa0_buff[2] = (header_size >> 24) & 0xFF;
1423 pa0_buff[3] = (header_size >> 16) & 0xFF;
1424 pa0_buff[4] = (header_size >> 8) & 0xFF;
1425 pa0_buff[5] = header_size & 0xFF;
1426 }
1427
1428 return len;
1429 }
1430
1431 static int set_msg_len(u8 *block, unsigned int msglen, unsigned int csize)
1432 {
1433 __be32 data;
1434
1435 memset(block, 0, csize);
1436 block += csize;
1437
1438 if (csize >= 4)
1439 csize = 4;
1440 else if (msglen > (1 << (8 * csize)))
1441 return -EOVERFLOW;
1442
1443 data = cpu_to_be32(msglen);
1444 memcpy(block - csize, (u8 *)&data + 4 - csize, csize);
1445
1446 return 0;
1447 }
1448
1449 static int cc_ccm(struct aead_request *req, struct cc_hw_desc desc[],
1450 unsigned int *seq_size)
1451 {
1452 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1453 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1454 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1455 unsigned int idx = *seq_size;
1456 unsigned int cipher_flow_mode;
1457 dma_addr_t mac_result;
1458
1459 if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) {
1460 cipher_flow_mode = AES_to_HASH_and_DOUT;
1461 mac_result = req_ctx->mac_buf_dma_addr;
1462 } else { /* Encrypt */
1463 cipher_flow_mode = AES_and_HASH;
1464 mac_result = req_ctx->icv_dma_addr;
1465 }
1466
1467 /* load key */
1468 hw_desc_init(&desc[idx]);
1469 set_cipher_mode(&desc[idx], DRV_CIPHER_CTR);
1470 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr,
1471 ((ctx->enc_keylen == 24) ? CC_AES_KEY_SIZE_MAX :
1472 ctx->enc_keylen), NS_BIT);
1473 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1474 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1475 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1476 set_flow_mode(&desc[idx], S_DIN_to_AES);
1477 idx++;
1478
1479 /* load ctr state */
1480 hw_desc_init(&desc[idx]);
1481 set_cipher_mode(&desc[idx], DRV_CIPHER_CTR);
1482 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1483 set_din_type(&desc[idx], DMA_DLLI,
1484 req_ctx->gen_ctx.iv_dma_addr, AES_BLOCK_SIZE, NS_BIT);
1485 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1486 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1);
1487 set_flow_mode(&desc[idx], S_DIN_to_AES);
1488 idx++;
1489
1490 /* load MAC key */
1491 hw_desc_init(&desc[idx]);
1492 set_cipher_mode(&desc[idx], DRV_CIPHER_CBC_MAC);
1493 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr,
1494 ((ctx->enc_keylen == 24) ? CC_AES_KEY_SIZE_MAX :
1495 ctx->enc_keylen), NS_BIT);
1496 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1497 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1498 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1499 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1500 set_aes_not_hash_mode(&desc[idx]);
1501 idx++;
1502
1503 /* load MAC state */
1504 hw_desc_init(&desc[idx]);
1505 set_cipher_mode(&desc[idx], DRV_CIPHER_CBC_MAC);
1506 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1507 set_din_type(&desc[idx], DMA_DLLI, req_ctx->mac_buf_dma_addr,
1508 AES_BLOCK_SIZE, NS_BIT);
1509 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1510 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
1511 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1512 set_aes_not_hash_mode(&desc[idx]);
1513 idx++;
1514
1515 /* process assoc data */
1516 if (req_ctx->assoclen > 0) {
1517 cc_set_assoc_desc(req, DIN_HASH, desc, &idx);
1518 } else {
1519 hw_desc_init(&desc[idx]);
1520 set_din_type(&desc[idx], DMA_DLLI,
1521 sg_dma_address(&req_ctx->ccm_adata_sg),
1522 AES_BLOCK_SIZE + req_ctx->ccm_hdr_size, NS_BIT);
1523 set_flow_mode(&desc[idx], DIN_HASH);
1524 idx++;
1525 }
1526
1527 /* process the cipher */
1528 if (req_ctx->cryptlen)
1529 cc_proc_cipher_desc(req, cipher_flow_mode, desc, &idx);
1530
1531 /* Read temporal MAC */
1532 hw_desc_init(&desc[idx]);
1533 set_cipher_mode(&desc[idx], DRV_CIPHER_CBC_MAC);
1534 set_dout_dlli(&desc[idx], req_ctx->mac_buf_dma_addr, ctx->authsize,
1535 NS_BIT, 0);
1536 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
1537 set_cipher_config0(&desc[idx], HASH_DIGEST_RESULT_LITTLE_ENDIAN);
1538 set_flow_mode(&desc[idx], S_HASH_to_DOUT);
1539 set_aes_not_hash_mode(&desc[idx]);
1540 idx++;
1541
1542 /* load AES-CTR state (for last MAC calculation)*/
1543 hw_desc_init(&desc[idx]);
1544 set_cipher_mode(&desc[idx], DRV_CIPHER_CTR);
1545 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1546 set_din_type(&desc[idx], DMA_DLLI, req_ctx->ccm_iv0_dma_addr,
1547 AES_BLOCK_SIZE, NS_BIT);
1548 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1549 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1);
1550 set_flow_mode(&desc[idx], S_DIN_to_AES);
1551 idx++;
1552
1553 hw_desc_init(&desc[idx]);
1554 set_din_no_dma(&desc[idx], 0, 0xfffff0);
1555 set_dout_no_dma(&desc[idx], 0, 0, 1);
1556 idx++;
1557
1558 /* encrypt the "T" value and store MAC in mac_state */
1559 hw_desc_init(&desc[idx]);
1560 set_din_type(&desc[idx], DMA_DLLI, req_ctx->mac_buf_dma_addr,
1561 ctx->authsize, NS_BIT);
1562 set_dout_dlli(&desc[idx], mac_result, ctx->authsize, NS_BIT, 1);
1563 set_queue_last_ind(ctx->drvdata, &desc[idx]);
1564 set_flow_mode(&desc[idx], DIN_AES_DOUT);
1565 idx++;
1566
1567 *seq_size = idx;
1568 return 0;
1569 }
1570
1571 static int config_ccm_adata(struct aead_request *req)
1572 {
1573 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1574 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1575 struct device *dev = drvdata_to_dev(ctx->drvdata);
1576 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1577 //unsigned int size_of_a = 0, rem_a_size = 0;
1578 unsigned int lp = req->iv[0];
1579 /* Note: The code assume that req->iv[0] already contains the value
1580 * of L' of RFC3610
1581 */
1582 unsigned int l = lp + 1; /* This is L' of RFC 3610. */
1583 unsigned int m = ctx->authsize; /* This is M' of RFC 3610. */
1584 u8 *b0 = req_ctx->ccm_config + CCM_B0_OFFSET;
1585 u8 *a0 = req_ctx->ccm_config + CCM_A0_OFFSET;
1586 u8 *ctr_count_0 = req_ctx->ccm_config + CCM_CTR_COUNT_0_OFFSET;
1587 unsigned int cryptlen = (req_ctx->gen_ctx.op_type ==
1588 DRV_CRYPTO_DIRECTION_ENCRYPT) ?
1589 req->cryptlen :
1590 (req->cryptlen - ctx->authsize);
1591 int rc;
1592
1593 memset(req_ctx->mac_buf, 0, AES_BLOCK_SIZE);
1594 memset(req_ctx->ccm_config, 0, AES_BLOCK_SIZE * 3);
1595
1596 /* taken from crypto/ccm.c */
1597 /* 2 <= L <= 8, so 1 <= L' <= 7. */
1598 if (l < 2 || l > 8) {
1599 dev_err(dev, "illegal iv value %X\n", req->iv[0]);
1600 return -EINVAL;
1601 }
1602 memcpy(b0, req->iv, AES_BLOCK_SIZE);
1603
1604 /* format control info per RFC 3610 and
1605 * NIST Special Publication 800-38C
1606 */
1607 *b0 |= (8 * ((m - 2) / 2));
1608 if (req_ctx->assoclen > 0)
1609 *b0 |= 64; /* Enable bit 6 if Adata exists. */
1610
1611 rc = set_msg_len(b0 + 16 - l, cryptlen, l); /* Write L'. */
1612 if (rc) {
1613 dev_err(dev, "message len overflow detected");
1614 return rc;
1615 }
1616 /* END of "taken from crypto/ccm.c" */
1617
1618 /* l(a) - size of associated data. */
1619 req_ctx->ccm_hdr_size = format_ccm_a0(a0, req_ctx->assoclen);
1620
1621 memset(req->iv + 15 - req->iv[0], 0, req->iv[0] + 1);
1622 req->iv[15] = 1;
1623
1624 memcpy(ctr_count_0, req->iv, AES_BLOCK_SIZE);
1625 ctr_count_0[15] = 0;
1626
1627 return 0;
1628 }
1629
1630 static void cc_proc_rfc4309_ccm(struct aead_request *req)
1631 {
1632 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1633 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1634 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
1635
1636 /* L' */
1637 memset(areq_ctx->ctr_iv, 0, AES_BLOCK_SIZE);
1638 /* For RFC 4309, always use 4 bytes for message length
1639 * (at most 2^32-1 bytes).
1640 */
1641 areq_ctx->ctr_iv[0] = 3;
1642
1643 /* In RFC 4309 there is an 11-bytes nonce+IV part,
1644 * that we build here.
1645 */
1646 memcpy(areq_ctx->ctr_iv + CCM_BLOCK_NONCE_OFFSET, ctx->ctr_nonce,
1647 CCM_BLOCK_NONCE_SIZE);
1648 memcpy(areq_ctx->ctr_iv + CCM_BLOCK_IV_OFFSET, req->iv,
1649 CCM_BLOCK_IV_SIZE);
1650 req->iv = areq_ctx->ctr_iv;
1651 areq_ctx->assoclen -= CCM_BLOCK_IV_SIZE;
1652 }
1653
1654 static void cc_set_ghash_desc(struct aead_request *req,
1655 struct cc_hw_desc desc[], unsigned int *seq_size)
1656 {
1657 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1658 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1659 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1660 unsigned int idx = *seq_size;
1661
1662 /* load key to AES*/
1663 hw_desc_init(&desc[idx]);
1664 set_cipher_mode(&desc[idx], DRV_CIPHER_ECB);
1665 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1666 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr,
1667 ctx->enc_keylen, NS_BIT);
1668 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1669 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1670 set_flow_mode(&desc[idx], S_DIN_to_AES);
1671 idx++;
1672
1673 /* process one zero block to generate hkey */
1674 hw_desc_init(&desc[idx]);
1675 set_din_const(&desc[idx], 0x0, AES_BLOCK_SIZE);
1676 set_dout_dlli(&desc[idx], req_ctx->hkey_dma_addr, AES_BLOCK_SIZE,
1677 NS_BIT, 0);
1678 set_flow_mode(&desc[idx], DIN_AES_DOUT);
1679 idx++;
1680
1681 /* Memory Barrier */
1682 hw_desc_init(&desc[idx]);
1683 set_din_no_dma(&desc[idx], 0, 0xfffff0);
1684 set_dout_no_dma(&desc[idx], 0, 0, 1);
1685 idx++;
1686
1687 /* Load GHASH subkey */
1688 hw_desc_init(&desc[idx]);
1689 set_din_type(&desc[idx], DMA_DLLI, req_ctx->hkey_dma_addr,
1690 AES_BLOCK_SIZE, NS_BIT);
1691 set_dout_no_dma(&desc[idx], 0, 0, 1);
1692 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1693 set_aes_not_hash_mode(&desc[idx]);
1694 set_cipher_mode(&desc[idx], DRV_HASH_HW_GHASH);
1695 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED);
1696 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1697 idx++;
1698
1699 /* Configure Hash Engine to work with GHASH.
1700 * Since it was not possible to extend HASH submodes to add GHASH,
1701 * The following command is necessary in order to
1702 * select GHASH (according to HW designers)
1703 */
1704 hw_desc_init(&desc[idx]);
1705 set_din_no_dma(&desc[idx], 0, 0xfffff0);
1706 set_dout_no_dma(&desc[idx], 0, 0, 1);
1707 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1708 set_aes_not_hash_mode(&desc[idx]);
1709 set_cipher_mode(&desc[idx], DRV_HASH_HW_GHASH);
1710 set_cipher_do(&desc[idx], 1); //1=AES_SK RKEK
1711 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1712 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED);
1713 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1714 idx++;
1715
1716 /* Load GHASH initial STATE (which is 0). (for any hash there is an
1717 * initial state)
1718 */
1719 hw_desc_init(&desc[idx]);
1720 set_din_const(&desc[idx], 0x0, AES_BLOCK_SIZE);
1721 set_dout_no_dma(&desc[idx], 0, 0, 1);
1722 set_flow_mode(&desc[idx], S_DIN_to_HASH);
1723 set_aes_not_hash_mode(&desc[idx]);
1724 set_cipher_mode(&desc[idx], DRV_HASH_HW_GHASH);
1725 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED);
1726 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
1727 idx++;
1728
1729 *seq_size = idx;
1730 }
1731
1732 static void cc_set_gctr_desc(struct aead_request *req, struct cc_hw_desc desc[],
1733 unsigned int *seq_size)
1734 {
1735 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1736 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1737 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1738 unsigned int idx = *seq_size;
1739
1740 /* load key to AES*/
1741 hw_desc_init(&desc[idx]);
1742 set_cipher_mode(&desc[idx], DRV_CIPHER_GCTR);
1743 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1744 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr,
1745 ctx->enc_keylen, NS_BIT);
1746 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1747 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
1748 set_flow_mode(&desc[idx], S_DIN_to_AES);
1749 idx++;
1750
1751 if (req_ctx->cryptlen && !req_ctx->plaintext_authenticate_only) {
1752 /* load AES/CTR initial CTR value inc by 2*/
1753 hw_desc_init(&desc[idx]);
1754 set_cipher_mode(&desc[idx], DRV_CIPHER_GCTR);
1755 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1756 set_din_type(&desc[idx], DMA_DLLI,
1757 req_ctx->gcm_iv_inc2_dma_addr, AES_BLOCK_SIZE,
1758 NS_BIT);
1759 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1760 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1);
1761 set_flow_mode(&desc[idx], S_DIN_to_AES);
1762 idx++;
1763 }
1764
1765 *seq_size = idx;
1766 }
1767
1768 static void cc_proc_gcm_result(struct aead_request *req,
1769 struct cc_hw_desc desc[],
1770 unsigned int *seq_size)
1771 {
1772 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1773 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1774 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1775 dma_addr_t mac_result;
1776 unsigned int idx = *seq_size;
1777
1778 if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) {
1779 mac_result = req_ctx->mac_buf_dma_addr;
1780 } else { /* Encrypt */
1781 mac_result = req_ctx->icv_dma_addr;
1782 }
1783
1784 /* process(ghash) gcm_block_len */
1785 hw_desc_init(&desc[idx]);
1786 set_din_type(&desc[idx], DMA_DLLI, req_ctx->gcm_block_len_dma_addr,
1787 AES_BLOCK_SIZE, NS_BIT);
1788 set_flow_mode(&desc[idx], DIN_HASH);
1789 idx++;
1790
1791 /* Store GHASH state after GHASH(Associated Data + Cipher +LenBlock) */
1792 hw_desc_init(&desc[idx]);
1793 set_cipher_mode(&desc[idx], DRV_HASH_HW_GHASH);
1794 set_din_no_dma(&desc[idx], 0, 0xfffff0);
1795 set_dout_dlli(&desc[idx], req_ctx->mac_buf_dma_addr, AES_BLOCK_SIZE,
1796 NS_BIT, 0);
1797 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
1798 set_flow_mode(&desc[idx], S_HASH_to_DOUT);
1799 set_aes_not_hash_mode(&desc[idx]);
1800
1801 idx++;
1802
1803 /* load AES/CTR initial CTR value inc by 1*/
1804 hw_desc_init(&desc[idx]);
1805 set_cipher_mode(&desc[idx], DRV_CIPHER_GCTR);
1806 set_key_size_aes(&desc[idx], ctx->enc_keylen);
1807 set_din_type(&desc[idx], DMA_DLLI, req_ctx->gcm_iv_inc1_dma_addr,
1808 AES_BLOCK_SIZE, NS_BIT);
1809 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1810 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1);
1811 set_flow_mode(&desc[idx], S_DIN_to_AES);
1812 idx++;
1813
1814 /* Memory Barrier */
1815 hw_desc_init(&desc[idx]);
1816 set_din_no_dma(&desc[idx], 0, 0xfffff0);
1817 set_dout_no_dma(&desc[idx], 0, 0, 1);
1818 idx++;
1819
1820 /* process GCTR on stored GHASH and store MAC in mac_state*/
1821 hw_desc_init(&desc[idx]);
1822 set_cipher_mode(&desc[idx], DRV_CIPHER_GCTR);
1823 set_din_type(&desc[idx], DMA_DLLI, req_ctx->mac_buf_dma_addr,
1824 AES_BLOCK_SIZE, NS_BIT);
1825 set_dout_dlli(&desc[idx], mac_result, ctx->authsize, NS_BIT, 1);
1826 set_queue_last_ind(ctx->drvdata, &desc[idx]);
1827 set_flow_mode(&desc[idx], DIN_AES_DOUT);
1828 idx++;
1829
1830 *seq_size = idx;
1831 }
1832
1833 static int cc_gcm(struct aead_request *req, struct cc_hw_desc desc[],
1834 unsigned int *seq_size)
1835 {
1836 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1837 unsigned int cipher_flow_mode;
1838
1839 if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) {
1840 cipher_flow_mode = AES_and_HASH;
1841 } else { /* Encrypt */
1842 cipher_flow_mode = AES_to_HASH_and_DOUT;
1843 }
1844
1845 //in RFC4543 no data to encrypt. just copy data from src to dest.
1846 if (req_ctx->plaintext_authenticate_only) {
1847 cc_proc_cipher_desc(req, BYPASS, desc, seq_size);
1848 cc_set_ghash_desc(req, desc, seq_size);
1849 /* process(ghash) assoc data */
1850 cc_set_assoc_desc(req, DIN_HASH, desc, seq_size);
1851 cc_set_gctr_desc(req, desc, seq_size);
1852 cc_proc_gcm_result(req, desc, seq_size);
1853 return 0;
1854 }
1855
1856 // for gcm and rfc4106.
1857 cc_set_ghash_desc(req, desc, seq_size);
1858 /* process(ghash) assoc data */
1859 if (req_ctx->assoclen > 0)
1860 cc_set_assoc_desc(req, DIN_HASH, desc, seq_size);
1861 cc_set_gctr_desc(req, desc, seq_size);
1862 /* process(gctr+ghash) */
1863 if (req_ctx->cryptlen)
1864 cc_proc_cipher_desc(req, cipher_flow_mode, desc, seq_size);
1865 cc_proc_gcm_result(req, desc, seq_size);
1866
1867 return 0;
1868 }
1869
1870 static int config_gcm_context(struct aead_request *req)
1871 {
1872 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1873 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1874 struct aead_req_ctx *req_ctx = aead_request_ctx(req);
1875 struct device *dev = drvdata_to_dev(ctx->drvdata);
1876
1877 unsigned int cryptlen = (req_ctx->gen_ctx.op_type ==
1878 DRV_CRYPTO_DIRECTION_ENCRYPT) ?
1879 req->cryptlen :
1880 (req->cryptlen - ctx->authsize);
1881 __be32 counter = cpu_to_be32(2);
1882
1883 dev_dbg(dev, "%s() cryptlen = %d, req_ctx->assoclen = %d ctx->authsize = %d\n",
1884 __func__, cryptlen, req_ctx->assoclen, ctx->authsize);
1885
1886 memset(req_ctx->hkey, 0, AES_BLOCK_SIZE);
1887
1888 memset(req_ctx->mac_buf, 0, AES_BLOCK_SIZE);
1889
1890 memcpy(req->iv + 12, &counter, 4);
1891 memcpy(req_ctx->gcm_iv_inc2, req->iv, 16);
1892
1893 counter = cpu_to_be32(1);
1894 memcpy(req->iv + 12, &counter, 4);
1895 memcpy(req_ctx->gcm_iv_inc1, req->iv, 16);
1896
1897 if (!req_ctx->plaintext_authenticate_only) {
1898 __be64 temp64;
1899
1900 temp64 = cpu_to_be64(req_ctx->assoclen * 8);
1901 memcpy(&req_ctx->gcm_len_block.len_a, &temp64, sizeof(temp64));
1902 temp64 = cpu_to_be64(cryptlen * 8);
1903 memcpy(&req_ctx->gcm_len_block.len_c, &temp64, 8);
1904 } else {
1905 /* rfc4543=> all data(AAD,IV,Plain) are considered additional
1906 * data that is nothing is encrypted.
1907 */
1908 __be64 temp64;
1909
1910 temp64 = cpu_to_be64((req_ctx->assoclen +
1911 GCM_BLOCK_RFC4_IV_SIZE + cryptlen) * 8);
1912 memcpy(&req_ctx->gcm_len_block.len_a, &temp64, sizeof(temp64));
1913 temp64 = 0;
1914 memcpy(&req_ctx->gcm_len_block.len_c, &temp64, 8);
1915 }
1916
1917 return 0;
1918 }
1919
1920 static void cc_proc_rfc4_gcm(struct aead_request *req)
1921 {
1922 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1923 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1924 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
1925
1926 memcpy(areq_ctx->ctr_iv + GCM_BLOCK_RFC4_NONCE_OFFSET,
1927 ctx->ctr_nonce, GCM_BLOCK_RFC4_NONCE_SIZE);
1928 memcpy(areq_ctx->ctr_iv + GCM_BLOCK_RFC4_IV_OFFSET, req->iv,
1929 GCM_BLOCK_RFC4_IV_SIZE);
1930 req->iv = areq_ctx->ctr_iv;
1931 areq_ctx->assoclen -= GCM_BLOCK_RFC4_IV_SIZE;
1932 }
1933
1934 static int cc_proc_aead(struct aead_request *req,
1935 enum drv_crypto_direction direct)
1936 {
1937 int rc = 0;
1938 int seq_len = 0;
1939 struct cc_hw_desc desc[MAX_AEAD_PROCESS_SEQ];
1940 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1941 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
1942 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
1943 struct device *dev = drvdata_to_dev(ctx->drvdata);
1944 struct cc_crypto_req cc_req = {};
1945
1946 dev_dbg(dev, "%s context=%p req=%p iv=%p src=%p src_ofs=%d dst=%p dst_ofs=%d cryptolen=%d\n",
1947 ((direct == DRV_CRYPTO_DIRECTION_ENCRYPT) ? "Enc" : "Dec"),
1948 ctx, req, req->iv, sg_virt(req->src), req->src->offset,
1949 sg_virt(req->dst), req->dst->offset, req->cryptlen);
1950
1951 /* STAT_PHASE_0: Init and sanity checks */
1952
1953 /* Check data length according to mode */
1954 if (validate_data_size(ctx, direct, req)) {
1955 dev_err(dev, "Unsupported crypt/assoc len %d/%d.\n",
1956 req->cryptlen, areq_ctx->assoclen);
1957 crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_BLOCK_LEN);
1958 return -EINVAL;
1959 }
1960
1961 /* Setup request structure */
1962 cc_req.user_cb = (void *)cc_aead_complete;
1963 cc_req.user_arg = (void *)req;
1964
1965 /* Setup request context */
1966 areq_ctx->gen_ctx.op_type = direct;
1967 areq_ctx->req_authsize = ctx->authsize;
1968 areq_ctx->cipher_mode = ctx->cipher_mode;
1969
1970 /* STAT_PHASE_1: Map buffers */
1971
1972 if (ctx->cipher_mode == DRV_CIPHER_CTR) {
1973 /* Build CTR IV - Copy nonce from last 4 bytes in
1974 * CTR key to first 4 bytes in CTR IV
1975 */
1976 memcpy(areq_ctx->ctr_iv, ctx->ctr_nonce,
1977 CTR_RFC3686_NONCE_SIZE);
1978 if (!areq_ctx->backup_giv) /*User none-generated IV*/
1979 memcpy(areq_ctx->ctr_iv + CTR_RFC3686_NONCE_SIZE,
1980 req->iv, CTR_RFC3686_IV_SIZE);
1981 /* Initialize counter portion of counter block */
1982 *(__be32 *)(areq_ctx->ctr_iv + CTR_RFC3686_NONCE_SIZE +
1983 CTR_RFC3686_IV_SIZE) = cpu_to_be32(1);
1984
1985 /* Replace with counter iv */
1986 req->iv = areq_ctx->ctr_iv;
1987 areq_ctx->hw_iv_size = CTR_RFC3686_BLOCK_SIZE;
1988 } else if ((ctx->cipher_mode == DRV_CIPHER_CCM) ||
1989 (ctx->cipher_mode == DRV_CIPHER_GCTR)) {
1990 areq_ctx->hw_iv_size = AES_BLOCK_SIZE;
1991 if (areq_ctx->ctr_iv != req->iv) {
1992 memcpy(areq_ctx->ctr_iv, req->iv,
1993 crypto_aead_ivsize(tfm));
1994 req->iv = areq_ctx->ctr_iv;
1995 }
1996 } else {
1997 areq_ctx->hw_iv_size = crypto_aead_ivsize(tfm);
1998 }
1999
2000 if (ctx->cipher_mode == DRV_CIPHER_CCM) {
2001 rc = config_ccm_adata(req);
2002 if (rc) {
2003 dev_dbg(dev, "config_ccm_adata() returned with a failure %d!",
2004 rc);
2005 goto exit;
2006 }
2007 } else {
2008 areq_ctx->ccm_hdr_size = ccm_header_size_null;
2009 }
2010
2011 if (ctx->cipher_mode == DRV_CIPHER_GCTR) {
2012 rc = config_gcm_context(req);
2013 if (rc) {
2014 dev_dbg(dev, "config_gcm_context() returned with a failure %d!",
2015 rc);
2016 goto exit;
2017 }
2018 }
2019
2020 rc = cc_map_aead_request(ctx->drvdata, req);
2021 if (rc) {
2022 dev_err(dev, "map_request() failed\n");
2023 goto exit;
2024 }
2025
2026 /* do we need to generate IV? */
2027 if (areq_ctx->backup_giv) {
2028 /* set the DMA mapped IV address*/
2029 if (ctx->cipher_mode == DRV_CIPHER_CTR) {
2030 cc_req.ivgen_dma_addr[0] =
2031 areq_ctx->gen_ctx.iv_dma_addr +
2032 CTR_RFC3686_NONCE_SIZE;
2033 cc_req.ivgen_dma_addr_len = 1;
2034 } else if (ctx->cipher_mode == DRV_CIPHER_CCM) {
2035 /* In ccm, the IV needs to exist both inside B0 and
2036 * inside the counter.It is also copied to iv_dma_addr
2037 * for other reasons (like returning it to the user).
2038 * So, using 3 (identical) IV outputs.
2039 */
2040 cc_req.ivgen_dma_addr[0] =
2041 areq_ctx->gen_ctx.iv_dma_addr +
2042 CCM_BLOCK_IV_OFFSET;
2043 cc_req.ivgen_dma_addr[1] =
2044 sg_dma_address(&areq_ctx->ccm_adata_sg) +
2045 CCM_B0_OFFSET + CCM_BLOCK_IV_OFFSET;
2046 cc_req.ivgen_dma_addr[2] =
2047 sg_dma_address(&areq_ctx->ccm_adata_sg) +
2048 CCM_CTR_COUNT_0_OFFSET + CCM_BLOCK_IV_OFFSET;
2049 cc_req.ivgen_dma_addr_len = 3;
2050 } else {
2051 cc_req.ivgen_dma_addr[0] =
2052 areq_ctx->gen_ctx.iv_dma_addr;
2053 cc_req.ivgen_dma_addr_len = 1;
2054 }
2055
2056 /* set the IV size (8/16 B long)*/
2057 cc_req.ivgen_size = crypto_aead_ivsize(tfm);
2058 }
2059
2060 /* STAT_PHASE_2: Create sequence */
2061
2062 /* Load MLLI tables to SRAM if necessary */
2063 cc_mlli_to_sram(req, desc, &seq_len);
2064
2065 /*TODO: move seq len by reference */
2066 switch (ctx->auth_mode) {
2067 case DRV_HASH_SHA1:
2068 case DRV_HASH_SHA256:
2069 cc_hmac_authenc(req, desc, &seq_len);
2070 break;
2071 case DRV_HASH_XCBC_MAC:
2072 cc_xcbc_authenc(req, desc, &seq_len);
2073 break;
2074 case DRV_HASH_NULL:
2075 if (ctx->cipher_mode == DRV_CIPHER_CCM)
2076 cc_ccm(req, desc, &seq_len);
2077 if (ctx->cipher_mode == DRV_CIPHER_GCTR)
2078 cc_gcm(req, desc, &seq_len);
2079 break;
2080 default:
2081 dev_err(dev, "Unsupported authenc (%d)\n", ctx->auth_mode);
2082 cc_unmap_aead_request(dev, req);
2083 rc = -ENOTSUPP;
2084 goto exit;
2085 }
2086
2087 /* STAT_PHASE_3: Lock HW and push sequence */
2088
2089 rc = cc_send_request(ctx->drvdata, &cc_req, desc, seq_len, &req->base);
2090
2091 if (rc != -EINPROGRESS && rc != -EBUSY) {
2092 dev_err(dev, "send_request() failed (rc=%d)\n", rc);
2093 cc_unmap_aead_request(dev, req);
2094 }
2095
2096 exit:
2097 return rc;
2098 }
2099
2100 static int cc_aead_encrypt(struct aead_request *req)
2101 {
2102 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
2103 int rc;
2104
2105 memset(areq_ctx, 0, sizeof(*areq_ctx));
2106
2107 /* No generated IV required */
2108 areq_ctx->backup_iv = req->iv;
2109 areq_ctx->assoclen = req->assoclen;
2110 areq_ctx->backup_giv = NULL;
2111 areq_ctx->is_gcm4543 = false;
2112
2113 areq_ctx->plaintext_authenticate_only = false;
2114
2115 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
2116 if (rc != -EINPROGRESS && rc != -EBUSY)
2117 req->iv = areq_ctx->backup_iv;
2118
2119 return rc;
2120 }
2121
2122 static int cc_rfc4309_ccm_encrypt(struct aead_request *req)
2123 {
2124 /* Very similar to cc_aead_encrypt() above. */
2125
2126 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
2127 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
2128 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
2129 struct device *dev = drvdata_to_dev(ctx->drvdata);
2130 int rc = -EINVAL;
2131
2132 if (!valid_assoclen(req)) {
2133 dev_err(dev, "invalid Assoclen:%u\n", req->assoclen);
2134 goto out;
2135 }
2136
2137 memset(areq_ctx, 0, sizeof(*areq_ctx));
2138
2139 /* No generated IV required */
2140 areq_ctx->backup_iv = req->iv;
2141 areq_ctx->assoclen = req->assoclen;
2142 areq_ctx->backup_giv = NULL;
2143 areq_ctx->is_gcm4543 = true;
2144
2145 cc_proc_rfc4309_ccm(req);
2146
2147 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
2148 if (rc != -EINPROGRESS && rc != -EBUSY)
2149 req->iv = areq_ctx->backup_iv;
2150 out:
2151 return rc;
2152 }
2153
2154 static int cc_aead_decrypt(struct aead_request *req)
2155 {
2156 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
2157 int rc;
2158
2159 memset(areq_ctx, 0, sizeof(*areq_ctx));
2160
2161 /* No generated IV required */
2162 areq_ctx->backup_iv = req->iv;
2163 areq_ctx->assoclen = req->assoclen;
2164 areq_ctx->backup_giv = NULL;
2165 areq_ctx->is_gcm4543 = false;
2166
2167 areq_ctx->plaintext_authenticate_only = false;
2168
2169 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT);
2170 if (rc != -EINPROGRESS && rc != -EBUSY)
2171 req->iv = areq_ctx->backup_iv;
2172
2173 return rc;
2174 }
2175
2176 static int cc_rfc4309_ccm_decrypt(struct aead_request *req)
2177 {
2178 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
2179 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
2180 struct device *dev = drvdata_to_dev(ctx->drvdata);
2181 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
2182 int rc = -EINVAL;
2183
2184 if (!valid_assoclen(req)) {
2185 dev_err(dev, "invalid Assoclen:%u\n", req->assoclen);
2186 goto out;
2187 }
2188
2189 memset(areq_ctx, 0, sizeof(*areq_ctx));
2190
2191 /* No generated IV required */
2192 areq_ctx->backup_iv = req->iv;
2193 areq_ctx->assoclen = req->assoclen;
2194 areq_ctx->backup_giv = NULL;
2195
2196 areq_ctx->is_gcm4543 = true;
2197 cc_proc_rfc4309_ccm(req);
2198
2199 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT);
2200 if (rc != -EINPROGRESS && rc != -EBUSY)
2201 req->iv = areq_ctx->backup_iv;
2202
2203 out:
2204 return rc;
2205 }
2206
2207 static int cc_rfc4106_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
2208 unsigned int keylen)
2209 {
2210 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
2211 struct device *dev = drvdata_to_dev(ctx->drvdata);
2212
2213 dev_dbg(dev, "%s() keylen %d, key %p\n", __func__, keylen, key);
2214
2215 if (keylen < 4)
2216 return -EINVAL;
2217
2218 keylen -= 4;
2219 memcpy(ctx->ctr_nonce, key + keylen, 4);
2220
2221 return cc_aead_setkey(tfm, key, keylen);
2222 }
2223
2224 static int cc_rfc4543_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
2225 unsigned int keylen)
2226 {
2227 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
2228 struct device *dev = drvdata_to_dev(ctx->drvdata);
2229
2230 dev_dbg(dev, "%s() keylen %d, key %p\n", __func__, keylen, key);
2231
2232 if (keylen < 4)
2233 return -EINVAL;
2234
2235 keylen -= 4;
2236 memcpy(ctx->ctr_nonce, key + keylen, 4);
2237
2238 return cc_aead_setkey(tfm, key, keylen);
2239 }
2240
2241 static int cc_gcm_setauthsize(struct crypto_aead *authenc,
2242 unsigned int authsize)
2243 {
2244 switch (authsize) {
2245 case 4:
2246 case 8:
2247 case 12:
2248 case 13:
2249 case 14:
2250 case 15:
2251 case 16:
2252 break;
2253 default:
2254 return -EINVAL;
2255 }
2256
2257 return cc_aead_setauthsize(authenc, authsize);
2258 }
2259
2260 static int cc_rfc4106_gcm_setauthsize(struct crypto_aead *authenc,
2261 unsigned int authsize)
2262 {
2263 struct cc_aead_ctx *ctx = crypto_aead_ctx(authenc);
2264 struct device *dev = drvdata_to_dev(ctx->drvdata);
2265
2266 dev_dbg(dev, "authsize %d\n", authsize);
2267
2268 switch (authsize) {
2269 case 8:
2270 case 12:
2271 case 16:
2272 break;
2273 default:
2274 return -EINVAL;
2275 }
2276
2277 return cc_aead_setauthsize(authenc, authsize);
2278 }
2279
2280 static int cc_rfc4543_gcm_setauthsize(struct crypto_aead *authenc,
2281 unsigned int authsize)
2282 {
2283 struct cc_aead_ctx *ctx = crypto_aead_ctx(authenc);
2284 struct device *dev = drvdata_to_dev(ctx->drvdata);
2285
2286 dev_dbg(dev, "authsize %d\n", authsize);
2287
2288 if (authsize != 16)
2289 return -EINVAL;
2290
2291 return cc_aead_setauthsize(authenc, authsize);
2292 }
2293
2294 static int cc_rfc4106_gcm_encrypt(struct aead_request *req)
2295 {
2296 /* Very similar to cc_aead_encrypt() above. */
2297
2298 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
2299 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
2300 struct device *dev = drvdata_to_dev(ctx->drvdata);
2301 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
2302 int rc = -EINVAL;
2303
2304 if (!valid_assoclen(req)) {
2305 dev_err(dev, "invalid Assoclen:%u\n", req->assoclen);
2306 goto out;
2307 }
2308
2309 memset(areq_ctx, 0, sizeof(*areq_ctx));
2310
2311 /* No generated IV required */
2312 areq_ctx->backup_iv = req->iv;
2313 areq_ctx->assoclen = req->assoclen;
2314 areq_ctx->backup_giv = NULL;
2315
2316 areq_ctx->plaintext_authenticate_only = false;
2317
2318 cc_proc_rfc4_gcm(req);
2319 areq_ctx->is_gcm4543 = true;
2320
2321 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
2322 if (rc != -EINPROGRESS && rc != -EBUSY)
2323 req->iv = areq_ctx->backup_iv;
2324 out:
2325 return rc;
2326 }
2327
2328 static int cc_rfc4543_gcm_encrypt(struct aead_request *req)
2329 {
2330 /* Very similar to cc_aead_encrypt() above. */
2331
2332 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
2333 int rc;
2334
2335 memset(areq_ctx, 0, sizeof(*areq_ctx));
2336
2337 //plaintext is not encryped with rfc4543
2338 areq_ctx->plaintext_authenticate_only = true;
2339
2340 /* No generated IV required */
2341 areq_ctx->backup_iv = req->iv;
2342 areq_ctx->assoclen = req->assoclen;
2343 areq_ctx->backup_giv = NULL;
2344
2345 cc_proc_rfc4_gcm(req);
2346 areq_ctx->is_gcm4543 = true;
2347
2348 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
2349 if (rc != -EINPROGRESS && rc != -EBUSY)
2350 req->iv = areq_ctx->backup_iv;
2351
2352 return rc;
2353 }
2354
2355 static int cc_rfc4106_gcm_decrypt(struct aead_request *req)
2356 {
2357 /* Very similar to cc_aead_decrypt() above. */
2358
2359 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
2360 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
2361 struct device *dev = drvdata_to_dev(ctx->drvdata);
2362 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
2363 int rc = -EINVAL;
2364
2365 if (!valid_assoclen(req)) {
2366 dev_err(dev, "invalid Assoclen:%u\n", req->assoclen);
2367 goto out;
2368 }
2369
2370 memset(areq_ctx, 0, sizeof(*areq_ctx));
2371
2372 /* No generated IV required */
2373 areq_ctx->backup_iv = req->iv;
2374 areq_ctx->assoclen = req->assoclen;
2375 areq_ctx->backup_giv = NULL;
2376
2377 areq_ctx->plaintext_authenticate_only = false;
2378
2379 cc_proc_rfc4_gcm(req);
2380 areq_ctx->is_gcm4543 = true;
2381
2382 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT);
2383 if (rc != -EINPROGRESS && rc != -EBUSY)
2384 req->iv = areq_ctx->backup_iv;
2385 out:
2386 return rc;
2387 }
2388
2389 static int cc_rfc4543_gcm_decrypt(struct aead_request *req)
2390 {
2391 /* Very similar to cc_aead_decrypt() above. */
2392
2393 struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
2394 int rc;
2395
2396 memset(areq_ctx, 0, sizeof(*areq_ctx));
2397
2398 //plaintext is not decryped with rfc4543
2399 areq_ctx->plaintext_authenticate_only = true;
2400
2401 /* No generated IV required */
2402 areq_ctx->backup_iv = req->iv;
2403 areq_ctx->assoclen = req->assoclen;
2404 areq_ctx->backup_giv = NULL;
2405
2406 cc_proc_rfc4_gcm(req);
2407 areq_ctx->is_gcm4543 = true;
2408
2409 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT);
2410 if (rc != -EINPROGRESS && rc != -EBUSY)
2411 req->iv = areq_ctx->backup_iv;
2412
2413 return rc;
2414 }
2415
2416 /* aead alg */
2417 static struct cc_alg_template aead_algs[] = {
2418 {
2419 .name = "authenc(hmac(sha1),cbc(aes))",
2420 .driver_name = "authenc-hmac-sha1-cbc-aes-ccree",
2421 .blocksize = AES_BLOCK_SIZE,
2422 .template_aead = {
2423 .setkey = cc_aead_setkey,
2424 .setauthsize = cc_aead_setauthsize,
2425 .encrypt = cc_aead_encrypt,
2426 .decrypt = cc_aead_decrypt,
2427 .init = cc_aead_init,
2428 .exit = cc_aead_exit,
2429 .ivsize = AES_BLOCK_SIZE,
2430 .maxauthsize = SHA1_DIGEST_SIZE,
2431 },
2432 .cipher_mode = DRV_CIPHER_CBC,
2433 .flow_mode = S_DIN_to_AES,
2434 .auth_mode = DRV_HASH_SHA1,
2435 .min_hw_rev = CC_HW_REV_630,
2436 .std_body = CC_STD_NIST,
2437 },
2438 {
2439 .name = "authenc(hmac(sha1),cbc(des3_ede))",
2440 .driver_name = "authenc-hmac-sha1-cbc-des3-ccree",
2441 .blocksize = DES3_EDE_BLOCK_SIZE,
2442 .template_aead = {
2443 .setkey = cc_des3_aead_setkey,
2444 .setauthsize = cc_aead_setauthsize,
2445 .encrypt = cc_aead_encrypt,
2446 .decrypt = cc_aead_decrypt,
2447 .init = cc_aead_init,
2448 .exit = cc_aead_exit,
2449 .ivsize = DES3_EDE_BLOCK_SIZE,
2450 .maxauthsize = SHA1_DIGEST_SIZE,
2451 },
2452 .cipher_mode = DRV_CIPHER_CBC,
2453 .flow_mode = S_DIN_to_DES,
2454 .auth_mode = DRV_HASH_SHA1,
2455 .min_hw_rev = CC_HW_REV_630,
2456 .std_body = CC_STD_NIST,
2457 },
2458 {
2459 .name = "authenc(hmac(sha256),cbc(aes))",
2460 .driver_name = "authenc-hmac-sha256-cbc-aes-ccree",
2461 .blocksize = AES_BLOCK_SIZE,
2462 .template_aead = {
2463 .setkey = cc_aead_setkey,
2464 .setauthsize = cc_aead_setauthsize,
2465 .encrypt = cc_aead_encrypt,
2466 .decrypt = cc_aead_decrypt,
2467 .init = cc_aead_init,
2468 .exit = cc_aead_exit,
2469 .ivsize = AES_BLOCK_SIZE,
2470 .maxauthsize = SHA256_DIGEST_SIZE,
2471 },
2472 .cipher_mode = DRV_CIPHER_CBC,
2473 .flow_mode = S_DIN_to_AES,
2474 .auth_mode = DRV_HASH_SHA256,
2475 .min_hw_rev = CC_HW_REV_630,
2476 .std_body = CC_STD_NIST,
2477 },
2478 {
2479 .name = "authenc(hmac(sha256),cbc(des3_ede))",
2480 .driver_name = "authenc-hmac-sha256-cbc-des3-ccree",
2481 .blocksize = DES3_EDE_BLOCK_SIZE,
2482 .template_aead = {
2483 .setkey = cc_des3_aead_setkey,
2484 .setauthsize = cc_aead_setauthsize,
2485 .encrypt = cc_aead_encrypt,
2486 .decrypt = cc_aead_decrypt,
2487 .init = cc_aead_init,
2488 .exit = cc_aead_exit,
2489 .ivsize = DES3_EDE_BLOCK_SIZE,
2490 .maxauthsize = SHA256_DIGEST_SIZE,
2491 },
2492 .cipher_mode = DRV_CIPHER_CBC,
2493 .flow_mode = S_DIN_to_DES,
2494 .auth_mode = DRV_HASH_SHA256,
2495 .min_hw_rev = CC_HW_REV_630,
2496 .std_body = CC_STD_NIST,
2497 },
2498 {
2499 .name = "authenc(xcbc(aes),cbc(aes))",
2500 .driver_name = "authenc-xcbc-aes-cbc-aes-ccree",
2501 .blocksize = AES_BLOCK_SIZE,
2502 .template_aead = {
2503 .setkey = cc_aead_setkey,
2504 .setauthsize = cc_aead_setauthsize,
2505 .encrypt = cc_aead_encrypt,
2506 .decrypt = cc_aead_decrypt,
2507 .init = cc_aead_init,
2508 .exit = cc_aead_exit,
2509 .ivsize = AES_BLOCK_SIZE,
2510 .maxauthsize = AES_BLOCK_SIZE,
2511 },
2512 .cipher_mode = DRV_CIPHER_CBC,
2513 .flow_mode = S_DIN_to_AES,
2514 .auth_mode = DRV_HASH_XCBC_MAC,
2515 .min_hw_rev = CC_HW_REV_630,
2516 .std_body = CC_STD_NIST,
2517 },
2518 {
2519 .name = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2520 .driver_name = "authenc-hmac-sha1-rfc3686-ctr-aes-ccree",
2521 .blocksize = 1,
2522 .template_aead = {
2523 .setkey = cc_aead_setkey,
2524 .setauthsize = cc_aead_setauthsize,
2525 .encrypt = cc_aead_encrypt,
2526 .decrypt = cc_aead_decrypt,
2527 .init = cc_aead_init,
2528 .exit = cc_aead_exit,
2529 .ivsize = CTR_RFC3686_IV_SIZE,
2530 .maxauthsize = SHA1_DIGEST_SIZE,
2531 },
2532 .cipher_mode = DRV_CIPHER_CTR,
2533 .flow_mode = S_DIN_to_AES,
2534 .auth_mode = DRV_HASH_SHA1,
2535 .min_hw_rev = CC_HW_REV_630,
2536 .std_body = CC_STD_NIST,
2537 },
2538 {
2539 .name = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2540 .driver_name = "authenc-hmac-sha256-rfc3686-ctr-aes-ccree",
2541 .blocksize = 1,
2542 .template_aead = {
2543 .setkey = cc_aead_setkey,
2544 .setauthsize = cc_aead_setauthsize,
2545 .encrypt = cc_aead_encrypt,
2546 .decrypt = cc_aead_decrypt,
2547 .init = cc_aead_init,
2548 .exit = cc_aead_exit,
2549 .ivsize = CTR_RFC3686_IV_SIZE,
2550 .maxauthsize = SHA256_DIGEST_SIZE,
2551 },
2552 .cipher_mode = DRV_CIPHER_CTR,
2553 .flow_mode = S_DIN_to_AES,
2554 .auth_mode = DRV_HASH_SHA256,
2555 .min_hw_rev = CC_HW_REV_630,
2556 .std_body = CC_STD_NIST,
2557 },
2558 {
2559 .name = "authenc(xcbc(aes),rfc3686(ctr(aes)))",
2560 .driver_name = "authenc-xcbc-aes-rfc3686-ctr-aes-ccree",
2561 .blocksize = 1,
2562 .template_aead = {
2563 .setkey = cc_aead_setkey,
2564 .setauthsize = cc_aead_setauthsize,
2565 .encrypt = cc_aead_encrypt,
2566 .decrypt = cc_aead_decrypt,
2567 .init = cc_aead_init,
2568 .exit = cc_aead_exit,
2569 .ivsize = CTR_RFC3686_IV_SIZE,
2570 .maxauthsize = AES_BLOCK_SIZE,
2571 },
2572 .cipher_mode = DRV_CIPHER_CTR,
2573 .flow_mode = S_DIN_to_AES,
2574 .auth_mode = DRV_HASH_XCBC_MAC,
2575 .min_hw_rev = CC_HW_REV_630,
2576 .std_body = CC_STD_NIST,
2577 },
2578 {
2579 .name = "ccm(aes)",
2580 .driver_name = "ccm-aes-ccree",
2581 .blocksize = 1,
2582 .template_aead = {
2583 .setkey = cc_aead_setkey,
2584 .setauthsize = cc_ccm_setauthsize,
2585 .encrypt = cc_aead_encrypt,
2586 .decrypt = cc_aead_decrypt,
2587 .init = cc_aead_init,
2588 .exit = cc_aead_exit,
2589 .ivsize = AES_BLOCK_SIZE,
2590 .maxauthsize = AES_BLOCK_SIZE,
2591 },
2592 .cipher_mode = DRV_CIPHER_CCM,
2593 .flow_mode = S_DIN_to_AES,
2594 .auth_mode = DRV_HASH_NULL,
2595 .min_hw_rev = CC_HW_REV_630,
2596 .std_body = CC_STD_NIST,
2597 },
2598 {
2599 .name = "rfc4309(ccm(aes))",
2600 .driver_name = "rfc4309-ccm-aes-ccree",
2601 .blocksize = 1,
2602 .template_aead = {
2603 .setkey = cc_rfc4309_ccm_setkey,
2604 .setauthsize = cc_rfc4309_ccm_setauthsize,
2605 .encrypt = cc_rfc4309_ccm_encrypt,
2606 .decrypt = cc_rfc4309_ccm_decrypt,
2607 .init = cc_aead_init,
2608 .exit = cc_aead_exit,
2609 .ivsize = CCM_BLOCK_IV_SIZE,
2610 .maxauthsize = AES_BLOCK_SIZE,
2611 },
2612 .cipher_mode = DRV_CIPHER_CCM,
2613 .flow_mode = S_DIN_to_AES,
2614 .auth_mode = DRV_HASH_NULL,
2615 .min_hw_rev = CC_HW_REV_630,
2616 .std_body = CC_STD_NIST,
2617 },
2618 {
2619 .name = "gcm(aes)",
2620 .driver_name = "gcm-aes-ccree",
2621 .blocksize = 1,
2622 .template_aead = {
2623 .setkey = cc_aead_setkey,
2624 .setauthsize = cc_gcm_setauthsize,
2625 .encrypt = cc_aead_encrypt,
2626 .decrypt = cc_aead_decrypt,
2627 .init = cc_aead_init,
2628 .exit = cc_aead_exit,
2629 .ivsize = 12,
2630 .maxauthsize = AES_BLOCK_SIZE,
2631 },
2632 .cipher_mode = DRV_CIPHER_GCTR,
2633 .flow_mode = S_DIN_to_AES,
2634 .auth_mode = DRV_HASH_NULL,
2635 .min_hw_rev = CC_HW_REV_630,
2636 .std_body = CC_STD_NIST,
2637 },
2638 {
2639 .name = "rfc4106(gcm(aes))",
2640 .driver_name = "rfc4106-gcm-aes-ccree",
2641 .blocksize = 1,
2642 .template_aead = {
2643 .setkey = cc_rfc4106_gcm_setkey,
2644 .setauthsize = cc_rfc4106_gcm_setauthsize,
2645 .encrypt = cc_rfc4106_gcm_encrypt,
2646 .decrypt = cc_rfc4106_gcm_decrypt,
2647 .init = cc_aead_init,
2648 .exit = cc_aead_exit,
2649 .ivsize = GCM_BLOCK_RFC4_IV_SIZE,
2650 .maxauthsize = AES_BLOCK_SIZE,
2651 },
2652 .cipher_mode = DRV_CIPHER_GCTR,
2653 .flow_mode = S_DIN_to_AES,
2654 .auth_mode = DRV_HASH_NULL,
2655 .min_hw_rev = CC_HW_REV_630,
2656 .std_body = CC_STD_NIST,
2657 },
2658 {
2659 .name = "rfc4543(gcm(aes))",
2660 .driver_name = "rfc4543-gcm-aes-ccree",
2661 .blocksize = 1,
2662 .template_aead = {
2663 .setkey = cc_rfc4543_gcm_setkey,
2664 .setauthsize = cc_rfc4543_gcm_setauthsize,
2665 .encrypt = cc_rfc4543_gcm_encrypt,
2666 .decrypt = cc_rfc4543_gcm_decrypt,
2667 .init = cc_aead_init,
2668 .exit = cc_aead_exit,
2669 .ivsize = GCM_BLOCK_RFC4_IV_SIZE,
2670 .maxauthsize = AES_BLOCK_SIZE,
2671 },
2672 .cipher_mode = DRV_CIPHER_GCTR,
2673 .flow_mode = S_DIN_to_AES,
2674 .auth_mode = DRV_HASH_NULL,
2675 .min_hw_rev = CC_HW_REV_630,
2676 .std_body = CC_STD_NIST,
2677 },
2678 };
2679
2680 static struct cc_crypto_alg *cc_create_aead_alg(struct cc_alg_template *tmpl,
2681 struct device *dev)
2682 {
2683 struct cc_crypto_alg *t_alg;
2684 struct aead_alg *alg;
2685
2686 t_alg = kzalloc(sizeof(*t_alg), GFP_KERNEL);
2687 if (!t_alg)
2688 return ERR_PTR(-ENOMEM);
2689
2690 alg = &tmpl->template_aead;
2691
2692 snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name);
2693 snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
2694 tmpl->driver_name);
2695 alg->base.cra_module = THIS_MODULE;
2696 alg->base.cra_priority = CC_CRA_PRIO;
2697
2698 alg->base.cra_ctxsize = sizeof(struct cc_aead_ctx);
2699 alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
2700 alg->init = cc_aead_init;
2701 alg->exit = cc_aead_exit;
2702
2703 t_alg->aead_alg = *alg;
2704
2705 t_alg->cipher_mode = tmpl->cipher_mode;
2706 t_alg->flow_mode = tmpl->flow_mode;
2707 t_alg->auth_mode = tmpl->auth_mode;
2708
2709 return t_alg;
2710 }
2711
2712 int cc_aead_free(struct cc_drvdata *drvdata)
2713 {
2714 struct cc_crypto_alg *t_alg, *n;
2715 struct cc_aead_handle *aead_handle =
2716 (struct cc_aead_handle *)drvdata->aead_handle;
2717
2718 if (aead_handle) {
2719 /* Remove registered algs */
2720 list_for_each_entry_safe(t_alg, n, &aead_handle->aead_list,
2721 entry) {
2722 crypto_unregister_aead(&t_alg->aead_alg);
2723 list_del(&t_alg->entry);
2724 kfree(t_alg);
2725 }
2726 kfree(aead_handle);
2727 drvdata->aead_handle = NULL;
2728 }
2729
2730 return 0;
2731 }
2732
2733 int cc_aead_alloc(struct cc_drvdata *drvdata)
2734 {
2735 struct cc_aead_handle *aead_handle;
2736 struct cc_crypto_alg *t_alg;
2737 int rc = -ENOMEM;
2738 int alg;
2739 struct device *dev = drvdata_to_dev(drvdata);
2740
2741 aead_handle = kmalloc(sizeof(*aead_handle), GFP_KERNEL);
2742 if (!aead_handle) {
2743 rc = -ENOMEM;
2744 goto fail0;
2745 }
2746
2747 INIT_LIST_HEAD(&aead_handle->aead_list);
2748 drvdata->aead_handle = aead_handle;
2749
2750 aead_handle->sram_workspace_addr = cc_sram_alloc(drvdata,
2751 MAX_HMAC_DIGEST_SIZE);
2752
2753 if (aead_handle->sram_workspace_addr == NULL_SRAM_ADDR) {
2754 dev_err(dev, "SRAM pool exhausted\n");
2755 rc = -ENOMEM;
2756 goto fail1;
2757 }
2758
2759 /* Linux crypto */
2760 for (alg = 0; alg < ARRAY_SIZE(aead_algs); alg++) {
2761 if ((aead_algs[alg].min_hw_rev > drvdata->hw_rev) ||
2762 !(drvdata->std_bodies & aead_algs[alg].std_body))
2763 continue;
2764
2765 t_alg = cc_create_aead_alg(&aead_algs[alg], dev);
2766 if (IS_ERR(t_alg)) {
2767 rc = PTR_ERR(t_alg);
2768 dev_err(dev, "%s alg allocation failed\n",
2769 aead_algs[alg].driver_name);
2770 goto fail1;
2771 }
2772 t_alg->drvdata = drvdata;
2773 rc = crypto_register_aead(&t_alg->aead_alg);
2774 if (rc) {
2775 dev_err(dev, "%s alg registration failed\n",
2776 t_alg->aead_alg.base.cra_driver_name);
2777 goto fail2;
2778 } else {
2779 list_add_tail(&t_alg->entry, &aead_handle->aead_list);
2780 dev_dbg(dev, "Registered %s\n",
2781 t_alg->aead_alg.base.cra_driver_name);
2782 }
2783 }
2784
2785 return 0;
2786
2787 fail2:
2788 kfree(t_alg);
2789 fail1:
2790 cc_aead_free(drvdata);
2791 fail0:
2792 return rc;
2793 }
Linux with added FPC-III support