caamalg.c 95 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655
  1. // SPDX-License-Identifier: GPL-2.0+
  2. /*
  3. * caam - Freescale FSL CAAM support for crypto API
  4. *
  5. * Copyright 2008-2011 Freescale Semiconductor, Inc.
  6. * Copyright 2016-2019 NXP
  7. *
  8. * Based on talitos crypto API driver.
  9. *
  10. * relationship of job descriptors to shared descriptors (SteveC Dec 10 2008):
  11. *
  12. * --------------- ---------------
  13. * | JobDesc #1 |-------------------->| ShareDesc |
  14. * | *(packet 1) | | (PDB) |
  15. * --------------- |------------->| (hashKey) |
  16. * . | | (cipherKey) |
  17. * . | |-------->| (operation) |
  18. * --------------- | | ---------------
  19. * | JobDesc #2 |------| |
  20. * | *(packet 2) | |
  21. * --------------- |
  22. * . |
  23. * . |
  24. * --------------- |
  25. * | JobDesc #3 |------------
  26. * | *(packet 3) |
  27. * ---------------
  28. *
  29. * The SharedDesc never changes for a connection unless rekeyed, but
  30. * each packet will likely be in a different place. So all we need
  31. * to know to process the packet is where the input is, where the
  32. * output goes, and what context we want to process with. Context is
  33. * in the SharedDesc, packet references in the JobDesc.
  34. *
  35. * So, a job desc looks like:
  36. *
  37. * ---------------------
  38. * | Header |
  39. * | ShareDesc Pointer |
  40. * | SEQ_OUT_PTR |
  41. * | (output buffer) |
  42. * | (output length) |
  43. * | SEQ_IN_PTR |
  44. * | (input buffer) |
  45. * | (input length) |
  46. * ---------------------
  47. */
  48. #include "compat.h"
  49. #include "regs.h"
  50. #include "intern.h"
  51. #include "desc_constr.h"
  52. #include "jr.h"
  53. #include "error.h"
  54. #include "sg_sw_sec4.h"
  55. #include "key_gen.h"
  56. #include "caamalg_desc.h"
  57. /*
  58. * crypto alg
  59. */
  60. #define CAAM_CRA_PRIORITY 3000
  61. /* max key is sum of AES_MAX_KEY_SIZE, max split key size */
  62. #define CAAM_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + \
  63. CTR_RFC3686_NONCE_SIZE + \
  64. SHA512_DIGEST_SIZE * 2)
  65. #define AEAD_DESC_JOB_IO_LEN (DESC_JOB_IO_LEN + CAAM_CMD_SZ * 2)
  66. #define GCM_DESC_JOB_IO_LEN (AEAD_DESC_JOB_IO_LEN + \
  67. CAAM_CMD_SZ * 4)
  68. #define AUTHENC_DESC_JOB_IO_LEN (AEAD_DESC_JOB_IO_LEN + \
  69. CAAM_CMD_SZ * 5)
  70. #define CHACHAPOLY_DESC_JOB_IO_LEN (AEAD_DESC_JOB_IO_LEN + CAAM_CMD_SZ * 6)
  71. #define DESC_MAX_USED_BYTES (CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN_MIN)
  72. #define DESC_MAX_USED_LEN (DESC_MAX_USED_BYTES / CAAM_CMD_SZ)
  73. struct caam_alg_entry {
  74. int class1_alg_type;
  75. int class2_alg_type;
  76. bool rfc3686;
  77. bool geniv;
  78. bool nodkp;
  79. };
  80. struct caam_aead_alg {
  81. struct aead_alg aead;
  82. struct caam_alg_entry caam;
  83. bool registered;
  84. };
  85. struct caam_skcipher_alg {
  86. struct skcipher_alg skcipher;
  87. struct caam_alg_entry caam;
  88. bool registered;
  89. };
  90. /*
  91. * per-session context
  92. */
  93. struct caam_ctx {
  94. u32 sh_desc_enc[DESC_MAX_USED_LEN];
  95. u32 sh_desc_dec[DESC_MAX_USED_LEN];
  96. u8 key[CAAM_MAX_KEY_SIZE];
  97. dma_addr_t sh_desc_enc_dma;
  98. dma_addr_t sh_desc_dec_dma;
  99. dma_addr_t key_dma;
  100. enum dma_data_direction dir;
  101. struct device *jrdev;
  102. struct alginfo adata;
  103. struct alginfo cdata;
  104. unsigned int authsize;
  105. };
  106. static int aead_null_set_sh_desc(struct crypto_aead *aead)
  107. {
  108. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  109. struct device *jrdev = ctx->jrdev;
  110. struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
  111. u32 *desc;
  112. int rem_bytes = CAAM_DESC_BYTES_MAX - AEAD_DESC_JOB_IO_LEN -
  113. ctx->adata.keylen_pad;
  114. /*
  115. * Job Descriptor and Shared Descriptors
  116. * must all fit into the 64-word Descriptor h/w Buffer
  117. */
  118. if (rem_bytes >= DESC_AEAD_NULL_ENC_LEN) {
  119. ctx->adata.key_inline = true;
  120. ctx->adata.key_virt = ctx->key;
  121. } else {
  122. ctx->adata.key_inline = false;
  123. ctx->adata.key_dma = ctx->key_dma;
  124. }
  125. /* aead_encrypt shared descriptor */
  126. desc = ctx->sh_desc_enc;
  127. cnstr_shdsc_aead_null_encap(desc, &ctx->adata, ctx->authsize,
  128. ctrlpriv->era);
  129. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  130. desc_bytes(desc), ctx->dir);
  131. /*
  132. * Job Descriptor and Shared Descriptors
  133. * must all fit into the 64-word Descriptor h/w Buffer
  134. */
  135. if (rem_bytes >= DESC_AEAD_NULL_DEC_LEN) {
  136. ctx->adata.key_inline = true;
  137. ctx->adata.key_virt = ctx->key;
  138. } else {
  139. ctx->adata.key_inline = false;
  140. ctx->adata.key_dma = ctx->key_dma;
  141. }
  142. /* aead_decrypt shared descriptor */
  143. desc = ctx->sh_desc_dec;
  144. cnstr_shdsc_aead_null_decap(desc, &ctx->adata, ctx->authsize,
  145. ctrlpriv->era);
  146. dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
  147. desc_bytes(desc), ctx->dir);
  148. return 0;
  149. }
  150. static int aead_set_sh_desc(struct crypto_aead *aead)
  151. {
  152. struct caam_aead_alg *alg = container_of(crypto_aead_alg(aead),
  153. struct caam_aead_alg, aead);
  154. unsigned int ivsize = crypto_aead_ivsize(aead);
  155. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  156. struct device *jrdev = ctx->jrdev;
  157. struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
  158. u32 ctx1_iv_off = 0;
  159. u32 *desc, *nonce = NULL;
  160. u32 inl_mask;
  161. unsigned int data_len[2];
  162. const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) ==
  163. OP_ALG_AAI_CTR_MOD128);
  164. const bool is_rfc3686 = alg->caam.rfc3686;
  165. if (!ctx->authsize)
  166. return 0;
  167. /* NULL encryption / decryption */
  168. if (!ctx->cdata.keylen)
  169. return aead_null_set_sh_desc(aead);
  170. /*
  171. * AES-CTR needs to load IV in CONTEXT1 reg
  172. * at an offset of 128bits (16bytes)
  173. * CONTEXT1[255:128] = IV
  174. */
  175. if (ctr_mode)
  176. ctx1_iv_off = 16;
  177. /*
  178. * RFC3686 specific:
  179. * CONTEXT1[255:128] = {NONCE, IV, COUNTER}
  180. */
  181. if (is_rfc3686) {
  182. ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE;
  183. nonce = (u32 *)((void *)ctx->key + ctx->adata.keylen_pad +
  184. ctx->cdata.keylen - CTR_RFC3686_NONCE_SIZE);
  185. }
  186. /*
  187. * In case |user key| > |derived key|, using DKP<imm,imm>
  188. * would result in invalid opcodes (last bytes of user key) in
  189. * the resulting descriptor. Use DKP<ptr,imm> instead => both
  190. * virtual and dma key addresses are needed.
  191. */
  192. ctx->adata.key_virt = ctx->key;
  193. ctx->adata.key_dma = ctx->key_dma;
  194. ctx->cdata.key_virt = ctx->key + ctx->adata.keylen_pad;
  195. ctx->cdata.key_dma = ctx->key_dma + ctx->adata.keylen_pad;
  196. data_len[0] = ctx->adata.keylen_pad;
  197. data_len[1] = ctx->cdata.keylen;
  198. if (alg->caam.geniv)
  199. goto skip_enc;
  200. /*
  201. * Job Descriptor and Shared Descriptors
  202. * must all fit into the 64-word Descriptor h/w Buffer
  203. */
  204. if (desc_inline_query(DESC_AEAD_ENC_LEN +
  205. (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
  206. AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask,
  207. ARRAY_SIZE(data_len)) < 0)
  208. return -EINVAL;
  209. ctx->adata.key_inline = !!(inl_mask & 1);
  210. ctx->cdata.key_inline = !!(inl_mask & 2);
  211. /* aead_encrypt shared descriptor */
  212. desc = ctx->sh_desc_enc;
  213. cnstr_shdsc_aead_encap(desc, &ctx->cdata, &ctx->adata, ivsize,
  214. ctx->authsize, is_rfc3686, nonce, ctx1_iv_off,
  215. false, ctrlpriv->era);
  216. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  217. desc_bytes(desc), ctx->dir);
  218. skip_enc:
  219. /*
  220. * Job Descriptor and Shared Descriptors
  221. * must all fit into the 64-word Descriptor h/w Buffer
  222. */
  223. if (desc_inline_query(DESC_AEAD_DEC_LEN +
  224. (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
  225. AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask,
  226. ARRAY_SIZE(data_len)) < 0)
  227. return -EINVAL;
  228. ctx->adata.key_inline = !!(inl_mask & 1);
  229. ctx->cdata.key_inline = !!(inl_mask & 2);
  230. /* aead_decrypt shared descriptor */
  231. desc = ctx->sh_desc_dec;
  232. cnstr_shdsc_aead_decap(desc, &ctx->cdata, &ctx->adata, ivsize,
  233. ctx->authsize, alg->caam.geniv, is_rfc3686,
  234. nonce, ctx1_iv_off, false, ctrlpriv->era);
  235. dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
  236. desc_bytes(desc), ctx->dir);
  237. if (!alg->caam.geniv)
  238. goto skip_givenc;
  239. /*
  240. * Job Descriptor and Shared Descriptors
  241. * must all fit into the 64-word Descriptor h/w Buffer
  242. */
  243. if (desc_inline_query(DESC_AEAD_GIVENC_LEN +
  244. (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
  245. AUTHENC_DESC_JOB_IO_LEN, data_len, &inl_mask,
  246. ARRAY_SIZE(data_len)) < 0)
  247. return -EINVAL;
  248. ctx->adata.key_inline = !!(inl_mask & 1);
  249. ctx->cdata.key_inline = !!(inl_mask & 2);
  250. /* aead_givencrypt shared descriptor */
  251. desc = ctx->sh_desc_enc;
  252. cnstr_shdsc_aead_givencap(desc, &ctx->cdata, &ctx->adata, ivsize,
  253. ctx->authsize, is_rfc3686, nonce,
  254. ctx1_iv_off, false, ctrlpriv->era);
  255. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  256. desc_bytes(desc), ctx->dir);
  257. skip_givenc:
  258. return 0;
  259. }
  260. static int aead_setauthsize(struct crypto_aead *authenc,
  261. unsigned int authsize)
  262. {
  263. struct caam_ctx *ctx = crypto_aead_ctx(authenc);
  264. ctx->authsize = authsize;
  265. aead_set_sh_desc(authenc);
  266. return 0;
  267. }
  268. static int gcm_set_sh_desc(struct crypto_aead *aead)
  269. {
  270. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  271. struct device *jrdev = ctx->jrdev;
  272. unsigned int ivsize = crypto_aead_ivsize(aead);
  273. u32 *desc;
  274. int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
  275. ctx->cdata.keylen;
  276. if (!ctx->cdata.keylen || !ctx->authsize)
  277. return 0;
  278. /*
  279. * AES GCM encrypt shared descriptor
  280. * Job Descriptor and Shared Descriptor
  281. * must fit into the 64-word Descriptor h/w Buffer
  282. */
  283. if (rem_bytes >= DESC_GCM_ENC_LEN) {
  284. ctx->cdata.key_inline = true;
  285. ctx->cdata.key_virt = ctx->key;
  286. } else {
  287. ctx->cdata.key_inline = false;
  288. ctx->cdata.key_dma = ctx->key_dma;
  289. }
  290. desc = ctx->sh_desc_enc;
  291. cnstr_shdsc_gcm_encap(desc, &ctx->cdata, ivsize, ctx->authsize, false);
  292. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  293. desc_bytes(desc), ctx->dir);
  294. /*
  295. * Job Descriptor and Shared Descriptors
  296. * must all fit into the 64-word Descriptor h/w Buffer
  297. */
  298. if (rem_bytes >= DESC_GCM_DEC_LEN) {
  299. ctx->cdata.key_inline = true;
  300. ctx->cdata.key_virt = ctx->key;
  301. } else {
  302. ctx->cdata.key_inline = false;
  303. ctx->cdata.key_dma = ctx->key_dma;
  304. }
  305. desc = ctx->sh_desc_dec;
  306. cnstr_shdsc_gcm_decap(desc, &ctx->cdata, ivsize, ctx->authsize, false);
  307. dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
  308. desc_bytes(desc), ctx->dir);
  309. return 0;
  310. }
  311. static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize)
  312. {
  313. struct caam_ctx *ctx = crypto_aead_ctx(authenc);
  314. int err;
  315. err = crypto_gcm_check_authsize(authsize);
  316. if (err)
  317. return err;
  318. ctx->authsize = authsize;
  319. gcm_set_sh_desc(authenc);
  320. return 0;
  321. }
  322. static int rfc4106_set_sh_desc(struct crypto_aead *aead)
  323. {
  324. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  325. struct device *jrdev = ctx->jrdev;
  326. unsigned int ivsize = crypto_aead_ivsize(aead);
  327. u32 *desc;
  328. int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
  329. ctx->cdata.keylen;
  330. if (!ctx->cdata.keylen || !ctx->authsize)
  331. return 0;
  332. /*
  333. * RFC4106 encrypt shared descriptor
  334. * Job Descriptor and Shared Descriptor
  335. * must fit into the 64-word Descriptor h/w Buffer
  336. */
  337. if (rem_bytes >= DESC_RFC4106_ENC_LEN) {
  338. ctx->cdata.key_inline = true;
  339. ctx->cdata.key_virt = ctx->key;
  340. } else {
  341. ctx->cdata.key_inline = false;
  342. ctx->cdata.key_dma = ctx->key_dma;
  343. }
  344. desc = ctx->sh_desc_enc;
  345. cnstr_shdsc_rfc4106_encap(desc, &ctx->cdata, ivsize, ctx->authsize,
  346. false);
  347. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  348. desc_bytes(desc), ctx->dir);
  349. /*
  350. * Job Descriptor and Shared Descriptors
  351. * must all fit into the 64-word Descriptor h/w Buffer
  352. */
  353. if (rem_bytes >= DESC_RFC4106_DEC_LEN) {
  354. ctx->cdata.key_inline = true;
  355. ctx->cdata.key_virt = ctx->key;
  356. } else {
  357. ctx->cdata.key_inline = false;
  358. ctx->cdata.key_dma = ctx->key_dma;
  359. }
  360. desc = ctx->sh_desc_dec;
  361. cnstr_shdsc_rfc4106_decap(desc, &ctx->cdata, ivsize, ctx->authsize,
  362. false);
  363. dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
  364. desc_bytes(desc), ctx->dir);
  365. return 0;
  366. }
  367. static int rfc4106_setauthsize(struct crypto_aead *authenc,
  368. unsigned int authsize)
  369. {
  370. struct caam_ctx *ctx = crypto_aead_ctx(authenc);
  371. int err;
  372. err = crypto_rfc4106_check_authsize(authsize);
  373. if (err)
  374. return err;
  375. ctx->authsize = authsize;
  376. rfc4106_set_sh_desc(authenc);
  377. return 0;
  378. }
  379. static int rfc4543_set_sh_desc(struct crypto_aead *aead)
  380. {
  381. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  382. struct device *jrdev = ctx->jrdev;
  383. unsigned int ivsize = crypto_aead_ivsize(aead);
  384. u32 *desc;
  385. int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
  386. ctx->cdata.keylen;
  387. if (!ctx->cdata.keylen || !ctx->authsize)
  388. return 0;
  389. /*
  390. * RFC4543 encrypt shared descriptor
  391. * Job Descriptor and Shared Descriptor
  392. * must fit into the 64-word Descriptor h/w Buffer
  393. */
  394. if (rem_bytes >= DESC_RFC4543_ENC_LEN) {
  395. ctx->cdata.key_inline = true;
  396. ctx->cdata.key_virt = ctx->key;
  397. } else {
  398. ctx->cdata.key_inline = false;
  399. ctx->cdata.key_dma = ctx->key_dma;
  400. }
  401. desc = ctx->sh_desc_enc;
  402. cnstr_shdsc_rfc4543_encap(desc, &ctx->cdata, ivsize, ctx->authsize,
  403. false);
  404. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  405. desc_bytes(desc), ctx->dir);
  406. /*
  407. * Job Descriptor and Shared Descriptors
  408. * must all fit into the 64-word Descriptor h/w Buffer
  409. */
  410. if (rem_bytes >= DESC_RFC4543_DEC_LEN) {
  411. ctx->cdata.key_inline = true;
  412. ctx->cdata.key_virt = ctx->key;
  413. } else {
  414. ctx->cdata.key_inline = false;
  415. ctx->cdata.key_dma = ctx->key_dma;
  416. }
  417. desc = ctx->sh_desc_dec;
  418. cnstr_shdsc_rfc4543_decap(desc, &ctx->cdata, ivsize, ctx->authsize,
  419. false);
  420. dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
  421. desc_bytes(desc), ctx->dir);
  422. return 0;
  423. }
  424. static int rfc4543_setauthsize(struct crypto_aead *authenc,
  425. unsigned int authsize)
  426. {
  427. struct caam_ctx *ctx = crypto_aead_ctx(authenc);
  428. if (authsize != 16)
  429. return -EINVAL;
  430. ctx->authsize = authsize;
  431. rfc4543_set_sh_desc(authenc);
  432. return 0;
  433. }
  434. static int chachapoly_set_sh_desc(struct crypto_aead *aead)
  435. {
  436. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  437. struct device *jrdev = ctx->jrdev;
  438. unsigned int ivsize = crypto_aead_ivsize(aead);
  439. u32 *desc;
  440. if (!ctx->cdata.keylen || !ctx->authsize)
  441. return 0;
  442. desc = ctx->sh_desc_enc;
  443. cnstr_shdsc_chachapoly(desc, &ctx->cdata, &ctx->adata, ivsize,
  444. ctx->authsize, true, false);
  445. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  446. desc_bytes(desc), ctx->dir);
  447. desc = ctx->sh_desc_dec;
  448. cnstr_shdsc_chachapoly(desc, &ctx->cdata, &ctx->adata, ivsize,
  449. ctx->authsize, false, false);
  450. dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
  451. desc_bytes(desc), ctx->dir);
  452. return 0;
  453. }
  454. static int chachapoly_setauthsize(struct crypto_aead *aead,
  455. unsigned int authsize)
  456. {
  457. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  458. if (authsize != POLY1305_DIGEST_SIZE)
  459. return -EINVAL;
  460. ctx->authsize = authsize;
  461. return chachapoly_set_sh_desc(aead);
  462. }
  463. static int chachapoly_setkey(struct crypto_aead *aead, const u8 *key,
  464. unsigned int keylen)
  465. {
  466. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  467. unsigned int ivsize = crypto_aead_ivsize(aead);
  468. unsigned int saltlen = CHACHAPOLY_IV_SIZE - ivsize;
  469. if (keylen != CHACHA_KEY_SIZE + saltlen) {
  470. crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
  471. return -EINVAL;
  472. }
  473. ctx->cdata.key_virt = key;
  474. ctx->cdata.keylen = keylen - saltlen;
  475. return chachapoly_set_sh_desc(aead);
  476. }
  477. static int aead_setkey(struct crypto_aead *aead,
  478. const u8 *key, unsigned int keylen)
  479. {
  480. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  481. struct device *jrdev = ctx->jrdev;
  482. struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
  483. struct crypto_authenc_keys keys;
  484. int ret = 0;
  485. if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
  486. goto badkey;
  487. dev_dbg(jrdev, "keylen %d enckeylen %d authkeylen %d\n",
  488. keys.authkeylen + keys.enckeylen, keys.enckeylen,
  489. keys.authkeylen);
  490. print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
  491. DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
  492. /*
  493. * If DKP is supported, use it in the shared descriptor to generate
  494. * the split key.
  495. */
  496. if (ctrlpriv->era >= 6) {
  497. ctx->adata.keylen = keys.authkeylen;
  498. ctx->adata.keylen_pad = split_key_len(ctx->adata.algtype &
  499. OP_ALG_ALGSEL_MASK);
  500. if (ctx->adata.keylen_pad + keys.enckeylen > CAAM_MAX_KEY_SIZE)
  501. goto badkey;
  502. memcpy(ctx->key, keys.authkey, keys.authkeylen);
  503. memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey,
  504. keys.enckeylen);
  505. dma_sync_single_for_device(jrdev, ctx->key_dma,
  506. ctx->adata.keylen_pad +
  507. keys.enckeylen, ctx->dir);
  508. goto skip_split_key;
  509. }
  510. ret = gen_split_key(ctx->jrdev, ctx->key, &ctx->adata, keys.authkey,
  511. keys.authkeylen, CAAM_MAX_KEY_SIZE -
  512. keys.enckeylen);
  513. if (ret) {
  514. goto badkey;
  515. }
  516. /* postpend encryption key to auth split key */
  517. memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey, keys.enckeylen);
  518. dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->adata.keylen_pad +
  519. keys.enckeylen, ctx->dir);
  520. print_hex_dump_debug("ctx.key@"__stringify(__LINE__)": ",
  521. DUMP_PREFIX_ADDRESS, 16, 4, ctx->key,
  522. ctx->adata.keylen_pad + keys.enckeylen, 1);
  523. skip_split_key:
  524. ctx->cdata.keylen = keys.enckeylen;
  525. memzero_explicit(&keys, sizeof(keys));
  526. return aead_set_sh_desc(aead);
  527. badkey:
  528. crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
  529. memzero_explicit(&keys, sizeof(keys));
  530. return -EINVAL;
  531. }
  532. static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
  533. unsigned int keylen)
  534. {
  535. struct crypto_authenc_keys keys;
  536. int err;
  537. err = crypto_authenc_extractkeys(&keys, key, keylen);
  538. if (unlikely(err))
  539. return err;
  540. err = verify_aead_des3_key(aead, keys.enckey, keys.enckeylen) ?:
  541. aead_setkey(aead, key, keylen);
  542. memzero_explicit(&keys, sizeof(keys));
  543. return err;
  544. }
  545. static int gcm_setkey(struct crypto_aead *aead,
  546. const u8 *key, unsigned int keylen)
  547. {
  548. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  549. struct device *jrdev = ctx->jrdev;
  550. int err;
  551. err = aes_check_keylen(keylen);
  552. if (err) {
  553. crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
  554. return err;
  555. }
  556. print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
  557. DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
  558. memcpy(ctx->key, key, keylen);
  559. dma_sync_single_for_device(jrdev, ctx->key_dma, keylen, ctx->dir);
  560. ctx->cdata.keylen = keylen;
  561. return gcm_set_sh_desc(aead);
  562. }
  563. static int rfc4106_setkey(struct crypto_aead *aead,
  564. const u8 *key, unsigned int keylen)
  565. {
  566. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  567. struct device *jrdev = ctx->jrdev;
  568. int err;
  569. err = aes_check_keylen(keylen - 4);
  570. if (err) {
  571. crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
  572. return err;
  573. }
  574. print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
  575. DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
  576. memcpy(ctx->key, key, keylen);
  577. /*
  578. * The last four bytes of the key material are used as the salt value
  579. * in the nonce. Update the AES key length.
  580. */
  581. ctx->cdata.keylen = keylen - 4;
  582. dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->cdata.keylen,
  583. ctx->dir);
  584. return rfc4106_set_sh_desc(aead);
  585. }
  586. static int rfc4543_setkey(struct crypto_aead *aead,
  587. const u8 *key, unsigned int keylen)
  588. {
  589. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  590. struct device *jrdev = ctx->jrdev;
  591. int err;
  592. err = aes_check_keylen(keylen - 4);
  593. if (err) {
  594. crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
  595. return err;
  596. }
  597. print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
  598. DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
  599. memcpy(ctx->key, key, keylen);
  600. /*
  601. * The last four bytes of the key material are used as the salt value
  602. * in the nonce. Update the AES key length.
  603. */
  604. ctx->cdata.keylen = keylen - 4;
  605. dma_sync_single_for_device(jrdev, ctx->key_dma, ctx->cdata.keylen,
  606. ctx->dir);
  607. return rfc4543_set_sh_desc(aead);
  608. }
  609. static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
  610. unsigned int keylen, const u32 ctx1_iv_off)
  611. {
  612. struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
  613. struct caam_skcipher_alg *alg =
  614. container_of(crypto_skcipher_alg(skcipher), typeof(*alg),
  615. skcipher);
  616. struct device *jrdev = ctx->jrdev;
  617. unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
  618. u32 *desc;
  619. const bool is_rfc3686 = alg->caam.rfc3686;
  620. print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
  621. DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
  622. ctx->cdata.keylen = keylen;
  623. ctx->cdata.key_virt = key;
  624. ctx->cdata.key_inline = true;
  625. /* skcipher_encrypt shared descriptor */
  626. desc = ctx->sh_desc_enc;
  627. cnstr_shdsc_skcipher_encap(desc, &ctx->cdata, ivsize, is_rfc3686,
  628. ctx1_iv_off);
  629. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  630. desc_bytes(desc), ctx->dir);
  631. /* skcipher_decrypt shared descriptor */
  632. desc = ctx->sh_desc_dec;
  633. cnstr_shdsc_skcipher_decap(desc, &ctx->cdata, ivsize, is_rfc3686,
  634. ctx1_iv_off);
  635. dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
  636. desc_bytes(desc), ctx->dir);
  637. return 0;
  638. }
  639. static int aes_skcipher_setkey(struct crypto_skcipher *skcipher,
  640. const u8 *key, unsigned int keylen)
  641. {
  642. int err;
  643. err = aes_check_keylen(keylen);
  644. if (err) {
  645. crypto_skcipher_set_flags(skcipher,
  646. CRYPTO_TFM_RES_BAD_KEY_LEN);
  647. return err;
  648. }
  649. return skcipher_setkey(skcipher, key, keylen, 0);
  650. }
  651. static int rfc3686_skcipher_setkey(struct crypto_skcipher *skcipher,
  652. const u8 *key, unsigned int keylen)
  653. {
  654. u32 ctx1_iv_off;
  655. int err;
  656. /*
  657. * RFC3686 specific:
  658. * | CONTEXT1[255:128] = {NONCE, IV, COUNTER}
  659. * | *key = {KEY, NONCE}
  660. */
  661. ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE;
  662. keylen -= CTR_RFC3686_NONCE_SIZE;
  663. err = aes_check_keylen(keylen);
  664. if (err) {
  665. crypto_skcipher_set_flags(skcipher,
  666. CRYPTO_TFM_RES_BAD_KEY_LEN);
  667. return err;
  668. }
  669. return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
  670. }
  671. static int ctr_skcipher_setkey(struct crypto_skcipher *skcipher,
  672. const u8 *key, unsigned int keylen)
  673. {
  674. u32 ctx1_iv_off;
  675. int err;
  676. /*
  677. * AES-CTR needs to load IV in CONTEXT1 reg
  678. * at an offset of 128bits (16bytes)
  679. * CONTEXT1[255:128] = IV
  680. */
  681. ctx1_iv_off = 16;
  682. err = aes_check_keylen(keylen);
  683. if (err) {
  684. crypto_skcipher_set_flags(skcipher,
  685. CRYPTO_TFM_RES_BAD_KEY_LEN);
  686. return err;
  687. }
  688. return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
  689. }
  690. static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
  691. const u8 *key, unsigned int keylen)
  692. {
  693. return verify_skcipher_des_key(skcipher, key) ?:
  694. skcipher_setkey(skcipher, key, keylen, 0);
  695. }
  696. static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
  697. const u8 *key, unsigned int keylen)
  698. {
  699. return verify_skcipher_des3_key(skcipher, key) ?:
  700. skcipher_setkey(skcipher, key, keylen, 0);
  701. }
  702. static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
  703. unsigned int keylen)
  704. {
  705. struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
  706. struct device *jrdev = ctx->jrdev;
  707. u32 *desc;
  708. if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE) {
  709. crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
  710. dev_err(jrdev, "key size mismatch\n");
  711. return -EINVAL;
  712. }
  713. ctx->cdata.keylen = keylen;
  714. ctx->cdata.key_virt = key;
  715. ctx->cdata.key_inline = true;
  716. /* xts_skcipher_encrypt shared descriptor */
  717. desc = ctx->sh_desc_enc;
  718. cnstr_shdsc_xts_skcipher_encap(desc, &ctx->cdata);
  719. dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
  720. desc_bytes(desc), ctx->dir);
  721. /* xts_skcipher_decrypt shared descriptor */
  722. desc = ctx->sh_desc_dec;
  723. cnstr_shdsc_xts_skcipher_decap(desc, &ctx->cdata);
  724. dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
  725. desc_bytes(desc), ctx->dir);
  726. return 0;
  727. }
  728. /*
  729. * aead_edesc - s/w-extended aead descriptor
  730. * @src_nents: number of segments in input s/w scatterlist
  731. * @dst_nents: number of segments in output s/w scatterlist
  732. * @mapped_src_nents: number of segments in input h/w link table
  733. * @mapped_dst_nents: number of segments in output h/w link table
  734. * @sec4_sg_bytes: length of dma mapped sec4_sg space
  735. * @sec4_sg_dma: bus physical mapped address of h/w link table
  736. * @sec4_sg: pointer to h/w link table
  737. * @hw_desc: the h/w job descriptor followed by any referenced link tables
  738. */
  739. struct aead_edesc {
  740. int src_nents;
  741. int dst_nents;
  742. int mapped_src_nents;
  743. int mapped_dst_nents;
  744. int sec4_sg_bytes;
  745. dma_addr_t sec4_sg_dma;
  746. struct sec4_sg_entry *sec4_sg;
  747. u32 hw_desc[];
  748. };
  749. /*
  750. * skcipher_edesc - s/w-extended skcipher descriptor
  751. * @src_nents: number of segments in input s/w scatterlist
  752. * @dst_nents: number of segments in output s/w scatterlist
  753. * @mapped_src_nents: number of segments in input h/w link table
  754. * @mapped_dst_nents: number of segments in output h/w link table
  755. * @iv_dma: dma address of iv for checking continuity and link table
  756. * @sec4_sg_bytes: length of dma mapped sec4_sg space
  757. * @sec4_sg_dma: bus physical mapped address of h/w link table
  758. * @sec4_sg: pointer to h/w link table
  759. * @hw_desc: the h/w job descriptor followed by any referenced link tables
  760. * and IV
  761. */
  762. struct skcipher_edesc {
  763. int src_nents;
  764. int dst_nents;
  765. int mapped_src_nents;
  766. int mapped_dst_nents;
  767. dma_addr_t iv_dma;
  768. int sec4_sg_bytes;
  769. dma_addr_t sec4_sg_dma;
  770. struct sec4_sg_entry *sec4_sg;
  771. u32 hw_desc[0];
  772. };
  773. static void caam_unmap(struct device *dev, struct scatterlist *src,
  774. struct scatterlist *dst, int src_nents,
  775. int dst_nents,
  776. dma_addr_t iv_dma, int ivsize, dma_addr_t sec4_sg_dma,
  777. int sec4_sg_bytes)
  778. {
  779. if (dst != src) {
  780. if (src_nents)
  781. dma_unmap_sg(dev, src, src_nents, DMA_TO_DEVICE);
  782. if (dst_nents)
  783. dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE);
  784. } else {
  785. dma_unmap_sg(dev, src, src_nents, DMA_BIDIRECTIONAL);
  786. }
  787. if (iv_dma)
  788. dma_unmap_single(dev, iv_dma, ivsize, DMA_BIDIRECTIONAL);
  789. if (sec4_sg_bytes)
  790. dma_unmap_single(dev, sec4_sg_dma, sec4_sg_bytes,
  791. DMA_TO_DEVICE);
  792. }
  793. static void aead_unmap(struct device *dev,
  794. struct aead_edesc *edesc,
  795. struct aead_request *req)
  796. {
  797. caam_unmap(dev, req->src, req->dst,
  798. edesc->src_nents, edesc->dst_nents, 0, 0,
  799. edesc->sec4_sg_dma, edesc->sec4_sg_bytes);
  800. }
  801. static void skcipher_unmap(struct device *dev, struct skcipher_edesc *edesc,
  802. struct skcipher_request *req)
  803. {
  804. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
  805. int ivsize = crypto_skcipher_ivsize(skcipher);
  806. caam_unmap(dev, req->src, req->dst,
  807. edesc->src_nents, edesc->dst_nents,
  808. edesc->iv_dma, ivsize,
  809. edesc->sec4_sg_dma, edesc->sec4_sg_bytes);
  810. }
  811. static void aead_encrypt_done(struct device *jrdev, u32 *desc, u32 err,
  812. void *context)
  813. {
  814. struct aead_request *req = context;
  815. struct aead_edesc *edesc;
  816. int ecode = 0;
  817. dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
  818. edesc = container_of(desc, struct aead_edesc, hw_desc[0]);
  819. if (err)
  820. ecode = caam_jr_strstatus(jrdev, err);
  821. aead_unmap(jrdev, edesc, req);
  822. kfree(edesc);
  823. aead_request_complete(req, ecode);
  824. }
  825. static void aead_decrypt_done(struct device *jrdev, u32 *desc, u32 err,
  826. void *context)
  827. {
  828. struct aead_request *req = context;
  829. struct aead_edesc *edesc;
  830. int ecode = 0;
  831. dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
  832. edesc = container_of(desc, struct aead_edesc, hw_desc[0]);
  833. if (err)
  834. ecode = caam_jr_strstatus(jrdev, err);
  835. aead_unmap(jrdev, edesc, req);
  836. kfree(edesc);
  837. aead_request_complete(req, ecode);
  838. }
  839. static void skcipher_encrypt_done(struct device *jrdev, u32 *desc, u32 err,
  840. void *context)
  841. {
  842. struct skcipher_request *req = context;
  843. struct skcipher_edesc *edesc;
  844. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
  845. int ivsize = crypto_skcipher_ivsize(skcipher);
  846. int ecode = 0;
  847. dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
  848. edesc = container_of(desc, struct skcipher_edesc, hw_desc[0]);
  849. if (err)
  850. ecode = caam_jr_strstatus(jrdev, err);
  851. skcipher_unmap(jrdev, edesc, req);
  852. /*
  853. * The crypto API expects us to set the IV (req->iv) to the last
  854. * ciphertext block (CBC mode) or last counter (CTR mode).
  855. * This is used e.g. by the CTS mode.
  856. */
  857. if (ivsize && !ecode) {
  858. memcpy(req->iv, (u8 *)edesc->sec4_sg + edesc->sec4_sg_bytes,
  859. ivsize);
  860. print_hex_dump_debug("dstiv @"__stringify(__LINE__)": ",
  861. DUMP_PREFIX_ADDRESS, 16, 4, req->iv,
  862. edesc->src_nents > 1 ? 100 : ivsize, 1);
  863. }
  864. caam_dump_sg("dst @" __stringify(__LINE__)": ",
  865. DUMP_PREFIX_ADDRESS, 16, 4, req->dst,
  866. edesc->dst_nents > 1 ? 100 : req->cryptlen, 1);
  867. kfree(edesc);
  868. skcipher_request_complete(req, ecode);
  869. }
  870. static void skcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err,
  871. void *context)
  872. {
  873. struct skcipher_request *req = context;
  874. struct skcipher_edesc *edesc;
  875. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
  876. int ivsize = crypto_skcipher_ivsize(skcipher);
  877. int ecode = 0;
  878. dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
  879. edesc = container_of(desc, struct skcipher_edesc, hw_desc[0]);
  880. if (err)
  881. ecode = caam_jr_strstatus(jrdev, err);
  882. skcipher_unmap(jrdev, edesc, req);
  883. /*
  884. * The crypto API expects us to set the IV (req->iv) to the last
  885. * ciphertext block (CBC mode) or last counter (CTR mode).
  886. * This is used e.g. by the CTS mode.
  887. */
  888. if (ivsize && !ecode) {
  889. memcpy(req->iv, (u8 *)edesc->sec4_sg + edesc->sec4_sg_bytes,
  890. ivsize);
  891. print_hex_dump_debug("dstiv @" __stringify(__LINE__)": ",
  892. DUMP_PREFIX_ADDRESS, 16, 4, req->iv,
  893. ivsize, 1);
  894. }
  895. caam_dump_sg("dst @" __stringify(__LINE__)": ",
  896. DUMP_PREFIX_ADDRESS, 16, 4, req->dst,
  897. edesc->dst_nents > 1 ? 100 : req->cryptlen, 1);
  898. kfree(edesc);
  899. skcipher_request_complete(req, ecode);
  900. }
  901. /*
  902. * Fill in aead job descriptor
  903. */
  904. static void init_aead_job(struct aead_request *req,
  905. struct aead_edesc *edesc,
  906. bool all_contig, bool encrypt)
  907. {
  908. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  909. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  910. int authsize = ctx->authsize;
  911. u32 *desc = edesc->hw_desc;
  912. u32 out_options, in_options;
  913. dma_addr_t dst_dma, src_dma;
  914. int len, sec4_sg_index = 0;
  915. dma_addr_t ptr;
  916. u32 *sh_desc;
  917. sh_desc = encrypt ? ctx->sh_desc_enc : ctx->sh_desc_dec;
  918. ptr = encrypt ? ctx->sh_desc_enc_dma : ctx->sh_desc_dec_dma;
  919. len = desc_len(sh_desc);
  920. init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE);
  921. if (all_contig) {
  922. src_dma = edesc->mapped_src_nents ? sg_dma_address(req->src) :
  923. 0;
  924. in_options = 0;
  925. } else {
  926. src_dma = edesc->sec4_sg_dma;
  927. sec4_sg_index += edesc->mapped_src_nents;
  928. in_options = LDST_SGF;
  929. }
  930. append_seq_in_ptr(desc, src_dma, req->assoclen + req->cryptlen,
  931. in_options);
  932. dst_dma = src_dma;
  933. out_options = in_options;
  934. if (unlikely(req->src != req->dst)) {
  935. if (!edesc->mapped_dst_nents) {
  936. dst_dma = 0;
  937. out_options = 0;
  938. } else if (edesc->mapped_dst_nents == 1) {
  939. dst_dma = sg_dma_address(req->dst);
  940. out_options = 0;
  941. } else {
  942. dst_dma = edesc->sec4_sg_dma +
  943. sec4_sg_index *
  944. sizeof(struct sec4_sg_entry);
  945. out_options = LDST_SGF;
  946. }
  947. }
  948. if (encrypt)
  949. append_seq_out_ptr(desc, dst_dma,
  950. req->assoclen + req->cryptlen + authsize,
  951. out_options);
  952. else
  953. append_seq_out_ptr(desc, dst_dma,
  954. req->assoclen + req->cryptlen - authsize,
  955. out_options);
  956. }
  957. static void init_gcm_job(struct aead_request *req,
  958. struct aead_edesc *edesc,
  959. bool all_contig, bool encrypt)
  960. {
  961. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  962. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  963. unsigned int ivsize = crypto_aead_ivsize(aead);
  964. u32 *desc = edesc->hw_desc;
  965. bool generic_gcm = (ivsize == GCM_AES_IV_SIZE);
  966. unsigned int last;
  967. init_aead_job(req, edesc, all_contig, encrypt);
  968. append_math_add_imm_u32(desc, REG3, ZERO, IMM, req->assoclen);
  969. /* BUG This should not be specific to generic GCM. */
  970. last = 0;
  971. if (encrypt && generic_gcm && !(req->assoclen + req->cryptlen))
  972. last = FIFOLD_TYPE_LAST1;
  973. /* Read GCM IV */
  974. append_cmd(desc, CMD_FIFO_LOAD | FIFOLD_CLASS_CLASS1 | IMMEDIATE |
  975. FIFOLD_TYPE_IV | FIFOLD_TYPE_FLUSH1 | GCM_AES_IV_SIZE | last);
  976. /* Append Salt */
  977. if (!generic_gcm)
  978. append_data(desc, ctx->key + ctx->cdata.keylen, 4);
  979. /* Append IV */
  980. append_data(desc, req->iv, ivsize);
  981. /* End of blank commands */
  982. }
  983. static void init_chachapoly_job(struct aead_request *req,
  984. struct aead_edesc *edesc, bool all_contig,
  985. bool encrypt)
  986. {
  987. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  988. unsigned int ivsize = crypto_aead_ivsize(aead);
  989. unsigned int assoclen = req->assoclen;
  990. u32 *desc = edesc->hw_desc;
  991. u32 ctx_iv_off = 4;
  992. init_aead_job(req, edesc, all_contig, encrypt);
  993. if (ivsize != CHACHAPOLY_IV_SIZE) {
  994. /* IPsec specific: CONTEXT1[223:128] = {NONCE, IV} */
  995. ctx_iv_off += 4;
  996. /*
  997. * The associated data comes already with the IV but we need
  998. * to skip it when we authenticate or encrypt...
  999. */
  1000. assoclen -= ivsize;
  1001. }
  1002. append_math_add_imm_u32(desc, REG3, ZERO, IMM, assoclen);
  1003. /*
  1004. * For IPsec load the IV further in the same register.
  1005. * For RFC7539 simply load the 12 bytes nonce in a single operation
  1006. */
  1007. append_load_as_imm(desc, req->iv, ivsize, LDST_CLASS_1_CCB |
  1008. LDST_SRCDST_BYTE_CONTEXT |
  1009. ctx_iv_off << LDST_OFFSET_SHIFT);
  1010. }
  1011. static void init_authenc_job(struct aead_request *req,
  1012. struct aead_edesc *edesc,
  1013. bool all_contig, bool encrypt)
  1014. {
  1015. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  1016. struct caam_aead_alg *alg = container_of(crypto_aead_alg(aead),
  1017. struct caam_aead_alg, aead);
  1018. unsigned int ivsize = crypto_aead_ivsize(aead);
  1019. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  1020. struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctx->jrdev->parent);
  1021. const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) ==
  1022. OP_ALG_AAI_CTR_MOD128);
  1023. const bool is_rfc3686 = alg->caam.rfc3686;
  1024. u32 *desc = edesc->hw_desc;
  1025. u32 ivoffset = 0;
  1026. /*
  1027. * AES-CTR needs to load IV in CONTEXT1 reg
  1028. * at an offset of 128bits (16bytes)
  1029. * CONTEXT1[255:128] = IV
  1030. */
  1031. if (ctr_mode)
  1032. ivoffset = 16;
  1033. /*
  1034. * RFC3686 specific:
  1035. * CONTEXT1[255:128] = {NONCE, IV, COUNTER}
  1036. */
  1037. if (is_rfc3686)
  1038. ivoffset = 16 + CTR_RFC3686_NONCE_SIZE;
  1039. init_aead_job(req, edesc, all_contig, encrypt);
  1040. /*
  1041. * {REG3, DPOVRD} = assoclen, depending on whether MATH command supports
  1042. * having DPOVRD as destination.
  1043. */
  1044. if (ctrlpriv->era < 3)
  1045. append_math_add_imm_u32(desc, REG3, ZERO, IMM, req->assoclen);
  1046. else
  1047. append_math_add_imm_u32(desc, DPOVRD, ZERO, IMM, req->assoclen);
  1048. if (ivsize && ((is_rfc3686 && encrypt) || !alg->caam.geniv))
  1049. append_load_as_imm(desc, req->iv, ivsize,
  1050. LDST_CLASS_1_CCB |
  1051. LDST_SRCDST_BYTE_CONTEXT |
  1052. (ivoffset << LDST_OFFSET_SHIFT));
  1053. }
  1054. /*
  1055. * Fill in skcipher job descriptor
  1056. */
  1057. static void init_skcipher_job(struct skcipher_request *req,
  1058. struct skcipher_edesc *edesc,
  1059. const bool encrypt)
  1060. {
  1061. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
  1062. struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
  1063. struct device *jrdev = ctx->jrdev;
  1064. int ivsize = crypto_skcipher_ivsize(skcipher);
  1065. u32 *desc = edesc->hw_desc;
  1066. u32 *sh_desc;
  1067. u32 in_options = 0, out_options = 0;
  1068. dma_addr_t src_dma, dst_dma, ptr;
  1069. int len, sec4_sg_index = 0;
  1070. print_hex_dump_debug("presciv@"__stringify(__LINE__)": ",
  1071. DUMP_PREFIX_ADDRESS, 16, 4, req->iv, ivsize, 1);
  1072. dev_dbg(jrdev, "asked=%d, cryptlen%d\n",
  1073. (int)edesc->src_nents > 1 ? 100 : req->cryptlen, req->cryptlen);
  1074. caam_dump_sg("src @" __stringify(__LINE__)": ",
  1075. DUMP_PREFIX_ADDRESS, 16, 4, req->src,
  1076. edesc->src_nents > 1 ? 100 : req->cryptlen, 1);
  1077. sh_desc = encrypt ? ctx->sh_desc_enc : ctx->sh_desc_dec;
  1078. ptr = encrypt ? ctx->sh_desc_enc_dma : ctx->sh_desc_dec_dma;
  1079. len = desc_len(sh_desc);
  1080. init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE);
  1081. if (ivsize || edesc->mapped_src_nents > 1) {
  1082. src_dma = edesc->sec4_sg_dma;
  1083. sec4_sg_index = edesc->mapped_src_nents + !!ivsize;
  1084. in_options = LDST_SGF;
  1085. } else {
  1086. src_dma = sg_dma_address(req->src);
  1087. }
  1088. append_seq_in_ptr(desc, src_dma, req->cryptlen + ivsize, in_options);
  1089. if (likely(req->src == req->dst)) {
  1090. dst_dma = src_dma + !!ivsize * sizeof(struct sec4_sg_entry);
  1091. out_options = in_options;
  1092. } else if (!ivsize && edesc->mapped_dst_nents == 1) {
  1093. dst_dma = sg_dma_address(req->dst);
  1094. } else {
  1095. dst_dma = edesc->sec4_sg_dma + sec4_sg_index *
  1096. sizeof(struct sec4_sg_entry);
  1097. out_options = LDST_SGF;
  1098. }
  1099. append_seq_out_ptr(desc, dst_dma, req->cryptlen + ivsize, out_options);
  1100. }
  1101. /*
  1102. * allocate and map the aead extended descriptor
  1103. */
  1104. static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
  1105. int desc_bytes, bool *all_contig_ptr,
  1106. bool encrypt)
  1107. {
  1108. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  1109. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  1110. struct device *jrdev = ctx->jrdev;
  1111. gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
  1112. GFP_KERNEL : GFP_ATOMIC;
  1113. int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
  1114. int src_len, dst_len = 0;
  1115. struct aead_edesc *edesc;
  1116. int sec4_sg_index, sec4_sg_len, sec4_sg_bytes;
  1117. unsigned int authsize = ctx->authsize;
  1118. if (unlikely(req->dst != req->src)) {
  1119. src_len = req->assoclen + req->cryptlen;
  1120. dst_len = src_len + (encrypt ? authsize : (-authsize));
  1121. src_nents = sg_nents_for_len(req->src, src_len);
  1122. if (unlikely(src_nents < 0)) {
  1123. dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
  1124. src_len);
  1125. return ERR_PTR(src_nents);
  1126. }
  1127. dst_nents = sg_nents_for_len(req->dst, dst_len);
  1128. if (unlikely(dst_nents < 0)) {
  1129. dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n",
  1130. dst_len);
  1131. return ERR_PTR(dst_nents);
  1132. }
  1133. } else {
  1134. src_len = req->assoclen + req->cryptlen +
  1135. (encrypt ? authsize : 0);
  1136. src_nents = sg_nents_for_len(req->src, src_len);
  1137. if (unlikely(src_nents < 0)) {
  1138. dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
  1139. src_len);
  1140. return ERR_PTR(src_nents);
  1141. }
  1142. }
  1143. if (likely(req->src == req->dst)) {
  1144. mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents,
  1145. DMA_BIDIRECTIONAL);
  1146. if (unlikely(!mapped_src_nents)) {
  1147. dev_err(jrdev, "unable to map source\n");
  1148. return ERR_PTR(-ENOMEM);
  1149. }
  1150. } else {
  1151. /* Cover also the case of null (zero length) input data */
  1152. if (src_nents) {
  1153. mapped_src_nents = dma_map_sg(jrdev, req->src,
  1154. src_nents, DMA_TO_DEVICE);
  1155. if (unlikely(!mapped_src_nents)) {
  1156. dev_err(jrdev, "unable to map source\n");
  1157. return ERR_PTR(-ENOMEM);
  1158. }
  1159. } else {
  1160. mapped_src_nents = 0;
  1161. }
  1162. /* Cover also the case of null (zero length) output data */
  1163. if (dst_nents) {
  1164. mapped_dst_nents = dma_map_sg(jrdev, req->dst,
  1165. dst_nents,
  1166. DMA_FROM_DEVICE);
  1167. if (unlikely(!mapped_dst_nents)) {
  1168. dev_err(jrdev, "unable to map destination\n");
  1169. dma_unmap_sg(jrdev, req->src, src_nents,
  1170. DMA_TO_DEVICE);
  1171. return ERR_PTR(-ENOMEM);
  1172. }
  1173. } else {
  1174. mapped_dst_nents = 0;
  1175. }
  1176. }
  1177. /*
  1178. * HW reads 4 S/G entries at a time; make sure the reads don't go beyond
  1179. * the end of the table by allocating more S/G entries.
  1180. */
  1181. sec4_sg_len = mapped_src_nents > 1 ? mapped_src_nents : 0;
  1182. if (mapped_dst_nents > 1)
  1183. sec4_sg_len += pad_sg_nents(mapped_dst_nents);
  1184. else
  1185. sec4_sg_len = pad_sg_nents(sec4_sg_len);
  1186. sec4_sg_bytes = sec4_sg_len * sizeof(struct sec4_sg_entry);
  1187. /* allocate space for base edesc and hw desc commands, link tables */
  1188. edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes,
  1189. GFP_DMA | flags);
  1190. if (!edesc) {
  1191. caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0,
  1192. 0, 0, 0);
  1193. return ERR_PTR(-ENOMEM);
  1194. }
  1195. edesc->src_nents = src_nents;
  1196. edesc->dst_nents = dst_nents;
  1197. edesc->mapped_src_nents = mapped_src_nents;
  1198. edesc->mapped_dst_nents = mapped_dst_nents;
  1199. edesc->sec4_sg = (void *)edesc + sizeof(struct aead_edesc) +
  1200. desc_bytes;
  1201. *all_contig_ptr = !(mapped_src_nents > 1);
  1202. sec4_sg_index = 0;
  1203. if (mapped_src_nents > 1) {
  1204. sg_to_sec4_sg_last(req->src, src_len,
  1205. edesc->sec4_sg + sec4_sg_index, 0);
  1206. sec4_sg_index += mapped_src_nents;
  1207. }
  1208. if (mapped_dst_nents > 1) {
  1209. sg_to_sec4_sg_last(req->dst, dst_len,
  1210. edesc->sec4_sg + sec4_sg_index, 0);
  1211. }
  1212. if (!sec4_sg_bytes)
  1213. return edesc;
  1214. edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg,
  1215. sec4_sg_bytes, DMA_TO_DEVICE);
  1216. if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) {
  1217. dev_err(jrdev, "unable to map S/G table\n");
  1218. aead_unmap(jrdev, edesc, req);
  1219. kfree(edesc);
  1220. return ERR_PTR(-ENOMEM);
  1221. }
  1222. edesc->sec4_sg_bytes = sec4_sg_bytes;
  1223. return edesc;
  1224. }
  1225. static int gcm_encrypt(struct aead_request *req)
  1226. {
  1227. struct aead_edesc *edesc;
  1228. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  1229. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  1230. struct device *jrdev = ctx->jrdev;
  1231. bool all_contig;
  1232. u32 *desc;
  1233. int ret = 0;
  1234. /* allocate extended descriptor */
  1235. edesc = aead_edesc_alloc(req, GCM_DESC_JOB_IO_LEN, &all_contig, true);
  1236. if (IS_ERR(edesc))
  1237. return PTR_ERR(edesc);
  1238. /* Create and submit job descriptor */
  1239. init_gcm_job(req, edesc, all_contig, true);
  1240. print_hex_dump_debug("aead jobdesc@"__stringify(__LINE__)": ",
  1241. DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
  1242. desc_bytes(edesc->hw_desc), 1);
  1243. desc = edesc->hw_desc;
  1244. ret = caam_jr_enqueue(jrdev, desc, aead_encrypt_done, req);
  1245. if (!ret) {
  1246. ret = -EINPROGRESS;
  1247. } else {
  1248. aead_unmap(jrdev, edesc, req);
  1249. kfree(edesc);
  1250. }
  1251. return ret;
  1252. }
  1253. static int chachapoly_encrypt(struct aead_request *req)
  1254. {
  1255. struct aead_edesc *edesc;
  1256. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  1257. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  1258. struct device *jrdev = ctx->jrdev;
  1259. bool all_contig;
  1260. u32 *desc;
  1261. int ret;
  1262. edesc = aead_edesc_alloc(req, CHACHAPOLY_DESC_JOB_IO_LEN, &all_contig,
  1263. true);
  1264. if (IS_ERR(edesc))
  1265. return PTR_ERR(edesc);
  1266. desc = edesc->hw_desc;
  1267. init_chachapoly_job(req, edesc, all_contig, true);
  1268. print_hex_dump_debug("chachapoly jobdesc@" __stringify(__LINE__)": ",
  1269. DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
  1270. 1);
  1271. ret = caam_jr_enqueue(jrdev, desc, aead_encrypt_done, req);
  1272. if (!ret) {
  1273. ret = -EINPROGRESS;
  1274. } else {
  1275. aead_unmap(jrdev, edesc, req);
  1276. kfree(edesc);
  1277. }
  1278. return ret;
  1279. }
  1280. static int chachapoly_decrypt(struct aead_request *req)
  1281. {
  1282. struct aead_edesc *edesc;
  1283. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  1284. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  1285. struct device *jrdev = ctx->jrdev;
  1286. bool all_contig;
  1287. u32 *desc;
  1288. int ret;
  1289. edesc = aead_edesc_alloc(req, CHACHAPOLY_DESC_JOB_IO_LEN, &all_contig,
  1290. false);
  1291. if (IS_ERR(edesc))
  1292. return PTR_ERR(edesc);
  1293. desc = edesc->hw_desc;
  1294. init_chachapoly_job(req, edesc, all_contig, false);
  1295. print_hex_dump_debug("chachapoly jobdesc@" __stringify(__LINE__)": ",
  1296. DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
  1297. 1);
  1298. ret = caam_jr_enqueue(jrdev, desc, aead_decrypt_done, req);
  1299. if (!ret) {
  1300. ret = -EINPROGRESS;
  1301. } else {
  1302. aead_unmap(jrdev, edesc, req);
  1303. kfree(edesc);
  1304. }
  1305. return ret;
  1306. }
  1307. static int ipsec_gcm_encrypt(struct aead_request *req)
  1308. {
  1309. return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_encrypt(req);
  1310. }
  1311. static int aead_encrypt(struct aead_request *req)
  1312. {
  1313. struct aead_edesc *edesc;
  1314. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  1315. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  1316. struct device *jrdev = ctx->jrdev;
  1317. bool all_contig;
  1318. u32 *desc;
  1319. int ret = 0;
  1320. /* allocate extended descriptor */
  1321. edesc = aead_edesc_alloc(req, AUTHENC_DESC_JOB_IO_LEN,
  1322. &all_contig, true);
  1323. if (IS_ERR(edesc))
  1324. return PTR_ERR(edesc);
  1325. /* Create and submit job descriptor */
  1326. init_authenc_job(req, edesc, all_contig, true);
  1327. print_hex_dump_debug("aead jobdesc@"__stringify(__LINE__)": ",
  1328. DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
  1329. desc_bytes(edesc->hw_desc), 1);
  1330. desc = edesc->hw_desc;
  1331. ret = caam_jr_enqueue(jrdev, desc, aead_encrypt_done, req);
  1332. if (!ret) {
  1333. ret = -EINPROGRESS;
  1334. } else {
  1335. aead_unmap(jrdev, edesc, req);
  1336. kfree(edesc);
  1337. }
  1338. return ret;
  1339. }
  1340. static int gcm_decrypt(struct aead_request *req)
  1341. {
  1342. struct aead_edesc *edesc;
  1343. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  1344. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  1345. struct device *jrdev = ctx->jrdev;
  1346. bool all_contig;
  1347. u32 *desc;
  1348. int ret = 0;
  1349. /* allocate extended descriptor */
  1350. edesc = aead_edesc_alloc(req, GCM_DESC_JOB_IO_LEN, &all_contig, false);
  1351. if (IS_ERR(edesc))
  1352. return PTR_ERR(edesc);
  1353. /* Create and submit job descriptor*/
  1354. init_gcm_job(req, edesc, all_contig, false);
  1355. print_hex_dump_debug("aead jobdesc@"__stringify(__LINE__)": ",
  1356. DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
  1357. desc_bytes(edesc->hw_desc), 1);
  1358. desc = edesc->hw_desc;
  1359. ret = caam_jr_enqueue(jrdev, desc, aead_decrypt_done, req);
  1360. if (!ret) {
  1361. ret = -EINPROGRESS;
  1362. } else {
  1363. aead_unmap(jrdev, edesc, req);
  1364. kfree(edesc);
  1365. }
  1366. return ret;
  1367. }
  1368. static int ipsec_gcm_decrypt(struct aead_request *req)
  1369. {
  1370. return crypto_ipsec_check_assoclen(req->assoclen) ? : gcm_decrypt(req);
  1371. }
  1372. static int aead_decrypt(struct aead_request *req)
  1373. {
  1374. struct aead_edesc *edesc;
  1375. struct crypto_aead *aead = crypto_aead_reqtfm(req);
  1376. struct caam_ctx *ctx = crypto_aead_ctx(aead);
  1377. struct device *jrdev = ctx->jrdev;
  1378. bool all_contig;
  1379. u32 *desc;
  1380. int ret = 0;
  1381. caam_dump_sg("dec src@" __stringify(__LINE__)": ",
  1382. DUMP_PREFIX_ADDRESS, 16, 4, req->src,
  1383. req->assoclen + req->cryptlen, 1);
  1384. /* allocate extended descriptor */
  1385. edesc = aead_edesc_alloc(req, AUTHENC_DESC_JOB_IO_LEN,
  1386. &all_contig, false);
  1387. if (IS_ERR(edesc))
  1388. return PTR_ERR(edesc);
  1389. /* Create and submit job descriptor*/
  1390. init_authenc_job(req, edesc, all_contig, false);
  1391. print_hex_dump_debug("aead jobdesc@"__stringify(__LINE__)": ",
  1392. DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
  1393. desc_bytes(edesc->hw_desc), 1);
  1394. desc = edesc->hw_desc;
  1395. ret = caam_jr_enqueue(jrdev, desc, aead_decrypt_done, req);
  1396. if (!ret) {
  1397. ret = -EINPROGRESS;
  1398. } else {
  1399. aead_unmap(jrdev, edesc, req);
  1400. kfree(edesc);
  1401. }
  1402. return ret;
  1403. }
  1404. /*
  1405. * allocate and map the skcipher extended descriptor for skcipher
  1406. */
  1407. static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req,
  1408. int desc_bytes)
  1409. {
  1410. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
  1411. struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
  1412. struct device *jrdev = ctx->jrdev;
  1413. gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
  1414. GFP_KERNEL : GFP_ATOMIC;
  1415. int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
  1416. struct skcipher_edesc *edesc;
  1417. dma_addr_t iv_dma = 0;
  1418. u8 *iv;
  1419. int ivsize = crypto_skcipher_ivsize(skcipher);
  1420. int dst_sg_idx, sec4_sg_ents, sec4_sg_bytes;
  1421. src_nents = sg_nents_for_len(req->src, req->cryptlen);
  1422. if (unlikely(src_nents < 0)) {
  1423. dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
  1424. req->cryptlen);
  1425. return ERR_PTR(src_nents);
  1426. }
  1427. if (req->dst != req->src) {
  1428. dst_nents = sg_nents_for_len(req->dst, req->cryptlen);
  1429. if (unlikely(dst_nents < 0)) {
  1430. dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n",
  1431. req->cryptlen);
  1432. return ERR_PTR(dst_nents);
  1433. }
  1434. }
  1435. if (likely(req->src == req->dst)) {
  1436. mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents,
  1437. DMA_BIDIRECTIONAL);
  1438. if (unlikely(!mapped_src_nents)) {
  1439. dev_err(jrdev, "unable to map source\n");
  1440. return ERR_PTR(-ENOMEM);
  1441. }
  1442. } else {
  1443. mapped_src_nents = dma_map_sg(jrdev, req->src, src_nents,
  1444. DMA_TO_DEVICE);
  1445. if (unlikely(!mapped_src_nents)) {
  1446. dev_err(jrdev, "unable to map source\n");
  1447. return ERR_PTR(-ENOMEM);
  1448. }
  1449. mapped_dst_nents = dma_map_sg(jrdev, req->dst, dst_nents,
  1450. DMA_FROM_DEVICE);
  1451. if (unlikely(!mapped_dst_nents)) {
  1452. dev_err(jrdev, "unable to map destination\n");
  1453. dma_unmap_sg(jrdev, req->src, src_nents, DMA_TO_DEVICE);
  1454. return ERR_PTR(-ENOMEM);
  1455. }
  1456. }
  1457. if (!ivsize && mapped_src_nents == 1)
  1458. sec4_sg_ents = 0; // no need for an input hw s/g table
  1459. else
  1460. sec4_sg_ents = mapped_src_nents + !!ivsize;
  1461. dst_sg_idx = sec4_sg_ents;
  1462. /*
  1463. * Input, output HW S/G tables: [IV, src][dst, IV]
  1464. * IV entries point to the same buffer
  1465. * If src == dst, S/G entries are reused (S/G tables overlap)
  1466. *
  1467. * HW reads 4 S/G entries at a time; make sure the reads don't go beyond
  1468. * the end of the table by allocating more S/G entries. Logic:
  1469. * if (output S/G)
  1470. * pad output S/G, if needed
  1471. * else if (input S/G) ...
  1472. * pad input S/G, if needed
  1473. */
  1474. if (ivsize || mapped_dst_nents > 1) {
  1475. if (req->src == req->dst)
  1476. sec4_sg_ents = !!ivsize + pad_sg_nents(sec4_sg_ents);
  1477. else
  1478. sec4_sg_ents += pad_sg_nents(mapped_dst_nents +
  1479. !!ivsize);
  1480. } else {
  1481. sec4_sg_ents = pad_sg_nents(sec4_sg_ents);
  1482. }
  1483. sec4_sg_bytes = sec4_sg_ents * sizeof(struct sec4_sg_entry);
  1484. /*
  1485. * allocate space for base edesc and hw desc commands, link tables, IV
  1486. */
  1487. edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes + ivsize,
  1488. GFP_DMA | flags);
  1489. if (!edesc) {
  1490. dev_err(jrdev, "could not allocate extended descriptor\n");
  1491. caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0,
  1492. 0, 0, 0);
  1493. return ERR_PTR(-ENOMEM);
  1494. }
  1495. edesc->src_nents = src_nents;
  1496. edesc->dst_nents = dst_nents;
  1497. edesc->mapped_src_nents = mapped_src_nents;
  1498. edesc->mapped_dst_nents = mapped_dst_nents;
  1499. edesc->sec4_sg_bytes = sec4_sg_bytes;
  1500. edesc->sec4_sg = (struct sec4_sg_entry *)((u8 *)edesc->hw_desc +
  1501. desc_bytes);
  1502. /* Make sure IV is located in a DMAable area */
  1503. if (ivsize) {
  1504. iv = (u8 *)edesc->sec4_sg + sec4_sg_bytes;
  1505. memcpy(iv, req->iv, ivsize);
  1506. iv_dma = dma_map_single(jrdev, iv, ivsize, DMA_BIDIRECTIONAL);
  1507. if (dma_mapping_error(jrdev, iv_dma)) {
  1508. dev_err(jrdev, "unable to map IV\n");
  1509. caam_unmap(jrdev, req->src, req->dst, src_nents,
  1510. dst_nents, 0, 0, 0, 0);
  1511. kfree(edesc);
  1512. return ERR_PTR(-ENOMEM);
  1513. }
  1514. dma_to_sec4_sg_one(edesc->sec4_sg, iv_dma, ivsize, 0);
  1515. }
  1516. if (dst_sg_idx)
  1517. sg_to_sec4_sg(req->src, req->cryptlen, edesc->sec4_sg +
  1518. !!ivsize, 0);
  1519. if (req->src != req->dst && (ivsize || mapped_dst_nents > 1))
  1520. sg_to_sec4_sg(req->dst, req->cryptlen, edesc->sec4_sg +
  1521. dst_sg_idx, 0);
  1522. if (ivsize)
  1523. dma_to_sec4_sg_one(edesc->sec4_sg + dst_sg_idx +
  1524. mapped_dst_nents, iv_dma, ivsize, 0);
  1525. if (ivsize || mapped_dst_nents > 1)
  1526. sg_to_sec4_set_last(edesc->sec4_sg + dst_sg_idx +
  1527. mapped_dst_nents - 1 + !!ivsize);
  1528. if (sec4_sg_bytes) {
  1529. edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg,
  1530. sec4_sg_bytes,
  1531. DMA_TO_DEVICE);
  1532. if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) {
  1533. dev_err(jrdev, "unable to map S/G table\n");
  1534. caam_unmap(jrdev, req->src, req->dst, src_nents,
  1535. dst_nents, iv_dma, ivsize, 0, 0);
  1536. kfree(edesc);
  1537. return ERR_PTR(-ENOMEM);
  1538. }
  1539. }
  1540. edesc->iv_dma = iv_dma;
  1541. print_hex_dump_debug("skcipher sec4_sg@" __stringify(__LINE__)": ",
  1542. DUMP_PREFIX_ADDRESS, 16, 4, edesc->sec4_sg,
  1543. sec4_sg_bytes, 1);
  1544. return edesc;
  1545. }
  1546. static int skcipher_encrypt(struct skcipher_request *req)
  1547. {
  1548. struct skcipher_edesc *edesc;
  1549. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
  1550. struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
  1551. struct device *jrdev = ctx->jrdev;
  1552. u32 *desc;
  1553. int ret = 0;
  1554. if (!req->cryptlen)
  1555. return 0;
  1556. /* allocate extended descriptor */
  1557. edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ);
  1558. if (IS_ERR(edesc))
  1559. return PTR_ERR(edesc);
  1560. /* Create and submit job descriptor*/
  1561. init_skcipher_job(req, edesc, true);
  1562. print_hex_dump_debug("skcipher jobdesc@" __stringify(__LINE__)": ",
  1563. DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
  1564. desc_bytes(edesc->hw_desc), 1);
  1565. desc = edesc->hw_desc;
  1566. ret = caam_jr_enqueue(jrdev, desc, skcipher_encrypt_done, req);
  1567. if (!ret) {
  1568. ret = -EINPROGRESS;
  1569. } else {
  1570. skcipher_unmap(jrdev, edesc, req);
  1571. kfree(edesc);
  1572. }
  1573. return ret;
  1574. }
  1575. static int skcipher_decrypt(struct skcipher_request *req)
  1576. {
  1577. struct skcipher_edesc *edesc;
  1578. struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
  1579. struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
  1580. struct device *jrdev = ctx->jrdev;
  1581. u32 *desc;
  1582. int ret = 0;
  1583. if (!req->cryptlen)
  1584. return 0;
  1585. /* allocate extended descriptor */
  1586. edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ);
  1587. if (IS_ERR(edesc))
  1588. return PTR_ERR(edesc);
  1589. /* Create and submit job descriptor*/
  1590. init_skcipher_job(req, edesc, false);
  1591. desc = edesc->hw_desc;
  1592. print_hex_dump_debug("skcipher jobdesc@" __stringify(__LINE__)": ",
  1593. DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc,
  1594. desc_bytes(edesc->hw_desc), 1);
  1595. ret = caam_jr_enqueue(jrdev, desc, skcipher_decrypt_done, req);
  1596. if (!ret) {
  1597. ret = -EINPROGRESS;
  1598. } else {
  1599. skcipher_unmap(jrdev, edesc, req);
  1600. kfree(edesc);
  1601. }
  1602. return ret;
  1603. }
  1604. static struct caam_skcipher_alg driver_algs[] = {
  1605. {
  1606. .skcipher = {
  1607. .base = {
  1608. .cra_name = "cbc(aes)",
  1609. .cra_driver_name = "cbc-aes-caam",
  1610. .cra_blocksize = AES_BLOCK_SIZE,
  1611. },
  1612. .setkey = aes_skcipher_setkey,
  1613. .encrypt = skcipher_encrypt,
  1614. .decrypt = skcipher_decrypt,
  1615. .min_keysize = AES_MIN_KEY_SIZE,
  1616. .max_keysize = AES_MAX_KEY_SIZE,
  1617. .ivsize = AES_BLOCK_SIZE,
  1618. },
  1619. .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  1620. },
  1621. {
  1622. .skcipher = {
  1623. .base = {
  1624. .cra_name = "cbc(des3_ede)",
  1625. .cra_driver_name = "cbc-3des-caam",
  1626. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1627. },
  1628. .setkey = des3_skcipher_setkey,
  1629. .encrypt = skcipher_encrypt,
  1630. .decrypt = skcipher_decrypt,
  1631. .min_keysize = DES3_EDE_KEY_SIZE,
  1632. .max_keysize = DES3_EDE_KEY_SIZE,
  1633. .ivsize = DES3_EDE_BLOCK_SIZE,
  1634. },
  1635. .caam.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  1636. },
  1637. {
  1638. .skcipher = {
  1639. .base = {
  1640. .cra_name = "cbc(des)",
  1641. .cra_driver_name = "cbc-des-caam",
  1642. .cra_blocksize = DES_BLOCK_SIZE,
  1643. },
  1644. .setkey = des_skcipher_setkey,
  1645. .encrypt = skcipher_encrypt,
  1646. .decrypt = skcipher_decrypt,
  1647. .min_keysize = DES_KEY_SIZE,
  1648. .max_keysize = DES_KEY_SIZE,
  1649. .ivsize = DES_BLOCK_SIZE,
  1650. },
  1651. .caam.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  1652. },
  1653. {
  1654. .skcipher = {
  1655. .base = {
  1656. .cra_name = "ctr(aes)",
  1657. .cra_driver_name = "ctr-aes-caam",
  1658. .cra_blocksize = 1,
  1659. },
  1660. .setkey = ctr_skcipher_setkey,
  1661. .encrypt = skcipher_encrypt,
  1662. .decrypt = skcipher_decrypt,
  1663. .min_keysize = AES_MIN_KEY_SIZE,
  1664. .max_keysize = AES_MAX_KEY_SIZE,
  1665. .ivsize = AES_BLOCK_SIZE,
  1666. .chunksize = AES_BLOCK_SIZE,
  1667. },
  1668. .caam.class1_alg_type = OP_ALG_ALGSEL_AES |
  1669. OP_ALG_AAI_CTR_MOD128,
  1670. },
  1671. {
  1672. .skcipher = {
  1673. .base = {
  1674. .cra_name = "rfc3686(ctr(aes))",
  1675. .cra_driver_name = "rfc3686-ctr-aes-caam",
  1676. .cra_blocksize = 1,
  1677. },
  1678. .setkey = rfc3686_skcipher_setkey,
  1679. .encrypt = skcipher_encrypt,
  1680. .decrypt = skcipher_decrypt,
  1681. .min_keysize = AES_MIN_KEY_SIZE +
  1682. CTR_RFC3686_NONCE_SIZE,
  1683. .max_keysize = AES_MAX_KEY_SIZE +
  1684. CTR_RFC3686_NONCE_SIZE,
  1685. .ivsize = CTR_RFC3686_IV_SIZE,
  1686. .chunksize = AES_BLOCK_SIZE,
  1687. },
  1688. .caam = {
  1689. .class1_alg_type = OP_ALG_ALGSEL_AES |
  1690. OP_ALG_AAI_CTR_MOD128,
  1691. .rfc3686 = true,
  1692. },
  1693. },
  1694. {
  1695. .skcipher = {
  1696. .base = {
  1697. .cra_name = "xts(aes)",
  1698. .cra_driver_name = "xts-aes-caam",
  1699. .cra_blocksize = AES_BLOCK_SIZE,
  1700. },
  1701. .setkey = xts_skcipher_setkey,
  1702. .encrypt = skcipher_encrypt,
  1703. .decrypt = skcipher_decrypt,
  1704. .min_keysize = 2 * AES_MIN_KEY_SIZE,
  1705. .max_keysize = 2 * AES_MAX_KEY_SIZE,
  1706. .ivsize = AES_BLOCK_SIZE,
  1707. },
  1708. .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_XTS,
  1709. },
  1710. {
  1711. .skcipher = {
  1712. .base = {
  1713. .cra_name = "ecb(des)",
  1714. .cra_driver_name = "ecb-des-caam",
  1715. .cra_blocksize = DES_BLOCK_SIZE,
  1716. },
  1717. .setkey = des_skcipher_setkey,
  1718. .encrypt = skcipher_encrypt,
  1719. .decrypt = skcipher_decrypt,
  1720. .min_keysize = DES_KEY_SIZE,
  1721. .max_keysize = DES_KEY_SIZE,
  1722. },
  1723. .caam.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_ECB,
  1724. },
  1725. {
  1726. .skcipher = {
  1727. .base = {
  1728. .cra_name = "ecb(aes)",
  1729. .cra_driver_name = "ecb-aes-caam",
  1730. .cra_blocksize = AES_BLOCK_SIZE,
  1731. },
  1732. .setkey = aes_skcipher_setkey,
  1733. .encrypt = skcipher_encrypt,
  1734. .decrypt = skcipher_decrypt,
  1735. .min_keysize = AES_MIN_KEY_SIZE,
  1736. .max_keysize = AES_MAX_KEY_SIZE,
  1737. },
  1738. .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_ECB,
  1739. },
  1740. {
  1741. .skcipher = {
  1742. .base = {
  1743. .cra_name = "ecb(des3_ede)",
  1744. .cra_driver_name = "ecb-des3-caam",
  1745. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  1746. },
  1747. .setkey = des3_skcipher_setkey,
  1748. .encrypt = skcipher_encrypt,
  1749. .decrypt = skcipher_decrypt,
  1750. .min_keysize = DES3_EDE_KEY_SIZE,
  1751. .max_keysize = DES3_EDE_KEY_SIZE,
  1752. },
  1753. .caam.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_ECB,
  1754. },
  1755. };
  1756. static struct caam_aead_alg driver_aeads[] = {
  1757. {
  1758. .aead = {
  1759. .base = {
  1760. .cra_name = "rfc4106(gcm(aes))",
  1761. .cra_driver_name = "rfc4106-gcm-aes-caam",
  1762. .cra_blocksize = 1,
  1763. },
  1764. .setkey = rfc4106_setkey,
  1765. .setauthsize = rfc4106_setauthsize,
  1766. .encrypt = ipsec_gcm_encrypt,
  1767. .decrypt = ipsec_gcm_decrypt,
  1768. .ivsize = GCM_RFC4106_IV_SIZE,
  1769. .maxauthsize = AES_BLOCK_SIZE,
  1770. },
  1771. .caam = {
  1772. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
  1773. .nodkp = true,
  1774. },
  1775. },
  1776. {
  1777. .aead = {
  1778. .base = {
  1779. .cra_name = "rfc4543(gcm(aes))",
  1780. .cra_driver_name = "rfc4543-gcm-aes-caam",
  1781. .cra_blocksize = 1,
  1782. },
  1783. .setkey = rfc4543_setkey,
  1784. .setauthsize = rfc4543_setauthsize,
  1785. .encrypt = ipsec_gcm_encrypt,
  1786. .decrypt = ipsec_gcm_decrypt,
  1787. .ivsize = GCM_RFC4543_IV_SIZE,
  1788. .maxauthsize = AES_BLOCK_SIZE,
  1789. },
  1790. .caam = {
  1791. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
  1792. .nodkp = true,
  1793. },
  1794. },
  1795. /* Galois Counter Mode */
  1796. {
  1797. .aead = {
  1798. .base = {
  1799. .cra_name = "gcm(aes)",
  1800. .cra_driver_name = "gcm-aes-caam",
  1801. .cra_blocksize = 1,
  1802. },
  1803. .setkey = gcm_setkey,
  1804. .setauthsize = gcm_setauthsize,
  1805. .encrypt = gcm_encrypt,
  1806. .decrypt = gcm_decrypt,
  1807. .ivsize = GCM_AES_IV_SIZE,
  1808. .maxauthsize = AES_BLOCK_SIZE,
  1809. },
  1810. .caam = {
  1811. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
  1812. .nodkp = true,
  1813. },
  1814. },
  1815. /* single-pass ipsec_esp descriptor */
  1816. {
  1817. .aead = {
  1818. .base = {
  1819. .cra_name = "authenc(hmac(md5),"
  1820. "ecb(cipher_null))",
  1821. .cra_driver_name = "authenc-hmac-md5-"
  1822. "ecb-cipher_null-caam",
  1823. .cra_blocksize = NULL_BLOCK_SIZE,
  1824. },
  1825. .setkey = aead_setkey,
  1826. .setauthsize = aead_setauthsize,
  1827. .encrypt = aead_encrypt,
  1828. .decrypt = aead_decrypt,
  1829. .ivsize = NULL_IV_SIZE,
  1830. .maxauthsize = MD5_DIGEST_SIZE,
  1831. },
  1832. .caam = {
  1833. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  1834. OP_ALG_AAI_HMAC_PRECOMP,
  1835. },
  1836. },
  1837. {
  1838. .aead = {
  1839. .base = {
  1840. .cra_name = "authenc(hmac(sha1),"
  1841. "ecb(cipher_null))",
  1842. .cra_driver_name = "authenc-hmac-sha1-"
  1843. "ecb-cipher_null-caam",
  1844. .cra_blocksize = NULL_BLOCK_SIZE,
  1845. },
  1846. .setkey = aead_setkey,
  1847. .setauthsize = aead_setauthsize,
  1848. .encrypt = aead_encrypt,
  1849. .decrypt = aead_decrypt,
  1850. .ivsize = NULL_IV_SIZE,
  1851. .maxauthsize = SHA1_DIGEST_SIZE,
  1852. },
  1853. .caam = {
  1854. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  1855. OP_ALG_AAI_HMAC_PRECOMP,
  1856. },
  1857. },
  1858. {
  1859. .aead = {
  1860. .base = {
  1861. .cra_name = "authenc(hmac(sha224),"
  1862. "ecb(cipher_null))",
  1863. .cra_driver_name = "authenc-hmac-sha224-"
  1864. "ecb-cipher_null-caam",
  1865. .cra_blocksize = NULL_BLOCK_SIZE,
  1866. },
  1867. .setkey = aead_setkey,
  1868. .setauthsize = aead_setauthsize,
  1869. .encrypt = aead_encrypt,
  1870. .decrypt = aead_decrypt,
  1871. .ivsize = NULL_IV_SIZE,
  1872. .maxauthsize = SHA224_DIGEST_SIZE,
  1873. },
  1874. .caam = {
  1875. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  1876. OP_ALG_AAI_HMAC_PRECOMP,
  1877. },
  1878. },
  1879. {
  1880. .aead = {
  1881. .base = {
  1882. .cra_name = "authenc(hmac(sha256),"
  1883. "ecb(cipher_null))",
  1884. .cra_driver_name = "authenc-hmac-sha256-"
  1885. "ecb-cipher_null-caam",
  1886. .cra_blocksize = NULL_BLOCK_SIZE,
  1887. },
  1888. .setkey = aead_setkey,
  1889. .setauthsize = aead_setauthsize,
  1890. .encrypt = aead_encrypt,
  1891. .decrypt = aead_decrypt,
  1892. .ivsize = NULL_IV_SIZE,
  1893. .maxauthsize = SHA256_DIGEST_SIZE,
  1894. },
  1895. .caam = {
  1896. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  1897. OP_ALG_AAI_HMAC_PRECOMP,
  1898. },
  1899. },
  1900. {
  1901. .aead = {
  1902. .base = {
  1903. .cra_name = "authenc(hmac(sha384),"
  1904. "ecb(cipher_null))",
  1905. .cra_driver_name = "authenc-hmac-sha384-"
  1906. "ecb-cipher_null-caam",
  1907. .cra_blocksize = NULL_BLOCK_SIZE,
  1908. },
  1909. .setkey = aead_setkey,
  1910. .setauthsize = aead_setauthsize,
  1911. .encrypt = aead_encrypt,
  1912. .decrypt = aead_decrypt,
  1913. .ivsize = NULL_IV_SIZE,
  1914. .maxauthsize = SHA384_DIGEST_SIZE,
  1915. },
  1916. .caam = {
  1917. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  1918. OP_ALG_AAI_HMAC_PRECOMP,
  1919. },
  1920. },
  1921. {
  1922. .aead = {
  1923. .base = {
  1924. .cra_name = "authenc(hmac(sha512),"
  1925. "ecb(cipher_null))",
  1926. .cra_driver_name = "authenc-hmac-sha512-"
  1927. "ecb-cipher_null-caam",
  1928. .cra_blocksize = NULL_BLOCK_SIZE,
  1929. },
  1930. .setkey = aead_setkey,
  1931. .setauthsize = aead_setauthsize,
  1932. .encrypt = aead_encrypt,
  1933. .decrypt = aead_decrypt,
  1934. .ivsize = NULL_IV_SIZE,
  1935. .maxauthsize = SHA512_DIGEST_SIZE,
  1936. },
  1937. .caam = {
  1938. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  1939. OP_ALG_AAI_HMAC_PRECOMP,
  1940. },
  1941. },
  1942. {
  1943. .aead = {
  1944. .base = {
  1945. .cra_name = "authenc(hmac(md5),cbc(aes))",
  1946. .cra_driver_name = "authenc-hmac-md5-"
  1947. "cbc-aes-caam",
  1948. .cra_blocksize = AES_BLOCK_SIZE,
  1949. },
  1950. .setkey = aead_setkey,
  1951. .setauthsize = aead_setauthsize,
  1952. .encrypt = aead_encrypt,
  1953. .decrypt = aead_decrypt,
  1954. .ivsize = AES_BLOCK_SIZE,
  1955. .maxauthsize = MD5_DIGEST_SIZE,
  1956. },
  1957. .caam = {
  1958. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  1959. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  1960. OP_ALG_AAI_HMAC_PRECOMP,
  1961. },
  1962. },
  1963. {
  1964. .aead = {
  1965. .base = {
  1966. .cra_name = "echainiv(authenc(hmac(md5),"
  1967. "cbc(aes)))",
  1968. .cra_driver_name = "echainiv-authenc-hmac-md5-"
  1969. "cbc-aes-caam",
  1970. .cra_blocksize = AES_BLOCK_SIZE,
  1971. },
  1972. .setkey = aead_setkey,
  1973. .setauthsize = aead_setauthsize,
  1974. .encrypt = aead_encrypt,
  1975. .decrypt = aead_decrypt,
  1976. .ivsize = AES_BLOCK_SIZE,
  1977. .maxauthsize = MD5_DIGEST_SIZE,
  1978. },
  1979. .caam = {
  1980. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  1981. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  1982. OP_ALG_AAI_HMAC_PRECOMP,
  1983. .geniv = true,
  1984. },
  1985. },
  1986. {
  1987. .aead = {
  1988. .base = {
  1989. .cra_name = "authenc(hmac(sha1),cbc(aes))",
  1990. .cra_driver_name = "authenc-hmac-sha1-"
  1991. "cbc-aes-caam",
  1992. .cra_blocksize = AES_BLOCK_SIZE,
  1993. },
  1994. .setkey = aead_setkey,
  1995. .setauthsize = aead_setauthsize,
  1996. .encrypt = aead_encrypt,
  1997. .decrypt = aead_decrypt,
  1998. .ivsize = AES_BLOCK_SIZE,
  1999. .maxauthsize = SHA1_DIGEST_SIZE,
  2000. },
  2001. .caam = {
  2002. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2003. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  2004. OP_ALG_AAI_HMAC_PRECOMP,
  2005. },
  2006. },
  2007. {
  2008. .aead = {
  2009. .base = {
  2010. .cra_name = "echainiv(authenc(hmac(sha1),"
  2011. "cbc(aes)))",
  2012. .cra_driver_name = "echainiv-authenc-"
  2013. "hmac-sha1-cbc-aes-caam",
  2014. .cra_blocksize = AES_BLOCK_SIZE,
  2015. },
  2016. .setkey = aead_setkey,
  2017. .setauthsize = aead_setauthsize,
  2018. .encrypt = aead_encrypt,
  2019. .decrypt = aead_decrypt,
  2020. .ivsize = AES_BLOCK_SIZE,
  2021. .maxauthsize = SHA1_DIGEST_SIZE,
  2022. },
  2023. .caam = {
  2024. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2025. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  2026. OP_ALG_AAI_HMAC_PRECOMP,
  2027. .geniv = true,
  2028. },
  2029. },
  2030. {
  2031. .aead = {
  2032. .base = {
  2033. .cra_name = "authenc(hmac(sha224),cbc(aes))",
  2034. .cra_driver_name = "authenc-hmac-sha224-"
  2035. "cbc-aes-caam",
  2036. .cra_blocksize = AES_BLOCK_SIZE,
  2037. },
  2038. .setkey = aead_setkey,
  2039. .setauthsize = aead_setauthsize,
  2040. .encrypt = aead_encrypt,
  2041. .decrypt = aead_decrypt,
  2042. .ivsize = AES_BLOCK_SIZE,
  2043. .maxauthsize = SHA224_DIGEST_SIZE,
  2044. },
  2045. .caam = {
  2046. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2047. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  2048. OP_ALG_AAI_HMAC_PRECOMP,
  2049. },
  2050. },
  2051. {
  2052. .aead = {
  2053. .base = {
  2054. .cra_name = "echainiv(authenc(hmac(sha224),"
  2055. "cbc(aes)))",
  2056. .cra_driver_name = "echainiv-authenc-"
  2057. "hmac-sha224-cbc-aes-caam",
  2058. .cra_blocksize = AES_BLOCK_SIZE,
  2059. },
  2060. .setkey = aead_setkey,
  2061. .setauthsize = aead_setauthsize,
  2062. .encrypt = aead_encrypt,
  2063. .decrypt = aead_decrypt,
  2064. .ivsize = AES_BLOCK_SIZE,
  2065. .maxauthsize = SHA224_DIGEST_SIZE,
  2066. },
  2067. .caam = {
  2068. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2069. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  2070. OP_ALG_AAI_HMAC_PRECOMP,
  2071. .geniv = true,
  2072. },
  2073. },
  2074. {
  2075. .aead = {
  2076. .base = {
  2077. .cra_name = "authenc(hmac(sha256),cbc(aes))",
  2078. .cra_driver_name = "authenc-hmac-sha256-"
  2079. "cbc-aes-caam",
  2080. .cra_blocksize = AES_BLOCK_SIZE,
  2081. },
  2082. .setkey = aead_setkey,
  2083. .setauthsize = aead_setauthsize,
  2084. .encrypt = aead_encrypt,
  2085. .decrypt = aead_decrypt,
  2086. .ivsize = AES_BLOCK_SIZE,
  2087. .maxauthsize = SHA256_DIGEST_SIZE,
  2088. },
  2089. .caam = {
  2090. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2091. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  2092. OP_ALG_AAI_HMAC_PRECOMP,
  2093. },
  2094. },
  2095. {
  2096. .aead = {
  2097. .base = {
  2098. .cra_name = "echainiv(authenc(hmac(sha256),"
  2099. "cbc(aes)))",
  2100. .cra_driver_name = "echainiv-authenc-"
  2101. "hmac-sha256-cbc-aes-caam",
  2102. .cra_blocksize = AES_BLOCK_SIZE,
  2103. },
  2104. .setkey = aead_setkey,
  2105. .setauthsize = aead_setauthsize,
  2106. .encrypt = aead_encrypt,
  2107. .decrypt = aead_decrypt,
  2108. .ivsize = AES_BLOCK_SIZE,
  2109. .maxauthsize = SHA256_DIGEST_SIZE,
  2110. },
  2111. .caam = {
  2112. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2113. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  2114. OP_ALG_AAI_HMAC_PRECOMP,
  2115. .geniv = true,
  2116. },
  2117. },
  2118. {
  2119. .aead = {
  2120. .base = {
  2121. .cra_name = "authenc(hmac(sha384),cbc(aes))",
  2122. .cra_driver_name = "authenc-hmac-sha384-"
  2123. "cbc-aes-caam",
  2124. .cra_blocksize = AES_BLOCK_SIZE,
  2125. },
  2126. .setkey = aead_setkey,
  2127. .setauthsize = aead_setauthsize,
  2128. .encrypt = aead_encrypt,
  2129. .decrypt = aead_decrypt,
  2130. .ivsize = AES_BLOCK_SIZE,
  2131. .maxauthsize = SHA384_DIGEST_SIZE,
  2132. },
  2133. .caam = {
  2134. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2135. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  2136. OP_ALG_AAI_HMAC_PRECOMP,
  2137. },
  2138. },
  2139. {
  2140. .aead = {
  2141. .base = {
  2142. .cra_name = "echainiv(authenc(hmac(sha384),"
  2143. "cbc(aes)))",
  2144. .cra_driver_name = "echainiv-authenc-"
  2145. "hmac-sha384-cbc-aes-caam",
  2146. .cra_blocksize = AES_BLOCK_SIZE,
  2147. },
  2148. .setkey = aead_setkey,
  2149. .setauthsize = aead_setauthsize,
  2150. .encrypt = aead_encrypt,
  2151. .decrypt = aead_decrypt,
  2152. .ivsize = AES_BLOCK_SIZE,
  2153. .maxauthsize = SHA384_DIGEST_SIZE,
  2154. },
  2155. .caam = {
  2156. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2157. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  2158. OP_ALG_AAI_HMAC_PRECOMP,
  2159. .geniv = true,
  2160. },
  2161. },
  2162. {
  2163. .aead = {
  2164. .base = {
  2165. .cra_name = "authenc(hmac(sha512),cbc(aes))",
  2166. .cra_driver_name = "authenc-hmac-sha512-"
  2167. "cbc-aes-caam",
  2168. .cra_blocksize = AES_BLOCK_SIZE,
  2169. },
  2170. .setkey = aead_setkey,
  2171. .setauthsize = aead_setauthsize,
  2172. .encrypt = aead_encrypt,
  2173. .decrypt = aead_decrypt,
  2174. .ivsize = AES_BLOCK_SIZE,
  2175. .maxauthsize = SHA512_DIGEST_SIZE,
  2176. },
  2177. .caam = {
  2178. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2179. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  2180. OP_ALG_AAI_HMAC_PRECOMP,
  2181. },
  2182. },
  2183. {
  2184. .aead = {
  2185. .base = {
  2186. .cra_name = "echainiv(authenc(hmac(sha512),"
  2187. "cbc(aes)))",
  2188. .cra_driver_name = "echainiv-authenc-"
  2189. "hmac-sha512-cbc-aes-caam",
  2190. .cra_blocksize = AES_BLOCK_SIZE,
  2191. },
  2192. .setkey = aead_setkey,
  2193. .setauthsize = aead_setauthsize,
  2194. .encrypt = aead_encrypt,
  2195. .decrypt = aead_decrypt,
  2196. .ivsize = AES_BLOCK_SIZE,
  2197. .maxauthsize = SHA512_DIGEST_SIZE,
  2198. },
  2199. .caam = {
  2200. .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
  2201. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  2202. OP_ALG_AAI_HMAC_PRECOMP,
  2203. .geniv = true,
  2204. },
  2205. },
  2206. {
  2207. .aead = {
  2208. .base = {
  2209. .cra_name = "authenc(hmac(md5),cbc(des3_ede))",
  2210. .cra_driver_name = "authenc-hmac-md5-"
  2211. "cbc-des3_ede-caam",
  2212. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2213. },
  2214. .setkey = des3_aead_setkey,
  2215. .setauthsize = aead_setauthsize,
  2216. .encrypt = aead_encrypt,
  2217. .decrypt = aead_decrypt,
  2218. .ivsize = DES3_EDE_BLOCK_SIZE,
  2219. .maxauthsize = MD5_DIGEST_SIZE,
  2220. },
  2221. .caam = {
  2222. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2223. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  2224. OP_ALG_AAI_HMAC_PRECOMP,
  2225. }
  2226. },
  2227. {
  2228. .aead = {
  2229. .base = {
  2230. .cra_name = "echainiv(authenc(hmac(md5),"
  2231. "cbc(des3_ede)))",
  2232. .cra_driver_name = "echainiv-authenc-hmac-md5-"
  2233. "cbc-des3_ede-caam",
  2234. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2235. },
  2236. .setkey = des3_aead_setkey,
  2237. .setauthsize = aead_setauthsize,
  2238. .encrypt = aead_encrypt,
  2239. .decrypt = aead_decrypt,
  2240. .ivsize = DES3_EDE_BLOCK_SIZE,
  2241. .maxauthsize = MD5_DIGEST_SIZE,
  2242. },
  2243. .caam = {
  2244. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2245. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  2246. OP_ALG_AAI_HMAC_PRECOMP,
  2247. .geniv = true,
  2248. }
  2249. },
  2250. {
  2251. .aead = {
  2252. .base = {
  2253. .cra_name = "authenc(hmac(sha1),"
  2254. "cbc(des3_ede))",
  2255. .cra_driver_name = "authenc-hmac-sha1-"
  2256. "cbc-des3_ede-caam",
  2257. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2258. },
  2259. .setkey = des3_aead_setkey,
  2260. .setauthsize = aead_setauthsize,
  2261. .encrypt = aead_encrypt,
  2262. .decrypt = aead_decrypt,
  2263. .ivsize = DES3_EDE_BLOCK_SIZE,
  2264. .maxauthsize = SHA1_DIGEST_SIZE,
  2265. },
  2266. .caam = {
  2267. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2268. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  2269. OP_ALG_AAI_HMAC_PRECOMP,
  2270. },
  2271. },
  2272. {
  2273. .aead = {
  2274. .base = {
  2275. .cra_name = "echainiv(authenc(hmac(sha1),"
  2276. "cbc(des3_ede)))",
  2277. .cra_driver_name = "echainiv-authenc-"
  2278. "hmac-sha1-"
  2279. "cbc-des3_ede-caam",
  2280. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2281. },
  2282. .setkey = des3_aead_setkey,
  2283. .setauthsize = aead_setauthsize,
  2284. .encrypt = aead_encrypt,
  2285. .decrypt = aead_decrypt,
  2286. .ivsize = DES3_EDE_BLOCK_SIZE,
  2287. .maxauthsize = SHA1_DIGEST_SIZE,
  2288. },
  2289. .caam = {
  2290. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2291. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  2292. OP_ALG_AAI_HMAC_PRECOMP,
  2293. .geniv = true,
  2294. },
  2295. },
  2296. {
  2297. .aead = {
  2298. .base = {
  2299. .cra_name = "authenc(hmac(sha224),"
  2300. "cbc(des3_ede))",
  2301. .cra_driver_name = "authenc-hmac-sha224-"
  2302. "cbc-des3_ede-caam",
  2303. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2304. },
  2305. .setkey = des3_aead_setkey,
  2306. .setauthsize = aead_setauthsize,
  2307. .encrypt = aead_encrypt,
  2308. .decrypt = aead_decrypt,
  2309. .ivsize = DES3_EDE_BLOCK_SIZE,
  2310. .maxauthsize = SHA224_DIGEST_SIZE,
  2311. },
  2312. .caam = {
  2313. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2314. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  2315. OP_ALG_AAI_HMAC_PRECOMP,
  2316. },
  2317. },
  2318. {
  2319. .aead = {
  2320. .base = {
  2321. .cra_name = "echainiv(authenc(hmac(sha224),"
  2322. "cbc(des3_ede)))",
  2323. .cra_driver_name = "echainiv-authenc-"
  2324. "hmac-sha224-"
  2325. "cbc-des3_ede-caam",
  2326. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2327. },
  2328. .setkey = des3_aead_setkey,
  2329. .setauthsize = aead_setauthsize,
  2330. .encrypt = aead_encrypt,
  2331. .decrypt = aead_decrypt,
  2332. .ivsize = DES3_EDE_BLOCK_SIZE,
  2333. .maxauthsize = SHA224_DIGEST_SIZE,
  2334. },
  2335. .caam = {
  2336. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2337. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  2338. OP_ALG_AAI_HMAC_PRECOMP,
  2339. .geniv = true,
  2340. },
  2341. },
  2342. {
  2343. .aead = {
  2344. .base = {
  2345. .cra_name = "authenc(hmac(sha256),"
  2346. "cbc(des3_ede))",
  2347. .cra_driver_name = "authenc-hmac-sha256-"
  2348. "cbc-des3_ede-caam",
  2349. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2350. },
  2351. .setkey = des3_aead_setkey,
  2352. .setauthsize = aead_setauthsize,
  2353. .encrypt = aead_encrypt,
  2354. .decrypt = aead_decrypt,
  2355. .ivsize = DES3_EDE_BLOCK_SIZE,
  2356. .maxauthsize = SHA256_DIGEST_SIZE,
  2357. },
  2358. .caam = {
  2359. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2360. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  2361. OP_ALG_AAI_HMAC_PRECOMP,
  2362. },
  2363. },
  2364. {
  2365. .aead = {
  2366. .base = {
  2367. .cra_name = "echainiv(authenc(hmac(sha256),"
  2368. "cbc(des3_ede)))",
  2369. .cra_driver_name = "echainiv-authenc-"
  2370. "hmac-sha256-"
  2371. "cbc-des3_ede-caam",
  2372. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2373. },
  2374. .setkey = des3_aead_setkey,
  2375. .setauthsize = aead_setauthsize,
  2376. .encrypt = aead_encrypt,
  2377. .decrypt = aead_decrypt,
  2378. .ivsize = DES3_EDE_BLOCK_SIZE,
  2379. .maxauthsize = SHA256_DIGEST_SIZE,
  2380. },
  2381. .caam = {
  2382. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2383. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  2384. OP_ALG_AAI_HMAC_PRECOMP,
  2385. .geniv = true,
  2386. },
  2387. },
  2388. {
  2389. .aead = {
  2390. .base = {
  2391. .cra_name = "authenc(hmac(sha384),"
  2392. "cbc(des3_ede))",
  2393. .cra_driver_name = "authenc-hmac-sha384-"
  2394. "cbc-des3_ede-caam",
  2395. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2396. },
  2397. .setkey = des3_aead_setkey,
  2398. .setauthsize = aead_setauthsize,
  2399. .encrypt = aead_encrypt,
  2400. .decrypt = aead_decrypt,
  2401. .ivsize = DES3_EDE_BLOCK_SIZE,
  2402. .maxauthsize = SHA384_DIGEST_SIZE,
  2403. },
  2404. .caam = {
  2405. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2406. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  2407. OP_ALG_AAI_HMAC_PRECOMP,
  2408. },
  2409. },
  2410. {
  2411. .aead = {
  2412. .base = {
  2413. .cra_name = "echainiv(authenc(hmac(sha384),"
  2414. "cbc(des3_ede)))",
  2415. .cra_driver_name = "echainiv-authenc-"
  2416. "hmac-sha384-"
  2417. "cbc-des3_ede-caam",
  2418. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2419. },
  2420. .setkey = des3_aead_setkey,
  2421. .setauthsize = aead_setauthsize,
  2422. .encrypt = aead_encrypt,
  2423. .decrypt = aead_decrypt,
  2424. .ivsize = DES3_EDE_BLOCK_SIZE,
  2425. .maxauthsize = SHA384_DIGEST_SIZE,
  2426. },
  2427. .caam = {
  2428. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2429. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  2430. OP_ALG_AAI_HMAC_PRECOMP,
  2431. .geniv = true,
  2432. },
  2433. },
  2434. {
  2435. .aead = {
  2436. .base = {
  2437. .cra_name = "authenc(hmac(sha512),"
  2438. "cbc(des3_ede))",
  2439. .cra_driver_name = "authenc-hmac-sha512-"
  2440. "cbc-des3_ede-caam",
  2441. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2442. },
  2443. .setkey = des3_aead_setkey,
  2444. .setauthsize = aead_setauthsize,
  2445. .encrypt = aead_encrypt,
  2446. .decrypt = aead_decrypt,
  2447. .ivsize = DES3_EDE_BLOCK_SIZE,
  2448. .maxauthsize = SHA512_DIGEST_SIZE,
  2449. },
  2450. .caam = {
  2451. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2452. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  2453. OP_ALG_AAI_HMAC_PRECOMP,
  2454. },
  2455. },
  2456. {
  2457. .aead = {
  2458. .base = {
  2459. .cra_name = "echainiv(authenc(hmac(sha512),"
  2460. "cbc(des3_ede)))",
  2461. .cra_driver_name = "echainiv-authenc-"
  2462. "hmac-sha512-"
  2463. "cbc-des3_ede-caam",
  2464. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  2465. },
  2466. .setkey = des3_aead_setkey,
  2467. .setauthsize = aead_setauthsize,
  2468. .encrypt = aead_encrypt,
  2469. .decrypt = aead_decrypt,
  2470. .ivsize = DES3_EDE_BLOCK_SIZE,
  2471. .maxauthsize = SHA512_DIGEST_SIZE,
  2472. },
  2473. .caam = {
  2474. .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
  2475. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  2476. OP_ALG_AAI_HMAC_PRECOMP,
  2477. .geniv = true,
  2478. },
  2479. },
  2480. {
  2481. .aead = {
  2482. .base = {
  2483. .cra_name = "authenc(hmac(md5),cbc(des))",
  2484. .cra_driver_name = "authenc-hmac-md5-"
  2485. "cbc-des-caam",
  2486. .cra_blocksize = DES_BLOCK_SIZE,
  2487. },
  2488. .setkey = aead_setkey,
  2489. .setauthsize = aead_setauthsize,
  2490. .encrypt = aead_encrypt,
  2491. .decrypt = aead_decrypt,
  2492. .ivsize = DES_BLOCK_SIZE,
  2493. .maxauthsize = MD5_DIGEST_SIZE,
  2494. },
  2495. .caam = {
  2496. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2497. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  2498. OP_ALG_AAI_HMAC_PRECOMP,
  2499. },
  2500. },
  2501. {
  2502. .aead = {
  2503. .base = {
  2504. .cra_name = "echainiv(authenc(hmac(md5),"
  2505. "cbc(des)))",
  2506. .cra_driver_name = "echainiv-authenc-hmac-md5-"
  2507. "cbc-des-caam",
  2508. .cra_blocksize = DES_BLOCK_SIZE,
  2509. },
  2510. .setkey = aead_setkey,
  2511. .setauthsize = aead_setauthsize,
  2512. .encrypt = aead_encrypt,
  2513. .decrypt = aead_decrypt,
  2514. .ivsize = DES_BLOCK_SIZE,
  2515. .maxauthsize = MD5_DIGEST_SIZE,
  2516. },
  2517. .caam = {
  2518. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2519. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  2520. OP_ALG_AAI_HMAC_PRECOMP,
  2521. .geniv = true,
  2522. },
  2523. },
  2524. {
  2525. .aead = {
  2526. .base = {
  2527. .cra_name = "authenc(hmac(sha1),cbc(des))",
  2528. .cra_driver_name = "authenc-hmac-sha1-"
  2529. "cbc-des-caam",
  2530. .cra_blocksize = DES_BLOCK_SIZE,
  2531. },
  2532. .setkey = aead_setkey,
  2533. .setauthsize = aead_setauthsize,
  2534. .encrypt = aead_encrypt,
  2535. .decrypt = aead_decrypt,
  2536. .ivsize = DES_BLOCK_SIZE,
  2537. .maxauthsize = SHA1_DIGEST_SIZE,
  2538. },
  2539. .caam = {
  2540. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2541. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  2542. OP_ALG_AAI_HMAC_PRECOMP,
  2543. },
  2544. },
  2545. {
  2546. .aead = {
  2547. .base = {
  2548. .cra_name = "echainiv(authenc(hmac(sha1),"
  2549. "cbc(des)))",
  2550. .cra_driver_name = "echainiv-authenc-"
  2551. "hmac-sha1-cbc-des-caam",
  2552. .cra_blocksize = DES_BLOCK_SIZE,
  2553. },
  2554. .setkey = aead_setkey,
  2555. .setauthsize = aead_setauthsize,
  2556. .encrypt = aead_encrypt,
  2557. .decrypt = aead_decrypt,
  2558. .ivsize = DES_BLOCK_SIZE,
  2559. .maxauthsize = SHA1_DIGEST_SIZE,
  2560. },
  2561. .caam = {
  2562. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2563. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  2564. OP_ALG_AAI_HMAC_PRECOMP,
  2565. .geniv = true,
  2566. },
  2567. },
  2568. {
  2569. .aead = {
  2570. .base = {
  2571. .cra_name = "authenc(hmac(sha224),cbc(des))",
  2572. .cra_driver_name = "authenc-hmac-sha224-"
  2573. "cbc-des-caam",
  2574. .cra_blocksize = DES_BLOCK_SIZE,
  2575. },
  2576. .setkey = aead_setkey,
  2577. .setauthsize = aead_setauthsize,
  2578. .encrypt = aead_encrypt,
  2579. .decrypt = aead_decrypt,
  2580. .ivsize = DES_BLOCK_SIZE,
  2581. .maxauthsize = SHA224_DIGEST_SIZE,
  2582. },
  2583. .caam = {
  2584. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2585. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  2586. OP_ALG_AAI_HMAC_PRECOMP,
  2587. },
  2588. },
  2589. {
  2590. .aead = {
  2591. .base = {
  2592. .cra_name = "echainiv(authenc(hmac(sha224),"
  2593. "cbc(des)))",
  2594. .cra_driver_name = "echainiv-authenc-"
  2595. "hmac-sha224-cbc-des-caam",
  2596. .cra_blocksize = DES_BLOCK_SIZE,
  2597. },
  2598. .setkey = aead_setkey,
  2599. .setauthsize = aead_setauthsize,
  2600. .encrypt = aead_encrypt,
  2601. .decrypt = aead_decrypt,
  2602. .ivsize = DES_BLOCK_SIZE,
  2603. .maxauthsize = SHA224_DIGEST_SIZE,
  2604. },
  2605. .caam = {
  2606. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2607. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  2608. OP_ALG_AAI_HMAC_PRECOMP,
  2609. .geniv = true,
  2610. },
  2611. },
  2612. {
  2613. .aead = {
  2614. .base = {
  2615. .cra_name = "authenc(hmac(sha256),cbc(des))",
  2616. .cra_driver_name = "authenc-hmac-sha256-"
  2617. "cbc-des-caam",
  2618. .cra_blocksize = DES_BLOCK_SIZE,
  2619. },
  2620. .setkey = aead_setkey,
  2621. .setauthsize = aead_setauthsize,
  2622. .encrypt = aead_encrypt,
  2623. .decrypt = aead_decrypt,
  2624. .ivsize = DES_BLOCK_SIZE,
  2625. .maxauthsize = SHA256_DIGEST_SIZE,
  2626. },
  2627. .caam = {
  2628. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2629. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  2630. OP_ALG_AAI_HMAC_PRECOMP,
  2631. },
  2632. },
  2633. {
  2634. .aead = {
  2635. .base = {
  2636. .cra_name = "echainiv(authenc(hmac(sha256),"
  2637. "cbc(des)))",
  2638. .cra_driver_name = "echainiv-authenc-"
  2639. "hmac-sha256-cbc-des-caam",
  2640. .cra_blocksize = DES_BLOCK_SIZE,
  2641. },
  2642. .setkey = aead_setkey,
  2643. .setauthsize = aead_setauthsize,
  2644. .encrypt = aead_encrypt,
  2645. .decrypt = aead_decrypt,
  2646. .ivsize = DES_BLOCK_SIZE,
  2647. .maxauthsize = SHA256_DIGEST_SIZE,
  2648. },
  2649. .caam = {
  2650. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2651. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  2652. OP_ALG_AAI_HMAC_PRECOMP,
  2653. .geniv = true,
  2654. },
  2655. },
  2656. {
  2657. .aead = {
  2658. .base = {
  2659. .cra_name = "authenc(hmac(sha384),cbc(des))",
  2660. .cra_driver_name = "authenc-hmac-sha384-"
  2661. "cbc-des-caam",
  2662. .cra_blocksize = DES_BLOCK_SIZE,
  2663. },
  2664. .setkey = aead_setkey,
  2665. .setauthsize = aead_setauthsize,
  2666. .encrypt = aead_encrypt,
  2667. .decrypt = aead_decrypt,
  2668. .ivsize = DES_BLOCK_SIZE,
  2669. .maxauthsize = SHA384_DIGEST_SIZE,
  2670. },
  2671. .caam = {
  2672. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2673. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  2674. OP_ALG_AAI_HMAC_PRECOMP,
  2675. },
  2676. },
  2677. {
  2678. .aead = {
  2679. .base = {
  2680. .cra_name = "echainiv(authenc(hmac(sha384),"
  2681. "cbc(des)))",
  2682. .cra_driver_name = "echainiv-authenc-"
  2683. "hmac-sha384-cbc-des-caam",
  2684. .cra_blocksize = DES_BLOCK_SIZE,
  2685. },
  2686. .setkey = aead_setkey,
  2687. .setauthsize = aead_setauthsize,
  2688. .encrypt = aead_encrypt,
  2689. .decrypt = aead_decrypt,
  2690. .ivsize = DES_BLOCK_SIZE,
  2691. .maxauthsize = SHA384_DIGEST_SIZE,
  2692. },
  2693. .caam = {
  2694. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2695. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  2696. OP_ALG_AAI_HMAC_PRECOMP,
  2697. .geniv = true,
  2698. },
  2699. },
  2700. {
  2701. .aead = {
  2702. .base = {
  2703. .cra_name = "authenc(hmac(sha512),cbc(des))",
  2704. .cra_driver_name = "authenc-hmac-sha512-"
  2705. "cbc-des-caam",
  2706. .cra_blocksize = DES_BLOCK_SIZE,
  2707. },
  2708. .setkey = aead_setkey,
  2709. .setauthsize = aead_setauthsize,
  2710. .encrypt = aead_encrypt,
  2711. .decrypt = aead_decrypt,
  2712. .ivsize = DES_BLOCK_SIZE,
  2713. .maxauthsize = SHA512_DIGEST_SIZE,
  2714. },
  2715. .caam = {
  2716. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2717. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  2718. OP_ALG_AAI_HMAC_PRECOMP,
  2719. },
  2720. },
  2721. {
  2722. .aead = {
  2723. .base = {
  2724. .cra_name = "echainiv(authenc(hmac(sha512),"
  2725. "cbc(des)))",
  2726. .cra_driver_name = "echainiv-authenc-"
  2727. "hmac-sha512-cbc-des-caam",
  2728. .cra_blocksize = DES_BLOCK_SIZE,
  2729. },
  2730. .setkey = aead_setkey,
  2731. .setauthsize = aead_setauthsize,
  2732. .encrypt = aead_encrypt,
  2733. .decrypt = aead_decrypt,
  2734. .ivsize = DES_BLOCK_SIZE,
  2735. .maxauthsize = SHA512_DIGEST_SIZE,
  2736. },
  2737. .caam = {
  2738. .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
  2739. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  2740. OP_ALG_AAI_HMAC_PRECOMP,
  2741. .geniv = true,
  2742. },
  2743. },
  2744. {
  2745. .aead = {
  2746. .base = {
  2747. .cra_name = "authenc(hmac(md5),"
  2748. "rfc3686(ctr(aes)))",
  2749. .cra_driver_name = "authenc-hmac-md5-"
  2750. "rfc3686-ctr-aes-caam",
  2751. .cra_blocksize = 1,
  2752. },
  2753. .setkey = aead_setkey,
  2754. .setauthsize = aead_setauthsize,
  2755. .encrypt = aead_encrypt,
  2756. .decrypt = aead_decrypt,
  2757. .ivsize = CTR_RFC3686_IV_SIZE,
  2758. .maxauthsize = MD5_DIGEST_SIZE,
  2759. },
  2760. .caam = {
  2761. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2762. OP_ALG_AAI_CTR_MOD128,
  2763. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  2764. OP_ALG_AAI_HMAC_PRECOMP,
  2765. .rfc3686 = true,
  2766. },
  2767. },
  2768. {
  2769. .aead = {
  2770. .base = {
  2771. .cra_name = "seqiv(authenc("
  2772. "hmac(md5),rfc3686(ctr(aes))))",
  2773. .cra_driver_name = "seqiv-authenc-hmac-md5-"
  2774. "rfc3686-ctr-aes-caam",
  2775. .cra_blocksize = 1,
  2776. },
  2777. .setkey = aead_setkey,
  2778. .setauthsize = aead_setauthsize,
  2779. .encrypt = aead_encrypt,
  2780. .decrypt = aead_decrypt,
  2781. .ivsize = CTR_RFC3686_IV_SIZE,
  2782. .maxauthsize = MD5_DIGEST_SIZE,
  2783. },
  2784. .caam = {
  2785. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2786. OP_ALG_AAI_CTR_MOD128,
  2787. .class2_alg_type = OP_ALG_ALGSEL_MD5 |
  2788. OP_ALG_AAI_HMAC_PRECOMP,
  2789. .rfc3686 = true,
  2790. .geniv = true,
  2791. },
  2792. },
  2793. {
  2794. .aead = {
  2795. .base = {
  2796. .cra_name = "authenc(hmac(sha1),"
  2797. "rfc3686(ctr(aes)))",
  2798. .cra_driver_name = "authenc-hmac-sha1-"
  2799. "rfc3686-ctr-aes-caam",
  2800. .cra_blocksize = 1,
  2801. },
  2802. .setkey = aead_setkey,
  2803. .setauthsize = aead_setauthsize,
  2804. .encrypt = aead_encrypt,
  2805. .decrypt = aead_decrypt,
  2806. .ivsize = CTR_RFC3686_IV_SIZE,
  2807. .maxauthsize = SHA1_DIGEST_SIZE,
  2808. },
  2809. .caam = {
  2810. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2811. OP_ALG_AAI_CTR_MOD128,
  2812. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  2813. OP_ALG_AAI_HMAC_PRECOMP,
  2814. .rfc3686 = true,
  2815. },
  2816. },
  2817. {
  2818. .aead = {
  2819. .base = {
  2820. .cra_name = "seqiv(authenc("
  2821. "hmac(sha1),rfc3686(ctr(aes))))",
  2822. .cra_driver_name = "seqiv-authenc-hmac-sha1-"
  2823. "rfc3686-ctr-aes-caam",
  2824. .cra_blocksize = 1,
  2825. },
  2826. .setkey = aead_setkey,
  2827. .setauthsize = aead_setauthsize,
  2828. .encrypt = aead_encrypt,
  2829. .decrypt = aead_decrypt,
  2830. .ivsize = CTR_RFC3686_IV_SIZE,
  2831. .maxauthsize = SHA1_DIGEST_SIZE,
  2832. },
  2833. .caam = {
  2834. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2835. OP_ALG_AAI_CTR_MOD128,
  2836. .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
  2837. OP_ALG_AAI_HMAC_PRECOMP,
  2838. .rfc3686 = true,
  2839. .geniv = true,
  2840. },
  2841. },
  2842. {
  2843. .aead = {
  2844. .base = {
  2845. .cra_name = "authenc(hmac(sha224),"
  2846. "rfc3686(ctr(aes)))",
  2847. .cra_driver_name = "authenc-hmac-sha224-"
  2848. "rfc3686-ctr-aes-caam",
  2849. .cra_blocksize = 1,
  2850. },
  2851. .setkey = aead_setkey,
  2852. .setauthsize = aead_setauthsize,
  2853. .encrypt = aead_encrypt,
  2854. .decrypt = aead_decrypt,
  2855. .ivsize = CTR_RFC3686_IV_SIZE,
  2856. .maxauthsize = SHA224_DIGEST_SIZE,
  2857. },
  2858. .caam = {
  2859. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2860. OP_ALG_AAI_CTR_MOD128,
  2861. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  2862. OP_ALG_AAI_HMAC_PRECOMP,
  2863. .rfc3686 = true,
  2864. },
  2865. },
  2866. {
  2867. .aead = {
  2868. .base = {
  2869. .cra_name = "seqiv(authenc("
  2870. "hmac(sha224),rfc3686(ctr(aes))))",
  2871. .cra_driver_name = "seqiv-authenc-hmac-sha224-"
  2872. "rfc3686-ctr-aes-caam",
  2873. .cra_blocksize = 1,
  2874. },
  2875. .setkey = aead_setkey,
  2876. .setauthsize = aead_setauthsize,
  2877. .encrypt = aead_encrypt,
  2878. .decrypt = aead_decrypt,
  2879. .ivsize = CTR_RFC3686_IV_SIZE,
  2880. .maxauthsize = SHA224_DIGEST_SIZE,
  2881. },
  2882. .caam = {
  2883. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2884. OP_ALG_AAI_CTR_MOD128,
  2885. .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
  2886. OP_ALG_AAI_HMAC_PRECOMP,
  2887. .rfc3686 = true,
  2888. .geniv = true,
  2889. },
  2890. },
  2891. {
  2892. .aead = {
  2893. .base = {
  2894. .cra_name = "authenc(hmac(sha256),"
  2895. "rfc3686(ctr(aes)))",
  2896. .cra_driver_name = "authenc-hmac-sha256-"
  2897. "rfc3686-ctr-aes-caam",
  2898. .cra_blocksize = 1,
  2899. },
  2900. .setkey = aead_setkey,
  2901. .setauthsize = aead_setauthsize,
  2902. .encrypt = aead_encrypt,
  2903. .decrypt = aead_decrypt,
  2904. .ivsize = CTR_RFC3686_IV_SIZE,
  2905. .maxauthsize = SHA256_DIGEST_SIZE,
  2906. },
  2907. .caam = {
  2908. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2909. OP_ALG_AAI_CTR_MOD128,
  2910. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  2911. OP_ALG_AAI_HMAC_PRECOMP,
  2912. .rfc3686 = true,
  2913. },
  2914. },
  2915. {
  2916. .aead = {
  2917. .base = {
  2918. .cra_name = "seqiv(authenc(hmac(sha256),"
  2919. "rfc3686(ctr(aes))))",
  2920. .cra_driver_name = "seqiv-authenc-hmac-sha256-"
  2921. "rfc3686-ctr-aes-caam",
  2922. .cra_blocksize = 1,
  2923. },
  2924. .setkey = aead_setkey,
  2925. .setauthsize = aead_setauthsize,
  2926. .encrypt = aead_encrypt,
  2927. .decrypt = aead_decrypt,
  2928. .ivsize = CTR_RFC3686_IV_SIZE,
  2929. .maxauthsize = SHA256_DIGEST_SIZE,
  2930. },
  2931. .caam = {
  2932. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2933. OP_ALG_AAI_CTR_MOD128,
  2934. .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
  2935. OP_ALG_AAI_HMAC_PRECOMP,
  2936. .rfc3686 = true,
  2937. .geniv = true,
  2938. },
  2939. },
  2940. {
  2941. .aead = {
  2942. .base = {
  2943. .cra_name = "authenc(hmac(sha384),"
  2944. "rfc3686(ctr(aes)))",
  2945. .cra_driver_name = "authenc-hmac-sha384-"
  2946. "rfc3686-ctr-aes-caam",
  2947. .cra_blocksize = 1,
  2948. },
  2949. .setkey = aead_setkey,
  2950. .setauthsize = aead_setauthsize,
  2951. .encrypt = aead_encrypt,
  2952. .decrypt = aead_decrypt,
  2953. .ivsize = CTR_RFC3686_IV_SIZE,
  2954. .maxauthsize = SHA384_DIGEST_SIZE,
  2955. },
  2956. .caam = {
  2957. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2958. OP_ALG_AAI_CTR_MOD128,
  2959. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  2960. OP_ALG_AAI_HMAC_PRECOMP,
  2961. .rfc3686 = true,
  2962. },
  2963. },
  2964. {
  2965. .aead = {
  2966. .base = {
  2967. .cra_name = "seqiv(authenc(hmac(sha384),"
  2968. "rfc3686(ctr(aes))))",
  2969. .cra_driver_name = "seqiv-authenc-hmac-sha384-"
  2970. "rfc3686-ctr-aes-caam",
  2971. .cra_blocksize = 1,
  2972. },
  2973. .setkey = aead_setkey,
  2974. .setauthsize = aead_setauthsize,
  2975. .encrypt = aead_encrypt,
  2976. .decrypt = aead_decrypt,
  2977. .ivsize = CTR_RFC3686_IV_SIZE,
  2978. .maxauthsize = SHA384_DIGEST_SIZE,
  2979. },
  2980. .caam = {
  2981. .class1_alg_type = OP_ALG_ALGSEL_AES |
  2982. OP_ALG_AAI_CTR_MOD128,
  2983. .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
  2984. OP_ALG_AAI_HMAC_PRECOMP,
  2985. .rfc3686 = true,
  2986. .geniv = true,
  2987. },
  2988. },
  2989. {
  2990. .aead = {
  2991. .base = {
  2992. .cra_name = "authenc(hmac(sha512),"
  2993. "rfc3686(ctr(aes)))",
  2994. .cra_driver_name = "authenc-hmac-sha512-"
  2995. "rfc3686-ctr-aes-caam",
  2996. .cra_blocksize = 1,
  2997. },
  2998. .setkey = aead_setkey,
  2999. .setauthsize = aead_setauthsize,
  3000. .encrypt = aead_encrypt,
  3001. .decrypt = aead_decrypt,
  3002. .ivsize = CTR_RFC3686_IV_SIZE,
  3003. .maxauthsize = SHA512_DIGEST_SIZE,
  3004. },
  3005. .caam = {
  3006. .class1_alg_type = OP_ALG_ALGSEL_AES |
  3007. OP_ALG_AAI_CTR_MOD128,
  3008. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  3009. OP_ALG_AAI_HMAC_PRECOMP,
  3010. .rfc3686 = true,
  3011. },
  3012. },
  3013. {
  3014. .aead = {
  3015. .base = {
  3016. .cra_name = "seqiv(authenc(hmac(sha512),"
  3017. "rfc3686(ctr(aes))))",
  3018. .cra_driver_name = "seqiv-authenc-hmac-sha512-"
  3019. "rfc3686-ctr-aes-caam",
  3020. .cra_blocksize = 1,
  3021. },
  3022. .setkey = aead_setkey,
  3023. .setauthsize = aead_setauthsize,
  3024. .encrypt = aead_encrypt,
  3025. .decrypt = aead_decrypt,
  3026. .ivsize = CTR_RFC3686_IV_SIZE,
  3027. .maxauthsize = SHA512_DIGEST_SIZE,
  3028. },
  3029. .caam = {
  3030. .class1_alg_type = OP_ALG_ALGSEL_AES |
  3031. OP_ALG_AAI_CTR_MOD128,
  3032. .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
  3033. OP_ALG_AAI_HMAC_PRECOMP,
  3034. .rfc3686 = true,
  3035. .geniv = true,
  3036. },
  3037. },
  3038. {
  3039. .aead = {
  3040. .base = {
  3041. .cra_name = "rfc7539(chacha20,poly1305)",
  3042. .cra_driver_name = "rfc7539-chacha20-poly1305-"
  3043. "caam",
  3044. .cra_blocksize = 1,
  3045. },
  3046. .setkey = chachapoly_setkey,
  3047. .setauthsize = chachapoly_setauthsize,
  3048. .encrypt = chachapoly_encrypt,
  3049. .decrypt = chachapoly_decrypt,
  3050. .ivsize = CHACHAPOLY_IV_SIZE,
  3051. .maxauthsize = POLY1305_DIGEST_SIZE,
  3052. },
  3053. .caam = {
  3054. .class1_alg_type = OP_ALG_ALGSEL_CHACHA20 |
  3055. OP_ALG_AAI_AEAD,
  3056. .class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
  3057. OP_ALG_AAI_AEAD,
  3058. .nodkp = true,
  3059. },
  3060. },
  3061. {
  3062. .aead = {
  3063. .base = {
  3064. .cra_name = "rfc7539esp(chacha20,poly1305)",
  3065. .cra_driver_name = "rfc7539esp-chacha20-"
  3066. "poly1305-caam",
  3067. .cra_blocksize = 1,
  3068. },
  3069. .setkey = chachapoly_setkey,
  3070. .setauthsize = chachapoly_setauthsize,
  3071. .encrypt = chachapoly_encrypt,
  3072. .decrypt = chachapoly_decrypt,
  3073. .ivsize = 8,
  3074. .maxauthsize = POLY1305_DIGEST_SIZE,
  3075. },
  3076. .caam = {
  3077. .class1_alg_type = OP_ALG_ALGSEL_CHACHA20 |
  3078. OP_ALG_AAI_AEAD,
  3079. .class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
  3080. OP_ALG_AAI_AEAD,
  3081. .nodkp = true,
  3082. },
  3083. },
  3084. };
  3085. static int caam_init_common(struct caam_ctx *ctx, struct caam_alg_entry *caam,
  3086. bool uses_dkp)
  3087. {
  3088. dma_addr_t dma_addr;
  3089. struct caam_drv_private *priv;
  3090. ctx->jrdev = caam_jr_alloc();
  3091. if (IS_ERR(ctx->jrdev)) {
  3092. pr_err("Job Ring Device allocation for transform failed\n");
  3093. return PTR_ERR(ctx->jrdev);
  3094. }
  3095. priv = dev_get_drvdata(ctx->jrdev->parent);
  3096. if (priv->era >= 6 && uses_dkp)
  3097. ctx->dir = DMA_BIDIRECTIONAL;
  3098. else
  3099. ctx->dir = DMA_TO_DEVICE;
  3100. dma_addr = dma_map_single_attrs(ctx->jrdev, ctx->sh_desc_enc,
  3101. offsetof(struct caam_ctx,
  3102. sh_desc_enc_dma),
  3103. ctx->dir, DMA_ATTR_SKIP_CPU_SYNC);
  3104. if (dma_mapping_error(ctx->jrdev, dma_addr)) {
  3105. dev_err(ctx->jrdev, "unable to map key, shared descriptors\n");
  3106. caam_jr_free(ctx->jrdev);
  3107. return -ENOMEM;
  3108. }
  3109. ctx->sh_desc_enc_dma = dma_addr;
  3110. ctx->sh_desc_dec_dma = dma_addr + offsetof(struct caam_ctx,
  3111. sh_desc_dec);
  3112. ctx->key_dma = dma_addr + offsetof(struct caam_ctx, key);
  3113. /* copy descriptor header template value */
  3114. ctx->cdata.algtype = OP_TYPE_CLASS1_ALG | caam->class1_alg_type;
  3115. ctx->adata.algtype = OP_TYPE_CLASS2_ALG | caam->class2_alg_type;
  3116. return 0;
  3117. }
  3118. static int caam_cra_init(struct crypto_skcipher *tfm)
  3119. {
  3120. struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
  3121. struct caam_skcipher_alg *caam_alg =
  3122. container_of(alg, typeof(*caam_alg), skcipher);
  3123. return caam_init_common(crypto_skcipher_ctx(tfm), &caam_alg->caam,
  3124. false);
  3125. }
  3126. static int caam_aead_init(struct crypto_aead *tfm)
  3127. {
  3128. struct aead_alg *alg = crypto_aead_alg(tfm);
  3129. struct caam_aead_alg *caam_alg =
  3130. container_of(alg, struct caam_aead_alg, aead);
  3131. struct caam_ctx *ctx = crypto_aead_ctx(tfm);
  3132. return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp);
  3133. }
  3134. static void caam_exit_common(struct caam_ctx *ctx)
  3135. {
  3136. dma_unmap_single_attrs(ctx->jrdev, ctx->sh_desc_enc_dma,
  3137. offsetof(struct caam_ctx, sh_desc_enc_dma),
  3138. ctx->dir, DMA_ATTR_SKIP_CPU_SYNC);
  3139. caam_jr_free(ctx->jrdev);
  3140. }
  3141. static void caam_cra_exit(struct crypto_skcipher *tfm)
  3142. {
  3143. caam_exit_common(crypto_skcipher_ctx(tfm));
  3144. }
  3145. static void caam_aead_exit(struct crypto_aead *tfm)
  3146. {
  3147. caam_exit_common(crypto_aead_ctx(tfm));
  3148. }
  3149. void caam_algapi_exit(void)
  3150. {
  3151. int i;
  3152. for (i = 0; i < ARRAY_SIZE(driver_aeads); i++) {
  3153. struct caam_aead_alg *t_alg = driver_aeads + i;
  3154. if (t_alg->registered)
  3155. crypto_unregister_aead(&t_alg->aead);
  3156. }
  3157. for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
  3158. struct caam_skcipher_alg *t_alg = driver_algs + i;
  3159. if (t_alg->registered)
  3160. crypto_unregister_skcipher(&t_alg->skcipher);
  3161. }
  3162. }
  3163. static void caam_skcipher_alg_init(struct caam_skcipher_alg *t_alg)
  3164. {
  3165. struct skcipher_alg *alg = &t_alg->skcipher;
  3166. alg->base.cra_module = THIS_MODULE;
  3167. alg->base.cra_priority = CAAM_CRA_PRIORITY;
  3168. alg->base.cra_ctxsize = sizeof(struct caam_ctx);
  3169. alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
  3170. alg->init = caam_cra_init;
  3171. alg->exit = caam_cra_exit;
  3172. }
  3173. static void caam_aead_alg_init(struct caam_aead_alg *t_alg)
  3174. {
  3175. struct aead_alg *alg = &t_alg->aead;
  3176. alg->base.cra_module = THIS_MODULE;
  3177. alg->base.cra_priority = CAAM_CRA_PRIORITY;
  3178. alg->base.cra_ctxsize = sizeof(struct caam_ctx);
  3179. alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
  3180. alg->init = caam_aead_init;
  3181. alg->exit = caam_aead_exit;
  3182. }
  3183. int caam_algapi_init(struct device *ctrldev)
  3184. {
  3185. struct caam_drv_private *priv = dev_get_drvdata(ctrldev);
  3186. int i = 0, err = 0;
  3187. u32 aes_vid, aes_inst, des_inst, md_vid, md_inst, ccha_inst, ptha_inst;
  3188. unsigned int md_limit = SHA512_DIGEST_SIZE;
  3189. bool registered = false, gcm_support;
  3190. /*
  3191. * Register crypto algorithms the device supports.
  3192. * First, detect presence and attributes of DES, AES, and MD blocks.
  3193. */
  3194. if (priv->era < 10) {
  3195. u32 cha_vid, cha_inst, aes_rn;
  3196. cha_vid = rd_reg32(&priv->ctrl->perfmon.cha_id_ls);
  3197. aes_vid = cha_vid & CHA_ID_LS_AES_MASK;
  3198. md_vid = (cha_vid & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT;
  3199. cha_inst = rd_reg32(&priv->ctrl->perfmon.cha_num_ls);
  3200. des_inst = (cha_inst & CHA_ID_LS_DES_MASK) >>
  3201. CHA_ID_LS_DES_SHIFT;
  3202. aes_inst = cha_inst & CHA_ID_LS_AES_MASK;
  3203. md_inst = (cha_inst & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT;
  3204. ccha_inst = 0;
  3205. ptha_inst = 0;
  3206. aes_rn = rd_reg32(&priv->ctrl->perfmon.cha_rev_ls) &
  3207. CHA_ID_LS_AES_MASK;
  3208. gcm_support = !(aes_vid == CHA_VER_VID_AES_LP && aes_rn < 8);
  3209. } else {
  3210. u32 aesa, mdha;
  3211. aesa = rd_reg32(&priv->ctrl->vreg.aesa);
  3212. mdha = rd_reg32(&priv->ctrl->vreg.mdha);
  3213. aes_vid = (aesa & CHA_VER_VID_MASK) >> CHA_VER_VID_SHIFT;
  3214. md_vid = (mdha & CHA_VER_VID_MASK) >> CHA_VER_VID_SHIFT;
  3215. des_inst = rd_reg32(&priv->ctrl->vreg.desa) & CHA_VER_NUM_MASK;
  3216. aes_inst = aesa & CHA_VER_NUM_MASK;
  3217. md_inst = mdha & CHA_VER_NUM_MASK;
  3218. ccha_inst = rd_reg32(&priv->ctrl->vreg.ccha) & CHA_VER_NUM_MASK;
  3219. ptha_inst = rd_reg32(&priv->ctrl->vreg.ptha) & CHA_VER_NUM_MASK;
  3220. gcm_support = aesa & CHA_VER_MISC_AES_GCM;
  3221. }
  3222. /* If MD is present, limit digest size based on LP256 */
  3223. if (md_inst && md_vid == CHA_VER_VID_MD_LP256)
  3224. md_limit = SHA256_DIGEST_SIZE;
  3225. for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
  3226. struct caam_skcipher_alg *t_alg = driver_algs + i;
  3227. u32 alg_sel = t_alg->caam.class1_alg_type & OP_ALG_ALGSEL_MASK;
  3228. /* Skip DES algorithms if not supported by device */
  3229. if (!des_inst &&
  3230. ((alg_sel == OP_ALG_ALGSEL_3DES) ||
  3231. (alg_sel == OP_ALG_ALGSEL_DES)))
  3232. continue;
  3233. /* Skip AES algorithms if not supported by device */
  3234. if (!aes_inst && (alg_sel == OP_ALG_ALGSEL_AES))
  3235. continue;
  3236. /*
  3237. * Check support for AES modes not available
  3238. * on LP devices.
  3239. */
  3240. if (aes_vid == CHA_VER_VID_AES_LP &&
  3241. (t_alg->caam.class1_alg_type & OP_ALG_AAI_MASK) ==
  3242. OP_ALG_AAI_XTS)
  3243. continue;
  3244. caam_skcipher_alg_init(t_alg);
  3245. err = crypto_register_skcipher(&t_alg->skcipher);
  3246. if (err) {
  3247. pr_warn("%s alg registration failed\n",
  3248. t_alg->skcipher.base.cra_driver_name);
  3249. continue;
  3250. }
  3251. t_alg->registered = true;
  3252. registered = true;
  3253. }
  3254. for (i = 0; i < ARRAY_SIZE(driver_aeads); i++) {
  3255. struct caam_aead_alg *t_alg = driver_aeads + i;
  3256. u32 c1_alg_sel = t_alg->caam.class1_alg_type &
  3257. OP_ALG_ALGSEL_MASK;
  3258. u32 c2_alg_sel = t_alg->caam.class2_alg_type &
  3259. OP_ALG_ALGSEL_MASK;
  3260. u32 alg_aai = t_alg->caam.class1_alg_type & OP_ALG_AAI_MASK;
  3261. /* Skip DES algorithms if not supported by device */
  3262. if (!des_inst &&
  3263. ((c1_alg_sel == OP_ALG_ALGSEL_3DES) ||
  3264. (c1_alg_sel == OP_ALG_ALGSEL_DES)))
  3265. continue;
  3266. /* Skip AES algorithms if not supported by device */
  3267. if (!aes_inst && (c1_alg_sel == OP_ALG_ALGSEL_AES))
  3268. continue;
  3269. /* Skip CHACHA20 algorithms if not supported by device */
  3270. if (c1_alg_sel == OP_ALG_ALGSEL_CHACHA20 && !ccha_inst)
  3271. continue;
  3272. /* Skip POLY1305 algorithms if not supported by device */
  3273. if (c2_alg_sel == OP_ALG_ALGSEL_POLY1305 && !ptha_inst)
  3274. continue;
  3275. /* Skip GCM algorithms if not supported by device */
  3276. if (c1_alg_sel == OP_ALG_ALGSEL_AES &&
  3277. alg_aai == OP_ALG_AAI_GCM && !gcm_support)
  3278. continue;
  3279. /*
  3280. * Skip algorithms requiring message digests
  3281. * if MD or MD size is not supported by device.
  3282. */
  3283. if (is_mdha(c2_alg_sel) &&
  3284. (!md_inst || t_alg->aead.maxauthsize > md_limit))
  3285. continue;
  3286. caam_aead_alg_init(t_alg);
  3287. err = crypto_register_aead(&t_alg->aead);
  3288. if (err) {
  3289. pr_warn("%s alg registration failed\n",
  3290. t_alg->aead.base.cra_driver_name);
  3291. continue;
  3292. }
  3293. t_alg->registered = true;
  3294. registered = true;
  3295. }
  3296. if (registered)
  3297. pr_info("caam algorithms registered in /proc/crypto\n");
  3298. return err;
  3299. }