1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * caam - Freescale FSL CAAM support for crypto API 4 * 5 * Copyright 2008-2011 Freescale Semiconductor, Inc. 6 * Copyright 2016-2019 NXP 7 * 8 * Based on talitos crypto API driver. 9 * 10 * relationship of job descriptors to shared descriptors (SteveC Dec 10 2008): 11 * 12 * --------------- --------------- 13 * | JobDesc #1 |-------------------->| ShareDesc | 14 * | *(packet 1) | | (PDB) | 15 * --------------- |------------->| (hashKey) | 16 * . | | (cipherKey) | 17 * . | |-------->| (operation) | 18 * --------------- | | --------------- 19 * | JobDesc #2 |------| | 20 * | *(packet 2) | | 21 * --------------- | 22 * . | 23 * . | 24 * --------------- | 25 * | JobDesc #3 |------------ 26 * | *(packet 3) | 27 * --------------- 28 * 29 * The SharedDesc never changes for a connection unless rekeyed, but 30 * each packet will likely be in a different place. So all we need 31 * to know to process the packet is where the input is, where the 32 * output goes, and what context we want to process with. Context is 33 * in the SharedDesc, packet references in the JobDesc. 34 * 35 * So, a job desc looks like: 36 * 37 * --------------------- 38 * | Header | 39 * | ShareDesc Pointer | 40 * | SEQ_OUT_PTR | 41 * | (output buffer) | 42 * | (output length) | 43 * | SEQ_IN_PTR | 44 * | (input buffer) | 45 * | (input length) | 46 * --------------------- 47 */ 48 49 #include "compat.h" 50 51 #include "regs.h" 52 #include "intern.h" 53 #include "desc_constr.h" 54 #include "jr.h" 55 #include "error.h" 56 #include "sg_sw_sec4.h" 57 #include "key_gen.h" 58 #include "caamalg_desc.h" 59 #include <crypto/engine.h> 60 #include <crypto/xts.h> 61 #include <asm/unaligned.h> 62 63 /* 64 * crypto alg 65 */ 66 #define CAAM_CRA_PRIORITY 3000 67 /* max key is sum of AES_MAX_KEY_SIZE, max split key size */ 68 #define CAAM_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + \ 69 CTR_RFC3686_NONCE_SIZE + \ 70 SHA512_DIGEST_SIZE * 2) 71 72 #define AEAD_DESC_JOB_IO_LEN (DESC_JOB_IO_LEN + CAAM_CMD_SZ * 2) 73 #define GCM_DESC_JOB_IO_LEN (AEAD_DESC_JOB_IO_LEN + \ 74 CAAM_CMD_SZ * 4) 75 #define AUTHENC_DESC_JOB_IO_LEN (AEAD_DESC_JOB_IO_LEN + \ 76 CAAM_CMD_SZ * 5) 77 78 #define CHACHAPOLY_DESC_JOB_IO_LEN (AEAD_DESC_JOB_IO_LEN + CAAM_CMD_SZ * 6) 79 80 #define DESC_MAX_USED_BYTES (CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN_MIN) 81 #define DESC_MAX_USED_LEN (DESC_MAX_USED_BYTES / CAAM_CMD_SZ) 82 83 struct caam_alg_entry { 84 int class1_alg_type; 85 int class2_alg_type; 86 bool rfc3686; 87 bool geniv; 88 bool nodkp; 89 }; 90 91 struct caam_aead_alg { 92 struct aead_alg aead; 93 struct caam_alg_entry caam; 94 bool registered; 95 }; 96 97 struct caam_skcipher_alg { 98 struct skcipher_alg skcipher; 99 struct caam_alg_entry caam; 100 bool registered; 101 }; 102 103 /* 104 * per-session context 105 */ 106 struct caam_ctx { 107 struct crypto_engine_ctx enginectx; 108 u32 sh_desc_enc[DESC_MAX_USED_LEN]; 109 u32 sh_desc_dec[DESC_MAX_USED_LEN]; 110 u8 key[CAAM_MAX_KEY_SIZE]; 111 dma_addr_t sh_desc_enc_dma; 112 dma_addr_t sh_desc_dec_dma; 113 dma_addr_t key_dma; 114 enum dma_data_direction dir; 115 struct device *jrdev; 116 struct alginfo adata; 117 struct alginfo cdata; 118 unsigned int authsize; 119 bool xts_key_fallback; 120 struct crypto_skcipher *fallback; 121 }; 122 123 struct caam_skcipher_req_ctx { 124 struct skcipher_edesc *edesc; 125 struct skcipher_request fallback_req; 126 }; 127 128 struct caam_aead_req_ctx { 129 struct aead_edesc *edesc; 130 }; 131 132 static int aead_null_set_sh_desc(struct crypto_aead *aead) 133 { 134 struct caam_ctx *ctx = crypto_aead_ctx(aead); 135 struct device *jrdev = ctx->jrdev; 136 struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent); 137 u32 *desc; 138 int rem_bytes = CAAM_DESC_BYTES_MAX - AEAD_DESC_JOB_IO_LEN - 139 ctx->adata.keylen_pad; 140 141 /* 142 * Job Descriptor and Shared Descriptors 143 * must all fit into the 64-word Descriptor h/w Buffer 144 */ 145 if (rem_bytes >= DESC_AEAD_NULL_ENC_LEN) { 146 ctx->adata.key_inline = true; 147 ctx->adata.key_virt = ctx->key; 148 } else { 149 ctx->adata.key_inline = false; 150 ctx->adata.key_dma = ctx->key_dma; 151 } 152 153 /* aead_encrypt shared descriptor */ 154 desc = ctx->sh_desc_enc; 155 cnstr_shdsc_aead_null_encap(desc, &ctx->adata, ctx->authsize, 156 ctrlpriv->era); 157 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 158 desc_bytes(desc), ctx->dir); 159 160 /* 161 * Job Descriptor and Shared Descriptors 162 * must all fit into the 64-word Descriptor h/w Buffer 163 */ 164 if (rem_bytes >= DESC_AEAD_NULL_DEC_LEN) { 165 ctx->adata.key_inline = true; 166 ctx->adata.key_virt = ctx->key; 167 } else { 168 ctx->adata.key_inline = false; 169 ctx->adata.key_dma = ctx->key_dma; 170 } 171 172 /* aead_decrypt shared descriptor */ 173 desc = ctx->sh_desc_dec; 174 cnstr_shdsc_aead_null_decap(desc, &ctx->adata, ctx->authsize, 175 ctrlpriv->era); 176 dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, 177 desc_bytes(desc), ctx->dir); 178 179 return 0; 180 } 181 182 static int aead_set_sh_desc(struct crypto_aead *aead) 183 { 184 struct caam_aead_alg *alg = container_of(crypto_aead_alg(aead), 185 struct caam_aead_alg, aead); 186 unsigned int ivsize = crypto_aead_ivsize(aead); 187 struct caam_ctx *ctx = crypto_aead_ctx(aead); 188 struct device *jrdev = ctx->jrdev; 189 struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent); 190 u32 ctx1_iv_off = 0; 191 u32 *desc, *nonce = NULL; 192 u32 inl_mask; 193 unsigned int data_len[2]; 194 const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) == 195 OP_ALG_AAI_CTR_MOD128); 196 const bool is_rfc3686 = alg->caam.rfc3686; 197 198 if (!ctx->authsize) 199 return 0; 200 201 /* NULL encryption / decryption */ 202 if (!ctx->cdata.keylen) 203 return aead_null_set_sh_desc(aead); 204 205 /* 206 * AES-CTR needs to load IV in CONTEXT1 reg 207 * at an offset of 128bits (16bytes) 208 * CONTEXT1[255:128] = IV 209 */ 210 if (ctr_mode) 211 ctx1_iv_off = 16; 212 213 /* 214 * RFC3686 specific: 215 * CONTEXT1[255:128] = {NONCE, IV, COUNTER} 216 */ 217 if (is_rfc3686) { 218 ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE; 219 nonce = (u32 *)((void *)ctx->key + ctx->adata.keylen_pad + 220 ctx->cdata.keylen - CTR_RFC3686_NONCE_SIZE); 221 } 222 223 /* 224 * In case |user key| > |derived key|, using DKP<imm,imm> 225 * would result in invalid opcodes (last bytes of user key) in 226 * the resulting descriptor. Use DKP<ptr,imm> instead => both 227 * virtual and dma key addresses are needed. 228 */ 229 ctx->adata.key_virt = ctx->key; 230 ctx->adata.key_dma = ctx->key_dma; 231 232 ctx->cdata.key_virt = ctx->key + ctx->adata.keylen_pad; 233 ctx->cdata.key_dma = ctx->key_dma + ctx->adata.keylen_pad; 234 235 data_len[0] = ctx->adata.keylen_pad; 236 data_len[1] = ctx->cdata.keylen; 237 238 if (alg->caam.geniv) 239 goto skip_enc; 240 241 /* 242 * Job Descriptor and Shared Descriptors 243 * must all fit into the 64-word Descriptor h/w Buffer 244 */ 245 if (desc_inline_query(DESC_AEAD_ENC_LEN + 246 (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0), 247 AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask, 248 ARRAY_SIZE(data_len)) < 0) 249 return -EINVAL; 250 251 ctx->adata.key_inline = !!(inl_mask & 1); 252 ctx->cdata.key_inline = !!(inl_mask & 2); 253 254 /* aead_encrypt shared descriptor */ 255 desc = ctx->sh_desc_enc; 256 cnstr_shdsc_aead_encap(desc, &ctx->cdata, &ctx->adata, ivsize, 257 ctx->authsize, is_rfc3686, nonce, ctx1_iv_off, 258 false, ctrlpriv->era); 259 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 260 desc_bytes(desc), ctx->dir); 261 262 skip_enc: 263 /* 264 * Job Descriptor and Shared Descriptors 265 * must all fit into the 64-word Descriptor h/w Buffer 266 */ 267 if (desc_inline_query(DESC_AEAD_DEC_LEN + 268 (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0), 269 AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask, 270 ARRAY_SIZE(data_len)) < 0) 271 return -EINVAL; 272 273 ctx->adata.key_inline = !!(inl_mask & 1); 274 ctx->cdata.key_inline = !!(inl_mask & 2); 275 276 /* aead_decrypt shared descriptor */ 277 desc = ctx->sh_desc_dec; 278 cnstr_shdsc_aead_decap(desc, &ctx->cdata, &ctx->adata, ivsize, 279 ctx->authsize, alg->caam.geniv, is_rfc3686, 280 nonce, ctx1_iv_off, false, ctrlpriv->era); 281 dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, 282 desc_bytes(desc), ctx->dir); 283 284 if (!alg->caam.geniv) 285 goto skip_givenc; 286 287 /* 288 * Job Descriptor and Shared Descriptors 289 * must all fit into the 64-word Descriptor h/w Buffer 290 */ 291 if (desc_inline_query(DESC_AEAD_GIVENC_LEN + 292 (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0), 293 AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask, 294 ARRAY_SIZE(data_len)) < 0) 295 return -EINVAL; 296 297 ctx->adata.key_inline = !!(inl_mask & 1); 298 ctx->cdata.key_inline = !!(inl_mask & 2); 299 300 /* aead_givencrypt shared descriptor */ 301 desc = ctx->sh_desc_enc; 302 cnstr_shdsc_aead_givencap(desc, &ctx->cdata, &ctx->adata, ivsize, 303 ctx->authsize, is_rfc3686, nonce, 304 ctx1_iv_off, false, ctrlpriv->era); 305 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 306 desc_bytes(desc), ctx->dir); 307 308 skip_givenc: 309 return 0; 310 } 311 312 static int aead_setauthsize(struct crypto_aead *authenc, 313 unsigned int authsize) 314 { 315 struct caam_ctx *ctx = crypto_aead_ctx(authenc); 316 317 ctx->authsize = authsize; 318 aead_set_sh_desc(authenc); 319 320 return 0; 321 } 322 323 static int gcm_set_sh_desc(struct crypto_aead *aead) 324 { 325 struct caam_ctx *ctx = crypto_aead_ctx(aead); 326 struct device *jrdev = ctx->jrdev; 327 unsigned int ivsize = crypto_aead_ivsize(aead); 328 u32 *desc; 329 int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN - 330 ctx->cdata.keylen; 331 332 if (!ctx->cdata.keylen || !ctx->authsize) 333 return 0; 334 335 /* 336 * AES GCM encrypt shared descriptor 337 * Job Descriptor and Shared Descriptor 338 * must fit into the 64-word Descriptor h/w Buffer 339 */ 340 if (rem_bytes >= DESC_GCM_ENC_LEN) { 341 ctx->cdata.key_inline = true; 342 ctx->cdata.key_virt = ctx->key; 343 } else { 344 ctx->cdata.key_inline = false; 345 ctx->cdata.key_dma = ctx->key_dma; 346 } 347 348 desc = ctx->sh_desc_enc; 349 cnstr_shdsc_gcm_encap(desc, &ctx->cdata, ivsize, ctx->authsize, false); 350 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 351 desc_bytes(desc), ctx->dir); 352 353 /* 354 * Job Descriptor and Shared Descriptors 355 * must all fit into the 64-word Descriptor h/w Buffer 356 */ 357 if (rem_bytes >= DESC_GCM_DEC_LEN) { 358 ctx->cdata.key_inline = true; 359 ctx->cdata.key_virt = ctx->key; 360 } else { 361 ctx->cdata.key_inline = false; 362 ctx->cdata.key_dma = ctx->key_dma; 363 } 364 365 desc = ctx->sh_desc_dec; 366 cnstr_shdsc_gcm_decap(desc, &ctx->cdata, ivsize, ctx->authsize, false); 367 dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, 368 desc_bytes(desc), ctx->dir); 369 370 return 0; 371 } 372 373 static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize) 374 { 375 struct caam_ctx *ctx = crypto_aead_ctx(authenc); 376 int err; 377 378 err = crypto_gcm_check_authsize(authsize); 379 if (err) 380 return err; 381 382 ctx->authsize = authsize; 383 gcm_set_sh_desc(authenc); 384 385 return 0; 386 } 387 388 static int rfc4106_set_sh_desc(struct crypto_aead *aead) 389 { 390 struct caam_ctx *ctx = crypto_aead_ctx(aead); 391 struct device *jrdev = ctx->jrdev; 392 unsigned int ivsize = crypto_aead_ivsize(aead); 393 u32 *desc; 394 int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN - 395 ctx->cdata.keylen; 396 397 if (!ctx->cdata.keylen || !ctx->authsize) 398 return 0; 399 400 /* 401 * RFC4106 encrypt shared descriptor 402 * Job Descriptor and Shared Descriptor 403 * must fit into the 64-word Descriptor h/w Buffer 404 */ 405 if (rem_bytes >= DESC_RFC4106_ENC_LEN) { 406 ctx->cdata.key_inline = true; 407 ctx->cdata.key_virt = ctx->key; 408 } else { 409 ctx->cdata.key_inline = false; 410 ctx->cdata.key_dma = ctx->key_dma; 411 } 412 413 desc = ctx->sh_desc_enc; 414 cnstr_shdsc_rfc4106_encap(desc, &ctx->cdata, ivsize, ctx->authsize, 415 false); 416 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 417 desc_bytes(desc), ctx->dir); 418 419 /* 420 * Job Descriptor and Shared Descriptors 421 * must all fit into the 64-word Descriptor h/w Buffer 422 */ 423 if (rem_bytes >= DESC_RFC4106_DEC_LEN) { 424 ctx->cdata.key_inline = true; 425 ctx->cdata.key_virt = ctx->key; 426 } else { 427 ctx->cdata.key_inline = false; 428 ctx->cdata.key_dma = ctx->key_dma; 429 } 430 431 desc = ctx->sh_desc_dec; 432 cnstr_shdsc_rfc4106_decap(desc, &ctx->cdata, ivsize, ctx->authsize, 433 false); 434 dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, 435 desc_bytes(desc), ctx->dir); 436 437 return 0; 438 } 439 440 static int rfc4106_setauthsize(struct crypto_aead *authenc, 441 unsigned int authsize) 442 { 443 struct caam_ctx *ctx = crypto_aead_ctx(authenc); 444 int err; 445 446 err = crypto_rfc4106_check_authsize(authsize); 447 if (err) 448 return err; 449 450 ctx->authsize = authsize; 451 rfc4106_set_sh_desc(authenc); 452 453 return 0; 454 } 455 456 static int rfc4543_set_sh_desc(struct crypto_aead *aead) 457 { 458 struct caam_ctx *ctx = crypto_aead_ctx(aead); 459 struct device *jrdev = ctx->jrdev; 460 unsigned int ivsize = crypto_aead_ivsize(aead); 461 u32 *desc; 462 int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN - 463 ctx->cdata.keylen; 464 465 if (!ctx->cdata.keylen || !ctx->authsize) 466 return 0; 467 468 /* 469 * RFC4543 encrypt shared descriptor 470 * Job Descriptor and Shared Descriptor 471 * must fit into the 64-word Descriptor h/w Buffer 472 */ 473 if (rem_bytes >= DESC_RFC4543_ENC_LEN) { 474 ctx->cdata.key_inline = true; 475 ctx->cdata.key_virt = ctx->key; 476 } else { 477 ctx->cdata.key_inline = false; 478 ctx->cdata.key_dma = ctx->key_dma; 479 } 480 481 desc = ctx->sh_desc_enc; 482 cnstr_shdsc_rfc4543_encap(desc, &ctx->cdata, ivsize, ctx->authsize, 483 false); 484 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 485 desc_bytes(desc), ctx->dir); 486 487 /* 488 * Job Descriptor and Shared Descriptors 489 * must all fit into the 64-word Descriptor h/w Buffer 490 */ 491 if (rem_bytes >= DESC_RFC4543_DEC_LEN) { 492 ctx->cdata.key_inline = true; 493 ctx->cdata.key_virt = ctx->key; 494 } else { 495 ctx->cdata.key_inline = false; 496 ctx->cdata.key_dma = ctx->key_dma; 497 } 498 499 desc = ctx->sh_desc_dec; 500 cnstr_shdsc_rfc4543_decap(desc, &ctx->cdata, ivsize, ctx->authsize, 501 false); 502 dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, 503 desc_bytes(desc), ctx->dir); 504 505 return 0; 506 } 507 508 static int rfc4543_setauthsize(struct crypto_aead *authenc, 509 unsigned int authsize) 510 { 511 struct caam_ctx *ctx = crypto_aead_ctx(authenc); 512 513 if (authsize != 16) 514 return -EINVAL; 515 516 ctx->authsize = authsize; 517 rfc4543_set_sh_desc(authenc); 518 519 return 0; 520 } 521 522 static int chachapoly_set_sh_desc(struct crypto_aead *aead) 523 { 524 struct caam_ctx *ctx = crypto_aead_ctx(aead); 525 struct device *jrdev = ctx->jrdev; 526 unsigned int ivsize = crypto_aead_ivsize(aead); 527 u32 *desc; 528 529 if (!ctx->cdata.keylen || !ctx->authsize) 530 return 0; 531 532 desc = ctx->sh_desc_enc; 533 cnstr_shdsc_chachapoly(desc, &ctx->cdata, &ctx->adata, ivsize, 534 ctx->authsize, true, false); 535 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 536 desc_bytes(desc), ctx->dir); 537 538 desc = ctx->sh_desc_dec; 539 cnstr_shdsc_chachapoly(desc, &ctx->cdata, &ctx->adata, ivsize, 540 ctx->authsize, false, false); 541 dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, 542 desc_bytes(desc), ctx->dir); 543 544 return 0; 545 } 546 547 static int chachapoly_setauthsize(struct crypto_aead *aead, 548 unsigned int authsize) 549 { 550 struct caam_ctx *ctx = crypto_aead_ctx(aead); 551 552 if (authsize != POLY1305_DIGEST_SIZE) 553 return -EINVAL; 554 555 ctx->authsize = authsize; 556 return chachapoly_set_sh_desc(aead); 557 } 558 559 static int chachapoly_setkey(struct crypto_aead *aead, const u8 *key, 560 unsigned int keylen) 561 { 562 struct caam_ctx *ctx = crypto_aead_ctx(aead); 563 unsigned int ivsize = crypto_aead_ivsize(aead); 564 unsigned int saltlen = CHACHAPOLY_IV_SIZE - ivsize; 565 566 if (keylen != CHACHA_KEY_SIZE + saltlen) 567 return -EINVAL; 568 569 ctx->cdata.key_virt = key; 570 ctx->cdata.keylen = keylen - saltlen; 571 572 return chachapoly_set_sh_desc(aead); 573 } 574 575 static int aead_setkey(struct crypto_aead *aead, 576 const u8 *key, unsigned int keylen) 577 { 578 struct caam_ctx *ctx = crypto_aead_ctx(aead); 579 struct device *jrdev = ctx->jrdev; 580 struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent); 581 struct crypto_authenc_keys keys; 582 int ret = 0; 583 584 if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) 585 goto badkey; 586 587 dev_dbg(jrdev, "keylen %d enckeylen %d authkeylen %d\n", 588 keys.authkeylen + keys.enckeylen, keys.enckeylen, 589 keys.authkeylen); 590 print_hex_dump_debug("key in @"__stringify(__LINE__)": ", 591 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); 592 593 /* 594 * If DKP is supported, use it in the shared descriptor to generate 595 * the split key. 596 */ 597 if (ctrlpriv->era >= 6) { 598 ctx->adata.keylen = keys.authkeylen; 599 ctx->adata.keylen_pad = split_key_len(ctx->adata.algtype & 600 OP_ALG_ALGSEL_MASK); 601 602 if (ctx->adata.keylen_pad + keys.enckeylen > CAAM_MAX_KEY_SIZE) 603 goto badkey; 604 605 memcpy(ctx->key, keys.authkey, keys.authkeylen); 606 memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey, 607 keys.enckeylen); 608 dma_sync_single_for_device(jrdev, ctx->key_dma, 609 ctx->adata.keylen_pad + 610 keys.enckeylen, ctx->dir); 611 goto skip_split_key; 612 } 613 614 ret = gen_split_key(ctx->jrdev, ctx->key, &ctx->adata, keys.authkey, 615 keys.authkeylen, CAAM_MAX_KEY_SIZE - 616 keys.enckeylen); 617 if (ret) { 618 goto badkey; 619 } 620 621 /* postpend encryption key to auth split key */ 622 memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey, keys.enckeylen); 623 dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->adata.keylen_pad + 624 keys.enckeylen, ctx->dir); 625 626 print_hex_dump_debug("ctx.key@"__stringify(__LINE__)": ", 627 DUMP_PREFIX_ADDRESS, 16, 4, ctx->key, 628 ctx->adata.keylen_pad + keys.enckeylen, 1); 629 630 skip_split_key: 631 ctx->cdata.keylen = keys.enckeylen; 632 memzero_explicit(&keys, sizeof(keys)); 633 return aead_set_sh_desc(aead); 634 badkey: 635 memzero_explicit(&keys, sizeof(keys)); 636 return -EINVAL; 637 } 638 639 static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key, 640 unsigned int keylen) 641 { 642 struct crypto_authenc_keys keys; 643 int err; 644 645 err = crypto_authenc_extractkeys(&keys, key, keylen); 646 if (unlikely(err)) 647 return err; 648 649 err = verify_aead_des3_key(aead, keys.enckey, keys.enckeylen) ?: 650 aead_setkey(aead, key, keylen); 651 652 memzero_explicit(&keys, sizeof(keys)); 653 return err; 654 } 655 656 static int gcm_setkey(struct crypto_aead *aead, 657 const u8 *key, unsigned int keylen) 658 { 659 struct caam_ctx *ctx = crypto_aead_ctx(aead); 660 struct device *jrdev = ctx->jrdev; 661 int err; 662 663 err = aes_check_keylen(keylen); 664 if (err) 665 return err; 666 667 print_hex_dump_debug("key in @"__stringify(__LINE__)": ", 668 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); 669 670 memcpy(ctx->key, key, keylen); 671 dma_sync_single_for_device(jrdev, ctx->key_dma, keylen, ctx->dir); 672 ctx->cdata.keylen = keylen; 673 674 return gcm_set_sh_desc(aead); 675 } 676 677 static int rfc4106_setkey(struct crypto_aead *aead, 678 const u8 *key, unsigned int keylen) 679 { 680 struct caam_ctx *ctx = crypto_aead_ctx(aead); 681 struct device *jrdev = ctx->jrdev; 682 int err; 683 684 err = aes_check_keylen(keylen - 4); 685 if (err) 686 return err; 687 688 print_hex_dump_debug("key in @"__stringify(__LINE__)": ", 689 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); 690 691 memcpy(ctx->key, key, keylen); 692 693 /* 694 * The last four bytes of the key material are used as the salt value 695 * in the nonce. Update the AES key length. 696 */ 697 ctx->cdata.keylen = keylen - 4; 698 dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->cdata.keylen, 699 ctx->dir); 700 return rfc4106_set_sh_desc(aead); 701 } 702 703 static int rfc4543_setkey(struct crypto_aead *aead, 704 const u8 *key, unsigned int keylen) 705 { 706 struct caam_ctx *ctx = crypto_aead_ctx(aead); 707 struct device *jrdev = ctx->jrdev; 708 int err; 709 710 err = aes_check_keylen(keylen - 4); 711 if (err) 712 return err; 713 714 print_hex_dump_debug("key in @"__stringify(__LINE__)": ", 715 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); 716 717 memcpy(ctx->key, key, keylen); 718 719 /* 720 * The last four bytes of the key material are used as the salt value 721 * in the nonce. Update the AES key length. 722 */ 723 ctx->cdata.keylen = keylen - 4; 724 dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->cdata.keylen, 725 ctx->dir); 726 return rfc4543_set_sh_desc(aead); 727 } 728 729 static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, 730 unsigned int keylen, const u32 ctx1_iv_off) 731 { 732 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); 733 struct caam_skcipher_alg *alg = 734 container_of(crypto_skcipher_alg(skcipher), typeof(*alg), 735 skcipher); 736 struct device *jrdev = ctx->jrdev; 737 unsigned int ivsize = crypto_skcipher_ivsize(skcipher); 738 u32 *desc; 739 const bool is_rfc3686 = alg->caam.rfc3686; 740 741 print_hex_dump_debug("key in @"__stringify(__LINE__)": ", 742 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); 743 744 ctx->cdata.keylen = keylen; 745 ctx->cdata.key_virt = key; 746 ctx->cdata.key_inline = true; 747 748 /* skcipher_encrypt shared descriptor */ 749 desc = ctx->sh_desc_enc; 750 cnstr_shdsc_skcipher_encap(desc, &ctx->cdata, ivsize, is_rfc3686, 751 ctx1_iv_off); 752 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 753 desc_bytes(desc), ctx->dir); 754 755 /* skcipher_decrypt shared descriptor */ 756 desc = ctx->sh_desc_dec; 757 cnstr_shdsc_skcipher_decap(desc, &ctx->cdata, ivsize, is_rfc3686, 758 ctx1_iv_off); 759 dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, 760 desc_bytes(desc), ctx->dir); 761 762 return 0; 763 } 764 765 static int aes_skcipher_setkey(struct crypto_skcipher *skcipher, 766 const u8 *key, unsigned int keylen) 767 { 768 int err; 769 770 err = aes_check_keylen(keylen); 771 if (err) 772 return err; 773 774 return skcipher_setkey(skcipher, key, keylen, 0); 775 } 776 777 static int rfc3686_skcipher_setkey(struct crypto_skcipher *skcipher, 778 const u8 *key, unsigned int keylen) 779 { 780 u32 ctx1_iv_off; 781 int err; 782 783 /* 784 * RFC3686 specific: 785 * | CONTEXT1[255:128] = {NONCE, IV, COUNTER} 786 * | *key = {KEY, NONCE} 787 */ 788 ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE; 789 keylen -= CTR_RFC3686_NONCE_SIZE; 790 791 err = aes_check_keylen(keylen); 792 if (err) 793 return err; 794 795 return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off); 796 } 797 798 static int ctr_skcipher_setkey(struct crypto_skcipher *skcipher, 799 const u8 *key, unsigned int keylen) 800 { 801 u32 ctx1_iv_off; 802 int err; 803 804 /* 805 * AES-CTR needs to load IV in CONTEXT1 reg 806 * at an offset of 128bits (16bytes) 807 * CONTEXT1[255:128] = IV 808 */ 809 ctx1_iv_off = 16; 810 811 err = aes_check_keylen(keylen); 812 if (err) 813 return err; 814 815 return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off); 816 } 817 818 static int des_skcipher_setkey(struct crypto_skcipher *skcipher, 819 const u8 *key, unsigned int keylen) 820 { 821 return verify_skcipher_des_key(skcipher, key) ?: 822 skcipher_setkey(skcipher, key, keylen, 0); 823 } 824 825 static int des3_skcipher_setkey(struct crypto_skcipher *skcipher, 826 const u8 *key, unsigned int keylen) 827 { 828 return verify_skcipher_des3_key(skcipher, key) ?: 829 skcipher_setkey(skcipher, key, keylen, 0); 830 } 831 832 static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, 833 unsigned int keylen) 834 { 835 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); 836 struct device *jrdev = ctx->jrdev; 837 struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent); 838 u32 *desc; 839 int err; 840 841 err = xts_verify_key(skcipher, key, keylen); 842 if (err) { 843 dev_dbg(jrdev, "key size mismatch\n"); 844 return err; 845 } 846 847 if (keylen != 2 * AES_KEYSIZE_128 && keylen != 2 * AES_KEYSIZE_256) 848 ctx->xts_key_fallback = true; 849 850 if (ctrlpriv->era <= 8 || ctx->xts_key_fallback) { 851 err = crypto_skcipher_setkey(ctx->fallback, key, keylen); 852 if (err) 853 return err; 854 } 855 856 ctx->cdata.keylen = keylen; 857 ctx->cdata.key_virt = key; 858 ctx->cdata.key_inline = true; 859 860 /* xts_skcipher_encrypt shared descriptor */ 861 desc = ctx->sh_desc_enc; 862 cnstr_shdsc_xts_skcipher_encap(desc, &ctx->cdata); 863 dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, 864 desc_bytes(desc), ctx->dir); 865 866 /* xts_skcipher_decrypt shared descriptor */ 867 desc = ctx->sh_desc_dec; 868 cnstr_shdsc_xts_skcipher_decap(desc, &ctx->cdata); 869 dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, 870 desc_bytes(desc), ctx->dir); 871 872 return 0; 873 } 874 875 /* 876 * aead_edesc - s/w-extended aead descriptor 877 * @src_nents: number of segments in input s/w scatterlist 878 * @dst_nents: number of segments in output s/w scatterlist 879 * @mapped_src_nents: number of segments in input h/w link table 880 * @mapped_dst_nents: number of segments in output h/w link table 881 * @sec4_sg_bytes: length of dma mapped sec4_sg space 882 * @bklog: stored to determine if the request needs backlog 883 * @sec4_sg_dma: bus physical mapped address of h/w link table 884 * @sec4_sg: pointer to h/w link table 885 * @hw_desc: the h/w job descriptor followed by any referenced link tables 886 */ 887 struct aead_edesc { 888 int src_nents; 889 int dst_nents; 890 int mapped_src_nents; 891 int mapped_dst_nents; 892 int sec4_sg_bytes; 893 bool bklog; 894 dma_addr_t sec4_sg_dma; 895 struct sec4_sg_entry *sec4_sg; 896 u32 hw_desc[]; 897 }; 898 899 /* 900 * skcipher_edesc - s/w-extended skcipher descriptor 901 * @src_nents: number of segments in input s/w scatterlist 902 * @dst_nents: number of segments in output s/w scatterlist 903 * @mapped_src_nents: number of segments in input h/w link table 904 * @mapped_dst_nents: number of segments in output h/w link table 905 * @iv_dma: dma address of iv for checking continuity and link table 906 * @sec4_sg_bytes: length of dma mapped sec4_sg space 907 * @bklog: stored to determine if the request needs backlog 908 * @sec4_sg_dma: bus physical mapped address of h/w link table 909 * @sec4_sg: pointer to h/w link table 910 * @hw_desc: the h/w job descriptor followed by any referenced link tables 911 * and IV 912 */ 913 struct skcipher_edesc { 914 int src_nents; 915 int dst_nents; 916 int mapped_src_nents; 917 int mapped_dst_nents; 918 dma_addr_t iv_dma; 919 int sec4_sg_bytes; 920 bool bklog; 921 dma_addr_t sec4_sg_dma; 922 struct sec4_sg_entry *sec4_sg; 923 u32 hw_desc[]; 924 }; 925 926 static void caam_unmap(struct device *dev, struct scatterlist *src, 927 struct scatterlist *dst, int src_nents, 928 int dst_nents, 929 dma_addr_t iv_dma, int ivsize, dma_addr_t sec4_sg_dma, 930 int sec4_sg_bytes) 931 { 932 if (dst != src) { 933 if (src_nents) 934 dma_unmap_sg(dev, src, src_nents, DMA_TO_DEVICE); 935 if (dst_nents) 936 dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE); 937 } else { 938 dma_unmap_sg(dev, src, src_nents, DMA_BIDIRECTIONAL); 939 } 940 941 if (iv_dma) 942 dma_unmap_single(dev, iv_dma, ivsize, DMA_BIDIRECTIONAL); 943 if (sec4_sg_bytes) 944 dma_unmap_single(dev, sec4_sg_dma, sec4_sg_bytes, 945 DMA_TO_DEVICE); 946 } 947 948 static void aead_unmap(struct device *dev, 949 struct aead_edesc *edesc, 950 struct aead_request *req) 951 { 952 caam_unmap(dev, req->src, req->dst, 953 edesc->src_nents, edesc->dst_nents, 0, 0, 954 edesc->sec4_sg_dma, edesc->sec4_sg_bytes); 955 } 956 957 static void skcipher_unmap(struct device *dev, struct skcipher_edesc *edesc, 958 struct skcipher_request *req) 959 { 960 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 961 int ivsize = crypto_skcipher_ivsize(skcipher); 962 963 caam_unmap(dev, req->src, req->dst, 964 edesc->src_nents, edesc->dst_nents, 965 edesc->iv_dma, ivsize, 966 edesc->sec4_sg_dma, edesc->sec4_sg_bytes); 967 } 968 969 static void aead_crypt_done(struct device *jrdev, u32 *desc, u32 err, 970 void *context) 971 { 972 struct aead_request *req = context; 973 struct caam_aead_req_ctx *rctx = aead_request_ctx(req); 974 struct caam_drv_private_jr *jrp = dev_get_drvdata(jrdev); 975 struct aead_edesc *edesc; 976 int ecode = 0; 977 bool has_bklog; 978 979 dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); 980 981 edesc = rctx->edesc; 982 has_bklog = edesc->bklog; 983 984 if (err) 985 ecode = caam_jr_strstatus(jrdev, err); 986 987 aead_unmap(jrdev, edesc, req); 988 989 kfree(edesc); 990 991 /* 992 * If no backlog flag, the completion of the request is done 993 * by CAAM, not crypto engine. 994 */ 995 if (!has_bklog) 996 aead_request_complete(req, ecode); 997 else 998 crypto_finalize_aead_request(jrp->engine, req, ecode); 999 } 1000 1001 static void skcipher_crypt_done(struct device *jrdev, u32 *desc, u32 err, 1002 void *context) 1003 { 1004 struct skcipher_request *req = context; 1005 struct skcipher_edesc *edesc; 1006 struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req); 1007 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 1008 struct caam_drv_private_jr *jrp = dev_get_drvdata(jrdev); 1009 int ivsize = crypto_skcipher_ivsize(skcipher); 1010 int ecode = 0; 1011 bool has_bklog; 1012 1013 dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); 1014 1015 edesc = rctx->edesc; 1016 has_bklog = edesc->bklog; 1017 if (err) 1018 ecode = caam_jr_strstatus(jrdev, err); 1019 1020 skcipher_unmap(jrdev, edesc, req); 1021 1022 /* 1023 * The crypto API expects us to set the IV (req->iv) to the last 1024 * ciphertext block (CBC mode) or last counter (CTR mode). 1025 * This is used e.g. by the CTS mode. 1026 */ 1027 if (ivsize && !ecode) { 1028 memcpy(req->iv, (u8 *)edesc->sec4_sg + edesc->sec4_sg_bytes, 1029 ivsize); 1030 1031 print_hex_dump_debug("dstiv @" __stringify(__LINE__)": ", 1032 DUMP_PREFIX_ADDRESS, 16, 4, req->iv, 1033 ivsize, 1); 1034 } 1035 1036 caam_dump_sg("dst @" __stringify(__LINE__)": ", 1037 DUMP_PREFIX_ADDRESS, 16, 4, req->dst, 1038 edesc->dst_nents > 1 ? 100 : req->cryptlen, 1); 1039 1040 kfree(edesc); 1041 1042 /* 1043 * If no backlog flag, the completion of the request is done 1044 * by CAAM, not crypto engine. 1045 */ 1046 if (!has_bklog) 1047 skcipher_request_complete(req, ecode); 1048 else 1049 crypto_finalize_skcipher_request(jrp->engine, req, ecode); 1050 } 1051 1052 /* 1053 * Fill in aead job descriptor 1054 */ 1055 static void init_aead_job(struct aead_request *req, 1056 struct aead_edesc *edesc, 1057 bool all_contig, bool encrypt) 1058 { 1059 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1060 struct caam_ctx *ctx = crypto_aead_ctx(aead); 1061 int authsize = ctx->authsize; 1062 u32 *desc = edesc->hw_desc; 1063 u32 out_options, in_options; 1064 dma_addr_t dst_dma, src_dma; 1065 int len, sec4_sg_index = 0; 1066 dma_addr_t ptr; 1067 u32 *sh_desc; 1068 1069 sh_desc = encrypt ? ctx->sh_desc_enc : ctx->sh_desc_dec; 1070 ptr = encrypt ? ctx->sh_desc_enc_dma : ctx->sh_desc_dec_dma; 1071 1072 len = desc_len(sh_desc); 1073 init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE); 1074 1075 if (all_contig) { 1076 src_dma = edesc->mapped_src_nents ? sg_dma_address(req->src) : 1077 0; 1078 in_options = 0; 1079 } else { 1080 src_dma = edesc->sec4_sg_dma; 1081 sec4_sg_index += edesc->mapped_src_nents; 1082 in_options = LDST_SGF; 1083 } 1084 1085 append_seq_in_ptr(desc, src_dma, req->assoclen + req->cryptlen, 1086 in_options); 1087 1088 dst_dma = src_dma; 1089 out_options = in_options; 1090 1091 if (unlikely(req->src != req->dst)) { 1092 if (!edesc->mapped_dst_nents) { 1093 dst_dma = 0; 1094 out_options = 0; 1095 } else if (edesc->mapped_dst_nents == 1) { 1096 dst_dma = sg_dma_address(req->dst); 1097 out_options = 0; 1098 } else { 1099 dst_dma = edesc->sec4_sg_dma + 1100 sec4_sg_index * 1101 sizeof(struct sec4_sg_entry); 1102 out_options = LDST_SGF; 1103 } 1104 } 1105 1106 if (encrypt) 1107 append_seq_out_ptr(desc, dst_dma, 1108 req->assoclen + req->cryptlen + authsize, 1109 out_options); 1110 else 1111 append_seq_out_ptr(desc, dst_dma, 1112 req->assoclen + req->cryptlen - authsize, 1113 out_options); 1114 } 1115 1116 static void init_gcm_job(struct aead_request *req, 1117 struct aead_edesc *edesc, 1118 bool all_contig, bool encrypt) 1119 { 1120 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1121 struct caam_ctx *ctx = crypto_aead_ctx(aead); 1122 unsigned int ivsize = crypto_aead_ivsize(aead); 1123 u32 *desc = edesc->hw_desc; 1124 bool generic_gcm = (ivsize == GCM_AES_IV_SIZE); 1125 unsigned int last; 1126 1127 init_aead_job(req, edesc, all_contig, encrypt); 1128 append_math_add_imm_u32(desc, REG3, ZERO, IMM, req->assoclen); 1129 1130 /* BUG This should not be specific to generic GCM. */ 1131 last = 0; 1132 if (encrypt && generic_gcm && !(req->assoclen + req->cryptlen)) 1133 last = FIFOLD_TYPE_LAST1; 1134 1135 /* Read GCM IV */ 1136 append_cmd(desc, CMD_FIFO_LOAD | FIFOLD_CLASS_CLASS1 | IMMEDIATE | 1137 FIFOLD_TYPE_IV | FIFOLD_TYPE_FLUSH1 | GCM_AES_IV_SIZE | last); 1138 /* Append Salt */ 1139 if (!generic_gcm) 1140 append_data(desc, ctx->key + ctx->cdata.keylen, 4); 1141 /* Append IV */ 1142 append_data(desc, req->iv, ivsize); 1143 /* End of blank commands */ 1144 } 1145 1146 static void init_chachapoly_job(struct aead_request *req, 1147 struct aead_edesc *edesc, bool all_contig, 1148 bool encrypt) 1149 { 1150 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1151 unsigned int ivsize = crypto_aead_ivsize(aead); 1152 unsigned int assoclen = req->assoclen; 1153 u32 *desc = edesc->hw_desc; 1154 u32 ctx_iv_off = 4; 1155 1156 init_aead_job(req, edesc, all_contig, encrypt); 1157 1158 if (ivsize != CHACHAPOLY_IV_SIZE) { 1159 /* IPsec specific: CONTEXT1[223:128] = {NONCE, IV} */ 1160 ctx_iv_off += 4; 1161 1162 /* 1163 * The associated data comes already with the IV but we need 1164 * to skip it when we authenticate or encrypt... 1165 */ 1166 assoclen -= ivsize; 1167 } 1168 1169 append_math_add_imm_u32(desc, REG3, ZERO, IMM, assoclen); 1170 1171 /* 1172 * For IPsec load the IV further in the same register. 1173 * For RFC7539 simply load the 12 bytes nonce in a single operation 1174 */ 1175 append_load_as_imm(desc, req->iv, ivsize, LDST_CLASS_1_CCB | 1176 LDST_SRCDST_BYTE_CONTEXT | 1177 ctx_iv_off << LDST_OFFSET_SHIFT); 1178 } 1179 1180 static void init_authenc_job(struct aead_request *req, 1181 struct aead_edesc *edesc, 1182 bool all_contig, bool encrypt) 1183 { 1184 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1185 struct caam_aead_alg *alg = container_of(crypto_aead_alg(aead), 1186 struct caam_aead_alg, aead); 1187 unsigned int ivsize = crypto_aead_ivsize(aead); 1188 struct caam_ctx *ctx = crypto_aead_ctx(aead); 1189 struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctx->jrdev->parent); 1190 const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) == 1191 OP_ALG_AAI_CTR_MOD128); 1192 const bool is_rfc3686 = alg->caam.rfc3686; 1193 u32 *desc = edesc->hw_desc; 1194 u32 ivoffset = 0; 1195 1196 /* 1197 * AES-CTR needs to load IV in CONTEXT1 reg 1198 * at an offset of 128bits (16bytes) 1199 * CONTEXT1[255:128] = IV 1200 */ 1201 if (ctr_mode) 1202 ivoffset = 16; 1203 1204 /* 1205 * RFC3686 specific: 1206 * CONTEXT1[255:128] = {NONCE, IV, COUNTER} 1207 */ 1208 if (is_rfc3686) 1209 ivoffset = 16 + CTR_RFC3686_NONCE_SIZE; 1210 1211 init_aead_job(req, edesc, all_contig, encrypt); 1212 1213 /* 1214 * {REG3, DPOVRD} = assoclen, depending on whether MATH command supports 1215 * having DPOVRD as destination. 1216 */ 1217 if (ctrlpriv->era < 3) 1218 append_math_add_imm_u32(desc, REG3, ZERO, IMM, req->assoclen); 1219 else 1220 append_math_add_imm_u32(desc, DPOVRD, ZERO, IMM, req->assoclen); 1221 1222 if (ivsize && ((is_rfc3686 && encrypt) || !alg->caam.geniv)) 1223 append_load_as_imm(desc, req->iv, ivsize, 1224 LDST_CLASS_1_CCB | 1225 LDST_SRCDST_BYTE_CONTEXT | 1226 (ivoffset << LDST_OFFSET_SHIFT)); 1227 } 1228 1229 /* 1230 * Fill in skcipher job descriptor 1231 */ 1232 static void init_skcipher_job(struct skcipher_request *req, 1233 struct skcipher_edesc *edesc, 1234 const bool encrypt) 1235 { 1236 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 1237 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); 1238 struct device *jrdev = ctx->jrdev; 1239 int ivsize = crypto_skcipher_ivsize(skcipher); 1240 u32 *desc = edesc->hw_desc; 1241 u32 *sh_desc; 1242 u32 in_options = 0, out_options = 0; 1243 dma_addr_t src_dma, dst_dma, ptr; 1244 int len, sec4_sg_index = 0; 1245 1246 print_hex_dump_debug("presciv@"__stringify(__LINE__)": ", 1247 DUMP_PREFIX_ADDRESS, 16, 4, req->iv, ivsize, 1); 1248 dev_dbg(jrdev, "asked=%d, cryptlen%d\n", 1249 (int)edesc->src_nents > 1 ? 100 : req->cryptlen, req->cryptlen); 1250 1251 caam_dump_sg("src @" __stringify(__LINE__)": ", 1252 DUMP_PREFIX_ADDRESS, 16, 4, req->src, 1253 edesc->src_nents > 1 ? 100 : req->cryptlen, 1); 1254 1255 sh_desc = encrypt ? ctx->sh_desc_enc : ctx->sh_desc_dec; 1256 ptr = encrypt ? ctx->sh_desc_enc_dma : ctx->sh_desc_dec_dma; 1257 1258 len = desc_len(sh_desc); 1259 init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE); 1260 1261 if (ivsize || edesc->mapped_src_nents > 1) { 1262 src_dma = edesc->sec4_sg_dma; 1263 sec4_sg_index = edesc->mapped_src_nents + !!ivsize; 1264 in_options = LDST_SGF; 1265 } else { 1266 src_dma = sg_dma_address(req->src); 1267 } 1268 1269 append_seq_in_ptr(desc, src_dma, req->cryptlen + ivsize, in_options); 1270 1271 if (likely(req->src == req->dst)) { 1272 dst_dma = src_dma + !!ivsize * sizeof(struct sec4_sg_entry); 1273 out_options = in_options; 1274 } else if (!ivsize && edesc->mapped_dst_nents == 1) { 1275 dst_dma = sg_dma_address(req->dst); 1276 } else { 1277 dst_dma = edesc->sec4_sg_dma + sec4_sg_index * 1278 sizeof(struct sec4_sg_entry); 1279 out_options = LDST_SGF; 1280 } 1281 1282 append_seq_out_ptr(desc, dst_dma, req->cryptlen + ivsize, out_options); 1283 } 1284 1285 /* 1286 * allocate and map the aead extended descriptor 1287 */ 1288 static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, 1289 int desc_bytes, bool *all_contig_ptr, 1290 bool encrypt) 1291 { 1292 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1293 struct caam_ctx *ctx = crypto_aead_ctx(aead); 1294 struct device *jrdev = ctx->jrdev; 1295 struct caam_aead_req_ctx *rctx = aead_request_ctx(req); 1296 gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? 1297 GFP_KERNEL : GFP_ATOMIC; 1298 int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0; 1299 int src_len, dst_len = 0; 1300 struct aead_edesc *edesc; 1301 int sec4_sg_index, sec4_sg_len, sec4_sg_bytes; 1302 unsigned int authsize = ctx->authsize; 1303 1304 if (unlikely(req->dst != req->src)) { 1305 src_len = req->assoclen + req->cryptlen; 1306 dst_len = src_len + (encrypt ? authsize : (-authsize)); 1307 1308 src_nents = sg_nents_for_len(req->src, src_len); 1309 if (unlikely(src_nents < 0)) { 1310 dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n", 1311 src_len); 1312 return ERR_PTR(src_nents); 1313 } 1314 1315 dst_nents = sg_nents_for_len(req->dst, dst_len); 1316 if (unlikely(dst_nents < 0)) { 1317 dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n", 1318 dst_len); 1319 return ERR_PTR(dst_nents); 1320 } 1321 } else { 1322 src_len = req->assoclen + req->cryptlen + 1323 (encrypt ? authsize : 0); 1324 1325 src_nents = sg_nents_for_len(req->src, src_len); 1326 if (unlikely(src_nents < 0)) { 1327 dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n", 1328 src_len); 1329 return ERR_PTR(src_nents); 1330 } 1331 } 1332 1333 if (likely(req->src == req->dst)) { 1334 mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents, 1335 DMA_BIDIRECTIONAL); 1336 if (unlikely(!mapped_src_nents)) { 1337 dev_err(jrdev, "unable to map source\n"); 1338 return ERR_PTR(-ENOMEM); 1339 } 1340 } else { 1341 /* Cover also the case of null (zero length) input data */ 1342 if (src_nents) { 1343 mapped_src_nents = dma_map_sg(jrdev, req->src, 1344 src_nents, DMA_TO_DEVICE); 1345 if (unlikely(!mapped_src_nents)) { 1346 dev_err(jrdev, "unable to map source\n"); 1347 return ERR_PTR(-ENOMEM); 1348 } 1349 } else { 1350 mapped_src_nents = 0; 1351 } 1352 1353 /* Cover also the case of null (zero length) output data */ 1354 if (dst_nents) { 1355 mapped_dst_nents = dma_map_sg(jrdev, req->dst, 1356 dst_nents, 1357 DMA_FROM_DEVICE); 1358 if (unlikely(!mapped_dst_nents)) { 1359 dev_err(jrdev, "unable to map destination\n"); 1360 dma_unmap_sg(jrdev, req->src, src_nents, 1361 DMA_TO_DEVICE); 1362 return ERR_PTR(-ENOMEM); 1363 } 1364 } else { 1365 mapped_dst_nents = 0; 1366 } 1367 } 1368 1369 /* 1370 * HW reads 4 S/G entries at a time; make sure the reads don't go beyond 1371 * the end of the table by allocating more S/G entries. 1372 */ 1373 sec4_sg_len = mapped_src_nents > 1 ? mapped_src_nents : 0; 1374 if (mapped_dst_nents > 1) 1375 sec4_sg_len += pad_sg_nents(mapped_dst_nents); 1376 else 1377 sec4_sg_len = pad_sg_nents(sec4_sg_len); 1378 1379 sec4_sg_bytes = sec4_sg_len * sizeof(struct sec4_sg_entry); 1380 1381 /* allocate space for base edesc and hw desc commands, link tables */ 1382 edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes, 1383 GFP_DMA | flags); 1384 if (!edesc) { 1385 caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, 1386 0, 0, 0); 1387 return ERR_PTR(-ENOMEM); 1388 } 1389 1390 edesc->src_nents = src_nents; 1391 edesc->dst_nents = dst_nents; 1392 edesc->mapped_src_nents = mapped_src_nents; 1393 edesc->mapped_dst_nents = mapped_dst_nents; 1394 edesc->sec4_sg = (void *)edesc + sizeof(struct aead_edesc) + 1395 desc_bytes; 1396 1397 rctx->edesc = edesc; 1398 1399 *all_contig_ptr = !(mapped_src_nents > 1); 1400 1401 sec4_sg_index = 0; 1402 if (mapped_src_nents > 1) { 1403 sg_to_sec4_sg_last(req->src, src_len, 1404 edesc->sec4_sg + sec4_sg_index, 0); 1405 sec4_sg_index += mapped_src_nents; 1406 } 1407 if (mapped_dst_nents > 1) { 1408 sg_to_sec4_sg_last(req->dst, dst_len, 1409 edesc->sec4_sg + sec4_sg_index, 0); 1410 } 1411 1412 if (!sec4_sg_bytes) 1413 return edesc; 1414 1415 edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg, 1416 sec4_sg_bytes, DMA_TO_DEVICE); 1417 if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) { 1418 dev_err(jrdev, "unable to map S/G table\n"); 1419 aead_unmap(jrdev, edesc, req); 1420 kfree(edesc); 1421 return ERR_PTR(-ENOMEM); 1422 } 1423 1424 edesc->sec4_sg_bytes = sec4_sg_bytes; 1425 1426 return edesc; 1427 } 1428 1429 static int aead_enqueue_req(struct device *jrdev, struct aead_request *req) 1430 { 1431 struct caam_drv_private_jr *jrpriv = dev_get_drvdata(jrdev); 1432 struct caam_aead_req_ctx *rctx = aead_request_ctx(req); 1433 struct aead_edesc *edesc = rctx->edesc; 1434 u32 *desc = edesc->hw_desc; 1435 int ret; 1436 1437 /* 1438 * Only the backlog request are sent to crypto-engine since the others 1439 * can be handled by CAAM, if free, especially since JR has up to 1024 1440 * entries (more than the 10 entries from crypto-engine). 1441 */ 1442 if (req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG) 1443 ret = crypto_transfer_aead_request_to_engine(jrpriv->engine, 1444 req); 1445 else 1446 ret = caam_jr_enqueue(jrdev, desc, aead_crypt_done, req); 1447 1448 if ((ret != -EINPROGRESS) && (ret != -EBUSY)) { 1449 aead_unmap(jrdev, edesc, req); 1450 kfree(rctx->edesc); 1451 } 1452 1453 return ret; 1454 } 1455 1456 static inline int chachapoly_crypt(struct aead_request *req, bool encrypt) 1457 { 1458 struct aead_edesc *edesc; 1459 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1460 struct caam_ctx *ctx = crypto_aead_ctx(aead); 1461 struct device *jrdev = ctx->jrdev; 1462 bool all_contig; 1463 u32 *desc; 1464 1465 edesc = aead_edesc_alloc(req, CHACHAPOLY_DESC_JOB_IO_LEN, &all_contig, 1466 encrypt); 1467 if (IS_ERR(edesc)) 1468 return PTR_ERR(edesc); 1469 1470 desc = edesc->hw_desc; 1471 1472 init_chachapoly_job(req, edesc, all_contig, encrypt); 1473 print_hex_dump_debug("chachapoly jobdesc@" __stringify(__LINE__)": ", 1474 DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc), 1475 1); 1476 1477 return aead_enqueue_req(jrdev, req); 1478 } 1479 1480 static int chachapoly_encrypt(struct aead_request *req) 1481 { 1482 return chachapoly_crypt(req, true); 1483 } 1484 1485 static int chachapoly_decrypt(struct aead_request *req) 1486 { 1487 return chachapoly_crypt(req, false); 1488 } 1489 1490 static inline int aead_crypt(struct aead_request *req, bool encrypt) 1491 { 1492 struct aead_edesc *edesc; 1493 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1494 struct caam_ctx *ctx = crypto_aead_ctx(aead); 1495 struct device *jrdev = ctx->jrdev; 1496 bool all_contig; 1497 1498 /* allocate extended descriptor */ 1499 edesc = aead_edesc_alloc(req, AUTHENC_DESC_JOB_IO_LEN, 1500 &all_contig, encrypt); 1501 if (IS_ERR(edesc)) 1502 return PTR_ERR(edesc); 1503 1504 /* Create and submit job descriptor */ 1505 init_authenc_job(req, edesc, all_contig, encrypt); 1506 1507 print_hex_dump_debug("aead jobdesc@"__stringify(__LINE__)": ", 1508 DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc, 1509 desc_bytes(edesc->hw_desc), 1); 1510 1511 return aead_enqueue_req(jrdev, req); 1512 } 1513 1514 static int aead_encrypt(struct aead_request *req) 1515 { 1516 return aead_crypt(req, true); 1517 } 1518 1519 static int aead_decrypt(struct aead_request *req) 1520 { 1521 return aead_crypt(req, false); 1522 } 1523 1524 static int aead_do_one_req(struct crypto_engine *engine, void *areq) 1525 { 1526 struct aead_request *req = aead_request_cast(areq); 1527 struct caam_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 1528 struct caam_aead_req_ctx *rctx = aead_request_ctx(req); 1529 u32 *desc = rctx->edesc->hw_desc; 1530 int ret; 1531 1532 rctx->edesc->bklog = true; 1533 1534 ret = caam_jr_enqueue(ctx->jrdev, desc, aead_crypt_done, req); 1535 1536 if (ret != -EINPROGRESS) { 1537 aead_unmap(ctx->jrdev, rctx->edesc, req); 1538 kfree(rctx->edesc); 1539 } else { 1540 ret = 0; 1541 } 1542 1543 return ret; 1544 } 1545 1546 static inline int gcm_crypt(struct aead_request *req, bool encrypt) 1547 { 1548 struct aead_edesc *edesc; 1549 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1550 struct caam_ctx *ctx = crypto_aead_ctx(aead); 1551 struct device *jrdev = ctx->jrdev; 1552 bool all_contig; 1553 1554 /* allocate extended descriptor */ 1555 edesc = aead_edesc_alloc(req, GCM_DESC_JOB_IO_LEN, &all_contig, 1556 encrypt); 1557 if (IS_ERR(edesc)) 1558 return PTR_ERR(edesc); 1559 1560 /* Create and submit job descriptor */ 1561 init_gcm_job(req, edesc, all_contig, encrypt); 1562 1563 print_hex_dump_debug("aead jobdesc@"__stringify(__LINE__)": ", 1564 DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc, 1565 desc_bytes(edesc->hw_desc), 1); 1566 1567 return aead_enqueue_req(jrdev, req); 1568 } 1569 1570 static int gcm_encrypt(struct aead_request *req) 1571 { 1572 return gcm_crypt(req, true); 1573 } 1574 1575 static int gcm_decrypt(struct aead_request *req) 1576 { 1577 return gcm_crypt(req, false); 1578 } 1579 1580 static int ipsec_gcm_encrypt(struct aead_request *req) 1581 { 1582 return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_encrypt(req); 1583 } 1584 1585 static int ipsec_gcm_decrypt(struct aead_request *req) 1586 { 1587 return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_decrypt(req); 1588 } 1589 1590 /* 1591 * allocate and map the skcipher extended descriptor for skcipher 1592 */ 1593 static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, 1594 int desc_bytes) 1595 { 1596 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 1597 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); 1598 struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req); 1599 struct device *jrdev = ctx->jrdev; 1600 gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? 1601 GFP_KERNEL : GFP_ATOMIC; 1602 int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0; 1603 struct skcipher_edesc *edesc; 1604 dma_addr_t iv_dma = 0; 1605 u8 *iv; 1606 int ivsize = crypto_skcipher_ivsize(skcipher); 1607 int dst_sg_idx, sec4_sg_ents, sec4_sg_bytes; 1608 1609 src_nents = sg_nents_for_len(req->src, req->cryptlen); 1610 if (unlikely(src_nents < 0)) { 1611 dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n", 1612 req->cryptlen); 1613 return ERR_PTR(src_nents); 1614 } 1615 1616 if (req->dst != req->src) { 1617 dst_nents = sg_nents_for_len(req->dst, req->cryptlen); 1618 if (unlikely(dst_nents < 0)) { 1619 dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n", 1620 req->cryptlen); 1621 return ERR_PTR(dst_nents); 1622 } 1623 } 1624 1625 if (likely(req->src == req->dst)) { 1626 mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents, 1627 DMA_BIDIRECTIONAL); 1628 if (unlikely(!mapped_src_nents)) { 1629 dev_err(jrdev, "unable to map source\n"); 1630 return ERR_PTR(-ENOMEM); 1631 } 1632 } else { 1633 mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents, 1634 DMA_TO_DEVICE); 1635 if (unlikely(!mapped_src_nents)) { 1636 dev_err(jrdev, "unable to map source\n"); 1637 return ERR_PTR(-ENOMEM); 1638 } 1639 mapped_dst_nents = dma_map_sg(jrdev, req->dst, dst_nents, 1640 DMA_FROM_DEVICE); 1641 if (unlikely(!mapped_dst_nents)) { 1642 dev_err(jrdev, "unable to map destination\n"); 1643 dma_unmap_sg(jrdev, req->src, src_nents, DMA_TO_DEVICE); 1644 return ERR_PTR(-ENOMEM); 1645 } 1646 } 1647 1648 if (!ivsize && mapped_src_nents == 1) 1649 sec4_sg_ents = 0; // no need for an input hw s/g table 1650 else 1651 sec4_sg_ents = mapped_src_nents + !!ivsize; 1652 dst_sg_idx = sec4_sg_ents; 1653 1654 /* 1655 * Input, output HW S/G tables: [IV, src][dst, IV] 1656 * IV entries point to the same buffer 1657 * If src == dst, S/G entries are reused (S/G tables overlap) 1658 * 1659 * HW reads 4 S/G entries at a time; make sure the reads don't go beyond 1660 * the end of the table by allocating more S/G entries. Logic: 1661 * if (output S/G) 1662 * pad output S/G, if needed 1663 * else if (input S/G) ... 1664 * pad input S/G, if needed 1665 */ 1666 if (ivsize || mapped_dst_nents > 1) { 1667 if (req->src == req->dst) 1668 sec4_sg_ents = !!ivsize + pad_sg_nents(sec4_sg_ents); 1669 else 1670 sec4_sg_ents += pad_sg_nents(mapped_dst_nents + 1671 !!ivsize); 1672 } else { 1673 sec4_sg_ents = pad_sg_nents(sec4_sg_ents); 1674 } 1675 1676 sec4_sg_bytes = sec4_sg_ents * sizeof(struct sec4_sg_entry); 1677 1678 /* 1679 * allocate space for base edesc and hw desc commands, link tables, IV 1680 */ 1681 edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes + ivsize, 1682 GFP_DMA | flags); 1683 if (!edesc) { 1684 dev_err(jrdev, "could not allocate extended descriptor\n"); 1685 caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, 1686 0, 0, 0); 1687 return ERR_PTR(-ENOMEM); 1688 } 1689 1690 edesc->src_nents = src_nents; 1691 edesc->dst_nents = dst_nents; 1692 edesc->mapped_src_nents = mapped_src_nents; 1693 edesc->mapped_dst_nents = mapped_dst_nents; 1694 edesc->sec4_sg_bytes = sec4_sg_bytes; 1695 edesc->sec4_sg = (struct sec4_sg_entry *)((u8 *)edesc->hw_desc + 1696 desc_bytes); 1697 rctx->edesc = edesc; 1698 1699 /* Make sure IV is located in a DMAable area */ 1700 if (ivsize) { 1701 iv = (u8 *)edesc->sec4_sg + sec4_sg_bytes; 1702 memcpy(iv, req->iv, ivsize); 1703 1704 iv_dma = dma_map_single(jrdev, iv, ivsize, DMA_BIDIRECTIONAL); 1705 if (dma_mapping_error(jrdev, iv_dma)) { 1706 dev_err(jrdev, "unable to map IV\n"); 1707 caam_unmap(jrdev, req->src, req->dst, src_nents, 1708 dst_nents, 0, 0, 0, 0); 1709 kfree(edesc); 1710 return ERR_PTR(-ENOMEM); 1711 } 1712 1713 dma_to_sec4_sg_one(edesc->sec4_sg, iv_dma, ivsize, 0); 1714 } 1715 if (dst_sg_idx) 1716 sg_to_sec4_sg(req->src, req->cryptlen, edesc->sec4_sg + 1717 !!ivsize, 0); 1718 1719 if (req->src != req->dst && (ivsize || mapped_dst_nents > 1)) 1720 sg_to_sec4_sg(req->dst, req->cryptlen, edesc->sec4_sg + 1721 dst_sg_idx, 0); 1722 1723 if (ivsize) 1724 dma_to_sec4_sg_one(edesc->sec4_sg + dst_sg_idx + 1725 mapped_dst_nents, iv_dma, ivsize, 0); 1726 1727 if (ivsize || mapped_dst_nents > 1) 1728 sg_to_sec4_set_last(edesc->sec4_sg + dst_sg_idx + 1729 mapped_dst_nents - 1 + !!ivsize); 1730 1731 if (sec4_sg_bytes) { 1732 edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg, 1733 sec4_sg_bytes, 1734 DMA_TO_DEVICE); 1735 if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) { 1736 dev_err(jrdev, "unable to map S/G table\n"); 1737 caam_unmap(jrdev, req->src, req->dst, src_nents, 1738 dst_nents, iv_dma, ivsize, 0, 0); 1739 kfree(edesc); 1740 return ERR_PTR(-ENOMEM); 1741 } 1742 } 1743 1744 edesc->iv_dma = iv_dma; 1745 1746 print_hex_dump_debug("skcipher sec4_sg@" __stringify(__LINE__)": ", 1747 DUMP_PREFIX_ADDRESS, 16, 4, edesc->sec4_sg, 1748 sec4_sg_bytes, 1); 1749 1750 return edesc; 1751 } 1752 1753 static int skcipher_do_one_req(struct crypto_engine *engine, void *areq) 1754 { 1755 struct skcipher_request *req = skcipher_request_cast(areq); 1756 struct caam_ctx *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); 1757 struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req); 1758 u32 *desc = rctx->edesc->hw_desc; 1759 int ret; 1760 1761 rctx->edesc->bklog = true; 1762 1763 ret = caam_jr_enqueue(ctx->jrdev, desc, skcipher_crypt_done, req); 1764 1765 if (ret != -EINPROGRESS) { 1766 skcipher_unmap(ctx->jrdev, rctx->edesc, req); 1767 kfree(rctx->edesc); 1768 } else { 1769 ret = 0; 1770 } 1771 1772 return ret; 1773 } 1774 1775 static inline bool xts_skcipher_ivsize(struct skcipher_request *req) 1776 { 1777 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 1778 unsigned int ivsize = crypto_skcipher_ivsize(skcipher); 1779 1780 return !!get_unaligned((u64 *)(req->iv + (ivsize / 2))); 1781 } 1782 1783 static inline int skcipher_crypt(struct skcipher_request *req, bool encrypt) 1784 { 1785 struct skcipher_edesc *edesc; 1786 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 1787 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); 1788 struct device *jrdev = ctx->jrdev; 1789 struct caam_drv_private_jr *jrpriv = dev_get_drvdata(jrdev); 1790 struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent); 1791 u32 *desc; 1792 int ret = 0; 1793 1794 /* 1795 * XTS is expected to return an error even for input length = 0 1796 * Note that the case input length < block size will be caught during 1797 * HW offloading and return an error. 1798 */ 1799 if (!req->cryptlen && !ctx->fallback) 1800 return 0; 1801 1802 if (ctx->fallback && ((ctrlpriv->era <= 8 && xts_skcipher_ivsize(req)) || 1803 ctx->xts_key_fallback)) { 1804 struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req); 1805 1806 skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback); 1807 skcipher_request_set_callback(&rctx->fallback_req, 1808 req->base.flags, 1809 req->base.complete, 1810 req->base.data); 1811 skcipher_request_set_crypt(&rctx->fallback_req, req->src, 1812 req->dst, req->cryptlen, req->iv); 1813 1814 return encrypt ? crypto_skcipher_encrypt(&rctx->fallback_req) : 1815 crypto_skcipher_decrypt(&rctx->fallback_req); 1816 } 1817 1818 /* allocate extended descriptor */ 1819 edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); 1820 if (IS_ERR(edesc)) 1821 return PTR_ERR(edesc); 1822 1823 /* Create and submit job descriptor*/ 1824 init_skcipher_job(req, edesc, encrypt); 1825 1826 print_hex_dump_debug("skcipher jobdesc@" __stringify(__LINE__)": ", 1827 DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc, 1828 desc_bytes(edesc->hw_desc), 1); 1829 1830 desc = edesc->hw_desc; 1831 /* 1832 * Only the backlog request are sent to crypto-engine since the others 1833 * can be handled by CAAM, if free, especially since JR has up to 1024 1834 * entries (more than the 10 entries from crypto-engine). 1835 */ 1836 if (req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG) 1837 ret = crypto_transfer_skcipher_request_to_engine(jrpriv->engine, 1838 req); 1839 else 1840 ret = caam_jr_enqueue(jrdev, desc, skcipher_crypt_done, req); 1841 1842 if ((ret != -EINPROGRESS) && (ret != -EBUSY)) { 1843 skcipher_unmap(jrdev, edesc, req); 1844 kfree(edesc); 1845 } 1846 1847 return ret; 1848 } 1849 1850 static int skcipher_encrypt(struct skcipher_request *req) 1851 { 1852 return skcipher_crypt(req, true); 1853 } 1854 1855 static int skcipher_decrypt(struct skcipher_request *req) 1856 { 1857 return skcipher_crypt(req, false); 1858 } 1859 1860 static struct caam_skcipher_alg driver_algs[] = { 1861 { 1862 .skcipher = { 1863 .base = { 1864 .cra_name = "cbc(aes)", 1865 .cra_driver_name = "cbc-aes-caam", 1866 .cra_blocksize = AES_BLOCK_SIZE, 1867 }, 1868 .setkey = aes_skcipher_setkey, 1869 .encrypt = skcipher_encrypt, 1870 .decrypt = skcipher_decrypt, 1871 .min_keysize = AES_MIN_KEY_SIZE, 1872 .max_keysize = AES_MAX_KEY_SIZE, 1873 .ivsize = AES_BLOCK_SIZE, 1874 }, 1875 .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 1876 }, 1877 { 1878 .skcipher = { 1879 .base = { 1880 .cra_name = "cbc(des3_ede)", 1881 .cra_driver_name = "cbc-3des-caam", 1882 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1883 }, 1884 .setkey = des3_skcipher_setkey, 1885 .encrypt = skcipher_encrypt, 1886 .decrypt = skcipher_decrypt, 1887 .min_keysize = DES3_EDE_KEY_SIZE, 1888 .max_keysize = DES3_EDE_KEY_SIZE, 1889 .ivsize = DES3_EDE_BLOCK_SIZE, 1890 }, 1891 .caam.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 1892 }, 1893 { 1894 .skcipher = { 1895 .base = { 1896 .cra_name = "cbc(des)", 1897 .cra_driver_name = "cbc-des-caam", 1898 .cra_blocksize = DES_BLOCK_SIZE, 1899 }, 1900 .setkey = des_skcipher_setkey, 1901 .encrypt = skcipher_encrypt, 1902 .decrypt = skcipher_decrypt, 1903 .min_keysize = DES_KEY_SIZE, 1904 .max_keysize = DES_KEY_SIZE, 1905 .ivsize = DES_BLOCK_SIZE, 1906 }, 1907 .caam.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 1908 }, 1909 { 1910 .skcipher = { 1911 .base = { 1912 .cra_name = "ctr(aes)", 1913 .cra_driver_name = "ctr-aes-caam", 1914 .cra_blocksize = 1, 1915 }, 1916 .setkey = ctr_skcipher_setkey, 1917 .encrypt = skcipher_encrypt, 1918 .decrypt = skcipher_decrypt, 1919 .min_keysize = AES_MIN_KEY_SIZE, 1920 .max_keysize = AES_MAX_KEY_SIZE, 1921 .ivsize = AES_BLOCK_SIZE, 1922 .chunksize = AES_BLOCK_SIZE, 1923 }, 1924 .caam.class1_alg_type = OP_ALG_ALGSEL_AES | 1925 OP_ALG_AAI_CTR_MOD128, 1926 }, 1927 { 1928 .skcipher = { 1929 .base = { 1930 .cra_name = "rfc3686(ctr(aes))", 1931 .cra_driver_name = "rfc3686-ctr-aes-caam", 1932 .cra_blocksize = 1, 1933 }, 1934 .setkey = rfc3686_skcipher_setkey, 1935 .encrypt = skcipher_encrypt, 1936 .decrypt = skcipher_decrypt, 1937 .min_keysize = AES_MIN_KEY_SIZE + 1938 CTR_RFC3686_NONCE_SIZE, 1939 .max_keysize = AES_MAX_KEY_SIZE + 1940 CTR_RFC3686_NONCE_SIZE, 1941 .ivsize = CTR_RFC3686_IV_SIZE, 1942 .chunksize = AES_BLOCK_SIZE, 1943 }, 1944 .caam = { 1945 .class1_alg_type = OP_ALG_ALGSEL_AES | 1946 OP_ALG_AAI_CTR_MOD128, 1947 .rfc3686 = true, 1948 }, 1949 }, 1950 { 1951 .skcipher = { 1952 .base = { 1953 .cra_name = "xts(aes)", 1954 .cra_driver_name = "xts-aes-caam", 1955 .cra_flags = CRYPTO_ALG_NEED_FALLBACK, 1956 .cra_blocksize = AES_BLOCK_SIZE, 1957 }, 1958 .setkey = xts_skcipher_setkey, 1959 .encrypt = skcipher_encrypt, 1960 .decrypt = skcipher_decrypt, 1961 .min_keysize = 2 * AES_MIN_KEY_SIZE, 1962 .max_keysize = 2 * AES_MAX_KEY_SIZE, 1963 .ivsize = AES_BLOCK_SIZE, 1964 }, 1965 .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_XTS, 1966 }, 1967 { 1968 .skcipher = { 1969 .base = { 1970 .cra_name = "ecb(des)", 1971 .cra_driver_name = "ecb-des-caam", 1972 .cra_blocksize = DES_BLOCK_SIZE, 1973 }, 1974 .setkey = des_skcipher_setkey, 1975 .encrypt = skcipher_encrypt, 1976 .decrypt = skcipher_decrypt, 1977 .min_keysize = DES_KEY_SIZE, 1978 .max_keysize = DES_KEY_SIZE, 1979 }, 1980 .caam.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_ECB, 1981 }, 1982 { 1983 .skcipher = { 1984 .base = { 1985 .cra_name = "ecb(aes)", 1986 .cra_driver_name = "ecb-aes-caam", 1987 .cra_blocksize = AES_BLOCK_SIZE, 1988 }, 1989 .setkey = aes_skcipher_setkey, 1990 .encrypt = skcipher_encrypt, 1991 .decrypt = skcipher_decrypt, 1992 .min_keysize = AES_MIN_KEY_SIZE, 1993 .max_keysize = AES_MAX_KEY_SIZE, 1994 }, 1995 .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_ECB, 1996 }, 1997 { 1998 .skcipher = { 1999 .base = { 2000 .cra_name = "ecb(des3_ede)", 2001 .cra_driver_name = "ecb-des3-caam", 2002 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2003 }, 2004 .setkey = des3_skcipher_setkey, 2005 .encrypt = skcipher_encrypt, 2006 .decrypt = skcipher_decrypt, 2007 .min_keysize = DES3_EDE_KEY_SIZE, 2008 .max_keysize = DES3_EDE_KEY_SIZE, 2009 }, 2010 .caam.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_ECB, 2011 }, 2012 }; 2013 2014 static struct caam_aead_alg driver_aeads[] = { 2015 { 2016 .aead = { 2017 .base = { 2018 .cra_name = "rfc4106(gcm(aes))", 2019 .cra_driver_name = "rfc4106-gcm-aes-caam", 2020 .cra_blocksize = 1, 2021 }, 2022 .setkey = rfc4106_setkey, 2023 .setauthsize = rfc4106_setauthsize, 2024 .encrypt = ipsec_gcm_encrypt, 2025 .decrypt = ipsec_gcm_decrypt, 2026 .ivsize = GCM_RFC4106_IV_SIZE, 2027 .maxauthsize = AES_BLOCK_SIZE, 2028 }, 2029 .caam = { 2030 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, 2031 .nodkp = true, 2032 }, 2033 }, 2034 { 2035 .aead = { 2036 .base = { 2037 .cra_name = "rfc4543(gcm(aes))", 2038 .cra_driver_name = "rfc4543-gcm-aes-caam", 2039 .cra_blocksize = 1, 2040 }, 2041 .setkey = rfc4543_setkey, 2042 .setauthsize = rfc4543_setauthsize, 2043 .encrypt = ipsec_gcm_encrypt, 2044 .decrypt = ipsec_gcm_decrypt, 2045 .ivsize = GCM_RFC4543_IV_SIZE, 2046 .maxauthsize = AES_BLOCK_SIZE, 2047 }, 2048 .caam = { 2049 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, 2050 .nodkp = true, 2051 }, 2052 }, 2053 /* Galois Counter Mode */ 2054 { 2055 .aead = { 2056 .base = { 2057 .cra_name = "gcm(aes)", 2058 .cra_driver_name = "gcm-aes-caam", 2059 .cra_blocksize = 1, 2060 }, 2061 .setkey = gcm_setkey, 2062 .setauthsize = gcm_setauthsize, 2063 .encrypt = gcm_encrypt, 2064 .decrypt = gcm_decrypt, 2065 .ivsize = GCM_AES_IV_SIZE, 2066 .maxauthsize = AES_BLOCK_SIZE, 2067 }, 2068 .caam = { 2069 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, 2070 .nodkp = true, 2071 }, 2072 }, 2073 /* single-pass ipsec_esp descriptor */ 2074 { 2075 .aead = { 2076 .base = { 2077 .cra_name = "authenc(hmac(md5)," 2078 "ecb(cipher_null))", 2079 .cra_driver_name = "authenc-hmac-md5-" 2080 "ecb-cipher_null-caam", 2081 .cra_blocksize = NULL_BLOCK_SIZE, 2082 }, 2083 .setkey = aead_setkey, 2084 .setauthsize = aead_setauthsize, 2085 .encrypt = aead_encrypt, 2086 .decrypt = aead_decrypt, 2087 .ivsize = NULL_IV_SIZE, 2088 .maxauthsize = MD5_DIGEST_SIZE, 2089 }, 2090 .caam = { 2091 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 2092 OP_ALG_AAI_HMAC_PRECOMP, 2093 }, 2094 }, 2095 { 2096 .aead = { 2097 .base = { 2098 .cra_name = "authenc(hmac(sha1)," 2099 "ecb(cipher_null))", 2100 .cra_driver_name = "authenc-hmac-sha1-" 2101 "ecb-cipher_null-caam", 2102 .cra_blocksize = NULL_BLOCK_SIZE, 2103 }, 2104 .setkey = aead_setkey, 2105 .setauthsize = aead_setauthsize, 2106 .encrypt = aead_encrypt, 2107 .decrypt = aead_decrypt, 2108 .ivsize = NULL_IV_SIZE, 2109 .maxauthsize = SHA1_DIGEST_SIZE, 2110 }, 2111 .caam = { 2112 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 2113 OP_ALG_AAI_HMAC_PRECOMP, 2114 }, 2115 }, 2116 { 2117 .aead = { 2118 .base = { 2119 .cra_name = "authenc(hmac(sha224)," 2120 "ecb(cipher_null))", 2121 .cra_driver_name = "authenc-hmac-sha224-" 2122 "ecb-cipher_null-caam", 2123 .cra_blocksize = NULL_BLOCK_SIZE, 2124 }, 2125 .setkey = aead_setkey, 2126 .setauthsize = aead_setauthsize, 2127 .encrypt = aead_encrypt, 2128 .decrypt = aead_decrypt, 2129 .ivsize = NULL_IV_SIZE, 2130 .maxauthsize = SHA224_DIGEST_SIZE, 2131 }, 2132 .caam = { 2133 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 2134 OP_ALG_AAI_HMAC_PRECOMP, 2135 }, 2136 }, 2137 { 2138 .aead = { 2139 .base = { 2140 .cra_name = "authenc(hmac(sha256)," 2141 "ecb(cipher_null))", 2142 .cra_driver_name = "authenc-hmac-sha256-" 2143 "ecb-cipher_null-caam", 2144 .cra_blocksize = NULL_BLOCK_SIZE, 2145 }, 2146 .setkey = aead_setkey, 2147 .setauthsize = aead_setauthsize, 2148 .encrypt = aead_encrypt, 2149 .decrypt = aead_decrypt, 2150 .ivsize = NULL_IV_SIZE, 2151 .maxauthsize = SHA256_DIGEST_SIZE, 2152 }, 2153 .caam = { 2154 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 2155 OP_ALG_AAI_HMAC_PRECOMP, 2156 }, 2157 }, 2158 { 2159 .aead = { 2160 .base = { 2161 .cra_name = "authenc(hmac(sha384)," 2162 "ecb(cipher_null))", 2163 .cra_driver_name = "authenc-hmac-sha384-" 2164 "ecb-cipher_null-caam", 2165 .cra_blocksize = NULL_BLOCK_SIZE, 2166 }, 2167 .setkey = aead_setkey, 2168 .setauthsize = aead_setauthsize, 2169 .encrypt = aead_encrypt, 2170 .decrypt = aead_decrypt, 2171 .ivsize = NULL_IV_SIZE, 2172 .maxauthsize = SHA384_DIGEST_SIZE, 2173 }, 2174 .caam = { 2175 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 2176 OP_ALG_AAI_HMAC_PRECOMP, 2177 }, 2178 }, 2179 { 2180 .aead = { 2181 .base = { 2182 .cra_name = "authenc(hmac(sha512)," 2183 "ecb(cipher_null))", 2184 .cra_driver_name = "authenc-hmac-sha512-" 2185 "ecb-cipher_null-caam", 2186 .cra_blocksize = NULL_BLOCK_SIZE, 2187 }, 2188 .setkey = aead_setkey, 2189 .setauthsize = aead_setauthsize, 2190 .encrypt = aead_encrypt, 2191 .decrypt = aead_decrypt, 2192 .ivsize = NULL_IV_SIZE, 2193 .maxauthsize = SHA512_DIGEST_SIZE, 2194 }, 2195 .caam = { 2196 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 2197 OP_ALG_AAI_HMAC_PRECOMP, 2198 }, 2199 }, 2200 { 2201 .aead = { 2202 .base = { 2203 .cra_name = "authenc(hmac(md5),cbc(aes))", 2204 .cra_driver_name = "authenc-hmac-md5-" 2205 "cbc-aes-caam", 2206 .cra_blocksize = AES_BLOCK_SIZE, 2207 }, 2208 .setkey = aead_setkey, 2209 .setauthsize = aead_setauthsize, 2210 .encrypt = aead_encrypt, 2211 .decrypt = aead_decrypt, 2212 .ivsize = AES_BLOCK_SIZE, 2213 .maxauthsize = MD5_DIGEST_SIZE, 2214 }, 2215 .caam = { 2216 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2217 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 2218 OP_ALG_AAI_HMAC_PRECOMP, 2219 }, 2220 }, 2221 { 2222 .aead = { 2223 .base = { 2224 .cra_name = "echainiv(authenc(hmac(md5)," 2225 "cbc(aes)))", 2226 .cra_driver_name = "echainiv-authenc-hmac-md5-" 2227 "cbc-aes-caam", 2228 .cra_blocksize = AES_BLOCK_SIZE, 2229 }, 2230 .setkey = aead_setkey, 2231 .setauthsize = aead_setauthsize, 2232 .encrypt = aead_encrypt, 2233 .decrypt = aead_decrypt, 2234 .ivsize = AES_BLOCK_SIZE, 2235 .maxauthsize = MD5_DIGEST_SIZE, 2236 }, 2237 .caam = { 2238 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2239 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 2240 OP_ALG_AAI_HMAC_PRECOMP, 2241 .geniv = true, 2242 }, 2243 }, 2244 { 2245 .aead = { 2246 .base = { 2247 .cra_name = "authenc(hmac(sha1),cbc(aes))", 2248 .cra_driver_name = "authenc-hmac-sha1-" 2249 "cbc-aes-caam", 2250 .cra_blocksize = AES_BLOCK_SIZE, 2251 }, 2252 .setkey = aead_setkey, 2253 .setauthsize = aead_setauthsize, 2254 .encrypt = aead_encrypt, 2255 .decrypt = aead_decrypt, 2256 .ivsize = AES_BLOCK_SIZE, 2257 .maxauthsize = SHA1_DIGEST_SIZE, 2258 }, 2259 .caam = { 2260 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2261 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 2262 OP_ALG_AAI_HMAC_PRECOMP, 2263 }, 2264 }, 2265 { 2266 .aead = { 2267 .base = { 2268 .cra_name = "echainiv(authenc(hmac(sha1)," 2269 "cbc(aes)))", 2270 .cra_driver_name = "echainiv-authenc-" 2271 "hmac-sha1-cbc-aes-caam", 2272 .cra_blocksize = AES_BLOCK_SIZE, 2273 }, 2274 .setkey = aead_setkey, 2275 .setauthsize = aead_setauthsize, 2276 .encrypt = aead_encrypt, 2277 .decrypt = aead_decrypt, 2278 .ivsize = AES_BLOCK_SIZE, 2279 .maxauthsize = SHA1_DIGEST_SIZE, 2280 }, 2281 .caam = { 2282 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2283 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 2284 OP_ALG_AAI_HMAC_PRECOMP, 2285 .geniv = true, 2286 }, 2287 }, 2288 { 2289 .aead = { 2290 .base = { 2291 .cra_name = "authenc(hmac(sha224),cbc(aes))", 2292 .cra_driver_name = "authenc-hmac-sha224-" 2293 "cbc-aes-caam", 2294 .cra_blocksize = AES_BLOCK_SIZE, 2295 }, 2296 .setkey = aead_setkey, 2297 .setauthsize = aead_setauthsize, 2298 .encrypt = aead_encrypt, 2299 .decrypt = aead_decrypt, 2300 .ivsize = AES_BLOCK_SIZE, 2301 .maxauthsize = SHA224_DIGEST_SIZE, 2302 }, 2303 .caam = { 2304 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2305 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 2306 OP_ALG_AAI_HMAC_PRECOMP, 2307 }, 2308 }, 2309 { 2310 .aead = { 2311 .base = { 2312 .cra_name = "echainiv(authenc(hmac(sha224)," 2313 "cbc(aes)))", 2314 .cra_driver_name = "echainiv-authenc-" 2315 "hmac-sha224-cbc-aes-caam", 2316 .cra_blocksize = AES_BLOCK_SIZE, 2317 }, 2318 .setkey = aead_setkey, 2319 .setauthsize = aead_setauthsize, 2320 .encrypt = aead_encrypt, 2321 .decrypt = aead_decrypt, 2322 .ivsize = AES_BLOCK_SIZE, 2323 .maxauthsize = SHA224_DIGEST_SIZE, 2324 }, 2325 .caam = { 2326 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2327 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 2328 OP_ALG_AAI_HMAC_PRECOMP, 2329 .geniv = true, 2330 }, 2331 }, 2332 { 2333 .aead = { 2334 .base = { 2335 .cra_name = "authenc(hmac(sha256),cbc(aes))", 2336 .cra_driver_name = "authenc-hmac-sha256-" 2337 "cbc-aes-caam", 2338 .cra_blocksize = AES_BLOCK_SIZE, 2339 }, 2340 .setkey = aead_setkey, 2341 .setauthsize = aead_setauthsize, 2342 .encrypt = aead_encrypt, 2343 .decrypt = aead_decrypt, 2344 .ivsize = AES_BLOCK_SIZE, 2345 .maxauthsize = SHA256_DIGEST_SIZE, 2346 }, 2347 .caam = { 2348 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2349 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 2350 OP_ALG_AAI_HMAC_PRECOMP, 2351 }, 2352 }, 2353 { 2354 .aead = { 2355 .base = { 2356 .cra_name = "echainiv(authenc(hmac(sha256)," 2357 "cbc(aes)))", 2358 .cra_driver_name = "echainiv-authenc-" 2359 "hmac-sha256-cbc-aes-caam", 2360 .cra_blocksize = AES_BLOCK_SIZE, 2361 }, 2362 .setkey = aead_setkey, 2363 .setauthsize = aead_setauthsize, 2364 .encrypt = aead_encrypt, 2365 .decrypt = aead_decrypt, 2366 .ivsize = AES_BLOCK_SIZE, 2367 .maxauthsize = SHA256_DIGEST_SIZE, 2368 }, 2369 .caam = { 2370 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2371 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 2372 OP_ALG_AAI_HMAC_PRECOMP, 2373 .geniv = true, 2374 }, 2375 }, 2376 { 2377 .aead = { 2378 .base = { 2379 .cra_name = "authenc(hmac(sha384),cbc(aes))", 2380 .cra_driver_name = "authenc-hmac-sha384-" 2381 "cbc-aes-caam", 2382 .cra_blocksize = AES_BLOCK_SIZE, 2383 }, 2384 .setkey = aead_setkey, 2385 .setauthsize = aead_setauthsize, 2386 .encrypt = aead_encrypt, 2387 .decrypt = aead_decrypt, 2388 .ivsize = AES_BLOCK_SIZE, 2389 .maxauthsize = SHA384_DIGEST_SIZE, 2390 }, 2391 .caam = { 2392 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2393 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 2394 OP_ALG_AAI_HMAC_PRECOMP, 2395 }, 2396 }, 2397 { 2398 .aead = { 2399 .base = { 2400 .cra_name = "echainiv(authenc(hmac(sha384)," 2401 "cbc(aes)))", 2402 .cra_driver_name = "echainiv-authenc-" 2403 "hmac-sha384-cbc-aes-caam", 2404 .cra_blocksize = AES_BLOCK_SIZE, 2405 }, 2406 .setkey = aead_setkey, 2407 .setauthsize = aead_setauthsize, 2408 .encrypt = aead_encrypt, 2409 .decrypt = aead_decrypt, 2410 .ivsize = AES_BLOCK_SIZE, 2411 .maxauthsize = SHA384_DIGEST_SIZE, 2412 }, 2413 .caam = { 2414 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2415 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 2416 OP_ALG_AAI_HMAC_PRECOMP, 2417 .geniv = true, 2418 }, 2419 }, 2420 { 2421 .aead = { 2422 .base = { 2423 .cra_name = "authenc(hmac(sha512),cbc(aes))", 2424 .cra_driver_name = "authenc-hmac-sha512-" 2425 "cbc-aes-caam", 2426 .cra_blocksize = AES_BLOCK_SIZE, 2427 }, 2428 .setkey = aead_setkey, 2429 .setauthsize = aead_setauthsize, 2430 .encrypt = aead_encrypt, 2431 .decrypt = aead_decrypt, 2432 .ivsize = AES_BLOCK_SIZE, 2433 .maxauthsize = SHA512_DIGEST_SIZE, 2434 }, 2435 .caam = { 2436 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2437 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 2438 OP_ALG_AAI_HMAC_PRECOMP, 2439 }, 2440 }, 2441 { 2442 .aead = { 2443 .base = { 2444 .cra_name = "echainiv(authenc(hmac(sha512)," 2445 "cbc(aes)))", 2446 .cra_driver_name = "echainiv-authenc-" 2447 "hmac-sha512-cbc-aes-caam", 2448 .cra_blocksize = AES_BLOCK_SIZE, 2449 }, 2450 .setkey = aead_setkey, 2451 .setauthsize = aead_setauthsize, 2452 .encrypt = aead_encrypt, 2453 .decrypt = aead_decrypt, 2454 .ivsize = AES_BLOCK_SIZE, 2455 .maxauthsize = SHA512_DIGEST_SIZE, 2456 }, 2457 .caam = { 2458 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 2459 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 2460 OP_ALG_AAI_HMAC_PRECOMP, 2461 .geniv = true, 2462 }, 2463 }, 2464 { 2465 .aead = { 2466 .base = { 2467 .cra_name = "authenc(hmac(md5),cbc(des3_ede))", 2468 .cra_driver_name = "authenc-hmac-md5-" 2469 "cbc-des3_ede-caam", 2470 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2471 }, 2472 .setkey = des3_aead_setkey, 2473 .setauthsize = aead_setauthsize, 2474 .encrypt = aead_encrypt, 2475 .decrypt = aead_decrypt, 2476 .ivsize = DES3_EDE_BLOCK_SIZE, 2477 .maxauthsize = MD5_DIGEST_SIZE, 2478 }, 2479 .caam = { 2480 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2481 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 2482 OP_ALG_AAI_HMAC_PRECOMP, 2483 } 2484 }, 2485 { 2486 .aead = { 2487 .base = { 2488 .cra_name = "echainiv(authenc(hmac(md5)," 2489 "cbc(des3_ede)))", 2490 .cra_driver_name = "echainiv-authenc-hmac-md5-" 2491 "cbc-des3_ede-caam", 2492 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2493 }, 2494 .setkey = des3_aead_setkey, 2495 .setauthsize = aead_setauthsize, 2496 .encrypt = aead_encrypt, 2497 .decrypt = aead_decrypt, 2498 .ivsize = DES3_EDE_BLOCK_SIZE, 2499 .maxauthsize = MD5_DIGEST_SIZE, 2500 }, 2501 .caam = { 2502 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2503 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 2504 OP_ALG_AAI_HMAC_PRECOMP, 2505 .geniv = true, 2506 } 2507 }, 2508 { 2509 .aead = { 2510 .base = { 2511 .cra_name = "authenc(hmac(sha1)," 2512 "cbc(des3_ede))", 2513 .cra_driver_name = "authenc-hmac-sha1-" 2514 "cbc-des3_ede-caam", 2515 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2516 }, 2517 .setkey = des3_aead_setkey, 2518 .setauthsize = aead_setauthsize, 2519 .encrypt = aead_encrypt, 2520 .decrypt = aead_decrypt, 2521 .ivsize = DES3_EDE_BLOCK_SIZE, 2522 .maxauthsize = SHA1_DIGEST_SIZE, 2523 }, 2524 .caam = { 2525 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2526 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 2527 OP_ALG_AAI_HMAC_PRECOMP, 2528 }, 2529 }, 2530 { 2531 .aead = { 2532 .base = { 2533 .cra_name = "echainiv(authenc(hmac(sha1)," 2534 "cbc(des3_ede)))", 2535 .cra_driver_name = "echainiv-authenc-" 2536 "hmac-sha1-" 2537 "cbc-des3_ede-caam", 2538 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2539 }, 2540 .setkey = des3_aead_setkey, 2541 .setauthsize = aead_setauthsize, 2542 .encrypt = aead_encrypt, 2543 .decrypt = aead_decrypt, 2544 .ivsize = DES3_EDE_BLOCK_SIZE, 2545 .maxauthsize = SHA1_DIGEST_SIZE, 2546 }, 2547 .caam = { 2548 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2549 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 2550 OP_ALG_AAI_HMAC_PRECOMP, 2551 .geniv = true, 2552 }, 2553 }, 2554 { 2555 .aead = { 2556 .base = { 2557 .cra_name = "authenc(hmac(sha224)," 2558 "cbc(des3_ede))", 2559 .cra_driver_name = "authenc-hmac-sha224-" 2560 "cbc-des3_ede-caam", 2561 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2562 }, 2563 .setkey = des3_aead_setkey, 2564 .setauthsize = aead_setauthsize, 2565 .encrypt = aead_encrypt, 2566 .decrypt = aead_decrypt, 2567 .ivsize = DES3_EDE_BLOCK_SIZE, 2568 .maxauthsize = SHA224_DIGEST_SIZE, 2569 }, 2570 .caam = { 2571 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2572 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 2573 OP_ALG_AAI_HMAC_PRECOMP, 2574 }, 2575 }, 2576 { 2577 .aead = { 2578 .base = { 2579 .cra_name = "echainiv(authenc(hmac(sha224)," 2580 "cbc(des3_ede)))", 2581 .cra_driver_name = "echainiv-authenc-" 2582 "hmac-sha224-" 2583 "cbc-des3_ede-caam", 2584 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2585 }, 2586 .setkey = des3_aead_setkey, 2587 .setauthsize = aead_setauthsize, 2588 .encrypt = aead_encrypt, 2589 .decrypt = aead_decrypt, 2590 .ivsize = DES3_EDE_BLOCK_SIZE, 2591 .maxauthsize = SHA224_DIGEST_SIZE, 2592 }, 2593 .caam = { 2594 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2595 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 2596 OP_ALG_AAI_HMAC_PRECOMP, 2597 .geniv = true, 2598 }, 2599 }, 2600 { 2601 .aead = { 2602 .base = { 2603 .cra_name = "authenc(hmac(sha256)," 2604 "cbc(des3_ede))", 2605 .cra_driver_name = "authenc-hmac-sha256-" 2606 "cbc-des3_ede-caam", 2607 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2608 }, 2609 .setkey = des3_aead_setkey, 2610 .setauthsize = aead_setauthsize, 2611 .encrypt = aead_encrypt, 2612 .decrypt = aead_decrypt, 2613 .ivsize = DES3_EDE_BLOCK_SIZE, 2614 .maxauthsize = SHA256_DIGEST_SIZE, 2615 }, 2616 .caam = { 2617 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2618 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 2619 OP_ALG_AAI_HMAC_PRECOMP, 2620 }, 2621 }, 2622 { 2623 .aead = { 2624 .base = { 2625 .cra_name = "echainiv(authenc(hmac(sha256)," 2626 "cbc(des3_ede)))", 2627 .cra_driver_name = "echainiv-authenc-" 2628 "hmac-sha256-" 2629 "cbc-des3_ede-caam", 2630 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2631 }, 2632 .setkey = des3_aead_setkey, 2633 .setauthsize = aead_setauthsize, 2634 .encrypt = aead_encrypt, 2635 .decrypt = aead_decrypt, 2636 .ivsize = DES3_EDE_BLOCK_SIZE, 2637 .maxauthsize = SHA256_DIGEST_SIZE, 2638 }, 2639 .caam = { 2640 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2641 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 2642 OP_ALG_AAI_HMAC_PRECOMP, 2643 .geniv = true, 2644 }, 2645 }, 2646 { 2647 .aead = { 2648 .base = { 2649 .cra_name = "authenc(hmac(sha384)," 2650 "cbc(des3_ede))", 2651 .cra_driver_name = "authenc-hmac-sha384-" 2652 "cbc-des3_ede-caam", 2653 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2654 }, 2655 .setkey = des3_aead_setkey, 2656 .setauthsize = aead_setauthsize, 2657 .encrypt = aead_encrypt, 2658 .decrypt = aead_decrypt, 2659 .ivsize = DES3_EDE_BLOCK_SIZE, 2660 .maxauthsize = SHA384_DIGEST_SIZE, 2661 }, 2662 .caam = { 2663 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2664 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 2665 OP_ALG_AAI_HMAC_PRECOMP, 2666 }, 2667 }, 2668 { 2669 .aead = { 2670 .base = { 2671 .cra_name = "echainiv(authenc(hmac(sha384)," 2672 "cbc(des3_ede)))", 2673 .cra_driver_name = "echainiv-authenc-" 2674 "hmac-sha384-" 2675 "cbc-des3_ede-caam", 2676 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2677 }, 2678 .setkey = des3_aead_setkey, 2679 .setauthsize = aead_setauthsize, 2680 .encrypt = aead_encrypt, 2681 .decrypt = aead_decrypt, 2682 .ivsize = DES3_EDE_BLOCK_SIZE, 2683 .maxauthsize = SHA384_DIGEST_SIZE, 2684 }, 2685 .caam = { 2686 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2687 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 2688 OP_ALG_AAI_HMAC_PRECOMP, 2689 .geniv = true, 2690 }, 2691 }, 2692 { 2693 .aead = { 2694 .base = { 2695 .cra_name = "authenc(hmac(sha512)," 2696 "cbc(des3_ede))", 2697 .cra_driver_name = "authenc-hmac-sha512-" 2698 "cbc-des3_ede-caam", 2699 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2700 }, 2701 .setkey = des3_aead_setkey, 2702 .setauthsize = aead_setauthsize, 2703 .encrypt = aead_encrypt, 2704 .decrypt = aead_decrypt, 2705 .ivsize = DES3_EDE_BLOCK_SIZE, 2706 .maxauthsize = SHA512_DIGEST_SIZE, 2707 }, 2708 .caam = { 2709 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2710 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 2711 OP_ALG_AAI_HMAC_PRECOMP, 2712 }, 2713 }, 2714 { 2715 .aead = { 2716 .base = { 2717 .cra_name = "echainiv(authenc(hmac(sha512)," 2718 "cbc(des3_ede)))", 2719 .cra_driver_name = "echainiv-authenc-" 2720 "hmac-sha512-" 2721 "cbc-des3_ede-caam", 2722 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 2723 }, 2724 .setkey = des3_aead_setkey, 2725 .setauthsize = aead_setauthsize, 2726 .encrypt = aead_encrypt, 2727 .decrypt = aead_decrypt, 2728 .ivsize = DES3_EDE_BLOCK_SIZE, 2729 .maxauthsize = SHA512_DIGEST_SIZE, 2730 }, 2731 .caam = { 2732 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 2733 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 2734 OP_ALG_AAI_HMAC_PRECOMP, 2735 .geniv = true, 2736 }, 2737 }, 2738 { 2739 .aead = { 2740 .base = { 2741 .cra_name = "authenc(hmac(md5),cbc(des))", 2742 .cra_driver_name = "authenc-hmac-md5-" 2743 "cbc-des-caam", 2744 .cra_blocksize = DES_BLOCK_SIZE, 2745 }, 2746 .setkey = aead_setkey, 2747 .setauthsize = aead_setauthsize, 2748 .encrypt = aead_encrypt, 2749 .decrypt = aead_decrypt, 2750 .ivsize = DES_BLOCK_SIZE, 2751 .maxauthsize = MD5_DIGEST_SIZE, 2752 }, 2753 .caam = { 2754 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2755 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 2756 OP_ALG_AAI_HMAC_PRECOMP, 2757 }, 2758 }, 2759 { 2760 .aead = { 2761 .base = { 2762 .cra_name = "echainiv(authenc(hmac(md5)," 2763 "cbc(des)))", 2764 .cra_driver_name = "echainiv-authenc-hmac-md5-" 2765 "cbc-des-caam", 2766 .cra_blocksize = DES_BLOCK_SIZE, 2767 }, 2768 .setkey = aead_setkey, 2769 .setauthsize = aead_setauthsize, 2770 .encrypt = aead_encrypt, 2771 .decrypt = aead_decrypt, 2772 .ivsize = DES_BLOCK_SIZE, 2773 .maxauthsize = MD5_DIGEST_SIZE, 2774 }, 2775 .caam = { 2776 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2777 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 2778 OP_ALG_AAI_HMAC_PRECOMP, 2779 .geniv = true, 2780 }, 2781 }, 2782 { 2783 .aead = { 2784 .base = { 2785 .cra_name = "authenc(hmac(sha1),cbc(des))", 2786 .cra_driver_name = "authenc-hmac-sha1-" 2787 "cbc-des-caam", 2788 .cra_blocksize = DES_BLOCK_SIZE, 2789 }, 2790 .setkey = aead_setkey, 2791 .setauthsize = aead_setauthsize, 2792 .encrypt = aead_encrypt, 2793 .decrypt = aead_decrypt, 2794 .ivsize = DES_BLOCK_SIZE, 2795 .maxauthsize = SHA1_DIGEST_SIZE, 2796 }, 2797 .caam = { 2798 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2799 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 2800 OP_ALG_AAI_HMAC_PRECOMP, 2801 }, 2802 }, 2803 { 2804 .aead = { 2805 .base = { 2806 .cra_name = "echainiv(authenc(hmac(sha1)," 2807 "cbc(des)))", 2808 .cra_driver_name = "echainiv-authenc-" 2809 "hmac-sha1-cbc-des-caam", 2810 .cra_blocksize = DES_BLOCK_SIZE, 2811 }, 2812 .setkey = aead_setkey, 2813 .setauthsize = aead_setauthsize, 2814 .encrypt = aead_encrypt, 2815 .decrypt = aead_decrypt, 2816 .ivsize = DES_BLOCK_SIZE, 2817 .maxauthsize = SHA1_DIGEST_SIZE, 2818 }, 2819 .caam = { 2820 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2821 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 2822 OP_ALG_AAI_HMAC_PRECOMP, 2823 .geniv = true, 2824 }, 2825 }, 2826 { 2827 .aead = { 2828 .base = { 2829 .cra_name = "authenc(hmac(sha224),cbc(des))", 2830 .cra_driver_name = "authenc-hmac-sha224-" 2831 "cbc-des-caam", 2832 .cra_blocksize = DES_BLOCK_SIZE, 2833 }, 2834 .setkey = aead_setkey, 2835 .setauthsize = aead_setauthsize, 2836 .encrypt = aead_encrypt, 2837 .decrypt = aead_decrypt, 2838 .ivsize = DES_BLOCK_SIZE, 2839 .maxauthsize = SHA224_DIGEST_SIZE, 2840 }, 2841 .caam = { 2842 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2843 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 2844 OP_ALG_AAI_HMAC_PRECOMP, 2845 }, 2846 }, 2847 { 2848 .aead = { 2849 .base = { 2850 .cra_name = "echainiv(authenc(hmac(sha224)," 2851 "cbc(des)))", 2852 .cra_driver_name = "echainiv-authenc-" 2853 "hmac-sha224-cbc-des-caam", 2854 .cra_blocksize = DES_BLOCK_SIZE, 2855 }, 2856 .setkey = aead_setkey, 2857 .setauthsize = aead_setauthsize, 2858 .encrypt = aead_encrypt, 2859 .decrypt = aead_decrypt, 2860 .ivsize = DES_BLOCK_SIZE, 2861 .maxauthsize = SHA224_DIGEST_SIZE, 2862 }, 2863 .caam = { 2864 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2865 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 2866 OP_ALG_AAI_HMAC_PRECOMP, 2867 .geniv = true, 2868 }, 2869 }, 2870 { 2871 .aead = { 2872 .base = { 2873 .cra_name = "authenc(hmac(sha256),cbc(des))", 2874 .cra_driver_name = "authenc-hmac-sha256-" 2875 "cbc-des-caam", 2876 .cra_blocksize = DES_BLOCK_SIZE, 2877 }, 2878 .setkey = aead_setkey, 2879 .setauthsize = aead_setauthsize, 2880 .encrypt = aead_encrypt, 2881 .decrypt = aead_decrypt, 2882 .ivsize = DES_BLOCK_SIZE, 2883 .maxauthsize = SHA256_DIGEST_SIZE, 2884 }, 2885 .caam = { 2886 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2887 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 2888 OP_ALG_AAI_HMAC_PRECOMP, 2889 }, 2890 }, 2891 { 2892 .aead = { 2893 .base = { 2894 .cra_name = "echainiv(authenc(hmac(sha256)," 2895 "cbc(des)))", 2896 .cra_driver_name = "echainiv-authenc-" 2897 "hmac-sha256-cbc-des-caam", 2898 .cra_blocksize = DES_BLOCK_SIZE, 2899 }, 2900 .setkey = aead_setkey, 2901 .setauthsize = aead_setauthsize, 2902 .encrypt = aead_encrypt, 2903 .decrypt = aead_decrypt, 2904 .ivsize = DES_BLOCK_SIZE, 2905 .maxauthsize = SHA256_DIGEST_SIZE, 2906 }, 2907 .caam = { 2908 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2909 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 2910 OP_ALG_AAI_HMAC_PRECOMP, 2911 .geniv = true, 2912 }, 2913 }, 2914 { 2915 .aead = { 2916 .base = { 2917 .cra_name = "authenc(hmac(sha384),cbc(des))", 2918 .cra_driver_name = "authenc-hmac-sha384-" 2919 "cbc-des-caam", 2920 .cra_blocksize = DES_BLOCK_SIZE, 2921 }, 2922 .setkey = aead_setkey, 2923 .setauthsize = aead_setauthsize, 2924 .encrypt = aead_encrypt, 2925 .decrypt = aead_decrypt, 2926 .ivsize = DES_BLOCK_SIZE, 2927 .maxauthsize = SHA384_DIGEST_SIZE, 2928 }, 2929 .caam = { 2930 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2931 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 2932 OP_ALG_AAI_HMAC_PRECOMP, 2933 }, 2934 }, 2935 { 2936 .aead = { 2937 .base = { 2938 .cra_name = "echainiv(authenc(hmac(sha384)," 2939 "cbc(des)))", 2940 .cra_driver_name = "echainiv-authenc-" 2941 "hmac-sha384-cbc-des-caam", 2942 .cra_blocksize = DES_BLOCK_SIZE, 2943 }, 2944 .setkey = aead_setkey, 2945 .setauthsize = aead_setauthsize, 2946 .encrypt = aead_encrypt, 2947 .decrypt = aead_decrypt, 2948 .ivsize = DES_BLOCK_SIZE, 2949 .maxauthsize = SHA384_DIGEST_SIZE, 2950 }, 2951 .caam = { 2952 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2953 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 2954 OP_ALG_AAI_HMAC_PRECOMP, 2955 .geniv = true, 2956 }, 2957 }, 2958 { 2959 .aead = { 2960 .base = { 2961 .cra_name = "authenc(hmac(sha512),cbc(des))", 2962 .cra_driver_name = "authenc-hmac-sha512-" 2963 "cbc-des-caam", 2964 .cra_blocksize = DES_BLOCK_SIZE, 2965 }, 2966 .setkey = aead_setkey, 2967 .setauthsize = aead_setauthsize, 2968 .encrypt = aead_encrypt, 2969 .decrypt = aead_decrypt, 2970 .ivsize = DES_BLOCK_SIZE, 2971 .maxauthsize = SHA512_DIGEST_SIZE, 2972 }, 2973 .caam = { 2974 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2975 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 2976 OP_ALG_AAI_HMAC_PRECOMP, 2977 }, 2978 }, 2979 { 2980 .aead = { 2981 .base = { 2982 .cra_name = "echainiv(authenc(hmac(sha512)," 2983 "cbc(des)))", 2984 .cra_driver_name = "echainiv-authenc-" 2985 "hmac-sha512-cbc-des-caam", 2986 .cra_blocksize = DES_BLOCK_SIZE, 2987 }, 2988 .setkey = aead_setkey, 2989 .setauthsize = aead_setauthsize, 2990 .encrypt = aead_encrypt, 2991 .decrypt = aead_decrypt, 2992 .ivsize = DES_BLOCK_SIZE, 2993 .maxauthsize = SHA512_DIGEST_SIZE, 2994 }, 2995 .caam = { 2996 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2997 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 2998 OP_ALG_AAI_HMAC_PRECOMP, 2999 .geniv = true, 3000 }, 3001 }, 3002 { 3003 .aead = { 3004 .base = { 3005 .cra_name = "authenc(hmac(md5)," 3006 "rfc3686(ctr(aes)))", 3007 .cra_driver_name = "authenc-hmac-md5-" 3008 "rfc3686-ctr-aes-caam", 3009 .cra_blocksize = 1, 3010 }, 3011 .setkey = aead_setkey, 3012 .setauthsize = aead_setauthsize, 3013 .encrypt = aead_encrypt, 3014 .decrypt = aead_decrypt, 3015 .ivsize = CTR_RFC3686_IV_SIZE, 3016 .maxauthsize = MD5_DIGEST_SIZE, 3017 }, 3018 .caam = { 3019 .class1_alg_type = OP_ALG_ALGSEL_AES | 3020 OP_ALG_AAI_CTR_MOD128, 3021 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 3022 OP_ALG_AAI_HMAC_PRECOMP, 3023 .rfc3686 = true, 3024 }, 3025 }, 3026 { 3027 .aead = { 3028 .base = { 3029 .cra_name = "seqiv(authenc(" 3030 "hmac(md5),rfc3686(ctr(aes))))", 3031 .cra_driver_name = "seqiv-authenc-hmac-md5-" 3032 "rfc3686-ctr-aes-caam", 3033 .cra_blocksize = 1, 3034 }, 3035 .setkey = aead_setkey, 3036 .setauthsize = aead_setauthsize, 3037 .encrypt = aead_encrypt, 3038 .decrypt = aead_decrypt, 3039 .ivsize = CTR_RFC3686_IV_SIZE, 3040 .maxauthsize = MD5_DIGEST_SIZE, 3041 }, 3042 .caam = { 3043 .class1_alg_type = OP_ALG_ALGSEL_AES | 3044 OP_ALG_AAI_CTR_MOD128, 3045 .class2_alg_type = OP_ALG_ALGSEL_MD5 | 3046 OP_ALG_AAI_HMAC_PRECOMP, 3047 .rfc3686 = true, 3048 .geniv = true, 3049 }, 3050 }, 3051 { 3052 .aead = { 3053 .base = { 3054 .cra_name = "authenc(hmac(sha1)," 3055 "rfc3686(ctr(aes)))", 3056 .cra_driver_name = "authenc-hmac-sha1-" 3057 "rfc3686-ctr-aes-caam", 3058 .cra_blocksize = 1, 3059 }, 3060 .setkey = aead_setkey, 3061 .setauthsize = aead_setauthsize, 3062 .encrypt = aead_encrypt, 3063 .decrypt = aead_decrypt, 3064 .ivsize = CTR_RFC3686_IV_SIZE, 3065 .maxauthsize = SHA1_DIGEST_SIZE, 3066 }, 3067 .caam = { 3068 .class1_alg_type = OP_ALG_ALGSEL_AES | 3069 OP_ALG_AAI_CTR_MOD128, 3070 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 3071 OP_ALG_AAI_HMAC_PRECOMP, 3072 .rfc3686 = true, 3073 }, 3074 }, 3075 { 3076 .aead = { 3077 .base = { 3078 .cra_name = "seqiv(authenc(" 3079 "hmac(sha1),rfc3686(ctr(aes))))", 3080 .cra_driver_name = "seqiv-authenc-hmac-sha1-" 3081 "rfc3686-ctr-aes-caam", 3082 .cra_blocksize = 1, 3083 }, 3084 .setkey = aead_setkey, 3085 .setauthsize = aead_setauthsize, 3086 .encrypt = aead_encrypt, 3087 .decrypt = aead_decrypt, 3088 .ivsize = CTR_RFC3686_IV_SIZE, 3089 .maxauthsize = SHA1_DIGEST_SIZE, 3090 }, 3091 .caam = { 3092 .class1_alg_type = OP_ALG_ALGSEL_AES | 3093 OP_ALG_AAI_CTR_MOD128, 3094 .class2_alg_type = OP_ALG_ALGSEL_SHA1 | 3095 OP_ALG_AAI_HMAC_PRECOMP, 3096 .rfc3686 = true, 3097 .geniv = true, 3098 }, 3099 }, 3100 { 3101 .aead = { 3102 .base = { 3103 .cra_name = "authenc(hmac(sha224)," 3104 "rfc3686(ctr(aes)))", 3105 .cra_driver_name = "authenc-hmac-sha224-" 3106 "rfc3686-ctr-aes-caam", 3107 .cra_blocksize = 1, 3108 }, 3109 .setkey = aead_setkey, 3110 .setauthsize = aead_setauthsize, 3111 .encrypt = aead_encrypt, 3112 .decrypt = aead_decrypt, 3113 .ivsize = CTR_RFC3686_IV_SIZE, 3114 .maxauthsize = SHA224_DIGEST_SIZE, 3115 }, 3116 .caam = { 3117 .class1_alg_type = OP_ALG_ALGSEL_AES | 3118 OP_ALG_AAI_CTR_MOD128, 3119 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 3120 OP_ALG_AAI_HMAC_PRECOMP, 3121 .rfc3686 = true, 3122 }, 3123 }, 3124 { 3125 .aead = { 3126 .base = { 3127 .cra_name = "seqiv(authenc(" 3128 "hmac(sha224),rfc3686(ctr(aes))))", 3129 .cra_driver_name = "seqiv-authenc-hmac-sha224-" 3130 "rfc3686-ctr-aes-caam", 3131 .cra_blocksize = 1, 3132 }, 3133 .setkey = aead_setkey, 3134 .setauthsize = aead_setauthsize, 3135 .encrypt = aead_encrypt, 3136 .decrypt = aead_decrypt, 3137 .ivsize = CTR_RFC3686_IV_SIZE, 3138 .maxauthsize = SHA224_DIGEST_SIZE, 3139 }, 3140 .caam = { 3141 .class1_alg_type = OP_ALG_ALGSEL_AES | 3142 OP_ALG_AAI_CTR_MOD128, 3143 .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 3144 OP_ALG_AAI_HMAC_PRECOMP, 3145 .rfc3686 = true, 3146 .geniv = true, 3147 }, 3148 }, 3149 { 3150 .aead = { 3151 .base = { 3152 .cra_name = "authenc(hmac(sha256)," 3153 "rfc3686(ctr(aes)))", 3154 .cra_driver_name = "authenc-hmac-sha256-" 3155 "rfc3686-ctr-aes-caam", 3156 .cra_blocksize = 1, 3157 }, 3158 .setkey = aead_setkey, 3159 .setauthsize = aead_setauthsize, 3160 .encrypt = aead_encrypt, 3161 .decrypt = aead_decrypt, 3162 .ivsize = CTR_RFC3686_IV_SIZE, 3163 .maxauthsize = SHA256_DIGEST_SIZE, 3164 }, 3165 .caam = { 3166 .class1_alg_type = OP_ALG_ALGSEL_AES | 3167 OP_ALG_AAI_CTR_MOD128, 3168 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 3169 OP_ALG_AAI_HMAC_PRECOMP, 3170 .rfc3686 = true, 3171 }, 3172 }, 3173 { 3174 .aead = { 3175 .base = { 3176 .cra_name = "seqiv(authenc(hmac(sha256)," 3177 "rfc3686(ctr(aes))))", 3178 .cra_driver_name = "seqiv-authenc-hmac-sha256-" 3179 "rfc3686-ctr-aes-caam", 3180 .cra_blocksize = 1, 3181 }, 3182 .setkey = aead_setkey, 3183 .setauthsize = aead_setauthsize, 3184 .encrypt = aead_encrypt, 3185 .decrypt = aead_decrypt, 3186 .ivsize = CTR_RFC3686_IV_SIZE, 3187 .maxauthsize = SHA256_DIGEST_SIZE, 3188 }, 3189 .caam = { 3190 .class1_alg_type = OP_ALG_ALGSEL_AES | 3191 OP_ALG_AAI_CTR_MOD128, 3192 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 3193 OP_ALG_AAI_HMAC_PRECOMP, 3194 .rfc3686 = true, 3195 .geniv = true, 3196 }, 3197 }, 3198 { 3199 .aead = { 3200 .base = { 3201 .cra_name = "authenc(hmac(sha384)," 3202 "rfc3686(ctr(aes)))", 3203 .cra_driver_name = "authenc-hmac-sha384-" 3204 "rfc3686-ctr-aes-caam", 3205 .cra_blocksize = 1, 3206 }, 3207 .setkey = aead_setkey, 3208 .setauthsize = aead_setauthsize, 3209 .encrypt = aead_encrypt, 3210 .decrypt = aead_decrypt, 3211 .ivsize = CTR_RFC3686_IV_SIZE, 3212 .maxauthsize = SHA384_DIGEST_SIZE, 3213 }, 3214 .caam = { 3215 .class1_alg_type = OP_ALG_ALGSEL_AES | 3216 OP_ALG_AAI_CTR_MOD128, 3217 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 3218 OP_ALG_AAI_HMAC_PRECOMP, 3219 .rfc3686 = true, 3220 }, 3221 }, 3222 { 3223 .aead = { 3224 .base = { 3225 .cra_name = "seqiv(authenc(hmac(sha384)," 3226 "rfc3686(ctr(aes))))", 3227 .cra_driver_name = "seqiv-authenc-hmac-sha384-" 3228 "rfc3686-ctr-aes-caam", 3229 .cra_blocksize = 1, 3230 }, 3231 .setkey = aead_setkey, 3232 .setauthsize = aead_setauthsize, 3233 .encrypt = aead_encrypt, 3234 .decrypt = aead_decrypt, 3235 .ivsize = CTR_RFC3686_IV_SIZE, 3236 .maxauthsize = SHA384_DIGEST_SIZE, 3237 }, 3238 .caam = { 3239 .class1_alg_type = OP_ALG_ALGSEL_AES | 3240 OP_ALG_AAI_CTR_MOD128, 3241 .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 3242 OP_ALG_AAI_HMAC_PRECOMP, 3243 .rfc3686 = true, 3244 .geniv = true, 3245 }, 3246 }, 3247 { 3248 .aead = { 3249 .base = { 3250 .cra_name = "authenc(hmac(sha512)," 3251 "rfc3686(ctr(aes)))", 3252 .cra_driver_name = "authenc-hmac-sha512-" 3253 "rfc3686-ctr-aes-caam", 3254 .cra_blocksize = 1, 3255 }, 3256 .setkey = aead_setkey, 3257 .setauthsize = aead_setauthsize, 3258 .encrypt = aead_encrypt, 3259 .decrypt = aead_decrypt, 3260 .ivsize = CTR_RFC3686_IV_SIZE, 3261 .maxauthsize = SHA512_DIGEST_SIZE, 3262 }, 3263 .caam = { 3264 .class1_alg_type = OP_ALG_ALGSEL_AES | 3265 OP_ALG_AAI_CTR_MOD128, 3266 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 3267 OP_ALG_AAI_HMAC_PRECOMP, 3268 .rfc3686 = true, 3269 }, 3270 }, 3271 { 3272 .aead = { 3273 .base = { 3274 .cra_name = "seqiv(authenc(hmac(sha512)," 3275 "rfc3686(ctr(aes))))", 3276 .cra_driver_name = "seqiv-authenc-hmac-sha512-" 3277 "rfc3686-ctr-aes-caam", 3278 .cra_blocksize = 1, 3279 }, 3280 .setkey = aead_setkey, 3281 .setauthsize = aead_setauthsize, 3282 .encrypt = aead_encrypt, 3283 .decrypt = aead_decrypt, 3284 .ivsize = CTR_RFC3686_IV_SIZE, 3285 .maxauthsize = SHA512_DIGEST_SIZE, 3286 }, 3287 .caam = { 3288 .class1_alg_type = OP_ALG_ALGSEL_AES | 3289 OP_ALG_AAI_CTR_MOD128, 3290 .class2_alg_type = OP_ALG_ALGSEL_SHA512 | 3291 OP_ALG_AAI_HMAC_PRECOMP, 3292 .rfc3686 = true, 3293 .geniv = true, 3294 }, 3295 }, 3296 { 3297 .aead = { 3298 .base = { 3299 .cra_name = "rfc7539(chacha20,poly1305)", 3300 .cra_driver_name = "rfc7539-chacha20-poly1305-" 3301 "caam", 3302 .cra_blocksize = 1, 3303 }, 3304 .setkey = chachapoly_setkey, 3305 .setauthsize = chachapoly_setauthsize, 3306 .encrypt = chachapoly_encrypt, 3307 .decrypt = chachapoly_decrypt, 3308 .ivsize = CHACHAPOLY_IV_SIZE, 3309 .maxauthsize = POLY1305_DIGEST_SIZE, 3310 }, 3311 .caam = { 3312 .class1_alg_type = OP_ALG_ALGSEL_CHACHA20 | 3313 OP_ALG_AAI_AEAD, 3314 .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | 3315 OP_ALG_AAI_AEAD, 3316 .nodkp = true, 3317 }, 3318 }, 3319 { 3320 .aead = { 3321 .base = { 3322 .cra_name = "rfc7539esp(chacha20,poly1305)", 3323 .cra_driver_name = "rfc7539esp-chacha20-" 3324 "poly1305-caam", 3325 .cra_blocksize = 1, 3326 }, 3327 .setkey = chachapoly_setkey, 3328 .setauthsize = chachapoly_setauthsize, 3329 .encrypt = chachapoly_encrypt, 3330 .decrypt = chachapoly_decrypt, 3331 .ivsize = 8, 3332 .maxauthsize = POLY1305_DIGEST_SIZE, 3333 }, 3334 .caam = { 3335 .class1_alg_type = OP_ALG_ALGSEL_CHACHA20 | 3336 OP_ALG_AAI_AEAD, 3337 .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | 3338 OP_ALG_AAI_AEAD, 3339 .nodkp = true, 3340 }, 3341 }, 3342 }; 3343 3344 static int caam_init_common(struct caam_ctx *ctx, struct caam_alg_entry *caam, 3345 bool uses_dkp) 3346 { 3347 dma_addr_t dma_addr; 3348 struct caam_drv_private *priv; 3349 const size_t sh_desc_enc_offset = offsetof(struct caam_ctx, 3350 sh_desc_enc); 3351 3352 ctx->jrdev = caam_jr_alloc(); 3353 if (IS_ERR(ctx->jrdev)) { 3354 pr_err("Job Ring Device allocation for transform failed\n"); 3355 return PTR_ERR(ctx->jrdev); 3356 } 3357 3358 priv = dev_get_drvdata(ctx->jrdev->parent); 3359 if (priv->era >= 6 && uses_dkp) 3360 ctx->dir = DMA_BIDIRECTIONAL; 3361 else 3362 ctx->dir = DMA_TO_DEVICE; 3363 3364 dma_addr = dma_map_single_attrs(ctx->jrdev, ctx->sh_desc_enc, 3365 offsetof(struct caam_ctx, 3366 sh_desc_enc_dma) - 3367 sh_desc_enc_offset, 3368 ctx->dir, DMA_ATTR_SKIP_CPU_SYNC); 3369 if (dma_mapping_error(ctx->jrdev, dma_addr)) { 3370 dev_err(ctx->jrdev, "unable to map key, shared descriptors\n"); 3371 caam_jr_free(ctx->jrdev); 3372 return -ENOMEM; 3373 } 3374 3375 ctx->sh_desc_enc_dma = dma_addr; 3376 ctx->sh_desc_dec_dma = dma_addr + offsetof(struct caam_ctx, 3377 sh_desc_dec) - 3378 sh_desc_enc_offset; 3379 ctx->key_dma = dma_addr + offsetof(struct caam_ctx, key) - 3380 sh_desc_enc_offset; 3381 3382 /* copy descriptor header template value */ 3383 ctx->cdata.algtype = OP_TYPE_CLASS1_ALG | caam->class1_alg_type; 3384 ctx->adata.algtype = OP_TYPE_CLASS2_ALG | caam->class2_alg_type; 3385 3386 return 0; 3387 } 3388 3389 static int caam_cra_init(struct crypto_skcipher *tfm) 3390 { 3391 struct skcipher_alg *alg = crypto_skcipher_alg(tfm); 3392 struct caam_skcipher_alg *caam_alg = 3393 container_of(alg, typeof(*caam_alg), skcipher); 3394 struct caam_ctx *ctx = crypto_skcipher_ctx(tfm); 3395 u32 alg_aai = caam_alg->caam.class1_alg_type & OP_ALG_AAI_MASK; 3396 int ret = 0; 3397 3398 ctx->enginectx.op.do_one_request = skcipher_do_one_req; 3399 3400 if (alg_aai == OP_ALG_AAI_XTS) { 3401 const char *tfm_name = crypto_tfm_alg_name(&tfm->base); 3402 struct crypto_skcipher *fallback; 3403 3404 fallback = crypto_alloc_skcipher(tfm_name, 0, 3405 CRYPTO_ALG_NEED_FALLBACK); 3406 if (IS_ERR(fallback)) { 3407 pr_err("Failed to allocate %s fallback: %ld\n", 3408 tfm_name, PTR_ERR(fallback)); 3409 return PTR_ERR(fallback); 3410 } 3411 3412 ctx->fallback = fallback; 3413 crypto_skcipher_set_reqsize(tfm, sizeof(struct caam_skcipher_req_ctx) + 3414 crypto_skcipher_reqsize(fallback)); 3415 } else { 3416 crypto_skcipher_set_reqsize(tfm, sizeof(struct caam_skcipher_req_ctx)); 3417 } 3418 3419 ret = caam_init_common(ctx, &caam_alg->caam, false); 3420 if (ret && ctx->fallback) 3421 crypto_free_skcipher(ctx->fallback); 3422 3423 return ret; 3424 } 3425 3426 static int caam_aead_init(struct crypto_aead *tfm) 3427 { 3428 struct aead_alg *alg = crypto_aead_alg(tfm); 3429 struct caam_aead_alg *caam_alg = 3430 container_of(alg, struct caam_aead_alg, aead); 3431 struct caam_ctx *ctx = crypto_aead_ctx(tfm); 3432 3433 crypto_aead_set_reqsize(tfm, sizeof(struct caam_aead_req_ctx)); 3434 3435 ctx->enginectx.op.do_one_request = aead_do_one_req; 3436 3437 return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp); 3438 } 3439 3440 static void caam_exit_common(struct caam_ctx *ctx) 3441 { 3442 dma_unmap_single_attrs(ctx->jrdev, ctx->sh_desc_enc_dma, 3443 offsetof(struct caam_ctx, sh_desc_enc_dma) - 3444 offsetof(struct caam_ctx, sh_desc_enc), 3445 ctx->dir, DMA_ATTR_SKIP_CPU_SYNC); 3446 caam_jr_free(ctx->jrdev); 3447 } 3448 3449 static void caam_cra_exit(struct crypto_skcipher *tfm) 3450 { 3451 struct caam_ctx *ctx = crypto_skcipher_ctx(tfm); 3452 3453 if (ctx->fallback) 3454 crypto_free_skcipher(ctx->fallback); 3455 caam_exit_common(ctx); 3456 } 3457 3458 static void caam_aead_exit(struct crypto_aead *tfm) 3459 { 3460 caam_exit_common(crypto_aead_ctx(tfm)); 3461 } 3462 3463 void caam_algapi_exit(void) 3464 { 3465 int i; 3466 3467 for (i = 0; i < ARRAY_SIZE(driver_aeads); i++) { 3468 struct caam_aead_alg *t_alg = driver_aeads + i; 3469 3470 if (t_alg->registered) 3471 crypto_unregister_aead(&t_alg->aead); 3472 } 3473 3474 for (i = 0; i < ARRAY_SIZE(driver_algs); i++) { 3475 struct caam_skcipher_alg *t_alg = driver_algs + i; 3476 3477 if (t_alg->registered) 3478 crypto_unregister_skcipher(&t_alg->skcipher); 3479 } 3480 } 3481 3482 static void caam_skcipher_alg_init(struct caam_skcipher_alg *t_alg) 3483 { 3484 struct skcipher_alg *alg = &t_alg->skcipher; 3485 3486 alg->base.cra_module = THIS_MODULE; 3487 alg->base.cra_priority = CAAM_CRA_PRIORITY; 3488 alg->base.cra_ctxsize = sizeof(struct caam_ctx); 3489 alg->base.cra_flags |= (CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | 3490 CRYPTO_ALG_KERN_DRIVER_ONLY); 3491 3492 alg->init = caam_cra_init; 3493 alg->exit = caam_cra_exit; 3494 } 3495 3496 static void caam_aead_alg_init(struct caam_aead_alg *t_alg) 3497 { 3498 struct aead_alg *alg = &t_alg->aead; 3499 3500 alg->base.cra_module = THIS_MODULE; 3501 alg->base.cra_priority = CAAM_CRA_PRIORITY; 3502 alg->base.cra_ctxsize = sizeof(struct caam_ctx); 3503 alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | 3504 CRYPTO_ALG_KERN_DRIVER_ONLY; 3505 3506 alg->init = caam_aead_init; 3507 alg->exit = caam_aead_exit; 3508 } 3509 3510 int caam_algapi_init(struct device *ctrldev) 3511 { 3512 struct caam_drv_private *priv = dev_get_drvdata(ctrldev); 3513 int i = 0, err = 0; 3514 u32 aes_vid, aes_inst, des_inst, md_vid, md_inst, ccha_inst, ptha_inst; 3515 unsigned int md_limit = SHA512_DIGEST_SIZE; 3516 bool registered = false, gcm_support; 3517 3518 /* 3519 * Register crypto algorithms the device supports. 3520 * First, detect presence and attributes of DES, AES, and MD blocks. 3521 */ 3522 if (priv->era < 10) { 3523 u32 cha_vid, cha_inst, aes_rn; 3524 3525 cha_vid = rd_reg32(&priv->ctrl->perfmon.cha_id_ls); 3526 aes_vid = cha_vid & CHA_ID_LS_AES_MASK; 3527 md_vid = (cha_vid & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT; 3528 3529 cha_inst = rd_reg32(&priv->ctrl->perfmon.cha_num_ls); 3530 des_inst = (cha_inst & CHA_ID_LS_DES_MASK) >> 3531 CHA_ID_LS_DES_SHIFT; 3532 aes_inst = cha_inst & CHA_ID_LS_AES_MASK; 3533 md_inst = (cha_inst & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT; 3534 ccha_inst = 0; 3535 ptha_inst = 0; 3536 3537 aes_rn = rd_reg32(&priv->ctrl->perfmon.cha_rev_ls) & 3538 CHA_ID_LS_AES_MASK; 3539 gcm_support = !(aes_vid == CHA_VER_VID_AES_LP && aes_rn < 8); 3540 } else { 3541 u32 aesa, mdha; 3542 3543 aesa = rd_reg32(&priv->ctrl->vreg.aesa); 3544 mdha = rd_reg32(&priv->ctrl->vreg.mdha); 3545 3546 aes_vid = (aesa & CHA_VER_VID_MASK) >> CHA_VER_VID_SHIFT; 3547 md_vid = (mdha & CHA_VER_VID_MASK) >> CHA_VER_VID_SHIFT; 3548 3549 des_inst = rd_reg32(&priv->ctrl->vreg.desa) & CHA_VER_NUM_MASK; 3550 aes_inst = aesa & CHA_VER_NUM_MASK; 3551 md_inst = mdha & CHA_VER_NUM_MASK; 3552 ccha_inst = rd_reg32(&priv->ctrl->vreg.ccha) & CHA_VER_NUM_MASK; 3553 ptha_inst = rd_reg32(&priv->ctrl->vreg.ptha) & CHA_VER_NUM_MASK; 3554 3555 gcm_support = aesa & CHA_VER_MISC_AES_GCM; 3556 } 3557 3558 /* If MD is present, limit digest size based on LP256 */ 3559 if (md_inst && md_vid == CHA_VER_VID_MD_LP256) 3560 md_limit = SHA256_DIGEST_SIZE; 3561 3562 for (i = 0; i < ARRAY_SIZE(driver_algs); i++) { 3563 struct caam_skcipher_alg *t_alg = driver_algs + i; 3564 u32 alg_sel = t_alg->caam.class1_alg_type & OP_ALG_ALGSEL_MASK; 3565 3566 /* Skip DES algorithms if not supported by device */ 3567 if (!des_inst && 3568 ((alg_sel == OP_ALG_ALGSEL_3DES) || 3569 (alg_sel == OP_ALG_ALGSEL_DES))) 3570 continue; 3571 3572 /* Skip AES algorithms if not supported by device */ 3573 if (!aes_inst && (alg_sel == OP_ALG_ALGSEL_AES)) 3574 continue; 3575 3576 /* 3577 * Check support for AES modes not available 3578 * on LP devices. 3579 */ 3580 if (aes_vid == CHA_VER_VID_AES_LP && 3581 (t_alg->caam.class1_alg_type & OP_ALG_AAI_MASK) == 3582 OP_ALG_AAI_XTS) 3583 continue; 3584 3585 caam_skcipher_alg_init(t_alg); 3586 3587 err = crypto_register_skcipher(&t_alg->skcipher); 3588 if (err) { 3589 pr_warn("%s alg registration failed\n", 3590 t_alg->skcipher.base.cra_driver_name); 3591 continue; 3592 } 3593 3594 t_alg->registered = true; 3595 registered = true; 3596 } 3597 3598 for (i = 0; i < ARRAY_SIZE(driver_aeads); i++) { 3599 struct caam_aead_alg *t_alg = driver_aeads + i; 3600 u32 c1_alg_sel = t_alg->caam.class1_alg_type & 3601 OP_ALG_ALGSEL_MASK; 3602 u32 c2_alg_sel = t_alg->caam.class2_alg_type & 3603 OP_ALG_ALGSEL_MASK; 3604 u32 alg_aai = t_alg->caam.class1_alg_type & OP_ALG_AAI_MASK; 3605 3606 /* Skip DES algorithms if not supported by device */ 3607 if (!des_inst && 3608 ((c1_alg_sel == OP_ALG_ALGSEL_3DES) || 3609 (c1_alg_sel == OP_ALG_ALGSEL_DES))) 3610 continue; 3611 3612 /* Skip AES algorithms if not supported by device */ 3613 if (!aes_inst && (c1_alg_sel == OP_ALG_ALGSEL_AES)) 3614 continue; 3615 3616 /* Skip CHACHA20 algorithms if not supported by device */ 3617 if (c1_alg_sel == OP_ALG_ALGSEL_CHACHA20 && !ccha_inst) 3618 continue; 3619 3620 /* Skip POLY1305 algorithms if not supported by device */ 3621 if (c2_alg_sel == OP_ALG_ALGSEL_POLY1305 && !ptha_inst) 3622 continue; 3623 3624 /* Skip GCM algorithms if not supported by device */ 3625 if (c1_alg_sel == OP_ALG_ALGSEL_AES && 3626 alg_aai == OP_ALG_AAI_GCM && !gcm_support) 3627 continue; 3628 3629 /* 3630 * Skip algorithms requiring message digests 3631 * if MD or MD size is not supported by device. 3632 */ 3633 if (is_mdha(c2_alg_sel) && 3634 (!md_inst || t_alg->aead.maxauthsize > md_limit)) 3635 continue; 3636 3637 caam_aead_alg_init(t_alg); 3638 3639 err = crypto_register_aead(&t_alg->aead); 3640 if (err) { 3641 pr_warn("%s alg registration failed\n", 3642 t_alg->aead.base.cra_driver_name); 3643 continue; 3644 } 3645 3646 t_alg->registered = true; 3647 registered = true; 3648 } 3649 3650 if (registered) 3651 pr_info("caam algorithms registered in /proc/crypto\n"); 3652 3653 return err; 3654 } 3655