1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2012-2019 ARM Limited (or its affiliates). */ 3 4 #include <linux/kernel.h> 5 #include <linux/module.h> 6 #include <crypto/algapi.h> 7 #include <crypto/internal/aead.h> 8 #include <crypto/authenc.h> 9 #include <crypto/gcm.h> 10 #include <linux/rtnetlink.h> 11 #include <crypto/internal/des.h> 12 #include "cc_driver.h" 13 #include "cc_buffer_mgr.h" 14 #include "cc_aead.h" 15 #include "cc_request_mgr.h" 16 #include "cc_hash.h" 17 #include "cc_sram_mgr.h" 18 19 #define template_aead template_u.aead 20 21 #define MAX_AEAD_SETKEY_SEQ 12 22 #define MAX_AEAD_PROCESS_SEQ 23 23 24 #define MAX_HMAC_DIGEST_SIZE (SHA256_DIGEST_SIZE) 25 #define MAX_HMAC_BLOCK_SIZE (SHA256_BLOCK_SIZE) 26 27 #define MAX_NONCE_SIZE CTR_RFC3686_NONCE_SIZE 28 29 struct cc_aead_handle { 30 u32 sram_workspace_addr; 31 struct list_head aead_list; 32 }; 33 34 struct cc_hmac_s { 35 u8 *padded_authkey; 36 u8 *ipad_opad; /* IPAD, OPAD*/ 37 dma_addr_t padded_authkey_dma_addr; 38 dma_addr_t ipad_opad_dma_addr; 39 }; 40 41 struct cc_xcbc_s { 42 u8 *xcbc_keys; /* K1,K2,K3 */ 43 dma_addr_t xcbc_keys_dma_addr; 44 }; 45 46 struct cc_aead_ctx { 47 struct cc_drvdata *drvdata; 48 u8 ctr_nonce[MAX_NONCE_SIZE]; /* used for ctr3686 iv and aes ccm */ 49 u8 *enckey; 50 dma_addr_t enckey_dma_addr; 51 union { 52 struct cc_hmac_s hmac; 53 struct cc_xcbc_s xcbc; 54 } auth_state; 55 unsigned int enc_keylen; 56 unsigned int auth_keylen; 57 unsigned int authsize; /* Actual (reduced?) size of the MAC/ICv */ 58 unsigned int hash_len; 59 enum drv_cipher_mode cipher_mode; 60 enum cc_flow_mode flow_mode; 61 enum drv_hash_mode auth_mode; 62 }; 63 64 static void cc_aead_exit(struct crypto_aead *tfm) 65 { 66 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 67 struct device *dev = drvdata_to_dev(ctx->drvdata); 68 69 dev_dbg(dev, "Clearing context @%p for %s\n", crypto_aead_ctx(tfm), 70 crypto_tfm_alg_name(&tfm->base)); 71 72 /* Unmap enckey buffer */ 73 if (ctx->enckey) { 74 dma_free_coherent(dev, AES_MAX_KEY_SIZE, ctx->enckey, 75 ctx->enckey_dma_addr); 76 dev_dbg(dev, "Freed enckey DMA buffer enckey_dma_addr=%pad\n", 77 &ctx->enckey_dma_addr); 78 ctx->enckey_dma_addr = 0; 79 ctx->enckey = NULL; 80 } 81 82 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { /* XCBC authetication */ 83 struct cc_xcbc_s *xcbc = &ctx->auth_state.xcbc; 84 85 if (xcbc->xcbc_keys) { 86 dma_free_coherent(dev, CC_AES_128_BIT_KEY_SIZE * 3, 87 xcbc->xcbc_keys, 88 xcbc->xcbc_keys_dma_addr); 89 } 90 dev_dbg(dev, "Freed xcbc_keys DMA buffer xcbc_keys_dma_addr=%pad\n", 91 &xcbc->xcbc_keys_dma_addr); 92 xcbc->xcbc_keys_dma_addr = 0; 93 xcbc->xcbc_keys = NULL; 94 } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC auth. */ 95 struct cc_hmac_s *hmac = &ctx->auth_state.hmac; 96 97 if (hmac->ipad_opad) { 98 dma_free_coherent(dev, 2 * MAX_HMAC_DIGEST_SIZE, 99 hmac->ipad_opad, 100 hmac->ipad_opad_dma_addr); 101 dev_dbg(dev, "Freed ipad_opad DMA buffer ipad_opad_dma_addr=%pad\n", 102 &hmac->ipad_opad_dma_addr); 103 hmac->ipad_opad_dma_addr = 0; 104 hmac->ipad_opad = NULL; 105 } 106 if (hmac->padded_authkey) { 107 dma_free_coherent(dev, MAX_HMAC_BLOCK_SIZE, 108 hmac->padded_authkey, 109 hmac->padded_authkey_dma_addr); 110 dev_dbg(dev, "Freed padded_authkey DMA buffer padded_authkey_dma_addr=%pad\n", 111 &hmac->padded_authkey_dma_addr); 112 hmac->padded_authkey_dma_addr = 0; 113 hmac->padded_authkey = NULL; 114 } 115 } 116 } 117 118 static unsigned int cc_get_aead_hash_len(struct crypto_aead *tfm) 119 { 120 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 121 122 return cc_get_default_hash_len(ctx->drvdata); 123 } 124 125 static int cc_aead_init(struct crypto_aead *tfm) 126 { 127 struct aead_alg *alg = crypto_aead_alg(tfm); 128 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 129 struct cc_crypto_alg *cc_alg = 130 container_of(alg, struct cc_crypto_alg, aead_alg); 131 struct device *dev = drvdata_to_dev(cc_alg->drvdata); 132 133 dev_dbg(dev, "Initializing context @%p for %s\n", ctx, 134 crypto_tfm_alg_name(&tfm->base)); 135 136 /* Initialize modes in instance */ 137 ctx->cipher_mode = cc_alg->cipher_mode; 138 ctx->flow_mode = cc_alg->flow_mode; 139 ctx->auth_mode = cc_alg->auth_mode; 140 ctx->drvdata = cc_alg->drvdata; 141 crypto_aead_set_reqsize(tfm, sizeof(struct aead_req_ctx)); 142 143 /* Allocate key buffer, cache line aligned */ 144 ctx->enckey = dma_alloc_coherent(dev, AES_MAX_KEY_SIZE, 145 &ctx->enckey_dma_addr, GFP_KERNEL); 146 if (!ctx->enckey) { 147 dev_err(dev, "Failed allocating key buffer\n"); 148 goto init_failed; 149 } 150 dev_dbg(dev, "Allocated enckey buffer in context ctx->enckey=@%p\n", 151 ctx->enckey); 152 153 /* Set default authlen value */ 154 155 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { /* XCBC authetication */ 156 struct cc_xcbc_s *xcbc = &ctx->auth_state.xcbc; 157 const unsigned int key_size = CC_AES_128_BIT_KEY_SIZE * 3; 158 159 /* Allocate dma-coherent buffer for XCBC's K1+K2+K3 */ 160 /* (and temporary for user key - up to 256b) */ 161 xcbc->xcbc_keys = dma_alloc_coherent(dev, key_size, 162 &xcbc->xcbc_keys_dma_addr, 163 GFP_KERNEL); 164 if (!xcbc->xcbc_keys) { 165 dev_err(dev, "Failed allocating buffer for XCBC keys\n"); 166 goto init_failed; 167 } 168 } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC authentication */ 169 struct cc_hmac_s *hmac = &ctx->auth_state.hmac; 170 const unsigned int digest_size = 2 * MAX_HMAC_DIGEST_SIZE; 171 dma_addr_t *pkey_dma = &hmac->padded_authkey_dma_addr; 172 173 /* Allocate dma-coherent buffer for IPAD + OPAD */ 174 hmac->ipad_opad = dma_alloc_coherent(dev, digest_size, 175 &hmac->ipad_opad_dma_addr, 176 GFP_KERNEL); 177 178 if (!hmac->ipad_opad) { 179 dev_err(dev, "Failed allocating IPAD/OPAD buffer\n"); 180 goto init_failed; 181 } 182 183 dev_dbg(dev, "Allocated authkey buffer in context ctx->authkey=@%p\n", 184 hmac->ipad_opad); 185 186 hmac->padded_authkey = dma_alloc_coherent(dev, 187 MAX_HMAC_BLOCK_SIZE, 188 pkey_dma, 189 GFP_KERNEL); 190 191 if (!hmac->padded_authkey) { 192 dev_err(dev, "failed to allocate padded_authkey\n"); 193 goto init_failed; 194 } 195 } else { 196 ctx->auth_state.hmac.ipad_opad = NULL; 197 ctx->auth_state.hmac.padded_authkey = NULL; 198 } 199 ctx->hash_len = cc_get_aead_hash_len(tfm); 200 201 return 0; 202 203 init_failed: 204 cc_aead_exit(tfm); 205 return -ENOMEM; 206 } 207 208 static void cc_aead_complete(struct device *dev, void *cc_req, int err) 209 { 210 struct aead_request *areq = (struct aead_request *)cc_req; 211 struct aead_req_ctx *areq_ctx = aead_request_ctx(areq); 212 struct crypto_aead *tfm = crypto_aead_reqtfm(cc_req); 213 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 214 215 /* BACKLOG notification */ 216 if (err == -EINPROGRESS) 217 goto done; 218 219 cc_unmap_aead_request(dev, areq); 220 221 /* Restore ordinary iv pointer */ 222 areq->iv = areq_ctx->backup_iv; 223 224 if (err) 225 goto done; 226 227 if (areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { 228 if (memcmp(areq_ctx->mac_buf, areq_ctx->icv_virt_addr, 229 ctx->authsize) != 0) { 230 dev_dbg(dev, "Payload authentication failure, (auth-size=%d, cipher=%d)\n", 231 ctx->authsize, ctx->cipher_mode); 232 /* In case of payload authentication failure, MUST NOT 233 * revealed the decrypted message --> zero its memory. 234 */ 235 sg_zero_buffer(areq->dst, sg_nents(areq->dst), 236 areq->cryptlen, areq->assoclen); 237 err = -EBADMSG; 238 } 239 /*ENCRYPT*/ 240 } else if (areq_ctx->is_icv_fragmented) { 241 u32 skip = areq->cryptlen + areq_ctx->dst_offset; 242 243 cc_copy_sg_portion(dev, areq_ctx->mac_buf, areq_ctx->dst_sgl, 244 skip, (skip + ctx->authsize), 245 CC_SG_FROM_BUF); 246 } 247 done: 248 aead_request_complete(areq, err); 249 } 250 251 static unsigned int xcbc_setkey(struct cc_hw_desc *desc, 252 struct cc_aead_ctx *ctx) 253 { 254 /* Load the AES key */ 255 hw_desc_init(&desc[0]); 256 /* We are using for the source/user key the same buffer 257 * as for the output keys, * because after this key loading it 258 * is not needed anymore 259 */ 260 set_din_type(&desc[0], DMA_DLLI, 261 ctx->auth_state.xcbc.xcbc_keys_dma_addr, ctx->auth_keylen, 262 NS_BIT); 263 set_cipher_mode(&desc[0], DRV_CIPHER_ECB); 264 set_cipher_config0(&desc[0], DRV_CRYPTO_DIRECTION_ENCRYPT); 265 set_key_size_aes(&desc[0], ctx->auth_keylen); 266 set_flow_mode(&desc[0], S_DIN_to_AES); 267 set_setup_mode(&desc[0], SETUP_LOAD_KEY0); 268 269 hw_desc_init(&desc[1]); 270 set_din_const(&desc[1], 0x01010101, CC_AES_128_BIT_KEY_SIZE); 271 set_flow_mode(&desc[1], DIN_AES_DOUT); 272 set_dout_dlli(&desc[1], ctx->auth_state.xcbc.xcbc_keys_dma_addr, 273 AES_KEYSIZE_128, NS_BIT, 0); 274 275 hw_desc_init(&desc[2]); 276 set_din_const(&desc[2], 0x02020202, CC_AES_128_BIT_KEY_SIZE); 277 set_flow_mode(&desc[2], DIN_AES_DOUT); 278 set_dout_dlli(&desc[2], (ctx->auth_state.xcbc.xcbc_keys_dma_addr 279 + AES_KEYSIZE_128), 280 AES_KEYSIZE_128, NS_BIT, 0); 281 282 hw_desc_init(&desc[3]); 283 set_din_const(&desc[3], 0x03030303, CC_AES_128_BIT_KEY_SIZE); 284 set_flow_mode(&desc[3], DIN_AES_DOUT); 285 set_dout_dlli(&desc[3], (ctx->auth_state.xcbc.xcbc_keys_dma_addr 286 + 2 * AES_KEYSIZE_128), 287 AES_KEYSIZE_128, NS_BIT, 0); 288 289 return 4; 290 } 291 292 static unsigned int hmac_setkey(struct cc_hw_desc *desc, 293 struct cc_aead_ctx *ctx) 294 { 295 unsigned int hmac_pad_const[2] = { HMAC_IPAD_CONST, HMAC_OPAD_CONST }; 296 unsigned int digest_ofs = 0; 297 unsigned int hash_mode = (ctx->auth_mode == DRV_HASH_SHA1) ? 298 DRV_HASH_HW_SHA1 : DRV_HASH_HW_SHA256; 299 unsigned int digest_size = (ctx->auth_mode == DRV_HASH_SHA1) ? 300 CC_SHA1_DIGEST_SIZE : CC_SHA256_DIGEST_SIZE; 301 struct cc_hmac_s *hmac = &ctx->auth_state.hmac; 302 303 unsigned int idx = 0; 304 int i; 305 306 /* calc derived HMAC key */ 307 for (i = 0; i < 2; i++) { 308 /* Load hash initial state */ 309 hw_desc_init(&desc[idx]); 310 set_cipher_mode(&desc[idx], hash_mode); 311 set_din_sram(&desc[idx], 312 cc_larval_digest_addr(ctx->drvdata, 313 ctx->auth_mode), 314 digest_size); 315 set_flow_mode(&desc[idx], S_DIN_to_HASH); 316 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0); 317 idx++; 318 319 /* Load the hash current length*/ 320 hw_desc_init(&desc[idx]); 321 set_cipher_mode(&desc[idx], hash_mode); 322 set_din_const(&desc[idx], 0, ctx->hash_len); 323 set_flow_mode(&desc[idx], S_DIN_to_HASH); 324 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 325 idx++; 326 327 /* Prepare ipad key */ 328 hw_desc_init(&desc[idx]); 329 set_xor_val(&desc[idx], hmac_pad_const[i]); 330 set_cipher_mode(&desc[idx], hash_mode); 331 set_flow_mode(&desc[idx], S_DIN_to_HASH); 332 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1); 333 idx++; 334 335 /* Perform HASH update */ 336 hw_desc_init(&desc[idx]); 337 set_din_type(&desc[idx], DMA_DLLI, 338 hmac->padded_authkey_dma_addr, 339 SHA256_BLOCK_SIZE, NS_BIT); 340 set_cipher_mode(&desc[idx], hash_mode); 341 set_xor_active(&desc[idx]); 342 set_flow_mode(&desc[idx], DIN_HASH); 343 idx++; 344 345 /* Get the digset */ 346 hw_desc_init(&desc[idx]); 347 set_cipher_mode(&desc[idx], hash_mode); 348 set_dout_dlli(&desc[idx], 349 (hmac->ipad_opad_dma_addr + digest_ofs), 350 digest_size, NS_BIT, 0); 351 set_flow_mode(&desc[idx], S_HASH_to_DOUT); 352 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0); 353 set_cipher_config1(&desc[idx], HASH_PADDING_DISABLED); 354 idx++; 355 356 digest_ofs += digest_size; 357 } 358 359 return idx; 360 } 361 362 static int validate_keys_sizes(struct cc_aead_ctx *ctx) 363 { 364 struct device *dev = drvdata_to_dev(ctx->drvdata); 365 366 dev_dbg(dev, "enc_keylen=%u authkeylen=%u\n", 367 ctx->enc_keylen, ctx->auth_keylen); 368 369 switch (ctx->auth_mode) { 370 case DRV_HASH_SHA1: 371 case DRV_HASH_SHA256: 372 break; 373 case DRV_HASH_XCBC_MAC: 374 if (ctx->auth_keylen != AES_KEYSIZE_128 && 375 ctx->auth_keylen != AES_KEYSIZE_192 && 376 ctx->auth_keylen != AES_KEYSIZE_256) 377 return -ENOTSUPP; 378 break; 379 case DRV_HASH_NULL: /* Not authenc (e.g., CCM) - no auth_key) */ 380 if (ctx->auth_keylen > 0) 381 return -EINVAL; 382 break; 383 default: 384 dev_dbg(dev, "Invalid auth_mode=%d\n", ctx->auth_mode); 385 return -EINVAL; 386 } 387 /* Check cipher key size */ 388 if (ctx->flow_mode == S_DIN_to_DES) { 389 if (ctx->enc_keylen != DES3_EDE_KEY_SIZE) { 390 dev_dbg(dev, "Invalid cipher(3DES) key size: %u\n", 391 ctx->enc_keylen); 392 return -EINVAL; 393 } 394 } else { /* Default assumed to be AES ciphers */ 395 if (ctx->enc_keylen != AES_KEYSIZE_128 && 396 ctx->enc_keylen != AES_KEYSIZE_192 && 397 ctx->enc_keylen != AES_KEYSIZE_256) { 398 dev_dbg(dev, "Invalid cipher(AES) key size: %u\n", 399 ctx->enc_keylen); 400 return -EINVAL; 401 } 402 } 403 404 return 0; /* All tests of keys sizes passed */ 405 } 406 407 /* This function prepers the user key so it can pass to the hmac processing 408 * (copy to intenral buffer or hash in case of key longer than block 409 */ 410 static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *authkey, 411 unsigned int keylen) 412 { 413 dma_addr_t key_dma_addr = 0; 414 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 415 struct device *dev = drvdata_to_dev(ctx->drvdata); 416 u32 larval_addr; 417 struct cc_crypto_req cc_req = {}; 418 unsigned int blocksize; 419 unsigned int digestsize; 420 unsigned int hashmode; 421 unsigned int idx = 0; 422 int rc = 0; 423 u8 *key = NULL; 424 struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ]; 425 dma_addr_t padded_authkey_dma_addr = 426 ctx->auth_state.hmac.padded_authkey_dma_addr; 427 428 switch (ctx->auth_mode) { /* auth_key required and >0 */ 429 case DRV_HASH_SHA1: 430 blocksize = SHA1_BLOCK_SIZE; 431 digestsize = SHA1_DIGEST_SIZE; 432 hashmode = DRV_HASH_HW_SHA1; 433 break; 434 case DRV_HASH_SHA256: 435 default: 436 blocksize = SHA256_BLOCK_SIZE; 437 digestsize = SHA256_DIGEST_SIZE; 438 hashmode = DRV_HASH_HW_SHA256; 439 } 440 441 if (keylen != 0) { 442 443 key = kmemdup(authkey, keylen, GFP_KERNEL); 444 if (!key) 445 return -ENOMEM; 446 447 key_dma_addr = dma_map_single(dev, key, keylen, DMA_TO_DEVICE); 448 if (dma_mapping_error(dev, key_dma_addr)) { 449 dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n", 450 key, keylen); 451 kzfree(key); 452 return -ENOMEM; 453 } 454 if (keylen > blocksize) { 455 /* Load hash initial state */ 456 hw_desc_init(&desc[idx]); 457 set_cipher_mode(&desc[idx], hashmode); 458 larval_addr = cc_larval_digest_addr(ctx->drvdata, 459 ctx->auth_mode); 460 set_din_sram(&desc[idx], larval_addr, digestsize); 461 set_flow_mode(&desc[idx], S_DIN_to_HASH); 462 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0); 463 idx++; 464 465 /* Load the hash current length*/ 466 hw_desc_init(&desc[idx]); 467 set_cipher_mode(&desc[idx], hashmode); 468 set_din_const(&desc[idx], 0, ctx->hash_len); 469 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED); 470 set_flow_mode(&desc[idx], S_DIN_to_HASH); 471 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 472 idx++; 473 474 hw_desc_init(&desc[idx]); 475 set_din_type(&desc[idx], DMA_DLLI, 476 key_dma_addr, keylen, NS_BIT); 477 set_flow_mode(&desc[idx], DIN_HASH); 478 idx++; 479 480 /* Get hashed key */ 481 hw_desc_init(&desc[idx]); 482 set_cipher_mode(&desc[idx], hashmode); 483 set_dout_dlli(&desc[idx], padded_authkey_dma_addr, 484 digestsize, NS_BIT, 0); 485 set_flow_mode(&desc[idx], S_HASH_to_DOUT); 486 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0); 487 set_cipher_config1(&desc[idx], HASH_PADDING_DISABLED); 488 set_cipher_config0(&desc[idx], 489 HASH_DIGEST_RESULT_LITTLE_ENDIAN); 490 idx++; 491 492 hw_desc_init(&desc[idx]); 493 set_din_const(&desc[idx], 0, (blocksize - digestsize)); 494 set_flow_mode(&desc[idx], BYPASS); 495 set_dout_dlli(&desc[idx], (padded_authkey_dma_addr + 496 digestsize), (blocksize - digestsize), 497 NS_BIT, 0); 498 idx++; 499 } else { 500 hw_desc_init(&desc[idx]); 501 set_din_type(&desc[idx], DMA_DLLI, key_dma_addr, 502 keylen, NS_BIT); 503 set_flow_mode(&desc[idx], BYPASS); 504 set_dout_dlli(&desc[idx], padded_authkey_dma_addr, 505 keylen, NS_BIT, 0); 506 idx++; 507 508 if ((blocksize - keylen) != 0) { 509 hw_desc_init(&desc[idx]); 510 set_din_const(&desc[idx], 0, 511 (blocksize - keylen)); 512 set_flow_mode(&desc[idx], BYPASS); 513 set_dout_dlli(&desc[idx], 514 (padded_authkey_dma_addr + 515 keylen), 516 (blocksize - keylen), NS_BIT, 0); 517 idx++; 518 } 519 } 520 } else { 521 hw_desc_init(&desc[idx]); 522 set_din_const(&desc[idx], 0, (blocksize - keylen)); 523 set_flow_mode(&desc[idx], BYPASS); 524 set_dout_dlli(&desc[idx], padded_authkey_dma_addr, 525 blocksize, NS_BIT, 0); 526 idx++; 527 } 528 529 rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, idx); 530 if (rc) 531 dev_err(dev, "send_request() failed (rc=%d)\n", rc); 532 533 if (key_dma_addr) 534 dma_unmap_single(dev, key_dma_addr, keylen, DMA_TO_DEVICE); 535 536 kzfree(key); 537 538 return rc; 539 } 540 541 static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key, 542 unsigned int keylen) 543 { 544 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 545 struct cc_crypto_req cc_req = {}; 546 struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ]; 547 unsigned int seq_len = 0; 548 struct device *dev = drvdata_to_dev(ctx->drvdata); 549 const u8 *enckey, *authkey; 550 int rc; 551 552 dev_dbg(dev, "Setting key in context @%p for %s. key=%p keylen=%u\n", 553 ctx, crypto_tfm_alg_name(crypto_aead_tfm(tfm)), key, keylen); 554 555 /* STAT_PHASE_0: Init and sanity checks */ 556 557 if (ctx->auth_mode != DRV_HASH_NULL) { /* authenc() alg. */ 558 struct crypto_authenc_keys keys; 559 560 rc = crypto_authenc_extractkeys(&keys, key, keylen); 561 if (rc) 562 return rc; 563 enckey = keys.enckey; 564 authkey = keys.authkey; 565 ctx->enc_keylen = keys.enckeylen; 566 ctx->auth_keylen = keys.authkeylen; 567 568 if (ctx->cipher_mode == DRV_CIPHER_CTR) { 569 /* the nonce is stored in bytes at end of key */ 570 if (ctx->enc_keylen < 571 (AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE)) 572 return -EINVAL; 573 /* Copy nonce from last 4 bytes in CTR key to 574 * first 4 bytes in CTR IV 575 */ 576 memcpy(ctx->ctr_nonce, enckey + ctx->enc_keylen - 577 CTR_RFC3686_NONCE_SIZE, CTR_RFC3686_NONCE_SIZE); 578 /* Set CTR key size */ 579 ctx->enc_keylen -= CTR_RFC3686_NONCE_SIZE; 580 } 581 } else { /* non-authenc - has just one key */ 582 enckey = key; 583 authkey = NULL; 584 ctx->enc_keylen = keylen; 585 ctx->auth_keylen = 0; 586 } 587 588 rc = validate_keys_sizes(ctx); 589 if (rc) 590 return rc; 591 592 /* STAT_PHASE_1: Copy key to ctx */ 593 594 /* Get key material */ 595 memcpy(ctx->enckey, enckey, ctx->enc_keylen); 596 if (ctx->enc_keylen == 24) 597 memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24); 598 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { 599 memcpy(ctx->auth_state.xcbc.xcbc_keys, authkey, 600 ctx->auth_keylen); 601 } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC */ 602 rc = cc_get_plain_hmac_key(tfm, authkey, ctx->auth_keylen); 603 if (rc) 604 return rc; 605 } 606 607 /* STAT_PHASE_2: Create sequence */ 608 609 switch (ctx->auth_mode) { 610 case DRV_HASH_SHA1: 611 case DRV_HASH_SHA256: 612 seq_len = hmac_setkey(desc, ctx); 613 break; 614 case DRV_HASH_XCBC_MAC: 615 seq_len = xcbc_setkey(desc, ctx); 616 break; 617 case DRV_HASH_NULL: /* non-authenc modes, e.g., CCM */ 618 break; /* No auth. key setup */ 619 default: 620 dev_err(dev, "Unsupported authenc (%d)\n", ctx->auth_mode); 621 return -ENOTSUPP; 622 } 623 624 /* STAT_PHASE_3: Submit sequence to HW */ 625 626 if (seq_len > 0) { /* For CCM there is no sequence to setup the key */ 627 rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, seq_len); 628 if (rc) { 629 dev_err(dev, "send_request() failed (rc=%d)\n", rc); 630 return rc; 631 } 632 } 633 634 /* Update STAT_PHASE_3 */ 635 return rc; 636 } 637 638 static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key, 639 unsigned int keylen) 640 { 641 struct crypto_authenc_keys keys; 642 int err; 643 644 err = crypto_authenc_extractkeys(&keys, key, keylen); 645 if (unlikely(err)) 646 return err; 647 648 err = verify_aead_des3_key(aead, keys.enckey, keys.enckeylen) ?: 649 cc_aead_setkey(aead, key, keylen); 650 651 memzero_explicit(&keys, sizeof(keys)); 652 return err; 653 } 654 655 static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key, 656 unsigned int keylen) 657 { 658 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 659 660 if (keylen < 3) 661 return -EINVAL; 662 663 keylen -= 3; 664 memcpy(ctx->ctr_nonce, key + keylen, 3); 665 666 return cc_aead_setkey(tfm, key, keylen); 667 } 668 669 static int cc_aead_setauthsize(struct crypto_aead *authenc, 670 unsigned int authsize) 671 { 672 struct cc_aead_ctx *ctx = crypto_aead_ctx(authenc); 673 struct device *dev = drvdata_to_dev(ctx->drvdata); 674 675 /* Unsupported auth. sizes */ 676 if (authsize == 0 || 677 authsize > crypto_aead_maxauthsize(authenc)) { 678 return -ENOTSUPP; 679 } 680 681 ctx->authsize = authsize; 682 dev_dbg(dev, "authlen=%d\n", ctx->authsize); 683 684 return 0; 685 } 686 687 static int cc_rfc4309_ccm_setauthsize(struct crypto_aead *authenc, 688 unsigned int authsize) 689 { 690 switch (authsize) { 691 case 8: 692 case 12: 693 case 16: 694 break; 695 default: 696 return -EINVAL; 697 } 698 699 return cc_aead_setauthsize(authenc, authsize); 700 } 701 702 static int cc_ccm_setauthsize(struct crypto_aead *authenc, 703 unsigned int authsize) 704 { 705 switch (authsize) { 706 case 4: 707 case 6: 708 case 8: 709 case 10: 710 case 12: 711 case 14: 712 case 16: 713 break; 714 default: 715 return -EINVAL; 716 } 717 718 return cc_aead_setauthsize(authenc, authsize); 719 } 720 721 static void cc_set_assoc_desc(struct aead_request *areq, unsigned int flow_mode, 722 struct cc_hw_desc desc[], unsigned int *seq_size) 723 { 724 struct crypto_aead *tfm = crypto_aead_reqtfm(areq); 725 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 726 struct aead_req_ctx *areq_ctx = aead_request_ctx(areq); 727 enum cc_req_dma_buf_type assoc_dma_type = areq_ctx->assoc_buff_type; 728 unsigned int idx = *seq_size; 729 struct device *dev = drvdata_to_dev(ctx->drvdata); 730 731 switch (assoc_dma_type) { 732 case CC_DMA_BUF_DLLI: 733 dev_dbg(dev, "ASSOC buffer type DLLI\n"); 734 hw_desc_init(&desc[idx]); 735 set_din_type(&desc[idx], DMA_DLLI, sg_dma_address(areq->src), 736 areq_ctx->assoclen, NS_BIT); 737 set_flow_mode(&desc[idx], flow_mode); 738 if (ctx->auth_mode == DRV_HASH_XCBC_MAC && 739 areq_ctx->cryptlen > 0) 740 set_din_not_last_indication(&desc[idx]); 741 break; 742 case CC_DMA_BUF_MLLI: 743 dev_dbg(dev, "ASSOC buffer type MLLI\n"); 744 hw_desc_init(&desc[idx]); 745 set_din_type(&desc[idx], DMA_MLLI, areq_ctx->assoc.sram_addr, 746 areq_ctx->assoc.mlli_nents, NS_BIT); 747 set_flow_mode(&desc[idx], flow_mode); 748 if (ctx->auth_mode == DRV_HASH_XCBC_MAC && 749 areq_ctx->cryptlen > 0) 750 set_din_not_last_indication(&desc[idx]); 751 break; 752 case CC_DMA_BUF_NULL: 753 default: 754 dev_err(dev, "Invalid ASSOC buffer type\n"); 755 } 756 757 *seq_size = (++idx); 758 } 759 760 static void cc_proc_authen_desc(struct aead_request *areq, 761 unsigned int flow_mode, 762 struct cc_hw_desc desc[], 763 unsigned int *seq_size, int direct) 764 { 765 struct aead_req_ctx *areq_ctx = aead_request_ctx(areq); 766 enum cc_req_dma_buf_type data_dma_type = areq_ctx->data_buff_type; 767 unsigned int idx = *seq_size; 768 struct crypto_aead *tfm = crypto_aead_reqtfm(areq); 769 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 770 struct device *dev = drvdata_to_dev(ctx->drvdata); 771 772 switch (data_dma_type) { 773 case CC_DMA_BUF_DLLI: 774 { 775 struct scatterlist *cipher = 776 (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) ? 777 areq_ctx->dst_sgl : areq_ctx->src_sgl; 778 779 unsigned int offset = 780 (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) ? 781 areq_ctx->dst_offset : areq_ctx->src_offset; 782 dev_dbg(dev, "AUTHENC: SRC/DST buffer type DLLI\n"); 783 hw_desc_init(&desc[idx]); 784 set_din_type(&desc[idx], DMA_DLLI, 785 (sg_dma_address(cipher) + offset), 786 areq_ctx->cryptlen, NS_BIT); 787 set_flow_mode(&desc[idx], flow_mode); 788 break; 789 } 790 case CC_DMA_BUF_MLLI: 791 { 792 /* DOUBLE-PASS flow (as default) 793 * assoc. + iv + data -compact in one table 794 * if assoclen is ZERO only IV perform 795 */ 796 u32 mlli_addr = areq_ctx->assoc.sram_addr; 797 u32 mlli_nents = areq_ctx->assoc.mlli_nents; 798 799 if (areq_ctx->is_single_pass) { 800 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) { 801 mlli_addr = areq_ctx->dst.sram_addr; 802 mlli_nents = areq_ctx->dst.mlli_nents; 803 } else { 804 mlli_addr = areq_ctx->src.sram_addr; 805 mlli_nents = areq_ctx->src.mlli_nents; 806 } 807 } 808 809 dev_dbg(dev, "AUTHENC: SRC/DST buffer type MLLI\n"); 810 hw_desc_init(&desc[idx]); 811 set_din_type(&desc[idx], DMA_MLLI, mlli_addr, mlli_nents, 812 NS_BIT); 813 set_flow_mode(&desc[idx], flow_mode); 814 break; 815 } 816 case CC_DMA_BUF_NULL: 817 default: 818 dev_err(dev, "AUTHENC: Invalid SRC/DST buffer type\n"); 819 } 820 821 *seq_size = (++idx); 822 } 823 824 static void cc_proc_cipher_desc(struct aead_request *areq, 825 unsigned int flow_mode, 826 struct cc_hw_desc desc[], 827 unsigned int *seq_size) 828 { 829 unsigned int idx = *seq_size; 830 struct aead_req_ctx *areq_ctx = aead_request_ctx(areq); 831 enum cc_req_dma_buf_type data_dma_type = areq_ctx->data_buff_type; 832 struct crypto_aead *tfm = crypto_aead_reqtfm(areq); 833 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 834 struct device *dev = drvdata_to_dev(ctx->drvdata); 835 836 if (areq_ctx->cryptlen == 0) 837 return; /*null processing*/ 838 839 switch (data_dma_type) { 840 case CC_DMA_BUF_DLLI: 841 dev_dbg(dev, "CIPHER: SRC/DST buffer type DLLI\n"); 842 hw_desc_init(&desc[idx]); 843 set_din_type(&desc[idx], DMA_DLLI, 844 (sg_dma_address(areq_ctx->src_sgl) + 845 areq_ctx->src_offset), areq_ctx->cryptlen, 846 NS_BIT); 847 set_dout_dlli(&desc[idx], 848 (sg_dma_address(areq_ctx->dst_sgl) + 849 areq_ctx->dst_offset), 850 areq_ctx->cryptlen, NS_BIT, 0); 851 set_flow_mode(&desc[idx], flow_mode); 852 break; 853 case CC_DMA_BUF_MLLI: 854 dev_dbg(dev, "CIPHER: SRC/DST buffer type MLLI\n"); 855 hw_desc_init(&desc[idx]); 856 set_din_type(&desc[idx], DMA_MLLI, areq_ctx->src.sram_addr, 857 areq_ctx->src.mlli_nents, NS_BIT); 858 set_dout_mlli(&desc[idx], areq_ctx->dst.sram_addr, 859 areq_ctx->dst.mlli_nents, NS_BIT, 0); 860 set_flow_mode(&desc[idx], flow_mode); 861 break; 862 case CC_DMA_BUF_NULL: 863 default: 864 dev_err(dev, "CIPHER: Invalid SRC/DST buffer type\n"); 865 } 866 867 *seq_size = (++idx); 868 } 869 870 static void cc_proc_digest_desc(struct aead_request *req, 871 struct cc_hw_desc desc[], 872 unsigned int *seq_size) 873 { 874 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 875 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 876 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 877 unsigned int idx = *seq_size; 878 unsigned int hash_mode = (ctx->auth_mode == DRV_HASH_SHA1) ? 879 DRV_HASH_HW_SHA1 : DRV_HASH_HW_SHA256; 880 int direct = req_ctx->gen_ctx.op_type; 881 882 /* Get final ICV result */ 883 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) { 884 hw_desc_init(&desc[idx]); 885 set_flow_mode(&desc[idx], S_HASH_to_DOUT); 886 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0); 887 set_dout_dlli(&desc[idx], req_ctx->icv_dma_addr, ctx->authsize, 888 NS_BIT, 1); 889 set_queue_last_ind(ctx->drvdata, &desc[idx]); 890 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { 891 set_aes_not_hash_mode(&desc[idx]); 892 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC); 893 } else { 894 set_cipher_config0(&desc[idx], 895 HASH_DIGEST_RESULT_LITTLE_ENDIAN); 896 set_cipher_mode(&desc[idx], hash_mode); 897 } 898 } else { /*Decrypt*/ 899 /* Get ICV out from hardware */ 900 hw_desc_init(&desc[idx]); 901 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0); 902 set_flow_mode(&desc[idx], S_HASH_to_DOUT); 903 set_dout_dlli(&desc[idx], req_ctx->mac_buf_dma_addr, 904 ctx->authsize, NS_BIT, 1); 905 set_queue_last_ind(ctx->drvdata, &desc[idx]); 906 set_cipher_config0(&desc[idx], 907 HASH_DIGEST_RESULT_LITTLE_ENDIAN); 908 set_cipher_config1(&desc[idx], HASH_PADDING_DISABLED); 909 if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { 910 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC); 911 set_aes_not_hash_mode(&desc[idx]); 912 } else { 913 set_cipher_mode(&desc[idx], hash_mode); 914 } 915 } 916 917 *seq_size = (++idx); 918 } 919 920 static void cc_set_cipher_desc(struct aead_request *req, 921 struct cc_hw_desc desc[], 922 unsigned int *seq_size) 923 { 924 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 925 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 926 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 927 unsigned int hw_iv_size = req_ctx->hw_iv_size; 928 unsigned int idx = *seq_size; 929 int direct = req_ctx->gen_ctx.op_type; 930 931 /* Setup cipher state */ 932 hw_desc_init(&desc[idx]); 933 set_cipher_config0(&desc[idx], direct); 934 set_flow_mode(&desc[idx], ctx->flow_mode); 935 set_din_type(&desc[idx], DMA_DLLI, req_ctx->gen_ctx.iv_dma_addr, 936 hw_iv_size, NS_BIT); 937 if (ctx->cipher_mode == DRV_CIPHER_CTR) 938 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1); 939 else 940 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0); 941 set_cipher_mode(&desc[idx], ctx->cipher_mode); 942 idx++; 943 944 /* Setup enc. key */ 945 hw_desc_init(&desc[idx]); 946 set_cipher_config0(&desc[idx], direct); 947 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 948 set_flow_mode(&desc[idx], ctx->flow_mode); 949 if (ctx->flow_mode == S_DIN_to_AES) { 950 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr, 951 ((ctx->enc_keylen == 24) ? CC_AES_KEY_SIZE_MAX : 952 ctx->enc_keylen), NS_BIT); 953 set_key_size_aes(&desc[idx], ctx->enc_keylen); 954 } else { 955 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr, 956 ctx->enc_keylen, NS_BIT); 957 set_key_size_des(&desc[idx], ctx->enc_keylen); 958 } 959 set_cipher_mode(&desc[idx], ctx->cipher_mode); 960 idx++; 961 962 *seq_size = idx; 963 } 964 965 static void cc_proc_cipher(struct aead_request *req, struct cc_hw_desc desc[], 966 unsigned int *seq_size, unsigned int data_flow_mode) 967 { 968 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 969 int direct = req_ctx->gen_ctx.op_type; 970 unsigned int idx = *seq_size; 971 972 if (req_ctx->cryptlen == 0) 973 return; /*null processing*/ 974 975 cc_set_cipher_desc(req, desc, &idx); 976 cc_proc_cipher_desc(req, data_flow_mode, desc, &idx); 977 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) { 978 /* We must wait for DMA to write all cipher */ 979 hw_desc_init(&desc[idx]); 980 set_din_no_dma(&desc[idx], 0, 0xfffff0); 981 set_dout_no_dma(&desc[idx], 0, 0, 1); 982 idx++; 983 } 984 985 *seq_size = idx; 986 } 987 988 static void cc_set_hmac_desc(struct aead_request *req, struct cc_hw_desc desc[], 989 unsigned int *seq_size) 990 { 991 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 992 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 993 unsigned int hash_mode = (ctx->auth_mode == DRV_HASH_SHA1) ? 994 DRV_HASH_HW_SHA1 : DRV_HASH_HW_SHA256; 995 unsigned int digest_size = (ctx->auth_mode == DRV_HASH_SHA1) ? 996 CC_SHA1_DIGEST_SIZE : CC_SHA256_DIGEST_SIZE; 997 unsigned int idx = *seq_size; 998 999 /* Loading hash ipad xor key state */ 1000 hw_desc_init(&desc[idx]); 1001 set_cipher_mode(&desc[idx], hash_mode); 1002 set_din_type(&desc[idx], DMA_DLLI, 1003 ctx->auth_state.hmac.ipad_opad_dma_addr, digest_size, 1004 NS_BIT); 1005 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1006 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0); 1007 idx++; 1008 1009 /* Load init. digest len (64 bytes) */ 1010 hw_desc_init(&desc[idx]); 1011 set_cipher_mode(&desc[idx], hash_mode); 1012 set_din_sram(&desc[idx], cc_digest_len_addr(ctx->drvdata, hash_mode), 1013 ctx->hash_len); 1014 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1015 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1016 idx++; 1017 1018 *seq_size = idx; 1019 } 1020 1021 static void cc_set_xcbc_desc(struct aead_request *req, struct cc_hw_desc desc[], 1022 unsigned int *seq_size) 1023 { 1024 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1025 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1026 unsigned int idx = *seq_size; 1027 1028 /* Loading MAC state */ 1029 hw_desc_init(&desc[idx]); 1030 set_din_const(&desc[idx], 0, CC_AES_BLOCK_SIZE); 1031 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0); 1032 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC); 1033 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT); 1034 set_key_size_aes(&desc[idx], CC_AES_128_BIT_KEY_SIZE); 1035 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1036 set_aes_not_hash_mode(&desc[idx]); 1037 idx++; 1038 1039 /* Setup XCBC MAC K1 */ 1040 hw_desc_init(&desc[idx]); 1041 set_din_type(&desc[idx], DMA_DLLI, 1042 ctx->auth_state.xcbc.xcbc_keys_dma_addr, 1043 AES_KEYSIZE_128, NS_BIT); 1044 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1045 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC); 1046 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT); 1047 set_key_size_aes(&desc[idx], CC_AES_128_BIT_KEY_SIZE); 1048 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1049 set_aes_not_hash_mode(&desc[idx]); 1050 idx++; 1051 1052 /* Setup XCBC MAC K2 */ 1053 hw_desc_init(&desc[idx]); 1054 set_din_type(&desc[idx], DMA_DLLI, 1055 (ctx->auth_state.xcbc.xcbc_keys_dma_addr + 1056 AES_KEYSIZE_128), AES_KEYSIZE_128, NS_BIT); 1057 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1); 1058 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC); 1059 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT); 1060 set_key_size_aes(&desc[idx], CC_AES_128_BIT_KEY_SIZE); 1061 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1062 set_aes_not_hash_mode(&desc[idx]); 1063 idx++; 1064 1065 /* Setup XCBC MAC K3 */ 1066 hw_desc_init(&desc[idx]); 1067 set_din_type(&desc[idx], DMA_DLLI, 1068 (ctx->auth_state.xcbc.xcbc_keys_dma_addr + 1069 2 * AES_KEYSIZE_128), AES_KEYSIZE_128, NS_BIT); 1070 set_setup_mode(&desc[idx], SETUP_LOAD_STATE2); 1071 set_cipher_mode(&desc[idx], DRV_CIPHER_XCBC_MAC); 1072 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT); 1073 set_key_size_aes(&desc[idx], CC_AES_128_BIT_KEY_SIZE); 1074 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1075 set_aes_not_hash_mode(&desc[idx]); 1076 idx++; 1077 1078 *seq_size = idx; 1079 } 1080 1081 static void cc_proc_header_desc(struct aead_request *req, 1082 struct cc_hw_desc desc[], 1083 unsigned int *seq_size) 1084 { 1085 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 1086 unsigned int idx = *seq_size; 1087 1088 /* Hash associated data */ 1089 if (areq_ctx->assoclen > 0) 1090 cc_set_assoc_desc(req, DIN_HASH, desc, &idx); 1091 1092 /* Hash IV */ 1093 *seq_size = idx; 1094 } 1095 1096 static void cc_proc_scheme_desc(struct aead_request *req, 1097 struct cc_hw_desc desc[], 1098 unsigned int *seq_size) 1099 { 1100 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1101 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1102 struct cc_aead_handle *aead_handle = ctx->drvdata->aead_handle; 1103 unsigned int hash_mode = (ctx->auth_mode == DRV_HASH_SHA1) ? 1104 DRV_HASH_HW_SHA1 : DRV_HASH_HW_SHA256; 1105 unsigned int digest_size = (ctx->auth_mode == DRV_HASH_SHA1) ? 1106 CC_SHA1_DIGEST_SIZE : CC_SHA256_DIGEST_SIZE; 1107 unsigned int idx = *seq_size; 1108 1109 hw_desc_init(&desc[idx]); 1110 set_cipher_mode(&desc[idx], hash_mode); 1111 set_dout_sram(&desc[idx], aead_handle->sram_workspace_addr, 1112 ctx->hash_len); 1113 set_flow_mode(&desc[idx], S_HASH_to_DOUT); 1114 set_setup_mode(&desc[idx], SETUP_WRITE_STATE1); 1115 set_cipher_do(&desc[idx], DO_PAD); 1116 idx++; 1117 1118 /* Get final ICV result */ 1119 hw_desc_init(&desc[idx]); 1120 set_dout_sram(&desc[idx], aead_handle->sram_workspace_addr, 1121 digest_size); 1122 set_flow_mode(&desc[idx], S_HASH_to_DOUT); 1123 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0); 1124 set_cipher_config0(&desc[idx], HASH_DIGEST_RESULT_LITTLE_ENDIAN); 1125 set_cipher_mode(&desc[idx], hash_mode); 1126 idx++; 1127 1128 /* Loading hash opad xor key state */ 1129 hw_desc_init(&desc[idx]); 1130 set_cipher_mode(&desc[idx], hash_mode); 1131 set_din_type(&desc[idx], DMA_DLLI, 1132 (ctx->auth_state.hmac.ipad_opad_dma_addr + digest_size), 1133 digest_size, NS_BIT); 1134 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1135 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0); 1136 idx++; 1137 1138 /* Load init. digest len (64 bytes) */ 1139 hw_desc_init(&desc[idx]); 1140 set_cipher_mode(&desc[idx], hash_mode); 1141 set_din_sram(&desc[idx], cc_digest_len_addr(ctx->drvdata, hash_mode), 1142 ctx->hash_len); 1143 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED); 1144 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1145 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1146 idx++; 1147 1148 /* Perform HASH update */ 1149 hw_desc_init(&desc[idx]); 1150 set_din_sram(&desc[idx], aead_handle->sram_workspace_addr, 1151 digest_size); 1152 set_flow_mode(&desc[idx], DIN_HASH); 1153 idx++; 1154 1155 *seq_size = idx; 1156 } 1157 1158 static void cc_mlli_to_sram(struct aead_request *req, 1159 struct cc_hw_desc desc[], unsigned int *seq_size) 1160 { 1161 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1162 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1163 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1164 struct device *dev = drvdata_to_dev(ctx->drvdata); 1165 1166 if ((req_ctx->assoc_buff_type == CC_DMA_BUF_MLLI || 1167 req_ctx->data_buff_type == CC_DMA_BUF_MLLI || 1168 !req_ctx->is_single_pass) && req_ctx->mlli_params.mlli_len) { 1169 dev_dbg(dev, "Copy-to-sram: mlli_dma=%08x, mlli_size=%u\n", 1170 ctx->drvdata->mlli_sram_addr, 1171 req_ctx->mlli_params.mlli_len); 1172 /* Copy MLLI table host-to-sram */ 1173 hw_desc_init(&desc[*seq_size]); 1174 set_din_type(&desc[*seq_size], DMA_DLLI, 1175 req_ctx->mlli_params.mlli_dma_addr, 1176 req_ctx->mlli_params.mlli_len, NS_BIT); 1177 set_dout_sram(&desc[*seq_size], 1178 ctx->drvdata->mlli_sram_addr, 1179 req_ctx->mlli_params.mlli_len); 1180 set_flow_mode(&desc[*seq_size], BYPASS); 1181 (*seq_size)++; 1182 } 1183 } 1184 1185 static enum cc_flow_mode cc_get_data_flow(enum drv_crypto_direction direct, 1186 enum cc_flow_mode setup_flow_mode, 1187 bool is_single_pass) 1188 { 1189 enum cc_flow_mode data_flow_mode; 1190 1191 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) { 1192 if (setup_flow_mode == S_DIN_to_AES) 1193 data_flow_mode = is_single_pass ? 1194 AES_to_HASH_and_DOUT : DIN_AES_DOUT; 1195 else 1196 data_flow_mode = is_single_pass ? 1197 DES_to_HASH_and_DOUT : DIN_DES_DOUT; 1198 } else { /* Decrypt */ 1199 if (setup_flow_mode == S_DIN_to_AES) 1200 data_flow_mode = is_single_pass ? 1201 AES_and_HASH : DIN_AES_DOUT; 1202 else 1203 data_flow_mode = is_single_pass ? 1204 DES_and_HASH : DIN_DES_DOUT; 1205 } 1206 1207 return data_flow_mode; 1208 } 1209 1210 static void cc_hmac_authenc(struct aead_request *req, struct cc_hw_desc desc[], 1211 unsigned int *seq_size) 1212 { 1213 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1214 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1215 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1216 int direct = req_ctx->gen_ctx.op_type; 1217 unsigned int data_flow_mode = 1218 cc_get_data_flow(direct, ctx->flow_mode, 1219 req_ctx->is_single_pass); 1220 1221 if (req_ctx->is_single_pass) { 1222 /* 1223 * Single-pass flow 1224 */ 1225 cc_set_hmac_desc(req, desc, seq_size); 1226 cc_set_cipher_desc(req, desc, seq_size); 1227 cc_proc_header_desc(req, desc, seq_size); 1228 cc_proc_cipher_desc(req, data_flow_mode, desc, seq_size); 1229 cc_proc_scheme_desc(req, desc, seq_size); 1230 cc_proc_digest_desc(req, desc, seq_size); 1231 return; 1232 } 1233 1234 /* 1235 * Double-pass flow 1236 * Fallback for unsupported single-pass modes, 1237 * i.e. using assoc. data of non-word-multiple 1238 */ 1239 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) { 1240 /* encrypt first.. */ 1241 cc_proc_cipher(req, desc, seq_size, data_flow_mode); 1242 /* authenc after..*/ 1243 cc_set_hmac_desc(req, desc, seq_size); 1244 cc_proc_authen_desc(req, DIN_HASH, desc, seq_size, direct); 1245 cc_proc_scheme_desc(req, desc, seq_size); 1246 cc_proc_digest_desc(req, desc, seq_size); 1247 1248 } else { /*DECRYPT*/ 1249 /* authenc first..*/ 1250 cc_set_hmac_desc(req, desc, seq_size); 1251 cc_proc_authen_desc(req, DIN_HASH, desc, seq_size, direct); 1252 cc_proc_scheme_desc(req, desc, seq_size); 1253 /* decrypt after.. */ 1254 cc_proc_cipher(req, desc, seq_size, data_flow_mode); 1255 /* read the digest result with setting the completion bit 1256 * must be after the cipher operation 1257 */ 1258 cc_proc_digest_desc(req, desc, seq_size); 1259 } 1260 } 1261 1262 static void 1263 cc_xcbc_authenc(struct aead_request *req, struct cc_hw_desc desc[], 1264 unsigned int *seq_size) 1265 { 1266 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1267 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1268 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1269 int direct = req_ctx->gen_ctx.op_type; 1270 unsigned int data_flow_mode = 1271 cc_get_data_flow(direct, ctx->flow_mode, 1272 req_ctx->is_single_pass); 1273 1274 if (req_ctx->is_single_pass) { 1275 /* 1276 * Single-pass flow 1277 */ 1278 cc_set_xcbc_desc(req, desc, seq_size); 1279 cc_set_cipher_desc(req, desc, seq_size); 1280 cc_proc_header_desc(req, desc, seq_size); 1281 cc_proc_cipher_desc(req, data_flow_mode, desc, seq_size); 1282 cc_proc_digest_desc(req, desc, seq_size); 1283 return; 1284 } 1285 1286 /* 1287 * Double-pass flow 1288 * Fallback for unsupported single-pass modes, 1289 * i.e. using assoc. data of non-word-multiple 1290 */ 1291 if (direct == DRV_CRYPTO_DIRECTION_ENCRYPT) { 1292 /* encrypt first.. */ 1293 cc_proc_cipher(req, desc, seq_size, data_flow_mode); 1294 /* authenc after.. */ 1295 cc_set_xcbc_desc(req, desc, seq_size); 1296 cc_proc_authen_desc(req, DIN_HASH, desc, seq_size, direct); 1297 cc_proc_digest_desc(req, desc, seq_size); 1298 } else { /*DECRYPT*/ 1299 /* authenc first.. */ 1300 cc_set_xcbc_desc(req, desc, seq_size); 1301 cc_proc_authen_desc(req, DIN_HASH, desc, seq_size, direct); 1302 /* decrypt after..*/ 1303 cc_proc_cipher(req, desc, seq_size, data_flow_mode); 1304 /* read the digest result with setting the completion bit 1305 * must be after the cipher operation 1306 */ 1307 cc_proc_digest_desc(req, desc, seq_size); 1308 } 1309 } 1310 1311 static int validate_data_size(struct cc_aead_ctx *ctx, 1312 enum drv_crypto_direction direct, 1313 struct aead_request *req) 1314 { 1315 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 1316 struct device *dev = drvdata_to_dev(ctx->drvdata); 1317 unsigned int assoclen = areq_ctx->assoclen; 1318 unsigned int cipherlen = (direct == DRV_CRYPTO_DIRECTION_DECRYPT) ? 1319 (req->cryptlen - ctx->authsize) : req->cryptlen; 1320 1321 if (direct == DRV_CRYPTO_DIRECTION_DECRYPT && 1322 req->cryptlen < ctx->authsize) 1323 goto data_size_err; 1324 1325 areq_ctx->is_single_pass = true; /*defaulted to fast flow*/ 1326 1327 switch (ctx->flow_mode) { 1328 case S_DIN_to_AES: 1329 if (ctx->cipher_mode == DRV_CIPHER_CBC && 1330 !IS_ALIGNED(cipherlen, AES_BLOCK_SIZE)) 1331 goto data_size_err; 1332 if (ctx->cipher_mode == DRV_CIPHER_CCM) 1333 break; 1334 if (ctx->cipher_mode == DRV_CIPHER_GCTR) { 1335 if (areq_ctx->plaintext_authenticate_only) 1336 areq_ctx->is_single_pass = false; 1337 break; 1338 } 1339 1340 if (!IS_ALIGNED(assoclen, sizeof(u32))) 1341 areq_ctx->is_single_pass = false; 1342 1343 if (ctx->cipher_mode == DRV_CIPHER_CTR && 1344 !IS_ALIGNED(cipherlen, sizeof(u32))) 1345 areq_ctx->is_single_pass = false; 1346 1347 break; 1348 case S_DIN_to_DES: 1349 if (!IS_ALIGNED(cipherlen, DES_BLOCK_SIZE)) 1350 goto data_size_err; 1351 if (!IS_ALIGNED(assoclen, DES_BLOCK_SIZE)) 1352 areq_ctx->is_single_pass = false; 1353 break; 1354 default: 1355 dev_err(dev, "Unexpected flow mode (%d)\n", ctx->flow_mode); 1356 goto data_size_err; 1357 } 1358 1359 return 0; 1360 1361 data_size_err: 1362 return -EINVAL; 1363 } 1364 1365 static unsigned int format_ccm_a0(u8 *pa0_buff, u32 header_size) 1366 { 1367 unsigned int len = 0; 1368 1369 if (header_size == 0) 1370 return 0; 1371 1372 if (header_size < ((1UL << 16) - (1UL << 8))) { 1373 len = 2; 1374 1375 pa0_buff[0] = (header_size >> 8) & 0xFF; 1376 pa0_buff[1] = header_size & 0xFF; 1377 } else { 1378 len = 6; 1379 1380 pa0_buff[0] = 0xFF; 1381 pa0_buff[1] = 0xFE; 1382 pa0_buff[2] = (header_size >> 24) & 0xFF; 1383 pa0_buff[3] = (header_size >> 16) & 0xFF; 1384 pa0_buff[4] = (header_size >> 8) & 0xFF; 1385 pa0_buff[5] = header_size & 0xFF; 1386 } 1387 1388 return len; 1389 } 1390 1391 static int set_msg_len(u8 *block, unsigned int msglen, unsigned int csize) 1392 { 1393 __be32 data; 1394 1395 memset(block, 0, csize); 1396 block += csize; 1397 1398 if (csize >= 4) 1399 csize = 4; 1400 else if (msglen > (1 << (8 * csize))) 1401 return -EOVERFLOW; 1402 1403 data = cpu_to_be32(msglen); 1404 memcpy(block - csize, (u8 *)&data + 4 - csize, csize); 1405 1406 return 0; 1407 } 1408 1409 static int cc_ccm(struct aead_request *req, struct cc_hw_desc desc[], 1410 unsigned int *seq_size) 1411 { 1412 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1413 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1414 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1415 unsigned int idx = *seq_size; 1416 unsigned int cipher_flow_mode; 1417 dma_addr_t mac_result; 1418 1419 if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { 1420 cipher_flow_mode = AES_to_HASH_and_DOUT; 1421 mac_result = req_ctx->mac_buf_dma_addr; 1422 } else { /* Encrypt */ 1423 cipher_flow_mode = AES_and_HASH; 1424 mac_result = req_ctx->icv_dma_addr; 1425 } 1426 1427 /* load key */ 1428 hw_desc_init(&desc[idx]); 1429 set_cipher_mode(&desc[idx], DRV_CIPHER_CTR); 1430 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr, 1431 ((ctx->enc_keylen == 24) ? CC_AES_KEY_SIZE_MAX : 1432 ctx->enc_keylen), NS_BIT); 1433 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1434 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1435 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT); 1436 set_flow_mode(&desc[idx], S_DIN_to_AES); 1437 idx++; 1438 1439 /* load ctr state */ 1440 hw_desc_init(&desc[idx]); 1441 set_cipher_mode(&desc[idx], DRV_CIPHER_CTR); 1442 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1443 set_din_type(&desc[idx], DMA_DLLI, 1444 req_ctx->gen_ctx.iv_dma_addr, AES_BLOCK_SIZE, NS_BIT); 1445 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT); 1446 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1); 1447 set_flow_mode(&desc[idx], S_DIN_to_AES); 1448 idx++; 1449 1450 /* load MAC key */ 1451 hw_desc_init(&desc[idx]); 1452 set_cipher_mode(&desc[idx], DRV_CIPHER_CBC_MAC); 1453 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr, 1454 ((ctx->enc_keylen == 24) ? CC_AES_KEY_SIZE_MAX : 1455 ctx->enc_keylen), NS_BIT); 1456 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1457 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1458 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT); 1459 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1460 set_aes_not_hash_mode(&desc[idx]); 1461 idx++; 1462 1463 /* load MAC state */ 1464 hw_desc_init(&desc[idx]); 1465 set_cipher_mode(&desc[idx], DRV_CIPHER_CBC_MAC); 1466 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1467 set_din_type(&desc[idx], DMA_DLLI, req_ctx->mac_buf_dma_addr, 1468 AES_BLOCK_SIZE, NS_BIT); 1469 set_cipher_config0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT); 1470 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0); 1471 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1472 set_aes_not_hash_mode(&desc[idx]); 1473 idx++; 1474 1475 /* process assoc data */ 1476 if (req_ctx->assoclen > 0) { 1477 cc_set_assoc_desc(req, DIN_HASH, desc, &idx); 1478 } else { 1479 hw_desc_init(&desc[idx]); 1480 set_din_type(&desc[idx], DMA_DLLI, 1481 sg_dma_address(&req_ctx->ccm_adata_sg), 1482 AES_BLOCK_SIZE + req_ctx->ccm_hdr_size, NS_BIT); 1483 set_flow_mode(&desc[idx], DIN_HASH); 1484 idx++; 1485 } 1486 1487 /* process the cipher */ 1488 if (req_ctx->cryptlen) 1489 cc_proc_cipher_desc(req, cipher_flow_mode, desc, &idx); 1490 1491 /* Read temporal MAC */ 1492 hw_desc_init(&desc[idx]); 1493 set_cipher_mode(&desc[idx], DRV_CIPHER_CBC_MAC); 1494 set_dout_dlli(&desc[idx], req_ctx->mac_buf_dma_addr, ctx->authsize, 1495 NS_BIT, 0); 1496 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0); 1497 set_cipher_config0(&desc[idx], HASH_DIGEST_RESULT_LITTLE_ENDIAN); 1498 set_flow_mode(&desc[idx], S_HASH_to_DOUT); 1499 set_aes_not_hash_mode(&desc[idx]); 1500 idx++; 1501 1502 /* load AES-CTR state (for last MAC calculation)*/ 1503 hw_desc_init(&desc[idx]); 1504 set_cipher_mode(&desc[idx], DRV_CIPHER_CTR); 1505 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT); 1506 set_din_type(&desc[idx], DMA_DLLI, req_ctx->ccm_iv0_dma_addr, 1507 AES_BLOCK_SIZE, NS_BIT); 1508 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1509 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1); 1510 set_flow_mode(&desc[idx], S_DIN_to_AES); 1511 idx++; 1512 1513 hw_desc_init(&desc[idx]); 1514 set_din_no_dma(&desc[idx], 0, 0xfffff0); 1515 set_dout_no_dma(&desc[idx], 0, 0, 1); 1516 idx++; 1517 1518 /* encrypt the "T" value and store MAC in mac_state */ 1519 hw_desc_init(&desc[idx]); 1520 set_din_type(&desc[idx], DMA_DLLI, req_ctx->mac_buf_dma_addr, 1521 ctx->authsize, NS_BIT); 1522 set_dout_dlli(&desc[idx], mac_result, ctx->authsize, NS_BIT, 1); 1523 set_queue_last_ind(ctx->drvdata, &desc[idx]); 1524 set_flow_mode(&desc[idx], DIN_AES_DOUT); 1525 idx++; 1526 1527 *seq_size = idx; 1528 return 0; 1529 } 1530 1531 static int config_ccm_adata(struct aead_request *req) 1532 { 1533 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1534 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1535 struct device *dev = drvdata_to_dev(ctx->drvdata); 1536 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1537 //unsigned int size_of_a = 0, rem_a_size = 0; 1538 unsigned int lp = req->iv[0]; 1539 /* Note: The code assume that req->iv[0] already contains the value 1540 * of L' of RFC3610 1541 */ 1542 unsigned int l = lp + 1; /* This is L' of RFC 3610. */ 1543 unsigned int m = ctx->authsize; /* This is M' of RFC 3610. */ 1544 u8 *b0 = req_ctx->ccm_config + CCM_B0_OFFSET; 1545 u8 *a0 = req_ctx->ccm_config + CCM_A0_OFFSET; 1546 u8 *ctr_count_0 = req_ctx->ccm_config + CCM_CTR_COUNT_0_OFFSET; 1547 unsigned int cryptlen = (req_ctx->gen_ctx.op_type == 1548 DRV_CRYPTO_DIRECTION_ENCRYPT) ? 1549 req->cryptlen : 1550 (req->cryptlen - ctx->authsize); 1551 int rc; 1552 1553 memset(req_ctx->mac_buf, 0, AES_BLOCK_SIZE); 1554 memset(req_ctx->ccm_config, 0, AES_BLOCK_SIZE * 3); 1555 1556 /* taken from crypto/ccm.c */ 1557 /* 2 <= L <= 8, so 1 <= L' <= 7. */ 1558 if (l < 2 || l > 8) { 1559 dev_dbg(dev, "illegal iv value %X\n", req->iv[0]); 1560 return -EINVAL; 1561 } 1562 memcpy(b0, req->iv, AES_BLOCK_SIZE); 1563 1564 /* format control info per RFC 3610 and 1565 * NIST Special Publication 800-38C 1566 */ 1567 *b0 |= (8 * ((m - 2) / 2)); 1568 if (req_ctx->assoclen > 0) 1569 *b0 |= 64; /* Enable bit 6 if Adata exists. */ 1570 1571 rc = set_msg_len(b0 + 16 - l, cryptlen, l); /* Write L'. */ 1572 if (rc) { 1573 dev_err(dev, "message len overflow detected"); 1574 return rc; 1575 } 1576 /* END of "taken from crypto/ccm.c" */ 1577 1578 /* l(a) - size of associated data. */ 1579 req_ctx->ccm_hdr_size = format_ccm_a0(a0, req_ctx->assoclen); 1580 1581 memset(req->iv + 15 - req->iv[0], 0, req->iv[0] + 1); 1582 req->iv[15] = 1; 1583 1584 memcpy(ctr_count_0, req->iv, AES_BLOCK_SIZE); 1585 ctr_count_0[15] = 0; 1586 1587 return 0; 1588 } 1589 1590 static void cc_proc_rfc4309_ccm(struct aead_request *req) 1591 { 1592 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1593 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1594 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 1595 1596 /* L' */ 1597 memset(areq_ctx->ctr_iv, 0, AES_BLOCK_SIZE); 1598 /* For RFC 4309, always use 4 bytes for message length 1599 * (at most 2^32-1 bytes). 1600 */ 1601 areq_ctx->ctr_iv[0] = 3; 1602 1603 /* In RFC 4309 there is an 11-bytes nonce+IV part, 1604 * that we build here. 1605 */ 1606 memcpy(areq_ctx->ctr_iv + CCM_BLOCK_NONCE_OFFSET, ctx->ctr_nonce, 1607 CCM_BLOCK_NONCE_SIZE); 1608 memcpy(areq_ctx->ctr_iv + CCM_BLOCK_IV_OFFSET, req->iv, 1609 CCM_BLOCK_IV_SIZE); 1610 req->iv = areq_ctx->ctr_iv; 1611 } 1612 1613 static void cc_set_ghash_desc(struct aead_request *req, 1614 struct cc_hw_desc desc[], unsigned int *seq_size) 1615 { 1616 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1617 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1618 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1619 unsigned int idx = *seq_size; 1620 1621 /* load key to AES*/ 1622 hw_desc_init(&desc[idx]); 1623 set_cipher_mode(&desc[idx], DRV_CIPHER_ECB); 1624 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT); 1625 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr, 1626 ctx->enc_keylen, NS_BIT); 1627 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1628 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1629 set_flow_mode(&desc[idx], S_DIN_to_AES); 1630 idx++; 1631 1632 /* process one zero block to generate hkey */ 1633 hw_desc_init(&desc[idx]); 1634 set_din_const(&desc[idx], 0x0, AES_BLOCK_SIZE); 1635 set_dout_dlli(&desc[idx], req_ctx->hkey_dma_addr, AES_BLOCK_SIZE, 1636 NS_BIT, 0); 1637 set_flow_mode(&desc[idx], DIN_AES_DOUT); 1638 idx++; 1639 1640 /* Memory Barrier */ 1641 hw_desc_init(&desc[idx]); 1642 set_din_no_dma(&desc[idx], 0, 0xfffff0); 1643 set_dout_no_dma(&desc[idx], 0, 0, 1); 1644 idx++; 1645 1646 /* Load GHASH subkey */ 1647 hw_desc_init(&desc[idx]); 1648 set_din_type(&desc[idx], DMA_DLLI, req_ctx->hkey_dma_addr, 1649 AES_BLOCK_SIZE, NS_BIT); 1650 set_dout_no_dma(&desc[idx], 0, 0, 1); 1651 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1652 set_aes_not_hash_mode(&desc[idx]); 1653 set_cipher_mode(&desc[idx], DRV_HASH_HW_GHASH); 1654 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED); 1655 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1656 idx++; 1657 1658 /* Configure Hash Engine to work with GHASH. 1659 * Since it was not possible to extend HASH submodes to add GHASH, 1660 * The following command is necessary in order to 1661 * select GHASH (according to HW designers) 1662 */ 1663 hw_desc_init(&desc[idx]); 1664 set_din_no_dma(&desc[idx], 0, 0xfffff0); 1665 set_dout_no_dma(&desc[idx], 0, 0, 1); 1666 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1667 set_aes_not_hash_mode(&desc[idx]); 1668 set_cipher_mode(&desc[idx], DRV_HASH_HW_GHASH); 1669 set_cipher_do(&desc[idx], 1); //1=AES_SK RKEK 1670 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT); 1671 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED); 1672 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1673 idx++; 1674 1675 /* Load GHASH initial STATE (which is 0). (for any hash there is an 1676 * initial state) 1677 */ 1678 hw_desc_init(&desc[idx]); 1679 set_din_const(&desc[idx], 0x0, AES_BLOCK_SIZE); 1680 set_dout_no_dma(&desc[idx], 0, 0, 1); 1681 set_flow_mode(&desc[idx], S_DIN_to_HASH); 1682 set_aes_not_hash_mode(&desc[idx]); 1683 set_cipher_mode(&desc[idx], DRV_HASH_HW_GHASH); 1684 set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED); 1685 set_setup_mode(&desc[idx], SETUP_LOAD_STATE0); 1686 idx++; 1687 1688 *seq_size = idx; 1689 } 1690 1691 static void cc_set_gctr_desc(struct aead_request *req, struct cc_hw_desc desc[], 1692 unsigned int *seq_size) 1693 { 1694 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1695 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1696 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1697 unsigned int idx = *seq_size; 1698 1699 /* load key to AES*/ 1700 hw_desc_init(&desc[idx]); 1701 set_cipher_mode(&desc[idx], DRV_CIPHER_GCTR); 1702 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT); 1703 set_din_type(&desc[idx], DMA_DLLI, ctx->enckey_dma_addr, 1704 ctx->enc_keylen, NS_BIT); 1705 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1706 set_setup_mode(&desc[idx], SETUP_LOAD_KEY0); 1707 set_flow_mode(&desc[idx], S_DIN_to_AES); 1708 idx++; 1709 1710 if (req_ctx->cryptlen && !req_ctx->plaintext_authenticate_only) { 1711 /* load AES/CTR initial CTR value inc by 2*/ 1712 hw_desc_init(&desc[idx]); 1713 set_cipher_mode(&desc[idx], DRV_CIPHER_GCTR); 1714 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1715 set_din_type(&desc[idx], DMA_DLLI, 1716 req_ctx->gcm_iv_inc2_dma_addr, AES_BLOCK_SIZE, 1717 NS_BIT); 1718 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT); 1719 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1); 1720 set_flow_mode(&desc[idx], S_DIN_to_AES); 1721 idx++; 1722 } 1723 1724 *seq_size = idx; 1725 } 1726 1727 static void cc_proc_gcm_result(struct aead_request *req, 1728 struct cc_hw_desc desc[], 1729 unsigned int *seq_size) 1730 { 1731 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1732 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1733 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1734 dma_addr_t mac_result; 1735 unsigned int idx = *seq_size; 1736 1737 if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { 1738 mac_result = req_ctx->mac_buf_dma_addr; 1739 } else { /* Encrypt */ 1740 mac_result = req_ctx->icv_dma_addr; 1741 } 1742 1743 /* process(ghash) gcm_block_len */ 1744 hw_desc_init(&desc[idx]); 1745 set_din_type(&desc[idx], DMA_DLLI, req_ctx->gcm_block_len_dma_addr, 1746 AES_BLOCK_SIZE, NS_BIT); 1747 set_flow_mode(&desc[idx], DIN_HASH); 1748 idx++; 1749 1750 /* Store GHASH state after GHASH(Associated Data + Cipher +LenBlock) */ 1751 hw_desc_init(&desc[idx]); 1752 set_cipher_mode(&desc[idx], DRV_HASH_HW_GHASH); 1753 set_din_no_dma(&desc[idx], 0, 0xfffff0); 1754 set_dout_dlli(&desc[idx], req_ctx->mac_buf_dma_addr, AES_BLOCK_SIZE, 1755 NS_BIT, 0); 1756 set_setup_mode(&desc[idx], SETUP_WRITE_STATE0); 1757 set_flow_mode(&desc[idx], S_HASH_to_DOUT); 1758 set_aes_not_hash_mode(&desc[idx]); 1759 1760 idx++; 1761 1762 /* load AES/CTR initial CTR value inc by 1*/ 1763 hw_desc_init(&desc[idx]); 1764 set_cipher_mode(&desc[idx], DRV_CIPHER_GCTR); 1765 set_key_size_aes(&desc[idx], ctx->enc_keylen); 1766 set_din_type(&desc[idx], DMA_DLLI, req_ctx->gcm_iv_inc1_dma_addr, 1767 AES_BLOCK_SIZE, NS_BIT); 1768 set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT); 1769 set_setup_mode(&desc[idx], SETUP_LOAD_STATE1); 1770 set_flow_mode(&desc[idx], S_DIN_to_AES); 1771 idx++; 1772 1773 /* Memory Barrier */ 1774 hw_desc_init(&desc[idx]); 1775 set_din_no_dma(&desc[idx], 0, 0xfffff0); 1776 set_dout_no_dma(&desc[idx], 0, 0, 1); 1777 idx++; 1778 1779 /* process GCTR on stored GHASH and store MAC in mac_state*/ 1780 hw_desc_init(&desc[idx]); 1781 set_cipher_mode(&desc[idx], DRV_CIPHER_GCTR); 1782 set_din_type(&desc[idx], DMA_DLLI, req_ctx->mac_buf_dma_addr, 1783 AES_BLOCK_SIZE, NS_BIT); 1784 set_dout_dlli(&desc[idx], mac_result, ctx->authsize, NS_BIT, 1); 1785 set_queue_last_ind(ctx->drvdata, &desc[idx]); 1786 set_flow_mode(&desc[idx], DIN_AES_DOUT); 1787 idx++; 1788 1789 *seq_size = idx; 1790 } 1791 1792 static int cc_gcm(struct aead_request *req, struct cc_hw_desc desc[], 1793 unsigned int *seq_size) 1794 { 1795 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1796 unsigned int cipher_flow_mode; 1797 1798 //in RFC4543 no data to encrypt. just copy data from src to dest. 1799 if (req_ctx->plaintext_authenticate_only) { 1800 cc_proc_cipher_desc(req, BYPASS, desc, seq_size); 1801 cc_set_ghash_desc(req, desc, seq_size); 1802 /* process(ghash) assoc data */ 1803 cc_set_assoc_desc(req, DIN_HASH, desc, seq_size); 1804 cc_set_gctr_desc(req, desc, seq_size); 1805 cc_proc_gcm_result(req, desc, seq_size); 1806 return 0; 1807 } 1808 1809 if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { 1810 cipher_flow_mode = AES_and_HASH; 1811 } else { /* Encrypt */ 1812 cipher_flow_mode = AES_to_HASH_and_DOUT; 1813 } 1814 1815 // for gcm and rfc4106. 1816 cc_set_ghash_desc(req, desc, seq_size); 1817 /* process(ghash) assoc data */ 1818 if (req_ctx->assoclen > 0) 1819 cc_set_assoc_desc(req, DIN_HASH, desc, seq_size); 1820 cc_set_gctr_desc(req, desc, seq_size); 1821 /* process(gctr+ghash) */ 1822 if (req_ctx->cryptlen) 1823 cc_proc_cipher_desc(req, cipher_flow_mode, desc, seq_size); 1824 cc_proc_gcm_result(req, desc, seq_size); 1825 1826 return 0; 1827 } 1828 1829 static int config_gcm_context(struct aead_request *req) 1830 { 1831 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1832 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1833 struct aead_req_ctx *req_ctx = aead_request_ctx(req); 1834 struct device *dev = drvdata_to_dev(ctx->drvdata); 1835 1836 unsigned int cryptlen = (req_ctx->gen_ctx.op_type == 1837 DRV_CRYPTO_DIRECTION_ENCRYPT) ? 1838 req->cryptlen : 1839 (req->cryptlen - ctx->authsize); 1840 __be32 counter = cpu_to_be32(2); 1841 1842 dev_dbg(dev, "%s() cryptlen = %d, req_ctx->assoclen = %d ctx->authsize = %d\n", 1843 __func__, cryptlen, req_ctx->assoclen, ctx->authsize); 1844 1845 memset(req_ctx->hkey, 0, AES_BLOCK_SIZE); 1846 1847 memset(req_ctx->mac_buf, 0, AES_BLOCK_SIZE); 1848 1849 memcpy(req->iv + 12, &counter, 4); 1850 memcpy(req_ctx->gcm_iv_inc2, req->iv, 16); 1851 1852 counter = cpu_to_be32(1); 1853 memcpy(req->iv + 12, &counter, 4); 1854 memcpy(req_ctx->gcm_iv_inc1, req->iv, 16); 1855 1856 if (!req_ctx->plaintext_authenticate_only) { 1857 __be64 temp64; 1858 1859 temp64 = cpu_to_be64(req_ctx->assoclen * 8); 1860 memcpy(&req_ctx->gcm_len_block.len_a, &temp64, sizeof(temp64)); 1861 temp64 = cpu_to_be64(cryptlen * 8); 1862 memcpy(&req_ctx->gcm_len_block.len_c, &temp64, 8); 1863 } else { 1864 /* rfc4543=> all data(AAD,IV,Plain) are considered additional 1865 * data that is nothing is encrypted. 1866 */ 1867 __be64 temp64; 1868 1869 temp64 = cpu_to_be64((req_ctx->assoclen + cryptlen) * 8); 1870 memcpy(&req_ctx->gcm_len_block.len_a, &temp64, sizeof(temp64)); 1871 temp64 = 0; 1872 memcpy(&req_ctx->gcm_len_block.len_c, &temp64, 8); 1873 } 1874 1875 return 0; 1876 } 1877 1878 static void cc_proc_rfc4_gcm(struct aead_request *req) 1879 { 1880 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1881 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1882 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 1883 1884 memcpy(areq_ctx->ctr_iv + GCM_BLOCK_RFC4_NONCE_OFFSET, 1885 ctx->ctr_nonce, GCM_BLOCK_RFC4_NONCE_SIZE); 1886 memcpy(areq_ctx->ctr_iv + GCM_BLOCK_RFC4_IV_OFFSET, req->iv, 1887 GCM_BLOCK_RFC4_IV_SIZE); 1888 req->iv = areq_ctx->ctr_iv; 1889 } 1890 1891 static int cc_proc_aead(struct aead_request *req, 1892 enum drv_crypto_direction direct) 1893 { 1894 int rc = 0; 1895 int seq_len = 0; 1896 struct cc_hw_desc desc[MAX_AEAD_PROCESS_SEQ]; 1897 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1898 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 1899 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 1900 struct device *dev = drvdata_to_dev(ctx->drvdata); 1901 struct cc_crypto_req cc_req = {}; 1902 1903 dev_dbg(dev, "%s context=%p req=%p iv=%p src=%p src_ofs=%d dst=%p dst_ofs=%d cryptolen=%d\n", 1904 ((direct == DRV_CRYPTO_DIRECTION_ENCRYPT) ? "Enc" : "Dec"), 1905 ctx, req, req->iv, sg_virt(req->src), req->src->offset, 1906 sg_virt(req->dst), req->dst->offset, req->cryptlen); 1907 1908 /* STAT_PHASE_0: Init and sanity checks */ 1909 1910 /* Check data length according to mode */ 1911 if (validate_data_size(ctx, direct, req)) { 1912 dev_err(dev, "Unsupported crypt/assoc len %d/%d.\n", 1913 req->cryptlen, areq_ctx->assoclen); 1914 return -EINVAL; 1915 } 1916 1917 /* Setup request structure */ 1918 cc_req.user_cb = cc_aead_complete; 1919 cc_req.user_arg = req; 1920 1921 /* Setup request context */ 1922 areq_ctx->gen_ctx.op_type = direct; 1923 areq_ctx->req_authsize = ctx->authsize; 1924 areq_ctx->cipher_mode = ctx->cipher_mode; 1925 1926 /* STAT_PHASE_1: Map buffers */ 1927 1928 if (ctx->cipher_mode == DRV_CIPHER_CTR) { 1929 /* Build CTR IV - Copy nonce from last 4 bytes in 1930 * CTR key to first 4 bytes in CTR IV 1931 */ 1932 memcpy(areq_ctx->ctr_iv, ctx->ctr_nonce, 1933 CTR_RFC3686_NONCE_SIZE); 1934 memcpy(areq_ctx->ctr_iv + CTR_RFC3686_NONCE_SIZE, req->iv, 1935 CTR_RFC3686_IV_SIZE); 1936 /* Initialize counter portion of counter block */ 1937 *(__be32 *)(areq_ctx->ctr_iv + CTR_RFC3686_NONCE_SIZE + 1938 CTR_RFC3686_IV_SIZE) = cpu_to_be32(1); 1939 1940 /* Replace with counter iv */ 1941 req->iv = areq_ctx->ctr_iv; 1942 areq_ctx->hw_iv_size = CTR_RFC3686_BLOCK_SIZE; 1943 } else if ((ctx->cipher_mode == DRV_CIPHER_CCM) || 1944 (ctx->cipher_mode == DRV_CIPHER_GCTR)) { 1945 areq_ctx->hw_iv_size = AES_BLOCK_SIZE; 1946 if (areq_ctx->ctr_iv != req->iv) { 1947 memcpy(areq_ctx->ctr_iv, req->iv, 1948 crypto_aead_ivsize(tfm)); 1949 req->iv = areq_ctx->ctr_iv; 1950 } 1951 } else { 1952 areq_ctx->hw_iv_size = crypto_aead_ivsize(tfm); 1953 } 1954 1955 if (ctx->cipher_mode == DRV_CIPHER_CCM) { 1956 rc = config_ccm_adata(req); 1957 if (rc) { 1958 dev_dbg(dev, "config_ccm_adata() returned with a failure %d!", 1959 rc); 1960 goto exit; 1961 } 1962 } else { 1963 areq_ctx->ccm_hdr_size = ccm_header_size_null; 1964 } 1965 1966 if (ctx->cipher_mode == DRV_CIPHER_GCTR) { 1967 rc = config_gcm_context(req); 1968 if (rc) { 1969 dev_dbg(dev, "config_gcm_context() returned with a failure %d!", 1970 rc); 1971 goto exit; 1972 } 1973 } 1974 1975 rc = cc_map_aead_request(ctx->drvdata, req); 1976 if (rc) { 1977 dev_err(dev, "map_request() failed\n"); 1978 goto exit; 1979 } 1980 1981 /* STAT_PHASE_2: Create sequence */ 1982 1983 /* Load MLLI tables to SRAM if necessary */ 1984 cc_mlli_to_sram(req, desc, &seq_len); 1985 1986 switch (ctx->auth_mode) { 1987 case DRV_HASH_SHA1: 1988 case DRV_HASH_SHA256: 1989 cc_hmac_authenc(req, desc, &seq_len); 1990 break; 1991 case DRV_HASH_XCBC_MAC: 1992 cc_xcbc_authenc(req, desc, &seq_len); 1993 break; 1994 case DRV_HASH_NULL: 1995 if (ctx->cipher_mode == DRV_CIPHER_CCM) 1996 cc_ccm(req, desc, &seq_len); 1997 if (ctx->cipher_mode == DRV_CIPHER_GCTR) 1998 cc_gcm(req, desc, &seq_len); 1999 break; 2000 default: 2001 dev_err(dev, "Unsupported authenc (%d)\n", ctx->auth_mode); 2002 cc_unmap_aead_request(dev, req); 2003 rc = -ENOTSUPP; 2004 goto exit; 2005 } 2006 2007 /* STAT_PHASE_3: Lock HW and push sequence */ 2008 2009 rc = cc_send_request(ctx->drvdata, &cc_req, desc, seq_len, &req->base); 2010 2011 if (rc != -EINPROGRESS && rc != -EBUSY) { 2012 dev_err(dev, "send_request() failed (rc=%d)\n", rc); 2013 cc_unmap_aead_request(dev, req); 2014 } 2015 2016 exit: 2017 return rc; 2018 } 2019 2020 static int cc_aead_encrypt(struct aead_request *req) 2021 { 2022 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 2023 int rc; 2024 2025 memset(areq_ctx, 0, sizeof(*areq_ctx)); 2026 2027 /* No generated IV required */ 2028 areq_ctx->backup_iv = req->iv; 2029 areq_ctx->assoclen = req->assoclen; 2030 2031 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT); 2032 if (rc != -EINPROGRESS && rc != -EBUSY) 2033 req->iv = areq_ctx->backup_iv; 2034 2035 return rc; 2036 } 2037 2038 static int cc_rfc4309_ccm_encrypt(struct aead_request *req) 2039 { 2040 /* Very similar to cc_aead_encrypt() above. */ 2041 2042 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 2043 int rc; 2044 2045 rc = crypto_ipsec_check_assoclen(req->assoclen); 2046 if (rc) 2047 goto out; 2048 2049 memset(areq_ctx, 0, sizeof(*areq_ctx)); 2050 2051 /* No generated IV required */ 2052 areq_ctx->backup_iv = req->iv; 2053 areq_ctx->assoclen = req->assoclen - CCM_BLOCK_IV_SIZE; 2054 2055 cc_proc_rfc4309_ccm(req); 2056 2057 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT); 2058 if (rc != -EINPROGRESS && rc != -EBUSY) 2059 req->iv = areq_ctx->backup_iv; 2060 out: 2061 return rc; 2062 } 2063 2064 static int cc_aead_decrypt(struct aead_request *req) 2065 { 2066 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 2067 int rc; 2068 2069 memset(areq_ctx, 0, sizeof(*areq_ctx)); 2070 2071 /* No generated IV required */ 2072 areq_ctx->backup_iv = req->iv; 2073 areq_ctx->assoclen = req->assoclen; 2074 2075 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT); 2076 if (rc != -EINPROGRESS && rc != -EBUSY) 2077 req->iv = areq_ctx->backup_iv; 2078 2079 return rc; 2080 } 2081 2082 static int cc_rfc4309_ccm_decrypt(struct aead_request *req) 2083 { 2084 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 2085 int rc; 2086 2087 rc = crypto_ipsec_check_assoclen(req->assoclen); 2088 if (rc) 2089 goto out; 2090 2091 memset(areq_ctx, 0, sizeof(*areq_ctx)); 2092 2093 /* No generated IV required */ 2094 areq_ctx->backup_iv = req->iv; 2095 areq_ctx->assoclen = req->assoclen - CCM_BLOCK_IV_SIZE; 2096 2097 cc_proc_rfc4309_ccm(req); 2098 2099 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT); 2100 if (rc != -EINPROGRESS && rc != -EBUSY) 2101 req->iv = areq_ctx->backup_iv; 2102 2103 out: 2104 return rc; 2105 } 2106 2107 static int cc_rfc4106_gcm_setkey(struct crypto_aead *tfm, const u8 *key, 2108 unsigned int keylen) 2109 { 2110 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 2111 struct device *dev = drvdata_to_dev(ctx->drvdata); 2112 2113 dev_dbg(dev, "%s() keylen %d, key %p\n", __func__, keylen, key); 2114 2115 if (keylen < 4) 2116 return -EINVAL; 2117 2118 keylen -= 4; 2119 memcpy(ctx->ctr_nonce, key + keylen, 4); 2120 2121 return cc_aead_setkey(tfm, key, keylen); 2122 } 2123 2124 static int cc_rfc4543_gcm_setkey(struct crypto_aead *tfm, const u8 *key, 2125 unsigned int keylen) 2126 { 2127 struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); 2128 struct device *dev = drvdata_to_dev(ctx->drvdata); 2129 2130 dev_dbg(dev, "%s() keylen %d, key %p\n", __func__, keylen, key); 2131 2132 if (keylen < 4) 2133 return -EINVAL; 2134 2135 keylen -= 4; 2136 memcpy(ctx->ctr_nonce, key + keylen, 4); 2137 2138 return cc_aead_setkey(tfm, key, keylen); 2139 } 2140 2141 static int cc_gcm_setauthsize(struct crypto_aead *authenc, 2142 unsigned int authsize) 2143 { 2144 switch (authsize) { 2145 case 4: 2146 case 8: 2147 case 12: 2148 case 13: 2149 case 14: 2150 case 15: 2151 case 16: 2152 break; 2153 default: 2154 return -EINVAL; 2155 } 2156 2157 return cc_aead_setauthsize(authenc, authsize); 2158 } 2159 2160 static int cc_rfc4106_gcm_setauthsize(struct crypto_aead *authenc, 2161 unsigned int authsize) 2162 { 2163 struct cc_aead_ctx *ctx = crypto_aead_ctx(authenc); 2164 struct device *dev = drvdata_to_dev(ctx->drvdata); 2165 2166 dev_dbg(dev, "authsize %d\n", authsize); 2167 2168 switch (authsize) { 2169 case 8: 2170 case 12: 2171 case 16: 2172 break; 2173 default: 2174 return -EINVAL; 2175 } 2176 2177 return cc_aead_setauthsize(authenc, authsize); 2178 } 2179 2180 static int cc_rfc4543_gcm_setauthsize(struct crypto_aead *authenc, 2181 unsigned int authsize) 2182 { 2183 struct cc_aead_ctx *ctx = crypto_aead_ctx(authenc); 2184 struct device *dev = drvdata_to_dev(ctx->drvdata); 2185 2186 dev_dbg(dev, "authsize %d\n", authsize); 2187 2188 if (authsize != 16) 2189 return -EINVAL; 2190 2191 return cc_aead_setauthsize(authenc, authsize); 2192 } 2193 2194 static int cc_rfc4106_gcm_encrypt(struct aead_request *req) 2195 { 2196 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 2197 int rc; 2198 2199 rc = crypto_ipsec_check_assoclen(req->assoclen); 2200 if (rc) 2201 goto out; 2202 2203 memset(areq_ctx, 0, sizeof(*areq_ctx)); 2204 2205 /* No generated IV required */ 2206 areq_ctx->backup_iv = req->iv; 2207 areq_ctx->assoclen = req->assoclen - GCM_BLOCK_RFC4_IV_SIZE; 2208 2209 cc_proc_rfc4_gcm(req); 2210 2211 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT); 2212 if (rc != -EINPROGRESS && rc != -EBUSY) 2213 req->iv = areq_ctx->backup_iv; 2214 out: 2215 return rc; 2216 } 2217 2218 static int cc_rfc4543_gcm_encrypt(struct aead_request *req) 2219 { 2220 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 2221 int rc; 2222 2223 rc = crypto_ipsec_check_assoclen(req->assoclen); 2224 if (rc) 2225 goto out; 2226 2227 memset(areq_ctx, 0, sizeof(*areq_ctx)); 2228 2229 //plaintext is not encryped with rfc4543 2230 areq_ctx->plaintext_authenticate_only = true; 2231 2232 /* No generated IV required */ 2233 areq_ctx->backup_iv = req->iv; 2234 areq_ctx->assoclen = req->assoclen; 2235 2236 cc_proc_rfc4_gcm(req); 2237 2238 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT); 2239 if (rc != -EINPROGRESS && rc != -EBUSY) 2240 req->iv = areq_ctx->backup_iv; 2241 out: 2242 return rc; 2243 } 2244 2245 static int cc_rfc4106_gcm_decrypt(struct aead_request *req) 2246 { 2247 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 2248 int rc; 2249 2250 rc = crypto_ipsec_check_assoclen(req->assoclen); 2251 if (rc) 2252 goto out; 2253 2254 memset(areq_ctx, 0, sizeof(*areq_ctx)); 2255 2256 /* No generated IV required */ 2257 areq_ctx->backup_iv = req->iv; 2258 areq_ctx->assoclen = req->assoclen - GCM_BLOCK_RFC4_IV_SIZE; 2259 2260 cc_proc_rfc4_gcm(req); 2261 2262 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT); 2263 if (rc != -EINPROGRESS && rc != -EBUSY) 2264 req->iv = areq_ctx->backup_iv; 2265 out: 2266 return rc; 2267 } 2268 2269 static int cc_rfc4543_gcm_decrypt(struct aead_request *req) 2270 { 2271 struct aead_req_ctx *areq_ctx = aead_request_ctx(req); 2272 int rc; 2273 2274 rc = crypto_ipsec_check_assoclen(req->assoclen); 2275 if (rc) 2276 goto out; 2277 2278 memset(areq_ctx, 0, sizeof(*areq_ctx)); 2279 2280 //plaintext is not decryped with rfc4543 2281 areq_ctx->plaintext_authenticate_only = true; 2282 2283 /* No generated IV required */ 2284 areq_ctx->backup_iv = req->iv; 2285 areq_ctx->assoclen = req->assoclen; 2286 2287 cc_proc_rfc4_gcm(req); 2288 2289 rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT); 2290 if (rc != -EINPROGRESS && rc != -EBUSY) 2291 req->iv = areq_ctx->backup_iv; 2292 out: 2293 return rc; 2294 } 2295 2296 /* aead alg */ 2297 static struct cc_alg_template aead_algs[] = { 2298 { 2299 .name = "authenc(hmac(sha1),cbc(aes))", 2300 .driver_name = "authenc-hmac-sha1-cbc-aes-ccree", 2301 .blocksize = AES_BLOCK_SIZE, 2302 .template_aead = { 2303 .setkey = cc_aead_setkey, 2304 .setauthsize = cc_aead_setauthsize, 2305 .encrypt = cc_aead_encrypt, 2306 .decrypt = cc_aead_decrypt, 2307 .init = cc_aead_init, 2308 .exit = cc_aead_exit, 2309 .ivsize = AES_BLOCK_SIZE, 2310 .maxauthsize = SHA1_DIGEST_SIZE, 2311 }, 2312 .cipher_mode = DRV_CIPHER_CBC, 2313 .flow_mode = S_DIN_to_AES, 2314 .auth_mode = DRV_HASH_SHA1, 2315 .min_hw_rev = CC_HW_REV_630, 2316 .std_body = CC_STD_NIST, 2317 }, 2318 { 2319 .name = "authenc(hmac(sha1),cbc(des3_ede))", 2320 .driver_name = "authenc-hmac-sha1-cbc-des3-ccree", 2321 .blocksize = DES3_EDE_BLOCK_SIZE, 2322 .template_aead = { 2323 .setkey = cc_des3_aead_setkey, 2324 .setauthsize = cc_aead_setauthsize, 2325 .encrypt = cc_aead_encrypt, 2326 .decrypt = cc_aead_decrypt, 2327 .init = cc_aead_init, 2328 .exit = cc_aead_exit, 2329 .ivsize = DES3_EDE_BLOCK_SIZE, 2330 .maxauthsize = SHA1_DIGEST_SIZE, 2331 }, 2332 .cipher_mode = DRV_CIPHER_CBC, 2333 .flow_mode = S_DIN_to_DES, 2334 .auth_mode = DRV_HASH_SHA1, 2335 .min_hw_rev = CC_HW_REV_630, 2336 .std_body = CC_STD_NIST, 2337 }, 2338 { 2339 .name = "authenc(hmac(sha256),cbc(aes))", 2340 .driver_name = "authenc-hmac-sha256-cbc-aes-ccree", 2341 .blocksize = AES_BLOCK_SIZE, 2342 .template_aead = { 2343 .setkey = cc_aead_setkey, 2344 .setauthsize = cc_aead_setauthsize, 2345 .encrypt = cc_aead_encrypt, 2346 .decrypt = cc_aead_decrypt, 2347 .init = cc_aead_init, 2348 .exit = cc_aead_exit, 2349 .ivsize = AES_BLOCK_SIZE, 2350 .maxauthsize = SHA256_DIGEST_SIZE, 2351 }, 2352 .cipher_mode = DRV_CIPHER_CBC, 2353 .flow_mode = S_DIN_to_AES, 2354 .auth_mode = DRV_HASH_SHA256, 2355 .min_hw_rev = CC_HW_REV_630, 2356 .std_body = CC_STD_NIST, 2357 }, 2358 { 2359 .name = "authenc(hmac(sha256),cbc(des3_ede))", 2360 .driver_name = "authenc-hmac-sha256-cbc-des3-ccree", 2361 .blocksize = DES3_EDE_BLOCK_SIZE, 2362 .template_aead = { 2363 .setkey = cc_des3_aead_setkey, 2364 .setauthsize = cc_aead_setauthsize, 2365 .encrypt = cc_aead_encrypt, 2366 .decrypt = cc_aead_decrypt, 2367 .init = cc_aead_init, 2368 .exit = cc_aead_exit, 2369 .ivsize = DES3_EDE_BLOCK_SIZE, 2370 .maxauthsize = SHA256_DIGEST_SIZE, 2371 }, 2372 .cipher_mode = DRV_CIPHER_CBC, 2373 .flow_mode = S_DIN_to_DES, 2374 .auth_mode = DRV_HASH_SHA256, 2375 .min_hw_rev = CC_HW_REV_630, 2376 .std_body = CC_STD_NIST, 2377 }, 2378 { 2379 .name = "authenc(xcbc(aes),cbc(aes))", 2380 .driver_name = "authenc-xcbc-aes-cbc-aes-ccree", 2381 .blocksize = AES_BLOCK_SIZE, 2382 .template_aead = { 2383 .setkey = cc_aead_setkey, 2384 .setauthsize = cc_aead_setauthsize, 2385 .encrypt = cc_aead_encrypt, 2386 .decrypt = cc_aead_decrypt, 2387 .init = cc_aead_init, 2388 .exit = cc_aead_exit, 2389 .ivsize = AES_BLOCK_SIZE, 2390 .maxauthsize = AES_BLOCK_SIZE, 2391 }, 2392 .cipher_mode = DRV_CIPHER_CBC, 2393 .flow_mode = S_DIN_to_AES, 2394 .auth_mode = DRV_HASH_XCBC_MAC, 2395 .min_hw_rev = CC_HW_REV_630, 2396 .std_body = CC_STD_NIST, 2397 }, 2398 { 2399 .name = "authenc(hmac(sha1),rfc3686(ctr(aes)))", 2400 .driver_name = "authenc-hmac-sha1-rfc3686-ctr-aes-ccree", 2401 .blocksize = 1, 2402 .template_aead = { 2403 .setkey = cc_aead_setkey, 2404 .setauthsize = cc_aead_setauthsize, 2405 .encrypt = cc_aead_encrypt, 2406 .decrypt = cc_aead_decrypt, 2407 .init = cc_aead_init, 2408 .exit = cc_aead_exit, 2409 .ivsize = CTR_RFC3686_IV_SIZE, 2410 .maxauthsize = SHA1_DIGEST_SIZE, 2411 }, 2412 .cipher_mode = DRV_CIPHER_CTR, 2413 .flow_mode = S_DIN_to_AES, 2414 .auth_mode = DRV_HASH_SHA1, 2415 .min_hw_rev = CC_HW_REV_630, 2416 .std_body = CC_STD_NIST, 2417 }, 2418 { 2419 .name = "authenc(hmac(sha256),rfc3686(ctr(aes)))", 2420 .driver_name = "authenc-hmac-sha256-rfc3686-ctr-aes-ccree", 2421 .blocksize = 1, 2422 .template_aead = { 2423 .setkey = cc_aead_setkey, 2424 .setauthsize = cc_aead_setauthsize, 2425 .encrypt = cc_aead_encrypt, 2426 .decrypt = cc_aead_decrypt, 2427 .init = cc_aead_init, 2428 .exit = cc_aead_exit, 2429 .ivsize = CTR_RFC3686_IV_SIZE, 2430 .maxauthsize = SHA256_DIGEST_SIZE, 2431 }, 2432 .cipher_mode = DRV_CIPHER_CTR, 2433 .flow_mode = S_DIN_to_AES, 2434 .auth_mode = DRV_HASH_SHA256, 2435 .min_hw_rev = CC_HW_REV_630, 2436 .std_body = CC_STD_NIST, 2437 }, 2438 { 2439 .name = "authenc(xcbc(aes),rfc3686(ctr(aes)))", 2440 .driver_name = "authenc-xcbc-aes-rfc3686-ctr-aes-ccree", 2441 .blocksize = 1, 2442 .template_aead = { 2443 .setkey = cc_aead_setkey, 2444 .setauthsize = cc_aead_setauthsize, 2445 .encrypt = cc_aead_encrypt, 2446 .decrypt = cc_aead_decrypt, 2447 .init = cc_aead_init, 2448 .exit = cc_aead_exit, 2449 .ivsize = CTR_RFC3686_IV_SIZE, 2450 .maxauthsize = AES_BLOCK_SIZE, 2451 }, 2452 .cipher_mode = DRV_CIPHER_CTR, 2453 .flow_mode = S_DIN_to_AES, 2454 .auth_mode = DRV_HASH_XCBC_MAC, 2455 .min_hw_rev = CC_HW_REV_630, 2456 .std_body = CC_STD_NIST, 2457 }, 2458 { 2459 .name = "ccm(aes)", 2460 .driver_name = "ccm-aes-ccree", 2461 .blocksize = 1, 2462 .template_aead = { 2463 .setkey = cc_aead_setkey, 2464 .setauthsize = cc_ccm_setauthsize, 2465 .encrypt = cc_aead_encrypt, 2466 .decrypt = cc_aead_decrypt, 2467 .init = cc_aead_init, 2468 .exit = cc_aead_exit, 2469 .ivsize = AES_BLOCK_SIZE, 2470 .maxauthsize = AES_BLOCK_SIZE, 2471 }, 2472 .cipher_mode = DRV_CIPHER_CCM, 2473 .flow_mode = S_DIN_to_AES, 2474 .auth_mode = DRV_HASH_NULL, 2475 .min_hw_rev = CC_HW_REV_630, 2476 .std_body = CC_STD_NIST, 2477 }, 2478 { 2479 .name = "rfc4309(ccm(aes))", 2480 .driver_name = "rfc4309-ccm-aes-ccree", 2481 .blocksize = 1, 2482 .template_aead = { 2483 .setkey = cc_rfc4309_ccm_setkey, 2484 .setauthsize = cc_rfc4309_ccm_setauthsize, 2485 .encrypt = cc_rfc4309_ccm_encrypt, 2486 .decrypt = cc_rfc4309_ccm_decrypt, 2487 .init = cc_aead_init, 2488 .exit = cc_aead_exit, 2489 .ivsize = CCM_BLOCK_IV_SIZE, 2490 .maxauthsize = AES_BLOCK_SIZE, 2491 }, 2492 .cipher_mode = DRV_CIPHER_CCM, 2493 .flow_mode = S_DIN_to_AES, 2494 .auth_mode = DRV_HASH_NULL, 2495 .min_hw_rev = CC_HW_REV_630, 2496 .std_body = CC_STD_NIST, 2497 }, 2498 { 2499 .name = "gcm(aes)", 2500 .driver_name = "gcm-aes-ccree", 2501 .blocksize = 1, 2502 .template_aead = { 2503 .setkey = cc_aead_setkey, 2504 .setauthsize = cc_gcm_setauthsize, 2505 .encrypt = cc_aead_encrypt, 2506 .decrypt = cc_aead_decrypt, 2507 .init = cc_aead_init, 2508 .exit = cc_aead_exit, 2509 .ivsize = 12, 2510 .maxauthsize = AES_BLOCK_SIZE, 2511 }, 2512 .cipher_mode = DRV_CIPHER_GCTR, 2513 .flow_mode = S_DIN_to_AES, 2514 .auth_mode = DRV_HASH_NULL, 2515 .min_hw_rev = CC_HW_REV_630, 2516 .std_body = CC_STD_NIST, 2517 }, 2518 { 2519 .name = "rfc4106(gcm(aes))", 2520 .driver_name = "rfc4106-gcm-aes-ccree", 2521 .blocksize = 1, 2522 .template_aead = { 2523 .setkey = cc_rfc4106_gcm_setkey, 2524 .setauthsize = cc_rfc4106_gcm_setauthsize, 2525 .encrypt = cc_rfc4106_gcm_encrypt, 2526 .decrypt = cc_rfc4106_gcm_decrypt, 2527 .init = cc_aead_init, 2528 .exit = cc_aead_exit, 2529 .ivsize = GCM_BLOCK_RFC4_IV_SIZE, 2530 .maxauthsize = AES_BLOCK_SIZE, 2531 }, 2532 .cipher_mode = DRV_CIPHER_GCTR, 2533 .flow_mode = S_DIN_to_AES, 2534 .auth_mode = DRV_HASH_NULL, 2535 .min_hw_rev = CC_HW_REV_630, 2536 .std_body = CC_STD_NIST, 2537 }, 2538 { 2539 .name = "rfc4543(gcm(aes))", 2540 .driver_name = "rfc4543-gcm-aes-ccree", 2541 .blocksize = 1, 2542 .template_aead = { 2543 .setkey = cc_rfc4543_gcm_setkey, 2544 .setauthsize = cc_rfc4543_gcm_setauthsize, 2545 .encrypt = cc_rfc4543_gcm_encrypt, 2546 .decrypt = cc_rfc4543_gcm_decrypt, 2547 .init = cc_aead_init, 2548 .exit = cc_aead_exit, 2549 .ivsize = GCM_BLOCK_RFC4_IV_SIZE, 2550 .maxauthsize = AES_BLOCK_SIZE, 2551 }, 2552 .cipher_mode = DRV_CIPHER_GCTR, 2553 .flow_mode = S_DIN_to_AES, 2554 .auth_mode = DRV_HASH_NULL, 2555 .min_hw_rev = CC_HW_REV_630, 2556 .std_body = CC_STD_NIST, 2557 }, 2558 }; 2559 2560 static struct cc_crypto_alg *cc_create_aead_alg(struct cc_alg_template *tmpl, 2561 struct device *dev) 2562 { 2563 struct cc_crypto_alg *t_alg; 2564 struct aead_alg *alg; 2565 2566 t_alg = devm_kzalloc(dev, sizeof(*t_alg), GFP_KERNEL); 2567 if (!t_alg) 2568 return ERR_PTR(-ENOMEM); 2569 2570 alg = &tmpl->template_aead; 2571 2572 snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name); 2573 snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", 2574 tmpl->driver_name); 2575 alg->base.cra_module = THIS_MODULE; 2576 alg->base.cra_priority = CC_CRA_PRIO; 2577 2578 alg->base.cra_ctxsize = sizeof(struct cc_aead_ctx); 2579 alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY; 2580 alg->base.cra_blocksize = tmpl->blocksize; 2581 alg->init = cc_aead_init; 2582 alg->exit = cc_aead_exit; 2583 2584 t_alg->aead_alg = *alg; 2585 2586 t_alg->cipher_mode = tmpl->cipher_mode; 2587 t_alg->flow_mode = tmpl->flow_mode; 2588 t_alg->auth_mode = tmpl->auth_mode; 2589 2590 return t_alg; 2591 } 2592 2593 int cc_aead_free(struct cc_drvdata *drvdata) 2594 { 2595 struct cc_crypto_alg *t_alg, *n; 2596 struct cc_aead_handle *aead_handle = drvdata->aead_handle; 2597 2598 /* Remove registered algs */ 2599 list_for_each_entry_safe(t_alg, n, &aead_handle->aead_list, entry) { 2600 crypto_unregister_aead(&t_alg->aead_alg); 2601 list_del(&t_alg->entry); 2602 } 2603 2604 return 0; 2605 } 2606 2607 int cc_aead_alloc(struct cc_drvdata *drvdata) 2608 { 2609 struct cc_aead_handle *aead_handle; 2610 struct cc_crypto_alg *t_alg; 2611 int rc = -ENOMEM; 2612 int alg; 2613 struct device *dev = drvdata_to_dev(drvdata); 2614 2615 aead_handle = devm_kmalloc(dev, sizeof(*aead_handle), GFP_KERNEL); 2616 if (!aead_handle) { 2617 rc = -ENOMEM; 2618 goto fail0; 2619 } 2620 2621 INIT_LIST_HEAD(&aead_handle->aead_list); 2622 drvdata->aead_handle = aead_handle; 2623 2624 aead_handle->sram_workspace_addr = cc_sram_alloc(drvdata, 2625 MAX_HMAC_DIGEST_SIZE); 2626 2627 if (aead_handle->sram_workspace_addr == NULL_SRAM_ADDR) { 2628 rc = -ENOMEM; 2629 goto fail1; 2630 } 2631 2632 /* Linux crypto */ 2633 for (alg = 0; alg < ARRAY_SIZE(aead_algs); alg++) { 2634 if ((aead_algs[alg].min_hw_rev > drvdata->hw_rev) || 2635 !(drvdata->std_bodies & aead_algs[alg].std_body)) 2636 continue; 2637 2638 t_alg = cc_create_aead_alg(&aead_algs[alg], dev); 2639 if (IS_ERR(t_alg)) { 2640 rc = PTR_ERR(t_alg); 2641 dev_err(dev, "%s alg allocation failed\n", 2642 aead_algs[alg].driver_name); 2643 goto fail1; 2644 } 2645 t_alg->drvdata = drvdata; 2646 rc = crypto_register_aead(&t_alg->aead_alg); 2647 if (rc) { 2648 dev_err(dev, "%s alg registration failed\n", 2649 t_alg->aead_alg.base.cra_driver_name); 2650 goto fail1; 2651 } 2652 2653 list_add_tail(&t_alg->entry, &aead_handle->aead_list); 2654 dev_dbg(dev, "Registered %s\n", 2655 t_alg->aead_alg.base.cra_driver_name); 2656 } 2657 2658 return 0; 2659 2660 fail1: 2661 cc_aead_free(drvdata); 2662 fail0: 2663 return rc; 2664 } 2665