1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2017 Marvell
4  *
5  * Antoine Tenart <antoine.tenart@free-electrons.com>
6  */
7 
8 #include <crypto/aes.h>
9 #include <crypto/hmac.h>
10 #include <crypto/md5.h>
11 #include <crypto/sha1.h>
12 #include <crypto/sha2.h>
13 #include <crypto/sha3.h>
14 #include <crypto/skcipher.h>
15 #include <crypto/sm3.h>
16 #include <crypto/internal/cipher.h>
17 #include <linux/device.h>
18 #include <linux/dma-mapping.h>
19 #include <linux/dmapool.h>
20 
21 #include "safexcel.h"
22 
23 struct safexcel_ahash_ctx {
24 	struct safexcel_context base;
25 
26 	u32 alg;
27 	u8  key_sz;
28 	bool cbcmac;
29 	bool do_fallback;
30 	bool fb_init_done;
31 	bool fb_do_setkey;
32 
33 	struct crypto_aes_ctx *aes;
34 	struct crypto_ahash *fback;
35 	struct crypto_shash *shpre;
36 	struct shash_desc *shdesc;
37 };
38 
39 struct safexcel_ahash_req {
40 	bool last_req;
41 	bool finish;
42 	bool hmac;
43 	bool needs_inv;
44 	bool hmac_zlen;
45 	bool len_is_le;
46 	bool not_first;
47 	bool xcbcmac;
48 
49 	int nents;
50 	dma_addr_t result_dma;
51 
52 	u32 digest;
53 
54 	u8 state_sz;    /* expected state size, only set once */
55 	u8 block_sz;    /* block size, only set once */
56 	u8 digest_sz;   /* output digest size, only set once */
57 	__le32 state[SHA3_512_BLOCK_SIZE /
58 		     sizeof(__le32)] __aligned(sizeof(__le32));
59 
60 	u64 len;
61 	u64 processed;
62 
63 	u8 cache[HASH_CACHE_SIZE] __aligned(sizeof(u32));
64 	dma_addr_t cache_dma;
65 	unsigned int cache_sz;
66 
67 	u8 cache_next[HASH_CACHE_SIZE] __aligned(sizeof(u32));
68 };
69 
70 static inline u64 safexcel_queued_len(struct safexcel_ahash_req *req)
71 {
72 	return req->len - req->processed;
73 }
74 
75 static void safexcel_hash_token(struct safexcel_command_desc *cdesc,
76 				u32 input_length, u32 result_length,
77 				bool cbcmac)
78 {
79 	struct safexcel_token *token =
80 		(struct safexcel_token *)cdesc->control_data.token;
81 
82 	token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
83 	token[0].packet_length = input_length;
84 	token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;
85 
86 	input_length &= 15;
87 	if (unlikely(cbcmac && input_length)) {
88 		token[0].stat =  0;
89 		token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;
90 		token[1].packet_length = 16 - input_length;
91 		token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
92 		token[1].instructions = EIP197_TOKEN_INS_TYPE_HASH;
93 	} else {
94 		token[0].stat = EIP197_TOKEN_STAT_LAST_HASH;
95 		eip197_noop_token(&token[1]);
96 	}
97 
98 	token[2].opcode = EIP197_TOKEN_OPCODE_INSERT;
99 	token[2].stat = EIP197_TOKEN_STAT_LAST_HASH |
100 			EIP197_TOKEN_STAT_LAST_PACKET;
101 	token[2].packet_length = result_length;
102 	token[2].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |
103 				EIP197_TOKEN_INS_INSERT_HASH_DIGEST;
104 
105 	eip197_noop_token(&token[3]);
106 }
107 
108 static void safexcel_context_control(struct safexcel_ahash_ctx *ctx,
109 				     struct safexcel_ahash_req *req,
110 				     struct safexcel_command_desc *cdesc)
111 {
112 	struct safexcel_crypto_priv *priv = ctx->base.priv;
113 	u64 count = 0;
114 
115 	cdesc->control_data.control0 = ctx->alg;
116 	cdesc->control_data.control1 = 0;
117 
118 	/*
119 	 * Copy the input digest if needed, and setup the context
120 	 * fields. Do this now as we need it to setup the first command
121 	 * descriptor.
122 	 */
123 	if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM)) {
124 		if (req->xcbcmac)
125 			memcpy(ctx->base.ctxr->data, &ctx->base.ipad, ctx->key_sz);
126 		else
127 			memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
128 
129 		if (!req->finish && req->xcbcmac)
130 			cdesc->control_data.control0 |=
131 				CONTEXT_CONTROL_DIGEST_XCM |
132 				CONTEXT_CONTROL_TYPE_HASH_OUT  |
133 				CONTEXT_CONTROL_NO_FINISH_HASH |
134 				CONTEXT_CONTROL_SIZE(req->state_sz /
135 						     sizeof(u32));
136 		else
137 			cdesc->control_data.control0 |=
138 				CONTEXT_CONTROL_DIGEST_XCM |
139 				CONTEXT_CONTROL_TYPE_HASH_OUT  |
140 				CONTEXT_CONTROL_SIZE(req->state_sz /
141 						     sizeof(u32));
142 		return;
143 	} else if (!req->processed) {
144 		/* First - and possibly only - block of basic hash only */
145 		if (req->finish)
146 			cdesc->control_data.control0 |= req->digest |
147 				CONTEXT_CONTROL_TYPE_HASH_OUT |
148 				CONTEXT_CONTROL_RESTART_HASH  |
149 				/* ensure its not 0! */
150 				CONTEXT_CONTROL_SIZE(1);
151 		else
152 			cdesc->control_data.control0 |= req->digest |
153 				CONTEXT_CONTROL_TYPE_HASH_OUT  |
154 				CONTEXT_CONTROL_RESTART_HASH   |
155 				CONTEXT_CONTROL_NO_FINISH_HASH |
156 				/* ensure its not 0! */
157 				CONTEXT_CONTROL_SIZE(1);
158 		return;
159 	}
160 
161 	/* Hash continuation or HMAC, setup (inner) digest from state */
162 	memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
163 
164 	if (req->finish) {
165 		/* Compute digest count for hash/HMAC finish operations */
166 		if ((req->digest == CONTEXT_CONTROL_DIGEST_PRECOMPUTED) ||
167 		    req->hmac_zlen || (req->processed != req->block_sz)) {
168 			count = req->processed / EIP197_COUNTER_BLOCK_SIZE;
169 
170 			/* This is a hardware limitation, as the
171 			 * counter must fit into an u32. This represents
172 			 * a fairly big amount of input data, so we
173 			 * shouldn't see this.
174 			 */
175 			if (unlikely(count & 0xffffffff00000000ULL)) {
176 				dev_warn(priv->dev,
177 					 "Input data is too big\n");
178 				return;
179 			}
180 		}
181 
182 		if ((req->digest == CONTEXT_CONTROL_DIGEST_PRECOMPUTED) ||
183 		    /* Special case: zero length HMAC */
184 		    req->hmac_zlen ||
185 		    /* PE HW < 4.4 cannot do HMAC continue, fake using hash */
186 		    (req->processed != req->block_sz)) {
187 			/* Basic hash continue operation, need digest + cnt */
188 			cdesc->control_data.control0 |=
189 				CONTEXT_CONTROL_SIZE((req->state_sz >> 2) + 1) |
190 				CONTEXT_CONTROL_TYPE_HASH_OUT |
191 				CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
192 			/* For zero-len HMAC, don't finalize, already padded! */
193 			if (req->hmac_zlen)
194 				cdesc->control_data.control0 |=
195 					CONTEXT_CONTROL_NO_FINISH_HASH;
196 			cdesc->control_data.control1 |=
197 				CONTEXT_CONTROL_DIGEST_CNT;
198 			ctx->base.ctxr->data[req->state_sz >> 2] =
199 				cpu_to_le32(count);
200 			req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
201 
202 			/* Clear zero-length HMAC flag for next operation! */
203 			req->hmac_zlen = false;
204 		} else { /* HMAC */
205 			/* Need outer digest for HMAC finalization */
206 			memcpy(ctx->base.ctxr->data + (req->state_sz >> 2),
207 			       &ctx->base.opad, req->state_sz);
208 
209 			/* Single pass HMAC - no digest count */
210 			cdesc->control_data.control0 |=
211 				CONTEXT_CONTROL_SIZE(req->state_sz >> 1) |
212 				CONTEXT_CONTROL_TYPE_HASH_OUT |
213 				CONTEXT_CONTROL_DIGEST_HMAC;
214 		}
215 	} else { /* Hash continuation, do not finish yet */
216 		cdesc->control_data.control0 |=
217 			CONTEXT_CONTROL_SIZE(req->state_sz >> 2) |
218 			CONTEXT_CONTROL_DIGEST_PRECOMPUTED |
219 			CONTEXT_CONTROL_TYPE_HASH_OUT |
220 			CONTEXT_CONTROL_NO_FINISH_HASH;
221 	}
222 }
223 
224 static int safexcel_ahash_enqueue(struct ahash_request *areq);
225 
226 static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv,
227 				      int ring,
228 				      struct crypto_async_request *async,
229 				      bool *should_complete, int *ret)
230 {
231 	struct safexcel_result_desc *rdesc;
232 	struct ahash_request *areq = ahash_request_cast(async);
233 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq);
234 	struct safexcel_ahash_req *sreq = ahash_request_ctx_dma(areq);
235 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(ahash);
236 	u64 cache_len;
237 
238 	*ret = 0;
239 
240 	rdesc = safexcel_ring_next_rptr(priv, &priv->ring[ring].rdr);
241 	if (IS_ERR(rdesc)) {
242 		dev_err(priv->dev,
243 			"hash: result: could not retrieve the result descriptor\n");
244 		*ret = PTR_ERR(rdesc);
245 	} else {
246 		*ret = safexcel_rdesc_check_errors(priv, rdesc);
247 	}
248 
249 	safexcel_complete(priv, ring);
250 
251 	if (sreq->nents) {
252 		dma_unmap_sg(priv->dev, areq->src, sreq->nents, DMA_TO_DEVICE);
253 		sreq->nents = 0;
254 	}
255 
256 	if (sreq->result_dma) {
257 		dma_unmap_single(priv->dev, sreq->result_dma, sreq->digest_sz,
258 				 DMA_FROM_DEVICE);
259 		sreq->result_dma = 0;
260 	}
261 
262 	if (sreq->cache_dma) {
263 		dma_unmap_single(priv->dev, sreq->cache_dma, sreq->cache_sz,
264 				 DMA_TO_DEVICE);
265 		sreq->cache_dma = 0;
266 		sreq->cache_sz = 0;
267 	}
268 
269 	if (sreq->finish) {
270 		if (sreq->hmac &&
271 		    (sreq->digest != CONTEXT_CONTROL_DIGEST_HMAC)) {
272 			/* Faking HMAC using hash - need to do outer hash */
273 			memcpy(sreq->cache, sreq->state,
274 			       crypto_ahash_digestsize(ahash));
275 
276 			memcpy(sreq->state, &ctx->base.opad, sreq->digest_sz);
277 
278 			sreq->len = sreq->block_sz +
279 				    crypto_ahash_digestsize(ahash);
280 			sreq->processed = sreq->block_sz;
281 			sreq->hmac = 0;
282 
283 			if (priv->flags & EIP197_TRC_CACHE)
284 				ctx->base.needs_inv = true;
285 			areq->nbytes = 0;
286 			safexcel_ahash_enqueue(areq);
287 
288 			*should_complete = false; /* Not done yet */
289 			return 1;
290 		}
291 
292 		if (unlikely(sreq->digest == CONTEXT_CONTROL_DIGEST_XCM &&
293 			     ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_CRC32)) {
294 			/* Undo final XOR with 0xffffffff ...*/
295 			*(__le32 *)areq->result = ~sreq->state[0];
296 		} else {
297 			memcpy(areq->result, sreq->state,
298 			       crypto_ahash_digestsize(ahash));
299 		}
300 	}
301 
302 	cache_len = safexcel_queued_len(sreq);
303 	if (cache_len)
304 		memcpy(sreq->cache, sreq->cache_next, cache_len);
305 
306 	*should_complete = true;
307 
308 	return 1;
309 }
310 
311 static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,
312 				   int *commands, int *results)
313 {
314 	struct ahash_request *areq = ahash_request_cast(async);
315 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
316 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
317 	struct safexcel_crypto_priv *priv = ctx->base.priv;
318 	struct safexcel_command_desc *cdesc, *first_cdesc = NULL;
319 	struct safexcel_result_desc *rdesc;
320 	struct scatterlist *sg;
321 	struct safexcel_token *dmmy;
322 	int i, extra = 0, n_cdesc = 0, ret = 0, cache_len, skip = 0;
323 	u64 queued, len;
324 
325 	queued = safexcel_queued_len(req);
326 	if (queued <= HASH_CACHE_SIZE)
327 		cache_len = queued;
328 	else
329 		cache_len = queued - areq->nbytes;
330 
331 	if (!req->finish && !req->last_req) {
332 		/* If this is not the last request and the queued data does not
333 		 * fit into full cache blocks, cache it for the next send call.
334 		 */
335 		extra = queued & (HASH_CACHE_SIZE - 1);
336 
337 		/* If this is not the last request and the queued data
338 		 * is a multiple of a block, cache the last one for now.
339 		 */
340 		if (!extra)
341 			extra = HASH_CACHE_SIZE;
342 
343 		sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),
344 				   req->cache_next, extra,
345 				   areq->nbytes - extra);
346 
347 		queued -= extra;
348 
349 		if (!queued) {
350 			*commands = 0;
351 			*results = 0;
352 			return 0;
353 		}
354 
355 		extra = 0;
356 	}
357 
358 	if (unlikely(req->xcbcmac && req->processed > AES_BLOCK_SIZE)) {
359 		if (unlikely(cache_len < AES_BLOCK_SIZE)) {
360 			/*
361 			 * Cache contains less than 1 full block, complete.
362 			 */
363 			extra = AES_BLOCK_SIZE - cache_len;
364 			if (queued > cache_len) {
365 				/* More data follows: borrow bytes */
366 				u64 tmp = queued - cache_len;
367 
368 				skip = min_t(u64, tmp, extra);
369 				sg_pcopy_to_buffer(areq->src,
370 					sg_nents(areq->src),
371 					req->cache + cache_len,
372 					skip, 0);
373 			}
374 			extra -= skip;
375 			memset(req->cache + cache_len + skip, 0, extra);
376 			if (!ctx->cbcmac && extra) {
377 				// 10- padding for XCBCMAC & CMAC
378 				req->cache[cache_len + skip] = 0x80;
379 				// HW will use K2 iso K3 - compensate!
380 				for (i = 0; i < AES_BLOCK_SIZE / 4; i++) {
381 					u32 *cache = (void *)req->cache;
382 					u32 *ipad = ctx->base.ipad.word;
383 					u32 x;
384 
385 					x = ipad[i] ^ ipad[i + 4];
386 					cache[i] ^= swab32(x);
387 				}
388 			}
389 			cache_len = AES_BLOCK_SIZE;
390 			queued = queued + extra;
391 		}
392 
393 		/* XCBC continue: XOR previous result into 1st word */
394 		crypto_xor(req->cache, (const u8 *)req->state, AES_BLOCK_SIZE);
395 	}
396 
397 	len = queued;
398 	/* Add a command descriptor for the cached data, if any */
399 	if (cache_len) {
400 		req->cache_dma = dma_map_single(priv->dev, req->cache,
401 						cache_len, DMA_TO_DEVICE);
402 		if (dma_mapping_error(priv->dev, req->cache_dma))
403 			return -EINVAL;
404 
405 		req->cache_sz = cache_len;
406 		first_cdesc = safexcel_add_cdesc(priv, ring, 1,
407 						 (cache_len == len),
408 						 req->cache_dma, cache_len,
409 						 len, ctx->base.ctxr_dma,
410 						 &dmmy);
411 		if (IS_ERR(first_cdesc)) {
412 			ret = PTR_ERR(first_cdesc);
413 			goto unmap_cache;
414 		}
415 		n_cdesc++;
416 
417 		queued -= cache_len;
418 		if (!queued)
419 			goto send_command;
420 	}
421 
422 	/* Now handle the current ahash request buffer(s) */
423 	req->nents = dma_map_sg(priv->dev, areq->src,
424 				sg_nents_for_len(areq->src,
425 						 areq->nbytes),
426 				DMA_TO_DEVICE);
427 	if (!req->nents) {
428 		ret = -ENOMEM;
429 		goto cdesc_rollback;
430 	}
431 
432 	for_each_sg(areq->src, sg, req->nents, i) {
433 		int sglen = sg_dma_len(sg);
434 
435 		if (unlikely(sglen <= skip)) {
436 			skip -= sglen;
437 			continue;
438 		}
439 
440 		/* Do not overflow the request */
441 		if ((queued + skip) <= sglen)
442 			sglen = queued;
443 		else
444 			sglen -= skip;
445 
446 		cdesc = safexcel_add_cdesc(priv, ring, !n_cdesc,
447 					   !(queued - sglen),
448 					   sg_dma_address(sg) + skip, sglen,
449 					   len, ctx->base.ctxr_dma, &dmmy);
450 		if (IS_ERR(cdesc)) {
451 			ret = PTR_ERR(cdesc);
452 			goto unmap_sg;
453 		}
454 
455 		if (!n_cdesc)
456 			first_cdesc = cdesc;
457 		n_cdesc++;
458 
459 		queued -= sglen;
460 		if (!queued)
461 			break;
462 		skip = 0;
463 	}
464 
465 send_command:
466 	/* Setup the context options */
467 	safexcel_context_control(ctx, req, first_cdesc);
468 
469 	/* Add the token */
470 	safexcel_hash_token(first_cdesc, len, req->digest_sz, ctx->cbcmac);
471 
472 	req->result_dma = dma_map_single(priv->dev, req->state, req->digest_sz,
473 					 DMA_FROM_DEVICE);
474 	if (dma_mapping_error(priv->dev, req->result_dma)) {
475 		ret = -EINVAL;
476 		goto unmap_sg;
477 	}
478 
479 	/* Add a result descriptor */
480 	rdesc = safexcel_add_rdesc(priv, ring, 1, 1, req->result_dma,
481 				   req->digest_sz);
482 	if (IS_ERR(rdesc)) {
483 		ret = PTR_ERR(rdesc);
484 		goto unmap_result;
485 	}
486 
487 	safexcel_rdr_req_set(priv, ring, rdesc, &areq->base);
488 
489 	req->processed += len - extra;
490 
491 	*commands = n_cdesc;
492 	*results = 1;
493 	return 0;
494 
495 unmap_result:
496 	dma_unmap_single(priv->dev, req->result_dma, req->digest_sz,
497 			 DMA_FROM_DEVICE);
498 unmap_sg:
499 	if (req->nents) {
500 		dma_unmap_sg(priv->dev, areq->src, req->nents, DMA_TO_DEVICE);
501 		req->nents = 0;
502 	}
503 cdesc_rollback:
504 	for (i = 0; i < n_cdesc; i++)
505 		safexcel_ring_rollback_wptr(priv, &priv->ring[ring].cdr);
506 unmap_cache:
507 	if (req->cache_dma) {
508 		dma_unmap_single(priv->dev, req->cache_dma, req->cache_sz,
509 				 DMA_TO_DEVICE);
510 		req->cache_dma = 0;
511 		req->cache_sz = 0;
512 	}
513 
514 	return ret;
515 }
516 
517 static int safexcel_handle_inv_result(struct safexcel_crypto_priv *priv,
518 				      int ring,
519 				      struct crypto_async_request *async,
520 				      bool *should_complete, int *ret)
521 {
522 	struct safexcel_result_desc *rdesc;
523 	struct ahash_request *areq = ahash_request_cast(async);
524 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq);
525 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(ahash);
526 	int enq_ret;
527 
528 	*ret = 0;
529 
530 	rdesc = safexcel_ring_next_rptr(priv, &priv->ring[ring].rdr);
531 	if (IS_ERR(rdesc)) {
532 		dev_err(priv->dev,
533 			"hash: invalidate: could not retrieve the result descriptor\n");
534 		*ret = PTR_ERR(rdesc);
535 	} else {
536 		*ret = safexcel_rdesc_check_errors(priv, rdesc);
537 	}
538 
539 	safexcel_complete(priv, ring);
540 
541 	if (ctx->base.exit_inv) {
542 		dma_pool_free(priv->context_pool, ctx->base.ctxr,
543 			      ctx->base.ctxr_dma);
544 
545 		*should_complete = true;
546 		return 1;
547 	}
548 
549 	ring = safexcel_select_ring(priv);
550 	ctx->base.ring = ring;
551 
552 	spin_lock_bh(&priv->ring[ring].queue_lock);
553 	enq_ret = crypto_enqueue_request(&priv->ring[ring].queue, async);
554 	spin_unlock_bh(&priv->ring[ring].queue_lock);
555 
556 	if (enq_ret != -EINPROGRESS)
557 		*ret = enq_ret;
558 
559 	queue_work(priv->ring[ring].workqueue,
560 		   &priv->ring[ring].work_data.work);
561 
562 	*should_complete = false;
563 
564 	return 1;
565 }
566 
567 static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring,
568 				  struct crypto_async_request *async,
569 				  bool *should_complete, int *ret)
570 {
571 	struct ahash_request *areq = ahash_request_cast(async);
572 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
573 	int err;
574 
575 	BUG_ON(!(priv->flags & EIP197_TRC_CACHE) && req->needs_inv);
576 
577 	if (req->needs_inv) {
578 		req->needs_inv = false;
579 		err = safexcel_handle_inv_result(priv, ring, async,
580 						 should_complete, ret);
581 	} else {
582 		err = safexcel_handle_req_result(priv, ring, async,
583 						 should_complete, ret);
584 	}
585 
586 	return err;
587 }
588 
589 static int safexcel_ahash_send_inv(struct crypto_async_request *async,
590 				   int ring, int *commands, int *results)
591 {
592 	struct ahash_request *areq = ahash_request_cast(async);
593 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
594 	int ret;
595 
596 	ret = safexcel_invalidate_cache(async, ctx->base.priv,
597 					ctx->base.ctxr_dma, ring);
598 	if (unlikely(ret))
599 		return ret;
600 
601 	*commands = 1;
602 	*results = 1;
603 
604 	return 0;
605 }
606 
607 static int safexcel_ahash_send(struct crypto_async_request *async,
608 			       int ring, int *commands, int *results)
609 {
610 	struct ahash_request *areq = ahash_request_cast(async);
611 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
612 	int ret;
613 
614 	if (req->needs_inv)
615 		ret = safexcel_ahash_send_inv(async, ring, commands, results);
616 	else
617 		ret = safexcel_ahash_send_req(async, ring, commands, results);
618 
619 	return ret;
620 }
621 
622 static int safexcel_ahash_exit_inv(struct crypto_tfm *tfm)
623 {
624 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
625 	struct safexcel_crypto_priv *priv = ctx->base.priv;
626 	EIP197_REQUEST_ON_STACK(req, ahash, EIP197_AHASH_REQ_SIZE);
627 	struct safexcel_ahash_req *rctx = ahash_request_ctx_dma(req);
628 	DECLARE_CRYPTO_WAIT(result);
629 	int ring = ctx->base.ring;
630 	int err;
631 
632 	memset(req, 0, EIP197_AHASH_REQ_SIZE);
633 
634 	/* create invalidation request */
635 	init_completion(&result.completion);
636 	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
637 				   crypto_req_done, &result);
638 
639 	ahash_request_set_tfm(req, __crypto_ahash_cast(tfm));
640 	ctx = crypto_tfm_ctx(req->base.tfm);
641 	ctx->base.exit_inv = true;
642 	rctx->needs_inv = true;
643 
644 	spin_lock_bh(&priv->ring[ring].queue_lock);
645 	crypto_enqueue_request(&priv->ring[ring].queue, &req->base);
646 	spin_unlock_bh(&priv->ring[ring].queue_lock);
647 
648 	queue_work(priv->ring[ring].workqueue,
649 		   &priv->ring[ring].work_data.work);
650 
651 	err = crypto_wait_req(-EINPROGRESS, &result);
652 
653 	if (err) {
654 		dev_warn(priv->dev, "hash: completion error (%d)\n", err);
655 		return err;
656 	}
657 
658 	return 0;
659 }
660 
661 /* safexcel_ahash_cache: cache data until at least one request can be sent to
662  * the engine, aka. when there is at least 1 block size in the pipe.
663  */
664 static int safexcel_ahash_cache(struct ahash_request *areq)
665 {
666 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
667 	u64 cache_len;
668 
669 	/* cache_len: everything accepted by the driver but not sent yet,
670 	 * tot sz handled by update() - last req sz - tot sz handled by send()
671 	 */
672 	cache_len = safexcel_queued_len(req);
673 
674 	/*
675 	 * In case there isn't enough bytes to proceed (less than a
676 	 * block size), cache the data until we have enough.
677 	 */
678 	if (cache_len + areq->nbytes <= HASH_CACHE_SIZE) {
679 		sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),
680 				   req->cache + cache_len,
681 				   areq->nbytes, 0);
682 		return 0;
683 	}
684 
685 	/* We couldn't cache all the data */
686 	return -E2BIG;
687 }
688 
689 static int safexcel_ahash_enqueue(struct ahash_request *areq)
690 {
691 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
692 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
693 	struct safexcel_crypto_priv *priv = ctx->base.priv;
694 	int ret, ring;
695 
696 	req->needs_inv = false;
697 
698 	if (ctx->base.ctxr) {
699 		if (priv->flags & EIP197_TRC_CACHE && !ctx->base.needs_inv &&
700 		     /* invalidate for *any* non-XCBC continuation */
701 		   ((req->not_first && !req->xcbcmac) ||
702 		     /* invalidate if (i)digest changed */
703 		     memcmp(ctx->base.ctxr->data, req->state, req->state_sz) ||
704 		     /* invalidate for HMAC finish with odigest changed */
705 		     (req->finish && req->hmac &&
706 		      memcmp(ctx->base.ctxr->data + (req->state_sz>>2),
707 			     &ctx->base.opad, req->state_sz))))
708 			/*
709 			 * We're still setting needs_inv here, even though it is
710 			 * cleared right away, because the needs_inv flag can be
711 			 * set in other functions and we want to keep the same
712 			 * logic.
713 			 */
714 			ctx->base.needs_inv = true;
715 
716 		if (ctx->base.needs_inv) {
717 			ctx->base.needs_inv = false;
718 			req->needs_inv = true;
719 		}
720 	} else {
721 		ctx->base.ring = safexcel_select_ring(priv);
722 		ctx->base.ctxr = dma_pool_zalloc(priv->context_pool,
723 						 EIP197_GFP_FLAGS(areq->base),
724 						 &ctx->base.ctxr_dma);
725 		if (!ctx->base.ctxr)
726 			return -ENOMEM;
727 	}
728 	req->not_first = true;
729 
730 	ring = ctx->base.ring;
731 
732 	spin_lock_bh(&priv->ring[ring].queue_lock);
733 	ret = crypto_enqueue_request(&priv->ring[ring].queue, &areq->base);
734 	spin_unlock_bh(&priv->ring[ring].queue_lock);
735 
736 	queue_work(priv->ring[ring].workqueue,
737 		   &priv->ring[ring].work_data.work);
738 
739 	return ret;
740 }
741 
742 static int safexcel_ahash_update(struct ahash_request *areq)
743 {
744 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
745 	int ret;
746 
747 	/* If the request is 0 length, do nothing */
748 	if (!areq->nbytes)
749 		return 0;
750 
751 	/* Add request to the cache if it fits */
752 	ret = safexcel_ahash_cache(areq);
753 
754 	/* Update total request length */
755 	req->len += areq->nbytes;
756 
757 	/* If not all data could fit into the cache, go process the excess.
758 	 * Also go process immediately for an HMAC IV precompute, which
759 	 * will never be finished at all, but needs to be processed anyway.
760 	 */
761 	if ((ret && !req->finish) || req->last_req)
762 		return safexcel_ahash_enqueue(areq);
763 
764 	return 0;
765 }
766 
767 static int safexcel_ahash_final(struct ahash_request *areq)
768 {
769 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
770 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
771 
772 	req->finish = true;
773 
774 	if (unlikely(!req->len && !areq->nbytes)) {
775 		/*
776 		 * If we have an overall 0 length *hash* request:
777 		 * The HW cannot do 0 length hash, so we provide the correct
778 		 * result directly here.
779 		 */
780 		if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_MD5)
781 			memcpy(areq->result, md5_zero_message_hash,
782 			       MD5_DIGEST_SIZE);
783 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA1)
784 			memcpy(areq->result, sha1_zero_message_hash,
785 			       SHA1_DIGEST_SIZE);
786 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA224)
787 			memcpy(areq->result, sha224_zero_message_hash,
788 			       SHA224_DIGEST_SIZE);
789 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA256)
790 			memcpy(areq->result, sha256_zero_message_hash,
791 			       SHA256_DIGEST_SIZE);
792 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA384)
793 			memcpy(areq->result, sha384_zero_message_hash,
794 			       SHA384_DIGEST_SIZE);
795 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA512)
796 			memcpy(areq->result, sha512_zero_message_hash,
797 			       SHA512_DIGEST_SIZE);
798 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SM3) {
799 			memcpy(areq->result,
800 			       EIP197_SM3_ZEROM_HASH, SM3_DIGEST_SIZE);
801 		}
802 
803 		return 0;
804 	} else if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM &&
805 			    ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_MD5 &&
806 			    req->len == sizeof(u32) && !areq->nbytes)) {
807 		/* Zero length CRC32 */
808 		memcpy(areq->result, &ctx->base.ipad, sizeof(u32));
809 		return 0;
810 	} else if (unlikely(ctx->cbcmac && req->len == AES_BLOCK_SIZE &&
811 			    !areq->nbytes)) {
812 		/* Zero length CBC MAC */
813 		memset(areq->result, 0, AES_BLOCK_SIZE);
814 		return 0;
815 	} else if (unlikely(req->xcbcmac && req->len == AES_BLOCK_SIZE &&
816 			    !areq->nbytes)) {
817 		/* Zero length (X)CBC/CMAC */
818 		int i;
819 
820 		for (i = 0; i < AES_BLOCK_SIZE / sizeof(u32); i++) {
821 			u32 *result = (void *)areq->result;
822 
823 			/* K3 */
824 			result[i] = swab32(ctx->base.ipad.word[i + 4]);
825 		}
826 		areq->result[0] ^= 0x80;			// 10- padding
827 		aes_encrypt(ctx->aes, areq->result, areq->result);
828 		return 0;
829 	} else if (unlikely(req->hmac &&
830 			    (req->len == req->block_sz) &&
831 			    !areq->nbytes)) {
832 		/*
833 		 * If we have an overall 0 length *HMAC* request:
834 		 * For HMAC, we need to finalize the inner digest
835 		 * and then perform the outer hash.
836 		 */
837 
838 		/* generate pad block in the cache */
839 		/* start with a hash block of all zeroes */
840 		memset(req->cache, 0, req->block_sz);
841 		/* set the first byte to 0x80 to 'append a 1 bit' */
842 		req->cache[0] = 0x80;
843 		/* add the length in bits in the last 2 bytes */
844 		if (req->len_is_le) {
845 			/* Little endian length word (e.g. MD5) */
846 			req->cache[req->block_sz-8] = (req->block_sz << 3) &
847 						      255;
848 			req->cache[req->block_sz-7] = (req->block_sz >> 5);
849 		} else {
850 			/* Big endian length word (e.g. any SHA) */
851 			req->cache[req->block_sz-2] = (req->block_sz >> 5);
852 			req->cache[req->block_sz-1] = (req->block_sz << 3) &
853 						      255;
854 		}
855 
856 		req->len += req->block_sz; /* plus 1 hash block */
857 
858 		/* Set special zero-length HMAC flag */
859 		req->hmac_zlen = true;
860 
861 		/* Finalize HMAC */
862 		req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
863 	} else if (req->hmac) {
864 		/* Finalize HMAC */
865 		req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
866 	}
867 
868 	return safexcel_ahash_enqueue(areq);
869 }
870 
871 static int safexcel_ahash_finup(struct ahash_request *areq)
872 {
873 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
874 
875 	req->finish = true;
876 
877 	safexcel_ahash_update(areq);
878 	return safexcel_ahash_final(areq);
879 }
880 
881 static int safexcel_ahash_export(struct ahash_request *areq, void *out)
882 {
883 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
884 	struct safexcel_ahash_export_state *export = out;
885 
886 	export->len = req->len;
887 	export->processed = req->processed;
888 
889 	export->digest = req->digest;
890 
891 	memcpy(export->state, req->state, req->state_sz);
892 	memcpy(export->cache, req->cache, HASH_CACHE_SIZE);
893 
894 	return 0;
895 }
896 
897 static int safexcel_ahash_import(struct ahash_request *areq, const void *in)
898 {
899 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
900 	const struct safexcel_ahash_export_state *export = in;
901 	int ret;
902 
903 	ret = crypto_ahash_init(areq);
904 	if (ret)
905 		return ret;
906 
907 	req->len = export->len;
908 	req->processed = export->processed;
909 
910 	req->digest = export->digest;
911 
912 	memcpy(req->cache, export->cache, HASH_CACHE_SIZE);
913 	memcpy(req->state, export->state, req->state_sz);
914 
915 	return 0;
916 }
917 
918 static int safexcel_ahash_cra_init(struct crypto_tfm *tfm)
919 {
920 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
921 	struct safexcel_alg_template *tmpl =
922 		container_of(__crypto_ahash_alg(tfm->__crt_alg),
923 			     struct safexcel_alg_template, alg.ahash);
924 
925 	ctx->base.priv = tmpl->priv;
926 	ctx->base.send = safexcel_ahash_send;
927 	ctx->base.handle_result = safexcel_handle_result;
928 	ctx->fb_do_setkey = false;
929 
930 	crypto_ahash_set_reqsize_dma(__crypto_ahash_cast(tfm),
931 				     sizeof(struct safexcel_ahash_req));
932 	return 0;
933 }
934 
935 static int safexcel_sha1_init(struct ahash_request *areq)
936 {
937 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
938 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
939 
940 	memset(req, 0, sizeof(*req));
941 
942 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1;
943 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
944 	req->state_sz = SHA1_DIGEST_SIZE;
945 	req->digest_sz = SHA1_DIGEST_SIZE;
946 	req->block_sz = SHA1_BLOCK_SIZE;
947 
948 	return 0;
949 }
950 
951 static int safexcel_sha1_digest(struct ahash_request *areq)
952 {
953 	int ret = safexcel_sha1_init(areq);
954 
955 	if (ret)
956 		return ret;
957 
958 	return safexcel_ahash_finup(areq);
959 }
960 
961 static void safexcel_ahash_cra_exit(struct crypto_tfm *tfm)
962 {
963 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
964 	struct safexcel_crypto_priv *priv = ctx->base.priv;
965 	int ret;
966 
967 	/* context not allocated, skip invalidation */
968 	if (!ctx->base.ctxr)
969 		return;
970 
971 	if (priv->flags & EIP197_TRC_CACHE) {
972 		ret = safexcel_ahash_exit_inv(tfm);
973 		if (ret)
974 			dev_warn(priv->dev, "hash: invalidation error %d\n", ret);
975 	} else {
976 		dma_pool_free(priv->context_pool, ctx->base.ctxr,
977 			      ctx->base.ctxr_dma);
978 	}
979 }
980 
981 struct safexcel_alg_template safexcel_alg_sha1 = {
982 	.type = SAFEXCEL_ALG_TYPE_AHASH,
983 	.algo_mask = SAFEXCEL_ALG_SHA1,
984 	.alg.ahash = {
985 		.init = safexcel_sha1_init,
986 		.update = safexcel_ahash_update,
987 		.final = safexcel_ahash_final,
988 		.finup = safexcel_ahash_finup,
989 		.digest = safexcel_sha1_digest,
990 		.export = safexcel_ahash_export,
991 		.import = safexcel_ahash_import,
992 		.halg = {
993 			.digestsize = SHA1_DIGEST_SIZE,
994 			.statesize = sizeof(struct safexcel_ahash_export_state),
995 			.base = {
996 				.cra_name = "sha1",
997 				.cra_driver_name = "safexcel-sha1",
998 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
999 				.cra_flags = CRYPTO_ALG_ASYNC |
1000 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1001 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1002 				.cra_blocksize = SHA1_BLOCK_SIZE,
1003 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1004 				.cra_init = safexcel_ahash_cra_init,
1005 				.cra_exit = safexcel_ahash_cra_exit,
1006 				.cra_module = THIS_MODULE,
1007 			},
1008 		},
1009 	},
1010 };
1011 
1012 static int safexcel_hmac_sha1_init(struct ahash_request *areq)
1013 {
1014 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1015 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1016 
1017 	memset(req, 0, sizeof(*req));
1018 
1019 	/* Start from ipad precompute */
1020 	memcpy(req->state, &ctx->base.ipad, SHA1_DIGEST_SIZE);
1021 	/* Already processed the key^ipad part now! */
1022 	req->len	= SHA1_BLOCK_SIZE;
1023 	req->processed	= SHA1_BLOCK_SIZE;
1024 
1025 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1;
1026 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1027 	req->state_sz = SHA1_DIGEST_SIZE;
1028 	req->digest_sz = SHA1_DIGEST_SIZE;
1029 	req->block_sz = SHA1_BLOCK_SIZE;
1030 	req->hmac = true;
1031 
1032 	return 0;
1033 }
1034 
1035 static int safexcel_hmac_sha1_digest(struct ahash_request *areq)
1036 {
1037 	int ret = safexcel_hmac_sha1_init(areq);
1038 
1039 	if (ret)
1040 		return ret;
1041 
1042 	return safexcel_ahash_finup(areq);
1043 }
1044 
1045 static int safexcel_hmac_init_pad(struct ahash_request *areq,
1046 				  unsigned int blocksize, const u8 *key,
1047 				  unsigned int keylen, u8 *ipad, u8 *opad)
1048 {
1049 	DECLARE_CRYPTO_WAIT(result);
1050 	struct scatterlist sg;
1051 	int ret, i;
1052 	u8 *keydup;
1053 
1054 	if (keylen <= blocksize) {
1055 		memcpy(ipad, key, keylen);
1056 	} else {
1057 		keydup = kmemdup(key, keylen, GFP_KERNEL);
1058 		if (!keydup)
1059 			return -ENOMEM;
1060 
1061 		ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_BACKLOG,
1062 					   crypto_req_done, &result);
1063 		sg_init_one(&sg, keydup, keylen);
1064 		ahash_request_set_crypt(areq, &sg, ipad, keylen);
1065 
1066 		ret = crypto_ahash_digest(areq);
1067 		ret = crypto_wait_req(ret, &result);
1068 
1069 		/* Avoid leaking */
1070 		kfree_sensitive(keydup);
1071 
1072 		if (ret)
1073 			return ret;
1074 
1075 		keylen = crypto_ahash_digestsize(crypto_ahash_reqtfm(areq));
1076 	}
1077 
1078 	memset(ipad + keylen, 0, blocksize - keylen);
1079 	memcpy(opad, ipad, blocksize);
1080 
1081 	for (i = 0; i < blocksize; i++) {
1082 		ipad[i] ^= HMAC_IPAD_VALUE;
1083 		opad[i] ^= HMAC_OPAD_VALUE;
1084 	}
1085 
1086 	return 0;
1087 }
1088 
1089 static int safexcel_hmac_init_iv(struct ahash_request *areq,
1090 				 unsigned int blocksize, u8 *pad, void *state)
1091 {
1092 	struct safexcel_ahash_req *req;
1093 	DECLARE_CRYPTO_WAIT(result);
1094 	struct scatterlist sg;
1095 	int ret;
1096 
1097 	ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_BACKLOG,
1098 				   crypto_req_done, &result);
1099 	sg_init_one(&sg, pad, blocksize);
1100 	ahash_request_set_crypt(areq, &sg, pad, blocksize);
1101 
1102 	ret = crypto_ahash_init(areq);
1103 	if (ret)
1104 		return ret;
1105 
1106 	req = ahash_request_ctx_dma(areq);
1107 	req->hmac = true;
1108 	req->last_req = true;
1109 
1110 	ret = crypto_ahash_update(areq);
1111 	ret = crypto_wait_req(ret, &result);
1112 
1113 	return ret ?: crypto_ahash_export(areq, state);
1114 }
1115 
1116 static int __safexcel_hmac_setkey(const char *alg, const u8 *key,
1117 				  unsigned int keylen,
1118 				  void *istate, void *ostate)
1119 {
1120 	struct ahash_request *areq;
1121 	struct crypto_ahash *tfm;
1122 	unsigned int blocksize;
1123 	u8 *ipad, *opad;
1124 	int ret;
1125 
1126 	tfm = crypto_alloc_ahash(alg, 0, 0);
1127 	if (IS_ERR(tfm))
1128 		return PTR_ERR(tfm);
1129 
1130 	areq = ahash_request_alloc(tfm, GFP_KERNEL);
1131 	if (!areq) {
1132 		ret = -ENOMEM;
1133 		goto free_ahash;
1134 	}
1135 
1136 	crypto_ahash_clear_flags(tfm, ~0);
1137 	blocksize = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
1138 
1139 	ipad = kcalloc(2, blocksize, GFP_KERNEL);
1140 	if (!ipad) {
1141 		ret = -ENOMEM;
1142 		goto free_request;
1143 	}
1144 
1145 	opad = ipad + blocksize;
1146 
1147 	ret = safexcel_hmac_init_pad(areq, blocksize, key, keylen, ipad, opad);
1148 	if (ret)
1149 		goto free_ipad;
1150 
1151 	ret = safexcel_hmac_init_iv(areq, blocksize, ipad, istate);
1152 	if (ret)
1153 		goto free_ipad;
1154 
1155 	ret = safexcel_hmac_init_iv(areq, blocksize, opad, ostate);
1156 
1157 free_ipad:
1158 	kfree(ipad);
1159 free_request:
1160 	ahash_request_free(areq);
1161 free_ahash:
1162 	crypto_free_ahash(tfm);
1163 
1164 	return ret;
1165 }
1166 
1167 int safexcel_hmac_setkey(struct safexcel_context *base, const u8 *key,
1168 			 unsigned int keylen, const char *alg,
1169 			 unsigned int state_sz)
1170 {
1171 	struct safexcel_crypto_priv *priv = base->priv;
1172 	struct safexcel_ahash_export_state istate, ostate;
1173 	int ret;
1174 
1175 	ret = __safexcel_hmac_setkey(alg, key, keylen, &istate, &ostate);
1176 	if (ret)
1177 		return ret;
1178 
1179 	if (priv->flags & EIP197_TRC_CACHE && base->ctxr &&
1180 	    (memcmp(&base->ipad, istate.state, state_sz) ||
1181 	     memcmp(&base->opad, ostate.state, state_sz)))
1182 		base->needs_inv = true;
1183 
1184 	memcpy(&base->ipad, &istate.state, state_sz);
1185 	memcpy(&base->opad, &ostate.state, state_sz);
1186 
1187 	return 0;
1188 }
1189 
1190 static int safexcel_hmac_alg_setkey(struct crypto_ahash *tfm, const u8 *key,
1191 				    unsigned int keylen, const char *alg,
1192 				    unsigned int state_sz)
1193 {
1194 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
1195 
1196 	return safexcel_hmac_setkey(&ctx->base, key, keylen, alg, state_sz);
1197 }
1198 
1199 static int safexcel_hmac_sha1_setkey(struct crypto_ahash *tfm, const u8 *key,
1200 				     unsigned int keylen)
1201 {
1202 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha1",
1203 					SHA1_DIGEST_SIZE);
1204 }
1205 
1206 struct safexcel_alg_template safexcel_alg_hmac_sha1 = {
1207 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1208 	.algo_mask = SAFEXCEL_ALG_SHA1,
1209 	.alg.ahash = {
1210 		.init = safexcel_hmac_sha1_init,
1211 		.update = safexcel_ahash_update,
1212 		.final = safexcel_ahash_final,
1213 		.finup = safexcel_ahash_finup,
1214 		.digest = safexcel_hmac_sha1_digest,
1215 		.setkey = safexcel_hmac_sha1_setkey,
1216 		.export = safexcel_ahash_export,
1217 		.import = safexcel_ahash_import,
1218 		.halg = {
1219 			.digestsize = SHA1_DIGEST_SIZE,
1220 			.statesize = sizeof(struct safexcel_ahash_export_state),
1221 			.base = {
1222 				.cra_name = "hmac(sha1)",
1223 				.cra_driver_name = "safexcel-hmac-sha1",
1224 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1225 				.cra_flags = CRYPTO_ALG_ASYNC |
1226 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1227 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1228 				.cra_blocksize = SHA1_BLOCK_SIZE,
1229 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1230 				.cra_init = safexcel_ahash_cra_init,
1231 				.cra_exit = safexcel_ahash_cra_exit,
1232 				.cra_module = THIS_MODULE,
1233 			},
1234 		},
1235 	},
1236 };
1237 
1238 static int safexcel_sha256_init(struct ahash_request *areq)
1239 {
1240 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1241 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1242 
1243 	memset(req, 0, sizeof(*req));
1244 
1245 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA256;
1246 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1247 	req->state_sz = SHA256_DIGEST_SIZE;
1248 	req->digest_sz = SHA256_DIGEST_SIZE;
1249 	req->block_sz = SHA256_BLOCK_SIZE;
1250 
1251 	return 0;
1252 }
1253 
1254 static int safexcel_sha256_digest(struct ahash_request *areq)
1255 {
1256 	int ret = safexcel_sha256_init(areq);
1257 
1258 	if (ret)
1259 		return ret;
1260 
1261 	return safexcel_ahash_finup(areq);
1262 }
1263 
1264 struct safexcel_alg_template safexcel_alg_sha256 = {
1265 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1266 	.algo_mask = SAFEXCEL_ALG_SHA2_256,
1267 	.alg.ahash = {
1268 		.init = safexcel_sha256_init,
1269 		.update = safexcel_ahash_update,
1270 		.final = safexcel_ahash_final,
1271 		.finup = safexcel_ahash_finup,
1272 		.digest = safexcel_sha256_digest,
1273 		.export = safexcel_ahash_export,
1274 		.import = safexcel_ahash_import,
1275 		.halg = {
1276 			.digestsize = SHA256_DIGEST_SIZE,
1277 			.statesize = sizeof(struct safexcel_ahash_export_state),
1278 			.base = {
1279 				.cra_name = "sha256",
1280 				.cra_driver_name = "safexcel-sha256",
1281 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1282 				.cra_flags = CRYPTO_ALG_ASYNC |
1283 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1284 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1285 				.cra_blocksize = SHA256_BLOCK_SIZE,
1286 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1287 				.cra_init = safexcel_ahash_cra_init,
1288 				.cra_exit = safexcel_ahash_cra_exit,
1289 				.cra_module = THIS_MODULE,
1290 			},
1291 		},
1292 	},
1293 };
1294 
1295 static int safexcel_sha224_init(struct ahash_request *areq)
1296 {
1297 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1298 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1299 
1300 	memset(req, 0, sizeof(*req));
1301 
1302 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA224;
1303 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1304 	req->state_sz = SHA256_DIGEST_SIZE;
1305 	req->digest_sz = SHA256_DIGEST_SIZE;
1306 	req->block_sz = SHA256_BLOCK_SIZE;
1307 
1308 	return 0;
1309 }
1310 
1311 static int safexcel_sha224_digest(struct ahash_request *areq)
1312 {
1313 	int ret = safexcel_sha224_init(areq);
1314 
1315 	if (ret)
1316 		return ret;
1317 
1318 	return safexcel_ahash_finup(areq);
1319 }
1320 
1321 struct safexcel_alg_template safexcel_alg_sha224 = {
1322 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1323 	.algo_mask = SAFEXCEL_ALG_SHA2_256,
1324 	.alg.ahash = {
1325 		.init = safexcel_sha224_init,
1326 		.update = safexcel_ahash_update,
1327 		.final = safexcel_ahash_final,
1328 		.finup = safexcel_ahash_finup,
1329 		.digest = safexcel_sha224_digest,
1330 		.export = safexcel_ahash_export,
1331 		.import = safexcel_ahash_import,
1332 		.halg = {
1333 			.digestsize = SHA224_DIGEST_SIZE,
1334 			.statesize = sizeof(struct safexcel_ahash_export_state),
1335 			.base = {
1336 				.cra_name = "sha224",
1337 				.cra_driver_name = "safexcel-sha224",
1338 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1339 				.cra_flags = CRYPTO_ALG_ASYNC |
1340 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1341 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1342 				.cra_blocksize = SHA224_BLOCK_SIZE,
1343 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1344 				.cra_init = safexcel_ahash_cra_init,
1345 				.cra_exit = safexcel_ahash_cra_exit,
1346 				.cra_module = THIS_MODULE,
1347 			},
1348 		},
1349 	},
1350 };
1351 
1352 static int safexcel_hmac_sha224_setkey(struct crypto_ahash *tfm, const u8 *key,
1353 				       unsigned int keylen)
1354 {
1355 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha224",
1356 					SHA256_DIGEST_SIZE);
1357 }
1358 
1359 static int safexcel_hmac_sha224_init(struct ahash_request *areq)
1360 {
1361 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1362 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1363 
1364 	memset(req, 0, sizeof(*req));
1365 
1366 	/* Start from ipad precompute */
1367 	memcpy(req->state, &ctx->base.ipad, SHA256_DIGEST_SIZE);
1368 	/* Already processed the key^ipad part now! */
1369 	req->len	= SHA256_BLOCK_SIZE;
1370 	req->processed	= SHA256_BLOCK_SIZE;
1371 
1372 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA224;
1373 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1374 	req->state_sz = SHA256_DIGEST_SIZE;
1375 	req->digest_sz = SHA256_DIGEST_SIZE;
1376 	req->block_sz = SHA256_BLOCK_SIZE;
1377 	req->hmac = true;
1378 
1379 	return 0;
1380 }
1381 
1382 static int safexcel_hmac_sha224_digest(struct ahash_request *areq)
1383 {
1384 	int ret = safexcel_hmac_sha224_init(areq);
1385 
1386 	if (ret)
1387 		return ret;
1388 
1389 	return safexcel_ahash_finup(areq);
1390 }
1391 
1392 struct safexcel_alg_template safexcel_alg_hmac_sha224 = {
1393 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1394 	.algo_mask = SAFEXCEL_ALG_SHA2_256,
1395 	.alg.ahash = {
1396 		.init = safexcel_hmac_sha224_init,
1397 		.update = safexcel_ahash_update,
1398 		.final = safexcel_ahash_final,
1399 		.finup = safexcel_ahash_finup,
1400 		.digest = safexcel_hmac_sha224_digest,
1401 		.setkey = safexcel_hmac_sha224_setkey,
1402 		.export = safexcel_ahash_export,
1403 		.import = safexcel_ahash_import,
1404 		.halg = {
1405 			.digestsize = SHA224_DIGEST_SIZE,
1406 			.statesize = sizeof(struct safexcel_ahash_export_state),
1407 			.base = {
1408 				.cra_name = "hmac(sha224)",
1409 				.cra_driver_name = "safexcel-hmac-sha224",
1410 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1411 				.cra_flags = CRYPTO_ALG_ASYNC |
1412 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1413 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1414 				.cra_blocksize = SHA224_BLOCK_SIZE,
1415 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1416 				.cra_init = safexcel_ahash_cra_init,
1417 				.cra_exit = safexcel_ahash_cra_exit,
1418 				.cra_module = THIS_MODULE,
1419 			},
1420 		},
1421 	},
1422 };
1423 
1424 static int safexcel_hmac_sha256_setkey(struct crypto_ahash *tfm, const u8 *key,
1425 				     unsigned int keylen)
1426 {
1427 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha256",
1428 					SHA256_DIGEST_SIZE);
1429 }
1430 
1431 static int safexcel_hmac_sha256_init(struct ahash_request *areq)
1432 {
1433 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1434 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1435 
1436 	memset(req, 0, sizeof(*req));
1437 
1438 	/* Start from ipad precompute */
1439 	memcpy(req->state, &ctx->base.ipad, SHA256_DIGEST_SIZE);
1440 	/* Already processed the key^ipad part now! */
1441 	req->len	= SHA256_BLOCK_SIZE;
1442 	req->processed	= SHA256_BLOCK_SIZE;
1443 
1444 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA256;
1445 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1446 	req->state_sz = SHA256_DIGEST_SIZE;
1447 	req->digest_sz = SHA256_DIGEST_SIZE;
1448 	req->block_sz = SHA256_BLOCK_SIZE;
1449 	req->hmac = true;
1450 
1451 	return 0;
1452 }
1453 
1454 static int safexcel_hmac_sha256_digest(struct ahash_request *areq)
1455 {
1456 	int ret = safexcel_hmac_sha256_init(areq);
1457 
1458 	if (ret)
1459 		return ret;
1460 
1461 	return safexcel_ahash_finup(areq);
1462 }
1463 
1464 struct safexcel_alg_template safexcel_alg_hmac_sha256 = {
1465 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1466 	.algo_mask = SAFEXCEL_ALG_SHA2_256,
1467 	.alg.ahash = {
1468 		.init = safexcel_hmac_sha256_init,
1469 		.update = safexcel_ahash_update,
1470 		.final = safexcel_ahash_final,
1471 		.finup = safexcel_ahash_finup,
1472 		.digest = safexcel_hmac_sha256_digest,
1473 		.setkey = safexcel_hmac_sha256_setkey,
1474 		.export = safexcel_ahash_export,
1475 		.import = safexcel_ahash_import,
1476 		.halg = {
1477 			.digestsize = SHA256_DIGEST_SIZE,
1478 			.statesize = sizeof(struct safexcel_ahash_export_state),
1479 			.base = {
1480 				.cra_name = "hmac(sha256)",
1481 				.cra_driver_name = "safexcel-hmac-sha256",
1482 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1483 				.cra_flags = CRYPTO_ALG_ASYNC |
1484 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1485 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1486 				.cra_blocksize = SHA256_BLOCK_SIZE,
1487 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1488 				.cra_init = safexcel_ahash_cra_init,
1489 				.cra_exit = safexcel_ahash_cra_exit,
1490 				.cra_module = THIS_MODULE,
1491 			},
1492 		},
1493 	},
1494 };
1495 
1496 static int safexcel_sha512_init(struct ahash_request *areq)
1497 {
1498 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1499 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1500 
1501 	memset(req, 0, sizeof(*req));
1502 
1503 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA512;
1504 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1505 	req->state_sz = SHA512_DIGEST_SIZE;
1506 	req->digest_sz = SHA512_DIGEST_SIZE;
1507 	req->block_sz = SHA512_BLOCK_SIZE;
1508 
1509 	return 0;
1510 }
1511 
1512 static int safexcel_sha512_digest(struct ahash_request *areq)
1513 {
1514 	int ret = safexcel_sha512_init(areq);
1515 
1516 	if (ret)
1517 		return ret;
1518 
1519 	return safexcel_ahash_finup(areq);
1520 }
1521 
1522 struct safexcel_alg_template safexcel_alg_sha512 = {
1523 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1524 	.algo_mask = SAFEXCEL_ALG_SHA2_512,
1525 	.alg.ahash = {
1526 		.init = safexcel_sha512_init,
1527 		.update = safexcel_ahash_update,
1528 		.final = safexcel_ahash_final,
1529 		.finup = safexcel_ahash_finup,
1530 		.digest = safexcel_sha512_digest,
1531 		.export = safexcel_ahash_export,
1532 		.import = safexcel_ahash_import,
1533 		.halg = {
1534 			.digestsize = SHA512_DIGEST_SIZE,
1535 			.statesize = sizeof(struct safexcel_ahash_export_state),
1536 			.base = {
1537 				.cra_name = "sha512",
1538 				.cra_driver_name = "safexcel-sha512",
1539 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1540 				.cra_flags = CRYPTO_ALG_ASYNC |
1541 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1542 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1543 				.cra_blocksize = SHA512_BLOCK_SIZE,
1544 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1545 				.cra_init = safexcel_ahash_cra_init,
1546 				.cra_exit = safexcel_ahash_cra_exit,
1547 				.cra_module = THIS_MODULE,
1548 			},
1549 		},
1550 	},
1551 };
1552 
1553 static int safexcel_sha384_init(struct ahash_request *areq)
1554 {
1555 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1556 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1557 
1558 	memset(req, 0, sizeof(*req));
1559 
1560 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA384;
1561 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1562 	req->state_sz = SHA512_DIGEST_SIZE;
1563 	req->digest_sz = SHA512_DIGEST_SIZE;
1564 	req->block_sz = SHA512_BLOCK_SIZE;
1565 
1566 	return 0;
1567 }
1568 
1569 static int safexcel_sha384_digest(struct ahash_request *areq)
1570 {
1571 	int ret = safexcel_sha384_init(areq);
1572 
1573 	if (ret)
1574 		return ret;
1575 
1576 	return safexcel_ahash_finup(areq);
1577 }
1578 
1579 struct safexcel_alg_template safexcel_alg_sha384 = {
1580 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1581 	.algo_mask = SAFEXCEL_ALG_SHA2_512,
1582 	.alg.ahash = {
1583 		.init = safexcel_sha384_init,
1584 		.update = safexcel_ahash_update,
1585 		.final = safexcel_ahash_final,
1586 		.finup = safexcel_ahash_finup,
1587 		.digest = safexcel_sha384_digest,
1588 		.export = safexcel_ahash_export,
1589 		.import = safexcel_ahash_import,
1590 		.halg = {
1591 			.digestsize = SHA384_DIGEST_SIZE,
1592 			.statesize = sizeof(struct safexcel_ahash_export_state),
1593 			.base = {
1594 				.cra_name = "sha384",
1595 				.cra_driver_name = "safexcel-sha384",
1596 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1597 				.cra_flags = CRYPTO_ALG_ASYNC |
1598 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1599 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1600 				.cra_blocksize = SHA384_BLOCK_SIZE,
1601 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1602 				.cra_init = safexcel_ahash_cra_init,
1603 				.cra_exit = safexcel_ahash_cra_exit,
1604 				.cra_module = THIS_MODULE,
1605 			},
1606 		},
1607 	},
1608 };
1609 
1610 static int safexcel_hmac_sha512_setkey(struct crypto_ahash *tfm, const u8 *key,
1611 				       unsigned int keylen)
1612 {
1613 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha512",
1614 					SHA512_DIGEST_SIZE);
1615 }
1616 
1617 static int safexcel_hmac_sha512_init(struct ahash_request *areq)
1618 {
1619 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1620 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1621 
1622 	memset(req, 0, sizeof(*req));
1623 
1624 	/* Start from ipad precompute */
1625 	memcpy(req->state, &ctx->base.ipad, SHA512_DIGEST_SIZE);
1626 	/* Already processed the key^ipad part now! */
1627 	req->len	= SHA512_BLOCK_SIZE;
1628 	req->processed	= SHA512_BLOCK_SIZE;
1629 
1630 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA512;
1631 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1632 	req->state_sz = SHA512_DIGEST_SIZE;
1633 	req->digest_sz = SHA512_DIGEST_SIZE;
1634 	req->block_sz = SHA512_BLOCK_SIZE;
1635 	req->hmac = true;
1636 
1637 	return 0;
1638 }
1639 
1640 static int safexcel_hmac_sha512_digest(struct ahash_request *areq)
1641 {
1642 	int ret = safexcel_hmac_sha512_init(areq);
1643 
1644 	if (ret)
1645 		return ret;
1646 
1647 	return safexcel_ahash_finup(areq);
1648 }
1649 
1650 struct safexcel_alg_template safexcel_alg_hmac_sha512 = {
1651 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1652 	.algo_mask = SAFEXCEL_ALG_SHA2_512,
1653 	.alg.ahash = {
1654 		.init = safexcel_hmac_sha512_init,
1655 		.update = safexcel_ahash_update,
1656 		.final = safexcel_ahash_final,
1657 		.finup = safexcel_ahash_finup,
1658 		.digest = safexcel_hmac_sha512_digest,
1659 		.setkey = safexcel_hmac_sha512_setkey,
1660 		.export = safexcel_ahash_export,
1661 		.import = safexcel_ahash_import,
1662 		.halg = {
1663 			.digestsize = SHA512_DIGEST_SIZE,
1664 			.statesize = sizeof(struct safexcel_ahash_export_state),
1665 			.base = {
1666 				.cra_name = "hmac(sha512)",
1667 				.cra_driver_name = "safexcel-hmac-sha512",
1668 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1669 				.cra_flags = CRYPTO_ALG_ASYNC |
1670 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1671 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1672 				.cra_blocksize = SHA512_BLOCK_SIZE,
1673 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1674 				.cra_init = safexcel_ahash_cra_init,
1675 				.cra_exit = safexcel_ahash_cra_exit,
1676 				.cra_module = THIS_MODULE,
1677 			},
1678 		},
1679 	},
1680 };
1681 
1682 static int safexcel_hmac_sha384_setkey(struct crypto_ahash *tfm, const u8 *key,
1683 				       unsigned int keylen)
1684 {
1685 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha384",
1686 					SHA512_DIGEST_SIZE);
1687 }
1688 
1689 static int safexcel_hmac_sha384_init(struct ahash_request *areq)
1690 {
1691 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1692 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1693 
1694 	memset(req, 0, sizeof(*req));
1695 
1696 	/* Start from ipad precompute */
1697 	memcpy(req->state, &ctx->base.ipad, SHA512_DIGEST_SIZE);
1698 	/* Already processed the key^ipad part now! */
1699 	req->len	= SHA512_BLOCK_SIZE;
1700 	req->processed	= SHA512_BLOCK_SIZE;
1701 
1702 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA384;
1703 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1704 	req->state_sz = SHA512_DIGEST_SIZE;
1705 	req->digest_sz = SHA512_DIGEST_SIZE;
1706 	req->block_sz = SHA512_BLOCK_SIZE;
1707 	req->hmac = true;
1708 
1709 	return 0;
1710 }
1711 
1712 static int safexcel_hmac_sha384_digest(struct ahash_request *areq)
1713 {
1714 	int ret = safexcel_hmac_sha384_init(areq);
1715 
1716 	if (ret)
1717 		return ret;
1718 
1719 	return safexcel_ahash_finup(areq);
1720 }
1721 
1722 struct safexcel_alg_template safexcel_alg_hmac_sha384 = {
1723 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1724 	.algo_mask = SAFEXCEL_ALG_SHA2_512,
1725 	.alg.ahash = {
1726 		.init = safexcel_hmac_sha384_init,
1727 		.update = safexcel_ahash_update,
1728 		.final = safexcel_ahash_final,
1729 		.finup = safexcel_ahash_finup,
1730 		.digest = safexcel_hmac_sha384_digest,
1731 		.setkey = safexcel_hmac_sha384_setkey,
1732 		.export = safexcel_ahash_export,
1733 		.import = safexcel_ahash_import,
1734 		.halg = {
1735 			.digestsize = SHA384_DIGEST_SIZE,
1736 			.statesize = sizeof(struct safexcel_ahash_export_state),
1737 			.base = {
1738 				.cra_name = "hmac(sha384)",
1739 				.cra_driver_name = "safexcel-hmac-sha384",
1740 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1741 				.cra_flags = CRYPTO_ALG_ASYNC |
1742 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1743 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1744 				.cra_blocksize = SHA384_BLOCK_SIZE,
1745 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1746 				.cra_init = safexcel_ahash_cra_init,
1747 				.cra_exit = safexcel_ahash_cra_exit,
1748 				.cra_module = THIS_MODULE,
1749 			},
1750 		},
1751 	},
1752 };
1753 
1754 static int safexcel_md5_init(struct ahash_request *areq)
1755 {
1756 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1757 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1758 
1759 	memset(req, 0, sizeof(*req));
1760 
1761 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_MD5;
1762 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1763 	req->state_sz = MD5_DIGEST_SIZE;
1764 	req->digest_sz = MD5_DIGEST_SIZE;
1765 	req->block_sz = MD5_HMAC_BLOCK_SIZE;
1766 
1767 	return 0;
1768 }
1769 
1770 static int safexcel_md5_digest(struct ahash_request *areq)
1771 {
1772 	int ret = safexcel_md5_init(areq);
1773 
1774 	if (ret)
1775 		return ret;
1776 
1777 	return safexcel_ahash_finup(areq);
1778 }
1779 
1780 struct safexcel_alg_template safexcel_alg_md5 = {
1781 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1782 	.algo_mask = SAFEXCEL_ALG_MD5,
1783 	.alg.ahash = {
1784 		.init = safexcel_md5_init,
1785 		.update = safexcel_ahash_update,
1786 		.final = safexcel_ahash_final,
1787 		.finup = safexcel_ahash_finup,
1788 		.digest = safexcel_md5_digest,
1789 		.export = safexcel_ahash_export,
1790 		.import = safexcel_ahash_import,
1791 		.halg = {
1792 			.digestsize = MD5_DIGEST_SIZE,
1793 			.statesize = sizeof(struct safexcel_ahash_export_state),
1794 			.base = {
1795 				.cra_name = "md5",
1796 				.cra_driver_name = "safexcel-md5",
1797 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1798 				.cra_flags = CRYPTO_ALG_ASYNC |
1799 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1800 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1801 				.cra_blocksize = MD5_HMAC_BLOCK_SIZE,
1802 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1803 				.cra_init = safexcel_ahash_cra_init,
1804 				.cra_exit = safexcel_ahash_cra_exit,
1805 				.cra_module = THIS_MODULE,
1806 			},
1807 		},
1808 	},
1809 };
1810 
1811 static int safexcel_hmac_md5_init(struct ahash_request *areq)
1812 {
1813 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1814 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1815 
1816 	memset(req, 0, sizeof(*req));
1817 
1818 	/* Start from ipad precompute */
1819 	memcpy(req->state, &ctx->base.ipad, MD5_DIGEST_SIZE);
1820 	/* Already processed the key^ipad part now! */
1821 	req->len	= MD5_HMAC_BLOCK_SIZE;
1822 	req->processed	= MD5_HMAC_BLOCK_SIZE;
1823 
1824 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_MD5;
1825 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1826 	req->state_sz = MD5_DIGEST_SIZE;
1827 	req->digest_sz = MD5_DIGEST_SIZE;
1828 	req->block_sz = MD5_HMAC_BLOCK_SIZE;
1829 	req->len_is_le = true; /* MD5 is little endian! ... */
1830 	req->hmac = true;
1831 
1832 	return 0;
1833 }
1834 
1835 static int safexcel_hmac_md5_setkey(struct crypto_ahash *tfm, const u8 *key,
1836 				     unsigned int keylen)
1837 {
1838 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-md5",
1839 					MD5_DIGEST_SIZE);
1840 }
1841 
1842 static int safexcel_hmac_md5_digest(struct ahash_request *areq)
1843 {
1844 	int ret = safexcel_hmac_md5_init(areq);
1845 
1846 	if (ret)
1847 		return ret;
1848 
1849 	return safexcel_ahash_finup(areq);
1850 }
1851 
1852 struct safexcel_alg_template safexcel_alg_hmac_md5 = {
1853 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1854 	.algo_mask = SAFEXCEL_ALG_MD5,
1855 	.alg.ahash = {
1856 		.init = safexcel_hmac_md5_init,
1857 		.update = safexcel_ahash_update,
1858 		.final = safexcel_ahash_final,
1859 		.finup = safexcel_ahash_finup,
1860 		.digest = safexcel_hmac_md5_digest,
1861 		.setkey = safexcel_hmac_md5_setkey,
1862 		.export = safexcel_ahash_export,
1863 		.import = safexcel_ahash_import,
1864 		.halg = {
1865 			.digestsize = MD5_DIGEST_SIZE,
1866 			.statesize = sizeof(struct safexcel_ahash_export_state),
1867 			.base = {
1868 				.cra_name = "hmac(md5)",
1869 				.cra_driver_name = "safexcel-hmac-md5",
1870 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1871 				.cra_flags = CRYPTO_ALG_ASYNC |
1872 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1873 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1874 				.cra_blocksize = MD5_HMAC_BLOCK_SIZE,
1875 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1876 				.cra_init = safexcel_ahash_cra_init,
1877 				.cra_exit = safexcel_ahash_cra_exit,
1878 				.cra_module = THIS_MODULE,
1879 			},
1880 		},
1881 	},
1882 };
1883 
1884 static int safexcel_crc32_cra_init(struct crypto_tfm *tfm)
1885 {
1886 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
1887 	int ret = safexcel_ahash_cra_init(tfm);
1888 
1889 	/* Default 'key' is all zeroes */
1890 	memset(&ctx->base.ipad, 0, sizeof(u32));
1891 	return ret;
1892 }
1893 
1894 static int safexcel_crc32_init(struct ahash_request *areq)
1895 {
1896 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1897 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1898 
1899 	memset(req, 0, sizeof(*req));
1900 
1901 	/* Start from loaded key */
1902 	req->state[0]	= cpu_to_le32(~ctx->base.ipad.word[0]);
1903 	/* Set processed to non-zero to enable invalidation detection */
1904 	req->len	= sizeof(u32);
1905 	req->processed	= sizeof(u32);
1906 
1907 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_CRC32;
1908 	req->digest = CONTEXT_CONTROL_DIGEST_XCM;
1909 	req->state_sz = sizeof(u32);
1910 	req->digest_sz = sizeof(u32);
1911 	req->block_sz = sizeof(u32);
1912 
1913 	return 0;
1914 }
1915 
1916 static int safexcel_crc32_setkey(struct crypto_ahash *tfm, const u8 *key,
1917 				 unsigned int keylen)
1918 {
1919 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
1920 
1921 	if (keylen != sizeof(u32))
1922 		return -EINVAL;
1923 
1924 	memcpy(&ctx->base.ipad, key, sizeof(u32));
1925 	return 0;
1926 }
1927 
1928 static int safexcel_crc32_digest(struct ahash_request *areq)
1929 {
1930 	return safexcel_crc32_init(areq) ?: safexcel_ahash_finup(areq);
1931 }
1932 
1933 struct safexcel_alg_template safexcel_alg_crc32 = {
1934 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1935 	.algo_mask = 0,
1936 	.alg.ahash = {
1937 		.init = safexcel_crc32_init,
1938 		.update = safexcel_ahash_update,
1939 		.final = safexcel_ahash_final,
1940 		.finup = safexcel_ahash_finup,
1941 		.digest = safexcel_crc32_digest,
1942 		.setkey = safexcel_crc32_setkey,
1943 		.export = safexcel_ahash_export,
1944 		.import = safexcel_ahash_import,
1945 		.halg = {
1946 			.digestsize = sizeof(u32),
1947 			.statesize = sizeof(struct safexcel_ahash_export_state),
1948 			.base = {
1949 				.cra_name = "crc32",
1950 				.cra_driver_name = "safexcel-crc32",
1951 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1952 				.cra_flags = CRYPTO_ALG_OPTIONAL_KEY |
1953 					     CRYPTO_ALG_ASYNC |
1954 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1955 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1956 				.cra_blocksize = 1,
1957 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1958 				.cra_init = safexcel_crc32_cra_init,
1959 				.cra_exit = safexcel_ahash_cra_exit,
1960 				.cra_module = THIS_MODULE,
1961 			},
1962 		},
1963 	},
1964 };
1965 
1966 static int safexcel_cbcmac_init(struct ahash_request *areq)
1967 {
1968 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1969 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
1970 
1971 	memset(req, 0, sizeof(*req));
1972 
1973 	/* Start from loaded keys */
1974 	memcpy(req->state, &ctx->base.ipad, ctx->key_sz);
1975 	/* Set processed to non-zero to enable invalidation detection */
1976 	req->len	= AES_BLOCK_SIZE;
1977 	req->processed	= AES_BLOCK_SIZE;
1978 
1979 	req->digest   = CONTEXT_CONTROL_DIGEST_XCM;
1980 	req->state_sz = ctx->key_sz;
1981 	req->digest_sz = AES_BLOCK_SIZE;
1982 	req->block_sz = AES_BLOCK_SIZE;
1983 	req->xcbcmac  = true;
1984 
1985 	return 0;
1986 }
1987 
1988 static int safexcel_cbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,
1989 				 unsigned int len)
1990 {
1991 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
1992 	struct crypto_aes_ctx aes;
1993 	int ret, i;
1994 
1995 	ret = aes_expandkey(&aes, key, len);
1996 	if (ret)
1997 		return ret;
1998 
1999 	memset(&ctx->base.ipad, 0, 2 * AES_BLOCK_SIZE);
2000 	for (i = 0; i < len / sizeof(u32); i++)
2001 		ctx->base.ipad.be[i + 8] = cpu_to_be32(aes.key_enc[i]);
2002 
2003 	if (len == AES_KEYSIZE_192) {
2004 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;
2005 		ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2006 	} else if (len == AES_KEYSIZE_256) {
2007 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;
2008 		ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2009 	} else {
2010 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
2011 		ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2012 	}
2013 	ctx->cbcmac  = true;
2014 
2015 	memzero_explicit(&aes, sizeof(aes));
2016 	return 0;
2017 }
2018 
2019 static int safexcel_cbcmac_digest(struct ahash_request *areq)
2020 {
2021 	return safexcel_cbcmac_init(areq) ?: safexcel_ahash_finup(areq);
2022 }
2023 
2024 struct safexcel_alg_template safexcel_alg_cbcmac = {
2025 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2026 	.algo_mask = 0,
2027 	.alg.ahash = {
2028 		.init = safexcel_cbcmac_init,
2029 		.update = safexcel_ahash_update,
2030 		.final = safexcel_ahash_final,
2031 		.finup = safexcel_ahash_finup,
2032 		.digest = safexcel_cbcmac_digest,
2033 		.setkey = safexcel_cbcmac_setkey,
2034 		.export = safexcel_ahash_export,
2035 		.import = safexcel_ahash_import,
2036 		.halg = {
2037 			.digestsize = AES_BLOCK_SIZE,
2038 			.statesize = sizeof(struct safexcel_ahash_export_state),
2039 			.base = {
2040 				.cra_name = "cbcmac(aes)",
2041 				.cra_driver_name = "safexcel-cbcmac-aes",
2042 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2043 				.cra_flags = CRYPTO_ALG_ASYNC |
2044 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2045 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2046 				.cra_blocksize = 1,
2047 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2048 				.cra_init = safexcel_ahash_cra_init,
2049 				.cra_exit = safexcel_ahash_cra_exit,
2050 				.cra_module = THIS_MODULE,
2051 			},
2052 		},
2053 	},
2054 };
2055 
2056 static int safexcel_xcbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,
2057 				 unsigned int len)
2058 {
2059 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
2060 	u32 key_tmp[3 * AES_BLOCK_SIZE / sizeof(u32)];
2061 	int ret, i;
2062 
2063 	ret = aes_expandkey(ctx->aes, key, len);
2064 	if (ret)
2065 		return ret;
2066 
2067 	/* precompute the XCBC key material */
2068 	aes_encrypt(ctx->aes, (u8 *)key_tmp + 2 * AES_BLOCK_SIZE,
2069 		    "\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1");
2070 	aes_encrypt(ctx->aes, (u8 *)key_tmp,
2071 		    "\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2");
2072 	aes_encrypt(ctx->aes, (u8 *)key_tmp + AES_BLOCK_SIZE,
2073 		    "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3");
2074 	for (i = 0; i < 3 * AES_BLOCK_SIZE / sizeof(u32); i++)
2075 		ctx->base.ipad.word[i] = swab32(key_tmp[i]);
2076 
2077 	ret = aes_expandkey(ctx->aes,
2078 			    (u8 *)key_tmp + 2 * AES_BLOCK_SIZE,
2079 			    AES_MIN_KEY_SIZE);
2080 	if (ret)
2081 		return ret;
2082 
2083 	ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
2084 	ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2085 	ctx->cbcmac = false;
2086 
2087 	return 0;
2088 }
2089 
2090 static int safexcel_xcbcmac_cra_init(struct crypto_tfm *tfm)
2091 {
2092 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2093 
2094 	safexcel_ahash_cra_init(tfm);
2095 	ctx->aes = kmalloc(sizeof(*ctx->aes), GFP_KERNEL);
2096 	return ctx->aes == NULL ? -ENOMEM : 0;
2097 }
2098 
2099 static void safexcel_xcbcmac_cra_exit(struct crypto_tfm *tfm)
2100 {
2101 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2102 
2103 	kfree(ctx->aes);
2104 	safexcel_ahash_cra_exit(tfm);
2105 }
2106 
2107 struct safexcel_alg_template safexcel_alg_xcbcmac = {
2108 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2109 	.algo_mask = 0,
2110 	.alg.ahash = {
2111 		.init = safexcel_cbcmac_init,
2112 		.update = safexcel_ahash_update,
2113 		.final = safexcel_ahash_final,
2114 		.finup = safexcel_ahash_finup,
2115 		.digest = safexcel_cbcmac_digest,
2116 		.setkey = safexcel_xcbcmac_setkey,
2117 		.export = safexcel_ahash_export,
2118 		.import = safexcel_ahash_import,
2119 		.halg = {
2120 			.digestsize = AES_BLOCK_SIZE,
2121 			.statesize = sizeof(struct safexcel_ahash_export_state),
2122 			.base = {
2123 				.cra_name = "xcbc(aes)",
2124 				.cra_driver_name = "safexcel-xcbc-aes",
2125 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2126 				.cra_flags = CRYPTO_ALG_ASYNC |
2127 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2128 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2129 				.cra_blocksize = AES_BLOCK_SIZE,
2130 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2131 				.cra_init = safexcel_xcbcmac_cra_init,
2132 				.cra_exit = safexcel_xcbcmac_cra_exit,
2133 				.cra_module = THIS_MODULE,
2134 			},
2135 		},
2136 	},
2137 };
2138 
2139 static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
2140 				unsigned int len)
2141 {
2142 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
2143 	__be64 consts[4];
2144 	u64 _const[2];
2145 	u8 msb_mask, gfmask;
2146 	int ret, i;
2147 
2148 	/* precompute the CMAC key material */
2149 	ret = aes_expandkey(ctx->aes, key, len);
2150 	if (ret)
2151 		return ret;
2152 
2153 	for (i = 0; i < len / sizeof(u32); i++)
2154 		ctx->base.ipad.word[i + 8] = swab32(ctx->aes->key_enc[i]);
2155 
2156 	/* code below borrowed from crypto/cmac.c */
2157 	/* encrypt the zero block */
2158 	memset(consts, 0, AES_BLOCK_SIZE);
2159 	aes_encrypt(ctx->aes, (u8 *)consts, (u8 *)consts);
2160 
2161 	gfmask = 0x87;
2162 	_const[0] = be64_to_cpu(consts[1]);
2163 	_const[1] = be64_to_cpu(consts[0]);
2164 
2165 	/* gf(2^128) multiply zero-ciphertext with u and u^2 */
2166 	for (i = 0; i < 4; i += 2) {
2167 		msb_mask = ((s64)_const[1] >> 63) & gfmask;
2168 		_const[1] = (_const[1] << 1) | (_const[0] >> 63);
2169 		_const[0] = (_const[0] << 1) ^ msb_mask;
2170 
2171 		consts[i + 0] = cpu_to_be64(_const[1]);
2172 		consts[i + 1] = cpu_to_be64(_const[0]);
2173 	}
2174 	/* end of code borrowed from crypto/cmac.c */
2175 
2176 	for (i = 0; i < 2 * AES_BLOCK_SIZE / sizeof(u32); i++)
2177 		ctx->base.ipad.be[i] = cpu_to_be32(((u32 *)consts)[i]);
2178 
2179 	if (len == AES_KEYSIZE_192) {
2180 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;
2181 		ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2182 	} else if (len == AES_KEYSIZE_256) {
2183 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;
2184 		ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2185 	} else {
2186 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
2187 		ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2188 	}
2189 	ctx->cbcmac = false;
2190 
2191 	return 0;
2192 }
2193 
2194 struct safexcel_alg_template safexcel_alg_cmac = {
2195 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2196 	.algo_mask = 0,
2197 	.alg.ahash = {
2198 		.init = safexcel_cbcmac_init,
2199 		.update = safexcel_ahash_update,
2200 		.final = safexcel_ahash_final,
2201 		.finup = safexcel_ahash_finup,
2202 		.digest = safexcel_cbcmac_digest,
2203 		.setkey = safexcel_cmac_setkey,
2204 		.export = safexcel_ahash_export,
2205 		.import = safexcel_ahash_import,
2206 		.halg = {
2207 			.digestsize = AES_BLOCK_SIZE,
2208 			.statesize = sizeof(struct safexcel_ahash_export_state),
2209 			.base = {
2210 				.cra_name = "cmac(aes)",
2211 				.cra_driver_name = "safexcel-cmac-aes",
2212 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2213 				.cra_flags = CRYPTO_ALG_ASYNC |
2214 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2215 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2216 				.cra_blocksize = AES_BLOCK_SIZE,
2217 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2218 				.cra_init = safexcel_xcbcmac_cra_init,
2219 				.cra_exit = safexcel_xcbcmac_cra_exit,
2220 				.cra_module = THIS_MODULE,
2221 			},
2222 		},
2223 	},
2224 };
2225 
2226 static int safexcel_sm3_init(struct ahash_request *areq)
2227 {
2228 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
2229 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2230 
2231 	memset(req, 0, sizeof(*req));
2232 
2233 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
2234 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
2235 	req->state_sz = SM3_DIGEST_SIZE;
2236 	req->digest_sz = SM3_DIGEST_SIZE;
2237 	req->block_sz = SM3_BLOCK_SIZE;
2238 
2239 	return 0;
2240 }
2241 
2242 static int safexcel_sm3_digest(struct ahash_request *areq)
2243 {
2244 	int ret = safexcel_sm3_init(areq);
2245 
2246 	if (ret)
2247 		return ret;
2248 
2249 	return safexcel_ahash_finup(areq);
2250 }
2251 
2252 struct safexcel_alg_template safexcel_alg_sm3 = {
2253 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2254 	.algo_mask = SAFEXCEL_ALG_SM3,
2255 	.alg.ahash = {
2256 		.init = safexcel_sm3_init,
2257 		.update = safexcel_ahash_update,
2258 		.final = safexcel_ahash_final,
2259 		.finup = safexcel_ahash_finup,
2260 		.digest = safexcel_sm3_digest,
2261 		.export = safexcel_ahash_export,
2262 		.import = safexcel_ahash_import,
2263 		.halg = {
2264 			.digestsize = SM3_DIGEST_SIZE,
2265 			.statesize = sizeof(struct safexcel_ahash_export_state),
2266 			.base = {
2267 				.cra_name = "sm3",
2268 				.cra_driver_name = "safexcel-sm3",
2269 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2270 				.cra_flags = CRYPTO_ALG_ASYNC |
2271 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2272 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2273 				.cra_blocksize = SM3_BLOCK_SIZE,
2274 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2275 				.cra_init = safexcel_ahash_cra_init,
2276 				.cra_exit = safexcel_ahash_cra_exit,
2277 				.cra_module = THIS_MODULE,
2278 			},
2279 		},
2280 	},
2281 };
2282 
2283 static int safexcel_hmac_sm3_setkey(struct crypto_ahash *tfm, const u8 *key,
2284 				    unsigned int keylen)
2285 {
2286 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sm3",
2287 					SM3_DIGEST_SIZE);
2288 }
2289 
2290 static int safexcel_hmac_sm3_init(struct ahash_request *areq)
2291 {
2292 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
2293 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2294 
2295 	memset(req, 0, sizeof(*req));
2296 
2297 	/* Start from ipad precompute */
2298 	memcpy(req->state, &ctx->base.ipad, SM3_DIGEST_SIZE);
2299 	/* Already processed the key^ipad part now! */
2300 	req->len	= SM3_BLOCK_SIZE;
2301 	req->processed	= SM3_BLOCK_SIZE;
2302 
2303 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
2304 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
2305 	req->state_sz = SM3_DIGEST_SIZE;
2306 	req->digest_sz = SM3_DIGEST_SIZE;
2307 	req->block_sz = SM3_BLOCK_SIZE;
2308 	req->hmac = true;
2309 
2310 	return 0;
2311 }
2312 
2313 static int safexcel_hmac_sm3_digest(struct ahash_request *areq)
2314 {
2315 	int ret = safexcel_hmac_sm3_init(areq);
2316 
2317 	if (ret)
2318 		return ret;
2319 
2320 	return safexcel_ahash_finup(areq);
2321 }
2322 
2323 struct safexcel_alg_template safexcel_alg_hmac_sm3 = {
2324 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2325 	.algo_mask = SAFEXCEL_ALG_SM3,
2326 	.alg.ahash = {
2327 		.init = safexcel_hmac_sm3_init,
2328 		.update = safexcel_ahash_update,
2329 		.final = safexcel_ahash_final,
2330 		.finup = safexcel_ahash_finup,
2331 		.digest = safexcel_hmac_sm3_digest,
2332 		.setkey = safexcel_hmac_sm3_setkey,
2333 		.export = safexcel_ahash_export,
2334 		.import = safexcel_ahash_import,
2335 		.halg = {
2336 			.digestsize = SM3_DIGEST_SIZE,
2337 			.statesize = sizeof(struct safexcel_ahash_export_state),
2338 			.base = {
2339 				.cra_name = "hmac(sm3)",
2340 				.cra_driver_name = "safexcel-hmac-sm3",
2341 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2342 				.cra_flags = CRYPTO_ALG_ASYNC |
2343 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2344 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2345 				.cra_blocksize = SM3_BLOCK_SIZE,
2346 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2347 				.cra_init = safexcel_ahash_cra_init,
2348 				.cra_exit = safexcel_ahash_cra_exit,
2349 				.cra_module = THIS_MODULE,
2350 			},
2351 		},
2352 	},
2353 };
2354 
2355 static int safexcel_sha3_224_init(struct ahash_request *areq)
2356 {
2357 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2358 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2359 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2360 
2361 	memset(req, 0, sizeof(*req));
2362 
2363 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_224;
2364 	req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
2365 	req->state_sz = SHA3_224_DIGEST_SIZE;
2366 	req->digest_sz = SHA3_224_DIGEST_SIZE;
2367 	req->block_sz = SHA3_224_BLOCK_SIZE;
2368 	ctx->do_fallback = false;
2369 	ctx->fb_init_done = false;
2370 	return 0;
2371 }
2372 
2373 static int safexcel_sha3_fbcheck(struct ahash_request *req)
2374 {
2375 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2376 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2377 	struct ahash_request *subreq = ahash_request_ctx_dma(req);
2378 	int ret = 0;
2379 
2380 	if (ctx->do_fallback) {
2381 		ahash_request_set_tfm(subreq, ctx->fback);
2382 		ahash_request_set_callback(subreq, req->base.flags,
2383 					   req->base.complete, req->base.data);
2384 		ahash_request_set_crypt(subreq, req->src, req->result,
2385 					req->nbytes);
2386 		if (!ctx->fb_init_done) {
2387 			if (ctx->fb_do_setkey) {
2388 				/* Set fallback cipher HMAC key */
2389 				u8 key[SHA3_224_BLOCK_SIZE];
2390 
2391 				memcpy(key, &ctx->base.ipad,
2392 				       crypto_ahash_blocksize(ctx->fback) / 2);
2393 				memcpy(key +
2394 				       crypto_ahash_blocksize(ctx->fback) / 2,
2395 				       &ctx->base.opad,
2396 				       crypto_ahash_blocksize(ctx->fback) / 2);
2397 				ret = crypto_ahash_setkey(ctx->fback, key,
2398 					crypto_ahash_blocksize(ctx->fback));
2399 				memzero_explicit(key,
2400 					crypto_ahash_blocksize(ctx->fback));
2401 				ctx->fb_do_setkey = false;
2402 			}
2403 			ret = ret ?: crypto_ahash_init(subreq);
2404 			ctx->fb_init_done = true;
2405 		}
2406 	}
2407 	return ret;
2408 }
2409 
2410 static int safexcel_sha3_update(struct ahash_request *req)
2411 {
2412 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2413 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2414 	struct ahash_request *subreq = ahash_request_ctx_dma(req);
2415 
2416 	ctx->do_fallback = true;
2417 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_update(subreq);
2418 }
2419 
2420 static int safexcel_sha3_final(struct ahash_request *req)
2421 {
2422 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2423 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2424 	struct ahash_request *subreq = ahash_request_ctx_dma(req);
2425 
2426 	ctx->do_fallback = true;
2427 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_final(subreq);
2428 }
2429 
2430 static int safexcel_sha3_finup(struct ahash_request *req)
2431 {
2432 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2433 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2434 	struct ahash_request *subreq = ahash_request_ctx_dma(req);
2435 
2436 	ctx->do_fallback |= !req->nbytes;
2437 	if (ctx->do_fallback)
2438 		/* Update or ex/import happened or len 0, cannot use the HW */
2439 		return safexcel_sha3_fbcheck(req) ?:
2440 		       crypto_ahash_finup(subreq);
2441 	else
2442 		return safexcel_ahash_finup(req);
2443 }
2444 
2445 static int safexcel_sha3_digest_fallback(struct ahash_request *req)
2446 {
2447 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2448 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2449 	struct ahash_request *subreq = ahash_request_ctx_dma(req);
2450 
2451 	ctx->do_fallback = true;
2452 	ctx->fb_init_done = false;
2453 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_finup(subreq);
2454 }
2455 
2456 static int safexcel_sha3_224_digest(struct ahash_request *req)
2457 {
2458 	if (req->nbytes)
2459 		return safexcel_sha3_224_init(req) ?: safexcel_ahash_finup(req);
2460 
2461 	/* HW cannot do zero length hash, use fallback instead */
2462 	return safexcel_sha3_digest_fallback(req);
2463 }
2464 
2465 static int safexcel_sha3_export(struct ahash_request *req, void *out)
2466 {
2467 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2468 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2469 	struct ahash_request *subreq = ahash_request_ctx_dma(req);
2470 
2471 	ctx->do_fallback = true;
2472 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_export(subreq, out);
2473 }
2474 
2475 static int safexcel_sha3_import(struct ahash_request *req, const void *in)
2476 {
2477 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2478 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2479 	struct ahash_request *subreq = ahash_request_ctx_dma(req);
2480 
2481 	ctx->do_fallback = true;
2482 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_import(subreq, in);
2483 	// return safexcel_ahash_import(req, in);
2484 }
2485 
2486 static int safexcel_sha3_cra_init(struct crypto_tfm *tfm)
2487 {
2488 	struct crypto_ahash *ahash = __crypto_ahash_cast(tfm);
2489 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2490 
2491 	safexcel_ahash_cra_init(tfm);
2492 
2493 	/* Allocate fallback implementation */
2494 	ctx->fback = crypto_alloc_ahash(crypto_tfm_alg_name(tfm), 0,
2495 					CRYPTO_ALG_ASYNC |
2496 					CRYPTO_ALG_NEED_FALLBACK);
2497 	if (IS_ERR(ctx->fback))
2498 		return PTR_ERR(ctx->fback);
2499 
2500 	/* Update statesize from fallback algorithm! */
2501 	crypto_hash_alg_common(ahash)->statesize =
2502 		crypto_ahash_statesize(ctx->fback);
2503 	crypto_ahash_set_reqsize_dma(
2504 		ahash, max(sizeof(struct safexcel_ahash_req),
2505 			   sizeof(struct ahash_request) +
2506 			   crypto_ahash_reqsize(ctx->fback)));
2507 	return 0;
2508 }
2509 
2510 static void safexcel_sha3_cra_exit(struct crypto_tfm *tfm)
2511 {
2512 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2513 
2514 	crypto_free_ahash(ctx->fback);
2515 	safexcel_ahash_cra_exit(tfm);
2516 }
2517 
2518 struct safexcel_alg_template safexcel_alg_sha3_224 = {
2519 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2520 	.algo_mask = SAFEXCEL_ALG_SHA3,
2521 	.alg.ahash = {
2522 		.init = safexcel_sha3_224_init,
2523 		.update = safexcel_sha3_update,
2524 		.final = safexcel_sha3_final,
2525 		.finup = safexcel_sha3_finup,
2526 		.digest = safexcel_sha3_224_digest,
2527 		.export = safexcel_sha3_export,
2528 		.import = safexcel_sha3_import,
2529 		.halg = {
2530 			.digestsize = SHA3_224_DIGEST_SIZE,
2531 			.statesize = sizeof(struct safexcel_ahash_export_state),
2532 			.base = {
2533 				.cra_name = "sha3-224",
2534 				.cra_driver_name = "safexcel-sha3-224",
2535 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2536 				.cra_flags = CRYPTO_ALG_ASYNC |
2537 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2538 					     CRYPTO_ALG_NEED_FALLBACK,
2539 				.cra_blocksize = SHA3_224_BLOCK_SIZE,
2540 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2541 				.cra_init = safexcel_sha3_cra_init,
2542 				.cra_exit = safexcel_sha3_cra_exit,
2543 				.cra_module = THIS_MODULE,
2544 			},
2545 		},
2546 	},
2547 };
2548 
2549 static int safexcel_sha3_256_init(struct ahash_request *areq)
2550 {
2551 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2552 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2553 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2554 
2555 	memset(req, 0, sizeof(*req));
2556 
2557 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_256;
2558 	req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
2559 	req->state_sz = SHA3_256_DIGEST_SIZE;
2560 	req->digest_sz = SHA3_256_DIGEST_SIZE;
2561 	req->block_sz = SHA3_256_BLOCK_SIZE;
2562 	ctx->do_fallback = false;
2563 	ctx->fb_init_done = false;
2564 	return 0;
2565 }
2566 
2567 static int safexcel_sha3_256_digest(struct ahash_request *req)
2568 {
2569 	if (req->nbytes)
2570 		return safexcel_sha3_256_init(req) ?: safexcel_ahash_finup(req);
2571 
2572 	/* HW cannot do zero length hash, use fallback instead */
2573 	return safexcel_sha3_digest_fallback(req);
2574 }
2575 
2576 struct safexcel_alg_template safexcel_alg_sha3_256 = {
2577 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2578 	.algo_mask = SAFEXCEL_ALG_SHA3,
2579 	.alg.ahash = {
2580 		.init = safexcel_sha3_256_init,
2581 		.update = safexcel_sha3_update,
2582 		.final = safexcel_sha3_final,
2583 		.finup = safexcel_sha3_finup,
2584 		.digest = safexcel_sha3_256_digest,
2585 		.export = safexcel_sha3_export,
2586 		.import = safexcel_sha3_import,
2587 		.halg = {
2588 			.digestsize = SHA3_256_DIGEST_SIZE,
2589 			.statesize = sizeof(struct safexcel_ahash_export_state),
2590 			.base = {
2591 				.cra_name = "sha3-256",
2592 				.cra_driver_name = "safexcel-sha3-256",
2593 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2594 				.cra_flags = CRYPTO_ALG_ASYNC |
2595 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2596 					     CRYPTO_ALG_NEED_FALLBACK,
2597 				.cra_blocksize = SHA3_256_BLOCK_SIZE,
2598 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2599 				.cra_init = safexcel_sha3_cra_init,
2600 				.cra_exit = safexcel_sha3_cra_exit,
2601 				.cra_module = THIS_MODULE,
2602 			},
2603 		},
2604 	},
2605 };
2606 
2607 static int safexcel_sha3_384_init(struct ahash_request *areq)
2608 {
2609 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2610 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2611 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2612 
2613 	memset(req, 0, sizeof(*req));
2614 
2615 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_384;
2616 	req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
2617 	req->state_sz = SHA3_384_DIGEST_SIZE;
2618 	req->digest_sz = SHA3_384_DIGEST_SIZE;
2619 	req->block_sz = SHA3_384_BLOCK_SIZE;
2620 	ctx->do_fallback = false;
2621 	ctx->fb_init_done = false;
2622 	return 0;
2623 }
2624 
2625 static int safexcel_sha3_384_digest(struct ahash_request *req)
2626 {
2627 	if (req->nbytes)
2628 		return safexcel_sha3_384_init(req) ?: safexcel_ahash_finup(req);
2629 
2630 	/* HW cannot do zero length hash, use fallback instead */
2631 	return safexcel_sha3_digest_fallback(req);
2632 }
2633 
2634 struct safexcel_alg_template safexcel_alg_sha3_384 = {
2635 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2636 	.algo_mask = SAFEXCEL_ALG_SHA3,
2637 	.alg.ahash = {
2638 		.init = safexcel_sha3_384_init,
2639 		.update = safexcel_sha3_update,
2640 		.final = safexcel_sha3_final,
2641 		.finup = safexcel_sha3_finup,
2642 		.digest = safexcel_sha3_384_digest,
2643 		.export = safexcel_sha3_export,
2644 		.import = safexcel_sha3_import,
2645 		.halg = {
2646 			.digestsize = SHA3_384_DIGEST_SIZE,
2647 			.statesize = sizeof(struct safexcel_ahash_export_state),
2648 			.base = {
2649 				.cra_name = "sha3-384",
2650 				.cra_driver_name = "safexcel-sha3-384",
2651 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2652 				.cra_flags = CRYPTO_ALG_ASYNC |
2653 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2654 					     CRYPTO_ALG_NEED_FALLBACK,
2655 				.cra_blocksize = SHA3_384_BLOCK_SIZE,
2656 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2657 				.cra_init = safexcel_sha3_cra_init,
2658 				.cra_exit = safexcel_sha3_cra_exit,
2659 				.cra_module = THIS_MODULE,
2660 			},
2661 		},
2662 	},
2663 };
2664 
2665 static int safexcel_sha3_512_init(struct ahash_request *areq)
2666 {
2667 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2668 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2669 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2670 
2671 	memset(req, 0, sizeof(*req));
2672 
2673 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_512;
2674 	req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
2675 	req->state_sz = SHA3_512_DIGEST_SIZE;
2676 	req->digest_sz = SHA3_512_DIGEST_SIZE;
2677 	req->block_sz = SHA3_512_BLOCK_SIZE;
2678 	ctx->do_fallback = false;
2679 	ctx->fb_init_done = false;
2680 	return 0;
2681 }
2682 
2683 static int safexcel_sha3_512_digest(struct ahash_request *req)
2684 {
2685 	if (req->nbytes)
2686 		return safexcel_sha3_512_init(req) ?: safexcel_ahash_finup(req);
2687 
2688 	/* HW cannot do zero length hash, use fallback instead */
2689 	return safexcel_sha3_digest_fallback(req);
2690 }
2691 
2692 struct safexcel_alg_template safexcel_alg_sha3_512 = {
2693 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2694 	.algo_mask = SAFEXCEL_ALG_SHA3,
2695 	.alg.ahash = {
2696 		.init = safexcel_sha3_512_init,
2697 		.update = safexcel_sha3_update,
2698 		.final = safexcel_sha3_final,
2699 		.finup = safexcel_sha3_finup,
2700 		.digest = safexcel_sha3_512_digest,
2701 		.export = safexcel_sha3_export,
2702 		.import = safexcel_sha3_import,
2703 		.halg = {
2704 			.digestsize = SHA3_512_DIGEST_SIZE,
2705 			.statesize = sizeof(struct safexcel_ahash_export_state),
2706 			.base = {
2707 				.cra_name = "sha3-512",
2708 				.cra_driver_name = "safexcel-sha3-512",
2709 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2710 				.cra_flags = CRYPTO_ALG_ASYNC |
2711 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2712 					     CRYPTO_ALG_NEED_FALLBACK,
2713 				.cra_blocksize = SHA3_512_BLOCK_SIZE,
2714 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2715 				.cra_init = safexcel_sha3_cra_init,
2716 				.cra_exit = safexcel_sha3_cra_exit,
2717 				.cra_module = THIS_MODULE,
2718 			},
2719 		},
2720 	},
2721 };
2722 
2723 static int safexcel_hmac_sha3_cra_init(struct crypto_tfm *tfm, const char *alg)
2724 {
2725 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2726 	int ret;
2727 
2728 	ret = safexcel_sha3_cra_init(tfm);
2729 	if (ret)
2730 		return ret;
2731 
2732 	/* Allocate precalc basic digest implementation */
2733 	ctx->shpre = crypto_alloc_shash(alg, 0, CRYPTO_ALG_NEED_FALLBACK);
2734 	if (IS_ERR(ctx->shpre))
2735 		return PTR_ERR(ctx->shpre);
2736 
2737 	ctx->shdesc = kmalloc(sizeof(*ctx->shdesc) +
2738 			      crypto_shash_descsize(ctx->shpre), GFP_KERNEL);
2739 	if (!ctx->shdesc) {
2740 		crypto_free_shash(ctx->shpre);
2741 		return -ENOMEM;
2742 	}
2743 	ctx->shdesc->tfm = ctx->shpre;
2744 	return 0;
2745 }
2746 
2747 static void safexcel_hmac_sha3_cra_exit(struct crypto_tfm *tfm)
2748 {
2749 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2750 
2751 	crypto_free_ahash(ctx->fback);
2752 	crypto_free_shash(ctx->shpre);
2753 	kfree(ctx->shdesc);
2754 	safexcel_ahash_cra_exit(tfm);
2755 }
2756 
2757 static int safexcel_hmac_sha3_setkey(struct crypto_ahash *tfm, const u8 *key,
2758 				     unsigned int keylen)
2759 {
2760 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2761 	int ret = 0;
2762 
2763 	if (keylen > crypto_ahash_blocksize(tfm)) {
2764 		/*
2765 		 * If the key is larger than the blocksize, then hash it
2766 		 * first using our fallback cipher
2767 		 */
2768 		ret = crypto_shash_digest(ctx->shdesc, key, keylen,
2769 					  ctx->base.ipad.byte);
2770 		keylen = crypto_shash_digestsize(ctx->shpre);
2771 
2772 		/*
2773 		 * If the digest is larger than half the blocksize, we need to
2774 		 * move the rest to opad due to the way our HMAC infra works.
2775 		 */
2776 		if (keylen > crypto_ahash_blocksize(tfm) / 2)
2777 			/* Buffers overlap, need to use memmove iso memcpy! */
2778 			memmove(&ctx->base.opad,
2779 				ctx->base.ipad.byte +
2780 					crypto_ahash_blocksize(tfm) / 2,
2781 				keylen - crypto_ahash_blocksize(tfm) / 2);
2782 	} else {
2783 		/*
2784 		 * Copy the key to our ipad & opad buffers
2785 		 * Note that ipad and opad each contain one half of the key,
2786 		 * to match the existing HMAC driver infrastructure.
2787 		 */
2788 		if (keylen <= crypto_ahash_blocksize(tfm) / 2) {
2789 			memcpy(&ctx->base.ipad, key, keylen);
2790 		} else {
2791 			memcpy(&ctx->base.ipad, key,
2792 			       crypto_ahash_blocksize(tfm) / 2);
2793 			memcpy(&ctx->base.opad,
2794 			       key + crypto_ahash_blocksize(tfm) / 2,
2795 			       keylen - crypto_ahash_blocksize(tfm) / 2);
2796 		}
2797 	}
2798 
2799 	/* Pad key with zeroes */
2800 	if (keylen <= crypto_ahash_blocksize(tfm) / 2) {
2801 		memset(ctx->base.ipad.byte + keylen, 0,
2802 		       crypto_ahash_blocksize(tfm) / 2 - keylen);
2803 		memset(&ctx->base.opad, 0, crypto_ahash_blocksize(tfm) / 2);
2804 	} else {
2805 		memset(ctx->base.opad.byte + keylen -
2806 		       crypto_ahash_blocksize(tfm) / 2, 0,
2807 		       crypto_ahash_blocksize(tfm) - keylen);
2808 	}
2809 
2810 	/* If doing fallback, still need to set the new key! */
2811 	ctx->fb_do_setkey = true;
2812 	return ret;
2813 }
2814 
2815 static int safexcel_hmac_sha3_224_init(struct ahash_request *areq)
2816 {
2817 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2818 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2819 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2820 
2821 	memset(req, 0, sizeof(*req));
2822 
2823 	/* Copy (half of) the key */
2824 	memcpy(req->state, &ctx->base.ipad, SHA3_224_BLOCK_SIZE / 2);
2825 	/* Start of HMAC should have len == processed == blocksize */
2826 	req->len	= SHA3_224_BLOCK_SIZE;
2827 	req->processed	= SHA3_224_BLOCK_SIZE;
2828 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_224;
2829 	req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
2830 	req->state_sz = SHA3_224_BLOCK_SIZE / 2;
2831 	req->digest_sz = SHA3_224_DIGEST_SIZE;
2832 	req->block_sz = SHA3_224_BLOCK_SIZE;
2833 	req->hmac = true;
2834 	ctx->do_fallback = false;
2835 	ctx->fb_init_done = false;
2836 	return 0;
2837 }
2838 
2839 static int safexcel_hmac_sha3_224_digest(struct ahash_request *req)
2840 {
2841 	if (req->nbytes)
2842 		return safexcel_hmac_sha3_224_init(req) ?:
2843 		       safexcel_ahash_finup(req);
2844 
2845 	/* HW cannot do zero length HMAC, use fallback instead */
2846 	return safexcel_sha3_digest_fallback(req);
2847 }
2848 
2849 static int safexcel_hmac_sha3_224_cra_init(struct crypto_tfm *tfm)
2850 {
2851 	return safexcel_hmac_sha3_cra_init(tfm, "sha3-224");
2852 }
2853 
2854 struct safexcel_alg_template safexcel_alg_hmac_sha3_224 = {
2855 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2856 	.algo_mask = SAFEXCEL_ALG_SHA3,
2857 	.alg.ahash = {
2858 		.init = safexcel_hmac_sha3_224_init,
2859 		.update = safexcel_sha3_update,
2860 		.final = safexcel_sha3_final,
2861 		.finup = safexcel_sha3_finup,
2862 		.digest = safexcel_hmac_sha3_224_digest,
2863 		.setkey = safexcel_hmac_sha3_setkey,
2864 		.export = safexcel_sha3_export,
2865 		.import = safexcel_sha3_import,
2866 		.halg = {
2867 			.digestsize = SHA3_224_DIGEST_SIZE,
2868 			.statesize = sizeof(struct safexcel_ahash_export_state),
2869 			.base = {
2870 				.cra_name = "hmac(sha3-224)",
2871 				.cra_driver_name = "safexcel-hmac-sha3-224",
2872 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2873 				.cra_flags = CRYPTO_ALG_ASYNC |
2874 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2875 					     CRYPTO_ALG_NEED_FALLBACK,
2876 				.cra_blocksize = SHA3_224_BLOCK_SIZE,
2877 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2878 				.cra_init = safexcel_hmac_sha3_224_cra_init,
2879 				.cra_exit = safexcel_hmac_sha3_cra_exit,
2880 				.cra_module = THIS_MODULE,
2881 			},
2882 		},
2883 	},
2884 };
2885 
2886 static int safexcel_hmac_sha3_256_init(struct ahash_request *areq)
2887 {
2888 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2889 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2890 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2891 
2892 	memset(req, 0, sizeof(*req));
2893 
2894 	/* Copy (half of) the key */
2895 	memcpy(req->state, &ctx->base.ipad, SHA3_256_BLOCK_SIZE / 2);
2896 	/* Start of HMAC should have len == processed == blocksize */
2897 	req->len	= SHA3_256_BLOCK_SIZE;
2898 	req->processed	= SHA3_256_BLOCK_SIZE;
2899 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_256;
2900 	req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
2901 	req->state_sz = SHA3_256_BLOCK_SIZE / 2;
2902 	req->digest_sz = SHA3_256_DIGEST_SIZE;
2903 	req->block_sz = SHA3_256_BLOCK_SIZE;
2904 	req->hmac = true;
2905 	ctx->do_fallback = false;
2906 	ctx->fb_init_done = false;
2907 	return 0;
2908 }
2909 
2910 static int safexcel_hmac_sha3_256_digest(struct ahash_request *req)
2911 {
2912 	if (req->nbytes)
2913 		return safexcel_hmac_sha3_256_init(req) ?:
2914 		       safexcel_ahash_finup(req);
2915 
2916 	/* HW cannot do zero length HMAC, use fallback instead */
2917 	return safexcel_sha3_digest_fallback(req);
2918 }
2919 
2920 static int safexcel_hmac_sha3_256_cra_init(struct crypto_tfm *tfm)
2921 {
2922 	return safexcel_hmac_sha3_cra_init(tfm, "sha3-256");
2923 }
2924 
2925 struct safexcel_alg_template safexcel_alg_hmac_sha3_256 = {
2926 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2927 	.algo_mask = SAFEXCEL_ALG_SHA3,
2928 	.alg.ahash = {
2929 		.init = safexcel_hmac_sha3_256_init,
2930 		.update = safexcel_sha3_update,
2931 		.final = safexcel_sha3_final,
2932 		.finup = safexcel_sha3_finup,
2933 		.digest = safexcel_hmac_sha3_256_digest,
2934 		.setkey = safexcel_hmac_sha3_setkey,
2935 		.export = safexcel_sha3_export,
2936 		.import = safexcel_sha3_import,
2937 		.halg = {
2938 			.digestsize = SHA3_256_DIGEST_SIZE,
2939 			.statesize = sizeof(struct safexcel_ahash_export_state),
2940 			.base = {
2941 				.cra_name = "hmac(sha3-256)",
2942 				.cra_driver_name = "safexcel-hmac-sha3-256",
2943 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2944 				.cra_flags = CRYPTO_ALG_ASYNC |
2945 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2946 					     CRYPTO_ALG_NEED_FALLBACK,
2947 				.cra_blocksize = SHA3_256_BLOCK_SIZE,
2948 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2949 				.cra_init = safexcel_hmac_sha3_256_cra_init,
2950 				.cra_exit = safexcel_hmac_sha3_cra_exit,
2951 				.cra_module = THIS_MODULE,
2952 			},
2953 		},
2954 	},
2955 };
2956 
2957 static int safexcel_hmac_sha3_384_init(struct ahash_request *areq)
2958 {
2959 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2960 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2961 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
2962 
2963 	memset(req, 0, sizeof(*req));
2964 
2965 	/* Copy (half of) the key */
2966 	memcpy(req->state, &ctx->base.ipad, SHA3_384_BLOCK_SIZE / 2);
2967 	/* Start of HMAC should have len == processed == blocksize */
2968 	req->len	= SHA3_384_BLOCK_SIZE;
2969 	req->processed	= SHA3_384_BLOCK_SIZE;
2970 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_384;
2971 	req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
2972 	req->state_sz = SHA3_384_BLOCK_SIZE / 2;
2973 	req->digest_sz = SHA3_384_DIGEST_SIZE;
2974 	req->block_sz = SHA3_384_BLOCK_SIZE;
2975 	req->hmac = true;
2976 	ctx->do_fallback = false;
2977 	ctx->fb_init_done = false;
2978 	return 0;
2979 }
2980 
2981 static int safexcel_hmac_sha3_384_digest(struct ahash_request *req)
2982 {
2983 	if (req->nbytes)
2984 		return safexcel_hmac_sha3_384_init(req) ?:
2985 		       safexcel_ahash_finup(req);
2986 
2987 	/* HW cannot do zero length HMAC, use fallback instead */
2988 	return safexcel_sha3_digest_fallback(req);
2989 }
2990 
2991 static int safexcel_hmac_sha3_384_cra_init(struct crypto_tfm *tfm)
2992 {
2993 	return safexcel_hmac_sha3_cra_init(tfm, "sha3-384");
2994 }
2995 
2996 struct safexcel_alg_template safexcel_alg_hmac_sha3_384 = {
2997 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2998 	.algo_mask = SAFEXCEL_ALG_SHA3,
2999 	.alg.ahash = {
3000 		.init = safexcel_hmac_sha3_384_init,
3001 		.update = safexcel_sha3_update,
3002 		.final = safexcel_sha3_final,
3003 		.finup = safexcel_sha3_finup,
3004 		.digest = safexcel_hmac_sha3_384_digest,
3005 		.setkey = safexcel_hmac_sha3_setkey,
3006 		.export = safexcel_sha3_export,
3007 		.import = safexcel_sha3_import,
3008 		.halg = {
3009 			.digestsize = SHA3_384_DIGEST_SIZE,
3010 			.statesize = sizeof(struct safexcel_ahash_export_state),
3011 			.base = {
3012 				.cra_name = "hmac(sha3-384)",
3013 				.cra_driver_name = "safexcel-hmac-sha3-384",
3014 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
3015 				.cra_flags = CRYPTO_ALG_ASYNC |
3016 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
3017 					     CRYPTO_ALG_NEED_FALLBACK,
3018 				.cra_blocksize = SHA3_384_BLOCK_SIZE,
3019 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
3020 				.cra_init = safexcel_hmac_sha3_384_cra_init,
3021 				.cra_exit = safexcel_hmac_sha3_cra_exit,
3022 				.cra_module = THIS_MODULE,
3023 			},
3024 		},
3025 	},
3026 };
3027 
3028 static int safexcel_hmac_sha3_512_init(struct ahash_request *areq)
3029 {
3030 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
3031 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
3032 	struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);
3033 
3034 	memset(req, 0, sizeof(*req));
3035 
3036 	/* Copy (half of) the key */
3037 	memcpy(req->state, &ctx->base.ipad, SHA3_512_BLOCK_SIZE / 2);
3038 	/* Start of HMAC should have len == processed == blocksize */
3039 	req->len	= SHA3_512_BLOCK_SIZE;
3040 	req->processed	= SHA3_512_BLOCK_SIZE;
3041 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_512;
3042 	req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
3043 	req->state_sz = SHA3_512_BLOCK_SIZE / 2;
3044 	req->digest_sz = SHA3_512_DIGEST_SIZE;
3045 	req->block_sz = SHA3_512_BLOCK_SIZE;
3046 	req->hmac = true;
3047 	ctx->do_fallback = false;
3048 	ctx->fb_init_done = false;
3049 	return 0;
3050 }
3051 
3052 static int safexcel_hmac_sha3_512_digest(struct ahash_request *req)
3053 {
3054 	if (req->nbytes)
3055 		return safexcel_hmac_sha3_512_init(req) ?:
3056 		       safexcel_ahash_finup(req);
3057 
3058 	/* HW cannot do zero length HMAC, use fallback instead */
3059 	return safexcel_sha3_digest_fallback(req);
3060 }
3061 
3062 static int safexcel_hmac_sha3_512_cra_init(struct crypto_tfm *tfm)
3063 {
3064 	return safexcel_hmac_sha3_cra_init(tfm, "sha3-512");
3065 }
3066 struct safexcel_alg_template safexcel_alg_hmac_sha3_512 = {
3067 	.type = SAFEXCEL_ALG_TYPE_AHASH,
3068 	.algo_mask = SAFEXCEL_ALG_SHA3,
3069 	.alg.ahash = {
3070 		.init = safexcel_hmac_sha3_512_init,
3071 		.update = safexcel_sha3_update,
3072 		.final = safexcel_sha3_final,
3073 		.finup = safexcel_sha3_finup,
3074 		.digest = safexcel_hmac_sha3_512_digest,
3075 		.setkey = safexcel_hmac_sha3_setkey,
3076 		.export = safexcel_sha3_export,
3077 		.import = safexcel_sha3_import,
3078 		.halg = {
3079 			.digestsize = SHA3_512_DIGEST_SIZE,
3080 			.statesize = sizeof(struct safexcel_ahash_export_state),
3081 			.base = {
3082 				.cra_name = "hmac(sha3-512)",
3083 				.cra_driver_name = "safexcel-hmac-sha3-512",
3084 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
3085 				.cra_flags = CRYPTO_ALG_ASYNC |
3086 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
3087 					     CRYPTO_ALG_NEED_FALLBACK,
3088 				.cra_blocksize = SHA3_512_BLOCK_SIZE,
3089 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
3090 				.cra_init = safexcel_hmac_sha3_512_cra_init,
3091 				.cra_exit = safexcel_hmac_sha3_cra_exit,
3092 				.cra_module = THIS_MODULE,
3093 			},
3094 		},
3095 	},
3096 };
3097