safexcel_cipher.c 103 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Copyright (C) 2017 Marvell
  4. *
  5. * Antoine Tenart <antoine.tenart@free-electrons.com>
  6. */
  7. #include <linux/unaligned.h>
  8. #include <linux/device.h>
  9. #include <linux/dma-mapping.h>
  10. #include <linux/dmapool.h>
  11. #include <crypto/aead.h>
  12. #include <crypto/aes.h>
  13. #include <crypto/authenc.h>
  14. #include <crypto/chacha.h>
  15. #include <crypto/ctr.h>
  16. #include <crypto/internal/des.h>
  17. #include <crypto/gcm.h>
  18. #include <crypto/ghash.h>
  19. #include <crypto/poly1305.h>
  20. #include <crypto/sha1.h>
  21. #include <crypto/sha2.h>
  22. #include <crypto/sm3.h>
  23. #include <crypto/sm4.h>
  24. #include <crypto/xts.h>
  25. #include <crypto/skcipher.h>
  26. #include <crypto/internal/aead.h>
  27. #include <crypto/internal/skcipher.h>
  28. #include "safexcel.h"
  29. enum safexcel_cipher_direction {
  30. SAFEXCEL_ENCRYPT,
  31. SAFEXCEL_DECRYPT,
  32. };
  33. enum safexcel_cipher_alg {
  34. SAFEXCEL_DES,
  35. SAFEXCEL_3DES,
  36. SAFEXCEL_AES,
  37. SAFEXCEL_CHACHA20,
  38. SAFEXCEL_SM4,
  39. };
  40. struct safexcel_cipher_ctx {
  41. struct safexcel_context base;
  42. struct safexcel_crypto_priv *priv;
  43. u32 mode;
  44. enum safexcel_cipher_alg alg;
  45. u8 aead; /* !=0=AEAD, 2=IPSec ESP AEAD, 3=IPsec ESP GMAC */
  46. u8 xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
  47. u8 aadskip;
  48. u8 blocksz;
  49. u32 ivmask;
  50. u32 ctrinit;
  51. __le32 key[16];
  52. u32 nonce;
  53. unsigned int key_len, xts;
  54. /* All the below is AEAD specific */
  55. u32 hash_alg;
  56. u32 state_sz;
  57. struct crypto_aead *fback;
  58. };
  59. struct safexcel_cipher_req {
  60. enum safexcel_cipher_direction direction;
  61. /* Number of result descriptors associated to the request */
  62. unsigned int rdescs;
  63. bool needs_inv;
  64. int nr_src, nr_dst;
  65. };
  66. static int safexcel_skcipher_iv(struct safexcel_cipher_ctx *ctx, u8 *iv,
  67. struct safexcel_command_desc *cdesc)
  68. {
  69. if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD) {
  70. cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
  71. /* 32 bit nonce */
  72. cdesc->control_data.token[0] = ctx->nonce;
  73. /* 64 bit IV part */
  74. memcpy(&cdesc->control_data.token[1], iv, 8);
  75. /* 32 bit counter, start at 0 or 1 (big endian!) */
  76. cdesc->control_data.token[3] =
  77. (__force u32)cpu_to_be32(ctx->ctrinit);
  78. return 4;
  79. }
  80. if (ctx->alg == SAFEXCEL_CHACHA20) {
  81. cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
  82. /* 96 bit nonce part */
  83. memcpy(&cdesc->control_data.token[0], &iv[4], 12);
  84. /* 32 bit counter */
  85. cdesc->control_data.token[3] = *(u32 *)iv;
  86. return 4;
  87. }
  88. cdesc->control_data.options |= ctx->ivmask;
  89. memcpy(cdesc->control_data.token, iv, ctx->blocksz);
  90. return ctx->blocksz / sizeof(u32);
  91. }
  92. static void safexcel_skcipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
  93. struct safexcel_command_desc *cdesc,
  94. struct safexcel_token *atoken,
  95. u32 length)
  96. {
  97. struct safexcel_token *token;
  98. int ivlen;
  99. ivlen = safexcel_skcipher_iv(ctx, iv, cdesc);
  100. if (ivlen == 4) {
  101. /* No space in cdesc, instruction moves to atoken */
  102. cdesc->additional_cdata_size = 1;
  103. token = atoken;
  104. } else {
  105. /* Everything fits in cdesc */
  106. token = (struct safexcel_token *)(cdesc->control_data.token + 2);
  107. /* Need to pad with NOP */
  108. eip197_noop_token(&token[1]);
  109. }
  110. token->opcode = EIP197_TOKEN_OPCODE_DIRECTION;
  111. token->packet_length = length;
  112. token->stat = EIP197_TOKEN_STAT_LAST_PACKET |
  113. EIP197_TOKEN_STAT_LAST_HASH;
  114. token->instructions = EIP197_TOKEN_INS_LAST |
  115. EIP197_TOKEN_INS_TYPE_CRYPTO |
  116. EIP197_TOKEN_INS_TYPE_OUTPUT;
  117. }
  118. static void safexcel_aead_iv(struct safexcel_cipher_ctx *ctx, u8 *iv,
  119. struct safexcel_command_desc *cdesc)
  120. {
  121. if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD ||
  122. ctx->aead & EIP197_AEAD_TYPE_IPSEC_ESP) { /* _ESP and _ESP_GMAC */
  123. /* 32 bit nonce */
  124. cdesc->control_data.token[0] = ctx->nonce;
  125. /* 64 bit IV part */
  126. memcpy(&cdesc->control_data.token[1], iv, 8);
  127. /* 32 bit counter, start at 0 or 1 (big endian!) */
  128. cdesc->control_data.token[3] =
  129. (__force u32)cpu_to_be32(ctx->ctrinit);
  130. return;
  131. }
  132. if (ctx->xcm == EIP197_XCM_MODE_GCM || ctx->alg == SAFEXCEL_CHACHA20) {
  133. /* 96 bit IV part */
  134. memcpy(&cdesc->control_data.token[0], iv, 12);
  135. /* 32 bit counter, start at 0 or 1 (big endian!) */
  136. cdesc->control_data.token[3] =
  137. (__force u32)cpu_to_be32(ctx->ctrinit);
  138. return;
  139. }
  140. /* CBC */
  141. memcpy(cdesc->control_data.token, iv, ctx->blocksz);
  142. }
  143. static void safexcel_aead_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
  144. struct safexcel_command_desc *cdesc,
  145. struct safexcel_token *atoken,
  146. enum safexcel_cipher_direction direction,
  147. u32 cryptlen, u32 assoclen, u32 digestsize)
  148. {
  149. struct safexcel_token *aadref;
  150. int atoksize = 2; /* Start with minimum size */
  151. int assocadj = assoclen - ctx->aadskip, aadalign;
  152. /* Always 4 dwords of embedded IV for AEAD modes */
  153. cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
  154. if (direction == SAFEXCEL_DECRYPT)
  155. cryptlen -= digestsize;
  156. if (unlikely(ctx->xcm == EIP197_XCM_MODE_CCM)) {
  157. /* Construct IV block B0 for the CBC-MAC */
  158. u8 *final_iv = (u8 *)cdesc->control_data.token;
  159. u8 *cbcmaciv = (u8 *)&atoken[1];
  160. __le32 *aadlen = (__le32 *)&atoken[5];
  161. if (ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
  162. /* Length + nonce */
  163. cdesc->control_data.token[0] = ctx->nonce;
  164. /* Fixup flags byte */
  165. *(__le32 *)cbcmaciv =
  166. cpu_to_le32(ctx->nonce |
  167. ((assocadj > 0) << 6) |
  168. ((digestsize - 2) << 2));
  169. /* 64 bit IV part */
  170. memcpy(&cdesc->control_data.token[1], iv, 8);
  171. memcpy(cbcmaciv + 4, iv, 8);
  172. /* Start counter at 0 */
  173. cdesc->control_data.token[3] = 0;
  174. /* Message length */
  175. *(__be32 *)(cbcmaciv + 12) = cpu_to_be32(cryptlen);
  176. } else {
  177. /* Variable length IV part */
  178. memcpy(final_iv, iv, 15 - iv[0]);
  179. memcpy(cbcmaciv, iv, 15 - iv[0]);
  180. /* Start variable length counter at 0 */
  181. memset(final_iv + 15 - iv[0], 0, iv[0] + 1);
  182. memset(cbcmaciv + 15 - iv[0], 0, iv[0] - 1);
  183. /* fixup flags byte */
  184. cbcmaciv[0] |= ((assocadj > 0) << 6) |
  185. ((digestsize - 2) << 2);
  186. /* insert lower 2 bytes of message length */
  187. cbcmaciv[14] = cryptlen >> 8;
  188. cbcmaciv[15] = cryptlen & 255;
  189. }
  190. atoken->opcode = EIP197_TOKEN_OPCODE_INSERT;
  191. atoken->packet_length = AES_BLOCK_SIZE +
  192. ((assocadj > 0) << 1);
  193. atoken->stat = 0;
  194. atoken->instructions = EIP197_TOKEN_INS_ORIGIN_TOKEN |
  195. EIP197_TOKEN_INS_TYPE_HASH;
  196. if (likely(assocadj)) {
  197. *aadlen = cpu_to_le32((assocadj >> 8) |
  198. (assocadj & 255) << 8);
  199. atoken += 6;
  200. atoksize += 7;
  201. } else {
  202. atoken += 5;
  203. atoksize += 6;
  204. }
  205. /* Process AAD data */
  206. aadref = atoken;
  207. atoken->opcode = EIP197_TOKEN_OPCODE_DIRECTION;
  208. atoken->packet_length = assocadj;
  209. atoken->stat = 0;
  210. atoken->instructions = EIP197_TOKEN_INS_TYPE_HASH;
  211. atoken++;
  212. /* For CCM only, align AAD data towards hash engine */
  213. atoken->opcode = EIP197_TOKEN_OPCODE_INSERT;
  214. aadalign = (assocadj + 2) & 15;
  215. atoken->packet_length = assocadj && aadalign ?
  216. 16 - aadalign :
  217. 0;
  218. if (likely(cryptlen)) {
  219. atoken->stat = 0;
  220. atoken->instructions = EIP197_TOKEN_INS_TYPE_HASH;
  221. } else {
  222. atoken->stat = EIP197_TOKEN_STAT_LAST_HASH;
  223. atoken->instructions = EIP197_TOKEN_INS_LAST |
  224. EIP197_TOKEN_INS_TYPE_HASH;
  225. }
  226. } else {
  227. safexcel_aead_iv(ctx, iv, cdesc);
  228. /* Process AAD data */
  229. aadref = atoken;
  230. atoken->opcode = EIP197_TOKEN_OPCODE_DIRECTION;
  231. atoken->packet_length = assocadj;
  232. atoken->stat = EIP197_TOKEN_STAT_LAST_HASH;
  233. atoken->instructions = EIP197_TOKEN_INS_LAST |
  234. EIP197_TOKEN_INS_TYPE_HASH;
  235. }
  236. atoken++;
  237. if (ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
  238. /* For ESP mode (and not GMAC), skip over the IV */
  239. atoken->opcode = EIP197_TOKEN_OPCODE_DIRECTION;
  240. atoken->packet_length = EIP197_AEAD_IPSEC_IV_SIZE;
  241. atoken->stat = 0;
  242. atoken->instructions = 0;
  243. atoken++;
  244. atoksize++;
  245. } else if (unlikely(ctx->alg == SAFEXCEL_CHACHA20 &&
  246. direction == SAFEXCEL_DECRYPT)) {
  247. /* Poly-chacha decryption needs a dummy NOP here ... */
  248. atoken->opcode = EIP197_TOKEN_OPCODE_INSERT;
  249. atoken->packet_length = 16; /* According to Op Manual */
  250. atoken->stat = 0;
  251. atoken->instructions = 0;
  252. atoken++;
  253. atoksize++;
  254. }
  255. if (ctx->xcm) {
  256. /* For GCM and CCM, obtain enc(Y0) */
  257. atoken->opcode = EIP197_TOKEN_OPCODE_INSERT_REMRES;
  258. atoken->packet_length = 0;
  259. atoken->stat = 0;
  260. atoken->instructions = AES_BLOCK_SIZE;
  261. atoken++;
  262. atoken->opcode = EIP197_TOKEN_OPCODE_INSERT;
  263. atoken->packet_length = AES_BLOCK_SIZE;
  264. atoken->stat = 0;
  265. atoken->instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |
  266. EIP197_TOKEN_INS_TYPE_CRYPTO;
  267. atoken++;
  268. atoksize += 2;
  269. }
  270. if (likely(cryptlen || ctx->alg == SAFEXCEL_CHACHA20)) {
  271. /* Fixup stat field for AAD direction instruction */
  272. aadref->stat = 0;
  273. /* Process crypto data */
  274. atoken->opcode = EIP197_TOKEN_OPCODE_DIRECTION;
  275. atoken->packet_length = cryptlen;
  276. if (unlikely(ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP_GMAC)) {
  277. /* Fixup instruction field for AAD dir instruction */
  278. aadref->instructions = EIP197_TOKEN_INS_TYPE_HASH;
  279. /* Do not send to crypt engine in case of GMAC */
  280. atoken->instructions = EIP197_TOKEN_INS_LAST |
  281. EIP197_TOKEN_INS_TYPE_HASH |
  282. EIP197_TOKEN_INS_TYPE_OUTPUT;
  283. } else {
  284. atoken->instructions = EIP197_TOKEN_INS_LAST |
  285. EIP197_TOKEN_INS_TYPE_CRYPTO |
  286. EIP197_TOKEN_INS_TYPE_HASH |
  287. EIP197_TOKEN_INS_TYPE_OUTPUT;
  288. }
  289. cryptlen &= 15;
  290. if (unlikely(ctx->xcm == EIP197_XCM_MODE_CCM && cryptlen)) {
  291. atoken->stat = 0;
  292. /* For CCM only, pad crypto data to the hash engine */
  293. atoken++;
  294. atoksize++;
  295. atoken->opcode = EIP197_TOKEN_OPCODE_INSERT;
  296. atoken->packet_length = 16 - cryptlen;
  297. atoken->stat = EIP197_TOKEN_STAT_LAST_HASH;
  298. atoken->instructions = EIP197_TOKEN_INS_TYPE_HASH;
  299. } else {
  300. atoken->stat = EIP197_TOKEN_STAT_LAST_HASH;
  301. }
  302. atoken++;
  303. atoksize++;
  304. }
  305. if (direction == SAFEXCEL_ENCRYPT) {
  306. /* Append ICV */
  307. atoken->opcode = EIP197_TOKEN_OPCODE_INSERT;
  308. atoken->packet_length = digestsize;
  309. atoken->stat = EIP197_TOKEN_STAT_LAST_HASH |
  310. EIP197_TOKEN_STAT_LAST_PACKET;
  311. atoken->instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |
  312. EIP197_TOKEN_INS_INSERT_HASH_DIGEST;
  313. } else {
  314. /* Extract ICV */
  315. atoken->opcode = EIP197_TOKEN_OPCODE_RETRIEVE;
  316. atoken->packet_length = digestsize;
  317. atoken->stat = EIP197_TOKEN_STAT_LAST_HASH |
  318. EIP197_TOKEN_STAT_LAST_PACKET;
  319. atoken->instructions = EIP197_TOKEN_INS_INSERT_HASH_DIGEST;
  320. atoken++;
  321. atoksize++;
  322. /* Verify ICV */
  323. atoken->opcode = EIP197_TOKEN_OPCODE_VERIFY;
  324. atoken->packet_length = digestsize |
  325. EIP197_TOKEN_HASH_RESULT_VERIFY;
  326. atoken->stat = EIP197_TOKEN_STAT_LAST_HASH |
  327. EIP197_TOKEN_STAT_LAST_PACKET;
  328. atoken->instructions = EIP197_TOKEN_INS_TYPE_OUTPUT;
  329. }
  330. /* Fixup length of the token in the command descriptor */
  331. cdesc->additional_cdata_size = atoksize;
  332. }
  333. static int safexcel_skcipher_aes_setkey(struct crypto_skcipher *ctfm,
  334. const u8 *key, unsigned int len)
  335. {
  336. struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
  337. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  338. struct safexcel_crypto_priv *priv = ctx->base.priv;
  339. struct crypto_aes_ctx aes;
  340. int ret, i;
  341. ret = aes_expandkey(&aes, key, len);
  342. if (ret)
  343. return ret;
  344. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
  345. for (i = 0; i < len / sizeof(u32); i++) {
  346. if (le32_to_cpu(ctx->key[i]) != aes.key_enc[i]) {
  347. ctx->base.needs_inv = true;
  348. break;
  349. }
  350. }
  351. }
  352. for (i = 0; i < len / sizeof(u32); i++)
  353. ctx->key[i] = cpu_to_le32(aes.key_enc[i]);
  354. ctx->key_len = len;
  355. memzero_explicit(&aes, sizeof(aes));
  356. return 0;
  357. }
  358. static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key,
  359. unsigned int len)
  360. {
  361. struct crypto_tfm *tfm = crypto_aead_tfm(ctfm);
  362. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  363. struct safexcel_crypto_priv *priv = ctx->base.priv;
  364. struct crypto_authenc_keys keys;
  365. struct crypto_aes_ctx aes;
  366. int err = -EINVAL, i;
  367. const char *alg;
  368. if (unlikely(crypto_authenc_extractkeys(&keys, key, len)))
  369. goto badkey;
  370. if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD) {
  371. /* Must have at least space for the nonce here */
  372. if (unlikely(keys.enckeylen < CTR_RFC3686_NONCE_SIZE))
  373. goto badkey;
  374. /* last 4 bytes of key are the nonce! */
  375. ctx->nonce = *(u32 *)(keys.enckey + keys.enckeylen -
  376. CTR_RFC3686_NONCE_SIZE);
  377. /* exclude the nonce here */
  378. keys.enckeylen -= CTR_RFC3686_NONCE_SIZE;
  379. }
  380. /* Encryption key */
  381. switch (ctx->alg) {
  382. case SAFEXCEL_DES:
  383. err = verify_aead_des_key(ctfm, keys.enckey, keys.enckeylen);
  384. if (unlikely(err))
  385. goto badkey;
  386. break;
  387. case SAFEXCEL_3DES:
  388. err = verify_aead_des3_key(ctfm, keys.enckey, keys.enckeylen);
  389. if (unlikely(err))
  390. goto badkey;
  391. break;
  392. case SAFEXCEL_AES:
  393. err = aes_expandkey(&aes, keys.enckey, keys.enckeylen);
  394. if (unlikely(err))
  395. goto badkey;
  396. break;
  397. case SAFEXCEL_SM4:
  398. if (unlikely(keys.enckeylen != SM4_KEY_SIZE))
  399. goto badkey;
  400. break;
  401. default:
  402. dev_err(priv->dev, "aead: unsupported cipher algorithm\n");
  403. goto badkey;
  404. }
  405. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
  406. for (i = 0; i < keys.enckeylen / sizeof(u32); i++) {
  407. if (le32_to_cpu(ctx->key[i]) !=
  408. ((u32 *)keys.enckey)[i]) {
  409. ctx->base.needs_inv = true;
  410. break;
  411. }
  412. }
  413. }
  414. /* Auth key */
  415. switch (ctx->hash_alg) {
  416. case CONTEXT_CONTROL_CRYPTO_ALG_SHA1:
  417. alg = "safexcel-sha1";
  418. break;
  419. case CONTEXT_CONTROL_CRYPTO_ALG_SHA224:
  420. alg = "safexcel-sha224";
  421. break;
  422. case CONTEXT_CONTROL_CRYPTO_ALG_SHA256:
  423. alg = "safexcel-sha256";
  424. break;
  425. case CONTEXT_CONTROL_CRYPTO_ALG_SHA384:
  426. alg = "safexcel-sha384";
  427. break;
  428. case CONTEXT_CONTROL_CRYPTO_ALG_SHA512:
  429. alg = "safexcel-sha512";
  430. break;
  431. case CONTEXT_CONTROL_CRYPTO_ALG_SM3:
  432. alg = "safexcel-sm3";
  433. break;
  434. default:
  435. dev_err(priv->dev, "aead: unsupported hash algorithm\n");
  436. goto badkey;
  437. }
  438. if (safexcel_hmac_setkey(&ctx->base, keys.authkey, keys.authkeylen,
  439. alg, ctx->state_sz))
  440. goto badkey;
  441. /* Now copy the keys into the context */
  442. for (i = 0; i < keys.enckeylen / sizeof(u32); i++)
  443. ctx->key[i] = cpu_to_le32(((u32 *)keys.enckey)[i]);
  444. ctx->key_len = keys.enckeylen;
  445. memzero_explicit(&keys, sizeof(keys));
  446. return 0;
  447. badkey:
  448. memzero_explicit(&keys, sizeof(keys));
  449. return err;
  450. }
  451. static int safexcel_context_control(struct safexcel_cipher_ctx *ctx,
  452. struct crypto_async_request *async,
  453. struct safexcel_cipher_req *sreq,
  454. struct safexcel_command_desc *cdesc)
  455. {
  456. struct safexcel_crypto_priv *priv = ctx->base.priv;
  457. int ctrl_size = ctx->key_len / sizeof(u32);
  458. cdesc->control_data.control1 = ctx->mode;
  459. if (ctx->aead) {
  460. /* Take in account the ipad+opad digests */
  461. if (ctx->xcm) {
  462. ctrl_size += ctx->state_sz / sizeof(u32);
  463. cdesc->control_data.control0 =
  464. CONTEXT_CONTROL_KEY_EN |
  465. CONTEXT_CONTROL_DIGEST_XCM |
  466. ctx->hash_alg |
  467. CONTEXT_CONTROL_SIZE(ctrl_size);
  468. } else if (ctx->alg == SAFEXCEL_CHACHA20) {
  469. /* Chacha20-Poly1305 */
  470. cdesc->control_data.control0 =
  471. CONTEXT_CONTROL_KEY_EN |
  472. CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20 |
  473. (sreq->direction == SAFEXCEL_ENCRYPT ?
  474. CONTEXT_CONTROL_TYPE_ENCRYPT_HASH_OUT :
  475. CONTEXT_CONTROL_TYPE_HASH_DECRYPT_IN) |
  476. ctx->hash_alg |
  477. CONTEXT_CONTROL_SIZE(ctrl_size);
  478. return 0;
  479. } else {
  480. ctrl_size += ctx->state_sz / sizeof(u32) * 2;
  481. cdesc->control_data.control0 =
  482. CONTEXT_CONTROL_KEY_EN |
  483. CONTEXT_CONTROL_DIGEST_HMAC |
  484. ctx->hash_alg |
  485. CONTEXT_CONTROL_SIZE(ctrl_size);
  486. }
  487. if (sreq->direction == SAFEXCEL_ENCRYPT &&
  488. (ctx->xcm == EIP197_XCM_MODE_CCM ||
  489. ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP_GMAC))
  490. cdesc->control_data.control0 |=
  491. CONTEXT_CONTROL_TYPE_HASH_ENCRYPT_OUT;
  492. else if (sreq->direction == SAFEXCEL_ENCRYPT)
  493. cdesc->control_data.control0 |=
  494. CONTEXT_CONTROL_TYPE_ENCRYPT_HASH_OUT;
  495. else if (ctx->xcm == EIP197_XCM_MODE_CCM)
  496. cdesc->control_data.control0 |=
  497. CONTEXT_CONTROL_TYPE_DECRYPT_HASH_IN;
  498. else
  499. cdesc->control_data.control0 |=
  500. CONTEXT_CONTROL_TYPE_HASH_DECRYPT_IN;
  501. } else {
  502. if (sreq->direction == SAFEXCEL_ENCRYPT)
  503. cdesc->control_data.control0 =
  504. CONTEXT_CONTROL_TYPE_CRYPTO_OUT |
  505. CONTEXT_CONTROL_KEY_EN |
  506. CONTEXT_CONTROL_SIZE(ctrl_size);
  507. else
  508. cdesc->control_data.control0 =
  509. CONTEXT_CONTROL_TYPE_CRYPTO_IN |
  510. CONTEXT_CONTROL_KEY_EN |
  511. CONTEXT_CONTROL_SIZE(ctrl_size);
  512. }
  513. if (ctx->alg == SAFEXCEL_DES) {
  514. cdesc->control_data.control0 |=
  515. CONTEXT_CONTROL_CRYPTO_ALG_DES;
  516. } else if (ctx->alg == SAFEXCEL_3DES) {
  517. cdesc->control_data.control0 |=
  518. CONTEXT_CONTROL_CRYPTO_ALG_3DES;
  519. } else if (ctx->alg == SAFEXCEL_AES) {
  520. switch (ctx->key_len >> ctx->xts) {
  521. case AES_KEYSIZE_128:
  522. cdesc->control_data.control0 |=
  523. CONTEXT_CONTROL_CRYPTO_ALG_AES128;
  524. break;
  525. case AES_KEYSIZE_192:
  526. cdesc->control_data.control0 |=
  527. CONTEXT_CONTROL_CRYPTO_ALG_AES192;
  528. break;
  529. case AES_KEYSIZE_256:
  530. cdesc->control_data.control0 |=
  531. CONTEXT_CONTROL_CRYPTO_ALG_AES256;
  532. break;
  533. default:
  534. dev_err(priv->dev, "aes keysize not supported: %u\n",
  535. ctx->key_len >> ctx->xts);
  536. return -EINVAL;
  537. }
  538. } else if (ctx->alg == SAFEXCEL_CHACHA20) {
  539. cdesc->control_data.control0 |=
  540. CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20;
  541. } else if (ctx->alg == SAFEXCEL_SM4) {
  542. cdesc->control_data.control0 |=
  543. CONTEXT_CONTROL_CRYPTO_ALG_SM4;
  544. }
  545. return 0;
  546. }
  547. static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv, int ring,
  548. struct crypto_async_request *async,
  549. struct scatterlist *src,
  550. struct scatterlist *dst,
  551. unsigned int cryptlen,
  552. struct safexcel_cipher_req *sreq,
  553. bool *should_complete, int *ret)
  554. {
  555. struct skcipher_request *areq = skcipher_request_cast(async);
  556. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(areq);
  557. struct safexcel_cipher_ctx *ctx = crypto_skcipher_ctx(skcipher);
  558. struct safexcel_result_desc *rdesc;
  559. int ndesc = 0;
  560. *ret = 0;
  561. if (unlikely(!sreq->rdescs))
  562. return 0;
  563. while (sreq->rdescs--) {
  564. rdesc = safexcel_ring_next_rptr(priv, &priv->ring[ring].rdr);
  565. if (IS_ERR(rdesc)) {
  566. dev_err(priv->dev,
  567. "cipher: result: could not retrieve the result descriptor\n");
  568. *ret = PTR_ERR(rdesc);
  569. break;
  570. }
  571. if (likely(!*ret))
  572. *ret = safexcel_rdesc_check_errors(priv, rdesc);
  573. ndesc++;
  574. }
  575. safexcel_complete(priv, ring);
  576. if (src == dst) {
  577. if (sreq->nr_src > 0)
  578. dma_unmap_sg(priv->dev, src, sreq->nr_src,
  579. DMA_BIDIRECTIONAL);
  580. } else {
  581. if (sreq->nr_src > 0)
  582. dma_unmap_sg(priv->dev, src, sreq->nr_src,
  583. DMA_TO_DEVICE);
  584. if (sreq->nr_dst > 0)
  585. dma_unmap_sg(priv->dev, dst, sreq->nr_dst,
  586. DMA_FROM_DEVICE);
  587. }
  588. /*
  589. * Update IV in req from last crypto output word for CBC modes
  590. */
  591. if ((!ctx->aead) && (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CBC) &&
  592. (sreq->direction == SAFEXCEL_ENCRYPT)) {
  593. /* For encrypt take the last output word */
  594. sg_pcopy_to_buffer(dst, sreq->nr_dst, areq->iv,
  595. crypto_skcipher_ivsize(skcipher),
  596. (cryptlen -
  597. crypto_skcipher_ivsize(skcipher)));
  598. }
  599. *should_complete = true;
  600. return ndesc;
  601. }
  602. static int safexcel_send_req(struct crypto_async_request *base, int ring,
  603. struct safexcel_cipher_req *sreq,
  604. struct scatterlist *src, struct scatterlist *dst,
  605. unsigned int cryptlen, unsigned int assoclen,
  606. unsigned int digestsize, u8 *iv, int *commands,
  607. int *results)
  608. {
  609. struct skcipher_request *areq = skcipher_request_cast(base);
  610. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(areq);
  611. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(base->tfm);
  612. struct safexcel_crypto_priv *priv = ctx->base.priv;
  613. struct safexcel_command_desc *cdesc;
  614. struct safexcel_command_desc *first_cdesc = NULL;
  615. struct safexcel_result_desc *rdesc, *first_rdesc = NULL;
  616. struct scatterlist *sg;
  617. unsigned int totlen;
  618. unsigned int totlen_src = cryptlen + assoclen;
  619. unsigned int totlen_dst = totlen_src;
  620. struct safexcel_token *atoken;
  621. int n_cdesc = 0, n_rdesc = 0;
  622. int queued, i, ret = 0;
  623. bool first = true;
  624. sreq->nr_src = sg_nents_for_len(src, totlen_src);
  625. if (ctx->aead) {
  626. /*
  627. * AEAD has auth tag appended to output for encrypt and
  628. * removed from the output for decrypt!
  629. */
  630. if (sreq->direction == SAFEXCEL_DECRYPT)
  631. totlen_dst -= digestsize;
  632. else
  633. totlen_dst += digestsize;
  634. memcpy(ctx->base.ctxr->data + ctx->key_len / sizeof(u32),
  635. &ctx->base.ipad, ctx->state_sz);
  636. if (!ctx->xcm)
  637. memcpy(ctx->base.ctxr->data + (ctx->key_len +
  638. ctx->state_sz) / sizeof(u32), &ctx->base.opad,
  639. ctx->state_sz);
  640. } else if ((ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CBC) &&
  641. (sreq->direction == SAFEXCEL_DECRYPT)) {
  642. /*
  643. * Save IV from last crypto input word for CBC modes in decrypt
  644. * direction. Need to do this first in case of inplace operation
  645. * as it will be overwritten.
  646. */
  647. sg_pcopy_to_buffer(src, sreq->nr_src, areq->iv,
  648. crypto_skcipher_ivsize(skcipher),
  649. (totlen_src -
  650. crypto_skcipher_ivsize(skcipher)));
  651. }
  652. sreq->nr_dst = sg_nents_for_len(dst, totlen_dst);
  653. /*
  654. * Remember actual input length, source buffer length may be
  655. * updated in case of inline operation below.
  656. */
  657. totlen = totlen_src;
  658. queued = totlen_src;
  659. if (src == dst) {
  660. sreq->nr_src = max(sreq->nr_src, sreq->nr_dst);
  661. sreq->nr_dst = sreq->nr_src;
  662. if (unlikely((totlen_src || totlen_dst) &&
  663. (sreq->nr_src <= 0))) {
  664. dev_err(priv->dev, "In-place buffer not large enough (need %d bytes)!",
  665. max(totlen_src, totlen_dst));
  666. return -EINVAL;
  667. }
  668. if (sreq->nr_src > 0 &&
  669. !dma_map_sg(priv->dev, src, sreq->nr_src, DMA_BIDIRECTIONAL))
  670. return -EIO;
  671. } else {
  672. if (unlikely(totlen_src && (sreq->nr_src <= 0))) {
  673. dev_err(priv->dev, "Source buffer not large enough (need %d bytes)!",
  674. totlen_src);
  675. return -EINVAL;
  676. }
  677. if (sreq->nr_src > 0 &&
  678. !dma_map_sg(priv->dev, src, sreq->nr_src, DMA_TO_DEVICE))
  679. return -EIO;
  680. if (unlikely(totlen_dst && (sreq->nr_dst <= 0))) {
  681. dev_err(priv->dev, "Dest buffer not large enough (need %d bytes)!",
  682. totlen_dst);
  683. ret = -EINVAL;
  684. goto unmap;
  685. }
  686. if (sreq->nr_dst > 0 &&
  687. !dma_map_sg(priv->dev, dst, sreq->nr_dst, DMA_FROM_DEVICE)) {
  688. ret = -EIO;
  689. goto unmap;
  690. }
  691. }
  692. memcpy(ctx->base.ctxr->data, ctx->key, ctx->key_len);
  693. if (!totlen) {
  694. /*
  695. * The EIP97 cannot deal with zero length input packets!
  696. * So stuff a dummy command descriptor indicating a 1 byte
  697. * (dummy) input packet, using the context record as source.
  698. */
  699. first_cdesc = safexcel_add_cdesc(priv, ring,
  700. 1, 1, ctx->base.ctxr_dma,
  701. 1, 1, ctx->base.ctxr_dma,
  702. &atoken);
  703. if (IS_ERR(first_cdesc)) {
  704. /* No space left in the command descriptor ring */
  705. ret = PTR_ERR(first_cdesc);
  706. goto cdesc_rollback;
  707. }
  708. n_cdesc = 1;
  709. goto skip_cdesc;
  710. }
  711. /* command descriptors */
  712. for_each_sg(src, sg, sreq->nr_src, i) {
  713. int len = sg_dma_len(sg);
  714. /* Do not overflow the request */
  715. if (queued < len)
  716. len = queued;
  717. cdesc = safexcel_add_cdesc(priv, ring, !n_cdesc,
  718. !(queued - len),
  719. sg_dma_address(sg), len, totlen,
  720. ctx->base.ctxr_dma, &atoken);
  721. if (IS_ERR(cdesc)) {
  722. /* No space left in the command descriptor ring */
  723. ret = PTR_ERR(cdesc);
  724. goto cdesc_rollback;
  725. }
  726. if (!n_cdesc)
  727. first_cdesc = cdesc;
  728. n_cdesc++;
  729. queued -= len;
  730. if (!queued)
  731. break;
  732. }
  733. skip_cdesc:
  734. /* Add context control words and token to first command descriptor */
  735. safexcel_context_control(ctx, base, sreq, first_cdesc);
  736. if (ctx->aead)
  737. safexcel_aead_token(ctx, iv, first_cdesc, atoken,
  738. sreq->direction, cryptlen,
  739. assoclen, digestsize);
  740. else
  741. safexcel_skcipher_token(ctx, iv, first_cdesc, atoken,
  742. cryptlen);
  743. /* result descriptors */
  744. for_each_sg(dst, sg, sreq->nr_dst, i) {
  745. bool last = (i == sreq->nr_dst - 1);
  746. u32 len = sg_dma_len(sg);
  747. /* only allow the part of the buffer we know we need */
  748. if (len > totlen_dst)
  749. len = totlen_dst;
  750. if (unlikely(!len))
  751. break;
  752. totlen_dst -= len;
  753. /* skip over AAD space in buffer - not written */
  754. if (assoclen) {
  755. if (assoclen >= len) {
  756. assoclen -= len;
  757. continue;
  758. }
  759. rdesc = safexcel_add_rdesc(priv, ring, first, last,
  760. sg_dma_address(sg) +
  761. assoclen,
  762. len - assoclen);
  763. assoclen = 0;
  764. } else {
  765. rdesc = safexcel_add_rdesc(priv, ring, first, last,
  766. sg_dma_address(sg),
  767. len);
  768. }
  769. if (IS_ERR(rdesc)) {
  770. /* No space left in the result descriptor ring */
  771. ret = PTR_ERR(rdesc);
  772. goto rdesc_rollback;
  773. }
  774. if (first) {
  775. first_rdesc = rdesc;
  776. first = false;
  777. }
  778. n_rdesc++;
  779. }
  780. if (unlikely(first)) {
  781. /*
  782. * Special case: AEAD decrypt with only AAD data.
  783. * In this case there is NO output data from the engine,
  784. * but the engine still needs a result descriptor!
  785. * Create a dummy one just for catching the result token.
  786. */
  787. rdesc = safexcel_add_rdesc(priv, ring, true, true, 0, 0);
  788. if (IS_ERR(rdesc)) {
  789. /* No space left in the result descriptor ring */
  790. ret = PTR_ERR(rdesc);
  791. goto rdesc_rollback;
  792. }
  793. first_rdesc = rdesc;
  794. n_rdesc = 1;
  795. }
  796. safexcel_rdr_req_set(priv, ring, first_rdesc, base);
  797. *commands = n_cdesc;
  798. *results = n_rdesc;
  799. return 0;
  800. rdesc_rollback:
  801. for (i = 0; i < n_rdesc; i++)
  802. safexcel_ring_rollback_wptr(priv, &priv->ring[ring].rdr);
  803. cdesc_rollback:
  804. for (i = 0; i < n_cdesc; i++)
  805. safexcel_ring_rollback_wptr(priv, &priv->ring[ring].cdr);
  806. unmap:
  807. if (src == dst) {
  808. if (sreq->nr_src > 0)
  809. dma_unmap_sg(priv->dev, src, sreq->nr_src,
  810. DMA_BIDIRECTIONAL);
  811. } else {
  812. if (sreq->nr_src > 0)
  813. dma_unmap_sg(priv->dev, src, sreq->nr_src,
  814. DMA_TO_DEVICE);
  815. if (sreq->nr_dst > 0)
  816. dma_unmap_sg(priv->dev, dst, sreq->nr_dst,
  817. DMA_FROM_DEVICE);
  818. }
  819. return ret;
  820. }
  821. static int safexcel_handle_inv_result(struct safexcel_crypto_priv *priv,
  822. int ring,
  823. struct crypto_async_request *base,
  824. struct safexcel_cipher_req *sreq,
  825. bool *should_complete, int *ret)
  826. {
  827. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(base->tfm);
  828. struct safexcel_result_desc *rdesc;
  829. int ndesc = 0, enq_ret;
  830. *ret = 0;
  831. if (unlikely(!sreq->rdescs))
  832. return 0;
  833. while (sreq->rdescs--) {
  834. rdesc = safexcel_ring_next_rptr(priv, &priv->ring[ring].rdr);
  835. if (IS_ERR(rdesc)) {
  836. dev_err(priv->dev,
  837. "cipher: invalidate: could not retrieve the result descriptor\n");
  838. *ret = PTR_ERR(rdesc);
  839. break;
  840. }
  841. if (likely(!*ret))
  842. *ret = safexcel_rdesc_check_errors(priv, rdesc);
  843. ndesc++;
  844. }
  845. safexcel_complete(priv, ring);
  846. if (ctx->base.exit_inv) {
  847. dma_pool_free(priv->context_pool, ctx->base.ctxr,
  848. ctx->base.ctxr_dma);
  849. *should_complete = true;
  850. return ndesc;
  851. }
  852. ring = safexcel_select_ring(priv);
  853. ctx->base.ring = ring;
  854. spin_lock_bh(&priv->ring[ring].queue_lock);
  855. enq_ret = crypto_enqueue_request(&priv->ring[ring].queue, base);
  856. spin_unlock_bh(&priv->ring[ring].queue_lock);
  857. if (enq_ret != -EINPROGRESS)
  858. *ret = enq_ret;
  859. queue_work(priv->ring[ring].workqueue,
  860. &priv->ring[ring].work_data.work);
  861. *should_complete = false;
  862. return ndesc;
  863. }
  864. static int safexcel_skcipher_handle_result(struct safexcel_crypto_priv *priv,
  865. int ring,
  866. struct crypto_async_request *async,
  867. bool *should_complete, int *ret)
  868. {
  869. struct skcipher_request *req = skcipher_request_cast(async);
  870. struct safexcel_cipher_req *sreq = skcipher_request_ctx(req);
  871. int err;
  872. if (sreq->needs_inv) {
  873. sreq->needs_inv = false;
  874. err = safexcel_handle_inv_result(priv, ring, async, sreq,
  875. should_complete, ret);
  876. } else {
  877. err = safexcel_handle_req_result(priv, ring, async, req->src,
  878. req->dst, req->cryptlen, sreq,
  879. should_complete, ret);
  880. }
  881. return err;
  882. }
  883. static int safexcel_aead_handle_result(struct safexcel_crypto_priv *priv,
  884. int ring,
  885. struct crypto_async_request *async,
  886. bool *should_complete, int *ret)
  887. {
  888. struct aead_request *req = aead_request_cast(async);
  889. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  890. struct safexcel_cipher_req *sreq = aead_request_ctx(req);
  891. int err;
  892. if (sreq->needs_inv) {
  893. sreq->needs_inv = false;
  894. err = safexcel_handle_inv_result(priv, ring, async, sreq,
  895. should_complete, ret);
  896. } else {
  897. err = safexcel_handle_req_result(priv, ring, async, req->src,
  898. req->dst,
  899. req->cryptlen + crypto_aead_authsize(tfm),
  900. sreq, should_complete, ret);
  901. }
  902. return err;
  903. }
  904. static int safexcel_cipher_send_inv(struct crypto_async_request *base,
  905. int ring, int *commands, int *results)
  906. {
  907. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(base->tfm);
  908. struct safexcel_crypto_priv *priv = ctx->base.priv;
  909. int ret;
  910. ret = safexcel_invalidate_cache(base, priv, ctx->base.ctxr_dma, ring);
  911. if (unlikely(ret))
  912. return ret;
  913. *commands = 1;
  914. *results = 1;
  915. return 0;
  916. }
  917. static int safexcel_skcipher_send(struct crypto_async_request *async, int ring,
  918. int *commands, int *results)
  919. {
  920. struct skcipher_request *req = skcipher_request_cast(async);
  921. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
  922. struct safexcel_cipher_req *sreq = skcipher_request_ctx(req);
  923. struct safexcel_crypto_priv *priv = ctx->base.priv;
  924. int ret;
  925. BUG_ON(!(priv->flags & EIP197_TRC_CACHE) && sreq->needs_inv);
  926. if (sreq->needs_inv) {
  927. ret = safexcel_cipher_send_inv(async, ring, commands, results);
  928. } else {
  929. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
  930. u8 input_iv[AES_BLOCK_SIZE];
  931. /*
  932. * Save input IV in case of CBC decrypt mode
  933. * Will be overwritten with output IV prior to use!
  934. */
  935. memcpy(input_iv, req->iv, crypto_skcipher_ivsize(skcipher));
  936. ret = safexcel_send_req(async, ring, sreq, req->src,
  937. req->dst, req->cryptlen, 0, 0, input_iv,
  938. commands, results);
  939. }
  940. sreq->rdescs = *results;
  941. return ret;
  942. }
  943. static int safexcel_aead_send(struct crypto_async_request *async, int ring,
  944. int *commands, int *results)
  945. {
  946. struct aead_request *req = aead_request_cast(async);
  947. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  948. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
  949. struct safexcel_cipher_req *sreq = aead_request_ctx(req);
  950. struct safexcel_crypto_priv *priv = ctx->base.priv;
  951. int ret;
  952. BUG_ON(!(priv->flags & EIP197_TRC_CACHE) && sreq->needs_inv);
  953. if (sreq->needs_inv)
  954. ret = safexcel_cipher_send_inv(async, ring, commands, results);
  955. else
  956. ret = safexcel_send_req(async, ring, sreq, req->src, req->dst,
  957. req->cryptlen, req->assoclen,
  958. crypto_aead_authsize(tfm), req->iv,
  959. commands, results);
  960. sreq->rdescs = *results;
  961. return ret;
  962. }
  963. static int safexcel_cipher_exit_inv(struct crypto_tfm *tfm,
  964. struct crypto_async_request *base,
  965. struct safexcel_cipher_req *sreq,
  966. struct crypto_wait *result)
  967. {
  968. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  969. struct safexcel_crypto_priv *priv = ctx->base.priv;
  970. int ring = ctx->base.ring;
  971. int err;
  972. ctx = crypto_tfm_ctx(base->tfm);
  973. ctx->base.exit_inv = true;
  974. sreq->needs_inv = true;
  975. spin_lock_bh(&priv->ring[ring].queue_lock);
  976. crypto_enqueue_request(&priv->ring[ring].queue, base);
  977. spin_unlock_bh(&priv->ring[ring].queue_lock);
  978. queue_work(priv->ring[ring].workqueue,
  979. &priv->ring[ring].work_data.work);
  980. err = crypto_wait_req(-EINPROGRESS, result);
  981. if (err) {
  982. dev_warn(priv->dev,
  983. "cipher: sync: invalidate: completion error %d\n",
  984. err);
  985. return err;
  986. }
  987. return 0;
  988. }
  989. static int safexcel_skcipher_exit_inv(struct crypto_tfm *tfm)
  990. {
  991. EIP197_REQUEST_ON_STACK(req, skcipher, EIP197_SKCIPHER_REQ_SIZE);
  992. struct safexcel_cipher_req *sreq = skcipher_request_ctx(req);
  993. DECLARE_CRYPTO_WAIT(result);
  994. memset(req, 0, sizeof(struct skcipher_request));
  995. skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  996. crypto_req_done, &result);
  997. skcipher_request_set_tfm(req, __crypto_skcipher_cast(tfm));
  998. return safexcel_cipher_exit_inv(tfm, &req->base, sreq, &result);
  999. }
  1000. static int safexcel_aead_exit_inv(struct crypto_tfm *tfm)
  1001. {
  1002. EIP197_REQUEST_ON_STACK(req, aead, EIP197_AEAD_REQ_SIZE);
  1003. struct safexcel_cipher_req *sreq = aead_request_ctx(req);
  1004. DECLARE_CRYPTO_WAIT(result);
  1005. memset(req, 0, sizeof(struct aead_request));
  1006. aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  1007. crypto_req_done, &result);
  1008. aead_request_set_tfm(req, __crypto_aead_cast(tfm));
  1009. return safexcel_cipher_exit_inv(tfm, &req->base, sreq, &result);
  1010. }
  1011. static int safexcel_queue_req(struct crypto_async_request *base,
  1012. struct safexcel_cipher_req *sreq,
  1013. enum safexcel_cipher_direction dir)
  1014. {
  1015. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(base->tfm);
  1016. struct safexcel_crypto_priv *priv = ctx->base.priv;
  1017. int ret, ring;
  1018. sreq->needs_inv = false;
  1019. sreq->direction = dir;
  1020. if (ctx->base.ctxr) {
  1021. if (priv->flags & EIP197_TRC_CACHE && ctx->base.needs_inv) {
  1022. sreq->needs_inv = true;
  1023. ctx->base.needs_inv = false;
  1024. }
  1025. } else {
  1026. ctx->base.ring = safexcel_select_ring(priv);
  1027. ctx->base.ctxr = dma_pool_zalloc(priv->context_pool,
  1028. EIP197_GFP_FLAGS(*base),
  1029. &ctx->base.ctxr_dma);
  1030. if (!ctx->base.ctxr)
  1031. return -ENOMEM;
  1032. }
  1033. ring = ctx->base.ring;
  1034. spin_lock_bh(&priv->ring[ring].queue_lock);
  1035. ret = crypto_enqueue_request(&priv->ring[ring].queue, base);
  1036. spin_unlock_bh(&priv->ring[ring].queue_lock);
  1037. queue_work(priv->ring[ring].workqueue,
  1038. &priv->ring[ring].work_data.work);
  1039. return ret;
  1040. }
  1041. static int safexcel_encrypt(struct skcipher_request *req)
  1042. {
  1043. return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
  1044. SAFEXCEL_ENCRYPT);
  1045. }
  1046. static int safexcel_decrypt(struct skcipher_request *req)
  1047. {
  1048. return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
  1049. SAFEXCEL_DECRYPT);
  1050. }
  1051. static int safexcel_skcipher_cra_init(struct crypto_tfm *tfm)
  1052. {
  1053. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1054. struct safexcel_alg_template *tmpl =
  1055. container_of(tfm->__crt_alg, struct safexcel_alg_template,
  1056. alg.skcipher.base);
  1057. crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
  1058. sizeof(struct safexcel_cipher_req));
  1059. ctx->base.priv = tmpl->priv;
  1060. ctx->base.send = safexcel_skcipher_send;
  1061. ctx->base.handle_result = safexcel_skcipher_handle_result;
  1062. ctx->ivmask = EIP197_OPTION_4_TOKEN_IV_CMD;
  1063. ctx->ctrinit = 1;
  1064. return 0;
  1065. }
  1066. static int safexcel_cipher_cra_exit(struct crypto_tfm *tfm)
  1067. {
  1068. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1069. memzero_explicit(ctx->key, sizeof(ctx->key));
  1070. /* context not allocated, skip invalidation */
  1071. if (!ctx->base.ctxr)
  1072. return -ENOMEM;
  1073. memzero_explicit(ctx->base.ctxr->data, sizeof(ctx->base.ctxr->data));
  1074. return 0;
  1075. }
  1076. static void safexcel_skcipher_cra_exit(struct crypto_tfm *tfm)
  1077. {
  1078. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1079. struct safexcel_crypto_priv *priv = ctx->base.priv;
  1080. int ret;
  1081. if (safexcel_cipher_cra_exit(tfm))
  1082. return;
  1083. if (priv->flags & EIP197_TRC_CACHE) {
  1084. ret = safexcel_skcipher_exit_inv(tfm);
  1085. if (ret)
  1086. dev_warn(priv->dev, "skcipher: invalidation error %d\n",
  1087. ret);
  1088. } else {
  1089. dma_pool_free(priv->context_pool, ctx->base.ctxr,
  1090. ctx->base.ctxr_dma);
  1091. }
  1092. }
  1093. static void safexcel_aead_cra_exit(struct crypto_tfm *tfm)
  1094. {
  1095. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1096. struct safexcel_crypto_priv *priv = ctx->base.priv;
  1097. int ret;
  1098. if (safexcel_cipher_cra_exit(tfm))
  1099. return;
  1100. if (priv->flags & EIP197_TRC_CACHE) {
  1101. ret = safexcel_aead_exit_inv(tfm);
  1102. if (ret)
  1103. dev_warn(priv->dev, "aead: invalidation error %d\n",
  1104. ret);
  1105. } else {
  1106. dma_pool_free(priv->context_pool, ctx->base.ctxr,
  1107. ctx->base.ctxr_dma);
  1108. }
  1109. }
  1110. static int safexcel_skcipher_aes_ecb_cra_init(struct crypto_tfm *tfm)
  1111. {
  1112. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1113. safexcel_skcipher_cra_init(tfm);
  1114. ctx->alg = SAFEXCEL_AES;
  1115. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_ECB;
  1116. ctx->blocksz = 0;
  1117. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1118. return 0;
  1119. }
  1120. struct safexcel_alg_template safexcel_alg_ecb_aes = {
  1121. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  1122. .algo_mask = SAFEXCEL_ALG_AES,
  1123. .alg.skcipher = {
  1124. .setkey = safexcel_skcipher_aes_setkey,
  1125. .encrypt = safexcel_encrypt,
  1126. .decrypt = safexcel_decrypt,
  1127. .min_keysize = AES_MIN_KEY_SIZE,
  1128. .max_keysize = AES_MAX_KEY_SIZE,
  1129. .base = {
  1130. .cra_name = "ecb(aes)",
  1131. .cra_driver_name = "safexcel-ecb-aes",
  1132. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1133. .cra_flags = CRYPTO_ALG_ASYNC |
  1134. CRYPTO_ALG_ALLOCATES_MEMORY |
  1135. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1136. .cra_blocksize = AES_BLOCK_SIZE,
  1137. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1138. .cra_alignmask = 0,
  1139. .cra_init = safexcel_skcipher_aes_ecb_cra_init,
  1140. .cra_exit = safexcel_skcipher_cra_exit,
  1141. .cra_module = THIS_MODULE,
  1142. },
  1143. },
  1144. };
  1145. static int safexcel_skcipher_aes_cbc_cra_init(struct crypto_tfm *tfm)
  1146. {
  1147. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1148. safexcel_skcipher_cra_init(tfm);
  1149. ctx->alg = SAFEXCEL_AES;
  1150. ctx->blocksz = AES_BLOCK_SIZE;
  1151. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CBC;
  1152. return 0;
  1153. }
  1154. struct safexcel_alg_template safexcel_alg_cbc_aes = {
  1155. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  1156. .algo_mask = SAFEXCEL_ALG_AES,
  1157. .alg.skcipher = {
  1158. .setkey = safexcel_skcipher_aes_setkey,
  1159. .encrypt = safexcel_encrypt,
  1160. .decrypt = safexcel_decrypt,
  1161. .min_keysize = AES_MIN_KEY_SIZE,
  1162. .max_keysize = AES_MAX_KEY_SIZE,
  1163. .ivsize = AES_BLOCK_SIZE,
  1164. .base = {
  1165. .cra_name = "cbc(aes)",
  1166. .cra_driver_name = "safexcel-cbc-aes",
  1167. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1168. .cra_flags = CRYPTO_ALG_ASYNC |
  1169. CRYPTO_ALG_ALLOCATES_MEMORY |
  1170. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1171. .cra_blocksize = AES_BLOCK_SIZE,
  1172. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1173. .cra_alignmask = 0,
  1174. .cra_init = safexcel_skcipher_aes_cbc_cra_init,
  1175. .cra_exit = safexcel_skcipher_cra_exit,
  1176. .cra_module = THIS_MODULE,
  1177. },
  1178. },
  1179. };
  1180. static int safexcel_skcipher_aesctr_setkey(struct crypto_skcipher *ctfm,
  1181. const u8 *key, unsigned int len)
  1182. {
  1183. struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
  1184. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1185. struct safexcel_crypto_priv *priv = ctx->base.priv;
  1186. struct crypto_aes_ctx aes;
  1187. int ret, i;
  1188. unsigned int keylen;
  1189. /* last 4 bytes of key are the nonce! */
  1190. ctx->nonce = *(u32 *)(key + len - CTR_RFC3686_NONCE_SIZE);
  1191. /* exclude the nonce here */
  1192. keylen = len - CTR_RFC3686_NONCE_SIZE;
  1193. ret = aes_expandkey(&aes, key, keylen);
  1194. if (ret)
  1195. return ret;
  1196. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
  1197. for (i = 0; i < keylen / sizeof(u32); i++) {
  1198. if (le32_to_cpu(ctx->key[i]) != aes.key_enc[i]) {
  1199. ctx->base.needs_inv = true;
  1200. break;
  1201. }
  1202. }
  1203. }
  1204. for (i = 0; i < keylen / sizeof(u32); i++)
  1205. ctx->key[i] = cpu_to_le32(aes.key_enc[i]);
  1206. ctx->key_len = keylen;
  1207. memzero_explicit(&aes, sizeof(aes));
  1208. return 0;
  1209. }
  1210. static int safexcel_skcipher_aes_ctr_cra_init(struct crypto_tfm *tfm)
  1211. {
  1212. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1213. safexcel_skcipher_cra_init(tfm);
  1214. ctx->alg = SAFEXCEL_AES;
  1215. ctx->blocksz = AES_BLOCK_SIZE;
  1216. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD;
  1217. return 0;
  1218. }
  1219. struct safexcel_alg_template safexcel_alg_ctr_aes = {
  1220. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  1221. .algo_mask = SAFEXCEL_ALG_AES,
  1222. .alg.skcipher = {
  1223. .setkey = safexcel_skcipher_aesctr_setkey,
  1224. .encrypt = safexcel_encrypt,
  1225. .decrypt = safexcel_decrypt,
  1226. /* Add nonce size */
  1227. .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
  1228. .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
  1229. .ivsize = CTR_RFC3686_IV_SIZE,
  1230. .base = {
  1231. .cra_name = "rfc3686(ctr(aes))",
  1232. .cra_driver_name = "safexcel-ctr-aes",
  1233. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1234. .cra_flags = CRYPTO_ALG_ASYNC |
  1235. CRYPTO_ALG_ALLOCATES_MEMORY |
  1236. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1237. .cra_blocksize = 1,
  1238. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1239. .cra_alignmask = 0,
  1240. .cra_init = safexcel_skcipher_aes_ctr_cra_init,
  1241. .cra_exit = safexcel_skcipher_cra_exit,
  1242. .cra_module = THIS_MODULE,
  1243. },
  1244. },
  1245. };
  1246. static int safexcel_des_setkey(struct crypto_skcipher *ctfm, const u8 *key,
  1247. unsigned int len)
  1248. {
  1249. struct safexcel_cipher_ctx *ctx = crypto_skcipher_ctx(ctfm);
  1250. struct safexcel_crypto_priv *priv = ctx->base.priv;
  1251. int ret;
  1252. ret = verify_skcipher_des_key(ctfm, key);
  1253. if (ret)
  1254. return ret;
  1255. /* if context exits and key changed, need to invalidate it */
  1256. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma)
  1257. if (memcmp(ctx->key, key, len))
  1258. ctx->base.needs_inv = true;
  1259. memcpy(ctx->key, key, len);
  1260. ctx->key_len = len;
  1261. return 0;
  1262. }
  1263. static int safexcel_skcipher_des_cbc_cra_init(struct crypto_tfm *tfm)
  1264. {
  1265. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1266. safexcel_skcipher_cra_init(tfm);
  1267. ctx->alg = SAFEXCEL_DES;
  1268. ctx->blocksz = DES_BLOCK_SIZE;
  1269. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1270. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CBC;
  1271. return 0;
  1272. }
  1273. struct safexcel_alg_template safexcel_alg_cbc_des = {
  1274. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  1275. .algo_mask = SAFEXCEL_ALG_DES,
  1276. .alg.skcipher = {
  1277. .setkey = safexcel_des_setkey,
  1278. .encrypt = safexcel_encrypt,
  1279. .decrypt = safexcel_decrypt,
  1280. .min_keysize = DES_KEY_SIZE,
  1281. .max_keysize = DES_KEY_SIZE,
  1282. .ivsize = DES_BLOCK_SIZE,
  1283. .base = {
  1284. .cra_name = "cbc(des)",
  1285. .cra_driver_name = "safexcel-cbc-des",
  1286. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1287. .cra_flags = CRYPTO_ALG_ASYNC |
  1288. CRYPTO_ALG_ALLOCATES_MEMORY |
  1289. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1290. .cra_blocksize = DES_BLOCK_SIZE,
  1291. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1292. .cra_alignmask = 0,
  1293. .cra_init = safexcel_skcipher_des_cbc_cra_init,
  1294. .cra_exit = safexcel_skcipher_cra_exit,
  1295. .cra_module = THIS_MODULE,
  1296. },
  1297. },
  1298. };
  1299. static int safexcel_skcipher_des_ecb_cra_init(struct crypto_tfm *tfm)
  1300. {
  1301. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1302. safexcel_skcipher_cra_init(tfm);
  1303. ctx->alg = SAFEXCEL_DES;
  1304. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_ECB;
  1305. ctx->blocksz = 0;
  1306. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1307. return 0;
  1308. }
  1309. struct safexcel_alg_template safexcel_alg_ecb_des = {
  1310. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  1311. .algo_mask = SAFEXCEL_ALG_DES,
  1312. .alg.skcipher = {
  1313. .setkey = safexcel_des_setkey,
  1314. .encrypt = safexcel_encrypt,
  1315. .decrypt = safexcel_decrypt,
  1316. .min_keysize = DES_KEY_SIZE,
  1317. .max_keysize = DES_KEY_SIZE,
  1318. .base = {
  1319. .cra_name = "ecb(des)",
  1320. .cra_driver_name = "safexcel-ecb-des",
  1321. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1322. .cra_flags = CRYPTO_ALG_ASYNC |
  1323. CRYPTO_ALG_ALLOCATES_MEMORY |
  1324. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1325. .cra_blocksize = DES_BLOCK_SIZE,
  1326. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1327. .cra_alignmask = 0,
  1328. .cra_init = safexcel_skcipher_des_ecb_cra_init,
  1329. .cra_exit = safexcel_skcipher_cra_exit,
  1330. .cra_module = THIS_MODULE,
  1331. },
  1332. },
  1333. };
  1334. static int safexcel_des3_ede_setkey(struct crypto_skcipher *ctfm,
  1335. const u8 *key, unsigned int len)
  1336. {
  1337. struct safexcel_cipher_ctx *ctx = crypto_skcipher_ctx(ctfm);
  1338. struct safexcel_crypto_priv *priv = ctx->base.priv;
  1339. int err;
  1340. err = verify_skcipher_des3_key(ctfm, key);
  1341. if (err)
  1342. return err;
  1343. /* if context exits and key changed, need to invalidate it */
  1344. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma)
  1345. if (memcmp(ctx->key, key, len))
  1346. ctx->base.needs_inv = true;
  1347. memcpy(ctx->key, key, len);
  1348. ctx->key_len = len;
  1349. return 0;
  1350. }
  1351. static int safexcel_skcipher_des3_cbc_cra_init(struct crypto_tfm *tfm)
  1352. {
  1353. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1354. safexcel_skcipher_cra_init(tfm);
  1355. ctx->alg = SAFEXCEL_3DES;
  1356. ctx->blocksz = DES3_EDE_BLOCK_SIZE;
  1357. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1358. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CBC;
  1359. return 0;
  1360. }
  1361. struct safexcel_alg_template safexcel_alg_cbc_des3_ede = {
  1362. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  1363. .algo_mask = SAFEXCEL_ALG_DES,
  1364. .alg.skcipher = {
  1365. .setkey = safexcel_des3_ede_setkey,
  1366. .encrypt = safexcel_encrypt,
  1367. .decrypt = safexcel_decrypt,
  1368. .min_keysize = DES3_EDE_KEY_SIZE,
  1369. .max_keysize = DES3_EDE_KEY_SIZE,
  1370. .ivsize = DES3_EDE_BLOCK_SIZE,
  1371. .base = {
  1372. .cra_name = "cbc(des3_ede)",
  1373. .cra_driver_name = "safexcel-cbc-des3_ede",
  1374. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1375. .cra_flags = CRYPTO_ALG_ASYNC |
  1376. CRYPTO_ALG_ALLOCATES_MEMORY |
  1377. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1378. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1379. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1380. .cra_alignmask = 0,
  1381. .cra_init = safexcel_skcipher_des3_cbc_cra_init,
  1382. .cra_exit = safexcel_skcipher_cra_exit,
  1383. .cra_module = THIS_MODULE,
  1384. },
  1385. },
  1386. };
  1387. static int safexcel_skcipher_des3_ecb_cra_init(struct crypto_tfm *tfm)
  1388. {
  1389. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1390. safexcel_skcipher_cra_init(tfm);
  1391. ctx->alg = SAFEXCEL_3DES;
  1392. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_ECB;
  1393. ctx->blocksz = 0;
  1394. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1395. return 0;
  1396. }
  1397. struct safexcel_alg_template safexcel_alg_ecb_des3_ede = {
  1398. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  1399. .algo_mask = SAFEXCEL_ALG_DES,
  1400. .alg.skcipher = {
  1401. .setkey = safexcel_des3_ede_setkey,
  1402. .encrypt = safexcel_encrypt,
  1403. .decrypt = safexcel_decrypt,
  1404. .min_keysize = DES3_EDE_KEY_SIZE,
  1405. .max_keysize = DES3_EDE_KEY_SIZE,
  1406. .base = {
  1407. .cra_name = "ecb(des3_ede)",
  1408. .cra_driver_name = "safexcel-ecb-des3_ede",
  1409. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1410. .cra_flags = CRYPTO_ALG_ASYNC |
  1411. CRYPTO_ALG_ALLOCATES_MEMORY |
  1412. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1413. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1414. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1415. .cra_alignmask = 0,
  1416. .cra_init = safexcel_skcipher_des3_ecb_cra_init,
  1417. .cra_exit = safexcel_skcipher_cra_exit,
  1418. .cra_module = THIS_MODULE,
  1419. },
  1420. },
  1421. };
  1422. static int safexcel_aead_encrypt(struct aead_request *req)
  1423. {
  1424. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  1425. return safexcel_queue_req(&req->base, creq, SAFEXCEL_ENCRYPT);
  1426. }
  1427. static int safexcel_aead_decrypt(struct aead_request *req)
  1428. {
  1429. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  1430. return safexcel_queue_req(&req->base, creq, SAFEXCEL_DECRYPT);
  1431. }
  1432. static int safexcel_aead_cra_init(struct crypto_tfm *tfm)
  1433. {
  1434. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1435. struct safexcel_alg_template *tmpl =
  1436. container_of(tfm->__crt_alg, struct safexcel_alg_template,
  1437. alg.aead.base);
  1438. crypto_aead_set_reqsize(__crypto_aead_cast(tfm),
  1439. sizeof(struct safexcel_cipher_req));
  1440. ctx->base.priv = tmpl->priv;
  1441. ctx->alg = SAFEXCEL_AES; /* default */
  1442. ctx->blocksz = AES_BLOCK_SIZE;
  1443. ctx->ivmask = EIP197_OPTION_4_TOKEN_IV_CMD;
  1444. ctx->ctrinit = 1;
  1445. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CBC; /* default */
  1446. ctx->aead = true;
  1447. ctx->base.send = safexcel_aead_send;
  1448. ctx->base.handle_result = safexcel_aead_handle_result;
  1449. return 0;
  1450. }
  1451. static int safexcel_aead_sha1_cra_init(struct crypto_tfm *tfm)
  1452. {
  1453. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1454. safexcel_aead_cra_init(tfm);
  1455. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1;
  1456. ctx->state_sz = SHA1_DIGEST_SIZE;
  1457. return 0;
  1458. }
  1459. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_aes = {
  1460. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1461. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA1,
  1462. .alg.aead = {
  1463. .setkey = safexcel_aead_setkey,
  1464. .encrypt = safexcel_aead_encrypt,
  1465. .decrypt = safexcel_aead_decrypt,
  1466. .ivsize = AES_BLOCK_SIZE,
  1467. .maxauthsize = SHA1_DIGEST_SIZE,
  1468. .base = {
  1469. .cra_name = "authenc(hmac(sha1),cbc(aes))",
  1470. .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-aes",
  1471. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1472. .cra_flags = CRYPTO_ALG_ASYNC |
  1473. CRYPTO_ALG_ALLOCATES_MEMORY |
  1474. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1475. .cra_blocksize = AES_BLOCK_SIZE,
  1476. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1477. .cra_alignmask = 0,
  1478. .cra_init = safexcel_aead_sha1_cra_init,
  1479. .cra_exit = safexcel_aead_cra_exit,
  1480. .cra_module = THIS_MODULE,
  1481. },
  1482. },
  1483. };
  1484. static int safexcel_aead_sha256_cra_init(struct crypto_tfm *tfm)
  1485. {
  1486. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1487. safexcel_aead_cra_init(tfm);
  1488. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA256;
  1489. ctx->state_sz = SHA256_DIGEST_SIZE;
  1490. return 0;
  1491. }
  1492. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_aes = {
  1493. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1494. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA2_256,
  1495. .alg.aead = {
  1496. .setkey = safexcel_aead_setkey,
  1497. .encrypt = safexcel_aead_encrypt,
  1498. .decrypt = safexcel_aead_decrypt,
  1499. .ivsize = AES_BLOCK_SIZE,
  1500. .maxauthsize = SHA256_DIGEST_SIZE,
  1501. .base = {
  1502. .cra_name = "authenc(hmac(sha256),cbc(aes))",
  1503. .cra_driver_name = "safexcel-authenc-hmac-sha256-cbc-aes",
  1504. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1505. .cra_flags = CRYPTO_ALG_ASYNC |
  1506. CRYPTO_ALG_ALLOCATES_MEMORY |
  1507. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1508. .cra_blocksize = AES_BLOCK_SIZE,
  1509. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1510. .cra_alignmask = 0,
  1511. .cra_init = safexcel_aead_sha256_cra_init,
  1512. .cra_exit = safexcel_aead_cra_exit,
  1513. .cra_module = THIS_MODULE,
  1514. },
  1515. },
  1516. };
  1517. static int safexcel_aead_sha224_cra_init(struct crypto_tfm *tfm)
  1518. {
  1519. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1520. safexcel_aead_cra_init(tfm);
  1521. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA224;
  1522. ctx->state_sz = SHA256_DIGEST_SIZE;
  1523. return 0;
  1524. }
  1525. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_aes = {
  1526. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1527. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA2_256,
  1528. .alg.aead = {
  1529. .setkey = safexcel_aead_setkey,
  1530. .encrypt = safexcel_aead_encrypt,
  1531. .decrypt = safexcel_aead_decrypt,
  1532. .ivsize = AES_BLOCK_SIZE,
  1533. .maxauthsize = SHA224_DIGEST_SIZE,
  1534. .base = {
  1535. .cra_name = "authenc(hmac(sha224),cbc(aes))",
  1536. .cra_driver_name = "safexcel-authenc-hmac-sha224-cbc-aes",
  1537. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1538. .cra_flags = CRYPTO_ALG_ASYNC |
  1539. CRYPTO_ALG_ALLOCATES_MEMORY |
  1540. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1541. .cra_blocksize = AES_BLOCK_SIZE,
  1542. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1543. .cra_alignmask = 0,
  1544. .cra_init = safexcel_aead_sha224_cra_init,
  1545. .cra_exit = safexcel_aead_cra_exit,
  1546. .cra_module = THIS_MODULE,
  1547. },
  1548. },
  1549. };
  1550. static int safexcel_aead_sha512_cra_init(struct crypto_tfm *tfm)
  1551. {
  1552. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1553. safexcel_aead_cra_init(tfm);
  1554. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA512;
  1555. ctx->state_sz = SHA512_DIGEST_SIZE;
  1556. return 0;
  1557. }
  1558. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_aes = {
  1559. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1560. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA2_512,
  1561. .alg.aead = {
  1562. .setkey = safexcel_aead_setkey,
  1563. .encrypt = safexcel_aead_encrypt,
  1564. .decrypt = safexcel_aead_decrypt,
  1565. .ivsize = AES_BLOCK_SIZE,
  1566. .maxauthsize = SHA512_DIGEST_SIZE,
  1567. .base = {
  1568. .cra_name = "authenc(hmac(sha512),cbc(aes))",
  1569. .cra_driver_name = "safexcel-authenc-hmac-sha512-cbc-aes",
  1570. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1571. .cra_flags = CRYPTO_ALG_ASYNC |
  1572. CRYPTO_ALG_ALLOCATES_MEMORY |
  1573. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1574. .cra_blocksize = AES_BLOCK_SIZE,
  1575. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1576. .cra_alignmask = 0,
  1577. .cra_init = safexcel_aead_sha512_cra_init,
  1578. .cra_exit = safexcel_aead_cra_exit,
  1579. .cra_module = THIS_MODULE,
  1580. },
  1581. },
  1582. };
  1583. static int safexcel_aead_sha384_cra_init(struct crypto_tfm *tfm)
  1584. {
  1585. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1586. safexcel_aead_cra_init(tfm);
  1587. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA384;
  1588. ctx->state_sz = SHA512_DIGEST_SIZE;
  1589. return 0;
  1590. }
  1591. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_aes = {
  1592. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1593. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA2_512,
  1594. .alg.aead = {
  1595. .setkey = safexcel_aead_setkey,
  1596. .encrypt = safexcel_aead_encrypt,
  1597. .decrypt = safexcel_aead_decrypt,
  1598. .ivsize = AES_BLOCK_SIZE,
  1599. .maxauthsize = SHA384_DIGEST_SIZE,
  1600. .base = {
  1601. .cra_name = "authenc(hmac(sha384),cbc(aes))",
  1602. .cra_driver_name = "safexcel-authenc-hmac-sha384-cbc-aes",
  1603. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1604. .cra_flags = CRYPTO_ALG_ASYNC |
  1605. CRYPTO_ALG_ALLOCATES_MEMORY |
  1606. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1607. .cra_blocksize = AES_BLOCK_SIZE,
  1608. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1609. .cra_alignmask = 0,
  1610. .cra_init = safexcel_aead_sha384_cra_init,
  1611. .cra_exit = safexcel_aead_cra_exit,
  1612. .cra_module = THIS_MODULE,
  1613. },
  1614. },
  1615. };
  1616. static int safexcel_aead_sha1_des3_cra_init(struct crypto_tfm *tfm)
  1617. {
  1618. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1619. safexcel_aead_sha1_cra_init(tfm);
  1620. ctx->alg = SAFEXCEL_3DES; /* override default */
  1621. ctx->blocksz = DES3_EDE_BLOCK_SIZE;
  1622. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1623. return 0;
  1624. }
  1625. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
  1626. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1627. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA1,
  1628. .alg.aead = {
  1629. .setkey = safexcel_aead_setkey,
  1630. .encrypt = safexcel_aead_encrypt,
  1631. .decrypt = safexcel_aead_decrypt,
  1632. .ivsize = DES3_EDE_BLOCK_SIZE,
  1633. .maxauthsize = SHA1_DIGEST_SIZE,
  1634. .base = {
  1635. .cra_name = "authenc(hmac(sha1),cbc(des3_ede))",
  1636. .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-des3_ede",
  1637. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1638. .cra_flags = CRYPTO_ALG_ASYNC |
  1639. CRYPTO_ALG_ALLOCATES_MEMORY |
  1640. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1641. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1642. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1643. .cra_alignmask = 0,
  1644. .cra_init = safexcel_aead_sha1_des3_cra_init,
  1645. .cra_exit = safexcel_aead_cra_exit,
  1646. .cra_module = THIS_MODULE,
  1647. },
  1648. },
  1649. };
  1650. static int safexcel_aead_sha256_des3_cra_init(struct crypto_tfm *tfm)
  1651. {
  1652. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1653. safexcel_aead_sha256_cra_init(tfm);
  1654. ctx->alg = SAFEXCEL_3DES; /* override default */
  1655. ctx->blocksz = DES3_EDE_BLOCK_SIZE;
  1656. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1657. return 0;
  1658. }
  1659. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des3_ede = {
  1660. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1661. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
  1662. .alg.aead = {
  1663. .setkey = safexcel_aead_setkey,
  1664. .encrypt = safexcel_aead_encrypt,
  1665. .decrypt = safexcel_aead_decrypt,
  1666. .ivsize = DES3_EDE_BLOCK_SIZE,
  1667. .maxauthsize = SHA256_DIGEST_SIZE,
  1668. .base = {
  1669. .cra_name = "authenc(hmac(sha256),cbc(des3_ede))",
  1670. .cra_driver_name = "safexcel-authenc-hmac-sha256-cbc-des3_ede",
  1671. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1672. .cra_flags = CRYPTO_ALG_ASYNC |
  1673. CRYPTO_ALG_ALLOCATES_MEMORY |
  1674. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1675. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1676. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1677. .cra_alignmask = 0,
  1678. .cra_init = safexcel_aead_sha256_des3_cra_init,
  1679. .cra_exit = safexcel_aead_cra_exit,
  1680. .cra_module = THIS_MODULE,
  1681. },
  1682. },
  1683. };
  1684. static int safexcel_aead_sha224_des3_cra_init(struct crypto_tfm *tfm)
  1685. {
  1686. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1687. safexcel_aead_sha224_cra_init(tfm);
  1688. ctx->alg = SAFEXCEL_3DES; /* override default */
  1689. ctx->blocksz = DES3_EDE_BLOCK_SIZE;
  1690. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1691. return 0;
  1692. }
  1693. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des3_ede = {
  1694. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1695. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
  1696. .alg.aead = {
  1697. .setkey = safexcel_aead_setkey,
  1698. .encrypt = safexcel_aead_encrypt,
  1699. .decrypt = safexcel_aead_decrypt,
  1700. .ivsize = DES3_EDE_BLOCK_SIZE,
  1701. .maxauthsize = SHA224_DIGEST_SIZE,
  1702. .base = {
  1703. .cra_name = "authenc(hmac(sha224),cbc(des3_ede))",
  1704. .cra_driver_name = "safexcel-authenc-hmac-sha224-cbc-des3_ede",
  1705. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1706. .cra_flags = CRYPTO_ALG_ASYNC |
  1707. CRYPTO_ALG_ALLOCATES_MEMORY |
  1708. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1709. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1710. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1711. .cra_alignmask = 0,
  1712. .cra_init = safexcel_aead_sha224_des3_cra_init,
  1713. .cra_exit = safexcel_aead_cra_exit,
  1714. .cra_module = THIS_MODULE,
  1715. },
  1716. },
  1717. };
  1718. static int safexcel_aead_sha512_des3_cra_init(struct crypto_tfm *tfm)
  1719. {
  1720. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1721. safexcel_aead_sha512_cra_init(tfm);
  1722. ctx->alg = SAFEXCEL_3DES; /* override default */
  1723. ctx->blocksz = DES3_EDE_BLOCK_SIZE;
  1724. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1725. return 0;
  1726. }
  1727. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_des3_ede = {
  1728. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1729. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_512,
  1730. .alg.aead = {
  1731. .setkey = safexcel_aead_setkey,
  1732. .encrypt = safexcel_aead_encrypt,
  1733. .decrypt = safexcel_aead_decrypt,
  1734. .ivsize = DES3_EDE_BLOCK_SIZE,
  1735. .maxauthsize = SHA512_DIGEST_SIZE,
  1736. .base = {
  1737. .cra_name = "authenc(hmac(sha512),cbc(des3_ede))",
  1738. .cra_driver_name = "safexcel-authenc-hmac-sha512-cbc-des3_ede",
  1739. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1740. .cra_flags = CRYPTO_ALG_ASYNC |
  1741. CRYPTO_ALG_ALLOCATES_MEMORY |
  1742. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1743. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1744. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1745. .cra_alignmask = 0,
  1746. .cra_init = safexcel_aead_sha512_des3_cra_init,
  1747. .cra_exit = safexcel_aead_cra_exit,
  1748. .cra_module = THIS_MODULE,
  1749. },
  1750. },
  1751. };
  1752. static int safexcel_aead_sha384_des3_cra_init(struct crypto_tfm *tfm)
  1753. {
  1754. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1755. safexcel_aead_sha384_cra_init(tfm);
  1756. ctx->alg = SAFEXCEL_3DES; /* override default */
  1757. ctx->blocksz = DES3_EDE_BLOCK_SIZE;
  1758. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1759. return 0;
  1760. }
  1761. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_des3_ede = {
  1762. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1763. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_512,
  1764. .alg.aead = {
  1765. .setkey = safexcel_aead_setkey,
  1766. .encrypt = safexcel_aead_encrypt,
  1767. .decrypt = safexcel_aead_decrypt,
  1768. .ivsize = DES3_EDE_BLOCK_SIZE,
  1769. .maxauthsize = SHA384_DIGEST_SIZE,
  1770. .base = {
  1771. .cra_name = "authenc(hmac(sha384),cbc(des3_ede))",
  1772. .cra_driver_name = "safexcel-authenc-hmac-sha384-cbc-des3_ede",
  1773. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1774. .cra_flags = CRYPTO_ALG_ASYNC |
  1775. CRYPTO_ALG_ALLOCATES_MEMORY |
  1776. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1777. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1778. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1779. .cra_alignmask = 0,
  1780. .cra_init = safexcel_aead_sha384_des3_cra_init,
  1781. .cra_exit = safexcel_aead_cra_exit,
  1782. .cra_module = THIS_MODULE,
  1783. },
  1784. },
  1785. };
  1786. static int safexcel_aead_sha1_des_cra_init(struct crypto_tfm *tfm)
  1787. {
  1788. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1789. safexcel_aead_sha1_cra_init(tfm);
  1790. ctx->alg = SAFEXCEL_DES; /* override default */
  1791. ctx->blocksz = DES_BLOCK_SIZE;
  1792. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1793. return 0;
  1794. }
  1795. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des = {
  1796. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1797. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA1,
  1798. .alg.aead = {
  1799. .setkey = safexcel_aead_setkey,
  1800. .encrypt = safexcel_aead_encrypt,
  1801. .decrypt = safexcel_aead_decrypt,
  1802. .ivsize = DES_BLOCK_SIZE,
  1803. .maxauthsize = SHA1_DIGEST_SIZE,
  1804. .base = {
  1805. .cra_name = "authenc(hmac(sha1),cbc(des))",
  1806. .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-des",
  1807. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1808. .cra_flags = CRYPTO_ALG_ASYNC |
  1809. CRYPTO_ALG_ALLOCATES_MEMORY |
  1810. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1811. .cra_blocksize = DES_BLOCK_SIZE,
  1812. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1813. .cra_alignmask = 0,
  1814. .cra_init = safexcel_aead_sha1_des_cra_init,
  1815. .cra_exit = safexcel_aead_cra_exit,
  1816. .cra_module = THIS_MODULE,
  1817. },
  1818. },
  1819. };
  1820. static int safexcel_aead_sha256_des_cra_init(struct crypto_tfm *tfm)
  1821. {
  1822. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1823. safexcel_aead_sha256_cra_init(tfm);
  1824. ctx->alg = SAFEXCEL_DES; /* override default */
  1825. ctx->blocksz = DES_BLOCK_SIZE;
  1826. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1827. return 0;
  1828. }
  1829. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des = {
  1830. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1831. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
  1832. .alg.aead = {
  1833. .setkey = safexcel_aead_setkey,
  1834. .encrypt = safexcel_aead_encrypt,
  1835. .decrypt = safexcel_aead_decrypt,
  1836. .ivsize = DES_BLOCK_SIZE,
  1837. .maxauthsize = SHA256_DIGEST_SIZE,
  1838. .base = {
  1839. .cra_name = "authenc(hmac(sha256),cbc(des))",
  1840. .cra_driver_name = "safexcel-authenc-hmac-sha256-cbc-des",
  1841. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1842. .cra_flags = CRYPTO_ALG_ASYNC |
  1843. CRYPTO_ALG_ALLOCATES_MEMORY |
  1844. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1845. .cra_blocksize = DES_BLOCK_SIZE,
  1846. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1847. .cra_alignmask = 0,
  1848. .cra_init = safexcel_aead_sha256_des_cra_init,
  1849. .cra_exit = safexcel_aead_cra_exit,
  1850. .cra_module = THIS_MODULE,
  1851. },
  1852. },
  1853. };
  1854. static int safexcel_aead_sha224_des_cra_init(struct crypto_tfm *tfm)
  1855. {
  1856. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1857. safexcel_aead_sha224_cra_init(tfm);
  1858. ctx->alg = SAFEXCEL_DES; /* override default */
  1859. ctx->blocksz = DES_BLOCK_SIZE;
  1860. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1861. return 0;
  1862. }
  1863. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des = {
  1864. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1865. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
  1866. .alg.aead = {
  1867. .setkey = safexcel_aead_setkey,
  1868. .encrypt = safexcel_aead_encrypt,
  1869. .decrypt = safexcel_aead_decrypt,
  1870. .ivsize = DES_BLOCK_SIZE,
  1871. .maxauthsize = SHA224_DIGEST_SIZE,
  1872. .base = {
  1873. .cra_name = "authenc(hmac(sha224),cbc(des))",
  1874. .cra_driver_name = "safexcel-authenc-hmac-sha224-cbc-des",
  1875. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1876. .cra_flags = CRYPTO_ALG_ASYNC |
  1877. CRYPTO_ALG_ALLOCATES_MEMORY |
  1878. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1879. .cra_blocksize = DES_BLOCK_SIZE,
  1880. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1881. .cra_alignmask = 0,
  1882. .cra_init = safexcel_aead_sha224_des_cra_init,
  1883. .cra_exit = safexcel_aead_cra_exit,
  1884. .cra_module = THIS_MODULE,
  1885. },
  1886. },
  1887. };
  1888. static int safexcel_aead_sha512_des_cra_init(struct crypto_tfm *tfm)
  1889. {
  1890. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1891. safexcel_aead_sha512_cra_init(tfm);
  1892. ctx->alg = SAFEXCEL_DES; /* override default */
  1893. ctx->blocksz = DES_BLOCK_SIZE;
  1894. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1895. return 0;
  1896. }
  1897. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_des = {
  1898. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1899. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_512,
  1900. .alg.aead = {
  1901. .setkey = safexcel_aead_setkey,
  1902. .encrypt = safexcel_aead_encrypt,
  1903. .decrypt = safexcel_aead_decrypt,
  1904. .ivsize = DES_BLOCK_SIZE,
  1905. .maxauthsize = SHA512_DIGEST_SIZE,
  1906. .base = {
  1907. .cra_name = "authenc(hmac(sha512),cbc(des))",
  1908. .cra_driver_name = "safexcel-authenc-hmac-sha512-cbc-des",
  1909. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1910. .cra_flags = CRYPTO_ALG_ASYNC |
  1911. CRYPTO_ALG_ALLOCATES_MEMORY |
  1912. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1913. .cra_blocksize = DES_BLOCK_SIZE,
  1914. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1915. .cra_alignmask = 0,
  1916. .cra_init = safexcel_aead_sha512_des_cra_init,
  1917. .cra_exit = safexcel_aead_cra_exit,
  1918. .cra_module = THIS_MODULE,
  1919. },
  1920. },
  1921. };
  1922. static int safexcel_aead_sha384_des_cra_init(struct crypto_tfm *tfm)
  1923. {
  1924. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1925. safexcel_aead_sha384_cra_init(tfm);
  1926. ctx->alg = SAFEXCEL_DES; /* override default */
  1927. ctx->blocksz = DES_BLOCK_SIZE;
  1928. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  1929. return 0;
  1930. }
  1931. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_des = {
  1932. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1933. .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_512,
  1934. .alg.aead = {
  1935. .setkey = safexcel_aead_setkey,
  1936. .encrypt = safexcel_aead_encrypt,
  1937. .decrypt = safexcel_aead_decrypt,
  1938. .ivsize = DES_BLOCK_SIZE,
  1939. .maxauthsize = SHA384_DIGEST_SIZE,
  1940. .base = {
  1941. .cra_name = "authenc(hmac(sha384),cbc(des))",
  1942. .cra_driver_name = "safexcel-authenc-hmac-sha384-cbc-des",
  1943. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1944. .cra_flags = CRYPTO_ALG_ASYNC |
  1945. CRYPTO_ALG_ALLOCATES_MEMORY |
  1946. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1947. .cra_blocksize = DES_BLOCK_SIZE,
  1948. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1949. .cra_alignmask = 0,
  1950. .cra_init = safexcel_aead_sha384_des_cra_init,
  1951. .cra_exit = safexcel_aead_cra_exit,
  1952. .cra_module = THIS_MODULE,
  1953. },
  1954. },
  1955. };
  1956. static int safexcel_aead_sha1_ctr_cra_init(struct crypto_tfm *tfm)
  1957. {
  1958. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1959. safexcel_aead_sha1_cra_init(tfm);
  1960. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
  1961. return 0;
  1962. }
  1963. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_ctr_aes = {
  1964. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1965. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA1,
  1966. .alg.aead = {
  1967. .setkey = safexcel_aead_setkey,
  1968. .encrypt = safexcel_aead_encrypt,
  1969. .decrypt = safexcel_aead_decrypt,
  1970. .ivsize = CTR_RFC3686_IV_SIZE,
  1971. .maxauthsize = SHA1_DIGEST_SIZE,
  1972. .base = {
  1973. .cra_name = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
  1974. .cra_driver_name = "safexcel-authenc-hmac-sha1-ctr-aes",
  1975. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  1976. .cra_flags = CRYPTO_ALG_ASYNC |
  1977. CRYPTO_ALG_ALLOCATES_MEMORY |
  1978. CRYPTO_ALG_KERN_DRIVER_ONLY,
  1979. .cra_blocksize = 1,
  1980. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  1981. .cra_alignmask = 0,
  1982. .cra_init = safexcel_aead_sha1_ctr_cra_init,
  1983. .cra_exit = safexcel_aead_cra_exit,
  1984. .cra_module = THIS_MODULE,
  1985. },
  1986. },
  1987. };
  1988. static int safexcel_aead_sha256_ctr_cra_init(struct crypto_tfm *tfm)
  1989. {
  1990. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  1991. safexcel_aead_sha256_cra_init(tfm);
  1992. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
  1993. return 0;
  1994. }
  1995. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_ctr_aes = {
  1996. .type = SAFEXCEL_ALG_TYPE_AEAD,
  1997. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA2_256,
  1998. .alg.aead = {
  1999. .setkey = safexcel_aead_setkey,
  2000. .encrypt = safexcel_aead_encrypt,
  2001. .decrypt = safexcel_aead_decrypt,
  2002. .ivsize = CTR_RFC3686_IV_SIZE,
  2003. .maxauthsize = SHA256_DIGEST_SIZE,
  2004. .base = {
  2005. .cra_name = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
  2006. .cra_driver_name = "safexcel-authenc-hmac-sha256-ctr-aes",
  2007. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2008. .cra_flags = CRYPTO_ALG_ASYNC |
  2009. CRYPTO_ALG_ALLOCATES_MEMORY |
  2010. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2011. .cra_blocksize = 1,
  2012. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2013. .cra_alignmask = 0,
  2014. .cra_init = safexcel_aead_sha256_ctr_cra_init,
  2015. .cra_exit = safexcel_aead_cra_exit,
  2016. .cra_module = THIS_MODULE,
  2017. },
  2018. },
  2019. };
  2020. static int safexcel_aead_sha224_ctr_cra_init(struct crypto_tfm *tfm)
  2021. {
  2022. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2023. safexcel_aead_sha224_cra_init(tfm);
  2024. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
  2025. return 0;
  2026. }
  2027. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_ctr_aes = {
  2028. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2029. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA2_256,
  2030. .alg.aead = {
  2031. .setkey = safexcel_aead_setkey,
  2032. .encrypt = safexcel_aead_encrypt,
  2033. .decrypt = safexcel_aead_decrypt,
  2034. .ivsize = CTR_RFC3686_IV_SIZE,
  2035. .maxauthsize = SHA224_DIGEST_SIZE,
  2036. .base = {
  2037. .cra_name = "authenc(hmac(sha224),rfc3686(ctr(aes)))",
  2038. .cra_driver_name = "safexcel-authenc-hmac-sha224-ctr-aes",
  2039. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2040. .cra_flags = CRYPTO_ALG_ASYNC |
  2041. CRYPTO_ALG_ALLOCATES_MEMORY |
  2042. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2043. .cra_blocksize = 1,
  2044. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2045. .cra_alignmask = 0,
  2046. .cra_init = safexcel_aead_sha224_ctr_cra_init,
  2047. .cra_exit = safexcel_aead_cra_exit,
  2048. .cra_module = THIS_MODULE,
  2049. },
  2050. },
  2051. };
  2052. static int safexcel_aead_sha512_ctr_cra_init(struct crypto_tfm *tfm)
  2053. {
  2054. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2055. safexcel_aead_sha512_cra_init(tfm);
  2056. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
  2057. return 0;
  2058. }
  2059. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_ctr_aes = {
  2060. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2061. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA2_512,
  2062. .alg.aead = {
  2063. .setkey = safexcel_aead_setkey,
  2064. .encrypt = safexcel_aead_encrypt,
  2065. .decrypt = safexcel_aead_decrypt,
  2066. .ivsize = CTR_RFC3686_IV_SIZE,
  2067. .maxauthsize = SHA512_DIGEST_SIZE,
  2068. .base = {
  2069. .cra_name = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
  2070. .cra_driver_name = "safexcel-authenc-hmac-sha512-ctr-aes",
  2071. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2072. .cra_flags = CRYPTO_ALG_ASYNC |
  2073. CRYPTO_ALG_ALLOCATES_MEMORY |
  2074. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2075. .cra_blocksize = 1,
  2076. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2077. .cra_alignmask = 0,
  2078. .cra_init = safexcel_aead_sha512_ctr_cra_init,
  2079. .cra_exit = safexcel_aead_cra_exit,
  2080. .cra_module = THIS_MODULE,
  2081. },
  2082. },
  2083. };
  2084. static int safexcel_aead_sha384_ctr_cra_init(struct crypto_tfm *tfm)
  2085. {
  2086. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2087. safexcel_aead_sha384_cra_init(tfm);
  2088. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
  2089. return 0;
  2090. }
  2091. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_ctr_aes = {
  2092. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2093. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_SHA2_512,
  2094. .alg.aead = {
  2095. .setkey = safexcel_aead_setkey,
  2096. .encrypt = safexcel_aead_encrypt,
  2097. .decrypt = safexcel_aead_decrypt,
  2098. .ivsize = CTR_RFC3686_IV_SIZE,
  2099. .maxauthsize = SHA384_DIGEST_SIZE,
  2100. .base = {
  2101. .cra_name = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
  2102. .cra_driver_name = "safexcel-authenc-hmac-sha384-ctr-aes",
  2103. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2104. .cra_flags = CRYPTO_ALG_ASYNC |
  2105. CRYPTO_ALG_ALLOCATES_MEMORY |
  2106. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2107. .cra_blocksize = 1,
  2108. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2109. .cra_alignmask = 0,
  2110. .cra_init = safexcel_aead_sha384_ctr_cra_init,
  2111. .cra_exit = safexcel_aead_cra_exit,
  2112. .cra_module = THIS_MODULE,
  2113. },
  2114. },
  2115. };
  2116. static int safexcel_skcipher_aesxts_setkey(struct crypto_skcipher *ctfm,
  2117. const u8 *key, unsigned int len)
  2118. {
  2119. struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
  2120. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2121. struct safexcel_crypto_priv *priv = ctx->base.priv;
  2122. struct crypto_aes_ctx aes;
  2123. int ret, i;
  2124. unsigned int keylen;
  2125. /* Check for illegal XTS keys */
  2126. ret = xts_verify_key(ctfm, key, len);
  2127. if (ret)
  2128. return ret;
  2129. /* Only half of the key data is cipher key */
  2130. keylen = (len >> 1);
  2131. ret = aes_expandkey(&aes, key, keylen);
  2132. if (ret)
  2133. return ret;
  2134. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
  2135. for (i = 0; i < keylen / sizeof(u32); i++) {
  2136. if (le32_to_cpu(ctx->key[i]) != aes.key_enc[i]) {
  2137. ctx->base.needs_inv = true;
  2138. break;
  2139. }
  2140. }
  2141. }
  2142. for (i = 0; i < keylen / sizeof(u32); i++)
  2143. ctx->key[i] = cpu_to_le32(aes.key_enc[i]);
  2144. /* The other half is the tweak key */
  2145. ret = aes_expandkey(&aes, (u8 *)(key + keylen), keylen);
  2146. if (ret)
  2147. return ret;
  2148. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
  2149. for (i = 0; i < keylen / sizeof(u32); i++) {
  2150. if (le32_to_cpu(ctx->key[i + keylen / sizeof(u32)]) !=
  2151. aes.key_enc[i]) {
  2152. ctx->base.needs_inv = true;
  2153. break;
  2154. }
  2155. }
  2156. }
  2157. for (i = 0; i < keylen / sizeof(u32); i++)
  2158. ctx->key[i + keylen / sizeof(u32)] =
  2159. cpu_to_le32(aes.key_enc[i]);
  2160. ctx->key_len = keylen << 1;
  2161. memzero_explicit(&aes, sizeof(aes));
  2162. return 0;
  2163. }
  2164. static int safexcel_skcipher_aes_xts_cra_init(struct crypto_tfm *tfm)
  2165. {
  2166. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2167. safexcel_skcipher_cra_init(tfm);
  2168. ctx->alg = SAFEXCEL_AES;
  2169. ctx->blocksz = AES_BLOCK_SIZE;
  2170. ctx->xts = 1;
  2171. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_XTS;
  2172. return 0;
  2173. }
  2174. static int safexcel_encrypt_xts(struct skcipher_request *req)
  2175. {
  2176. if (req->cryptlen < XTS_BLOCK_SIZE)
  2177. return -EINVAL;
  2178. return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
  2179. SAFEXCEL_ENCRYPT);
  2180. }
  2181. static int safexcel_decrypt_xts(struct skcipher_request *req)
  2182. {
  2183. if (req->cryptlen < XTS_BLOCK_SIZE)
  2184. return -EINVAL;
  2185. return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
  2186. SAFEXCEL_DECRYPT);
  2187. }
  2188. struct safexcel_alg_template safexcel_alg_xts_aes = {
  2189. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  2190. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_AES_XTS,
  2191. .alg.skcipher = {
  2192. .setkey = safexcel_skcipher_aesxts_setkey,
  2193. .encrypt = safexcel_encrypt_xts,
  2194. .decrypt = safexcel_decrypt_xts,
  2195. /* XTS actually uses 2 AES keys glued together */
  2196. .min_keysize = AES_MIN_KEY_SIZE * 2,
  2197. .max_keysize = AES_MAX_KEY_SIZE * 2,
  2198. .ivsize = XTS_BLOCK_SIZE,
  2199. .base = {
  2200. .cra_name = "xts(aes)",
  2201. .cra_driver_name = "safexcel-xts-aes",
  2202. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2203. .cra_flags = CRYPTO_ALG_ASYNC |
  2204. CRYPTO_ALG_ALLOCATES_MEMORY |
  2205. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2206. .cra_blocksize = XTS_BLOCK_SIZE,
  2207. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2208. .cra_alignmask = 0,
  2209. .cra_init = safexcel_skcipher_aes_xts_cra_init,
  2210. .cra_exit = safexcel_skcipher_cra_exit,
  2211. .cra_module = THIS_MODULE,
  2212. },
  2213. },
  2214. };
  2215. static int safexcel_aead_gcm_setkey(struct crypto_aead *ctfm, const u8 *key,
  2216. unsigned int len)
  2217. {
  2218. struct crypto_tfm *tfm = crypto_aead_tfm(ctfm);
  2219. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2220. struct safexcel_crypto_priv *priv = ctx->base.priv;
  2221. struct aes_enckey aes;
  2222. u32 hashkey[AES_BLOCK_SIZE >> 2];
  2223. int ret, i;
  2224. ret = aes_prepareenckey(&aes, key, len);
  2225. if (ret)
  2226. return ret;
  2227. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
  2228. for (i = 0; i < len / sizeof(u32); i++) {
  2229. if (ctx->key[i] != get_unaligned((__le32 *)key + i)) {
  2230. ctx->base.needs_inv = true;
  2231. break;
  2232. }
  2233. }
  2234. }
  2235. for (i = 0; i < len / sizeof(u32); i++)
  2236. ctx->key[i] = get_unaligned((__le32 *)key + i);
  2237. ctx->key_len = len;
  2238. /* Compute hash key by encrypting zeroes with cipher key */
  2239. memset(hashkey, 0, AES_BLOCK_SIZE);
  2240. aes_encrypt(&aes, (u8 *)hashkey, (u8 *)hashkey);
  2241. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
  2242. for (i = 0; i < AES_BLOCK_SIZE / sizeof(u32); i++) {
  2243. if (be32_to_cpu(ctx->base.ipad.be[i]) != hashkey[i]) {
  2244. ctx->base.needs_inv = true;
  2245. break;
  2246. }
  2247. }
  2248. }
  2249. for (i = 0; i < AES_BLOCK_SIZE / sizeof(u32); i++)
  2250. ctx->base.ipad.be[i] = cpu_to_be32(hashkey[i]);
  2251. memzero_explicit(hashkey, AES_BLOCK_SIZE);
  2252. memzero_explicit(&aes, sizeof(aes));
  2253. return 0;
  2254. }
  2255. static int safexcel_aead_gcm_cra_init(struct crypto_tfm *tfm)
  2256. {
  2257. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2258. safexcel_aead_cra_init(tfm);
  2259. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_GHASH;
  2260. ctx->state_sz = GHASH_BLOCK_SIZE;
  2261. ctx->xcm = EIP197_XCM_MODE_GCM;
  2262. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_XCM; /* override default */
  2263. return 0;
  2264. }
  2265. static void safexcel_aead_gcm_cra_exit(struct crypto_tfm *tfm)
  2266. {
  2267. safexcel_aead_cra_exit(tfm);
  2268. }
  2269. static int safexcel_aead_gcm_setauthsize(struct crypto_aead *tfm,
  2270. unsigned int authsize)
  2271. {
  2272. return crypto_gcm_check_authsize(authsize);
  2273. }
  2274. struct safexcel_alg_template safexcel_alg_gcm = {
  2275. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2276. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_GHASH,
  2277. .alg.aead = {
  2278. .setkey = safexcel_aead_gcm_setkey,
  2279. .setauthsize = safexcel_aead_gcm_setauthsize,
  2280. .encrypt = safexcel_aead_encrypt,
  2281. .decrypt = safexcel_aead_decrypt,
  2282. .ivsize = GCM_AES_IV_SIZE,
  2283. .maxauthsize = GHASH_DIGEST_SIZE,
  2284. .base = {
  2285. .cra_name = "gcm(aes)",
  2286. .cra_driver_name = "safexcel-gcm-aes",
  2287. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2288. .cra_flags = CRYPTO_ALG_ASYNC |
  2289. CRYPTO_ALG_ALLOCATES_MEMORY |
  2290. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2291. .cra_blocksize = 1,
  2292. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2293. .cra_alignmask = 0,
  2294. .cra_init = safexcel_aead_gcm_cra_init,
  2295. .cra_exit = safexcel_aead_gcm_cra_exit,
  2296. .cra_module = THIS_MODULE,
  2297. },
  2298. },
  2299. };
  2300. static int safexcel_aead_ccm_setkey(struct crypto_aead *ctfm, const u8 *key,
  2301. unsigned int len)
  2302. {
  2303. struct crypto_tfm *tfm = crypto_aead_tfm(ctfm);
  2304. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2305. struct safexcel_crypto_priv *priv = ctx->base.priv;
  2306. struct crypto_aes_ctx aes;
  2307. int ret, i;
  2308. ret = aes_expandkey(&aes, key, len);
  2309. if (ret) {
  2310. memzero_explicit(&aes, sizeof(aes));
  2311. return ret;
  2312. }
  2313. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
  2314. for (i = 0; i < len / sizeof(u32); i++) {
  2315. if (le32_to_cpu(ctx->key[i]) != aes.key_enc[i]) {
  2316. ctx->base.needs_inv = true;
  2317. break;
  2318. }
  2319. }
  2320. }
  2321. for (i = 0; i < len / sizeof(u32); i++) {
  2322. ctx->key[i] = cpu_to_le32(aes.key_enc[i]);
  2323. ctx->base.ipad.be[i + 2 * AES_BLOCK_SIZE / sizeof(u32)] =
  2324. cpu_to_be32(aes.key_enc[i]);
  2325. }
  2326. ctx->key_len = len;
  2327. ctx->state_sz = 2 * AES_BLOCK_SIZE + len;
  2328. if (len == AES_KEYSIZE_192)
  2329. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;
  2330. else if (len == AES_KEYSIZE_256)
  2331. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;
  2332. else
  2333. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
  2334. memzero_explicit(&aes, sizeof(aes));
  2335. return 0;
  2336. }
  2337. static int safexcel_aead_ccm_cra_init(struct crypto_tfm *tfm)
  2338. {
  2339. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2340. safexcel_aead_cra_init(tfm);
  2341. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
  2342. ctx->state_sz = 3 * AES_BLOCK_SIZE;
  2343. ctx->xcm = EIP197_XCM_MODE_CCM;
  2344. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_XCM; /* override default */
  2345. ctx->ctrinit = 0;
  2346. return 0;
  2347. }
  2348. static int safexcel_aead_ccm_setauthsize(struct crypto_aead *tfm,
  2349. unsigned int authsize)
  2350. {
  2351. /* Borrowed from crypto/ccm.c */
  2352. switch (authsize) {
  2353. case 4:
  2354. case 6:
  2355. case 8:
  2356. case 10:
  2357. case 12:
  2358. case 14:
  2359. case 16:
  2360. break;
  2361. default:
  2362. return -EINVAL;
  2363. }
  2364. return 0;
  2365. }
  2366. static int safexcel_ccm_encrypt(struct aead_request *req)
  2367. {
  2368. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  2369. if (req->iv[0] < 1 || req->iv[0] > 7)
  2370. return -EINVAL;
  2371. return safexcel_queue_req(&req->base, creq, SAFEXCEL_ENCRYPT);
  2372. }
  2373. static int safexcel_ccm_decrypt(struct aead_request *req)
  2374. {
  2375. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  2376. if (req->iv[0] < 1 || req->iv[0] > 7)
  2377. return -EINVAL;
  2378. return safexcel_queue_req(&req->base, creq, SAFEXCEL_DECRYPT);
  2379. }
  2380. struct safexcel_alg_template safexcel_alg_ccm = {
  2381. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2382. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_CBC_MAC_ALL,
  2383. .alg.aead = {
  2384. .setkey = safexcel_aead_ccm_setkey,
  2385. .setauthsize = safexcel_aead_ccm_setauthsize,
  2386. .encrypt = safexcel_ccm_encrypt,
  2387. .decrypt = safexcel_ccm_decrypt,
  2388. .ivsize = AES_BLOCK_SIZE,
  2389. .maxauthsize = AES_BLOCK_SIZE,
  2390. .base = {
  2391. .cra_name = "ccm(aes)",
  2392. .cra_driver_name = "safexcel-ccm-aes",
  2393. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2394. .cra_flags = CRYPTO_ALG_ASYNC |
  2395. CRYPTO_ALG_ALLOCATES_MEMORY |
  2396. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2397. .cra_blocksize = 1,
  2398. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2399. .cra_alignmask = 0,
  2400. .cra_init = safexcel_aead_ccm_cra_init,
  2401. .cra_exit = safexcel_aead_cra_exit,
  2402. .cra_module = THIS_MODULE,
  2403. },
  2404. },
  2405. };
  2406. static void safexcel_chacha20_setkey(struct safexcel_cipher_ctx *ctx,
  2407. const u8 *key)
  2408. {
  2409. struct safexcel_crypto_priv *priv = ctx->base.priv;
  2410. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma)
  2411. if (memcmp(ctx->key, key, CHACHA_KEY_SIZE))
  2412. ctx->base.needs_inv = true;
  2413. memcpy(ctx->key, key, CHACHA_KEY_SIZE);
  2414. ctx->key_len = CHACHA_KEY_SIZE;
  2415. }
  2416. static int safexcel_skcipher_chacha20_setkey(struct crypto_skcipher *ctfm,
  2417. const u8 *key, unsigned int len)
  2418. {
  2419. struct safexcel_cipher_ctx *ctx = crypto_skcipher_ctx(ctfm);
  2420. if (len != CHACHA_KEY_SIZE)
  2421. return -EINVAL;
  2422. safexcel_chacha20_setkey(ctx, key);
  2423. return 0;
  2424. }
  2425. static int safexcel_skcipher_chacha20_cra_init(struct crypto_tfm *tfm)
  2426. {
  2427. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2428. safexcel_skcipher_cra_init(tfm);
  2429. ctx->alg = SAFEXCEL_CHACHA20;
  2430. ctx->ctrinit = 0;
  2431. ctx->mode = CONTEXT_CONTROL_CHACHA20_MODE_256_32;
  2432. return 0;
  2433. }
  2434. struct safexcel_alg_template safexcel_alg_chacha20 = {
  2435. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  2436. .algo_mask = SAFEXCEL_ALG_CHACHA20,
  2437. .alg.skcipher = {
  2438. .setkey = safexcel_skcipher_chacha20_setkey,
  2439. .encrypt = safexcel_encrypt,
  2440. .decrypt = safexcel_decrypt,
  2441. .min_keysize = CHACHA_KEY_SIZE,
  2442. .max_keysize = CHACHA_KEY_SIZE,
  2443. .ivsize = CHACHA_IV_SIZE,
  2444. .base = {
  2445. .cra_name = "chacha20",
  2446. .cra_driver_name = "safexcel-chacha20",
  2447. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2448. .cra_flags = CRYPTO_ALG_ASYNC |
  2449. CRYPTO_ALG_ALLOCATES_MEMORY |
  2450. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2451. .cra_blocksize = 1,
  2452. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2453. .cra_alignmask = 0,
  2454. .cra_init = safexcel_skcipher_chacha20_cra_init,
  2455. .cra_exit = safexcel_skcipher_cra_exit,
  2456. .cra_module = THIS_MODULE,
  2457. },
  2458. },
  2459. };
  2460. static int safexcel_aead_chachapoly_setkey(struct crypto_aead *ctfm,
  2461. const u8 *key, unsigned int len)
  2462. {
  2463. struct safexcel_cipher_ctx *ctx = crypto_aead_ctx(ctfm);
  2464. if (ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP &&
  2465. len > EIP197_AEAD_IPSEC_NONCE_SIZE) {
  2466. /* ESP variant has nonce appended to key */
  2467. len -= EIP197_AEAD_IPSEC_NONCE_SIZE;
  2468. ctx->nonce = *(u32 *)(key + len);
  2469. }
  2470. if (len != CHACHA_KEY_SIZE)
  2471. return -EINVAL;
  2472. safexcel_chacha20_setkey(ctx, key);
  2473. return 0;
  2474. }
  2475. static int safexcel_aead_chachapoly_setauthsize(struct crypto_aead *tfm,
  2476. unsigned int authsize)
  2477. {
  2478. if (authsize != POLY1305_DIGEST_SIZE)
  2479. return -EINVAL;
  2480. return 0;
  2481. }
  2482. static int safexcel_aead_chachapoly_crypt(struct aead_request *req,
  2483. enum safexcel_cipher_direction dir)
  2484. {
  2485. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  2486. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  2487. struct crypto_tfm *tfm = crypto_aead_tfm(aead);
  2488. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2489. struct aead_request *subreq = aead_request_ctx(req);
  2490. u32 key[CHACHA_KEY_SIZE / sizeof(u32) + 1];
  2491. int ret = 0;
  2492. /*
  2493. * Instead of wasting time detecting umpteen silly corner cases,
  2494. * just dump all "small" requests to the fallback implementation.
  2495. * HW would not be faster on such small requests anyway.
  2496. */
  2497. if (likely((ctx->aead != EIP197_AEAD_TYPE_IPSEC_ESP ||
  2498. req->assoclen >= EIP197_AEAD_IPSEC_IV_SIZE) &&
  2499. req->cryptlen > POLY1305_DIGEST_SIZE)) {
  2500. return safexcel_queue_req(&req->base, creq, dir);
  2501. }
  2502. /* HW cannot do full (AAD+payload) zero length, use fallback */
  2503. memcpy(key, ctx->key, CHACHA_KEY_SIZE);
  2504. if (ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
  2505. /* ESP variant has nonce appended to the key */
  2506. key[CHACHA_KEY_SIZE / sizeof(u32)] = ctx->nonce;
  2507. ret = crypto_aead_setkey(ctx->fback, (u8 *)key,
  2508. CHACHA_KEY_SIZE +
  2509. EIP197_AEAD_IPSEC_NONCE_SIZE);
  2510. } else {
  2511. ret = crypto_aead_setkey(ctx->fback, (u8 *)key,
  2512. CHACHA_KEY_SIZE);
  2513. }
  2514. if (ret) {
  2515. crypto_aead_clear_flags(aead, CRYPTO_TFM_REQ_MASK);
  2516. crypto_aead_set_flags(aead, crypto_aead_get_flags(ctx->fback) &
  2517. CRYPTO_TFM_REQ_MASK);
  2518. return ret;
  2519. }
  2520. aead_request_set_tfm(subreq, ctx->fback);
  2521. aead_request_set_callback(subreq, req->base.flags, req->base.complete,
  2522. req->base.data);
  2523. aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
  2524. req->iv);
  2525. aead_request_set_ad(subreq, req->assoclen);
  2526. return (dir == SAFEXCEL_ENCRYPT) ?
  2527. crypto_aead_encrypt(subreq) :
  2528. crypto_aead_decrypt(subreq);
  2529. }
  2530. static int safexcel_aead_chachapoly_encrypt(struct aead_request *req)
  2531. {
  2532. return safexcel_aead_chachapoly_crypt(req, SAFEXCEL_ENCRYPT);
  2533. }
  2534. static int safexcel_aead_chachapoly_decrypt(struct aead_request *req)
  2535. {
  2536. return safexcel_aead_chachapoly_crypt(req, SAFEXCEL_DECRYPT);
  2537. }
  2538. static int safexcel_aead_fallback_cra_init(struct crypto_tfm *tfm)
  2539. {
  2540. struct crypto_aead *aead = __crypto_aead_cast(tfm);
  2541. struct aead_alg *alg = crypto_aead_alg(aead);
  2542. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2543. safexcel_aead_cra_init(tfm);
  2544. /* Allocate fallback implementation */
  2545. ctx->fback = crypto_alloc_aead(alg->base.cra_name, 0,
  2546. CRYPTO_ALG_ASYNC |
  2547. CRYPTO_ALG_NEED_FALLBACK);
  2548. if (IS_ERR(ctx->fback))
  2549. return PTR_ERR(ctx->fback);
  2550. crypto_aead_set_reqsize(aead, max(sizeof(struct safexcel_cipher_req),
  2551. sizeof(struct aead_request) +
  2552. crypto_aead_reqsize(ctx->fback)));
  2553. return 0;
  2554. }
  2555. static int safexcel_aead_chachapoly_cra_init(struct crypto_tfm *tfm)
  2556. {
  2557. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2558. safexcel_aead_fallback_cra_init(tfm);
  2559. ctx->alg = SAFEXCEL_CHACHA20;
  2560. ctx->mode = CONTEXT_CONTROL_CHACHA20_MODE_256_32 |
  2561. CONTEXT_CONTROL_CHACHA20_MODE_CALC_OTK;
  2562. ctx->ctrinit = 0;
  2563. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_POLY1305;
  2564. ctx->state_sz = 0; /* Precomputed by HW */
  2565. return 0;
  2566. }
  2567. static void safexcel_aead_fallback_cra_exit(struct crypto_tfm *tfm)
  2568. {
  2569. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2570. crypto_free_aead(ctx->fback);
  2571. safexcel_aead_cra_exit(tfm);
  2572. }
  2573. struct safexcel_alg_template safexcel_alg_chachapoly = {
  2574. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2575. .algo_mask = SAFEXCEL_ALG_CHACHA20 | SAFEXCEL_ALG_POLY1305,
  2576. .alg.aead = {
  2577. .setkey = safexcel_aead_chachapoly_setkey,
  2578. .setauthsize = safexcel_aead_chachapoly_setauthsize,
  2579. .encrypt = safexcel_aead_chachapoly_encrypt,
  2580. .decrypt = safexcel_aead_chachapoly_decrypt,
  2581. .ivsize = CHACHAPOLY_IV_SIZE,
  2582. .maxauthsize = POLY1305_DIGEST_SIZE,
  2583. .base = {
  2584. .cra_name = "rfc7539(chacha20,poly1305)",
  2585. .cra_driver_name = "safexcel-chacha20-poly1305",
  2586. /* +1 to put it above HW chacha + SW poly */
  2587. .cra_priority = SAFEXCEL_CRA_PRIORITY + 1,
  2588. .cra_flags = CRYPTO_ALG_ASYNC |
  2589. CRYPTO_ALG_ALLOCATES_MEMORY |
  2590. CRYPTO_ALG_KERN_DRIVER_ONLY |
  2591. CRYPTO_ALG_NEED_FALLBACK,
  2592. .cra_blocksize = 1,
  2593. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2594. .cra_alignmask = 0,
  2595. .cra_init = safexcel_aead_chachapoly_cra_init,
  2596. .cra_exit = safexcel_aead_fallback_cra_exit,
  2597. .cra_module = THIS_MODULE,
  2598. },
  2599. },
  2600. };
  2601. static int safexcel_aead_chachapolyesp_cra_init(struct crypto_tfm *tfm)
  2602. {
  2603. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2604. int ret;
  2605. ret = safexcel_aead_chachapoly_cra_init(tfm);
  2606. ctx->aead = EIP197_AEAD_TYPE_IPSEC_ESP;
  2607. ctx->aadskip = EIP197_AEAD_IPSEC_IV_SIZE;
  2608. return ret;
  2609. }
  2610. struct safexcel_alg_template safexcel_alg_chachapoly_esp = {
  2611. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2612. .algo_mask = SAFEXCEL_ALG_CHACHA20 | SAFEXCEL_ALG_POLY1305,
  2613. .alg.aead = {
  2614. .setkey = safexcel_aead_chachapoly_setkey,
  2615. .setauthsize = safexcel_aead_chachapoly_setauthsize,
  2616. .encrypt = safexcel_aead_chachapoly_encrypt,
  2617. .decrypt = safexcel_aead_chachapoly_decrypt,
  2618. .ivsize = CHACHAPOLY_IV_SIZE - EIP197_AEAD_IPSEC_NONCE_SIZE,
  2619. .maxauthsize = POLY1305_DIGEST_SIZE,
  2620. .base = {
  2621. .cra_name = "rfc7539esp(chacha20,poly1305)",
  2622. .cra_driver_name = "safexcel-chacha20-poly1305-esp",
  2623. /* +1 to put it above HW chacha + SW poly */
  2624. .cra_priority = SAFEXCEL_CRA_PRIORITY + 1,
  2625. .cra_flags = CRYPTO_ALG_ASYNC |
  2626. CRYPTO_ALG_ALLOCATES_MEMORY |
  2627. CRYPTO_ALG_KERN_DRIVER_ONLY |
  2628. CRYPTO_ALG_NEED_FALLBACK,
  2629. .cra_blocksize = 1,
  2630. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2631. .cra_alignmask = 0,
  2632. .cra_init = safexcel_aead_chachapolyesp_cra_init,
  2633. .cra_exit = safexcel_aead_fallback_cra_exit,
  2634. .cra_module = THIS_MODULE,
  2635. },
  2636. },
  2637. };
  2638. static int safexcel_skcipher_sm4_setkey(struct crypto_skcipher *ctfm,
  2639. const u8 *key, unsigned int len)
  2640. {
  2641. struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
  2642. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2643. struct safexcel_crypto_priv *priv = ctx->base.priv;
  2644. if (len != SM4_KEY_SIZE)
  2645. return -EINVAL;
  2646. if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma)
  2647. if (memcmp(ctx->key, key, SM4_KEY_SIZE))
  2648. ctx->base.needs_inv = true;
  2649. memcpy(ctx->key, key, SM4_KEY_SIZE);
  2650. ctx->key_len = SM4_KEY_SIZE;
  2651. return 0;
  2652. }
  2653. static int safexcel_sm4_blk_encrypt(struct skcipher_request *req)
  2654. {
  2655. /* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
  2656. if (req->cryptlen & (SM4_BLOCK_SIZE - 1))
  2657. return -EINVAL;
  2658. else
  2659. return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
  2660. SAFEXCEL_ENCRYPT);
  2661. }
  2662. static int safexcel_sm4_blk_decrypt(struct skcipher_request *req)
  2663. {
  2664. /* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
  2665. if (req->cryptlen & (SM4_BLOCK_SIZE - 1))
  2666. return -EINVAL;
  2667. else
  2668. return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
  2669. SAFEXCEL_DECRYPT);
  2670. }
  2671. static int safexcel_skcipher_sm4_ecb_cra_init(struct crypto_tfm *tfm)
  2672. {
  2673. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2674. safexcel_skcipher_cra_init(tfm);
  2675. ctx->alg = SAFEXCEL_SM4;
  2676. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_ECB;
  2677. ctx->blocksz = 0;
  2678. ctx->ivmask = EIP197_OPTION_2_TOKEN_IV_CMD;
  2679. return 0;
  2680. }
  2681. struct safexcel_alg_template safexcel_alg_ecb_sm4 = {
  2682. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  2683. .algo_mask = SAFEXCEL_ALG_SM4,
  2684. .alg.skcipher = {
  2685. .setkey = safexcel_skcipher_sm4_setkey,
  2686. .encrypt = safexcel_sm4_blk_encrypt,
  2687. .decrypt = safexcel_sm4_blk_decrypt,
  2688. .min_keysize = SM4_KEY_SIZE,
  2689. .max_keysize = SM4_KEY_SIZE,
  2690. .base = {
  2691. .cra_name = "ecb(sm4)",
  2692. .cra_driver_name = "safexcel-ecb-sm4",
  2693. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2694. .cra_flags = CRYPTO_ALG_ASYNC |
  2695. CRYPTO_ALG_ALLOCATES_MEMORY |
  2696. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2697. .cra_blocksize = SM4_BLOCK_SIZE,
  2698. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2699. .cra_alignmask = 0,
  2700. .cra_init = safexcel_skcipher_sm4_ecb_cra_init,
  2701. .cra_exit = safexcel_skcipher_cra_exit,
  2702. .cra_module = THIS_MODULE,
  2703. },
  2704. },
  2705. };
  2706. static int safexcel_skcipher_sm4_cbc_cra_init(struct crypto_tfm *tfm)
  2707. {
  2708. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2709. safexcel_skcipher_cra_init(tfm);
  2710. ctx->alg = SAFEXCEL_SM4;
  2711. ctx->blocksz = SM4_BLOCK_SIZE;
  2712. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CBC;
  2713. return 0;
  2714. }
  2715. struct safexcel_alg_template safexcel_alg_cbc_sm4 = {
  2716. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  2717. .algo_mask = SAFEXCEL_ALG_SM4,
  2718. .alg.skcipher = {
  2719. .setkey = safexcel_skcipher_sm4_setkey,
  2720. .encrypt = safexcel_sm4_blk_encrypt,
  2721. .decrypt = safexcel_sm4_blk_decrypt,
  2722. .min_keysize = SM4_KEY_SIZE,
  2723. .max_keysize = SM4_KEY_SIZE,
  2724. .ivsize = SM4_BLOCK_SIZE,
  2725. .base = {
  2726. .cra_name = "cbc(sm4)",
  2727. .cra_driver_name = "safexcel-cbc-sm4",
  2728. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2729. .cra_flags = CRYPTO_ALG_ASYNC |
  2730. CRYPTO_ALG_ALLOCATES_MEMORY |
  2731. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2732. .cra_blocksize = SM4_BLOCK_SIZE,
  2733. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2734. .cra_alignmask = 0,
  2735. .cra_init = safexcel_skcipher_sm4_cbc_cra_init,
  2736. .cra_exit = safexcel_skcipher_cra_exit,
  2737. .cra_module = THIS_MODULE,
  2738. },
  2739. },
  2740. };
  2741. static int safexcel_skcipher_sm4ctr_setkey(struct crypto_skcipher *ctfm,
  2742. const u8 *key, unsigned int len)
  2743. {
  2744. struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
  2745. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2746. /* last 4 bytes of key are the nonce! */
  2747. ctx->nonce = *(u32 *)(key + len - CTR_RFC3686_NONCE_SIZE);
  2748. /* exclude the nonce here */
  2749. len -= CTR_RFC3686_NONCE_SIZE;
  2750. return safexcel_skcipher_sm4_setkey(ctfm, key, len);
  2751. }
  2752. static int safexcel_skcipher_sm4_ctr_cra_init(struct crypto_tfm *tfm)
  2753. {
  2754. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2755. safexcel_skcipher_cra_init(tfm);
  2756. ctx->alg = SAFEXCEL_SM4;
  2757. ctx->blocksz = SM4_BLOCK_SIZE;
  2758. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD;
  2759. return 0;
  2760. }
  2761. struct safexcel_alg_template safexcel_alg_ctr_sm4 = {
  2762. .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
  2763. .algo_mask = SAFEXCEL_ALG_SM4,
  2764. .alg.skcipher = {
  2765. .setkey = safexcel_skcipher_sm4ctr_setkey,
  2766. .encrypt = safexcel_encrypt,
  2767. .decrypt = safexcel_decrypt,
  2768. /* Add nonce size */
  2769. .min_keysize = SM4_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
  2770. .max_keysize = SM4_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
  2771. .ivsize = CTR_RFC3686_IV_SIZE,
  2772. .base = {
  2773. .cra_name = "rfc3686(ctr(sm4))",
  2774. .cra_driver_name = "safexcel-ctr-sm4",
  2775. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2776. .cra_flags = CRYPTO_ALG_ASYNC |
  2777. CRYPTO_ALG_ALLOCATES_MEMORY |
  2778. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2779. .cra_blocksize = 1,
  2780. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2781. .cra_alignmask = 0,
  2782. .cra_init = safexcel_skcipher_sm4_ctr_cra_init,
  2783. .cra_exit = safexcel_skcipher_cra_exit,
  2784. .cra_module = THIS_MODULE,
  2785. },
  2786. },
  2787. };
  2788. static int safexcel_aead_sm4_blk_encrypt(struct aead_request *req)
  2789. {
  2790. /* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
  2791. if (req->cryptlen & (SM4_BLOCK_SIZE - 1))
  2792. return -EINVAL;
  2793. return safexcel_queue_req(&req->base, aead_request_ctx(req),
  2794. SAFEXCEL_ENCRYPT);
  2795. }
  2796. static int safexcel_aead_sm4_blk_decrypt(struct aead_request *req)
  2797. {
  2798. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  2799. /* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
  2800. if ((req->cryptlen - crypto_aead_authsize(tfm)) & (SM4_BLOCK_SIZE - 1))
  2801. return -EINVAL;
  2802. return safexcel_queue_req(&req->base, aead_request_ctx(req),
  2803. SAFEXCEL_DECRYPT);
  2804. }
  2805. static int safexcel_aead_sm4cbc_sha1_cra_init(struct crypto_tfm *tfm)
  2806. {
  2807. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2808. safexcel_aead_cra_init(tfm);
  2809. ctx->alg = SAFEXCEL_SM4;
  2810. ctx->blocksz = SM4_BLOCK_SIZE;
  2811. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1;
  2812. ctx->state_sz = SHA1_DIGEST_SIZE;
  2813. return 0;
  2814. }
  2815. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_sm4 = {
  2816. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2817. .algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_SHA1,
  2818. .alg.aead = {
  2819. .setkey = safexcel_aead_setkey,
  2820. .encrypt = safexcel_aead_sm4_blk_encrypt,
  2821. .decrypt = safexcel_aead_sm4_blk_decrypt,
  2822. .ivsize = SM4_BLOCK_SIZE,
  2823. .maxauthsize = SHA1_DIGEST_SIZE,
  2824. .base = {
  2825. .cra_name = "authenc(hmac(sha1),cbc(sm4))",
  2826. .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-sm4",
  2827. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2828. .cra_flags = CRYPTO_ALG_ASYNC |
  2829. CRYPTO_ALG_ALLOCATES_MEMORY |
  2830. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2831. .cra_blocksize = SM4_BLOCK_SIZE,
  2832. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2833. .cra_alignmask = 0,
  2834. .cra_init = safexcel_aead_sm4cbc_sha1_cra_init,
  2835. .cra_exit = safexcel_aead_cra_exit,
  2836. .cra_module = THIS_MODULE,
  2837. },
  2838. },
  2839. };
  2840. static int safexcel_aead_fallback_setkey(struct crypto_aead *ctfm,
  2841. const u8 *key, unsigned int len)
  2842. {
  2843. struct crypto_tfm *tfm = crypto_aead_tfm(ctfm);
  2844. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2845. /* Keep fallback cipher synchronized */
  2846. return crypto_aead_setkey(ctx->fback, (u8 *)key, len) ?:
  2847. safexcel_aead_setkey(ctfm, key, len);
  2848. }
  2849. static int safexcel_aead_fallback_setauthsize(struct crypto_aead *ctfm,
  2850. unsigned int authsize)
  2851. {
  2852. struct crypto_tfm *tfm = crypto_aead_tfm(ctfm);
  2853. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2854. /* Keep fallback cipher synchronized */
  2855. return crypto_aead_setauthsize(ctx->fback, authsize);
  2856. }
  2857. static int safexcel_aead_fallback_crypt(struct aead_request *req,
  2858. enum safexcel_cipher_direction dir)
  2859. {
  2860. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  2861. struct crypto_tfm *tfm = crypto_aead_tfm(aead);
  2862. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2863. struct aead_request *subreq = aead_request_ctx(req);
  2864. aead_request_set_tfm(subreq, ctx->fback);
  2865. aead_request_set_callback(subreq, req->base.flags, req->base.complete,
  2866. req->base.data);
  2867. aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
  2868. req->iv);
  2869. aead_request_set_ad(subreq, req->assoclen);
  2870. return (dir == SAFEXCEL_ENCRYPT) ?
  2871. crypto_aead_encrypt(subreq) :
  2872. crypto_aead_decrypt(subreq);
  2873. }
  2874. static int safexcel_aead_sm4cbc_sm3_encrypt(struct aead_request *req)
  2875. {
  2876. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  2877. /* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
  2878. if (req->cryptlen & (SM4_BLOCK_SIZE - 1))
  2879. return -EINVAL;
  2880. else if (req->cryptlen || req->assoclen) /* If input length > 0 only */
  2881. return safexcel_queue_req(&req->base, creq, SAFEXCEL_ENCRYPT);
  2882. /* HW cannot do full (AAD+payload) zero length, use fallback */
  2883. return safexcel_aead_fallback_crypt(req, SAFEXCEL_ENCRYPT);
  2884. }
  2885. static int safexcel_aead_sm4cbc_sm3_decrypt(struct aead_request *req)
  2886. {
  2887. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  2888. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  2889. /* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
  2890. if ((req->cryptlen - crypto_aead_authsize(tfm)) & (SM4_BLOCK_SIZE - 1))
  2891. return -EINVAL;
  2892. else if (req->cryptlen > crypto_aead_authsize(tfm) || req->assoclen)
  2893. /* If input length > 0 only */
  2894. return safexcel_queue_req(&req->base, creq, SAFEXCEL_DECRYPT);
  2895. /* HW cannot do full (AAD+payload) zero length, use fallback */
  2896. return safexcel_aead_fallback_crypt(req, SAFEXCEL_DECRYPT);
  2897. }
  2898. static int safexcel_aead_sm4cbc_sm3_cra_init(struct crypto_tfm *tfm)
  2899. {
  2900. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2901. safexcel_aead_fallback_cra_init(tfm);
  2902. ctx->alg = SAFEXCEL_SM4;
  2903. ctx->blocksz = SM4_BLOCK_SIZE;
  2904. ctx->hash_alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
  2905. ctx->state_sz = SM3_DIGEST_SIZE;
  2906. return 0;
  2907. }
  2908. struct safexcel_alg_template safexcel_alg_authenc_hmac_sm3_cbc_sm4 = {
  2909. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2910. .algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_SM3,
  2911. .alg.aead = {
  2912. .setkey = safexcel_aead_fallback_setkey,
  2913. .setauthsize = safexcel_aead_fallback_setauthsize,
  2914. .encrypt = safexcel_aead_sm4cbc_sm3_encrypt,
  2915. .decrypt = safexcel_aead_sm4cbc_sm3_decrypt,
  2916. .ivsize = SM4_BLOCK_SIZE,
  2917. .maxauthsize = SM3_DIGEST_SIZE,
  2918. .base = {
  2919. .cra_name = "authenc(hmac(sm3),cbc(sm4))",
  2920. .cra_driver_name = "safexcel-authenc-hmac-sm3-cbc-sm4",
  2921. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2922. .cra_flags = CRYPTO_ALG_ASYNC |
  2923. CRYPTO_ALG_ALLOCATES_MEMORY |
  2924. CRYPTO_ALG_KERN_DRIVER_ONLY |
  2925. CRYPTO_ALG_NEED_FALLBACK,
  2926. .cra_blocksize = SM4_BLOCK_SIZE,
  2927. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2928. .cra_alignmask = 0,
  2929. .cra_init = safexcel_aead_sm4cbc_sm3_cra_init,
  2930. .cra_exit = safexcel_aead_fallback_cra_exit,
  2931. .cra_module = THIS_MODULE,
  2932. },
  2933. },
  2934. };
  2935. static int safexcel_aead_sm4ctr_sha1_cra_init(struct crypto_tfm *tfm)
  2936. {
  2937. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2938. safexcel_aead_sm4cbc_sha1_cra_init(tfm);
  2939. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD;
  2940. return 0;
  2941. }
  2942. struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_ctr_sm4 = {
  2943. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2944. .algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_SHA1,
  2945. .alg.aead = {
  2946. .setkey = safexcel_aead_setkey,
  2947. .encrypt = safexcel_aead_encrypt,
  2948. .decrypt = safexcel_aead_decrypt,
  2949. .ivsize = CTR_RFC3686_IV_SIZE,
  2950. .maxauthsize = SHA1_DIGEST_SIZE,
  2951. .base = {
  2952. .cra_name = "authenc(hmac(sha1),rfc3686(ctr(sm4)))",
  2953. .cra_driver_name = "safexcel-authenc-hmac-sha1-ctr-sm4",
  2954. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2955. .cra_flags = CRYPTO_ALG_ASYNC |
  2956. CRYPTO_ALG_ALLOCATES_MEMORY |
  2957. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2958. .cra_blocksize = 1,
  2959. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2960. .cra_alignmask = 0,
  2961. .cra_init = safexcel_aead_sm4ctr_sha1_cra_init,
  2962. .cra_exit = safexcel_aead_cra_exit,
  2963. .cra_module = THIS_MODULE,
  2964. },
  2965. },
  2966. };
  2967. static int safexcel_aead_sm4ctr_sm3_cra_init(struct crypto_tfm *tfm)
  2968. {
  2969. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  2970. safexcel_aead_sm4cbc_sm3_cra_init(tfm);
  2971. ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD;
  2972. return 0;
  2973. }
  2974. struct safexcel_alg_template safexcel_alg_authenc_hmac_sm3_ctr_sm4 = {
  2975. .type = SAFEXCEL_ALG_TYPE_AEAD,
  2976. .algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_SM3,
  2977. .alg.aead = {
  2978. .setkey = safexcel_aead_setkey,
  2979. .encrypt = safexcel_aead_encrypt,
  2980. .decrypt = safexcel_aead_decrypt,
  2981. .ivsize = CTR_RFC3686_IV_SIZE,
  2982. .maxauthsize = SM3_DIGEST_SIZE,
  2983. .base = {
  2984. .cra_name = "authenc(hmac(sm3),rfc3686(ctr(sm4)))",
  2985. .cra_driver_name = "safexcel-authenc-hmac-sm3-ctr-sm4",
  2986. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  2987. .cra_flags = CRYPTO_ALG_ASYNC |
  2988. CRYPTO_ALG_ALLOCATES_MEMORY |
  2989. CRYPTO_ALG_KERN_DRIVER_ONLY,
  2990. .cra_blocksize = 1,
  2991. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  2992. .cra_alignmask = 0,
  2993. .cra_init = safexcel_aead_sm4ctr_sm3_cra_init,
  2994. .cra_exit = safexcel_aead_cra_exit,
  2995. .cra_module = THIS_MODULE,
  2996. },
  2997. },
  2998. };
  2999. static int safexcel_rfc4106_gcm_setkey(struct crypto_aead *ctfm, const u8 *key,
  3000. unsigned int len)
  3001. {
  3002. struct crypto_tfm *tfm = crypto_aead_tfm(ctfm);
  3003. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  3004. /* last 4 bytes of key are the nonce! */
  3005. ctx->nonce = *(u32 *)(key + len - CTR_RFC3686_NONCE_SIZE);
  3006. len -= CTR_RFC3686_NONCE_SIZE;
  3007. return safexcel_aead_gcm_setkey(ctfm, key, len);
  3008. }
  3009. static int safexcel_rfc4106_gcm_setauthsize(struct crypto_aead *tfm,
  3010. unsigned int authsize)
  3011. {
  3012. return crypto_rfc4106_check_authsize(authsize);
  3013. }
  3014. static int safexcel_rfc4106_encrypt(struct aead_request *req)
  3015. {
  3016. return crypto_ipsec_check_assoclen(req->assoclen) ?:
  3017. safexcel_aead_encrypt(req);
  3018. }
  3019. static int safexcel_rfc4106_decrypt(struct aead_request *req)
  3020. {
  3021. return crypto_ipsec_check_assoclen(req->assoclen) ?:
  3022. safexcel_aead_decrypt(req);
  3023. }
  3024. static int safexcel_rfc4106_gcm_cra_init(struct crypto_tfm *tfm)
  3025. {
  3026. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  3027. int ret;
  3028. ret = safexcel_aead_gcm_cra_init(tfm);
  3029. ctx->aead = EIP197_AEAD_TYPE_IPSEC_ESP;
  3030. ctx->aadskip = EIP197_AEAD_IPSEC_IV_SIZE;
  3031. return ret;
  3032. }
  3033. struct safexcel_alg_template safexcel_alg_rfc4106_gcm = {
  3034. .type = SAFEXCEL_ALG_TYPE_AEAD,
  3035. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_GHASH,
  3036. .alg.aead = {
  3037. .setkey = safexcel_rfc4106_gcm_setkey,
  3038. .setauthsize = safexcel_rfc4106_gcm_setauthsize,
  3039. .encrypt = safexcel_rfc4106_encrypt,
  3040. .decrypt = safexcel_rfc4106_decrypt,
  3041. .ivsize = GCM_RFC4106_IV_SIZE,
  3042. .maxauthsize = GHASH_DIGEST_SIZE,
  3043. .base = {
  3044. .cra_name = "rfc4106(gcm(aes))",
  3045. .cra_driver_name = "safexcel-rfc4106-gcm-aes",
  3046. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  3047. .cra_flags = CRYPTO_ALG_ASYNC |
  3048. CRYPTO_ALG_ALLOCATES_MEMORY |
  3049. CRYPTO_ALG_KERN_DRIVER_ONLY,
  3050. .cra_blocksize = 1,
  3051. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  3052. .cra_alignmask = 0,
  3053. .cra_init = safexcel_rfc4106_gcm_cra_init,
  3054. .cra_exit = safexcel_aead_gcm_cra_exit,
  3055. },
  3056. },
  3057. };
  3058. static int safexcel_rfc4543_gcm_setauthsize(struct crypto_aead *tfm,
  3059. unsigned int authsize)
  3060. {
  3061. if (authsize != GHASH_DIGEST_SIZE)
  3062. return -EINVAL;
  3063. return 0;
  3064. }
  3065. static int safexcel_rfc4543_gcm_cra_init(struct crypto_tfm *tfm)
  3066. {
  3067. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  3068. int ret;
  3069. ret = safexcel_aead_gcm_cra_init(tfm);
  3070. ctx->aead = EIP197_AEAD_TYPE_IPSEC_ESP_GMAC;
  3071. return ret;
  3072. }
  3073. struct safexcel_alg_template safexcel_alg_rfc4543_gcm = {
  3074. .type = SAFEXCEL_ALG_TYPE_AEAD,
  3075. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_GHASH,
  3076. .alg.aead = {
  3077. .setkey = safexcel_rfc4106_gcm_setkey,
  3078. .setauthsize = safexcel_rfc4543_gcm_setauthsize,
  3079. .encrypt = safexcel_rfc4106_encrypt,
  3080. .decrypt = safexcel_rfc4106_decrypt,
  3081. .ivsize = GCM_RFC4543_IV_SIZE,
  3082. .maxauthsize = GHASH_DIGEST_SIZE,
  3083. .base = {
  3084. .cra_name = "rfc4543(gcm(aes))",
  3085. .cra_driver_name = "safexcel-rfc4543-gcm-aes",
  3086. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  3087. .cra_flags = CRYPTO_ALG_ASYNC |
  3088. CRYPTO_ALG_ALLOCATES_MEMORY |
  3089. CRYPTO_ALG_KERN_DRIVER_ONLY,
  3090. .cra_blocksize = 1,
  3091. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  3092. .cra_alignmask = 0,
  3093. .cra_init = safexcel_rfc4543_gcm_cra_init,
  3094. .cra_exit = safexcel_aead_gcm_cra_exit,
  3095. },
  3096. },
  3097. };
  3098. static int safexcel_rfc4309_ccm_setkey(struct crypto_aead *ctfm, const u8 *key,
  3099. unsigned int len)
  3100. {
  3101. struct crypto_tfm *tfm = crypto_aead_tfm(ctfm);
  3102. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  3103. /* First byte of the nonce = L = always 3 for RFC4309 (4 byte ctr) */
  3104. *(u8 *)&ctx->nonce = EIP197_AEAD_IPSEC_COUNTER_SIZE - 1;
  3105. /* last 3 bytes of key are the nonce! */
  3106. memcpy((u8 *)&ctx->nonce + 1, key + len -
  3107. EIP197_AEAD_IPSEC_CCM_NONCE_SIZE,
  3108. EIP197_AEAD_IPSEC_CCM_NONCE_SIZE);
  3109. len -= EIP197_AEAD_IPSEC_CCM_NONCE_SIZE;
  3110. return safexcel_aead_ccm_setkey(ctfm, key, len);
  3111. }
  3112. static int safexcel_rfc4309_ccm_setauthsize(struct crypto_aead *tfm,
  3113. unsigned int authsize)
  3114. {
  3115. /* Borrowed from crypto/ccm.c */
  3116. switch (authsize) {
  3117. case 8:
  3118. case 12:
  3119. case 16:
  3120. break;
  3121. default:
  3122. return -EINVAL;
  3123. }
  3124. return 0;
  3125. }
  3126. static int safexcel_rfc4309_ccm_encrypt(struct aead_request *req)
  3127. {
  3128. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  3129. /* Borrowed from crypto/ccm.c */
  3130. if (req->assoclen != 16 && req->assoclen != 20)
  3131. return -EINVAL;
  3132. return safexcel_queue_req(&req->base, creq, SAFEXCEL_ENCRYPT);
  3133. }
  3134. static int safexcel_rfc4309_ccm_decrypt(struct aead_request *req)
  3135. {
  3136. struct safexcel_cipher_req *creq = aead_request_ctx(req);
  3137. /* Borrowed from crypto/ccm.c */
  3138. if (req->assoclen != 16 && req->assoclen != 20)
  3139. return -EINVAL;
  3140. return safexcel_queue_req(&req->base, creq, SAFEXCEL_DECRYPT);
  3141. }
  3142. static int safexcel_rfc4309_ccm_cra_init(struct crypto_tfm *tfm)
  3143. {
  3144. struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
  3145. int ret;
  3146. ret = safexcel_aead_ccm_cra_init(tfm);
  3147. ctx->aead = EIP197_AEAD_TYPE_IPSEC_ESP;
  3148. ctx->aadskip = EIP197_AEAD_IPSEC_IV_SIZE;
  3149. return ret;
  3150. }
  3151. struct safexcel_alg_template safexcel_alg_rfc4309_ccm = {
  3152. .type = SAFEXCEL_ALG_TYPE_AEAD,
  3153. .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_CBC_MAC_ALL,
  3154. .alg.aead = {
  3155. .setkey = safexcel_rfc4309_ccm_setkey,
  3156. .setauthsize = safexcel_rfc4309_ccm_setauthsize,
  3157. .encrypt = safexcel_rfc4309_ccm_encrypt,
  3158. .decrypt = safexcel_rfc4309_ccm_decrypt,
  3159. .ivsize = EIP197_AEAD_IPSEC_IV_SIZE,
  3160. .maxauthsize = AES_BLOCK_SIZE,
  3161. .base = {
  3162. .cra_name = "rfc4309(ccm(aes))",
  3163. .cra_driver_name = "safexcel-rfc4309-ccm-aes",
  3164. .cra_priority = SAFEXCEL_CRA_PRIORITY,
  3165. .cra_flags = CRYPTO_ALG_ASYNC |
  3166. CRYPTO_ALG_ALLOCATES_MEMORY |
  3167. CRYPTO_ALG_KERN_DRIVER_ONLY,
  3168. .cra_blocksize = 1,
  3169. .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
  3170. .cra_alignmask = 0,
  3171. .cra_init = safexcel_rfc4309_ccm_cra_init,
  3172. .cra_exit = safexcel_aead_cra_exit,
  3173. .cra_module = THIS_MODULE,
  3174. },
  3175. },
  3176. };