eip93-common.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Copyright (C) 2019 - 2021
  4. *
  5. * Richard van Schagen <vschagen@icloud.com>
  6. * Christian Marangi <ansuelsmth@gmail.com
  7. */
  8. #include <crypto/aes.h>
  9. #include <crypto/ctr.h>
  10. #include <crypto/hmac.h>
  11. #include <crypto/sha1.h>
  12. #include <crypto/sha2.h>
  13. #include <linux/kernel.h>
  14. #include <linux/delay.h>
  15. #include <linux/dma-mapping.h>
  16. #include <linux/scatterlist.h>
  17. #include "eip93-cipher.h"
  18. #include "eip93-hash.h"
  19. #include "eip93-common.h"
  20. #include "eip93-main.h"
  21. #include "eip93-regs.h"
  22. int eip93_parse_ctrl_stat_err(struct eip93_device *eip93, int err)
  23. {
  24. u32 ext_err;
  25. if (!err)
  26. return 0;
  27. switch (err & ~EIP93_PE_CTRL_PE_EXT_ERR_CODE) {
  28. case EIP93_PE_CTRL_PE_AUTH_ERR:
  29. case EIP93_PE_CTRL_PE_PAD_ERR:
  30. return -EBADMSG;
  31. /* let software handle anti-replay errors */
  32. case EIP93_PE_CTRL_PE_SEQNUM_ERR:
  33. return 0;
  34. case EIP93_PE_CTRL_PE_EXT_ERR:
  35. break;
  36. default:
  37. dev_err(eip93->dev, "Unhandled error 0x%08x\n", err);
  38. return -EINVAL;
  39. }
  40. /* Parse additional ext errors */
  41. ext_err = FIELD_GET(EIP93_PE_CTRL_PE_EXT_ERR_CODE, err);
  42. switch (ext_err) {
  43. case EIP93_PE_CTRL_PE_EXT_ERR_BUS:
  44. case EIP93_PE_CTRL_PE_EXT_ERR_PROCESSING:
  45. return -EIO;
  46. case EIP93_PE_CTRL_PE_EXT_ERR_DESC_OWNER:
  47. return -EACCES;
  48. case EIP93_PE_CTRL_PE_EXT_ERR_INVALID_CRYPTO_OP:
  49. case EIP93_PE_CTRL_PE_EXT_ERR_INVALID_CRYPTO_ALGO:
  50. case EIP93_PE_CTRL_PE_EXT_ERR_SPI:
  51. return -EINVAL;
  52. case EIP93_PE_CTRL_PE_EXT_ERR_ZERO_LENGTH:
  53. case EIP93_PE_CTRL_PE_EXT_ERR_INVALID_PK_LENGTH:
  54. case EIP93_PE_CTRL_PE_EXT_ERR_BLOCK_SIZE_ERR:
  55. return -EBADMSG;
  56. default:
  57. dev_err(eip93->dev, "Unhandled ext error 0x%08x\n", ext_err);
  58. return -EINVAL;
  59. }
  60. }
  61. static void *eip93_ring_next_wptr(struct eip93_device *eip93,
  62. struct eip93_desc_ring *ring)
  63. {
  64. void *ptr = ring->write;
  65. if ((ring->write == ring->read - ring->offset) ||
  66. (ring->read == ring->base && ring->write == ring->base_end))
  67. return ERR_PTR(-ENOMEM);
  68. if (ring->write == ring->base_end)
  69. ring->write = ring->base;
  70. else
  71. ring->write += ring->offset;
  72. return ptr;
  73. }
  74. static void *eip93_ring_next_rptr(struct eip93_device *eip93,
  75. struct eip93_desc_ring *ring)
  76. {
  77. void *ptr = ring->read;
  78. if (ring->write == ring->read)
  79. return ERR_PTR(-ENOENT);
  80. if (ring->read == ring->base_end)
  81. ring->read = ring->base;
  82. else
  83. ring->read += ring->offset;
  84. return ptr;
  85. }
  86. int eip93_put_descriptor(struct eip93_device *eip93,
  87. struct eip93_descriptor *desc)
  88. {
  89. struct eip93_descriptor *cdesc;
  90. struct eip93_descriptor *rdesc;
  91. rdesc = eip93_ring_next_wptr(eip93, &eip93->ring->rdr);
  92. if (IS_ERR(rdesc))
  93. return -ENOENT;
  94. cdesc = eip93_ring_next_wptr(eip93, &eip93->ring->cdr);
  95. if (IS_ERR(cdesc))
  96. return -ENOENT;
  97. memset(rdesc, 0, sizeof(struct eip93_descriptor));
  98. memcpy(cdesc, desc, sizeof(struct eip93_descriptor));
  99. return 0;
  100. }
  101. void *eip93_get_descriptor(struct eip93_device *eip93)
  102. {
  103. struct eip93_descriptor *cdesc;
  104. void *ptr;
  105. cdesc = eip93_ring_next_rptr(eip93, &eip93->ring->cdr);
  106. if (IS_ERR(cdesc))
  107. return ERR_PTR(-ENOENT);
  108. memset(cdesc, 0, sizeof(struct eip93_descriptor));
  109. ptr = eip93_ring_next_rptr(eip93, &eip93->ring->rdr);
  110. if (IS_ERR(ptr))
  111. return ERR_PTR(-ENOENT);
  112. return ptr;
  113. }
  114. static void eip93_free_sg_copy(const int len, struct scatterlist **sg)
  115. {
  116. if (!*sg || !len)
  117. return;
  118. free_pages((unsigned long)sg_virt(*sg), get_order(len));
  119. kfree(*sg);
  120. *sg = NULL;
  121. }
  122. static int eip93_make_sg_copy(struct scatterlist *src, struct scatterlist **dst,
  123. const u32 len, const bool copy)
  124. {
  125. void *pages;
  126. *dst = kmalloc_obj(**dst);
  127. if (!*dst)
  128. return -ENOMEM;
  129. pages = (void *)__get_free_pages(GFP_KERNEL | GFP_DMA,
  130. get_order(len));
  131. if (!pages) {
  132. kfree(*dst);
  133. *dst = NULL;
  134. return -ENOMEM;
  135. }
  136. sg_init_table(*dst, 1);
  137. sg_set_buf(*dst, pages, len);
  138. /* copy only as requested */
  139. if (copy)
  140. sg_copy_to_buffer(src, sg_nents(src), pages, len);
  141. return 0;
  142. }
  143. static bool eip93_is_sg_aligned(struct scatterlist *sg, u32 len,
  144. const int blksize)
  145. {
  146. int nents;
  147. for (nents = 0; sg; sg = sg_next(sg), ++nents) {
  148. if (!IS_ALIGNED(sg->offset, 4))
  149. return false;
  150. if (len <= sg->length) {
  151. if (!IS_ALIGNED(len, blksize))
  152. return false;
  153. return true;
  154. }
  155. if (!IS_ALIGNED(sg->length, blksize))
  156. return false;
  157. len -= sg->length;
  158. }
  159. return false;
  160. }
  161. int check_valid_request(struct eip93_cipher_reqctx *rctx)
  162. {
  163. struct scatterlist *src = rctx->sg_src;
  164. struct scatterlist *dst = rctx->sg_dst;
  165. u32 textsize = rctx->textsize;
  166. u32 authsize = rctx->authsize;
  167. u32 blksize = rctx->blksize;
  168. u32 totlen_src = rctx->assoclen + rctx->textsize;
  169. u32 totlen_dst = rctx->assoclen + rctx->textsize;
  170. u32 copy_len;
  171. bool src_align, dst_align;
  172. int src_nents, dst_nents;
  173. int err = -EINVAL;
  174. if (!IS_CTR(rctx->flags)) {
  175. if (!IS_ALIGNED(textsize, blksize))
  176. return err;
  177. }
  178. if (authsize) {
  179. if (IS_ENCRYPT(rctx->flags))
  180. totlen_dst += authsize;
  181. else
  182. totlen_src += authsize;
  183. }
  184. src_nents = sg_nents_for_len(src, totlen_src);
  185. if (src_nents < 0)
  186. return src_nents;
  187. dst_nents = sg_nents_for_len(dst, totlen_dst);
  188. if (dst_nents < 0)
  189. return dst_nents;
  190. if (src == dst) {
  191. src_nents = max(src_nents, dst_nents);
  192. dst_nents = src_nents;
  193. if (unlikely((totlen_src || totlen_dst) && !src_nents))
  194. return err;
  195. } else {
  196. if (unlikely(totlen_src && !src_nents))
  197. return err;
  198. if (unlikely(totlen_dst && !dst_nents))
  199. return err;
  200. }
  201. if (authsize) {
  202. if (dst_nents == 1 && src_nents == 1) {
  203. src_align = eip93_is_sg_aligned(src, totlen_src, blksize);
  204. if (src == dst)
  205. dst_align = src_align;
  206. else
  207. dst_align = eip93_is_sg_aligned(dst, totlen_dst, blksize);
  208. } else {
  209. src_align = false;
  210. dst_align = false;
  211. }
  212. } else {
  213. src_align = eip93_is_sg_aligned(src, totlen_src, blksize);
  214. if (src == dst)
  215. dst_align = src_align;
  216. else
  217. dst_align = eip93_is_sg_aligned(dst, totlen_dst, blksize);
  218. }
  219. copy_len = max(totlen_src, totlen_dst);
  220. if (!src_align) {
  221. err = eip93_make_sg_copy(src, &rctx->sg_src, copy_len, true);
  222. if (err)
  223. return err;
  224. }
  225. if (!dst_align) {
  226. err = eip93_make_sg_copy(dst, &rctx->sg_dst, copy_len, false);
  227. if (err)
  228. return err;
  229. }
  230. src_nents = sg_nents_for_len(rctx->sg_src, totlen_src);
  231. if (src_nents < 0)
  232. return src_nents;
  233. dst_nents = sg_nents_for_len(rctx->sg_dst, totlen_dst);
  234. if (dst_nents < 0)
  235. return dst_nents;
  236. rctx->src_nents = src_nents;
  237. rctx->dst_nents = dst_nents;
  238. return 0;
  239. }
  240. /*
  241. * Set sa_record function:
  242. * Even sa_record is set to "0", keep " = 0" for readability.
  243. */
  244. void eip93_set_sa_record(struct sa_record *sa_record, const unsigned int keylen,
  245. const u32 flags)
  246. {
  247. /* Reset cmd word */
  248. sa_record->sa_cmd0_word = 0;
  249. sa_record->sa_cmd1_word = 0;
  250. sa_record->sa_cmd0_word |= EIP93_SA_CMD_IV_FROM_STATE;
  251. if (!IS_ECB(flags))
  252. sa_record->sa_cmd0_word |= EIP93_SA_CMD_SAVE_IV;
  253. sa_record->sa_cmd0_word |= EIP93_SA_CMD_OP_BASIC;
  254. switch ((flags & EIP93_ALG_MASK)) {
  255. case EIP93_ALG_AES:
  256. sa_record->sa_cmd0_word |= EIP93_SA_CMD_CIPHER_AES;
  257. sa_record->sa_cmd1_word |= FIELD_PREP(EIP93_SA_CMD_AES_KEY_LENGTH,
  258. keylen >> 3);
  259. break;
  260. case EIP93_ALG_3DES:
  261. sa_record->sa_cmd0_word |= EIP93_SA_CMD_CIPHER_3DES;
  262. break;
  263. case EIP93_ALG_DES:
  264. sa_record->sa_cmd0_word |= EIP93_SA_CMD_CIPHER_DES;
  265. break;
  266. default:
  267. sa_record->sa_cmd0_word |= EIP93_SA_CMD_CIPHER_NULL;
  268. }
  269. switch ((flags & EIP93_HASH_MASK)) {
  270. case EIP93_HASH_SHA256:
  271. sa_record->sa_cmd0_word |= EIP93_SA_CMD_HASH_SHA256;
  272. break;
  273. case EIP93_HASH_SHA224:
  274. sa_record->sa_cmd0_word |= EIP93_SA_CMD_HASH_SHA224;
  275. break;
  276. case EIP93_HASH_SHA1:
  277. sa_record->sa_cmd0_word |= EIP93_SA_CMD_HASH_SHA1;
  278. break;
  279. case EIP93_HASH_MD5:
  280. sa_record->sa_cmd0_word |= EIP93_SA_CMD_HASH_MD5;
  281. break;
  282. default:
  283. sa_record->sa_cmd0_word |= EIP93_SA_CMD_HASH_NULL;
  284. }
  285. sa_record->sa_cmd0_word |= EIP93_SA_CMD_PAD_ZERO;
  286. switch ((flags & EIP93_MODE_MASK)) {
  287. case EIP93_MODE_CBC:
  288. sa_record->sa_cmd1_word |= EIP93_SA_CMD_CHIPER_MODE_CBC;
  289. break;
  290. case EIP93_MODE_CTR:
  291. sa_record->sa_cmd1_word |= EIP93_SA_CMD_CHIPER_MODE_CTR;
  292. break;
  293. case EIP93_MODE_ECB:
  294. sa_record->sa_cmd1_word |= EIP93_SA_CMD_CHIPER_MODE_ECB;
  295. break;
  296. }
  297. sa_record->sa_cmd0_word |= EIP93_SA_CMD_DIGEST_3WORD;
  298. if (IS_HASH(flags)) {
  299. sa_record->sa_cmd1_word |= EIP93_SA_CMD_COPY_PAD;
  300. sa_record->sa_cmd1_word |= EIP93_SA_CMD_COPY_DIGEST;
  301. }
  302. if (IS_HMAC(flags)) {
  303. sa_record->sa_cmd1_word |= EIP93_SA_CMD_HMAC;
  304. sa_record->sa_cmd1_word |= EIP93_SA_CMD_COPY_HEADER;
  305. }
  306. sa_record->sa_spi = 0x0;
  307. sa_record->sa_seqmum_mask[0] = 0xFFFFFFFF;
  308. sa_record->sa_seqmum_mask[1] = 0x0;
  309. }
  310. /*
  311. * Poor mans Scatter/gather function:
  312. * Create a Descriptor for every segment to avoid copying buffers.
  313. * For performance better to wait for hardware to perform multiple DMA
  314. */
  315. static int eip93_scatter_combine(struct eip93_device *eip93,
  316. struct eip93_cipher_reqctx *rctx,
  317. u32 datalen, u32 split, int offsetin)
  318. {
  319. struct eip93_descriptor *cdesc = rctx->cdesc;
  320. struct scatterlist *sgsrc = rctx->sg_src;
  321. struct scatterlist *sgdst = rctx->sg_dst;
  322. unsigned int remainin = sg_dma_len(sgsrc);
  323. unsigned int remainout = sg_dma_len(sgdst);
  324. dma_addr_t saddr = sg_dma_address(sgsrc);
  325. dma_addr_t daddr = sg_dma_address(sgdst);
  326. dma_addr_t state_addr;
  327. u32 src_addr, dst_addr, len, n;
  328. bool nextin = false;
  329. bool nextout = false;
  330. int offsetout = 0;
  331. int err;
  332. if (IS_ECB(rctx->flags))
  333. rctx->sa_state_base = 0;
  334. if (split < datalen) {
  335. state_addr = rctx->sa_state_ctr_base;
  336. n = split;
  337. } else {
  338. state_addr = rctx->sa_state_base;
  339. n = datalen;
  340. }
  341. do {
  342. if (nextin) {
  343. sgsrc = sg_next(sgsrc);
  344. remainin = sg_dma_len(sgsrc);
  345. if (remainin == 0)
  346. continue;
  347. saddr = sg_dma_address(sgsrc);
  348. offsetin = 0;
  349. nextin = false;
  350. }
  351. if (nextout) {
  352. sgdst = sg_next(sgdst);
  353. remainout = sg_dma_len(sgdst);
  354. if (remainout == 0)
  355. continue;
  356. daddr = sg_dma_address(sgdst);
  357. offsetout = 0;
  358. nextout = false;
  359. }
  360. src_addr = saddr + offsetin;
  361. dst_addr = daddr + offsetout;
  362. if (remainin == remainout) {
  363. len = remainin;
  364. if (len > n) {
  365. len = n;
  366. remainin -= n;
  367. remainout -= n;
  368. offsetin += n;
  369. offsetout += n;
  370. } else {
  371. nextin = true;
  372. nextout = true;
  373. }
  374. } else if (remainin < remainout) {
  375. len = remainin;
  376. if (len > n) {
  377. len = n;
  378. remainin -= n;
  379. remainout -= n;
  380. offsetin += n;
  381. offsetout += n;
  382. } else {
  383. offsetout += len;
  384. remainout -= len;
  385. nextin = true;
  386. }
  387. } else {
  388. len = remainout;
  389. if (len > n) {
  390. len = n;
  391. remainin -= n;
  392. remainout -= n;
  393. offsetin += n;
  394. offsetout += n;
  395. } else {
  396. offsetin += len;
  397. remainin -= len;
  398. nextout = true;
  399. }
  400. }
  401. n -= len;
  402. cdesc->src_addr = src_addr;
  403. cdesc->dst_addr = dst_addr;
  404. cdesc->state_addr = state_addr;
  405. cdesc->pe_length_word = FIELD_PREP(EIP93_PE_LENGTH_HOST_PE_READY,
  406. EIP93_PE_LENGTH_HOST_READY);
  407. cdesc->pe_length_word |= FIELD_PREP(EIP93_PE_LENGTH_LENGTH, len);
  408. if (n == 0) {
  409. n = datalen - split;
  410. split = datalen;
  411. state_addr = rctx->sa_state_base;
  412. }
  413. if (n == 0)
  414. cdesc->user_id |= FIELD_PREP(EIP93_PE_USER_ID_DESC_FLAGS,
  415. EIP93_DESC_LAST);
  416. /*
  417. * Loop - Delay - No need to rollback
  418. * Maybe refine by slowing down at EIP93_RING_BUSY
  419. */
  420. again:
  421. scoped_guard(spinlock_irqsave, &eip93->ring->write_lock)
  422. err = eip93_put_descriptor(eip93, cdesc);
  423. if (err) {
  424. usleep_range(EIP93_RING_BUSY_DELAY,
  425. EIP93_RING_BUSY_DELAY * 2);
  426. goto again;
  427. }
  428. /* Writing new descriptor count starts DMA action */
  429. writel(1, eip93->base + EIP93_REG_PE_CD_COUNT);
  430. } while (n);
  431. return -EINPROGRESS;
  432. }
  433. int eip93_send_req(struct crypto_async_request *async,
  434. const u8 *reqiv, struct eip93_cipher_reqctx *rctx)
  435. {
  436. struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(async->tfm);
  437. struct eip93_device *eip93 = ctx->eip93;
  438. struct scatterlist *src = rctx->sg_src;
  439. struct scatterlist *dst = rctx->sg_dst;
  440. struct sa_state *sa_state;
  441. struct eip93_descriptor cdesc;
  442. u32 flags = rctx->flags;
  443. int offsetin = 0, err;
  444. u32 datalen = rctx->assoclen + rctx->textsize;
  445. u32 split = datalen;
  446. u32 start, end, ctr, blocks;
  447. u32 iv[AES_BLOCK_SIZE / sizeof(u32)];
  448. int crypto_async_idr;
  449. rctx->sa_state_ctr = NULL;
  450. rctx->sa_state = NULL;
  451. if (IS_ECB(flags))
  452. goto skip_iv;
  453. memcpy(iv, reqiv, rctx->ivsize);
  454. rctx->sa_state = kzalloc(sizeof(*rctx->sa_state), GFP_KERNEL);
  455. if (!rctx->sa_state)
  456. return -ENOMEM;
  457. sa_state = rctx->sa_state;
  458. memcpy(sa_state->state_iv, iv, rctx->ivsize);
  459. if (IS_RFC3686(flags)) {
  460. sa_state->state_iv[0] = ctx->sa_nonce;
  461. sa_state->state_iv[1] = iv[0];
  462. sa_state->state_iv[2] = iv[1];
  463. sa_state->state_iv[3] = (u32 __force)cpu_to_be32(0x1);
  464. } else if (!IS_HMAC(flags) && IS_CTR(flags)) {
  465. /* Compute data length. */
  466. blocks = DIV_ROUND_UP(rctx->textsize, AES_BLOCK_SIZE);
  467. ctr = be32_to_cpu((__be32 __force)iv[3]);
  468. /* Check 32bit counter overflow. */
  469. start = ctr;
  470. end = start + blocks - 1;
  471. if (end < start) {
  472. split = AES_BLOCK_SIZE * -start;
  473. /*
  474. * Increment the counter manually to cope with
  475. * the hardware counter overflow.
  476. */
  477. iv[3] = 0xffffffff;
  478. crypto_inc((u8 *)iv, AES_BLOCK_SIZE);
  479. rctx->sa_state_ctr = kzalloc(sizeof(*rctx->sa_state_ctr),
  480. GFP_KERNEL);
  481. if (!rctx->sa_state_ctr) {
  482. err = -ENOMEM;
  483. goto free_sa_state;
  484. }
  485. memcpy(rctx->sa_state_ctr->state_iv, reqiv, rctx->ivsize);
  486. memcpy(sa_state->state_iv, iv, rctx->ivsize);
  487. rctx->sa_state_ctr_base = dma_map_single(eip93->dev, rctx->sa_state_ctr,
  488. sizeof(*rctx->sa_state_ctr),
  489. DMA_TO_DEVICE);
  490. err = dma_mapping_error(eip93->dev, rctx->sa_state_ctr_base);
  491. if (err)
  492. goto free_sa_state_ctr;
  493. }
  494. }
  495. rctx->sa_state_base = dma_map_single(eip93->dev, rctx->sa_state,
  496. sizeof(*rctx->sa_state), DMA_TO_DEVICE);
  497. err = dma_mapping_error(eip93->dev, rctx->sa_state_base);
  498. if (err)
  499. goto free_sa_state_ctr_dma;
  500. skip_iv:
  501. cdesc.pe_ctrl_stat_word = FIELD_PREP(EIP93_PE_CTRL_PE_READY_DES_TRING_OWN,
  502. EIP93_PE_CTRL_HOST_READY);
  503. cdesc.sa_addr = rctx->sa_record_base;
  504. cdesc.arc4_addr = 0;
  505. scoped_guard(spinlock_bh, &eip93->ring->idr_lock)
  506. crypto_async_idr = idr_alloc(&eip93->ring->crypto_async_idr, async, 0,
  507. EIP93_RING_NUM - 1, GFP_ATOMIC);
  508. cdesc.user_id = FIELD_PREP(EIP93_PE_USER_ID_CRYPTO_IDR, (u16)crypto_async_idr) |
  509. FIELD_PREP(EIP93_PE_USER_ID_DESC_FLAGS, rctx->desc_flags);
  510. rctx->cdesc = &cdesc;
  511. /* map DMA_BIDIRECTIONAL to invalidate cache on destination
  512. * implies __dma_cache_wback_inv
  513. */
  514. if (!dma_map_sg(eip93->dev, dst, rctx->dst_nents, DMA_BIDIRECTIONAL)) {
  515. err = -ENOMEM;
  516. goto free_sa_state_ctr_dma;
  517. }
  518. if (src != dst &&
  519. !dma_map_sg(eip93->dev, src, rctx->src_nents, DMA_TO_DEVICE)) {
  520. err = -ENOMEM;
  521. goto free_sg_dma;
  522. }
  523. return eip93_scatter_combine(eip93, rctx, datalen, split, offsetin);
  524. free_sg_dma:
  525. dma_unmap_sg(eip93->dev, dst, rctx->dst_nents, DMA_BIDIRECTIONAL);
  526. free_sa_state_ctr_dma:
  527. if (rctx->sa_state_ctr)
  528. dma_unmap_single(eip93->dev, rctx->sa_state_ctr_base,
  529. sizeof(*rctx->sa_state_ctr),
  530. DMA_TO_DEVICE);
  531. free_sa_state_ctr:
  532. kfree(rctx->sa_state_ctr);
  533. if (rctx->sa_state)
  534. dma_unmap_single(eip93->dev, rctx->sa_state_base,
  535. sizeof(*rctx->sa_state),
  536. DMA_TO_DEVICE);
  537. free_sa_state:
  538. kfree(rctx->sa_state);
  539. return err;
  540. }
  541. void eip93_unmap_dma(struct eip93_device *eip93, struct eip93_cipher_reqctx *rctx,
  542. struct scatterlist *reqsrc, struct scatterlist *reqdst)
  543. {
  544. u32 len = rctx->assoclen + rctx->textsize;
  545. u32 authsize = rctx->authsize;
  546. u32 flags = rctx->flags;
  547. u32 *otag;
  548. int i;
  549. if (rctx->sg_src == rctx->sg_dst) {
  550. dma_unmap_sg(eip93->dev, rctx->sg_dst, rctx->dst_nents,
  551. DMA_BIDIRECTIONAL);
  552. goto process_tag;
  553. }
  554. dma_unmap_sg(eip93->dev, rctx->sg_src, rctx->src_nents,
  555. DMA_TO_DEVICE);
  556. if (rctx->sg_src != reqsrc)
  557. eip93_free_sg_copy(len + rctx->authsize, &rctx->sg_src);
  558. dma_unmap_sg(eip93->dev, rctx->sg_dst, rctx->dst_nents,
  559. DMA_BIDIRECTIONAL);
  560. /* SHA tags need conversion from net-to-host */
  561. process_tag:
  562. if (IS_DECRYPT(flags))
  563. authsize = 0;
  564. if (authsize) {
  565. if (!IS_HASH_MD5(flags)) {
  566. otag = sg_virt(rctx->sg_dst) + len;
  567. for (i = 0; i < (authsize / 4); i++)
  568. otag[i] = be32_to_cpu((__be32 __force)otag[i]);
  569. }
  570. }
  571. if (rctx->sg_dst != reqdst) {
  572. sg_copy_from_buffer(reqdst, sg_nents(reqdst),
  573. sg_virt(rctx->sg_dst), len + authsize);
  574. eip93_free_sg_copy(len + rctx->authsize, &rctx->sg_dst);
  575. }
  576. }
  577. void eip93_handle_result(struct eip93_device *eip93, struct eip93_cipher_reqctx *rctx,
  578. u8 *reqiv)
  579. {
  580. if (rctx->sa_state_ctr)
  581. dma_unmap_single(eip93->dev, rctx->sa_state_ctr_base,
  582. sizeof(*rctx->sa_state_ctr),
  583. DMA_FROM_DEVICE);
  584. if (rctx->sa_state)
  585. dma_unmap_single(eip93->dev, rctx->sa_state_base,
  586. sizeof(*rctx->sa_state),
  587. DMA_FROM_DEVICE);
  588. if (!IS_ECB(rctx->flags))
  589. memcpy(reqiv, rctx->sa_state->state_iv, rctx->ivsize);
  590. kfree(rctx->sa_state_ctr);
  591. kfree(rctx->sa_state);
  592. }
  593. int eip93_hmac_setkey(u32 ctx_flags, const u8 *key, unsigned int keylen,
  594. unsigned int hashlen, u8 *dest_ipad, u8 *dest_opad,
  595. bool skip_ipad)
  596. {
  597. u8 ipad[SHA256_BLOCK_SIZE], opad[SHA256_BLOCK_SIZE];
  598. struct crypto_ahash *ahash_tfm;
  599. struct eip93_hash_reqctx *rctx;
  600. struct ahash_request *req;
  601. DECLARE_CRYPTO_WAIT(wait);
  602. struct scatterlist sg[1];
  603. const char *alg_name;
  604. int i, ret;
  605. switch (ctx_flags & EIP93_HASH_MASK) {
  606. case EIP93_HASH_SHA256:
  607. alg_name = "sha256-eip93";
  608. break;
  609. case EIP93_HASH_SHA224:
  610. alg_name = "sha224-eip93";
  611. break;
  612. case EIP93_HASH_SHA1:
  613. alg_name = "sha1-eip93";
  614. break;
  615. case EIP93_HASH_MD5:
  616. alg_name = "md5-eip93";
  617. break;
  618. default: /* Impossible */
  619. return -EINVAL;
  620. }
  621. ahash_tfm = crypto_alloc_ahash(alg_name, 0, CRYPTO_ALG_ASYNC);
  622. if (IS_ERR(ahash_tfm))
  623. return PTR_ERR(ahash_tfm);
  624. req = ahash_request_alloc(ahash_tfm, GFP_ATOMIC);
  625. if (!req) {
  626. ret = -ENOMEM;
  627. goto err_ahash;
  628. }
  629. rctx = ahash_request_ctx_dma(req);
  630. crypto_init_wait(&wait);
  631. ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  632. crypto_req_done, &wait);
  633. /* Hash the key if > SHA256_BLOCK_SIZE */
  634. if (keylen > SHA256_BLOCK_SIZE) {
  635. sg_init_one(&sg[0], key, keylen);
  636. ahash_request_set_crypt(req, sg, ipad, keylen);
  637. ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
  638. if (ret)
  639. goto err_req;
  640. keylen = hashlen;
  641. } else {
  642. memcpy(ipad, key, keylen);
  643. }
  644. /* Copy to opad */
  645. memset(ipad + keylen, 0, SHA256_BLOCK_SIZE - keylen);
  646. memcpy(opad, ipad, SHA256_BLOCK_SIZE);
  647. /* Pad with HMAC constants */
  648. for (i = 0; i < SHA256_BLOCK_SIZE; i++) {
  649. ipad[i] ^= HMAC_IPAD_VALUE;
  650. opad[i] ^= HMAC_OPAD_VALUE;
  651. }
  652. if (skip_ipad) {
  653. memcpy(dest_ipad, ipad, SHA256_BLOCK_SIZE);
  654. } else {
  655. /* Hash ipad */
  656. sg_init_one(&sg[0], ipad, SHA256_BLOCK_SIZE);
  657. ahash_request_set_crypt(req, sg, dest_ipad, SHA256_BLOCK_SIZE);
  658. ret = crypto_ahash_init(req);
  659. if (ret)
  660. goto err_req;
  661. /* Disable HASH_FINALIZE for ipad hash */
  662. rctx->partial_hash = true;
  663. ret = crypto_wait_req(crypto_ahash_finup(req), &wait);
  664. if (ret)
  665. goto err_req;
  666. }
  667. /* Hash opad */
  668. sg_init_one(&sg[0], opad, SHA256_BLOCK_SIZE);
  669. ahash_request_set_crypt(req, sg, dest_opad, SHA256_BLOCK_SIZE);
  670. ret = crypto_ahash_init(req);
  671. if (ret)
  672. goto err_req;
  673. /* Disable HASH_FINALIZE for opad hash */
  674. rctx->partial_hash = true;
  675. ret = crypto_wait_req(crypto_ahash_finup(req), &wait);
  676. if (ret)
  677. goto err_req;
  678. if (!IS_HASH_MD5(ctx_flags)) {
  679. for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(u32); i++) {
  680. u32 *ipad_hash = (u32 *)dest_ipad;
  681. u32 *opad_hash = (u32 *)dest_opad;
  682. if (!skip_ipad)
  683. ipad_hash[i] = (u32 __force)cpu_to_be32(ipad_hash[i]);
  684. opad_hash[i] = (u32 __force)cpu_to_be32(opad_hash[i]);
  685. }
  686. }
  687. err_req:
  688. ahash_request_free(req);
  689. err_ahash:
  690. crypto_free_ahash(ahash_tfm);
  691. return ret;
  692. }