1cb849fc5SThomas Gleixner // SPDX-License-Identifier: GPL-2.0-only
29d12ba86SRob Rice /*
39d12ba86SRob Rice * Copyright 2016 Broadcom
49d12ba86SRob Rice */
59d12ba86SRob Rice
69d12ba86SRob Rice #include <linux/err.h>
79d12ba86SRob Rice #include <linux/module.h>
89d12ba86SRob Rice #include <linux/init.h>
99d12ba86SRob Rice #include <linux/errno.h>
109d12ba86SRob Rice #include <linux/kernel.h>
119d12ba86SRob Rice #include <linux/interrupt.h>
129d12ba86SRob Rice #include <linux/platform_device.h>
139d12ba86SRob Rice #include <linux/scatterlist.h>
149d12ba86SRob Rice #include <linux/crypto.h>
159d12ba86SRob Rice #include <linux/kthread.h>
169d12ba86SRob Rice #include <linux/rtnetlink.h>
179d12ba86SRob Rice #include <linux/sched.h>
18*b0cc7491SRob Herring #include <linux/of.h>
199d12ba86SRob Rice #include <linux/io.h>
209d12ba86SRob Rice #include <linux/bitops.h>
219d12ba86SRob Rice
229d12ba86SRob Rice #include <crypto/algapi.h>
239d12ba86SRob Rice #include <crypto/aead.h>
249d12ba86SRob Rice #include <crypto/internal/aead.h>
259d12ba86SRob Rice #include <crypto/aes.h>
2605a7238dSArd Biesheuvel #include <crypto/internal/des.h>
271126d47dSCorentin LABBE #include <crypto/hmac.h>
289d12ba86SRob Rice #include <crypto/md5.h>
299d12ba86SRob Rice #include <crypto/authenc.h>
309d12ba86SRob Rice #include <crypto/skcipher.h>
319d12ba86SRob Rice #include <crypto/hash.h>
32a24d22b2SEric Biggers #include <crypto/sha1.h>
33a24d22b2SEric Biggers #include <crypto/sha2.h>
349d12ba86SRob Rice #include <crypto/sha3.h>
359d12ba86SRob Rice
369d12ba86SRob Rice #include "util.h"
379d12ba86SRob Rice #include "cipher.h"
389d12ba86SRob Rice #include "spu.h"
399d12ba86SRob Rice #include "spum.h"
409d12ba86SRob Rice #include "spu2.h"
419d12ba86SRob Rice
429d12ba86SRob Rice /* ================= Device Structure ================== */
439d12ba86SRob Rice
44f7f2b43eSJiri Olsa struct bcm_device_private iproc_priv;
459d12ba86SRob Rice
469d12ba86SRob Rice /* ==================== Parameters ===================== */
479d12ba86SRob Rice
489d12ba86SRob Rice int flow_debug_logging;
499d12ba86SRob Rice module_param(flow_debug_logging, int, 0644);
509d12ba86SRob Rice MODULE_PARM_DESC(flow_debug_logging, "Enable Flow Debug Logging");
519d12ba86SRob Rice
529d12ba86SRob Rice int packet_debug_logging;
539d12ba86SRob Rice module_param(packet_debug_logging, int, 0644);
549d12ba86SRob Rice MODULE_PARM_DESC(packet_debug_logging, "Enable Packet Debug Logging");
559d12ba86SRob Rice
569d12ba86SRob Rice int debug_logging_sleep;
579d12ba86SRob Rice module_param(debug_logging_sleep, int, 0644);
589d12ba86SRob Rice MODULE_PARM_DESC(debug_logging_sleep, "Packet Debug Logging Sleep");
599d12ba86SRob Rice
609d12ba86SRob Rice /*
619d12ba86SRob Rice * The value of these module parameters is used to set the priority for each
629d12ba86SRob Rice * algo type when this driver registers algos with the kernel crypto API.
639d12ba86SRob Rice * To use a priority other than the default, set the priority in the insmod or
649d12ba86SRob Rice * modprobe. Changing the module priority after init time has no effect.
659d12ba86SRob Rice *
669d12ba86SRob Rice * The default priorities are chosen to be lower (less preferred) than ARMv8 CE
679d12ba86SRob Rice * algos, but more preferred than generic software algos.
689d12ba86SRob Rice */
699d12ba86SRob Rice static int cipher_pri = 150;
709d12ba86SRob Rice module_param(cipher_pri, int, 0644);
719d12ba86SRob Rice MODULE_PARM_DESC(cipher_pri, "Priority for cipher algos");
729d12ba86SRob Rice
739d12ba86SRob Rice static int hash_pri = 100;
749d12ba86SRob Rice module_param(hash_pri, int, 0644);
759d12ba86SRob Rice MODULE_PARM_DESC(hash_pri, "Priority for hash algos");
769d12ba86SRob Rice
779d12ba86SRob Rice static int aead_pri = 150;
789d12ba86SRob Rice module_param(aead_pri, int, 0644);
799d12ba86SRob Rice MODULE_PARM_DESC(aead_pri, "Priority for AEAD algos");
809d12ba86SRob Rice
819d12ba86SRob Rice /* A type 3 BCM header, expected to precede the SPU header for SPU-M.
829d12ba86SRob Rice * Bits 3 and 4 in the first byte encode the channel number (the dma ringset).
839d12ba86SRob Rice * 0x60 - ring 0
849d12ba86SRob Rice * 0x68 - ring 1
859d12ba86SRob Rice * 0x70 - ring 2
869d12ba86SRob Rice * 0x78 - ring 3
879d12ba86SRob Rice */
88dd508618SYueHaibing static char BCMHEADER[] = { 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28 };
899d12ba86SRob Rice /*
909d12ba86SRob Rice * Some SPU hw does not use BCM header on SPU messages. So BCM_HDR_LEN
919d12ba86SRob Rice * is set dynamically after reading SPU type from device tree.
929d12ba86SRob Rice */
939d12ba86SRob Rice #define BCM_HDR_LEN iproc_priv.bcm_hdr_len
949d12ba86SRob Rice
959d12ba86SRob Rice /* min and max time to sleep before retrying when mbox queue is full. usec */
969d12ba86SRob Rice #define MBOX_SLEEP_MIN 800
979d12ba86SRob Rice #define MBOX_SLEEP_MAX 1000
989d12ba86SRob Rice
999d12ba86SRob Rice /**
1009d12ba86SRob Rice * select_channel() - Select a SPU channel to handle a crypto request. Selects
1019d12ba86SRob Rice * channel in round robin order.
1029d12ba86SRob Rice *
1039d12ba86SRob Rice * Return: channel index
1049d12ba86SRob Rice */
select_channel(void)1059d12ba86SRob Rice static u8 select_channel(void)
1069d12ba86SRob Rice {
1079d12ba86SRob Rice u8 chan_idx = atomic_inc_return(&iproc_priv.next_chan);
1089d12ba86SRob Rice
1099166c443Sraveendra padasalagi return chan_idx % iproc_priv.spu.num_chan;
1109d12ba86SRob Rice }
1119d12ba86SRob Rice
1129d12ba86SRob Rice /**
113a9c01cd6SArd Biesheuvel * spu_skcipher_rx_sg_create() - Build up the scatterlist of buffers used to
114a9c01cd6SArd Biesheuvel * receive a SPU response message for an skcipher request. Includes buffers to
1159d12ba86SRob Rice * catch SPU message headers and the response data.
1169d12ba86SRob Rice * @mssg: mailbox message containing the receive sg
1179d12ba86SRob Rice * @rctx: crypto request context
1189d12ba86SRob Rice * @rx_frag_num: number of scatterlist elements required to hold the
1199d12ba86SRob Rice * SPU response message
1209d12ba86SRob Rice * @chunksize: Number of bytes of response data expected
1219d12ba86SRob Rice * @stat_pad_len: Number of bytes required to pad the STAT field to
1229d12ba86SRob Rice * a 4-byte boundary
1239d12ba86SRob Rice *
1249d12ba86SRob Rice * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
1259d12ba86SRob Rice * when the request completes, whether the request is handled successfully or
1269d12ba86SRob Rice * there is an error.
1279d12ba86SRob Rice *
1289d12ba86SRob Rice * Returns:
1299d12ba86SRob Rice * 0 if successful
1309d12ba86SRob Rice * < 0 if an error
1319d12ba86SRob Rice */
1329d12ba86SRob Rice static int
spu_skcipher_rx_sg_create(struct brcm_message * mssg,struct iproc_reqctx_s * rctx,u8 rx_frag_num,unsigned int chunksize,u32 stat_pad_len)133a9c01cd6SArd Biesheuvel spu_skcipher_rx_sg_create(struct brcm_message *mssg,
1349d12ba86SRob Rice struct iproc_reqctx_s *rctx,
1359d12ba86SRob Rice u8 rx_frag_num,
1369d12ba86SRob Rice unsigned int chunksize, u32 stat_pad_len)
1379d12ba86SRob Rice {
1389d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
1399d12ba86SRob Rice struct scatterlist *sg; /* used to build sgs in mbox message */
1409d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
1419d12ba86SRob Rice u32 datalen; /* Number of bytes of response data expected */
1429d12ba86SRob Rice
1439d12ba86SRob Rice mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
1449d12ba86SRob Rice rctx->gfp);
1459d12ba86SRob Rice if (!mssg->spu.dst)
1469d12ba86SRob Rice return -ENOMEM;
1479d12ba86SRob Rice
1489d12ba86SRob Rice sg = mssg->spu.dst;
1499d12ba86SRob Rice sg_init_table(sg, rx_frag_num);
1509d12ba86SRob Rice /* Space for SPU message header */
1519d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
1529d12ba86SRob Rice
1539d12ba86SRob Rice /* If XTS tweak in payload, add buffer to receive encrypted tweak */
1549d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
1559d12ba86SRob Rice spu->spu_xts_tweak_in_payload())
1569d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.c.supdt_tweak,
1579d12ba86SRob Rice SPU_XTS_TWEAK_SIZE);
1589d12ba86SRob Rice
1599d12ba86SRob Rice /* Copy in each dst sg entry from request, up to chunksize */
1609d12ba86SRob Rice datalen = spu_msg_sg_add(&sg, &rctx->dst_sg, &rctx->dst_skip,
1619d12ba86SRob Rice rctx->dst_nents, chunksize);
1629d12ba86SRob Rice if (datalen < chunksize) {
1639d12ba86SRob Rice pr_err("%s(): failed to copy dst sg to mbox msg. chunksize %u, datalen %u",
1649d12ba86SRob Rice __func__, chunksize, datalen);
1659d12ba86SRob Rice return -EFAULT;
1669d12ba86SRob Rice }
1679d12ba86SRob Rice
1689d12ba86SRob Rice if (stat_pad_len)
1699d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
1709d12ba86SRob Rice
1719d12ba86SRob Rice memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
1729d12ba86SRob Rice sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
1739d12ba86SRob Rice
1749d12ba86SRob Rice return 0;
1759d12ba86SRob Rice }
1769d12ba86SRob Rice
1779d12ba86SRob Rice /**
178a9c01cd6SArd Biesheuvel * spu_skcipher_tx_sg_create() - Build up the scatterlist of buffers used to
179a9c01cd6SArd Biesheuvel * send a SPU request message for an skcipher request. Includes SPU message
1809d12ba86SRob Rice * headers and the request data.
1819d12ba86SRob Rice * @mssg: mailbox message containing the transmit sg
1829d12ba86SRob Rice * @rctx: crypto request context
1839d12ba86SRob Rice * @tx_frag_num: number of scatterlist elements required to construct the
1849d12ba86SRob Rice * SPU request message
1859d12ba86SRob Rice * @chunksize: Number of bytes of request data
1869d12ba86SRob Rice * @pad_len: Number of pad bytes
1879d12ba86SRob Rice *
1889d12ba86SRob Rice * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
1899d12ba86SRob Rice * when the request completes, whether the request is handled successfully or
1909d12ba86SRob Rice * there is an error.
1919d12ba86SRob Rice *
1929d12ba86SRob Rice * Returns:
1939d12ba86SRob Rice * 0 if successful
1949d12ba86SRob Rice * < 0 if an error
1959d12ba86SRob Rice */
1969d12ba86SRob Rice static int
spu_skcipher_tx_sg_create(struct brcm_message * mssg,struct iproc_reqctx_s * rctx,u8 tx_frag_num,unsigned int chunksize,u32 pad_len)197a9c01cd6SArd Biesheuvel spu_skcipher_tx_sg_create(struct brcm_message *mssg,
1989d12ba86SRob Rice struct iproc_reqctx_s *rctx,
1999d12ba86SRob Rice u8 tx_frag_num, unsigned int chunksize, u32 pad_len)
2009d12ba86SRob Rice {
2019d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
2029d12ba86SRob Rice struct scatterlist *sg; /* used to build sgs in mbox message */
2039d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
2049d12ba86SRob Rice u32 datalen; /* Number of bytes of response data expected */
2059d12ba86SRob Rice u32 stat_len;
2069d12ba86SRob Rice
2079d12ba86SRob Rice mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
2089d12ba86SRob Rice rctx->gfp);
2099d12ba86SRob Rice if (unlikely(!mssg->spu.src))
2109d12ba86SRob Rice return -ENOMEM;
2119d12ba86SRob Rice
2129d12ba86SRob Rice sg = mssg->spu.src;
2139d12ba86SRob Rice sg_init_table(sg, tx_frag_num);
2149d12ba86SRob Rice
2159d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
2169d12ba86SRob Rice BCM_HDR_LEN + ctx->spu_req_hdr_len);
2179d12ba86SRob Rice
2189d12ba86SRob Rice /* if XTS tweak in payload, copy from IV (where crypto API puts it) */
2199d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
2209d12ba86SRob Rice spu->spu_xts_tweak_in_payload())
2219d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.iv_ctr, SPU_XTS_TWEAK_SIZE);
2229d12ba86SRob Rice
2239d12ba86SRob Rice /* Copy in each src sg entry from request, up to chunksize */
2249d12ba86SRob Rice datalen = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
2259d12ba86SRob Rice rctx->src_nents, chunksize);
2269d12ba86SRob Rice if (unlikely(datalen < chunksize)) {
2279d12ba86SRob Rice pr_err("%s(): failed to copy src sg to mbox msg",
2289d12ba86SRob Rice __func__);
2299d12ba86SRob Rice return -EFAULT;
2309d12ba86SRob Rice }
2319d12ba86SRob Rice
2329d12ba86SRob Rice if (pad_len)
2339d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
2349d12ba86SRob Rice
2359d12ba86SRob Rice stat_len = spu->spu_tx_status_len();
2369d12ba86SRob Rice if (stat_len) {
2379d12ba86SRob Rice memset(rctx->msg_buf.tx_stat, 0, stat_len);
2389d12ba86SRob Rice sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
2399d12ba86SRob Rice }
2409d12ba86SRob Rice return 0;
2419d12ba86SRob Rice }
2429d12ba86SRob Rice
mailbox_send_message(struct brcm_message * mssg,u32 flags,u8 chan_idx)243f0e2ce58Sraveendra padasalagi static int mailbox_send_message(struct brcm_message *mssg, u32 flags,
244f0e2ce58Sraveendra padasalagi u8 chan_idx)
245f0e2ce58Sraveendra padasalagi {
246f0e2ce58Sraveendra padasalagi int err;
247f0e2ce58Sraveendra padasalagi int retry_cnt = 0;
248f0e2ce58Sraveendra padasalagi struct device *dev = &(iproc_priv.pdev->dev);
249f0e2ce58Sraveendra padasalagi
250f0e2ce58Sraveendra padasalagi err = mbox_send_message(iproc_priv.mbox[chan_idx], mssg);
251f0e2ce58Sraveendra padasalagi if (flags & CRYPTO_TFM_REQ_MAY_SLEEP) {
252f0e2ce58Sraveendra padasalagi while ((err == -ENOBUFS) && (retry_cnt < SPU_MB_RETRY_MAX)) {
253f0e2ce58Sraveendra padasalagi /*
254f0e2ce58Sraveendra padasalagi * Mailbox queue is full. Since MAY_SLEEP is set, assume
255f0e2ce58Sraveendra padasalagi * not in atomic context and we can wait and try again.
256f0e2ce58Sraveendra padasalagi */
257f0e2ce58Sraveendra padasalagi retry_cnt++;
258f0e2ce58Sraveendra padasalagi usleep_range(MBOX_SLEEP_MIN, MBOX_SLEEP_MAX);
259f0e2ce58Sraveendra padasalagi err = mbox_send_message(iproc_priv.mbox[chan_idx],
260f0e2ce58Sraveendra padasalagi mssg);
261f0e2ce58Sraveendra padasalagi atomic_inc(&iproc_priv.mb_no_spc);
262f0e2ce58Sraveendra padasalagi }
263f0e2ce58Sraveendra padasalagi }
264f0e2ce58Sraveendra padasalagi if (err < 0) {
265f0e2ce58Sraveendra padasalagi atomic_inc(&iproc_priv.mb_send_fail);
266f0e2ce58Sraveendra padasalagi return err;
267f0e2ce58Sraveendra padasalagi }
268f0e2ce58Sraveendra padasalagi
269f0e2ce58Sraveendra padasalagi /* Check error returned by mailbox controller */
270f0e2ce58Sraveendra padasalagi err = mssg->error;
271f0e2ce58Sraveendra padasalagi if (unlikely(err < 0)) {
272f0e2ce58Sraveendra padasalagi dev_err(dev, "message error %d", err);
273f0e2ce58Sraveendra padasalagi /* Signal txdone for mailbox channel */
274f0e2ce58Sraveendra padasalagi }
275f0e2ce58Sraveendra padasalagi
276f0e2ce58Sraveendra padasalagi /* Signal txdone for mailbox channel */
277f0e2ce58Sraveendra padasalagi mbox_client_txdone(iproc_priv.mbox[chan_idx], err);
278f0e2ce58Sraveendra padasalagi return err;
279f0e2ce58Sraveendra padasalagi }
280f0e2ce58Sraveendra padasalagi
2819d12ba86SRob Rice /**
282a9c01cd6SArd Biesheuvel * handle_skcipher_req() - Submit as much of a block cipher request as fits in
2839d12ba86SRob Rice * a single SPU request message, starting at the current position in the request
2849d12ba86SRob Rice * data.
2859d12ba86SRob Rice * @rctx: Crypto request context
2869d12ba86SRob Rice *
2879d12ba86SRob Rice * This may be called on the crypto API thread, or, when a request is so large
2889d12ba86SRob Rice * it must be broken into multiple SPU messages, on the thread used to invoke
2899d12ba86SRob Rice * the response callback. When requests are broken into multiple SPU
2909d12ba86SRob Rice * messages, we assume subsequent messages depend on previous results, and
2919d12ba86SRob Rice * thus always wait for previous results before submitting the next message.
2929d12ba86SRob Rice * Because requests are submitted in lock step like this, there is no need
2939d12ba86SRob Rice * to synchronize access to request data structures.
2949d12ba86SRob Rice *
2959d12ba86SRob Rice * Return: -EINPROGRESS: request has been accepted and result will be returned
2969d12ba86SRob Rice * asynchronously
2979d12ba86SRob Rice * Any other value indicates an error
2989d12ba86SRob Rice */
handle_skcipher_req(struct iproc_reqctx_s * rctx)299a9c01cd6SArd Biesheuvel static int handle_skcipher_req(struct iproc_reqctx_s *rctx)
3009d12ba86SRob Rice {
3019d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
3029d12ba86SRob Rice struct crypto_async_request *areq = rctx->parent;
303a9c01cd6SArd Biesheuvel struct skcipher_request *req =
304a9c01cd6SArd Biesheuvel container_of(areq, struct skcipher_request, base);
3059d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
3069d12ba86SRob Rice struct spu_cipher_parms cipher_parms;
30712b3cf90STang Bin int err;
30812b3cf90STang Bin unsigned int chunksize; /* Num bytes of request to submit */
30912b3cf90STang Bin int remaining; /* Bytes of request still to process */
3109d12ba86SRob Rice int chunk_start; /* Beginning of data for current SPU msg */
3119d12ba86SRob Rice
3129d12ba86SRob Rice /* IV or ctr value to use in this SPU msg */
3139d12ba86SRob Rice u8 local_iv_ctr[MAX_IV_SIZE];
3149d12ba86SRob Rice u32 stat_pad_len; /* num bytes to align status field */
3159d12ba86SRob Rice u32 pad_len; /* total length of all padding */
3169d12ba86SRob Rice struct brcm_message *mssg; /* mailbox message */
3179d12ba86SRob Rice
3189d12ba86SRob Rice /* number of entries in src and dst sg in mailbox message. */
3199d12ba86SRob Rice u8 rx_frag_num = 2; /* response header and STATUS */
3209d12ba86SRob Rice u8 tx_frag_num = 1; /* request header */
3219d12ba86SRob Rice
3229d12ba86SRob Rice flow_log("%s\n", __func__);
3239d12ba86SRob Rice
3249d12ba86SRob Rice cipher_parms.alg = ctx->cipher.alg;
3259d12ba86SRob Rice cipher_parms.mode = ctx->cipher.mode;
3269d12ba86SRob Rice cipher_parms.type = ctx->cipher_type;
3279d12ba86SRob Rice cipher_parms.key_len = ctx->enckeylen;
3289d12ba86SRob Rice cipher_parms.key_buf = ctx->enckey;
3299d12ba86SRob Rice cipher_parms.iv_buf = local_iv_ctr;
3309d12ba86SRob Rice cipher_parms.iv_len = rctx->iv_ctr_len;
3319d12ba86SRob Rice
3329d12ba86SRob Rice mssg = &rctx->mb_mssg;
3339d12ba86SRob Rice chunk_start = rctx->src_sent;
3349d12ba86SRob Rice remaining = rctx->total_todo - chunk_start;
3359d12ba86SRob Rice
3369d12ba86SRob Rice /* determine the chunk we are breaking off and update the indexes */
3379d12ba86SRob Rice if ((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
3389d12ba86SRob Rice (remaining > ctx->max_payload))
3399d12ba86SRob Rice chunksize = ctx->max_payload;
3409d12ba86SRob Rice else
3419d12ba86SRob Rice chunksize = remaining;
3429d12ba86SRob Rice
3439d12ba86SRob Rice rctx->src_sent += chunksize;
3449d12ba86SRob Rice rctx->total_sent = rctx->src_sent;
3459d12ba86SRob Rice
3469d12ba86SRob Rice /* Count number of sg entries to be included in this request */
3479d12ba86SRob Rice rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip, chunksize);
3489d12ba86SRob Rice rctx->dst_nents = spu_sg_count(rctx->dst_sg, rctx->dst_skip, chunksize);
3499d12ba86SRob Rice
3509d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_CBC) &&
3519d12ba86SRob Rice rctx->is_encrypt && chunk_start)
3529d12ba86SRob Rice /*
3539d12ba86SRob Rice * Encrypting non-first first chunk. Copy last block of
3549d12ba86SRob Rice * previous result to IV for this chunk.
3559d12ba86SRob Rice */
3569d12ba86SRob Rice sg_copy_part_to_buf(req->dst, rctx->msg_buf.iv_ctr,
3579d12ba86SRob Rice rctx->iv_ctr_len,
3589d12ba86SRob Rice chunk_start - rctx->iv_ctr_len);
3599d12ba86SRob Rice
3609d12ba86SRob Rice if (rctx->iv_ctr_len) {
3619d12ba86SRob Rice /* get our local copy of the iv */
3629d12ba86SRob Rice __builtin_memcpy(local_iv_ctr, rctx->msg_buf.iv_ctr,
3639d12ba86SRob Rice rctx->iv_ctr_len);
3649d12ba86SRob Rice
3659d12ba86SRob Rice /* generate the next IV if possible */
3669d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_CBC) &&
3679d12ba86SRob Rice !rctx->is_encrypt) {
3689d12ba86SRob Rice /*
3699d12ba86SRob Rice * CBC Decrypt: next IV is the last ciphertext block in
3709d12ba86SRob Rice * this chunk
3719d12ba86SRob Rice */
3729d12ba86SRob Rice sg_copy_part_to_buf(req->src, rctx->msg_buf.iv_ctr,
3739d12ba86SRob Rice rctx->iv_ctr_len,
3749d12ba86SRob Rice rctx->src_sent - rctx->iv_ctr_len);
3759d12ba86SRob Rice } else if (ctx->cipher.mode == CIPHER_MODE_CTR) {
3769d12ba86SRob Rice /*
3779d12ba86SRob Rice * The SPU hardware increments the counter once for
3789d12ba86SRob Rice * each AES block of 16 bytes. So update the counter
3799d12ba86SRob Rice * for the next chunk, if there is one. Note that for
3809d12ba86SRob Rice * this chunk, the counter has already been copied to
3819d12ba86SRob Rice * local_iv_ctr. We can assume a block size of 16,
3829d12ba86SRob Rice * because we only support CTR mode for AES, not for
3839d12ba86SRob Rice * any other cipher alg.
3849d12ba86SRob Rice */
3859d12ba86SRob Rice add_to_ctr(rctx->msg_buf.iv_ctr, chunksize >> 4);
3869d12ba86SRob Rice }
3879d12ba86SRob Rice }
3889d12ba86SRob Rice
3899d12ba86SRob Rice if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
3909d12ba86SRob Rice flow_log("max_payload infinite\n");
3919d12ba86SRob Rice else
3929d12ba86SRob Rice flow_log("max_payload %u\n", ctx->max_payload);
3939d12ba86SRob Rice
3949d12ba86SRob Rice flow_log("sent:%u start:%u remains:%u size:%u\n",
3959d12ba86SRob Rice rctx->src_sent, chunk_start, remaining, chunksize);
3969d12ba86SRob Rice
3979d12ba86SRob Rice /* Copy SPU header template created at setkey time */
3989d12ba86SRob Rice memcpy(rctx->msg_buf.bcm_spu_req_hdr, ctx->bcm_spu_req_hdr,
3999d12ba86SRob Rice sizeof(rctx->msg_buf.bcm_spu_req_hdr));
4009d12ba86SRob Rice
4019d12ba86SRob Rice spu->spu_cipher_req_finish(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
4029d12ba86SRob Rice ctx->spu_req_hdr_len, !(rctx->is_encrypt),
4031dbab6b1SArd Biesheuvel &cipher_parms, chunksize);
4049d12ba86SRob Rice
4059d12ba86SRob Rice atomic64_add(chunksize, &iproc_priv.bytes_out);
4069d12ba86SRob Rice
4079d12ba86SRob Rice stat_pad_len = spu->spu_wordalign_padlen(chunksize);
4089d12ba86SRob Rice if (stat_pad_len)
4099d12ba86SRob Rice rx_frag_num++;
4109d12ba86SRob Rice pad_len = stat_pad_len;
4119d12ba86SRob Rice if (pad_len) {
4129d12ba86SRob Rice tx_frag_num++;
4139d12ba86SRob Rice spu->spu_request_pad(rctx->msg_buf.spu_req_pad, 0,
4149d12ba86SRob Rice 0, ctx->auth.alg, ctx->auth.mode,
4159d12ba86SRob Rice rctx->total_sent, stat_pad_len);
4169d12ba86SRob Rice }
4179d12ba86SRob Rice
4189d12ba86SRob Rice spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
4199d12ba86SRob Rice ctx->spu_req_hdr_len);
4209d12ba86SRob Rice packet_log("payload:\n");
4219d12ba86SRob Rice dump_sg(rctx->src_sg, rctx->src_skip, chunksize);
4229d12ba86SRob Rice packet_dump(" pad: ", rctx->msg_buf.spu_req_pad, pad_len);
4239d12ba86SRob Rice
4249d12ba86SRob Rice /*
4259d12ba86SRob Rice * Build mailbox message containing SPU request msg and rx buffers
4269d12ba86SRob Rice * to catch response message
4279d12ba86SRob Rice */
4289d12ba86SRob Rice memset(mssg, 0, sizeof(*mssg));
4299d12ba86SRob Rice mssg->type = BRCM_MESSAGE_SPU;
4309d12ba86SRob Rice mssg->ctx = rctx; /* Will be returned in response */
4319d12ba86SRob Rice
4329d12ba86SRob Rice /* Create rx scatterlist to catch result */
4339d12ba86SRob Rice rx_frag_num += rctx->dst_nents;
4349d12ba86SRob Rice
4359d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
4369d12ba86SRob Rice spu->spu_xts_tweak_in_payload())
4379d12ba86SRob Rice rx_frag_num++; /* extra sg to insert tweak */
4389d12ba86SRob Rice
439a9c01cd6SArd Biesheuvel err = spu_skcipher_rx_sg_create(mssg, rctx, rx_frag_num, chunksize,
4409d12ba86SRob Rice stat_pad_len);
4419d12ba86SRob Rice if (err)
4429d12ba86SRob Rice return err;
4439d12ba86SRob Rice
4449d12ba86SRob Rice /* Create tx scatterlist containing SPU request message */
4459d12ba86SRob Rice tx_frag_num += rctx->src_nents;
4469d12ba86SRob Rice if (spu->spu_tx_status_len())
4479d12ba86SRob Rice tx_frag_num++;
4489d12ba86SRob Rice
4499d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
4509d12ba86SRob Rice spu->spu_xts_tweak_in_payload())
4519d12ba86SRob Rice tx_frag_num++; /* extra sg to insert tweak */
4529d12ba86SRob Rice
453a9c01cd6SArd Biesheuvel err = spu_skcipher_tx_sg_create(mssg, rctx, tx_frag_num, chunksize,
4549d12ba86SRob Rice pad_len);
4559d12ba86SRob Rice if (err)
4569d12ba86SRob Rice return err;
4579d12ba86SRob Rice
458f0e2ce58Sraveendra padasalagi err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
459f0e2ce58Sraveendra padasalagi if (unlikely(err < 0))
4609d12ba86SRob Rice return err;
4619d12ba86SRob Rice
4629d12ba86SRob Rice return -EINPROGRESS;
4639d12ba86SRob Rice }
4649d12ba86SRob Rice
4659d12ba86SRob Rice /**
466a9c01cd6SArd Biesheuvel * handle_skcipher_resp() - Process a block cipher SPU response. Updates the
4679d12ba86SRob Rice * total received count for the request and updates global stats.
4689d12ba86SRob Rice * @rctx: Crypto request context
4699d12ba86SRob Rice */
handle_skcipher_resp(struct iproc_reqctx_s * rctx)470a9c01cd6SArd Biesheuvel static void handle_skcipher_resp(struct iproc_reqctx_s *rctx)
4719d12ba86SRob Rice {
4729d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
4739d12ba86SRob Rice struct crypto_async_request *areq = rctx->parent;
474a9c01cd6SArd Biesheuvel struct skcipher_request *req = skcipher_request_cast(areq);
4759d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
4769d12ba86SRob Rice u32 payload_len;
4779d12ba86SRob Rice
4789d12ba86SRob Rice /* See how much data was returned */
4799d12ba86SRob Rice payload_len = spu->spu_payload_length(rctx->msg_buf.spu_resp_hdr);
4809d12ba86SRob Rice
4819d12ba86SRob Rice /*
4829d12ba86SRob Rice * In XTS mode, the first SPU_XTS_TWEAK_SIZE bytes may be the
4839d12ba86SRob Rice * encrypted tweak ("i") value; we don't count those.
4849d12ba86SRob Rice */
4859d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
4869d12ba86SRob Rice spu->spu_xts_tweak_in_payload() &&
4879d12ba86SRob Rice (payload_len >= SPU_XTS_TWEAK_SIZE))
4889d12ba86SRob Rice payload_len -= SPU_XTS_TWEAK_SIZE;
4899d12ba86SRob Rice
4909d12ba86SRob Rice atomic64_add(payload_len, &iproc_priv.bytes_in);
4919d12ba86SRob Rice
4929d12ba86SRob Rice flow_log("%s() offset: %u, bd_len: %u BD:\n",
4939d12ba86SRob Rice __func__, rctx->total_received, payload_len);
4949d12ba86SRob Rice
4959d12ba86SRob Rice dump_sg(req->dst, rctx->total_received, payload_len);
4969d12ba86SRob Rice
4979d12ba86SRob Rice rctx->total_received += payload_len;
4989d12ba86SRob Rice if (rctx->total_received == rctx->total_todo) {
4999d12ba86SRob Rice atomic_inc(&iproc_priv.op_counts[SPU_OP_CIPHER]);
5009d12ba86SRob Rice atomic_inc(
5019d12ba86SRob Rice &iproc_priv.cipher_cnt[ctx->cipher.alg][ctx->cipher.mode]);
5029d12ba86SRob Rice }
5039d12ba86SRob Rice }
5049d12ba86SRob Rice
5059d12ba86SRob Rice /**
5069d12ba86SRob Rice * spu_ahash_rx_sg_create() - Build up the scatterlist of buffers used to
5079d12ba86SRob Rice * receive a SPU response message for an ahash request.
5089d12ba86SRob Rice * @mssg: mailbox message containing the receive sg
5099d12ba86SRob Rice * @rctx: crypto request context
5109d12ba86SRob Rice * @rx_frag_num: number of scatterlist elements required to hold the
5119d12ba86SRob Rice * SPU response message
5129d12ba86SRob Rice * @digestsize: length of hash digest, in bytes
5139d12ba86SRob Rice * @stat_pad_len: Number of bytes required to pad the STAT field to
5149d12ba86SRob Rice * a 4-byte boundary
5159d12ba86SRob Rice *
5169d12ba86SRob Rice * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
5179d12ba86SRob Rice * when the request completes, whether the request is handled successfully or
5189d12ba86SRob Rice * there is an error.
5199d12ba86SRob Rice *
5209d12ba86SRob Rice * Return:
5219d12ba86SRob Rice * 0 if successful
5229d12ba86SRob Rice * < 0 if an error
5239d12ba86SRob Rice */
5249d12ba86SRob Rice static int
spu_ahash_rx_sg_create(struct brcm_message * mssg,struct iproc_reqctx_s * rctx,u8 rx_frag_num,unsigned int digestsize,u32 stat_pad_len)5259d12ba86SRob Rice spu_ahash_rx_sg_create(struct brcm_message *mssg,
5269d12ba86SRob Rice struct iproc_reqctx_s *rctx,
5279d12ba86SRob Rice u8 rx_frag_num, unsigned int digestsize,
5289d12ba86SRob Rice u32 stat_pad_len)
5299d12ba86SRob Rice {
5309d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
5319d12ba86SRob Rice struct scatterlist *sg; /* used to build sgs in mbox message */
5329d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
5339d12ba86SRob Rice
5349d12ba86SRob Rice mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
5359d12ba86SRob Rice rctx->gfp);
5369d12ba86SRob Rice if (!mssg->spu.dst)
5379d12ba86SRob Rice return -ENOMEM;
5389d12ba86SRob Rice
5399d12ba86SRob Rice sg = mssg->spu.dst;
5409d12ba86SRob Rice sg_init_table(sg, rx_frag_num);
5419d12ba86SRob Rice /* Space for SPU message header */
5429d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
5439d12ba86SRob Rice
5449d12ba86SRob Rice /* Space for digest */
5459d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.digest, digestsize);
5469d12ba86SRob Rice
5479d12ba86SRob Rice if (stat_pad_len)
5489d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
5499d12ba86SRob Rice
5509d12ba86SRob Rice memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
5519d12ba86SRob Rice sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
5529d12ba86SRob Rice return 0;
5539d12ba86SRob Rice }
5549d12ba86SRob Rice
5559d12ba86SRob Rice /**
5569d12ba86SRob Rice * spu_ahash_tx_sg_create() - Build up the scatterlist of buffers used to send
5579d12ba86SRob Rice * a SPU request message for an ahash request. Includes SPU message headers and
5589d12ba86SRob Rice * the request data.
5599d12ba86SRob Rice * @mssg: mailbox message containing the transmit sg
5609d12ba86SRob Rice * @rctx: crypto request context
5619d12ba86SRob Rice * @tx_frag_num: number of scatterlist elements required to construct the
5629d12ba86SRob Rice * SPU request message
5639d12ba86SRob Rice * @spu_hdr_len: length in bytes of SPU message header
5649d12ba86SRob Rice * @hash_carry_len: Number of bytes of data carried over from previous req
5659d12ba86SRob Rice * @new_data_len: Number of bytes of new request data
5669d12ba86SRob Rice * @pad_len: Number of pad bytes
5679d12ba86SRob Rice *
5689d12ba86SRob Rice * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
5699d12ba86SRob Rice * when the request completes, whether the request is handled successfully or
5709d12ba86SRob Rice * there is an error.
5719d12ba86SRob Rice *
5729d12ba86SRob Rice * Return:
5739d12ba86SRob Rice * 0 if successful
5749d12ba86SRob Rice * < 0 if an error
5759d12ba86SRob Rice */
5769d12ba86SRob Rice static int
spu_ahash_tx_sg_create(struct brcm_message * mssg,struct iproc_reqctx_s * rctx,u8 tx_frag_num,u32 spu_hdr_len,unsigned int hash_carry_len,unsigned int new_data_len,u32 pad_len)5779d12ba86SRob Rice spu_ahash_tx_sg_create(struct brcm_message *mssg,
5789d12ba86SRob Rice struct iproc_reqctx_s *rctx,
5799d12ba86SRob Rice u8 tx_frag_num,
5809d12ba86SRob Rice u32 spu_hdr_len,
5819d12ba86SRob Rice unsigned int hash_carry_len,
5829d12ba86SRob Rice unsigned int new_data_len, u32 pad_len)
5839d12ba86SRob Rice {
5849d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
5859d12ba86SRob Rice struct scatterlist *sg; /* used to build sgs in mbox message */
5869d12ba86SRob Rice u32 datalen; /* Number of bytes of response data expected */
5879d12ba86SRob Rice u32 stat_len;
5889d12ba86SRob Rice
5899d12ba86SRob Rice mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
5909d12ba86SRob Rice rctx->gfp);
5919d12ba86SRob Rice if (!mssg->spu.src)
5929d12ba86SRob Rice return -ENOMEM;
5939d12ba86SRob Rice
5949d12ba86SRob Rice sg = mssg->spu.src;
5959d12ba86SRob Rice sg_init_table(sg, tx_frag_num);
5969d12ba86SRob Rice
5979d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
5989d12ba86SRob Rice BCM_HDR_LEN + spu_hdr_len);
5999d12ba86SRob Rice
6009d12ba86SRob Rice if (hash_carry_len)
6019d12ba86SRob Rice sg_set_buf(sg++, rctx->hash_carry, hash_carry_len);
6029d12ba86SRob Rice
6039d12ba86SRob Rice if (new_data_len) {
6049d12ba86SRob Rice /* Copy in each src sg entry from request, up to chunksize */
6059d12ba86SRob Rice datalen = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
6069d12ba86SRob Rice rctx->src_nents, new_data_len);
6079d12ba86SRob Rice if (datalen < new_data_len) {
6089d12ba86SRob Rice pr_err("%s(): failed to copy src sg to mbox msg",
6099d12ba86SRob Rice __func__);
6109d12ba86SRob Rice return -EFAULT;
6119d12ba86SRob Rice }
6129d12ba86SRob Rice }
6139d12ba86SRob Rice
6149d12ba86SRob Rice if (pad_len)
6159d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
6169d12ba86SRob Rice
6179d12ba86SRob Rice stat_len = spu->spu_tx_status_len();
6189d12ba86SRob Rice if (stat_len) {
6199d12ba86SRob Rice memset(rctx->msg_buf.tx_stat, 0, stat_len);
6209d12ba86SRob Rice sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
6219d12ba86SRob Rice }
6229d12ba86SRob Rice
6239d12ba86SRob Rice return 0;
6249d12ba86SRob Rice }
6259d12ba86SRob Rice
6269d12ba86SRob Rice /**
6279d12ba86SRob Rice * handle_ahash_req() - Process an asynchronous hash request from the crypto
6289d12ba86SRob Rice * API.
6299d12ba86SRob Rice * @rctx: Crypto request context
6309d12ba86SRob Rice *
6319d12ba86SRob Rice * Builds a SPU request message embedded in a mailbox message and submits the
6329d12ba86SRob Rice * mailbox message on a selected mailbox channel. The SPU request message is
6339d12ba86SRob Rice * constructed as a scatterlist, including entries from the crypto API's
6349d12ba86SRob Rice * src scatterlist to avoid copying the data to be hashed. This function is
6359d12ba86SRob Rice * called either on the thread from the crypto API, or, in the case that the
6369d12ba86SRob Rice * crypto API request is too large to fit in a single SPU request message,
6379d12ba86SRob Rice * on the thread that invokes the receive callback with a response message.
6389d12ba86SRob Rice * Because some operations require the response from one chunk before the next
6399d12ba86SRob Rice * chunk can be submitted, we always wait for the response for the previous
6409d12ba86SRob Rice * chunk before submitting the next chunk. Because requests are submitted in
6419d12ba86SRob Rice * lock step like this, there is no need to synchronize access to request data
6429d12ba86SRob Rice * structures.
6439d12ba86SRob Rice *
6449d12ba86SRob Rice * Return:
6459d12ba86SRob Rice * -EINPROGRESS: request has been submitted to SPU and response will be
6469d12ba86SRob Rice * returned asynchronously
6479d12ba86SRob Rice * -EAGAIN: non-final request included a small amount of data, which for
6489d12ba86SRob Rice * efficiency we did not submit to the SPU, but instead stored
6499d12ba86SRob Rice * to be submitted to the SPU with the next part of the request
6509d12ba86SRob Rice * other: an error code
6519d12ba86SRob Rice */
handle_ahash_req(struct iproc_reqctx_s * rctx)6529d12ba86SRob Rice static int handle_ahash_req(struct iproc_reqctx_s *rctx)
6539d12ba86SRob Rice {
6549d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
6559d12ba86SRob Rice struct crypto_async_request *areq = rctx->parent;
6569d12ba86SRob Rice struct ahash_request *req = ahash_request_cast(areq);
6579d12ba86SRob Rice struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
6589d12ba86SRob Rice struct crypto_tfm *tfm = crypto_ahash_tfm(ahash);
6599d12ba86SRob Rice unsigned int blocksize = crypto_tfm_alg_blocksize(tfm);
6609d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
6619d12ba86SRob Rice
6629d12ba86SRob Rice /* number of bytes still to be hashed in this req */
6639d12ba86SRob Rice unsigned int nbytes_to_hash = 0;
66412b3cf90STang Bin int err;
6659d12ba86SRob Rice unsigned int chunksize = 0; /* length of hash carry + new data */
6669d12ba86SRob Rice /*
6679d12ba86SRob Rice * length of new data, not from hash carry, to be submitted in
6689d12ba86SRob Rice * this hw request
6699d12ba86SRob Rice */
6709d12ba86SRob Rice unsigned int new_data_len;
6719d12ba86SRob Rice
672707d0cf8SYueHaibing unsigned int __maybe_unused chunk_start = 0;
6739d12ba86SRob Rice u32 db_size; /* Length of data field, incl gcm and hash padding */
6749d12ba86SRob Rice int pad_len = 0; /* total pad len, including gcm, hash, stat padding */
6759d12ba86SRob Rice u32 data_pad_len = 0; /* length of GCM/CCM padding */
6769d12ba86SRob Rice u32 stat_pad_len = 0; /* length of padding to align STATUS word */
6779d12ba86SRob Rice struct brcm_message *mssg; /* mailbox message */
6789d12ba86SRob Rice struct spu_request_opts req_opts;
6799d12ba86SRob Rice struct spu_cipher_parms cipher_parms;
6809d12ba86SRob Rice struct spu_hash_parms hash_parms;
6819d12ba86SRob Rice struct spu_aead_parms aead_parms;
6829d12ba86SRob Rice unsigned int local_nbuf;
6839d12ba86SRob Rice u32 spu_hdr_len;
6849d12ba86SRob Rice unsigned int digestsize;
6859d12ba86SRob Rice u16 rem = 0;
6869d12ba86SRob Rice
6879d12ba86SRob Rice /*
6889d12ba86SRob Rice * number of entries in src and dst sg. Always includes SPU msg header.
6899d12ba86SRob Rice * rx always includes a buffer to catch digest and STATUS.
6909d12ba86SRob Rice */
6919d12ba86SRob Rice u8 rx_frag_num = 3;
6929d12ba86SRob Rice u8 tx_frag_num = 1;
6939d12ba86SRob Rice
6949d12ba86SRob Rice flow_log("total_todo %u, total_sent %u\n",
6959d12ba86SRob Rice rctx->total_todo, rctx->total_sent);
6969d12ba86SRob Rice
6979d12ba86SRob Rice memset(&req_opts, 0, sizeof(req_opts));
6989d12ba86SRob Rice memset(&cipher_parms, 0, sizeof(cipher_parms));
6999d12ba86SRob Rice memset(&hash_parms, 0, sizeof(hash_parms));
7009d12ba86SRob Rice memset(&aead_parms, 0, sizeof(aead_parms));
7019d12ba86SRob Rice
7029d12ba86SRob Rice req_opts.bd_suppress = true;
7039d12ba86SRob Rice hash_parms.alg = ctx->auth.alg;
7049d12ba86SRob Rice hash_parms.mode = ctx->auth.mode;
7059d12ba86SRob Rice hash_parms.type = HASH_TYPE_NONE;
7069d12ba86SRob Rice hash_parms.key_buf = (u8 *)ctx->authkey;
7079d12ba86SRob Rice hash_parms.key_len = ctx->authkeylen;
7089d12ba86SRob Rice
7099d12ba86SRob Rice /*
7109d12ba86SRob Rice * For hash algorithms below assignment looks bit odd but
7119d12ba86SRob Rice * it's needed for AES-XCBC and AES-CMAC hash algorithms
7129d12ba86SRob Rice * to differentiate between 128, 192, 256 bit key values.
7139d12ba86SRob Rice * Based on the key values, hash algorithm is selected.
7149d12ba86SRob Rice * For example for 128 bit key, hash algorithm is AES-128.
7159d12ba86SRob Rice */
7169d12ba86SRob Rice cipher_parms.type = ctx->cipher_type;
7179d12ba86SRob Rice
7189d12ba86SRob Rice mssg = &rctx->mb_mssg;
7199d12ba86SRob Rice chunk_start = rctx->src_sent;
7209d12ba86SRob Rice
7219d12ba86SRob Rice /*
7229d12ba86SRob Rice * Compute the amount remaining to hash. This may include data
7239d12ba86SRob Rice * carried over from previous requests.
7249d12ba86SRob Rice */
7259d12ba86SRob Rice nbytes_to_hash = rctx->total_todo - rctx->total_sent;
7269d12ba86SRob Rice chunksize = nbytes_to_hash;
7279d12ba86SRob Rice if ((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
7289d12ba86SRob Rice (chunksize > ctx->max_payload))
7299d12ba86SRob Rice chunksize = ctx->max_payload;
7309d12ba86SRob Rice
7319d12ba86SRob Rice /*
7329d12ba86SRob Rice * If this is not a final request and the request data is not a multiple
7339d12ba86SRob Rice * of a full block, then simply park the extra data and prefix it to the
7349d12ba86SRob Rice * data for the next request.
7359d12ba86SRob Rice */
7369d12ba86SRob Rice if (!rctx->is_final) {
7379d12ba86SRob Rice u8 *dest = rctx->hash_carry + rctx->hash_carry_len;
7389d12ba86SRob Rice u16 new_len; /* len of data to add to hash carry */
7399d12ba86SRob Rice
7409d12ba86SRob Rice rem = chunksize % blocksize; /* remainder */
7419d12ba86SRob Rice if (rem) {
7429d12ba86SRob Rice /* chunksize not a multiple of blocksize */
7439d12ba86SRob Rice chunksize -= rem;
7449d12ba86SRob Rice if (chunksize == 0) {
7459d12ba86SRob Rice /* Don't have a full block to submit to hw */
7469d12ba86SRob Rice new_len = rem - rctx->hash_carry_len;
7479d12ba86SRob Rice sg_copy_part_to_buf(req->src, dest, new_len,
7489d12ba86SRob Rice rctx->src_sent);
7499d12ba86SRob Rice rctx->hash_carry_len = rem;
7509d12ba86SRob Rice flow_log("Exiting with hash carry len: %u\n",
7519d12ba86SRob Rice rctx->hash_carry_len);
7529d12ba86SRob Rice packet_dump(" buf: ",
7539d12ba86SRob Rice rctx->hash_carry,
7549d12ba86SRob Rice rctx->hash_carry_len);
7559d12ba86SRob Rice return -EAGAIN;
7569d12ba86SRob Rice }
7579d12ba86SRob Rice }
7589d12ba86SRob Rice }
7599d12ba86SRob Rice
7609d12ba86SRob Rice /* if we have hash carry, then prefix it to the data in this request */
7619d12ba86SRob Rice local_nbuf = rctx->hash_carry_len;
7629d12ba86SRob Rice rctx->hash_carry_len = 0;
7639d12ba86SRob Rice if (local_nbuf)
7649d12ba86SRob Rice tx_frag_num++;
7659d12ba86SRob Rice new_data_len = chunksize - local_nbuf;
7669d12ba86SRob Rice
7679d12ba86SRob Rice /* Count number of sg entries to be used in this request */
7689d12ba86SRob Rice rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip,
7699d12ba86SRob Rice new_data_len);
7709d12ba86SRob Rice
7719d12ba86SRob Rice /* AES hashing keeps key size in type field, so need to copy it here */
7729d12ba86SRob Rice if (hash_parms.alg == HASH_ALG_AES)
773a2e5d408SStefan Agner hash_parms.type = (enum hash_type)cipher_parms.type;
7749d12ba86SRob Rice else
7759d12ba86SRob Rice hash_parms.type = spu->spu_hash_type(rctx->total_sent);
7769d12ba86SRob Rice
7779d12ba86SRob Rice digestsize = spu->spu_digest_size(ctx->digestsize, ctx->auth.alg,
7789d12ba86SRob Rice hash_parms.type);
7799d12ba86SRob Rice hash_parms.digestsize = digestsize;
7809d12ba86SRob Rice
7819d12ba86SRob Rice /* update the indexes */
7829d12ba86SRob Rice rctx->total_sent += chunksize;
7839d12ba86SRob Rice /* if you sent a prebuf then that wasn't from this req->src */
7849d12ba86SRob Rice rctx->src_sent += new_data_len;
7859d12ba86SRob Rice
7869d12ba86SRob Rice if ((rctx->total_sent == rctx->total_todo) && rctx->is_final)
7879d12ba86SRob Rice hash_parms.pad_len = spu->spu_hash_pad_len(hash_parms.alg,
7889d12ba86SRob Rice hash_parms.mode,
7899d12ba86SRob Rice chunksize,
7909d12ba86SRob Rice blocksize);
7919d12ba86SRob Rice
7929d12ba86SRob Rice /*
7939d12ba86SRob Rice * If a non-first chunk, then include the digest returned from the
7949d12ba86SRob Rice * previous chunk so that hw can add to it (except for AES types).
7959d12ba86SRob Rice */
7969d12ba86SRob Rice if ((hash_parms.type == HASH_TYPE_UPDT) &&
7979d12ba86SRob Rice (hash_parms.alg != HASH_ALG_AES)) {
7989d12ba86SRob Rice hash_parms.key_buf = rctx->incr_hash;
7999d12ba86SRob Rice hash_parms.key_len = digestsize;
8009d12ba86SRob Rice }
8019d12ba86SRob Rice
8029d12ba86SRob Rice atomic64_add(chunksize, &iproc_priv.bytes_out);
8039d12ba86SRob Rice
8049d12ba86SRob Rice flow_log("%s() final: %u nbuf: %u ",
8059d12ba86SRob Rice __func__, rctx->is_final, local_nbuf);
8069d12ba86SRob Rice
8079d12ba86SRob Rice if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
8089d12ba86SRob Rice flow_log("max_payload infinite\n");
8099d12ba86SRob Rice else
8109d12ba86SRob Rice flow_log("max_payload %u\n", ctx->max_payload);
8119d12ba86SRob Rice
8129d12ba86SRob Rice flow_log("chunk_start: %u chunk_size: %u\n", chunk_start, chunksize);
8139d12ba86SRob Rice
8149d12ba86SRob Rice /* Prepend SPU header with type 3 BCM header */
8159d12ba86SRob Rice memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
8169d12ba86SRob Rice
8179d12ba86SRob Rice hash_parms.prebuf_len = local_nbuf;
8189d12ba86SRob Rice spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
8199d12ba86SRob Rice BCM_HDR_LEN,
8209d12ba86SRob Rice &req_opts, &cipher_parms,
8219d12ba86SRob Rice &hash_parms, &aead_parms,
8229d12ba86SRob Rice new_data_len);
8239d12ba86SRob Rice
8249d12ba86SRob Rice if (spu_hdr_len == 0) {
8259d12ba86SRob Rice pr_err("Failed to create SPU request header\n");
8269d12ba86SRob Rice return -EFAULT;
8279d12ba86SRob Rice }
8289d12ba86SRob Rice
8299d12ba86SRob Rice /*
8309d12ba86SRob Rice * Determine total length of padding required. Put all padding in one
8319d12ba86SRob Rice * buffer.
8329d12ba86SRob Rice */
8339d12ba86SRob Rice data_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode, chunksize);
8349d12ba86SRob Rice db_size = spu_real_db_size(0, 0, local_nbuf, new_data_len,
8359d12ba86SRob Rice 0, 0, hash_parms.pad_len);
8369d12ba86SRob Rice if (spu->spu_tx_status_len())
8379d12ba86SRob Rice stat_pad_len = spu->spu_wordalign_padlen(db_size);
8389d12ba86SRob Rice if (stat_pad_len)
8399d12ba86SRob Rice rx_frag_num++;
8409d12ba86SRob Rice pad_len = hash_parms.pad_len + data_pad_len + stat_pad_len;
8419d12ba86SRob Rice if (pad_len) {
8429d12ba86SRob Rice tx_frag_num++;
8439d12ba86SRob Rice spu->spu_request_pad(rctx->msg_buf.spu_req_pad, data_pad_len,
8449d12ba86SRob Rice hash_parms.pad_len, ctx->auth.alg,
8459d12ba86SRob Rice ctx->auth.mode, rctx->total_sent,
8469d12ba86SRob Rice stat_pad_len);
8479d12ba86SRob Rice }
8489d12ba86SRob Rice
8499d12ba86SRob Rice spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
8509d12ba86SRob Rice spu_hdr_len);
8519d12ba86SRob Rice packet_dump(" prebuf: ", rctx->hash_carry, local_nbuf);
8529d12ba86SRob Rice flow_log("Data:\n");
8539d12ba86SRob Rice dump_sg(rctx->src_sg, rctx->src_skip, new_data_len);
8549d12ba86SRob Rice packet_dump(" pad: ", rctx->msg_buf.spu_req_pad, pad_len);
8559d12ba86SRob Rice
8569d12ba86SRob Rice /*
8579d12ba86SRob Rice * Build mailbox message containing SPU request msg and rx buffers
8589d12ba86SRob Rice * to catch response message
8599d12ba86SRob Rice */
8609d12ba86SRob Rice memset(mssg, 0, sizeof(*mssg));
8619d12ba86SRob Rice mssg->type = BRCM_MESSAGE_SPU;
8629d12ba86SRob Rice mssg->ctx = rctx; /* Will be returned in response */
8639d12ba86SRob Rice
8649d12ba86SRob Rice /* Create rx scatterlist to catch result */
8659d12ba86SRob Rice err = spu_ahash_rx_sg_create(mssg, rctx, rx_frag_num, digestsize,
8669d12ba86SRob Rice stat_pad_len);
8679d12ba86SRob Rice if (err)
8689d12ba86SRob Rice return err;
8699d12ba86SRob Rice
8709d12ba86SRob Rice /* Create tx scatterlist containing SPU request message */
8719d12ba86SRob Rice tx_frag_num += rctx->src_nents;
8729d12ba86SRob Rice if (spu->spu_tx_status_len())
8739d12ba86SRob Rice tx_frag_num++;
8749d12ba86SRob Rice err = spu_ahash_tx_sg_create(mssg, rctx, tx_frag_num, spu_hdr_len,
8759d12ba86SRob Rice local_nbuf, new_data_len, pad_len);
8769d12ba86SRob Rice if (err)
8779d12ba86SRob Rice return err;
8789d12ba86SRob Rice
879f0e2ce58Sraveendra padasalagi err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
880f0e2ce58Sraveendra padasalagi if (unlikely(err < 0))
8819d12ba86SRob Rice return err;
882f0e2ce58Sraveendra padasalagi
8839d12ba86SRob Rice return -EINPROGRESS;
8849d12ba86SRob Rice }
8859d12ba86SRob Rice
8869d12ba86SRob Rice /**
8879d12ba86SRob Rice * spu_hmac_outer_hash() - Request synchonous software compute of the outer hash
8889d12ba86SRob Rice * for an HMAC request.
8899d12ba86SRob Rice * @req: The HMAC request from the crypto API
8909d12ba86SRob Rice * @ctx: The session context
8919d12ba86SRob Rice *
8929d12ba86SRob Rice * Return: 0 if synchronous hash operation successful
8939d12ba86SRob Rice * -EINVAL if the hash algo is unrecognized
8949d12ba86SRob Rice * any other value indicates an error
8959d12ba86SRob Rice */
spu_hmac_outer_hash(struct ahash_request * req,struct iproc_ctx_s * ctx)8969d12ba86SRob Rice static int spu_hmac_outer_hash(struct ahash_request *req,
8979d12ba86SRob Rice struct iproc_ctx_s *ctx)
8989d12ba86SRob Rice {
8999d12ba86SRob Rice struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
9009d12ba86SRob Rice unsigned int blocksize =
9019d12ba86SRob Rice crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
9029d12ba86SRob Rice int rc;
9039d12ba86SRob Rice
9049d12ba86SRob Rice switch (ctx->auth.alg) {
9059d12ba86SRob Rice case HASH_ALG_MD5:
9069d12ba86SRob Rice rc = do_shash("md5", req->result, ctx->opad, blocksize,
9079d12ba86SRob Rice req->result, ctx->digestsize, NULL, 0);
9089d12ba86SRob Rice break;
9099d12ba86SRob Rice case HASH_ALG_SHA1:
9109d12ba86SRob Rice rc = do_shash("sha1", req->result, ctx->opad, blocksize,
9119d12ba86SRob Rice req->result, ctx->digestsize, NULL, 0);
9129d12ba86SRob Rice break;
9139d12ba86SRob Rice case HASH_ALG_SHA224:
9149d12ba86SRob Rice rc = do_shash("sha224", req->result, ctx->opad, blocksize,
9159d12ba86SRob Rice req->result, ctx->digestsize, NULL, 0);
9169d12ba86SRob Rice break;
9179d12ba86SRob Rice case HASH_ALG_SHA256:
9189d12ba86SRob Rice rc = do_shash("sha256", req->result, ctx->opad, blocksize,
9199d12ba86SRob Rice req->result, ctx->digestsize, NULL, 0);
9209d12ba86SRob Rice break;
9219d12ba86SRob Rice case HASH_ALG_SHA384:
9229d12ba86SRob Rice rc = do_shash("sha384", req->result, ctx->opad, blocksize,
9239d12ba86SRob Rice req->result, ctx->digestsize, NULL, 0);
9249d12ba86SRob Rice break;
9259d12ba86SRob Rice case HASH_ALG_SHA512:
9269d12ba86SRob Rice rc = do_shash("sha512", req->result, ctx->opad, blocksize,
9279d12ba86SRob Rice req->result, ctx->digestsize, NULL, 0);
9289d12ba86SRob Rice break;
9299d12ba86SRob Rice default:
9309d12ba86SRob Rice pr_err("%s() Error : unknown hmac type\n", __func__);
9319d12ba86SRob Rice rc = -EINVAL;
9329d12ba86SRob Rice }
9339d12ba86SRob Rice return rc;
9349d12ba86SRob Rice }
9359d12ba86SRob Rice
9369d12ba86SRob Rice /**
9379d12ba86SRob Rice * ahash_req_done() - Process a hash result from the SPU hardware.
9389d12ba86SRob Rice * @rctx: Crypto request context
9399d12ba86SRob Rice *
9409d12ba86SRob Rice * Return: 0 if successful
9419d12ba86SRob Rice * < 0 if an error
9429d12ba86SRob Rice */
ahash_req_done(struct iproc_reqctx_s * rctx)9439d12ba86SRob Rice static int ahash_req_done(struct iproc_reqctx_s *rctx)
9449d12ba86SRob Rice {
9459d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
9469d12ba86SRob Rice struct crypto_async_request *areq = rctx->parent;
9479d12ba86SRob Rice struct ahash_request *req = ahash_request_cast(areq);
9489d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
9499d12ba86SRob Rice int err;
9509d12ba86SRob Rice
9519d12ba86SRob Rice memcpy(req->result, rctx->msg_buf.digest, ctx->digestsize);
9529d12ba86SRob Rice
9539d12ba86SRob Rice if (spu->spu_type == SPU_TYPE_SPUM) {
9549d12ba86SRob Rice /* byte swap the output from the UPDT function to network byte
9559d12ba86SRob Rice * order
9569d12ba86SRob Rice */
9579d12ba86SRob Rice if (ctx->auth.alg == HASH_ALG_MD5) {
9589d12ba86SRob Rice __swab32s((u32 *)req->result);
9599d12ba86SRob Rice __swab32s(((u32 *)req->result) + 1);
9609d12ba86SRob Rice __swab32s(((u32 *)req->result) + 2);
9619d12ba86SRob Rice __swab32s(((u32 *)req->result) + 3);
9629d12ba86SRob Rice __swab32s(((u32 *)req->result) + 4);
9639d12ba86SRob Rice }
9649d12ba86SRob Rice }
9659d12ba86SRob Rice
9669d12ba86SRob Rice flow_dump(" digest ", req->result, ctx->digestsize);
9679d12ba86SRob Rice
9689d12ba86SRob Rice /* if this an HMAC then do the outer hash */
9699d12ba86SRob Rice if (rctx->is_sw_hmac) {
9709d12ba86SRob Rice err = spu_hmac_outer_hash(req, ctx);
9719d12ba86SRob Rice if (err < 0)
9729d12ba86SRob Rice return err;
9739d12ba86SRob Rice flow_dump(" hmac: ", req->result, ctx->digestsize);
9749d12ba86SRob Rice }
9759d12ba86SRob Rice
9769d12ba86SRob Rice if (rctx->is_sw_hmac || ctx->auth.mode == HASH_MODE_HMAC) {
9779d12ba86SRob Rice atomic_inc(&iproc_priv.op_counts[SPU_OP_HMAC]);
9789d12ba86SRob Rice atomic_inc(&iproc_priv.hmac_cnt[ctx->auth.alg]);
9799d12ba86SRob Rice } else {
9809d12ba86SRob Rice atomic_inc(&iproc_priv.op_counts[SPU_OP_HASH]);
9819d12ba86SRob Rice atomic_inc(&iproc_priv.hash_cnt[ctx->auth.alg]);
9829d12ba86SRob Rice }
9839d12ba86SRob Rice
9849d12ba86SRob Rice return 0;
9859d12ba86SRob Rice }
9869d12ba86SRob Rice
9879d12ba86SRob Rice /**
9889d12ba86SRob Rice * handle_ahash_resp() - Process a SPU response message for a hash request.
9899d12ba86SRob Rice * Checks if the entire crypto API request has been processed, and if so,
9909d12ba86SRob Rice * invokes post processing on the result.
9919d12ba86SRob Rice * @rctx: Crypto request context
9929d12ba86SRob Rice */
handle_ahash_resp(struct iproc_reqctx_s * rctx)9939d12ba86SRob Rice static void handle_ahash_resp(struct iproc_reqctx_s *rctx)
9949d12ba86SRob Rice {
9959d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
9969d12ba86SRob Rice struct crypto_async_request *areq = rctx->parent;
9979d12ba86SRob Rice struct ahash_request *req = ahash_request_cast(areq);
9989d12ba86SRob Rice struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
9999d12ba86SRob Rice unsigned int blocksize =
10009d12ba86SRob Rice crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
10019d12ba86SRob Rice /*
10029d12ba86SRob Rice * Save hash to use as input to next op if incremental. Might be copying
10039d12ba86SRob Rice * too much, but that's easier than figuring out actual digest size here
10049d12ba86SRob Rice */
10059d12ba86SRob Rice memcpy(rctx->incr_hash, rctx->msg_buf.digest, MAX_DIGEST_SIZE);
10069d12ba86SRob Rice
10079d12ba86SRob Rice flow_log("%s() blocksize:%u digestsize:%u\n",
10089d12ba86SRob Rice __func__, blocksize, ctx->digestsize);
10099d12ba86SRob Rice
10109d12ba86SRob Rice atomic64_add(ctx->digestsize, &iproc_priv.bytes_in);
10119d12ba86SRob Rice
10129d12ba86SRob Rice if (rctx->is_final && (rctx->total_sent == rctx->total_todo))
10139d12ba86SRob Rice ahash_req_done(rctx);
10149d12ba86SRob Rice }
10159d12ba86SRob Rice
10169d12ba86SRob Rice /**
10179d12ba86SRob Rice * spu_aead_rx_sg_create() - Build up the scatterlist of buffers used to receive
10189d12ba86SRob Rice * a SPU response message for an AEAD request. Includes buffers to catch SPU
10199d12ba86SRob Rice * message headers and the response data.
10209d12ba86SRob Rice * @mssg: mailbox message containing the receive sg
102185a557cbSLee Jones * @req: Crypto API request
10229d12ba86SRob Rice * @rctx: crypto request context
10239d12ba86SRob Rice * @rx_frag_num: number of scatterlist elements required to hold the
10249d12ba86SRob Rice * SPU response message
10259d12ba86SRob Rice * @assoc_len: Length of associated data included in the crypto request
10269d12ba86SRob Rice * @ret_iv_len: Length of IV returned in response
10279d12ba86SRob Rice * @resp_len: Number of bytes of response data expected to be written to
10289d12ba86SRob Rice * dst buffer from crypto API
10299d12ba86SRob Rice * @digestsize: Length of hash digest, in bytes
10309d12ba86SRob Rice * @stat_pad_len: Number of bytes required to pad the STAT field to
10319d12ba86SRob Rice * a 4-byte boundary
10329d12ba86SRob Rice *
10339d12ba86SRob Rice * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
10349d12ba86SRob Rice * when the request completes, whether the request is handled successfully or
10359d12ba86SRob Rice * there is an error.
10369d12ba86SRob Rice *
10379d12ba86SRob Rice * Returns:
10389d12ba86SRob Rice * 0 if successful
10399d12ba86SRob Rice * < 0 if an error
10409d12ba86SRob Rice */
spu_aead_rx_sg_create(struct brcm_message * mssg,struct aead_request * req,struct iproc_reqctx_s * rctx,u8 rx_frag_num,unsigned int assoc_len,u32 ret_iv_len,unsigned int resp_len,unsigned int digestsize,u32 stat_pad_len)10419d12ba86SRob Rice static int spu_aead_rx_sg_create(struct brcm_message *mssg,
10429d12ba86SRob Rice struct aead_request *req,
10439d12ba86SRob Rice struct iproc_reqctx_s *rctx,
10449d12ba86SRob Rice u8 rx_frag_num,
10459d12ba86SRob Rice unsigned int assoc_len,
10469d12ba86SRob Rice u32 ret_iv_len, unsigned int resp_len,
10479d12ba86SRob Rice unsigned int digestsize, u32 stat_pad_len)
10489d12ba86SRob Rice {
10499d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
10509d12ba86SRob Rice struct scatterlist *sg; /* used to build sgs in mbox message */
10519d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
10529d12ba86SRob Rice u32 datalen; /* Number of bytes of response data expected */
10539d12ba86SRob Rice u32 assoc_buf_len;
10549d12ba86SRob Rice u8 data_padlen = 0;
10559d12ba86SRob Rice
10569d12ba86SRob Rice if (ctx->is_rfc4543) {
10579d12ba86SRob Rice /* RFC4543: only pad after data, not after AAD */
10589d12ba86SRob Rice data_padlen = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
10599d12ba86SRob Rice assoc_len + resp_len);
10609d12ba86SRob Rice assoc_buf_len = assoc_len;
10619d12ba86SRob Rice } else {
10629d12ba86SRob Rice data_padlen = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
10639d12ba86SRob Rice resp_len);
10649d12ba86SRob Rice assoc_buf_len = spu->spu_assoc_resp_len(ctx->cipher.mode,
10659d12ba86SRob Rice assoc_len, ret_iv_len,
10669d12ba86SRob Rice rctx->is_encrypt);
10679d12ba86SRob Rice }
10689d12ba86SRob Rice
10699d12ba86SRob Rice if (ctx->cipher.mode == CIPHER_MODE_CCM)
10709d12ba86SRob Rice /* ICV (after data) must be in the next 32-bit word for CCM */
10719d12ba86SRob Rice data_padlen += spu->spu_wordalign_padlen(assoc_buf_len +
10729d12ba86SRob Rice resp_len +
10739d12ba86SRob Rice data_padlen);
10749d12ba86SRob Rice
10759d12ba86SRob Rice if (data_padlen)
10769d12ba86SRob Rice /* have to catch gcm pad in separate buffer */
10779d12ba86SRob Rice rx_frag_num++;
10789d12ba86SRob Rice
10799d12ba86SRob Rice mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
10809d12ba86SRob Rice rctx->gfp);
10819d12ba86SRob Rice if (!mssg->spu.dst)
10829d12ba86SRob Rice return -ENOMEM;
10839d12ba86SRob Rice
10849d12ba86SRob Rice sg = mssg->spu.dst;
10859d12ba86SRob Rice sg_init_table(sg, rx_frag_num);
10869d12ba86SRob Rice
10879d12ba86SRob Rice /* Space for SPU message header */
10889d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
10899d12ba86SRob Rice
10909d12ba86SRob Rice if (assoc_buf_len) {
10919d12ba86SRob Rice /*
10929d12ba86SRob Rice * Don't write directly to req->dst, because SPU may pad the
10939d12ba86SRob Rice * assoc data in the response
10949d12ba86SRob Rice */
10959d12ba86SRob Rice memset(rctx->msg_buf.a.resp_aad, 0, assoc_buf_len);
10969d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.a.resp_aad, assoc_buf_len);
10979d12ba86SRob Rice }
10989d12ba86SRob Rice
10999d12ba86SRob Rice if (resp_len) {
11009d12ba86SRob Rice /*
11019d12ba86SRob Rice * Copy in each dst sg entry from request, up to chunksize.
11029d12ba86SRob Rice * dst sg catches just the data. digest caught in separate buf.
11039d12ba86SRob Rice */
11049d12ba86SRob Rice datalen = spu_msg_sg_add(&sg, &rctx->dst_sg, &rctx->dst_skip,
11059d12ba86SRob Rice rctx->dst_nents, resp_len);
11069d12ba86SRob Rice if (datalen < (resp_len)) {
11079d12ba86SRob Rice pr_err("%s(): failed to copy dst sg to mbox msg. expected len %u, datalen %u",
11089d12ba86SRob Rice __func__, resp_len, datalen);
11099d12ba86SRob Rice return -EFAULT;
11109d12ba86SRob Rice }
11119d12ba86SRob Rice }
11129d12ba86SRob Rice
11139d12ba86SRob Rice /* If GCM/CCM data is padded, catch padding in separate buffer */
11149d12ba86SRob Rice if (data_padlen) {
11159d12ba86SRob Rice memset(rctx->msg_buf.a.gcmpad, 0, data_padlen);
11169d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.a.gcmpad, data_padlen);
11179d12ba86SRob Rice }
11189d12ba86SRob Rice
11199d12ba86SRob Rice /* Always catch ICV in separate buffer */
11209d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.digest, digestsize);
11219d12ba86SRob Rice
11229d12ba86SRob Rice flow_log("stat_pad_len %u\n", stat_pad_len);
11239d12ba86SRob Rice if (stat_pad_len) {
11249d12ba86SRob Rice memset(rctx->msg_buf.rx_stat_pad, 0, stat_pad_len);
11259d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
11269d12ba86SRob Rice }
11279d12ba86SRob Rice
11289d12ba86SRob Rice memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
11299d12ba86SRob Rice sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
11309d12ba86SRob Rice
11319d12ba86SRob Rice return 0;
11329d12ba86SRob Rice }
11339d12ba86SRob Rice
11349d12ba86SRob Rice /**
11359d12ba86SRob Rice * spu_aead_tx_sg_create() - Build up the scatterlist of buffers used to send a
11369d12ba86SRob Rice * SPU request message for an AEAD request. Includes SPU message headers and the
11379d12ba86SRob Rice * request data.
11389d12ba86SRob Rice * @mssg: mailbox message containing the transmit sg
11399d12ba86SRob Rice * @rctx: crypto request context
11409d12ba86SRob Rice * @tx_frag_num: number of scatterlist elements required to construct the
11419d12ba86SRob Rice * SPU request message
11429d12ba86SRob Rice * @spu_hdr_len: length of SPU message header in bytes
11439d12ba86SRob Rice * @assoc: crypto API associated data scatterlist
11449d12ba86SRob Rice * @assoc_len: length of associated data
11459d12ba86SRob Rice * @assoc_nents: number of scatterlist entries containing assoc data
11469d12ba86SRob Rice * @aead_iv_len: length of AEAD IV, if included
11479d12ba86SRob Rice * @chunksize: Number of bytes of request data
11489d12ba86SRob Rice * @aad_pad_len: Number of bytes of padding at end of AAD. For GCM/CCM.
11499d12ba86SRob Rice * @pad_len: Number of pad bytes
11509d12ba86SRob Rice * @incl_icv: If true, write separate ICV buffer after data and
11519d12ba86SRob Rice * any padding
11529d12ba86SRob Rice *
11539d12ba86SRob Rice * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
11549d12ba86SRob Rice * when the request completes, whether the request is handled successfully or
11559d12ba86SRob Rice * there is an error.
11569d12ba86SRob Rice *
11579d12ba86SRob Rice * Return:
11589d12ba86SRob Rice * 0 if successful
11599d12ba86SRob Rice * < 0 if an error
11609d12ba86SRob Rice */
spu_aead_tx_sg_create(struct brcm_message * mssg,struct iproc_reqctx_s * rctx,u8 tx_frag_num,u32 spu_hdr_len,struct scatterlist * assoc,unsigned int assoc_len,int assoc_nents,unsigned int aead_iv_len,unsigned int chunksize,u32 aad_pad_len,u32 pad_len,bool incl_icv)11619d12ba86SRob Rice static int spu_aead_tx_sg_create(struct brcm_message *mssg,
11629d12ba86SRob Rice struct iproc_reqctx_s *rctx,
11639d12ba86SRob Rice u8 tx_frag_num,
11649d12ba86SRob Rice u32 spu_hdr_len,
11659d12ba86SRob Rice struct scatterlist *assoc,
11669d12ba86SRob Rice unsigned int assoc_len,
11679d12ba86SRob Rice int assoc_nents,
11689d12ba86SRob Rice unsigned int aead_iv_len,
11699d12ba86SRob Rice unsigned int chunksize,
11709d12ba86SRob Rice u32 aad_pad_len, u32 pad_len, bool incl_icv)
11719d12ba86SRob Rice {
11729d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
11739d12ba86SRob Rice struct scatterlist *sg; /* used to build sgs in mbox message */
11749d12ba86SRob Rice struct scatterlist *assoc_sg = assoc;
11759d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
11769d12ba86SRob Rice u32 datalen; /* Number of bytes of data to write */
11779d12ba86SRob Rice u32 written; /* Number of bytes of data written */
11789d12ba86SRob Rice u32 assoc_offset = 0;
11799d12ba86SRob Rice u32 stat_len;
11809d12ba86SRob Rice
11819d12ba86SRob Rice mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
11829d12ba86SRob Rice rctx->gfp);
11839d12ba86SRob Rice if (!mssg->spu.src)
11849d12ba86SRob Rice return -ENOMEM;
11859d12ba86SRob Rice
11869d12ba86SRob Rice sg = mssg->spu.src;
11879d12ba86SRob Rice sg_init_table(sg, tx_frag_num);
11889d12ba86SRob Rice
11899d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
11909d12ba86SRob Rice BCM_HDR_LEN + spu_hdr_len);
11919d12ba86SRob Rice
11929d12ba86SRob Rice if (assoc_len) {
11939d12ba86SRob Rice /* Copy in each associated data sg entry from request */
11949d12ba86SRob Rice written = spu_msg_sg_add(&sg, &assoc_sg, &assoc_offset,
11959d12ba86SRob Rice assoc_nents, assoc_len);
11969d12ba86SRob Rice if (written < assoc_len) {
11979d12ba86SRob Rice pr_err("%s(): failed to copy assoc sg to mbox msg",
11989d12ba86SRob Rice __func__);
11999d12ba86SRob Rice return -EFAULT;
12009d12ba86SRob Rice }
12019d12ba86SRob Rice }
12029d12ba86SRob Rice
12039d12ba86SRob Rice if (aead_iv_len)
12049d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.iv_ctr, aead_iv_len);
12059d12ba86SRob Rice
12069d12ba86SRob Rice if (aad_pad_len) {
12079d12ba86SRob Rice memset(rctx->msg_buf.a.req_aad_pad, 0, aad_pad_len);
12089d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.a.req_aad_pad, aad_pad_len);
12099d12ba86SRob Rice }
12109d12ba86SRob Rice
12119d12ba86SRob Rice datalen = chunksize;
12129d12ba86SRob Rice if ((chunksize > ctx->digestsize) && incl_icv)
12139d12ba86SRob Rice datalen -= ctx->digestsize;
12149d12ba86SRob Rice if (datalen) {
12159d12ba86SRob Rice /* For aead, a single msg should consume the entire src sg */
12169d12ba86SRob Rice written = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
12179d12ba86SRob Rice rctx->src_nents, datalen);
12189d12ba86SRob Rice if (written < datalen) {
12199d12ba86SRob Rice pr_err("%s(): failed to copy src sg to mbox msg",
12209d12ba86SRob Rice __func__);
12219d12ba86SRob Rice return -EFAULT;
12229d12ba86SRob Rice }
12239d12ba86SRob Rice }
12249d12ba86SRob Rice
12259d12ba86SRob Rice if (pad_len) {
12269d12ba86SRob Rice memset(rctx->msg_buf.spu_req_pad, 0, pad_len);
12279d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
12289d12ba86SRob Rice }
12299d12ba86SRob Rice
12309d12ba86SRob Rice if (incl_icv)
12319d12ba86SRob Rice sg_set_buf(sg++, rctx->msg_buf.digest, ctx->digestsize);
12329d12ba86SRob Rice
12339d12ba86SRob Rice stat_len = spu->spu_tx_status_len();
12349d12ba86SRob Rice if (stat_len) {
12359d12ba86SRob Rice memset(rctx->msg_buf.tx_stat, 0, stat_len);
12369d12ba86SRob Rice sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
12379d12ba86SRob Rice }
12389d12ba86SRob Rice return 0;
12399d12ba86SRob Rice }
12409d12ba86SRob Rice
12419d12ba86SRob Rice /**
12429d12ba86SRob Rice * handle_aead_req() - Submit a SPU request message for the next chunk of the
12439d12ba86SRob Rice * current AEAD request.
12449d12ba86SRob Rice * @rctx: Crypto request context
12459d12ba86SRob Rice *
12469d12ba86SRob Rice * Unlike other operation types, we assume the length of the request fits in
12479d12ba86SRob Rice * a single SPU request message. aead_enqueue() makes sure this is true.
12489d12ba86SRob Rice * Comments for other op types regarding threads applies here as well.
12499d12ba86SRob Rice *
12509d12ba86SRob Rice * Unlike incremental hash ops, where the spu returns the entire hash for
12519d12ba86SRob Rice * truncated algs like sha-224, the SPU returns just the truncated hash in
12529d12ba86SRob Rice * response to aead requests. So digestsize is always ctx->digestsize here.
12539d12ba86SRob Rice *
12549d12ba86SRob Rice * Return: -EINPROGRESS: crypto request has been accepted and result will be
12559d12ba86SRob Rice * returned asynchronously
12569d12ba86SRob Rice * Any other value indicates an error
12579d12ba86SRob Rice */
handle_aead_req(struct iproc_reqctx_s * rctx)12589d12ba86SRob Rice static int handle_aead_req(struct iproc_reqctx_s *rctx)
12599d12ba86SRob Rice {
12609d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
12619d12ba86SRob Rice struct crypto_async_request *areq = rctx->parent;
12629d12ba86SRob Rice struct aead_request *req = container_of(areq,
12639d12ba86SRob Rice struct aead_request, base);
12649d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
12659d12ba86SRob Rice int err;
12669d12ba86SRob Rice unsigned int chunksize;
12679d12ba86SRob Rice unsigned int resp_len;
12689d12ba86SRob Rice u32 spu_hdr_len;
12699d12ba86SRob Rice u32 db_size;
12709d12ba86SRob Rice u32 stat_pad_len;
12719d12ba86SRob Rice u32 pad_len;
12729d12ba86SRob Rice struct brcm_message *mssg; /* mailbox message */
12739d12ba86SRob Rice struct spu_request_opts req_opts;
12749d12ba86SRob Rice struct spu_cipher_parms cipher_parms;
12759d12ba86SRob Rice struct spu_hash_parms hash_parms;
12769d12ba86SRob Rice struct spu_aead_parms aead_parms;
12779d12ba86SRob Rice int assoc_nents = 0;
12789d12ba86SRob Rice bool incl_icv = false;
12799d12ba86SRob Rice unsigned int digestsize = ctx->digestsize;
12809d12ba86SRob Rice
12819d12ba86SRob Rice /* number of entries in src and dst sg. Always includes SPU msg header.
12829d12ba86SRob Rice */
12839d12ba86SRob Rice u8 rx_frag_num = 2; /* and STATUS */
12849d12ba86SRob Rice u8 tx_frag_num = 1;
12859d12ba86SRob Rice
12869d12ba86SRob Rice /* doing the whole thing at once */
12879d12ba86SRob Rice chunksize = rctx->total_todo;
12889d12ba86SRob Rice
12899d12ba86SRob Rice flow_log("%s: chunksize %u\n", __func__, chunksize);
12909d12ba86SRob Rice
12919d12ba86SRob Rice memset(&req_opts, 0, sizeof(req_opts));
12929d12ba86SRob Rice memset(&hash_parms, 0, sizeof(hash_parms));
12939d12ba86SRob Rice memset(&aead_parms, 0, sizeof(aead_parms));
12949d12ba86SRob Rice
12959d12ba86SRob Rice req_opts.is_inbound = !(rctx->is_encrypt);
12969d12ba86SRob Rice req_opts.auth_first = ctx->auth_first;
12979d12ba86SRob Rice req_opts.is_aead = true;
12989d12ba86SRob Rice req_opts.is_esp = ctx->is_esp;
12999d12ba86SRob Rice
13009d12ba86SRob Rice cipher_parms.alg = ctx->cipher.alg;
13019d12ba86SRob Rice cipher_parms.mode = ctx->cipher.mode;
13029d12ba86SRob Rice cipher_parms.type = ctx->cipher_type;
13039d12ba86SRob Rice cipher_parms.key_buf = ctx->enckey;
13049d12ba86SRob Rice cipher_parms.key_len = ctx->enckeylen;
13059d12ba86SRob Rice cipher_parms.iv_buf = rctx->msg_buf.iv_ctr;
13069d12ba86SRob Rice cipher_parms.iv_len = rctx->iv_ctr_len;
13079d12ba86SRob Rice
13089d12ba86SRob Rice hash_parms.alg = ctx->auth.alg;
13099d12ba86SRob Rice hash_parms.mode = ctx->auth.mode;
13109d12ba86SRob Rice hash_parms.type = HASH_TYPE_NONE;
13119d12ba86SRob Rice hash_parms.key_buf = (u8 *)ctx->authkey;
13129d12ba86SRob Rice hash_parms.key_len = ctx->authkeylen;
13139d12ba86SRob Rice hash_parms.digestsize = digestsize;
13149d12ba86SRob Rice
13159d12ba86SRob Rice if ((ctx->auth.alg == HASH_ALG_SHA224) &&
13169d12ba86SRob Rice (ctx->authkeylen < SHA224_DIGEST_SIZE))
13179d12ba86SRob Rice hash_parms.key_len = SHA224_DIGEST_SIZE;
13189d12ba86SRob Rice
13199d12ba86SRob Rice aead_parms.assoc_size = req->assoclen;
13209d12ba86SRob Rice if (ctx->is_esp && !ctx->is_rfc4543) {
13219d12ba86SRob Rice /*
13229d12ba86SRob Rice * 8-byte IV is included assoc data in request. SPU2
13239d12ba86SRob Rice * expects AAD to include just SPI and seqno. So
13249d12ba86SRob Rice * subtract off the IV len.
13259d12ba86SRob Rice */
1326a59851d2SCorentin LABBE aead_parms.assoc_size -= GCM_RFC4106_IV_SIZE;
13279d12ba86SRob Rice
13289d12ba86SRob Rice if (rctx->is_encrypt) {
13299d12ba86SRob Rice aead_parms.return_iv = true;
1330a59851d2SCorentin LABBE aead_parms.ret_iv_len = GCM_RFC4106_IV_SIZE;
13319d12ba86SRob Rice aead_parms.ret_iv_off = GCM_ESP_SALT_SIZE;
13329d12ba86SRob Rice }
13339d12ba86SRob Rice } else {
13349d12ba86SRob Rice aead_parms.ret_iv_len = 0;
13359d12ba86SRob Rice }
13369d12ba86SRob Rice
13379d12ba86SRob Rice /*
13389d12ba86SRob Rice * Count number of sg entries from the crypto API request that are to
13399d12ba86SRob Rice * be included in this mailbox message. For dst sg, don't count space
13409d12ba86SRob Rice * for digest. Digest gets caught in a separate buffer and copied back
13419d12ba86SRob Rice * to dst sg when processing response.
13429d12ba86SRob Rice */
13439d12ba86SRob Rice rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip, chunksize);
13449d12ba86SRob Rice rctx->dst_nents = spu_sg_count(rctx->dst_sg, rctx->dst_skip, chunksize);
13459d12ba86SRob Rice if (aead_parms.assoc_size)
13469d12ba86SRob Rice assoc_nents = spu_sg_count(rctx->assoc, 0,
13479d12ba86SRob Rice aead_parms.assoc_size);
13489d12ba86SRob Rice
13499d12ba86SRob Rice mssg = &rctx->mb_mssg;
13509d12ba86SRob Rice
13519d12ba86SRob Rice rctx->total_sent = chunksize;
13529d12ba86SRob Rice rctx->src_sent = chunksize;
13539d12ba86SRob Rice if (spu->spu_assoc_resp_len(ctx->cipher.mode,
13549d12ba86SRob Rice aead_parms.assoc_size,
13559d12ba86SRob Rice aead_parms.ret_iv_len,
13569d12ba86SRob Rice rctx->is_encrypt))
13579d12ba86SRob Rice rx_frag_num++;
13589d12ba86SRob Rice
13599d12ba86SRob Rice aead_parms.iv_len = spu->spu_aead_ivlen(ctx->cipher.mode,
13609d12ba86SRob Rice rctx->iv_ctr_len);
13619d12ba86SRob Rice
13629d12ba86SRob Rice if (ctx->auth.alg == HASH_ALG_AES)
1363a2e5d408SStefan Agner hash_parms.type = (enum hash_type)ctx->cipher_type;
13649d12ba86SRob Rice
13659d12ba86SRob Rice /* General case AAD padding (CCM and RFC4543 special cases below) */
13669d12ba86SRob Rice aead_parms.aad_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
13679d12ba86SRob Rice aead_parms.assoc_size);
13689d12ba86SRob Rice
13699d12ba86SRob Rice /* General case data padding (CCM decrypt special case below) */
13709d12ba86SRob Rice aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
13719d12ba86SRob Rice chunksize);
13729d12ba86SRob Rice
13739d12ba86SRob Rice if (ctx->cipher.mode == CIPHER_MODE_CCM) {
13749d12ba86SRob Rice /*
13759d12ba86SRob Rice * for CCM, AAD len + 2 (rather than AAD len) needs to be
13769d12ba86SRob Rice * 128-bit aligned
13779d12ba86SRob Rice */
13789d12ba86SRob Rice aead_parms.aad_pad_len = spu->spu_gcm_ccm_pad_len(
13799d12ba86SRob Rice ctx->cipher.mode,
13809d12ba86SRob Rice aead_parms.assoc_size + 2);
13819d12ba86SRob Rice
13829d12ba86SRob Rice /*
13839d12ba86SRob Rice * And when decrypting CCM, need to pad without including
13849d12ba86SRob Rice * size of ICV which is tacked on to end of chunk
13859d12ba86SRob Rice */
13869d12ba86SRob Rice if (!rctx->is_encrypt)
13879d12ba86SRob Rice aead_parms.data_pad_len =
13889d12ba86SRob Rice spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
13899d12ba86SRob Rice chunksize - digestsize);
13909d12ba86SRob Rice
13919d12ba86SRob Rice /* CCM also requires software to rewrite portions of IV: */
13929d12ba86SRob Rice spu->spu_ccm_update_iv(digestsize, &cipher_parms, req->assoclen,
13939d12ba86SRob Rice chunksize, rctx->is_encrypt,
13949d12ba86SRob Rice ctx->is_esp);
13959d12ba86SRob Rice }
13969d12ba86SRob Rice
13979d12ba86SRob Rice if (ctx->is_rfc4543) {
13989d12ba86SRob Rice /*
13999d12ba86SRob Rice * RFC4543: data is included in AAD, so don't pad after AAD
14009d12ba86SRob Rice * and pad data based on both AAD + data size
14019d12ba86SRob Rice */
14029d12ba86SRob Rice aead_parms.aad_pad_len = 0;
14039d12ba86SRob Rice if (!rctx->is_encrypt)
14049d12ba86SRob Rice aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(
14059d12ba86SRob Rice ctx->cipher.mode,
14069d12ba86SRob Rice aead_parms.assoc_size + chunksize -
14079d12ba86SRob Rice digestsize);
14089d12ba86SRob Rice else
14099d12ba86SRob Rice aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(
14109d12ba86SRob Rice ctx->cipher.mode,
14119d12ba86SRob Rice aead_parms.assoc_size + chunksize);
14129d12ba86SRob Rice
14139d12ba86SRob Rice req_opts.is_rfc4543 = true;
14149d12ba86SRob Rice }
14159d12ba86SRob Rice
14169d12ba86SRob Rice if (spu_req_incl_icv(ctx->cipher.mode, rctx->is_encrypt)) {
14179d12ba86SRob Rice incl_icv = true;
14189d12ba86SRob Rice tx_frag_num++;
14199d12ba86SRob Rice /* Copy ICV from end of src scatterlist to digest buf */
14209d12ba86SRob Rice sg_copy_part_to_buf(req->src, rctx->msg_buf.digest, digestsize,
14219d12ba86SRob Rice req->assoclen + rctx->total_sent -
14229d12ba86SRob Rice digestsize);
14239d12ba86SRob Rice }
14249d12ba86SRob Rice
14259d12ba86SRob Rice atomic64_add(chunksize, &iproc_priv.bytes_out);
14269d12ba86SRob Rice
14279d12ba86SRob Rice flow_log("%s()-sent chunksize:%u\n", __func__, chunksize);
14289d12ba86SRob Rice
14299d12ba86SRob Rice /* Prepend SPU header with type 3 BCM header */
14309d12ba86SRob Rice memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
14319d12ba86SRob Rice
14329d12ba86SRob Rice spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
14339d12ba86SRob Rice BCM_HDR_LEN, &req_opts,
14349d12ba86SRob Rice &cipher_parms, &hash_parms,
14359d12ba86SRob Rice &aead_parms, chunksize);
14369d12ba86SRob Rice
14379d12ba86SRob Rice /* Determine total length of padding. Put all padding in one buffer. */
14389d12ba86SRob Rice db_size = spu_real_db_size(aead_parms.assoc_size, aead_parms.iv_len, 0,
14399d12ba86SRob Rice chunksize, aead_parms.aad_pad_len,
14409d12ba86SRob Rice aead_parms.data_pad_len, 0);
14419d12ba86SRob Rice
14429d12ba86SRob Rice stat_pad_len = spu->spu_wordalign_padlen(db_size);
14439d12ba86SRob Rice
14449d12ba86SRob Rice if (stat_pad_len)
14459d12ba86SRob Rice rx_frag_num++;
14469d12ba86SRob Rice pad_len = aead_parms.data_pad_len + stat_pad_len;
14479d12ba86SRob Rice if (pad_len) {
14489d12ba86SRob Rice tx_frag_num++;
14499d12ba86SRob Rice spu->spu_request_pad(rctx->msg_buf.spu_req_pad,
14509d12ba86SRob Rice aead_parms.data_pad_len, 0,
14519d12ba86SRob Rice ctx->auth.alg, ctx->auth.mode,
14529d12ba86SRob Rice rctx->total_sent, stat_pad_len);
14539d12ba86SRob Rice }
14549d12ba86SRob Rice
14559d12ba86SRob Rice spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
14569d12ba86SRob Rice spu_hdr_len);
14579d12ba86SRob Rice dump_sg(rctx->assoc, 0, aead_parms.assoc_size);
14589d12ba86SRob Rice packet_dump(" aead iv: ", rctx->msg_buf.iv_ctr, aead_parms.iv_len);
14599d12ba86SRob Rice packet_log("BD:\n");
14609d12ba86SRob Rice dump_sg(rctx->src_sg, rctx->src_skip, chunksize);
14619d12ba86SRob Rice packet_dump(" pad: ", rctx->msg_buf.spu_req_pad, pad_len);
14629d12ba86SRob Rice
14639d12ba86SRob Rice /*
14649d12ba86SRob Rice * Build mailbox message containing SPU request msg and rx buffers
14659d12ba86SRob Rice * to catch response message
14669d12ba86SRob Rice */
14679d12ba86SRob Rice memset(mssg, 0, sizeof(*mssg));
14689d12ba86SRob Rice mssg->type = BRCM_MESSAGE_SPU;
14699d12ba86SRob Rice mssg->ctx = rctx; /* Will be returned in response */
14709d12ba86SRob Rice
14719d12ba86SRob Rice /* Create rx scatterlist to catch result */
14729d12ba86SRob Rice rx_frag_num += rctx->dst_nents;
14739d12ba86SRob Rice resp_len = chunksize;
14749d12ba86SRob Rice
14759d12ba86SRob Rice /*
14769d12ba86SRob Rice * Always catch ICV in separate buffer. Have to for GCM/CCM because of
14779d12ba86SRob Rice * padding. Have to for SHA-224 and other truncated SHAs because SPU
14789d12ba86SRob Rice * sends entire digest back.
14799d12ba86SRob Rice */
14809d12ba86SRob Rice rx_frag_num++;
14819d12ba86SRob Rice
14829d12ba86SRob Rice if (((ctx->cipher.mode == CIPHER_MODE_GCM) ||
14839d12ba86SRob Rice (ctx->cipher.mode == CIPHER_MODE_CCM)) && !rctx->is_encrypt) {
14849d12ba86SRob Rice /*
14859d12ba86SRob Rice * Input is ciphertxt plus ICV, but ICV not incl
14869d12ba86SRob Rice * in output.
14879d12ba86SRob Rice */
14889d12ba86SRob Rice resp_len -= ctx->digestsize;
14899d12ba86SRob Rice if (resp_len == 0)
14909d12ba86SRob Rice /* no rx frags to catch output data */
14919d12ba86SRob Rice rx_frag_num -= rctx->dst_nents;
14929d12ba86SRob Rice }
14939d12ba86SRob Rice
14949d12ba86SRob Rice err = spu_aead_rx_sg_create(mssg, req, rctx, rx_frag_num,
14959d12ba86SRob Rice aead_parms.assoc_size,
14969d12ba86SRob Rice aead_parms.ret_iv_len, resp_len, digestsize,
14979d12ba86SRob Rice stat_pad_len);
14989d12ba86SRob Rice if (err)
14999d12ba86SRob Rice return err;
15009d12ba86SRob Rice
15019d12ba86SRob Rice /* Create tx scatterlist containing SPU request message */
15029d12ba86SRob Rice tx_frag_num += rctx->src_nents;
15039d12ba86SRob Rice tx_frag_num += assoc_nents;
15049d12ba86SRob Rice if (aead_parms.aad_pad_len)
15059d12ba86SRob Rice tx_frag_num++;
15069d12ba86SRob Rice if (aead_parms.iv_len)
15079d12ba86SRob Rice tx_frag_num++;
15089d12ba86SRob Rice if (spu->spu_tx_status_len())
15099d12ba86SRob Rice tx_frag_num++;
15109d12ba86SRob Rice err = spu_aead_tx_sg_create(mssg, rctx, tx_frag_num, spu_hdr_len,
15119d12ba86SRob Rice rctx->assoc, aead_parms.assoc_size,
15129d12ba86SRob Rice assoc_nents, aead_parms.iv_len, chunksize,
15139d12ba86SRob Rice aead_parms.aad_pad_len, pad_len, incl_icv);
15149d12ba86SRob Rice if (err)
15159d12ba86SRob Rice return err;
15169d12ba86SRob Rice
1517f0e2ce58Sraveendra padasalagi err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
1518f0e2ce58Sraveendra padasalagi if (unlikely(err < 0))
15199d12ba86SRob Rice return err;
15209d12ba86SRob Rice
15219d12ba86SRob Rice return -EINPROGRESS;
15229d12ba86SRob Rice }
15239d12ba86SRob Rice
15249d12ba86SRob Rice /**
15259d12ba86SRob Rice * handle_aead_resp() - Process a SPU response message for an AEAD request.
15269d12ba86SRob Rice * @rctx: Crypto request context
15279d12ba86SRob Rice */
handle_aead_resp(struct iproc_reqctx_s * rctx)15289d12ba86SRob Rice static void handle_aead_resp(struct iproc_reqctx_s *rctx)
15299d12ba86SRob Rice {
15309d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
15319d12ba86SRob Rice struct crypto_async_request *areq = rctx->parent;
15329d12ba86SRob Rice struct aead_request *req = container_of(areq,
15339d12ba86SRob Rice struct aead_request, base);
15349d12ba86SRob Rice struct iproc_ctx_s *ctx = rctx->ctx;
15359d12ba86SRob Rice u32 payload_len;
15369d12ba86SRob Rice unsigned int icv_offset;
15379d12ba86SRob Rice u32 result_len;
15389d12ba86SRob Rice
15399d12ba86SRob Rice /* See how much data was returned */
15409d12ba86SRob Rice payload_len = spu->spu_payload_length(rctx->msg_buf.spu_resp_hdr);
15419d12ba86SRob Rice flow_log("payload_len %u\n", payload_len);
15429d12ba86SRob Rice
15439d12ba86SRob Rice /* only count payload */
15449d12ba86SRob Rice atomic64_add(payload_len, &iproc_priv.bytes_in);
15459d12ba86SRob Rice
15469d12ba86SRob Rice if (req->assoclen)
15479d12ba86SRob Rice packet_dump(" assoc_data ", rctx->msg_buf.a.resp_aad,
15489d12ba86SRob Rice req->assoclen);
15499d12ba86SRob Rice
15509d12ba86SRob Rice /*
15519d12ba86SRob Rice * Copy the ICV back to the destination
15529d12ba86SRob Rice * buffer. In decrypt case, SPU gives us back the digest, but crypto
15539d12ba86SRob Rice * API doesn't expect ICV in dst buffer.
15549d12ba86SRob Rice */
15559d12ba86SRob Rice result_len = req->cryptlen;
15569d12ba86SRob Rice if (rctx->is_encrypt) {
15579d12ba86SRob Rice icv_offset = req->assoclen + rctx->total_sent;
15589d12ba86SRob Rice packet_dump(" ICV: ", rctx->msg_buf.digest, ctx->digestsize);
15599d12ba86SRob Rice flow_log("copying ICV to dst sg at offset %u\n", icv_offset);
15609d12ba86SRob Rice sg_copy_part_from_buf(req->dst, rctx->msg_buf.digest,
15619d12ba86SRob Rice ctx->digestsize, icv_offset);
15629d12ba86SRob Rice result_len += ctx->digestsize;
15639d12ba86SRob Rice }
15649d12ba86SRob Rice
15659d12ba86SRob Rice packet_log("response data: ");
15669d12ba86SRob Rice dump_sg(req->dst, req->assoclen, result_len);
15679d12ba86SRob Rice
15689d12ba86SRob Rice atomic_inc(&iproc_priv.op_counts[SPU_OP_AEAD]);
15699d12ba86SRob Rice if (ctx->cipher.alg == CIPHER_ALG_AES) {
15709d12ba86SRob Rice if (ctx->cipher.mode == CIPHER_MODE_CCM)
15719d12ba86SRob Rice atomic_inc(&iproc_priv.aead_cnt[AES_CCM]);
15729d12ba86SRob Rice else if (ctx->cipher.mode == CIPHER_MODE_GCM)
15739d12ba86SRob Rice atomic_inc(&iproc_priv.aead_cnt[AES_GCM]);
15749d12ba86SRob Rice else
15759d12ba86SRob Rice atomic_inc(&iproc_priv.aead_cnt[AUTHENC]);
15769d12ba86SRob Rice } else {
15779d12ba86SRob Rice atomic_inc(&iproc_priv.aead_cnt[AUTHENC]);
15789d12ba86SRob Rice }
15799d12ba86SRob Rice }
15809d12ba86SRob Rice
15819d12ba86SRob Rice /**
15829d12ba86SRob Rice * spu_chunk_cleanup() - Do cleanup after processing one chunk of a request
15839d12ba86SRob Rice * @rctx: request context
15849d12ba86SRob Rice *
15859d12ba86SRob Rice * Mailbox scatterlists are allocated for each chunk. So free them after
15869d12ba86SRob Rice * processing each chunk.
15879d12ba86SRob Rice */
spu_chunk_cleanup(struct iproc_reqctx_s * rctx)15889d12ba86SRob Rice static void spu_chunk_cleanup(struct iproc_reqctx_s *rctx)
15899d12ba86SRob Rice {
15909d12ba86SRob Rice /* mailbox message used to tx request */
15919d12ba86SRob Rice struct brcm_message *mssg = &rctx->mb_mssg;
15929d12ba86SRob Rice
15939d12ba86SRob Rice kfree(mssg->spu.src);
15949d12ba86SRob Rice kfree(mssg->spu.dst);
15959d12ba86SRob Rice memset(mssg, 0, sizeof(struct brcm_message));
15969d12ba86SRob Rice }
15979d12ba86SRob Rice
15989d12ba86SRob Rice /**
15999d12ba86SRob Rice * finish_req() - Used to invoke the complete callback from the requester when
16009d12ba86SRob Rice * a request has been handled asynchronously.
16019d12ba86SRob Rice * @rctx: Request context
16029d12ba86SRob Rice * @err: Indicates whether the request was successful or not
16039d12ba86SRob Rice *
16049d12ba86SRob Rice * Ensures that cleanup has been done for request
16059d12ba86SRob Rice */
finish_req(struct iproc_reqctx_s * rctx,int err)16069d12ba86SRob Rice static void finish_req(struct iproc_reqctx_s *rctx, int err)
16079d12ba86SRob Rice {
16089d12ba86SRob Rice struct crypto_async_request *areq = rctx->parent;
16099d12ba86SRob Rice
16109d12ba86SRob Rice flow_log("%s() err:%d\n\n", __func__, err);
16119d12ba86SRob Rice
16129d12ba86SRob Rice /* No harm done if already called */
16139d12ba86SRob Rice spu_chunk_cleanup(rctx);
16149d12ba86SRob Rice
16159d12ba86SRob Rice if (areq)
161633ccbfd2SHerbert Xu crypto_request_complete(areq, err);
16179d12ba86SRob Rice }
16189d12ba86SRob Rice
16199d12ba86SRob Rice /**
16209d12ba86SRob Rice * spu_rx_callback() - Callback from mailbox framework with a SPU response.
16219d12ba86SRob Rice * @cl: mailbox client structure for SPU driver
16229d12ba86SRob Rice * @msg: mailbox message containing SPU response
16239d12ba86SRob Rice */
spu_rx_callback(struct mbox_client * cl,void * msg)16249d12ba86SRob Rice static void spu_rx_callback(struct mbox_client *cl, void *msg)
16259d12ba86SRob Rice {
16269d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
16279d12ba86SRob Rice struct brcm_message *mssg = msg;
16289d12ba86SRob Rice struct iproc_reqctx_s *rctx;
162912b3cf90STang Bin int err;
16309d12ba86SRob Rice
16319d12ba86SRob Rice rctx = mssg->ctx;
16329d12ba86SRob Rice if (unlikely(!rctx)) {
16339d12ba86SRob Rice /* This is fatal */
16349d12ba86SRob Rice pr_err("%s(): no request context", __func__);
16359d12ba86SRob Rice err = -EFAULT;
16369d12ba86SRob Rice goto cb_finish;
16379d12ba86SRob Rice }
16389d12ba86SRob Rice
16399d12ba86SRob Rice /* process the SPU status */
16409d12ba86SRob Rice err = spu->spu_status_process(rctx->msg_buf.rx_stat);
16419d12ba86SRob Rice if (err != 0) {
16429d12ba86SRob Rice if (err == SPU_INVALID_ICV)
16439d12ba86SRob Rice atomic_inc(&iproc_priv.bad_icv);
16449d12ba86SRob Rice err = -EBADMSG;
16459d12ba86SRob Rice goto cb_finish;
16469d12ba86SRob Rice }
16479d12ba86SRob Rice
16489d12ba86SRob Rice /* Process the SPU response message */
16499d12ba86SRob Rice switch (rctx->ctx->alg->type) {
1650a9c01cd6SArd Biesheuvel case CRYPTO_ALG_TYPE_SKCIPHER:
1651a9c01cd6SArd Biesheuvel handle_skcipher_resp(rctx);
16529d12ba86SRob Rice break;
16539d12ba86SRob Rice case CRYPTO_ALG_TYPE_AHASH:
16549d12ba86SRob Rice handle_ahash_resp(rctx);
16559d12ba86SRob Rice break;
16569d12ba86SRob Rice case CRYPTO_ALG_TYPE_AEAD:
16579d12ba86SRob Rice handle_aead_resp(rctx);
16589d12ba86SRob Rice break;
16599d12ba86SRob Rice default:
16609d12ba86SRob Rice err = -EINVAL;
16619d12ba86SRob Rice goto cb_finish;
16629d12ba86SRob Rice }
16639d12ba86SRob Rice
16649d12ba86SRob Rice /*
16659d12ba86SRob Rice * If this response does not complete the request, then send the next
16669d12ba86SRob Rice * request chunk.
16679d12ba86SRob Rice */
16689d12ba86SRob Rice if (rctx->total_sent < rctx->total_todo) {
16699d12ba86SRob Rice /* Deallocate anything specific to previous chunk */
16709d12ba86SRob Rice spu_chunk_cleanup(rctx);
16719d12ba86SRob Rice
16729d12ba86SRob Rice switch (rctx->ctx->alg->type) {
1673a9c01cd6SArd Biesheuvel case CRYPTO_ALG_TYPE_SKCIPHER:
1674a9c01cd6SArd Biesheuvel err = handle_skcipher_req(rctx);
16759d12ba86SRob Rice break;
16769d12ba86SRob Rice case CRYPTO_ALG_TYPE_AHASH:
16779d12ba86SRob Rice err = handle_ahash_req(rctx);
16789d12ba86SRob Rice if (err == -EAGAIN)
16799d12ba86SRob Rice /*
16809d12ba86SRob Rice * we saved data in hash carry, but tell crypto
16819d12ba86SRob Rice * API we successfully completed request.
16829d12ba86SRob Rice */
16839d12ba86SRob Rice err = 0;
16849d12ba86SRob Rice break;
16859d12ba86SRob Rice case CRYPTO_ALG_TYPE_AEAD:
16869d12ba86SRob Rice err = handle_aead_req(rctx);
16879d12ba86SRob Rice break;
16889d12ba86SRob Rice default:
16899d12ba86SRob Rice err = -EINVAL;
16909d12ba86SRob Rice }
16919d12ba86SRob Rice
16929d12ba86SRob Rice if (err == -EINPROGRESS)
16939d12ba86SRob Rice /* Successfully submitted request for next chunk */
16949d12ba86SRob Rice return;
16959d12ba86SRob Rice }
16969d12ba86SRob Rice
16979d12ba86SRob Rice cb_finish:
16989d12ba86SRob Rice finish_req(rctx, err);
16999d12ba86SRob Rice }
17009d12ba86SRob Rice
17019d12ba86SRob Rice /* ==================== Kernel Cryptographic API ==================== */
17029d12ba86SRob Rice
17039d12ba86SRob Rice /**
1704a9c01cd6SArd Biesheuvel * skcipher_enqueue() - Handle skcipher encrypt or decrypt request.
17059d12ba86SRob Rice * @req: Crypto API request
17069d12ba86SRob Rice * @encrypt: true if encrypting; false if decrypting
17079d12ba86SRob Rice *
17089d12ba86SRob Rice * Return: -EINPROGRESS if request accepted and result will be returned
17099d12ba86SRob Rice * asynchronously
17109d12ba86SRob Rice * < 0 if an error
17119d12ba86SRob Rice */
skcipher_enqueue(struct skcipher_request * req,bool encrypt)1712a9c01cd6SArd Biesheuvel static int skcipher_enqueue(struct skcipher_request *req, bool encrypt)
17139d12ba86SRob Rice {
1714a9c01cd6SArd Biesheuvel struct iproc_reqctx_s *rctx = skcipher_request_ctx(req);
17159d12ba86SRob Rice struct iproc_ctx_s *ctx =
1716a9c01cd6SArd Biesheuvel crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
17179d12ba86SRob Rice int err;
17189d12ba86SRob Rice
17199d12ba86SRob Rice flow_log("%s() enc:%u\n", __func__, encrypt);
17209d12ba86SRob Rice
17219d12ba86SRob Rice rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
17229d12ba86SRob Rice CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
17239d12ba86SRob Rice rctx->parent = &req->base;
17249d12ba86SRob Rice rctx->is_encrypt = encrypt;
17259d12ba86SRob Rice rctx->bd_suppress = false;
1726a9c01cd6SArd Biesheuvel rctx->total_todo = req->cryptlen;
17279d12ba86SRob Rice rctx->src_sent = 0;
17289d12ba86SRob Rice rctx->total_sent = 0;
17299d12ba86SRob Rice rctx->total_received = 0;
17309d12ba86SRob Rice rctx->ctx = ctx;
17319d12ba86SRob Rice
17329d12ba86SRob Rice /* Initialize current position in src and dst scatterlists */
17339d12ba86SRob Rice rctx->src_sg = req->src;
17349d12ba86SRob Rice rctx->src_nents = 0;
17359d12ba86SRob Rice rctx->src_skip = 0;
17369d12ba86SRob Rice rctx->dst_sg = req->dst;
17379d12ba86SRob Rice rctx->dst_nents = 0;
17389d12ba86SRob Rice rctx->dst_skip = 0;
17399d12ba86SRob Rice
17409d12ba86SRob Rice if (ctx->cipher.mode == CIPHER_MODE_CBC ||
17419d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_CTR ||
17429d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_OFB ||
17439d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_XTS ||
17449d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_GCM ||
17459d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_CCM) {
17469d12ba86SRob Rice rctx->iv_ctr_len =
1747a9c01cd6SArd Biesheuvel crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req));
1748a9c01cd6SArd Biesheuvel memcpy(rctx->msg_buf.iv_ctr, req->iv, rctx->iv_ctr_len);
17499d12ba86SRob Rice } else {
17509d12ba86SRob Rice rctx->iv_ctr_len = 0;
17519d12ba86SRob Rice }
17529d12ba86SRob Rice
17539d12ba86SRob Rice /* Choose a SPU to process this request */
17549d12ba86SRob Rice rctx->chan_idx = select_channel();
1755a9c01cd6SArd Biesheuvel err = handle_skcipher_req(rctx);
17569d12ba86SRob Rice if (err != -EINPROGRESS)
17579d12ba86SRob Rice /* synchronous result */
17589d12ba86SRob Rice spu_chunk_cleanup(rctx);
17599d12ba86SRob Rice
17609d12ba86SRob Rice return err;
17619d12ba86SRob Rice }
17629d12ba86SRob Rice
des_setkey(struct crypto_skcipher * cipher,const u8 * key,unsigned int keylen)1763a9c01cd6SArd Biesheuvel static int des_setkey(struct crypto_skcipher *cipher, const u8 *key,
17649d12ba86SRob Rice unsigned int keylen)
17659d12ba86SRob Rice {
1766a9c01cd6SArd Biesheuvel struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
176705a7238dSArd Biesheuvel int err;
17689d12ba86SRob Rice
1769a9c01cd6SArd Biesheuvel err = verify_skcipher_des_key(cipher, key);
177005a7238dSArd Biesheuvel if (err)
177105a7238dSArd Biesheuvel return err;
17729d12ba86SRob Rice
17739d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_DES;
17749d12ba86SRob Rice return 0;
17759d12ba86SRob Rice }
17769d12ba86SRob Rice
threedes_setkey(struct crypto_skcipher * cipher,const u8 * key,unsigned int keylen)1777a9c01cd6SArd Biesheuvel static int threedes_setkey(struct crypto_skcipher *cipher, const u8 *key,
17789d12ba86SRob Rice unsigned int keylen)
17799d12ba86SRob Rice {
1780a9c01cd6SArd Biesheuvel struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
178105a7238dSArd Biesheuvel int err;
17829d12ba86SRob Rice
1783a9c01cd6SArd Biesheuvel err = verify_skcipher_des3_key(cipher, key);
178405a7238dSArd Biesheuvel if (err)
178505a7238dSArd Biesheuvel return err;
17869d12ba86SRob Rice
17879d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_3DES;
17889d12ba86SRob Rice return 0;
17899d12ba86SRob Rice }
17909d12ba86SRob Rice
aes_setkey(struct crypto_skcipher * cipher,const u8 * key,unsigned int keylen)1791a9c01cd6SArd Biesheuvel static int aes_setkey(struct crypto_skcipher *cipher, const u8 *key,
17929d12ba86SRob Rice unsigned int keylen)
17939d12ba86SRob Rice {
1794a9c01cd6SArd Biesheuvel struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
17959d12ba86SRob Rice
17969d12ba86SRob Rice if (ctx->cipher.mode == CIPHER_MODE_XTS)
17979d12ba86SRob Rice /* XTS includes two keys of equal length */
17989d12ba86SRob Rice keylen = keylen / 2;
17999d12ba86SRob Rice
18009d12ba86SRob Rice switch (keylen) {
18019d12ba86SRob Rice case AES_KEYSIZE_128:
18029d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES128;
18039d12ba86SRob Rice break;
18049d12ba86SRob Rice case AES_KEYSIZE_192:
18059d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES192;
18069d12ba86SRob Rice break;
18079d12ba86SRob Rice case AES_KEYSIZE_256:
18089d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES256;
18099d12ba86SRob Rice break;
18109d12ba86SRob Rice default:
18119d12ba86SRob Rice return -EINVAL;
18129d12ba86SRob Rice }
18139d12ba86SRob Rice WARN_ON((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
18149d12ba86SRob Rice ((ctx->max_payload % AES_BLOCK_SIZE) != 0));
18159d12ba86SRob Rice return 0;
18169d12ba86SRob Rice }
18179d12ba86SRob Rice
skcipher_setkey(struct crypto_skcipher * cipher,const u8 * key,unsigned int keylen)1818a9c01cd6SArd Biesheuvel static int skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key,
18199d12ba86SRob Rice unsigned int keylen)
18209d12ba86SRob Rice {
18219d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
1822a9c01cd6SArd Biesheuvel struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
18239d12ba86SRob Rice struct spu_cipher_parms cipher_parms;
18249d12ba86SRob Rice u32 alloc_len = 0;
18259d12ba86SRob Rice int err;
18269d12ba86SRob Rice
1827a9c01cd6SArd Biesheuvel flow_log("skcipher_setkey() keylen: %d\n", keylen);
18289d12ba86SRob Rice flow_dump(" key: ", key, keylen);
18299d12ba86SRob Rice
18309d12ba86SRob Rice switch (ctx->cipher.alg) {
18319d12ba86SRob Rice case CIPHER_ALG_DES:
18329d12ba86SRob Rice err = des_setkey(cipher, key, keylen);
18339d12ba86SRob Rice break;
18349d12ba86SRob Rice case CIPHER_ALG_3DES:
18359d12ba86SRob Rice err = threedes_setkey(cipher, key, keylen);
18369d12ba86SRob Rice break;
18379d12ba86SRob Rice case CIPHER_ALG_AES:
18389d12ba86SRob Rice err = aes_setkey(cipher, key, keylen);
18399d12ba86SRob Rice break;
18409d12ba86SRob Rice default:
18419d12ba86SRob Rice pr_err("%s() Error: unknown cipher alg\n", __func__);
18429d12ba86SRob Rice err = -EINVAL;
18439d12ba86SRob Rice }
18449d12ba86SRob Rice if (err)
18459d12ba86SRob Rice return err;
18469d12ba86SRob Rice
18479d12ba86SRob Rice memcpy(ctx->enckey, key, keylen);
18489d12ba86SRob Rice ctx->enckeylen = keylen;
18491dbab6b1SArd Biesheuvel
18509d12ba86SRob Rice /* SPU needs XTS keys in the reverse order the crypto API presents */
18519d12ba86SRob Rice if ((ctx->cipher.alg == CIPHER_ALG_AES) &&
18529d12ba86SRob Rice (ctx->cipher.mode == CIPHER_MODE_XTS)) {
18539d12ba86SRob Rice unsigned int xts_keylen = keylen / 2;
18549d12ba86SRob Rice
18559d12ba86SRob Rice memcpy(ctx->enckey, key + xts_keylen, xts_keylen);
18569d12ba86SRob Rice memcpy(ctx->enckey + xts_keylen, key, xts_keylen);
18579d12ba86SRob Rice }
18589d12ba86SRob Rice
18599d12ba86SRob Rice if (spu->spu_type == SPU_TYPE_SPUM)
18609d12ba86SRob Rice alloc_len = BCM_HDR_LEN + SPU_HEADER_ALLOC_LEN;
18619d12ba86SRob Rice else if (spu->spu_type == SPU_TYPE_SPU2)
18629d12ba86SRob Rice alloc_len = BCM_HDR_LEN + SPU2_HEADER_ALLOC_LEN;
18639d12ba86SRob Rice memset(ctx->bcm_spu_req_hdr, 0, alloc_len);
18649d12ba86SRob Rice cipher_parms.iv_buf = NULL;
1865a9c01cd6SArd Biesheuvel cipher_parms.iv_len = crypto_skcipher_ivsize(cipher);
18669d12ba86SRob Rice flow_log("%s: iv_len %u\n", __func__, cipher_parms.iv_len);
18679d12ba86SRob Rice
18689d12ba86SRob Rice cipher_parms.alg = ctx->cipher.alg;
18699d12ba86SRob Rice cipher_parms.mode = ctx->cipher.mode;
18709d12ba86SRob Rice cipher_parms.type = ctx->cipher_type;
18719d12ba86SRob Rice cipher_parms.key_buf = ctx->enckey;
18729d12ba86SRob Rice cipher_parms.key_len = ctx->enckeylen;
18739d12ba86SRob Rice
18749d12ba86SRob Rice /* Prepend SPU request message with BCM header */
18759d12ba86SRob Rice memcpy(ctx->bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
18769d12ba86SRob Rice ctx->spu_req_hdr_len =
18779d12ba86SRob Rice spu->spu_cipher_req_init(ctx->bcm_spu_req_hdr + BCM_HDR_LEN,
18789d12ba86SRob Rice &cipher_parms);
18799d12ba86SRob Rice
18809d12ba86SRob Rice ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
18819d12ba86SRob Rice ctx->enckeylen,
18829d12ba86SRob Rice false);
18839d12ba86SRob Rice
18849d12ba86SRob Rice atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_CIPHER]);
18859d12ba86SRob Rice
18869d12ba86SRob Rice return 0;
18879d12ba86SRob Rice }
18889d12ba86SRob Rice
skcipher_encrypt(struct skcipher_request * req)1889a9c01cd6SArd Biesheuvel static int skcipher_encrypt(struct skcipher_request *req)
18909d12ba86SRob Rice {
1891a9c01cd6SArd Biesheuvel flow_log("skcipher_encrypt() nbytes:%u\n", req->cryptlen);
18929d12ba86SRob Rice
1893a9c01cd6SArd Biesheuvel return skcipher_enqueue(req, true);
18949d12ba86SRob Rice }
18959d12ba86SRob Rice
skcipher_decrypt(struct skcipher_request * req)1896a9c01cd6SArd Biesheuvel static int skcipher_decrypt(struct skcipher_request *req)
18979d12ba86SRob Rice {
1898a9c01cd6SArd Biesheuvel flow_log("skcipher_decrypt() nbytes:%u\n", req->cryptlen);
1899a9c01cd6SArd Biesheuvel return skcipher_enqueue(req, false);
19009d12ba86SRob Rice }
19019d12ba86SRob Rice
ahash_enqueue(struct ahash_request * req)19029d12ba86SRob Rice static int ahash_enqueue(struct ahash_request *req)
19039d12ba86SRob Rice {
19049d12ba86SRob Rice struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
19059d12ba86SRob Rice struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
19069d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
190712b3cf90STang Bin int err;
19089d12ba86SRob Rice const char *alg_name;
19099d12ba86SRob Rice
19109d12ba86SRob Rice flow_log("ahash_enqueue() nbytes:%u\n", req->nbytes);
19119d12ba86SRob Rice
19129d12ba86SRob Rice rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
19139d12ba86SRob Rice CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
19149d12ba86SRob Rice rctx->parent = &req->base;
19159d12ba86SRob Rice rctx->ctx = ctx;
19169d12ba86SRob Rice rctx->bd_suppress = true;
19179d12ba86SRob Rice memset(&rctx->mb_mssg, 0, sizeof(struct brcm_message));
19189d12ba86SRob Rice
19199d12ba86SRob Rice /* Initialize position in src scatterlist */
19209d12ba86SRob Rice rctx->src_sg = req->src;
19219d12ba86SRob Rice rctx->src_skip = 0;
19229d12ba86SRob Rice rctx->src_nents = 0;
19239d12ba86SRob Rice rctx->dst_sg = NULL;
19249d12ba86SRob Rice rctx->dst_skip = 0;
19259d12ba86SRob Rice rctx->dst_nents = 0;
19269d12ba86SRob Rice
19279d12ba86SRob Rice /* SPU2 hardware does not compute hash of zero length data */
19289d12ba86SRob Rice if ((rctx->is_final == 1) && (rctx->total_todo == 0) &&
19299d12ba86SRob Rice (iproc_priv.spu.spu_type == SPU_TYPE_SPU2)) {
19305e9578b2SGaosheng Cui alg_name = crypto_ahash_alg_name(tfm);
19319d12ba86SRob Rice flow_log("Doing %sfinal %s zero-len hash request in software\n",
19329d12ba86SRob Rice rctx->is_final ? "" : "non-", alg_name);
19339d12ba86SRob Rice err = do_shash((unsigned char *)alg_name, req->result,
19349d12ba86SRob Rice NULL, 0, NULL, 0, ctx->authkey,
19359d12ba86SRob Rice ctx->authkeylen);
19369d12ba86SRob Rice if (err < 0)
19379d12ba86SRob Rice flow_log("Hash request failed with error %d\n", err);
19389d12ba86SRob Rice return err;
19399d12ba86SRob Rice }
19409d12ba86SRob Rice /* Choose a SPU to process this request */
19419d12ba86SRob Rice rctx->chan_idx = select_channel();
19429d12ba86SRob Rice
19439d12ba86SRob Rice err = handle_ahash_req(rctx);
19449d12ba86SRob Rice if (err != -EINPROGRESS)
19459d12ba86SRob Rice /* synchronous result */
19469d12ba86SRob Rice spu_chunk_cleanup(rctx);
19479d12ba86SRob Rice
19489d12ba86SRob Rice if (err == -EAGAIN)
19499d12ba86SRob Rice /*
19509d12ba86SRob Rice * we saved data in hash carry, but tell crypto API
19519d12ba86SRob Rice * we successfully completed request.
19529d12ba86SRob Rice */
19539d12ba86SRob Rice err = 0;
19549d12ba86SRob Rice
19559d12ba86SRob Rice return err;
19569d12ba86SRob Rice }
19579d12ba86SRob Rice
__ahash_init(struct ahash_request * req)19589d12ba86SRob Rice static int __ahash_init(struct ahash_request *req)
19599d12ba86SRob Rice {
19609d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
19619d12ba86SRob Rice struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
19629d12ba86SRob Rice struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
19639d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
19649d12ba86SRob Rice
19659d12ba86SRob Rice flow_log("%s()\n", __func__);
19669d12ba86SRob Rice
19679d12ba86SRob Rice /* Initialize the context */
19689d12ba86SRob Rice rctx->hash_carry_len = 0;
19699d12ba86SRob Rice rctx->is_final = 0;
19709d12ba86SRob Rice
19719d12ba86SRob Rice rctx->total_todo = 0;
19729d12ba86SRob Rice rctx->src_sent = 0;
19739d12ba86SRob Rice rctx->total_sent = 0;
19749d12ba86SRob Rice rctx->total_received = 0;
19759d12ba86SRob Rice
19769d12ba86SRob Rice ctx->digestsize = crypto_ahash_digestsize(tfm);
19779d12ba86SRob Rice /* If we add a hash whose digest is larger, catch it here. */
19789d12ba86SRob Rice WARN_ON(ctx->digestsize > MAX_DIGEST_SIZE);
19799d12ba86SRob Rice
19809d12ba86SRob Rice rctx->is_sw_hmac = false;
19819d12ba86SRob Rice
19829d12ba86SRob Rice ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen, 0,
19839d12ba86SRob Rice true);
19849d12ba86SRob Rice
19859d12ba86SRob Rice return 0;
19869d12ba86SRob Rice }
19879d12ba86SRob Rice
19889d12ba86SRob Rice /**
19899d12ba86SRob Rice * spu_no_incr_hash() - Determine whether incremental hashing is supported.
19909d12ba86SRob Rice * @ctx: Crypto session context
19919d12ba86SRob Rice *
19929d12ba86SRob Rice * SPU-2 does not support incremental hashing (we'll have to revisit and
19939d12ba86SRob Rice * condition based on chip revision or device tree entry if future versions do
19949d12ba86SRob Rice * support incremental hash)
19959d12ba86SRob Rice *
19969d12ba86SRob Rice * SPU-M also doesn't support incremental hashing of AES-XCBC
19979d12ba86SRob Rice *
19989d12ba86SRob Rice * Return: true if incremental hashing is not supported
19999d12ba86SRob Rice * false otherwise
20009d12ba86SRob Rice */
spu_no_incr_hash(struct iproc_ctx_s * ctx)2001dd508618SYueHaibing static bool spu_no_incr_hash(struct iproc_ctx_s *ctx)
20029d12ba86SRob Rice {
20039d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
20049d12ba86SRob Rice
20059d12ba86SRob Rice if (spu->spu_type == SPU_TYPE_SPU2)
20069d12ba86SRob Rice return true;
20079d12ba86SRob Rice
20089d12ba86SRob Rice if ((ctx->auth.alg == HASH_ALG_AES) &&
20099d12ba86SRob Rice (ctx->auth.mode == HASH_MODE_XCBC))
20109d12ba86SRob Rice return true;
20119d12ba86SRob Rice
20129d12ba86SRob Rice /* Otherwise, incremental hashing is supported */
20139d12ba86SRob Rice return false;
20149d12ba86SRob Rice }
20159d12ba86SRob Rice
ahash_init(struct ahash_request * req)20169d12ba86SRob Rice static int ahash_init(struct ahash_request *req)
20179d12ba86SRob Rice {
20189d12ba86SRob Rice struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
20199d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
20209d12ba86SRob Rice const char *alg_name;
20219d12ba86SRob Rice struct crypto_shash *hash;
20229d12ba86SRob Rice int ret;
20239d12ba86SRob Rice gfp_t gfp;
20249d12ba86SRob Rice
20259d12ba86SRob Rice if (spu_no_incr_hash(ctx)) {
20269d12ba86SRob Rice /*
20279d12ba86SRob Rice * If we get an incremental hashing request and it's not
20289d12ba86SRob Rice * supported by the hardware, we need to handle it in software
20299d12ba86SRob Rice * by calling synchronous hash functions.
20309d12ba86SRob Rice */
20315e9578b2SGaosheng Cui alg_name = crypto_ahash_alg_name(tfm);
20329d12ba86SRob Rice hash = crypto_alloc_shash(alg_name, 0, 0);
20339d12ba86SRob Rice if (IS_ERR(hash)) {
20349d12ba86SRob Rice ret = PTR_ERR(hash);
20359d12ba86SRob Rice goto err;
20369d12ba86SRob Rice }
20379d12ba86SRob Rice
20389d12ba86SRob Rice gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
20399d12ba86SRob Rice CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
20409d12ba86SRob Rice ctx->shash = kmalloc(sizeof(*ctx->shash) +
20419d12ba86SRob Rice crypto_shash_descsize(hash), gfp);
20429d12ba86SRob Rice if (!ctx->shash) {
20439d12ba86SRob Rice ret = -ENOMEM;
20449d12ba86SRob Rice goto err_hash;
20459d12ba86SRob Rice }
20469d12ba86SRob Rice ctx->shash->tfm = hash;
20479d12ba86SRob Rice
20489d12ba86SRob Rice /* Set the key using data we already have from setkey */
20499d12ba86SRob Rice if (ctx->authkeylen > 0) {
20509d12ba86SRob Rice ret = crypto_shash_setkey(hash, ctx->authkey,
20519d12ba86SRob Rice ctx->authkeylen);
20529d12ba86SRob Rice if (ret)
20539d12ba86SRob Rice goto err_shash;
20549d12ba86SRob Rice }
20559d12ba86SRob Rice
20569d12ba86SRob Rice /* Initialize hash w/ this key and other params */
20579d12ba86SRob Rice ret = crypto_shash_init(ctx->shash);
20589d12ba86SRob Rice if (ret)
20599d12ba86SRob Rice goto err_shash;
20609d12ba86SRob Rice } else {
20619d12ba86SRob Rice /* Otherwise call the internal function which uses SPU hw */
20629d12ba86SRob Rice ret = __ahash_init(req);
20639d12ba86SRob Rice }
20649d12ba86SRob Rice
20659d12ba86SRob Rice return ret;
20669d12ba86SRob Rice
20679d12ba86SRob Rice err_shash:
20689d12ba86SRob Rice kfree(ctx->shash);
20699d12ba86SRob Rice err_hash:
20709d12ba86SRob Rice crypto_free_shash(hash);
20719d12ba86SRob Rice err:
20729d12ba86SRob Rice return ret;
20739d12ba86SRob Rice }
20749d12ba86SRob Rice
__ahash_update(struct ahash_request * req)20759d12ba86SRob Rice static int __ahash_update(struct ahash_request *req)
20769d12ba86SRob Rice {
20779d12ba86SRob Rice struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
20789d12ba86SRob Rice
20799d12ba86SRob Rice flow_log("ahash_update() nbytes:%u\n", req->nbytes);
20809d12ba86SRob Rice
20819d12ba86SRob Rice if (!req->nbytes)
20829d12ba86SRob Rice return 0;
20839d12ba86SRob Rice rctx->total_todo += req->nbytes;
20849d12ba86SRob Rice rctx->src_sent = 0;
20859d12ba86SRob Rice
20869d12ba86SRob Rice return ahash_enqueue(req);
20879d12ba86SRob Rice }
20889d12ba86SRob Rice
ahash_update(struct ahash_request * req)20899d12ba86SRob Rice static int ahash_update(struct ahash_request *req)
20909d12ba86SRob Rice {
20919d12ba86SRob Rice struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
20929d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
20939d12ba86SRob Rice u8 *tmpbuf;
20949d12ba86SRob Rice int ret;
20959d12ba86SRob Rice int nents;
20969d12ba86SRob Rice gfp_t gfp;
20979d12ba86SRob Rice
20989d12ba86SRob Rice if (spu_no_incr_hash(ctx)) {
20999d12ba86SRob Rice /*
21009d12ba86SRob Rice * If we get an incremental hashing request and it's not
21019d12ba86SRob Rice * supported by the hardware, we need to handle it in software
21029d12ba86SRob Rice * by calling synchronous hash functions.
21039d12ba86SRob Rice */
21049d12ba86SRob Rice if (req->src)
21059d12ba86SRob Rice nents = sg_nents(req->src);
21069d12ba86SRob Rice else
21079d12ba86SRob Rice return -EINVAL;
21089d12ba86SRob Rice
21099d12ba86SRob Rice /* Copy data from req scatterlist to tmp buffer */
21109d12ba86SRob Rice gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
21119d12ba86SRob Rice CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
21129d12ba86SRob Rice tmpbuf = kmalloc(req->nbytes, gfp);
21139d12ba86SRob Rice if (!tmpbuf)
21149d12ba86SRob Rice return -ENOMEM;
21159d12ba86SRob Rice
21169d12ba86SRob Rice if (sg_copy_to_buffer(req->src, nents, tmpbuf, req->nbytes) !=
21179d12ba86SRob Rice req->nbytes) {
21189d12ba86SRob Rice kfree(tmpbuf);
21199d12ba86SRob Rice return -EINVAL;
21209d12ba86SRob Rice }
21219d12ba86SRob Rice
21229d12ba86SRob Rice /* Call synchronous update */
21239d12ba86SRob Rice ret = crypto_shash_update(ctx->shash, tmpbuf, req->nbytes);
21249d12ba86SRob Rice kfree(tmpbuf);
21259d12ba86SRob Rice } else {
21269d12ba86SRob Rice /* Otherwise call the internal function which uses SPU hw */
21279d12ba86SRob Rice ret = __ahash_update(req);
21289d12ba86SRob Rice }
21299d12ba86SRob Rice
21309d12ba86SRob Rice return ret;
21319d12ba86SRob Rice }
21329d12ba86SRob Rice
__ahash_final(struct ahash_request * req)21339d12ba86SRob Rice static int __ahash_final(struct ahash_request *req)
21349d12ba86SRob Rice {
21359d12ba86SRob Rice struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
21369d12ba86SRob Rice
21379d12ba86SRob Rice flow_log("ahash_final() nbytes:%u\n", req->nbytes);
21389d12ba86SRob Rice
21399d12ba86SRob Rice rctx->is_final = 1;
21409d12ba86SRob Rice
21419d12ba86SRob Rice return ahash_enqueue(req);
21429d12ba86SRob Rice }
21439d12ba86SRob Rice
ahash_final(struct ahash_request * req)21449d12ba86SRob Rice static int ahash_final(struct ahash_request *req)
21459d12ba86SRob Rice {
21469d12ba86SRob Rice struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
21479d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
21489d12ba86SRob Rice int ret;
21499d12ba86SRob Rice
21509d12ba86SRob Rice if (spu_no_incr_hash(ctx)) {
21519d12ba86SRob Rice /*
21529d12ba86SRob Rice * If we get an incremental hashing request and it's not
21539d12ba86SRob Rice * supported by the hardware, we need to handle it in software
21549d12ba86SRob Rice * by calling synchronous hash functions.
21559d12ba86SRob Rice */
21569d12ba86SRob Rice ret = crypto_shash_final(ctx->shash, req->result);
21579d12ba86SRob Rice
21589d12ba86SRob Rice /* Done with hash, can deallocate it now */
21599d12ba86SRob Rice crypto_free_shash(ctx->shash->tfm);
21609d12ba86SRob Rice kfree(ctx->shash);
21619d12ba86SRob Rice
21629d12ba86SRob Rice } else {
21639d12ba86SRob Rice /* Otherwise call the internal function which uses SPU hw */
21649d12ba86SRob Rice ret = __ahash_final(req);
21659d12ba86SRob Rice }
21669d12ba86SRob Rice
21679d12ba86SRob Rice return ret;
21689d12ba86SRob Rice }
21699d12ba86SRob Rice
__ahash_finup(struct ahash_request * req)21709d12ba86SRob Rice static int __ahash_finup(struct ahash_request *req)
21719d12ba86SRob Rice {
21729d12ba86SRob Rice struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
21739d12ba86SRob Rice
21749d12ba86SRob Rice flow_log("ahash_finup() nbytes:%u\n", req->nbytes);
21759d12ba86SRob Rice
21769d12ba86SRob Rice rctx->total_todo += req->nbytes;
21779d12ba86SRob Rice rctx->src_sent = 0;
21789d12ba86SRob Rice rctx->is_final = 1;
21799d12ba86SRob Rice
21809d12ba86SRob Rice return ahash_enqueue(req);
21819d12ba86SRob Rice }
21829d12ba86SRob Rice
ahash_finup(struct ahash_request * req)21839d12ba86SRob Rice static int ahash_finup(struct ahash_request *req)
21849d12ba86SRob Rice {
21859d12ba86SRob Rice struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
21869d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
21879d12ba86SRob Rice u8 *tmpbuf;
21889d12ba86SRob Rice int ret;
21899d12ba86SRob Rice int nents;
21909d12ba86SRob Rice gfp_t gfp;
21919d12ba86SRob Rice
21929d12ba86SRob Rice if (spu_no_incr_hash(ctx)) {
21939d12ba86SRob Rice /*
21949d12ba86SRob Rice * If we get an incremental hashing request and it's not
21959d12ba86SRob Rice * supported by the hardware, we need to handle it in software
21969d12ba86SRob Rice * by calling synchronous hash functions.
21979d12ba86SRob Rice */
21989d12ba86SRob Rice if (req->src) {
21999d12ba86SRob Rice nents = sg_nents(req->src);
22009d12ba86SRob Rice } else {
22019d12ba86SRob Rice ret = -EINVAL;
22029d12ba86SRob Rice goto ahash_finup_exit;
22039d12ba86SRob Rice }
22049d12ba86SRob Rice
22059d12ba86SRob Rice /* Copy data from req scatterlist to tmp buffer */
22069d12ba86SRob Rice gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
22079d12ba86SRob Rice CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
22089d12ba86SRob Rice tmpbuf = kmalloc(req->nbytes, gfp);
22099d12ba86SRob Rice if (!tmpbuf) {
22109d12ba86SRob Rice ret = -ENOMEM;
22119d12ba86SRob Rice goto ahash_finup_exit;
22129d12ba86SRob Rice }
22139d12ba86SRob Rice
22149d12ba86SRob Rice if (sg_copy_to_buffer(req->src, nents, tmpbuf, req->nbytes) !=
22159d12ba86SRob Rice req->nbytes) {
22169d12ba86SRob Rice ret = -EINVAL;
22179d12ba86SRob Rice goto ahash_finup_free;
22189d12ba86SRob Rice }
22199d12ba86SRob Rice
22209d12ba86SRob Rice /* Call synchronous update */
22219d12ba86SRob Rice ret = crypto_shash_finup(ctx->shash, tmpbuf, req->nbytes,
22229d12ba86SRob Rice req->result);
22239d12ba86SRob Rice } else {
22249d12ba86SRob Rice /* Otherwise call the internal function which uses SPU hw */
22259d12ba86SRob Rice return __ahash_finup(req);
22269d12ba86SRob Rice }
22279d12ba86SRob Rice ahash_finup_free:
22289d12ba86SRob Rice kfree(tmpbuf);
22299d12ba86SRob Rice
22309d12ba86SRob Rice ahash_finup_exit:
22319d12ba86SRob Rice /* Done with hash, can deallocate it now */
22329d12ba86SRob Rice crypto_free_shash(ctx->shash->tfm);
22339d12ba86SRob Rice kfree(ctx->shash);
22349d12ba86SRob Rice return ret;
22359d12ba86SRob Rice }
22369d12ba86SRob Rice
ahash_digest(struct ahash_request * req)22379d12ba86SRob Rice static int ahash_digest(struct ahash_request *req)
22389d12ba86SRob Rice {
223912b3cf90STang Bin int err;
22409d12ba86SRob Rice
22419d12ba86SRob Rice flow_log("ahash_digest() nbytes:%u\n", req->nbytes);
22429d12ba86SRob Rice
22439d12ba86SRob Rice /* whole thing at once */
22449d12ba86SRob Rice err = __ahash_init(req);
22459d12ba86SRob Rice if (!err)
22469d12ba86SRob Rice err = __ahash_finup(req);
22479d12ba86SRob Rice
22489d12ba86SRob Rice return err;
22499d12ba86SRob Rice }
22509d12ba86SRob Rice
ahash_setkey(struct crypto_ahash * ahash,const u8 * key,unsigned int keylen)22519d12ba86SRob Rice static int ahash_setkey(struct crypto_ahash *ahash, const u8 *key,
22529d12ba86SRob Rice unsigned int keylen)
22539d12ba86SRob Rice {
22549d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(ahash);
22559d12ba86SRob Rice
22569d12ba86SRob Rice flow_log("%s() ahash:%p key:%p keylen:%u\n",
22579d12ba86SRob Rice __func__, ahash, key, keylen);
22589d12ba86SRob Rice flow_dump(" key: ", key, keylen);
22599d12ba86SRob Rice
22609d12ba86SRob Rice if (ctx->auth.alg == HASH_ALG_AES) {
22619d12ba86SRob Rice switch (keylen) {
22629d12ba86SRob Rice case AES_KEYSIZE_128:
22639d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES128;
22649d12ba86SRob Rice break;
22659d12ba86SRob Rice case AES_KEYSIZE_192:
22669d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES192;
22679d12ba86SRob Rice break;
22689d12ba86SRob Rice case AES_KEYSIZE_256:
22699d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES256;
22709d12ba86SRob Rice break;
22719d12ba86SRob Rice default:
22729d12ba86SRob Rice pr_err("%s() Error: Invalid key length\n", __func__);
22739d12ba86SRob Rice return -EINVAL;
22749d12ba86SRob Rice }
22759d12ba86SRob Rice } else {
22769d12ba86SRob Rice pr_err("%s() Error: unknown hash alg\n", __func__);
22779d12ba86SRob Rice return -EINVAL;
22789d12ba86SRob Rice }
22799d12ba86SRob Rice memcpy(ctx->authkey, key, keylen);
22809d12ba86SRob Rice ctx->authkeylen = keylen;
22819d12ba86SRob Rice
22829d12ba86SRob Rice return 0;
22839d12ba86SRob Rice }
22849d12ba86SRob Rice
ahash_export(struct ahash_request * req,void * out)22859d12ba86SRob Rice static int ahash_export(struct ahash_request *req, void *out)
22869d12ba86SRob Rice {
22879d12ba86SRob Rice const struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
22889d12ba86SRob Rice struct spu_hash_export_s *spu_exp = (struct spu_hash_export_s *)out;
22899d12ba86SRob Rice
22909d12ba86SRob Rice spu_exp->total_todo = rctx->total_todo;
22919d12ba86SRob Rice spu_exp->total_sent = rctx->total_sent;
22929d12ba86SRob Rice spu_exp->is_sw_hmac = rctx->is_sw_hmac;
22939d12ba86SRob Rice memcpy(spu_exp->hash_carry, rctx->hash_carry, sizeof(rctx->hash_carry));
22949d12ba86SRob Rice spu_exp->hash_carry_len = rctx->hash_carry_len;
22959d12ba86SRob Rice memcpy(spu_exp->incr_hash, rctx->incr_hash, sizeof(rctx->incr_hash));
22969d12ba86SRob Rice
22979d12ba86SRob Rice return 0;
22989d12ba86SRob Rice }
22999d12ba86SRob Rice
ahash_import(struct ahash_request * req,const void * in)23009d12ba86SRob Rice static int ahash_import(struct ahash_request *req, const void *in)
23019d12ba86SRob Rice {
23029d12ba86SRob Rice struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
23039d12ba86SRob Rice struct spu_hash_export_s *spu_exp = (struct spu_hash_export_s *)in;
23049d12ba86SRob Rice
23059d12ba86SRob Rice rctx->total_todo = spu_exp->total_todo;
23069d12ba86SRob Rice rctx->total_sent = spu_exp->total_sent;
23079d12ba86SRob Rice rctx->is_sw_hmac = spu_exp->is_sw_hmac;
23089d12ba86SRob Rice memcpy(rctx->hash_carry, spu_exp->hash_carry, sizeof(rctx->hash_carry));
23099d12ba86SRob Rice rctx->hash_carry_len = spu_exp->hash_carry_len;
23109d12ba86SRob Rice memcpy(rctx->incr_hash, spu_exp->incr_hash, sizeof(rctx->incr_hash));
23119d12ba86SRob Rice
23129d12ba86SRob Rice return 0;
23139d12ba86SRob Rice }
23149d12ba86SRob Rice
ahash_hmac_setkey(struct crypto_ahash * ahash,const u8 * key,unsigned int keylen)23159d12ba86SRob Rice static int ahash_hmac_setkey(struct crypto_ahash *ahash, const u8 *key,
23169d12ba86SRob Rice unsigned int keylen)
23179d12ba86SRob Rice {
23189d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(ahash);
23199d12ba86SRob Rice unsigned int blocksize =
23209d12ba86SRob Rice crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
23219d12ba86SRob Rice unsigned int digestsize = crypto_ahash_digestsize(ahash);
23229d12ba86SRob Rice unsigned int index;
23239d12ba86SRob Rice int rc;
23249d12ba86SRob Rice
23259d12ba86SRob Rice flow_log("%s() ahash:%p key:%p keylen:%u blksz:%u digestsz:%u\n",
23269d12ba86SRob Rice __func__, ahash, key, keylen, blocksize, digestsize);
23279d12ba86SRob Rice flow_dump(" key: ", key, keylen);
23289d12ba86SRob Rice
23299d12ba86SRob Rice if (keylen > blocksize) {
23309d12ba86SRob Rice switch (ctx->auth.alg) {
23319d12ba86SRob Rice case HASH_ALG_MD5:
23329d12ba86SRob Rice rc = do_shash("md5", ctx->authkey, key, keylen, NULL,
23339d12ba86SRob Rice 0, NULL, 0);
23349d12ba86SRob Rice break;
23359d12ba86SRob Rice case HASH_ALG_SHA1:
23369d12ba86SRob Rice rc = do_shash("sha1", ctx->authkey, key, keylen, NULL,
23379d12ba86SRob Rice 0, NULL, 0);
23389d12ba86SRob Rice break;
23399d12ba86SRob Rice case HASH_ALG_SHA224:
23409d12ba86SRob Rice rc = do_shash("sha224", ctx->authkey, key, keylen, NULL,
23419d12ba86SRob Rice 0, NULL, 0);
23429d12ba86SRob Rice break;
23439d12ba86SRob Rice case HASH_ALG_SHA256:
23449d12ba86SRob Rice rc = do_shash("sha256", ctx->authkey, key, keylen, NULL,
23459d12ba86SRob Rice 0, NULL, 0);
23469d12ba86SRob Rice break;
23479d12ba86SRob Rice case HASH_ALG_SHA384:
23489d12ba86SRob Rice rc = do_shash("sha384", ctx->authkey, key, keylen, NULL,
23499d12ba86SRob Rice 0, NULL, 0);
23509d12ba86SRob Rice break;
23519d12ba86SRob Rice case HASH_ALG_SHA512:
23529d12ba86SRob Rice rc = do_shash("sha512", ctx->authkey, key, keylen, NULL,
23539d12ba86SRob Rice 0, NULL, 0);
23549d12ba86SRob Rice break;
23559d12ba86SRob Rice case HASH_ALG_SHA3_224:
23569d12ba86SRob Rice rc = do_shash("sha3-224", ctx->authkey, key, keylen,
23579d12ba86SRob Rice NULL, 0, NULL, 0);
23589d12ba86SRob Rice break;
23599d12ba86SRob Rice case HASH_ALG_SHA3_256:
23609d12ba86SRob Rice rc = do_shash("sha3-256", ctx->authkey, key, keylen,
23619d12ba86SRob Rice NULL, 0, NULL, 0);
23629d12ba86SRob Rice break;
23639d12ba86SRob Rice case HASH_ALG_SHA3_384:
23649d12ba86SRob Rice rc = do_shash("sha3-384", ctx->authkey, key, keylen,
23659d12ba86SRob Rice NULL, 0, NULL, 0);
23669d12ba86SRob Rice break;
23679d12ba86SRob Rice case HASH_ALG_SHA3_512:
23689d12ba86SRob Rice rc = do_shash("sha3-512", ctx->authkey, key, keylen,
23699d12ba86SRob Rice NULL, 0, NULL, 0);
23709d12ba86SRob Rice break;
23719d12ba86SRob Rice default:
23729d12ba86SRob Rice pr_err("%s() Error: unknown hash alg\n", __func__);
23739d12ba86SRob Rice return -EINVAL;
23749d12ba86SRob Rice }
23759d12ba86SRob Rice if (rc < 0) {
23769d12ba86SRob Rice pr_err("%s() Error %d computing shash for %s\n",
23779d12ba86SRob Rice __func__, rc, hash_alg_name[ctx->auth.alg]);
23789d12ba86SRob Rice return rc;
23799d12ba86SRob Rice }
23809d12ba86SRob Rice ctx->authkeylen = digestsize;
23819d12ba86SRob Rice
23829d12ba86SRob Rice flow_log(" keylen > digestsize... hashed\n");
23839d12ba86SRob Rice flow_dump(" newkey: ", ctx->authkey, ctx->authkeylen);
23849d12ba86SRob Rice } else {
23859d12ba86SRob Rice memcpy(ctx->authkey, key, keylen);
23869d12ba86SRob Rice ctx->authkeylen = keylen;
23879d12ba86SRob Rice }
23889d12ba86SRob Rice
23899d12ba86SRob Rice /*
23909d12ba86SRob Rice * Full HMAC operation in SPUM is not verified,
23919d12ba86SRob Rice * So keeping the generation of IPAD, OPAD and
23929d12ba86SRob Rice * outer hashing in software.
23939d12ba86SRob Rice */
23949d12ba86SRob Rice if (iproc_priv.spu.spu_type == SPU_TYPE_SPUM) {
23959d12ba86SRob Rice memcpy(ctx->ipad, ctx->authkey, ctx->authkeylen);
23969d12ba86SRob Rice memset(ctx->ipad + ctx->authkeylen, 0,
23979d12ba86SRob Rice blocksize - ctx->authkeylen);
23989d12ba86SRob Rice ctx->authkeylen = 0;
2399f9fc1ec2SArnd Bergmann unsafe_memcpy(ctx->opad, ctx->ipad, blocksize,
2400f9fc1ec2SArnd Bergmann "fortified memcpy causes -Wrestrict warning");
24019d12ba86SRob Rice
24029d12ba86SRob Rice for (index = 0; index < blocksize; index++) {
24031126d47dSCorentin LABBE ctx->ipad[index] ^= HMAC_IPAD_VALUE;
24041126d47dSCorentin LABBE ctx->opad[index] ^= HMAC_OPAD_VALUE;
24059d12ba86SRob Rice }
24069d12ba86SRob Rice
24079d12ba86SRob Rice flow_dump(" ipad: ", ctx->ipad, blocksize);
24089d12ba86SRob Rice flow_dump(" opad: ", ctx->opad, blocksize);
24099d12ba86SRob Rice }
24109d12ba86SRob Rice ctx->digestsize = digestsize;
24119d12ba86SRob Rice atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_HMAC]);
24129d12ba86SRob Rice
24139d12ba86SRob Rice return 0;
24149d12ba86SRob Rice }
24159d12ba86SRob Rice
ahash_hmac_init(struct ahash_request * req)24169d12ba86SRob Rice static int ahash_hmac_init(struct ahash_request *req)
24179d12ba86SRob Rice {
24189d12ba86SRob Rice struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
24199d12ba86SRob Rice struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
24209d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
24219d12ba86SRob Rice unsigned int blocksize =
24229d12ba86SRob Rice crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
24239d12ba86SRob Rice
24249d12ba86SRob Rice flow_log("ahash_hmac_init()\n");
24259d12ba86SRob Rice
24269d12ba86SRob Rice /* init the context as a hash */
24279d12ba86SRob Rice ahash_init(req);
24289d12ba86SRob Rice
24299d12ba86SRob Rice if (!spu_no_incr_hash(ctx)) {
24309d12ba86SRob Rice /* SPU-M can do incr hashing but needs sw for outer HMAC */
24319d12ba86SRob Rice rctx->is_sw_hmac = true;
24329d12ba86SRob Rice ctx->auth.mode = HASH_MODE_HASH;
24339d12ba86SRob Rice /* start with a prepended ipad */
24349d12ba86SRob Rice memcpy(rctx->hash_carry, ctx->ipad, blocksize);
24359d12ba86SRob Rice rctx->hash_carry_len = blocksize;
24369d12ba86SRob Rice rctx->total_todo += blocksize;
24379d12ba86SRob Rice }
24389d12ba86SRob Rice
24399d12ba86SRob Rice return 0;
24409d12ba86SRob Rice }
24419d12ba86SRob Rice
ahash_hmac_update(struct ahash_request * req)24429d12ba86SRob Rice static int ahash_hmac_update(struct ahash_request *req)
24439d12ba86SRob Rice {
24449d12ba86SRob Rice flow_log("ahash_hmac_update() nbytes:%u\n", req->nbytes);
24459d12ba86SRob Rice
24469d12ba86SRob Rice if (!req->nbytes)
24479d12ba86SRob Rice return 0;
24489d12ba86SRob Rice
24499d12ba86SRob Rice return ahash_update(req);
24509d12ba86SRob Rice }
24519d12ba86SRob Rice
ahash_hmac_final(struct ahash_request * req)24529d12ba86SRob Rice static int ahash_hmac_final(struct ahash_request *req)
24539d12ba86SRob Rice {
24549d12ba86SRob Rice flow_log("ahash_hmac_final() nbytes:%u\n", req->nbytes);
24559d12ba86SRob Rice
24569d12ba86SRob Rice return ahash_final(req);
24579d12ba86SRob Rice }
24589d12ba86SRob Rice
ahash_hmac_finup(struct ahash_request * req)24599d12ba86SRob Rice static int ahash_hmac_finup(struct ahash_request *req)
24609d12ba86SRob Rice {
24619d12ba86SRob Rice flow_log("ahash_hmac_finupl() nbytes:%u\n", req->nbytes);
24629d12ba86SRob Rice
24639d12ba86SRob Rice return ahash_finup(req);
24649d12ba86SRob Rice }
24659d12ba86SRob Rice
ahash_hmac_digest(struct ahash_request * req)24669d12ba86SRob Rice static int ahash_hmac_digest(struct ahash_request *req)
24679d12ba86SRob Rice {
24689d12ba86SRob Rice struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
24699d12ba86SRob Rice struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
24709d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
24719d12ba86SRob Rice unsigned int blocksize =
24729d12ba86SRob Rice crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
24739d12ba86SRob Rice
24749d12ba86SRob Rice flow_log("ahash_hmac_digest() nbytes:%u\n", req->nbytes);
24759d12ba86SRob Rice
24769d12ba86SRob Rice /* Perform initialization and then call finup */
24779d12ba86SRob Rice __ahash_init(req);
24789d12ba86SRob Rice
24799d12ba86SRob Rice if (iproc_priv.spu.spu_type == SPU_TYPE_SPU2) {
24809d12ba86SRob Rice /*
24819d12ba86SRob Rice * SPU2 supports full HMAC implementation in the
24829d12ba86SRob Rice * hardware, need not to generate IPAD, OPAD and
24839d12ba86SRob Rice * outer hash in software.
24849d12ba86SRob Rice * Only for hash key len > hash block size, SPU2
24859d12ba86SRob Rice * expects to perform hashing on the key, shorten
24869d12ba86SRob Rice * it to digest size and feed it as hash key.
24879d12ba86SRob Rice */
24889d12ba86SRob Rice rctx->is_sw_hmac = false;
24899d12ba86SRob Rice ctx->auth.mode = HASH_MODE_HMAC;
24909d12ba86SRob Rice } else {
24919d12ba86SRob Rice rctx->is_sw_hmac = true;
24929d12ba86SRob Rice ctx->auth.mode = HASH_MODE_HASH;
24939d12ba86SRob Rice /* start with a prepended ipad */
24949d12ba86SRob Rice memcpy(rctx->hash_carry, ctx->ipad, blocksize);
24959d12ba86SRob Rice rctx->hash_carry_len = blocksize;
24969d12ba86SRob Rice rctx->total_todo += blocksize;
24979d12ba86SRob Rice }
24989d12ba86SRob Rice
24999d12ba86SRob Rice return __ahash_finup(req);
25009d12ba86SRob Rice }
25019d12ba86SRob Rice
25029d12ba86SRob Rice /* aead helpers */
25039d12ba86SRob Rice
aead_need_fallback(struct aead_request * req)25049d12ba86SRob Rice static int aead_need_fallback(struct aead_request *req)
25059d12ba86SRob Rice {
25069d12ba86SRob Rice struct iproc_reqctx_s *rctx = aead_request_ctx(req);
25079d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
25089d12ba86SRob Rice struct crypto_aead *aead = crypto_aead_reqtfm(req);
25099d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_aead_ctx(aead);
25109d12ba86SRob Rice u32 payload_len;
25119d12ba86SRob Rice
25129d12ba86SRob Rice /*
25139d12ba86SRob Rice * SPU hardware cannot handle the AES-GCM/CCM case where plaintext
25149d12ba86SRob Rice * and AAD are both 0 bytes long. So use fallback in this case.
25159d12ba86SRob Rice */
25169d12ba86SRob Rice if (((ctx->cipher.mode == CIPHER_MODE_GCM) ||
25179d12ba86SRob Rice (ctx->cipher.mode == CIPHER_MODE_CCM)) &&
25189d12ba86SRob Rice (req->assoclen == 0)) {
25199d12ba86SRob Rice if ((rctx->is_encrypt && (req->cryptlen == 0)) ||
25209d12ba86SRob Rice (!rctx->is_encrypt && (req->cryptlen == ctx->digestsize))) {
25219d12ba86SRob Rice flow_log("AES GCM/CCM needs fallback for 0 len req\n");
25229d12ba86SRob Rice return 1;
25239d12ba86SRob Rice }
25249d12ba86SRob Rice }
25259d12ba86SRob Rice
25269d12ba86SRob Rice /* SPU-M hardware only supports CCM digest size of 8, 12, or 16 bytes */
25279d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_CCM) &&
25289d12ba86SRob Rice (spu->spu_type == SPU_TYPE_SPUM) &&
25299d12ba86SRob Rice (ctx->digestsize != 8) && (ctx->digestsize != 12) &&
25309d12ba86SRob Rice (ctx->digestsize != 16)) {
2531b1a4b182SColin Ian King flow_log("%s() AES CCM needs fallback for digest size %d\n",
25329d12ba86SRob Rice __func__, ctx->digestsize);
25339d12ba86SRob Rice return 1;
25349d12ba86SRob Rice }
25359d12ba86SRob Rice
25369d12ba86SRob Rice /*
25379d12ba86SRob Rice * SPU-M on NSP has an issue where AES-CCM hash is not correct
25389d12ba86SRob Rice * when AAD size is 0
25399d12ba86SRob Rice */
25409d12ba86SRob Rice if ((ctx->cipher.mode == CIPHER_MODE_CCM) &&
25419d12ba86SRob Rice (spu->spu_subtype == SPU_SUBTYPE_SPUM_NSP) &&
25429d12ba86SRob Rice (req->assoclen == 0)) {
25439d12ba86SRob Rice flow_log("%s() AES_CCM needs fallback for 0 len AAD on NSP\n",
25449d12ba86SRob Rice __func__);
25459d12ba86SRob Rice return 1;
25469d12ba86SRob Rice }
25479d12ba86SRob Rice
2548b3553effSIuliana Prodan /*
2549b3553effSIuliana Prodan * RFC4106 and RFC4543 cannot handle the case where AAD is other than
2550b3553effSIuliana Prodan * 16 or 20 bytes long. So use fallback in this case.
2551b3553effSIuliana Prodan */
2552b3553effSIuliana Prodan if (ctx->cipher.mode == CIPHER_MODE_GCM &&
2553b3553effSIuliana Prodan ctx->cipher.alg == CIPHER_ALG_AES &&
2554b3553effSIuliana Prodan rctx->iv_ctr_len == GCM_RFC4106_IV_SIZE &&
2555b3553effSIuliana Prodan req->assoclen != 16 && req->assoclen != 20) {
2556b3553effSIuliana Prodan flow_log("RFC4106/RFC4543 needs fallback for assoclen"
2557b3553effSIuliana Prodan " other than 16 or 20 bytes\n");
2558b3553effSIuliana Prodan return 1;
2559b3553effSIuliana Prodan }
2560b3553effSIuliana Prodan
25619d12ba86SRob Rice payload_len = req->cryptlen;
25629d12ba86SRob Rice if (spu->spu_type == SPU_TYPE_SPUM)
25639d12ba86SRob Rice payload_len += req->assoclen;
25649d12ba86SRob Rice
25659d12ba86SRob Rice flow_log("%s() payload len: %u\n", __func__, payload_len);
25669d12ba86SRob Rice
25679d12ba86SRob Rice if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
25689d12ba86SRob Rice return 0;
25699d12ba86SRob Rice else
25709d12ba86SRob Rice return payload_len > ctx->max_payload;
25719d12ba86SRob Rice }
25729d12ba86SRob Rice
aead_do_fallback(struct aead_request * req,bool is_encrypt)25739d12ba86SRob Rice static int aead_do_fallback(struct aead_request *req, bool is_encrypt)
25749d12ba86SRob Rice {
25759d12ba86SRob Rice struct crypto_aead *aead = crypto_aead_reqtfm(req);
25769d12ba86SRob Rice struct crypto_tfm *tfm = crypto_aead_tfm(aead);
25779d12ba86SRob Rice struct iproc_reqctx_s *rctx = aead_request_ctx(req);
25789d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
2579654627adSHerbert Xu struct aead_request *subreq;
25809d12ba86SRob Rice
25819d12ba86SRob Rice flow_log("%s() enc:%u\n", __func__, is_encrypt);
25829d12ba86SRob Rice
2583654627adSHerbert Xu if (!ctx->fallback_cipher)
2584654627adSHerbert Xu return -EINVAL;
2585654627adSHerbert Xu
2586654627adSHerbert Xu subreq = &rctx->req;
2587654627adSHerbert Xu aead_request_set_tfm(subreq, ctx->fallback_cipher);
2588654627adSHerbert Xu aead_request_set_callback(subreq, aead_request_flags(req),
2589654627adSHerbert Xu req->base.complete, req->base.data);
2590654627adSHerbert Xu aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
2591654627adSHerbert Xu req->iv);
2592654627adSHerbert Xu aead_request_set_ad(subreq, req->assoclen);
2593654627adSHerbert Xu
2594654627adSHerbert Xu return is_encrypt ? crypto_aead_encrypt(req) :
25959d12ba86SRob Rice crypto_aead_decrypt(req);
25969d12ba86SRob Rice }
25979d12ba86SRob Rice
aead_enqueue(struct aead_request * req,bool is_encrypt)25989d12ba86SRob Rice static int aead_enqueue(struct aead_request *req, bool is_encrypt)
25999d12ba86SRob Rice {
26009d12ba86SRob Rice struct iproc_reqctx_s *rctx = aead_request_ctx(req);
26019d12ba86SRob Rice struct crypto_aead *aead = crypto_aead_reqtfm(req);
26029d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_aead_ctx(aead);
26039d12ba86SRob Rice int err;
26049d12ba86SRob Rice
26059d12ba86SRob Rice flow_log("%s() enc:%u\n", __func__, is_encrypt);
26069d12ba86SRob Rice
26079d12ba86SRob Rice if (req->assoclen > MAX_ASSOC_SIZE) {
26089d12ba86SRob Rice pr_err
26099d12ba86SRob Rice ("%s() Error: associated data too long. (%u > %u bytes)\n",
26109d12ba86SRob Rice __func__, req->assoclen, MAX_ASSOC_SIZE);
26119d12ba86SRob Rice return -EINVAL;
26129d12ba86SRob Rice }
26139d12ba86SRob Rice
26149d12ba86SRob Rice rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
26159d12ba86SRob Rice CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
26169d12ba86SRob Rice rctx->parent = &req->base;
26179d12ba86SRob Rice rctx->is_encrypt = is_encrypt;
26189d12ba86SRob Rice rctx->bd_suppress = false;
26199d12ba86SRob Rice rctx->total_todo = req->cryptlen;
26209d12ba86SRob Rice rctx->src_sent = 0;
26219d12ba86SRob Rice rctx->total_sent = 0;
26229d12ba86SRob Rice rctx->total_received = 0;
26239d12ba86SRob Rice rctx->is_sw_hmac = false;
26249d12ba86SRob Rice rctx->ctx = ctx;
26259d12ba86SRob Rice memset(&rctx->mb_mssg, 0, sizeof(struct brcm_message));
26269d12ba86SRob Rice
26279d12ba86SRob Rice /* assoc data is at start of src sg */
26289d12ba86SRob Rice rctx->assoc = req->src;
26299d12ba86SRob Rice
26309d12ba86SRob Rice /*
26319d12ba86SRob Rice * Init current position in src scatterlist to be after assoc data.
26329d12ba86SRob Rice * src_skip set to buffer offset where data begins. (Assoc data could
26339d12ba86SRob Rice * end in the middle of a buffer.)
26349d12ba86SRob Rice */
26359d12ba86SRob Rice if (spu_sg_at_offset(req->src, req->assoclen, &rctx->src_sg,
26369d12ba86SRob Rice &rctx->src_skip) < 0) {
26379d12ba86SRob Rice pr_err("%s() Error: Unable to find start of src data\n",
26389d12ba86SRob Rice __func__);
26399d12ba86SRob Rice return -EINVAL;
26409d12ba86SRob Rice }
26419d12ba86SRob Rice
26429d12ba86SRob Rice rctx->src_nents = 0;
26439d12ba86SRob Rice rctx->dst_nents = 0;
26449d12ba86SRob Rice if (req->dst == req->src) {
26459d12ba86SRob Rice rctx->dst_sg = rctx->src_sg;
26469d12ba86SRob Rice rctx->dst_skip = rctx->src_skip;
26479d12ba86SRob Rice } else {
26489d12ba86SRob Rice /*
26499d12ba86SRob Rice * Expect req->dst to have room for assoc data followed by
26509d12ba86SRob Rice * output data and ICV, if encrypt. So initialize dst_sg
26519d12ba86SRob Rice * to point beyond assoc len offset.
26529d12ba86SRob Rice */
26539d12ba86SRob Rice if (spu_sg_at_offset(req->dst, req->assoclen, &rctx->dst_sg,
26549d12ba86SRob Rice &rctx->dst_skip) < 0) {
26559d12ba86SRob Rice pr_err("%s() Error: Unable to find start of dst data\n",
26569d12ba86SRob Rice __func__);
26579d12ba86SRob Rice return -EINVAL;
26589d12ba86SRob Rice }
26599d12ba86SRob Rice }
26609d12ba86SRob Rice
26619d12ba86SRob Rice if (ctx->cipher.mode == CIPHER_MODE_CBC ||
26629d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_CTR ||
26639d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_OFB ||
26649d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_XTS ||
26659d12ba86SRob Rice ctx->cipher.mode == CIPHER_MODE_GCM) {
26669d12ba86SRob Rice rctx->iv_ctr_len =
26679d12ba86SRob Rice ctx->salt_len +
26689d12ba86SRob Rice crypto_aead_ivsize(crypto_aead_reqtfm(req));
26699d12ba86SRob Rice } else if (ctx->cipher.mode == CIPHER_MODE_CCM) {
26709d12ba86SRob Rice rctx->iv_ctr_len = CCM_AES_IV_SIZE;
26719d12ba86SRob Rice } else {
26729d12ba86SRob Rice rctx->iv_ctr_len = 0;
26739d12ba86SRob Rice }
26749d12ba86SRob Rice
26759d12ba86SRob Rice rctx->hash_carry_len = 0;
26769d12ba86SRob Rice
26779d12ba86SRob Rice flow_log(" src sg: %p\n", req->src);
26789d12ba86SRob Rice flow_log(" rctx->src_sg: %p, src_skip %u\n",
26799d12ba86SRob Rice rctx->src_sg, rctx->src_skip);
26809d12ba86SRob Rice flow_log(" assoc: %p, assoclen %u\n", rctx->assoc, req->assoclen);
26819d12ba86SRob Rice flow_log(" dst sg: %p\n", req->dst);
26829d12ba86SRob Rice flow_log(" rctx->dst_sg: %p, dst_skip %u\n",
26839d12ba86SRob Rice rctx->dst_sg, rctx->dst_skip);
26849d12ba86SRob Rice flow_log(" iv_ctr_len:%u\n", rctx->iv_ctr_len);
26859d12ba86SRob Rice flow_dump(" iv: ", req->iv, rctx->iv_ctr_len);
26869d12ba86SRob Rice flow_log(" authkeylen:%u\n", ctx->authkeylen);
26879d12ba86SRob Rice flow_log(" is_esp: %s\n", ctx->is_esp ? "yes" : "no");
26889d12ba86SRob Rice
26899d12ba86SRob Rice if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
26909d12ba86SRob Rice flow_log(" max_payload infinite");
26919d12ba86SRob Rice else
26929d12ba86SRob Rice flow_log(" max_payload: %u\n", ctx->max_payload);
26939d12ba86SRob Rice
26949d12ba86SRob Rice if (unlikely(aead_need_fallback(req)))
26959d12ba86SRob Rice return aead_do_fallback(req, is_encrypt);
26969d12ba86SRob Rice
26979d12ba86SRob Rice /*
26989d12ba86SRob Rice * Do memory allocations for request after fallback check, because if we
26999d12ba86SRob Rice * do fallback, we won't call finish_req() to dealloc.
27009d12ba86SRob Rice */
27019d12ba86SRob Rice if (rctx->iv_ctr_len) {
27029d12ba86SRob Rice if (ctx->salt_len)
27039d12ba86SRob Rice memcpy(rctx->msg_buf.iv_ctr + ctx->salt_offset,
27049d12ba86SRob Rice ctx->salt, ctx->salt_len);
27059d12ba86SRob Rice memcpy(rctx->msg_buf.iv_ctr + ctx->salt_offset + ctx->salt_len,
27069d12ba86SRob Rice req->iv,
27079d12ba86SRob Rice rctx->iv_ctr_len - ctx->salt_len - ctx->salt_offset);
27089d12ba86SRob Rice }
27099d12ba86SRob Rice
27109d12ba86SRob Rice rctx->chan_idx = select_channel();
27119d12ba86SRob Rice err = handle_aead_req(rctx);
27129d12ba86SRob Rice if (err != -EINPROGRESS)
27139d12ba86SRob Rice /* synchronous result */
27149d12ba86SRob Rice spu_chunk_cleanup(rctx);
27159d12ba86SRob Rice
27169d12ba86SRob Rice return err;
27179d12ba86SRob Rice }
27189d12ba86SRob Rice
aead_authenc_setkey(struct crypto_aead * cipher,const u8 * key,unsigned int keylen)27199d12ba86SRob Rice static int aead_authenc_setkey(struct crypto_aead *cipher,
27209d12ba86SRob Rice const u8 *key, unsigned int keylen)
27219d12ba86SRob Rice {
27229d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
27239d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
27249d12ba86SRob Rice struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
2725ab57b335SEric Biggers struct crypto_authenc_keys keys;
2726ab57b335SEric Biggers int ret;
27279d12ba86SRob Rice
27289d12ba86SRob Rice flow_log("%s() aead:%p key:%p keylen:%u\n", __func__, cipher, key,
27299d12ba86SRob Rice keylen);
27309d12ba86SRob Rice flow_dump(" key: ", key, keylen);
27319d12ba86SRob Rice
2732ab57b335SEric Biggers ret = crypto_authenc_extractkeys(&keys, key, keylen);
2733ab57b335SEric Biggers if (ret)
27349d12ba86SRob Rice goto badkey;
27359d12ba86SRob Rice
2736ab57b335SEric Biggers if (keys.enckeylen > MAX_KEY_SIZE ||
2737ab57b335SEric Biggers keys.authkeylen > MAX_KEY_SIZE)
27389d12ba86SRob Rice goto badkey;
27399d12ba86SRob Rice
2740ab57b335SEric Biggers ctx->enckeylen = keys.enckeylen;
2741ab57b335SEric Biggers ctx->authkeylen = keys.authkeylen;
27429d12ba86SRob Rice
2743ab57b335SEric Biggers memcpy(ctx->enckey, keys.enckey, keys.enckeylen);
27449d12ba86SRob Rice /* May end up padding auth key. So make sure it's zeroed. */
27459d12ba86SRob Rice memset(ctx->authkey, 0, sizeof(ctx->authkey));
2746ab57b335SEric Biggers memcpy(ctx->authkey, keys.authkey, keys.authkeylen);
27479d12ba86SRob Rice
27489d12ba86SRob Rice switch (ctx->alg->cipher_info.alg) {
27499d12ba86SRob Rice case CIPHER_ALG_DES:
275005a7238dSArd Biesheuvel if (verify_aead_des_key(cipher, keys.enckey, keys.enckeylen))
27519d12ba86SRob Rice return -EINVAL;
27529d12ba86SRob Rice
27539d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_DES;
27549d12ba86SRob Rice break;
27559d12ba86SRob Rice case CIPHER_ALG_3DES:
275605a7238dSArd Biesheuvel if (verify_aead_des3_key(cipher, keys.enckey, keys.enckeylen))
275705a7238dSArd Biesheuvel return -EINVAL;
27589d12ba86SRob Rice
27599d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_3DES;
27609d12ba86SRob Rice break;
27619d12ba86SRob Rice case CIPHER_ALG_AES:
27629d12ba86SRob Rice switch (ctx->enckeylen) {
27639d12ba86SRob Rice case AES_KEYSIZE_128:
27649d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES128;
27659d12ba86SRob Rice break;
27669d12ba86SRob Rice case AES_KEYSIZE_192:
27679d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES192;
27689d12ba86SRob Rice break;
27699d12ba86SRob Rice case AES_KEYSIZE_256:
27709d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES256;
27719d12ba86SRob Rice break;
27729d12ba86SRob Rice default:
27739d12ba86SRob Rice goto badkey;
27749d12ba86SRob Rice }
27759d12ba86SRob Rice break;
27769d12ba86SRob Rice default:
27779d12ba86SRob Rice pr_err("%s() Error: Unknown cipher alg\n", __func__);
27789d12ba86SRob Rice return -EINVAL;
27799d12ba86SRob Rice }
27809d12ba86SRob Rice
27819d12ba86SRob Rice flow_log(" enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
27829d12ba86SRob Rice ctx->authkeylen);
27839d12ba86SRob Rice flow_dump(" enc: ", ctx->enckey, ctx->enckeylen);
27849d12ba86SRob Rice flow_dump(" auth: ", ctx->authkey, ctx->authkeylen);
27859d12ba86SRob Rice
27869d12ba86SRob Rice /* setkey the fallback just in case we needto use it */
27879d12ba86SRob Rice if (ctx->fallback_cipher) {
27889d12ba86SRob Rice flow_log(" running fallback setkey()\n");
27899d12ba86SRob Rice
27909d12ba86SRob Rice ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
27919d12ba86SRob Rice ctx->fallback_cipher->base.crt_flags |=
27929d12ba86SRob Rice tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
2793ab57b335SEric Biggers ret = crypto_aead_setkey(ctx->fallback_cipher, key, keylen);
2794af5034e8SEric Biggers if (ret)
27959d12ba86SRob Rice flow_log(" fallback setkey() returned:%d\n", ret);
27969d12ba86SRob Rice }
27979d12ba86SRob Rice
27989d12ba86SRob Rice ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
27999d12ba86SRob Rice ctx->enckeylen,
28009d12ba86SRob Rice false);
28019d12ba86SRob Rice
28029d12ba86SRob Rice atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_AEAD]);
28039d12ba86SRob Rice
28049d12ba86SRob Rice return ret;
28059d12ba86SRob Rice
28069d12ba86SRob Rice badkey:
28079d12ba86SRob Rice ctx->enckeylen = 0;
28089d12ba86SRob Rice ctx->authkeylen = 0;
28099d12ba86SRob Rice ctx->digestsize = 0;
28109d12ba86SRob Rice
28119d12ba86SRob Rice return -EINVAL;
28129d12ba86SRob Rice }
28139d12ba86SRob Rice
aead_gcm_ccm_setkey(struct crypto_aead * cipher,const u8 * key,unsigned int keylen)28149d12ba86SRob Rice static int aead_gcm_ccm_setkey(struct crypto_aead *cipher,
28159d12ba86SRob Rice const u8 *key, unsigned int keylen)
28169d12ba86SRob Rice {
28179d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
28189d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
28199d12ba86SRob Rice struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
28209d12ba86SRob Rice
28219d12ba86SRob Rice int ret = 0;
28229d12ba86SRob Rice
28239d12ba86SRob Rice flow_log("%s() keylen:%u\n", __func__, keylen);
28249d12ba86SRob Rice flow_dump(" key: ", key, keylen);
28259d12ba86SRob Rice
28269d12ba86SRob Rice if (!ctx->is_esp)
28279d12ba86SRob Rice ctx->digestsize = keylen;
28289d12ba86SRob Rice
28299d12ba86SRob Rice ctx->enckeylen = keylen;
28309d12ba86SRob Rice ctx->authkeylen = 0;
28319d12ba86SRob Rice
28329d12ba86SRob Rice switch (ctx->enckeylen) {
28339d12ba86SRob Rice case AES_KEYSIZE_128:
28349d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES128;
28359d12ba86SRob Rice break;
28369d12ba86SRob Rice case AES_KEYSIZE_192:
28379d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES192;
28389d12ba86SRob Rice break;
28399d12ba86SRob Rice case AES_KEYSIZE_256:
28409d12ba86SRob Rice ctx->cipher_type = CIPHER_TYPE_AES256;
28419d12ba86SRob Rice break;
28429d12ba86SRob Rice default:
28439d12ba86SRob Rice goto badkey;
28449d12ba86SRob Rice }
28459d12ba86SRob Rice
284610a2f0b3SHerbert Xu memcpy(ctx->enckey, key, ctx->enckeylen);
284710a2f0b3SHerbert Xu
28489d12ba86SRob Rice flow_log(" enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
28499d12ba86SRob Rice ctx->authkeylen);
28509d12ba86SRob Rice flow_dump(" enc: ", ctx->enckey, ctx->enckeylen);
28519d12ba86SRob Rice flow_dump(" auth: ", ctx->authkey, ctx->authkeylen);
28529d12ba86SRob Rice
28539d12ba86SRob Rice /* setkey the fallback just in case we need to use it */
28549d12ba86SRob Rice if (ctx->fallback_cipher) {
28559d12ba86SRob Rice flow_log(" running fallback setkey()\n");
28569d12ba86SRob Rice
28579d12ba86SRob Rice ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
28589d12ba86SRob Rice ctx->fallback_cipher->base.crt_flags |=
28599d12ba86SRob Rice tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
28609d12ba86SRob Rice ret = crypto_aead_setkey(ctx->fallback_cipher, key,
28619d12ba86SRob Rice keylen + ctx->salt_len);
2862af5034e8SEric Biggers if (ret)
28639d12ba86SRob Rice flow_log(" fallback setkey() returned:%d\n", ret);
28649d12ba86SRob Rice }
28659d12ba86SRob Rice
28669d12ba86SRob Rice ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
28679d12ba86SRob Rice ctx->enckeylen,
28689d12ba86SRob Rice false);
28699d12ba86SRob Rice
28709d12ba86SRob Rice atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_AEAD]);
28719d12ba86SRob Rice
28729d12ba86SRob Rice flow_log(" enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
28739d12ba86SRob Rice ctx->authkeylen);
28749d12ba86SRob Rice
28759d12ba86SRob Rice return ret;
28769d12ba86SRob Rice
28779d12ba86SRob Rice badkey:
28789d12ba86SRob Rice ctx->enckeylen = 0;
28799d12ba86SRob Rice ctx->authkeylen = 0;
28809d12ba86SRob Rice ctx->digestsize = 0;
28819d12ba86SRob Rice
28829d12ba86SRob Rice return -EINVAL;
28839d12ba86SRob Rice }
28849d12ba86SRob Rice
28859d12ba86SRob Rice /**
28869d12ba86SRob Rice * aead_gcm_esp_setkey() - setkey() operation for ESP variant of GCM AES.
28879d12ba86SRob Rice * @cipher: AEAD structure
28889d12ba86SRob Rice * @key: Key followed by 4 bytes of salt
28899d12ba86SRob Rice * @keylen: Length of key plus salt, in bytes
28909d12ba86SRob Rice *
28919d12ba86SRob Rice * Extracts salt from key and stores it to be prepended to IV on each request.
28929d12ba86SRob Rice * Digest is always 16 bytes
28939d12ba86SRob Rice *
28949d12ba86SRob Rice * Return: Value from generic gcm setkey.
28959d12ba86SRob Rice */
aead_gcm_esp_setkey(struct crypto_aead * cipher,const u8 * key,unsigned int keylen)28969d12ba86SRob Rice static int aead_gcm_esp_setkey(struct crypto_aead *cipher,
28979d12ba86SRob Rice const u8 *key, unsigned int keylen)
28989d12ba86SRob Rice {
28999d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
29009d12ba86SRob Rice
29019d12ba86SRob Rice flow_log("%s\n", __func__);
290210a2f0b3SHerbert Xu
290310a2f0b3SHerbert Xu if (keylen < GCM_ESP_SALT_SIZE)
290410a2f0b3SHerbert Xu return -EINVAL;
290510a2f0b3SHerbert Xu
29069d12ba86SRob Rice ctx->salt_len = GCM_ESP_SALT_SIZE;
29079d12ba86SRob Rice ctx->salt_offset = GCM_ESP_SALT_OFFSET;
29089d12ba86SRob Rice memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
29099d12ba86SRob Rice keylen -= GCM_ESP_SALT_SIZE;
29109d12ba86SRob Rice ctx->digestsize = GCM_ESP_DIGESTSIZE;
29119d12ba86SRob Rice ctx->is_esp = true;
29129d12ba86SRob Rice flow_dump("salt: ", ctx->salt, GCM_ESP_SALT_SIZE);
29139d12ba86SRob Rice
29149d12ba86SRob Rice return aead_gcm_ccm_setkey(cipher, key, keylen);
29159d12ba86SRob Rice }
29169d12ba86SRob Rice
29179d12ba86SRob Rice /**
29189d12ba86SRob Rice * rfc4543_gcm_esp_setkey() - setkey operation for RFC4543 variant of GCM/GMAC.
291985a557cbSLee Jones * @cipher: AEAD structure
292085a557cbSLee Jones * @key: Key followed by 4 bytes of salt
292185a557cbSLee Jones * @keylen: Length of key plus salt, in bytes
29229d12ba86SRob Rice *
29239d12ba86SRob Rice * Extracts salt from key and stores it to be prepended to IV on each request.
29249d12ba86SRob Rice * Digest is always 16 bytes
29259d12ba86SRob Rice *
29269d12ba86SRob Rice * Return: Value from generic gcm setkey.
29279d12ba86SRob Rice */
rfc4543_gcm_esp_setkey(struct crypto_aead * cipher,const u8 * key,unsigned int keylen)29289d12ba86SRob Rice static int rfc4543_gcm_esp_setkey(struct crypto_aead *cipher,
29299d12ba86SRob Rice const u8 *key, unsigned int keylen)
29309d12ba86SRob Rice {
29319d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
29329d12ba86SRob Rice
29339d12ba86SRob Rice flow_log("%s\n", __func__);
293410a2f0b3SHerbert Xu
293510a2f0b3SHerbert Xu if (keylen < GCM_ESP_SALT_SIZE)
293610a2f0b3SHerbert Xu return -EINVAL;
293710a2f0b3SHerbert Xu
29389d12ba86SRob Rice ctx->salt_len = GCM_ESP_SALT_SIZE;
29399d12ba86SRob Rice ctx->salt_offset = GCM_ESP_SALT_OFFSET;
29409d12ba86SRob Rice memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
29419d12ba86SRob Rice keylen -= GCM_ESP_SALT_SIZE;
29429d12ba86SRob Rice ctx->digestsize = GCM_ESP_DIGESTSIZE;
29439d12ba86SRob Rice ctx->is_esp = true;
29449d12ba86SRob Rice ctx->is_rfc4543 = true;
29459d12ba86SRob Rice flow_dump("salt: ", ctx->salt, GCM_ESP_SALT_SIZE);
29469d12ba86SRob Rice
29479d12ba86SRob Rice return aead_gcm_ccm_setkey(cipher, key, keylen);
29489d12ba86SRob Rice }
29499d12ba86SRob Rice
29509d12ba86SRob Rice /**
29519d12ba86SRob Rice * aead_ccm_esp_setkey() - setkey() operation for ESP variant of CCM AES.
29529d12ba86SRob Rice * @cipher: AEAD structure
29539d12ba86SRob Rice * @key: Key followed by 4 bytes of salt
29549d12ba86SRob Rice * @keylen: Length of key plus salt, in bytes
29559d12ba86SRob Rice *
29569d12ba86SRob Rice * Extracts salt from key and stores it to be prepended to IV on each request.
29579d12ba86SRob Rice * Digest is always 16 bytes
29589d12ba86SRob Rice *
29599d12ba86SRob Rice * Return: Value from generic ccm setkey.
29609d12ba86SRob Rice */
aead_ccm_esp_setkey(struct crypto_aead * cipher,const u8 * key,unsigned int keylen)29619d12ba86SRob Rice static int aead_ccm_esp_setkey(struct crypto_aead *cipher,
29629d12ba86SRob Rice const u8 *key, unsigned int keylen)
29639d12ba86SRob Rice {
29649d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
29659d12ba86SRob Rice
29669d12ba86SRob Rice flow_log("%s\n", __func__);
296710a2f0b3SHerbert Xu
296810a2f0b3SHerbert Xu if (keylen < CCM_ESP_SALT_SIZE)
296910a2f0b3SHerbert Xu return -EINVAL;
297010a2f0b3SHerbert Xu
29719d12ba86SRob Rice ctx->salt_len = CCM_ESP_SALT_SIZE;
29729d12ba86SRob Rice ctx->salt_offset = CCM_ESP_SALT_OFFSET;
29739d12ba86SRob Rice memcpy(ctx->salt, key + keylen - CCM_ESP_SALT_SIZE, CCM_ESP_SALT_SIZE);
29749d12ba86SRob Rice keylen -= CCM_ESP_SALT_SIZE;
29759d12ba86SRob Rice ctx->is_esp = true;
29769d12ba86SRob Rice flow_dump("salt: ", ctx->salt, CCM_ESP_SALT_SIZE);
29779d12ba86SRob Rice
29789d12ba86SRob Rice return aead_gcm_ccm_setkey(cipher, key, keylen);
29799d12ba86SRob Rice }
29809d12ba86SRob Rice
aead_setauthsize(struct crypto_aead * cipher,unsigned int authsize)29819d12ba86SRob Rice static int aead_setauthsize(struct crypto_aead *cipher, unsigned int authsize)
29829d12ba86SRob Rice {
29839d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
29849d12ba86SRob Rice int ret = 0;
29859d12ba86SRob Rice
29869d12ba86SRob Rice flow_log("%s() authkeylen:%u authsize:%u\n",
29879d12ba86SRob Rice __func__, ctx->authkeylen, authsize);
29889d12ba86SRob Rice
29899d12ba86SRob Rice ctx->digestsize = authsize;
29909d12ba86SRob Rice
29919d12ba86SRob Rice /* setkey the fallback just in case we needto use it */
29929d12ba86SRob Rice if (ctx->fallback_cipher) {
29939d12ba86SRob Rice flow_log(" running fallback setauth()\n");
29949d12ba86SRob Rice
29959d12ba86SRob Rice ret = crypto_aead_setauthsize(ctx->fallback_cipher, authsize);
29969d12ba86SRob Rice if (ret)
29979d12ba86SRob Rice flow_log(" fallback setauth() returned:%d\n", ret);
29989d12ba86SRob Rice }
29999d12ba86SRob Rice
30009d12ba86SRob Rice return ret;
30019d12ba86SRob Rice }
30029d12ba86SRob Rice
aead_encrypt(struct aead_request * req)30039d12ba86SRob Rice static int aead_encrypt(struct aead_request *req)
30049d12ba86SRob Rice {
30059d12ba86SRob Rice flow_log("%s() cryptlen:%u %08x\n", __func__, req->cryptlen,
30069d12ba86SRob Rice req->cryptlen);
30079d12ba86SRob Rice dump_sg(req->src, 0, req->cryptlen + req->assoclen);
30089d12ba86SRob Rice flow_log(" assoc_len:%u\n", req->assoclen);
30099d12ba86SRob Rice
30109d12ba86SRob Rice return aead_enqueue(req, true);
30119d12ba86SRob Rice }
30129d12ba86SRob Rice
aead_decrypt(struct aead_request * req)30139d12ba86SRob Rice static int aead_decrypt(struct aead_request *req)
30149d12ba86SRob Rice {
30159d12ba86SRob Rice flow_log("%s() cryptlen:%u\n", __func__, req->cryptlen);
30169d12ba86SRob Rice dump_sg(req->src, 0, req->cryptlen + req->assoclen);
30179d12ba86SRob Rice flow_log(" assoc_len:%u\n", req->assoclen);
30189d12ba86SRob Rice
30199d12ba86SRob Rice return aead_enqueue(req, false);
30209d12ba86SRob Rice }
30219d12ba86SRob Rice
30229d12ba86SRob Rice /* ==================== Supported Cipher Algorithms ==================== */
30239d12ba86SRob Rice
30249d12ba86SRob Rice static struct iproc_alg_s driver_algs[] = {
30259d12ba86SRob Rice {
30269d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
30279d12ba86SRob Rice .alg.aead = {
30289d12ba86SRob Rice .base = {
30299d12ba86SRob Rice .cra_name = "gcm(aes)",
30309d12ba86SRob Rice .cra_driver_name = "gcm-aes-iproc",
30319d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
30329d12ba86SRob Rice .cra_flags = CRYPTO_ALG_NEED_FALLBACK
30339d12ba86SRob Rice },
30349d12ba86SRob Rice .setkey = aead_gcm_ccm_setkey,
30359d12ba86SRob Rice .ivsize = GCM_AES_IV_SIZE,
30369d12ba86SRob Rice .maxauthsize = AES_BLOCK_SIZE,
30379d12ba86SRob Rice },
30389d12ba86SRob Rice .cipher_info = {
30399d12ba86SRob Rice .alg = CIPHER_ALG_AES,
30409d12ba86SRob Rice .mode = CIPHER_MODE_GCM,
30419d12ba86SRob Rice },
30429d12ba86SRob Rice .auth_info = {
30439d12ba86SRob Rice .alg = HASH_ALG_AES,
30449d12ba86SRob Rice .mode = HASH_MODE_GCM,
30459d12ba86SRob Rice },
30469d12ba86SRob Rice .auth_first = 0,
30479d12ba86SRob Rice },
30489d12ba86SRob Rice {
30499d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
30509d12ba86SRob Rice .alg.aead = {
30519d12ba86SRob Rice .base = {
30529d12ba86SRob Rice .cra_name = "ccm(aes)",
30539d12ba86SRob Rice .cra_driver_name = "ccm-aes-iproc",
30549d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
30559d12ba86SRob Rice .cra_flags = CRYPTO_ALG_NEED_FALLBACK
30569d12ba86SRob Rice },
30579d12ba86SRob Rice .setkey = aead_gcm_ccm_setkey,
30589d12ba86SRob Rice .ivsize = CCM_AES_IV_SIZE,
30599d12ba86SRob Rice .maxauthsize = AES_BLOCK_SIZE,
30609d12ba86SRob Rice },
30619d12ba86SRob Rice .cipher_info = {
30629d12ba86SRob Rice .alg = CIPHER_ALG_AES,
30639d12ba86SRob Rice .mode = CIPHER_MODE_CCM,
30649d12ba86SRob Rice },
30659d12ba86SRob Rice .auth_info = {
30669d12ba86SRob Rice .alg = HASH_ALG_AES,
30679d12ba86SRob Rice .mode = HASH_MODE_CCM,
30689d12ba86SRob Rice },
30699d12ba86SRob Rice .auth_first = 0,
30709d12ba86SRob Rice },
30719d12ba86SRob Rice {
30729d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
30739d12ba86SRob Rice .alg.aead = {
30749d12ba86SRob Rice .base = {
30759d12ba86SRob Rice .cra_name = "rfc4106(gcm(aes))",
30769d12ba86SRob Rice .cra_driver_name = "gcm-aes-esp-iproc",
30779d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
30789d12ba86SRob Rice .cra_flags = CRYPTO_ALG_NEED_FALLBACK
30799d12ba86SRob Rice },
30809d12ba86SRob Rice .setkey = aead_gcm_esp_setkey,
3081a59851d2SCorentin LABBE .ivsize = GCM_RFC4106_IV_SIZE,
30829d12ba86SRob Rice .maxauthsize = AES_BLOCK_SIZE,
30839d12ba86SRob Rice },
30849d12ba86SRob Rice .cipher_info = {
30859d12ba86SRob Rice .alg = CIPHER_ALG_AES,
30869d12ba86SRob Rice .mode = CIPHER_MODE_GCM,
30879d12ba86SRob Rice },
30889d12ba86SRob Rice .auth_info = {
30899d12ba86SRob Rice .alg = HASH_ALG_AES,
30909d12ba86SRob Rice .mode = HASH_MODE_GCM,
30919d12ba86SRob Rice },
30929d12ba86SRob Rice .auth_first = 0,
30939d12ba86SRob Rice },
30949d12ba86SRob Rice {
30959d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
30969d12ba86SRob Rice .alg.aead = {
30979d12ba86SRob Rice .base = {
30989d12ba86SRob Rice .cra_name = "rfc4309(ccm(aes))",
30999d12ba86SRob Rice .cra_driver_name = "ccm-aes-esp-iproc",
31009d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
31019d12ba86SRob Rice .cra_flags = CRYPTO_ALG_NEED_FALLBACK
31029d12ba86SRob Rice },
31039d12ba86SRob Rice .setkey = aead_ccm_esp_setkey,
31049d12ba86SRob Rice .ivsize = CCM_AES_IV_SIZE,
31059d12ba86SRob Rice .maxauthsize = AES_BLOCK_SIZE,
31069d12ba86SRob Rice },
31079d12ba86SRob Rice .cipher_info = {
31089d12ba86SRob Rice .alg = CIPHER_ALG_AES,
31099d12ba86SRob Rice .mode = CIPHER_MODE_CCM,
31109d12ba86SRob Rice },
31119d12ba86SRob Rice .auth_info = {
31129d12ba86SRob Rice .alg = HASH_ALG_AES,
31139d12ba86SRob Rice .mode = HASH_MODE_CCM,
31149d12ba86SRob Rice },
31159d12ba86SRob Rice .auth_first = 0,
31169d12ba86SRob Rice },
31179d12ba86SRob Rice {
31189d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
31199d12ba86SRob Rice .alg.aead = {
31209d12ba86SRob Rice .base = {
31219d12ba86SRob Rice .cra_name = "rfc4543(gcm(aes))",
31229d12ba86SRob Rice .cra_driver_name = "gmac-aes-esp-iproc",
31239d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
31249d12ba86SRob Rice .cra_flags = CRYPTO_ALG_NEED_FALLBACK
31259d12ba86SRob Rice },
31269d12ba86SRob Rice .setkey = rfc4543_gcm_esp_setkey,
3127a59851d2SCorentin LABBE .ivsize = GCM_RFC4106_IV_SIZE,
31289d12ba86SRob Rice .maxauthsize = AES_BLOCK_SIZE,
31299d12ba86SRob Rice },
31309d12ba86SRob Rice .cipher_info = {
31319d12ba86SRob Rice .alg = CIPHER_ALG_AES,
31329d12ba86SRob Rice .mode = CIPHER_MODE_GCM,
31339d12ba86SRob Rice },
31349d12ba86SRob Rice .auth_info = {
31359d12ba86SRob Rice .alg = HASH_ALG_AES,
31369d12ba86SRob Rice .mode = HASH_MODE_GCM,
31379d12ba86SRob Rice },
31389d12ba86SRob Rice .auth_first = 0,
31399d12ba86SRob Rice },
31409d12ba86SRob Rice {
31419d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
31429d12ba86SRob Rice .alg.aead = {
31439d12ba86SRob Rice .base = {
31449d12ba86SRob Rice .cra_name = "authenc(hmac(md5),cbc(aes))",
31459d12ba86SRob Rice .cra_driver_name = "authenc-hmac-md5-cbc-aes-iproc",
31469d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
3147b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3148b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3149b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
31509d12ba86SRob Rice },
31519d12ba86SRob Rice .setkey = aead_authenc_setkey,
31529d12ba86SRob Rice .ivsize = AES_BLOCK_SIZE,
31539d12ba86SRob Rice .maxauthsize = MD5_DIGEST_SIZE,
31549d12ba86SRob Rice },
31559d12ba86SRob Rice .cipher_info = {
31569d12ba86SRob Rice .alg = CIPHER_ALG_AES,
31579d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
31589d12ba86SRob Rice },
31599d12ba86SRob Rice .auth_info = {
31609d12ba86SRob Rice .alg = HASH_ALG_MD5,
31619d12ba86SRob Rice .mode = HASH_MODE_HMAC,
31629d12ba86SRob Rice },
31639d12ba86SRob Rice .auth_first = 0,
31649d12ba86SRob Rice },
31659d12ba86SRob Rice {
31669d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
31679d12ba86SRob Rice .alg.aead = {
31689d12ba86SRob Rice .base = {
31699d12ba86SRob Rice .cra_name = "authenc(hmac(sha1),cbc(aes))",
31709d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha1-cbc-aes-iproc",
31719d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
3172b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3173b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3174b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
31759d12ba86SRob Rice },
31769d12ba86SRob Rice .setkey = aead_authenc_setkey,
31779d12ba86SRob Rice .ivsize = AES_BLOCK_SIZE,
31789d12ba86SRob Rice .maxauthsize = SHA1_DIGEST_SIZE,
31799d12ba86SRob Rice },
31809d12ba86SRob Rice .cipher_info = {
31819d12ba86SRob Rice .alg = CIPHER_ALG_AES,
31829d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
31839d12ba86SRob Rice },
31849d12ba86SRob Rice .auth_info = {
31859d12ba86SRob Rice .alg = HASH_ALG_SHA1,
31869d12ba86SRob Rice .mode = HASH_MODE_HMAC,
31879d12ba86SRob Rice },
31889d12ba86SRob Rice .auth_first = 0,
31899d12ba86SRob Rice },
31909d12ba86SRob Rice {
31919d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
31929d12ba86SRob Rice .alg.aead = {
31939d12ba86SRob Rice .base = {
31949d12ba86SRob Rice .cra_name = "authenc(hmac(sha256),cbc(aes))",
31959d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha256-cbc-aes-iproc",
31969d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
3197b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3198b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3199b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
32009d12ba86SRob Rice },
32019d12ba86SRob Rice .setkey = aead_authenc_setkey,
32029d12ba86SRob Rice .ivsize = AES_BLOCK_SIZE,
32039d12ba86SRob Rice .maxauthsize = SHA256_DIGEST_SIZE,
32049d12ba86SRob Rice },
32059d12ba86SRob Rice .cipher_info = {
32069d12ba86SRob Rice .alg = CIPHER_ALG_AES,
32079d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
32089d12ba86SRob Rice },
32099d12ba86SRob Rice .auth_info = {
32109d12ba86SRob Rice .alg = HASH_ALG_SHA256,
32119d12ba86SRob Rice .mode = HASH_MODE_HMAC,
32129d12ba86SRob Rice },
32139d12ba86SRob Rice .auth_first = 0,
32149d12ba86SRob Rice },
32159d12ba86SRob Rice {
32169d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
32179d12ba86SRob Rice .alg.aead = {
32189d12ba86SRob Rice .base = {
32199d12ba86SRob Rice .cra_name = "authenc(hmac(md5),cbc(des))",
32209d12ba86SRob Rice .cra_driver_name = "authenc-hmac-md5-cbc-des-iproc",
32219d12ba86SRob Rice .cra_blocksize = DES_BLOCK_SIZE,
3222b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3223b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3224b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
32259d12ba86SRob Rice },
32269d12ba86SRob Rice .setkey = aead_authenc_setkey,
32279d12ba86SRob Rice .ivsize = DES_BLOCK_SIZE,
32289d12ba86SRob Rice .maxauthsize = MD5_DIGEST_SIZE,
32299d12ba86SRob Rice },
32309d12ba86SRob Rice .cipher_info = {
32319d12ba86SRob Rice .alg = CIPHER_ALG_DES,
32329d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
32339d12ba86SRob Rice },
32349d12ba86SRob Rice .auth_info = {
32359d12ba86SRob Rice .alg = HASH_ALG_MD5,
32369d12ba86SRob Rice .mode = HASH_MODE_HMAC,
32379d12ba86SRob Rice },
32389d12ba86SRob Rice .auth_first = 0,
32399d12ba86SRob Rice },
32409d12ba86SRob Rice {
32419d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
32429d12ba86SRob Rice .alg.aead = {
32439d12ba86SRob Rice .base = {
32449d12ba86SRob Rice .cra_name = "authenc(hmac(sha1),cbc(des))",
32459d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha1-cbc-des-iproc",
32469d12ba86SRob Rice .cra_blocksize = DES_BLOCK_SIZE,
3247b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3248b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3249b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
32509d12ba86SRob Rice },
32519d12ba86SRob Rice .setkey = aead_authenc_setkey,
32529d12ba86SRob Rice .ivsize = DES_BLOCK_SIZE,
32539d12ba86SRob Rice .maxauthsize = SHA1_DIGEST_SIZE,
32549d12ba86SRob Rice },
32559d12ba86SRob Rice .cipher_info = {
32569d12ba86SRob Rice .alg = CIPHER_ALG_DES,
32579d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
32589d12ba86SRob Rice },
32599d12ba86SRob Rice .auth_info = {
32609d12ba86SRob Rice .alg = HASH_ALG_SHA1,
32619d12ba86SRob Rice .mode = HASH_MODE_HMAC,
32629d12ba86SRob Rice },
32639d12ba86SRob Rice .auth_first = 0,
32649d12ba86SRob Rice },
32659d12ba86SRob Rice {
32669d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
32679d12ba86SRob Rice .alg.aead = {
32689d12ba86SRob Rice .base = {
32699d12ba86SRob Rice .cra_name = "authenc(hmac(sha224),cbc(des))",
32709d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha224-cbc-des-iproc",
32719d12ba86SRob Rice .cra_blocksize = DES_BLOCK_SIZE,
3272b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3273b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3274b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
32759d12ba86SRob Rice },
32769d12ba86SRob Rice .setkey = aead_authenc_setkey,
32779d12ba86SRob Rice .ivsize = DES_BLOCK_SIZE,
32789d12ba86SRob Rice .maxauthsize = SHA224_DIGEST_SIZE,
32799d12ba86SRob Rice },
32809d12ba86SRob Rice .cipher_info = {
32819d12ba86SRob Rice .alg = CIPHER_ALG_DES,
32829d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
32839d12ba86SRob Rice },
32849d12ba86SRob Rice .auth_info = {
32859d12ba86SRob Rice .alg = HASH_ALG_SHA224,
32869d12ba86SRob Rice .mode = HASH_MODE_HMAC,
32879d12ba86SRob Rice },
32889d12ba86SRob Rice .auth_first = 0,
32899d12ba86SRob Rice },
32909d12ba86SRob Rice {
32919d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
32929d12ba86SRob Rice .alg.aead = {
32939d12ba86SRob Rice .base = {
32949d12ba86SRob Rice .cra_name = "authenc(hmac(sha256),cbc(des))",
32959d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha256-cbc-des-iproc",
32969d12ba86SRob Rice .cra_blocksize = DES_BLOCK_SIZE,
3297b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3298b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3299b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
33009d12ba86SRob Rice },
33019d12ba86SRob Rice .setkey = aead_authenc_setkey,
33029d12ba86SRob Rice .ivsize = DES_BLOCK_SIZE,
33039d12ba86SRob Rice .maxauthsize = SHA256_DIGEST_SIZE,
33049d12ba86SRob Rice },
33059d12ba86SRob Rice .cipher_info = {
33069d12ba86SRob Rice .alg = CIPHER_ALG_DES,
33079d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
33089d12ba86SRob Rice },
33099d12ba86SRob Rice .auth_info = {
33109d12ba86SRob Rice .alg = HASH_ALG_SHA256,
33119d12ba86SRob Rice .mode = HASH_MODE_HMAC,
33129d12ba86SRob Rice },
33139d12ba86SRob Rice .auth_first = 0,
33149d12ba86SRob Rice },
33159d12ba86SRob Rice {
33169d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
33179d12ba86SRob Rice .alg.aead = {
33189d12ba86SRob Rice .base = {
33199d12ba86SRob Rice .cra_name = "authenc(hmac(sha384),cbc(des))",
33209d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha384-cbc-des-iproc",
33219d12ba86SRob Rice .cra_blocksize = DES_BLOCK_SIZE,
3322b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3323b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3324b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
33259d12ba86SRob Rice },
33269d12ba86SRob Rice .setkey = aead_authenc_setkey,
33279d12ba86SRob Rice .ivsize = DES_BLOCK_SIZE,
33289d12ba86SRob Rice .maxauthsize = SHA384_DIGEST_SIZE,
33299d12ba86SRob Rice },
33309d12ba86SRob Rice .cipher_info = {
33319d12ba86SRob Rice .alg = CIPHER_ALG_DES,
33329d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
33339d12ba86SRob Rice },
33349d12ba86SRob Rice .auth_info = {
33359d12ba86SRob Rice .alg = HASH_ALG_SHA384,
33369d12ba86SRob Rice .mode = HASH_MODE_HMAC,
33379d12ba86SRob Rice },
33389d12ba86SRob Rice .auth_first = 0,
33399d12ba86SRob Rice },
33409d12ba86SRob Rice {
33419d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
33429d12ba86SRob Rice .alg.aead = {
33439d12ba86SRob Rice .base = {
33449d12ba86SRob Rice .cra_name = "authenc(hmac(sha512),cbc(des))",
33459d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha512-cbc-des-iproc",
33469d12ba86SRob Rice .cra_blocksize = DES_BLOCK_SIZE,
3347b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3348b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3349b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
33509d12ba86SRob Rice },
33519d12ba86SRob Rice .setkey = aead_authenc_setkey,
33529d12ba86SRob Rice .ivsize = DES_BLOCK_SIZE,
33539d12ba86SRob Rice .maxauthsize = SHA512_DIGEST_SIZE,
33549d12ba86SRob Rice },
33559d12ba86SRob Rice .cipher_info = {
33569d12ba86SRob Rice .alg = CIPHER_ALG_DES,
33579d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
33589d12ba86SRob Rice },
33599d12ba86SRob Rice .auth_info = {
33609d12ba86SRob Rice .alg = HASH_ALG_SHA512,
33619d12ba86SRob Rice .mode = HASH_MODE_HMAC,
33629d12ba86SRob Rice },
33639d12ba86SRob Rice .auth_first = 0,
33649d12ba86SRob Rice },
33659d12ba86SRob Rice {
33669d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
33679d12ba86SRob Rice .alg.aead = {
33689d12ba86SRob Rice .base = {
33699d12ba86SRob Rice .cra_name = "authenc(hmac(md5),cbc(des3_ede))",
33709d12ba86SRob Rice .cra_driver_name = "authenc-hmac-md5-cbc-des3-iproc",
33719d12ba86SRob Rice .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3372b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3373b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3374b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
33759d12ba86SRob Rice },
33769d12ba86SRob Rice .setkey = aead_authenc_setkey,
33779d12ba86SRob Rice .ivsize = DES3_EDE_BLOCK_SIZE,
33789d12ba86SRob Rice .maxauthsize = MD5_DIGEST_SIZE,
33799d12ba86SRob Rice },
33809d12ba86SRob Rice .cipher_info = {
33819d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
33829d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
33839d12ba86SRob Rice },
33849d12ba86SRob Rice .auth_info = {
33859d12ba86SRob Rice .alg = HASH_ALG_MD5,
33869d12ba86SRob Rice .mode = HASH_MODE_HMAC,
33879d12ba86SRob Rice },
33889d12ba86SRob Rice .auth_first = 0,
33899d12ba86SRob Rice },
33909d12ba86SRob Rice {
33919d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
33929d12ba86SRob Rice .alg.aead = {
33939d12ba86SRob Rice .base = {
33949d12ba86SRob Rice .cra_name = "authenc(hmac(sha1),cbc(des3_ede))",
33959d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha1-cbc-des3-iproc",
33969d12ba86SRob Rice .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3397b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3398b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3399b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
34009d12ba86SRob Rice },
34019d12ba86SRob Rice .setkey = aead_authenc_setkey,
34029d12ba86SRob Rice .ivsize = DES3_EDE_BLOCK_SIZE,
34039d12ba86SRob Rice .maxauthsize = SHA1_DIGEST_SIZE,
34049d12ba86SRob Rice },
34059d12ba86SRob Rice .cipher_info = {
34069d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
34079d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
34089d12ba86SRob Rice },
34099d12ba86SRob Rice .auth_info = {
34109d12ba86SRob Rice .alg = HASH_ALG_SHA1,
34119d12ba86SRob Rice .mode = HASH_MODE_HMAC,
34129d12ba86SRob Rice },
34139d12ba86SRob Rice .auth_first = 0,
34149d12ba86SRob Rice },
34159d12ba86SRob Rice {
34169d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
34179d12ba86SRob Rice .alg.aead = {
34189d12ba86SRob Rice .base = {
34199d12ba86SRob Rice .cra_name = "authenc(hmac(sha224),cbc(des3_ede))",
34209d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha224-cbc-des3-iproc",
34219d12ba86SRob Rice .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3422b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3423b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3424b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
34259d12ba86SRob Rice },
34269d12ba86SRob Rice .setkey = aead_authenc_setkey,
34279d12ba86SRob Rice .ivsize = DES3_EDE_BLOCK_SIZE,
34289d12ba86SRob Rice .maxauthsize = SHA224_DIGEST_SIZE,
34299d12ba86SRob Rice },
34309d12ba86SRob Rice .cipher_info = {
34319d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
34329d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
34339d12ba86SRob Rice },
34349d12ba86SRob Rice .auth_info = {
34359d12ba86SRob Rice .alg = HASH_ALG_SHA224,
34369d12ba86SRob Rice .mode = HASH_MODE_HMAC,
34379d12ba86SRob Rice },
34389d12ba86SRob Rice .auth_first = 0,
34399d12ba86SRob Rice },
34409d12ba86SRob Rice {
34419d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
34429d12ba86SRob Rice .alg.aead = {
34439d12ba86SRob Rice .base = {
34449d12ba86SRob Rice .cra_name = "authenc(hmac(sha256),cbc(des3_ede))",
34459d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha256-cbc-des3-iproc",
34469d12ba86SRob Rice .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3447b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3448b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3449b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
34509d12ba86SRob Rice },
34519d12ba86SRob Rice .setkey = aead_authenc_setkey,
34529d12ba86SRob Rice .ivsize = DES3_EDE_BLOCK_SIZE,
34539d12ba86SRob Rice .maxauthsize = SHA256_DIGEST_SIZE,
34549d12ba86SRob Rice },
34559d12ba86SRob Rice .cipher_info = {
34569d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
34579d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
34589d12ba86SRob Rice },
34599d12ba86SRob Rice .auth_info = {
34609d12ba86SRob Rice .alg = HASH_ALG_SHA256,
34619d12ba86SRob Rice .mode = HASH_MODE_HMAC,
34629d12ba86SRob Rice },
34639d12ba86SRob Rice .auth_first = 0,
34649d12ba86SRob Rice },
34659d12ba86SRob Rice {
34669d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
34679d12ba86SRob Rice .alg.aead = {
34689d12ba86SRob Rice .base = {
34699d12ba86SRob Rice .cra_name = "authenc(hmac(sha384),cbc(des3_ede))",
34709d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha384-cbc-des3-iproc",
34719d12ba86SRob Rice .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3472b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3473b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3474b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
34759d12ba86SRob Rice },
34769d12ba86SRob Rice .setkey = aead_authenc_setkey,
34779d12ba86SRob Rice .ivsize = DES3_EDE_BLOCK_SIZE,
34789d12ba86SRob Rice .maxauthsize = SHA384_DIGEST_SIZE,
34799d12ba86SRob Rice },
34809d12ba86SRob Rice .cipher_info = {
34819d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
34829d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
34839d12ba86SRob Rice },
34849d12ba86SRob Rice .auth_info = {
34859d12ba86SRob Rice .alg = HASH_ALG_SHA384,
34869d12ba86SRob Rice .mode = HASH_MODE_HMAC,
34879d12ba86SRob Rice },
34889d12ba86SRob Rice .auth_first = 0,
34899d12ba86SRob Rice },
34909d12ba86SRob Rice {
34919d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AEAD,
34929d12ba86SRob Rice .alg.aead = {
34939d12ba86SRob Rice .base = {
34949d12ba86SRob Rice .cra_name = "authenc(hmac(sha512),cbc(des3_ede))",
34959d12ba86SRob Rice .cra_driver_name = "authenc-hmac-sha512-cbc-des3-iproc",
34969d12ba86SRob Rice .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3497b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3498b8aa7dc5SMikulas Patocka CRYPTO_ALG_ASYNC |
3499b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY
35009d12ba86SRob Rice },
35019d12ba86SRob Rice .setkey = aead_authenc_setkey,
35029d12ba86SRob Rice .ivsize = DES3_EDE_BLOCK_SIZE,
35039d12ba86SRob Rice .maxauthsize = SHA512_DIGEST_SIZE,
35049d12ba86SRob Rice },
35059d12ba86SRob Rice .cipher_info = {
35069d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
35079d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
35089d12ba86SRob Rice },
35099d12ba86SRob Rice .auth_info = {
35109d12ba86SRob Rice .alg = HASH_ALG_SHA512,
35119d12ba86SRob Rice .mode = HASH_MODE_HMAC,
35129d12ba86SRob Rice },
35139d12ba86SRob Rice .auth_first = 0,
35149d12ba86SRob Rice },
35159d12ba86SRob Rice
3516a9c01cd6SArd Biesheuvel /* SKCIPHER algorithms. */
35179d12ba86SRob Rice {
3518a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3519a9c01cd6SArd Biesheuvel .alg.skcipher = {
3520a9c01cd6SArd Biesheuvel .base.cra_name = "ofb(des)",
3521a9c01cd6SArd Biesheuvel .base.cra_driver_name = "ofb-des-iproc",
3522a9c01cd6SArd Biesheuvel .base.cra_blocksize = DES_BLOCK_SIZE,
35239d12ba86SRob Rice .min_keysize = DES_KEY_SIZE,
35249d12ba86SRob Rice .max_keysize = DES_KEY_SIZE,
35259d12ba86SRob Rice .ivsize = DES_BLOCK_SIZE,
35269d12ba86SRob Rice },
35279d12ba86SRob Rice .cipher_info = {
35289d12ba86SRob Rice .alg = CIPHER_ALG_DES,
35299d12ba86SRob Rice .mode = CIPHER_MODE_OFB,
35309d12ba86SRob Rice },
35319d12ba86SRob Rice .auth_info = {
35329d12ba86SRob Rice .alg = HASH_ALG_NONE,
35339d12ba86SRob Rice .mode = HASH_MODE_NONE,
35349d12ba86SRob Rice },
35359d12ba86SRob Rice },
35369d12ba86SRob Rice {
3537a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3538a9c01cd6SArd Biesheuvel .alg.skcipher = {
3539a9c01cd6SArd Biesheuvel .base.cra_name = "cbc(des)",
3540a9c01cd6SArd Biesheuvel .base.cra_driver_name = "cbc-des-iproc",
3541a9c01cd6SArd Biesheuvel .base.cra_blocksize = DES_BLOCK_SIZE,
35429d12ba86SRob Rice .min_keysize = DES_KEY_SIZE,
35439d12ba86SRob Rice .max_keysize = DES_KEY_SIZE,
35449d12ba86SRob Rice .ivsize = DES_BLOCK_SIZE,
35459d12ba86SRob Rice },
35469d12ba86SRob Rice .cipher_info = {
35479d12ba86SRob Rice .alg = CIPHER_ALG_DES,
35489d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
35499d12ba86SRob Rice },
35509d12ba86SRob Rice .auth_info = {
35519d12ba86SRob Rice .alg = HASH_ALG_NONE,
35529d12ba86SRob Rice .mode = HASH_MODE_NONE,
35539d12ba86SRob Rice },
35549d12ba86SRob Rice },
35559d12ba86SRob Rice {
3556a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3557a9c01cd6SArd Biesheuvel .alg.skcipher = {
3558a9c01cd6SArd Biesheuvel .base.cra_name = "ecb(des)",
3559a9c01cd6SArd Biesheuvel .base.cra_driver_name = "ecb-des-iproc",
3560a9c01cd6SArd Biesheuvel .base.cra_blocksize = DES_BLOCK_SIZE,
35619d12ba86SRob Rice .min_keysize = DES_KEY_SIZE,
35629d12ba86SRob Rice .max_keysize = DES_KEY_SIZE,
35639d12ba86SRob Rice .ivsize = 0,
35649d12ba86SRob Rice },
35659d12ba86SRob Rice .cipher_info = {
35669d12ba86SRob Rice .alg = CIPHER_ALG_DES,
35679d12ba86SRob Rice .mode = CIPHER_MODE_ECB,
35689d12ba86SRob Rice },
35699d12ba86SRob Rice .auth_info = {
35709d12ba86SRob Rice .alg = HASH_ALG_NONE,
35719d12ba86SRob Rice .mode = HASH_MODE_NONE,
35729d12ba86SRob Rice },
35739d12ba86SRob Rice },
35749d12ba86SRob Rice {
3575a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3576a9c01cd6SArd Biesheuvel .alg.skcipher = {
3577a9c01cd6SArd Biesheuvel .base.cra_name = "ofb(des3_ede)",
3578a9c01cd6SArd Biesheuvel .base.cra_driver_name = "ofb-des3-iproc",
3579a9c01cd6SArd Biesheuvel .base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
35809d12ba86SRob Rice .min_keysize = DES3_EDE_KEY_SIZE,
35819d12ba86SRob Rice .max_keysize = DES3_EDE_KEY_SIZE,
35829d12ba86SRob Rice .ivsize = DES3_EDE_BLOCK_SIZE,
35839d12ba86SRob Rice },
35849d12ba86SRob Rice .cipher_info = {
35859d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
35869d12ba86SRob Rice .mode = CIPHER_MODE_OFB,
35879d12ba86SRob Rice },
35889d12ba86SRob Rice .auth_info = {
35899d12ba86SRob Rice .alg = HASH_ALG_NONE,
35909d12ba86SRob Rice .mode = HASH_MODE_NONE,
35919d12ba86SRob Rice },
35929d12ba86SRob Rice },
35939d12ba86SRob Rice {
3594a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3595a9c01cd6SArd Biesheuvel .alg.skcipher = {
3596a9c01cd6SArd Biesheuvel .base.cra_name = "cbc(des3_ede)",
3597a9c01cd6SArd Biesheuvel .base.cra_driver_name = "cbc-des3-iproc",
3598a9c01cd6SArd Biesheuvel .base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
35999d12ba86SRob Rice .min_keysize = DES3_EDE_KEY_SIZE,
36009d12ba86SRob Rice .max_keysize = DES3_EDE_KEY_SIZE,
36019d12ba86SRob Rice .ivsize = DES3_EDE_BLOCK_SIZE,
36029d12ba86SRob Rice },
36039d12ba86SRob Rice .cipher_info = {
36049d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
36059d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
36069d12ba86SRob Rice },
36079d12ba86SRob Rice .auth_info = {
36089d12ba86SRob Rice .alg = HASH_ALG_NONE,
36099d12ba86SRob Rice .mode = HASH_MODE_NONE,
36109d12ba86SRob Rice },
36119d12ba86SRob Rice },
36129d12ba86SRob Rice {
3613a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3614a9c01cd6SArd Biesheuvel .alg.skcipher = {
3615a9c01cd6SArd Biesheuvel .base.cra_name = "ecb(des3_ede)",
3616a9c01cd6SArd Biesheuvel .base.cra_driver_name = "ecb-des3-iproc",
3617a9c01cd6SArd Biesheuvel .base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
36189d12ba86SRob Rice .min_keysize = DES3_EDE_KEY_SIZE,
36199d12ba86SRob Rice .max_keysize = DES3_EDE_KEY_SIZE,
36209d12ba86SRob Rice .ivsize = 0,
36219d12ba86SRob Rice },
36229d12ba86SRob Rice .cipher_info = {
36239d12ba86SRob Rice .alg = CIPHER_ALG_3DES,
36249d12ba86SRob Rice .mode = CIPHER_MODE_ECB,
36259d12ba86SRob Rice },
36269d12ba86SRob Rice .auth_info = {
36279d12ba86SRob Rice .alg = HASH_ALG_NONE,
36289d12ba86SRob Rice .mode = HASH_MODE_NONE,
36299d12ba86SRob Rice },
36309d12ba86SRob Rice },
36319d12ba86SRob Rice {
3632a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3633a9c01cd6SArd Biesheuvel .alg.skcipher = {
3634a9c01cd6SArd Biesheuvel .base.cra_name = "ofb(aes)",
3635a9c01cd6SArd Biesheuvel .base.cra_driver_name = "ofb-aes-iproc",
3636a9c01cd6SArd Biesheuvel .base.cra_blocksize = AES_BLOCK_SIZE,
36379d12ba86SRob Rice .min_keysize = AES_MIN_KEY_SIZE,
36389d12ba86SRob Rice .max_keysize = AES_MAX_KEY_SIZE,
36399d12ba86SRob Rice .ivsize = AES_BLOCK_SIZE,
36409d12ba86SRob Rice },
36419d12ba86SRob Rice .cipher_info = {
36429d12ba86SRob Rice .alg = CIPHER_ALG_AES,
36439d12ba86SRob Rice .mode = CIPHER_MODE_OFB,
36449d12ba86SRob Rice },
36459d12ba86SRob Rice .auth_info = {
36469d12ba86SRob Rice .alg = HASH_ALG_NONE,
36479d12ba86SRob Rice .mode = HASH_MODE_NONE,
36489d12ba86SRob Rice },
36499d12ba86SRob Rice },
36509d12ba86SRob Rice {
3651a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3652a9c01cd6SArd Biesheuvel .alg.skcipher = {
3653a9c01cd6SArd Biesheuvel .base.cra_name = "cbc(aes)",
3654a9c01cd6SArd Biesheuvel .base.cra_driver_name = "cbc-aes-iproc",
3655a9c01cd6SArd Biesheuvel .base.cra_blocksize = AES_BLOCK_SIZE,
36569d12ba86SRob Rice .min_keysize = AES_MIN_KEY_SIZE,
36579d12ba86SRob Rice .max_keysize = AES_MAX_KEY_SIZE,
36589d12ba86SRob Rice .ivsize = AES_BLOCK_SIZE,
36599d12ba86SRob Rice },
36609d12ba86SRob Rice .cipher_info = {
36619d12ba86SRob Rice .alg = CIPHER_ALG_AES,
36629d12ba86SRob Rice .mode = CIPHER_MODE_CBC,
36639d12ba86SRob Rice },
36649d12ba86SRob Rice .auth_info = {
36659d12ba86SRob Rice .alg = HASH_ALG_NONE,
36669d12ba86SRob Rice .mode = HASH_MODE_NONE,
36679d12ba86SRob Rice },
36689d12ba86SRob Rice },
36699d12ba86SRob Rice {
3670a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3671a9c01cd6SArd Biesheuvel .alg.skcipher = {
3672a9c01cd6SArd Biesheuvel .base.cra_name = "ecb(aes)",
3673a9c01cd6SArd Biesheuvel .base.cra_driver_name = "ecb-aes-iproc",
3674a9c01cd6SArd Biesheuvel .base.cra_blocksize = AES_BLOCK_SIZE,
36759d12ba86SRob Rice .min_keysize = AES_MIN_KEY_SIZE,
36769d12ba86SRob Rice .max_keysize = AES_MAX_KEY_SIZE,
36779d12ba86SRob Rice .ivsize = 0,
36789d12ba86SRob Rice },
36799d12ba86SRob Rice .cipher_info = {
36809d12ba86SRob Rice .alg = CIPHER_ALG_AES,
36819d12ba86SRob Rice .mode = CIPHER_MODE_ECB,
36829d12ba86SRob Rice },
36839d12ba86SRob Rice .auth_info = {
36849d12ba86SRob Rice .alg = HASH_ALG_NONE,
36859d12ba86SRob Rice .mode = HASH_MODE_NONE,
36869d12ba86SRob Rice },
36879d12ba86SRob Rice },
36889d12ba86SRob Rice {
3689a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3690a9c01cd6SArd Biesheuvel .alg.skcipher = {
3691a9c01cd6SArd Biesheuvel .base.cra_name = "ctr(aes)",
3692a9c01cd6SArd Biesheuvel .base.cra_driver_name = "ctr-aes-iproc",
3693a9c01cd6SArd Biesheuvel .base.cra_blocksize = AES_BLOCK_SIZE,
36949d12ba86SRob Rice .min_keysize = AES_MIN_KEY_SIZE,
36959d12ba86SRob Rice .max_keysize = AES_MAX_KEY_SIZE,
36969d12ba86SRob Rice .ivsize = AES_BLOCK_SIZE,
36979d12ba86SRob Rice },
36989d12ba86SRob Rice .cipher_info = {
36999d12ba86SRob Rice .alg = CIPHER_ALG_AES,
37009d12ba86SRob Rice .mode = CIPHER_MODE_CTR,
37019d12ba86SRob Rice },
37029d12ba86SRob Rice .auth_info = {
37039d12ba86SRob Rice .alg = HASH_ALG_NONE,
37049d12ba86SRob Rice .mode = HASH_MODE_NONE,
37059d12ba86SRob Rice },
37069d12ba86SRob Rice },
37079d12ba86SRob Rice {
3708a9c01cd6SArd Biesheuvel .type = CRYPTO_ALG_TYPE_SKCIPHER,
3709a9c01cd6SArd Biesheuvel .alg.skcipher = {
3710a9c01cd6SArd Biesheuvel .base.cra_name = "xts(aes)",
3711a9c01cd6SArd Biesheuvel .base.cra_driver_name = "xts-aes-iproc",
3712a9c01cd6SArd Biesheuvel .base.cra_blocksize = AES_BLOCK_SIZE,
37139d12ba86SRob Rice .min_keysize = 2 * AES_MIN_KEY_SIZE,
37149d12ba86SRob Rice .max_keysize = 2 * AES_MAX_KEY_SIZE,
37159d12ba86SRob Rice .ivsize = AES_BLOCK_SIZE,
37169d12ba86SRob Rice },
37179d12ba86SRob Rice .cipher_info = {
37189d12ba86SRob Rice .alg = CIPHER_ALG_AES,
37199d12ba86SRob Rice .mode = CIPHER_MODE_XTS,
37209d12ba86SRob Rice },
37219d12ba86SRob Rice .auth_info = {
37229d12ba86SRob Rice .alg = HASH_ALG_NONE,
37239d12ba86SRob Rice .mode = HASH_MODE_NONE,
37249d12ba86SRob Rice },
37259d12ba86SRob Rice },
37269d12ba86SRob Rice
37279d12ba86SRob Rice /* AHASH algorithms. */
37289d12ba86SRob Rice {
37299d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
37309d12ba86SRob Rice .alg.hash = {
37319d12ba86SRob Rice .halg.digestsize = MD5_DIGEST_SIZE,
37329d12ba86SRob Rice .halg.base = {
37339d12ba86SRob Rice .cra_name = "md5",
37349d12ba86SRob Rice .cra_driver_name = "md5-iproc",
37359d12ba86SRob Rice .cra_blocksize = MD5_BLOCK_WORDS * 4,
3736b8aa7dc5SMikulas Patocka .cra_flags = CRYPTO_ALG_ASYNC |
3737b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY,
37389d12ba86SRob Rice }
37399d12ba86SRob Rice },
37409d12ba86SRob Rice .cipher_info = {
37419d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
37429d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
37439d12ba86SRob Rice },
37449d12ba86SRob Rice .auth_info = {
37459d12ba86SRob Rice .alg = HASH_ALG_MD5,
37469d12ba86SRob Rice .mode = HASH_MODE_HASH,
37479d12ba86SRob Rice },
37489d12ba86SRob Rice },
37499d12ba86SRob Rice {
37509d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
37519d12ba86SRob Rice .alg.hash = {
37529d12ba86SRob Rice .halg.digestsize = MD5_DIGEST_SIZE,
37539d12ba86SRob Rice .halg.base = {
37549d12ba86SRob Rice .cra_name = "hmac(md5)",
37559d12ba86SRob Rice .cra_driver_name = "hmac-md5-iproc",
37569d12ba86SRob Rice .cra_blocksize = MD5_BLOCK_WORDS * 4,
37579d12ba86SRob Rice }
37589d12ba86SRob Rice },
37599d12ba86SRob Rice .cipher_info = {
37609d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
37619d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
37629d12ba86SRob Rice },
37639d12ba86SRob Rice .auth_info = {
37649d12ba86SRob Rice .alg = HASH_ALG_MD5,
37659d12ba86SRob Rice .mode = HASH_MODE_HMAC,
37669d12ba86SRob Rice },
37679d12ba86SRob Rice },
37689d12ba86SRob Rice {.type = CRYPTO_ALG_TYPE_AHASH,
37699d12ba86SRob Rice .alg.hash = {
37709d12ba86SRob Rice .halg.digestsize = SHA1_DIGEST_SIZE,
37719d12ba86SRob Rice .halg.base = {
37729d12ba86SRob Rice .cra_name = "sha1",
37739d12ba86SRob Rice .cra_driver_name = "sha1-iproc",
37749d12ba86SRob Rice .cra_blocksize = SHA1_BLOCK_SIZE,
37759d12ba86SRob Rice }
37769d12ba86SRob Rice },
37779d12ba86SRob Rice .cipher_info = {
37789d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
37799d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
37809d12ba86SRob Rice },
37819d12ba86SRob Rice .auth_info = {
37829d12ba86SRob Rice .alg = HASH_ALG_SHA1,
37839d12ba86SRob Rice .mode = HASH_MODE_HASH,
37849d12ba86SRob Rice },
37859d12ba86SRob Rice },
37869d12ba86SRob Rice {.type = CRYPTO_ALG_TYPE_AHASH,
37879d12ba86SRob Rice .alg.hash = {
37889d12ba86SRob Rice .halg.digestsize = SHA1_DIGEST_SIZE,
37899d12ba86SRob Rice .halg.base = {
37909d12ba86SRob Rice .cra_name = "hmac(sha1)",
37919d12ba86SRob Rice .cra_driver_name = "hmac-sha1-iproc",
37929d12ba86SRob Rice .cra_blocksize = SHA1_BLOCK_SIZE,
37939d12ba86SRob Rice }
37949d12ba86SRob Rice },
37959d12ba86SRob Rice .cipher_info = {
37969d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
37979d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
37989d12ba86SRob Rice },
37999d12ba86SRob Rice .auth_info = {
38009d12ba86SRob Rice .alg = HASH_ALG_SHA1,
38019d12ba86SRob Rice .mode = HASH_MODE_HMAC,
38029d12ba86SRob Rice },
38039d12ba86SRob Rice },
38049d12ba86SRob Rice {.type = CRYPTO_ALG_TYPE_AHASH,
38059d12ba86SRob Rice .alg.hash = {
38069d12ba86SRob Rice .halg.digestsize = SHA224_DIGEST_SIZE,
38079d12ba86SRob Rice .halg.base = {
38089d12ba86SRob Rice .cra_name = "sha224",
38099d12ba86SRob Rice .cra_driver_name = "sha224-iproc",
38109d12ba86SRob Rice .cra_blocksize = SHA224_BLOCK_SIZE,
38119d12ba86SRob Rice }
38129d12ba86SRob Rice },
38139d12ba86SRob Rice .cipher_info = {
38149d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
38159d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
38169d12ba86SRob Rice },
38179d12ba86SRob Rice .auth_info = {
38189d12ba86SRob Rice .alg = HASH_ALG_SHA224,
38199d12ba86SRob Rice .mode = HASH_MODE_HASH,
38209d12ba86SRob Rice },
38219d12ba86SRob Rice },
38229d12ba86SRob Rice {.type = CRYPTO_ALG_TYPE_AHASH,
38239d12ba86SRob Rice .alg.hash = {
38249d12ba86SRob Rice .halg.digestsize = SHA224_DIGEST_SIZE,
38259d12ba86SRob Rice .halg.base = {
38269d12ba86SRob Rice .cra_name = "hmac(sha224)",
38279d12ba86SRob Rice .cra_driver_name = "hmac-sha224-iproc",
38289d12ba86SRob Rice .cra_blocksize = SHA224_BLOCK_SIZE,
38299d12ba86SRob Rice }
38309d12ba86SRob Rice },
38319d12ba86SRob Rice .cipher_info = {
38329d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
38339d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
38349d12ba86SRob Rice },
38359d12ba86SRob Rice .auth_info = {
38369d12ba86SRob Rice .alg = HASH_ALG_SHA224,
38379d12ba86SRob Rice .mode = HASH_MODE_HMAC,
38389d12ba86SRob Rice },
38399d12ba86SRob Rice },
38409d12ba86SRob Rice {.type = CRYPTO_ALG_TYPE_AHASH,
38419d12ba86SRob Rice .alg.hash = {
38429d12ba86SRob Rice .halg.digestsize = SHA256_DIGEST_SIZE,
38439d12ba86SRob Rice .halg.base = {
38449d12ba86SRob Rice .cra_name = "sha256",
38459d12ba86SRob Rice .cra_driver_name = "sha256-iproc",
38469d12ba86SRob Rice .cra_blocksize = SHA256_BLOCK_SIZE,
38479d12ba86SRob Rice }
38489d12ba86SRob Rice },
38499d12ba86SRob Rice .cipher_info = {
38509d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
38519d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
38529d12ba86SRob Rice },
38539d12ba86SRob Rice .auth_info = {
38549d12ba86SRob Rice .alg = HASH_ALG_SHA256,
38559d12ba86SRob Rice .mode = HASH_MODE_HASH,
38569d12ba86SRob Rice },
38579d12ba86SRob Rice },
38589d12ba86SRob Rice {.type = CRYPTO_ALG_TYPE_AHASH,
38599d12ba86SRob Rice .alg.hash = {
38609d12ba86SRob Rice .halg.digestsize = SHA256_DIGEST_SIZE,
38619d12ba86SRob Rice .halg.base = {
38629d12ba86SRob Rice .cra_name = "hmac(sha256)",
38639d12ba86SRob Rice .cra_driver_name = "hmac-sha256-iproc",
38649d12ba86SRob Rice .cra_blocksize = SHA256_BLOCK_SIZE,
38659d12ba86SRob Rice }
38669d12ba86SRob Rice },
38679d12ba86SRob Rice .cipher_info = {
38689d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
38699d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
38709d12ba86SRob Rice },
38719d12ba86SRob Rice .auth_info = {
38729d12ba86SRob Rice .alg = HASH_ALG_SHA256,
38739d12ba86SRob Rice .mode = HASH_MODE_HMAC,
38749d12ba86SRob Rice },
38759d12ba86SRob Rice },
38769d12ba86SRob Rice {
38779d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
38789d12ba86SRob Rice .alg.hash = {
38799d12ba86SRob Rice .halg.digestsize = SHA384_DIGEST_SIZE,
38809d12ba86SRob Rice .halg.base = {
38819d12ba86SRob Rice .cra_name = "sha384",
38829d12ba86SRob Rice .cra_driver_name = "sha384-iproc",
38839d12ba86SRob Rice .cra_blocksize = SHA384_BLOCK_SIZE,
38849d12ba86SRob Rice }
38859d12ba86SRob Rice },
38869d12ba86SRob Rice .cipher_info = {
38879d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
38889d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
38899d12ba86SRob Rice },
38909d12ba86SRob Rice .auth_info = {
38919d12ba86SRob Rice .alg = HASH_ALG_SHA384,
38929d12ba86SRob Rice .mode = HASH_MODE_HASH,
38939d12ba86SRob Rice },
38949d12ba86SRob Rice },
38959d12ba86SRob Rice {
38969d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
38979d12ba86SRob Rice .alg.hash = {
38989d12ba86SRob Rice .halg.digestsize = SHA384_DIGEST_SIZE,
38999d12ba86SRob Rice .halg.base = {
39009d12ba86SRob Rice .cra_name = "hmac(sha384)",
39019d12ba86SRob Rice .cra_driver_name = "hmac-sha384-iproc",
39029d12ba86SRob Rice .cra_blocksize = SHA384_BLOCK_SIZE,
39039d12ba86SRob Rice }
39049d12ba86SRob Rice },
39059d12ba86SRob Rice .cipher_info = {
39069d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
39079d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
39089d12ba86SRob Rice },
39099d12ba86SRob Rice .auth_info = {
39109d12ba86SRob Rice .alg = HASH_ALG_SHA384,
39119d12ba86SRob Rice .mode = HASH_MODE_HMAC,
39129d12ba86SRob Rice },
39139d12ba86SRob Rice },
39149d12ba86SRob Rice {
39159d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
39169d12ba86SRob Rice .alg.hash = {
39179d12ba86SRob Rice .halg.digestsize = SHA512_DIGEST_SIZE,
39189d12ba86SRob Rice .halg.base = {
39199d12ba86SRob Rice .cra_name = "sha512",
39209d12ba86SRob Rice .cra_driver_name = "sha512-iproc",
39219d12ba86SRob Rice .cra_blocksize = SHA512_BLOCK_SIZE,
39229d12ba86SRob Rice }
39239d12ba86SRob Rice },
39249d12ba86SRob Rice .cipher_info = {
39259d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
39269d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
39279d12ba86SRob Rice },
39289d12ba86SRob Rice .auth_info = {
39299d12ba86SRob Rice .alg = HASH_ALG_SHA512,
39309d12ba86SRob Rice .mode = HASH_MODE_HASH,
39319d12ba86SRob Rice },
39329d12ba86SRob Rice },
39339d12ba86SRob Rice {
39349d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
39359d12ba86SRob Rice .alg.hash = {
39369d12ba86SRob Rice .halg.digestsize = SHA512_DIGEST_SIZE,
39379d12ba86SRob Rice .halg.base = {
39389d12ba86SRob Rice .cra_name = "hmac(sha512)",
39399d12ba86SRob Rice .cra_driver_name = "hmac-sha512-iproc",
39409d12ba86SRob Rice .cra_blocksize = SHA512_BLOCK_SIZE,
39419d12ba86SRob Rice }
39429d12ba86SRob Rice },
39439d12ba86SRob Rice .cipher_info = {
39449d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
39459d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
39469d12ba86SRob Rice },
39479d12ba86SRob Rice .auth_info = {
39489d12ba86SRob Rice .alg = HASH_ALG_SHA512,
39499d12ba86SRob Rice .mode = HASH_MODE_HMAC,
39509d12ba86SRob Rice },
39519d12ba86SRob Rice },
39529d12ba86SRob Rice {
39539d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
39549d12ba86SRob Rice .alg.hash = {
39559d12ba86SRob Rice .halg.digestsize = SHA3_224_DIGEST_SIZE,
39569d12ba86SRob Rice .halg.base = {
39579d12ba86SRob Rice .cra_name = "sha3-224",
39589d12ba86SRob Rice .cra_driver_name = "sha3-224-iproc",
39599d12ba86SRob Rice .cra_blocksize = SHA3_224_BLOCK_SIZE,
39609d12ba86SRob Rice }
39619d12ba86SRob Rice },
39629d12ba86SRob Rice .cipher_info = {
39639d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
39649d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
39659d12ba86SRob Rice },
39669d12ba86SRob Rice .auth_info = {
39679d12ba86SRob Rice .alg = HASH_ALG_SHA3_224,
39689d12ba86SRob Rice .mode = HASH_MODE_HASH,
39699d12ba86SRob Rice },
39709d12ba86SRob Rice },
39719d12ba86SRob Rice {
39729d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
39739d12ba86SRob Rice .alg.hash = {
39749d12ba86SRob Rice .halg.digestsize = SHA3_224_DIGEST_SIZE,
39759d12ba86SRob Rice .halg.base = {
39769d12ba86SRob Rice .cra_name = "hmac(sha3-224)",
39779d12ba86SRob Rice .cra_driver_name = "hmac-sha3-224-iproc",
39789d12ba86SRob Rice .cra_blocksize = SHA3_224_BLOCK_SIZE,
39799d12ba86SRob Rice }
39809d12ba86SRob Rice },
39819d12ba86SRob Rice .cipher_info = {
39829d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
39839d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
39849d12ba86SRob Rice },
39859d12ba86SRob Rice .auth_info = {
39869d12ba86SRob Rice .alg = HASH_ALG_SHA3_224,
39879d12ba86SRob Rice .mode = HASH_MODE_HMAC
39889d12ba86SRob Rice },
39899d12ba86SRob Rice },
39909d12ba86SRob Rice {
39919d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
39929d12ba86SRob Rice .alg.hash = {
39939d12ba86SRob Rice .halg.digestsize = SHA3_256_DIGEST_SIZE,
39949d12ba86SRob Rice .halg.base = {
39959d12ba86SRob Rice .cra_name = "sha3-256",
39969d12ba86SRob Rice .cra_driver_name = "sha3-256-iproc",
39979d12ba86SRob Rice .cra_blocksize = SHA3_256_BLOCK_SIZE,
39989d12ba86SRob Rice }
39999d12ba86SRob Rice },
40009d12ba86SRob Rice .cipher_info = {
40019d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
40029d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
40039d12ba86SRob Rice },
40049d12ba86SRob Rice .auth_info = {
40059d12ba86SRob Rice .alg = HASH_ALG_SHA3_256,
40069d12ba86SRob Rice .mode = HASH_MODE_HASH,
40079d12ba86SRob Rice },
40089d12ba86SRob Rice },
40099d12ba86SRob Rice {
40109d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
40119d12ba86SRob Rice .alg.hash = {
40129d12ba86SRob Rice .halg.digestsize = SHA3_256_DIGEST_SIZE,
40139d12ba86SRob Rice .halg.base = {
40149d12ba86SRob Rice .cra_name = "hmac(sha3-256)",
40159d12ba86SRob Rice .cra_driver_name = "hmac-sha3-256-iproc",
40169d12ba86SRob Rice .cra_blocksize = SHA3_256_BLOCK_SIZE,
40179d12ba86SRob Rice }
40189d12ba86SRob Rice },
40199d12ba86SRob Rice .cipher_info = {
40209d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
40219d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
40229d12ba86SRob Rice },
40239d12ba86SRob Rice .auth_info = {
40249d12ba86SRob Rice .alg = HASH_ALG_SHA3_256,
40259d12ba86SRob Rice .mode = HASH_MODE_HMAC,
40269d12ba86SRob Rice },
40279d12ba86SRob Rice },
40289d12ba86SRob Rice {
40299d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
40309d12ba86SRob Rice .alg.hash = {
40319d12ba86SRob Rice .halg.digestsize = SHA3_384_DIGEST_SIZE,
40329d12ba86SRob Rice .halg.base = {
40339d12ba86SRob Rice .cra_name = "sha3-384",
40349d12ba86SRob Rice .cra_driver_name = "sha3-384-iproc",
40359d12ba86SRob Rice .cra_blocksize = SHA3_224_BLOCK_SIZE,
40369d12ba86SRob Rice }
40379d12ba86SRob Rice },
40389d12ba86SRob Rice .cipher_info = {
40399d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
40409d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
40419d12ba86SRob Rice },
40429d12ba86SRob Rice .auth_info = {
40439d12ba86SRob Rice .alg = HASH_ALG_SHA3_384,
40449d12ba86SRob Rice .mode = HASH_MODE_HASH,
40459d12ba86SRob Rice },
40469d12ba86SRob Rice },
40479d12ba86SRob Rice {
40489d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
40499d12ba86SRob Rice .alg.hash = {
40509d12ba86SRob Rice .halg.digestsize = SHA3_384_DIGEST_SIZE,
40519d12ba86SRob Rice .halg.base = {
40529d12ba86SRob Rice .cra_name = "hmac(sha3-384)",
40539d12ba86SRob Rice .cra_driver_name = "hmac-sha3-384-iproc",
40549d12ba86SRob Rice .cra_blocksize = SHA3_384_BLOCK_SIZE,
40559d12ba86SRob Rice }
40569d12ba86SRob Rice },
40579d12ba86SRob Rice .cipher_info = {
40589d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
40599d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
40609d12ba86SRob Rice },
40619d12ba86SRob Rice .auth_info = {
40629d12ba86SRob Rice .alg = HASH_ALG_SHA3_384,
40639d12ba86SRob Rice .mode = HASH_MODE_HMAC,
40649d12ba86SRob Rice },
40659d12ba86SRob Rice },
40669d12ba86SRob Rice {
40679d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
40689d12ba86SRob Rice .alg.hash = {
40699d12ba86SRob Rice .halg.digestsize = SHA3_512_DIGEST_SIZE,
40709d12ba86SRob Rice .halg.base = {
40719d12ba86SRob Rice .cra_name = "sha3-512",
40729d12ba86SRob Rice .cra_driver_name = "sha3-512-iproc",
40739d12ba86SRob Rice .cra_blocksize = SHA3_512_BLOCK_SIZE,
40749d12ba86SRob Rice }
40759d12ba86SRob Rice },
40769d12ba86SRob Rice .cipher_info = {
40779d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
40789d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
40799d12ba86SRob Rice },
40809d12ba86SRob Rice .auth_info = {
40819d12ba86SRob Rice .alg = HASH_ALG_SHA3_512,
40829d12ba86SRob Rice .mode = HASH_MODE_HASH,
40839d12ba86SRob Rice },
40849d12ba86SRob Rice },
40859d12ba86SRob Rice {
40869d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
40879d12ba86SRob Rice .alg.hash = {
40889d12ba86SRob Rice .halg.digestsize = SHA3_512_DIGEST_SIZE,
40899d12ba86SRob Rice .halg.base = {
40909d12ba86SRob Rice .cra_name = "hmac(sha3-512)",
40919d12ba86SRob Rice .cra_driver_name = "hmac-sha3-512-iproc",
40929d12ba86SRob Rice .cra_blocksize = SHA3_512_BLOCK_SIZE,
40939d12ba86SRob Rice }
40949d12ba86SRob Rice },
40959d12ba86SRob Rice .cipher_info = {
40969d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
40979d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
40989d12ba86SRob Rice },
40999d12ba86SRob Rice .auth_info = {
41009d12ba86SRob Rice .alg = HASH_ALG_SHA3_512,
41019d12ba86SRob Rice .mode = HASH_MODE_HMAC,
41029d12ba86SRob Rice },
41039d12ba86SRob Rice },
41049d12ba86SRob Rice {
41059d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
41069d12ba86SRob Rice .alg.hash = {
41079d12ba86SRob Rice .halg.digestsize = AES_BLOCK_SIZE,
41089d12ba86SRob Rice .halg.base = {
41099d12ba86SRob Rice .cra_name = "xcbc(aes)",
41109d12ba86SRob Rice .cra_driver_name = "xcbc-aes-iproc",
41119d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
41129d12ba86SRob Rice }
41139d12ba86SRob Rice },
41149d12ba86SRob Rice .cipher_info = {
41159d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
41169d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
41179d12ba86SRob Rice },
41189d12ba86SRob Rice .auth_info = {
41199d12ba86SRob Rice .alg = HASH_ALG_AES,
41209d12ba86SRob Rice .mode = HASH_MODE_XCBC,
41219d12ba86SRob Rice },
41229d12ba86SRob Rice },
41239d12ba86SRob Rice {
41249d12ba86SRob Rice .type = CRYPTO_ALG_TYPE_AHASH,
41259d12ba86SRob Rice .alg.hash = {
41269d12ba86SRob Rice .halg.digestsize = AES_BLOCK_SIZE,
41279d12ba86SRob Rice .halg.base = {
41289d12ba86SRob Rice .cra_name = "cmac(aes)",
41299d12ba86SRob Rice .cra_driver_name = "cmac-aes-iproc",
41309d12ba86SRob Rice .cra_blocksize = AES_BLOCK_SIZE,
41319d12ba86SRob Rice }
41329d12ba86SRob Rice },
41339d12ba86SRob Rice .cipher_info = {
41349d12ba86SRob Rice .alg = CIPHER_ALG_NONE,
41359d12ba86SRob Rice .mode = CIPHER_MODE_NONE,
41369d12ba86SRob Rice },
41379d12ba86SRob Rice .auth_info = {
41389d12ba86SRob Rice .alg = HASH_ALG_AES,
41399d12ba86SRob Rice .mode = HASH_MODE_CMAC,
41409d12ba86SRob Rice },
41419d12ba86SRob Rice },
41429d12ba86SRob Rice };
41439d12ba86SRob Rice
generic_cra_init(struct crypto_tfm * tfm,struct iproc_alg_s * cipher_alg)41449d12ba86SRob Rice static int generic_cra_init(struct crypto_tfm *tfm,
41459d12ba86SRob Rice struct iproc_alg_s *cipher_alg)
41469d12ba86SRob Rice {
41479d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
41489d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
41499d12ba86SRob Rice unsigned int blocksize = crypto_tfm_alg_blocksize(tfm);
41509d12ba86SRob Rice
41519d12ba86SRob Rice flow_log("%s()\n", __func__);
41529d12ba86SRob Rice
41539d12ba86SRob Rice ctx->alg = cipher_alg;
41549d12ba86SRob Rice ctx->cipher = cipher_alg->cipher_info;
41559d12ba86SRob Rice ctx->auth = cipher_alg->auth_info;
41569d12ba86SRob Rice ctx->auth_first = cipher_alg->auth_first;
41579d12ba86SRob Rice ctx->max_payload = spu->spu_ctx_max_payload(ctx->cipher.alg,
41589d12ba86SRob Rice ctx->cipher.mode,
41599d12ba86SRob Rice blocksize);
41609d12ba86SRob Rice ctx->fallback_cipher = NULL;
41619d12ba86SRob Rice
41629d12ba86SRob Rice ctx->enckeylen = 0;
41639d12ba86SRob Rice ctx->authkeylen = 0;
41649d12ba86SRob Rice
41659d12ba86SRob Rice atomic_inc(&iproc_priv.stream_count);
41669d12ba86SRob Rice atomic_inc(&iproc_priv.session_count);
41679d12ba86SRob Rice
41689d12ba86SRob Rice return 0;
41699d12ba86SRob Rice }
41709d12ba86SRob Rice
skcipher_init_tfm(struct crypto_skcipher * skcipher)4171a9c01cd6SArd Biesheuvel static int skcipher_init_tfm(struct crypto_skcipher *skcipher)
41729d12ba86SRob Rice {
4173a9c01cd6SArd Biesheuvel struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
4174a9c01cd6SArd Biesheuvel struct skcipher_alg *alg = crypto_skcipher_alg(skcipher);
41759d12ba86SRob Rice struct iproc_alg_s *cipher_alg;
41769d12ba86SRob Rice
41779d12ba86SRob Rice flow_log("%s()\n", __func__);
41789d12ba86SRob Rice
4179a9c01cd6SArd Biesheuvel crypto_skcipher_set_reqsize(skcipher, sizeof(struct iproc_reqctx_s));
41809d12ba86SRob Rice
4181a9c01cd6SArd Biesheuvel cipher_alg = container_of(alg, struct iproc_alg_s, alg.skcipher);
41829d12ba86SRob Rice return generic_cra_init(tfm, cipher_alg);
41839d12ba86SRob Rice }
41849d12ba86SRob Rice
ahash_cra_init(struct crypto_tfm * tfm)41859d12ba86SRob Rice static int ahash_cra_init(struct crypto_tfm *tfm)
41869d12ba86SRob Rice {
41879d12ba86SRob Rice int err;
41889d12ba86SRob Rice struct crypto_alg *alg = tfm->__crt_alg;
41899d12ba86SRob Rice struct iproc_alg_s *cipher_alg;
41909d12ba86SRob Rice
41919d12ba86SRob Rice cipher_alg = container_of(__crypto_ahash_alg(alg), struct iproc_alg_s,
41929d12ba86SRob Rice alg.hash);
41939d12ba86SRob Rice
41949d12ba86SRob Rice err = generic_cra_init(tfm, cipher_alg);
41959d12ba86SRob Rice flow_log("%s()\n", __func__);
41969d12ba86SRob Rice
41979d12ba86SRob Rice /*
41989d12ba86SRob Rice * export state size has to be < 512 bytes. So don't include msg bufs
41999d12ba86SRob Rice * in state size.
42009d12ba86SRob Rice */
42019d12ba86SRob Rice crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
42029d12ba86SRob Rice sizeof(struct iproc_reqctx_s));
42039d12ba86SRob Rice
42049d12ba86SRob Rice return err;
42059d12ba86SRob Rice }
42069d12ba86SRob Rice
aead_cra_init(struct crypto_aead * aead)42079d12ba86SRob Rice static int aead_cra_init(struct crypto_aead *aead)
42089d12ba86SRob Rice {
4209654627adSHerbert Xu unsigned int reqsize = sizeof(struct iproc_reqctx_s);
42109d12ba86SRob Rice struct crypto_tfm *tfm = crypto_aead_tfm(aead);
42119d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
42129d12ba86SRob Rice struct crypto_alg *alg = tfm->__crt_alg;
42139d12ba86SRob Rice struct aead_alg *aalg = container_of(alg, struct aead_alg, base);
42149d12ba86SRob Rice struct iproc_alg_s *cipher_alg = container_of(aalg, struct iproc_alg_s,
42159d12ba86SRob Rice alg.aead);
42169d12ba86SRob Rice
42179d12ba86SRob Rice int err = generic_cra_init(tfm, cipher_alg);
42189d12ba86SRob Rice
42199d12ba86SRob Rice flow_log("%s()\n", __func__);
42209d12ba86SRob Rice
42219d12ba86SRob Rice ctx->is_esp = false;
42229d12ba86SRob Rice ctx->salt_len = 0;
42239d12ba86SRob Rice ctx->salt_offset = 0;
42249d12ba86SRob Rice
42259d12ba86SRob Rice /* random first IV */
42269d12ba86SRob Rice get_random_bytes(ctx->iv, MAX_IV_SIZE);
42279d12ba86SRob Rice flow_dump(" iv: ", ctx->iv, MAX_IV_SIZE);
42289d12ba86SRob Rice
4229654627adSHerbert Xu if (err)
4230654627adSHerbert Xu goto out;
4231654627adSHerbert Xu
4232654627adSHerbert Xu if (!(alg->cra_flags & CRYPTO_ALG_NEED_FALLBACK))
4233654627adSHerbert Xu goto reqsize;
4234654627adSHerbert Xu
42359d12ba86SRob Rice flow_log("%s() creating fallback cipher\n", __func__);
42369d12ba86SRob Rice
4237654627adSHerbert Xu ctx->fallback_cipher = crypto_alloc_aead(alg->cra_name, 0,
42389d12ba86SRob Rice CRYPTO_ALG_ASYNC |
42399d12ba86SRob Rice CRYPTO_ALG_NEED_FALLBACK);
42409d12ba86SRob Rice if (IS_ERR(ctx->fallback_cipher)) {
42419d12ba86SRob Rice pr_err("%s() Error: failed to allocate fallback for %s\n",
42429d12ba86SRob Rice __func__, alg->cra_name);
42439d12ba86SRob Rice return PTR_ERR(ctx->fallback_cipher);
42449d12ba86SRob Rice }
42459d12ba86SRob Rice
4246654627adSHerbert Xu reqsize += crypto_aead_reqsize(ctx->fallback_cipher);
4247654627adSHerbert Xu
4248654627adSHerbert Xu reqsize:
4249654627adSHerbert Xu crypto_aead_set_reqsize(aead, reqsize);
4250654627adSHerbert Xu
4251654627adSHerbert Xu out:
42529d12ba86SRob Rice return err;
42539d12ba86SRob Rice }
42549d12ba86SRob Rice
generic_cra_exit(struct crypto_tfm * tfm)42559d12ba86SRob Rice static void generic_cra_exit(struct crypto_tfm *tfm)
42569d12ba86SRob Rice {
42579d12ba86SRob Rice atomic_dec(&iproc_priv.session_count);
42589d12ba86SRob Rice }
42599d12ba86SRob Rice
skcipher_exit_tfm(struct crypto_skcipher * tfm)4260a9c01cd6SArd Biesheuvel static void skcipher_exit_tfm(struct crypto_skcipher *tfm)
4261a9c01cd6SArd Biesheuvel {
4262a9c01cd6SArd Biesheuvel generic_cra_exit(crypto_skcipher_tfm(tfm));
4263a9c01cd6SArd Biesheuvel }
4264a9c01cd6SArd Biesheuvel
aead_cra_exit(struct crypto_aead * aead)42659d12ba86SRob Rice static void aead_cra_exit(struct crypto_aead *aead)
42669d12ba86SRob Rice {
42679d12ba86SRob Rice struct crypto_tfm *tfm = crypto_aead_tfm(aead);
42689d12ba86SRob Rice struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
42699d12ba86SRob Rice
42709d12ba86SRob Rice generic_cra_exit(tfm);
42719d12ba86SRob Rice
42729d12ba86SRob Rice if (ctx->fallback_cipher) {
42739d12ba86SRob Rice crypto_free_aead(ctx->fallback_cipher);
42749d12ba86SRob Rice ctx->fallback_cipher = NULL;
42759d12ba86SRob Rice }
42769d12ba86SRob Rice }
42779d12ba86SRob Rice
42789d12ba86SRob Rice /**
42799d12ba86SRob Rice * spu_functions_register() - Specify hardware-specific SPU functions based on
42809d12ba86SRob Rice * SPU type read from device tree.
42819d12ba86SRob Rice * @dev: device structure
42829d12ba86SRob Rice * @spu_type: SPU hardware generation
42839d12ba86SRob Rice * @spu_subtype: SPU hardware version
42849d12ba86SRob Rice */
spu_functions_register(struct device * dev,enum spu_spu_type spu_type,enum spu_spu_subtype spu_subtype)42859d12ba86SRob Rice static void spu_functions_register(struct device *dev,
42869d12ba86SRob Rice enum spu_spu_type spu_type,
42879d12ba86SRob Rice enum spu_spu_subtype spu_subtype)
42889d12ba86SRob Rice {
42899d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
42909d12ba86SRob Rice
42919d12ba86SRob Rice if (spu_type == SPU_TYPE_SPUM) {
42929d12ba86SRob Rice dev_dbg(dev, "Registering SPUM functions");
42939d12ba86SRob Rice spu->spu_dump_msg_hdr = spum_dump_msg_hdr;
42949d12ba86SRob Rice spu->spu_payload_length = spum_payload_length;
42959d12ba86SRob Rice spu->spu_response_hdr_len = spum_response_hdr_len;
42969d12ba86SRob Rice spu->spu_hash_pad_len = spum_hash_pad_len;
42979d12ba86SRob Rice spu->spu_gcm_ccm_pad_len = spum_gcm_ccm_pad_len;
42989d12ba86SRob Rice spu->spu_assoc_resp_len = spum_assoc_resp_len;
42999d12ba86SRob Rice spu->spu_aead_ivlen = spum_aead_ivlen;
43009d12ba86SRob Rice spu->spu_hash_type = spum_hash_type;
43019d12ba86SRob Rice spu->spu_digest_size = spum_digest_size;
43029d12ba86SRob Rice spu->spu_create_request = spum_create_request;
43039d12ba86SRob Rice spu->spu_cipher_req_init = spum_cipher_req_init;
43049d12ba86SRob Rice spu->spu_cipher_req_finish = spum_cipher_req_finish;
43059d12ba86SRob Rice spu->spu_request_pad = spum_request_pad;
43069d12ba86SRob Rice spu->spu_tx_status_len = spum_tx_status_len;
43079d12ba86SRob Rice spu->spu_rx_status_len = spum_rx_status_len;
43089d12ba86SRob Rice spu->spu_status_process = spum_status_process;
43099d12ba86SRob Rice spu->spu_xts_tweak_in_payload = spum_xts_tweak_in_payload;
43109d12ba86SRob Rice spu->spu_ccm_update_iv = spum_ccm_update_iv;
43119d12ba86SRob Rice spu->spu_wordalign_padlen = spum_wordalign_padlen;
43129d12ba86SRob Rice if (spu_subtype == SPU_SUBTYPE_SPUM_NS2)
43139d12ba86SRob Rice spu->spu_ctx_max_payload = spum_ns2_ctx_max_payload;
43149d12ba86SRob Rice else
43159d12ba86SRob Rice spu->spu_ctx_max_payload = spum_nsp_ctx_max_payload;
43169d12ba86SRob Rice } else {
43179d12ba86SRob Rice dev_dbg(dev, "Registering SPU2 functions");
43189d12ba86SRob Rice spu->spu_dump_msg_hdr = spu2_dump_msg_hdr;
43199d12ba86SRob Rice spu->spu_ctx_max_payload = spu2_ctx_max_payload;
43209d12ba86SRob Rice spu->spu_payload_length = spu2_payload_length;
43219d12ba86SRob Rice spu->spu_response_hdr_len = spu2_response_hdr_len;
43229d12ba86SRob Rice spu->spu_hash_pad_len = spu2_hash_pad_len;
43239d12ba86SRob Rice spu->spu_gcm_ccm_pad_len = spu2_gcm_ccm_pad_len;
43249d12ba86SRob Rice spu->spu_assoc_resp_len = spu2_assoc_resp_len;
43259d12ba86SRob Rice spu->spu_aead_ivlen = spu2_aead_ivlen;
43269d12ba86SRob Rice spu->spu_hash_type = spu2_hash_type;
43279d12ba86SRob Rice spu->spu_digest_size = spu2_digest_size;
43289d12ba86SRob Rice spu->spu_create_request = spu2_create_request;
43299d12ba86SRob Rice spu->spu_cipher_req_init = spu2_cipher_req_init;
43309d12ba86SRob Rice spu->spu_cipher_req_finish = spu2_cipher_req_finish;
43319d12ba86SRob Rice spu->spu_request_pad = spu2_request_pad;
43329d12ba86SRob Rice spu->spu_tx_status_len = spu2_tx_status_len;
43339d12ba86SRob Rice spu->spu_rx_status_len = spu2_rx_status_len;
43349d12ba86SRob Rice spu->spu_status_process = spu2_status_process;
43359d12ba86SRob Rice spu->spu_xts_tweak_in_payload = spu2_xts_tweak_in_payload;
43369d12ba86SRob Rice spu->spu_ccm_update_iv = spu2_ccm_update_iv;
43379d12ba86SRob Rice spu->spu_wordalign_padlen = spu2_wordalign_padlen;
43389d12ba86SRob Rice }
43399d12ba86SRob Rice }
43409d12ba86SRob Rice
43419d12ba86SRob Rice /**
43429d12ba86SRob Rice * spu_mb_init() - Initialize mailbox client. Request ownership of a mailbox
43439d12ba86SRob Rice * channel for the SPU being probed.
43449d12ba86SRob Rice * @dev: SPU driver device structure
43459d12ba86SRob Rice *
43469d12ba86SRob Rice * Return: 0 if successful
43479d12ba86SRob Rice * < 0 otherwise
43489d12ba86SRob Rice */
spu_mb_init(struct device * dev)43499d12ba86SRob Rice static int spu_mb_init(struct device *dev)
43509d12ba86SRob Rice {
43519166c443Sraveendra padasalagi struct mbox_client *mcl = &iproc_priv.mcl;
43529166c443Sraveendra padasalagi int err, i;
43539166c443Sraveendra padasalagi
43549166c443Sraveendra padasalagi iproc_priv.mbox = devm_kcalloc(dev, iproc_priv.spu.num_chan,
43559166c443Sraveendra padasalagi sizeof(struct mbox_chan *), GFP_KERNEL);
43569166c443Sraveendra padasalagi if (!iproc_priv.mbox)
43579166c443Sraveendra padasalagi return -ENOMEM;
43589d12ba86SRob Rice
43599d12ba86SRob Rice mcl->dev = dev;
43609d12ba86SRob Rice mcl->tx_block = false;
43619d12ba86SRob Rice mcl->tx_tout = 0;
4362f0e2ce58Sraveendra padasalagi mcl->knows_txdone = true;
43639d12ba86SRob Rice mcl->rx_callback = spu_rx_callback;
43649d12ba86SRob Rice mcl->tx_done = NULL;
43659d12ba86SRob Rice
43669166c443Sraveendra padasalagi for (i = 0; i < iproc_priv.spu.num_chan; i++) {
43679166c443Sraveendra padasalagi iproc_priv.mbox[i] = mbox_request_channel(mcl, i);
43689166c443Sraveendra padasalagi if (IS_ERR(iproc_priv.mbox[i])) {
436942a13ddbSTang Bin err = PTR_ERR(iproc_priv.mbox[i]);
43709d12ba86SRob Rice dev_err(dev,
43719d12ba86SRob Rice "Mbox channel %d request failed with err %d",
43729166c443Sraveendra padasalagi i, err);
43739166c443Sraveendra padasalagi iproc_priv.mbox[i] = NULL;
43749166c443Sraveendra padasalagi goto free_channels;
43759166c443Sraveendra padasalagi }
43769d12ba86SRob Rice }
43779d12ba86SRob Rice
43789d12ba86SRob Rice return 0;
43799166c443Sraveendra padasalagi free_channels:
43809166c443Sraveendra padasalagi for (i = 0; i < iproc_priv.spu.num_chan; i++) {
43819166c443Sraveendra padasalagi if (iproc_priv.mbox[i])
43829166c443Sraveendra padasalagi mbox_free_channel(iproc_priv.mbox[i]);
43839166c443Sraveendra padasalagi }
43849166c443Sraveendra padasalagi
43859166c443Sraveendra padasalagi return err;
43869d12ba86SRob Rice }
43879d12ba86SRob Rice
spu_mb_release(struct platform_device * pdev)43889d12ba86SRob Rice static void spu_mb_release(struct platform_device *pdev)
43899d12ba86SRob Rice {
43909d12ba86SRob Rice int i;
43919d12ba86SRob Rice
43929166c443Sraveendra padasalagi for (i = 0; i < iproc_priv.spu.num_chan; i++)
43939d12ba86SRob Rice mbox_free_channel(iproc_priv.mbox[i]);
43949d12ba86SRob Rice }
43959d12ba86SRob Rice
spu_counters_init(void)43969d12ba86SRob Rice static void spu_counters_init(void)
43979d12ba86SRob Rice {
43989d12ba86SRob Rice int i;
43999d12ba86SRob Rice int j;
44009d12ba86SRob Rice
44019d12ba86SRob Rice atomic_set(&iproc_priv.session_count, 0);
44029d12ba86SRob Rice atomic_set(&iproc_priv.stream_count, 0);
44039166c443Sraveendra padasalagi atomic_set(&iproc_priv.next_chan, (int)iproc_priv.spu.num_chan);
44049d12ba86SRob Rice atomic64_set(&iproc_priv.bytes_in, 0);
44059d12ba86SRob Rice atomic64_set(&iproc_priv.bytes_out, 0);
44069d12ba86SRob Rice for (i = 0; i < SPU_OP_NUM; i++) {
44079d12ba86SRob Rice atomic_set(&iproc_priv.op_counts[i], 0);
44089d12ba86SRob Rice atomic_set(&iproc_priv.setkey_cnt[i], 0);
44099d12ba86SRob Rice }
44109d12ba86SRob Rice for (i = 0; i < CIPHER_ALG_LAST; i++)
44119d12ba86SRob Rice for (j = 0; j < CIPHER_MODE_LAST; j++)
44129d12ba86SRob Rice atomic_set(&iproc_priv.cipher_cnt[i][j], 0);
44139d12ba86SRob Rice
44149d12ba86SRob Rice for (i = 0; i < HASH_ALG_LAST; i++) {
44159d12ba86SRob Rice atomic_set(&iproc_priv.hash_cnt[i], 0);
44169d12ba86SRob Rice atomic_set(&iproc_priv.hmac_cnt[i], 0);
44179d12ba86SRob Rice }
44189d12ba86SRob Rice for (i = 0; i < AEAD_TYPE_LAST; i++)
44199d12ba86SRob Rice atomic_set(&iproc_priv.aead_cnt[i], 0);
44209d12ba86SRob Rice
44219d12ba86SRob Rice atomic_set(&iproc_priv.mb_no_spc, 0);
44229d12ba86SRob Rice atomic_set(&iproc_priv.mb_send_fail, 0);
44239d12ba86SRob Rice atomic_set(&iproc_priv.bad_icv, 0);
44249d12ba86SRob Rice }
44259d12ba86SRob Rice
spu_register_skcipher(struct iproc_alg_s * driver_alg)4426a9c01cd6SArd Biesheuvel static int spu_register_skcipher(struct iproc_alg_s *driver_alg)
44279d12ba86SRob Rice {
4428a9c01cd6SArd Biesheuvel struct skcipher_alg *crypto = &driver_alg->alg.skcipher;
44299d12ba86SRob Rice int err;
44309d12ba86SRob Rice
4431a9c01cd6SArd Biesheuvel crypto->base.cra_module = THIS_MODULE;
4432a9c01cd6SArd Biesheuvel crypto->base.cra_priority = cipher_pri;
4433a9c01cd6SArd Biesheuvel crypto->base.cra_alignmask = 0;
4434a9c01cd6SArd Biesheuvel crypto->base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4435b8aa7dc5SMikulas Patocka crypto->base.cra_flags = CRYPTO_ALG_ASYNC |
4436b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY |
4437b8aa7dc5SMikulas Patocka CRYPTO_ALG_KERN_DRIVER_ONLY;
44389d12ba86SRob Rice
4439a9c01cd6SArd Biesheuvel crypto->init = skcipher_init_tfm;
4440a9c01cd6SArd Biesheuvel crypto->exit = skcipher_exit_tfm;
4441a9c01cd6SArd Biesheuvel crypto->setkey = skcipher_setkey;
4442a9c01cd6SArd Biesheuvel crypto->encrypt = skcipher_encrypt;
4443a9c01cd6SArd Biesheuvel crypto->decrypt = skcipher_decrypt;
44449d12ba86SRob Rice
4445a9c01cd6SArd Biesheuvel err = crypto_register_skcipher(crypto);
44469d12ba86SRob Rice /* Mark alg as having been registered, if successful */
44479d12ba86SRob Rice if (err == 0)
44489d12ba86SRob Rice driver_alg->registered = true;
4449a9c01cd6SArd Biesheuvel pr_debug(" registered skcipher %s\n", crypto->base.cra_driver_name);
44509d12ba86SRob Rice return err;
44519d12ba86SRob Rice }
44529d12ba86SRob Rice
spu_register_ahash(struct iproc_alg_s * driver_alg)44539d12ba86SRob Rice static int spu_register_ahash(struct iproc_alg_s *driver_alg)
44549d12ba86SRob Rice {
44559d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
44569d12ba86SRob Rice struct ahash_alg *hash = &driver_alg->alg.hash;
44579d12ba86SRob Rice int err;
44589d12ba86SRob Rice
44599d12ba86SRob Rice /* AES-XCBC is the only AES hash type currently supported on SPU-M */
44609d12ba86SRob Rice if ((driver_alg->auth_info.alg == HASH_ALG_AES) &&
44619d12ba86SRob Rice (driver_alg->auth_info.mode != HASH_MODE_XCBC) &&
44629d12ba86SRob Rice (spu->spu_type == SPU_TYPE_SPUM))
44639d12ba86SRob Rice return 0;
44649d12ba86SRob Rice
44659d12ba86SRob Rice /* SHA3 algorithm variants are not registered for SPU-M or SPU2. */
44669d12ba86SRob Rice if ((driver_alg->auth_info.alg >= HASH_ALG_SHA3_224) &&
44679d12ba86SRob Rice (spu->spu_subtype != SPU_SUBTYPE_SPU2_V2))
44689d12ba86SRob Rice return 0;
44699d12ba86SRob Rice
44709d12ba86SRob Rice hash->halg.base.cra_module = THIS_MODULE;
44719d12ba86SRob Rice hash->halg.base.cra_priority = hash_pri;
44729d12ba86SRob Rice hash->halg.base.cra_alignmask = 0;
44739d12ba86SRob Rice hash->halg.base.cra_ctxsize = sizeof(struct iproc_ctx_s);
44749d12ba86SRob Rice hash->halg.base.cra_init = ahash_cra_init;
44759d12ba86SRob Rice hash->halg.base.cra_exit = generic_cra_exit;
4476b8aa7dc5SMikulas Patocka hash->halg.base.cra_flags = CRYPTO_ALG_ASYNC |
4477b8aa7dc5SMikulas Patocka CRYPTO_ALG_ALLOCATES_MEMORY;
44789d12ba86SRob Rice hash->halg.statesize = sizeof(struct spu_hash_export_s);
44799d12ba86SRob Rice
44809d12ba86SRob Rice if (driver_alg->auth_info.mode != HASH_MODE_HMAC) {
44819d12ba86SRob Rice hash->init = ahash_init;
44829d12ba86SRob Rice hash->update = ahash_update;
44839d12ba86SRob Rice hash->final = ahash_final;
44849d12ba86SRob Rice hash->finup = ahash_finup;
44859d12ba86SRob Rice hash->digest = ahash_digest;
44864f0129d1SRaveendra Padasalagi if ((driver_alg->auth_info.alg == HASH_ALG_AES) &&
44874f0129d1SRaveendra Padasalagi ((driver_alg->auth_info.mode == HASH_MODE_XCBC) ||
44884f0129d1SRaveendra Padasalagi (driver_alg->auth_info.mode == HASH_MODE_CMAC))) {
44894f0129d1SRaveendra Padasalagi hash->setkey = ahash_setkey;
44904f0129d1SRaveendra Padasalagi }
44919d12ba86SRob Rice } else {
44929d12ba86SRob Rice hash->setkey = ahash_hmac_setkey;
44939d12ba86SRob Rice hash->init = ahash_hmac_init;
44949d12ba86SRob Rice hash->update = ahash_hmac_update;
44959d12ba86SRob Rice hash->final = ahash_hmac_final;
44969d12ba86SRob Rice hash->finup = ahash_hmac_finup;
44979d12ba86SRob Rice hash->digest = ahash_hmac_digest;
44989d12ba86SRob Rice }
44999d12ba86SRob Rice hash->export = ahash_export;
45009d12ba86SRob Rice hash->import = ahash_import;
45019d12ba86SRob Rice
45029d12ba86SRob Rice err = crypto_register_ahash(hash);
45039d12ba86SRob Rice /* Mark alg as having been registered, if successful */
45049d12ba86SRob Rice if (err == 0)
45059d12ba86SRob Rice driver_alg->registered = true;
45069d12ba86SRob Rice pr_debug(" registered ahash %s\n",
45079d12ba86SRob Rice hash->halg.base.cra_driver_name);
45089d12ba86SRob Rice return err;
45099d12ba86SRob Rice }
45109d12ba86SRob Rice
spu_register_aead(struct iproc_alg_s * driver_alg)45119d12ba86SRob Rice static int spu_register_aead(struct iproc_alg_s *driver_alg)
45129d12ba86SRob Rice {
45139d12ba86SRob Rice struct aead_alg *aead = &driver_alg->alg.aead;
45149d12ba86SRob Rice int err;
45159d12ba86SRob Rice
45169d12ba86SRob Rice aead->base.cra_module = THIS_MODULE;
45179d12ba86SRob Rice aead->base.cra_priority = aead_pri;
45189d12ba86SRob Rice aead->base.cra_alignmask = 0;
45199d12ba86SRob Rice aead->base.cra_ctxsize = sizeof(struct iproc_ctx_s);
45209d12ba86SRob Rice
4521b8aa7dc5SMikulas Patocka aead->base.cra_flags |= CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY;
45229d12ba86SRob Rice /* setkey set in alg initialization */
45239d12ba86SRob Rice aead->setauthsize = aead_setauthsize;
45249d12ba86SRob Rice aead->encrypt = aead_encrypt;
45259d12ba86SRob Rice aead->decrypt = aead_decrypt;
45269d12ba86SRob Rice aead->init = aead_cra_init;
45279d12ba86SRob Rice aead->exit = aead_cra_exit;
45289d12ba86SRob Rice
45299d12ba86SRob Rice err = crypto_register_aead(aead);
45309d12ba86SRob Rice /* Mark alg as having been registered, if successful */
45319d12ba86SRob Rice if (err == 0)
45329d12ba86SRob Rice driver_alg->registered = true;
45339d12ba86SRob Rice pr_debug(" registered aead %s\n", aead->base.cra_driver_name);
45349d12ba86SRob Rice return err;
45359d12ba86SRob Rice }
45369d12ba86SRob Rice
45379d12ba86SRob Rice /* register crypto algorithms the device supports */
spu_algs_register(struct device * dev)45389d12ba86SRob Rice static int spu_algs_register(struct device *dev)
45399d12ba86SRob Rice {
45409d12ba86SRob Rice int i, j;
45419d12ba86SRob Rice int err;
45429d12ba86SRob Rice
45439d12ba86SRob Rice for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
45449d12ba86SRob Rice switch (driver_algs[i].type) {
4545a9c01cd6SArd Biesheuvel case CRYPTO_ALG_TYPE_SKCIPHER:
4546a9c01cd6SArd Biesheuvel err = spu_register_skcipher(&driver_algs[i]);
45479d12ba86SRob Rice break;
45489d12ba86SRob Rice case CRYPTO_ALG_TYPE_AHASH:
45499d12ba86SRob Rice err = spu_register_ahash(&driver_algs[i]);
45509d12ba86SRob Rice break;
45519d12ba86SRob Rice case CRYPTO_ALG_TYPE_AEAD:
45529d12ba86SRob Rice err = spu_register_aead(&driver_algs[i]);
45539d12ba86SRob Rice break;
45549d12ba86SRob Rice default:
45559d12ba86SRob Rice dev_err(dev,
45569d12ba86SRob Rice "iproc-crypto: unknown alg type: %d",
45579d12ba86SRob Rice driver_algs[i].type);
45589d12ba86SRob Rice err = -EINVAL;
45599d12ba86SRob Rice }
45609d12ba86SRob Rice
45619d12ba86SRob Rice if (err) {
45629d12ba86SRob Rice dev_err(dev, "alg registration failed with error %d\n",
45639d12ba86SRob Rice err);
45649d12ba86SRob Rice goto err_algs;
45659d12ba86SRob Rice }
45669d12ba86SRob Rice }
45679d12ba86SRob Rice
45689d12ba86SRob Rice return 0;
45699d12ba86SRob Rice
45709d12ba86SRob Rice err_algs:
45719d12ba86SRob Rice for (j = 0; j < i; j++) {
45729d12ba86SRob Rice /* Skip any algorithm not registered */
45739d12ba86SRob Rice if (!driver_algs[j].registered)
45749d12ba86SRob Rice continue;
45759d12ba86SRob Rice switch (driver_algs[j].type) {
4576a9c01cd6SArd Biesheuvel case CRYPTO_ALG_TYPE_SKCIPHER:
4577a9c01cd6SArd Biesheuvel crypto_unregister_skcipher(&driver_algs[j].alg.skcipher);
45789d12ba86SRob Rice driver_algs[j].registered = false;
45799d12ba86SRob Rice break;
45809d12ba86SRob Rice case CRYPTO_ALG_TYPE_AHASH:
45819d12ba86SRob Rice crypto_unregister_ahash(&driver_algs[j].alg.hash);
45829d12ba86SRob Rice driver_algs[j].registered = false;
45839d12ba86SRob Rice break;
45849d12ba86SRob Rice case CRYPTO_ALG_TYPE_AEAD:
45859d12ba86SRob Rice crypto_unregister_aead(&driver_algs[j].alg.aead);
45869d12ba86SRob Rice driver_algs[j].registered = false;
45879d12ba86SRob Rice break;
45889d12ba86SRob Rice }
45899d12ba86SRob Rice }
45909d12ba86SRob Rice return err;
45919d12ba86SRob Rice }
45929d12ba86SRob Rice
45939d12ba86SRob Rice /* ==================== Kernel Platform API ==================== */
45949d12ba86SRob Rice
45959d12ba86SRob Rice static struct spu_type_subtype spum_ns2_types = {
45969d12ba86SRob Rice SPU_TYPE_SPUM, SPU_SUBTYPE_SPUM_NS2
45979d12ba86SRob Rice };
45989d12ba86SRob Rice
45999d12ba86SRob Rice static struct spu_type_subtype spum_nsp_types = {
46009d12ba86SRob Rice SPU_TYPE_SPUM, SPU_SUBTYPE_SPUM_NSP
46019d12ba86SRob Rice };
46029d12ba86SRob Rice
46039d12ba86SRob Rice static struct spu_type_subtype spu2_types = {
46049d12ba86SRob Rice SPU_TYPE_SPU2, SPU_SUBTYPE_SPU2_V1
46059d12ba86SRob Rice };
46069d12ba86SRob Rice
46079d12ba86SRob Rice static struct spu_type_subtype spu2_v2_types = {
46089d12ba86SRob Rice SPU_TYPE_SPU2, SPU_SUBTYPE_SPU2_V2
46099d12ba86SRob Rice };
46109d12ba86SRob Rice
46119d12ba86SRob Rice static const struct of_device_id bcm_spu_dt_ids[] = {
46129d12ba86SRob Rice {
46139d12ba86SRob Rice .compatible = "brcm,spum-crypto",
46149d12ba86SRob Rice .data = &spum_ns2_types,
46159d12ba86SRob Rice },
46169d12ba86SRob Rice {
46179d12ba86SRob Rice .compatible = "brcm,spum-nsp-crypto",
46189d12ba86SRob Rice .data = &spum_nsp_types,
46199d12ba86SRob Rice },
46209d12ba86SRob Rice {
46219d12ba86SRob Rice .compatible = "brcm,spu2-crypto",
46229d12ba86SRob Rice .data = &spu2_types,
46239d12ba86SRob Rice },
46249d12ba86SRob Rice {
46259d12ba86SRob Rice .compatible = "brcm,spu2-v2-crypto",
46269d12ba86SRob Rice .data = &spu2_v2_types,
46279d12ba86SRob Rice },
46289d12ba86SRob Rice { /* sentinel */ }
46299d12ba86SRob Rice };
46309d12ba86SRob Rice
46319d12ba86SRob Rice MODULE_DEVICE_TABLE(of, bcm_spu_dt_ids);
46329d12ba86SRob Rice
spu_dt_read(struct platform_device * pdev)46339d12ba86SRob Rice static int spu_dt_read(struct platform_device *pdev)
46349d12ba86SRob Rice {
46359d12ba86SRob Rice struct device *dev = &pdev->dev;
46369d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
46379d12ba86SRob Rice struct resource *spu_ctrl_regs;
46389d12ba86SRob Rice const struct spu_type_subtype *matched_spu_type;
46399166c443Sraveendra padasalagi struct device_node *dn = pdev->dev.of_node;
46409166c443Sraveendra padasalagi int err, i;
46419166c443Sraveendra padasalagi
46429166c443Sraveendra padasalagi /* Count number of mailbox channels */
46439166c443Sraveendra padasalagi spu->num_chan = of_count_phandle_with_args(dn, "mboxes", "#mbox-cells");
46449d12ba86SRob Rice
4645d9fa482eSCorentin LABBE matched_spu_type = of_device_get_match_data(dev);
4646d9fa482eSCorentin LABBE if (!matched_spu_type) {
46473f7819bdSTang Bin dev_err(dev, "Failed to match device\n");
4648c6090480SGustavo A. R. Silva return -ENODEV;
4649c6090480SGustavo A. R. Silva }
4650c6090480SGustavo A. R. Silva
46519d12ba86SRob Rice spu->spu_type = matched_spu_type->type;
46529d12ba86SRob Rice spu->spu_subtype = matched_spu_type->subtype;
46539d12ba86SRob Rice
46549166c443Sraveendra padasalagi for (i = 0; (i < MAX_SPUS) && ((spu_ctrl_regs =
46559166c443Sraveendra padasalagi platform_get_resource(pdev, IORESOURCE_MEM, i)) != NULL); i++) {
46569d12ba86SRob Rice
46579166c443Sraveendra padasalagi spu->reg_vbase[i] = devm_ioremap_resource(dev, spu_ctrl_regs);
46589166c443Sraveendra padasalagi if (IS_ERR(spu->reg_vbase[i])) {
46599166c443Sraveendra padasalagi err = PTR_ERR(spu->reg_vbase[i]);
46603f7819bdSTang Bin dev_err(dev, "Failed to map registers: %d\n",
46619d12ba86SRob Rice err);
46629166c443Sraveendra padasalagi spu->reg_vbase[i] = NULL;
46639d12ba86SRob Rice return err;
46649d12ba86SRob Rice }
46659166c443Sraveendra padasalagi }
46669166c443Sraveendra padasalagi spu->num_spu = i;
46679166c443Sraveendra padasalagi dev_dbg(dev, "Device has %d SPUs", spu->num_spu);
46689d12ba86SRob Rice
46699d12ba86SRob Rice return 0;
46709d12ba86SRob Rice }
46719d12ba86SRob Rice
bcm_spu_probe(struct platform_device * pdev)4672dd508618SYueHaibing static int bcm_spu_probe(struct platform_device *pdev)
46739d12ba86SRob Rice {
46749d12ba86SRob Rice struct device *dev = &pdev->dev;
46759d12ba86SRob Rice struct spu_hw *spu = &iproc_priv.spu;
467612b3cf90STang Bin int err;
46779d12ba86SRob Rice
46789166c443Sraveendra padasalagi iproc_priv.pdev = pdev;
46799166c443Sraveendra padasalagi platform_set_drvdata(iproc_priv.pdev,
46809d12ba86SRob Rice &iproc_priv);
46819d12ba86SRob Rice
46829d12ba86SRob Rice err = spu_dt_read(pdev);
46839d12ba86SRob Rice if (err < 0)
46849d12ba86SRob Rice goto failure;
46859d12ba86SRob Rice
46863f7819bdSTang Bin err = spu_mb_init(dev);
46879d12ba86SRob Rice if (err < 0)
46889d12ba86SRob Rice goto failure;
46899d12ba86SRob Rice
46909d12ba86SRob Rice if (spu->spu_type == SPU_TYPE_SPUM)
46919d12ba86SRob Rice iproc_priv.bcm_hdr_len = 8;
46929d12ba86SRob Rice else if (spu->spu_type == SPU_TYPE_SPU2)
46939d12ba86SRob Rice iproc_priv.bcm_hdr_len = 0;
46949d12ba86SRob Rice
46953f7819bdSTang Bin spu_functions_register(dev, spu->spu_type, spu->spu_subtype);
46969d12ba86SRob Rice
46979d12ba86SRob Rice spu_counters_init();
46989d12ba86SRob Rice
46999d12ba86SRob Rice spu_setup_debugfs();
47009d12ba86SRob Rice
47019d12ba86SRob Rice err = spu_algs_register(dev);
47029d12ba86SRob Rice if (err < 0)
47039d12ba86SRob Rice goto fail_reg;
47049d12ba86SRob Rice
47059d12ba86SRob Rice return 0;
47069d12ba86SRob Rice
47079d12ba86SRob Rice fail_reg:
47089d12ba86SRob Rice spu_free_debugfs();
47099d12ba86SRob Rice failure:
47109d12ba86SRob Rice spu_mb_release(pdev);
47119d12ba86SRob Rice dev_err(dev, "%s failed with error %d.\n", __func__, err);
47129d12ba86SRob Rice
47139d12ba86SRob Rice return err;
47149d12ba86SRob Rice }
47159d12ba86SRob Rice
bcm_spu_remove(struct platform_device * pdev)4716dd508618SYueHaibing static int bcm_spu_remove(struct platform_device *pdev)
47179d12ba86SRob Rice {
47189d12ba86SRob Rice int i;
47199d12ba86SRob Rice struct device *dev = &pdev->dev;
47209d12ba86SRob Rice char *cdn;
47219d12ba86SRob Rice
47229d12ba86SRob Rice for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
47239d12ba86SRob Rice /*
47249d12ba86SRob Rice * Not all algorithms were registered, depending on whether
47259d12ba86SRob Rice * hardware is SPU or SPU2. So here we make sure to skip
47269d12ba86SRob Rice * those algorithms that were not previously registered.
47279d12ba86SRob Rice */
47289d12ba86SRob Rice if (!driver_algs[i].registered)
47299d12ba86SRob Rice continue;
47309d12ba86SRob Rice
47319d12ba86SRob Rice switch (driver_algs[i].type) {
4732a9c01cd6SArd Biesheuvel case CRYPTO_ALG_TYPE_SKCIPHER:
4733a9c01cd6SArd Biesheuvel crypto_unregister_skcipher(&driver_algs[i].alg.skcipher);
47349d12ba86SRob Rice dev_dbg(dev, " unregistered cipher %s\n",
4735a9c01cd6SArd Biesheuvel driver_algs[i].alg.skcipher.base.cra_driver_name);
47369d12ba86SRob Rice driver_algs[i].registered = false;
47379d12ba86SRob Rice break;
47389d12ba86SRob Rice case CRYPTO_ALG_TYPE_AHASH:
47399d12ba86SRob Rice crypto_unregister_ahash(&driver_algs[i].alg.hash);
47409d12ba86SRob Rice cdn = driver_algs[i].alg.hash.halg.base.cra_driver_name;
47419d12ba86SRob Rice dev_dbg(dev, " unregistered hash %s\n", cdn);
47429d12ba86SRob Rice driver_algs[i].registered = false;
47439d12ba86SRob Rice break;
47449d12ba86SRob Rice case CRYPTO_ALG_TYPE_AEAD:
47459d12ba86SRob Rice crypto_unregister_aead(&driver_algs[i].alg.aead);
47469d12ba86SRob Rice dev_dbg(dev, " unregistered aead %s\n",
47479d12ba86SRob Rice driver_algs[i].alg.aead.base.cra_driver_name);
47489d12ba86SRob Rice driver_algs[i].registered = false;
47499d12ba86SRob Rice break;
47509d12ba86SRob Rice }
47519d12ba86SRob Rice }
47529d12ba86SRob Rice spu_free_debugfs();
47539d12ba86SRob Rice spu_mb_release(pdev);
47549d12ba86SRob Rice return 0;
47559d12ba86SRob Rice }
47569d12ba86SRob Rice
47579d12ba86SRob Rice /* ===== Kernel Module API ===== */
47589d12ba86SRob Rice
47599d12ba86SRob Rice static struct platform_driver bcm_spu_pdriver = {
47609d12ba86SRob Rice .driver = {
47619d12ba86SRob Rice .name = "brcm-spu-crypto",
47629d12ba86SRob Rice .of_match_table = of_match_ptr(bcm_spu_dt_ids),
47639d12ba86SRob Rice },
47649d12ba86SRob Rice .probe = bcm_spu_probe,
47659d12ba86SRob Rice .remove = bcm_spu_remove,
47669d12ba86SRob Rice };
47679d12ba86SRob Rice module_platform_driver(bcm_spu_pdriver);
47689d12ba86SRob Rice
47699d12ba86SRob Rice MODULE_AUTHOR("Rob Rice <rob.rice@broadcom.com>");
47709d12ba86SRob Rice MODULE_DESCRIPTION("Broadcom symmetric crypto offload driver");
47719d12ba86SRob Rice MODULE_LICENSE("GPL v2");
4772