1 // SPDX-License-Identifier: GPL-2.0-only
3  * AES GCM routines supporting the Power 7+ Nest Accelerators driver
11 #include <crypto/aes.h>
13 #include <crypto/gcm.h>
28 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;  in gcm_aes_nx_set_key()
29 	struct nx_csbcpb *csbcpb_aead = nx_ctx->csbcpb_aead;  in gcm_aes_nx_set_key()
37 		nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_128];  in gcm_aes_nx_set_key()
42 		nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_192];  in gcm_aes_nx_set_key()
47 		nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_256];  in gcm_aes_nx_set_key()
50 		return -EINVAL;  in gcm_aes_nx_set_key()
53 	csbcpb->cpb.hdr.mode = NX_MODE_AES_GCM;  in gcm_aes_nx_set_key()
54 	memcpy(csbcpb->cpb.aes_gcm.key, in_key, key_len);  in gcm_aes_nx_set_key()
56 	csbcpb_aead->cpb.hdr.mode = NX_MODE_AES_GCA;  in gcm_aes_nx_set_key()
57 	memcpy(csbcpb_aead->cpb.aes_gca.key, in_key, key_len);  in gcm_aes_nx_set_key()
67 	char *nonce = nx_ctx->priv.gcm.nonce;  in gcm4106_aes_nx_set_key()
71 		return -EINVAL;  in gcm4106_aes_nx_set_key()
73 	key_len -= 4;  in gcm4106_aes_nx_set_key()
93 		return -EINVAL;  in gcm4106_aes_nx_setauthsize()
105 	struct nx_csbcpb *csbcpb_aead = nx_ctx->csbcpb_aead;  in nx_gca()
107 	struct nx_sg *nx_sg = nx_ctx->in_sg;  in nx_gca()
113 		scatterwalk_start(&walk, req->src);  in nx_gca()
123 			   nx_ctx->ap->sglen);  in nx_gca()
125 			   nx_ctx->ap->databytelen/NX_PAGE_SIZE);  in nx_gca()
132 		to_process = min_t(u64, nbytes - processed,  in nx_gca()
133 				   nx_ctx->ap->databytelen);  in nx_gca()
135 				   NX_PAGE_SIZE * (max_sg_len - 1));  in nx_gca()
137 		nx_sg = nx_walk_and_build(nx_ctx->in_sg, max_sg_len,  in nx_gca()
138 					  req->src, processed, &to_process);  in nx_gca()
145 		nx_ctx->op_aead.inlen = (nx_ctx->in_sg - nx_sg)  in nx_gca()
148 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op_aead,  in nx_gca()
149 				req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);  in nx_gca()
153 		memcpy(csbcpb_aead->cpb.aes_gca.in_pat,  in nx_gca()
154 				csbcpb_aead->cpb.aes_gca.out_pat,  in nx_gca()
158 		atomic_inc(&(nx_ctx->stats->aes_ops));  in nx_gca()
159 		atomic64_add(assoclen, &(nx_ctx->stats->aes_bytes));  in nx_gca()
164 	memcpy(out, csbcpb_aead->cpb.aes_gca.out_pat, AES_BLOCK_SIZE);  in nx_gca()
174 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;  in gmac()
181 	csbcpb->cpb.hdr.mode = NX_MODE_AES_GMAC;  in gmac()
187 			   nx_ctx->ap->sglen);  in gmac()
189 			   nx_ctx->ap->databytelen/NX_PAGE_SIZE);  in gmac()
192 	memcpy(csbcpb->cpb.aes_gcm.iv_or_cnt, iv, AES_BLOCK_SIZE);  in gmac()
199 		to_process = min_t(u64, nbytes - processed,  in gmac()
200 				   nx_ctx->ap->databytelen);  in gmac()
202 				   NX_PAGE_SIZE * (max_sg_len - 1));  in gmac()
204 		nx_sg = nx_walk_and_build(nx_ctx->in_sg, max_sg_len,  in gmac()
205 					  req->src, processed, &to_process);  in gmac()
212 		nx_ctx->op.inlen = (nx_ctx->in_sg - nx_sg)  in gmac()
215 		csbcpb->cpb.aes_gcm.bit_length_data = 0;  in gmac()
216 		csbcpb->cpb.aes_gcm.bit_length_aad = 8 * nbytes;  in gmac()
218 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,  in gmac()
219 				req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);  in gmac()
223 		memcpy(csbcpb->cpb.aes_gcm.in_pat_or_aad,  in gmac()
224 			csbcpb->cpb.aes_gcm.out_pat_or_mac, AES_BLOCK_SIZE);  in gmac()
225 		memcpy(csbcpb->cpb.aes_gcm.in_s0,  in gmac()
226 			csbcpb->cpb.aes_gcm.out_s0, AES_BLOCK_SIZE);  in gmac()
230 		atomic_inc(&(nx_ctx->stats->aes_ops));  in gmac()
231 		atomic64_add(assoclen, &(nx_ctx->stats->aes_bytes));  in gmac()
237 	/* Restore GCM mode */  in gmac()
238 	csbcpb->cpb.hdr.mode = NX_MODE_AES_GCM;  in gmac()
247 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;  in gcm_empty()
252 	/* For scenarios where the input message is zero length, AES CTR mode  in gcm_empty()
255 	 * value. - nx_wb 4.8.1.3 */  in gcm_empty()
258 	csbcpb->cpb.hdr.mode = NX_MODE_AES_ECB;  in gcm_empty()
259 	memcpy(csbcpb->cpb.aes_ecb.key, csbcpb->cpb.aes_gcm.key,  in gcm_empty()
260 			sizeof(csbcpb->cpb.aes_ecb.key));  in gcm_empty()
269 	in_sg = nx_build_sg_list(nx_ctx->in_sg, (u8 *) iv,  in gcm_empty()
270 				 &len, nx_ctx->ap->sglen);  in gcm_empty()
273 		return -EINVAL;  in gcm_empty()
276 	out_sg = nx_build_sg_list(nx_ctx->out_sg, (u8 *) out, &len,  in gcm_empty()
277 				  nx_ctx->ap->sglen);  in gcm_empty()
280 		return -EINVAL;  in gcm_empty()
282 	nx_ctx->op.inlen = (nx_ctx->in_sg - in_sg) * sizeof(struct nx_sg);  in gcm_empty()
283 	nx_ctx->op.outlen = (nx_ctx->out_sg - out_sg) * sizeof(struct nx_sg);  in gcm_empty()
285 	rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,  in gcm_empty()
286 			   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);  in gcm_empty()
289 	atomic_inc(&(nx_ctx->stats->aes_ops));  in gcm_empty()
292 	memcpy(csbcpb->cpb.aes_gcm.out_pat_or_mac, out,  in gcm_empty()
296 	csbcpb->cpb.hdr.mode = NX_MODE_AES_GCM;  in gcm_empty()
299 	 * ECB key uses the same region that GCM AAD and counter, so it's safe  in gcm_empty()
302 	memset(csbcpb->cpb.aes_ecb.key, 0, sizeof(csbcpb->cpb.aes_ecb.key));  in gcm_empty()
313 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;  in gcm_aes_nx_crypt()
314 	unsigned int nbytes = req->cryptlen;  in gcm_aes_nx_crypt()
317 	int rc = -EINVAL;  in gcm_aes_nx_crypt()
319 	spin_lock_irqsave(&nx_ctx->lock, irq_flags);  in gcm_aes_nx_crypt()
322 	*(u32 *)&rctx->iv[NX_GCM_CTR_OFFSET] = 1;  in gcm_aes_nx_crypt()
326 			rc = gcm_empty(req, rctx->iv, enc);  in gcm_aes_nx_crypt()
328 			rc = gmac(req, rctx->iv, assoclen);  in gcm_aes_nx_crypt()
336 	csbcpb->cpb.aes_gcm.bit_length_aad = assoclen * 8;  in gcm_aes_nx_crypt()
338 		rc = nx_gca(nx_ctx, req, csbcpb->cpb.aes_gcm.in_pat_or_aad,  in gcm_aes_nx_crypt()
350 		nbytes -= crypto_aead_authsize(crypto_aead_reqtfm(req));  in gcm_aes_nx_crypt()
354 		to_process = nbytes - processed;  in gcm_aes_nx_crypt()
356 		csbcpb->cpb.aes_gcm.bit_length_data = nbytes * 8;  in gcm_aes_nx_crypt()
357 		rc = nx_build_sg_lists(nx_ctx, rctx->iv, req->dst,  in gcm_aes_nx_crypt()
358 				       req->src, &to_process,  in gcm_aes_nx_crypt()
359 				       processed + req->assoclen,  in gcm_aes_nx_crypt()
360 				       csbcpb->cpb.aes_gcm.iv_or_cnt);  in gcm_aes_nx_crypt()
371 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,  in gcm_aes_nx_crypt()
372 				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);  in gcm_aes_nx_crypt()
376 		memcpy(rctx->iv, csbcpb->cpb.aes_gcm.out_cnt, AES_BLOCK_SIZE);  in gcm_aes_nx_crypt()
377 		memcpy(csbcpb->cpb.aes_gcm.in_pat_or_aad,  in gcm_aes_nx_crypt()
378 			csbcpb->cpb.aes_gcm.out_pat_or_mac, AES_BLOCK_SIZE);  in gcm_aes_nx_crypt()
379 		memcpy(csbcpb->cpb.aes_gcm.in_s0,  in gcm_aes_nx_crypt()
380 			csbcpb->cpb.aes_gcm.out_s0, AES_BLOCK_SIZE);  in gcm_aes_nx_crypt()
384 		atomic_inc(&(nx_ctx->stats->aes_ops));  in gcm_aes_nx_crypt()
385 		atomic64_add(be32_to_cpu(csbcpb->csb.processed_byte_count),  in gcm_aes_nx_crypt()
386 			     &(nx_ctx->stats->aes_bytes));  in gcm_aes_nx_crypt()
395 			csbcpb->cpb.aes_gcm.out_pat_or_mac,  in gcm_aes_nx_crypt()
396 			req->dst, req->assoclen + nbytes,  in gcm_aes_nx_crypt()
400 		u8 *itag = nx_ctx->priv.gcm.iauth_tag;  in gcm_aes_nx_crypt()
401 		u8 *otag = csbcpb->cpb.aes_gcm.out_pat_or_mac;  in gcm_aes_nx_crypt()
404 			itag, req->src, req->assoclen + nbytes,  in gcm_aes_nx_crypt()
409 		     -EBADMSG : 0;  in gcm_aes_nx_crypt()
412 	spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);  in gcm_aes_nx_crypt()
419 	char *iv = rctx->iv;  in gcm_aes_nx_encrypt()
421 	memcpy(iv, req->iv, GCM_AES_IV_SIZE);  in gcm_aes_nx_encrypt()
423 	return gcm_aes_nx_crypt(req, 1, req->assoclen);  in gcm_aes_nx_encrypt()
429 	char *iv = rctx->iv;  in gcm_aes_nx_decrypt()
431 	memcpy(iv, req->iv, GCM_AES_IV_SIZE);  in gcm_aes_nx_decrypt()
433 	return gcm_aes_nx_crypt(req, 0, req->assoclen);  in gcm_aes_nx_decrypt()
441 	char *iv = rctx->iv;  in gcm4106_aes_nx_encrypt()
442 	char *nonce = nx_ctx->priv.gcm.nonce;  in gcm4106_aes_nx_encrypt()
445 	memcpy(iv + NX_GCM4106_NONCE_LEN, req->iv, 8);  in gcm4106_aes_nx_encrypt()
447 	if (req->assoclen < 8)  in gcm4106_aes_nx_encrypt()
448 		return -EINVAL;  in gcm4106_aes_nx_encrypt()
450 	return gcm_aes_nx_crypt(req, 1, req->assoclen - 8);  in gcm4106_aes_nx_encrypt()
458 	char *iv = rctx->iv;  in gcm4106_aes_nx_decrypt()
459 	char *nonce = nx_ctx->priv.gcm.nonce;  in gcm4106_aes_nx_decrypt()
462 	memcpy(iv + NX_GCM4106_NONCE_LEN, req->iv, 8);  in gcm4106_aes_nx_decrypt()
464 	if (req->assoclen < 8)  in gcm4106_aes_nx_decrypt()
465 		return -EINVAL;  in gcm4106_aes_nx_decrypt()
467 	return gcm_aes_nx_crypt(req, 0, req->assoclen - 8);  in gcm4106_aes_nx_decrypt()
472 		.cra_name        = "gcm(aes)",
473 		.cra_driver_name = "gcm-aes-nx",
490 		.cra_name        = "rfc4106(gcm(aes))",
491 		.cra_driver_name = "rfc4106-gcm-aes-nx",