1 // SPDX-License-Identifier: GPL-2.0-only 2 // SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 /* 4 * Crypto driver to handle block cipher algorithms using NVIDIA Security Engine. 5 */ 6 7 #include <linux/bottom_half.h> 8 #include <linux/clk.h> 9 #include <linux/dma-mapping.h> 10 #include <linux/module.h> 11 #include <linux/of_device.h> 12 #include <linux/platform_device.h> 13 14 #include <crypto/aead.h> 15 #include <crypto/aes.h> 16 #include <crypto/engine.h> 17 #include <crypto/gcm.h> 18 #include <crypto/scatterwalk.h> 19 #include <crypto/xts.h> 20 #include <crypto/internal/aead.h> 21 #include <crypto/internal/hash.h> 22 #include <crypto/internal/skcipher.h> 23 24 #include "tegra-se.h" 25 26 struct tegra_aes_ctx { 27 struct tegra_se *se; 28 u32 alg; 29 u32 ivsize; 30 u32 key1_id; 31 u32 key2_id; 32 u32 keylen; 33 u8 key1[AES_MAX_KEY_SIZE]; 34 u8 key2[AES_MAX_KEY_SIZE]; 35 }; 36 37 struct tegra_aes_reqctx { 38 struct tegra_se_datbuf datbuf; 39 bool encrypt; 40 u32 config; 41 u32 crypto_config; 42 u32 len; 43 u32 *iv; 44 }; 45 46 struct tegra_aead_ctx { 47 struct tegra_se *se; 48 unsigned int authsize; 49 u32 alg; 50 u32 key_id; 51 u32 keylen; 52 u8 key[AES_MAX_KEY_SIZE]; 53 }; 54 55 struct tegra_aead_reqctx { 56 struct tegra_se_datbuf inbuf; 57 struct tegra_se_datbuf outbuf; 58 struct scatterlist *src_sg; 59 struct scatterlist *dst_sg; 60 unsigned int assoclen; 61 unsigned int cryptlen; 62 unsigned int authsize; 63 bool encrypt; 64 u32 crypto_config; 65 u32 config; 66 u32 key_id; 67 u32 iv[4]; 68 u8 authdata[16]; 69 }; 70 71 struct tegra_cmac_ctx { 72 struct tegra_se *se; 73 unsigned int alg; 74 u32 key_id; 75 u32 keylen; 76 u8 key[AES_MAX_KEY_SIZE]; 77 struct crypto_shash *fallback_tfm; 78 }; 79 80 struct tegra_cmac_reqctx { 81 struct scatterlist *src_sg; 82 struct tegra_se_datbuf datbuf; 83 struct tegra_se_datbuf residue; 84 unsigned int total_len; 85 unsigned int blk_size; 86 unsigned int task; 87 u32 crypto_config; 88 u32 config; 89 u32 key_id; 90 u32 *iv; 91 u32 result[CMAC_RESULT_REG_COUNT]; 92 }; 93 94 /* increment counter (128-bit int) */ 95 static void ctr_iv_inc(__u8 *counter, __u8 bits, __u32 nums) 96 { 97 do { 98 --bits; 99 nums += counter[bits]; 100 counter[bits] = nums & 0xff; 101 nums >>= 8; 102 } while (bits && nums); 103 } 104 105 static void tegra_cbc_iv_copyback(struct skcipher_request *req, struct tegra_aes_ctx *ctx) 106 { 107 struct tegra_aes_reqctx *rctx = skcipher_request_ctx(req); 108 unsigned int offset; 109 110 offset = req->cryptlen - ctx->ivsize; 111 112 if (rctx->encrypt) 113 memcpy(req->iv, rctx->datbuf.buf + offset, ctx->ivsize); 114 else 115 scatterwalk_map_and_copy(req->iv, req->src, offset, ctx->ivsize, 0); 116 } 117 118 static void tegra_aes_update_iv(struct skcipher_request *req, struct tegra_aes_ctx *ctx) 119 { 120 int num; 121 122 if (ctx->alg == SE_ALG_CBC) { 123 tegra_cbc_iv_copyback(req, ctx); 124 } else if (ctx->alg == SE_ALG_CTR) { 125 num = req->cryptlen / ctx->ivsize; 126 if (req->cryptlen % ctx->ivsize) 127 num++; 128 129 ctr_iv_inc(req->iv, ctx->ivsize, num); 130 } 131 } 132 133 static int tegra234_aes_crypto_cfg(u32 alg, bool encrypt) 134 { 135 switch (alg) { 136 case SE_ALG_CMAC: 137 case SE_ALG_GMAC: 138 case SE_ALG_GCM: 139 case SE_ALG_GCM_FINAL: 140 return 0; 141 case SE_ALG_CBC: 142 if (encrypt) 143 return SE_CRYPTO_CFG_CBC_ENCRYPT; 144 else 145 return SE_CRYPTO_CFG_CBC_DECRYPT; 146 case SE_ALG_ECB: 147 if (encrypt) 148 return SE_CRYPTO_CFG_ECB_ENCRYPT; 149 else 150 return SE_CRYPTO_CFG_ECB_DECRYPT; 151 case SE_ALG_XTS: 152 if (encrypt) 153 return SE_CRYPTO_CFG_XTS_ENCRYPT; 154 else 155 return SE_CRYPTO_CFG_XTS_DECRYPT; 156 157 case SE_ALG_CTR: 158 return SE_CRYPTO_CFG_CTR; 159 case SE_ALG_CBC_MAC: 160 return SE_CRYPTO_CFG_CBC_MAC; 161 162 default: 163 break; 164 } 165 166 return -EINVAL; 167 } 168 169 static int tegra234_aes_cfg(u32 alg, bool encrypt) 170 { 171 switch (alg) { 172 case SE_ALG_CBC: 173 case SE_ALG_ECB: 174 case SE_ALG_XTS: 175 case SE_ALG_CTR: 176 if (encrypt) 177 return SE_CFG_AES_ENCRYPT; 178 else 179 return SE_CFG_AES_DECRYPT; 180 181 case SE_ALG_GMAC: 182 if (encrypt) 183 return SE_CFG_GMAC_ENCRYPT; 184 else 185 return SE_CFG_GMAC_DECRYPT; 186 187 case SE_ALG_GCM: 188 if (encrypt) 189 return SE_CFG_GCM_ENCRYPT; 190 else 191 return SE_CFG_GCM_DECRYPT; 192 193 case SE_ALG_GCM_FINAL: 194 if (encrypt) 195 return SE_CFG_GCM_FINAL_ENCRYPT; 196 else 197 return SE_CFG_GCM_FINAL_DECRYPT; 198 199 case SE_ALG_CMAC: 200 return SE_CFG_CMAC; 201 202 case SE_ALG_CBC_MAC: 203 return SE_AES_ENC_ALG_AES_ENC | 204 SE_AES_DST_HASH_REG; 205 } 206 return -EINVAL; 207 } 208 209 static unsigned int tegra_aes_prep_cmd(struct tegra_aes_ctx *ctx, 210 struct tegra_aes_reqctx *rctx) 211 { 212 unsigned int data_count, res_bits, i = 0, j; 213 struct tegra_se *se = ctx->se; 214 u32 *cpuvaddr = se->cmdbuf->addr; 215 dma_addr_t addr = rctx->datbuf.addr; 216 217 data_count = rctx->len / AES_BLOCK_SIZE; 218 res_bits = (rctx->len % AES_BLOCK_SIZE) * 8; 219 220 /* 221 * Hardware processes data_count + 1 blocks. 222 * Reduce 1 block if there is no residue 223 */ 224 if (!res_bits) 225 data_count--; 226 227 if (rctx->iv) { 228 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 229 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 230 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 231 cpuvaddr[i++] = rctx->iv[j]; 232 } 233 234 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 235 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 236 SE_LAST_BLOCK_RES_BITS(res_bits); 237 238 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 239 cpuvaddr[i++] = rctx->config; 240 cpuvaddr[i++] = rctx->crypto_config; 241 242 /* Source address setting */ 243 cpuvaddr[i++] = lower_32_bits(addr); 244 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(addr)) | SE_ADDR_HI_SZ(rctx->len); 245 246 /* Destination address setting */ 247 cpuvaddr[i++] = lower_32_bits(addr); 248 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(addr)) | 249 SE_ADDR_HI_SZ(rctx->len); 250 251 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 252 cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_LASTBUF | 253 SE_AES_OP_START; 254 255 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 256 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 257 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 258 259 dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 260 261 return i; 262 } 263 264 static int tegra_aes_do_one_req(struct crypto_engine *engine, void *areq) 265 { 266 struct skcipher_request *req = container_of(areq, struct skcipher_request, base); 267 struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); 268 struct tegra_aes_reqctx *rctx = skcipher_request_ctx(req); 269 struct tegra_se *se = ctx->se; 270 unsigned int cmdlen, key1_id, key2_id; 271 int ret; 272 273 rctx->iv = (ctx->alg == SE_ALG_ECB) ? NULL : (u32 *)req->iv; 274 rctx->len = req->cryptlen; 275 key1_id = ctx->key1_id; 276 key2_id = ctx->key2_id; 277 278 /* Pad input to AES Block size */ 279 if (ctx->alg != SE_ALG_XTS) { 280 if (rctx->len % AES_BLOCK_SIZE) 281 rctx->len += AES_BLOCK_SIZE - (rctx->len % AES_BLOCK_SIZE); 282 } 283 284 rctx->datbuf.size = rctx->len; 285 rctx->datbuf.buf = dma_alloc_coherent(se->dev, rctx->datbuf.size, 286 &rctx->datbuf.addr, GFP_KERNEL); 287 if (!rctx->datbuf.buf) { 288 ret = -ENOMEM; 289 goto out_finalize; 290 } 291 292 scatterwalk_map_and_copy(rctx->datbuf.buf, req->src, 0, req->cryptlen, 0); 293 294 rctx->config = tegra234_aes_cfg(ctx->alg, rctx->encrypt); 295 rctx->crypto_config = tegra234_aes_crypto_cfg(ctx->alg, rctx->encrypt); 296 297 if (!key1_id) { 298 ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key1, 299 ctx->keylen, ctx->alg, &key1_id); 300 if (ret) 301 goto out; 302 } 303 304 rctx->crypto_config |= SE_AES_KEY_INDEX(key1_id); 305 306 if (ctx->alg == SE_ALG_XTS) { 307 if (!key2_id) { 308 ret = tegra_key_submit_reserved_xts(ctx->se, ctx->key2, 309 ctx->keylen, ctx->alg, &key2_id); 310 if (ret) 311 goto out; 312 } 313 314 rctx->crypto_config |= SE_AES_KEY2_INDEX(key2_id); 315 } 316 317 /* Prepare the command and submit for execution */ 318 cmdlen = tegra_aes_prep_cmd(ctx, rctx); 319 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 320 321 /* Copy the result */ 322 tegra_aes_update_iv(req, ctx); 323 scatterwalk_map_and_copy(rctx->datbuf.buf, req->dst, 0, req->cryptlen, 1); 324 325 out: 326 /* Free the buffer */ 327 dma_free_coherent(ctx->se->dev, rctx->datbuf.size, 328 rctx->datbuf.buf, rctx->datbuf.addr); 329 330 if (tegra_key_is_reserved(key1_id)) 331 tegra_key_invalidate_reserved(ctx->se, key1_id, ctx->alg); 332 333 if (tegra_key_is_reserved(key2_id)) 334 tegra_key_invalidate_reserved(ctx->se, key2_id, ctx->alg); 335 336 out_finalize: 337 local_bh_disable(); 338 crypto_finalize_skcipher_request(se->engine, req, ret); 339 local_bh_enable(); 340 341 return 0; 342 } 343 344 static int tegra_aes_cra_init(struct crypto_skcipher *tfm) 345 { 346 struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 347 struct skcipher_alg *alg = crypto_skcipher_alg(tfm); 348 struct tegra_se_alg *se_alg; 349 const char *algname; 350 int ret; 351 352 se_alg = container_of(alg, struct tegra_se_alg, alg.skcipher.base); 353 354 crypto_skcipher_set_reqsize(tfm, sizeof(struct tegra_aes_reqctx)); 355 356 ctx->ivsize = crypto_skcipher_ivsize(tfm); 357 ctx->se = se_alg->se_dev; 358 ctx->key1_id = 0; 359 ctx->key2_id = 0; 360 ctx->keylen = 0; 361 362 algname = crypto_tfm_alg_name(&tfm->base); 363 ret = se_algname_to_algid(algname); 364 if (ret < 0) { 365 dev_err(ctx->se->dev, "invalid algorithm\n"); 366 return ret; 367 } 368 369 ctx->alg = ret; 370 371 return 0; 372 } 373 374 static void tegra_aes_cra_exit(struct crypto_skcipher *tfm) 375 { 376 struct tegra_aes_ctx *ctx = crypto_tfm_ctx(&tfm->base); 377 378 if (ctx->key1_id) 379 tegra_key_invalidate(ctx->se, ctx->key1_id, ctx->alg); 380 381 if (ctx->key2_id) 382 tegra_key_invalidate(ctx->se, ctx->key2_id, ctx->alg); 383 } 384 385 static int tegra_aes_setkey(struct crypto_skcipher *tfm, 386 const u8 *key, u32 keylen) 387 { 388 struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 389 int ret; 390 391 if (aes_check_keylen(keylen)) { 392 dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 393 return -EINVAL; 394 } 395 396 ret = tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key1_id); 397 if (ret) { 398 ctx->keylen = keylen; 399 memcpy(ctx->key1, key, keylen); 400 } 401 402 return 0; 403 } 404 405 static int tegra_xts_setkey(struct crypto_skcipher *tfm, 406 const u8 *key, u32 keylen) 407 { 408 struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 409 u32 len = keylen / 2; 410 int ret; 411 412 ret = xts_verify_key(tfm, key, keylen); 413 if (ret || aes_check_keylen(len)) { 414 dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 415 return -EINVAL; 416 } 417 418 ret = tegra_key_submit(ctx->se, key, len, 419 ctx->alg, &ctx->key1_id); 420 if (ret) { 421 ctx->keylen = len; 422 memcpy(ctx->key1, key, len); 423 } 424 425 ret = tegra_key_submit(ctx->se, key + len, len, 426 ctx->alg, &ctx->key2_id); 427 if (ret) { 428 ctx->keylen = len; 429 memcpy(ctx->key2, key + len, len); 430 } 431 432 return 0; 433 } 434 435 static int tegra_aes_kac_manifest(u32 user, u32 alg, u32 keylen) 436 { 437 int manifest; 438 439 manifest = SE_KAC_USER_NS; 440 441 switch (alg) { 442 case SE_ALG_CBC: 443 case SE_ALG_ECB: 444 case SE_ALG_CTR: 445 manifest |= SE_KAC_ENC; 446 break; 447 case SE_ALG_XTS: 448 manifest |= SE_KAC_XTS; 449 break; 450 case SE_ALG_GCM: 451 manifest |= SE_KAC_GCM; 452 break; 453 case SE_ALG_CMAC: 454 manifest |= SE_KAC_CMAC; 455 break; 456 case SE_ALG_CBC_MAC: 457 manifest |= SE_KAC_ENC; 458 break; 459 default: 460 return -EINVAL; 461 } 462 463 switch (keylen) { 464 case AES_KEYSIZE_128: 465 manifest |= SE_KAC_SIZE_128; 466 break; 467 case AES_KEYSIZE_192: 468 manifest |= SE_KAC_SIZE_192; 469 break; 470 case AES_KEYSIZE_256: 471 manifest |= SE_KAC_SIZE_256; 472 break; 473 default: 474 return -EINVAL; 475 } 476 477 return manifest; 478 } 479 480 static int tegra_aes_crypt(struct skcipher_request *req, bool encrypt) 481 482 { 483 struct crypto_skcipher *tfm; 484 struct tegra_aes_ctx *ctx; 485 struct tegra_aes_reqctx *rctx; 486 487 tfm = crypto_skcipher_reqtfm(req); 488 ctx = crypto_skcipher_ctx(tfm); 489 rctx = skcipher_request_ctx(req); 490 491 if (ctx->alg != SE_ALG_XTS) { 492 if (!IS_ALIGNED(req->cryptlen, crypto_skcipher_blocksize(tfm))) { 493 dev_dbg(ctx->se->dev, "invalid length (%d)", req->cryptlen); 494 return -EINVAL; 495 } 496 } else if (req->cryptlen < XTS_BLOCK_SIZE) { 497 dev_dbg(ctx->se->dev, "invalid length (%d)", req->cryptlen); 498 return -EINVAL; 499 } 500 501 if (!req->cryptlen) 502 return 0; 503 504 rctx->encrypt = encrypt; 505 506 return crypto_transfer_skcipher_request_to_engine(ctx->se->engine, req); 507 } 508 509 static int tegra_aes_encrypt(struct skcipher_request *req) 510 { 511 return tegra_aes_crypt(req, true); 512 } 513 514 static int tegra_aes_decrypt(struct skcipher_request *req) 515 { 516 return tegra_aes_crypt(req, false); 517 } 518 519 static struct tegra_se_alg tegra_aes_algs[] = { 520 { 521 .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 522 .alg.skcipher.base = { 523 .init = tegra_aes_cra_init, 524 .exit = tegra_aes_cra_exit, 525 .setkey = tegra_aes_setkey, 526 .encrypt = tegra_aes_encrypt, 527 .decrypt = tegra_aes_decrypt, 528 .min_keysize = AES_MIN_KEY_SIZE, 529 .max_keysize = AES_MAX_KEY_SIZE, 530 .ivsize = AES_BLOCK_SIZE, 531 .base = { 532 .cra_name = "cbc(aes)", 533 .cra_driver_name = "cbc-aes-tegra", 534 .cra_priority = 500, 535 .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, 536 .cra_blocksize = AES_BLOCK_SIZE, 537 .cra_ctxsize = sizeof(struct tegra_aes_ctx), 538 .cra_alignmask = 0xf, 539 .cra_module = THIS_MODULE, 540 }, 541 } 542 }, { 543 .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 544 .alg.skcipher.base = { 545 .init = tegra_aes_cra_init, 546 .exit = tegra_aes_cra_exit, 547 .setkey = tegra_aes_setkey, 548 .encrypt = tegra_aes_encrypt, 549 .decrypt = tegra_aes_decrypt, 550 .min_keysize = AES_MIN_KEY_SIZE, 551 .max_keysize = AES_MAX_KEY_SIZE, 552 .base = { 553 .cra_name = "ecb(aes)", 554 .cra_driver_name = "ecb-aes-tegra", 555 .cra_priority = 500, 556 .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, 557 .cra_blocksize = AES_BLOCK_SIZE, 558 .cra_ctxsize = sizeof(struct tegra_aes_ctx), 559 .cra_alignmask = 0xf, 560 .cra_module = THIS_MODULE, 561 }, 562 } 563 }, { 564 .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 565 .alg.skcipher.base = { 566 .init = tegra_aes_cra_init, 567 .exit = tegra_aes_cra_exit, 568 .setkey = tegra_aes_setkey, 569 .encrypt = tegra_aes_encrypt, 570 .decrypt = tegra_aes_decrypt, 571 .min_keysize = AES_MIN_KEY_SIZE, 572 .max_keysize = AES_MAX_KEY_SIZE, 573 .ivsize = AES_BLOCK_SIZE, 574 .base = { 575 .cra_name = "ctr(aes)", 576 .cra_driver_name = "ctr-aes-tegra", 577 .cra_priority = 500, 578 .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, 579 .cra_blocksize = 1, 580 .cra_ctxsize = sizeof(struct tegra_aes_ctx), 581 .cra_alignmask = 0xf, 582 .cra_module = THIS_MODULE, 583 }, 584 } 585 }, { 586 .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 587 .alg.skcipher.base = { 588 .init = tegra_aes_cra_init, 589 .exit = tegra_aes_cra_exit, 590 .setkey = tegra_xts_setkey, 591 .encrypt = tegra_aes_encrypt, 592 .decrypt = tegra_aes_decrypt, 593 .min_keysize = 2 * AES_MIN_KEY_SIZE, 594 .max_keysize = 2 * AES_MAX_KEY_SIZE, 595 .ivsize = AES_BLOCK_SIZE, 596 .base = { 597 .cra_name = "xts(aes)", 598 .cra_driver_name = "xts-aes-tegra", 599 .cra_priority = 500, 600 .cra_blocksize = AES_BLOCK_SIZE, 601 .cra_ctxsize = sizeof(struct tegra_aes_ctx), 602 .cra_alignmask = (__alignof__(u64) - 1), 603 .cra_module = THIS_MODULE, 604 }, 605 } 606 }, 607 }; 608 609 static unsigned int tegra_gmac_prep_cmd(struct tegra_aead_ctx *ctx, 610 struct tegra_aead_reqctx *rctx) 611 { 612 unsigned int data_count, res_bits, i = 0; 613 struct tegra_se *se = ctx->se; 614 u32 *cpuvaddr = se->cmdbuf->addr; 615 616 data_count = (rctx->assoclen / AES_BLOCK_SIZE); 617 res_bits = (rctx->assoclen % AES_BLOCK_SIZE) * 8; 618 619 /* 620 * Hardware processes data_count + 1 blocks. 621 * Reduce 1 block if there is no residue 622 */ 623 if (!res_bits) 624 data_count--; 625 626 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 627 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 628 SE_LAST_BLOCK_RES_BITS(res_bits); 629 630 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 4); 631 cpuvaddr[i++] = rctx->config; 632 cpuvaddr[i++] = rctx->crypto_config; 633 cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 634 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 635 SE_ADDR_HI_SZ(rctx->assoclen); 636 637 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 638 cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 639 SE_AES_OP_INIT | SE_AES_OP_LASTBUF | 640 SE_AES_OP_START; 641 642 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 643 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 644 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 645 646 return i; 647 } 648 649 static unsigned int tegra_gcm_crypt_prep_cmd(struct tegra_aead_ctx *ctx, 650 struct tegra_aead_reqctx *rctx) 651 { 652 unsigned int data_count, res_bits, i = 0, j; 653 struct tegra_se *se = ctx->se; 654 u32 *cpuvaddr = se->cmdbuf->addr, op; 655 656 data_count = (rctx->cryptlen / AES_BLOCK_SIZE); 657 res_bits = (rctx->cryptlen % AES_BLOCK_SIZE) * 8; 658 op = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 659 SE_AES_OP_LASTBUF | SE_AES_OP_START; 660 661 /* 662 * If there is no assoc data, 663 * this will be the init command 664 */ 665 if (!rctx->assoclen) 666 op |= SE_AES_OP_INIT; 667 668 /* 669 * Hardware processes data_count + 1 blocks. 670 * Reduce 1 block if there is no residue 671 */ 672 if (!res_bits) 673 data_count--; 674 675 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 676 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 677 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 678 cpuvaddr[i++] = rctx->iv[j]; 679 680 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 681 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 682 SE_LAST_BLOCK_RES_BITS(res_bits); 683 684 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 685 cpuvaddr[i++] = rctx->config; 686 cpuvaddr[i++] = rctx->crypto_config; 687 688 /* Source Address */ 689 cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 690 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 691 SE_ADDR_HI_SZ(rctx->cryptlen); 692 693 /* Destination Address */ 694 cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 695 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 696 SE_ADDR_HI_SZ(rctx->cryptlen); 697 698 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 699 cpuvaddr[i++] = op; 700 701 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 702 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 703 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 704 705 dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 706 return i; 707 } 708 709 static int tegra_gcm_prep_final_cmd(struct tegra_se *se, u32 *cpuvaddr, 710 struct tegra_aead_reqctx *rctx) 711 { 712 unsigned int i = 0, j; 713 u32 op; 714 715 op = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 716 SE_AES_OP_LASTBUF | SE_AES_OP_START; 717 718 /* 719 * Set init for zero sized vector 720 */ 721 if (!rctx->assoclen && !rctx->cryptlen) 722 op |= SE_AES_OP_INIT; 723 724 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->aad_len, 2); 725 cpuvaddr[i++] = rctx->assoclen * 8; 726 cpuvaddr[i++] = 0; 727 728 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->cryp_msg_len, 2); 729 cpuvaddr[i++] = rctx->cryptlen * 8; 730 cpuvaddr[i++] = 0; 731 732 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 733 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 734 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 735 cpuvaddr[i++] = rctx->iv[j]; 736 737 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 738 cpuvaddr[i++] = rctx->config; 739 cpuvaddr[i++] = rctx->crypto_config; 740 cpuvaddr[i++] = 0; 741 cpuvaddr[i++] = 0; 742 743 /* Destination Address */ 744 cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 745 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 746 SE_ADDR_HI_SZ(0x10); /* HW always generates 128-bit tag */ 747 748 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 749 cpuvaddr[i++] = op; 750 751 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 752 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 753 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 754 755 dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 756 757 return i; 758 } 759 760 static int tegra_gcm_do_gmac(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 761 { 762 struct tegra_se *se = ctx->se; 763 unsigned int cmdlen; 764 765 scatterwalk_map_and_copy(rctx->inbuf.buf, 766 rctx->src_sg, 0, rctx->assoclen, 0); 767 768 rctx->config = tegra234_aes_cfg(SE_ALG_GMAC, rctx->encrypt); 769 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GMAC, rctx->encrypt) | 770 SE_AES_KEY_INDEX(rctx->key_id); 771 772 cmdlen = tegra_gmac_prep_cmd(ctx, rctx); 773 774 return tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 775 } 776 777 static int tegra_gcm_do_crypt(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 778 { 779 struct tegra_se *se = ctx->se; 780 int cmdlen, ret; 781 782 scatterwalk_map_and_copy(rctx->inbuf.buf, rctx->src_sg, 783 rctx->assoclen, rctx->cryptlen, 0); 784 785 rctx->config = tegra234_aes_cfg(SE_ALG_GCM, rctx->encrypt); 786 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GCM, rctx->encrypt) | 787 SE_AES_KEY_INDEX(rctx->key_id); 788 789 /* Prepare command and submit */ 790 cmdlen = tegra_gcm_crypt_prep_cmd(ctx, rctx); 791 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 792 if (ret) 793 return ret; 794 795 /* Copy the result */ 796 scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 797 rctx->assoclen, rctx->cryptlen, 1); 798 799 return 0; 800 } 801 802 static int tegra_gcm_do_final(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 803 { 804 struct tegra_se *se = ctx->se; 805 u32 *cpuvaddr = se->cmdbuf->addr; 806 int cmdlen, ret, offset; 807 808 rctx->config = tegra234_aes_cfg(SE_ALG_GCM_FINAL, rctx->encrypt); 809 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GCM_FINAL, rctx->encrypt) | 810 SE_AES_KEY_INDEX(rctx->key_id); 811 812 /* Prepare command and submit */ 813 cmdlen = tegra_gcm_prep_final_cmd(se, cpuvaddr, rctx); 814 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 815 if (ret) 816 return ret; 817 818 if (rctx->encrypt) { 819 /* Copy the result */ 820 offset = rctx->assoclen + rctx->cryptlen; 821 scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 822 offset, rctx->authsize, 1); 823 } 824 825 return 0; 826 } 827 828 static int tegra_gcm_do_verify(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 829 { 830 unsigned int offset; 831 u8 mac[16]; 832 833 offset = rctx->assoclen + rctx->cryptlen; 834 scatterwalk_map_and_copy(mac, rctx->src_sg, offset, rctx->authsize, 0); 835 836 if (crypto_memneq(rctx->outbuf.buf, mac, rctx->authsize)) 837 return -EBADMSG; 838 839 return 0; 840 } 841 842 static inline int tegra_ccm_check_iv(const u8 *iv) 843 { 844 /* iv[0] gives value of q-1 845 * 2 <= q <= 8 as per NIST 800-38C notation 846 * 2 <= L <= 8, so 1 <= L' <= 7. as per rfc 3610 notation 847 */ 848 if (iv[0] < 1 || iv[0] > 7) { 849 pr_debug("ccm_check_iv failed %d\n", iv[0]); 850 return -EINVAL; 851 } 852 853 return 0; 854 } 855 856 static unsigned int tegra_cbcmac_prep_cmd(struct tegra_aead_ctx *ctx, 857 struct tegra_aead_reqctx *rctx) 858 { 859 unsigned int data_count, i = 0; 860 struct tegra_se *se = ctx->se; 861 u32 *cpuvaddr = se->cmdbuf->addr; 862 863 data_count = (rctx->inbuf.size / AES_BLOCK_SIZE) - 1; 864 865 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 866 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count); 867 868 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 869 cpuvaddr[i++] = rctx->config; 870 cpuvaddr[i++] = rctx->crypto_config; 871 872 cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 873 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 874 SE_ADDR_HI_SZ(rctx->inbuf.size); 875 876 cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 877 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 878 SE_ADDR_HI_SZ(0x10); /* HW always generates 128 bit tag */ 879 880 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 881 cpuvaddr[i++] = SE_AES_OP_WRSTALL | 882 SE_AES_OP_LASTBUF | SE_AES_OP_START; 883 884 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 885 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 886 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 887 888 return i; 889 } 890 891 static unsigned int tegra_ctr_prep_cmd(struct tegra_aead_ctx *ctx, 892 struct tegra_aead_reqctx *rctx) 893 { 894 unsigned int i = 0, j; 895 struct tegra_se *se = ctx->se; 896 u32 *cpuvaddr = se->cmdbuf->addr; 897 898 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 899 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 900 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 901 cpuvaddr[i++] = rctx->iv[j]; 902 903 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 904 cpuvaddr[i++] = (rctx->inbuf.size / AES_BLOCK_SIZE) - 1; 905 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 906 cpuvaddr[i++] = rctx->config; 907 cpuvaddr[i++] = rctx->crypto_config; 908 909 /* Source address setting */ 910 cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 911 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 912 SE_ADDR_HI_SZ(rctx->inbuf.size); 913 914 /* Destination address setting */ 915 cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 916 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 917 SE_ADDR_HI_SZ(rctx->inbuf.size); 918 919 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 920 cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_LASTBUF | 921 SE_AES_OP_START; 922 923 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 924 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 925 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 926 927 dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", 928 rctx->config, rctx->crypto_config); 929 930 return i; 931 } 932 933 static int tegra_ccm_do_cbcmac(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 934 { 935 struct tegra_se *se = ctx->se; 936 int cmdlen; 937 938 rctx->config = tegra234_aes_cfg(SE_ALG_CBC_MAC, rctx->encrypt); 939 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_CBC_MAC, 940 rctx->encrypt) | 941 SE_AES_KEY_INDEX(rctx->key_id); 942 943 /* Prepare command and submit */ 944 cmdlen = tegra_cbcmac_prep_cmd(ctx, rctx); 945 946 return tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 947 } 948 949 static int tegra_ccm_set_msg_len(u8 *block, unsigned int msglen, int csize) 950 { 951 __be32 data; 952 953 memset(block, 0, csize); 954 block += csize; 955 956 if (csize >= 4) 957 csize = 4; 958 else if (msglen > (1 << (8 * csize))) 959 return -EOVERFLOW; 960 961 data = cpu_to_be32(msglen); 962 memcpy(block - csize, (u8 *)&data + 4 - csize, csize); 963 964 return 0; 965 } 966 967 static int tegra_ccm_format_nonce(struct tegra_aead_reqctx *rctx, u8 *nonce) 968 { 969 unsigned int q, t; 970 u8 *q_ptr, *iv = (u8 *)rctx->iv; 971 972 memcpy(nonce, rctx->iv, 16); 973 974 /*** 1. Prepare Flags Octet ***/ 975 976 /* Encode t (mac length) */ 977 t = rctx->authsize; 978 nonce[0] |= (((t - 2) / 2) << 3); 979 980 /* Adata */ 981 if (rctx->assoclen) 982 nonce[0] |= (1 << 6); 983 984 /*** Encode Q - message length ***/ 985 q = iv[0] + 1; 986 q_ptr = nonce + 16 - q; 987 988 return tegra_ccm_set_msg_len(q_ptr, rctx->cryptlen, q); 989 } 990 991 static int tegra_ccm_format_adata(u8 *adata, unsigned int a) 992 { 993 int len = 0; 994 995 /* add control info for associated data 996 * RFC 3610 and NIST Special Publication 800-38C 997 */ 998 if (a < 65280) { 999 *(__be16 *)adata = cpu_to_be16(a); 1000 len = 2; 1001 } else { 1002 *(__be16 *)adata = cpu_to_be16(0xfffe); 1003 *(__be32 *)&adata[2] = cpu_to_be32(a); 1004 len = 6; 1005 } 1006 1007 return len; 1008 } 1009 1010 static int tegra_ccm_add_padding(u8 *buf, unsigned int len) 1011 { 1012 unsigned int padlen = 16 - (len % 16); 1013 u8 padding[16] = {0}; 1014 1015 if (padlen == 16) 1016 return 0; 1017 1018 memcpy(buf, padding, padlen); 1019 1020 return padlen; 1021 } 1022 1023 static int tegra_ccm_format_blocks(struct tegra_aead_reqctx *rctx) 1024 { 1025 unsigned int alen = 0, offset = 0; 1026 u8 nonce[16], adata[16]; 1027 int ret; 1028 1029 ret = tegra_ccm_format_nonce(rctx, nonce); 1030 if (ret) 1031 return ret; 1032 1033 memcpy(rctx->inbuf.buf, nonce, 16); 1034 offset = 16; 1035 1036 if (rctx->assoclen) { 1037 alen = tegra_ccm_format_adata(adata, rctx->assoclen); 1038 memcpy(rctx->inbuf.buf + offset, adata, alen); 1039 offset += alen; 1040 1041 scatterwalk_map_and_copy(rctx->inbuf.buf + offset, 1042 rctx->src_sg, 0, rctx->assoclen, 0); 1043 1044 offset += rctx->assoclen; 1045 offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, 1046 rctx->assoclen + alen); 1047 } 1048 1049 return offset; 1050 } 1051 1052 static int tegra_ccm_mac_result(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 1053 { 1054 u32 result[16]; 1055 int i, ret; 1056 1057 /* Read and clear Result */ 1058 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1059 result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1060 1061 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1062 writel(0, se->base + se->hw->regs->result + (i * 4)); 1063 1064 if (rctx->encrypt) { 1065 memcpy(rctx->authdata, result, rctx->authsize); 1066 } else { 1067 ret = crypto_memneq(rctx->authdata, result, rctx->authsize); 1068 if (ret) 1069 return -EBADMSG; 1070 } 1071 1072 return 0; 1073 } 1074 1075 static int tegra_ccm_ctr_result(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 1076 { 1077 /* Copy result */ 1078 scatterwalk_map_and_copy(rctx->outbuf.buf + 16, rctx->dst_sg, 1079 rctx->assoclen, rctx->cryptlen, 1); 1080 1081 if (rctx->encrypt) 1082 scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 1083 rctx->assoclen + rctx->cryptlen, 1084 rctx->authsize, 1); 1085 else 1086 memcpy(rctx->authdata, rctx->outbuf.buf, rctx->authsize); 1087 1088 return 0; 1089 } 1090 1091 static int tegra_ccm_compute_auth(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 1092 { 1093 struct tegra_se *se = ctx->se; 1094 struct scatterlist *sg; 1095 int offset, ret; 1096 1097 offset = tegra_ccm_format_blocks(rctx); 1098 if (offset < 0) 1099 return -EINVAL; 1100 1101 /* Copy plain text to the buffer */ 1102 sg = rctx->encrypt ? rctx->src_sg : rctx->dst_sg; 1103 1104 scatterwalk_map_and_copy(rctx->inbuf.buf + offset, 1105 sg, rctx->assoclen, 1106 rctx->cryptlen, 0); 1107 offset += rctx->cryptlen; 1108 offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->cryptlen); 1109 1110 rctx->inbuf.size = offset; 1111 1112 ret = tegra_ccm_do_cbcmac(ctx, rctx); 1113 if (ret) 1114 return ret; 1115 1116 return tegra_ccm_mac_result(se, rctx); 1117 } 1118 1119 static int tegra_ccm_do_ctr(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 1120 { 1121 struct tegra_se *se = ctx->se; 1122 unsigned int cmdlen, offset = 0; 1123 struct scatterlist *sg = rctx->src_sg; 1124 int ret; 1125 1126 rctx->config = tegra234_aes_cfg(SE_ALG_CTR, rctx->encrypt); 1127 rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_CTR, rctx->encrypt) | 1128 SE_AES_KEY_INDEX(rctx->key_id); 1129 1130 /* Copy authdata in the top of buffer for encryption/decryption */ 1131 if (rctx->encrypt) 1132 memcpy(rctx->inbuf.buf, rctx->authdata, rctx->authsize); 1133 else 1134 scatterwalk_map_and_copy(rctx->inbuf.buf, sg, 1135 rctx->assoclen + rctx->cryptlen, 1136 rctx->authsize, 0); 1137 1138 offset += rctx->authsize; 1139 offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->authsize); 1140 1141 /* If there is no cryptlen, proceed to submit the task */ 1142 if (rctx->cryptlen) { 1143 scatterwalk_map_and_copy(rctx->inbuf.buf + offset, sg, 1144 rctx->assoclen, rctx->cryptlen, 0); 1145 offset += rctx->cryptlen; 1146 offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->cryptlen); 1147 } 1148 1149 rctx->inbuf.size = offset; 1150 1151 /* Prepare command and submit */ 1152 cmdlen = tegra_ctr_prep_cmd(ctx, rctx); 1153 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 1154 if (ret) 1155 return ret; 1156 1157 return tegra_ccm_ctr_result(se, rctx); 1158 } 1159 1160 static int tegra_ccm_crypt_init(struct aead_request *req, struct tegra_se *se, 1161 struct tegra_aead_reqctx *rctx) 1162 { 1163 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1164 u8 *iv = (u8 *)rctx->iv; 1165 int ret, i; 1166 1167 rctx->src_sg = req->src; 1168 rctx->dst_sg = req->dst; 1169 rctx->assoclen = req->assoclen; 1170 rctx->authsize = crypto_aead_authsize(tfm); 1171 1172 if (rctx->encrypt) 1173 rctx->cryptlen = req->cryptlen; 1174 else 1175 rctx->cryptlen = req->cryptlen - rctx->authsize; 1176 1177 memcpy(iv, req->iv, 16); 1178 1179 ret = tegra_ccm_check_iv(iv); 1180 if (ret) 1181 return ret; 1182 1183 /* Note: rfc 3610 and NIST 800-38C require counter (ctr_0) of 1184 * zero to encrypt auth tag. 1185 * req->iv has the formatted ctr_0 (i.e. Flags || N || 0). 1186 */ 1187 memset(iv + 15 - iv[0], 0, iv[0] + 1); 1188 1189 /* Clear any previous result */ 1190 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1191 writel(0, se->base + se->hw->regs->result + (i * 4)); 1192 1193 return 0; 1194 } 1195 1196 static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq) 1197 { 1198 struct aead_request *req = container_of(areq, struct aead_request, base); 1199 struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1200 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1201 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1202 struct tegra_se *se = ctx->se; 1203 int ret; 1204 1205 ret = tegra_ccm_crypt_init(req, se, rctx); 1206 if (ret) 1207 goto out_finalize; 1208 1209 rctx->key_id = ctx->key_id; 1210 1211 /* Allocate buffers required */ 1212 rctx->inbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100; 1213 rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->inbuf.size, 1214 &rctx->inbuf.addr, GFP_KERNEL); 1215 if (!rctx->inbuf.buf) 1216 goto out_finalize; 1217 1218 rctx->outbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100; 1219 rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->outbuf.size, 1220 &rctx->outbuf.addr, GFP_KERNEL); 1221 if (!rctx->outbuf.buf) { 1222 ret = -ENOMEM; 1223 goto out_free_inbuf; 1224 } 1225 1226 if (!ctx->key_id) { 1227 ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key, 1228 ctx->keylen, ctx->alg, &rctx->key_id); 1229 if (ret) 1230 goto out; 1231 } 1232 1233 if (rctx->encrypt) { 1234 /* CBC MAC Operation */ 1235 ret = tegra_ccm_compute_auth(ctx, rctx); 1236 if (ret) 1237 goto out; 1238 1239 /* CTR operation */ 1240 ret = tegra_ccm_do_ctr(ctx, rctx); 1241 if (ret) 1242 goto out; 1243 } else { 1244 /* CTR operation */ 1245 ret = tegra_ccm_do_ctr(ctx, rctx); 1246 if (ret) 1247 goto out; 1248 1249 /* CBC MAC Operation */ 1250 ret = tegra_ccm_compute_auth(ctx, rctx); 1251 if (ret) 1252 goto out; 1253 } 1254 1255 out: 1256 dma_free_coherent(ctx->se->dev, rctx->inbuf.size, 1257 rctx->outbuf.buf, rctx->outbuf.addr); 1258 1259 out_free_inbuf: 1260 dma_free_coherent(ctx->se->dev, rctx->outbuf.size, 1261 rctx->inbuf.buf, rctx->inbuf.addr); 1262 1263 if (tegra_key_is_reserved(rctx->key_id)) 1264 tegra_key_invalidate_reserved(ctx->se, rctx->key_id, ctx->alg); 1265 1266 out_finalize: 1267 local_bh_disable(); 1268 crypto_finalize_aead_request(ctx->se->engine, req, ret); 1269 local_bh_enable(); 1270 1271 return 0; 1272 } 1273 1274 static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq) 1275 { 1276 struct aead_request *req = container_of(areq, struct aead_request, base); 1277 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1278 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1279 struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1280 int ret; 1281 1282 rctx->src_sg = req->src; 1283 rctx->dst_sg = req->dst; 1284 rctx->assoclen = req->assoclen; 1285 rctx->authsize = crypto_aead_authsize(tfm); 1286 1287 if (rctx->encrypt) 1288 rctx->cryptlen = req->cryptlen; 1289 else 1290 rctx->cryptlen = req->cryptlen - ctx->authsize; 1291 1292 memcpy(rctx->iv, req->iv, GCM_AES_IV_SIZE); 1293 rctx->iv[3] = (1 << 24); 1294 1295 rctx->key_id = ctx->key_id; 1296 1297 /* Allocate buffers required */ 1298 rctx->inbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen; 1299 rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->inbuf.size, 1300 &rctx->inbuf.addr, GFP_KERNEL); 1301 if (!rctx->inbuf.buf) { 1302 ret = -ENOMEM; 1303 goto out_finalize; 1304 } 1305 1306 rctx->outbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen; 1307 rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->outbuf.size, 1308 &rctx->outbuf.addr, GFP_KERNEL); 1309 if (!rctx->outbuf.buf) { 1310 ret = -ENOMEM; 1311 goto out_free_inbuf; 1312 } 1313 1314 if (!ctx->key_id) { 1315 ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key, 1316 ctx->keylen, ctx->alg, &rctx->key_id); 1317 if (ret) 1318 goto out; 1319 } 1320 1321 /* If there is associated data perform GMAC operation */ 1322 if (rctx->assoclen) { 1323 ret = tegra_gcm_do_gmac(ctx, rctx); 1324 if (ret) 1325 goto out; 1326 } 1327 1328 /* GCM Encryption/Decryption operation */ 1329 if (rctx->cryptlen) { 1330 ret = tegra_gcm_do_crypt(ctx, rctx); 1331 if (ret) 1332 goto out; 1333 } 1334 1335 /* GCM_FINAL operation */ 1336 ret = tegra_gcm_do_final(ctx, rctx); 1337 if (ret) 1338 goto out; 1339 1340 if (!rctx->encrypt) 1341 ret = tegra_gcm_do_verify(ctx->se, rctx); 1342 1343 out: 1344 dma_free_coherent(ctx->se->dev, rctx->outbuf.size, 1345 rctx->outbuf.buf, rctx->outbuf.addr); 1346 1347 out_free_inbuf: 1348 dma_free_coherent(ctx->se->dev, rctx->inbuf.size, 1349 rctx->inbuf.buf, rctx->inbuf.addr); 1350 1351 if (tegra_key_is_reserved(rctx->key_id)) 1352 tegra_key_invalidate_reserved(ctx->se, rctx->key_id, ctx->alg); 1353 1354 out_finalize: 1355 local_bh_disable(); 1356 crypto_finalize_aead_request(ctx->se->engine, req, ret); 1357 local_bh_enable(); 1358 1359 return 0; 1360 } 1361 1362 static int tegra_aead_cra_init(struct crypto_aead *tfm) 1363 { 1364 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1365 struct aead_alg *alg = crypto_aead_alg(tfm); 1366 struct tegra_se_alg *se_alg; 1367 const char *algname; 1368 int ret; 1369 1370 algname = crypto_tfm_alg_name(&tfm->base); 1371 1372 se_alg = container_of(alg, struct tegra_se_alg, alg.aead.base); 1373 1374 crypto_aead_set_reqsize(tfm, sizeof(struct tegra_aead_reqctx)); 1375 1376 ctx->se = se_alg->se_dev; 1377 ctx->key_id = 0; 1378 ctx->keylen = 0; 1379 1380 ret = se_algname_to_algid(algname); 1381 if (ret < 0) { 1382 dev_err(ctx->se->dev, "invalid algorithm\n"); 1383 return ret; 1384 } 1385 1386 ctx->alg = ret; 1387 1388 return 0; 1389 } 1390 1391 static int tegra_ccm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 1392 { 1393 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1394 1395 switch (authsize) { 1396 case 4: 1397 case 6: 1398 case 8: 1399 case 10: 1400 case 12: 1401 case 14: 1402 case 16: 1403 break; 1404 default: 1405 return -EINVAL; 1406 } 1407 1408 ctx->authsize = authsize; 1409 1410 return 0; 1411 } 1412 1413 static int tegra_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 1414 { 1415 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1416 int ret; 1417 1418 ret = crypto_gcm_check_authsize(authsize); 1419 if (ret) 1420 return ret; 1421 1422 ctx->authsize = authsize; 1423 1424 return 0; 1425 } 1426 1427 static void tegra_aead_cra_exit(struct crypto_aead *tfm) 1428 { 1429 struct tegra_aead_ctx *ctx = crypto_tfm_ctx(&tfm->base); 1430 1431 if (ctx->key_id) 1432 tegra_key_invalidate(ctx->se, ctx->key_id, ctx->alg); 1433 } 1434 1435 static int tegra_aead_crypt(struct aead_request *req, bool encrypt) 1436 { 1437 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1438 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1439 struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1440 1441 rctx->encrypt = encrypt; 1442 1443 return crypto_transfer_aead_request_to_engine(ctx->se->engine, req); 1444 } 1445 1446 static int tegra_aead_encrypt(struct aead_request *req) 1447 { 1448 return tegra_aead_crypt(req, true); 1449 } 1450 1451 static int tegra_aead_decrypt(struct aead_request *req) 1452 { 1453 return tegra_aead_crypt(req, false); 1454 } 1455 1456 static int tegra_aead_setkey(struct crypto_aead *tfm, 1457 const u8 *key, u32 keylen) 1458 { 1459 struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1460 int ret; 1461 1462 if (aes_check_keylen(keylen)) { 1463 dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 1464 return -EINVAL; 1465 } 1466 1467 ret = tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key_id); 1468 if (ret) { 1469 ctx->keylen = keylen; 1470 memcpy(ctx->key, key, keylen); 1471 } 1472 1473 return 0; 1474 } 1475 1476 static unsigned int tegra_cmac_prep_cmd(struct tegra_cmac_ctx *ctx, 1477 struct tegra_cmac_reqctx *rctx) 1478 { 1479 unsigned int data_count, res_bits = 0, i = 0, j; 1480 struct tegra_se *se = ctx->se; 1481 u32 *cpuvaddr = se->cmdbuf->addr, op; 1482 1483 data_count = (rctx->datbuf.size / AES_BLOCK_SIZE); 1484 1485 op = SE_AES_OP_WRSTALL | SE_AES_OP_START | SE_AES_OP_LASTBUF; 1486 1487 if (!(rctx->task & SHA_UPDATE)) { 1488 op |= SE_AES_OP_FINAL; 1489 res_bits = (rctx->datbuf.size % AES_BLOCK_SIZE) * 8; 1490 } 1491 1492 if (!res_bits && data_count) 1493 data_count--; 1494 1495 if (rctx->task & SHA_FIRST) { 1496 rctx->task &= ~SHA_FIRST; 1497 1498 cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 1499 cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 1500 /* Load 0 IV */ 1501 for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 1502 cpuvaddr[i++] = 0; 1503 } 1504 1505 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 1506 cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 1507 SE_LAST_BLOCK_RES_BITS(res_bits); 1508 1509 cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 1510 cpuvaddr[i++] = rctx->config; 1511 cpuvaddr[i++] = rctx->crypto_config; 1512 1513 /* Source Address */ 1514 cpuvaddr[i++] = lower_32_bits(rctx->datbuf.addr); 1515 cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->datbuf.addr)) | 1516 SE_ADDR_HI_SZ(rctx->datbuf.size); 1517 cpuvaddr[i++] = 0; 1518 cpuvaddr[i++] = SE_ADDR_HI_SZ(AES_BLOCK_SIZE); 1519 1520 cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 1521 cpuvaddr[i++] = op; 1522 1523 cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 1524 cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 1525 host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 1526 1527 return i; 1528 } 1529 1530 static void tegra_cmac_copy_result(struct tegra_se *se, struct tegra_cmac_reqctx *rctx) 1531 { 1532 int i; 1533 1534 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1535 rctx->result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1536 } 1537 1538 static void tegra_cmac_paste_result(struct tegra_se *se, struct tegra_cmac_reqctx *rctx) 1539 { 1540 int i; 1541 1542 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1543 writel(rctx->result[i], 1544 se->base + se->hw->regs->result + (i * 4)); 1545 } 1546 1547 static int tegra_cmac_do_init(struct ahash_request *req) 1548 { 1549 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1550 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1551 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1552 struct tegra_se *se = ctx->se; 1553 int i; 1554 1555 rctx->total_len = 0; 1556 rctx->datbuf.size = 0; 1557 rctx->residue.size = 0; 1558 rctx->key_id = ctx->key_id; 1559 rctx->task |= SHA_FIRST; 1560 rctx->blk_size = crypto_ahash_blocksize(tfm); 1561 1562 rctx->residue.buf = dma_alloc_coherent(se->dev, rctx->blk_size * 2, 1563 &rctx->residue.addr, GFP_KERNEL); 1564 if (!rctx->residue.buf) 1565 return -ENOMEM; 1566 1567 rctx->residue.size = 0; 1568 1569 /* Clear any previous result */ 1570 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1571 writel(0, se->base + se->hw->regs->result + (i * 4)); 1572 1573 return 0; 1574 } 1575 1576 static int tegra_cmac_do_update(struct ahash_request *req) 1577 { 1578 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1579 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1580 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1581 struct tegra_se *se = ctx->se; 1582 unsigned int nblks, nresidue, cmdlen; 1583 int ret; 1584 1585 if (!req->nbytes) 1586 return 0; 1587 1588 nresidue = (req->nbytes + rctx->residue.size) % rctx->blk_size; 1589 nblks = (req->nbytes + rctx->residue.size) / rctx->blk_size; 1590 1591 /* 1592 * Reserve the last block as residue during final() to process. 1593 */ 1594 if (!nresidue && nblks) { 1595 nresidue += rctx->blk_size; 1596 nblks--; 1597 } 1598 1599 rctx->src_sg = req->src; 1600 rctx->datbuf.size = (req->nbytes + rctx->residue.size) - nresidue; 1601 rctx->total_len += rctx->datbuf.size; 1602 rctx->config = tegra234_aes_cfg(SE_ALG_CMAC, 0); 1603 rctx->crypto_config = SE_AES_KEY_INDEX(rctx->key_id); 1604 1605 /* 1606 * Keep one block and residue bytes in residue and 1607 * return. The bytes will be processed in final() 1608 */ 1609 if (nblks < 1) { 1610 scatterwalk_map_and_copy(rctx->residue.buf + rctx->residue.size, 1611 rctx->src_sg, 0, req->nbytes, 0); 1612 1613 rctx->residue.size += req->nbytes; 1614 return 0; 1615 } 1616 1617 rctx->datbuf.buf = dma_alloc_coherent(se->dev, rctx->datbuf.size, 1618 &rctx->datbuf.addr, GFP_KERNEL); 1619 if (!rctx->datbuf.buf) 1620 return -ENOMEM; 1621 1622 /* Copy the previous residue first */ 1623 if (rctx->residue.size) 1624 memcpy(rctx->datbuf.buf, rctx->residue.buf, rctx->residue.size); 1625 1626 scatterwalk_map_and_copy(rctx->datbuf.buf + rctx->residue.size, 1627 rctx->src_sg, 0, req->nbytes - nresidue, 0); 1628 1629 scatterwalk_map_and_copy(rctx->residue.buf, rctx->src_sg, 1630 req->nbytes - nresidue, nresidue, 0); 1631 1632 /* Update residue value with the residue after current block */ 1633 rctx->residue.size = nresidue; 1634 1635 /* 1636 * If this is not the first task, paste the previous copied 1637 * intermediate results to the registers so that it gets picked up. 1638 */ 1639 if (!(rctx->task & SHA_FIRST)) 1640 tegra_cmac_paste_result(ctx->se, rctx); 1641 1642 cmdlen = tegra_cmac_prep_cmd(ctx, rctx); 1643 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 1644 1645 tegra_cmac_copy_result(ctx->se, rctx); 1646 1647 dma_free_coherent(ctx->se->dev, rctx->datbuf.size, 1648 rctx->datbuf.buf, rctx->datbuf.addr); 1649 1650 return ret; 1651 } 1652 1653 static int tegra_cmac_do_final(struct ahash_request *req) 1654 { 1655 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1656 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1657 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1658 struct tegra_se *se = ctx->se; 1659 u32 *result = (u32 *)req->result; 1660 int ret = 0, i, cmdlen; 1661 1662 if (!req->nbytes && !rctx->total_len && ctx->fallback_tfm) { 1663 return crypto_shash_tfm_digest(ctx->fallback_tfm, 1664 NULL, 0, req->result); 1665 } 1666 1667 if (rctx->residue.size) { 1668 rctx->datbuf.buf = dma_alloc_coherent(se->dev, rctx->residue.size, 1669 &rctx->datbuf.addr, GFP_KERNEL); 1670 if (!rctx->datbuf.buf) { 1671 ret = -ENOMEM; 1672 goto out_free; 1673 } 1674 1675 memcpy(rctx->datbuf.buf, rctx->residue.buf, rctx->residue.size); 1676 } 1677 1678 rctx->datbuf.size = rctx->residue.size; 1679 rctx->total_len += rctx->residue.size; 1680 rctx->config = tegra234_aes_cfg(SE_ALG_CMAC, 0); 1681 1682 /* 1683 * If this is not the first task, paste the previous copied 1684 * intermediate results to the registers so that it gets picked up. 1685 */ 1686 if (!(rctx->task & SHA_FIRST)) 1687 tegra_cmac_paste_result(ctx->se, rctx); 1688 1689 /* Prepare command and submit */ 1690 cmdlen = tegra_cmac_prep_cmd(ctx, rctx); 1691 ret = tegra_se_host1x_submit(se, se->cmdbuf, cmdlen); 1692 if (ret) 1693 goto out; 1694 1695 /* Read and clear Result register */ 1696 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1697 result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1698 1699 for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1700 writel(0, se->base + se->hw->regs->result + (i * 4)); 1701 1702 out: 1703 if (rctx->residue.size) 1704 dma_free_coherent(se->dev, rctx->datbuf.size, 1705 rctx->datbuf.buf, rctx->datbuf.addr); 1706 out_free: 1707 dma_free_coherent(se->dev, crypto_ahash_blocksize(tfm) * 2, 1708 rctx->residue.buf, rctx->residue.addr); 1709 return ret; 1710 } 1711 1712 static int tegra_cmac_do_one_req(struct crypto_engine *engine, void *areq) 1713 { 1714 struct ahash_request *req = ahash_request_cast(areq); 1715 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1716 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1717 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1718 struct tegra_se *se = ctx->se; 1719 int ret = 0; 1720 1721 if (rctx->task & SHA_INIT) { 1722 ret = tegra_cmac_do_init(req); 1723 if (ret) 1724 goto out; 1725 1726 rctx->task &= ~SHA_INIT; 1727 } 1728 1729 if (!ctx->key_id) { 1730 ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key, 1731 ctx->keylen, ctx->alg, &rctx->key_id); 1732 if (ret) 1733 goto out; 1734 } 1735 1736 if (rctx->task & SHA_UPDATE) { 1737 ret = tegra_cmac_do_update(req); 1738 if (ret) 1739 goto out; 1740 1741 rctx->task &= ~SHA_UPDATE; 1742 } 1743 1744 if (rctx->task & SHA_FINAL) { 1745 ret = tegra_cmac_do_final(req); 1746 if (ret) 1747 goto out; 1748 1749 rctx->task &= ~SHA_FINAL; 1750 } 1751 out: 1752 if (tegra_key_is_reserved(rctx->key_id)) 1753 tegra_key_invalidate_reserved(ctx->se, rctx->key_id, ctx->alg); 1754 1755 local_bh_disable(); 1756 crypto_finalize_hash_request(se->engine, req, ret); 1757 local_bh_enable(); 1758 1759 return 0; 1760 } 1761 1762 static void tegra_cmac_init_fallback(struct crypto_ahash *tfm, struct tegra_cmac_ctx *ctx, 1763 const char *algname) 1764 { 1765 unsigned int statesize; 1766 1767 ctx->fallback_tfm = crypto_alloc_shash(algname, 0, CRYPTO_ALG_NEED_FALLBACK); 1768 1769 if (IS_ERR(ctx->fallback_tfm)) { 1770 dev_warn(ctx->se->dev, "failed to allocate fallback for %s\n", algname); 1771 ctx->fallback_tfm = NULL; 1772 return; 1773 } 1774 1775 statesize = crypto_shash_statesize(ctx->fallback_tfm); 1776 1777 if (statesize > sizeof(struct tegra_cmac_reqctx)) 1778 crypto_ahash_set_statesize(tfm, statesize); 1779 } 1780 1781 static int tegra_cmac_cra_init(struct crypto_tfm *tfm) 1782 { 1783 struct tegra_cmac_ctx *ctx = crypto_tfm_ctx(tfm); 1784 struct crypto_ahash *ahash_tfm = __crypto_ahash_cast(tfm); 1785 struct ahash_alg *alg = __crypto_ahash_alg(tfm->__crt_alg); 1786 struct tegra_se_alg *se_alg; 1787 const char *algname; 1788 int ret; 1789 1790 algname = crypto_tfm_alg_name(tfm); 1791 se_alg = container_of(alg, struct tegra_se_alg, alg.ahash.base); 1792 1793 crypto_ahash_set_reqsize(ahash_tfm, sizeof(struct tegra_cmac_reqctx)); 1794 1795 ctx->se = se_alg->se_dev; 1796 ctx->key_id = 0; 1797 ctx->keylen = 0; 1798 1799 ret = se_algname_to_algid(algname); 1800 if (ret < 0) { 1801 dev_err(ctx->se->dev, "invalid algorithm\n"); 1802 return ret; 1803 } 1804 1805 ctx->alg = ret; 1806 1807 tegra_cmac_init_fallback(ahash_tfm, ctx, algname); 1808 1809 return 0; 1810 } 1811 1812 static void tegra_cmac_cra_exit(struct crypto_tfm *tfm) 1813 { 1814 struct tegra_cmac_ctx *ctx = crypto_tfm_ctx(tfm); 1815 1816 if (ctx->fallback_tfm) 1817 crypto_free_shash(ctx->fallback_tfm); 1818 1819 tegra_key_invalidate(ctx->se, ctx->key_id, ctx->alg); 1820 } 1821 1822 static int tegra_cmac_setkey(struct crypto_ahash *tfm, const u8 *key, 1823 unsigned int keylen) 1824 { 1825 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1826 int ret; 1827 1828 if (aes_check_keylen(keylen)) { 1829 dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 1830 return -EINVAL; 1831 } 1832 1833 if (ctx->fallback_tfm) 1834 crypto_shash_setkey(ctx->fallback_tfm, key, keylen); 1835 1836 ret = tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key_id); 1837 if (ret) { 1838 ctx->keylen = keylen; 1839 memcpy(ctx->key, key, keylen); 1840 } 1841 1842 return 0; 1843 } 1844 1845 static int tegra_cmac_init(struct ahash_request *req) 1846 { 1847 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1848 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1849 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1850 1851 rctx->task = SHA_INIT; 1852 1853 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1854 } 1855 1856 static int tegra_cmac_update(struct ahash_request *req) 1857 { 1858 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1859 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1860 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1861 1862 rctx->task |= SHA_UPDATE; 1863 1864 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1865 } 1866 1867 static int tegra_cmac_final(struct ahash_request *req) 1868 { 1869 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1870 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1871 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1872 1873 rctx->task |= SHA_FINAL; 1874 1875 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1876 } 1877 1878 static int tegra_cmac_finup(struct ahash_request *req) 1879 { 1880 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1881 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1882 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1883 1884 rctx->task |= SHA_UPDATE | SHA_FINAL; 1885 1886 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1887 } 1888 1889 static int tegra_cmac_digest(struct ahash_request *req) 1890 { 1891 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1892 struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1893 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1894 1895 rctx->task |= SHA_INIT | SHA_UPDATE | SHA_FINAL; 1896 1897 return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1898 } 1899 1900 static int tegra_cmac_export(struct ahash_request *req, void *out) 1901 { 1902 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1903 1904 memcpy(out, rctx, sizeof(*rctx)); 1905 1906 return 0; 1907 } 1908 1909 static int tegra_cmac_import(struct ahash_request *req, const void *in) 1910 { 1911 struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1912 1913 memcpy(rctx, in, sizeof(*rctx)); 1914 1915 return 0; 1916 } 1917 1918 static struct tegra_se_alg tegra_aead_algs[] = { 1919 { 1920 .alg.aead.op.do_one_request = tegra_gcm_do_one_req, 1921 .alg.aead.base = { 1922 .init = tegra_aead_cra_init, 1923 .exit = tegra_aead_cra_exit, 1924 .setkey = tegra_aead_setkey, 1925 .setauthsize = tegra_gcm_setauthsize, 1926 .encrypt = tegra_aead_encrypt, 1927 .decrypt = tegra_aead_decrypt, 1928 .maxauthsize = AES_BLOCK_SIZE, 1929 .ivsize = GCM_AES_IV_SIZE, 1930 .base = { 1931 .cra_name = "gcm(aes)", 1932 .cra_driver_name = "gcm-aes-tegra", 1933 .cra_priority = 500, 1934 .cra_blocksize = 1, 1935 .cra_ctxsize = sizeof(struct tegra_aead_ctx), 1936 .cra_alignmask = 0xf, 1937 .cra_module = THIS_MODULE, 1938 }, 1939 } 1940 }, { 1941 .alg.aead.op.do_one_request = tegra_ccm_do_one_req, 1942 .alg.aead.base = { 1943 .init = tegra_aead_cra_init, 1944 .exit = tegra_aead_cra_exit, 1945 .setkey = tegra_aead_setkey, 1946 .setauthsize = tegra_ccm_setauthsize, 1947 .encrypt = tegra_aead_encrypt, 1948 .decrypt = tegra_aead_decrypt, 1949 .maxauthsize = AES_BLOCK_SIZE, 1950 .ivsize = AES_BLOCK_SIZE, 1951 .chunksize = AES_BLOCK_SIZE, 1952 .base = { 1953 .cra_name = "ccm(aes)", 1954 .cra_driver_name = "ccm-aes-tegra", 1955 .cra_priority = 500, 1956 .cra_blocksize = 1, 1957 .cra_ctxsize = sizeof(struct tegra_aead_ctx), 1958 .cra_alignmask = 0xf, 1959 .cra_module = THIS_MODULE, 1960 }, 1961 } 1962 } 1963 }; 1964 1965 static struct tegra_se_alg tegra_cmac_algs[] = { 1966 { 1967 .alg.ahash.op.do_one_request = tegra_cmac_do_one_req, 1968 .alg.ahash.base = { 1969 .init = tegra_cmac_init, 1970 .setkey = tegra_cmac_setkey, 1971 .update = tegra_cmac_update, 1972 .final = tegra_cmac_final, 1973 .finup = tegra_cmac_finup, 1974 .digest = tegra_cmac_digest, 1975 .export = tegra_cmac_export, 1976 .import = tegra_cmac_import, 1977 .halg.digestsize = AES_BLOCK_SIZE, 1978 .halg.statesize = sizeof(struct tegra_cmac_reqctx), 1979 .halg.base = { 1980 .cra_name = "cmac(aes)", 1981 .cra_driver_name = "tegra-se-cmac", 1982 .cra_priority = 300, 1983 .cra_flags = CRYPTO_ALG_TYPE_AHASH, 1984 .cra_blocksize = AES_BLOCK_SIZE, 1985 .cra_ctxsize = sizeof(struct tegra_cmac_ctx), 1986 .cra_alignmask = 0, 1987 .cra_module = THIS_MODULE, 1988 .cra_init = tegra_cmac_cra_init, 1989 .cra_exit = tegra_cmac_cra_exit, 1990 } 1991 } 1992 } 1993 }; 1994 1995 int tegra_init_aes(struct tegra_se *se) 1996 { 1997 struct aead_engine_alg *aead_alg; 1998 struct ahash_engine_alg *ahash_alg; 1999 struct skcipher_engine_alg *sk_alg; 2000 int i, ret; 2001 2002 se->manifest = tegra_aes_kac_manifest; 2003 2004 for (i = 0; i < ARRAY_SIZE(tegra_aes_algs); i++) { 2005 sk_alg = &tegra_aes_algs[i].alg.skcipher; 2006 tegra_aes_algs[i].se_dev = se; 2007 2008 ret = crypto_engine_register_skcipher(sk_alg); 2009 if (ret) { 2010 dev_err(se->dev, "failed to register %s\n", 2011 sk_alg->base.base.cra_name); 2012 goto err_aes; 2013 } 2014 } 2015 2016 for (i = 0; i < ARRAY_SIZE(tegra_aead_algs); i++) { 2017 aead_alg = &tegra_aead_algs[i].alg.aead; 2018 tegra_aead_algs[i].se_dev = se; 2019 2020 ret = crypto_engine_register_aead(aead_alg); 2021 if (ret) { 2022 dev_err(se->dev, "failed to register %s\n", 2023 aead_alg->base.base.cra_name); 2024 goto err_aead; 2025 } 2026 } 2027 2028 for (i = 0; i < ARRAY_SIZE(tegra_cmac_algs); i++) { 2029 ahash_alg = &tegra_cmac_algs[i].alg.ahash; 2030 tegra_cmac_algs[i].se_dev = se; 2031 2032 ret = crypto_engine_register_ahash(ahash_alg); 2033 if (ret) { 2034 dev_err(se->dev, "failed to register %s\n", 2035 ahash_alg->base.halg.base.cra_name); 2036 goto err_cmac; 2037 } 2038 } 2039 2040 return 0; 2041 2042 err_cmac: 2043 while (i--) 2044 crypto_engine_unregister_ahash(&tegra_cmac_algs[i].alg.ahash); 2045 2046 i = ARRAY_SIZE(tegra_aead_algs); 2047 err_aead: 2048 while (i--) 2049 crypto_engine_unregister_aead(&tegra_aead_algs[i].alg.aead); 2050 2051 i = ARRAY_SIZE(tegra_aes_algs); 2052 err_aes: 2053 while (i--) 2054 crypto_engine_unregister_skcipher(&tegra_aes_algs[i].alg.skcipher); 2055 2056 return ret; 2057 } 2058 2059 void tegra_deinit_aes(struct tegra_se *se) 2060 { 2061 int i; 2062 2063 for (i = 0; i < ARRAY_SIZE(tegra_aes_algs); i++) 2064 crypto_engine_unregister_skcipher(&tegra_aes_algs[i].alg.skcipher); 2065 2066 for (i = 0; i < ARRAY_SIZE(tegra_aead_algs); i++) 2067 crypto_engine_unregister_aead(&tegra_aead_algs[i].alg.aead); 2068 2069 for (i = 0; i < ARRAY_SIZE(tegra_cmac_algs); i++) 2070 crypto_engine_unregister_ahash(&tegra_cmac_algs[i].alg.ahash); 2071 } 2072