1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2016-2017 HiSilicon Limited. */ 3 #include <linux/crypto.h> 4 #include <linux/dma-mapping.h> 5 #include <linux/dmapool.h> 6 #include <linux/module.h> 7 #include <linux/mutex.h> 8 #include <linux/slab.h> 9 10 #include <crypto/aes.h> 11 #include <crypto/algapi.h> 12 #include <crypto/internal/des.h> 13 #include <crypto/skcipher.h> 14 #include <crypto/xts.h> 15 #include <crypto/internal/skcipher.h> 16 17 #include "sec_drv.h" 18 19 #define SEC_MAX_CIPHER_KEY 64 20 #define SEC_REQ_LIMIT SZ_32M 21 22 struct sec_c_alg_cfg { 23 unsigned c_alg : 3; 24 unsigned c_mode : 3; 25 unsigned key_len : 2; 26 unsigned c_width : 2; 27 }; 28 29 static const struct sec_c_alg_cfg sec_c_alg_cfgs[] = { 30 [SEC_C_DES_ECB_64] = { 31 .c_alg = SEC_C_ALG_DES, 32 .c_mode = SEC_C_MODE_ECB, 33 .key_len = SEC_KEY_LEN_DES, 34 }, 35 [SEC_C_DES_CBC_64] = { 36 .c_alg = SEC_C_ALG_DES, 37 .c_mode = SEC_C_MODE_CBC, 38 .key_len = SEC_KEY_LEN_DES, 39 }, 40 [SEC_C_3DES_ECB_192_3KEY] = { 41 .c_alg = SEC_C_ALG_3DES, 42 .c_mode = SEC_C_MODE_ECB, 43 .key_len = SEC_KEY_LEN_3DES_3_KEY, 44 }, 45 [SEC_C_3DES_ECB_192_2KEY] = { 46 .c_alg = SEC_C_ALG_3DES, 47 .c_mode = SEC_C_MODE_ECB, 48 .key_len = SEC_KEY_LEN_3DES_2_KEY, 49 }, 50 [SEC_C_3DES_CBC_192_3KEY] = { 51 .c_alg = SEC_C_ALG_3DES, 52 .c_mode = SEC_C_MODE_CBC, 53 .key_len = SEC_KEY_LEN_3DES_3_KEY, 54 }, 55 [SEC_C_3DES_CBC_192_2KEY] = { 56 .c_alg = SEC_C_ALG_3DES, 57 .c_mode = SEC_C_MODE_CBC, 58 .key_len = SEC_KEY_LEN_3DES_2_KEY, 59 }, 60 [SEC_C_AES_ECB_128] = { 61 .c_alg = SEC_C_ALG_AES, 62 .c_mode = SEC_C_MODE_ECB, 63 .key_len = SEC_KEY_LEN_AES_128, 64 }, 65 [SEC_C_AES_ECB_192] = { 66 .c_alg = SEC_C_ALG_AES, 67 .c_mode = SEC_C_MODE_ECB, 68 .key_len = SEC_KEY_LEN_AES_192, 69 }, 70 [SEC_C_AES_ECB_256] = { 71 .c_alg = SEC_C_ALG_AES, 72 .c_mode = SEC_C_MODE_ECB, 73 .key_len = SEC_KEY_LEN_AES_256, 74 }, 75 [SEC_C_AES_CBC_128] = { 76 .c_alg = SEC_C_ALG_AES, 77 .c_mode = SEC_C_MODE_CBC, 78 .key_len = SEC_KEY_LEN_AES_128, 79 }, 80 [SEC_C_AES_CBC_192] = { 81 .c_alg = SEC_C_ALG_AES, 82 .c_mode = SEC_C_MODE_CBC, 83 .key_len = SEC_KEY_LEN_AES_192, 84 }, 85 [SEC_C_AES_CBC_256] = { 86 .c_alg = SEC_C_ALG_AES, 87 .c_mode = SEC_C_MODE_CBC, 88 .key_len = SEC_KEY_LEN_AES_256, 89 }, 90 [SEC_C_AES_CTR_128] = { 91 .c_alg = SEC_C_ALG_AES, 92 .c_mode = SEC_C_MODE_CTR, 93 .key_len = SEC_KEY_LEN_AES_128, 94 }, 95 [SEC_C_AES_CTR_192] = { 96 .c_alg = SEC_C_ALG_AES, 97 .c_mode = SEC_C_MODE_CTR, 98 .key_len = SEC_KEY_LEN_AES_192, 99 }, 100 [SEC_C_AES_CTR_256] = { 101 .c_alg = SEC_C_ALG_AES, 102 .c_mode = SEC_C_MODE_CTR, 103 .key_len = SEC_KEY_LEN_AES_256, 104 }, 105 [SEC_C_AES_XTS_128] = { 106 .c_alg = SEC_C_ALG_AES, 107 .c_mode = SEC_C_MODE_XTS, 108 .key_len = SEC_KEY_LEN_AES_128, 109 }, 110 [SEC_C_AES_XTS_256] = { 111 .c_alg = SEC_C_ALG_AES, 112 .c_mode = SEC_C_MODE_XTS, 113 .key_len = SEC_KEY_LEN_AES_256, 114 }, 115 [SEC_C_NULL] = { 116 }, 117 }; 118 119 /* 120 * Mutex used to ensure safe operation of reference count of 121 * alg providers 122 */ 123 static DEFINE_MUTEX(algs_lock); 124 static unsigned int active_devs; 125 126 static void sec_alg_skcipher_init_template(struct sec_alg_tfm_ctx *ctx, 127 struct sec_bd_info *req, 128 enum sec_cipher_alg alg) 129 { 130 const struct sec_c_alg_cfg *cfg = &sec_c_alg_cfgs[alg]; 131 132 memset(req, 0, sizeof(*req)); 133 req->w0 |= cfg->c_mode << SEC_BD_W0_C_MODE_S; 134 req->w1 |= cfg->c_alg << SEC_BD_W1_C_ALG_S; 135 req->w3 |= cfg->key_len << SEC_BD_W3_C_KEY_LEN_S; 136 req->w0 |= cfg->c_width << SEC_BD_W0_C_WIDTH_S; 137 138 req->cipher_key_addr_lo = lower_32_bits(ctx->pkey); 139 req->cipher_key_addr_hi = upper_32_bits(ctx->pkey); 140 } 141 142 static void sec_alg_skcipher_init_context(struct crypto_skcipher *atfm, 143 const u8 *key, 144 unsigned int keylen, 145 enum sec_cipher_alg alg) 146 { 147 struct crypto_tfm *tfm = crypto_skcipher_tfm(atfm); 148 struct sec_alg_tfm_ctx *ctx = crypto_tfm_ctx(tfm); 149 150 ctx->cipher_alg = alg; 151 memcpy(ctx->key, key, keylen); 152 sec_alg_skcipher_init_template(ctx, &ctx->req_template, 153 ctx->cipher_alg); 154 } 155 156 static void sec_free_hw_sgl(struct sec_hw_sgl *hw_sgl, 157 dma_addr_t psec_sgl, struct sec_dev_info *info) 158 { 159 struct sec_hw_sgl *sgl_current, *sgl_next; 160 dma_addr_t sgl_next_dma; 161 162 sgl_current = hw_sgl; 163 while (sgl_current) { 164 sgl_next = sgl_current->next; 165 sgl_next_dma = sgl_current->next_sgl; 166 167 dma_pool_free(info->hw_sgl_pool, sgl_current, psec_sgl); 168 169 sgl_current = sgl_next; 170 psec_sgl = sgl_next_dma; 171 } 172 } 173 174 static int sec_alloc_and_fill_hw_sgl(struct sec_hw_sgl **sec_sgl, 175 dma_addr_t *psec_sgl, 176 struct scatterlist *sgl, 177 int count, 178 struct sec_dev_info *info, 179 gfp_t gfp) 180 { 181 struct sec_hw_sgl *sgl_current = NULL; 182 struct sec_hw_sgl *sgl_next; 183 dma_addr_t sgl_next_dma; 184 struct scatterlist *sg; 185 int ret, sge_index, i; 186 187 if (!count) 188 return -EINVAL; 189 190 for_each_sg(sgl, sg, count, i) { 191 sge_index = i % SEC_MAX_SGE_NUM; 192 if (sge_index == 0) { 193 sgl_next = dma_pool_zalloc(info->hw_sgl_pool, 194 gfp, &sgl_next_dma); 195 if (!sgl_next) { 196 ret = -ENOMEM; 197 goto err_free_hw_sgls; 198 } 199 200 if (!sgl_current) { /* First one */ 201 *psec_sgl = sgl_next_dma; 202 *sec_sgl = sgl_next; 203 } else { /* Chained */ 204 sgl_current->entry_sum_in_sgl = SEC_MAX_SGE_NUM; 205 sgl_current->next_sgl = sgl_next_dma; 206 sgl_current->next = sgl_next; 207 } 208 sgl_current = sgl_next; 209 } 210 sgl_current->sge_entries[sge_index].buf = sg_dma_address(sg); 211 sgl_current->sge_entries[sge_index].len = sg_dma_len(sg); 212 sgl_current->data_bytes_in_sgl += sg_dma_len(sg); 213 } 214 sgl_current->entry_sum_in_sgl = count % SEC_MAX_SGE_NUM; 215 sgl_current->next_sgl = 0; 216 (*sec_sgl)->entry_sum_in_chain = count; 217 218 return 0; 219 220 err_free_hw_sgls: 221 sec_free_hw_sgl(*sec_sgl, *psec_sgl, info); 222 *psec_sgl = 0; 223 224 return ret; 225 } 226 227 static int sec_alg_skcipher_setkey(struct crypto_skcipher *tfm, 228 const u8 *key, unsigned int keylen, 229 enum sec_cipher_alg alg) 230 { 231 struct sec_alg_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); 232 struct device *dev = ctx->queue->dev_info->dev; 233 234 mutex_lock(&ctx->lock); 235 if (ctx->key) { 236 /* rekeying */ 237 memset(ctx->key, 0, SEC_MAX_CIPHER_KEY); 238 } else { 239 /* new key */ 240 ctx->key = dma_alloc_coherent(dev, SEC_MAX_CIPHER_KEY, 241 &ctx->pkey, GFP_KERNEL); 242 if (!ctx->key) { 243 mutex_unlock(&ctx->lock); 244 return -ENOMEM; 245 } 246 } 247 mutex_unlock(&ctx->lock); 248 sec_alg_skcipher_init_context(tfm, key, keylen, alg); 249 250 return 0; 251 } 252 253 static int sec_alg_skcipher_setkey_aes_ecb(struct crypto_skcipher *tfm, 254 const u8 *key, unsigned int keylen) 255 { 256 enum sec_cipher_alg alg; 257 258 switch (keylen) { 259 case AES_KEYSIZE_128: 260 alg = SEC_C_AES_ECB_128; 261 break; 262 case AES_KEYSIZE_192: 263 alg = SEC_C_AES_ECB_192; 264 break; 265 case AES_KEYSIZE_256: 266 alg = SEC_C_AES_ECB_256; 267 break; 268 default: 269 return -EINVAL; 270 } 271 272 return sec_alg_skcipher_setkey(tfm, key, keylen, alg); 273 } 274 275 static int sec_alg_skcipher_setkey_aes_cbc(struct crypto_skcipher *tfm, 276 const u8 *key, unsigned int keylen) 277 { 278 enum sec_cipher_alg alg; 279 280 switch (keylen) { 281 case AES_KEYSIZE_128: 282 alg = SEC_C_AES_CBC_128; 283 break; 284 case AES_KEYSIZE_192: 285 alg = SEC_C_AES_CBC_192; 286 break; 287 case AES_KEYSIZE_256: 288 alg = SEC_C_AES_CBC_256; 289 break; 290 default: 291 return -EINVAL; 292 } 293 294 return sec_alg_skcipher_setkey(tfm, key, keylen, alg); 295 } 296 297 static int sec_alg_skcipher_setkey_aes_ctr(struct crypto_skcipher *tfm, 298 const u8 *key, unsigned int keylen) 299 { 300 enum sec_cipher_alg alg; 301 302 switch (keylen) { 303 case AES_KEYSIZE_128: 304 alg = SEC_C_AES_CTR_128; 305 break; 306 case AES_KEYSIZE_192: 307 alg = SEC_C_AES_CTR_192; 308 break; 309 case AES_KEYSIZE_256: 310 alg = SEC_C_AES_CTR_256; 311 break; 312 default: 313 return -EINVAL; 314 } 315 316 return sec_alg_skcipher_setkey(tfm, key, keylen, alg); 317 } 318 319 static int sec_alg_skcipher_setkey_aes_xts(struct crypto_skcipher *tfm, 320 const u8 *key, unsigned int keylen) 321 { 322 enum sec_cipher_alg alg; 323 int ret; 324 325 ret = xts_verify_key(tfm, key, keylen); 326 if (ret) 327 return ret; 328 329 switch (keylen) { 330 case AES_KEYSIZE_128 * 2: 331 alg = SEC_C_AES_XTS_128; 332 break; 333 case AES_KEYSIZE_256 * 2: 334 alg = SEC_C_AES_XTS_256; 335 break; 336 default: 337 return -EINVAL; 338 } 339 340 return sec_alg_skcipher_setkey(tfm, key, keylen, alg); 341 } 342 343 static int sec_alg_skcipher_setkey_des_ecb(struct crypto_skcipher *tfm, 344 const u8 *key, unsigned int keylen) 345 { 346 return verify_skcipher_des_key(tfm, key) ?: 347 sec_alg_skcipher_setkey(tfm, key, keylen, SEC_C_DES_ECB_64); 348 } 349 350 static int sec_alg_skcipher_setkey_des_cbc(struct crypto_skcipher *tfm, 351 const u8 *key, unsigned int keylen) 352 { 353 return verify_skcipher_des_key(tfm, key) ?: 354 sec_alg_skcipher_setkey(tfm, key, keylen, SEC_C_DES_CBC_64); 355 } 356 357 static int sec_alg_skcipher_setkey_3des_ecb(struct crypto_skcipher *tfm, 358 const u8 *key, unsigned int keylen) 359 { 360 return verify_skcipher_des3_key(tfm, key) ?: 361 sec_alg_skcipher_setkey(tfm, key, keylen, 362 SEC_C_3DES_ECB_192_3KEY); 363 } 364 365 static int sec_alg_skcipher_setkey_3des_cbc(struct crypto_skcipher *tfm, 366 const u8 *key, unsigned int keylen) 367 { 368 return verify_skcipher_des3_key(tfm, key) ?: 369 sec_alg_skcipher_setkey(tfm, key, keylen, 370 SEC_C_3DES_CBC_192_3KEY); 371 } 372 373 static void sec_alg_free_el(struct sec_request_el *el, 374 struct sec_dev_info *info) 375 { 376 sec_free_hw_sgl(el->out, el->dma_out, info); 377 sec_free_hw_sgl(el->in, el->dma_in, info); 378 kfree(el->sgl_in); 379 kfree(el->sgl_out); 380 kfree(el); 381 } 382 383 /* queuelock must be held */ 384 static int sec_send_request(struct sec_request *sec_req, struct sec_queue *queue) 385 { 386 struct sec_request_el *el, *temp; 387 int ret = 0; 388 389 mutex_lock(&sec_req->lock); 390 list_for_each_entry_safe(el, temp, &sec_req->elements, head) { 391 /* 392 * Add to hardware queue only under following circumstances 393 * 1) Software and hardware queue empty so no chain dependencies 394 * 2) No dependencies as new IV - (check software queue empty 395 * to maintain order) 396 * 3) No dependencies because the mode does no chaining. 397 * 398 * In other cases first insert onto the software queue which 399 * is then emptied as requests complete 400 */ 401 if (!queue->havesoftqueue || 402 (kfifo_is_empty(&queue->softqueue) && 403 sec_queue_empty(queue))) { 404 ret = sec_queue_send(queue, &el->req, sec_req); 405 if (ret == -EAGAIN) { 406 /* Wait unti we can send then try again */ 407 /* DEAD if here - should not happen */ 408 ret = -EBUSY; 409 goto err_unlock; 410 } 411 } else { 412 kfifo_put(&queue->softqueue, el); 413 } 414 } 415 err_unlock: 416 mutex_unlock(&sec_req->lock); 417 418 return ret; 419 } 420 421 static void sec_skcipher_alg_callback(struct sec_bd_info *sec_resp, 422 struct crypto_async_request *req_base) 423 { 424 struct skcipher_request *skreq = container_of(req_base, 425 struct skcipher_request, 426 base); 427 struct sec_request *sec_req = skcipher_request_ctx(skreq); 428 struct sec_request *backlog_req; 429 struct sec_request_el *sec_req_el, *nextrequest; 430 struct sec_alg_tfm_ctx *ctx = sec_req->tfm_ctx; 431 struct crypto_skcipher *atfm = crypto_skcipher_reqtfm(skreq); 432 struct device *dev = ctx->queue->dev_info->dev; 433 int icv_or_skey_en, ret; 434 bool done; 435 436 sec_req_el = list_first_entry(&sec_req->elements, struct sec_request_el, 437 head); 438 icv_or_skey_en = (sec_resp->w0 & SEC_BD_W0_ICV_OR_SKEY_EN_M) >> 439 SEC_BD_W0_ICV_OR_SKEY_EN_S; 440 if (sec_resp->w1 & SEC_BD_W1_BD_INVALID || icv_or_skey_en == 3) { 441 dev_err(dev, "Got an invalid answer %lu %d\n", 442 sec_resp->w1 & SEC_BD_W1_BD_INVALID, 443 icv_or_skey_en); 444 sec_req->err = -EINVAL; 445 /* 446 * We need to muddle on to avoid getting stuck with elements 447 * on the queue. Error will be reported so requester so 448 * it should be able to handle appropriately. 449 */ 450 } 451 452 mutex_lock(&ctx->queue->queuelock); 453 /* Put the IV in place for chained cases */ 454 switch (ctx->cipher_alg) { 455 case SEC_C_AES_CBC_128: 456 case SEC_C_AES_CBC_192: 457 case SEC_C_AES_CBC_256: 458 if (sec_req_el->req.w0 & SEC_BD_W0_DE) 459 sg_pcopy_to_buffer(sec_req_el->sgl_out, 460 sg_nents(sec_req_el->sgl_out), 461 skreq->iv, 462 crypto_skcipher_ivsize(atfm), 463 sec_req_el->el_length - 464 crypto_skcipher_ivsize(atfm)); 465 else 466 sg_pcopy_to_buffer(sec_req_el->sgl_in, 467 sg_nents(sec_req_el->sgl_in), 468 skreq->iv, 469 crypto_skcipher_ivsize(atfm), 470 sec_req_el->el_length - 471 crypto_skcipher_ivsize(atfm)); 472 /* No need to sync to the device as coherent DMA */ 473 break; 474 case SEC_C_AES_CTR_128: 475 case SEC_C_AES_CTR_192: 476 case SEC_C_AES_CTR_256: 477 crypto_inc(skreq->iv, 16); 478 break; 479 default: 480 /* Do not update */ 481 break; 482 } 483 484 if (ctx->queue->havesoftqueue && 485 !kfifo_is_empty(&ctx->queue->softqueue) && 486 sec_queue_empty(ctx->queue)) { 487 ret = kfifo_get(&ctx->queue->softqueue, &nextrequest); 488 if (ret <= 0) 489 dev_err(dev, 490 "Error getting next element from kfifo %d\n", 491 ret); 492 else 493 /* We know there is space so this cannot fail */ 494 sec_queue_send(ctx->queue, &nextrequest->req, 495 nextrequest->sec_req); 496 } else if (!list_empty(&ctx->backlog)) { 497 /* Need to verify there is room first */ 498 backlog_req = list_first_entry(&ctx->backlog, 499 typeof(*backlog_req), 500 backlog_head); 501 if (sec_queue_can_enqueue(ctx->queue, 502 backlog_req->num_elements) || 503 (ctx->queue->havesoftqueue && 504 kfifo_avail(&ctx->queue->softqueue) > 505 backlog_req->num_elements)) { 506 sec_send_request(backlog_req, ctx->queue); 507 backlog_req->req_base->complete(backlog_req->req_base, 508 -EINPROGRESS); 509 list_del(&backlog_req->backlog_head); 510 } 511 } 512 mutex_unlock(&ctx->queue->queuelock); 513 514 mutex_lock(&sec_req->lock); 515 list_del(&sec_req_el->head); 516 mutex_unlock(&sec_req->lock); 517 sec_alg_free_el(sec_req_el, ctx->queue->dev_info); 518 519 /* 520 * Request is done. 521 * The dance is needed as the lock is freed in the completion 522 */ 523 mutex_lock(&sec_req->lock); 524 done = list_empty(&sec_req->elements); 525 mutex_unlock(&sec_req->lock); 526 if (done) { 527 if (crypto_skcipher_ivsize(atfm)) { 528 dma_unmap_single(dev, sec_req->dma_iv, 529 crypto_skcipher_ivsize(atfm), 530 DMA_TO_DEVICE); 531 } 532 dma_unmap_sg(dev, skreq->src, sec_req->len_in, 533 DMA_BIDIRECTIONAL); 534 if (skreq->src != skreq->dst) 535 dma_unmap_sg(dev, skreq->dst, sec_req->len_out, 536 DMA_BIDIRECTIONAL); 537 skreq->base.complete(&skreq->base, sec_req->err); 538 } 539 } 540 541 void sec_alg_callback(struct sec_bd_info *resp, void *shadow) 542 { 543 struct sec_request *sec_req = shadow; 544 545 sec_req->cb(resp, sec_req->req_base); 546 } 547 548 static int sec_alg_alloc_and_calc_split_sizes(int length, size_t **split_sizes, 549 int *steps, gfp_t gfp) 550 { 551 size_t *sizes; 552 int i; 553 554 /* Split into suitable sized blocks */ 555 *steps = roundup(length, SEC_REQ_LIMIT) / SEC_REQ_LIMIT; 556 sizes = kcalloc(*steps, sizeof(*sizes), gfp); 557 if (!sizes) 558 return -ENOMEM; 559 560 for (i = 0; i < *steps - 1; i++) 561 sizes[i] = SEC_REQ_LIMIT; 562 sizes[*steps - 1] = length - SEC_REQ_LIMIT * (*steps - 1); 563 *split_sizes = sizes; 564 565 return 0; 566 } 567 568 static int sec_map_and_split_sg(struct scatterlist *sgl, size_t *split_sizes, 569 int steps, struct scatterlist ***splits, 570 int **splits_nents, 571 int sgl_len_in, 572 struct device *dev, gfp_t gfp) 573 { 574 int ret, count; 575 576 count = dma_map_sg(dev, sgl, sgl_len_in, DMA_BIDIRECTIONAL); 577 if (!count) 578 return -EINVAL; 579 580 *splits = kcalloc(steps, sizeof(struct scatterlist *), gfp); 581 if (!*splits) { 582 ret = -ENOMEM; 583 goto err_unmap_sg; 584 } 585 *splits_nents = kcalloc(steps, sizeof(int), gfp); 586 if (!*splits_nents) { 587 ret = -ENOMEM; 588 goto err_free_splits; 589 } 590 591 /* output the scatter list before and after this */ 592 ret = sg_split(sgl, count, 0, steps, split_sizes, 593 *splits, *splits_nents, gfp); 594 if (ret) { 595 ret = -ENOMEM; 596 goto err_free_splits_nents; 597 } 598 599 return 0; 600 601 err_free_splits_nents: 602 kfree(*splits_nents); 603 err_free_splits: 604 kfree(*splits); 605 err_unmap_sg: 606 dma_unmap_sg(dev, sgl, sgl_len_in, DMA_BIDIRECTIONAL); 607 608 return ret; 609 } 610 611 /* 612 * Reverses the sec_map_and_split_sg call for messages not yet added to 613 * the queues. 614 */ 615 static void sec_unmap_sg_on_err(struct scatterlist *sgl, int steps, 616 struct scatterlist **splits, int *splits_nents, 617 int sgl_len_in, struct device *dev) 618 { 619 int i; 620 621 for (i = 0; i < steps; i++) 622 kfree(splits[i]); 623 kfree(splits_nents); 624 kfree(splits); 625 626 dma_unmap_sg(dev, sgl, sgl_len_in, DMA_BIDIRECTIONAL); 627 } 628 629 static struct sec_request_el 630 *sec_alg_alloc_and_fill_el(struct sec_bd_info *template, int encrypt, 631 int el_size, bool different_dest, 632 struct scatterlist *sgl_in, int n_ents_in, 633 struct scatterlist *sgl_out, int n_ents_out, 634 struct sec_dev_info *info, gfp_t gfp) 635 { 636 struct sec_request_el *el; 637 struct sec_bd_info *req; 638 int ret; 639 640 el = kzalloc(sizeof(*el), gfp); 641 if (!el) 642 return ERR_PTR(-ENOMEM); 643 el->el_length = el_size; 644 req = &el->req; 645 memcpy(req, template, sizeof(*req)); 646 647 req->w0 &= ~SEC_BD_W0_CIPHER_M; 648 if (encrypt) 649 req->w0 |= SEC_CIPHER_ENCRYPT << SEC_BD_W0_CIPHER_S; 650 else 651 req->w0 |= SEC_CIPHER_DECRYPT << SEC_BD_W0_CIPHER_S; 652 653 req->w0 &= ~SEC_BD_W0_C_GRAN_SIZE_19_16_M; 654 req->w0 |= ((el_size >> 16) << SEC_BD_W0_C_GRAN_SIZE_19_16_S) & 655 SEC_BD_W0_C_GRAN_SIZE_19_16_M; 656 657 req->w0 &= ~SEC_BD_W0_C_GRAN_SIZE_21_20_M; 658 req->w0 |= ((el_size >> 20) << SEC_BD_W0_C_GRAN_SIZE_21_20_S) & 659 SEC_BD_W0_C_GRAN_SIZE_21_20_M; 660 661 /* Writing whole u32 so no need to take care of masking */ 662 req->w2 = ((1 << SEC_BD_W2_GRAN_NUM_S) & SEC_BD_W2_GRAN_NUM_M) | 663 ((el_size << SEC_BD_W2_C_GRAN_SIZE_15_0_S) & 664 SEC_BD_W2_C_GRAN_SIZE_15_0_M); 665 666 req->w3 &= ~SEC_BD_W3_CIPHER_LEN_OFFSET_M; 667 req->w1 |= SEC_BD_W1_ADDR_TYPE; 668 669 el->sgl_in = sgl_in; 670 671 ret = sec_alloc_and_fill_hw_sgl(&el->in, &el->dma_in, el->sgl_in, 672 n_ents_in, info, gfp); 673 if (ret) 674 goto err_free_el; 675 676 req->data_addr_lo = lower_32_bits(el->dma_in); 677 req->data_addr_hi = upper_32_bits(el->dma_in); 678 679 if (different_dest) { 680 el->sgl_out = sgl_out; 681 ret = sec_alloc_and_fill_hw_sgl(&el->out, &el->dma_out, 682 el->sgl_out, 683 n_ents_out, info, gfp); 684 if (ret) 685 goto err_free_hw_sgl_in; 686 687 req->w0 |= SEC_BD_W0_DE; 688 req->cipher_destin_addr_lo = lower_32_bits(el->dma_out); 689 req->cipher_destin_addr_hi = upper_32_bits(el->dma_out); 690 691 } else { 692 req->w0 &= ~SEC_BD_W0_DE; 693 req->cipher_destin_addr_lo = lower_32_bits(el->dma_in); 694 req->cipher_destin_addr_hi = upper_32_bits(el->dma_in); 695 } 696 697 return el; 698 699 err_free_hw_sgl_in: 700 sec_free_hw_sgl(el->in, el->dma_in, info); 701 err_free_el: 702 kfree(el); 703 704 return ERR_PTR(ret); 705 } 706 707 static int sec_alg_skcipher_crypto(struct skcipher_request *skreq, 708 bool encrypt) 709 { 710 struct crypto_skcipher *atfm = crypto_skcipher_reqtfm(skreq); 711 struct crypto_tfm *tfm = crypto_skcipher_tfm(atfm); 712 struct sec_alg_tfm_ctx *ctx = crypto_tfm_ctx(tfm); 713 struct sec_queue *queue = ctx->queue; 714 struct sec_request *sec_req = skcipher_request_ctx(skreq); 715 struct sec_dev_info *info = queue->dev_info; 716 int i, ret, steps; 717 size_t *split_sizes; 718 struct scatterlist **splits_in; 719 struct scatterlist **splits_out = NULL; 720 int *splits_in_nents; 721 int *splits_out_nents = NULL; 722 struct sec_request_el *el, *temp; 723 bool split = skreq->src != skreq->dst; 724 gfp_t gfp = skreq->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL : GFP_ATOMIC; 725 726 mutex_init(&sec_req->lock); 727 sec_req->req_base = &skreq->base; 728 sec_req->err = 0; 729 /* SGL mapping out here to allow us to break it up as necessary */ 730 sec_req->len_in = sg_nents(skreq->src); 731 732 ret = sec_alg_alloc_and_calc_split_sizes(skreq->cryptlen, &split_sizes, 733 &steps, gfp); 734 if (ret) 735 return ret; 736 sec_req->num_elements = steps; 737 ret = sec_map_and_split_sg(skreq->src, split_sizes, steps, &splits_in, 738 &splits_in_nents, sec_req->len_in, 739 info->dev, gfp); 740 if (ret) 741 goto err_free_split_sizes; 742 743 if (split) { 744 sec_req->len_out = sg_nents(skreq->dst); 745 ret = sec_map_and_split_sg(skreq->dst, split_sizes, steps, 746 &splits_out, &splits_out_nents, 747 sec_req->len_out, info->dev, gfp); 748 if (ret) 749 goto err_unmap_in_sg; 750 } 751 /* Shared info stored in seq_req - applies to all BDs */ 752 sec_req->tfm_ctx = ctx; 753 sec_req->cb = sec_skcipher_alg_callback; 754 INIT_LIST_HEAD(&sec_req->elements); 755 756 /* 757 * Future optimization. 758 * In the chaining case we can't use a dma pool bounce buffer 759 * but in the case where we know there is no chaining we can 760 */ 761 if (crypto_skcipher_ivsize(atfm)) { 762 sec_req->dma_iv = dma_map_single(info->dev, skreq->iv, 763 crypto_skcipher_ivsize(atfm), 764 DMA_TO_DEVICE); 765 if (dma_mapping_error(info->dev, sec_req->dma_iv)) { 766 ret = -ENOMEM; 767 goto err_unmap_out_sg; 768 } 769 } 770 771 /* Set them all up then queue - cleaner error handling. */ 772 for (i = 0; i < steps; i++) { 773 el = sec_alg_alloc_and_fill_el(&ctx->req_template, 774 encrypt ? 1 : 0, 775 split_sizes[i], 776 skreq->src != skreq->dst, 777 splits_in[i], splits_in_nents[i], 778 split ? splits_out[i] : NULL, 779 split ? splits_out_nents[i] : 0, 780 info, gfp); 781 if (IS_ERR(el)) { 782 ret = PTR_ERR(el); 783 goto err_free_elements; 784 } 785 el->req.cipher_iv_addr_lo = lower_32_bits(sec_req->dma_iv); 786 el->req.cipher_iv_addr_hi = upper_32_bits(sec_req->dma_iv); 787 el->sec_req = sec_req; 788 list_add_tail(&el->head, &sec_req->elements); 789 } 790 791 /* 792 * Only attempt to queue if the whole lot can fit in the queue - 793 * we can't successfully cleanup after a partial queing so this 794 * must succeed or fail atomically. 795 * 796 * Big hammer test of both software and hardware queues - could be 797 * more refined but this is unlikely to happen so no need. 798 */ 799 800 /* Grab a big lock for a long time to avoid concurrency issues */ 801 mutex_lock(&queue->queuelock); 802 803 /* 804 * Can go on to queue if we have space in either: 805 * 1) The hardware queue and no software queue 806 * 2) The software queue 807 * AND there is nothing in the backlog. If there is backlog we 808 * have to only queue to the backlog queue and return busy. 809 */ 810 if ((!sec_queue_can_enqueue(queue, steps) && 811 (!queue->havesoftqueue || 812 kfifo_avail(&queue->softqueue) > steps)) || 813 !list_empty(&ctx->backlog)) { 814 ret = -EBUSY; 815 if ((skreq->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) { 816 list_add_tail(&sec_req->backlog_head, &ctx->backlog); 817 mutex_unlock(&queue->queuelock); 818 goto out; 819 } 820 821 mutex_unlock(&queue->queuelock); 822 goto err_free_elements; 823 } 824 ret = sec_send_request(sec_req, queue); 825 mutex_unlock(&queue->queuelock); 826 if (ret) 827 goto err_free_elements; 828 829 ret = -EINPROGRESS; 830 out: 831 /* Cleanup - all elements in pointer arrays have been copied */ 832 kfree(splits_in_nents); 833 kfree(splits_in); 834 kfree(splits_out_nents); 835 kfree(splits_out); 836 kfree(split_sizes); 837 return ret; 838 839 err_free_elements: 840 list_for_each_entry_safe(el, temp, &sec_req->elements, head) { 841 list_del(&el->head); 842 sec_alg_free_el(el, info); 843 } 844 if (crypto_skcipher_ivsize(atfm)) 845 dma_unmap_single(info->dev, sec_req->dma_iv, 846 crypto_skcipher_ivsize(atfm), 847 DMA_BIDIRECTIONAL); 848 err_unmap_out_sg: 849 if (split) 850 sec_unmap_sg_on_err(skreq->dst, steps, splits_out, 851 splits_out_nents, sec_req->len_out, 852 info->dev); 853 err_unmap_in_sg: 854 sec_unmap_sg_on_err(skreq->src, steps, splits_in, splits_in_nents, 855 sec_req->len_in, info->dev); 856 err_free_split_sizes: 857 kfree(split_sizes); 858 859 return ret; 860 } 861 862 static int sec_alg_skcipher_encrypt(struct skcipher_request *req) 863 { 864 return sec_alg_skcipher_crypto(req, true); 865 } 866 867 static int sec_alg_skcipher_decrypt(struct skcipher_request *req) 868 { 869 return sec_alg_skcipher_crypto(req, false); 870 } 871 872 static int sec_alg_skcipher_init(struct crypto_skcipher *tfm) 873 { 874 struct sec_alg_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); 875 876 mutex_init(&ctx->lock); 877 INIT_LIST_HEAD(&ctx->backlog); 878 crypto_skcipher_set_reqsize(tfm, sizeof(struct sec_request)); 879 880 ctx->queue = sec_queue_alloc_start_safe(); 881 if (IS_ERR(ctx->queue)) 882 return PTR_ERR(ctx->queue); 883 884 mutex_init(&ctx->queue->queuelock); 885 ctx->queue->havesoftqueue = false; 886 887 return 0; 888 } 889 890 static void sec_alg_skcipher_exit(struct crypto_skcipher *tfm) 891 { 892 struct sec_alg_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); 893 struct device *dev = ctx->queue->dev_info->dev; 894 895 if (ctx->key) { 896 memzero_explicit(ctx->key, SEC_MAX_CIPHER_KEY); 897 dma_free_coherent(dev, SEC_MAX_CIPHER_KEY, ctx->key, 898 ctx->pkey); 899 } 900 sec_queue_stop_release(ctx->queue); 901 } 902 903 static int sec_alg_skcipher_init_with_queue(struct crypto_skcipher *tfm) 904 { 905 struct sec_alg_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); 906 int ret; 907 908 ret = sec_alg_skcipher_init(tfm); 909 if (ret) 910 return ret; 911 912 INIT_KFIFO(ctx->queue->softqueue); 913 ret = kfifo_alloc(&ctx->queue->softqueue, 512, GFP_KERNEL); 914 if (ret) { 915 sec_alg_skcipher_exit(tfm); 916 return ret; 917 } 918 ctx->queue->havesoftqueue = true; 919 920 return 0; 921 } 922 923 static void sec_alg_skcipher_exit_with_queue(struct crypto_skcipher *tfm) 924 { 925 struct sec_alg_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); 926 927 kfifo_free(&ctx->queue->softqueue); 928 sec_alg_skcipher_exit(tfm); 929 } 930 931 static struct skcipher_alg sec_algs[] = { 932 { 933 .base = { 934 .cra_name = "ecb(aes)", 935 .cra_driver_name = "hisi_sec_aes_ecb", 936 .cra_priority = 4001, 937 .cra_flags = CRYPTO_ALG_ASYNC | 938 CRYPTO_ALG_ALLOCATES_MEMORY, 939 .cra_blocksize = AES_BLOCK_SIZE, 940 .cra_ctxsize = sizeof(struct sec_alg_tfm_ctx), 941 .cra_alignmask = 0, 942 .cra_module = THIS_MODULE, 943 }, 944 .init = sec_alg_skcipher_init, 945 .exit = sec_alg_skcipher_exit, 946 .setkey = sec_alg_skcipher_setkey_aes_ecb, 947 .decrypt = sec_alg_skcipher_decrypt, 948 .encrypt = sec_alg_skcipher_encrypt, 949 .min_keysize = AES_MIN_KEY_SIZE, 950 .max_keysize = AES_MAX_KEY_SIZE, 951 .ivsize = 0, 952 }, { 953 .base = { 954 .cra_name = "cbc(aes)", 955 .cra_driver_name = "hisi_sec_aes_cbc", 956 .cra_priority = 4001, 957 .cra_flags = CRYPTO_ALG_ASYNC | 958 CRYPTO_ALG_ALLOCATES_MEMORY, 959 .cra_blocksize = AES_BLOCK_SIZE, 960 .cra_ctxsize = sizeof(struct sec_alg_tfm_ctx), 961 .cra_alignmask = 0, 962 .cra_module = THIS_MODULE, 963 }, 964 .init = sec_alg_skcipher_init_with_queue, 965 .exit = sec_alg_skcipher_exit_with_queue, 966 .setkey = sec_alg_skcipher_setkey_aes_cbc, 967 .decrypt = sec_alg_skcipher_decrypt, 968 .encrypt = sec_alg_skcipher_encrypt, 969 .min_keysize = AES_MIN_KEY_SIZE, 970 .max_keysize = AES_MAX_KEY_SIZE, 971 .ivsize = AES_BLOCK_SIZE, 972 }, { 973 .base = { 974 .cra_name = "ctr(aes)", 975 .cra_driver_name = "hisi_sec_aes_ctr", 976 .cra_priority = 4001, 977 .cra_flags = CRYPTO_ALG_ASYNC | 978 CRYPTO_ALG_ALLOCATES_MEMORY, 979 .cra_blocksize = AES_BLOCK_SIZE, 980 .cra_ctxsize = sizeof(struct sec_alg_tfm_ctx), 981 .cra_alignmask = 0, 982 .cra_module = THIS_MODULE, 983 }, 984 .init = sec_alg_skcipher_init_with_queue, 985 .exit = sec_alg_skcipher_exit_with_queue, 986 .setkey = sec_alg_skcipher_setkey_aes_ctr, 987 .decrypt = sec_alg_skcipher_decrypt, 988 .encrypt = sec_alg_skcipher_encrypt, 989 .min_keysize = AES_MIN_KEY_SIZE, 990 .max_keysize = AES_MAX_KEY_SIZE, 991 .ivsize = AES_BLOCK_SIZE, 992 }, { 993 .base = { 994 .cra_name = "xts(aes)", 995 .cra_driver_name = "hisi_sec_aes_xts", 996 .cra_priority = 4001, 997 .cra_flags = CRYPTO_ALG_ASYNC | 998 CRYPTO_ALG_ALLOCATES_MEMORY, 999 .cra_blocksize = AES_BLOCK_SIZE, 1000 .cra_ctxsize = sizeof(struct sec_alg_tfm_ctx), 1001 .cra_alignmask = 0, 1002 .cra_module = THIS_MODULE, 1003 }, 1004 .init = sec_alg_skcipher_init, 1005 .exit = sec_alg_skcipher_exit, 1006 .setkey = sec_alg_skcipher_setkey_aes_xts, 1007 .decrypt = sec_alg_skcipher_decrypt, 1008 .encrypt = sec_alg_skcipher_encrypt, 1009 .min_keysize = 2 * AES_MIN_KEY_SIZE, 1010 .max_keysize = 2 * AES_MAX_KEY_SIZE, 1011 .ivsize = AES_BLOCK_SIZE, 1012 }, { 1013 /* Unable to find any test vectors so untested */ 1014 .base = { 1015 .cra_name = "ecb(des)", 1016 .cra_driver_name = "hisi_sec_des_ecb", 1017 .cra_priority = 4001, 1018 .cra_flags = CRYPTO_ALG_ASYNC | 1019 CRYPTO_ALG_ALLOCATES_MEMORY, 1020 .cra_blocksize = DES_BLOCK_SIZE, 1021 .cra_ctxsize = sizeof(struct sec_alg_tfm_ctx), 1022 .cra_alignmask = 0, 1023 .cra_module = THIS_MODULE, 1024 }, 1025 .init = sec_alg_skcipher_init, 1026 .exit = sec_alg_skcipher_exit, 1027 .setkey = sec_alg_skcipher_setkey_des_ecb, 1028 .decrypt = sec_alg_skcipher_decrypt, 1029 .encrypt = sec_alg_skcipher_encrypt, 1030 .min_keysize = DES_KEY_SIZE, 1031 .max_keysize = DES_KEY_SIZE, 1032 .ivsize = 0, 1033 }, { 1034 .base = { 1035 .cra_name = "cbc(des)", 1036 .cra_driver_name = "hisi_sec_des_cbc", 1037 .cra_priority = 4001, 1038 .cra_flags = CRYPTO_ALG_ASYNC | 1039 CRYPTO_ALG_ALLOCATES_MEMORY, 1040 .cra_blocksize = DES_BLOCK_SIZE, 1041 .cra_ctxsize = sizeof(struct sec_alg_tfm_ctx), 1042 .cra_alignmask = 0, 1043 .cra_module = THIS_MODULE, 1044 }, 1045 .init = sec_alg_skcipher_init_with_queue, 1046 .exit = sec_alg_skcipher_exit_with_queue, 1047 .setkey = sec_alg_skcipher_setkey_des_cbc, 1048 .decrypt = sec_alg_skcipher_decrypt, 1049 .encrypt = sec_alg_skcipher_encrypt, 1050 .min_keysize = DES_KEY_SIZE, 1051 .max_keysize = DES_KEY_SIZE, 1052 .ivsize = DES_BLOCK_SIZE, 1053 }, { 1054 .base = { 1055 .cra_name = "cbc(des3_ede)", 1056 .cra_driver_name = "hisi_sec_3des_cbc", 1057 .cra_priority = 4001, 1058 .cra_flags = CRYPTO_ALG_ASYNC | 1059 CRYPTO_ALG_ALLOCATES_MEMORY, 1060 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1061 .cra_ctxsize = sizeof(struct sec_alg_tfm_ctx), 1062 .cra_alignmask = 0, 1063 .cra_module = THIS_MODULE, 1064 }, 1065 .init = sec_alg_skcipher_init_with_queue, 1066 .exit = sec_alg_skcipher_exit_with_queue, 1067 .setkey = sec_alg_skcipher_setkey_3des_cbc, 1068 .decrypt = sec_alg_skcipher_decrypt, 1069 .encrypt = sec_alg_skcipher_encrypt, 1070 .min_keysize = DES3_EDE_KEY_SIZE, 1071 .max_keysize = DES3_EDE_KEY_SIZE, 1072 .ivsize = DES3_EDE_BLOCK_SIZE, 1073 }, { 1074 .base = { 1075 .cra_name = "ecb(des3_ede)", 1076 .cra_driver_name = "hisi_sec_3des_ecb", 1077 .cra_priority = 4001, 1078 .cra_flags = CRYPTO_ALG_ASYNC | 1079 CRYPTO_ALG_ALLOCATES_MEMORY, 1080 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1081 .cra_ctxsize = sizeof(struct sec_alg_tfm_ctx), 1082 .cra_alignmask = 0, 1083 .cra_module = THIS_MODULE, 1084 }, 1085 .init = sec_alg_skcipher_init, 1086 .exit = sec_alg_skcipher_exit, 1087 .setkey = sec_alg_skcipher_setkey_3des_ecb, 1088 .decrypt = sec_alg_skcipher_decrypt, 1089 .encrypt = sec_alg_skcipher_encrypt, 1090 .min_keysize = DES3_EDE_KEY_SIZE, 1091 .max_keysize = DES3_EDE_KEY_SIZE, 1092 .ivsize = 0, 1093 } 1094 }; 1095 1096 int sec_algs_register(void) 1097 { 1098 int ret = 0; 1099 1100 mutex_lock(&algs_lock); 1101 if (++active_devs != 1) 1102 goto unlock; 1103 1104 ret = crypto_register_skciphers(sec_algs, ARRAY_SIZE(sec_algs)); 1105 if (ret) 1106 --active_devs; 1107 unlock: 1108 mutex_unlock(&algs_lock); 1109 1110 return ret; 1111 } 1112 1113 void sec_algs_unregister(void) 1114 { 1115 mutex_lock(&algs_lock); 1116 if (--active_devs != 0) 1117 goto unlock; 1118 crypto_unregister_skciphers(sec_algs, ARRAY_SIZE(sec_algs)); 1119 1120 unlock: 1121 mutex_unlock(&algs_lock); 1122 } 1123