xref: /linux/drivers/crypto/atmel-aes.c (revision bb46122db730f42f3fc1d9d511b3d6ebe8375cdd)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Cryptographic API.
4  *
5  * Support for ATMEL AES HW acceleration.
6  *
7  * Copyright (c) 2012 Eukréa Electromatique - ATMEL
8  * Author: Nicolas Royer <nicolas@eukrea.com>
9  *
10  * Some ideas are from omap-aes.c driver.
11  */
12 
13 
14 #include <linux/kernel.h>
15 #include <linux/module.h>
16 #include <linux/slab.h>
17 #include <linux/err.h>
18 #include <linux/clk.h>
19 #include <linux/io.h>
20 #include <linux/hw_random.h>
21 #include <linux/platform_device.h>
22 
23 #include <linux/device.h>
24 #include <linux/dmaengine.h>
25 #include <linux/init.h>
26 #include <linux/errno.h>
27 #include <linux/interrupt.h>
28 #include <linux/irq.h>
29 #include <linux/scatterlist.h>
30 #include <linux/dma-mapping.h>
31 #include <linux/mod_devicetable.h>
32 #include <linux/delay.h>
33 #include <linux/crypto.h>
34 #include <crypto/scatterwalk.h>
35 #include <crypto/algapi.h>
36 #include <crypto/aes.h>
37 #include <crypto/gcm.h>
38 #include <crypto/xts.h>
39 #include <crypto/internal/aead.h>
40 #include <crypto/internal/skcipher.h>
41 #include "atmel-aes-regs.h"
42 #include "atmel-authenc.h"
43 
44 #define ATMEL_AES_PRIORITY	300
45 
46 #define ATMEL_AES_BUFFER_ORDER	2
47 #define ATMEL_AES_BUFFER_SIZE	(PAGE_SIZE << ATMEL_AES_BUFFER_ORDER)
48 
49 #define CFB8_BLOCK_SIZE		1
50 #define CFB16_BLOCK_SIZE	2
51 #define CFB32_BLOCK_SIZE	4
52 #define CFB64_BLOCK_SIZE	8
53 
54 #define SIZE_IN_WORDS(x)	((x) >> 2)
55 
56 /* AES flags */
57 /* Reserve bits [18:16] [14:12] [1:0] for mode (same as for AES_MR) */
58 #define AES_FLAGS_ENCRYPT	AES_MR_CYPHER_ENC
59 #define AES_FLAGS_GTAGEN	AES_MR_GTAGEN
60 #define AES_FLAGS_OPMODE_MASK	(AES_MR_OPMOD_MASK | AES_MR_CFBS_MASK)
61 #define AES_FLAGS_ECB		AES_MR_OPMOD_ECB
62 #define AES_FLAGS_CBC		AES_MR_OPMOD_CBC
63 #define AES_FLAGS_OFB		AES_MR_OPMOD_OFB
64 #define AES_FLAGS_CFB128	(AES_MR_OPMOD_CFB | AES_MR_CFBS_128b)
65 #define AES_FLAGS_CFB64		(AES_MR_OPMOD_CFB | AES_MR_CFBS_64b)
66 #define AES_FLAGS_CFB32		(AES_MR_OPMOD_CFB | AES_MR_CFBS_32b)
67 #define AES_FLAGS_CFB16		(AES_MR_OPMOD_CFB | AES_MR_CFBS_16b)
68 #define AES_FLAGS_CFB8		(AES_MR_OPMOD_CFB | AES_MR_CFBS_8b)
69 #define AES_FLAGS_CTR		AES_MR_OPMOD_CTR
70 #define AES_FLAGS_GCM		AES_MR_OPMOD_GCM
71 #define AES_FLAGS_XTS		AES_MR_OPMOD_XTS
72 
73 #define AES_FLAGS_MODE_MASK	(AES_FLAGS_OPMODE_MASK |	\
74 				 AES_FLAGS_ENCRYPT |		\
75 				 AES_FLAGS_GTAGEN)
76 
77 #define AES_FLAGS_BUSY		BIT(3)
78 #define AES_FLAGS_DUMP_REG	BIT(4)
79 #define AES_FLAGS_OWN_SHA	BIT(5)
80 
81 #define AES_FLAGS_PERSISTENT	AES_FLAGS_BUSY
82 
83 #define ATMEL_AES_QUEUE_LENGTH	50
84 
85 #define ATMEL_AES_DMA_THRESHOLD		256
86 
87 
88 struct atmel_aes_caps {
89 	bool			has_dualbuff;
90 	bool			has_cfb64;
91 	bool			has_gcm;
92 	bool			has_xts;
93 	bool			has_authenc;
94 	u32			max_burst_size;
95 };
96 
97 struct atmel_aes_dev;
98 
99 
100 typedef int (*atmel_aes_fn_t)(struct atmel_aes_dev *);
101 
102 
103 struct atmel_aes_base_ctx {
104 	struct atmel_aes_dev	*dd;
105 	atmel_aes_fn_t		start;
106 	int			keylen;
107 	u32			key[AES_KEYSIZE_256 / sizeof(u32)];
108 	u16			block_size;
109 	bool			is_aead;
110 };
111 
112 struct atmel_aes_ctx {
113 	struct atmel_aes_base_ctx	base;
114 };
115 
116 struct atmel_aes_ctr_ctx {
117 	struct atmel_aes_base_ctx	base;
118 
119 	__be32			iv[AES_BLOCK_SIZE / sizeof(u32)];
120 	size_t			offset;
121 	struct scatterlist	src[2];
122 	struct scatterlist	dst[2];
123 	u32			blocks;
124 };
125 
126 struct atmel_aes_gcm_ctx {
127 	struct atmel_aes_base_ctx	base;
128 
129 	struct scatterlist	src[2];
130 	struct scatterlist	dst[2];
131 
132 	__be32			j0[AES_BLOCK_SIZE / sizeof(u32)];
133 	u32			tag[AES_BLOCK_SIZE / sizeof(u32)];
134 	__be32			ghash[AES_BLOCK_SIZE / sizeof(u32)];
135 	size_t			textlen;
136 
137 	const __be32		*ghash_in;
138 	__be32			*ghash_out;
139 	atmel_aes_fn_t		ghash_resume;
140 };
141 
142 struct atmel_aes_xts_ctx {
143 	struct atmel_aes_base_ctx	base;
144 
145 	u32			key2[AES_KEYSIZE_256 / sizeof(u32)];
146 	struct crypto_skcipher *fallback_tfm;
147 };
148 
149 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
150 struct atmel_aes_authenc_ctx {
151 	struct atmel_aes_base_ctx	base;
152 	struct atmel_sha_authenc_ctx	*auth;
153 };
154 #endif
155 
156 struct atmel_aes_reqctx {
157 	unsigned long		mode;
158 	u8			lastc[AES_BLOCK_SIZE];
159 	struct skcipher_request fallback_req;
160 };
161 
162 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
163 struct atmel_aes_authenc_reqctx {
164 	struct atmel_aes_reqctx	base;
165 
166 	struct scatterlist	src[2];
167 	struct scatterlist	dst[2];
168 	size_t			textlen;
169 	u32			digest[SHA512_DIGEST_SIZE / sizeof(u32)];
170 
171 	/* auth_req MUST be place last. */
172 	struct ahash_request	auth_req;
173 };
174 #endif
175 
176 struct atmel_aes_dma {
177 	struct dma_chan		*chan;
178 	struct scatterlist	*sg;
179 	int			nents;
180 	unsigned int		remainder;
181 	unsigned int		sg_len;
182 };
183 
184 struct atmel_aes_dev {
185 	struct list_head	list;
186 	unsigned long		phys_base;
187 	void __iomem		*io_base;
188 
189 	struct crypto_async_request	*areq;
190 	struct atmel_aes_base_ctx	*ctx;
191 
192 	bool			is_async;
193 	atmel_aes_fn_t		resume;
194 	atmel_aes_fn_t		cpu_transfer_complete;
195 
196 	struct device		*dev;
197 	struct clk		*iclk;
198 	int			irq;
199 
200 	unsigned long		flags;
201 
202 	spinlock_t		lock;
203 	struct crypto_queue	queue;
204 
205 	struct tasklet_struct	done_task;
206 	struct tasklet_struct	queue_task;
207 
208 	size_t			total;
209 	size_t			datalen;
210 	u32			*data;
211 
212 	struct atmel_aes_dma	src;
213 	struct atmel_aes_dma	dst;
214 
215 	size_t			buflen;
216 	void			*buf;
217 	struct scatterlist	aligned_sg;
218 	struct scatterlist	*real_dst;
219 
220 	struct atmel_aes_caps	caps;
221 
222 	u32			hw_version;
223 };
224 
225 struct atmel_aes_drv {
226 	struct list_head	dev_list;
227 	spinlock_t		lock;
228 };
229 
230 static struct atmel_aes_drv atmel_aes = {
231 	.dev_list = LIST_HEAD_INIT(atmel_aes.dev_list),
232 	.lock = __SPIN_LOCK_UNLOCKED(atmel_aes.lock),
233 };
234 
235 #ifdef VERBOSE_DEBUG
236 static const char *atmel_aes_reg_name(u32 offset, char *tmp, size_t sz)
237 {
238 	switch (offset) {
239 	case AES_CR:
240 		return "CR";
241 
242 	case AES_MR:
243 		return "MR";
244 
245 	case AES_ISR:
246 		return "ISR";
247 
248 	case AES_IMR:
249 		return "IMR";
250 
251 	case AES_IER:
252 		return "IER";
253 
254 	case AES_IDR:
255 		return "IDR";
256 
257 	case AES_KEYWR(0):
258 	case AES_KEYWR(1):
259 	case AES_KEYWR(2):
260 	case AES_KEYWR(3):
261 	case AES_KEYWR(4):
262 	case AES_KEYWR(5):
263 	case AES_KEYWR(6):
264 	case AES_KEYWR(7):
265 		snprintf(tmp, sz, "KEYWR[%u]", (offset - AES_KEYWR(0)) >> 2);
266 		break;
267 
268 	case AES_IDATAR(0):
269 	case AES_IDATAR(1):
270 	case AES_IDATAR(2):
271 	case AES_IDATAR(3):
272 		snprintf(tmp, sz, "IDATAR[%u]", (offset - AES_IDATAR(0)) >> 2);
273 		break;
274 
275 	case AES_ODATAR(0):
276 	case AES_ODATAR(1):
277 	case AES_ODATAR(2):
278 	case AES_ODATAR(3):
279 		snprintf(tmp, sz, "ODATAR[%u]", (offset - AES_ODATAR(0)) >> 2);
280 		break;
281 
282 	case AES_IVR(0):
283 	case AES_IVR(1):
284 	case AES_IVR(2):
285 	case AES_IVR(3):
286 		snprintf(tmp, sz, "IVR[%u]", (offset - AES_IVR(0)) >> 2);
287 		break;
288 
289 	case AES_AADLENR:
290 		return "AADLENR";
291 
292 	case AES_CLENR:
293 		return "CLENR";
294 
295 	case AES_GHASHR(0):
296 	case AES_GHASHR(1):
297 	case AES_GHASHR(2):
298 	case AES_GHASHR(3):
299 		snprintf(tmp, sz, "GHASHR[%u]", (offset - AES_GHASHR(0)) >> 2);
300 		break;
301 
302 	case AES_TAGR(0):
303 	case AES_TAGR(1):
304 	case AES_TAGR(2):
305 	case AES_TAGR(3):
306 		snprintf(tmp, sz, "TAGR[%u]", (offset - AES_TAGR(0)) >> 2);
307 		break;
308 
309 	case AES_CTRR:
310 		return "CTRR";
311 
312 	case AES_GCMHR(0):
313 	case AES_GCMHR(1):
314 	case AES_GCMHR(2):
315 	case AES_GCMHR(3):
316 		snprintf(tmp, sz, "GCMHR[%u]", (offset - AES_GCMHR(0)) >> 2);
317 		break;
318 
319 	case AES_EMR:
320 		return "EMR";
321 
322 	case AES_TWR(0):
323 	case AES_TWR(1):
324 	case AES_TWR(2):
325 	case AES_TWR(3):
326 		snprintf(tmp, sz, "TWR[%u]", (offset - AES_TWR(0)) >> 2);
327 		break;
328 
329 	case AES_ALPHAR(0):
330 	case AES_ALPHAR(1):
331 	case AES_ALPHAR(2):
332 	case AES_ALPHAR(3):
333 		snprintf(tmp, sz, "ALPHAR[%u]", (offset - AES_ALPHAR(0)) >> 2);
334 		break;
335 
336 	default:
337 		snprintf(tmp, sz, "0x%02x", offset);
338 		break;
339 	}
340 
341 	return tmp;
342 }
343 #endif /* VERBOSE_DEBUG */
344 
345 /* Shared functions */
346 
347 static inline u32 atmel_aes_read(struct atmel_aes_dev *dd, u32 offset)
348 {
349 	u32 value = readl_relaxed(dd->io_base + offset);
350 
351 #ifdef VERBOSE_DEBUG
352 	if (dd->flags & AES_FLAGS_DUMP_REG) {
353 		char tmp[16];
354 
355 		dev_vdbg(dd->dev, "read 0x%08x from %s\n", value,
356 			 atmel_aes_reg_name(offset, tmp, sizeof(tmp)));
357 	}
358 #endif /* VERBOSE_DEBUG */
359 
360 	return value;
361 }
362 
363 static inline void atmel_aes_write(struct atmel_aes_dev *dd,
364 					u32 offset, u32 value)
365 {
366 #ifdef VERBOSE_DEBUG
367 	if (dd->flags & AES_FLAGS_DUMP_REG) {
368 		char tmp[16];
369 
370 		dev_vdbg(dd->dev, "write 0x%08x into %s\n", value,
371 			 atmel_aes_reg_name(offset, tmp, sizeof(tmp)));
372 	}
373 #endif /* VERBOSE_DEBUG */
374 
375 	writel_relaxed(value, dd->io_base + offset);
376 }
377 
378 static void atmel_aes_read_n(struct atmel_aes_dev *dd, u32 offset,
379 					u32 *value, int count)
380 {
381 	for (; count--; value++, offset += 4)
382 		*value = atmel_aes_read(dd, offset);
383 }
384 
385 static void atmel_aes_write_n(struct atmel_aes_dev *dd, u32 offset,
386 			      const u32 *value, int count)
387 {
388 	for (; count--; value++, offset += 4)
389 		atmel_aes_write(dd, offset, *value);
390 }
391 
392 static inline void atmel_aes_read_block(struct atmel_aes_dev *dd, u32 offset,
393 					void *value)
394 {
395 	atmel_aes_read_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE));
396 }
397 
398 static inline void atmel_aes_write_block(struct atmel_aes_dev *dd, u32 offset,
399 					 const void *value)
400 {
401 	atmel_aes_write_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE));
402 }
403 
404 static inline int atmel_aes_wait_for_data_ready(struct atmel_aes_dev *dd,
405 						atmel_aes_fn_t resume)
406 {
407 	u32 isr = atmel_aes_read(dd, AES_ISR);
408 
409 	if (unlikely(isr & AES_INT_DATARDY))
410 		return resume(dd);
411 
412 	dd->resume = resume;
413 	atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
414 	return -EINPROGRESS;
415 }
416 
417 static inline size_t atmel_aes_padlen(size_t len, size_t block_size)
418 {
419 	len &= block_size - 1;
420 	return len ? block_size - len : 0;
421 }
422 
423 static struct atmel_aes_dev *atmel_aes_dev_alloc(struct atmel_aes_base_ctx *ctx)
424 {
425 	struct atmel_aes_dev *aes_dd;
426 
427 	spin_lock_bh(&atmel_aes.lock);
428 	/* One AES IP per SoC. */
429 	aes_dd = list_first_entry_or_null(&atmel_aes.dev_list,
430 					  struct atmel_aes_dev, list);
431 	spin_unlock_bh(&atmel_aes.lock);
432 	return aes_dd;
433 }
434 
435 static int atmel_aes_hw_init(struct atmel_aes_dev *dd)
436 {
437 	int err;
438 
439 	err = clk_enable(dd->iclk);
440 	if (err)
441 		return err;
442 
443 	atmel_aes_write(dd, AES_CR, AES_CR_SWRST);
444 	atmel_aes_write(dd, AES_MR, 0xE << AES_MR_CKEY_OFFSET);
445 
446 	return 0;
447 }
448 
449 static inline unsigned int atmel_aes_get_version(struct atmel_aes_dev *dd)
450 {
451 	return atmel_aes_read(dd, AES_HW_VERSION) & 0x00000fff;
452 }
453 
454 static int atmel_aes_hw_version_init(struct atmel_aes_dev *dd)
455 {
456 	int err;
457 
458 	err = atmel_aes_hw_init(dd);
459 	if (err)
460 		return err;
461 
462 	dd->hw_version = atmel_aes_get_version(dd);
463 
464 	dev_info(dd->dev, "version: 0x%x\n", dd->hw_version);
465 
466 	clk_disable(dd->iclk);
467 	return 0;
468 }
469 
470 static inline void atmel_aes_set_mode(struct atmel_aes_dev *dd,
471 				      const struct atmel_aes_reqctx *rctx)
472 {
473 	/* Clear all but persistent flags and set request flags. */
474 	dd->flags = (dd->flags & AES_FLAGS_PERSISTENT) | rctx->mode;
475 }
476 
477 static inline bool atmel_aes_is_encrypt(const struct atmel_aes_dev *dd)
478 {
479 	return (dd->flags & AES_FLAGS_ENCRYPT);
480 }
481 
482 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
483 static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err);
484 #endif
485 
486 static void atmel_aes_set_iv_as_last_ciphertext_block(struct atmel_aes_dev *dd)
487 {
488 	struct skcipher_request *req = skcipher_request_cast(dd->areq);
489 	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
490 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
491 	unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
492 
493 	if (req->cryptlen < ivsize)
494 		return;
495 
496 	if (rctx->mode & AES_FLAGS_ENCRYPT)
497 		scatterwalk_map_and_copy(req->iv, req->dst,
498 					 req->cryptlen - ivsize, ivsize, 0);
499 	else
500 		memcpy(req->iv, rctx->lastc, ivsize);
501 }
502 
503 static inline struct atmel_aes_ctr_ctx *
504 atmel_aes_ctr_ctx_cast(struct atmel_aes_base_ctx *ctx)
505 {
506 	return container_of(ctx, struct atmel_aes_ctr_ctx, base);
507 }
508 
509 static void atmel_aes_ctr_update_req_iv(struct atmel_aes_dev *dd)
510 {
511 	struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
512 	struct skcipher_request *req = skcipher_request_cast(dd->areq);
513 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
514 	unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
515 	int i;
516 
517 	/*
518 	 * The CTR transfer works in fragments of data of maximum 1 MByte
519 	 * because of the 16 bit CTR counter embedded in the IP. When reaching
520 	 * here, ctx->blocks contains the number of blocks of the last fragment
521 	 * processed, there is no need to explicit cast it to u16.
522 	 */
523 	for (i = 0; i < ctx->blocks; i++)
524 		crypto_inc((u8 *)ctx->iv, AES_BLOCK_SIZE);
525 
526 	memcpy(req->iv, ctx->iv, ivsize);
527 }
528 
529 static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err)
530 {
531 	struct skcipher_request *req = skcipher_request_cast(dd->areq);
532 	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
533 
534 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
535 	if (dd->ctx->is_aead)
536 		atmel_aes_authenc_complete(dd, err);
537 #endif
538 
539 	clk_disable(dd->iclk);
540 	dd->flags &= ~AES_FLAGS_BUSY;
541 
542 	if (!err && !dd->ctx->is_aead &&
543 	    (rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_ECB) {
544 		if ((rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_CTR)
545 			atmel_aes_set_iv_as_last_ciphertext_block(dd);
546 		else
547 			atmel_aes_ctr_update_req_iv(dd);
548 	}
549 
550 	if (dd->is_async)
551 		crypto_request_complete(dd->areq, err);
552 
553 	tasklet_schedule(&dd->queue_task);
554 
555 	return err;
556 }
557 
558 static void atmel_aes_write_ctrl_key(struct atmel_aes_dev *dd, bool use_dma,
559 				     const __be32 *iv, const u32 *key, int keylen)
560 {
561 	u32 valmr = 0;
562 
563 	/* MR register must be set before IV registers */
564 	if (keylen == AES_KEYSIZE_128)
565 		valmr |= AES_MR_KEYSIZE_128;
566 	else if (keylen == AES_KEYSIZE_192)
567 		valmr |= AES_MR_KEYSIZE_192;
568 	else
569 		valmr |= AES_MR_KEYSIZE_256;
570 
571 	valmr |= dd->flags & AES_FLAGS_MODE_MASK;
572 
573 	if (use_dma) {
574 		valmr |= AES_MR_SMOD_IDATAR0;
575 		if (dd->caps.has_dualbuff)
576 			valmr |= AES_MR_DUALBUFF;
577 	} else {
578 		valmr |= AES_MR_SMOD_AUTO;
579 	}
580 
581 	atmel_aes_write(dd, AES_MR, valmr);
582 
583 	atmel_aes_write_n(dd, AES_KEYWR(0), key, SIZE_IN_WORDS(keylen));
584 
585 	if (iv && (valmr & AES_MR_OPMOD_MASK) != AES_MR_OPMOD_ECB)
586 		atmel_aes_write_block(dd, AES_IVR(0), iv);
587 }
588 
589 static inline void atmel_aes_write_ctrl(struct atmel_aes_dev *dd, bool use_dma,
590 					const __be32 *iv)
591 
592 {
593 	atmel_aes_write_ctrl_key(dd, use_dma, iv,
594 				 dd->ctx->key, dd->ctx->keylen);
595 }
596 
597 /* CPU transfer */
598 
599 static int atmel_aes_cpu_transfer(struct atmel_aes_dev *dd)
600 {
601 	int err = 0;
602 	u32 isr;
603 
604 	for (;;) {
605 		atmel_aes_read_block(dd, AES_ODATAR(0), dd->data);
606 		dd->data += 4;
607 		dd->datalen -= AES_BLOCK_SIZE;
608 
609 		if (dd->datalen < AES_BLOCK_SIZE)
610 			break;
611 
612 		atmel_aes_write_block(dd, AES_IDATAR(0), dd->data);
613 
614 		isr = atmel_aes_read(dd, AES_ISR);
615 		if (!(isr & AES_INT_DATARDY)) {
616 			dd->resume = atmel_aes_cpu_transfer;
617 			atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
618 			return -EINPROGRESS;
619 		}
620 	}
621 
622 	if (!sg_copy_from_buffer(dd->real_dst, sg_nents(dd->real_dst),
623 				 dd->buf, dd->total))
624 		err = -EINVAL;
625 
626 	if (err)
627 		return atmel_aes_complete(dd, err);
628 
629 	return dd->cpu_transfer_complete(dd);
630 }
631 
632 static int atmel_aes_cpu_start(struct atmel_aes_dev *dd,
633 			       struct scatterlist *src,
634 			       struct scatterlist *dst,
635 			       size_t len,
636 			       atmel_aes_fn_t resume)
637 {
638 	size_t padlen = atmel_aes_padlen(len, AES_BLOCK_SIZE);
639 
640 	if (unlikely(len == 0))
641 		return -EINVAL;
642 
643 	sg_copy_to_buffer(src, sg_nents(src), dd->buf, len);
644 
645 	dd->total = len;
646 	dd->real_dst = dst;
647 	dd->cpu_transfer_complete = resume;
648 	dd->datalen = len + padlen;
649 	dd->data = (u32 *)dd->buf;
650 	atmel_aes_write_block(dd, AES_IDATAR(0), dd->data);
651 	return atmel_aes_wait_for_data_ready(dd, atmel_aes_cpu_transfer);
652 }
653 
654 
655 /* DMA transfer */
656 
657 static void atmel_aes_dma_callback(void *data);
658 
659 static bool atmel_aes_check_aligned(struct atmel_aes_dev *dd,
660 				    struct scatterlist *sg,
661 				    size_t len,
662 				    struct atmel_aes_dma *dma)
663 {
664 	int nents;
665 
666 	if (!IS_ALIGNED(len, dd->ctx->block_size))
667 		return false;
668 
669 	for (nents = 0; sg; sg = sg_next(sg), ++nents) {
670 		if (!IS_ALIGNED(sg->offset, sizeof(u32)))
671 			return false;
672 
673 		if (len <= sg->length) {
674 			if (!IS_ALIGNED(len, dd->ctx->block_size))
675 				return false;
676 
677 			dma->nents = nents+1;
678 			dma->remainder = sg->length - len;
679 			sg->length = len;
680 			return true;
681 		}
682 
683 		if (!IS_ALIGNED(sg->length, dd->ctx->block_size))
684 			return false;
685 
686 		len -= sg->length;
687 	}
688 
689 	return false;
690 }
691 
692 static inline void atmel_aes_restore_sg(const struct atmel_aes_dma *dma)
693 {
694 	struct scatterlist *sg = dma->sg;
695 	int nents = dma->nents;
696 
697 	if (!dma->remainder)
698 		return;
699 
700 	while (--nents > 0 && sg)
701 		sg = sg_next(sg);
702 
703 	if (!sg)
704 		return;
705 
706 	sg->length += dma->remainder;
707 }
708 
709 static int atmel_aes_map(struct atmel_aes_dev *dd,
710 			 struct scatterlist *src,
711 			 struct scatterlist *dst,
712 			 size_t len)
713 {
714 	bool src_aligned, dst_aligned;
715 	size_t padlen;
716 
717 	dd->total = len;
718 	dd->src.sg = src;
719 	dd->dst.sg = dst;
720 	dd->real_dst = dst;
721 
722 	src_aligned = atmel_aes_check_aligned(dd, src, len, &dd->src);
723 	if (src == dst)
724 		dst_aligned = src_aligned;
725 	else
726 		dst_aligned = atmel_aes_check_aligned(dd, dst, len, &dd->dst);
727 	if (!src_aligned || !dst_aligned) {
728 		padlen = atmel_aes_padlen(len, dd->ctx->block_size);
729 
730 		if (dd->buflen < len + padlen)
731 			return -ENOMEM;
732 
733 		if (!src_aligned) {
734 			sg_copy_to_buffer(src, sg_nents(src), dd->buf, len);
735 			dd->src.sg = &dd->aligned_sg;
736 			dd->src.nents = 1;
737 			dd->src.remainder = 0;
738 		}
739 
740 		if (!dst_aligned) {
741 			dd->dst.sg = &dd->aligned_sg;
742 			dd->dst.nents = 1;
743 			dd->dst.remainder = 0;
744 		}
745 
746 		sg_init_table(&dd->aligned_sg, 1);
747 		sg_set_buf(&dd->aligned_sg, dd->buf, len + padlen);
748 	}
749 
750 	if (dd->src.sg == dd->dst.sg) {
751 		dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents,
752 					    DMA_BIDIRECTIONAL);
753 		dd->dst.sg_len = dd->src.sg_len;
754 		if (!dd->src.sg_len)
755 			return -EFAULT;
756 	} else {
757 		dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents,
758 					    DMA_TO_DEVICE);
759 		if (!dd->src.sg_len)
760 			return -EFAULT;
761 
762 		dd->dst.sg_len = dma_map_sg(dd->dev, dd->dst.sg, dd->dst.nents,
763 					    DMA_FROM_DEVICE);
764 		if (!dd->dst.sg_len) {
765 			dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
766 				     DMA_TO_DEVICE);
767 			return -EFAULT;
768 		}
769 	}
770 
771 	return 0;
772 }
773 
774 static void atmel_aes_unmap(struct atmel_aes_dev *dd)
775 {
776 	if (dd->src.sg == dd->dst.sg) {
777 		dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
778 			     DMA_BIDIRECTIONAL);
779 
780 		if (dd->src.sg != &dd->aligned_sg)
781 			atmel_aes_restore_sg(&dd->src);
782 	} else {
783 		dma_unmap_sg(dd->dev, dd->dst.sg, dd->dst.nents,
784 			     DMA_FROM_DEVICE);
785 
786 		if (dd->dst.sg != &dd->aligned_sg)
787 			atmel_aes_restore_sg(&dd->dst);
788 
789 		dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
790 			     DMA_TO_DEVICE);
791 
792 		if (dd->src.sg != &dd->aligned_sg)
793 			atmel_aes_restore_sg(&dd->src);
794 	}
795 
796 	if (dd->dst.sg == &dd->aligned_sg)
797 		sg_copy_from_buffer(dd->real_dst, sg_nents(dd->real_dst),
798 				    dd->buf, dd->total);
799 }
800 
801 static int atmel_aes_dma_transfer_start(struct atmel_aes_dev *dd,
802 					enum dma_slave_buswidth addr_width,
803 					enum dma_transfer_direction dir,
804 					u32 maxburst)
805 {
806 	struct dma_async_tx_descriptor *desc;
807 	struct dma_slave_config config;
808 	dma_async_tx_callback callback;
809 	struct atmel_aes_dma *dma;
810 	int err;
811 
812 	memset(&config, 0, sizeof(config));
813 	config.src_addr_width = addr_width;
814 	config.dst_addr_width = addr_width;
815 	config.src_maxburst = maxburst;
816 	config.dst_maxburst = maxburst;
817 
818 	switch (dir) {
819 	case DMA_MEM_TO_DEV:
820 		dma = &dd->src;
821 		callback = NULL;
822 		config.dst_addr = dd->phys_base + AES_IDATAR(0);
823 		break;
824 
825 	case DMA_DEV_TO_MEM:
826 		dma = &dd->dst;
827 		callback = atmel_aes_dma_callback;
828 		config.src_addr = dd->phys_base + AES_ODATAR(0);
829 		break;
830 
831 	default:
832 		return -EINVAL;
833 	}
834 
835 	err = dmaengine_slave_config(dma->chan, &config);
836 	if (err)
837 		return err;
838 
839 	desc = dmaengine_prep_slave_sg(dma->chan, dma->sg, dma->sg_len, dir,
840 				       DMA_PREP_INTERRUPT | DMA_CTRL_ACK);
841 	if (!desc)
842 		return -ENOMEM;
843 
844 	desc->callback = callback;
845 	desc->callback_param = dd;
846 	dmaengine_submit(desc);
847 	dma_async_issue_pending(dma->chan);
848 
849 	return 0;
850 }
851 
852 static int atmel_aes_dma_start(struct atmel_aes_dev *dd,
853 			       struct scatterlist *src,
854 			       struct scatterlist *dst,
855 			       size_t len,
856 			       atmel_aes_fn_t resume)
857 {
858 	enum dma_slave_buswidth addr_width;
859 	u32 maxburst;
860 	int err;
861 
862 	switch (dd->ctx->block_size) {
863 	case CFB8_BLOCK_SIZE:
864 		addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
865 		maxburst = 1;
866 		break;
867 
868 	case CFB16_BLOCK_SIZE:
869 		addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
870 		maxburst = 1;
871 		break;
872 
873 	case CFB32_BLOCK_SIZE:
874 	case CFB64_BLOCK_SIZE:
875 		addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
876 		maxburst = 1;
877 		break;
878 
879 	case AES_BLOCK_SIZE:
880 		addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
881 		maxburst = dd->caps.max_burst_size;
882 		break;
883 
884 	default:
885 		err = -EINVAL;
886 		goto exit;
887 	}
888 
889 	err = atmel_aes_map(dd, src, dst, len);
890 	if (err)
891 		goto exit;
892 
893 	dd->resume = resume;
894 
895 	/* Set output DMA transfer first */
896 	err = atmel_aes_dma_transfer_start(dd, addr_width, DMA_DEV_TO_MEM,
897 					   maxburst);
898 	if (err)
899 		goto unmap;
900 
901 	/* Then set input DMA transfer */
902 	err = atmel_aes_dma_transfer_start(dd, addr_width, DMA_MEM_TO_DEV,
903 					   maxburst);
904 	if (err)
905 		goto output_transfer_stop;
906 
907 	return -EINPROGRESS;
908 
909 output_transfer_stop:
910 	dmaengine_terminate_sync(dd->dst.chan);
911 unmap:
912 	atmel_aes_unmap(dd);
913 exit:
914 	return atmel_aes_complete(dd, err);
915 }
916 
917 static void atmel_aes_dma_callback(void *data)
918 {
919 	struct atmel_aes_dev *dd = data;
920 
921 	atmel_aes_unmap(dd);
922 	dd->is_async = true;
923 	(void)dd->resume(dd);
924 }
925 
926 static int atmel_aes_handle_queue(struct atmel_aes_dev *dd,
927 				  struct crypto_async_request *new_areq)
928 {
929 	struct crypto_async_request *areq, *backlog;
930 	struct atmel_aes_base_ctx *ctx;
931 	unsigned long flags;
932 	bool start_async;
933 	int err, ret = 0;
934 
935 	spin_lock_irqsave(&dd->lock, flags);
936 	if (new_areq)
937 		ret = crypto_enqueue_request(&dd->queue, new_areq);
938 	if (dd->flags & AES_FLAGS_BUSY) {
939 		spin_unlock_irqrestore(&dd->lock, flags);
940 		return ret;
941 	}
942 	backlog = crypto_get_backlog(&dd->queue);
943 	areq = crypto_dequeue_request(&dd->queue);
944 	if (areq)
945 		dd->flags |= AES_FLAGS_BUSY;
946 	spin_unlock_irqrestore(&dd->lock, flags);
947 
948 	if (!areq)
949 		return ret;
950 
951 	if (backlog)
952 		crypto_request_complete(backlog, -EINPROGRESS);
953 
954 	ctx = crypto_tfm_ctx(areq->tfm);
955 
956 	dd->areq = areq;
957 	dd->ctx = ctx;
958 	start_async = (areq != new_areq);
959 	dd->is_async = start_async;
960 
961 	/* WARNING: ctx->start() MAY change dd->is_async. */
962 	err = ctx->start(dd);
963 	return (start_async) ? ret : err;
964 }
965 
966 
967 /* AES async block ciphers */
968 
969 static int atmel_aes_transfer_complete(struct atmel_aes_dev *dd)
970 {
971 	return atmel_aes_complete(dd, 0);
972 }
973 
974 static int atmel_aes_start(struct atmel_aes_dev *dd)
975 {
976 	struct skcipher_request *req = skcipher_request_cast(dd->areq);
977 	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
978 	bool use_dma = (req->cryptlen >= ATMEL_AES_DMA_THRESHOLD ||
979 			dd->ctx->block_size != AES_BLOCK_SIZE);
980 	int err;
981 
982 	atmel_aes_set_mode(dd, rctx);
983 
984 	err = atmel_aes_hw_init(dd);
985 	if (err)
986 		return atmel_aes_complete(dd, err);
987 
988 	atmel_aes_write_ctrl(dd, use_dma, (void *)req->iv);
989 	if (use_dma)
990 		return atmel_aes_dma_start(dd, req->src, req->dst,
991 					   req->cryptlen,
992 					   atmel_aes_transfer_complete);
993 
994 	return atmel_aes_cpu_start(dd, req->src, req->dst, req->cryptlen,
995 				   atmel_aes_transfer_complete);
996 }
997 
998 static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd)
999 {
1000 	struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
1001 	struct skcipher_request *req = skcipher_request_cast(dd->areq);
1002 	struct scatterlist *src, *dst;
1003 	size_t datalen;
1004 	u32 ctr;
1005 	u16 start, end;
1006 	bool use_dma, fragmented = false;
1007 
1008 	/* Check for transfer completion. */
1009 	ctx->offset += dd->total;
1010 	if (ctx->offset >= req->cryptlen)
1011 		return atmel_aes_transfer_complete(dd);
1012 
1013 	/* Compute data length. */
1014 	datalen = req->cryptlen - ctx->offset;
1015 	ctx->blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE);
1016 	ctr = be32_to_cpu(ctx->iv[3]);
1017 
1018 	/* Check 16bit counter overflow. */
1019 	start = ctr & 0xffff;
1020 	end = start + ctx->blocks - 1;
1021 
1022 	if (ctx->blocks >> 16 || end < start) {
1023 		ctr |= 0xffff;
1024 		datalen = AES_BLOCK_SIZE * (0x10000 - start);
1025 		fragmented = true;
1026 	}
1027 
1028 	use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD);
1029 
1030 	/* Jump to offset. */
1031 	src = scatterwalk_ffwd(ctx->src, req->src, ctx->offset);
1032 	dst = ((req->src == req->dst) ? src :
1033 	       scatterwalk_ffwd(ctx->dst, req->dst, ctx->offset));
1034 
1035 	/* Configure hardware. */
1036 	atmel_aes_write_ctrl(dd, use_dma, ctx->iv);
1037 	if (unlikely(fragmented)) {
1038 		/*
1039 		 * Increment the counter manually to cope with the hardware
1040 		 * counter overflow.
1041 		 */
1042 		ctx->iv[3] = cpu_to_be32(ctr);
1043 		crypto_inc((u8 *)ctx->iv, AES_BLOCK_SIZE);
1044 	}
1045 
1046 	if (use_dma)
1047 		return atmel_aes_dma_start(dd, src, dst, datalen,
1048 					   atmel_aes_ctr_transfer);
1049 
1050 	return atmel_aes_cpu_start(dd, src, dst, datalen,
1051 				   atmel_aes_ctr_transfer);
1052 }
1053 
1054 static int atmel_aes_ctr_start(struct atmel_aes_dev *dd)
1055 {
1056 	struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
1057 	struct skcipher_request *req = skcipher_request_cast(dd->areq);
1058 	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
1059 	int err;
1060 
1061 	atmel_aes_set_mode(dd, rctx);
1062 
1063 	err = atmel_aes_hw_init(dd);
1064 	if (err)
1065 		return atmel_aes_complete(dd, err);
1066 
1067 	memcpy(ctx->iv, req->iv, AES_BLOCK_SIZE);
1068 	ctx->offset = 0;
1069 	dd->total = 0;
1070 	return atmel_aes_ctr_transfer(dd);
1071 }
1072 
1073 static int atmel_aes_xts_fallback(struct skcipher_request *req, bool enc)
1074 {
1075 	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
1076 	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(
1077 			crypto_skcipher_reqtfm(req));
1078 
1079 	skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm);
1080 	skcipher_request_set_callback(&rctx->fallback_req, req->base.flags,
1081 				      req->base.complete, req->base.data);
1082 	skcipher_request_set_crypt(&rctx->fallback_req, req->src, req->dst,
1083 				   req->cryptlen, req->iv);
1084 
1085 	return enc ? crypto_skcipher_encrypt(&rctx->fallback_req) :
1086 		     crypto_skcipher_decrypt(&rctx->fallback_req);
1087 }
1088 
1089 static int atmel_aes_crypt(struct skcipher_request *req, unsigned long mode)
1090 {
1091 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1092 	struct atmel_aes_base_ctx *ctx = crypto_skcipher_ctx(skcipher);
1093 	struct atmel_aes_reqctx *rctx;
1094 	u32 opmode = mode & AES_FLAGS_OPMODE_MASK;
1095 
1096 	if (opmode == AES_FLAGS_XTS) {
1097 		if (req->cryptlen < XTS_BLOCK_SIZE)
1098 			return -EINVAL;
1099 
1100 		if (!IS_ALIGNED(req->cryptlen, XTS_BLOCK_SIZE))
1101 			return atmel_aes_xts_fallback(req,
1102 						      mode & AES_FLAGS_ENCRYPT);
1103 	}
1104 
1105 	/*
1106 	 * ECB, CBC, CFB, OFB or CTR mode require the plaintext and ciphertext
1107 	 * to have a positve integer length.
1108 	 */
1109 	if (!req->cryptlen && opmode != AES_FLAGS_XTS)
1110 		return 0;
1111 
1112 	if ((opmode == AES_FLAGS_ECB || opmode == AES_FLAGS_CBC) &&
1113 	    !IS_ALIGNED(req->cryptlen, crypto_skcipher_blocksize(skcipher)))
1114 		return -EINVAL;
1115 
1116 	switch (mode & AES_FLAGS_OPMODE_MASK) {
1117 	case AES_FLAGS_CFB8:
1118 		ctx->block_size = CFB8_BLOCK_SIZE;
1119 		break;
1120 
1121 	case AES_FLAGS_CFB16:
1122 		ctx->block_size = CFB16_BLOCK_SIZE;
1123 		break;
1124 
1125 	case AES_FLAGS_CFB32:
1126 		ctx->block_size = CFB32_BLOCK_SIZE;
1127 		break;
1128 
1129 	case AES_FLAGS_CFB64:
1130 		ctx->block_size = CFB64_BLOCK_SIZE;
1131 		break;
1132 
1133 	default:
1134 		ctx->block_size = AES_BLOCK_SIZE;
1135 		break;
1136 	}
1137 	ctx->is_aead = false;
1138 
1139 	rctx = skcipher_request_ctx(req);
1140 	rctx->mode = mode;
1141 
1142 	if (opmode != AES_FLAGS_ECB &&
1143 	    !(mode & AES_FLAGS_ENCRYPT)) {
1144 		unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
1145 
1146 		if (req->cryptlen >= ivsize)
1147 			scatterwalk_map_and_copy(rctx->lastc, req->src,
1148 						 req->cryptlen - ivsize,
1149 						 ivsize, 0);
1150 	}
1151 
1152 	return atmel_aes_handle_queue(ctx->dd, &req->base);
1153 }
1154 
1155 static int atmel_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
1156 			   unsigned int keylen)
1157 {
1158 	struct atmel_aes_base_ctx *ctx = crypto_skcipher_ctx(tfm);
1159 
1160 	if (keylen != AES_KEYSIZE_128 &&
1161 	    keylen != AES_KEYSIZE_192 &&
1162 	    keylen != AES_KEYSIZE_256)
1163 		return -EINVAL;
1164 
1165 	memcpy(ctx->key, key, keylen);
1166 	ctx->keylen = keylen;
1167 
1168 	return 0;
1169 }
1170 
1171 static int atmel_aes_ecb_encrypt(struct skcipher_request *req)
1172 {
1173 	return atmel_aes_crypt(req, AES_FLAGS_ECB | AES_FLAGS_ENCRYPT);
1174 }
1175 
1176 static int atmel_aes_ecb_decrypt(struct skcipher_request *req)
1177 {
1178 	return atmel_aes_crypt(req, AES_FLAGS_ECB);
1179 }
1180 
1181 static int atmel_aes_cbc_encrypt(struct skcipher_request *req)
1182 {
1183 	return atmel_aes_crypt(req, AES_FLAGS_CBC | AES_FLAGS_ENCRYPT);
1184 }
1185 
1186 static int atmel_aes_cbc_decrypt(struct skcipher_request *req)
1187 {
1188 	return atmel_aes_crypt(req, AES_FLAGS_CBC);
1189 }
1190 
1191 static int atmel_aes_ofb_encrypt(struct skcipher_request *req)
1192 {
1193 	return atmel_aes_crypt(req, AES_FLAGS_OFB | AES_FLAGS_ENCRYPT);
1194 }
1195 
1196 static int atmel_aes_ofb_decrypt(struct skcipher_request *req)
1197 {
1198 	return atmel_aes_crypt(req, AES_FLAGS_OFB);
1199 }
1200 
1201 static int atmel_aes_cfb_encrypt(struct skcipher_request *req)
1202 {
1203 	return atmel_aes_crypt(req, AES_FLAGS_CFB128 | AES_FLAGS_ENCRYPT);
1204 }
1205 
1206 static int atmel_aes_cfb_decrypt(struct skcipher_request *req)
1207 {
1208 	return atmel_aes_crypt(req, AES_FLAGS_CFB128);
1209 }
1210 
1211 static int atmel_aes_cfb64_encrypt(struct skcipher_request *req)
1212 {
1213 	return atmel_aes_crypt(req, AES_FLAGS_CFB64 | AES_FLAGS_ENCRYPT);
1214 }
1215 
1216 static int atmel_aes_cfb64_decrypt(struct skcipher_request *req)
1217 {
1218 	return atmel_aes_crypt(req, AES_FLAGS_CFB64);
1219 }
1220 
1221 static int atmel_aes_cfb32_encrypt(struct skcipher_request *req)
1222 {
1223 	return atmel_aes_crypt(req, AES_FLAGS_CFB32 | AES_FLAGS_ENCRYPT);
1224 }
1225 
1226 static int atmel_aes_cfb32_decrypt(struct skcipher_request *req)
1227 {
1228 	return atmel_aes_crypt(req, AES_FLAGS_CFB32);
1229 }
1230 
1231 static int atmel_aes_cfb16_encrypt(struct skcipher_request *req)
1232 {
1233 	return atmel_aes_crypt(req, AES_FLAGS_CFB16 | AES_FLAGS_ENCRYPT);
1234 }
1235 
1236 static int atmel_aes_cfb16_decrypt(struct skcipher_request *req)
1237 {
1238 	return atmel_aes_crypt(req, AES_FLAGS_CFB16);
1239 }
1240 
1241 static int atmel_aes_cfb8_encrypt(struct skcipher_request *req)
1242 {
1243 	return atmel_aes_crypt(req, AES_FLAGS_CFB8 | AES_FLAGS_ENCRYPT);
1244 }
1245 
1246 static int atmel_aes_cfb8_decrypt(struct skcipher_request *req)
1247 {
1248 	return atmel_aes_crypt(req, AES_FLAGS_CFB8);
1249 }
1250 
1251 static int atmel_aes_ctr_encrypt(struct skcipher_request *req)
1252 {
1253 	return atmel_aes_crypt(req, AES_FLAGS_CTR | AES_FLAGS_ENCRYPT);
1254 }
1255 
1256 static int atmel_aes_ctr_decrypt(struct skcipher_request *req)
1257 {
1258 	return atmel_aes_crypt(req, AES_FLAGS_CTR);
1259 }
1260 
1261 static int atmel_aes_init_tfm(struct crypto_skcipher *tfm)
1262 {
1263 	struct atmel_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
1264 	struct atmel_aes_dev *dd;
1265 
1266 	dd = atmel_aes_dev_alloc(&ctx->base);
1267 	if (!dd)
1268 		return -ENODEV;
1269 
1270 	crypto_skcipher_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx));
1271 	ctx->base.dd = dd;
1272 	ctx->base.start = atmel_aes_start;
1273 
1274 	return 0;
1275 }
1276 
1277 static int atmel_aes_ctr_init_tfm(struct crypto_skcipher *tfm)
1278 {
1279 	struct atmel_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
1280 	struct atmel_aes_dev *dd;
1281 
1282 	dd = atmel_aes_dev_alloc(&ctx->base);
1283 	if (!dd)
1284 		return -ENODEV;
1285 
1286 	crypto_skcipher_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx));
1287 	ctx->base.dd = dd;
1288 	ctx->base.start = atmel_aes_ctr_start;
1289 
1290 	return 0;
1291 }
1292 
1293 static struct skcipher_alg aes_algs[] = {
1294 {
1295 	.base.cra_name		= "ecb(aes)",
1296 	.base.cra_driver_name	= "atmel-ecb-aes",
1297 	.base.cra_blocksize	= AES_BLOCK_SIZE,
1298 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
1299 
1300 	.init			= atmel_aes_init_tfm,
1301 	.min_keysize		= AES_MIN_KEY_SIZE,
1302 	.max_keysize		= AES_MAX_KEY_SIZE,
1303 	.setkey			= atmel_aes_setkey,
1304 	.encrypt		= atmel_aes_ecb_encrypt,
1305 	.decrypt		= atmel_aes_ecb_decrypt,
1306 },
1307 {
1308 	.base.cra_name		= "cbc(aes)",
1309 	.base.cra_driver_name	= "atmel-cbc-aes",
1310 	.base.cra_blocksize	= AES_BLOCK_SIZE,
1311 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
1312 
1313 	.init			= atmel_aes_init_tfm,
1314 	.min_keysize		= AES_MIN_KEY_SIZE,
1315 	.max_keysize		= AES_MAX_KEY_SIZE,
1316 	.setkey			= atmel_aes_setkey,
1317 	.encrypt		= atmel_aes_cbc_encrypt,
1318 	.decrypt		= atmel_aes_cbc_decrypt,
1319 	.ivsize			= AES_BLOCK_SIZE,
1320 },
1321 {
1322 	.base.cra_name		= "ofb(aes)",
1323 	.base.cra_driver_name	= "atmel-ofb-aes",
1324 	.base.cra_blocksize	= 1,
1325 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
1326 
1327 	.init			= atmel_aes_init_tfm,
1328 	.min_keysize		= AES_MIN_KEY_SIZE,
1329 	.max_keysize		= AES_MAX_KEY_SIZE,
1330 	.setkey			= atmel_aes_setkey,
1331 	.encrypt		= atmel_aes_ofb_encrypt,
1332 	.decrypt		= atmel_aes_ofb_decrypt,
1333 	.ivsize			= AES_BLOCK_SIZE,
1334 },
1335 {
1336 	.base.cra_name		= "cfb(aes)",
1337 	.base.cra_driver_name	= "atmel-cfb-aes",
1338 	.base.cra_blocksize	= 1,
1339 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
1340 
1341 	.init			= atmel_aes_init_tfm,
1342 	.min_keysize		= AES_MIN_KEY_SIZE,
1343 	.max_keysize		= AES_MAX_KEY_SIZE,
1344 	.setkey			= atmel_aes_setkey,
1345 	.encrypt		= atmel_aes_cfb_encrypt,
1346 	.decrypt		= atmel_aes_cfb_decrypt,
1347 	.ivsize			= AES_BLOCK_SIZE,
1348 },
1349 {
1350 	.base.cra_name		= "cfb32(aes)",
1351 	.base.cra_driver_name	= "atmel-cfb32-aes",
1352 	.base.cra_blocksize	= CFB32_BLOCK_SIZE,
1353 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
1354 
1355 	.init			= atmel_aes_init_tfm,
1356 	.min_keysize		= AES_MIN_KEY_SIZE,
1357 	.max_keysize		= AES_MAX_KEY_SIZE,
1358 	.setkey			= atmel_aes_setkey,
1359 	.encrypt		= atmel_aes_cfb32_encrypt,
1360 	.decrypt		= atmel_aes_cfb32_decrypt,
1361 	.ivsize			= AES_BLOCK_SIZE,
1362 },
1363 {
1364 	.base.cra_name		= "cfb16(aes)",
1365 	.base.cra_driver_name	= "atmel-cfb16-aes",
1366 	.base.cra_blocksize	= CFB16_BLOCK_SIZE,
1367 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
1368 
1369 	.init			= atmel_aes_init_tfm,
1370 	.min_keysize		= AES_MIN_KEY_SIZE,
1371 	.max_keysize		= AES_MAX_KEY_SIZE,
1372 	.setkey			= atmel_aes_setkey,
1373 	.encrypt		= atmel_aes_cfb16_encrypt,
1374 	.decrypt		= atmel_aes_cfb16_decrypt,
1375 	.ivsize			= AES_BLOCK_SIZE,
1376 },
1377 {
1378 	.base.cra_name		= "cfb8(aes)",
1379 	.base.cra_driver_name	= "atmel-cfb8-aes",
1380 	.base.cra_blocksize	= CFB8_BLOCK_SIZE,
1381 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
1382 
1383 	.init			= atmel_aes_init_tfm,
1384 	.min_keysize		= AES_MIN_KEY_SIZE,
1385 	.max_keysize		= AES_MAX_KEY_SIZE,
1386 	.setkey			= atmel_aes_setkey,
1387 	.encrypt		= atmel_aes_cfb8_encrypt,
1388 	.decrypt		= atmel_aes_cfb8_decrypt,
1389 	.ivsize			= AES_BLOCK_SIZE,
1390 },
1391 {
1392 	.base.cra_name		= "ctr(aes)",
1393 	.base.cra_driver_name	= "atmel-ctr-aes",
1394 	.base.cra_blocksize	= 1,
1395 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctr_ctx),
1396 
1397 	.init			= atmel_aes_ctr_init_tfm,
1398 	.min_keysize		= AES_MIN_KEY_SIZE,
1399 	.max_keysize		= AES_MAX_KEY_SIZE,
1400 	.setkey			= atmel_aes_setkey,
1401 	.encrypt		= atmel_aes_ctr_encrypt,
1402 	.decrypt		= atmel_aes_ctr_decrypt,
1403 	.ivsize			= AES_BLOCK_SIZE,
1404 },
1405 };
1406 
1407 static struct skcipher_alg aes_cfb64_alg = {
1408 	.base.cra_name		= "cfb64(aes)",
1409 	.base.cra_driver_name	= "atmel-cfb64-aes",
1410 	.base.cra_blocksize	= CFB64_BLOCK_SIZE,
1411 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
1412 
1413 	.init			= atmel_aes_init_tfm,
1414 	.min_keysize		= AES_MIN_KEY_SIZE,
1415 	.max_keysize		= AES_MAX_KEY_SIZE,
1416 	.setkey			= atmel_aes_setkey,
1417 	.encrypt		= atmel_aes_cfb64_encrypt,
1418 	.decrypt		= atmel_aes_cfb64_decrypt,
1419 	.ivsize			= AES_BLOCK_SIZE,
1420 };
1421 
1422 
1423 /* gcm aead functions */
1424 
1425 static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd,
1426 			       const u32 *data, size_t datalen,
1427 			       const __be32 *ghash_in, __be32 *ghash_out,
1428 			       atmel_aes_fn_t resume);
1429 static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd);
1430 static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd);
1431 
1432 static int atmel_aes_gcm_start(struct atmel_aes_dev *dd);
1433 static int atmel_aes_gcm_process(struct atmel_aes_dev *dd);
1434 static int atmel_aes_gcm_length(struct atmel_aes_dev *dd);
1435 static int atmel_aes_gcm_data(struct atmel_aes_dev *dd);
1436 static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd);
1437 static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd);
1438 static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd);
1439 
1440 static inline struct atmel_aes_gcm_ctx *
1441 atmel_aes_gcm_ctx_cast(struct atmel_aes_base_ctx *ctx)
1442 {
1443 	return container_of(ctx, struct atmel_aes_gcm_ctx, base);
1444 }
1445 
1446 static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd,
1447 			       const u32 *data, size_t datalen,
1448 			       const __be32 *ghash_in, __be32 *ghash_out,
1449 			       atmel_aes_fn_t resume)
1450 {
1451 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1452 
1453 	dd->data = (u32 *)data;
1454 	dd->datalen = datalen;
1455 	ctx->ghash_in = ghash_in;
1456 	ctx->ghash_out = ghash_out;
1457 	ctx->ghash_resume = resume;
1458 
1459 	atmel_aes_write_ctrl(dd, false, NULL);
1460 	return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_ghash_init);
1461 }
1462 
1463 static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd)
1464 {
1465 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1466 
1467 	/* Set the data length. */
1468 	atmel_aes_write(dd, AES_AADLENR, dd->total);
1469 	atmel_aes_write(dd, AES_CLENR, 0);
1470 
1471 	/* If needed, overwrite the GCM Intermediate Hash Word Registers */
1472 	if (ctx->ghash_in)
1473 		atmel_aes_write_block(dd, AES_GHASHR(0), ctx->ghash_in);
1474 
1475 	return atmel_aes_gcm_ghash_finalize(dd);
1476 }
1477 
1478 static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd)
1479 {
1480 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1481 	u32 isr;
1482 
1483 	/* Write data into the Input Data Registers. */
1484 	while (dd->datalen > 0) {
1485 		atmel_aes_write_block(dd, AES_IDATAR(0), dd->data);
1486 		dd->data += 4;
1487 		dd->datalen -= AES_BLOCK_SIZE;
1488 
1489 		isr = atmel_aes_read(dd, AES_ISR);
1490 		if (!(isr & AES_INT_DATARDY)) {
1491 			dd->resume = atmel_aes_gcm_ghash_finalize;
1492 			atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
1493 			return -EINPROGRESS;
1494 		}
1495 	}
1496 
1497 	/* Read the computed hash from GHASHRx. */
1498 	atmel_aes_read_block(dd, AES_GHASHR(0), ctx->ghash_out);
1499 
1500 	return ctx->ghash_resume(dd);
1501 }
1502 
1503 
1504 static int atmel_aes_gcm_start(struct atmel_aes_dev *dd)
1505 {
1506 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1507 	struct aead_request *req = aead_request_cast(dd->areq);
1508 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1509 	struct atmel_aes_reqctx *rctx = aead_request_ctx(req);
1510 	size_t ivsize = crypto_aead_ivsize(tfm);
1511 	size_t datalen, padlen;
1512 	const void *iv = req->iv;
1513 	u8 *data = dd->buf;
1514 	int err;
1515 
1516 	atmel_aes_set_mode(dd, rctx);
1517 
1518 	err = atmel_aes_hw_init(dd);
1519 	if (err)
1520 		return atmel_aes_complete(dd, err);
1521 
1522 	if (likely(ivsize == GCM_AES_IV_SIZE)) {
1523 		memcpy(ctx->j0, iv, ivsize);
1524 		ctx->j0[3] = cpu_to_be32(1);
1525 		return atmel_aes_gcm_process(dd);
1526 	}
1527 
1528 	padlen = atmel_aes_padlen(ivsize, AES_BLOCK_SIZE);
1529 	datalen = ivsize + padlen + AES_BLOCK_SIZE;
1530 	if (datalen > dd->buflen)
1531 		return atmel_aes_complete(dd, -EINVAL);
1532 
1533 	memcpy(data, iv, ivsize);
1534 	memset(data + ivsize, 0, padlen + sizeof(u64));
1535 	((__be64 *)(data + datalen))[-1] = cpu_to_be64(ivsize * 8);
1536 
1537 	return atmel_aes_gcm_ghash(dd, (const u32 *)data, datalen,
1538 				   NULL, ctx->j0, atmel_aes_gcm_process);
1539 }
1540 
1541 static int atmel_aes_gcm_process(struct atmel_aes_dev *dd)
1542 {
1543 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1544 	struct aead_request *req = aead_request_cast(dd->areq);
1545 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1546 	bool enc = atmel_aes_is_encrypt(dd);
1547 	u32 authsize;
1548 
1549 	/* Compute text length. */
1550 	authsize = crypto_aead_authsize(tfm);
1551 	ctx->textlen = req->cryptlen - (enc ? 0 : authsize);
1552 
1553 	/*
1554 	 * According to tcrypt test suite, the GCM Automatic Tag Generation
1555 	 * fails when both the message and its associated data are empty.
1556 	 */
1557 	if (likely(req->assoclen != 0 || ctx->textlen != 0))
1558 		dd->flags |= AES_FLAGS_GTAGEN;
1559 
1560 	atmel_aes_write_ctrl(dd, false, NULL);
1561 	return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_length);
1562 }
1563 
1564 static int atmel_aes_gcm_length(struct atmel_aes_dev *dd)
1565 {
1566 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1567 	struct aead_request *req = aead_request_cast(dd->areq);
1568 	__be32 j0_lsw, *j0 = ctx->j0;
1569 	size_t padlen;
1570 
1571 	/* Write incr32(J0) into IV. */
1572 	j0_lsw = j0[3];
1573 	be32_add_cpu(&j0[3], 1);
1574 	atmel_aes_write_block(dd, AES_IVR(0), j0);
1575 	j0[3] = j0_lsw;
1576 
1577 	/* Set aad and text lengths. */
1578 	atmel_aes_write(dd, AES_AADLENR, req->assoclen);
1579 	atmel_aes_write(dd, AES_CLENR, ctx->textlen);
1580 
1581 	/* Check whether AAD are present. */
1582 	if (unlikely(req->assoclen == 0)) {
1583 		dd->datalen = 0;
1584 		return atmel_aes_gcm_data(dd);
1585 	}
1586 
1587 	/* Copy assoc data and add padding. */
1588 	padlen = atmel_aes_padlen(req->assoclen, AES_BLOCK_SIZE);
1589 	if (unlikely(req->assoclen + padlen > dd->buflen))
1590 		return atmel_aes_complete(dd, -EINVAL);
1591 	sg_copy_to_buffer(req->src, sg_nents(req->src), dd->buf, req->assoclen);
1592 
1593 	/* Write assoc data into the Input Data register. */
1594 	dd->data = (u32 *)dd->buf;
1595 	dd->datalen = req->assoclen + padlen;
1596 	return atmel_aes_gcm_data(dd);
1597 }
1598 
1599 static int atmel_aes_gcm_data(struct atmel_aes_dev *dd)
1600 {
1601 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1602 	struct aead_request *req = aead_request_cast(dd->areq);
1603 	bool use_dma = (ctx->textlen >= ATMEL_AES_DMA_THRESHOLD);
1604 	struct scatterlist *src, *dst;
1605 	u32 isr, mr;
1606 
1607 	/* Write AAD first. */
1608 	while (dd->datalen > 0) {
1609 		atmel_aes_write_block(dd, AES_IDATAR(0), dd->data);
1610 		dd->data += 4;
1611 		dd->datalen -= AES_BLOCK_SIZE;
1612 
1613 		isr = atmel_aes_read(dd, AES_ISR);
1614 		if (!(isr & AES_INT_DATARDY)) {
1615 			dd->resume = atmel_aes_gcm_data;
1616 			atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
1617 			return -EINPROGRESS;
1618 		}
1619 	}
1620 
1621 	/* GMAC only. */
1622 	if (unlikely(ctx->textlen == 0))
1623 		return atmel_aes_gcm_tag_init(dd);
1624 
1625 	/* Prepare src and dst scatter lists to transfer cipher/plain texts */
1626 	src = scatterwalk_ffwd(ctx->src, req->src, req->assoclen);
1627 	dst = ((req->src == req->dst) ? src :
1628 	       scatterwalk_ffwd(ctx->dst, req->dst, req->assoclen));
1629 
1630 	if (use_dma) {
1631 		/* Update the Mode Register for DMA transfers. */
1632 		mr = atmel_aes_read(dd, AES_MR);
1633 		mr &= ~(AES_MR_SMOD_MASK | AES_MR_DUALBUFF);
1634 		mr |= AES_MR_SMOD_IDATAR0;
1635 		if (dd->caps.has_dualbuff)
1636 			mr |= AES_MR_DUALBUFF;
1637 		atmel_aes_write(dd, AES_MR, mr);
1638 
1639 		return atmel_aes_dma_start(dd, src, dst, ctx->textlen,
1640 					   atmel_aes_gcm_tag_init);
1641 	}
1642 
1643 	return atmel_aes_cpu_start(dd, src, dst, ctx->textlen,
1644 				   atmel_aes_gcm_tag_init);
1645 }
1646 
1647 static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd)
1648 {
1649 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1650 	struct aead_request *req = aead_request_cast(dd->areq);
1651 	__be64 *data = dd->buf;
1652 
1653 	if (likely(dd->flags & AES_FLAGS_GTAGEN)) {
1654 		if (!(atmel_aes_read(dd, AES_ISR) & AES_INT_TAGRDY)) {
1655 			dd->resume = atmel_aes_gcm_tag_init;
1656 			atmel_aes_write(dd, AES_IER, AES_INT_TAGRDY);
1657 			return -EINPROGRESS;
1658 		}
1659 
1660 		return atmel_aes_gcm_finalize(dd);
1661 	}
1662 
1663 	/* Read the GCM Intermediate Hash Word Registers. */
1664 	atmel_aes_read_block(dd, AES_GHASHR(0), ctx->ghash);
1665 
1666 	data[0] = cpu_to_be64(req->assoclen * 8);
1667 	data[1] = cpu_to_be64(ctx->textlen * 8);
1668 
1669 	return atmel_aes_gcm_ghash(dd, (const u32 *)data, AES_BLOCK_SIZE,
1670 				   ctx->ghash, ctx->ghash, atmel_aes_gcm_tag);
1671 }
1672 
1673 static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd)
1674 {
1675 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1676 	unsigned long flags;
1677 
1678 	/*
1679 	 * Change mode to CTR to complete the tag generation.
1680 	 * Use J0 as Initialization Vector.
1681 	 */
1682 	flags = dd->flags;
1683 	dd->flags &= ~(AES_FLAGS_OPMODE_MASK | AES_FLAGS_GTAGEN);
1684 	dd->flags |= AES_FLAGS_CTR;
1685 	atmel_aes_write_ctrl(dd, false, ctx->j0);
1686 	dd->flags = flags;
1687 
1688 	atmel_aes_write_block(dd, AES_IDATAR(0), ctx->ghash);
1689 	return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_finalize);
1690 }
1691 
1692 static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd)
1693 {
1694 	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1695 	struct aead_request *req = aead_request_cast(dd->areq);
1696 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1697 	bool enc = atmel_aes_is_encrypt(dd);
1698 	u32 offset, authsize, itag[4], *otag = ctx->tag;
1699 	int err;
1700 
1701 	/* Read the computed tag. */
1702 	if (likely(dd->flags & AES_FLAGS_GTAGEN))
1703 		atmel_aes_read_block(dd, AES_TAGR(0), ctx->tag);
1704 	else
1705 		atmel_aes_read_block(dd, AES_ODATAR(0), ctx->tag);
1706 
1707 	offset = req->assoclen + ctx->textlen;
1708 	authsize = crypto_aead_authsize(tfm);
1709 	if (enc) {
1710 		scatterwalk_map_and_copy(otag, req->dst, offset, authsize, 1);
1711 		err = 0;
1712 	} else {
1713 		scatterwalk_map_and_copy(itag, req->src, offset, authsize, 0);
1714 		err = crypto_memneq(itag, otag, authsize) ? -EBADMSG : 0;
1715 	}
1716 
1717 	return atmel_aes_complete(dd, err);
1718 }
1719 
1720 static int atmel_aes_gcm_crypt(struct aead_request *req,
1721 			       unsigned long mode)
1722 {
1723 	struct atmel_aes_base_ctx *ctx;
1724 	struct atmel_aes_reqctx *rctx;
1725 
1726 	ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
1727 	ctx->block_size = AES_BLOCK_SIZE;
1728 	ctx->is_aead = true;
1729 
1730 	rctx = aead_request_ctx(req);
1731 	rctx->mode = AES_FLAGS_GCM | mode;
1732 
1733 	return atmel_aes_handle_queue(ctx->dd, &req->base);
1734 }
1735 
1736 static int atmel_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
1737 				unsigned int keylen)
1738 {
1739 	struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm);
1740 
1741 	if (keylen != AES_KEYSIZE_256 &&
1742 	    keylen != AES_KEYSIZE_192 &&
1743 	    keylen != AES_KEYSIZE_128)
1744 		return -EINVAL;
1745 
1746 	memcpy(ctx->key, key, keylen);
1747 	ctx->keylen = keylen;
1748 
1749 	return 0;
1750 }
1751 
1752 static int atmel_aes_gcm_setauthsize(struct crypto_aead *tfm,
1753 				     unsigned int authsize)
1754 {
1755 	return crypto_gcm_check_authsize(authsize);
1756 }
1757 
1758 static int atmel_aes_gcm_encrypt(struct aead_request *req)
1759 {
1760 	return atmel_aes_gcm_crypt(req, AES_FLAGS_ENCRYPT);
1761 }
1762 
1763 static int atmel_aes_gcm_decrypt(struct aead_request *req)
1764 {
1765 	return atmel_aes_gcm_crypt(req, 0);
1766 }
1767 
1768 static int atmel_aes_gcm_init(struct crypto_aead *tfm)
1769 {
1770 	struct atmel_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm);
1771 	struct atmel_aes_dev *dd;
1772 
1773 	dd = atmel_aes_dev_alloc(&ctx->base);
1774 	if (!dd)
1775 		return -ENODEV;
1776 
1777 	crypto_aead_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx));
1778 	ctx->base.dd = dd;
1779 	ctx->base.start = atmel_aes_gcm_start;
1780 
1781 	return 0;
1782 }
1783 
1784 static struct aead_alg aes_gcm_alg = {
1785 	.setkey		= atmel_aes_gcm_setkey,
1786 	.setauthsize	= atmel_aes_gcm_setauthsize,
1787 	.encrypt	= atmel_aes_gcm_encrypt,
1788 	.decrypt	= atmel_aes_gcm_decrypt,
1789 	.init		= atmel_aes_gcm_init,
1790 	.ivsize		= GCM_AES_IV_SIZE,
1791 	.maxauthsize	= AES_BLOCK_SIZE,
1792 
1793 	.base = {
1794 		.cra_name		= "gcm(aes)",
1795 		.cra_driver_name	= "atmel-gcm-aes",
1796 		.cra_blocksize		= 1,
1797 		.cra_ctxsize		= sizeof(struct atmel_aes_gcm_ctx),
1798 	},
1799 };
1800 
1801 
1802 /* xts functions */
1803 
1804 static inline struct atmel_aes_xts_ctx *
1805 atmel_aes_xts_ctx_cast(struct atmel_aes_base_ctx *ctx)
1806 {
1807 	return container_of(ctx, struct atmel_aes_xts_ctx, base);
1808 }
1809 
1810 static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd);
1811 
1812 static int atmel_aes_xts_start(struct atmel_aes_dev *dd)
1813 {
1814 	struct atmel_aes_xts_ctx *ctx = atmel_aes_xts_ctx_cast(dd->ctx);
1815 	struct skcipher_request *req = skcipher_request_cast(dd->areq);
1816 	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
1817 	unsigned long flags;
1818 	int err;
1819 
1820 	atmel_aes_set_mode(dd, rctx);
1821 
1822 	err = atmel_aes_hw_init(dd);
1823 	if (err)
1824 		return atmel_aes_complete(dd, err);
1825 
1826 	/* Compute the tweak value from req->iv with ecb(aes). */
1827 	flags = dd->flags;
1828 	dd->flags &= ~AES_FLAGS_MODE_MASK;
1829 	dd->flags |= (AES_FLAGS_ECB | AES_FLAGS_ENCRYPT);
1830 	atmel_aes_write_ctrl_key(dd, false, NULL,
1831 				 ctx->key2, ctx->base.keylen);
1832 	dd->flags = flags;
1833 
1834 	atmel_aes_write_block(dd, AES_IDATAR(0), req->iv);
1835 	return atmel_aes_wait_for_data_ready(dd, atmel_aes_xts_process_data);
1836 }
1837 
1838 static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd)
1839 {
1840 	struct skcipher_request *req = skcipher_request_cast(dd->areq);
1841 	bool use_dma = (req->cryptlen >= ATMEL_AES_DMA_THRESHOLD);
1842 	u32 tweak[AES_BLOCK_SIZE / sizeof(u32)];
1843 	static const __le32 one[AES_BLOCK_SIZE / sizeof(u32)] = {cpu_to_le32(1), };
1844 	u8 *tweak_bytes = (u8 *)tweak;
1845 	int i;
1846 
1847 	/* Read the computed ciphered tweak value. */
1848 	atmel_aes_read_block(dd, AES_ODATAR(0), tweak);
1849 	/*
1850 	 * Hardware quirk:
1851 	 * the order of the ciphered tweak bytes need to be reversed before
1852 	 * writing them into the ODATARx registers.
1853 	 */
1854 	for (i = 0; i < AES_BLOCK_SIZE/2; ++i)
1855 		swap(tweak_bytes[i], tweak_bytes[AES_BLOCK_SIZE - 1 - i]);
1856 
1857 	/* Process the data. */
1858 	atmel_aes_write_ctrl(dd, use_dma, NULL);
1859 	atmel_aes_write_block(dd, AES_TWR(0), tweak);
1860 	atmel_aes_write_block(dd, AES_ALPHAR(0), one);
1861 	if (use_dma)
1862 		return atmel_aes_dma_start(dd, req->src, req->dst,
1863 					   req->cryptlen,
1864 					   atmel_aes_transfer_complete);
1865 
1866 	return atmel_aes_cpu_start(dd, req->src, req->dst, req->cryptlen,
1867 				   atmel_aes_transfer_complete);
1868 }
1869 
1870 static int atmel_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
1871 				unsigned int keylen)
1872 {
1873 	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
1874 	int err;
1875 
1876 	err = xts_verify_key(tfm, key, keylen);
1877 	if (err)
1878 		return err;
1879 
1880 	crypto_skcipher_clear_flags(ctx->fallback_tfm, CRYPTO_TFM_REQ_MASK);
1881 	crypto_skcipher_set_flags(ctx->fallback_tfm, tfm->base.crt_flags &
1882 				  CRYPTO_TFM_REQ_MASK);
1883 	err = crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
1884 	if (err)
1885 		return err;
1886 
1887 	memcpy(ctx->base.key, key, keylen/2);
1888 	memcpy(ctx->key2, key + keylen/2, keylen/2);
1889 	ctx->base.keylen = keylen/2;
1890 
1891 	return 0;
1892 }
1893 
1894 static int atmel_aes_xts_encrypt(struct skcipher_request *req)
1895 {
1896 	return atmel_aes_crypt(req, AES_FLAGS_XTS | AES_FLAGS_ENCRYPT);
1897 }
1898 
1899 static int atmel_aes_xts_decrypt(struct skcipher_request *req)
1900 {
1901 	return atmel_aes_crypt(req, AES_FLAGS_XTS);
1902 }
1903 
1904 static int atmel_aes_xts_init_tfm(struct crypto_skcipher *tfm)
1905 {
1906 	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
1907 	struct atmel_aes_dev *dd;
1908 	const char *tfm_name = crypto_tfm_alg_name(&tfm->base);
1909 
1910 	dd = atmel_aes_dev_alloc(&ctx->base);
1911 	if (!dd)
1912 		return -ENODEV;
1913 
1914 	ctx->fallback_tfm = crypto_alloc_skcipher(tfm_name, 0,
1915 						  CRYPTO_ALG_NEED_FALLBACK);
1916 	if (IS_ERR(ctx->fallback_tfm))
1917 		return PTR_ERR(ctx->fallback_tfm);
1918 
1919 	crypto_skcipher_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx) +
1920 				    crypto_skcipher_reqsize(ctx->fallback_tfm));
1921 	ctx->base.dd = dd;
1922 	ctx->base.start = atmel_aes_xts_start;
1923 
1924 	return 0;
1925 }
1926 
1927 static void atmel_aes_xts_exit_tfm(struct crypto_skcipher *tfm)
1928 {
1929 	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
1930 
1931 	crypto_free_skcipher(ctx->fallback_tfm);
1932 }
1933 
1934 static struct skcipher_alg aes_xts_alg = {
1935 	.base.cra_name		= "xts(aes)",
1936 	.base.cra_driver_name	= "atmel-xts-aes",
1937 	.base.cra_blocksize	= AES_BLOCK_SIZE,
1938 	.base.cra_ctxsize	= sizeof(struct atmel_aes_xts_ctx),
1939 	.base.cra_flags		= CRYPTO_ALG_NEED_FALLBACK,
1940 
1941 	.min_keysize		= 2 * AES_MIN_KEY_SIZE,
1942 	.max_keysize		= 2 * AES_MAX_KEY_SIZE,
1943 	.ivsize			= AES_BLOCK_SIZE,
1944 	.setkey			= atmel_aes_xts_setkey,
1945 	.encrypt		= atmel_aes_xts_encrypt,
1946 	.decrypt		= atmel_aes_xts_decrypt,
1947 	.init			= atmel_aes_xts_init_tfm,
1948 	.exit			= atmel_aes_xts_exit_tfm,
1949 };
1950 
1951 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
1952 /* authenc aead functions */
1953 
1954 static int atmel_aes_authenc_start(struct atmel_aes_dev *dd);
1955 static int atmel_aes_authenc_init(struct atmel_aes_dev *dd, int err,
1956 				  bool is_async);
1957 static int atmel_aes_authenc_transfer(struct atmel_aes_dev *dd, int err,
1958 				      bool is_async);
1959 static int atmel_aes_authenc_digest(struct atmel_aes_dev *dd);
1960 static int atmel_aes_authenc_final(struct atmel_aes_dev *dd, int err,
1961 				   bool is_async);
1962 
1963 static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err)
1964 {
1965 	struct aead_request *req = aead_request_cast(dd->areq);
1966 	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1967 
1968 	if (err && (dd->flags & AES_FLAGS_OWN_SHA))
1969 		atmel_sha_authenc_abort(&rctx->auth_req);
1970 	dd->flags &= ~AES_FLAGS_OWN_SHA;
1971 }
1972 
1973 static int atmel_aes_authenc_start(struct atmel_aes_dev *dd)
1974 {
1975 	struct aead_request *req = aead_request_cast(dd->areq);
1976 	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1977 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1978 	struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm);
1979 	int err;
1980 
1981 	atmel_aes_set_mode(dd, &rctx->base);
1982 
1983 	err = atmel_aes_hw_init(dd);
1984 	if (err)
1985 		return atmel_aes_complete(dd, err);
1986 
1987 	return atmel_sha_authenc_schedule(&rctx->auth_req, ctx->auth,
1988 					  atmel_aes_authenc_init, dd);
1989 }
1990 
1991 static int atmel_aes_authenc_init(struct atmel_aes_dev *dd, int err,
1992 				  bool is_async)
1993 {
1994 	struct aead_request *req = aead_request_cast(dd->areq);
1995 	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1996 
1997 	if (is_async)
1998 		dd->is_async = true;
1999 	if (err)
2000 		return atmel_aes_complete(dd, err);
2001 
2002 	/* If here, we've got the ownership of the SHA device. */
2003 	dd->flags |= AES_FLAGS_OWN_SHA;
2004 
2005 	/* Configure the SHA device. */
2006 	return atmel_sha_authenc_init(&rctx->auth_req,
2007 				      req->src, req->assoclen,
2008 				      rctx->textlen,
2009 				      atmel_aes_authenc_transfer, dd);
2010 }
2011 
2012 static int atmel_aes_authenc_transfer(struct atmel_aes_dev *dd, int err,
2013 				      bool is_async)
2014 {
2015 	struct aead_request *req = aead_request_cast(dd->areq);
2016 	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
2017 	bool enc = atmel_aes_is_encrypt(dd);
2018 	struct scatterlist *src, *dst;
2019 	__be32 iv[AES_BLOCK_SIZE / sizeof(u32)];
2020 	u32 emr;
2021 
2022 	if (is_async)
2023 		dd->is_async = true;
2024 	if (err)
2025 		return atmel_aes_complete(dd, err);
2026 
2027 	/* Prepare src and dst scatter-lists to transfer cipher/plain texts. */
2028 	src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen);
2029 	dst = src;
2030 
2031 	if (req->src != req->dst)
2032 		dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
2033 
2034 	/* Configure the AES device. */
2035 	memcpy(iv, req->iv, sizeof(iv));
2036 
2037 	/*
2038 	 * Here we always set the 2nd parameter of atmel_aes_write_ctrl() to
2039 	 * 'true' even if the data transfer is actually performed by the CPU (so
2040 	 * not by the DMA) because we must force the AES_MR_SMOD bitfield to the
2041 	 * value AES_MR_SMOD_IDATAR0. Indeed, both AES_MR_SMOD and SHA_MR_SMOD
2042 	 * must be set to *_MR_SMOD_IDATAR0.
2043 	 */
2044 	atmel_aes_write_ctrl(dd, true, iv);
2045 	emr = AES_EMR_PLIPEN;
2046 	if (!enc)
2047 		emr |= AES_EMR_PLIPD;
2048 	atmel_aes_write(dd, AES_EMR, emr);
2049 
2050 	/* Transfer data. */
2051 	return atmel_aes_dma_start(dd, src, dst, rctx->textlen,
2052 				   atmel_aes_authenc_digest);
2053 }
2054 
2055 static int atmel_aes_authenc_digest(struct atmel_aes_dev *dd)
2056 {
2057 	struct aead_request *req = aead_request_cast(dd->areq);
2058 	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
2059 
2060 	/* atmel_sha_authenc_final() releases the SHA device. */
2061 	dd->flags &= ~AES_FLAGS_OWN_SHA;
2062 	return atmel_sha_authenc_final(&rctx->auth_req,
2063 				       rctx->digest, sizeof(rctx->digest),
2064 				       atmel_aes_authenc_final, dd);
2065 }
2066 
2067 static int atmel_aes_authenc_final(struct atmel_aes_dev *dd, int err,
2068 				   bool is_async)
2069 {
2070 	struct aead_request *req = aead_request_cast(dd->areq);
2071 	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
2072 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
2073 	bool enc = atmel_aes_is_encrypt(dd);
2074 	u32 idigest[SHA512_DIGEST_SIZE / sizeof(u32)], *odigest = rctx->digest;
2075 	u32 offs, authsize;
2076 
2077 	if (is_async)
2078 		dd->is_async = true;
2079 	if (err)
2080 		goto complete;
2081 
2082 	offs = req->assoclen + rctx->textlen;
2083 	authsize = crypto_aead_authsize(tfm);
2084 	if (enc) {
2085 		scatterwalk_map_and_copy(odigest, req->dst, offs, authsize, 1);
2086 	} else {
2087 		scatterwalk_map_and_copy(idigest, req->src, offs, authsize, 0);
2088 		if (crypto_memneq(idigest, odigest, authsize))
2089 			err = -EBADMSG;
2090 	}
2091 
2092 complete:
2093 	return atmel_aes_complete(dd, err);
2094 }
2095 
2096 static int atmel_aes_authenc_setkey(struct crypto_aead *tfm, const u8 *key,
2097 				    unsigned int keylen)
2098 {
2099 	struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm);
2100 	struct crypto_authenc_keys keys;
2101 	int err;
2102 
2103 	if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
2104 		goto badkey;
2105 
2106 	if (keys.enckeylen > sizeof(ctx->base.key))
2107 		goto badkey;
2108 
2109 	/* Save auth key. */
2110 	err = atmel_sha_authenc_setkey(ctx->auth,
2111 				       keys.authkey, keys.authkeylen,
2112 				       crypto_aead_get_flags(tfm));
2113 	if (err) {
2114 		memzero_explicit(&keys, sizeof(keys));
2115 		return err;
2116 	}
2117 
2118 	/* Save enc key. */
2119 	ctx->base.keylen = keys.enckeylen;
2120 	memcpy(ctx->base.key, keys.enckey, keys.enckeylen);
2121 
2122 	memzero_explicit(&keys, sizeof(keys));
2123 	return 0;
2124 
2125 badkey:
2126 	memzero_explicit(&keys, sizeof(keys));
2127 	return -EINVAL;
2128 }
2129 
2130 static int atmel_aes_authenc_init_tfm(struct crypto_aead *tfm,
2131 				      unsigned long auth_mode)
2132 {
2133 	struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm);
2134 	unsigned int auth_reqsize = atmel_sha_authenc_get_reqsize();
2135 	struct atmel_aes_dev *dd;
2136 
2137 	dd = atmel_aes_dev_alloc(&ctx->base);
2138 	if (!dd)
2139 		return -ENODEV;
2140 
2141 	ctx->auth = atmel_sha_authenc_spawn(auth_mode);
2142 	if (IS_ERR(ctx->auth))
2143 		return PTR_ERR(ctx->auth);
2144 
2145 	crypto_aead_set_reqsize(tfm, (sizeof(struct atmel_aes_authenc_reqctx) +
2146 				      auth_reqsize));
2147 	ctx->base.dd = dd;
2148 	ctx->base.start = atmel_aes_authenc_start;
2149 
2150 	return 0;
2151 }
2152 
2153 static int atmel_aes_authenc_hmac_sha1_init_tfm(struct crypto_aead *tfm)
2154 {
2155 	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA1);
2156 }
2157 
2158 static int atmel_aes_authenc_hmac_sha224_init_tfm(struct crypto_aead *tfm)
2159 {
2160 	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA224);
2161 }
2162 
2163 static int atmel_aes_authenc_hmac_sha256_init_tfm(struct crypto_aead *tfm)
2164 {
2165 	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA256);
2166 }
2167 
2168 static int atmel_aes_authenc_hmac_sha384_init_tfm(struct crypto_aead *tfm)
2169 {
2170 	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA384);
2171 }
2172 
2173 static int atmel_aes_authenc_hmac_sha512_init_tfm(struct crypto_aead *tfm)
2174 {
2175 	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA512);
2176 }
2177 
2178 static void atmel_aes_authenc_exit_tfm(struct crypto_aead *tfm)
2179 {
2180 	struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm);
2181 
2182 	atmel_sha_authenc_free(ctx->auth);
2183 }
2184 
2185 static int atmel_aes_authenc_crypt(struct aead_request *req,
2186 				   unsigned long mode)
2187 {
2188 	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
2189 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
2190 	struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm);
2191 	u32 authsize = crypto_aead_authsize(tfm);
2192 	bool enc = (mode & AES_FLAGS_ENCRYPT);
2193 
2194 	/* Compute text length. */
2195 	if (!enc && req->cryptlen < authsize)
2196 		return -EINVAL;
2197 	rctx->textlen = req->cryptlen - (enc ? 0 : authsize);
2198 
2199 	/*
2200 	 * Currently, empty messages are not supported yet:
2201 	 * the SHA auto-padding can be used only on non-empty messages.
2202 	 * Hence a special case needs to be implemented for empty message.
2203 	 */
2204 	if (!rctx->textlen && !req->assoclen)
2205 		return -EINVAL;
2206 
2207 	rctx->base.mode = mode;
2208 	ctx->block_size = AES_BLOCK_SIZE;
2209 	ctx->is_aead = true;
2210 
2211 	return atmel_aes_handle_queue(ctx->dd, &req->base);
2212 }
2213 
2214 static int atmel_aes_authenc_cbc_aes_encrypt(struct aead_request *req)
2215 {
2216 	return atmel_aes_authenc_crypt(req, AES_FLAGS_CBC | AES_FLAGS_ENCRYPT);
2217 }
2218 
2219 static int atmel_aes_authenc_cbc_aes_decrypt(struct aead_request *req)
2220 {
2221 	return atmel_aes_authenc_crypt(req, AES_FLAGS_CBC);
2222 }
2223 
2224 static struct aead_alg aes_authenc_algs[] = {
2225 {
2226 	.setkey		= atmel_aes_authenc_setkey,
2227 	.encrypt	= atmel_aes_authenc_cbc_aes_encrypt,
2228 	.decrypt	= atmel_aes_authenc_cbc_aes_decrypt,
2229 	.init		= atmel_aes_authenc_hmac_sha1_init_tfm,
2230 	.exit		= atmel_aes_authenc_exit_tfm,
2231 	.ivsize		= AES_BLOCK_SIZE,
2232 	.maxauthsize	= SHA1_DIGEST_SIZE,
2233 
2234 	.base = {
2235 		.cra_name		= "authenc(hmac(sha1),cbc(aes))",
2236 		.cra_driver_name	= "atmel-authenc-hmac-sha1-cbc-aes",
2237 		.cra_blocksize		= AES_BLOCK_SIZE,
2238 		.cra_ctxsize		= sizeof(struct atmel_aes_authenc_ctx),
2239 	},
2240 },
2241 {
2242 	.setkey		= atmel_aes_authenc_setkey,
2243 	.encrypt	= atmel_aes_authenc_cbc_aes_encrypt,
2244 	.decrypt	= atmel_aes_authenc_cbc_aes_decrypt,
2245 	.init		= atmel_aes_authenc_hmac_sha224_init_tfm,
2246 	.exit		= atmel_aes_authenc_exit_tfm,
2247 	.ivsize		= AES_BLOCK_SIZE,
2248 	.maxauthsize	= SHA224_DIGEST_SIZE,
2249 
2250 	.base = {
2251 		.cra_name		= "authenc(hmac(sha224),cbc(aes))",
2252 		.cra_driver_name	= "atmel-authenc-hmac-sha224-cbc-aes",
2253 		.cra_blocksize		= AES_BLOCK_SIZE,
2254 		.cra_ctxsize		= sizeof(struct atmel_aes_authenc_ctx),
2255 	},
2256 },
2257 {
2258 	.setkey		= atmel_aes_authenc_setkey,
2259 	.encrypt	= atmel_aes_authenc_cbc_aes_encrypt,
2260 	.decrypt	= atmel_aes_authenc_cbc_aes_decrypt,
2261 	.init		= atmel_aes_authenc_hmac_sha256_init_tfm,
2262 	.exit		= atmel_aes_authenc_exit_tfm,
2263 	.ivsize		= AES_BLOCK_SIZE,
2264 	.maxauthsize	= SHA256_DIGEST_SIZE,
2265 
2266 	.base = {
2267 		.cra_name		= "authenc(hmac(sha256),cbc(aes))",
2268 		.cra_driver_name	= "atmel-authenc-hmac-sha256-cbc-aes",
2269 		.cra_blocksize		= AES_BLOCK_SIZE,
2270 		.cra_ctxsize		= sizeof(struct atmel_aes_authenc_ctx),
2271 	},
2272 },
2273 {
2274 	.setkey		= atmel_aes_authenc_setkey,
2275 	.encrypt	= atmel_aes_authenc_cbc_aes_encrypt,
2276 	.decrypt	= atmel_aes_authenc_cbc_aes_decrypt,
2277 	.init		= atmel_aes_authenc_hmac_sha384_init_tfm,
2278 	.exit		= atmel_aes_authenc_exit_tfm,
2279 	.ivsize		= AES_BLOCK_SIZE,
2280 	.maxauthsize	= SHA384_DIGEST_SIZE,
2281 
2282 	.base = {
2283 		.cra_name		= "authenc(hmac(sha384),cbc(aes))",
2284 		.cra_driver_name	= "atmel-authenc-hmac-sha384-cbc-aes",
2285 		.cra_blocksize		= AES_BLOCK_SIZE,
2286 		.cra_ctxsize		= sizeof(struct atmel_aes_authenc_ctx),
2287 	},
2288 },
2289 {
2290 	.setkey		= atmel_aes_authenc_setkey,
2291 	.encrypt	= atmel_aes_authenc_cbc_aes_encrypt,
2292 	.decrypt	= atmel_aes_authenc_cbc_aes_decrypt,
2293 	.init		= atmel_aes_authenc_hmac_sha512_init_tfm,
2294 	.exit		= atmel_aes_authenc_exit_tfm,
2295 	.ivsize		= AES_BLOCK_SIZE,
2296 	.maxauthsize	= SHA512_DIGEST_SIZE,
2297 
2298 	.base = {
2299 		.cra_name		= "authenc(hmac(sha512),cbc(aes))",
2300 		.cra_driver_name	= "atmel-authenc-hmac-sha512-cbc-aes",
2301 		.cra_blocksize		= AES_BLOCK_SIZE,
2302 		.cra_ctxsize		= sizeof(struct atmel_aes_authenc_ctx),
2303 	},
2304 },
2305 };
2306 #endif /* CONFIG_CRYPTO_DEV_ATMEL_AUTHENC */
2307 
2308 /* Probe functions */
2309 
2310 static int atmel_aes_buff_init(struct atmel_aes_dev *dd)
2311 {
2312 	dd->buf = (void *)__get_free_pages(GFP_KERNEL, ATMEL_AES_BUFFER_ORDER);
2313 	dd->buflen = ATMEL_AES_BUFFER_SIZE;
2314 	dd->buflen &= ~(AES_BLOCK_SIZE - 1);
2315 
2316 	if (!dd->buf) {
2317 		dev_err(dd->dev, "unable to alloc pages.\n");
2318 		return -ENOMEM;
2319 	}
2320 
2321 	return 0;
2322 }
2323 
2324 static void atmel_aes_buff_cleanup(struct atmel_aes_dev *dd)
2325 {
2326 	free_page((unsigned long)dd->buf);
2327 }
2328 
2329 static int atmel_aes_dma_init(struct atmel_aes_dev *dd)
2330 {
2331 	int ret;
2332 
2333 	/* Try to grab 2 DMA channels */
2334 	dd->src.chan = dma_request_chan(dd->dev, "tx");
2335 	if (IS_ERR(dd->src.chan)) {
2336 		ret = PTR_ERR(dd->src.chan);
2337 		goto err_dma_in;
2338 	}
2339 
2340 	dd->dst.chan = dma_request_chan(dd->dev, "rx");
2341 	if (IS_ERR(dd->dst.chan)) {
2342 		ret = PTR_ERR(dd->dst.chan);
2343 		goto err_dma_out;
2344 	}
2345 
2346 	return 0;
2347 
2348 err_dma_out:
2349 	dma_release_channel(dd->src.chan);
2350 err_dma_in:
2351 	dev_err(dd->dev, "no DMA channel available\n");
2352 	return ret;
2353 }
2354 
2355 static void atmel_aes_dma_cleanup(struct atmel_aes_dev *dd)
2356 {
2357 	dma_release_channel(dd->dst.chan);
2358 	dma_release_channel(dd->src.chan);
2359 }
2360 
2361 static void atmel_aes_queue_task(unsigned long data)
2362 {
2363 	struct atmel_aes_dev *dd = (struct atmel_aes_dev *)data;
2364 
2365 	atmel_aes_handle_queue(dd, NULL);
2366 }
2367 
2368 static void atmel_aes_done_task(unsigned long data)
2369 {
2370 	struct atmel_aes_dev *dd = (struct atmel_aes_dev *)data;
2371 
2372 	dd->is_async = true;
2373 	(void)dd->resume(dd);
2374 }
2375 
2376 static irqreturn_t atmel_aes_irq(int irq, void *dev_id)
2377 {
2378 	struct atmel_aes_dev *aes_dd = dev_id;
2379 	u32 reg;
2380 
2381 	reg = atmel_aes_read(aes_dd, AES_ISR);
2382 	if (reg & atmel_aes_read(aes_dd, AES_IMR)) {
2383 		atmel_aes_write(aes_dd, AES_IDR, reg);
2384 		if (AES_FLAGS_BUSY & aes_dd->flags)
2385 			tasklet_schedule(&aes_dd->done_task);
2386 		else
2387 			dev_warn(aes_dd->dev, "AES interrupt when no active requests.\n");
2388 		return IRQ_HANDLED;
2389 	}
2390 
2391 	return IRQ_NONE;
2392 }
2393 
2394 static void atmel_aes_unregister_algs(struct atmel_aes_dev *dd)
2395 {
2396 	int i;
2397 
2398 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
2399 	if (dd->caps.has_authenc)
2400 		for (i = 0; i < ARRAY_SIZE(aes_authenc_algs); i++)
2401 			crypto_unregister_aead(&aes_authenc_algs[i]);
2402 #endif
2403 
2404 	if (dd->caps.has_xts)
2405 		crypto_unregister_skcipher(&aes_xts_alg);
2406 
2407 	if (dd->caps.has_gcm)
2408 		crypto_unregister_aead(&aes_gcm_alg);
2409 
2410 	if (dd->caps.has_cfb64)
2411 		crypto_unregister_skcipher(&aes_cfb64_alg);
2412 
2413 	for (i = 0; i < ARRAY_SIZE(aes_algs); i++)
2414 		crypto_unregister_skcipher(&aes_algs[i]);
2415 }
2416 
2417 static void atmel_aes_crypto_alg_init(struct crypto_alg *alg)
2418 {
2419 	alg->cra_flags |= CRYPTO_ALG_ASYNC;
2420 	alg->cra_alignmask = 0xf;
2421 	alg->cra_priority = ATMEL_AES_PRIORITY;
2422 	alg->cra_module = THIS_MODULE;
2423 }
2424 
2425 static int atmel_aes_register_algs(struct atmel_aes_dev *dd)
2426 {
2427 	int err, i, j;
2428 
2429 	for (i = 0; i < ARRAY_SIZE(aes_algs); i++) {
2430 		atmel_aes_crypto_alg_init(&aes_algs[i].base);
2431 
2432 		err = crypto_register_skcipher(&aes_algs[i]);
2433 		if (err)
2434 			goto err_aes_algs;
2435 	}
2436 
2437 	if (dd->caps.has_cfb64) {
2438 		atmel_aes_crypto_alg_init(&aes_cfb64_alg.base);
2439 
2440 		err = crypto_register_skcipher(&aes_cfb64_alg);
2441 		if (err)
2442 			goto err_aes_cfb64_alg;
2443 	}
2444 
2445 	if (dd->caps.has_gcm) {
2446 		atmel_aes_crypto_alg_init(&aes_gcm_alg.base);
2447 
2448 		err = crypto_register_aead(&aes_gcm_alg);
2449 		if (err)
2450 			goto err_aes_gcm_alg;
2451 	}
2452 
2453 	if (dd->caps.has_xts) {
2454 		atmel_aes_crypto_alg_init(&aes_xts_alg.base);
2455 
2456 		err = crypto_register_skcipher(&aes_xts_alg);
2457 		if (err)
2458 			goto err_aes_xts_alg;
2459 	}
2460 
2461 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
2462 	if (dd->caps.has_authenc) {
2463 		for (i = 0; i < ARRAY_SIZE(aes_authenc_algs); i++) {
2464 			atmel_aes_crypto_alg_init(&aes_authenc_algs[i].base);
2465 
2466 			err = crypto_register_aead(&aes_authenc_algs[i]);
2467 			if (err)
2468 				goto err_aes_authenc_alg;
2469 		}
2470 	}
2471 #endif
2472 
2473 	return 0;
2474 
2475 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
2476 	/* i = ARRAY_SIZE(aes_authenc_algs); */
2477 err_aes_authenc_alg:
2478 	for (j = 0; j < i; j++)
2479 		crypto_unregister_aead(&aes_authenc_algs[j]);
2480 	crypto_unregister_skcipher(&aes_xts_alg);
2481 #endif
2482 err_aes_xts_alg:
2483 	crypto_unregister_aead(&aes_gcm_alg);
2484 err_aes_gcm_alg:
2485 	crypto_unregister_skcipher(&aes_cfb64_alg);
2486 err_aes_cfb64_alg:
2487 	i = ARRAY_SIZE(aes_algs);
2488 err_aes_algs:
2489 	for (j = 0; j < i; j++)
2490 		crypto_unregister_skcipher(&aes_algs[j]);
2491 
2492 	return err;
2493 }
2494 
2495 static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
2496 {
2497 	dd->caps.has_dualbuff = 0;
2498 	dd->caps.has_cfb64 = 0;
2499 	dd->caps.has_gcm = 0;
2500 	dd->caps.has_xts = 0;
2501 	dd->caps.has_authenc = 0;
2502 	dd->caps.max_burst_size = 1;
2503 
2504 	/* keep only major version number */
2505 	switch (dd->hw_version & 0xff0) {
2506 	case 0x700:
2507 	case 0x600:
2508 	case 0x500:
2509 		dd->caps.has_dualbuff = 1;
2510 		dd->caps.has_cfb64 = 1;
2511 		dd->caps.has_gcm = 1;
2512 		dd->caps.has_xts = 1;
2513 		dd->caps.has_authenc = 1;
2514 		dd->caps.max_burst_size = 4;
2515 		break;
2516 	case 0x200:
2517 		dd->caps.has_dualbuff = 1;
2518 		dd->caps.has_cfb64 = 1;
2519 		dd->caps.has_gcm = 1;
2520 		dd->caps.max_burst_size = 4;
2521 		break;
2522 	case 0x130:
2523 		dd->caps.has_dualbuff = 1;
2524 		dd->caps.has_cfb64 = 1;
2525 		dd->caps.max_burst_size = 4;
2526 		break;
2527 	case 0x120:
2528 		break;
2529 	default:
2530 		dev_warn(dd->dev,
2531 				"Unmanaged aes version, set minimum capabilities\n");
2532 		break;
2533 	}
2534 }
2535 
2536 static const struct of_device_id atmel_aes_dt_ids[] = {
2537 	{ .compatible = "atmel,at91sam9g46-aes" },
2538 	{ /* sentinel */ }
2539 };
2540 MODULE_DEVICE_TABLE(of, atmel_aes_dt_ids);
2541 
2542 static int atmel_aes_probe(struct platform_device *pdev)
2543 {
2544 	struct atmel_aes_dev *aes_dd;
2545 	struct device *dev = &pdev->dev;
2546 	struct resource *aes_res;
2547 	int err;
2548 
2549 	aes_dd = devm_kzalloc(&pdev->dev, sizeof(*aes_dd), GFP_KERNEL);
2550 	if (!aes_dd)
2551 		return -ENOMEM;
2552 
2553 	aes_dd->dev = dev;
2554 
2555 	platform_set_drvdata(pdev, aes_dd);
2556 
2557 	INIT_LIST_HEAD(&aes_dd->list);
2558 	spin_lock_init(&aes_dd->lock);
2559 
2560 	tasklet_init(&aes_dd->done_task, atmel_aes_done_task,
2561 					(unsigned long)aes_dd);
2562 	tasklet_init(&aes_dd->queue_task, atmel_aes_queue_task,
2563 					(unsigned long)aes_dd);
2564 
2565 	crypto_init_queue(&aes_dd->queue, ATMEL_AES_QUEUE_LENGTH);
2566 
2567 	aes_dd->io_base = devm_platform_get_and_ioremap_resource(pdev, 0, &aes_res);
2568 	if (IS_ERR(aes_dd->io_base)) {
2569 		err = PTR_ERR(aes_dd->io_base);
2570 		goto err_tasklet_kill;
2571 	}
2572 	aes_dd->phys_base = aes_res->start;
2573 
2574 	/* Get the IRQ */
2575 	aes_dd->irq = platform_get_irq(pdev,  0);
2576 	if (aes_dd->irq < 0) {
2577 		err = aes_dd->irq;
2578 		goto err_tasklet_kill;
2579 	}
2580 
2581 	err = devm_request_irq(&pdev->dev, aes_dd->irq, atmel_aes_irq,
2582 			       IRQF_SHARED, "atmel-aes", aes_dd);
2583 	if (err) {
2584 		dev_err(dev, "unable to request aes irq.\n");
2585 		goto err_tasklet_kill;
2586 	}
2587 
2588 	/* Initializing the clock */
2589 	aes_dd->iclk = devm_clk_get(&pdev->dev, "aes_clk");
2590 	if (IS_ERR(aes_dd->iclk)) {
2591 		dev_err(dev, "clock initialization failed.\n");
2592 		err = PTR_ERR(aes_dd->iclk);
2593 		goto err_tasklet_kill;
2594 	}
2595 
2596 	err = clk_prepare(aes_dd->iclk);
2597 	if (err)
2598 		goto err_tasklet_kill;
2599 
2600 	err = atmel_aes_hw_version_init(aes_dd);
2601 	if (err)
2602 		goto err_iclk_unprepare;
2603 
2604 	atmel_aes_get_cap(aes_dd);
2605 
2606 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
2607 	if (aes_dd->caps.has_authenc && !atmel_sha_authenc_is_ready()) {
2608 		err = -EPROBE_DEFER;
2609 		goto err_iclk_unprepare;
2610 	}
2611 #endif
2612 
2613 	err = atmel_aes_buff_init(aes_dd);
2614 	if (err)
2615 		goto err_iclk_unprepare;
2616 
2617 	err = atmel_aes_dma_init(aes_dd);
2618 	if (err)
2619 		goto err_buff_cleanup;
2620 
2621 	spin_lock(&atmel_aes.lock);
2622 	list_add_tail(&aes_dd->list, &atmel_aes.dev_list);
2623 	spin_unlock(&atmel_aes.lock);
2624 
2625 	err = atmel_aes_register_algs(aes_dd);
2626 	if (err)
2627 		goto err_algs;
2628 
2629 	dev_info(dev, "Atmel AES - Using %s, %s for DMA transfers\n",
2630 			dma_chan_name(aes_dd->src.chan),
2631 			dma_chan_name(aes_dd->dst.chan));
2632 
2633 	return 0;
2634 
2635 err_algs:
2636 	spin_lock(&atmel_aes.lock);
2637 	list_del(&aes_dd->list);
2638 	spin_unlock(&atmel_aes.lock);
2639 	atmel_aes_dma_cleanup(aes_dd);
2640 err_buff_cleanup:
2641 	atmel_aes_buff_cleanup(aes_dd);
2642 err_iclk_unprepare:
2643 	clk_unprepare(aes_dd->iclk);
2644 err_tasklet_kill:
2645 	tasklet_kill(&aes_dd->done_task);
2646 	tasklet_kill(&aes_dd->queue_task);
2647 
2648 	return err;
2649 }
2650 
2651 static void atmel_aes_remove(struct platform_device *pdev)
2652 {
2653 	struct atmel_aes_dev *aes_dd;
2654 
2655 	aes_dd = platform_get_drvdata(pdev);
2656 
2657 	spin_lock(&atmel_aes.lock);
2658 	list_del(&aes_dd->list);
2659 	spin_unlock(&atmel_aes.lock);
2660 
2661 	atmel_aes_unregister_algs(aes_dd);
2662 
2663 	tasklet_kill(&aes_dd->done_task);
2664 	tasklet_kill(&aes_dd->queue_task);
2665 
2666 	atmel_aes_dma_cleanup(aes_dd);
2667 	atmel_aes_buff_cleanup(aes_dd);
2668 
2669 	clk_unprepare(aes_dd->iclk);
2670 }
2671 
2672 static struct platform_driver atmel_aes_driver = {
2673 	.probe		= atmel_aes_probe,
2674 	.remove_new	= atmel_aes_remove,
2675 	.driver		= {
2676 		.name	= "atmel_aes",
2677 		.of_match_table = atmel_aes_dt_ids,
2678 	},
2679 };
2680 
2681 module_platform_driver(atmel_aes_driver);
2682 
2683 MODULE_DESCRIPTION("Atmel AES hw acceleration support.");
2684 MODULE_LICENSE("GPL v2");
2685 MODULE_AUTHOR("Nicolas Royer - Eukréa Electromatique");
2686