1 /* 2 * AMD Cryptographic Coprocessor (CCP) AES GCM crypto API support 3 * 4 * Copyright (C) 2016,2017 Advanced Micro Devices, Inc. 5 * 6 * Author: Gary R Hook <gary.hook@amd.com> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License version 2 as 10 * published by the Free Software Foundation. 11 */ 12 13 #include <linux/module.h> 14 #include <linux/sched.h> 15 #include <linux/delay.h> 16 #include <linux/scatterlist.h> 17 #include <linux/crypto.h> 18 #include <crypto/internal/aead.h> 19 #include <crypto/algapi.h> 20 #include <crypto/aes.h> 21 #include <crypto/ctr.h> 22 #include <crypto/gcm.h> 23 #include <crypto/scatterwalk.h> 24 25 #include "ccp-crypto.h" 26 27 static int ccp_aes_gcm_complete(struct crypto_async_request *async_req, int ret) 28 { 29 return ret; 30 } 31 32 static int ccp_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, 33 unsigned int key_len) 34 { 35 struct ccp_ctx *ctx = crypto_aead_ctx(tfm); 36 37 switch (key_len) { 38 case AES_KEYSIZE_128: 39 ctx->u.aes.type = CCP_AES_TYPE_128; 40 break; 41 case AES_KEYSIZE_192: 42 ctx->u.aes.type = CCP_AES_TYPE_192; 43 break; 44 case AES_KEYSIZE_256: 45 ctx->u.aes.type = CCP_AES_TYPE_256; 46 break; 47 default: 48 crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 49 return -EINVAL; 50 } 51 52 ctx->u.aes.mode = CCP_AES_MODE_GCM; 53 ctx->u.aes.key_len = key_len; 54 55 memcpy(ctx->u.aes.key, key, key_len); 56 sg_init_one(&ctx->u.aes.key_sg, ctx->u.aes.key, key_len); 57 58 return 0; 59 } 60 61 static int ccp_aes_gcm_setauthsize(struct crypto_aead *tfm, 62 unsigned int authsize) 63 { 64 return 0; 65 } 66 67 static int ccp_aes_gcm_crypt(struct aead_request *req, bool encrypt) 68 { 69 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 70 struct ccp_ctx *ctx = crypto_aead_ctx(tfm); 71 struct ccp_aes_req_ctx *rctx = aead_request_ctx(req); 72 struct scatterlist *iv_sg = NULL; 73 unsigned int iv_len = 0; 74 int i; 75 int ret = 0; 76 77 if (!ctx->u.aes.key_len) 78 return -EINVAL; 79 80 if (ctx->u.aes.mode != CCP_AES_MODE_GCM) 81 return -EINVAL; 82 83 if (!req->iv) 84 return -EINVAL; 85 86 /* 87 * 5 parts: 88 * plaintext/ciphertext input 89 * AAD 90 * key 91 * IV 92 * Destination+tag buffer 93 */ 94 95 /* Prepare the IV: 12 bytes + an integer (counter) */ 96 memcpy(rctx->iv, req->iv, GCM_AES_IV_SIZE); 97 for (i = 0; i < 3; i++) 98 rctx->iv[i + GCM_AES_IV_SIZE] = 0; 99 rctx->iv[AES_BLOCK_SIZE - 1] = 1; 100 101 /* Set up a scatterlist for the IV */ 102 iv_sg = &rctx->iv_sg; 103 iv_len = AES_BLOCK_SIZE; 104 sg_init_one(iv_sg, rctx->iv, iv_len); 105 106 /* The AAD + plaintext are concatenated in the src buffer */ 107 memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 108 INIT_LIST_HEAD(&rctx->cmd.entry); 109 rctx->cmd.engine = CCP_ENGINE_AES; 110 rctx->cmd.u.aes.type = ctx->u.aes.type; 111 rctx->cmd.u.aes.mode = ctx->u.aes.mode; 112 rctx->cmd.u.aes.action = encrypt; 113 rctx->cmd.u.aes.key = &ctx->u.aes.key_sg; 114 rctx->cmd.u.aes.key_len = ctx->u.aes.key_len; 115 rctx->cmd.u.aes.iv = iv_sg; 116 rctx->cmd.u.aes.iv_len = iv_len; 117 rctx->cmd.u.aes.src = req->src; 118 rctx->cmd.u.aes.src_len = req->cryptlen; 119 rctx->cmd.u.aes.aad_len = req->assoclen; 120 121 /* The cipher text + the tag are in the dst buffer */ 122 rctx->cmd.u.aes.dst = req->dst; 123 124 ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd); 125 126 return ret; 127 } 128 129 static int ccp_aes_gcm_encrypt(struct aead_request *req) 130 { 131 return ccp_aes_gcm_crypt(req, CCP_AES_ACTION_ENCRYPT); 132 } 133 134 static int ccp_aes_gcm_decrypt(struct aead_request *req) 135 { 136 return ccp_aes_gcm_crypt(req, CCP_AES_ACTION_DECRYPT); 137 } 138 139 static int ccp_aes_gcm_cra_init(struct crypto_aead *tfm) 140 { 141 struct ccp_ctx *ctx = crypto_aead_ctx(tfm); 142 143 ctx->complete = ccp_aes_gcm_complete; 144 ctx->u.aes.key_len = 0; 145 146 crypto_aead_set_reqsize(tfm, sizeof(struct ccp_aes_req_ctx)); 147 148 return 0; 149 } 150 151 static void ccp_aes_gcm_cra_exit(struct crypto_tfm *tfm) 152 { 153 } 154 155 static struct aead_alg ccp_aes_gcm_defaults = { 156 .setkey = ccp_aes_gcm_setkey, 157 .setauthsize = ccp_aes_gcm_setauthsize, 158 .encrypt = ccp_aes_gcm_encrypt, 159 .decrypt = ccp_aes_gcm_decrypt, 160 .init = ccp_aes_gcm_cra_init, 161 .ivsize = GCM_AES_IV_SIZE, 162 .maxauthsize = AES_BLOCK_SIZE, 163 .base = { 164 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 165 CRYPTO_ALG_ASYNC | 166 CRYPTO_ALG_KERN_DRIVER_ONLY | 167 CRYPTO_ALG_NEED_FALLBACK, 168 .cra_blocksize = AES_BLOCK_SIZE, 169 .cra_ctxsize = sizeof(struct ccp_ctx), 170 .cra_priority = CCP_CRA_PRIORITY, 171 .cra_type = &crypto_ablkcipher_type, 172 .cra_exit = ccp_aes_gcm_cra_exit, 173 .cra_module = THIS_MODULE, 174 }, 175 }; 176 177 struct ccp_aes_aead_def { 178 enum ccp_aes_mode mode; 179 unsigned int version; 180 const char *name; 181 const char *driver_name; 182 unsigned int blocksize; 183 unsigned int ivsize; 184 struct aead_alg *alg_defaults; 185 }; 186 187 static struct ccp_aes_aead_def aes_aead_algs[] = { 188 { 189 .mode = CCP_AES_MODE_GHASH, 190 .version = CCP_VERSION(5, 0), 191 .name = "gcm(aes)", 192 .driver_name = "gcm-aes-ccp", 193 .blocksize = 1, 194 .ivsize = AES_BLOCK_SIZE, 195 .alg_defaults = &ccp_aes_gcm_defaults, 196 }, 197 }; 198 199 static int ccp_register_aes_aead(struct list_head *head, 200 const struct ccp_aes_aead_def *def) 201 { 202 struct ccp_crypto_aead *ccp_aead; 203 struct aead_alg *alg; 204 int ret; 205 206 ccp_aead = kzalloc(sizeof(*ccp_aead), GFP_KERNEL); 207 if (!ccp_aead) 208 return -ENOMEM; 209 210 INIT_LIST_HEAD(&ccp_aead->entry); 211 212 ccp_aead->mode = def->mode; 213 214 /* Copy the defaults and override as necessary */ 215 alg = &ccp_aead->alg; 216 *alg = *def->alg_defaults; 217 snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name); 218 snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", 219 def->driver_name); 220 alg->base.cra_blocksize = def->blocksize; 221 alg->base.cra_ablkcipher.ivsize = def->ivsize; 222 223 ret = crypto_register_aead(alg); 224 if (ret) { 225 pr_err("%s ablkcipher algorithm registration error (%d)\n", 226 alg->base.cra_name, ret); 227 kfree(ccp_aead); 228 return ret; 229 } 230 231 list_add(&ccp_aead->entry, head); 232 233 return 0; 234 } 235 236 int ccp_register_aes_aeads(struct list_head *head) 237 { 238 int i, ret; 239 unsigned int ccpversion = ccp_version(); 240 241 for (i = 0; i < ARRAY_SIZE(aes_aead_algs); i++) { 242 if (aes_aead_algs[i].version > ccpversion) 243 continue; 244 ret = ccp_register_aes_aead(head, &aes_aead_algs[i]); 245 if (ret) 246 return ret; 247 } 248 249 return 0; 250 } 251