omap-aes-gcm.c 9.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Cryptographic API.
  4. *
  5. * Support for OMAP AES GCM HW acceleration.
  6. *
  7. * Copyright (c) 2016 Texas Instruments Incorporated
  8. */
  9. #include <crypto/aes.h>
  10. #include <crypto/engine.h>
  11. #include <crypto/gcm.h>
  12. #include <crypto/internal/aead.h>
  13. #include <crypto/scatterwalk.h>
  14. #include <crypto/skcipher.h>
  15. #include <linux/errno.h>
  16. #include <linux/dma-mapping.h>
  17. #include <linux/dmaengine.h>
  18. #include <linux/interrupt.h>
  19. #include <linux/kernel.h>
  20. #include <linux/omap-dma.h>
  21. #include <linux/pm_runtime.h>
  22. #include <linux/scatterlist.h>
  23. #include <linux/string.h>
  24. #include "omap-crypto.h"
  25. #include "omap-aes.h"
  26. static int omap_aes_gcm_handle_queue(struct omap_aes_dev *dd,
  27. struct aead_request *req);
  28. static void omap_aes_gcm_finish_req(struct omap_aes_dev *dd, int ret)
  29. {
  30. struct aead_request *req = dd->aead_req;
  31. dd->in_sg = NULL;
  32. dd->out_sg = NULL;
  33. crypto_finalize_aead_request(dd->engine, req, ret);
  34. pm_runtime_put_autosuspend(dd->dev);
  35. }
  36. static void omap_aes_gcm_done_task(struct omap_aes_dev *dd)
  37. {
  38. u8 *tag;
  39. int alen, clen, i, ret = 0, nsg;
  40. struct omap_aes_reqctx *rctx;
  41. alen = ALIGN(dd->assoc_len, AES_BLOCK_SIZE);
  42. clen = ALIGN(dd->total, AES_BLOCK_SIZE);
  43. rctx = aead_request_ctx(dd->aead_req);
  44. nsg = !!(dd->assoc_len && dd->total);
  45. dma_sync_sg_for_device(dd->dev, dd->out_sg, dd->out_sg_len,
  46. DMA_FROM_DEVICE);
  47. dma_unmap_sg(dd->dev, dd->in_sg, dd->in_sg_len, DMA_TO_DEVICE);
  48. dma_unmap_sg(dd->dev, dd->out_sg, dd->out_sg_len, DMA_FROM_DEVICE);
  49. omap_aes_crypt_dma_stop(dd);
  50. omap_crypto_cleanup(dd->out_sg, dd->orig_out,
  51. dd->aead_req->assoclen, dd->total,
  52. FLAGS_OUT_DATA_ST_SHIFT, dd->flags);
  53. if (dd->flags & FLAGS_ENCRYPT)
  54. scatterwalk_map_and_copy(rctx->auth_tag,
  55. dd->aead_req->dst,
  56. dd->total + dd->aead_req->assoclen,
  57. dd->authsize, 1);
  58. omap_crypto_cleanup(&dd->in_sgl[0], NULL, 0, alen,
  59. FLAGS_ASSOC_DATA_ST_SHIFT, dd->flags);
  60. omap_crypto_cleanup(&dd->in_sgl[nsg], NULL, 0, clen,
  61. FLAGS_IN_DATA_ST_SHIFT, dd->flags);
  62. if (!(dd->flags & FLAGS_ENCRYPT)) {
  63. tag = (u8 *)rctx->auth_tag;
  64. for (i = 0; i < dd->authsize; i++) {
  65. if (tag[i]) {
  66. ret = -EBADMSG;
  67. }
  68. }
  69. }
  70. omap_aes_gcm_finish_req(dd, ret);
  71. }
  72. static int omap_aes_gcm_copy_buffers(struct omap_aes_dev *dd,
  73. struct aead_request *req)
  74. {
  75. int alen, clen, cryptlen, assoclen, ret;
  76. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  77. unsigned int authlen = crypto_aead_authsize(aead);
  78. struct scatterlist *tmp, sg_arr[2];
  79. int nsg;
  80. u16 flags;
  81. assoclen = req->assoclen;
  82. cryptlen = req->cryptlen;
  83. if (dd->flags & FLAGS_RFC4106_GCM)
  84. assoclen -= 8;
  85. if (!(dd->flags & FLAGS_ENCRYPT))
  86. cryptlen -= authlen;
  87. alen = ALIGN(assoclen, AES_BLOCK_SIZE);
  88. clen = ALIGN(cryptlen, AES_BLOCK_SIZE);
  89. nsg = !!(assoclen && cryptlen);
  90. omap_aes_clear_copy_flags(dd);
  91. sg_init_table(dd->in_sgl, nsg + 1);
  92. if (assoclen) {
  93. tmp = req->src;
  94. ret = omap_crypto_align_sg(&tmp, assoclen,
  95. AES_BLOCK_SIZE, dd->in_sgl,
  96. OMAP_CRYPTO_COPY_DATA |
  97. OMAP_CRYPTO_ZERO_BUF |
  98. OMAP_CRYPTO_FORCE_SINGLE_ENTRY,
  99. FLAGS_ASSOC_DATA_ST_SHIFT,
  100. &dd->flags);
  101. if (ret)
  102. return ret;
  103. }
  104. if (cryptlen) {
  105. tmp = scatterwalk_ffwd(sg_arr, req->src, req->assoclen);
  106. if (nsg)
  107. sg_unmark_end(dd->in_sgl);
  108. ret = omap_crypto_align_sg(&tmp, cryptlen,
  109. AES_BLOCK_SIZE, &dd->in_sgl[nsg],
  110. OMAP_CRYPTO_COPY_DATA |
  111. OMAP_CRYPTO_ZERO_BUF |
  112. OMAP_CRYPTO_FORCE_SINGLE_ENTRY,
  113. FLAGS_IN_DATA_ST_SHIFT,
  114. &dd->flags);
  115. if (ret)
  116. return ret;
  117. }
  118. dd->in_sg = dd->in_sgl;
  119. dd->total = cryptlen;
  120. dd->assoc_len = assoclen;
  121. dd->authsize = authlen;
  122. dd->out_sg = req->dst;
  123. dd->orig_out = req->dst;
  124. dd->out_sg = scatterwalk_ffwd(sg_arr, req->dst, req->assoclen);
  125. flags = 0;
  126. if (req->src == req->dst || dd->out_sg == sg_arr)
  127. flags |= OMAP_CRYPTO_FORCE_COPY;
  128. if (cryptlen) {
  129. ret = omap_crypto_align_sg(&dd->out_sg, cryptlen,
  130. AES_BLOCK_SIZE, &dd->out_sgl,
  131. flags,
  132. FLAGS_OUT_DATA_ST_SHIFT, &dd->flags);
  133. if (ret)
  134. return ret;
  135. }
  136. dd->in_sg_len = sg_nents_for_len(dd->in_sg, alen + clen);
  137. dd->out_sg_len = sg_nents_for_len(dd->out_sg, clen);
  138. return 0;
  139. }
  140. static int do_encrypt_iv(struct aead_request *req, u32 *tag, u32 *iv)
  141. {
  142. struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
  143. aes_encrypt(&ctx->akey, (u8 *)tag, (const u8 *)iv);
  144. return 0;
  145. }
  146. void omap_aes_gcm_dma_out_callback(void *data)
  147. {
  148. struct omap_aes_dev *dd = data;
  149. struct omap_aes_reqctx *rctx;
  150. int i, val;
  151. u32 *auth_tag, tag[4];
  152. if (!(dd->flags & FLAGS_ENCRYPT))
  153. scatterwalk_map_and_copy(tag, dd->aead_req->src,
  154. dd->total + dd->aead_req->assoclen,
  155. dd->authsize, 0);
  156. rctx = aead_request_ctx(dd->aead_req);
  157. auth_tag = (u32 *)rctx->auth_tag;
  158. for (i = 0; i < 4; i++) {
  159. val = omap_aes_read(dd, AES_REG_TAG_N(dd, i));
  160. auth_tag[i] = val ^ auth_tag[i];
  161. if (!(dd->flags & FLAGS_ENCRYPT))
  162. auth_tag[i] = auth_tag[i] ^ tag[i];
  163. }
  164. omap_aes_gcm_done_task(dd);
  165. }
  166. static int omap_aes_gcm_handle_queue(struct omap_aes_dev *dd,
  167. struct aead_request *req)
  168. {
  169. if (req)
  170. return crypto_transfer_aead_request_to_engine(dd->engine, req);
  171. return 0;
  172. }
  173. static int omap_aes_gcm_prepare_req(struct aead_request *req,
  174. struct omap_aes_dev *dd)
  175. {
  176. struct omap_aes_reqctx *rctx = aead_request_ctx(req);
  177. struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
  178. int err;
  179. dd->aead_req = req;
  180. rctx->mode &= FLAGS_MODE_MASK;
  181. dd->flags = (dd->flags & ~FLAGS_MODE_MASK) | rctx->mode;
  182. err = omap_aes_gcm_copy_buffers(dd, req);
  183. if (err)
  184. return err;
  185. dd->ctx = &ctx->octx;
  186. return omap_aes_write_ctrl(dd);
  187. }
  188. static int omap_aes_gcm_crypt(struct aead_request *req, unsigned long mode)
  189. {
  190. struct omap_aes_reqctx *rctx = aead_request_ctx(req);
  191. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  192. unsigned int authlen = crypto_aead_authsize(aead);
  193. struct omap_aes_dev *dd;
  194. __be32 counter = cpu_to_be32(1);
  195. int err, assoclen;
  196. memset(rctx->auth_tag, 0, sizeof(rctx->auth_tag));
  197. memcpy(rctx->iv + GCM_AES_IV_SIZE, &counter, 4);
  198. err = do_encrypt_iv(req, (u32 *)rctx->auth_tag, (u32 *)rctx->iv);
  199. if (err)
  200. return err;
  201. if (mode & FLAGS_RFC4106_GCM)
  202. assoclen = req->assoclen - 8;
  203. else
  204. assoclen = req->assoclen;
  205. if (assoclen + req->cryptlen == 0) {
  206. scatterwalk_map_and_copy(rctx->auth_tag, req->dst, 0, authlen,
  207. 1);
  208. return 0;
  209. }
  210. dd = omap_aes_find_dev(rctx);
  211. if (!dd)
  212. return -ENODEV;
  213. rctx->mode = mode;
  214. return omap_aes_gcm_handle_queue(dd, req);
  215. }
  216. int omap_aes_gcm_encrypt(struct aead_request *req)
  217. {
  218. struct omap_aes_reqctx *rctx = aead_request_ctx(req);
  219. memcpy(rctx->iv, req->iv, GCM_AES_IV_SIZE);
  220. return omap_aes_gcm_crypt(req, FLAGS_ENCRYPT | FLAGS_GCM);
  221. }
  222. int omap_aes_gcm_decrypt(struct aead_request *req)
  223. {
  224. struct omap_aes_reqctx *rctx = aead_request_ctx(req);
  225. memcpy(rctx->iv, req->iv, GCM_AES_IV_SIZE);
  226. return omap_aes_gcm_crypt(req, FLAGS_GCM);
  227. }
  228. int omap_aes_4106gcm_encrypt(struct aead_request *req)
  229. {
  230. struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
  231. struct omap_aes_reqctx *rctx = aead_request_ctx(req);
  232. memcpy(rctx->iv, ctx->octx.nonce, 4);
  233. memcpy(rctx->iv + 4, req->iv, 8);
  234. return crypto_ipsec_check_assoclen(req->assoclen) ?:
  235. omap_aes_gcm_crypt(req, FLAGS_ENCRYPT | FLAGS_GCM |
  236. FLAGS_RFC4106_GCM);
  237. }
  238. int omap_aes_4106gcm_decrypt(struct aead_request *req)
  239. {
  240. struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
  241. struct omap_aes_reqctx *rctx = aead_request_ctx(req);
  242. memcpy(rctx->iv, ctx->octx.nonce, 4);
  243. memcpy(rctx->iv + 4, req->iv, 8);
  244. return crypto_ipsec_check_assoclen(req->assoclen) ?:
  245. omap_aes_gcm_crypt(req, FLAGS_GCM | FLAGS_RFC4106_GCM);
  246. }
  247. int omap_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
  248. unsigned int keylen)
  249. {
  250. struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm);
  251. int ret;
  252. ret = aes_prepareenckey(&ctx->akey, key, keylen);
  253. if (ret)
  254. return ret;
  255. memcpy(ctx->octx.key, key, keylen);
  256. ctx->octx.keylen = keylen;
  257. return 0;
  258. }
  259. int omap_aes_4106gcm_setkey(struct crypto_aead *tfm, const u8 *key,
  260. unsigned int keylen)
  261. {
  262. struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm);
  263. int ret;
  264. if (keylen < 4)
  265. return -EINVAL;
  266. keylen -= 4;
  267. ret = aes_prepareenckey(&ctx->akey, key, keylen);
  268. if (ret)
  269. return ret;
  270. memcpy(ctx->octx.key, key, keylen);
  271. memcpy(ctx->octx.nonce, key + keylen, 4);
  272. ctx->octx.keylen = keylen;
  273. return 0;
  274. }
  275. int omap_aes_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
  276. {
  277. return crypto_gcm_check_authsize(authsize);
  278. }
  279. int omap_aes_4106gcm_setauthsize(struct crypto_aead *parent,
  280. unsigned int authsize)
  281. {
  282. return crypto_rfc4106_check_authsize(authsize);
  283. }
  284. int omap_aes_gcm_crypt_req(struct crypto_engine *engine, void *areq)
  285. {
  286. struct aead_request *req = container_of(areq, struct aead_request,
  287. base);
  288. struct omap_aes_reqctx *rctx = aead_request_ctx(req);
  289. struct omap_aes_dev *dd = rctx->dd;
  290. int ret;
  291. if (!dd)
  292. return -ENODEV;
  293. ret = omap_aes_gcm_prepare_req(req, dd);
  294. if (ret)
  295. return ret;
  296. if (dd->in_sg_len)
  297. ret = omap_aes_crypt_dma_start(dd);
  298. else
  299. omap_aes_gcm_dma_out_callback(dd);
  300. return ret;
  301. }
  302. int omap_aes_gcm_cra_init(struct crypto_aead *tfm)
  303. {
  304. crypto_aead_set_reqsize(tfm, sizeof(struct omap_aes_reqctx));
  305. return 0;
  306. }