1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Cryptographic API. 4 * 5 * Support for ATMEL AES HW acceleration. 6 * 7 * Copyright (c) 2012 Eukréa Electromatique - ATMEL 8 * Author: Nicolas Royer <nicolas@eukrea.com> 9 * 10 * Some ideas are from omap-aes.c driver. 11 */ 12 13 14 #include <linux/kernel.h> 15 #include <linux/module.h> 16 #include <linux/slab.h> 17 #include <linux/err.h> 18 #include <linux/clk.h> 19 #include <linux/io.h> 20 #include <linux/hw_random.h> 21 #include <linux/platform_device.h> 22 23 #include <linux/device.h> 24 #include <linux/dmaengine.h> 25 #include <linux/init.h> 26 #include <linux/errno.h> 27 #include <linux/interrupt.h> 28 #include <linux/irq.h> 29 #include <linux/scatterlist.h> 30 #include <linux/dma-mapping.h> 31 #include <linux/of_device.h> 32 #include <linux/delay.h> 33 #include <linux/crypto.h> 34 #include <crypto/scatterwalk.h> 35 #include <crypto/algapi.h> 36 #include <crypto/aes.h> 37 #include <crypto/gcm.h> 38 #include <crypto/xts.h> 39 #include <crypto/internal/aead.h> 40 #include <crypto/internal/skcipher.h> 41 #include "atmel-aes-regs.h" 42 #include "atmel-authenc.h" 43 44 #define ATMEL_AES_PRIORITY 300 45 46 #define ATMEL_AES_BUFFER_ORDER 2 47 #define ATMEL_AES_BUFFER_SIZE (PAGE_SIZE << ATMEL_AES_BUFFER_ORDER) 48 49 #define CFB8_BLOCK_SIZE 1 50 #define CFB16_BLOCK_SIZE 2 51 #define CFB32_BLOCK_SIZE 4 52 #define CFB64_BLOCK_SIZE 8 53 54 #define SIZE_IN_WORDS(x) ((x) >> 2) 55 56 /* AES flags */ 57 /* Reserve bits [18:16] [14:12] [1:0] for mode (same as for AES_MR) */ 58 #define AES_FLAGS_ENCRYPT AES_MR_CYPHER_ENC 59 #define AES_FLAGS_GTAGEN AES_MR_GTAGEN 60 #define AES_FLAGS_OPMODE_MASK (AES_MR_OPMOD_MASK | AES_MR_CFBS_MASK) 61 #define AES_FLAGS_ECB AES_MR_OPMOD_ECB 62 #define AES_FLAGS_CBC AES_MR_OPMOD_CBC 63 #define AES_FLAGS_OFB AES_MR_OPMOD_OFB 64 #define AES_FLAGS_CFB128 (AES_MR_OPMOD_CFB | AES_MR_CFBS_128b) 65 #define AES_FLAGS_CFB64 (AES_MR_OPMOD_CFB | AES_MR_CFBS_64b) 66 #define AES_FLAGS_CFB32 (AES_MR_OPMOD_CFB | AES_MR_CFBS_32b) 67 #define AES_FLAGS_CFB16 (AES_MR_OPMOD_CFB | AES_MR_CFBS_16b) 68 #define AES_FLAGS_CFB8 (AES_MR_OPMOD_CFB | AES_MR_CFBS_8b) 69 #define AES_FLAGS_CTR AES_MR_OPMOD_CTR 70 #define AES_FLAGS_GCM AES_MR_OPMOD_GCM 71 #define AES_FLAGS_XTS AES_MR_OPMOD_XTS 72 73 #define AES_FLAGS_MODE_MASK (AES_FLAGS_OPMODE_MASK | \ 74 AES_FLAGS_ENCRYPT | \ 75 AES_FLAGS_GTAGEN) 76 77 #define AES_FLAGS_BUSY BIT(3) 78 #define AES_FLAGS_DUMP_REG BIT(4) 79 #define AES_FLAGS_OWN_SHA BIT(5) 80 81 #define AES_FLAGS_PERSISTENT AES_FLAGS_BUSY 82 83 #define ATMEL_AES_QUEUE_LENGTH 50 84 85 #define ATMEL_AES_DMA_THRESHOLD 256 86 87 88 struct atmel_aes_caps { 89 bool has_dualbuff; 90 bool has_cfb64; 91 bool has_gcm; 92 bool has_xts; 93 bool has_authenc; 94 u32 max_burst_size; 95 }; 96 97 struct atmel_aes_dev; 98 99 100 typedef int (*atmel_aes_fn_t)(struct atmel_aes_dev *); 101 102 103 struct atmel_aes_base_ctx { 104 struct atmel_aes_dev *dd; 105 atmel_aes_fn_t start; 106 int keylen; 107 u32 key[AES_KEYSIZE_256 / sizeof(u32)]; 108 u16 block_size; 109 bool is_aead; 110 }; 111 112 struct atmel_aes_ctx { 113 struct atmel_aes_base_ctx base; 114 }; 115 116 struct atmel_aes_ctr_ctx { 117 struct atmel_aes_base_ctx base; 118 119 __be32 iv[AES_BLOCK_SIZE / sizeof(u32)]; 120 size_t offset; 121 struct scatterlist src[2]; 122 struct scatterlist dst[2]; 123 u32 blocks; 124 }; 125 126 struct atmel_aes_gcm_ctx { 127 struct atmel_aes_base_ctx base; 128 129 struct scatterlist src[2]; 130 struct scatterlist dst[2]; 131 132 __be32 j0[AES_BLOCK_SIZE / sizeof(u32)]; 133 u32 tag[AES_BLOCK_SIZE / sizeof(u32)]; 134 __be32 ghash[AES_BLOCK_SIZE / sizeof(u32)]; 135 size_t textlen; 136 137 const __be32 *ghash_in; 138 __be32 *ghash_out; 139 atmel_aes_fn_t ghash_resume; 140 }; 141 142 struct atmel_aes_xts_ctx { 143 struct atmel_aes_base_ctx base; 144 145 u32 key2[AES_KEYSIZE_256 / sizeof(u32)]; 146 struct crypto_skcipher *fallback_tfm; 147 }; 148 149 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 150 struct atmel_aes_authenc_ctx { 151 struct atmel_aes_base_ctx base; 152 struct atmel_sha_authenc_ctx *auth; 153 }; 154 #endif 155 156 struct atmel_aes_reqctx { 157 unsigned long mode; 158 u8 lastc[AES_BLOCK_SIZE]; 159 struct skcipher_request fallback_req; 160 }; 161 162 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 163 struct atmel_aes_authenc_reqctx { 164 struct atmel_aes_reqctx base; 165 166 struct scatterlist src[2]; 167 struct scatterlist dst[2]; 168 size_t textlen; 169 u32 digest[SHA512_DIGEST_SIZE / sizeof(u32)]; 170 171 /* auth_req MUST be place last. */ 172 struct ahash_request auth_req; 173 }; 174 #endif 175 176 struct atmel_aes_dma { 177 struct dma_chan *chan; 178 struct scatterlist *sg; 179 int nents; 180 unsigned int remainder; 181 unsigned int sg_len; 182 }; 183 184 struct atmel_aes_dev { 185 struct list_head list; 186 unsigned long phys_base; 187 void __iomem *io_base; 188 189 struct crypto_async_request *areq; 190 struct atmel_aes_base_ctx *ctx; 191 192 bool is_async; 193 atmel_aes_fn_t resume; 194 atmel_aes_fn_t cpu_transfer_complete; 195 196 struct device *dev; 197 struct clk *iclk; 198 int irq; 199 200 unsigned long flags; 201 202 spinlock_t lock; 203 struct crypto_queue queue; 204 205 struct tasklet_struct done_task; 206 struct tasklet_struct queue_task; 207 208 size_t total; 209 size_t datalen; 210 u32 *data; 211 212 struct atmel_aes_dma src; 213 struct atmel_aes_dma dst; 214 215 size_t buflen; 216 void *buf; 217 struct scatterlist aligned_sg; 218 struct scatterlist *real_dst; 219 220 struct atmel_aes_caps caps; 221 222 u32 hw_version; 223 }; 224 225 struct atmel_aes_drv { 226 struct list_head dev_list; 227 spinlock_t lock; 228 }; 229 230 static struct atmel_aes_drv atmel_aes = { 231 .dev_list = LIST_HEAD_INIT(atmel_aes.dev_list), 232 .lock = __SPIN_LOCK_UNLOCKED(atmel_aes.lock), 233 }; 234 235 #ifdef VERBOSE_DEBUG 236 static const char *atmel_aes_reg_name(u32 offset, char *tmp, size_t sz) 237 { 238 switch (offset) { 239 case AES_CR: 240 return "CR"; 241 242 case AES_MR: 243 return "MR"; 244 245 case AES_ISR: 246 return "ISR"; 247 248 case AES_IMR: 249 return "IMR"; 250 251 case AES_IER: 252 return "IER"; 253 254 case AES_IDR: 255 return "IDR"; 256 257 case AES_KEYWR(0): 258 case AES_KEYWR(1): 259 case AES_KEYWR(2): 260 case AES_KEYWR(3): 261 case AES_KEYWR(4): 262 case AES_KEYWR(5): 263 case AES_KEYWR(6): 264 case AES_KEYWR(7): 265 snprintf(tmp, sz, "KEYWR[%u]", (offset - AES_KEYWR(0)) >> 2); 266 break; 267 268 case AES_IDATAR(0): 269 case AES_IDATAR(1): 270 case AES_IDATAR(2): 271 case AES_IDATAR(3): 272 snprintf(tmp, sz, "IDATAR[%u]", (offset - AES_IDATAR(0)) >> 2); 273 break; 274 275 case AES_ODATAR(0): 276 case AES_ODATAR(1): 277 case AES_ODATAR(2): 278 case AES_ODATAR(3): 279 snprintf(tmp, sz, "ODATAR[%u]", (offset - AES_ODATAR(0)) >> 2); 280 break; 281 282 case AES_IVR(0): 283 case AES_IVR(1): 284 case AES_IVR(2): 285 case AES_IVR(3): 286 snprintf(tmp, sz, "IVR[%u]", (offset - AES_IVR(0)) >> 2); 287 break; 288 289 case AES_AADLENR: 290 return "AADLENR"; 291 292 case AES_CLENR: 293 return "CLENR"; 294 295 case AES_GHASHR(0): 296 case AES_GHASHR(1): 297 case AES_GHASHR(2): 298 case AES_GHASHR(3): 299 snprintf(tmp, sz, "GHASHR[%u]", (offset - AES_GHASHR(0)) >> 2); 300 break; 301 302 case AES_TAGR(0): 303 case AES_TAGR(1): 304 case AES_TAGR(2): 305 case AES_TAGR(3): 306 snprintf(tmp, sz, "TAGR[%u]", (offset - AES_TAGR(0)) >> 2); 307 break; 308 309 case AES_CTRR: 310 return "CTRR"; 311 312 case AES_GCMHR(0): 313 case AES_GCMHR(1): 314 case AES_GCMHR(2): 315 case AES_GCMHR(3): 316 snprintf(tmp, sz, "GCMHR[%u]", (offset - AES_GCMHR(0)) >> 2); 317 break; 318 319 case AES_EMR: 320 return "EMR"; 321 322 case AES_TWR(0): 323 case AES_TWR(1): 324 case AES_TWR(2): 325 case AES_TWR(3): 326 snprintf(tmp, sz, "TWR[%u]", (offset - AES_TWR(0)) >> 2); 327 break; 328 329 case AES_ALPHAR(0): 330 case AES_ALPHAR(1): 331 case AES_ALPHAR(2): 332 case AES_ALPHAR(3): 333 snprintf(tmp, sz, "ALPHAR[%u]", (offset - AES_ALPHAR(0)) >> 2); 334 break; 335 336 default: 337 snprintf(tmp, sz, "0x%02x", offset); 338 break; 339 } 340 341 return tmp; 342 } 343 #endif /* VERBOSE_DEBUG */ 344 345 /* Shared functions */ 346 347 static inline u32 atmel_aes_read(struct atmel_aes_dev *dd, u32 offset) 348 { 349 u32 value = readl_relaxed(dd->io_base + offset); 350 351 #ifdef VERBOSE_DEBUG 352 if (dd->flags & AES_FLAGS_DUMP_REG) { 353 char tmp[16]; 354 355 dev_vdbg(dd->dev, "read 0x%08x from %s\n", value, 356 atmel_aes_reg_name(offset, tmp, sizeof(tmp))); 357 } 358 #endif /* VERBOSE_DEBUG */ 359 360 return value; 361 } 362 363 static inline void atmel_aes_write(struct atmel_aes_dev *dd, 364 u32 offset, u32 value) 365 { 366 #ifdef VERBOSE_DEBUG 367 if (dd->flags & AES_FLAGS_DUMP_REG) { 368 char tmp[16]; 369 370 dev_vdbg(dd->dev, "write 0x%08x into %s\n", value, 371 atmel_aes_reg_name(offset, tmp, sizeof(tmp))); 372 } 373 #endif /* VERBOSE_DEBUG */ 374 375 writel_relaxed(value, dd->io_base + offset); 376 } 377 378 static void atmel_aes_read_n(struct atmel_aes_dev *dd, u32 offset, 379 u32 *value, int count) 380 { 381 for (; count--; value++, offset += 4) 382 *value = atmel_aes_read(dd, offset); 383 } 384 385 static void atmel_aes_write_n(struct atmel_aes_dev *dd, u32 offset, 386 const u32 *value, int count) 387 { 388 for (; count--; value++, offset += 4) 389 atmel_aes_write(dd, offset, *value); 390 } 391 392 static inline void atmel_aes_read_block(struct atmel_aes_dev *dd, u32 offset, 393 void *value) 394 { 395 atmel_aes_read_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE)); 396 } 397 398 static inline void atmel_aes_write_block(struct atmel_aes_dev *dd, u32 offset, 399 const void *value) 400 { 401 atmel_aes_write_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE)); 402 } 403 404 static inline int atmel_aes_wait_for_data_ready(struct atmel_aes_dev *dd, 405 atmel_aes_fn_t resume) 406 { 407 u32 isr = atmel_aes_read(dd, AES_ISR); 408 409 if (unlikely(isr & AES_INT_DATARDY)) 410 return resume(dd); 411 412 dd->resume = resume; 413 atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); 414 return -EINPROGRESS; 415 } 416 417 static inline size_t atmel_aes_padlen(size_t len, size_t block_size) 418 { 419 len &= block_size - 1; 420 return len ? block_size - len : 0; 421 } 422 423 static struct atmel_aes_dev *atmel_aes_dev_alloc(struct atmel_aes_base_ctx *ctx) 424 { 425 struct atmel_aes_dev *aes_dd; 426 427 spin_lock_bh(&atmel_aes.lock); 428 /* One AES IP per SoC. */ 429 aes_dd = list_first_entry_or_null(&atmel_aes.dev_list, 430 struct atmel_aes_dev, list); 431 spin_unlock_bh(&atmel_aes.lock); 432 return aes_dd; 433 } 434 435 static int atmel_aes_hw_init(struct atmel_aes_dev *dd) 436 { 437 int err; 438 439 err = clk_enable(dd->iclk); 440 if (err) 441 return err; 442 443 atmel_aes_write(dd, AES_CR, AES_CR_SWRST); 444 atmel_aes_write(dd, AES_MR, 0xE << AES_MR_CKEY_OFFSET); 445 446 return 0; 447 } 448 449 static inline unsigned int atmel_aes_get_version(struct atmel_aes_dev *dd) 450 { 451 return atmel_aes_read(dd, AES_HW_VERSION) & 0x00000fff; 452 } 453 454 static int atmel_aes_hw_version_init(struct atmel_aes_dev *dd) 455 { 456 int err; 457 458 err = atmel_aes_hw_init(dd); 459 if (err) 460 return err; 461 462 dd->hw_version = atmel_aes_get_version(dd); 463 464 dev_info(dd->dev, "version: 0x%x\n", dd->hw_version); 465 466 clk_disable(dd->iclk); 467 return 0; 468 } 469 470 static inline void atmel_aes_set_mode(struct atmel_aes_dev *dd, 471 const struct atmel_aes_reqctx *rctx) 472 { 473 /* Clear all but persistent flags and set request flags. */ 474 dd->flags = (dd->flags & AES_FLAGS_PERSISTENT) | rctx->mode; 475 } 476 477 static inline bool atmel_aes_is_encrypt(const struct atmel_aes_dev *dd) 478 { 479 return (dd->flags & AES_FLAGS_ENCRYPT); 480 } 481 482 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 483 static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err); 484 #endif 485 486 static void atmel_aes_set_iv_as_last_ciphertext_block(struct atmel_aes_dev *dd) 487 { 488 struct skcipher_request *req = skcipher_request_cast(dd->areq); 489 struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); 490 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 491 unsigned int ivsize = crypto_skcipher_ivsize(skcipher); 492 493 if (req->cryptlen < ivsize) 494 return; 495 496 if (rctx->mode & AES_FLAGS_ENCRYPT) { 497 scatterwalk_map_and_copy(req->iv, req->dst, 498 req->cryptlen - ivsize, ivsize, 0); 499 } else { 500 if (req->src == req->dst) 501 memcpy(req->iv, rctx->lastc, ivsize); 502 else 503 scatterwalk_map_and_copy(req->iv, req->src, 504 req->cryptlen - ivsize, 505 ivsize, 0); 506 } 507 } 508 509 static inline struct atmel_aes_ctr_ctx * 510 atmel_aes_ctr_ctx_cast(struct atmel_aes_base_ctx *ctx) 511 { 512 return container_of(ctx, struct atmel_aes_ctr_ctx, base); 513 } 514 515 static void atmel_aes_ctr_update_req_iv(struct atmel_aes_dev *dd) 516 { 517 struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx); 518 struct skcipher_request *req = skcipher_request_cast(dd->areq); 519 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 520 unsigned int ivsize = crypto_skcipher_ivsize(skcipher); 521 int i; 522 523 /* 524 * The CTR transfer works in fragments of data of maximum 1 MByte 525 * because of the 16 bit CTR counter embedded in the IP. When reaching 526 * here, ctx->blocks contains the number of blocks of the last fragment 527 * processed, there is no need to explicit cast it to u16. 528 */ 529 for (i = 0; i < ctx->blocks; i++) 530 crypto_inc((u8 *)ctx->iv, AES_BLOCK_SIZE); 531 532 memcpy(req->iv, ctx->iv, ivsize); 533 } 534 535 static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err) 536 { 537 struct skcipher_request *req = skcipher_request_cast(dd->areq); 538 struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); 539 540 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 541 if (dd->ctx->is_aead) 542 atmel_aes_authenc_complete(dd, err); 543 #endif 544 545 clk_disable(dd->iclk); 546 dd->flags &= ~AES_FLAGS_BUSY; 547 548 if (!err && !dd->ctx->is_aead && 549 (rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_ECB) { 550 if ((rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_CTR) 551 atmel_aes_set_iv_as_last_ciphertext_block(dd); 552 else 553 atmel_aes_ctr_update_req_iv(dd); 554 } 555 556 if (dd->is_async) 557 crypto_request_complete(dd->areq, err); 558 559 tasklet_schedule(&dd->queue_task); 560 561 return err; 562 } 563 564 static void atmel_aes_write_ctrl_key(struct atmel_aes_dev *dd, bool use_dma, 565 const __be32 *iv, const u32 *key, int keylen) 566 { 567 u32 valmr = 0; 568 569 /* MR register must be set before IV registers */ 570 if (keylen == AES_KEYSIZE_128) 571 valmr |= AES_MR_KEYSIZE_128; 572 else if (keylen == AES_KEYSIZE_192) 573 valmr |= AES_MR_KEYSIZE_192; 574 else 575 valmr |= AES_MR_KEYSIZE_256; 576 577 valmr |= dd->flags & AES_FLAGS_MODE_MASK; 578 579 if (use_dma) { 580 valmr |= AES_MR_SMOD_IDATAR0; 581 if (dd->caps.has_dualbuff) 582 valmr |= AES_MR_DUALBUFF; 583 } else { 584 valmr |= AES_MR_SMOD_AUTO; 585 } 586 587 atmel_aes_write(dd, AES_MR, valmr); 588 589 atmel_aes_write_n(dd, AES_KEYWR(0), key, SIZE_IN_WORDS(keylen)); 590 591 if (iv && (valmr & AES_MR_OPMOD_MASK) != AES_MR_OPMOD_ECB) 592 atmel_aes_write_block(dd, AES_IVR(0), iv); 593 } 594 595 static inline void atmel_aes_write_ctrl(struct atmel_aes_dev *dd, bool use_dma, 596 const __be32 *iv) 597 598 { 599 atmel_aes_write_ctrl_key(dd, use_dma, iv, 600 dd->ctx->key, dd->ctx->keylen); 601 } 602 603 /* CPU transfer */ 604 605 static int atmel_aes_cpu_transfer(struct atmel_aes_dev *dd) 606 { 607 int err = 0; 608 u32 isr; 609 610 for (;;) { 611 atmel_aes_read_block(dd, AES_ODATAR(0), dd->data); 612 dd->data += 4; 613 dd->datalen -= AES_BLOCK_SIZE; 614 615 if (dd->datalen < AES_BLOCK_SIZE) 616 break; 617 618 atmel_aes_write_block(dd, AES_IDATAR(0), dd->data); 619 620 isr = atmel_aes_read(dd, AES_ISR); 621 if (!(isr & AES_INT_DATARDY)) { 622 dd->resume = atmel_aes_cpu_transfer; 623 atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); 624 return -EINPROGRESS; 625 } 626 } 627 628 if (!sg_copy_from_buffer(dd->real_dst, sg_nents(dd->real_dst), 629 dd->buf, dd->total)) 630 err = -EINVAL; 631 632 if (err) 633 return atmel_aes_complete(dd, err); 634 635 return dd->cpu_transfer_complete(dd); 636 } 637 638 static int atmel_aes_cpu_start(struct atmel_aes_dev *dd, 639 struct scatterlist *src, 640 struct scatterlist *dst, 641 size_t len, 642 atmel_aes_fn_t resume) 643 { 644 size_t padlen = atmel_aes_padlen(len, AES_BLOCK_SIZE); 645 646 if (unlikely(len == 0)) 647 return -EINVAL; 648 649 sg_copy_to_buffer(src, sg_nents(src), dd->buf, len); 650 651 dd->total = len; 652 dd->real_dst = dst; 653 dd->cpu_transfer_complete = resume; 654 dd->datalen = len + padlen; 655 dd->data = (u32 *)dd->buf; 656 atmel_aes_write_block(dd, AES_IDATAR(0), dd->data); 657 return atmel_aes_wait_for_data_ready(dd, atmel_aes_cpu_transfer); 658 } 659 660 661 /* DMA transfer */ 662 663 static void atmel_aes_dma_callback(void *data); 664 665 static bool atmel_aes_check_aligned(struct atmel_aes_dev *dd, 666 struct scatterlist *sg, 667 size_t len, 668 struct atmel_aes_dma *dma) 669 { 670 int nents; 671 672 if (!IS_ALIGNED(len, dd->ctx->block_size)) 673 return false; 674 675 for (nents = 0; sg; sg = sg_next(sg), ++nents) { 676 if (!IS_ALIGNED(sg->offset, sizeof(u32))) 677 return false; 678 679 if (len <= sg->length) { 680 if (!IS_ALIGNED(len, dd->ctx->block_size)) 681 return false; 682 683 dma->nents = nents+1; 684 dma->remainder = sg->length - len; 685 sg->length = len; 686 return true; 687 } 688 689 if (!IS_ALIGNED(sg->length, dd->ctx->block_size)) 690 return false; 691 692 len -= sg->length; 693 } 694 695 return false; 696 } 697 698 static inline void atmel_aes_restore_sg(const struct atmel_aes_dma *dma) 699 { 700 struct scatterlist *sg = dma->sg; 701 int nents = dma->nents; 702 703 if (!dma->remainder) 704 return; 705 706 while (--nents > 0 && sg) 707 sg = sg_next(sg); 708 709 if (!sg) 710 return; 711 712 sg->length += dma->remainder; 713 } 714 715 static int atmel_aes_map(struct atmel_aes_dev *dd, 716 struct scatterlist *src, 717 struct scatterlist *dst, 718 size_t len) 719 { 720 bool src_aligned, dst_aligned; 721 size_t padlen; 722 723 dd->total = len; 724 dd->src.sg = src; 725 dd->dst.sg = dst; 726 dd->real_dst = dst; 727 728 src_aligned = atmel_aes_check_aligned(dd, src, len, &dd->src); 729 if (src == dst) 730 dst_aligned = src_aligned; 731 else 732 dst_aligned = atmel_aes_check_aligned(dd, dst, len, &dd->dst); 733 if (!src_aligned || !dst_aligned) { 734 padlen = atmel_aes_padlen(len, dd->ctx->block_size); 735 736 if (dd->buflen < len + padlen) 737 return -ENOMEM; 738 739 if (!src_aligned) { 740 sg_copy_to_buffer(src, sg_nents(src), dd->buf, len); 741 dd->src.sg = &dd->aligned_sg; 742 dd->src.nents = 1; 743 dd->src.remainder = 0; 744 } 745 746 if (!dst_aligned) { 747 dd->dst.sg = &dd->aligned_sg; 748 dd->dst.nents = 1; 749 dd->dst.remainder = 0; 750 } 751 752 sg_init_table(&dd->aligned_sg, 1); 753 sg_set_buf(&dd->aligned_sg, dd->buf, len + padlen); 754 } 755 756 if (dd->src.sg == dd->dst.sg) { 757 dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents, 758 DMA_BIDIRECTIONAL); 759 dd->dst.sg_len = dd->src.sg_len; 760 if (!dd->src.sg_len) 761 return -EFAULT; 762 } else { 763 dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents, 764 DMA_TO_DEVICE); 765 if (!dd->src.sg_len) 766 return -EFAULT; 767 768 dd->dst.sg_len = dma_map_sg(dd->dev, dd->dst.sg, dd->dst.nents, 769 DMA_FROM_DEVICE); 770 if (!dd->dst.sg_len) { 771 dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents, 772 DMA_TO_DEVICE); 773 return -EFAULT; 774 } 775 } 776 777 return 0; 778 } 779 780 static void atmel_aes_unmap(struct atmel_aes_dev *dd) 781 { 782 if (dd->src.sg == dd->dst.sg) { 783 dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents, 784 DMA_BIDIRECTIONAL); 785 786 if (dd->src.sg != &dd->aligned_sg) 787 atmel_aes_restore_sg(&dd->src); 788 } else { 789 dma_unmap_sg(dd->dev, dd->dst.sg, dd->dst.nents, 790 DMA_FROM_DEVICE); 791 792 if (dd->dst.sg != &dd->aligned_sg) 793 atmel_aes_restore_sg(&dd->dst); 794 795 dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents, 796 DMA_TO_DEVICE); 797 798 if (dd->src.sg != &dd->aligned_sg) 799 atmel_aes_restore_sg(&dd->src); 800 } 801 802 if (dd->dst.sg == &dd->aligned_sg) 803 sg_copy_from_buffer(dd->real_dst, sg_nents(dd->real_dst), 804 dd->buf, dd->total); 805 } 806 807 static int atmel_aes_dma_transfer_start(struct atmel_aes_dev *dd, 808 enum dma_slave_buswidth addr_width, 809 enum dma_transfer_direction dir, 810 u32 maxburst) 811 { 812 struct dma_async_tx_descriptor *desc; 813 struct dma_slave_config config; 814 dma_async_tx_callback callback; 815 struct atmel_aes_dma *dma; 816 int err; 817 818 memset(&config, 0, sizeof(config)); 819 config.src_addr_width = addr_width; 820 config.dst_addr_width = addr_width; 821 config.src_maxburst = maxburst; 822 config.dst_maxburst = maxburst; 823 824 switch (dir) { 825 case DMA_MEM_TO_DEV: 826 dma = &dd->src; 827 callback = NULL; 828 config.dst_addr = dd->phys_base + AES_IDATAR(0); 829 break; 830 831 case DMA_DEV_TO_MEM: 832 dma = &dd->dst; 833 callback = atmel_aes_dma_callback; 834 config.src_addr = dd->phys_base + AES_ODATAR(0); 835 break; 836 837 default: 838 return -EINVAL; 839 } 840 841 err = dmaengine_slave_config(dma->chan, &config); 842 if (err) 843 return err; 844 845 desc = dmaengine_prep_slave_sg(dma->chan, dma->sg, dma->sg_len, dir, 846 DMA_PREP_INTERRUPT | DMA_CTRL_ACK); 847 if (!desc) 848 return -ENOMEM; 849 850 desc->callback = callback; 851 desc->callback_param = dd; 852 dmaengine_submit(desc); 853 dma_async_issue_pending(dma->chan); 854 855 return 0; 856 } 857 858 static int atmel_aes_dma_start(struct atmel_aes_dev *dd, 859 struct scatterlist *src, 860 struct scatterlist *dst, 861 size_t len, 862 atmel_aes_fn_t resume) 863 { 864 enum dma_slave_buswidth addr_width; 865 u32 maxburst; 866 int err; 867 868 switch (dd->ctx->block_size) { 869 case CFB8_BLOCK_SIZE: 870 addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE; 871 maxburst = 1; 872 break; 873 874 case CFB16_BLOCK_SIZE: 875 addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES; 876 maxburst = 1; 877 break; 878 879 case CFB32_BLOCK_SIZE: 880 case CFB64_BLOCK_SIZE: 881 addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; 882 maxburst = 1; 883 break; 884 885 case AES_BLOCK_SIZE: 886 addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; 887 maxburst = dd->caps.max_burst_size; 888 break; 889 890 default: 891 err = -EINVAL; 892 goto exit; 893 } 894 895 err = atmel_aes_map(dd, src, dst, len); 896 if (err) 897 goto exit; 898 899 dd->resume = resume; 900 901 /* Set output DMA transfer first */ 902 err = atmel_aes_dma_transfer_start(dd, addr_width, DMA_DEV_TO_MEM, 903 maxburst); 904 if (err) 905 goto unmap; 906 907 /* Then set input DMA transfer */ 908 err = atmel_aes_dma_transfer_start(dd, addr_width, DMA_MEM_TO_DEV, 909 maxburst); 910 if (err) 911 goto output_transfer_stop; 912 913 return -EINPROGRESS; 914 915 output_transfer_stop: 916 dmaengine_terminate_sync(dd->dst.chan); 917 unmap: 918 atmel_aes_unmap(dd); 919 exit: 920 return atmel_aes_complete(dd, err); 921 } 922 923 static void atmel_aes_dma_callback(void *data) 924 { 925 struct atmel_aes_dev *dd = data; 926 927 atmel_aes_unmap(dd); 928 dd->is_async = true; 929 (void)dd->resume(dd); 930 } 931 932 static int atmel_aes_handle_queue(struct atmel_aes_dev *dd, 933 struct crypto_async_request *new_areq) 934 { 935 struct crypto_async_request *areq, *backlog; 936 struct atmel_aes_base_ctx *ctx; 937 unsigned long flags; 938 bool start_async; 939 int err, ret = 0; 940 941 spin_lock_irqsave(&dd->lock, flags); 942 if (new_areq) 943 ret = crypto_enqueue_request(&dd->queue, new_areq); 944 if (dd->flags & AES_FLAGS_BUSY) { 945 spin_unlock_irqrestore(&dd->lock, flags); 946 return ret; 947 } 948 backlog = crypto_get_backlog(&dd->queue); 949 areq = crypto_dequeue_request(&dd->queue); 950 if (areq) 951 dd->flags |= AES_FLAGS_BUSY; 952 spin_unlock_irqrestore(&dd->lock, flags); 953 954 if (!areq) 955 return ret; 956 957 if (backlog) 958 crypto_request_complete(backlog, -EINPROGRESS); 959 960 ctx = crypto_tfm_ctx(areq->tfm); 961 962 dd->areq = areq; 963 dd->ctx = ctx; 964 start_async = (areq != new_areq); 965 dd->is_async = start_async; 966 967 /* WARNING: ctx->start() MAY change dd->is_async. */ 968 err = ctx->start(dd); 969 return (start_async) ? ret : err; 970 } 971 972 973 /* AES async block ciphers */ 974 975 static int atmel_aes_transfer_complete(struct atmel_aes_dev *dd) 976 { 977 return atmel_aes_complete(dd, 0); 978 } 979 980 static int atmel_aes_start(struct atmel_aes_dev *dd) 981 { 982 struct skcipher_request *req = skcipher_request_cast(dd->areq); 983 struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); 984 bool use_dma = (req->cryptlen >= ATMEL_AES_DMA_THRESHOLD || 985 dd->ctx->block_size != AES_BLOCK_SIZE); 986 int err; 987 988 atmel_aes_set_mode(dd, rctx); 989 990 err = atmel_aes_hw_init(dd); 991 if (err) 992 return atmel_aes_complete(dd, err); 993 994 atmel_aes_write_ctrl(dd, use_dma, (void *)req->iv); 995 if (use_dma) 996 return atmel_aes_dma_start(dd, req->src, req->dst, 997 req->cryptlen, 998 atmel_aes_transfer_complete); 999 1000 return atmel_aes_cpu_start(dd, req->src, req->dst, req->cryptlen, 1001 atmel_aes_transfer_complete); 1002 } 1003 1004 static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd) 1005 { 1006 struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx); 1007 struct skcipher_request *req = skcipher_request_cast(dd->areq); 1008 struct scatterlist *src, *dst; 1009 size_t datalen; 1010 u32 ctr; 1011 u16 start, end; 1012 bool use_dma, fragmented = false; 1013 1014 /* Check for transfer completion. */ 1015 ctx->offset += dd->total; 1016 if (ctx->offset >= req->cryptlen) 1017 return atmel_aes_transfer_complete(dd); 1018 1019 /* Compute data length. */ 1020 datalen = req->cryptlen - ctx->offset; 1021 ctx->blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE); 1022 ctr = be32_to_cpu(ctx->iv[3]); 1023 1024 /* Check 16bit counter overflow. */ 1025 start = ctr & 0xffff; 1026 end = start + ctx->blocks - 1; 1027 1028 if (ctx->blocks >> 16 || end < start) { 1029 ctr |= 0xffff; 1030 datalen = AES_BLOCK_SIZE * (0x10000 - start); 1031 fragmented = true; 1032 } 1033 1034 use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD); 1035 1036 /* Jump to offset. */ 1037 src = scatterwalk_ffwd(ctx->src, req->src, ctx->offset); 1038 dst = ((req->src == req->dst) ? src : 1039 scatterwalk_ffwd(ctx->dst, req->dst, ctx->offset)); 1040 1041 /* Configure hardware. */ 1042 atmel_aes_write_ctrl(dd, use_dma, ctx->iv); 1043 if (unlikely(fragmented)) { 1044 /* 1045 * Increment the counter manually to cope with the hardware 1046 * counter overflow. 1047 */ 1048 ctx->iv[3] = cpu_to_be32(ctr); 1049 crypto_inc((u8 *)ctx->iv, AES_BLOCK_SIZE); 1050 } 1051 1052 if (use_dma) 1053 return atmel_aes_dma_start(dd, src, dst, datalen, 1054 atmel_aes_ctr_transfer); 1055 1056 return atmel_aes_cpu_start(dd, src, dst, datalen, 1057 atmel_aes_ctr_transfer); 1058 } 1059 1060 static int atmel_aes_ctr_start(struct atmel_aes_dev *dd) 1061 { 1062 struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx); 1063 struct skcipher_request *req = skcipher_request_cast(dd->areq); 1064 struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); 1065 int err; 1066 1067 atmel_aes_set_mode(dd, rctx); 1068 1069 err = atmel_aes_hw_init(dd); 1070 if (err) 1071 return atmel_aes_complete(dd, err); 1072 1073 memcpy(ctx->iv, req->iv, AES_BLOCK_SIZE); 1074 ctx->offset = 0; 1075 dd->total = 0; 1076 return atmel_aes_ctr_transfer(dd); 1077 } 1078 1079 static int atmel_aes_xts_fallback(struct skcipher_request *req, bool enc) 1080 { 1081 struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); 1082 struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx( 1083 crypto_skcipher_reqtfm(req)); 1084 1085 skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); 1086 skcipher_request_set_callback(&rctx->fallback_req, req->base.flags, 1087 req->base.complete, req->base.data); 1088 skcipher_request_set_crypt(&rctx->fallback_req, req->src, req->dst, 1089 req->cryptlen, req->iv); 1090 1091 return enc ? crypto_skcipher_encrypt(&rctx->fallback_req) : 1092 crypto_skcipher_decrypt(&rctx->fallback_req); 1093 } 1094 1095 static int atmel_aes_crypt(struct skcipher_request *req, unsigned long mode) 1096 { 1097 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 1098 struct atmel_aes_base_ctx *ctx = crypto_skcipher_ctx(skcipher); 1099 struct atmel_aes_reqctx *rctx; 1100 u32 opmode = mode & AES_FLAGS_OPMODE_MASK; 1101 1102 if (opmode == AES_FLAGS_XTS) { 1103 if (req->cryptlen < XTS_BLOCK_SIZE) 1104 return -EINVAL; 1105 1106 if (!IS_ALIGNED(req->cryptlen, XTS_BLOCK_SIZE)) 1107 return atmel_aes_xts_fallback(req, 1108 mode & AES_FLAGS_ENCRYPT); 1109 } 1110 1111 /* 1112 * ECB, CBC, CFB, OFB or CTR mode require the plaintext and ciphertext 1113 * to have a positve integer length. 1114 */ 1115 if (!req->cryptlen && opmode != AES_FLAGS_XTS) 1116 return 0; 1117 1118 if ((opmode == AES_FLAGS_ECB || opmode == AES_FLAGS_CBC) && 1119 !IS_ALIGNED(req->cryptlen, crypto_skcipher_blocksize(skcipher))) 1120 return -EINVAL; 1121 1122 switch (mode & AES_FLAGS_OPMODE_MASK) { 1123 case AES_FLAGS_CFB8: 1124 ctx->block_size = CFB8_BLOCK_SIZE; 1125 break; 1126 1127 case AES_FLAGS_CFB16: 1128 ctx->block_size = CFB16_BLOCK_SIZE; 1129 break; 1130 1131 case AES_FLAGS_CFB32: 1132 ctx->block_size = CFB32_BLOCK_SIZE; 1133 break; 1134 1135 case AES_FLAGS_CFB64: 1136 ctx->block_size = CFB64_BLOCK_SIZE; 1137 break; 1138 1139 default: 1140 ctx->block_size = AES_BLOCK_SIZE; 1141 break; 1142 } 1143 ctx->is_aead = false; 1144 1145 rctx = skcipher_request_ctx(req); 1146 rctx->mode = mode; 1147 1148 if (opmode != AES_FLAGS_ECB && 1149 !(mode & AES_FLAGS_ENCRYPT) && req->src == req->dst) { 1150 unsigned int ivsize = crypto_skcipher_ivsize(skcipher); 1151 1152 if (req->cryptlen >= ivsize) 1153 scatterwalk_map_and_copy(rctx->lastc, req->src, 1154 req->cryptlen - ivsize, 1155 ivsize, 0); 1156 } 1157 1158 return atmel_aes_handle_queue(ctx->dd, &req->base); 1159 } 1160 1161 static int atmel_aes_setkey(struct crypto_skcipher *tfm, const u8 *key, 1162 unsigned int keylen) 1163 { 1164 struct atmel_aes_base_ctx *ctx = crypto_skcipher_ctx(tfm); 1165 1166 if (keylen != AES_KEYSIZE_128 && 1167 keylen != AES_KEYSIZE_192 && 1168 keylen != AES_KEYSIZE_256) 1169 return -EINVAL; 1170 1171 memcpy(ctx->key, key, keylen); 1172 ctx->keylen = keylen; 1173 1174 return 0; 1175 } 1176 1177 static int atmel_aes_ecb_encrypt(struct skcipher_request *req) 1178 { 1179 return atmel_aes_crypt(req, AES_FLAGS_ECB | AES_FLAGS_ENCRYPT); 1180 } 1181 1182 static int atmel_aes_ecb_decrypt(struct skcipher_request *req) 1183 { 1184 return atmel_aes_crypt(req, AES_FLAGS_ECB); 1185 } 1186 1187 static int atmel_aes_cbc_encrypt(struct skcipher_request *req) 1188 { 1189 return atmel_aes_crypt(req, AES_FLAGS_CBC | AES_FLAGS_ENCRYPT); 1190 } 1191 1192 static int atmel_aes_cbc_decrypt(struct skcipher_request *req) 1193 { 1194 return atmel_aes_crypt(req, AES_FLAGS_CBC); 1195 } 1196 1197 static int atmel_aes_ofb_encrypt(struct skcipher_request *req) 1198 { 1199 return atmel_aes_crypt(req, AES_FLAGS_OFB | AES_FLAGS_ENCRYPT); 1200 } 1201 1202 static int atmel_aes_ofb_decrypt(struct skcipher_request *req) 1203 { 1204 return atmel_aes_crypt(req, AES_FLAGS_OFB); 1205 } 1206 1207 static int atmel_aes_cfb_encrypt(struct skcipher_request *req) 1208 { 1209 return atmel_aes_crypt(req, AES_FLAGS_CFB128 | AES_FLAGS_ENCRYPT); 1210 } 1211 1212 static int atmel_aes_cfb_decrypt(struct skcipher_request *req) 1213 { 1214 return atmel_aes_crypt(req, AES_FLAGS_CFB128); 1215 } 1216 1217 static int atmel_aes_cfb64_encrypt(struct skcipher_request *req) 1218 { 1219 return atmel_aes_crypt(req, AES_FLAGS_CFB64 | AES_FLAGS_ENCRYPT); 1220 } 1221 1222 static int atmel_aes_cfb64_decrypt(struct skcipher_request *req) 1223 { 1224 return atmel_aes_crypt(req, AES_FLAGS_CFB64); 1225 } 1226 1227 static int atmel_aes_cfb32_encrypt(struct skcipher_request *req) 1228 { 1229 return atmel_aes_crypt(req, AES_FLAGS_CFB32 | AES_FLAGS_ENCRYPT); 1230 } 1231 1232 static int atmel_aes_cfb32_decrypt(struct skcipher_request *req) 1233 { 1234 return atmel_aes_crypt(req, AES_FLAGS_CFB32); 1235 } 1236 1237 static int atmel_aes_cfb16_encrypt(struct skcipher_request *req) 1238 { 1239 return atmel_aes_crypt(req, AES_FLAGS_CFB16 | AES_FLAGS_ENCRYPT); 1240 } 1241 1242 static int atmel_aes_cfb16_decrypt(struct skcipher_request *req) 1243 { 1244 return atmel_aes_crypt(req, AES_FLAGS_CFB16); 1245 } 1246 1247 static int atmel_aes_cfb8_encrypt(struct skcipher_request *req) 1248 { 1249 return atmel_aes_crypt(req, AES_FLAGS_CFB8 | AES_FLAGS_ENCRYPT); 1250 } 1251 1252 static int atmel_aes_cfb8_decrypt(struct skcipher_request *req) 1253 { 1254 return atmel_aes_crypt(req, AES_FLAGS_CFB8); 1255 } 1256 1257 static int atmel_aes_ctr_encrypt(struct skcipher_request *req) 1258 { 1259 return atmel_aes_crypt(req, AES_FLAGS_CTR | AES_FLAGS_ENCRYPT); 1260 } 1261 1262 static int atmel_aes_ctr_decrypt(struct skcipher_request *req) 1263 { 1264 return atmel_aes_crypt(req, AES_FLAGS_CTR); 1265 } 1266 1267 static int atmel_aes_init_tfm(struct crypto_skcipher *tfm) 1268 { 1269 struct atmel_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 1270 struct atmel_aes_dev *dd; 1271 1272 dd = atmel_aes_dev_alloc(&ctx->base); 1273 if (!dd) 1274 return -ENODEV; 1275 1276 crypto_skcipher_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx)); 1277 ctx->base.dd = dd; 1278 ctx->base.start = atmel_aes_start; 1279 1280 return 0; 1281 } 1282 1283 static int atmel_aes_ctr_init_tfm(struct crypto_skcipher *tfm) 1284 { 1285 struct atmel_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 1286 struct atmel_aes_dev *dd; 1287 1288 dd = atmel_aes_dev_alloc(&ctx->base); 1289 if (!dd) 1290 return -ENODEV; 1291 1292 crypto_skcipher_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx)); 1293 ctx->base.dd = dd; 1294 ctx->base.start = atmel_aes_ctr_start; 1295 1296 return 0; 1297 } 1298 1299 static struct skcipher_alg aes_algs[] = { 1300 { 1301 .base.cra_name = "ecb(aes)", 1302 .base.cra_driver_name = "atmel-ecb-aes", 1303 .base.cra_blocksize = AES_BLOCK_SIZE, 1304 .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), 1305 1306 .init = atmel_aes_init_tfm, 1307 .min_keysize = AES_MIN_KEY_SIZE, 1308 .max_keysize = AES_MAX_KEY_SIZE, 1309 .setkey = atmel_aes_setkey, 1310 .encrypt = atmel_aes_ecb_encrypt, 1311 .decrypt = atmel_aes_ecb_decrypt, 1312 }, 1313 { 1314 .base.cra_name = "cbc(aes)", 1315 .base.cra_driver_name = "atmel-cbc-aes", 1316 .base.cra_blocksize = AES_BLOCK_SIZE, 1317 .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), 1318 1319 .init = atmel_aes_init_tfm, 1320 .min_keysize = AES_MIN_KEY_SIZE, 1321 .max_keysize = AES_MAX_KEY_SIZE, 1322 .setkey = atmel_aes_setkey, 1323 .encrypt = atmel_aes_cbc_encrypt, 1324 .decrypt = atmel_aes_cbc_decrypt, 1325 .ivsize = AES_BLOCK_SIZE, 1326 }, 1327 { 1328 .base.cra_name = "ofb(aes)", 1329 .base.cra_driver_name = "atmel-ofb-aes", 1330 .base.cra_blocksize = 1, 1331 .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), 1332 1333 .init = atmel_aes_init_tfm, 1334 .min_keysize = AES_MIN_KEY_SIZE, 1335 .max_keysize = AES_MAX_KEY_SIZE, 1336 .setkey = atmel_aes_setkey, 1337 .encrypt = atmel_aes_ofb_encrypt, 1338 .decrypt = atmel_aes_ofb_decrypt, 1339 .ivsize = AES_BLOCK_SIZE, 1340 }, 1341 { 1342 .base.cra_name = "cfb(aes)", 1343 .base.cra_driver_name = "atmel-cfb-aes", 1344 .base.cra_blocksize = AES_BLOCK_SIZE, 1345 .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), 1346 1347 .init = atmel_aes_init_tfm, 1348 .min_keysize = AES_MIN_KEY_SIZE, 1349 .max_keysize = AES_MAX_KEY_SIZE, 1350 .setkey = atmel_aes_setkey, 1351 .encrypt = atmel_aes_cfb_encrypt, 1352 .decrypt = atmel_aes_cfb_decrypt, 1353 .ivsize = AES_BLOCK_SIZE, 1354 }, 1355 { 1356 .base.cra_name = "cfb32(aes)", 1357 .base.cra_driver_name = "atmel-cfb32-aes", 1358 .base.cra_blocksize = CFB32_BLOCK_SIZE, 1359 .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), 1360 1361 .init = atmel_aes_init_tfm, 1362 .min_keysize = AES_MIN_KEY_SIZE, 1363 .max_keysize = AES_MAX_KEY_SIZE, 1364 .setkey = atmel_aes_setkey, 1365 .encrypt = atmel_aes_cfb32_encrypt, 1366 .decrypt = atmel_aes_cfb32_decrypt, 1367 .ivsize = AES_BLOCK_SIZE, 1368 }, 1369 { 1370 .base.cra_name = "cfb16(aes)", 1371 .base.cra_driver_name = "atmel-cfb16-aes", 1372 .base.cra_blocksize = CFB16_BLOCK_SIZE, 1373 .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), 1374 1375 .init = atmel_aes_init_tfm, 1376 .min_keysize = AES_MIN_KEY_SIZE, 1377 .max_keysize = AES_MAX_KEY_SIZE, 1378 .setkey = atmel_aes_setkey, 1379 .encrypt = atmel_aes_cfb16_encrypt, 1380 .decrypt = atmel_aes_cfb16_decrypt, 1381 .ivsize = AES_BLOCK_SIZE, 1382 }, 1383 { 1384 .base.cra_name = "cfb8(aes)", 1385 .base.cra_driver_name = "atmel-cfb8-aes", 1386 .base.cra_blocksize = CFB8_BLOCK_SIZE, 1387 .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), 1388 1389 .init = atmel_aes_init_tfm, 1390 .min_keysize = AES_MIN_KEY_SIZE, 1391 .max_keysize = AES_MAX_KEY_SIZE, 1392 .setkey = atmel_aes_setkey, 1393 .encrypt = atmel_aes_cfb8_encrypt, 1394 .decrypt = atmel_aes_cfb8_decrypt, 1395 .ivsize = AES_BLOCK_SIZE, 1396 }, 1397 { 1398 .base.cra_name = "ctr(aes)", 1399 .base.cra_driver_name = "atmel-ctr-aes", 1400 .base.cra_blocksize = 1, 1401 .base.cra_ctxsize = sizeof(struct atmel_aes_ctr_ctx), 1402 1403 .init = atmel_aes_ctr_init_tfm, 1404 .min_keysize = AES_MIN_KEY_SIZE, 1405 .max_keysize = AES_MAX_KEY_SIZE, 1406 .setkey = atmel_aes_setkey, 1407 .encrypt = atmel_aes_ctr_encrypt, 1408 .decrypt = atmel_aes_ctr_decrypt, 1409 .ivsize = AES_BLOCK_SIZE, 1410 }, 1411 }; 1412 1413 static struct skcipher_alg aes_cfb64_alg = { 1414 .base.cra_name = "cfb64(aes)", 1415 .base.cra_driver_name = "atmel-cfb64-aes", 1416 .base.cra_blocksize = CFB64_BLOCK_SIZE, 1417 .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), 1418 1419 .init = atmel_aes_init_tfm, 1420 .min_keysize = AES_MIN_KEY_SIZE, 1421 .max_keysize = AES_MAX_KEY_SIZE, 1422 .setkey = atmel_aes_setkey, 1423 .encrypt = atmel_aes_cfb64_encrypt, 1424 .decrypt = atmel_aes_cfb64_decrypt, 1425 .ivsize = AES_BLOCK_SIZE, 1426 }; 1427 1428 1429 /* gcm aead functions */ 1430 1431 static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd, 1432 const u32 *data, size_t datalen, 1433 const __be32 *ghash_in, __be32 *ghash_out, 1434 atmel_aes_fn_t resume); 1435 static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd); 1436 static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd); 1437 1438 static int atmel_aes_gcm_start(struct atmel_aes_dev *dd); 1439 static int atmel_aes_gcm_process(struct atmel_aes_dev *dd); 1440 static int atmel_aes_gcm_length(struct atmel_aes_dev *dd); 1441 static int atmel_aes_gcm_data(struct atmel_aes_dev *dd); 1442 static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd); 1443 static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd); 1444 static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd); 1445 1446 static inline struct atmel_aes_gcm_ctx * 1447 atmel_aes_gcm_ctx_cast(struct atmel_aes_base_ctx *ctx) 1448 { 1449 return container_of(ctx, struct atmel_aes_gcm_ctx, base); 1450 } 1451 1452 static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd, 1453 const u32 *data, size_t datalen, 1454 const __be32 *ghash_in, __be32 *ghash_out, 1455 atmel_aes_fn_t resume) 1456 { 1457 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1458 1459 dd->data = (u32 *)data; 1460 dd->datalen = datalen; 1461 ctx->ghash_in = ghash_in; 1462 ctx->ghash_out = ghash_out; 1463 ctx->ghash_resume = resume; 1464 1465 atmel_aes_write_ctrl(dd, false, NULL); 1466 return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_ghash_init); 1467 } 1468 1469 static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd) 1470 { 1471 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1472 1473 /* Set the data length. */ 1474 atmel_aes_write(dd, AES_AADLENR, dd->total); 1475 atmel_aes_write(dd, AES_CLENR, 0); 1476 1477 /* If needed, overwrite the GCM Intermediate Hash Word Registers */ 1478 if (ctx->ghash_in) 1479 atmel_aes_write_block(dd, AES_GHASHR(0), ctx->ghash_in); 1480 1481 return atmel_aes_gcm_ghash_finalize(dd); 1482 } 1483 1484 static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd) 1485 { 1486 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1487 u32 isr; 1488 1489 /* Write data into the Input Data Registers. */ 1490 while (dd->datalen > 0) { 1491 atmel_aes_write_block(dd, AES_IDATAR(0), dd->data); 1492 dd->data += 4; 1493 dd->datalen -= AES_BLOCK_SIZE; 1494 1495 isr = atmel_aes_read(dd, AES_ISR); 1496 if (!(isr & AES_INT_DATARDY)) { 1497 dd->resume = atmel_aes_gcm_ghash_finalize; 1498 atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); 1499 return -EINPROGRESS; 1500 } 1501 } 1502 1503 /* Read the computed hash from GHASHRx. */ 1504 atmel_aes_read_block(dd, AES_GHASHR(0), ctx->ghash_out); 1505 1506 return ctx->ghash_resume(dd); 1507 } 1508 1509 1510 static int atmel_aes_gcm_start(struct atmel_aes_dev *dd) 1511 { 1512 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1513 struct aead_request *req = aead_request_cast(dd->areq); 1514 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1515 struct atmel_aes_reqctx *rctx = aead_request_ctx(req); 1516 size_t ivsize = crypto_aead_ivsize(tfm); 1517 size_t datalen, padlen; 1518 const void *iv = req->iv; 1519 u8 *data = dd->buf; 1520 int err; 1521 1522 atmel_aes_set_mode(dd, rctx); 1523 1524 err = atmel_aes_hw_init(dd); 1525 if (err) 1526 return atmel_aes_complete(dd, err); 1527 1528 if (likely(ivsize == GCM_AES_IV_SIZE)) { 1529 memcpy(ctx->j0, iv, ivsize); 1530 ctx->j0[3] = cpu_to_be32(1); 1531 return atmel_aes_gcm_process(dd); 1532 } 1533 1534 padlen = atmel_aes_padlen(ivsize, AES_BLOCK_SIZE); 1535 datalen = ivsize + padlen + AES_BLOCK_SIZE; 1536 if (datalen > dd->buflen) 1537 return atmel_aes_complete(dd, -EINVAL); 1538 1539 memcpy(data, iv, ivsize); 1540 memset(data + ivsize, 0, padlen + sizeof(u64)); 1541 ((__be64 *)(data + datalen))[-1] = cpu_to_be64(ivsize * 8); 1542 1543 return atmel_aes_gcm_ghash(dd, (const u32 *)data, datalen, 1544 NULL, ctx->j0, atmel_aes_gcm_process); 1545 } 1546 1547 static int atmel_aes_gcm_process(struct atmel_aes_dev *dd) 1548 { 1549 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1550 struct aead_request *req = aead_request_cast(dd->areq); 1551 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1552 bool enc = atmel_aes_is_encrypt(dd); 1553 u32 authsize; 1554 1555 /* Compute text length. */ 1556 authsize = crypto_aead_authsize(tfm); 1557 ctx->textlen = req->cryptlen - (enc ? 0 : authsize); 1558 1559 /* 1560 * According to tcrypt test suite, the GCM Automatic Tag Generation 1561 * fails when both the message and its associated data are empty. 1562 */ 1563 if (likely(req->assoclen != 0 || ctx->textlen != 0)) 1564 dd->flags |= AES_FLAGS_GTAGEN; 1565 1566 atmel_aes_write_ctrl(dd, false, NULL); 1567 return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_length); 1568 } 1569 1570 static int atmel_aes_gcm_length(struct atmel_aes_dev *dd) 1571 { 1572 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1573 struct aead_request *req = aead_request_cast(dd->areq); 1574 __be32 j0_lsw, *j0 = ctx->j0; 1575 size_t padlen; 1576 1577 /* Write incr32(J0) into IV. */ 1578 j0_lsw = j0[3]; 1579 be32_add_cpu(&j0[3], 1); 1580 atmel_aes_write_block(dd, AES_IVR(0), j0); 1581 j0[3] = j0_lsw; 1582 1583 /* Set aad and text lengths. */ 1584 atmel_aes_write(dd, AES_AADLENR, req->assoclen); 1585 atmel_aes_write(dd, AES_CLENR, ctx->textlen); 1586 1587 /* Check whether AAD are present. */ 1588 if (unlikely(req->assoclen == 0)) { 1589 dd->datalen = 0; 1590 return atmel_aes_gcm_data(dd); 1591 } 1592 1593 /* Copy assoc data and add padding. */ 1594 padlen = atmel_aes_padlen(req->assoclen, AES_BLOCK_SIZE); 1595 if (unlikely(req->assoclen + padlen > dd->buflen)) 1596 return atmel_aes_complete(dd, -EINVAL); 1597 sg_copy_to_buffer(req->src, sg_nents(req->src), dd->buf, req->assoclen); 1598 1599 /* Write assoc data into the Input Data register. */ 1600 dd->data = (u32 *)dd->buf; 1601 dd->datalen = req->assoclen + padlen; 1602 return atmel_aes_gcm_data(dd); 1603 } 1604 1605 static int atmel_aes_gcm_data(struct atmel_aes_dev *dd) 1606 { 1607 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1608 struct aead_request *req = aead_request_cast(dd->areq); 1609 bool use_dma = (ctx->textlen >= ATMEL_AES_DMA_THRESHOLD); 1610 struct scatterlist *src, *dst; 1611 u32 isr, mr; 1612 1613 /* Write AAD first. */ 1614 while (dd->datalen > 0) { 1615 atmel_aes_write_block(dd, AES_IDATAR(0), dd->data); 1616 dd->data += 4; 1617 dd->datalen -= AES_BLOCK_SIZE; 1618 1619 isr = atmel_aes_read(dd, AES_ISR); 1620 if (!(isr & AES_INT_DATARDY)) { 1621 dd->resume = atmel_aes_gcm_data; 1622 atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); 1623 return -EINPROGRESS; 1624 } 1625 } 1626 1627 /* GMAC only. */ 1628 if (unlikely(ctx->textlen == 0)) 1629 return atmel_aes_gcm_tag_init(dd); 1630 1631 /* Prepare src and dst scatter lists to transfer cipher/plain texts */ 1632 src = scatterwalk_ffwd(ctx->src, req->src, req->assoclen); 1633 dst = ((req->src == req->dst) ? src : 1634 scatterwalk_ffwd(ctx->dst, req->dst, req->assoclen)); 1635 1636 if (use_dma) { 1637 /* Update the Mode Register for DMA transfers. */ 1638 mr = atmel_aes_read(dd, AES_MR); 1639 mr &= ~(AES_MR_SMOD_MASK | AES_MR_DUALBUFF); 1640 mr |= AES_MR_SMOD_IDATAR0; 1641 if (dd->caps.has_dualbuff) 1642 mr |= AES_MR_DUALBUFF; 1643 atmel_aes_write(dd, AES_MR, mr); 1644 1645 return atmel_aes_dma_start(dd, src, dst, ctx->textlen, 1646 atmel_aes_gcm_tag_init); 1647 } 1648 1649 return atmel_aes_cpu_start(dd, src, dst, ctx->textlen, 1650 atmel_aes_gcm_tag_init); 1651 } 1652 1653 static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd) 1654 { 1655 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1656 struct aead_request *req = aead_request_cast(dd->areq); 1657 __be64 *data = dd->buf; 1658 1659 if (likely(dd->flags & AES_FLAGS_GTAGEN)) { 1660 if (!(atmel_aes_read(dd, AES_ISR) & AES_INT_TAGRDY)) { 1661 dd->resume = atmel_aes_gcm_tag_init; 1662 atmel_aes_write(dd, AES_IER, AES_INT_TAGRDY); 1663 return -EINPROGRESS; 1664 } 1665 1666 return atmel_aes_gcm_finalize(dd); 1667 } 1668 1669 /* Read the GCM Intermediate Hash Word Registers. */ 1670 atmel_aes_read_block(dd, AES_GHASHR(0), ctx->ghash); 1671 1672 data[0] = cpu_to_be64(req->assoclen * 8); 1673 data[1] = cpu_to_be64(ctx->textlen * 8); 1674 1675 return atmel_aes_gcm_ghash(dd, (const u32 *)data, AES_BLOCK_SIZE, 1676 ctx->ghash, ctx->ghash, atmel_aes_gcm_tag); 1677 } 1678 1679 static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd) 1680 { 1681 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1682 unsigned long flags; 1683 1684 /* 1685 * Change mode to CTR to complete the tag generation. 1686 * Use J0 as Initialization Vector. 1687 */ 1688 flags = dd->flags; 1689 dd->flags &= ~(AES_FLAGS_OPMODE_MASK | AES_FLAGS_GTAGEN); 1690 dd->flags |= AES_FLAGS_CTR; 1691 atmel_aes_write_ctrl(dd, false, ctx->j0); 1692 dd->flags = flags; 1693 1694 atmel_aes_write_block(dd, AES_IDATAR(0), ctx->ghash); 1695 return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_finalize); 1696 } 1697 1698 static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd) 1699 { 1700 struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1701 struct aead_request *req = aead_request_cast(dd->areq); 1702 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1703 bool enc = atmel_aes_is_encrypt(dd); 1704 u32 offset, authsize, itag[4], *otag = ctx->tag; 1705 int err; 1706 1707 /* Read the computed tag. */ 1708 if (likely(dd->flags & AES_FLAGS_GTAGEN)) 1709 atmel_aes_read_block(dd, AES_TAGR(0), ctx->tag); 1710 else 1711 atmel_aes_read_block(dd, AES_ODATAR(0), ctx->tag); 1712 1713 offset = req->assoclen + ctx->textlen; 1714 authsize = crypto_aead_authsize(tfm); 1715 if (enc) { 1716 scatterwalk_map_and_copy(otag, req->dst, offset, authsize, 1); 1717 err = 0; 1718 } else { 1719 scatterwalk_map_and_copy(itag, req->src, offset, authsize, 0); 1720 err = crypto_memneq(itag, otag, authsize) ? -EBADMSG : 0; 1721 } 1722 1723 return atmel_aes_complete(dd, err); 1724 } 1725 1726 static int atmel_aes_gcm_crypt(struct aead_request *req, 1727 unsigned long mode) 1728 { 1729 struct atmel_aes_base_ctx *ctx; 1730 struct atmel_aes_reqctx *rctx; 1731 1732 ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 1733 ctx->block_size = AES_BLOCK_SIZE; 1734 ctx->is_aead = true; 1735 1736 rctx = aead_request_ctx(req); 1737 rctx->mode = AES_FLAGS_GCM | mode; 1738 1739 return atmel_aes_handle_queue(ctx->dd, &req->base); 1740 } 1741 1742 static int atmel_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, 1743 unsigned int keylen) 1744 { 1745 struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm); 1746 1747 if (keylen != AES_KEYSIZE_256 && 1748 keylen != AES_KEYSIZE_192 && 1749 keylen != AES_KEYSIZE_128) 1750 return -EINVAL; 1751 1752 memcpy(ctx->key, key, keylen); 1753 ctx->keylen = keylen; 1754 1755 return 0; 1756 } 1757 1758 static int atmel_aes_gcm_setauthsize(struct crypto_aead *tfm, 1759 unsigned int authsize) 1760 { 1761 return crypto_gcm_check_authsize(authsize); 1762 } 1763 1764 static int atmel_aes_gcm_encrypt(struct aead_request *req) 1765 { 1766 return atmel_aes_gcm_crypt(req, AES_FLAGS_ENCRYPT); 1767 } 1768 1769 static int atmel_aes_gcm_decrypt(struct aead_request *req) 1770 { 1771 return atmel_aes_gcm_crypt(req, 0); 1772 } 1773 1774 static int atmel_aes_gcm_init(struct crypto_aead *tfm) 1775 { 1776 struct atmel_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm); 1777 struct atmel_aes_dev *dd; 1778 1779 dd = atmel_aes_dev_alloc(&ctx->base); 1780 if (!dd) 1781 return -ENODEV; 1782 1783 crypto_aead_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx)); 1784 ctx->base.dd = dd; 1785 ctx->base.start = atmel_aes_gcm_start; 1786 1787 return 0; 1788 } 1789 1790 static struct aead_alg aes_gcm_alg = { 1791 .setkey = atmel_aes_gcm_setkey, 1792 .setauthsize = atmel_aes_gcm_setauthsize, 1793 .encrypt = atmel_aes_gcm_encrypt, 1794 .decrypt = atmel_aes_gcm_decrypt, 1795 .init = atmel_aes_gcm_init, 1796 .ivsize = GCM_AES_IV_SIZE, 1797 .maxauthsize = AES_BLOCK_SIZE, 1798 1799 .base = { 1800 .cra_name = "gcm(aes)", 1801 .cra_driver_name = "atmel-gcm-aes", 1802 .cra_blocksize = 1, 1803 .cra_ctxsize = sizeof(struct atmel_aes_gcm_ctx), 1804 }, 1805 }; 1806 1807 1808 /* xts functions */ 1809 1810 static inline struct atmel_aes_xts_ctx * 1811 atmel_aes_xts_ctx_cast(struct atmel_aes_base_ctx *ctx) 1812 { 1813 return container_of(ctx, struct atmel_aes_xts_ctx, base); 1814 } 1815 1816 static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd); 1817 1818 static int atmel_aes_xts_start(struct atmel_aes_dev *dd) 1819 { 1820 struct atmel_aes_xts_ctx *ctx = atmel_aes_xts_ctx_cast(dd->ctx); 1821 struct skcipher_request *req = skcipher_request_cast(dd->areq); 1822 struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); 1823 unsigned long flags; 1824 int err; 1825 1826 atmel_aes_set_mode(dd, rctx); 1827 1828 err = atmel_aes_hw_init(dd); 1829 if (err) 1830 return atmel_aes_complete(dd, err); 1831 1832 /* Compute the tweak value from req->iv with ecb(aes). */ 1833 flags = dd->flags; 1834 dd->flags &= ~AES_FLAGS_MODE_MASK; 1835 dd->flags |= (AES_FLAGS_ECB | AES_FLAGS_ENCRYPT); 1836 atmel_aes_write_ctrl_key(dd, false, NULL, 1837 ctx->key2, ctx->base.keylen); 1838 dd->flags = flags; 1839 1840 atmel_aes_write_block(dd, AES_IDATAR(0), req->iv); 1841 return atmel_aes_wait_for_data_ready(dd, atmel_aes_xts_process_data); 1842 } 1843 1844 static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd) 1845 { 1846 struct skcipher_request *req = skcipher_request_cast(dd->areq); 1847 bool use_dma = (req->cryptlen >= ATMEL_AES_DMA_THRESHOLD); 1848 u32 tweak[AES_BLOCK_SIZE / sizeof(u32)]; 1849 static const __le32 one[AES_BLOCK_SIZE / sizeof(u32)] = {cpu_to_le32(1), }; 1850 u8 *tweak_bytes = (u8 *)tweak; 1851 int i; 1852 1853 /* Read the computed ciphered tweak value. */ 1854 atmel_aes_read_block(dd, AES_ODATAR(0), tweak); 1855 /* 1856 * Hardware quirk: 1857 * the order of the ciphered tweak bytes need to be reversed before 1858 * writing them into the ODATARx registers. 1859 */ 1860 for (i = 0; i < AES_BLOCK_SIZE/2; ++i) 1861 swap(tweak_bytes[i], tweak_bytes[AES_BLOCK_SIZE - 1 - i]); 1862 1863 /* Process the data. */ 1864 atmel_aes_write_ctrl(dd, use_dma, NULL); 1865 atmel_aes_write_block(dd, AES_TWR(0), tweak); 1866 atmel_aes_write_block(dd, AES_ALPHAR(0), one); 1867 if (use_dma) 1868 return atmel_aes_dma_start(dd, req->src, req->dst, 1869 req->cryptlen, 1870 atmel_aes_transfer_complete); 1871 1872 return atmel_aes_cpu_start(dd, req->src, req->dst, req->cryptlen, 1873 atmel_aes_transfer_complete); 1874 } 1875 1876 static int atmel_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, 1877 unsigned int keylen) 1878 { 1879 struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); 1880 int err; 1881 1882 err = xts_verify_key(tfm, key, keylen); 1883 if (err) 1884 return err; 1885 1886 crypto_skcipher_clear_flags(ctx->fallback_tfm, CRYPTO_TFM_REQ_MASK); 1887 crypto_skcipher_set_flags(ctx->fallback_tfm, tfm->base.crt_flags & 1888 CRYPTO_TFM_REQ_MASK); 1889 err = crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen); 1890 if (err) 1891 return err; 1892 1893 memcpy(ctx->base.key, key, keylen/2); 1894 memcpy(ctx->key2, key + keylen/2, keylen/2); 1895 ctx->base.keylen = keylen/2; 1896 1897 return 0; 1898 } 1899 1900 static int atmel_aes_xts_encrypt(struct skcipher_request *req) 1901 { 1902 return atmel_aes_crypt(req, AES_FLAGS_XTS | AES_FLAGS_ENCRYPT); 1903 } 1904 1905 static int atmel_aes_xts_decrypt(struct skcipher_request *req) 1906 { 1907 return atmel_aes_crypt(req, AES_FLAGS_XTS); 1908 } 1909 1910 static int atmel_aes_xts_init_tfm(struct crypto_skcipher *tfm) 1911 { 1912 struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); 1913 struct atmel_aes_dev *dd; 1914 const char *tfm_name = crypto_tfm_alg_name(&tfm->base); 1915 1916 dd = atmel_aes_dev_alloc(&ctx->base); 1917 if (!dd) 1918 return -ENODEV; 1919 1920 ctx->fallback_tfm = crypto_alloc_skcipher(tfm_name, 0, 1921 CRYPTO_ALG_NEED_FALLBACK); 1922 if (IS_ERR(ctx->fallback_tfm)) 1923 return PTR_ERR(ctx->fallback_tfm); 1924 1925 crypto_skcipher_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx) + 1926 crypto_skcipher_reqsize(ctx->fallback_tfm)); 1927 ctx->base.dd = dd; 1928 ctx->base.start = atmel_aes_xts_start; 1929 1930 return 0; 1931 } 1932 1933 static void atmel_aes_xts_exit_tfm(struct crypto_skcipher *tfm) 1934 { 1935 struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); 1936 1937 crypto_free_skcipher(ctx->fallback_tfm); 1938 } 1939 1940 static struct skcipher_alg aes_xts_alg = { 1941 .base.cra_name = "xts(aes)", 1942 .base.cra_driver_name = "atmel-xts-aes", 1943 .base.cra_blocksize = AES_BLOCK_SIZE, 1944 .base.cra_ctxsize = sizeof(struct atmel_aes_xts_ctx), 1945 .base.cra_flags = CRYPTO_ALG_NEED_FALLBACK, 1946 1947 .min_keysize = 2 * AES_MIN_KEY_SIZE, 1948 .max_keysize = 2 * AES_MAX_KEY_SIZE, 1949 .ivsize = AES_BLOCK_SIZE, 1950 .setkey = atmel_aes_xts_setkey, 1951 .encrypt = atmel_aes_xts_encrypt, 1952 .decrypt = atmel_aes_xts_decrypt, 1953 .init = atmel_aes_xts_init_tfm, 1954 .exit = atmel_aes_xts_exit_tfm, 1955 }; 1956 1957 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 1958 /* authenc aead functions */ 1959 1960 static int atmel_aes_authenc_start(struct atmel_aes_dev *dd); 1961 static int atmel_aes_authenc_init(struct atmel_aes_dev *dd, int err, 1962 bool is_async); 1963 static int atmel_aes_authenc_transfer(struct atmel_aes_dev *dd, int err, 1964 bool is_async); 1965 static int atmel_aes_authenc_digest(struct atmel_aes_dev *dd); 1966 static int atmel_aes_authenc_final(struct atmel_aes_dev *dd, int err, 1967 bool is_async); 1968 1969 static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err) 1970 { 1971 struct aead_request *req = aead_request_cast(dd->areq); 1972 struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); 1973 1974 if (err && (dd->flags & AES_FLAGS_OWN_SHA)) 1975 atmel_sha_authenc_abort(&rctx->auth_req); 1976 dd->flags &= ~AES_FLAGS_OWN_SHA; 1977 } 1978 1979 static int atmel_aes_authenc_start(struct atmel_aes_dev *dd) 1980 { 1981 struct aead_request *req = aead_request_cast(dd->areq); 1982 struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); 1983 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1984 struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm); 1985 int err; 1986 1987 atmel_aes_set_mode(dd, &rctx->base); 1988 1989 err = atmel_aes_hw_init(dd); 1990 if (err) 1991 return atmel_aes_complete(dd, err); 1992 1993 return atmel_sha_authenc_schedule(&rctx->auth_req, ctx->auth, 1994 atmel_aes_authenc_init, dd); 1995 } 1996 1997 static int atmel_aes_authenc_init(struct atmel_aes_dev *dd, int err, 1998 bool is_async) 1999 { 2000 struct aead_request *req = aead_request_cast(dd->areq); 2001 struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); 2002 2003 if (is_async) 2004 dd->is_async = true; 2005 if (err) 2006 return atmel_aes_complete(dd, err); 2007 2008 /* If here, we've got the ownership of the SHA device. */ 2009 dd->flags |= AES_FLAGS_OWN_SHA; 2010 2011 /* Configure the SHA device. */ 2012 return atmel_sha_authenc_init(&rctx->auth_req, 2013 req->src, req->assoclen, 2014 rctx->textlen, 2015 atmel_aes_authenc_transfer, dd); 2016 } 2017 2018 static int atmel_aes_authenc_transfer(struct atmel_aes_dev *dd, int err, 2019 bool is_async) 2020 { 2021 struct aead_request *req = aead_request_cast(dd->areq); 2022 struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); 2023 bool enc = atmel_aes_is_encrypt(dd); 2024 struct scatterlist *src, *dst; 2025 __be32 iv[AES_BLOCK_SIZE / sizeof(u32)]; 2026 u32 emr; 2027 2028 if (is_async) 2029 dd->is_async = true; 2030 if (err) 2031 return atmel_aes_complete(dd, err); 2032 2033 /* Prepare src and dst scatter-lists to transfer cipher/plain texts. */ 2034 src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen); 2035 dst = src; 2036 2037 if (req->src != req->dst) 2038 dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen); 2039 2040 /* Configure the AES device. */ 2041 memcpy(iv, req->iv, sizeof(iv)); 2042 2043 /* 2044 * Here we always set the 2nd parameter of atmel_aes_write_ctrl() to 2045 * 'true' even if the data transfer is actually performed by the CPU (so 2046 * not by the DMA) because we must force the AES_MR_SMOD bitfield to the 2047 * value AES_MR_SMOD_IDATAR0. Indeed, both AES_MR_SMOD and SHA_MR_SMOD 2048 * must be set to *_MR_SMOD_IDATAR0. 2049 */ 2050 atmel_aes_write_ctrl(dd, true, iv); 2051 emr = AES_EMR_PLIPEN; 2052 if (!enc) 2053 emr |= AES_EMR_PLIPD; 2054 atmel_aes_write(dd, AES_EMR, emr); 2055 2056 /* Transfer data. */ 2057 return atmel_aes_dma_start(dd, src, dst, rctx->textlen, 2058 atmel_aes_authenc_digest); 2059 } 2060 2061 static int atmel_aes_authenc_digest(struct atmel_aes_dev *dd) 2062 { 2063 struct aead_request *req = aead_request_cast(dd->areq); 2064 struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); 2065 2066 /* atmel_sha_authenc_final() releases the SHA device. */ 2067 dd->flags &= ~AES_FLAGS_OWN_SHA; 2068 return atmel_sha_authenc_final(&rctx->auth_req, 2069 rctx->digest, sizeof(rctx->digest), 2070 atmel_aes_authenc_final, dd); 2071 } 2072 2073 static int atmel_aes_authenc_final(struct atmel_aes_dev *dd, int err, 2074 bool is_async) 2075 { 2076 struct aead_request *req = aead_request_cast(dd->areq); 2077 struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); 2078 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 2079 bool enc = atmel_aes_is_encrypt(dd); 2080 u32 idigest[SHA512_DIGEST_SIZE / sizeof(u32)], *odigest = rctx->digest; 2081 u32 offs, authsize; 2082 2083 if (is_async) 2084 dd->is_async = true; 2085 if (err) 2086 goto complete; 2087 2088 offs = req->assoclen + rctx->textlen; 2089 authsize = crypto_aead_authsize(tfm); 2090 if (enc) { 2091 scatterwalk_map_and_copy(odigest, req->dst, offs, authsize, 1); 2092 } else { 2093 scatterwalk_map_and_copy(idigest, req->src, offs, authsize, 0); 2094 if (crypto_memneq(idigest, odigest, authsize)) 2095 err = -EBADMSG; 2096 } 2097 2098 complete: 2099 return atmel_aes_complete(dd, err); 2100 } 2101 2102 static int atmel_aes_authenc_setkey(struct crypto_aead *tfm, const u8 *key, 2103 unsigned int keylen) 2104 { 2105 struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm); 2106 struct crypto_authenc_keys keys; 2107 int err; 2108 2109 if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) 2110 goto badkey; 2111 2112 if (keys.enckeylen > sizeof(ctx->base.key)) 2113 goto badkey; 2114 2115 /* Save auth key. */ 2116 err = atmel_sha_authenc_setkey(ctx->auth, 2117 keys.authkey, keys.authkeylen, 2118 crypto_aead_get_flags(tfm)); 2119 if (err) { 2120 memzero_explicit(&keys, sizeof(keys)); 2121 return err; 2122 } 2123 2124 /* Save enc key. */ 2125 ctx->base.keylen = keys.enckeylen; 2126 memcpy(ctx->base.key, keys.enckey, keys.enckeylen); 2127 2128 memzero_explicit(&keys, sizeof(keys)); 2129 return 0; 2130 2131 badkey: 2132 memzero_explicit(&keys, sizeof(keys)); 2133 return -EINVAL; 2134 } 2135 2136 static int atmel_aes_authenc_init_tfm(struct crypto_aead *tfm, 2137 unsigned long auth_mode) 2138 { 2139 struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm); 2140 unsigned int auth_reqsize = atmel_sha_authenc_get_reqsize(); 2141 struct atmel_aes_dev *dd; 2142 2143 dd = atmel_aes_dev_alloc(&ctx->base); 2144 if (!dd) 2145 return -ENODEV; 2146 2147 ctx->auth = atmel_sha_authenc_spawn(auth_mode); 2148 if (IS_ERR(ctx->auth)) 2149 return PTR_ERR(ctx->auth); 2150 2151 crypto_aead_set_reqsize(tfm, (sizeof(struct atmel_aes_authenc_reqctx) + 2152 auth_reqsize)); 2153 ctx->base.dd = dd; 2154 ctx->base.start = atmel_aes_authenc_start; 2155 2156 return 0; 2157 } 2158 2159 static int atmel_aes_authenc_hmac_sha1_init_tfm(struct crypto_aead *tfm) 2160 { 2161 return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA1); 2162 } 2163 2164 static int atmel_aes_authenc_hmac_sha224_init_tfm(struct crypto_aead *tfm) 2165 { 2166 return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA224); 2167 } 2168 2169 static int atmel_aes_authenc_hmac_sha256_init_tfm(struct crypto_aead *tfm) 2170 { 2171 return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA256); 2172 } 2173 2174 static int atmel_aes_authenc_hmac_sha384_init_tfm(struct crypto_aead *tfm) 2175 { 2176 return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA384); 2177 } 2178 2179 static int atmel_aes_authenc_hmac_sha512_init_tfm(struct crypto_aead *tfm) 2180 { 2181 return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA512); 2182 } 2183 2184 static void atmel_aes_authenc_exit_tfm(struct crypto_aead *tfm) 2185 { 2186 struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm); 2187 2188 atmel_sha_authenc_free(ctx->auth); 2189 } 2190 2191 static int atmel_aes_authenc_crypt(struct aead_request *req, 2192 unsigned long mode) 2193 { 2194 struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); 2195 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 2196 struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm); 2197 u32 authsize = crypto_aead_authsize(tfm); 2198 bool enc = (mode & AES_FLAGS_ENCRYPT); 2199 2200 /* Compute text length. */ 2201 if (!enc && req->cryptlen < authsize) 2202 return -EINVAL; 2203 rctx->textlen = req->cryptlen - (enc ? 0 : authsize); 2204 2205 /* 2206 * Currently, empty messages are not supported yet: 2207 * the SHA auto-padding can be used only on non-empty messages. 2208 * Hence a special case needs to be implemented for empty message. 2209 */ 2210 if (!rctx->textlen && !req->assoclen) 2211 return -EINVAL; 2212 2213 rctx->base.mode = mode; 2214 ctx->block_size = AES_BLOCK_SIZE; 2215 ctx->is_aead = true; 2216 2217 return atmel_aes_handle_queue(ctx->dd, &req->base); 2218 } 2219 2220 static int atmel_aes_authenc_cbc_aes_encrypt(struct aead_request *req) 2221 { 2222 return atmel_aes_authenc_crypt(req, AES_FLAGS_CBC | AES_FLAGS_ENCRYPT); 2223 } 2224 2225 static int atmel_aes_authenc_cbc_aes_decrypt(struct aead_request *req) 2226 { 2227 return atmel_aes_authenc_crypt(req, AES_FLAGS_CBC); 2228 } 2229 2230 static struct aead_alg aes_authenc_algs[] = { 2231 { 2232 .setkey = atmel_aes_authenc_setkey, 2233 .encrypt = atmel_aes_authenc_cbc_aes_encrypt, 2234 .decrypt = atmel_aes_authenc_cbc_aes_decrypt, 2235 .init = atmel_aes_authenc_hmac_sha1_init_tfm, 2236 .exit = atmel_aes_authenc_exit_tfm, 2237 .ivsize = AES_BLOCK_SIZE, 2238 .maxauthsize = SHA1_DIGEST_SIZE, 2239 2240 .base = { 2241 .cra_name = "authenc(hmac(sha1),cbc(aes))", 2242 .cra_driver_name = "atmel-authenc-hmac-sha1-cbc-aes", 2243 .cra_blocksize = AES_BLOCK_SIZE, 2244 .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), 2245 }, 2246 }, 2247 { 2248 .setkey = atmel_aes_authenc_setkey, 2249 .encrypt = atmel_aes_authenc_cbc_aes_encrypt, 2250 .decrypt = atmel_aes_authenc_cbc_aes_decrypt, 2251 .init = atmel_aes_authenc_hmac_sha224_init_tfm, 2252 .exit = atmel_aes_authenc_exit_tfm, 2253 .ivsize = AES_BLOCK_SIZE, 2254 .maxauthsize = SHA224_DIGEST_SIZE, 2255 2256 .base = { 2257 .cra_name = "authenc(hmac(sha224),cbc(aes))", 2258 .cra_driver_name = "atmel-authenc-hmac-sha224-cbc-aes", 2259 .cra_blocksize = AES_BLOCK_SIZE, 2260 .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), 2261 }, 2262 }, 2263 { 2264 .setkey = atmel_aes_authenc_setkey, 2265 .encrypt = atmel_aes_authenc_cbc_aes_encrypt, 2266 .decrypt = atmel_aes_authenc_cbc_aes_decrypt, 2267 .init = atmel_aes_authenc_hmac_sha256_init_tfm, 2268 .exit = atmel_aes_authenc_exit_tfm, 2269 .ivsize = AES_BLOCK_SIZE, 2270 .maxauthsize = SHA256_DIGEST_SIZE, 2271 2272 .base = { 2273 .cra_name = "authenc(hmac(sha256),cbc(aes))", 2274 .cra_driver_name = "atmel-authenc-hmac-sha256-cbc-aes", 2275 .cra_blocksize = AES_BLOCK_SIZE, 2276 .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), 2277 }, 2278 }, 2279 { 2280 .setkey = atmel_aes_authenc_setkey, 2281 .encrypt = atmel_aes_authenc_cbc_aes_encrypt, 2282 .decrypt = atmel_aes_authenc_cbc_aes_decrypt, 2283 .init = atmel_aes_authenc_hmac_sha384_init_tfm, 2284 .exit = atmel_aes_authenc_exit_tfm, 2285 .ivsize = AES_BLOCK_SIZE, 2286 .maxauthsize = SHA384_DIGEST_SIZE, 2287 2288 .base = { 2289 .cra_name = "authenc(hmac(sha384),cbc(aes))", 2290 .cra_driver_name = "atmel-authenc-hmac-sha384-cbc-aes", 2291 .cra_blocksize = AES_BLOCK_SIZE, 2292 .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), 2293 }, 2294 }, 2295 { 2296 .setkey = atmel_aes_authenc_setkey, 2297 .encrypt = atmel_aes_authenc_cbc_aes_encrypt, 2298 .decrypt = atmel_aes_authenc_cbc_aes_decrypt, 2299 .init = atmel_aes_authenc_hmac_sha512_init_tfm, 2300 .exit = atmel_aes_authenc_exit_tfm, 2301 .ivsize = AES_BLOCK_SIZE, 2302 .maxauthsize = SHA512_DIGEST_SIZE, 2303 2304 .base = { 2305 .cra_name = "authenc(hmac(sha512),cbc(aes))", 2306 .cra_driver_name = "atmel-authenc-hmac-sha512-cbc-aes", 2307 .cra_blocksize = AES_BLOCK_SIZE, 2308 .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), 2309 }, 2310 }, 2311 }; 2312 #endif /* CONFIG_CRYPTO_DEV_ATMEL_AUTHENC */ 2313 2314 /* Probe functions */ 2315 2316 static int atmel_aes_buff_init(struct atmel_aes_dev *dd) 2317 { 2318 dd->buf = (void *)__get_free_pages(GFP_KERNEL, ATMEL_AES_BUFFER_ORDER); 2319 dd->buflen = ATMEL_AES_BUFFER_SIZE; 2320 dd->buflen &= ~(AES_BLOCK_SIZE - 1); 2321 2322 if (!dd->buf) { 2323 dev_err(dd->dev, "unable to alloc pages.\n"); 2324 return -ENOMEM; 2325 } 2326 2327 return 0; 2328 } 2329 2330 static void atmel_aes_buff_cleanup(struct atmel_aes_dev *dd) 2331 { 2332 free_page((unsigned long)dd->buf); 2333 } 2334 2335 static int atmel_aes_dma_init(struct atmel_aes_dev *dd) 2336 { 2337 int ret; 2338 2339 /* Try to grab 2 DMA channels */ 2340 dd->src.chan = dma_request_chan(dd->dev, "tx"); 2341 if (IS_ERR(dd->src.chan)) { 2342 ret = PTR_ERR(dd->src.chan); 2343 goto err_dma_in; 2344 } 2345 2346 dd->dst.chan = dma_request_chan(dd->dev, "rx"); 2347 if (IS_ERR(dd->dst.chan)) { 2348 ret = PTR_ERR(dd->dst.chan); 2349 goto err_dma_out; 2350 } 2351 2352 return 0; 2353 2354 err_dma_out: 2355 dma_release_channel(dd->src.chan); 2356 err_dma_in: 2357 dev_err(dd->dev, "no DMA channel available\n"); 2358 return ret; 2359 } 2360 2361 static void atmel_aes_dma_cleanup(struct atmel_aes_dev *dd) 2362 { 2363 dma_release_channel(dd->dst.chan); 2364 dma_release_channel(dd->src.chan); 2365 } 2366 2367 static void atmel_aes_queue_task(unsigned long data) 2368 { 2369 struct atmel_aes_dev *dd = (struct atmel_aes_dev *)data; 2370 2371 atmel_aes_handle_queue(dd, NULL); 2372 } 2373 2374 static void atmel_aes_done_task(unsigned long data) 2375 { 2376 struct atmel_aes_dev *dd = (struct atmel_aes_dev *)data; 2377 2378 dd->is_async = true; 2379 (void)dd->resume(dd); 2380 } 2381 2382 static irqreturn_t atmel_aes_irq(int irq, void *dev_id) 2383 { 2384 struct atmel_aes_dev *aes_dd = dev_id; 2385 u32 reg; 2386 2387 reg = atmel_aes_read(aes_dd, AES_ISR); 2388 if (reg & atmel_aes_read(aes_dd, AES_IMR)) { 2389 atmel_aes_write(aes_dd, AES_IDR, reg); 2390 if (AES_FLAGS_BUSY & aes_dd->flags) 2391 tasklet_schedule(&aes_dd->done_task); 2392 else 2393 dev_warn(aes_dd->dev, "AES interrupt when no active requests.\n"); 2394 return IRQ_HANDLED; 2395 } 2396 2397 return IRQ_NONE; 2398 } 2399 2400 static void atmel_aes_unregister_algs(struct atmel_aes_dev *dd) 2401 { 2402 int i; 2403 2404 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 2405 if (dd->caps.has_authenc) 2406 for (i = 0; i < ARRAY_SIZE(aes_authenc_algs); i++) 2407 crypto_unregister_aead(&aes_authenc_algs[i]); 2408 #endif 2409 2410 if (dd->caps.has_xts) 2411 crypto_unregister_skcipher(&aes_xts_alg); 2412 2413 if (dd->caps.has_gcm) 2414 crypto_unregister_aead(&aes_gcm_alg); 2415 2416 if (dd->caps.has_cfb64) 2417 crypto_unregister_skcipher(&aes_cfb64_alg); 2418 2419 for (i = 0; i < ARRAY_SIZE(aes_algs); i++) 2420 crypto_unregister_skcipher(&aes_algs[i]); 2421 } 2422 2423 static void atmel_aes_crypto_alg_init(struct crypto_alg *alg) 2424 { 2425 alg->cra_flags |= CRYPTO_ALG_ASYNC; 2426 alg->cra_alignmask = 0xf; 2427 alg->cra_priority = ATMEL_AES_PRIORITY; 2428 alg->cra_module = THIS_MODULE; 2429 } 2430 2431 static int atmel_aes_register_algs(struct atmel_aes_dev *dd) 2432 { 2433 int err, i, j; 2434 2435 for (i = 0; i < ARRAY_SIZE(aes_algs); i++) { 2436 atmel_aes_crypto_alg_init(&aes_algs[i].base); 2437 2438 err = crypto_register_skcipher(&aes_algs[i]); 2439 if (err) 2440 goto err_aes_algs; 2441 } 2442 2443 if (dd->caps.has_cfb64) { 2444 atmel_aes_crypto_alg_init(&aes_cfb64_alg.base); 2445 2446 err = crypto_register_skcipher(&aes_cfb64_alg); 2447 if (err) 2448 goto err_aes_cfb64_alg; 2449 } 2450 2451 if (dd->caps.has_gcm) { 2452 atmel_aes_crypto_alg_init(&aes_gcm_alg.base); 2453 2454 err = crypto_register_aead(&aes_gcm_alg); 2455 if (err) 2456 goto err_aes_gcm_alg; 2457 } 2458 2459 if (dd->caps.has_xts) { 2460 atmel_aes_crypto_alg_init(&aes_xts_alg.base); 2461 2462 err = crypto_register_skcipher(&aes_xts_alg); 2463 if (err) 2464 goto err_aes_xts_alg; 2465 } 2466 2467 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 2468 if (dd->caps.has_authenc) { 2469 for (i = 0; i < ARRAY_SIZE(aes_authenc_algs); i++) { 2470 atmel_aes_crypto_alg_init(&aes_authenc_algs[i].base); 2471 2472 err = crypto_register_aead(&aes_authenc_algs[i]); 2473 if (err) 2474 goto err_aes_authenc_alg; 2475 } 2476 } 2477 #endif 2478 2479 return 0; 2480 2481 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 2482 /* i = ARRAY_SIZE(aes_authenc_algs); */ 2483 err_aes_authenc_alg: 2484 for (j = 0; j < i; j++) 2485 crypto_unregister_aead(&aes_authenc_algs[j]); 2486 crypto_unregister_skcipher(&aes_xts_alg); 2487 #endif 2488 err_aes_xts_alg: 2489 crypto_unregister_aead(&aes_gcm_alg); 2490 err_aes_gcm_alg: 2491 crypto_unregister_skcipher(&aes_cfb64_alg); 2492 err_aes_cfb64_alg: 2493 i = ARRAY_SIZE(aes_algs); 2494 err_aes_algs: 2495 for (j = 0; j < i; j++) 2496 crypto_unregister_skcipher(&aes_algs[j]); 2497 2498 return err; 2499 } 2500 2501 static void atmel_aes_get_cap(struct atmel_aes_dev *dd) 2502 { 2503 dd->caps.has_dualbuff = 0; 2504 dd->caps.has_cfb64 = 0; 2505 dd->caps.has_gcm = 0; 2506 dd->caps.has_xts = 0; 2507 dd->caps.has_authenc = 0; 2508 dd->caps.max_burst_size = 1; 2509 2510 /* keep only major version number */ 2511 switch (dd->hw_version & 0xff0) { 2512 case 0x700: 2513 case 0x600: 2514 case 0x500: 2515 dd->caps.has_dualbuff = 1; 2516 dd->caps.has_cfb64 = 1; 2517 dd->caps.has_gcm = 1; 2518 dd->caps.has_xts = 1; 2519 dd->caps.has_authenc = 1; 2520 dd->caps.max_burst_size = 4; 2521 break; 2522 case 0x200: 2523 dd->caps.has_dualbuff = 1; 2524 dd->caps.has_cfb64 = 1; 2525 dd->caps.has_gcm = 1; 2526 dd->caps.max_burst_size = 4; 2527 break; 2528 case 0x130: 2529 dd->caps.has_dualbuff = 1; 2530 dd->caps.has_cfb64 = 1; 2531 dd->caps.max_burst_size = 4; 2532 break; 2533 case 0x120: 2534 break; 2535 default: 2536 dev_warn(dd->dev, 2537 "Unmanaged aes version, set minimum capabilities\n"); 2538 break; 2539 } 2540 } 2541 2542 #if defined(CONFIG_OF) 2543 static const struct of_device_id atmel_aes_dt_ids[] = { 2544 { .compatible = "atmel,at91sam9g46-aes" }, 2545 { /* sentinel */ } 2546 }; 2547 MODULE_DEVICE_TABLE(of, atmel_aes_dt_ids); 2548 #endif 2549 2550 static int atmel_aes_probe(struct platform_device *pdev) 2551 { 2552 struct atmel_aes_dev *aes_dd; 2553 struct device *dev = &pdev->dev; 2554 struct resource *aes_res; 2555 int err; 2556 2557 aes_dd = devm_kzalloc(&pdev->dev, sizeof(*aes_dd), GFP_KERNEL); 2558 if (!aes_dd) 2559 return -ENOMEM; 2560 2561 aes_dd->dev = dev; 2562 2563 platform_set_drvdata(pdev, aes_dd); 2564 2565 INIT_LIST_HEAD(&aes_dd->list); 2566 spin_lock_init(&aes_dd->lock); 2567 2568 tasklet_init(&aes_dd->done_task, atmel_aes_done_task, 2569 (unsigned long)aes_dd); 2570 tasklet_init(&aes_dd->queue_task, atmel_aes_queue_task, 2571 (unsigned long)aes_dd); 2572 2573 crypto_init_queue(&aes_dd->queue, ATMEL_AES_QUEUE_LENGTH); 2574 2575 /* Get the base address */ 2576 aes_res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 2577 if (!aes_res) { 2578 dev_err(dev, "no MEM resource info\n"); 2579 err = -ENODEV; 2580 goto err_tasklet_kill; 2581 } 2582 aes_dd->phys_base = aes_res->start; 2583 2584 /* Get the IRQ */ 2585 aes_dd->irq = platform_get_irq(pdev, 0); 2586 if (aes_dd->irq < 0) { 2587 err = aes_dd->irq; 2588 goto err_tasklet_kill; 2589 } 2590 2591 err = devm_request_irq(&pdev->dev, aes_dd->irq, atmel_aes_irq, 2592 IRQF_SHARED, "atmel-aes", aes_dd); 2593 if (err) { 2594 dev_err(dev, "unable to request aes irq.\n"); 2595 goto err_tasklet_kill; 2596 } 2597 2598 /* Initializing the clock */ 2599 aes_dd->iclk = devm_clk_get(&pdev->dev, "aes_clk"); 2600 if (IS_ERR(aes_dd->iclk)) { 2601 dev_err(dev, "clock initialization failed.\n"); 2602 err = PTR_ERR(aes_dd->iclk); 2603 goto err_tasklet_kill; 2604 } 2605 2606 aes_dd->io_base = devm_ioremap_resource(&pdev->dev, aes_res); 2607 if (IS_ERR(aes_dd->io_base)) { 2608 dev_err(dev, "can't ioremap\n"); 2609 err = PTR_ERR(aes_dd->io_base); 2610 goto err_tasklet_kill; 2611 } 2612 2613 err = clk_prepare(aes_dd->iclk); 2614 if (err) 2615 goto err_tasklet_kill; 2616 2617 err = atmel_aes_hw_version_init(aes_dd); 2618 if (err) 2619 goto err_iclk_unprepare; 2620 2621 atmel_aes_get_cap(aes_dd); 2622 2623 #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) 2624 if (aes_dd->caps.has_authenc && !atmel_sha_authenc_is_ready()) { 2625 err = -EPROBE_DEFER; 2626 goto err_iclk_unprepare; 2627 } 2628 #endif 2629 2630 err = atmel_aes_buff_init(aes_dd); 2631 if (err) 2632 goto err_iclk_unprepare; 2633 2634 err = atmel_aes_dma_init(aes_dd); 2635 if (err) 2636 goto err_buff_cleanup; 2637 2638 spin_lock(&atmel_aes.lock); 2639 list_add_tail(&aes_dd->list, &atmel_aes.dev_list); 2640 spin_unlock(&atmel_aes.lock); 2641 2642 err = atmel_aes_register_algs(aes_dd); 2643 if (err) 2644 goto err_algs; 2645 2646 dev_info(dev, "Atmel AES - Using %s, %s for DMA transfers\n", 2647 dma_chan_name(aes_dd->src.chan), 2648 dma_chan_name(aes_dd->dst.chan)); 2649 2650 return 0; 2651 2652 err_algs: 2653 spin_lock(&atmel_aes.lock); 2654 list_del(&aes_dd->list); 2655 spin_unlock(&atmel_aes.lock); 2656 atmel_aes_dma_cleanup(aes_dd); 2657 err_buff_cleanup: 2658 atmel_aes_buff_cleanup(aes_dd); 2659 err_iclk_unprepare: 2660 clk_unprepare(aes_dd->iclk); 2661 err_tasklet_kill: 2662 tasklet_kill(&aes_dd->done_task); 2663 tasklet_kill(&aes_dd->queue_task); 2664 2665 return err; 2666 } 2667 2668 static int atmel_aes_remove(struct platform_device *pdev) 2669 { 2670 struct atmel_aes_dev *aes_dd; 2671 2672 aes_dd = platform_get_drvdata(pdev); 2673 2674 spin_lock(&atmel_aes.lock); 2675 list_del(&aes_dd->list); 2676 spin_unlock(&atmel_aes.lock); 2677 2678 atmel_aes_unregister_algs(aes_dd); 2679 2680 tasklet_kill(&aes_dd->done_task); 2681 tasklet_kill(&aes_dd->queue_task); 2682 2683 atmel_aes_dma_cleanup(aes_dd); 2684 atmel_aes_buff_cleanup(aes_dd); 2685 2686 clk_unprepare(aes_dd->iclk); 2687 2688 return 0; 2689 } 2690 2691 static struct platform_driver atmel_aes_driver = { 2692 .probe = atmel_aes_probe, 2693 .remove = atmel_aes_remove, 2694 .driver = { 2695 .name = "atmel_aes", 2696 .of_match_table = of_match_ptr(atmel_aes_dt_ids), 2697 }, 2698 }; 2699 2700 module_platform_driver(atmel_aes_driver); 2701 2702 MODULE_DESCRIPTION("Atmel AES hw acceleration support."); 2703 MODULE_LICENSE("GPL v2"); 2704 MODULE_AUTHOR("Nicolas Royer - Eukréa Electromatique"); 2705