xref: /openbmc/linux/drivers/crypto/sa2ul.c (revision c4f7ac64)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * K3 SA2UL crypto accelerator driver
4  *
5  * Copyright (C) 2018-2020 Texas Instruments Incorporated - http://www.ti.com
6  *
7  * Authors:	Keerthy
8  *		Vitaly Andrianov
9  *		Tero Kristo
10  */
11 #include <linux/clk.h>
12 #include <linux/dma-mapping.h>
13 #include <linux/dmaengine.h>
14 #include <linux/dmapool.h>
15 #include <linux/kernel.h>
16 #include <linux/module.h>
17 #include <linux/of_device.h>
18 #include <linux/platform_device.h>
19 #include <linux/pm_runtime.h>
20 
21 #include <crypto/aes.h>
22 #include <crypto/authenc.h>
23 #include <crypto/des.h>
24 #include <crypto/internal/aead.h>
25 #include <crypto/internal/hash.h>
26 #include <crypto/internal/skcipher.h>
27 #include <crypto/scatterwalk.h>
28 #include <crypto/sha1.h>
29 #include <crypto/sha2.h>
30 
31 #include "sa2ul.h"
32 
33 /* Byte offset for key in encryption security context */
34 #define SC_ENC_KEY_OFFSET (1 + 27 + 4)
35 /* Byte offset for Aux-1 in encryption security context */
36 #define SC_ENC_AUX1_OFFSET (1 + 27 + 4 + 32)
37 
38 #define SA_CMDL_UPD_ENC         0x0001
39 #define SA_CMDL_UPD_AUTH        0x0002
40 #define SA_CMDL_UPD_ENC_IV      0x0004
41 #define SA_CMDL_UPD_AUTH_IV     0x0008
42 #define SA_CMDL_UPD_AUX_KEY     0x0010
43 
44 #define SA_AUTH_SUBKEY_LEN	16
45 #define SA_CMDL_PAYLOAD_LENGTH_MASK	0xFFFF
46 #define SA_CMDL_SOP_BYPASS_LEN_MASK	0xFF000000
47 
48 #define MODE_CONTROL_BYTES	27
49 #define SA_HASH_PROCESSING	0
50 #define SA_CRYPTO_PROCESSING	0
51 #define SA_UPLOAD_HASH_TO_TLR	BIT(6)
52 
53 #define SA_SW0_FLAGS_MASK	0xF0000
54 #define SA_SW0_CMDL_INFO_MASK	0x1F00000
55 #define SA_SW0_CMDL_PRESENT	BIT(4)
56 #define SA_SW0_ENG_ID_MASK	0x3E000000
57 #define SA_SW0_DEST_INFO_PRESENT	BIT(30)
58 #define SA_SW2_EGRESS_LENGTH		0xFF000000
59 #define SA_BASIC_HASH		0x10
60 
61 #define SHA256_DIGEST_WORDS    8
62 /* Make 32-bit word from 4 bytes */
63 #define SA_MK_U32(b0, b1, b2, b3) (((b0) << 24) | ((b1) << 16) | \
64 				   ((b2) << 8) | (b3))
65 
66 /* size of SCCTL structure in bytes */
67 #define SA_SCCTL_SZ 16
68 
69 /* Max Authentication tag size */
70 #define SA_MAX_AUTH_TAG_SZ 64
71 
72 enum sa_algo_id {
73 	SA_ALG_CBC_AES = 0,
74 	SA_ALG_EBC_AES,
75 	SA_ALG_CBC_DES3,
76 	SA_ALG_ECB_DES3,
77 	SA_ALG_SHA1,
78 	SA_ALG_SHA256,
79 	SA_ALG_SHA512,
80 	SA_ALG_AUTHENC_SHA1_AES,
81 	SA_ALG_AUTHENC_SHA256_AES,
82 };
83 
84 struct sa_match_data {
85 	u8 priv;
86 	u8 priv_id;
87 	u32 supported_algos;
88 	bool skip_engine_control;
89 };
90 
91 static struct device *sa_k3_dev;
92 
93 /**
94  * struct sa_cmdl_cfg - Command label configuration descriptor
95  * @aalg: authentication algorithm ID
96  * @enc_eng_id: Encryption Engine ID supported by the SA hardware
97  * @auth_eng_id: Authentication Engine ID
98  * @iv_size: Initialization Vector size
99  * @akey: Authentication key
100  * @akey_len: Authentication key length
101  * @enc: True, if this is an encode request
102  */
103 struct sa_cmdl_cfg {
104 	int aalg;
105 	u8 enc_eng_id;
106 	u8 auth_eng_id;
107 	u8 iv_size;
108 	const u8 *akey;
109 	u16 akey_len;
110 	bool enc;
111 };
112 
113 /**
114  * struct algo_data - Crypto algorithm specific data
115  * @enc_eng: Encryption engine info structure
116  * @auth_eng: Authentication engine info structure
117  * @auth_ctrl: Authentication control word
118  * @hash_size: Size of digest
119  * @iv_idx: iv index in psdata
120  * @iv_out_size: iv out size
121  * @ealg_id: Encryption Algorithm ID
122  * @aalg_id: Authentication algorithm ID
123  * @mci_enc: Mode Control Instruction for Encryption algorithm
124  * @mci_dec: Mode Control Instruction for Decryption
125  * @inv_key: Whether the encryption algorithm demands key inversion
126  * @ctx: Pointer to the algorithm context
127  * @keyed_mac: Whether the authentication algorithm has key
128  * @prep_iopad: Function pointer to generate intermediate ipad/opad
129  */
130 struct algo_data {
131 	struct sa_eng_info enc_eng;
132 	struct sa_eng_info auth_eng;
133 	u8 auth_ctrl;
134 	u8 hash_size;
135 	u8 iv_idx;
136 	u8 iv_out_size;
137 	u8 ealg_id;
138 	u8 aalg_id;
139 	u8 *mci_enc;
140 	u8 *mci_dec;
141 	bool inv_key;
142 	struct sa_tfm_ctx *ctx;
143 	bool keyed_mac;
144 	void (*prep_iopad)(struct algo_data *algo, const u8 *key,
145 			   u16 key_sz, __be32 *ipad, __be32 *opad);
146 };
147 
148 /**
149  * struct sa_alg_tmpl: A generic template encompassing crypto/aead algorithms
150  * @type: Type of the crypto algorithm.
151  * @alg: Union of crypto algorithm definitions.
152  * @registered: Flag indicating if the crypto algorithm is already registered
153  */
154 struct sa_alg_tmpl {
155 	u32 type;		/* CRYPTO_ALG_TYPE from <linux/crypto.h> */
156 	union {
157 		struct skcipher_alg skcipher;
158 		struct ahash_alg ahash;
159 		struct aead_alg aead;
160 	} alg;
161 	bool registered;
162 };
163 
164 /**
165  * struct sa_mapped_sg: scatterlist information for tx and rx
166  * @mapped: Set to true if the @sgt is mapped
167  * @dir: mapping direction used for @sgt
168  * @split_sg: Set if the sg is split and needs to be freed up
169  * @static_sg: Static scatterlist entry for overriding data
170  * @sgt: scatterlist table for DMA API use
171  */
172 struct sa_mapped_sg {
173 	bool mapped;
174 	enum dma_data_direction dir;
175 	struct scatterlist static_sg;
176 	struct scatterlist *split_sg;
177 	struct sg_table sgt;
178 };
179 /**
180  * struct sa_rx_data: RX Packet miscellaneous data place holder
181  * @req: crypto request data pointer
182  * @ddev: pointer to the DMA device
183  * @tx_in: dma_async_tx_descriptor pointer for rx channel
184  * @mapped_sg: Information on tx (0) and rx (1) scatterlist DMA mapping
185  * @enc: Flag indicating either encryption or decryption
186  * @enc_iv_size: Initialisation vector size
187  * @iv_idx: Initialisation vector index
188  */
189 struct sa_rx_data {
190 	void *req;
191 	struct device *ddev;
192 	struct dma_async_tx_descriptor *tx_in;
193 	struct sa_mapped_sg mapped_sg[2];
194 	u8 enc;
195 	u8 enc_iv_size;
196 	u8 iv_idx;
197 };
198 
199 /**
200  * struct sa_req: SA request definition
201  * @dev: device for the request
202  * @size: total data to the xmitted via DMA
203  * @enc_offset: offset of cipher data
204  * @enc_size: data to be passed to cipher engine
205  * @enc_iv: cipher IV
206  * @auth_offset: offset of the authentication data
207  * @auth_size: size of the authentication data
208  * @auth_iv: authentication IV
209  * @type: algorithm type for the request
210  * @cmdl: command label pointer
211  * @base: pointer to the base request
212  * @ctx: pointer to the algorithm context data
213  * @enc: true if this is an encode request
214  * @src: source data
215  * @dst: destination data
216  * @callback: DMA callback for the request
217  * @mdata_size: metadata size passed to DMA
218  */
219 struct sa_req {
220 	struct device *dev;
221 	u16 size;
222 	u8 enc_offset;
223 	u16 enc_size;
224 	u8 *enc_iv;
225 	u8 auth_offset;
226 	u16 auth_size;
227 	u8 *auth_iv;
228 	u32 type;
229 	u32 *cmdl;
230 	struct crypto_async_request *base;
231 	struct sa_tfm_ctx *ctx;
232 	bool enc;
233 	struct scatterlist *src;
234 	struct scatterlist *dst;
235 	dma_async_tx_callback callback;
236 	u16 mdata_size;
237 };
238 
239 /*
240  * Mode Control Instructions for various Key lengths 128, 192, 256
241  * For CBC (Cipher Block Chaining) mode for encryption
242  */
243 static u8 mci_cbc_enc_array[3][MODE_CONTROL_BYTES] = {
244 	{	0x61, 0x00, 0x00, 0x18, 0x88, 0x0a, 0xaa, 0x4b, 0x7e, 0x00,
245 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
246 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
247 	{	0x61, 0x00, 0x00, 0x18, 0x88, 0x4a, 0xaa, 0x4b, 0x7e, 0x00,
248 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
250 	{	0x61, 0x00, 0x00, 0x18, 0x88, 0x8a, 0xaa, 0x4b, 0x7e, 0x00,
251 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
252 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
253 };
254 
255 /*
256  * Mode Control Instructions for various Key lengths 128, 192, 256
257  * For CBC (Cipher Block Chaining) mode for decryption
258  */
259 static u8 mci_cbc_dec_array[3][MODE_CONTROL_BYTES] = {
260 	{	0x71, 0x00, 0x00, 0x80, 0x8a, 0xca, 0x98, 0xf4, 0x40, 0xc0,
261 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
262 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
263 	{	0x71, 0x00, 0x00, 0x84, 0x8a, 0xca, 0x98, 0xf4, 0x40, 0xc0,
264 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
265 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
266 	{	0x71, 0x00, 0x00, 0x88, 0x8a, 0xca, 0x98, 0xf4, 0x40, 0xc0,
267 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
268 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
269 };
270 
271 /*
272  * Mode Control Instructions for various Key lengths 128, 192, 256
273  * For CBC (Cipher Block Chaining) mode for encryption
274  */
275 static u8 mci_cbc_enc_no_iv_array[3][MODE_CONTROL_BYTES] = {
276 	{	0x21, 0x00, 0x00, 0x18, 0x88, 0x0a, 0xaa, 0x4b, 0x7e, 0x00,
277 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
278 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
279 	{	0x21, 0x00, 0x00, 0x18, 0x88, 0x4a, 0xaa, 0x4b, 0x7e, 0x00,
280 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
281 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
282 	{	0x21, 0x00, 0x00, 0x18, 0x88, 0x8a, 0xaa, 0x4b, 0x7e, 0x00,
283 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
284 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
285 };
286 
287 /*
288  * Mode Control Instructions for various Key lengths 128, 192, 256
289  * For CBC (Cipher Block Chaining) mode for decryption
290  */
291 static u8 mci_cbc_dec_no_iv_array[3][MODE_CONTROL_BYTES] = {
292 	{	0x31, 0x00, 0x00, 0x80, 0x8a, 0xca, 0x98, 0xf4, 0x40, 0xc0,
293 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
294 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
295 	{	0x31, 0x00, 0x00, 0x84, 0x8a, 0xca, 0x98, 0xf4, 0x40, 0xc0,
296 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
297 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
298 	{	0x31, 0x00, 0x00, 0x88, 0x8a, 0xca, 0x98, 0xf4, 0x40, 0xc0,
299 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
300 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
301 };
302 
303 /*
304  * Mode Control Instructions for various Key lengths 128, 192, 256
305  * For ECB (Electronic Code Book) mode for encryption
306  */
307 static u8 mci_ecb_enc_array[3][27] = {
308 	{	0x21, 0x00, 0x00, 0x80, 0x8a, 0x04, 0xb7, 0x90, 0x00, 0x00,
309 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
310 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
311 	{	0x21, 0x00, 0x00, 0x84, 0x8a, 0x04, 0xb7, 0x90, 0x00, 0x00,
312 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
313 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
314 	{	0x21, 0x00, 0x00, 0x88, 0x8a, 0x04, 0xb7, 0x90, 0x00, 0x00,
315 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
316 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
317 };
318 
319 /*
320  * Mode Control Instructions for various Key lengths 128, 192, 256
321  * For ECB (Electronic Code Book) mode for decryption
322  */
323 static u8 mci_ecb_dec_array[3][27] = {
324 	{	0x31, 0x00, 0x00, 0x80, 0x8a, 0x04, 0xb7, 0x90, 0x00, 0x00,
325 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
326 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
327 	{	0x31, 0x00, 0x00, 0x84, 0x8a, 0x04, 0xb7, 0x90, 0x00, 0x00,
328 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
329 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
330 	{	0x31, 0x00, 0x00, 0x88, 0x8a, 0x04, 0xb7, 0x90, 0x00, 0x00,
331 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
332 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00	},
333 };
334 
335 /*
336  * Mode Control Instructions for DES algorithm
337  * For CBC (Cipher Block Chaining) mode and ECB mode
338  * encryption and for decryption respectively
339  */
340 static u8 mci_cbc_3des_enc_array[MODE_CONTROL_BYTES] = {
341 	0x60, 0x00, 0x00, 0x18, 0x88, 0x52, 0xaa, 0x4b, 0x7e, 0x00, 0x00, 0x00,
342 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
343 	0x00, 0x00, 0x00,
344 };
345 
346 static u8 mci_cbc_3des_dec_array[MODE_CONTROL_BYTES] = {
347 	0x70, 0x00, 0x00, 0x85, 0x0a, 0xca, 0x98, 0xf4, 0x40, 0xc0, 0x00, 0x00,
348 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
349 	0x00, 0x00, 0x00,
350 };
351 
352 static u8 mci_ecb_3des_enc_array[MODE_CONTROL_BYTES] = {
353 	0x20, 0x00, 0x00, 0x85, 0x0a, 0x04, 0xb7, 0x90, 0x00, 0x00, 0x00, 0x00,
354 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
355 	0x00, 0x00, 0x00,
356 };
357 
358 static u8 mci_ecb_3des_dec_array[MODE_CONTROL_BYTES] = {
359 	0x30, 0x00, 0x00, 0x85, 0x0a, 0x04, 0xb7, 0x90, 0x00, 0x00, 0x00, 0x00,
360 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
361 	0x00, 0x00, 0x00,
362 };
363 
364 /*
365  * Perform 16 byte or 128 bit swizzling
366  * The SA2UL Expects the security context to
367  * be in little Endian and the bus width is 128 bits or 16 bytes
368  * Hence swap 16 bytes at a time from higher to lower address
369  */
370 static void sa_swiz_128(u8 *in, u16 len)
371 {
372 	u8 data[16];
373 	int i, j;
374 
375 	for (i = 0; i < len; i += 16) {
376 		memcpy(data, &in[i], 16);
377 		for (j = 0; j < 16; j++)
378 			in[i + j] = data[15 - j];
379 	}
380 }
381 
382 /* Prepare the ipad and opad from key as per SHA algorithm step 1*/
383 static void prepare_kipad(u8 *k_ipad, const u8 *key, u16 key_sz)
384 {
385 	int i;
386 
387 	for (i = 0; i < key_sz; i++)
388 		k_ipad[i] = key[i] ^ 0x36;
389 
390 	/* Instead of XOR with 0 */
391 	for (; i < SHA1_BLOCK_SIZE; i++)
392 		k_ipad[i] = 0x36;
393 }
394 
395 static void prepare_kopad(u8 *k_opad, const u8 *key, u16 key_sz)
396 {
397 	int i;
398 
399 	for (i = 0; i < key_sz; i++)
400 		k_opad[i] = key[i] ^ 0x5c;
401 
402 	/* Instead of XOR with 0 */
403 	for (; i < SHA1_BLOCK_SIZE; i++)
404 		k_opad[i] = 0x5c;
405 }
406 
407 static void sa_export_shash(void *state, struct shash_desc *hash,
408 			    int digest_size, __be32 *out)
409 {
410 	struct sha1_state *sha1;
411 	struct sha256_state *sha256;
412 	u32 *result;
413 
414 	switch (digest_size) {
415 	case SHA1_DIGEST_SIZE:
416 		sha1 = state;
417 		result = sha1->state;
418 		break;
419 	case SHA256_DIGEST_SIZE:
420 		sha256 = state;
421 		result = sha256->state;
422 		break;
423 	default:
424 		dev_err(sa_k3_dev, "%s: bad digest_size=%d\n", __func__,
425 			digest_size);
426 		return;
427 	}
428 
429 	crypto_shash_export(hash, state);
430 
431 	cpu_to_be32_array(out, result, digest_size / 4);
432 }
433 
434 static void sa_prepare_iopads(struct algo_data *data, const u8 *key,
435 			      u16 key_sz, __be32 *ipad, __be32 *opad)
436 {
437 	SHASH_DESC_ON_STACK(shash, data->ctx->shash);
438 	int block_size = crypto_shash_blocksize(data->ctx->shash);
439 	int digest_size = crypto_shash_digestsize(data->ctx->shash);
440 	union {
441 		struct sha1_state sha1;
442 		struct sha256_state sha256;
443 		u8 k_pad[SHA1_BLOCK_SIZE];
444 	} sha;
445 
446 	shash->tfm = data->ctx->shash;
447 
448 	prepare_kipad(sha.k_pad, key, key_sz);
449 
450 	crypto_shash_init(shash);
451 	crypto_shash_update(shash, sha.k_pad, block_size);
452 	sa_export_shash(&sha, shash, digest_size, ipad);
453 
454 	prepare_kopad(sha.k_pad, key, key_sz);
455 
456 	crypto_shash_init(shash);
457 	crypto_shash_update(shash, sha.k_pad, block_size);
458 
459 	sa_export_shash(&sha, shash, digest_size, opad);
460 
461 	memzero_explicit(&sha, sizeof(sha));
462 }
463 
464 /* Derive the inverse key used in AES-CBC decryption operation */
465 static inline int sa_aes_inv_key(u8 *inv_key, const u8 *key, u16 key_sz)
466 {
467 	struct crypto_aes_ctx ctx;
468 	int key_pos;
469 
470 	if (aes_expandkey(&ctx, key, key_sz)) {
471 		dev_err(sa_k3_dev, "%s: bad key len(%d)\n", __func__, key_sz);
472 		return -EINVAL;
473 	}
474 
475 	/* work around to get the right inverse for AES_KEYSIZE_192 size keys */
476 	if (key_sz == AES_KEYSIZE_192) {
477 		ctx.key_enc[52] = ctx.key_enc[51] ^ ctx.key_enc[46];
478 		ctx.key_enc[53] = ctx.key_enc[52] ^ ctx.key_enc[47];
479 	}
480 
481 	/* Based crypto_aes_expand_key logic */
482 	switch (key_sz) {
483 	case AES_KEYSIZE_128:
484 	case AES_KEYSIZE_192:
485 		key_pos = key_sz + 24;
486 		break;
487 
488 	case AES_KEYSIZE_256:
489 		key_pos = key_sz + 24 - 4;
490 		break;
491 
492 	default:
493 		dev_err(sa_k3_dev, "%s: bad key len(%d)\n", __func__, key_sz);
494 		return -EINVAL;
495 	}
496 
497 	memcpy(inv_key, &ctx.key_enc[key_pos], key_sz);
498 	return 0;
499 }
500 
501 /* Set Security context for the encryption engine */
502 static int sa_set_sc_enc(struct algo_data *ad, const u8 *key, u16 key_sz,
503 			 u8 enc, u8 *sc_buf)
504 {
505 	const u8 *mci = NULL;
506 
507 	/* Set Encryption mode selector to crypto processing */
508 	sc_buf[0] = SA_CRYPTO_PROCESSING;
509 
510 	if (enc)
511 		mci = ad->mci_enc;
512 	else
513 		mci = ad->mci_dec;
514 	/* Set the mode control instructions in security context */
515 	if (mci)
516 		memcpy(&sc_buf[1], mci, MODE_CONTROL_BYTES);
517 
518 	/* For AES-CBC decryption get the inverse key */
519 	if (ad->inv_key && !enc) {
520 		if (sa_aes_inv_key(&sc_buf[SC_ENC_KEY_OFFSET], key, key_sz))
521 			return -EINVAL;
522 	/* For all other cases: key is used */
523 	} else {
524 		memcpy(&sc_buf[SC_ENC_KEY_OFFSET], key, key_sz);
525 	}
526 
527 	return 0;
528 }
529 
530 /* Set Security context for the authentication engine */
531 static void sa_set_sc_auth(struct algo_data *ad, const u8 *key, u16 key_sz,
532 			   u8 *sc_buf)
533 {
534 	__be32 *ipad = (void *)(sc_buf + 32);
535 	__be32 *opad = (void *)(sc_buf + 64);
536 
537 	/* Set Authentication mode selector to hash processing */
538 	sc_buf[0] = SA_HASH_PROCESSING;
539 	/* Auth SW ctrl word: bit[6]=1 (upload computed hash to TLR section) */
540 	sc_buf[1] = SA_UPLOAD_HASH_TO_TLR;
541 	sc_buf[1] |= ad->auth_ctrl;
542 
543 	/* Copy the keys or ipad/opad */
544 	if (ad->keyed_mac)
545 		ad->prep_iopad(ad, key, key_sz, ipad, opad);
546 	else {
547 		/* basic hash */
548 		sc_buf[1] |= SA_BASIC_HASH;
549 	}
550 }
551 
552 static inline void sa_copy_iv(__be32 *out, const u8 *iv, bool size16)
553 {
554 	int j;
555 
556 	for (j = 0; j < ((size16) ? 4 : 2); j++) {
557 		*out = cpu_to_be32(*((u32 *)iv));
558 		iv += 4;
559 		out++;
560 	}
561 }
562 
563 /* Format general command label */
564 static int sa_format_cmdl_gen(struct sa_cmdl_cfg *cfg, u8 *cmdl,
565 			      struct sa_cmdl_upd_info *upd_info)
566 {
567 	u8 enc_offset = 0, auth_offset = 0, total = 0;
568 	u8 enc_next_eng = SA_ENG_ID_OUTPORT2;
569 	u8 auth_next_eng = SA_ENG_ID_OUTPORT2;
570 	u32 *word_ptr = (u32 *)cmdl;
571 	int i;
572 
573 	/* Clear the command label */
574 	memzero_explicit(cmdl, (SA_MAX_CMDL_WORDS * sizeof(u32)));
575 
576 	/* Iniialize the command update structure */
577 	memzero_explicit(upd_info, sizeof(*upd_info));
578 
579 	if (cfg->enc_eng_id && cfg->auth_eng_id) {
580 		if (cfg->enc) {
581 			auth_offset = SA_CMDL_HEADER_SIZE_BYTES;
582 			enc_next_eng = cfg->auth_eng_id;
583 
584 			if (cfg->iv_size)
585 				auth_offset += cfg->iv_size;
586 		} else {
587 			enc_offset = SA_CMDL_HEADER_SIZE_BYTES;
588 			auth_next_eng = cfg->enc_eng_id;
589 		}
590 	}
591 
592 	if (cfg->enc_eng_id) {
593 		upd_info->flags |= SA_CMDL_UPD_ENC;
594 		upd_info->enc_size.index = enc_offset >> 2;
595 		upd_info->enc_offset.index = upd_info->enc_size.index + 1;
596 		/* Encryption command label */
597 		cmdl[enc_offset + SA_CMDL_OFFSET_NESC] = enc_next_eng;
598 
599 		/* Encryption modes requiring IV */
600 		if (cfg->iv_size) {
601 			upd_info->flags |= SA_CMDL_UPD_ENC_IV;
602 			upd_info->enc_iv.index =
603 				(enc_offset + SA_CMDL_HEADER_SIZE_BYTES) >> 2;
604 			upd_info->enc_iv.size = cfg->iv_size;
605 
606 			cmdl[enc_offset + SA_CMDL_OFFSET_LABEL_LEN] =
607 				SA_CMDL_HEADER_SIZE_BYTES + cfg->iv_size;
608 
609 			cmdl[enc_offset + SA_CMDL_OFFSET_OPTION_CTRL1] =
610 				(SA_CTX_ENC_AUX2_OFFSET | (cfg->iv_size >> 3));
611 			total += SA_CMDL_HEADER_SIZE_BYTES + cfg->iv_size;
612 		} else {
613 			cmdl[enc_offset + SA_CMDL_OFFSET_LABEL_LEN] =
614 						SA_CMDL_HEADER_SIZE_BYTES;
615 			total += SA_CMDL_HEADER_SIZE_BYTES;
616 		}
617 	}
618 
619 	if (cfg->auth_eng_id) {
620 		upd_info->flags |= SA_CMDL_UPD_AUTH;
621 		upd_info->auth_size.index = auth_offset >> 2;
622 		upd_info->auth_offset.index = upd_info->auth_size.index + 1;
623 		cmdl[auth_offset + SA_CMDL_OFFSET_NESC] = auth_next_eng;
624 		cmdl[auth_offset + SA_CMDL_OFFSET_LABEL_LEN] =
625 			SA_CMDL_HEADER_SIZE_BYTES;
626 		total += SA_CMDL_HEADER_SIZE_BYTES;
627 	}
628 
629 	total = roundup(total, 8);
630 
631 	for (i = 0; i < total / 4; i++)
632 		word_ptr[i] = swab32(word_ptr[i]);
633 
634 	return total;
635 }
636 
637 /* Update Command label */
638 static inline void sa_update_cmdl(struct sa_req *req, u32 *cmdl,
639 				  struct sa_cmdl_upd_info *upd_info)
640 {
641 	int i = 0, j;
642 
643 	if (likely(upd_info->flags & SA_CMDL_UPD_ENC)) {
644 		cmdl[upd_info->enc_size.index] &= ~SA_CMDL_PAYLOAD_LENGTH_MASK;
645 		cmdl[upd_info->enc_size.index] |= req->enc_size;
646 		cmdl[upd_info->enc_offset.index] &=
647 						~SA_CMDL_SOP_BYPASS_LEN_MASK;
648 		cmdl[upd_info->enc_offset.index] |=
649 			((u32)req->enc_offset <<
650 			 __ffs(SA_CMDL_SOP_BYPASS_LEN_MASK));
651 
652 		if (likely(upd_info->flags & SA_CMDL_UPD_ENC_IV)) {
653 			__be32 *data = (__be32 *)&cmdl[upd_info->enc_iv.index];
654 			u32 *enc_iv = (u32 *)req->enc_iv;
655 
656 			for (j = 0; i < upd_info->enc_iv.size; i += 4, j++) {
657 				data[j] = cpu_to_be32(*enc_iv);
658 				enc_iv++;
659 			}
660 		}
661 	}
662 
663 	if (likely(upd_info->flags & SA_CMDL_UPD_AUTH)) {
664 		cmdl[upd_info->auth_size.index] &= ~SA_CMDL_PAYLOAD_LENGTH_MASK;
665 		cmdl[upd_info->auth_size.index] |= req->auth_size;
666 		cmdl[upd_info->auth_offset.index] &=
667 			~SA_CMDL_SOP_BYPASS_LEN_MASK;
668 		cmdl[upd_info->auth_offset.index] |=
669 			((u32)req->auth_offset <<
670 			 __ffs(SA_CMDL_SOP_BYPASS_LEN_MASK));
671 		if (upd_info->flags & SA_CMDL_UPD_AUTH_IV) {
672 			sa_copy_iv((void *)&cmdl[upd_info->auth_iv.index],
673 				   req->auth_iv,
674 				   (upd_info->auth_iv.size > 8));
675 		}
676 		if (upd_info->flags & SA_CMDL_UPD_AUX_KEY) {
677 			int offset = (req->auth_size & 0xF) ? 4 : 0;
678 
679 			memcpy(&cmdl[upd_info->aux_key_info.index],
680 			       &upd_info->aux_key[offset], 16);
681 		}
682 	}
683 }
684 
685 /* Format SWINFO words to be sent to SA */
686 static
687 void sa_set_swinfo(u8 eng_id, u16 sc_id, dma_addr_t sc_phys,
688 		   u8 cmdl_present, u8 cmdl_offset, u8 flags,
689 		   u8 hash_size, u32 *swinfo)
690 {
691 	swinfo[0] = sc_id;
692 	swinfo[0] |= (flags << __ffs(SA_SW0_FLAGS_MASK));
693 	if (likely(cmdl_present))
694 		swinfo[0] |= ((cmdl_offset | SA_SW0_CMDL_PRESENT) <<
695 						__ffs(SA_SW0_CMDL_INFO_MASK));
696 	swinfo[0] |= (eng_id << __ffs(SA_SW0_ENG_ID_MASK));
697 
698 	swinfo[0] |= SA_SW0_DEST_INFO_PRESENT;
699 	swinfo[1] = (u32)(sc_phys & 0xFFFFFFFFULL);
700 	swinfo[2] = (u32)((sc_phys & 0xFFFFFFFF00000000ULL) >> 32);
701 	swinfo[2] |= (hash_size << __ffs(SA_SW2_EGRESS_LENGTH));
702 }
703 
704 /* Dump the security context */
705 static void sa_dump_sc(u8 *buf, dma_addr_t dma_addr)
706 {
707 #ifdef DEBUG
708 	dev_info(sa_k3_dev, "Security context dump:: 0x%pad\n", &dma_addr);
709 	print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
710 		       16, 1, buf, SA_CTX_MAX_SZ, false);
711 #endif
712 }
713 
714 static
715 int sa_init_sc(struct sa_ctx_info *ctx, const struct sa_match_data *match_data,
716 	       const u8 *enc_key, u16 enc_key_sz,
717 	       const u8 *auth_key, u16 auth_key_sz,
718 	       struct algo_data *ad, u8 enc, u32 *swinfo)
719 {
720 	int enc_sc_offset = 0;
721 	int auth_sc_offset = 0;
722 	u8 *sc_buf = ctx->sc;
723 	u16 sc_id = ctx->sc_id;
724 	u8 first_engine = 0;
725 
726 	memzero_explicit(sc_buf, SA_CTX_MAX_SZ);
727 
728 	if (ad->auth_eng.eng_id) {
729 		if (enc)
730 			first_engine = ad->enc_eng.eng_id;
731 		else
732 			first_engine = ad->auth_eng.eng_id;
733 
734 		enc_sc_offset = SA_CTX_PHP_PE_CTX_SZ;
735 		auth_sc_offset = enc_sc_offset + ad->enc_eng.sc_size;
736 		sc_buf[1] = SA_SCCTL_FE_AUTH_ENC;
737 		if (!ad->hash_size)
738 			return -EINVAL;
739 		ad->hash_size = roundup(ad->hash_size, 8);
740 
741 	} else if (ad->enc_eng.eng_id && !ad->auth_eng.eng_id) {
742 		enc_sc_offset = SA_CTX_PHP_PE_CTX_SZ;
743 		first_engine = ad->enc_eng.eng_id;
744 		sc_buf[1] = SA_SCCTL_FE_ENC;
745 		ad->hash_size = ad->iv_out_size;
746 	}
747 
748 	/* SCCTL Owner info: 0=host, 1=CP_ACE */
749 	sc_buf[SA_CTX_SCCTL_OWNER_OFFSET] = 0;
750 	memcpy(&sc_buf[2], &sc_id, 2);
751 	sc_buf[4] = 0x0;
752 	sc_buf[5] = match_data->priv_id;
753 	sc_buf[6] = match_data->priv;
754 	sc_buf[7] = 0x0;
755 
756 	/* Prepare context for encryption engine */
757 	if (ad->enc_eng.sc_size) {
758 		if (sa_set_sc_enc(ad, enc_key, enc_key_sz, enc,
759 				  &sc_buf[enc_sc_offset]))
760 			return -EINVAL;
761 	}
762 
763 	/* Prepare context for authentication engine */
764 	if (ad->auth_eng.sc_size)
765 		sa_set_sc_auth(ad, auth_key, auth_key_sz,
766 			       &sc_buf[auth_sc_offset]);
767 
768 	/* Set the ownership of context to CP_ACE */
769 	sc_buf[SA_CTX_SCCTL_OWNER_OFFSET] = 0x80;
770 
771 	/* swizzle the security context */
772 	sa_swiz_128(sc_buf, SA_CTX_MAX_SZ);
773 
774 	sa_set_swinfo(first_engine, ctx->sc_id, ctx->sc_phys, 1, 0,
775 		      SA_SW_INFO_FLAG_EVICT, ad->hash_size, swinfo);
776 
777 	sa_dump_sc(sc_buf, ctx->sc_phys);
778 
779 	return 0;
780 }
781 
782 /* Free the per direction context memory */
783 static void sa_free_ctx_info(struct sa_ctx_info *ctx,
784 			     struct sa_crypto_data *data)
785 {
786 	unsigned long bn;
787 
788 	bn = ctx->sc_id - data->sc_id_start;
789 	spin_lock(&data->scid_lock);
790 	__clear_bit(bn, data->ctx_bm);
791 	data->sc_id--;
792 	spin_unlock(&data->scid_lock);
793 
794 	if (ctx->sc) {
795 		dma_pool_free(data->sc_pool, ctx->sc, ctx->sc_phys);
796 		ctx->sc = NULL;
797 	}
798 }
799 
800 static int sa_init_ctx_info(struct sa_ctx_info *ctx,
801 			    struct sa_crypto_data *data)
802 {
803 	unsigned long bn;
804 	int err;
805 
806 	spin_lock(&data->scid_lock);
807 	bn = find_first_zero_bit(data->ctx_bm, SA_MAX_NUM_CTX);
808 	__set_bit(bn, data->ctx_bm);
809 	data->sc_id++;
810 	spin_unlock(&data->scid_lock);
811 
812 	ctx->sc_id = (u16)(data->sc_id_start + bn);
813 
814 	ctx->sc = dma_pool_alloc(data->sc_pool, GFP_KERNEL, &ctx->sc_phys);
815 	if (!ctx->sc) {
816 		dev_err(&data->pdev->dev, "Failed to allocate SC memory\n");
817 		err = -ENOMEM;
818 		goto scid_rollback;
819 	}
820 
821 	return 0;
822 
823 scid_rollback:
824 	spin_lock(&data->scid_lock);
825 	__clear_bit(bn, data->ctx_bm);
826 	data->sc_id--;
827 	spin_unlock(&data->scid_lock);
828 
829 	return err;
830 }
831 
832 static void sa_cipher_cra_exit(struct crypto_skcipher *tfm)
833 {
834 	struct sa_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
835 	struct sa_crypto_data *data = dev_get_drvdata(sa_k3_dev);
836 
837 	dev_dbg(sa_k3_dev, "%s(0x%p) sc-ids(0x%x(0x%pad), 0x%x(0x%pad))\n",
838 		__func__, tfm, ctx->enc.sc_id, &ctx->enc.sc_phys,
839 		ctx->dec.sc_id, &ctx->dec.sc_phys);
840 
841 	sa_free_ctx_info(&ctx->enc, data);
842 	sa_free_ctx_info(&ctx->dec, data);
843 
844 	crypto_free_skcipher(ctx->fallback.skcipher);
845 }
846 
847 static int sa_cipher_cra_init(struct crypto_skcipher *tfm)
848 {
849 	struct sa_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
850 	struct sa_crypto_data *data = dev_get_drvdata(sa_k3_dev);
851 	const char *name = crypto_tfm_alg_name(&tfm->base);
852 	struct crypto_skcipher *child;
853 	int ret;
854 
855 	memzero_explicit(ctx, sizeof(*ctx));
856 	ctx->dev_data = data;
857 
858 	ret = sa_init_ctx_info(&ctx->enc, data);
859 	if (ret)
860 		return ret;
861 	ret = sa_init_ctx_info(&ctx->dec, data);
862 	if (ret) {
863 		sa_free_ctx_info(&ctx->enc, data);
864 		return ret;
865 	}
866 
867 	child = crypto_alloc_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK);
868 
869 	if (IS_ERR(child)) {
870 		dev_err(sa_k3_dev, "Error allocating fallback algo %s\n", name);
871 		return PTR_ERR(child);
872 	}
873 
874 	ctx->fallback.skcipher = child;
875 	crypto_skcipher_set_reqsize(tfm, crypto_skcipher_reqsize(child) +
876 					 sizeof(struct skcipher_request));
877 
878 	dev_dbg(sa_k3_dev, "%s(0x%p) sc-ids(0x%x(0x%pad), 0x%x(0x%pad))\n",
879 		__func__, tfm, ctx->enc.sc_id, &ctx->enc.sc_phys,
880 		ctx->dec.sc_id, &ctx->dec.sc_phys);
881 	return 0;
882 }
883 
884 static int sa_cipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
885 			    unsigned int keylen, struct algo_data *ad)
886 {
887 	struct sa_tfm_ctx *ctx = crypto_skcipher_ctx(tfm);
888 	struct crypto_skcipher *child = ctx->fallback.skcipher;
889 	int cmdl_len;
890 	struct sa_cmdl_cfg cfg;
891 	int ret;
892 
893 	if (keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_192 &&
894 	    keylen != AES_KEYSIZE_256)
895 		return -EINVAL;
896 
897 	ad->enc_eng.eng_id = SA_ENG_ID_EM1;
898 	ad->enc_eng.sc_size = SA_CTX_ENC_TYPE1_SZ;
899 
900 	memzero_explicit(&cfg, sizeof(cfg));
901 	cfg.enc_eng_id = ad->enc_eng.eng_id;
902 	cfg.iv_size = crypto_skcipher_ivsize(tfm);
903 
904 	crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
905 	crypto_skcipher_set_flags(child, tfm->base.crt_flags &
906 					 CRYPTO_TFM_REQ_MASK);
907 	ret = crypto_skcipher_setkey(child, key, keylen);
908 	if (ret)
909 		return ret;
910 
911 	/* Setup Encryption Security Context & Command label template */
912 	if (sa_init_sc(&ctx->enc, ctx->dev_data->match_data, key, keylen, NULL, 0,
913 		       ad, 1, &ctx->enc.epib[1]))
914 		goto badkey;
915 
916 	cmdl_len = sa_format_cmdl_gen(&cfg,
917 				      (u8 *)ctx->enc.cmdl,
918 				      &ctx->enc.cmdl_upd_info);
919 	if (cmdl_len <= 0 || (cmdl_len > SA_MAX_CMDL_WORDS * sizeof(u32)))
920 		goto badkey;
921 
922 	ctx->enc.cmdl_size = cmdl_len;
923 
924 	/* Setup Decryption Security Context & Command label template */
925 	if (sa_init_sc(&ctx->dec, ctx->dev_data->match_data, key, keylen, NULL, 0,
926 		       ad, 0, &ctx->dec.epib[1]))
927 		goto badkey;
928 
929 	cfg.enc_eng_id = ad->enc_eng.eng_id;
930 	cmdl_len = sa_format_cmdl_gen(&cfg, (u8 *)ctx->dec.cmdl,
931 				      &ctx->dec.cmdl_upd_info);
932 
933 	if (cmdl_len <= 0 || (cmdl_len > SA_MAX_CMDL_WORDS * sizeof(u32)))
934 		goto badkey;
935 
936 	ctx->dec.cmdl_size = cmdl_len;
937 	ctx->iv_idx = ad->iv_idx;
938 
939 	return 0;
940 
941 badkey:
942 	dev_err(sa_k3_dev, "%s: badkey\n", __func__);
943 	return -EINVAL;
944 }
945 
946 static int sa_aes_cbc_setkey(struct crypto_skcipher *tfm, const u8 *key,
947 			     unsigned int keylen)
948 {
949 	struct algo_data ad = { 0 };
950 	/* Convert the key size (16/24/32) to the key size index (0/1/2) */
951 	int key_idx = (keylen >> 3) - 2;
952 
953 	if (key_idx >= 3)
954 		return -EINVAL;
955 
956 	ad.mci_enc = mci_cbc_enc_array[key_idx];
957 	ad.mci_dec = mci_cbc_dec_array[key_idx];
958 	ad.inv_key = true;
959 	ad.ealg_id = SA_EALG_ID_AES_CBC;
960 	ad.iv_idx = 4;
961 	ad.iv_out_size = 16;
962 
963 	return sa_cipher_setkey(tfm, key, keylen, &ad);
964 }
965 
966 static int sa_aes_ecb_setkey(struct crypto_skcipher *tfm, const u8 *key,
967 			     unsigned int keylen)
968 {
969 	struct algo_data ad = { 0 };
970 	/* Convert the key size (16/24/32) to the key size index (0/1/2) */
971 	int key_idx = (keylen >> 3) - 2;
972 
973 	if (key_idx >= 3)
974 		return -EINVAL;
975 
976 	ad.mci_enc = mci_ecb_enc_array[key_idx];
977 	ad.mci_dec = mci_ecb_dec_array[key_idx];
978 	ad.inv_key = true;
979 	ad.ealg_id = SA_EALG_ID_AES_ECB;
980 
981 	return sa_cipher_setkey(tfm, key, keylen, &ad);
982 }
983 
984 static int sa_3des_cbc_setkey(struct crypto_skcipher *tfm, const u8 *key,
985 			      unsigned int keylen)
986 {
987 	struct algo_data ad = { 0 };
988 
989 	ad.mci_enc = mci_cbc_3des_enc_array;
990 	ad.mci_dec = mci_cbc_3des_dec_array;
991 	ad.ealg_id = SA_EALG_ID_3DES_CBC;
992 	ad.iv_idx = 6;
993 	ad.iv_out_size = 8;
994 
995 	return sa_cipher_setkey(tfm, key, keylen, &ad);
996 }
997 
998 static int sa_3des_ecb_setkey(struct crypto_skcipher *tfm, const u8 *key,
999 			      unsigned int keylen)
1000 {
1001 	struct algo_data ad = { 0 };
1002 
1003 	ad.mci_enc = mci_ecb_3des_enc_array;
1004 	ad.mci_dec = mci_ecb_3des_dec_array;
1005 
1006 	return sa_cipher_setkey(tfm, key, keylen, &ad);
1007 }
1008 
1009 static void sa_sync_from_device(struct sa_rx_data *rxd)
1010 {
1011 	struct sg_table *sgt;
1012 
1013 	if (rxd->mapped_sg[0].dir == DMA_BIDIRECTIONAL)
1014 		sgt = &rxd->mapped_sg[0].sgt;
1015 	else
1016 		sgt = &rxd->mapped_sg[1].sgt;
1017 
1018 	dma_sync_sgtable_for_cpu(rxd->ddev, sgt, DMA_FROM_DEVICE);
1019 }
1020 
1021 static void sa_free_sa_rx_data(struct sa_rx_data *rxd)
1022 {
1023 	int i;
1024 
1025 	for (i = 0; i < ARRAY_SIZE(rxd->mapped_sg); i++) {
1026 		struct sa_mapped_sg *mapped_sg = &rxd->mapped_sg[i];
1027 
1028 		if (mapped_sg->mapped) {
1029 			dma_unmap_sgtable(rxd->ddev, &mapped_sg->sgt,
1030 					  mapped_sg->dir, 0);
1031 			kfree(mapped_sg->split_sg);
1032 		}
1033 	}
1034 
1035 	kfree(rxd);
1036 }
1037 
1038 static void sa_aes_dma_in_callback(void *data)
1039 {
1040 	struct sa_rx_data *rxd = (struct sa_rx_data *)data;
1041 	struct skcipher_request *req;
1042 	u32 *result;
1043 	__be32 *mdptr;
1044 	size_t ml, pl;
1045 	int i;
1046 
1047 	sa_sync_from_device(rxd);
1048 	req = container_of(rxd->req, struct skcipher_request, base);
1049 
1050 	if (req->iv) {
1051 		mdptr = (__be32 *)dmaengine_desc_get_metadata_ptr(rxd->tx_in, &pl,
1052 							       &ml);
1053 		result = (u32 *)req->iv;
1054 
1055 		for (i = 0; i < (rxd->enc_iv_size / 4); i++)
1056 			result[i] = be32_to_cpu(mdptr[i + rxd->iv_idx]);
1057 	}
1058 
1059 	sa_free_sa_rx_data(rxd);
1060 
1061 	skcipher_request_complete(req, 0);
1062 }
1063 
1064 static void
1065 sa_prepare_tx_desc(u32 *mdptr, u32 pslen, u32 *psdata, u32 epiblen, u32 *epib)
1066 {
1067 	u32 *out, *in;
1068 	int i;
1069 
1070 	for (out = mdptr, in = epib, i = 0; i < epiblen / sizeof(u32); i++)
1071 		*out++ = *in++;
1072 
1073 	mdptr[4] = (0xFFFF << 16);
1074 	for (out = &mdptr[5], in = psdata, i = 0;
1075 	     i < pslen / sizeof(u32); i++)
1076 		*out++ = *in++;
1077 }
1078 
1079 static int sa_run(struct sa_req *req)
1080 {
1081 	struct sa_rx_data *rxd;
1082 	gfp_t gfp_flags;
1083 	u32 cmdl[SA_MAX_CMDL_WORDS];
1084 	struct sa_crypto_data *pdata = dev_get_drvdata(sa_k3_dev);
1085 	struct device *ddev;
1086 	struct dma_chan *dma_rx;
1087 	int sg_nents, src_nents, dst_nents;
1088 	struct scatterlist *src, *dst;
1089 	size_t pl, ml, split_size;
1090 	struct sa_ctx_info *sa_ctx = req->enc ? &req->ctx->enc : &req->ctx->dec;
1091 	int ret;
1092 	struct dma_async_tx_descriptor *tx_out;
1093 	u32 *mdptr;
1094 	bool diff_dst;
1095 	enum dma_data_direction dir_src;
1096 	struct sa_mapped_sg *mapped_sg;
1097 
1098 	gfp_flags = req->base->flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
1099 		GFP_KERNEL : GFP_ATOMIC;
1100 
1101 	rxd = kzalloc(sizeof(*rxd), gfp_flags);
1102 	if (!rxd)
1103 		return -ENOMEM;
1104 
1105 	if (req->src != req->dst) {
1106 		diff_dst = true;
1107 		dir_src = DMA_TO_DEVICE;
1108 	} else {
1109 		diff_dst = false;
1110 		dir_src = DMA_BIDIRECTIONAL;
1111 	}
1112 
1113 	/*
1114 	 * SA2UL has an interesting feature where the receive DMA channel
1115 	 * is selected based on the data passed to the engine. Within the
1116 	 * transition range, there is also a space where it is impossible
1117 	 * to determine where the data will end up, and this should be
1118 	 * avoided. This will be handled by the SW fallback mechanism by
1119 	 * the individual algorithm implementations.
1120 	 */
1121 	if (req->size >= 256)
1122 		dma_rx = pdata->dma_rx2;
1123 	else
1124 		dma_rx = pdata->dma_rx1;
1125 
1126 	ddev = dmaengine_get_dma_device(pdata->dma_tx);
1127 	rxd->ddev = ddev;
1128 
1129 	memcpy(cmdl, sa_ctx->cmdl, sa_ctx->cmdl_size);
1130 
1131 	sa_update_cmdl(req, cmdl, &sa_ctx->cmdl_upd_info);
1132 
1133 	if (req->type != CRYPTO_ALG_TYPE_AHASH) {
1134 		if (req->enc)
1135 			req->type |=
1136 				(SA_REQ_SUBTYPE_ENC << SA_REQ_SUBTYPE_SHIFT);
1137 		else
1138 			req->type |=
1139 				(SA_REQ_SUBTYPE_DEC << SA_REQ_SUBTYPE_SHIFT);
1140 	}
1141 
1142 	cmdl[sa_ctx->cmdl_size / sizeof(u32)] = req->type;
1143 
1144 	/*
1145 	 * Map the packets, first we check if the data fits into a single
1146 	 * sg entry and use that if possible. If it does not fit, we check
1147 	 * if we need to do sg_split to align the scatterlist data on the
1148 	 * actual data size being processed by the crypto engine.
1149 	 */
1150 	src = req->src;
1151 	sg_nents = sg_nents_for_len(src, req->size);
1152 
1153 	split_size = req->size;
1154 
1155 	mapped_sg = &rxd->mapped_sg[0];
1156 	if (sg_nents == 1 && split_size <= req->src->length) {
1157 		src = &mapped_sg->static_sg;
1158 		src_nents = 1;
1159 		sg_init_table(src, 1);
1160 		sg_set_page(src, sg_page(req->src), split_size,
1161 			    req->src->offset);
1162 
1163 		mapped_sg->sgt.sgl = src;
1164 		mapped_sg->sgt.orig_nents = src_nents;
1165 		ret = dma_map_sgtable(ddev, &mapped_sg->sgt, dir_src, 0);
1166 		if (ret) {
1167 			kfree(rxd);
1168 			return ret;
1169 		}
1170 
1171 		mapped_sg->dir = dir_src;
1172 		mapped_sg->mapped = true;
1173 	} else {
1174 		mapped_sg->sgt.sgl = req->src;
1175 		mapped_sg->sgt.orig_nents = sg_nents;
1176 		ret = dma_map_sgtable(ddev, &mapped_sg->sgt, dir_src, 0);
1177 		if (ret) {
1178 			kfree(rxd);
1179 			return ret;
1180 		}
1181 
1182 		mapped_sg->dir = dir_src;
1183 		mapped_sg->mapped = true;
1184 
1185 		ret = sg_split(mapped_sg->sgt.sgl, mapped_sg->sgt.nents, 0, 1,
1186 			       &split_size, &src, &src_nents, gfp_flags);
1187 		if (ret) {
1188 			src_nents = mapped_sg->sgt.nents;
1189 			src = mapped_sg->sgt.sgl;
1190 		} else {
1191 			mapped_sg->split_sg = src;
1192 		}
1193 	}
1194 
1195 	dma_sync_sgtable_for_device(ddev, &mapped_sg->sgt, DMA_TO_DEVICE);
1196 
1197 	if (!diff_dst) {
1198 		dst_nents = src_nents;
1199 		dst = src;
1200 	} else {
1201 		dst_nents = sg_nents_for_len(req->dst, req->size);
1202 		mapped_sg = &rxd->mapped_sg[1];
1203 
1204 		if (dst_nents == 1 && split_size <= req->dst->length) {
1205 			dst = &mapped_sg->static_sg;
1206 			dst_nents = 1;
1207 			sg_init_table(dst, 1);
1208 			sg_set_page(dst, sg_page(req->dst), split_size,
1209 				    req->dst->offset);
1210 
1211 			mapped_sg->sgt.sgl = dst;
1212 			mapped_sg->sgt.orig_nents = dst_nents;
1213 			ret = dma_map_sgtable(ddev, &mapped_sg->sgt,
1214 					      DMA_FROM_DEVICE, 0);
1215 			if (ret)
1216 				goto err_cleanup;
1217 
1218 			mapped_sg->dir = DMA_FROM_DEVICE;
1219 			mapped_sg->mapped = true;
1220 		} else {
1221 			mapped_sg->sgt.sgl = req->dst;
1222 			mapped_sg->sgt.orig_nents = dst_nents;
1223 			ret = dma_map_sgtable(ddev, &mapped_sg->sgt,
1224 					      DMA_FROM_DEVICE, 0);
1225 			if (ret)
1226 				goto err_cleanup;
1227 
1228 			mapped_sg->dir = DMA_FROM_DEVICE;
1229 			mapped_sg->mapped = true;
1230 
1231 			ret = sg_split(mapped_sg->sgt.sgl, mapped_sg->sgt.nents,
1232 				       0, 1, &split_size, &dst, &dst_nents,
1233 				       gfp_flags);
1234 			if (ret) {
1235 				dst_nents = mapped_sg->sgt.nents;
1236 				dst = mapped_sg->sgt.sgl;
1237 			} else {
1238 				mapped_sg->split_sg = dst;
1239 			}
1240 		}
1241 	}
1242 
1243 	rxd->tx_in = dmaengine_prep_slave_sg(dma_rx, dst, dst_nents,
1244 					     DMA_DEV_TO_MEM,
1245 					     DMA_PREP_INTERRUPT | DMA_CTRL_ACK);
1246 	if (!rxd->tx_in) {
1247 		dev_err(pdata->dev, "IN prep_slave_sg() failed\n");
1248 		ret = -EINVAL;
1249 		goto err_cleanup;
1250 	}
1251 
1252 	rxd->req = (void *)req->base;
1253 	rxd->enc = req->enc;
1254 	rxd->iv_idx = req->ctx->iv_idx;
1255 	rxd->enc_iv_size = sa_ctx->cmdl_upd_info.enc_iv.size;
1256 	rxd->tx_in->callback = req->callback;
1257 	rxd->tx_in->callback_param = rxd;
1258 
1259 	tx_out = dmaengine_prep_slave_sg(pdata->dma_tx, src,
1260 					 src_nents, DMA_MEM_TO_DEV,
1261 					 DMA_PREP_INTERRUPT | DMA_CTRL_ACK);
1262 
1263 	if (!tx_out) {
1264 		dev_err(pdata->dev, "OUT prep_slave_sg() failed\n");
1265 		ret = -EINVAL;
1266 		goto err_cleanup;
1267 	}
1268 
1269 	/*
1270 	 * Prepare metadata for DMA engine. This essentially describes the
1271 	 * crypto algorithm to be used, data sizes, different keys etc.
1272 	 */
1273 	mdptr = (u32 *)dmaengine_desc_get_metadata_ptr(tx_out, &pl, &ml);
1274 
1275 	sa_prepare_tx_desc(mdptr, (sa_ctx->cmdl_size + (SA_PSDATA_CTX_WORDS *
1276 				   sizeof(u32))), cmdl, sizeof(sa_ctx->epib),
1277 			   sa_ctx->epib);
1278 
1279 	ml = sa_ctx->cmdl_size + (SA_PSDATA_CTX_WORDS * sizeof(u32));
1280 	dmaengine_desc_set_metadata_len(tx_out, req->mdata_size);
1281 
1282 	dmaengine_submit(tx_out);
1283 	dmaengine_submit(rxd->tx_in);
1284 
1285 	dma_async_issue_pending(dma_rx);
1286 	dma_async_issue_pending(pdata->dma_tx);
1287 
1288 	return -EINPROGRESS;
1289 
1290 err_cleanup:
1291 	sa_free_sa_rx_data(rxd);
1292 
1293 	return ret;
1294 }
1295 
1296 static int sa_cipher_run(struct skcipher_request *req, u8 *iv, int enc)
1297 {
1298 	struct sa_tfm_ctx *ctx =
1299 	    crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
1300 	struct crypto_alg *alg = req->base.tfm->__crt_alg;
1301 	struct sa_req sa_req = { 0 };
1302 
1303 	if (!req->cryptlen)
1304 		return 0;
1305 
1306 	if (req->cryptlen % alg->cra_blocksize)
1307 		return -EINVAL;
1308 
1309 	/* Use SW fallback if the data size is not supported */
1310 	if (req->cryptlen > SA_MAX_DATA_SZ ||
1311 	    (req->cryptlen >= SA_UNSAFE_DATA_SZ_MIN &&
1312 	     req->cryptlen <= SA_UNSAFE_DATA_SZ_MAX)) {
1313 		struct skcipher_request *subreq = skcipher_request_ctx(req);
1314 
1315 		skcipher_request_set_tfm(subreq, ctx->fallback.skcipher);
1316 		skcipher_request_set_callback(subreq, req->base.flags,
1317 					      req->base.complete,
1318 					      req->base.data);
1319 		skcipher_request_set_crypt(subreq, req->src, req->dst,
1320 					   req->cryptlen, req->iv);
1321 		if (enc)
1322 			return crypto_skcipher_encrypt(subreq);
1323 		else
1324 			return crypto_skcipher_decrypt(subreq);
1325 	}
1326 
1327 	sa_req.size = req->cryptlen;
1328 	sa_req.enc_size = req->cryptlen;
1329 	sa_req.src = req->src;
1330 	sa_req.dst = req->dst;
1331 	sa_req.enc_iv = iv;
1332 	sa_req.type = CRYPTO_ALG_TYPE_SKCIPHER;
1333 	sa_req.enc = enc;
1334 	sa_req.callback = sa_aes_dma_in_callback;
1335 	sa_req.mdata_size = 44;
1336 	sa_req.base = &req->base;
1337 	sa_req.ctx = ctx;
1338 
1339 	return sa_run(&sa_req);
1340 }
1341 
1342 static int sa_encrypt(struct skcipher_request *req)
1343 {
1344 	return sa_cipher_run(req, req->iv, 1);
1345 }
1346 
1347 static int sa_decrypt(struct skcipher_request *req)
1348 {
1349 	return sa_cipher_run(req, req->iv, 0);
1350 }
1351 
1352 static void sa_sha_dma_in_callback(void *data)
1353 {
1354 	struct sa_rx_data *rxd = (struct sa_rx_data *)data;
1355 	struct ahash_request *req;
1356 	struct crypto_ahash *tfm;
1357 	unsigned int authsize;
1358 	int i;
1359 	size_t ml, pl;
1360 	u32 *result;
1361 	__be32 *mdptr;
1362 
1363 	sa_sync_from_device(rxd);
1364 	req = container_of(rxd->req, struct ahash_request, base);
1365 	tfm = crypto_ahash_reqtfm(req);
1366 	authsize = crypto_ahash_digestsize(tfm);
1367 
1368 	mdptr = (__be32 *)dmaengine_desc_get_metadata_ptr(rxd->tx_in, &pl, &ml);
1369 	result = (u32 *)req->result;
1370 
1371 	for (i = 0; i < (authsize / 4); i++)
1372 		result[i] = be32_to_cpu(mdptr[i + 4]);
1373 
1374 	sa_free_sa_rx_data(rxd);
1375 
1376 	ahash_request_complete(req, 0);
1377 }
1378 
1379 static int zero_message_process(struct ahash_request *req)
1380 {
1381 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1382 	int sa_digest_size = crypto_ahash_digestsize(tfm);
1383 
1384 	switch (sa_digest_size) {
1385 	case SHA1_DIGEST_SIZE:
1386 		memcpy(req->result, sha1_zero_message_hash, sa_digest_size);
1387 		break;
1388 	case SHA256_DIGEST_SIZE:
1389 		memcpy(req->result, sha256_zero_message_hash, sa_digest_size);
1390 		break;
1391 	case SHA512_DIGEST_SIZE:
1392 		memcpy(req->result, sha512_zero_message_hash, sa_digest_size);
1393 		break;
1394 	default:
1395 		return -EINVAL;
1396 	}
1397 
1398 	return 0;
1399 }
1400 
1401 static int sa_sha_run(struct ahash_request *req)
1402 {
1403 	struct sa_tfm_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
1404 	struct sa_sha_req_ctx *rctx = ahash_request_ctx(req);
1405 	struct sa_req sa_req = { 0 };
1406 	size_t auth_len;
1407 
1408 	auth_len = req->nbytes;
1409 
1410 	if (!auth_len)
1411 		return zero_message_process(req);
1412 
1413 	if (auth_len > SA_MAX_DATA_SZ ||
1414 	    (auth_len >= SA_UNSAFE_DATA_SZ_MIN &&
1415 	     auth_len <= SA_UNSAFE_DATA_SZ_MAX)) {
1416 		struct ahash_request *subreq = &rctx->fallback_req;
1417 		int ret = 0;
1418 
1419 		ahash_request_set_tfm(subreq, ctx->fallback.ahash);
1420 		subreq->base.flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP;
1421 
1422 		crypto_ahash_init(subreq);
1423 
1424 		subreq->nbytes = auth_len;
1425 		subreq->src = req->src;
1426 		subreq->result = req->result;
1427 
1428 		ret |= crypto_ahash_update(subreq);
1429 
1430 		subreq->nbytes = 0;
1431 
1432 		ret |= crypto_ahash_final(subreq);
1433 
1434 		return ret;
1435 	}
1436 
1437 	sa_req.size = auth_len;
1438 	sa_req.auth_size = auth_len;
1439 	sa_req.src = req->src;
1440 	sa_req.dst = req->src;
1441 	sa_req.enc = true;
1442 	sa_req.type = CRYPTO_ALG_TYPE_AHASH;
1443 	sa_req.callback = sa_sha_dma_in_callback;
1444 	sa_req.mdata_size = 28;
1445 	sa_req.ctx = ctx;
1446 	sa_req.base = &req->base;
1447 
1448 	return sa_run(&sa_req);
1449 }
1450 
1451 static int sa_sha_setup(struct sa_tfm_ctx *ctx, struct  algo_data *ad)
1452 {
1453 	int bs = crypto_shash_blocksize(ctx->shash);
1454 	int cmdl_len;
1455 	struct sa_cmdl_cfg cfg;
1456 
1457 	ad->enc_eng.sc_size = SA_CTX_ENC_TYPE1_SZ;
1458 	ad->auth_eng.eng_id = SA_ENG_ID_AM1;
1459 	ad->auth_eng.sc_size = SA_CTX_AUTH_TYPE2_SZ;
1460 
1461 	memset(ctx->authkey, 0, bs);
1462 	memset(&cfg, 0, sizeof(cfg));
1463 	cfg.aalg = ad->aalg_id;
1464 	cfg.enc_eng_id = ad->enc_eng.eng_id;
1465 	cfg.auth_eng_id = ad->auth_eng.eng_id;
1466 	cfg.iv_size = 0;
1467 	cfg.akey = NULL;
1468 	cfg.akey_len = 0;
1469 
1470 	ctx->dev_data = dev_get_drvdata(sa_k3_dev);
1471 	/* Setup Encryption Security Context & Command label template */
1472 	if (sa_init_sc(&ctx->enc, ctx->dev_data->match_data, NULL, 0, NULL, 0,
1473 		       ad, 0, &ctx->enc.epib[1]))
1474 		goto badkey;
1475 
1476 	cmdl_len = sa_format_cmdl_gen(&cfg,
1477 				      (u8 *)ctx->enc.cmdl,
1478 				      &ctx->enc.cmdl_upd_info);
1479 	if (cmdl_len <= 0 || (cmdl_len > SA_MAX_CMDL_WORDS * sizeof(u32)))
1480 		goto badkey;
1481 
1482 	ctx->enc.cmdl_size = cmdl_len;
1483 
1484 	return 0;
1485 
1486 badkey:
1487 	dev_err(sa_k3_dev, "%s: badkey\n", __func__);
1488 	return -EINVAL;
1489 }
1490 
1491 static int sa_sha_cra_init_alg(struct crypto_tfm *tfm, const char *alg_base)
1492 {
1493 	struct sa_tfm_ctx *ctx = crypto_tfm_ctx(tfm);
1494 	struct sa_crypto_data *data = dev_get_drvdata(sa_k3_dev);
1495 	int ret;
1496 
1497 	memset(ctx, 0, sizeof(*ctx));
1498 	ctx->dev_data = data;
1499 	ret = sa_init_ctx_info(&ctx->enc, data);
1500 	if (ret)
1501 		return ret;
1502 
1503 	if (alg_base) {
1504 		ctx->shash = crypto_alloc_shash(alg_base, 0,
1505 						CRYPTO_ALG_NEED_FALLBACK);
1506 		if (IS_ERR(ctx->shash)) {
1507 			dev_err(sa_k3_dev, "base driver %s couldn't be loaded\n",
1508 				alg_base);
1509 			return PTR_ERR(ctx->shash);
1510 		}
1511 		/* for fallback */
1512 		ctx->fallback.ahash =
1513 			crypto_alloc_ahash(alg_base, 0,
1514 					   CRYPTO_ALG_NEED_FALLBACK);
1515 		if (IS_ERR(ctx->fallback.ahash)) {
1516 			dev_err(ctx->dev_data->dev,
1517 				"Could not load fallback driver\n");
1518 			return PTR_ERR(ctx->fallback.ahash);
1519 		}
1520 	}
1521 
1522 	dev_dbg(sa_k3_dev, "%s(0x%p) sc-ids(0x%x(0x%pad), 0x%x(0x%pad))\n",
1523 		__func__, tfm, ctx->enc.sc_id, &ctx->enc.sc_phys,
1524 		ctx->dec.sc_id, &ctx->dec.sc_phys);
1525 
1526 	crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
1527 				 sizeof(struct sa_sha_req_ctx) +
1528 				 crypto_ahash_reqsize(ctx->fallback.ahash));
1529 
1530 	return 0;
1531 }
1532 
1533 static int sa_sha_digest(struct ahash_request *req)
1534 {
1535 	return sa_sha_run(req);
1536 }
1537 
1538 static int sa_sha_init(struct ahash_request *req)
1539 {
1540 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1541 	struct sa_sha_req_ctx *rctx = ahash_request_ctx(req);
1542 	struct sa_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
1543 
1544 	dev_dbg(sa_k3_dev, "init: digest size: %u, rctx=%p\n",
1545 		crypto_ahash_digestsize(tfm), rctx);
1546 
1547 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback.ahash);
1548 	rctx->fallback_req.base.flags =
1549 		req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP;
1550 
1551 	return crypto_ahash_init(&rctx->fallback_req);
1552 }
1553 
1554 static int sa_sha_update(struct ahash_request *req)
1555 {
1556 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1557 	struct sa_sha_req_ctx *rctx = ahash_request_ctx(req);
1558 	struct sa_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
1559 
1560 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback.ahash);
1561 	rctx->fallback_req.base.flags =
1562 		req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP;
1563 	rctx->fallback_req.nbytes = req->nbytes;
1564 	rctx->fallback_req.src = req->src;
1565 
1566 	return crypto_ahash_update(&rctx->fallback_req);
1567 }
1568 
1569 static int sa_sha_final(struct ahash_request *req)
1570 {
1571 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1572 	struct sa_sha_req_ctx *rctx = ahash_request_ctx(req);
1573 	struct sa_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
1574 
1575 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback.ahash);
1576 	rctx->fallback_req.base.flags =
1577 		req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP;
1578 	rctx->fallback_req.result = req->result;
1579 
1580 	return crypto_ahash_final(&rctx->fallback_req);
1581 }
1582 
1583 static int sa_sha_finup(struct ahash_request *req)
1584 {
1585 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1586 	struct sa_sha_req_ctx *rctx = ahash_request_ctx(req);
1587 	struct sa_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
1588 
1589 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback.ahash);
1590 	rctx->fallback_req.base.flags =
1591 		req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP;
1592 
1593 	rctx->fallback_req.nbytes = req->nbytes;
1594 	rctx->fallback_req.src = req->src;
1595 	rctx->fallback_req.result = req->result;
1596 
1597 	return crypto_ahash_finup(&rctx->fallback_req);
1598 }
1599 
1600 static int sa_sha_import(struct ahash_request *req, const void *in)
1601 {
1602 	struct sa_sha_req_ctx *rctx = ahash_request_ctx(req);
1603 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1604 	struct sa_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
1605 
1606 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback.ahash);
1607 	rctx->fallback_req.base.flags = req->base.flags &
1608 		CRYPTO_TFM_REQ_MAY_SLEEP;
1609 
1610 	return crypto_ahash_import(&rctx->fallback_req, in);
1611 }
1612 
1613 static int sa_sha_export(struct ahash_request *req, void *out)
1614 {
1615 	struct sa_sha_req_ctx *rctx = ahash_request_ctx(req);
1616 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1617 	struct sa_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
1618 	struct ahash_request *subreq = &rctx->fallback_req;
1619 
1620 	ahash_request_set_tfm(subreq, ctx->fallback.ahash);
1621 	subreq->base.flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP;
1622 
1623 	return crypto_ahash_export(subreq, out);
1624 }
1625 
1626 static int sa_sha1_cra_init(struct crypto_tfm *tfm)
1627 {
1628 	struct algo_data ad = { 0 };
1629 	struct sa_tfm_ctx *ctx = crypto_tfm_ctx(tfm);
1630 
1631 	sa_sha_cra_init_alg(tfm, "sha1");
1632 
1633 	ad.aalg_id = SA_AALG_ID_SHA1;
1634 	ad.hash_size = SHA1_DIGEST_SIZE;
1635 	ad.auth_ctrl = SA_AUTH_SW_CTRL_SHA1;
1636 
1637 	sa_sha_setup(ctx, &ad);
1638 
1639 	return 0;
1640 }
1641 
1642 static int sa_sha256_cra_init(struct crypto_tfm *tfm)
1643 {
1644 	struct algo_data ad = { 0 };
1645 	struct sa_tfm_ctx *ctx = crypto_tfm_ctx(tfm);
1646 
1647 	sa_sha_cra_init_alg(tfm, "sha256");
1648 
1649 	ad.aalg_id = SA_AALG_ID_SHA2_256;
1650 	ad.hash_size = SHA256_DIGEST_SIZE;
1651 	ad.auth_ctrl = SA_AUTH_SW_CTRL_SHA256;
1652 
1653 	sa_sha_setup(ctx, &ad);
1654 
1655 	return 0;
1656 }
1657 
1658 static int sa_sha512_cra_init(struct crypto_tfm *tfm)
1659 {
1660 	struct algo_data ad = { 0 };
1661 	struct sa_tfm_ctx *ctx = crypto_tfm_ctx(tfm);
1662 
1663 	sa_sha_cra_init_alg(tfm, "sha512");
1664 
1665 	ad.aalg_id = SA_AALG_ID_SHA2_512;
1666 	ad.hash_size = SHA512_DIGEST_SIZE;
1667 	ad.auth_ctrl = SA_AUTH_SW_CTRL_SHA512;
1668 
1669 	sa_sha_setup(ctx, &ad);
1670 
1671 	return 0;
1672 }
1673 
1674 static void sa_sha_cra_exit(struct crypto_tfm *tfm)
1675 {
1676 	struct sa_tfm_ctx *ctx = crypto_tfm_ctx(tfm);
1677 	struct sa_crypto_data *data = dev_get_drvdata(sa_k3_dev);
1678 
1679 	dev_dbg(sa_k3_dev, "%s(0x%p) sc-ids(0x%x(0x%pad), 0x%x(0x%pad))\n",
1680 		__func__, tfm, ctx->enc.sc_id, &ctx->enc.sc_phys,
1681 		ctx->dec.sc_id, &ctx->dec.sc_phys);
1682 
1683 	if (crypto_tfm_alg_type(tfm) == CRYPTO_ALG_TYPE_AHASH)
1684 		sa_free_ctx_info(&ctx->enc, data);
1685 
1686 	crypto_free_shash(ctx->shash);
1687 	crypto_free_ahash(ctx->fallback.ahash);
1688 }
1689 
1690 static void sa_aead_dma_in_callback(void *data)
1691 {
1692 	struct sa_rx_data *rxd = (struct sa_rx_data *)data;
1693 	struct aead_request *req;
1694 	struct crypto_aead *tfm;
1695 	unsigned int start;
1696 	unsigned int authsize;
1697 	u8 auth_tag[SA_MAX_AUTH_TAG_SZ];
1698 	size_t pl, ml;
1699 	int i;
1700 	int err = 0;
1701 	u16 auth_len;
1702 	u32 *mdptr;
1703 
1704 	sa_sync_from_device(rxd);
1705 	req = container_of(rxd->req, struct aead_request, base);
1706 	tfm = crypto_aead_reqtfm(req);
1707 	start = req->assoclen + req->cryptlen;
1708 	authsize = crypto_aead_authsize(tfm);
1709 
1710 	mdptr = (u32 *)dmaengine_desc_get_metadata_ptr(rxd->tx_in, &pl, &ml);
1711 	for (i = 0; i < (authsize / 4); i++)
1712 		mdptr[i + 4] = swab32(mdptr[i + 4]);
1713 
1714 	auth_len = req->assoclen + req->cryptlen;
1715 
1716 	if (rxd->enc) {
1717 		scatterwalk_map_and_copy(&mdptr[4], req->dst, start, authsize,
1718 					 1);
1719 	} else {
1720 		auth_len -= authsize;
1721 		start -= authsize;
1722 		scatterwalk_map_and_copy(auth_tag, req->src, start, authsize,
1723 					 0);
1724 
1725 		err = memcmp(&mdptr[4], auth_tag, authsize) ? -EBADMSG : 0;
1726 	}
1727 
1728 	sa_free_sa_rx_data(rxd);
1729 
1730 	aead_request_complete(req, err);
1731 }
1732 
1733 static int sa_cra_init_aead(struct crypto_aead *tfm, const char *hash,
1734 			    const char *fallback)
1735 {
1736 	struct sa_tfm_ctx *ctx = crypto_aead_ctx(tfm);
1737 	struct sa_crypto_data *data = dev_get_drvdata(sa_k3_dev);
1738 	int ret;
1739 
1740 	memzero_explicit(ctx, sizeof(*ctx));
1741 	ctx->dev_data = data;
1742 
1743 	ctx->shash = crypto_alloc_shash(hash, 0, CRYPTO_ALG_NEED_FALLBACK);
1744 	if (IS_ERR(ctx->shash)) {
1745 		dev_err(sa_k3_dev, "base driver %s couldn't be loaded\n", hash);
1746 		return PTR_ERR(ctx->shash);
1747 	}
1748 
1749 	ctx->fallback.aead = crypto_alloc_aead(fallback, 0,
1750 					       CRYPTO_ALG_NEED_FALLBACK);
1751 
1752 	if (IS_ERR(ctx->fallback.aead)) {
1753 		dev_err(sa_k3_dev, "fallback driver %s couldn't be loaded\n",
1754 			fallback);
1755 		return PTR_ERR(ctx->fallback.aead);
1756 	}
1757 
1758 	crypto_aead_set_reqsize(tfm, sizeof(struct aead_request) +
1759 				crypto_aead_reqsize(ctx->fallback.aead));
1760 
1761 	ret = sa_init_ctx_info(&ctx->enc, data);
1762 	if (ret)
1763 		return ret;
1764 
1765 	ret = sa_init_ctx_info(&ctx->dec, data);
1766 	if (ret) {
1767 		sa_free_ctx_info(&ctx->enc, data);
1768 		return ret;
1769 	}
1770 
1771 	dev_dbg(sa_k3_dev, "%s(0x%p) sc-ids(0x%x(0x%pad), 0x%x(0x%pad))\n",
1772 		__func__, tfm, ctx->enc.sc_id, &ctx->enc.sc_phys,
1773 		ctx->dec.sc_id, &ctx->dec.sc_phys);
1774 
1775 	return ret;
1776 }
1777 
1778 static int sa_cra_init_aead_sha1(struct crypto_aead *tfm)
1779 {
1780 	return sa_cra_init_aead(tfm, "sha1",
1781 				"authenc(hmac(sha1-ce),cbc(aes-ce))");
1782 }
1783 
1784 static int sa_cra_init_aead_sha256(struct crypto_aead *tfm)
1785 {
1786 	return sa_cra_init_aead(tfm, "sha256",
1787 				"authenc(hmac(sha256-ce),cbc(aes-ce))");
1788 }
1789 
1790 static void sa_exit_tfm_aead(struct crypto_aead *tfm)
1791 {
1792 	struct sa_tfm_ctx *ctx = crypto_aead_ctx(tfm);
1793 	struct sa_crypto_data *data = dev_get_drvdata(sa_k3_dev);
1794 
1795 	crypto_free_shash(ctx->shash);
1796 	crypto_free_aead(ctx->fallback.aead);
1797 
1798 	sa_free_ctx_info(&ctx->enc, data);
1799 	sa_free_ctx_info(&ctx->dec, data);
1800 }
1801 
1802 /* AEAD algorithm configuration interface function */
1803 static int sa_aead_setkey(struct crypto_aead *authenc,
1804 			  const u8 *key, unsigned int keylen,
1805 			  struct algo_data *ad)
1806 {
1807 	struct sa_tfm_ctx *ctx = crypto_aead_ctx(authenc);
1808 	struct crypto_authenc_keys keys;
1809 	int cmdl_len;
1810 	struct sa_cmdl_cfg cfg;
1811 	int key_idx;
1812 
1813 	if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
1814 		return -EINVAL;
1815 
1816 	/* Convert the key size (16/24/32) to the key size index (0/1/2) */
1817 	key_idx = (keys.enckeylen >> 3) - 2;
1818 	if (key_idx >= 3)
1819 		return -EINVAL;
1820 
1821 	ad->ctx = ctx;
1822 	ad->enc_eng.eng_id = SA_ENG_ID_EM1;
1823 	ad->enc_eng.sc_size = SA_CTX_ENC_TYPE1_SZ;
1824 	ad->auth_eng.eng_id = SA_ENG_ID_AM1;
1825 	ad->auth_eng.sc_size = SA_CTX_AUTH_TYPE2_SZ;
1826 	ad->mci_enc = mci_cbc_enc_no_iv_array[key_idx];
1827 	ad->mci_dec = mci_cbc_dec_no_iv_array[key_idx];
1828 	ad->inv_key = true;
1829 	ad->keyed_mac = true;
1830 	ad->ealg_id = SA_EALG_ID_AES_CBC;
1831 	ad->prep_iopad = sa_prepare_iopads;
1832 
1833 	memset(&cfg, 0, sizeof(cfg));
1834 	cfg.enc = true;
1835 	cfg.aalg = ad->aalg_id;
1836 	cfg.enc_eng_id = ad->enc_eng.eng_id;
1837 	cfg.auth_eng_id = ad->auth_eng.eng_id;
1838 	cfg.iv_size = crypto_aead_ivsize(authenc);
1839 	cfg.akey = keys.authkey;
1840 	cfg.akey_len = keys.authkeylen;
1841 
1842 	/* Setup Encryption Security Context & Command label template */
1843 	if (sa_init_sc(&ctx->enc, ctx->dev_data->match_data, keys.enckey,
1844 		       keys.enckeylen, keys.authkey, keys.authkeylen,
1845 		       ad, 1, &ctx->enc.epib[1]))
1846 		return -EINVAL;
1847 
1848 	cmdl_len = sa_format_cmdl_gen(&cfg,
1849 				      (u8 *)ctx->enc.cmdl,
1850 				      &ctx->enc.cmdl_upd_info);
1851 	if (cmdl_len <= 0 || (cmdl_len > SA_MAX_CMDL_WORDS * sizeof(u32)))
1852 		return -EINVAL;
1853 
1854 	ctx->enc.cmdl_size = cmdl_len;
1855 
1856 	/* Setup Decryption Security Context & Command label template */
1857 	if (sa_init_sc(&ctx->dec, ctx->dev_data->match_data, keys.enckey,
1858 		       keys.enckeylen, keys.authkey, keys.authkeylen,
1859 		       ad, 0, &ctx->dec.epib[1]))
1860 		return -EINVAL;
1861 
1862 	cfg.enc = false;
1863 	cmdl_len = sa_format_cmdl_gen(&cfg, (u8 *)ctx->dec.cmdl,
1864 				      &ctx->dec.cmdl_upd_info);
1865 
1866 	if (cmdl_len <= 0 || (cmdl_len > SA_MAX_CMDL_WORDS * sizeof(u32)))
1867 		return -EINVAL;
1868 
1869 	ctx->dec.cmdl_size = cmdl_len;
1870 
1871 	crypto_aead_clear_flags(ctx->fallback.aead, CRYPTO_TFM_REQ_MASK);
1872 	crypto_aead_set_flags(ctx->fallback.aead,
1873 			      crypto_aead_get_flags(authenc) &
1874 			      CRYPTO_TFM_REQ_MASK);
1875 	crypto_aead_setkey(ctx->fallback.aead, key, keylen);
1876 
1877 	return 0;
1878 }
1879 
1880 static int sa_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
1881 {
1882 	struct sa_tfm_ctx *ctx = crypto_tfm_ctx(crypto_aead_tfm(tfm));
1883 
1884 	return crypto_aead_setauthsize(ctx->fallback.aead, authsize);
1885 }
1886 
1887 static int sa_aead_cbc_sha1_setkey(struct crypto_aead *authenc,
1888 				   const u8 *key, unsigned int keylen)
1889 {
1890 	struct algo_data ad = { 0 };
1891 
1892 	ad.ealg_id = SA_EALG_ID_AES_CBC;
1893 	ad.aalg_id = SA_AALG_ID_HMAC_SHA1;
1894 	ad.hash_size = SHA1_DIGEST_SIZE;
1895 	ad.auth_ctrl = SA_AUTH_SW_CTRL_SHA1;
1896 
1897 	return sa_aead_setkey(authenc, key, keylen, &ad);
1898 }
1899 
1900 static int sa_aead_cbc_sha256_setkey(struct crypto_aead *authenc,
1901 				     const u8 *key, unsigned int keylen)
1902 {
1903 	struct algo_data ad = { 0 };
1904 
1905 	ad.ealg_id = SA_EALG_ID_AES_CBC;
1906 	ad.aalg_id = SA_AALG_ID_HMAC_SHA2_256;
1907 	ad.hash_size = SHA256_DIGEST_SIZE;
1908 	ad.auth_ctrl = SA_AUTH_SW_CTRL_SHA256;
1909 
1910 	return sa_aead_setkey(authenc, key, keylen, &ad);
1911 }
1912 
1913 static int sa_aead_run(struct aead_request *req, u8 *iv, int enc)
1914 {
1915 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1916 	struct sa_tfm_ctx *ctx = crypto_aead_ctx(tfm);
1917 	struct sa_req sa_req = { 0 };
1918 	size_t auth_size, enc_size;
1919 
1920 	enc_size = req->cryptlen;
1921 	auth_size = req->assoclen + req->cryptlen;
1922 
1923 	if (!enc) {
1924 		enc_size -= crypto_aead_authsize(tfm);
1925 		auth_size -= crypto_aead_authsize(tfm);
1926 	}
1927 
1928 	if (auth_size > SA_MAX_DATA_SZ ||
1929 	    (auth_size >= SA_UNSAFE_DATA_SZ_MIN &&
1930 	     auth_size <= SA_UNSAFE_DATA_SZ_MAX)) {
1931 		struct aead_request *subreq = aead_request_ctx(req);
1932 		int ret;
1933 
1934 		aead_request_set_tfm(subreq, ctx->fallback.aead);
1935 		aead_request_set_callback(subreq, req->base.flags,
1936 					  req->base.complete, req->base.data);
1937 		aead_request_set_crypt(subreq, req->src, req->dst,
1938 				       req->cryptlen, req->iv);
1939 		aead_request_set_ad(subreq, req->assoclen);
1940 
1941 		ret = enc ? crypto_aead_encrypt(subreq) :
1942 			crypto_aead_decrypt(subreq);
1943 		return ret;
1944 	}
1945 
1946 	sa_req.enc_offset = req->assoclen;
1947 	sa_req.enc_size = enc_size;
1948 	sa_req.auth_size = auth_size;
1949 	sa_req.size = auth_size;
1950 	sa_req.enc_iv = iv;
1951 	sa_req.type = CRYPTO_ALG_TYPE_AEAD;
1952 	sa_req.enc = enc;
1953 	sa_req.callback = sa_aead_dma_in_callback;
1954 	sa_req.mdata_size = 52;
1955 	sa_req.base = &req->base;
1956 	sa_req.ctx = ctx;
1957 	sa_req.src = req->src;
1958 	sa_req.dst = req->dst;
1959 
1960 	return sa_run(&sa_req);
1961 }
1962 
1963 /* AEAD algorithm encrypt interface function */
1964 static int sa_aead_encrypt(struct aead_request *req)
1965 {
1966 	return sa_aead_run(req, req->iv, 1);
1967 }
1968 
1969 /* AEAD algorithm decrypt interface function */
1970 static int sa_aead_decrypt(struct aead_request *req)
1971 {
1972 	return sa_aead_run(req, req->iv, 0);
1973 }
1974 
1975 static struct sa_alg_tmpl sa_algs[] = {
1976 	[SA_ALG_CBC_AES] = {
1977 		.type = CRYPTO_ALG_TYPE_SKCIPHER,
1978 		.alg.skcipher = {
1979 			.base.cra_name		= "cbc(aes)",
1980 			.base.cra_driver_name	= "cbc-aes-sa2ul",
1981 			.base.cra_priority	= 30000,
1982 			.base.cra_flags		= CRYPTO_ALG_TYPE_SKCIPHER |
1983 						  CRYPTO_ALG_KERN_DRIVER_ONLY |
1984 						  CRYPTO_ALG_ASYNC |
1985 						  CRYPTO_ALG_NEED_FALLBACK,
1986 			.base.cra_blocksize	= AES_BLOCK_SIZE,
1987 			.base.cra_ctxsize	= sizeof(struct sa_tfm_ctx),
1988 			.base.cra_module	= THIS_MODULE,
1989 			.init			= sa_cipher_cra_init,
1990 			.exit			= sa_cipher_cra_exit,
1991 			.min_keysize		= AES_MIN_KEY_SIZE,
1992 			.max_keysize		= AES_MAX_KEY_SIZE,
1993 			.ivsize			= AES_BLOCK_SIZE,
1994 			.setkey			= sa_aes_cbc_setkey,
1995 			.encrypt		= sa_encrypt,
1996 			.decrypt		= sa_decrypt,
1997 		}
1998 	},
1999 	[SA_ALG_EBC_AES] = {
2000 		.type = CRYPTO_ALG_TYPE_SKCIPHER,
2001 		.alg.skcipher = {
2002 			.base.cra_name		= "ecb(aes)",
2003 			.base.cra_driver_name	= "ecb-aes-sa2ul",
2004 			.base.cra_priority	= 30000,
2005 			.base.cra_flags		= CRYPTO_ALG_TYPE_SKCIPHER |
2006 						  CRYPTO_ALG_KERN_DRIVER_ONLY |
2007 						  CRYPTO_ALG_ASYNC |
2008 						  CRYPTO_ALG_NEED_FALLBACK,
2009 			.base.cra_blocksize	= AES_BLOCK_SIZE,
2010 			.base.cra_ctxsize	= sizeof(struct sa_tfm_ctx),
2011 			.base.cra_module	= THIS_MODULE,
2012 			.init			= sa_cipher_cra_init,
2013 			.exit			= sa_cipher_cra_exit,
2014 			.min_keysize		= AES_MIN_KEY_SIZE,
2015 			.max_keysize		= AES_MAX_KEY_SIZE,
2016 			.setkey			= sa_aes_ecb_setkey,
2017 			.encrypt		= sa_encrypt,
2018 			.decrypt		= sa_decrypt,
2019 		}
2020 	},
2021 	[SA_ALG_CBC_DES3] = {
2022 		.type = CRYPTO_ALG_TYPE_SKCIPHER,
2023 		.alg.skcipher = {
2024 			.base.cra_name		= "cbc(des3_ede)",
2025 			.base.cra_driver_name	= "cbc-des3-sa2ul",
2026 			.base.cra_priority	= 30000,
2027 			.base.cra_flags		= CRYPTO_ALG_TYPE_SKCIPHER |
2028 						  CRYPTO_ALG_KERN_DRIVER_ONLY |
2029 						  CRYPTO_ALG_ASYNC |
2030 						  CRYPTO_ALG_NEED_FALLBACK,
2031 			.base.cra_blocksize	= DES_BLOCK_SIZE,
2032 			.base.cra_ctxsize	= sizeof(struct sa_tfm_ctx),
2033 			.base.cra_module	= THIS_MODULE,
2034 			.init			= sa_cipher_cra_init,
2035 			.exit			= sa_cipher_cra_exit,
2036 			.min_keysize		= 3 * DES_KEY_SIZE,
2037 			.max_keysize		= 3 * DES_KEY_SIZE,
2038 			.ivsize			= DES_BLOCK_SIZE,
2039 			.setkey			= sa_3des_cbc_setkey,
2040 			.encrypt		= sa_encrypt,
2041 			.decrypt		= sa_decrypt,
2042 		}
2043 	},
2044 	[SA_ALG_ECB_DES3] = {
2045 		.type = CRYPTO_ALG_TYPE_SKCIPHER,
2046 		.alg.skcipher = {
2047 			.base.cra_name		= "ecb(des3_ede)",
2048 			.base.cra_driver_name	= "ecb-des3-sa2ul",
2049 			.base.cra_priority	= 30000,
2050 			.base.cra_flags		= CRYPTO_ALG_TYPE_SKCIPHER |
2051 						  CRYPTO_ALG_KERN_DRIVER_ONLY |
2052 						  CRYPTO_ALG_ASYNC |
2053 						  CRYPTO_ALG_NEED_FALLBACK,
2054 			.base.cra_blocksize	= DES_BLOCK_SIZE,
2055 			.base.cra_ctxsize	= sizeof(struct sa_tfm_ctx),
2056 			.base.cra_module	= THIS_MODULE,
2057 			.init			= sa_cipher_cra_init,
2058 			.exit			= sa_cipher_cra_exit,
2059 			.min_keysize		= 3 * DES_KEY_SIZE,
2060 			.max_keysize		= 3 * DES_KEY_SIZE,
2061 			.setkey			= sa_3des_ecb_setkey,
2062 			.encrypt		= sa_encrypt,
2063 			.decrypt		= sa_decrypt,
2064 		}
2065 	},
2066 	[SA_ALG_SHA1] = {
2067 		.type = CRYPTO_ALG_TYPE_AHASH,
2068 		.alg.ahash = {
2069 			.halg.base = {
2070 				.cra_name	= "sha1",
2071 				.cra_driver_name	= "sha1-sa2ul",
2072 				.cra_priority	= 400,
2073 				.cra_flags	= CRYPTO_ALG_TYPE_AHASH |
2074 						  CRYPTO_ALG_ASYNC |
2075 						  CRYPTO_ALG_KERN_DRIVER_ONLY |
2076 						  CRYPTO_ALG_NEED_FALLBACK,
2077 				.cra_blocksize	= SHA1_BLOCK_SIZE,
2078 				.cra_ctxsize	= sizeof(struct sa_tfm_ctx),
2079 				.cra_module	= THIS_MODULE,
2080 				.cra_init	= sa_sha1_cra_init,
2081 				.cra_exit	= sa_sha_cra_exit,
2082 			},
2083 			.halg.digestsize	= SHA1_DIGEST_SIZE,
2084 			.halg.statesize		= sizeof(struct sa_sha_req_ctx) +
2085 						  sizeof(struct sha1_state),
2086 			.init			= sa_sha_init,
2087 			.update			= sa_sha_update,
2088 			.final			= sa_sha_final,
2089 			.finup			= sa_sha_finup,
2090 			.digest			= sa_sha_digest,
2091 			.export			= sa_sha_export,
2092 			.import			= sa_sha_import,
2093 		},
2094 	},
2095 	[SA_ALG_SHA256] = {
2096 		.type = CRYPTO_ALG_TYPE_AHASH,
2097 		.alg.ahash = {
2098 			.halg.base = {
2099 				.cra_name	= "sha256",
2100 				.cra_driver_name	= "sha256-sa2ul",
2101 				.cra_priority	= 400,
2102 				.cra_flags	= CRYPTO_ALG_TYPE_AHASH |
2103 						  CRYPTO_ALG_ASYNC |
2104 						  CRYPTO_ALG_KERN_DRIVER_ONLY |
2105 						  CRYPTO_ALG_NEED_FALLBACK,
2106 				.cra_blocksize	= SHA256_BLOCK_SIZE,
2107 				.cra_ctxsize	= sizeof(struct sa_tfm_ctx),
2108 				.cra_module	= THIS_MODULE,
2109 				.cra_init	= sa_sha256_cra_init,
2110 				.cra_exit	= sa_sha_cra_exit,
2111 			},
2112 			.halg.digestsize	= SHA256_DIGEST_SIZE,
2113 			.halg.statesize		= sizeof(struct sa_sha_req_ctx) +
2114 						  sizeof(struct sha256_state),
2115 			.init			= sa_sha_init,
2116 			.update			= sa_sha_update,
2117 			.final			= sa_sha_final,
2118 			.finup			= sa_sha_finup,
2119 			.digest			= sa_sha_digest,
2120 			.export			= sa_sha_export,
2121 			.import			= sa_sha_import,
2122 		},
2123 	},
2124 	[SA_ALG_SHA512] = {
2125 		.type = CRYPTO_ALG_TYPE_AHASH,
2126 		.alg.ahash = {
2127 			.halg.base = {
2128 				.cra_name	= "sha512",
2129 				.cra_driver_name	= "sha512-sa2ul",
2130 				.cra_priority	= 400,
2131 				.cra_flags	= CRYPTO_ALG_TYPE_AHASH |
2132 						  CRYPTO_ALG_ASYNC |
2133 						  CRYPTO_ALG_KERN_DRIVER_ONLY |
2134 						  CRYPTO_ALG_NEED_FALLBACK,
2135 				.cra_blocksize	= SHA512_BLOCK_SIZE,
2136 				.cra_ctxsize	= sizeof(struct sa_tfm_ctx),
2137 				.cra_module	= THIS_MODULE,
2138 				.cra_init	= sa_sha512_cra_init,
2139 				.cra_exit	= sa_sha_cra_exit,
2140 			},
2141 			.halg.digestsize	= SHA512_DIGEST_SIZE,
2142 			.halg.statesize		= sizeof(struct sa_sha_req_ctx) +
2143 						  sizeof(struct sha512_state),
2144 			.init			= sa_sha_init,
2145 			.update			= sa_sha_update,
2146 			.final			= sa_sha_final,
2147 			.finup			= sa_sha_finup,
2148 			.digest			= sa_sha_digest,
2149 			.export			= sa_sha_export,
2150 			.import			= sa_sha_import,
2151 		},
2152 	},
2153 	[SA_ALG_AUTHENC_SHA1_AES] = {
2154 		.type	= CRYPTO_ALG_TYPE_AEAD,
2155 		.alg.aead = {
2156 			.base = {
2157 				.cra_name = "authenc(hmac(sha1),cbc(aes))",
2158 				.cra_driver_name =
2159 					"authenc(hmac(sha1),cbc(aes))-sa2ul",
2160 				.cra_blocksize = AES_BLOCK_SIZE,
2161 				.cra_flags = CRYPTO_ALG_TYPE_AEAD |
2162 					CRYPTO_ALG_KERN_DRIVER_ONLY |
2163 					CRYPTO_ALG_ASYNC |
2164 					CRYPTO_ALG_NEED_FALLBACK,
2165 				.cra_ctxsize = sizeof(struct sa_tfm_ctx),
2166 				.cra_module = THIS_MODULE,
2167 				.cra_priority = 3000,
2168 			},
2169 			.ivsize = AES_BLOCK_SIZE,
2170 			.maxauthsize = SHA1_DIGEST_SIZE,
2171 
2172 			.init = sa_cra_init_aead_sha1,
2173 			.exit = sa_exit_tfm_aead,
2174 			.setkey = sa_aead_cbc_sha1_setkey,
2175 			.setauthsize = sa_aead_setauthsize,
2176 			.encrypt = sa_aead_encrypt,
2177 			.decrypt = sa_aead_decrypt,
2178 		},
2179 	},
2180 	[SA_ALG_AUTHENC_SHA256_AES] = {
2181 		.type	= CRYPTO_ALG_TYPE_AEAD,
2182 		.alg.aead = {
2183 			.base = {
2184 				.cra_name = "authenc(hmac(sha256),cbc(aes))",
2185 				.cra_driver_name =
2186 					"authenc(hmac(sha256),cbc(aes))-sa2ul",
2187 				.cra_blocksize = AES_BLOCK_SIZE,
2188 				.cra_flags = CRYPTO_ALG_TYPE_AEAD |
2189 					CRYPTO_ALG_KERN_DRIVER_ONLY |
2190 					CRYPTO_ALG_ASYNC |
2191 					CRYPTO_ALG_NEED_FALLBACK,
2192 				.cra_ctxsize = sizeof(struct sa_tfm_ctx),
2193 				.cra_module = THIS_MODULE,
2194 				.cra_alignmask = 0,
2195 				.cra_priority = 3000,
2196 			},
2197 			.ivsize = AES_BLOCK_SIZE,
2198 			.maxauthsize = SHA256_DIGEST_SIZE,
2199 
2200 			.init = sa_cra_init_aead_sha256,
2201 			.exit = sa_exit_tfm_aead,
2202 			.setkey = sa_aead_cbc_sha256_setkey,
2203 			.setauthsize = sa_aead_setauthsize,
2204 			.encrypt = sa_aead_encrypt,
2205 			.decrypt = sa_aead_decrypt,
2206 		},
2207 	},
2208 };
2209 
2210 /* Register the algorithms in crypto framework */
2211 static void sa_register_algos(struct sa_crypto_data *dev_data)
2212 {
2213 	const struct sa_match_data *match_data = dev_data->match_data;
2214 	struct device *dev = dev_data->dev;
2215 	char *alg_name;
2216 	u32 type;
2217 	int i, err;
2218 
2219 	for (i = 0; i < ARRAY_SIZE(sa_algs); i++) {
2220 		/* Skip unsupported algos */
2221 		if (!(match_data->supported_algos & BIT(i)))
2222 			continue;
2223 
2224 		type = sa_algs[i].type;
2225 		if (type == CRYPTO_ALG_TYPE_SKCIPHER) {
2226 			alg_name = sa_algs[i].alg.skcipher.base.cra_name;
2227 			err = crypto_register_skcipher(&sa_algs[i].alg.skcipher);
2228 		} else if (type == CRYPTO_ALG_TYPE_AHASH) {
2229 			alg_name = sa_algs[i].alg.ahash.halg.base.cra_name;
2230 			err = crypto_register_ahash(&sa_algs[i].alg.ahash);
2231 		} else if (type == CRYPTO_ALG_TYPE_AEAD) {
2232 			alg_name = sa_algs[i].alg.aead.base.cra_name;
2233 			err = crypto_register_aead(&sa_algs[i].alg.aead);
2234 		} else {
2235 			dev_err(dev,
2236 				"un-supported crypto algorithm (%d)",
2237 				sa_algs[i].type);
2238 			continue;
2239 		}
2240 
2241 		if (err)
2242 			dev_err(dev, "Failed to register '%s'\n", alg_name);
2243 		else
2244 			sa_algs[i].registered = true;
2245 	}
2246 }
2247 
2248 /* Unregister the algorithms in crypto framework */
2249 static void sa_unregister_algos(const struct device *dev)
2250 {
2251 	u32 type;
2252 	int i;
2253 
2254 	for (i = 0; i < ARRAY_SIZE(sa_algs); i++) {
2255 		type = sa_algs[i].type;
2256 		if (!sa_algs[i].registered)
2257 			continue;
2258 		if (type == CRYPTO_ALG_TYPE_SKCIPHER)
2259 			crypto_unregister_skcipher(&sa_algs[i].alg.skcipher);
2260 		else if (type == CRYPTO_ALG_TYPE_AHASH)
2261 			crypto_unregister_ahash(&sa_algs[i].alg.ahash);
2262 		else if (type == CRYPTO_ALG_TYPE_AEAD)
2263 			crypto_unregister_aead(&sa_algs[i].alg.aead);
2264 
2265 		sa_algs[i].registered = false;
2266 	}
2267 }
2268 
2269 static int sa_init_mem(struct sa_crypto_data *dev_data)
2270 {
2271 	struct device *dev = &dev_data->pdev->dev;
2272 	/* Setup dma pool for security context buffers */
2273 	dev_data->sc_pool = dma_pool_create("keystone-sc", dev,
2274 					    SA_CTX_MAX_SZ, 64, 0);
2275 	if (!dev_data->sc_pool) {
2276 		dev_err(dev, "Failed to create dma pool");
2277 		return -ENOMEM;
2278 	}
2279 
2280 	return 0;
2281 }
2282 
2283 static int sa_dma_init(struct sa_crypto_data *dd)
2284 {
2285 	int ret;
2286 	struct dma_slave_config cfg;
2287 
2288 	dd->dma_rx1 = NULL;
2289 	dd->dma_tx = NULL;
2290 	dd->dma_rx2 = NULL;
2291 
2292 	ret = dma_coerce_mask_and_coherent(dd->dev, DMA_BIT_MASK(48));
2293 	if (ret)
2294 		return ret;
2295 
2296 	dd->dma_rx1 = dma_request_chan(dd->dev, "rx1");
2297 	if (IS_ERR(dd->dma_rx1))
2298 		return dev_err_probe(dd->dev, PTR_ERR(dd->dma_rx1),
2299 				     "Unable to request rx1 DMA channel\n");
2300 
2301 	dd->dma_rx2 = dma_request_chan(dd->dev, "rx2");
2302 	if (IS_ERR(dd->dma_rx2)) {
2303 		dma_release_channel(dd->dma_rx1);
2304 		return dev_err_probe(dd->dev, PTR_ERR(dd->dma_rx2),
2305 				     "Unable to request rx2 DMA channel\n");
2306 	}
2307 
2308 	dd->dma_tx = dma_request_chan(dd->dev, "tx");
2309 	if (IS_ERR(dd->dma_tx)) {
2310 		ret = dev_err_probe(dd->dev, PTR_ERR(dd->dma_tx),
2311 				    "Unable to request tx DMA channel\n");
2312 		goto err_dma_tx;
2313 	}
2314 
2315 	memzero_explicit(&cfg, sizeof(cfg));
2316 
2317 	cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
2318 	cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
2319 	cfg.src_maxburst = 4;
2320 	cfg.dst_maxburst = 4;
2321 
2322 	ret = dmaengine_slave_config(dd->dma_rx1, &cfg);
2323 	if (ret) {
2324 		dev_err(dd->dev, "can't configure IN dmaengine slave: %d\n",
2325 			ret);
2326 		return ret;
2327 	}
2328 
2329 	ret = dmaengine_slave_config(dd->dma_rx2, &cfg);
2330 	if (ret) {
2331 		dev_err(dd->dev, "can't configure IN dmaengine slave: %d\n",
2332 			ret);
2333 		return ret;
2334 	}
2335 
2336 	ret = dmaengine_slave_config(dd->dma_tx, &cfg);
2337 	if (ret) {
2338 		dev_err(dd->dev, "can't configure OUT dmaengine slave: %d\n",
2339 			ret);
2340 		return ret;
2341 	}
2342 
2343 	return 0;
2344 
2345 err_dma_tx:
2346 	dma_release_channel(dd->dma_rx1);
2347 	dma_release_channel(dd->dma_rx2);
2348 
2349 	return ret;
2350 }
2351 
2352 static int sa_link_child(struct device *dev, void *data)
2353 {
2354 	struct device *parent = data;
2355 
2356 	device_link_add(dev, parent, DL_FLAG_AUTOPROBE_CONSUMER);
2357 
2358 	return 0;
2359 }
2360 
2361 static struct sa_match_data am654_match_data = {
2362 	.priv = 1,
2363 	.priv_id = 1,
2364 	.supported_algos = GENMASK(SA_ALG_AUTHENC_SHA256_AES, 0),
2365 };
2366 
2367 static struct sa_match_data am64_match_data = {
2368 	.priv = 0,
2369 	.priv_id = 0,
2370 	.supported_algos = BIT(SA_ALG_CBC_AES) |
2371 			   BIT(SA_ALG_EBC_AES) |
2372 			   BIT(SA_ALG_SHA256) |
2373 			   BIT(SA_ALG_SHA512) |
2374 			   BIT(SA_ALG_AUTHENC_SHA256_AES),
2375 	.skip_engine_control = true,
2376 };
2377 
2378 static const struct of_device_id of_match[] = {
2379 	{ .compatible = "ti,j721e-sa2ul", .data = &am654_match_data, },
2380 	{ .compatible = "ti,am654-sa2ul", .data = &am654_match_data, },
2381 	{ .compatible = "ti,am64-sa2ul", .data = &am64_match_data, },
2382 	{},
2383 };
2384 MODULE_DEVICE_TABLE(of, of_match);
2385 
2386 static int sa_ul_probe(struct platform_device *pdev)
2387 {
2388 	const struct of_device_id *match;
2389 	struct device *dev = &pdev->dev;
2390 	struct device_node *node = dev->of_node;
2391 	struct resource *res;
2392 	static void __iomem *saul_base;
2393 	struct sa_crypto_data *dev_data;
2394 	int ret;
2395 
2396 	dev_data = devm_kzalloc(dev, sizeof(*dev_data), GFP_KERNEL);
2397 	if (!dev_data)
2398 		return -ENOMEM;
2399 
2400 	sa_k3_dev = dev;
2401 	dev_data->dev = dev;
2402 	dev_data->pdev = pdev;
2403 	platform_set_drvdata(pdev, dev_data);
2404 	dev_set_drvdata(sa_k3_dev, dev_data);
2405 
2406 	pm_runtime_enable(dev);
2407 	ret = pm_runtime_resume_and_get(dev);
2408 	if (ret < 0) {
2409 		dev_err(&pdev->dev, "%s: failed to get sync: %d\n", __func__,
2410 			ret);
2411 		return ret;
2412 	}
2413 
2414 	sa_init_mem(dev_data);
2415 	ret = sa_dma_init(dev_data);
2416 	if (ret)
2417 		goto disable_pm_runtime;
2418 
2419 	match = of_match_node(of_match, dev->of_node);
2420 	if (!match) {
2421 		dev_err(dev, "No compatible match found\n");
2422 		return -ENODEV;
2423 	}
2424 	dev_data->match_data = match->data;
2425 
2426 	spin_lock_init(&dev_data->scid_lock);
2427 	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
2428 	saul_base = devm_ioremap_resource(dev, res);
2429 
2430 	dev_data->base = saul_base;
2431 
2432 	if (!dev_data->match_data->skip_engine_control) {
2433 		u32 val = SA_EEC_ENCSS_EN | SA_EEC_AUTHSS_EN | SA_EEC_CTXCACH_EN |
2434 			  SA_EEC_CPPI_PORT_IN_EN | SA_EEC_CPPI_PORT_OUT_EN |
2435 			  SA_EEC_TRNG_EN;
2436 
2437 		writel_relaxed(val, saul_base + SA_ENGINE_ENABLE_CONTROL);
2438 	}
2439 
2440 	sa_register_algos(dev_data);
2441 
2442 	ret = of_platform_populate(node, NULL, NULL, &pdev->dev);
2443 	if (ret)
2444 		goto release_dma;
2445 
2446 	device_for_each_child(&pdev->dev, &pdev->dev, sa_link_child);
2447 
2448 	return 0;
2449 
2450 release_dma:
2451 	sa_unregister_algos(&pdev->dev);
2452 
2453 	dma_release_channel(dev_data->dma_rx2);
2454 	dma_release_channel(dev_data->dma_rx1);
2455 	dma_release_channel(dev_data->dma_tx);
2456 
2457 	dma_pool_destroy(dev_data->sc_pool);
2458 
2459 disable_pm_runtime:
2460 	pm_runtime_put_sync(&pdev->dev);
2461 	pm_runtime_disable(&pdev->dev);
2462 
2463 	return ret;
2464 }
2465 
2466 static int sa_ul_remove(struct platform_device *pdev)
2467 {
2468 	struct sa_crypto_data *dev_data = platform_get_drvdata(pdev);
2469 
2470 	sa_unregister_algos(&pdev->dev);
2471 
2472 	dma_release_channel(dev_data->dma_rx2);
2473 	dma_release_channel(dev_data->dma_rx1);
2474 	dma_release_channel(dev_data->dma_tx);
2475 
2476 	dma_pool_destroy(dev_data->sc_pool);
2477 
2478 	platform_set_drvdata(pdev, NULL);
2479 
2480 	pm_runtime_put_sync(&pdev->dev);
2481 	pm_runtime_disable(&pdev->dev);
2482 
2483 	return 0;
2484 }
2485 
2486 static struct platform_driver sa_ul_driver = {
2487 	.probe = sa_ul_probe,
2488 	.remove = sa_ul_remove,
2489 	.driver = {
2490 		   .name = "saul-crypto",
2491 		   .of_match_table = of_match,
2492 		   },
2493 };
2494 module_platform_driver(sa_ul_driver);
2495 MODULE_LICENSE("GPL v2");
2496