1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2017 Marvell
4  *
5  * Antoine Tenart <antoine.tenart@free-electrons.com>
6  */
7 
8 #include <crypto/aes.h>
9 #include <crypto/hmac.h>
10 #include <crypto/md5.h>
11 #include <crypto/sha1.h>
12 #include <crypto/sha2.h>
13 #include <crypto/sha3.h>
14 #include <crypto/skcipher.h>
15 #include <crypto/sm3.h>
16 #include <crypto/internal/cipher.h>
17 #include <linux/device.h>
18 #include <linux/dma-mapping.h>
19 #include <linux/dmapool.h>
20 
21 #include "safexcel.h"
22 
23 struct safexcel_ahash_ctx {
24 	struct safexcel_context base;
25 
26 	u32 alg;
27 	u8  key_sz;
28 	bool cbcmac;
29 	bool do_fallback;
30 	bool fb_init_done;
31 	bool fb_do_setkey;
32 
33 	struct crypto_aes_ctx *aes;
34 	struct crypto_ahash *fback;
35 	struct crypto_shash *shpre;
36 	struct shash_desc *shdesc;
37 };
38 
39 struct safexcel_ahash_req {
40 	bool last_req;
41 	bool finish;
42 	bool hmac;
43 	bool needs_inv;
44 	bool hmac_zlen;
45 	bool len_is_le;
46 	bool not_first;
47 	bool xcbcmac;
48 
49 	int nents;
50 	dma_addr_t result_dma;
51 
52 	u32 digest;
53 
54 	u8 state_sz;    /* expected state size, only set once */
55 	u8 block_sz;    /* block size, only set once */
56 	u8 digest_sz;   /* output digest size, only set once */
57 	__le32 state[SHA3_512_BLOCK_SIZE /
58 		     sizeof(__le32)] __aligned(sizeof(__le32));
59 
60 	u64 len;
61 	u64 processed;
62 
63 	u8 cache[HASH_CACHE_SIZE] __aligned(sizeof(u32));
64 	dma_addr_t cache_dma;
65 	unsigned int cache_sz;
66 
67 	u8 cache_next[HASH_CACHE_SIZE] __aligned(sizeof(u32));
68 };
69 
70 static inline u64 safexcel_queued_len(struct safexcel_ahash_req *req)
71 {
72 	return req->len - req->processed;
73 }
74 
75 static void safexcel_hash_token(struct safexcel_command_desc *cdesc,
76 				u32 input_length, u32 result_length,
77 				bool cbcmac)
78 {
79 	struct safexcel_token *token =
80 		(struct safexcel_token *)cdesc->control_data.token;
81 
82 	token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
83 	token[0].packet_length = input_length;
84 	token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;
85 
86 	input_length &= 15;
87 	if (unlikely(cbcmac && input_length)) {
88 		token[0].stat =  0;
89 		token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;
90 		token[1].packet_length = 16 - input_length;
91 		token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
92 		token[1].instructions = EIP197_TOKEN_INS_TYPE_HASH;
93 	} else {
94 		token[0].stat = EIP197_TOKEN_STAT_LAST_HASH;
95 		eip197_noop_token(&token[1]);
96 	}
97 
98 	token[2].opcode = EIP197_TOKEN_OPCODE_INSERT;
99 	token[2].stat = EIP197_TOKEN_STAT_LAST_HASH |
100 			EIP197_TOKEN_STAT_LAST_PACKET;
101 	token[2].packet_length = result_length;
102 	token[2].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |
103 				EIP197_TOKEN_INS_INSERT_HASH_DIGEST;
104 
105 	eip197_noop_token(&token[3]);
106 }
107 
108 static void safexcel_context_control(struct safexcel_ahash_ctx *ctx,
109 				     struct safexcel_ahash_req *req,
110 				     struct safexcel_command_desc *cdesc)
111 {
112 	struct safexcel_crypto_priv *priv = ctx->base.priv;
113 	u64 count = 0;
114 
115 	cdesc->control_data.control0 = ctx->alg;
116 	cdesc->control_data.control1 = 0;
117 
118 	/*
119 	 * Copy the input digest if needed, and setup the context
120 	 * fields. Do this now as we need it to setup the first command
121 	 * descriptor.
122 	 */
123 	if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM)) {
124 		if (req->xcbcmac)
125 			memcpy(ctx->base.ctxr->data, &ctx->base.ipad, ctx->key_sz);
126 		else
127 			memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
128 
129 		if (!req->finish && req->xcbcmac)
130 			cdesc->control_data.control0 |=
131 				CONTEXT_CONTROL_DIGEST_XCM |
132 				CONTEXT_CONTROL_TYPE_HASH_OUT  |
133 				CONTEXT_CONTROL_NO_FINISH_HASH |
134 				CONTEXT_CONTROL_SIZE(req->state_sz /
135 						     sizeof(u32));
136 		else
137 			cdesc->control_data.control0 |=
138 				CONTEXT_CONTROL_DIGEST_XCM |
139 				CONTEXT_CONTROL_TYPE_HASH_OUT  |
140 				CONTEXT_CONTROL_SIZE(req->state_sz /
141 						     sizeof(u32));
142 		return;
143 	} else if (!req->processed) {
144 		/* First - and possibly only - block of basic hash only */
145 		if (req->finish)
146 			cdesc->control_data.control0 |= req->digest |
147 				CONTEXT_CONTROL_TYPE_HASH_OUT |
148 				CONTEXT_CONTROL_RESTART_HASH  |
149 				/* ensure its not 0! */
150 				CONTEXT_CONTROL_SIZE(1);
151 		else
152 			cdesc->control_data.control0 |= req->digest |
153 				CONTEXT_CONTROL_TYPE_HASH_OUT  |
154 				CONTEXT_CONTROL_RESTART_HASH   |
155 				CONTEXT_CONTROL_NO_FINISH_HASH |
156 				/* ensure its not 0! */
157 				CONTEXT_CONTROL_SIZE(1);
158 		return;
159 	}
160 
161 	/* Hash continuation or HMAC, setup (inner) digest from state */
162 	memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
163 
164 	if (req->finish) {
165 		/* Compute digest count for hash/HMAC finish operations */
166 		if ((req->digest == CONTEXT_CONTROL_DIGEST_PRECOMPUTED) ||
167 		    req->hmac_zlen || (req->processed != req->block_sz)) {
168 			count = req->processed / EIP197_COUNTER_BLOCK_SIZE;
169 
170 			/* This is a hardware limitation, as the
171 			 * counter must fit into an u32. This represents
172 			 * a fairly big amount of input data, so we
173 			 * shouldn't see this.
174 			 */
175 			if (unlikely(count & 0xffffffff00000000ULL)) {
176 				dev_warn(priv->dev,
177 					 "Input data is too big\n");
178 				return;
179 			}
180 		}
181 
182 		if ((req->digest == CONTEXT_CONTROL_DIGEST_PRECOMPUTED) ||
183 		    /* Special case: zero length HMAC */
184 		    req->hmac_zlen ||
185 		    /* PE HW < 4.4 cannot do HMAC continue, fake using hash */
186 		    (req->processed != req->block_sz)) {
187 			/* Basic hash continue operation, need digest + cnt */
188 			cdesc->control_data.control0 |=
189 				CONTEXT_CONTROL_SIZE((req->state_sz >> 2) + 1) |
190 				CONTEXT_CONTROL_TYPE_HASH_OUT |
191 				CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
192 			/* For zero-len HMAC, don't finalize, already padded! */
193 			if (req->hmac_zlen)
194 				cdesc->control_data.control0 |=
195 					CONTEXT_CONTROL_NO_FINISH_HASH;
196 			cdesc->control_data.control1 |=
197 				CONTEXT_CONTROL_DIGEST_CNT;
198 			ctx->base.ctxr->data[req->state_sz >> 2] =
199 				cpu_to_le32(count);
200 			req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
201 
202 			/* Clear zero-length HMAC flag for next operation! */
203 			req->hmac_zlen = false;
204 		} else { /* HMAC */
205 			/* Need outer digest for HMAC finalization */
206 			memcpy(ctx->base.ctxr->data + (req->state_sz >> 2),
207 			       &ctx->base.opad, req->state_sz);
208 
209 			/* Single pass HMAC - no digest count */
210 			cdesc->control_data.control0 |=
211 				CONTEXT_CONTROL_SIZE(req->state_sz >> 1) |
212 				CONTEXT_CONTROL_TYPE_HASH_OUT |
213 				CONTEXT_CONTROL_DIGEST_HMAC;
214 		}
215 	} else { /* Hash continuation, do not finish yet */
216 		cdesc->control_data.control0 |=
217 			CONTEXT_CONTROL_SIZE(req->state_sz >> 2) |
218 			CONTEXT_CONTROL_DIGEST_PRECOMPUTED |
219 			CONTEXT_CONTROL_TYPE_HASH_OUT |
220 			CONTEXT_CONTROL_NO_FINISH_HASH;
221 	}
222 }
223 
224 static int safexcel_ahash_enqueue(struct ahash_request *areq);
225 
226 static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv,
227 				      int ring,
228 				      struct crypto_async_request *async,
229 				      bool *should_complete, int *ret)
230 {
231 	struct safexcel_result_desc *rdesc;
232 	struct ahash_request *areq = ahash_request_cast(async);
233 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq);
234 	struct safexcel_ahash_req *sreq = ahash_request_ctx(areq);
235 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(ahash);
236 	u64 cache_len;
237 
238 	*ret = 0;
239 
240 	rdesc = safexcel_ring_next_rptr(priv, &priv->ring[ring].rdr);
241 	if (IS_ERR(rdesc)) {
242 		dev_err(priv->dev,
243 			"hash: result: could not retrieve the result descriptor\n");
244 		*ret = PTR_ERR(rdesc);
245 	} else {
246 		*ret = safexcel_rdesc_check_errors(priv, rdesc);
247 	}
248 
249 	safexcel_complete(priv, ring);
250 
251 	if (sreq->nents) {
252 		dma_unmap_sg(priv->dev, areq->src, sreq->nents, DMA_TO_DEVICE);
253 		sreq->nents = 0;
254 	}
255 
256 	if (sreq->result_dma) {
257 		dma_unmap_single(priv->dev, sreq->result_dma, sreq->digest_sz,
258 				 DMA_FROM_DEVICE);
259 		sreq->result_dma = 0;
260 	}
261 
262 	if (sreq->cache_dma) {
263 		dma_unmap_single(priv->dev, sreq->cache_dma, sreq->cache_sz,
264 				 DMA_TO_DEVICE);
265 		sreq->cache_dma = 0;
266 		sreq->cache_sz = 0;
267 	}
268 
269 	if (sreq->finish) {
270 		if (sreq->hmac &&
271 		    (sreq->digest != CONTEXT_CONTROL_DIGEST_HMAC)) {
272 			/* Faking HMAC using hash - need to do outer hash */
273 			memcpy(sreq->cache, sreq->state,
274 			       crypto_ahash_digestsize(ahash));
275 
276 			memcpy(sreq->state, &ctx->base.opad, sreq->digest_sz);
277 
278 			sreq->len = sreq->block_sz +
279 				    crypto_ahash_digestsize(ahash);
280 			sreq->processed = sreq->block_sz;
281 			sreq->hmac = 0;
282 
283 			if (priv->flags & EIP197_TRC_CACHE)
284 				ctx->base.needs_inv = true;
285 			areq->nbytes = 0;
286 			safexcel_ahash_enqueue(areq);
287 
288 			*should_complete = false; /* Not done yet */
289 			return 1;
290 		}
291 
292 		if (unlikely(sreq->digest == CONTEXT_CONTROL_DIGEST_XCM &&
293 			     ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_CRC32)) {
294 			/* Undo final XOR with 0xffffffff ...*/
295 			*(__le32 *)areq->result = ~sreq->state[0];
296 		} else {
297 			memcpy(areq->result, sreq->state,
298 			       crypto_ahash_digestsize(ahash));
299 		}
300 	}
301 
302 	cache_len = safexcel_queued_len(sreq);
303 	if (cache_len)
304 		memcpy(sreq->cache, sreq->cache_next, cache_len);
305 
306 	*should_complete = true;
307 
308 	return 1;
309 }
310 
311 static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,
312 				   int *commands, int *results)
313 {
314 	struct ahash_request *areq = ahash_request_cast(async);
315 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
316 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
317 	struct safexcel_crypto_priv *priv = ctx->base.priv;
318 	struct safexcel_command_desc *cdesc, *first_cdesc = NULL;
319 	struct safexcel_result_desc *rdesc;
320 	struct scatterlist *sg;
321 	struct safexcel_token *dmmy;
322 	int i, extra = 0, n_cdesc = 0, ret = 0, cache_len, skip = 0;
323 	u64 queued, len;
324 
325 	queued = safexcel_queued_len(req);
326 	if (queued <= HASH_CACHE_SIZE)
327 		cache_len = queued;
328 	else
329 		cache_len = queued - areq->nbytes;
330 
331 	if (!req->finish && !req->last_req) {
332 		/* If this is not the last request and the queued data does not
333 		 * fit into full cache blocks, cache it for the next send call.
334 		 */
335 		extra = queued & (HASH_CACHE_SIZE - 1);
336 
337 		/* If this is not the last request and the queued data
338 		 * is a multiple of a block, cache the last one for now.
339 		 */
340 		if (!extra)
341 			extra = HASH_CACHE_SIZE;
342 
343 		sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),
344 				   req->cache_next, extra,
345 				   areq->nbytes - extra);
346 
347 		queued -= extra;
348 
349 		if (!queued) {
350 			*commands = 0;
351 			*results = 0;
352 			return 0;
353 		}
354 
355 		extra = 0;
356 	}
357 
358 	if (unlikely(req->xcbcmac && req->processed > AES_BLOCK_SIZE)) {
359 		if (unlikely(cache_len < AES_BLOCK_SIZE)) {
360 			/*
361 			 * Cache contains less than 1 full block, complete.
362 			 */
363 			extra = AES_BLOCK_SIZE - cache_len;
364 			if (queued > cache_len) {
365 				/* More data follows: borrow bytes */
366 				u64 tmp = queued - cache_len;
367 
368 				skip = min_t(u64, tmp, extra);
369 				sg_pcopy_to_buffer(areq->src,
370 					sg_nents(areq->src),
371 					req->cache + cache_len,
372 					skip, 0);
373 			}
374 			extra -= skip;
375 			memset(req->cache + cache_len + skip, 0, extra);
376 			if (!ctx->cbcmac && extra) {
377 				// 10- padding for XCBCMAC & CMAC
378 				req->cache[cache_len + skip] = 0x80;
379 				// HW will use K2 iso K3 - compensate!
380 				for (i = 0; i < AES_BLOCK_SIZE / 4; i++) {
381 					u32 *cache = (void *)req->cache;
382 					u32 *ipad = ctx->base.ipad.word;
383 					u32 x;
384 
385 					x = ipad[i] ^ ipad[i + 4];
386 					cache[i] ^= swab32(x);
387 				}
388 			}
389 			cache_len = AES_BLOCK_SIZE;
390 			queued = queued + extra;
391 		}
392 
393 		/* XCBC continue: XOR previous result into 1st word */
394 		crypto_xor(req->cache, (const u8 *)req->state, AES_BLOCK_SIZE);
395 	}
396 
397 	len = queued;
398 	/* Add a command descriptor for the cached data, if any */
399 	if (cache_len) {
400 		req->cache_dma = dma_map_single(priv->dev, req->cache,
401 						cache_len, DMA_TO_DEVICE);
402 		if (dma_mapping_error(priv->dev, req->cache_dma))
403 			return -EINVAL;
404 
405 		req->cache_sz = cache_len;
406 		first_cdesc = safexcel_add_cdesc(priv, ring, 1,
407 						 (cache_len == len),
408 						 req->cache_dma, cache_len,
409 						 len, ctx->base.ctxr_dma,
410 						 &dmmy);
411 		if (IS_ERR(first_cdesc)) {
412 			ret = PTR_ERR(first_cdesc);
413 			goto unmap_cache;
414 		}
415 		n_cdesc++;
416 
417 		queued -= cache_len;
418 		if (!queued)
419 			goto send_command;
420 	}
421 
422 	/* Now handle the current ahash request buffer(s) */
423 	req->nents = dma_map_sg(priv->dev, areq->src,
424 				sg_nents_for_len(areq->src,
425 						 areq->nbytes),
426 				DMA_TO_DEVICE);
427 	if (!req->nents) {
428 		ret = -ENOMEM;
429 		goto cdesc_rollback;
430 	}
431 
432 	for_each_sg(areq->src, sg, req->nents, i) {
433 		int sglen = sg_dma_len(sg);
434 
435 		if (unlikely(sglen <= skip)) {
436 			skip -= sglen;
437 			continue;
438 		}
439 
440 		/* Do not overflow the request */
441 		if ((queued + skip) <= sglen)
442 			sglen = queued;
443 		else
444 			sglen -= skip;
445 
446 		cdesc = safexcel_add_cdesc(priv, ring, !n_cdesc,
447 					   !(queued - sglen),
448 					   sg_dma_address(sg) + skip, sglen,
449 					   len, ctx->base.ctxr_dma, &dmmy);
450 		if (IS_ERR(cdesc)) {
451 			ret = PTR_ERR(cdesc);
452 			goto unmap_sg;
453 		}
454 
455 		if (!n_cdesc)
456 			first_cdesc = cdesc;
457 		n_cdesc++;
458 
459 		queued -= sglen;
460 		if (!queued)
461 			break;
462 		skip = 0;
463 	}
464 
465 send_command:
466 	/* Setup the context options */
467 	safexcel_context_control(ctx, req, first_cdesc);
468 
469 	/* Add the token */
470 	safexcel_hash_token(first_cdesc, len, req->digest_sz, ctx->cbcmac);
471 
472 	req->result_dma = dma_map_single(priv->dev, req->state, req->digest_sz,
473 					 DMA_FROM_DEVICE);
474 	if (dma_mapping_error(priv->dev, req->result_dma)) {
475 		ret = -EINVAL;
476 		goto unmap_sg;
477 	}
478 
479 	/* Add a result descriptor */
480 	rdesc = safexcel_add_rdesc(priv, ring, 1, 1, req->result_dma,
481 				   req->digest_sz);
482 	if (IS_ERR(rdesc)) {
483 		ret = PTR_ERR(rdesc);
484 		goto unmap_result;
485 	}
486 
487 	safexcel_rdr_req_set(priv, ring, rdesc, &areq->base);
488 
489 	req->processed += len - extra;
490 
491 	*commands = n_cdesc;
492 	*results = 1;
493 	return 0;
494 
495 unmap_result:
496 	dma_unmap_single(priv->dev, req->result_dma, req->digest_sz,
497 			 DMA_FROM_DEVICE);
498 unmap_sg:
499 	if (req->nents) {
500 		dma_unmap_sg(priv->dev, areq->src, req->nents, DMA_TO_DEVICE);
501 		req->nents = 0;
502 	}
503 cdesc_rollback:
504 	for (i = 0; i < n_cdesc; i++)
505 		safexcel_ring_rollback_wptr(priv, &priv->ring[ring].cdr);
506 unmap_cache:
507 	if (req->cache_dma) {
508 		dma_unmap_single(priv->dev, req->cache_dma, req->cache_sz,
509 				 DMA_TO_DEVICE);
510 		req->cache_dma = 0;
511 		req->cache_sz = 0;
512 	}
513 
514 	return ret;
515 }
516 
517 static int safexcel_handle_inv_result(struct safexcel_crypto_priv *priv,
518 				      int ring,
519 				      struct crypto_async_request *async,
520 				      bool *should_complete, int *ret)
521 {
522 	struct safexcel_result_desc *rdesc;
523 	struct ahash_request *areq = ahash_request_cast(async);
524 	struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq);
525 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(ahash);
526 	int enq_ret;
527 
528 	*ret = 0;
529 
530 	rdesc = safexcel_ring_next_rptr(priv, &priv->ring[ring].rdr);
531 	if (IS_ERR(rdesc)) {
532 		dev_err(priv->dev,
533 			"hash: invalidate: could not retrieve the result descriptor\n");
534 		*ret = PTR_ERR(rdesc);
535 	} else {
536 		*ret = safexcel_rdesc_check_errors(priv, rdesc);
537 	}
538 
539 	safexcel_complete(priv, ring);
540 
541 	if (ctx->base.exit_inv) {
542 		dma_pool_free(priv->context_pool, ctx->base.ctxr,
543 			      ctx->base.ctxr_dma);
544 
545 		*should_complete = true;
546 		return 1;
547 	}
548 
549 	ring = safexcel_select_ring(priv);
550 	ctx->base.ring = ring;
551 
552 	spin_lock_bh(&priv->ring[ring].queue_lock);
553 	enq_ret = crypto_enqueue_request(&priv->ring[ring].queue, async);
554 	spin_unlock_bh(&priv->ring[ring].queue_lock);
555 
556 	if (enq_ret != -EINPROGRESS)
557 		*ret = enq_ret;
558 
559 	queue_work(priv->ring[ring].workqueue,
560 		   &priv->ring[ring].work_data.work);
561 
562 	*should_complete = false;
563 
564 	return 1;
565 }
566 
567 static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring,
568 				  struct crypto_async_request *async,
569 				  bool *should_complete, int *ret)
570 {
571 	struct ahash_request *areq = ahash_request_cast(async);
572 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
573 	int err;
574 
575 	BUG_ON(!(priv->flags & EIP197_TRC_CACHE) && req->needs_inv);
576 
577 	if (req->needs_inv) {
578 		req->needs_inv = false;
579 		err = safexcel_handle_inv_result(priv, ring, async,
580 						 should_complete, ret);
581 	} else {
582 		err = safexcel_handle_req_result(priv, ring, async,
583 						 should_complete, ret);
584 	}
585 
586 	return err;
587 }
588 
589 static int safexcel_ahash_send_inv(struct crypto_async_request *async,
590 				   int ring, int *commands, int *results)
591 {
592 	struct ahash_request *areq = ahash_request_cast(async);
593 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
594 	int ret;
595 
596 	ret = safexcel_invalidate_cache(async, ctx->base.priv,
597 					ctx->base.ctxr_dma, ring);
598 	if (unlikely(ret))
599 		return ret;
600 
601 	*commands = 1;
602 	*results = 1;
603 
604 	return 0;
605 }
606 
607 static int safexcel_ahash_send(struct crypto_async_request *async,
608 			       int ring, int *commands, int *results)
609 {
610 	struct ahash_request *areq = ahash_request_cast(async);
611 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
612 	int ret;
613 
614 	if (req->needs_inv)
615 		ret = safexcel_ahash_send_inv(async, ring, commands, results);
616 	else
617 		ret = safexcel_ahash_send_req(async, ring, commands, results);
618 
619 	return ret;
620 }
621 
622 static int safexcel_ahash_exit_inv(struct crypto_tfm *tfm)
623 {
624 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
625 	struct safexcel_crypto_priv *priv = ctx->base.priv;
626 	EIP197_REQUEST_ON_STACK(req, ahash, EIP197_AHASH_REQ_SIZE);
627 	struct safexcel_ahash_req *rctx = ahash_request_ctx(req);
628 	struct safexcel_inv_result result = {};
629 	int ring = ctx->base.ring;
630 
631 	memset(req, 0, EIP197_AHASH_REQ_SIZE);
632 
633 	/* create invalidation request */
634 	init_completion(&result.completion);
635 	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
636 				   safexcel_inv_complete, &result);
637 
638 	ahash_request_set_tfm(req, __crypto_ahash_cast(tfm));
639 	ctx = crypto_tfm_ctx(req->base.tfm);
640 	ctx->base.exit_inv = true;
641 	rctx->needs_inv = true;
642 
643 	spin_lock_bh(&priv->ring[ring].queue_lock);
644 	crypto_enqueue_request(&priv->ring[ring].queue, &req->base);
645 	spin_unlock_bh(&priv->ring[ring].queue_lock);
646 
647 	queue_work(priv->ring[ring].workqueue,
648 		   &priv->ring[ring].work_data.work);
649 
650 	wait_for_completion(&result.completion);
651 
652 	if (result.error) {
653 		dev_warn(priv->dev, "hash: completion error (%d)\n",
654 			 result.error);
655 		return result.error;
656 	}
657 
658 	return 0;
659 }
660 
661 /* safexcel_ahash_cache: cache data until at least one request can be sent to
662  * the engine, aka. when there is at least 1 block size in the pipe.
663  */
664 static int safexcel_ahash_cache(struct ahash_request *areq)
665 {
666 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
667 	u64 cache_len;
668 
669 	/* cache_len: everything accepted by the driver but not sent yet,
670 	 * tot sz handled by update() - last req sz - tot sz handled by send()
671 	 */
672 	cache_len = safexcel_queued_len(req);
673 
674 	/*
675 	 * In case there isn't enough bytes to proceed (less than a
676 	 * block size), cache the data until we have enough.
677 	 */
678 	if (cache_len + areq->nbytes <= HASH_CACHE_SIZE) {
679 		sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),
680 				   req->cache + cache_len,
681 				   areq->nbytes, 0);
682 		return 0;
683 	}
684 
685 	/* We couldn't cache all the data */
686 	return -E2BIG;
687 }
688 
689 static int safexcel_ahash_enqueue(struct ahash_request *areq)
690 {
691 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
692 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
693 	struct safexcel_crypto_priv *priv = ctx->base.priv;
694 	int ret, ring;
695 
696 	req->needs_inv = false;
697 
698 	if (ctx->base.ctxr) {
699 		if (priv->flags & EIP197_TRC_CACHE && !ctx->base.needs_inv &&
700 		     /* invalidate for *any* non-XCBC continuation */
701 		   ((req->not_first && !req->xcbcmac) ||
702 		     /* invalidate if (i)digest changed */
703 		     memcmp(ctx->base.ctxr->data, req->state, req->state_sz) ||
704 		     /* invalidate for HMAC finish with odigest changed */
705 		     (req->finish && req->hmac &&
706 		      memcmp(ctx->base.ctxr->data + (req->state_sz>>2),
707 			     &ctx->base.opad, req->state_sz))))
708 			/*
709 			 * We're still setting needs_inv here, even though it is
710 			 * cleared right away, because the needs_inv flag can be
711 			 * set in other functions and we want to keep the same
712 			 * logic.
713 			 */
714 			ctx->base.needs_inv = true;
715 
716 		if (ctx->base.needs_inv) {
717 			ctx->base.needs_inv = false;
718 			req->needs_inv = true;
719 		}
720 	} else {
721 		ctx->base.ring = safexcel_select_ring(priv);
722 		ctx->base.ctxr = dma_pool_zalloc(priv->context_pool,
723 						 EIP197_GFP_FLAGS(areq->base),
724 						 &ctx->base.ctxr_dma);
725 		if (!ctx->base.ctxr)
726 			return -ENOMEM;
727 	}
728 	req->not_first = true;
729 
730 	ring = ctx->base.ring;
731 
732 	spin_lock_bh(&priv->ring[ring].queue_lock);
733 	ret = crypto_enqueue_request(&priv->ring[ring].queue, &areq->base);
734 	spin_unlock_bh(&priv->ring[ring].queue_lock);
735 
736 	queue_work(priv->ring[ring].workqueue,
737 		   &priv->ring[ring].work_data.work);
738 
739 	return ret;
740 }
741 
742 static int safexcel_ahash_update(struct ahash_request *areq)
743 {
744 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
745 	int ret;
746 
747 	/* If the request is 0 length, do nothing */
748 	if (!areq->nbytes)
749 		return 0;
750 
751 	/* Add request to the cache if it fits */
752 	ret = safexcel_ahash_cache(areq);
753 
754 	/* Update total request length */
755 	req->len += areq->nbytes;
756 
757 	/* If not all data could fit into the cache, go process the excess.
758 	 * Also go process immediately for an HMAC IV precompute, which
759 	 * will never be finished at all, but needs to be processed anyway.
760 	 */
761 	if ((ret && !req->finish) || req->last_req)
762 		return safexcel_ahash_enqueue(areq);
763 
764 	return 0;
765 }
766 
767 static int safexcel_ahash_final(struct ahash_request *areq)
768 {
769 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
770 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
771 
772 	req->finish = true;
773 
774 	if (unlikely(!req->len && !areq->nbytes)) {
775 		/*
776 		 * If we have an overall 0 length *hash* request:
777 		 * The HW cannot do 0 length hash, so we provide the correct
778 		 * result directly here.
779 		 */
780 		if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_MD5)
781 			memcpy(areq->result, md5_zero_message_hash,
782 			       MD5_DIGEST_SIZE);
783 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA1)
784 			memcpy(areq->result, sha1_zero_message_hash,
785 			       SHA1_DIGEST_SIZE);
786 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA224)
787 			memcpy(areq->result, sha224_zero_message_hash,
788 			       SHA224_DIGEST_SIZE);
789 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA256)
790 			memcpy(areq->result, sha256_zero_message_hash,
791 			       SHA256_DIGEST_SIZE);
792 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA384)
793 			memcpy(areq->result, sha384_zero_message_hash,
794 			       SHA384_DIGEST_SIZE);
795 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA512)
796 			memcpy(areq->result, sha512_zero_message_hash,
797 			       SHA512_DIGEST_SIZE);
798 		else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SM3) {
799 			memcpy(areq->result,
800 			       EIP197_SM3_ZEROM_HASH, SM3_DIGEST_SIZE);
801 		}
802 
803 		return 0;
804 	} else if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM &&
805 			    ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_MD5 &&
806 			    req->len == sizeof(u32) && !areq->nbytes)) {
807 		/* Zero length CRC32 */
808 		memcpy(areq->result, &ctx->base.ipad, sizeof(u32));
809 		return 0;
810 	} else if (unlikely(ctx->cbcmac && req->len == AES_BLOCK_SIZE &&
811 			    !areq->nbytes)) {
812 		/* Zero length CBC MAC */
813 		memset(areq->result, 0, AES_BLOCK_SIZE);
814 		return 0;
815 	} else if (unlikely(req->xcbcmac && req->len == AES_BLOCK_SIZE &&
816 			    !areq->nbytes)) {
817 		/* Zero length (X)CBC/CMAC */
818 		int i;
819 
820 		for (i = 0; i < AES_BLOCK_SIZE / sizeof(u32); i++) {
821 			u32 *result = (void *)areq->result;
822 
823 			/* K3 */
824 			result[i] = swab32(ctx->base.ipad.word[i + 4]);
825 		}
826 		areq->result[0] ^= 0x80;			// 10- padding
827 		aes_encrypt(ctx->aes, areq->result, areq->result);
828 		return 0;
829 	} else if (unlikely(req->hmac &&
830 			    (req->len == req->block_sz) &&
831 			    !areq->nbytes)) {
832 		/*
833 		 * If we have an overall 0 length *HMAC* request:
834 		 * For HMAC, we need to finalize the inner digest
835 		 * and then perform the outer hash.
836 		 */
837 
838 		/* generate pad block in the cache */
839 		/* start with a hash block of all zeroes */
840 		memset(req->cache, 0, req->block_sz);
841 		/* set the first byte to 0x80 to 'append a 1 bit' */
842 		req->cache[0] = 0x80;
843 		/* add the length in bits in the last 2 bytes */
844 		if (req->len_is_le) {
845 			/* Little endian length word (e.g. MD5) */
846 			req->cache[req->block_sz-8] = (req->block_sz << 3) &
847 						      255;
848 			req->cache[req->block_sz-7] = (req->block_sz >> 5);
849 		} else {
850 			/* Big endian length word (e.g. any SHA) */
851 			req->cache[req->block_sz-2] = (req->block_sz >> 5);
852 			req->cache[req->block_sz-1] = (req->block_sz << 3) &
853 						      255;
854 		}
855 
856 		req->len += req->block_sz; /* plus 1 hash block */
857 
858 		/* Set special zero-length HMAC flag */
859 		req->hmac_zlen = true;
860 
861 		/* Finalize HMAC */
862 		req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
863 	} else if (req->hmac) {
864 		/* Finalize HMAC */
865 		req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
866 	}
867 
868 	return safexcel_ahash_enqueue(areq);
869 }
870 
871 static int safexcel_ahash_finup(struct ahash_request *areq)
872 {
873 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
874 
875 	req->finish = true;
876 
877 	safexcel_ahash_update(areq);
878 	return safexcel_ahash_final(areq);
879 }
880 
881 static int safexcel_ahash_export(struct ahash_request *areq, void *out)
882 {
883 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
884 	struct safexcel_ahash_export_state *export = out;
885 
886 	export->len = req->len;
887 	export->processed = req->processed;
888 
889 	export->digest = req->digest;
890 
891 	memcpy(export->state, req->state, req->state_sz);
892 	memcpy(export->cache, req->cache, HASH_CACHE_SIZE);
893 
894 	return 0;
895 }
896 
897 static int safexcel_ahash_import(struct ahash_request *areq, const void *in)
898 {
899 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
900 	const struct safexcel_ahash_export_state *export = in;
901 	int ret;
902 
903 	ret = crypto_ahash_init(areq);
904 	if (ret)
905 		return ret;
906 
907 	req->len = export->len;
908 	req->processed = export->processed;
909 
910 	req->digest = export->digest;
911 
912 	memcpy(req->cache, export->cache, HASH_CACHE_SIZE);
913 	memcpy(req->state, export->state, req->state_sz);
914 
915 	return 0;
916 }
917 
918 static int safexcel_ahash_cra_init(struct crypto_tfm *tfm)
919 {
920 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
921 	struct safexcel_alg_template *tmpl =
922 		container_of(__crypto_ahash_alg(tfm->__crt_alg),
923 			     struct safexcel_alg_template, alg.ahash);
924 
925 	ctx->base.priv = tmpl->priv;
926 	ctx->base.send = safexcel_ahash_send;
927 	ctx->base.handle_result = safexcel_handle_result;
928 	ctx->fb_do_setkey = false;
929 
930 	crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
931 				 sizeof(struct safexcel_ahash_req));
932 	return 0;
933 }
934 
935 static int safexcel_sha1_init(struct ahash_request *areq)
936 {
937 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
938 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
939 
940 	memset(req, 0, sizeof(*req));
941 
942 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1;
943 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
944 	req->state_sz = SHA1_DIGEST_SIZE;
945 	req->digest_sz = SHA1_DIGEST_SIZE;
946 	req->block_sz = SHA1_BLOCK_SIZE;
947 
948 	return 0;
949 }
950 
951 static int safexcel_sha1_digest(struct ahash_request *areq)
952 {
953 	int ret = safexcel_sha1_init(areq);
954 
955 	if (ret)
956 		return ret;
957 
958 	return safexcel_ahash_finup(areq);
959 }
960 
961 static void safexcel_ahash_cra_exit(struct crypto_tfm *tfm)
962 {
963 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
964 	struct safexcel_crypto_priv *priv = ctx->base.priv;
965 	int ret;
966 
967 	/* context not allocated, skip invalidation */
968 	if (!ctx->base.ctxr)
969 		return;
970 
971 	if (priv->flags & EIP197_TRC_CACHE) {
972 		ret = safexcel_ahash_exit_inv(tfm);
973 		if (ret)
974 			dev_warn(priv->dev, "hash: invalidation error %d\n", ret);
975 	} else {
976 		dma_pool_free(priv->context_pool, ctx->base.ctxr,
977 			      ctx->base.ctxr_dma);
978 	}
979 }
980 
981 struct safexcel_alg_template safexcel_alg_sha1 = {
982 	.type = SAFEXCEL_ALG_TYPE_AHASH,
983 	.algo_mask = SAFEXCEL_ALG_SHA1,
984 	.alg.ahash = {
985 		.init = safexcel_sha1_init,
986 		.update = safexcel_ahash_update,
987 		.final = safexcel_ahash_final,
988 		.finup = safexcel_ahash_finup,
989 		.digest = safexcel_sha1_digest,
990 		.export = safexcel_ahash_export,
991 		.import = safexcel_ahash_import,
992 		.halg = {
993 			.digestsize = SHA1_DIGEST_SIZE,
994 			.statesize = sizeof(struct safexcel_ahash_export_state),
995 			.base = {
996 				.cra_name = "sha1",
997 				.cra_driver_name = "safexcel-sha1",
998 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
999 				.cra_flags = CRYPTO_ALG_ASYNC |
1000 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1001 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1002 				.cra_blocksize = SHA1_BLOCK_SIZE,
1003 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1004 				.cra_init = safexcel_ahash_cra_init,
1005 				.cra_exit = safexcel_ahash_cra_exit,
1006 				.cra_module = THIS_MODULE,
1007 			},
1008 		},
1009 	},
1010 };
1011 
1012 static int safexcel_hmac_sha1_init(struct ahash_request *areq)
1013 {
1014 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1015 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1016 
1017 	memset(req, 0, sizeof(*req));
1018 
1019 	/* Start from ipad precompute */
1020 	memcpy(req->state, &ctx->base.ipad, SHA1_DIGEST_SIZE);
1021 	/* Already processed the key^ipad part now! */
1022 	req->len	= SHA1_BLOCK_SIZE;
1023 	req->processed	= SHA1_BLOCK_SIZE;
1024 
1025 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1;
1026 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1027 	req->state_sz = SHA1_DIGEST_SIZE;
1028 	req->digest_sz = SHA1_DIGEST_SIZE;
1029 	req->block_sz = SHA1_BLOCK_SIZE;
1030 	req->hmac = true;
1031 
1032 	return 0;
1033 }
1034 
1035 static int safexcel_hmac_sha1_digest(struct ahash_request *areq)
1036 {
1037 	int ret = safexcel_hmac_sha1_init(areq);
1038 
1039 	if (ret)
1040 		return ret;
1041 
1042 	return safexcel_ahash_finup(areq);
1043 }
1044 
1045 struct safexcel_ahash_result {
1046 	struct completion completion;
1047 	int error;
1048 };
1049 
1050 static void safexcel_ahash_complete(struct crypto_async_request *req, int error)
1051 {
1052 	struct safexcel_ahash_result *result = req->data;
1053 
1054 	if (error == -EINPROGRESS)
1055 		return;
1056 
1057 	result->error = error;
1058 	complete(&result->completion);
1059 }
1060 
1061 static int safexcel_hmac_init_pad(struct ahash_request *areq,
1062 				  unsigned int blocksize, const u8 *key,
1063 				  unsigned int keylen, u8 *ipad, u8 *opad)
1064 {
1065 	struct safexcel_ahash_result result;
1066 	struct scatterlist sg;
1067 	int ret, i;
1068 	u8 *keydup;
1069 
1070 	if (keylen <= blocksize) {
1071 		memcpy(ipad, key, keylen);
1072 	} else {
1073 		keydup = kmemdup(key, keylen, GFP_KERNEL);
1074 		if (!keydup)
1075 			return -ENOMEM;
1076 
1077 		ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_BACKLOG,
1078 					   safexcel_ahash_complete, &result);
1079 		sg_init_one(&sg, keydup, keylen);
1080 		ahash_request_set_crypt(areq, &sg, ipad, keylen);
1081 		init_completion(&result.completion);
1082 
1083 		ret = crypto_ahash_digest(areq);
1084 		if (ret == -EINPROGRESS || ret == -EBUSY) {
1085 			wait_for_completion_interruptible(&result.completion);
1086 			ret = result.error;
1087 		}
1088 
1089 		/* Avoid leaking */
1090 		kfree_sensitive(keydup);
1091 
1092 		if (ret)
1093 			return ret;
1094 
1095 		keylen = crypto_ahash_digestsize(crypto_ahash_reqtfm(areq));
1096 	}
1097 
1098 	memset(ipad + keylen, 0, blocksize - keylen);
1099 	memcpy(opad, ipad, blocksize);
1100 
1101 	for (i = 0; i < blocksize; i++) {
1102 		ipad[i] ^= HMAC_IPAD_VALUE;
1103 		opad[i] ^= HMAC_OPAD_VALUE;
1104 	}
1105 
1106 	return 0;
1107 }
1108 
1109 static int safexcel_hmac_init_iv(struct ahash_request *areq,
1110 				 unsigned int blocksize, u8 *pad, void *state)
1111 {
1112 	struct safexcel_ahash_result result;
1113 	struct safexcel_ahash_req *req;
1114 	struct scatterlist sg;
1115 	int ret;
1116 
1117 	ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_BACKLOG,
1118 				   safexcel_ahash_complete, &result);
1119 	sg_init_one(&sg, pad, blocksize);
1120 	ahash_request_set_crypt(areq, &sg, pad, blocksize);
1121 	init_completion(&result.completion);
1122 
1123 	ret = crypto_ahash_init(areq);
1124 	if (ret)
1125 		return ret;
1126 
1127 	req = ahash_request_ctx(areq);
1128 	req->hmac = true;
1129 	req->last_req = true;
1130 
1131 	ret = crypto_ahash_update(areq);
1132 	if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1133 		return ret;
1134 
1135 	wait_for_completion_interruptible(&result.completion);
1136 	if (result.error)
1137 		return result.error;
1138 
1139 	return crypto_ahash_export(areq, state);
1140 }
1141 
1142 static int __safexcel_hmac_setkey(const char *alg, const u8 *key,
1143 				  unsigned int keylen,
1144 				  void *istate, void *ostate)
1145 {
1146 	struct ahash_request *areq;
1147 	struct crypto_ahash *tfm;
1148 	unsigned int blocksize;
1149 	u8 *ipad, *opad;
1150 	int ret;
1151 
1152 	tfm = crypto_alloc_ahash(alg, 0, 0);
1153 	if (IS_ERR(tfm))
1154 		return PTR_ERR(tfm);
1155 
1156 	areq = ahash_request_alloc(tfm, GFP_KERNEL);
1157 	if (!areq) {
1158 		ret = -ENOMEM;
1159 		goto free_ahash;
1160 	}
1161 
1162 	crypto_ahash_clear_flags(tfm, ~0);
1163 	blocksize = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
1164 
1165 	ipad = kcalloc(2, blocksize, GFP_KERNEL);
1166 	if (!ipad) {
1167 		ret = -ENOMEM;
1168 		goto free_request;
1169 	}
1170 
1171 	opad = ipad + blocksize;
1172 
1173 	ret = safexcel_hmac_init_pad(areq, blocksize, key, keylen, ipad, opad);
1174 	if (ret)
1175 		goto free_ipad;
1176 
1177 	ret = safexcel_hmac_init_iv(areq, blocksize, ipad, istate);
1178 	if (ret)
1179 		goto free_ipad;
1180 
1181 	ret = safexcel_hmac_init_iv(areq, blocksize, opad, ostate);
1182 
1183 free_ipad:
1184 	kfree(ipad);
1185 free_request:
1186 	ahash_request_free(areq);
1187 free_ahash:
1188 	crypto_free_ahash(tfm);
1189 
1190 	return ret;
1191 }
1192 
1193 int safexcel_hmac_setkey(struct safexcel_context *base, const u8 *key,
1194 			 unsigned int keylen, const char *alg,
1195 			 unsigned int state_sz)
1196 {
1197 	struct safexcel_crypto_priv *priv = base->priv;
1198 	struct safexcel_ahash_export_state istate, ostate;
1199 	int ret;
1200 
1201 	ret = __safexcel_hmac_setkey(alg, key, keylen, &istate, &ostate);
1202 	if (ret)
1203 		return ret;
1204 
1205 	if (priv->flags & EIP197_TRC_CACHE && base->ctxr &&
1206 	    (memcmp(&base->ipad, istate.state, state_sz) ||
1207 	     memcmp(&base->opad, ostate.state, state_sz)))
1208 		base->needs_inv = true;
1209 
1210 	memcpy(&base->ipad, &istate.state, state_sz);
1211 	memcpy(&base->opad, &ostate.state, state_sz);
1212 
1213 	return 0;
1214 }
1215 
1216 static int safexcel_hmac_alg_setkey(struct crypto_ahash *tfm, const u8 *key,
1217 				    unsigned int keylen, const char *alg,
1218 				    unsigned int state_sz)
1219 {
1220 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
1221 
1222 	return safexcel_hmac_setkey(&ctx->base, key, keylen, alg, state_sz);
1223 }
1224 
1225 static int safexcel_hmac_sha1_setkey(struct crypto_ahash *tfm, const u8 *key,
1226 				     unsigned int keylen)
1227 {
1228 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha1",
1229 					SHA1_DIGEST_SIZE);
1230 }
1231 
1232 struct safexcel_alg_template safexcel_alg_hmac_sha1 = {
1233 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1234 	.algo_mask = SAFEXCEL_ALG_SHA1,
1235 	.alg.ahash = {
1236 		.init = safexcel_hmac_sha1_init,
1237 		.update = safexcel_ahash_update,
1238 		.final = safexcel_ahash_final,
1239 		.finup = safexcel_ahash_finup,
1240 		.digest = safexcel_hmac_sha1_digest,
1241 		.setkey = safexcel_hmac_sha1_setkey,
1242 		.export = safexcel_ahash_export,
1243 		.import = safexcel_ahash_import,
1244 		.halg = {
1245 			.digestsize = SHA1_DIGEST_SIZE,
1246 			.statesize = sizeof(struct safexcel_ahash_export_state),
1247 			.base = {
1248 				.cra_name = "hmac(sha1)",
1249 				.cra_driver_name = "safexcel-hmac-sha1",
1250 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1251 				.cra_flags = CRYPTO_ALG_ASYNC |
1252 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1253 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1254 				.cra_blocksize = SHA1_BLOCK_SIZE,
1255 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1256 				.cra_init = safexcel_ahash_cra_init,
1257 				.cra_exit = safexcel_ahash_cra_exit,
1258 				.cra_module = THIS_MODULE,
1259 			},
1260 		},
1261 	},
1262 };
1263 
1264 static int safexcel_sha256_init(struct ahash_request *areq)
1265 {
1266 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1267 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1268 
1269 	memset(req, 0, sizeof(*req));
1270 
1271 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA256;
1272 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1273 	req->state_sz = SHA256_DIGEST_SIZE;
1274 	req->digest_sz = SHA256_DIGEST_SIZE;
1275 	req->block_sz = SHA256_BLOCK_SIZE;
1276 
1277 	return 0;
1278 }
1279 
1280 static int safexcel_sha256_digest(struct ahash_request *areq)
1281 {
1282 	int ret = safexcel_sha256_init(areq);
1283 
1284 	if (ret)
1285 		return ret;
1286 
1287 	return safexcel_ahash_finup(areq);
1288 }
1289 
1290 struct safexcel_alg_template safexcel_alg_sha256 = {
1291 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1292 	.algo_mask = SAFEXCEL_ALG_SHA2_256,
1293 	.alg.ahash = {
1294 		.init = safexcel_sha256_init,
1295 		.update = safexcel_ahash_update,
1296 		.final = safexcel_ahash_final,
1297 		.finup = safexcel_ahash_finup,
1298 		.digest = safexcel_sha256_digest,
1299 		.export = safexcel_ahash_export,
1300 		.import = safexcel_ahash_import,
1301 		.halg = {
1302 			.digestsize = SHA256_DIGEST_SIZE,
1303 			.statesize = sizeof(struct safexcel_ahash_export_state),
1304 			.base = {
1305 				.cra_name = "sha256",
1306 				.cra_driver_name = "safexcel-sha256",
1307 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1308 				.cra_flags = CRYPTO_ALG_ASYNC |
1309 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1310 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1311 				.cra_blocksize = SHA256_BLOCK_SIZE,
1312 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1313 				.cra_init = safexcel_ahash_cra_init,
1314 				.cra_exit = safexcel_ahash_cra_exit,
1315 				.cra_module = THIS_MODULE,
1316 			},
1317 		},
1318 	},
1319 };
1320 
1321 static int safexcel_sha224_init(struct ahash_request *areq)
1322 {
1323 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1324 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1325 
1326 	memset(req, 0, sizeof(*req));
1327 
1328 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA224;
1329 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1330 	req->state_sz = SHA256_DIGEST_SIZE;
1331 	req->digest_sz = SHA256_DIGEST_SIZE;
1332 	req->block_sz = SHA256_BLOCK_SIZE;
1333 
1334 	return 0;
1335 }
1336 
1337 static int safexcel_sha224_digest(struct ahash_request *areq)
1338 {
1339 	int ret = safexcel_sha224_init(areq);
1340 
1341 	if (ret)
1342 		return ret;
1343 
1344 	return safexcel_ahash_finup(areq);
1345 }
1346 
1347 struct safexcel_alg_template safexcel_alg_sha224 = {
1348 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1349 	.algo_mask = SAFEXCEL_ALG_SHA2_256,
1350 	.alg.ahash = {
1351 		.init = safexcel_sha224_init,
1352 		.update = safexcel_ahash_update,
1353 		.final = safexcel_ahash_final,
1354 		.finup = safexcel_ahash_finup,
1355 		.digest = safexcel_sha224_digest,
1356 		.export = safexcel_ahash_export,
1357 		.import = safexcel_ahash_import,
1358 		.halg = {
1359 			.digestsize = SHA224_DIGEST_SIZE,
1360 			.statesize = sizeof(struct safexcel_ahash_export_state),
1361 			.base = {
1362 				.cra_name = "sha224",
1363 				.cra_driver_name = "safexcel-sha224",
1364 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1365 				.cra_flags = CRYPTO_ALG_ASYNC |
1366 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1367 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1368 				.cra_blocksize = SHA224_BLOCK_SIZE,
1369 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1370 				.cra_init = safexcel_ahash_cra_init,
1371 				.cra_exit = safexcel_ahash_cra_exit,
1372 				.cra_module = THIS_MODULE,
1373 			},
1374 		},
1375 	},
1376 };
1377 
1378 static int safexcel_hmac_sha224_setkey(struct crypto_ahash *tfm, const u8 *key,
1379 				       unsigned int keylen)
1380 {
1381 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha224",
1382 					SHA256_DIGEST_SIZE);
1383 }
1384 
1385 static int safexcel_hmac_sha224_init(struct ahash_request *areq)
1386 {
1387 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1388 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1389 
1390 	memset(req, 0, sizeof(*req));
1391 
1392 	/* Start from ipad precompute */
1393 	memcpy(req->state, &ctx->base.ipad, SHA256_DIGEST_SIZE);
1394 	/* Already processed the key^ipad part now! */
1395 	req->len	= SHA256_BLOCK_SIZE;
1396 	req->processed	= SHA256_BLOCK_SIZE;
1397 
1398 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA224;
1399 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1400 	req->state_sz = SHA256_DIGEST_SIZE;
1401 	req->digest_sz = SHA256_DIGEST_SIZE;
1402 	req->block_sz = SHA256_BLOCK_SIZE;
1403 	req->hmac = true;
1404 
1405 	return 0;
1406 }
1407 
1408 static int safexcel_hmac_sha224_digest(struct ahash_request *areq)
1409 {
1410 	int ret = safexcel_hmac_sha224_init(areq);
1411 
1412 	if (ret)
1413 		return ret;
1414 
1415 	return safexcel_ahash_finup(areq);
1416 }
1417 
1418 struct safexcel_alg_template safexcel_alg_hmac_sha224 = {
1419 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1420 	.algo_mask = SAFEXCEL_ALG_SHA2_256,
1421 	.alg.ahash = {
1422 		.init = safexcel_hmac_sha224_init,
1423 		.update = safexcel_ahash_update,
1424 		.final = safexcel_ahash_final,
1425 		.finup = safexcel_ahash_finup,
1426 		.digest = safexcel_hmac_sha224_digest,
1427 		.setkey = safexcel_hmac_sha224_setkey,
1428 		.export = safexcel_ahash_export,
1429 		.import = safexcel_ahash_import,
1430 		.halg = {
1431 			.digestsize = SHA224_DIGEST_SIZE,
1432 			.statesize = sizeof(struct safexcel_ahash_export_state),
1433 			.base = {
1434 				.cra_name = "hmac(sha224)",
1435 				.cra_driver_name = "safexcel-hmac-sha224",
1436 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1437 				.cra_flags = CRYPTO_ALG_ASYNC |
1438 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1439 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1440 				.cra_blocksize = SHA224_BLOCK_SIZE,
1441 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1442 				.cra_init = safexcel_ahash_cra_init,
1443 				.cra_exit = safexcel_ahash_cra_exit,
1444 				.cra_module = THIS_MODULE,
1445 			},
1446 		},
1447 	},
1448 };
1449 
1450 static int safexcel_hmac_sha256_setkey(struct crypto_ahash *tfm, const u8 *key,
1451 				     unsigned int keylen)
1452 {
1453 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha256",
1454 					SHA256_DIGEST_SIZE);
1455 }
1456 
1457 static int safexcel_hmac_sha256_init(struct ahash_request *areq)
1458 {
1459 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1460 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1461 
1462 	memset(req, 0, sizeof(*req));
1463 
1464 	/* Start from ipad precompute */
1465 	memcpy(req->state, &ctx->base.ipad, SHA256_DIGEST_SIZE);
1466 	/* Already processed the key^ipad part now! */
1467 	req->len	= SHA256_BLOCK_SIZE;
1468 	req->processed	= SHA256_BLOCK_SIZE;
1469 
1470 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA256;
1471 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1472 	req->state_sz = SHA256_DIGEST_SIZE;
1473 	req->digest_sz = SHA256_DIGEST_SIZE;
1474 	req->block_sz = SHA256_BLOCK_SIZE;
1475 	req->hmac = true;
1476 
1477 	return 0;
1478 }
1479 
1480 static int safexcel_hmac_sha256_digest(struct ahash_request *areq)
1481 {
1482 	int ret = safexcel_hmac_sha256_init(areq);
1483 
1484 	if (ret)
1485 		return ret;
1486 
1487 	return safexcel_ahash_finup(areq);
1488 }
1489 
1490 struct safexcel_alg_template safexcel_alg_hmac_sha256 = {
1491 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1492 	.algo_mask = SAFEXCEL_ALG_SHA2_256,
1493 	.alg.ahash = {
1494 		.init = safexcel_hmac_sha256_init,
1495 		.update = safexcel_ahash_update,
1496 		.final = safexcel_ahash_final,
1497 		.finup = safexcel_ahash_finup,
1498 		.digest = safexcel_hmac_sha256_digest,
1499 		.setkey = safexcel_hmac_sha256_setkey,
1500 		.export = safexcel_ahash_export,
1501 		.import = safexcel_ahash_import,
1502 		.halg = {
1503 			.digestsize = SHA256_DIGEST_SIZE,
1504 			.statesize = sizeof(struct safexcel_ahash_export_state),
1505 			.base = {
1506 				.cra_name = "hmac(sha256)",
1507 				.cra_driver_name = "safexcel-hmac-sha256",
1508 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1509 				.cra_flags = CRYPTO_ALG_ASYNC |
1510 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1511 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1512 				.cra_blocksize = SHA256_BLOCK_SIZE,
1513 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1514 				.cra_init = safexcel_ahash_cra_init,
1515 				.cra_exit = safexcel_ahash_cra_exit,
1516 				.cra_module = THIS_MODULE,
1517 			},
1518 		},
1519 	},
1520 };
1521 
1522 static int safexcel_sha512_init(struct ahash_request *areq)
1523 {
1524 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1525 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1526 
1527 	memset(req, 0, sizeof(*req));
1528 
1529 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA512;
1530 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1531 	req->state_sz = SHA512_DIGEST_SIZE;
1532 	req->digest_sz = SHA512_DIGEST_SIZE;
1533 	req->block_sz = SHA512_BLOCK_SIZE;
1534 
1535 	return 0;
1536 }
1537 
1538 static int safexcel_sha512_digest(struct ahash_request *areq)
1539 {
1540 	int ret = safexcel_sha512_init(areq);
1541 
1542 	if (ret)
1543 		return ret;
1544 
1545 	return safexcel_ahash_finup(areq);
1546 }
1547 
1548 struct safexcel_alg_template safexcel_alg_sha512 = {
1549 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1550 	.algo_mask = SAFEXCEL_ALG_SHA2_512,
1551 	.alg.ahash = {
1552 		.init = safexcel_sha512_init,
1553 		.update = safexcel_ahash_update,
1554 		.final = safexcel_ahash_final,
1555 		.finup = safexcel_ahash_finup,
1556 		.digest = safexcel_sha512_digest,
1557 		.export = safexcel_ahash_export,
1558 		.import = safexcel_ahash_import,
1559 		.halg = {
1560 			.digestsize = SHA512_DIGEST_SIZE,
1561 			.statesize = sizeof(struct safexcel_ahash_export_state),
1562 			.base = {
1563 				.cra_name = "sha512",
1564 				.cra_driver_name = "safexcel-sha512",
1565 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1566 				.cra_flags = CRYPTO_ALG_ASYNC |
1567 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1568 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1569 				.cra_blocksize = SHA512_BLOCK_SIZE,
1570 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1571 				.cra_init = safexcel_ahash_cra_init,
1572 				.cra_exit = safexcel_ahash_cra_exit,
1573 				.cra_module = THIS_MODULE,
1574 			},
1575 		},
1576 	},
1577 };
1578 
1579 static int safexcel_sha384_init(struct ahash_request *areq)
1580 {
1581 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1582 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1583 
1584 	memset(req, 0, sizeof(*req));
1585 
1586 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA384;
1587 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1588 	req->state_sz = SHA512_DIGEST_SIZE;
1589 	req->digest_sz = SHA512_DIGEST_SIZE;
1590 	req->block_sz = SHA512_BLOCK_SIZE;
1591 
1592 	return 0;
1593 }
1594 
1595 static int safexcel_sha384_digest(struct ahash_request *areq)
1596 {
1597 	int ret = safexcel_sha384_init(areq);
1598 
1599 	if (ret)
1600 		return ret;
1601 
1602 	return safexcel_ahash_finup(areq);
1603 }
1604 
1605 struct safexcel_alg_template safexcel_alg_sha384 = {
1606 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1607 	.algo_mask = SAFEXCEL_ALG_SHA2_512,
1608 	.alg.ahash = {
1609 		.init = safexcel_sha384_init,
1610 		.update = safexcel_ahash_update,
1611 		.final = safexcel_ahash_final,
1612 		.finup = safexcel_ahash_finup,
1613 		.digest = safexcel_sha384_digest,
1614 		.export = safexcel_ahash_export,
1615 		.import = safexcel_ahash_import,
1616 		.halg = {
1617 			.digestsize = SHA384_DIGEST_SIZE,
1618 			.statesize = sizeof(struct safexcel_ahash_export_state),
1619 			.base = {
1620 				.cra_name = "sha384",
1621 				.cra_driver_name = "safexcel-sha384",
1622 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1623 				.cra_flags = CRYPTO_ALG_ASYNC |
1624 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1625 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1626 				.cra_blocksize = SHA384_BLOCK_SIZE,
1627 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1628 				.cra_init = safexcel_ahash_cra_init,
1629 				.cra_exit = safexcel_ahash_cra_exit,
1630 				.cra_module = THIS_MODULE,
1631 			},
1632 		},
1633 	},
1634 };
1635 
1636 static int safexcel_hmac_sha512_setkey(struct crypto_ahash *tfm, const u8 *key,
1637 				       unsigned int keylen)
1638 {
1639 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha512",
1640 					SHA512_DIGEST_SIZE);
1641 }
1642 
1643 static int safexcel_hmac_sha512_init(struct ahash_request *areq)
1644 {
1645 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1646 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1647 
1648 	memset(req, 0, sizeof(*req));
1649 
1650 	/* Start from ipad precompute */
1651 	memcpy(req->state, &ctx->base.ipad, SHA512_DIGEST_SIZE);
1652 	/* Already processed the key^ipad part now! */
1653 	req->len	= SHA512_BLOCK_SIZE;
1654 	req->processed	= SHA512_BLOCK_SIZE;
1655 
1656 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA512;
1657 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1658 	req->state_sz = SHA512_DIGEST_SIZE;
1659 	req->digest_sz = SHA512_DIGEST_SIZE;
1660 	req->block_sz = SHA512_BLOCK_SIZE;
1661 	req->hmac = true;
1662 
1663 	return 0;
1664 }
1665 
1666 static int safexcel_hmac_sha512_digest(struct ahash_request *areq)
1667 {
1668 	int ret = safexcel_hmac_sha512_init(areq);
1669 
1670 	if (ret)
1671 		return ret;
1672 
1673 	return safexcel_ahash_finup(areq);
1674 }
1675 
1676 struct safexcel_alg_template safexcel_alg_hmac_sha512 = {
1677 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1678 	.algo_mask = SAFEXCEL_ALG_SHA2_512,
1679 	.alg.ahash = {
1680 		.init = safexcel_hmac_sha512_init,
1681 		.update = safexcel_ahash_update,
1682 		.final = safexcel_ahash_final,
1683 		.finup = safexcel_ahash_finup,
1684 		.digest = safexcel_hmac_sha512_digest,
1685 		.setkey = safexcel_hmac_sha512_setkey,
1686 		.export = safexcel_ahash_export,
1687 		.import = safexcel_ahash_import,
1688 		.halg = {
1689 			.digestsize = SHA512_DIGEST_SIZE,
1690 			.statesize = sizeof(struct safexcel_ahash_export_state),
1691 			.base = {
1692 				.cra_name = "hmac(sha512)",
1693 				.cra_driver_name = "safexcel-hmac-sha512",
1694 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1695 				.cra_flags = CRYPTO_ALG_ASYNC |
1696 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1697 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1698 				.cra_blocksize = SHA512_BLOCK_SIZE,
1699 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1700 				.cra_init = safexcel_ahash_cra_init,
1701 				.cra_exit = safexcel_ahash_cra_exit,
1702 				.cra_module = THIS_MODULE,
1703 			},
1704 		},
1705 	},
1706 };
1707 
1708 static int safexcel_hmac_sha384_setkey(struct crypto_ahash *tfm, const u8 *key,
1709 				       unsigned int keylen)
1710 {
1711 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha384",
1712 					SHA512_DIGEST_SIZE);
1713 }
1714 
1715 static int safexcel_hmac_sha384_init(struct ahash_request *areq)
1716 {
1717 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1718 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1719 
1720 	memset(req, 0, sizeof(*req));
1721 
1722 	/* Start from ipad precompute */
1723 	memcpy(req->state, &ctx->base.ipad, SHA512_DIGEST_SIZE);
1724 	/* Already processed the key^ipad part now! */
1725 	req->len	= SHA512_BLOCK_SIZE;
1726 	req->processed	= SHA512_BLOCK_SIZE;
1727 
1728 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA384;
1729 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1730 	req->state_sz = SHA512_DIGEST_SIZE;
1731 	req->digest_sz = SHA512_DIGEST_SIZE;
1732 	req->block_sz = SHA512_BLOCK_SIZE;
1733 	req->hmac = true;
1734 
1735 	return 0;
1736 }
1737 
1738 static int safexcel_hmac_sha384_digest(struct ahash_request *areq)
1739 {
1740 	int ret = safexcel_hmac_sha384_init(areq);
1741 
1742 	if (ret)
1743 		return ret;
1744 
1745 	return safexcel_ahash_finup(areq);
1746 }
1747 
1748 struct safexcel_alg_template safexcel_alg_hmac_sha384 = {
1749 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1750 	.algo_mask = SAFEXCEL_ALG_SHA2_512,
1751 	.alg.ahash = {
1752 		.init = safexcel_hmac_sha384_init,
1753 		.update = safexcel_ahash_update,
1754 		.final = safexcel_ahash_final,
1755 		.finup = safexcel_ahash_finup,
1756 		.digest = safexcel_hmac_sha384_digest,
1757 		.setkey = safexcel_hmac_sha384_setkey,
1758 		.export = safexcel_ahash_export,
1759 		.import = safexcel_ahash_import,
1760 		.halg = {
1761 			.digestsize = SHA384_DIGEST_SIZE,
1762 			.statesize = sizeof(struct safexcel_ahash_export_state),
1763 			.base = {
1764 				.cra_name = "hmac(sha384)",
1765 				.cra_driver_name = "safexcel-hmac-sha384",
1766 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1767 				.cra_flags = CRYPTO_ALG_ASYNC |
1768 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1769 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1770 				.cra_blocksize = SHA384_BLOCK_SIZE,
1771 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1772 				.cra_init = safexcel_ahash_cra_init,
1773 				.cra_exit = safexcel_ahash_cra_exit,
1774 				.cra_module = THIS_MODULE,
1775 			},
1776 		},
1777 	},
1778 };
1779 
1780 static int safexcel_md5_init(struct ahash_request *areq)
1781 {
1782 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1783 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1784 
1785 	memset(req, 0, sizeof(*req));
1786 
1787 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_MD5;
1788 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1789 	req->state_sz = MD5_DIGEST_SIZE;
1790 	req->digest_sz = MD5_DIGEST_SIZE;
1791 	req->block_sz = MD5_HMAC_BLOCK_SIZE;
1792 
1793 	return 0;
1794 }
1795 
1796 static int safexcel_md5_digest(struct ahash_request *areq)
1797 {
1798 	int ret = safexcel_md5_init(areq);
1799 
1800 	if (ret)
1801 		return ret;
1802 
1803 	return safexcel_ahash_finup(areq);
1804 }
1805 
1806 struct safexcel_alg_template safexcel_alg_md5 = {
1807 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1808 	.algo_mask = SAFEXCEL_ALG_MD5,
1809 	.alg.ahash = {
1810 		.init = safexcel_md5_init,
1811 		.update = safexcel_ahash_update,
1812 		.final = safexcel_ahash_final,
1813 		.finup = safexcel_ahash_finup,
1814 		.digest = safexcel_md5_digest,
1815 		.export = safexcel_ahash_export,
1816 		.import = safexcel_ahash_import,
1817 		.halg = {
1818 			.digestsize = MD5_DIGEST_SIZE,
1819 			.statesize = sizeof(struct safexcel_ahash_export_state),
1820 			.base = {
1821 				.cra_name = "md5",
1822 				.cra_driver_name = "safexcel-md5",
1823 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1824 				.cra_flags = CRYPTO_ALG_ASYNC |
1825 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1826 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1827 				.cra_blocksize = MD5_HMAC_BLOCK_SIZE,
1828 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1829 				.cra_init = safexcel_ahash_cra_init,
1830 				.cra_exit = safexcel_ahash_cra_exit,
1831 				.cra_module = THIS_MODULE,
1832 			},
1833 		},
1834 	},
1835 };
1836 
1837 static int safexcel_hmac_md5_init(struct ahash_request *areq)
1838 {
1839 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1840 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1841 
1842 	memset(req, 0, sizeof(*req));
1843 
1844 	/* Start from ipad precompute */
1845 	memcpy(req->state, &ctx->base.ipad, MD5_DIGEST_SIZE);
1846 	/* Already processed the key^ipad part now! */
1847 	req->len	= MD5_HMAC_BLOCK_SIZE;
1848 	req->processed	= MD5_HMAC_BLOCK_SIZE;
1849 
1850 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_MD5;
1851 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
1852 	req->state_sz = MD5_DIGEST_SIZE;
1853 	req->digest_sz = MD5_DIGEST_SIZE;
1854 	req->block_sz = MD5_HMAC_BLOCK_SIZE;
1855 	req->len_is_le = true; /* MD5 is little endian! ... */
1856 	req->hmac = true;
1857 
1858 	return 0;
1859 }
1860 
1861 static int safexcel_hmac_md5_setkey(struct crypto_ahash *tfm, const u8 *key,
1862 				     unsigned int keylen)
1863 {
1864 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-md5",
1865 					MD5_DIGEST_SIZE);
1866 }
1867 
1868 static int safexcel_hmac_md5_digest(struct ahash_request *areq)
1869 {
1870 	int ret = safexcel_hmac_md5_init(areq);
1871 
1872 	if (ret)
1873 		return ret;
1874 
1875 	return safexcel_ahash_finup(areq);
1876 }
1877 
1878 struct safexcel_alg_template safexcel_alg_hmac_md5 = {
1879 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1880 	.algo_mask = SAFEXCEL_ALG_MD5,
1881 	.alg.ahash = {
1882 		.init = safexcel_hmac_md5_init,
1883 		.update = safexcel_ahash_update,
1884 		.final = safexcel_ahash_final,
1885 		.finup = safexcel_ahash_finup,
1886 		.digest = safexcel_hmac_md5_digest,
1887 		.setkey = safexcel_hmac_md5_setkey,
1888 		.export = safexcel_ahash_export,
1889 		.import = safexcel_ahash_import,
1890 		.halg = {
1891 			.digestsize = MD5_DIGEST_SIZE,
1892 			.statesize = sizeof(struct safexcel_ahash_export_state),
1893 			.base = {
1894 				.cra_name = "hmac(md5)",
1895 				.cra_driver_name = "safexcel-hmac-md5",
1896 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1897 				.cra_flags = CRYPTO_ALG_ASYNC |
1898 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1899 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1900 				.cra_blocksize = MD5_HMAC_BLOCK_SIZE,
1901 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1902 				.cra_init = safexcel_ahash_cra_init,
1903 				.cra_exit = safexcel_ahash_cra_exit,
1904 				.cra_module = THIS_MODULE,
1905 			},
1906 		},
1907 	},
1908 };
1909 
1910 static int safexcel_crc32_cra_init(struct crypto_tfm *tfm)
1911 {
1912 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
1913 	int ret = safexcel_ahash_cra_init(tfm);
1914 
1915 	/* Default 'key' is all zeroes */
1916 	memset(&ctx->base.ipad, 0, sizeof(u32));
1917 	return ret;
1918 }
1919 
1920 static int safexcel_crc32_init(struct ahash_request *areq)
1921 {
1922 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1923 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1924 
1925 	memset(req, 0, sizeof(*req));
1926 
1927 	/* Start from loaded key */
1928 	req->state[0]	= cpu_to_le32(~ctx->base.ipad.word[0]);
1929 	/* Set processed to non-zero to enable invalidation detection */
1930 	req->len	= sizeof(u32);
1931 	req->processed	= sizeof(u32);
1932 
1933 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_CRC32;
1934 	req->digest = CONTEXT_CONTROL_DIGEST_XCM;
1935 	req->state_sz = sizeof(u32);
1936 	req->digest_sz = sizeof(u32);
1937 	req->block_sz = sizeof(u32);
1938 
1939 	return 0;
1940 }
1941 
1942 static int safexcel_crc32_setkey(struct crypto_ahash *tfm, const u8 *key,
1943 				 unsigned int keylen)
1944 {
1945 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
1946 
1947 	if (keylen != sizeof(u32))
1948 		return -EINVAL;
1949 
1950 	memcpy(&ctx->base.ipad, key, sizeof(u32));
1951 	return 0;
1952 }
1953 
1954 static int safexcel_crc32_digest(struct ahash_request *areq)
1955 {
1956 	return safexcel_crc32_init(areq) ?: safexcel_ahash_finup(areq);
1957 }
1958 
1959 struct safexcel_alg_template safexcel_alg_crc32 = {
1960 	.type = SAFEXCEL_ALG_TYPE_AHASH,
1961 	.algo_mask = 0,
1962 	.alg.ahash = {
1963 		.init = safexcel_crc32_init,
1964 		.update = safexcel_ahash_update,
1965 		.final = safexcel_ahash_final,
1966 		.finup = safexcel_ahash_finup,
1967 		.digest = safexcel_crc32_digest,
1968 		.setkey = safexcel_crc32_setkey,
1969 		.export = safexcel_ahash_export,
1970 		.import = safexcel_ahash_import,
1971 		.halg = {
1972 			.digestsize = sizeof(u32),
1973 			.statesize = sizeof(struct safexcel_ahash_export_state),
1974 			.base = {
1975 				.cra_name = "crc32",
1976 				.cra_driver_name = "safexcel-crc32",
1977 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
1978 				.cra_flags = CRYPTO_ALG_OPTIONAL_KEY |
1979 					     CRYPTO_ALG_ASYNC |
1980 					     CRYPTO_ALG_ALLOCATES_MEMORY |
1981 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
1982 				.cra_blocksize = 1,
1983 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
1984 				.cra_init = safexcel_crc32_cra_init,
1985 				.cra_exit = safexcel_ahash_cra_exit,
1986 				.cra_module = THIS_MODULE,
1987 			},
1988 		},
1989 	},
1990 };
1991 
1992 static int safexcel_cbcmac_init(struct ahash_request *areq)
1993 {
1994 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
1995 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
1996 
1997 	memset(req, 0, sizeof(*req));
1998 
1999 	/* Start from loaded keys */
2000 	memcpy(req->state, &ctx->base.ipad, ctx->key_sz);
2001 	/* Set processed to non-zero to enable invalidation detection */
2002 	req->len	= AES_BLOCK_SIZE;
2003 	req->processed	= AES_BLOCK_SIZE;
2004 
2005 	req->digest   = CONTEXT_CONTROL_DIGEST_XCM;
2006 	req->state_sz = ctx->key_sz;
2007 	req->digest_sz = AES_BLOCK_SIZE;
2008 	req->block_sz = AES_BLOCK_SIZE;
2009 	req->xcbcmac  = true;
2010 
2011 	return 0;
2012 }
2013 
2014 static int safexcel_cbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,
2015 				 unsigned int len)
2016 {
2017 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
2018 	struct crypto_aes_ctx aes;
2019 	int ret, i;
2020 
2021 	ret = aes_expandkey(&aes, key, len);
2022 	if (ret)
2023 		return ret;
2024 
2025 	memset(&ctx->base.ipad, 0, 2 * AES_BLOCK_SIZE);
2026 	for (i = 0; i < len / sizeof(u32); i++)
2027 		ctx->base.ipad.be[i + 8] = cpu_to_be32(aes.key_enc[i]);
2028 
2029 	if (len == AES_KEYSIZE_192) {
2030 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;
2031 		ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2032 	} else if (len == AES_KEYSIZE_256) {
2033 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;
2034 		ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2035 	} else {
2036 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
2037 		ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2038 	}
2039 	ctx->cbcmac  = true;
2040 
2041 	memzero_explicit(&aes, sizeof(aes));
2042 	return 0;
2043 }
2044 
2045 static int safexcel_cbcmac_digest(struct ahash_request *areq)
2046 {
2047 	return safexcel_cbcmac_init(areq) ?: safexcel_ahash_finup(areq);
2048 }
2049 
2050 struct safexcel_alg_template safexcel_alg_cbcmac = {
2051 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2052 	.algo_mask = 0,
2053 	.alg.ahash = {
2054 		.init = safexcel_cbcmac_init,
2055 		.update = safexcel_ahash_update,
2056 		.final = safexcel_ahash_final,
2057 		.finup = safexcel_ahash_finup,
2058 		.digest = safexcel_cbcmac_digest,
2059 		.setkey = safexcel_cbcmac_setkey,
2060 		.export = safexcel_ahash_export,
2061 		.import = safexcel_ahash_import,
2062 		.halg = {
2063 			.digestsize = AES_BLOCK_SIZE,
2064 			.statesize = sizeof(struct safexcel_ahash_export_state),
2065 			.base = {
2066 				.cra_name = "cbcmac(aes)",
2067 				.cra_driver_name = "safexcel-cbcmac-aes",
2068 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2069 				.cra_flags = CRYPTO_ALG_ASYNC |
2070 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2071 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2072 				.cra_blocksize = 1,
2073 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2074 				.cra_init = safexcel_ahash_cra_init,
2075 				.cra_exit = safexcel_ahash_cra_exit,
2076 				.cra_module = THIS_MODULE,
2077 			},
2078 		},
2079 	},
2080 };
2081 
2082 static int safexcel_xcbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,
2083 				 unsigned int len)
2084 {
2085 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
2086 	u32 key_tmp[3 * AES_BLOCK_SIZE / sizeof(u32)];
2087 	int ret, i;
2088 
2089 	ret = aes_expandkey(ctx->aes, key, len);
2090 	if (ret)
2091 		return ret;
2092 
2093 	/* precompute the XCBC key material */
2094 	aes_encrypt(ctx->aes, (u8 *)key_tmp + 2 * AES_BLOCK_SIZE,
2095 		    "\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1");
2096 	aes_encrypt(ctx->aes, (u8 *)key_tmp,
2097 		    "\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2");
2098 	aes_encrypt(ctx->aes, (u8 *)key_tmp + AES_BLOCK_SIZE,
2099 		    "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3");
2100 	for (i = 0; i < 3 * AES_BLOCK_SIZE / sizeof(u32); i++)
2101 		ctx->base.ipad.word[i] = swab32(key_tmp[i]);
2102 
2103 	ret = aes_expandkey(ctx->aes,
2104 			    (u8 *)key_tmp + 2 * AES_BLOCK_SIZE,
2105 			    AES_MIN_KEY_SIZE);
2106 	if (ret)
2107 		return ret;
2108 
2109 	ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
2110 	ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2111 	ctx->cbcmac = false;
2112 
2113 	return 0;
2114 }
2115 
2116 static int safexcel_xcbcmac_cra_init(struct crypto_tfm *tfm)
2117 {
2118 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2119 
2120 	safexcel_ahash_cra_init(tfm);
2121 	ctx->aes = kmalloc(sizeof(*ctx->aes), GFP_KERNEL);
2122 	return PTR_ERR_OR_ZERO(ctx->aes);
2123 }
2124 
2125 static void safexcel_xcbcmac_cra_exit(struct crypto_tfm *tfm)
2126 {
2127 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2128 
2129 	kfree(ctx->aes);
2130 	safexcel_ahash_cra_exit(tfm);
2131 }
2132 
2133 struct safexcel_alg_template safexcel_alg_xcbcmac = {
2134 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2135 	.algo_mask = 0,
2136 	.alg.ahash = {
2137 		.init = safexcel_cbcmac_init,
2138 		.update = safexcel_ahash_update,
2139 		.final = safexcel_ahash_final,
2140 		.finup = safexcel_ahash_finup,
2141 		.digest = safexcel_cbcmac_digest,
2142 		.setkey = safexcel_xcbcmac_setkey,
2143 		.export = safexcel_ahash_export,
2144 		.import = safexcel_ahash_import,
2145 		.halg = {
2146 			.digestsize = AES_BLOCK_SIZE,
2147 			.statesize = sizeof(struct safexcel_ahash_export_state),
2148 			.base = {
2149 				.cra_name = "xcbc(aes)",
2150 				.cra_driver_name = "safexcel-xcbc-aes",
2151 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2152 				.cra_flags = CRYPTO_ALG_ASYNC |
2153 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2154 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2155 				.cra_blocksize = AES_BLOCK_SIZE,
2156 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2157 				.cra_init = safexcel_xcbcmac_cra_init,
2158 				.cra_exit = safexcel_xcbcmac_cra_exit,
2159 				.cra_module = THIS_MODULE,
2160 			},
2161 		},
2162 	},
2163 };
2164 
2165 static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
2166 				unsigned int len)
2167 {
2168 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
2169 	__be64 consts[4];
2170 	u64 _const[2];
2171 	u8 msb_mask, gfmask;
2172 	int ret, i;
2173 
2174 	/* precompute the CMAC key material */
2175 	ret = aes_expandkey(ctx->aes, key, len);
2176 	if (ret)
2177 		return ret;
2178 
2179 	for (i = 0; i < len / sizeof(u32); i++)
2180 		ctx->base.ipad.word[i + 8] = swab32(ctx->aes->key_enc[i]);
2181 
2182 	/* code below borrowed from crypto/cmac.c */
2183 	/* encrypt the zero block */
2184 	memset(consts, 0, AES_BLOCK_SIZE);
2185 	aes_encrypt(ctx->aes, (u8 *)consts, (u8 *)consts);
2186 
2187 	gfmask = 0x87;
2188 	_const[0] = be64_to_cpu(consts[1]);
2189 	_const[1] = be64_to_cpu(consts[0]);
2190 
2191 	/* gf(2^128) multiply zero-ciphertext with u and u^2 */
2192 	for (i = 0; i < 4; i += 2) {
2193 		msb_mask = ((s64)_const[1] >> 63) & gfmask;
2194 		_const[1] = (_const[1] << 1) | (_const[0] >> 63);
2195 		_const[0] = (_const[0] << 1) ^ msb_mask;
2196 
2197 		consts[i + 0] = cpu_to_be64(_const[1]);
2198 		consts[i + 1] = cpu_to_be64(_const[0]);
2199 	}
2200 	/* end of code borrowed from crypto/cmac.c */
2201 
2202 	for (i = 0; i < 2 * AES_BLOCK_SIZE / sizeof(u32); i++)
2203 		ctx->base.ipad.be[i] = cpu_to_be32(((u32 *)consts)[i]);
2204 
2205 	if (len == AES_KEYSIZE_192) {
2206 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;
2207 		ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2208 	} else if (len == AES_KEYSIZE_256) {
2209 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;
2210 		ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2211 	} else {
2212 		ctx->alg    = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
2213 		ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;
2214 	}
2215 	ctx->cbcmac = false;
2216 
2217 	return 0;
2218 }
2219 
2220 struct safexcel_alg_template safexcel_alg_cmac = {
2221 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2222 	.algo_mask = 0,
2223 	.alg.ahash = {
2224 		.init = safexcel_cbcmac_init,
2225 		.update = safexcel_ahash_update,
2226 		.final = safexcel_ahash_final,
2227 		.finup = safexcel_ahash_finup,
2228 		.digest = safexcel_cbcmac_digest,
2229 		.setkey = safexcel_cmac_setkey,
2230 		.export = safexcel_ahash_export,
2231 		.import = safexcel_ahash_import,
2232 		.halg = {
2233 			.digestsize = AES_BLOCK_SIZE,
2234 			.statesize = sizeof(struct safexcel_ahash_export_state),
2235 			.base = {
2236 				.cra_name = "cmac(aes)",
2237 				.cra_driver_name = "safexcel-cmac-aes",
2238 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2239 				.cra_flags = CRYPTO_ALG_ASYNC |
2240 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2241 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2242 				.cra_blocksize = AES_BLOCK_SIZE,
2243 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2244 				.cra_init = safexcel_xcbcmac_cra_init,
2245 				.cra_exit = safexcel_xcbcmac_cra_exit,
2246 				.cra_module = THIS_MODULE,
2247 			},
2248 		},
2249 	},
2250 };
2251 
2252 static int safexcel_sm3_init(struct ahash_request *areq)
2253 {
2254 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
2255 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2256 
2257 	memset(req, 0, sizeof(*req));
2258 
2259 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
2260 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
2261 	req->state_sz = SM3_DIGEST_SIZE;
2262 	req->digest_sz = SM3_DIGEST_SIZE;
2263 	req->block_sz = SM3_BLOCK_SIZE;
2264 
2265 	return 0;
2266 }
2267 
2268 static int safexcel_sm3_digest(struct ahash_request *areq)
2269 {
2270 	int ret = safexcel_sm3_init(areq);
2271 
2272 	if (ret)
2273 		return ret;
2274 
2275 	return safexcel_ahash_finup(areq);
2276 }
2277 
2278 struct safexcel_alg_template safexcel_alg_sm3 = {
2279 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2280 	.algo_mask = SAFEXCEL_ALG_SM3,
2281 	.alg.ahash = {
2282 		.init = safexcel_sm3_init,
2283 		.update = safexcel_ahash_update,
2284 		.final = safexcel_ahash_final,
2285 		.finup = safexcel_ahash_finup,
2286 		.digest = safexcel_sm3_digest,
2287 		.export = safexcel_ahash_export,
2288 		.import = safexcel_ahash_import,
2289 		.halg = {
2290 			.digestsize = SM3_DIGEST_SIZE,
2291 			.statesize = sizeof(struct safexcel_ahash_export_state),
2292 			.base = {
2293 				.cra_name = "sm3",
2294 				.cra_driver_name = "safexcel-sm3",
2295 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2296 				.cra_flags = CRYPTO_ALG_ASYNC |
2297 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2298 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2299 				.cra_blocksize = SM3_BLOCK_SIZE,
2300 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2301 				.cra_init = safexcel_ahash_cra_init,
2302 				.cra_exit = safexcel_ahash_cra_exit,
2303 				.cra_module = THIS_MODULE,
2304 			},
2305 		},
2306 	},
2307 };
2308 
2309 static int safexcel_hmac_sm3_setkey(struct crypto_ahash *tfm, const u8 *key,
2310 				    unsigned int keylen)
2311 {
2312 	return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sm3",
2313 					SM3_DIGEST_SIZE);
2314 }
2315 
2316 static int safexcel_hmac_sm3_init(struct ahash_request *areq)
2317 {
2318 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
2319 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2320 
2321 	memset(req, 0, sizeof(*req));
2322 
2323 	/* Start from ipad precompute */
2324 	memcpy(req->state, &ctx->base.ipad, SM3_DIGEST_SIZE);
2325 	/* Already processed the key^ipad part now! */
2326 	req->len	= SM3_BLOCK_SIZE;
2327 	req->processed	= SM3_BLOCK_SIZE;
2328 
2329 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
2330 	req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
2331 	req->state_sz = SM3_DIGEST_SIZE;
2332 	req->digest_sz = SM3_DIGEST_SIZE;
2333 	req->block_sz = SM3_BLOCK_SIZE;
2334 	req->hmac = true;
2335 
2336 	return 0;
2337 }
2338 
2339 static int safexcel_hmac_sm3_digest(struct ahash_request *areq)
2340 {
2341 	int ret = safexcel_hmac_sm3_init(areq);
2342 
2343 	if (ret)
2344 		return ret;
2345 
2346 	return safexcel_ahash_finup(areq);
2347 }
2348 
2349 struct safexcel_alg_template safexcel_alg_hmac_sm3 = {
2350 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2351 	.algo_mask = SAFEXCEL_ALG_SM3,
2352 	.alg.ahash = {
2353 		.init = safexcel_hmac_sm3_init,
2354 		.update = safexcel_ahash_update,
2355 		.final = safexcel_ahash_final,
2356 		.finup = safexcel_ahash_finup,
2357 		.digest = safexcel_hmac_sm3_digest,
2358 		.setkey = safexcel_hmac_sm3_setkey,
2359 		.export = safexcel_ahash_export,
2360 		.import = safexcel_ahash_import,
2361 		.halg = {
2362 			.digestsize = SM3_DIGEST_SIZE,
2363 			.statesize = sizeof(struct safexcel_ahash_export_state),
2364 			.base = {
2365 				.cra_name = "hmac(sm3)",
2366 				.cra_driver_name = "safexcel-hmac-sm3",
2367 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2368 				.cra_flags = CRYPTO_ALG_ASYNC |
2369 					     CRYPTO_ALG_ALLOCATES_MEMORY |
2370 					     CRYPTO_ALG_KERN_DRIVER_ONLY,
2371 				.cra_blocksize = SM3_BLOCK_SIZE,
2372 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2373 				.cra_init = safexcel_ahash_cra_init,
2374 				.cra_exit = safexcel_ahash_cra_exit,
2375 				.cra_module = THIS_MODULE,
2376 			},
2377 		},
2378 	},
2379 };
2380 
2381 static int safexcel_sha3_224_init(struct ahash_request *areq)
2382 {
2383 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2384 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2385 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2386 
2387 	memset(req, 0, sizeof(*req));
2388 
2389 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_224;
2390 	req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
2391 	req->state_sz = SHA3_224_DIGEST_SIZE;
2392 	req->digest_sz = SHA3_224_DIGEST_SIZE;
2393 	req->block_sz = SHA3_224_BLOCK_SIZE;
2394 	ctx->do_fallback = false;
2395 	ctx->fb_init_done = false;
2396 	return 0;
2397 }
2398 
2399 static int safexcel_sha3_fbcheck(struct ahash_request *req)
2400 {
2401 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2402 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2403 	struct ahash_request *subreq = ahash_request_ctx(req);
2404 	int ret = 0;
2405 
2406 	if (ctx->do_fallback) {
2407 		ahash_request_set_tfm(subreq, ctx->fback);
2408 		ahash_request_set_callback(subreq, req->base.flags,
2409 					   req->base.complete, req->base.data);
2410 		ahash_request_set_crypt(subreq, req->src, req->result,
2411 					req->nbytes);
2412 		if (!ctx->fb_init_done) {
2413 			if (ctx->fb_do_setkey) {
2414 				/* Set fallback cipher HMAC key */
2415 				u8 key[SHA3_224_BLOCK_SIZE];
2416 
2417 				memcpy(key, &ctx->base.ipad,
2418 				       crypto_ahash_blocksize(ctx->fback) / 2);
2419 				memcpy(key +
2420 				       crypto_ahash_blocksize(ctx->fback) / 2,
2421 				       &ctx->base.opad,
2422 				       crypto_ahash_blocksize(ctx->fback) / 2);
2423 				ret = crypto_ahash_setkey(ctx->fback, key,
2424 					crypto_ahash_blocksize(ctx->fback));
2425 				memzero_explicit(key,
2426 					crypto_ahash_blocksize(ctx->fback));
2427 				ctx->fb_do_setkey = false;
2428 			}
2429 			ret = ret ?: crypto_ahash_init(subreq);
2430 			ctx->fb_init_done = true;
2431 		}
2432 	}
2433 	return ret;
2434 }
2435 
2436 static int safexcel_sha3_update(struct ahash_request *req)
2437 {
2438 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2439 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2440 	struct ahash_request *subreq = ahash_request_ctx(req);
2441 
2442 	ctx->do_fallback = true;
2443 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_update(subreq);
2444 }
2445 
2446 static int safexcel_sha3_final(struct ahash_request *req)
2447 {
2448 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2449 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2450 	struct ahash_request *subreq = ahash_request_ctx(req);
2451 
2452 	ctx->do_fallback = true;
2453 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_final(subreq);
2454 }
2455 
2456 static int safexcel_sha3_finup(struct ahash_request *req)
2457 {
2458 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2459 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2460 	struct ahash_request *subreq = ahash_request_ctx(req);
2461 
2462 	ctx->do_fallback |= !req->nbytes;
2463 	if (ctx->do_fallback)
2464 		/* Update or ex/import happened or len 0, cannot use the HW */
2465 		return safexcel_sha3_fbcheck(req) ?:
2466 		       crypto_ahash_finup(subreq);
2467 	else
2468 		return safexcel_ahash_finup(req);
2469 }
2470 
2471 static int safexcel_sha3_digest_fallback(struct ahash_request *req)
2472 {
2473 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2474 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2475 	struct ahash_request *subreq = ahash_request_ctx(req);
2476 
2477 	ctx->do_fallback = true;
2478 	ctx->fb_init_done = false;
2479 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_finup(subreq);
2480 }
2481 
2482 static int safexcel_sha3_224_digest(struct ahash_request *req)
2483 {
2484 	if (req->nbytes)
2485 		return safexcel_sha3_224_init(req) ?: safexcel_ahash_finup(req);
2486 
2487 	/* HW cannot do zero length hash, use fallback instead */
2488 	return safexcel_sha3_digest_fallback(req);
2489 }
2490 
2491 static int safexcel_sha3_export(struct ahash_request *req, void *out)
2492 {
2493 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2494 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2495 	struct ahash_request *subreq = ahash_request_ctx(req);
2496 
2497 	ctx->do_fallback = true;
2498 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_export(subreq, out);
2499 }
2500 
2501 static int safexcel_sha3_import(struct ahash_request *req, const void *in)
2502 {
2503 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2504 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2505 	struct ahash_request *subreq = ahash_request_ctx(req);
2506 
2507 	ctx->do_fallback = true;
2508 	return safexcel_sha3_fbcheck(req) ?: crypto_ahash_import(subreq, in);
2509 	// return safexcel_ahash_import(req, in);
2510 }
2511 
2512 static int safexcel_sha3_cra_init(struct crypto_tfm *tfm)
2513 {
2514 	struct crypto_ahash *ahash = __crypto_ahash_cast(tfm);
2515 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2516 
2517 	safexcel_ahash_cra_init(tfm);
2518 
2519 	/* Allocate fallback implementation */
2520 	ctx->fback = crypto_alloc_ahash(crypto_tfm_alg_name(tfm), 0,
2521 					CRYPTO_ALG_ASYNC |
2522 					CRYPTO_ALG_NEED_FALLBACK);
2523 	if (IS_ERR(ctx->fback))
2524 		return PTR_ERR(ctx->fback);
2525 
2526 	/* Update statesize from fallback algorithm! */
2527 	crypto_hash_alg_common(ahash)->statesize =
2528 		crypto_ahash_statesize(ctx->fback);
2529 	crypto_ahash_set_reqsize(ahash, max(sizeof(struct safexcel_ahash_req),
2530 					    sizeof(struct ahash_request) +
2531 					    crypto_ahash_reqsize(ctx->fback)));
2532 	return 0;
2533 }
2534 
2535 static void safexcel_sha3_cra_exit(struct crypto_tfm *tfm)
2536 {
2537 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2538 
2539 	crypto_free_ahash(ctx->fback);
2540 	safexcel_ahash_cra_exit(tfm);
2541 }
2542 
2543 struct safexcel_alg_template safexcel_alg_sha3_224 = {
2544 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2545 	.algo_mask = SAFEXCEL_ALG_SHA3,
2546 	.alg.ahash = {
2547 		.init = safexcel_sha3_224_init,
2548 		.update = safexcel_sha3_update,
2549 		.final = safexcel_sha3_final,
2550 		.finup = safexcel_sha3_finup,
2551 		.digest = safexcel_sha3_224_digest,
2552 		.export = safexcel_sha3_export,
2553 		.import = safexcel_sha3_import,
2554 		.halg = {
2555 			.digestsize = SHA3_224_DIGEST_SIZE,
2556 			.statesize = sizeof(struct safexcel_ahash_export_state),
2557 			.base = {
2558 				.cra_name = "sha3-224",
2559 				.cra_driver_name = "safexcel-sha3-224",
2560 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2561 				.cra_flags = CRYPTO_ALG_ASYNC |
2562 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2563 					     CRYPTO_ALG_NEED_FALLBACK,
2564 				.cra_blocksize = SHA3_224_BLOCK_SIZE,
2565 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2566 				.cra_init = safexcel_sha3_cra_init,
2567 				.cra_exit = safexcel_sha3_cra_exit,
2568 				.cra_module = THIS_MODULE,
2569 			},
2570 		},
2571 	},
2572 };
2573 
2574 static int safexcel_sha3_256_init(struct ahash_request *areq)
2575 {
2576 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2577 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2578 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2579 
2580 	memset(req, 0, sizeof(*req));
2581 
2582 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_256;
2583 	req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
2584 	req->state_sz = SHA3_256_DIGEST_SIZE;
2585 	req->digest_sz = SHA3_256_DIGEST_SIZE;
2586 	req->block_sz = SHA3_256_BLOCK_SIZE;
2587 	ctx->do_fallback = false;
2588 	ctx->fb_init_done = false;
2589 	return 0;
2590 }
2591 
2592 static int safexcel_sha3_256_digest(struct ahash_request *req)
2593 {
2594 	if (req->nbytes)
2595 		return safexcel_sha3_256_init(req) ?: safexcel_ahash_finup(req);
2596 
2597 	/* HW cannot do zero length hash, use fallback instead */
2598 	return safexcel_sha3_digest_fallback(req);
2599 }
2600 
2601 struct safexcel_alg_template safexcel_alg_sha3_256 = {
2602 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2603 	.algo_mask = SAFEXCEL_ALG_SHA3,
2604 	.alg.ahash = {
2605 		.init = safexcel_sha3_256_init,
2606 		.update = safexcel_sha3_update,
2607 		.final = safexcel_sha3_final,
2608 		.finup = safexcel_sha3_finup,
2609 		.digest = safexcel_sha3_256_digest,
2610 		.export = safexcel_sha3_export,
2611 		.import = safexcel_sha3_import,
2612 		.halg = {
2613 			.digestsize = SHA3_256_DIGEST_SIZE,
2614 			.statesize = sizeof(struct safexcel_ahash_export_state),
2615 			.base = {
2616 				.cra_name = "sha3-256",
2617 				.cra_driver_name = "safexcel-sha3-256",
2618 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2619 				.cra_flags = CRYPTO_ALG_ASYNC |
2620 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2621 					     CRYPTO_ALG_NEED_FALLBACK,
2622 				.cra_blocksize = SHA3_256_BLOCK_SIZE,
2623 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2624 				.cra_init = safexcel_sha3_cra_init,
2625 				.cra_exit = safexcel_sha3_cra_exit,
2626 				.cra_module = THIS_MODULE,
2627 			},
2628 		},
2629 	},
2630 };
2631 
2632 static int safexcel_sha3_384_init(struct ahash_request *areq)
2633 {
2634 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2635 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2636 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2637 
2638 	memset(req, 0, sizeof(*req));
2639 
2640 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_384;
2641 	req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
2642 	req->state_sz = SHA3_384_DIGEST_SIZE;
2643 	req->digest_sz = SHA3_384_DIGEST_SIZE;
2644 	req->block_sz = SHA3_384_BLOCK_SIZE;
2645 	ctx->do_fallback = false;
2646 	ctx->fb_init_done = false;
2647 	return 0;
2648 }
2649 
2650 static int safexcel_sha3_384_digest(struct ahash_request *req)
2651 {
2652 	if (req->nbytes)
2653 		return safexcel_sha3_384_init(req) ?: safexcel_ahash_finup(req);
2654 
2655 	/* HW cannot do zero length hash, use fallback instead */
2656 	return safexcel_sha3_digest_fallback(req);
2657 }
2658 
2659 struct safexcel_alg_template safexcel_alg_sha3_384 = {
2660 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2661 	.algo_mask = SAFEXCEL_ALG_SHA3,
2662 	.alg.ahash = {
2663 		.init = safexcel_sha3_384_init,
2664 		.update = safexcel_sha3_update,
2665 		.final = safexcel_sha3_final,
2666 		.finup = safexcel_sha3_finup,
2667 		.digest = safexcel_sha3_384_digest,
2668 		.export = safexcel_sha3_export,
2669 		.import = safexcel_sha3_import,
2670 		.halg = {
2671 			.digestsize = SHA3_384_DIGEST_SIZE,
2672 			.statesize = sizeof(struct safexcel_ahash_export_state),
2673 			.base = {
2674 				.cra_name = "sha3-384",
2675 				.cra_driver_name = "safexcel-sha3-384",
2676 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2677 				.cra_flags = CRYPTO_ALG_ASYNC |
2678 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2679 					     CRYPTO_ALG_NEED_FALLBACK,
2680 				.cra_blocksize = SHA3_384_BLOCK_SIZE,
2681 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2682 				.cra_init = safexcel_sha3_cra_init,
2683 				.cra_exit = safexcel_sha3_cra_exit,
2684 				.cra_module = THIS_MODULE,
2685 			},
2686 		},
2687 	},
2688 };
2689 
2690 static int safexcel_sha3_512_init(struct ahash_request *areq)
2691 {
2692 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2693 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2694 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2695 
2696 	memset(req, 0, sizeof(*req));
2697 
2698 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_512;
2699 	req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
2700 	req->state_sz = SHA3_512_DIGEST_SIZE;
2701 	req->digest_sz = SHA3_512_DIGEST_SIZE;
2702 	req->block_sz = SHA3_512_BLOCK_SIZE;
2703 	ctx->do_fallback = false;
2704 	ctx->fb_init_done = false;
2705 	return 0;
2706 }
2707 
2708 static int safexcel_sha3_512_digest(struct ahash_request *req)
2709 {
2710 	if (req->nbytes)
2711 		return safexcel_sha3_512_init(req) ?: safexcel_ahash_finup(req);
2712 
2713 	/* HW cannot do zero length hash, use fallback instead */
2714 	return safexcel_sha3_digest_fallback(req);
2715 }
2716 
2717 struct safexcel_alg_template safexcel_alg_sha3_512 = {
2718 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2719 	.algo_mask = SAFEXCEL_ALG_SHA3,
2720 	.alg.ahash = {
2721 		.init = safexcel_sha3_512_init,
2722 		.update = safexcel_sha3_update,
2723 		.final = safexcel_sha3_final,
2724 		.finup = safexcel_sha3_finup,
2725 		.digest = safexcel_sha3_512_digest,
2726 		.export = safexcel_sha3_export,
2727 		.import = safexcel_sha3_import,
2728 		.halg = {
2729 			.digestsize = SHA3_512_DIGEST_SIZE,
2730 			.statesize = sizeof(struct safexcel_ahash_export_state),
2731 			.base = {
2732 				.cra_name = "sha3-512",
2733 				.cra_driver_name = "safexcel-sha3-512",
2734 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2735 				.cra_flags = CRYPTO_ALG_ASYNC |
2736 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2737 					     CRYPTO_ALG_NEED_FALLBACK,
2738 				.cra_blocksize = SHA3_512_BLOCK_SIZE,
2739 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2740 				.cra_init = safexcel_sha3_cra_init,
2741 				.cra_exit = safexcel_sha3_cra_exit,
2742 				.cra_module = THIS_MODULE,
2743 			},
2744 		},
2745 	},
2746 };
2747 
2748 static int safexcel_hmac_sha3_cra_init(struct crypto_tfm *tfm, const char *alg)
2749 {
2750 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2751 	int ret;
2752 
2753 	ret = safexcel_sha3_cra_init(tfm);
2754 	if (ret)
2755 		return ret;
2756 
2757 	/* Allocate precalc basic digest implementation */
2758 	ctx->shpre = crypto_alloc_shash(alg, 0, CRYPTO_ALG_NEED_FALLBACK);
2759 	if (IS_ERR(ctx->shpre))
2760 		return PTR_ERR(ctx->shpre);
2761 
2762 	ctx->shdesc = kmalloc(sizeof(*ctx->shdesc) +
2763 			      crypto_shash_descsize(ctx->shpre), GFP_KERNEL);
2764 	if (!ctx->shdesc) {
2765 		crypto_free_shash(ctx->shpre);
2766 		return -ENOMEM;
2767 	}
2768 	ctx->shdesc->tfm = ctx->shpre;
2769 	return 0;
2770 }
2771 
2772 static void safexcel_hmac_sha3_cra_exit(struct crypto_tfm *tfm)
2773 {
2774 	struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);
2775 
2776 	crypto_free_ahash(ctx->fback);
2777 	crypto_free_shash(ctx->shpre);
2778 	kfree(ctx->shdesc);
2779 	safexcel_ahash_cra_exit(tfm);
2780 }
2781 
2782 static int safexcel_hmac_sha3_setkey(struct crypto_ahash *tfm, const u8 *key,
2783 				     unsigned int keylen)
2784 {
2785 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2786 	int ret = 0;
2787 
2788 	if (keylen > crypto_ahash_blocksize(tfm)) {
2789 		/*
2790 		 * If the key is larger than the blocksize, then hash it
2791 		 * first using our fallback cipher
2792 		 */
2793 		ret = crypto_shash_digest(ctx->shdesc, key, keylen,
2794 					  ctx->base.ipad.byte);
2795 		keylen = crypto_shash_digestsize(ctx->shpre);
2796 
2797 		/*
2798 		 * If the digest is larger than half the blocksize, we need to
2799 		 * move the rest to opad due to the way our HMAC infra works.
2800 		 */
2801 		if (keylen > crypto_ahash_blocksize(tfm) / 2)
2802 			/* Buffers overlap, need to use memmove iso memcpy! */
2803 			memmove(&ctx->base.opad,
2804 				ctx->base.ipad.byte +
2805 					crypto_ahash_blocksize(tfm) / 2,
2806 				keylen - crypto_ahash_blocksize(tfm) / 2);
2807 	} else {
2808 		/*
2809 		 * Copy the key to our ipad & opad buffers
2810 		 * Note that ipad and opad each contain one half of the key,
2811 		 * to match the existing HMAC driver infrastructure.
2812 		 */
2813 		if (keylen <= crypto_ahash_blocksize(tfm) / 2) {
2814 			memcpy(&ctx->base.ipad, key, keylen);
2815 		} else {
2816 			memcpy(&ctx->base.ipad, key,
2817 			       crypto_ahash_blocksize(tfm) / 2);
2818 			memcpy(&ctx->base.opad,
2819 			       key + crypto_ahash_blocksize(tfm) / 2,
2820 			       keylen - crypto_ahash_blocksize(tfm) / 2);
2821 		}
2822 	}
2823 
2824 	/* Pad key with zeroes */
2825 	if (keylen <= crypto_ahash_blocksize(tfm) / 2) {
2826 		memset(ctx->base.ipad.byte + keylen, 0,
2827 		       crypto_ahash_blocksize(tfm) / 2 - keylen);
2828 		memset(&ctx->base.opad, 0, crypto_ahash_blocksize(tfm) / 2);
2829 	} else {
2830 		memset(ctx->base.opad.byte + keylen -
2831 		       crypto_ahash_blocksize(tfm) / 2, 0,
2832 		       crypto_ahash_blocksize(tfm) - keylen);
2833 	}
2834 
2835 	/* If doing fallback, still need to set the new key! */
2836 	ctx->fb_do_setkey = true;
2837 	return ret;
2838 }
2839 
2840 static int safexcel_hmac_sha3_224_init(struct ahash_request *areq)
2841 {
2842 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2843 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2844 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2845 
2846 	memset(req, 0, sizeof(*req));
2847 
2848 	/* Copy (half of) the key */
2849 	memcpy(req->state, &ctx->base.ipad, SHA3_224_BLOCK_SIZE / 2);
2850 	/* Start of HMAC should have len == processed == blocksize */
2851 	req->len	= SHA3_224_BLOCK_SIZE;
2852 	req->processed	= SHA3_224_BLOCK_SIZE;
2853 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_224;
2854 	req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
2855 	req->state_sz = SHA3_224_BLOCK_SIZE / 2;
2856 	req->digest_sz = SHA3_224_DIGEST_SIZE;
2857 	req->block_sz = SHA3_224_BLOCK_SIZE;
2858 	req->hmac = true;
2859 	ctx->do_fallback = false;
2860 	ctx->fb_init_done = false;
2861 	return 0;
2862 }
2863 
2864 static int safexcel_hmac_sha3_224_digest(struct ahash_request *req)
2865 {
2866 	if (req->nbytes)
2867 		return safexcel_hmac_sha3_224_init(req) ?:
2868 		       safexcel_ahash_finup(req);
2869 
2870 	/* HW cannot do zero length HMAC, use fallback instead */
2871 	return safexcel_sha3_digest_fallback(req);
2872 }
2873 
2874 static int safexcel_hmac_sha3_224_cra_init(struct crypto_tfm *tfm)
2875 {
2876 	return safexcel_hmac_sha3_cra_init(tfm, "sha3-224");
2877 }
2878 
2879 struct safexcel_alg_template safexcel_alg_hmac_sha3_224 = {
2880 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2881 	.algo_mask = SAFEXCEL_ALG_SHA3,
2882 	.alg.ahash = {
2883 		.init = safexcel_hmac_sha3_224_init,
2884 		.update = safexcel_sha3_update,
2885 		.final = safexcel_sha3_final,
2886 		.finup = safexcel_sha3_finup,
2887 		.digest = safexcel_hmac_sha3_224_digest,
2888 		.setkey = safexcel_hmac_sha3_setkey,
2889 		.export = safexcel_sha3_export,
2890 		.import = safexcel_sha3_import,
2891 		.halg = {
2892 			.digestsize = SHA3_224_DIGEST_SIZE,
2893 			.statesize = sizeof(struct safexcel_ahash_export_state),
2894 			.base = {
2895 				.cra_name = "hmac(sha3-224)",
2896 				.cra_driver_name = "safexcel-hmac-sha3-224",
2897 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2898 				.cra_flags = CRYPTO_ALG_ASYNC |
2899 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2900 					     CRYPTO_ALG_NEED_FALLBACK,
2901 				.cra_blocksize = SHA3_224_BLOCK_SIZE,
2902 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2903 				.cra_init = safexcel_hmac_sha3_224_cra_init,
2904 				.cra_exit = safexcel_hmac_sha3_cra_exit,
2905 				.cra_module = THIS_MODULE,
2906 			},
2907 		},
2908 	},
2909 };
2910 
2911 static int safexcel_hmac_sha3_256_init(struct ahash_request *areq)
2912 {
2913 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2914 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2915 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2916 
2917 	memset(req, 0, sizeof(*req));
2918 
2919 	/* Copy (half of) the key */
2920 	memcpy(req->state, &ctx->base.ipad, SHA3_256_BLOCK_SIZE / 2);
2921 	/* Start of HMAC should have len == processed == blocksize */
2922 	req->len	= SHA3_256_BLOCK_SIZE;
2923 	req->processed	= SHA3_256_BLOCK_SIZE;
2924 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_256;
2925 	req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
2926 	req->state_sz = SHA3_256_BLOCK_SIZE / 2;
2927 	req->digest_sz = SHA3_256_DIGEST_SIZE;
2928 	req->block_sz = SHA3_256_BLOCK_SIZE;
2929 	req->hmac = true;
2930 	ctx->do_fallback = false;
2931 	ctx->fb_init_done = false;
2932 	return 0;
2933 }
2934 
2935 static int safexcel_hmac_sha3_256_digest(struct ahash_request *req)
2936 {
2937 	if (req->nbytes)
2938 		return safexcel_hmac_sha3_256_init(req) ?:
2939 		       safexcel_ahash_finup(req);
2940 
2941 	/* HW cannot do zero length HMAC, use fallback instead */
2942 	return safexcel_sha3_digest_fallback(req);
2943 }
2944 
2945 static int safexcel_hmac_sha3_256_cra_init(struct crypto_tfm *tfm)
2946 {
2947 	return safexcel_hmac_sha3_cra_init(tfm, "sha3-256");
2948 }
2949 
2950 struct safexcel_alg_template safexcel_alg_hmac_sha3_256 = {
2951 	.type = SAFEXCEL_ALG_TYPE_AHASH,
2952 	.algo_mask = SAFEXCEL_ALG_SHA3,
2953 	.alg.ahash = {
2954 		.init = safexcel_hmac_sha3_256_init,
2955 		.update = safexcel_sha3_update,
2956 		.final = safexcel_sha3_final,
2957 		.finup = safexcel_sha3_finup,
2958 		.digest = safexcel_hmac_sha3_256_digest,
2959 		.setkey = safexcel_hmac_sha3_setkey,
2960 		.export = safexcel_sha3_export,
2961 		.import = safexcel_sha3_import,
2962 		.halg = {
2963 			.digestsize = SHA3_256_DIGEST_SIZE,
2964 			.statesize = sizeof(struct safexcel_ahash_export_state),
2965 			.base = {
2966 				.cra_name = "hmac(sha3-256)",
2967 				.cra_driver_name = "safexcel-hmac-sha3-256",
2968 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
2969 				.cra_flags = CRYPTO_ALG_ASYNC |
2970 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
2971 					     CRYPTO_ALG_NEED_FALLBACK,
2972 				.cra_blocksize = SHA3_256_BLOCK_SIZE,
2973 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
2974 				.cra_init = safexcel_hmac_sha3_256_cra_init,
2975 				.cra_exit = safexcel_hmac_sha3_cra_exit,
2976 				.cra_module = THIS_MODULE,
2977 			},
2978 		},
2979 	},
2980 };
2981 
2982 static int safexcel_hmac_sha3_384_init(struct ahash_request *areq)
2983 {
2984 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
2985 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
2986 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
2987 
2988 	memset(req, 0, sizeof(*req));
2989 
2990 	/* Copy (half of) the key */
2991 	memcpy(req->state, &ctx->base.ipad, SHA3_384_BLOCK_SIZE / 2);
2992 	/* Start of HMAC should have len == processed == blocksize */
2993 	req->len	= SHA3_384_BLOCK_SIZE;
2994 	req->processed	= SHA3_384_BLOCK_SIZE;
2995 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_384;
2996 	req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
2997 	req->state_sz = SHA3_384_BLOCK_SIZE / 2;
2998 	req->digest_sz = SHA3_384_DIGEST_SIZE;
2999 	req->block_sz = SHA3_384_BLOCK_SIZE;
3000 	req->hmac = true;
3001 	ctx->do_fallback = false;
3002 	ctx->fb_init_done = false;
3003 	return 0;
3004 }
3005 
3006 static int safexcel_hmac_sha3_384_digest(struct ahash_request *req)
3007 {
3008 	if (req->nbytes)
3009 		return safexcel_hmac_sha3_384_init(req) ?:
3010 		       safexcel_ahash_finup(req);
3011 
3012 	/* HW cannot do zero length HMAC, use fallback instead */
3013 	return safexcel_sha3_digest_fallback(req);
3014 }
3015 
3016 static int safexcel_hmac_sha3_384_cra_init(struct crypto_tfm *tfm)
3017 {
3018 	return safexcel_hmac_sha3_cra_init(tfm, "sha3-384");
3019 }
3020 
3021 struct safexcel_alg_template safexcel_alg_hmac_sha3_384 = {
3022 	.type = SAFEXCEL_ALG_TYPE_AHASH,
3023 	.algo_mask = SAFEXCEL_ALG_SHA3,
3024 	.alg.ahash = {
3025 		.init = safexcel_hmac_sha3_384_init,
3026 		.update = safexcel_sha3_update,
3027 		.final = safexcel_sha3_final,
3028 		.finup = safexcel_sha3_finup,
3029 		.digest = safexcel_hmac_sha3_384_digest,
3030 		.setkey = safexcel_hmac_sha3_setkey,
3031 		.export = safexcel_sha3_export,
3032 		.import = safexcel_sha3_import,
3033 		.halg = {
3034 			.digestsize = SHA3_384_DIGEST_SIZE,
3035 			.statesize = sizeof(struct safexcel_ahash_export_state),
3036 			.base = {
3037 				.cra_name = "hmac(sha3-384)",
3038 				.cra_driver_name = "safexcel-hmac-sha3-384",
3039 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
3040 				.cra_flags = CRYPTO_ALG_ASYNC |
3041 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
3042 					     CRYPTO_ALG_NEED_FALLBACK,
3043 				.cra_blocksize = SHA3_384_BLOCK_SIZE,
3044 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
3045 				.cra_init = safexcel_hmac_sha3_384_cra_init,
3046 				.cra_exit = safexcel_hmac_sha3_cra_exit,
3047 				.cra_module = THIS_MODULE,
3048 			},
3049 		},
3050 	},
3051 };
3052 
3053 static int safexcel_hmac_sha3_512_init(struct ahash_request *areq)
3054 {
3055 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
3056 	struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
3057 	struct safexcel_ahash_req *req = ahash_request_ctx(areq);
3058 
3059 	memset(req, 0, sizeof(*req));
3060 
3061 	/* Copy (half of) the key */
3062 	memcpy(req->state, &ctx->base.ipad, SHA3_512_BLOCK_SIZE / 2);
3063 	/* Start of HMAC should have len == processed == blocksize */
3064 	req->len	= SHA3_512_BLOCK_SIZE;
3065 	req->processed	= SHA3_512_BLOCK_SIZE;
3066 	ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_512;
3067 	req->digest = CONTEXT_CONTROL_DIGEST_HMAC;
3068 	req->state_sz = SHA3_512_BLOCK_SIZE / 2;
3069 	req->digest_sz = SHA3_512_DIGEST_SIZE;
3070 	req->block_sz = SHA3_512_BLOCK_SIZE;
3071 	req->hmac = true;
3072 	ctx->do_fallback = false;
3073 	ctx->fb_init_done = false;
3074 	return 0;
3075 }
3076 
3077 static int safexcel_hmac_sha3_512_digest(struct ahash_request *req)
3078 {
3079 	if (req->nbytes)
3080 		return safexcel_hmac_sha3_512_init(req) ?:
3081 		       safexcel_ahash_finup(req);
3082 
3083 	/* HW cannot do zero length HMAC, use fallback instead */
3084 	return safexcel_sha3_digest_fallback(req);
3085 }
3086 
3087 static int safexcel_hmac_sha3_512_cra_init(struct crypto_tfm *tfm)
3088 {
3089 	return safexcel_hmac_sha3_cra_init(tfm, "sha3-512");
3090 }
3091 struct safexcel_alg_template safexcel_alg_hmac_sha3_512 = {
3092 	.type = SAFEXCEL_ALG_TYPE_AHASH,
3093 	.algo_mask = SAFEXCEL_ALG_SHA3,
3094 	.alg.ahash = {
3095 		.init = safexcel_hmac_sha3_512_init,
3096 		.update = safexcel_sha3_update,
3097 		.final = safexcel_sha3_final,
3098 		.finup = safexcel_sha3_finup,
3099 		.digest = safexcel_hmac_sha3_512_digest,
3100 		.setkey = safexcel_hmac_sha3_setkey,
3101 		.export = safexcel_sha3_export,
3102 		.import = safexcel_sha3_import,
3103 		.halg = {
3104 			.digestsize = SHA3_512_DIGEST_SIZE,
3105 			.statesize = sizeof(struct safexcel_ahash_export_state),
3106 			.base = {
3107 				.cra_name = "hmac(sha3-512)",
3108 				.cra_driver_name = "safexcel-hmac-sha3-512",
3109 				.cra_priority = SAFEXCEL_CRA_PRIORITY,
3110 				.cra_flags = CRYPTO_ALG_ASYNC |
3111 					     CRYPTO_ALG_KERN_DRIVER_ONLY |
3112 					     CRYPTO_ALG_NEED_FALLBACK,
3113 				.cra_blocksize = SHA3_512_BLOCK_SIZE,
3114 				.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),
3115 				.cra_init = safexcel_hmac_sha3_512_cra_init,
3116 				.cra_exit = safexcel_hmac_sha3_cra_exit,
3117 				.cra_module = THIS_MODULE,
3118 			},
3119 		},
3120 	},
3121 };
3122