xref: /openbmc/linux/drivers/crypto/bcm/cipher.c (revision da090bf6)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright 2016 Broadcom
4  */
5 
6 #include <linux/err.h>
7 #include <linux/module.h>
8 #include <linux/init.h>
9 #include <linux/errno.h>
10 #include <linux/kernel.h>
11 #include <linux/interrupt.h>
12 #include <linux/platform_device.h>
13 #include <linux/scatterlist.h>
14 #include <linux/crypto.h>
15 #include <linux/kthread.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/sched.h>
18 #include <linux/of_address.h>
19 #include <linux/of_device.h>
20 #include <linux/io.h>
21 #include <linux/bitops.h>
22 
23 #include <crypto/algapi.h>
24 #include <crypto/aead.h>
25 #include <crypto/internal/aead.h>
26 #include <crypto/aes.h>
27 #include <crypto/internal/des.h>
28 #include <crypto/hmac.h>
29 #include <crypto/sha.h>
30 #include <crypto/md5.h>
31 #include <crypto/authenc.h>
32 #include <crypto/skcipher.h>
33 #include <crypto/hash.h>
34 #include <crypto/sha3.h>
35 
36 #include "util.h"
37 #include "cipher.h"
38 #include "spu.h"
39 #include "spum.h"
40 #include "spu2.h"
41 
42 /* ================= Device Structure ================== */
43 
44 struct device_private iproc_priv;
45 
46 /* ==================== Parameters ===================== */
47 
48 int flow_debug_logging;
49 module_param(flow_debug_logging, int, 0644);
50 MODULE_PARM_DESC(flow_debug_logging, "Enable Flow Debug Logging");
51 
52 int packet_debug_logging;
53 module_param(packet_debug_logging, int, 0644);
54 MODULE_PARM_DESC(packet_debug_logging, "Enable Packet Debug Logging");
55 
56 int debug_logging_sleep;
57 module_param(debug_logging_sleep, int, 0644);
58 MODULE_PARM_DESC(debug_logging_sleep, "Packet Debug Logging Sleep");
59 
60 /*
61  * The value of these module parameters is used to set the priority for each
62  * algo type when this driver registers algos with the kernel crypto API.
63  * To use a priority other than the default, set the priority in the insmod or
64  * modprobe. Changing the module priority after init time has no effect.
65  *
66  * The default priorities are chosen to be lower (less preferred) than ARMv8 CE
67  * algos, but more preferred than generic software algos.
68  */
69 static int cipher_pri = 150;
70 module_param(cipher_pri, int, 0644);
71 MODULE_PARM_DESC(cipher_pri, "Priority for cipher algos");
72 
73 static int hash_pri = 100;
74 module_param(hash_pri, int, 0644);
75 MODULE_PARM_DESC(hash_pri, "Priority for hash algos");
76 
77 static int aead_pri = 150;
78 module_param(aead_pri, int, 0644);
79 MODULE_PARM_DESC(aead_pri, "Priority for AEAD algos");
80 
81 /* A type 3 BCM header, expected to precede the SPU header for SPU-M.
82  * Bits 3 and 4 in the first byte encode the channel number (the dma ringset).
83  * 0x60 - ring 0
84  * 0x68 - ring 1
85  * 0x70 - ring 2
86  * 0x78 - ring 3
87  */
88 static char BCMHEADER[] = { 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28 };
89 /*
90  * Some SPU hw does not use BCM header on SPU messages. So BCM_HDR_LEN
91  * is set dynamically after reading SPU type from device tree.
92  */
93 #define BCM_HDR_LEN  iproc_priv.bcm_hdr_len
94 
95 /* min and max time to sleep before retrying when mbox queue is full. usec */
96 #define MBOX_SLEEP_MIN  800
97 #define MBOX_SLEEP_MAX 1000
98 
99 /**
100  * select_channel() - Select a SPU channel to handle a crypto request. Selects
101  * channel in round robin order.
102  *
103  * Return:  channel index
104  */
105 static u8 select_channel(void)
106 {
107 	u8 chan_idx = atomic_inc_return(&iproc_priv.next_chan);
108 
109 	return chan_idx % iproc_priv.spu.num_chan;
110 }
111 
112 /**
113  * spu_skcipher_rx_sg_create() - Build up the scatterlist of buffers used to
114  * receive a SPU response message for an skcipher request. Includes buffers to
115  * catch SPU message headers and the response data.
116  * @mssg:	mailbox message containing the receive sg
117  * @rctx:	crypto request context
118  * @rx_frag_num: number of scatterlist elements required to hold the
119  *		SPU response message
120  * @chunksize:	Number of bytes of response data expected
121  * @stat_pad_len: Number of bytes required to pad the STAT field to
122  *		a 4-byte boundary
123  *
124  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
125  * when the request completes, whether the request is handled successfully or
126  * there is an error.
127  *
128  * Returns:
129  *   0 if successful
130  *   < 0 if an error
131  */
132 static int
133 spu_skcipher_rx_sg_create(struct brcm_message *mssg,
134 			    struct iproc_reqctx_s *rctx,
135 			    u8 rx_frag_num,
136 			    unsigned int chunksize, u32 stat_pad_len)
137 {
138 	struct spu_hw *spu = &iproc_priv.spu;
139 	struct scatterlist *sg;	/* used to build sgs in mbox message */
140 	struct iproc_ctx_s *ctx = rctx->ctx;
141 	u32 datalen;		/* Number of bytes of response data expected */
142 
143 	mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
144 				rctx->gfp);
145 	if (!mssg->spu.dst)
146 		return -ENOMEM;
147 
148 	sg = mssg->spu.dst;
149 	sg_init_table(sg, rx_frag_num);
150 	/* Space for SPU message header */
151 	sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
152 
153 	/* If XTS tweak in payload, add buffer to receive encrypted tweak */
154 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
155 	    spu->spu_xts_tweak_in_payload())
156 		sg_set_buf(sg++, rctx->msg_buf.c.supdt_tweak,
157 			   SPU_XTS_TWEAK_SIZE);
158 
159 	/* Copy in each dst sg entry from request, up to chunksize */
160 	datalen = spu_msg_sg_add(&sg, &rctx->dst_sg, &rctx->dst_skip,
161 				 rctx->dst_nents, chunksize);
162 	if (datalen < chunksize) {
163 		pr_err("%s(): failed to copy dst sg to mbox msg. chunksize %u, datalen %u",
164 		       __func__, chunksize, datalen);
165 		return -EFAULT;
166 	}
167 
168 	if (ctx->cipher.alg == CIPHER_ALG_RC4)
169 		/* Add buffer to catch 260-byte SUPDT field for RC4 */
170 		sg_set_buf(sg++, rctx->msg_buf.c.supdt_tweak, SPU_SUPDT_LEN);
171 
172 	if (stat_pad_len)
173 		sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
174 
175 	memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
176 	sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
177 
178 	return 0;
179 }
180 
181 /**
182  * spu_skcipher_tx_sg_create() - Build up the scatterlist of buffers used to
183  * send a SPU request message for an skcipher request. Includes SPU message
184  * headers and the request data.
185  * @mssg:	mailbox message containing the transmit sg
186  * @rctx:	crypto request context
187  * @tx_frag_num: number of scatterlist elements required to construct the
188  *		SPU request message
189  * @chunksize:	Number of bytes of request data
190  * @pad_len:	Number of pad bytes
191  *
192  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
193  * when the request completes, whether the request is handled successfully or
194  * there is an error.
195  *
196  * Returns:
197  *   0 if successful
198  *   < 0 if an error
199  */
200 static int
201 spu_skcipher_tx_sg_create(struct brcm_message *mssg,
202 			    struct iproc_reqctx_s *rctx,
203 			    u8 tx_frag_num, unsigned int chunksize, u32 pad_len)
204 {
205 	struct spu_hw *spu = &iproc_priv.spu;
206 	struct scatterlist *sg;	/* used to build sgs in mbox message */
207 	struct iproc_ctx_s *ctx = rctx->ctx;
208 	u32 datalen;		/* Number of bytes of response data expected */
209 	u32 stat_len;
210 
211 	mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
212 				rctx->gfp);
213 	if (unlikely(!mssg->spu.src))
214 		return -ENOMEM;
215 
216 	sg = mssg->spu.src;
217 	sg_init_table(sg, tx_frag_num);
218 
219 	sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
220 		   BCM_HDR_LEN + ctx->spu_req_hdr_len);
221 
222 	/* if XTS tweak in payload, copy from IV (where crypto API puts it) */
223 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
224 	    spu->spu_xts_tweak_in_payload())
225 		sg_set_buf(sg++, rctx->msg_buf.iv_ctr, SPU_XTS_TWEAK_SIZE);
226 
227 	/* Copy in each src sg entry from request, up to chunksize */
228 	datalen = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
229 				 rctx->src_nents, chunksize);
230 	if (unlikely(datalen < chunksize)) {
231 		pr_err("%s(): failed to copy src sg to mbox msg",
232 		       __func__);
233 		return -EFAULT;
234 	}
235 
236 	if (pad_len)
237 		sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
238 
239 	stat_len = spu->spu_tx_status_len();
240 	if (stat_len) {
241 		memset(rctx->msg_buf.tx_stat, 0, stat_len);
242 		sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
243 	}
244 	return 0;
245 }
246 
247 static int mailbox_send_message(struct brcm_message *mssg, u32 flags,
248 				u8 chan_idx)
249 {
250 	int err;
251 	int retry_cnt = 0;
252 	struct device *dev = &(iproc_priv.pdev->dev);
253 
254 	err = mbox_send_message(iproc_priv.mbox[chan_idx], mssg);
255 	if (flags & CRYPTO_TFM_REQ_MAY_SLEEP) {
256 		while ((err == -ENOBUFS) && (retry_cnt < SPU_MB_RETRY_MAX)) {
257 			/*
258 			 * Mailbox queue is full. Since MAY_SLEEP is set, assume
259 			 * not in atomic context and we can wait and try again.
260 			 */
261 			retry_cnt++;
262 			usleep_range(MBOX_SLEEP_MIN, MBOX_SLEEP_MAX);
263 			err = mbox_send_message(iproc_priv.mbox[chan_idx],
264 						mssg);
265 			atomic_inc(&iproc_priv.mb_no_spc);
266 		}
267 	}
268 	if (err < 0) {
269 		atomic_inc(&iproc_priv.mb_send_fail);
270 		return err;
271 	}
272 
273 	/* Check error returned by mailbox controller */
274 	err = mssg->error;
275 	if (unlikely(err < 0)) {
276 		dev_err(dev, "message error %d", err);
277 		/* Signal txdone for mailbox channel */
278 	}
279 
280 	/* Signal txdone for mailbox channel */
281 	mbox_client_txdone(iproc_priv.mbox[chan_idx], err);
282 	return err;
283 }
284 
285 /**
286  * handle_skcipher_req() - Submit as much of a block cipher request as fits in
287  * a single SPU request message, starting at the current position in the request
288  * data.
289  * @rctx:	Crypto request context
290  *
291  * This may be called on the crypto API thread, or, when a request is so large
292  * it must be broken into multiple SPU messages, on the thread used to invoke
293  * the response callback. When requests are broken into multiple SPU
294  * messages, we assume subsequent messages depend on previous results, and
295  * thus always wait for previous results before submitting the next message.
296  * Because requests are submitted in lock step like this, there is no need
297  * to synchronize access to request data structures.
298  *
299  * Return: -EINPROGRESS: request has been accepted and result will be returned
300  *			 asynchronously
301  *         Any other value indicates an error
302  */
303 static int handle_skcipher_req(struct iproc_reqctx_s *rctx)
304 {
305 	struct spu_hw *spu = &iproc_priv.spu;
306 	struct crypto_async_request *areq = rctx->parent;
307 	struct skcipher_request *req =
308 	    container_of(areq, struct skcipher_request, base);
309 	struct iproc_ctx_s *ctx = rctx->ctx;
310 	struct spu_cipher_parms cipher_parms;
311 	int err = 0;
312 	unsigned int chunksize = 0;	/* Num bytes of request to submit */
313 	int remaining = 0;	/* Bytes of request still to process */
314 	int chunk_start;	/* Beginning of data for current SPU msg */
315 
316 	/* IV or ctr value to use in this SPU msg */
317 	u8 local_iv_ctr[MAX_IV_SIZE];
318 	u32 stat_pad_len;	/* num bytes to align status field */
319 	u32 pad_len;		/* total length of all padding */
320 	bool update_key = false;
321 	struct brcm_message *mssg;	/* mailbox message */
322 
323 	/* number of entries in src and dst sg in mailbox message. */
324 	u8 rx_frag_num = 2;	/* response header and STATUS */
325 	u8 tx_frag_num = 1;	/* request header */
326 
327 	flow_log("%s\n", __func__);
328 
329 	cipher_parms.alg = ctx->cipher.alg;
330 	cipher_parms.mode = ctx->cipher.mode;
331 	cipher_parms.type = ctx->cipher_type;
332 	cipher_parms.key_len = ctx->enckeylen;
333 	cipher_parms.key_buf = ctx->enckey;
334 	cipher_parms.iv_buf = local_iv_ctr;
335 	cipher_parms.iv_len = rctx->iv_ctr_len;
336 
337 	mssg = &rctx->mb_mssg;
338 	chunk_start = rctx->src_sent;
339 	remaining = rctx->total_todo - chunk_start;
340 
341 	/* determine the chunk we are breaking off and update the indexes */
342 	if ((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
343 	    (remaining > ctx->max_payload))
344 		chunksize = ctx->max_payload;
345 	else
346 		chunksize = remaining;
347 
348 	rctx->src_sent += chunksize;
349 	rctx->total_sent = rctx->src_sent;
350 
351 	/* Count number of sg entries to be included in this request */
352 	rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip, chunksize);
353 	rctx->dst_nents = spu_sg_count(rctx->dst_sg, rctx->dst_skip, chunksize);
354 
355 	if ((ctx->cipher.mode == CIPHER_MODE_CBC) &&
356 	    rctx->is_encrypt && chunk_start)
357 		/*
358 		 * Encrypting non-first first chunk. Copy last block of
359 		 * previous result to IV for this chunk.
360 		 */
361 		sg_copy_part_to_buf(req->dst, rctx->msg_buf.iv_ctr,
362 				    rctx->iv_ctr_len,
363 				    chunk_start - rctx->iv_ctr_len);
364 
365 	if (rctx->iv_ctr_len) {
366 		/* get our local copy of the iv */
367 		__builtin_memcpy(local_iv_ctr, rctx->msg_buf.iv_ctr,
368 				 rctx->iv_ctr_len);
369 
370 		/* generate the next IV if possible */
371 		if ((ctx->cipher.mode == CIPHER_MODE_CBC) &&
372 		    !rctx->is_encrypt) {
373 			/*
374 			 * CBC Decrypt: next IV is the last ciphertext block in
375 			 * this chunk
376 			 */
377 			sg_copy_part_to_buf(req->src, rctx->msg_buf.iv_ctr,
378 					    rctx->iv_ctr_len,
379 					    rctx->src_sent - rctx->iv_ctr_len);
380 		} else if (ctx->cipher.mode == CIPHER_MODE_CTR) {
381 			/*
382 			 * The SPU hardware increments the counter once for
383 			 * each AES block of 16 bytes. So update the counter
384 			 * for the next chunk, if there is one. Note that for
385 			 * this chunk, the counter has already been copied to
386 			 * local_iv_ctr. We can assume a block size of 16,
387 			 * because we only support CTR mode for AES, not for
388 			 * any other cipher alg.
389 			 */
390 			add_to_ctr(rctx->msg_buf.iv_ctr, chunksize >> 4);
391 		}
392 	}
393 
394 	if (ctx->cipher.alg == CIPHER_ALG_RC4) {
395 		rx_frag_num++;
396 		if (chunk_start) {
397 			/*
398 			 * for non-first RC4 chunks, use SUPDT from previous
399 			 * response as key for this chunk.
400 			 */
401 			cipher_parms.key_buf = rctx->msg_buf.c.supdt_tweak;
402 			update_key = true;
403 			cipher_parms.type = CIPHER_TYPE_UPDT;
404 		} else if (!rctx->is_encrypt) {
405 			/*
406 			 * First RC4 chunk. For decrypt, key in pre-built msg
407 			 * header may have been changed if encrypt required
408 			 * multiple chunks. So revert the key to the
409 			 * ctx->enckey value.
410 			 */
411 			update_key = true;
412 			cipher_parms.type = CIPHER_TYPE_INIT;
413 		}
414 	}
415 
416 	if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
417 		flow_log("max_payload infinite\n");
418 	else
419 		flow_log("max_payload %u\n", ctx->max_payload);
420 
421 	flow_log("sent:%u start:%u remains:%u size:%u\n",
422 		 rctx->src_sent, chunk_start, remaining, chunksize);
423 
424 	/* Copy SPU header template created at setkey time */
425 	memcpy(rctx->msg_buf.bcm_spu_req_hdr, ctx->bcm_spu_req_hdr,
426 	       sizeof(rctx->msg_buf.bcm_spu_req_hdr));
427 
428 	/*
429 	 * Pass SUPDT field as key. Key field in finish() call is only used
430 	 * when update_key has been set above for RC4. Will be ignored in
431 	 * all other cases.
432 	 */
433 	spu->spu_cipher_req_finish(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
434 				   ctx->spu_req_hdr_len, !(rctx->is_encrypt),
435 				   &cipher_parms, update_key, chunksize);
436 
437 	atomic64_add(chunksize, &iproc_priv.bytes_out);
438 
439 	stat_pad_len = spu->spu_wordalign_padlen(chunksize);
440 	if (stat_pad_len)
441 		rx_frag_num++;
442 	pad_len = stat_pad_len;
443 	if (pad_len) {
444 		tx_frag_num++;
445 		spu->spu_request_pad(rctx->msg_buf.spu_req_pad, 0,
446 				     0, ctx->auth.alg, ctx->auth.mode,
447 				     rctx->total_sent, stat_pad_len);
448 	}
449 
450 	spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
451 			      ctx->spu_req_hdr_len);
452 	packet_log("payload:\n");
453 	dump_sg(rctx->src_sg, rctx->src_skip, chunksize);
454 	packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
455 
456 	/*
457 	 * Build mailbox message containing SPU request msg and rx buffers
458 	 * to catch response message
459 	 */
460 	memset(mssg, 0, sizeof(*mssg));
461 	mssg->type = BRCM_MESSAGE_SPU;
462 	mssg->ctx = rctx;	/* Will be returned in response */
463 
464 	/* Create rx scatterlist to catch result */
465 	rx_frag_num += rctx->dst_nents;
466 
467 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
468 	    spu->spu_xts_tweak_in_payload())
469 		rx_frag_num++;	/* extra sg to insert tweak */
470 
471 	err = spu_skcipher_rx_sg_create(mssg, rctx, rx_frag_num, chunksize,
472 					  stat_pad_len);
473 	if (err)
474 		return err;
475 
476 	/* Create tx scatterlist containing SPU request message */
477 	tx_frag_num += rctx->src_nents;
478 	if (spu->spu_tx_status_len())
479 		tx_frag_num++;
480 
481 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
482 	    spu->spu_xts_tweak_in_payload())
483 		tx_frag_num++;	/* extra sg to insert tweak */
484 
485 	err = spu_skcipher_tx_sg_create(mssg, rctx, tx_frag_num, chunksize,
486 					  pad_len);
487 	if (err)
488 		return err;
489 
490 	err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
491 	if (unlikely(err < 0))
492 		return err;
493 
494 	return -EINPROGRESS;
495 }
496 
497 /**
498  * handle_skcipher_resp() - Process a block cipher SPU response. Updates the
499  * total received count for the request and updates global stats.
500  * @rctx:	Crypto request context
501  */
502 static void handle_skcipher_resp(struct iproc_reqctx_s *rctx)
503 {
504 	struct spu_hw *spu = &iproc_priv.spu;
505 #ifdef DEBUG
506 	struct crypto_async_request *areq = rctx->parent;
507 	struct skcipher_request *req = skcipher_request_cast(areq);
508 #endif
509 	struct iproc_ctx_s *ctx = rctx->ctx;
510 	u32 payload_len;
511 
512 	/* See how much data was returned */
513 	payload_len = spu->spu_payload_length(rctx->msg_buf.spu_resp_hdr);
514 
515 	/*
516 	 * In XTS mode, the first SPU_XTS_TWEAK_SIZE bytes may be the
517 	 * encrypted tweak ("i") value; we don't count those.
518 	 */
519 	if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
520 	    spu->spu_xts_tweak_in_payload() &&
521 	    (payload_len >= SPU_XTS_TWEAK_SIZE))
522 		payload_len -= SPU_XTS_TWEAK_SIZE;
523 
524 	atomic64_add(payload_len, &iproc_priv.bytes_in);
525 
526 	flow_log("%s() offset: %u, bd_len: %u BD:\n",
527 		 __func__, rctx->total_received, payload_len);
528 
529 	dump_sg(req->dst, rctx->total_received, payload_len);
530 	if (ctx->cipher.alg == CIPHER_ALG_RC4)
531 		packet_dump("  supdt ", rctx->msg_buf.c.supdt_tweak,
532 			    SPU_SUPDT_LEN);
533 
534 	rctx->total_received += payload_len;
535 	if (rctx->total_received == rctx->total_todo) {
536 		atomic_inc(&iproc_priv.op_counts[SPU_OP_CIPHER]);
537 		atomic_inc(
538 		   &iproc_priv.cipher_cnt[ctx->cipher.alg][ctx->cipher.mode]);
539 	}
540 }
541 
542 /**
543  * spu_ahash_rx_sg_create() - Build up the scatterlist of buffers used to
544  * receive a SPU response message for an ahash request.
545  * @mssg:	mailbox message containing the receive sg
546  * @rctx:	crypto request context
547  * @rx_frag_num: number of scatterlist elements required to hold the
548  *		SPU response message
549  * @digestsize: length of hash digest, in bytes
550  * @stat_pad_len: Number of bytes required to pad the STAT field to
551  *		a 4-byte boundary
552  *
553  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
554  * when the request completes, whether the request is handled successfully or
555  * there is an error.
556  *
557  * Return:
558  *   0 if successful
559  *   < 0 if an error
560  */
561 static int
562 spu_ahash_rx_sg_create(struct brcm_message *mssg,
563 		       struct iproc_reqctx_s *rctx,
564 		       u8 rx_frag_num, unsigned int digestsize,
565 		       u32 stat_pad_len)
566 {
567 	struct spu_hw *spu = &iproc_priv.spu;
568 	struct scatterlist *sg;	/* used to build sgs in mbox message */
569 	struct iproc_ctx_s *ctx = rctx->ctx;
570 
571 	mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
572 				rctx->gfp);
573 	if (!mssg->spu.dst)
574 		return -ENOMEM;
575 
576 	sg = mssg->spu.dst;
577 	sg_init_table(sg, rx_frag_num);
578 	/* Space for SPU message header */
579 	sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
580 
581 	/* Space for digest */
582 	sg_set_buf(sg++, rctx->msg_buf.digest, digestsize);
583 
584 	if (stat_pad_len)
585 		sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
586 
587 	memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
588 	sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
589 	return 0;
590 }
591 
592 /**
593  * spu_ahash_tx_sg_create() -  Build up the scatterlist of buffers used to send
594  * a SPU request message for an ahash request. Includes SPU message headers and
595  * the request data.
596  * @mssg:	mailbox message containing the transmit sg
597  * @rctx:	crypto request context
598  * @tx_frag_num: number of scatterlist elements required to construct the
599  *		SPU request message
600  * @spu_hdr_len: length in bytes of SPU message header
601  * @hash_carry_len: Number of bytes of data carried over from previous req
602  * @new_data_len: Number of bytes of new request data
603  * @pad_len:	Number of pad bytes
604  *
605  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
606  * when the request completes, whether the request is handled successfully or
607  * there is an error.
608  *
609  * Return:
610  *   0 if successful
611  *   < 0 if an error
612  */
613 static int
614 spu_ahash_tx_sg_create(struct brcm_message *mssg,
615 		       struct iproc_reqctx_s *rctx,
616 		       u8 tx_frag_num,
617 		       u32 spu_hdr_len,
618 		       unsigned int hash_carry_len,
619 		       unsigned int new_data_len, u32 pad_len)
620 {
621 	struct spu_hw *spu = &iproc_priv.spu;
622 	struct scatterlist *sg;	/* used to build sgs in mbox message */
623 	u32 datalen;		/* Number of bytes of response data expected */
624 	u32 stat_len;
625 
626 	mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
627 				rctx->gfp);
628 	if (!mssg->spu.src)
629 		return -ENOMEM;
630 
631 	sg = mssg->spu.src;
632 	sg_init_table(sg, tx_frag_num);
633 
634 	sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
635 		   BCM_HDR_LEN + spu_hdr_len);
636 
637 	if (hash_carry_len)
638 		sg_set_buf(sg++, rctx->hash_carry, hash_carry_len);
639 
640 	if (new_data_len) {
641 		/* Copy in each src sg entry from request, up to chunksize */
642 		datalen = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
643 					 rctx->src_nents, new_data_len);
644 		if (datalen < new_data_len) {
645 			pr_err("%s(): failed to copy src sg to mbox msg",
646 			       __func__);
647 			return -EFAULT;
648 		}
649 	}
650 
651 	if (pad_len)
652 		sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
653 
654 	stat_len = spu->spu_tx_status_len();
655 	if (stat_len) {
656 		memset(rctx->msg_buf.tx_stat, 0, stat_len);
657 		sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
658 	}
659 
660 	return 0;
661 }
662 
663 /**
664  * handle_ahash_req() - Process an asynchronous hash request from the crypto
665  * API.
666  * @rctx:  Crypto request context
667  *
668  * Builds a SPU request message embedded in a mailbox message and submits the
669  * mailbox message on a selected mailbox channel. The SPU request message is
670  * constructed as a scatterlist, including entries from the crypto API's
671  * src scatterlist to avoid copying the data to be hashed. This function is
672  * called either on the thread from the crypto API, or, in the case that the
673  * crypto API request is too large to fit in a single SPU request message,
674  * on the thread that invokes the receive callback with a response message.
675  * Because some operations require the response from one chunk before the next
676  * chunk can be submitted, we always wait for the response for the previous
677  * chunk before submitting the next chunk. Because requests are submitted in
678  * lock step like this, there is no need to synchronize access to request data
679  * structures.
680  *
681  * Return:
682  *   -EINPROGRESS: request has been submitted to SPU and response will be
683  *		   returned asynchronously
684  *   -EAGAIN:      non-final request included a small amount of data, which for
685  *		   efficiency we did not submit to the SPU, but instead stored
686  *		   to be submitted to the SPU with the next part of the request
687  *   other:        an error code
688  */
689 static int handle_ahash_req(struct iproc_reqctx_s *rctx)
690 {
691 	struct spu_hw *spu = &iproc_priv.spu;
692 	struct crypto_async_request *areq = rctx->parent;
693 	struct ahash_request *req = ahash_request_cast(areq);
694 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
695 	struct crypto_tfm *tfm = crypto_ahash_tfm(ahash);
696 	unsigned int blocksize = crypto_tfm_alg_blocksize(tfm);
697 	struct iproc_ctx_s *ctx = rctx->ctx;
698 
699 	/* number of bytes still to be hashed in this req */
700 	unsigned int nbytes_to_hash = 0;
701 	int err = 0;
702 	unsigned int chunksize = 0;	/* length of hash carry + new data */
703 	/*
704 	 * length of new data, not from hash carry, to be submitted in
705 	 * this hw request
706 	 */
707 	unsigned int new_data_len;
708 
709 	unsigned int __maybe_unused chunk_start = 0;
710 	u32 db_size;	 /* Length of data field, incl gcm and hash padding */
711 	int pad_len = 0; /* total pad len, including gcm, hash, stat padding */
712 	u32 data_pad_len = 0;	/* length of GCM/CCM padding */
713 	u32 stat_pad_len = 0;	/* length of padding to align STATUS word */
714 	struct brcm_message *mssg;	/* mailbox message */
715 	struct spu_request_opts req_opts;
716 	struct spu_cipher_parms cipher_parms;
717 	struct spu_hash_parms hash_parms;
718 	struct spu_aead_parms aead_parms;
719 	unsigned int local_nbuf;
720 	u32 spu_hdr_len;
721 	unsigned int digestsize;
722 	u16 rem = 0;
723 
724 	/*
725 	 * number of entries in src and dst sg. Always includes SPU msg header.
726 	 * rx always includes a buffer to catch digest and STATUS.
727 	 */
728 	u8 rx_frag_num = 3;
729 	u8 tx_frag_num = 1;
730 
731 	flow_log("total_todo %u, total_sent %u\n",
732 		 rctx->total_todo, rctx->total_sent);
733 
734 	memset(&req_opts, 0, sizeof(req_opts));
735 	memset(&cipher_parms, 0, sizeof(cipher_parms));
736 	memset(&hash_parms, 0, sizeof(hash_parms));
737 	memset(&aead_parms, 0, sizeof(aead_parms));
738 
739 	req_opts.bd_suppress = true;
740 	hash_parms.alg = ctx->auth.alg;
741 	hash_parms.mode = ctx->auth.mode;
742 	hash_parms.type = HASH_TYPE_NONE;
743 	hash_parms.key_buf = (u8 *)ctx->authkey;
744 	hash_parms.key_len = ctx->authkeylen;
745 
746 	/*
747 	 * For hash algorithms below assignment looks bit odd but
748 	 * it's needed for AES-XCBC and AES-CMAC hash algorithms
749 	 * to differentiate between 128, 192, 256 bit key values.
750 	 * Based on the key values, hash algorithm is selected.
751 	 * For example for 128 bit key, hash algorithm is AES-128.
752 	 */
753 	cipher_parms.type = ctx->cipher_type;
754 
755 	mssg = &rctx->mb_mssg;
756 	chunk_start = rctx->src_sent;
757 
758 	/*
759 	 * Compute the amount remaining to hash. This may include data
760 	 * carried over from previous requests.
761 	 */
762 	nbytes_to_hash = rctx->total_todo - rctx->total_sent;
763 	chunksize = nbytes_to_hash;
764 	if ((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
765 	    (chunksize > ctx->max_payload))
766 		chunksize = ctx->max_payload;
767 
768 	/*
769 	 * If this is not a final request and the request data is not a multiple
770 	 * of a full block, then simply park the extra data and prefix it to the
771 	 * data for the next request.
772 	 */
773 	if (!rctx->is_final) {
774 		u8 *dest = rctx->hash_carry + rctx->hash_carry_len;
775 		u16 new_len;  /* len of data to add to hash carry */
776 
777 		rem = chunksize % blocksize;   /* remainder */
778 		if (rem) {
779 			/* chunksize not a multiple of blocksize */
780 			chunksize -= rem;
781 			if (chunksize == 0) {
782 				/* Don't have a full block to submit to hw */
783 				new_len = rem - rctx->hash_carry_len;
784 				sg_copy_part_to_buf(req->src, dest, new_len,
785 						    rctx->src_sent);
786 				rctx->hash_carry_len = rem;
787 				flow_log("Exiting with hash carry len: %u\n",
788 					 rctx->hash_carry_len);
789 				packet_dump("  buf: ",
790 					    rctx->hash_carry,
791 					    rctx->hash_carry_len);
792 				return -EAGAIN;
793 			}
794 		}
795 	}
796 
797 	/* if we have hash carry, then prefix it to the data in this request */
798 	local_nbuf = rctx->hash_carry_len;
799 	rctx->hash_carry_len = 0;
800 	if (local_nbuf)
801 		tx_frag_num++;
802 	new_data_len = chunksize - local_nbuf;
803 
804 	/* Count number of sg entries to be used in this request */
805 	rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip,
806 				       new_data_len);
807 
808 	/* AES hashing keeps key size in type field, so need to copy it here */
809 	if (hash_parms.alg == HASH_ALG_AES)
810 		hash_parms.type = (enum hash_type)cipher_parms.type;
811 	else
812 		hash_parms.type = spu->spu_hash_type(rctx->total_sent);
813 
814 	digestsize = spu->spu_digest_size(ctx->digestsize, ctx->auth.alg,
815 					  hash_parms.type);
816 	hash_parms.digestsize =	digestsize;
817 
818 	/* update the indexes */
819 	rctx->total_sent += chunksize;
820 	/* if you sent a prebuf then that wasn't from this req->src */
821 	rctx->src_sent += new_data_len;
822 
823 	if ((rctx->total_sent == rctx->total_todo) && rctx->is_final)
824 		hash_parms.pad_len = spu->spu_hash_pad_len(hash_parms.alg,
825 							   hash_parms.mode,
826 							   chunksize,
827 							   blocksize);
828 
829 	/*
830 	 * If a non-first chunk, then include the digest returned from the
831 	 * previous chunk so that hw can add to it (except for AES types).
832 	 */
833 	if ((hash_parms.type == HASH_TYPE_UPDT) &&
834 	    (hash_parms.alg != HASH_ALG_AES)) {
835 		hash_parms.key_buf = rctx->incr_hash;
836 		hash_parms.key_len = digestsize;
837 	}
838 
839 	atomic64_add(chunksize, &iproc_priv.bytes_out);
840 
841 	flow_log("%s() final: %u nbuf: %u ",
842 		 __func__, rctx->is_final, local_nbuf);
843 
844 	if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
845 		flow_log("max_payload infinite\n");
846 	else
847 		flow_log("max_payload %u\n", ctx->max_payload);
848 
849 	flow_log("chunk_start: %u chunk_size: %u\n", chunk_start, chunksize);
850 
851 	/* Prepend SPU header with type 3 BCM header */
852 	memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
853 
854 	hash_parms.prebuf_len = local_nbuf;
855 	spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
856 					      BCM_HDR_LEN,
857 					      &req_opts, &cipher_parms,
858 					      &hash_parms, &aead_parms,
859 					      new_data_len);
860 
861 	if (spu_hdr_len == 0) {
862 		pr_err("Failed to create SPU request header\n");
863 		return -EFAULT;
864 	}
865 
866 	/*
867 	 * Determine total length of padding required. Put all padding in one
868 	 * buffer.
869 	 */
870 	data_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode, chunksize);
871 	db_size = spu_real_db_size(0, 0, local_nbuf, new_data_len,
872 				   0, 0, hash_parms.pad_len);
873 	if (spu->spu_tx_status_len())
874 		stat_pad_len = spu->spu_wordalign_padlen(db_size);
875 	if (stat_pad_len)
876 		rx_frag_num++;
877 	pad_len = hash_parms.pad_len + data_pad_len + stat_pad_len;
878 	if (pad_len) {
879 		tx_frag_num++;
880 		spu->spu_request_pad(rctx->msg_buf.spu_req_pad, data_pad_len,
881 				     hash_parms.pad_len, ctx->auth.alg,
882 				     ctx->auth.mode, rctx->total_sent,
883 				     stat_pad_len);
884 	}
885 
886 	spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
887 			      spu_hdr_len);
888 	packet_dump("    prebuf: ", rctx->hash_carry, local_nbuf);
889 	flow_log("Data:\n");
890 	dump_sg(rctx->src_sg, rctx->src_skip, new_data_len);
891 	packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
892 
893 	/*
894 	 * Build mailbox message containing SPU request msg and rx buffers
895 	 * to catch response message
896 	 */
897 	memset(mssg, 0, sizeof(*mssg));
898 	mssg->type = BRCM_MESSAGE_SPU;
899 	mssg->ctx = rctx;	/* Will be returned in response */
900 
901 	/* Create rx scatterlist to catch result */
902 	err = spu_ahash_rx_sg_create(mssg, rctx, rx_frag_num, digestsize,
903 				     stat_pad_len);
904 	if (err)
905 		return err;
906 
907 	/* Create tx scatterlist containing SPU request message */
908 	tx_frag_num += rctx->src_nents;
909 	if (spu->spu_tx_status_len())
910 		tx_frag_num++;
911 	err = spu_ahash_tx_sg_create(mssg, rctx, tx_frag_num, spu_hdr_len,
912 				     local_nbuf, new_data_len, pad_len);
913 	if (err)
914 		return err;
915 
916 	err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
917 	if (unlikely(err < 0))
918 		return err;
919 
920 	return -EINPROGRESS;
921 }
922 
923 /**
924  * spu_hmac_outer_hash() - Request synchonous software compute of the outer hash
925  * for an HMAC request.
926  * @req:  The HMAC request from the crypto API
927  * @ctx:  The session context
928  *
929  * Return: 0 if synchronous hash operation successful
930  *         -EINVAL if the hash algo is unrecognized
931  *         any other value indicates an error
932  */
933 static int spu_hmac_outer_hash(struct ahash_request *req,
934 			       struct iproc_ctx_s *ctx)
935 {
936 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
937 	unsigned int blocksize =
938 		crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
939 	int rc;
940 
941 	switch (ctx->auth.alg) {
942 	case HASH_ALG_MD5:
943 		rc = do_shash("md5", req->result, ctx->opad, blocksize,
944 			      req->result, ctx->digestsize, NULL, 0);
945 		break;
946 	case HASH_ALG_SHA1:
947 		rc = do_shash("sha1", req->result, ctx->opad, blocksize,
948 			      req->result, ctx->digestsize, NULL, 0);
949 		break;
950 	case HASH_ALG_SHA224:
951 		rc = do_shash("sha224", req->result, ctx->opad, blocksize,
952 			      req->result, ctx->digestsize, NULL, 0);
953 		break;
954 	case HASH_ALG_SHA256:
955 		rc = do_shash("sha256", req->result, ctx->opad, blocksize,
956 			      req->result, ctx->digestsize, NULL, 0);
957 		break;
958 	case HASH_ALG_SHA384:
959 		rc = do_shash("sha384", req->result, ctx->opad, blocksize,
960 			      req->result, ctx->digestsize, NULL, 0);
961 		break;
962 	case HASH_ALG_SHA512:
963 		rc = do_shash("sha512", req->result, ctx->opad, blocksize,
964 			      req->result, ctx->digestsize, NULL, 0);
965 		break;
966 	default:
967 		pr_err("%s() Error : unknown hmac type\n", __func__);
968 		rc = -EINVAL;
969 	}
970 	return rc;
971 }
972 
973 /**
974  * ahash_req_done() - Process a hash result from the SPU hardware.
975  * @rctx: Crypto request context
976  *
977  * Return: 0 if successful
978  *         < 0 if an error
979  */
980 static int ahash_req_done(struct iproc_reqctx_s *rctx)
981 {
982 	struct spu_hw *spu = &iproc_priv.spu;
983 	struct crypto_async_request *areq = rctx->parent;
984 	struct ahash_request *req = ahash_request_cast(areq);
985 	struct iproc_ctx_s *ctx = rctx->ctx;
986 	int err;
987 
988 	memcpy(req->result, rctx->msg_buf.digest, ctx->digestsize);
989 
990 	if (spu->spu_type == SPU_TYPE_SPUM) {
991 		/* byte swap the output from the UPDT function to network byte
992 		 * order
993 		 */
994 		if (ctx->auth.alg == HASH_ALG_MD5) {
995 			__swab32s((u32 *)req->result);
996 			__swab32s(((u32 *)req->result) + 1);
997 			__swab32s(((u32 *)req->result) + 2);
998 			__swab32s(((u32 *)req->result) + 3);
999 			__swab32s(((u32 *)req->result) + 4);
1000 		}
1001 	}
1002 
1003 	flow_dump("  digest ", req->result, ctx->digestsize);
1004 
1005 	/* if this an HMAC then do the outer hash */
1006 	if (rctx->is_sw_hmac) {
1007 		err = spu_hmac_outer_hash(req, ctx);
1008 		if (err < 0)
1009 			return err;
1010 		flow_dump("  hmac: ", req->result, ctx->digestsize);
1011 	}
1012 
1013 	if (rctx->is_sw_hmac || ctx->auth.mode == HASH_MODE_HMAC) {
1014 		atomic_inc(&iproc_priv.op_counts[SPU_OP_HMAC]);
1015 		atomic_inc(&iproc_priv.hmac_cnt[ctx->auth.alg]);
1016 	} else {
1017 		atomic_inc(&iproc_priv.op_counts[SPU_OP_HASH]);
1018 		atomic_inc(&iproc_priv.hash_cnt[ctx->auth.alg]);
1019 	}
1020 
1021 	return 0;
1022 }
1023 
1024 /**
1025  * handle_ahash_resp() - Process a SPU response message for a hash request.
1026  * Checks if the entire crypto API request has been processed, and if so,
1027  * invokes post processing on the result.
1028  * @rctx: Crypto request context
1029  */
1030 static void handle_ahash_resp(struct iproc_reqctx_s *rctx)
1031 {
1032 	struct iproc_ctx_s *ctx = rctx->ctx;
1033 #ifdef DEBUG
1034 	struct crypto_async_request *areq = rctx->parent;
1035 	struct ahash_request *req = ahash_request_cast(areq);
1036 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
1037 	unsigned int blocksize =
1038 		crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
1039 #endif
1040 	/*
1041 	 * Save hash to use as input to next op if incremental. Might be copying
1042 	 * too much, but that's easier than figuring out actual digest size here
1043 	 */
1044 	memcpy(rctx->incr_hash, rctx->msg_buf.digest, MAX_DIGEST_SIZE);
1045 
1046 	flow_log("%s() blocksize:%u digestsize:%u\n",
1047 		 __func__, blocksize, ctx->digestsize);
1048 
1049 	atomic64_add(ctx->digestsize, &iproc_priv.bytes_in);
1050 
1051 	if (rctx->is_final && (rctx->total_sent == rctx->total_todo))
1052 		ahash_req_done(rctx);
1053 }
1054 
1055 /**
1056  * spu_aead_rx_sg_create() - Build up the scatterlist of buffers used to receive
1057  * a SPU response message for an AEAD request. Includes buffers to catch SPU
1058  * message headers and the response data.
1059  * @mssg:	mailbox message containing the receive sg
1060  * @rctx:	crypto request context
1061  * @rx_frag_num: number of scatterlist elements required to hold the
1062  *		SPU response message
1063  * @assoc_len:	Length of associated data included in the crypto request
1064  * @ret_iv_len: Length of IV returned in response
1065  * @resp_len:	Number of bytes of response data expected to be written to
1066  *              dst buffer from crypto API
1067  * @digestsize: Length of hash digest, in bytes
1068  * @stat_pad_len: Number of bytes required to pad the STAT field to
1069  *		a 4-byte boundary
1070  *
1071  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
1072  * when the request completes, whether the request is handled successfully or
1073  * there is an error.
1074  *
1075  * Returns:
1076  *   0 if successful
1077  *   < 0 if an error
1078  */
1079 static int spu_aead_rx_sg_create(struct brcm_message *mssg,
1080 				 struct aead_request *req,
1081 				 struct iproc_reqctx_s *rctx,
1082 				 u8 rx_frag_num,
1083 				 unsigned int assoc_len,
1084 				 u32 ret_iv_len, unsigned int resp_len,
1085 				 unsigned int digestsize, u32 stat_pad_len)
1086 {
1087 	struct spu_hw *spu = &iproc_priv.spu;
1088 	struct scatterlist *sg;	/* used to build sgs in mbox message */
1089 	struct iproc_ctx_s *ctx = rctx->ctx;
1090 	u32 datalen;		/* Number of bytes of response data expected */
1091 	u32 assoc_buf_len;
1092 	u8 data_padlen = 0;
1093 
1094 	if (ctx->is_rfc4543) {
1095 		/* RFC4543: only pad after data, not after AAD */
1096 		data_padlen = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1097 							  assoc_len + resp_len);
1098 		assoc_buf_len = assoc_len;
1099 	} else {
1100 		data_padlen = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1101 							  resp_len);
1102 		assoc_buf_len = spu->spu_assoc_resp_len(ctx->cipher.mode,
1103 						assoc_len, ret_iv_len,
1104 						rctx->is_encrypt);
1105 	}
1106 
1107 	if (ctx->cipher.mode == CIPHER_MODE_CCM)
1108 		/* ICV (after data) must be in the next 32-bit word for CCM */
1109 		data_padlen += spu->spu_wordalign_padlen(assoc_buf_len +
1110 							 resp_len +
1111 							 data_padlen);
1112 
1113 	if (data_padlen)
1114 		/* have to catch gcm pad in separate buffer */
1115 		rx_frag_num++;
1116 
1117 	mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
1118 				rctx->gfp);
1119 	if (!mssg->spu.dst)
1120 		return -ENOMEM;
1121 
1122 	sg = mssg->spu.dst;
1123 	sg_init_table(sg, rx_frag_num);
1124 
1125 	/* Space for SPU message header */
1126 	sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
1127 
1128 	if (assoc_buf_len) {
1129 		/*
1130 		 * Don't write directly to req->dst, because SPU may pad the
1131 		 * assoc data in the response
1132 		 */
1133 		memset(rctx->msg_buf.a.resp_aad, 0, assoc_buf_len);
1134 		sg_set_buf(sg++, rctx->msg_buf.a.resp_aad, assoc_buf_len);
1135 	}
1136 
1137 	if (resp_len) {
1138 		/*
1139 		 * Copy in each dst sg entry from request, up to chunksize.
1140 		 * dst sg catches just the data. digest caught in separate buf.
1141 		 */
1142 		datalen = spu_msg_sg_add(&sg, &rctx->dst_sg, &rctx->dst_skip,
1143 					 rctx->dst_nents, resp_len);
1144 		if (datalen < (resp_len)) {
1145 			pr_err("%s(): failed to copy dst sg to mbox msg. expected len %u, datalen %u",
1146 			       __func__, resp_len, datalen);
1147 			return -EFAULT;
1148 		}
1149 	}
1150 
1151 	/* If GCM/CCM data is padded, catch padding in separate buffer */
1152 	if (data_padlen) {
1153 		memset(rctx->msg_buf.a.gcmpad, 0, data_padlen);
1154 		sg_set_buf(sg++, rctx->msg_buf.a.gcmpad, data_padlen);
1155 	}
1156 
1157 	/* Always catch ICV in separate buffer */
1158 	sg_set_buf(sg++, rctx->msg_buf.digest, digestsize);
1159 
1160 	flow_log("stat_pad_len %u\n", stat_pad_len);
1161 	if (stat_pad_len) {
1162 		memset(rctx->msg_buf.rx_stat_pad, 0, stat_pad_len);
1163 		sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
1164 	}
1165 
1166 	memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
1167 	sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
1168 
1169 	return 0;
1170 }
1171 
1172 /**
1173  * spu_aead_tx_sg_create() - Build up the scatterlist of buffers used to send a
1174  * SPU request message for an AEAD request. Includes SPU message headers and the
1175  * request data.
1176  * @mssg:	mailbox message containing the transmit sg
1177  * @rctx:	crypto request context
1178  * @tx_frag_num: number of scatterlist elements required to construct the
1179  *		SPU request message
1180  * @spu_hdr_len: length of SPU message header in bytes
1181  * @assoc:	crypto API associated data scatterlist
1182  * @assoc_len:	length of associated data
1183  * @assoc_nents: number of scatterlist entries containing assoc data
1184  * @aead_iv_len: length of AEAD IV, if included
1185  * @chunksize:	Number of bytes of request data
1186  * @aad_pad_len: Number of bytes of padding at end of AAD. For GCM/CCM.
1187  * @pad_len:	Number of pad bytes
1188  * @incl_icv:	If true, write separate ICV buffer after data and
1189  *              any padding
1190  *
1191  * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
1192  * when the request completes, whether the request is handled successfully or
1193  * there is an error.
1194  *
1195  * Return:
1196  *   0 if successful
1197  *   < 0 if an error
1198  */
1199 static int spu_aead_tx_sg_create(struct brcm_message *mssg,
1200 				 struct iproc_reqctx_s *rctx,
1201 				 u8 tx_frag_num,
1202 				 u32 spu_hdr_len,
1203 				 struct scatterlist *assoc,
1204 				 unsigned int assoc_len,
1205 				 int assoc_nents,
1206 				 unsigned int aead_iv_len,
1207 				 unsigned int chunksize,
1208 				 u32 aad_pad_len, u32 pad_len, bool incl_icv)
1209 {
1210 	struct spu_hw *spu = &iproc_priv.spu;
1211 	struct scatterlist *sg;	/* used to build sgs in mbox message */
1212 	struct scatterlist *assoc_sg = assoc;
1213 	struct iproc_ctx_s *ctx = rctx->ctx;
1214 	u32 datalen;		/* Number of bytes of data to write */
1215 	u32 written;		/* Number of bytes of data written */
1216 	u32 assoc_offset = 0;
1217 	u32 stat_len;
1218 
1219 	mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
1220 				rctx->gfp);
1221 	if (!mssg->spu.src)
1222 		return -ENOMEM;
1223 
1224 	sg = mssg->spu.src;
1225 	sg_init_table(sg, tx_frag_num);
1226 
1227 	sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
1228 		   BCM_HDR_LEN + spu_hdr_len);
1229 
1230 	if (assoc_len) {
1231 		/* Copy in each associated data sg entry from request */
1232 		written = spu_msg_sg_add(&sg, &assoc_sg, &assoc_offset,
1233 					 assoc_nents, assoc_len);
1234 		if (written < assoc_len) {
1235 			pr_err("%s(): failed to copy assoc sg to mbox msg",
1236 			       __func__);
1237 			return -EFAULT;
1238 		}
1239 	}
1240 
1241 	if (aead_iv_len)
1242 		sg_set_buf(sg++, rctx->msg_buf.iv_ctr, aead_iv_len);
1243 
1244 	if (aad_pad_len) {
1245 		memset(rctx->msg_buf.a.req_aad_pad, 0, aad_pad_len);
1246 		sg_set_buf(sg++, rctx->msg_buf.a.req_aad_pad, aad_pad_len);
1247 	}
1248 
1249 	datalen = chunksize;
1250 	if ((chunksize > ctx->digestsize) && incl_icv)
1251 		datalen -= ctx->digestsize;
1252 	if (datalen) {
1253 		/* For aead, a single msg should consume the entire src sg */
1254 		written = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
1255 					 rctx->src_nents, datalen);
1256 		if (written < datalen) {
1257 			pr_err("%s(): failed to copy src sg to mbox msg",
1258 			       __func__);
1259 			return -EFAULT;
1260 		}
1261 	}
1262 
1263 	if (pad_len) {
1264 		memset(rctx->msg_buf.spu_req_pad, 0, pad_len);
1265 		sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
1266 	}
1267 
1268 	if (incl_icv)
1269 		sg_set_buf(sg++, rctx->msg_buf.digest, ctx->digestsize);
1270 
1271 	stat_len = spu->spu_tx_status_len();
1272 	if (stat_len) {
1273 		memset(rctx->msg_buf.tx_stat, 0, stat_len);
1274 		sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
1275 	}
1276 	return 0;
1277 }
1278 
1279 /**
1280  * handle_aead_req() - Submit a SPU request message for the next chunk of the
1281  * current AEAD request.
1282  * @rctx:  Crypto request context
1283  *
1284  * Unlike other operation types, we assume the length of the request fits in
1285  * a single SPU request message. aead_enqueue() makes sure this is true.
1286  * Comments for other op types regarding threads applies here as well.
1287  *
1288  * Unlike incremental hash ops, where the spu returns the entire hash for
1289  * truncated algs like sha-224, the SPU returns just the truncated hash in
1290  * response to aead requests. So digestsize is always ctx->digestsize here.
1291  *
1292  * Return: -EINPROGRESS: crypto request has been accepted and result will be
1293  *			 returned asynchronously
1294  *         Any other value indicates an error
1295  */
1296 static int handle_aead_req(struct iproc_reqctx_s *rctx)
1297 {
1298 	struct spu_hw *spu = &iproc_priv.spu;
1299 	struct crypto_async_request *areq = rctx->parent;
1300 	struct aead_request *req = container_of(areq,
1301 						struct aead_request, base);
1302 	struct iproc_ctx_s *ctx = rctx->ctx;
1303 	int err;
1304 	unsigned int chunksize;
1305 	unsigned int resp_len;
1306 	u32 spu_hdr_len;
1307 	u32 db_size;
1308 	u32 stat_pad_len;
1309 	u32 pad_len;
1310 	struct brcm_message *mssg;	/* mailbox message */
1311 	struct spu_request_opts req_opts;
1312 	struct spu_cipher_parms cipher_parms;
1313 	struct spu_hash_parms hash_parms;
1314 	struct spu_aead_parms aead_parms;
1315 	int assoc_nents = 0;
1316 	bool incl_icv = false;
1317 	unsigned int digestsize = ctx->digestsize;
1318 
1319 	/* number of entries in src and dst sg. Always includes SPU msg header.
1320 	 */
1321 	u8 rx_frag_num = 2;	/* and STATUS */
1322 	u8 tx_frag_num = 1;
1323 
1324 	/* doing the whole thing at once */
1325 	chunksize = rctx->total_todo;
1326 
1327 	flow_log("%s: chunksize %u\n", __func__, chunksize);
1328 
1329 	memset(&req_opts, 0, sizeof(req_opts));
1330 	memset(&hash_parms, 0, sizeof(hash_parms));
1331 	memset(&aead_parms, 0, sizeof(aead_parms));
1332 
1333 	req_opts.is_inbound = !(rctx->is_encrypt);
1334 	req_opts.auth_first = ctx->auth_first;
1335 	req_opts.is_aead = true;
1336 	req_opts.is_esp = ctx->is_esp;
1337 
1338 	cipher_parms.alg = ctx->cipher.alg;
1339 	cipher_parms.mode = ctx->cipher.mode;
1340 	cipher_parms.type = ctx->cipher_type;
1341 	cipher_parms.key_buf = ctx->enckey;
1342 	cipher_parms.key_len = ctx->enckeylen;
1343 	cipher_parms.iv_buf = rctx->msg_buf.iv_ctr;
1344 	cipher_parms.iv_len = rctx->iv_ctr_len;
1345 
1346 	hash_parms.alg = ctx->auth.alg;
1347 	hash_parms.mode = ctx->auth.mode;
1348 	hash_parms.type = HASH_TYPE_NONE;
1349 	hash_parms.key_buf = (u8 *)ctx->authkey;
1350 	hash_parms.key_len = ctx->authkeylen;
1351 	hash_parms.digestsize = digestsize;
1352 
1353 	if ((ctx->auth.alg == HASH_ALG_SHA224) &&
1354 	    (ctx->authkeylen < SHA224_DIGEST_SIZE))
1355 		hash_parms.key_len = SHA224_DIGEST_SIZE;
1356 
1357 	aead_parms.assoc_size = req->assoclen;
1358 	if (ctx->is_esp && !ctx->is_rfc4543) {
1359 		/*
1360 		 * 8-byte IV is included assoc data in request. SPU2
1361 		 * expects AAD to include just SPI and seqno. So
1362 		 * subtract off the IV len.
1363 		 */
1364 		aead_parms.assoc_size -= GCM_RFC4106_IV_SIZE;
1365 
1366 		if (rctx->is_encrypt) {
1367 			aead_parms.return_iv = true;
1368 			aead_parms.ret_iv_len = GCM_RFC4106_IV_SIZE;
1369 			aead_parms.ret_iv_off = GCM_ESP_SALT_SIZE;
1370 		}
1371 	} else {
1372 		aead_parms.ret_iv_len = 0;
1373 	}
1374 
1375 	/*
1376 	 * Count number of sg entries from the crypto API request that are to
1377 	 * be included in this mailbox message. For dst sg, don't count space
1378 	 * for digest. Digest gets caught in a separate buffer and copied back
1379 	 * to dst sg when processing response.
1380 	 */
1381 	rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip, chunksize);
1382 	rctx->dst_nents = spu_sg_count(rctx->dst_sg, rctx->dst_skip, chunksize);
1383 	if (aead_parms.assoc_size)
1384 		assoc_nents = spu_sg_count(rctx->assoc, 0,
1385 					   aead_parms.assoc_size);
1386 
1387 	mssg = &rctx->mb_mssg;
1388 
1389 	rctx->total_sent = chunksize;
1390 	rctx->src_sent = chunksize;
1391 	if (spu->spu_assoc_resp_len(ctx->cipher.mode,
1392 				    aead_parms.assoc_size,
1393 				    aead_parms.ret_iv_len,
1394 				    rctx->is_encrypt))
1395 		rx_frag_num++;
1396 
1397 	aead_parms.iv_len = spu->spu_aead_ivlen(ctx->cipher.mode,
1398 						rctx->iv_ctr_len);
1399 
1400 	if (ctx->auth.alg == HASH_ALG_AES)
1401 		hash_parms.type = (enum hash_type)ctx->cipher_type;
1402 
1403 	/* General case AAD padding (CCM and RFC4543 special cases below) */
1404 	aead_parms.aad_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1405 						 aead_parms.assoc_size);
1406 
1407 	/* General case data padding (CCM decrypt special case below) */
1408 	aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1409 							   chunksize);
1410 
1411 	if (ctx->cipher.mode == CIPHER_MODE_CCM) {
1412 		/*
1413 		 * for CCM, AAD len + 2 (rather than AAD len) needs to be
1414 		 * 128-bit aligned
1415 		 */
1416 		aead_parms.aad_pad_len = spu->spu_gcm_ccm_pad_len(
1417 					 ctx->cipher.mode,
1418 					 aead_parms.assoc_size + 2);
1419 
1420 		/*
1421 		 * And when decrypting CCM, need to pad without including
1422 		 * size of ICV which is tacked on to end of chunk
1423 		 */
1424 		if (!rctx->is_encrypt)
1425 			aead_parms.data_pad_len =
1426 				spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1427 							chunksize - digestsize);
1428 
1429 		/* CCM also requires software to rewrite portions of IV: */
1430 		spu->spu_ccm_update_iv(digestsize, &cipher_parms, req->assoclen,
1431 				       chunksize, rctx->is_encrypt,
1432 				       ctx->is_esp);
1433 	}
1434 
1435 	if (ctx->is_rfc4543) {
1436 		/*
1437 		 * RFC4543: data is included in AAD, so don't pad after AAD
1438 		 * and pad data based on both AAD + data size
1439 		 */
1440 		aead_parms.aad_pad_len = 0;
1441 		if (!rctx->is_encrypt)
1442 			aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(
1443 					ctx->cipher.mode,
1444 					aead_parms.assoc_size + chunksize -
1445 					digestsize);
1446 		else
1447 			aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(
1448 					ctx->cipher.mode,
1449 					aead_parms.assoc_size + chunksize);
1450 
1451 		req_opts.is_rfc4543 = true;
1452 	}
1453 
1454 	if (spu_req_incl_icv(ctx->cipher.mode, rctx->is_encrypt)) {
1455 		incl_icv = true;
1456 		tx_frag_num++;
1457 		/* Copy ICV from end of src scatterlist to digest buf */
1458 		sg_copy_part_to_buf(req->src, rctx->msg_buf.digest, digestsize,
1459 				    req->assoclen + rctx->total_sent -
1460 				    digestsize);
1461 	}
1462 
1463 	atomic64_add(chunksize, &iproc_priv.bytes_out);
1464 
1465 	flow_log("%s()-sent chunksize:%u\n", __func__, chunksize);
1466 
1467 	/* Prepend SPU header with type 3 BCM header */
1468 	memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
1469 
1470 	spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
1471 					      BCM_HDR_LEN, &req_opts,
1472 					      &cipher_parms, &hash_parms,
1473 					      &aead_parms, chunksize);
1474 
1475 	/* Determine total length of padding. Put all padding in one buffer. */
1476 	db_size = spu_real_db_size(aead_parms.assoc_size, aead_parms.iv_len, 0,
1477 				   chunksize, aead_parms.aad_pad_len,
1478 				   aead_parms.data_pad_len, 0);
1479 
1480 	stat_pad_len = spu->spu_wordalign_padlen(db_size);
1481 
1482 	if (stat_pad_len)
1483 		rx_frag_num++;
1484 	pad_len = aead_parms.data_pad_len + stat_pad_len;
1485 	if (pad_len) {
1486 		tx_frag_num++;
1487 		spu->spu_request_pad(rctx->msg_buf.spu_req_pad,
1488 				     aead_parms.data_pad_len, 0,
1489 				     ctx->auth.alg, ctx->auth.mode,
1490 				     rctx->total_sent, stat_pad_len);
1491 	}
1492 
1493 	spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
1494 			      spu_hdr_len);
1495 	dump_sg(rctx->assoc, 0, aead_parms.assoc_size);
1496 	packet_dump("    aead iv: ", rctx->msg_buf.iv_ctr, aead_parms.iv_len);
1497 	packet_log("BD:\n");
1498 	dump_sg(rctx->src_sg, rctx->src_skip, chunksize);
1499 	packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
1500 
1501 	/*
1502 	 * Build mailbox message containing SPU request msg and rx buffers
1503 	 * to catch response message
1504 	 */
1505 	memset(mssg, 0, sizeof(*mssg));
1506 	mssg->type = BRCM_MESSAGE_SPU;
1507 	mssg->ctx = rctx;	/* Will be returned in response */
1508 
1509 	/* Create rx scatterlist to catch result */
1510 	rx_frag_num += rctx->dst_nents;
1511 	resp_len = chunksize;
1512 
1513 	/*
1514 	 * Always catch ICV in separate buffer. Have to for GCM/CCM because of
1515 	 * padding. Have to for SHA-224 and other truncated SHAs because SPU
1516 	 * sends entire digest back.
1517 	 */
1518 	rx_frag_num++;
1519 
1520 	if (((ctx->cipher.mode == CIPHER_MODE_GCM) ||
1521 	     (ctx->cipher.mode == CIPHER_MODE_CCM)) && !rctx->is_encrypt) {
1522 		/*
1523 		 * Input is ciphertxt plus ICV, but ICV not incl
1524 		 * in output.
1525 		 */
1526 		resp_len -= ctx->digestsize;
1527 		if (resp_len == 0)
1528 			/* no rx frags to catch output data */
1529 			rx_frag_num -= rctx->dst_nents;
1530 	}
1531 
1532 	err = spu_aead_rx_sg_create(mssg, req, rctx, rx_frag_num,
1533 				    aead_parms.assoc_size,
1534 				    aead_parms.ret_iv_len, resp_len, digestsize,
1535 				    stat_pad_len);
1536 	if (err)
1537 		return err;
1538 
1539 	/* Create tx scatterlist containing SPU request message */
1540 	tx_frag_num += rctx->src_nents;
1541 	tx_frag_num += assoc_nents;
1542 	if (aead_parms.aad_pad_len)
1543 		tx_frag_num++;
1544 	if (aead_parms.iv_len)
1545 		tx_frag_num++;
1546 	if (spu->spu_tx_status_len())
1547 		tx_frag_num++;
1548 	err = spu_aead_tx_sg_create(mssg, rctx, tx_frag_num, spu_hdr_len,
1549 				    rctx->assoc, aead_parms.assoc_size,
1550 				    assoc_nents, aead_parms.iv_len, chunksize,
1551 				    aead_parms.aad_pad_len, pad_len, incl_icv);
1552 	if (err)
1553 		return err;
1554 
1555 	err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
1556 	if (unlikely(err < 0))
1557 		return err;
1558 
1559 	return -EINPROGRESS;
1560 }
1561 
1562 /**
1563  * handle_aead_resp() - Process a SPU response message for an AEAD request.
1564  * @rctx:  Crypto request context
1565  */
1566 static void handle_aead_resp(struct iproc_reqctx_s *rctx)
1567 {
1568 	struct spu_hw *spu = &iproc_priv.spu;
1569 	struct crypto_async_request *areq = rctx->parent;
1570 	struct aead_request *req = container_of(areq,
1571 						struct aead_request, base);
1572 	struct iproc_ctx_s *ctx = rctx->ctx;
1573 	u32 payload_len;
1574 	unsigned int icv_offset;
1575 	u32 result_len;
1576 
1577 	/* See how much data was returned */
1578 	payload_len = spu->spu_payload_length(rctx->msg_buf.spu_resp_hdr);
1579 	flow_log("payload_len %u\n", payload_len);
1580 
1581 	/* only count payload */
1582 	atomic64_add(payload_len, &iproc_priv.bytes_in);
1583 
1584 	if (req->assoclen)
1585 		packet_dump("  assoc_data ", rctx->msg_buf.a.resp_aad,
1586 			    req->assoclen);
1587 
1588 	/*
1589 	 * Copy the ICV back to the destination
1590 	 * buffer. In decrypt case, SPU gives us back the digest, but crypto
1591 	 * API doesn't expect ICV in dst buffer.
1592 	 */
1593 	result_len = req->cryptlen;
1594 	if (rctx->is_encrypt) {
1595 		icv_offset = req->assoclen + rctx->total_sent;
1596 		packet_dump("  ICV: ", rctx->msg_buf.digest, ctx->digestsize);
1597 		flow_log("copying ICV to dst sg at offset %u\n", icv_offset);
1598 		sg_copy_part_from_buf(req->dst, rctx->msg_buf.digest,
1599 				      ctx->digestsize, icv_offset);
1600 		result_len += ctx->digestsize;
1601 	}
1602 
1603 	packet_log("response data:  ");
1604 	dump_sg(req->dst, req->assoclen, result_len);
1605 
1606 	atomic_inc(&iproc_priv.op_counts[SPU_OP_AEAD]);
1607 	if (ctx->cipher.alg == CIPHER_ALG_AES) {
1608 		if (ctx->cipher.mode == CIPHER_MODE_CCM)
1609 			atomic_inc(&iproc_priv.aead_cnt[AES_CCM]);
1610 		else if (ctx->cipher.mode == CIPHER_MODE_GCM)
1611 			atomic_inc(&iproc_priv.aead_cnt[AES_GCM]);
1612 		else
1613 			atomic_inc(&iproc_priv.aead_cnt[AUTHENC]);
1614 	} else {
1615 		atomic_inc(&iproc_priv.aead_cnt[AUTHENC]);
1616 	}
1617 }
1618 
1619 /**
1620  * spu_chunk_cleanup() - Do cleanup after processing one chunk of a request
1621  * @rctx:  request context
1622  *
1623  * Mailbox scatterlists are allocated for each chunk. So free them after
1624  * processing each chunk.
1625  */
1626 static void spu_chunk_cleanup(struct iproc_reqctx_s *rctx)
1627 {
1628 	/* mailbox message used to tx request */
1629 	struct brcm_message *mssg = &rctx->mb_mssg;
1630 
1631 	kfree(mssg->spu.src);
1632 	kfree(mssg->spu.dst);
1633 	memset(mssg, 0, sizeof(struct brcm_message));
1634 }
1635 
1636 /**
1637  * finish_req() - Used to invoke the complete callback from the requester when
1638  * a request has been handled asynchronously.
1639  * @rctx:  Request context
1640  * @err:   Indicates whether the request was successful or not
1641  *
1642  * Ensures that cleanup has been done for request
1643  */
1644 static void finish_req(struct iproc_reqctx_s *rctx, int err)
1645 {
1646 	struct crypto_async_request *areq = rctx->parent;
1647 
1648 	flow_log("%s() err:%d\n\n", __func__, err);
1649 
1650 	/* No harm done if already called */
1651 	spu_chunk_cleanup(rctx);
1652 
1653 	if (areq)
1654 		areq->complete(areq, err);
1655 }
1656 
1657 /**
1658  * spu_rx_callback() - Callback from mailbox framework with a SPU response.
1659  * @cl:		mailbox client structure for SPU driver
1660  * @msg:	mailbox message containing SPU response
1661  */
1662 static void spu_rx_callback(struct mbox_client *cl, void *msg)
1663 {
1664 	struct spu_hw *spu = &iproc_priv.spu;
1665 	struct brcm_message *mssg = msg;
1666 	struct iproc_reqctx_s *rctx;
1667 	int err = 0;
1668 
1669 	rctx = mssg->ctx;
1670 	if (unlikely(!rctx)) {
1671 		/* This is fatal */
1672 		pr_err("%s(): no request context", __func__);
1673 		err = -EFAULT;
1674 		goto cb_finish;
1675 	}
1676 
1677 	/* process the SPU status */
1678 	err = spu->spu_status_process(rctx->msg_buf.rx_stat);
1679 	if (err != 0) {
1680 		if (err == SPU_INVALID_ICV)
1681 			atomic_inc(&iproc_priv.bad_icv);
1682 		err = -EBADMSG;
1683 		goto cb_finish;
1684 	}
1685 
1686 	/* Process the SPU response message */
1687 	switch (rctx->ctx->alg->type) {
1688 	case CRYPTO_ALG_TYPE_SKCIPHER:
1689 		handle_skcipher_resp(rctx);
1690 		break;
1691 	case CRYPTO_ALG_TYPE_AHASH:
1692 		handle_ahash_resp(rctx);
1693 		break;
1694 	case CRYPTO_ALG_TYPE_AEAD:
1695 		handle_aead_resp(rctx);
1696 		break;
1697 	default:
1698 		err = -EINVAL;
1699 		goto cb_finish;
1700 	}
1701 
1702 	/*
1703 	 * If this response does not complete the request, then send the next
1704 	 * request chunk.
1705 	 */
1706 	if (rctx->total_sent < rctx->total_todo) {
1707 		/* Deallocate anything specific to previous chunk */
1708 		spu_chunk_cleanup(rctx);
1709 
1710 		switch (rctx->ctx->alg->type) {
1711 		case CRYPTO_ALG_TYPE_SKCIPHER:
1712 			err = handle_skcipher_req(rctx);
1713 			break;
1714 		case CRYPTO_ALG_TYPE_AHASH:
1715 			err = handle_ahash_req(rctx);
1716 			if (err == -EAGAIN)
1717 				/*
1718 				 * we saved data in hash carry, but tell crypto
1719 				 * API we successfully completed request.
1720 				 */
1721 				err = 0;
1722 			break;
1723 		case CRYPTO_ALG_TYPE_AEAD:
1724 			err = handle_aead_req(rctx);
1725 			break;
1726 		default:
1727 			err = -EINVAL;
1728 		}
1729 
1730 		if (err == -EINPROGRESS)
1731 			/* Successfully submitted request for next chunk */
1732 			return;
1733 	}
1734 
1735 cb_finish:
1736 	finish_req(rctx, err);
1737 }
1738 
1739 /* ==================== Kernel Cryptographic API ==================== */
1740 
1741 /**
1742  * skcipher_enqueue() - Handle skcipher encrypt or decrypt request.
1743  * @req:	Crypto API request
1744  * @encrypt:	true if encrypting; false if decrypting
1745  *
1746  * Return: -EINPROGRESS if request accepted and result will be returned
1747  *			asynchronously
1748  *	   < 0 if an error
1749  */
1750 static int skcipher_enqueue(struct skcipher_request *req, bool encrypt)
1751 {
1752 	struct iproc_reqctx_s *rctx = skcipher_request_ctx(req);
1753 	struct iproc_ctx_s *ctx =
1754 	    crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
1755 	int err;
1756 
1757 	flow_log("%s() enc:%u\n", __func__, encrypt);
1758 
1759 	rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
1760 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
1761 	rctx->parent = &req->base;
1762 	rctx->is_encrypt = encrypt;
1763 	rctx->bd_suppress = false;
1764 	rctx->total_todo = req->cryptlen;
1765 	rctx->src_sent = 0;
1766 	rctx->total_sent = 0;
1767 	rctx->total_received = 0;
1768 	rctx->ctx = ctx;
1769 
1770 	/* Initialize current position in src and dst scatterlists */
1771 	rctx->src_sg = req->src;
1772 	rctx->src_nents = 0;
1773 	rctx->src_skip = 0;
1774 	rctx->dst_sg = req->dst;
1775 	rctx->dst_nents = 0;
1776 	rctx->dst_skip = 0;
1777 
1778 	if (ctx->cipher.mode == CIPHER_MODE_CBC ||
1779 	    ctx->cipher.mode == CIPHER_MODE_CTR ||
1780 	    ctx->cipher.mode == CIPHER_MODE_OFB ||
1781 	    ctx->cipher.mode == CIPHER_MODE_XTS ||
1782 	    ctx->cipher.mode == CIPHER_MODE_GCM ||
1783 	    ctx->cipher.mode == CIPHER_MODE_CCM) {
1784 		rctx->iv_ctr_len =
1785 		    crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req));
1786 		memcpy(rctx->msg_buf.iv_ctr, req->iv, rctx->iv_ctr_len);
1787 	} else {
1788 		rctx->iv_ctr_len = 0;
1789 	}
1790 
1791 	/* Choose a SPU to process this request */
1792 	rctx->chan_idx = select_channel();
1793 	err = handle_skcipher_req(rctx);
1794 	if (err != -EINPROGRESS)
1795 		/* synchronous result */
1796 		spu_chunk_cleanup(rctx);
1797 
1798 	return err;
1799 }
1800 
1801 static int des_setkey(struct crypto_skcipher *cipher, const u8 *key,
1802 		      unsigned int keylen)
1803 {
1804 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1805 	int err;
1806 
1807 	err = verify_skcipher_des_key(cipher, key);
1808 	if (err)
1809 		return err;
1810 
1811 	ctx->cipher_type = CIPHER_TYPE_DES;
1812 	return 0;
1813 }
1814 
1815 static int threedes_setkey(struct crypto_skcipher *cipher, const u8 *key,
1816 			   unsigned int keylen)
1817 {
1818 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1819 	int err;
1820 
1821 	err = verify_skcipher_des3_key(cipher, key);
1822 	if (err)
1823 		return err;
1824 
1825 	ctx->cipher_type = CIPHER_TYPE_3DES;
1826 	return 0;
1827 }
1828 
1829 static int aes_setkey(struct crypto_skcipher *cipher, const u8 *key,
1830 		      unsigned int keylen)
1831 {
1832 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1833 
1834 	if (ctx->cipher.mode == CIPHER_MODE_XTS)
1835 		/* XTS includes two keys of equal length */
1836 		keylen = keylen / 2;
1837 
1838 	switch (keylen) {
1839 	case AES_KEYSIZE_128:
1840 		ctx->cipher_type = CIPHER_TYPE_AES128;
1841 		break;
1842 	case AES_KEYSIZE_192:
1843 		ctx->cipher_type = CIPHER_TYPE_AES192;
1844 		break;
1845 	case AES_KEYSIZE_256:
1846 		ctx->cipher_type = CIPHER_TYPE_AES256;
1847 		break;
1848 	default:
1849 		crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
1850 		return -EINVAL;
1851 	}
1852 	WARN_ON((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
1853 		((ctx->max_payload % AES_BLOCK_SIZE) != 0));
1854 	return 0;
1855 }
1856 
1857 static int rc4_setkey(struct crypto_skcipher *cipher, const u8 *key,
1858 		      unsigned int keylen)
1859 {
1860 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1861 	int i;
1862 
1863 	ctx->enckeylen = ARC4_MAX_KEY_SIZE + ARC4_STATE_SIZE;
1864 
1865 	ctx->enckey[0] = 0x00;	/* 0x00 */
1866 	ctx->enckey[1] = 0x00;	/* i    */
1867 	ctx->enckey[2] = 0x00;	/* 0x00 */
1868 	ctx->enckey[3] = 0x00;	/* j    */
1869 	for (i = 0; i < ARC4_MAX_KEY_SIZE; i++)
1870 		ctx->enckey[i + ARC4_STATE_SIZE] = key[i % keylen];
1871 
1872 	ctx->cipher_type = CIPHER_TYPE_INIT;
1873 
1874 	return 0;
1875 }
1876 
1877 static int skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key,
1878 			     unsigned int keylen)
1879 {
1880 	struct spu_hw *spu = &iproc_priv.spu;
1881 	struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1882 	struct spu_cipher_parms cipher_parms;
1883 	u32 alloc_len = 0;
1884 	int err;
1885 
1886 	flow_log("skcipher_setkey() keylen: %d\n", keylen);
1887 	flow_dump("  key: ", key, keylen);
1888 
1889 	switch (ctx->cipher.alg) {
1890 	case CIPHER_ALG_DES:
1891 		err = des_setkey(cipher, key, keylen);
1892 		break;
1893 	case CIPHER_ALG_3DES:
1894 		err = threedes_setkey(cipher, key, keylen);
1895 		break;
1896 	case CIPHER_ALG_AES:
1897 		err = aes_setkey(cipher, key, keylen);
1898 		break;
1899 	case CIPHER_ALG_RC4:
1900 		err = rc4_setkey(cipher, key, keylen);
1901 		break;
1902 	default:
1903 		pr_err("%s() Error: unknown cipher alg\n", __func__);
1904 		err = -EINVAL;
1905 	}
1906 	if (err)
1907 		return err;
1908 
1909 	/* RC4 already populated ctx->enkey */
1910 	if (ctx->cipher.alg != CIPHER_ALG_RC4) {
1911 		memcpy(ctx->enckey, key, keylen);
1912 		ctx->enckeylen = keylen;
1913 	}
1914 	/* SPU needs XTS keys in the reverse order the crypto API presents */
1915 	if ((ctx->cipher.alg == CIPHER_ALG_AES) &&
1916 	    (ctx->cipher.mode == CIPHER_MODE_XTS)) {
1917 		unsigned int xts_keylen = keylen / 2;
1918 
1919 		memcpy(ctx->enckey, key + xts_keylen, xts_keylen);
1920 		memcpy(ctx->enckey + xts_keylen, key, xts_keylen);
1921 	}
1922 
1923 	if (spu->spu_type == SPU_TYPE_SPUM)
1924 		alloc_len = BCM_HDR_LEN + SPU_HEADER_ALLOC_LEN;
1925 	else if (spu->spu_type == SPU_TYPE_SPU2)
1926 		alloc_len = BCM_HDR_LEN + SPU2_HEADER_ALLOC_LEN;
1927 	memset(ctx->bcm_spu_req_hdr, 0, alloc_len);
1928 	cipher_parms.iv_buf = NULL;
1929 	cipher_parms.iv_len = crypto_skcipher_ivsize(cipher);
1930 	flow_log("%s: iv_len %u\n", __func__, cipher_parms.iv_len);
1931 
1932 	cipher_parms.alg = ctx->cipher.alg;
1933 	cipher_parms.mode = ctx->cipher.mode;
1934 	cipher_parms.type = ctx->cipher_type;
1935 	cipher_parms.key_buf = ctx->enckey;
1936 	cipher_parms.key_len = ctx->enckeylen;
1937 
1938 	/* Prepend SPU request message with BCM header */
1939 	memcpy(ctx->bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
1940 	ctx->spu_req_hdr_len =
1941 	    spu->spu_cipher_req_init(ctx->bcm_spu_req_hdr + BCM_HDR_LEN,
1942 				     &cipher_parms);
1943 
1944 	ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
1945 							  ctx->enckeylen,
1946 							  false);
1947 
1948 	atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_CIPHER]);
1949 
1950 	return 0;
1951 }
1952 
1953 static int skcipher_encrypt(struct skcipher_request *req)
1954 {
1955 	flow_log("skcipher_encrypt() nbytes:%u\n", req->cryptlen);
1956 
1957 	return skcipher_enqueue(req, true);
1958 }
1959 
1960 static int skcipher_decrypt(struct skcipher_request *req)
1961 {
1962 	flow_log("skcipher_decrypt() nbytes:%u\n", req->cryptlen);
1963 	return skcipher_enqueue(req, false);
1964 }
1965 
1966 static int ahash_enqueue(struct ahash_request *req)
1967 {
1968 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
1969 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1970 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
1971 	int err = 0;
1972 	const char *alg_name;
1973 
1974 	flow_log("ahash_enqueue() nbytes:%u\n", req->nbytes);
1975 
1976 	rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
1977 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
1978 	rctx->parent = &req->base;
1979 	rctx->ctx = ctx;
1980 	rctx->bd_suppress = true;
1981 	memset(&rctx->mb_mssg, 0, sizeof(struct brcm_message));
1982 
1983 	/* Initialize position in src scatterlist */
1984 	rctx->src_sg = req->src;
1985 	rctx->src_skip = 0;
1986 	rctx->src_nents = 0;
1987 	rctx->dst_sg = NULL;
1988 	rctx->dst_skip = 0;
1989 	rctx->dst_nents = 0;
1990 
1991 	/* SPU2 hardware does not compute hash of zero length data */
1992 	if ((rctx->is_final == 1) && (rctx->total_todo == 0) &&
1993 	    (iproc_priv.spu.spu_type == SPU_TYPE_SPU2)) {
1994 		alg_name = crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
1995 		flow_log("Doing %sfinal %s zero-len hash request in software\n",
1996 			 rctx->is_final ? "" : "non-", alg_name);
1997 		err = do_shash((unsigned char *)alg_name, req->result,
1998 			       NULL, 0, NULL, 0, ctx->authkey,
1999 			       ctx->authkeylen);
2000 		if (err < 0)
2001 			flow_log("Hash request failed with error %d\n", err);
2002 		return err;
2003 	}
2004 	/* Choose a SPU to process this request */
2005 	rctx->chan_idx = select_channel();
2006 
2007 	err = handle_ahash_req(rctx);
2008 	if (err != -EINPROGRESS)
2009 		/* synchronous result */
2010 		spu_chunk_cleanup(rctx);
2011 
2012 	if (err == -EAGAIN)
2013 		/*
2014 		 * we saved data in hash carry, but tell crypto API
2015 		 * we successfully completed request.
2016 		 */
2017 		err = 0;
2018 
2019 	return err;
2020 }
2021 
2022 static int __ahash_init(struct ahash_request *req)
2023 {
2024 	struct spu_hw *spu = &iproc_priv.spu;
2025 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2026 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2027 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2028 
2029 	flow_log("%s()\n", __func__);
2030 
2031 	/* Initialize the context */
2032 	rctx->hash_carry_len = 0;
2033 	rctx->is_final = 0;
2034 
2035 	rctx->total_todo = 0;
2036 	rctx->src_sent = 0;
2037 	rctx->total_sent = 0;
2038 	rctx->total_received = 0;
2039 
2040 	ctx->digestsize = crypto_ahash_digestsize(tfm);
2041 	/* If we add a hash whose digest is larger, catch it here. */
2042 	WARN_ON(ctx->digestsize > MAX_DIGEST_SIZE);
2043 
2044 	rctx->is_sw_hmac = false;
2045 
2046 	ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen, 0,
2047 							  true);
2048 
2049 	return 0;
2050 }
2051 
2052 /**
2053  * spu_no_incr_hash() - Determine whether incremental hashing is supported.
2054  * @ctx:  Crypto session context
2055  *
2056  * SPU-2 does not support incremental hashing (we'll have to revisit and
2057  * condition based on chip revision or device tree entry if future versions do
2058  * support incremental hash)
2059  *
2060  * SPU-M also doesn't support incremental hashing of AES-XCBC
2061  *
2062  * Return: true if incremental hashing is not supported
2063  *         false otherwise
2064  */
2065 static bool spu_no_incr_hash(struct iproc_ctx_s *ctx)
2066 {
2067 	struct spu_hw *spu = &iproc_priv.spu;
2068 
2069 	if (spu->spu_type == SPU_TYPE_SPU2)
2070 		return true;
2071 
2072 	if ((ctx->auth.alg == HASH_ALG_AES) &&
2073 	    (ctx->auth.mode == HASH_MODE_XCBC))
2074 		return true;
2075 
2076 	/* Otherwise, incremental hashing is supported */
2077 	return false;
2078 }
2079 
2080 static int ahash_init(struct ahash_request *req)
2081 {
2082 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2083 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2084 	const char *alg_name;
2085 	struct crypto_shash *hash;
2086 	int ret;
2087 	gfp_t gfp;
2088 
2089 	if (spu_no_incr_hash(ctx)) {
2090 		/*
2091 		 * If we get an incremental hashing request and it's not
2092 		 * supported by the hardware, we need to handle it in software
2093 		 * by calling synchronous hash functions.
2094 		 */
2095 		alg_name = crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
2096 		hash = crypto_alloc_shash(alg_name, 0, 0);
2097 		if (IS_ERR(hash)) {
2098 			ret = PTR_ERR(hash);
2099 			goto err;
2100 		}
2101 
2102 		gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2103 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2104 		ctx->shash = kmalloc(sizeof(*ctx->shash) +
2105 				     crypto_shash_descsize(hash), gfp);
2106 		if (!ctx->shash) {
2107 			ret = -ENOMEM;
2108 			goto err_hash;
2109 		}
2110 		ctx->shash->tfm = hash;
2111 
2112 		/* Set the key using data we already have from setkey */
2113 		if (ctx->authkeylen > 0) {
2114 			ret = crypto_shash_setkey(hash, ctx->authkey,
2115 						  ctx->authkeylen);
2116 			if (ret)
2117 				goto err_shash;
2118 		}
2119 
2120 		/* Initialize hash w/ this key and other params */
2121 		ret = crypto_shash_init(ctx->shash);
2122 		if (ret)
2123 			goto err_shash;
2124 	} else {
2125 		/* Otherwise call the internal function which uses SPU hw */
2126 		ret = __ahash_init(req);
2127 	}
2128 
2129 	return ret;
2130 
2131 err_shash:
2132 	kfree(ctx->shash);
2133 err_hash:
2134 	crypto_free_shash(hash);
2135 err:
2136 	return ret;
2137 }
2138 
2139 static int __ahash_update(struct ahash_request *req)
2140 {
2141 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2142 
2143 	flow_log("ahash_update() nbytes:%u\n", req->nbytes);
2144 
2145 	if (!req->nbytes)
2146 		return 0;
2147 	rctx->total_todo += req->nbytes;
2148 	rctx->src_sent = 0;
2149 
2150 	return ahash_enqueue(req);
2151 }
2152 
2153 static int ahash_update(struct ahash_request *req)
2154 {
2155 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2156 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2157 	u8 *tmpbuf;
2158 	int ret;
2159 	int nents;
2160 	gfp_t gfp;
2161 
2162 	if (spu_no_incr_hash(ctx)) {
2163 		/*
2164 		 * If we get an incremental hashing request and it's not
2165 		 * supported by the hardware, we need to handle it in software
2166 		 * by calling synchronous hash functions.
2167 		 */
2168 		if (req->src)
2169 			nents = sg_nents(req->src);
2170 		else
2171 			return -EINVAL;
2172 
2173 		/* Copy data from req scatterlist to tmp buffer */
2174 		gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2175 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2176 		tmpbuf = kmalloc(req->nbytes, gfp);
2177 		if (!tmpbuf)
2178 			return -ENOMEM;
2179 
2180 		if (sg_copy_to_buffer(req->src, nents, tmpbuf, req->nbytes) !=
2181 				req->nbytes) {
2182 			kfree(tmpbuf);
2183 			return -EINVAL;
2184 		}
2185 
2186 		/* Call synchronous update */
2187 		ret = crypto_shash_update(ctx->shash, tmpbuf, req->nbytes);
2188 		kfree(tmpbuf);
2189 	} else {
2190 		/* Otherwise call the internal function which uses SPU hw */
2191 		ret = __ahash_update(req);
2192 	}
2193 
2194 	return ret;
2195 }
2196 
2197 static int __ahash_final(struct ahash_request *req)
2198 {
2199 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2200 
2201 	flow_log("ahash_final() nbytes:%u\n", req->nbytes);
2202 
2203 	rctx->is_final = 1;
2204 
2205 	return ahash_enqueue(req);
2206 }
2207 
2208 static int ahash_final(struct ahash_request *req)
2209 {
2210 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2211 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2212 	int ret;
2213 
2214 	if (spu_no_incr_hash(ctx)) {
2215 		/*
2216 		 * If we get an incremental hashing request and it's not
2217 		 * supported by the hardware, we need to handle it in software
2218 		 * by calling synchronous hash functions.
2219 		 */
2220 		ret = crypto_shash_final(ctx->shash, req->result);
2221 
2222 		/* Done with hash, can deallocate it now */
2223 		crypto_free_shash(ctx->shash->tfm);
2224 		kfree(ctx->shash);
2225 
2226 	} else {
2227 		/* Otherwise call the internal function which uses SPU hw */
2228 		ret = __ahash_final(req);
2229 	}
2230 
2231 	return ret;
2232 }
2233 
2234 static int __ahash_finup(struct ahash_request *req)
2235 {
2236 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2237 
2238 	flow_log("ahash_finup() nbytes:%u\n", req->nbytes);
2239 
2240 	rctx->total_todo += req->nbytes;
2241 	rctx->src_sent = 0;
2242 	rctx->is_final = 1;
2243 
2244 	return ahash_enqueue(req);
2245 }
2246 
2247 static int ahash_finup(struct ahash_request *req)
2248 {
2249 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2250 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2251 	u8 *tmpbuf;
2252 	int ret;
2253 	int nents;
2254 	gfp_t gfp;
2255 
2256 	if (spu_no_incr_hash(ctx)) {
2257 		/*
2258 		 * If we get an incremental hashing request and it's not
2259 		 * supported by the hardware, we need to handle it in software
2260 		 * by calling synchronous hash functions.
2261 		 */
2262 		if (req->src) {
2263 			nents = sg_nents(req->src);
2264 		} else {
2265 			ret = -EINVAL;
2266 			goto ahash_finup_exit;
2267 		}
2268 
2269 		/* Copy data from req scatterlist to tmp buffer */
2270 		gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2271 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2272 		tmpbuf = kmalloc(req->nbytes, gfp);
2273 		if (!tmpbuf) {
2274 			ret = -ENOMEM;
2275 			goto ahash_finup_exit;
2276 		}
2277 
2278 		if (sg_copy_to_buffer(req->src, nents, tmpbuf, req->nbytes) !=
2279 				req->nbytes) {
2280 			ret = -EINVAL;
2281 			goto ahash_finup_free;
2282 		}
2283 
2284 		/* Call synchronous update */
2285 		ret = crypto_shash_finup(ctx->shash, tmpbuf, req->nbytes,
2286 					 req->result);
2287 	} else {
2288 		/* Otherwise call the internal function which uses SPU hw */
2289 		return __ahash_finup(req);
2290 	}
2291 ahash_finup_free:
2292 	kfree(tmpbuf);
2293 
2294 ahash_finup_exit:
2295 	/* Done with hash, can deallocate it now */
2296 	crypto_free_shash(ctx->shash->tfm);
2297 	kfree(ctx->shash);
2298 	return ret;
2299 }
2300 
2301 static int ahash_digest(struct ahash_request *req)
2302 {
2303 	int err = 0;
2304 
2305 	flow_log("ahash_digest() nbytes:%u\n", req->nbytes);
2306 
2307 	/* whole thing at once */
2308 	err = __ahash_init(req);
2309 	if (!err)
2310 		err = __ahash_finup(req);
2311 
2312 	return err;
2313 }
2314 
2315 static int ahash_setkey(struct crypto_ahash *ahash, const u8 *key,
2316 			unsigned int keylen)
2317 {
2318 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(ahash);
2319 
2320 	flow_log("%s() ahash:%p key:%p keylen:%u\n",
2321 		 __func__, ahash, key, keylen);
2322 	flow_dump("  key: ", key, keylen);
2323 
2324 	if (ctx->auth.alg == HASH_ALG_AES) {
2325 		switch (keylen) {
2326 		case AES_KEYSIZE_128:
2327 			ctx->cipher_type = CIPHER_TYPE_AES128;
2328 			break;
2329 		case AES_KEYSIZE_192:
2330 			ctx->cipher_type = CIPHER_TYPE_AES192;
2331 			break;
2332 		case AES_KEYSIZE_256:
2333 			ctx->cipher_type = CIPHER_TYPE_AES256;
2334 			break;
2335 		default:
2336 			pr_err("%s() Error: Invalid key length\n", __func__);
2337 			return -EINVAL;
2338 		}
2339 	} else {
2340 		pr_err("%s() Error: unknown hash alg\n", __func__);
2341 		return -EINVAL;
2342 	}
2343 	memcpy(ctx->authkey, key, keylen);
2344 	ctx->authkeylen = keylen;
2345 
2346 	return 0;
2347 }
2348 
2349 static int ahash_export(struct ahash_request *req, void *out)
2350 {
2351 	const struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2352 	struct spu_hash_export_s *spu_exp = (struct spu_hash_export_s *)out;
2353 
2354 	spu_exp->total_todo = rctx->total_todo;
2355 	spu_exp->total_sent = rctx->total_sent;
2356 	spu_exp->is_sw_hmac = rctx->is_sw_hmac;
2357 	memcpy(spu_exp->hash_carry, rctx->hash_carry, sizeof(rctx->hash_carry));
2358 	spu_exp->hash_carry_len = rctx->hash_carry_len;
2359 	memcpy(spu_exp->incr_hash, rctx->incr_hash, sizeof(rctx->incr_hash));
2360 
2361 	return 0;
2362 }
2363 
2364 static int ahash_import(struct ahash_request *req, const void *in)
2365 {
2366 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2367 	struct spu_hash_export_s *spu_exp = (struct spu_hash_export_s *)in;
2368 
2369 	rctx->total_todo = spu_exp->total_todo;
2370 	rctx->total_sent = spu_exp->total_sent;
2371 	rctx->is_sw_hmac = spu_exp->is_sw_hmac;
2372 	memcpy(rctx->hash_carry, spu_exp->hash_carry, sizeof(rctx->hash_carry));
2373 	rctx->hash_carry_len = spu_exp->hash_carry_len;
2374 	memcpy(rctx->incr_hash, spu_exp->incr_hash, sizeof(rctx->incr_hash));
2375 
2376 	return 0;
2377 }
2378 
2379 static int ahash_hmac_setkey(struct crypto_ahash *ahash, const u8 *key,
2380 			     unsigned int keylen)
2381 {
2382 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(ahash);
2383 	unsigned int blocksize =
2384 		crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
2385 	unsigned int digestsize = crypto_ahash_digestsize(ahash);
2386 	unsigned int index;
2387 	int rc;
2388 
2389 	flow_log("%s() ahash:%p key:%p keylen:%u blksz:%u digestsz:%u\n",
2390 		 __func__, ahash, key, keylen, blocksize, digestsize);
2391 	flow_dump("  key: ", key, keylen);
2392 
2393 	if (keylen > blocksize) {
2394 		switch (ctx->auth.alg) {
2395 		case HASH_ALG_MD5:
2396 			rc = do_shash("md5", ctx->authkey, key, keylen, NULL,
2397 				      0, NULL, 0);
2398 			break;
2399 		case HASH_ALG_SHA1:
2400 			rc = do_shash("sha1", ctx->authkey, key, keylen, NULL,
2401 				      0, NULL, 0);
2402 			break;
2403 		case HASH_ALG_SHA224:
2404 			rc = do_shash("sha224", ctx->authkey, key, keylen, NULL,
2405 				      0, NULL, 0);
2406 			break;
2407 		case HASH_ALG_SHA256:
2408 			rc = do_shash("sha256", ctx->authkey, key, keylen, NULL,
2409 				      0, NULL, 0);
2410 			break;
2411 		case HASH_ALG_SHA384:
2412 			rc = do_shash("sha384", ctx->authkey, key, keylen, NULL,
2413 				      0, NULL, 0);
2414 			break;
2415 		case HASH_ALG_SHA512:
2416 			rc = do_shash("sha512", ctx->authkey, key, keylen, NULL,
2417 				      0, NULL, 0);
2418 			break;
2419 		case HASH_ALG_SHA3_224:
2420 			rc = do_shash("sha3-224", ctx->authkey, key, keylen,
2421 				      NULL, 0, NULL, 0);
2422 			break;
2423 		case HASH_ALG_SHA3_256:
2424 			rc = do_shash("sha3-256", ctx->authkey, key, keylen,
2425 				      NULL, 0, NULL, 0);
2426 			break;
2427 		case HASH_ALG_SHA3_384:
2428 			rc = do_shash("sha3-384", ctx->authkey, key, keylen,
2429 				      NULL, 0, NULL, 0);
2430 			break;
2431 		case HASH_ALG_SHA3_512:
2432 			rc = do_shash("sha3-512", ctx->authkey, key, keylen,
2433 				      NULL, 0, NULL, 0);
2434 			break;
2435 		default:
2436 			pr_err("%s() Error: unknown hash alg\n", __func__);
2437 			return -EINVAL;
2438 		}
2439 		if (rc < 0) {
2440 			pr_err("%s() Error %d computing shash for %s\n",
2441 			       __func__, rc, hash_alg_name[ctx->auth.alg]);
2442 			return rc;
2443 		}
2444 		ctx->authkeylen = digestsize;
2445 
2446 		flow_log("  keylen > digestsize... hashed\n");
2447 		flow_dump("  newkey: ", ctx->authkey, ctx->authkeylen);
2448 	} else {
2449 		memcpy(ctx->authkey, key, keylen);
2450 		ctx->authkeylen = keylen;
2451 	}
2452 
2453 	/*
2454 	 * Full HMAC operation in SPUM is not verified,
2455 	 * So keeping the generation of IPAD, OPAD and
2456 	 * outer hashing in software.
2457 	 */
2458 	if (iproc_priv.spu.spu_type == SPU_TYPE_SPUM) {
2459 		memcpy(ctx->ipad, ctx->authkey, ctx->authkeylen);
2460 		memset(ctx->ipad + ctx->authkeylen, 0,
2461 		       blocksize - ctx->authkeylen);
2462 		ctx->authkeylen = 0;
2463 		memcpy(ctx->opad, ctx->ipad, blocksize);
2464 
2465 		for (index = 0; index < blocksize; index++) {
2466 			ctx->ipad[index] ^= HMAC_IPAD_VALUE;
2467 			ctx->opad[index] ^= HMAC_OPAD_VALUE;
2468 		}
2469 
2470 		flow_dump("  ipad: ", ctx->ipad, blocksize);
2471 		flow_dump("  opad: ", ctx->opad, blocksize);
2472 	}
2473 	ctx->digestsize = digestsize;
2474 	atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_HMAC]);
2475 
2476 	return 0;
2477 }
2478 
2479 static int ahash_hmac_init(struct ahash_request *req)
2480 {
2481 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2482 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2483 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2484 	unsigned int blocksize =
2485 			crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
2486 
2487 	flow_log("ahash_hmac_init()\n");
2488 
2489 	/* init the context as a hash */
2490 	ahash_init(req);
2491 
2492 	if (!spu_no_incr_hash(ctx)) {
2493 		/* SPU-M can do incr hashing but needs sw for outer HMAC */
2494 		rctx->is_sw_hmac = true;
2495 		ctx->auth.mode = HASH_MODE_HASH;
2496 		/* start with a prepended ipad */
2497 		memcpy(rctx->hash_carry, ctx->ipad, blocksize);
2498 		rctx->hash_carry_len = blocksize;
2499 		rctx->total_todo += blocksize;
2500 	}
2501 
2502 	return 0;
2503 }
2504 
2505 static int ahash_hmac_update(struct ahash_request *req)
2506 {
2507 	flow_log("ahash_hmac_update() nbytes:%u\n", req->nbytes);
2508 
2509 	if (!req->nbytes)
2510 		return 0;
2511 
2512 	return ahash_update(req);
2513 }
2514 
2515 static int ahash_hmac_final(struct ahash_request *req)
2516 {
2517 	flow_log("ahash_hmac_final() nbytes:%u\n", req->nbytes);
2518 
2519 	return ahash_final(req);
2520 }
2521 
2522 static int ahash_hmac_finup(struct ahash_request *req)
2523 {
2524 	flow_log("ahash_hmac_finupl() nbytes:%u\n", req->nbytes);
2525 
2526 	return ahash_finup(req);
2527 }
2528 
2529 static int ahash_hmac_digest(struct ahash_request *req)
2530 {
2531 	struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2532 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2533 	struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2534 	unsigned int blocksize =
2535 			crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
2536 
2537 	flow_log("ahash_hmac_digest() nbytes:%u\n", req->nbytes);
2538 
2539 	/* Perform initialization and then call finup */
2540 	__ahash_init(req);
2541 
2542 	if (iproc_priv.spu.spu_type == SPU_TYPE_SPU2) {
2543 		/*
2544 		 * SPU2 supports full HMAC implementation in the
2545 		 * hardware, need not to generate IPAD, OPAD and
2546 		 * outer hash in software.
2547 		 * Only for hash key len > hash block size, SPU2
2548 		 * expects to perform hashing on the key, shorten
2549 		 * it to digest size and feed it as hash key.
2550 		 */
2551 		rctx->is_sw_hmac = false;
2552 		ctx->auth.mode = HASH_MODE_HMAC;
2553 	} else {
2554 		rctx->is_sw_hmac = true;
2555 		ctx->auth.mode = HASH_MODE_HASH;
2556 		/* start with a prepended ipad */
2557 		memcpy(rctx->hash_carry, ctx->ipad, blocksize);
2558 		rctx->hash_carry_len = blocksize;
2559 		rctx->total_todo += blocksize;
2560 	}
2561 
2562 	return __ahash_finup(req);
2563 }
2564 
2565 /* aead helpers */
2566 
2567 static int aead_need_fallback(struct aead_request *req)
2568 {
2569 	struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2570 	struct spu_hw *spu = &iproc_priv.spu;
2571 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
2572 	struct iproc_ctx_s *ctx = crypto_aead_ctx(aead);
2573 	u32 payload_len;
2574 
2575 	/*
2576 	 * SPU hardware cannot handle the AES-GCM/CCM case where plaintext
2577 	 * and AAD are both 0 bytes long. So use fallback in this case.
2578 	 */
2579 	if (((ctx->cipher.mode == CIPHER_MODE_GCM) ||
2580 	     (ctx->cipher.mode == CIPHER_MODE_CCM)) &&
2581 	    (req->assoclen == 0)) {
2582 		if ((rctx->is_encrypt && (req->cryptlen == 0)) ||
2583 		    (!rctx->is_encrypt && (req->cryptlen == ctx->digestsize))) {
2584 			flow_log("AES GCM/CCM needs fallback for 0 len req\n");
2585 			return 1;
2586 		}
2587 	}
2588 
2589 	/* SPU-M hardware only supports CCM digest size of 8, 12, or 16 bytes */
2590 	if ((ctx->cipher.mode == CIPHER_MODE_CCM) &&
2591 	    (spu->spu_type == SPU_TYPE_SPUM) &&
2592 	    (ctx->digestsize != 8) && (ctx->digestsize != 12) &&
2593 	    (ctx->digestsize != 16)) {
2594 		flow_log("%s() AES CCM needs fallback for digest size %d\n",
2595 			 __func__, ctx->digestsize);
2596 		return 1;
2597 	}
2598 
2599 	/*
2600 	 * SPU-M on NSP has an issue where AES-CCM hash is not correct
2601 	 * when AAD size is 0
2602 	 */
2603 	if ((ctx->cipher.mode == CIPHER_MODE_CCM) &&
2604 	    (spu->spu_subtype == SPU_SUBTYPE_SPUM_NSP) &&
2605 	    (req->assoclen == 0)) {
2606 		flow_log("%s() AES_CCM needs fallback for 0 len AAD on NSP\n",
2607 			 __func__);
2608 		return 1;
2609 	}
2610 
2611 	/*
2612 	 * RFC4106 and RFC4543 cannot handle the case where AAD is other than
2613 	 * 16 or 20 bytes long. So use fallback in this case.
2614 	 */
2615 	if (ctx->cipher.mode == CIPHER_MODE_GCM &&
2616 	    ctx->cipher.alg == CIPHER_ALG_AES &&
2617 	    rctx->iv_ctr_len == GCM_RFC4106_IV_SIZE &&
2618 	    req->assoclen != 16 && req->assoclen != 20) {
2619 		flow_log("RFC4106/RFC4543 needs fallback for assoclen"
2620 			 " other than 16 or 20 bytes\n");
2621 		return 1;
2622 	}
2623 
2624 	payload_len = req->cryptlen;
2625 	if (spu->spu_type == SPU_TYPE_SPUM)
2626 		payload_len += req->assoclen;
2627 
2628 	flow_log("%s() payload len: %u\n", __func__, payload_len);
2629 
2630 	if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
2631 		return 0;
2632 	else
2633 		return payload_len > ctx->max_payload;
2634 }
2635 
2636 static void aead_complete(struct crypto_async_request *areq, int err)
2637 {
2638 	struct aead_request *req =
2639 	    container_of(areq, struct aead_request, base);
2640 	struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2641 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
2642 
2643 	flow_log("%s() err:%d\n", __func__, err);
2644 
2645 	areq->tfm = crypto_aead_tfm(aead);
2646 
2647 	areq->complete = rctx->old_complete;
2648 	areq->data = rctx->old_data;
2649 
2650 	areq->complete(areq, err);
2651 }
2652 
2653 static int aead_do_fallback(struct aead_request *req, bool is_encrypt)
2654 {
2655 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
2656 	struct crypto_tfm *tfm = crypto_aead_tfm(aead);
2657 	struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2658 	struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
2659 	int err;
2660 	u32 req_flags;
2661 
2662 	flow_log("%s() enc:%u\n", __func__, is_encrypt);
2663 
2664 	if (ctx->fallback_cipher) {
2665 		/* Store the cipher tfm and then use the fallback tfm */
2666 		rctx->old_tfm = tfm;
2667 		aead_request_set_tfm(req, ctx->fallback_cipher);
2668 		/*
2669 		 * Save the callback and chain ourselves in, so we can restore
2670 		 * the tfm
2671 		 */
2672 		rctx->old_complete = req->base.complete;
2673 		rctx->old_data = req->base.data;
2674 		req_flags = aead_request_flags(req);
2675 		aead_request_set_callback(req, req_flags, aead_complete, req);
2676 		err = is_encrypt ? crypto_aead_encrypt(req) :
2677 		    crypto_aead_decrypt(req);
2678 
2679 		if (err == 0) {
2680 			/*
2681 			 * fallback was synchronous (did not return
2682 			 * -EINPROGRESS). So restore request state here.
2683 			 */
2684 			aead_request_set_callback(req, req_flags,
2685 						  rctx->old_complete, req);
2686 			req->base.data = rctx->old_data;
2687 			aead_request_set_tfm(req, aead);
2688 			flow_log("%s() fallback completed successfully\n\n",
2689 				 __func__);
2690 		}
2691 	} else {
2692 		err = -EINVAL;
2693 	}
2694 
2695 	return err;
2696 }
2697 
2698 static int aead_enqueue(struct aead_request *req, bool is_encrypt)
2699 {
2700 	struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2701 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
2702 	struct iproc_ctx_s *ctx = crypto_aead_ctx(aead);
2703 	int err;
2704 
2705 	flow_log("%s() enc:%u\n", __func__, is_encrypt);
2706 
2707 	if (req->assoclen > MAX_ASSOC_SIZE) {
2708 		pr_err
2709 		    ("%s() Error: associated data too long. (%u > %u bytes)\n",
2710 		     __func__, req->assoclen, MAX_ASSOC_SIZE);
2711 		return -EINVAL;
2712 	}
2713 
2714 	rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2715 		       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2716 	rctx->parent = &req->base;
2717 	rctx->is_encrypt = is_encrypt;
2718 	rctx->bd_suppress = false;
2719 	rctx->total_todo = req->cryptlen;
2720 	rctx->src_sent = 0;
2721 	rctx->total_sent = 0;
2722 	rctx->total_received = 0;
2723 	rctx->is_sw_hmac = false;
2724 	rctx->ctx = ctx;
2725 	memset(&rctx->mb_mssg, 0, sizeof(struct brcm_message));
2726 
2727 	/* assoc data is at start of src sg */
2728 	rctx->assoc = req->src;
2729 
2730 	/*
2731 	 * Init current position in src scatterlist to be after assoc data.
2732 	 * src_skip set to buffer offset where data begins. (Assoc data could
2733 	 * end in the middle of a buffer.)
2734 	 */
2735 	if (spu_sg_at_offset(req->src, req->assoclen, &rctx->src_sg,
2736 			     &rctx->src_skip) < 0) {
2737 		pr_err("%s() Error: Unable to find start of src data\n",
2738 		       __func__);
2739 		return -EINVAL;
2740 	}
2741 
2742 	rctx->src_nents = 0;
2743 	rctx->dst_nents = 0;
2744 	if (req->dst == req->src) {
2745 		rctx->dst_sg = rctx->src_sg;
2746 		rctx->dst_skip = rctx->src_skip;
2747 	} else {
2748 		/*
2749 		 * Expect req->dst to have room for assoc data followed by
2750 		 * output data and ICV, if encrypt. So initialize dst_sg
2751 		 * to point beyond assoc len offset.
2752 		 */
2753 		if (spu_sg_at_offset(req->dst, req->assoclen, &rctx->dst_sg,
2754 				     &rctx->dst_skip) < 0) {
2755 			pr_err("%s() Error: Unable to find start of dst data\n",
2756 			       __func__);
2757 			return -EINVAL;
2758 		}
2759 	}
2760 
2761 	if (ctx->cipher.mode == CIPHER_MODE_CBC ||
2762 	    ctx->cipher.mode == CIPHER_MODE_CTR ||
2763 	    ctx->cipher.mode == CIPHER_MODE_OFB ||
2764 	    ctx->cipher.mode == CIPHER_MODE_XTS ||
2765 	    ctx->cipher.mode == CIPHER_MODE_GCM) {
2766 		rctx->iv_ctr_len =
2767 			ctx->salt_len +
2768 			crypto_aead_ivsize(crypto_aead_reqtfm(req));
2769 	} else if (ctx->cipher.mode == CIPHER_MODE_CCM) {
2770 		rctx->iv_ctr_len = CCM_AES_IV_SIZE;
2771 	} else {
2772 		rctx->iv_ctr_len = 0;
2773 	}
2774 
2775 	rctx->hash_carry_len = 0;
2776 
2777 	flow_log("  src sg: %p\n", req->src);
2778 	flow_log("  rctx->src_sg: %p, src_skip %u\n",
2779 		 rctx->src_sg, rctx->src_skip);
2780 	flow_log("  assoc:  %p, assoclen %u\n", rctx->assoc, req->assoclen);
2781 	flow_log("  dst sg: %p\n", req->dst);
2782 	flow_log("  rctx->dst_sg: %p, dst_skip %u\n",
2783 		 rctx->dst_sg, rctx->dst_skip);
2784 	flow_log("  iv_ctr_len:%u\n", rctx->iv_ctr_len);
2785 	flow_dump("  iv: ", req->iv, rctx->iv_ctr_len);
2786 	flow_log("  authkeylen:%u\n", ctx->authkeylen);
2787 	flow_log("  is_esp: %s\n", ctx->is_esp ? "yes" : "no");
2788 
2789 	if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
2790 		flow_log("  max_payload infinite");
2791 	else
2792 		flow_log("  max_payload: %u\n", ctx->max_payload);
2793 
2794 	if (unlikely(aead_need_fallback(req)))
2795 		return aead_do_fallback(req, is_encrypt);
2796 
2797 	/*
2798 	 * Do memory allocations for request after fallback check, because if we
2799 	 * do fallback, we won't call finish_req() to dealloc.
2800 	 */
2801 	if (rctx->iv_ctr_len) {
2802 		if (ctx->salt_len)
2803 			memcpy(rctx->msg_buf.iv_ctr + ctx->salt_offset,
2804 			       ctx->salt, ctx->salt_len);
2805 		memcpy(rctx->msg_buf.iv_ctr + ctx->salt_offset + ctx->salt_len,
2806 		       req->iv,
2807 		       rctx->iv_ctr_len - ctx->salt_len - ctx->salt_offset);
2808 	}
2809 
2810 	rctx->chan_idx = select_channel();
2811 	err = handle_aead_req(rctx);
2812 	if (err != -EINPROGRESS)
2813 		/* synchronous result */
2814 		spu_chunk_cleanup(rctx);
2815 
2816 	return err;
2817 }
2818 
2819 static int aead_authenc_setkey(struct crypto_aead *cipher,
2820 			       const u8 *key, unsigned int keylen)
2821 {
2822 	struct spu_hw *spu = &iproc_priv.spu;
2823 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2824 	struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
2825 	struct crypto_authenc_keys keys;
2826 	int ret;
2827 
2828 	flow_log("%s() aead:%p key:%p keylen:%u\n", __func__, cipher, key,
2829 		 keylen);
2830 	flow_dump("  key: ", key, keylen);
2831 
2832 	ret = crypto_authenc_extractkeys(&keys, key, keylen);
2833 	if (ret)
2834 		goto badkey;
2835 
2836 	if (keys.enckeylen > MAX_KEY_SIZE ||
2837 	    keys.authkeylen > MAX_KEY_SIZE)
2838 		goto badkey;
2839 
2840 	ctx->enckeylen = keys.enckeylen;
2841 	ctx->authkeylen = keys.authkeylen;
2842 
2843 	memcpy(ctx->enckey, keys.enckey, keys.enckeylen);
2844 	/* May end up padding auth key. So make sure it's zeroed. */
2845 	memset(ctx->authkey, 0, sizeof(ctx->authkey));
2846 	memcpy(ctx->authkey, keys.authkey, keys.authkeylen);
2847 
2848 	switch (ctx->alg->cipher_info.alg) {
2849 	case CIPHER_ALG_DES:
2850 		if (verify_aead_des_key(cipher, keys.enckey, keys.enckeylen))
2851 			return -EINVAL;
2852 
2853 		ctx->cipher_type = CIPHER_TYPE_DES;
2854 		break;
2855 	case CIPHER_ALG_3DES:
2856 		if (verify_aead_des3_key(cipher, keys.enckey, keys.enckeylen))
2857 			return -EINVAL;
2858 
2859 		ctx->cipher_type = CIPHER_TYPE_3DES;
2860 		break;
2861 	case CIPHER_ALG_AES:
2862 		switch (ctx->enckeylen) {
2863 		case AES_KEYSIZE_128:
2864 			ctx->cipher_type = CIPHER_TYPE_AES128;
2865 			break;
2866 		case AES_KEYSIZE_192:
2867 			ctx->cipher_type = CIPHER_TYPE_AES192;
2868 			break;
2869 		case AES_KEYSIZE_256:
2870 			ctx->cipher_type = CIPHER_TYPE_AES256;
2871 			break;
2872 		default:
2873 			goto badkey;
2874 		}
2875 		break;
2876 	case CIPHER_ALG_RC4:
2877 		ctx->cipher_type = CIPHER_TYPE_INIT;
2878 		break;
2879 	default:
2880 		pr_err("%s() Error: Unknown cipher alg\n", __func__);
2881 		return -EINVAL;
2882 	}
2883 
2884 	flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2885 		 ctx->authkeylen);
2886 	flow_dump("  enc: ", ctx->enckey, ctx->enckeylen);
2887 	flow_dump("  auth: ", ctx->authkey, ctx->authkeylen);
2888 
2889 	/* setkey the fallback just in case we needto use it */
2890 	if (ctx->fallback_cipher) {
2891 		flow_log("  running fallback setkey()\n");
2892 
2893 		ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
2894 		ctx->fallback_cipher->base.crt_flags |=
2895 		    tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
2896 		ret = crypto_aead_setkey(ctx->fallback_cipher, key, keylen);
2897 		if (ret) {
2898 			flow_log("  fallback setkey() returned:%d\n", ret);
2899 			tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK;
2900 			tfm->crt_flags |=
2901 			    (ctx->fallback_cipher->base.crt_flags &
2902 			     CRYPTO_TFM_RES_MASK);
2903 		}
2904 	}
2905 
2906 	ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
2907 							  ctx->enckeylen,
2908 							  false);
2909 
2910 	atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_AEAD]);
2911 
2912 	return ret;
2913 
2914 badkey:
2915 	ctx->enckeylen = 0;
2916 	ctx->authkeylen = 0;
2917 	ctx->digestsize = 0;
2918 
2919 	crypto_aead_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
2920 	return -EINVAL;
2921 }
2922 
2923 static int aead_gcm_ccm_setkey(struct crypto_aead *cipher,
2924 			       const u8 *key, unsigned int keylen)
2925 {
2926 	struct spu_hw *spu = &iproc_priv.spu;
2927 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2928 	struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
2929 
2930 	int ret = 0;
2931 
2932 	flow_log("%s() keylen:%u\n", __func__, keylen);
2933 	flow_dump("  key: ", key, keylen);
2934 
2935 	if (!ctx->is_esp)
2936 		ctx->digestsize = keylen;
2937 
2938 	ctx->enckeylen = keylen;
2939 	ctx->authkeylen = 0;
2940 	memcpy(ctx->enckey, key, ctx->enckeylen);
2941 
2942 	switch (ctx->enckeylen) {
2943 	case AES_KEYSIZE_128:
2944 		ctx->cipher_type = CIPHER_TYPE_AES128;
2945 		break;
2946 	case AES_KEYSIZE_192:
2947 		ctx->cipher_type = CIPHER_TYPE_AES192;
2948 		break;
2949 	case AES_KEYSIZE_256:
2950 		ctx->cipher_type = CIPHER_TYPE_AES256;
2951 		break;
2952 	default:
2953 		goto badkey;
2954 	}
2955 
2956 	flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2957 		 ctx->authkeylen);
2958 	flow_dump("  enc: ", ctx->enckey, ctx->enckeylen);
2959 	flow_dump("  auth: ", ctx->authkey, ctx->authkeylen);
2960 
2961 	/* setkey the fallback just in case we need to use it */
2962 	if (ctx->fallback_cipher) {
2963 		flow_log("  running fallback setkey()\n");
2964 
2965 		ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
2966 		ctx->fallback_cipher->base.crt_flags |=
2967 		    tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
2968 		ret = crypto_aead_setkey(ctx->fallback_cipher, key,
2969 					 keylen + ctx->salt_len);
2970 		if (ret) {
2971 			flow_log("  fallback setkey() returned:%d\n", ret);
2972 			tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK;
2973 			tfm->crt_flags |=
2974 			    (ctx->fallback_cipher->base.crt_flags &
2975 			     CRYPTO_TFM_RES_MASK);
2976 		}
2977 	}
2978 
2979 	ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
2980 							  ctx->enckeylen,
2981 							  false);
2982 
2983 	atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_AEAD]);
2984 
2985 	flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2986 		 ctx->authkeylen);
2987 
2988 	return ret;
2989 
2990 badkey:
2991 	ctx->enckeylen = 0;
2992 	ctx->authkeylen = 0;
2993 	ctx->digestsize = 0;
2994 
2995 	crypto_aead_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
2996 	return -EINVAL;
2997 }
2998 
2999 /**
3000  * aead_gcm_esp_setkey() - setkey() operation for ESP variant of GCM AES.
3001  * @cipher: AEAD structure
3002  * @key:    Key followed by 4 bytes of salt
3003  * @keylen: Length of key plus salt, in bytes
3004  *
3005  * Extracts salt from key and stores it to be prepended to IV on each request.
3006  * Digest is always 16 bytes
3007  *
3008  * Return: Value from generic gcm setkey.
3009  */
3010 static int aead_gcm_esp_setkey(struct crypto_aead *cipher,
3011 			       const u8 *key, unsigned int keylen)
3012 {
3013 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3014 
3015 	flow_log("%s\n", __func__);
3016 	ctx->salt_len = GCM_ESP_SALT_SIZE;
3017 	ctx->salt_offset = GCM_ESP_SALT_OFFSET;
3018 	memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
3019 	keylen -= GCM_ESP_SALT_SIZE;
3020 	ctx->digestsize = GCM_ESP_DIGESTSIZE;
3021 	ctx->is_esp = true;
3022 	flow_dump("salt: ", ctx->salt, GCM_ESP_SALT_SIZE);
3023 
3024 	return aead_gcm_ccm_setkey(cipher, key, keylen);
3025 }
3026 
3027 /**
3028  * rfc4543_gcm_esp_setkey() - setkey operation for RFC4543 variant of GCM/GMAC.
3029  * cipher: AEAD structure
3030  * key:    Key followed by 4 bytes of salt
3031  * keylen: Length of key plus salt, in bytes
3032  *
3033  * Extracts salt from key and stores it to be prepended to IV on each request.
3034  * Digest is always 16 bytes
3035  *
3036  * Return: Value from generic gcm setkey.
3037  */
3038 static int rfc4543_gcm_esp_setkey(struct crypto_aead *cipher,
3039 				  const u8 *key, unsigned int keylen)
3040 {
3041 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3042 
3043 	flow_log("%s\n", __func__);
3044 	ctx->salt_len = GCM_ESP_SALT_SIZE;
3045 	ctx->salt_offset = GCM_ESP_SALT_OFFSET;
3046 	memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
3047 	keylen -= GCM_ESP_SALT_SIZE;
3048 	ctx->digestsize = GCM_ESP_DIGESTSIZE;
3049 	ctx->is_esp = true;
3050 	ctx->is_rfc4543 = true;
3051 	flow_dump("salt: ", ctx->salt, GCM_ESP_SALT_SIZE);
3052 
3053 	return aead_gcm_ccm_setkey(cipher, key, keylen);
3054 }
3055 
3056 /**
3057  * aead_ccm_esp_setkey() - setkey() operation for ESP variant of CCM AES.
3058  * @cipher: AEAD structure
3059  * @key:    Key followed by 4 bytes of salt
3060  * @keylen: Length of key plus salt, in bytes
3061  *
3062  * Extracts salt from key and stores it to be prepended to IV on each request.
3063  * Digest is always 16 bytes
3064  *
3065  * Return: Value from generic ccm setkey.
3066  */
3067 static int aead_ccm_esp_setkey(struct crypto_aead *cipher,
3068 			       const u8 *key, unsigned int keylen)
3069 {
3070 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3071 
3072 	flow_log("%s\n", __func__);
3073 	ctx->salt_len = CCM_ESP_SALT_SIZE;
3074 	ctx->salt_offset = CCM_ESP_SALT_OFFSET;
3075 	memcpy(ctx->salt, key + keylen - CCM_ESP_SALT_SIZE, CCM_ESP_SALT_SIZE);
3076 	keylen -= CCM_ESP_SALT_SIZE;
3077 	ctx->is_esp = true;
3078 	flow_dump("salt: ", ctx->salt, CCM_ESP_SALT_SIZE);
3079 
3080 	return aead_gcm_ccm_setkey(cipher, key, keylen);
3081 }
3082 
3083 static int aead_setauthsize(struct crypto_aead *cipher, unsigned int authsize)
3084 {
3085 	struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3086 	int ret = 0;
3087 
3088 	flow_log("%s() authkeylen:%u authsize:%u\n",
3089 		 __func__, ctx->authkeylen, authsize);
3090 
3091 	ctx->digestsize = authsize;
3092 
3093 	/* setkey the fallback just in case we needto use it */
3094 	if (ctx->fallback_cipher) {
3095 		flow_log("  running fallback setauth()\n");
3096 
3097 		ret = crypto_aead_setauthsize(ctx->fallback_cipher, authsize);
3098 		if (ret)
3099 			flow_log("  fallback setauth() returned:%d\n", ret);
3100 	}
3101 
3102 	return ret;
3103 }
3104 
3105 static int aead_encrypt(struct aead_request *req)
3106 {
3107 	flow_log("%s() cryptlen:%u %08x\n", __func__, req->cryptlen,
3108 		 req->cryptlen);
3109 	dump_sg(req->src, 0, req->cryptlen + req->assoclen);
3110 	flow_log("  assoc_len:%u\n", req->assoclen);
3111 
3112 	return aead_enqueue(req, true);
3113 }
3114 
3115 static int aead_decrypt(struct aead_request *req)
3116 {
3117 	flow_log("%s() cryptlen:%u\n", __func__, req->cryptlen);
3118 	dump_sg(req->src, 0, req->cryptlen + req->assoclen);
3119 	flow_log("  assoc_len:%u\n", req->assoclen);
3120 
3121 	return aead_enqueue(req, false);
3122 }
3123 
3124 /* ==================== Supported Cipher Algorithms ==================== */
3125 
3126 static struct iproc_alg_s driver_algs[] = {
3127 	{
3128 	 .type = CRYPTO_ALG_TYPE_AEAD,
3129 	 .alg.aead = {
3130 		 .base = {
3131 			.cra_name = "gcm(aes)",
3132 			.cra_driver_name = "gcm-aes-iproc",
3133 			.cra_blocksize = AES_BLOCK_SIZE,
3134 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3135 		 },
3136 		 .setkey = aead_gcm_ccm_setkey,
3137 		 .ivsize = GCM_AES_IV_SIZE,
3138 		.maxauthsize = AES_BLOCK_SIZE,
3139 	 },
3140 	 .cipher_info = {
3141 			 .alg = CIPHER_ALG_AES,
3142 			 .mode = CIPHER_MODE_GCM,
3143 			 },
3144 	 .auth_info = {
3145 		       .alg = HASH_ALG_AES,
3146 		       .mode = HASH_MODE_GCM,
3147 		       },
3148 	 .auth_first = 0,
3149 	 },
3150 	{
3151 	 .type = CRYPTO_ALG_TYPE_AEAD,
3152 	 .alg.aead = {
3153 		 .base = {
3154 			.cra_name = "ccm(aes)",
3155 			.cra_driver_name = "ccm-aes-iproc",
3156 			.cra_blocksize = AES_BLOCK_SIZE,
3157 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3158 		 },
3159 		 .setkey = aead_gcm_ccm_setkey,
3160 		 .ivsize = CCM_AES_IV_SIZE,
3161 		.maxauthsize = AES_BLOCK_SIZE,
3162 	 },
3163 	 .cipher_info = {
3164 			 .alg = CIPHER_ALG_AES,
3165 			 .mode = CIPHER_MODE_CCM,
3166 			 },
3167 	 .auth_info = {
3168 		       .alg = HASH_ALG_AES,
3169 		       .mode = HASH_MODE_CCM,
3170 		       },
3171 	 .auth_first = 0,
3172 	 },
3173 	{
3174 	 .type = CRYPTO_ALG_TYPE_AEAD,
3175 	 .alg.aead = {
3176 		 .base = {
3177 			.cra_name = "rfc4106(gcm(aes))",
3178 			.cra_driver_name = "gcm-aes-esp-iproc",
3179 			.cra_blocksize = AES_BLOCK_SIZE,
3180 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3181 		 },
3182 		 .setkey = aead_gcm_esp_setkey,
3183 		 .ivsize = GCM_RFC4106_IV_SIZE,
3184 		 .maxauthsize = AES_BLOCK_SIZE,
3185 	 },
3186 	 .cipher_info = {
3187 			 .alg = CIPHER_ALG_AES,
3188 			 .mode = CIPHER_MODE_GCM,
3189 			 },
3190 	 .auth_info = {
3191 		       .alg = HASH_ALG_AES,
3192 		       .mode = HASH_MODE_GCM,
3193 		       },
3194 	 .auth_first = 0,
3195 	 },
3196 	{
3197 	 .type = CRYPTO_ALG_TYPE_AEAD,
3198 	 .alg.aead = {
3199 		 .base = {
3200 			.cra_name = "rfc4309(ccm(aes))",
3201 			.cra_driver_name = "ccm-aes-esp-iproc",
3202 			.cra_blocksize = AES_BLOCK_SIZE,
3203 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3204 		 },
3205 		 .setkey = aead_ccm_esp_setkey,
3206 		 .ivsize = CCM_AES_IV_SIZE,
3207 		 .maxauthsize = AES_BLOCK_SIZE,
3208 	 },
3209 	 .cipher_info = {
3210 			 .alg = CIPHER_ALG_AES,
3211 			 .mode = CIPHER_MODE_CCM,
3212 			 },
3213 	 .auth_info = {
3214 		       .alg = HASH_ALG_AES,
3215 		       .mode = HASH_MODE_CCM,
3216 		       },
3217 	 .auth_first = 0,
3218 	 },
3219 	{
3220 	 .type = CRYPTO_ALG_TYPE_AEAD,
3221 	 .alg.aead = {
3222 		 .base = {
3223 			.cra_name = "rfc4543(gcm(aes))",
3224 			.cra_driver_name = "gmac-aes-esp-iproc",
3225 			.cra_blocksize = AES_BLOCK_SIZE,
3226 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK
3227 		 },
3228 		 .setkey = rfc4543_gcm_esp_setkey,
3229 		 .ivsize = GCM_RFC4106_IV_SIZE,
3230 		 .maxauthsize = AES_BLOCK_SIZE,
3231 	 },
3232 	 .cipher_info = {
3233 			 .alg = CIPHER_ALG_AES,
3234 			 .mode = CIPHER_MODE_GCM,
3235 			 },
3236 	 .auth_info = {
3237 		       .alg = HASH_ALG_AES,
3238 		       .mode = HASH_MODE_GCM,
3239 		       },
3240 	 .auth_first = 0,
3241 	 },
3242 	{
3243 	 .type = CRYPTO_ALG_TYPE_AEAD,
3244 	 .alg.aead = {
3245 		 .base = {
3246 			.cra_name = "authenc(hmac(md5),cbc(aes))",
3247 			.cra_driver_name = "authenc-hmac-md5-cbc-aes-iproc",
3248 			.cra_blocksize = AES_BLOCK_SIZE,
3249 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3250 		 },
3251 		 .setkey = aead_authenc_setkey,
3252 		.ivsize = AES_BLOCK_SIZE,
3253 		.maxauthsize = MD5_DIGEST_SIZE,
3254 	 },
3255 	 .cipher_info = {
3256 			 .alg = CIPHER_ALG_AES,
3257 			 .mode = CIPHER_MODE_CBC,
3258 			 },
3259 	 .auth_info = {
3260 		       .alg = HASH_ALG_MD5,
3261 		       .mode = HASH_MODE_HMAC,
3262 		       },
3263 	 .auth_first = 0,
3264 	 },
3265 	{
3266 	 .type = CRYPTO_ALG_TYPE_AEAD,
3267 	 .alg.aead = {
3268 		 .base = {
3269 			.cra_name = "authenc(hmac(sha1),cbc(aes))",
3270 			.cra_driver_name = "authenc-hmac-sha1-cbc-aes-iproc",
3271 			.cra_blocksize = AES_BLOCK_SIZE,
3272 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3273 		 },
3274 		 .setkey = aead_authenc_setkey,
3275 		 .ivsize = AES_BLOCK_SIZE,
3276 		 .maxauthsize = SHA1_DIGEST_SIZE,
3277 	 },
3278 	 .cipher_info = {
3279 			 .alg = CIPHER_ALG_AES,
3280 			 .mode = CIPHER_MODE_CBC,
3281 			 },
3282 	 .auth_info = {
3283 		       .alg = HASH_ALG_SHA1,
3284 		       .mode = HASH_MODE_HMAC,
3285 		       },
3286 	 .auth_first = 0,
3287 	 },
3288 	{
3289 	 .type = CRYPTO_ALG_TYPE_AEAD,
3290 	 .alg.aead = {
3291 		 .base = {
3292 			.cra_name = "authenc(hmac(sha256),cbc(aes))",
3293 			.cra_driver_name = "authenc-hmac-sha256-cbc-aes-iproc",
3294 			.cra_blocksize = AES_BLOCK_SIZE,
3295 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3296 		 },
3297 		 .setkey = aead_authenc_setkey,
3298 		 .ivsize = AES_BLOCK_SIZE,
3299 		 .maxauthsize = SHA256_DIGEST_SIZE,
3300 	 },
3301 	 .cipher_info = {
3302 			 .alg = CIPHER_ALG_AES,
3303 			 .mode = CIPHER_MODE_CBC,
3304 			 },
3305 	 .auth_info = {
3306 		       .alg = HASH_ALG_SHA256,
3307 		       .mode = HASH_MODE_HMAC,
3308 		       },
3309 	 .auth_first = 0,
3310 	 },
3311 	{
3312 	 .type = CRYPTO_ALG_TYPE_AEAD,
3313 	 .alg.aead = {
3314 		 .base = {
3315 			.cra_name = "authenc(hmac(md5),cbc(des))",
3316 			.cra_driver_name = "authenc-hmac-md5-cbc-des-iproc",
3317 			.cra_blocksize = DES_BLOCK_SIZE,
3318 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3319 		 },
3320 		 .setkey = aead_authenc_setkey,
3321 		 .ivsize = DES_BLOCK_SIZE,
3322 		 .maxauthsize = MD5_DIGEST_SIZE,
3323 	 },
3324 	 .cipher_info = {
3325 			 .alg = CIPHER_ALG_DES,
3326 			 .mode = CIPHER_MODE_CBC,
3327 			 },
3328 	 .auth_info = {
3329 		       .alg = HASH_ALG_MD5,
3330 		       .mode = HASH_MODE_HMAC,
3331 		       },
3332 	 .auth_first = 0,
3333 	 },
3334 	{
3335 	 .type = CRYPTO_ALG_TYPE_AEAD,
3336 	 .alg.aead = {
3337 		 .base = {
3338 			.cra_name = "authenc(hmac(sha1),cbc(des))",
3339 			.cra_driver_name = "authenc-hmac-sha1-cbc-des-iproc",
3340 			.cra_blocksize = DES_BLOCK_SIZE,
3341 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3342 		 },
3343 		 .setkey = aead_authenc_setkey,
3344 		 .ivsize = DES_BLOCK_SIZE,
3345 		 .maxauthsize = SHA1_DIGEST_SIZE,
3346 	 },
3347 	 .cipher_info = {
3348 			 .alg = CIPHER_ALG_DES,
3349 			 .mode = CIPHER_MODE_CBC,
3350 			 },
3351 	 .auth_info = {
3352 		       .alg = HASH_ALG_SHA1,
3353 		       .mode = HASH_MODE_HMAC,
3354 		       },
3355 	 .auth_first = 0,
3356 	 },
3357 	{
3358 	 .type = CRYPTO_ALG_TYPE_AEAD,
3359 	 .alg.aead = {
3360 		 .base = {
3361 			.cra_name = "authenc(hmac(sha224),cbc(des))",
3362 			.cra_driver_name = "authenc-hmac-sha224-cbc-des-iproc",
3363 			.cra_blocksize = DES_BLOCK_SIZE,
3364 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3365 		 },
3366 		 .setkey = aead_authenc_setkey,
3367 		 .ivsize = DES_BLOCK_SIZE,
3368 		 .maxauthsize = SHA224_DIGEST_SIZE,
3369 	 },
3370 	 .cipher_info = {
3371 			 .alg = CIPHER_ALG_DES,
3372 			 .mode = CIPHER_MODE_CBC,
3373 			 },
3374 	 .auth_info = {
3375 		       .alg = HASH_ALG_SHA224,
3376 		       .mode = HASH_MODE_HMAC,
3377 		       },
3378 	 .auth_first = 0,
3379 	 },
3380 	{
3381 	 .type = CRYPTO_ALG_TYPE_AEAD,
3382 	 .alg.aead = {
3383 		 .base = {
3384 			.cra_name = "authenc(hmac(sha256),cbc(des))",
3385 			.cra_driver_name = "authenc-hmac-sha256-cbc-des-iproc",
3386 			.cra_blocksize = DES_BLOCK_SIZE,
3387 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3388 		 },
3389 		 .setkey = aead_authenc_setkey,
3390 		 .ivsize = DES_BLOCK_SIZE,
3391 		 .maxauthsize = SHA256_DIGEST_SIZE,
3392 	 },
3393 	 .cipher_info = {
3394 			 .alg = CIPHER_ALG_DES,
3395 			 .mode = CIPHER_MODE_CBC,
3396 			 },
3397 	 .auth_info = {
3398 		       .alg = HASH_ALG_SHA256,
3399 		       .mode = HASH_MODE_HMAC,
3400 		       },
3401 	 .auth_first = 0,
3402 	 },
3403 	{
3404 	 .type = CRYPTO_ALG_TYPE_AEAD,
3405 	 .alg.aead = {
3406 		 .base = {
3407 			.cra_name = "authenc(hmac(sha384),cbc(des))",
3408 			.cra_driver_name = "authenc-hmac-sha384-cbc-des-iproc",
3409 			.cra_blocksize = DES_BLOCK_SIZE,
3410 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3411 		 },
3412 		 .setkey = aead_authenc_setkey,
3413 		 .ivsize = DES_BLOCK_SIZE,
3414 		 .maxauthsize = SHA384_DIGEST_SIZE,
3415 	 },
3416 	 .cipher_info = {
3417 			 .alg = CIPHER_ALG_DES,
3418 			 .mode = CIPHER_MODE_CBC,
3419 			 },
3420 	 .auth_info = {
3421 		       .alg = HASH_ALG_SHA384,
3422 		       .mode = HASH_MODE_HMAC,
3423 		       },
3424 	 .auth_first = 0,
3425 	 },
3426 	{
3427 	 .type = CRYPTO_ALG_TYPE_AEAD,
3428 	 .alg.aead = {
3429 		 .base = {
3430 			.cra_name = "authenc(hmac(sha512),cbc(des))",
3431 			.cra_driver_name = "authenc-hmac-sha512-cbc-des-iproc",
3432 			.cra_blocksize = DES_BLOCK_SIZE,
3433 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3434 		 },
3435 		 .setkey = aead_authenc_setkey,
3436 		 .ivsize = DES_BLOCK_SIZE,
3437 		 .maxauthsize = SHA512_DIGEST_SIZE,
3438 	 },
3439 	 .cipher_info = {
3440 			 .alg = CIPHER_ALG_DES,
3441 			 .mode = CIPHER_MODE_CBC,
3442 			 },
3443 	 .auth_info = {
3444 		       .alg = HASH_ALG_SHA512,
3445 		       .mode = HASH_MODE_HMAC,
3446 		       },
3447 	 .auth_first = 0,
3448 	 },
3449 	{
3450 	 .type = CRYPTO_ALG_TYPE_AEAD,
3451 	 .alg.aead = {
3452 		 .base = {
3453 			.cra_name = "authenc(hmac(md5),cbc(des3_ede))",
3454 			.cra_driver_name = "authenc-hmac-md5-cbc-des3-iproc",
3455 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3456 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3457 		 },
3458 		 .setkey = aead_authenc_setkey,
3459 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3460 		 .maxauthsize = MD5_DIGEST_SIZE,
3461 	 },
3462 	 .cipher_info = {
3463 			 .alg = CIPHER_ALG_3DES,
3464 			 .mode = CIPHER_MODE_CBC,
3465 			 },
3466 	 .auth_info = {
3467 		       .alg = HASH_ALG_MD5,
3468 		       .mode = HASH_MODE_HMAC,
3469 		       },
3470 	 .auth_first = 0,
3471 	 },
3472 	{
3473 	 .type = CRYPTO_ALG_TYPE_AEAD,
3474 	 .alg.aead = {
3475 		 .base = {
3476 			.cra_name = "authenc(hmac(sha1),cbc(des3_ede))",
3477 			.cra_driver_name = "authenc-hmac-sha1-cbc-des3-iproc",
3478 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3479 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3480 		 },
3481 		 .setkey = aead_authenc_setkey,
3482 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3483 		 .maxauthsize = SHA1_DIGEST_SIZE,
3484 	 },
3485 	 .cipher_info = {
3486 			 .alg = CIPHER_ALG_3DES,
3487 			 .mode = CIPHER_MODE_CBC,
3488 			 },
3489 	 .auth_info = {
3490 		       .alg = HASH_ALG_SHA1,
3491 		       .mode = HASH_MODE_HMAC,
3492 		       },
3493 	 .auth_first = 0,
3494 	 },
3495 	{
3496 	 .type = CRYPTO_ALG_TYPE_AEAD,
3497 	 .alg.aead = {
3498 		 .base = {
3499 			.cra_name = "authenc(hmac(sha224),cbc(des3_ede))",
3500 			.cra_driver_name = "authenc-hmac-sha224-cbc-des3-iproc",
3501 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3502 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3503 		 },
3504 		 .setkey = aead_authenc_setkey,
3505 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3506 		 .maxauthsize = SHA224_DIGEST_SIZE,
3507 	 },
3508 	 .cipher_info = {
3509 			 .alg = CIPHER_ALG_3DES,
3510 			 .mode = CIPHER_MODE_CBC,
3511 			 },
3512 	 .auth_info = {
3513 		       .alg = HASH_ALG_SHA224,
3514 		       .mode = HASH_MODE_HMAC,
3515 		       },
3516 	 .auth_first = 0,
3517 	 },
3518 	{
3519 	 .type = CRYPTO_ALG_TYPE_AEAD,
3520 	 .alg.aead = {
3521 		 .base = {
3522 			.cra_name = "authenc(hmac(sha256),cbc(des3_ede))",
3523 			.cra_driver_name = "authenc-hmac-sha256-cbc-des3-iproc",
3524 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3525 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3526 		 },
3527 		 .setkey = aead_authenc_setkey,
3528 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3529 		 .maxauthsize = SHA256_DIGEST_SIZE,
3530 	 },
3531 	 .cipher_info = {
3532 			 .alg = CIPHER_ALG_3DES,
3533 			 .mode = CIPHER_MODE_CBC,
3534 			 },
3535 	 .auth_info = {
3536 		       .alg = HASH_ALG_SHA256,
3537 		       .mode = HASH_MODE_HMAC,
3538 		       },
3539 	 .auth_first = 0,
3540 	 },
3541 	{
3542 	 .type = CRYPTO_ALG_TYPE_AEAD,
3543 	 .alg.aead = {
3544 		 .base = {
3545 			.cra_name = "authenc(hmac(sha384),cbc(des3_ede))",
3546 			.cra_driver_name = "authenc-hmac-sha384-cbc-des3-iproc",
3547 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3548 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3549 		 },
3550 		 .setkey = aead_authenc_setkey,
3551 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3552 		 .maxauthsize = SHA384_DIGEST_SIZE,
3553 	 },
3554 	 .cipher_info = {
3555 			 .alg = CIPHER_ALG_3DES,
3556 			 .mode = CIPHER_MODE_CBC,
3557 			 },
3558 	 .auth_info = {
3559 		       .alg = HASH_ALG_SHA384,
3560 		       .mode = HASH_MODE_HMAC,
3561 		       },
3562 	 .auth_first = 0,
3563 	 },
3564 	{
3565 	 .type = CRYPTO_ALG_TYPE_AEAD,
3566 	 .alg.aead = {
3567 		 .base = {
3568 			.cra_name = "authenc(hmac(sha512),cbc(des3_ede))",
3569 			.cra_driver_name = "authenc-hmac-sha512-cbc-des3-iproc",
3570 			.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3571 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3572 		 },
3573 		 .setkey = aead_authenc_setkey,
3574 		 .ivsize = DES3_EDE_BLOCK_SIZE,
3575 		 .maxauthsize = SHA512_DIGEST_SIZE,
3576 	 },
3577 	 .cipher_info = {
3578 			 .alg = CIPHER_ALG_3DES,
3579 			 .mode = CIPHER_MODE_CBC,
3580 			 },
3581 	 .auth_info = {
3582 		       .alg = HASH_ALG_SHA512,
3583 		       .mode = HASH_MODE_HMAC,
3584 		       },
3585 	 .auth_first = 0,
3586 	 },
3587 
3588 /* SKCIPHER algorithms. */
3589 	{
3590 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3591 	 .alg.skcipher = {
3592 			.base.cra_name = "ecb(arc4)",
3593 			.base.cra_driver_name = "ecb-arc4-iproc",
3594 			.base.cra_blocksize = ARC4_BLOCK_SIZE,
3595 			.min_keysize = ARC4_MIN_KEY_SIZE,
3596 			.max_keysize = ARC4_MAX_KEY_SIZE,
3597 			.ivsize = 0,
3598 			},
3599 	 .cipher_info = {
3600 			 .alg = CIPHER_ALG_RC4,
3601 			 .mode = CIPHER_MODE_NONE,
3602 			 },
3603 	 .auth_info = {
3604 		       .alg = HASH_ALG_NONE,
3605 		       .mode = HASH_MODE_NONE,
3606 		       },
3607 	 },
3608 	{
3609 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3610 	 .alg.skcipher = {
3611 			.base.cra_name = "ofb(des)",
3612 			.base.cra_driver_name = "ofb-des-iproc",
3613 			.base.cra_blocksize = DES_BLOCK_SIZE,
3614 			.min_keysize = DES_KEY_SIZE,
3615 			.max_keysize = DES_KEY_SIZE,
3616 			.ivsize = DES_BLOCK_SIZE,
3617 			},
3618 	 .cipher_info = {
3619 			 .alg = CIPHER_ALG_DES,
3620 			 .mode = CIPHER_MODE_OFB,
3621 			 },
3622 	 .auth_info = {
3623 		       .alg = HASH_ALG_NONE,
3624 		       .mode = HASH_MODE_NONE,
3625 		       },
3626 	 },
3627 	{
3628 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3629 	 .alg.skcipher = {
3630 			.base.cra_name = "cbc(des)",
3631 			.base.cra_driver_name = "cbc-des-iproc",
3632 			.base.cra_blocksize = DES_BLOCK_SIZE,
3633 			.min_keysize = DES_KEY_SIZE,
3634 			.max_keysize = DES_KEY_SIZE,
3635 			.ivsize = DES_BLOCK_SIZE,
3636 			},
3637 	 .cipher_info = {
3638 			 .alg = CIPHER_ALG_DES,
3639 			 .mode = CIPHER_MODE_CBC,
3640 			 },
3641 	 .auth_info = {
3642 		       .alg = HASH_ALG_NONE,
3643 		       .mode = HASH_MODE_NONE,
3644 		       },
3645 	 },
3646 	{
3647 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3648 	 .alg.skcipher = {
3649 			.base.cra_name = "ecb(des)",
3650 			.base.cra_driver_name = "ecb-des-iproc",
3651 			.base.cra_blocksize = DES_BLOCK_SIZE,
3652 			.min_keysize = DES_KEY_SIZE,
3653 			.max_keysize = DES_KEY_SIZE,
3654 			.ivsize = 0,
3655 			},
3656 	 .cipher_info = {
3657 			 .alg = CIPHER_ALG_DES,
3658 			 .mode = CIPHER_MODE_ECB,
3659 			 },
3660 	 .auth_info = {
3661 		       .alg = HASH_ALG_NONE,
3662 		       .mode = HASH_MODE_NONE,
3663 		       },
3664 	 },
3665 	{
3666 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3667 	 .alg.skcipher = {
3668 			.base.cra_name = "ofb(des3_ede)",
3669 			.base.cra_driver_name = "ofb-des3-iproc",
3670 			.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3671 			.min_keysize = DES3_EDE_KEY_SIZE,
3672 			.max_keysize = DES3_EDE_KEY_SIZE,
3673 			.ivsize = DES3_EDE_BLOCK_SIZE,
3674 			},
3675 	 .cipher_info = {
3676 			 .alg = CIPHER_ALG_3DES,
3677 			 .mode = CIPHER_MODE_OFB,
3678 			 },
3679 	 .auth_info = {
3680 		       .alg = HASH_ALG_NONE,
3681 		       .mode = HASH_MODE_NONE,
3682 		       },
3683 	 },
3684 	{
3685 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3686 	 .alg.skcipher = {
3687 			.base.cra_name = "cbc(des3_ede)",
3688 			.base.cra_driver_name = "cbc-des3-iproc",
3689 			.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3690 			.min_keysize = DES3_EDE_KEY_SIZE,
3691 			.max_keysize = DES3_EDE_KEY_SIZE,
3692 			.ivsize = DES3_EDE_BLOCK_SIZE,
3693 			},
3694 	 .cipher_info = {
3695 			 .alg = CIPHER_ALG_3DES,
3696 			 .mode = CIPHER_MODE_CBC,
3697 			 },
3698 	 .auth_info = {
3699 		       .alg = HASH_ALG_NONE,
3700 		       .mode = HASH_MODE_NONE,
3701 		       },
3702 	 },
3703 	{
3704 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3705 	 .alg.skcipher = {
3706 			.base.cra_name = "ecb(des3_ede)",
3707 			.base.cra_driver_name = "ecb-des3-iproc",
3708 			.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3709 			.min_keysize = DES3_EDE_KEY_SIZE,
3710 			.max_keysize = DES3_EDE_KEY_SIZE,
3711 			.ivsize = 0,
3712 			},
3713 	 .cipher_info = {
3714 			 .alg = CIPHER_ALG_3DES,
3715 			 .mode = CIPHER_MODE_ECB,
3716 			 },
3717 	 .auth_info = {
3718 		       .alg = HASH_ALG_NONE,
3719 		       .mode = HASH_MODE_NONE,
3720 		       },
3721 	 },
3722 	{
3723 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3724 	 .alg.skcipher = {
3725 			.base.cra_name = "ofb(aes)",
3726 			.base.cra_driver_name = "ofb-aes-iproc",
3727 			.base.cra_blocksize = AES_BLOCK_SIZE,
3728 			.min_keysize = AES_MIN_KEY_SIZE,
3729 			.max_keysize = AES_MAX_KEY_SIZE,
3730 			.ivsize = AES_BLOCK_SIZE,
3731 			},
3732 	 .cipher_info = {
3733 			 .alg = CIPHER_ALG_AES,
3734 			 .mode = CIPHER_MODE_OFB,
3735 			 },
3736 	 .auth_info = {
3737 		       .alg = HASH_ALG_NONE,
3738 		       .mode = HASH_MODE_NONE,
3739 		       },
3740 	 },
3741 	{
3742 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3743 	 .alg.skcipher = {
3744 			.base.cra_name = "cbc(aes)",
3745 			.base.cra_driver_name = "cbc-aes-iproc",
3746 			.base.cra_blocksize = AES_BLOCK_SIZE,
3747 			.min_keysize = AES_MIN_KEY_SIZE,
3748 			.max_keysize = AES_MAX_KEY_SIZE,
3749 			.ivsize = AES_BLOCK_SIZE,
3750 			},
3751 	 .cipher_info = {
3752 			 .alg = CIPHER_ALG_AES,
3753 			 .mode = CIPHER_MODE_CBC,
3754 			 },
3755 	 .auth_info = {
3756 		       .alg = HASH_ALG_NONE,
3757 		       .mode = HASH_MODE_NONE,
3758 		       },
3759 	 },
3760 	{
3761 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3762 	 .alg.skcipher = {
3763 			.base.cra_name = "ecb(aes)",
3764 			.base.cra_driver_name = "ecb-aes-iproc",
3765 			.base.cra_blocksize = AES_BLOCK_SIZE,
3766 			.min_keysize = AES_MIN_KEY_SIZE,
3767 			.max_keysize = AES_MAX_KEY_SIZE,
3768 			.ivsize = 0,
3769 			},
3770 	 .cipher_info = {
3771 			 .alg = CIPHER_ALG_AES,
3772 			 .mode = CIPHER_MODE_ECB,
3773 			 },
3774 	 .auth_info = {
3775 		       .alg = HASH_ALG_NONE,
3776 		       .mode = HASH_MODE_NONE,
3777 		       },
3778 	 },
3779 	{
3780 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3781 	 .alg.skcipher = {
3782 			.base.cra_name = "ctr(aes)",
3783 			.base.cra_driver_name = "ctr-aes-iproc",
3784 			.base.cra_blocksize = AES_BLOCK_SIZE,
3785 			.min_keysize = AES_MIN_KEY_SIZE,
3786 			.max_keysize = AES_MAX_KEY_SIZE,
3787 			.ivsize = AES_BLOCK_SIZE,
3788 			},
3789 	 .cipher_info = {
3790 			 .alg = CIPHER_ALG_AES,
3791 			 .mode = CIPHER_MODE_CTR,
3792 			 },
3793 	 .auth_info = {
3794 		       .alg = HASH_ALG_NONE,
3795 		       .mode = HASH_MODE_NONE,
3796 		       },
3797 	 },
3798 {
3799 	 .type = CRYPTO_ALG_TYPE_SKCIPHER,
3800 	 .alg.skcipher = {
3801 			.base.cra_name = "xts(aes)",
3802 			.base.cra_driver_name = "xts-aes-iproc",
3803 			.base.cra_blocksize = AES_BLOCK_SIZE,
3804 			.min_keysize = 2 * AES_MIN_KEY_SIZE,
3805 			.max_keysize = 2 * AES_MAX_KEY_SIZE,
3806 			.ivsize = AES_BLOCK_SIZE,
3807 			},
3808 	 .cipher_info = {
3809 			 .alg = CIPHER_ALG_AES,
3810 			 .mode = CIPHER_MODE_XTS,
3811 			 },
3812 	 .auth_info = {
3813 		       .alg = HASH_ALG_NONE,
3814 		       .mode = HASH_MODE_NONE,
3815 		       },
3816 	 },
3817 
3818 /* AHASH algorithms. */
3819 	{
3820 	 .type = CRYPTO_ALG_TYPE_AHASH,
3821 	 .alg.hash = {
3822 		      .halg.digestsize = MD5_DIGEST_SIZE,
3823 		      .halg.base = {
3824 				    .cra_name = "md5",
3825 				    .cra_driver_name = "md5-iproc",
3826 				    .cra_blocksize = MD5_BLOCK_WORDS * 4,
3827 				    .cra_flags = CRYPTO_ALG_ASYNC,
3828 				}
3829 		      },
3830 	 .cipher_info = {
3831 			 .alg = CIPHER_ALG_NONE,
3832 			 .mode = CIPHER_MODE_NONE,
3833 			 },
3834 	 .auth_info = {
3835 		       .alg = HASH_ALG_MD5,
3836 		       .mode = HASH_MODE_HASH,
3837 		       },
3838 	 },
3839 	{
3840 	 .type = CRYPTO_ALG_TYPE_AHASH,
3841 	 .alg.hash = {
3842 		      .halg.digestsize = MD5_DIGEST_SIZE,
3843 		      .halg.base = {
3844 				    .cra_name = "hmac(md5)",
3845 				    .cra_driver_name = "hmac-md5-iproc",
3846 				    .cra_blocksize = MD5_BLOCK_WORDS * 4,
3847 				}
3848 		      },
3849 	 .cipher_info = {
3850 			 .alg = CIPHER_ALG_NONE,
3851 			 .mode = CIPHER_MODE_NONE,
3852 			 },
3853 	 .auth_info = {
3854 		       .alg = HASH_ALG_MD5,
3855 		       .mode = HASH_MODE_HMAC,
3856 		       },
3857 	 },
3858 	{.type = CRYPTO_ALG_TYPE_AHASH,
3859 	 .alg.hash = {
3860 		      .halg.digestsize = SHA1_DIGEST_SIZE,
3861 		      .halg.base = {
3862 				    .cra_name = "sha1",
3863 				    .cra_driver_name = "sha1-iproc",
3864 				    .cra_blocksize = SHA1_BLOCK_SIZE,
3865 				}
3866 		      },
3867 	 .cipher_info = {
3868 			 .alg = CIPHER_ALG_NONE,
3869 			 .mode = CIPHER_MODE_NONE,
3870 			 },
3871 	 .auth_info = {
3872 		       .alg = HASH_ALG_SHA1,
3873 		       .mode = HASH_MODE_HASH,
3874 		       },
3875 	 },
3876 	{.type = CRYPTO_ALG_TYPE_AHASH,
3877 	 .alg.hash = {
3878 		      .halg.digestsize = SHA1_DIGEST_SIZE,
3879 		      .halg.base = {
3880 				    .cra_name = "hmac(sha1)",
3881 				    .cra_driver_name = "hmac-sha1-iproc",
3882 				    .cra_blocksize = SHA1_BLOCK_SIZE,
3883 				}
3884 		      },
3885 	 .cipher_info = {
3886 			 .alg = CIPHER_ALG_NONE,
3887 			 .mode = CIPHER_MODE_NONE,
3888 			 },
3889 	 .auth_info = {
3890 		       .alg = HASH_ALG_SHA1,
3891 		       .mode = HASH_MODE_HMAC,
3892 		       },
3893 	 },
3894 	{.type = CRYPTO_ALG_TYPE_AHASH,
3895 	 .alg.hash = {
3896 			.halg.digestsize = SHA224_DIGEST_SIZE,
3897 			.halg.base = {
3898 				    .cra_name = "sha224",
3899 				    .cra_driver_name = "sha224-iproc",
3900 				    .cra_blocksize = SHA224_BLOCK_SIZE,
3901 			}
3902 		      },
3903 	 .cipher_info = {
3904 			 .alg = CIPHER_ALG_NONE,
3905 			 .mode = CIPHER_MODE_NONE,
3906 			 },
3907 	 .auth_info = {
3908 		       .alg = HASH_ALG_SHA224,
3909 		       .mode = HASH_MODE_HASH,
3910 		       },
3911 	 },
3912 	{.type = CRYPTO_ALG_TYPE_AHASH,
3913 	 .alg.hash = {
3914 		      .halg.digestsize = SHA224_DIGEST_SIZE,
3915 		      .halg.base = {
3916 				    .cra_name = "hmac(sha224)",
3917 				    .cra_driver_name = "hmac-sha224-iproc",
3918 				    .cra_blocksize = SHA224_BLOCK_SIZE,
3919 				}
3920 		      },
3921 	 .cipher_info = {
3922 			 .alg = CIPHER_ALG_NONE,
3923 			 .mode = CIPHER_MODE_NONE,
3924 			 },
3925 	 .auth_info = {
3926 		       .alg = HASH_ALG_SHA224,
3927 		       .mode = HASH_MODE_HMAC,
3928 		       },
3929 	 },
3930 	{.type = CRYPTO_ALG_TYPE_AHASH,
3931 	 .alg.hash = {
3932 		      .halg.digestsize = SHA256_DIGEST_SIZE,
3933 		      .halg.base = {
3934 				    .cra_name = "sha256",
3935 				    .cra_driver_name = "sha256-iproc",
3936 				    .cra_blocksize = SHA256_BLOCK_SIZE,
3937 				}
3938 		      },
3939 	 .cipher_info = {
3940 			 .alg = CIPHER_ALG_NONE,
3941 			 .mode = CIPHER_MODE_NONE,
3942 			 },
3943 	 .auth_info = {
3944 		       .alg = HASH_ALG_SHA256,
3945 		       .mode = HASH_MODE_HASH,
3946 		       },
3947 	 },
3948 	{.type = CRYPTO_ALG_TYPE_AHASH,
3949 	 .alg.hash = {
3950 		      .halg.digestsize = SHA256_DIGEST_SIZE,
3951 		      .halg.base = {
3952 				    .cra_name = "hmac(sha256)",
3953 				    .cra_driver_name = "hmac-sha256-iproc",
3954 				    .cra_blocksize = SHA256_BLOCK_SIZE,
3955 				}
3956 		      },
3957 	 .cipher_info = {
3958 			 .alg = CIPHER_ALG_NONE,
3959 			 .mode = CIPHER_MODE_NONE,
3960 			 },
3961 	 .auth_info = {
3962 		       .alg = HASH_ALG_SHA256,
3963 		       .mode = HASH_MODE_HMAC,
3964 		       },
3965 	 },
3966 	{
3967 	.type = CRYPTO_ALG_TYPE_AHASH,
3968 	 .alg.hash = {
3969 		      .halg.digestsize = SHA384_DIGEST_SIZE,
3970 		      .halg.base = {
3971 				    .cra_name = "sha384",
3972 				    .cra_driver_name = "sha384-iproc",
3973 				    .cra_blocksize = SHA384_BLOCK_SIZE,
3974 				}
3975 		      },
3976 	 .cipher_info = {
3977 			 .alg = CIPHER_ALG_NONE,
3978 			 .mode = CIPHER_MODE_NONE,
3979 			 },
3980 	 .auth_info = {
3981 		       .alg = HASH_ALG_SHA384,
3982 		       .mode = HASH_MODE_HASH,
3983 		       },
3984 	 },
3985 	{
3986 	 .type = CRYPTO_ALG_TYPE_AHASH,
3987 	 .alg.hash = {
3988 		      .halg.digestsize = SHA384_DIGEST_SIZE,
3989 		      .halg.base = {
3990 				    .cra_name = "hmac(sha384)",
3991 				    .cra_driver_name = "hmac-sha384-iproc",
3992 				    .cra_blocksize = SHA384_BLOCK_SIZE,
3993 				}
3994 		      },
3995 	 .cipher_info = {
3996 			 .alg = CIPHER_ALG_NONE,
3997 			 .mode = CIPHER_MODE_NONE,
3998 			 },
3999 	 .auth_info = {
4000 		       .alg = HASH_ALG_SHA384,
4001 		       .mode = HASH_MODE_HMAC,
4002 		       },
4003 	 },
4004 	{
4005 	 .type = CRYPTO_ALG_TYPE_AHASH,
4006 	 .alg.hash = {
4007 		      .halg.digestsize = SHA512_DIGEST_SIZE,
4008 		      .halg.base = {
4009 				    .cra_name = "sha512",
4010 				    .cra_driver_name = "sha512-iproc",
4011 				    .cra_blocksize = SHA512_BLOCK_SIZE,
4012 				}
4013 		      },
4014 	 .cipher_info = {
4015 			 .alg = CIPHER_ALG_NONE,
4016 			 .mode = CIPHER_MODE_NONE,
4017 			 },
4018 	 .auth_info = {
4019 		       .alg = HASH_ALG_SHA512,
4020 		       .mode = HASH_MODE_HASH,
4021 		       },
4022 	 },
4023 	{
4024 	 .type = CRYPTO_ALG_TYPE_AHASH,
4025 	 .alg.hash = {
4026 		      .halg.digestsize = SHA512_DIGEST_SIZE,
4027 		      .halg.base = {
4028 				    .cra_name = "hmac(sha512)",
4029 				    .cra_driver_name = "hmac-sha512-iproc",
4030 				    .cra_blocksize = SHA512_BLOCK_SIZE,
4031 				}
4032 		      },
4033 	 .cipher_info = {
4034 			 .alg = CIPHER_ALG_NONE,
4035 			 .mode = CIPHER_MODE_NONE,
4036 			 },
4037 	 .auth_info = {
4038 		       .alg = HASH_ALG_SHA512,
4039 		       .mode = HASH_MODE_HMAC,
4040 		       },
4041 	 },
4042 	{
4043 	 .type = CRYPTO_ALG_TYPE_AHASH,
4044 	 .alg.hash = {
4045 		      .halg.digestsize = SHA3_224_DIGEST_SIZE,
4046 		      .halg.base = {
4047 				    .cra_name = "sha3-224",
4048 				    .cra_driver_name = "sha3-224-iproc",
4049 				    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4050 				}
4051 		      },
4052 	 .cipher_info = {
4053 			 .alg = CIPHER_ALG_NONE,
4054 			 .mode = CIPHER_MODE_NONE,
4055 			 },
4056 	 .auth_info = {
4057 		       .alg = HASH_ALG_SHA3_224,
4058 		       .mode = HASH_MODE_HASH,
4059 		       },
4060 	 },
4061 	{
4062 	 .type = CRYPTO_ALG_TYPE_AHASH,
4063 	 .alg.hash = {
4064 		      .halg.digestsize = SHA3_224_DIGEST_SIZE,
4065 		      .halg.base = {
4066 				    .cra_name = "hmac(sha3-224)",
4067 				    .cra_driver_name = "hmac-sha3-224-iproc",
4068 				    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4069 				}
4070 		      },
4071 	 .cipher_info = {
4072 			 .alg = CIPHER_ALG_NONE,
4073 			 .mode = CIPHER_MODE_NONE,
4074 			 },
4075 	 .auth_info = {
4076 		       .alg = HASH_ALG_SHA3_224,
4077 		       .mode = HASH_MODE_HMAC
4078 		       },
4079 	 },
4080 	{
4081 	 .type = CRYPTO_ALG_TYPE_AHASH,
4082 	 .alg.hash = {
4083 		      .halg.digestsize = SHA3_256_DIGEST_SIZE,
4084 		      .halg.base = {
4085 				    .cra_name = "sha3-256",
4086 				    .cra_driver_name = "sha3-256-iproc",
4087 				    .cra_blocksize = SHA3_256_BLOCK_SIZE,
4088 				}
4089 		      },
4090 	 .cipher_info = {
4091 			 .alg = CIPHER_ALG_NONE,
4092 			 .mode = CIPHER_MODE_NONE,
4093 			 },
4094 	 .auth_info = {
4095 		       .alg = HASH_ALG_SHA3_256,
4096 		       .mode = HASH_MODE_HASH,
4097 		       },
4098 	 },
4099 	{
4100 	 .type = CRYPTO_ALG_TYPE_AHASH,
4101 	 .alg.hash = {
4102 		      .halg.digestsize = SHA3_256_DIGEST_SIZE,
4103 		      .halg.base = {
4104 				    .cra_name = "hmac(sha3-256)",
4105 				    .cra_driver_name = "hmac-sha3-256-iproc",
4106 				    .cra_blocksize = SHA3_256_BLOCK_SIZE,
4107 				}
4108 		      },
4109 	 .cipher_info = {
4110 			 .alg = CIPHER_ALG_NONE,
4111 			 .mode = CIPHER_MODE_NONE,
4112 			 },
4113 	 .auth_info = {
4114 		       .alg = HASH_ALG_SHA3_256,
4115 		       .mode = HASH_MODE_HMAC,
4116 		       },
4117 	 },
4118 	{
4119 	 .type = CRYPTO_ALG_TYPE_AHASH,
4120 	 .alg.hash = {
4121 		      .halg.digestsize = SHA3_384_DIGEST_SIZE,
4122 		      .halg.base = {
4123 				    .cra_name = "sha3-384",
4124 				    .cra_driver_name = "sha3-384-iproc",
4125 				    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4126 				}
4127 		      },
4128 	 .cipher_info = {
4129 			 .alg = CIPHER_ALG_NONE,
4130 			 .mode = CIPHER_MODE_NONE,
4131 			 },
4132 	 .auth_info = {
4133 		       .alg = HASH_ALG_SHA3_384,
4134 		       .mode = HASH_MODE_HASH,
4135 		       },
4136 	 },
4137 	{
4138 	 .type = CRYPTO_ALG_TYPE_AHASH,
4139 	 .alg.hash = {
4140 		      .halg.digestsize = SHA3_384_DIGEST_SIZE,
4141 		      .halg.base = {
4142 				    .cra_name = "hmac(sha3-384)",
4143 				    .cra_driver_name = "hmac-sha3-384-iproc",
4144 				    .cra_blocksize = SHA3_384_BLOCK_SIZE,
4145 				}
4146 		      },
4147 	 .cipher_info = {
4148 			 .alg = CIPHER_ALG_NONE,
4149 			 .mode = CIPHER_MODE_NONE,
4150 			 },
4151 	 .auth_info = {
4152 		       .alg = HASH_ALG_SHA3_384,
4153 		       .mode = HASH_MODE_HMAC,
4154 		       },
4155 	 },
4156 	{
4157 	 .type = CRYPTO_ALG_TYPE_AHASH,
4158 	 .alg.hash = {
4159 		      .halg.digestsize = SHA3_512_DIGEST_SIZE,
4160 		      .halg.base = {
4161 				    .cra_name = "sha3-512",
4162 				    .cra_driver_name = "sha3-512-iproc",
4163 				    .cra_blocksize = SHA3_512_BLOCK_SIZE,
4164 				}
4165 		      },
4166 	 .cipher_info = {
4167 			 .alg = CIPHER_ALG_NONE,
4168 			 .mode = CIPHER_MODE_NONE,
4169 			 },
4170 	 .auth_info = {
4171 		       .alg = HASH_ALG_SHA3_512,
4172 		       .mode = HASH_MODE_HASH,
4173 		       },
4174 	 },
4175 	{
4176 	 .type = CRYPTO_ALG_TYPE_AHASH,
4177 	 .alg.hash = {
4178 		      .halg.digestsize = SHA3_512_DIGEST_SIZE,
4179 		      .halg.base = {
4180 				    .cra_name = "hmac(sha3-512)",
4181 				    .cra_driver_name = "hmac-sha3-512-iproc",
4182 				    .cra_blocksize = SHA3_512_BLOCK_SIZE,
4183 				}
4184 		      },
4185 	 .cipher_info = {
4186 			 .alg = CIPHER_ALG_NONE,
4187 			 .mode = CIPHER_MODE_NONE,
4188 			 },
4189 	 .auth_info = {
4190 		       .alg = HASH_ALG_SHA3_512,
4191 		       .mode = HASH_MODE_HMAC,
4192 		       },
4193 	 },
4194 	{
4195 	 .type = CRYPTO_ALG_TYPE_AHASH,
4196 	 .alg.hash = {
4197 		      .halg.digestsize = AES_BLOCK_SIZE,
4198 		      .halg.base = {
4199 				    .cra_name = "xcbc(aes)",
4200 				    .cra_driver_name = "xcbc-aes-iproc",
4201 				    .cra_blocksize = AES_BLOCK_SIZE,
4202 				}
4203 		      },
4204 	 .cipher_info = {
4205 			 .alg = CIPHER_ALG_NONE,
4206 			 .mode = CIPHER_MODE_NONE,
4207 			 },
4208 	 .auth_info = {
4209 		       .alg = HASH_ALG_AES,
4210 		       .mode = HASH_MODE_XCBC,
4211 		       },
4212 	 },
4213 	{
4214 	 .type = CRYPTO_ALG_TYPE_AHASH,
4215 	 .alg.hash = {
4216 		      .halg.digestsize = AES_BLOCK_SIZE,
4217 		      .halg.base = {
4218 				    .cra_name = "cmac(aes)",
4219 				    .cra_driver_name = "cmac-aes-iproc",
4220 				    .cra_blocksize = AES_BLOCK_SIZE,
4221 				}
4222 		      },
4223 	 .cipher_info = {
4224 			 .alg = CIPHER_ALG_NONE,
4225 			 .mode = CIPHER_MODE_NONE,
4226 			 },
4227 	 .auth_info = {
4228 		       .alg = HASH_ALG_AES,
4229 		       .mode = HASH_MODE_CMAC,
4230 		       },
4231 	 },
4232 };
4233 
4234 static int generic_cra_init(struct crypto_tfm *tfm,
4235 			    struct iproc_alg_s *cipher_alg)
4236 {
4237 	struct spu_hw *spu = &iproc_priv.spu;
4238 	struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4239 	unsigned int blocksize = crypto_tfm_alg_blocksize(tfm);
4240 
4241 	flow_log("%s()\n", __func__);
4242 
4243 	ctx->alg = cipher_alg;
4244 	ctx->cipher = cipher_alg->cipher_info;
4245 	ctx->auth = cipher_alg->auth_info;
4246 	ctx->auth_first = cipher_alg->auth_first;
4247 	ctx->max_payload = spu->spu_ctx_max_payload(ctx->cipher.alg,
4248 						    ctx->cipher.mode,
4249 						    blocksize);
4250 	ctx->fallback_cipher = NULL;
4251 
4252 	ctx->enckeylen = 0;
4253 	ctx->authkeylen = 0;
4254 
4255 	atomic_inc(&iproc_priv.stream_count);
4256 	atomic_inc(&iproc_priv.session_count);
4257 
4258 	return 0;
4259 }
4260 
4261 static int skcipher_init_tfm(struct crypto_skcipher *skcipher)
4262 {
4263 	struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
4264 	struct skcipher_alg *alg = crypto_skcipher_alg(skcipher);
4265 	struct iproc_alg_s *cipher_alg;
4266 
4267 	flow_log("%s()\n", __func__);
4268 
4269 	crypto_skcipher_set_reqsize(skcipher, sizeof(struct iproc_reqctx_s));
4270 
4271 	cipher_alg = container_of(alg, struct iproc_alg_s, alg.skcipher);
4272 	return generic_cra_init(tfm, cipher_alg);
4273 }
4274 
4275 static int ahash_cra_init(struct crypto_tfm *tfm)
4276 {
4277 	int err;
4278 	struct crypto_alg *alg = tfm->__crt_alg;
4279 	struct iproc_alg_s *cipher_alg;
4280 
4281 	cipher_alg = container_of(__crypto_ahash_alg(alg), struct iproc_alg_s,
4282 				  alg.hash);
4283 
4284 	err = generic_cra_init(tfm, cipher_alg);
4285 	flow_log("%s()\n", __func__);
4286 
4287 	/*
4288 	 * export state size has to be < 512 bytes. So don't include msg bufs
4289 	 * in state size.
4290 	 */
4291 	crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
4292 				 sizeof(struct iproc_reqctx_s));
4293 
4294 	return err;
4295 }
4296 
4297 static int aead_cra_init(struct crypto_aead *aead)
4298 {
4299 	struct crypto_tfm *tfm = crypto_aead_tfm(aead);
4300 	struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4301 	struct crypto_alg *alg = tfm->__crt_alg;
4302 	struct aead_alg *aalg = container_of(alg, struct aead_alg, base);
4303 	struct iproc_alg_s *cipher_alg = container_of(aalg, struct iproc_alg_s,
4304 						      alg.aead);
4305 
4306 	int err = generic_cra_init(tfm, cipher_alg);
4307 
4308 	flow_log("%s()\n", __func__);
4309 
4310 	crypto_aead_set_reqsize(aead, sizeof(struct iproc_reqctx_s));
4311 	ctx->is_esp = false;
4312 	ctx->salt_len = 0;
4313 	ctx->salt_offset = 0;
4314 
4315 	/* random first IV */
4316 	get_random_bytes(ctx->iv, MAX_IV_SIZE);
4317 	flow_dump("  iv: ", ctx->iv, MAX_IV_SIZE);
4318 
4319 	if (!err) {
4320 		if (alg->cra_flags & CRYPTO_ALG_NEED_FALLBACK) {
4321 			flow_log("%s() creating fallback cipher\n", __func__);
4322 
4323 			ctx->fallback_cipher =
4324 			    crypto_alloc_aead(alg->cra_name, 0,
4325 					      CRYPTO_ALG_ASYNC |
4326 					      CRYPTO_ALG_NEED_FALLBACK);
4327 			if (IS_ERR(ctx->fallback_cipher)) {
4328 				pr_err("%s() Error: failed to allocate fallback for %s\n",
4329 				       __func__, alg->cra_name);
4330 				return PTR_ERR(ctx->fallback_cipher);
4331 			}
4332 		}
4333 	}
4334 
4335 	return err;
4336 }
4337 
4338 static void generic_cra_exit(struct crypto_tfm *tfm)
4339 {
4340 	atomic_dec(&iproc_priv.session_count);
4341 }
4342 
4343 static void skcipher_exit_tfm(struct crypto_skcipher *tfm)
4344 {
4345 	generic_cra_exit(crypto_skcipher_tfm(tfm));
4346 }
4347 
4348 static void aead_cra_exit(struct crypto_aead *aead)
4349 {
4350 	struct crypto_tfm *tfm = crypto_aead_tfm(aead);
4351 	struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4352 
4353 	generic_cra_exit(tfm);
4354 
4355 	if (ctx->fallback_cipher) {
4356 		crypto_free_aead(ctx->fallback_cipher);
4357 		ctx->fallback_cipher = NULL;
4358 	}
4359 }
4360 
4361 /**
4362  * spu_functions_register() - Specify hardware-specific SPU functions based on
4363  * SPU type read from device tree.
4364  * @dev:	device structure
4365  * @spu_type:	SPU hardware generation
4366  * @spu_subtype: SPU hardware version
4367  */
4368 static void spu_functions_register(struct device *dev,
4369 				   enum spu_spu_type spu_type,
4370 				   enum spu_spu_subtype spu_subtype)
4371 {
4372 	struct spu_hw *spu = &iproc_priv.spu;
4373 
4374 	if (spu_type == SPU_TYPE_SPUM) {
4375 		dev_dbg(dev, "Registering SPUM functions");
4376 		spu->spu_dump_msg_hdr = spum_dump_msg_hdr;
4377 		spu->spu_payload_length = spum_payload_length;
4378 		spu->spu_response_hdr_len = spum_response_hdr_len;
4379 		spu->spu_hash_pad_len = spum_hash_pad_len;
4380 		spu->spu_gcm_ccm_pad_len = spum_gcm_ccm_pad_len;
4381 		spu->spu_assoc_resp_len = spum_assoc_resp_len;
4382 		spu->spu_aead_ivlen = spum_aead_ivlen;
4383 		spu->spu_hash_type = spum_hash_type;
4384 		spu->spu_digest_size = spum_digest_size;
4385 		spu->spu_create_request = spum_create_request;
4386 		spu->spu_cipher_req_init = spum_cipher_req_init;
4387 		spu->spu_cipher_req_finish = spum_cipher_req_finish;
4388 		spu->spu_request_pad = spum_request_pad;
4389 		spu->spu_tx_status_len = spum_tx_status_len;
4390 		spu->spu_rx_status_len = spum_rx_status_len;
4391 		spu->spu_status_process = spum_status_process;
4392 		spu->spu_xts_tweak_in_payload = spum_xts_tweak_in_payload;
4393 		spu->spu_ccm_update_iv = spum_ccm_update_iv;
4394 		spu->spu_wordalign_padlen = spum_wordalign_padlen;
4395 		if (spu_subtype == SPU_SUBTYPE_SPUM_NS2)
4396 			spu->spu_ctx_max_payload = spum_ns2_ctx_max_payload;
4397 		else
4398 			spu->spu_ctx_max_payload = spum_nsp_ctx_max_payload;
4399 	} else {
4400 		dev_dbg(dev, "Registering SPU2 functions");
4401 		spu->spu_dump_msg_hdr = spu2_dump_msg_hdr;
4402 		spu->spu_ctx_max_payload = spu2_ctx_max_payload;
4403 		spu->spu_payload_length = spu2_payload_length;
4404 		spu->spu_response_hdr_len = spu2_response_hdr_len;
4405 		spu->spu_hash_pad_len = spu2_hash_pad_len;
4406 		spu->spu_gcm_ccm_pad_len = spu2_gcm_ccm_pad_len;
4407 		spu->spu_assoc_resp_len = spu2_assoc_resp_len;
4408 		spu->spu_aead_ivlen = spu2_aead_ivlen;
4409 		spu->spu_hash_type = spu2_hash_type;
4410 		spu->spu_digest_size = spu2_digest_size;
4411 		spu->spu_create_request = spu2_create_request;
4412 		spu->spu_cipher_req_init = spu2_cipher_req_init;
4413 		spu->spu_cipher_req_finish = spu2_cipher_req_finish;
4414 		spu->spu_request_pad = spu2_request_pad;
4415 		spu->spu_tx_status_len = spu2_tx_status_len;
4416 		spu->spu_rx_status_len = spu2_rx_status_len;
4417 		spu->spu_status_process = spu2_status_process;
4418 		spu->spu_xts_tweak_in_payload = spu2_xts_tweak_in_payload;
4419 		spu->spu_ccm_update_iv = spu2_ccm_update_iv;
4420 		spu->spu_wordalign_padlen = spu2_wordalign_padlen;
4421 	}
4422 }
4423 
4424 /**
4425  * spu_mb_init() - Initialize mailbox client. Request ownership of a mailbox
4426  * channel for the SPU being probed.
4427  * @dev:  SPU driver device structure
4428  *
4429  * Return: 0 if successful
4430  *	   < 0 otherwise
4431  */
4432 static int spu_mb_init(struct device *dev)
4433 {
4434 	struct mbox_client *mcl = &iproc_priv.mcl;
4435 	int err, i;
4436 
4437 	iproc_priv.mbox = devm_kcalloc(dev, iproc_priv.spu.num_chan,
4438 				  sizeof(struct mbox_chan *), GFP_KERNEL);
4439 	if (!iproc_priv.mbox)
4440 		return -ENOMEM;
4441 
4442 	mcl->dev = dev;
4443 	mcl->tx_block = false;
4444 	mcl->tx_tout = 0;
4445 	mcl->knows_txdone = true;
4446 	mcl->rx_callback = spu_rx_callback;
4447 	mcl->tx_done = NULL;
4448 
4449 	for (i = 0; i < iproc_priv.spu.num_chan; i++) {
4450 		iproc_priv.mbox[i] = mbox_request_channel(mcl, i);
4451 		if (IS_ERR(iproc_priv.mbox[i])) {
4452 			err = (int)PTR_ERR(iproc_priv.mbox[i]);
4453 			dev_err(dev,
4454 				"Mbox channel %d request failed with err %d",
4455 				i, err);
4456 			iproc_priv.mbox[i] = NULL;
4457 			goto free_channels;
4458 		}
4459 	}
4460 
4461 	return 0;
4462 free_channels:
4463 	for (i = 0; i < iproc_priv.spu.num_chan; i++) {
4464 		if (iproc_priv.mbox[i])
4465 			mbox_free_channel(iproc_priv.mbox[i]);
4466 	}
4467 
4468 	return err;
4469 }
4470 
4471 static void spu_mb_release(struct platform_device *pdev)
4472 {
4473 	int i;
4474 
4475 	for (i = 0; i < iproc_priv.spu.num_chan; i++)
4476 		mbox_free_channel(iproc_priv.mbox[i]);
4477 }
4478 
4479 static void spu_counters_init(void)
4480 {
4481 	int i;
4482 	int j;
4483 
4484 	atomic_set(&iproc_priv.session_count, 0);
4485 	atomic_set(&iproc_priv.stream_count, 0);
4486 	atomic_set(&iproc_priv.next_chan, (int)iproc_priv.spu.num_chan);
4487 	atomic64_set(&iproc_priv.bytes_in, 0);
4488 	atomic64_set(&iproc_priv.bytes_out, 0);
4489 	for (i = 0; i < SPU_OP_NUM; i++) {
4490 		atomic_set(&iproc_priv.op_counts[i], 0);
4491 		atomic_set(&iproc_priv.setkey_cnt[i], 0);
4492 	}
4493 	for (i = 0; i < CIPHER_ALG_LAST; i++)
4494 		for (j = 0; j < CIPHER_MODE_LAST; j++)
4495 			atomic_set(&iproc_priv.cipher_cnt[i][j], 0);
4496 
4497 	for (i = 0; i < HASH_ALG_LAST; i++) {
4498 		atomic_set(&iproc_priv.hash_cnt[i], 0);
4499 		atomic_set(&iproc_priv.hmac_cnt[i], 0);
4500 	}
4501 	for (i = 0; i < AEAD_TYPE_LAST; i++)
4502 		atomic_set(&iproc_priv.aead_cnt[i], 0);
4503 
4504 	atomic_set(&iproc_priv.mb_no_spc, 0);
4505 	atomic_set(&iproc_priv.mb_send_fail, 0);
4506 	atomic_set(&iproc_priv.bad_icv, 0);
4507 }
4508 
4509 static int spu_register_skcipher(struct iproc_alg_s *driver_alg)
4510 {
4511 	struct spu_hw *spu = &iproc_priv.spu;
4512 	struct skcipher_alg *crypto = &driver_alg->alg.skcipher;
4513 	int err;
4514 
4515 	/* SPU2 does not support RC4 */
4516 	if ((driver_alg->cipher_info.alg == CIPHER_ALG_RC4) &&
4517 	    (spu->spu_type == SPU_TYPE_SPU2))
4518 		return 0;
4519 
4520 	crypto->base.cra_module = THIS_MODULE;
4521 	crypto->base.cra_priority = cipher_pri;
4522 	crypto->base.cra_alignmask = 0;
4523 	crypto->base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4524 	crypto->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
4525 
4526 	crypto->init = skcipher_init_tfm;
4527 	crypto->exit = skcipher_exit_tfm;
4528 	crypto->setkey = skcipher_setkey;
4529 	crypto->encrypt = skcipher_encrypt;
4530 	crypto->decrypt = skcipher_decrypt;
4531 
4532 	err = crypto_register_skcipher(crypto);
4533 	/* Mark alg as having been registered, if successful */
4534 	if (err == 0)
4535 		driver_alg->registered = true;
4536 	pr_debug("  registered skcipher %s\n", crypto->base.cra_driver_name);
4537 	return err;
4538 }
4539 
4540 static int spu_register_ahash(struct iproc_alg_s *driver_alg)
4541 {
4542 	struct spu_hw *spu = &iproc_priv.spu;
4543 	struct ahash_alg *hash = &driver_alg->alg.hash;
4544 	int err;
4545 
4546 	/* AES-XCBC is the only AES hash type currently supported on SPU-M */
4547 	if ((driver_alg->auth_info.alg == HASH_ALG_AES) &&
4548 	    (driver_alg->auth_info.mode != HASH_MODE_XCBC) &&
4549 	    (spu->spu_type == SPU_TYPE_SPUM))
4550 		return 0;
4551 
4552 	/* SHA3 algorithm variants are not registered for SPU-M or SPU2. */
4553 	if ((driver_alg->auth_info.alg >= HASH_ALG_SHA3_224) &&
4554 	    (spu->spu_subtype != SPU_SUBTYPE_SPU2_V2))
4555 		return 0;
4556 
4557 	hash->halg.base.cra_module = THIS_MODULE;
4558 	hash->halg.base.cra_priority = hash_pri;
4559 	hash->halg.base.cra_alignmask = 0;
4560 	hash->halg.base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4561 	hash->halg.base.cra_init = ahash_cra_init;
4562 	hash->halg.base.cra_exit = generic_cra_exit;
4563 	hash->halg.base.cra_flags = CRYPTO_ALG_ASYNC;
4564 	hash->halg.statesize = sizeof(struct spu_hash_export_s);
4565 
4566 	if (driver_alg->auth_info.mode != HASH_MODE_HMAC) {
4567 		hash->init = ahash_init;
4568 		hash->update = ahash_update;
4569 		hash->final = ahash_final;
4570 		hash->finup = ahash_finup;
4571 		hash->digest = ahash_digest;
4572 		if ((driver_alg->auth_info.alg == HASH_ALG_AES) &&
4573 		    ((driver_alg->auth_info.mode == HASH_MODE_XCBC) ||
4574 		    (driver_alg->auth_info.mode == HASH_MODE_CMAC))) {
4575 			hash->setkey = ahash_setkey;
4576 		}
4577 	} else {
4578 		hash->setkey = ahash_hmac_setkey;
4579 		hash->init = ahash_hmac_init;
4580 		hash->update = ahash_hmac_update;
4581 		hash->final = ahash_hmac_final;
4582 		hash->finup = ahash_hmac_finup;
4583 		hash->digest = ahash_hmac_digest;
4584 	}
4585 	hash->export = ahash_export;
4586 	hash->import = ahash_import;
4587 
4588 	err = crypto_register_ahash(hash);
4589 	/* Mark alg as having been registered, if successful */
4590 	if (err == 0)
4591 		driver_alg->registered = true;
4592 	pr_debug("  registered ahash %s\n",
4593 		 hash->halg.base.cra_driver_name);
4594 	return err;
4595 }
4596 
4597 static int spu_register_aead(struct iproc_alg_s *driver_alg)
4598 {
4599 	struct aead_alg *aead = &driver_alg->alg.aead;
4600 	int err;
4601 
4602 	aead->base.cra_module = THIS_MODULE;
4603 	aead->base.cra_priority = aead_pri;
4604 	aead->base.cra_alignmask = 0;
4605 	aead->base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4606 
4607 	aead->base.cra_flags |= CRYPTO_ALG_ASYNC;
4608 	/* setkey set in alg initialization */
4609 	aead->setauthsize = aead_setauthsize;
4610 	aead->encrypt = aead_encrypt;
4611 	aead->decrypt = aead_decrypt;
4612 	aead->init = aead_cra_init;
4613 	aead->exit = aead_cra_exit;
4614 
4615 	err = crypto_register_aead(aead);
4616 	/* Mark alg as having been registered, if successful */
4617 	if (err == 0)
4618 		driver_alg->registered = true;
4619 	pr_debug("  registered aead %s\n", aead->base.cra_driver_name);
4620 	return err;
4621 }
4622 
4623 /* register crypto algorithms the device supports */
4624 static int spu_algs_register(struct device *dev)
4625 {
4626 	int i, j;
4627 	int err;
4628 
4629 	for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
4630 		switch (driver_algs[i].type) {
4631 		case CRYPTO_ALG_TYPE_SKCIPHER:
4632 			err = spu_register_skcipher(&driver_algs[i]);
4633 			break;
4634 		case CRYPTO_ALG_TYPE_AHASH:
4635 			err = spu_register_ahash(&driver_algs[i]);
4636 			break;
4637 		case CRYPTO_ALG_TYPE_AEAD:
4638 			err = spu_register_aead(&driver_algs[i]);
4639 			break;
4640 		default:
4641 			dev_err(dev,
4642 				"iproc-crypto: unknown alg type: %d",
4643 				driver_algs[i].type);
4644 			err = -EINVAL;
4645 		}
4646 
4647 		if (err) {
4648 			dev_err(dev, "alg registration failed with error %d\n",
4649 				err);
4650 			goto err_algs;
4651 		}
4652 	}
4653 
4654 	return 0;
4655 
4656 err_algs:
4657 	for (j = 0; j < i; j++) {
4658 		/* Skip any algorithm not registered */
4659 		if (!driver_algs[j].registered)
4660 			continue;
4661 		switch (driver_algs[j].type) {
4662 		case CRYPTO_ALG_TYPE_SKCIPHER:
4663 			crypto_unregister_skcipher(&driver_algs[j].alg.skcipher);
4664 			driver_algs[j].registered = false;
4665 			break;
4666 		case CRYPTO_ALG_TYPE_AHASH:
4667 			crypto_unregister_ahash(&driver_algs[j].alg.hash);
4668 			driver_algs[j].registered = false;
4669 			break;
4670 		case CRYPTO_ALG_TYPE_AEAD:
4671 			crypto_unregister_aead(&driver_algs[j].alg.aead);
4672 			driver_algs[j].registered = false;
4673 			break;
4674 		}
4675 	}
4676 	return err;
4677 }
4678 
4679 /* ==================== Kernel Platform API ==================== */
4680 
4681 static struct spu_type_subtype spum_ns2_types = {
4682 	SPU_TYPE_SPUM, SPU_SUBTYPE_SPUM_NS2
4683 };
4684 
4685 static struct spu_type_subtype spum_nsp_types = {
4686 	SPU_TYPE_SPUM, SPU_SUBTYPE_SPUM_NSP
4687 };
4688 
4689 static struct spu_type_subtype spu2_types = {
4690 	SPU_TYPE_SPU2, SPU_SUBTYPE_SPU2_V1
4691 };
4692 
4693 static struct spu_type_subtype spu2_v2_types = {
4694 	SPU_TYPE_SPU2, SPU_SUBTYPE_SPU2_V2
4695 };
4696 
4697 static const struct of_device_id bcm_spu_dt_ids[] = {
4698 	{
4699 		.compatible = "brcm,spum-crypto",
4700 		.data = &spum_ns2_types,
4701 	},
4702 	{
4703 		.compatible = "brcm,spum-nsp-crypto",
4704 		.data = &spum_nsp_types,
4705 	},
4706 	{
4707 		.compatible = "brcm,spu2-crypto",
4708 		.data = &spu2_types,
4709 	},
4710 	{
4711 		.compatible = "brcm,spu2-v2-crypto",
4712 		.data = &spu2_v2_types,
4713 	},
4714 	{ /* sentinel */ }
4715 };
4716 
4717 MODULE_DEVICE_TABLE(of, bcm_spu_dt_ids);
4718 
4719 static int spu_dt_read(struct platform_device *pdev)
4720 {
4721 	struct device *dev = &pdev->dev;
4722 	struct spu_hw *spu = &iproc_priv.spu;
4723 	struct resource *spu_ctrl_regs;
4724 	const struct spu_type_subtype *matched_spu_type;
4725 	struct device_node *dn = pdev->dev.of_node;
4726 	int err, i;
4727 
4728 	/* Count number of mailbox channels */
4729 	spu->num_chan = of_count_phandle_with_args(dn, "mboxes", "#mbox-cells");
4730 
4731 	matched_spu_type = of_device_get_match_data(dev);
4732 	if (!matched_spu_type) {
4733 		dev_err(&pdev->dev, "Failed to match device\n");
4734 		return -ENODEV;
4735 	}
4736 
4737 	spu->spu_type = matched_spu_type->type;
4738 	spu->spu_subtype = matched_spu_type->subtype;
4739 
4740 	i = 0;
4741 	for (i = 0; (i < MAX_SPUS) && ((spu_ctrl_regs =
4742 		platform_get_resource(pdev, IORESOURCE_MEM, i)) != NULL); i++) {
4743 
4744 		spu->reg_vbase[i] = devm_ioremap_resource(dev, spu_ctrl_regs);
4745 		if (IS_ERR(spu->reg_vbase[i])) {
4746 			err = PTR_ERR(spu->reg_vbase[i]);
4747 			dev_err(&pdev->dev, "Failed to map registers: %d\n",
4748 				err);
4749 			spu->reg_vbase[i] = NULL;
4750 			return err;
4751 		}
4752 	}
4753 	spu->num_spu = i;
4754 	dev_dbg(dev, "Device has %d SPUs", spu->num_spu);
4755 
4756 	return 0;
4757 }
4758 
4759 static int bcm_spu_probe(struct platform_device *pdev)
4760 {
4761 	struct device *dev = &pdev->dev;
4762 	struct spu_hw *spu = &iproc_priv.spu;
4763 	int err = 0;
4764 
4765 	iproc_priv.pdev  = pdev;
4766 	platform_set_drvdata(iproc_priv.pdev,
4767 			     &iproc_priv);
4768 
4769 	err = spu_dt_read(pdev);
4770 	if (err < 0)
4771 		goto failure;
4772 
4773 	err = spu_mb_init(&pdev->dev);
4774 	if (err < 0)
4775 		goto failure;
4776 
4777 	if (spu->spu_type == SPU_TYPE_SPUM)
4778 		iproc_priv.bcm_hdr_len = 8;
4779 	else if (spu->spu_type == SPU_TYPE_SPU2)
4780 		iproc_priv.bcm_hdr_len = 0;
4781 
4782 	spu_functions_register(&pdev->dev, spu->spu_type, spu->spu_subtype);
4783 
4784 	spu_counters_init();
4785 
4786 	spu_setup_debugfs();
4787 
4788 	err = spu_algs_register(dev);
4789 	if (err < 0)
4790 		goto fail_reg;
4791 
4792 	return 0;
4793 
4794 fail_reg:
4795 	spu_free_debugfs();
4796 failure:
4797 	spu_mb_release(pdev);
4798 	dev_err(dev, "%s failed with error %d.\n", __func__, err);
4799 
4800 	return err;
4801 }
4802 
4803 static int bcm_spu_remove(struct platform_device *pdev)
4804 {
4805 	int i;
4806 	struct device *dev = &pdev->dev;
4807 	char *cdn;
4808 
4809 	for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
4810 		/*
4811 		 * Not all algorithms were registered, depending on whether
4812 		 * hardware is SPU or SPU2.  So here we make sure to skip
4813 		 * those algorithms that were not previously registered.
4814 		 */
4815 		if (!driver_algs[i].registered)
4816 			continue;
4817 
4818 		switch (driver_algs[i].type) {
4819 		case CRYPTO_ALG_TYPE_SKCIPHER:
4820 			crypto_unregister_skcipher(&driver_algs[i].alg.skcipher);
4821 			dev_dbg(dev, "  unregistered cipher %s\n",
4822 				driver_algs[i].alg.skcipher.base.cra_driver_name);
4823 			driver_algs[i].registered = false;
4824 			break;
4825 		case CRYPTO_ALG_TYPE_AHASH:
4826 			crypto_unregister_ahash(&driver_algs[i].alg.hash);
4827 			cdn = driver_algs[i].alg.hash.halg.base.cra_driver_name;
4828 			dev_dbg(dev, "  unregistered hash %s\n", cdn);
4829 			driver_algs[i].registered = false;
4830 			break;
4831 		case CRYPTO_ALG_TYPE_AEAD:
4832 			crypto_unregister_aead(&driver_algs[i].alg.aead);
4833 			dev_dbg(dev, "  unregistered aead %s\n",
4834 				driver_algs[i].alg.aead.base.cra_driver_name);
4835 			driver_algs[i].registered = false;
4836 			break;
4837 		}
4838 	}
4839 	spu_free_debugfs();
4840 	spu_mb_release(pdev);
4841 	return 0;
4842 }
4843 
4844 /* ===== Kernel Module API ===== */
4845 
4846 static struct platform_driver bcm_spu_pdriver = {
4847 	.driver = {
4848 		   .name = "brcm-spu-crypto",
4849 		   .of_match_table = of_match_ptr(bcm_spu_dt_ids),
4850 		   },
4851 	.probe = bcm_spu_probe,
4852 	.remove = bcm_spu_remove,
4853 };
4854 module_platform_driver(bcm_spu_pdriver);
4855 
4856 MODULE_AUTHOR("Rob Rice <rob.rice@broadcom.com>");
4857 MODULE_DESCRIPTION("Broadcom symmetric crypto offload driver");
4858 MODULE_LICENSE("GPL v2");
4859