cc_cipher.c 40 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472
  1. // SPDX-License-Identifier: GPL-2.0
  2. /* Copyright (C) 2012-2019 ARM Limited (or its affiliates). */
  3. #include <linux/kernel.h>
  4. #include <linux/module.h>
  5. #include <crypto/algapi.h>
  6. #include <crypto/internal/skcipher.h>
  7. #include <crypto/internal/des.h>
  8. #include <crypto/xts.h>
  9. #include <crypto/sm4.h>
  10. #include <crypto/scatterwalk.h>
  11. #include "cc_driver.h"
  12. #include "cc_lli_defs.h"
  13. #include "cc_buffer_mgr.h"
  14. #include "cc_cipher.h"
  15. #include "cc_request_mgr.h"
  16. #define MAX_SKCIPHER_SEQ_LEN 6
  17. #define template_skcipher template_u.skcipher
  18. struct cc_user_key_info {
  19. u8 *key;
  20. dma_addr_t key_dma_addr;
  21. };
  22. struct cc_hw_key_info {
  23. enum cc_hw_crypto_key key1_slot;
  24. enum cc_hw_crypto_key key2_slot;
  25. };
  26. struct cc_cpp_key_info {
  27. u8 slot;
  28. enum cc_cpp_alg alg;
  29. };
  30. enum cc_key_type {
  31. CC_UNPROTECTED_KEY, /* User key */
  32. CC_HW_PROTECTED_KEY, /* HW (FDE) key */
  33. CC_POLICY_PROTECTED_KEY, /* CPP key */
  34. CC_INVALID_PROTECTED_KEY /* Invalid key */
  35. };
  36. struct cc_cipher_ctx {
  37. struct cc_drvdata *drvdata;
  38. int keylen;
  39. int cipher_mode;
  40. int flow_mode;
  41. unsigned int flags;
  42. enum cc_key_type key_type;
  43. struct cc_user_key_info user;
  44. union {
  45. struct cc_hw_key_info hw;
  46. struct cc_cpp_key_info cpp;
  47. };
  48. struct crypto_shash *shash_tfm;
  49. struct crypto_skcipher *fallback_tfm;
  50. bool fallback_on;
  51. };
  52. static void cc_cipher_complete(struct device *dev, void *cc_req, int err);
  53. static inline enum cc_key_type cc_key_type(struct crypto_tfm *tfm)
  54. {
  55. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  56. return ctx_p->key_type;
  57. }
  58. static int validate_keys_sizes(struct cc_cipher_ctx *ctx_p, u32 size)
  59. {
  60. switch (ctx_p->flow_mode) {
  61. case S_DIN_to_AES:
  62. switch (size) {
  63. case CC_AES_128_BIT_KEY_SIZE:
  64. case CC_AES_192_BIT_KEY_SIZE:
  65. if (ctx_p->cipher_mode != DRV_CIPHER_XTS)
  66. return 0;
  67. break;
  68. case CC_AES_256_BIT_KEY_SIZE:
  69. return 0;
  70. case (CC_AES_192_BIT_KEY_SIZE * 2):
  71. case (CC_AES_256_BIT_KEY_SIZE * 2):
  72. if (ctx_p->cipher_mode == DRV_CIPHER_XTS ||
  73. ctx_p->cipher_mode == DRV_CIPHER_ESSIV)
  74. return 0;
  75. break;
  76. default:
  77. break;
  78. }
  79. break;
  80. case S_DIN_to_DES:
  81. if (size == DES3_EDE_KEY_SIZE || size == DES_KEY_SIZE)
  82. return 0;
  83. break;
  84. case S_DIN_to_SM4:
  85. if (size == SM4_KEY_SIZE)
  86. return 0;
  87. break;
  88. default:
  89. break;
  90. }
  91. return -EINVAL;
  92. }
  93. static int validate_data_size(struct cc_cipher_ctx *ctx_p,
  94. unsigned int size)
  95. {
  96. switch (ctx_p->flow_mode) {
  97. case S_DIN_to_AES:
  98. switch (ctx_p->cipher_mode) {
  99. case DRV_CIPHER_XTS:
  100. case DRV_CIPHER_CBC_CTS:
  101. if (size >= AES_BLOCK_SIZE)
  102. return 0;
  103. break;
  104. case DRV_CIPHER_OFB:
  105. case DRV_CIPHER_CTR:
  106. return 0;
  107. case DRV_CIPHER_ECB:
  108. case DRV_CIPHER_CBC:
  109. case DRV_CIPHER_ESSIV:
  110. if (IS_ALIGNED(size, AES_BLOCK_SIZE))
  111. return 0;
  112. break;
  113. default:
  114. break;
  115. }
  116. break;
  117. case S_DIN_to_DES:
  118. if (IS_ALIGNED(size, DES_BLOCK_SIZE))
  119. return 0;
  120. break;
  121. case S_DIN_to_SM4:
  122. switch (ctx_p->cipher_mode) {
  123. case DRV_CIPHER_CTR:
  124. return 0;
  125. case DRV_CIPHER_ECB:
  126. case DRV_CIPHER_CBC:
  127. if (IS_ALIGNED(size, SM4_BLOCK_SIZE))
  128. return 0;
  129. break;
  130. default:
  131. break;
  132. }
  133. break;
  134. default:
  135. break;
  136. }
  137. return -EINVAL;
  138. }
  139. static int cc_cipher_init(struct crypto_tfm *tfm)
  140. {
  141. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  142. struct cc_crypto_alg *cc_alg =
  143. container_of(tfm->__crt_alg, struct cc_crypto_alg,
  144. skcipher_alg.base);
  145. struct device *dev = drvdata_to_dev(cc_alg->drvdata);
  146. unsigned int max_key_buf_size = cc_alg->skcipher_alg.max_keysize;
  147. unsigned int fallback_req_size = 0;
  148. dev_dbg(dev, "Initializing context @%p for %s\n", ctx_p,
  149. crypto_tfm_alg_name(tfm));
  150. ctx_p->cipher_mode = cc_alg->cipher_mode;
  151. ctx_p->flow_mode = cc_alg->flow_mode;
  152. ctx_p->drvdata = cc_alg->drvdata;
  153. if (ctx_p->cipher_mode == DRV_CIPHER_ESSIV) {
  154. const char *name = crypto_tfm_alg_name(tfm);
  155. /* Alloc hash tfm for essiv */
  156. ctx_p->shash_tfm = crypto_alloc_shash("sha256", 0, 0);
  157. if (IS_ERR(ctx_p->shash_tfm)) {
  158. dev_err(dev, "Error allocating hash tfm for ESSIV.\n");
  159. return PTR_ERR(ctx_p->shash_tfm);
  160. }
  161. max_key_buf_size <<= 1;
  162. /* Alloc fallback tfm or essiv when key size != 256 bit */
  163. ctx_p->fallback_tfm =
  164. crypto_alloc_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC);
  165. if (IS_ERR(ctx_p->fallback_tfm)) {
  166. /* Note we're still allowing registration with no fallback since it's
  167. * better to have most modes supported than none at all.
  168. */
  169. dev_warn(dev, "Error allocating fallback algo %s. Some modes may be available.\n",
  170. name);
  171. ctx_p->fallback_tfm = NULL;
  172. } else {
  173. fallback_req_size = crypto_skcipher_reqsize(ctx_p->fallback_tfm);
  174. }
  175. }
  176. crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
  177. sizeof(struct cipher_req_ctx) + fallback_req_size);
  178. /* Allocate key buffer, cache line aligned */
  179. ctx_p->user.key = kzalloc(max_key_buf_size, GFP_KERNEL);
  180. if (!ctx_p->user.key)
  181. goto free_fallback;
  182. dev_dbg(dev, "Allocated key buffer in context. key=@%p\n",
  183. ctx_p->user.key);
  184. /* Map key buffer */
  185. ctx_p->user.key_dma_addr = dma_map_single(dev, ctx_p->user.key,
  186. max_key_buf_size,
  187. DMA_TO_DEVICE);
  188. if (dma_mapping_error(dev, ctx_p->user.key_dma_addr)) {
  189. dev_err(dev, "Mapping Key %u B at va=%p for DMA failed\n",
  190. max_key_buf_size, ctx_p->user.key);
  191. goto free_key;
  192. }
  193. dev_dbg(dev, "Mapped key %u B at va=%p to dma=%pad\n",
  194. max_key_buf_size, ctx_p->user.key, &ctx_p->user.key_dma_addr);
  195. return 0;
  196. free_key:
  197. kfree(ctx_p->user.key);
  198. free_fallback:
  199. crypto_free_skcipher(ctx_p->fallback_tfm);
  200. crypto_free_shash(ctx_p->shash_tfm);
  201. return -ENOMEM;
  202. }
  203. static void cc_cipher_exit(struct crypto_tfm *tfm)
  204. {
  205. struct crypto_alg *alg = tfm->__crt_alg;
  206. struct cc_crypto_alg *cc_alg =
  207. container_of(alg, struct cc_crypto_alg,
  208. skcipher_alg.base);
  209. unsigned int max_key_buf_size = cc_alg->skcipher_alg.max_keysize;
  210. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  211. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  212. dev_dbg(dev, "Clearing context @%p for %s\n",
  213. crypto_tfm_ctx(tfm), crypto_tfm_alg_name(tfm));
  214. if (ctx_p->cipher_mode == DRV_CIPHER_ESSIV) {
  215. /* Free hash tfm for essiv */
  216. crypto_free_shash(ctx_p->shash_tfm);
  217. ctx_p->shash_tfm = NULL;
  218. crypto_free_skcipher(ctx_p->fallback_tfm);
  219. ctx_p->fallback_tfm = NULL;
  220. }
  221. /* Unmap key buffer */
  222. dma_unmap_single(dev, ctx_p->user.key_dma_addr, max_key_buf_size,
  223. DMA_TO_DEVICE);
  224. dev_dbg(dev, "Unmapped key buffer key_dma_addr=%pad\n",
  225. &ctx_p->user.key_dma_addr);
  226. /* Free key buffer in context */
  227. dev_dbg(dev, "Free key buffer in context. key=@%p\n", ctx_p->user.key);
  228. kfree_sensitive(ctx_p->user.key);
  229. }
  230. static enum cc_hw_crypto_key cc_slot_to_hw_key(u8 slot_num)
  231. {
  232. switch (slot_num) {
  233. case 0:
  234. return KFDE0_KEY;
  235. case 1:
  236. return KFDE1_KEY;
  237. case 2:
  238. return KFDE2_KEY;
  239. case 3:
  240. return KFDE3_KEY;
  241. }
  242. return END_OF_KEYS;
  243. }
  244. static u8 cc_slot_to_cpp_key(u8 slot_num)
  245. {
  246. return (slot_num - CC_FIRST_CPP_KEY_SLOT);
  247. }
  248. static inline enum cc_key_type cc_slot_to_key_type(u8 slot_num)
  249. {
  250. if (slot_num >= CC_FIRST_HW_KEY_SLOT && slot_num <= CC_LAST_HW_KEY_SLOT)
  251. return CC_HW_PROTECTED_KEY;
  252. else if (slot_num >= CC_FIRST_CPP_KEY_SLOT &&
  253. slot_num <= CC_LAST_CPP_KEY_SLOT)
  254. return CC_POLICY_PROTECTED_KEY;
  255. else
  256. return CC_INVALID_PROTECTED_KEY;
  257. }
  258. static int cc_cipher_sethkey(struct crypto_skcipher *sktfm, const u8 *key,
  259. unsigned int keylen)
  260. {
  261. struct crypto_tfm *tfm = crypto_skcipher_tfm(sktfm);
  262. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  263. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  264. struct cc_hkey_info hki;
  265. dev_dbg(dev, "Setting HW key in context @%p for %s. keylen=%u\n",
  266. ctx_p, crypto_tfm_alg_name(tfm), keylen);
  267. dump_byte_array("key", key, keylen);
  268. /* STAT_PHASE_0: Init and sanity checks */
  269. /* This check the size of the protected key token */
  270. if (keylen != sizeof(hki)) {
  271. dev_err(dev, "Unsupported protected key size %d.\n", keylen);
  272. return -EINVAL;
  273. }
  274. memcpy(&hki, key, keylen);
  275. /* The real key len for crypto op is the size of the HW key
  276. * referenced by the HW key slot, not the hardware key token
  277. */
  278. keylen = hki.keylen;
  279. if (validate_keys_sizes(ctx_p, keylen)) {
  280. dev_dbg(dev, "Unsupported key size %d.\n", keylen);
  281. return -EINVAL;
  282. }
  283. ctx_p->keylen = keylen;
  284. ctx_p->fallback_on = false;
  285. switch (cc_slot_to_key_type(hki.hw_key1)) {
  286. case CC_HW_PROTECTED_KEY:
  287. if (ctx_p->flow_mode == S_DIN_to_SM4) {
  288. dev_err(dev, "Only AES HW protected keys are supported\n");
  289. return -EINVAL;
  290. }
  291. ctx_p->hw.key1_slot = cc_slot_to_hw_key(hki.hw_key1);
  292. if (ctx_p->hw.key1_slot == END_OF_KEYS) {
  293. dev_err(dev, "Unsupported hw key1 number (%d)\n",
  294. hki.hw_key1);
  295. return -EINVAL;
  296. }
  297. if (ctx_p->cipher_mode == DRV_CIPHER_XTS ||
  298. ctx_p->cipher_mode == DRV_CIPHER_ESSIV) {
  299. if (hki.hw_key1 == hki.hw_key2) {
  300. dev_err(dev, "Illegal hw key numbers (%d,%d)\n",
  301. hki.hw_key1, hki.hw_key2);
  302. return -EINVAL;
  303. }
  304. ctx_p->hw.key2_slot = cc_slot_to_hw_key(hki.hw_key2);
  305. if (ctx_p->hw.key2_slot == END_OF_KEYS) {
  306. dev_err(dev, "Unsupported hw key2 number (%d)\n",
  307. hki.hw_key2);
  308. return -EINVAL;
  309. }
  310. }
  311. ctx_p->key_type = CC_HW_PROTECTED_KEY;
  312. dev_dbg(dev, "HW protected key %d/%d set\n.",
  313. ctx_p->hw.key1_slot, ctx_p->hw.key2_slot);
  314. break;
  315. case CC_POLICY_PROTECTED_KEY:
  316. if (ctx_p->drvdata->hw_rev < CC_HW_REV_713) {
  317. dev_err(dev, "CPP keys not supported in this hardware revision.\n");
  318. return -EINVAL;
  319. }
  320. if (ctx_p->cipher_mode != DRV_CIPHER_CBC &&
  321. ctx_p->cipher_mode != DRV_CIPHER_CTR) {
  322. dev_err(dev, "CPP keys only supported in CBC or CTR modes.\n");
  323. return -EINVAL;
  324. }
  325. ctx_p->cpp.slot = cc_slot_to_cpp_key(hki.hw_key1);
  326. if (ctx_p->flow_mode == S_DIN_to_AES)
  327. ctx_p->cpp.alg = CC_CPP_AES;
  328. else /* Must be SM4 since due to sethkey registration */
  329. ctx_p->cpp.alg = CC_CPP_SM4;
  330. ctx_p->key_type = CC_POLICY_PROTECTED_KEY;
  331. dev_dbg(dev, "policy protected key alg: %d slot: %d.\n",
  332. ctx_p->cpp.alg, ctx_p->cpp.slot);
  333. break;
  334. default:
  335. dev_err(dev, "Unsupported protected key (%d)\n", hki.hw_key1);
  336. return -EINVAL;
  337. }
  338. return 0;
  339. }
  340. static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key,
  341. unsigned int keylen)
  342. {
  343. struct crypto_tfm *tfm = crypto_skcipher_tfm(sktfm);
  344. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  345. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  346. struct cc_crypto_alg *cc_alg =
  347. container_of(tfm->__crt_alg, struct cc_crypto_alg,
  348. skcipher_alg.base);
  349. unsigned int max_key_buf_size = cc_alg->skcipher_alg.max_keysize;
  350. dev_dbg(dev, "Setting key in context @%p for %s. keylen=%u\n",
  351. ctx_p, crypto_tfm_alg_name(tfm), keylen);
  352. dump_byte_array("key", key, keylen);
  353. /* STAT_PHASE_0: Init and sanity checks */
  354. if (validate_keys_sizes(ctx_p, keylen)) {
  355. dev_dbg(dev, "Invalid key size %d.\n", keylen);
  356. return -EINVAL;
  357. }
  358. if (ctx_p->cipher_mode == DRV_CIPHER_ESSIV) {
  359. /* We only support 256 bit ESSIV-CBC-AES keys */
  360. if (keylen != AES_KEYSIZE_256) {
  361. unsigned int flags = crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_MASK;
  362. if (likely(ctx_p->fallback_tfm)) {
  363. ctx_p->fallback_on = true;
  364. crypto_skcipher_clear_flags(ctx_p->fallback_tfm,
  365. CRYPTO_TFM_REQ_MASK);
  366. crypto_skcipher_clear_flags(ctx_p->fallback_tfm, flags);
  367. return crypto_skcipher_setkey(ctx_p->fallback_tfm, key, keylen);
  368. }
  369. dev_dbg(dev, "Unsupported key size %d and no fallback.\n", keylen);
  370. return -EINVAL;
  371. }
  372. /* Internal ESSIV key buffer is double sized */
  373. max_key_buf_size <<= 1;
  374. }
  375. ctx_p->fallback_on = false;
  376. ctx_p->key_type = CC_UNPROTECTED_KEY;
  377. /*
  378. * Verify DES weak keys
  379. * Note that we're dropping the expanded key since the
  380. * HW does the expansion on its own.
  381. */
  382. if (ctx_p->flow_mode == S_DIN_to_DES) {
  383. if ((keylen == DES3_EDE_KEY_SIZE &&
  384. verify_skcipher_des3_key(sktfm, key)) ||
  385. verify_skcipher_des_key(sktfm, key)) {
  386. dev_dbg(dev, "weak DES key");
  387. return -EINVAL;
  388. }
  389. }
  390. if (ctx_p->cipher_mode == DRV_CIPHER_XTS &&
  391. xts_verify_key(sktfm, key, keylen)) {
  392. dev_dbg(dev, "weak XTS key");
  393. return -EINVAL;
  394. }
  395. /* STAT_PHASE_1: Copy key to ctx */
  396. dma_sync_single_for_cpu(dev, ctx_p->user.key_dma_addr,
  397. max_key_buf_size, DMA_TO_DEVICE);
  398. memcpy(ctx_p->user.key, key, keylen);
  399. if (ctx_p->cipher_mode == DRV_CIPHER_ESSIV) {
  400. /* sha256 for key2 - use sw implementation */
  401. int err;
  402. err = crypto_shash_tfm_digest(ctx_p->shash_tfm,
  403. ctx_p->user.key, keylen,
  404. ctx_p->user.key + keylen);
  405. if (err) {
  406. dev_err(dev, "Failed to hash ESSIV key.\n");
  407. return err;
  408. }
  409. keylen <<= 1;
  410. }
  411. dma_sync_single_for_device(dev, ctx_p->user.key_dma_addr,
  412. max_key_buf_size, DMA_TO_DEVICE);
  413. ctx_p->keylen = keylen;
  414. dev_dbg(dev, "return safely");
  415. return 0;
  416. }
  417. static int cc_out_setup_mode(struct cc_cipher_ctx *ctx_p)
  418. {
  419. switch (ctx_p->flow_mode) {
  420. case S_DIN_to_AES:
  421. return S_AES_to_DOUT;
  422. case S_DIN_to_DES:
  423. return S_DES_to_DOUT;
  424. case S_DIN_to_SM4:
  425. return S_SM4_to_DOUT;
  426. default:
  427. return ctx_p->flow_mode;
  428. }
  429. }
  430. static void cc_setup_readiv_desc(struct crypto_tfm *tfm,
  431. struct cipher_req_ctx *req_ctx,
  432. unsigned int ivsize, struct cc_hw_desc desc[],
  433. unsigned int *seq_size)
  434. {
  435. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  436. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  437. int cipher_mode = ctx_p->cipher_mode;
  438. int flow_mode = cc_out_setup_mode(ctx_p);
  439. int direction = req_ctx->gen_ctx.op_type;
  440. dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
  441. if (ctx_p->key_type == CC_POLICY_PROTECTED_KEY)
  442. return;
  443. switch (cipher_mode) {
  444. case DRV_CIPHER_ECB:
  445. break;
  446. case DRV_CIPHER_CBC:
  447. case DRV_CIPHER_CBC_CTS:
  448. case DRV_CIPHER_CTR:
  449. case DRV_CIPHER_OFB:
  450. /* Read next IV */
  451. hw_desc_init(&desc[*seq_size]);
  452. set_dout_dlli(&desc[*seq_size], iv_dma_addr, ivsize, NS_BIT, 1);
  453. set_cipher_config0(&desc[*seq_size], direction);
  454. set_flow_mode(&desc[*seq_size], flow_mode);
  455. set_cipher_mode(&desc[*seq_size], cipher_mode);
  456. if (cipher_mode == DRV_CIPHER_CTR ||
  457. cipher_mode == DRV_CIPHER_OFB) {
  458. set_setup_mode(&desc[*seq_size], SETUP_WRITE_STATE1);
  459. } else {
  460. set_setup_mode(&desc[*seq_size], SETUP_WRITE_STATE0);
  461. }
  462. set_queue_last_ind(ctx_p->drvdata, &desc[*seq_size]);
  463. (*seq_size)++;
  464. break;
  465. case DRV_CIPHER_XTS:
  466. case DRV_CIPHER_ESSIV:
  467. /* IV */
  468. hw_desc_init(&desc[*seq_size]);
  469. set_setup_mode(&desc[*seq_size], SETUP_WRITE_STATE1);
  470. set_cipher_mode(&desc[*seq_size], cipher_mode);
  471. set_cipher_config0(&desc[*seq_size], direction);
  472. set_flow_mode(&desc[*seq_size], flow_mode);
  473. set_dout_dlli(&desc[*seq_size], iv_dma_addr, CC_AES_BLOCK_SIZE,
  474. NS_BIT, 1);
  475. set_queue_last_ind(ctx_p->drvdata, &desc[*seq_size]);
  476. (*seq_size)++;
  477. break;
  478. default:
  479. dev_err(dev, "Unsupported cipher mode (%d)\n", cipher_mode);
  480. }
  481. }
  482. static void cc_setup_state_desc(struct crypto_tfm *tfm,
  483. struct cipher_req_ctx *req_ctx,
  484. unsigned int ivsize, unsigned int nbytes,
  485. struct cc_hw_desc desc[],
  486. unsigned int *seq_size)
  487. {
  488. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  489. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  490. int cipher_mode = ctx_p->cipher_mode;
  491. int flow_mode = ctx_p->flow_mode;
  492. int direction = req_ctx->gen_ctx.op_type;
  493. dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
  494. switch (cipher_mode) {
  495. case DRV_CIPHER_ECB:
  496. break;
  497. case DRV_CIPHER_CBC:
  498. case DRV_CIPHER_CBC_CTS:
  499. case DRV_CIPHER_CTR:
  500. case DRV_CIPHER_OFB:
  501. /* Load IV */
  502. hw_desc_init(&desc[*seq_size]);
  503. set_din_type(&desc[*seq_size], DMA_DLLI, iv_dma_addr, ivsize,
  504. NS_BIT);
  505. set_cipher_config0(&desc[*seq_size], direction);
  506. set_flow_mode(&desc[*seq_size], flow_mode);
  507. set_cipher_mode(&desc[*seq_size], cipher_mode);
  508. if (cipher_mode == DRV_CIPHER_CTR ||
  509. cipher_mode == DRV_CIPHER_OFB) {
  510. set_setup_mode(&desc[*seq_size], SETUP_LOAD_STATE1);
  511. } else {
  512. set_setup_mode(&desc[*seq_size], SETUP_LOAD_STATE0);
  513. }
  514. (*seq_size)++;
  515. break;
  516. case DRV_CIPHER_XTS:
  517. case DRV_CIPHER_ESSIV:
  518. break;
  519. default:
  520. dev_err(dev, "Unsupported cipher mode (%d)\n", cipher_mode);
  521. }
  522. }
  523. static void cc_setup_xex_state_desc(struct crypto_tfm *tfm,
  524. struct cipher_req_ctx *req_ctx,
  525. unsigned int ivsize, unsigned int nbytes,
  526. struct cc_hw_desc desc[],
  527. unsigned int *seq_size)
  528. {
  529. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  530. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  531. int cipher_mode = ctx_p->cipher_mode;
  532. int flow_mode = ctx_p->flow_mode;
  533. int direction = req_ctx->gen_ctx.op_type;
  534. dma_addr_t key_dma_addr = ctx_p->user.key_dma_addr;
  535. unsigned int key_len = (ctx_p->keylen / 2);
  536. dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
  537. unsigned int key_offset = key_len;
  538. switch (cipher_mode) {
  539. case DRV_CIPHER_ECB:
  540. break;
  541. case DRV_CIPHER_CBC:
  542. case DRV_CIPHER_CBC_CTS:
  543. case DRV_CIPHER_CTR:
  544. case DRV_CIPHER_OFB:
  545. break;
  546. case DRV_CIPHER_XTS:
  547. case DRV_CIPHER_ESSIV:
  548. if (cipher_mode == DRV_CIPHER_ESSIV)
  549. key_len = SHA256_DIGEST_SIZE;
  550. /* load XEX key */
  551. hw_desc_init(&desc[*seq_size]);
  552. set_cipher_mode(&desc[*seq_size], cipher_mode);
  553. set_cipher_config0(&desc[*seq_size], direction);
  554. if (cc_key_type(tfm) == CC_HW_PROTECTED_KEY) {
  555. set_hw_crypto_key(&desc[*seq_size],
  556. ctx_p->hw.key2_slot);
  557. } else {
  558. set_din_type(&desc[*seq_size], DMA_DLLI,
  559. (key_dma_addr + key_offset),
  560. key_len, NS_BIT);
  561. }
  562. set_xex_data_unit_size(&desc[*seq_size], nbytes);
  563. set_flow_mode(&desc[*seq_size], S_DIN_to_AES2);
  564. set_key_size_aes(&desc[*seq_size], key_len);
  565. set_setup_mode(&desc[*seq_size], SETUP_LOAD_XEX_KEY);
  566. (*seq_size)++;
  567. /* Load IV */
  568. hw_desc_init(&desc[*seq_size]);
  569. set_setup_mode(&desc[*seq_size], SETUP_LOAD_STATE1);
  570. set_cipher_mode(&desc[*seq_size], cipher_mode);
  571. set_cipher_config0(&desc[*seq_size], direction);
  572. set_key_size_aes(&desc[*seq_size], key_len);
  573. set_flow_mode(&desc[*seq_size], flow_mode);
  574. set_din_type(&desc[*seq_size], DMA_DLLI, iv_dma_addr,
  575. CC_AES_BLOCK_SIZE, NS_BIT);
  576. (*seq_size)++;
  577. break;
  578. default:
  579. dev_err(dev, "Unsupported cipher mode (%d)\n", cipher_mode);
  580. }
  581. }
  582. static int cc_out_flow_mode(struct cc_cipher_ctx *ctx_p)
  583. {
  584. switch (ctx_p->flow_mode) {
  585. case S_DIN_to_AES:
  586. return DIN_AES_DOUT;
  587. case S_DIN_to_DES:
  588. return DIN_DES_DOUT;
  589. case S_DIN_to_SM4:
  590. return DIN_SM4_DOUT;
  591. default:
  592. return ctx_p->flow_mode;
  593. }
  594. }
  595. static void cc_setup_key_desc(struct crypto_tfm *tfm,
  596. struct cipher_req_ctx *req_ctx,
  597. unsigned int nbytes, struct cc_hw_desc desc[],
  598. unsigned int *seq_size)
  599. {
  600. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  601. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  602. int cipher_mode = ctx_p->cipher_mode;
  603. int flow_mode = ctx_p->flow_mode;
  604. int direction = req_ctx->gen_ctx.op_type;
  605. dma_addr_t key_dma_addr = ctx_p->user.key_dma_addr;
  606. unsigned int key_len = ctx_p->keylen;
  607. unsigned int din_size;
  608. switch (cipher_mode) {
  609. case DRV_CIPHER_CBC:
  610. case DRV_CIPHER_CBC_CTS:
  611. case DRV_CIPHER_CTR:
  612. case DRV_CIPHER_OFB:
  613. case DRV_CIPHER_ECB:
  614. /* Load key */
  615. hw_desc_init(&desc[*seq_size]);
  616. set_cipher_mode(&desc[*seq_size], cipher_mode);
  617. set_cipher_config0(&desc[*seq_size], direction);
  618. if (cc_key_type(tfm) == CC_POLICY_PROTECTED_KEY) {
  619. /* We use the AES key size coding for all CPP algs */
  620. set_key_size_aes(&desc[*seq_size], key_len);
  621. set_cpp_crypto_key(&desc[*seq_size], ctx_p->cpp.slot);
  622. flow_mode = cc_out_flow_mode(ctx_p);
  623. } else {
  624. if (flow_mode == S_DIN_to_AES) {
  625. if (cc_key_type(tfm) == CC_HW_PROTECTED_KEY) {
  626. set_hw_crypto_key(&desc[*seq_size],
  627. ctx_p->hw.key1_slot);
  628. } else {
  629. /* CC_POLICY_UNPROTECTED_KEY
  630. * Invalid keys are filtered out in
  631. * sethkey()
  632. */
  633. din_size = (key_len == 24) ?
  634. AES_MAX_KEY_SIZE : key_len;
  635. set_din_type(&desc[*seq_size], DMA_DLLI,
  636. key_dma_addr, din_size,
  637. NS_BIT);
  638. }
  639. set_key_size_aes(&desc[*seq_size], key_len);
  640. } else {
  641. /*des*/
  642. set_din_type(&desc[*seq_size], DMA_DLLI,
  643. key_dma_addr, key_len, NS_BIT);
  644. set_key_size_des(&desc[*seq_size], key_len);
  645. }
  646. set_setup_mode(&desc[*seq_size], SETUP_LOAD_KEY0);
  647. }
  648. set_flow_mode(&desc[*seq_size], flow_mode);
  649. (*seq_size)++;
  650. break;
  651. case DRV_CIPHER_XTS:
  652. case DRV_CIPHER_ESSIV:
  653. /* Load AES key */
  654. hw_desc_init(&desc[*seq_size]);
  655. set_cipher_mode(&desc[*seq_size], cipher_mode);
  656. set_cipher_config0(&desc[*seq_size], direction);
  657. if (cc_key_type(tfm) == CC_HW_PROTECTED_KEY) {
  658. set_hw_crypto_key(&desc[*seq_size],
  659. ctx_p->hw.key1_slot);
  660. } else {
  661. set_din_type(&desc[*seq_size], DMA_DLLI, key_dma_addr,
  662. (key_len / 2), NS_BIT);
  663. }
  664. set_key_size_aes(&desc[*seq_size], (key_len / 2));
  665. set_flow_mode(&desc[*seq_size], flow_mode);
  666. set_setup_mode(&desc[*seq_size], SETUP_LOAD_KEY0);
  667. (*seq_size)++;
  668. break;
  669. default:
  670. dev_err(dev, "Unsupported cipher mode (%d)\n", cipher_mode);
  671. }
  672. }
  673. static void cc_setup_mlli_desc(struct crypto_tfm *tfm,
  674. struct cipher_req_ctx *req_ctx,
  675. struct scatterlist *dst, struct scatterlist *src,
  676. unsigned int nbytes, void *areq,
  677. struct cc_hw_desc desc[], unsigned int *seq_size)
  678. {
  679. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  680. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  681. if (req_ctx->dma_buf_type == CC_DMA_BUF_MLLI) {
  682. /* bypass */
  683. dev_dbg(dev, " bypass params addr %pad length 0x%X addr 0x%08X\n",
  684. &req_ctx->mlli_params.mlli_dma_addr,
  685. req_ctx->mlli_params.mlli_len,
  686. ctx_p->drvdata->mlli_sram_addr);
  687. hw_desc_init(&desc[*seq_size]);
  688. set_din_type(&desc[*seq_size], DMA_DLLI,
  689. req_ctx->mlli_params.mlli_dma_addr,
  690. req_ctx->mlli_params.mlli_len, NS_BIT);
  691. set_dout_sram(&desc[*seq_size],
  692. ctx_p->drvdata->mlli_sram_addr,
  693. req_ctx->mlli_params.mlli_len);
  694. set_flow_mode(&desc[*seq_size], BYPASS);
  695. (*seq_size)++;
  696. }
  697. }
  698. static void cc_setup_flow_desc(struct crypto_tfm *tfm,
  699. struct cipher_req_ctx *req_ctx,
  700. struct scatterlist *dst, struct scatterlist *src,
  701. unsigned int nbytes, struct cc_hw_desc desc[],
  702. unsigned int *seq_size)
  703. {
  704. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  705. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  706. unsigned int flow_mode = cc_out_flow_mode(ctx_p);
  707. bool last_desc = (ctx_p->key_type == CC_POLICY_PROTECTED_KEY ||
  708. ctx_p->cipher_mode == DRV_CIPHER_ECB);
  709. /* Process */
  710. if (req_ctx->dma_buf_type == CC_DMA_BUF_DLLI) {
  711. dev_dbg(dev, " data params addr %pad length 0x%X\n",
  712. &sg_dma_address(src), nbytes);
  713. dev_dbg(dev, " data params addr %pad length 0x%X\n",
  714. &sg_dma_address(dst), nbytes);
  715. hw_desc_init(&desc[*seq_size]);
  716. set_din_type(&desc[*seq_size], DMA_DLLI, sg_dma_address(src),
  717. nbytes, NS_BIT);
  718. set_dout_dlli(&desc[*seq_size], sg_dma_address(dst),
  719. nbytes, NS_BIT, (!last_desc ? 0 : 1));
  720. if (last_desc)
  721. set_queue_last_ind(ctx_p->drvdata, &desc[*seq_size]);
  722. set_flow_mode(&desc[*seq_size], flow_mode);
  723. (*seq_size)++;
  724. } else {
  725. hw_desc_init(&desc[*seq_size]);
  726. set_din_type(&desc[*seq_size], DMA_MLLI,
  727. ctx_p->drvdata->mlli_sram_addr,
  728. req_ctx->in_mlli_nents, NS_BIT);
  729. if (req_ctx->out_nents == 0) {
  730. dev_dbg(dev, " din/dout params addr 0x%08X addr 0x%08X\n",
  731. ctx_p->drvdata->mlli_sram_addr,
  732. ctx_p->drvdata->mlli_sram_addr);
  733. set_dout_mlli(&desc[*seq_size],
  734. ctx_p->drvdata->mlli_sram_addr,
  735. req_ctx->in_mlli_nents, NS_BIT,
  736. (!last_desc ? 0 : 1));
  737. } else {
  738. dev_dbg(dev, " din/dout params addr 0x%08X addr 0x%08X\n",
  739. ctx_p->drvdata->mlli_sram_addr,
  740. ctx_p->drvdata->mlli_sram_addr +
  741. (u32)LLI_ENTRY_BYTE_SIZE * req_ctx->in_nents);
  742. set_dout_mlli(&desc[*seq_size],
  743. (ctx_p->drvdata->mlli_sram_addr +
  744. (LLI_ENTRY_BYTE_SIZE *
  745. req_ctx->in_mlli_nents)),
  746. req_ctx->out_mlli_nents, NS_BIT,
  747. (!last_desc ? 0 : 1));
  748. }
  749. if (last_desc)
  750. set_queue_last_ind(ctx_p->drvdata, &desc[*seq_size]);
  751. set_flow_mode(&desc[*seq_size], flow_mode);
  752. (*seq_size)++;
  753. }
  754. }
  755. static void cc_cipher_complete(struct device *dev, void *cc_req, int err)
  756. {
  757. struct skcipher_request *req = (struct skcipher_request *)cc_req;
  758. struct scatterlist *dst = req->dst;
  759. struct scatterlist *src = req->src;
  760. struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req);
  761. struct crypto_skcipher *sk_tfm = crypto_skcipher_reqtfm(req);
  762. unsigned int ivsize = crypto_skcipher_ivsize(sk_tfm);
  763. if (err != -EINPROGRESS) {
  764. /* Not a BACKLOG notification */
  765. cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst);
  766. memcpy(req->iv, req_ctx->iv, ivsize);
  767. kfree_sensitive(req_ctx->iv);
  768. }
  769. skcipher_request_complete(req, err);
  770. }
  771. static int cc_cipher_process(struct skcipher_request *req,
  772. enum drv_crypto_direction direction)
  773. {
  774. struct crypto_skcipher *sk_tfm = crypto_skcipher_reqtfm(req);
  775. struct crypto_tfm *tfm = crypto_skcipher_tfm(sk_tfm);
  776. struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req);
  777. unsigned int ivsize = crypto_skcipher_ivsize(sk_tfm);
  778. struct scatterlist *dst = req->dst;
  779. struct scatterlist *src = req->src;
  780. unsigned int nbytes = req->cryptlen;
  781. void *iv = req->iv;
  782. struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
  783. struct device *dev = drvdata_to_dev(ctx_p->drvdata);
  784. struct cc_hw_desc desc[MAX_SKCIPHER_SEQ_LEN];
  785. struct cc_crypto_req cc_req = {};
  786. int rc;
  787. unsigned int seq_len = 0;
  788. gfp_t flags = cc_gfp_flags(&req->base);
  789. dev_dbg(dev, "%s req=%p iv=%p nbytes=%d\n",
  790. ((direction == DRV_CRYPTO_DIRECTION_ENCRYPT) ?
  791. "Encrypt" : "Decrypt"), req, iv, nbytes);
  792. /* STAT_PHASE_0: Init and sanity checks */
  793. if (validate_data_size(ctx_p, nbytes)) {
  794. dev_dbg(dev, "Unsupported data size %d.\n", nbytes);
  795. rc = -EINVAL;
  796. goto exit_process;
  797. }
  798. if (nbytes == 0) {
  799. /* No data to process is valid */
  800. rc = 0;
  801. goto exit_process;
  802. }
  803. if (ctx_p->fallback_on) {
  804. struct skcipher_request *subreq = skcipher_request_ctx(req);
  805. *subreq = *req;
  806. skcipher_request_set_tfm(subreq, ctx_p->fallback_tfm);
  807. if (direction == DRV_CRYPTO_DIRECTION_ENCRYPT)
  808. return crypto_skcipher_encrypt(subreq);
  809. else
  810. return crypto_skcipher_decrypt(subreq);
  811. }
  812. /* The IV we are handed may be allocated from the stack so
  813. * we must copy it to a DMAable buffer before use.
  814. */
  815. req_ctx->iv = kmemdup(iv, ivsize, flags);
  816. if (!req_ctx->iv) {
  817. rc = -ENOMEM;
  818. goto exit_process;
  819. }
  820. /* Setup request structure */
  821. cc_req.user_cb = cc_cipher_complete;
  822. cc_req.user_arg = req;
  823. /* Setup CPP operation details */
  824. if (ctx_p->key_type == CC_POLICY_PROTECTED_KEY) {
  825. cc_req.cpp.is_cpp = true;
  826. cc_req.cpp.alg = ctx_p->cpp.alg;
  827. cc_req.cpp.slot = ctx_p->cpp.slot;
  828. }
  829. /* Setup request context */
  830. req_ctx->gen_ctx.op_type = direction;
  831. /* STAT_PHASE_1: Map buffers */
  832. rc = cc_map_cipher_request(ctx_p->drvdata, req_ctx, ivsize, nbytes,
  833. req_ctx->iv, src, dst, flags);
  834. if (rc) {
  835. dev_err(dev, "map_request() failed\n");
  836. goto exit_process;
  837. }
  838. /* STAT_PHASE_2: Create sequence */
  839. /* Setup state (IV) */
  840. cc_setup_state_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len);
  841. /* Setup MLLI line, if needed */
  842. cc_setup_mlli_desc(tfm, req_ctx, dst, src, nbytes, req, desc, &seq_len);
  843. /* Setup key */
  844. cc_setup_key_desc(tfm, req_ctx, nbytes, desc, &seq_len);
  845. /* Setup state (IV and XEX key) */
  846. cc_setup_xex_state_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len);
  847. /* Data processing */
  848. cc_setup_flow_desc(tfm, req_ctx, dst, src, nbytes, desc, &seq_len);
  849. /* Read next IV */
  850. cc_setup_readiv_desc(tfm, req_ctx, ivsize, desc, &seq_len);
  851. /* STAT_PHASE_3: Lock HW and push sequence */
  852. rc = cc_send_request(ctx_p->drvdata, &cc_req, desc, seq_len,
  853. &req->base);
  854. if (rc != -EINPROGRESS && rc != -EBUSY) {
  855. /* Failed to send the request or request completed
  856. * synchronously
  857. */
  858. cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst);
  859. }
  860. exit_process:
  861. if (rc != -EINPROGRESS && rc != -EBUSY) {
  862. kfree_sensitive(req_ctx->iv);
  863. }
  864. return rc;
  865. }
  866. static int cc_cipher_encrypt(struct skcipher_request *req)
  867. {
  868. struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req);
  869. memset(req_ctx, 0, sizeof(*req_ctx));
  870. return cc_cipher_process(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
  871. }
  872. static int cc_cipher_decrypt(struct skcipher_request *req)
  873. {
  874. struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req);
  875. memset(req_ctx, 0, sizeof(*req_ctx));
  876. return cc_cipher_process(req, DRV_CRYPTO_DIRECTION_DECRYPT);
  877. }
  878. /* Block cipher alg */
  879. static const struct cc_alg_template skcipher_algs[] = {
  880. {
  881. .name = "xts(paes)",
  882. .driver_name = "xts-paes-ccree",
  883. .blocksize = 1,
  884. .template_skcipher = {
  885. .setkey = cc_cipher_sethkey,
  886. .encrypt = cc_cipher_encrypt,
  887. .decrypt = cc_cipher_decrypt,
  888. .min_keysize = CC_HW_KEY_SIZE,
  889. .max_keysize = CC_HW_KEY_SIZE,
  890. .ivsize = AES_BLOCK_SIZE,
  891. },
  892. .cipher_mode = DRV_CIPHER_XTS,
  893. .flow_mode = S_DIN_to_AES,
  894. .min_hw_rev = CC_HW_REV_630,
  895. .std_body = CC_STD_NIST,
  896. .sec_func = true,
  897. },
  898. {
  899. .name = "essiv(cbc(paes),sha256)",
  900. .driver_name = "essiv-paes-ccree",
  901. .blocksize = AES_BLOCK_SIZE,
  902. .template_skcipher = {
  903. .setkey = cc_cipher_sethkey,
  904. .encrypt = cc_cipher_encrypt,
  905. .decrypt = cc_cipher_decrypt,
  906. .min_keysize = CC_HW_KEY_SIZE,
  907. .max_keysize = CC_HW_KEY_SIZE,
  908. .ivsize = AES_BLOCK_SIZE,
  909. },
  910. .cipher_mode = DRV_CIPHER_ESSIV,
  911. .flow_mode = S_DIN_to_AES,
  912. .min_hw_rev = CC_HW_REV_712,
  913. .std_body = CC_STD_NIST,
  914. .sec_func = true,
  915. },
  916. {
  917. .name = "ecb(paes)",
  918. .driver_name = "ecb-paes-ccree",
  919. .blocksize = AES_BLOCK_SIZE,
  920. .template_skcipher = {
  921. .setkey = cc_cipher_sethkey,
  922. .encrypt = cc_cipher_encrypt,
  923. .decrypt = cc_cipher_decrypt,
  924. .min_keysize = CC_HW_KEY_SIZE,
  925. .max_keysize = CC_HW_KEY_SIZE,
  926. .ivsize = 0,
  927. },
  928. .cipher_mode = DRV_CIPHER_ECB,
  929. .flow_mode = S_DIN_to_AES,
  930. .min_hw_rev = CC_HW_REV_712,
  931. .std_body = CC_STD_NIST,
  932. .sec_func = true,
  933. },
  934. {
  935. .name = "cbc(paes)",
  936. .driver_name = "cbc-paes-ccree",
  937. .blocksize = AES_BLOCK_SIZE,
  938. .template_skcipher = {
  939. .setkey = cc_cipher_sethkey,
  940. .encrypt = cc_cipher_encrypt,
  941. .decrypt = cc_cipher_decrypt,
  942. .min_keysize = CC_HW_KEY_SIZE,
  943. .max_keysize = CC_HW_KEY_SIZE,
  944. .ivsize = AES_BLOCK_SIZE,
  945. },
  946. .cipher_mode = DRV_CIPHER_CBC,
  947. .flow_mode = S_DIN_to_AES,
  948. .min_hw_rev = CC_HW_REV_712,
  949. .std_body = CC_STD_NIST,
  950. .sec_func = true,
  951. },
  952. {
  953. .name = "cts(cbc(paes))",
  954. .driver_name = "cts-cbc-paes-ccree",
  955. .blocksize = AES_BLOCK_SIZE,
  956. .template_skcipher = {
  957. .setkey = cc_cipher_sethkey,
  958. .encrypt = cc_cipher_encrypt,
  959. .decrypt = cc_cipher_decrypt,
  960. .min_keysize = CC_HW_KEY_SIZE,
  961. .max_keysize = CC_HW_KEY_SIZE,
  962. .ivsize = AES_BLOCK_SIZE,
  963. },
  964. .cipher_mode = DRV_CIPHER_CBC_CTS,
  965. .flow_mode = S_DIN_to_AES,
  966. .min_hw_rev = CC_HW_REV_712,
  967. .std_body = CC_STD_NIST,
  968. .sec_func = true,
  969. },
  970. {
  971. .name = "ctr(paes)",
  972. .driver_name = "ctr-paes-ccree",
  973. .blocksize = 1,
  974. .template_skcipher = {
  975. .setkey = cc_cipher_sethkey,
  976. .encrypt = cc_cipher_encrypt,
  977. .decrypt = cc_cipher_decrypt,
  978. .min_keysize = CC_HW_KEY_SIZE,
  979. .max_keysize = CC_HW_KEY_SIZE,
  980. .ivsize = AES_BLOCK_SIZE,
  981. },
  982. .cipher_mode = DRV_CIPHER_CTR,
  983. .flow_mode = S_DIN_to_AES,
  984. .min_hw_rev = CC_HW_REV_712,
  985. .std_body = CC_STD_NIST,
  986. .sec_func = true,
  987. },
  988. {
  989. /* See https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg40576.html
  990. * for the reason why this differs from the generic
  991. * implementation.
  992. */
  993. .name = "xts(aes)",
  994. .driver_name = "xts-aes-ccree",
  995. .blocksize = 1,
  996. .template_skcipher = {
  997. .setkey = cc_cipher_setkey,
  998. .encrypt = cc_cipher_encrypt,
  999. .decrypt = cc_cipher_decrypt,
  1000. .min_keysize = AES_MIN_KEY_SIZE * 2,
  1001. .max_keysize = AES_MAX_KEY_SIZE * 2,
  1002. .ivsize = AES_BLOCK_SIZE,
  1003. },
  1004. .cipher_mode = DRV_CIPHER_XTS,
  1005. .flow_mode = S_DIN_to_AES,
  1006. .min_hw_rev = CC_HW_REV_630,
  1007. .std_body = CC_STD_NIST,
  1008. },
  1009. {
  1010. .name = "essiv(cbc(aes),sha256)",
  1011. .driver_name = "essiv-aes-ccree",
  1012. .blocksize = AES_BLOCK_SIZE,
  1013. .template_skcipher = {
  1014. .setkey = cc_cipher_setkey,
  1015. .encrypt = cc_cipher_encrypt,
  1016. .decrypt = cc_cipher_decrypt,
  1017. .min_keysize = AES_MIN_KEY_SIZE,
  1018. .max_keysize = AES_MAX_KEY_SIZE,
  1019. .ivsize = AES_BLOCK_SIZE,
  1020. },
  1021. .cipher_mode = DRV_CIPHER_ESSIV,
  1022. .flow_mode = S_DIN_to_AES,
  1023. .min_hw_rev = CC_HW_REV_712,
  1024. .std_body = CC_STD_NIST,
  1025. },
  1026. {
  1027. .name = "ecb(aes)",
  1028. .driver_name = "ecb-aes-ccree",
  1029. .blocksize = AES_BLOCK_SIZE,
  1030. .template_skcipher = {
  1031. .setkey = cc_cipher_setkey,
  1032. .encrypt = cc_cipher_encrypt,
  1033. .decrypt = cc_cipher_decrypt,
  1034. .min_keysize = AES_MIN_KEY_SIZE,
  1035. .max_keysize = AES_MAX_KEY_SIZE,
  1036. .ivsize = 0,
  1037. },
  1038. .cipher_mode = DRV_CIPHER_ECB,
  1039. .flow_mode = S_DIN_to_AES,
  1040. .min_hw_rev = CC_HW_REV_630,
  1041. .std_body = CC_STD_NIST,
  1042. },
  1043. {
  1044. .name = "cbc(aes)",
  1045. .driver_name = "cbc-aes-ccree",
  1046. .blocksize = AES_BLOCK_SIZE,
  1047. .template_skcipher = {
  1048. .setkey = cc_cipher_setkey,
  1049. .encrypt = cc_cipher_encrypt,
  1050. .decrypt = cc_cipher_decrypt,
  1051. .min_keysize = AES_MIN_KEY_SIZE,
  1052. .max_keysize = AES_MAX_KEY_SIZE,
  1053. .ivsize = AES_BLOCK_SIZE,
  1054. },
  1055. .cipher_mode = DRV_CIPHER_CBC,
  1056. .flow_mode = S_DIN_to_AES,
  1057. .min_hw_rev = CC_HW_REV_630,
  1058. .std_body = CC_STD_NIST,
  1059. },
  1060. {
  1061. .name = "cts(cbc(aes))",
  1062. .driver_name = "cts-cbc-aes-ccree",
  1063. .blocksize = AES_BLOCK_SIZE,
  1064. .template_skcipher = {
  1065. .setkey = cc_cipher_setkey,
  1066. .encrypt = cc_cipher_encrypt,
  1067. .decrypt = cc_cipher_decrypt,
  1068. .min_keysize = AES_MIN_KEY_SIZE,
  1069. .max_keysize = AES_MAX_KEY_SIZE,
  1070. .ivsize = AES_BLOCK_SIZE,
  1071. },
  1072. .cipher_mode = DRV_CIPHER_CBC_CTS,
  1073. .flow_mode = S_DIN_to_AES,
  1074. .min_hw_rev = CC_HW_REV_630,
  1075. .std_body = CC_STD_NIST,
  1076. },
  1077. {
  1078. .name = "ctr(aes)",
  1079. .driver_name = "ctr-aes-ccree",
  1080. .blocksize = 1,
  1081. .template_skcipher = {
  1082. .setkey = cc_cipher_setkey,
  1083. .encrypt = cc_cipher_encrypt,
  1084. .decrypt = cc_cipher_decrypt,
  1085. .min_keysize = AES_MIN_KEY_SIZE,
  1086. .max_keysize = AES_MAX_KEY_SIZE,
  1087. .ivsize = AES_BLOCK_SIZE,
  1088. },
  1089. .cipher_mode = DRV_CIPHER_CTR,
  1090. .flow_mode = S_DIN_to_AES,
  1091. .min_hw_rev = CC_HW_REV_630,
  1092. .std_body = CC_STD_NIST,
  1093. },
  1094. {
  1095. .name = "cbc(des3_ede)",
  1096. .driver_name = "cbc-3des-ccree",
  1097. .blocksize = DES3_EDE_BLOCK_SIZE,
  1098. .template_skcipher = {
  1099. .setkey = cc_cipher_setkey,
  1100. .encrypt = cc_cipher_encrypt,
  1101. .decrypt = cc_cipher_decrypt,
  1102. .min_keysize = DES3_EDE_KEY_SIZE,
  1103. .max_keysize = DES3_EDE_KEY_SIZE,
  1104. .ivsize = DES3_EDE_BLOCK_SIZE,
  1105. },
  1106. .cipher_mode = DRV_CIPHER_CBC,
  1107. .flow_mode = S_DIN_to_DES,
  1108. .min_hw_rev = CC_HW_REV_630,
  1109. .std_body = CC_STD_NIST,
  1110. },
  1111. {
  1112. .name = "ecb(des3_ede)",
  1113. .driver_name = "ecb-3des-ccree",
  1114. .blocksize = DES3_EDE_BLOCK_SIZE,
  1115. .template_skcipher = {
  1116. .setkey = cc_cipher_setkey,
  1117. .encrypt = cc_cipher_encrypt,
  1118. .decrypt = cc_cipher_decrypt,
  1119. .min_keysize = DES3_EDE_KEY_SIZE,
  1120. .max_keysize = DES3_EDE_KEY_SIZE,
  1121. .ivsize = 0,
  1122. },
  1123. .cipher_mode = DRV_CIPHER_ECB,
  1124. .flow_mode = S_DIN_to_DES,
  1125. .min_hw_rev = CC_HW_REV_630,
  1126. .std_body = CC_STD_NIST,
  1127. },
  1128. {
  1129. .name = "cbc(des)",
  1130. .driver_name = "cbc-des-ccree",
  1131. .blocksize = DES_BLOCK_SIZE,
  1132. .template_skcipher = {
  1133. .setkey = cc_cipher_setkey,
  1134. .encrypt = cc_cipher_encrypt,
  1135. .decrypt = cc_cipher_decrypt,
  1136. .min_keysize = DES_KEY_SIZE,
  1137. .max_keysize = DES_KEY_SIZE,
  1138. .ivsize = DES_BLOCK_SIZE,
  1139. },
  1140. .cipher_mode = DRV_CIPHER_CBC,
  1141. .flow_mode = S_DIN_to_DES,
  1142. .min_hw_rev = CC_HW_REV_630,
  1143. .std_body = CC_STD_NIST,
  1144. },
  1145. {
  1146. .name = "ecb(des)",
  1147. .driver_name = "ecb-des-ccree",
  1148. .blocksize = DES_BLOCK_SIZE,
  1149. .template_skcipher = {
  1150. .setkey = cc_cipher_setkey,
  1151. .encrypt = cc_cipher_encrypt,
  1152. .decrypt = cc_cipher_decrypt,
  1153. .min_keysize = DES_KEY_SIZE,
  1154. .max_keysize = DES_KEY_SIZE,
  1155. .ivsize = 0,
  1156. },
  1157. .cipher_mode = DRV_CIPHER_ECB,
  1158. .flow_mode = S_DIN_to_DES,
  1159. .min_hw_rev = CC_HW_REV_630,
  1160. .std_body = CC_STD_NIST,
  1161. },
  1162. {
  1163. .name = "cbc(sm4)",
  1164. .driver_name = "cbc-sm4-ccree",
  1165. .blocksize = SM4_BLOCK_SIZE,
  1166. .template_skcipher = {
  1167. .setkey = cc_cipher_setkey,
  1168. .encrypt = cc_cipher_encrypt,
  1169. .decrypt = cc_cipher_decrypt,
  1170. .min_keysize = SM4_KEY_SIZE,
  1171. .max_keysize = SM4_KEY_SIZE,
  1172. .ivsize = SM4_BLOCK_SIZE,
  1173. },
  1174. .cipher_mode = DRV_CIPHER_CBC,
  1175. .flow_mode = S_DIN_to_SM4,
  1176. .min_hw_rev = CC_HW_REV_713,
  1177. .std_body = CC_STD_OSCCA,
  1178. },
  1179. {
  1180. .name = "ecb(sm4)",
  1181. .driver_name = "ecb-sm4-ccree",
  1182. .blocksize = SM4_BLOCK_SIZE,
  1183. .template_skcipher = {
  1184. .setkey = cc_cipher_setkey,
  1185. .encrypt = cc_cipher_encrypt,
  1186. .decrypt = cc_cipher_decrypt,
  1187. .min_keysize = SM4_KEY_SIZE,
  1188. .max_keysize = SM4_KEY_SIZE,
  1189. .ivsize = 0,
  1190. },
  1191. .cipher_mode = DRV_CIPHER_ECB,
  1192. .flow_mode = S_DIN_to_SM4,
  1193. .min_hw_rev = CC_HW_REV_713,
  1194. .std_body = CC_STD_OSCCA,
  1195. },
  1196. {
  1197. .name = "ctr(sm4)",
  1198. .driver_name = "ctr-sm4-ccree",
  1199. .blocksize = 1,
  1200. .template_skcipher = {
  1201. .setkey = cc_cipher_setkey,
  1202. .encrypt = cc_cipher_encrypt,
  1203. .decrypt = cc_cipher_decrypt,
  1204. .min_keysize = SM4_KEY_SIZE,
  1205. .max_keysize = SM4_KEY_SIZE,
  1206. .ivsize = SM4_BLOCK_SIZE,
  1207. },
  1208. .cipher_mode = DRV_CIPHER_CTR,
  1209. .flow_mode = S_DIN_to_SM4,
  1210. .min_hw_rev = CC_HW_REV_713,
  1211. .std_body = CC_STD_OSCCA,
  1212. },
  1213. {
  1214. .name = "cbc(psm4)",
  1215. .driver_name = "cbc-psm4-ccree",
  1216. .blocksize = SM4_BLOCK_SIZE,
  1217. .template_skcipher = {
  1218. .setkey = cc_cipher_sethkey,
  1219. .encrypt = cc_cipher_encrypt,
  1220. .decrypt = cc_cipher_decrypt,
  1221. .min_keysize = CC_HW_KEY_SIZE,
  1222. .max_keysize = CC_HW_KEY_SIZE,
  1223. .ivsize = SM4_BLOCK_SIZE,
  1224. },
  1225. .cipher_mode = DRV_CIPHER_CBC,
  1226. .flow_mode = S_DIN_to_SM4,
  1227. .min_hw_rev = CC_HW_REV_713,
  1228. .std_body = CC_STD_OSCCA,
  1229. .sec_func = true,
  1230. },
  1231. {
  1232. .name = "ctr(psm4)",
  1233. .driver_name = "ctr-psm4-ccree",
  1234. .blocksize = SM4_BLOCK_SIZE,
  1235. .template_skcipher = {
  1236. .setkey = cc_cipher_sethkey,
  1237. .encrypt = cc_cipher_encrypt,
  1238. .decrypt = cc_cipher_decrypt,
  1239. .min_keysize = CC_HW_KEY_SIZE,
  1240. .max_keysize = CC_HW_KEY_SIZE,
  1241. .ivsize = SM4_BLOCK_SIZE,
  1242. },
  1243. .cipher_mode = DRV_CIPHER_CTR,
  1244. .flow_mode = S_DIN_to_SM4,
  1245. .min_hw_rev = CC_HW_REV_713,
  1246. .std_body = CC_STD_OSCCA,
  1247. .sec_func = true,
  1248. },
  1249. };
  1250. static struct cc_crypto_alg *cc_create_alg(const struct cc_alg_template *tmpl,
  1251. struct device *dev)
  1252. {
  1253. struct cc_crypto_alg *t_alg;
  1254. struct skcipher_alg *alg;
  1255. t_alg = devm_kzalloc(dev, sizeof(*t_alg), GFP_KERNEL);
  1256. if (!t_alg)
  1257. return ERR_PTR(-ENOMEM);
  1258. alg = &t_alg->skcipher_alg;
  1259. memcpy(alg, &tmpl->template_skcipher, sizeof(*alg));
  1260. if (snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s",
  1261. tmpl->name) >= CRYPTO_MAX_ALG_NAME)
  1262. return ERR_PTR(-EINVAL);
  1263. if (snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
  1264. tmpl->driver_name) >= CRYPTO_MAX_ALG_NAME)
  1265. return ERR_PTR(-EINVAL);
  1266. alg->base.cra_module = THIS_MODULE;
  1267. alg->base.cra_priority = CC_CRA_PRIO;
  1268. alg->base.cra_blocksize = tmpl->blocksize;
  1269. alg->base.cra_alignmask = 0;
  1270. alg->base.cra_ctxsize = sizeof(struct cc_cipher_ctx);
  1271. alg->base.cra_init = cc_cipher_init;
  1272. alg->base.cra_exit = cc_cipher_exit;
  1273. alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
  1274. t_alg->cipher_mode = tmpl->cipher_mode;
  1275. t_alg->flow_mode = tmpl->flow_mode;
  1276. return t_alg;
  1277. }
  1278. int cc_cipher_free(struct cc_drvdata *drvdata)
  1279. {
  1280. struct cc_crypto_alg *t_alg, *n;
  1281. /* Remove registered algs */
  1282. list_for_each_entry_safe(t_alg, n, &drvdata->alg_list, entry) {
  1283. crypto_unregister_skcipher(&t_alg->skcipher_alg);
  1284. list_del(&t_alg->entry);
  1285. }
  1286. return 0;
  1287. }
  1288. int cc_cipher_alloc(struct cc_drvdata *drvdata)
  1289. {
  1290. struct cc_crypto_alg *t_alg;
  1291. struct device *dev = drvdata_to_dev(drvdata);
  1292. int rc = -ENOMEM;
  1293. int alg;
  1294. INIT_LIST_HEAD(&drvdata->alg_list);
  1295. /* Linux crypto */
  1296. dev_dbg(dev, "Number of algorithms = %zu\n",
  1297. ARRAY_SIZE(skcipher_algs));
  1298. for (alg = 0; alg < ARRAY_SIZE(skcipher_algs); alg++) {
  1299. if ((skcipher_algs[alg].min_hw_rev > drvdata->hw_rev) ||
  1300. !(drvdata->std_bodies & skcipher_algs[alg].std_body) ||
  1301. (drvdata->sec_disabled && skcipher_algs[alg].sec_func))
  1302. continue;
  1303. dev_dbg(dev, "creating %s\n", skcipher_algs[alg].driver_name);
  1304. t_alg = cc_create_alg(&skcipher_algs[alg], dev);
  1305. if (IS_ERR(t_alg)) {
  1306. rc = PTR_ERR(t_alg);
  1307. dev_err(dev, "%s alg allocation failed\n",
  1308. skcipher_algs[alg].driver_name);
  1309. goto fail0;
  1310. }
  1311. t_alg->drvdata = drvdata;
  1312. dev_dbg(dev, "registering %s\n",
  1313. skcipher_algs[alg].driver_name);
  1314. rc = crypto_register_skcipher(&t_alg->skcipher_alg);
  1315. dev_dbg(dev, "%s alg registration rc = %x\n",
  1316. t_alg->skcipher_alg.base.cra_driver_name, rc);
  1317. if (rc) {
  1318. dev_err(dev, "%s alg registration failed\n",
  1319. t_alg->skcipher_alg.base.cra_driver_name);
  1320. goto fail0;
  1321. }
  1322. list_add_tail(&t_alg->entry, &drvdata->alg_list);
  1323. dev_dbg(dev, "Registered %s\n",
  1324. t_alg->skcipher_alg.base.cra_driver_name);
  1325. }
  1326. return 0;
  1327. fail0:
  1328. cc_cipher_free(drvdata);
  1329. return rc;
  1330. }