xref: /openbmc/linux/drivers/crypto/bcm/cipher.c (revision aeefc1a0)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright 2016 Broadcom
4  */
5 
6 #include <linux/err.h>
7 #include <linux/module.h>
8 #include <linux/init.h>
9 #include <linux/errno.h>
10 #include <linux/kernel.h>
11 #include <linux/interrupt.h>
12 #include <linux/platform_device.h>
13 #include <linux/scatterlist.h>
14 #include <linux/crypto.h>
15 #include <linux/kthread.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/sched.h>
18 #include <linux/of_address.h>
19 #include <linux/of_device.h>
20 #include <linux/io.h>
21 #include <linux/bitops.h>
22 
23 #include <crypto/algapi.h>
24 #include <crypto/aead.h>
25 #include <crypto/internal/aead.h>
26 #include <crypto/aes.h>
27 #include <crypto/internal/des.h>
28 #include <crypto/hmac.h>
29 #include <crypto/md5.h>
30 #include <crypto/authenc.h>
31 #include <crypto/skcipher.h>
32 #include <crypto/hash.h>
33 #include <crypto/sha1.h>
34 #include <crypto/sha2.h>
35 #include <crypto/sha3.h>
36 
37 #include "util.h"
38 #include "cipher.h"
39 #include "spu.h"
40 #include "spum.h"
41 #include "spu2.h"
42 
43 /* ================= Device Structure ================== */
44 
45 struct device_private iproc_priv;
46 
47 /* ==================== Parameters ===================== */
48 
49 int flow_debug_logging;
50 module_param(flow_debug_logging, int, 0644);
51 MODULE_PARM_DESC(flow_debug_logging, "Enable Flow Debug Logging");
52 
53 int packet_debug_logging;
54 module_param(packet_debug_logging, int, 0644);
55 MODULE_PARM_DESC(packet_debug_logging, "Enable Packet Debug Logging");
56 
57 int debug_logging_sleep;
58 module_param(debug_logging_sleep, int, 0644);
59 MODULE_PARM_DESC(debug_logging_sleep, "Packet Debug Logging Sleep");
60 
61 /*
62  * The value of these module parameters is used to set the priority for each
63  * algo type when this driver registers algos with the kernel crypto API.
64  * To use a priority other than the default, set the priority in the insmod or
65  * modprobe. Changing the module priority after init time has no effect.
66  *
67  * The default priorities are chosen to be lower (less preferred) than ARMv8 CE
68  * algos, but more preferred than generic software algos.
69  */
70 static int cipher_pri = 150;
71 module_param(cipher_pri, int, 0644);
72 MODULE_PARM_DESC(cipher_pri, "Priority for cipher algos");
73 
74 static int hash_pri = 100;
75 module_param(hash_pri, int, 0644);
76 MODULE_PARM_DESC(hash_pri, "Priority for hash algos");
77 
78 static int aead_pri = 150;
79 module_param(aead_pri, int, 0644);
80 MODULE_PARM_DESC(aead_pri, "Priority for AEAD algos");
81 
82 /* A type 3 BCM header, expected to precede the SPU header for SPU-M.
83  * Bits 3 and 4 in the first byte encode the channel number (the dma ringset).
84  * 0x60 - ring 0
85  * 0x68 - ring 1
86  * 0x70 - ring 2
87  * 0x78 - ring 3
88  */
89 static char BCMHEADER[] = { 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28 };
90 /*
91  * Some SPU hw does not use BCM header on SPU messages. So BCM_HDR_LEN
92  * is set dynamically after reading SPU type from device tree.
93  */
94 #define BCM_HDR_LEN  iproc_priv.bcm_hdr_len
95 
96 /* min and max time to sleep before retrying when mbox queue is full. usec */
97 #define MBOX_SLEEP_MIN  800
98 #define MBOX_SLEEP_MAX 1000
99 
100 /**
101  * select_channel() - Select a SPU channel to handle a crypto request. Selects
102  * channel in round robin order.
103  *
104  * Return:  channel index
105  */
106 static u8 select_channel(void)
107 {
108 	u8 chan_idx = atomic_inc_return(&iproc_priv.next_chan);
109 
110 	return chan_idx % iproc_priv.spu.num_chan;
111 }
112 
113 /**
114  * spu_skcipher_rx_sg_create() - Build up the scatterlist of buffers used to
115  * receive a SPU response message for an skcipher request. Includes buffers to
116  * catch SPU message headers and the response data.
117  * @mssg:	mailbox message containing the receive sg
118  * @rctx:	crypto request context
119  * @rx_frag_num: number of scatterlist elements required to hold the
120  *		SPU response message
121  * @chunksize:	Number of bytes of response data expected
122  * @stat_pad_len: Number of bytes required to pad the STAT field to
123  *		a 4-byte boundary
124  *
125  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
126  * when the request completes, whether the request is handled successfully or
127  * there is an error.
128  *
129  * Returns:
130  *   0 if successful
131  *   < 0 if an error
132  */
133 static int
134 spu_skcipher_rx_sg_create(struct brcm_message *mssg,
135 			    struct iproc_reqctx_s *rctx,
136 			    u8 rx_frag_num,
137 			    unsigned int chunksize, u32 stat_pad_len)
138 {
139 	struct spu_hw *spu = &iproc_priv.spu;
140 	struct scatterlist *sg;	/* used to build sgs in mbox message */
141 	struct iproc_ctx_s *ctx = rctx->ctx;
142 	u32 datalen;		/* Number of bytes of response data expected */
143 
144 	mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
145 				rctx->gfp);
146 	if (!mssg->spu.dst)
147 		return -ENOMEM;
148 
149 	sg = mssg->spu.dst;
150 	sg_init_table(sg, rx_frag_num);
151 	/* Space for SPU message header */
152 	sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
153 
154 	/* If XTS tweak in payload, add buffer to receive encrypted tweak */
155 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
156 	    spu->spu_xts_tweak_in_payload())
157 		sg_set_buf(sg++, rctx->msg_buf.c.supdt_tweak,
158 			   SPU_XTS_TWEAK_SIZE);
159 
160 	/* Copy in each dst sg entry from request, up to chunksize */
161 	datalen = spu_msg_sg_add(&sg, &rctx->dst_sg, &rctx->dst_skip,
162 				 rctx->dst_nents, chunksize);
163 	if (datalen < chunksize) {
164 		pr_err("%s(): failed to copy dst sg to mbox msg. chunksize %u, datalen %u",
165 		       __func__, chunksize, datalen);
166 		return -EFAULT;
167 	}
168 
169 	if (stat_pad_len)
170 		sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
171 
172 	memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
173 	sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
174 
175 	return 0;
176 }
177 
178 /**
179  * spu_skcipher_tx_sg_create() - Build up the scatterlist of buffers used to
180  * send a SPU request message for an skcipher request. Includes SPU message
181  * headers and the request data.
182  * @mssg:	mailbox message containing the transmit sg
183  * @rctx:	crypto request context
184  * @tx_frag_num: number of scatterlist elements required to construct the
185  *		SPU request message
186  * @chunksize:	Number of bytes of request data
187  * @pad_len:	Number of pad bytes
188  *
189  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
190  * when the request completes, whether the request is handled successfully or
191  * there is an error.
192  *
193  * Returns:
194  *   0 if successful
195  *   < 0 if an error
196  */
197 static int
198 spu_skcipher_tx_sg_create(struct brcm_message *mssg,
199 			    struct iproc_reqctx_s *rctx,
200 			    u8 tx_frag_num, unsigned int chunksize, u32 pad_len)
201 {
202 	struct spu_hw *spu = &iproc_priv.spu;
203 	struct scatterlist *sg;	/* used to build sgs in mbox message */
204 	struct iproc_ctx_s *ctx = rctx->ctx;
205 	u32 datalen;		/* Number of bytes of response data expected */
206 	u32 stat_len;
207 
208 	mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
209 				rctx->gfp);
210 	if (unlikely(!mssg->spu.src))
211 		return -ENOMEM;
212 
213 	sg = mssg->spu.src;
214 	sg_init_table(sg, tx_frag_num);
215 
216 	sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
217 		   BCM_HDR_LEN + ctx->spu_req_hdr_len);
218 
219 	/* if XTS tweak in payload, copy from IV (where crypto API puts it) */
220 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
221 	    spu->spu_xts_tweak_in_payload())
222 		sg_set_buf(sg++, rctx->msg_buf.iv_ctr, SPU_XTS_TWEAK_SIZE);
223 
224 	/* Copy in each src sg entry from request, up to chunksize */
225 	datalen = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
226 				 rctx->src_nents, chunksize);
227 	if (unlikely(datalen < chunksize)) {
228 		pr_err("%s(): failed to copy src sg to mbox msg",
229 		       __func__);
230 		return -EFAULT;
231 	}
232 
233 	if (pad_len)
234 		sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
235 
236 	stat_len = spu->spu_tx_status_len();
237 	if (stat_len) {
238 		memset(rctx->msg_buf.tx_stat, 0, stat_len);
239 		sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
240 	}
241 	return 0;
242 }
243 
244 static int mailbox_send_message(struct brcm_message *mssg, u32 flags,
245 				u8 chan_idx)
246 {
247 	int err;
248 	int retry_cnt = 0;
249 	struct device *dev = &(iproc_priv.pdev->dev);
250 
251 	err = mbox_send_message(iproc_priv.mbox[chan_idx], mssg);
252 	if (flags & CRYPTO_TFM_REQ_MAY_SLEEP) {
253 		while ((err == -ENOBUFS) && (retry_cnt < SPU_MB_RETRY_MAX)) {
254 			/*
255 			 * Mailbox queue is full. Since MAY_SLEEP is set, assume
256 			 * not in atomic context and we can wait and try again.
257 			 */
258 			retry_cnt++;
259 			usleep_range(MBOX_SLEEP_MIN, MBOX_SLEEP_MAX);
260 			err = mbox_send_message(iproc_priv.mbox[chan_idx],
261 						mssg);
262 			atomic_inc(&iproc_priv.mb_no_spc);
263 		}
264 	}
265 	if (err < 0) {
266 		atomic_inc(&iproc_priv.mb_send_fail);
267 		return err;
268 	}
269 
270 	/* Check error returned by mailbox controller */
271 	err = mssg->error;
272 	if (unlikely(err < 0)) {
273 		dev_err(dev, "message error %d", err);
274 		/* Signal txdone for mailbox channel */
275 	}
276 
277 	/* Signal txdone for mailbox channel */
278 	mbox_client_txdone(iproc_priv.mbox[chan_idx], err);
279 	return err;
280 }
281 
282 /**
283  * handle_skcipher_req() - Submit as much of a block cipher request as fits in
284  * a single SPU request message, starting at the current position in the request
285  * data.
286  * @rctx:	Crypto request context
287  *
288  * This may be called on the crypto API thread, or, when a request is so large
289  * it must be broken into multiple SPU messages, on the thread used to invoke
290  * the response callback. When requests are broken into multiple SPU
291  * messages, we assume subsequent messages depend on previous results, and
292  * thus always wait for previous results before submitting the next message.
293  * Because requests are submitted in lock step like this, there is no need
294  * to synchronize access to request data structures.
295  *
296  * Return: -EINPROGRESS: request has been accepted and result will be returned
297  *			 asynchronously
298  *         Any other value indicates an error
299  */
300 static int handle_skcipher_req(struct iproc_reqctx_s *rctx)
301 {
302 	struct spu_hw *spu = &iproc_priv.spu;
303 	struct crypto_async_request *areq = rctx->parent;
304 	struct skcipher_request *req =
305 	    container_of(areq, struct skcipher_request, base);
306 	struct iproc_ctx_s *ctx = rctx->ctx;
307 	struct spu_cipher_parms cipher_parms;
308 	int err;
309 	unsigned int chunksize;	/* Num bytes of request to submit */
310 	int remaining;	/* Bytes of request still to process */
311 	int chunk_start;	/* Beginning of data for current SPU msg */
312 
313 	/* IV or ctr value to use in this SPU msg */
314 	u8 local_iv_ctr[MAX_IV_SIZE];
315 	u32 stat_pad_len;	/* num bytes to align status field */
316 	u32 pad_len;		/* total length of all padding */
317 	struct brcm_message *mssg;	/* mailbox message */
318 
319 	/* number of entries in src and dst sg in mailbox message. */
320 	u8 rx_frag_num = 2;	/* response header and STATUS */
321 	u8 tx_frag_num = 1;	/* request header */
322 
323 	flow_log("%s\n", __func__);
324 
325 	cipher_parms.alg = ctx->cipher.alg;
326 	cipher_parms.mode = ctx->cipher.mode;
327 	cipher_parms.type = ctx->cipher_type;
328 	cipher_parms.key_len = ctx->enckeylen;
329 	cipher_parms.key_buf = ctx->enckey;
330 	cipher_parms.iv_buf = local_iv_ctr;
331 	cipher_parms.iv_len = rctx->iv_ctr_len;
332 
333 	mssg = &rctx->mb_mssg;
334 	chunk_start = rctx->src_sent;
335 	remaining = rctx->total_todo - chunk_start;
336 
337 	/* determine the chunk we are breaking off and update the indexes */
338 	if ((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
339 	    (remaining > ctx->max_payload))
340 		chunksize = ctx->max_payload;
341 	else
342 		chunksize = remaining;
343 
344 	rctx->src_sent += chunksize;
345 	rctx->total_sent = rctx->src_sent;
346 
347 	/* Count number of sg entries to be included in this request */
348 	rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip, chunksize);
349 	rctx->dst_nents = spu_sg_count(rctx->dst_sg, rctx->dst_skip, chunksize);
350 
351 	if ((ctx->cipher.mode == CIPHER_MODE_CBC) &&
352 	    rctx->is_encrypt && chunk_start)
353 		/*
354 		 * Encrypting non-first first chunk. Copy last block of
355 		 * previous result to IV for this chunk.
356 		 */
357 		sg_copy_part_to_buf(req->dst, rctx->msg_buf.iv_ctr,
358 				    rctx->iv_ctr_len,
359 				    chunk_start - rctx->iv_ctr_len);
360 
361 	if (rctx->iv_ctr_len) {
362 		/* get our local copy of the iv */
363 		__builtin_memcpy(local_iv_ctr, rctx->msg_buf.iv_ctr,
364 				 rctx->iv_ctr_len);
365 
366 		/* generate the next IV if possible */
367 		if ((ctx->cipher.mode == CIPHER_MODE_CBC) &&
368 		    !rctx->is_encrypt) {
369 			/*
370 			 * CBC Decrypt: next IV is the last ciphertext block in
371 			 * this chunk
372 			 */
373 			sg_copy_part_to_buf(req->src, rctx->msg_buf.iv_ctr,
374 					    rctx->iv_ctr_len,
375 					    rctx->src_sent - rctx->iv_ctr_len);
376 		} else if (ctx->cipher.mode == CIPHER_MODE_CTR) {
377 			/*
378 			 * The SPU hardware increments the counter once for
379 			 * each AES block of 16 bytes. So update the counter
380 			 * for the next chunk, if there is one. Note that for
381 			 * this chunk, the counter has already been copied to
382 			 * local_iv_ctr. We can assume a block size of 16,
383 			 * because we only support CTR mode for AES, not for
384 			 * any other cipher alg.
385 			 */
386 			add_to_ctr(rctx->msg_buf.iv_ctr, chunksize >> 4);
387 		}
388 	}
389 
390 	if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
391 		flow_log("max_payload infinite\n");
392 	else
393 		flow_log("max_payload %u\n", ctx->max_payload);
394 
395 	flow_log("sent:%u start:%u remains:%u size:%u\n",
396 		 rctx->src_sent, chunk_start, remaining, chunksize);
397 
398 	/* Copy SPU header template created at setkey time */
399 	memcpy(rctx->msg_buf.bcm_spu_req_hdr, ctx->bcm_spu_req_hdr,
400 	       sizeof(rctx->msg_buf.bcm_spu_req_hdr));
401 
402 	spu->spu_cipher_req_finish(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
403 				   ctx->spu_req_hdr_len, !(rctx->is_encrypt),
404 				   &cipher_parms, chunksize);
405 
406 	atomic64_add(chunksize, &iproc_priv.bytes_out);
407 
408 	stat_pad_len = spu->spu_wordalign_padlen(chunksize);
409 	if (stat_pad_len)
410 		rx_frag_num++;
411 	pad_len = stat_pad_len;
412 	if (pad_len) {
413 		tx_frag_num++;
414 		spu->spu_request_pad(rctx->msg_buf.spu_req_pad, 0,
415 				     0, ctx->auth.alg, ctx->auth.mode,
416 				     rctx->total_sent, stat_pad_len);
417 	}
418 
419 	spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
420 			      ctx->spu_req_hdr_len);
421 	packet_log("payload:\n");
422 	dump_sg(rctx->src_sg, rctx->src_skip, chunksize);
423 	packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
424 
425 	/*
426 	 * Build mailbox message containing SPU request msg and rx buffers
427 	 * to catch response message
428 	 */
429 	memset(mssg, 0, sizeof(*mssg));
430 	mssg->type = BRCM_MESSAGE_SPU;
431 	mssg->ctx = rctx;	/* Will be returned in response */
432 
433 	/* Create rx scatterlist to catch result */
434 	rx_frag_num += rctx->dst_nents;
435 
436 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
437 	    spu->spu_xts_tweak_in_payload())
438 		rx_frag_num++;	/* extra sg to insert tweak */
439 
440 	err = spu_skcipher_rx_sg_create(mssg, rctx, rx_frag_num, chunksize,
441 					  stat_pad_len);
442 	if (err)
443 		return err;
444 
445 	/* Create tx scatterlist containing SPU request message */
446 	tx_frag_num += rctx->src_nents;
447 	if (spu->spu_tx_status_len())
448 		tx_frag_num++;
449 
450 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
451 	    spu->spu_xts_tweak_in_payload())
452 		tx_frag_num++;	/* extra sg to insert tweak */
453 
454 	err = spu_skcipher_tx_sg_create(mssg, rctx, tx_frag_num, chunksize,
455 					  pad_len);
456 	if (err)
457 		return err;
458 
459 	err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
460 	if (unlikely(err < 0))
461 		return err;
462 
463 	return -EINPROGRESS;
464 }
465 
466 /**
467  * handle_skcipher_resp() - Process a block cipher SPU response. Updates the
468  * total received count for the request and updates global stats.
469  * @rctx:	Crypto request context
470  */
471 static void handle_skcipher_resp(struct iproc_reqctx_s *rctx)
472 {
473 	struct spu_hw *spu = &iproc_priv.spu;
474 #ifdef DEBUG
475 	struct crypto_async_request *areq = rctx->parent;
476 	struct skcipher_request *req = skcipher_request_cast(areq);
477 #endif
478 	struct iproc_ctx_s *ctx = rctx->ctx;
479 	u32 payload_len;
480 
481 	/* See how much data was returned */
482 	payload_len = spu->spu_payload_length(rctx->msg_buf.spu_resp_hdr);
483 
484 	/*
485 	 * In XTS mode, the first SPU_XTS_TWEAK_SIZE bytes may be the
486 	 * encrypted tweak ("i") value; we don't count those.
487 	 */
488 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
489 	    spu->spu_xts_tweak_in_payload() &&
490 	    (payload_len >= SPU_XTS_TWEAK_SIZE))
491 		payload_len -= SPU_XTS_TWEAK_SIZE;
492 
493 	atomic64_add(payload_len, &iproc_priv.bytes_in);
494 
495 	flow_log("%s() offset: %u, bd_len: %u BD:\n",
496 		 __func__, rctx->total_received, payload_len);
497 
498 	dump_sg(req->dst, rctx->total_received, payload_len);
499 
500 	rctx->total_received += payload_len;
501 	if (rctx->total_received == rctx->total_todo) {
502 		atomic_inc(&iproc_priv.op_counts[SPU_OP_CIPHER]);
503 		atomic_inc(
504 		   &iproc_priv.cipher_cnt[ctx->cipher.alg][ctx->cipher.mode]);
505 	}
506 }
507 
508 /**
509  * spu_ahash_rx_sg_create() - Build up the scatterlist of buffers used to
510  * receive a SPU response message for an ahash request.
511  * @mssg:	mailbox message containing the receive sg
512  * @rctx:	crypto request context
513  * @rx_frag_num: number of scatterlist elements required to hold the
514  *		SPU response message
515  * @digestsize: length of hash digest, in bytes
516  * @stat_pad_len: Number of bytes required to pad the STAT field to
517  *		a 4-byte boundary
518  *
519  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
520  * when the request completes, whether the request is handled successfully or
521  * there is an error.
522  *
523  * Return:
524  *   0 if successful
525  *   < 0 if an error
526  */
527 static int
528 spu_ahash_rx_sg_create(struct brcm_message *mssg,
529 		       struct iproc_reqctx_s *rctx,
530 		       u8 rx_frag_num, unsigned int digestsize,
531 		       u32 stat_pad_len)
532 {
533 	struct spu_hw *spu = &iproc_priv.spu;
534 	struct scatterlist *sg;	/* used to build sgs in mbox message */
535 	struct iproc_ctx_s *ctx = rctx->ctx;
536 
537 	mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
538 				rctx->gfp);
539 	if (!mssg->spu.dst)
540 		return -ENOMEM;
541 
542 	sg = mssg->spu.dst;
543 	sg_init_table(sg, rx_frag_num);
544 	/* Space for SPU message header */
545 	sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
546 
547 	/* Space for digest */
548 	sg_set_buf(sg++, rctx->msg_buf.digest, digestsize);
549 
550 	if (stat_pad_len)
551 		sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
552 
553 	memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
554 	sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
555 	return 0;
556 }
557 
558 /**
559  * spu_ahash_tx_sg_create() -  Build up the scatterlist of buffers used to send
560  * a SPU request message for an ahash request. Includes SPU message headers and
561  * the request data.
562  * @mssg:	mailbox message containing the transmit sg
563  * @rctx:	crypto request context
564  * @tx_frag_num: number of scatterlist elements required to construct the
565  *		SPU request message
566  * @spu_hdr_len: length in bytes of SPU message header
567  * @hash_carry_len: Number of bytes of data carried over from previous req
568  * @new_data_len: Number of bytes of new request data
569  * @pad_len:	Number of pad bytes
570  *
571  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
572  * when the request completes, whether the request is handled successfully or
573  * there is an error.
574  *
575  * Return:
576  *   0 if successful
577  *   < 0 if an error
578  */
579 static int
580 spu_ahash_tx_sg_create(struct brcm_message *mssg,
581 		       struct iproc_reqctx_s *rctx,
582 		       u8 tx_frag_num,
583 		       u32 spu_hdr_len,
584 		       unsigned int hash_carry_len,
585 		       unsigned int new_data_len, u32 pad_len)
586 {
587 	struct spu_hw *spu = &iproc_priv.spu;
588 	struct scatterlist *sg;	/* used to build sgs in mbox message */
589 	u32 datalen;		/* Number of bytes of response data expected */
590 	u32 stat_len;
591 
592 	mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
593 				rctx->gfp);
594 	if (!mssg->spu.src)
595 		return -ENOMEM;
596 
597 	sg = mssg->spu.src;
598 	sg_init_table(sg, tx_frag_num);
599 
600 	sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
601 		   BCM_HDR_LEN + spu_hdr_len);
602 
603 	if (hash_carry_len)
604 		sg_set_buf(sg++, rctx->hash_carry, hash_carry_len);
605 
606 	if (new_data_len) {
607 		/* Copy in each src sg entry from request, up to chunksize */
608 		datalen = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
609 					 rctx->src_nents, new_data_len);
610 		if (datalen < new_data_len) {
611 			pr_err("%s(): failed to copy src sg to mbox msg",
612 			       __func__);
613 			return -EFAULT;
614 		}
615 	}
616 
617 	if (pad_len)
618 		sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
619 
620 	stat_len = spu->spu_tx_status_len();
621 	if (stat_len) {
622 		memset(rctx->msg_buf.tx_stat, 0, stat_len);
623 		sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
624 	}
625 
626 	return 0;
627 }
628 
629 /**
630  * handle_ahash_req() - Process an asynchronous hash request from the crypto
631  * API.
632  * @rctx:  Crypto request context
633  *
634  * Builds a SPU request message embedded in a mailbox message and submits the
635  * mailbox message on a selected mailbox channel. The SPU request message is
636  * constructed as a scatterlist, including entries from the crypto API's
637  * src scatterlist to avoid copying the data to be hashed. This function is
638  * called either on the thread from the crypto API, or, in the case that the
639  * crypto API request is too large to fit in a single SPU request message,
640  * on the thread that invokes the receive callback with a response message.
641  * Because some operations require the response from one chunk before the next
642  * chunk can be submitted, we always wait for the response for the previous
643  * chunk before submitting the next chunk. Because requests are submitted in
644  * lock step like this, there is no need to synchronize access to request data
645  * structures.
646  *
647  * Return:
648  *   -EINPROGRESS: request has been submitted to SPU and response will be
649  *		   returned asynchronously
650  *   -EAGAIN:      non-final request included a small amount of data, which for
651  *		   efficiency we did not submit to the SPU, but instead stored
652  *		   to be submitted to the SPU with the next part of the request
653  *   other:        an error code
654  */
655 static int handle_ahash_req(struct iproc_reqctx_s *rctx)
656 {
657 	struct spu_hw *spu = &iproc_priv.spu;
658 	struct crypto_async_request *areq = rctx->parent;
659 	struct ahash_request *req = ahash_request_cast(areq);
660 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
661 	struct crypto_tfm *tfm = crypto_ahash_tfm(ahash);
662 	unsigned int blocksize = crypto_tfm_alg_blocksize(tfm);
663 	struct iproc_ctx_s *ctx = rctx->ctx;
664 
665 	/* number of bytes still to be hashed in this req */
666 	unsigned int nbytes_to_hash = 0;
667 	int err;
668 	unsigned int chunksize = 0;	/* length of hash carry + new data */
669 	/*
670 	 * length of new data, not from hash carry, to be submitted in
671 	 * this hw request
672 	 */
673 	unsigned int new_data_len;
674 
675 	unsigned int __maybe_unused chunk_start = 0;
676 	u32 db_size;	 /* Length of data field, incl gcm and hash padding */
677 	int pad_len = 0; /* total pad len, including gcm, hash, stat padding */
678 	u32 data_pad_len = 0;	/* length of GCM/CCM padding */
679 	u32 stat_pad_len = 0;	/* length of padding to align STATUS word */
680 	struct brcm_message *mssg;	/* mailbox message */
681 	struct spu_request_opts req_opts;
682 	struct spu_cipher_parms cipher_parms;
683 	struct spu_hash_parms hash_parms;
684 	struct spu_aead_parms aead_parms;
685 	unsigned int local_nbuf;
686 	u32 spu_hdr_len;
687 	unsigned int digestsize;
688 	u16 rem = 0;
689 
690 	/*
691 	 * number of entries in src and dst sg. Always includes SPU msg header.
692 	 * rx always includes a buffer to catch digest and STATUS.
693 	 */
694 	u8 rx_frag_num = 3;
695 	u8 tx_frag_num = 1;
696 
697 	flow_log("total_todo %u, total_sent %u\n",
698 		 rctx->total_todo, rctx->total_sent);
699 
700 	memset(&req_opts, 0, sizeof(req_opts));
701 	memset(&cipher_parms, 0, sizeof(cipher_parms));
702 	memset(&hash_parms, 0, sizeof(hash_parms));
703 	memset(&aead_parms, 0, sizeof(aead_parms));
704 
705 	req_opts.bd_suppress = true;
706 	hash_parms.alg = ctx->auth.alg;
707 	hash_parms.mode = ctx->auth.mode;
708 	hash_parms.type = HASH_TYPE_NONE;
709 	hash_parms.key_buf = (u8 *)ctx->authkey;
710 	hash_parms.key_len = ctx->authkeylen;
711 
712 	/*
713 	 * For hash algorithms below assignment looks bit odd but
714 	 * it's needed for AES-XCBC and AES-CMAC hash algorithms
715 	 * to differentiate between 128, 192, 256 bit key values.
716 	 * Based on the key values, hash algorithm is selected.
717 	 * For example for 128 bit key, hash algorithm is AES-128.
718 	 */
719 	cipher_parms.type = ctx->cipher_type;
720 
721 	mssg = &rctx->mb_mssg;
722 	chunk_start = rctx->src_sent;
723 
724 	/*
725 	 * Compute the amount remaining to hash. This may include data
726 	 * carried over from previous requests.
727 	 */
728 	nbytes_to_hash = rctx->total_todo - rctx->total_sent;
729 	chunksize = nbytes_to_hash;
730 	if ((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
731 	    (chunksize > ctx->max_payload))
732 		chunksize = ctx->max_payload;
733 
734 	/*
735 	 * If this is not a final request and the request data is not a multiple
736 	 * of a full block, then simply park the extra data and prefix it to the
737 	 * data for the next request.
738 	 */
739 	if (!rctx->is_final) {
740 		u8 *dest = rctx->hash_carry + rctx->hash_carry_len;
741 		u16 new_len;  /* len of data to add to hash carry */
742 
743 		rem = chunksize % blocksize;   /* remainder */
744 		if (rem) {
745 			/* chunksize not a multiple of blocksize */
746 			chunksize -= rem;
747 			if (chunksize == 0) {
748 				/* Don't have a full block to submit to hw */
749 				new_len = rem - rctx->hash_carry_len;
750 				sg_copy_part_to_buf(req->src, dest, new_len,
751 						    rctx->src_sent);
752 				rctx->hash_carry_len = rem;
753 				flow_log("Exiting with hash carry len: %u\n",
754 					 rctx->hash_carry_len);
755 				packet_dump("  buf: ",
756 					    rctx->hash_carry,
757 					    rctx->hash_carry_len);
758 				return -EAGAIN;
759 			}
760 		}
761 	}
762 
763 	/* if we have hash carry, then prefix it to the data in this request */
764 	local_nbuf = rctx->hash_carry_len;
765 	rctx->hash_carry_len = 0;
766 	if (local_nbuf)
767 		tx_frag_num++;
768 	new_data_len = chunksize - local_nbuf;
769 
770 	/* Count number of sg entries to be used in this request */
771 	rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip,
772 				       new_data_len);
773 
774 	/* AES hashing keeps key size in type field, so need to copy it here */
775 	if (hash_parms.alg == HASH_ALG_AES)
776 		hash_parms.type = (enum hash_type)cipher_parms.type;
777 	else
778 		hash_parms.type = spu->spu_hash_type(rctx->total_sent);
779 
780 	digestsize = spu->spu_digest_size(ctx->digestsize, ctx->auth.alg,
781 					  hash_parms.type);
782 	hash_parms.digestsize =	digestsize;
783 
784 	/* update the indexes */
785 	rctx->total_sent += chunksize;
786 	/* if you sent a prebuf then that wasn't from this req->src */
787 	rctx->src_sent += new_data_len;
788 
789 	if ((rctx->total_sent == rctx->total_todo) && rctx->is_final)
790 		hash_parms.pad_len = spu->spu_hash_pad_len(hash_parms.alg,
791 							   hash_parms.mode,
792 							   chunksize,
793 							   blocksize);
794 
795 	/*
796 	 * If a non-first chunk, then include the digest returned from the
797 	 * previous chunk so that hw can add to it (except for AES types).
798 	 */
799 	if ((hash_parms.type == HASH_TYPE_UPDT) &&
800 	    (hash_parms.alg != HASH_ALG_AES)) {
801 		hash_parms.key_buf = rctx->incr_hash;
802 		hash_parms.key_len = digestsize;
803 	}
804 
805 	atomic64_add(chunksize, &iproc_priv.bytes_out);
806 
807 	flow_log("%s() final: %u nbuf: %u ",
808 		 __func__, rctx->is_final, local_nbuf);
809 
810 	if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
811 		flow_log("max_payload infinite\n");
812 	else
813 		flow_log("max_payload %u\n", ctx->max_payload);
814 
815 	flow_log("chunk_start: %u chunk_size: %u\n", chunk_start, chunksize);
816 
817 	/* Prepend SPU header with type 3 BCM header */
818 	memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
819 
820 	hash_parms.prebuf_len = local_nbuf;
821 	spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
822 					      BCM_HDR_LEN,
823 					      &req_opts, &cipher_parms,
824 					      &hash_parms, &aead_parms,
825 					      new_data_len);
826 
827 	if (spu_hdr_len == 0) {
828 		pr_err("Failed to create SPU request header\n");
829 		return -EFAULT;
830 	}
831 
832 	/*
833 	 * Determine total length of padding required. Put all padding in one
834 	 * buffer.
835 	 */
836 	data_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode, chunksize);
837 	db_size = spu_real_db_size(0, 0, local_nbuf, new_data_len,
838 				   0, 0, hash_parms.pad_len);
839 	if (spu->spu_tx_status_len())
840 		stat_pad_len = spu->spu_wordalign_padlen(db_size);
841 	if (stat_pad_len)
842 		rx_frag_num++;
843 	pad_len = hash_parms.pad_len + data_pad_len + stat_pad_len;
844 	if (pad_len) {
845 		tx_frag_num++;
846 		spu->spu_request_pad(rctx->msg_buf.spu_req_pad, data_pad_len,
847 				     hash_parms.pad_len, ctx->auth.alg,
848 				     ctx->auth.mode, rctx->total_sent,
849 				     stat_pad_len);
850 	}
851 
852 	spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
853 			      spu_hdr_len);
854 	packet_dump("    prebuf: ", rctx->hash_carry, local_nbuf);
855 	flow_log("Data:\n");
856 	dump_sg(rctx->src_sg, rctx->src_skip, new_data_len);
857 	packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
858 
859 	/*
860 	 * Build mailbox message containing SPU request msg and rx buffers
861 	 * to catch response message
862 	 */
863 	memset(mssg, 0, sizeof(*mssg));
864 	mssg->type = BRCM_MESSAGE_SPU;
865 	mssg->ctx = rctx;	/* Will be returned in response */
866 
867 	/* Create rx scatterlist to catch result */
868 	err = spu_ahash_rx_sg_create(mssg, rctx, rx_frag_num, digestsize,
869 				     stat_pad_len);
870 	if (err)
871 		return err;
872 
873 	/* Create tx scatterlist containing SPU request message */
874 	tx_frag_num += rctx->src_nents;
875 	if (spu->spu_tx_status_len())
876 		tx_frag_num++;
877 	err = spu_ahash_tx_sg_create(mssg, rctx, tx_frag_num, spu_hdr_len,
878 				     local_nbuf, new_data_len, pad_len);
879 	if (err)
880 		return err;
881 
882 	err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
883 	if (unlikely(err < 0))
884 		return err;
885 
886 	return -EINPROGRESS;
887 }
888 
889 /**
890  * spu_hmac_outer_hash() - Request synchonous software compute of the outer hash
891  * for an HMAC request.
892  * @req:  The HMAC request from the crypto API
893  * @ctx:  The session context
894  *
895  * Return: 0 if synchronous hash operation successful
896  *         -EINVAL if the hash algo is unrecognized
897  *         any other value indicates an error
898  */
899 static int spu_hmac_outer_hash(struct ahash_request *req,
900 			       struct iproc_ctx_s *ctx)
901 {
902 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
903 	unsigned int blocksize =
904 		crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
905 	int rc;
906 
907 	switch (ctx->auth.alg) {
908 	case HASH_ALG_MD5:
909 		rc = do_shash("md5", req->result, ctx->opad, blocksize,
910 			      req->result, ctx->digestsize, NULL, 0);
911 		break;
912 	case HASH_ALG_SHA1:
913 		rc = do_shash("sha1", req->result, ctx->opad, blocksize,
914 			      req->result, ctx->digestsize, NULL, 0);
915 		break;
916 	case HASH_ALG_SHA224:
917 		rc = do_shash("sha224", req->result, ctx->opad, blocksize,
918 			      req->result, ctx->digestsize, NULL, 0);
919 		break;
920 	case HASH_ALG_SHA256:
921 		rc = do_shash("sha256", req->result, ctx->opad, blocksize,
922 			      req->result, ctx->digestsize, NULL, 0);
923 		break;
924 	case HASH_ALG_SHA384:
925 		rc = do_shash("sha384", req->result, ctx->opad, blocksize,
926 			      req->result, ctx->digestsize, NULL, 0);
927 		break;
928 	case HASH_ALG_SHA512:
929 		rc = do_shash("sha512", req->result, ctx->opad, blocksize,
930 			      req->result, ctx->digestsize, NULL, 0);
931 		break;
932 	default:
933 		pr_err("%s() Error : unknown hmac type\n", __func__);
934 		rc = -EINVAL;
935 	}
936 	return rc;
937 }
938 
939 /**
940  * ahash_req_done() - Process a hash result from the SPU hardware.
941  * @rctx: Crypto request context
942  *
943  * Return: 0 if successful
944  *         < 0 if an error
945  */
946 static int ahash_req_done(struct iproc_reqctx_s *rctx)
947 {
948 	struct spu_hw *spu = &iproc_priv.spu;
949 	struct crypto_async_request *areq = rctx->parent;
950 	struct ahash_request *req = ahash_request_cast(areq);
951 	struct iproc_ctx_s *ctx = rctx->ctx;
952 	int err;
953 
954 	memcpy(req->result, rctx->msg_buf.digest, ctx->digestsize);
955 
956 	if (spu->spu_type == SPU_TYPE_SPUM) {
957 		/* byte swap the output from the UPDT function to network byte
958 		 * order
959 		 */
960 		if (ctx->auth.alg == HASH_ALG_MD5) {
961 			__swab32s((u32 *)req->result);
962 			__swab32s(((u32 *)req->result) + 1);
963 			__swab32s(((u32 *)req->result) + 2);
964 			__swab32s(((u32 *)req->result) + 3);
965 			__swab32s(((u32 *)req->result) + 4);
966 		}
967 	}
968 
969 	flow_dump("  digest ", req->result, ctx->digestsize);
970 
971 	/* if this an HMAC then do the outer hash */
972 	if (rctx->is_sw_hmac) {
973 		err = spu_hmac_outer_hash(req, ctx);
974 		if (err < 0)
975 			return err;
976 		flow_dump("  hmac: ", req->result, ctx->digestsize);
977 	}
978 
979 	if (rctx->is_sw_hmac || ctx->auth.mode == HASH_MODE_HMAC) {
980 		atomic_inc(&iproc_priv.op_counts[SPU_OP_HMAC]);
981 		atomic_inc(&iproc_priv.hmac_cnt[ctx->auth.alg]);
982 	} else {
983 		atomic_inc(&iproc_priv.op_counts[SPU_OP_HASH]);
984 		atomic_inc(&iproc_priv.hash_cnt[ctx->auth.alg]);
985 	}
986 
987 	return 0;
988 }
989 
990 /**
991  * handle_ahash_resp() - Process a SPU response message for a hash request.
992  * Checks if the entire crypto API request has been processed, and if so,
993  * invokes post processing on the result.
994  * @rctx: Crypto request context
995  */
996 static void handle_ahash_resp(struct iproc_reqctx_s *rctx)
997 {
998 	struct iproc_ctx_s *ctx = rctx->ctx;
999 #ifdef DEBUG
1000 	struct crypto_async_request *areq = rctx->parent;
1001 	struct ahash_request *req = ahash_request_cast(areq);
1002 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
1003 	unsigned int blocksize =
1004 		crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
1005 #endif
1006 	/*
1007 	 * Save hash to use as input to next op if incremental. Might be copying
1008 	 * too much, but that's easier than figuring out actual digest size here
1009 	 */
1010 	memcpy(rctx->incr_hash, rctx->msg_buf.digest, MAX_DIGEST_SIZE);
1011 
1012 	flow_log("%s() blocksize:%u digestsize:%u\n",
1013 		 __func__, blocksize, ctx->digestsize);
1014 
1015 	atomic64_add(ctx->digestsize, &iproc_priv.bytes_in);
1016 
1017 	if (rctx->is_final && (rctx->total_sent == rctx->total_todo))
1018 		ahash_req_done(rctx);
1019 }
1020 
1021 /**
1022  * spu_aead_rx_sg_create() - Build up the scatterlist of buffers used to receive
1023  * a SPU response message for an AEAD request. Includes buffers to catch SPU
1024  * message headers and the response data.
1025  * @mssg:	mailbox message containing the receive sg
1026  * @rctx:	crypto request context
1027  * @rx_frag_num: number of scatterlist elements required to hold the
1028  *		SPU response message
1029  * @assoc_len:	Length of associated data included in the crypto request
1030  * @ret_iv_len: Length of IV returned in response
1031  * @resp_len:	Number of bytes of response data expected to be written to
1032  *              dst buffer from crypto API
1033  * @digestsize: Length of hash digest, in bytes
1034  * @stat_pad_len: Number of bytes required to pad the STAT field to
1035  *		a 4-byte boundary
1036  *
1037  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
1038  * when the request completes, whether the request is handled successfully or
1039  * there is an error.
1040  *
1041  * Returns:
1042  *   0 if successful
1043  *   < 0 if an error
1044  */
1045 static int spu_aead_rx_sg_create(struct brcm_message *mssg,
1046 				 struct aead_request *req,
1047 				 struct iproc_reqctx_s *rctx,
1048 				 u8 rx_frag_num,
1049 				 unsigned int assoc_len,
1050 				 u32 ret_iv_len, unsigned int resp_len,
1051 				 unsigned int digestsize, u32 stat_pad_len)
1052 {
1053 	struct spu_hw *spu = &iproc_priv.spu;
1054 	struct scatterlist *sg;	/* used to build sgs in mbox message */
1055 	struct iproc_ctx_s *ctx = rctx->ctx;
1056 	u32 datalen;		/* Number of bytes of response data expected */
1057 	u32 assoc_buf_len;
1058 	u8 data_padlen = 0;
1059 
1060 	if (ctx->is_rfc4543) {
1061 		/* RFC4543: only pad after data, not after AAD */
1062 		data_padlen = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1063 							  assoc_len + resp_len);
1064 		assoc_buf_len = assoc_len;
1065 	} else {
1066 		data_padlen = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1067 							  resp_len);
1068 		assoc_buf_len = spu->spu_assoc_resp_len(ctx->cipher.mode,
1069 						assoc_len, ret_iv_len,
1070 						rctx->is_encrypt);
1071 	}
1072 
1073 	if (ctx->cipher.mode == CIPHER_MODE_CCM)
1074 		/* ICV (after data) must be in the next 32-bit word for CCM */
1075 		data_padlen += spu->spu_wordalign_padlen(assoc_buf_len +
1076 							 resp_len +
1077 							 data_padlen);
1078 
1079 	if (data_padlen)
1080 		/* have to catch gcm pad in separate buffer */
1081 		rx_frag_num++;
1082 
1083 	mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
1084 				rctx->gfp);
1085 	if (!mssg->spu.dst)
1086 		return -ENOMEM;
1087 
1088 	sg = mssg->spu.dst;
1089 	sg_init_table(sg, rx_frag_num);
1090 
1091 	/* Space for SPU message header */
1092 	sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
1093 
1094 	if (assoc_buf_len) {
1095 		/*
1096 		 * Don't write directly to req->dst, because SPU may pad the
1097 		 * assoc data in the response
1098 		 */
1099 		memset(rctx->msg_buf.a.resp_aad, 0, assoc_buf_len);
1100 		sg_set_buf(sg++, rctx->msg_buf.a.resp_aad, assoc_buf_len);
1101 	}
1102 
1103 	if (resp_len) {
1104 		/*
1105 		 * Copy in each dst sg entry from request, up to chunksize.
1106 		 * dst sg catches just the data. digest caught in separate buf.
1107 		 */
1108 		datalen = spu_msg_sg_add(&sg, &rctx->dst_sg, &rctx->dst_skip,
1109 					 rctx->dst_nents, resp_len);
1110 		if (datalen < (resp_len)) {
1111 			pr_err("%s(): failed to copy dst sg to mbox msg. expected len %u, datalen %u",
1112 			       __func__, resp_len, datalen);
1113 			return -EFAULT;
1114 		}
1115 	}
1116 
1117 	/* If GCM/CCM data is padded, catch padding in separate buffer */
1118 	if (data_padlen) {
1119 		memset(rctx->msg_buf.a.gcmpad, 0, data_padlen);
1120 		sg_set_buf(sg++, rctx->msg_buf.a.gcmpad, data_padlen);
1121 	}
1122 
1123 	/* Always catch ICV in separate buffer */
1124 	sg_set_buf(sg++, rctx->msg_buf.digest, digestsize);
1125 
1126 	flow_log("stat_pad_len %u\n", stat_pad_len);
1127 	if (stat_pad_len) {
1128 		memset(rctx->msg_buf.rx_stat_pad, 0, stat_pad_len);
1129 		sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
1130 	}
1131 
1132 	memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
1133 	sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
1134 
1135 	return 0;
1136 }
1137 
1138 /**
1139  * spu_aead_tx_sg_create() - Build up the scatterlist of buffers used to send a
1140  * SPU request message for an AEAD request. Includes SPU message headers and the
1141  * request data.
1142  * @mssg:	mailbox message containing the transmit sg
1143  * @rctx:	crypto request context
1144  * @tx_frag_num: number of scatterlist elements required to construct the
1145  *		SPU request message
1146  * @spu_hdr_len: length of SPU message header in bytes
1147  * @assoc:	crypto API associated data scatterlist
1148  * @assoc_len:	length of associated data
1149  * @assoc_nents: number of scatterlist entries containing assoc data
1150  * @aead_iv_len: length of AEAD IV, if included
1151  * @chunksize:	Number of bytes of request data
1152  * @aad_pad_len: Number of bytes of padding at end of AAD. For GCM/CCM.
1153  * @pad_len:	Number of pad bytes
1154  * @incl_icv:	If true, write separate ICV buffer after data and
1155  *              any padding
1156  *
1157  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
1158  * when the request completes, whether the request is handled successfully or
1159  * there is an error.
1160  *
1161  * Return:
1162  *   0 if successful
1163  *   < 0 if an error
1164  */
1165 static int spu_aead_tx_sg_create(struct brcm_message *mssg,
1166 				 struct iproc_reqctx_s *rctx,
1167 				 u8 tx_frag_num,
1168 				 u32 spu_hdr_len,
1169 				 struct scatterlist *assoc,
1170 				 unsigned int assoc_len,
1171 				 int assoc_nents,
1172 				 unsigned int aead_iv_len,
1173 				 unsigned int chunksize,
1174 				 u32 aad_pad_len, u32 pad_len, bool incl_icv)
1175 {
1176 	struct spu_hw *spu = &iproc_priv.spu;
1177 	struct scatterlist *sg;	/* used to build sgs in mbox message */
1178 	struct scatterlist *assoc_sg = assoc;
1179 	struct iproc_ctx_s *ctx = rctx->ctx;
1180 	u32 datalen;		/* Number of bytes of data to write */
1181 	u32 written;		/* Number of bytes of data written */
1182 	u32 assoc_offset = 0;
1183 	u32 stat_len;
1184 
1185 	mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
1186 				rctx->gfp);
1187 	if (!mssg->spu.src)
1188 		return -ENOMEM;
1189 
1190 	sg = mssg->spu.src;
1191 	sg_init_table(sg, tx_frag_num);
1192 
1193 	sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
1194 		   BCM_HDR_LEN + spu_hdr_len);
1195 
1196 	if (assoc_len) {
1197 		/* Copy in each associated data sg entry from request */
1198 		written = spu_msg_sg_add(&sg, &assoc_sg, &assoc_offset,
1199 					 assoc_nents, assoc_len);
1200 		if (written < assoc_len) {
1201 			pr_err("%s(): failed to copy assoc sg to mbox msg",
1202 			       __func__);
1203 			return -EFAULT;
1204 		}
1205 	}
1206 
1207 	if (aead_iv_len)
1208 		sg_set_buf(sg++, rctx->msg_buf.iv_ctr, aead_iv_len);
1209 
1210 	if (aad_pad_len) {
1211 		memset(rctx->msg_buf.a.req_aad_pad, 0, aad_pad_len);
1212 		sg_set_buf(sg++, rctx->msg_buf.a.req_aad_pad, aad_pad_len);
1213 	}
1214 
1215 	datalen = chunksize;
1216 	if ((chunksize > ctx->digestsize) && incl_icv)
1217 		datalen -= ctx->digestsize;
1218 	if (datalen) {
1219 		/* For aead, a single msg should consume the entire src sg */
1220 		written = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
1221 					 rctx->src_nents, datalen);
1222 		if (written < datalen) {
1223 			pr_err("%s(): failed to copy src sg to mbox msg",
1224 			       __func__);
1225 			return -EFAULT;
1226 		}
1227 	}
1228 
1229 	if (pad_len) {
1230 		memset(rctx->msg_buf.spu_req_pad, 0, pad_len);
1231 		sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
1232 	}
1233 
1234 	if (incl_icv)
1235 		sg_set_buf(sg++, rctx->msg_buf.digest, ctx->digestsize);
1236 
1237 	stat_len = spu->spu_tx_status_len();
1238 	if (stat_len) {
1239 		memset(rctx->msg_buf.tx_stat, 0, stat_len);
1240 		sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
1241 	}
1242 	return 0;
1243 }
1244 
1245 /**
1246  * handle_aead_req() - Submit a SPU request message for the next chunk of the
1247  * current AEAD request.
1248  * @rctx:  Crypto request context
1249  *
1250  * Unlike other operation types, we assume the length of the request fits in
1251  * a single SPU request message. aead_enqueue() makes sure this is true.
1252  * Comments for other op types regarding threads applies here as well.
1253  *
1254  * Unlike incremental hash ops, where the spu returns the entire hash for
1255  * truncated algs like sha-224, the SPU returns just the truncated hash in
1256  * response to aead requests. So digestsize is always ctx->digestsize here.
1257  *
1258  * Return: -EINPROGRESS: crypto request has been accepted and result will be
1259  *			 returned asynchronously
1260  *         Any other value indicates an error
1261  */
1262 static int handle_aead_req(struct iproc_reqctx_s *rctx)
1263 {
1264 	struct spu_hw *spu = &iproc_priv.spu;
1265 	struct crypto_async_request *areq = rctx->parent;
1266 	struct aead_request *req = container_of(areq,
1267 						struct aead_request, base);
1268 	struct iproc_ctx_s *ctx = rctx->ctx;
1269 	int err;
1270 	unsigned int chunksize;
1271 	unsigned int resp_len;
1272 	u32 spu_hdr_len;
1273 	u32 db_size;
1274 	u32 stat_pad_len;
1275 	u32 pad_len;
1276 	struct brcm_message *mssg;	/* mailbox message */
1277 	struct spu_request_opts req_opts;
1278 	struct spu_cipher_parms cipher_parms;
1279 	struct spu_hash_parms hash_parms;
1280 	struct spu_aead_parms aead_parms;
1281 	int assoc_nents = 0;
1282 	bool incl_icv = false;
1283 	unsigned int digestsize = ctx->digestsize;
1284 
1285 	/* number of entries in src and dst sg. Always includes SPU msg header.
1286 	 */
1287 	u8 rx_frag_num = 2;	/* and STATUS */
1288 	u8 tx_frag_num = 1;
1289 
1290 	/* doing the whole thing at once */
1291 	chunksize = rctx->total_todo;
1292 
1293 	flow_log("%s: chunksize %u\n", __func__, chunksize);
1294 
1295 	memset(&req_opts, 0, sizeof(req_opts));
1296 	memset(&hash_parms, 0, sizeof(hash_parms));
1297 	memset(&aead_parms, 0, sizeof(aead_parms));
1298 
1299 	req_opts.is_inbound = !(rctx->is_encrypt);
1300 	req_opts.auth_first = ctx->auth_first;
1301 	req_opts.is_aead = true;
1302 	req_opts.is_esp = ctx->is_esp;
1303 
1304 	cipher_parms.alg = ctx->cipher.alg;
1305 	cipher_parms.mode = ctx->cipher.mode;
1306 	cipher_parms.type = ctx->cipher_type;
1307 	cipher_parms.key_buf = ctx->enckey;
1308 	cipher_parms.key_len = ctx->enckeylen;
1309 	cipher_parms.iv_buf = rctx->msg_buf.iv_ctr;
1310 	cipher_parms.iv_len = rctx->iv_ctr_len;
1311 
1312 	hash_parms.alg = ctx->auth.alg;
1313 	hash_parms.mode = ctx->auth.mode;
1314 	hash_parms.type = HASH_TYPE_NONE;
1315 	hash_parms.key_buf = (u8 *)ctx->authkey;
1316 	hash_parms.key_len = ctx->authkeylen;
1317 	hash_parms.digestsize = digestsize;
1318 
1319 	if ((ctx->auth.alg == HASH_ALG_SHA224) &&
1320 	    (ctx->authkeylen < SHA224_DIGEST_SIZE))
1321 		hash_parms.key_len = SHA224_DIGEST_SIZE;
1322 
1323 	aead_parms.assoc_size = req->assoclen;
1324 	if (ctx->is_esp && !ctx->is_rfc4543) {
1325 		/*
1326 		 * 8-byte IV is included assoc data in request. SPU2
1327 		 * expects AAD to include just SPI and seqno. So
1328 		 * subtract off the IV len.
1329 		 */
1330 		aead_parms.assoc_size -= GCM_RFC4106_IV_SIZE;
1331 
1332 		if (rctx->is_encrypt) {
1333 			aead_parms.return_iv = true;
1334 			aead_parms.ret_iv_len = GCM_RFC4106_IV_SIZE;
1335 			aead_parms.ret_iv_off = GCM_ESP_SALT_SIZE;
1336 		}
1337 	} else {
1338 		aead_parms.ret_iv_len = 0;
1339 	}
1340 
1341 	/*
1342 	 * Count number of sg entries from the crypto API request that are to
1343 	 * be included in this mailbox message. For dst sg, don't count space
1344 	 * for digest. Digest gets caught in a separate buffer and copied back
1345 	 * to dst sg when processing response.
1346 	 */
1347 	rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip, chunksize);
1348 	rctx->dst_nents = spu_sg_count(rctx->dst_sg, rctx->dst_skip, chunksize);
1349 	if (aead_parms.assoc_size)
1350 		assoc_nents = spu_sg_count(rctx->assoc, 0,
1351 					   aead_parms.assoc_size);
1352 
1353 	mssg = &rctx->mb_mssg;
1354 
1355 	rctx->total_sent = chunksize;
1356 	rctx->src_sent = chunksize;
1357 	if (spu->spu_assoc_resp_len(ctx->cipher.mode,
1358 				    aead_parms.assoc_size,
1359 				    aead_parms.ret_iv_len,
1360 				    rctx->is_encrypt))
1361 		rx_frag_num++;
1362 
1363 	aead_parms.iv_len = spu->spu_aead_ivlen(ctx->cipher.mode,
1364 						rctx->iv_ctr_len);
1365 
1366 	if (ctx->auth.alg == HASH_ALG_AES)
1367 		hash_parms.type = (enum hash_type)ctx->cipher_type;
1368 
1369 	/* General case AAD padding (CCM and RFC4543 special cases below) */
1370 	aead_parms.aad_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1371 						 aead_parms.assoc_size);
1372 
1373 	/* General case data padding (CCM decrypt special case below) */
1374 	aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1375 							   chunksize);
1376 
1377 	if (ctx->cipher.mode == CIPHER_MODE_CCM) {
1378 		/*
1379 		 * for CCM, AAD len + 2 (rather than AAD len) needs to be
1380 		 * 128-bit aligned
1381 		 */
1382 		aead_parms.aad_pad_len = spu->spu_gcm_ccm_pad_len(
1383 					 ctx->cipher.mode,
1384 					 aead_parms.assoc_size + 2);
1385 
1386 		/*
1387 		 * And when decrypting CCM, need to pad without including
1388 		 * size of ICV which is tacked on to end of chunk
1389 		 */
1390 		if (!rctx->is_encrypt)
1391 			aead_parms.data_pad_len =
1392 				spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1393 							chunksize - digestsize);
1394 
1395 		/* CCM also requires software to rewrite portions of IV: */
1396 		spu->spu_ccm_update_iv(digestsize, &cipher_parms, req->assoclen,
1397 				       chunksize, rctx->is_encrypt,
1398 				       ctx->is_esp);
1399 	}
1400 
1401 	if (ctx->is_rfc4543) {
1402 		/*
1403 		 * RFC4543: data is included in AAD, so don't pad after AAD
1404 		 * and pad data based on both AAD + data size
1405 		 */
1406 		aead_parms.aad_pad_len = 0;
1407 		if (!rctx->is_encrypt)
1408 			aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(
1409 					ctx->cipher.mode,
1410 					aead_parms.assoc_size + chunksize -
1411 					digestsize);
1412 		else
1413 			aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(
1414 					ctx->cipher.mode,
1415 					aead_parms.assoc_size + chunksize);
1416 
1417 		req_opts.is_rfc4543 = true;
1418 	}
1419 
1420 	if (spu_req_incl_icv(ctx->cipher.mode, rctx->is_encrypt)) {
1421 		incl_icv = true;
1422 		tx_frag_num++;
1423 		/* Copy ICV from end of src scatterlist to digest buf */
1424 		sg_copy_part_to_buf(req->src, rctx->msg_buf.digest, digestsize,
1425 				    req->assoclen + rctx->total_sent -
1426 				    digestsize);
1427 	}
1428 
1429 	atomic64_add(chunksize, &iproc_priv.bytes_out);
1430 
1431 	flow_log("%s()-sent chunksize:%u\n", __func__, chunksize);
1432 
1433 	/* Prepend SPU header with type 3 BCM header */
1434 	memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
1435 
1436 	spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
1437 					      BCM_HDR_LEN, &req_opts,
1438 					      &cipher_parms, &hash_parms,
1439 					      &aead_parms, chunksize);
1440 
1441 	/* Determine total length of padding. Put all padding in one buffer. */
1442 	db_size = spu_real_db_size(aead_parms.assoc_size, aead_parms.iv_len, 0,
1443 				   chunksize, aead_parms.aad_pad_len,
1444 				   aead_parms.data_pad_len, 0);
1445 
1446 	stat_pad_len = spu->spu_wordalign_padlen(db_size);
1447 
1448 	if (stat_pad_len)
1449 		rx_frag_num++;
1450 	pad_len = aead_parms.data_pad_len + stat_pad_len;
1451 	if (pad_len) {
1452 		tx_frag_num++;
1453 		spu->spu_request_pad(rctx->msg_buf.spu_req_pad,
1454 				     aead_parms.data_pad_len, 0,
1455 				     ctx->auth.alg, ctx->auth.mode,
1456 				     rctx->total_sent, stat_pad_len);
1457 	}
1458 
1459 	spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
1460 			      spu_hdr_len);
1461 	dump_sg(rctx->assoc, 0, aead_parms.assoc_size);
1462 	packet_dump("    aead iv: ", rctx->msg_buf.iv_ctr, aead_parms.iv_len);
1463 	packet_log("BD:\n");
1464 	dump_sg(rctx->src_sg, rctx->src_skip, chunksize);
1465 	packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
1466 
1467 	/*
1468 	 * Build mailbox message containing SPU request msg and rx buffers
1469 	 * to catch response message
1470 	 */
1471 	memset(mssg, 0, sizeof(*mssg));
1472 	mssg->type = BRCM_MESSAGE_SPU;
1473 	mssg->ctx = rctx;	/* Will be returned in response */
1474 
1475 	/* Create rx scatterlist to catch result */
1476 	rx_frag_num += rctx->dst_nents;
1477 	resp_len = chunksize;
1478 
1479 	/*
1480 	 * Always catch ICV in separate buffer. Have to for GCM/CCM because of
1481 	 * padding. Have to for SHA-224 and other truncated SHAs because SPU
1482 	 * sends entire digest back.
1483 	 */
1484 	rx_frag_num++;
1485 
1486 	if (((ctx->cipher.mode == CIPHER_MODE_GCM) ||
1487 	     (ctx->cipher.mode == CIPHER_MODE_CCM)) && !rctx->is_encrypt) {
1488 		/*
1489 		 * Input is ciphertxt plus ICV, but ICV not incl
1490 		 * in output.
1491 		 */
1492 		resp_len -= ctx->digestsize;
1493 		if (resp_len == 0)
1494 			/* no rx frags to catch output data */
1495 			rx_frag_num -= rctx->dst_nents;
1496 	}
1497 
1498 	err = spu_aead_rx_sg_create(mssg, req, rctx, rx_frag_num,
1499 				    aead_parms.assoc_size,
1500 				    aead_parms.ret_iv_len, resp_len, digestsize,
1501 				    stat_pad_len);
1502 	if (err)
1503 		return err;
1504 
1505 	/* Create tx scatterlist containing SPU request message */
1506 	tx_frag_num += rctx->src_nents;
1507 	tx_frag_num += assoc_nents;
1508 	if (aead_parms.aad_pad_len)
1509 		tx_frag_num++;
1510 	if (aead_parms.iv_len)
1511 		tx_frag_num++;
1512 	if (spu->spu_tx_status_len())
1513 		tx_frag_num++;
1514 	err = spu_aead_tx_sg_create(mssg, rctx, tx_frag_num, spu_hdr_len,
1515 				    rctx->assoc, aead_parms.assoc_size,
1516 				    assoc_nents, aead_parms.iv_len, chunksize,
1517 				    aead_parms.aad_pad_len, pad_len, incl_icv);
1518 	if (err)
1519 		return err;
1520 
1521 	err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
1522 	if (unlikely(err < 0))
1523 		return err;
1524 
1525 	return -EINPROGRESS;
1526 }
1527 
1528 /**
1529  * handle_aead_resp() - Process a SPU response message for an AEAD request.
1530  * @rctx:  Crypto request context
1531  */
1532 static void handle_aead_resp(struct iproc_reqctx_s *rctx)
1533 {
1534 	struct spu_hw *spu = &iproc_priv.spu;
1535 	struct crypto_async_request *areq = rctx->parent;
1536 	struct aead_request *req = container_of(areq,
1537 						struct aead_request, base);
1538 	struct iproc_ctx_s *ctx = rctx->ctx;
1539 	u32 payload_len;
1540 	unsigned int icv_offset;
1541 	u32 result_len;
1542 
1543 	/* See how much data was returned */
1544 	payload_len = spu->spu_payload_length(rctx->msg_buf.spu_resp_hdr);
1545 	flow_log("payload_len %u\n", payload_len);
1546 
1547 	/* only count payload */
1548 	atomic64_add(payload_len, &iproc_priv.bytes_in);
1549 
1550 	if (req->assoclen)
1551 		packet_dump("  assoc_data ", rctx->msg_buf.a.resp_aad,
1552 			    req->assoclen);
1553 
1554 	/*
1555 	 * Copy the ICV back to the destination
1556 	 * buffer. In decrypt case, SPU gives us back the digest, but crypto
1557 	 * API doesn't expect ICV in dst buffer.
1558 	 */
1559 	result_len = req->cryptlen;
1560 	if (rctx->is_encrypt) {
1561 		icv_offset = req->assoclen + rctx->total_sent;
1562 		packet_dump("  ICV: ", rctx->msg_buf.digest, ctx->digestsize);
1563 		flow_log("copying ICV to dst sg at offset %u\n", icv_offset);
1564 		sg_copy_part_from_buf(req->dst, rctx->msg_buf.digest,
1565 				      ctx->digestsize, icv_offset);
1566 		result_len += ctx->digestsize;
1567 	}
1568 
1569 	packet_log("response data:  ");
1570 	dump_sg(req->dst, req->assoclen, result_len);
1571 
1572 	atomic_inc(&iproc_priv.op_counts[SPU_OP_AEAD]);
1573 	if (ctx->cipher.alg == CIPHER_ALG_AES) {
1574 		if (ctx->cipher.mode == CIPHER_MODE_CCM)
1575 			atomic_inc(&iproc_priv.aead_cnt[AES_CCM]);
1576 		else if (ctx->cipher.mode == CIPHER_MODE_GCM)
1577 			atomic_inc(&iproc_priv.aead_cnt[AES_GCM]);
1578 		else
1579 			atomic_inc(&iproc_priv.aead_cnt[AUTHENC]);
1580 	} else {
1581 		atomic_inc(&iproc_priv.aead_cnt[AUTHENC]);
1582 	}
1583 }
1584 
1585 /**
1586  * spu_chunk_cleanup() - Do cleanup after processing one chunk of a request
1587  * @rctx:  request context
1588  *
1589  * Mailbox scatterlists are allocated for each chunk. So free them after
1590  * processing each chunk.
1591  */
1592 static void spu_chunk_cleanup(struct iproc_reqctx_s *rctx)
1593 {
1594 	/* mailbox message used to tx request */
1595 	struct brcm_message *mssg = &rctx->mb_mssg;
1596 
1597 	kfree(mssg->spu.src);
1598 	kfree(mssg->spu.dst);
1599 	memset(mssg, 0, sizeof(struct brcm_message));
1600 }
1601 
1602 /**
1603  * finish_req() - Used to invoke the complete callback from the requester when
1604  * a request has been handled asynchronously.
1605  * @rctx:  Request context
1606  * @err:   Indicates whether the request was successful or not
1607  *
1608  * Ensures that cleanup has been done for request
1609  */
1610 static void finish_req(struct iproc_reqctx_s *rctx, int err)
1611 {
1612 	struct crypto_async_request *areq = rctx->parent;
1613 
1614 	flow_log("%s() err:%d\n\n", __func__, err);
1615 
1616 	/* No harm done if already called */
1617 	spu_chunk_cleanup(rctx);
1618 
1619 	if (areq)
1620 		areq->complete(areq, err);
1621 }
1622 
1623 /**
1624  * spu_rx_callback() - Callback from mailbox framework with a SPU response.
1625  * @cl:		mailbox client structure for SPU driver
1626  * @msg:	mailbox message containing SPU response
1627  */
1628 static void spu_rx_callback(struct mbox_client *cl, void *msg)
1629 {
1630 	struct spu_hw *spu = &iproc_priv.spu;
1631 	struct brcm_message *mssg = msg;
1632 	struct iproc_reqctx_s *rctx;
1633 	int err;
1634 
1635 	rctx = mssg->ctx;
1636 	if (unlikely(!rctx)) {
1637 		/* This is fatal */
1638 		pr_err("%s(): no request context", __func__);
1639 		err = -EFAULT;
1640 		goto cb_finish;
1641 	}
1642 
1643 	/* process the SPU status */
1644 	err = spu->spu_status_process(rctx->msg_buf.rx_stat);
1645 	if (err != 0) {
1646 		if (err == SPU_INVALID_ICV)
1647 			atomic_inc(&iproc_priv.bad_icv);
1648 		err = -EBADMSG;
1649 		goto cb_finish;
1650 	}
1651 
1652 	/* Process the SPU response message */
1653 	switch (rctx->ctx->alg->type) {
1654 	case CRYPTO_ALG_TYPE_SKCIPHER:
1655 		handle_skcipher_resp(rctx);
1656 		break;
1657 	case CRYPTO_ALG_TYPE_AHASH:
1658 		handle_ahash_resp(rctx);
1659 		break;
1660 	case CRYPTO_ALG_TYPE_AEAD:
1661 		handle_aead_resp(rctx);
1662 		break;
1663 	default:
1664 		err = -EINVAL;
1665 		goto cb_finish;
1666 	}
1667 
1668 	/*
1669 	 * If this response does not complete the request, then send the next
1670 	 * request chunk.
1671 	 */
1672 	if (rctx->total_sent < rctx->total_todo) {
1673 		/* Deallocate anything specific to previous chunk */
1674 		spu_chunk_cleanup(rctx);
1675 
1676 		switch (rctx->ctx->alg->type) {
1677 		case CRYPTO_ALG_TYPE_SKCIPHER:
1678 			err = handle_skcipher_req(rctx);
1679 			break;
1680 		case CRYPTO_ALG_TYPE_AHASH:
1681 			err = handle_ahash_req(rctx);
1682 			if (err == -EAGAIN)
1683 				/*
1684 				 * we saved data in hash carry, but tell crypto
1685 				 * API we successfully completed request.
1686 				 */
1687 				err = 0;
1688 			break;
1689 		case CRYPTO_ALG_TYPE_AEAD:
1690 			err = handle_aead_req(rctx);
1691 			break;
1692 		default:
1693 			err = -EINVAL;
1694 		}
1695 
1696 		if (err == -EINPROGRESS)
1697 			/* Successfully submitted request for next chunk */
1698 			return;
1699 	}
1700 
1701 cb_finish:
1702 	finish_req(rctx, err);
1703 }
1704 
1705 /* ==================== Kernel Cryptographic API ==================== */
1706 
1707 /**
1708  * skcipher_enqueue() - Handle skcipher encrypt or decrypt request.
1709  * @req:	Crypto API request
1710  * @encrypt:	true if encrypting; false if decrypting
1711  *
1712  * Return: -EINPROGRESS if request accepted and result will be returned
1713  *			asynchronously
1714  *	   < 0 if an error
1715  */
1716 static int skcipher_enqueue(struct skcipher_request *req, bool encrypt)
1717 {
1718 	struct iproc_reqctx_s *rctx = skcipher_request_ctx(req);
1719 	struct iproc_ctx_s *ctx =
1720 	    crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
1721 	int err;
1722 
1723 	flow_log("%s() enc:%u\n", __func__, encrypt);
1724 
1725 	rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
1726 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
1727 	rctx->parent = &req->base;
1728 	rctx->is_encrypt = encrypt;
1729 	rctx->bd_suppress = false;
1730 	rctx->total_todo = req->cryptlen;
1731 	rctx->src_sent = 0;
1732 	rctx->total_sent = 0;
1733 	rctx->total_received = 0;
1734 	rctx->ctx = ctx;
1735 
1736 	/* Initialize current position in src and dst scatterlists */
1737 	rctx->src_sg = req->src;
1738 	rctx->src_nents = 0;
1739 	rctx->src_skip = 0;
1740 	rctx->dst_sg = req->dst;
1741 	rctx->dst_nents = 0;
1742 	rctx->dst_skip = 0;
1743 
1744 	if (ctx->cipher.mode == CIPHER_MODE_CBC ||
1745 	    ctx->cipher.mode == CIPHER_MODE_CTR ||
1746 	    ctx->cipher.mode == CIPHER_MODE_OFB ||
1747 	    ctx->cipher.mode == CIPHER_MODE_XTS ||
1748 	    ctx->cipher.mode == CIPHER_MODE_GCM ||
1749 	    ctx->cipher.mode == CIPHER_MODE_CCM) {
1750 		rctx->iv_ctr_len =
1751 		    crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req));
1752 		memcpy(rctx->msg_buf.iv_ctr, req->iv, rctx->iv_ctr_len);
1753 	} else {
1754 		rctx->iv_ctr_len = 0;
1755 	}
1756 
1757 	/* Choose a SPU to process this request */
1758 	rctx->chan_idx = select_channel();
1759 	err = handle_skcipher_req(rctx);
1760 	if (err != -EINPROGRESS)
1761 		/* synchronous result */
1762 		spu_chunk_cleanup(rctx);
1763 
1764 	return err;
1765 }
1766 
1767 static int des_setkey(struct crypto_skcipher *cipher, const u8 *key,
1768 		      unsigned int keylen)
1769 {
1770 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1771 	int err;
1772 
1773 	err = verify_skcipher_des_key(cipher, key);
1774 	if (err)
1775 		return err;
1776 
1777 	ctx->cipher_type = CIPHER_TYPE_DES;
1778 	return 0;
1779 }
1780 
1781 static int threedes_setkey(struct crypto_skcipher *cipher, const u8 *key,
1782 			   unsigned int keylen)
1783 {
1784 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1785 	int err;
1786 
1787 	err = verify_skcipher_des3_key(cipher, key);
1788 	if (err)
1789 		return err;
1790 
1791 	ctx->cipher_type = CIPHER_TYPE_3DES;
1792 	return 0;
1793 }
1794 
1795 static int aes_setkey(struct crypto_skcipher *cipher, const u8 *key,
1796 		      unsigned int keylen)
1797 {
1798 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1799 
1800 	if (ctx->cipher.mode == CIPHER_MODE_XTS)
1801 		/* XTS includes two keys of equal length */
1802 		keylen = keylen / 2;
1803 
1804 	switch (keylen) {
1805 	case AES_KEYSIZE_128:
1806 		ctx->cipher_type = CIPHER_TYPE_AES128;
1807 		break;
1808 	case AES_KEYSIZE_192:
1809 		ctx->cipher_type = CIPHER_TYPE_AES192;
1810 		break;
1811 	case AES_KEYSIZE_256:
1812 		ctx->cipher_type = CIPHER_TYPE_AES256;
1813 		break;
1814 	default:
1815 		return -EINVAL;
1816 	}
1817 	WARN_ON((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
1818 		((ctx->max_payload % AES_BLOCK_SIZE) != 0));
1819 	return 0;
1820 }
1821 
1822 static int skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key,
1823 			     unsigned int keylen)
1824 {
1825 	struct spu_hw *spu = &iproc_priv.spu;
1826 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1827 	struct spu_cipher_parms cipher_parms;
1828 	u32 alloc_len = 0;
1829 	int err;
1830 
1831 	flow_log("skcipher_setkey() keylen: %d\n", keylen);
1832 	flow_dump("  key: ", key, keylen);
1833 
1834 	switch (ctx->cipher.alg) {
1835 	case CIPHER_ALG_DES:
1836 		err = des_setkey(cipher, key, keylen);
1837 		break;
1838 	case CIPHER_ALG_3DES:
1839 		err = threedes_setkey(cipher, key, keylen);
1840 		break;
1841 	case CIPHER_ALG_AES:
1842 		err = aes_setkey(cipher, key, keylen);
1843 		break;
1844 	default:
1845 		pr_err("%s() Error: unknown cipher alg\n", __func__);
1846 		err = -EINVAL;
1847 	}
1848 	if (err)
1849 		return err;
1850 
1851 	memcpy(ctx->enckey, key, keylen);
1852 	ctx->enckeylen = keylen;
1853 
1854 	/* SPU needs XTS keys in the reverse order the crypto API presents */
1855 	if ((ctx->cipher.alg == CIPHER_ALG_AES) &&
1856 	    (ctx->cipher.mode == CIPHER_MODE_XTS)) {
1857 		unsigned int xts_keylen = keylen / 2;
1858 
1859 		memcpy(ctx->enckey, key + xts_keylen, xts_keylen);
1860 		memcpy(ctx->enckey + xts_keylen, key, xts_keylen);
1861 	}
1862 
1863 	if (spu->spu_type == SPU_TYPE_SPUM)
1864 		alloc_len = BCM_HDR_LEN + SPU_HEADER_ALLOC_LEN;
1865 	else if (spu->spu_type == SPU_TYPE_SPU2)
1866 		alloc_len = BCM_HDR_LEN + SPU2_HEADER_ALLOC_LEN;
1867 	memset(ctx->bcm_spu_req_hdr, 0, alloc_len);
1868 	cipher_parms.iv_buf = NULL;
1869 	cipher_parms.iv_len = crypto_skcipher_ivsize(cipher);
1870 	flow_log("%s: iv_len %u\n", __func__, cipher_parms.iv_len);
1871 
1872 	cipher_parms.alg = ctx->cipher.alg;
1873 	cipher_parms.mode = ctx->cipher.mode;
1874 	cipher_parms.type = ctx->cipher_type;
1875 	cipher_parms.key_buf = ctx->enckey;
1876 	cipher_parms.key_len = ctx->enckeylen;
1877 
1878 	/* Prepend SPU request message with BCM header */
1879 	memcpy(ctx->bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
1880 	ctx->spu_req_hdr_len =
1881 	    spu->spu_cipher_req_init(ctx->bcm_spu_req_hdr + BCM_HDR_LEN,
1882 				     &cipher_parms);
1883 
1884 	ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
1885 							  ctx->enckeylen,
1886 							  false);
1887 
1888 	atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_CIPHER]);
1889 
1890 	return 0;
1891 }
1892 
1893 static int skcipher_encrypt(struct skcipher_request *req)
1894 {
1895 	flow_log("skcipher_encrypt() nbytes:%u\n", req->cryptlen);
1896 
1897 	return skcipher_enqueue(req, true);
1898 }
1899 
1900 static int skcipher_decrypt(struct skcipher_request *req)
1901 {
1902 	flow_log("skcipher_decrypt() nbytes:%u\n", req->cryptlen);
1903 	return skcipher_enqueue(req, false);
1904 }
1905 
1906 static int ahash_enqueue(struct ahash_request *req)
1907 {
1908 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
1909 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1910 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
1911 	int err;
1912 	const char *alg_name;
1913 
1914 	flow_log("ahash_enqueue() nbytes:%u\n", req->nbytes);
1915 
1916 	rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
1917 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
1918 	rctx->parent = &req->base;
1919 	rctx->ctx = ctx;
1920 	rctx->bd_suppress = true;
1921 	memset(&rctx->mb_mssg, 0, sizeof(struct brcm_message));
1922 
1923 	/* Initialize position in src scatterlist */
1924 	rctx->src_sg = req->src;
1925 	rctx->src_skip = 0;
1926 	rctx->src_nents = 0;
1927 	rctx->dst_sg = NULL;
1928 	rctx->dst_skip = 0;
1929 	rctx->dst_nents = 0;
1930 
1931 	/* SPU2 hardware does not compute hash of zero length data */
1932 	if ((rctx->is_final == 1) && (rctx->total_todo == 0) &&
1933 	    (iproc_priv.spu.spu_type == SPU_TYPE_SPU2)) {
1934 		alg_name = crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
1935 		flow_log("Doing %sfinal %s zero-len hash request in software\n",
1936 			 rctx->is_final ? "" : "non-", alg_name);
1937 		err = do_shash((unsigned char *)alg_name, req->result,
1938 			       NULL, 0, NULL, 0, ctx->authkey,
1939 			       ctx->authkeylen);
1940 		if (err < 0)
1941 			flow_log("Hash request failed with error %d\n", err);
1942 		return err;
1943 	}
1944 	/* Choose a SPU to process this request */
1945 	rctx->chan_idx = select_channel();
1946 
1947 	err = handle_ahash_req(rctx);
1948 	if (err != -EINPROGRESS)
1949 		/* synchronous result */
1950 		spu_chunk_cleanup(rctx);
1951 
1952 	if (err == -EAGAIN)
1953 		/*
1954 		 * we saved data in hash carry, but tell crypto API
1955 		 * we successfully completed request.
1956 		 */
1957 		err = 0;
1958 
1959 	return err;
1960 }
1961 
1962 static int __ahash_init(struct ahash_request *req)
1963 {
1964 	struct spu_hw *spu = &iproc_priv.spu;
1965 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
1966 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1967 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
1968 
1969 	flow_log("%s()\n", __func__);
1970 
1971 	/* Initialize the context */
1972 	rctx->hash_carry_len = 0;
1973 	rctx->is_final = 0;
1974 
1975 	rctx->total_todo = 0;
1976 	rctx->src_sent = 0;
1977 	rctx->total_sent = 0;
1978 	rctx->total_received = 0;
1979 
1980 	ctx->digestsize = crypto_ahash_digestsize(tfm);
1981 	/* If we add a hash whose digest is larger, catch it here. */
1982 	WARN_ON(ctx->digestsize > MAX_DIGEST_SIZE);
1983 
1984 	rctx->is_sw_hmac = false;
1985 
1986 	ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen, 0,
1987 							  true);
1988 
1989 	return 0;
1990 }
1991 
1992 /**
1993  * spu_no_incr_hash() - Determine whether incremental hashing is supported.
1994  * @ctx:  Crypto session context
1995  *
1996  * SPU-2 does not support incremental hashing (we'll have to revisit and
1997  * condition based on chip revision or device tree entry if future versions do
1998  * support incremental hash)
1999  *
2000  * SPU-M also doesn't support incremental hashing of AES-XCBC
2001  *
2002  * Return: true if incremental hashing is not supported
2003  *         false otherwise
2004  */
2005 static bool spu_no_incr_hash(struct iproc_ctx_s *ctx)
2006 {
2007 	struct spu_hw *spu = &iproc_priv.spu;
2008 
2009 	if (spu->spu_type == SPU_TYPE_SPU2)
2010 		return true;
2011 
2012 	if ((ctx->auth.alg == HASH_ALG_AES) &&
2013 	    (ctx->auth.mode == HASH_MODE_XCBC))
2014 		return true;
2015 
2016 	/* Otherwise, incremental hashing is supported */
2017 	return false;
2018 }
2019 
2020 static int ahash_init(struct ahash_request *req)
2021 {
2022 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2023 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2024 	const char *alg_name;
2025 	struct crypto_shash *hash;
2026 	int ret;
2027 	gfp_t gfp;
2028 
2029 	if (spu_no_incr_hash(ctx)) {
2030 		/*
2031 		 * If we get an incremental hashing request and it's not
2032 		 * supported by the hardware, we need to handle it in software
2033 		 * by calling synchronous hash functions.
2034 		 */
2035 		alg_name = crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
2036 		hash = crypto_alloc_shash(alg_name, 0, 0);
2037 		if (IS_ERR(hash)) {
2038 			ret = PTR_ERR(hash);
2039 			goto err;
2040 		}
2041 
2042 		gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2043 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2044 		ctx->shash = kmalloc(sizeof(*ctx->shash) +
2045 				     crypto_shash_descsize(hash), gfp);
2046 		if (!ctx->shash) {
2047 			ret = -ENOMEM;
2048 			goto err_hash;
2049 		}
2050 		ctx->shash->tfm = hash;
2051 
2052 		/* Set the key using data we already have from setkey */
2053 		if (ctx->authkeylen > 0) {
2054 			ret = crypto_shash_setkey(hash, ctx->authkey,
2055 						  ctx->authkeylen);
2056 			if (ret)
2057 				goto err_shash;
2058 		}
2059 
2060 		/* Initialize hash w/ this key and other params */
2061 		ret = crypto_shash_init(ctx->shash);
2062 		if (ret)
2063 			goto err_shash;
2064 	} else {
2065 		/* Otherwise call the internal function which uses SPU hw */
2066 		ret = __ahash_init(req);
2067 	}
2068 
2069 	return ret;
2070 
2071 err_shash:
2072 	kfree(ctx->shash);
2073 err_hash:
2074 	crypto_free_shash(hash);
2075 err:
2076 	return ret;
2077 }
2078 
2079 static int __ahash_update(struct ahash_request *req)
2080 {
2081 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2082 
2083 	flow_log("ahash_update() nbytes:%u\n", req->nbytes);
2084 
2085 	if (!req->nbytes)
2086 		return 0;
2087 	rctx->total_todo += req->nbytes;
2088 	rctx->src_sent = 0;
2089 
2090 	return ahash_enqueue(req);
2091 }
2092 
2093 static int ahash_update(struct ahash_request *req)
2094 {
2095 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2096 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2097 	u8 *tmpbuf;
2098 	int ret;
2099 	int nents;
2100 	gfp_t gfp;
2101 
2102 	if (spu_no_incr_hash(ctx)) {
2103 		/*
2104 		 * If we get an incremental hashing request and it's not
2105 		 * supported by the hardware, we need to handle it in software
2106 		 * by calling synchronous hash functions.
2107 		 */
2108 		if (req->src)
2109 			nents = sg_nents(req->src);
2110 		else
2111 			return -EINVAL;
2112 
2113 		/* Copy data from req scatterlist to tmp buffer */
2114 		gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2115 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2116 		tmpbuf = kmalloc(req->nbytes, gfp);
2117 		if (!tmpbuf)
2118 			return -ENOMEM;
2119 
2120 		if (sg_copy_to_buffer(req->src, nents, tmpbuf, req->nbytes) !=
2121 				req->nbytes) {
2122 			kfree(tmpbuf);
2123 			return -EINVAL;
2124 		}
2125 
2126 		/* Call synchronous update */
2127 		ret = crypto_shash_update(ctx->shash, tmpbuf, req->nbytes);
2128 		kfree(tmpbuf);
2129 	} else {
2130 		/* Otherwise call the internal function which uses SPU hw */
2131 		ret = __ahash_update(req);
2132 	}
2133 
2134 	return ret;
2135 }
2136 
2137 static int __ahash_final(struct ahash_request *req)
2138 {
2139 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2140 
2141 	flow_log("ahash_final() nbytes:%u\n", req->nbytes);
2142 
2143 	rctx->is_final = 1;
2144 
2145 	return ahash_enqueue(req);
2146 }
2147 
2148 static int ahash_final(struct ahash_request *req)
2149 {
2150 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2151 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2152 	int ret;
2153 
2154 	if (spu_no_incr_hash(ctx)) {
2155 		/*
2156 		 * If we get an incremental hashing request and it's not
2157 		 * supported by the hardware, we need to handle it in software
2158 		 * by calling synchronous hash functions.
2159 		 */
2160 		ret = crypto_shash_final(ctx->shash, req->result);
2161 
2162 		/* Done with hash, can deallocate it now */
2163 		crypto_free_shash(ctx->shash->tfm);
2164 		kfree(ctx->shash);
2165 
2166 	} else {
2167 		/* Otherwise call the internal function which uses SPU hw */
2168 		ret = __ahash_final(req);
2169 	}
2170 
2171 	return ret;
2172 }
2173 
2174 static int __ahash_finup(struct ahash_request *req)
2175 {
2176 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2177 
2178 	flow_log("ahash_finup() nbytes:%u\n", req->nbytes);
2179 
2180 	rctx->total_todo += req->nbytes;
2181 	rctx->src_sent = 0;
2182 	rctx->is_final = 1;
2183 
2184 	return ahash_enqueue(req);
2185 }
2186 
2187 static int ahash_finup(struct ahash_request *req)
2188 {
2189 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2190 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2191 	u8 *tmpbuf;
2192 	int ret;
2193 	int nents;
2194 	gfp_t gfp;
2195 
2196 	if (spu_no_incr_hash(ctx)) {
2197 		/*
2198 		 * If we get an incremental hashing request and it's not
2199 		 * supported by the hardware, we need to handle it in software
2200 		 * by calling synchronous hash functions.
2201 		 */
2202 		if (req->src) {
2203 			nents = sg_nents(req->src);
2204 		} else {
2205 			ret = -EINVAL;
2206 			goto ahash_finup_exit;
2207 		}
2208 
2209 		/* Copy data from req scatterlist to tmp buffer */
2210 		gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2211 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2212 		tmpbuf = kmalloc(req->nbytes, gfp);
2213 		if (!tmpbuf) {
2214 			ret = -ENOMEM;
2215 			goto ahash_finup_exit;
2216 		}
2217 
2218 		if (sg_copy_to_buffer(req->src, nents, tmpbuf, req->nbytes) !=
2219 				req->nbytes) {
2220 			ret = -EINVAL;
2221 			goto ahash_finup_free;
2222 		}
2223 
2224 		/* Call synchronous update */
2225 		ret = crypto_shash_finup(ctx->shash, tmpbuf, req->nbytes,
2226 					 req->result);
2227 	} else {
2228 		/* Otherwise call the internal function which uses SPU hw */
2229 		return __ahash_finup(req);
2230 	}
2231 ahash_finup_free:
2232 	kfree(tmpbuf);
2233 
2234 ahash_finup_exit:
2235 	/* Done with hash, can deallocate it now */
2236 	crypto_free_shash(ctx->shash->tfm);
2237 	kfree(ctx->shash);
2238 	return ret;
2239 }
2240 
2241 static int ahash_digest(struct ahash_request *req)
2242 {
2243 	int err;
2244 
2245 	flow_log("ahash_digest() nbytes:%u\n", req->nbytes);
2246 
2247 	/* whole thing at once */
2248 	err = __ahash_init(req);
2249 	if (!err)
2250 		err = __ahash_finup(req);
2251 
2252 	return err;
2253 }
2254 
2255 static int ahash_setkey(struct crypto_ahash *ahash, const u8 *key,
2256 			unsigned int keylen)
2257 {
2258 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(ahash);
2259 
2260 	flow_log("%s() ahash:%p key:%p keylen:%u\n",
2261 		 __func__, ahash, key, keylen);
2262 	flow_dump("  key: ", key, keylen);
2263 
2264 	if (ctx->auth.alg == HASH_ALG_AES) {
2265 		switch (keylen) {
2266 		case AES_KEYSIZE_128:
2267 			ctx->cipher_type = CIPHER_TYPE_AES128;
2268 			break;
2269 		case AES_KEYSIZE_192:
2270 			ctx->cipher_type = CIPHER_TYPE_AES192;
2271 			break;
2272 		case AES_KEYSIZE_256:
2273 			ctx->cipher_type = CIPHER_TYPE_AES256;
2274 			break;
2275 		default:
2276 			pr_err("%s() Error: Invalid key length\n", __func__);
2277 			return -EINVAL;
2278 		}
2279 	} else {
2280 		pr_err("%s() Error: unknown hash alg\n", __func__);
2281 		return -EINVAL;
2282 	}
2283 	memcpy(ctx->authkey, key, keylen);
2284 	ctx->authkeylen = keylen;
2285 
2286 	return 0;
2287 }
2288 
2289 static int ahash_export(struct ahash_request *req, void *out)
2290 {
2291 	const struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2292 	struct spu_hash_export_s *spu_exp = (struct spu_hash_export_s *)out;
2293 
2294 	spu_exp->total_todo = rctx->total_todo;
2295 	spu_exp->total_sent = rctx->total_sent;
2296 	spu_exp->is_sw_hmac = rctx->is_sw_hmac;
2297 	memcpy(spu_exp->hash_carry, rctx->hash_carry, sizeof(rctx->hash_carry));
2298 	spu_exp->hash_carry_len = rctx->hash_carry_len;
2299 	memcpy(spu_exp->incr_hash, rctx->incr_hash, sizeof(rctx->incr_hash));
2300 
2301 	return 0;
2302 }
2303 
2304 static int ahash_import(struct ahash_request *req, const void *in)
2305 {
2306 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2307 	struct spu_hash_export_s *spu_exp = (struct spu_hash_export_s *)in;
2308 
2309 	rctx->total_todo = spu_exp->total_todo;
2310 	rctx->total_sent = spu_exp->total_sent;
2311 	rctx->is_sw_hmac = spu_exp->is_sw_hmac;
2312 	memcpy(rctx->hash_carry, spu_exp->hash_carry, sizeof(rctx->hash_carry));
2313 	rctx->hash_carry_len = spu_exp->hash_carry_len;
2314 	memcpy(rctx->incr_hash, spu_exp->incr_hash, sizeof(rctx->incr_hash));
2315 
2316 	return 0;
2317 }
2318 
2319 static int ahash_hmac_setkey(struct crypto_ahash *ahash, const u8 *key,
2320 			     unsigned int keylen)
2321 {
2322 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(ahash);
2323 	unsigned int blocksize =
2324 		crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
2325 	unsigned int digestsize = crypto_ahash_digestsize(ahash);
2326 	unsigned int index;
2327 	int rc;
2328 
2329 	flow_log("%s() ahash:%p key:%p keylen:%u blksz:%u digestsz:%u\n",
2330 		 __func__, ahash, key, keylen, blocksize, digestsize);
2331 	flow_dump("  key: ", key, keylen);
2332 
2333 	if (keylen > blocksize) {
2334 		switch (ctx->auth.alg) {
2335 		case HASH_ALG_MD5:
2336 			rc = do_shash("md5", ctx->authkey, key, keylen, NULL,
2337 				      0, NULL, 0);
2338 			break;
2339 		case HASH_ALG_SHA1:
2340 			rc = do_shash("sha1", ctx->authkey, key, keylen, NULL,
2341 				      0, NULL, 0);
2342 			break;
2343 		case HASH_ALG_SHA224:
2344 			rc = do_shash("sha224", ctx->authkey, key, keylen, NULL,
2345 				      0, NULL, 0);
2346 			break;
2347 		case HASH_ALG_SHA256:
2348 			rc = do_shash("sha256", ctx->authkey, key, keylen, NULL,
2349 				      0, NULL, 0);
2350 			break;
2351 		case HASH_ALG_SHA384:
2352 			rc = do_shash("sha384", ctx->authkey, key, keylen, NULL,
2353 				      0, NULL, 0);
2354 			break;
2355 		case HASH_ALG_SHA512:
2356 			rc = do_shash("sha512", ctx->authkey, key, keylen, NULL,
2357 				      0, NULL, 0);
2358 			break;
2359 		case HASH_ALG_SHA3_224:
2360 			rc = do_shash("sha3-224", ctx->authkey, key, keylen,
2361 				      NULL, 0, NULL, 0);
2362 			break;
2363 		case HASH_ALG_SHA3_256:
2364 			rc = do_shash("sha3-256", ctx->authkey, key, keylen,
2365 				      NULL, 0, NULL, 0);
2366 			break;
2367 		case HASH_ALG_SHA3_384:
2368 			rc = do_shash("sha3-384", ctx->authkey, key, keylen,
2369 				      NULL, 0, NULL, 0);
2370 			break;
2371 		case HASH_ALG_SHA3_512:
2372 			rc = do_shash("sha3-512", ctx->authkey, key, keylen,
2373 				      NULL, 0, NULL, 0);
2374 			break;
2375 		default:
2376 			pr_err("%s() Error: unknown hash alg\n", __func__);
2377 			return -EINVAL;
2378 		}
2379 		if (rc < 0) {
2380 			pr_err("%s() Error %d computing shash for %s\n",
2381 			       __func__, rc, hash_alg_name[ctx->auth.alg]);
2382 			return rc;
2383 		}
2384 		ctx->authkeylen = digestsize;
2385 
2386 		flow_log("  keylen > digestsize... hashed\n");
2387 		flow_dump("  newkey: ", ctx->authkey, ctx->authkeylen);
2388 	} else {
2389 		memcpy(ctx->authkey, key, keylen);
2390 		ctx->authkeylen = keylen;
2391 	}
2392 
2393 	/*
2394 	 * Full HMAC operation in SPUM is not verified,
2395 	 * So keeping the generation of IPAD, OPAD and
2396 	 * outer hashing in software.
2397 	 */
2398 	if (iproc_priv.spu.spu_type == SPU_TYPE_SPUM) {
2399 		memcpy(ctx->ipad, ctx->authkey, ctx->authkeylen);
2400 		memset(ctx->ipad + ctx->authkeylen, 0,
2401 		       blocksize - ctx->authkeylen);
2402 		ctx->authkeylen = 0;
2403 		memcpy(ctx->opad, ctx->ipad, blocksize);
2404 
2405 		for (index = 0; index < blocksize; index++) {
2406 			ctx->ipad[index] ^= HMAC_IPAD_VALUE;
2407 			ctx->opad[index] ^= HMAC_OPAD_VALUE;
2408 		}
2409 
2410 		flow_dump("  ipad: ", ctx->ipad, blocksize);
2411 		flow_dump("  opad: ", ctx->opad, blocksize);
2412 	}
2413 	ctx->digestsize = digestsize;
2414 	atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_HMAC]);
2415 
2416 	return 0;
2417 }
2418 
2419 static int ahash_hmac_init(struct ahash_request *req)
2420 {
2421 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2422 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2423 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2424 	unsigned int blocksize =
2425 			crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
2426 
2427 	flow_log("ahash_hmac_init()\n");
2428 
2429 	/* init the context as a hash */
2430 	ahash_init(req);
2431 
2432 	if (!spu_no_incr_hash(ctx)) {
2433 		/* SPU-M can do incr hashing but needs sw for outer HMAC */
2434 		rctx->is_sw_hmac = true;
2435 		ctx->auth.mode = HASH_MODE_HASH;
2436 		/* start with a prepended ipad */
2437 		memcpy(rctx->hash_carry, ctx->ipad, blocksize);
2438 		rctx->hash_carry_len = blocksize;
2439 		rctx->total_todo += blocksize;
2440 	}
2441 
2442 	return 0;
2443 }
2444 
2445 static int ahash_hmac_update(struct ahash_request *req)
2446 {
2447 	flow_log("ahash_hmac_update() nbytes:%u\n", req->nbytes);
2448 
2449 	if (!req->nbytes)
2450 		return 0;
2451 
2452 	return ahash_update(req);
2453 }
2454 
2455 static int ahash_hmac_final(struct ahash_request *req)
2456 {
2457 	flow_log("ahash_hmac_final() nbytes:%u\n", req->nbytes);
2458 
2459 	return ahash_final(req);
2460 }
2461 
2462 static int ahash_hmac_finup(struct ahash_request *req)
2463 {
2464 	flow_log("ahash_hmac_finupl() nbytes:%u\n", req->nbytes);
2465 
2466 	return ahash_finup(req);
2467 }
2468 
2469 static int ahash_hmac_digest(struct ahash_request *req)
2470 {
2471 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2472 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2473 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2474 	unsigned int blocksize =
2475 			crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
2476 
2477 	flow_log("ahash_hmac_digest() nbytes:%u\n", req->nbytes);
2478 
2479 	/* Perform initialization and then call finup */
2480 	__ahash_init(req);
2481 
2482 	if (iproc_priv.spu.spu_type == SPU_TYPE_SPU2) {
2483 		/*
2484 		 * SPU2 supports full HMAC implementation in the
2485 		 * hardware, need not to generate IPAD, OPAD and
2486 		 * outer hash in software.
2487 		 * Only for hash key len > hash block size, SPU2
2488 		 * expects to perform hashing on the key, shorten
2489 		 * it to digest size and feed it as hash key.
2490 		 */
2491 		rctx->is_sw_hmac = false;
2492 		ctx->auth.mode = HASH_MODE_HMAC;
2493 	} else {
2494 		rctx->is_sw_hmac = true;
2495 		ctx->auth.mode = HASH_MODE_HASH;
2496 		/* start with a prepended ipad */
2497 		memcpy(rctx->hash_carry, ctx->ipad, blocksize);
2498 		rctx->hash_carry_len = blocksize;
2499 		rctx->total_todo += blocksize;
2500 	}
2501 
2502 	return __ahash_finup(req);
2503 }
2504 
2505 /* aead helpers */
2506 
2507 static int aead_need_fallback(struct aead_request *req)
2508 {
2509 	struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2510 	struct spu_hw *spu = &iproc_priv.spu;
2511 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
2512 	struct iproc_ctx_s *ctx = crypto_aead_ctx(aead);
2513 	u32 payload_len;
2514 
2515 	/*
2516 	 * SPU hardware cannot handle the AES-GCM/CCM case where plaintext
2517 	 * and AAD are both 0 bytes long. So use fallback in this case.
2518 	 */
2519 	if (((ctx->cipher.mode == CIPHER_MODE_GCM) ||
2520 	     (ctx->cipher.mode == CIPHER_MODE_CCM)) &&
2521 	    (req->assoclen == 0)) {
2522 		if ((rctx->is_encrypt && (req->cryptlen == 0)) ||
2523 		    (!rctx->is_encrypt && (req->cryptlen == ctx->digestsize))) {
2524 			flow_log("AES GCM/CCM needs fallback for 0 len req\n");
2525 			return 1;
2526 		}
2527 	}
2528 
2529 	/* SPU-M hardware only supports CCM digest size of 8, 12, or 16 bytes */
2530 	if ((ctx->cipher.mode == CIPHER_MODE_CCM) &&
2531 	    (spu->spu_type == SPU_TYPE_SPUM) &&
2532 	    (ctx->digestsize != 8) && (ctx->digestsize != 12) &&
2533 	    (ctx->digestsize != 16)) {
2534 		flow_log("%s() AES CCM needs fallback for digest size %d\n",
2535 			 __func__, ctx->digestsize);
2536 		return 1;
2537 	}
2538 
2539 	/*
2540 	 * SPU-M on NSP has an issue where AES-CCM hash is not correct
2541 	 * when AAD size is 0
2542 	 */
2543 	if ((ctx->cipher.mode == CIPHER_MODE_CCM) &&
2544 	    (spu->spu_subtype == SPU_SUBTYPE_SPUM_NSP) &&
2545 	    (req->assoclen == 0)) {
2546 		flow_log("%s() AES_CCM needs fallback for 0 len AAD on NSP\n",
2547 			 __func__);
2548 		return 1;
2549 	}
2550 
2551 	/*
2552 	 * RFC4106 and RFC4543 cannot handle the case where AAD is other than
2553 	 * 16 or 20 bytes long. So use fallback in this case.
2554 	 */
2555 	if (ctx->cipher.mode == CIPHER_MODE_GCM &&
2556 	    ctx->cipher.alg == CIPHER_ALG_AES &&
2557 	    rctx->iv_ctr_len == GCM_RFC4106_IV_SIZE &&
2558 	    req->assoclen != 16 && req->assoclen != 20) {
2559 		flow_log("RFC4106/RFC4543 needs fallback for assoclen"
2560 			 " other than 16 or 20 bytes\n");
2561 		return 1;
2562 	}
2563 
2564 	payload_len = req->cryptlen;
2565 	if (spu->spu_type == SPU_TYPE_SPUM)
2566 		payload_len += req->assoclen;
2567 
2568 	flow_log("%s() payload len: %u\n", __func__, payload_len);
2569 
2570 	if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
2571 		return 0;
2572 	else
2573 		return payload_len > ctx->max_payload;
2574 }
2575 
2576 static void aead_complete(struct crypto_async_request *areq, int err)
2577 {
2578 	struct aead_request *req =
2579 	    container_of(areq, struct aead_request, base);
2580 	struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2581 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
2582 
2583 	flow_log("%s() err:%d\n", __func__, err);
2584 
2585 	areq->tfm = crypto_aead_tfm(aead);
2586 
2587 	areq->complete = rctx->old_complete;
2588 	areq->data = rctx->old_data;
2589 
2590 	areq->complete(areq, err);
2591 }
2592 
2593 static int aead_do_fallback(struct aead_request *req, bool is_encrypt)
2594 {
2595 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
2596 	struct crypto_tfm *tfm = crypto_aead_tfm(aead);
2597 	struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2598 	struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
2599 	int err;
2600 	u32 req_flags;
2601 
2602 	flow_log("%s() enc:%u\n", __func__, is_encrypt);
2603 
2604 	if (ctx->fallback_cipher) {
2605 		/* Store the cipher tfm and then use the fallback tfm */
2606 		rctx->old_tfm = tfm;
2607 		aead_request_set_tfm(req, ctx->fallback_cipher);
2608 		/*
2609 		 * Save the callback and chain ourselves in, so we can restore
2610 		 * the tfm
2611 		 */
2612 		rctx->old_complete = req->base.complete;
2613 		rctx->old_data = req->base.data;
2614 		req_flags = aead_request_flags(req);
2615 		aead_request_set_callback(req, req_flags, aead_complete, req);
2616 		err = is_encrypt ? crypto_aead_encrypt(req) :
2617 		    crypto_aead_decrypt(req);
2618 
2619 		if (err == 0) {
2620 			/*
2621 			 * fallback was synchronous (did not return
2622 			 * -EINPROGRESS). So restore request state here.
2623 			 */
2624 			aead_request_set_callback(req, req_flags,
2625 						  rctx->old_complete, req);
2626 			req->base.data = rctx->old_data;
2627 			aead_request_set_tfm(req, aead);
2628 			flow_log("%s() fallback completed successfully\n\n",
2629 				 __func__);
2630 		}
2631 	} else {
2632 		err = -EINVAL;
2633 	}
2634 
2635 	return err;
2636 }
2637 
2638 static int aead_enqueue(struct aead_request *req, bool is_encrypt)
2639 {
2640 	struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2641 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
2642 	struct iproc_ctx_s *ctx = crypto_aead_ctx(aead);
2643 	int err;
2644 
2645 	flow_log("%s() enc:%u\n", __func__, is_encrypt);
2646 
2647 	if (req->assoclen > MAX_ASSOC_SIZE) {
2648 		pr_err
2649 		    ("%s() Error: associated data too long. (%u > %u bytes)\n",
2650 		     __func__, req->assoclen, MAX_ASSOC_SIZE);
2651 		return -EINVAL;
2652 	}
2653 
2654 	rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2655 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2656 	rctx->parent = &req->base;
2657 	rctx->is_encrypt = is_encrypt;
2658 	rctx->bd_suppress = false;
2659 	rctx->total_todo = req->cryptlen;
2660 	rctx->src_sent = 0;
2661 	rctx->total_sent = 0;
2662 	rctx->total_received = 0;
2663 	rctx->is_sw_hmac = false;
2664 	rctx->ctx = ctx;
2665 	memset(&rctx->mb_mssg, 0, sizeof(struct brcm_message));
2666 
2667 	/* assoc data is at start of src sg */
2668 	rctx->assoc = req->src;
2669 
2670 	/*
2671 	 * Init current position in src scatterlist to be after assoc data.
2672 	 * src_skip set to buffer offset where data begins. (Assoc data could
2673 	 * end in the middle of a buffer.)
2674 	 */
2675 	if (spu_sg_at_offset(req->src, req->assoclen, &rctx->src_sg,
2676 			     &rctx->src_skip) < 0) {
2677 		pr_err("%s() Error: Unable to find start of src data\n",
2678 		       __func__);
2679 		return -EINVAL;
2680 	}
2681 
2682 	rctx->src_nents = 0;
2683 	rctx->dst_nents = 0;
2684 	if (req->dst == req->src) {
2685 		rctx->dst_sg = rctx->src_sg;
2686 		rctx->dst_skip = rctx->src_skip;
2687 	} else {
2688 		/*
2689 		 * Expect req->dst to have room for assoc data followed by
2690 		 * output data and ICV, if encrypt. So initialize dst_sg
2691 		 * to point beyond assoc len offset.
2692 		 */
2693 		if (spu_sg_at_offset(req->dst, req->assoclen, &rctx->dst_sg,
2694 				     &rctx->dst_skip) < 0) {
2695 			pr_err("%s() Error: Unable to find start of dst data\n",
2696 			       __func__);
2697 			return -EINVAL;
2698 		}
2699 	}
2700 
2701 	if (ctx->cipher.mode == CIPHER_MODE_CBC ||
2702 	    ctx->cipher.mode == CIPHER_MODE_CTR ||
2703 	    ctx->cipher.mode == CIPHER_MODE_OFB ||
2704 	    ctx->cipher.mode == CIPHER_MODE_XTS ||
2705 	    ctx->cipher.mode == CIPHER_MODE_GCM) {
2706 		rctx->iv_ctr_len =
2707 			ctx->salt_len +
2708 			crypto_aead_ivsize(crypto_aead_reqtfm(req));
2709 	} else if (ctx->cipher.mode == CIPHER_MODE_CCM) {
2710 		rctx->iv_ctr_len = CCM_AES_IV_SIZE;
2711 	} else {
2712 		rctx->iv_ctr_len = 0;
2713 	}
2714 
2715 	rctx->hash_carry_len = 0;
2716 
2717 	flow_log("  src sg: %p\n", req->src);
2718 	flow_log("  rctx->src_sg: %p, src_skip %u\n",
2719 		 rctx->src_sg, rctx->src_skip);
2720 	flow_log("  assoc:  %p, assoclen %u\n", rctx->assoc, req->assoclen);
2721 	flow_log("  dst sg: %p\n", req->dst);
2722 	flow_log("  rctx->dst_sg: %p, dst_skip %u\n",
2723 		 rctx->dst_sg, rctx->dst_skip);
2724 	flow_log("  iv_ctr_len:%u\n", rctx->iv_ctr_len);
2725 	flow_dump("  iv: ", req->iv, rctx->iv_ctr_len);
2726 	flow_log("  authkeylen:%u\n", ctx->authkeylen);
2727 	flow_log("  is_esp: %s\n", ctx->is_esp ? "yes" : "no");
2728 
2729 	if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
2730 		flow_log("  max_payload infinite");
2731 	else
2732 		flow_log("  max_payload: %u\n", ctx->max_payload);
2733 
2734 	if (unlikely(aead_need_fallback(req)))
2735 		return aead_do_fallback(req, is_encrypt);
2736 
2737 	/*
2738 	 * Do memory allocations for request after fallback check, because if we
2739 	 * do fallback, we won't call finish_req() to dealloc.
2740 	 */
2741 	if (rctx->iv_ctr_len) {
2742 		if (ctx->salt_len)
2743 			memcpy(rctx->msg_buf.iv_ctr + ctx->salt_offset,
2744 			       ctx->salt, ctx->salt_len);
2745 		memcpy(rctx->msg_buf.iv_ctr + ctx->salt_offset + ctx->salt_len,
2746 		       req->iv,
2747 		       rctx->iv_ctr_len - ctx->salt_len - ctx->salt_offset);
2748 	}
2749 
2750 	rctx->chan_idx = select_channel();
2751 	err = handle_aead_req(rctx);
2752 	if (err != -EINPROGRESS)
2753 		/* synchronous result */
2754 		spu_chunk_cleanup(rctx);
2755 
2756 	return err;
2757 }
2758 
2759 static int aead_authenc_setkey(struct crypto_aead *cipher,
2760 			       const u8 *key, unsigned int keylen)
2761 {
2762 	struct spu_hw *spu = &iproc_priv.spu;
2763 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2764 	struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
2765 	struct crypto_authenc_keys keys;
2766 	int ret;
2767 
2768 	flow_log("%s() aead:%p key:%p keylen:%u\n", __func__, cipher, key,
2769 		 keylen);
2770 	flow_dump("  key: ", key, keylen);
2771 
2772 	ret = crypto_authenc_extractkeys(&keys, key, keylen);
2773 	if (ret)
2774 		goto badkey;
2775 
2776 	if (keys.enckeylen > MAX_KEY_SIZE ||
2777 	    keys.authkeylen > MAX_KEY_SIZE)
2778 		goto badkey;
2779 
2780 	ctx->enckeylen = keys.enckeylen;
2781 	ctx->authkeylen = keys.authkeylen;
2782 
2783 	memcpy(ctx->enckey, keys.enckey, keys.enckeylen);
2784 	/* May end up padding auth key. So make sure it's zeroed. */
2785 	memset(ctx->authkey, 0, sizeof(ctx->authkey));
2786 	memcpy(ctx->authkey, keys.authkey, keys.authkeylen);
2787 
2788 	switch (ctx->alg->cipher_info.alg) {
2789 	case CIPHER_ALG_DES:
2790 		if (verify_aead_des_key(cipher, keys.enckey, keys.enckeylen))
2791 			return -EINVAL;
2792 
2793 		ctx->cipher_type = CIPHER_TYPE_DES;
2794 		break;
2795 	case CIPHER_ALG_3DES:
2796 		if (verify_aead_des3_key(cipher, keys.enckey, keys.enckeylen))
2797 			return -EINVAL;
2798 
2799 		ctx->cipher_type = CIPHER_TYPE_3DES;
2800 		break;
2801 	case CIPHER_ALG_AES:
2802 		switch (ctx->enckeylen) {
2803 		case AES_KEYSIZE_128:
2804 			ctx->cipher_type = CIPHER_TYPE_AES128;
2805 			break;
2806 		case AES_KEYSIZE_192:
2807 			ctx->cipher_type = CIPHER_TYPE_AES192;
2808 			break;
2809 		case AES_KEYSIZE_256:
2810 			ctx->cipher_type = CIPHER_TYPE_AES256;
2811 			break;
2812 		default:
2813 			goto badkey;
2814 		}
2815 		break;
2816 	default:
2817 		pr_err("%s() Error: Unknown cipher alg\n", __func__);
2818 		return -EINVAL;
2819 	}
2820 
2821 	flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2822 		 ctx->authkeylen);
2823 	flow_dump("  enc: ", ctx->enckey, ctx->enckeylen);
2824 	flow_dump("  auth: ", ctx->authkey, ctx->authkeylen);
2825 
2826 	/* setkey the fallback just in case we needto use it */
2827 	if (ctx->fallback_cipher) {
2828 		flow_log("  running fallback setkey()\n");
2829 
2830 		ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
2831 		ctx->fallback_cipher->base.crt_flags |=
2832 		    tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
2833 		ret = crypto_aead_setkey(ctx->fallback_cipher, key, keylen);
2834 		if (ret)
2835 			flow_log("  fallback setkey() returned:%d\n", ret);
2836 	}
2837 
2838 	ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
2839 							  ctx->enckeylen,
2840 							  false);
2841 
2842 	atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_AEAD]);
2843 
2844 	return ret;
2845 
2846 badkey:
2847 	ctx->enckeylen = 0;
2848 	ctx->authkeylen = 0;
2849 	ctx->digestsize = 0;
2850 
2851 	return -EINVAL;
2852 }
2853 
2854 static int aead_gcm_ccm_setkey(struct crypto_aead *cipher,
2855 			       const u8 *key, unsigned int keylen)
2856 {
2857 	struct spu_hw *spu = &iproc_priv.spu;
2858 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2859 	struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
2860 
2861 	int ret = 0;
2862 
2863 	flow_log("%s() keylen:%u\n", __func__, keylen);
2864 	flow_dump("  key: ", key, keylen);
2865 
2866 	if (!ctx->is_esp)
2867 		ctx->digestsize = keylen;
2868 
2869 	ctx->enckeylen = keylen;
2870 	ctx->authkeylen = 0;
2871 
2872 	switch (ctx->enckeylen) {
2873 	case AES_KEYSIZE_128:
2874 		ctx->cipher_type = CIPHER_TYPE_AES128;
2875 		break;
2876 	case AES_KEYSIZE_192:
2877 		ctx->cipher_type = CIPHER_TYPE_AES192;
2878 		break;
2879 	case AES_KEYSIZE_256:
2880 		ctx->cipher_type = CIPHER_TYPE_AES256;
2881 		break;
2882 	default:
2883 		goto badkey;
2884 	}
2885 
2886 	memcpy(ctx->enckey, key, ctx->enckeylen);
2887 
2888 	flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2889 		 ctx->authkeylen);
2890 	flow_dump("  enc: ", ctx->enckey, ctx->enckeylen);
2891 	flow_dump("  auth: ", ctx->authkey, ctx->authkeylen);
2892 
2893 	/* setkey the fallback just in case we need to use it */
2894 	if (ctx->fallback_cipher) {
2895 		flow_log("  running fallback setkey()\n");
2896 
2897 		ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
2898 		ctx->fallback_cipher->base.crt_flags |=
2899 		    tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
2900 		ret = crypto_aead_setkey(ctx->fallback_cipher, key,
2901 					 keylen + ctx->salt_len);
2902 		if (ret)
2903 			flow_log("  fallback setkey() returned:%d\n", ret);
2904 	}
2905 
2906 	ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
2907 							  ctx->enckeylen,
2908 							  false);
2909 
2910 	atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_AEAD]);
2911 
2912 	flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2913 		 ctx->authkeylen);
2914 
2915 	return ret;
2916 
2917 badkey:
2918 	ctx->enckeylen = 0;
2919 	ctx->authkeylen = 0;
2920 	ctx->digestsize = 0;
2921 
2922 	return -EINVAL;
2923 }
2924 
2925 /**
2926  * aead_gcm_esp_setkey() - setkey() operation for ESP variant of GCM AES.
2927  * @cipher: AEAD structure
2928  * @key:    Key followed by 4 bytes of salt
2929  * @keylen: Length of key plus salt, in bytes
2930  *
2931  * Extracts salt from key and stores it to be prepended to IV on each request.
2932  * Digest is always 16 bytes
2933  *
2934  * Return: Value from generic gcm setkey.
2935  */
2936 static int aead_gcm_esp_setkey(struct crypto_aead *cipher,
2937 			       const u8 *key, unsigned int keylen)
2938 {
2939 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2940 
2941 	flow_log("%s\n", __func__);
2942 
2943 	if (keylen < GCM_ESP_SALT_SIZE)
2944 		return -EINVAL;
2945 
2946 	ctx->salt_len = GCM_ESP_SALT_SIZE;
2947 	ctx->salt_offset = GCM_ESP_SALT_OFFSET;
2948 	memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
2949 	keylen -= GCM_ESP_SALT_SIZE;
2950 	ctx->digestsize = GCM_ESP_DIGESTSIZE;
2951 	ctx->is_esp = true;
2952 	flow_dump("salt: ", ctx->salt, GCM_ESP_SALT_SIZE);
2953 
2954 	return aead_gcm_ccm_setkey(cipher, key, keylen);
2955 }
2956 
2957 /**
2958  * rfc4543_gcm_esp_setkey() - setkey operation for RFC4543 variant of GCM/GMAC.
2959  * cipher: AEAD structure
2960  * key:    Key followed by 4 bytes of salt
2961  * keylen: Length of key plus salt, in bytes
2962  *
2963  * Extracts salt from key and stores it to be prepended to IV on each request.
2964  * Digest is always 16 bytes
2965  *
2966  * Return: Value from generic gcm setkey.
2967  */
2968 static int rfc4543_gcm_esp_setkey(struct crypto_aead *cipher,
2969 				  const u8 *key, unsigned int keylen)
2970 {
2971 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2972 
2973 	flow_log("%s\n", __func__);
2974 
2975 	if (keylen < GCM_ESP_SALT_SIZE)
2976 		return -EINVAL;
2977 
2978 	ctx->salt_len = GCM_ESP_SALT_SIZE;
2979 	ctx->salt_offset = GCM_ESP_SALT_OFFSET;
2980 	memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
2981 	keylen -= GCM_ESP_SALT_SIZE;
2982 	ctx->digestsize = GCM_ESP_DIGESTSIZE;
2983 	ctx->is_esp = true;
2984 	ctx->is_rfc4543 = true;
2985 	flow_dump("salt: ", ctx->salt, GCM_ESP_SALT_SIZE);
2986 
2987 	return aead_gcm_ccm_setkey(cipher, key, keylen);
2988 }
2989 
2990 /**
2991  * aead_ccm_esp_setkey() - setkey() operation for ESP variant of CCM AES.
2992  * @cipher: AEAD structure
2993  * @key:    Key followed by 4 bytes of salt
2994  * @keylen: Length of key plus salt, in bytes
2995  *
2996  * Extracts salt from key and stores it to be prepended to IV on each request.
2997  * Digest is always 16 bytes
2998  *
2999  * Return: Value from generic ccm setkey.
3000  */
3001 static int aead_ccm_esp_setkey(struct crypto_aead *cipher,
3002 			       const u8 *key, unsigned int keylen)
3003 {
3004 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3005 
3006 	flow_log("%s\n", __func__);
3007 
3008 	if (keylen < CCM_ESP_SALT_SIZE)
3009 		return -EINVAL;
3010 
3011 	ctx->salt_len = CCM_ESP_SALT_SIZE;
3012 	ctx->salt_offset = CCM_ESP_SALT_OFFSET;
3013 	memcpy(ctx->salt, key + keylen - CCM_ESP_SALT_SIZE, CCM_ESP_SALT_SIZE);
3014 	keylen -= CCM_ESP_SALT_SIZE;
3015 	ctx->is_esp = true;
3016 	flow_dump("salt: ", ctx->salt, CCM_ESP_SALT_SIZE);
3017 
3018 	return aead_gcm_ccm_setkey(cipher, key, keylen);
3019 }
3020 
3021 static int aead_setauthsize(struct crypto_aead *cipher, unsigned int authsize)
3022 {
3023 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3024 	int ret = 0;
3025 
3026 	flow_log("%s() authkeylen:%u authsize:%u\n",
3027 		 __func__, ctx->authkeylen, authsize);
3028 
3029 	ctx->digestsize = authsize;
3030 
3031 	/* setkey the fallback just in case we needto use it */
3032 	if (ctx->fallback_cipher) {
3033 		flow_log("  running fallback setauth()\n");
3034 
3035 		ret = crypto_aead_setauthsize(ctx->fallback_cipher, authsize);
3036 		if (ret)
3037 			flow_log("  fallback setauth() returned:%d\n", ret);
3038 	}
3039 
3040 	return ret;
3041 }
3042 
3043 static int aead_encrypt(struct aead_request *req)
3044 {
3045 	flow_log("%s() cryptlen:%u %08x\n", __func__, req->cryptlen,
3046 		 req->cryptlen);
3047 	dump_sg(req->src, 0, req->cryptlen + req->assoclen);
3048 	flow_log("  assoc_len:%u\n", req->assoclen);
3049 
3050 	return aead_enqueue(req, true);
3051 }
3052 
3053 static int aead_decrypt(struct aead_request *req)
3054 {
3055 	flow_log("%s() cryptlen:%u\n", __func__, req->cryptlen);
3056 	dump_sg(req->src, 0, req->cryptlen + req->assoclen);
3057 	flow_log("  assoc_len:%u\n", req->assoclen);
3058 
3059 	return aead_enqueue(req, false);
3060 }
3061 
3062 /* ==================== Supported Cipher Algorithms ==================== */
3063 
3064 static struct iproc_alg_s driver_algs[] = {
3065 	{
3066 	 .type = CRYPTO_ALG_TYPE_AEAD,
3067 	 .alg.aead = {
3068 		 .base = {
3069 			.cra_name = "gcm(aes)",
3070 			.cra_driver_name = "gcm-aes-iproc",
3071 			.cra_blocksize = AES_BLOCK_SIZE,
3072 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3073 		 },
3074 		 .setkey = aead_gcm_ccm_setkey,
3075 		 .ivsize = GCM_AES_IV_SIZE,
3076 		.maxauthsize = AES_BLOCK_SIZE,
3077 	 },
3078 	 .cipher_info = {
3079 			 .alg = CIPHER_ALG_AES,
3080 			 .mode = CIPHER_MODE_GCM,
3081 			 },
3082 	 .auth_info = {
3083 		       .alg = HASH_ALG_AES,
3084 		       .mode = HASH_MODE_GCM,
3085 		       },
3086 	 .auth_first = 0,
3087 	 },
3088 	{
3089 	 .type = CRYPTO_ALG_TYPE_AEAD,
3090 	 .alg.aead = {
3091 		 .base = {
3092 			.cra_name = "ccm(aes)",
3093 			.cra_driver_name = "ccm-aes-iproc",
3094 			.cra_blocksize = AES_BLOCK_SIZE,
3095 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3096 		 },
3097 		 .setkey = aead_gcm_ccm_setkey,
3098 		 .ivsize = CCM_AES_IV_SIZE,
3099 		.maxauthsize = AES_BLOCK_SIZE,
3100 	 },
3101 	 .cipher_info = {
3102 			 .alg = CIPHER_ALG_AES,
3103 			 .mode = CIPHER_MODE_CCM,
3104 			 },
3105 	 .auth_info = {
3106 		       .alg = HASH_ALG_AES,
3107 		       .mode = HASH_MODE_CCM,
3108 		       },
3109 	 .auth_first = 0,
3110 	 },
3111 	{
3112 	 .type = CRYPTO_ALG_TYPE_AEAD,
3113 	 .alg.aead = {
3114 		 .base = {
3115 			.cra_name = "rfc4106(gcm(aes))",
3116 			.cra_driver_name = "gcm-aes-esp-iproc",
3117 			.cra_blocksize = AES_BLOCK_SIZE,
3118 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3119 		 },
3120 		 .setkey = aead_gcm_esp_setkey,
3121 		 .ivsize = GCM_RFC4106_IV_SIZE,
3122 		 .maxauthsize = AES_BLOCK_SIZE,
3123 	 },
3124 	 .cipher_info = {
3125 			 .alg = CIPHER_ALG_AES,
3126 			 .mode = CIPHER_MODE_GCM,
3127 			 },
3128 	 .auth_info = {
3129 		       .alg = HASH_ALG_AES,
3130 		       .mode = HASH_MODE_GCM,
3131 		       },
3132 	 .auth_first = 0,
3133 	 },
3134 	{
3135 	 .type = CRYPTO_ALG_TYPE_AEAD,
3136 	 .alg.aead = {
3137 		 .base = {
3138 			.cra_name = "rfc4309(ccm(aes))",
3139 			.cra_driver_name = "ccm-aes-esp-iproc",
3140 			.cra_blocksize = AES_BLOCK_SIZE,
3141 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3142 		 },
3143 		 .setkey = aead_ccm_esp_setkey,
3144 		 .ivsize = CCM_AES_IV_SIZE,
3145 		 .maxauthsize = AES_BLOCK_SIZE,
3146 	 },
3147 	 .cipher_info = {
3148 			 .alg = CIPHER_ALG_AES,
3149 			 .mode = CIPHER_MODE_CCM,
3150 			 },
3151 	 .auth_info = {
3152 		       .alg = HASH_ALG_AES,
3153 		       .mode = HASH_MODE_CCM,
3154 		       },
3155 	 .auth_first = 0,
3156 	 },
3157 	{
3158 	 .type = CRYPTO_ALG_TYPE_AEAD,
3159 	 .alg.aead = {
3160 		 .base = {
3161 			.cra_name = "rfc4543(gcm(aes))",
3162 			.cra_driver_name = "gmac-aes-esp-iproc",
3163 			.cra_blocksize = AES_BLOCK_SIZE,
3164 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3165 		 },
3166 		 .setkey = rfc4543_gcm_esp_setkey,
3167 		 .ivsize = GCM_RFC4106_IV_SIZE,
3168 		 .maxauthsize = AES_BLOCK_SIZE,
3169 	 },
3170 	 .cipher_info = {
3171 			 .alg = CIPHER_ALG_AES,
3172 			 .mode = CIPHER_MODE_GCM,
3173 			 },
3174 	 .auth_info = {
3175 		       .alg = HASH_ALG_AES,
3176 		       .mode = HASH_MODE_GCM,
3177 		       },
3178 	 .auth_first = 0,
3179 	 },
3180 	{
3181 	 .type = CRYPTO_ALG_TYPE_AEAD,
3182 	 .alg.aead = {
3183 		 .base = {
3184 			.cra_name = "authenc(hmac(md5),cbc(aes))",
3185 			.cra_driver_name = "authenc-hmac-md5-cbc-aes-iproc",
3186 			.cra_blocksize = AES_BLOCK_SIZE,
3187 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3188 				     CRYPTO_ALG_ASYNC |
3189 				     CRYPTO_ALG_ALLOCATES_MEMORY
3190 		 },
3191 		 .setkey = aead_authenc_setkey,
3192 		.ivsize = AES_BLOCK_SIZE,
3193 		.maxauthsize = MD5_DIGEST_SIZE,
3194 	 },
3195 	 .cipher_info = {
3196 			 .alg = CIPHER_ALG_AES,
3197 			 .mode = CIPHER_MODE_CBC,
3198 			 },
3199 	 .auth_info = {
3200 		       .alg = HASH_ALG_MD5,
3201 		       .mode = HASH_MODE_HMAC,
3202 		       },
3203 	 .auth_first = 0,
3204 	 },
3205 	{
3206 	 .type = CRYPTO_ALG_TYPE_AEAD,
3207 	 .alg.aead = {
3208 		 .base = {
3209 			.cra_name = "authenc(hmac(sha1),cbc(aes))",
3210 			.cra_driver_name = "authenc-hmac-sha1-cbc-aes-iproc",
3211 			.cra_blocksize = AES_BLOCK_SIZE,
3212 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3213 				     CRYPTO_ALG_ASYNC |
3214 				     CRYPTO_ALG_ALLOCATES_MEMORY
3215 		 },
3216 		 .setkey = aead_authenc_setkey,
3217 		 .ivsize = AES_BLOCK_SIZE,
3218 		 .maxauthsize = SHA1_DIGEST_SIZE,
3219 	 },
3220 	 .cipher_info = {
3221 			 .alg = CIPHER_ALG_AES,
3222 			 .mode = CIPHER_MODE_CBC,
3223 			 },
3224 	 .auth_info = {
3225 		       .alg = HASH_ALG_SHA1,
3226 		       .mode = HASH_MODE_HMAC,
3227 		       },
3228 	 .auth_first = 0,
3229 	 },
3230 	{
3231 	 .type = CRYPTO_ALG_TYPE_AEAD,
3232 	 .alg.aead = {
3233 		 .base = {
3234 			.cra_name = "authenc(hmac(sha256),cbc(aes))",
3235 			.cra_driver_name = "authenc-hmac-sha256-cbc-aes-iproc",
3236 			.cra_blocksize = AES_BLOCK_SIZE,
3237 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3238 				     CRYPTO_ALG_ASYNC |
3239 				     CRYPTO_ALG_ALLOCATES_MEMORY
3240 		 },
3241 		 .setkey = aead_authenc_setkey,
3242 		 .ivsize = AES_BLOCK_SIZE,
3243 		 .maxauthsize = SHA256_DIGEST_SIZE,
3244 	 },
3245 	 .cipher_info = {
3246 			 .alg = CIPHER_ALG_AES,
3247 			 .mode = CIPHER_MODE_CBC,
3248 			 },
3249 	 .auth_info = {
3250 		       .alg = HASH_ALG_SHA256,
3251 		       .mode = HASH_MODE_HMAC,
3252 		       },
3253 	 .auth_first = 0,
3254 	 },
3255 	{
3256 	 .type = CRYPTO_ALG_TYPE_AEAD,
3257 	 .alg.aead = {
3258 		 .base = {
3259 			.cra_name = "authenc(hmac(md5),cbc(des))",
3260 			.cra_driver_name = "authenc-hmac-md5-cbc-des-iproc",
3261 			.cra_blocksize = DES_BLOCK_SIZE,
3262 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3263 				     CRYPTO_ALG_ASYNC |
3264 				     CRYPTO_ALG_ALLOCATES_MEMORY
3265 		 },
3266 		 .setkey = aead_authenc_setkey,
3267 		 .ivsize = DES_BLOCK_SIZE,
3268 		 .maxauthsize = MD5_DIGEST_SIZE,
3269 	 },
3270 	 .cipher_info = {
3271 			 .alg = CIPHER_ALG_DES,
3272 			 .mode = CIPHER_MODE_CBC,
3273 			 },
3274 	 .auth_info = {
3275 		       .alg = HASH_ALG_MD5,
3276 		       .mode = HASH_MODE_HMAC,
3277 		       },
3278 	 .auth_first = 0,
3279 	 },
3280 	{
3281 	 .type = CRYPTO_ALG_TYPE_AEAD,
3282 	 .alg.aead = {
3283 		 .base = {
3284 			.cra_name = "authenc(hmac(sha1),cbc(des))",
3285 			.cra_driver_name = "authenc-hmac-sha1-cbc-des-iproc",
3286 			.cra_blocksize = DES_BLOCK_SIZE,
3287 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3288 				     CRYPTO_ALG_ASYNC |
3289 				     CRYPTO_ALG_ALLOCATES_MEMORY
3290 		 },
3291 		 .setkey = aead_authenc_setkey,
3292 		 .ivsize = DES_BLOCK_SIZE,
3293 		 .maxauthsize = SHA1_DIGEST_SIZE,
3294 	 },
3295 	 .cipher_info = {
3296 			 .alg = CIPHER_ALG_DES,
3297 			 .mode = CIPHER_MODE_CBC,
3298 			 },
3299 	 .auth_info = {
3300 		       .alg = HASH_ALG_SHA1,
3301 		       .mode = HASH_MODE_HMAC,
3302 		       },
3303 	 .auth_first = 0,
3304 	 },
3305 	{
3306 	 .type = CRYPTO_ALG_TYPE_AEAD,
3307 	 .alg.aead = {
3308 		 .base = {
3309 			.cra_name = "authenc(hmac(sha224),cbc(des))",
3310 			.cra_driver_name = "authenc-hmac-sha224-cbc-des-iproc",
3311 			.cra_blocksize = DES_BLOCK_SIZE,
3312 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3313 				     CRYPTO_ALG_ASYNC |
3314 				     CRYPTO_ALG_ALLOCATES_MEMORY
3315 		 },
3316 		 .setkey = aead_authenc_setkey,
3317 		 .ivsize = DES_BLOCK_SIZE,
3318 		 .maxauthsize = SHA224_DIGEST_SIZE,
3319 	 },
3320 	 .cipher_info = {
3321 			 .alg = CIPHER_ALG_DES,
3322 			 .mode = CIPHER_MODE_CBC,
3323 			 },
3324 	 .auth_info = {
3325 		       .alg = HASH_ALG_SHA224,
3326 		       .mode = HASH_MODE_HMAC,
3327 		       },
3328 	 .auth_first = 0,
3329 	 },
3330 	{
3331 	 .type = CRYPTO_ALG_TYPE_AEAD,
3332 	 .alg.aead = {
3333 		 .base = {
3334 			.cra_name = "authenc(hmac(sha256),cbc(des))",
3335 			.cra_driver_name = "authenc-hmac-sha256-cbc-des-iproc",
3336 			.cra_blocksize = DES_BLOCK_SIZE,
3337 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3338 				     CRYPTO_ALG_ASYNC |
3339 				     CRYPTO_ALG_ALLOCATES_MEMORY
3340 		 },
3341 		 .setkey = aead_authenc_setkey,
3342 		 .ivsize = DES_BLOCK_SIZE,
3343 		 .maxauthsize = SHA256_DIGEST_SIZE,
3344 	 },
3345 	 .cipher_info = {
3346 			 .alg = CIPHER_ALG_DES,
3347 			 .mode = CIPHER_MODE_CBC,
3348 			 },
3349 	 .auth_info = {
3350 		       .alg = HASH_ALG_SHA256,
3351 		       .mode = HASH_MODE_HMAC,
3352 		       },
3353 	 .auth_first = 0,
3354 	 },
3355 	{
3356 	 .type = CRYPTO_ALG_TYPE_AEAD,
3357 	 .alg.aead = {
3358 		 .base = {
3359 			.cra_name = "authenc(hmac(sha384),cbc(des))",
3360 			.cra_driver_name = "authenc-hmac-sha384-cbc-des-iproc",
3361 			.cra_blocksize = DES_BLOCK_SIZE,
3362 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3363 				     CRYPTO_ALG_ASYNC |
3364 				     CRYPTO_ALG_ALLOCATES_MEMORY
3365 		 },
3366 		 .setkey = aead_authenc_setkey,
3367 		 .ivsize = DES_BLOCK_SIZE,
3368 		 .maxauthsize = SHA384_DIGEST_SIZE,
3369 	 },
3370 	 .cipher_info = {
3371 			 .alg = CIPHER_ALG_DES,
3372 			 .mode = CIPHER_MODE_CBC,
3373 			 },
3374 	 .auth_info = {
3375 		       .alg = HASH_ALG_SHA384,
3376 		       .mode = HASH_MODE_HMAC,
3377 		       },
3378 	 .auth_first = 0,
3379 	 },
3380 	{
3381 	 .type = CRYPTO_ALG_TYPE_AEAD,
3382 	 .alg.aead = {
3383 		 .base = {
3384 			.cra_name = "authenc(hmac(sha512),cbc(des))",
3385 			.cra_driver_name = "authenc-hmac-sha512-cbc-des-iproc",
3386 			.cra_blocksize = DES_BLOCK_SIZE,
3387 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3388 				     CRYPTO_ALG_ASYNC |
3389 				     CRYPTO_ALG_ALLOCATES_MEMORY
3390 		 },
3391 		 .setkey = aead_authenc_setkey,
3392 		 .ivsize = DES_BLOCK_SIZE,
3393 		 .maxauthsize = SHA512_DIGEST_SIZE,
3394 	 },
3395 	 .cipher_info = {
3396 			 .alg = CIPHER_ALG_DES,
3397 			 .mode = CIPHER_MODE_CBC,
3398 			 },
3399 	 .auth_info = {
3400 		       .alg = HASH_ALG_SHA512,
3401 		       .mode = HASH_MODE_HMAC,
3402 		       },
3403 	 .auth_first = 0,
3404 	 },
3405 	{
3406 	 .type = CRYPTO_ALG_TYPE_AEAD,
3407 	 .alg.aead = {
3408 		 .base = {
3409 			.cra_name = "authenc(hmac(md5),cbc(des3_ede))",
3410 			.cra_driver_name = "authenc-hmac-md5-cbc-des3-iproc",
3411 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3412 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3413 				     CRYPTO_ALG_ASYNC |
3414 				     CRYPTO_ALG_ALLOCATES_MEMORY
3415 		 },
3416 		 .setkey = aead_authenc_setkey,
3417 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3418 		 .maxauthsize = MD5_DIGEST_SIZE,
3419 	 },
3420 	 .cipher_info = {
3421 			 .alg = CIPHER_ALG_3DES,
3422 			 .mode = CIPHER_MODE_CBC,
3423 			 },
3424 	 .auth_info = {
3425 		       .alg = HASH_ALG_MD5,
3426 		       .mode = HASH_MODE_HMAC,
3427 		       },
3428 	 .auth_first = 0,
3429 	 },
3430 	{
3431 	 .type = CRYPTO_ALG_TYPE_AEAD,
3432 	 .alg.aead = {
3433 		 .base = {
3434 			.cra_name = "authenc(hmac(sha1),cbc(des3_ede))",
3435 			.cra_driver_name = "authenc-hmac-sha1-cbc-des3-iproc",
3436 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3437 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3438 				     CRYPTO_ALG_ASYNC |
3439 				     CRYPTO_ALG_ALLOCATES_MEMORY
3440 		 },
3441 		 .setkey = aead_authenc_setkey,
3442 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3443 		 .maxauthsize = SHA1_DIGEST_SIZE,
3444 	 },
3445 	 .cipher_info = {
3446 			 .alg = CIPHER_ALG_3DES,
3447 			 .mode = CIPHER_MODE_CBC,
3448 			 },
3449 	 .auth_info = {
3450 		       .alg = HASH_ALG_SHA1,
3451 		       .mode = HASH_MODE_HMAC,
3452 		       },
3453 	 .auth_first = 0,
3454 	 },
3455 	{
3456 	 .type = CRYPTO_ALG_TYPE_AEAD,
3457 	 .alg.aead = {
3458 		 .base = {
3459 			.cra_name = "authenc(hmac(sha224),cbc(des3_ede))",
3460 			.cra_driver_name = "authenc-hmac-sha224-cbc-des3-iproc",
3461 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3462 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3463 				     CRYPTO_ALG_ASYNC |
3464 				     CRYPTO_ALG_ALLOCATES_MEMORY
3465 		 },
3466 		 .setkey = aead_authenc_setkey,
3467 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3468 		 .maxauthsize = SHA224_DIGEST_SIZE,
3469 	 },
3470 	 .cipher_info = {
3471 			 .alg = CIPHER_ALG_3DES,
3472 			 .mode = CIPHER_MODE_CBC,
3473 			 },
3474 	 .auth_info = {
3475 		       .alg = HASH_ALG_SHA224,
3476 		       .mode = HASH_MODE_HMAC,
3477 		       },
3478 	 .auth_first = 0,
3479 	 },
3480 	{
3481 	 .type = CRYPTO_ALG_TYPE_AEAD,
3482 	 .alg.aead = {
3483 		 .base = {
3484 			.cra_name = "authenc(hmac(sha256),cbc(des3_ede))",
3485 			.cra_driver_name = "authenc-hmac-sha256-cbc-des3-iproc",
3486 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3487 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3488 				     CRYPTO_ALG_ASYNC |
3489 				     CRYPTO_ALG_ALLOCATES_MEMORY
3490 		 },
3491 		 .setkey = aead_authenc_setkey,
3492 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3493 		 .maxauthsize = SHA256_DIGEST_SIZE,
3494 	 },
3495 	 .cipher_info = {
3496 			 .alg = CIPHER_ALG_3DES,
3497 			 .mode = CIPHER_MODE_CBC,
3498 			 },
3499 	 .auth_info = {
3500 		       .alg = HASH_ALG_SHA256,
3501 		       .mode = HASH_MODE_HMAC,
3502 		       },
3503 	 .auth_first = 0,
3504 	 },
3505 	{
3506 	 .type = CRYPTO_ALG_TYPE_AEAD,
3507 	 .alg.aead = {
3508 		 .base = {
3509 			.cra_name = "authenc(hmac(sha384),cbc(des3_ede))",
3510 			.cra_driver_name = "authenc-hmac-sha384-cbc-des3-iproc",
3511 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3512 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3513 				     CRYPTO_ALG_ASYNC |
3514 				     CRYPTO_ALG_ALLOCATES_MEMORY
3515 		 },
3516 		 .setkey = aead_authenc_setkey,
3517 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3518 		 .maxauthsize = SHA384_DIGEST_SIZE,
3519 	 },
3520 	 .cipher_info = {
3521 			 .alg = CIPHER_ALG_3DES,
3522 			 .mode = CIPHER_MODE_CBC,
3523 			 },
3524 	 .auth_info = {
3525 		       .alg = HASH_ALG_SHA384,
3526 		       .mode = HASH_MODE_HMAC,
3527 		       },
3528 	 .auth_first = 0,
3529 	 },
3530 	{
3531 	 .type = CRYPTO_ALG_TYPE_AEAD,
3532 	 .alg.aead = {
3533 		 .base = {
3534 			.cra_name = "authenc(hmac(sha512),cbc(des3_ede))",
3535 			.cra_driver_name = "authenc-hmac-sha512-cbc-des3-iproc",
3536 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3537 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
3538 				     CRYPTO_ALG_ASYNC |
3539 				     CRYPTO_ALG_ALLOCATES_MEMORY
3540 		 },
3541 		 .setkey = aead_authenc_setkey,
3542 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3543 		 .maxauthsize = SHA512_DIGEST_SIZE,
3544 	 },
3545 	 .cipher_info = {
3546 			 .alg = CIPHER_ALG_3DES,
3547 			 .mode = CIPHER_MODE_CBC,
3548 			 },
3549 	 .auth_info = {
3550 		       .alg = HASH_ALG_SHA512,
3551 		       .mode = HASH_MODE_HMAC,
3552 		       },
3553 	 .auth_first = 0,
3554 	 },
3555 
3556 /* SKCIPHER algorithms. */
3557 	{
3558 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3559 	 .alg.skcipher = {
3560 			.base.cra_name = "ofb(des)",
3561 			.base.cra_driver_name = "ofb-des-iproc",
3562 			.base.cra_blocksize = DES_BLOCK_SIZE,
3563 			.min_keysize = DES_KEY_SIZE,
3564 			.max_keysize = DES_KEY_SIZE,
3565 			.ivsize = DES_BLOCK_SIZE,
3566 			},
3567 	 .cipher_info = {
3568 			 .alg = CIPHER_ALG_DES,
3569 			 .mode = CIPHER_MODE_OFB,
3570 			 },
3571 	 .auth_info = {
3572 		       .alg = HASH_ALG_NONE,
3573 		       .mode = HASH_MODE_NONE,
3574 		       },
3575 	 },
3576 	{
3577 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3578 	 .alg.skcipher = {
3579 			.base.cra_name = "cbc(des)",
3580 			.base.cra_driver_name = "cbc-des-iproc",
3581 			.base.cra_blocksize = DES_BLOCK_SIZE,
3582 			.min_keysize = DES_KEY_SIZE,
3583 			.max_keysize = DES_KEY_SIZE,
3584 			.ivsize = DES_BLOCK_SIZE,
3585 			},
3586 	 .cipher_info = {
3587 			 .alg = CIPHER_ALG_DES,
3588 			 .mode = CIPHER_MODE_CBC,
3589 			 },
3590 	 .auth_info = {
3591 		       .alg = HASH_ALG_NONE,
3592 		       .mode = HASH_MODE_NONE,
3593 		       },
3594 	 },
3595 	{
3596 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3597 	 .alg.skcipher = {
3598 			.base.cra_name = "ecb(des)",
3599 			.base.cra_driver_name = "ecb-des-iproc",
3600 			.base.cra_blocksize = DES_BLOCK_SIZE,
3601 			.min_keysize = DES_KEY_SIZE,
3602 			.max_keysize = DES_KEY_SIZE,
3603 			.ivsize = 0,
3604 			},
3605 	 .cipher_info = {
3606 			 .alg = CIPHER_ALG_DES,
3607 			 .mode = CIPHER_MODE_ECB,
3608 			 },
3609 	 .auth_info = {
3610 		       .alg = HASH_ALG_NONE,
3611 		       .mode = HASH_MODE_NONE,
3612 		       },
3613 	 },
3614 	{
3615 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3616 	 .alg.skcipher = {
3617 			.base.cra_name = "ofb(des3_ede)",
3618 			.base.cra_driver_name = "ofb-des3-iproc",
3619 			.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3620 			.min_keysize = DES3_EDE_KEY_SIZE,
3621 			.max_keysize = DES3_EDE_KEY_SIZE,
3622 			.ivsize = DES3_EDE_BLOCK_SIZE,
3623 			},
3624 	 .cipher_info = {
3625 			 .alg = CIPHER_ALG_3DES,
3626 			 .mode = CIPHER_MODE_OFB,
3627 			 },
3628 	 .auth_info = {
3629 		       .alg = HASH_ALG_NONE,
3630 		       .mode = HASH_MODE_NONE,
3631 		       },
3632 	 },
3633 	{
3634 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3635 	 .alg.skcipher = {
3636 			.base.cra_name = "cbc(des3_ede)",
3637 			.base.cra_driver_name = "cbc-des3-iproc",
3638 			.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3639 			.min_keysize = DES3_EDE_KEY_SIZE,
3640 			.max_keysize = DES3_EDE_KEY_SIZE,
3641 			.ivsize = DES3_EDE_BLOCK_SIZE,
3642 			},
3643 	 .cipher_info = {
3644 			 .alg = CIPHER_ALG_3DES,
3645 			 .mode = CIPHER_MODE_CBC,
3646 			 },
3647 	 .auth_info = {
3648 		       .alg = HASH_ALG_NONE,
3649 		       .mode = HASH_MODE_NONE,
3650 		       },
3651 	 },
3652 	{
3653 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3654 	 .alg.skcipher = {
3655 			.base.cra_name = "ecb(des3_ede)",
3656 			.base.cra_driver_name = "ecb-des3-iproc",
3657 			.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3658 			.min_keysize = DES3_EDE_KEY_SIZE,
3659 			.max_keysize = DES3_EDE_KEY_SIZE,
3660 			.ivsize = 0,
3661 			},
3662 	 .cipher_info = {
3663 			 .alg = CIPHER_ALG_3DES,
3664 			 .mode = CIPHER_MODE_ECB,
3665 			 },
3666 	 .auth_info = {
3667 		       .alg = HASH_ALG_NONE,
3668 		       .mode = HASH_MODE_NONE,
3669 		       },
3670 	 },
3671 	{
3672 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3673 	 .alg.skcipher = {
3674 			.base.cra_name = "ofb(aes)",
3675 			.base.cra_driver_name = "ofb-aes-iproc",
3676 			.base.cra_blocksize = AES_BLOCK_SIZE,
3677 			.min_keysize = AES_MIN_KEY_SIZE,
3678 			.max_keysize = AES_MAX_KEY_SIZE,
3679 			.ivsize = AES_BLOCK_SIZE,
3680 			},
3681 	 .cipher_info = {
3682 			 .alg = CIPHER_ALG_AES,
3683 			 .mode = CIPHER_MODE_OFB,
3684 			 },
3685 	 .auth_info = {
3686 		       .alg = HASH_ALG_NONE,
3687 		       .mode = HASH_MODE_NONE,
3688 		       },
3689 	 },
3690 	{
3691 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3692 	 .alg.skcipher = {
3693 			.base.cra_name = "cbc(aes)",
3694 			.base.cra_driver_name = "cbc-aes-iproc",
3695 			.base.cra_blocksize = AES_BLOCK_SIZE,
3696 			.min_keysize = AES_MIN_KEY_SIZE,
3697 			.max_keysize = AES_MAX_KEY_SIZE,
3698 			.ivsize = AES_BLOCK_SIZE,
3699 			},
3700 	 .cipher_info = {
3701 			 .alg = CIPHER_ALG_AES,
3702 			 .mode = CIPHER_MODE_CBC,
3703 			 },
3704 	 .auth_info = {
3705 		       .alg = HASH_ALG_NONE,
3706 		       .mode = HASH_MODE_NONE,
3707 		       },
3708 	 },
3709 	{
3710 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3711 	 .alg.skcipher = {
3712 			.base.cra_name = "ecb(aes)",
3713 			.base.cra_driver_name = "ecb-aes-iproc",
3714 			.base.cra_blocksize = AES_BLOCK_SIZE,
3715 			.min_keysize = AES_MIN_KEY_SIZE,
3716 			.max_keysize = AES_MAX_KEY_SIZE,
3717 			.ivsize = 0,
3718 			},
3719 	 .cipher_info = {
3720 			 .alg = CIPHER_ALG_AES,
3721 			 .mode = CIPHER_MODE_ECB,
3722 			 },
3723 	 .auth_info = {
3724 		       .alg = HASH_ALG_NONE,
3725 		       .mode = HASH_MODE_NONE,
3726 		       },
3727 	 },
3728 	{
3729 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3730 	 .alg.skcipher = {
3731 			.base.cra_name = "ctr(aes)",
3732 			.base.cra_driver_name = "ctr-aes-iproc",
3733 			.base.cra_blocksize = AES_BLOCK_SIZE,
3734 			.min_keysize = AES_MIN_KEY_SIZE,
3735 			.max_keysize = AES_MAX_KEY_SIZE,
3736 			.ivsize = AES_BLOCK_SIZE,
3737 			},
3738 	 .cipher_info = {
3739 			 .alg = CIPHER_ALG_AES,
3740 			 .mode = CIPHER_MODE_CTR,
3741 			 },
3742 	 .auth_info = {
3743 		       .alg = HASH_ALG_NONE,
3744 		       .mode = HASH_MODE_NONE,
3745 		       },
3746 	 },
3747 {
3748 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3749 	 .alg.skcipher = {
3750 			.base.cra_name = "xts(aes)",
3751 			.base.cra_driver_name = "xts-aes-iproc",
3752 			.base.cra_blocksize = AES_BLOCK_SIZE,
3753 			.min_keysize = 2 * AES_MIN_KEY_SIZE,
3754 			.max_keysize = 2 * AES_MAX_KEY_SIZE,
3755 			.ivsize = AES_BLOCK_SIZE,
3756 			},
3757 	 .cipher_info = {
3758 			 .alg = CIPHER_ALG_AES,
3759 			 .mode = CIPHER_MODE_XTS,
3760 			 },
3761 	 .auth_info = {
3762 		       .alg = HASH_ALG_NONE,
3763 		       .mode = HASH_MODE_NONE,
3764 		       },
3765 	 },
3766 
3767 /* AHASH algorithms. */
3768 	{
3769 	 .type = CRYPTO_ALG_TYPE_AHASH,
3770 	 .alg.hash = {
3771 		      .halg.digestsize = MD5_DIGEST_SIZE,
3772 		      .halg.base = {
3773 				    .cra_name = "md5",
3774 				    .cra_driver_name = "md5-iproc",
3775 				    .cra_blocksize = MD5_BLOCK_WORDS * 4,
3776 				    .cra_flags = CRYPTO_ALG_ASYNC |
3777 						 CRYPTO_ALG_ALLOCATES_MEMORY,
3778 				}
3779 		      },
3780 	 .cipher_info = {
3781 			 .alg = CIPHER_ALG_NONE,
3782 			 .mode = CIPHER_MODE_NONE,
3783 			 },
3784 	 .auth_info = {
3785 		       .alg = HASH_ALG_MD5,
3786 		       .mode = HASH_MODE_HASH,
3787 		       },
3788 	 },
3789 	{
3790 	 .type = CRYPTO_ALG_TYPE_AHASH,
3791 	 .alg.hash = {
3792 		      .halg.digestsize = MD5_DIGEST_SIZE,
3793 		      .halg.base = {
3794 				    .cra_name = "hmac(md5)",
3795 				    .cra_driver_name = "hmac-md5-iproc",
3796 				    .cra_blocksize = MD5_BLOCK_WORDS * 4,
3797 				}
3798 		      },
3799 	 .cipher_info = {
3800 			 .alg = CIPHER_ALG_NONE,
3801 			 .mode = CIPHER_MODE_NONE,
3802 			 },
3803 	 .auth_info = {
3804 		       .alg = HASH_ALG_MD5,
3805 		       .mode = HASH_MODE_HMAC,
3806 		       },
3807 	 },
3808 	{.type = CRYPTO_ALG_TYPE_AHASH,
3809 	 .alg.hash = {
3810 		      .halg.digestsize = SHA1_DIGEST_SIZE,
3811 		      .halg.base = {
3812 				    .cra_name = "sha1",
3813 				    .cra_driver_name = "sha1-iproc",
3814 				    .cra_blocksize = SHA1_BLOCK_SIZE,
3815 				}
3816 		      },
3817 	 .cipher_info = {
3818 			 .alg = CIPHER_ALG_NONE,
3819 			 .mode = CIPHER_MODE_NONE,
3820 			 },
3821 	 .auth_info = {
3822 		       .alg = HASH_ALG_SHA1,
3823 		       .mode = HASH_MODE_HASH,
3824 		       },
3825 	 },
3826 	{.type = CRYPTO_ALG_TYPE_AHASH,
3827 	 .alg.hash = {
3828 		      .halg.digestsize = SHA1_DIGEST_SIZE,
3829 		      .halg.base = {
3830 				    .cra_name = "hmac(sha1)",
3831 				    .cra_driver_name = "hmac-sha1-iproc",
3832 				    .cra_blocksize = SHA1_BLOCK_SIZE,
3833 				}
3834 		      },
3835 	 .cipher_info = {
3836 			 .alg = CIPHER_ALG_NONE,
3837 			 .mode = CIPHER_MODE_NONE,
3838 			 },
3839 	 .auth_info = {
3840 		       .alg = HASH_ALG_SHA1,
3841 		       .mode = HASH_MODE_HMAC,
3842 		       },
3843 	 },
3844 	{.type = CRYPTO_ALG_TYPE_AHASH,
3845 	 .alg.hash = {
3846 			.halg.digestsize = SHA224_DIGEST_SIZE,
3847 			.halg.base = {
3848 				    .cra_name = "sha224",
3849 				    .cra_driver_name = "sha224-iproc",
3850 				    .cra_blocksize = SHA224_BLOCK_SIZE,
3851 			}
3852 		      },
3853 	 .cipher_info = {
3854 			 .alg = CIPHER_ALG_NONE,
3855 			 .mode = CIPHER_MODE_NONE,
3856 			 },
3857 	 .auth_info = {
3858 		       .alg = HASH_ALG_SHA224,
3859 		       .mode = HASH_MODE_HASH,
3860 		       },
3861 	 },
3862 	{.type = CRYPTO_ALG_TYPE_AHASH,
3863 	 .alg.hash = {
3864 		      .halg.digestsize = SHA224_DIGEST_SIZE,
3865 		      .halg.base = {
3866 				    .cra_name = "hmac(sha224)",
3867 				    .cra_driver_name = "hmac-sha224-iproc",
3868 				    .cra_blocksize = SHA224_BLOCK_SIZE,
3869 				}
3870 		      },
3871 	 .cipher_info = {
3872 			 .alg = CIPHER_ALG_NONE,
3873 			 .mode = CIPHER_MODE_NONE,
3874 			 },
3875 	 .auth_info = {
3876 		       .alg = HASH_ALG_SHA224,
3877 		       .mode = HASH_MODE_HMAC,
3878 		       },
3879 	 },
3880 	{.type = CRYPTO_ALG_TYPE_AHASH,
3881 	 .alg.hash = {
3882 		      .halg.digestsize = SHA256_DIGEST_SIZE,
3883 		      .halg.base = {
3884 				    .cra_name = "sha256",
3885 				    .cra_driver_name = "sha256-iproc",
3886 				    .cra_blocksize = SHA256_BLOCK_SIZE,
3887 				}
3888 		      },
3889 	 .cipher_info = {
3890 			 .alg = CIPHER_ALG_NONE,
3891 			 .mode = CIPHER_MODE_NONE,
3892 			 },
3893 	 .auth_info = {
3894 		       .alg = HASH_ALG_SHA256,
3895 		       .mode = HASH_MODE_HASH,
3896 		       },
3897 	 },
3898 	{.type = CRYPTO_ALG_TYPE_AHASH,
3899 	 .alg.hash = {
3900 		      .halg.digestsize = SHA256_DIGEST_SIZE,
3901 		      .halg.base = {
3902 				    .cra_name = "hmac(sha256)",
3903 				    .cra_driver_name = "hmac-sha256-iproc",
3904 				    .cra_blocksize = SHA256_BLOCK_SIZE,
3905 				}
3906 		      },
3907 	 .cipher_info = {
3908 			 .alg = CIPHER_ALG_NONE,
3909 			 .mode = CIPHER_MODE_NONE,
3910 			 },
3911 	 .auth_info = {
3912 		       .alg = HASH_ALG_SHA256,
3913 		       .mode = HASH_MODE_HMAC,
3914 		       },
3915 	 },
3916 	{
3917 	.type = CRYPTO_ALG_TYPE_AHASH,
3918 	 .alg.hash = {
3919 		      .halg.digestsize = SHA384_DIGEST_SIZE,
3920 		      .halg.base = {
3921 				    .cra_name = "sha384",
3922 				    .cra_driver_name = "sha384-iproc",
3923 				    .cra_blocksize = SHA384_BLOCK_SIZE,
3924 				}
3925 		      },
3926 	 .cipher_info = {
3927 			 .alg = CIPHER_ALG_NONE,
3928 			 .mode = CIPHER_MODE_NONE,
3929 			 },
3930 	 .auth_info = {
3931 		       .alg = HASH_ALG_SHA384,
3932 		       .mode = HASH_MODE_HASH,
3933 		       },
3934 	 },
3935 	{
3936 	 .type = CRYPTO_ALG_TYPE_AHASH,
3937 	 .alg.hash = {
3938 		      .halg.digestsize = SHA384_DIGEST_SIZE,
3939 		      .halg.base = {
3940 				    .cra_name = "hmac(sha384)",
3941 				    .cra_driver_name = "hmac-sha384-iproc",
3942 				    .cra_blocksize = SHA384_BLOCK_SIZE,
3943 				}
3944 		      },
3945 	 .cipher_info = {
3946 			 .alg = CIPHER_ALG_NONE,
3947 			 .mode = CIPHER_MODE_NONE,
3948 			 },
3949 	 .auth_info = {
3950 		       .alg = HASH_ALG_SHA384,
3951 		       .mode = HASH_MODE_HMAC,
3952 		       },
3953 	 },
3954 	{
3955 	 .type = CRYPTO_ALG_TYPE_AHASH,
3956 	 .alg.hash = {
3957 		      .halg.digestsize = SHA512_DIGEST_SIZE,
3958 		      .halg.base = {
3959 				    .cra_name = "sha512",
3960 				    .cra_driver_name = "sha512-iproc",
3961 				    .cra_blocksize = SHA512_BLOCK_SIZE,
3962 				}
3963 		      },
3964 	 .cipher_info = {
3965 			 .alg = CIPHER_ALG_NONE,
3966 			 .mode = CIPHER_MODE_NONE,
3967 			 },
3968 	 .auth_info = {
3969 		       .alg = HASH_ALG_SHA512,
3970 		       .mode = HASH_MODE_HASH,
3971 		       },
3972 	 },
3973 	{
3974 	 .type = CRYPTO_ALG_TYPE_AHASH,
3975 	 .alg.hash = {
3976 		      .halg.digestsize = SHA512_DIGEST_SIZE,
3977 		      .halg.base = {
3978 				    .cra_name = "hmac(sha512)",
3979 				    .cra_driver_name = "hmac-sha512-iproc",
3980 				    .cra_blocksize = SHA512_BLOCK_SIZE,
3981 				}
3982 		      },
3983 	 .cipher_info = {
3984 			 .alg = CIPHER_ALG_NONE,
3985 			 .mode = CIPHER_MODE_NONE,
3986 			 },
3987 	 .auth_info = {
3988 		       .alg = HASH_ALG_SHA512,
3989 		       .mode = HASH_MODE_HMAC,
3990 		       },
3991 	 },
3992 	{
3993 	 .type = CRYPTO_ALG_TYPE_AHASH,
3994 	 .alg.hash = {
3995 		      .halg.digestsize = SHA3_224_DIGEST_SIZE,
3996 		      .halg.base = {
3997 				    .cra_name = "sha3-224",
3998 				    .cra_driver_name = "sha3-224-iproc",
3999 				    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4000 				}
4001 		      },
4002 	 .cipher_info = {
4003 			 .alg = CIPHER_ALG_NONE,
4004 			 .mode = CIPHER_MODE_NONE,
4005 			 },
4006 	 .auth_info = {
4007 		       .alg = HASH_ALG_SHA3_224,
4008 		       .mode = HASH_MODE_HASH,
4009 		       },
4010 	 },
4011 	{
4012 	 .type = CRYPTO_ALG_TYPE_AHASH,
4013 	 .alg.hash = {
4014 		      .halg.digestsize = SHA3_224_DIGEST_SIZE,
4015 		      .halg.base = {
4016 				    .cra_name = "hmac(sha3-224)",
4017 				    .cra_driver_name = "hmac-sha3-224-iproc",
4018 				    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4019 				}
4020 		      },
4021 	 .cipher_info = {
4022 			 .alg = CIPHER_ALG_NONE,
4023 			 .mode = CIPHER_MODE_NONE,
4024 			 },
4025 	 .auth_info = {
4026 		       .alg = HASH_ALG_SHA3_224,
4027 		       .mode = HASH_MODE_HMAC
4028 		       },
4029 	 },
4030 	{
4031 	 .type = CRYPTO_ALG_TYPE_AHASH,
4032 	 .alg.hash = {
4033 		      .halg.digestsize = SHA3_256_DIGEST_SIZE,
4034 		      .halg.base = {
4035 				    .cra_name = "sha3-256",
4036 				    .cra_driver_name = "sha3-256-iproc",
4037 				    .cra_blocksize = SHA3_256_BLOCK_SIZE,
4038 				}
4039 		      },
4040 	 .cipher_info = {
4041 			 .alg = CIPHER_ALG_NONE,
4042 			 .mode = CIPHER_MODE_NONE,
4043 			 },
4044 	 .auth_info = {
4045 		       .alg = HASH_ALG_SHA3_256,
4046 		       .mode = HASH_MODE_HASH,
4047 		       },
4048 	 },
4049 	{
4050 	 .type = CRYPTO_ALG_TYPE_AHASH,
4051 	 .alg.hash = {
4052 		      .halg.digestsize = SHA3_256_DIGEST_SIZE,
4053 		      .halg.base = {
4054 				    .cra_name = "hmac(sha3-256)",
4055 				    .cra_driver_name = "hmac-sha3-256-iproc",
4056 				    .cra_blocksize = SHA3_256_BLOCK_SIZE,
4057 				}
4058 		      },
4059 	 .cipher_info = {
4060 			 .alg = CIPHER_ALG_NONE,
4061 			 .mode = CIPHER_MODE_NONE,
4062 			 },
4063 	 .auth_info = {
4064 		       .alg = HASH_ALG_SHA3_256,
4065 		       .mode = HASH_MODE_HMAC,
4066 		       },
4067 	 },
4068 	{
4069 	 .type = CRYPTO_ALG_TYPE_AHASH,
4070 	 .alg.hash = {
4071 		      .halg.digestsize = SHA3_384_DIGEST_SIZE,
4072 		      .halg.base = {
4073 				    .cra_name = "sha3-384",
4074 				    .cra_driver_name = "sha3-384-iproc",
4075 				    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4076 				}
4077 		      },
4078 	 .cipher_info = {
4079 			 .alg = CIPHER_ALG_NONE,
4080 			 .mode = CIPHER_MODE_NONE,
4081 			 },
4082 	 .auth_info = {
4083 		       .alg = HASH_ALG_SHA3_384,
4084 		       .mode = HASH_MODE_HASH,
4085 		       },
4086 	 },
4087 	{
4088 	 .type = CRYPTO_ALG_TYPE_AHASH,
4089 	 .alg.hash = {
4090 		      .halg.digestsize = SHA3_384_DIGEST_SIZE,
4091 		      .halg.base = {
4092 				    .cra_name = "hmac(sha3-384)",
4093 				    .cra_driver_name = "hmac-sha3-384-iproc",
4094 				    .cra_blocksize = SHA3_384_BLOCK_SIZE,
4095 				}
4096 		      },
4097 	 .cipher_info = {
4098 			 .alg = CIPHER_ALG_NONE,
4099 			 .mode = CIPHER_MODE_NONE,
4100 			 },
4101 	 .auth_info = {
4102 		       .alg = HASH_ALG_SHA3_384,
4103 		       .mode = HASH_MODE_HMAC,
4104 		       },
4105 	 },
4106 	{
4107 	 .type = CRYPTO_ALG_TYPE_AHASH,
4108 	 .alg.hash = {
4109 		      .halg.digestsize = SHA3_512_DIGEST_SIZE,
4110 		      .halg.base = {
4111 				    .cra_name = "sha3-512",
4112 				    .cra_driver_name = "sha3-512-iproc",
4113 				    .cra_blocksize = SHA3_512_BLOCK_SIZE,
4114 				}
4115 		      },
4116 	 .cipher_info = {
4117 			 .alg = CIPHER_ALG_NONE,
4118 			 .mode = CIPHER_MODE_NONE,
4119 			 },
4120 	 .auth_info = {
4121 		       .alg = HASH_ALG_SHA3_512,
4122 		       .mode = HASH_MODE_HASH,
4123 		       },
4124 	 },
4125 	{
4126 	 .type = CRYPTO_ALG_TYPE_AHASH,
4127 	 .alg.hash = {
4128 		      .halg.digestsize = SHA3_512_DIGEST_SIZE,
4129 		      .halg.base = {
4130 				    .cra_name = "hmac(sha3-512)",
4131 				    .cra_driver_name = "hmac-sha3-512-iproc",
4132 				    .cra_blocksize = SHA3_512_BLOCK_SIZE,
4133 				}
4134 		      },
4135 	 .cipher_info = {
4136 			 .alg = CIPHER_ALG_NONE,
4137 			 .mode = CIPHER_MODE_NONE,
4138 			 },
4139 	 .auth_info = {
4140 		       .alg = HASH_ALG_SHA3_512,
4141 		       .mode = HASH_MODE_HMAC,
4142 		       },
4143 	 },
4144 	{
4145 	 .type = CRYPTO_ALG_TYPE_AHASH,
4146 	 .alg.hash = {
4147 		      .halg.digestsize = AES_BLOCK_SIZE,
4148 		      .halg.base = {
4149 				    .cra_name = "xcbc(aes)",
4150 				    .cra_driver_name = "xcbc-aes-iproc",
4151 				    .cra_blocksize = AES_BLOCK_SIZE,
4152 				}
4153 		      },
4154 	 .cipher_info = {
4155 			 .alg = CIPHER_ALG_NONE,
4156 			 .mode = CIPHER_MODE_NONE,
4157 			 },
4158 	 .auth_info = {
4159 		       .alg = HASH_ALG_AES,
4160 		       .mode = HASH_MODE_XCBC,
4161 		       },
4162 	 },
4163 	{
4164 	 .type = CRYPTO_ALG_TYPE_AHASH,
4165 	 .alg.hash = {
4166 		      .halg.digestsize = AES_BLOCK_SIZE,
4167 		      .halg.base = {
4168 				    .cra_name = "cmac(aes)",
4169 				    .cra_driver_name = "cmac-aes-iproc",
4170 				    .cra_blocksize = AES_BLOCK_SIZE,
4171 				}
4172 		      },
4173 	 .cipher_info = {
4174 			 .alg = CIPHER_ALG_NONE,
4175 			 .mode = CIPHER_MODE_NONE,
4176 			 },
4177 	 .auth_info = {
4178 		       .alg = HASH_ALG_AES,
4179 		       .mode = HASH_MODE_CMAC,
4180 		       },
4181 	 },
4182 };
4183 
4184 static int generic_cra_init(struct crypto_tfm *tfm,
4185 			    struct iproc_alg_s *cipher_alg)
4186 {
4187 	struct spu_hw *spu = &iproc_priv.spu;
4188 	struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4189 	unsigned int blocksize = crypto_tfm_alg_blocksize(tfm);
4190 
4191 	flow_log("%s()\n", __func__);
4192 
4193 	ctx->alg = cipher_alg;
4194 	ctx->cipher = cipher_alg->cipher_info;
4195 	ctx->auth = cipher_alg->auth_info;
4196 	ctx->auth_first = cipher_alg->auth_first;
4197 	ctx->max_payload = spu->spu_ctx_max_payload(ctx->cipher.alg,
4198 						    ctx->cipher.mode,
4199 						    blocksize);
4200 	ctx->fallback_cipher = NULL;
4201 
4202 	ctx->enckeylen = 0;
4203 	ctx->authkeylen = 0;
4204 
4205 	atomic_inc(&iproc_priv.stream_count);
4206 	atomic_inc(&iproc_priv.session_count);
4207 
4208 	return 0;
4209 }
4210 
4211 static int skcipher_init_tfm(struct crypto_skcipher *skcipher)
4212 {
4213 	struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
4214 	struct skcipher_alg *alg = crypto_skcipher_alg(skcipher);
4215 	struct iproc_alg_s *cipher_alg;
4216 
4217 	flow_log("%s()\n", __func__);
4218 
4219 	crypto_skcipher_set_reqsize(skcipher, sizeof(struct iproc_reqctx_s));
4220 
4221 	cipher_alg = container_of(alg, struct iproc_alg_s, alg.skcipher);
4222 	return generic_cra_init(tfm, cipher_alg);
4223 }
4224 
4225 static int ahash_cra_init(struct crypto_tfm *tfm)
4226 {
4227 	int err;
4228 	struct crypto_alg *alg = tfm->__crt_alg;
4229 	struct iproc_alg_s *cipher_alg;
4230 
4231 	cipher_alg = container_of(__crypto_ahash_alg(alg), struct iproc_alg_s,
4232 				  alg.hash);
4233 
4234 	err = generic_cra_init(tfm, cipher_alg);
4235 	flow_log("%s()\n", __func__);
4236 
4237 	/*
4238 	 * export state size has to be < 512 bytes. So don't include msg bufs
4239 	 * in state size.
4240 	 */
4241 	crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
4242 				 sizeof(struct iproc_reqctx_s));
4243 
4244 	return err;
4245 }
4246 
4247 static int aead_cra_init(struct crypto_aead *aead)
4248 {
4249 	struct crypto_tfm *tfm = crypto_aead_tfm(aead);
4250 	struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4251 	struct crypto_alg *alg = tfm->__crt_alg;
4252 	struct aead_alg *aalg = container_of(alg, struct aead_alg, base);
4253 	struct iproc_alg_s *cipher_alg = container_of(aalg, struct iproc_alg_s,
4254 						      alg.aead);
4255 
4256 	int err = generic_cra_init(tfm, cipher_alg);
4257 
4258 	flow_log("%s()\n", __func__);
4259 
4260 	crypto_aead_set_reqsize(aead, sizeof(struct iproc_reqctx_s));
4261 	ctx->is_esp = false;
4262 	ctx->salt_len = 0;
4263 	ctx->salt_offset = 0;
4264 
4265 	/* random first IV */
4266 	get_random_bytes(ctx->iv, MAX_IV_SIZE);
4267 	flow_dump("  iv: ", ctx->iv, MAX_IV_SIZE);
4268 
4269 	if (!err) {
4270 		if (alg->cra_flags & CRYPTO_ALG_NEED_FALLBACK) {
4271 			flow_log("%s() creating fallback cipher\n", __func__);
4272 
4273 			ctx->fallback_cipher =
4274 			    crypto_alloc_aead(alg->cra_name, 0,
4275 					      CRYPTO_ALG_ASYNC |
4276 					      CRYPTO_ALG_NEED_FALLBACK);
4277 			if (IS_ERR(ctx->fallback_cipher)) {
4278 				pr_err("%s() Error: failed to allocate fallback for %s\n",
4279 				       __func__, alg->cra_name);
4280 				return PTR_ERR(ctx->fallback_cipher);
4281 			}
4282 		}
4283 	}
4284 
4285 	return err;
4286 }
4287 
4288 static void generic_cra_exit(struct crypto_tfm *tfm)
4289 {
4290 	atomic_dec(&iproc_priv.session_count);
4291 }
4292 
4293 static void skcipher_exit_tfm(struct crypto_skcipher *tfm)
4294 {
4295 	generic_cra_exit(crypto_skcipher_tfm(tfm));
4296 }
4297 
4298 static void aead_cra_exit(struct crypto_aead *aead)
4299 {
4300 	struct crypto_tfm *tfm = crypto_aead_tfm(aead);
4301 	struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4302 
4303 	generic_cra_exit(tfm);
4304 
4305 	if (ctx->fallback_cipher) {
4306 		crypto_free_aead(ctx->fallback_cipher);
4307 		ctx->fallback_cipher = NULL;
4308 	}
4309 }
4310 
4311 /**
4312  * spu_functions_register() - Specify hardware-specific SPU functions based on
4313  * SPU type read from device tree.
4314  * @dev:	device structure
4315  * @spu_type:	SPU hardware generation
4316  * @spu_subtype: SPU hardware version
4317  */
4318 static void spu_functions_register(struct device *dev,
4319 				   enum spu_spu_type spu_type,
4320 				   enum spu_spu_subtype spu_subtype)
4321 {
4322 	struct spu_hw *spu = &iproc_priv.spu;
4323 
4324 	if (spu_type == SPU_TYPE_SPUM) {
4325 		dev_dbg(dev, "Registering SPUM functions");
4326 		spu->spu_dump_msg_hdr = spum_dump_msg_hdr;
4327 		spu->spu_payload_length = spum_payload_length;
4328 		spu->spu_response_hdr_len = spum_response_hdr_len;
4329 		spu->spu_hash_pad_len = spum_hash_pad_len;
4330 		spu->spu_gcm_ccm_pad_len = spum_gcm_ccm_pad_len;
4331 		spu->spu_assoc_resp_len = spum_assoc_resp_len;
4332 		spu->spu_aead_ivlen = spum_aead_ivlen;
4333 		spu->spu_hash_type = spum_hash_type;
4334 		spu->spu_digest_size = spum_digest_size;
4335 		spu->spu_create_request = spum_create_request;
4336 		spu->spu_cipher_req_init = spum_cipher_req_init;
4337 		spu->spu_cipher_req_finish = spum_cipher_req_finish;
4338 		spu->spu_request_pad = spum_request_pad;
4339 		spu->spu_tx_status_len = spum_tx_status_len;
4340 		spu->spu_rx_status_len = spum_rx_status_len;
4341 		spu->spu_status_process = spum_status_process;
4342 		spu->spu_xts_tweak_in_payload = spum_xts_tweak_in_payload;
4343 		spu->spu_ccm_update_iv = spum_ccm_update_iv;
4344 		spu->spu_wordalign_padlen = spum_wordalign_padlen;
4345 		if (spu_subtype == SPU_SUBTYPE_SPUM_NS2)
4346 			spu->spu_ctx_max_payload = spum_ns2_ctx_max_payload;
4347 		else
4348 			spu->spu_ctx_max_payload = spum_nsp_ctx_max_payload;
4349 	} else {
4350 		dev_dbg(dev, "Registering SPU2 functions");
4351 		spu->spu_dump_msg_hdr = spu2_dump_msg_hdr;
4352 		spu->spu_ctx_max_payload = spu2_ctx_max_payload;
4353 		spu->spu_payload_length = spu2_payload_length;
4354 		spu->spu_response_hdr_len = spu2_response_hdr_len;
4355 		spu->spu_hash_pad_len = spu2_hash_pad_len;
4356 		spu->spu_gcm_ccm_pad_len = spu2_gcm_ccm_pad_len;
4357 		spu->spu_assoc_resp_len = spu2_assoc_resp_len;
4358 		spu->spu_aead_ivlen = spu2_aead_ivlen;
4359 		spu->spu_hash_type = spu2_hash_type;
4360 		spu->spu_digest_size = spu2_digest_size;
4361 		spu->spu_create_request = spu2_create_request;
4362 		spu->spu_cipher_req_init = spu2_cipher_req_init;
4363 		spu->spu_cipher_req_finish = spu2_cipher_req_finish;
4364 		spu->spu_request_pad = spu2_request_pad;
4365 		spu->spu_tx_status_len = spu2_tx_status_len;
4366 		spu->spu_rx_status_len = spu2_rx_status_len;
4367 		spu->spu_status_process = spu2_status_process;
4368 		spu->spu_xts_tweak_in_payload = spu2_xts_tweak_in_payload;
4369 		spu->spu_ccm_update_iv = spu2_ccm_update_iv;
4370 		spu->spu_wordalign_padlen = spu2_wordalign_padlen;
4371 	}
4372 }
4373 
4374 /**
4375  * spu_mb_init() - Initialize mailbox client. Request ownership of a mailbox
4376  * channel for the SPU being probed.
4377  * @dev:  SPU driver device structure
4378  *
4379  * Return: 0 if successful
4380  *	   < 0 otherwise
4381  */
4382 static int spu_mb_init(struct device *dev)
4383 {
4384 	struct mbox_client *mcl = &iproc_priv.mcl;
4385 	int err, i;
4386 
4387 	iproc_priv.mbox = devm_kcalloc(dev, iproc_priv.spu.num_chan,
4388 				  sizeof(struct mbox_chan *), GFP_KERNEL);
4389 	if (!iproc_priv.mbox)
4390 		return -ENOMEM;
4391 
4392 	mcl->dev = dev;
4393 	mcl->tx_block = false;
4394 	mcl->tx_tout = 0;
4395 	mcl->knows_txdone = true;
4396 	mcl->rx_callback = spu_rx_callback;
4397 	mcl->tx_done = NULL;
4398 
4399 	for (i = 0; i < iproc_priv.spu.num_chan; i++) {
4400 		iproc_priv.mbox[i] = mbox_request_channel(mcl, i);
4401 		if (IS_ERR(iproc_priv.mbox[i])) {
4402 			err = PTR_ERR(iproc_priv.mbox[i]);
4403 			dev_err(dev,
4404 				"Mbox channel %d request failed with err %d",
4405 				i, err);
4406 			iproc_priv.mbox[i] = NULL;
4407 			goto free_channels;
4408 		}
4409 	}
4410 
4411 	return 0;
4412 free_channels:
4413 	for (i = 0; i < iproc_priv.spu.num_chan; i++) {
4414 		if (iproc_priv.mbox[i])
4415 			mbox_free_channel(iproc_priv.mbox[i]);
4416 	}
4417 
4418 	return err;
4419 }
4420 
4421 static void spu_mb_release(struct platform_device *pdev)
4422 {
4423 	int i;
4424 
4425 	for (i = 0; i < iproc_priv.spu.num_chan; i++)
4426 		mbox_free_channel(iproc_priv.mbox[i]);
4427 }
4428 
4429 static void spu_counters_init(void)
4430 {
4431 	int i;
4432 	int j;
4433 
4434 	atomic_set(&iproc_priv.session_count, 0);
4435 	atomic_set(&iproc_priv.stream_count, 0);
4436 	atomic_set(&iproc_priv.next_chan, (int)iproc_priv.spu.num_chan);
4437 	atomic64_set(&iproc_priv.bytes_in, 0);
4438 	atomic64_set(&iproc_priv.bytes_out, 0);
4439 	for (i = 0; i < SPU_OP_NUM; i++) {
4440 		atomic_set(&iproc_priv.op_counts[i], 0);
4441 		atomic_set(&iproc_priv.setkey_cnt[i], 0);
4442 	}
4443 	for (i = 0; i < CIPHER_ALG_LAST; i++)
4444 		for (j = 0; j < CIPHER_MODE_LAST; j++)
4445 			atomic_set(&iproc_priv.cipher_cnt[i][j], 0);
4446 
4447 	for (i = 0; i < HASH_ALG_LAST; i++) {
4448 		atomic_set(&iproc_priv.hash_cnt[i], 0);
4449 		atomic_set(&iproc_priv.hmac_cnt[i], 0);
4450 	}
4451 	for (i = 0; i < AEAD_TYPE_LAST; i++)
4452 		atomic_set(&iproc_priv.aead_cnt[i], 0);
4453 
4454 	atomic_set(&iproc_priv.mb_no_spc, 0);
4455 	atomic_set(&iproc_priv.mb_send_fail, 0);
4456 	atomic_set(&iproc_priv.bad_icv, 0);
4457 }
4458 
4459 static int spu_register_skcipher(struct iproc_alg_s *driver_alg)
4460 {
4461 	struct skcipher_alg *crypto = &driver_alg->alg.skcipher;
4462 	int err;
4463 
4464 	crypto->base.cra_module = THIS_MODULE;
4465 	crypto->base.cra_priority = cipher_pri;
4466 	crypto->base.cra_alignmask = 0;
4467 	crypto->base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4468 	crypto->base.cra_flags = CRYPTO_ALG_ASYNC |
4469 				 CRYPTO_ALG_ALLOCATES_MEMORY |
4470 				 CRYPTO_ALG_KERN_DRIVER_ONLY;
4471 
4472 	crypto->init = skcipher_init_tfm;
4473 	crypto->exit = skcipher_exit_tfm;
4474 	crypto->setkey = skcipher_setkey;
4475 	crypto->encrypt = skcipher_encrypt;
4476 	crypto->decrypt = skcipher_decrypt;
4477 
4478 	err = crypto_register_skcipher(crypto);
4479 	/* Mark alg as having been registered, if successful */
4480 	if (err == 0)
4481 		driver_alg->registered = true;
4482 	pr_debug("  registered skcipher %s\n", crypto->base.cra_driver_name);
4483 	return err;
4484 }
4485 
4486 static int spu_register_ahash(struct iproc_alg_s *driver_alg)
4487 {
4488 	struct spu_hw *spu = &iproc_priv.spu;
4489 	struct ahash_alg *hash = &driver_alg->alg.hash;
4490 	int err;
4491 
4492 	/* AES-XCBC is the only AES hash type currently supported on SPU-M */
4493 	if ((driver_alg->auth_info.alg == HASH_ALG_AES) &&
4494 	    (driver_alg->auth_info.mode != HASH_MODE_XCBC) &&
4495 	    (spu->spu_type == SPU_TYPE_SPUM))
4496 		return 0;
4497 
4498 	/* SHA3 algorithm variants are not registered for SPU-M or SPU2. */
4499 	if ((driver_alg->auth_info.alg >= HASH_ALG_SHA3_224) &&
4500 	    (spu->spu_subtype != SPU_SUBTYPE_SPU2_V2))
4501 		return 0;
4502 
4503 	hash->halg.base.cra_module = THIS_MODULE;
4504 	hash->halg.base.cra_priority = hash_pri;
4505 	hash->halg.base.cra_alignmask = 0;
4506 	hash->halg.base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4507 	hash->halg.base.cra_init = ahash_cra_init;
4508 	hash->halg.base.cra_exit = generic_cra_exit;
4509 	hash->halg.base.cra_flags = CRYPTO_ALG_ASYNC |
4510 				    CRYPTO_ALG_ALLOCATES_MEMORY;
4511 	hash->halg.statesize = sizeof(struct spu_hash_export_s);
4512 
4513 	if (driver_alg->auth_info.mode != HASH_MODE_HMAC) {
4514 		hash->init = ahash_init;
4515 		hash->update = ahash_update;
4516 		hash->final = ahash_final;
4517 		hash->finup = ahash_finup;
4518 		hash->digest = ahash_digest;
4519 		if ((driver_alg->auth_info.alg == HASH_ALG_AES) &&
4520 		    ((driver_alg->auth_info.mode == HASH_MODE_XCBC) ||
4521 		    (driver_alg->auth_info.mode == HASH_MODE_CMAC))) {
4522 			hash->setkey = ahash_setkey;
4523 		}
4524 	} else {
4525 		hash->setkey = ahash_hmac_setkey;
4526 		hash->init = ahash_hmac_init;
4527 		hash->update = ahash_hmac_update;
4528 		hash->final = ahash_hmac_final;
4529 		hash->finup = ahash_hmac_finup;
4530 		hash->digest = ahash_hmac_digest;
4531 	}
4532 	hash->export = ahash_export;
4533 	hash->import = ahash_import;
4534 
4535 	err = crypto_register_ahash(hash);
4536 	/* Mark alg as having been registered, if successful */
4537 	if (err == 0)
4538 		driver_alg->registered = true;
4539 	pr_debug("  registered ahash %s\n",
4540 		 hash->halg.base.cra_driver_name);
4541 	return err;
4542 }
4543 
4544 static int spu_register_aead(struct iproc_alg_s *driver_alg)
4545 {
4546 	struct aead_alg *aead = &driver_alg->alg.aead;
4547 	int err;
4548 
4549 	aead->base.cra_module = THIS_MODULE;
4550 	aead->base.cra_priority = aead_pri;
4551 	aead->base.cra_alignmask = 0;
4552 	aead->base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4553 
4554 	aead->base.cra_flags |= CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY;
4555 	/* setkey set in alg initialization */
4556 	aead->setauthsize = aead_setauthsize;
4557 	aead->encrypt = aead_encrypt;
4558 	aead->decrypt = aead_decrypt;
4559 	aead->init = aead_cra_init;
4560 	aead->exit = aead_cra_exit;
4561 
4562 	err = crypto_register_aead(aead);
4563 	/* Mark alg as having been registered, if successful */
4564 	if (err == 0)
4565 		driver_alg->registered = true;
4566 	pr_debug("  registered aead %s\n", aead->base.cra_driver_name);
4567 	return err;
4568 }
4569 
4570 /* register crypto algorithms the device supports */
4571 static int spu_algs_register(struct device *dev)
4572 {
4573 	int i, j;
4574 	int err;
4575 
4576 	for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
4577 		switch (driver_algs[i].type) {
4578 		case CRYPTO_ALG_TYPE_SKCIPHER:
4579 			err = spu_register_skcipher(&driver_algs[i]);
4580 			break;
4581 		case CRYPTO_ALG_TYPE_AHASH:
4582 			err = spu_register_ahash(&driver_algs[i]);
4583 			break;
4584 		case CRYPTO_ALG_TYPE_AEAD:
4585 			err = spu_register_aead(&driver_algs[i]);
4586 			break;
4587 		default:
4588 			dev_err(dev,
4589 				"iproc-crypto: unknown alg type: %d",
4590 				driver_algs[i].type);
4591 			err = -EINVAL;
4592 		}
4593 
4594 		if (err) {
4595 			dev_err(dev, "alg registration failed with error %d\n",
4596 				err);
4597 			goto err_algs;
4598 		}
4599 	}
4600 
4601 	return 0;
4602 
4603 err_algs:
4604 	for (j = 0; j < i; j++) {
4605 		/* Skip any algorithm not registered */
4606 		if (!driver_algs[j].registered)
4607 			continue;
4608 		switch (driver_algs[j].type) {
4609 		case CRYPTO_ALG_TYPE_SKCIPHER:
4610 			crypto_unregister_skcipher(&driver_algs[j].alg.skcipher);
4611 			driver_algs[j].registered = false;
4612 			break;
4613 		case CRYPTO_ALG_TYPE_AHASH:
4614 			crypto_unregister_ahash(&driver_algs[j].alg.hash);
4615 			driver_algs[j].registered = false;
4616 			break;
4617 		case CRYPTO_ALG_TYPE_AEAD:
4618 			crypto_unregister_aead(&driver_algs[j].alg.aead);
4619 			driver_algs[j].registered = false;
4620 			break;
4621 		}
4622 	}
4623 	return err;
4624 }
4625 
4626 /* ==================== Kernel Platform API ==================== */
4627 
4628 static struct spu_type_subtype spum_ns2_types = {
4629 	SPU_TYPE_SPUM, SPU_SUBTYPE_SPUM_NS2
4630 };
4631 
4632 static struct spu_type_subtype spum_nsp_types = {
4633 	SPU_TYPE_SPUM, SPU_SUBTYPE_SPUM_NSP
4634 };
4635 
4636 static struct spu_type_subtype spu2_types = {
4637 	SPU_TYPE_SPU2, SPU_SUBTYPE_SPU2_V1
4638 };
4639 
4640 static struct spu_type_subtype spu2_v2_types = {
4641 	SPU_TYPE_SPU2, SPU_SUBTYPE_SPU2_V2
4642 };
4643 
4644 static const struct of_device_id bcm_spu_dt_ids[] = {
4645 	{
4646 		.compatible = "brcm,spum-crypto",
4647 		.data = &spum_ns2_types,
4648 	},
4649 	{
4650 		.compatible = "brcm,spum-nsp-crypto",
4651 		.data = &spum_nsp_types,
4652 	},
4653 	{
4654 		.compatible = "brcm,spu2-crypto",
4655 		.data = &spu2_types,
4656 	},
4657 	{
4658 		.compatible = "brcm,spu2-v2-crypto",
4659 		.data = &spu2_v2_types,
4660 	},
4661 	{ /* sentinel */ }
4662 };
4663 
4664 MODULE_DEVICE_TABLE(of, bcm_spu_dt_ids);
4665 
4666 static int spu_dt_read(struct platform_device *pdev)
4667 {
4668 	struct device *dev = &pdev->dev;
4669 	struct spu_hw *spu = &iproc_priv.spu;
4670 	struct resource *spu_ctrl_regs;
4671 	const struct spu_type_subtype *matched_spu_type;
4672 	struct device_node *dn = pdev->dev.of_node;
4673 	int err, i;
4674 
4675 	/* Count number of mailbox channels */
4676 	spu->num_chan = of_count_phandle_with_args(dn, "mboxes", "#mbox-cells");
4677 
4678 	matched_spu_type = of_device_get_match_data(dev);
4679 	if (!matched_spu_type) {
4680 		dev_err(dev, "Failed to match device\n");
4681 		return -ENODEV;
4682 	}
4683 
4684 	spu->spu_type = matched_spu_type->type;
4685 	spu->spu_subtype = matched_spu_type->subtype;
4686 
4687 	for (i = 0; (i < MAX_SPUS) && ((spu_ctrl_regs =
4688 		platform_get_resource(pdev, IORESOURCE_MEM, i)) != NULL); i++) {
4689 
4690 		spu->reg_vbase[i] = devm_ioremap_resource(dev, spu_ctrl_regs);
4691 		if (IS_ERR(spu->reg_vbase[i])) {
4692 			err = PTR_ERR(spu->reg_vbase[i]);
4693 			dev_err(dev, "Failed to map registers: %d\n",
4694 				err);
4695 			spu->reg_vbase[i] = NULL;
4696 			return err;
4697 		}
4698 	}
4699 	spu->num_spu = i;
4700 	dev_dbg(dev, "Device has %d SPUs", spu->num_spu);
4701 
4702 	return 0;
4703 }
4704 
4705 static int bcm_spu_probe(struct platform_device *pdev)
4706 {
4707 	struct device *dev = &pdev->dev;
4708 	struct spu_hw *spu = &iproc_priv.spu;
4709 	int err;
4710 
4711 	iproc_priv.pdev  = pdev;
4712 	platform_set_drvdata(iproc_priv.pdev,
4713 			     &iproc_priv);
4714 
4715 	err = spu_dt_read(pdev);
4716 	if (err < 0)
4717 		goto failure;
4718 
4719 	err = spu_mb_init(dev);
4720 	if (err < 0)
4721 		goto failure;
4722 
4723 	if (spu->spu_type == SPU_TYPE_SPUM)
4724 		iproc_priv.bcm_hdr_len = 8;
4725 	else if (spu->spu_type == SPU_TYPE_SPU2)
4726 		iproc_priv.bcm_hdr_len = 0;
4727 
4728 	spu_functions_register(dev, spu->spu_type, spu->spu_subtype);
4729 
4730 	spu_counters_init();
4731 
4732 	spu_setup_debugfs();
4733 
4734 	err = spu_algs_register(dev);
4735 	if (err < 0)
4736 		goto fail_reg;
4737 
4738 	return 0;
4739 
4740 fail_reg:
4741 	spu_free_debugfs();
4742 failure:
4743 	spu_mb_release(pdev);
4744 	dev_err(dev, "%s failed with error %d.\n", __func__, err);
4745 
4746 	return err;
4747 }
4748 
4749 static int bcm_spu_remove(struct platform_device *pdev)
4750 {
4751 	int i;
4752 	struct device *dev = &pdev->dev;
4753 	char *cdn;
4754 
4755 	for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
4756 		/*
4757 		 * Not all algorithms were registered, depending on whether
4758 		 * hardware is SPU or SPU2.  So here we make sure to skip
4759 		 * those algorithms that were not previously registered.
4760 		 */
4761 		if (!driver_algs[i].registered)
4762 			continue;
4763 
4764 		switch (driver_algs[i].type) {
4765 		case CRYPTO_ALG_TYPE_SKCIPHER:
4766 			crypto_unregister_skcipher(&driver_algs[i].alg.skcipher);
4767 			dev_dbg(dev, "  unregistered cipher %s\n",
4768 				driver_algs[i].alg.skcipher.base.cra_driver_name);
4769 			driver_algs[i].registered = false;
4770 			break;
4771 		case CRYPTO_ALG_TYPE_AHASH:
4772 			crypto_unregister_ahash(&driver_algs[i].alg.hash);
4773 			cdn = driver_algs[i].alg.hash.halg.base.cra_driver_name;
4774 			dev_dbg(dev, "  unregistered hash %s\n", cdn);
4775 			driver_algs[i].registered = false;
4776 			break;
4777 		case CRYPTO_ALG_TYPE_AEAD:
4778 			crypto_unregister_aead(&driver_algs[i].alg.aead);
4779 			dev_dbg(dev, "  unregistered aead %s\n",
4780 				driver_algs[i].alg.aead.base.cra_driver_name);
4781 			driver_algs[i].registered = false;
4782 			break;
4783 		}
4784 	}
4785 	spu_free_debugfs();
4786 	spu_mb_release(pdev);
4787 	return 0;
4788 }
4789 
4790 /* ===== Kernel Module API ===== */
4791 
4792 static struct platform_driver bcm_spu_pdriver = {
4793 	.driver = {
4794 		   .name = "brcm-spu-crypto",
4795 		   .of_match_table = of_match_ptr(bcm_spu_dt_ids),
4796 		   },
4797 	.probe = bcm_spu_probe,
4798 	.remove = bcm_spu_remove,
4799 };
4800 module_platform_driver(bcm_spu_pdriver);
4801 
4802 MODULE_AUTHOR("Rob Rice <rob.rice@broadcom.com>");
4803 MODULE_DESCRIPTION("Broadcom symmetric crypto offload driver");
4804 MODULE_LICENSE("GPL v2");
4805