diff options
Diffstat (limited to 'drivers/crypto/amcc/crypto4xx_alg.c')
| -rw-r--r-- | drivers/crypto/amcc/crypto4xx_alg.c | 3846 |
1 files changed, 3820 insertions, 26 deletions
diff --git a/drivers/crypto/amcc/crypto4xx_alg.c b/drivers/crypto/amcc/crypto4xx_alg.c index a33243c17b0..9d81d8f7571 100644 --- a/drivers/crypto/amcc/crypto4xx_alg.c +++ b/drivers/crypto/amcc/crypto4xx_alg.c @@ -20,18 +20,39 @@ #include <linux/kernel.h> #include <linux/interrupt.h> #include <linux/spinlock_types.h> +#include <linux/highmem.h> #include <linux/scatterlist.h> #include <linux/crypto.h> #include <linux/hash.h> #include <crypto/internal/hash.h> +#include <crypto/aead.h> #include <linux/dma-mapping.h> +#include <linux/pci.h> #include <crypto/algapi.h> #include <crypto/aes.h> +#include <crypto/des.h> #include <crypto/sha.h> +#include <crypto/authenc.h> +#include <net/ip.h> + #include "crypto4xx_reg_def.h" #include "crypto4xx_sa.h" #include "crypto4xx_core.h" +#define DEBUG_CRYPTESP 1 +#ifdef DEBUG_CRYPTESP +# define ESP_PHD print_hex_dump +#else +# define ESP_PHD(arg...) +#endif + +#ifdef DEBUG_CRYPTESP + +#define ESP_PRINTK printk +#else +#define ESP_PRINTK(KERN_INFO arg...) +#endif + void set_dynamic_sa_command_0(struct dynamic_sa_ctl *sa, u32 save_h, u32 save_iv, u32 ld_h, u32 ld_iv, u32 hdr_proc, u32 h, u32 c, u32 pad_type, u32 op_grp, u32 op, @@ -56,11 +77,11 @@ void set_dynamic_sa_command_1(struct dynamic_sa_ctl *sa, u32 cm, u32 hmac_mc, u32 cfb, u32 esn, u32 sn_mask, u32 mute, u32 cp_pad, u32 cp_pay, u32 cp_hdr) { - sa->sa_command_1.w = 0; sa->sa_command_1.bf.crypto_mode31 = (cm & 4) >> 2; - sa->sa_command_1.bf.crypto_mode9_8 = cm & 3; + sa->sa_command_1.bf.crypto_mode9_8 = (cm & 3); sa->sa_command_1.bf.feedback_mode = cfb, sa->sa_command_1.bf.sa_rev = 1; + sa->sa_command_1.bf.hmac_muting = hmac_mc; sa->sa_command_1.bf.extended_seq_num = esn; sa->sa_command_1.bf.seq_num_mask = sn_mask; sa->sa_command_1.bf.mutable_bit_proc = mute; @@ -69,6 +90,423 @@ void set_dynamic_sa_command_1(struct dynamic_sa_ctl *sa, u32 cm, u32 hmac_mc, sa->sa_command_1.bf.copy_hdr = cp_hdr; } +/** Table lookup for SA Hash Digest length and + * Hash Contents (based on Hash type) + */ +unsigned int crypto4xx_sa_hash_tbl[3][HASH_ALG_MAX_CNT] = { + /* Hash Contents */ + { SA_HASH128_CONTENTS, SA_HASH160_CONTENTS, SA_HASH256_CONTENTS, + SA_HASH256_CONTENTS, SA_HASH512_CONTENTS, SA_HASH512_CONTENTS }, + /* Digest len */ + {4 * 4, 5 * 4, 7 * 4, 8 * 4, 12 * 4, 16 * 4}, + /* SA Length */ + { SA_HASH128_LEN, SA_HASH160_LEN, SA_HASH256_LEN, SA_HASH256_LEN, + SA_HASH512_LEN, SA_HASH512_LEN } +}; + +/** Table lookup for Hash Algorithms based on Hash type, used in + * crypto4xx_pre_compute_hmac() + */ +char *crypto4xx_hash_alg_map_tbl[HASH_ALG_MAX_CNT] = CRYPTO4XX_MAC_ALGS; + +static void crypto4xx_sg_setbuf(unsigned char *data, size_t bufsize, + struct scatterlist *sg, int sg_num) +{ + int remainder_of_page; + int i = 0; + + sg_init_table(sg, sg_num); + while (bufsize > 0 && i < sg_num) { + sg_set_buf(&sg[i], data, bufsize); + remainder_of_page = PAGE_SIZE - sg[i].offset; + if (bufsize > remainder_of_page) { + /* the buffer was split over multiple pages */ + sg[i].length = remainder_of_page; + bufsize -= remainder_of_page; + data += remainder_of_page; + } else { + bufsize = 0; + } + i++; + } +} + +int crypto4xx_pre_compute_hmac(struct crypto4xx_ctx *ctx, + void *key, + unsigned int keylen, + unsigned int bs, + unsigned char ha, + unsigned char digs) +{ + u8 *ipad = NULL; + u8 *opad; + struct crypto_hash *child_hash = NULL; + struct hash_desc desc; + struct scatterlist sg[1]; + struct scatterlist asg[2]; + struct crypto_tfm *child_tfm; + char *child_name = NULL; + int i, rc = 0; + int ds; + + BUG_ON(ha >= HASH_ALG_MAX_CNT); + child_name = crypto4xx_hash_alg_map_tbl[ha]; + child_hash = crypto_alloc_hash(child_name, 0, 0); + if (IS_ERR(child_hash)) { + rc = PTR_ERR(child_hash); + printk(KERN_ERR "failed to load " + "transform for %s error %d\n", + child_name, rc); + return rc; + } + + ipad = kmalloc(bs * 2, GFP_KERNEL); + if (ipad == NULL) { + crypto_free_hash(child_hash); + return -ENOMEM; + } + + opad = ipad + bs; + child_tfm = crypto_hash_tfm(child_hash); + ds = crypto_hash_digestsize(child_hash); + desc.tfm = child_hash; + desc.flags = 0; + if (keylen > bs) { + crypto4xx_sg_setbuf(key, keylen, asg, 2); + rc = crypto_hash_init(&desc); + if (rc < 0) + goto err_alg_hash_key; + rc = crypto_hash_update(&desc, asg, keylen); + if (rc < 0) + goto err_alg_hash_key; + rc = crypto_hash_final(&desc, ipad); + keylen = ds; + } else { + memcpy(ipad, key, keylen); + } + memset(ipad + keylen, 0, bs-keylen); + memcpy(opad, ipad, bs); + + for (i = 0; i < bs; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + + sg_init_one(&sg[0], ipad, bs); + rc = crypto_hash_init(&desc); + if (rc < 0) + goto err_alg_hash_key; + rc = crypto_hash_update(&desc, sg, bs); + if (rc < 0) + goto err_alg_hash_key; + + if (ha == SA_HASH_ALG_SHA224) + ds = SHA256_DIGEST_SIZE; + else if (ha == SA_HASH_ALG_SHA384) + ds = SHA512_DIGEST_SIZE; + + crypto_hash_partial(&desc, ipad); + crypto4xx_memcpy_le(ctx->sa_in + + get_dynamic_sa_offset_inner_digest(ctx), ipad, ds); + + sg_init_one(&sg[0], opad, bs); + rc = crypto_hash_init(&desc); + if (rc < 0) + goto err_alg_hash_key; + + rc = crypto_hash_update(&desc, sg, bs); + if (rc < 0) + goto err_alg_hash_key; + + crypto_hash_partial(&desc, opad); + crypto4xx_memcpy_le(ctx->sa_in + + get_dynamic_sa_offset_outer_digest(ctx), opad, ds); + +err_alg_hash_key: + kfree(ipad); + crypto_free_hash(child_hash); + return rc; +} + +int crypto4xx_pre_compute_ssl_mac(struct crypto4xx_ctx *ctx, + void *key, + unsigned int keylen, + unsigned int bs, + unsigned char ha) + +{ + u8 *ipad; + u8 *opad; + struct crypto_hash *child_hash = NULL; + struct hash_desc desc; + struct scatterlist sg[1]; + struct crypto_tfm *child_tfm; + unsigned char *digest = NULL; + int padsize = 0; + char *child_name = NULL; + int i, rc = 0; + int ds; + + digest = kmalloc(bs, GFP_KERNEL); + if (digest == NULL) { + rc = -ENOMEM; + goto err_nomem; + } + + if (ha == SA_HASH_ALG_MD5) { + child_name = "md5"; + padsize = 48; + } else if (ha == SA_HASH_ALG_SHA1) { + child_name = "sha1"; + padsize = 40; + } + + child_hash = crypto_alloc_hash(child_name, 0, 0); + if (IS_ERR(child_hash)) { + rc = PTR_ERR(child_hash); + printk(KERN_ERR + "failed to load transform for %s error %d\n", + child_name, rc); + goto err_alg; + } + + child_tfm = crypto_hash_tfm(child_hash); + ds = crypto_hash_digestsize(child_hash); + desc.tfm = child_hash; + desc.flags = 0; + + if (keylen > bs) { + sg_init_one(&sg[0], key, keylen); + rc = crypto_hash_init(&desc); + if (rc < 0) + goto err_alg_hash_key; + rc = crypto_hash_update(&desc, &sg[0], keylen); + if (rc < 0) + goto err_alg_hash_key; + rc = crypto_hash_final(&desc, digest); + key = digest; + keylen = ds; + } + + ipad = kmalloc(bs * 4, GFP_KERNEL); + if (ipad == NULL) + goto err_nomem; + + memcpy(ipad, key, keylen); + memset(ipad + keylen, 0, bs); + opad = ipad + bs; + memcpy(opad, ipad, bs); + + for (i = 0; i < bs; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + + sg_init_one(&sg[0], ipad, bs); + rc = crypto_hash_init(&desc); + if (rc < 0) + goto err_alg_hash_key; + rc = crypto_hash_update(&desc, sg, bs); + if (rc < 0) + goto err_alg_hash_key; + + crypto_hash_partial(&desc, digest); + memcpy(ctx->sa_in + get_dynamic_sa_offset_inner_digest(ctx), digest, ds); + + sg_init_one(&sg[0], opad, bs); + rc = crypto_hash_init(&desc); + if (rc < 0) + goto err_alg_hash_key; + rc = crypto_hash_update(&desc, sg, bs); + if (rc < 0) + goto err_alg_hash_key; + + crypto_hash_partial(&desc, digest); + memcpy(ctx->sa_in + get_dynamic_sa_offset_outer_digest(ctx), digest, ds); + +err_alg_hash_key: + crypto_free_hash(child_hash); +err_alg: + kfree(digest); +err_nomem: + return rc; +} + +int crypto4xx_compute_gcm_hash_key_sw(struct crypto4xx_ctx *ctx, + const u8 *key, + unsigned int keylen) +{ + struct crypto_blkcipher *aes_tfm = NULL; + struct blkcipher_desc desc; + struct scatterlist sg[1]; + char src[16]; + int rc = 0; + + aes_tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(aes_tfm)) { + printk(KERN_ERR "failed to load transform for %ld\n", + PTR_ERR(aes_tfm)); + rc = PTR_ERR(aes_tfm); + return rc; + } + desc.tfm = aes_tfm; + desc.flags = 0; + + memset(src, 0, 16); + rc = crypto_blkcipher_setkey(aes_tfm, key, keylen); + if (rc) { + printk(KERN_ERR "setkey() failed flags=%x\n", + crypto_blkcipher_get_flags(aes_tfm)); + goto out; + } + + sg_init_one(sg, src, 16); + rc = crypto_blkcipher_encrypt(&desc, sg, sg, 16); + if (rc) + goto out; + crypto4xx_memcpy_le(ctx->sa_in + + get_dynamic_sa_offset_inner_digest(ctx), src, 16); + +out: + crypto_free_blkcipher(aes_tfm); + return rc; +} + +/** + * 3DES/DES Functions + * + */ +static int crypto4xx_setkey_3des(struct crypto_ablkcipher *cipher, + const u8 *key, + unsigned int keylen, + unsigned char cm, + unsigned char fb) +{ + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto_alg *alg = tfm->__crt_alg; + struct crypto4xx_alg *my_alg = crypto_alg_to_crypto4xx_alg(alg); + struct dynamic_sa_ctl *sa; + int rc; + + ctx->dev = my_alg->dev; + + if (keylen != DES_KEY_SIZE && keylen != DES3_EDE_KEY_SIZE) { + crypto_ablkcipher_set_flags(cipher, + CRYPTO_TFM_RES_BAD_KEY_LEN); + + return -EINVAL; + } + + if (keylen == DES_KEY_SIZE) { + u32 tmp[32]; + rc = des_ekey(tmp, key); + if (unlikely(rc == 0) && + (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + crypto_ablkcipher_set_flags(cipher, + CRYPTO_TFM_RES_WEAK_KEY); + return -EINVAL; + } + } + + /* Create SA */ + if (ctx->sa_in_dma_addr || ctx->sa_out_dma_addr) + crypto4xx_free_sa(ctx); + + rc = crypto4xx_alloc_sa(ctx, keylen == 8 ? SA_DES_LEN : SA_3DES_LEN); + if (rc) + return rc; + /* + * state record will state in base ctx, so iv and + * hash result can be reused + * also don't need to alloc each packet coming + */ + if (ctx->state_record_dma_addr == 0) { + rc = crypto4xx_alloc_state_record(ctx); + if (rc) { + crypto4xx_free_sa(ctx); + return rc; + } + } + + /* Setup SA */ + ctx->direction = DIR_INBOUND; + ctx->hash_final = 0; + + sa = (struct dynamic_sa_ctl *) ctx->sa_in; + set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, + SA_NO_HEADER_PROC, SA_HASH_ALG_NULL, + SA_CIPHER_ALG_DES, + SA_PAD_TYPE_ZERO, SA_OP_GROUP_BASIC, + SA_OPCODE_DECRYPT, DIR_INBOUND); + + set_dynamic_sa_command_1(sa, cm, SA_HASH_MODE_HASH, + fb, SA_EXTENDED_SN_OFF, + SA_SEQ_MASK_OFF, SA_MC_ENABLE, + SA_NOT_COPY_PAD, SA_COPY_PAYLOAD, + SA_NOT_COPY_HDR); + + if (keylen == DES_KEY_SIZE) { + crypto4xx_memcpy_le(((struct dynamic_sa_des *) sa)->key, + key, keylen); + ((struct dynamic_sa_des *)sa)->ctrl.sa_contents = + SA_DES_CONTENTS; + sa->sa_command_0.bf.cipher_alg = SA_CIPHER_ALG_DES; + } else { + crypto4xx_memcpy_le(((struct dynamic_sa_3des *) sa)->key, + key, keylen); + ((struct dynamic_sa_3des *)sa)->ctrl.sa_contents = + SA_3DES_CONTENTS; + sa->sa_command_0.bf.cipher_alg = SA_CIPHER_ALG_3DES; + } + + memcpy((void *)(ctx->sa_in + + get_dynamic_sa_offset_state_ptr_field(ctx)), + (void *)&ctx->state_record_dma_addr, 4); + ctx->offset_to_sr_ptr = get_dynamic_sa_offset_state_ptr_field(ctx); + ctx->is_hash = 0; + sa->sa_command_0.bf.dir = DIR_INBOUND; + memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4); + sa = (struct dynamic_sa_ctl *) ctx->sa_out; + sa->sa_command_0.bf.dir = DIR_OUTBOUND; + + return 0; +} + +int crypto4xx_setkey_3des_cfb(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + return crypto4xx_setkey_3des(cipher, key, keylen, + CRYPTO_MODE_CFB, + CRYPTO_FEEDBACK_MODE_8BIT_CFB); +} + +int crypto4xx_setkey_3des_ofb(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + return crypto4xx_setkey_3des(cipher, key, keylen, + CRYPTO_MODE_OFB, + CRYPTO_FEEDBACK_MODE_64BIT_OFB); +} + +int crypto4xx_setkey_3des_cbc(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + return crypto4xx_setkey_3des(cipher, key, keylen, + CRYPTO_MODE_CBC, + CRYPTO_FEEDBACK_MODE_NO_FB); +} + +int crypto4xx_setkey_3des_ecb(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + return crypto4xx_setkey_3des(cipher, key, keylen, + CRYPTO_MODE_ECB, + CRYPTO_FEEDBACK_MODE_NO_FB); +} + + int crypto4xx_encrypt(struct ablkcipher_request *req) { struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); @@ -79,22 +517,54 @@ int crypto4xx_encrypt(struct ablkcipher_request *req) ctx->pd_ctl = 0x1; return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, - req->nbytes, req->info, - get_dynamic_sa_iv_size(ctx)); + req->nbytes, NULL, 0, req->info, + get_dynamic_sa_iv_size(ctx)); } int crypto4xx_decrypt(struct ablkcipher_request *req) { struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + ctx->hash_final = 0; + ctx->is_hash = 0; + ctx->pd_ctl = 0x1; ctx->direction = DIR_INBOUND; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->nbytes, NULL, 0, req->info, + get_dynamic_sa_iv_size(ctx)); +} + +int crypto4xx_encrypt_ctr(struct ablkcipher_request *req) +{ + struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + ctx->hash_final = 0; ctx->is_hash = 0; - ctx->pd_ctl = 1; + ctx->pd_ctl = 0x1; + ctx->direction = DIR_OUTBOUND; return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, - req->nbytes, req->info, - get_dynamic_sa_iv_size(ctx)); + req->nbytes, NULL, 0, + req->info, + crypto_ablkcipher_ivsize(ablkcipher)); +} + +int crypto4xx_decrypt_ctr(struct ablkcipher_request *req) +{ + struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + + ctx->hash_final = 0; + ctx->is_hash = 0; + ctx->pd_ctl = 0x1; + ctx->direction = DIR_INBOUND; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->nbytes, NULL, 0, + req->info, + crypto_ablkcipher_ivsize(ablkcipher)); } /** @@ -106,11 +576,15 @@ static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher, unsigned char cm, u8 fb) { - struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); - struct dynamic_sa_ctl *sa; + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto_alg *alg = tfm->__crt_alg; + struct crypto4xx_alg *my_alg = crypto_alg_to_crypto4xx_alg(alg); + struct dynamic_sa_ctl *sa; int rc; + ctx->dev = my_alg->dev; + if (keylen != AES_KEYSIZE_256 && keylen != AES_KEYSIZE_192 && keylen != AES_KEYSIZE_128) { crypto_ablkcipher_set_flags(cipher, @@ -162,10 +636,17 @@ static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher, memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4); sa = (struct dynamic_sa_ctl *) ctx->sa_out; sa->sa_command_0.bf.dir = DIR_OUTBOUND; - + return 0; } +int crypto4xx_setkey_aes_ecb(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_ECB, + CRYPTO_FEEDBACK_MODE_NO_FB); +} + int crypto4xx_setkey_aes_cbc(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int keylen) { @@ -173,19 +654,716 @@ int crypto4xx_setkey_aes_cbc(struct crypto_ablkcipher *cipher, CRYPTO_FEEDBACK_MODE_NO_FB); } +int crypto4xx_setkey_aes_ctr(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto_alg *alg = tfm->__crt_alg; + struct crypto4xx_alg *my_alg = crypto_alg_to_crypto4xx_alg(alg); + struct dynamic_sa_ctl *sa; + u32 cnt = 1; + int rc; + u32 cm = CRYPTO_MODE_AES_CTR; + + ctx->dev = my_alg->dev; + + keylen -= 4; + /* Create SA */ + if (ctx->sa_in_dma_addr || ctx->sa_out_dma_addr) + crypto4xx_free_sa(ctx); + + if (keylen != AES_KEYSIZE_256 && + keylen != AES_KEYSIZE_192 && keylen != AES_KEYSIZE_128) { + crypto_ablkcipher_set_flags(cipher, + CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + rc = crypto4xx_alloc_sa(ctx, SA_AES128_LEN + (keylen-16) / 4); + if (rc) + return rc; + + if (ctx->state_record_dma_addr == 0) { + rc = crypto4xx_alloc_state_record(ctx); + if (rc) { + crypto4xx_free_sa(ctx); + return rc; + } + } + + sa = (struct dynamic_sa_ctl *) ctx->sa_in; + ctx->hash_final = 0; + ctx->ctr_aes = 1; + /* Setup SA */ + set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, + SA_NO_HEADER_PROC, SA_HASH_ALG_NULL, + SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO, + SA_OP_GROUP_BASIC, SA_OPCODE_ENCRYPT, + DIR_INBOUND); + set_dynamic_sa_command_1(sa, cm, SA_HASH_MODE_HASH, + CRYPTO_FEEDBACK_MODE_NO_FB, + SA_EXTENDED_SN_OFF, SA_SEQ_MASK_OFF, + SA_MC_ENABLE, SA_NOT_COPY_PAD, + SA_NOT_COPY_PAYLOAD, + SA_NOT_COPY_HDR); + + crypto4xx_memcpy_le(ctx->sa_in + get_dynamic_sa_offset_key_field(ctx), + key, keylen); + sa->sa_contents = SA_AES_CONTENTS | (keylen << 2); + sa->sa_command_1.bf.key_len = keylen >> 3; + + ctx->direction = DIR_INBOUND; + memcpy(ctx->sa_in + get_dynamic_sa_offset_state_ptr_field(ctx), + (void *)&ctx->state_record_dma_addr, 4); + ctx->offset_to_sr_ptr = get_dynamic_sa_offset_state_ptr_field(ctx); + + crypto4xx_memcpy_le(ctx->state_record, key + keylen, 4); + crypto4xx_memcpy_le(ctx->state_record + 12, (void *)&cnt, 4); + + sa->sa_command_0.bf.dir = DIR_INBOUND; + + memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4); + sa = (struct dynamic_sa_ctl *) ctx->sa_out; + sa->sa_command_0.bf.dir = DIR_OUTBOUND; + + return 0; +} + +int crypto4xx_setkey_aes_cfb(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_CFB, + CRYPTO_FEEDBACK_MODE_128BIT_CFB); +} + +int crypto4xx_setkey_aes_ofb(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_OFB, + CRYPTO_FEEDBACK_MODE_64BIT_OFB); +} + +int crypto4xx_setkey_aes_icm(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen) +{ + return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_AES_ICM, + CRYPTO_FEEDBACK_MODE_NO_FB); +} + +/** + * AES-GCM Functions + */ +static inline int crypto4xx_aes_gcm_validate_keylen(unsigned int keylen) +{ + switch (keylen) { + case 16: + case 20: + case 24: + case 30: + case 32: + case 36: + return 0; + default: + printk(KERN_ERR "crypto4xx_setkey_aes_gcm: " + "ERROR keylen = 0x%08x\n", keylen); + return -EINVAL; + } + return -EINVAL; +} + +int crypto4xx_setkey_aes_gcm(struct crypto_aead *cipher, + const u8 *key, unsigned int keylen) + +{ + struct crypto_tfm *tfm = crypto_aead_tfm(cipher); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto_alg *alg = tfm->__crt_alg; + struct crypto4xx_alg *my_alg = crypto_alg_to_crypto4xx_alg(alg); + struct dynamic_sa_ctl *sa; + int rc = 0; + + u32 cm = 4; + + ctx->dev = my_alg->dev; + + if (crypto4xx_aes_gcm_validate_keylen(keylen) != 0) { + printk(KERN_ERR "crypto4xx_setkey_aes_gcm:" + "ERROR keylen = 0x%08x\n", keylen); + crypto_aead_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + if (ctx->sa_in_dma_addr || ctx->sa_out_dma_addr) + crypto4xx_free_sa(ctx); + + rc = crypto4xx_alloc_sa(ctx, SA_AES128_GCM_LEN + (keylen-16) / 4); + if (rc) + return rc; + + if (ctx->state_record_dma_addr == 0) { + rc = crypto4xx_alloc_state_record(ctx); + if (rc) + goto err; + } + + sa = (struct dynamic_sa_ctl *) ctx->sa_in; + + sa->sa_contents = SA_AES_GCM_CONTENTS | (keylen << 2); + sa->sa_command_1.bf.key_len = keylen >> 3; + + ctx->direction = DIR_INBOUND; + crypto4xx_memcpy_le(ctx->sa_in + get_dynamic_sa_offset_key_field(ctx), + key, keylen); + + memcpy(ctx->sa_in + get_dynamic_sa_offset_state_ptr_field(ctx), + (void *)&ctx->state_record_dma_addr, 4); + + rc = crypto4xx_compute_gcm_hash_key_sw(ctx, key, keylen); + if (rc) { + printk(KERN_ERR "GCM hash key setting failed = %d\n", rc); + goto err; + } + + ctx->offset_to_sr_ptr = get_dynamic_sa_offset_state_ptr_field(ctx); + ctx->is_gcm = 1; + ctx->hash_final = 1; + ctx->is_hash = 0; + ctx->pd_ctl = 0x11; + + set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV, + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, + SA_NO_HEADER_PROC, SA_HASH_ALG_GHASH, + SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO, + SA_OP_GROUP_BASIC, SA_OPCODE_HASH_DECRYPT, + DIR_INBOUND); + + sa->sa_command_1.bf.crypto_mode31 = (cm & 4) >> 2; + sa->sa_command_1.bf.crypto_mode9_8 = (cm & 3); + sa->sa_command_1.bf.feedback_mode = 0; + + sa->sa_command_1.bf.hash_crypto_offset = 0; + sa->sa_command_1.bf.sa_rev = 1; + sa->sa_command_1.bf.copy_payload = 1; + + sa->sa_command_1.bf.copy_pad = 0; + sa->sa_command_1.bf.copy_hdr = 0; + sa->sa_command_1.bf.mutable_bit_proc = 1; + sa->sa_command_1.bf.seq_num_mask = 1; + + memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4); + sa = (struct dynamic_sa_ctl *) ctx->sa_out; + sa->sa_command_0.bf.dir = DIR_OUTBOUND; + sa->sa_command_0.bf.opcode = SA_OPCODE_ENCRYPT_HASH; + + return 0; +err: + crypto4xx_free_sa(ctx); + return rc; +} + +int crypto4xx_encrypt_aes_gcm(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + + ctx->direction = DIR_OUTBOUND; + ctx->append_icv = 1; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->cryptlen, req->assoc, req->assoclen, + req->iv, crypto_aead_ivsize(aead)); +} + +int crypto4xx_decrypt_aes_gcm(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + int len = req->cryptlen - crypto_aead_authsize(aead); + + ctx->direction = DIR_INBOUND; + ctx->append_icv = 0; + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + len, req->assoc, req->assoclen, + req->iv, crypto_aead_ivsize(aead)); +} + +int crypto4xx_givencrypt_aes_gcm(struct aead_givcrypt_request *req) +{ + return -ENOSYS; +} + +int crypto4xx_givdecrypt_aes_gcm(struct aead_givcrypt_request *req) +{ + return -ENOSYS; +} + +/** + * AES-CCM Functions + */ +int crypto4xx_setauthsize_aes(struct crypto_aead *ciper, + unsigned int authsize) +{ + struct aead_tfm *tfm = crypto_aead_crt(ciper); + + switch (authsize) { + case 8: + case 12: + case 16: + case 10: + break; + default: + return -EINVAL; + } + + tfm->authsize = authsize; + return 0; +} + +int crypto4xx_setkey_aes_ccm(struct crypto_aead *cipher, const u8 *key, + unsigned int keylen) +{ + struct crypto_tfm *tfm = crypto_aead_tfm(cipher); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto_alg *alg = tfm->__crt_alg; + struct crypto4xx_alg *my_alg = crypto_alg_to_crypto4xx_alg(alg); + struct dynamic_sa_ctl *sa; + int rc = 0; + + ctx->dev = my_alg->dev; + + if (ctx->sa_in_dma_addr || ctx->sa_out_dma_addr) + crypto4xx_free_sa(ctx); + + rc = crypto4xx_alloc_sa(ctx, SA_AES128_CCM_LEN + (keylen-16) / 4); + if (rc) + return rc; + + if (ctx->state_record_dma_addr == 0) { + rc = crypto4xx_alloc_state_record(ctx); + if (rc) { + crypto4xx_free_sa(ctx); + return rc; + } + } + + /* Setup SA */ + sa = (struct dynamic_sa_ctl *) ctx->sa_in; + sa->sa_contents = SA_AES_CCM_CONTENTS | (keylen << 2); + + set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, + SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC, + SA_CIPHER_ALG_AES, + SA_PAD_TYPE_ZERO, SA_OP_GROUP_BASIC, + SA_OPCODE_HASH_DECRYPT, DIR_INBOUND); + + sa->sa_command_0.bf.digest_len = 0; + sa->sa_command_1.bf.key_len = keylen >> 3; + ctx->direction = DIR_INBOUND; + ctx->append_icv = 0; + ctx->is_gcm = 0; + ctx->hash_final = 1; + ctx->is_hash = 0; + ctx->pd_ctl = 0x11; + + crypto4xx_memcpy_le(ctx->sa_in + get_dynamic_sa_offset_key_field(ctx), + key, keylen); + memcpy(ctx->sa_in + get_dynamic_sa_offset_state_ptr_field(ctx), + (void *)&ctx->state_record_dma_addr, 4); + ctx->offset_to_sr_ptr = get_dynamic_sa_offset_state_ptr_field(ctx); + + set_dynamic_sa_command_1(sa, CRYPTO_MODE_AES_CTR, SA_HASH_MODE_HASH, + CRYPTO_FEEDBACK_MODE_NO_FB, SA_EXTENDED_SN_OFF, + SA_SEQ_MASK_OFF, SA_MC_ENABLE, + SA_NOT_COPY_PAD, SA_COPY_PAYLOAD, + SA_NOT_COPY_HDR); + + memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4); + sa = (struct dynamic_sa_ctl *) ctx->sa_out; + set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV, + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, + SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC, + SA_CIPHER_ALG_AES, + SA_PAD_TYPE_ZERO, SA_OP_GROUP_BASIC, + SA_OPCODE_ENCRYPT_HASH, DIR_OUTBOUND); + set_dynamic_sa_command_1(sa, CRYPTO_MODE_AES_CTR, SA_HASH_MODE_HASH, + CRYPTO_FEEDBACK_MODE_NO_FB, SA_EXTENDED_SN_OFF, + SA_SEQ_MASK_OFF, SA_MC_ENABLE, + SA_NOT_COPY_PAD, SA_COPY_PAYLOAD, + SA_NOT_COPY_HDR); + + return 0; +} + +int crypto4xx_encrypt_aes_ccm(struct aead_request *req) +{ + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct dynamic_sa_ctl *sa; + + ctx->direction = DIR_OUTBOUND; + + sa = (struct dynamic_sa_ctl *) ctx->sa_out; + if (req->assoclen) + sa->sa_command_1.bf.hash_crypto_offset = req->assoclen >> 2; + + sa->sa_command_0.bf.digest_len = (crypto_aead_authsize(aead) >> 2); + if ((req->iv[0] & 7) == 1) + sa->sa_command_1.bf.crypto_mode9_8 = 1; + + ctx->append_icv = 1; + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->cryptlen, req->assoc, req->assoclen, + req->iv, 16); +} + +int crypto4xx_decrypt_aes_ccm(struct aead_request *req) +{ + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct dynamic_sa_ctl *sa; + + /* Support only counter field length of 2 and 4 bytes */ + if ((req->iv[0] & 0x7) != 1 && (req->iv[0] & 0x7) != 3) { + printk(KERN_ERR "algorithm AES-CCM " + "unsupported counter length %d\n", + req->iv[0] & 0x7); + return -EINVAL; + } + + ctx->direction = DIR_INBOUND; + sa = (struct dynamic_sa_ctl *) ctx->sa_in; + + sa->sa_command_0.bf.digest_len = (crypto_aead_authsize(aead) >> 2); + if ((req->iv[0] & 7) == 1) + sa->sa_command_1.bf.crypto_mode9_8 = 1; + else + sa->sa_command_1.bf.crypto_mode9_8 = 0; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->cryptlen, req->assoc, req->assoclen, + req->iv, 16); +} + +int crypto4xx_givencrypt_aes_ccm(struct aead_givcrypt_request *req) +{ + return -ENOSYS; +} + +int crypto4xx_givdecrypt_aes_ccm(struct aead_givcrypt_request *req) +{ + return -ENOSYS; +} + /** - * HASH SHA1 Functions + * Kasumi Functions + * + */ +int crypto4xx_setkey_kasumi(struct crypto_ablkcipher *cipher, + const u8 *key, + unsigned int keylen, + unsigned char cm) +{ + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto_alg *alg = tfm->__crt_alg; + struct crypto4xx_alg *my_alg = crypto_alg_to_crypto4xx_alg(alg); + struct dynamic_sa_ctl *sa; + u32 sa_len = 0; + int rc; + + if (keylen != 16) { + crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); + printk(KERN_ERR "%s: keylen fail\n", __func__); + return -EINVAL; + } + + ctx->dev = my_alg->dev; + + /* Create SA - SA is created here as the alg init function is + * common to many algorithm and it does not have the SA length + * as it is specify to an algorithm. See setkey function has + * to be called for encryption/decryption algorithm once, + * it is okay to do this here. + */ + if (ctx->sa_in_dma_addr || ctx->sa_out_dma_addr) + crypto4xx_free_sa(ctx); + + if (cm == CRYPTO_MODE_KASUMI) + sa_len = SA_KASUMI_LEN; + else if (cm == CRYPTO_MODE_KASUMI_f8) + sa_len = SA_KASUMI_F8_LEN; + + rc = crypto4xx_alloc_sa(ctx, sa_len); + if (rc) + return rc; + + if (!ctx->state_record) { + rc = crypto4xx_alloc_state_record(ctx); + if (rc) { + crypto4xx_free_sa(ctx); + return rc; + } + } + + sa = (struct dynamic_sa_ctl *) ctx->sa_in; + /* Setup SA - SA is a shared resource for request operation. As + * crypto alg and crypto mode can not be change, it should be + * ok to store them there. SA control words are not used by the + * hardware (configured in token instead), we use it to store + * software algorithm and mode selected. + */ + + if (cm == CRYPTO_MODE_KASUMI) { + sa->sa_contents = SA_KASUMI_CONTENTS; + sa->sa_command_0.bf.cipher_alg = SA_CIPHER_ALG_KASUMI; + sa->sa_command_0.bf.hash_alg = SA_HASH_ALG_NULL; + sa->sa_command_0.bf.pad_type = 3; /* set to zero padding */ + sa->sa_command_0.bf.opcode = 0; + sa->sa_command_1.bf.crypto_mode31 = (cm & 4) >> 2; + sa->sa_command_1.bf.crypto_mode9_8 = (cm & 3); + sa->sa_command_1.bf.feedback_mode = 0; + } else { + sa->sa_contents = SA_KASUMI_F8_CONTENTS; + sa->sa_command_0.bf.cipher_alg = SA_CIPHER_ALG_KASUMI; + sa->sa_command_0.bf.hash_alg = SA_HASH_ALG_NULL; + sa->sa_command_0.bf.pad_type = 3; + sa->sa_command_0.bf.load_iv = SA_LOAD_IV_FROM_STATE; + sa->sa_command_0.bf.opcode = SA_OPCODE_ENCRYPT; + sa->sa_command_1.bf.crypto_mode31 = (cm & 4) >> 2;; + sa->sa_command_1.bf.crypto_mode9_8 = (cm & 3); + sa->sa_command_1.bf.feedback_mode = 0; + sa->sa_command_1.bf.mutable_bit_proc = 1; + } + + ctx->direction = DIR_INBOUND; + sa->sa_command_1.bf.sa_rev = 1; + crypto4xx_memcpy_le(ctx->sa_in + get_dynamic_sa_offset_key_field(ctx), + key, keylen); + ctx->is_hash = 0; + + memcpy(ctx->sa_in + get_dynamic_sa_offset_state_ptr_field(ctx), + (void *)&ctx->state_record_dma_addr, 4); + ctx->offset_to_sr_ptr = get_dynamic_sa_offset_state_ptr_field(ctx); + sa->sa_command_0.bf.dir = DIR_INBOUND; + + memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4); + sa = (struct dynamic_sa_ctl *) ctx->sa_out; + sa->sa_command_0.bf.dir = DIR_OUTBOUND; + + return 0; +} + +int crypto4xx_setkey_kasumi_p(struct crypto_ablkcipher *cipher, + const u8 *key, + unsigned int keylen) +{ + return crypto4xx_setkey_kasumi(cipher, key, keylen, + CRYPTO_MODE_KASUMI); +} + +int crypto4xx_setkey_kasumi_f8(struct crypto_ablkcipher *cipher, + const u8 *key, + unsigned int keylen) +{ + return crypto4xx_setkey_kasumi(cipher, key, keylen, + CRYPTO_MODE_KASUMI_f8); +} + +/** + * Kasumi and Kasumi f8 work with number of bits. + * The crypto engine can only take number bytes as source/destination length + * User should round up bit number to byte number. When receive the result + * packet and then mask off the extra bits in the last + * byte. + */ +int crypto4xx_encrypt_kasumi(struct ablkcipher_request *req) +{ + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + ctx->direction = DIR_OUTBOUND; + ctx->pd_ctl = 0x1; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->nbytes, NULL, 0, NULL, 0); +} + +/** + * Kasumi and Kasumi f8 work with number of bits. + * The crypto engine can only take number bytes as source/destination length + * User should round up bit number to byte number. + * When receive the result packet and then mask off the extra bits in the last + * byte. + */ +int crypto4xx_decrypt_kasumi(struct aead_request *req) +{ + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + + ctx->pd_ctl = 0x1; + ctx->direction = DIR_INBOUND; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->cryptlen, NULL, 0, NULL, 0); +} + +/** + * Kasumi and Kasumi f8 work with number of bits. + * The crypto engine can only take number bytes as source/destination length + * The user should round up bit number to byte number. + * When receive the result packet and then mask + * off the extra bits in the last byte. + */ +int crypto4xx_encrypt_kasumi_f8(struct ablkcipher_request *req) +{ + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + + ctx->direction = DIR_OUTBOUND; + ctx->is_hash = 0; + ctx->pd_ctl = 0x1; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->nbytes, NULL, 0, req->info, 8); +} + +/** Note: + * Kasumi and Kasumi f8 work with number of bits. + * The crypto engine can only take number b |