xref: /linux/drivers/crypto/caam/caamalg.c (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * caam - Freescale FSL CAAM support for crypto API
4  *
5  * Copyright 2008-2011 Freescale Semiconductor, Inc.
6  * Copyright 2016-2019, 2023 NXP
7  *
8  * Based on talitos crypto API driver.
9  *
10  * relationship of job descriptors to shared descriptors (SteveC Dec 10 2008):
11  *
12  * ---------------                     ---------------
13  * | JobDesc #1  |-------------------->|  ShareDesc  |
14  * | *(packet 1) |                     |   (PDB)     |
15  * ---------------      |------------->|  (hashKey)  |
16  *       .              |              | (cipherKey) |
17  *       .              |    |-------->| (operation) |
18  * ---------------      |    |         ---------------
19  * | JobDesc #2  |------|    |
20  * | *(packet 2) |           |
21  * ---------------           |
22  *       .                   |
23  *       .                   |
24  * ---------------           |
25  * | JobDesc #3  |------------
26  * | *(packet 3) |
27  * ---------------
28  *
29  * The SharedDesc never changes for a connection unless rekeyed, but
30  * each packet will likely be in a different place. So all we need
31  * to know to process the packet is where the input is, where the
32  * output goes, and what context we want to process with. Context is
33  * in the SharedDesc, packet references in the JobDesc.
34  *
35  * So, a job desc looks like:
36  *
37  * ---------------------
38  * | Header            |
39  * | ShareDesc Pointer |
40  * | SEQ_OUT_PTR       |
41  * | (output buffer)   |
42  * | (output length)   |
43  * | SEQ_IN_PTR        |
44  * | (input buffer)    |
45  * | (input length)    |
46  * ---------------------
47  */
48 
49 #include "compat.h"
50 
51 #include "regs.h"
52 #include "intern.h"
53 #include "desc_constr.h"
54 #include "jr.h"
55 #include "error.h"
56 #include "sg_sw_sec4.h"
57 #include "key_gen.h"
58 #include "caamalg_desc.h"
59 #include <linux/unaligned.h>
60 #include <crypto/internal/aead.h>
61 #include <crypto/internal/engine.h>
62 #include <crypto/internal/skcipher.h>
63 #include <crypto/xts.h>
64 #include <linux/dma-mapping.h>
65 #include <linux/device.h>
66 #include <linux/err.h>
67 #include <linux/module.h>
68 #include <linux/kernel.h>
69 #include <linux/slab.h>
70 #include <linux/string.h>
71 
72 /*
73  * crypto alg
74  */
75 #define CAAM_CRA_PRIORITY		3000
76 /* max key is sum of AES_MAX_KEY_SIZE, max split key size */
77 #define CAAM_MAX_KEY_SIZE		(AES_MAX_KEY_SIZE + \
78 					 CTR_RFC3686_NONCE_SIZE + \
79 					 SHA512_DIGEST_SIZE * 2)
80 
81 #define AEAD_DESC_JOB_IO_LEN		(DESC_JOB_IO_LEN + CAAM_CMD_SZ * 2)
82 #define GCM_DESC_JOB_IO_LEN		(AEAD_DESC_JOB_IO_LEN + \
83 					 CAAM_CMD_SZ * 4)
84 #define AUTHENC_DESC_JOB_IO_LEN		(AEAD_DESC_JOB_IO_LEN + \
85 					 CAAM_CMD_SZ * 5)
86 
87 #define CHACHAPOLY_DESC_JOB_IO_LEN	(AEAD_DESC_JOB_IO_LEN + CAAM_CMD_SZ * 6)
88 
89 #define DESC_MAX_USED_BYTES		(CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN_MIN)
90 #define DESC_MAX_USED_LEN		(DESC_MAX_USED_BYTES / CAAM_CMD_SZ)
91 
92 struct caam_alg_entry {
93 	int class1_alg_type;
94 	int class2_alg_type;
95 	bool rfc3686;
96 	bool geniv;
97 	bool nodkp;
98 };
99 
100 struct caam_aead_alg {
101 	struct aead_engine_alg aead;
102 	struct caam_alg_entry caam;
103 	bool registered;
104 };
105 
106 struct caam_skcipher_alg {
107 	struct skcipher_engine_alg skcipher;
108 	struct caam_alg_entry caam;
109 	bool registered;
110 };
111 
112 /*
113  * per-session context
114  */
115 struct caam_ctx {
116 	u32 sh_desc_enc[DESC_MAX_USED_LEN];
117 	u32 sh_desc_dec[DESC_MAX_USED_LEN];
118 	u8 key[CAAM_MAX_KEY_SIZE];
119 	dma_addr_t sh_desc_enc_dma;
120 	dma_addr_t sh_desc_dec_dma;
121 	dma_addr_t key_dma;
122 	enum dma_data_direction dir;
123 	struct device *jrdev;
124 	struct alginfo adata;
125 	struct alginfo cdata;
126 	unsigned int authsize;
127 	bool xts_key_fallback;
128 	struct crypto_skcipher *fallback;
129 };
130 
131 struct caam_skcipher_req_ctx {
132 	struct skcipher_edesc *edesc;
133 	struct skcipher_request fallback_req;
134 };
135 
136 struct caam_aead_req_ctx {
137 	struct aead_edesc *edesc;
138 };
139 
140 static int aead_null_set_sh_desc(struct crypto_aead *aead)
141 {
142 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
143 	struct device *jrdev = ctx->jrdev;
144 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
145 	u32 *desc;
146 	int rem_bytes = CAAM_DESC_BYTES_MAX - AEAD_DESC_JOB_IO_LEN -
147 			ctx->adata.keylen_pad;
148 
149 	/*
150 	 * Job Descriptor and Shared Descriptors
151 	 * must all fit into the 64-word Descriptor h/w Buffer
152 	 */
153 	if (rem_bytes >= DESC_AEAD_NULL_ENC_LEN) {
154 		ctx->adata.key_inline = true;
155 		ctx->adata.key_virt = ctx->key;
156 	} else {
157 		ctx->adata.key_inline = false;
158 		ctx->adata.key_dma = ctx->key_dma;
159 	}
160 
161 	/* aead_encrypt shared descriptor */
162 	desc = ctx->sh_desc_enc;
163 	cnstr_shdsc_aead_null_encap(desc, &ctx->adata, ctx->authsize,
164 				    ctrlpriv->era);
165 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
166 				   desc_bytes(desc), ctx->dir);
167 
168 	/*
169 	 * Job Descriptor and Shared Descriptors
170 	 * must all fit into the 64-word Descriptor h/w Buffer
171 	 */
172 	if (rem_bytes >= DESC_AEAD_NULL_DEC_LEN) {
173 		ctx->adata.key_inline = true;
174 		ctx->adata.key_virt = ctx->key;
175 	} else {
176 		ctx->adata.key_inline = false;
177 		ctx->adata.key_dma = ctx->key_dma;
178 	}
179 
180 	/* aead_decrypt shared descriptor */
181 	desc = ctx->sh_desc_dec;
182 	cnstr_shdsc_aead_null_decap(desc, &ctx->adata, ctx->authsize,
183 				    ctrlpriv->era);
184 	dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
185 				   desc_bytes(desc), ctx->dir);
186 
187 	return 0;
188 }
189 
190 static int aead_set_sh_desc(struct crypto_aead *aead)
191 {
192 	struct caam_aead_alg *alg = container_of(crypto_aead_alg(aead),
193 						 struct caam_aead_alg,
194 						 aead.base);
195 	unsigned int ivsize = crypto_aead_ivsize(aead);
196 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
197 	struct device *jrdev = ctx->jrdev;
198 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
199 	u32 ctx1_iv_off = 0;
200 	u32 *desc, *nonce = NULL;
201 	u32 inl_mask;
202 	unsigned int data_len[2];
203 	const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) ==
204 			       OP_ALG_AAI_CTR_MOD128);
205 	const bool is_rfc3686 = alg->caam.rfc3686;
206 
207 	if (!ctx->authsize)
208 		return 0;
209 
210 	/* NULL encryption / decryption */
211 	if (!ctx->cdata.keylen)
212 		return aead_null_set_sh_desc(aead);
213 
214 	/*
215 	 * AES-CTR needs to load IV in CONTEXT1 reg
216 	 * at an offset of 128bits (16bytes)
217 	 * CONTEXT1[255:128] = IV
218 	 */
219 	if (ctr_mode)
220 		ctx1_iv_off = 16;
221 
222 	/*
223 	 * RFC3686 specific:
224 	 *	CONTEXT1[255:128] = {NONCE, IV, COUNTER}
225 	 */
226 	if (is_rfc3686) {
227 		ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE;
228 		nonce = (u32 *)((void *)ctx->key + ctx->adata.keylen_pad +
229 				ctx->cdata.keylen - CTR_RFC3686_NONCE_SIZE);
230 	}
231 
232 	/*
233 	 * In case |user key| > |derived key|, using DKP<imm,imm>
234 	 * would result in invalid opcodes (last bytes of user key) in
235 	 * the resulting descriptor. Use DKP<ptr,imm> instead => both
236 	 * virtual and dma key addresses are needed.
237 	 */
238 	ctx->adata.key_virt = ctx->key;
239 	ctx->adata.key_dma = ctx->key_dma;
240 
241 	ctx->cdata.key_virt = ctx->key + ctx->adata.keylen_pad;
242 	ctx->cdata.key_dma = ctx->key_dma + ctx->adata.keylen_pad;
243 
244 	data_len[0] = ctx->adata.keylen_pad;
245 	data_len[1] = ctx->cdata.keylen;
246 
247 	if (alg->caam.geniv)
248 		goto skip_enc;
249 
250 	/*
251 	 * Job Descriptor and Shared Descriptors
252 	 * must all fit into the 64-word Descriptor h/w Buffer
253 	 */
254 	if (desc_inline_query(DESC_AEAD_ENC_LEN +
255 			      (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
256 			      AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask,
257 			      ARRAY_SIZE(data_len)) < 0)
258 		return -EINVAL;
259 
260 	ctx->adata.key_inline = !!(inl_mask & 1);
261 	ctx->cdata.key_inline = !!(inl_mask & 2);
262 
263 	/* aead_encrypt shared descriptor */
264 	desc = ctx->sh_desc_enc;
265 	cnstr_shdsc_aead_encap(desc, &ctx->cdata, &ctx->adata, ivsize,
266 			       ctx->authsize, is_rfc3686, nonce, ctx1_iv_off,
267 			       false, ctrlpriv->era);
268 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
269 				   desc_bytes(desc), ctx->dir);
270 
271 skip_enc:
272 	/*
273 	 * Job Descriptor and Shared Descriptors
274 	 * must all fit into the 64-word Descriptor h/w Buffer
275 	 */
276 	if (desc_inline_query(DESC_AEAD_DEC_LEN +
277 			      (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
278 			      AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask,
279 			      ARRAY_SIZE(data_len)) < 0)
280 		return -EINVAL;
281 
282 	ctx->adata.key_inline = !!(inl_mask & 1);
283 	ctx->cdata.key_inline = !!(inl_mask & 2);
284 
285 	/* aead_decrypt shared descriptor */
286 	desc = ctx->sh_desc_dec;
287 	cnstr_shdsc_aead_decap(desc, &ctx->cdata, &ctx->adata, ivsize,
288 			       ctx->authsize, alg->caam.geniv, is_rfc3686,
289 			       nonce, ctx1_iv_off, false, ctrlpriv->era);
290 	dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
291 				   desc_bytes(desc), ctx->dir);
292 
293 	if (!alg->caam.geniv)
294 		goto skip_givenc;
295 
296 	/*
297 	 * Job Descriptor and Shared Descriptors
298 	 * must all fit into the 64-word Descriptor h/w Buffer
299 	 */
300 	if (desc_inline_query(DESC_AEAD_GIVENC_LEN +
301 			      (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
302 			      AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask,
303 			      ARRAY_SIZE(data_len)) < 0)
304 		return -EINVAL;
305 
306 	ctx->adata.key_inline = !!(inl_mask & 1);
307 	ctx->cdata.key_inline = !!(inl_mask & 2);
308 
309 	/* aead_givencrypt shared descriptor */
310 	desc = ctx->sh_desc_enc;
311 	cnstr_shdsc_aead_givencap(desc, &ctx->cdata, &ctx->adata, ivsize,
312 				  ctx->authsize, is_rfc3686, nonce,
313 				  ctx1_iv_off, false, ctrlpriv->era);
314 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
315 				   desc_bytes(desc), ctx->dir);
316 
317 skip_givenc:
318 	return 0;
319 }
320 
321 static int aead_setauthsize(struct crypto_aead *authenc,
322 				    unsigned int authsize)
323 {
324 	struct caam_ctx *ctx = crypto_aead_ctx_dma(authenc);
325 
326 	ctx->authsize = authsize;
327 	aead_set_sh_desc(authenc);
328 
329 	return 0;
330 }
331 
332 static int gcm_set_sh_desc(struct crypto_aead *aead)
333 {
334 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
335 	struct device *jrdev = ctx->jrdev;
336 	unsigned int ivsize = crypto_aead_ivsize(aead);
337 	u32 *desc;
338 	int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
339 			ctx->cdata.keylen;
340 
341 	if (!ctx->cdata.keylen || !ctx->authsize)
342 		return 0;
343 
344 	/*
345 	 * AES GCM encrypt shared descriptor
346 	 * Job Descriptor and Shared Descriptor
347 	 * must fit into the 64-word Descriptor h/w Buffer
348 	 */
349 	if (rem_bytes >= DESC_GCM_ENC_LEN) {
350 		ctx->cdata.key_inline = true;
351 		ctx->cdata.key_virt = ctx->key;
352 	} else {
353 		ctx->cdata.key_inline = false;
354 		ctx->cdata.key_dma = ctx->key_dma;
355 	}
356 
357 	desc = ctx->sh_desc_enc;
358 	cnstr_shdsc_gcm_encap(desc, &ctx->cdata, ivsize, ctx->authsize, false);
359 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
360 				   desc_bytes(desc), ctx->dir);
361 
362 	/*
363 	 * Job Descriptor and Shared Descriptors
364 	 * must all fit into the 64-word Descriptor h/w Buffer
365 	 */
366 	if (rem_bytes >= DESC_GCM_DEC_LEN) {
367 		ctx->cdata.key_inline = true;
368 		ctx->cdata.key_virt = ctx->key;
369 	} else {
370 		ctx->cdata.key_inline = false;
371 		ctx->cdata.key_dma = ctx->key_dma;
372 	}
373 
374 	desc = ctx->sh_desc_dec;
375 	cnstr_shdsc_gcm_decap(desc, &ctx->cdata, ivsize, ctx->authsize, false);
376 	dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
377 				   desc_bytes(desc), ctx->dir);
378 
379 	return 0;
380 }
381 
382 static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize)
383 {
384 	struct caam_ctx *ctx = crypto_aead_ctx_dma(authenc);
385 	int err;
386 
387 	err = crypto_gcm_check_authsize(authsize);
388 	if (err)
389 		return err;
390 
391 	ctx->authsize = authsize;
392 	gcm_set_sh_desc(authenc);
393 
394 	return 0;
395 }
396 
397 static int rfc4106_set_sh_desc(struct crypto_aead *aead)
398 {
399 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
400 	struct device *jrdev = ctx->jrdev;
401 	unsigned int ivsize = crypto_aead_ivsize(aead);
402 	u32 *desc;
403 	int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
404 			ctx->cdata.keylen;
405 
406 	if (!ctx->cdata.keylen || !ctx->authsize)
407 		return 0;
408 
409 	/*
410 	 * RFC4106 encrypt shared descriptor
411 	 * Job Descriptor and Shared Descriptor
412 	 * must fit into the 64-word Descriptor h/w Buffer
413 	 */
414 	if (rem_bytes >= DESC_RFC4106_ENC_LEN) {
415 		ctx->cdata.key_inline = true;
416 		ctx->cdata.key_virt = ctx->key;
417 	} else {
418 		ctx->cdata.key_inline = false;
419 		ctx->cdata.key_dma = ctx->key_dma;
420 	}
421 
422 	desc = ctx->sh_desc_enc;
423 	cnstr_shdsc_rfc4106_encap(desc, &ctx->cdata, ivsize, ctx->authsize,
424 				  false);
425 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
426 				   desc_bytes(desc), ctx->dir);
427 
428 	/*
429 	 * Job Descriptor and Shared Descriptors
430 	 * must all fit into the 64-word Descriptor h/w Buffer
431 	 */
432 	if (rem_bytes >= DESC_RFC4106_DEC_LEN) {
433 		ctx->cdata.key_inline = true;
434 		ctx->cdata.key_virt = ctx->key;
435 	} else {
436 		ctx->cdata.key_inline = false;
437 		ctx->cdata.key_dma = ctx->key_dma;
438 	}
439 
440 	desc = ctx->sh_desc_dec;
441 	cnstr_shdsc_rfc4106_decap(desc, &ctx->cdata, ivsize, ctx->authsize,
442 				  false);
443 	dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
444 				   desc_bytes(desc), ctx->dir);
445 
446 	return 0;
447 }
448 
449 static int rfc4106_setauthsize(struct crypto_aead *authenc,
450 			       unsigned int authsize)
451 {
452 	struct caam_ctx *ctx = crypto_aead_ctx_dma(authenc);
453 	int err;
454 
455 	err = crypto_rfc4106_check_authsize(authsize);
456 	if (err)
457 		return err;
458 
459 	ctx->authsize = authsize;
460 	rfc4106_set_sh_desc(authenc);
461 
462 	return 0;
463 }
464 
465 static int rfc4543_set_sh_desc(struct crypto_aead *aead)
466 {
467 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
468 	struct device *jrdev = ctx->jrdev;
469 	unsigned int ivsize = crypto_aead_ivsize(aead);
470 	u32 *desc;
471 	int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
472 			ctx->cdata.keylen;
473 
474 	if (!ctx->cdata.keylen || !ctx->authsize)
475 		return 0;
476 
477 	/*
478 	 * RFC4543 encrypt shared descriptor
479 	 * Job Descriptor and Shared Descriptor
480 	 * must fit into the 64-word Descriptor h/w Buffer
481 	 */
482 	if (rem_bytes >= DESC_RFC4543_ENC_LEN) {
483 		ctx->cdata.key_inline = true;
484 		ctx->cdata.key_virt = ctx->key;
485 	} else {
486 		ctx->cdata.key_inline = false;
487 		ctx->cdata.key_dma = ctx->key_dma;
488 	}
489 
490 	desc = ctx->sh_desc_enc;
491 	cnstr_shdsc_rfc4543_encap(desc, &ctx->cdata, ivsize, ctx->authsize,
492 				  false);
493 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
494 				   desc_bytes(desc), ctx->dir);
495 
496 	/*
497 	 * Job Descriptor and Shared Descriptors
498 	 * must all fit into the 64-word Descriptor h/w Buffer
499 	 */
500 	if (rem_bytes >= DESC_RFC4543_DEC_LEN) {
501 		ctx->cdata.key_inline = true;
502 		ctx->cdata.key_virt = ctx->key;
503 	} else {
504 		ctx->cdata.key_inline = false;
505 		ctx->cdata.key_dma = ctx->key_dma;
506 	}
507 
508 	desc = ctx->sh_desc_dec;
509 	cnstr_shdsc_rfc4543_decap(desc, &ctx->cdata, ivsize, ctx->authsize,
510 				  false);
511 	dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
512 				   desc_bytes(desc), ctx->dir);
513 
514 	return 0;
515 }
516 
517 static int rfc4543_setauthsize(struct crypto_aead *authenc,
518 			       unsigned int authsize)
519 {
520 	struct caam_ctx *ctx = crypto_aead_ctx_dma(authenc);
521 
522 	if (authsize != 16)
523 		return -EINVAL;
524 
525 	ctx->authsize = authsize;
526 	rfc4543_set_sh_desc(authenc);
527 
528 	return 0;
529 }
530 
531 static int chachapoly_set_sh_desc(struct crypto_aead *aead)
532 {
533 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
534 	struct device *jrdev = ctx->jrdev;
535 	unsigned int ivsize = crypto_aead_ivsize(aead);
536 	u32 *desc;
537 
538 	if (!ctx->cdata.keylen || !ctx->authsize)
539 		return 0;
540 
541 	desc = ctx->sh_desc_enc;
542 	cnstr_shdsc_chachapoly(desc, &ctx->cdata, &ctx->adata, ivsize,
543 			       ctx->authsize, true, false);
544 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
545 				   desc_bytes(desc), ctx->dir);
546 
547 	desc = ctx->sh_desc_dec;
548 	cnstr_shdsc_chachapoly(desc, &ctx->cdata, &ctx->adata, ivsize,
549 			       ctx->authsize, false, false);
550 	dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
551 				   desc_bytes(desc), ctx->dir);
552 
553 	return 0;
554 }
555 
556 static int chachapoly_setauthsize(struct crypto_aead *aead,
557 				  unsigned int authsize)
558 {
559 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
560 
561 	if (authsize != POLY1305_DIGEST_SIZE)
562 		return -EINVAL;
563 
564 	ctx->authsize = authsize;
565 	return chachapoly_set_sh_desc(aead);
566 }
567 
568 static int chachapoly_setkey(struct crypto_aead *aead, const u8 *key,
569 			     unsigned int keylen)
570 {
571 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
572 	unsigned int ivsize = crypto_aead_ivsize(aead);
573 	unsigned int saltlen = CHACHAPOLY_IV_SIZE - ivsize;
574 
575 	if (keylen != CHACHA_KEY_SIZE + saltlen)
576 		return -EINVAL;
577 
578 	memcpy(ctx->key, key, keylen);
579 	ctx->cdata.key_virt = ctx->key;
580 	ctx->cdata.keylen = keylen - saltlen;
581 
582 	return chachapoly_set_sh_desc(aead);
583 }
584 
585 static int aead_setkey(struct crypto_aead *aead,
586 			       const u8 *key, unsigned int keylen)
587 {
588 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
589 	struct device *jrdev = ctx->jrdev;
590 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
591 	struct crypto_authenc_keys keys;
592 	int ret = 0;
593 
594 	if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
595 		goto badkey;
596 
597 	dev_dbg(jrdev, "keylen %d enckeylen %d authkeylen %d\n",
598 	       keys.authkeylen + keys.enckeylen, keys.enckeylen,
599 	       keys.authkeylen);
600 	print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
601 			     DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
602 
603 	/*
604 	 * If DKP is supported, use it in the shared descriptor to generate
605 	 * the split key.
606 	 */
607 	if (ctrlpriv->era >= 6) {
608 		ctx->adata.keylen = keys.authkeylen;
609 		ctx->adata.keylen_pad = split_key_len(ctx->adata.algtype &
610 						      OP_ALG_ALGSEL_MASK);
611 
612 		if (ctx->adata.keylen_pad + keys.enckeylen > CAAM_MAX_KEY_SIZE)
613 			goto badkey;
614 
615 		memcpy(ctx->key, keys.authkey, keys.authkeylen);
616 		memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey,
617 		       keys.enckeylen);
618 		dma_sync_single_for_device(jrdev, ctx->key_dma,
619 					   ctx->adata.keylen_pad +
620 					   keys.enckeylen, ctx->dir);
621 		goto skip_split_key;
622 	}
623 
624 	ret = gen_split_key(ctx->jrdev, ctx->key, &ctx->adata, keys.authkey,
625 			    keys.authkeylen, CAAM_MAX_KEY_SIZE -
626 			    keys.enckeylen);
627 	if (ret) {
628 		goto badkey;
629 	}
630 
631 	/* postpend encryption key to auth split key */
632 	memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey, keys.enckeylen);
633 	dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->adata.keylen_pad +
634 				   keys.enckeylen, ctx->dir);
635 
636 	print_hex_dump_debug("ctx.key@"__stringify(__LINE__)": ",
637 			     DUMP_PREFIX_ADDRESS, 16, 4, ctx->key,
638 			     ctx->adata.keylen_pad + keys.enckeylen, 1);
639 
640 skip_split_key:
641 	ctx->cdata.keylen = keys.enckeylen;
642 	memzero_explicit(&keys, sizeof(keys));
643 	return aead_set_sh_desc(aead);
644 badkey:
645 	memzero_explicit(&keys, sizeof(keys));
646 	return -EINVAL;
647 }
648 
649 static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
650 			    unsigned int keylen)
651 {
652 	struct crypto_authenc_keys keys;
653 	int err;
654 
655 	err = crypto_authenc_extractkeys(&keys, key, keylen);
656 	if (unlikely(err))
657 		return err;
658 
659 	err = verify_aead_des3_key(aead, keys.enckey, keys.enckeylen) ?:
660 	      aead_setkey(aead, key, keylen);
661 
662 	memzero_explicit(&keys, sizeof(keys));
663 	return err;
664 }
665 
666 static int gcm_setkey(struct crypto_aead *aead,
667 		      const u8 *key, unsigned int keylen)
668 {
669 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
670 	struct device *jrdev = ctx->jrdev;
671 	int err;
672 
673 	err = aes_check_keylen(keylen);
674 	if (err)
675 		return err;
676 
677 	print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
678 			     DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
679 
680 	memcpy(ctx->key, key, keylen);
681 	dma_sync_single_for_device(jrdev, ctx->key_dma, keylen, ctx->dir);
682 	ctx->cdata.keylen = keylen;
683 
684 	return gcm_set_sh_desc(aead);
685 }
686 
687 static int rfc4106_setkey(struct crypto_aead *aead,
688 			  const u8 *key, unsigned int keylen)
689 {
690 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
691 	struct device *jrdev = ctx->jrdev;
692 	int err;
693 
694 	err = aes_check_keylen(keylen - 4);
695 	if (err)
696 		return err;
697 
698 	print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
699 			     DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
700 
701 	memcpy(ctx->key, key, keylen);
702 
703 	/*
704 	 * The last four bytes of the key material are used as the salt value
705 	 * in the nonce. Update the AES key length.
706 	 */
707 	ctx->cdata.keylen = keylen - 4;
708 	dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->cdata.keylen,
709 				   ctx->dir);
710 	return rfc4106_set_sh_desc(aead);
711 }
712 
713 static int rfc4543_setkey(struct crypto_aead *aead,
714 			  const u8 *key, unsigned int keylen)
715 {
716 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
717 	struct device *jrdev = ctx->jrdev;
718 	int err;
719 
720 	err = aes_check_keylen(keylen - 4);
721 	if (err)
722 		return err;
723 
724 	print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
725 			     DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
726 
727 	memcpy(ctx->key, key, keylen);
728 
729 	/*
730 	 * The last four bytes of the key material are used as the salt value
731 	 * in the nonce. Update the AES key length.
732 	 */
733 	ctx->cdata.keylen = keylen - 4;
734 	dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->cdata.keylen,
735 				   ctx->dir);
736 	return rfc4543_set_sh_desc(aead);
737 }
738 
739 static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
740 			   unsigned int keylen, const u32 ctx1_iv_off)
741 {
742 	struct caam_ctx *ctx = crypto_skcipher_ctx_dma(skcipher);
743 	struct caam_skcipher_alg *alg =
744 		container_of(crypto_skcipher_alg(skcipher), typeof(*alg),
745 			     skcipher.base);
746 	struct device *jrdev = ctx->jrdev;
747 	unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
748 	u32 *desc;
749 	const bool is_rfc3686 = alg->caam.rfc3686;
750 
751 	print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
752 			     DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
753 
754 	ctx->cdata.keylen = keylen;
755 	ctx->cdata.key_virt = key;
756 	ctx->cdata.key_inline = true;
757 
758 	/* skcipher_encrypt shared descriptor */
759 	desc = ctx->sh_desc_enc;
760 	cnstr_shdsc_skcipher_encap(desc, &ctx->cdata, ivsize, is_rfc3686,
761 				   ctx1_iv_off);
762 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
763 				   desc_bytes(desc), ctx->dir);
764 
765 	/* skcipher_decrypt shared descriptor */
766 	desc = ctx->sh_desc_dec;
767 	cnstr_shdsc_skcipher_decap(desc, &ctx->cdata, ivsize, is_rfc3686,
768 				   ctx1_iv_off);
769 	dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
770 				   desc_bytes(desc), ctx->dir);
771 
772 	return 0;
773 }
774 
775 static int aes_skcipher_setkey(struct crypto_skcipher *skcipher,
776 			       const u8 *key, unsigned int keylen)
777 {
778 	int err;
779 
780 	err = aes_check_keylen(keylen);
781 	if (err)
782 		return err;
783 
784 	return skcipher_setkey(skcipher, key, keylen, 0);
785 }
786 
787 static int rfc3686_skcipher_setkey(struct crypto_skcipher *skcipher,
788 				   const u8 *key, unsigned int keylen)
789 {
790 	u32 ctx1_iv_off;
791 	int err;
792 
793 	/*
794 	 * RFC3686 specific:
795 	 *	| CONTEXT1[255:128] = {NONCE, IV, COUNTER}
796 	 *	| *key = {KEY, NONCE}
797 	 */
798 	ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE;
799 	keylen -= CTR_RFC3686_NONCE_SIZE;
800 
801 	err = aes_check_keylen(keylen);
802 	if (err)
803 		return err;
804 
805 	return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
806 }
807 
808 static int ctr_skcipher_setkey(struct crypto_skcipher *skcipher,
809 			       const u8 *key, unsigned int keylen)
810 {
811 	u32 ctx1_iv_off;
812 	int err;
813 
814 	/*
815 	 * AES-CTR needs to load IV in CONTEXT1 reg
816 	 * at an offset of 128bits (16bytes)
817 	 * CONTEXT1[255:128] = IV
818 	 */
819 	ctx1_iv_off = 16;
820 
821 	err = aes_check_keylen(keylen);
822 	if (err)
823 		return err;
824 
825 	return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
826 }
827 
828 static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
829 			       const u8 *key, unsigned int keylen)
830 {
831 	return verify_skcipher_des_key(skcipher, key) ?:
832 	       skcipher_setkey(skcipher, key, keylen, 0);
833 }
834 
835 static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
836 				const u8 *key, unsigned int keylen)
837 {
838 	return verify_skcipher_des3_key(skcipher, key) ?:
839 	       skcipher_setkey(skcipher, key, keylen, 0);
840 }
841 
842 static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
843 			       unsigned int keylen)
844 {
845 	struct caam_ctx *ctx = crypto_skcipher_ctx_dma(skcipher);
846 	struct device *jrdev = ctx->jrdev;
847 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
848 	u32 *desc;
849 	int err;
850 
851 	err = xts_verify_key(skcipher, key, keylen);
852 	if (err) {
853 		dev_dbg(jrdev, "key size mismatch\n");
854 		return err;
855 	}
856 
857 	if (keylen != 2 * AES_KEYSIZE_128 && keylen != 2 * AES_KEYSIZE_256)
858 		ctx->xts_key_fallback = true;
859 
860 	if (ctrlpriv->era <= 8 || ctx->xts_key_fallback) {
861 		err = crypto_skcipher_setkey(ctx->fallback, key, keylen);
862 		if (err)
863 			return err;
864 	}
865 
866 	ctx->cdata.keylen = keylen;
867 	ctx->cdata.key_virt = key;
868 	ctx->cdata.key_inline = true;
869 
870 	/* xts_skcipher_encrypt shared descriptor */
871 	desc = ctx->sh_desc_enc;
872 	cnstr_shdsc_xts_skcipher_encap(desc, &ctx->cdata);
873 	dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
874 				   desc_bytes(desc), ctx->dir);
875 
876 	/* xts_skcipher_decrypt shared descriptor */
877 	desc = ctx->sh_desc_dec;
878 	cnstr_shdsc_xts_skcipher_decap(desc, &ctx->cdata);
879 	dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
880 				   desc_bytes(desc), ctx->dir);
881 
882 	return 0;
883 }
884 
885 /*
886  * aead_edesc - s/w-extended aead descriptor
887  * @src_nents: number of segments in input s/w scatterlist
888  * @dst_nents: number of segments in output s/w scatterlist
889  * @mapped_src_nents: number of segments in input h/w link table
890  * @mapped_dst_nents: number of segments in output h/w link table
891  * @sec4_sg_bytes: length of dma mapped sec4_sg space
892  * @bklog: stored to determine if the request needs backlog
893  * @sec4_sg_dma: bus physical mapped address of h/w link table
894  * @sec4_sg: pointer to h/w link table
895  * @hw_desc: the h/w job descriptor followed by any referenced link tables
896  */
897 struct aead_edesc {
898 	int src_nents;
899 	int dst_nents;
900 	int mapped_src_nents;
901 	int mapped_dst_nents;
902 	int sec4_sg_bytes;
903 	bool bklog;
904 	dma_addr_t sec4_sg_dma;
905 	struct sec4_sg_entry *sec4_sg;
906 	u32 hw_desc[];
907 };
908 
909 /*
910  * skcipher_edesc - s/w-extended skcipher descriptor
911  * @src_nents: number of segments in input s/w scatterlist
912  * @dst_nents: number of segments in output s/w scatterlist
913  * @mapped_src_nents: number of segments in input h/w link table
914  * @mapped_dst_nents: number of segments in output h/w link table
915  * @iv_dma: dma address of iv for checking continuity and link table
916  * @sec4_sg_bytes: length of dma mapped sec4_sg space
917  * @bklog: stored to determine if the request needs backlog
918  * @sec4_sg_dma: bus physical mapped address of h/w link table
919  * @sec4_sg: pointer to h/w link table
920  * @hw_desc: the h/w job descriptor followed by any referenced link tables
921  *	     and IV
922  */
923 struct skcipher_edesc {
924 	int src_nents;
925 	int dst_nents;
926 	int mapped_src_nents;
927 	int mapped_dst_nents;
928 	dma_addr_t iv_dma;
929 	int sec4_sg_bytes;
930 	bool bklog;
931 	dma_addr_t sec4_sg_dma;
932 	struct sec4_sg_entry *sec4_sg;
933 	u32 hw_desc[];
934 };
935 
936 static void caam_unmap(struct device *dev, struct scatterlist *src,
937 		       struct scatterlist *dst, int src_nents,
938 		       int dst_nents,
939 		       dma_addr_t iv_dma, int ivsize, dma_addr_t sec4_sg_dma,
940 		       int sec4_sg_bytes)
941 {
942 	if (dst != src) {
943 		if (src_nents)
944 			dma_unmap_sg(dev, src, src_nents, DMA_TO_DEVICE);
945 		if (dst_nents)
946 			dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE);
947 	} else {
948 		dma_unmap_sg(dev, src, src_nents, DMA_BIDIRECTIONAL);
949 	}
950 
951 	if (iv_dma)
952 		dma_unmap_single(dev, iv_dma, ivsize, DMA_BIDIRECTIONAL);
953 	if (sec4_sg_bytes)
954 		dma_unmap_single(dev, sec4_sg_dma, sec4_sg_bytes,
955 				 DMA_TO_DEVICE);
956 }
957 
958 static void aead_unmap(struct device *dev,
959 		       struct aead_edesc *edesc,
960 		       struct aead_request *req)
961 {
962 	caam_unmap(dev, req->src, req->dst,
963 		   edesc->src_nents, edesc->dst_nents, 0, 0,
964 		   edesc->sec4_sg_dma, edesc->sec4_sg_bytes);
965 }
966 
967 static void skcipher_unmap(struct device *dev, struct skcipher_edesc *edesc,
968 			   struct skcipher_request *req)
969 {
970 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
971 	int ivsize = crypto_skcipher_ivsize(skcipher);
972 
973 	caam_unmap(dev, req->src, req->dst,
974 		   edesc->src_nents, edesc->dst_nents,
975 		   edesc->iv_dma, ivsize,
976 		   edesc->sec4_sg_dma, edesc->sec4_sg_bytes);
977 }
978 
979 static void aead_crypt_done(struct device *jrdev, u32 *desc, u32 err,
980 			    void *context)
981 {
982 	struct aead_request *req = context;
983 	struct caam_aead_req_ctx *rctx = aead_request_ctx(req);
984 	struct caam_drv_private_jr *jrp = dev_get_drvdata(jrdev);
985 	struct aead_edesc *edesc;
986 	int ecode = 0;
987 	bool has_bklog;
988 
989 	dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
990 
991 	edesc = rctx->edesc;
992 	has_bklog = edesc->bklog;
993 
994 	if (err)
995 		ecode = caam_jr_strstatus(jrdev, err);
996 
997 	aead_unmap(jrdev, edesc, req);
998 
999 	kfree(edesc);
1000 
1001 	/*
1002 	 * If no backlog flag, the completion of the request is done
1003 	 * by CAAM, not crypto engine.
1004 	 */
1005 	if (!has_bklog)
1006 		aead_request_complete(req, ecode);
1007 	else
1008 		crypto_finalize_aead_request(jrp->engine, req, ecode);
1009 }
1010 
1011 static inline u8 *skcipher_edesc_iv(struct skcipher_edesc *edesc)
1012 {
1013 
1014 	return PTR_ALIGN((u8 *)edesc->sec4_sg + edesc->sec4_sg_bytes,
1015 			 dma_get_cache_alignment());
1016 }
1017 
1018 static void skcipher_crypt_done(struct device *jrdev, u32 *desc, u32 err,
1019 				void *context)
1020 {
1021 	struct skcipher_request *req = context;
1022 	struct skcipher_edesc *edesc;
1023 	struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req);
1024 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1025 	struct caam_drv_private_jr *jrp = dev_get_drvdata(jrdev);
1026 	int ivsize = crypto_skcipher_ivsize(skcipher);
1027 	int ecode = 0;
1028 	bool has_bklog;
1029 
1030 	dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
1031 
1032 	edesc = rctx->edesc;
1033 	has_bklog = edesc->bklog;
1034 	if (err)
1035 		ecode = caam_jr_strstatus(jrdev, err);
1036 
1037 	skcipher_unmap(jrdev, edesc, req);
1038 
1039 	/*
1040 	 * The crypto API expects us to set the IV (req->iv) to the last
1041 	 * ciphertext block (CBC mode) or last counter (CTR mode).
1042 	 * This is used e.g. by the CTS mode.
1043 	 */
1044 	if (ivsize && !ecode) {
1045 		memcpy(req->iv, skcipher_edesc_iv(edesc), ivsize);
1046 
1047 		print_hex_dump_debug("dstiv  @" __stringify(__LINE__)": ",
1048 				     DUMP_PREFIX_ADDRESS, 16, 4, req->iv,
1049 				     ivsize, 1);
1050 	}
1051 
1052 	caam_dump_sg("dst    @" __stringify(__LINE__)": ",
1053 		     DUMP_PREFIX_ADDRESS, 16, 4, req->dst,
1054 		     edesc->dst_nents > 1 ? 100 : req->cryptlen, 1);
1055 
1056 	kfree(edesc);
1057 
1058 	/*
1059 	 * If no backlog flag, the completion of the request is done
1060 	 * by CAAM, not crypto engine.
1061 	 */
1062 	if (!has_bklog)
1063 		skcipher_request_complete(req, ecode);
1064 	else
1065 		crypto_finalize_skcipher_request(jrp->engine, req, ecode);
1066 }
1067 
1068 /*
1069  * Fill in aead job descriptor
1070  */
1071 static void init_aead_job(struct aead_request *req,
1072 			  struct aead_edesc *edesc,
1073 			  bool all_contig, bool encrypt)
1074 {
1075 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1076 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
1077 	int authsize = ctx->authsize;
1078 	u32 *desc = edesc->hw_desc;
1079 	u32 out_options, in_options;
1080 	dma_addr_t dst_dma, src_dma;
1081 	int len, sec4_sg_index = 0;
1082 	dma_addr_t ptr;
1083 	u32 *sh_desc;
1084 
1085 	sh_desc = encrypt ? ctx->sh_desc_enc : ctx->sh_desc_dec;
1086 	ptr = encrypt ? ctx->sh_desc_enc_dma : ctx->sh_desc_dec_dma;
1087 
1088 	len = desc_len(sh_desc);
1089 	init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE);
1090 
1091 	if (all_contig) {
1092 		src_dma = edesc->mapped_src_nents ? sg_dma_address(req->src) :
1093 						    0;
1094 		in_options = 0;
1095 	} else {
1096 		src_dma = edesc->sec4_sg_dma;
1097 		sec4_sg_index += edesc->mapped_src_nents;
1098 		in_options = LDST_SGF;
1099 	}
1100 
1101 	append_seq_in_ptr(desc, src_dma, req->assoclen + req->cryptlen,
1102 			  in_options);
1103 
1104 	dst_dma = src_dma;
1105 	out_options = in_options;
1106 
1107 	if (unlikely(req->src != req->dst)) {
1108 		if (!edesc->mapped_dst_nents) {
1109 			dst_dma = 0;
1110 			out_options = 0;
1111 		} else if (edesc->mapped_dst_nents == 1) {
1112 			dst_dma = sg_dma_address(req->dst);
1113 			out_options = 0;
1114 		} else {
1115 			dst_dma = edesc->sec4_sg_dma +
1116 				  sec4_sg_index *
1117 				  sizeof(struct sec4_sg_entry);
1118 			out_options = LDST_SGF;
1119 		}
1120 	}
1121 
1122 	if (encrypt)
1123 		append_seq_out_ptr(desc, dst_dma,
1124 				   req->assoclen + req->cryptlen + authsize,
1125 				   out_options);
1126 	else
1127 		append_seq_out_ptr(desc, dst_dma,
1128 				   req->assoclen + req->cryptlen - authsize,
1129 				   out_options);
1130 }
1131 
1132 static void init_gcm_job(struct aead_request *req,
1133 			 struct aead_edesc *edesc,
1134 			 bool all_contig, bool encrypt)
1135 {
1136 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1137 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
1138 	unsigned int ivsize = crypto_aead_ivsize(aead);
1139 	u32 *desc = edesc->hw_desc;
1140 	bool generic_gcm = (ivsize == GCM_AES_IV_SIZE);
1141 	unsigned int last;
1142 
1143 	init_aead_job(req, edesc, all_contig, encrypt);
1144 	append_math_add_imm_u32(desc, REG3, ZERO, IMM, req->assoclen);
1145 
1146 	/* BUG This should not be specific to generic GCM. */
1147 	last = 0;
1148 	if (encrypt && generic_gcm && !(req->assoclen + req->cryptlen))
1149 		last = FIFOLD_TYPE_LAST1;
1150 
1151 	/* Read GCM IV */
1152 	append_cmd(desc, CMD_FIFO_LOAD | FIFOLD_CLASS_CLASS1 | IMMEDIATE |
1153 			 FIFOLD_TYPE_IV | FIFOLD_TYPE_FLUSH1 | GCM_AES_IV_SIZE | last);
1154 	/* Append Salt */
1155 	if (!generic_gcm)
1156 		append_data(desc, ctx->key + ctx->cdata.keylen, 4);
1157 	/* Append IV */
1158 	append_data(desc, req->iv, ivsize);
1159 	/* End of blank commands */
1160 }
1161 
1162 static void init_chachapoly_job(struct aead_request *req,
1163 				struct aead_edesc *edesc, bool all_contig,
1164 				bool encrypt)
1165 {
1166 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1167 	unsigned int ivsize = crypto_aead_ivsize(aead);
1168 	unsigned int assoclen = req->assoclen;
1169 	u32 *desc = edesc->hw_desc;
1170 	u32 ctx_iv_off = 4;
1171 
1172 	init_aead_job(req, edesc, all_contig, encrypt);
1173 
1174 	if (ivsize != CHACHAPOLY_IV_SIZE) {
1175 		/* IPsec specific: CONTEXT1[223:128] = {NONCE, IV} */
1176 		ctx_iv_off += 4;
1177 
1178 		/*
1179 		 * The associated data comes already with the IV but we need
1180 		 * to skip it when we authenticate or encrypt...
1181 		 */
1182 		assoclen -= ivsize;
1183 	}
1184 
1185 	append_math_add_imm_u32(desc, REG3, ZERO, IMM, assoclen);
1186 
1187 	/*
1188 	 * For IPsec load the IV further in the same register.
1189 	 * For RFC7539 simply load the 12 bytes nonce in a single operation
1190 	 */
1191 	append_load_as_imm(desc, req->iv, ivsize, LDST_CLASS_1_CCB |
1192 			   LDST_SRCDST_BYTE_CONTEXT |
1193 			   ctx_iv_off << LDST_OFFSET_SHIFT);
1194 }
1195 
1196 static void init_authenc_job(struct aead_request *req,
1197 			     struct aead_edesc *edesc,
1198 			     bool all_contig, bool encrypt)
1199 {
1200 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1201 	struct caam_aead_alg *alg = container_of(crypto_aead_alg(aead),
1202 						 struct caam_aead_alg,
1203 						 aead.base);
1204 	unsigned int ivsize = crypto_aead_ivsize(aead);
1205 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
1206 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctx->jrdev->parent);
1207 	const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) ==
1208 			       OP_ALG_AAI_CTR_MOD128);
1209 	const bool is_rfc3686 = alg->caam.rfc3686;
1210 	u32 *desc = edesc->hw_desc;
1211 	u32 ivoffset = 0;
1212 
1213 	/*
1214 	 * AES-CTR needs to load IV in CONTEXT1 reg
1215 	 * at an offset of 128bits (16bytes)
1216 	 * CONTEXT1[255:128] = IV
1217 	 */
1218 	if (ctr_mode)
1219 		ivoffset = 16;
1220 
1221 	/*
1222 	 * RFC3686 specific:
1223 	 *	CONTEXT1[255:128] = {NONCE, IV, COUNTER}
1224 	 */
1225 	if (is_rfc3686)
1226 		ivoffset = 16 + CTR_RFC3686_NONCE_SIZE;
1227 
1228 	init_aead_job(req, edesc, all_contig, encrypt);
1229 
1230 	/*
1231 	 * {REG3, DPOVRD} = assoclen, depending on whether MATH command supports
1232 	 * having DPOVRD as destination.
1233 	 */
1234 	if (ctrlpriv->era < 3)
1235 		append_math_add_imm_u32(desc, REG3, ZERO, IMM, req->assoclen);
1236 	else
1237 		append_math_add_imm_u32(desc, DPOVRD, ZERO, IMM, req->assoclen);
1238 
1239 	if (ivsize && ((is_rfc3686 && encrypt) || !alg->caam.geniv))
1240 		append_load_as_imm(desc, req->iv, ivsize,
1241 				   LDST_CLASS_1_CCB |
1242 				   LDST_SRCDST_BYTE_CONTEXT |
1243 				   (ivoffset << LDST_OFFSET_SHIFT));
1244 }
1245 
1246 /*
1247  * Fill in skcipher job descriptor
1248  */
1249 static void init_skcipher_job(struct skcipher_request *req,
1250 			      struct skcipher_edesc *edesc,
1251 			      const bool encrypt)
1252 {
1253 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1254 	struct caam_ctx *ctx = crypto_skcipher_ctx_dma(skcipher);
1255 	struct device *jrdev = ctx->jrdev;
1256 	int ivsize = crypto_skcipher_ivsize(skcipher);
1257 	u32 *desc = edesc->hw_desc;
1258 	u32 *sh_desc;
1259 	u32 in_options = 0, out_options = 0;
1260 	dma_addr_t src_dma, dst_dma, ptr;
1261 	int len, sec4_sg_index = 0;
1262 
1263 	print_hex_dump_debug("presciv@"__stringify(__LINE__)": ",
1264 			     DUMP_PREFIX_ADDRESS, 16, 4, req->iv, ivsize, 1);
1265 	dev_dbg(jrdev, "asked=%d, cryptlen%d\n",
1266 	       (int)edesc->src_nents > 1 ? 100 : req->cryptlen, req->cryptlen);
1267 
1268 	caam_dump_sg("src    @" __stringify(__LINE__)": ",
1269 		     DUMP_PREFIX_ADDRESS, 16, 4, req->src,
1270 		     edesc->src_nents > 1 ? 100 : req->cryptlen, 1);
1271 
1272 	sh_desc = encrypt ? ctx->sh_desc_enc : ctx->sh_desc_dec;
1273 	ptr = encrypt ? ctx->sh_desc_enc_dma : ctx->sh_desc_dec_dma;
1274 
1275 	len = desc_len(sh_desc);
1276 	init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE);
1277 
1278 	if (ivsize || edesc->mapped_src_nents > 1) {
1279 		src_dma = edesc->sec4_sg_dma;
1280 		sec4_sg_index = edesc->mapped_src_nents + !!ivsize;
1281 		in_options = LDST_SGF;
1282 	} else {
1283 		src_dma = sg_dma_address(req->src);
1284 	}
1285 
1286 	append_seq_in_ptr(desc, src_dma, req->cryptlen + ivsize, in_options);
1287 
1288 	if (likely(req->src == req->dst)) {
1289 		dst_dma = src_dma + !!ivsize * sizeof(struct sec4_sg_entry);
1290 		out_options = in_options;
1291 	} else if (!ivsize && edesc->mapped_dst_nents == 1) {
1292 		dst_dma = sg_dma_address(req->dst);
1293 	} else {
1294 		dst_dma = edesc->sec4_sg_dma + sec4_sg_index *
1295 			  sizeof(struct sec4_sg_entry);
1296 		out_options = LDST_SGF;
1297 	}
1298 
1299 	append_seq_out_ptr(desc, dst_dma, req->cryptlen + ivsize, out_options);
1300 }
1301 
1302 /*
1303  * allocate and map the aead extended descriptor
1304  */
1305 static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
1306 					   int desc_bytes, bool *all_contig_ptr,
1307 					   bool encrypt)
1308 {
1309 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1310 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
1311 	struct device *jrdev = ctx->jrdev;
1312 	struct caam_aead_req_ctx *rctx = aead_request_ctx(req);
1313 	gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
1314 		       GFP_KERNEL : GFP_ATOMIC;
1315 	int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
1316 	int src_len, dst_len = 0;
1317 	struct aead_edesc *edesc;
1318 	int sec4_sg_index, sec4_sg_len, sec4_sg_bytes;
1319 	unsigned int authsize = ctx->authsize;
1320 
1321 	if (unlikely(req->dst != req->src)) {
1322 		src_len = req->assoclen + req->cryptlen;
1323 		dst_len = src_len + (encrypt ? authsize : (-authsize));
1324 
1325 		src_nents = sg_nents_for_len(req->src, src_len);
1326 		if (unlikely(src_nents < 0)) {
1327 			dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
1328 				src_len);
1329 			return ERR_PTR(src_nents);
1330 		}
1331 
1332 		dst_nents = sg_nents_for_len(req->dst, dst_len);
1333 		if (unlikely(dst_nents < 0)) {
1334 			dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n",
1335 				dst_len);
1336 			return ERR_PTR(dst_nents);
1337 		}
1338 	} else {
1339 		src_len = req->assoclen + req->cryptlen +
1340 			  (encrypt ? authsize : 0);
1341 
1342 		src_nents = sg_nents_for_len(req->src, src_len);
1343 		if (unlikely(src_nents < 0)) {
1344 			dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
1345 				src_len);
1346 			return ERR_PTR(src_nents);
1347 		}
1348 	}
1349 
1350 	if (likely(req->src == req->dst)) {
1351 		mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents,
1352 					      DMA_BIDIRECTIONAL);
1353 		if (unlikely(!mapped_src_nents)) {
1354 			dev_err(jrdev, "unable to map source\n");
1355 			return ERR_PTR(-ENOMEM);
1356 		}
1357 	} else {
1358 		/* Cover also the case of null (zero length) input data */
1359 		if (src_nents) {
1360 			mapped_src_nents = dma_map_sg(jrdev, req->src,
1361 						      src_nents, DMA_TO_DEVICE);
1362 			if (unlikely(!mapped_src_nents)) {
1363 				dev_err(jrdev, "unable to map source\n");
1364 				return ERR_PTR(-ENOMEM);
1365 			}
1366 		} else {
1367 			mapped_src_nents = 0;
1368 		}
1369 
1370 		/* Cover also the case of null (zero length) output data */
1371 		if (dst_nents) {
1372 			mapped_dst_nents = dma_map_sg(jrdev, req->dst,
1373 						      dst_nents,
1374 						      DMA_FROM_DEVICE);
1375 			if (unlikely(!mapped_dst_nents)) {
1376 				dev_err(jrdev, "unable to map destination\n");
1377 				dma_unmap_sg(jrdev, req->src, src_nents,
1378 					     DMA_TO_DEVICE);
1379 				return ERR_PTR(-ENOMEM);
1380 			}
1381 		} else {
1382 			mapped_dst_nents = 0;
1383 		}
1384 	}
1385 
1386 	/*
1387 	 * HW reads 4 S/G entries at a time; make sure the reads don't go beyond
1388 	 * the end of the table by allocating more S/G entries.
1389 	 */
1390 	sec4_sg_len = mapped_src_nents > 1 ? mapped_src_nents : 0;
1391 	if (mapped_dst_nents > 1)
1392 		sec4_sg_len += pad_sg_nents(mapped_dst_nents);
1393 	else
1394 		sec4_sg_len = pad_sg_nents(sec4_sg_len);
1395 
1396 	sec4_sg_bytes = sec4_sg_len * sizeof(struct sec4_sg_entry);
1397 
1398 	/* allocate space for base edesc and hw desc commands, link tables */
1399 	edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes, flags);
1400 	if (!edesc) {
1401 		caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0,
1402 			   0, 0, 0);
1403 		return ERR_PTR(-ENOMEM);
1404 	}
1405 
1406 	edesc->src_nents = src_nents;
1407 	edesc->dst_nents = dst_nents;
1408 	edesc->mapped_src_nents = mapped_src_nents;
1409 	edesc->mapped_dst_nents = mapped_dst_nents;
1410 	edesc->sec4_sg = (void *)edesc + sizeof(struct aead_edesc) +
1411 			 desc_bytes;
1412 
1413 	rctx->edesc = edesc;
1414 
1415 	*all_contig_ptr = !(mapped_src_nents > 1);
1416 
1417 	sec4_sg_index = 0;
1418 	if (mapped_src_nents > 1) {
1419 		sg_to_sec4_sg_last(req->src, src_len,
1420 				   edesc->sec4_sg + sec4_sg_index, 0);
1421 		sec4_sg_index += mapped_src_nents;
1422 	}
1423 	if (mapped_dst_nents > 1) {
1424 		sg_to_sec4_sg_last(req->dst, dst_len,
1425 				   edesc->sec4_sg + sec4_sg_index, 0);
1426 	}
1427 
1428 	if (!sec4_sg_bytes)
1429 		return edesc;
1430 
1431 	edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg,
1432 					    sec4_sg_bytes, DMA_TO_DEVICE);
1433 	if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) {
1434 		dev_err(jrdev, "unable to map S/G table\n");
1435 		aead_unmap(jrdev, edesc, req);
1436 		kfree(edesc);
1437 		return ERR_PTR(-ENOMEM);
1438 	}
1439 
1440 	edesc->sec4_sg_bytes = sec4_sg_bytes;
1441 
1442 	return edesc;
1443 }
1444 
1445 static int aead_enqueue_req(struct device *jrdev, struct aead_request *req)
1446 {
1447 	struct caam_drv_private_jr *jrpriv = dev_get_drvdata(jrdev);
1448 	struct caam_aead_req_ctx *rctx = aead_request_ctx(req);
1449 	struct aead_edesc *edesc = rctx->edesc;
1450 	u32 *desc = edesc->hw_desc;
1451 	int ret;
1452 
1453 	/*
1454 	 * Only the backlog request are sent to crypto-engine since the others
1455 	 * can be handled by CAAM, if free, especially since JR has up to 1024
1456 	 * entries (more than the 10 entries from crypto-engine).
1457 	 */
1458 	if (req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)
1459 		ret = crypto_transfer_aead_request_to_engine(jrpriv->engine,
1460 							     req);
1461 	else
1462 		ret = caam_jr_enqueue(jrdev, desc, aead_crypt_done, req);
1463 
1464 	if ((ret != -EINPROGRESS) && (ret != -EBUSY)) {
1465 		aead_unmap(jrdev, edesc, req);
1466 		kfree(rctx->edesc);
1467 	}
1468 
1469 	return ret;
1470 }
1471 
1472 static inline int chachapoly_crypt(struct aead_request *req, bool encrypt)
1473 {
1474 	struct aead_edesc *edesc;
1475 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1476 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
1477 	struct device *jrdev = ctx->jrdev;
1478 	bool all_contig;
1479 	u32 *desc;
1480 
1481 	edesc = aead_edesc_alloc(req, CHACHAPOLY_DESC_JOB_IO_LEN, &all_contig,
1482 				 encrypt);
1483 	if (IS_ERR(edesc))
1484 		return PTR_ERR(edesc);
1485 
1486 	desc = edesc->hw_desc;
1487 
1488 	init_chachapoly_job(req, edesc, all_contig, encrypt);
1489 	print_hex_dump_debug("chachapoly jobdesc@" __stringify(__LINE__)": ",
1490 			     DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
1491 			     1);
1492 
1493 	return aead_enqueue_req(jrdev, req);
1494 }
1495 
1496 static int chachapoly_encrypt(struct aead_request *req)
1497 {
1498 	return chachapoly_crypt(req, true);
1499 }
1500 
1501 static int chachapoly_decrypt(struct aead_request *req)
1502 {
1503 	return chachapoly_crypt(req, false);
1504 }
1505 
1506 static inline int aead_crypt(struct aead_request *req, bool encrypt)
1507 {
1508 	struct aead_edesc *edesc;
1509 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1510 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
1511 	struct device *jrdev = ctx->jrdev;
1512 	bool all_contig;
1513 
1514 	/* allocate extended descriptor */
1515 	edesc = aead_edesc_alloc(req, AUTHENC_DESC_JOB_IO_LEN,
1516 				 &all_contig, encrypt);
1517 	if (IS_ERR(edesc))
1518 		return PTR_ERR(edesc);
1519 
1520 	/* Create and submit job descriptor */
1521 	init_authenc_job(req, edesc, all_contig, encrypt);
1522 
1523 	print_hex_dump_debug("aead jobdesc@"__stringify(__LINE__)": ",
1524 			     DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
1525 			     desc_bytes(edesc->hw_desc), 1);
1526 
1527 	return aead_enqueue_req(jrdev, req);
1528 }
1529 
1530 static int aead_encrypt(struct aead_request *req)
1531 {
1532 	return aead_crypt(req, true);
1533 }
1534 
1535 static int aead_decrypt(struct aead_request *req)
1536 {
1537 	return aead_crypt(req, false);
1538 }
1539 
1540 static int aead_do_one_req(struct crypto_engine *engine, void *areq)
1541 {
1542 	struct aead_request *req = aead_request_cast(areq);
1543 	struct caam_ctx *ctx = crypto_aead_ctx_dma(crypto_aead_reqtfm(req));
1544 	struct caam_aead_req_ctx *rctx = aead_request_ctx(req);
1545 	u32 *desc = rctx->edesc->hw_desc;
1546 	int ret;
1547 
1548 	rctx->edesc->bklog = true;
1549 
1550 	ret = caam_jr_enqueue(ctx->jrdev, desc, aead_crypt_done, req);
1551 
1552 	if (ret == -ENOSPC && engine->retry_support)
1553 		return ret;
1554 
1555 	if (ret != -EINPROGRESS) {
1556 		aead_unmap(ctx->jrdev, rctx->edesc, req);
1557 		kfree(rctx->edesc);
1558 	} else {
1559 		ret = 0;
1560 	}
1561 
1562 	return ret;
1563 }
1564 
1565 static inline int gcm_crypt(struct aead_request *req, bool encrypt)
1566 {
1567 	struct aead_edesc *edesc;
1568 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1569 	struct caam_ctx *ctx = crypto_aead_ctx_dma(aead);
1570 	struct device *jrdev = ctx->jrdev;
1571 	bool all_contig;
1572 
1573 	/* allocate extended descriptor */
1574 	edesc = aead_edesc_alloc(req, GCM_DESC_JOB_IO_LEN, &all_contig,
1575 				 encrypt);
1576 	if (IS_ERR(edesc))
1577 		return PTR_ERR(edesc);
1578 
1579 	/* Create and submit job descriptor */
1580 	init_gcm_job(req, edesc, all_contig, encrypt);
1581 
1582 	print_hex_dump_debug("aead jobdesc@"__stringify(__LINE__)": ",
1583 			     DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
1584 			     desc_bytes(edesc->hw_desc), 1);
1585 
1586 	return aead_enqueue_req(jrdev, req);
1587 }
1588 
1589 static int gcm_encrypt(struct aead_request *req)
1590 {
1591 	return gcm_crypt(req, true);
1592 }
1593 
1594 static int gcm_decrypt(struct aead_request *req)
1595 {
1596 	return gcm_crypt(req, false);
1597 }
1598 
1599 static int ipsec_gcm_encrypt(struct aead_request *req)
1600 {
1601 	return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_encrypt(req);
1602 }
1603 
1604 static int ipsec_gcm_decrypt(struct aead_request *req)
1605 {
1606 	return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_decrypt(req);
1607 }
1608 
1609 /*
1610  * allocate and map the skcipher extended descriptor for skcipher
1611  */
1612 static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req,
1613 						   int desc_bytes)
1614 {
1615 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1616 	struct caam_ctx *ctx = crypto_skcipher_ctx_dma(skcipher);
1617 	struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req);
1618 	struct device *jrdev = ctx->jrdev;
1619 	gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
1620 		       GFP_KERNEL : GFP_ATOMIC;
1621 	int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
1622 	struct skcipher_edesc *edesc;
1623 	dma_addr_t iv_dma = 0;
1624 	u8 *iv;
1625 	int ivsize = crypto_skcipher_ivsize(skcipher);
1626 	int dst_sg_idx, sec4_sg_ents, sec4_sg_bytes;
1627 	unsigned int aligned_size;
1628 
1629 	src_nents = sg_nents_for_len(req->src, req->cryptlen);
1630 	if (unlikely(src_nents < 0)) {
1631 		dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
1632 			req->cryptlen);
1633 		return ERR_PTR(src_nents);
1634 	}
1635 
1636 	if (req->dst != req->src) {
1637 		dst_nents = sg_nents_for_len(req->dst, req->cryptlen);
1638 		if (unlikely(dst_nents < 0)) {
1639 			dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n",
1640 				req->cryptlen);
1641 			return ERR_PTR(dst_nents);
1642 		}
1643 	}
1644 
1645 	if (likely(req->src == req->dst)) {
1646 		mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents,
1647 					      DMA_BIDIRECTIONAL);
1648 		if (unlikely(!mapped_src_nents)) {
1649 			dev_err(jrdev, "unable to map source\n");
1650 			return ERR_PTR(-ENOMEM);
1651 		}
1652 	} else {
1653 		mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents,
1654 					      DMA_TO_DEVICE);
1655 		if (unlikely(!mapped_src_nents)) {
1656 			dev_err(jrdev, "unable to map source\n");
1657 			return ERR_PTR(-ENOMEM);
1658 		}
1659 		mapped_dst_nents = dma_map_sg(jrdev, req->dst, dst_nents,
1660 					      DMA_FROM_DEVICE);
1661 		if (unlikely(!mapped_dst_nents)) {
1662 			dev_err(jrdev, "unable to map destination\n");
1663 			dma_unmap_sg(jrdev, req->src, src_nents, DMA_TO_DEVICE);
1664 			return ERR_PTR(-ENOMEM);
1665 		}
1666 	}
1667 
1668 	if (!ivsize && mapped_src_nents == 1)
1669 		sec4_sg_ents = 0; // no need for an input hw s/g table
1670 	else
1671 		sec4_sg_ents = mapped_src_nents + !!ivsize;
1672 	dst_sg_idx = sec4_sg_ents;
1673 
1674 	/*
1675 	 * Input, output HW S/G tables: [IV, src][dst, IV]
1676 	 * IV entries point to the same buffer
1677 	 * If src == dst, S/G entries are reused (S/G tables overlap)
1678 	 *
1679 	 * HW reads 4 S/G entries at a time; make sure the reads don't go beyond
1680 	 * the end of the table by allocating more S/G entries. Logic:
1681 	 * if (output S/G)
1682 	 *      pad output S/G, if needed
1683 	 * else if (input S/G) ...
1684 	 *      pad input S/G, if needed
1685 	 */
1686 	if (ivsize || mapped_dst_nents > 1) {
1687 		if (req->src == req->dst)
1688 			sec4_sg_ents = !!ivsize + pad_sg_nents(sec4_sg_ents);
1689 		else
1690 			sec4_sg_ents += pad_sg_nents(mapped_dst_nents +
1691 						     !!ivsize);
1692 	} else {
1693 		sec4_sg_ents = pad_sg_nents(sec4_sg_ents);
1694 	}
1695 
1696 	sec4_sg_bytes = sec4_sg_ents * sizeof(struct sec4_sg_entry);
1697 
1698 	/*
1699 	 * allocate space for base edesc and hw desc commands, link tables, IV
1700 	 */
1701 	aligned_size = sizeof(*edesc) + desc_bytes + sec4_sg_bytes;
1702 	aligned_size = ALIGN(aligned_size, dma_get_cache_alignment());
1703 	aligned_size += ~(ARCH_KMALLOC_MINALIGN - 1) &
1704 			(dma_get_cache_alignment() - 1);
1705 	aligned_size += ALIGN(ivsize, dma_get_cache_alignment());
1706 	edesc = kzalloc(aligned_size, flags);
1707 	if (!edesc) {
1708 		dev_err(jrdev, "could not allocate extended descriptor\n");
1709 		caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0,
1710 			   0, 0, 0);
1711 		return ERR_PTR(-ENOMEM);
1712 	}
1713 
1714 	edesc->src_nents = src_nents;
1715 	edesc->dst_nents = dst_nents;
1716 	edesc->mapped_src_nents = mapped_src_nents;
1717 	edesc->mapped_dst_nents = mapped_dst_nents;
1718 	edesc->sec4_sg_bytes = sec4_sg_bytes;
1719 	edesc->sec4_sg = (struct sec4_sg_entry *)((u8 *)edesc->hw_desc +
1720 						  desc_bytes);
1721 	rctx->edesc = edesc;
1722 
1723 	/* Make sure IV is located in a DMAable area */
1724 	if (ivsize) {
1725 		iv = skcipher_edesc_iv(edesc);
1726 		memcpy(iv, req->iv, ivsize);
1727 
1728 		iv_dma = dma_map_single(jrdev, iv, ivsize, DMA_BIDIRECTIONAL);
1729 		if (dma_mapping_error(jrdev, iv_dma)) {
1730 			dev_err(jrdev, "unable to map IV\n");
1731 			caam_unmap(jrdev, req->src, req->dst, src_nents,
1732 				   dst_nents, 0, 0, 0, 0);
1733 			kfree(edesc);
1734 			return ERR_PTR(-ENOMEM);
1735 		}
1736 
1737 		dma_to_sec4_sg_one(edesc->sec4_sg, iv_dma, ivsize, 0);
1738 	}
1739 	if (dst_sg_idx)
1740 		sg_to_sec4_sg(req->src, req->cryptlen, edesc->sec4_sg +
1741 			      !!ivsize, 0);
1742 
1743 	if (req->src != req->dst && (ivsize || mapped_dst_nents > 1))
1744 		sg_to_sec4_sg(req->dst, req->cryptlen, edesc->sec4_sg +
1745 			      dst_sg_idx, 0);
1746 
1747 	if (ivsize)
1748 		dma_to_sec4_sg_one(edesc->sec4_sg + dst_sg_idx +
1749 				   mapped_dst_nents, iv_dma, ivsize, 0);
1750 
1751 	if (ivsize || mapped_dst_nents > 1)
1752 		sg_to_sec4_set_last(edesc->sec4_sg + dst_sg_idx +
1753 				    mapped_dst_nents - 1 + !!ivsize);
1754 
1755 	if (sec4_sg_bytes) {
1756 		edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg,
1757 						    sec4_sg_bytes,
1758 						    DMA_TO_DEVICE);
1759 		if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) {
1760 			dev_err(jrdev, "unable to map S/G table\n");
1761 			caam_unmap(jrdev, req->src, req->dst, src_nents,
1762 				   dst_nents, iv_dma, ivsize, 0, 0);
1763 			kfree(edesc);
1764 			return ERR_PTR(-ENOMEM);
1765 		}
1766 	}
1767 
1768 	edesc->iv_dma = iv_dma;
1769 
1770 	print_hex_dump_debug("skcipher sec4_sg@" __stringify(__LINE__)": ",
1771 			     DUMP_PREFIX_ADDRESS, 16, 4, edesc->sec4_sg,
1772 			     sec4_sg_bytes, 1);
1773 
1774 	return edesc;
1775 }
1776 
1777 static int skcipher_do_one_req(struct crypto_engine *engine, void *areq)
1778 {
1779 	struct skcipher_request *req = skcipher_request_cast(areq);
1780 	struct caam_ctx *ctx = crypto_skcipher_ctx_dma(crypto_skcipher_reqtfm(req));
1781 	struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req);
1782 	u32 *desc = rctx->edesc->hw_desc;
1783 	int ret;
1784 
1785 	rctx->edesc->bklog = true;
1786 
1787 	ret = caam_jr_enqueue(ctx->jrdev, desc, skcipher_crypt_done, req);
1788 
1789 	if (ret == -ENOSPC && engine->retry_support)
1790 		return ret;
1791 
1792 	if (ret != -EINPROGRESS) {
1793 		skcipher_unmap(ctx->jrdev, rctx->edesc, req);
1794 		kfree(rctx->edesc);
1795 	} else {
1796 		ret = 0;
1797 	}
1798 
1799 	return ret;
1800 }
1801 
1802 static inline bool xts_skcipher_ivsize(struct skcipher_request *req)
1803 {
1804 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1805 	unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
1806 
1807 	return !!get_unaligned((u64 *)(req->iv + (ivsize / 2)));
1808 }
1809 
1810 static inline int skcipher_crypt(struct skcipher_request *req, bool encrypt)
1811 {
1812 	struct skcipher_edesc *edesc;
1813 	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1814 	struct caam_ctx *ctx = crypto_skcipher_ctx_dma(skcipher);
1815 	struct device *jrdev = ctx->jrdev;
1816 	struct caam_drv_private_jr *jrpriv = dev_get_drvdata(jrdev);
1817 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
1818 	u32 *desc;
1819 	int ret = 0;
1820 
1821 	/*
1822 	 * XTS is expected to return an error even for input length = 0
1823 	 * Note that the case input length < block size will be caught during
1824 	 * HW offloading and return an error.
1825 	 */
1826 	if (!req->cryptlen && !ctx->fallback)
1827 		return 0;
1828 
1829 	if (ctx->fallback && ((ctrlpriv->era <= 8 && xts_skcipher_ivsize(req)) ||
1830 			      ctx->xts_key_fallback)) {
1831 		struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req);
1832 
1833 		skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback);
1834 		skcipher_request_set_callback(&rctx->fallback_req,
1835 					      req->base.flags,
1836 					      req->base.complete,
1837 					      req->base.data);
1838 		skcipher_request_set_crypt(&rctx->fallback_req, req->src,
1839 					   req->dst, req->cryptlen, req->iv);
1840 
1841 		return encrypt ? crypto_skcipher_encrypt(&rctx->fallback_req) :
1842 				 crypto_skcipher_decrypt(&rctx->fallback_req);
1843 	}
1844 
1845 	/* allocate extended descriptor */
1846 	edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ);
1847 	if (IS_ERR(edesc))
1848 		return PTR_ERR(edesc);
1849 
1850 	/* Create and submit job descriptor*/
1851 	init_skcipher_job(req, edesc, encrypt);
1852 
1853 	print_hex_dump_debug("skcipher jobdesc@" __stringify(__LINE__)": ",
1854 			     DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
1855 			     desc_bytes(edesc->hw_desc), 1);
1856 
1857 	desc = edesc->hw_desc;
1858 	/*
1859 	 * Only the backlog request are sent to crypto-engine since the others
1860 	 * can be handled by CAAM, if free, especially since JR has up to 1024
1861 	 * entries (more than the 10 entries from crypto-engine).
1862 	 */
1863 	if (req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)
1864 		ret = crypto_transfer_skcipher_request_to_engine(jrpriv->engine,
1865 								 req);
1866 	else
1867 		ret = caam_jr_enqueue(jrdev, desc, skcipher_crypt_done, req);
1868 
1869 	if ((ret != -EINPROGRESS) && (ret != -EBUSY)) {
1870 		skcipher_unmap(jrdev, edesc, req);
1871 		kfree(edesc);
1872 	}
1873 
1874 	return ret;
1875 }
1876 
1877 static int skcipher_encrypt(struct skcipher_request *req)
1878 {
1879 	return skcipher_crypt(req, true);
1880 }
1881 
1882 static int skcipher_decrypt(struct skcipher_request *req)
1883 {
1884 	return skcipher_crypt(req, false);
1885 }
1886 
1887 static struct caam_skcipher_alg driver_algs[] = {
1888 	{
1889 		.skcipher.base = {
1890 			.base = {
1891 				.cra_name = "cbc(aes)",
1892 				.cra_driver_name = "cbc-aes-caam",
1893 				.cra_blocksize = AES_BLOCK_SIZE,
1894 			},
1895 			.setkey = aes_skcipher_setkey,
1896 			.encrypt = skcipher_encrypt,
1897 			.decrypt = skcipher_decrypt,
1898 			.min_keysize = AES_MIN_KEY_SIZE,
1899 			.max_keysize = AES_MAX_KEY_SIZE,
1900 			.ivsize = AES_BLOCK_SIZE,
1901 		},
1902 		.skcipher.op = {
1903 			.do_one_request = skcipher_do_one_req,
1904 		},
1905 		.caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1906 	},
1907 	{
1908 		.skcipher.base = {
1909 			.base = {
1910 				.cra_name = "cbc(des3_ede)",
1911 				.cra_driver_name = "cbc-3des-caam",
1912 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
1913 			},
1914 			.setkey = des3_skcipher_setkey,
1915 			.encrypt = skcipher_encrypt,
1916 			.decrypt = skcipher_decrypt,
1917 			.min_keysize = DES3_EDE_KEY_SIZE,
1918 			.max_keysize = DES3_EDE_KEY_SIZE,
1919 			.ivsize = DES3_EDE_BLOCK_SIZE,
1920 		},
1921 		.skcipher.op = {
1922 			.do_one_request = skcipher_do_one_req,
1923 		},
1924 		.caam.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1925 	},
1926 	{
1927 		.skcipher.base = {
1928 			.base = {
1929 				.cra_name = "cbc(des)",
1930 				.cra_driver_name = "cbc-des-caam",
1931 				.cra_blocksize = DES_BLOCK_SIZE,
1932 			},
1933 			.setkey = des_skcipher_setkey,
1934 			.encrypt = skcipher_encrypt,
1935 			.decrypt = skcipher_decrypt,
1936 			.min_keysize = DES_KEY_SIZE,
1937 			.max_keysize = DES_KEY_SIZE,
1938 			.ivsize = DES_BLOCK_SIZE,
1939 		},
1940 		.skcipher.op = {
1941 			.do_one_request = skcipher_do_one_req,
1942 		},
1943 		.caam.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
1944 	},
1945 	{
1946 		.skcipher.base = {
1947 			.base = {
1948 				.cra_name = "ctr(aes)",
1949 				.cra_driver_name = "ctr-aes-caam",
1950 				.cra_blocksize = 1,
1951 			},
1952 			.setkey = ctr_skcipher_setkey,
1953 			.encrypt = skcipher_encrypt,
1954 			.decrypt = skcipher_decrypt,
1955 			.min_keysize = AES_MIN_KEY_SIZE,
1956 			.max_keysize = AES_MAX_KEY_SIZE,
1957 			.ivsize = AES_BLOCK_SIZE,
1958 			.chunksize = AES_BLOCK_SIZE,
1959 		},
1960 		.skcipher.op = {
1961 			.do_one_request = skcipher_do_one_req,
1962 		},
1963 		.caam.class1_alg_type = OP_ALG_ALGSEL_AES |
1964 					OP_ALG_AAI_CTR_MOD128,
1965 	},
1966 	{
1967 		.skcipher.base = {
1968 			.base = {
1969 				.cra_name = "rfc3686(ctr(aes))",
1970 				.cra_driver_name = "rfc3686-ctr-aes-caam",
1971 				.cra_blocksize = 1,
1972 			},
1973 			.setkey = rfc3686_skcipher_setkey,
1974 			.encrypt = skcipher_encrypt,
1975 			.decrypt = skcipher_decrypt,
1976 			.min_keysize = AES_MIN_KEY_SIZE +
1977 				       CTR_RFC3686_NONCE_SIZE,
1978 			.max_keysize = AES_MAX_KEY_SIZE +
1979 				       CTR_RFC3686_NONCE_SIZE,
1980 			.ivsize = CTR_RFC3686_IV_SIZE,
1981 			.chunksize = AES_BLOCK_SIZE,
1982 		},
1983 		.skcipher.op = {
1984 			.do_one_request = skcipher_do_one_req,
1985 		},
1986 		.caam = {
1987 			.class1_alg_type = OP_ALG_ALGSEL_AES |
1988 					   OP_ALG_AAI_CTR_MOD128,
1989 			.rfc3686 = true,
1990 		},
1991 	},
1992 	{
1993 		.skcipher.base = {
1994 			.base = {
1995 				.cra_name = "xts(aes)",
1996 				.cra_driver_name = "xts-aes-caam",
1997 				.cra_flags = CRYPTO_ALG_NEED_FALLBACK,
1998 				.cra_blocksize = AES_BLOCK_SIZE,
1999 			},
2000 			.setkey = xts_skcipher_setkey,
2001 			.encrypt = skcipher_encrypt,
2002 			.decrypt = skcipher_decrypt,
2003 			.min_keysize = 2 * AES_MIN_KEY_SIZE,
2004 			.max_keysize = 2 * AES_MAX_KEY_SIZE,
2005 			.ivsize = AES_BLOCK_SIZE,
2006 		},
2007 		.skcipher.op = {
2008 			.do_one_request = skcipher_do_one_req,
2009 		},
2010 		.caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_XTS,
2011 	},
2012 	{
2013 		.skcipher.base = {
2014 			.base = {
2015 				.cra_name = "ecb(des)",
2016 				.cra_driver_name = "ecb-des-caam",
2017 				.cra_blocksize = DES_BLOCK_SIZE,
2018 			},
2019 			.setkey = des_skcipher_setkey,
2020 			.encrypt = skcipher_encrypt,
2021 			.decrypt = skcipher_decrypt,
2022 			.min_keysize = DES_KEY_SIZE,
2023 			.max_keysize = DES_KEY_SIZE,
2024 		},
2025 		.skcipher.op = {
2026 			.do_one_request = skcipher_do_one_req,
2027 		},
2028 		.caam.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_ECB,
2029 	},
2030 	{
2031 		.skcipher.base = {
2032 			.base = {
2033 				.cra_name = "ecb(aes)",
2034 				.cra_driver_name = "ecb-aes-caam",
2035 				.cra_blocksize = AES_BLOCK_SIZE,
2036 			},
2037 			.setkey = aes_skcipher_setkey,
2038 			.encrypt = skcipher_encrypt,
2039 			.decrypt = skcipher_decrypt,
2040 			.min_keysize = AES_MIN_KEY_SIZE,
2041 			.max_keysize = AES_MAX_KEY_SIZE,
2042 		},
2043 		.skcipher.op = {
2044 			.do_one_request = skcipher_do_one_req,
2045 		},
2046 		.caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_ECB,
2047 	},
2048 	{
2049 		.skcipher.base = {
2050 			.base = {
2051 				.cra_name = "ecb(des3_ede)",
2052 				.cra_driver_name = "ecb-des3-caam",
2053 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2054 			},
2055 			.setkey = des3_skcipher_setkey,
2056 			.encrypt = skcipher_encrypt,
2057 			.decrypt = skcipher_decrypt,
2058 			.min_keysize = DES3_EDE_KEY_SIZE,
2059 			.max_keysize = DES3_EDE_KEY_SIZE,
2060 		},
2061 		.skcipher.op = {
2062 			.do_one_request = skcipher_do_one_req,
2063 		},
2064 		.caam.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_ECB,
2065 	},
2066 };
2067 
2068 static struct caam_aead_alg driver_aeads[] = {
2069 	{
2070 		.aead.base = {
2071 			.base = {
2072 				.cra_name = "rfc4106(gcm(aes))",
2073 				.cra_driver_name = "rfc4106-gcm-aes-caam",
2074 				.cra_blocksize = 1,
2075 			},
2076 			.setkey = rfc4106_setkey,
2077 			.setauthsize = rfc4106_setauthsize,
2078 			.encrypt = ipsec_gcm_encrypt,
2079 			.decrypt = ipsec_gcm_decrypt,
2080 			.ivsize = GCM_RFC4106_IV_SIZE,
2081 			.maxauthsize = AES_BLOCK_SIZE,
2082 		},
2083 		.aead.op = {
2084 			.do_one_request = aead_do_one_req,
2085 		},
2086 		.caam = {
2087 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
2088 			.nodkp = true,
2089 		},
2090 	},
2091 	{
2092 		.aead.base = {
2093 			.base = {
2094 				.cra_name = "rfc4543(gcm(aes))",
2095 				.cra_driver_name = "rfc4543-gcm-aes-caam",
2096 				.cra_blocksize = 1,
2097 			},
2098 			.setkey = rfc4543_setkey,
2099 			.setauthsize = rfc4543_setauthsize,
2100 			.encrypt = ipsec_gcm_encrypt,
2101 			.decrypt = ipsec_gcm_decrypt,
2102 			.ivsize = GCM_RFC4543_IV_SIZE,
2103 			.maxauthsize = AES_BLOCK_SIZE,
2104 		},
2105 		.aead.op = {
2106 			.do_one_request = aead_do_one_req,
2107 		},
2108 		.caam = {
2109 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
2110 			.nodkp = true,
2111 		},
2112 	},
2113 	/* Galois Counter Mode */
2114 	{
2115 		.aead.base = {
2116 			.base = {
2117 				.cra_name = "gcm(aes)",
2118 				.cra_driver_name = "gcm-aes-caam",
2119 				.cra_blocksize = 1,
2120 			},
2121 			.setkey = gcm_setkey,
2122 			.setauthsize = gcm_setauthsize,
2123 			.encrypt = gcm_encrypt,
2124 			.decrypt = gcm_decrypt,
2125 			.ivsize = GCM_AES_IV_SIZE,
2126 			.maxauthsize = AES_BLOCK_SIZE,
2127 		},
2128 		.aead.op = {
2129 			.do_one_request = aead_do_one_req,
2130 		},
2131 		.caam = {
2132 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
2133 			.nodkp = true,
2134 		},
2135 	},
2136 	/* single-pass ipsec_esp descriptor */
2137 	{
2138 		.aead.base = {
2139 			.base = {
2140 				.cra_name = "authenc(hmac(md5),"
2141 					    "ecb(cipher_null))",
2142 				.cra_driver_name = "authenc-hmac-md5-"
2143 						   "ecb-cipher_null-caam",
2144 				.cra_blocksize = NULL_BLOCK_SIZE,
2145 			},
2146 			.setkey = aead_setkey,
2147 			.setauthsize = aead_setauthsize,
2148 			.encrypt = aead_encrypt,
2149 			.decrypt = aead_decrypt,
2150 			.ivsize = NULL_IV_SIZE,
2151 			.maxauthsize = MD5_DIGEST_SIZE,
2152 		},
2153 		.aead.op = {
2154 			.do_one_request = aead_do_one_req,
2155 		},
2156 		.caam = {
2157 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
2158 					   OP_ALG_AAI_HMAC_PRECOMP,
2159 		},
2160 	},
2161 	{
2162 		.aead.base = {
2163 			.base = {
2164 				.cra_name = "authenc(hmac(sha1),"
2165 					    "ecb(cipher_null))",
2166 				.cra_driver_name = "authenc-hmac-sha1-"
2167 						   "ecb-cipher_null-caam",
2168 				.cra_blocksize = NULL_BLOCK_SIZE,
2169 			},
2170 			.setkey = aead_setkey,
2171 			.setauthsize = aead_setauthsize,
2172 			.encrypt = aead_encrypt,
2173 			.decrypt = aead_decrypt,
2174 			.ivsize = NULL_IV_SIZE,
2175 			.maxauthsize = SHA1_DIGEST_SIZE,
2176 		},
2177 		.aead.op = {
2178 			.do_one_request = aead_do_one_req,
2179 		},
2180 		.caam = {
2181 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2182 					   OP_ALG_AAI_HMAC_PRECOMP,
2183 		},
2184 	},
2185 	{
2186 		.aead.base = {
2187 			.base = {
2188 				.cra_name = "authenc(hmac(sha224),"
2189 					    "ecb(cipher_null))",
2190 				.cra_driver_name = "authenc-hmac-sha224-"
2191 						   "ecb-cipher_null-caam",
2192 				.cra_blocksize = NULL_BLOCK_SIZE,
2193 			},
2194 			.setkey = aead_setkey,
2195 			.setauthsize = aead_setauthsize,
2196 			.encrypt = aead_encrypt,
2197 			.decrypt = aead_decrypt,
2198 			.ivsize = NULL_IV_SIZE,
2199 			.maxauthsize = SHA224_DIGEST_SIZE,
2200 		},
2201 		.aead.op = {
2202 			.do_one_request = aead_do_one_req,
2203 		},
2204 		.caam = {
2205 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
2206 					   OP_ALG_AAI_HMAC_PRECOMP,
2207 		},
2208 	},
2209 	{
2210 		.aead.base = {
2211 			.base = {
2212 				.cra_name = "authenc(hmac(sha256),"
2213 					    "ecb(cipher_null))",
2214 				.cra_driver_name = "authenc-hmac-sha256-"
2215 						   "ecb-cipher_null-caam",
2216 				.cra_blocksize = NULL_BLOCK_SIZE,
2217 			},
2218 			.setkey = aead_setkey,
2219 			.setauthsize = aead_setauthsize,
2220 			.encrypt = aead_encrypt,
2221 			.decrypt = aead_decrypt,
2222 			.ivsize = NULL_IV_SIZE,
2223 			.maxauthsize = SHA256_DIGEST_SIZE,
2224 		},
2225 		.aead.op = {
2226 			.do_one_request = aead_do_one_req,
2227 		},
2228 		.caam = {
2229 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
2230 					   OP_ALG_AAI_HMAC_PRECOMP,
2231 		},
2232 	},
2233 	{
2234 		.aead.base = {
2235 			.base = {
2236 				.cra_name = "authenc(hmac(sha384),"
2237 					    "ecb(cipher_null))",
2238 				.cra_driver_name = "authenc-hmac-sha384-"
2239 						   "ecb-cipher_null-caam",
2240 				.cra_blocksize = NULL_BLOCK_SIZE,
2241 			},
2242 			.setkey = aead_setkey,
2243 			.setauthsize = aead_setauthsize,
2244 			.encrypt = aead_encrypt,
2245 			.decrypt = aead_decrypt,
2246 			.ivsize = NULL_IV_SIZE,
2247 			.maxauthsize = SHA384_DIGEST_SIZE,
2248 		},
2249 		.aead.op = {
2250 			.do_one_request = aead_do_one_req,
2251 		},
2252 		.caam = {
2253 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2254 					   OP_ALG_AAI_HMAC_PRECOMP,
2255 		},
2256 	},
2257 	{
2258 		.aead.base = {
2259 			.base = {
2260 				.cra_name = "authenc(hmac(sha512),"
2261 					    "ecb(cipher_null))",
2262 				.cra_driver_name = "authenc-hmac-sha512-"
2263 						   "ecb-cipher_null-caam",
2264 				.cra_blocksize = NULL_BLOCK_SIZE,
2265 			},
2266 			.setkey = aead_setkey,
2267 			.setauthsize = aead_setauthsize,
2268 			.encrypt = aead_encrypt,
2269 			.decrypt = aead_decrypt,
2270 			.ivsize = NULL_IV_SIZE,
2271 			.maxauthsize = SHA512_DIGEST_SIZE,
2272 		},
2273 		.aead.op = {
2274 			.do_one_request = aead_do_one_req,
2275 		},
2276 		.caam = {
2277 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2278 					   OP_ALG_AAI_HMAC_PRECOMP,
2279 		},
2280 	},
2281 	{
2282 		.aead.base = {
2283 			.base = {
2284 				.cra_name = "authenc(hmac(md5),cbc(aes))",
2285 				.cra_driver_name = "authenc-hmac-md5-"
2286 						   "cbc-aes-caam",
2287 				.cra_blocksize = AES_BLOCK_SIZE,
2288 			},
2289 			.setkey = aead_setkey,
2290 			.setauthsize = aead_setauthsize,
2291 			.encrypt = aead_encrypt,
2292 			.decrypt = aead_decrypt,
2293 			.ivsize = AES_BLOCK_SIZE,
2294 			.maxauthsize = MD5_DIGEST_SIZE,
2295 		},
2296 		.aead.op = {
2297 			.do_one_request = aead_do_one_req,
2298 		},
2299 		.caam = {
2300 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2301 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
2302 					   OP_ALG_AAI_HMAC_PRECOMP,
2303 		},
2304 	},
2305 	{
2306 		.aead.base = {
2307 			.base = {
2308 				.cra_name = "echainiv(authenc(hmac(md5),"
2309 					    "cbc(aes)))",
2310 				.cra_driver_name = "echainiv-authenc-hmac-md5-"
2311 						   "cbc-aes-caam",
2312 				.cra_blocksize = AES_BLOCK_SIZE,
2313 			},
2314 			.setkey = aead_setkey,
2315 			.setauthsize = aead_setauthsize,
2316 			.encrypt = aead_encrypt,
2317 			.decrypt = aead_decrypt,
2318 			.ivsize = AES_BLOCK_SIZE,
2319 			.maxauthsize = MD5_DIGEST_SIZE,
2320 		},
2321 		.aead.op = {
2322 			.do_one_request = aead_do_one_req,
2323 		},
2324 		.caam = {
2325 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2326 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
2327 					   OP_ALG_AAI_HMAC_PRECOMP,
2328 			.geniv = true,
2329 		},
2330 	},
2331 	{
2332 		.aead.base = {
2333 			.base = {
2334 				.cra_name = "authenc(hmac(sha1),cbc(aes))",
2335 				.cra_driver_name = "authenc-hmac-sha1-"
2336 						   "cbc-aes-caam",
2337 				.cra_blocksize = AES_BLOCK_SIZE,
2338 			},
2339 			.setkey = aead_setkey,
2340 			.setauthsize = aead_setauthsize,
2341 			.encrypt = aead_encrypt,
2342 			.decrypt = aead_decrypt,
2343 			.ivsize = AES_BLOCK_SIZE,
2344 			.maxauthsize = SHA1_DIGEST_SIZE,
2345 		},
2346 		.aead.op = {
2347 			.do_one_request = aead_do_one_req,
2348 		},
2349 		.caam = {
2350 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2351 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2352 					   OP_ALG_AAI_HMAC_PRECOMP,
2353 		},
2354 	},
2355 	{
2356 		.aead.base = {
2357 			.base = {
2358 				.cra_name = "echainiv(authenc(hmac(sha1),"
2359 					    "cbc(aes)))",
2360 				.cra_driver_name = "echainiv-authenc-"
2361 						   "hmac-sha1-cbc-aes-caam",
2362 				.cra_blocksize = AES_BLOCK_SIZE,
2363 			},
2364 			.setkey = aead_setkey,
2365 			.setauthsize = aead_setauthsize,
2366 			.encrypt = aead_encrypt,
2367 			.decrypt = aead_decrypt,
2368 			.ivsize = AES_BLOCK_SIZE,
2369 			.maxauthsize = SHA1_DIGEST_SIZE,
2370 		},
2371 		.aead.op = {
2372 			.do_one_request = aead_do_one_req,
2373 		},
2374 		.caam = {
2375 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2376 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2377 					   OP_ALG_AAI_HMAC_PRECOMP,
2378 			.geniv = true,
2379 		},
2380 	},
2381 	{
2382 		.aead.base = {
2383 			.base = {
2384 				.cra_name = "authenc(hmac(sha224),cbc(aes))",
2385 				.cra_driver_name = "authenc-hmac-sha224-"
2386 						   "cbc-aes-caam",
2387 				.cra_blocksize = AES_BLOCK_SIZE,
2388 			},
2389 			.setkey = aead_setkey,
2390 			.setauthsize = aead_setauthsize,
2391 			.encrypt = aead_encrypt,
2392 			.decrypt = aead_decrypt,
2393 			.ivsize = AES_BLOCK_SIZE,
2394 			.maxauthsize = SHA224_DIGEST_SIZE,
2395 		},
2396 		.aead.op = {
2397 			.do_one_request = aead_do_one_req,
2398 		},
2399 		.caam = {
2400 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2401 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
2402 					   OP_ALG_AAI_HMAC_PRECOMP,
2403 		},
2404 	},
2405 	{
2406 		.aead.base = {
2407 			.base = {
2408 				.cra_name = "echainiv(authenc(hmac(sha224),"
2409 					    "cbc(aes)))",
2410 				.cra_driver_name = "echainiv-authenc-"
2411 						   "hmac-sha224-cbc-aes-caam",
2412 				.cra_blocksize = AES_BLOCK_SIZE,
2413 			},
2414 			.setkey = aead_setkey,
2415 			.setauthsize = aead_setauthsize,
2416 			.encrypt = aead_encrypt,
2417 			.decrypt = aead_decrypt,
2418 			.ivsize = AES_BLOCK_SIZE,
2419 			.maxauthsize = SHA224_DIGEST_SIZE,
2420 		},
2421 		.aead.op = {
2422 			.do_one_request = aead_do_one_req,
2423 		},
2424 		.caam = {
2425 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2426 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
2427 					   OP_ALG_AAI_HMAC_PRECOMP,
2428 			.geniv = true,
2429 		},
2430 	},
2431 	{
2432 		.aead.base = {
2433 			.base = {
2434 				.cra_name = "authenc(hmac(sha256),cbc(aes))",
2435 				.cra_driver_name = "authenc-hmac-sha256-"
2436 						   "cbc-aes-caam",
2437 				.cra_blocksize = AES_BLOCK_SIZE,
2438 			},
2439 			.setkey = aead_setkey,
2440 			.setauthsize = aead_setauthsize,
2441 			.encrypt = aead_encrypt,
2442 			.decrypt = aead_decrypt,
2443 			.ivsize = AES_BLOCK_SIZE,
2444 			.maxauthsize = SHA256_DIGEST_SIZE,
2445 		},
2446 		.aead.op = {
2447 			.do_one_request = aead_do_one_req,
2448 		},
2449 		.caam = {
2450 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2451 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
2452 					   OP_ALG_AAI_HMAC_PRECOMP,
2453 		},
2454 	},
2455 	{
2456 		.aead.base = {
2457 			.base = {
2458 				.cra_name = "echainiv(authenc(hmac(sha256),"
2459 					    "cbc(aes)))",
2460 				.cra_driver_name = "echainiv-authenc-"
2461 						   "hmac-sha256-cbc-aes-caam",
2462 				.cra_blocksize = AES_BLOCK_SIZE,
2463 			},
2464 			.setkey = aead_setkey,
2465 			.setauthsize = aead_setauthsize,
2466 			.encrypt = aead_encrypt,
2467 			.decrypt = aead_decrypt,
2468 			.ivsize = AES_BLOCK_SIZE,
2469 			.maxauthsize = SHA256_DIGEST_SIZE,
2470 		},
2471 		.aead.op = {
2472 			.do_one_request = aead_do_one_req,
2473 		},
2474 		.caam = {
2475 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2476 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
2477 					   OP_ALG_AAI_HMAC_PRECOMP,
2478 			.geniv = true,
2479 		},
2480 	},
2481 	{
2482 		.aead.base = {
2483 			.base = {
2484 				.cra_name = "authenc(hmac(sha384),cbc(aes))",
2485 				.cra_driver_name = "authenc-hmac-sha384-"
2486 						   "cbc-aes-caam",
2487 				.cra_blocksize = AES_BLOCK_SIZE,
2488 			},
2489 			.setkey = aead_setkey,
2490 			.setauthsize = aead_setauthsize,
2491 			.encrypt = aead_encrypt,
2492 			.decrypt = aead_decrypt,
2493 			.ivsize = AES_BLOCK_SIZE,
2494 			.maxauthsize = SHA384_DIGEST_SIZE,
2495 		},
2496 		.aead.op = {
2497 			.do_one_request = aead_do_one_req,
2498 		},
2499 		.caam = {
2500 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2501 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2502 					   OP_ALG_AAI_HMAC_PRECOMP,
2503 		},
2504 	},
2505 	{
2506 		.aead.base = {
2507 			.base = {
2508 				.cra_name = "echainiv(authenc(hmac(sha384),"
2509 					    "cbc(aes)))",
2510 				.cra_driver_name = "echainiv-authenc-"
2511 						   "hmac-sha384-cbc-aes-caam",
2512 				.cra_blocksize = AES_BLOCK_SIZE,
2513 			},
2514 			.setkey = aead_setkey,
2515 			.setauthsize = aead_setauthsize,
2516 			.encrypt = aead_encrypt,
2517 			.decrypt = aead_decrypt,
2518 			.ivsize = AES_BLOCK_SIZE,
2519 			.maxauthsize = SHA384_DIGEST_SIZE,
2520 		},
2521 		.aead.op = {
2522 			.do_one_request = aead_do_one_req,
2523 		},
2524 		.caam = {
2525 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2526 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2527 					   OP_ALG_AAI_HMAC_PRECOMP,
2528 			.geniv = true,
2529 		},
2530 	},
2531 	{
2532 		.aead.base = {
2533 			.base = {
2534 				.cra_name = "authenc(hmac(sha512),cbc(aes))",
2535 				.cra_driver_name = "authenc-hmac-sha512-"
2536 						   "cbc-aes-caam",
2537 				.cra_blocksize = AES_BLOCK_SIZE,
2538 			},
2539 			.setkey = aead_setkey,
2540 			.setauthsize = aead_setauthsize,
2541 			.encrypt = aead_encrypt,
2542 			.decrypt = aead_decrypt,
2543 			.ivsize = AES_BLOCK_SIZE,
2544 			.maxauthsize = SHA512_DIGEST_SIZE,
2545 		},
2546 		.aead.op = {
2547 			.do_one_request = aead_do_one_req,
2548 		},
2549 		.caam = {
2550 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2551 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2552 					   OP_ALG_AAI_HMAC_PRECOMP,
2553 		},
2554 	},
2555 	{
2556 		.aead.base = {
2557 			.base = {
2558 				.cra_name = "echainiv(authenc(hmac(sha512),"
2559 					    "cbc(aes)))",
2560 				.cra_driver_name = "echainiv-authenc-"
2561 						   "hmac-sha512-cbc-aes-caam",
2562 				.cra_blocksize = AES_BLOCK_SIZE,
2563 			},
2564 			.setkey = aead_setkey,
2565 			.setauthsize = aead_setauthsize,
2566 			.encrypt = aead_encrypt,
2567 			.decrypt = aead_decrypt,
2568 			.ivsize = AES_BLOCK_SIZE,
2569 			.maxauthsize = SHA512_DIGEST_SIZE,
2570 		},
2571 		.aead.op = {
2572 			.do_one_request = aead_do_one_req,
2573 		},
2574 		.caam = {
2575 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
2576 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2577 					   OP_ALG_AAI_HMAC_PRECOMP,
2578 			.geniv = true,
2579 		},
2580 	},
2581 	{
2582 		.aead.base = {
2583 			.base = {
2584 				.cra_name = "authenc(hmac(md5),cbc(des3_ede))",
2585 				.cra_driver_name = "authenc-hmac-md5-"
2586 						   "cbc-des3_ede-caam",
2587 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2588 			},
2589 			.setkey = des3_aead_setkey,
2590 			.setauthsize = aead_setauthsize,
2591 			.encrypt = aead_encrypt,
2592 			.decrypt = aead_decrypt,
2593 			.ivsize = DES3_EDE_BLOCK_SIZE,
2594 			.maxauthsize = MD5_DIGEST_SIZE,
2595 		},
2596 		.aead.op = {
2597 			.do_one_request = aead_do_one_req,
2598 		},
2599 		.caam = {
2600 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2601 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
2602 					   OP_ALG_AAI_HMAC_PRECOMP,
2603 		}
2604 	},
2605 	{
2606 		.aead.base = {
2607 			.base = {
2608 				.cra_name = "echainiv(authenc(hmac(md5),"
2609 					    "cbc(des3_ede)))",
2610 				.cra_driver_name = "echainiv-authenc-hmac-md5-"
2611 						   "cbc-des3_ede-caam",
2612 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2613 			},
2614 			.setkey = des3_aead_setkey,
2615 			.setauthsize = aead_setauthsize,
2616 			.encrypt = aead_encrypt,
2617 			.decrypt = aead_decrypt,
2618 			.ivsize = DES3_EDE_BLOCK_SIZE,
2619 			.maxauthsize = MD5_DIGEST_SIZE,
2620 		},
2621 		.aead.op = {
2622 			.do_one_request = aead_do_one_req,
2623 		},
2624 		.caam = {
2625 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2626 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
2627 					   OP_ALG_AAI_HMAC_PRECOMP,
2628 			.geniv = true,
2629 		}
2630 	},
2631 	{
2632 		.aead.base = {
2633 			.base = {
2634 				.cra_name = "authenc(hmac(sha1),"
2635 					    "cbc(des3_ede))",
2636 				.cra_driver_name = "authenc-hmac-sha1-"
2637 						   "cbc-des3_ede-caam",
2638 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2639 			},
2640 			.setkey = des3_aead_setkey,
2641 			.setauthsize = aead_setauthsize,
2642 			.encrypt = aead_encrypt,
2643 			.decrypt = aead_decrypt,
2644 			.ivsize = DES3_EDE_BLOCK_SIZE,
2645 			.maxauthsize = SHA1_DIGEST_SIZE,
2646 		},
2647 		.aead.op = {
2648 			.do_one_request = aead_do_one_req,
2649 		},
2650 		.caam = {
2651 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2652 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2653 					   OP_ALG_AAI_HMAC_PRECOMP,
2654 		},
2655 	},
2656 	{
2657 		.aead.base = {
2658 			.base = {
2659 				.cra_name = "echainiv(authenc(hmac(sha1),"
2660 					    "cbc(des3_ede)))",
2661 				.cra_driver_name = "echainiv-authenc-"
2662 						   "hmac-sha1-"
2663 						   "cbc-des3_ede-caam",
2664 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2665 			},
2666 			.setkey = des3_aead_setkey,
2667 			.setauthsize = aead_setauthsize,
2668 			.encrypt = aead_encrypt,
2669 			.decrypt = aead_decrypt,
2670 			.ivsize = DES3_EDE_BLOCK_SIZE,
2671 			.maxauthsize = SHA1_DIGEST_SIZE,
2672 		},
2673 		.aead.op = {
2674 			.do_one_request = aead_do_one_req,
2675 		},
2676 		.caam = {
2677 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2678 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2679 					   OP_ALG_AAI_HMAC_PRECOMP,
2680 			.geniv = true,
2681 		},
2682 	},
2683 	{
2684 		.aead.base = {
2685 			.base = {
2686 				.cra_name = "authenc(hmac(sha224),"
2687 					    "cbc(des3_ede))",
2688 				.cra_driver_name = "authenc-hmac-sha224-"
2689 						   "cbc-des3_ede-caam",
2690 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2691 			},
2692 			.setkey = des3_aead_setkey,
2693 			.setauthsize = aead_setauthsize,
2694 			.encrypt = aead_encrypt,
2695 			.decrypt = aead_decrypt,
2696 			.ivsize = DES3_EDE_BLOCK_SIZE,
2697 			.maxauthsize = SHA224_DIGEST_SIZE,
2698 		},
2699 		.aead.op = {
2700 			.do_one_request = aead_do_one_req,
2701 		},
2702 		.caam = {
2703 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2704 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
2705 					   OP_ALG_AAI_HMAC_PRECOMP,
2706 		},
2707 	},
2708 	{
2709 		.aead.base = {
2710 			.base = {
2711 				.cra_name = "echainiv(authenc(hmac(sha224),"
2712 					    "cbc(des3_ede)))",
2713 				.cra_driver_name = "echainiv-authenc-"
2714 						   "hmac-sha224-"
2715 						   "cbc-des3_ede-caam",
2716 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2717 			},
2718 			.setkey = des3_aead_setkey,
2719 			.setauthsize = aead_setauthsize,
2720 			.encrypt = aead_encrypt,
2721 			.decrypt = aead_decrypt,
2722 			.ivsize = DES3_EDE_BLOCK_SIZE,
2723 			.maxauthsize = SHA224_DIGEST_SIZE,
2724 		},
2725 		.aead.op = {
2726 			.do_one_request = aead_do_one_req,
2727 		},
2728 		.caam = {
2729 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2730 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
2731 					   OP_ALG_AAI_HMAC_PRECOMP,
2732 			.geniv = true,
2733 		},
2734 	},
2735 	{
2736 		.aead.base = {
2737 			.base = {
2738 				.cra_name = "authenc(hmac(sha256),"
2739 					    "cbc(des3_ede))",
2740 				.cra_driver_name = "authenc-hmac-sha256-"
2741 						   "cbc-des3_ede-caam",
2742 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2743 			},
2744 			.setkey = des3_aead_setkey,
2745 			.setauthsize = aead_setauthsize,
2746 			.encrypt = aead_encrypt,
2747 			.decrypt = aead_decrypt,
2748 			.ivsize = DES3_EDE_BLOCK_SIZE,
2749 			.maxauthsize = SHA256_DIGEST_SIZE,
2750 		},
2751 		.aead.op = {
2752 			.do_one_request = aead_do_one_req,
2753 		},
2754 		.caam = {
2755 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2756 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
2757 					   OP_ALG_AAI_HMAC_PRECOMP,
2758 		},
2759 	},
2760 	{
2761 		.aead.base = {
2762 			.base = {
2763 				.cra_name = "echainiv(authenc(hmac(sha256),"
2764 					    "cbc(des3_ede)))",
2765 				.cra_driver_name = "echainiv-authenc-"
2766 						   "hmac-sha256-"
2767 						   "cbc-des3_ede-caam",
2768 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2769 			},
2770 			.setkey = des3_aead_setkey,
2771 			.setauthsize = aead_setauthsize,
2772 			.encrypt = aead_encrypt,
2773 			.decrypt = aead_decrypt,
2774 			.ivsize = DES3_EDE_BLOCK_SIZE,
2775 			.maxauthsize = SHA256_DIGEST_SIZE,
2776 		},
2777 		.aead.op = {
2778 			.do_one_request = aead_do_one_req,
2779 		},
2780 		.caam = {
2781 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2782 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
2783 					   OP_ALG_AAI_HMAC_PRECOMP,
2784 			.geniv = true,
2785 		},
2786 	},
2787 	{
2788 		.aead.base = {
2789 			.base = {
2790 				.cra_name = "authenc(hmac(sha384),"
2791 					    "cbc(des3_ede))",
2792 				.cra_driver_name = "authenc-hmac-sha384-"
2793 						   "cbc-des3_ede-caam",
2794 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2795 			},
2796 			.setkey = des3_aead_setkey,
2797 			.setauthsize = aead_setauthsize,
2798 			.encrypt = aead_encrypt,
2799 			.decrypt = aead_decrypt,
2800 			.ivsize = DES3_EDE_BLOCK_SIZE,
2801 			.maxauthsize = SHA384_DIGEST_SIZE,
2802 		},
2803 		.aead.op = {
2804 			.do_one_request = aead_do_one_req,
2805 		},
2806 		.caam = {
2807 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2808 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2809 					   OP_ALG_AAI_HMAC_PRECOMP,
2810 		},
2811 	},
2812 	{
2813 		.aead.base = {
2814 			.base = {
2815 				.cra_name = "echainiv(authenc(hmac(sha384),"
2816 					    "cbc(des3_ede)))",
2817 				.cra_driver_name = "echainiv-authenc-"
2818 						   "hmac-sha384-"
2819 						   "cbc-des3_ede-caam",
2820 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2821 			},
2822 			.setkey = des3_aead_setkey,
2823 			.setauthsize = aead_setauthsize,
2824 			.encrypt = aead_encrypt,
2825 			.decrypt = aead_decrypt,
2826 			.ivsize = DES3_EDE_BLOCK_SIZE,
2827 			.maxauthsize = SHA384_DIGEST_SIZE,
2828 		},
2829 		.aead.op = {
2830 			.do_one_request = aead_do_one_req,
2831 		},
2832 		.caam = {
2833 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2834 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2835 					   OP_ALG_AAI_HMAC_PRECOMP,
2836 			.geniv = true,
2837 		},
2838 	},
2839 	{
2840 		.aead.base = {
2841 			.base = {
2842 				.cra_name = "authenc(hmac(sha512),"
2843 					    "cbc(des3_ede))",
2844 				.cra_driver_name = "authenc-hmac-sha512-"
2845 						   "cbc-des3_ede-caam",
2846 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2847 			},
2848 			.setkey = des3_aead_setkey,
2849 			.setauthsize = aead_setauthsize,
2850 			.encrypt = aead_encrypt,
2851 			.decrypt = aead_decrypt,
2852 			.ivsize = DES3_EDE_BLOCK_SIZE,
2853 			.maxauthsize = SHA512_DIGEST_SIZE,
2854 		},
2855 		.aead.op = {
2856 			.do_one_request = aead_do_one_req,
2857 		},
2858 		.caam = {
2859 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2860 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2861 					   OP_ALG_AAI_HMAC_PRECOMP,
2862 		},
2863 	},
2864 	{
2865 		.aead.base = {
2866 			.base = {
2867 				.cra_name = "echainiv(authenc(hmac(sha512),"
2868 					    "cbc(des3_ede)))",
2869 				.cra_driver_name = "echainiv-authenc-"
2870 						   "hmac-sha512-"
2871 						   "cbc-des3_ede-caam",
2872 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
2873 			},
2874 			.setkey = des3_aead_setkey,
2875 			.setauthsize = aead_setauthsize,
2876 			.encrypt = aead_encrypt,
2877 			.decrypt = aead_decrypt,
2878 			.ivsize = DES3_EDE_BLOCK_SIZE,
2879 			.maxauthsize = SHA512_DIGEST_SIZE,
2880 		},
2881 		.aead.op = {
2882 			.do_one_request = aead_do_one_req,
2883 		},
2884 		.caam = {
2885 			.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2886 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2887 					   OP_ALG_AAI_HMAC_PRECOMP,
2888 			.geniv = true,
2889 		},
2890 	},
2891 	{
2892 		.aead.base = {
2893 			.base = {
2894 				.cra_name = "authenc(hmac(md5),cbc(des))",
2895 				.cra_driver_name = "authenc-hmac-md5-"
2896 						   "cbc-des-caam",
2897 				.cra_blocksize = DES_BLOCK_SIZE,
2898 			},
2899 			.setkey = aead_setkey,
2900 			.setauthsize = aead_setauthsize,
2901 			.encrypt = aead_encrypt,
2902 			.decrypt = aead_decrypt,
2903 			.ivsize = DES_BLOCK_SIZE,
2904 			.maxauthsize = MD5_DIGEST_SIZE,
2905 		},
2906 		.aead.op = {
2907 			.do_one_request = aead_do_one_req,
2908 		},
2909 		.caam = {
2910 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2911 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
2912 					   OP_ALG_AAI_HMAC_PRECOMP,
2913 		},
2914 	},
2915 	{
2916 		.aead.base = {
2917 			.base = {
2918 				.cra_name = "echainiv(authenc(hmac(md5),"
2919 					    "cbc(des)))",
2920 				.cra_driver_name = "echainiv-authenc-hmac-md5-"
2921 						   "cbc-des-caam",
2922 				.cra_blocksize = DES_BLOCK_SIZE,
2923 			},
2924 			.setkey = aead_setkey,
2925 			.setauthsize = aead_setauthsize,
2926 			.encrypt = aead_encrypt,
2927 			.decrypt = aead_decrypt,
2928 			.ivsize = DES_BLOCK_SIZE,
2929 			.maxauthsize = MD5_DIGEST_SIZE,
2930 		},
2931 		.aead.op = {
2932 			.do_one_request = aead_do_one_req,
2933 		},
2934 		.caam = {
2935 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2936 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
2937 					   OP_ALG_AAI_HMAC_PRECOMP,
2938 			.geniv = true,
2939 		},
2940 	},
2941 	{
2942 		.aead.base = {
2943 			.base = {
2944 				.cra_name = "authenc(hmac(sha1),cbc(des))",
2945 				.cra_driver_name = "authenc-hmac-sha1-"
2946 						   "cbc-des-caam",
2947 				.cra_blocksize = DES_BLOCK_SIZE,
2948 			},
2949 			.setkey = aead_setkey,
2950 			.setauthsize = aead_setauthsize,
2951 			.encrypt = aead_encrypt,
2952 			.decrypt = aead_decrypt,
2953 			.ivsize = DES_BLOCK_SIZE,
2954 			.maxauthsize = SHA1_DIGEST_SIZE,
2955 		},
2956 		.aead.op = {
2957 			.do_one_request = aead_do_one_req,
2958 		},
2959 		.caam = {
2960 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2961 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2962 					   OP_ALG_AAI_HMAC_PRECOMP,
2963 		},
2964 	},
2965 	{
2966 		.aead.base = {
2967 			.base = {
2968 				.cra_name = "echainiv(authenc(hmac(sha1),"
2969 					    "cbc(des)))",
2970 				.cra_driver_name = "echainiv-authenc-"
2971 						   "hmac-sha1-cbc-des-caam",
2972 				.cra_blocksize = DES_BLOCK_SIZE,
2973 			},
2974 			.setkey = aead_setkey,
2975 			.setauthsize = aead_setauthsize,
2976 			.encrypt = aead_encrypt,
2977 			.decrypt = aead_decrypt,
2978 			.ivsize = DES_BLOCK_SIZE,
2979 			.maxauthsize = SHA1_DIGEST_SIZE,
2980 		},
2981 		.aead.op = {
2982 			.do_one_request = aead_do_one_req,
2983 		},
2984 		.caam = {
2985 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2986 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2987 					   OP_ALG_AAI_HMAC_PRECOMP,
2988 			.geniv = true,
2989 		},
2990 	},
2991 	{
2992 		.aead.base = {
2993 			.base = {
2994 				.cra_name = "authenc(hmac(sha224),cbc(des))",
2995 				.cra_driver_name = "authenc-hmac-sha224-"
2996 						   "cbc-des-caam",
2997 				.cra_blocksize = DES_BLOCK_SIZE,
2998 			},
2999 			.setkey = aead_setkey,
3000 			.setauthsize = aead_setauthsize,
3001 			.encrypt = aead_encrypt,
3002 			.decrypt = aead_decrypt,
3003 			.ivsize = DES_BLOCK_SIZE,
3004 			.maxauthsize = SHA224_DIGEST_SIZE,
3005 		},
3006 		.aead.op = {
3007 			.do_one_request = aead_do_one_req,
3008 		},
3009 		.caam = {
3010 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
3011 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
3012 					   OP_ALG_AAI_HMAC_PRECOMP,
3013 		},
3014 	},
3015 	{
3016 		.aead.base = {
3017 			.base = {
3018 				.cra_name = "echainiv(authenc(hmac(sha224),"
3019 					    "cbc(des)))",
3020 				.cra_driver_name = "echainiv-authenc-"
3021 						   "hmac-sha224-cbc-des-caam",
3022 				.cra_blocksize = DES_BLOCK_SIZE,
3023 			},
3024 			.setkey = aead_setkey,
3025 			.setauthsize = aead_setauthsize,
3026 			.encrypt = aead_encrypt,
3027 			.decrypt = aead_decrypt,
3028 			.ivsize = DES_BLOCK_SIZE,
3029 			.maxauthsize = SHA224_DIGEST_SIZE,
3030 		},
3031 		.aead.op = {
3032 			.do_one_request = aead_do_one_req,
3033 		},
3034 		.caam = {
3035 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
3036 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
3037 					   OP_ALG_AAI_HMAC_PRECOMP,
3038 			.geniv = true,
3039 		},
3040 	},
3041 	{
3042 		.aead.base = {
3043 			.base = {
3044 				.cra_name = "authenc(hmac(sha256),cbc(des))",
3045 				.cra_driver_name = "authenc-hmac-sha256-"
3046 						   "cbc-des-caam",
3047 				.cra_blocksize = DES_BLOCK_SIZE,
3048 			},
3049 			.setkey = aead_setkey,
3050 			.setauthsize = aead_setauthsize,
3051 			.encrypt = aead_encrypt,
3052 			.decrypt = aead_decrypt,
3053 			.ivsize = DES_BLOCK_SIZE,
3054 			.maxauthsize = SHA256_DIGEST_SIZE,
3055 		},
3056 		.aead.op = {
3057 			.do_one_request = aead_do_one_req,
3058 		},
3059 		.caam = {
3060 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
3061 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
3062 					   OP_ALG_AAI_HMAC_PRECOMP,
3063 		},
3064 	},
3065 	{
3066 		.aead.base = {
3067 			.base = {
3068 				.cra_name = "echainiv(authenc(hmac(sha256),"
3069 					    "cbc(des)))",
3070 				.cra_driver_name = "echainiv-authenc-"
3071 						   "hmac-sha256-cbc-des-caam",
3072 				.cra_blocksize = DES_BLOCK_SIZE,
3073 			},
3074 			.setkey = aead_setkey,
3075 			.setauthsize = aead_setauthsize,
3076 			.encrypt = aead_encrypt,
3077 			.decrypt = aead_decrypt,
3078 			.ivsize = DES_BLOCK_SIZE,
3079 			.maxauthsize = SHA256_DIGEST_SIZE,
3080 		},
3081 		.aead.op = {
3082 			.do_one_request = aead_do_one_req,
3083 		},
3084 		.caam = {
3085 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
3086 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
3087 					   OP_ALG_AAI_HMAC_PRECOMP,
3088 			.geniv = true,
3089 		},
3090 	},
3091 	{
3092 		.aead.base = {
3093 			.base = {
3094 				.cra_name = "authenc(hmac(sha384),cbc(des))",
3095 				.cra_driver_name = "authenc-hmac-sha384-"
3096 						   "cbc-des-caam",
3097 				.cra_blocksize = DES_BLOCK_SIZE,
3098 			},
3099 			.setkey = aead_setkey,
3100 			.setauthsize = aead_setauthsize,
3101 			.encrypt = aead_encrypt,
3102 			.decrypt = aead_decrypt,
3103 			.ivsize = DES_BLOCK_SIZE,
3104 			.maxauthsize = SHA384_DIGEST_SIZE,
3105 		},
3106 		.aead.op = {
3107 			.do_one_request = aead_do_one_req,
3108 		},
3109 		.caam = {
3110 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
3111 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
3112 					   OP_ALG_AAI_HMAC_PRECOMP,
3113 		},
3114 	},
3115 	{
3116 		.aead.base = {
3117 			.base = {
3118 				.cra_name = "echainiv(authenc(hmac(sha384),"
3119 					    "cbc(des)))",
3120 				.cra_driver_name = "echainiv-authenc-"
3121 						   "hmac-sha384-cbc-des-caam",
3122 				.cra_blocksize = DES_BLOCK_SIZE,
3123 			},
3124 			.setkey = aead_setkey,
3125 			.setauthsize = aead_setauthsize,
3126 			.encrypt = aead_encrypt,
3127 			.decrypt = aead_decrypt,
3128 			.ivsize = DES_BLOCK_SIZE,
3129 			.maxauthsize = SHA384_DIGEST_SIZE,
3130 		},
3131 		.aead.op = {
3132 			.do_one_request = aead_do_one_req,
3133 		},
3134 		.caam = {
3135 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
3136 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
3137 					   OP_ALG_AAI_HMAC_PRECOMP,
3138 			.geniv = true,
3139 		},
3140 	},
3141 	{
3142 		.aead.base = {
3143 			.base = {
3144 				.cra_name = "authenc(hmac(sha512),cbc(des))",
3145 				.cra_driver_name = "authenc-hmac-sha512-"
3146 						   "cbc-des-caam",
3147 				.cra_blocksize = DES_BLOCK_SIZE,
3148 			},
3149 			.setkey = aead_setkey,
3150 			.setauthsize = aead_setauthsize,
3151 			.encrypt = aead_encrypt,
3152 			.decrypt = aead_decrypt,
3153 			.ivsize = DES_BLOCK_SIZE,
3154 			.maxauthsize = SHA512_DIGEST_SIZE,
3155 		},
3156 		.aead.op = {
3157 			.do_one_request = aead_do_one_req,
3158 		},
3159 		.caam = {
3160 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
3161 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
3162 					   OP_ALG_AAI_HMAC_PRECOMP,
3163 		},
3164 	},
3165 	{
3166 		.aead.base = {
3167 			.base = {
3168 				.cra_name = "echainiv(authenc(hmac(sha512),"
3169 					    "cbc(des)))",
3170 				.cra_driver_name = "echainiv-authenc-"
3171 						   "hmac-sha512-cbc-des-caam",
3172 				.cra_blocksize = DES_BLOCK_SIZE,
3173 			},
3174 			.setkey = aead_setkey,
3175 			.setauthsize = aead_setauthsize,
3176 			.encrypt = aead_encrypt,
3177 			.decrypt = aead_decrypt,
3178 			.ivsize = DES_BLOCK_SIZE,
3179 			.maxauthsize = SHA512_DIGEST_SIZE,
3180 		},
3181 		.aead.op = {
3182 			.do_one_request = aead_do_one_req,
3183 		},
3184 		.caam = {
3185 			.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
3186 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
3187 					   OP_ALG_AAI_HMAC_PRECOMP,
3188 			.geniv = true,
3189 		},
3190 	},
3191 	{
3192 		.aead.base = {
3193 			.base = {
3194 				.cra_name = "authenc(hmac(md5),"
3195 					    "rfc3686(ctr(aes)))",
3196 				.cra_driver_name = "authenc-hmac-md5-"
3197 						   "rfc3686-ctr-aes-caam",
3198 				.cra_blocksize = 1,
3199 			},
3200 			.setkey = aead_setkey,
3201 			.setauthsize = aead_setauthsize,
3202 			.encrypt = aead_encrypt,
3203 			.decrypt = aead_decrypt,
3204 			.ivsize = CTR_RFC3686_IV_SIZE,
3205 			.maxauthsize = MD5_DIGEST_SIZE,
3206 		},
3207 		.aead.op = {
3208 			.do_one_request = aead_do_one_req,
3209 		},
3210 		.caam = {
3211 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3212 					   OP_ALG_AAI_CTR_MOD128,
3213 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
3214 					   OP_ALG_AAI_HMAC_PRECOMP,
3215 			.rfc3686 = true,
3216 		},
3217 	},
3218 	{
3219 		.aead.base = {
3220 			.base = {
3221 				.cra_name = "seqiv(authenc("
3222 					    "hmac(md5),rfc3686(ctr(aes))))",
3223 				.cra_driver_name = "seqiv-authenc-hmac-md5-"
3224 						   "rfc3686-ctr-aes-caam",
3225 				.cra_blocksize = 1,
3226 			},
3227 			.setkey = aead_setkey,
3228 			.setauthsize = aead_setauthsize,
3229 			.encrypt = aead_encrypt,
3230 			.decrypt = aead_decrypt,
3231 			.ivsize = CTR_RFC3686_IV_SIZE,
3232 			.maxauthsize = MD5_DIGEST_SIZE,
3233 		},
3234 		.aead.op = {
3235 			.do_one_request = aead_do_one_req,
3236 		},
3237 		.caam = {
3238 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3239 					   OP_ALG_AAI_CTR_MOD128,
3240 			.class2_alg_type = OP_ALG_ALGSEL_MD5 |
3241 					   OP_ALG_AAI_HMAC_PRECOMP,
3242 			.rfc3686 = true,
3243 			.geniv = true,
3244 		},
3245 	},
3246 	{
3247 		.aead.base = {
3248 			.base = {
3249 				.cra_name = "authenc(hmac(sha1),"
3250 					    "rfc3686(ctr(aes)))",
3251 				.cra_driver_name = "authenc-hmac-sha1-"
3252 						   "rfc3686-ctr-aes-caam",
3253 				.cra_blocksize = 1,
3254 			},
3255 			.setkey = aead_setkey,
3256 			.setauthsize = aead_setauthsize,
3257 			.encrypt = aead_encrypt,
3258 			.decrypt = aead_decrypt,
3259 			.ivsize = CTR_RFC3686_IV_SIZE,
3260 			.maxauthsize = SHA1_DIGEST_SIZE,
3261 		},
3262 		.aead.op = {
3263 			.do_one_request = aead_do_one_req,
3264 		},
3265 		.caam = {
3266 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3267 					   OP_ALG_AAI_CTR_MOD128,
3268 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
3269 					   OP_ALG_AAI_HMAC_PRECOMP,
3270 			.rfc3686 = true,
3271 		},
3272 	},
3273 	{
3274 		.aead.base = {
3275 			.base = {
3276 				.cra_name = "seqiv(authenc("
3277 					    "hmac(sha1),rfc3686(ctr(aes))))",
3278 				.cra_driver_name = "seqiv-authenc-hmac-sha1-"
3279 						   "rfc3686-ctr-aes-caam",
3280 				.cra_blocksize = 1,
3281 			},
3282 			.setkey = aead_setkey,
3283 			.setauthsize = aead_setauthsize,
3284 			.encrypt = aead_encrypt,
3285 			.decrypt = aead_decrypt,
3286 			.ivsize = CTR_RFC3686_IV_SIZE,
3287 			.maxauthsize = SHA1_DIGEST_SIZE,
3288 		},
3289 		.aead.op = {
3290 			.do_one_request = aead_do_one_req,
3291 		},
3292 		.caam = {
3293 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3294 					   OP_ALG_AAI_CTR_MOD128,
3295 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
3296 					   OP_ALG_AAI_HMAC_PRECOMP,
3297 			.rfc3686 = true,
3298 			.geniv = true,
3299 		},
3300 	},
3301 	{
3302 		.aead.base = {
3303 			.base = {
3304 				.cra_name = "authenc(hmac(sha224),"
3305 					    "rfc3686(ctr(aes)))",
3306 				.cra_driver_name = "authenc-hmac-sha224-"
3307 						   "rfc3686-ctr-aes-caam",
3308 				.cra_blocksize = 1,
3309 			},
3310 			.setkey = aead_setkey,
3311 			.setauthsize = aead_setauthsize,
3312 			.encrypt = aead_encrypt,
3313 			.decrypt = aead_decrypt,
3314 			.ivsize = CTR_RFC3686_IV_SIZE,
3315 			.maxauthsize = SHA224_DIGEST_SIZE,
3316 		},
3317 		.aead.op = {
3318 			.do_one_request = aead_do_one_req,
3319 		},
3320 		.caam = {
3321 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3322 					   OP_ALG_AAI_CTR_MOD128,
3323 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
3324 					   OP_ALG_AAI_HMAC_PRECOMP,
3325 			.rfc3686 = true,
3326 		},
3327 	},
3328 	{
3329 		.aead.base = {
3330 			.base = {
3331 				.cra_name = "seqiv(authenc("
3332 					    "hmac(sha224),rfc3686(ctr(aes))))",
3333 				.cra_driver_name = "seqiv-authenc-hmac-sha224-"
3334 						   "rfc3686-ctr-aes-caam",
3335 				.cra_blocksize = 1,
3336 			},
3337 			.setkey = aead_setkey,
3338 			.setauthsize = aead_setauthsize,
3339 			.encrypt = aead_encrypt,
3340 			.decrypt = aead_decrypt,
3341 			.ivsize = CTR_RFC3686_IV_SIZE,
3342 			.maxauthsize = SHA224_DIGEST_SIZE,
3343 		},
3344 		.aead.op = {
3345 			.do_one_request = aead_do_one_req,
3346 		},
3347 		.caam = {
3348 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3349 					   OP_ALG_AAI_CTR_MOD128,
3350 			.class2_alg_type = OP_ALG_ALGSEL_SHA224 |
3351 					   OP_ALG_AAI_HMAC_PRECOMP,
3352 			.rfc3686 = true,
3353 			.geniv = true,
3354 		},
3355 	},
3356 	{
3357 		.aead.base = {
3358 			.base = {
3359 				.cra_name = "authenc(hmac(sha256),"
3360 					    "rfc3686(ctr(aes)))",
3361 				.cra_driver_name = "authenc-hmac-sha256-"
3362 						   "rfc3686-ctr-aes-caam",
3363 				.cra_blocksize = 1,
3364 			},
3365 			.setkey = aead_setkey,
3366 			.setauthsize = aead_setauthsize,
3367 			.encrypt = aead_encrypt,
3368 			.decrypt = aead_decrypt,
3369 			.ivsize = CTR_RFC3686_IV_SIZE,
3370 			.maxauthsize = SHA256_DIGEST_SIZE,
3371 		},
3372 		.aead.op = {
3373 			.do_one_request = aead_do_one_req,
3374 		},
3375 		.caam = {
3376 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3377 					   OP_ALG_AAI_CTR_MOD128,
3378 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
3379 					   OP_ALG_AAI_HMAC_PRECOMP,
3380 			.rfc3686 = true,
3381 		},
3382 	},
3383 	{
3384 		.aead.base = {
3385 			.base = {
3386 				.cra_name = "seqiv(authenc(hmac(sha256),"
3387 					    "rfc3686(ctr(aes))))",
3388 				.cra_driver_name = "seqiv-authenc-hmac-sha256-"
3389 						   "rfc3686-ctr-aes-caam",
3390 				.cra_blocksize = 1,
3391 			},
3392 			.setkey = aead_setkey,
3393 			.setauthsize = aead_setauthsize,
3394 			.encrypt = aead_encrypt,
3395 			.decrypt = aead_decrypt,
3396 			.ivsize = CTR_RFC3686_IV_SIZE,
3397 			.maxauthsize = SHA256_DIGEST_SIZE,
3398 		},
3399 		.aead.op = {
3400 			.do_one_request = aead_do_one_req,
3401 		},
3402 		.caam = {
3403 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3404 					   OP_ALG_AAI_CTR_MOD128,
3405 			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
3406 					   OP_ALG_AAI_HMAC_PRECOMP,
3407 			.rfc3686 = true,
3408 			.geniv = true,
3409 		},
3410 	},
3411 	{
3412 		.aead.base = {
3413 			.base = {
3414 				.cra_name = "authenc(hmac(sha384),"
3415 					    "rfc3686(ctr(aes)))",
3416 				.cra_driver_name = "authenc-hmac-sha384-"
3417 						   "rfc3686-ctr-aes-caam",
3418 				.cra_blocksize = 1,
3419 			},
3420 			.setkey = aead_setkey,
3421 			.setauthsize = aead_setauthsize,
3422 			.encrypt = aead_encrypt,
3423 			.decrypt = aead_decrypt,
3424 			.ivsize = CTR_RFC3686_IV_SIZE,
3425 			.maxauthsize = SHA384_DIGEST_SIZE,
3426 		},
3427 		.aead.op = {
3428 			.do_one_request = aead_do_one_req,
3429 		},
3430 		.caam = {
3431 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3432 					   OP_ALG_AAI_CTR_MOD128,
3433 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
3434 					   OP_ALG_AAI_HMAC_PRECOMP,
3435 			.rfc3686 = true,
3436 		},
3437 	},
3438 	{
3439 		.aead.base = {
3440 			.base = {
3441 				.cra_name = "seqiv(authenc(hmac(sha384),"
3442 					    "rfc3686(ctr(aes))))",
3443 				.cra_driver_name = "seqiv-authenc-hmac-sha384-"
3444 						   "rfc3686-ctr-aes-caam",
3445 				.cra_blocksize = 1,
3446 			},
3447 			.setkey = aead_setkey,
3448 			.setauthsize = aead_setauthsize,
3449 			.encrypt = aead_encrypt,
3450 			.decrypt = aead_decrypt,
3451 			.ivsize = CTR_RFC3686_IV_SIZE,
3452 			.maxauthsize = SHA384_DIGEST_SIZE,
3453 		},
3454 		.aead.op = {
3455 			.do_one_request = aead_do_one_req,
3456 		},
3457 		.caam = {
3458 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3459 					   OP_ALG_AAI_CTR_MOD128,
3460 			.class2_alg_type = OP_ALG_ALGSEL_SHA384 |
3461 					   OP_ALG_AAI_HMAC_PRECOMP,
3462 			.rfc3686 = true,
3463 			.geniv = true,
3464 		},
3465 	},
3466 	{
3467 		.aead.base = {
3468 			.base = {
3469 				.cra_name = "authenc(hmac(sha512),"
3470 					    "rfc3686(ctr(aes)))",
3471 				.cra_driver_name = "authenc-hmac-sha512-"
3472 						   "rfc3686-ctr-aes-caam",
3473 				.cra_blocksize = 1,
3474 			},
3475 			.setkey = aead_setkey,
3476 			.setauthsize = aead_setauthsize,
3477 			.encrypt = aead_encrypt,
3478 			.decrypt = aead_decrypt,
3479 			.ivsize = CTR_RFC3686_IV_SIZE,
3480 			.maxauthsize = SHA512_DIGEST_SIZE,
3481 		},
3482 		.aead.op = {
3483 			.do_one_request = aead_do_one_req,
3484 		},
3485 		.caam = {
3486 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3487 					   OP_ALG_AAI_CTR_MOD128,
3488 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
3489 					   OP_ALG_AAI_HMAC_PRECOMP,
3490 			.rfc3686 = true,
3491 		},
3492 	},
3493 	{
3494 		.aead.base = {
3495 			.base = {
3496 				.cra_name = "seqiv(authenc(hmac(sha512),"
3497 					    "rfc3686(ctr(aes))))",
3498 				.cra_driver_name = "seqiv-authenc-hmac-sha512-"
3499 						   "rfc3686-ctr-aes-caam",
3500 				.cra_blocksize = 1,
3501 			},
3502 			.setkey = aead_setkey,
3503 			.setauthsize = aead_setauthsize,
3504 			.encrypt = aead_encrypt,
3505 			.decrypt = aead_decrypt,
3506 			.ivsize = CTR_RFC3686_IV_SIZE,
3507 			.maxauthsize = SHA512_DIGEST_SIZE,
3508 		},
3509 		.aead.op = {
3510 			.do_one_request = aead_do_one_req,
3511 		},
3512 		.caam = {
3513 			.class1_alg_type = OP_ALG_ALGSEL_AES |
3514 					   OP_ALG_AAI_CTR_MOD128,
3515 			.class2_alg_type = OP_ALG_ALGSEL_SHA512 |
3516 					   OP_ALG_AAI_HMAC_PRECOMP,
3517 			.rfc3686 = true,
3518 			.geniv = true,
3519 		},
3520 	},
3521 	{
3522 		.aead.base = {
3523 			.base = {
3524 				.cra_name = "rfc7539(chacha20,poly1305)",
3525 				.cra_driver_name = "rfc7539-chacha20-poly1305-"
3526 						   "caam",
3527 				.cra_blocksize = 1,
3528 			},
3529 			.setkey = chachapoly_setkey,
3530 			.setauthsize = chachapoly_setauthsize,
3531 			.encrypt = chachapoly_encrypt,
3532 			.decrypt = chachapoly_decrypt,
3533 			.ivsize = CHACHAPOLY_IV_SIZE,
3534 			.maxauthsize = POLY1305_DIGEST_SIZE,
3535 		},
3536 		.aead.op = {
3537 			.do_one_request = aead_do_one_req,
3538 		},
3539 		.caam = {
3540 			.class1_alg_type = OP_ALG_ALGSEL_CHACHA20 |
3541 					   OP_ALG_AAI_AEAD,
3542 			.class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
3543 					   OP_ALG_AAI_AEAD,
3544 			.nodkp = true,
3545 		},
3546 	},
3547 	{
3548 		.aead.base = {
3549 			.base = {
3550 				.cra_name = "rfc7539esp(chacha20,poly1305)",
3551 				.cra_driver_name = "rfc7539esp-chacha20-"
3552 						   "poly1305-caam",
3553 				.cra_blocksize = 1,
3554 			},
3555 			.setkey = chachapoly_setkey,
3556 			.setauthsize = chachapoly_setauthsize,
3557 			.encrypt = chachapoly_encrypt,
3558 			.decrypt = chachapoly_decrypt,
3559 			.ivsize = 8,
3560 			.maxauthsize = POLY1305_DIGEST_SIZE,
3561 		},
3562 		.aead.op = {
3563 			.do_one_request = aead_do_one_req,
3564 		},
3565 		.caam = {
3566 			.class1_alg_type = OP_ALG_ALGSEL_CHACHA20 |
3567 					   OP_ALG_AAI_AEAD,
3568 			.class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
3569 					   OP_ALG_AAI_AEAD,
3570 			.nodkp = true,
3571 		},
3572 	},
3573 };
3574 
3575 static int caam_init_common(struct caam_ctx *ctx, struct caam_alg_entry *caam,
3576 			    bool uses_dkp)
3577 {
3578 	dma_addr_t dma_addr;
3579 	struct caam_drv_private *priv;
3580 	const size_t sh_desc_enc_offset = offsetof(struct caam_ctx,
3581 						   sh_desc_enc);
3582 
3583 	ctx->jrdev = caam_jr_alloc();
3584 	if (IS_ERR(ctx->jrdev)) {
3585 		pr_err("Job Ring Device allocation for transform failed\n");
3586 		return PTR_ERR(ctx->jrdev);
3587 	}
3588 
3589 	priv = dev_get_drvdata(ctx->jrdev->parent);
3590 	if (priv->era >= 6 && uses_dkp)
3591 		ctx->dir = DMA_BIDIRECTIONAL;
3592 	else
3593 		ctx->dir = DMA_TO_DEVICE;
3594 
3595 	dma_addr = dma_map_single_attrs(ctx->jrdev, ctx->sh_desc_enc,
3596 					offsetof(struct caam_ctx,
3597 						 sh_desc_enc_dma) -
3598 					sh_desc_enc_offset,
3599 					ctx->dir, DMA_ATTR_SKIP_CPU_SYNC);
3600 	if (dma_mapping_error(ctx->jrdev, dma_addr)) {
3601 		dev_err(ctx->jrdev, "unable to map key, shared descriptors\n");
3602 		caam_jr_free(ctx->jrdev);
3603 		return -ENOMEM;
3604 	}
3605 
3606 	ctx->sh_desc_enc_dma = dma_addr;
3607 	ctx->sh_desc_dec_dma = dma_addr + offsetof(struct caam_ctx,
3608 						   sh_desc_dec) -
3609 					sh_desc_enc_offset;
3610 	ctx->key_dma = dma_addr + offsetof(struct caam_ctx, key) -
3611 					sh_desc_enc_offset;
3612 
3613 	/* copy descriptor header template value */
3614 	ctx->cdata.algtype = OP_TYPE_CLASS1_ALG | caam->class1_alg_type;
3615 	ctx->adata.algtype = OP_TYPE_CLASS2_ALG | caam->class2_alg_type;
3616 
3617 	return 0;
3618 }
3619 
3620 static int caam_cra_init(struct crypto_skcipher *tfm)
3621 {
3622 	struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
3623 	struct caam_skcipher_alg *caam_alg =
3624 		container_of(alg, typeof(*caam_alg), skcipher.base);
3625 	struct caam_ctx *ctx = crypto_skcipher_ctx_dma(tfm);
3626 	u32 alg_aai = caam_alg->caam.class1_alg_type & OP_ALG_AAI_MASK;
3627 	int ret = 0;
3628 
3629 	if (alg_aai == OP_ALG_AAI_XTS) {
3630 		const char *tfm_name = crypto_tfm_alg_name(&tfm->base);
3631 		struct crypto_skcipher *fallback;
3632 
3633 		fallback = crypto_alloc_skcipher(tfm_name, 0,
3634 						 CRYPTO_ALG_NEED_FALLBACK);
3635 		if (IS_ERR(fallback)) {
3636 			pr_err("Failed to allocate %s fallback: %ld\n",
3637 			       tfm_name, PTR_ERR(fallback));
3638 			return PTR_ERR(fallback);
3639 		}
3640 
3641 		ctx->fallback = fallback;
3642 		crypto_skcipher_set_reqsize(tfm, sizeof(struct caam_skcipher_req_ctx) +
3643 					    crypto_skcipher_reqsize(fallback));
3644 	} else {
3645 		crypto_skcipher_set_reqsize(tfm, sizeof(struct caam_skcipher_req_ctx));
3646 	}
3647 
3648 	ret = caam_init_common(ctx, &caam_alg->caam, false);
3649 	if (ret && ctx->fallback)
3650 		crypto_free_skcipher(ctx->fallback);
3651 
3652 	return ret;
3653 }
3654 
3655 static int caam_aead_init(struct crypto_aead *tfm)
3656 {
3657 	struct aead_alg *alg = crypto_aead_alg(tfm);
3658 	struct caam_aead_alg *caam_alg =
3659 		 container_of(alg, struct caam_aead_alg, aead.base);
3660 	struct caam_ctx *ctx = crypto_aead_ctx_dma(tfm);
3661 
3662 	crypto_aead_set_reqsize(tfm, sizeof(struct caam_aead_req_ctx));
3663 
3664 	return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp);
3665 }
3666 
3667 static void caam_exit_common(struct caam_ctx *ctx)
3668 {
3669 	dma_unmap_single_attrs(ctx->jrdev, ctx->sh_desc_enc_dma,
3670 			       offsetof(struct caam_ctx, sh_desc_enc_dma) -
3671 			       offsetof(struct caam_ctx, sh_desc_enc),
3672 			       ctx->dir, DMA_ATTR_SKIP_CPU_SYNC);
3673 	caam_jr_free(ctx->jrdev);
3674 }
3675 
3676 static void caam_cra_exit(struct crypto_skcipher *tfm)
3677 {
3678 	struct caam_ctx *ctx = crypto_skcipher_ctx_dma(tfm);
3679 
3680 	if (ctx->fallback)
3681 		crypto_free_skcipher(ctx->fallback);
3682 	caam_exit_common(ctx);
3683 }
3684 
3685 static void caam_aead_exit(struct crypto_aead *tfm)
3686 {
3687 	caam_exit_common(crypto_aead_ctx_dma(tfm));
3688 }
3689 
3690 void caam_algapi_exit(void)
3691 {
3692 	int i;
3693 
3694 	for (i = 0; i < ARRAY_SIZE(driver_aeads); i++) {
3695 		struct caam_aead_alg *t_alg = driver_aeads + i;
3696 
3697 		if (t_alg->registered)
3698 			crypto_engine_unregister_aead(&t_alg->aead);
3699 	}
3700 
3701 	for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
3702 		struct caam_skcipher_alg *t_alg = driver_algs + i;
3703 
3704 		if (t_alg->registered)
3705 			crypto_engine_unregister_skcipher(&t_alg->skcipher);
3706 	}
3707 }
3708 
3709 static void caam_skcipher_alg_init(struct caam_skcipher_alg *t_alg)
3710 {
3711 	struct skcipher_alg *alg = &t_alg->skcipher.base;
3712 
3713 	alg->base.cra_module = THIS_MODULE;
3714 	alg->base.cra_priority = CAAM_CRA_PRIORITY;
3715 	alg->base.cra_ctxsize = sizeof(struct caam_ctx) + crypto_dma_padding();
3716 	alg->base.cra_flags |= (CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY |
3717 			      CRYPTO_ALG_KERN_DRIVER_ONLY);
3718 
3719 	alg->init = caam_cra_init;
3720 	alg->exit = caam_cra_exit;
3721 }
3722 
3723 static void caam_aead_alg_init(struct caam_aead_alg *t_alg)
3724 {
3725 	struct aead_alg *alg = &t_alg->aead.base;
3726 
3727 	alg->base.cra_module = THIS_MODULE;
3728 	alg->base.cra_priority = CAAM_CRA_PRIORITY;
3729 	alg->base.cra_ctxsize = sizeof(struct caam_ctx) + crypto_dma_padding();
3730 	alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY |
3731 			      CRYPTO_ALG_KERN_DRIVER_ONLY;
3732 
3733 	alg->init = caam_aead_init;
3734 	alg->exit = caam_aead_exit;
3735 }
3736 
3737 int caam_algapi_init(struct device *ctrldev)
3738 {
3739 	struct caam_drv_private *priv = dev_get_drvdata(ctrldev);
3740 	int i = 0, err = 0;
3741 	u32 aes_vid, aes_inst, des_inst, md_vid, md_inst, ccha_inst, ptha_inst;
3742 	unsigned int md_limit = SHA512_DIGEST_SIZE;
3743 	bool registered = false, gcm_support;
3744 
3745 	/*
3746 	 * Register crypto algorithms the device supports.
3747 	 * First, detect presence and attributes of DES, AES, and MD blocks.
3748 	 */
3749 	if (priv->era < 10) {
3750 		struct caam_perfmon __iomem *perfmon = &priv->jr[0]->perfmon;
3751 		u32 cha_vid, cha_inst, aes_rn;
3752 
3753 		cha_vid = rd_reg32(&perfmon->cha_id_ls);
3754 		aes_vid = cha_vid & CHA_ID_LS_AES_MASK;
3755 		md_vid = (cha_vid & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT;
3756 
3757 		cha_inst = rd_reg32(&perfmon->cha_num_ls);
3758 		des_inst = (cha_inst & CHA_ID_LS_DES_MASK) >>
3759 			   CHA_ID_LS_DES_SHIFT;
3760 		aes_inst = cha_inst & CHA_ID_LS_AES_MASK;
3761 		md_inst = (cha_inst & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT;
3762 		ccha_inst = 0;
3763 		ptha_inst = 0;
3764 
3765 		aes_rn = rd_reg32(&perfmon->cha_rev_ls) & CHA_ID_LS_AES_MASK;
3766 		gcm_support = !(aes_vid == CHA_VER_VID_AES_LP && aes_rn < 8);
3767 	} else {
3768 		struct version_regs __iomem *vreg = &priv->jr[0]->vreg;
3769 		u32 aesa, mdha;
3770 
3771 		aesa = rd_reg32(&vreg->aesa);
3772 		mdha = rd_reg32(&vreg->mdha);
3773 
3774 		aes_vid = (aesa & CHA_VER_VID_MASK) >> CHA_VER_VID_SHIFT;
3775 		md_vid = (mdha & CHA_VER_VID_MASK) >> CHA_VER_VID_SHIFT;
3776 
3777 		des_inst = rd_reg32(&vreg->desa) & CHA_VER_NUM_MASK;
3778 		aes_inst = aesa & CHA_VER_NUM_MASK;
3779 		md_inst = mdha & CHA_VER_NUM_MASK;
3780 		ccha_inst = rd_reg32(&vreg->ccha) & CHA_VER_NUM_MASK;
3781 		ptha_inst = rd_reg32(&vreg->ptha) & CHA_VER_NUM_MASK;
3782 
3783 		gcm_support = aesa & CHA_VER_MISC_AES_GCM;
3784 	}
3785 
3786 	/* If MD is present, limit digest size based on LP256 */
3787 	if (md_inst && md_vid  == CHA_VER_VID_MD_LP256)
3788 		md_limit = SHA256_DIGEST_SIZE;
3789 
3790 	for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
3791 		struct caam_skcipher_alg *t_alg = driver_algs + i;
3792 		u32 alg_sel = t_alg->caam.class1_alg_type & OP_ALG_ALGSEL_MASK;
3793 
3794 		/* Skip DES algorithms if not supported by device */
3795 		if (!des_inst &&
3796 		    ((alg_sel == OP_ALG_ALGSEL_3DES) ||
3797 		     (alg_sel == OP_ALG_ALGSEL_DES)))
3798 				continue;
3799 
3800 		/* Skip AES algorithms if not supported by device */
3801 		if (!aes_inst && (alg_sel == OP_ALG_ALGSEL_AES))
3802 				continue;
3803 
3804 		/*
3805 		 * Check support for AES modes not available
3806 		 * on LP devices.
3807 		 */
3808 		if (aes_vid == CHA_VER_VID_AES_LP &&
3809 		    (t_alg->caam.class1_alg_type & OP_ALG_AAI_MASK) ==
3810 		    OP_ALG_AAI_XTS)
3811 			continue;
3812 
3813 		caam_skcipher_alg_init(t_alg);
3814 
3815 		err = crypto_engine_register_skcipher(&t_alg->skcipher);
3816 		if (err) {
3817 			pr_warn("%s alg registration failed\n",
3818 				t_alg->skcipher.base.base.cra_driver_name);
3819 			continue;
3820 		}
3821 
3822 		t_alg->registered = true;
3823 		registered = true;
3824 	}
3825 
3826 	for (i = 0; i < ARRAY_SIZE(driver_aeads); i++) {
3827 		struct caam_aead_alg *t_alg = driver_aeads + i;
3828 		u32 c1_alg_sel = t_alg->caam.class1_alg_type &
3829 				 OP_ALG_ALGSEL_MASK;
3830 		u32 c2_alg_sel = t_alg->caam.class2_alg_type &
3831 				 OP_ALG_ALGSEL_MASK;
3832 		u32 alg_aai = t_alg->caam.class1_alg_type & OP_ALG_AAI_MASK;
3833 
3834 		/* Skip DES algorithms if not supported by device */
3835 		if (!des_inst &&
3836 		    ((c1_alg_sel == OP_ALG_ALGSEL_3DES) ||
3837 		     (c1_alg_sel == OP_ALG_ALGSEL_DES)))
3838 				continue;
3839 
3840 		/* Skip AES algorithms if not supported by device */
3841 		if (!aes_inst && (c1_alg_sel == OP_ALG_ALGSEL_AES))
3842 				continue;
3843 
3844 		/* Skip CHACHA20 algorithms if not supported by device */
3845 		if (c1_alg_sel == OP_ALG_ALGSEL_CHACHA20 && !ccha_inst)
3846 			continue;
3847 
3848 		/* Skip POLY1305 algorithms if not supported by device */
3849 		if (c2_alg_sel == OP_ALG_ALGSEL_POLY1305 && !ptha_inst)
3850 			continue;
3851 
3852 		/* Skip GCM algorithms if not supported by device */
3853 		if (c1_alg_sel == OP_ALG_ALGSEL_AES &&
3854 		    alg_aai == OP_ALG_AAI_GCM && !gcm_support)
3855 			continue;
3856 
3857 		/*
3858 		 * Skip algorithms requiring message digests
3859 		 * if MD or MD size is not supported by device.
3860 		 */
3861 		if (is_mdha(c2_alg_sel) &&
3862 		    (!md_inst || t_alg->aead.base.maxauthsize > md_limit))
3863 			continue;
3864 
3865 		caam_aead_alg_init(t_alg);
3866 
3867 		err = crypto_engine_register_aead(&t_alg->aead);
3868 		if (err) {
3869 			pr_warn("%s alg registration failed\n",
3870 				t_alg->aead.base.base.cra_driver_name);
3871 			continue;
3872 		}
3873 
3874 		t_alg->registered = true;
3875 		registered = true;
3876 	}
3877 
3878 	if (registered)
3879 		pr_info("caam algorithms registered in /proc/crypto\n");
3880 
3881 	return err;
3882 }
3883