1 // SPDX-License-Identifier: GPL-2.0-only 2 // SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 /* 4 * Crypto driver to handle block cipher algorithms using NVIDIA Security Engine. 5 */ 6 7 #include <linux/bottom_half.h> 8 #include <linux/clk.h> 9 #include <linux/dma-mapping.h> 10 #include <linux/module.h> 11 #include <linux/of_device.h> 12 #include <linux/platform_device.h> 13 14 #include <crypto/aead.h> 15 #include <crypto/aes.h> 16 #include <crypto/engine.h> 17 #include <crypto/gcm.h> 18 #include <crypto/scatterwalk.h> 19 #include <crypto/xts.h> 20 #include <crypto/internal/aead.h> 21 #include <crypto/internal/hash.h> 22 #include <crypto/internal/skcipher.h> 23 24 #include "tegra-se.h" 25 26 struct tegra_aes_ctx { 27 struct tegra_se *se; 28 u32 alg; 29 u32 ivsize; 30 u32 key1_id; 31 u32 key2_id; 32 u32 keylen; 33 u8 key1[AES_MAX_KEY_SIZE]; 34 u8 key2[AES_MAX_KEY_SIZE]; 35 }; 36 37 struct tegra_aes_reqctx { 38 struct tegra_se_datbuf datbuf; 39 bool encrypt; 40 u32 config; 41 u32 crypto_config; 42 u32 len; 43 u32 *iv; 44 }; 45 46 struct tegra_aead_ctx { 47 struct tegra_se *se; 48 unsigned int authsize; 49 u32 alg; 50 u32 key_id; 51 u32 keylen; 52 u8 key[AES_MAX_KEY_SIZE]; 53 }; 54 55 struct tegra_aead_reqctx { 56 struct tegra_se_datbuf inbuf; 57 struct tegra_se_datbuf outbuf; 58 struct scatterlist *src_sg; 59 struct scatterlist *dst_sg; 60 unsigned int assoclen; 61 unsigned int cryptlen; 62 unsigned int authsize; 63 bool encrypt; 64 u32 crypto_config; 65 u32 config; 66 u32 key_id; 67 u32 iv[4]; 68 u8 authdata[16]; 69 }; 70 71 struct tegra_cmac_ctx { 72 struct tegra_se *se; 73 unsigned int alg; 74 u32 key_id; 75 u32 keylen; 76 u8 key[AES_MAX_KEY_SIZE]; 77 struct crypto_shash *fallback_tfm; 78 }; 79 80 struct tegra_cmac_reqctx { 81 struct scatterlist *src_sg; 82 struct tegra_se_datbuf datbuf; 83 struct tegra_se_datbuf residue; 84 unsigned int total_len; 85 unsigned int blk_size; 86 unsigned int task; 87 u32 crypto_config; 88 u32 config; 89 u32 key_id; 90 u32 *iv; 91 u32 result[CMAC_RESULT_REG_COUNT]; 92 }; 93 94 /* increment counter (128-bit int) */ 95 static void ctr_iv_inc(__u8 *counter, __u8 bits, __u32 nums) 96 { 97 do { 98 --bits; 99 nums += counter[bits]; 100 counter[bits] = nums & 0xff; 101 nums >>= 8; 102 } while (bits && nums); 103 } 104 105 static void tegra_cbc_iv_copyback(struct skcipher_request *req, struct tegra_aes_ctx *ctx) 106 { 107 struct tegra_aes_reqctx *rctx = skcipher_request_ctx(req); 108 unsigned int offset; 109 110 offset = req->cryptlen - ctx->ivsize; 111 112 if (rctx->encrypt) 113 memcpy(req->iv, rctx->datbuf.buf + offset, ctx->ivsize); 114 else 115 scatterwalk_map_and_copy(req->iv, req->src, offset, ctx->ivsize, 0); 116 } 117 118 static void tegra_aes_update_iv(struct skcipher_request *req, struct tegra_aes_ctx *ctx) 119 { 120 int num; 121 122 if (ctx->alg == SE_ALG_CBC) { 123 tegra_cbc_iv_copyback(req, ctx); 124 } else if (ctx->alg == SE_ALG_CTR) { 125 num = req->cryptlen / ctx->ivsize; 126 if (req->cryptlen % ctx->ivsize) 127 num++; 128 129 ctr_iv_inc(req->iv, ctx->ivsize, num); 130 } 131 } 132 133 static int tegra234_aes_crypto_cfg(u32 alg, bool encrypt) 134 { 135 switch (alg) { 136 case SE_ALG_CMAC: 137 case SE_ALG_GMAC: 138 case SE_ALG_GCM: 139 case SE_ALG_GCM_FINAL: 140 return 0; 141 case SE_ALG_CBC: 142 if (encrypt) 143 return SE_CRYPTO_CFG_CBC_ENCRYPT; 144 else 145 return SE_CRYPTO_CFG_CBC_DECRYPT; 146 case SE_ALG_ECB: 147 if (encrypt) 148 return SE_CRYPTO_CFG_ECB_ENCRYPT; 149 else 150 return SE_CRYPTO_CFG_ECB_DECRYPT; 151 case SE_ALG_XTS: 152 if (encrypt) 153 return SE_CRYPTO_CFG_XTS_ENCRYPT; 154 else 155 return SE_CRYPTO_CFG_XTS_DECRYPT; 156 157 case SE_ALG_CTR: 158 return SE_CRYPTO_CFG_CTR; 159 case SE_ALG_CBC_MAC: 160 return SE_CRYPTO_CFG_CBC_MAC; 161 162 default: 163 break; 164 } 165 166 return -EINVAL; 167 } 168 169 static int tegra234_aes_cfg(u32 alg, bool encrypt) 170 { 171 switch (alg) { 172 case SE_ALG_CBC: 173 case SE_ALG_ECB: 174 case SE_ALG_XTS: 175 case SE_ALG_CTR: 176 if (encrypt) 177 return SE_CFG_AES_ENCRYPT; 178 else 179 return SE_CFG_AES_DECRYPT; 180 181 case SE_ALG_GMAC: 182 if (encrypt) 183 return SE_CFG_GMAC_ENCRYPT; 184 else 185 return SE_CFG_GMAC_DECRYPT; 186 187 case SE_ALG_GCM: 188 if (encrypt) 189 return SE_CFG_GCM_ENCRYPT; 190 else 191 return SE_CFG_GCM_DECRYPT; 192 193 case SE_ALG_GCM_FINAL: 194 if (encrypt) 195 return SE_CFG_GCM_FINAL_ENCRYPT; 196 else 197 return SE_CFG_GCM_FINAL_DECRYPT; 198 199 case SE_ALG_CMAC: 200 return SE_CFG_CMAC; 201 202 case SE_ALG_CBC_MAC: 203 return SE_AES_ENC_ALG_AES_ENC | 204 SE_AES_DST_HASH_REG; 205 } 206 return -EINVAL; 207 } 208 209 static unsigned int tegra_aes_prep_cmd(struct tegra_aes_ctx *ctx, 210 struct tegra_aes_reqctx *rctx) 211 { 212 unsigned int data_count, res_bits, i = 0, j; 213 struct tegra_se *se = ctx->se; 214 u32 *cpuvaddr = se->cmdbuf->addr; 215 dma_addr_t addr = rctx->datbuf.addr; 216 217 data_count = rctx->len / AES_BLOCK_SIZE; 218 res_bits = (rctx->len % AES_BLOCK_SIZE) * 8; 219 220 /* 221 * Hardware processes data_count + 1 blocks. 222 * Reduce 1 block if there is no residue 223 */ 224 if (!res_bits) 225 data_count--; 226 227 if (rctx->iv) { 228 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 229 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 230 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 231 cpuvaddr[i++] = rctx->iv[j]; 232 } 233 234 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 235 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 236 SE_LAST_BLOCK_RES_BITS(res_bits); 237 238 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 239 cpuvaddr[i++] = rctx->config; 240 cpuvaddr[i++] = rctx->crypto_config; 241 242 /* Source address setting */ 243 cpuvaddr[i++] = lower_32_bits(addr); 244 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(addr)) | SE_ADDR_HI_SZ(rctx->len); 245 246 /* Destination address setting */ 247 cpuvaddr[i++] = lower_32_bits(addr); 248 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(addr)) | 249 SE_ADDR_HI_SZ(rctx->len); 250 251 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 252 cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_LASTBUF | 253 SE_AES_OP_START; 254 255 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 256 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 257 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 258 259 dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 260 261 return i; 262 } 263 264 static int tegra_aes_do_one_req(struct crypto_engine *engine, void *areq) 265 { 266 struct skcipher_request *req = container_of(areq, struct skcipher_request, base); 267 struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); 268 struct tegra_aes_reqctx *rctx = skcipher_request_ctx(req); 269 struct tegra_se *se = ctx->se; 270 unsigned int cmdlen, key1_id, key2_id; 271 int ret; 272 273 rctx->iv = (ctx->alg == SE_ALG_ECB) ? NULL : (u32 *)req->iv; 274 rctx->len = req->cryptlen; 275 key1_id = ctx->key1_id; 276 key2_id = ctx->key2_id; 277 278 /* Pad input to AES Block size */ 279 if (ctx->alg != SE_ALG_XTS) { 280 if (rctx->len % AES_BLOCK_SIZE) 281 rctx->len += AES_BLOCK_SIZE - (rctx->len % AES_BLOCK_SIZE); 282 } 283 284 rctx->datbuf.size = rctx->len; 285 rctx->datbuf.buf = dma_alloc_coherent(se->dev, rctx->datbuf.size, 286 &rctx->datbuf.addr, GFP_KERNEL); 287 if (!rctx->datbuf.buf) { 288 ret = -ENOMEM; 289 goto out_finalize; 290 } 291 292 scatterwalk_map_and_copy(rctx->datbuf.buf, req->src, 0, req->cryptlen, 0); 293 294 rctx->config = tegra234_aes_cfg(ctx->alg, rctx->encrypt); 295 rctx->crypto_config = tegra234_aes_crypto_cfg(ctx->alg, rctx->encrypt); 296 297 if (!key1_id) { 298 ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key1, 299 ctx->keylen, ctx->alg, &key1_id); 300 if (ret) 301 goto out; 302 } 303 304 rctx->crypto_config |= SE_AES_KEY_INDEX(key1_id); 305 306 if (ctx->alg == SE_ALG_XTS) { 307 if (!key2_id) { 308 ret = tegra_key_submit_reserved_xts(ctx->se, ctx->key2, 309 ctx->keylen, ctx->alg, &key2_id); 310 if (ret) 311 goto out; 312 } 313 314 rctx->crypto_config |= SE_AES_KEY2_INDEX(key2_id); 315 } 316 317 /* Prepare the command and submit for execution */ 318 cmdlen = tegra_aes_prep_cmd(ctx, rctx); 319 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 320 321 /* Copy the result */ 322 tegra_aes_update_iv(req, ctx); 323 scatterwalk_map_and_copy(rctx->datbuf.buf, req->dst, 0, req->cryptlen, 1); 324 325 out: 326 /* Free the buffer */ 327 dma_free_coherent(ctx->se->dev, rctx->datbuf.size, 328 rctx->datbuf.buf, rctx->datbuf.addr); 329 330 if (tegra_key_is_reserved(key1_id)) 331 tegra_key_invalidate_reserved(ctx->se, key1_id, ctx->alg); 332 333 if (tegra_key_is_reserved(key2_id)) 334 tegra_key_invalidate_reserved(ctx->se, key2_id, ctx->alg); 335 336 out_finalize: 337 local_bh_disable(); 338 crypto_finalize_skcipher_request(se->engine, req, ret); 339 local_bh_enable(); 340 341 return 0; 342 } 343 344 static int tegra_aes_cra_init(struct crypto_skcipher *tfm) 345 { 346 struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 347 struct skcipher_alg *alg = crypto_skcipher_alg(tfm); 348 struct tegra_se_alg *se_alg; 349 const char *algname; 350 int ret; 351 352 se_alg = container_of(alg, struct tegra_se_alg, alg.skcipher.base); 353 354 crypto_skcipher_set_reqsize(tfm, sizeof(struct tegra_aes_reqctx)); 355 356 ctx->ivsize = crypto_skcipher_ivsize(tfm); 357 ctx->se = se_alg->se_dev; 358 ctx->key1_id = 0; 359 ctx->key2_id = 0; 360 ctx->keylen = 0; 361 362 algname = crypto_tfm_alg_name(&tfm->base); 363 ret = se_algname_to_algid(algname); 364 if (ret < 0) { 365 dev_err(ctx->se->dev, "invalid algorithm\n"); 366 return ret; 367 } 368 369 ctx->alg = ret; 370 371 return 0; 372 } 373 374 static void tegra_aes_cra_exit(struct crypto_skcipher *tfm) 375 { 376 struct tegra_aes_ctx *ctx = crypto_tfm_ctx(&tfm->base); 377 378 if (ctx->key1_id) 379 tegra_key_invalidate(ctx->se, ctx->key1_id, ctx->alg); 380 381 if (ctx->key2_id) 382 tegra_key_invalidate(ctx->se, ctx->key2_id, ctx->alg); 383 } 384 385 static int tegra_aes_setkey(struct crypto_skcipher *tfm, 386 const u8 *key, u32 keylen) 387 { 388 struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 389 int ret; 390 391 if (aes_check_keylen(keylen)) { 392 dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 393 return -EINVAL; 394 } 395 396 ret = tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key1_id); 397 if (ret) { 398 ctx->keylen = keylen; 399 memcpy(ctx->key1, key, keylen); 400 } 401 402 return 0; 403 } 404 405 static int tegra_xts_setkey(struct crypto_skcipher *tfm, 406 const u8 *key, u32 keylen) 407 { 408 struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 409 u32 len = keylen / 2; 410 int ret; 411 412 ret = xts_verify_key(tfm, key, keylen); 413 if (ret || aes_check_keylen(len)) { 414 dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 415 return -EINVAL; 416 } 417 418 ret = tegra_key_submit(ctx->se, key, len, 419 ctx->alg, &ctx->key1_id); 420 if (ret) { 421 ctx->keylen = len; 422 memcpy(ctx->key1, key, len); 423 } 424 425 ret = tegra_key_submit(ctx->se, key + len, len, 426 ctx->alg, &ctx->key2_id); 427 if (ret) { 428 ctx->keylen = len; 429 memcpy(ctx->key2, key + len, len); 430 } 431 432 return 0; 433 } 434 435 static int tegra_aes_kac_manifest(u32 user, u32 alg, u32 keylen) 436 { 437 int manifest; 438 439 manifest = SE_KAC_USER_NS; 440 441 switch (alg) { 442 case SE_ALG_CBC: 443 case SE_ALG_ECB: 444 case SE_ALG_CTR: 445 manifest |= SE_KAC_ENC; 446 break; 447 case SE_ALG_XTS: 448 manifest |= SE_KAC_XTS; 449 break; 450 case SE_ALG_GCM: 451 manifest |= SE_KAC_GCM; 452 break; 453 case SE_ALG_CMAC: 454 manifest |= SE_KAC_CMAC; 455 break; 456 case SE_ALG_CBC_MAC: 457 manifest |= SE_KAC_ENC; 458 break; 459 default: 460 return -EINVAL; 461 } 462 463 switch (keylen) { 464 case AES_KEYSIZE_128: 465 manifest |= SE_KAC_SIZE_128; 466 break; 467 case AES_KEYSIZE_192: 468 manifest |= SE_KAC_SIZE_192; 469 break; 470 case AES_KEYSIZE_256: 471 manifest |= SE_KAC_SIZE_256; 472 break; 473 default: 474 return -EINVAL; 475 } 476 477 return manifest; 478 } 479 480 static int tegra_aes_crypt(struct skcipher_request *req, bool encrypt) 481 482 { 483 struct crypto_skcipher *tfm; 484 struct tegra_aes_ctx *ctx; 485 struct tegra_aes_reqctx *rctx; 486 487 tfm = crypto_skcipher_reqtfm(req); 488 ctx = crypto_skcipher_ctx(tfm); 489 rctx = skcipher_request_ctx(req); 490 491 if (ctx->alg != SE_ALG_XTS) { 492 if (!IS_ALIGNED(req->cryptlen, crypto_skcipher_blocksize(tfm))) { 493 dev_dbg(ctx->se->dev, "invalid length (%d)", req->cryptlen); 494 return -EINVAL; 495 } 496 } else if (req->cryptlen < XTS_BLOCK_SIZE) { 497 dev_dbg(ctx->se->dev, "invalid length (%d)", req->cryptlen); 498 return -EINVAL; 499 } 500 501 if (!req->cryptlen) 502 return 0; 503 504 rctx->encrypt = encrypt; 505 506 return crypto_transfer_skcipher_request_to_engine(ctx->se->engine, req); 507 } 508 509 static int tegra_aes_encrypt(struct skcipher_request *req) 510 { 511 return tegra_aes_crypt(req, true); 512 } 513 514 static int tegra_aes_decrypt(struct skcipher_request *req) 515 { 516 return tegra_aes_crypt(req, false); 517 } 518 519 static struct tegra_se_alg tegra_aes_algs[] = { 520 { 521 .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 522 .alg.skcipher.base = { 523 .init = tegra_aes_cra_init, 524 .exit = tegra_aes_cra_exit, 525 .setkey = tegra_aes_setkey, 526 .encrypt = tegra_aes_encrypt, 527 .decrypt = tegra_aes_decrypt, 528 .min_keysize = AES_MIN_KEY_SIZE, 529 .max_keysize = AES_MAX_KEY_SIZE, 530 .ivsize = AES_BLOCK_SIZE, 531 .base = { 532 .cra_name = "cbc(aes)", 533 .cra_driver_name = "cbc-aes-tegra", 534 .cra_priority = 500, 535 .cra_flags = CRYPTO_ALG_ASYNC, 536 .cra_blocksize = AES_BLOCK_SIZE, 537 .cra_ctxsize = sizeof(struct tegra_aes_ctx), 538 .cra_alignmask = 0xf, 539 .cra_module = THIS_MODULE, 540 }, 541 } 542 }, { 543 .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 544 .alg.skcipher.base = { 545 .init = tegra_aes_cra_init, 546 .exit = tegra_aes_cra_exit, 547 .setkey = tegra_aes_setkey, 548 .encrypt = tegra_aes_encrypt, 549 .decrypt = tegra_aes_decrypt, 550 .min_keysize = AES_MIN_KEY_SIZE, 551 .max_keysize = AES_MAX_KEY_SIZE, 552 .base = { 553 .cra_name = "ecb(aes)", 554 .cra_driver_name = "ecb-aes-tegra", 555 .cra_priority = 500, 556 .cra_flags = CRYPTO_ALG_ASYNC, 557 .cra_blocksize = AES_BLOCK_SIZE, 558 .cra_ctxsize = sizeof(struct tegra_aes_ctx), 559 .cra_alignmask = 0xf, 560 .cra_module = THIS_MODULE, 561 }, 562 } 563 }, { 564 .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 565 .alg.skcipher.base = { 566 .init = tegra_aes_cra_init, 567 .exit = tegra_aes_cra_exit, 568 .setkey = tegra_aes_setkey, 569 .encrypt = tegra_aes_encrypt, 570 .decrypt = tegra_aes_decrypt, 571 .min_keysize = AES_MIN_KEY_SIZE, 572 .max_keysize = AES_MAX_KEY_SIZE, 573 .ivsize = AES_BLOCK_SIZE, 574 .base = { 575 .cra_name = "ctr(aes)", 576 .cra_driver_name = "ctr-aes-tegra", 577 .cra_priority = 500, 578 .cra_flags = CRYPTO_ALG_ASYNC, 579 .cra_blocksize = 1, 580 .cra_ctxsize = sizeof(struct tegra_aes_ctx), 581 .cra_alignmask = 0xf, 582 .cra_module = THIS_MODULE, 583 }, 584 } 585 }, { 586 .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 587 .alg.skcipher.base = { 588 .init = tegra_aes_cra_init, 589 .exit = tegra_aes_cra_exit, 590 .setkey = tegra_xts_setkey, 591 .encrypt = tegra_aes_encrypt, 592 .decrypt = tegra_aes_decrypt, 593 .min_keysize = 2 * AES_MIN_KEY_SIZE, 594 .max_keysize = 2 * AES_MAX_KEY_SIZE, 595 .ivsize = AES_BLOCK_SIZE, 596 .base = { 597 .cra_name = "xts(aes)", 598 .cra_driver_name = "xts-aes-tegra", 599 .cra_priority = 500, 600 .cra_flags = CRYPTO_ALG_ASYNC, 601 .cra_blocksize = AES_BLOCK_SIZE, 602 .cra_ctxsize = sizeof(struct tegra_aes_ctx), 603 .cra_alignmask = (__alignof__(u64) - 1), 604 .cra_module = THIS_MODULE, 605 }, 606 } 607 }, 608 }; 609 610 static unsigned int tegra_gmac_prep_cmd(struct tegra_aead_ctx *ctx, 611 struct tegra_aead_reqctx *rctx) 612 { 613 unsigned int data_count, res_bits, i = 0; 614 struct tegra_se *se = ctx->se; 615 u32 *cpuvaddr = se->cmdbuf->addr; 616 617 data_count = (rctx->assoclen / AES_BLOCK_SIZE); 618 res_bits = (rctx->assoclen % AES_BLOCK_SIZE) * 8; 619 620 /* 621 * Hardware processes data_count + 1 blocks. 622 * Reduce 1 block if there is no residue 623 */ 624 if (!res_bits) 625 data_count--; 626 627 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 628 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 629 SE_LAST_BLOCK_RES_BITS(res_bits); 630 631 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 4); 632 cpuvaddr[i++] = rctx->config; 633 cpuvaddr[i++] = rctx->crypto_config; 634 cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 635 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 636 SE_ADDR_HI_SZ(rctx->assoclen); 637 638 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 639 cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 640 SE_AES_OP_INIT | SE_AES_OP_LASTBUF | 641 SE_AES_OP_START; 642 643 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 644 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 645 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 646 647 return i; 648 } 649 650 static unsigned int tegra_gcm_crypt_prep_cmd(struct tegra_aead_ctx *ctx, 651 struct tegra_aead_reqctx *rctx) 652 { 653 unsigned int data_count, res_bits, i = 0, j; 654 struct tegra_se *se = ctx->se; 655 u32 *cpuvaddr = se->cmdbuf->addr, op; 656 657 data_count = (rctx->cryptlen / AES_BLOCK_SIZE); 658 res_bits = (rctx->cryptlen % AES_BLOCK_SIZE) * 8; 659 op = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 660 SE_AES_OP_LASTBUF | SE_AES_OP_START; 661 662 /* 663 * If there is no assoc data, 664 * this will be the init command 665 */ 666 if (!rctx->assoclen) 667 op |= SE_AES_OP_INIT; 668 669 /* 670 * Hardware processes data_count + 1 blocks. 671 * Reduce 1 block if there is no residue 672 */ 673 if (!res_bits) 674 data_count--; 675 676 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 677 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 678 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 679 cpuvaddr[i++] = rctx->iv[j]; 680 681 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 682 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 683 SE_LAST_BLOCK_RES_BITS(res_bits); 684 685 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 686 cpuvaddr[i++] = rctx->config; 687 cpuvaddr[i++] = rctx->crypto_config; 688 689 /* Source Address */ 690 cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 691 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 692 SE_ADDR_HI_SZ(rctx->cryptlen); 693 694 /* Destination Address */ 695 cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 696 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 697 SE_ADDR_HI_SZ(rctx->cryptlen); 698 699 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 700 cpuvaddr[i++] = op; 701 702 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 703 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 704 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 705 706 dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 707 return i; 708 } 709 710 static int tegra_gcm_prep_final_cmd(struct tegra_se *se, u32 *cpuvaddr, 711 struct tegra_aead_reqctx *rctx) 712 { 713 unsigned int i = 0, j; 714 u32 op; 715 716 op = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 717 SE_AES_OP_LASTBUF | SE_AES_OP_START; 718 719 /* 720 * Set init for zero sized vector 721 */ 722 if (!rctx->assoclen && !rctx->cryptlen) 723 op |= SE_AES_OP_INIT; 724 725 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->aad_len, 2); 726 cpuvaddr[i++] = rctx->assoclen * 8; 727 cpuvaddr[i++] = 0; 728 729 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->cryp_msg_len, 2); 730 cpuvaddr[i++] = rctx->cryptlen * 8; 731 cpuvaddr[i++] = 0; 732 733 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 734 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 735 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 736 cpuvaddr[i++] = rctx->iv[j]; 737 738 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 739 cpuvaddr[i++] = rctx->config; 740 cpuvaddr[i++] = rctx->crypto_config; 741 cpuvaddr[i++] = 0; 742 cpuvaddr[i++] = 0; 743 744 /* Destination Address */ 745 cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 746 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 747 SE_ADDR_HI_SZ(0x10); /* HW always generates 128-bit tag */ 748 749 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 750 cpuvaddr[i++] = op; 751 752 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 753 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 754 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 755 756 dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 757 758 return i; 759 } 760 761 static int tegra_gcm_do_gmac(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 762 { 763 struct tegra_se *se = ctx->se; 764 unsigned int cmdlen; 765 766 scatterwalk_map_and_copy(rctx->inbuf.buf, 767 rctx->src_sg, 0, rctx->assoclen, 0); 768 769 rctx->config = tegra234_aes_cfg(SE_ALG_GMAC, rctx->encrypt); 770 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GMAC, rctx->encrypt) | 771 SE_AES_KEY_INDEX(rctx->key_id); 772 773 cmdlen = tegra_gmac_prep_cmd(ctx, rctx); 774 775 return tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 776 } 777 778 static int tegra_gcm_do_crypt(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 779 { 780 struct tegra_se *se = ctx->se; 781 int cmdlen, ret; 782 783 scatterwalk_map_and_copy(rctx->inbuf.buf, rctx->src_sg, 784 rctx->assoclen, rctx->cryptlen, 0); 785 786 rctx->config = tegra234_aes_cfg(SE_ALG_GCM, rctx->encrypt); 787 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GCM, rctx->encrypt) | 788 SE_AES_KEY_INDEX(rctx->key_id); 789 790 /* Prepare command and submit */ 791 cmdlen = tegra_gcm_crypt_prep_cmd(ctx, rctx); 792 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 793 if (ret) 794 return ret; 795 796 /* Copy the result */ 797 scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 798 rctx->assoclen, rctx->cryptlen, 1); 799 800 return 0; 801 } 802 803 static int tegra_gcm_do_final(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 804 { 805 struct tegra_se *se = ctx->se; 806 u32 *cpuvaddr = se->cmdbuf->addr; 807 int cmdlen, ret, offset; 808 809 rctx->config = tegra234_aes_cfg(SE_ALG_GCM_FINAL, rctx->encrypt); 810 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GCM_FINAL, rctx->encrypt) | 811 SE_AES_KEY_INDEX(rctx->key_id); 812 813 /* Prepare command and submit */ 814 cmdlen = tegra_gcm_prep_final_cmd(se, cpuvaddr, rctx); 815 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 816 if (ret) 817 return ret; 818 819 if (rctx->encrypt) { 820 /* Copy the result */ 821 offset = rctx->assoclen + rctx->cryptlen; 822 scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 823 offset, rctx->authsize, 1); 824 } 825 826 return 0; 827 } 828 829 static int tegra_gcm_do_verify(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 830 { 831 unsigned int offset; 832 u8 mac[16]; 833 834 offset = rctx->assoclen + rctx->cryptlen; 835 scatterwalk_map_and_copy(mac, rctx->src_sg, offset, rctx->authsize, 0); 836 837 if (crypto_memneq(rctx->outbuf.buf, mac, rctx->authsize)) 838 return -EBADMSG; 839 840 return 0; 841 } 842 843 static inline int tegra_ccm_check_iv(const u8 *iv) 844 { 845 /* iv[0] gives value of q-1 846 * 2 <= q <= 8 as per NIST 800-38C notation 847 * 2 <= L <= 8, so 1 <= L' <= 7. as per rfc 3610 notation 848 */ 849 if (iv[0] < 1 || iv[0] > 7) { 850 pr_debug("ccm_check_iv failed %d\n", iv[0]); 851 return -EINVAL; 852 } 853 854 return 0; 855 } 856 857 static unsigned int tegra_cbcmac_prep_cmd(struct tegra_aead_ctx *ctx, 858 struct tegra_aead_reqctx *rctx) 859 { 860 unsigned int data_count, i = 0; 861 struct tegra_se *se = ctx->se; 862 u32 *cpuvaddr = se->cmdbuf->addr; 863 864 data_count = (rctx->inbuf.size / AES_BLOCK_SIZE) - 1; 865 866 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 867 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count); 868 869 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 870 cpuvaddr[i++] = rctx->config; 871 cpuvaddr[i++] = rctx->crypto_config; 872 873 cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 874 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 875 SE_ADDR_HI_SZ(rctx->inbuf.size); 876 877 cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 878 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 879 SE_ADDR_HI_SZ(0x10); /* HW always generates 128 bit tag */ 880 881 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 882 cpuvaddr[i++] = SE_AES_OP_WRSTALL | 883 SE_AES_OP_LASTBUF | SE_AES_OP_START; 884 885 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 886 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 887 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 888 889 return i; 890 } 891 892 static unsigned int tegra_ctr_prep_cmd(struct tegra_aead_ctx *ctx, 893 struct tegra_aead_reqctx *rctx) 894 { 895 unsigned int i = 0, j; 896 struct tegra_se *se = ctx->se; 897 u32 *cpuvaddr = se->cmdbuf->addr; 898 899 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 900 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 901 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 902 cpuvaddr[i++] = rctx->iv[j]; 903 904 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 905 cpuvaddr[i++] = (rctx->inbuf.size / AES_BLOCK_SIZE) - 1; 906 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 907 cpuvaddr[i++] = rctx->config; 908 cpuvaddr[i++] = rctx->crypto_config; 909 910 /* Source address setting */ 911 cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 912 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 913 SE_ADDR_HI_SZ(rctx->inbuf.size); 914 915 /* Destination address setting */ 916 cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 917 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 918 SE_ADDR_HI_SZ(rctx->inbuf.size); 919 920 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 921 cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_LASTBUF | 922 SE_AES_OP_START; 923 924 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 925 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 926 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 927 928 dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", 929 rctx->config, rctx->crypto_config); 930 931 return i; 932 } 933 934 static int tegra_ccm_do_cbcmac(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 935 { 936 struct tegra_se *se = ctx->se; 937 int cmdlen; 938 939 rctx->config = tegra234_aes_cfg(SE_ALG_CBC_MAC, rctx->encrypt); 940 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_CBC_MAC, 941 rctx->encrypt) | 942 SE_AES_KEY_INDEX(rctx->key_id); 943 944 /* Prepare command and submit */ 945 cmdlen = tegra_cbcmac_prep_cmd(ctx, rctx); 946 947 return tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 948 } 949 950 static int tegra_ccm_set_msg_len(u8 *block, unsigned int msglen, int csize) 951 { 952 __be32 data; 953 954 memset(block, 0, csize); 955 block += csize; 956 957 if (csize >= 4) 958 csize = 4; 959 else if (msglen > (1 << (8 * csize))) 960 return -EOVERFLOW; 961 962 data = cpu_to_be32(msglen); 963 memcpy(block - csize, (u8 *)&data + 4 - csize, csize); 964 965 return 0; 966 } 967 968 static int tegra_ccm_format_nonce(struct tegra_aead_reqctx *rctx, u8 *nonce) 969 { 970 unsigned int q, t; 971 u8 *q_ptr, *iv = (u8 *)rctx->iv; 972 973 memcpy(nonce, rctx->iv, 16); 974 975 /*** 1. Prepare Flags Octet ***/ 976 977 /* Encode t (mac length) */ 978 t = rctx->authsize; 979 nonce[0] |= (((t - 2) / 2) << 3); 980 981 /* Adata */ 982 if (rctx->assoclen) 983 nonce[0] |= (1 << 6); 984 985 /*** Encode Q - message length ***/ 986 q = iv[0] + 1; 987 q_ptr = nonce + 16 - q; 988 989 return tegra_ccm_set_msg_len(q_ptr, rctx->cryptlen, q); 990 } 991 992 static int tegra_ccm_format_adata(u8 *adata, unsigned int a) 993 { 994 int len = 0; 995 996 /* add control info for associated data 997 * RFC 3610 and NIST Special Publication 800-38C 998 */ 999 if (a < 65280) { 1000 *(__be16 *)adata = cpu_to_be16(a); 1001 len = 2; 1002 } else { 1003 *(__be16 *)adata = cpu_to_be16(0xfffe); 1004 *(__be32 *)&adata[2] = cpu_to_be32(a); 1005 len = 6; 1006 } 1007 1008 return len; 1009 } 1010 1011 static int tegra_ccm_add_padding(u8 *buf, unsigned int len) 1012 { 1013 unsigned int padlen = 16 - (len % 16); 1014 u8 padding[16] = {0}; 1015 1016 if (padlen == 16) 1017 return 0; 1018 1019 memcpy(buf, padding, padlen); 1020 1021 return padlen; 1022 } 1023 1024 static int tegra_ccm_format_blocks(struct tegra_aead_reqctx *rctx) 1025 { 1026 unsigned int alen = 0, offset = 0; 1027 u8 nonce[16], adata[16]; 1028 int ret; 1029 1030 ret = tegra_ccm_format_nonce(rctx, nonce); 1031 if (ret) 1032 return ret; 1033 1034 memcpy(rctx->inbuf.buf, nonce, 16); 1035 offset = 16; 1036 1037 if (rctx->assoclen) { 1038 alen = tegra_ccm_format_adata(adata, rctx->assoclen); 1039 memcpy(rctx->inbuf.buf + offset, adata, alen); 1040 offset += alen; 1041 1042 scatterwalk_map_and_copy(rctx->inbuf.buf + offset, 1043 rctx->src_sg, 0, rctx->assoclen, 0); 1044 1045 offset += rctx->assoclen; 1046 offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, 1047 rctx->assoclen + alen); 1048 } 1049 1050 return offset; 1051 } 1052 1053 static int tegra_ccm_mac_result(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 1054 { 1055 u32 result[16]; 1056 int i, ret; 1057 1058 /* Read and clear Result */ 1059 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1060 result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1061 1062 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1063 writel(0, se->base + se->hw->regs->result + (i * 4)); 1064 1065 if (rctx->encrypt) { 1066 memcpy(rctx->authdata, result, rctx->authsize); 1067 } else { 1068 ret = crypto_memneq(rctx->authdata, result, rctx->authsize); 1069 if (ret) 1070 return -EBADMSG; 1071 } 1072 1073 return 0; 1074 } 1075 1076 static int tegra_ccm_ctr_result(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 1077 { 1078 /* Copy result */ 1079 scatterwalk_map_and_copy(rctx->outbuf.buf + 16, rctx->dst_sg, 1080 rctx->assoclen, rctx->cryptlen, 1); 1081 1082 if (rctx->encrypt) 1083 scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 1084 rctx->assoclen + rctx->cryptlen, 1085 rctx->authsize, 1); 1086 else 1087 memcpy(rctx->authdata, rctx->outbuf.buf, rctx->authsize); 1088 1089 return 0; 1090 } 1091 1092 static int tegra_ccm_compute_auth(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 1093 { 1094 struct tegra_se *se = ctx->se; 1095 struct scatterlist *sg; 1096 int offset, ret; 1097 1098 offset = tegra_ccm_format_blocks(rctx); 1099 if (offset < 0) 1100 return -EINVAL; 1101 1102 /* Copy plain text to the buffer */ 1103 sg = rctx->encrypt ? rctx->src_sg : rctx->dst_sg; 1104 1105 scatterwalk_map_and_copy(rctx->inbuf.buf + offset, 1106 sg, rctx->assoclen, 1107 rctx->cryptlen, 0); 1108 offset += rctx->cryptlen; 1109 offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->cryptlen); 1110 1111 rctx->inbuf.size = offset; 1112 1113 ret = tegra_ccm_do_cbcmac(ctx, rctx); 1114 if (ret) 1115 return ret; 1116 1117 return tegra_ccm_mac_result(se, rctx); 1118 } 1119 1120 static int tegra_ccm_do_ctr(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 1121 { 1122 struct tegra_se *se = ctx->se; 1123 unsigned int cmdlen, offset = 0; 1124 struct scatterlist *sg = rctx->src_sg; 1125 int ret; 1126 1127 rctx->config = tegra234_aes_cfg(SE_ALG_CTR, rctx->encrypt); 1128 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_CTR, rctx->encrypt) | 1129 SE_AES_KEY_INDEX(rctx->key_id); 1130 1131 /* Copy authdata in the top of buffer for encryption/decryption */ 1132 if (rctx->encrypt) 1133 memcpy(rctx->inbuf.buf, rctx->authdata, rctx->authsize); 1134 else 1135 scatterwalk_map_and_copy(rctx->inbuf.buf, sg, 1136 rctx->assoclen + rctx->cryptlen, 1137 rctx->authsize, 0); 1138 1139 offset += rctx->authsize; 1140 offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->authsize); 1141 1142 /* If there is no cryptlen, proceed to submit the task */ 1143 if (rctx->cryptlen) { 1144 scatterwalk_map_and_copy(rctx->inbuf.buf + offset, sg, 1145 rctx->assoclen, rctx->cryptlen, 0); 1146 offset += rctx->cryptlen; 1147 offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->cryptlen); 1148 } 1149 1150 rctx->inbuf.size = offset; 1151 1152 /* Prepare command and submit */ 1153 cmdlen = tegra_ctr_prep_cmd(ctx, rctx); 1154 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 1155 if (ret) 1156 return ret; 1157 1158 return tegra_ccm_ctr_result(se, rctx); 1159 } 1160 1161 static int tegra_ccm_crypt_init(struct aead_request *req, struct tegra_se *se, 1162 struct tegra_aead_reqctx *rctx) 1163 { 1164 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1165 u8 *iv = (u8 *)rctx->iv; 1166 int ret, i; 1167 1168 rctx->src_sg = req->src; 1169 rctx->dst_sg = req->dst; 1170 rctx->assoclen = req->assoclen; 1171 rctx->authsize = crypto_aead_authsize(tfm); 1172 1173 if (rctx->encrypt) 1174 rctx->cryptlen = req->cryptlen; 1175 else 1176 rctx->cryptlen = req->cryptlen - rctx->authsize; 1177 1178 memcpy(iv, req->iv, 16); 1179 1180 ret = tegra_ccm_check_iv(iv); 1181 if (ret) 1182 return ret; 1183 1184 /* Note: rfc 3610 and NIST 800-38C require counter (ctr_0) of 1185 * zero to encrypt auth tag. 1186 * req->iv has the formatted ctr_0 (i.e. Flags || N || 0). 1187 */ 1188 memset(iv + 15 - iv[0], 0, iv[0] + 1); 1189 1190 /* Clear any previous result */ 1191 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1192 writel(0, se->base + se->hw->regs->result + (i * 4)); 1193 1194 return 0; 1195 } 1196 1197 static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq) 1198 { 1199 struct aead_request *req = container_of(areq, struct aead_request, base); 1200 struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1201 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1202 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1203 struct tegra_se *se = ctx->se; 1204 unsigned int bufsize; 1205 int ret; 1206 1207 ret = tegra_ccm_crypt_init(req, se, rctx); 1208 if (ret) 1209 goto out_finalize; 1210 1211 rctx->key_id = ctx->key_id; 1212 1213 /* Allocate buffers required */ 1214 bufsize = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100; 1215 rctx->inbuf.size = bufsize; 1216 rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, 1217 &rctx->inbuf.addr, GFP_KERNEL); 1218 ret = -ENOMEM; 1219 if (!rctx->inbuf.buf) 1220 goto out_finalize; 1221 1222 rctx->outbuf.size = bufsize; 1223 rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, 1224 &rctx->outbuf.addr, GFP_KERNEL); 1225 if (!rctx->outbuf.buf) 1226 goto out_free_inbuf; 1227 1228 if (!ctx->key_id) { 1229 ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key, 1230 ctx->keylen, ctx->alg, &rctx->key_id); 1231 if (ret) 1232 goto out; 1233 } 1234 1235 if (rctx->encrypt) { 1236 /* CBC MAC Operation */ 1237 ret = tegra_ccm_compute_auth(ctx, rctx); 1238 if (ret) 1239 goto out; 1240 1241 /* CTR operation */ 1242 ret = tegra_ccm_do_ctr(ctx, rctx); 1243 if (ret) 1244 goto out; 1245 } else { 1246 /* CTR operation */ 1247 ret = tegra_ccm_do_ctr(ctx, rctx); 1248 if (ret) 1249 goto out; 1250 1251 /* CBC MAC Operation */ 1252 ret = tegra_ccm_compute_auth(ctx, rctx); 1253 if (ret) 1254 goto out; 1255 } 1256 1257 out: 1258 dma_free_coherent(ctx->se->dev, bufsize, 1259 rctx->outbuf.buf, rctx->outbuf.addr); 1260 1261 out_free_inbuf: 1262 dma_free_coherent(ctx->se->dev, bufsize, 1263 rctx->inbuf.buf, rctx->inbuf.addr); 1264 1265 if (tegra_key_is_reserved(rctx->key_id)) 1266 tegra_key_invalidate_reserved(ctx->se, rctx->key_id, ctx->alg); 1267 1268 out_finalize: 1269 local_bh_disable(); 1270 crypto_finalize_aead_request(ctx->se->engine, req, ret); 1271 local_bh_enable(); 1272 1273 return 0; 1274 } 1275 1276 static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq) 1277 { 1278 struct aead_request *req = container_of(areq, struct aead_request, base); 1279 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1280 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1281 struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1282 unsigned int bufsize; 1283 int ret; 1284 1285 rctx->src_sg = req->src; 1286 rctx->dst_sg = req->dst; 1287 rctx->assoclen = req->assoclen; 1288 rctx->authsize = crypto_aead_authsize(tfm); 1289 1290 if (rctx->encrypt) 1291 rctx->cryptlen = req->cryptlen; 1292 else 1293 rctx->cryptlen = req->cryptlen - ctx->authsize; 1294 1295 memcpy(rctx->iv, req->iv, GCM_AES_IV_SIZE); 1296 rctx->iv[3] = (1 << 24); 1297 1298 rctx->key_id = ctx->key_id; 1299 1300 /* Allocate buffers required */ 1301 bufsize = rctx->assoclen + rctx->authsize + rctx->cryptlen; 1302 rctx->inbuf.size = bufsize; 1303 rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, 1304 &rctx->inbuf.addr, GFP_KERNEL); 1305 if (!rctx->inbuf.buf) { 1306 ret = -ENOMEM; 1307 goto out_finalize; 1308 } 1309 1310 rctx->outbuf.size = bufsize; 1311 rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, 1312 &rctx->outbuf.addr, GFP_KERNEL); 1313 if (!rctx->outbuf.buf) { 1314 ret = -ENOMEM; 1315 goto out_free_inbuf; 1316 } 1317 1318 if (!ctx->key_id) { 1319 ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key, 1320 ctx->keylen, ctx->alg, &rctx->key_id); 1321 if (ret) 1322 goto out; 1323 } 1324 1325 /* If there is associated data perform GMAC operation */ 1326 if (rctx->assoclen) { 1327 ret = tegra_gcm_do_gmac(ctx, rctx); 1328 if (ret) 1329 goto out; 1330 } 1331 1332 /* GCM Encryption/Decryption operation */ 1333 if (rctx->cryptlen) { 1334 ret = tegra_gcm_do_crypt(ctx, rctx); 1335 if (ret) 1336 goto out; 1337 } 1338 1339 /* GCM_FINAL operation */ 1340 ret = tegra_gcm_do_final(ctx, rctx); 1341 if (ret) 1342 goto out; 1343 1344 if (!rctx->encrypt) 1345 ret = tegra_gcm_do_verify(ctx->se, rctx); 1346 1347 out: 1348 dma_free_coherent(ctx->se->dev, bufsize, 1349 rctx->outbuf.buf, rctx->outbuf.addr); 1350 1351 out_free_inbuf: 1352 dma_free_coherent(ctx->se->dev, bufsize, 1353 rctx->inbuf.buf, rctx->inbuf.addr); 1354 1355 if (tegra_key_is_reserved(rctx->key_id)) 1356 tegra_key_invalidate_reserved(ctx->se, rctx->key_id, ctx->alg); 1357 1358 out_finalize: 1359 local_bh_disable(); 1360 crypto_finalize_aead_request(ctx->se->engine, req, ret); 1361 local_bh_enable(); 1362 1363 return 0; 1364 } 1365 1366 static int tegra_aead_cra_init(struct crypto_aead *tfm) 1367 { 1368 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1369 struct aead_alg *alg = crypto_aead_alg(tfm); 1370 struct tegra_se_alg *se_alg; 1371 const char *algname; 1372 int ret; 1373 1374 algname = crypto_tfm_alg_name(&tfm->base); 1375 1376 se_alg = container_of(alg, struct tegra_se_alg, alg.aead.base); 1377 1378 crypto_aead_set_reqsize(tfm, sizeof(struct tegra_aead_reqctx)); 1379 1380 ctx->se = se_alg->se_dev; 1381 ctx->key_id = 0; 1382 ctx->keylen = 0; 1383 1384 ret = se_algname_to_algid(algname); 1385 if (ret < 0) { 1386 dev_err(ctx->se->dev, "invalid algorithm\n"); 1387 return ret; 1388 } 1389 1390 ctx->alg = ret; 1391 1392 return 0; 1393 } 1394 1395 static int tegra_ccm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 1396 { 1397 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1398 1399 switch (authsize) { 1400 case 4: 1401 case 6: 1402 case 8: 1403 case 10: 1404 case 12: 1405 case 14: 1406 case 16: 1407 break; 1408 default: 1409 return -EINVAL; 1410 } 1411 1412 ctx->authsize = authsize; 1413 1414 return 0; 1415 } 1416 1417 static int tegra_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 1418 { 1419 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1420 int ret; 1421 1422 ret = crypto_gcm_check_authsize(authsize); 1423 if (ret) 1424 return ret; 1425 1426 ctx->authsize = authsize; 1427 1428 return 0; 1429 } 1430 1431 static void tegra_aead_cra_exit(struct crypto_aead *tfm) 1432 { 1433 struct tegra_aead_ctx *ctx = crypto_tfm_ctx(&tfm->base); 1434 1435 if (ctx->key_id) 1436 tegra_key_invalidate(ctx->se, ctx->key_id, ctx->alg); 1437 } 1438 1439 static int tegra_aead_crypt(struct aead_request *req, bool encrypt) 1440 { 1441 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1442 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1443 struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1444 1445 rctx->encrypt = encrypt; 1446 1447 return crypto_transfer_aead_request_to_engine(ctx->se->engine, req); 1448 } 1449 1450 static int tegra_aead_encrypt(struct aead_request *req) 1451 { 1452 return tegra_aead_crypt(req, true); 1453 } 1454 1455 static int tegra_aead_decrypt(struct aead_request *req) 1456 { 1457 return tegra_aead_crypt(req, false); 1458 } 1459 1460 static int tegra_aead_setkey(struct crypto_aead *tfm, 1461 const u8 *key, u32 keylen) 1462 { 1463 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1464 int ret; 1465 1466 if (aes_check_keylen(keylen)) { 1467 dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 1468 return -EINVAL; 1469 } 1470 1471 ret = tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key_id); 1472 if (ret) { 1473 ctx->keylen = keylen; 1474 memcpy(ctx->key, key, keylen); 1475 } 1476 1477 return 0; 1478 } 1479 1480 static unsigned int tegra_cmac_prep_cmd(struct tegra_cmac_ctx *ctx, 1481 struct tegra_cmac_reqctx *rctx) 1482 { 1483 unsigned int data_count, res_bits = 0, i = 0, j; 1484 struct tegra_se *se = ctx->se; 1485 u32 *cpuvaddr = se->cmdbuf->addr, op; 1486 1487 data_count = (rctx->datbuf.size / AES_BLOCK_SIZE); 1488 1489 op = SE_AES_OP_WRSTALL | SE_AES_OP_START | SE_AES_OP_LASTBUF; 1490 1491 if (!(rctx->task & SHA_UPDATE)) { 1492 op |= SE_AES_OP_FINAL; 1493 res_bits = (rctx->datbuf.size % AES_BLOCK_SIZE) * 8; 1494 } 1495 1496 if (!res_bits && data_count) 1497 data_count--; 1498 1499 if (rctx->task & SHA_FIRST) { 1500 rctx->task &= ~SHA_FIRST; 1501 1502 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 1503 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 1504 /* Load 0 IV */ 1505 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 1506 cpuvaddr[i++] = 0; 1507 } 1508 1509 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 1510 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 1511 SE_LAST_BLOCK_RES_BITS(res_bits); 1512 1513 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 1514 cpuvaddr[i++] = rctx->config; 1515 cpuvaddr[i++] = rctx->crypto_config; 1516 1517 /* Source Address */ 1518 cpuvaddr[i++] = lower_32_bits(rctx->datbuf.addr); 1519 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->datbuf.addr)) | 1520 SE_ADDR_HI_SZ(rctx->datbuf.size); 1521 cpuvaddr[i++] = 0; 1522 cpuvaddr[i++] = SE_ADDR_HI_SZ(AES_BLOCK_SIZE); 1523 1524 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 1525 cpuvaddr[i++] = op; 1526 1527 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 1528 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 1529 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 1530 1531 return i; 1532 } 1533 1534 static void tegra_cmac_copy_result(struct tegra_se *se, struct tegra_cmac_reqctx *rctx) 1535 { 1536 int i; 1537 1538 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1539 rctx->result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1540 } 1541 1542 static void tegra_cmac_paste_result(struct tegra_se *se, struct tegra_cmac_reqctx *rctx) 1543 { 1544 int i; 1545 1546 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1547 writel(rctx->result[i], 1548 se->base + se->hw->regs->result + (i * 4)); 1549 } 1550 1551 static int tegra_cmac_do_init(struct ahash_request *req) 1552 { 1553 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1554 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1555 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1556 struct tegra_se *se = ctx->se; 1557 int i; 1558 1559 rctx->total_len = 0; 1560 rctx->datbuf.size = 0; 1561 rctx->residue.size = 0; 1562 rctx->key_id = ctx->key_id; 1563 rctx->task |= SHA_FIRST; 1564 rctx->blk_size = crypto_ahash_blocksize(tfm); 1565 1566 rctx->residue.buf = dma_alloc_coherent(se->dev, rctx->blk_size * 2, 1567 &rctx->residue.addr, GFP_KERNEL); 1568 if (!rctx->residue.buf) 1569 return -ENOMEM; 1570 1571 rctx->residue.size = 0; 1572 1573 /* Clear any previous result */ 1574 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1575 writel(0, se->base + se->hw->regs->result + (i * 4)); 1576 1577 return 0; 1578 } 1579 1580 static int tegra_cmac_do_update(struct ahash_request *req) 1581 { 1582 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1583 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1584 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1585 struct tegra_se *se = ctx->se; 1586 unsigned int nblks, nresidue, cmdlen; 1587 int ret; 1588 1589 if (!req->nbytes) 1590 return 0; 1591 1592 nresidue = (req->nbytes + rctx->residue.size) % rctx->blk_size; 1593 nblks = (req->nbytes + rctx->residue.size) / rctx->blk_size; 1594 1595 /* 1596 * Reserve the last block as residue during final() to process. 1597 */ 1598 if (!nresidue && nblks) { 1599 nresidue += rctx->blk_size; 1600 nblks--; 1601 } 1602 1603 rctx->src_sg = req->src; 1604 rctx->datbuf.size = (req->nbytes + rctx->residue.size) - nresidue; 1605 rctx->total_len += rctx->datbuf.size; 1606 rctx->config = tegra234_aes_cfg(SE_ALG_CMAC, 0); 1607 rctx->crypto_config = SE_AES_KEY_INDEX(rctx->key_id); 1608 1609 /* 1610 * Keep one block and residue bytes in residue and 1611 * return. The bytes will be processed in final() 1612 */ 1613 if (nblks < 1) { 1614 scatterwalk_map_and_copy(rctx->residue.buf + rctx->residue.size, 1615 rctx->src_sg, 0, req->nbytes, 0); 1616 1617 rctx->residue.size += req->nbytes; 1618 return 0; 1619 } 1620 1621 rctx->datbuf.buf = dma_alloc_coherent(se->dev, rctx->datbuf.size, 1622 &rctx->datbuf.addr, GFP_KERNEL); 1623 if (!rctx->datbuf.buf) 1624 return -ENOMEM; 1625 1626 /* Copy the previous residue first */ 1627 if (rctx->residue.size) 1628 memcpy(rctx->datbuf.buf, rctx->residue.buf, rctx->residue.size); 1629 1630 scatterwalk_map_and_copy(rctx->datbuf.buf + rctx->residue.size, 1631 rctx->src_sg, 0, req->nbytes - nresidue, 0); 1632 1633 scatterwalk_map_and_copy(rctx->residue.buf, rctx->src_sg, 1634 req->nbytes - nresidue, nresidue, 0); 1635 1636 /* Update residue value with the residue after current block */ 1637 rctx->residue.size = nresidue; 1638 1639 /* 1640 * If this is not the first task, paste the previous copied 1641 * intermediate results to the registers so that it gets picked up. 1642 */ 1643 if (!(rctx->task & SHA_FIRST)) 1644 tegra_cmac_paste_result(ctx->se, rctx); 1645 1646 cmdlen = tegra_cmac_prep_cmd(ctx, rctx); 1647 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 1648 1649 tegra_cmac_copy_result(ctx->se, rctx); 1650 1651 dma_free_coherent(ctx->se->dev, rctx->datbuf.size, 1652 rctx->datbuf.buf, rctx->datbuf.addr); 1653 1654 return ret; 1655 } 1656 1657 static int tegra_cmac_do_final(struct ahash_request *req) 1658 { 1659 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1660 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1661 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1662 struct tegra_se *se = ctx->se; 1663 u32 *result = (u32 *)req->result; 1664 int ret = 0, i, cmdlen; 1665 1666 if (!req->nbytes && !rctx->total_len && ctx->fallback_tfm) { 1667 return crypto_shash_tfm_digest(ctx->fallback_tfm, 1668 NULL, 0, req->result); 1669 } 1670 1671 if (rctx->residue.size) { 1672 rctx->datbuf.buf = dma_alloc_coherent(se->dev, rctx->residue.size, 1673 &rctx->datbuf.addr, GFP_KERNEL); 1674 if (!rctx->datbuf.buf) { 1675 ret = -ENOMEM; 1676 goto out_free; 1677 } 1678 1679 memcpy(rctx->datbuf.buf, rctx->residue.buf, rctx->residue.size); 1680 } 1681 1682 rctx->datbuf.size = rctx->residue.size; 1683 rctx->total_len += rctx->residue.size; 1684 rctx->config = tegra234_aes_cfg(SE_ALG_CMAC, 0); 1685 1686 /* 1687 * If this is not the first task, paste the previous copied 1688 * intermediate results to the registers so that it gets picked up. 1689 */ 1690 if (!(rctx->task & SHA_FIRST)) 1691 tegra_cmac_paste_result(ctx->se, rctx); 1692 1693 /* Prepare command and submit */ 1694 cmdlen = tegra_cmac_prep_cmd(ctx, rctx); 1695 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 1696 if (ret) 1697 goto out; 1698 1699 /* Read and clear Result register */ 1700 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1701 result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1702 1703 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1704 writel(0, se->base + se->hw->regs->result + (i * 4)); 1705 1706 out: 1707 if (rctx->residue.size) 1708 dma_free_coherent(se->dev, rctx->datbuf.size, 1709 rctx->datbuf.buf, rctx->datbuf.addr); 1710 out_free: 1711 dma_free_coherent(se->dev, crypto_ahash_blocksize(tfm) * 2, 1712 rctx->residue.buf, rctx->residue.addr); 1713 return ret; 1714 } 1715 1716 static int tegra_cmac_do_one_req(struct crypto_engine *engine, void *areq) 1717 { 1718 struct ahash_request *req = ahash_request_cast(areq); 1719 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1720 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1721 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1722 struct tegra_se *se = ctx->se; 1723 int ret = 0; 1724 1725 if (rctx->task & SHA_INIT) { 1726 ret = tegra_cmac_do_init(req); 1727 if (ret) 1728 goto out; 1729 1730 rctx->task &= ~SHA_INIT; 1731 } 1732 1733 if (!ctx->key_id) { 1734 ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key, 1735 ctx->keylen, ctx->alg, &rctx->key_id); 1736 if (ret) 1737 goto out; 1738 } 1739 1740 if (rctx->task & SHA_UPDATE) { 1741 ret = tegra_cmac_do_update(req); 1742 if (ret) 1743 goto out; 1744 1745 rctx->task &= ~SHA_UPDATE; 1746 } 1747 1748 if (rctx->task & SHA_FINAL) { 1749 ret = tegra_cmac_do_final(req); 1750 if (ret) 1751 goto out; 1752 1753 rctx->task &= ~SHA_FINAL; 1754 } 1755 out: 1756 if (tegra_key_is_reserved(rctx->key_id)) 1757 tegra_key_invalidate_reserved(ctx->se, rctx->key_id, ctx->alg); 1758 1759 local_bh_disable(); 1760 crypto_finalize_hash_request(se->engine, req, ret); 1761 local_bh_enable(); 1762 1763 return 0; 1764 } 1765 1766 static void tegra_cmac_init_fallback(struct crypto_ahash *tfm, struct tegra_cmac_ctx *ctx, 1767 const char *algname) 1768 { 1769 unsigned int statesize; 1770 1771 ctx->fallback_tfm = crypto_alloc_shash(algname, 0, CRYPTO_ALG_NEED_FALLBACK); 1772 1773 if (IS_ERR(ctx->fallback_tfm)) { 1774 dev_warn(ctx->se->dev, "failed to allocate fallback for %s\n", algname); 1775 ctx->fallback_tfm = NULL; 1776 return; 1777 } 1778 1779 statesize = crypto_shash_statesize(ctx->fallback_tfm); 1780 1781 if (statesize > sizeof(struct tegra_cmac_reqctx)) 1782 crypto_ahash_set_statesize(tfm, statesize); 1783 } 1784 1785 static int tegra_cmac_cra_init(struct crypto_tfm *tfm) 1786 { 1787 struct tegra_cmac_ctx *ctx = crypto_tfm_ctx(tfm); 1788 struct crypto_ahash *ahash_tfm = __crypto_ahash_cast(tfm); 1789 struct ahash_alg *alg = __crypto_ahash_alg(tfm->__crt_alg); 1790 struct tegra_se_alg *se_alg; 1791 const char *algname; 1792 int ret; 1793 1794 algname = crypto_tfm_alg_name(tfm); 1795 se_alg = container_of(alg, struct tegra_se_alg, alg.ahash.base); 1796 1797 crypto_ahash_set_reqsize(ahash_tfm, sizeof(struct tegra_cmac_reqctx)); 1798 1799 ctx->se = se_alg->se_dev; 1800 ctx->key_id = 0; 1801 ctx->keylen = 0; 1802 1803 ret = se_algname_to_algid(algname); 1804 if (ret < 0) { 1805 dev_err(ctx->se->dev, "invalid algorithm\n"); 1806 return ret; 1807 } 1808 1809 ctx->alg = ret; 1810 1811 tegra_cmac_init_fallback(ahash_tfm, ctx, algname); 1812 1813 return 0; 1814 } 1815 1816 static void tegra_cmac_cra_exit(struct crypto_tfm *tfm) 1817 { 1818 struct tegra_cmac_ctx *ctx = crypto_tfm_ctx(tfm); 1819 1820 if (ctx->fallback_tfm) 1821 crypto_free_shash(ctx->fallback_tfm); 1822 1823 tegra_key_invalidate(ctx->se, ctx->key_id, ctx->alg); 1824 } 1825 1826 static int tegra_cmac_setkey(struct crypto_ahash *tfm, const u8 *key, 1827 unsigned int keylen) 1828 { 1829 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1830 int ret; 1831 1832 if (aes_check_keylen(keylen)) { 1833 dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 1834 return -EINVAL; 1835 } 1836 1837 if (ctx->fallback_tfm) 1838 crypto_shash_setkey(ctx->fallback_tfm, key, keylen); 1839 1840 ret = tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key_id); 1841 if (ret) { 1842 ctx->keylen = keylen; 1843 memcpy(ctx->key, key, keylen); 1844 } 1845 1846 return 0; 1847 } 1848 1849 static int tegra_cmac_init(struct ahash_request *req) 1850 { 1851 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1852 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1853 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1854 1855 rctx->task = SHA_INIT; 1856 1857 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1858 } 1859 1860 static int tegra_cmac_update(struct ahash_request *req) 1861 { 1862 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1863 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1864 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1865 1866 rctx->task |= SHA_UPDATE; 1867 1868 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1869 } 1870 1871 static int tegra_cmac_final(struct ahash_request *req) 1872 { 1873 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1874 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1875 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1876 1877 rctx->task |= SHA_FINAL; 1878 1879 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1880 } 1881 1882 static int tegra_cmac_finup(struct ahash_request *req) 1883 { 1884 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1885 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1886 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1887 1888 rctx->task |= SHA_UPDATE | SHA_FINAL; 1889 1890 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1891 } 1892 1893 static int tegra_cmac_digest(struct ahash_request *req) 1894 { 1895 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1896 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1897 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1898 1899 rctx->task |= SHA_INIT | SHA_UPDATE | SHA_FINAL; 1900 1901 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1902 } 1903 1904 static int tegra_cmac_export(struct ahash_request *req, void *out) 1905 { 1906 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1907 1908 memcpy(out, rctx, sizeof(*rctx)); 1909 1910 return 0; 1911 } 1912 1913 static int tegra_cmac_import(struct ahash_request *req, const void *in) 1914 { 1915 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1916 1917 memcpy(rctx, in, sizeof(*rctx)); 1918 1919 return 0; 1920 } 1921 1922 static struct tegra_se_alg tegra_aead_algs[] = { 1923 { 1924 .alg.aead.op.do_one_request = tegra_gcm_do_one_req, 1925 .alg.aead.base = { 1926 .init = tegra_aead_cra_init, 1927 .exit = tegra_aead_cra_exit, 1928 .setkey = tegra_aead_setkey, 1929 .setauthsize = tegra_gcm_setauthsize, 1930 .encrypt = tegra_aead_encrypt, 1931 .decrypt = tegra_aead_decrypt, 1932 .maxauthsize = AES_BLOCK_SIZE, 1933 .ivsize = GCM_AES_IV_SIZE, 1934 .base = { 1935 .cra_name = "gcm(aes)", 1936 .cra_driver_name = "gcm-aes-tegra", 1937 .cra_priority = 500, 1938 .cra_flags = CRYPTO_ALG_ASYNC, 1939 .cra_blocksize = 1, 1940 .cra_ctxsize = sizeof(struct tegra_aead_ctx), 1941 .cra_alignmask = 0xf, 1942 .cra_module = THIS_MODULE, 1943 }, 1944 } 1945 }, { 1946 .alg.aead.op.do_one_request = tegra_ccm_do_one_req, 1947 .alg.aead.base = { 1948 .init = tegra_aead_cra_init, 1949 .exit = tegra_aead_cra_exit, 1950 .setkey = tegra_aead_setkey, 1951 .setauthsize = tegra_ccm_setauthsize, 1952 .encrypt = tegra_aead_encrypt, 1953 .decrypt = tegra_aead_decrypt, 1954 .maxauthsize = AES_BLOCK_SIZE, 1955 .ivsize = AES_BLOCK_SIZE, 1956 .chunksize = AES_BLOCK_SIZE, 1957 .base = { 1958 .cra_name = "ccm(aes)", 1959 .cra_driver_name = "ccm-aes-tegra", 1960 .cra_priority = 500, 1961 .cra_flags = CRYPTO_ALG_ASYNC, 1962 .cra_blocksize = 1, 1963 .cra_ctxsize = sizeof(struct tegra_aead_ctx), 1964 .cra_alignmask = 0xf, 1965 .cra_module = THIS_MODULE, 1966 }, 1967 } 1968 } 1969 }; 1970 1971 static struct tegra_se_alg tegra_cmac_algs[] = { 1972 { 1973 .alg.ahash.op.do_one_request = tegra_cmac_do_one_req, 1974 .alg.ahash.base = { 1975 .init = tegra_cmac_init, 1976 .setkey = tegra_cmac_setkey, 1977 .update = tegra_cmac_update, 1978 .final = tegra_cmac_final, 1979 .finup = tegra_cmac_finup, 1980 .digest = tegra_cmac_digest, 1981 .export = tegra_cmac_export, 1982 .import = tegra_cmac_import, 1983 .halg.digestsize = AES_BLOCK_SIZE, 1984 .halg.statesize = sizeof(struct tegra_cmac_reqctx), 1985 .halg.base = { 1986 .cra_name = "cmac(aes)", 1987 .cra_driver_name = "tegra-se-cmac", 1988 .cra_priority = 300, 1989 .cra_flags = CRYPTO_ALG_ASYNC, 1990 .cra_blocksize = AES_BLOCK_SIZE, 1991 .cra_ctxsize = sizeof(struct tegra_cmac_ctx), 1992 .cra_alignmask = 0, 1993 .cra_module = THIS_MODULE, 1994 .cra_init = tegra_cmac_cra_init, 1995 .cra_exit = tegra_cmac_cra_exit, 1996 } 1997 } 1998 } 1999 }; 2000 2001 int tegra_init_aes(struct tegra_se *se) 2002 { 2003 struct aead_engine_alg *aead_alg; 2004 struct ahash_engine_alg *ahash_alg; 2005 struct skcipher_engine_alg *sk_alg; 2006 int i, ret; 2007 2008 se->manifest = tegra_aes_kac_manifest; 2009 2010 for (i = 0; i < ARRAY_SIZE(tegra_aes_algs); i++) { 2011 sk_alg = &tegra_aes_algs[i].alg.skcipher; 2012 tegra_aes_algs[i].se_dev = se; 2013 2014 ret = crypto_engine_register_skcipher(sk_alg); 2015 if (ret) { 2016 dev_err(se->dev, "failed to register %s\n", 2017 sk_alg->base.base.cra_name); 2018 goto err_aes; 2019 } 2020 } 2021 2022 for (i = 0; i < ARRAY_SIZE(tegra_aead_algs); i++) { 2023 aead_alg = &tegra_aead_algs[i].alg.aead; 2024 tegra_aead_algs[i].se_dev = se; 2025 2026 ret = crypto_engine_register_aead(aead_alg); 2027 if (ret) { 2028 dev_err(se->dev, "failed to register %s\n", 2029 aead_alg->base.base.cra_name); 2030 goto err_aead; 2031 } 2032 } 2033 2034 for (i = 0; i < ARRAY_SIZE(tegra_cmac_algs); i++) { 2035 ahash_alg = &tegra_cmac_algs[i].alg.ahash; 2036 tegra_cmac_algs[i].se_dev = se; 2037 2038 ret = crypto_engine_register_ahash(ahash_alg); 2039 if (ret) { 2040 dev_err(se->dev, "failed to register %s\n", 2041 ahash_alg->base.halg.base.cra_name); 2042 goto err_cmac; 2043 } 2044 } 2045 2046 return 0; 2047 2048 err_cmac: 2049 while (i--) 2050 crypto_engine_unregister_ahash(&tegra_cmac_algs[i].alg.ahash); 2051 2052 i = ARRAY_SIZE(tegra_aead_algs); 2053 err_aead: 2054 while (i--) 2055 crypto_engine_unregister_aead(&tegra_aead_algs[i].alg.aead); 2056 2057 i = ARRAY_SIZE(tegra_aes_algs); 2058 err_aes: 2059 while (i--) 2060 crypto_engine_unregister_skcipher(&tegra_aes_algs[i].alg.skcipher); 2061 2062 return ret; 2063 } 2064 2065 void tegra_deinit_aes(struct tegra_se *se) 2066 { 2067 int i; 2068 2069 for (i = 0; i < ARRAY_SIZE(tegra_aes_algs); i++) 2070 crypto_engine_unregister_skcipher(&tegra_aes_algs[i].alg.skcipher); 2071 2072 for (i = 0; i < ARRAY_SIZE(tegra_aead_algs); i++) 2073 crypto_engine_unregister_aead(&tegra_aead_algs[i].alg.aead); 2074 2075 for (i = 0; i < ARRAY_SIZE(tegra_cmac_algs); i++) 2076 crypto_engine_unregister_ahash(&tegra_cmac_algs[i].alg.ahash); 2077 } 2078